jakalx/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: jakalx:10b166b4d015c2ce9236b8ec82947b2aa6a61052
Branches Tags
jakalx:main
jakalx:develop
jakalx:feature/hledger-web-module
..
compare: jakalx:686a548e9c2c6f9799916768be62371461f50daf
Branches Tags
jakalx:develop
jakalx:main
jakalx:feature/hledger-web-module

No commits in common. "10b166b4d015c2ce9236b8ec82947b2aa6a61052" and "686a548e9c2c6f9799916768be62371461f50daf" have entirely different histories.
10b166b4d0 ... 686a548e9c

67 changed files with 825 additions and 3497 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc
View file

@ -1 +0,0 @@
use flake

446
flake.lock generated
View file

@ -6,15 +6,14 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1745630506, "lastModified": 1701216516,
"narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "96e078c646b711aee04b82ba01aefbff87004ded", "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -47,11 +46,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744478979, "lastModified": 1673295039,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b", "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -68,11 +67,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1746695594, "lastModified": 1706302763,
"narHash": "sha256-pAAWYs3S+/tY65vemHZdVSXpeIz4JINEJZoPoBjr8JU=", "narHash": "sha256-Le1wk75qlzOSfzDk8vqYxSdoEyr/ORIbMhziltVNGYw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "6bb82b77ce140137177e30df067759931ab60a73", "rev": "f7424625dc1f2e4eceac3009cbd1203d566feebc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -81,51 +80,36 @@
"type": "github" "type": "github"
} }
}, },
"distro-grub-themes": { "emacs": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs-unstable"
] ],
"nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1734806114, "lastModified": 1702399955,
"narHash": "sha256-FWkDtoLMTTk2Lz4d4LkFjtV/xYyIlpwZlX5Np1QhXls=", "narHash": "sha256-FnB5O1RVFzj3h7Ayf7UxFnOL1gsJuG6gn1LCTd9dKFs=",
"owner": "AdisonCavani", "owner": "nix-community",
"repo": "distro-grub-themes", "repo": "emacs-overlay",
"rev": "ebbd17419890059e371a6f2dbf2a7e76190327d4", "rev": "47798c4ab07d5f055bb2625010cf6d8e3f384923",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "AdisonCavani", "owner": "nix-community",
"repo": "distro-grub-themes", "repo": "emacs-overlay",
"type": "github" "type": "github"
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1668681692,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -136,14 +120,14 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1701680307,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -152,27 +136,6 @@
"type": "github" "type": "github"
} }
}, },
"gitignore": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -181,11 +144,31 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745494811, "lastModified": 1682203081,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager-unstable": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1702538064,
"narHash": "sha256-At5GwJPu2tzvS9dllhBoZmqK6lkkh/sOp2YefWRlaL8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0e2e443ff24f9d75925e91b89d1da44b863734af",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -201,15 +184,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1746719124, "lastModified": 1702195709,
"narHash": "sha256-KOL73WIjO00ds1oIe+5HAcGcpd/TfE6dymmmYbiSlYM=", "narHash": "sha256-+zRjWkm5rKqQ57PuLZ3JF3xi3vPMiOJzItb1m/43Cq4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3c59c5132b64e885faca381e713b579dcbddba75", "rev": "6761b8188b860f374b457eddfdb05c82eef9752f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -219,14 +203,15 @@
"nixpkgs": [ "nixpkgs": [
"nix-on-droid", "nix-on-droid",
"nixpkgs" "nixpkgs"
] ],
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1709445365, "lastModified": 1663932797,
"narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", "narHash": "sha256-IH8ZBW99W2k7wKLS+Sat9HiKX1TPZjFTnsPizK5crok=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", "rev": "de3758e31a3a1bc79d569f5deb5dac39791bf9b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -245,11 +230,11 @@
"nmt": "nmt" "nmt": "nmt"
}, },
"locked": { "locked": {
"lastModified": 1705252799, "lastModified": 1666720474,
"narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=", "narHash": "sha256-iWojjDS1D19zpeZXbBdjWb9MiKmVVFQCqtJmtTXgPx8=",
"owner": "Gerschtli", "owner": "Gerschtli",
"repo": "nix-formatter-pack", "repo": "nix-formatter-pack",
"rev": "2de39dedd79aab14c01b9e2934842051a160ffa5", "rev": "14876cc8fe94a3d329964ecb073b4c988c7b61f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -265,32 +250,125 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs-droid" "nixpkgs-droid"
], ],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd_2" "nmd": "nmd_2"
}, },
"locked": { "locked": {
"lastModified": 1720396533, "lastModified": 1688144254,
"narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=", "narHash": "sha256-8KL1l/7eP2Zm1aJjdVaSOk0W5kTnJo9kcgW03gqWuiI=",
"owner": "t184256", "owner": "t184256",
"repo": "nix-on-droid", "repo": "nix-on-droid",
"rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25", "rev": "2301e01d48c90b60751005317de7a84a51a87eb6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "t184256", "owner": "t184256",
"ref": "release-24.05", "ref": "release-23.05",
"repo": "nix-on-droid", "repo": "nix-on-droid",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1746461020, "lastModified": 1702346276,
"narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=", "narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae", "rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-22_11": {
"locked": {
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1704290814,
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-droid": {
"locked": {
"lastModified": 1702350026,
"narHash": "sha256-A+GNZFZdfl4JdDphYKBJ5Ef1HOiFsP18vQe9mqjmUis=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9463103069725474698139ab10f17a9d125da859",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1686921029,
"narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1702221085,
"narHash": "sha256-Br3GCSkkvkmw46cT6wCz6ro2H1WgDMWbKE0qctbdtL0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c2786e7084cbad90b4f9472d5b5e35ecb57958af",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1705316053,
"narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -300,76 +378,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-24_11": {
"locked": {
"lastModified": 1734083684,
"narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"type": "indirect"
}
},
"nixpkgs-docs": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-droid": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1732014248, "lastModified": 1670751203,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -395,25 +410,19 @@
} }
}, },
"nmd_2": { "nmd_2": {
"inputs": { "flake": false,
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
],
"scss-reset": "scss-reset"
},
"locked": { "locked": {
"lastModified": 1705050560, "lastModified": 1666190571,
"narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=", "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
"owner": "~rycee", "owner": "rycee",
"repo": "nmd", "repo": "nmd",
"rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3", "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
"type": "sourcehut" "type": "gitlab"
}, },
"original": { "original": {
"owner": "~rycee", "owner": "rycee",
"repo": "nmd", "repo": "nmd",
"type": "sourcehut" "type": "gitlab"
} }
}, },
"nmt": { "nmt": {
@ -432,71 +441,35 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746537231,
"narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "fa466640195d38ec97cf0493d6d6882bc4d14969",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"disko": "disko", "disko": "disko",
"distro-grub-themes": "distro-grub-themes", "emacs": "emacs",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"home-manager-unstable": "home-manager-unstable",
"nix-on-droid": "nix-on-droid", "nix-on-droid": "nix-on-droid",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-droid": "nixpkgs-droid", "nixpkgs-droid": "nixpkgs-droid",
"pre-commit-hooks": "pre-commit-hooks", "nixpkgs-unstable": "nixpkgs-unstable",
"snm": "snm", "snm": "snm"
"stable": "stable"
}
},
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1631450058,
"narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
} }
}, },
"snm": { "snm": {
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-24_11": "nixpkgs-24_11" "nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
"utils": "utils_2"
}, },
"locked": { "locked": {
"lastModified": 1746637515, "lastModified": 1703666786,
"narHash": "sha256-bUq2uHmsfY3SpJrR4dpncITykufTiD2320JsOKgIYl0=", "narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "a7d2b05a9920d90f5eb8076f449acdb6c1ad79ca", "rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -506,22 +479,6 @@
"type": "gitlab" "type": "gitlab"
} }
}, },
"stable": {
"locked": {
"lastModified": 1746557022,
"narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -537,18 +494,33 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": { "utils": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1659877975,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "nix-systems", "owner": "numtide",
"repo": "default", "repo": "flake-utils",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "owner": "numtide",
"repo": "default", "repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github" "type": "github"
} }
} }

172
flake.nix
View file

@ -1,20 +1,17 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
stable.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs-droid.url = "github:NixOS/nixpkgs/nixos-23.05";
nixpkgs-droid.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
distro-grub-themes = { home-manager = {
url = "github:AdisonCavani/distro-grub-themes"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; home-manager-unstable = {
pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
# simple mailserver # simple mailserver
@ -24,15 +21,15 @@
}; };
nix-on-droid = { nix-on-droid = {
url = "github:t184256/nix-on-droid/release-24.05"; url = "github:t184256/nix-on-droid/release-23.05";
inputs.nixpkgs.follows = "nixpkgs-droid"; inputs.nixpkgs.follows = "nixpkgs-droid";
}; };
# emacs = { emacs = {
# url = "github:nix-community/emacs-overlay"; url = "github:nix-community/emacs-overlay";
# inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs-unstable";
# }; };
#
# simplex-chat = { # simplex-chat = {
# url = "github:simplex-chat/simplex-chat"; # url = "github:simplex-chat/simplex-chat";
# inputs.nixpkgs.follows = "nixpkgs"; # inputs.nixpkgs.follows = "nixpkgs";
@ -48,110 +45,51 @@
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs = { home-manager, nixpkgs, nixpkgs-unstable, ... }@inputs: {
{ nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
self, system = "x86_64-linux";
home-manager, specialArgs = { inherit inputs; };
nixpkgs, modules = let
stable, postfix-overlay = final: prev: {
pre-commit-hooks, postfix = nixpkgs-unstable.legacyPackages."x86_64-linux".postfix;
... };
}@inputs: in [
{ ({ inputs, lib, ... }: {
checks."x86_64-linux" = nixpkgs = {
let config.allowUnfree = true;
system = "x86_64-linux"; overlays = with inputs; [ emacs.overlay postfix-overlay ];
pkgs = import nixpkgs { inherit system; };
in
{
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
tools.fourmolu = pkgs.haskellPackages.fourmolu;
tools.nixfmt = pkgs.nixfmt-rfc-style;
hooks = {
nixfmt-rfc-style.enable = true;
fourmolu.enable = true;
hpack.enable = true;
hlint.enable = true;
ormolu = {
settings.defaultExtensions = [ "GHC2021" ];
};
};
}; };
}; nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
})
./hosts/thrall
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alex = import ./home/alex/cli.nix;
}
];
};
nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem rec { nixosConfigurations."dregil" = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = { inherit inputs; };
inherit inputs; modules = [ ./hosts/dregil ];
inherit system; };
};
nixosConfigurations."igor" = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./hosts/igor ];
};
nixOnDroidConfigurations.default = with inputs;
nix-on-droid.lib.nixOnDroidConfiguration {
modules = [ modules = [
( ./hosts/redmi
{ inputs, lib, ... }: { nix.registry.nixpkgs.flake = nixpkgs-droid; }
{ { nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
nixpkgs = {
config.allowUnfree = true;
# overlays = with inputs; [
# emacs.overlay
# ];
};
}
)
./hosts/thrall
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {
inherit inputs;
};
}
{ home-manager.users.alex = ./hosts/thrall/alex.nix; }
]; ];
}; };
};
nixosConfigurations."dregil" = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
inherit system;
stable = import inputs.stable { system = "x86_64-linux"; };
};
modules = [ ./hosts/dregil ];
};
nixosConfigurations."igor" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [ ./hosts/igor ];
};
nixOnDroidConfigurations.default =
with inputs;
nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs-droid { };
modules = [
./hosts/redmi
{ nix.registry.nixpkgs.flake = nixpkgs-droid; }
{ nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
];
};
devShells."x86_64-linux".default =
let
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
in
pkgs.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
packages = with pkgs; [
nixfmt-rfc-style
nil
];
};
};
} }

73
home/alex/cli.nix
View file

@ -9,18 +9,11 @@ let
}; };
myEza = if builtins.hasAttr "eza" pkgs then "eza" else "exa"; myEza = if builtins.hasAttr "eza" pkgs then "eza" else "exa";
in in {
{
imports = [ imports = [
./programs/neovim/default.nix ./programs/neovim/default.nix
./programs/emacs/default.nix ./programs/emacs/default.nix
./programs/editorconfig ./programs/editorconfig
./programs/jq
./programs/fzf
./programs/git
./programs/jujutsu
./programs/shell
./programs/devenv.nix
]; ];
programs.home-manager.enable = true; programs.home-manager.enable = true;
@ -44,7 +37,7 @@ in
# nix tools # nix tools
nix-index nix-index
nixfmt-rfc-style nixfmt
# misc # misc
fd # better find fd # better find
file # info about files file # info about files
@ -62,19 +55,13 @@ in
shellcheck shellcheck
editorconfig-core-c editorconfig-core-c
shfmt shfmt
(aspellWithDicts ( (aspellWithDicts (dicts: with dicts; [ en en-computers en-science de ]))
dicts: with dicts; [
en
en-computers
en-science
de
]
))
# system tools # system tools
htop-vim # htop with vim bindings htop-vim # htop with vim bindings
erdtree # du+tree had sex erdtree # du+tree had sex
dua # ncdu but better dua # ncdu but better
fzf
gopass gopass
gopass-jsonapi gopass-jsonapi
@ -93,11 +80,7 @@ in
nix-prefetch-git nix-prefetch-git
]; ];
home.extraOutputsToInstall = [ home.extraOutputsToInstall = [ "doc" "info" "devdoc" ];
"doc"
"info"
"devdoc"
];
xdg.enable = true; xdg.enable = true;
@ -126,9 +109,7 @@ in
}; };
programs = { programs = {
bash = { bash = { enable = true; };
enable = true;
};
# better cat # better cat
bat.enable = true; bat.enable = true;
@ -136,21 +117,28 @@ in
# htop replacement with a nice UI # htop replacement with a nice UI
btop.enable = true; btop.enable = true;
zsh = {
enable = true;
enableAutosuggestions = true;
oh-my-zsh = {
enable = true;
plugins = [ "git" "fzf" "fd" "z" ];
theme = "simple";
};
};
# better ls with icons and stuff, maybe also try lsd # better ls with icons and stuff, maybe also try lsd
${myEza} = { ${myEza} = {
enable = true; enable = true;
icons = "auto"; icons = true;
enableAliases = true;
}; };
starship = { starship = { enable = true; };
enable = true;
};
direnv = { direnv = {
enable = true; enable = true;
nix-direnv = { nix-direnv = { enable = true; };
enable = true;
};
enableZshIntegration = true; enableZshIntegration = true;
enableBashIntegration = true; enableBashIntegration = true;
}; };
@ -160,11 +148,18 @@ in
settings.git_protocol = "ssh"; settings.git_protocol = "ssh";
}; };
git = {
enable = true;
ignores = [ "*~" "*.swp" "result" "dist-newstyle" ];
userEmail = user.mail;
userName = user.fullName;
aliases = { st = "status"; };
extraConfig = { init.defaultBranch = "main"; };
};
gpg = { gpg = {
enable = true; enable = true;
settings = { settings = { homedir = "~/.local/share/gnupg"; };
homedir = "~/.local/share/gnupg";
};
}; };
helix = { helix = {
@ -175,9 +170,7 @@ in
password-store = { password-store = {
enable = true; enable = true;
package = pkgs.gopass; package = pkgs.gopass;
settings = { settings = { PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; };
PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
};
}; };
ssh.enable = true; ssh.enable = true;
@ -188,8 +181,8 @@ in
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; enableSshSupport = true;
defaultCacheTtl = 7200; defaultCacheTtl = 300;
defaultCacheTtlSsh = 7200; defaultCacheTtlSsh = 300;
}; };
home.file.".local" = { home.file.".local" = {

21
home/alex/default.nix
View file

@ -1,24 +1,11 @@
{ { config, lib, pkgs, inputs, ... }:
config, let electron-overlay = final: prev: { electron = final.electron_25; };
lib, in {
pkgs,
inputs,
...
}:
let
electron-overlay = final: prev: { electron = final.electron_25; };
in
{
imports = [ ]; imports = [ ];
users.users."alex" = { users.users."alex" = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [ "input" "networkmanager" "wheel" ];
"input"
"networkmanager"
"wheel"
"video"
];
description = "Alexander Kobjolke"; description = "Alexander Kobjolke";
home = "/home/alex"; home = "/home/alex";
shell = pkgs.zsh; shell = pkgs.zsh;

91
home/alex/home.nix
View file

@ -1,30 +1,9 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
stable,
...
}:
{ {
imports = [ imports = [
./cli.nix ./cli.nix
./programs/rofi # ./programs/xmonad/default.nix
./programs/xmonad
#./programs/i3
./programs/jitsi-meet
./programs/simplex-chat
./programs/zathura
./programs/autorandr
./services/polybar
./services/dunst
./services/udiskie
# ./services/picom
./services/screen-locker
./services/blueman-applet
./services/network-manager
./services/syncthing
./services/git-sync
./modules/email.nix
]; ];
home = { home = {
@ -35,40 +14,40 @@
keyboard.layout = "us"; keyboard.layout = "us";
keyboard.variant = "dvorak"; keyboard.variant = "dvorak";
keyboard.options = [ keyboard.options =
"terminate:ctrl_alt_bksp" [ "terminate:ctrl_alt_bksp" "caps:escape" "compose:ralt" ];
"caps:escape"
"compose:ralt"
];
packages = with pkgs; [ packages = with pkgs; [
# social # social
(jitsi-meet-electron.overrideAttrs (prev: rec {
version = "2023.10.0";
src = fetchurl {
url =
"https://github.com/jitsi/jitsi-meet-electron/releases/download/v${version}/jitsi-meet-x86_64.AppImage";
sha256 = "sha256-zhOx/gdsiQMuOCCE5sn+JNu0WJrH36XfvqqNvE24St8=";
name = "jitsi-meet-electron-${version}.AppImage";
};
})) # jitsi as a stand-alone app
discord # talk to other people discord # talk to other people
google-chrome
# system tools # system tools
uhk-agent # my keyboard uhk-agent # my keyboard
mosh # ssh via udp mosh # ssh via udp
rclone
parallel-disk-usage
gdu
# gaming support # gaming support
stable.bottles lutris
wine64Packages.stagingFull winePackages.stagingFull
scummvm
# reading # reading
xournalpp # pdf editor calibre
]; ];
}; };
news.display = "silent"; news.display = "silent";
my.git-sync.enable = true;
programs = { programs = {
alacritty.enable = true; alacritty.enable = true;
# autorandr.enable = true;
browserpass = { browserpass = {
enable = true; enable = true;
@ -80,37 +59,35 @@
enable = true; enable = true;
package = pkgs.firefox.override { package = pkgs.firefox.override {
cfg = { cfg = {
nativeMessagingHosts.packages = [ nativeMessagingHosts.packages =
pkgs.browserpass [ pkgs.browserpass pkgs.tridactyl-native ];
pkgs.tridactyl-native
];
enableGnomeExtensions = true; enableGnomeExtensions = true;
}; };
}; };
}; };
mpv.enable = true; mpv.enable = true;
rofi.enable = true;
rofi.pass.enable = true;
zathura.enable = true;
zsh = zsh = let
let auth-socket-env = ''
auth-socket-env = '' export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf -L agent-ssh-socket)"
export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf -L agent-ssh-socket)" '';
''; in {
in enable = true;
{ loginExtra = auth-socket-env;
enable = true; initExtra = auth-socket-env;
loginExtra = auth-socket-env; };
initExtra = auth-socket-env;
};
}; };
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true; enableSshSupport = true;
sshKeys = [ "9027AB16B9A7C20BD29F30F55CBA054430BF014C" ]; sshKeys = [ "9027AB16B9A7C20BD29F30F55CBA054430BF014C" ];
extraConfig = ''
pinentry-program ${pkgs.pinentry.qt}/bin/pinentry
'';
}; };
# services.autorandr = { enable = true; };
xsession.enable = true; xsession.enable = true;
} }

55
home/alex/modules/email.nix
View file

@ -1,55 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
mkAccount =
addr:
let
domain = lib.lists.elemAt (lib.strings.splitString "@" addr) 1;
in
{
address = addr;
gpg = {
key = "F2132F0C63730C6BC42BCC2A41A6D13FECA21280";
signByDefault = true;
};
mbsync = {
enable = true;
create = "maildir";
};
passwordCommand = "${lib.getBin pkgs.gopass}/bin/gopass --nosync show -o eMail/${domain}/${addr}";
msmtp.enable = true;
notmuch.enable = true;
realName = "Alexander Kobjolke";
userName = addr;
};
in
{
programs.afew.enable = true;
programs.mbsync.enable = true;
programs.msmtp.enable = true;
programs.notmuch = {
enable = true;
hooks.preNew = "mbsync --all";
};
accounts.email = {
accounts.failco = mkAccount "me@failco.de" // {
primary = true;
imap.host = "thrall.failco.de";
smtp.host = "thrall.failco.de";
};
accounts.jakalx = mkAccount "alex@jakalx.net" // {
imap.host = "thrall.failco.de";
smtp.host = "thrall.failco.de";
};
accounts.google = mkAccount "petry.alexander@gmail.com" // {
flavor = "gmail.com";
};
};
}

12
home/alex/programs/autorandr/default.nix
View file

@ -1,12 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.programs.autorandr = {
enable = true;
};
}

5
home/alex/programs/devenv.nix
View file

@ -1,5 +0,0 @@
{ pkgs, ... }:
{
config.home.packages = [ pkgs.devenv ];
}

10
home/alex/programs/emacs/default.nix
View file

@ -1,13 +1,11 @@
{ { inputs, config, lib, pkgs, ... }:
pkgs,
...
}:
let let
emacsclient-wrapper = pkgs.writeShellScriptBin "e" '' emacsclient-wrapper = pkgs.writeShellScriptBin "e" ''
exec ${pkgs.emacs}/bin/emacsclient --reuse-frame --no-wait "$@" exec ${pkgs.emacs}/bin/emacsclient --reuse-frame --no-wait "$@"
''; '';
in in {
{ nixpkgs.overlays = [ inputs.emacs.overlay ];
home = { home = {
sessionPath = [ "$HOME/.emacs.d/bin" ]; sessionPath = [ "$HOME/.emacs.d/bin" ];
packages = [ emacsclient-wrapper ]; packages = [ emacsclient-wrapper ];

396
home/alex/programs/emacs/doom/config.el
View file

@ -3,18 +3,11 @@
;; Place your private configuration here! Remember, you do not need to run 'doom ;; Place your private configuration here! Remember, you do not need to run 'doom
;; sync' after modifying this file! ;; sync' after modifying this file!
(setq ak/at-work? (getenv "I_AM_AT_WORK"))
;; Some functionality uses this to identify you, e.g. GPG configuration, email ;; Some functionality uses this to identify you, e.g. GPG configuration, email
;; clients, file templates and snippets. ;; clients, file templates and snippets.
(setq! user-full-name "Alexander Kobjolke" (setq user-full-name "Alexander Kobjolke"
user-mail-address "me@failco.de" user-mail-address "me@failco.de")
auth-sources '("~/.local/share/emacs/authinfo.gpg" "~/.authinfo.gpg" "~/.netrc")
auth-source-cache-expiry nil)
(when ak/at-work?
(setq! user-mail-address "alexander.kobjolke@atlas-elektronik.com"))
;; Doom exposes five (optional) variables for controlling fonts in Doom. Here ;; Doom exposes five (optional) variables for controlling fonts in Doom. Here
;; are the three important ones: ;; are the three important ones:
@ -32,60 +25,38 @@
;; There are two ways to load a theme. Both assume the theme is installed and ;; There are two ways to load a theme. Both assume the theme is installed and
;; available. You can either set `doom-theme' or manually load a theme with the ;; available. You can either set `doom-theme' or manually load a theme with the
;; `load-theme' function. This is the default: ;; `load-theme' function. This is the default:
(setq! doom-theme 'doom-gruvbox) (setq doom-theme 'doom-gruvbox)
(setq! doom-localleader-key ",")
(setq! doom-localleader-alt-key "M-,")
(require 're-builder) (require 're-builder)
(setq! reb-re-syntax 'string) (setq reb-re-syntax 'string)
;; If you use `org' and don't want your org files in the default location below,
;; change `org-directory'. It must be set before org loads!
(setq org-directory "~/org/"
org-roam-directory (file-truename "~/org/notes"))
;; do not create a new workspace for each emacsclient ;; do not create a new workspace for each emacsclient
;; (after! persp-mode (after! persp-mode
;;   (setq! persp-emacsclient-init-frame-behaviour-override "main"))   (setq persp-emacsclient-init-frame-behaviour-override "main"))
(after! lsp (defun my/org-id-update-org-roam-files ()
(add-to-list 'lsp-file-watch-ignored-directories "[/\\\\]\\.devenv\\'") "Update Org-ID locations for all Org-roam files."
(add-to-list 'lsp-file-watch-ignored-directories "[/\\\\]target\\'") (interactive)
) (org-id-update-id-locations (org-roam-list-files)))
(defun set-frame-alpha (arg &optional active)
"Interactively set the transparency of the active frame"
(interactive "nEnter alpha value (1-100): \np")
(let* ((elt (assoc 'alpha default-frame-alist))
(old (frame-parameter nil 'alpha))
(new (cond ((atom old) `(,arg ,arg))
((eql 1 active) `(,arg ,(cadr old)))
(t `(,(car old) ,arg)))))
(if elt (setcdr elt new) (push `(alpha ,@new) default-frame-alist))
(set-frame-parameter nil 'alpha new)))
(defun my/org-id-update-id-current-file () (defun my/org-id-update-id-current-file ()
"Scan the current buffer for Org-ID locations and update them." "Scan the current buffer for Org-ID locations and update them."
(interactive) (interactive)
(org-id-update-id-locations (list (buffer-file-name (current-buffer))))) (org-id-update-id-locations (list (buffer-file-name (current-buffer)))))
(setq! undo-limit 80000000 ; Raise undo-limit to 80Mb (setq undo-limit 80000000 ; Raise undo-limit to 80Mb
auto-save-default t ; Nobody likes to loose work, I certainly don't evil-want-fine-undo t ; By default while in insert all changes are one big blob. Be more granular
;; switch-to-buffer-in-dedicated-window 'pop auto-save-default t ; Nobody likes to loose work, I certainly don't
;; switch-to-buffer-obey-display-actions t )
)
;; tweak some VI defaults
(after! evil
(setq! evil-ex-substitute-global t ; I like my s/../.. to be global by default
evil-move-cursor-back nil ; Don't move the block cursor when toggling insert mode
evil-want-fine-undo t ; By default while in insert all changes are one big blob. Be more granular
evil-want-Y-yank-to-eol t
evil-escape-key-sequence "qq" ; define an escape sequence
evil-escape-delay 0.175
evil-move-beyond-eol t ; let the cursor move beyond eol just as in regular emacs
evil-kill-on-visual-paste nil ; Don't put overwritten text in the kill ring
evil-snipe-override-evil-repeat-keys nil))
;; This determines the style of line numbers in effect. If set to `nil', line ;; This determines the style of line numbers in effect. If set to `nil', line
;; numbers are disabled. For relative line numbers, set this to `relative'. ;; numbers are disabled. For relative line numbers, set this to `relative'.
(setq! display-line-numbers-type 'relative) (setq display-line-numbers-type t)
;; mouse ;; mouse
;; enable mouse reporting for terminal emulators ;; enable mouse reporting for terminal emulators
@ -98,172 +69,82 @@
(interactive) (interactive)
(scroll-up 1)))) (scroll-up 1))))
;; disable highlight lines
;(remove-hook 'doom-first-buffer-hook #'global-hl-line-mode)
(setq haskell-process-type 'cabal-new-repl)
(setq evil-snipe-override-evil-repeat-keys nil)
(setq doom-localleader-key ",")
(setq doom-localleader-alt-key "M-,")
(use-package! org (use-package! org
:init :config (setq org-log-into-drawer t
;; If you use `org' and don't want your org files in the default location below, org-todo-keywords '(
;; change `org-directory'. It must be set before org loads! (sequence "NEXT(n)" "TODO(t)" "WAIT(w@/!)" "|" "DONE(d!)" "CNCL(k@)")
(setq! org-directory "~/org/") (sequence "[ ](T)" "[-](S)" "[?](W)" "|" "[X](D)")
(setq! org-log-into-drawer t )))
org-agenda-include-diary t
org-agenda-sticky t
org-todo-keywords '(
(sequence "NEXT(n)" "TODO(t)" "WAIT(w@/!)" "|" "DONE(d!)" "CNCL(k@)")
(sequence "[ ](T)" "[-](S)" "[?](W)" "|" "[X](D)")
)
org-tag-alist '(
;; Places
("@home" . ?h)
("@work" . ?w)
;; devices (use-package! org-ql)
("@phone" . ?p)
("@computer" . ?c)
;; (use-package! elfeed-web)
("@email" . ?e)
))
:config
(use-package! org-ql)
(use-package! org-modern)
(use-package! org-bookmark-heading)
(add-hook! 'org-mode-hook #'+org-init-keybinds-h))
(use-package! org-contacts
:after org
:custom (org-contacts-files '("~/org/contacts.org")))
(use-package! activities
:demand t
:config
(defun ak/activities-define--with-prefix-arg ()
"Call 'C-u activities-define' in order to save the current activity."
(interactive)
(let ((current-prefix-arg '(4)))
(call-interactively #'activities-define)))
(activities-mode)
(activities-tabs-mode)
(setopt tab-bar-show 1)
(map!
(:prefix-map ("C-c a" . "Activities")
:desc "Switch activity" "a" #'activities-switch
:desc "Resume activity" "r" #'activities-resume
:desc "Create new activity" "n" #'activities-new
:desc "List activities" "l" #'activities-list
:desc "Save current activity " "s" #'ak/activities-define--with-prefix-arg
:desc "Save all activities" "S" #'activities-save-all
:desc "Revert activity to default" "R" #'activities-revert
)
)
)
(when ak/at-work?
(after! forge
(add-to-list 'forge-alist '("gitlab.atlas.de" "gitlab.atlas.de/api/v4" "gitlab.atlas.de" forge-gitlab-repository)))
(after! haskell-mode
(setq haskell-process-type 'cabal-new-repl))
(setq! plantuml-jar-path "~/opt/plantuml.jar")
(setq! org-plantuml-jar-path plantuml-jar-path)
(after! lsp
(add-to-list 'lsp-disabled-clients 'cmakels))
(add-to-list '+format-on-save-disabled-modes 'cmake-mode)
(add-to-list '+format-on-save-disabled-modes 'nxml-mode)
(use-package! code-review
:init
(setq code-review-auth-login-marker 'forge)
;; (setq code-review-gitlab-host "gitlab.atlas.de/api")
;; (setq code-review-gitlab-graphql-host "gitlab.atlas.de/api")
:config
(add-hook 'code-review-mode-hook
(lambda ()
;; include *Code-Review* buffer into current workspace
(persp-add-buffer (current-buffer))))))
(after! magit
(transient-append-suffix 'magit-fetch "-t"
'("-f" "Bypass safety checks" "--force"))
)
(setq ak/bibliography (list (concat org-directory "references.bib"))) (setq ak/bibliography (list (concat org-directory "references.bib")))
;; (setq org-cite-global-bibliography (list (concat org-directory "references.bib"))) ;(setq org-cite-global-bibliography (list (concat org-directory "references.bib")))
(setq! bibtex-completion-bibliography ak/bibliography) (setq! bibtex-completion-bibliography ak/bibliography)
(setq! citar-bibliography ak/bibliography) (setq! citar-bibliography ak/bibliography)
(after! ledger-mode ;; Use an ISO date format for ledger entries
(setq! (setq ledger-default-date-format "%Y-%m-%d"
;; Use an ISO date format for ledger entries ledger-binary-path "hledger"
ledger-default-date-format "%Y-%m-%d" ledger-report-auto-width nil
ledger-binary-path "hledger" ledger-mode-should-check-version nil
ledger-report-auto-width nil ledger-init-file-name " "
ledger-mode-should-check-version nil ledger-post-amount-alignment-column 58
ledger-init-file-name " " ledger-report-native-highlighting-arguments '("--color=always")
ledger-post-amount-alignment-column 58 ledger-highlight-xact-under-point t)
ledger-report-native-highlighting-arguments '("--color=always")
ledger-highlight-xact-under-point t)
(setq! ledger-reports (setq ledger-reports
'(("bal" "%(binary) -f %(ledger-file) bal -B") '(("bal" "%(binary) -f %(ledger-file) bal -B")
("reg" "%(binary) -f %(ledger-file) reg -B") ("reg" "%(binary) -f %(ledger-file) reg -B")
("payee" "%(binary) -f %(ledger-file) reg -B @%(payee)") ("payee" "%(binary) -f %(ledger-file) reg -B @%(payee)")
("account" "%(binary) -f %(ledger-file) reg -B %(account)"))) ) ("account" "%(binary) -f %(ledger-file) reg -B %(account)")))
;; (use-package! ormolu
;; :hook (haskell-mode . ormolu-format-on-save-mode)
;; :bind
;; (:map haskell-mode-map
(after! lsp-haskell (after! lsp-haskell
(setq lsp-haskell-formatting-provider "fourmolu") (setq lsp-haskell-formatting-provider "fourmolu"))
;; will define elisp functions for the given lsp code actions, prefixing the ;; tweak some VI defaults
;; given function names with "lsp" (after! evil
(lsp-make-interactive-code-action wingman-fill-hole "refactor.wingman.fillHole") (setq evil-ex-substitute-global t ; I like my s/../.. to by global by default
(lsp-make-interactive-code-action wingman-case-split "refactor.wingman.caseSplit") evil-move-cursor-back nil ; Don't move the block cursor when toggling insert mode
(lsp-make-interactive-code-action wingman-refine "refactor.wingman.refine") evil-kill-on-visual-paste nil)) ; Don't put overwritten text in the kill ring
(lsp-make-interactive-code-action wingman-split-func-args "refactor.wingman.spltFuncArgs")
(lsp-make-interactive-code-action wingman-use-constructor "refactor.wingman.useConstructor")
;; example key bindings (setq org-gtd-update-ack "3.0.0")
;; (define-key haskell-mode-map (kbd "C-c d") #'lsp-wingman-case-split)
;; (define-key haskell-mode-map (kbd "C-c n") #'lsp-wingman-fill-hole)
;; (define-key haskell-mode-map (kbd "C-c r") #'lsp-wingman-refine)
;; (define-key haskell-mode-map (kbd "C-c c") #'lsp-wingman-use-constructor)
;; (define-key haskell-mode-map (kbd "C-c a") #'lsp-wingman-split-func-args)
)
;; Org GTD support ;; Org GTD support
(use-package! org-gtd (use-package! org-gtd
:after org :after org
:demand t :demand t
:init
(setq! org-gtd-update-ack "3.0.0")
:config :config
(setf org-gtd-id--generate #'org-id-get-create) (setq org-gtd-directory "~/org")
(setq! org-gtd-directory org-directory) (setq org-gtd-default-file-name "actionable")
(setq! org-gtd-default-file-name "actionable") (setq org-edna-use-inheritance t)
(setq! org-gtd-refile-to-any-target nil) ;(setq org-gtd-areas-of-focus '("house" "haskell" "foss"))
(setq! org-gtd-engage-prefix-width 40) ;(setq org-gtd-organize-hooks '(org-gtd-set-area-of-focus org-set-tags-command))
(setq! org-edna-use-inheritance t)
;; (setq org-gtd-areas-of-focus '("house" "haskell" "foss"))
(setq org-gtd-organize-hooks nil)
(org-edna-mode) (org-edna-mode)
(map! :leader (map! :leader
:desc "Capture" "X" #'org-gtd-capture :desc "Capture" "X" #'org-gtd-capture
(:prefix-map ("d" . "GTD") (:prefix ("d" . "org-gtd")
:desc "Capture" "c" #'org-gtd-capture :desc "Capture" "c" #'org-gtd-capture
:desc "Engage" "e" #'org-gtd-engage :desc "Engage" "e" #'org-gtd-engage-grouped-by-context
:desc "Engage Context" "@" #'org-gtd-engage-grouped-by-context
:desc "Process inbox" "p" #'org-gtd-process-inbox :desc "Process inbox" "p" #'org-gtd-process-inbox
:desc "Show all next" "n" #'org-gtd-show-all-next :desc "Show all next" "n" #'org-gtd-show-all-next
:desc "Fix project" "f" #'org-gtd-projects-fix-todo-keywords-for-project-at-point (:prefix ("r" . "Review")
(:prefix-map ("r" . "Review")
:desc "Stuck projects" "p" #'org-gtd-review-stuck-projects :desc "Stuck projects" "p" #'org-gtd-review-stuck-projects
:desc "Stuck actions" "a" #'org-gtd-review-stuck-single-action-items :desc "Stuck actions" "a" #'org-gtd-review-stuck-single-action-items
:desc "Stuck habits" "h" #'org-gtd-review-stuck-habit-items :desc "Stuck habits" "h" #'org-gtd-review-stuck-habit-items
@ -271,51 +152,59 @@
)) ))
(map! :map org-gtd-clarify-map (map! :map org-gtd-clarify-map
:desc "Organize this item" "C-c C-c" #'org-gtd-organize) :desc "Organize this item" "C-c C-c" #'org-gtd-organize)
(map! (:prefix-map ("C-c d" . "GTD") :bind
:desc "Capture" "c" #'org-gtd-capture (("C-c d c" . #'org-gtd-capture)
:desc "Engage" "e" #'org-gtd-engage ("C-c d e" . #'org-gtd-engage-grouped-by-context)
:desc "Engage Context" "@" #'org-gtd-engage-grouped-by-context ("C-c d p" . #'org-gtd-process-inbox)
:desc "Process inbox" "p" #'org-gtd-process-inbox ("C-c d n" . #'org-gtd-show-all-next)
:desc "Show all next" "n" #'org-gtd-show-all-next ("C-c d r p" . #'org-gtd-review-stuck-projects))
:desc "Fix project" "f" #'org-gtd-projects-fix-todo-keywords-for-project-at-point )
(:prefix-map ("r" . "Review")
:desc "Stuck projects" "p" #'org-gtd-review-stuck-projects
:desc "Stuck actions" "a" #'org-gtd-review-stuck-single-action-items
:desc "Stuck habits" "h" #'org-gtd-review-stuck-habit-items))))
(after! org-habit (defun ak/org-roam-node-insert-immediate (arg &rest args)
(setq org-habit-show-habits t (interactive "P")
org-habit-preceding-days 35 (let ((args (cons arg args))
org-habit-following-days 7)) (org-roam-capture-templates (list (append (car org-capture-templates) '(:immediate-finish t))))
)
(apply #'org-roam-node-insert args)))
(use-package! org-habit
:after org
:config (setq org-habit-show-habits t
org-habit-preceding-days 35
org-habit-following-days 7
)
)
(use-package! org-edna (use-package! org-edna
:after org-gtd :after org-gtd
:init :init
(setq org-edna-use-inheritance t) (setq org-edna-use-inheritance t)
:config :config
(org-edna-mode 1)) (org-edna-mode 1)
)
(use-package! emacsql-sqlite3
:custom
(org-roam-database-connector 'sqlite3))
(use-package! nov (use-package! nov
:mode ("\\.epub\\'" . nov-mode) :mode ("\\.epub\\'" . nov-mode)
:config :config
(setq nov-save-place-file (concat doom-cache-dir "nov-places"))) (setq nov-save-place-file (concat doom-cache-dir "nov-places")))
(use-package! protobuf-mode
:mode ("\\.proto\\'" . protobuf-mode))
(use-package! systemd
:mode ("\\.\\(service\\|target\\|socket\\|timer\\)\\'" . systemd-mode))
(use-package! org-present (use-package! org-present
:after org) :after org)
(use-package! denote (use-package! denote
:after org :after org
:config :config
(setq! denote-directory (concat org-directory "/notes")) (setq denote-directory (concat org-directory "/notes")
)
(map! :leader (map! :leader
(:prefix-map ("n" . "notes") (:prefix ("n" . "notes")
:desc "Denote" "d" #'denote-open-or-create-with-command :desc "Denote" "d" #'denote-open-or-create-with-command
)) ))
:bind :bind
(("C-c n d" . #'denote-open-or-create-with-command)) (("C-c n d" . #'denote-open-or-create-with-command))
@ -324,61 +213,56 @@
(use-package! org-super-agenda (use-package! org-super-agenda
:after org-agenda :after org-agenda
:init :init
(setq! org-agenda-skip-deadline-if-done t (setq org-agenda-skip-deadline-if-done t
org-agenda-skip-scheduled-if-done t org-agenda-skip-scheduled-if-done t
org-agenda-include-deadlines t org-agenda-include-deadlines t
org-agenda-block-separator nil org-agenda-block-separator nil
org-agenda-compact-blocks t org-agenda-compact-blocks t
org-agenda-start-day nil org-agenda-start-day nil
org-agenda-span 1 org-agenda-span 1
org-agenda-start-on-weekday nil) org-agenda-start-on-weekday nil
)
(setq! org-agenda-custom-commands (setq org-agenda-custom-commands
'(("a" "Getting Things done" '(("a" "Getting Things done"
((agenda "" ((org-agenda-overriding-header "") ((agenda "" ((org-agenda-overriding-header "")
(org-super-agenda-groups
'((:name "Today"
:time-grid t
:date today
:order 1)))))
(alltodo "" ((org-agenda-overriding-header "")
(org-super-agenda-groups (org-super-agenda-groups
'((:name "Today" '(;(:log t)
:time-grid t (:name "Waiting for..."
:date today :todo "WAIT"
:order 1))))) :order 1)
(alltodo "" ((org-agenda-overriding-header "") (:discard (:not (:todo ("NEXT" "START"))))
(org-super-agenda-groups (:name "Next actions"
'(;(:log t) :auto-parent (:todo ("NEXT" "STRT"))
(:name "Waiting for..." :order 2
:todo "WAIT" )
:order 1) (:discard (:anything t)
(:discard (:not (:todo ("NEXT" "STRT")))) :order 99)
(:name "Next actions" ))))
:auto-parent (:todo ("NEXT" "STRT")) ))))
:order 2
)
(:discard (:anything t)
:order 99)
))))
))))
:config :config
(org-super-agenda-mode) (org-super-agenda-mode)
) )
(use-package! org-fc (use-package! org-fc
:after org straight :after org
:config :init
(setq! org-fc-directories (concat org-directory "/cards")) (setq org-fc-directories (concat org-directory "/cards"))
(setq! org-fc-source-path (concat straight-base-dir "repos/org-fc"))
) )
(after! vterm (use-package! vterm
:config
(setq vterm-min-window-width 50) (setq vterm-min-window-width 50)
) )
(use-package! consult-denote
:after denote)
(use-package! cov)
(use-package! casual-suite)
(map! :desc "Move workspace to the left" :leader :n "TAB <" #'+workspace/swap-left) (map! :desc "Move workspace to the left" :leader :n "TAB <" #'+workspace/swap-left)
(map! :desc "Move workspace to the left" :leader :n "TAB >" #'+workspace/swap-right) (map! :desc "Move workspace to the left" :leader :n "TAB >" #'+workspace/swap-right)
(map! :desc "Denote" :leader :n "n d" #'denote)
;; Here are some additional functions/macros that could help you configure Doom: ;; Here are some additional functions/macros that could help you configure Doom:
;; ;;

74
home/alex/programs/emacs/doom/init.el
View file

@ -20,18 +20,17 @@
;;layout ; auie,ctsrnm is the superior home row ;;layout ; auie,ctsrnm is the superior home row
:completion :completion
;; company ; the ultimate code completion backend company ; the ultimate code completion backend
;;helm ; the *other* search engine for love and life ;;helm ; the *other* search engine for love and life
;;ido ; the other *other* search engine... ;;ido ; the other *other* search engine...
;;ivy ; a search engine for love and life ;;ivy ; a search engine for love and life
(vertico +orderless +icons) ; the search engine of the future (vertico +icons) ; the search engine of the future
(corfu +orderless +icons +dabbrev)
:ui :ui
;;deft ; notational velocity for Emacs ;;deft ; notational velocity for Emacs
doom ; what makes DOOM look the way it does doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs doom-dashboard ; a nifty splash screen for Emacs
doom-quit ; DOOM quit-message prompts when you quit Emacs ;;doom-quit ; DOOM quit-message prompts when you quit Emacs
(emoji +unicode +github +ascii) ; 🙂 (emoji +unicode +github +ascii) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;hydra ;;hydra
@ -46,7 +45,7 @@
;;tabs ; a tab bar for Emacs ;;tabs ; a tab bar for Emacs
;;treemacs ; a project drawer, like neotree but cooler ;;treemacs ; a project drawer, like neotree but cooler
unicode ; extended unicode support for various languages unicode ; extended unicode support for various languages
(vc-gutter +diff-hl) ; vcs diff in the fringe vc-gutter ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB vi-tilde-fringe ; fringe tildes to mark beyond EOB
(window-select +numbers) ; visually switch windows (window-select +numbers) ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces workspaces ; tab emulation, persistence & separate workspaces
@ -58,11 +57,10 @@
fold ; (nigh) universal code folding fold ; (nigh) universal code folding
(format +onsave) ; automated prettiness (format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys ;;god ; run Emacs commands without modifier keys
;; lispy ; vim for lisp, for people who don't like vim ;;lispy ; vim for lisp, for people who don't like vim
multiple-cursors multiple-cursors ; editing in many places at once
; editing in many places at once
;;objed ; text object editing for the innocent ;;objed ; text object editing for the innocent
;; parinfer ; turn lisp into python, sort of ;;parinfer ; turn lisp into python, sort of
rotate-text ; cycle region at point between text candidates rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to snippets ; my elves. They type so I don't have to
word-wrap ; soft wrapping with language-aware indent word-wrap ; soft wrapping with language-aware indent
@ -90,13 +88,13 @@
biblio ; Writes a PhD for you (citation needed) biblio ; Writes a PhD for you (citation needed)
(debugger +lsp) ; FIXME stepping through code, to help you add bugs (debugger +lsp) ; FIXME stepping through code, to help you add bugs
direnv direnv
(docker +lsp) ;;docker
editorconfig ; let someone else argue about tabs vs spaces editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs ;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls) (eval +overlay) ; run code, run (also, repls)
;;gist ; interacting with github gists ;;gist ; interacting with github gists
lookup ; navigate your code and its documentation lookup ; navigate your code and its documentation
(lsp) ; M-x vscode lsp ; M-x vscode
(magit +forge) ; a git porcelain for Emacs (magit +forge) ; a git porcelain for Emacs
make ; run make tasks from Emacs make ; run make tasks from Emacs
pass ; password manager for nerds pass ; password manager for nerds
@ -104,9 +102,9 @@
;;prodigy ; FIXME managing external services & code builders ;;prodigy ; FIXME managing external services & code builders
;;rgb ; creating color strings ;;rgb ; creating color strings
;;taskrunner ; taskrunner for all your projects ;;taskrunner ; taskrunner for all your projects
;;terraform ; infrastructure as code
tmux ; an API for interacting with tmux tmux ; an API for interacting with tmux
tree-sitter tree-sitter
(terraform +lsp) ; infrastructure as code
;;upload ; map local to remote projects via ssh/ftp ;;upload ; map local to remote projects via ssh/ftp
:os :os
@ -116,69 +114,69 @@
:lang :lang
;;agda ; types of types of types of types... ;;agda ; types of types of types of types...
;;beancount ; mind the GAAP ;;beancount ; mind the GAAP
(cc +lsp +tree-sitter) ; C > C++ == 1 (cc +lsp) ; C > C++ == 1
;;clojure ; java with a lisp ;;clojure ; java with a lisp
common-lisp ; if you've seen one lisp, you've seen them all ;;common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs ;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c ;;crystal ; ruby at the speed of c
;;csharp ; unity, .NET, and mono shenanigans ;;csharp ; unity, .NET, and mono shenanigans
data ; config/data formats data ; config/data formats
;;(dart +flutter) ; paint ui and not much else ;;(dart +flutter) ; paint ui and not much else
;;dhall ;;dhall
(elixir +lsp +tree-sitter) ; erlang done right ;;elixir ; erlang done right
(elm +lsp +tree-sitter) ; care for a cup of TEA? (elm +lsp) ; care for a cup of TEA?
emacs-lisp ; drown in parentheses emacs-lisp ; drown in parentheses
(erlang +lsp +tree-sitter) ; an elegant language for a more civilized age ;;erlang ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics ;;ess ; emacs speaks statistics
;;factor ;;factor
;;faust ; dsp, but you get to keep your soul ;;faust ; dsp, but you get to keep your soul
;;fsharp ; ML stands for Microsoft's Language ;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3 ;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for ;;gdscript ; the language you waited for
(go +lsp +tree-sitter) ; the hipster dialect (go +lsp) ; the hipster dialect
(graphql +lsp) ; Give queries a REST (graphql +lsp) ; Give queries a REST
(haskell +lsp +tree-sitter) ; a language that's lazier than I am (haskell +lsp) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python ;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on ;;idris ; a language you can depend on
(json +lsp +tree-sitter) ; At least it ain't XML json ; At least it ain't XML
(java +lsp +tree-sitter) ; the poster child for carpal tunnel syndrome (java +lsp +tree-sitter) ; the poster child for carpal tunnel syndrome
javascript ; all(hope(abandon(ye(who(enter(here)))))) javascript ; all(hope(abandon(ye(who(enter(here))))))
;;julia ; a better, faster MATLAB ;;julia ; a better, faster MATLAB
(kotlin +lsp) ; a better, slicker Java(Script) ;;kotlin ; a better, slicker Java(Script)
latex ; writing papers in Emacs has never been so fun latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove ;;lean ; for folks with too much to prove
ledger ; be audit you can be ledger ; be audit you can be
(lua +lsp +tree-sitter) ; one-based indices? one-based indices lua ; one-based indices? one-based indices
(markdown +grip) ; writing docs for people to ignore markdown ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c ;;nim ; python + lisp at the speed of c
(nix +lsp +tree-sitter) ; I hereby declare "nix geht mehr!" nix ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel ;;ocaml ; an objective camel
(org +pandoc +present +gnuplot +noter) ; organize your plain life in plain text (org +roam2 +pandoc +present +gnuplot +noter) ; organize your plain life in plain text
;;php ; perl's insecure younger brother ;;php ; perl's insecure younger brother
plantuml ; diagrams for confusing people more plantuml ; diagrams for confusing people more
(purescript +lsp) ; javascript, but functional ;;purescript ; javascript, but functional
(python +lsp +tree-sitter +pyenv) ; beautiful is better than ugly python ; beautiful is better than ugly
qt ; the 'cutest' gui framework ever qt ; the 'cutest' gui framework ever
(racket +lsp +xp) ; a DSL for DSLs ;;racket ; a DSL for DSLs
;;raku ; the artist formerly known as perl6 ;;raku ; the artist formerly known as perl6
(rest +jq) ; Emacs as a REST client rest ; Emacs as a REST client
;;rst ; ReST in peace ;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"} ;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
(rust +lsp +tree-sitter) ; Fe2O3.unwrap().unwrap().unwrap().unwrap() (rust +lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good ;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps ;;(scheme +guile) ; a fully conniving family of lisps
(sh +lsp +tree-sitter) ; she sells {ba,z,fi}sh shells on the C xor sh ; she sells {ba,z,fi}sh shells on the C xor
;;sml ;;sml
;;solidity ; do you need a blockchain? No. ;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables? ;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance. ;;terra ; Earth and Moon in alignment for performance.
(web +lsp +tree-sitter) ; the tubes ;;web ; the tubes
(yaml +lsp +tree-sitter) ; JSON, but readable yaml ; JSON, but readable
(zig +lsp +tree-sitter) ; C, but simpler ;;zig ; C, but simpler
:email :email
;; (mu4e +org +gmail) (mu4e +org +gmail)
(notmuch +org +afew) ;;notmuch
;;(wanderlust +gmail) ;;(wanderlust +gmail)
:app :app
@ -192,3 +190,7 @@
:config :config
;;literate ;;literate
(default +bindings +smartparens)) (default +bindings +smartparens))
(setq native-comp-deferred-compilation nil)
(after! (doom-packages straight)
(setq straight--native-comp-available t))

16
home/alex/programs/emacs/doom/packages.el
View file

@ -53,9 +53,6 @@
;; :recipe (:host github :repo "username/repo" ;; :recipe (:host github :repo "username/repo"
;; :files ("some-file.el" "src/lisp/*.el"))) ;; :files ("some-file.el" "src/lisp/*.el")))
(unpin! compat)
;(unpin! with-editor ghub)
(package! ormolu) (package! ormolu)
(package! org-gtd (package! org-gtd
:recipe (:host github :repo "Trevoke/org-gtd.el" :branch "master")) :recipe (:host github :repo "Trevoke/org-gtd.el" :branch "master"))
@ -70,16 +67,5 @@
(package! org-present) (package! org-present)
(package! denote) (package! denote)
(package! org-super-agenda) (package! org-super-agenda)
(package! org-modern)
(package! org-ql) (package! org-ql)
(package! org-contacts) (package! elfeed-web)
(package! org-bookmark-heading)
(package! activities
:recipe (:host github :repo "alphapapa/activities.el" :branch "master"))
;; (package! elfeed-web)
(package! systemd)
(package! protobuf-mode)
(package! cov)
(package! modus-themes)
(package! consult-denote)
(package! casual-suite)

5
home/alex/programs/fzf/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
programs.fzf = { enable = true; };
}

64
home/alex/programs/git/default.nix
View file

@ -1,64 +0,0 @@
{ config, lib, pkgs, ... }:
{
programs.git = {
enable = true;
lfs.enable = true;
ignores = [
"*~"
"*.swp"
"result"
"dist-newstyle"
".direnv"
"*.bak"
".pre-commit-config.yaml"
];
signing = {
key = "41A6D13FECA21280";
signByDefault = false;
};
delta = { enable = true; };
# TODO create option for my own account meta data
userEmail = "me@failco.de";
userName = "Alexander Kobjolke";
extraConfig = {
pull = { rebase = true; };
merge = { conflictstyle = "diff3"; };
submodule = { recurse = true; };
};
aliases = {
a = "add";
c = "commit";
ca = "commit --amend";
can = "commit --amend --no-edit";
cl = "clone";
cm = "commit -m";
co = "checkout";
cp = "cherry-pick";
cpx = "cherry-pick -x";
d = "diff";
f = "fetch";
fo = "fetch origin";
fu = "fetch upstream";
lol = "log --graph --decorate --pretty=oneline --abbrev-commit";
lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";
pl = "pull";
pr = "pull -r";
ps = "push";
psf = "push -f";
rb = "rebase";
rbi = "rebase -i";
r = "remote";
ra = "remote add";
rr = "remote rm";
rv = "remote -v";
rs = "remote show";
st = "status";
};
extraConfig = { init.defaultBranch = "main"; };
};
programs.git-cliff = { enable = true; };
}

15
home/alex/programs/i3/default.nix
View file

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.xsession.windowManager.i3 = {
enable = true;
config = {
modifier = "Mod4";
};
};
}

11
home/alex/programs/jitsi-meet/default.nix
View file

@ -1,11 +0,0 @@
{
config,
lib,
pkgs,
stable,
...
}:
{
config.home.packages = [ stable.jitsi-meet-electron ];
}

12
home/alex/programs/jq/default.nix
View file

@ -1,12 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs.jq = {
enable = true;
};
}

21
home/alex/programs/jujutsu/default.nix
View file

@ -1,21 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs.jujutsu = {
enable = true;
settings = {
user.name = config.programs.git.userName;
user.email = config.programs.git.userEmail;
ui.default-command = "log";
aliases.init = [
"git"
"init"
];
};
};
}

20
home/alex/programs/rofi/default.nix
View file

@ -1,20 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.programs.rofi = {
enable = true;
plugins = with pkgs; [ rofi-calc rofi-emoji ];
terminal = "${pkgs.alacritty}/bin/alacritty";
theme = ./themes/gruvbox-dark-soft.rasi;
pass = {
enable = true;
stores = [ config.programs.password-store.settings.PASSWORD_STORE_DIR ];
extraConfig = ''
default_user=:filename
'';
};
};
# let rofi insert emojis directly
config.home.packages = [ pkgs.xdotool ];
}

191
home/alex/programs/rofi/themes/gruvbox-dark-soft.rasi
View file

@ -1,191 +0,0 @@
/* ==========================================================================
Rofi color theme
Based on the Gruvbox color scheme for Vim by morhetz
https://github.com/morhetz/gruvbox
File: gruvbox-dark-soft.rasi
Desc: Gruvbox dark (soft contrast) color theme for Rofi
Author: bardisty <b@bah.im>
Source: https://github.com/bardisty/gruvbox-rofi
Modified: Mon Feb 12 2018 06:04:37 PST -0800
========================================================================== */
* {
/* Theme settings */
highlight: bold italic;
scrollbar: true;
/* Gruvbox dark colors */
gruvbox-dark-bg0-soft: #32302f;
gruvbox-dark-bg1: #3c3836;
gruvbox-dark-bg3: #665c54;
gruvbox-dark-fg0: #fbf1c7;
gruvbox-dark-fg1: #ebdbb2;
gruvbox-dark-red-dark: #cc241d;
gruvbox-dark-red-light: #fb4934;
gruvbox-dark-yellow-dark: #d79921;
gruvbox-dark-yellow-light: #fabd2f;
gruvbox-dark-gray: #a89984;
/* Theme colors */
background: @gruvbox-dark-bg0-soft;
background-color: @background;
foreground: @gruvbox-dark-fg1;
border-color: @gruvbox-dark-gray;
separatorcolor: @border-color;
scrollbar-handle: @border-color;
normal-background: @background;
normal-foreground: @foreground;
alternate-normal-background: @gruvbox-dark-bg1;
alternate-normal-foreground: @foreground;
selected-normal-background: @gruvbox-dark-bg3;
selected-normal-foreground: @gruvbox-dark-fg0;
active-background: @gruvbox-dark-yellow-dark;
active-foreground: @background;
alternate-active-background: @active-background;
alternate-active-foreground: @active-foreground;
selected-active-background: @gruvbox-dark-yellow-light;
selected-active-foreground: @active-foreground;
urgent-background: @gruvbox-dark-red-dark;
urgent-foreground: @background;
alternate-urgent-background: @urgent-background;
alternate-urgent-foreground: @urgent-foreground;
selected-urgent-background: @gruvbox-dark-red-light;
selected-urgent-foreground: @urgent-foreground;
}
/* ==========================================================================
File: gruvbox-common.rasi
Desc: Shared rules between all gruvbox themes
Author: bardisty <b@bah.im>
Source: https://github.com/bardisty/gruvbox-rofi
Modified: Mon Feb 12 2018 06:06:47 PST -0800
========================================================================== */
window {
background-color: @background;
border: 2;
padding: 2;
}
mainbox {
border: 0;
padding: 0;
}
message {
border: 2px 0 0;
border-color: @separatorcolor;
padding: 1px;
}
textbox {
highlight: @highlight;
text-color: @foreground;
}
listview {
border: 2px solid 0 0;
padding: 2px 0 0;
border-color: @separatorcolor;
spacing: 2px;
scrollbar: @scrollbar;
}
element {
border: 0;
padding: 2px;
}
element.normal.normal {
background-color: @normal-background;
text-color: @normal-foreground;
}
element.normal.urgent {
background-color: @urgent-background;
text-color: @urgent-foreground;
}
element.normal.active {
background-color: @active-background;
text-color: @active-foreground;
}
element.selected.normal {
background-color: @selected-normal-background;
text-color: @selected-normal-foreground;
}
element.selected.urgent {
background-color: @selected-urgent-background;
text-color: @selected-urgent-foreground;
}
element.selected.active {
background-color: @selected-active-background;
text-color: @selected-active-foreground;
}
element.alternate.normal {
background-color: @alternate-normal-background;
text-color: @alternate-normal-foreground;
}
element.alternate.urgent {
background-color: @alternate-urgent-background;
text-color: @alternate-urgent-foreground;
}
element.alternate.active {
background-color: @alternate-active-background;
text-color: @alternate-active-foreground;
}
scrollbar {
width: 4px;
border: 0;
handle-color: @scrollbar-handle;
handle-width: 8px;
padding: 0;
}
mode-switcher {
border: 2px 0 0;
border-color: @separatorcolor;
}
inputbar {
spacing: 0;
text-color: @normal-foreground;
padding: 2px;
children: [ prompt, textbox-prompt-sep, entry, case-indicator ];
}
case-indicator,
entry,
prompt,
button {
spacing: 0;
text-color: @normal-foreground;
}
button.selected {
background-color: @selected-normal-background;
text-color: @selected-normal-foreground;
}
textbox-prompt-sep {
expand: false;
str: ":";
text-color: @normal-foreground;
margin: 0 0.3em 0 0;
}
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}

28
home/alex/programs/shell/default.nix
View file

@ -1,28 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
home.shellAliases = {
suspend = "systemctl hibernate";
nrs = "sudo nixos-rebuild switch --flake ~/src/nixos-config";
nrb = "sudo nixos-rebuild build --flake ~/src/nixos-config";
};
programs.zsh = {
enable = true;
autosuggestion.enable = true;
oh-my-zsh = {
enable = true;
plugins = [
"git"
"fzf"
"z"
];
theme = "simple";
};
};
}

5
home/alex/programs/simplex-chat/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.home.packages = [ pkgs.simplex-chat-desktop ];
}

214
home/alex/programs/xmonad/config.hs
View file

@ -1,157 +1,77 @@
import XMonad import XMonad
import XMonad.Actions.CycleWS qualified as WS
import XMonad.Actions.Navigation2D (navigation2DP, windowGo, windowSwap) import XMonad.Hooks.DynamicLog
import XMonad.Hooks.EwmhDesktops import XMonad.Hooks.ManageDocks
import XMonad.Hooks.ManageDocks qualified as Docks import XMonad.Hooks.ManageHelpers
import XMonad.Hooks.ManageHelpers (doCenterFloat, doFullFloat, isDialog, isFullscreen) import XMonad.Hooks.StatusBar
import XMonad.Hooks.SetWMName import XMonad.Hooks.StatusBar.PP
import XMonad.Layout.BinarySpacePartition
import XMonad.Layout.BorderResize (borderResize) import XMonad.Util.EZConfig
import XMonad.Layout.NoBorders (smartBorders) import XMonad.Util.Loggers
import XMonad.Util.Ungrab
import XMonad.Layout.Magnifier
import XMonad.Layout.ThreeColumns import XMonad.Layout.ThreeColumns
import XMonad.Layout.ToggleLayouts (ToggleLayout (..), toggleLayouts)
import XMonad.ManageHook (doFloat)
import XMonad.StackSet as W
import XMonad.Util.EZConfig qualified as EZ
import XMonad.Util.NamedScratchpad
import XMonad.Util.Ungrab (unGrab)
import XMonad.Util.WorkspaceCompare qualified as WS
import Control.Monad (when) import XMonad.Hooks.EwmhDesktops
import Numeric.Natural
import System.Environment (getArgs)
import System.FilePath ((</>))
import System.Info (arch, os)
import System.Posix.Process (executeFile)
import Text.Printf (printf)
compiledConfig = printf "xmonad-%s-%s" arch os
compileRestart resume = do
dirs <- asks directories
whenX (recompile dirs True) $ do
when resume writeStateToFile
catchIO
( do
args <- getArgs
executeFile (cacheDir dirs </> compiledConfig) False args Nothing
)
myLayout = smartBorders . borderResize . Docks.avoidStruts $ toggleLayouts Full emptyBSP
main :: IO () main :: IO ()
main = getDirectories >>= launch myConfig main = xmonad
. ewmhFullscreen
. ewmh
. withEasySB (statusBarProp "xmobar" (pure myXmobarPP)) defToggleStrutsKey
$ myConfig
-- change size of window using direction so that it can be used together with the navigation2D function myConfig = def
-- see: similar to windowGo and windowSwap { modMask = mod4Mask -- Rebind Mod to the Super key
windowMoveSplit :: Direction2D -> Bool -> X () , layoutHook = myLayout -- Use custom layouts
windowMoveSplit direction _ = sendMessage $ MoveSplit direction , manageHook = myManageHook -- Match on certain windows
}
data VolumeCommand `additionalKeysP`
= ToggleVolume [ ("M-S-z", spawn "xscreensaver-command -lock")
| LowerVolume Natural , ("M-C-s", unGrab *> spawn "scrot -s" )
| RaiseVolume Natural , ("M-f" , spawn "firefox" )
interpretVolumeCommand :: VolumeCommand -> String
interpretVolumeCommand command = "amixer -q set Master " <> cmd
where
cmd = case command of
ToggleVolume -> "toggle"
LowerVolume delta -> show delta <> "%-"
RaiseVolume delta -> show delta <> "%+"
changeVolume :: VolumeCommand -> X ()
changeVolume = spawn . interpretVolumeCommand
myWorkspaceFilter :: X WS.WorkspaceSort
myWorkspaceFilter = do
sortXineramaAware <- WS.getSortByXineramaRule
pure $ sortXineramaAware . WS.filterOutWs [scratchpadWorkspaceTag]
scratchpads =
[ NS
"notes"
"emacsclient -c -F '((name . \"gtd\"))'"
(resource =? "gtd")
doCenterFloat
, -- (customFloating $ W.RationalRect (1/6) (1/6) (2/3) (2/3))
NS
"shell"
"alacritty --class scratchpad"
(resource =? "scratchpad")
(customFloating $ W.RationalRect (1 / 6) (1 / 6) (2 / 3) (2 / 3))
] ]
myConfig = myManageHook :: ManageHook
addEwmhWorkspaceSort myWorkspaceFilter myManageHook = composeAll
. ewmhFullscreen [ className =? "Gimp" --> doFloat
. ewmh , isDialog --> doFloat
. Docks.docks ]
. nav
$ def
{ modMask = mod4Mask -- Use Super instead of Alt
, terminal = "alacritty"
, layoutHook = myLayout
, handleEventHook = handleEventHook def <+> fullscreenEventHook
, -- this seems to be necessary to make java gui applications work :(
startupHook = ewmhDesktopsStartup >> setWMName "LG3D"
, manageHook =
mconcat
[ namedScratchpadManageHook scratchpads
, isDialog --> doFloat
, isFullscreen --> doFullFloat
, className =? "steam_proton" --> doFloat
, manageHook def
]
}
`EZ.additionalKeysP` [ ("M-S-z", spawn "xscreensaver-command -lock")
, ("M-S-r", compileRestart True)
, ("M-S-q", restart "xmonad" True)
, ("M-C-s", unGrab *> spawn "scrot -s")
, ("M-S-s", sendMessage Docks.ToggleStruts)
, ("M-f", sendMessage (Toggle "Full"))
, ("M-p", spawn appLauncher)
, ("M-i", spawn passLauncher)
, ("M-w", kill)
, ("M-l", WS.toggleWS)
, ("M-g", WS.prevWS)
, ("M-C-g", WS.swapPrevScreen)
, ("M-S-g", WS.shiftPrevScreen)
, ("M-r", WS.nextWS)
, ("M-C-r", WS.swapNextScreen)
, ("M-S-r", WS.shiftNextScreen)
, -- scratchpads
("M-s M-t", namedScratchpadAction scratchpads "shell")
, ("M-s M-s", namedScratchpadAction scratchpads "notes")
, -- backlight control
("<XF86MonBrightnessDown>", spawn "xbacklight -dec 5")
, ("<XF86MonBrightnessUp>", spawn "xbacklight -inc 5")
, ("<F5>", spawn "xbacklight -dec 5")
, ("<F6>", spawn "xbacklight -inc 5")
, -- transparency
("S-<XF86MonBrightnessDown>", spawn "picom-trans -c -5")
, ("S-<XF86MonBrightnessUp>", spawn "picom-trans -c +5")
, ("M-S-d", spawn "picom-trans -c +5")
, ("M-S-b", spawn "picom-trans -c -5")
, -- volume control
("<XF86AudioMute>", changeVolume ToggleVolume)
, ("<XF86AudioLowerVolume>", changeVolume $ LowerVolume 5)
, ("<XF86AudioRaiseVolume>", changeVolume $ RaiseVolume 5)
, ("M-d", changeVolume $ RaiseVolume 5)
, ("M-b", changeVolume $ LowerVolume 5)
, ("M-a", sendMessage Balance)
, ("M-S-a", sendMessage Equalize)
, ("M-o", sendMessage Rotate)
, ("M-y", withFocused $ windows . W.sink)
]
where
-- navigate using dvorak bindings
nav = navigation2DP def ("c", "h", "t", "n") [("M-", windowGo), ("M-C-", windowSwap), ("M-S-", windowMoveSplit)] True
appLauncher = "rofi -show combi -modes combi -combi-modes window,drun,run,ssh"
passLauncher = "rofi-pass"
-- myManageHook :: ManageHook myLayout = tiled ||| Mirror tiled ||| Full ||| threeCol
-- myManageHook = composeAll where
-- [ className =? "Gimp" --> doFloat threeCol = magnifiercz' 1.3 $ ThreeColMid nmaster delta ratio
-- , isDialog --> doFloat tiled = Tall nmaster delta ratio
-- ] nmaster = 1 -- Default number of windows in the master pane
ratio = 1/2 -- Default proportion of screen occupied by master pane
delta = 3/100 -- Percent of screen to increment by when resizing panes
myXmobarPP :: PP
myXmobarPP = def
{ ppSep = magenta ""
, ppTitleSanitize = xmobarStrip
, ppCurrent = wrap " " "" . xmobarBorder "Top" "#8be9fd" 2
, ppHidden = white . wrap " " ""
, ppHiddenNoWindows = lowWhite . wrap " " ""
, ppUrgent = red . wrap (yellow "!") (yellow "!")
, ppOrder = \[ws, l, _, wins] -> [ws, l, wins]
, ppExtras = [logTitles formatFocused formatUnfocused]
}
where
formatFocused = wrap (white "[") (white "]") . magenta . ppWindow
formatUnfocused = wrap (lowWhite "[") (lowWhite "]") . blue . ppWindow
-- | Windows should have *some* title, which should not not exceed a
-- sane length.
ppWindow :: String -> String
ppWindow = xmobarRaw . (\w -> if null w then "untitled" else w) . shorten 30
blue, lowWhite, magenta, red, white, yellow :: String -> String
magenta = xmobarColor "#ff79c6" ""
blue = xmobarColor "#bd93f9" ""
white = xmobarColor "#f8f8f2" ""
yellow = xmobarColor "#f1fa8c" ""
red = xmobarColor "#ff5555" ""
lowWhite = xmobarColor "#bbbbbb" ""

13
home/alex/programs/xmonad/default.nix
View file

@ -1,12 +1,11 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
config.xsession.windowManager.xmonad = { xsession = {
enable = true; windowManager.command = let
enableContribAndExtras = true; xmonad = pkgs.xmonad-with-packages.override {
config = ./config.hs; packages = self: [ self.xmonad-contrib ];
};
in "${xmonad}/bin/xmonad";
}; };
# control backlight
config.home.packages = [ pkgs.xorg.xbacklight pkgs.scrot ];
} }

8
home/alex/programs/zathura/default.nix
View file

@ -1,8 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.programs.zathura = {
enable = true;
extraConfig = builtins.readFile ./gruvbox-dark.zathurarc;
};
}

40
home/alex/programs/zathura/gruvbox-dark.zathurarc
View file

@ -1,40 +0,0 @@
set notification-error-bg "#282828" # bg
set notification-error-fg "#fb4934" # bright:red
set notification-warning-bg "#282828" # bg
set notification-warning-fg "#fabd2f" # bright:yellow
set notification-bg "#282828" # bg
set notification-fg "#b8bb26" # bright:green
set completion-bg "#504945" # bg2
set completion-fg "#ebdbb2" # fg
set completion-group-bg "#3c3836" # bg1
set completion-group-fg "#928374" # gray
set completion-highlight-bg "#83a598" # bright:blue
set completion-highlight-fg "#504945" # bg2
# Define the color in index mode
set index-bg "#504945" # bg2
set index-fg "#ebdbb2" # fg
set index-active-bg "#83a598" # bright:blue
set index-active-fg "#504945" # bg2
set inputbar-bg "#282828" # bg
set inputbar-fg "#ebdbb2" # fg
set statusbar-bg "#504945" # bg2
set statusbar-fg "#ebdbb2" # fg
set highlight-color "#fabd2f" # bright:yellow
set highlight-active-color "#fe8019" # bright:orange
set default-bg "#282828" # bg
set default-fg "#ebdbb2" # fg
set render-loading true
set render-loading-bg "#282828" # bg
set render-loading-fg "#ebdbb2" # fg
# Recolor book content's color
set recolor-lightcolor "#282828" # bg
set recolor-darkcolor "#ebdbb2" # fg
set recolor "true"
# set recolor-keephue true # keep original color

5
home/alex/services/blueman-applet/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.blueman-applet = { enable = true; };
}

30
home/alex/services/dunst/default.nix
View file

@ -1,30 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.services.dunst = {
enable = true;
iconTheme = {
name = "Adwaita";
package = pkgs.adwaita-icon-theme;
size = "16x16";
};
settings = {
global = {
monitor = 0;
geometry = "600x50-50+65";
shrink = "yes";
transparency = 10;
padding = 16;
horizontal_padding = 16;
font = "JetBrainsMono Nerd Font 10";
line_height = 4;
format = "<b>%s</b>\\n%b";
};
};
};
}

15
home/alex/services/git-sync/default.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
let cfg = config.my.git-sync;
in {
options.my.git-sync = { enable = lib.mkEnableOption "git-sync"; };
config.services.git-sync = lib.mkIf cfg.enable {
enable = true;
repositories = {
"org" = {
path = "${config.home.homeDirectory}/org";
uri = "git+ssh://git@git.failco.de:jakalx/org.git";
};
};
};
}

5
home/alex/services/network-manager/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.network-manager-applet = { enable = true; };
}

15
home/alex/services/picom/default.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.picom = {
enable = true;
activeOpacity = 1.0;
inactiveOpacity = 0.8;
backend = "glx";
fade = true;
fadeDelta = 5;
opacityRules = [ "100:name *= 'i3lock'" ];
shadow = true;
shadowOpacity = 0.75;
};
}

235
home/alex/services/polybar/config.ini
View file

@ -1,235 +0,0 @@
;==========================================================
;
;
; ██████╗ ██████╗ ██╗ ██╗ ██╗██████╗ █████╗ ██████╗
; ██╔══██╗██╔═══██╗██║ ╚██╗ ██╔╝██╔══██╗██╔══██╗██╔══██╗
; ██████╔╝██║ ██║██║ ╚████╔╝ ██████╔╝███████║██████╔╝
; ██╔═══╝ ██║ ██║██║ ╚██╔╝ ██╔══██╗██╔══██║██╔══██╗
; ██║ ╚██████╔╝███████╗██║ ██████╔╝██║ ██║██║ ██║
; ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝
;
;
; To learn more about how to configure Polybar
; go to https://github.com/polybar/polybar
;
; The README contains a lot of information
;
;==========================================================
[colors]
background = #282A2E
background-alt = #373B41
foreground = #C5C8C6
primary = #F0C674
secondary = #8ABEB7
alert = #A54242
disabled = #707880
[bar/main]
width = 100%
height = 24pt
radius = 6
; dpi = 96
background = ${colors.background}
foreground = ${colors.foreground}
line-size = 3pt
border-size = 4pt
border-color = #00000000
padding-left = 0
padding-right = 1
module-margin = 1
separator = |
separator-foreground = ${colors.disabled}
font-0 = monospace;2
modules-left = xworkspaces xwindow
modules-center = systray
modules-right = filesystem pulseaudio xkeyboard memory cpu battery wlan eth backlight date
cursor-click = pointer
cursor-scroll = ns-resize
enable-ipc = true
tray-position = center
; wm-restack = generic
; wm-restack = bspwm
; wm-restack = i3
; override-redirect = true
[module/systray]
type = internal/tray
format-margin = 8pt
tray-spacing = 16pt
[module/battery]
type = internal/battery
; This is useful in case the battery never reports 100% charge
; Default: 100
full-at = 99
; format-low once this charge percentage is reached
; Default: 10
; New in version 3.6.0
low-at = 10
; Use the following command to list batteries and adapters:
; $ ls -1 /sys/class/power_supply/
battery = BAT0
adapter = ADP0
; If an inotify event haven't been reported in this many
; seconds, manually poll for new values.
;
; Needed as a fallback for systems that don't report events
; on sysfs/procfs.
;
; Disable polling by setting the interval to 0.
;
; Default: 5
poll-interval = 5
[module/backlight]
type = internal/xbacklight
; XRandR output to get get values from
; Default: the monitor defined for the running bar
;output = DP-4
; Create scroll handlers used to set the backlight value
; Default: true
enable-scroll = true
; Available tags:
; <label> (default)
; <ramp>
; <bar>
format = <ramp>
; Available tokens:
; %percentage% (default)
label = %percentage%%
; Only applies if <ramp> is used
ramp-0 = 🌕
ramp-1 = 🌔
ramp-2 = 🌓
ramp-3 = 🌒
ramp-4 = 🌑
[module/xworkspaces]
type = internal/xworkspaces
label-active = %name%
label-active-background = ${colors.background-alt}
label-active-underline= ${colors.primary}
label-active-padding = 1
label-occupied = %name%
label-occupied-padding = 1
label-urgent = %name%
label-urgent-background = ${colors.alert}
label-urgent-padding = 1
label-empty = %name%
label-empty-foreground = ${colors.disabled}
label-empty-padding = 1
[module/xwindow]
type = internal/xwindow
label = %title:0:60:...%
[module/filesystem]
type = internal/fs
interval = 25
mount-0 = /
label-mounted = %{F#F0C674}%mountpoint%%{F-} %percentage_used%%
label-unmounted = %mountpoint% not mounted
label-unmounted-foreground = ${colors.disabled}
[module/pulseaudio]
type = internal/pulseaudio
format-volume-prefix = "VOL "
format-volume-prefix-foreground = ${colors.primary}
format-volume = <label-volume>
label-volume = %percentage%%
label-muted = muted
label-muted-foreground = ${colors.disabled}
[module/xkeyboard]
type = internal/xkeyboard
blacklist-0 = num lock
label-layout = %layout%
label-layout-foreground = ${colors.primary}
label-indicator-padding = 2
label-indicator-margin = 1
label-indicator-foreground = ${colors.background}
label-indicator-background = ${colors.secondary}
[module/memory]
type = internal/memory
interval = 2
format-prefix = "RAM "
format-prefix-foreground = ${colors.primary}
label = %percentage_used:2%%
[module/cpu]
type = internal/cpu
interval = 2
format-prefix = "CPU "
format-prefix-foreground = ${colors.primary}
label = %percentage:2%%
[network-base]
type = internal/network
interval = 5
format-connected = <label-connected>
format-disconnected = <label-disconnected>
label-disconnected = %{F#F0C674}%ifname%%{F#707880} disconnected
[module/wlan]
inherit = network-base
interface-type = wireless
label-connected = %{F#F0C674}%ifname%%{F-} %essid% %local_ip%
[module/eth]
inherit = network-base
interface-type = wired
label-connected = %{F#F0C674}%ifname%%{F-} %local_ip%
[module/date]
type = internal/date
interval = 1
date = %H:%M
date-alt = %Y-%m-%d %H:%M:%S
label = %date%
label-foreground = ${colors.primary}
[settings]
screenchange-reload = true
pseudo-transparency = true
; vim:ft=dosini

19
home/alex/services/polybar/default.nix
View file

@ -1,19 +0,0 @@
{ config, lib, pkgs, ... }:
let
mypolybar = pkgs.polybar.override {
alsaSupport = true;
mpdSupport = true;
pulseSupport = true;
};
in {
config.home.packages = with pkgs; [ font-awesome material-design-icons ];
config.services.polybar = {
enable = true;
package = mypolybar;
config = ./config.ini;
script = ''
polybar & disown
'';
};
}

15
home/alex/services/screen-locker/default.nix
View file

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.services.screen-locker = {
enable = false;
inactiveInterval = 30;
lockCmd = "${pkgs.i3lock}/bin/i3lock -n -c 000000";
xautolock.extraOptions = [ "-detectsleep" ];
};
}

11
home/alex/services/syncthing/default.nix
View file

@ -1,11 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.syncthing = {
enable = true;
tray = {
enable = true;
command = "syncthingtray --wait";
};
};
}

8
home/alex/services/udiskie/default.nix
View file

@ -1,8 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.udiskie = {
enable = true;
tray = "always";
};
}

13
home/anne/home.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
home = { home = {
@ -12,8 +7,8 @@
packages = with pkgs; [ packages = with pkgs; [
firefox firefox
alacritty alacritty
gnome-session gnome.gnome-session
gnome-control-center gnome.gnome-control-center
]; ];
keyboard.layout = "de"; keyboard.layout = "de";
keyboard.variant = "nodeadkeys"; keyboard.variant = "nodeadkeys";
@ -21,6 +16,6 @@
xsession = { xsession = {
enable = true; enable = true;
windowManager.command = "${pkgs.gnome-session}/bin/gnome-session"; windowManager.command = "${pkgs.gnome.gnome-session}/bin/gnome-session";
}; };
} }

89
hosts/dregil/configuration.nix
View file

@ -2,13 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ { inputs, config, pkgs, lib, ... }:
inputs,
config,
pkgs,
lib,
...
}:
let let
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" '' nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1 export __NV_PRIME_RENDER_OFFLOAD=1
@ -17,16 +11,13 @@ let
export __VK_LAYER_NV_optimus=NVIDIA_only export __VK_LAYER_NV_optimus=NVIDIA_only
exec "$@" exec "$@"
''; '';
in in {
{
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
# <nixos-hardware/lenovo/legion/15ich> # <nixos-hardware/lenovo/legion/15ich>
../../modules/appimage.nix
../../modules/sudo.nix
../../modules/wm/x.nix ../../modules/wm/x.nix
../../modules/wm/xmonad/default.nix ../../modules/wm/xmonad.nix
]; ];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
@ -40,21 +31,17 @@ in
networking.hostName = "dregil"; # Define your hostname. networking.hostName = "dregil"; # Define your hostname.
# Pick only one of the below networking options. # Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 localhost dregil.localdomain dregil 127.0.0.1 localhost dregil.localdomain dregil
''; '';
i18n = { i18n = {
extraLocaleSettings = { extraLocaleSettings = { TIME_STYLE = "iso"; };
TIME_STYLE = "iso"; supportedLocales =
}; [ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
supportedLocales = [
"C.UTF-8/UTF-8"
"en_US.UTF-8/UTF-8"
"de_DE.UTF-8/UTF-8"
];
}; };
console = { console = {
@ -64,31 +51,22 @@ in
fonts = { fonts = {
enableDefaultPackages = true; enableDefaultPackages = true;
packages = packages = with pkgs; [
with pkgs; corefonts
[ noto-fonts
corefonts noto-fonts-emoji
noto-fonts fira-code
noto-fonts-emoji fira-code-symbols
fira-code nerdfonts
fira-code-symbols ];
]
++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
}; };
# Enable CUPS to print documents. # Enable CUPS to print documents.
# services.printing.enable = true; # services.printing.enable = true;
# rtkit is optional but recommended # Enable sound.
security.rtkit.enable = true; sound.enable = true;
services.pipewire = { hardware.pulseaudio.enable = true;
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
@ -101,23 +79,17 @@ in
]; ];
# adjust channels to nixpkgs used on this system via this flake # adjust channels to nixpkgs used on this system via this flake
environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs.outPath; environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs-unstable.outPath;
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; nix.nixPath = [ "nixpkgs=${inputs.nixpkgs-unstable}" ];
nix.settings.max-jobs = 3; nix.settings.max-jobs = 3;
nix.settings.cores = 4; nix.settings.cores = 4;
programs.neovim = { programs.neovim = { enable = true; };
enable = true;
};
programs.steam = { programs.steam = { enable = true; };
enable = true;
};
programs.zsh = { programs.zsh = { enable = true; };
enable = true;
};
# List services that you want to enable: # List services that you want to enable:
@ -126,16 +98,9 @@ in
services.blueman.enable = true; services.blueman.enable = true;
# Open ports in the firewall # Open ports in the firewall.
# 22000, 21027 syncthing discovery and connectivity # networking.firewall.allowedTCPPorts = [ ... ];
networking.firewall.allowedTCPPorts = [ # networking.firewall.allowedUDPPorts = [ ... ];
5223
22000
];
networking.firewall.allowedUDPPorts = [
21027
22000
];
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;

30
hosts/dregil/default.nix
View file

@ -1,32 +1,14 @@
{ { lib, config, pkgs, inputs, ... }: {
inputs,
stable,
system,
...
}:
{
imports = [ imports = [
( ({ inputs, lib, ... }: {
{ inputs, lib, ... }: nixpkgs = { config.allowUnfree = true; };
{ nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
nixpkgs = { })
config.allowUnfree = true;
};
home-manager.extraSpecialArgs = { inherit stable; };
}
)
../../modules/security.nix ../../modules/security.nix
../../modules/common-system.nix ../../modules/common-system.nix
./configuration.nix ./configuration.nix
inputs.home-manager.nixosModules.home-manager inputs.home-manager-unstable.nixosModules.home-manager
inputs.distro-grub-themes.nixosModules.${system}.default
../../home/anne/default.nix ../../home/anne/default.nix
../../home/alex/default.nix ../../home/alex/default.nix
../../modules/grub-themes
../../modules/hyprland
../../modules/podman
../../modules/tailscale
../../modules/flatpak.nix
../../modules/nh.nix
]; ];
} }

52
hosts/dregil/hardware-configuration.nix
View file

@ -1,25 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules =
"xhci_pci" [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
"thunderbolt"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ boot.initrd.kernelModules = [
"dm-snapshot" "dm-snapshot"
"uas" "uas"
@ -39,38 +27,26 @@
keyFileSize = 4096; keyFileSize = 4096;
}; };
}; };
boot.kernelModules = [ boot.kernelModules = [ "kvm-intel" "nvidia" ];
"kvm-intel" boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ];
"nvidia"
];
boot.kernelParams = [ "module_blacklist=i915" ]; boot.kernelParams = [ "module_blacklist=i915" ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [ "subvol=root" "compress=zstd" ];
"subvol=root"
"compress=zstd"
];
}; };
fileSystems."/home" = { fileSystems."/home" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [ "subvol=home" "compress=zstd" ];
"subvol=home"
"compress=zstd"
];
}; };
fileSystems."/nix" = { fileSystems."/nix" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [ "subvol=nix" "compress=zstd" "noatime" ];
"subvol=nix"
"compress=zstd"
"noatime"
];
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
@ -78,7 +54,8 @@
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ { device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95"; } ]; swapDevices =
[{ device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -90,12 +67,12 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.nvidia = { hardware.nvidia = {
nvidiaSettings = true; nvidiaSettings = true;
nvidiaPersistenced = true; nvidiaPersistenced = true;
open = true;
# modesetting.enable = true; # modesetting.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.beta; package = config.boot.kernelPackages.nvidiaPackages.beta;
@ -109,9 +86,10 @@
# }; # };
}; };
hardware.graphics = { hardware.opengl = {
enable = true; enable = true;
enable32Bit = true; driSupport = true;
driSupport32Bit = true;
}; };
hardware.keyboard.uhk.enable = true; hardware.keyboard.uhk.enable = true;

134
hosts/igor/default.nix
View file

@ -1,147 +1,65 @@
{ { config, inputs, lib, pkgs, ... }:
inputs,
pkgs,
config,
...
}:
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
./syncthing.nix
../../modules/security.nix ../../modules/security.nix
../../modules/nix-config.nix ../../modules/nix-config.nix
../../modules/iohk.nix
../../modules/timezone.nix ../../modules/timezone.nix
../../modules/keybase.nix ../../modules/keybase.nix
../../modules/ssh.nix ../../modules/ssh.nix
../../modules/tailscale ./disko-config.nix
../../modules/vsftpd
../../modules/mosh.nix
]; ];
config.boot.loader.grub.enable = true; networking = let extIface = "ens3";
config.boot.loader.grub.efiSupport = true; in {
config.boot.loader.grub.efiInstallAsRemovable = true;
#config.boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
config.boot.loader.grub.device = "/dev/disk/by-id/ata-HGST_HTS725050A7E630_TF655AY92SM3XL"; # or "nodev" for efi only
config.security.sudo.wheelNeedsPassword = false;
config.networking = {
hostName = "igor"; hostName = "igor";
domain = "failco.de"; domain = "failco.de";
wireless.enable = false;
wireless = { useDHCP = false;
enable = true; enableIPv6 = false;
userControlled.enable = true; interfaces.${extIface} = {
allowAuxiliaryImperativeNetworks = true; ipv4.addresses = [{
secretsFile = "/etc/wireless.conf"; address = "192.168.0.2";
networks = { prefixLength = 24;
Prapsschnalinen.pskRaw = "ext:home"; }];
}; };
defaultGateway = "192.168.0.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
allowedTCPPorts = [ 22 80 443 ];
allowedUDPPorts = [ ];
}; };
useDHCP = true;
enableIPv6 = true;
networkmanager.enable = false;
firewall.enable = true;
firewall.allowedTCPPorts = [
config.services.mysql.settings.mysqld.port
];
}; };
config.security.sudo = { security.sudo = {
enable = true; enable = true;
execWheelOnly = true; execWheelOnly = true;
}; };
# Select internationalization properties. # Select internationalization properties.
config.i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
config.console = { console = {
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";
keyMap = "dvorak"; keyMap = "dvorak";
}; };
# Set your time zone.
config.time.timeZone = "Europe/Berlin";
# Enable the X11 windowing system.
config.services.xserver.enable = true;
config.services.logind.lidSwitch = "lock";
# Enable the GNOME Desktop Environment.
config.services.xserver.displayManager.gdm.enable = true;
config.services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
config.services.xserver.xkb.layout = "us";
config.services.xserver.xkb.variant = "dvorak";
config.services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
config.services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
config.services.pipewire = {
enable = true;
pulse.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
config.services.libinput.enable = true;
config.services.mysql = {
enable = true;
package = pkgs.mariadb;
};
config.programs.firefox.enable = true;
config.programs.git.enable = true;
config.programs.nm-applet.enable = true;
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
config.users.users.alex = { users.users.me = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.zsh; shell = pkgs.zsh;
packages = [ pkgs.devenv ];
}; };
config.environment.systemPackages = with pkgs; [ programs.neovim = {
alacritty
dolphin
waybar
hyprpaper
wofi
tmux
lftp
];
config.programs.direnv = {
enable = true;
silent = true;
};
config.programs.hyprland = {
enable = true;
withUWSM = true;
};
config.programs.neovim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
viAlias = true; viAlias = true;
vimAlias = true; vimAlias = true;
}; };
config.programs.zsh.enable = true; programs.zsh.enable = true;
config.system.stateVersion = "24.11"; system.stateVersion = "23.11";
} }

28
hosts/igor/disko-config.nix
View file

@ -2,14 +2,10 @@
disko.devices = { disko.devices = {
disk.main = { disk.main = {
type = "disk"; type = "disk";
device = "/dev/sdb"; device = "/dev/mmcblk0";
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
boot = {
size = "1M";
type = "EF02";
};
ESP = { ESP = {
priority = 1; priority = 1;
name = "ESP"; name = "ESP";
@ -30,32 +26,18 @@
extraArgs = [ "-f" ]; extraArgs = [ "-f" ];
subvolumes = { subvolumes = {
"/rootfs" = { "/rootfs" = { mountpoint = "/"; };
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/home" = { "/home" = {
mountOptions = [ mountOptions = [ "compress=zstd" ];
"compress=zstd"
"noatime"
];
mountpoint = "/home"; mountpoint = "/home";
}; };
"/nix" = { "/nix" = {
mountOptions = [ mountOptions = [ "compress=zstd" "noatime" ];
"compress=zstd"
"noatime"
];
mountpoint = "/nix"; mountpoint = "/nix";
}; };
"/swap" = { "/swap" = {
mountpoint = "/.swapvol"; mountpoint = "/.swapvol";
swap = { swap = { swapfile.size = "2G"; };
swapfile.size = "2G";
};
}; };
}; };
}; };

72
hosts/igor/hardware-configuration.nix
View file

@ -1,72 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# fileSystems."/" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=rootfs" ];
# };
#
# fileSystems."/.swapvol" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=swap" ];
# };
#
# fileSystems."/boot" =
# { device = "/dev/disk/by-uuid/2EDA-47FD";
# fsType = "vfat";
# options = [ "fmask=0022" "dmask=0022" ];
# };
#
# fileSystems."/home" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=home" ];
# };
#
# fileSystems."/nix" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=nix" ];
# };
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wwp0s20u4i6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

29
hosts/igor/syncthing.nix
View file

@ -1,29 +0,0 @@
{ config, lib, ... }:
{
config.services.syncthing = {
enable = true;
user = "vsftpd";
group = "vsftpd";
dataDir = "/var/lib/vsftpd";
settings.devices = {
thrall = {
id = "P52YQU2-7LCEOVV-DSGTAZG-AJ2DSJD-JPHSUJE-HC2KAGO-YR4SXQD-V6OQ7QF";
addresses = [ "tcp://195.90.211.228:22000" ];
};
};
settings.folders = {
paperless = {
path = "${config.services.vsftpd.localRoot}/scan";
devices = [ "thrall" ];
versioning = {
type = "trashcan";
params.cleanoutDays = "90";
};
};
};
};
}

11
hosts/redmi/default.nix
View file

@ -4,14 +4,14 @@
# Simply install just the packages # Simply install just the packages
environment.packages = with pkgs; [ environment.packages = with pkgs; [
# User-facing stuff that you really really want to have # User-facing stuff that you really really want to have
neovim vim # or some other editor, e.g. nano or neovim
git git
git-annex git-annex
mosh mosh
openssh openssh
wget wget
tmux helix
# Some common stuff that people expect to have # Some common stuff that people expect to have
#diffutils #diffutils
@ -29,18 +29,13 @@
#xz #xz
#zip #zip
#unzip #unzip
inetutils
]; ];
# Backup etc files instead of failing to activate generation if a file already exists in /etc # Backup etc files instead of failing to activate generation if a file already exists in /etc
environment.etcBackupExtension = ".bak"; environment.etcBackupExtension = ".bak";
environment.sessionVariables = {
EDITOR = "${pkgs.neovim}/bin/nvim";
};
# Read the changelog before changing this value # Read the changelog before changing this value
system.stateVersion = "24.05"; system.stateVersion = "22.11";
# Set up nix for flakes # Set up nix for flakes
nix.extraOptions = '' nix.extraOptions = ''

7
hosts/thrall/alex.nix
View file

@ -1,7 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [ ../../home/alex/cli.nix ../../home/alex/services/git-sync ];
config.my.git-sync.enable = true;
}

326
hosts/thrall/default.nix
View file

@ -2,35 +2,22 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ { inputs, config, pkgs, ... }:
inputs,
lib,
config,
pkgs,
...
}:
let let
authorityFromUrl = url: builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url)); authorityFromUrl = url:
in builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url));
{ in {
disabledModules = [ "services/web-apps/hledger-web.nix" ];
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
inputs.snm.nixosModule inputs.snm.nixosModule
inputs.agenix.nixosModules.age inputs.agenix.nixosModules.age
../../modules/security.nix ../../modules/security.nix
../../modules/sudo.nix
../../modules/upgrade-pg-cluster.nix ../../modules/upgrade-pg-cluster.nix
../../modules/nix-config.nix ../../modules/nix-config.nix
../../modules/iohk.nix ../../modules/iohk.nix
../../modules/timezone.nix ../../modules/timezone.nix
../../modules/keybase.nix ../../modules/keybase.nix
../../modules/ssh.nix ../../modules/ssh.nix
../../modules/hledger-web.nix
../../modules/tailscale
../../modules/mosh.nix
../../modules/nh.nix
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
@ -57,89 +44,84 @@ in
# The global useDHCP flag is deprecated, therefore explicitly set to false here. # The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config # Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour. # replicates the default behaviour.
networking = networking = let extIface = "ens3";
let in {
extIface = "ens3"; hostName = "thrall";
in domain = "failco.de";
{ wireless.enable = false;
hostName = "thrall"; useDHCP = false;
domain = "failco.de"; enableIPv6 = false;
wireless.enable = false; interfaces.${extIface} = {
useDHCP = false; ipv4.addresses = [{
enableIPv6 = false; address = "195.90.211.228";
interfaces.${extIface} = { prefixLength = 22;
ipv4.addresses = [ }];
};
defaultGateway = "195.90.208.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
allowedTCPPorts = [ 22 53 80 443 5000 ];
allowedUDPPorts = [ 53 42666 ];
};
# wireguard related config
nat.enable = true;
nat.externalInterface = extIface;
nat.internalInterfaces = [ "wg0" ];
wireguard.interfaces = {
wg0 = {
ips = [ "10.0.0.1/24" ];
listenPort = 42666;
postSetup = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
privateKeyFile = config.age.secrets.wireguard-thrall.path;
peers = [
{ {
address = "195.90.211.228"; # my phone
prefixLength = 22; publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
allowedIPs = [ "10.0.0.2/32" ];
}
{
# my tablet
publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k=";
allowedIPs = [ "10.0.0.3/32" ];
}
{
# homematic
publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4=";
allowedIPs = [ "10.0.0.4/32" ];
} }
]; ];
}; };
defaultGateway = "195.90.208.1";
nameservers = [
"8.8.8.8"
"8.8.4.4"
];
firewall = {
allowedTCPPorts = [
22
53
80
443
5000
40005 # syncthing
];
allowedUDPPorts = [
53
];
};
# wireguard related config
nat.enable = true;
nat.externalInterface = extIface;
nat.internalInterfaces = [ "wg0" ];
wireguard.interfaces = {
wg0 = {
ips = [ "10.0.0.1/24" ];
listenPort = 42666;
postSetup = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
privateKeyFile = config.age.secrets.wireguard-thrall.path;
peers = [
{
# my phone
publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
allowedIPs = [ "10.0.0.2/32" ];
}
{
# my tablet
publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k=";
allowedIPs = [ "10.0.0.3/32" ];
}
{
# homematic
publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4=";
allowedIPs = [ "10.0.0.4/32" ];
}
];
};
};
}; };
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "alex@jakalx.net"; defaults.email = "alex@jakalx.net";
}; };
security.sudo = {
enable = true;
execWheelOnly = true;
extraRules = [{
groups = [ "wheel" ];
commands = [{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}];
}];
};
# Select internationalization properties. # Select internationalization properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
console = { console = {
@ -157,14 +139,7 @@ in
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ wget rsync htop tmux git rclone ];
wget
rsync
htop
tmux
git
rclone
];
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
@ -173,6 +148,7 @@ in
enableSSHSupport = true; enableSSHSupport = true;
}; };
programs.mosh.enable = true;
programs.neovim = { programs.neovim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
@ -187,11 +163,7 @@ in
services.kresd = { services.kresd = {
enable = true; enable = true;
listenPlain = [ listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ];
"[::1]:53"
"127.0.0.1:53"
"10.0.0.1:53"
];
}; };
services.lorri.enable = true; services.lorri.enable = true;
@ -251,25 +223,29 @@ in
''; '';
}; };
# forgejo - git web frontend # gitea
"${config.services.forgejo.settings.server.DOMAIN}" = { "${config.services.gitea.settings.server.DOMAIN}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}/"; proxyPass = "http://127.0.0.1:${
toString config.services.gitea.settings.server.HTTP_PORT
}/";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
# paperless # paperless
"${authorityFromUrl config.services.paperless.settings.PAPERLESS_URL}" = { "${authorityFromUrl config.services.paperless.extraConfig.PAPERLESS_URL}" =
forceSSL = true; {
enableACME = true; forceSSL = true;
locations."/" = { enableACME = true;
proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}/"; locations."/" = {
proxyWebsockets = true; proxyPass =
"http://127.0.0.1:${toString config.services.paperless.port}/";
proxyWebsockets = true;
};
}; };
};
# hledger # hledger
"${authorityFromUrl config.services.hledger-web.baseUrl}" = { "${authorityFromUrl config.services.hledger-web.baseUrl}" = {
@ -277,22 +253,16 @@ in
enableACME = true; enableACME = true;
basicAuthFile = config.age.secrets.hledger-web.path; basicAuthFile = config.age.secrets.hledger-web.path;
locations."/" = { locations."/" = {
proxyPass = "http://${config.services.hledger-web.host}:${toString config.services.hledger-web.port}/"; proxyPass = "http://${config.services.hledger-web.host}:${
toString config.services.hledger-web.port
}/";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
}; };
users.users.git = { services.gitea = {
home = config.services.forgejo.stateDir;
useDefaultShell = true;
group = config.services.forgejo.group;
isSystemUser = true;
};
services.forgejo = {
enable = true; enable = true;
user = "git";
database.type = "sqlite3"; database.type = "sqlite3";
lfs.enable = true; lfs.enable = true;
@ -308,13 +278,10 @@ in
mailer = { mailer = {
ENABLED = true; ENABLED = true;
PROTOCOL = "smtp"; MAILER_TYPE = "smtp";
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail"; FROM = "git@failco.de";
FROM = "noreply@failco.de"; HOST = "thrall.failco.de:25";
}; IS_TLS_ENABLED = false;
other = {
SHOW_FOOTER_VERSION = false;
}; };
}; };
}; };
@ -324,16 +291,9 @@ in
address = "127.0.0.1"; address = "127.0.0.1";
port = 3002; port = 3002;
consumptionDirIsPublic = true; consumptionDirIsPublic = true;
settings = { extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu+eng"; PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_OCR_USER_ARGS = ''{"invalidate_digital_signatures": true}'';
PAPERLESS_URL = "https://docs.failco.de"; PAPERLESS_URL = "https://docs.failco.de";
PAPERLESS_CONSUMER_RECURSIVE = true;
PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
# workaround for classification getting stuck, see
# https://github.com/NixOS/nixpkgs/issues/240591#issuecomment-1915678490
OMP_NUM_THREADS = 1;
}; };
}; };
@ -347,10 +307,7 @@ in
manage = true; manage = true;
}; };
journalFiles = [ "current.journal" ]; journalFiles = [ "current.journal" ];
extraOptions = [ extraOptions = [ "-B" "--value=then" ];
"-B"
"--value=then"
];
}; };
services.fail2ban = { services.fail2ban = {
@ -360,12 +317,8 @@ in
bantime = "1h"; bantime = "1h";
bantime-increment.enable = true; bantime-increment.enable = true;
ignoreIP = [ ignoreIP =
"127.0.0.0/8" [ "127.0.0.0/8" "195.90.211.228/22" "10.0.0.0/8" "192.168.0.0/16" ];
"195.90.211.228"
"10.0.0.0/8"
"192.168.0.0/16"
];
jails.postfix = '' jails.postfix = ''
filter = postfix filter = postfix
@ -379,32 +332,25 @@ in
enable = true; enable = true;
user = "alex"; user = "alex";
dataDir = "/home/alex/sync"; dataDir = "/home/alex/sync";
overrideDevices = true; # overrides any devices added or deleted through the WebUI overrideDevices =
overrideFolders = true; # overrides any folders added or deleted through the WebUI true; # overrides any devices added or deleted through the WebUI
overrideFolders =
true; # overrides any folders added or deleted through the WebUI
settings = { settings = {
folders = { folders = {
"org" = { "org" = {
path = "/home/alex/org"; path = "/home/alex/org";
devices = [ "redmi" ]; devices = [ "redmi" ];
}; };
"paperless" = { "scan" = {
path = "${config.services.paperless.consumptionDir}"; path = "/home/alex/media/scan";
devices = [ devices = [ "redmi" ];
"redmi"
"dregil"
"igor"
];
}; };
}; };
devices = { devices = {
redmi = { "redmi" = {
id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW"; id =
}; "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
dregil = {
id = "SMVQO7Q-EB2V7PC-B4LP5IN-SM2UUE4-FUI2RI4-LARFW3S-LXHPAT5-FLNY7QH";
};
igor = {
id = "NHSYYF6-I5GWMTI-2SQ6PIA-EU3TYZF-3I7BI3K-QTSRGCT-QVLSFG4-74TL2QW";
}; };
}; };
}; };
@ -413,34 +359,22 @@ in
mailserver = { mailserver = {
enable = true; enable = true;
fqdn = "thrall.failco.de"; fqdn = "thrall.failco.de";
domains = [ domains = [ "failco.de" "jakalx.net" "kobjolke.de" ];
"failco.de"
"jakalx.net"
"kobjolke.de"
];
loginAccounts = { loginAccounts = {
"me@failco.de" = { "me@failco.de" = {
# nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt' # nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt'
hashedPasswordFile = config.age.secrets.mailPass.path; hashedPasswordFile = config.age.secrets.mailPass.path;
aliases = [ aliases = [ "lx@failco.de" "alex@failco.de" ];
"lx@failco.de"
"alex@failco.de"
"abuse@failco.de"
"postmaster@failco.de"
"abuse@kobjolke.de"
"postmaster@kobjolke.de"
"abuse@jakalx.net"
"postmaster@jakalx.net"
];
catchAll = [ catchAll = [ "failco.de" "kobjolke.de" ];
];
}; };
"alex@jakalx.net" = { "alex@jakalx.net" = {
hashedPasswordFile = config.age.secrets.mailPass.path; hashedPasswordFile = config.age.secrets.mailPass.path;
catchAll = [ "jakalx.net" ];
}; };
"archive@failco.de" = { "archive@failco.de" = {
@ -448,17 +382,11 @@ in
}; };
}; };
extraVirtualAliases = { extraVirtualAliases = { "familie@kobjolke.de" = [ "me@failco.de" ]; };
"alex@kobjolke.de" = [ "me@failco.de" ];
};
forwards = { forwards = {
"familie@kobjolke.de" = [ "anne@kobjolke.de" = "anne.kobjolke@gmail.cem";
"alex@kobjolke.de" "alex@kobjolke.de" = "me@failco.de";
"anne@kobjolke.de"
];
"anne@kobjolke.de" = "anne.kobjolke@gmail.com";
"alexander@kobjolke.de" = "alex@kobjolke.de";
}; };
certificateScheme = "acme-nginx"; certificateScheme = "acme-nginx";
@ -468,22 +396,12 @@ in
virusScanning = true; virusScanning = true;
}; };
services.postgresql = { services.postgresql = { package = pkgs.postgresql_15; };
package = pkgs.postgresql_15;
};
services.roundcube = { services.roundcube = {
enable = true; enable = true;
hostName = "mail.failco.de"; hostName = "mail.failco.de";
dicts = with pkgs.aspellDicts; [ dicts = with pkgs.aspellDicts; [ en de ];
en plugins = [ "archive" "attachment_reminder" "managesieve" "markasjunk" ];
de
];
plugins = [
"archive"
"attachment_reminder"
"managesieve"
"markasjunk"
];
extraConfig = '' extraConfig = ''
# starttls needed for authentication, so the fqdn required to match # starttls needed for authentication, so the fqdn required to match
# the certificate # the certificate
@ -500,4 +418,6 @@ in
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment? system.stateVersion = "20.09"; # Did you read the comment?
} }

12
modules/appimage.nix
View file

@ -1,12 +0,0 @@
{ config, lib, pkgs, ... }:
{
boot.binfmt.registrations.appimage = {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
};
}

7
modules/common-system.nix
View file

@ -21,5 +21,10 @@
networking.firewall.enable = true; networking.firewall.enable = true;
nix = { registry = { nixpkgs.flake = inputs.nixpkgs; }; }; nix = {
registry = {
nixpkgs.flake = inputs.nixpkgs;
nixpkgs-unstable.flake = inputs.nixpkgs-unstable;
};
};
} }

18
modules/flatpak.nix
View file

@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
services.flatpak.enable = true;
systemd.services.flatpak-repo = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.flatpak ];
script = ''
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
'';
};
}

7
modules/grub-themes/default.nix
View file

@ -1,7 +0,0 @@
{ ... }:
{
config.distro-grub-themes = {
enable = true;
theme = "nixos";
};
}

752
modules/hardening.nix
View file

@ -1,752 +0,0 @@
{ config, lib, pkgs, ... }: {
systemd.services.systemd-rfkill = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.syslog = {
serviceConfig = {
PrivateNetwork = true;
CapabilityBoundingSet =
[ "CAP_DAC_READ_SEARCH" "CAP_SYSLOG" "CAP_NET_BIND_SERVICE" ];
NoNewPrivileges = true;
PrivateDevices = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
PrivateMounts = true;
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
LockPersonality = true;
ProtectKernelTunables = true;
RestrictRealtime = true;
PrivateUsers = true;
PrivateTmp = true;
UMask = "0077";
RestrictNamespace = true;
ProtectProc = "invisible";
ProtectHome = true;
DeviceAllow = false;
ProtectSystem = "full";
};
};
systemd.services.systemd-journald = {
serviceConfig = {
UMask = 77;
PrivateNetwork = true;
ProtectHostname = true;
ProtectKernelModules = true;
};
};
systemd.services.auto-cpufreq = {
serviceConfig = {
CapabilityBoundingSet = "";
ProtectSystem = "full";
ProtectHome = true;
PrivateNetwork = true;
IPAddressDeny = "any";
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectHostname = false;
MemoryDenyWriteExecute = true;
ProtectClock = true;
RestrictNamespaces = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectProc = true;
ReadOnlyPaths = [ "/" ];
InaccessiblePaths = [ "/home" "/root" "/proc" ];
SystemCallFilter = [ "@system-service" ];
SystemCallArchitectures = "native";
UMask = "0077";
};
};
systemd.services.NetworkManager-dispatcher = {
serviceConfig = {
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectHostname = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateUsers = true;
PrivateDevices = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.display-manager = {
serviceConfig = {
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true; # so we won't need all of this
};
};
systemd.services.emergency = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # Might need adjustment for emergency access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."getty@tty1" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."getty@tty7" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.NetworkManager = {
serviceConfig = {
NoNewPrivileges = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
ProtectProc = "invisible";
ProcSubset = "pid";
RestrictNamespaces = true;
ProtectKernelTunables = true;
ProtectHome = true;
PrivateTmp = true;
UMask = "0077";
};
};
systemd.services."nixos-rebuild-switch-to-configuration" = {
serviceConfig = {
ProtectHome = true;
NoNewPrivileges = true; # Prevent gaining new privileges
};
};
systemd.services."dbus" = {
serviceConfig = {
PrivateTmp = true;
PrivateNetwork = true;
ProtectSystem = "full";
ProtectHome = true;
SystemCallFilter =
"~@clock @cpu-emulation @module @mount @obsolete @raw-io @reboot @swap";
ProtectKernelTunables = true;
NoNewPrivileges = true;
CapabilityBoundingSet = [
"~CAP_SYS_TIME"
"~CAP_SYS_PACCT"
"~CAP_KILL"
"~CAP_WAKE_ALARM"
"~CAP_SYS_BOOT"
"~CAP_SYS_CHROOT"
"~CAP_LEASE"
"~CAP_MKNOD"
"~CAP_NET_ADMIN"
"~CAP_SYS_ADMIN"
"~CAP_SYSLOG"
"~CAP_NET_BIND_SERVICE"
"~CAP_NET_BROADCAST"
"~CAP_AUDIT_WRITE"
"~CAP_AUDIT_CONTROL"
"~CAP_SYS_RAWIO"
"~CAP_SYS_NICE"
"~CAP_SYS_RESOURCE"
"~CAP_SYS_TTY_CONFIG"
"~CAP_SYS_MODULE"
"~CAP_IPC_LOCK"
"~CAP_LINUX_IMMUTABLE"
"~CAP_BLOCK_SUSPEND"
"~CAP_MAC_*"
"~CAP_DAC_*"
"~CAP_FOWNER"
"~CAP_IPC_OWNER"
"~CAP_SYS_PTRACE"
"~CAP_SETUID"
"~CAP_SETGID"
"~CAP_SETPCAP"
"~CAP_FSETID"
"~CAP_SETFCAP"
"~CAP_CHOWN"
];
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectControlGroups = true;
RestrictNamespaces = true;
MemoryDenyWriteExecute = true;
RestrictAddressFamilies = [ "~AF_PACKET" "~AF_NETLINK" ];
ProtectHostname = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateUsers = true;
};
};
systemd.services.nix-daemon = {
serviceConfig = {
ProtectHome = true;
PrivateUsers = false;
};
};
systemd.services.reload-systemd-vconsole-setup = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
PrivateUsers = true;
PrivateDevices = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictNamespaces = true;
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.rescue = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # Might need adjustment for rescue operations
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Networking might be necessary in rescue mode
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny =
"any"; # May need to be relaxed for network troubleshooting in rescue mode
};
};
systemd.services."systemd-ask-password-console" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for console access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # A more permissive filter
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."systemd-ask-password-wall" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # A more permissive filter
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.thermald = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for adjusting cooling policies
ProtectKernelModules = true; # May need adjustment for module control
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May require access to specific hardware devices
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
CapabilityBoundingSet = "";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
DeviceAllow = [ ];
RestrictAddressFamilies = [ ];
};
};
systemd.services."user@1000" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true; # Be cautious, as this may restrict user operations
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on user needs
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.virtlockd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for accessing VM resources
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust as necessary
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need adjustment for network operations
};
};
systemd.services.virtlogd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for accessing VM logs
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter =
[ "@system-service" ]; # Adjust based on log management needs
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny =
"any"; # May need to be relaxed for network-based log collection
};
};
systemd.services.virtlxcd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for container management
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for container user management
PrivateDevices = true; # Containers might require broader device access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked containers
RestrictNamespaces = true;
SystemCallFilter =
[ "@system-service" ]; # Adjust based on container operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
systemd.services.virtqemud = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for VM management
ProtectKernelModules =
true; # May need adjustment for VM hardware emulation
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for VM user management
PrivateDevices = true; # VMs might require broader device access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked VMs
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on VM operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
systemd.services.virtvboxd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Required for some VM management tasks
ProtectKernelModules = true; # May need adjustment for module handling
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for VM user management
PrivateDevices = true; # VMs may require access to certain devices
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked VMs
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on VM operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
}

140
modules/hledger-web.nix
View file

@ -1,140 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let cfg = config.services.hledger-web;
in {
options.services.hledger-web = {
enable = mkEnableOption (lib.mdDoc "hledger-web service");
serveApi = mkEnableOption
(lib.mdDoc "serving only the JSON web API, without the web UI");
host = mkOption {
type = types.str;
default = "127.0.0.1";
description = lib.mdDoc ''
Address to listen on.
'';
};
port = mkOption {
type = types.port;
default = 5000;
example = 80;
description = lib.mdDoc ''
Port to listen on.
'';
};
capabilities = {
view = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Enable the view capability.
'';
};
add = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable the add capability.
'';
};
manage = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable the manage capability.
'';
};
};
stateDir = mkOption {
type = types.path;
default = "/var/lib/hledger-web";
description = lib.mdDoc ''
Path the service has access to. If left as the default value this
directory will automatically be created before the hledger-web server
starts, otherwise the sysadmin is responsible for ensuring the
directory exists with appropriate ownership and permissions.
'';
};
journalFiles = mkOption {
type = types.listOf types.str;
default = [ ".hledger.journal" ];
description = lib.mdDoc ''
Paths to journal files relative to {option}`services.hledger-web.stateDir`.
'';
};
baseUrl = mkOption {
type = with types; nullOr str;
default = null;
example = "https://example.org";
description = lib.mdDoc ''
Base URL, when sharing over a network.
'';
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "--forecast" ];
description = lib.mdDoc ''
Extra command line arguments to pass to hledger-web.
'';
};
};
config = mkIf cfg.enable {
users.users.hledger = {
name = "hledger";
group = "hledger";
isSystemUser = true;
home = cfg.stateDir;
useDefaultShell = true;
};
users.groups.hledger = { };
systemd.services.hledger-web = let
serverArgs = with cfg;
escapeShellArgs ([
"--serve"
"--host=${host}"
"--port=${toString port}"
(optionalString capabilities.add "--allow=add")
(optionalString capabilities.view "--allow=view")
(optionalString capabilities.manage "--allow=edit")
(optionalString (cfg.baseUrl != null) "--base-url=${cfg.baseUrl}")
(optionalString (cfg.serveApi) "--serve-api")
] ++ (map (f: "--file=${stateDir}/${f}") cfg.journalFiles)
++ extraOptions);
in {
description = "hledger-web - web-app for the hledger accounting tool.";
documentation = [ "https://hledger.org/hledger-web.html" ];
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" ];
serviceConfig = mkMerge [
{
ExecStart = "${pkgs.hledger-web}/bin/hledger-web ${serverArgs}";
Restart = "always";
WorkingDirectory = cfg.stateDir;
User = "hledger";
Group = "hledger";
PrivateTmp = true;
}
(mkIf (cfg.stateDir == "/var/lib/hledger-web") {
StateDirectory = "hledger-web";
})
];
};
};
meta.maintainers = with lib.maintainers; [ marijanp erictapen ];
}

10
modules/hyprland/default.nix
View file

@ -1,10 +0,0 @@
{
pkgs,
...
}:
{
config.programs.hyprland.enable = true;
config.environment.systemPackages = [ pkgs.kitty ];
config.environment.sessionVariables.NIXOS_OZONE_WL = "1";
}

8
modules/mosh.nix
View file

@ -1,8 +0,0 @@
{ ... }:
{
programs.mosh = {
enable = true;
openFirewall = true;
};
}

14
modules/nh.nix
View file

@ -1,14 +0,0 @@
{
lib,
...
}:
{
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/alex/src/nixos-config";
};
nix.gc.automatic = lib.mkForce false;
}

21
modules/nix-config.nix
View file

@ -1,13 +1,8 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
nix = { nix = {
package = pkgs.nixVersions.latest; package = pkgs.nixUnstable;
gc = { gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";
@ -16,22 +11,12 @@
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
experimental-features = [ experimental-features = [ "nix-command" "flakes" "repl-flake" ];
"nix-command"
"flakes"
];
warn-dirty = false; warn-dirty = false;
# avoid unwanted garbage collection when using direnv # avoid unwanted garbage collection when using direnv
keep-outputs = true; keep-outputs = true;
keep-derivations = true; keep-derivations = true;
trusted-substituters = [ "https://devenv.cachix.org" ];
trusted-public-keys = [ "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" ];
trusted-users = [
"root"
"alex"
];
}; };
}; };
} }

24
modules/podman/default.nix
View file

@ -1,24 +0,0 @@
{ pkgs, ... }:
{
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Useful other development tools
environment.systemPackages = with pkgs; [
dive # look into docker image layers
podman-tui # status of containers in the terminal
# docker-compose # start group of containers for dev
podman-compose # start group of containers for dev
];
}

15
modules/sudo.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.security.sudo = {
enable = true;
execWheelOnly = true;
extraRules = [{
groups = [ "wheel" ];
commands = [{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}];
}];
};
}

8
modules/tailscale/default.nix
View file

@ -1,8 +0,0 @@
{
...
}:
{
config.services.tailscale.enable = true;
config.services.resolved.enable = true;
}

16
modules/vsftpd/default.nix
View file

@ -1,16 +0,0 @@
{ lib, pkgs, ... }:
{
config.services.vsftpd = {
enable = true;
localUsers = true;
writeEnable = true;
chrootlocalUser = true;
userDbPath = "/etc/vsftpd/users";
enableVirtualUsers = true;
virtualUseLocalPrivs = true;
localRoot = "/var/lib/vsftpd/data";
extraConfig = "local_umask=002";
};
config.networking.firewall.allowedTCPPorts = [ 20 21 ];
}

18
modules/wm/greetd.nix
View file

@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
user = "greeter";
};
};
};
}

22
modules/wm/light.nix
View file

@ -1,22 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.programs.light = { enable = true; };
config.services.actkbd = let light = "${pkgs.light}/bin/light";
in {
enable = true;
bindings = [
{
keys = [ 232 ];
events = [ "key" ];
command = "${light} -U 10";
}
{
keys = [ 233 ];
events = [ "key" ];
command = "${light} -A 10";
}
];
};
}

24
modules/wm/sway.nix
View file

@ -1,24 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
environment.systemPackages = with pkgs; [
grim # screenshot functionality
slurp # screenshot functionality
wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
mako # notification system developed by swaywm maintainer
];
# Enable the gnome-keyring secrets vault.
# Will be exposed through DBus to programs willing to store secrets.
services.gnome.gnome-keyring.enable = true;
# enable Sway window manager
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
}

34
modules/wm/x.nix
View file

@ -1,24 +1,18 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
# Enable the X11 windowing system. # Enable the X11 windowing system.
services = { services = {
dbus = { dbus = { enable = true; };
enable = true;
};
xserver = { xserver = {
enable = true; enable = true;
exportConfiguration = true;
xkb = { # Configure keymap in X11
options = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt"; layout = "us";
layout = "us";
}; xkbOptions = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt";
videoDrivers = [ "nvidia" ]; # "modesetting" ]; videoDrivers = [ "nvidia" ]; # "modesetting" ];
@ -29,14 +23,14 @@
desktopManager.xfce.enable = true; desktopManager.xfce.enable = true;
desktopManager.gnome.enable = true; desktopManager.gnome.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
libinput = { libinput = {
enable = true; enable = true;
touchpad.disableWhileTyping = true; touchpad.disableWhileTyping = true;
touchpad.tapping = false; mouse.naturalScrolling =
mouse.naturalScrolling = config.services.libinput.touchpad.naturalScrolling; config.services.xserver.libinput.touchpad.naturalScrolling;
};
}; };
}; };
} }

4
modules/wm/xmonad/default.nix → modules/wm/xmonad.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
config.services = { services = {
upower.enable = true; upower.enable = true;
xserver = { xserver = {
@ -12,5 +12,5 @@
}; };
}; };
config.systemd.services.upower.enable = true; systemd.services.upower.enable = true;
} }