refactor: move fully away from modules & profiles distinction
This commit is contained in:
parent
078e738a31
commit
93bcf469ab
|
@ -8,35 +8,28 @@ with lib; let
|
|||
psCfg = config.pub-solar;
|
||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||
in {
|
||||
pub-solar.graphical.enable = true;
|
||||
pub-solar.sway.enable = true;
|
||||
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.plymouth.enable = true;
|
||||
|
||||
pub-solar.paranoia.enable = true;
|
||||
pub-solar.core.hibernation.enable = true;
|
||||
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
|
||||
pub-solar.core.hibernation.resumeOffset = 15296512;
|
||||
pub-solar.audio.bluetooth.enable = true;
|
||||
pub-solar.terminal-life.full = true;
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
networking.hostName = "biolimo";
|
||||
networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
|
||||
networking.networkmanager.wifi.backend = "wpa_supplicant";
|
||||
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
xdg.configFile = mkIf psCfg.sway.enable {
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
xdg.configFile = {
|
||||
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
||||
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
||||
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
||||
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
|
||||
};
|
||||
|
||||
home.packages = [
|
||||
inkscape
|
||||
];
|
||||
};
|
||||
|
||||
# For OpenProject development with https
|
||||
|
|
|
@ -9,10 +9,6 @@ with lib; let
|
|||
psCfg = config.pub-solar;
|
||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||
in {
|
||||
pub-solar.graphical.enable = true;
|
||||
pub-solar.sway.enable = true;
|
||||
pub-solar.virtualisation.enable = true;
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
hardware.opengl.extraPackages = with pkgs; [
|
||||
|
@ -23,62 +19,30 @@ in {
|
|||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.plymouth.enable = true;
|
||||
|
||||
pub-solar.paranoia.enable = true;
|
||||
pub-solar.core.hibernation.enable = true;
|
||||
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
|
||||
pub-solar.core.hibernation.resumeOffset = 115075072;
|
||||
|
||||
pub-solar.paperless.sync.masterNode = true;
|
||||
|
||||
age.secrets."drone-runner-exec-config" = {
|
||||
file = "${flake.self}/secrets/drone-runner-exec-config";
|
||||
mode = "400";
|
||||
owner = psCfg.user.name;
|
||||
};
|
||||
|
||||
pub-solar.docker-ci-runner = {
|
||||
enable = true;
|
||||
runnerVarsFile = config.age.secrets.drone-runner-exec-config.path;
|
||||
};
|
||||
|
||||
pub-solar.paperless.scannerDefaultDevice = "hp3900:libusb:005:004";
|
||||
pub-solar.terminal-life.full = true;
|
||||
|
||||
services.openssh.openFirewall = true;
|
||||
networking.hostName = "chocolatebar";
|
||||
networking.firewall.allowedTCPPorts =
|
||||
[443]
|
||||
++ (
|
||||
if psCfg.sway.vnc.enable
|
||||
then [5901]
|
||||
else []
|
||||
);
|
||||
networking.firewall.allowedUDPPorts = [43050];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
wayvnc
|
||||
drone-docker-runner
|
||||
stdenv.cc.cc.lib
|
||||
pkgs.hplip
|
||||
];
|
||||
|
||||
age.secrets."vnc-key.pem" = {
|
||||
file = "${flake.self}/secrets/vnc-key-chocolatebar.pem";
|
||||
mode = "400";
|
||||
owner = psCfg.user.name;
|
||||
};
|
||||
age.secrets."vnc-cert.pem" = {
|
||||
file = "${flake.self}/secrets/vnc-cert-chocolatebar.pem";
|
||||
mode = "400";
|
||||
owner = psCfg.user.name;
|
||||
};
|
||||
pub-solar.sway.vnc.enable = true;
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEMS=="usb", ATTRS{idVendor}=="04f9", ATTRS{idProduct}=="209e", ATTRS{serial}=="000W0H924252", MODE="0664", GROUP="lp", SYMLINK+="usb/lp0"
|
||||
'';
|
||||
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
xdg.configFile = mkIf psCfg.sway.enable {
|
||||
xdg.configFile = {
|
||||
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
|
||||
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
|
||||
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
|
||||
|
|
|
@ -17,7 +17,6 @@ with lib; let
|
|||
|
||||
isolateAnyGPU = isolateGPU != null;
|
||||
in {
|
||||
config = mkIf psCfg.virtualisation.enable {
|
||||
boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [
|
||||
"softdep amdgpu pre: vfio vfio_pci"
|
||||
(
|
||||
|
@ -78,5 +77,4 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -8,6 +8,12 @@
|
|||
self.nixosModules.base
|
||||
./biolimo
|
||||
self.nixosModules.b12f
|
||||
self.nixosModules.audio
|
||||
self.nixosModules.bluetooth
|
||||
self.nixosModules.docker
|
||||
self.nixosModules.graphical
|
||||
self.nixosModules.nextcloud
|
||||
self.nixosModules.office
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -17,6 +23,14 @@
|
|||
self.nixosModules.base
|
||||
./chocolatebar
|
||||
self.nixosModules.b12f
|
||||
self.nixosModules.audio
|
||||
self.nixosModules.virtualisation
|
||||
self.nixosModules.docker
|
||||
self.nixosModules.gaming
|
||||
self.nixosModules.graphical
|
||||
self.nixosModules.nextcloud
|
||||
self.nixosModules.office
|
||||
self.nixosModules.virtualisation
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -37,6 +51,7 @@
|
|||
./pie
|
||||
self.nixosModules.yule
|
||||
self.nixosModules.printing
|
||||
self.nixosModules.paperless
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -9,6 +9,8 @@ with lib; let
|
|||
psCfg = config.pub-solar;
|
||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||
in {
|
||||
pub-solar.core.disk-encryption-active = false;
|
||||
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
|
@ -21,9 +23,6 @@ in {
|
|||
|
||||
networking.hostName = "droppie";
|
||||
|
||||
pub-solar.core.disk-encryption-active = false;
|
||||
pub-solar.core.lite = true;
|
||||
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
users = ["${psCfg.user.name}"];
|
||||
|
|
|
@ -27,7 +27,6 @@ in {
|
|||
boot.kernelPackages = pkgs.linuxPackages_6_1;
|
||||
|
||||
pub-solar.core.disk-encryption-active = false;
|
||||
pub-solar.core.lite = true;
|
||||
|
||||
networking.hostName = "pie";
|
||||
networking.defaultGateway = {
|
||||
|
|
|
@ -11,8 +11,8 @@
|
|||
## In configs, they can be used under "lib.our"
|
||||
|
||||
deploy = import ./deploy.nix { inherit inputs lib; };
|
||||
|
||||
addLocalHostname = callLibs ./add-local-hostname.nix;
|
||||
recursiveMerge = callLibs ./recursive-merge.nix;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
16
lib/recursive-merge.nix
Normal file
16
lib/recursive-merge.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{ lib }:
|
||||
attrList:
|
||||
let
|
||||
f = attrPath:
|
||||
zipAttrsWith (
|
||||
n: values:
|
||||
if tail values == []
|
||||
then head values
|
||||
else if all isList values
|
||||
then unique (concatLists values)
|
||||
else if all isAttrs values
|
||||
then f (attrPath ++ [n]) values
|
||||
else last values
|
||||
);
|
||||
in
|
||||
f [] attrList;
|
15
modules/adb/default.nix
Normal file
15
modules/adb/default.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
in {
|
||||
programs.adb.enable = true;
|
||||
|
||||
users.users."${psCfg.user.name}" = {
|
||||
extraGroups = ["adbusers"];
|
||||
};
|
||||
}
|
|
@ -6,22 +6,12 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.arduino;
|
||||
in {
|
||||
options.pub-solar.arduino = {
|
||||
enable = mkEnableOption "Life with home automation";
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
|
||||
users.users."${psCfg.user.name}" = {
|
||||
extraGroups = ["dialout"];
|
||||
};
|
||||
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
home.packages = [
|
||||
packages = with pkgs; [
|
||||
arduino
|
||||
arduino-cli
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,31 +6,11 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.audio;
|
||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||
in {
|
||||
options.pub-solar.audio = {
|
||||
enable = mkEnableOption "Life in highs and lows";
|
||||
mopidy.enable = mkEnableOption "Life with mopidy";
|
||||
spotify.enable = mkEnableOption "Life in DRM";
|
||||
spotify.username = mkOption {
|
||||
description = "Spotify login username or email";
|
||||
type = types.str;
|
||||
example = "yourname@example.com";
|
||||
default = "";
|
||||
};
|
||||
bluetooth.enable = mkEnableOption "Life with bluetooth";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
|
||||
users.users."${psCfg.user.name}" = {
|
||||
extraGroups = ["audio"];
|
||||
};
|
||||
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
home.packages =
|
||||
[
|
||||
packages = with pkgs; [
|
||||
# easyeffects, e.g. for microphone noise filtering
|
||||
easyeffects
|
||||
mu
|
||||
|
@ -40,20 +20,19 @@ in {
|
|||
# Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?)
|
||||
pulseaudio
|
||||
vimpc
|
||||
]
|
||||
++ (
|
||||
if cfg.spotify.enable
|
||||
then [pkgs.spotify-tui]
|
||||
else []
|
||||
);
|
||||
spotify-tui
|
||||
];
|
||||
};
|
||||
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc;
|
||||
systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs;
|
||||
|
||||
services.spotifyd = mkIf cfg.spotify.enable {
|
||||
services.spotifyd = {
|
||||
enable = true;
|
||||
settings = {
|
||||
global = {
|
||||
username = cfg.spotify.username;
|
||||
username = "spotify@benjaminbaedorf.eu";
|
||||
password_cmd = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus ${pkgs.libsecret}/bin/secret-tool lookup spotify password";
|
||||
bitrate = 320;
|
||||
volume_normalisation = true;
|
||||
|
@ -75,57 +54,4 @@ in {
|
|||
# If you want to use JACK applications, uncomment this
|
||||
jack.enable = true;
|
||||
};
|
||||
|
||||
# Enable bluetooth
|
||||
hardware.bluetooth = mkIf cfg.bluetooth.enable {
|
||||
enable = true;
|
||||
# Disable bluetooth on startup to save battery
|
||||
powerOnBoot = false;
|
||||
# Disable useless SIM Access Profile plugin
|
||||
disabledPlugins = [
|
||||
"sap"
|
||||
];
|
||||
settings = {
|
||||
General = {
|
||||
# Enables experimental features and interfaces.
|
||||
# Makes BlueZ Battery Provider available
|
||||
Experimental = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
services.blueman.enable = mkIf cfg.bluetooth.enable true;
|
||||
environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = mkIf cfg.bluetooth.enable {
|
||||
text = ''
|
||||
bluez_monitor.properties = {
|
||||
["bluez5.enable-sbc-xq"] = true,
|
||||
["bluez5.enable-msbc"] = true,
|
||||
["bluez5.enable-hw-volume"] = true,
|
||||
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
# Enable audio server & client
|
||||
services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs);
|
||||
|
||||
# Make pulseaudio listen on port 4713 for mopidy, extending the default
|
||||
# config: https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/daemon/pipewire-pulse.conf.in
|
||||
environment.etc."pipewire/pipewire-pulse.conf.d/99-custom.conf" = mkIf cfg.mopidy.enable {
|
||||
text = ''
|
||||
{
|
||||
"context.modules": [
|
||||
{
|
||||
"name": "libpipewire-module-protocol-pulse",
|
||||
"args": {
|
||||
"server.address": ["unix:native", "tcp:4713"],
|
||||
"vm.overrides": {
|
||||
"pulse.min.quantum": "1024/48000"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
}
|
||||
|
|
35
modules/bluetooth/default.nix
Normal file
35
modules/bluetooth/default.nix
Normal file
|
@ -0,0 +1,35 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
# Disable bluetooth on startup to save battery
|
||||
powerOnBoot = false;
|
||||
# Disable useless SIM Access Profile plugin
|
||||
disabledPlugins = [
|
||||
"sap"
|
||||
];
|
||||
settings = {
|
||||
General = {
|
||||
# Enables experimental features and interfaces.
|
||||
# Makes BlueZ Battery Provider available
|
||||
Experimental = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.blueman.enable = true;
|
||||
environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = {
|
||||
text = ''
|
||||
bluez_monitor.properties = {
|
||||
["bluez5.enable-sbc-xq"] = true,
|
||||
["bluez5.enable-msbc"] = true,
|
||||
["bluez5.enable-hw-volume"] = true,
|
||||
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
flake,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.ci-runner;
|
||||
in {
|
||||
options.pub-solar.ci-runner = {
|
||||
enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.user.services.ci-runner = {
|
||||
enable = true;
|
||||
|
||||
description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM.";
|
||||
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
};
|
||||
|
||||
path = [
|
||||
pkgs.git
|
||||
pkgs.nix
|
||||
pkgs.libvirt
|
||||
];
|
||||
|
||||
wantedBy = ["multi-user.target"];
|
||||
after = ["network.target" "libvirtd.service"];
|
||||
|
||||
script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config'';
|
||||
};
|
||||
|
||||
age.secrets."drone-runner-exec-config" = {
|
||||
file = "${flake.self}/secrets/drone-runner-exec-config";
|
||||
mode = "700";
|
||||
owner = psCfg.user.name;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -7,12 +7,6 @@
|
|||
with lib; let
|
||||
cfg = config.pub-solar.core;
|
||||
in {
|
||||
options.pub-solar.core.iso-options.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Feature flag for iso builds";
|
||||
};
|
||||
|
||||
options.pub-solar.core.disk-encryption-active = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
|
@ -21,13 +15,10 @@ in {
|
|||
|
||||
config = {
|
||||
boot = {
|
||||
# Enable plymouth for better experience of booting
|
||||
plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true);
|
||||
|
||||
# Mount / luks device in initrd
|
||||
# Allow fstrim to work on it.
|
||||
# The ! makes this enabled by default
|
||||
initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) {
|
||||
initrd = mkIf cfg.disk-encryption-active {
|
||||
luks.devices."cryptroot" = {
|
||||
allowDiscards = true;
|
||||
};
|
||||
|
|
|
@ -9,33 +9,29 @@ in {
|
|||
imports = [
|
||||
./boot.nix
|
||||
./hibernation.nix
|
||||
./fonts.nix
|
||||
./i18n.nix
|
||||
./networking.nix
|
||||
./packages.nix
|
||||
./services.nix
|
||||
];
|
||||
|
||||
options.pub-solar.core = {
|
||||
lite = mkOption {
|
||||
description = ''
|
||||
Enable a lite edition of core with less default modules and a reduced package set.
|
||||
'';
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
# Service that makes Out of Memory Killer more effective
|
||||
services.earlyoom.enable = true;
|
||||
|
||||
services.logind.lidSwitch = "hibernate";
|
||||
|
||||
services.tor.settings = {
|
||||
UseBridges = true;
|
||||
};
|
||||
|
||||
config = {
|
||||
pub-solar = {
|
||||
audio.enable = mkIf (!cfg.lite) (mkDefault true);
|
||||
crypto.enable = mkIf (!cfg.lite) (mkDefault true);
|
||||
devops.enable = mkIf (!cfg.lite) (mkDefault true);
|
||||
# The options below are directly taken from or inspired by
|
||||
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
|
||||
|
||||
terminal-life = {
|
||||
enable = mkDefault true;
|
||||
lite = cfg.lite;
|
||||
};
|
||||
};
|
||||
};
|
||||
# Limit the use of sudo to the group wheel
|
||||
security.sudo.execWheelOnly = true;
|
||||
|
||||
# Remove the complete default environment of packages like
|
||||
# nano, perl and rsync
|
||||
environment.defaultPackages = lib.mkForce [];
|
||||
|
||||
# fileSystems."/".options = [ "noexec" ];
|
||||
}
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
fonts = {
|
||||
fonts = with pkgs; [powerline-fonts dejavu_fonts];
|
||||
fontconfig.defaultFonts = {
|
||||
monospace = ["DejaVu Sans Mono for Powerline"];
|
||||
sansSerif = ["DejaVu Sans"];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,34 +1,10 @@
|
|||
{
|
||||
flake,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.pub-solar.core;
|
||||
in {
|
||||
options.pub-solar.core = {
|
||||
enableCaddy = mkOption {
|
||||
type = types.bool;
|
||||
default = !cfg.lite;
|
||||
};
|
||||
enableHelp = mkOption {
|
||||
type = types.bool;
|
||||
default = !cfg.lite;
|
||||
};
|
||||
|
||||
binaryCaches = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = "Binary caches to use.";
|
||||
};
|
||||
publicKeys = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = "Public keys of binary caches.";
|
||||
};
|
||||
};
|
||||
config = {
|
||||
}: {
|
||||
# disable NetworkManager and systemd-networkd -wait-online by default
|
||||
systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false;
|
||||
systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
|
||||
|
@ -36,9 +12,40 @@ in {
|
|||
networking.networkmanager = {
|
||||
# Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff.
|
||||
enable = true;
|
||||
wifi.backend = "iwd";
|
||||
wifi.backend = lib.mkDefault "iwd";
|
||||
};
|
||||
|
||||
networking.firewall.enable = true;
|
||||
|
||||
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
|
||||
|
||||
# Caddy reverse proxy for local services like cups
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
globalConfig = ''
|
||||
default_bind 127.0.0.1
|
||||
auto_https off
|
||||
'';
|
||||
};
|
||||
|
||||
# For rage encryption, all hosts need a ssh key pair
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
allowSFTP = false;
|
||||
|
||||
# If you don't want the host to have SSH actually opened up to the net,
|
||||
# set `services.openssh.openFirewall` to false in your config.
|
||||
openFirewall = true;
|
||||
|
||||
settings.PasswordAuthentication = lib.mkDefault false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
|
||||
extraConfig = ''
|
||||
AllowTcpForwarding yes
|
||||
X11Forwarding no
|
||||
AllowAgentForwarding no
|
||||
AllowStreamLocalForwarding no
|
||||
AuthenticationMethods publickey
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -8,9 +8,7 @@ with lib; let
|
|||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.core;
|
||||
in {
|
||||
environment = {
|
||||
systemPackages = with pkgs;
|
||||
[
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Core unix utility packages
|
||||
coreutils-full
|
||||
dnsutils
|
||||
|
@ -18,62 +16,10 @@ in {
|
|||
progress
|
||||
pciutils
|
||||
usbutils
|
||||
|
||||
wget
|
||||
openssl
|
||||
openssh
|
||||
curl
|
||||
htop
|
||||
btop
|
||||
lsof
|
||||
psmisc
|
||||
file
|
||||
|
||||
# zippit
|
||||
zip
|
||||
unzip
|
||||
|
||||
# Modern modern utilities
|
||||
p7zip
|
||||
croc
|
||||
jq
|
||||
]
|
||||
++ lib.optionals (!cfg.lite) [
|
||||
mtr
|
||||
|
||||
gitFull
|
||||
git-lfs
|
||||
git-bug
|
||||
|
||||
xdg-utils
|
||||
sysfsutils
|
||||
renameutils
|
||||
nfs-utils
|
||||
moreutils
|
||||
mailutils
|
||||
keyutils
|
||||
input-utils
|
||||
elfutils
|
||||
binutils
|
||||
dateutils
|
||||
diffutils
|
||||
findutils
|
||||
exfat
|
||||
|
||||
# Nix specific utilities
|
||||
alejandra
|
||||
niv
|
||||
manix
|
||||
nix-index
|
||||
nix-tree
|
||||
nixpkgs-review
|
||||
# Build broken, python2.7-PyJWT-2.0.1.drv' failed
|
||||
#nixops
|
||||
psos
|
||||
nvd
|
||||
|
||||
# Fun
|
||||
neofetch
|
||||
gitFull
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,18 +0,0 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
# For rage encryption, all hosts need a ssh key pair
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
# If you don't want the host to have SSH actually opened up to the net,
|
||||
# set `services.openssh.openFirewall` to false in your config.
|
||||
openFirewall = lib.mkDefault true;
|
||||
settings.PasswordAuthentication = lib.mkDefault false;
|
||||
};
|
||||
|
||||
# Service that makes Out of Memory Killer more effective
|
||||
services.earlyoom.enable = true;
|
||||
}
|
|
@ -6,21 +6,20 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.crypto;
|
||||
in {
|
||||
options.pub-solar.crypto = {
|
||||
enable = mkEnableOption "Life in private";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.udev.packages = [pkgs.yubikey-personalization];
|
||||
services.dbus.packages = [pkgs.gcr];
|
||||
services.pcscd.enable = true;
|
||||
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
users.users."${psCfg.user.name}".packages = with pkgs; [
|
||||
gnome.seahorse
|
||||
keepassxc
|
||||
libsecret
|
||||
];
|
||||
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs;
|
||||
|
||||
services.gpg-agent = {
|
||||
|
@ -32,14 +31,5 @@ in {
|
|||
programs.gpg = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
home.packages = [
|
||||
gnome.seahorse
|
||||
keepassxc
|
||||
libsecret
|
||||
qMasterPassword
|
||||
restic
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -8,25 +8,19 @@
|
|||
nixosModules = rec {
|
||||
arduino = import ./arduino;
|
||||
audio = import ./audio;
|
||||
ci-runner = import ./ci-runner;
|
||||
bluetooth = import ./bluetooth;
|
||||
core = import ./core;
|
||||
crypto = import ./crypto;
|
||||
devops = import ./devops;
|
||||
docker = import ./docker;
|
||||
docker-ci-runner = import ./docker-ci-runner;
|
||||
email = import ./email;
|
||||
gaming = import ./gaming;
|
||||
graphical = import ./graphical;
|
||||
mobile = import ./mobile;
|
||||
adb = import ./adb;
|
||||
nix = import ./nix;
|
||||
nextcloud = import ./nextcloud;
|
||||
office = import ./office;
|
||||
paperless = import ./paperless;
|
||||
paranoia = import ./paranoia;
|
||||
printing = import ./printing;
|
||||
proxy = import ./proxy;
|
||||
social = import ./social;
|
||||
sway = import ./sway;
|
||||
terminal-life = import ./terminal-life;
|
||||
uhk = import ./uhk;
|
||||
user = import ./user;
|
||||
|
@ -66,33 +60,13 @@
|
|||
];
|
||||
})
|
||||
|
||||
self.nixosModules.arduino
|
||||
self.nixosModules.audio
|
||||
self.nixosModules.ci-runner
|
||||
self.nixosModules.core
|
||||
self.nixosModules.crypto
|
||||
self.nixosModules.devops
|
||||
self.nixosModules.docker
|
||||
self.nixosModules.docker-ci-runner
|
||||
self.nixosModules.email
|
||||
self.nixosModules.gaming
|
||||
self.nixosModules.graphical
|
||||
self.nixosModules.mobile
|
||||
self.nixosModules.nix
|
||||
self.nixosModules.nextcloud
|
||||
self.nixosModules.office
|
||||
self.nixosModules.paperless
|
||||
self.nixosModules.paranoia
|
||||
# self.nixosModules.printing
|
||||
self.nixosModules.proxy
|
||||
self.nixosModules.social
|
||||
self.nixosModules.sway
|
||||
self.nixosModules.terminal-life
|
||||
self.nixosModules.uhk
|
||||
self.nixosModules.user
|
||||
self.nixosModules.virtualisation
|
||||
|
||||
self.nixosModules.root
|
||||
self.nixosModules.user
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,32 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.devops;
|
||||
in {
|
||||
options.pub-solar.devops = {
|
||||
enable = mkEnableOption "Life automated";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
home.packages = [
|
||||
croc
|
||||
drone-cli
|
||||
nmap
|
||||
pgcli
|
||||
ansible
|
||||
ansible-lint
|
||||
restic
|
||||
shellcheck
|
||||
terraform
|
||||
tea
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,113 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
bootstrap = pkgs.writeScript "bootstrap.sh" ''
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
apt update
|
||||
apt install --yes curl git sudo xz-utils
|
||||
|
||||
adduser --system --uid 999 build
|
||||
chown build /nix
|
||||
|
||||
sudo -u build curl -L https://nixos.org/nix/install > install
|
||||
sudo -u build sh install
|
||||
|
||||
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
|
||||
|
||||
mkdir /etc/nix
|
||||
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
|
||||
|
||||
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
|
||||
mkdir -p $(dirname \\$nix_user_config_file)
|
||||
echo '{"extra-experimental-features":{"nix-command flakes":true}}' > \\$nix_user_config_file
|
||||
chown -R build /home/build/
|
||||
|
||||
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
|
||||
sudo install -t /usr/local/bin drone-runner-exec
|
||||
|
||||
if [ ! -f /run/vars ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cp -a /run/vars /run/runtime-vars
|
||||
env | grep "DRONE" >> /run/runtime-vars
|
||||
|
||||
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
|
||||
'';
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.docker-ci-runner;
|
||||
in {
|
||||
options.pub-solar.docker-ci-runner = {
|
||||
enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user.";
|
||||
|
||||
enableKvm = lib.mkOption {
|
||||
description = ''
|
||||
Enable kvm support.
|
||||
'';
|
||||
default = true;
|
||||
type = types.bool;
|
||||
};
|
||||
|
||||
nixCacheLocation = lib.mkOption {
|
||||
description = ''
|
||||
Location of nix cache that is shared between builds
|
||||
'';
|
||||
default = "/var/lib/docker-ci-runner";
|
||||
type = types.path;
|
||||
};
|
||||
|
||||
runnerEnvironment = lib.mkOption {
|
||||
description = ''
|
||||
Additional environment vars added to the vars file on container runtime
|
||||
'';
|
||||
default = {};
|
||||
};
|
||||
|
||||
runnerVarsFile = lib.mkOption {
|
||||
description = ''
|
||||
Location of vars file passed to drone runner
|
||||
'';
|
||||
type = types.path;
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
virtualisation = {
|
||||
docker = {
|
||||
enable = true; # sadly podman is not supported rightnow
|
||||
};
|
||||
|
||||
oci-containers = {
|
||||
backend = "docker";
|
||||
containers."drone-exec-runner" = {
|
||||
image = "debian";
|
||||
autoStart = true;
|
||||
entrypoint = "bash";
|
||||
cmd = ["/bootstrap.sh"];
|
||||
|
||||
volumes = [
|
||||
"${cfg.runnerVarsFile}:/run/vars"
|
||||
"${cfg.nixCacheLocation}:/nix"
|
||||
"${bootstrap}:/bootstrap.sh"
|
||||
];
|
||||
|
||||
environment = cfg.runnerEnvironment;
|
||||
|
||||
extraOptions = lib.mkIf cfg.enableKvm ["--device=/dev/kvm"];
|
||||
};
|
||||
};
|
||||
};
|
||||
# Fix container not stopping correctly and holding the system 120s upon
|
||||
# shutdown / reboot
|
||||
systemd.services.docker-drone-exec-runner.preStop = ''
|
||||
docker stop drone-exec-runner
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -6,21 +6,14 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.docker;
|
||||
in {
|
||||
options.pub-solar.docker = {
|
||||
enable = mkEnableOption "Life in metal boxes";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
virtualisation.docker.enable = true;
|
||||
users.users = with pkgs;
|
||||
pkgs.lib.setAttrByPath [psCfg.user.name] {
|
||||
|
||||
users.users."${psCfg.user.name}" = {
|
||||
extraGroups = ["docker"];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
docker-compose
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,16 +6,8 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.email;
|
||||
in {
|
||||
options.pub-solar.email = {
|
||||
enable = mkEnableOption "Life in headers";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
home.packages = [
|
||||
users.users."${psCfg.user.name}".packages = with pkgs; [
|
||||
w3m
|
||||
urlscan
|
||||
neomutt
|
||||
|
@ -24,10 +16,42 @@ in {
|
|||
mailto-mutt
|
||||
];
|
||||
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
programs.offlineimap = {
|
||||
enable = true;
|
||||
pythonFile = builtins.readFile ./offlineimap.py;
|
||||
};
|
||||
};
|
||||
|
||||
xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc;
|
||||
xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc;
|
||||
xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap;
|
||||
xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py;
|
||||
|
||||
xdg.configFile."mutt/accounts.muttrc".text = ''
|
||||
source ./hello@benjaminbaedorf.eu.muttrc
|
||||
|
||||
macro index <f1> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc<enter><change-folder>!<enter>'
|
||||
macro index <f2> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc<enter><change-folder>!<enter>'
|
||||
macro index <f3> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/b.baedorf@openproject.com.muttrc<enter><change-folder>!<enter>'
|
||||
macro index <f4> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/byb@miom.space.muttrc<enter><change-folder>!<enter>'
|
||||
macro index <f5> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/mail@b12f.io.muttrc<enter><change-folder>!<enter>'
|
||||
macro index <f6> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc<enter><change-folder>!<enter>'
|
||||
macro index <f7> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc<enter><change-folder>!<enter>'
|
||||
'';
|
||||
xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
|
||||
xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
|
||||
xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
|
||||
xdg.configFile."mutt/b.baedorf@openproject.com.muttrc".source = ./.config/mutt + "/b.baedorf@openproject.com.muttrc";
|
||||
xdg.configFile."mutt/b.baedorf@openproject.com.signature".source = ./.config/mutt + "/b.baedorf@openproject.com.signature";
|
||||
xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc";
|
||||
xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature";
|
||||
xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc";
|
||||
xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature";
|
||||
xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc";
|
||||
xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature";
|
||||
xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc";
|
||||
xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature";
|
||||
xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
|
||||
xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -6,25 +6,16 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.gaming;
|
||||
in {
|
||||
options.pub-solar.gaming = {
|
||||
enable = mkEnableOption "Life in shooters";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
programs.steam.enable = true;
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
steam = pkgs.steam.override {};
|
||||
};
|
||||
|
||||
home-manager.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
|
||||
home.packages = with pkgs; [
|
||||
users.users."${psCfg.user.name}".packages = with pkgs; [
|
||||
playonlinux
|
||||
godot
|
||||
obs-studio
|
||||
obs-studio-plugins.wlrobs
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Before Width: | Height: | Size: 513 KiB After Width: | Height: | Size: 513 KiB |
|
@ -6,36 +6,22 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.graphical;
|
||||
yamlFormat = pkgs.formats.yaml {};
|
||||
recursiveMerge = attrList: let
|
||||
f = attrPath:
|
||||
zipAttrsWith (
|
||||
n: values:
|
||||
if tail values == []
|
||||
then head values
|
||||
else if all isList values
|
||||
then unique (concatLists values)
|
||||
else if all isAttrs values
|
||||
then f (attrPath ++ [n]) values
|
||||
else last values
|
||||
);
|
||||
in
|
||||
f [] attrList;
|
||||
sessionVariables = {
|
||||
WLR_RENDERER =
|
||||
if psCfg.graphical.wayland.software-renderer.enable
|
||||
then "pixman"
|
||||
else "gles2";
|
||||
# Fix KeepassXC rendering issue
|
||||
# https://github.com/void-linux/void-packages/issues/23517
|
||||
QT_AUTO_SCREEN_SCALE_FACTOR = "0";
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
./sway
|
||||
];
|
||||
|
||||
options.pub-solar.graphical = {
|
||||
enable = mkEnableOption "Life in color";
|
||||
alacritty = {
|
||||
settings = mkOption {
|
||||
type = yamlFormat.type;
|
||||
default = {};
|
||||
};
|
||||
};
|
||||
autologin.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Feature flag enabling autologin after boot.";
|
||||
};
|
||||
wayland.software-renderer.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
|
@ -43,8 +29,11 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = {
|
||||
hardware.opengl.enable = true;
|
||||
# Needed for the udev rules for solaar
|
||||
hardware.logitech.wireless.enable = true;
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
gtk-engine-murrine
|
||||
|
@ -55,16 +44,20 @@ in {
|
|||
papirus-maia-icon-theme
|
||||
|
||||
glib
|
||||
xdg-utils
|
||||
];
|
||||
|
||||
etc = {
|
||||
"xdg/PubSolar.conf".text = ''
|
||||
[Qt]
|
||||
style=GTK+
|
||||
'';
|
||||
};
|
||||
|
||||
variables = sessionVariables;
|
||||
};
|
||||
|
||||
services.getty.autologinUser = mkIf cfg.autologin.enable (mkForce "${psCfg.user.name}");
|
||||
services.getty.autologinUser = psCfg.user.name;
|
||||
|
||||
qt = {
|
||||
enable = true;
|
||||
|
@ -79,9 +72,11 @@ in {
|
|||
services.gnome.sushi.enable = true;
|
||||
# Enable GVfs, a userspace virtual filesystem
|
||||
services.gvfs.enable = true;
|
||||
services.yubikey-agent.enable = true;
|
||||
|
||||
fonts.enableDefaultFonts = true;
|
||||
fonts.fonts = with pkgs; [
|
||||
fonts = {
|
||||
fonts = with pkgs; [
|
||||
dejavu_fonts
|
||||
fira-code
|
||||
fira-code-symbols
|
||||
google-fonts
|
||||
|
@ -94,15 +89,18 @@ in {
|
|||
powerline-fonts
|
||||
source-sans-pro
|
||||
];
|
||||
enableDefaultFonts = true;
|
||||
fontconfig.enable = true;
|
||||
fontconfig.defaultFonts = {
|
||||
monospace = ["DejaVu Sans Mono for Powerline"];
|
||||
sansSerif = ["DejaVu Sans"];
|
||||
};
|
||||
};
|
||||
|
||||
home-manager = with pkgs;
|
||||
setAttrByPath ["users" psCfg.user.name] {
|
||||
home.packages = [
|
||||
users.users."${psCfg.user.name}".packages = with pkgs; [
|
||||
alacritty
|
||||
foot
|
||||
ungoogled-chromium
|
||||
firefox-wayland
|
||||
|
||||
flameshot
|
||||
libnotify
|
||||
gnome.adwaita-icon-theme
|
||||
|
@ -110,21 +108,26 @@ in {
|
|||
gnome.nautilus
|
||||
gnome.yelp
|
||||
hicolor-icon-theme
|
||||
|
||||
wine
|
||||
|
||||
toggle-kbd-layout
|
||||
|
||||
wcwd
|
||||
|
||||
vlc
|
||||
|
||||
gimp
|
||||
];
|
||||
|
||||
xdg.configFile."alacritty/alacritty.yml" = {
|
||||
source = yamlFormat.generate "alacritty.yml" (recursiveMerge [(import ./alacritty.nix) cfg.alacritty.settings]);
|
||||
};
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
home.file."xinitrc".source = ./.xinitrc;
|
||||
xdg.configFile."alacritty/alacritty.yml".source = yamlFormat.generate "alacritty.yml" (import ./alacritty.nix);
|
||||
xdg.configFile."xmodmap".source = ./.config/xmodmap;
|
||||
xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs;
|
||||
xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
|
||||
xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
|
||||
xdg.configFile."mako/config".source = ./.config/mako/config;
|
||||
xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
|
||||
xdg.configFile."waybar/config".source = ./.config/waybar/config;
|
||||
xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css;
|
||||
xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css;
|
||||
xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
|
||||
|
||||
gtk = {
|
||||
enable = true;
|
||||
|
@ -147,13 +150,12 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
# Fix KeepassXC rendering issue
|
||||
# https://github.com/void-linux/void-packages/issues/23517
|
||||
systemd.user.sessionVariables.QT_AUTO_SCREEN_SCALE_FACTOR = "0";
|
||||
|
||||
xresources.extraConfig = builtins.readFile ./.Xdefaults;
|
||||
|
||||
systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs;
|
||||
|
||||
home.sessionVariables = sessionVariables;
|
||||
systemd.user.sessionVariables = sessionVariables;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
39
modules/graphical/sway/config/config.d/mode_system.conf.nix
Normal file
39
modules/graphical/sway/config/config.d/mode_system.conf.nix
Normal file
|
@ -0,0 +1,39 @@
|
|||
{
|
||||
pkgs,
|
||||
psCfg,
|
||||
...
|
||||
}:
|
||||
''
|
||||
# Set shut down, restart and locking features
|
||||
''
|
||||
+ (
|
||||
if psCfg.core.hibernation.enable
|
||||
then ''
|
||||
set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
|
||||
''
|
||||
else ''
|
||||
set $mode_system (e)xit, (r)eboot, (Shift+s)hutdown
|
||||
''
|
||||
)
|
||||
+ ''
|
||||
bindsym $mod+0 mode "$mode_system"
|
||||
|
||||
mode "$mode_system" {
|
||||
bindsym e exec swaymsg exit, mode "default"
|
||||
''
|
||||
+ (
|
||||
if psCfg.core.hibernation.enable
|
||||
then ''
|
||||
bindsym h exec systemctl hibernate, mode "default"
|
||||
''
|
||||
else ""
|
||||
)
|
||||
+ ''
|
||||
bindsym r exec systemctl reboot, mode "default"
|
||||
bindsym Shift+s exec systemctl poweroff, mode "default"
|
||||
|
||||
# exit system mode: "Enter" or "Escape"
|
||||
bindsym Return mode "default"
|
||||
bindsym Escape mode "default"
|
||||
}
|
||||
''
|
|
@ -19,7 +19,7 @@
|
|||
set $up i
|
||||
set $right l
|
||||
# Your preferred terminal emulator
|
||||
set $term ${config.pub-solar.sway.terminal}
|
||||
set $term ${pkgs.alacritty}
|
||||
# Your preferred application launcher
|
||||
# Note: pass the final command to swaymsg so that the resulting window can be opened
|
||||
# on the original workspace that the command was run on.
|
98
modules/graphical/sway/default.nix
Normal file
98
modules/graphical/sway/default.nix
Normal file
|
@ -0,0 +1,98 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
in {
|
||||
options.pub-solar.graphical = {
|
||||
v4l2loopback.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "WebCam streaming tool";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
boot = mkIf psCfg.graphical.v4l2loopback.enable {
|
||||
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
|
||||
kernelModules = ["v4l2loopback"];
|
||||
extraModprobeConfig = ''
|
||||
options v4l2loopback exclusive_caps=1 devices=3
|
||||
'';
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
linuxPackages.v4l2loopback
|
||||
];
|
||||
|
||||
programs.sway.enable = true;
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
wlr = {
|
||||
enable = true;
|
||||
settings = {
|
||||
screencast = {
|
||||
max_fps = 30;
|
||||
chooser_type = "simple";
|
||||
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
|
||||
};
|
||||
};
|
||||
};
|
||||
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
|
||||
};
|
||||
|
||||
services.pipewire.enable = true;
|
||||
|
||||
users.users."${psCfg.user.name}".packages = with pkgs; [
|
||||
sway
|
||||
grim
|
||||
kanshi
|
||||
mako
|
||||
slurp
|
||||
swayidle
|
||||
swaybg
|
||||
xwayland
|
||||
|
||||
libappindicator-gtk3
|
||||
|
||||
wl-clipboard
|
||||
wf-recorder
|
||||
brightnessctl
|
||||
gammastep
|
||||
geoclue2
|
||||
xsettingsd
|
||||
ydotool
|
||||
|
||||
sway-launcher
|
||||
record-screen
|
||||
import-gtk-settings
|
||||
s
|
||||
wcwd
|
||||
];
|
||||
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
programs.waybar.enable = true;
|
||||
#programs.waybar.systemd.enable = true;
|
||||
|
||||
systemd.user.services.mako = import ./mako.service.nix {inherit pkgs psCfg;};
|
||||
systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
|
||||
systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;};
|
||||
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
|
||||
systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;};
|
||||
systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
|
||||
|
||||
xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
|
||||
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
|
||||
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
|
||||
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
|
||||
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
|
||||
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
|
||||
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
|
||||
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
|
||||
};
|
||||
};
|
||||
}
|
26
modules/graphical/sway/swayidle.service.nix
Normal file
26
modules/graphical/sway/swayidle.service.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{
|
||||
pkgs,
|
||||
psCfg,
|
||||
...
|
||||
}: {
|
||||
Unit = {
|
||||
Description = "Idle manager for Wayland";
|
||||
Documentation = ["man:swayidle(1)"];
|
||||
BindsTo = ["graphical-session.target"];
|
||||
Wants = ["graphical-session-pre.target"];
|
||||
After = ["graphical-session-pre.target"];
|
||||
};
|
||||
Service = {
|
||||
Type = "simple";
|
||||
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swayidle}/bin";
|
||||
ExecStart = ''
|
||||
swayidle -w \
|
||||
before-sleep 'systemctl hibernate'
|
||||
timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \
|
||||
timeout 150 'systemctl hibernate'
|
||||
'';
|
||||
};
|
||||
Install = {
|
||||
WantedBy = ["sway-session.target"];
|
||||
};
|
||||
}
|
|
@ -1,23 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.mobile;
|
||||
in {
|
||||
options.pub-solar.mobile = {
|
||||
enable = mkEnableOption "Add android adb and tooling";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
programs.adb.enable = true;
|
||||
|
||||
users.users = with pkgs;
|
||||
lib.setAttrByPath [psCfg.user.name] {
|
||||
extraGroups = ["adbusers"];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -6,16 +6,8 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.nextcloud;
|
||||
in {
|
||||
options.pub-solar.nextcloud = {
|
||||
enable = mkEnableOption "Life in sync";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -5,6 +5,12 @@
|
|||
flake,
|
||||
...
|
||||
}: {
|
||||
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
||||
"steam"
|
||||
"steam-original"
|
||||
"steam-run"
|
||||
];
|
||||
|
||||
nix = {
|
||||
# Use default version alias for nix package
|
||||
package = pkgs.nix;
|
||||
|
|
|
@ -6,18 +6,10 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.office;
|
||||
in {
|
||||
options.pub-solar.office = {
|
||||
enable = mkEnableOption "Install office programs, also enables printing server";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# Gnome PDF viewer
|
||||
programs.evince.enable = true;
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
home.packages = [
|
||||
|
||||
users.users."${psCfg.user.name}".packages = with pkgs; [
|
||||
libreoffice-fresh
|
||||
gnome.simple-scan
|
||||
# Tools like pdfunite
|
||||
|
@ -25,6 +17,4 @@ in {
|
|||
# tool for annotating PDFs
|
||||
xournalpp
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{
|
||||
flake,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
|
@ -6,141 +7,48 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.paperless;
|
||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||
|
||||
dataDir = "${xdg.dataHome}/Paperless";
|
||||
consumptionDir = "/home/${psCfg.user.name}/.local/share/scandir";
|
||||
scannerDefaultDevice = "hp3900:libusb:005:004";
|
||||
in {
|
||||
options.pub-solar.paperless = {
|
||||
enable = mkEnableOption "All you need to go paperless";
|
||||
ocrLanguage = mkOption {
|
||||
description = "OCR language";
|
||||
type = types.str;
|
||||
example = "eng+deu";
|
||||
default = "eng";
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
description = "Directory to save data in";
|
||||
type = types.str;
|
||||
example = "/home/pub_solar/Paperless";
|
||||
default = "${xdg.dataHome}/Paperless";
|
||||
};
|
||||
|
||||
consumptionDir = mkOption {
|
||||
description = "Directory to be watched";
|
||||
type = types.str;
|
||||
example = "/var/lib/paperless/consume";
|
||||
default = "/var/lib/paperless/consume";
|
||||
};
|
||||
|
||||
sync = {
|
||||
enable = mkEnableOption ''
|
||||
You can use this option to sync several paperless instances, for example via nextcloud.
|
||||
It will sync the media directory and database, automatically merging sqlite dbs via dump and import.
|
||||
Logs, the classification model, and other files are left unsynced.
|
||||
'';
|
||||
|
||||
masterNode = mkEnableOption "If this node is the master node, it will only export paperless data, otherwise it will only import";
|
||||
|
||||
directory = mkOption {
|
||||
description = "Directory to sync with.";
|
||||
type = types.str;
|
||||
example = "/home/pub_solar/Nextcloud/Paperless";
|
||||
default = "/home/${psCfg.user.name}/Nextcloud/Paperless";
|
||||
};
|
||||
};
|
||||
|
||||
scannerDefaultDevice = mkOption {
|
||||
description = ''
|
||||
The scanner device. To find this, use `scanimage -L`.
|
||||
|
||||
For example, your output might be the following:
|
||||
|
||||
```
|
||||
device `v4l:/dev/video3' is a Noname Logitech StreamCam virtual device
|
||||
device `hp3900:libusb:005:002' is a Hewlett-Packard Scanjet G3010 flatbed scanner
|
||||
```
|
||||
|
||||
Here, the scannerDevice is `hp3900:libusb:005:002`.
|
||||
'';
|
||||
type = types.str;
|
||||
example = "hp3900:libusb:005:002";
|
||||
default = "";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.paperless = {
|
||||
enable = true;
|
||||
user = psCfg.user.name;
|
||||
consumptionDir = cfg.consumptionDir;
|
||||
dataDir = cfg.dataDir;
|
||||
consumptionDir = consumptionDir;
|
||||
dataDir = dataDir;
|
||||
address = "paperless.local";
|
||||
extraConfig = {
|
||||
PAPERLESS_OCR_LANGUAGE = cfg.ocrLanguage;
|
||||
PAPERLESS_OCR_LANGUAGE = "nld+deu";
|
||||
PAPERLESS_ADMIN_USER = psCfg.user.name;
|
||||
PAPERLESS_AUTO_LOGIN_USERNAME = psCfg.user.name;
|
||||
PAPERLESS_URL = "http://paperless.local";
|
||||
};
|
||||
};
|
||||
|
||||
home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
home.packages = with pkgs; [
|
||||
users.users."${psCfg.user.name}".packages = with pkgs; [
|
||||
scan2paperless
|
||||
sane-backends
|
||||
python310Packages.img2pdf
|
||||
];
|
||||
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
home.sessionVariables = {
|
||||
SCANNER_DEFAULT_DEVICE = cfg.scannerDefaultDevice;
|
||||
SCANNER_OUTPUT_DIR = cfg.consumptionDir;
|
||||
SCANNER_DEFAULT_DEVICE = scannerDefaultDevice;
|
||||
SCANNER_OUTPUT_DIR = consumptionDir;
|
||||
};
|
||||
systemd.user.sessionVariables = {
|
||||
SCANNER_DEFAULT_DEVICE = cfg.scannerDefaultDevice;
|
||||
SCANNER_OUTPUT_DIR = cfg.consumptionDir;
|
||||
SCANNER_DEFAULT_DEVICE = scannerDefaultDevice;
|
||||
SCANNER_OUTPUT_DIR = consumptionDir;
|
||||
};
|
||||
};
|
||||
|
||||
systemd = let
|
||||
copy-out = pkgs.writeShellScriptBin "copy-out" ''
|
||||
${pkgs.systemd}/bin/systemctl stop paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
|
||||
cp -r ${cfg.dataDir}/media ${cfg.sync.directory}/
|
||||
cp ${cfg.dataDir}/db.sqlite3 ${cfg.sync.directory}/db.sqlite3
|
||||
cp ${cfg.dataDir}/celerybeat-schedule.db ${cfg.sync.directory}/celerybeat-schedule.db
|
||||
cp ${cfg.dataDir}/classification_model.pickle ${cfg.sync.directory}/classification_model.pickle
|
||||
cp ${cfg.dataDir}/src-version ${cfg.sync.directory}/src-version
|
||||
chown -R ${psCfg.user.name}:users ${cfg.sync.directory}
|
||||
${pkgs.systemd}/bin/systemctl start paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
|
||||
networking.hosts = flake.self.lib.addLocalHostname ["paperless.local"];
|
||||
services.caddy.extraConfig = ''
|
||||
paperless.local:80 {
|
||||
request_header Host localhost:${builtins.toString config.services.paperless.port}
|
||||
reverse_proxy localhost:${builtins.toString config.services.paperless.port}
|
||||
}
|
||||
'';
|
||||
|
||||
copy-in = pkgs.writeShellScriptBin "copy-in" ''
|
||||
${pkgs.systemd}/bin/systemctl stop paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
|
||||
cp -r ${cfg.sync.directory}/media ${cfg.dataDir}/
|
||||
cp ${cfg.sync.directory}/db.sqlite3 ${cfg.dataDir}/db.sqlite3
|
||||
cp ${cfg.sync.directory}/celerybeat-schedule.db ${cfg.dataDir}/celerybeat-schedule.db
|
||||
cp ${cfg.sync.directory}/classification_model.pickle ${cfg.dataDir}/classification_model.pickle
|
||||
cp ${cfg.sync.directory}/src-version ${cfg.dataDir}/src-version
|
||||
${pkgs.systemd}/bin/systemctl start paperless-web.service paperless-task-queue.service paperless-scheduler.service paperless-consumer.service
|
||||
'';
|
||||
in mkIf cfg.sync.enable {
|
||||
services.nextcloud-paperless-autosync = {
|
||||
unitConfig = {
|
||||
Description = "Auto sync paperless to or from Nextcloud";
|
||||
After = "network-online.target";
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
ExecStart= if cfg.sync.masterNode then "${copy-out}/bin/copy-out" else "${copy-in}/bin/copy-in";
|
||||
TimeoutStopSec = "180";
|
||||
KillMode = "process";
|
||||
KillSignal = "SIGINT";
|
||||
};
|
||||
wantedBy = ["multi-user.target"];
|
||||
};
|
||||
|
||||
timers.nextcloud-paperless-autosync = {
|
||||
unitConfig.Description = "Automatic sync files with Nextcloud when booted up after 5 minutes then rerun every 30 minutes";
|
||||
timerConfig.OnUnitActiveSec = "30min";
|
||||
wantedBy = ["multi-user.target" "timers.target"];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,57 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.paranoia;
|
||||
in {
|
||||
options.pub-solar.paranoia = {
|
||||
enable = mkOption {
|
||||
description = ''
|
||||
Only offer hibernation instead of screen locking and sleeping. This only makes sense
|
||||
if your hard drive is encrypted, and ensures that the contents of your drive are
|
||||
encrypted if you are not actively using the device.
|
||||
'';
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
pub-solar.core.hibernation.enable = true;
|
||||
services.logind.lidSwitch = "hibernate";
|
||||
|
||||
services.tor.settings = {
|
||||
UseBridges = true;
|
||||
};
|
||||
|
||||
# The options below are directly taken from or inspired by
|
||||
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
|
||||
|
||||
# Don't set this if you need sftp
|
||||
services.openssh.allowSFTP = false;
|
||||
# services.openssh.openFirewall = false; # Lock yourself out
|
||||
|
||||
# Limit the use of sudo to the group wheel
|
||||
security.sudo.execWheelOnly = true;
|
||||
|
||||
# Remove the complete default environment of packages like
|
||||
# nano, perl and rsync
|
||||
environment.defaultPackages = lib.mkForce [];
|
||||
|
||||
# fileSystems."/".options = [ "noexec" ];
|
||||
|
||||
services.openssh = {
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
extraConfig = ''
|
||||
AllowTcpForwarding yes
|
||||
X11Forwarding no
|
||||
AllowAgentForwarding no
|
||||
AllowStreamLocalForwarding no
|
||||
AuthenticationMethods publickey
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
{
|
||||
flake,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
networking.hosts = flake.self.lib.addLocalHostname ["caddy.local"];
|
||||
|
||||
# Caddy reverse proxy for local services like cups
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
globalConfig = ''
|
||||
default_bind 127.0.0.1
|
||||
auto_https off
|
||||
'';
|
||||
extraConfig = (lib.concatStringsSep "\n" [
|
||||
(lib.optionalString
|
||||
config.pub-solar.paperless.enable
|
||||
''
|
||||
paperless.local:80 {
|
||||
request_header Host localhost:${builtins.toString config.services.paperless.port}
|
||||
reverse_proxy localhost:${builtins.toString config.services.paperless.port}
|
||||
}
|
||||
'')
|
||||
]);
|
||||
};
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.social;
|
||||
in {
|
||||
options.pub-solar.social = {
|
||||
enable = mkEnableOption "Life with others";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
home.packages = [
|
||||
signal-desktop
|
||||
tdesktop
|
||||
element-desktop
|
||||
irssi
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
psCfg,
|
||||
...
|
||||
}:
|
||||
''
|
||||
# Set shut down, restart and locking features
|
||||
''
|
||||
+ (
|
||||
if psCfg.core.hibernation.enable && !psCfg.paranoia.enable
|
||||
then ''
|
||||
set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
|
||||
''
|
||||
else if psCfg.paranoia.enable
|
||||
then ''
|
||||
set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
|
||||
''
|
||||
else ''
|
||||
set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown
|
||||
''
|
||||
)
|
||||
+ ''
|
||||
bindsym $mod+0 mode "$mode_system"
|
||||
mode "$mode_system" {
|
||||
bindsym e exec swaymsg exit, mode "default"
|
||||
''
|
||||
+ (
|
||||
if psCfg.core.hibernation.enable
|
||||
then ''
|
||||
bindsym h exec systemctl hibernate, mode "default"
|
||||
''
|
||||
else ""
|
||||
)
|
||||
+ (
|
||||
if !psCfg.paranoia.enable
|
||||
then ''
|
||||
bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default"
|
||||
bindsym s exec systemctl suspend, mode "default"
|
||||
''
|
||||
else ""
|
||||
)
|
||||
+ ''
|
||||
bindsym r exec systemctl reboot, mode "default"
|
||||
bindsym Shift+s exec systemctl poweroff, mode "default"
|
||||
|
||||
# exit system mode: "Enter" or "Escape"
|
||||
bindsym Return mode "default"
|
||||
bindsym Escape mode "default"
|
||||
}
|
||||
''
|
|
@ -1,118 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
in {
|
||||
options.pub-solar.sway = {
|
||||
enable = mkEnableOption "Life in boxes";
|
||||
|
||||
terminal = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = "alacritty";
|
||||
description = "Choose sway's default terminal";
|
||||
};
|
||||
|
||||
vnc.enable = mkEnableOption "Enable vnc service";
|
||||
|
||||
v4l2loopback.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "WebCam streaming tool";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf psCfg.sway.enable (mkMerge [
|
||||
(mkIf (psCfg.sway.v4l2loopback.enable) {
|
||||
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
|
||||
boot.kernelModules = ["v4l2loopback"];
|
||||
boot.extraModprobeConfig = ''
|
||||
options v4l2loopback exclusive_caps=1 devices=3
|
||||
'';
|
||||
})
|
||||
|
||||
{
|
||||
environment.systemPackages = with pkgs; [
|
||||
linuxPackages.v4l2loopback
|
||||
];
|
||||
|
||||
programs.sway.enable = true;
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
wlr = {
|
||||
enable = true;
|
||||
settings = {
|
||||
screencast = {
|
||||
max_fps = 30;
|
||||
chooser_type = "simple";
|
||||
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
|
||||
};
|
||||
};
|
||||
};
|
||||
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
|
||||
};
|
||||
|
||||
services.pipewire.enable = true;
|
||||
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
home.packages = with pkgs; [
|
||||
sway
|
||||
grim
|
||||
kanshi
|
||||
mako
|
||||
slurp
|
||||
swayidle
|
||||
swaylock
|
||||
swaybg
|
||||
xwayland
|
||||
|
||||
libappindicator-gtk3
|
||||
|
||||
wl-clipboard
|
||||
wf-recorder
|
||||
brightnessctl
|
||||
gammastep
|
||||
geoclue2
|
||||
xsettingsd
|
||||
ydotool
|
||||
|
||||
sway-launcher
|
||||
record-screen
|
||||
import-gtk-settings
|
||||
s
|
||||
wcwd
|
||||
];
|
||||
|
||||
programs.waybar.enable = true;
|
||||
#programs.waybar.systemd.enable = true;
|
||||
|
||||
systemd.user.services.mako = import ./mako.service.nix {inherit pkgs psCfg;};
|
||||
systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
|
||||
systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;};
|
||||
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
|
||||
systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;};
|
||||
systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
|
||||
|
||||
systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs);
|
||||
xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix {
|
||||
inherit psCfg;
|
||||
inherit pkgs;
|
||||
};
|
||||
|
||||
xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
|
||||
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
|
||||
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
|
||||
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
|
||||
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
|
||||
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
|
||||
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
|
||||
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
|
||||
};
|
||||
}
|
||||
]);
|
||||
}
|
|
@ -1,35 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
psCfg,
|
||||
...
|
||||
}: {
|
||||
Unit = {
|
||||
Description = "Idle manager for Wayland";
|
||||
Documentation = ["man:swayidle(1)"];
|
||||
BindsTo = ["graphical-session.target"];
|
||||
Wants = ["graphical-session-pre.target"];
|
||||
After = ["graphical-session-pre.target"];
|
||||
};
|
||||
Service = {
|
||||
Type = "simple";
|
||||
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin";
|
||||
ExecStart =
|
||||
'' swayidle -w \
|
||||
after-resume 'swaymsg "output * dpms on"' \
|
||||
before-sleep 'swaylock-bg' ''
|
||||
+ (
|
||||
if psCfg.paranoia.enable
|
||||
then '' \
|
||||
timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \
|
||||
timeout 150 'systemctl hibernate'
|
||||
''
|
||||
else '' \
|
||||
timeout 600 'swaylock-bg' \
|
||||
timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"'
|
||||
''
|
||||
);
|
||||
};
|
||||
Install = {
|
||||
WantedBy = ["sway-session.target"];
|
||||
};
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
pkgs: {
|
||||
Unit = {
|
||||
Description = "A VNC server for wlroots based Wayland compositors ";
|
||||
Documentation = "https://github.com/any1/wayvnc";
|
||||
BindsTo = ["sway-session.target"];
|
||||
After = ["graphical-session-pre.target" "network-online.target"];
|
||||
Wants = ["graphical-session-pre.target" "network-online.target"];
|
||||
};
|
||||
|
||||
Service = {
|
||||
Type = "simple";
|
||||
ExecStart = "${pkgs.wayvnc}/bin/wayvnc -r -p 0.0.0.0 5901";
|
||||
};
|
||||
|
||||
Install = {
|
||||
WantedBy = ["sway-session.target"];
|
||||
};
|
||||
}
|
|
@ -9,31 +9,25 @@ with lib; let
|
|||
cfg = config.pub-solar.terminal-life;
|
||||
in {
|
||||
options.pub-solar.terminal-life = {
|
||||
enable = mkEnableOption "Life in black and white";
|
||||
|
||||
lite = mkOption {
|
||||
full = mkOption {
|
||||
description = ''
|
||||
Enable a lite edition of terminal-life with less modules and a reduced package set.
|
||||
Enable a full version
|
||||
'';
|
||||
default = false;
|
||||
default = true;
|
||||
type = types.bool;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = {
|
||||
programs.command-not-found.enable = false;
|
||||
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
home.packages = [
|
||||
users.users."${psCfg.user.name}".packages = with pkgs; [
|
||||
ack
|
||||
asciinema
|
||||
bat
|
||||
blesh
|
||||
exa
|
||||
fd
|
||||
gh
|
||||
glow
|
||||
jump
|
||||
(nnn.overrideAttrs (o: {
|
||||
patches =
|
||||
|
@ -48,6 +42,19 @@ in {
|
|||
watson
|
||||
];
|
||||
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;
|
||||
|
||||
programs.less = {
|
||||
enable = true;
|
||||
keys = ''
|
||||
k forw-line
|
||||
i back-line
|
||||
K forw-scroll
|
||||
I back-scroll
|
||||
'';
|
||||
};
|
||||
|
||||
# Starship is a fast and featureful shell prompt
|
||||
# starship.toml has sane defaults that can be changed there
|
||||
programs.starship = {
|
||||
|
@ -71,8 +78,29 @@ in {
|
|||
inherit pkgs;
|
||||
inherit lib;
|
||||
};
|
||||
# Ensure nvim backup directory gets created
|
||||
# Workaround for E510: Can't make backup file (add ! to override)
|
||||
xdg.dataFile."nvim/backup/.keep".text = "";
|
||||
xdg.dataFile."nvim/json-schemas/.keep".text = "";
|
||||
# Generated with:
|
||||
# docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json
|
||||
xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
|
||||
xdg.dataFile."nvim/templates/.keep".text = "";
|
||||
|
||||
programs.git = import ./git {};
|
||||
xdg.configFile."git/config".text = import ./.config/git/config.nix {
|
||||
inherit config;
|
||||
inherit pkgs;
|
||||
};
|
||||
xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix {
|
||||
inherit config;
|
||||
inherit pkgs;
|
||||
};
|
||||
xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix {
|
||||
inherit config;
|
||||
inherit pkgs;
|
||||
};
|
||||
|
||||
programs.direnv = import ./direnv {};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -21,7 +21,7 @@ in {
|
|||
withPython3 = true;
|
||||
|
||||
extraPackages = with pkgs;
|
||||
lib.mkIf (!cfg.lite) [
|
||||
lib.mkIf (cfg.full) [
|
||||
ansible-language-server
|
||||
ccls
|
||||
gopls
|
||||
|
@ -44,9 +44,7 @@ in {
|
|||
universal-ctags
|
||||
];
|
||||
|
||||
plugins = with pkgs.vimPlugins;
|
||||
[]
|
||||
++ lib.optionals (!cfg.lite) [
|
||||
plugins = with pkgs.vimPlugins; lib.mkIf cfg.full [
|
||||
(pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [
|
||||
p.ini
|
||||
p.json
|
||||
|
|
|
@ -6,14 +6,8 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.uhk;
|
||||
in {
|
||||
options.pub-solar.uhk = {
|
||||
enable = mkEnableOption "Ultimate Hacking Keyboard";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
users.users."${psCfg.user.name}".packages = with pkgs; [
|
||||
uhk-agent
|
||||
];
|
||||
|
||||
|
@ -22,10 +16,10 @@ in {
|
|||
services.udev.packages = with pkgs; [
|
||||
uhk-agent
|
||||
];
|
||||
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="input", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", GROUP="input", MODE="0660"
|
||||
SUBSYSTEMS=="usb", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
|
||||
KERNEL=="hidraw*", ATTRS{idVendor}=="1d50", ATTRS{idProduct}=="612[0-7]", TAG+="uaccess"
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -55,8 +55,7 @@ with lib; {
|
|||
users = {
|
||||
mutableUsers = false;
|
||||
|
||||
users = with pkgs;
|
||||
pkgs.lib.setAttrByPath [psCfg.user.name] {
|
||||
users."${psCfg.user.name}" = {
|
||||
# Indicates whether this is an account for a “real” user.
|
||||
# This automatically sets group to users, createHome to true,
|
||||
# home to /home/username, useDefaultShell to true, and isSystemUser to false.
|
||||
|
|
|
@ -12,7 +12,7 @@ in {
|
|||
./session-variables.nix
|
||||
];
|
||||
|
||||
home-manager.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
# Let Home Manager install and manage itself.
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
|
@ -22,66 +22,14 @@ in {
|
|||
home.homeDirectory = "/home/${psCfg.user.name}";
|
||||
home.stateVersion = "22.11";
|
||||
|
||||
home.packages = with pkgs; [];
|
||||
|
||||
fonts.fontconfig.enable = mkForce true;
|
||||
|
||||
programs.dircolors.enable = true;
|
||||
|
||||
programs.less = {
|
||||
enable = true;
|
||||
keys = ''
|
||||
k forw-line
|
||||
i back-line
|
||||
K forw-scroll
|
||||
I back-scroll
|
||||
'';
|
||||
};
|
||||
|
||||
home.file."xinitrc".source = ./.xinitrc;
|
||||
|
||||
xdg.enable = true;
|
||||
xdg.mime.enable = true;
|
||||
xdg.mimeApps = import ./mimeapps.nix;
|
||||
|
||||
xdg.configFile."git/config".text = import ./.config/git/config.nix {
|
||||
inherit config;
|
||||
inherit pkgs;
|
||||
};
|
||||
xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix {
|
||||
inherit config;
|
||||
inherit pkgs;
|
||||
};
|
||||
xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix {
|
||||
inherit config;
|
||||
inherit pkgs;
|
||||
};
|
||||
xdg.configFile."dircolors".source = ./.config/dircolors;
|
||||
xdg.configFile."xmodmap".source = ./.config/xmodmap;
|
||||
xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs;
|
||||
xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
|
||||
xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
|
||||
xdg.configFile."mako/config".source = ./.config/mako/config;
|
||||
xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
|
||||
xdg.configFile."waybar/config".source = ./.config/waybar/config;
|
||||
xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css;
|
||||
xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css;
|
||||
xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc;
|
||||
xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc;
|
||||
xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap;
|
||||
xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py;
|
||||
xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
|
||||
|
||||
# Ensure nvim backup directory gets created
|
||||
# Workaround for E510: Can't make backup file (add ! to override)
|
||||
xdg.dataFile."nvim/backup/.keep".text = "";
|
||||
xdg.dataFile."nvim/json-schemas/.keep".text = "";
|
||||
# Generated with:
|
||||
# docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json
|
||||
xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
|
||||
xdg.dataFile."nvim/templates/.keep".text = "";
|
||||
xdg.dataFile."scripts/.keep".text = "";
|
||||
xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;
|
||||
xdg.dataFile."shell.nix.tmpl" = {
|
||||
text = ''
|
||||
let
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
...
|
||||
}: let
|
||||
psCfg = config.pub-solar;
|
||||
wlroots = psCfg.graphical.wayland;
|
||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||
variables = {
|
||||
XDG_CONFIG_HOME = xdg.configHome;
|
||||
|
@ -20,10 +19,6 @@
|
|||
ECORE_EVAS_ENGINE = "wayland_egl";
|
||||
ELM_ENGINE = "wayland_egl";
|
||||
SDL_VIDEODRIVER = "wayland";
|
||||
WLR_RENDERER =
|
||||
if wlroots.software-renderer.enable
|
||||
then "pixman"
|
||||
else "gles2";
|
||||
|
||||
EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
|
||||
VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
|
||||
|
|
|
@ -6,18 +6,7 @@
|
|||
}:
|
||||
with lib; let
|
||||
psCfg = config.pub-solar;
|
||||
cfg = config.pub-solar.virtualisation;
|
||||
doesGaming = config.pub-solar.gaming.enable;
|
||||
extraObsPlugins =
|
||||
if doesGaming
|
||||
then [pkgs.obs-studio-plugins.looking-glass-obs]
|
||||
else [];
|
||||
in {
|
||||
options.pub-solar.virtualisation = {
|
||||
enable = mkEnableOption "Life in libvirt";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
boot.kernelParams = [
|
||||
"amd_iommu=on"
|
||||
"intel_iommu=on"
|
||||
|
@ -28,13 +17,11 @@ in {
|
|||
enable = true;
|
||||
qemu.ovmf.enable = true;
|
||||
};
|
||||
users.users = pkgs.lib.setAttrByPath [psCfg.user.name] {
|
||||
users.users."${psCfg.user.name}" = {
|
||||
extraGroups = ["libvirtd"];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
coreutils-full
|
||||
usbutils
|
||||
libvirt
|
||||
libvirt-glib
|
||||
qemu
|
||||
|
@ -48,10 +35,9 @@ in {
|
|||
lgcl
|
||||
];
|
||||
|
||||
home-manager = with pkgs;
|
||||
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
|
||||
home-manager.users."${psCfg.user.name}" = {
|
||||
xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory";
|
||||
home.packages = extraObsPlugins;
|
||||
home.packages = [pkgs.obs-studio-plugins.looking-glass-obs];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
|
@ -66,5 +52,4 @@ in {
|
|||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue