jakalx/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: jakalx:686a548e9c2c6f9799916768be62371461f50daf
Branches Tags
jakalx:main
jakalx:develop
jakalx:feature/hledger-web-module
...
compare: jakalx:10b166b4d015c2ce9236b8ec82947b2aa6a61052
Branches Tags
jakalx:develop
jakalx:main
jakalx:feature/hledger-web-module

194 commits
686a548e9c ... 10b166b4d0

Author SHA1 Message Date
Alexander Kobjolke
10b166b4d0 chore: Update inputs 2025-05-08 21:13:47 +02:00
Alexander Kobjolke
5c9cd744b9 feat(jj): Configure jj 2025-05-08 00:03:11 +02:00
Alexander Kobjolke
d4f56d0b02 feat(emacs): Update config 2025-05-07 22:52:50 +02:00
Alexander Kobjolke
8fa444ed2d feat(home): Let jujutsu run "log" by default 2025-04-11 11:17:49 +02:00
Alexander Kobjolke
ce225f2f7d feat(home): Enable jujutsu dvcs 2025-04-09 11:52:10 +02:00
Alexander Kobjolke
6ece8810d6 feat(thrall): Use google dns 2025-04-01 21:23:57 +02:00
Alexander Kobjolke
289124ed03 feat(emacs): Add docker support 2025-04-01 21:23:21 +02:00
Alexander Kobjolke
5ab4f6b091 feat: Enable resolved service 2025-04-01 21:21:47 +02:00
Alexander Kobjolke
ce246b359c fix(thrall): Remove emacs overlay 2025-03-31 22:27:53 +02:00
Alexander Kobjolke
08dc438dab fix(dregil): Do not use the emacs overlay 2025-03-31 22:26:40 +02:00
Alexander Kobjolke
5aa09155ed fix(emacs): Denote does not provide journal module anymore 2025-03-31 22:24:58 +02:00
Alexander Kobjolke
a55195325c chore: Update inputs 2025-03-31 22:24:27 +02:00
Alexander Kobjolke
22930d0698 feat: Enable nh tool on thrall and dregil 2025-03-24 22:32:57 +01:00
Alexander Kobjolke
63c2616be9 chore: Update inputs 2025-03-21 22:36:01 +01:00
Alexander Kobjolke
fec220bab5 thrall: Fix sending mails from kobjolke.de 2025-03-21 19:32:21 +01:00
Alexander Kobjolke
a9da0426fb dregil: Update config 2025-03-14 23:08:00 +01:00
Alexander Kobjolke
dc3725a83d dregil: Enable hyprland window manager 2025-03-11 21:54:13 +01:00
Alexander Kobjolke
c615a6b4e7 feat(dregil): Set grub theme 2025-03-11 21:54:13 +01:00
Alexander Kobjolke
75c91e50c1 droid: Update nix-on-droid config 2025-03-03 22:42:07 +01:00
Alexander Kobjolke
fdc39770f8 chore: Update inputs 2025-02-26 15:20:43 +01:00
Alexander Kobjolke
dd7433d5b7 chore: Move overlay to OS config 2025-02-26 15:15:39 +01:00
Alexander Kobjolke
0d0ea496f1 chore: Update inputs 2025-01-26 14:39:46 +01:00
Alexander Kobjolke
b5d08ed8fd feat: Enable kotlin in emacs 2025-01-26 14:39:10 +01:00
Alexander Kobjolke
d47fd598ce chore: Update inputs 2025-01-25 12:10:28 +01:00
Alexander Kobjolke
49df2ca301 chore: Update to unstable and pass stable packages down to home-manager 2025-01-01 12:17:39 +01:00
Alexander Kobjolke
a85c016116 chore: Update nixpkgs to 24.11 2024-12-31 00:40:27 +01:00
Alexander Kobjolke
b302404692 emacs: Disable elfeed-web 2024-12-31 00:40:27 +01:00
Alexander Kobjolke
fda76d6548 thrall: Add dregil to syncthing config 2024-12-23 20:44:48 +01:00
Alexander Kobjolke
e093922388 igor: Install devenv 2024-12-18 10:16:04 +01:00
Alexander Kobjolke
5e47764aef igor: Setup syncthing 2024-12-18 10:15:37 +01:00
Alexander Kobjolke
0fb9ad732a vsftpd: Set umask so that paperless may read 2024-12-18 00:27:42 +01:00
Alexander Kobjolke
c256cf8f02 vsftpd: Move ftp dir into subdir of home 2024-12-17 02:50:50 +01:00
Alexander Kobjolke
65e8138c06 igor: Install lftp 2024-12-17 02:49:45 +01:00
Alexander Kobjolke
01f8ccd84e vsftpd: Add port 20 to firewall rules 2024-12-17 02:09:52 +01:00
Alexander Kobjolke
9cc0f071de igor: Enable direnv 2024-12-17 02:08:12 +01:00
Alexander Kobjolke
93890cb591 igor: do not create db and user 2024-12-16 23:58:28 +01:00
Alexander Kobjolke
2a931e3cc6 igor: Configure wifi declaratively 2024-12-16 23:53:34 +01:00
Alexander Kobjolke
d214fb8aa0 vsftpd: Switch to virtual users 2024-12-16 14:03:19 +01:00
Alexander Kobjolke
499ff0ef62 igor: Enable mysql port 2024-12-15 21:43:15 +01:00
Alexander Kobjolke
8342f5a72b igor: disable mysql due to startup issues 2024-12-14 23:08:03 +01:00
Alexander Kobjolke
54be778731 thrall: Extract mosh config 2024-12-14 23:05:08 +01:00
Alexander Kobjolke
00d33dad5a igor: Switch to disko config 2024-12-14 19:34:28 +01:00
Alexander Kobjolke
3cf1677ba8 igor: Enable vsftpd 2024-12-13 23:27:55 +01:00
Alexander Kobjolke
981e98da94 igor: Update config 2024-12-13 21:50:54 +01:00
Alexander Kobjolke
dac0dec0f3 igor: Update config 2024-12-13 21:37:01 +01:00
Alexander Kobjolke
685d8ade01 igor: Adapt disk layout 2024-12-13 16:08:47 +01:00
Alexander Kobjolke
a029bd12e4 home: Switch to i3lock instead of betterlockscreen 2024-12-07 21:06:10 +01:00
Alexander Kobjolke
bbad254bf0 thrall: Enable tailscale 2024-11-30 22:16:02 +01:00
Alexander Kobjolke
9ffbe2ba40 dregil: Enable tailscale 2024-11-30 22:14:42 +01:00
Alexander Kobjolke
e3c1e4991d thrall: Allow syncthing via port 40005 2024-11-30 21:57:45 +01:00
Alexander Kobjolke
b84431dfe9 home: Install devenv 2024-11-30 21:57:45 +01:00
Alexander Kobjolke
e183e6be0a paperless: Allow digitally signed PDFs 2024-11-30 21:57:45 +01:00
Alexander Kobjolke
fad45166cd emacs: Add racket and enhance org config 2024-11-30 21:57:45 +01:00
Alexander Kobjolke
c30db4076b igor: Update configuration 2024-11-27 23:48:35 +01:00
Alexander Kobjolke
d0c2f61177 chore: Update flake inputs 2024-11-27 23:48:18 +01:00
Alexander Kobjolke
3c481a5f9a feat(home): Enable autorandr 2024-11-27 22:18:55 +01:00
Alexander Kobjolke
f5a10d5570 feat(xmonad): Add keybindings for transparency 2024-11-12 21:04:01 +01:00
Alexander Kobjolke
8dada77420 feat(emacs): Add a function to set the transparency 2024-11-12 20:53:55 +01:00
Alexander Kobjolke
5cc34027d8 emacs: Enable purescript support 2024-11-07 21:45:06 +01:00
Alexander Kobjolke
b9cf1d169d home: Install xournalpp a PDF editor 2024-11-07 21:44:50 +01:00
Alexander Kobjolke
5dd1b564fe feat(dregil): Enable podman 2024-11-07 21:44:30 +01:00
Alexander Kobjolke
d7bfd4b561 emacs: Enable some helpful packages 2024-10-28 23:01:31 +01:00
Alexander Kobjolke
0f8f83be89 home: Enable rclone 2024-10-28 22:27:03 +01:00
Alexander Kobjolke
c3d96dc35e home: Disable calibre for now 2024-10-28 22:27:00 +01:00
Alexander Kobjolke
1246c89369 email: Add afew tagger for notmuch 2024-10-28 22:24:10 +01:00
Alexander Kobjolke
ec351d3e3f home: Add scummvm 2024-10-20 10:31:27 +02:00
Alexander Kobjolke
66f36c191b home: Add google-chrome 2024-10-20 10:31:27 +02:00
Alexander Kobjolke
a8f3c76c38 emacs: Add racket support 2024-10-20 10:31:27 +02:00
Alexander Kobjolke
76cd942f9e xmonad: Switch bindings for scratchpads 2024-10-20 10:31:27 +02:00
Alexander Kobjolke
564ac76edc xmonad: Allow to unfloat windows with M-y 2024-10-20 10:31:26 +02:00
Alexander Kobjolke
56ec718145 dregil: Adapt to new nixos sound settings 2024-10-20 10:31:26 +02:00
Alexander Kobjolke
1f9d373ddb chore: Update flake inputs 2024-10-20 10:31:24 +02:00
Alexander Kobjolke
0e0c620c54 chore: Update flake inputs 2024-07-30 10:04:00 +02:00
Alexander Kobjolke
8f8e67ebcb chore: Update flakes 2024-06-28 11:53:17 +02:00
Alexander Kobjolke
7fabd0d30b feat(emacs): Allow magit to fetch with --force 2024-06-16 20:59:18 +02:00
Alexander Kobjolke
de960b7cc9 feat(xmonad): Switch hotkeys for shell and emacs scratchpads 2024-06-11 18:40:06 +02:00
Alexander Kobjolke
6505df5d8a feat(nix): Trust devenv cachix cache 2024-06-02 10:52:37 +02:00
Alexander Kobjolke
da621066c1 feat(home): Add petry.alexander@gmail.com mail account 2024-06-02 10:52:37 +02:00
Alexander Kobjolke
5e53de014a feat(emacs): Let lsp ignore devenv and rust target directories 2024-06-02 10:49:41 +02:00
Alexander Kobjolke
a5e131cb3c feat(home): Configure alex@jakalx.net account 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
36a0e575aa feat(xmonad): Configure keys to manage multiple screens 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
7ecdde85db chore(nix): Update flakes 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
807b895cc0 feat(dregil): Enable devenv 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
02a4c192d4 feat(dregil): Remove extra nvidia modules package 
It conflicted with the beta version of the nvidia drivers.
 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
d3af015295 chore(nix): Reformat code 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
afec0b2775 chore(emacs): Update emacs configuration 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
548cf19a72 chore(flake): Update flake inputs 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
d5917fe054 chore(emacs): Remove straight native compilation workaround 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
3df71d64c2 feat(emacs): Replace mu4e by notmuch 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
f6ae0a45d9 feat(flake): Add nix language server to default shell 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
1ec7d39b30 feat(home): Add email module and configure first account 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
5ce6f7b688 feat(xmonad): Let steam windows float 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
e0c29fd0e6 chore: Reformat jq.nix 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
b1522ff8cb feat(gaming): Install wine64 and bottles 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
ff8d07431a feat(emacs): Update doom emacs config 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
d5fffd6e72 feat(emacs): Configure denote journal support 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
b9fa236d7a chore: Reformat using rfc formatter 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
cc47451590 chore(emacs): Cleanup config 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
cb9a2e7ba4 feat(emacs): Configure an escape sequence 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
a2af91bdf5 feat(emacs): Let org-mode log into a drawer 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
cd13214441 feat(emacs): Disable auto-formatting for cmake 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
dac82b522e fix(emacs): Replace removed activities-save 
`activities-save` had been removed upstream, I currently replace it by
delegating to `activities-define`.
 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
ecbd17070b feat(emacs): Add protobuf-mode and systemd-mode 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
3d75efbdb0 chore!(emacs): Remove org roam support from doom config 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
340be14a8d chore!(flake): Update inputs 
This update required a change to 'nixfmt' which got replaced by either
'nixfmt-classic' or 'nixfmt-rfc-style' - I settled with the latter thus
the required whitespace change.
 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
5a37f8c449 feat(thrall): Use git-sync on org 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
88878e82b1 feat(git-sync): Put git-sync behind an option 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
f340a71aed feat(sync): Share paperless folder to dregil 2024-05-28 20:35:19 +02:00
Alexander Kobjolke
e7139f2d8c feat(sync): Do not share org from thrall to dregil 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
04a5544fc8 feat(home): Use username from filename for rofi-pass 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
d72474a3e7 fix(paperless): Try to workaround a bug in classification 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
2df78829b6 feat(xmonad): Use BSP layout by default 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
89c31dceb4 feat: Migrate from gitea to forgejo 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
a1961bc685 fix(dregil): Remove nixpkgs-unstable references 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
749dbb765d feat: Migrate from gitea to forgejo 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
bd7e5f5d14 feat!(hledger): Use own replacement for hledger-web service 
The service definition in current unstable is broken since
`--capabilities` was replaced by `--allow`.
 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
ab1ea042b9 feat!(thrall): Update to nixos-unstable 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
27749dcf2e fix(syncthing): Do not pass -wait option 
The option is not supported by syncthing anymore.
 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
ab4f75c23f chore(dregil): Update nixpkgs and home-manager 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
0c7f243d42 chore: Update emacs 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
21bb4d0dc9 feat(home): Configure dark mode for zathura 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
4be769b23f feat(emacs): Use map! to bind org-gtd keys 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
4ba8d8930b feat(emacs): Use map! macro to bind activity keys 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
e27d41f8b6 feat(emacs): Use relative line numbers 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
9a2c1f1d46 fix(home): Start syncthing tray and wait 
The tray might not yet be available, by specifying `--wait`, we can tell
syncthing-tray to wait for the tray to be available.
 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
0c6b23849f feat(home): Add simplex-chat desktop app 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
6fcd3d801e feat(dregil): Allow connection to 5223 (simplex-desktop) 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
684444c73e feat(home): Enable network-manager applet service 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
530fb19b5b feat(gpg): Increase TTL of agent entries 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
9687657684 feat(emacs): Configure activities.el 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
21802e9811 fix(emacs): Use org-gtd-engage without context 
Using `org-gtd-engage-grouped-by-context` currently bails out with an error.
 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
76af33cbed feat(home): Configure git-sync for ~/org 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
4f62902ad5 feat(home): Enable syncthing and tray service 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
d88ee22bd6 feat(home): Enable syncthing and tray service 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
e97ecf3f58 dregil: Allow port 5223 for simplex desktop 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
e6e21cd0fa home(doom): Use master branch of activities.el 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
d35fe2e206 home(gpg): Fix issue related missing pinentry 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
49842b7ee1 flake: Update nixpkgs-unstable and related 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
e72b9e4a80 xmonad: Bind M-s M-s to emacsclient scratchpad 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
226329be4d home: Move jitsi-meet into a module 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
ef3f8054aa home: Remove system-wide xmonad config 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
ab4a95d968 home: Configure xmonad via home-manager 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
6d33824dfc security: Move sudo configuration into module 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
8121d120e8 feat(home): Enable blueman-applet service 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
9581916e46 feat(flake): Add envrc 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
3b7f43d4e8 feat(git): Ignore direnv, bak and pre-commit hook 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
203749c452 feat(xmonad): Add scratchpads for a shell and emacs 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
e67f5fed51 thrall: Consume paperless recursively 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
948d7feb16 thrall: Share paperless consumption directory via syncthing 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
942e0344ee emacs: Enable activities package 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
8bbebbac64 xmonad: Manage fullscreen games correctly 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
f414e47b26 emacs: Define custom lsp actions after lsp-haskell 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
eb99c26416 emacs: Deactivate custom lsp actions 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
7a8e29c90e xmonad: Reformat main and config 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
329b60662a flake: Setup a devShell for haskell 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
bc675f00ac xmonad: Remove unused layouts 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
05647a01dd emacs: Add org-bookmark-heading 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
56d9b0d93e xmonad: Handle volume keys 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
579901e786 git: Add extra config 
- pull via rebase by default
- use three-way-diff
- recurse into submodules
 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
68febb367a modules: Add hardening configuration 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
46858f8f95 emacs: Add support for haskell wingman 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
4736e5ef59 wm: Do not export xorg config to /etc 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
28e54b2da9 home: Remove rofi from generic home config 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
6e09ba12c6 xmonad: Allow to set brightness also via F keys 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
e9f16c7c27 screen-locker: Configure betterlockscreen 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
31952a940b xmonad: Add scrot to system packages 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
d5a0aded56 xmonad: Varios layout and binding improvements 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
5364735b8c xmonad: Allow to set brightness 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
0dd08b867e shell: Define aliases for nixos-rebuild 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
5096cf2655 polybar: Add backlight and battery modules 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
e7df10f4b0 wm: Add module to set backlight 
It's currently not used since it did not work as expected.
 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
617d9c5318 xmonad: Run rofi-pass to fill in passwords 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
b71cdcc218 xmonad: Run rofi as an appLauncher 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
6f0ed7ad88 xmonad: Remove commented code 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
7da89d2409 alex: Enable picom as a compositor 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
efbdccacbb services: Add compositor picom 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
ba0a4ff306 xmonad: Disable magnification of selected window 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
c936e29aeb xmonad: Remove configuration from home 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
020edd4fc9 rofi: Use gruvbox theme 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
e52b0e0d8a alex: Enable polybar dunst and udiskie services 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
feda238463 udiskie: Add basic config for automounter 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
30202dd3d0 services: Add configuration for dunst 
dunst is a notification daemon.
 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
7fc99ce334 dregil: Import path instead of default.nix 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
3dec08779d polybar: Add basic setup of polybar 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
3a367e9f4f xmonad: Setup a basic xmonad config 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
71dbb652b8 dregil: Disable touchpad tapping 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
649eeae81b feat(home): Move zsh config to shell module 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
59e86c9580 feat(dregil): Enable AppImage binfmt support 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
7879575e1b feat(home): Enable git-cliff changelog generator 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
9267060976 home: Enable 'fzf' 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
d57a732a75 home: Enable 'jq' 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
33de3c1f70 home: Enable rofi program launcher 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
5e6aaabb6d xmonad: Move config from home to system 2024-05-28 20:35:18 +02:00
Alexander Kobjolke
3f138a5d76 xmonad: Put module into its own directory 2024-05-28 20:35:18 +02:00
67 changed files with 3498 additions and 826 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake

448
flake.lock generated
View file

@ -6,14 +6,15 @@
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
]
],
"systems": "systems"
},
"locked": {
"lastModified": 1701216516,
"narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
"lastModified": 1745630506,
"narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
"owner": "ryantm",
"repo": "agenix",
"rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
"rev": "96e078c646b711aee04b82ba01aefbff87004ded",
"type": "github"
},
"original": {
@ -46,11 +47,11 @@
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
@ -67,11 +68,11 @@
]
},
"locked": {
"lastModified": 1706302763,
"narHash": "sha256-Le1wk75qlzOSfzDk8vqYxSdoEyr/ORIbMhziltVNGYw=",
"lastModified": 1746695594,
"narHash": "sha256-pAAWYs3S+/tY65vemHZdVSXpeIz4JINEJZoPoBjr8JU=",
"owner": "nix-community",
"repo": "disko",
"rev": "f7424625dc1f2e4eceac3009cbd1203d566feebc",
"rev": "6bb82b77ce140137177e30df067759931ab60a73",
"type": "github"
},
"original": {
@ -80,36 +81,51 @@
"type": "github"
}
},
"emacs": {
"distro-grub-themes": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs"
]
},
"locked": {
"lastModified": 1702399955,
"narHash": "sha256-FnB5O1RVFzj3h7Ayf7UxFnOL1gsJuG6gn1LCTd9dKFs=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "47798c4ab07d5f055bb2625010cf6d8e3f384923",
"lastModified": 1734806114,
"narHash": "sha256-FWkDtoLMTTk2Lz4d4LkFjtV/xYyIlpwZlX5Np1QhXls=",
"owner": "AdisonCavani",
"repo": "distro-grub-themes",
"rev": "ebbd17419890059e371a6f2dbf2a7e76190327d4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "emacs-overlay",
"owner": "AdisonCavani",
"repo": "distro-grub-themes",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@ -120,14 +136,14 @@
},
"flake-utils": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@ -136,6 +152,27 @@
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -144,31 +181,11 @@
]
},
"locked": {
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager-unstable": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1702538064,
"narHash": "sha256-At5GwJPu2tzvS9dllhBoZmqK6lkkh/sOp2YefWRlaL8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0e2e443ff24f9d75925e91b89d1da44b863734af",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
@ -184,16 +201,15 @@
]
},
"locked": {
"lastModified": 1702195709,
"narHash": "sha256-+zRjWkm5rKqQ57PuLZ3JF3xi3vPMiOJzItb1m/43Cq4=",
"lastModified": 1746719124,
"narHash": "sha256-KOL73WIjO00ds1oIe+5HAcGcpd/TfE6dymmmYbiSlYM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6761b8188b860f374b457eddfdb05c82eef9752f",
"rev": "3c59c5132b64e885faca381e713b579dcbddba75",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
@ -203,15 +219,14 @@
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
],
"utils": "utils"
]
},
"locked": {
"lastModified": 1663932797,
"narHash": "sha256-IH8ZBW99W2k7wKLS+Sat9HiKX1TPZjFTnsPizK5crok=",
"lastModified": 1709445365,
"narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "de3758e31a3a1bc79d569f5deb5dac39791bf9b6",
"rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
"type": "github"
},
"original": {
@ -230,11 +245,11 @@
"nmt": "nmt"
},
"locked": {
"lastModified": 1666720474,
"narHash": "sha256-iWojjDS1D19zpeZXbBdjWb9MiKmVVFQCqtJmtTXgPx8=",
"lastModified": 1705252799,
"narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"rev": "14876cc8fe94a3d329964ecb073b4c988c7b61f5",
"rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
"type": "github"
},
"original": {
@ -250,125 +265,32 @@
"nixpkgs": [
"nixpkgs-droid"
],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd_2"
},
"locked": {
"lastModified": 1688144254,
"narHash": "sha256-8KL1l/7eP2Zm1aJjdVaSOk0W5kTnJo9kcgW03gqWuiI=",
"lastModified": 1720396533,
"narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=",
"owner": "t184256",
"repo": "nix-on-droid",
"rev": "2301e01d48c90b60751005317de7a84a51a87eb6",
"rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25",
"type": "github"
},
"original": {
"owner": "t184256",
"ref": "release-23.05",
"ref": "release-24.05",
"repo": "nix-on-droid",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1702346276,
"narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
"lastModified": 1746461020,
"narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-22_11": {
"locked": {
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1704290814,
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-droid": {
"locked": {
"lastModified": 1702350026,
"narHash": "sha256-A+GNZFZdfl4JdDphYKBJ5Ef1HOiFsP18vQe9mqjmUis=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9463103069725474698139ab10f17a9d125da859",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1686921029,
"narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1702221085,
"narHash": "sha256-Br3GCSkkvkmw46cT6wCz6ro2H1WgDMWbKE0qctbdtL0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c2786e7084cbad90b4f9472d5b5e35ecb57958af",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1705316053,
"narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
"rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae",
"type": "github"
},
"original": {
@ -378,13 +300,76 @@
"type": "github"
}
},
"nixpkgs_2": {
"nixpkgs-24_11": {
"locked": {
"lastModified": 1670751203,
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
"lastModified": 1734083684,
"narHash": "sha256-5fNndbndxSx5d+C/D0p/VF32xDiJCJzyOqorOYW4JEo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
"rev": "314e12ba369ccdb9b352a4db26ff419f7c49fa84",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-24.11",
"type": "indirect"
}
},
"nixpkgs-docs": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-droid": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1732014248,
"narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "23e89b7da85c3640bbc2173fe04f4bd114342367",
"type": "github"
},
"original": {
@ -410,19 +395,25 @@
}
},
"nmd_2": {
"flake": false,
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
],
"scss-reset": "scss-reset"
},
"locked": {
"lastModified": 1666190571,
"narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
"owner": "rycee",
"lastModified": 1705050560,
"narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
"owner": "~rycee",
"repo": "nmd",
"rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
"type": "gitlab"
"rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
"type": "sourcehut"
},
"original": {
"owner": "rycee",
"owner": "~rycee",
"repo": "nmd",
"type": "gitlab"
"type": "sourcehut"
}
},
"nmt": {
@ -441,35 +432,71 @@
"type": "gitlab"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746537231,
"narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "fa466640195d38ec97cf0493d6d6882bc4d14969",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"emacs": "emacs",
"distro-grub-themes": "distro-grub-themes",
"home-manager": "home-manager_2",
"home-manager-unstable": "home-manager-unstable",
"nix-on-droid": "nix-on-droid",
"nixpkgs": "nixpkgs",
"nixpkgs-droid": "nixpkgs-droid",
"nixpkgs-unstable": "nixpkgs-unstable",
"snm": "snm"
"pre-commit-hooks": "pre-commit-hooks",
"snm": "snm",
"stable": "stable"
}
},
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1631450058,
"narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
}
},
"snm": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_2",
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
"utils": "utils_2"
"nixpkgs-24_11": "nixpkgs-24_11"
},
"locked": {
"lastModified": 1703666786,
"narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
"lastModified": 1746637515,
"narHash": "sha256-bUq2uHmsfY3SpJrR4dpncITykufTiD2320JsOKgIYl0=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
"rev": "a7d2b05a9920d90f5eb8076f449acdb6c1ad79ca",
"type": "gitlab"
},
"original": {
@ -479,6 +506,22 @@
"type": "gitlab"
}
},
"stable": {
"locked": {
"lastModified": 1746557022,
"narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -494,33 +537,18 @@
"type": "github"
}
},
"utils": {
"systems_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}

172
flake.nix
View file

@ -1,17 +1,20 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs-droid.url = "github:NixOS/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
stable.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-droid.url = "github:NixOS/nixpkgs/nixos-24.05";
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
distro-grub-themes = {
url = "github:AdisonCavani/distro-grub-themes";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-unstable = {
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable";
inputs.nixpkgs.follows = "nixpkgs";
};
# simple mailserver
@ -21,15 +24,15 @@
};
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-23.05";
url = "github:t184256/nix-on-droid/release-24.05";
inputs.nixpkgs.follows = "nixpkgs-droid";
};
emacs = {
url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# emacs = {
# url = "github:nix-community/emacs-overlay";
# inputs.nixpkgs.follows = "nixpkgs";
# };
#
# simplex-chat = {
# url = "github:simplex-chat/simplex-chat";
# inputs.nixpkgs.follows = "nixpkgs";
@ -45,51 +48,110 @@
disko.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { home-manager, nixpkgs, nixpkgs-unstable, ... }@inputs: {
nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = let
postfix-overlay = final: prev: {
postfix = nixpkgs-unstable.legacyPackages."x86_64-linux".postfix;
};
in [
({ inputs, lib, ... }: {
nixpkgs = {
config.allowUnfree = true;
overlays = with inputs; [ emacs.overlay postfix-overlay ];
};
nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
})
./hosts/thrall
home-manager.nixosModules.home-manager
outputs =
{
self,
home-manager,
nixpkgs,
stable,
pre-commit-hooks,
...
}@inputs:
{
checks."x86_64-linux" =
let
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
in
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alex = import ./home/alex/cli.nix;
}
];
};
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
tools.fourmolu = pkgs.haskellPackages.fourmolu;
tools.nixfmt = pkgs.nixfmt-rfc-style;
hooks = {
nixfmt-rfc-style.enable = true;
fourmolu.enable = true;
hpack.enable = true;
hlint.enable = true;
ormolu = {
settings.defaultExtensions = [ "GHC2021" ];
};
};
};
};
nixosConfigurations."dregil" = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./hosts/dregil ];
};
nixosConfigurations."igor" = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./hosts/igor ];
};
nixOnDroidConfigurations.default = with inputs;
nix-on-droid.lib.nixOnDroidConfiguration {
nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
inherit system;
};
modules = [
./hosts/redmi
{ nix.registry.nixpkgs.flake = nixpkgs-droid; }
{ nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
(
{ inputs, lib, ... }:
{
nixpkgs = {
config.allowUnfree = true;
# overlays = with inputs; [
# emacs.overlay
# ];
};
}
)
./hosts/thrall
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {
inherit inputs;
};
}
{ home-manager.users.alex = ./hosts/thrall/alex.nix; }
];
};
};
nixosConfigurations."dregil" = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
inherit system;
stable = import inputs.stable { system = "x86_64-linux"; };
};
modules = [ ./hosts/dregil ];
};
nixosConfigurations."igor" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [ ./hosts/igor ];
};
nixOnDroidConfigurations.default =
with inputs;
nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs-droid { };
modules = [
./hosts/redmi
{ nix.registry.nixpkgs.flake = nixpkgs-droid; }
{ nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
];
};
devShells."x86_64-linux".default =
let
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
in
pkgs.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
packages = with pkgs; [
nixfmt-rfc-style
nil
];
};
};
}

73
home/alex/cli.nix
View file

@ -9,11 +9,18 @@ let
};
myEza = if builtins.hasAttr "eza" pkgs then "eza" else "exa";
in {
in
{
imports = [
./programs/neovim/default.nix
./programs/emacs/default.nix
./programs/editorconfig
./programs/jq
./programs/fzf
./programs/git
./programs/jujutsu
./programs/shell
./programs/devenv.nix
];
programs.home-manager.enable = true;
@ -37,7 +44,7 @@ in {
# nix tools
nix-index
nixfmt
nixfmt-rfc-style
# misc
fd # better find
file # info about files
@ -55,13 +62,19 @@ in {
shellcheck
editorconfig-core-c
shfmt
(aspellWithDicts (dicts: with dicts; [ en en-computers en-science de ]))
(aspellWithDicts (
dicts: with dicts; [
en
en-computers
en-science
de
]
))
# system tools
htop-vim # htop with vim bindings
erdtree # du+tree had sex
dua # ncdu but better
fzf
gopass
gopass-jsonapi
@ -80,7 +93,11 @@ in {
nix-prefetch-git
];
home.extraOutputsToInstall = [ "doc" "info" "devdoc" ];
home.extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
xdg.enable = true;
@ -109,7 +126,9 @@ in {
};
programs = {
bash = { enable = true; };
bash = {
enable = true;
};
# better cat
bat.enable = true;
@ -117,28 +136,21 @@ in {
# htop replacement with a nice UI
btop.enable = true;
zsh = {
enable = true;
enableAutosuggestions = true;
oh-my-zsh = {
enable = true;
plugins = [ "git" "fzf" "fd" "z" ];
theme = "simple";
};
};
# better ls with icons and stuff, maybe also try lsd
${myEza} = {
enable = true;
icons = true;
enableAliases = true;
icons = "auto";
};
starship = { enable = true; };
starship = {
enable = true;
};
direnv = {
enable = true;
nix-direnv = { enable = true; };
nix-direnv = {
enable = true;
};
enableZshIntegration = true;
enableBashIntegration = true;
};
@ -148,18 +160,11 @@ in {
settings.git_protocol = "ssh";
};
git = {
enable = true;
ignores = [ "*~" "*.swp" "result" "dist-newstyle" ];
userEmail = user.mail;
userName = user.fullName;
aliases = { st = "status"; };
extraConfig = { init.defaultBranch = "main"; };
};
gpg = {
enable = true;
settings = { homedir = "~/.local/share/gnupg"; };
settings = {
homedir = "~/.local/share/gnupg";
};
};
helix = {
@ -170,7 +175,9 @@ in {
password-store = {
enable = true;
package = pkgs.gopass;
settings = { PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; };
settings = {
PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
};
};
ssh.enable = true;
@ -181,8 +188,8 @@ in {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
defaultCacheTtl = 300;
defaultCacheTtlSsh = 300;
defaultCacheTtl = 7200;
defaultCacheTtlSsh = 7200;
};
home.file.".local" = {

21
home/alex/default.nix
View file

@ -1,11 +1,24 @@
{ config, lib, pkgs, inputs, ... }:
let electron-overlay = final: prev: { electron = final.electron_25; };
in {
{
config,
lib,
pkgs,
inputs,
...
}:
let
electron-overlay = final: prev: { electron = final.electron_25; };
in
{
imports = [ ];
users.users."alex" = {
isNormalUser = true;
extraGroups = [ "input" "networkmanager" "wheel" ];
extraGroups = [
"input"
"networkmanager"
"wheel"
"video"
];
description = "Alexander Kobjolke";
home = "/home/alex";
shell = pkgs.zsh;

91
home/alex/home.nix
View file

@ -1,9 +1,30 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
stable,
...
}:
{
imports = [
./cli.nix
# ./programs/xmonad/default.nix
./programs/rofi
./programs/xmonad
#./programs/i3
./programs/jitsi-meet
./programs/simplex-chat
./programs/zathura
./programs/autorandr
./services/polybar
./services/dunst
./services/udiskie
# ./services/picom
./services/screen-locker
./services/blueman-applet
./services/network-manager
./services/syncthing
./services/git-sync
./modules/email.nix
];
home = {
@ -14,40 +35,40 @@
keyboard.layout = "us";
keyboard.variant = "dvorak";
keyboard.options =
[ "terminate:ctrl_alt_bksp" "caps:escape" "compose:ralt" ];
keyboard.options = [
"terminate:ctrl_alt_bksp"
"caps:escape"
"compose:ralt"
];
packages = with pkgs; [
# social
(jitsi-meet-electron.overrideAttrs (prev: rec {
version = "2023.10.0";
src = fetchurl {
url =
"https://github.com/jitsi/jitsi-meet-electron/releases/download/v${version}/jitsi-meet-x86_64.AppImage";
sha256 = "sha256-zhOx/gdsiQMuOCCE5sn+JNu0WJrH36XfvqqNvE24St8=";
name = "jitsi-meet-electron-${version}.AppImage";
};
})) # jitsi as a stand-alone app
discord # talk to other people
google-chrome
# system tools
uhk-agent # my keyboard
mosh # ssh via udp
rclone
parallel-disk-usage
gdu
# gaming support
lutris
winePackages.stagingFull
stable.bottles
wine64Packages.stagingFull
scummvm
# reading
calibre
xournalpp # pdf editor
];
};
news.display = "silent";
my.git-sync.enable = true;
programs = {
alacritty.enable = true;
# autorandr.enable = true;
browserpass = {
enable = true;
@ -59,35 +80,37 @@
enable = true;
package = pkgs.firefox.override {
cfg = {
nativeMessagingHosts.packages =
[ pkgs.browserpass pkgs.tridactyl-native ];
nativeMessagingHosts.packages = [
pkgs.browserpass
pkgs.tridactyl-native
];
enableGnomeExtensions = true;
};
};
};
mpv.enable = true;
rofi.enable = true;
rofi.pass.enable = true;
zathura.enable = true;
zsh = let
auth-socket-env = ''
export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf -L agent-ssh-socket)"
'';
in {
enable = true;
loginExtra = auth-socket-env;
initExtra = auth-socket-env;
};
zsh =
let
auth-socket-env = ''
export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf -L agent-ssh-socket)"
'';
in
{
enable = true;
loginExtra = auth-socket-env;
initExtra = auth-socket-env;
};
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
sshKeys = [ "9027AB16B9A7C20BD29F30F55CBA054430BF014C" ];
extraConfig = ''
pinentry-program ${pkgs.pinentry.qt}/bin/pinentry
'';
};
# services.autorandr = { enable = true; };
xsession.enable = true;
}

55
home/alex/modules/email.nix Normal file
View file

@ -0,0 +1,55 @@
{
config,
lib,
pkgs,
...
}:
let
mkAccount =
addr:
let
domain = lib.lists.elemAt (lib.strings.splitString "@" addr) 1;
in
{
address = addr;
gpg = {
key = "F2132F0C63730C6BC42BCC2A41A6D13FECA21280";
signByDefault = true;
};
mbsync = {
enable = true;
create = "maildir";
};
passwordCommand = "${lib.getBin pkgs.gopass}/bin/gopass --nosync show -o eMail/${domain}/${addr}";
msmtp.enable = true;
notmuch.enable = true;
realName = "Alexander Kobjolke";
userName = addr;
};
in
{
programs.afew.enable = true;
programs.mbsync.enable = true;
programs.msmtp.enable = true;
programs.notmuch = {
enable = true;
hooks.preNew = "mbsync --all";
};
accounts.email = {
accounts.failco = mkAccount "me@failco.de" // {
primary = true;
imap.host = "thrall.failco.de";
smtp.host = "thrall.failco.de";
};
accounts.jakalx = mkAccount "alex@jakalx.net" // {
imap.host = "thrall.failco.de";
smtp.host = "thrall.failco.de";
};
accounts.google = mkAccount "petry.alexander@gmail.com" // {
flavor = "gmail.com";
};
};
}

12
home/alex/programs/autorandr/default.nix Normal file
View file

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}:
{
config.programs.autorandr = {
enable = true;
};
}

5
home/alex/programs/devenv.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs, ... }:
{
config.home.packages = [ pkgs.devenv ];
}

10
home/alex/programs/emacs/default.nix
View file

@ -1,11 +1,13 @@
{ inputs, config, lib, pkgs, ... }:
{
pkgs,
...
}:
let
emacsclient-wrapper = pkgs.writeShellScriptBin "e" ''
exec ${pkgs.emacs}/bin/emacsclient --reuse-frame --no-wait "$@"
'';
in {
nixpkgs.overlays = [ inputs.emacs.overlay ];
in
{
home = {
sessionPath = [ "$HOME/.emacs.d/bin" ];
packages = [ emacsclient-wrapper ];

396
home/alex/programs/emacs/doom/config.el
View file

@ -3,11 +3,18 @@
;; Place your private configuration here! Remember, you do not need to run 'doom
;; sync' after modifying this file!
(setq ak/at-work? (getenv "I_AM_AT_WORK"))
;; Some functionality uses this to identify you, e.g. GPG configuration, email
;; clients, file templates and snippets.
(setq user-full-name "Alexander Kobjolke"
user-mail-address "me@failco.de")
(setq! user-full-name "Alexander Kobjolke"
user-mail-address "me@failco.de"
auth-sources '("~/.local/share/emacs/authinfo.gpg" "~/.authinfo.gpg" "~/.netrc")
auth-source-cache-expiry nil)
(when ak/at-work?
(setq! user-mail-address "alexander.kobjolke@atlas-elektronik.com"))
;; Doom exposes five (optional) variables for controlling fonts in Doom. Here
;; are the three important ones:
@ -25,38 +32,60 @@
;; There are two ways to load a theme. Both assume the theme is installed and
;; available. You can either set `doom-theme' or manually load a theme with the
;; `load-theme' function. This is the default:
(setq doom-theme 'doom-gruvbox)
(setq! doom-theme 'doom-gruvbox)
(setq! doom-localleader-key ",")
(setq! doom-localleader-alt-key "M-,")
(require 're-builder)
(setq reb-re-syntax 'string)
;; If you use `org' and don't want your org files in the default location below,
;; change `org-directory'. It must be set before org loads!
(setq org-directory "~/org/"
org-roam-directory (file-truename "~/org/notes"))
(setq! reb-re-syntax 'string)
;; do not create a new workspace for each emacsclient
(after! persp-mode
  (setq persp-emacsclient-init-frame-behaviour-override "main"))
;; (after! persp-mode
;;   (setq! persp-emacsclient-init-frame-behaviour-override "main"))
(defun my/org-id-update-org-roam-files ()
"Update Org-ID locations for all Org-roam files."
(interactive)
(org-id-update-id-locations (org-roam-list-files)))
(after! lsp
(add-to-list 'lsp-file-watch-ignored-directories "[/\\\\]\\.devenv\\'")
(add-to-list 'lsp-file-watch-ignored-directories "[/\\\\]target\\'")
)
(defun set-frame-alpha (arg &optional active)
"Interactively set the transparency of the active frame"
(interactive "nEnter alpha value (1-100): \np")
(let* ((elt (assoc 'alpha default-frame-alist))
(old (frame-parameter nil 'alpha))
(new (cond ((atom old) `(,arg ,arg))
((eql 1 active) `(,arg ,(cadr old)))
(t `(,(car old) ,arg)))))
(if elt (setcdr elt new) (push `(alpha ,@new) default-frame-alist))
(set-frame-parameter nil 'alpha new)))
(defun my/org-id-update-id-current-file ()
"Scan the current buffer for Org-ID locations and update them."
(interactive)
(org-id-update-id-locations (list (buffer-file-name (current-buffer)))))
(setq undo-limit 80000000 ; Raise undo-limit to 80Mb
evil-want-fine-undo t ; By default while in insert all changes are one big blob. Be more granular
auto-save-default t ; Nobody likes to loose work, I certainly don't
)
(setq! undo-limit 80000000 ; Raise undo-limit to 80Mb
auto-save-default t ; Nobody likes to loose work, I certainly don't
;; switch-to-buffer-in-dedicated-window 'pop
;; switch-to-buffer-obey-display-actions t
)
;; tweak some VI defaults
(after! evil
(setq! evil-ex-substitute-global t ; I like my s/../.. to be global by default
evil-move-cursor-back nil ; Don't move the block cursor when toggling insert mode
evil-want-fine-undo t ; By default while in insert all changes are one big blob. Be more granular
evil-want-Y-yank-to-eol t
evil-escape-key-sequence "qq" ; define an escape sequence
evil-escape-delay 0.175
evil-move-beyond-eol t ; let the cursor move beyond eol just as in regular emacs
evil-kill-on-visual-paste nil ; Don't put overwritten text in the kill ring
evil-snipe-override-evil-repeat-keys nil))
;; This determines the style of line numbers in effect. If set to `nil', line
;; numbers are disabled. For relative line numbers, set this to `relative'.
(setq display-line-numbers-type t)
(setq! display-line-numbers-type 'relative)
;; mouse
;; enable mouse reporting for terminal emulators
@ -69,82 +98,172 @@
(interactive)
(scroll-up 1))))
;; disable highlight lines
;(remove-hook 'doom-first-buffer-hook #'global-hl-line-mode)
(setq haskell-process-type 'cabal-new-repl)
(setq evil-snipe-override-evil-repeat-keys nil)
(setq doom-localleader-key ",")
(setq doom-localleader-alt-key "M-,")
(use-package! org
:config (setq org-log-into-drawer t
org-todo-keywords '(
(sequence "NEXT(n)" "TODO(t)" "WAIT(w@/!)" "|" "DONE(d!)" "CNCL(k@)")
(sequence "[ ](T)" "[-](S)" "[?](W)" "|" "[X](D)")
)))
:init
;; If you use `org' and don't want your org files in the default location below,
;; change `org-directory'. It must be set before org loads!
(setq! org-directory "~/org/")
(setq! org-log-into-drawer t
org-agenda-include-diary t
org-agenda-sticky t
org-todo-keywords '(
(sequence "NEXT(n)" "TODO(t)" "WAIT(w@/!)" "|" "DONE(d!)" "CNCL(k@)")
(sequence "[ ](T)" "[-](S)" "[?](W)" "|" "[X](D)")
)
org-tag-alist '(
;; Places
("@home" . ?h)
("@work" . ?w)
(use-package! org-ql)
;; devices
("@phone" . ?p)
("@computer" . ?c)
(use-package! elfeed-web)
;;
("@email" . ?e)
))
:config
(use-package! org-ql)
(use-package! org-modern)
(use-package! org-bookmark-heading)
(add-hook! 'org-mode-hook #'+org-init-keybinds-h))
(use-package! org-contacts
:after org
:custom (org-contacts-files '("~/org/contacts.org")))
(use-package! activities
:demand t
:config
(defun ak/activities-define--with-prefix-arg ()
"Call 'C-u activities-define' in order to save the current activity."
(interactive)
(let ((current-prefix-arg '(4)))
(call-interactively #'activities-define)))
(activities-mode)
(activities-tabs-mode)
(setopt tab-bar-show 1)
(map!
(:prefix-map ("C-c a" . "Activities")
:desc "Switch activity" "a" #'activities-switch
:desc "Resume activity" "r" #'activities-resume
:desc "Create new activity" "n" #'activities-new
:desc "List activities" "l" #'activities-list
:desc "Save current activity " "s" #'ak/activities-define--with-prefix-arg
:desc "Save all activities" "S" #'activities-save-all
:desc "Revert activity to default" "R" #'activities-revert
)
)
)
(when ak/at-work?
(after! forge
(add-to-list 'forge-alist '("gitlab.atlas.de" "gitlab.atlas.de/api/v4" "gitlab.atlas.de" forge-gitlab-repository)))
(after! haskell-mode
(setq haskell-process-type 'cabal-new-repl))
(setq! plantuml-jar-path "~/opt/plantuml.jar")
(setq! org-plantuml-jar-path plantuml-jar-path)
(after! lsp
(add-to-list 'lsp-disabled-clients 'cmakels))
(add-to-list '+format-on-save-disabled-modes 'cmake-mode)
(add-to-list '+format-on-save-disabled-modes 'nxml-mode)
(use-package! code-review
:init
(setq code-review-auth-login-marker 'forge)
;; (setq code-review-gitlab-host "gitlab.atlas.de/api")
;; (setq code-review-gitlab-graphql-host "gitlab.atlas.de/api")
:config
(add-hook 'code-review-mode-hook
(lambda ()
;; include *Code-Review* buffer into current workspace
(persp-add-buffer (current-buffer))))))
(after! magit
(transient-append-suffix 'magit-fetch "-t"
'("-f" "Bypass safety checks" "--force"))
)
(setq ak/bibliography (list (concat org-directory "references.bib")))
;(setq org-cite-global-bibliography (list (concat org-directory "references.bib")))
;; (setq org-cite-global-bibliography (list (concat org-directory "references.bib")))
(setq! bibtex-completion-bibliography ak/bibliography)
(setq! citar-bibliography ak/bibliography)
;; Use an ISO date format for ledger entries
(setq ledger-default-date-format "%Y-%m-%d"
ledger-binary-path "hledger"
ledger-report-auto-width nil
ledger-mode-should-check-version nil
ledger-init-file-name " "
ledger-post-amount-alignment-column 58
ledger-report-native-highlighting-arguments '("--color=always")
ledger-highlight-xact-under-point t)
(after! ledger-mode
(setq!
;; Use an ISO date format for ledger entries
ledger-default-date-format "%Y-%m-%d"
ledger-binary-path "hledger"
ledger-report-auto-width nil
ledger-mode-should-check-version nil
ledger-init-file-name " "
ledger-post-amount-alignment-column 58
ledger-report-native-highlighting-arguments '("--color=always")
ledger-highlight-xact-under-point t)
(setq ledger-reports
'(("bal" "%(binary) -f %(ledger-file) bal -B")
("reg" "%(binary) -f %(ledger-file) reg -B")
("payee" "%(binary) -f %(ledger-file) reg -B @%(payee)")
("account" "%(binary) -f %(ledger-file) reg -B %(account)")))
(setq! ledger-reports
'(("bal" "%(binary) -f %(ledger-file) bal -B")
("reg" "%(binary) -f %(ledger-file) reg -B")
("payee" "%(binary) -f %(ledger-file) reg -B @%(payee)")
("account" "%(binary) -f %(ledger-file) reg -B %(account)"))) )
;; (use-package! ormolu
;; :hook (haskell-mode . ormolu-format-on-save-mode)
;; :bind
;; (:map haskell-mode-map
(after! lsp-haskell
(setq lsp-haskell-formatting-provider "fourmolu"))
(setq lsp-haskell-formatting-provider "fourmolu")
;; tweak some VI defaults
(after! evil
(setq evil-ex-substitute-global t ; I like my s/../.. to by global by default
evil-move-cursor-back nil ; Don't move the block cursor when toggling insert mode
evil-kill-on-visual-paste nil)) ; Don't put overwritten text in the kill ring
;; will define elisp functions for the given lsp code actions, prefixing the
;; given function names with "lsp"
(lsp-make-interactive-code-action wingman-fill-hole "refactor.wingman.fillHole")
(lsp-make-interactive-code-action wingman-case-split "refactor.wingman.caseSplit")
(lsp-make-interactive-code-action wingman-refine "refactor.wingman.refine")
(lsp-make-interactive-code-action wingman-split-func-args "refactor.wingman.spltFuncArgs")
(lsp-make-interactive-code-action wingman-use-constructor "refactor.wingman.useConstructor")
(setq org-gtd-update-ack "3.0.0")
;; example key bindings
;; (define-key haskell-mode-map (kbd "C-c d") #'lsp-wingman-case-split)
;; (define-key haskell-mode-map (kbd "C-c n") #'lsp-wingman-fill-hole)
;; (define-key haskell-mode-map (kbd "C-c r") #'lsp-wingman-refine)
;; (define-key haskell-mode-map (kbd "C-c c") #'lsp-wingman-use-constructor)
;; (define-key haskell-mode-map (kbd "C-c a") #'lsp-wingman-split-func-args)
)
;; Org GTD support
(use-package! org-gtd
:after org
:demand t
:init
(setq! org-gtd-update-ack "3.0.0")
:config
(setq org-gtd-directory "~/org")
(setq org-gtd-default-file-name "actionable")
(setq org-edna-use-inheritance t)
;(setq org-gtd-areas-of-focus '("house" "haskell" "foss"))
;(setq org-gtd-organize-hooks '(org-gtd-set-area-of-focus org-set-tags-command))
(setf org-gtd-id--generate #'org-id-get-create)
(setq! org-gtd-directory org-directory)
(setq! org-gtd-default-file-name "actionable")
(setq! org-gtd-refile-to-any-target nil)
(setq! org-gtd-engage-prefix-width 40)
(setq! org-edna-use-inheritance t)
;; (setq org-gtd-areas-of-focus '("house" "haskell" "foss"))
(setq org-gtd-organize-hooks nil)
(org-edna-mode)
(map! :leader
:desc "Capture" "X" #'org-gtd-capture
(:prefix ("d" . "org-gtd")
(:prefix-map ("d" . "GTD")
:desc "Capture" "c" #'org-gtd-capture
:desc "Engage" "e" #'org-gtd-engage-grouped-by-context
:desc "Engage" "e" #'org-gtd-engage
:desc "Engage Context" "@" #'org-gtd-engage-grouped-by-context
:desc "Process inbox" "p" #'org-gtd-process-inbox
:desc "Show all next" "n" #'org-gtd-show-all-next
(:prefix ("r" . "Review")
:desc "Fix project" "f" #'org-gtd-projects-fix-todo-keywords-for-project-at-point
(:prefix-map ("r" . "Review")
:desc "Stuck projects" "p" #'org-gtd-review-stuck-projects
:desc "Stuck actions" "a" #'org-gtd-review-stuck-single-action-items
:desc "Stuck habits" "h" #'org-gtd-review-stuck-habit-items
@ -152,59 +271,51 @@
))
(map! :map org-gtd-clarify-map
:desc "Organize this item" "C-c C-c" #'org-gtd-organize)
:bind
(("C-c d c" . #'org-gtd-capture)
("C-c d e" . #'org-gtd-engage-grouped-by-context)
("C-c d p" . #'org-gtd-process-inbox)
("C-c d n" . #'org-gtd-show-all-next)
("C-c d r p" . #'org-gtd-review-stuck-projects))
)
(map! (:prefix-map ("C-c d" . "GTD")
:desc "Capture" "c" #'org-gtd-capture
:desc "Engage" "e" #'org-gtd-engage
:desc "Engage Context" "@" #'org-gtd-engage-grouped-by-context
:desc "Process inbox" "p" #'org-gtd-process-inbox
:desc "Show all next" "n" #'org-gtd-show-all-next
:desc "Fix project" "f" #'org-gtd-projects-fix-todo-keywords-for-project-at-point
(:prefix-map ("r" . "Review")
:desc "Stuck projects" "p" #'org-gtd-review-stuck-projects
:desc "Stuck actions" "a" #'org-gtd-review-stuck-single-action-items
:desc "Stuck habits" "h" #'org-gtd-review-stuck-habit-items))))
(defun ak/org-roam-node-insert-immediate (arg &rest args)
(interactive "P")
(let ((args (cons arg args))
(org-roam-capture-templates (list (append (car org-capture-templates) '(:immediate-finish t))))
)
(apply #'org-roam-node-insert args)))
(use-package! org-habit
:after org
:config (setq org-habit-show-habits t
org-habit-preceding-days 35
org-habit-following-days 7
)
)
(after! org-habit
(setq org-habit-show-habits t
org-habit-preceding-days 35
org-habit-following-days 7))
(use-package! org-edna
:after org-gtd
:init
(setq org-edna-use-inheritance t)
:config
(org-edna-mode 1)
)
(use-package! emacsql-sqlite3
:custom
(org-roam-database-connector 'sqlite3))
(org-edna-mode 1))
(use-package! nov
:mode ("\\.epub\\'" . nov-mode)
:config
(setq nov-save-place-file (concat doom-cache-dir "nov-places")))
(use-package! protobuf-mode
:mode ("\\.proto\\'" . protobuf-mode))
(use-package! systemd
:mode ("\\.\\(service\\|target\\|socket\\|timer\\)\\'" . systemd-mode))
(use-package! org-present
:after org)
(use-package! denote
:after org
:config
(setq denote-directory (concat org-directory "/notes")
)
(setq! denote-directory (concat org-directory "/notes"))
(map! :leader
(:prefix ("n" . "notes")
:desc "Denote" "d" #'denote-open-or-create-with-command
(:prefix-map ("n" . "notes")
:desc "Denote" "d" #'denote-open-or-create-with-command
))
:bind
(("C-c n d" . #'denote-open-or-create-with-command))
@ -213,56 +324,61 @@
(use-package! org-super-agenda
:after org-agenda
:init
(setq org-agenda-skip-deadline-if-done t
org-agenda-skip-scheduled-if-done t
org-agenda-include-deadlines t
org-agenda-block-separator nil
org-agenda-compact-blocks t
org-agenda-start-day nil
org-agenda-span 1
org-agenda-start-on-weekday nil
)
(setq org-agenda-custom-commands
'(("a" "Getting Things done"
((agenda "" ((org-agenda-overriding-header "")
(org-super-agenda-groups
'((:name "Today"
:time-grid t
:date today
:order 1)))))
(alltodo "" ((org-agenda-overriding-header "")
(setq! org-agenda-skip-deadline-if-done t
org-agenda-skip-scheduled-if-done t
org-agenda-include-deadlines t
org-agenda-block-separator nil
org-agenda-compact-blocks t
org-agenda-start-day nil
org-agenda-span 1
org-agenda-start-on-weekday nil)
(setq! org-agenda-custom-commands
'(("a" "Getting Things done"
((agenda "" ((org-agenda-overriding-header "")
(org-super-agenda-groups
'(;(:log t)
(:name "Waiting for..."
:todo "WAIT"
:order 1)
(:discard (:not (:todo ("NEXT" "START"))))
(:name "Next actions"
:auto-parent (:todo ("NEXT" "STRT"))
:order 2
)
(:discard (:anything t)
:order 99)
))))
))))
'((:name "Today"
:time-grid t
:date today
:order 1)))))
(alltodo "" ((org-agenda-overriding-header "")
(org-super-agenda-groups
'(;(:log t)
(:name "Waiting for..."
:todo "WAIT"
:order 1)
(:discard (:not (:todo ("NEXT" "STRT"))))
(:name "Next actions"
:auto-parent (:todo ("NEXT" "STRT"))
:order 2
)
(:discard (:anything t)
:order 99)
))))
))))
:config
(org-super-agenda-mode)
)
(use-package! org-fc
:after org
:init
(setq org-fc-directories (concat org-directory "/cards"))
:after org straight
:config
(setq! org-fc-directories (concat org-directory "/cards"))
(setq! org-fc-source-path (concat straight-base-dir "repos/org-fc"))
)
(use-package! vterm
:config
(after! vterm
(setq vterm-min-window-width 50)
)
(use-package! consult-denote
:after denote)
(use-package! cov)
(use-package! casual-suite)
(map! :desc "Move workspace to the left" :leader :n "TAB <" #'+workspace/swap-left)
(map! :desc "Move workspace to the left" :leader :n "TAB >" #'+workspace/swap-right)
(map! :desc "Denote" :leader :n "n d" #'denote)
;; Here are some additional functions/macros that could help you configure Doom:
;;

74
home/alex/programs/emacs/doom/init.el
View file

@ -20,17 +20,18 @@
;;layout ; auie,ctsrnm is the superior home row
:completion
company ; the ultimate code completion backend
;; company ; the ultimate code completion backend
;;helm ; the *other* search engine for love and life
;;ido ; the other *other* search engine...
;;ivy ; a search engine for love and life
(vertico +icons) ; the search engine of the future
(vertico +orderless +icons) ; the search engine of the future
(corfu +orderless +icons +dabbrev)
:ui
;;deft ; notational velocity for Emacs
doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs
;;doom-quit ; DOOM quit-message prompts when you quit Emacs
doom-quit ; DOOM quit-message prompts when you quit Emacs
(emoji +unicode +github +ascii) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;hydra
@ -45,7 +46,7 @@
;;tabs ; a tab bar for Emacs
;;treemacs ; a project drawer, like neotree but cooler
unicode ; extended unicode support for various languages
vc-gutter ; vcs diff in the fringe
(vc-gutter +diff-hl) ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB
(window-select +numbers) ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces
@ -57,10 +58,11 @@
fold ; (nigh) universal code folding
(format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys
;;lispy ; vim for lisp, for people who don't like vim
multiple-cursors ; editing in many places at once
;; lispy ; vim for lisp, for people who don't like vim
multiple-cursors
; editing in many places at once
;;objed ; text object editing for the innocent
;;parinfer ; turn lisp into python, sort of
;; parinfer ; turn lisp into python, sort of
rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to
word-wrap ; soft wrapping with language-aware indent
@ -88,13 +90,13 @@
biblio ; Writes a PhD for you (citation needed)
(debugger +lsp) ; FIXME stepping through code, to help you add bugs
direnv
;;docker
(docker +lsp)
editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls)
;;gist ; interacting with github gists
lookup ; navigate your code and its documentation
lsp ; M-x vscode
(lsp) ; M-x vscode
(magit +forge) ; a git porcelain for Emacs
make ; run make tasks from Emacs
pass ; password manager for nerds
@ -102,9 +104,9 @@
;;prodigy ; FIXME managing external services & code builders
;;rgb ; creating color strings
;;taskrunner ; taskrunner for all your projects
;;terraform ; infrastructure as code
tmux ; an API for interacting with tmux
tree-sitter
(terraform +lsp) ; infrastructure as code
;;upload ; map local to remote projects via ssh/ftp
:os
@ -114,69 +116,69 @@
:lang
;;agda ; types of types of types of types...
;;beancount ; mind the GAAP
(cc +lsp) ; C > C++ == 1
(cc +lsp +tree-sitter) ; C > C++ == 1
;;clojure ; java with a lisp
;;common-lisp ; if you've seen one lisp, you've seen them all
common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c
;;csharp ; unity, .NET, and mono shenanigans
data ; config/data formats
;;(dart +flutter) ; paint ui and not much else
;;dhall
;;elixir ; erlang done right
(elm +lsp) ; care for a cup of TEA?
(elixir +lsp +tree-sitter) ; erlang done right
(elm +lsp +tree-sitter) ; care for a cup of TEA?
emacs-lisp ; drown in parentheses
;;erlang ; an elegant language for a more civilized age
(erlang +lsp +tree-sitter) ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics
;;factor
;;faust ; dsp, but you get to keep your soul
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
(go +lsp) ; the hipster dialect
(go +lsp +tree-sitter) ; the hipster dialect
(graphql +lsp) ; Give queries a REST
(haskell +lsp) ; a language that's lazier than I am
(haskell +lsp +tree-sitter) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on
json ; At least it ain't XML
(json +lsp +tree-sitter) ; At least it ain't XML
(java +lsp +tree-sitter) ; the poster child for carpal tunnel syndrome
javascript ; all(hope(abandon(ye(who(enter(here))))))
;;julia ; a better, faster MATLAB
;;kotlin ; a better, slicker Java(Script)
(kotlin +lsp) ; a better, slicker Java(Script)
latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove
ledger ; be audit you can be
lua ; one-based indices? one-based indices
markdown ; writing docs for people to ignore
(lua +lsp +tree-sitter) ; one-based indices? one-based indices
(markdown +grip) ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c
nix ; I hereby declare "nix geht mehr!"
(nix +lsp +tree-sitter) ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel
(org +roam2 +pandoc +present +gnuplot +noter) ; organize your plain life in plain text
(org +pandoc +present +gnuplot +noter) ; organize your plain life in plain text
;;php ; perl's insecure younger brother
plantuml ; diagrams for confusing people more
;;purescript ; javascript, but functional
python ; beautiful is better than ugly
(purescript +lsp) ; javascript, but functional
(python +lsp +tree-sitter +pyenv) ; beautiful is better than ugly
qt ; the 'cutest' gui framework ever
;;racket ; a DSL for DSLs
(racket +lsp +xp) ; a DSL for DSLs
;;raku ; the artist formerly known as perl6
rest ; Emacs as a REST client
(rest +jq) ; Emacs as a REST client
;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
(rust +lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
(rust +lsp +tree-sitter) ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps
sh ; she sells {ba,z,fi}sh shells on the C xor
(sh +lsp +tree-sitter) ; she sells {ba,z,fi}sh shells on the C xor
;;sml
;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance.
;;web ; the tubes
yaml ; JSON, but readable
;;zig ; C, but simpler
(web +lsp +tree-sitter) ; the tubes
(yaml +lsp +tree-sitter) ; JSON, but readable
(zig +lsp +tree-sitter) ; C, but simpler
:email
(mu4e +org +gmail)
;;notmuch
;; (mu4e +org +gmail)
(notmuch +org +afew)
;;(wanderlust +gmail)
:app
@ -190,7 +192,3 @@
:config
;;literate
(default +bindings +smartparens))
(setq native-comp-deferred-compilation nil)
(after! (doom-packages straight)
(setq straight--native-comp-available t))

16
home/alex/programs/emacs/doom/packages.el
View file

@ -53,6 +53,9 @@
;; :recipe (:host github :repo "username/repo"
;; :files ("some-file.el" "src/lisp/*.el")))
(unpin! compat)
;(unpin! with-editor ghub)
(package! ormolu)
(package! org-gtd
:recipe (:host github :repo "Trevoke/org-gtd.el" :branch "master"))
@ -67,5 +70,16 @@
(package! org-present)
(package! denote)
(package! org-super-agenda)
(package! org-modern)
(package! org-ql)
(package! elfeed-web)
(package! org-contacts)
(package! org-bookmark-heading)
(package! activities
:recipe (:host github :repo "alphapapa/activities.el" :branch "master"))
;; (package! elfeed-web)
(package! systemd)
(package! protobuf-mode)
(package! cov)
(package! modus-themes)
(package! consult-denote)
(package! casual-suite)

5
home/alex/programs/fzf/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
programs.fzf = { enable = true; };
}

64
home/alex/programs/git/default.nix Normal file
View file

@ -0,0 +1,64 @@
{ config, lib, pkgs, ... }:
{
programs.git = {
enable = true;
lfs.enable = true;
ignores = [
"*~"
"*.swp"
"result"
"dist-newstyle"
".direnv"
"*.bak"
".pre-commit-config.yaml"
];
signing = {
key = "41A6D13FECA21280";
signByDefault = false;
};
delta = { enable = true; };
# TODO create option for my own account meta data
userEmail = "me@failco.de";
userName = "Alexander Kobjolke";
extraConfig = {
pull = { rebase = true; };
merge = { conflictstyle = "diff3"; };
submodule = { recurse = true; };
};
aliases = {
a = "add";
c = "commit";
ca = "commit --amend";
can = "commit --amend --no-edit";
cl = "clone";
cm = "commit -m";
co = "checkout";
cp = "cherry-pick";
cpx = "cherry-pick -x";
d = "diff";
f = "fetch";
fo = "fetch origin";
fu = "fetch upstream";
lol = "log --graph --decorate --pretty=oneline --abbrev-commit";
lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";
pl = "pull";
pr = "pull -r";
ps = "push";
psf = "push -f";
rb = "rebase";
rbi = "rebase -i";
r = "remote";
ra = "remote add";
rr = "remote rm";
rv = "remote -v";
rs = "remote show";
st = "status";
};
extraConfig = { init.defaultBranch = "main"; };
};
programs.git-cliff = { enable = true; };
}

15
home/alex/programs/i3/default.nix Normal file
View file

@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
...
}:
{
config.xsession.windowManager.i3 = {
enable = true;
config = {
modifier = "Mod4";
};
};
}

11
home/alex/programs/jitsi-meet/default.nix Normal file
View file

@ -0,0 +1,11 @@
{
config,
lib,
pkgs,
stable,
...
}:
{
config.home.packages = [ stable.jitsi-meet-electron ];
}

12
home/alex/programs/jq/default.nix Normal file
View file

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}:
{
programs.jq = {
enable = true;
};
}

21
home/alex/programs/jujutsu/default.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}:
{
programs.jujutsu = {
enable = true;
settings = {
user.name = config.programs.git.userName;
user.email = config.programs.git.userEmail;
ui.default-command = "log";
aliases.init = [
"git"
"init"
];
};
};
}

20
home/alex/programs/rofi/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
{
config.programs.rofi = {
enable = true;
plugins = with pkgs; [ rofi-calc rofi-emoji ];
terminal = "${pkgs.alacritty}/bin/alacritty";
theme = ./themes/gruvbox-dark-soft.rasi;
pass = {
enable = true;
stores = [ config.programs.password-store.settings.PASSWORD_STORE_DIR ];
extraConfig = ''
default_user=:filename
'';
};
};
# let rofi insert emojis directly
config.home.packages = [ pkgs.xdotool ];
}

191
home/alex/programs/rofi/themes/gruvbox-dark-soft.rasi Normal file
View file

@ -0,0 +1,191 @@
/* ==========================================================================
Rofi color theme
Based on the Gruvbox color scheme for Vim by morhetz
https://github.com/morhetz/gruvbox
File: gruvbox-dark-soft.rasi
Desc: Gruvbox dark (soft contrast) color theme for Rofi
Author: bardisty <b@bah.im>
Source: https://github.com/bardisty/gruvbox-rofi
Modified: Mon Feb 12 2018 06:04:37 PST -0800
========================================================================== */
* {
/* Theme settings */
highlight: bold italic;
scrollbar: true;
/* Gruvbox dark colors */
gruvbox-dark-bg0-soft: #32302f;
gruvbox-dark-bg1: #3c3836;
gruvbox-dark-bg3: #665c54;
gruvbox-dark-fg0: #fbf1c7;
gruvbox-dark-fg1: #ebdbb2;
gruvbox-dark-red-dark: #cc241d;
gruvbox-dark-red-light: #fb4934;
gruvbox-dark-yellow-dark: #d79921;
gruvbox-dark-yellow-light: #fabd2f;
gruvbox-dark-gray: #a89984;
/* Theme colors */
background: @gruvbox-dark-bg0-soft;
background-color: @background;
foreground: @gruvbox-dark-fg1;
border-color: @gruvbox-dark-gray;
separatorcolor: @border-color;
scrollbar-handle: @border-color;
normal-background: @background;
normal-foreground: @foreground;
alternate-normal-background: @gruvbox-dark-bg1;
alternate-normal-foreground: @foreground;
selected-normal-background: @gruvbox-dark-bg3;
selected-normal-foreground: @gruvbox-dark-fg0;
active-background: @gruvbox-dark-yellow-dark;
active-foreground: @background;
alternate-active-background: @active-background;
alternate-active-foreground: @active-foreground;
selected-active-background: @gruvbox-dark-yellow-light;
selected-active-foreground: @active-foreground;
urgent-background: @gruvbox-dark-red-dark;
urgent-foreground: @background;
alternate-urgent-background: @urgent-background;
alternate-urgent-foreground: @urgent-foreground;
selected-urgent-background: @gruvbox-dark-red-light;
selected-urgent-foreground: @urgent-foreground;
}
/* ==========================================================================
File: gruvbox-common.rasi
Desc: Shared rules between all gruvbox themes
Author: bardisty <b@bah.im>
Source: https://github.com/bardisty/gruvbox-rofi
Modified: Mon Feb 12 2018 06:06:47 PST -0800
========================================================================== */
window {
background-color: @background;
border: 2;
padding: 2;
}
mainbox {
border: 0;
padding: 0;
}
message {
border: 2px 0 0;
border-color: @separatorcolor;
padding: 1px;
}
textbox {
highlight: @highlight;
text-color: @foreground;
}
listview {
border: 2px solid 0 0;
padding: 2px 0 0;
border-color: @separatorcolor;
spacing: 2px;
scrollbar: @scrollbar;
}
element {
border: 0;
padding: 2px;
}
element.normal.normal {
background-color: @normal-background;
text-color: @normal-foreground;
}
element.normal.urgent {
background-color: @urgent-background;
text-color: @urgent-foreground;
}
element.normal.active {
background-color: @active-background;
text-color: @active-foreground;
}
element.selected.normal {
background-color: @selected-normal-background;
text-color: @selected-normal-foreground;
}
element.selected.urgent {
background-color: @selected-urgent-background;
text-color: @selected-urgent-foreground;
}
element.selected.active {
background-color: @selected-active-background;
text-color: @selected-active-foreground;
}
element.alternate.normal {
background-color: @alternate-normal-background;
text-color: @alternate-normal-foreground;
}
element.alternate.urgent {
background-color: @alternate-urgent-background;
text-color: @alternate-urgent-foreground;
}
element.alternate.active {
background-color: @alternate-active-background;
text-color: @alternate-active-foreground;
}
scrollbar {
width: 4px;
border: 0;
handle-color: @scrollbar-handle;
handle-width: 8px;
padding: 0;
}
mode-switcher {
border: 2px 0 0;
border-color: @separatorcolor;
}
inputbar {
spacing: 0;
text-color: @normal-foreground;
padding: 2px;
children: [ prompt, textbox-prompt-sep, entry, case-indicator ];
}
case-indicator,
entry,
prompt,
button {
spacing: 0;
text-color: @normal-foreground;
}
button.selected {
background-color: @selected-normal-background;
text-color: @selected-normal-foreground;
}
textbox-prompt-sep {
expand: false;
str: ":";
text-color: @normal-foreground;
margin: 0 0.3em 0 0;
}
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}

28
home/alex/programs/shell/default.nix Normal file
View file

@ -0,0 +1,28 @@
{
config,
lib,
pkgs,
...
}:
{
home.shellAliases = {
suspend = "systemctl hibernate";
nrs = "sudo nixos-rebuild switch --flake ~/src/nixos-config";
nrb = "sudo nixos-rebuild build --flake ~/src/nixos-config";
};
programs.zsh = {
enable = true;
autosuggestion.enable = true;
oh-my-zsh = {
enable = true;
plugins = [
"git"
"fzf"
"z"
];
theme = "simple";
};
};
}

5
home/alex/programs/simplex-chat/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
config.home.packages = [ pkgs.simplex-chat-desktop ];
}

214
home/alex/programs/xmonad/config.hs
View file

@ -1,77 +1,157 @@
import XMonad
import XMonad.Hooks.DynamicLog
import XMonad.Hooks.ManageDocks
import XMonad.Hooks.ManageHelpers
import XMonad.Hooks.StatusBar
import XMonad.Hooks.StatusBar.PP
import XMonad.Util.EZConfig
import XMonad.Util.Loggers
import XMonad.Util.Ungrab
import XMonad.Layout.Magnifier
import XMonad.Layout.ThreeColumns
import XMonad.Actions.CycleWS qualified as WS
import XMonad.Actions.Navigation2D (navigation2DP, windowGo, windowSwap)
import XMonad.Hooks.EwmhDesktops
import XMonad.Hooks.ManageDocks qualified as Docks
import XMonad.Hooks.ManageHelpers (doCenterFloat, doFullFloat, isDialog, isFullscreen)
import XMonad.Hooks.SetWMName
import XMonad.Layout.BinarySpacePartition
import XMonad.Layout.BorderResize (borderResize)
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Layout.ThreeColumns
import XMonad.Layout.ToggleLayouts (ToggleLayout (..), toggleLayouts)
import XMonad.ManageHook (doFloat)
import XMonad.StackSet as W
import XMonad.Util.EZConfig qualified as EZ
import XMonad.Util.NamedScratchpad
import XMonad.Util.Ungrab (unGrab)
import XMonad.Util.WorkspaceCompare qualified as WS
import Control.Monad (when)
import Numeric.Natural
import System.Environment (getArgs)
import System.FilePath ((</>))
import System.Info (arch, os)
import System.Posix.Process (executeFile)
import Text.Printf (printf)
compiledConfig = printf "xmonad-%s-%s" arch os
compileRestart resume = do
dirs <- asks directories
whenX (recompile dirs True) $ do
when resume writeStateToFile
catchIO
( do
args <- getArgs
executeFile (cacheDir dirs </> compiledConfig) False args Nothing
)
myLayout = smartBorders . borderResize . Docks.avoidStruts $ toggleLayouts Full emptyBSP
main :: IO ()
main = xmonad
. ewmhFullscreen
. ewmh
. withEasySB (statusBarProp "xmobar" (pure myXmobarPP)) defToggleStrutsKey
$ myConfig
main = getDirectories >>= launch myConfig
myConfig = def
{ modMask = mod4Mask -- Rebind Mod to the Super key
, layoutHook = myLayout -- Use custom layouts
, manageHook = myManageHook -- Match on certain windows
}
`additionalKeysP`
[ ("M-S-z", spawn "xscreensaver-command -lock")
, ("M-C-s", unGrab *> spawn "scrot -s" )
, ("M-f" , spawn "firefox" )
-- change size of window using direction so that it can be used together with the navigation2D function
-- see: similar to windowGo and windowSwap
windowMoveSplit :: Direction2D -> Bool -> X ()
windowMoveSplit direction _ = sendMessage $ MoveSplit direction
data VolumeCommand
= ToggleVolume
| LowerVolume Natural
| RaiseVolume Natural
interpretVolumeCommand :: VolumeCommand -> String
interpretVolumeCommand command = "amixer -q set Master " <> cmd
where
cmd = case command of
ToggleVolume -> "toggle"
LowerVolume delta -> show delta <> "%-"
RaiseVolume delta -> show delta <> "%+"
changeVolume :: VolumeCommand -> X ()
changeVolume = spawn . interpretVolumeCommand
myWorkspaceFilter :: X WS.WorkspaceSort
myWorkspaceFilter = do
sortXineramaAware <- WS.getSortByXineramaRule
pure $ sortXineramaAware . WS.filterOutWs [scratchpadWorkspaceTag]
scratchpads =
[ NS
"notes"
"emacsclient -c -F '((name . \"gtd\"))'"
(resource =? "gtd")
doCenterFloat
, -- (customFloating $ W.RationalRect (1/6) (1/6) (2/3) (2/3))
NS
"shell"
"alacritty --class scratchpad"
(resource =? "scratchpad")
(customFloating $ W.RationalRect (1 / 6) (1 / 6) (2 / 3) (2 / 3))
]
myManageHook :: ManageHook
myManageHook = composeAll
[ className =? "Gimp" --> doFloat
, isDialog --> doFloat
]
myLayout = tiled ||| Mirror tiled ||| Full ||| threeCol
myConfig =
addEwmhWorkspaceSort myWorkspaceFilter
. ewmhFullscreen
. ewmh
. Docks.docks
. nav
$ def
{ modMask = mod4Mask -- Use Super instead of Alt
, terminal = "alacritty"
, layoutHook = myLayout
, handleEventHook = handleEventHook def <+> fullscreenEventHook
, -- this seems to be necessary to make java gui applications work :(
startupHook = ewmhDesktopsStartup >> setWMName "LG3D"
, manageHook =
mconcat
[ namedScratchpadManageHook scratchpads
, isDialog --> doFloat
, isFullscreen --> doFullFloat
, className =? "steam_proton" --> doFloat
, manageHook def
]
}
`EZ.additionalKeysP` [ ("M-S-z", spawn "xscreensaver-command -lock")
, ("M-S-r", compileRestart True)
, ("M-S-q", restart "xmonad" True)
, ("M-C-s", unGrab *> spawn "scrot -s")
, ("M-S-s", sendMessage Docks.ToggleStruts)
, ("M-f", sendMessage (Toggle "Full"))
, ("M-p", spawn appLauncher)
, ("M-i", spawn passLauncher)
, ("M-w", kill)
, ("M-l", WS.toggleWS)
, ("M-g", WS.prevWS)
, ("M-C-g", WS.swapPrevScreen)
, ("M-S-g", WS.shiftPrevScreen)
, ("M-r", WS.nextWS)
, ("M-C-r", WS.swapNextScreen)
, ("M-S-r", WS.shiftNextScreen)
, -- scratchpads
("M-s M-t", namedScratchpadAction scratchpads "shell")
, ("M-s M-s", namedScratchpadAction scratchpads "notes")
, -- backlight control
("<XF86MonBrightnessDown>", spawn "xbacklight -dec 5")
, ("<XF86MonBrightnessUp>", spawn "xbacklight -inc 5")
, ("<F5>", spawn "xbacklight -dec 5")
, ("<F6>", spawn "xbacklight -inc 5")
, -- transparency
("S-<XF86MonBrightnessDown>", spawn "picom-trans -c -5")
, ("S-<XF86MonBrightnessUp>", spawn "picom-trans -c +5")
, ("M-S-d", spawn "picom-trans -c +5")
, ("M-S-b", spawn "picom-trans -c -5")
, -- volume control
("<XF86AudioMute>", changeVolume ToggleVolume)
, ("<XF86AudioLowerVolume>", changeVolume $ LowerVolume 5)
, ("<XF86AudioRaiseVolume>", changeVolume $ RaiseVolume 5)
, ("M-d", changeVolume $ RaiseVolume 5)
, ("M-b", changeVolume $ LowerVolume 5)
, ("M-a", sendMessage Balance)
, ("M-S-a", sendMessage Equalize)
, ("M-o", sendMessage Rotate)
, ("M-y", withFocused $ windows . W.sink)
]
where
threeCol = magnifiercz' 1.3 $ ThreeColMid nmaster delta ratio
tiled = Tall nmaster delta ratio
nmaster = 1 -- Default number of windows in the master pane
ratio = 1/2 -- Default proportion of screen occupied by master pane
delta = 3/100 -- Percent of screen to increment by when resizing panes
-- navigate using dvorak bindings
nav = navigation2DP def ("c", "h", "t", "n") [("M-", windowGo), ("M-C-", windowSwap), ("M-S-", windowMoveSplit)] True
appLauncher = "rofi -show combi -modes combi -combi-modes window,drun,run,ssh"
passLauncher = "rofi-pass"
myXmobarPP :: PP
myXmobarPP = def
{ ppSep = magenta ""
, ppTitleSanitize = xmobarStrip
, ppCurrent = wrap " " "" . xmobarBorder "Top" "#8be9fd" 2
, ppHidden = white . wrap " " ""
, ppHiddenNoWindows = lowWhite . wrap " " ""
, ppUrgent = red . wrap (yellow "!") (yellow "!")
, ppOrder = \[ws, l, _, wins] -> [ws, l, wins]
, ppExtras = [logTitles formatFocused formatUnfocused]
}
where
formatFocused = wrap (white "[") (white "]") . magenta . ppWindow
formatUnfocused = wrap (lowWhite "[") (lowWhite "]") . blue . ppWindow
-- | Windows should have *some* title, which should not not exceed a
-- sane length.
ppWindow :: String -> String
ppWindow = xmobarRaw . (\w -> if null w then "untitled" else w) . shorten 30
blue, lowWhite, magenta, red, white, yellow :: String -> String
magenta = xmobarColor "#ff79c6" ""
blue = xmobarColor "#bd93f9" ""
white = xmobarColor "#f8f8f2" ""
yellow = xmobarColor "#f1fa8c" ""
red = xmobarColor "#ff5555" ""
lowWhite = xmobarColor "#bbbbbb" ""
-- myManageHook :: ManageHook
-- myManageHook = composeAll
-- [ className =? "Gimp" --> doFloat
-- , isDialog --> doFloat
-- ]

13
home/alex/programs/xmonad/default.nix
View file

@ -1,11 +1,12 @@
{ config, lib, pkgs, ... }:
{
xsession = {
windowManager.command = let
xmonad = pkgs.xmonad-with-packages.override {
packages = self: [ self.xmonad-contrib ];
};
in "${xmonad}/bin/xmonad";
config.xsession.windowManager.xmonad = {
enable = true;
enableContribAndExtras = true;
config = ./config.hs;
};
# control backlight
config.home.packages = [ pkgs.xorg.xbacklight pkgs.scrot ];
}

8
home/alex/programs/zathura/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, lib, pkgs, ... }:
{
config.programs.zathura = {
enable = true;
extraConfig = builtins.readFile ./gruvbox-dark.zathurarc;
};
}

40
home/alex/programs/zathura/gruvbox-dark.zathurarc Normal file
View file

@ -0,0 +1,40 @@
set notification-error-bg "#282828" # bg
set notification-error-fg "#fb4934" # bright:red
set notification-warning-bg "#282828" # bg
set notification-warning-fg "#fabd2f" # bright:yellow
set notification-bg "#282828" # bg
set notification-fg "#b8bb26" # bright:green
set completion-bg "#504945" # bg2
set completion-fg "#ebdbb2" # fg
set completion-group-bg "#3c3836" # bg1
set completion-group-fg "#928374" # gray
set completion-highlight-bg "#83a598" # bright:blue
set completion-highlight-fg "#504945" # bg2
# Define the color in index mode
set index-bg "#504945" # bg2
set index-fg "#ebdbb2" # fg
set index-active-bg "#83a598" # bright:blue
set index-active-fg "#504945" # bg2
set inputbar-bg "#282828" # bg
set inputbar-fg "#ebdbb2" # fg
set statusbar-bg "#504945" # bg2
set statusbar-fg "#ebdbb2" # fg
set highlight-color "#fabd2f" # bright:yellow
set highlight-active-color "#fe8019" # bright:orange
set default-bg "#282828" # bg
set default-fg "#ebdbb2" # fg
set render-loading true
set render-loading-bg "#282828" # bg
set render-loading-fg "#ebdbb2" # fg
# Recolor book content's color
set recolor-lightcolor "#282828" # bg
set recolor-darkcolor "#ebdbb2" # fg
set recolor "true"
# set recolor-keephue true # keep original color

5
home/alex/services/blueman-applet/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
config.services.blueman-applet = { enable = true; };
}

30
home/alex/services/dunst/default.nix Normal file
View file

@ -0,0 +1,30 @@
{
config,
lib,
pkgs,
...
}:
{
config.services.dunst = {
enable = true;
iconTheme = {
name = "Adwaita";
package = pkgs.adwaita-icon-theme;
size = "16x16";
};
settings = {
global = {
monitor = 0;
geometry = "600x50-50+65";
shrink = "yes";
transparency = 10;
padding = 16;
horizontal_padding = 16;
font = "JetBrainsMono Nerd Font 10";
line_height = 4;
format = "<b>%s</b>\\n%b";
};
};
};
}

15
home/alex/services/git-sync/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
let cfg = config.my.git-sync;
in {
options.my.git-sync = { enable = lib.mkEnableOption "git-sync"; };
config.services.git-sync = lib.mkIf cfg.enable {
enable = true;
repositories = {
"org" = {
path = "${config.home.homeDirectory}/org";
uri = "git+ssh://git@git.failco.de:jakalx/org.git";
};
};
};
}

5
home/alex/services/network-manager/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
config.services.network-manager-applet = { enable = true; };
}

15
home/alex/services/picom/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
{
config.services.picom = {
enable = true;
activeOpacity = 1.0;
inactiveOpacity = 0.8;
backend = "glx";
fade = true;
fadeDelta = 5;
opacityRules = [ "100:name *= 'i3lock'" ];
shadow = true;
shadowOpacity = 0.75;
};
}

235
home/alex/services/polybar/config.ini Normal file
View file

@ -0,0 +1,235 @@
;==========================================================
;
;
; ██████╗ ██████╗ ██╗ ██╗ ██╗██████╗ █████╗ ██████╗
; ██╔══██╗██╔═══██╗██║ ╚██╗ ██╔╝██╔══██╗██╔══██╗██╔══██╗
; ██████╔╝██║ ██║██║ ╚████╔╝ ██████╔╝███████║██████╔╝
; ██╔═══╝ ██║ ██║██║ ╚██╔╝ ██╔══██╗██╔══██║██╔══██╗
; ██║ ╚██████╔╝███████╗██║ ██████╔╝██║ ██║██║ ██║
; ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝
;
;
; To learn more about how to configure Polybar
; go to https://github.com/polybar/polybar
;
; The README contains a lot of information
;
;==========================================================
[colors]
background = #282A2E
background-alt = #373B41
foreground = #C5C8C6
primary = #F0C674
secondary = #8ABEB7
alert = #A54242
disabled = #707880
[bar/main]
width = 100%
height = 24pt
radius = 6
; dpi = 96
background = ${colors.background}
foreground = ${colors.foreground}
line-size = 3pt
border-size = 4pt
border-color = #00000000
padding-left = 0
padding-right = 1
module-margin = 1
separator = |
separator-foreground = ${colors.disabled}
font-0 = monospace;2
modules-left = xworkspaces xwindow
modules-center = systray
modules-right = filesystem pulseaudio xkeyboard memory cpu battery wlan eth backlight date
cursor-click = pointer
cursor-scroll = ns-resize
enable-ipc = true
tray-position = center
; wm-restack = generic
; wm-restack = bspwm
; wm-restack = i3
; override-redirect = true
[module/systray]
type = internal/tray
format-margin = 8pt
tray-spacing = 16pt
[module/battery]
type = internal/battery
; This is useful in case the battery never reports 100% charge
; Default: 100
full-at = 99
; format-low once this charge percentage is reached
; Default: 10
; New in version 3.6.0
low-at = 10
; Use the following command to list batteries and adapters:
; $ ls -1 /sys/class/power_supply/
battery = BAT0
adapter = ADP0
; If an inotify event haven't been reported in this many
; seconds, manually poll for new values.
;
; Needed as a fallback for systems that don't report events
; on sysfs/procfs.
;
; Disable polling by setting the interval to 0.
;
; Default: 5
poll-interval = 5
[module/backlight]
type = internal/xbacklight
; XRandR output to get get values from
; Default: the monitor defined for the running bar
;output = DP-4
; Create scroll handlers used to set the backlight value
; Default: true
enable-scroll = true
; Available tags:
; <label> (default)
; <ramp>
; <bar>
format = <ramp>
; Available tokens:
; %percentage% (default)
label = %percentage%%
; Only applies if <ramp> is used
ramp-0 = 🌕
ramp-1 = 🌔
ramp-2 = 🌓
ramp-3 = 🌒
ramp-4 = 🌑
[module/xworkspaces]
type = internal/xworkspaces
label-active = %name%
label-active-background = ${colors.background-alt}
label-active-underline= ${colors.primary}
label-active-padding = 1
label-occupied = %name%
label-occupied-padding = 1
label-urgent = %name%
label-urgent-background = ${colors.alert}
label-urgent-padding = 1
label-empty = %name%
label-empty-foreground = ${colors.disabled}
label-empty-padding = 1
[module/xwindow]
type = internal/xwindow
label = %title:0:60:...%
[module/filesystem]
type = internal/fs
interval = 25
mount-0 = /
label-mounted = %{F#F0C674}%mountpoint%%{F-} %percentage_used%%
label-unmounted = %mountpoint% not mounted
label-unmounted-foreground = ${colors.disabled}
[module/pulseaudio]
type = internal/pulseaudio
format-volume-prefix = "VOL "
format-volume-prefix-foreground = ${colors.primary}
format-volume = <label-volume>
label-volume = %percentage%%
label-muted = muted
label-muted-foreground = ${colors.disabled}
[module/xkeyboard]
type = internal/xkeyboard
blacklist-0 = num lock
label-layout = %layout%
label-layout-foreground = ${colors.primary}
label-indicator-padding = 2
label-indicator-margin = 1
label-indicator-foreground = ${colors.background}
label-indicator-background = ${colors.secondary}
[module/memory]
type = internal/memory
interval = 2
format-prefix = "RAM "
format-prefix-foreground = ${colors.primary}
label = %percentage_used:2%%
[module/cpu]
type = internal/cpu
interval = 2
format-prefix = "CPU "
format-prefix-foreground = ${colors.primary}
label = %percentage:2%%
[network-base]
type = internal/network
interval = 5
format-connected = <label-connected>
format-disconnected = <label-disconnected>
label-disconnected = %{F#F0C674}%ifname%%{F#707880} disconnected
[module/wlan]
inherit = network-base
interface-type = wireless
label-connected = %{F#F0C674}%ifname%%{F-} %essid% %local_ip%
[module/eth]
inherit = network-base
interface-type = wired
label-connected = %{F#F0C674}%ifname%%{F-} %local_ip%
[module/date]
type = internal/date
interval = 1
date = %H:%M
date-alt = %Y-%m-%d %H:%M:%S
label = %date%
label-foreground = ${colors.primary}
[settings]
screenchange-reload = true
pseudo-transparency = true
; vim:ft=dosini

19
home/alex/services/polybar/default.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
let
mypolybar = pkgs.polybar.override {
alsaSupport = true;
mpdSupport = true;
pulseSupport = true;
};
in {
config.home.packages = with pkgs; [ font-awesome material-design-icons ];
config.services.polybar = {
enable = true;
package = mypolybar;
config = ./config.ini;
script = ''
polybar & disown
'';
};
}

15
home/alex/services/screen-locker/default.nix Normal file
View file

@ -0,0 +1,15 @@
{
config,
lib,
pkgs,
...
}:
{
config.services.screen-locker = {
enable = false;
inactiveInterval = 30;
lockCmd = "${pkgs.i3lock}/bin/i3lock -n -c 000000";
xautolock.extraOptions = [ "-detectsleep" ];
};
}

11
home/alex/services/syncthing/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, lib, pkgs, ... }:
{
config.services.syncthing = {
enable = true;
tray = {
enable = true;
command = "syncthingtray --wait";
};
};
}

8
home/alex/services/udiskie/default.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, lib, pkgs, ... }:
{
config.services.udiskie = {
enable = true;
tray = "always";
};
}

13
home/anne/home.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
home = {
@ -7,8 +12,8 @@
packages = with pkgs; [
firefox
alacritty
gnome.gnome-session
gnome.gnome-control-center
gnome-session
gnome-control-center
];
keyboard.layout = "de";
keyboard.variant = "nodeadkeys";
@ -16,6 +21,6 @@
xsession = {
enable = true;
windowManager.command = "${pkgs.gnome.gnome-session}/bin/gnome-session";
windowManager.command = "${pkgs.gnome-session}/bin/gnome-session";
};
}

89
hosts/dregil/configuration.nix
View file

@ -2,7 +2,13 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ inputs, config, pkgs, lib, ... }:
{
inputs,
config,
pkgs,
lib,
...
}:
let
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
@ -11,13 +17,16 @@ let
export __VK_LAYER_NV_optimus=NVIDIA_only
exec "$@"
'';
in {
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# <nixos-hardware/lenovo/legion/15ich>
../../modules/appimage.nix
../../modules/sudo.nix
../../modules/wm/x.nix
../../modules/wm/xmonad.nix
../../modules/wm/xmonad/default.nix
];
# Use the systemd-boot EFI boot loader.
@ -31,17 +40,21 @@ in {
networking.hostName = "dregil"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.extraHosts = ''
127.0.0.1 localhost dregil.localdomain dregil
'';
i18n = {
extraLocaleSettings = { TIME_STYLE = "iso"; };
supportedLocales =
[ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
extraLocaleSettings = {
TIME_STYLE = "iso";
};
supportedLocales = [
"C.UTF-8/UTF-8"
"en_US.UTF-8/UTF-8"
"de_DE.UTF-8/UTF-8"
];
};
console = {
@ -51,22 +64,31 @@ in {
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
corefonts
noto-fonts
noto-fonts-emoji
fira-code
fira-code-symbols
nerdfonts
];
packages =
with pkgs;
[
corefonts
noto-fonts
noto-fonts-emoji
fira-code
fira-code-symbols
]
++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
};
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
@ -79,17 +101,23 @@ in {
];
# adjust channels to nixpkgs used on this system via this flake
environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs-unstable.outPath;
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs-unstable}" ];
environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs.outPath;
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
nix.settings.max-jobs = 3;
nix.settings.cores = 4;
programs.neovim = { enable = true; };
programs.neovim = {
enable = true;
};
programs.steam = { enable = true; };
programs.steam = {
enable = true;
};
programs.zsh = { enable = true; };
programs.zsh = {
enable = true;
};
# List services that you want to enable:
@ -98,9 +126,16 @@ in {
services.blueman.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Open ports in the firewall
# 22000, 21027 syncthing discovery and connectivity
networking.firewall.allowedTCPPorts = [
5223
22000
];
networking.firewall.allowedUDPPorts = [
21027
22000
];
# Or disable the firewall altogether.
# networking.firewall.enable = false;

30
hosts/dregil/default.nix
View file

@ -1,14 +1,32 @@
{ lib, config, pkgs, inputs, ... }: {
{
inputs,
stable,
system,
...
}:
{
imports = [
({ inputs, lib, ... }: {
nixpkgs = { config.allowUnfree = true; };
nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
})
(
{ inputs, lib, ... }:
{
nixpkgs = {
config.allowUnfree = true;
};
home-manager.extraSpecialArgs = { inherit stable; };
}
)
../../modules/security.nix
../../modules/common-system.nix
./configuration.nix
inputs.home-manager-unstable.nixosModules.home-manager
inputs.home-manager.nixosModules.home-manager
inputs.distro-grub-themes.nixosModules.${system}.default
../../home/anne/default.nix
../../home/alex/default.nix
../../modules/grub-themes
../../modules/hyprland
../../modules/podman
../../modules/tailscale
../../modules/flatpak.nix
../../modules/nh.nix
];
}

52
hosts/dregil/hardware-configuration.nix
View file

@ -1,13 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [
"dm-snapshot"
"uas"
@ -27,26 +39,38 @@
keyFileSize = 4096;
};
};
boot.kernelModules = [ "kvm-intel" "nvidia" ];
boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ];
boot.kernelModules = [
"kvm-intel"
"nvidia"
];
boot.kernelParams = [ "module_blacklist=i915" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
options = [
"subvol=root"
"compress=zstd"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
options = [
"subvol=home"
"compress=zstd"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
options = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
fileSystems."/boot" = {
@ -54,8 +78,7 @@
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95"; }];
swapDevices = [ { device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -67,12 +90,12 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.nvidia = {
nvidiaSettings = true;
nvidiaPersistenced = true;
open = true;
# modesetting.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
@ -86,10 +109,9 @@
# };
};
hardware.opengl = {
hardware.graphics = {
enable = true;
driSupport = true;
driSupport32Bit = true;
enable32Bit = true;
};
hardware.keyboard.uhk.enable = true;

134
hosts/igor/default.nix
View file

@ -1,65 +1,147 @@
{ config, inputs, lib, pkgs, ... }:
{
inputs,
pkgs,
config,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
./syncthing.nix
../../modules/security.nix
../../modules/nix-config.nix
../../modules/iohk.nix
../../modules/timezone.nix
../../modules/keybase.nix
../../modules/ssh.nix
./disko-config.nix
../../modules/tailscale
../../modules/vsftpd
../../modules/mosh.nix
];
networking = let extIface = "ens3";
in {
config.boot.loader.grub.enable = true;
config.boot.loader.grub.efiSupport = true;
config.boot.loader.grub.efiInstallAsRemovable = true;
#config.boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
config.boot.loader.grub.device = "/dev/disk/by-id/ata-HGST_HTS725050A7E630_TF655AY92SM3XL"; # or "nodev" for efi only
config.security.sudo.wheelNeedsPassword = false;
config.networking = {
hostName = "igor";
domain = "failco.de";
wireless.enable = false;
useDHCP = false;
enableIPv6 = false;
interfaces.${extIface} = {
ipv4.addresses = [{
address = "192.168.0.2";
prefixLength = 24;
}];
};
defaultGateway = "192.168.0.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
allowedTCPPorts = [ 22 80 443 ];
allowedUDPPorts = [ ];
wireless = {
enable = true;
userControlled.enable = true;
allowAuxiliaryImperativeNetworks = true;
secretsFile = "/etc/wireless.conf";
networks = {
Prapsschnalinen.pskRaw = "ext:home";
};
};
useDHCP = true;
enableIPv6 = true;
networkmanager.enable = false;
firewall.enable = true;
firewall.allowedTCPPorts = [
config.services.mysql.settings.mysqld.port
];
};
security.sudo = {
config.security.sudo = {
enable = true;
execWheelOnly = true;
};
# Select internationalization properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
config.i18n.defaultLocale = "en_US.UTF-8";
config.console = {
font = "Lat2-Terminus16";
keyMap = "dvorak";
};
# Set your time zone.
config.time.timeZone = "Europe/Berlin";
# Enable the X11 windowing system.
config.services.xserver.enable = true;
config.services.logind.lidSwitch = "lock";
# Enable the GNOME Desktop Environment.
config.services.xserver.displayManager.gdm.enable = true;
config.services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
config.services.xserver.xkb.layout = "us";
config.services.xserver.xkb.variant = "dvorak";
config.services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
config.services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
config.services.pipewire = {
enable = true;
pulse.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
config.services.libinput.enable = true;
config.services.mysql = {
enable = true;
package = pkgs.mariadb;
};
config.programs.firefox.enable = true;
config.programs.git.enable = true;
config.programs.nm-applet.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.me = {
config.users.users.alex = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.zsh;
packages = [ pkgs.devenv ];
};
programs.neovim = {
config.environment.systemPackages = with pkgs; [
alacritty
dolphin
waybar
hyprpaper
wofi
tmux
lftp
];
config.programs.direnv = {
enable = true;
silent = true;
};
config.programs.hyprland = {
enable = true;
withUWSM = true;
};
config.programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
programs.zsh.enable = true;
config.programs.zsh.enable = true;
system.stateVersion = "23.11";
config.system.stateVersion = "24.11";
}

28
hosts/igor/disko-config.nix
View file

@ -2,10 +2,14 @@
disko.devices = {
disk.main = {
type = "disk";
device = "/dev/mmcblk0";
device = "/dev/sdb";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
ESP = {
priority = 1;
name = "ESP";
@ -26,18 +30,32 @@
extraArgs = [ "-f" ];
subvolumes = {
"/rootfs" = { mountpoint = "/"; };
"/rootfs" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/home" = {
mountOptions = [ "compress=zstd" ];
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"/swap" = {
mountpoint = "/.swapvol";
swap = { swapfile.size = "2G"; };
swap = {
swapfile.size = "2G";
};
};
};
};

72
hosts/igor/hardware-configuration.nix Normal file
View file

@ -0,0 +1,72 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# fileSystems."/" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=rootfs" ];
# };
#
# fileSystems."/.swapvol" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=swap" ];
# };
#
# fileSystems."/boot" =
# { device = "/dev/disk/by-uuid/2EDA-47FD";
# fsType = "vfat";
# options = [ "fmask=0022" "dmask=0022" ];
# };
#
# fileSystems."/home" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=home" ];
# };
#
# fileSystems."/nix" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=nix" ];
# };
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wwp0s20u4i6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

29
hosts/igor/syncthing.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, lib, ... }:
{
config.services.syncthing = {
enable = true;
user = "vsftpd";
group = "vsftpd";
dataDir = "/var/lib/vsftpd";
settings.devices = {
thrall = {
id = "P52YQU2-7LCEOVV-DSGTAZG-AJ2DSJD-JPHSUJE-HC2KAGO-YR4SXQD-V6OQ7QF";
addresses = [ "tcp://195.90.211.228:22000" ];
};
};
settings.folders = {
paperless = {
path = "${config.services.vsftpd.localRoot}/scan";
devices = [ "thrall" ];
versioning = {
type = "trashcan";
params.cleanoutDays = "90";
};
};
};
};
}

11
hosts/redmi/default.nix
View file

@ -4,14 +4,14 @@
# Simply install just the packages
environment.packages = with pkgs; [
# User-facing stuff that you really really want to have
vim # or some other editor, e.g. nano or neovim
neovim
git
git-annex
mosh
openssh
wget
helix
tmux
# Some common stuff that people expect to have
#diffutils
@ -29,13 +29,18 @@
#xz
#zip
#unzip
inetutils
];
# Backup etc files instead of failing to activate generation if a file already exists in /etc
environment.etcBackupExtension = ".bak";
environment.sessionVariables = {
EDITOR = "${pkgs.neovim}/bin/nvim";
};
# Read the changelog before changing this value
system.stateVersion = "22.11";
system.stateVersion = "24.05";
# Set up nix for flakes
nix.extraOptions = ''

7
hosts/thrall/alex.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, lib, pkgs, ... }:
{
imports = [ ../../home/alex/cli.nix ../../home/alex/services/git-sync ];
config.my.git-sync.enable = true;
}

326
hosts/thrall/default.nix
View file

@ -2,22 +2,35 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ inputs, config, pkgs, ... }:
{
inputs,
lib,
config,
pkgs,
...
}:
let
authorityFromUrl = url:
builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url));
in {
authorityFromUrl = url: builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url));
in
{
disabledModules = [ "services/web-apps/hledger-web.nix" ];
imports = [
./hardware-configuration.nix
inputs.snm.nixosModule
inputs.agenix.nixosModules.age
../../modules/security.nix
../../modules/sudo.nix
../../modules/upgrade-pg-cluster.nix
../../modules/nix-config.nix
../../modules/iohk.nix
../../modules/timezone.nix
../../modules/keybase.nix
../../modules/ssh.nix
../../modules/hledger-web.nix
../../modules/tailscale
../../modules/mosh.nix
../../modules/nh.nix
];
# Use the GRUB 2 boot loader.
@ -44,84 +57,89 @@ in {
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking = let extIface = "ens3";
in {
hostName = "thrall";
domain = "failco.de";
wireless.enable = false;
useDHCP = false;
enableIPv6 = false;
interfaces.${extIface} = {
ipv4.addresses = [{
address = "195.90.211.228";
prefixLength = 22;
}];
};
defaultGateway = "195.90.208.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
allowedTCPPorts = [ 22 53 80 443 5000 ];
allowedUDPPorts = [ 53 42666 ];
};
# wireguard related config
nat.enable = true;
nat.externalInterface = extIface;
nat.internalInterfaces = [ "wg0" ];
wireguard.interfaces = {
wg0 = {
ips = [ "10.0.0.1/24" ];
listenPort = 42666;
postSetup = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
privateKeyFile = config.age.secrets.wireguard-thrall.path;
peers = [
networking =
let
extIface = "ens3";
in
{
hostName = "thrall";
domain = "failco.de";
wireless.enable = false;
useDHCP = false;
enableIPv6 = false;
interfaces.${extIface} = {
ipv4.addresses = [
{
# my phone
publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
allowedIPs = [ "10.0.0.2/32" ];
}
{
# my tablet
publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k=";
allowedIPs = [ "10.0.0.3/32" ];
}
{
# homematic
publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4=";
allowedIPs = [ "10.0.0.4/32" ];
address = "195.90.211.228";
prefixLength = 22;
}
];
};
defaultGateway = "195.90.208.1";
nameservers = [
"8.8.8.8"
"8.8.4.4"
];
firewall = {
allowedTCPPorts = [
22
53
80
443
5000
40005 # syncthing
];
allowedUDPPorts = [
53
];
};
# wireguard related config
nat.enable = true;
nat.externalInterface = extIface;
nat.internalInterfaces = [ "wg0" ];
wireguard.interfaces = {
wg0 = {
ips = [ "10.0.0.1/24" ];
listenPort = 42666;
postSetup = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
privateKeyFile = config.age.secrets.wireguard-thrall.path;
peers = [
{
# my phone
publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
allowedIPs = [ "10.0.0.2/32" ];
}
{
# my tablet
publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k=";
allowedIPs = [ "10.0.0.3/32" ];
}
{
# homematic
publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4=";
allowedIPs = [ "10.0.0.4/32" ];
}
];
};
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "alex@jakalx.net";
};
security.sudo = {
enable = true;
execWheelOnly = true;
extraRules = [{
groups = [ "wheel" ];
commands = [{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}];
}];
};
# Select internationalization properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
@ -139,7 +157,14 @@ in {
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [ wget rsync htop tmux git rclone ];
environment.systemPackages = with pkgs; [
wget
rsync
htop
tmux
git
rclone
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
@ -148,7 +173,6 @@ in {
enableSSHSupport = true;
};
programs.mosh.enable = true;
programs.neovim = {
enable = true;
defaultEditor = true;
@ -163,7 +187,11 @@ in {
services.kresd = {
enable = true;
listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ];
listenPlain = [
"[::1]:53"
"127.0.0.1:53"
"10.0.0.1:53"
];
};
services.lorri.enable = true;
@ -223,29 +251,25 @@ in {
'';
};
# gitea
"${config.services.gitea.settings.server.DOMAIN}" = {
# forgejo - git web frontend
"${config.services.forgejo.settings.server.DOMAIN}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${
toString config.services.gitea.settings.server.HTTP_PORT
}/";
proxyPass = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}/";
proxyWebsockets = true;
};
};
# paperless
"${authorityFromUrl config.services.paperless.extraConfig.PAPERLESS_URL}" =
{
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.paperless.port}/";
proxyWebsockets = true;
};
"${authorityFromUrl config.services.paperless.settings.PAPERLESS_URL}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}/";
proxyWebsockets = true;
};
};
# hledger
"${authorityFromUrl config.services.hledger-web.baseUrl}" = {
@ -253,16 +277,22 @@ in {
enableACME = true;
basicAuthFile = config.age.secrets.hledger-web.path;
locations."/" = {
proxyPass = "http://${config.services.hledger-web.host}:${
toString config.services.hledger-web.port
}/";
proxyPass = "http://${config.services.hledger-web.host}:${toString config.services.hledger-web.port}/";
proxyWebsockets = true;
};
};
};
services.gitea = {
users.users.git = {
home = config.services.forgejo.stateDir;
useDefaultShell = true;
group = config.services.forgejo.group;
isSystemUser = true;
};
services.forgejo = {
enable = true;
user = "git";
database.type = "sqlite3";
lfs.enable = true;
@ -278,10 +308,13 @@ in {
mailer = {
ENABLED = true;
MAILER_TYPE = "smtp";
FROM = "git@failco.de";
HOST = "thrall.failco.de:25";
IS_TLS_ENABLED = false;
PROTOCOL = "smtp";
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
FROM = "noreply@failco.de";
};
other = {
SHOW_FOOTER_VERSION = false;
};
};
};
@ -291,9 +324,16 @@ in {
address = "127.0.0.1";
port = 3002;
consumptionDirIsPublic = true;
extraConfig = {
settings = {
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_OCR_USER_ARGS = ''{"invalidate_digital_signatures": true}'';
PAPERLESS_URL = "https://docs.failco.de";
PAPERLESS_CONSUMER_RECURSIVE = true;
PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
# workaround for classification getting stuck, see
# https://github.com/NixOS/nixpkgs/issues/240591#issuecomment-1915678490
OMP_NUM_THREADS = 1;
};
};
@ -307,7 +347,10 @@ in {
manage = true;
};
journalFiles = [ "current.journal" ];
extraOptions = [ "-B" "--value=then" ];
extraOptions = [
"-B"
"--value=then"
];
};
services.fail2ban = {
@ -317,8 +360,12 @@ in {
bantime = "1h";
bantime-increment.enable = true;
ignoreIP =
[ "127.0.0.0/8" "195.90.211.228/22" "10.0.0.0/8" "192.168.0.0/16" ];
ignoreIP = [
"127.0.0.0/8"
"195.90.211.228"
"10.0.0.0/8"
"192.168.0.0/16"
];
jails.postfix = ''
filter = postfix
@ -332,25 +379,32 @@ in {
enable = true;
user = "alex";
dataDir = "/home/alex/sync";
overrideDevices =
true; # overrides any devices added or deleted through the WebUI
overrideFolders =
true; # overrides any folders added or deleted through the WebUI
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
settings = {
folders = {
"org" = {
path = "/home/alex/org";
devices = [ "redmi" ];
};
"scan" = {
path = "/home/alex/media/scan";
devices = [ "redmi" ];
"paperless" = {
path = "${config.services.paperless.consumptionDir}";
devices = [
"redmi"
"dregil"
"igor"
];
};
};
devices = {
"redmi" = {
id =
"C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
redmi = {
id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
};
dregil = {
id = "SMVQO7Q-EB2V7PC-B4LP5IN-SM2UUE4-FUI2RI4-LARFW3S-LXHPAT5-FLNY7QH";
};
igor = {
id = "NHSYYF6-I5GWMTI-2SQ6PIA-EU3TYZF-3I7BI3K-QTSRGCT-QVLSFG4-74TL2QW";
};
};
};
@ -359,22 +413,34 @@ in {
mailserver = {
enable = true;
fqdn = "thrall.failco.de";
domains = [ "failco.de" "jakalx.net" "kobjolke.de" ];
domains = [
"failco.de"
"jakalx.net"
"kobjolke.de"
];
loginAccounts = {
"me@failco.de" = {
# nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt'
hashedPasswordFile = config.age.secrets.mailPass.path;
aliases = [ "lx@failco.de" "alex@failco.de" ];
aliases = [
"lx@failco.de"
"alex@failco.de"
"abuse@failco.de"
"postmaster@failco.de"
"abuse@kobjolke.de"
"postmaster@kobjolke.de"
"abuse@jakalx.net"
"postmaster@jakalx.net"
];
catchAll = [ "failco.de" "kobjolke.de" ];
catchAll = [
];
};
"alex@jakalx.net" = {
hashedPasswordFile = config.age.secrets.mailPass.path;
catchAll = [ "jakalx.net" ];
};
"archive@failco.de" = {
@ -382,11 +448,17 @@ in {
};
};
extraVirtualAliases = { "familie@kobjolke.de" = [ "me@failco.de" ]; };
extraVirtualAliases = {
"alex@kobjolke.de" = [ "me@failco.de" ];
};
forwards = {
"anne@kobjolke.de" = "anne.kobjolke@gmail.cem";
"alex@kobjolke.de" = "me@failco.de";
"familie@kobjolke.de" = [
"alex@kobjolke.de"
"anne@kobjolke.de"
];
"anne@kobjolke.de" = "anne.kobjolke@gmail.com";
"alexander@kobjolke.de" = "alex@kobjolke.de";
};
certificateScheme = "acme-nginx";
@ -396,12 +468,22 @@ in {
virusScanning = true;
};
services.postgresql = { package = pkgs.postgresql_15; };
services.postgresql = {
package = pkgs.postgresql_15;
};
services.roundcube = {
enable = true;
hostName = "mail.failco.de";
dicts = with pkgs.aspellDicts; [ en de ];
plugins = [ "archive" "attachment_reminder" "managesieve" "markasjunk" ];
dicts = with pkgs.aspellDicts; [
en
de
];
plugins = [
"archive"
"attachment_reminder"
"managesieve"
"markasjunk"
];
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
@ -418,6 +500,4 @@ in {
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}

12
modules/appimage.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
{
boot.binfmt.registrations.appimage = {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
};
}

7
modules/common-system.nix
View file

@ -21,10 +21,5 @@
networking.firewall.enable = true;
nix = {
registry = {
nixpkgs.flake = inputs.nixpkgs;
nixpkgs-unstable.flake = inputs.nixpkgs-unstable;
};
};
nix = { registry = { nixpkgs.flake = inputs.nixpkgs; }; };
}

18
modules/flatpak.nix Normal file
View file

@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
{
services.flatpak.enable = true;
systemd.services.flatpak-repo = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.flatpak ];
script = ''
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
'';
};
}

7
modules/grub-themes/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ ... }:
{
config.distro-grub-themes = {
enable = true;
theme = "nixos";
};
}

752
modules/hardening.nix Normal file
View file

@ -0,0 +1,752 @@
{ config, lib, pkgs, ... }: {
systemd.services.systemd-rfkill = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.syslog = {
serviceConfig = {
PrivateNetwork = true;
CapabilityBoundingSet =
[ "CAP_DAC_READ_SEARCH" "CAP_SYSLOG" "CAP_NET_BIND_SERVICE" ];
NoNewPrivileges = true;
PrivateDevices = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
PrivateMounts = true;
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
LockPersonality = true;
ProtectKernelTunables = true;
RestrictRealtime = true;
PrivateUsers = true;
PrivateTmp = true;
UMask = "0077";
RestrictNamespace = true;
ProtectProc = "invisible";
ProtectHome = true;
DeviceAllow = false;
ProtectSystem = "full";
};
};
systemd.services.systemd-journald = {
serviceConfig = {
UMask = 77;
PrivateNetwork = true;
ProtectHostname = true;
ProtectKernelModules = true;
};
};
systemd.services.auto-cpufreq = {
serviceConfig = {
CapabilityBoundingSet = "";
ProtectSystem = "full";
ProtectHome = true;
PrivateNetwork = true;
IPAddressDeny = "any";
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectHostname = false;
MemoryDenyWriteExecute = true;
ProtectClock = true;
RestrictNamespaces = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectProc = true;
ReadOnlyPaths = [ "/" ];
InaccessiblePaths = [ "/home" "/root" "/proc" ];
SystemCallFilter = [ "@system-service" ];
SystemCallArchitectures = "native";
UMask = "0077";
};
};
systemd.services.NetworkManager-dispatcher = {
serviceConfig = {
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectHostname = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateUsers = true;
PrivateDevices = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.display-manager = {
serviceConfig = {
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true; # so we won't need all of this
};
};
systemd.services.emergency = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # Might need adjustment for emergency access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."getty@tty1" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."getty@tty7" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.NetworkManager = {
serviceConfig = {
NoNewPrivileges = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
ProtectProc = "invisible";
ProcSubset = "pid";
RestrictNamespaces = true;
ProtectKernelTunables = true;
ProtectHome = true;
PrivateTmp = true;
UMask = "0077";
};
};
systemd.services."nixos-rebuild-switch-to-configuration" = {
serviceConfig = {
ProtectHome = true;
NoNewPrivileges = true; # Prevent gaining new privileges
};
};
systemd.services."dbus" = {
serviceConfig = {
PrivateTmp = true;
PrivateNetwork = true;
ProtectSystem = "full";
ProtectHome = true;
SystemCallFilter =
"~@clock @cpu-emulation @module @mount @obsolete @raw-io @reboot @swap";
ProtectKernelTunables = true;
NoNewPrivileges = true;
CapabilityBoundingSet = [
"~CAP_SYS_TIME"
"~CAP_SYS_PACCT"
"~CAP_KILL"
"~CAP_WAKE_ALARM"
"~CAP_SYS_BOOT"
"~CAP_SYS_CHROOT"
"~CAP_LEASE"
"~CAP_MKNOD"
"~CAP_NET_ADMIN"
"~CAP_SYS_ADMIN"
"~CAP_SYSLOG"
"~CAP_NET_BIND_SERVICE"
"~CAP_NET_BROADCAST"
"~CAP_AUDIT_WRITE"
"~CAP_AUDIT_CONTROL"
"~CAP_SYS_RAWIO"
"~CAP_SYS_NICE"
"~CAP_SYS_RESOURCE"
"~CAP_SYS_TTY_CONFIG"
"~CAP_SYS_MODULE"
"~CAP_IPC_LOCK"
"~CAP_LINUX_IMMUTABLE"
"~CAP_BLOCK_SUSPEND"
"~CAP_MAC_*"
"~CAP_DAC_*"
"~CAP_FOWNER"
"~CAP_IPC_OWNER"
"~CAP_SYS_PTRACE"
"~CAP_SETUID"
"~CAP_SETGID"
"~CAP_SETPCAP"
"~CAP_FSETID"
"~CAP_SETFCAP"
"~CAP_CHOWN"
];
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectControlGroups = true;
RestrictNamespaces = true;
MemoryDenyWriteExecute = true;
RestrictAddressFamilies = [ "~AF_PACKET" "~AF_NETLINK" ];
ProtectHostname = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateUsers = true;
};
};
systemd.services.nix-daemon = {
serviceConfig = {
ProtectHome = true;
PrivateUsers = false;
};
};
systemd.services.reload-systemd-vconsole-setup = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
PrivateUsers = true;
PrivateDevices = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictNamespaces = true;
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.rescue = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # Might need adjustment for rescue operations
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Networking might be necessary in rescue mode
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny =
"any"; # May need to be relaxed for network troubleshooting in rescue mode
};
};
systemd.services."systemd-ask-password-console" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for console access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # A more permissive filter
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."systemd-ask-password-wall" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # A more permissive filter
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.thermald = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for adjusting cooling policies
ProtectKernelModules = true; # May need adjustment for module control
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May require access to specific hardware devices
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
CapabilityBoundingSet = "";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
DeviceAllow = [ ];
RestrictAddressFamilies = [ ];
};
};
systemd.services."user@1000" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true; # Be cautious, as this may restrict user operations
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on user needs
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.virtlockd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for accessing VM resources
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust as necessary
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need adjustment for network operations
};
};
systemd.services.virtlogd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for accessing VM logs
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter =
[ "@system-service" ]; # Adjust based on log management needs
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny =
"any"; # May need to be relaxed for network-based log collection
};
};
systemd.services.virtlxcd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for container management
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for container user management
PrivateDevices = true; # Containers might require broader device access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked containers
RestrictNamespaces = true;
SystemCallFilter =
[ "@system-service" ]; # Adjust based on container operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
systemd.services.virtqemud = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for VM management
ProtectKernelModules =
true; # May need adjustment for VM hardware emulation
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for VM user management
PrivateDevices = true; # VMs might require broader device access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked VMs
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on VM operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
systemd.services.virtvboxd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Required for some VM management tasks
ProtectKernelModules = true; # May need adjustment for module handling
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for VM user management
PrivateDevices = true; # VMs may require access to certain devices
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked VMs
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on VM operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
}

140
modules/hledger-web.nix Normal file
View file

@ -0,0 +1,140 @@
{ lib, pkgs, config, ... }:
with lib;
let cfg = config.services.hledger-web;
in {
options.services.hledger-web = {
enable = mkEnableOption (lib.mdDoc "hledger-web service");
serveApi = mkEnableOption
(lib.mdDoc "serving only the JSON web API, without the web UI");
host = mkOption {
type = types.str;
default = "127.0.0.1";
description = lib.mdDoc ''
Address to listen on.
'';
};
port = mkOption {
type = types.port;
default = 5000;
example = 80;
description = lib.mdDoc ''
Port to listen on.
'';
};
capabilities = {
view = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Enable the view capability.
'';
};
add = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable the add capability.
'';
};
manage = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable the manage capability.
'';
};
};
stateDir = mkOption {
type = types.path;
default = "/var/lib/hledger-web";
description = lib.mdDoc ''
Path the service has access to. If left as the default value this
directory will automatically be created before the hledger-web server
starts, otherwise the sysadmin is responsible for ensuring the
directory exists with appropriate ownership and permissions.
'';
};
journalFiles = mkOption {
type = types.listOf types.str;
default = [ ".hledger.journal" ];
description = lib.mdDoc ''
Paths to journal files relative to {option}`services.hledger-web.stateDir`.
'';
};
baseUrl = mkOption {
type = with types; nullOr str;
default = null;
example = "https://example.org";
description = lib.mdDoc ''
Base URL, when sharing over a network.
'';
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "--forecast" ];
description = lib.mdDoc ''
Extra command line arguments to pass to hledger-web.
'';
};
};
config = mkIf cfg.enable {
users.users.hledger = {
name = "hledger";
group = "hledger";
isSystemUser = true;
home = cfg.stateDir;
useDefaultShell = true;
};
users.groups.hledger = { };
systemd.services.hledger-web = let
serverArgs = with cfg;
escapeShellArgs ([
"--serve"
"--host=${host}"
"--port=${toString port}"
(optionalString capabilities.add "--allow=add")
(optionalString capabilities.view "--allow=view")
(optionalString capabilities.manage "--allow=edit")
(optionalString (cfg.baseUrl != null) "--base-url=${cfg.baseUrl}")
(optionalString (cfg.serveApi) "--serve-api")
] ++ (map (f: "--file=${stateDir}/${f}") cfg.journalFiles)
++ extraOptions);
in {
description = "hledger-web - web-app for the hledger accounting tool.";
documentation = [ "https://hledger.org/hledger-web.html" ];
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" ];
serviceConfig = mkMerge [
{
ExecStart = "${pkgs.hledger-web}/bin/hledger-web ${serverArgs}";
Restart = "always";
WorkingDirectory = cfg.stateDir;
User = "hledger";
Group = "hledger";
PrivateTmp = true;
}
(mkIf (cfg.stateDir == "/var/lib/hledger-web") {
StateDirectory = "hledger-web";
})
];
};
};
meta.maintainers = with lib.maintainers; [ marijanp erictapen ];
}

10
modules/hyprland/default.nix Normal file
View file

@ -0,0 +1,10 @@
{
pkgs,
...
}:
{
config.programs.hyprland.enable = true;
config.environment.systemPackages = [ pkgs.kitty ];
config.environment.sessionVariables.NIXOS_OZONE_WL = "1";
}

8
modules/mosh.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
programs.mosh = {
enable = true;
openFirewall = true;
};
}

14
modules/nh.nix Normal file
View file

@ -0,0 +1,14 @@
{
lib,
...
}:
{
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/alex/src/nixos-config";
};
nix.gc.automatic = lib.mkForce false;
}

21
modules/nix-config.nix
View file

@ -1,8 +1,13 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
nix = {
package = pkgs.nixUnstable;
package = pkgs.nixVersions.latest;
gc = {
automatic = true;
dates = "weekly";
@ -11,12 +16,22 @@
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" "repl-flake" ];
experimental-features = [
"nix-command"
"flakes"
];
warn-dirty = false;
# avoid unwanted garbage collection when using direnv
keep-outputs = true;
keep-derivations = true;
trusted-substituters = [ "https://devenv.cachix.org" ];
trusted-public-keys = [ "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" ];
trusted-users = [
"root"
"alex"
];
};
};
}

24
modules/podman/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ pkgs, ... }:
{
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Useful other development tools
environment.systemPackages = with pkgs; [
dive # look into docker image layers
podman-tui # status of containers in the terminal
# docker-compose # start group of containers for dev
podman-compose # start group of containers for dev
];
}

15
modules/sudo.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
{
config.security.sudo = {
enable = true;
execWheelOnly = true;
extraRules = [{
groups = [ "wheel" ];
commands = [{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}];
}];
};
}

8
modules/tailscale/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
...
}:
{
config.services.tailscale.enable = true;
config.services.resolved.enable = true;
}

16
modules/vsftpd/default.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, pkgs, ... }:
{
config.services.vsftpd = {
enable = true;
localUsers = true;
writeEnable = true;
chrootlocalUser = true;
userDbPath = "/etc/vsftpd/users";
enableVirtualUsers = true;
virtualUseLocalPrivs = true;
localRoot = "/var/lib/vsftpd/data";
extraConfig = "local_umask=002";
};
config.networking.firewall.allowedTCPPorts = [ 20 21 ];
}

18
modules/wm/greetd.nix Normal file
View file

@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
{
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
user = "greeter";
};
};
};
}

22
modules/wm/light.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
{
config.programs.light = { enable = true; };
config.services.actkbd = let light = "${pkgs.light}/bin/light";
in {
enable = true;
bindings = [
{
keys = [ 232 ];
events = [ "key" ];
command = "${light} -U 10";
}
{
keys = [ 233 ];
events = [ "key" ];
command = "${light} -A 10";
}
];
};
}

24
modules/wm/sway.nix Normal file
View file

@ -0,0 +1,24 @@
{
config,
pkgs,
lib,
...
}:
{
environment.systemPackages = with pkgs; [
grim # screenshot functionality
slurp # screenshot functionality
wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
mako # notification system developed by swaywm maintainer
];
# Enable the gnome-keyring secrets vault.
# Will be exposed through DBus to programs willing to store secrets.
services.gnome.gnome-keyring.enable = true;
# enable Sway window manager
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
}

34
modules/wm/x.nix
View file

@ -1,18 +1,24 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
# Enable the X11 windowing system.
services = {
dbus = { enable = true; };
dbus = {
enable = true;
};
xserver = {
enable = true;
exportConfiguration = true;
# Configure keymap in X11
layout = "us";
xkbOptions = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt";
xkb = {
options = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt";
layout = "us";
};
videoDrivers = [ "nvidia" ]; # "modesetting" ];
@ -23,14 +29,14 @@
desktopManager.xfce.enable = true;
desktopManager.gnome.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
libinput = {
enable = true;
touchpad.disableWhileTyping = true;
mouse.naturalScrolling =
config.services.xserver.libinput.touchpad.naturalScrolling;
};
# Enable touchpad support (enabled default in most desktopManager).
libinput = {
enable = true;
touchpad.disableWhileTyping = true;
touchpad.tapping = false;
mouse.naturalScrolling = config.services.libinput.touchpad.naturalScrolling;
};
};
}

4
modules/wm/xmonad.nix → modules/wm/xmonad/default.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
{
services = {
config.services = {
upower.enable = true;
xserver = {
@ -12,5 +12,5 @@
};
};
systemd.services.upower.enable = true;
config.systemd.services.upower.enable = true;
}