jakalx/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: jakalx:10b166b4d015c2ce9236b8ec82947b2aa6a61052
Branches Tags
jakalx:main
jakalx:develop
jakalx:feature/hledger-web-module
..
compare: jakalx:686a548e9c2c6f9799916768be62371461f50daf
Branches Tags
jakalx:develop
jakalx:main
jakalx:feature/hledger-web-module

No commits in common. "10b166b4d015c2ce9236b8ec82947b2aa6a61052" and "686a548e9c2c6f9799916768be62371461f50daf" have entirely different histories.
10b166b4d0 ... 686a548e9c

67 changed files with 825 additions and 3497 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc
View file

@ -1 +0,0 @@
use flake

446
flake.lock generated
View file

@ -6,15 +6,14 @@
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
]
},
"locked": {
"lastModified": 1745630506,
"narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
"lastModified": 1701216516,
"narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
"owner": "ryantm",
"repo": "agenix",
"rev": "96e078c646b711aee04b82ba01aefbff87004ded",
"rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
"type": "github"
},
"original": {
@ -47,11 +46,11 @@
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
@ -68,11 +67,11 @@
]
},
"locked": {
"lastModified": 1746695594,
"narHash": "sha256-pAAWYs3S+/tY65vemHZdVSXpeIz4JINEJZoPoBjr8JU=",
"lastModified": 1706302763,
"narHash": "sha256-Le1wk75qlzOSfzDk8vqYxSdoEyr/ORIbMhziltVNGYw=",
"owner": "nix-community",
"repo": "disko",
"rev": "6bb82b77ce140137177e30df067759931ab60a73",
"rev": "f7424625dc1f2e4eceac3009cbd1203d566feebc",
"type": "github"
},
"original": {
@ -81,51 +80,36 @@
"type": "github"
}
},
"distro-grub-themes": {
"emacs": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
"nixpkgs-unstable"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1734806114,
"narHash": "sha256-FWkDtoLMTTk2Lz4d4LkFjtV/xYyIlpwZlX5Np1QhXls=",
"owner": "AdisonCavani",
"repo": "distro-grub-themes",
"rev": "ebbd17419890059e371a6f2dbf2a7e76190327d4",
"lastModified": 1702399955,
"narHash": "sha256-FnB5O1RVFzj3h7Ayf7UxFnOL1gsJuG6gn1LCTd9dKFs=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "47798c4ab07d5f055bb2625010cf6d8e3f384923",
"type": "github"
},
"original": {
"owner": "AdisonCavani",
"repo": "distro-grub-themes",
"owner": "nix-community",
"repo": "emacs-overlay",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
@ -136,14 +120,14 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -152,27 +136,6 @@
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -181,11 +144,31 @@
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager-unstable": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1702538064,
"narHash": "sha256-At5GwJPu2tzvS9dllhBoZmqK6lkkh/sOp2YefWRlaL8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0e2e443ff24f9d75925e91b89d1da44b863734af",
"type": "github"
},
"original": {
@ -201,15 +184,16 @@
]
},
"locked": {
"lastModified": 1746719124,
"narHash": "sha256-KOL73WIjO00ds1oIe+5HAcGcpd/TfE6dymmmYbiSlYM=",
"lastModified": 1702195709,
"narHash": "sha256-+zRjWkm5rKqQ57PuLZ3JF3xi3vPMiOJzItb1m/43Cq4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3c59c5132b64e885faca381e713b579dcbddba75",
"rev": "6761b8188b860f374b457eddfdb05c82eef9752f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
@ -219,14 +203,15 @@
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
]
],
"utils": "utils"
},
"locked": {
"lastModified": 1709445365,
"narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
"lastModified": 1663932797,
"narHash": "sha256-IH8ZBW99W2k7wKLS+Sat9HiKX1TPZjFTnsPizK5crok=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
"rev": "de3758e31a3a1bc79d569f5deb5dac39791bf9b6",
"type": "github"
},
"original": {
@ -245,11 +230,11 @@
"nmt": "nmt"
},
"locked": {
"lastModified": 1705252799,
"narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
"lastModified": 1666720474,
"narHash": "sha256-iWojjDS1D19zpeZXbBdjWb9MiKmVVFQCqtJmtTXgPx8=",
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
"rev": "14876cc8fe94a3d329964ecb073b4c988c7b61f5",
"type": "github"
},
"original": {
@ -265,32 +250,125 @@
"nixpkgs": [
"nixpkgs-droid"
],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd_2"
},
"locked": {
"lastModified": 1720396533,
"narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=",
"lastModified": 1688144254,
"narHash": "sha256-8KL1l/7eP2Zm1aJjdVaSOk0W5kTnJo9kcgW03gqWuiI=",
"owner": "t184256",
"repo": "nix-on-droid",
"rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25",
"rev": "2301e01d48c90b60751005317de7a84a51a87eb6",
"type": "github"
},
"original": {
"owner": "t184256",
"ref": "release-24.05",
"ref": "release-23.05",
"repo": "nix-on-droid",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1746461020,
"narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=",
"lastModified": 1702346276,
"narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae",
"rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-22_11": {
"locked": {
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1704290814,
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-droid": {
"locked": {
"lastModified": 1702350026,
"narHash": "sha256-A+GNZFZdfl4JdDphYKBJ5Ef1HOiFsP18vQe9mqjmUis=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9463103069725474698139ab10f17a9d125da859",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1686921029,
"narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1702221085,
"narHash": "sha256-Br3GCSkkvkmw46cT6wCz6ro2H1WgDMWbKE0qctbdtL0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c2786e7084cbad90b4f9472d5b5e35ecb57958af",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1705316053,
"narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
"type": "github"
},
"original": {
@ -300,76 +378,13 @@
"type": "github"
}
},
"nixpkgs-24_11": {
"locked": {
"lastModified": 1734083684,
"narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"type": "indirect"
}
},
"nixpkgs-docs": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-droid": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1732014248,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
"lastModified": 1670751203,
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
"rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
"type": "github"
},
"original": {
@ -395,25 +410,19 @@
}
},
"nmd_2": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
],
"scss-reset": "scss-reset"
},
"flake": false,
"locked": {
"lastModified": 1705050560,
"narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
"owner": "~rycee",
"lastModified": 1666190571,
"narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
"owner": "rycee",
"repo": "nmd",
"rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
"type": "sourcehut"
"rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
"type": "gitlab"
},
"original": {
"owner": "~rycee",
"owner": "rycee",
"repo": "nmd",
"type": "sourcehut"
"type": "gitlab"
}
},
"nmt": {
@ -432,71 +441,35 @@
"type": "gitlab"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746537231,
"narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "fa466640195d38ec97cf0493d6d6882bc4d14969",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"distro-grub-themes": "distro-grub-themes",
"emacs": "emacs",
"home-manager": "home-manager_2",
"home-manager-unstable": "home-manager-unstable",
"nix-on-droid": "nix-on-droid",
"nixpkgs": "nixpkgs",
"nixpkgs-droid": "nixpkgs-droid",
"pre-commit-hooks": "pre-commit-hooks",
"snm": "snm",
"stable": "stable"
}
},
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1631450058,
"narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
"nixpkgs-unstable": "nixpkgs-unstable",
"snm": "snm"
}
},
"snm": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"nixpkgs-24_11": "nixpkgs-24_11"
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
"utils": "utils_2"
},
"locked": {
"lastModified": 1746637515,
"narHash": "sha256-bUq2uHmsfY3SpJrR4dpncITykufTiD2320JsOKgIYl0=",
"lastModified": 1703666786,
"narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "a7d2b05a9920d90f5eb8076f449acdb6c1ad79ca",
"rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
"type": "gitlab"
},
"original": {
@ -506,22 +479,6 @@
"type": "gitlab"
}
},
"stable": {
"locked": {
"lastModified": 1746557022,
"narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -537,18 +494,33 @@
"type": "github"
}
},
"systems_2": {
"utils": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}

172
flake.nix
View file

@ -1,20 +1,17 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
stable.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-droid.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs-droid.url = "github:NixOS/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
distro-grub-themes = {
url = "github:AdisonCavani/distro-grub-themes";
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
home-manager = {
home-manager-unstable = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# simple mailserver
@ -24,15 +21,15 @@
};
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-24.05";
url = "github:t184256/nix-on-droid/release-23.05";
inputs.nixpkgs.follows = "nixpkgs-droid";
};
# emacs = {
# url = "github:nix-community/emacs-overlay";
# inputs.nixpkgs.follows = "nixpkgs";
# };
#
emacs = {
url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# simplex-chat = {
# url = "github:simplex-chat/simplex-chat";
# inputs.nixpkgs.follows = "nixpkgs";
@ -48,110 +45,51 @@
disko.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
home-manager,
nixpkgs,
stable,
pre-commit-hooks,
...
}@inputs:
{
checks."x86_64-linux" =
let
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
in
{
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
tools.fourmolu = pkgs.haskellPackages.fourmolu;
tools.nixfmt = pkgs.nixfmt-rfc-style;
hooks = {
nixfmt-rfc-style.enable = true;
fourmolu.enable = true;
hpack.enable = true;
hlint.enable = true;
ormolu = {
settings.defaultExtensions = [ "GHC2021" ];
};
};
outputs = { home-manager, nixpkgs, nixpkgs-unstable, ... }@inputs: {
nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = let
postfix-overlay = final: prev: {
postfix = nixpkgs-unstable.legacyPackages."x86_64-linux".postfix;
};
in [
({ inputs, lib, ... }: {
nixpkgs = {
config.allowUnfree = true;
overlays = with inputs; [ emacs.overlay postfix-overlay ];
};
};
nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
})
./hosts/thrall
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alex = import ./home/alex/cli.nix;
}
];
};
nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
inherit system;
};
nixosConfigurations."dregil" = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./hosts/dregil ];
};
nixosConfigurations."igor" = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./hosts/igor ];
};
nixOnDroidConfigurations.default = with inputs;
nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
(
{ inputs, lib, ... }:
{
nixpkgs = {
config.allowUnfree = true;
# overlays = with inputs; [
# emacs.overlay
# ];
};
}
)
./hosts/thrall
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {
inherit inputs;
};
}
{ home-manager.users.alex = ./hosts/thrall/alex.nix; }
./hosts/redmi
{ nix.registry.nixpkgs.flake = nixpkgs-droid; }
{ nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
];
};
nixosConfigurations."dregil" = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
inherit system;
stable = import inputs.stable { system = "x86_64-linux"; };
};
modules = [ ./hosts/dregil ];
};
nixosConfigurations."igor" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [ ./hosts/igor ];
};
nixOnDroidConfigurations.default =
with inputs;
nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs-droid { };
modules = [
./hosts/redmi
{ nix.registry.nixpkgs.flake = nixpkgs-droid; }
{ nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
];
};
devShells."x86_64-linux".default =
let
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
in
pkgs.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
packages = with pkgs; [
nixfmt-rfc-style
nil
];
};
};
};
}

73
home/alex/cli.nix
View file

@ -9,18 +9,11 @@ let
};
myEza = if builtins.hasAttr "eza" pkgs then "eza" else "exa";
in
{
in {
imports = [
./programs/neovim/default.nix
./programs/emacs/default.nix
./programs/editorconfig
./programs/jq
./programs/fzf
./programs/git
./programs/jujutsu
./programs/shell
./programs/devenv.nix
];
programs.home-manager.enable = true;
@ -44,7 +37,7 @@ in
# nix tools
nix-index
nixfmt-rfc-style
nixfmt
# misc
fd # better find
file # info about files
@ -62,19 +55,13 @@ in
shellcheck
editorconfig-core-c
shfmt
(aspellWithDicts (
dicts: with dicts; [
en
en-computers
en-science
de
]
))
(aspellWithDicts (dicts: with dicts; [ en en-computers en-science de ]))
# system tools
htop-vim # htop with vim bindings
erdtree # du+tree had sex
dua # ncdu but better
fzf
gopass
gopass-jsonapi
@ -93,11 +80,7 @@ in
nix-prefetch-git
];
home.extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
home.extraOutputsToInstall = [ "doc" "info" "devdoc" ];
xdg.enable = true;
@ -126,9 +109,7 @@ in
};
programs = {
bash = {
enable = true;
};
bash = { enable = true; };
# better cat
bat.enable = true;
@ -136,21 +117,28 @@ in
# htop replacement with a nice UI
btop.enable = true;
zsh = {
enable = true;
enableAutosuggestions = true;
oh-my-zsh = {
enable = true;
plugins = [ "git" "fzf" "fd" "z" ];
theme = "simple";
};
};
# better ls with icons and stuff, maybe also try lsd
${myEza} = {
enable = true;
icons = "auto";
icons = true;
enableAliases = true;
};
starship = {
enable = true;
};
starship = { enable = true; };
direnv = {
enable = true;
nix-direnv = {
enable = true;
};
nix-direnv = { enable = true; };
enableZshIntegration = true;
enableBashIntegration = true;
};
@ -160,11 +148,18 @@ in
settings.git_protocol = "ssh";
};
git = {
enable = true;
ignores = [ "*~" "*.swp" "result" "dist-newstyle" ];
userEmail = user.mail;
userName = user.fullName;
aliases = { st = "status"; };
extraConfig = { init.defaultBranch = "main"; };
};
gpg = {
enable = true;
settings = {
homedir = "~/.local/share/gnupg";
};
settings = { homedir = "~/.local/share/gnupg"; };
};
helix = {
@ -175,9 +170,7 @@ in
password-store = {
enable = true;
package = pkgs.gopass;
settings = {
PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
};
settings = { PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; };
};
ssh.enable = true;
@ -188,8 +181,8 @@ in
services.gpg-agent = {
enable = true;
enableSshSupport = true;
defaultCacheTtl = 7200;
defaultCacheTtlSsh = 7200;
defaultCacheTtl = 300;
defaultCacheTtlSsh = 300;
};
home.file.".local" = {

21
home/alex/default.nix
View file

@ -1,24 +1,11 @@
{
config,
lib,
pkgs,
inputs,
...
}:
let
electron-overlay = final: prev: { electron = final.electron_25; };
in
{
{ config, lib, pkgs, inputs, ... }:
let electron-overlay = final: prev: { electron = final.electron_25; };
in {
imports = [ ];
users.users."alex" = {
isNormalUser = true;
extraGroups = [
"input"
"networkmanager"
"wheel"
"video"
];
extraGroups = [ "input" "networkmanager" "wheel" ];
description = "Alexander Kobjolke";
home = "/home/alex";
shell = pkgs.zsh;

91
home/alex/home.nix
View file

@ -1,30 +1,9 @@
{
config,
lib,
pkgs,
stable,
...
}:
{ config, lib, pkgs, ... }:
{
imports = [
./cli.nix
./programs/rofi
./programs/xmonad
#./programs/i3
./programs/jitsi-meet
./programs/simplex-chat
./programs/zathura
./programs/autorandr
./services/polybar
./services/dunst
./services/udiskie
# ./services/picom
./services/screen-locker
./services/blueman-applet
./services/network-manager
./services/syncthing
./services/git-sync
./modules/email.nix
# ./programs/xmonad/default.nix
];
home = {
@ -35,40 +14,40 @@
keyboard.layout = "us";
keyboard.variant = "dvorak";
keyboard.options = [
"terminate:ctrl_alt_bksp"
"caps:escape"
"compose:ralt"
];
keyboard.options =
[ "terminate:ctrl_alt_bksp" "caps:escape" "compose:ralt" ];
packages = with pkgs; [
# social
(jitsi-meet-electron.overrideAttrs (prev: rec {
version = "2023.10.0";
src = fetchurl {
url =
"https://github.com/jitsi/jitsi-meet-electron/releases/download/v${version}/jitsi-meet-x86_64.AppImage";
sha256 = "sha256-zhOx/gdsiQMuOCCE5sn+JNu0WJrH36XfvqqNvE24St8=";
name = "jitsi-meet-electron-${version}.AppImage";
};
})) # jitsi as a stand-alone app
discord # talk to other people
google-chrome
# system tools
uhk-agent # my keyboard
mosh # ssh via udp
rclone
parallel-disk-usage
gdu
# gaming support
stable.bottles
wine64Packages.stagingFull
scummvm
lutris
winePackages.stagingFull
# reading
xournalpp # pdf editor
calibre
];
};
news.display = "silent";
my.git-sync.enable = true;
programs = {
alacritty.enable = true;
# autorandr.enable = true;
browserpass = {
enable = true;
@ -80,37 +59,35 @@
enable = true;
package = pkgs.firefox.override {
cfg = {
nativeMessagingHosts.packages = [
pkgs.browserpass
pkgs.tridactyl-native
];
nativeMessagingHosts.packages =
[ pkgs.browserpass pkgs.tridactyl-native ];
enableGnomeExtensions = true;
};
};
};
mpv.enable = true;
rofi.enable = true;
rofi.pass.enable = true;
zathura.enable = true;
zsh =
let
auth-socket-env = ''
export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf -L agent-ssh-socket)"
'';
in
{
enable = true;
loginExtra = auth-socket-env;
initExtra = auth-socket-env;
};
zsh = let
auth-socket-env = ''
export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf -L agent-ssh-socket)"
'';
in {
enable = true;
loginExtra = auth-socket-env;
initExtra = auth-socket-env;
};
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
sshKeys = [ "9027AB16B9A7C20BD29F30F55CBA054430BF014C" ];
extraConfig = ''
pinentry-program ${pkgs.pinentry.qt}/bin/pinentry
'';
};
# services.autorandr = { enable = true; };
xsession.enable = true;
}

55
home/alex/modules/email.nix
View file

@ -1,55 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
mkAccount =
addr:
let
domain = lib.lists.elemAt (lib.strings.splitString "@" addr) 1;
in
{
address = addr;
gpg = {
key = "F2132F0C63730C6BC42BCC2A41A6D13FECA21280";
signByDefault = true;
};
mbsync = {
enable = true;
create = "maildir";
};
passwordCommand = "${lib.getBin pkgs.gopass}/bin/gopass --nosync show -o eMail/${domain}/${addr}";
msmtp.enable = true;
notmuch.enable = true;
realName = "Alexander Kobjolke";
userName = addr;
};
in
{
programs.afew.enable = true;
programs.mbsync.enable = true;
programs.msmtp.enable = true;
programs.notmuch = {
enable = true;
hooks.preNew = "mbsync --all";
};
accounts.email = {
accounts.failco = mkAccount "me@failco.de" // {
primary = true;
imap.host = "thrall.failco.de";
smtp.host = "thrall.failco.de";
};
accounts.jakalx = mkAccount "alex@jakalx.net" // {
imap.host = "thrall.failco.de";
smtp.host = "thrall.failco.de";
};
accounts.google = mkAccount "petry.alexander@gmail.com" // {
flavor = "gmail.com";
};
};
}

12
home/alex/programs/autorandr/default.nix
View file

@ -1,12 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.programs.autorandr = {
enable = true;
};
}

5
home/alex/programs/devenv.nix
View file

@ -1,5 +0,0 @@
{ pkgs, ... }:
{
config.home.packages = [ pkgs.devenv ];
}

10
home/alex/programs/emacs/default.nix
View file

@ -1,13 +1,11 @@
{
pkgs,
...
}:
{ inputs, config, lib, pkgs, ... }:
let
emacsclient-wrapper = pkgs.writeShellScriptBin "e" ''
exec ${pkgs.emacs}/bin/emacsclient --reuse-frame --no-wait "$@"
'';
in
{
in {
nixpkgs.overlays = [ inputs.emacs.overlay ];
home = {
sessionPath = [ "$HOME/.emacs.d/bin" ];
packages = [ emacsclient-wrapper ];

396
home/alex/programs/emacs/doom/config.el
View file

@ -3,18 +3,11 @@
;; Place your private configuration here! Remember, you do not need to run 'doom
;; sync' after modifying this file!
(setq ak/at-work? (getenv "I_AM_AT_WORK"))
;; Some functionality uses this to identify you, e.g. GPG configuration, email
;; clients, file templates and snippets.
(setq! user-full-name "Alexander Kobjolke"
user-mail-address "me@failco.de"
auth-sources '("~/.local/share/emacs/authinfo.gpg" "~/.authinfo.gpg" "~/.netrc")
auth-source-cache-expiry nil)
(when ak/at-work?
(setq! user-mail-address "alexander.kobjolke@atlas-elektronik.com"))
(setq user-full-name "Alexander Kobjolke"
user-mail-address "me@failco.de")
;; Doom exposes five (optional) variables for controlling fonts in Doom. Here
;; are the three important ones:
@ -32,60 +25,38 @@
;; There are two ways to load a theme. Both assume the theme is installed and
;; available. You can either set `doom-theme' or manually load a theme with the
;; `load-theme' function. This is the default:
(setq! doom-theme 'doom-gruvbox)
(setq! doom-localleader-key ",")
(setq! doom-localleader-alt-key "M-,")
(setq doom-theme 'doom-gruvbox)
(require 're-builder)
(setq! reb-re-syntax 'string)
(setq reb-re-syntax 'string)
;; If you use `org' and don't want your org files in the default location below,
;; change `org-directory'. It must be set before org loads!
(setq org-directory "~/org/"
org-roam-directory (file-truename "~/org/notes"))
;; do not create a new workspace for each emacsclient
;; (after! persp-mode
;;   (setq! persp-emacsclient-init-frame-behaviour-override "main"))
(after! persp-mode
  (setq persp-emacsclient-init-frame-behaviour-override "main"))
(after! lsp
(add-to-list 'lsp-file-watch-ignored-directories "[/\\\\]\\.devenv\\'")
(add-to-list 'lsp-file-watch-ignored-directories "[/\\\\]target\\'")
)
(defun set-frame-alpha (arg &optional active)
"Interactively set the transparency of the active frame"
(interactive "nEnter alpha value (1-100): \np")
(let* ((elt (assoc 'alpha default-frame-alist))
(old (frame-parameter nil 'alpha))
(new (cond ((atom old) `(,arg ,arg))
((eql 1 active) `(,arg ,(cadr old)))
(t `(,(car old) ,arg)))))
(if elt (setcdr elt new) (push `(alpha ,@new) default-frame-alist))
(set-frame-parameter nil 'alpha new)))
(defun my/org-id-update-org-roam-files ()
"Update Org-ID locations for all Org-roam files."
(interactive)
(org-id-update-id-locations (org-roam-list-files)))
(defun my/org-id-update-id-current-file ()
"Scan the current buffer for Org-ID locations and update them."
(interactive)
(org-id-update-id-locations (list (buffer-file-name (current-buffer)))))
(setq! undo-limit 80000000 ; Raise undo-limit to 80Mb
auto-save-default t ; Nobody likes to loose work, I certainly don't
;; switch-to-buffer-in-dedicated-window 'pop
;; switch-to-buffer-obey-display-actions t
)
;; tweak some VI defaults
(after! evil
(setq! evil-ex-substitute-global t ; I like my s/../.. to be global by default
evil-move-cursor-back nil ; Don't move the block cursor when toggling insert mode
evil-want-fine-undo t ; By default while in insert all changes are one big blob. Be more granular
evil-want-Y-yank-to-eol t
evil-escape-key-sequence "qq" ; define an escape sequence
evil-escape-delay 0.175
evil-move-beyond-eol t ; let the cursor move beyond eol just as in regular emacs
evil-kill-on-visual-paste nil ; Don't put overwritten text in the kill ring
evil-snipe-override-evil-repeat-keys nil))
(setq undo-limit 80000000 ; Raise undo-limit to 80Mb
evil-want-fine-undo t ; By default while in insert all changes are one big blob. Be more granular
auto-save-default t ; Nobody likes to loose work, I certainly don't
)
;; This determines the style of line numbers in effect. If set to `nil', line
;; numbers are disabled. For relative line numbers, set this to `relative'.
(setq! display-line-numbers-type 'relative)
(setq display-line-numbers-type t)
;; mouse
;; enable mouse reporting for terminal emulators
@ -98,172 +69,82 @@
(interactive)
(scroll-up 1))))
;; disable highlight lines
;(remove-hook 'doom-first-buffer-hook #'global-hl-line-mode)
(setq haskell-process-type 'cabal-new-repl)
(setq evil-snipe-override-evil-repeat-keys nil)
(setq doom-localleader-key ",")
(setq doom-localleader-alt-key "M-,")
(use-package! org
:init
;; If you use `org' and don't want your org files in the default location below,
;; change `org-directory'. It must be set before org loads!
(setq! org-directory "~/org/")
(setq! org-log-into-drawer t
org-agenda-include-diary t
org-agenda-sticky t
org-todo-keywords '(
(sequence "NEXT(n)" "TODO(t)" "WAIT(w@/!)" "|" "DONE(d!)" "CNCL(k@)")
(sequence "[ ](T)" "[-](S)" "[?](W)" "|" "[X](D)")
)
org-tag-alist '(
;; Places
("@home" . ?h)
("@work" . ?w)
:config (setq org-log-into-drawer t
org-todo-keywords '(
(sequence "NEXT(n)" "TODO(t)" "WAIT(w@/!)" "|" "DONE(d!)" "CNCL(k@)")
(sequence "[ ](T)" "[-](S)" "[?](W)" "|" "[X](D)")
)))
;; devices
("@phone" . ?p)
("@computer" . ?c)
(use-package! org-ql)
;;
("@email" . ?e)
))
:config
(use-package! org-ql)
(use-package! org-modern)
(use-package! org-bookmark-heading)
(add-hook! 'org-mode-hook #'+org-init-keybinds-h))
(use-package! org-contacts
:after org
:custom (org-contacts-files '("~/org/contacts.org")))
(use-package! activities
:demand t
:config
(defun ak/activities-define--with-prefix-arg ()
"Call 'C-u activities-define' in order to save the current activity."
(interactive)
(let ((current-prefix-arg '(4)))
(call-interactively #'activities-define)))
(activities-mode)
(activities-tabs-mode)
(setopt tab-bar-show 1)
(map!
(:prefix-map ("C-c a" . "Activities")
:desc "Switch activity" "a" #'activities-switch
:desc "Resume activity" "r" #'activities-resume
:desc "Create new activity" "n" #'activities-new
:desc "List activities" "l" #'activities-list
:desc "Save current activity " "s" #'ak/activities-define--with-prefix-arg
:desc "Save all activities" "S" #'activities-save-all
:desc "Revert activity to default" "R" #'activities-revert
)
)
)
(when ak/at-work?
(after! forge
(add-to-list 'forge-alist '("gitlab.atlas.de" "gitlab.atlas.de/api/v4" "gitlab.atlas.de" forge-gitlab-repository)))
(after! haskell-mode
(setq haskell-process-type 'cabal-new-repl))
(setq! plantuml-jar-path "~/opt/plantuml.jar")
(setq! org-plantuml-jar-path plantuml-jar-path)
(after! lsp
(add-to-list 'lsp-disabled-clients 'cmakels))
(add-to-list '+format-on-save-disabled-modes 'cmake-mode)
(add-to-list '+format-on-save-disabled-modes 'nxml-mode)
(use-package! code-review
:init
(setq code-review-auth-login-marker 'forge)
;; (setq code-review-gitlab-host "gitlab.atlas.de/api")
;; (setq code-review-gitlab-graphql-host "gitlab.atlas.de/api")
:config
(add-hook 'code-review-mode-hook
(lambda ()
;; include *Code-Review* buffer into current workspace
(persp-add-buffer (current-buffer))))))
(after! magit
(transient-append-suffix 'magit-fetch "-t"
'("-f" "Bypass safety checks" "--force"))
)
(use-package! elfeed-web)
(setq ak/bibliography (list (concat org-directory "references.bib")))
;; (setq org-cite-global-bibliography (list (concat org-directory "references.bib")))
;(setq org-cite-global-bibliography (list (concat org-directory "references.bib")))
(setq! bibtex-completion-bibliography ak/bibliography)
(setq! citar-bibliography ak/bibliography)
(after! ledger-mode
(setq!
;; Use an ISO date format for ledger entries
ledger-default-date-format "%Y-%m-%d"
ledger-binary-path "hledger"
ledger-report-auto-width nil
ledger-mode-should-check-version nil
ledger-init-file-name " "
ledger-post-amount-alignment-column 58
ledger-report-native-highlighting-arguments '("--color=always")
ledger-highlight-xact-under-point t)
;; Use an ISO date format for ledger entries
(setq ledger-default-date-format "%Y-%m-%d"
ledger-binary-path "hledger"
ledger-report-auto-width nil
ledger-mode-should-check-version nil
ledger-init-file-name " "
ledger-post-amount-alignment-column 58
ledger-report-native-highlighting-arguments '("--color=always")
ledger-highlight-xact-under-point t)
(setq! ledger-reports
'(("bal" "%(binary) -f %(ledger-file) bal -B")
("reg" "%(binary) -f %(ledger-file) reg -B")
("payee" "%(binary) -f %(ledger-file) reg -B @%(payee)")
("account" "%(binary) -f %(ledger-file) reg -B %(account)"))) )
(setq ledger-reports
'(("bal" "%(binary) -f %(ledger-file) bal -B")
("reg" "%(binary) -f %(ledger-file) reg -B")
("payee" "%(binary) -f %(ledger-file) reg -B @%(payee)")
("account" "%(binary) -f %(ledger-file) reg -B %(account)")))
;; (use-package! ormolu
;; :hook (haskell-mode . ormolu-format-on-save-mode)
;; :bind
;; (:map haskell-mode-map
(after! lsp-haskell
(setq lsp-haskell-formatting-provider "fourmolu")
(setq lsp-haskell-formatting-provider "fourmolu"))
;; will define elisp functions for the given lsp code actions, prefixing the
;; given function names with "lsp"
(lsp-make-interactive-code-action wingman-fill-hole "refactor.wingman.fillHole")
(lsp-make-interactive-code-action wingman-case-split "refactor.wingman.caseSplit")
(lsp-make-interactive-code-action wingman-refine "refactor.wingman.refine")
(lsp-make-interactive-code-action wingman-split-func-args "refactor.wingman.spltFuncArgs")
(lsp-make-interactive-code-action wingman-use-constructor "refactor.wingman.useConstructor")
;; tweak some VI defaults
(after! evil
(setq evil-ex-substitute-global t ; I like my s/../.. to by global by default
evil-move-cursor-back nil ; Don't move the block cursor when toggling insert mode
evil-kill-on-visual-paste nil)) ; Don't put overwritten text in the kill ring
;; example key bindings
;; (define-key haskell-mode-map (kbd "C-c d") #'lsp-wingman-case-split)
;; (define-key haskell-mode-map (kbd "C-c n") #'lsp-wingman-fill-hole)
;; (define-key haskell-mode-map (kbd "C-c r") #'lsp-wingman-refine)
;; (define-key haskell-mode-map (kbd "C-c c") #'lsp-wingman-use-constructor)
;; (define-key haskell-mode-map (kbd "C-c a") #'lsp-wingman-split-func-args)
)
(setq org-gtd-update-ack "3.0.0")
;; Org GTD support
(use-package! org-gtd
:after org
:demand t
:init
(setq! org-gtd-update-ack "3.0.0")
:config
(setf org-gtd-id--generate #'org-id-get-create)
(setq! org-gtd-directory org-directory)
(setq! org-gtd-default-file-name "actionable")
(setq! org-gtd-refile-to-any-target nil)
(setq! org-gtd-engage-prefix-width 40)
(setq! org-edna-use-inheritance t)
;; (setq org-gtd-areas-of-focus '("house" "haskell" "foss"))
(setq org-gtd-organize-hooks nil)
(setq org-gtd-directory "~/org")
(setq org-gtd-default-file-name "actionable")
(setq org-edna-use-inheritance t)
;(setq org-gtd-areas-of-focus '("house" "haskell" "foss"))
;(setq org-gtd-organize-hooks '(org-gtd-set-area-of-focus org-set-tags-command))
(org-edna-mode)
(map! :leader
:desc "Capture" "X" #'org-gtd-capture
(:prefix-map ("d" . "GTD")
(:prefix ("d" . "org-gtd")
:desc "Capture" "c" #'org-gtd-capture
:desc "Engage" "e" #'org-gtd-engage
:desc "Engage Context" "@" #'org-gtd-engage-grouped-by-context
:desc "Engage" "e" #'org-gtd-engage-grouped-by-context
:desc "Process inbox" "p" #'org-gtd-process-inbox
:desc "Show all next" "n" #'org-gtd-show-all-next
:desc "Fix project" "f" #'org-gtd-projects-fix-todo-keywords-for-project-at-point
(:prefix-map ("r" . "Review")
(:prefix ("r" . "Review")
:desc "Stuck projects" "p" #'org-gtd-review-stuck-projects
:desc "Stuck actions" "a" #'org-gtd-review-stuck-single-action-items
:desc "Stuck habits" "h" #'org-gtd-review-stuck-habit-items
@ -271,51 +152,59 @@
))
(map! :map org-gtd-clarify-map
:desc "Organize this item" "C-c C-c" #'org-gtd-organize)
(map! (:prefix-map ("C-c d" . "GTD")
:desc "Capture" "c" #'org-gtd-capture
:desc "Engage" "e" #'org-gtd-engage
:desc "Engage Context" "@" #'org-gtd-engage-grouped-by-context
:desc "Process inbox" "p" #'org-gtd-process-inbox
:desc "Show all next" "n" #'org-gtd-show-all-next
:desc "Fix project" "f" #'org-gtd-projects-fix-todo-keywords-for-project-at-point
(:prefix-map ("r" . "Review")
:desc "Stuck projects" "p" #'org-gtd-review-stuck-projects
:desc "Stuck actions" "a" #'org-gtd-review-stuck-single-action-items
:desc "Stuck habits" "h" #'org-gtd-review-stuck-habit-items))))
:bind
(("C-c d c" . #'org-gtd-capture)
("C-c d e" . #'org-gtd-engage-grouped-by-context)
("C-c d p" . #'org-gtd-process-inbox)
("C-c d n" . #'org-gtd-show-all-next)
("C-c d r p" . #'org-gtd-review-stuck-projects))
)
(after! org-habit
(setq org-habit-show-habits t
org-habit-preceding-days 35
org-habit-following-days 7))
(defun ak/org-roam-node-insert-immediate (arg &rest args)
(interactive "P")
(let ((args (cons arg args))
(org-roam-capture-templates (list (append (car org-capture-templates) '(:immediate-finish t))))
)
(apply #'org-roam-node-insert args)))
(use-package! org-habit
:after org
:config (setq org-habit-show-habits t
org-habit-preceding-days 35
org-habit-following-days 7
)
)
(use-package! org-edna
:after org-gtd
:init
(setq org-edna-use-inheritance t)
:config
(org-edna-mode 1))
(org-edna-mode 1)
)
(use-package! emacsql-sqlite3
:custom
(org-roam-database-connector 'sqlite3))
(use-package! nov
:mode ("\\.epub\\'" . nov-mode)
:config
(setq nov-save-place-file (concat doom-cache-dir "nov-places")))
(use-package! protobuf-mode
:mode ("\\.proto\\'" . protobuf-mode))
(use-package! systemd
:mode ("\\.\\(service\\|target\\|socket\\|timer\\)\\'" . systemd-mode))
(use-package! org-present
:after org)
(use-package! denote
:after org
:config
(setq! denote-directory (concat org-directory "/notes"))
(setq denote-directory (concat org-directory "/notes")
)
(map! :leader
(:prefix-map ("n" . "notes")
:desc "Denote" "d" #'denote-open-or-create-with-command
(:prefix ("n" . "notes")
:desc "Denote" "d" #'denote-open-or-create-with-command
))
:bind
(("C-c n d" . #'denote-open-or-create-with-command))
@ -324,61 +213,56 @@
(use-package! org-super-agenda
:after org-agenda
:init
(setq! org-agenda-skip-deadline-if-done t
org-agenda-skip-scheduled-if-done t
org-agenda-include-deadlines t
org-agenda-block-separator nil
org-agenda-compact-blocks t
org-agenda-start-day nil
org-agenda-span 1
org-agenda-start-on-weekday nil)
(setq! org-agenda-custom-commands
'(("a" "Getting Things done"
((agenda "" ((org-agenda-overriding-header "")
(setq org-agenda-skip-deadline-if-done t
org-agenda-skip-scheduled-if-done t
org-agenda-include-deadlines t
org-agenda-block-separator nil
org-agenda-compact-blocks t
org-agenda-start-day nil
org-agenda-span 1
org-agenda-start-on-weekday nil
)
(setq org-agenda-custom-commands
'(("a" "Getting Things done"
((agenda "" ((org-agenda-overriding-header "")
(org-super-agenda-groups
'((:name "Today"
:time-grid t
:date today
:order 1)))))
(alltodo "" ((org-agenda-overriding-header "")
(org-super-agenda-groups
'((:name "Today"
:time-grid t
:date today
:order 1)))))
(alltodo "" ((org-agenda-overriding-header "")
(org-super-agenda-groups
'(;(:log t)
(:name "Waiting for..."
:todo "WAIT"
:order 1)
(:discard (:not (:todo ("NEXT" "STRT"))))
(:name "Next actions"
:auto-parent (:todo ("NEXT" "STRT"))
:order 2
)
(:discard (:anything t)
:order 99)
))))
))))
'(;(:log t)
(:name "Waiting for..."
:todo "WAIT"
:order 1)
(:discard (:not (:todo ("NEXT" "START"))))
(:name "Next actions"
:auto-parent (:todo ("NEXT" "STRT"))
:order 2
)
(:discard (:anything t)
:order 99)
))))
))))
:config
(org-super-agenda-mode)
)
(use-package! org-fc
:after org straight
:config
(setq! org-fc-directories (concat org-directory "/cards"))
(setq! org-fc-source-path (concat straight-base-dir "repos/org-fc"))
:after org
:init
(setq org-fc-directories (concat org-directory "/cards"))
)
(after! vterm
(use-package! vterm
:config
(setq vterm-min-window-width 50)
)
(use-package! consult-denote
:after denote)
(use-package! cov)
(use-package! casual-suite)
(map! :desc "Move workspace to the left" :leader :n "TAB <" #'+workspace/swap-left)
(map! :desc "Move workspace to the left" :leader :n "TAB >" #'+workspace/swap-right)
(map! :desc "Denote" :leader :n "n d" #'denote)
;; Here are some additional functions/macros that could help you configure Doom:
;;

74
home/alex/programs/emacs/doom/init.el
View file

@ -20,18 +20,17 @@
;;layout ; auie,ctsrnm is the superior home row
:completion
;; company ; the ultimate code completion backend
company ; the ultimate code completion backend
;;helm ; the *other* search engine for love and life
;;ido ; the other *other* search engine...
;;ivy ; a search engine for love and life
(vertico +orderless +icons) ; the search engine of the future
(corfu +orderless +icons +dabbrev)
(vertico +icons) ; the search engine of the future
:ui
;;deft ; notational velocity for Emacs
doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs
doom-quit ; DOOM quit-message prompts when you quit Emacs
;;doom-quit ; DOOM quit-message prompts when you quit Emacs
(emoji +unicode +github +ascii) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;hydra
@ -46,7 +45,7 @@
;;tabs ; a tab bar for Emacs
;;treemacs ; a project drawer, like neotree but cooler
unicode ; extended unicode support for various languages
(vc-gutter +diff-hl) ; vcs diff in the fringe
vc-gutter ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB
(window-select +numbers) ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces
@ -58,11 +57,10 @@
fold ; (nigh) universal code folding
(format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys
;; lispy ; vim for lisp, for people who don't like vim
multiple-cursors
; editing in many places at once
;;lispy ; vim for lisp, for people who don't like vim
multiple-cursors ; editing in many places at once
;;objed ; text object editing for the innocent
;; parinfer ; turn lisp into python, sort of
;;parinfer ; turn lisp into python, sort of
rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to
word-wrap ; soft wrapping with language-aware indent
@ -90,13 +88,13 @@
biblio ; Writes a PhD for you (citation needed)
(debugger +lsp) ; FIXME stepping through code, to help you add bugs
direnv
(docker +lsp)
;;docker
editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls)
;;gist ; interacting with github gists
lookup ; navigate your code and its documentation
(lsp) ; M-x vscode
lsp ; M-x vscode
(magit +forge) ; a git porcelain for Emacs
make ; run make tasks from Emacs
pass ; password manager for nerds
@ -104,9 +102,9 @@
;;prodigy ; FIXME managing external services & code builders
;;rgb ; creating color strings
;;taskrunner ; taskrunner for all your projects
;;terraform ; infrastructure as code
tmux ; an API for interacting with tmux
tree-sitter
(terraform +lsp) ; infrastructure as code
;;upload ; map local to remote projects via ssh/ftp
:os
@ -116,69 +114,69 @@
:lang
;;agda ; types of types of types of types...
;;beancount ; mind the GAAP
(cc +lsp +tree-sitter) ; C > C++ == 1
(cc +lsp) ; C > C++ == 1
;;clojure ; java with a lisp
common-lisp ; if you've seen one lisp, you've seen them all
;;common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c
;;csharp ; unity, .NET, and mono shenanigans
data ; config/data formats
;;(dart +flutter) ; paint ui and not much else
;;dhall
(elixir +lsp +tree-sitter) ; erlang done right
(elm +lsp +tree-sitter) ; care for a cup of TEA?
;;elixir ; erlang done right
(elm +lsp) ; care for a cup of TEA?
emacs-lisp ; drown in parentheses
(erlang +lsp +tree-sitter) ; an elegant language for a more civilized age
;;erlang ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics
;;factor
;;faust ; dsp, but you get to keep your soul
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
(go +lsp +tree-sitter) ; the hipster dialect
(go +lsp) ; the hipster dialect
(graphql +lsp) ; Give queries a REST
(haskell +lsp +tree-sitter) ; a language that's lazier than I am
(haskell +lsp) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on
(json +lsp +tree-sitter) ; At least it ain't XML
json ; At least it ain't XML
(java +lsp +tree-sitter) ; the poster child for carpal tunnel syndrome
javascript ; all(hope(abandon(ye(who(enter(here))))))
;;julia ; a better, faster MATLAB
(kotlin +lsp) ; a better, slicker Java(Script)
;;kotlin ; a better, slicker Java(Script)
latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove
ledger ; be audit you can be
(lua +lsp +tree-sitter) ; one-based indices? one-based indices
(markdown +grip) ; writing docs for people to ignore
lua ; one-based indices? one-based indices
markdown ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c
(nix +lsp +tree-sitter) ; I hereby declare "nix geht mehr!"
nix ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel
(org +pandoc +present +gnuplot +noter) ; organize your plain life in plain text
(org +roam2 +pandoc +present +gnuplot +noter) ; organize your plain life in plain text
;;php ; perl's insecure younger brother
plantuml ; diagrams for confusing people more
(purescript +lsp) ; javascript, but functional
(python +lsp +tree-sitter +pyenv) ; beautiful is better than ugly
;;purescript ; javascript, but functional
python ; beautiful is better than ugly
qt ; the 'cutest' gui framework ever
(racket +lsp +xp) ; a DSL for DSLs
;;racket ; a DSL for DSLs
;;raku ; the artist formerly known as perl6
(rest +jq) ; Emacs as a REST client
rest ; Emacs as a REST client
;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
(rust +lsp +tree-sitter) ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
(rust +lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps
(sh +lsp +tree-sitter) ; she sells {ba,z,fi}sh shells on the C xor
sh ; she sells {ba,z,fi}sh shells on the C xor
;;sml
;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance.
(web +lsp +tree-sitter) ; the tubes
(yaml +lsp +tree-sitter) ; JSON, but readable
(zig +lsp +tree-sitter) ; C, but simpler
;;web ; the tubes
yaml ; JSON, but readable
;;zig ; C, but simpler
:email
;; (mu4e +org +gmail)
(notmuch +org +afew)
(mu4e +org +gmail)
;;notmuch
;;(wanderlust +gmail)
:app
@ -192,3 +190,7 @@
:config
;;literate
(default +bindings +smartparens))
(setq native-comp-deferred-compilation nil)
(after! (doom-packages straight)
(setq straight--native-comp-available t))

16
home/alex/programs/emacs/doom/packages.el
View file

@ -53,9 +53,6 @@
;; :recipe (:host github :repo "username/repo"
;; :files ("some-file.el" "src/lisp/*.el")))
(unpin! compat)
;(unpin! with-editor ghub)
(package! ormolu)
(package! org-gtd
:recipe (:host github :repo "Trevoke/org-gtd.el" :branch "master"))
@ -70,16 +67,5 @@
(package! org-present)
(package! denote)
(package! org-super-agenda)
(package! org-modern)
(package! org-ql)
(package! org-contacts)
(package! org-bookmark-heading)
(package! activities
:recipe (:host github :repo "alphapapa/activities.el" :branch "master"))
;; (package! elfeed-web)
(package! systemd)
(package! protobuf-mode)
(package! cov)
(package! modus-themes)
(package! consult-denote)
(package! casual-suite)
(package! elfeed-web)

5
home/alex/programs/fzf/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
programs.fzf = { enable = true; };
}

64
home/alex/programs/git/default.nix
View file

@ -1,64 +0,0 @@
{ config, lib, pkgs, ... }:
{
programs.git = {
enable = true;
lfs.enable = true;
ignores = [
"*~"
"*.swp"
"result"
"dist-newstyle"
".direnv"
"*.bak"
".pre-commit-config.yaml"
];
signing = {
key = "41A6D13FECA21280";
signByDefault = false;
};
delta = { enable = true; };
# TODO create option for my own account meta data
userEmail = "me@failco.de";
userName = "Alexander Kobjolke";
extraConfig = {
pull = { rebase = true; };
merge = { conflictstyle = "diff3"; };
submodule = { recurse = true; };
};
aliases = {
a = "add";
c = "commit";
ca = "commit --amend";
can = "commit --amend --no-edit";
cl = "clone";
cm = "commit -m";
co = "checkout";
cp = "cherry-pick";
cpx = "cherry-pick -x";
d = "diff";
f = "fetch";
fo = "fetch origin";
fu = "fetch upstream";
lol = "log --graph --decorate --pretty=oneline --abbrev-commit";
lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";
pl = "pull";
pr = "pull -r";
ps = "push";
psf = "push -f";
rb = "rebase";
rbi = "rebase -i";
r = "remote";
ra = "remote add";
rr = "remote rm";
rv = "remote -v";
rs = "remote show";
st = "status";
};
extraConfig = { init.defaultBranch = "main"; };
};
programs.git-cliff = { enable = true; };
}

15
home/alex/programs/i3/default.nix
View file

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.xsession.windowManager.i3 = {
enable = true;
config = {
modifier = "Mod4";
};
};
}

11
home/alex/programs/jitsi-meet/default.nix
View file

@ -1,11 +0,0 @@
{
config,
lib,
pkgs,
stable,
...
}:
{
config.home.packages = [ stable.jitsi-meet-electron ];
}

12
home/alex/programs/jq/default.nix
View file

@ -1,12 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs.jq = {
enable = true;
};
}

21
home/alex/programs/jujutsu/default.nix
View file

@ -1,21 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs.jujutsu = {
enable = true;
settings = {
user.name = config.programs.git.userName;
user.email = config.programs.git.userEmail;
ui.default-command = "log";
aliases.init = [
"git"
"init"
];
};
};
}

20
home/alex/programs/rofi/default.nix
View file

@ -1,20 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.programs.rofi = {
enable = true;
plugins = with pkgs; [ rofi-calc rofi-emoji ];
terminal = "${pkgs.alacritty}/bin/alacritty";
theme = ./themes/gruvbox-dark-soft.rasi;
pass = {
enable = true;
stores = [ config.programs.password-store.settings.PASSWORD_STORE_DIR ];
extraConfig = ''
default_user=:filename
'';
};
};
# let rofi insert emojis directly
config.home.packages = [ pkgs.xdotool ];
}

191
home/alex/programs/rofi/themes/gruvbox-dark-soft.rasi
View file

@ -1,191 +0,0 @@
/* ==========================================================================
Rofi color theme
Based on the Gruvbox color scheme for Vim by morhetz
https://github.com/morhetz/gruvbox
File: gruvbox-dark-soft.rasi
Desc: Gruvbox dark (soft contrast) color theme for Rofi
Author: bardisty <b@bah.im>
Source: https://github.com/bardisty/gruvbox-rofi
Modified: Mon Feb 12 2018 06:04:37 PST -0800
========================================================================== */
* {
/* Theme settings */
highlight: bold italic;
scrollbar: true;
/* Gruvbox dark colors */
gruvbox-dark-bg0-soft: #32302f;
gruvbox-dark-bg1: #3c3836;
gruvbox-dark-bg3: #665c54;
gruvbox-dark-fg0: #fbf1c7;
gruvbox-dark-fg1: #ebdbb2;
gruvbox-dark-red-dark: #cc241d;
gruvbox-dark-red-light: #fb4934;
gruvbox-dark-yellow-dark: #d79921;
gruvbox-dark-yellow-light: #fabd2f;
gruvbox-dark-gray: #a89984;
/* Theme colors */
background: @gruvbox-dark-bg0-soft;
background-color: @background;
foreground: @gruvbox-dark-fg1;
border-color: @gruvbox-dark-gray;
separatorcolor: @border-color;
scrollbar-handle: @border-color;
normal-background: @background;
normal-foreground: @foreground;
alternate-normal-background: @gruvbox-dark-bg1;
alternate-normal-foreground: @foreground;
selected-normal-background: @gruvbox-dark-bg3;
selected-normal-foreground: @gruvbox-dark-fg0;
active-background: @gruvbox-dark-yellow-dark;
active-foreground: @background;
alternate-active-background: @active-background;
alternate-active-foreground: @active-foreground;
selected-active-background: @gruvbox-dark-yellow-light;
selected-active-foreground: @active-foreground;
urgent-background: @gruvbox-dark-red-dark;
urgent-foreground: @background;
alternate-urgent-background: @urgent-background;
alternate-urgent-foreground: @urgent-foreground;
selected-urgent-background: @gruvbox-dark-red-light;
selected-urgent-foreground: @urgent-foreground;
}
/* ==========================================================================
File: gruvbox-common.rasi
Desc: Shared rules between all gruvbox themes
Author: bardisty <b@bah.im>
Source: https://github.com/bardisty/gruvbox-rofi
Modified: Mon Feb 12 2018 06:06:47 PST -0800
========================================================================== */
window {
background-color: @background;
border: 2;
padding: 2;
}
mainbox {
border: 0;
padding: 0;
}
message {
border: 2px 0 0;
border-color: @separatorcolor;
padding: 1px;
}
textbox {
highlight: @highlight;
text-color: @foreground;
}
listview {
border: 2px solid 0 0;
padding: 2px 0 0;
border-color: @separatorcolor;
spacing: 2px;
scrollbar: @scrollbar;
}
element {
border: 0;
padding: 2px;
}
element.normal.normal {
background-color: @normal-background;
text-color: @normal-foreground;
}
element.normal.urgent {
background-color: @urgent-background;
text-color: @urgent-foreground;
}
element.normal.active {
background-color: @active-background;
text-color: @active-foreground;
}
element.selected.normal {
background-color: @selected-normal-background;
text-color: @selected-normal-foreground;
}
element.selected.urgent {
background-color: @selected-urgent-background;
text-color: @selected-urgent-foreground;
}
element.selected.active {
background-color: @selected-active-background;
text-color: @selected-active-foreground;
}
element.alternate.normal {
background-color: @alternate-normal-background;
text-color: @alternate-normal-foreground;
}
element.alternate.urgent {
background-color: @alternate-urgent-background;
text-color: @alternate-urgent-foreground;
}
element.alternate.active {
background-color: @alternate-active-background;
text-color: @alternate-active-foreground;
}
scrollbar {
width: 4px;
border: 0;
handle-color: @scrollbar-handle;
handle-width: 8px;
padding: 0;
}
mode-switcher {
border: 2px 0 0;
border-color: @separatorcolor;
}
inputbar {
spacing: 0;
text-color: @normal-foreground;
padding: 2px;
children: [ prompt, textbox-prompt-sep, entry, case-indicator ];
}
case-indicator,
entry,
prompt,
button {
spacing: 0;
text-color: @normal-foreground;
}
button.selected {
background-color: @selected-normal-background;
text-color: @selected-normal-foreground;
}
textbox-prompt-sep {
expand: false;
str: ":";
text-color: @normal-foreground;
margin: 0 0.3em 0 0;
}
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}

28
home/alex/programs/shell/default.nix
View file

@ -1,28 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
home.shellAliases = {
suspend = "systemctl hibernate";
nrs = "sudo nixos-rebuild switch --flake ~/src/nixos-config";
nrb = "sudo nixos-rebuild build --flake ~/src/nixos-config";
};
programs.zsh = {
enable = true;
autosuggestion.enable = true;
oh-my-zsh = {
enable = true;
plugins = [
"git"
"fzf"
"z"
];
theme = "simple";
};
};
}

5
home/alex/programs/simplex-chat/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.home.packages = [ pkgs.simplex-chat-desktop ];
}

214
home/alex/programs/xmonad/config.hs
View file

@ -1,157 +1,77 @@
import XMonad
import XMonad.Actions.CycleWS qualified as WS
import XMonad.Actions.Navigation2D (navigation2DP, windowGo, windowSwap)
import XMonad.Hooks.EwmhDesktops
import XMonad.Hooks.ManageDocks qualified as Docks
import XMonad.Hooks.ManageHelpers (doCenterFloat, doFullFloat, isDialog, isFullscreen)
import XMonad.Hooks.SetWMName
import XMonad.Layout.BinarySpacePartition
import XMonad.Layout.BorderResize (borderResize)
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Hooks.DynamicLog
import XMonad.Hooks.ManageDocks
import XMonad.Hooks.ManageHelpers
import XMonad.Hooks.StatusBar
import XMonad.Hooks.StatusBar.PP
import XMonad.Util.EZConfig
import XMonad.Util.Loggers
import XMonad.Util.Ungrab
import XMonad.Layout.Magnifier
import XMonad.Layout.ThreeColumns
import XMonad.Layout.ToggleLayouts (ToggleLayout (..), toggleLayouts)
import XMonad.ManageHook (doFloat)
import XMonad.StackSet as W
import XMonad.Util.EZConfig qualified as EZ
import XMonad.Util.NamedScratchpad
import XMonad.Util.Ungrab (unGrab)
import XMonad.Util.WorkspaceCompare qualified as WS
import Control.Monad (when)
import Numeric.Natural
import System.Environment (getArgs)
import System.FilePath ((</>))
import System.Info (arch, os)
import System.Posix.Process (executeFile)
import Text.Printf (printf)
import XMonad.Hooks.EwmhDesktops
compiledConfig = printf "xmonad-%s-%s" arch os
compileRestart resume = do
dirs <- asks directories
whenX (recompile dirs True) $ do
when resume writeStateToFile
catchIO
( do
args <- getArgs
executeFile (cacheDir dirs </> compiledConfig) False args Nothing
)
myLayout = smartBorders . borderResize . Docks.avoidStruts $ toggleLayouts Full emptyBSP
main :: IO ()
main = getDirectories >>= launch myConfig
main = xmonad
. ewmhFullscreen
. ewmh
. withEasySB (statusBarProp "xmobar" (pure myXmobarPP)) defToggleStrutsKey
$ myConfig
-- change size of window using direction so that it can be used together with the navigation2D function
-- see: similar to windowGo and windowSwap
windowMoveSplit :: Direction2D -> Bool -> X ()
windowMoveSplit direction _ = sendMessage $ MoveSplit direction
data VolumeCommand
= ToggleVolume
| LowerVolume Natural
| RaiseVolume Natural
interpretVolumeCommand :: VolumeCommand -> String
interpretVolumeCommand command = "amixer -q set Master " <> cmd
where
cmd = case command of
ToggleVolume -> "toggle"
LowerVolume delta -> show delta <> "%-"
RaiseVolume delta -> show delta <> "%+"
changeVolume :: VolumeCommand -> X ()
changeVolume = spawn . interpretVolumeCommand
myWorkspaceFilter :: X WS.WorkspaceSort
myWorkspaceFilter = do
sortXineramaAware <- WS.getSortByXineramaRule
pure $ sortXineramaAware . WS.filterOutWs [scratchpadWorkspaceTag]
scratchpads =
[ NS
"notes"
"emacsclient -c -F '((name . \"gtd\"))'"
(resource =? "gtd")
doCenterFloat
, -- (customFloating $ W.RationalRect (1/6) (1/6) (2/3) (2/3))
NS
"shell"
"alacritty --class scratchpad"
(resource =? "scratchpad")
(customFloating $ W.RationalRect (1 / 6) (1 / 6) (2 / 3) (2 / 3))
myConfig = def
{ modMask = mod4Mask -- Rebind Mod to the Super key
, layoutHook = myLayout -- Use custom layouts
, manageHook = myManageHook -- Match on certain windows
}
`additionalKeysP`
[ ("M-S-z", spawn "xscreensaver-command -lock")
, ("M-C-s", unGrab *> spawn "scrot -s" )
, ("M-f" , spawn "firefox" )
]
myConfig =
addEwmhWorkspaceSort myWorkspaceFilter
. ewmhFullscreen
. ewmh
. Docks.docks
. nav
$ def
{ modMask = mod4Mask -- Use Super instead of Alt
, terminal = "alacritty"
, layoutHook = myLayout
, handleEventHook = handleEventHook def <+> fullscreenEventHook
, -- this seems to be necessary to make java gui applications work :(
startupHook = ewmhDesktopsStartup >> setWMName "LG3D"
, manageHook =
mconcat
[ namedScratchpadManageHook scratchpads
, isDialog --> doFloat
, isFullscreen --> doFullFloat
, className =? "steam_proton" --> doFloat
, manageHook def
]
}
`EZ.additionalKeysP` [ ("M-S-z", spawn "xscreensaver-command -lock")
, ("M-S-r", compileRestart True)
, ("M-S-q", restart "xmonad" True)
, ("M-C-s", unGrab *> spawn "scrot -s")
, ("M-S-s", sendMessage Docks.ToggleStruts)
, ("M-f", sendMessage (Toggle "Full"))
, ("M-p", spawn appLauncher)
, ("M-i", spawn passLauncher)
, ("M-w", kill)
, ("M-l", WS.toggleWS)
, ("M-g", WS.prevWS)
, ("M-C-g", WS.swapPrevScreen)
, ("M-S-g", WS.shiftPrevScreen)
, ("M-r", WS.nextWS)
, ("M-C-r", WS.swapNextScreen)
, ("M-S-r", WS.shiftNextScreen)
, -- scratchpads
("M-s M-t", namedScratchpadAction scratchpads "shell")
, ("M-s M-s", namedScratchpadAction scratchpads "notes")
, -- backlight control
("<XF86MonBrightnessDown>", spawn "xbacklight -dec 5")
, ("<XF86MonBrightnessUp>", spawn "xbacklight -inc 5")
, ("<F5>", spawn "xbacklight -dec 5")
, ("<F6>", spawn "xbacklight -inc 5")
, -- transparency
("S-<XF86MonBrightnessDown>", spawn "picom-trans -c -5")
, ("S-<XF86MonBrightnessUp>", spawn "picom-trans -c +5")
, ("M-S-d", spawn "picom-trans -c +5")
, ("M-S-b", spawn "picom-trans -c -5")
, -- volume control
("<XF86AudioMute>", changeVolume ToggleVolume)
, ("<XF86AudioLowerVolume>", changeVolume $ LowerVolume 5)
, ("<XF86AudioRaiseVolume>", changeVolume $ RaiseVolume 5)
, ("M-d", changeVolume $ RaiseVolume 5)
, ("M-b", changeVolume $ LowerVolume 5)
, ("M-a", sendMessage Balance)
, ("M-S-a", sendMessage Equalize)
, ("M-o", sendMessage Rotate)
, ("M-y", withFocused $ windows . W.sink)
]
where
-- navigate using dvorak bindings
nav = navigation2DP def ("c", "h", "t", "n") [("M-", windowGo), ("M-C-", windowSwap), ("M-S-", windowMoveSplit)] True
appLauncher = "rofi -show combi -modes combi -combi-modes window,drun,run,ssh"
passLauncher = "rofi-pass"
myManageHook :: ManageHook
myManageHook = composeAll
[ className =? "Gimp" --> doFloat
, isDialog --> doFloat
]
-- myManageHook :: ManageHook
-- myManageHook = composeAll
-- [ className =? "Gimp" --> doFloat
-- , isDialog --> doFloat
-- ]
myLayout = tiled ||| Mirror tiled ||| Full ||| threeCol
where
threeCol = magnifiercz' 1.3 $ ThreeColMid nmaster delta ratio
tiled = Tall nmaster delta ratio
nmaster = 1 -- Default number of windows in the master pane
ratio = 1/2 -- Default proportion of screen occupied by master pane
delta = 3/100 -- Percent of screen to increment by when resizing panes
myXmobarPP :: PP
myXmobarPP = def
{ ppSep = magenta ""
, ppTitleSanitize = xmobarStrip
, ppCurrent = wrap " " "" . xmobarBorder "Top" "#8be9fd" 2
, ppHidden = white . wrap " " ""
, ppHiddenNoWindows = lowWhite . wrap " " ""
, ppUrgent = red . wrap (yellow "!") (yellow "!")
, ppOrder = \[ws, l, _, wins] -> [ws, l, wins]
, ppExtras = [logTitles formatFocused formatUnfocused]
}
where
formatFocused = wrap (white "[") (white "]") . magenta . ppWindow
formatUnfocused = wrap (lowWhite "[") (lowWhite "]") . blue . ppWindow
-- | Windows should have *some* title, which should not not exceed a
-- sane length.
ppWindow :: String -> String
ppWindow = xmobarRaw . (\w -> if null w then "untitled" else w) . shorten 30
blue, lowWhite, magenta, red, white, yellow :: String -> String
magenta = xmobarColor "#ff79c6" ""
blue = xmobarColor "#bd93f9" ""
white = xmobarColor "#f8f8f2" ""
yellow = xmobarColor "#f1fa8c" ""
red = xmobarColor "#ff5555" ""
lowWhite = xmobarColor "#bbbbbb" ""

13
home/alex/programs/xmonad/default.nix
View file

@ -1,12 +1,11 @@
{ config, lib, pkgs, ... }:
{
config.xsession.windowManager.xmonad = {
enable = true;
enableContribAndExtras = true;
config = ./config.hs;
xsession = {
windowManager.command = let
xmonad = pkgs.xmonad-with-packages.override {
packages = self: [ self.xmonad-contrib ];
};
in "${xmonad}/bin/xmonad";
};
# control backlight
config.home.packages = [ pkgs.xorg.xbacklight pkgs.scrot ];
}

8
home/alex/programs/zathura/default.nix
View file

@ -1,8 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.programs.zathura = {
enable = true;
extraConfig = builtins.readFile ./gruvbox-dark.zathurarc;
};
}

40
home/alex/programs/zathura/gruvbox-dark.zathurarc
View file

@ -1,40 +0,0 @@
set notification-error-bg "#282828" # bg
set notification-error-fg "#fb4934" # bright:red
set notification-warning-bg "#282828" # bg
set notification-warning-fg "#fabd2f" # bright:yellow
set notification-bg "#282828" # bg
set notification-fg "#b8bb26" # bright:green
set completion-bg "#504945" # bg2
set completion-fg "#ebdbb2" # fg
set completion-group-bg "#3c3836" # bg1
set completion-group-fg "#928374" # gray
set completion-highlight-bg "#83a598" # bright:blue
set completion-highlight-fg "#504945" # bg2
# Define the color in index mode
set index-bg "#504945" # bg2
set index-fg "#ebdbb2" # fg
set index-active-bg "#83a598" # bright:blue
set index-active-fg "#504945" # bg2
set inputbar-bg "#282828" # bg
set inputbar-fg "#ebdbb2" # fg
set statusbar-bg "#504945" # bg2
set statusbar-fg "#ebdbb2" # fg
set highlight-color "#fabd2f" # bright:yellow
set highlight-active-color "#fe8019" # bright:orange
set default-bg "#282828" # bg
set default-fg "#ebdbb2" # fg
set render-loading true
set render-loading-bg "#282828" # bg
set render-loading-fg "#ebdbb2" # fg
# Recolor book content's color
set recolor-lightcolor "#282828" # bg
set recolor-darkcolor "#ebdbb2" # fg
set recolor "true"
# set recolor-keephue true # keep original color

5
home/alex/services/blueman-applet/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.blueman-applet = { enable = true; };
}

30
home/alex/services/dunst/default.nix
View file

@ -1,30 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.services.dunst = {
enable = true;
iconTheme = {
name = "Adwaita";
package = pkgs.adwaita-icon-theme;
size = "16x16";
};
settings = {
global = {
monitor = 0;
geometry = "600x50-50+65";
shrink = "yes";
transparency = 10;
padding = 16;
horizontal_padding = 16;
font = "JetBrainsMono Nerd Font 10";
line_height = 4;
format = "<b>%s</b>\\n%b";
};
};
};
}

15
home/alex/services/git-sync/default.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
let cfg = config.my.git-sync;
in {
options.my.git-sync = { enable = lib.mkEnableOption "git-sync"; };
config.services.git-sync = lib.mkIf cfg.enable {
enable = true;
repositories = {
"org" = {
path = "${config.home.homeDirectory}/org";
uri = "git+ssh://git@git.failco.de:jakalx/org.git";
};
};
};
}

5
home/alex/services/network-manager/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.network-manager-applet = { enable = true; };
}

15
home/alex/services/picom/default.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.picom = {
enable = true;
activeOpacity = 1.0;
inactiveOpacity = 0.8;
backend = "glx";
fade = true;
fadeDelta = 5;
opacityRules = [ "100:name *= 'i3lock'" ];
shadow = true;
shadowOpacity = 0.75;
};
}

235
home/alex/services/polybar/config.ini
View file

@ -1,235 +0,0 @@
;==========================================================
;
;
; ██████╗ ██████╗ ██╗ ██╗ ██╗██████╗ █████╗ ██████╗
; ██╔══██╗██╔═══██╗██║ ╚██╗ ██╔╝██╔══██╗██╔══██╗██╔══██╗
; ██████╔╝██║ ██║██║ ╚████╔╝ ██████╔╝███████║██████╔╝
; ██╔═══╝ ██║ ██║██║ ╚██╔╝ ██╔══██╗██╔══██║██╔══██╗
; ██║ ╚██████╔╝███████╗██║ ██████╔╝██║ ██║██║ ██║
; ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝
;
;
; To learn more about how to configure Polybar
; go to https://github.com/polybar/polybar
;
; The README contains a lot of information
;
;==========================================================
[colors]
background = #282A2E
background-alt = #373B41
foreground = #C5C8C6
primary = #F0C674
secondary = #8ABEB7
alert = #A54242
disabled = #707880
[bar/main]
width = 100%
height = 24pt
radius = 6
; dpi = 96
background = ${colors.background}
foreground = ${colors.foreground}
line-size = 3pt
border-size = 4pt
border-color = #00000000
padding-left = 0
padding-right = 1
module-margin = 1
separator = |
separator-foreground = ${colors.disabled}
font-0 = monospace;2
modules-left = xworkspaces xwindow
modules-center = systray
modules-right = filesystem pulseaudio xkeyboard memory cpu battery wlan eth backlight date
cursor-click = pointer
cursor-scroll = ns-resize
enable-ipc = true
tray-position = center
; wm-restack = generic
; wm-restack = bspwm
; wm-restack = i3
; override-redirect = true
[module/systray]
type = internal/tray
format-margin = 8pt
tray-spacing = 16pt
[module/battery]
type = internal/battery
; This is useful in case the battery never reports 100% charge
; Default: 100
full-at = 99
; format-low once this charge percentage is reached
; Default: 10
; New in version 3.6.0
low-at = 10
; Use the following command to list batteries and adapters:
; $ ls -1 /sys/class/power_supply/
battery = BAT0
adapter = ADP0
; If an inotify event haven't been reported in this many
; seconds, manually poll for new values.
;
; Needed as a fallback for systems that don't report events
; on sysfs/procfs.
;
; Disable polling by setting the interval to 0.
;
; Default: 5
poll-interval = 5
[module/backlight]
type = internal/xbacklight
; XRandR output to get get values from
; Default: the monitor defined for the running bar
;output = DP-4
; Create scroll handlers used to set the backlight value
; Default: true
enable-scroll = true
; Available tags:
; <label> (default)
; <ramp>
; <bar>
format = <ramp>
; Available tokens:
; %percentage% (default)
label = %percentage%%
; Only applies if <ramp> is used
ramp-0 = 🌕
ramp-1 = 🌔
ramp-2 = 🌓
ramp-3 = 🌒
ramp-4 = 🌑
[module/xworkspaces]
type = internal/xworkspaces
label-active = %name%
label-active-background = ${colors.background-alt}
label-active-underline= ${colors.primary}
label-active-padding = 1
label-occupied = %name%
label-occupied-padding = 1
label-urgent = %name%
label-urgent-background = ${colors.alert}
label-urgent-padding = 1
label-empty = %name%
label-empty-foreground = ${colors.disabled}
label-empty-padding = 1
[module/xwindow]
type = internal/xwindow
label = %title:0:60:...%
[module/filesystem]
type = internal/fs
interval = 25
mount-0 = /
label-mounted = %{F#F0C674}%mountpoint%%{F-} %percentage_used%%
label-unmounted = %mountpoint% not mounted
label-unmounted-foreground = ${colors.disabled}
[module/pulseaudio]
type = internal/pulseaudio
format-volume-prefix = "VOL "
format-volume-prefix-foreground = ${colors.primary}
format-volume = <label-volume>
label-volume = %percentage%%
label-muted = muted
label-muted-foreground = ${colors.disabled}
[module/xkeyboard]
type = internal/xkeyboard
blacklist-0 = num lock
label-layout = %layout%
label-layout-foreground = ${colors.primary}
label-indicator-padding = 2
label-indicator-margin = 1
label-indicator-foreground = ${colors.background}
label-indicator-background = ${colors.secondary}
[module/memory]
type = internal/memory
interval = 2
format-prefix = "RAM "
format-prefix-foreground = ${colors.primary}
label = %percentage_used:2%%
[module/cpu]
type = internal/cpu
interval = 2
format-prefix = "CPU "
format-prefix-foreground = ${colors.primary}
label = %percentage:2%%
[network-base]
type = internal/network
interval = 5
format-connected = <label-connected>
format-disconnected = <label-disconnected>
label-disconnected = %{F#F0C674}%ifname%%{F#707880} disconnected
[module/wlan]
inherit = network-base
interface-type = wireless
label-connected = %{F#F0C674}%ifname%%{F-} %essid% %local_ip%
[module/eth]
inherit = network-base
interface-type = wired
label-connected = %{F#F0C674}%ifname%%{F-} %local_ip%
[module/date]
type = internal/date
interval = 1
date = %H:%M
date-alt = %Y-%m-%d %H:%M:%S
label = %date%
label-foreground = ${colors.primary}
[settings]
screenchange-reload = true
pseudo-transparency = true
; vim:ft=dosini

19
home/alex/services/polybar/default.nix
View file

@ -1,19 +0,0 @@
{ config, lib, pkgs, ... }:
let
mypolybar = pkgs.polybar.override {
alsaSupport = true;
mpdSupport = true;
pulseSupport = true;
};
in {
config.home.packages = with pkgs; [ font-awesome material-design-icons ];
config.services.polybar = {
enable = true;
package = mypolybar;
config = ./config.ini;
script = ''
polybar & disown
'';
};
}

15
home/alex/services/screen-locker/default.nix
View file

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.services.screen-locker = {
enable = false;
inactiveInterval = 30;
lockCmd = "${pkgs.i3lock}/bin/i3lock -n -c 000000";
xautolock.extraOptions = [ "-detectsleep" ];
};
}

11
home/alex/services/syncthing/default.nix
View file

@ -1,11 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.syncthing = {
enable = true;
tray = {
enable = true;
command = "syncthingtray --wait";
};
};
}

8
home/alex/services/udiskie/default.nix
View file

@ -1,8 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.udiskie = {
enable = true;
tray = "always";
};
}

13
home/anne/home.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
{
home = {
@ -12,8 +7,8 @@
packages = with pkgs; [
firefox
alacritty
gnome-session
gnome-control-center
gnome.gnome-session
gnome.gnome-control-center
];
keyboard.layout = "de";
keyboard.variant = "nodeadkeys";
@ -21,6 +16,6 @@
xsession = {
enable = true;
windowManager.command = "${pkgs.gnome-session}/bin/gnome-session";
windowManager.command = "${pkgs.gnome.gnome-session}/bin/gnome-session";
};
}

89
hosts/dregil/configuration.nix
View file

@ -2,13 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
inputs,
config,
pkgs,
lib,
...
}:
{ inputs, config, pkgs, lib, ... }:
let
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
@ -17,16 +11,13 @@ let
export __VK_LAYER_NV_optimus=NVIDIA_only
exec "$@"
'';
in
{
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# <nixos-hardware/lenovo/legion/15ich>
../../modules/appimage.nix
../../modules/sudo.nix
../../modules/wm/x.nix
../../modules/wm/xmonad/default.nix
../../modules/wm/xmonad.nix
];
# Use the systemd-boot EFI boot loader.
@ -40,21 +31,17 @@ in
networking.hostName = "dregil"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
networking.extraHosts = ''
127.0.0.1 localhost dregil.localdomain dregil
'';
i18n = {
extraLocaleSettings = {
TIME_STYLE = "iso";
};
supportedLocales = [
"C.UTF-8/UTF-8"
"en_US.UTF-8/UTF-8"
"de_DE.UTF-8/UTF-8"
];
extraLocaleSettings = { TIME_STYLE = "iso"; };
supportedLocales =
[ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
};
console = {
@ -64,31 +51,22 @@ in
fonts = {
enableDefaultPackages = true;
packages =
with pkgs;
[
corefonts
noto-fonts
noto-fonts-emoji
fira-code
fira-code-symbols
]
++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
packages = with pkgs; [
corefonts
noto-fonts
noto-fonts-emoji
fira-code
fira-code-symbols
nerdfonts
];
};
# Enable CUPS to print documents.
# services.printing.enable = true;
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
@ -101,23 +79,17 @@ in
];
# adjust channels to nixpkgs used on this system via this flake
environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs.outPath;
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs-unstable.outPath;
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs-unstable}" ];
nix.settings.max-jobs = 3;
nix.settings.cores = 4;
programs.neovim = {
enable = true;
};
programs.neovim = { enable = true; };
programs.steam = {
enable = true;
};
programs.steam = { enable = true; };
programs.zsh = {
enable = true;
};
programs.zsh = { enable = true; };
# List services that you want to enable:
@ -126,16 +98,9 @@ in
services.blueman.enable = true;
# Open ports in the firewall
# 22000, 21027 syncthing discovery and connectivity
networking.firewall.allowedTCPPorts = [
5223
22000
];
networking.firewall.allowedUDPPorts = [
21027
22000
];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;

30
hosts/dregil/default.nix
View file

@ -1,32 +1,14 @@
{
inputs,
stable,
system,
...
}:
{
{ lib, config, pkgs, inputs, ... }: {
imports = [
(
{ inputs, lib, ... }:
{
nixpkgs = {
config.allowUnfree = true;
};
home-manager.extraSpecialArgs = { inherit stable; };
}
)
({ inputs, lib, ... }: {
nixpkgs = { config.allowUnfree = true; };
nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
})
../../modules/security.nix
../../modules/common-system.nix
./configuration.nix
inputs.home-manager.nixosModules.home-manager
inputs.distro-grub-themes.nixosModules.${system}.default
inputs.home-manager-unstable.nixosModules.home-manager
../../home/anne/default.nix
../../home/alex/default.nix
../../modules/grub-themes
../../modules/hyprland
../../modules/podman
../../modules/tailscale
../../modules/flatpak.nix
../../modules/nh.nix
];
}

52
hosts/dregil/hardware-configuration.nix
View file

@ -1,25 +1,13 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.availableKernelModules =
[ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [
"dm-snapshot"
"uas"
@ -39,38 +27,26 @@
keyFileSize = 4096;
};
};
boot.kernelModules = [
"kvm-intel"
"nvidia"
];
boot.kernelModules = [ "kvm-intel" "nvidia" ];
boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ];
boot.kernelParams = [ "module_blacklist=i915" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [
"subvol=root"
"compress=zstd"
];
options = [ "subvol=root" "compress=zstd" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [
"subvol=home"
"compress=zstd"
];
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [
"subvol=nix"
"compress=zstd"
"noatime"
];
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/boot" = {
@ -78,7 +54,8 @@
fsType = "vfat";
};
swapDevices = [ { device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95"; } ];
swapDevices =
[{ device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -90,12 +67,12 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.nvidia = {
nvidiaSettings = true;
nvidiaPersistenced = true;
open = true;
# modesetting.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
@ -109,9 +86,10 @@
# };
};
hardware.graphics = {
hardware.opengl = {
enable = true;
enable32Bit = true;
driSupport = true;
driSupport32Bit = true;
};
hardware.keyboard.uhk.enable = true;

134
hosts/igor/default.nix
View file

@ -1,147 +1,65 @@
{
inputs,
pkgs,
config,
...
}:
{ config, inputs, lib, pkgs, ... }:
{
imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
./syncthing.nix
../../modules/security.nix
../../modules/nix-config.nix
../../modules/iohk.nix
../../modules/timezone.nix
../../modules/keybase.nix
../../modules/ssh.nix
../../modules/tailscale
../../modules/vsftpd
../../modules/mosh.nix
./disko-config.nix
];
config.boot.loader.grub.enable = true;
config.boot.loader.grub.efiSupport = true;
config.boot.loader.grub.efiInstallAsRemovable = true;
#config.boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
config.boot.loader.grub.device = "/dev/disk/by-id/ata-HGST_HTS725050A7E630_TF655AY92SM3XL"; # or "nodev" for efi only
config.security.sudo.wheelNeedsPassword = false;
config.networking = {
networking = let extIface = "ens3";
in {
hostName = "igor";
domain = "failco.de";
wireless = {
enable = true;
userControlled.enable = true;
allowAuxiliaryImperativeNetworks = true;
secretsFile = "/etc/wireless.conf";
networks = {
Prapsschnalinen.pskRaw = "ext:home";
};
wireless.enable = false;
useDHCP = false;
enableIPv6 = false;
interfaces.${extIface} = {
ipv4.addresses = [{
address = "192.168.0.2";
prefixLength = 24;
}];
};
defaultGateway = "192.168.0.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
allowedTCPPorts = [ 22 80 443 ];
allowedUDPPorts = [ ];
};
useDHCP = true;
enableIPv6 = true;
networkmanager.enable = false;
firewall.enable = true;
firewall.allowedTCPPorts = [
config.services.mysql.settings.mysqld.port
];
};
config.security.sudo = {
security.sudo = {
enable = true;
execWheelOnly = true;
};
# Select internationalization properties.
config.i18n.defaultLocale = "en_US.UTF-8";
config.console = {
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "dvorak";
};
# Set your time zone.
config.time.timeZone = "Europe/Berlin";
# Enable the X11 windowing system.
config.services.xserver.enable = true;
config.services.logind.lidSwitch = "lock";
# Enable the GNOME Desktop Environment.
config.services.xserver.displayManager.gdm.enable = true;
config.services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
config.services.xserver.xkb.layout = "us";
config.services.xserver.xkb.variant = "dvorak";
config.services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
config.services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
config.services.pipewire = {
enable = true;
pulse.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
config.services.libinput.enable = true;
config.services.mysql = {
enable = true;
package = pkgs.mariadb;
};
config.programs.firefox.enable = true;
config.programs.git.enable = true;
config.programs.nm-applet.enable = true;
# Define a user account. Don't forget to set a password with passwd.
config.users.users.alex = {
users.users.me = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.zsh;
packages = [ pkgs.devenv ];
};
config.environment.systemPackages = with pkgs; [
alacritty
dolphin
waybar
hyprpaper
wofi
tmux
lftp
];
config.programs.direnv = {
enable = true;
silent = true;
};
config.programs.hyprland = {
enable = true;
withUWSM = true;
};
config.programs.neovim = {
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
config.programs.zsh.enable = true;
programs.zsh.enable = true;
config.system.stateVersion = "24.11";
system.stateVersion = "23.11";
}

28
hosts/igor/disko-config.nix
View file

@ -2,14 +2,10 @@
disko.devices = {
disk.main = {
type = "disk";
device = "/dev/sdb";
device = "/dev/mmcblk0";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
ESP = {
priority = 1;
name = "ESP";
@ -30,32 +26,18 @@
extraArgs = [ "-f" ];
subvolumes = {
"/rootfs" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/rootfs" = { mountpoint = "/"; };
"/home" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/nix";
};
"/swap" = {
mountpoint = "/.swapvol";
swap = {
swapfile.size = "2G";
};
swap = { swapfile.size = "2G"; };
};
};
};

72
hosts/igor/hardware-configuration.nix
View file

@ -1,72 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# fileSystems."/" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=rootfs" ];
# };
#
# fileSystems."/.swapvol" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=swap" ];
# };
#
# fileSystems."/boot" =
# { device = "/dev/disk/by-uuid/2EDA-47FD";
# fsType = "vfat";
# options = [ "fmask=0022" "dmask=0022" ];
# };
#
# fileSystems."/home" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=home" ];
# };
#
# fileSystems."/nix" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=nix" ];
# };
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wwp0s20u4i6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

29
hosts/igor/syncthing.nix
View file

@ -1,29 +0,0 @@
{ config, lib, ... }:
{
config.services.syncthing = {
enable = true;
user = "vsftpd";
group = "vsftpd";
dataDir = "/var/lib/vsftpd";
settings.devices = {
thrall = {
id = "P52YQU2-7LCEOVV-DSGTAZG-AJ2DSJD-JPHSUJE-HC2KAGO-YR4SXQD-V6OQ7QF";
addresses = [ "tcp://195.90.211.228:22000" ];
};
};
settings.folders = {
paperless = {
path = "${config.services.vsftpd.localRoot}/scan";
devices = [ "thrall" ];
versioning = {
type = "trashcan";
params.cleanoutDays = "90";
};
};
};
};
}

11
hosts/redmi/default.nix
View file

@ -4,14 +4,14 @@
# Simply install just the packages
environment.packages = with pkgs; [
# User-facing stuff that you really really want to have
neovim
vim # or some other editor, e.g. nano or neovim
git
git-annex
mosh
openssh
wget
tmux
helix
# Some common stuff that people expect to have
#diffutils
@ -29,18 +29,13 @@
#xz
#zip
#unzip
inetutils
];
# Backup etc files instead of failing to activate generation if a file already exists in /etc
environment.etcBackupExtension = ".bak";
environment.sessionVariables = {
EDITOR = "${pkgs.neovim}/bin/nvim";
};
# Read the changelog before changing this value
system.stateVersion = "24.05";
system.stateVersion = "22.11";
# Set up nix for flakes
nix.extraOptions = ''

7
hosts/thrall/alex.nix
View file

@ -1,7 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [ ../../home/alex/cli.nix ../../home/alex/services/git-sync ];
config.my.git-sync.enable = true;
}

326
hosts/thrall/default.nix
View file

@ -2,35 +2,22 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
inputs,
lib,
config,
pkgs,
...
}:
{ inputs, config, pkgs, ... }:
let
authorityFromUrl = url: builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url));
in
{
disabledModules = [ "services/web-apps/hledger-web.nix" ];
authorityFromUrl = url:
builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url));
in {
imports = [
./hardware-configuration.nix
inputs.snm.nixosModule
inputs.agenix.nixosModules.age
../../modules/security.nix
../../modules/sudo.nix
../../modules/upgrade-pg-cluster.nix
../../modules/nix-config.nix
../../modules/iohk.nix
../../modules/timezone.nix
../../modules/keybase.nix
../../modules/ssh.nix
../../modules/hledger-web.nix
../../modules/tailscale
../../modules/mosh.nix
../../modules/nh.nix
];
# Use the GRUB 2 boot loader.
@ -57,89 +44,84 @@ in
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking =
let
extIface = "ens3";
in
{
hostName = "thrall";
domain = "failco.de";
wireless.enable = false;
useDHCP = false;
enableIPv6 = false;
interfaces.${extIface} = {
ipv4.addresses = [
networking = let extIface = "ens3";
in {
hostName = "thrall";
domain = "failco.de";
wireless.enable = false;
useDHCP = false;
enableIPv6 = false;
interfaces.${extIface} = {
ipv4.addresses = [{
address = "195.90.211.228";
prefixLength = 22;
}];
};
defaultGateway = "195.90.208.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
allowedTCPPorts = [ 22 53 80 443 5000 ];
allowedUDPPorts = [ 53 42666 ];
};
# wireguard related config
nat.enable = true;
nat.externalInterface = extIface;
nat.internalInterfaces = [ "wg0" ];
wireguard.interfaces = {
wg0 = {
ips = [ "10.0.0.1/24" ];
listenPort = 42666;
postSetup = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
privateKeyFile = config.age.secrets.wireguard-thrall.path;
peers = [
{
address = "195.90.211.228";
prefixLength = 22;
# my phone
publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
allowedIPs = [ "10.0.0.2/32" ];
}
{
# my tablet
publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k=";
allowedIPs = [ "10.0.0.3/32" ];
}
{
# homematic
publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4=";
allowedIPs = [ "10.0.0.4/32" ];
}
];
};
defaultGateway = "195.90.208.1";
nameservers = [
"8.8.8.8"
"8.8.4.4"
];
firewall = {
allowedTCPPorts = [
22
53
80
443
5000
40005 # syncthing
];
allowedUDPPorts = [
53
];
};
# wireguard related config
nat.enable = true;
nat.externalInterface = extIface;
nat.internalInterfaces = [ "wg0" ];
wireguard.interfaces = {
wg0 = {
ips = [ "10.0.0.1/24" ];
listenPort = 42666;
postSetup = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
privateKeyFile = config.age.secrets.wireguard-thrall.path;
peers = [
{
# my phone
publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
allowedIPs = [ "10.0.0.2/32" ];
}
{
# my tablet
publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k=";
allowedIPs = [ "10.0.0.3/32" ];
}
{
# homematic
publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4=";
allowedIPs = [ "10.0.0.4/32" ];
}
];
};
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "alex@jakalx.net";
};
security.sudo = {
enable = true;
execWheelOnly = true;
extraRules = [{
groups = [ "wheel" ];
commands = [{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}];
}];
};
# Select internationalization properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
@ -157,14 +139,7 @@ in
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget
rsync
htop
tmux
git
rclone
];
environment.systemPackages = with pkgs; [ wget rsync htop tmux git rclone ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
@ -173,6 +148,7 @@ in
enableSSHSupport = true;
};
programs.mosh.enable = true;
programs.neovim = {
enable = true;
defaultEditor = true;
@ -187,11 +163,7 @@ in
services.kresd = {
enable = true;
listenPlain = [
"[::1]:53"
"127.0.0.1:53"
"10.0.0.1:53"
];
listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ];
};
services.lorri.enable = true;
@ -251,25 +223,29 @@ in
'';
};
# forgejo - git web frontend
"${config.services.forgejo.settings.server.DOMAIN}" = {
# gitea
"${config.services.gitea.settings.server.DOMAIN}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}/";
proxyPass = "http://127.0.0.1:${
toString config.services.gitea.settings.server.HTTP_PORT
}/";
proxyWebsockets = true;
};
};
# paperless
"${authorityFromUrl config.services.paperless.settings.PAPERLESS_URL}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}/";
proxyWebsockets = true;
"${authorityFromUrl config.services.paperless.extraConfig.PAPERLESS_URL}" =
{
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.paperless.port}/";
proxyWebsockets = true;
};
};
};
# hledger
"${authorityFromUrl config.services.hledger-web.baseUrl}" = {
@ -277,22 +253,16 @@ in
enableACME = true;
basicAuthFile = config.age.secrets.hledger-web.path;
locations."/" = {
proxyPass = "http://${config.services.hledger-web.host}:${toString config.services.hledger-web.port}/";
proxyPass = "http://${config.services.hledger-web.host}:${
toString config.services.hledger-web.port
}/";
proxyWebsockets = true;
};
};
};
users.users.git = {
home = config.services.forgejo.stateDir;
useDefaultShell = true;
group = config.services.forgejo.group;
isSystemUser = true;
};
services.forgejo = {
services.gitea = {
enable = true;
user = "git";
database.type = "sqlite3";
lfs.enable = true;
@ -308,13 +278,10 @@ in
mailer = {
ENABLED = true;
PROTOCOL = "smtp";
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
FROM = "noreply@failco.de";
};
other = {
SHOW_FOOTER_VERSION = false;
MAILER_TYPE = "smtp";
FROM = "git@failco.de";
HOST = "thrall.failco.de:25";
IS_TLS_ENABLED = false;
};
};
};
@ -324,16 +291,9 @@ in
address = "127.0.0.1";
port = 3002;
consumptionDirIsPublic = true;
settings = {
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_OCR_USER_ARGS = ''{"invalidate_digital_signatures": true}'';
PAPERLESS_URL = "https://docs.failco.de";
PAPERLESS_CONSUMER_RECURSIVE = true;
PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
# workaround for classification getting stuck, see
# https://github.com/NixOS/nixpkgs/issues/240591#issuecomment-1915678490
OMP_NUM_THREADS = 1;
};
};
@ -347,10 +307,7 @@ in
manage = true;
};
journalFiles = [ "current.journal" ];
extraOptions = [
"-B"
"--value=then"
];
extraOptions = [ "-B" "--value=then" ];
};
services.fail2ban = {
@ -360,12 +317,8 @@ in
bantime = "1h";
bantime-increment.enable = true;
ignoreIP = [
"127.0.0.0/8"
"195.90.211.228"
"10.0.0.0/8"
"192.168.0.0/16"
];
ignoreIP =
[ "127.0.0.0/8" "195.90.211.228/22" "10.0.0.0/8" "192.168.0.0/16" ];
jails.postfix = ''
filter = postfix
@ -379,32 +332,25 @@ in
enable = true;
user = "alex";
dataDir = "/home/alex/sync";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
overrideDevices =
true; # overrides any devices added or deleted through the WebUI
overrideFolders =
true; # overrides any folders added or deleted through the WebUI
settings = {
folders = {
"org" = {
path = "/home/alex/org";
devices = [ "redmi" ];
};
"paperless" = {
path = "${config.services.paperless.consumptionDir}";
devices = [
"redmi"
"dregil"
"igor"
];
"scan" = {
path = "/home/alex/media/scan";
devices = [ "redmi" ];
};
};
devices = {
redmi = {
id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
};
dregil = {
id = "SMVQO7Q-EB2V7PC-B4LP5IN-SM2UUE4-FUI2RI4-LARFW3S-LXHPAT5-FLNY7QH";
};
igor = {
id = "NHSYYF6-I5GWMTI-2SQ6PIA-EU3TYZF-3I7BI3K-QTSRGCT-QVLSFG4-74TL2QW";
"redmi" = {
id =
"C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
};
};
};
@ -413,34 +359,22 @@ in
mailserver = {
enable = true;
fqdn = "thrall.failco.de";
domains = [
"failco.de"
"jakalx.net"
"kobjolke.de"
];
domains = [ "failco.de" "jakalx.net" "kobjolke.de" ];
loginAccounts = {
"me@failco.de" = {
# nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt'
hashedPasswordFile = config.age.secrets.mailPass.path;
aliases = [
"lx@failco.de"
"alex@failco.de"
"abuse@failco.de"
"postmaster@failco.de"
"abuse@kobjolke.de"
"postmaster@kobjolke.de"
"abuse@jakalx.net"
"postmaster@jakalx.net"
];
aliases = [ "lx@failco.de" "alex@failco.de" ];
catchAll = [
];
catchAll = [ "failco.de" "kobjolke.de" ];
};
"alex@jakalx.net" = {
hashedPasswordFile = config.age.secrets.mailPass.path;
catchAll = [ "jakalx.net" ];
};
"archive@failco.de" = {
@ -448,17 +382,11 @@ in
};
};
extraVirtualAliases = {
"alex@kobjolke.de" = [ "me@failco.de" ];
};
extraVirtualAliases = { "familie@kobjolke.de" = [ "me@failco.de" ]; };
forwards = {
"familie@kobjolke.de" = [
"alex@kobjolke.de"
"anne@kobjolke.de"
];
"anne@kobjolke.de" = "anne.kobjolke@gmail.com";
"alexander@kobjolke.de" = "alex@kobjolke.de";
"anne@kobjolke.de" = "anne.kobjolke@gmail.cem";
"alex@kobjolke.de" = "me@failco.de";
};
certificateScheme = "acme-nginx";
@ -468,22 +396,12 @@ in
virusScanning = true;
};
services.postgresql = {
package = pkgs.postgresql_15;
};
services.postgresql = { package = pkgs.postgresql_15; };
services.roundcube = {
enable = true;
hostName = "mail.failco.de";
dicts = with pkgs.aspellDicts; [
en
de
];
plugins = [
"archive"
"attachment_reminder"
"managesieve"
"markasjunk"
];
dicts = with pkgs.aspellDicts; [ en de ];
plugins = [ "archive" "attachment_reminder" "managesieve" "markasjunk" ];
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
@ -500,4 +418,6 @@ in
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}

12
modules/appimage.nix
View file

@ -1,12 +0,0 @@
{ config, lib, pkgs, ... }:
{
boot.binfmt.registrations.appimage = {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
};
}

7
modules/common-system.nix
View file

@ -21,5 +21,10 @@
networking.firewall.enable = true;
nix = { registry = { nixpkgs.flake = inputs.nixpkgs; }; };
nix = {
registry = {
nixpkgs.flake = inputs.nixpkgs;
nixpkgs-unstable.flake = inputs.nixpkgs-unstable;
};
};
}

18
modules/flatpak.nix
View file

@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
services.flatpak.enable = true;
systemd.services.flatpak-repo = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.flatpak ];
script = ''
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
'';
};
}

7
modules/grub-themes/default.nix
View file

@ -1,7 +0,0 @@
{ ... }:
{
config.distro-grub-themes = {
enable = true;
theme = "nixos";
};
}

752
modules/hardening.nix
View file

@ -1,752 +0,0 @@
{ config, lib, pkgs, ... }: {
systemd.services.systemd-rfkill = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.syslog = {
serviceConfig = {
PrivateNetwork = true;
CapabilityBoundingSet =
[ "CAP_DAC_READ_SEARCH" "CAP_SYSLOG" "CAP_NET_BIND_SERVICE" ];
NoNewPrivileges = true;
PrivateDevices = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
PrivateMounts = true;
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
LockPersonality = true;
ProtectKernelTunables = true;
RestrictRealtime = true;
PrivateUsers = true;
PrivateTmp = true;
UMask = "0077";
RestrictNamespace = true;
ProtectProc = "invisible";
ProtectHome = true;
DeviceAllow = false;
ProtectSystem = "full";
};
};
systemd.services.systemd-journald = {
serviceConfig = {
UMask = 77;
PrivateNetwork = true;
ProtectHostname = true;
ProtectKernelModules = true;
};
};
systemd.services.auto-cpufreq = {
serviceConfig = {
CapabilityBoundingSet = "";
ProtectSystem = "full";
ProtectHome = true;
PrivateNetwork = true;
IPAddressDeny = "any";
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectHostname = false;
MemoryDenyWriteExecute = true;
ProtectClock = true;
RestrictNamespaces = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectProc = true;
ReadOnlyPaths = [ "/" ];
InaccessiblePaths = [ "/home" "/root" "/proc" ];
SystemCallFilter = [ "@system-service" ];
SystemCallArchitectures = "native";
UMask = "0077";
};
};
systemd.services.NetworkManager-dispatcher = {
serviceConfig = {
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectHostname = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateUsers = true;
PrivateDevices = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.display-manager = {
serviceConfig = {
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true; # so we won't need all of this
};
};
systemd.services.emergency = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # Might need adjustment for emergency access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."getty@tty1" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."getty@tty7" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.NetworkManager = {
serviceConfig = {
NoNewPrivileges = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
ProtectProc = "invisible";
ProcSubset = "pid";
RestrictNamespaces = true;
ProtectKernelTunables = true;
ProtectHome = true;
PrivateTmp = true;
UMask = "0077";
};
};
systemd.services."nixos-rebuild-switch-to-configuration" = {
serviceConfig = {
ProtectHome = true;
NoNewPrivileges = true; # Prevent gaining new privileges
};
};
systemd.services."dbus" = {
serviceConfig = {
PrivateTmp = true;
PrivateNetwork = true;
ProtectSystem = "full";
ProtectHome = true;
SystemCallFilter =
"~@clock @cpu-emulation @module @mount @obsolete @raw-io @reboot @swap";
ProtectKernelTunables = true;
NoNewPrivileges = true;
CapabilityBoundingSet = [
"~CAP_SYS_TIME"
"~CAP_SYS_PACCT"
"~CAP_KILL"
"~CAP_WAKE_ALARM"
"~CAP_SYS_BOOT"
"~CAP_SYS_CHROOT"
"~CAP_LEASE"
"~CAP_MKNOD"
"~CAP_NET_ADMIN"
"~CAP_SYS_ADMIN"
"~CAP_SYSLOG"
"~CAP_NET_BIND_SERVICE"
"~CAP_NET_BROADCAST"
"~CAP_AUDIT_WRITE"
"~CAP_AUDIT_CONTROL"
"~CAP_SYS_RAWIO"
"~CAP_SYS_NICE"
"~CAP_SYS_RESOURCE"
"~CAP_SYS_TTY_CONFIG"
"~CAP_SYS_MODULE"
"~CAP_IPC_LOCK"
"~CAP_LINUX_IMMUTABLE"
"~CAP_BLOCK_SUSPEND"
"~CAP_MAC_*"
"~CAP_DAC_*"
"~CAP_FOWNER"
"~CAP_IPC_OWNER"
"~CAP_SYS_PTRACE"
"~CAP_SETUID"
"~CAP_SETGID"
"~CAP_SETPCAP"
"~CAP_FSETID"
"~CAP_SETFCAP"
"~CAP_CHOWN"
];
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectControlGroups = true;
RestrictNamespaces = true;
MemoryDenyWriteExecute = true;
RestrictAddressFamilies = [ "~AF_PACKET" "~AF_NETLINK" ];
ProtectHostname = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateUsers = true;
};
};
systemd.services.nix-daemon = {
serviceConfig = {
ProtectHome = true;
PrivateUsers = false;
};
};
systemd.services.reload-systemd-vconsole-setup = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
PrivateUsers = true;
PrivateDevices = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictNamespaces = true;
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.rescue = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # Might need adjustment for rescue operations
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Networking might be necessary in rescue mode
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny =
"any"; # May need to be relaxed for network troubleshooting in rescue mode
};
};
systemd.services."systemd-ask-password-console" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for console access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # A more permissive filter
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."systemd-ask-password-wall" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # A more permissive filter
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.thermald = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for adjusting cooling policies
ProtectKernelModules = true; # May need adjustment for module control
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May require access to specific hardware devices
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
CapabilityBoundingSet = "";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
DeviceAllow = [ ];
RestrictAddressFamilies = [ ];
};
};
systemd.services."user@1000" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true; # Be cautious, as this may restrict user operations
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on user needs
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.virtlockd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for accessing VM resources
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust as necessary
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need adjustment for network operations
};
};
systemd.services.virtlogd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for accessing VM logs
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter =
[ "@system-service" ]; # Adjust based on log management needs
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny =
"any"; # May need to be relaxed for network-based log collection
};
};
systemd.services.virtlxcd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for container management
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for container user management
PrivateDevices = true; # Containers might require broader device access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked containers
RestrictNamespaces = true;
SystemCallFilter =
[ "@system-service" ]; # Adjust based on container operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
systemd.services.virtqemud = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for VM management
ProtectKernelModules =
true; # May need adjustment for VM hardware emulation
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for VM user management
PrivateDevices = true; # VMs might require broader device access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked VMs
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on VM operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
systemd.services.virtvboxd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Required for some VM management tasks
ProtectKernelModules = true; # May need adjustment for module handling
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for VM user management
PrivateDevices = true; # VMs may require access to certain devices
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked VMs
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on VM operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
}

140
modules/hledger-web.nix
View file

@ -1,140 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let cfg = config.services.hledger-web;
in {
options.services.hledger-web = {
enable = mkEnableOption (lib.mdDoc "hledger-web service");
serveApi = mkEnableOption
(lib.mdDoc "serving only the JSON web API, without the web UI");
host = mkOption {
type = types.str;
default = "127.0.0.1";
description = lib.mdDoc ''
Address to listen on.
'';
};
port = mkOption {
type = types.port;
default = 5000;
example = 80;
description = lib.mdDoc ''
Port to listen on.
'';
};
capabilities = {
view = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Enable the view capability.
'';
};
add = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable the add capability.
'';
};
manage = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable the manage capability.
'';
};
};
stateDir = mkOption {
type = types.path;
default = "/var/lib/hledger-web";
description = lib.mdDoc ''
Path the service has access to. If left as the default value this
directory will automatically be created before the hledger-web server
starts, otherwise the sysadmin is responsible for ensuring the
directory exists with appropriate ownership and permissions.
'';
};
journalFiles = mkOption {
type = types.listOf types.str;
default = [ ".hledger.journal" ];
description = lib.mdDoc ''
Paths to journal files relative to {option}`services.hledger-web.stateDir`.
'';
};
baseUrl = mkOption {
type = with types; nullOr str;
default = null;
example = "https://example.org";
description = lib.mdDoc ''
Base URL, when sharing over a network.
'';
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "--forecast" ];
description = lib.mdDoc ''
Extra command line arguments to pass to hledger-web.
'';
};
};
config = mkIf cfg.enable {
users.users.hledger = {
name = "hledger";
group = "hledger";
isSystemUser = true;
home = cfg.stateDir;
useDefaultShell = true;
};
users.groups.hledger = { };
systemd.services.hledger-web = let
serverArgs = with cfg;
escapeShellArgs ([
"--serve"
"--host=${host}"
"--port=${toString port}"
(optionalString capabilities.add "--allow=add")
(optionalString capabilities.view "--allow=view")
(optionalString capabilities.manage "--allow=edit")
(optionalString (cfg.baseUrl != null) "--base-url=${cfg.baseUrl}")
(optionalString (cfg.serveApi) "--serve-api")
] ++ (map (f: "--file=${stateDir}/${f}") cfg.journalFiles)
++ extraOptions);
in {
description = "hledger-web - web-app for the hledger accounting tool.";
documentation = [ "https://hledger.org/hledger-web.html" ];
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" ];
serviceConfig = mkMerge [
{
ExecStart = "${pkgs.hledger-web}/bin/hledger-web ${serverArgs}";
Restart = "always";
WorkingDirectory = cfg.stateDir;
User = "hledger";
Group = "hledger";
PrivateTmp = true;
}
(mkIf (cfg.stateDir == "/var/lib/hledger-web") {
StateDirectory = "hledger-web";
})
];
};
};
meta.maintainers = with lib.maintainers; [ marijanp erictapen ];
}

10
modules/hyprland/default.nix
View file

@ -1,10 +0,0 @@
{
pkgs,
...
}:
{
config.programs.hyprland.enable = true;
config.environment.systemPackages = [ pkgs.kitty ];
config.environment.sessionVariables.NIXOS_OZONE_WL = "1";
}

8
modules/mosh.nix
View file

@ -1,8 +0,0 @@
{ ... }:
{
programs.mosh = {
enable = true;
openFirewall = true;
};
}

14
modules/nh.nix
View file

@ -1,14 +0,0 @@
{
lib,
...
}:
{
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/alex/src/nixos-config";
};
nix.gc.automatic = lib.mkForce false;
}

21
modules/nix-config.nix
View file

@ -1,13 +1,8 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
{
nix = {
package = pkgs.nixVersions.latest;
package = pkgs.nixUnstable;
gc = {
automatic = true;
dates = "weekly";
@ -16,22 +11,12 @@
settings = {
auto-optimise-store = true;
experimental-features = [
"nix-command"
"flakes"
];
experimental-features = [ "nix-command" "flakes" "repl-flake" ];
warn-dirty = false;
# avoid unwanted garbage collection when using direnv
keep-outputs = true;
keep-derivations = true;
trusted-substituters = [ "https://devenv.cachix.org" ];
trusted-public-keys = [ "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" ];
trusted-users = [
"root"
"alex"
];
};
};
}

24
modules/podman/default.nix
View file

@ -1,24 +0,0 @@
{ pkgs, ... }:
{
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Useful other development tools
environment.systemPackages = with pkgs; [
dive # look into docker image layers
podman-tui # status of containers in the terminal
# docker-compose # start group of containers for dev
podman-compose # start group of containers for dev
];
}

15
modules/sudo.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.security.sudo = {
enable = true;
execWheelOnly = true;
extraRules = [{
groups = [ "wheel" ];
commands = [{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}];
}];
};
}

8
modules/tailscale/default.nix
View file

@ -1,8 +0,0 @@
{
...
}:
{
config.services.tailscale.enable = true;
config.services.resolved.enable = true;
}

16
modules/vsftpd/default.nix
View file

@ -1,16 +0,0 @@
{ lib, pkgs, ... }:
{
config.services.vsftpd = {
enable = true;
localUsers = true;
writeEnable = true;
chrootlocalUser = true;
userDbPath = "/etc/vsftpd/users";
enableVirtualUsers = true;
virtualUseLocalPrivs = true;
localRoot = "/var/lib/vsftpd/data";
extraConfig = "local_umask=002";
};
config.networking.firewall.allowedTCPPorts = [ 20 21 ];
}

18
modules/wm/greetd.nix
View file

@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
user = "greeter";
};
};
};
}

22
modules/wm/light.nix
View file

@ -1,22 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.programs.light = { enable = true; };
config.services.actkbd = let light = "${pkgs.light}/bin/light";
in {
enable = true;
bindings = [
{
keys = [ 232 ];
events = [ "key" ];
command = "${light} -U 10";
}
{
keys = [ 233 ];
events = [ "key" ];
command = "${light} -A 10";
}
];
};
}

24
modules/wm/sway.nix
View file

@ -1,24 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
environment.systemPackages = with pkgs; [
grim # screenshot functionality
slurp # screenshot functionality
wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
mako # notification system developed by swaywm maintainer
];
# Enable the gnome-keyring secrets vault.
# Will be exposed through DBus to programs willing to store secrets.
services.gnome.gnome-keyring.enable = true;
# enable Sway window manager
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
}

34
modules/wm/x.nix
View file

@ -1,24 +1,18 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
{
# Enable the X11 windowing system.
services = {
dbus = {
enable = true;
};
dbus = { enable = true; };
xserver = {
enable = true;
exportConfiguration = true;
xkb = {
options = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt";
layout = "us";
};
# Configure keymap in X11
layout = "us";
xkbOptions = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt";
videoDrivers = [ "nvidia" ]; # "modesetting" ];
@ -29,14 +23,14 @@
desktopManager.xfce.enable = true;
desktopManager.gnome.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
libinput = {
enable = true;
touchpad.disableWhileTyping = true;
touchpad.tapping = false;
mouse.naturalScrolling = config.services.libinput.touchpad.naturalScrolling;
# Enable touchpad support (enabled default in most desktopManager).
libinput = {
enable = true;
touchpad.disableWhileTyping = true;
mouse.naturalScrolling =
config.services.xserver.libinput.touchpad.naturalScrolling;
};
};
};
}

4
modules/wm/xmonad/default.nix → modules/wm/xmonad.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
{
config.services = {
services = {
upower.enable = true;
xserver = {
@ -12,5 +12,5 @@
};
};
config.systemd.services.upower.enable = true;
systemd.services.upower.enable = true;
}