thrall: Enable gitea service

flake: Let home-manager follow unstable
redmi: Add nix-on-droid config
2023-04-06 13:58:47 +02:00 · 2023-03-31 19:10:25 +02:00 · 2023-03-28 02:12:39 +02:00 · 2023-03-27 21:15:51 +02:00 · 2023-03-15 21:23:36 +01:00 · 2023-03-15 21:23:36 +01:00
12 changed files with 702 additions and 47 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+result*
--- a/flake.lock
+++ b/flake.lock
@ -8,11 +8,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1676153903,
-        "narHash": "sha256-uetRyjgMiZCs6srmZ10M764Vn7F53M9mVuqnzHmyBqU=",
+        "lastModified": 1677969766,
+        "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "ea17cc71b4e1bc5b2601f210a1c85db9453ad723",
+        "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e",
        "type": "github"
      },
      "original": {
@ -63,15 +63,15 @@
      "inputs": {
        "flake-utils": "flake-utils",
        "nixpkgs": [
-          "nixpkgs"
+          "nixpkgs-unstable"
        ]
      },
      "locked": {
-        "lastModified": 1676484851,
-        "narHash": "sha256-IQtPR+ObyNgh+Gc5rvfPUD3Xe7jsWk6jTMSwU6YOdHs=",
+        "lastModified": 1680257010,
+        "narHash": "sha256-pNMB9sdoZOXEsszLD5TS0WG5Ysj2rVRmf92uxsxH/9A=",
        "owner": "nix-community",
        "repo": "emacs-overlay",
-        "rev": "fb1cdbb0a12d7f0e0e50022c405aca7c856dd233",
+        "rev": "cfec7f9501cc0e001f49d725a7cd733af7deb2ed",
        "type": "github"
      },
      "original": {
@ -95,51 +95,152 @@
        "type": "github"
      }
    },
-    "hm": {
+    "home-manager": {
      "inputs": {
        "nixpkgs": [
-          "nixpkgs"
+          "nixpkgs-unstable"
        ],
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1676257154,
-        "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=",
+        "lastModified": 1678831854,
+        "narHash": "sha256-7HBmLFNVD2KjovSzypIN9NfyzpWelMe8sNbUVZIRsS0=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527",
+        "rev": "cae54dc45c0d61c99c1dc8b04bc42f36c76f9771",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
-        "ref": "release-22.11",
        "repo": "home-manager",
        "type": "github"
      }
    },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-on-droid",
+          "nixpkgs"
+        ],
+        "utils": "utils_2"
+      },
+      "locked": {
+        "lastModified": 1663932797,
+        "narHash": "sha256-IH8ZBW99W2k7wKLS+Sat9HiKX1TPZjFTnsPizK5crok=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "de3758e31a3a1bc79d569f5deb5dac39791bf9b6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nix-formatter-pack": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-on-droid",
+          "nixpkgs"
+        ],
+        "nmd": "nmd",
+        "nmt": "nmt"
+      },
+      "locked": {
+        "lastModified": 1666720474,
+        "narHash": "sha256-iWojjDS1D19zpeZXbBdjWb9MiKmVVFQCqtJmtTXgPx8=",
+        "owner": "Gerschtli",
+        "repo": "nix-formatter-pack",
+        "rev": "14876cc8fe94a3d329964ecb073b4c988c7b61f5",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Gerschtli",
+        "repo": "nix-formatter-pack",
+        "type": "github"
+      }
+    },
+    "nix-on-droid": {
+      "inputs": {
+        "home-manager": "home-manager_2",
+        "nix-formatter-pack": "nix-formatter-pack",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
+        "nmd": "nmd_2"
+      },
+      "locked": {
+        "lastModified": 1670198918,
+        "narHash": "sha256-oNlUhAM0/a3pDdCMmBWA+CLrDAIYJqAAMyrDp8fNSM4=",
+        "owner": "t184256",
+        "repo": "nix-on-droid",
+        "rev": "b00cb5e7e2a47d85a019119069b153cda4002d0a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "t184256",
+        "ref": "release-22.11",
+        "repo": "nix-on-droid",
+        "type": "github"
+      }
+    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1676546582,
-        "narHash": "sha256-MJ+PXNmUyxnMTFoss7G2lEcUY2cfYZM6RudBAL5aX1k=",
+        "lastModified": 1678703398,
+        "narHash": "sha256-Y1mW3dBsoWLHpYm+UIHb5VZ7rx024NNHaF16oZBx++o=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2fb7d749c084890192b2cd08ba264e5e4a14df1b",
+        "rev": "67f26c1cfc5d5783628231e776a81c1ade623e0b",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-22.11-small",
+        "ref": "nixos-22.11",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-for-bootstrap": {
+      "locked": {
+        "lastModified": 1669834992,
+        "narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1678654296,
+        "narHash": "sha256-aVfw3ThpY7vkUeF1rFy10NAkpKDS2imj3IakrzT0Occ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "5a1dc8acd977ff3dccd1328b7c4a6995429a656b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1676569297,
-        "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=",
+        "lastModified": 1669542132,
+        "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37",
+        "rev": "a115bb9bd56831941be3776c8a94005867f316a7",
        "type": "github"
      },
      "original": {
@ -148,12 +249,62 @@
        "type": "indirect"
      }
    },
+    "nmd": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1666190571,
+        "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
+        "owner": "rycee",
+        "repo": "nmd",
+        "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "rycee",
+        "repo": "nmd",
+        "type": "gitlab"
+      }
+    },
+    "nmd_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1666190571,
+        "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
+        "owner": "rycee",
+        "repo": "nmd",
+        "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "rycee",
+        "repo": "nmd",
+        "type": "gitlab"
+      }
+    },
+    "nmt": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1648075362,
+        "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
+        "owner": "rycee",
+        "repo": "nmt",
+        "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
+        "type": "gitlab"
+      },
+      "original": {
+        "owner": "rycee",
+        "repo": "nmt",
+        "type": "gitlab"
+      }
+    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "emacs": "emacs",
-        "hm": "hm",
+        "home-manager": "home-manager",
+        "nix-on-droid": "nix-on-droid",
        "nixpkgs": "nixpkgs",
+        "nixpkgs-unstable": "nixpkgs-unstable",
        "snm": "snm"
      }
    },
@ -164,7 +315,7 @@
        "nixpkgs-22_11": [
          "nixpkgs"
        ],
-        "utils": "utils_2"
+        "utils": "utils_3"
      },
      "locked": {
        "lastModified": 1671659164,
@ -197,6 +348,21 @@
      }
    },
    "utils_2": {
+      "locked": {
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "utils_3": {
      "locked": {
        "lastModified": 1605370193,
        "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
--- a/flake.nix
+++ b/flake.nix
@ -1,10 +1,11 @@
 {
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";

-    hm = {
-      url = "github:nix-community/home-manager/release-22.11";
-      inputs.nixpkgs.follows = "nixpkgs";
+    home-manager = {
+      url = "github:nix-community/home-manager";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };

    # simple mailserver
@ -13,8 +14,20 @@
      inputs.nixpkgs-22_11.follows = "nixpkgs";
    };

-    emacs.url = "github:nix-community/emacs-overlay";
-    emacs.inputs.nixpkgs.follows = "nixpkgs";
+    nix-on-droid = {
+      url = "github:t184256/nix-on-droid/release-22.11";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    emacs = {
+      url = "github:nix-community/emacs-overlay";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
+    };
+
+#    simplex-chat = {
+#      url = "github:simplex-chat/simplex-chat";
+#      inputs.nixpkgs.follows = "nixpkgs";
+#    };

    # age for nix to store encrypted passwords conveniently
    agenix = {
@ -23,7 +36,7 @@
    };
  };

-  outputs = { self, hm, nixpkgs, agenix, snm, ... }@inputs: {
+  outputs = { home-manager, nixpkgs, agenix, snm, ... }@inputs: {
    nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
@ -37,7 +50,7 @@
        ./modules/security.nix
        ./hosts/thrall
        agenix.nixosModules.age
-        hm.nixosModules.home-manager
+        home-manager.nixosModules.home-manager
        {
          home-manager.useGlobalPkgs = true;
          home-manager.useUserPackages = true;
@ -45,5 +58,16 @@
        }
      ];
    };
+
+    nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
+    homeConfigurations = import ./outputs/homeConfigurations inputs;
+
+    nixOnDroidConfigurations.default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
+      modules = [
+        ./hosts/redmi
+        { nix.registry.nixpkgs.flake = nixpkgs; }
+        { nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; }
+      ];
+    };
  };
 }
--- a/home/cli.nix
+++ b/home/cli.nix
@ -1,8 +1,11 @@
 { config, pkgs, ... }:

 # minimal config, suitable for servers
-
-{
+let
+  myUser = "alex";
+  myName = "Alexander Kobjolke";
+  myMail = "me@failco.de";
+in {
  imports = [
    # shell config
    #./modules/shell
@ -10,8 +13,8 @@

  programs.home-manager.enable = true;
  home = {
-    username = "alex";
-    homeDirectory = "/home/alex";
+    username = myUser;
+    homeDirectory = "/home/${myUser}";
    stateVersion = "21.05";
    sessionPath = [ "$HOME/.local/bin" "$HOME/.emacs.d/bin" ];
  };
@ -31,6 +34,7 @@
    gotop
    gnumake
    ripgrep # better grep
+    pijul
    sqlite.dev
    sqlite
    #    pass
@ -63,11 +67,22 @@
    '';
  };

+  xdg.configFile.pijul = {
+    target = "pijul/config.toml";
+    text = ''
+      [author]
+      name = "${myUser}"
+      full_name = "${myName}"
+      email = "${myMail}"
+    '';
+  };
+
  programs = {
    zsh = {
      enable = true;
      enableAutosuggestions = true;
      #      enableSyntaxHighlighting = true;
+      shellAliases = { e = "emacsclient -c $@"; };
      oh-my-zsh = {
        enable = true;
        plugins = [ "git" ];
@ -88,6 +103,7 @@
    emacs = {
      enable = true;
      package = pkgs.emacsGit;
+      extraPackages = epkgs: with epkgs; [ vterm ];
      #package = pkgs.emacsUnstable;
    };

@ -99,8 +115,8 @@
    git = {
      enable = true;
      ignores = [ "*~" "*.swp" "result" "dist-newstyle" ];
-      userEmail = "me@failco.de";
-      userName = "Alexander Kobjolke";
+      userEmail = myMail;
+      userName = myName;
      aliases = { st = "status"; };
      extraConfig = { init.defaultBranch = "main"; };
    };
--- a/hosts/dregil/configuration.nix
+++ b/hosts/dregil/configuration.nix
@ -0,0 +1,177 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ inputs, config, pkgs, lib, ... }:
+let
+  nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
+    export __NV_PRIME_RENDER_OFFLOAD=1
+    export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
+    export __GLX_VENDOR_LIBRARY_NAME=nvidia
+    export __VK_LAYER_NV_optimus=NVIDIA_only
+    exec "$@"
+  '';
+in
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      # <nixos-hardware/lenovo/legion/15ich>
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # do not protect the kernel image to allow hibernation
+  security.protectKernelImage = lib.mkForce false;
+
+  networking.hostName = "dregil"; # Define your hostname.
+  # Pick only one of the below networking options.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  console = {
+    font = "Lat2-Terminus16";
+    useXkbConfig = true; # use xkbOptions in tty.
+  };
+
+  # Enable the X11 windowing system.
+  services.xserver = {
+    enable = true;
+    exportConfiguration = true;
+
+    # Configure keymap in X11
+    layout = "dvorak";
+
+    xkbOptions = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt";
+
+    videoDrivers = [ "nvidia" ]; # "modesetting" ];
+
+    displayManager.lightdm = {
+      enable = true;
+    };
+
+    desktopManager.xfce.enable = true;
+    
+    # Enable touchpad support (enabled default in most desktopManager).
+    libinput = {
+      enable = true;
+      touchpad.disableWhileTyping = true;
+      touchpad.naturalScrolling = true;
+      mouse.naturalScrolling = config.services.xserver.libinput.touchpad.naturalScrolling;
+    };
+  };
+
+  fonts = {
+    enableDefaultFonts = true;
+    fonts = with pkgs; [
+        corefonts
+        noto-fonts
+        noto-fonts-emoji
+        fira-code
+        fira-code-symbols
+        nerdfonts
+    ];
+  };
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.alex = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" # Enable ‘sudo’ for the user.
+                    "input"
+                  ];
+    packages = with pkgs; [
+      # gui tool
+      alacritty
+      firefox
+      jitsi-meet-electron
+
+      # editing
+      helix
+      nil          # nix language server
+
+      # system tools
+      htop-vim     # htop with vim bindings
+      erdtree      # du+tree had sex
+      dua          # ncdu but better
+      bat          # better cat
+      uhk-agent
+      
+      # gaming support
+      lutris
+      #inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat"
+    ];
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+     wget
+     ripgrep
+     git
+     nvidia-offload
+  ];
+
+  # adjust channels to nixpkgs used on this system via this flake
+  environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs-unstable.outPath;
+  nix.nixPath = [
+    "nixpkgs=${inputs.nixpkgs-unstable}"
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  programs.neovim = {
+    enable = true;
+  };
+
+  programs.steam = {
+    enable = true;
+  };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  system.nixos.tags = [ "HiDPI" "nvidia-only" ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.11"; # Did you read the comment?
+
+}
+
--- a/hosts/dregil/default.nix
+++ b/hosts/dregil/default.nix
@ -0,0 +1,22 @@
+{ inputs, ... }:
+let
+  inherit (inputs.nixpkgs-unstable.lib) nixosSystem;
+
+  system = "x86_64-linux";
+
+  pkgs = import inputs.nixpkgs-unstable {
+    inherit system;
+    config = {
+        allowUnfree = true;
+    };      
+  };
+in
+nixosSystem {
+  inherit system pkgs;
+  specialArgs = { inherit inputs; };
+  modules = [
+    ../../modules/security.nix
+    ../../modules/common-system.nix
+    ./configuration.nix
+  ];
+}
--- a/hosts/dregil/hardware-configuration.nix
+++ b/hosts/dregil/hardware-configuration.nix
@ -0,0 +1,92 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [ "dm-snapshot" "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
+  boot.initrd.luks.devices = {
+    root = {
+      device = "/dev/disk/by-uuid/bebf96d1-2a2b-412c-a5f0-f9ed5730a05f";
+      preLVM = true;
+      allowDiscards = true;
+      fallbackToPassword = true;
+      keyFile = "/dev/sda2";
+      keyFileSize = 4096;
+    };
+  };
+  boot.kernelModules = [ "kvm-intel" "nvidia" ];
+  boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ];
+  boot.kernelParams = [ "module_blacklist=i915" ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
+      fsType = "btrfs";
+      options = [ "subvol=root" "compress=zstd" ];
+    };
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
+      fsType = "btrfs";
+      options = [ "subvol=home" "compress=zstd" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
+      fsType = "btrfs";
+      options = [ "subvol=nix" "compress=zstd" "noatime" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/786D-42D7";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95";
+      }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp52s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+
+  hardware.video.hidpi.enable = true;
+
+  hardware.nvidia = {
+     nvidiaSettings = true;
+     nvidiaPersistenced = true;
+
+#    modesetting.enable = true;
+     package = config.boot.kernelPackages.nvidiaPackages.beta;
+#    prime = {
+#      offload.enable = true;
+#
+#      intelBusId = "PCI:1:0:0";
+#      nvidiaBusId = "PCI:1:0:0";
+#      intelBusId = "0@0:2:0";
+#      nvidiaBusId = "1@1:0:0";
+#    };
+  };
+
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+
+  hardware.keyboard.uhk.enable = true;
+}
--- a/hosts/redmi/default.nix
+++ b/hosts/redmi/default.nix
@ -0,0 +1,45 @@
+{ config, lib, pkgs, ... }:
+
+{
+  # Simply install just the packages
+  environment.packages = with pkgs; [
+    # User-facing stuff that you really really want to have
+    vim # or some other editor, e.g. nano or neovim
+
+    git
+    mosh
+    openssh
+    wget
+
+    # Some common stuff that people expect to have
+    #diffutils
+    #findutils
+    #utillinux
+    #tzdata
+    #hostname
+    #man
+    #gnugrep
+    #gnupg
+    #gnused
+    gnutar
+    #bzip2
+    gzip
+    #xz
+    #zip
+    #unzip
+  ];
+
+  # Backup etc files instead of failing to activate generation if a file already exists in /etc
+  environment.etcBackupExtension = ".bak";
+
+  # Read the changelog before changing this value
+  system.stateVersion = "22.11";
+
+  # Set up nix for flakes
+  nix.extraOptions = ''
+    experimental-features = nix-command flakes
+  '';
+
+  # Set your time zone
+  time.timeZone = "Europe/Berlin";
+}
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@ -55,8 +55,8 @@ in {
    defaultGateway = "195.90.208.1";
    nameservers = [ "1.1.1.1" "8.8.8.8" ];
    firewall = {
-      allowedTCPPorts = [ 22 80 443 5000 ];
-      allowedUDPPorts = [ 42666 ];
+      allowedTCPPorts = [ 22 53 80 443 5000 ];
+      allowedUDPPorts = [ 53 42666 ];
    };

    # wireguard related config
@ -70,18 +70,27 @@ in {
        listenPort = 42666;

        postSetup = ''
+          ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
          ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
        '';
        postShutdown = ''
+          ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
          ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
        '';

        privateKeyFile = config.age.secrets.wireguard-thrall.path;
-        peers = [{
-          # my phone
-          publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
-          allowedIPs = [ "10.0.0.2/32" ];
-        }];
+        peers = [
+          {
+            # my phone
+            publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
+            allowedIPs = [ "10.0.0.2/32" ];
+          }
+          {
+            # my tablet
+            publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k=";
+            allowedIPs = [ "10.0.0.3/32" ];
+          }
+        ];
      };
    };
  };
@ -151,6 +160,12 @@ in {

  # List services that you want to enable:

+  # depending on wireguard
+  services.kresd = {
+    enable = true;
+    listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ];
+  };
+
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;

@ -174,6 +189,24 @@ in {
      root = "/srv/www/failco.de";
      serverAliases = [ "www.failco.de" "mail.failco.de" ];
    };
+
+    "git.failco.de" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = { proxyPass = "http://127.0.0.1:3001/"; };
+    };
+  };
+
+  services.gitea = {
+    enable = true;
+    database.type = "sqlite3";
+    lfs.enable = true;
+    domain = "git.failco.de";
+    rootUrl = "https://git.failco.de";
+    httpAddress = "127.0.0.1";
+    httpPort = 3001;
+
+    settings.service.DISABLE_REGISTRATION = true;
  };

  services.fail2ban = {
@ -211,15 +244,15 @@ in {
  mailserver = {
    enable = true;
    fqdn = "thrall.failco.de";
-    domains = [ "failco.de" ];
+    domains = [ "failco.de" "jakalx.net" ];

    loginAccounts = {
      "me@failco.de" = {
        hashedPasswordFile = config.age.secrets.mailPass.path;

-        aliases = [ "jakalx@failco.de" ];
+        aliases = [ "lx@failco.de" "alex@failco.de" ];

-        catchAll = [ "failco.de" ];
+        catchAll = [ "failco.de" "jakalx.net" ];
      };
    };

--- a/modules/common-system.nix
+++ b/modules/common-system.nix
@ -0,0 +1,49 @@
+{config, pkgs, inputs, ...}:
+{
+  i18n.defaultLocale = "en_US.UTF-8";
+  time.timeZone = "Europe/Berlin";
+
+  environment.systemPackages = with pkgs; [
+    wget
+    tmux
+    ripgrep
+    git
+    dua
+    erdtree
+    exa
+    fd
+    fzf
+    bat
+  ];
+
+  networking.firewall.enable = true;
+
+  users.users.alex = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" "input" ];
+      shell = pkgs.zsh;
+  };
+
+  nix = {
+      gc = {
+        automatic = true;
+        dates = "weekly";
+        options = "--delete-older-than 30d";
+      };
+
+      registry = {
+        nixpkgs.flake = inputs.nixpkgs;
+        nixpkgs-unstable.flake = inputs.nixpkgs-unstable;
+      };
+
+      settings = {
+        auto-optimise-store = true;
+        experimental-features = [ "nix-command" "flakes" ];
+        warn-dirty = false;
+
+        # avoid unwanted garbage collection when using direnv
+        keep-outputs = true;
+        keep-derivations = true;
+      };
+  };
+}
--- a/outputs/homeConfigurations/default.nix
+++ b/outputs/homeConfigurations/default.nix
@ -0,0 +1,31 @@
+inputs: with inputs;
+let
+  pkgs = import nixpkgs-unstable {
+   system = "x86_64-linux";
+   config.allowUnfree = true;
+   overlays = []; 
+  };
+in
+{
+  "alex@dregil" = home-manager.lib.homeManagerConfiguration {
+    inherit pkgs;    
+    modules = [
+      {
+        programs.home-manager.enable = true;
+        
+        home = {
+          username = "alex";
+          homeDirectory = "/home/alex";
+          stateVersion = "22.11";
+
+          packages = with pkgs; [
+            lutris
+          ];
+        };
+
+        # do not show home-manager notifications
+        news.display = "silent";
+      }
+    ];
+   };
+}
--- a/secrets/me@failco.de-mail
+++ b/secrets/me@failco.de-mail
@ -1 +0,0 @@
-$6$wEpQRnG6C6N0$63CchCNtmKUOmIu.R6qLyx30fpGnpwjXhWMbwyrk4sye5g0cpmHuShQ.2UUDHkSGUKsCvAG5rBOgX7I38N89U.
Author	SHA1	Message	Date
Alexander Kobjolke	dc34117014	thrall: Enable gitea service	2023-04-06 13:58:47 +02:00
Alexander Kobjolke	e50f72be6a	flake: Let home-manager follow unstable	2023-03-31 19:10:25 +02:00
Alexander Kobjolke	e5e845e20f	redmi: Add nix-on-droid config	2023-03-28 02:12:39 +02:00
Alexander Kobjolke	43a6e0ef78	dregil: Update home-manager config	2023-03-27 21:15:51 +02:00
Alexander Kobjolke	fcc7e04c7d	dregil: Disable kernel protection to allow hibernation	2023-03-15 21:23:36 +01:00
Alexander Kobjolke	808f23e20c	dregil: Import current config into flake	2023-03-15 21:23:36 +01:00
Alexander Kobjolke	01aa1ae9ee	Remove hash	2023-03-15 19:04:39 +01:00
Alexander Kobjolke	193639d884	Add initial configuration for dregil	2023-03-10 18:31:32 +01:00
Alexander Kobjolke	d6ab6b3f48	Add vterm to emacs installation	2023-02-18 00:05:18 +01:00
Alexander Kobjolke	072510df3b	Create a shell alias to run emacsclient	2023-02-18 00:05:03 +01:00
				`@ -1 +0,0 @@`
				`$6$wEpQRnG6C6N0$63CchCNtmKUOmIu.R6qLyx30fpGnpwjXhWMbwyrk4sye5g0cpmHuShQ.2UUDHkSGUKsCvAG5rBOgX7I38N89U.`