refactor: move fully away from modules & profiles distinction

This commit is contained in:
Benjamin Bädorf 2023-10-07 16:45:42 +02:00
parent 078e738a31
commit 93bcf469ab
No known key found for this signature in database
GPG key ID: 4406E80E13CD656C
108 changed files with 957 additions and 1732 deletions

View file

@ -8,35 +8,28 @@ with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.plymouth.enable = true;
pub-solar.paranoia.enable = true;
pub-solar.core.hibernation.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 15296512;
pub-solar.audio.bluetooth.enable = true;
pub-solar.terminal-life.full = true;
hardware.cpu.intel.updateMicrocode = true;
networking.hostName = "biolimo";
networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
networking.networkmanager.wifi.backend = "wpa_supplicant";
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
xdg.configFile = mkIf psCfg.sway.enable {
home-manager.users."${psCfg.user.name}" = {
xdg.configFile = {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
};
home.packages = [
inkscape
];
};
# For OpenProject development with https

View file

@ -9,10 +9,6 @@ with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
pub-solar.graphical.enable = true;
pub-solar.sway.enable = true;
pub-solar.virtualisation.enable = true;
hardware.cpu.amd.updateMicrocode = true;
hardware.opengl.extraPackages = with pkgs; [
@ -23,62 +19,30 @@ in {
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.plymouth.enable = true;
pub-solar.paranoia.enable = true;
pub-solar.core.hibernation.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 115075072;
pub-solar.paperless.sync.masterNode = true;
age.secrets."drone-runner-exec-config" = {
file = "${flake.self}/secrets/drone-runner-exec-config";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.docker-ci-runner = {
enable = true;
runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
};
pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
pub-solar.terminal-life.full = true;
services.openssh.openFirewall = true;
networking.hostName = "chocolatebar";
networking.firewall.allowedTCPPorts =
[443]
++ (
if psCfg.sway.vnc.enable
then [5901]
else []
);
networking.firewall.allowedUDPPorts = [43050];
environment.systemPackages = with pkgs; [
wayvnc
drone-docker-runner
stdenv.cc.cc.lib
pkgs.hplip
];
age.secrets."vnc-key.pem" = {
file = "${flake.self}/secrets/vnc-key-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
age.secrets."vnc-cert.pem" = {
file = "${flake.self}/secrets/vnc-cert-chocolatebar.pem";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.sway.vnc.enable = true;
services.udev.extraRules = ''
SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
'';
home-manager.users."${psCfg.user.name}" = {
xdg.configFile = mkIf psCfg.sway.enable {
xdg.configFile = {
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;

View file

@ -17,7 +17,6 @@ with lib; let
isolateAnyGPU = isolateGPU != null;
in {
config = mkIf psCfg.virtualisation.enable {
boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [
"softdep amdgpu pre: vfio vfio_pci"
(
@ -78,5 +77,4 @@ in {
};
};
};
};
}

View file

@ -8,6 +8,12 @@
self.nixosModules.base
./biolimo
self.nixosModules.b12f
self.nixosModules.audio
self.nixosModules.bluetooth
self.nixosModules.docker
self.nixosModules.graphical
self.nixosModules.nextcloud
self.nixosModules.office
];
};
@ -17,6 +23,14 @@
self.nixosModules.base
./chocolatebar
self.nixosModules.b12f
self.nixosModules.audio
self.nixosModules.virtualisation
self.nixosModules.docker
self.nixosModules.gaming
self.nixosModules.graphical
self.nixosModules.nextcloud
self.nixosModules.office
self.nixosModules.virtualisation
];
};
@ -37,6 +51,7 @@
./pie
self.nixosModules.yule
self.nixosModules.printing
self.nixosModules.paperless
];
};

View file

@ -9,6 +9,8 @@ with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
pub-solar.core.disk-encryption-active = false;
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.grub = {
enable = true;
@ -21,9 +23,6 @@ in {
networking.hostName = "droppie";
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
security.sudo.extraRules = [
{
users = ["${psCfg.user.name}"];

View file

@ -27,7 +27,6 @@ in {
boot.kernelPackages = pkgs.linuxPackages_6_1;
pub-solar.core.disk-encryption-active = false;
pub-solar.core.lite = true;
networking.hostName = "pie";
networking.defaultGateway = {

View file

@ -11,8 +11,8 @@
## In configs, they can be used under "lib.our"
deploy = import ./deploy.nix { inherit inputs lib; };
addLocalHostname = callLibs ./add-local-hostname.nix;
recursiveMerge = callLibs ./recursive-merge.nix;
};
};
}

16
lib/recursive-merge.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib }:
attrList:
let
f = attrPath:
zipAttrsWith (
n: values:
if tail values == []
then head values
else if all isList values
then unique (concatLists values)
else if all isAttrs values
then f (attrPath ++ [n]) values
else last values
);
in
f [] attrList;

15
modules/adb/default.nix Normal file
View file

@ -0,0 +1,15 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
in {
programs.adb.enable = true;
users.users."${psCfg.user.name}" = {
extraGroups = ["adbusers"];
};
}

View file

@ -6,22 +6,12 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.arduino;
in {
options.pub-solar.arduino = {
enable = mkEnableOption "Life with home automation";
};
config = mkIf cfg.enable {
users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
users.users."${psCfg.user.name}" = {
extraGroups = ["dialout"];
};
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [
packages = with pkgs; [
arduino
arduino-cli
];
};
};
}

View file

@ -6,31 +6,11 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.audio;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
options.pub-solar.audio = {
enable = mkEnableOption "Life in highs and lows";
mopidy.enable = mkEnableOption "Life with mopidy";
spotify.enable = mkEnableOption "Life in DRM";
spotify.username = mkOption {
description = "Spotify login username or email";
type = types.str;
example = "yourname@example.com";
default = "";
};
bluetooth.enable = mkEnableOption "Life with bluetooth";
};
config = mkIf cfg.enable {
users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
users.users."${psCfg.user.name}" = {
extraGroups = ["audio"];
};
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages =
[
packages = with pkgs; [
# easyeffects, e.g. for microphone noise filtering
easyeffects
mu
@ -40,20 +20,19 @@ in {
# Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?)
pulseaudio
vimpc
]
++ (
if cfg.spotify.enable
then [pkgs.spotify-tui]
else []
);
spotify-tui
];
};
home-manager.users."${psCfg.user.name}" = {
xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc;
systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs;
services.spotifyd = mkIf cfg.spotify.enable {
services.spotifyd = {
enable = true;
settings = {
global = {
username = cfg.spotify.username;
username = "spotify@benjaminbaedorf.eu";
password_cmd = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus ${pkgs.libsecret}/bin/secret-tool lookup spotify password";
bitrate = 320;
volume_normalisation = true;
@ -75,57 +54,4 @@ in {
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
# Enable bluetooth
hardware.bluetooth = mkIf cfg.bluetooth.enable {
enable = true;
# Disable bluetooth on startup to save battery
powerOnBoot = false;
# Disable useless SIM Access Profile plugin
disabledPlugins = [
"sap"
];
settings = {
General = {
# Enables experimental features and interfaces.
# Makes BlueZ Battery Provider available
Experimental = true;
};
};
};
services.blueman.enable = mkIf cfg.bluetooth.enable true;
environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = mkIf cfg.bluetooth.enable {
text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'';
};
# Enable audio server & client
services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs);
# Make pulseaudio listen on port 4713 for mopidy, extending the default
# config: https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/daemon/pipewire-pulse.conf.in
environment.etc."pipewire/pipewire-pulse.conf.d/99-custom.conf" = mkIf cfg.mopidy.enable {
text = ''
{
"context.modules": [
{
"name": "libpipewire-module-protocol-pulse",
"args": {
"server.address": ["unix:native", "tcp:4713"],
"vm.overrides": {
"pulse.min.quantum": "1024/48000"
}
}
}
]
}
'';
};
};
}
}

View file

@ -0,0 +1,35 @@
{
lib,
config,
pkgs,
...
}: {
hardware.bluetooth = {
enable = true;
# Disable bluetooth on startup to save battery
powerOnBoot = false;
# Disable useless SIM Access Profile plugin
disabledPlugins = [
"sap"
];
settings = {
General = {
# Enables experimental features and interfaces.
# Makes BlueZ Battery Provider available
Experimental = true;
};
};
};
services.blueman.enable = true;
environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = {
text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'';
};
}

View file

@ -1,45 +0,0 @@
{
lib,
config,
pkgs,
flake,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.ci-runner;
in {
options.pub-solar.ci-runner = {
enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner";
};
config = mkIf cfg.enable {
systemd.user.services.ci-runner = {
enable = true;
description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM.";
serviceConfig = {
Type = "simple";
Restart = "always";
};
path = [
pkgs.git
pkgs.nix
pkgs.libvirt
];
wantedBy = ["multi-user.target"];
after = ["network.target" "libvirtd.service"];
script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config'';
};
age.secrets."drone-runner-exec-config" = {
file = "${flake.self}/secrets/drone-runner-exec-config";
mode = "700";
owner = psCfg.user.name;
};
};
}

View file

@ -7,12 +7,6 @@
with lib; let
cfg = config.pub-solar.core;
in {
options.pub-solar.core.iso-options.enable = mkOption {
type = types.bool;
default = false;
description = "Feature flag for iso builds";
};
options.pub-solar.core.disk-encryption-active = mkOption {
type = types.bool;
default = true;
@ -21,13 +15,10 @@ in {
config = {
boot = {
# Enable plymouth for better experience of booting
plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true);
# Mount / luks device in initrd
# Allow fstrim to work on it.
# The ! makes this enabled by default
initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) {
initrd = mkIf cfg.disk-encryption-active {
luks.devices."cryptroot" = {
allowDiscards = true;
};

View file

@ -9,33 +9,29 @@ in {
imports = [
./boot.nix
./hibernation.nix
./fonts.nix
./i18n.nix
./networking.nix
./packages.nix
./services.nix
];
options.pub-solar.core = {
lite = mkOption {
description = ''
Enable a lite edition of core with less default modules and a reduced package set.
'';
default = false;
type = types.bool;
};
# Service that makes Out of Memory Killer more effective
services.earlyoom.enable = true;
services.logind.lidSwitch = "hibernate";
services.tor.settings = {
UseBridges = true;
};
config = {
pub-solar = {
audio.enable = mkIf (!cfg.lite) (mkDefault true);
crypto.enable = mkIf (!cfg.lite) (mkDefault true);
devops.enable = mkIf (!cfg.lite) (mkDefault true);
# The options below are directly taken from or inspired by
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
terminal-life = {
enable = mkDefault true;
lite = cfg.lite;
};
};
};
# Limit the use of sudo to the group wheel
security.sudo.execWheelOnly = true;
# Remove the complete default environment of packages like
# nano, perl and rsync
environment.defaultPackages = lib.mkForce [];
# fileSystems."/".options = [ "noexec" ];
}

View file

@ -1,14 +0,0 @@
{
config,
pkgs,
lib,
...
}: {
fonts = {
fonts = with pkgs; [powerline-fonts dejavu_fonts];
fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"];
sansSerif = ["DejaVu Sans"];
};
};
}

View file

@ -1,34 +1,10 @@
{
flake,
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.pub-solar.core;
in {
options.pub-solar.core = {
enableCaddy = mkOption {
type = types.bool;
default = !cfg.lite;
};
enableHelp = mkOption {
type = types.bool;
default = !cfg.lite;
};
binaryCaches = mkOption {
type = types.listOf types.str;
default = [];
description = "Binary caches to use.";
};
publicKeys = mkOption {
type = types.listOf types.str;
default = [];
description = "Public keys of binary caches.";
};
};
config = {
}: {
# disable NetworkManager and systemd-networkd -wait-online by default
systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false;
systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
@ -36,9 +12,40 @@ in {
networking.networkmanager = {
# Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff.
enable = true;
wifi.backend = "iwd";
wifi.backend = lib.mkDefault "iwd";
};
networking.firewall.enable = true;
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
# Caddy reverse proxy for local services like cups
services.caddy = {
enable = true;
globalConfig = ''
default_bind 127.0.0.1
auto_https off
'';
};
# For rage encryption, all hosts need a ssh key pair
services.openssh = {
enable = true;
allowSFTP = false;
# If you don't want the host to have SSH actually opened up to the net,
# set `services.openssh.openFirewall` to false in your config.
openFirewall = true;
settings.PasswordAuthentication = lib.mkDefault false;
settings.KbdInteractiveAuthentication = false;
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
}

View file

@ -8,9 +8,7 @@ with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.core;
in {
environment = {
systemPackages = with pkgs;
[
environment.systemPackages = with pkgs; [
# Core unix utility packages
coreutils-full
dnsutils
@ -18,62 +16,10 @@ in {
progress
pciutils
usbutils
wget
openssl
openssh
curl
htop
btop
lsof
psmisc
file
# zippit
zip
unzip
# Modern modern utilities
p7zip
croc
jq
]
++ lib.optionals (!cfg.lite) [
mtr
gitFull
git-lfs
git-bug
xdg-utils
sysfsutils
renameutils
nfs-utils
moreutils
mailutils
keyutils
input-utils
elfutils
binutils
dateutils
diffutils
findutils
exfat
# Nix specific utilities
alejandra
niv
manix
nix-index
nix-tree
nixpkgs-review
# Build broken, python2.7-PyJWT-2.0.1.drv' failed
#nixops
psos
nvd
# Fun
neofetch
gitFull
];
};
}

View file

@ -1,18 +0,0 @@
{
config,
pkgs,
lib,
...
}: {
# For rage encryption, all hosts need a ssh key pair
services.openssh = {
enable = true;
# If you don't want the host to have SSH actually opened up to the net,
# set `services.openssh.openFirewall` to false in your config.
openFirewall = lib.mkDefault true;
settings.PasswordAuthentication = lib.mkDefault false;
};
# Service that makes Out of Memory Killer more effective
services.earlyoom.enable = true;
}

View file

@ -6,21 +6,20 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.crypto;
in {
options.pub-solar.crypto = {
enable = mkEnableOption "Life in private";
};
config = mkIf cfg.enable {
services.udev.packages = [pkgs.yubikey-personalization];
services.dbus.packages = [pkgs.gcr];
services.pcscd.enable = true;
services.gnome.gnome-keyring.enable = true;
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
users.users."${psCfg.user.name}".packages = with pkgs; [
gnome.seahorse
keepassxc
libsecret
];
home-manager.users."${psCfg.user.name}" = {
systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs;
services.gpg-agent = {
@ -32,14 +31,5 @@ in {
programs.gpg = {
enable = true;
};
home.packages = [
gnome.seahorse
keepassxc
libsecret
qMasterPassword
restic
];
};
};
}

View file

@ -8,25 +8,19 @@
nixosModules = rec {
arduino = import ./arduino;
audio = import ./audio;
ci-runner = import ./ci-runner;
bluetooth = import ./bluetooth;
core = import ./core;
crypto = import ./crypto;
devops = import ./devops;
docker = import ./docker;
docker-ci-runner = import ./docker-ci-runner;
email = import ./email;
gaming = import ./gaming;
graphical = import ./graphical;
mobile = import ./mobile;
adb = import ./adb;
nix = import ./nix;
nextcloud = import ./nextcloud;
office = import ./office;
paperless = import ./paperless;
paranoia = import ./paranoia;
printing = import ./printing;
proxy = import ./proxy;
social = import ./social;
sway = import ./sway;
terminal-life = import ./terminal-life;
uhk = import ./uhk;
user = import ./user;
@ -66,33 +60,13 @@
];
})
self.nixosModules.arduino
self.nixosModules.audio
self.nixosModules.ci-runner
self.nixosModules.core
self.nixosModules.crypto
self.nixosModules.devops
self.nixosModules.docker
self.nixosModules.docker-ci-runner
self.nixosModules.email
self.nixosModules.gaming
self.nixosModules.graphical
self.nixosModules.mobile
self.nixosModules.nix
self.nixosModules.nextcloud
self.nixosModules.office
self.nixosModules.paperless
self.nixosModules.paranoia
# self.nixosModules.printing
self.nixosModules.proxy
self.nixosModules.social
self.nixosModules.sway
self.nixosModules.terminal-life
self.nixosModules.uhk
self.nixosModules.user
self.nixosModules.virtualisation
self.nixosModules.root
self.nixosModules.user
];
};
};

View file

@ -1,32 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.devops;
in {
options.pub-solar.devops = {
enable = mkEnableOption "Life automated";
};
config = mkIf cfg.enable {
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [
croc
drone-cli
nmap
pgcli
ansible
ansible-lint
restic
shellcheck
terraform
tea
];
};
};
}

View file

@ -1,113 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
bootstrap = pkgs.writeScript "bootstrap.sh" ''
#!/usr/bin/env bash
set -e
apt update
apt install --yes curl git sudo xz-utils
adduser --system --uid 999 build
chown build /nix
sudo -u build curl -L https://nixos.org/nix/install > install
sudo -u build sh install
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
mkdir /etc/nix
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
mkdir -p $(dirname \\$nix_user_config_file)
echo '{"extra-experimental-features":{"nix-command flakes":true}}' > \\$nix_user_config_file
chown -R build /home/build/
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
sudo install -t /usr/local/bin drone-runner-exec
if [ ! -f /run/vars ]; then
exit 1
fi
cp -a /run/vars /run/runtime-vars
env | grep "DRONE" >> /run/runtime-vars
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
'';
psCfg = config.pub-solar;
cfg = config.pub-solar.docker-ci-runner;
in {
options.pub-solar.docker-ci-runner = {
enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
enableKvm = lib.mkOption {
description = ''
Enable kvm support.
'';
default = true;
type = types.bool;
};
nixCacheLocation = lib.mkOption {
description = ''
Location of nix cache that is shared between builds
'';
default = "/var/lib/docker-ci-runner";
type = types.path;
};
runnerEnvironment = lib.mkOption {
description = ''
Additional environment vars added to the vars file on container runtime
'';
default = {};
};
runnerVarsFile = lib.mkOption {
description = ''
Location of vars file passed to drone runner
'';
type = types.path;
};
};
config = lib.mkIf cfg.enable {
virtualisation = {
docker = {
enable = true; # sadly podman is not supported rightnow
};
oci-containers = {
backend = "docker";
containers."drone-exec-runner" = {
image = "debian";
autoStart = true;
entrypoint = "bash";
cmd = ["/bootstrap.sh"];
volumes = [
"${cfg.runnerVarsFile}:/run/vars"
"${cfg.nixCacheLocation}:/nix"
"${bootstrap}:/bootstrap.sh"
];
environment = cfg.runnerEnvironment;
extraOptions = lib.mkIf cfg.enableKvm ["--device=/dev/kvm"];
};
};
};
# Fix container not stopping correctly and holding the system 120s upon
# shutdown / reboot
systemd.services.docker-drone-exec-runner.preStop = ''
docker stop drone-exec-runner
'';
};
}

View file

@ -6,21 +6,14 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.docker;
in {
options.pub-solar.docker = {
enable = mkEnableOption "Life in metal boxes";
};
config = mkIf cfg.enable {
virtualisation.docker.enable = true;
users.users = with pkgs;
pkgs.lib.setAttrByPath [psCfg.user.name] {
users.users."${psCfg.user.name}" = {
extraGroups = ["docker"];
};
environment.systemPackages = with pkgs; [
docker-compose
];
};
}

View file

@ -6,16 +6,8 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.email;
in {
options.pub-solar.email = {
enable = mkEnableOption "Life in headers";
};
config = mkIf cfg.enable {
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [
users.users."${psCfg.user.name}".packages = with pkgs; [
w3m
urlscan
neomutt
@ -24,10 +16,42 @@ in {
mailto-mutt
];
home-manager.users."${psCfg.user.name}" = {
programs.offlineimap = {
enable = true;
pythonFile = builtins.readFile ./offlineimap.py;
};
};
xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc;
xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc;
xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap;
xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py;
xdg.configFile."mutt/accounts.muttrc".text = ''
source ./hello@benjaminbaedorf.eu.muttrc
macro index <f1> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc<enter><change-folder>!<enter>'
macro index <f2> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc<enter><change-folder>!<enter>'
macro index <f3> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/b.baedorf@openproject.com.muttrc<enter><change-folder>!<enter>'
macro index <f4> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/byb@miom.space.muttrc<enter><change-folder>!<enter>'
macro index <f5> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/mail@b12f.io.muttrc<enter><change-folder>!<enter>'
macro index <f6> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc<enter><change-folder>!<enter>'
macro index <f7> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc<enter><change-folder>!<enter>'
'';
xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
xdg.configFile."mutt/b.baedorf@openproject.com.muttrc".source = ./.config/mutt + "/b.baedorf@openproject.com.muttrc";
xdg.configFile."mutt/b.baedorf@openproject.com.signature".source = ./.config/mutt + "/b.baedorf@openproject.com.signature";
xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc";
xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature";
xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc";
xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature";
xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc";
xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature";
xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc";
xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature";
xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
};
}

View file

@ -6,25 +6,16 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.gaming;
in {
options.pub-solar.gaming = {
enable = mkEnableOption "Life in shooters";
};
config = mkIf cfg.enable {
programs.steam.enable = true;
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {};
};
home-manager.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
home.packages = with pkgs; [
users.users."${psCfg.user.name}".packages = with pkgs; [
playonlinux
godot
obs-studio
obs-studio-plugins.wlrobs
];
};
};
}

View file

Before

Width:  |  Height:  |  Size: 513 KiB

After

Width:  |  Height:  |  Size: 513 KiB

View file

@ -6,36 +6,22 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.graphical;
yamlFormat = pkgs.formats.yaml {};
recursiveMerge = attrList: let
f = attrPath:
zipAttrsWith (
n: values:
if tail values == []
then head values
else if all isList values
then unique (concatLists values)
else if all isAttrs values
then f (attrPath ++ [n]) values
else last values
);
in
f [] attrList;
sessionVariables = {
WLR_RENDERER =
if psCfg.graphical.wayland.software-renderer.enable
then "pixman"
else "gles2";
# Fix KeepassXC rendering issue
# https://github.com/void-linux/void-packages/issues/23517
QT_AUTO_SCREEN_SCALE_FACTOR = "0";
};
in {
imports = [
./sway
];
options.pub-solar.graphical = {
enable = mkEnableOption "Life in color";
alacritty = {
settings = mkOption {
type = yamlFormat.type;
default = {};
};
};
autologin.enable = mkOption {
type = types.bool;
default = true;
description = "Feature flag enabling autologin after boot.";
};
wayland.software-renderer.enable = mkOption {
type = types.bool;
default = false;
@ -43,8 +29,11 @@ in {
};
};
config = mkIf cfg.enable {
config = {
hardware.opengl.enable = true;
# Needed for the udev rules for solaar
hardware.logitech.wireless.enable = true;
environment = {
systemPackages = with pkgs; [
gtk-engine-murrine
@ -55,16 +44,20 @@ in {
papirus-maia-icon-theme
glib
xdg-utils
];
etc = {
"xdg/PubSolar.conf".text = ''
[Qt]
style=GTK+
'';
};
variables = sessionVariables;
};
services.getty.autologinUser = mkIf cfg.autologin.enable (mkForce "${psCfg.user.name}");
services.getty.autologinUser = psCfg.user.name;
qt = {
enable = true;
@ -79,9 +72,11 @@ in {
services.gnome.sushi.enable = true;
# Enable GVfs, a userspace virtual filesystem
services.gvfs.enable = true;
services.yubikey-agent.enable = true;
fonts.enableDefaultFonts = true;
fonts.fonts = with pkgs; [
fonts = {
fonts = with pkgs; [
dejavu_fonts
fira-code
fira-code-symbols
google-fonts
@ -94,15 +89,18 @@ in {
powerline-fonts
source-sans-pro
];
enableDefaultFonts = true;
fontconfig.enable = true;
fontconfig.defaultFonts = {
monospace = ["DejaVu Sans Mono for Powerline"];
sansSerif = ["DejaVu Sans"];
};
};
home-manager = with pkgs;
setAttrByPath ["users" psCfg.user.name] {
home.packages = [
users.users."${psCfg.user.name}".packages = with pkgs; [
alacritty
foot
ungoogled-chromium
firefox-wayland
flameshot
libnotify
gnome.adwaita-icon-theme
@ -110,21 +108,26 @@ in {
gnome.nautilus
gnome.yelp
hicolor-icon-theme
wine
toggle-kbd-layout
wcwd
vlc
gimp
];
xdg.configFile."alacritty/alacritty.yml" = {
source = yamlFormat.generate "alacritty.yml" (recursiveMerge [(import ./alacritty.nix) cfg.alacritty.settings]);
};
home-manager.users."${psCfg.user.name}" = {
home.file."xinitrc".source = ./.xinitrc;
xdg.configFile."alacritty/alacritty.yml".source = yamlFormat.generate "alacritty.yml" (import ./alacritty.nix);
xdg.configFile."xmodmap".source = ./.config/xmodmap;
xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs;
xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
xdg.configFile."mako/config".source = ./.config/mako/config;
xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
xdg.configFile."waybar/config".source = ./.config/waybar/config;
xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css;
xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css;
xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
gtk = {
enable = true;
@ -147,13 +150,12 @@ in {
};
};
# Fix KeepassXC rendering issue
# https://github.com/void-linux/void-packages/issues/23517
systemd.user.sessionVariables.QT_AUTO_SCREEN_SCALE_FACTOR = "0";
xresources.extraConfig = builtins.readFile ./.Xdefaults;
systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs;
home.sessionVariables = sessionVariables;
systemd.user.sessionVariables = sessionVariables;
};
};
}

View file

@ -0,0 +1,39 @@
{
pkgs,
psCfg,
...
}:
''
# Set shut down, restart and locking features
''
+ (
if psCfg.core.hibernation.enable
then ''
set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
''
else ''
set $mode_system (e)xit, (r)eboot, (Shift+s)hutdown
''
)
+ ''
bindsym $mod+0 mode "$mode_system"
mode "$mode_system" {
bindsym e exec swaymsg exit, mode "default"
''
+ (
if psCfg.core.hibernation.enable
then ''
bindsym h exec systemctl hibernate, mode "default"
''
else ""
)
+ ''
bindsym r exec systemctl reboot, mode "default"
bindsym Shift+s exec systemctl poweroff, mode "default"
# exit system mode: "Enter" or "Escape"
bindsym Return mode "default"
bindsym Escape mode "default"
}
''

View file

@ -19,7 +19,7 @@
set $up i
set $right l
# Your preferred terminal emulator
set $term ${config.pub-solar.sway.terminal}
set $term ${pkgs.alacritty}
# Your preferred application launcher
# Note: pass the final command to swaymsg so that the resulting window can be opened
# on the original workspace that the command was run on.

View file

@ -0,0 +1,98 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
in {
options.pub-solar.graphical = {
v4l2loopback.enable = mkOption {
type = types.bool;
default = true;
description = "WebCam streaming tool";
};
};
config = {
boot = mkIf psCfg.graphical.v4l2loopback.enable {
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
kernelModules = ["v4l2loopback"];
extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 devices=3
'';
};
environment.systemPackages = with pkgs; [
linuxPackages.v4l2loopback
];
programs.sway.enable = true;
xdg.portal = {
enable = true;
wlr = {
enable = true;
settings = {
screencast = {
max_fps = 30;
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
};
};
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
};
services.pipewire.enable = true;
users.users."${psCfg.user.name}".packages = with pkgs; [
sway
grim
kanshi
mako
slurp
swayidle
swaybg
xwayland
libappindicator-gtk3
wl-clipboard
wf-recorder
brightnessctl
gammastep
geoclue2
xsettingsd
ydotool
sway-launcher
record-screen
import-gtk-settings
s
wcwd
];
home-manager.users."${psCfg.user.name}" = {
programs.waybar.enable = true;
#programs.waybar.systemd.enable = true;
systemd.user.services.mako = import ./mako.service.nix {inherit pkgs psCfg;};
systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;};
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;};
systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
};
};
}

View file

@ -0,0 +1,26 @@
{
pkgs,
psCfg,
...
}: {
Unit = {
Description = "Idle manager for Wayland";
Documentation = ["man:swayidle(1)"];
BindsTo = ["graphical-session.target"];
Wants = ["graphical-session-pre.target"];
After = ["graphical-session-pre.target"];
};
Service = {
Type = "simple";
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swayidle}/bin";
ExecStart = ''
swayidle -w \
before-sleep 'systemctl hibernate'
timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \
timeout 150 'systemctl hibernate'
'';
};
Install = {
WantedBy = ["sway-session.target"];
};
}

View file

@ -1,23 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.mobile;
in {
options.pub-solar.mobile = {
enable = mkEnableOption "Add android adb and tooling";
};
config = mkIf cfg.enable {
programs.adb.enable = true;
users.users = with pkgs;
lib.setAttrByPath [psCfg.user.name] {
extraGroups = ["adbusers"];
};
};
}

View file

@ -6,16 +6,8 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.nextcloud;
in {
options.pub-solar.nextcloud = {
enable = mkEnableOption "Life in sync";
};
config = mkIf cfg.enable {
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home-manager.users."${psCfg.user.name}" = {
systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs;
};
};
}

View file

@ -5,6 +5,12 @@
flake,
...
}: {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"steam"
"steam-original"
"steam-run"
];
nix = {
# Use default version alias for nix package
package = pkgs.nix;

View file

@ -6,18 +6,10 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.office;
in {
options.pub-solar.office = {
enable = mkEnableOption "Install office programs, also enables printing server";
};
config = mkIf cfg.enable {
# Gnome PDF viewer
programs.evince.enable = true;
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [
users.users."${psCfg.user.name}".packages = with pkgs; [
libreoffice-fresh
gnome.simple-scan
# Tools like pdfunite
@ -25,6 +17,4 @@ in {
# tool for annotating PDFs
xournalpp
];
};
};
}

View file

@ -1,4 +1,5 @@
{
flake,
lib,
config,
pkgs,
@ -6,141 +7,48 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.paperless;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
dataDir = "${xdg.dataHome}/Paperless";
consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir";
scannerDefaultDevice = "hp3900:libusb:005:004";
in {
options.pub-solar.paperless = {
enable = mkEnableOption "All you need to go paperless";
ocrLanguage = mkOption {
description = "OCR language";
type = types.str;
example = "eng+deu";
default = "eng";
};
dataDir = mkOption {
description = "Directory to save data in";
type = types.str;
example = "/home/pub_solar/Paperless";
default = "${xdg.dataHome}/Paperless";
};
consumptionDir = mkOption {
description = "Directory to be watched";
type = types.str;
example = "/var/lib/paperless/consume";
default = "/var/lib/paperless/consume";
};
sync = {
enable = mkEnableOption ''
You can use this option to sync several paperless instances, for example via nextcloud.
It will sync the media directory and database, automatically merging sqlite dbs via dump and import.
Logs, the classification model, and other files are left unsynced.
'';
masterNode = mkEnableOption "If this node is the master node, it will only export paperless data, otherwise it will only import";
directory = mkOption {
description = "Directory to sync with.";
type = types.str;
example = "/home/pub_solar/Nextcloud/Paperless";
default = "/home/${psCfg.user.name}/Nextcloud/Paperless";
};
};
scannerDefaultDevice = mkOption {
description = ''
The scanner device. To find this, use `scanimage -L`.
For example, your output might be the following:
```
device `v4l:/dev/video3' is a Noname Logitech StreamCam virtual device
device `hp3900:libusb:005:002' is a Hewlett-Packard Scanjet G3010 flatbed scanner
```
Here, the scannerDevice is `hp3900:libusb:005:002`.
'';
type = types.str;
example = "hp3900:libusb:005:002";
default = "";
};
};
config = mkIf cfg.enable {
services.paperless = {
enable = true;
user = psCfg.user.name;
consumptionDir = cfg.consumptionDir;
dataDir = cfg.dataDir;
consumptionDir = consumptionDir;
dataDir = dataDir;
address = "paperless.local";
extraConfig = {
PAPERLESS_OCR_LANGUAGE = cfg.ocrLanguage;
PAPERLESS_OCR_LANGUAGE = "nld+deu";
PAPERLESS_ADMIN_USER = psCfg.user.name;
PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
PAPERLESS_URL = "http://paperless.local";
};
};
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = with pkgs; [
users.users."${psCfg.user.name}".packages = with pkgs; [
scan2paperless
sane-backends
python310Packages.img2pdf
];
home-manager.users."${psCfg.user.name}" = {
home.sessionVariables = {
SCANNER_DEFAULT_DEVICE = cfg.scannerDefaultDevice;
SCANNER_OUTPUT_DIR = cfg.consumptionDir;
SCANNER_DEFAULT_DEVICE = scannerDefaultDevice;
SCANNER_OUTPUT_DIR = consumptionDir;
};
systemd.user.sessionVariables = {
SCANNER_DEFAULT_DEVICE = cfg.scannerDefaultDevice;
SCANNER_OUTPUT_DIR = cfg.consumptionDir;
SCANNER_DEFAULT_DEVICE = scannerDefaultDevice;
SCANNER_OUTPUT_DIR = consumptionDir;
};
};
systemd = let
copy-out = pkgs.writeShellScriptBin "copy-out" ''
${pkgs.systemd}/bin/systemctl stop paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
cp -r ${cfg.dataDir}/media ${cfg.sync.directory}/
cp ${cfg.dataDir}/db.sqlite3 ${cfg.sync.directory}/db.sqlite3
cp ${cfg.dataDir}/celerybeat-schedule.db ${cfg.sync.directory}/celerybeat-schedule.db
cp ${cfg.dataDir}/classification_model.pickle ${cfg.sync.directory}/classification_model.pickle
cp ${cfg.dataDir}/src-version ${cfg.sync.directory}/src-version
chown -R ${psCfg.user.name}:users ${cfg.sync.directory}
${pkgs.systemd}/bin/systemctl start paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
networking.hosts = flake.self.lib.addLocalHostname ["paperless.local"];
services.caddy.extraConfig = ''
paperless.local:80 {
request_header Host localhost:${builtins.toString config.services.paperless.port}
reverse_proxy localhost:${builtins.toString config.services.paperless.port}
}
'';
copy-in = pkgs.writeShellScriptBin "copy-in" ''
${pkgs.systemd}/bin/systemctl stop paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
cp -r ${cfg.sync.directory}/media ${cfg.dataDir}/
cp ${cfg.sync.directory}/db.sqlite3 ${cfg.dataDir}/db.sqlite3
cp ${cfg.sync.directory}/celerybeat-schedule.db ${cfg.dataDir}/celerybeat-schedule.db
cp ${cfg.sync.directory}/classification_model.pickle ${cfg.dataDir}/classification_model.pickle
cp ${cfg.sync.directory}/src-version ${cfg.dataDir}/src-version
${pkgs.systemd}/bin/systemctl start paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
'';
in mkIf cfg.sync.enable {
services.nextcloud-paperless-autosync = {
unitConfig = {
Description = "Auto sync paperless to or from Nextcloud";
After = "network-online.target";
};
serviceConfig = {
Type = "simple";
ExecStart= if cfg.sync.masterNode then "${copy-out}/bin/copy-out" else "${copy-in}/bin/copy-in";
TimeoutStopSec = "180";
KillMode = "process";
KillSignal = "SIGINT";
};
wantedBy = ["multi-user.target"];
};
timers.nextcloud-paperless-autosync = {
unitConfig.Description = "Automatic sync files with Nextcloud when booted up after 5 minutes then rerun every 30 minutes";
timerConfig.OnUnitActiveSec = "30min";
wantedBy = ["multi-user.target" "timers.target"];
};
};
};
}

View file

@ -1,57 +0,0 @@
{
config,
lib,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.paranoia;
in {
options.pub-solar.paranoia = {
enable = mkOption {
description = ''
Only offer hibernation instead of screen locking and sleeping. This only makes sense
if your hard drive is encrypted, and ensures that the contents of your drive are
encrypted if you are not actively using the device.
'';
default = false;
type = types.bool;
};
};
config = mkIf cfg.enable {
pub-solar.core.hibernation.enable = true;
services.logind.lidSwitch = "hibernate";
services.tor.settings = {
UseBridges = true;
};
# The options below are directly taken from or inspired by
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
# Don't set this if you need sftp
services.openssh.allowSFTP = false;
# services.openssh.openFirewall = false; # Lock yourself out
# Limit the use of sudo to the group wheel
security.sudo.execWheelOnly = true;
# Remove the complete default environment of packages like
# nano, perl and rsync
environment.defaultPackages = lib.mkForce [];
# fileSystems."/".options = [ "noexec" ];
services.openssh = {
settings.KbdInteractiveAuthentication = false;
extraConfig = ''
AllowTcpForwarding yes
X11Forwarding no
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
};
}

View file

@ -1,28 +0,0 @@
{
flake,
config,
pkgs,
lib,
...
}: {
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
# Caddy reverse proxy for local services like cups
services.caddy = {
enable = true;
globalConfig = ''
default_bind 127.0.0.1
auto_https off
'';
extraConfig = (lib.concatStringsSep "\n" [
(lib.optionalString
config.pub-solar.paperless.enable
''
paperless.local:80 {
request_header Host localhost:${builtins.toString config.services.paperless.port}
reverse_proxy localhost:${builtins.toString config.services.paperless.port}
}
'')
]);
};
}

View file

@ -1,26 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.social;
in {
options.pub-solar.social = {
enable = mkEnableOption "Life with others";
};
config = mkIf cfg.enable {
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [
signal-desktop
tdesktop
element-desktop
irssi
];
};
};
}

View file

@ -1,50 +0,0 @@
{
pkgs,
psCfg,
...
}:
''
# Set shut down, restart and locking features
''
+ (
if psCfg.core.hibernation.enable && !psCfg.paranoia.enable
then ''
set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
''
else if psCfg.paranoia.enable
then ''
set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
''
else ''
set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
''
)
+ ''
bindsym $mod+0 mode "$mode_system"
mode "$mode_system" {
bindsym e exec swaymsg exit, mode "default"
''
+ (
if psCfg.core.hibernation.enable
then ''
bindsym h exec systemctl hibernate, mode "default"
''
else ""
)
+ (
if !psCfg.paranoia.enable
then ''
bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default"
bindsym s exec systemctl suspend, mode "default"
''
else ""
)
+ ''
bindsym r exec systemctl reboot, mode "default"
bindsym Shift+s exec systemctl poweroff, mode "default"
# exit system mode: "Enter" or "Escape"
bindsym Return mode "default"
bindsym Escape mode "default"
}
''

View file

@ -1,118 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
in {
options.pub-solar.sway = {
enable = mkEnableOption "Life in boxes";
terminal = mkOption {
type = types.nullOr types.str;
default = "alacritty";
description = "Choose sway's default terminal";
};
vnc.enable = mkEnableOption "Enable vnc service";
v4l2loopback.enable = mkOption {
type = types.bool;
default = true;
description = "WebCam streaming tool";
};
};
config = mkIf psCfg.sway.enable (mkMerge [
(mkIf (psCfg.sway.v4l2loopback.enable) {
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
boot.kernelModules = ["v4l2loopback"];
boot.extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 devices=3
'';
})
{
environment.systemPackages = with pkgs; [
linuxPackages.v4l2loopback
];
programs.sway.enable = true;
xdg.portal = {
enable = true;
wlr = {
enable = true;
settings = {
screencast = {
max_fps = 30;
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
};
};
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
};
services.pipewire.enable = true;
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = with pkgs; [
sway
grim
kanshi
mako
slurp
swayidle
swaylock
swaybg
xwayland
libappindicator-gtk3
wl-clipboard
wf-recorder
brightnessctl
gammastep
geoclue2
xsettingsd
ydotool
sway-launcher
record-screen
import-gtk-settings
s
wcwd
];
programs.waybar.enable = true;
#programs.waybar.systemd.enable = true;
systemd.user.services.mako = import ./mako.service.nix {inherit pkgs psCfg;};
systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;};
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;};
systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs);
xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix {
inherit psCfg;
inherit pkgs;
};
xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
};
}
]);
}

View file

@ -1,35 +0,0 @@
{
pkgs,
psCfg,
...
}: {
Unit = {
Description = "Idle manager for Wayland";
Documentation = ["man:swayidle(1)"];
BindsTo = ["graphical-session.target"];
Wants = ["graphical-session-pre.target"];
After = ["graphical-session-pre.target"];
};
Service = {
Type = "simple";
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin";
ExecStart =
'' swayidle -w \
after-resume 'swaymsg "output * dpms on"' \
before-sleep 'swaylock-bg' ''
+ (
if psCfg.paranoia.enable
then '' \
timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \
timeout 150 'systemctl hibernate'
''
else '' \
timeout 600 'swaylock-bg' \
timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"'
''
);
};
Install = {
WantedBy = ["sway-session.target"];
};
}

View file

@ -1,18 +0,0 @@
pkgs: {
Unit = {
Description = "A VNC server for wlroots based Wayland compositors ";
Documentation = "https://github.com/any1/wayvnc";
BindsTo = ["sway-session.target"];
After = ["graphical-session-pre.target" "network-online.target"];
Wants = ["graphical-session-pre.target" "network-online.target"];
};
Service = {
Type = "simple";
ExecStart = "${pkgs.wayvnc}/bin/wayvnc -r -p 0.0.0.0 5901";
};
Install = {
WantedBy = ["sway-session.target"];
};
}

View file

@ -9,31 +9,25 @@ with lib; let
cfg = config.pub-solar.terminal-life;
in {
options.pub-solar.terminal-life = {
enable = mkEnableOption "Life in black and white";
lite = mkOption {
full = mkOption {
description = ''
Enable a lite edition of terminal-life with less modules and a reduced package set.
Enable a full version
'';
default = false;
default = true;
type = types.bool;
};
};
config = mkIf cfg.enable {
config = {
programs.command-not-found.enable = false;
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = [
users.users."${psCfg.user.name}".packages = with pkgs; [
ack
asciinema
bat
blesh
exa
fd
gh
glow
jump
(nnn.overrideAttrs (o: {
patches =
@ -48,6 +42,19 @@ in {
watson
];
home-manager.users."${psCfg.user.name}" = {
xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;
programs.less = {
enable = true;
keys = ''
k forw-line
i back-line
K forw-scroll
I back-scroll
'';
};
# Starship is a fast and featureful shell prompt
# starship.toml has sane defaults that can be changed there
programs.starship = {
@ -71,8 +78,29 @@ in {
inherit pkgs;
inherit lib;
};
# Ensure nvim backup directory gets created
# Workaround for E510: Can't make backup file (add ! to override)
xdg.dataFile."nvim/backup/.keep".text = "";
xdg.dataFile."nvim/json-schemas/.keep".text = "";
# Generated with:
# docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json
xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
xdg.dataFile."nvim/templates/.keep".text = "";
programs.git = import ./git {};
xdg.configFile."git/config".text = import ./.config/git/config.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix {
inherit config;
inherit pkgs;
};
programs.direnv = import ./direnv {};
};
};

View file

@ -21,7 +21,7 @@ in {
withPython3 = true;
extraPackages = with pkgs;
lib.mkIf (!cfg.lite) [
lib.mkIf (cfg.full) [
ansible-language-server
ccls
gopls
@ -44,9 +44,7 @@ in {
universal-ctags
];
plugins = with pkgs.vimPlugins;
[]
++ lib.optionals (!cfg.lite) [
plugins = with pkgs.vimPlugins; lib.mkIf cfg.full [
(pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [
p.ini
p.json

View file

@ -6,14 +6,8 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.uhk;
in {
options.pub-solar.uhk = {
enable = mkEnableOption "Ultimate Hacking Keyboard";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
users.users."${psCfg.user.name}".packages = with pkgs; [
uhk-agent
];
@ -22,10 +16,10 @@ in {
services.udev.packages = with pkgs; [
uhk-agent
];
services.udev.extraRules = ''
SUBSYSTEM=="input", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", GROUP="input", MODE="0660"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
KERNEL=="hidraw*", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
'';
};
}

View file

@ -55,8 +55,7 @@ with lib; {
users = {
mutableUsers = false;
users = with pkgs;
pkgs.lib.setAttrByPath [psCfg.user.name] {
users."${psCfg.user.name}" = {
# Indicates whether this is an account for a “real” user.
# This automatically sets group to users, createHome to true,
# home to /home/username, useDefaultShell to true, and isSystemUser to false.

View file

@ -12,7 +12,7 @@ in {
./session-variables.nix
];
home-manager.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
home-manager.users."${psCfg.user.name}" = {
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
@ -22,66 +22,14 @@ in {
home.homeDirectory = "/home/${psCfg.user.name}";
home.stateVersion = "22.11";
home.packages = with pkgs; [];
fonts.fontconfig.enable = mkForce true;
programs.dircolors.enable = true;
programs.less = {
enable = true;
keys = ''
k forw-line
i back-line
K forw-scroll
I back-scroll
'';
};
home.file."xinitrc".source = ./.xinitrc;
xdg.enable = true;
xdg.mime.enable = true;
xdg.mimeApps = import ./mimeapps.nix;
xdg.configFile."git/config".text = import ./.config/git/config.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."dircolors".source = ./.config/dircolors;
xdg.configFile."xmodmap".source = ./.config/xmodmap;
xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs;
xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
xdg.configFile."mako/config".source = ./.config/mako/config;
xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
xdg.configFile."waybar/config".source = ./.config/waybar/config;
xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css;
xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css;
xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc;
xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc;
xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap;
xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py;
xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
# Ensure nvim backup directory gets created
# Workaround for E510: Can't make backup file (add ! to override)
xdg.dataFile."nvim/backup/.keep".text = "";
xdg.dataFile."nvim/json-schemas/.keep".text = "";
# Generated with:
# docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json
xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
xdg.dataFile."nvim/templates/.keep".text = "";
xdg.dataFile."scripts/.keep".text = "";
xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;
xdg.dataFile."shell.nix.tmpl" = {
text = ''
let

View file

@ -5,7 +5,6 @@
...
}: let
psCfg = config.pub-solar;
wlroots = psCfg.graphical.wayland;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
variables = {
XDG_CONFIG_HOME = xdg.configHome;
@ -20,10 +19,6 @@
ECORE_EVAS_ENGINE = "wayland_egl";
ELM_ENGINE = "wayland_egl";
SDL_VIDEODRIVER = "wayland";
WLR_RENDERER =
if wlroots.software-renderer.enable
then "pixman"
else "gles2";
EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";

View file

@ -6,18 +6,7 @@
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.virtualisation;
doesGaming = config.pub-solar.gaming.enable;
extraObsPlugins =
if doesGaming
then [pkgs.obs-studio-plugins.looking-glass-obs]
else [];
in {
options.pub-solar.virtualisation = {
enable = mkEnableOption "Life in libvirt";
};
config = mkIf cfg.enable {
boot.kernelParams = [
"amd_iommu=on"
"intel_iommu=on"
@ -28,13 +17,11 @@ in {
enable = true;
qemu.ovmf.enable = true;
};
users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
users.users."${psCfg.user.name}" = {
extraGroups = ["libvirtd"];
};
environment.systemPackages = with pkgs; [
coreutils-full
usbutils
libvirt
libvirt-glib
qemu
@ -48,10 +35,9 @@ in {
lgcl
];
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home-manager.users."${psCfg.user.name}" = {
xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory";
home.packages = extraObsPlugins;
home.packages = [pkgs.obs-studio-plugins.looking-glass-obs];
};
systemd.tmpfiles.rules = [
@ -66,5 +52,4 @@ in {
}
];
};
};
}

Some files were not shown because too many files have changed in this diff Show more