jakalx/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: jakalx:main
Branches Tags
jakalx:main
jakalx:develop
jakalx:feature/hledger-web-module
..
compare: jakalx:feature/hledger-web-module
Branches Tags
jakalx:develop
jakalx:main
jakalx:feature/hledger-web-module

1 commit
main ... feature/hl

Author SHA1 Message Date
Alexander Kobjolke
6a37ac779a modules: Implement module for hledger-web 2023-04-17 00:31:00 +02:00
88 changed files with 753 additions and 4939 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc
View file

@ -1 +0,0 @@
use flake

3
.gitmodules vendored
View file

@ -0,0 +1,3 @@
[submodule "home/emacs.d"]
path = home/emacs.d
url = https://github.com/hlissner/doom-emacs

459
flake.lock generated
View file

@ -3,18 +3,16 @@
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
]
},
"locked": {
"lastModified": 1762618334,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"lastModified": 1677969766,
"narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=",
"owner": "ryantm",
"repo": "agenix",
"rev": "fcdea223397448d35d9b31f798479227e80183f6",
"rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e",
"type": "github"
},
"original": {
@ -47,11 +45,11 @@
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
@ -61,89 +59,34 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1763651264,
"narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=",
"owner": "nix-community",
"repo": "disko",
"rev": "e86a89079587497174ccab6d0d142a65811a4fd9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"distro-grub-themes": {
"emacs": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1734806114,
"narHash": "sha256-FWkDtoLMTTk2Lz4d4LkFjtV/xYyIlpwZlX5Np1QhXls=",
"owner": "AdisonCavani",
"repo": "distro-grub-themes",
"rev": "ebbd17419890059e371a6f2dbf2a7e76190327d4",
"lastModified": 1680257010,
"narHash": "sha256-pNMB9sdoZOXEsszLD5TS0WG5Ysj2rVRmf92uxsxH/9A=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "cfec7f9501cc0e001f49d725a7cd733af7deb2ed",
"type": "github"
},
"original": {
"owner": "AdisonCavani",
"repo": "distro-grub-themes",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"owner": "nix-community",
"repo": "emacs-overlay",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@ -152,88 +95,19 @@
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"snm",
"flake-compat"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"snm",
"nixpkgs"
]
},
"locked": {
"lastModified": 1763319842,
"narHash": "sha256-YG19IyrTdnVn0l3DvcUYm85u3PaqBt6tI6VvolcuHnA=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "7275fa67fbbb75891c16d9dee7d88e58aea2d761",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"snm",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
"nixpkgs-unstable"
],
"utils": "utils"
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"lastModified": 1678831854,
"narHash": "sha256-7HBmLFNVD2KjovSzypIN9NfyzpWelMe8sNbUVZIRsS0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"rev": "cae54dc45c0d61c99c1dc8b04bc42f36c76f9771",
"type": "github"
},
"original": {
@ -243,38 +117,19 @@
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1763906693,
"narHash": "sha256-inm7paa3myo8gE4TzjM8OPvsEg8xocWreIZBgBPEKgo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3d6c1c8fa0bea3a1a7ba23d6fa5993116766073b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
]
],
"utils": "utils_2"
},
"locked": {
"lastModified": 1709445365,
"narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
"lastModified": 1663932797,
"narHash": "sha256-IH8ZBW99W2k7wKLS+Sat9HiKX1TPZjFTnsPizK5crok=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
"rev": "de3758e31a3a1bc79d569f5deb5dac39791bf9b6",
"type": "github"
},
"original": {
@ -293,11 +148,11 @@
"nmt": "nmt"
},
"locked": {
"lastModified": 1705252799,
"narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
"lastModified": 1666720474,
"narHash": "sha256-iWojjDS1D19zpeZXbBdjWb9MiKmVVFQCqtJmtTXgPx8=",
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
"rev": "14876cc8fe94a3d329964ecb073b4c988c7b61f5",
"type": "github"
},
"original": {
@ -308,37 +163,68 @@
},
"nix-on-droid": {
"inputs": {
"home-manager": "home-manager_3",
"home-manager": "home-manager_2",
"nix-formatter-pack": "nix-formatter-pack",
"nixpkgs": [
"nixpkgs-droid"
"nixpkgs"
],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd_2"
},
"locked": {
"lastModified": 1720396533,
"narHash": "sha256-UFzk/hZWO1VkciIO5UPaSpJN8s765wsngUSvtJM6d5Q=",
"lastModified": 1670198918,
"narHash": "sha256-oNlUhAM0/a3pDdCMmBWA+CLrDAIYJqAAMyrDp8fNSM4=",
"owner": "t184256",
"repo": "nix-on-droid",
"rev": "f3d3b8294039f2f9a8fb7ea82c320f29c6b0fe25",
"rev": "b00cb5e7e2a47d85a019119069b153cda4002d0a",
"type": "github"
},
"original": {
"owner": "t184256",
"ref": "release-24.05",
"ref": "release-22.11",
"repo": "nix-on-droid",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1763678758,
"narHash": "sha256-+hBiJ+kG5IoffUOdlANKFflTT5nO3FrrR2CA3178Y5s=",
"lastModified": 1678703398,
"narHash": "sha256-Y1mW3dBsoWLHpYm+UIHb5VZ7rx024NNHaF16oZBx++o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "117cc7f94e8072499b0a7aa4c52084fa4e11cc9b",
"rev": "67f26c1cfc5d5783628231e776a81c1ade623e0b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1669834992,
"narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1678654296,
"narHash": "sha256-aVfw3ThpY7vkUeF1rFy10NAkpKDS2imj3IakrzT0Occ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a1dc8acd977ff3dccd1328b7c4a6995429a656b",
"type": "github"
},
"original": {
@ -348,68 +234,19 @@
"type": "github"
}
},
"nixpkgs-docs": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-droid": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1763553727,
"narHash": "sha256-4aRqRkYHplWk0mrtoF5i3Uo73E3niOWiUZU8kmPm9hQ=",
"lastModified": 1669542132,
"narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "094318ea16502a7a81ce90dd3638697020f030a2",
"rev": "a115bb9bd56831941be3776c8a94005867f316a7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nmd": {
@ -429,25 +266,19 @@
}
},
"nmd_2": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
],
"scss-reset": "scss-reset"
},
"flake": false,
"locked": {
"lastModified": 1705050560,
"narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
"owner": "~rycee",
"lastModified": 1666190571,
"narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=",
"owner": "rycee",
"repo": "nmd",
"rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
"type": "sourcehut"
"rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169",
"type": "gitlab"
},
"original": {
"owner": "~rycee",
"owner": "rycee",
"repo": "nmd",
"type": "sourcehut"
"type": "gitlab"
}
},
"nmt": {
@ -466,123 +297,83 @@
"type": "gitlab"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1763741496,
"narHash": "sha256-uIRqs/H18YEtMOn1OkbnPH+aNTwXKx+iU3qnxEkVUd0=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "20e71a403c5de9ce5bd799031440da9728c1cda1",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"distro-grub-themes": "distro-grub-themes",
"home-manager": "home-manager_2",
"emacs": "emacs",
"home-manager": "home-manager",
"nix-on-droid": "nix-on-droid",
"nixpkgs": "nixpkgs",
"nixpkgs-droid": "nixpkgs-droid",
"pre-commit-hooks": "pre-commit-hooks",
"snm": "snm",
"stable": "stable"
}
},
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1631450058,
"narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
"nixpkgs-unstable": "nixpkgs-unstable",
"snm": "snm"
}
},
"snm": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_2",
"nixpkgs-22_11": [
"nixpkgs"
],
"utils": "utils_3"
},
"locked": {
"lastModified": 1763564778,
"narHash": "sha256-HSWMOylEaTtVgzIjpTbjcjVLXHDwNyV081eVUBfAcMs=",
"lastModified": 1671659164,
"narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "4987d275a90392347f84923cd4cd8efcf0aa7a22",
"rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "master",
"ref": "nixos-22.11",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"stable": {
"utils": {
"locked": {
"lastModified": 1751274312,
"narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"systems": {
"utils_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"systems_2": {
"utils_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}

176
flake.nix
View file

@ -1,151 +1,73 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
stable.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-droid.url = "github:NixOS/nixpkgs/nixos-24.05";
distro-grub-themes = {
url = "github:AdisonCavani/distro-grub-themes";
inputs.nixpkgs.follows = "nixpkgs";
};
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# simple mailserver
snm = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
# inputs.nixpkgs-23_05.follows = "nixpkgs";
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11";
inputs.nixpkgs-22_11.follows = "nixpkgs";
};
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-24.05";
inputs.nixpkgs.follows = "nixpkgs-droid";
url = "github:t184256/nix-on-droid/release-22.11";
inputs.nixpkgs.follows = "nixpkgs";
};
emacs = {
url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# simplex-chat = {
# url = "github:simplex-chat/simplex-chat";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# age for nix to store encrypted passwords conveniently
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{
self,
home-manager,
nixpkgs,
stable,
pre-commit-hooks,
...
}@inputs:
{
checks."x86_64-linux" =
let
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
in
{
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
tools.fourmolu = pkgs.haskellPackages.fourmolu;
tools.nixfmt = pkgs.nixfmt-rfc-style;
hooks = {
nixfmt-rfc-style.enable = true;
fourmolu.enable = true;
hpack.enable = true;
hlint.enable = true;
ormolu = {
settings.defaultExtensions = [ "GHC2021" ];
};
};
outputs = { home-manager, nixpkgs, agenix, snm, ... }@inputs: {
nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({
nixpkgs = {
config.allowUnfree = true;
overlays = with inputs; [ emacs.overlay ];
};
};
nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
inherit system;
};
modules = [
(
{ inputs, lib, ... }:
{
nixpkgs = {
config.allowUnfree = true;
# overlays = with inputs; [
# emacs.overlay
# ];
};
}
)
./hosts/thrall
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = {
inherit inputs;
};
}
{ home-manager.users.alex = ./hosts/thrall/alex.nix; }
];
};
nixosConfigurations."dregil" = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
inherit system;
stable = import inputs.stable { system = "x86_64-linux"; };
};
modules = [ ./hosts/dregil ];
};
nixosConfigurations."igor" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [ ./hosts/igor ];
};
homeConfigurations."alex@dregil" = home-manager.lib.homeManagerConfiguration {
};
nixOnDroidConfigurations.default =
with inputs;
nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs-droid { };
modules = [
./hosts/redmi
{ nix.registry.nixpkgs.flake = nixpkgs-droid; }
{ nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
];
};
devShells."x86_64-linux".default =
let
system = "x86_64-linux";
pkgs = import nixpkgs { inherit system; };
in
pkgs.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
packages = with pkgs; [
nixfmt-rfc-style
nil
];
};
})
snm.nixosModule
./modules/security.nix
./hosts/thrall
agenix.nixosModules.age
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alex = import ./home/cli.nix;
}
];
};
nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
homeConfigurations = import ./outputs/homeConfigurations inputs;
nixOnDroidConfigurations.default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
./hosts/redmi
{ nix.registry.nixpkgs.flake = nixpkgs; }
{ nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; }
];
};
};
}

214
home/alex/cli.nix
View file

@ -1,214 +0,0 @@
{ config, pkgs, ... }:
# minimal config, suitable for servers
let
user = {
name = config.home.username;
fullName = "Alexander Kobjolke";
mail = "me@failco.de";
};
myEza = if builtins.hasAttr "eza" pkgs then "eza" else "exa";
in
{
imports = [
./programs/neovim/default.nix
./programs/emacs/default.nix
./programs/editorconfig
./programs/jq
./programs/fzf
./programs/git
./programs/jujutsu
./programs/shell
./programs/devenv.nix
];
programs.home-manager.enable = true;
home = {
stateVersion = "21.05";
sessionPath = [ "$HOME/.local/bin" ];
};
# do not show home-manager notifications
news.display = "silent";
home.packages = with pkgs; [
# archives
#p7zip
#unrar
git-absorb
git-annex
git-annex-remote-rclone
tea # command-line frontend for gitea
# nix tools
nix-index
nixfmt-rfc-style
# misc
fd # better find
file # info about files
unzip
dropbox
gotop
gnumake
ripgrep # better grep
pijul
sqlite.dev
sqlite
# editing
nil # nix language server
shellcheck
editorconfig-core-c
shfmt
(aspellWithDicts (
dicts: with dicts; [
en
en-computers
en-science
de
]
))
# system tools
htop-vim # htop with vim bindings
erdtree # du+tree had sex
dua # ncdu but better
gopass
gopass-jsonapi
gopass-hibp
gcc
cmake
graphviz
plantuml
gnuplot
pandoc
hledger
hledger-web
hledger-ui
nix-prefetch-git
];
home.extraOutputsToInstall = [
"doc"
"info"
"devdoc"
];
xdg.enable = true;
xdg.configFile.tmux = {
target = "tmux/tmux.conf";
text = ''
set -g default-terminal "xterm-256color"
set-window-option -g xterm-keys on
set -ag update-environment "SSH_TTY SSH_CLIENT"
set -g prefix C-z
set -g status-keys vi
setw -g mode-keys vi
setw -g aggressive-resize on
set -g mouse on
# do not wait for a manually entered escape sequence, just forward it immediately
set -g escape-time 0
bind-key C-z send-prefix
set -g renumber-windows on
bind-key T swap-window -t 0
'';
};
xdg.configFile.pijul = {
target = "pijul/config.toml";
text = ''
[author]
name = "${user.name}"
full_name = "${user.fullName}"
email = "${user.mail}"
'';
};
programs = {
bash = {
enable = true;
};
# better cat
bat.enable = true;
# htop replacement with a nice UI
btop.enable = true;
# better ls with icons and stuff, maybe also try lsd
${myEza} = {
enable = true;
icons = "auto";
};
starship = {
enable = true;
};
direnv = {
enable = true;
nix-direnv = {
enable = true;
};
enableZshIntegration = true;
enableBashIntegration = true;
};
gh = {
enable = true;
settings.git_protocol = "ssh";
};
gpg = {
enable = true;
settings = {
homedir = "~/.local/share/gnupg";
};
};
helix = {
enable = true;
settings.theme = "gruvbox";
};
password-store = {
enable = true;
package = pkgs.gopass;
settings = {
PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
};
};
ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"*" = {
controlMaster = "auto";
controlPersist = "10m";
};
};
};
texlive.enable = true;
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
defaultCacheTtl = 7200;
defaultCacheTtlSsh = 7200;
};
home.file.".local" = {
recursive = true;
source = ./local;
};
}

27
home/alex/default.nix
View file

@ -1,27 +0,0 @@
{
config,
lib,
pkgs,
inputs,
...
}:
{
imports = [ ];
users.users."alex" = {
isNormalUser = true;
extraGroups = [
"input"
"networkmanager"
"wheel"
"video"
];
description = "Alexander Kobjolke";
home = "/home/alex";
shell = pkgs.zsh;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alex = import ./home.nix;
}

119
home/alex/home.nix
View file

@ -1,119 +0,0 @@
{
config,
lib,
pkgs,
stable,
...
}:
{
imports = [
./cli.nix
./programs/rofi
# ./programs/xmonad
# ./programs/i3
./programs/jitsi-meet
./programs/simplex-chat
./programs/zathura
./programs/autorandr
# ./services/polybar
# ./services/dunst
# ./services/udiskie
# ./services/picom
# ./services/screen-locker
# ./services/blueman-applet
# ./services/network-manager
./services/syncthing
./services/git-sync
./modules/email.nix
];
home = {
homeDirectory = "/home/alex";
stateVersion = "21.05";
language.base = "en_US.UTF-8";
keyboard.layout = "us";
keyboard.variant = "dvorak";
keyboard.options = [
"terminate:ctrl_alt_bksp"
"caps:escape"
"compose:ralt"
];
packages = with pkgs; [
# social
discord # talk to other people
google-chrome
signal-desktop
# system tools
uhk-agent # my keyboard
mosh # ssh via udp
rclone
parallel-disk-usage
gdu
gnomeExtensions.paperwm
# gaming support
stable.bottles
wine64Packages.stagingFull
scummvm
# reading
xournalpp # pdf editor
];
};
news.display = "silent";
my.git-sync.enable = true;
programs = {
alacritty.enable = true;
browserpass = {
enable = true;
browsers = [ "firefox" ];
};
feh.enable = true;
firefox = {
enable = true;
package = pkgs.firefox.override {
cfg = {
nativeMessagingHosts.packages = [
pkgs.browserpass
pkgs.tridactyl-native
];
enableGnomeExtensions = true;
};
};
};
mpv.enable = true;
zsh =
let
auth-socket-env = ''
export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf -L agent-ssh-socket)"
'';
in
{
enable = true;
loginExtra = auth-socket-env;
initContent = auth-socket-env;
};
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
sshKeys = [ "9027AB16B9A7C20BD29F30F55CBA054430BF014C" ];
extraConfig = ''
pinentry-program ${pkgs.pinentry.qt}/bin/pinentry
'';
};
xsession.enable = true;
}

58
home/alex/modules/email.nix
View file

@ -1,58 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
mkAccount =
addr:
let
domain = lib.lists.elemAt (lib.strings.splitString "@" addr) 1;
in
{
address = addr;
gpg = {
key = "F2132F0C63730C6BC42BCC2A41A6D13FECA21280";
signByDefault = true;
};
mbsync = {
enable = true;
create = "maildir";
};
passwordCommand = "${lib.getBin pkgs.gopass}/bin/gopass --nosync show -o eMail/${domain}/${addr}";
msmtp.enable = true;
notmuch.enable = true;
realName = "Alexander Kobjolke";
userName = addr;
};
in
{
programs.afew.enable = true;
programs.mbsync.enable = true;
programs.msmtp.enable = true;
programs.notmuch = {
enable = true;
hooks.preNew = "mbsync --all";
};
programs.mu = {
enable = true;
};
accounts.email = {
accounts.failco = mkAccount "me@failco.de" // {
primary = true;
imap.host = "thrall.failco.de";
smtp.host = "thrall.failco.de";
};
accounts.jakalx = mkAccount "alex@jakalx.net" // {
imap.host = "thrall.failco.de";
smtp.host = "thrall.failco.de";
};
accounts.google = mkAccount "petry.alexander@gmail.com" // {
flavor = "gmail.com";
};
};
}

12
home/alex/programs/autorandr/default.nix
View file

@ -1,12 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.programs.autorandr = {
enable = true;
};
}

5
home/alex/programs/devenv.nix
View file

@ -1,5 +0,0 @@
{ pkgs, ... }:
{
config.home.packages = [ pkgs.devenv ];
}

18
home/alex/programs/editorconfig/default.nix
View file

@ -1,18 +0,0 @@
{ config, lib, pkgs, ... }:
{
editorconfig = {
enable = true;
settings = {
"*" = {
charset = "utf-8";
end_of_line = "lf";
trim_trailing_whitespace = true;
insert_final_newline = true;
max_line_width = 78;
indent_style = "space";
indent_size = 2;
};
};
};
}

26
home/alex/programs/emacs/default.nix
View file

@ -1,26 +0,0 @@
{
pkgs,
...
}:
let
emacsclient-wrapper = pkgs.writeShellScriptBin "e" ''
exec ${pkgs.emacs}/bin/emacsclient --reuse-frame --no-wait "$@"
'';
in
{
home = {
sessionPath = [ "$HOME/.emacs.d/bin" ];
packages = [ emacsclient-wrapper ];
};
programs.emacs = {
enable = true;
extraPackages = epkgs: with epkgs; [ vterm ];
};
services.emacs = {
enable = true;
defaultEditor = true;
startWithUserSession = true;
};
}

410
home/alex/programs/emacs/doom/config.el
View file

@ -1,410 +0,0 @@
;;; $DOOMDIR/config.el -*- lexical-binding: t; -*-
;; Place your private configuration here! Remember, you do not need to run 'doom
;; sync' after modifying this file!
(setq ak/at-work? (getenv "I_AM_AT_WORK"))
;; Some functionality uses this to identify you, e.g. GPG configuration, email
;; clients, file templates and snippets.
(setq! user-full-name "Alexander Kobjolke"
user-mail-address "me@failco.de"
auth-sources '("~/.local/share/emacs/authinfo.gpg" "~/.authinfo.gpg" "~/.netrc")
auth-source-cache-expiry nil)
(when ak/at-work?
(setq! user-mail-address "alexander.kobjolke@atlas-elektronik.com"))
;; Doom exposes five (optional) variables for controlling fonts in Doom. Here
;; are the three important ones:
;;
;; + `doom-font'
;; + `doom-variable-pitch-font'
;; + `doom-big-font' -- used for `doom-big-font-mode'; use this for
;; presentations or streaming.
;;
;; They all accept either a font-spec, font string ("Input Mono-12"), or xlfd
;; font string. You generally only need these two:
;; (setq doom-font (font-spec :family "monospace" :size 12 :weight 'semi-light)
;; doom-variable-pitch-font (font-spec :family "sans" :size 13))
;; There are two ways to load a theme. Both assume the theme is installed and
;; available. You can either set `doom-theme' or manually load a theme with the
;; `load-theme' function. This is the default:
(setq! doom-theme 'doom-gruvbox)
(setq! doom-localleader-key ",")
(setq! doom-localleader-alt-key "M-,")
(require 're-builder)
(setq! reb-re-syntax 'string)
;; do not create a new workspace for each emacsclient
;; (after! persp-mode
;;   (setq! persp-emacsclient-init-frame-behaviour-override "main"))
(after! lsp
(add-to-list 'lsp-file-watch-ignored-directories "[/\\\\]\\.devenv\\'")
(add-to-list 'lsp-file-watch-ignored-directories "[/\\\\]target\\'")
)
(defun set-frame-alpha (arg &optional active)
"Interactively set the transparency of the active frame"
(interactive "nEnter alpha value (1-100): \np")
(let* ((elt (assoc 'alpha default-frame-alist))
(old (frame-parameter nil 'alpha))
(new (cond ((atom old) `(,arg ,arg))
((eql 1 active) `(,arg ,(cadr old)))
(t `(,(car old) ,arg)))))
(if elt (setcdr elt new) (push `(alpha ,@new) default-frame-alist))
(set-frame-parameter nil 'alpha new)))
(defun my/org-id-update-id-current-file ()
"Scan the current buffer for Org-ID locations and update them."
(interactive)
(org-id-update-id-locations (list (buffer-file-name (current-buffer)))))
(setq! undo-limit 80000000 ; Raise undo-limit to 80Mb
auto-save-default t ; Nobody likes to loose work, I certainly don't
;; switch-to-buffer-in-dedicated-window 'pop
;; switch-to-buffer-obey-display-actions t
)
;; tweak some VI defaults
(after! evil
(setq! evil-ex-substitute-global t ; I like my s/../.. to be global by default
evil-move-cursor-back nil ; Don't move the block cursor when toggling insert mode
evil-want-fine-undo t ; By default while in insert all changes are one big blob. Be more granular
evil-want-Y-yank-to-eol t
evil-escape-key-sequence "qq" ; define an escape sequence
evil-escape-delay 0.175
evil-move-beyond-eol t ; let the cursor move beyond eol just as in regular emacs
evil-kill-on-visual-paste nil ; Don't put overwritten text in the kill ring
evil-snipe-override-evil-repeat-keys nil))
;; This determines the style of line numbers in effect. If set to `nil', line
;; numbers are disabled. For relative line numbers, set this to `relative'.
(setq! display-line-numbers-type 'relative)
;; mouse
;; enable mouse reporting for terminal emulators
(unless window-system
(xterm-mouse-mode 1)
(global-set-key [mouse-4] (lambda ()
(interactive)
(scroll-down 1)))
(global-set-key [mouse-5] (lambda ()
(interactive)
(scroll-up 1))))
(use-package! org
:init
;; If you use `org' and don't want your org files in the default location below,
;; change `org-directory'. It must be set before org loads!
(setq! org-directory "~/org/")
(setq! org-log-into-drawer t
org-agenda-include-diary t
org-agenda-sticky t
org-todo-keywords '(
(sequence "NEXT(n)" "TODO(t)" "WAIT(w@/!)" "|" "DONE(d!)" "CNCL(k@)")
(sequence "[ ](T)" "[-](S)" "[?](W)" "|" "[X](D)")
)
org-tag-alist '(
;; Places
("@home" . ?h)
("@work" . ?w)
;; devices
("@phone" . ?p)
("@computer" . ?c)
;;
("@email" . ?e)
))
:config
(use-package! org-ql)
(use-package! org-modern)
(use-package! org-bookmark-heading)
(add-hook! 'org-mode-hook #'+org-init-keybinds-h))
(use-package! org-contacts
:after org
:custom (org-contacts-files '("~/org/contacts.org")))
(use-package! activities
:demand t
:config
(defun ak/activities-define--with-prefix-arg ()
"Call 'C-u activities-define' in order to save the current activity."
(interactive)
(let ((current-prefix-arg '(4)))
(call-interactively #'activities-define)))
(activities-mode)
(activities-tabs-mode)
(setopt tab-bar-show 1)
(map!
(:prefix-map ("C-c a" . "Activities")
:desc "Switch activity" "a" #'activities-switch
:desc "Resume activity" "r" #'activities-resume
:desc "Create new activity" "n" #'activities-new
:desc "List activities" "l" #'activities-list
:desc "Save current activity " "s" #'ak/activities-define--with-prefix-arg
:desc "Save all activities" "S" #'activities-save-all
:desc "Revert activity to default" "R" #'activities-revert
)
)
)
(when ak/at-work?
(after! forge
(add-to-list 'forge-alist '("gitlab.atlas.de" "gitlab.atlas.de/api/v4" "gitlab.atlas.de" forge-gitlab-repository)))
(after! haskell-mode
(setq haskell-process-type 'cabal-new-repl))
(setq! plantuml-jar-path "~/opt/plantuml.jar")
(setq! org-plantuml-jar-path plantuml-jar-path)
(after! lsp
(add-to-list 'lsp-disabled-clients 'cmakels))
(add-to-list '+format-on-save-disabled-modes 'cmake-mode)
(add-to-list '+format-on-save-disabled-modes 'nxml-mode)
(use-package! code-review
:init
(setq code-review-auth-login-marker 'forge)
;; (setq code-review-gitlab-host "gitlab.atlas.de/api")
;; (setq code-review-gitlab-graphql-host "gitlab.atlas.de/api")
:config
(add-hook 'code-review-mode-hook
(lambda ()
;; include *Code-Review* buffer into current workspace
(persp-add-buffer (current-buffer))))))
(after! magit
(transient-append-suffix 'magit-fetch "-t"
'("-f" "Bypass safety checks" "--force"))
)
(setq ak/bibliography (list (concat org-directory "references.bib")))
;; (setq org-cite-global-bibliography (list (concat org-directory "references.bib")))
(setq! bibtex-completion-bibliography ak/bibliography)
(setq! citar-bibliography ak/bibliography)
(after! ledger-mode
(setq!
;; Use an ISO date format for ledger entries
ledger-default-date-format "%Y-%m-%d"
ledger-binary-path "hledger"
ledger-report-auto-width nil
ledger-mode-should-check-version nil
ledger-init-file-name " "
ledger-post-amount-alignment-column 58
ledger-report-native-highlighting-arguments '("--color=always")
ledger-highlight-xact-under-point t)
(setq! ledger-reports
'(("bal" "%(binary) -f %(ledger-file) bal -B")
("reg" "%(binary) -f %(ledger-file) reg -B")
("payee" "%(binary) -f %(ledger-file) reg -B @%(payee)")
("account" "%(binary) -f %(ledger-file) reg -B %(account)"))) )
(after! lsp-haskell
(setq lsp-haskell-formatting-provider "fourmolu")
;; will define elisp functions for the given lsp code actions, prefixing the
;; given function names with "lsp"
(lsp-make-interactive-code-action wingman-fill-hole "refactor.wingman.fillHole")
(lsp-make-interactive-code-action wingman-case-split "refactor.wingman.caseSplit")
(lsp-make-interactive-code-action wingman-refine "refactor.wingman.refine")
(lsp-make-interactive-code-action wingman-split-func-args "refactor.wingman.spltFuncArgs")
(lsp-make-interactive-code-action wingman-use-constructor "refactor.wingman.useConstructor")
;; example key bindings
;; (define-key haskell-mode-map (kbd "C-c d") #'lsp-wingman-case-split)
;; (define-key haskell-mode-map (kbd "C-c n") #'lsp-wingman-fill-hole)
;; (define-key haskell-mode-map (kbd "C-c r") #'lsp-wingman-refine)
;; (define-key haskell-mode-map (kbd "C-c c") #'lsp-wingman-use-constructor)
;; (define-key haskell-mode-map (kbd "C-c a") #'lsp-wingman-split-func-args)
)
;; Org GTD support
(use-package! org-gtd
:after org
:demand t
:init
(setq! org-gtd-update-ack "3.0.0")
:config
(setf org-gtd-id--generate #'org-id-get-create)
(setq! org-gtd-directory org-directory)
(setq! org-gtd-default-file-name "actionable")
(setq! org-gtd-refile-to-any-target nil)
(setq! org-gtd-engage-prefix-width 40)
(setq! org-edna-use-inheritance t)
;; (setq org-gtd-areas-of-focus '("house" "haskell" "foss"))
(setq org-gtd-organize-hooks nil)
(org-edna-mode)
(map! :leader
:desc "Capture" "X" #'org-gtd-capture
(:prefix-map ("d" . "GTD")
:desc "Capture" "c" #'org-gtd-capture
:desc "Engage" "e" #'org-gtd-engage
:desc "Engage Context" "@" #'org-gtd-engage-grouped-by-context
:desc "Process inbox" "p" #'org-gtd-process-inbox
:desc "Show all next" "n" #'org-gtd-show-all-next
:desc "Fix project" "f" #'org-gtd-projects-fix-todo-keywords-for-project-at-point
(:prefix-map ("r" . "Review")
:desc "Stuck projects" "p" #'org-gtd-review-stuck-projects
:desc "Stuck actions" "a" #'org-gtd-review-stuck-single-action-items
:desc "Stuck habits" "h" #'org-gtd-review-stuck-habit-items
)
))
(map! :map org-gtd-clarify-map
:desc "Organize this item" "C-c C-c" #'org-gtd-organize)
(map! (:prefix-map ("C-c d" . "GTD")
:desc "Capture" "c" #'org-gtd-capture
:desc "Engage" "e" #'org-gtd-engage
:desc "Engage Context" "@" #'org-gtd-engage-grouped-by-context
:desc "Process inbox" "p" #'org-gtd-process-inbox
:desc "Show all next" "n" #'org-gtd-show-all-next
:desc "Fix project" "f" #'org-gtd-projects-fix-todo-keywords-for-project-at-point
(:prefix-map ("r" . "Review")
:desc "Stuck projects" "p" #'org-gtd-review-stuck-projects
:desc "Stuck actions" "a" #'org-gtd-review-stuck-single-action-items
:desc "Stuck habits" "h" #'org-gtd-review-stuck-habit-items))))
(after! org-habit
(setq org-habit-show-habits t
org-habit-preceding-days 35
org-habit-following-days 7))
(use-package! org-edna
:after org-gtd
:init
(setq org-edna-use-inheritance t)
:config
(org-edna-mode 1))
(use-package! nov
:mode ("\\.epub\\'" . nov-mode)
:config
(setq nov-save-place-file (concat doom-cache-dir "nov-places")))
(use-package! protobuf-mode
:mode ("\\.proto\\'" . protobuf-mode))
(use-package! systemd
:mode ("\\.\\(service\\|target\\|socket\\|timer\\)\\'" . systemd-mode))
(use-package! org-present
:after org)
(use-package! denote
:after org
:config
(setq! denote-directory (concat org-directory "/notes"))
(map! :leader
(:prefix-map ("n" . "notes")
:desc "Denote" "d" #'denote-open-or-create-with-command
))
:bind
(("C-c n d" . #'denote-open-or-create-with-command))
)
(use-package! denote-org
:after denote)
(use-package! denote-journal
:after denote)
(use-package! denote-menu
:after denote)
(use-package! denote-sequence
:after denote)
(use-package! org-super-agenda
:after org-agenda
:init
(setq! org-agenda-skip-deadline-if-done t
org-agenda-skip-scheduled-if-done t
org-agenda-include-deadlines t
org-agenda-block-separator nil
org-agenda-compact-blocks t
org-agenda-start-day nil
org-agenda-span 1
org-agenda-start-on-weekday nil)
(setq! org-agenda-custom-commands
'(("a" "Getting Things done"
((agenda "" ((org-agenda-overriding-header "")
(org-super-agenda-groups
'((:name "Today"
:time-grid t
:date today
:order 1)))))
(alltodo "" ((org-agenda-overriding-header "")
(org-super-agenda-groups
'(;(:log t)
(:name "Waiting for..."
:todo "WAIT"
:order 1)
(:discard (:not (:todo ("NEXT" "STRT"))))
(:name "Next actions"
:auto-parent (:todo ("NEXT" "STRT"))
:order 2
)
(:discard (:anything t)
:order 99)
))))
))))
:config
(org-super-agenda-mode)
)
(use-package! org-fc
:after org straight
:config
(setq! org-fc-directories (concat org-directory "/cards"))
(setq! org-fc-source-path (concat straight-base-dir "repos/org-fc"))
)
(after! vterm
(setq vterm-min-window-width 50)
)
(use-package! consult-denote
:after denote)
(use-package! cov)
;(use-package! casual-suite)
(map! :desc "Move workspace to the left" :leader :n "TAB <" #'+workspace/swap-left)
(map! :desc "Move workspace to the left" :leader :n "TAB >" #'+workspace/swap-right)
;; Here are some additional functions/macros that could help you configure Doom:
;;
;; - `load!' for loading external *.el files relative to this one
;; - `use-package!' for configuring packages
;; - `after!' for running code after a package has loaded
;; - `add-load-path!' for adding directories to the `load-path', relative to
;; this file. Emacs searches the `load-path' when you load packages with
;; `require' or `use-package'.
;; - `map!' for binding new keys
;;
;; To get information about any of these functions/macros, move the cursor over
;; the highlighted symbol at press 'K' (non-evil users must press 'C-c c k').
;; This will open documentation for it, including demos of how they are used.
;;
;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how
;; they are implemented.

51
home/alex/programs/emacs/doom/custom.el
View file

@ -1,51 +0,0 @@
(custom-set-variables
;; custom-set-variables was added by Custom.
;; If you edit it by hand, you could mess it up, so be careful.
;; Your init file should contain only one such instance.
;; If there is more than one, they won't work right.
'(ansi-color-names-vector
["#282c34" "#ff6c6b" "#98be65" "#ECBE7B" "#51afef" "#c678dd" "#46D9FF" "#bbc2cf"])
'(custom-safe-themes
'("c4063322b5011829f7fdd7509979b5823e8eea2abf1fe5572ec4b7af1dd78519" "835868dcd17131ba8b9619d14c67c127aa18b90a82438c8613586331129dda63" "7eea50883f10e5c6ad6f81e153c640b3a288cd8dc1d26e4696f7d40f754cc703" default))
'(exwm-floating-border-color "#191b20")
'(fci-rule-color "#5B6268")
'(highlight-tail-colors
((("#333a38" "#99bb66" "green")
. 0)
(("#2b3d48" "#46D9FF" "brightcyan")
. 20)))
'(jdee-db-active-breakpoint-face-colors (cons "#1B2229" "#51afef"))
'(jdee-db-requested-breakpoint-face-colors (cons "#1B2229" "#98be65"))
'(jdee-db-spec-breakpoint-face-colors (cons "#1B2229" "#3f444a"))
'(objed-cursor-color "#ff6c6b")
'(pdf-view-midnight-colors (cons "#bbc2cf" "#282c34"))
'(rustic-ansi-faces
["#282c34" "#ff6c6b" "#98be65" "#ECBE7B" "#51afef" "#c678dd" "#46D9FF" "#bbc2cf"])
'(vc-annotate-background "#282c34")
'(vc-annotate-color-map
(list
(cons 20 "#98be65")
(cons 40 "#b4be6c")
(cons 60 "#d0be73")
(cons 80 "#ECBE7B")
(cons 100 "#e6ab6a")
(cons 120 "#e09859")
(cons 140 "#da8548")
(cons 160 "#d38079")
(cons 180 "#cc7cab")
(cons 200 "#c678dd")
(cons 220 "#d974b7")
(cons 240 "#ec7091")
(cons 260 "#ff6c6b")
(cons 280 "#cf6162")
(cons 300 "#9f585a")
(cons 320 "#6f4e52")
(cons 340 "#5B6268")
(cons 360 "#5B6268")))
'(vc-annotate-very-old-color nil))
(custom-set-faces
;; custom-set-faces was added by Custom.
;; If you edit it by hand, you could mess it up, so be careful.
;; Your init file should contain only one such instance.
;; If there is more than one, they won't work right.
)

194
home/alex/programs/emacs/doom/init.el
View file

@ -1,194 +0,0 @@
;;; init.el -*- lexical-binding: t; -*-
;; This file controls what Doom modules are enabled and what order they load
;; in. Remember to run 'doom sync' after modifying it!
;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
;; documentation. There you'll find a "Module Index" link where you'll find
;; a comprehensive list of Doom's modules and what flags they support.
;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
;; 'C-c c k' for non-vim users) to view its documentation. This works on
;; flags as well (those symbols that start with a plus).
;;
;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
;; directory (for easy access to its source code).
(doom! :input
;;chinese
;;japanese
;;layout ; auie,ctsrnm is the superior home row
:completion
;; company ; the ultimate code completion backend
;;helm ; the *other* search engine for love and life
;;ido ; the other *other* search engine...
;;ivy ; a search engine for love and life
(vertico +orderless +icons) ; the search engine of the future
(corfu +orderless +icons +dabbrev)
:ui
;;deft ; notational velocity for Emacs
doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs
doom-quit ; DOOM quit-message prompts when you quit Emacs
(emoji +unicode +github +ascii) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;hydra
;;indent-guides ; highlighted indent columns
;;(ligatures +extra) ; ligatures and symbols to make your code pretty again
;;minimap ; show a map of the code on the side
modeline ; snazzy, Atom-inspired modeline, plus API
nav-flash ; blink cursor line after big motions
;;neotree ; a project drawer, like NERDTree for vim
ophints ; highlight the region an operation acts on
(popup +defaults +all) ; tame sudden yet inevitable temporary windows
;;tabs ; a tab bar for Emacs
;;treemacs ; a project drawer, like neotree but cooler
unicode ; extended unicode support for various languages
(vc-gutter +diff-hl) ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB
(window-select +numbers) ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces
zen ; distraction-free coding or writing
:editor
(evil +everywhere); come to the dark side, we have cookies
file-templates ; auto-snippets for empty files
fold ; (nigh) universal code folding
(format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys
;; lispy ; vim for lisp, for people who don't like vim
multiple-cursors
; editing in many places at once
;;objed ; text object editing for the innocent
;; parinfer ; turn lisp into python, sort of
rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to
word-wrap ; soft wrapping with language-aware indent
:emacs
(dired +ranger +icons) ; making dired pretty [functional]
electric ; smarter, keyword-based electric-indent
(ibuffer +icons) ; interactive buffer management
undo ; persistent, smarter undo for your inevitable mistakes
vc ; version-control and Emacs, sitting in a tree
:term
eshell ; the elisp shell that works everywhere
;;shell ; simple shell REPL for Emacs
;;term ; basic terminal emulator for Emacs
vterm ; the best terminal emulation in Emacs
:checkers
syntax ; tasing you for every semicolon you forget
(spell +flyspell +everywhere +aspell) ; tasing you for misspelling mispelling
;;grammar ; tasing grammar mistake every you make
:tools
ansible
biblio ; Writes a PhD for you (citation needed)
(debugger +lsp) ; FIXME stepping through code, to help you add bugs
direnv
(docker +lsp)
editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls)
;;gist ; interacting with github gists
lookup ; navigate your code and its documentation
(lsp) ; M-x vscode
(magit +forge) ; a git porcelain for Emacs
make ; run make tasks from Emacs
pass ; password manager for nerds
pdf ; pdf enhancements
;;prodigy ; FIXME managing external services & code builders
;;rgb ; creating color strings
;;taskrunner ; taskrunner for all your projects
tmux ; an API for interacting with tmux
tree-sitter
(terraform +lsp) ; infrastructure as code
;;upload ; map local to remote projects via ssh/ftp
:os
(:if IS-MAC macos) ; improve compatibility with macOS
(tty +osc) ; improve the terminal Emacs experience
:lang
;;agda ; types of types of types of types...
;;beancount ; mind the GAAP
(cc +lsp +tree-sitter) ; C > C++ == 1
;;clojure ; java with a lisp
common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c
;;csharp ; unity, .NET, and mono shenanigans
data ; config/data formats
;;(dart +flutter) ; paint ui and not much else
;;dhall
(elixir +lsp +tree-sitter) ; erlang done right
(elm +lsp +tree-sitter) ; care for a cup of TEA?
emacs-lisp ; drown in parentheses
(erlang +lsp +tree-sitter) ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics
;;factor
;;faust ; dsp, but you get to keep your soul
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
(go +lsp +tree-sitter) ; the hipster dialect
(graphql +lsp) ; Give queries a REST
(haskell +lsp +tree-sitter) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on
(json +lsp +tree-sitter) ; At least it ain't XML
(java +lsp +tree-sitter) ; the poster child for carpal tunnel syndrome
javascript ; all(hope(abandon(ye(who(enter(here))))))
;;julia ; a better, faster MATLAB
(kotlin +lsp) ; a better, slicker Java(Script)
latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove
ledger ; be audit you can be
(lua +lsp +tree-sitter) ; one-based indices? one-based indices
(markdown +grip) ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c
(nix +lsp +tree-sitter) ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel
(org +pandoc +present +gnuplot +noter) ; organize your plain life in plain text
;;php ; perl's insecure younger brother
plantuml ; diagrams for confusing people more
(purescript +lsp) ; javascript, but functional
(python +lsp +tree-sitter +pyenv) ; beautiful is better than ugly
qt ; the 'cutest' gui framework ever
(racket +lsp +xp) ; a DSL for DSLs
;;raku ; the artist formerly known as perl6
(rest +jq) ; Emacs as a REST client
;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
(rust +lsp +tree-sitter) ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps
(sh +lsp +tree-sitter) ; she sells {ba,z,fi}sh shells on the C xor
;;sml
;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance.
(web +lsp +tree-sitter) ; the tubes
(yaml +lsp +tree-sitter) ; JSON, but readable
(zig +lsp +tree-sitter) ; C, but simpler
:email
(mu4e +org +gmail +mbsync)
;; (notmuch +org +afew)
;;(wanderlust +gmail)
:app
calendar
;;emms
;;everywhere ; *leave* Emacs!? You must be joking
irc ; how neckbeards socialize
(rss +org) ; emacs as an RSS reader
;;twitter ; twitter client https://twitter.com/vnought
:config
;;literate
(default +bindings +gnupg +smartparens))

93
home/alex/programs/emacs/doom/packages.el
View file

@ -1,93 +0,0 @@
;; -*- no-byte-compile: t; -*-
;;; $DOOMDIR/packages.el
;; To install a package with Doom you must declare them here and run 'doom sync'
;; on the command line, then restart Emacs for the changes to take effect -- or
;; use 'M-x doom/reload'.
;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror:
;;(package! some-package)
;; To install a package directly from a remote git repo, you must specify a
;; `:recipe'. You'll find documentation on what `:recipe' accepts here:
;; https://github.com/raxod502/straight.el#the-recipe-format
;;(package! another-package
;; :recipe (:host github :repo "username/repo"))
;; If the package you are trying to install does not contain a PACKAGENAME.el
;; file, or is located in a subdirectory of the repo, you'll need to specify
;; `:files' in the `:recipe':
;;(package! this-package
;; :recipe (:host github :repo "username/repo"
;; :files ("some-file.el" "src/lisp/*.el")))
;; If you'd like to disable a package included with Doom, you can do so here
;; with the `:disable' property:
;;(package! builtin-package :disable t)
;; You can override the recipe of a built in package without having to specify
;; all the properties for `:recipe'. These will inherit the rest of its recipe
;; from Doom or MELPA/ELPA/Emacsmirror:
;;(package! builtin-package :recipe (:nonrecursive t))
;;(package! builtin-package-2 :recipe (:repo "myfork/package"))
;; Specify a `:branch' to install a package from a particular branch or tag.
;; This is required for some packages whose default branch isn't 'master' (which
;; our package manager can't deal with; see raxod502/straight.el#279)
;;(package! builtin-package :recipe (:branch "develop"))
;; Use `:pin' to specify a particular commit to install.
;(package! builtin-package :pin "1a2b3c4d5e")
;; Doom's packages are pinned to a specific commit and updated from release to
;; release. The `unpin!' macro allows you to unpin single packages...
;(unpin! pinned-package)
;; ...or multiple packages
;(unpin! pinned-package another-pinned-package)
;; ...Or *all* packages (NOT RECOMMENDED; will likely break things)
;;(unpin! t)
;;(package! this-package
;; :recipe (:host github :repo "username/repo"
;; :files ("some-file.el" "src/lisp/*.el")))
;;(unpin! compat)
;;(unpin! with-editor ghub)
;;(package! transient :pin "25b994a565ce8035330b0a3071ee430c0282349e") ; 0.8.8
(package! ormolu)
(package! org-gtd
:recipe (:host github :repo "Trevoke/org-gtd.el" :branch "master"))
(package! org-fc
:recipe (:host sourcehut :repo "l3kn/org-fc" :branch "main"))
(package! org-edna)
(package! org-review
:recipe (:host github :repo "jakalx/org-review" :branch "master"))
(package! sqlite3)
(package! emacsql-sqlite3)
(package! nov)
(package! org-present)
(package! denote)
(package! denote-org)
(package! denote-journal)
(package! denote-menu)
(package! denote-sequence)
(package! org-super-agenda)
(package! org-modern)
(package! org-ql)
(package! org-contacts)
(package! org-bookmark-heading)
(package! activities
:recipe (:host github :repo "alphapapa/activities.el" :branch "master"))
;; (package! elfeed-web)
(package! systemd)
(package! protobuf-mode)
(package! cov)
(package! modus-themes)
(package! consult-denote)
(package! casual-suite)

3
home/alex/programs/emacs/doom/snippets/org-mode/__
View file

@ -1,3 +0,0 @@
# -*- mode: snippet -*-
# name: Org Template file
# --

5
home/alex/programs/fzf/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
programs.fzf = { enable = true; };
}

83
home/alex/programs/git/default.nix
View file

@ -1,83 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs.git = {
enable = true;
lfs.enable = true;
ignores = [
"*~"
"*.swp"
"result"
"dist-newstyle"
".direnv"
"*.bak"
".pre-commit-config.yaml"
];
signing = {
key = "41A6D13FECA21280";
signByDefault = false;
};
settings = {
pull = {
rebase = true;
};
merge = {
conflictstyle = "diff3";
};
submodule = {
recurse = true;
};
user = {
# TODO create option for my own account meta data
email = "me@failco.de";
name = "Alexander Kobjolke";
};
alias = {
a = "add";
c = "commit";
ca = "commit --amend";
can = "commit --amend --no-edit";
cl = "clone";
cm = "commit -m";
co = "checkout";
cp = "cherry-pick";
cpx = "cherry-pick -x";
d = "diff";
f = "fetch";
fo = "fetch origin";
fu = "fetch upstream";
lol = "log --graph --decorate --pretty=oneline --abbrev-commit";
lola = "log --graph --decorate --pretty=oneline --abbrev-commit --all";
pl = "pull";
pr = "pull -r";
ps = "push";
psf = "push -f";
rb = "rebase";
rbi = "rebase -i";
r = "remote";
ra = "remote add";
rr = "remote rm";
rv = "remote -v";
rs = "remote show";
st = "status";
};
init.defaultBranch = "main";
};
};
programs.delta = {
enable = true;
enableGitIntegration = true;
};
programs.git-cliff = {
enable = true;
};
}

15
home/alex/programs/i3/default.nix
View file

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.xsession.windowManager.i3 = {
enable = true;
config = {
modifier = "Mod4";
};
};
}

11
home/alex/programs/jitsi-meet/default.nix
View file

@ -1,11 +0,0 @@
{
config,
lib,
pkgs,
stable,
...
}:
{
config.home.packages = [ stable.jitsi-meet-electron ];
}

12
home/alex/programs/jq/default.nix
View file

@ -1,12 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs.jq = {
enable = true;
};
}

21
home/alex/programs/jujutsu/default.nix
View file

@ -1,21 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
programs.jujutsu = {
enable = true;
settings = {
user.name = config.programs.git.settings.user.name;
user.email = config.programs.git.settings.user.email;
ui.default-command = "log";
aliases.init = [
"git"
"init"
];
};
};
}

20
home/alex/programs/neovim/default.nix
View file

@ -1,20 +0,0 @@
{ config, lib, pkgs, ... }:
{
programs.neovim = {
enable = true;
vimAlias = true;
extraConfig = ''
set nowrap
'';
plugins = with pkgs.vimPlugins; [
vim-nix
indentLine
indent-blankline-nvim
neoformat
];
};
}

20
home/alex/programs/rofi/default.nix
View file

@ -1,20 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.programs.rofi = {
enable = true;
plugins = with pkgs; [ rofi-calc rofi-emoji ];
terminal = "${pkgs.alacritty}/bin/alacritty";
theme = ./themes/gruvbox-dark-soft.rasi;
pass = {
enable = true;
stores = [ config.programs.password-store.settings.PASSWORD_STORE_DIR ];
extraConfig = ''
default_user=:filename
'';
};
};
# let rofi insert emojis directly
config.home.packages = [ pkgs.xdotool ];
}

191
home/alex/programs/rofi/themes/gruvbox-dark-soft.rasi
View file

@ -1,191 +0,0 @@
/* ==========================================================================
Rofi color theme
Based on the Gruvbox color scheme for Vim by morhetz
https://github.com/morhetz/gruvbox
File: gruvbox-dark-soft.rasi
Desc: Gruvbox dark (soft contrast) color theme for Rofi
Author: bardisty <b@bah.im>
Source: https://github.com/bardisty/gruvbox-rofi
Modified: Mon Feb 12 2018 06:04:37 PST -0800
========================================================================== */
* {
/* Theme settings */
highlight: bold italic;
scrollbar: true;
/* Gruvbox dark colors */
gruvbox-dark-bg0-soft: #32302f;
gruvbox-dark-bg1: #3c3836;
gruvbox-dark-bg3: #665c54;
gruvbox-dark-fg0: #fbf1c7;
gruvbox-dark-fg1: #ebdbb2;
gruvbox-dark-red-dark: #cc241d;
gruvbox-dark-red-light: #fb4934;
gruvbox-dark-yellow-dark: #d79921;
gruvbox-dark-yellow-light: #fabd2f;
gruvbox-dark-gray: #a89984;
/* Theme colors */
background: @gruvbox-dark-bg0-soft;
background-color: @background;
foreground: @gruvbox-dark-fg1;
border-color: @gruvbox-dark-gray;
separatorcolor: @border-color;
scrollbar-handle: @border-color;
normal-background: @background;
normal-foreground: @foreground;
alternate-normal-background: @gruvbox-dark-bg1;
alternate-normal-foreground: @foreground;
selected-normal-background: @gruvbox-dark-bg3;
selected-normal-foreground: @gruvbox-dark-fg0;
active-background: @gruvbox-dark-yellow-dark;
active-foreground: @background;
alternate-active-background: @active-background;
alternate-active-foreground: @active-foreground;
selected-active-background: @gruvbox-dark-yellow-light;
selected-active-foreground: @active-foreground;
urgent-background: @gruvbox-dark-red-dark;
urgent-foreground: @background;
alternate-urgent-background: @urgent-background;
alternate-urgent-foreground: @urgent-foreground;
selected-urgent-background: @gruvbox-dark-red-light;
selected-urgent-foreground: @urgent-foreground;
}
/* ==========================================================================
File: gruvbox-common.rasi
Desc: Shared rules between all gruvbox themes
Author: bardisty <b@bah.im>
Source: https://github.com/bardisty/gruvbox-rofi
Modified: Mon Feb 12 2018 06:06:47 PST -0800
========================================================================== */
window {
background-color: @background;
border: 2;
padding: 2;
}
mainbox {
border: 0;
padding: 0;
}
message {
border: 2px 0 0;
border-color: @separatorcolor;
padding: 1px;
}
textbox {
highlight: @highlight;
text-color: @foreground;
}
listview {
border: 2px solid 0 0;
padding: 2px 0 0;
border-color: @separatorcolor;
spacing: 2px;
scrollbar: @scrollbar;
}
element {
border: 0;
padding: 2px;
}
element.normal.normal {
background-color: @normal-background;
text-color: @normal-foreground;
}
element.normal.urgent {
background-color: @urgent-background;
text-color: @urgent-foreground;
}
element.normal.active {
background-color: @active-background;
text-color: @active-foreground;
}
element.selected.normal {
background-color: @selected-normal-background;
text-color: @selected-normal-foreground;
}
element.selected.urgent {
background-color: @selected-urgent-background;
text-color: @selected-urgent-foreground;
}
element.selected.active {
background-color: @selected-active-background;
text-color: @selected-active-foreground;
}
element.alternate.normal {
background-color: @alternate-normal-background;
text-color: @alternate-normal-foreground;
}
element.alternate.urgent {
background-color: @alternate-urgent-background;
text-color: @alternate-urgent-foreground;
}
element.alternate.active {
background-color: @alternate-active-background;
text-color: @alternate-active-foreground;
}
scrollbar {
width: 4px;
border: 0;
handle-color: @scrollbar-handle;
handle-width: 8px;
padding: 0;
}
mode-switcher {
border: 2px 0 0;
border-color: @separatorcolor;
}
inputbar {
spacing: 0;
text-color: @normal-foreground;
padding: 2px;
children: [ prompt, textbox-prompt-sep, entry, case-indicator ];
}
case-indicator,
entry,
prompt,
button {
spacing: 0;
text-color: @normal-foreground;
}
button.selected {
background-color: @selected-normal-background;
text-color: @selected-normal-foreground;
}
textbox-prompt-sep {
expand: false;
str: ":";
text-color: @normal-foreground;
margin: 0 0.3em 0 0;
}
element-text, element-icon {
background-color: inherit;
text-color: inherit;
}

35
home/alex/programs/shell/default.nix
View file

@ -1,35 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
home.shellAliases = {
suspend = "systemctl hibernate";
nrs = "sudo nixos-rebuild switch --flake ~/src/nixos-config";
nrb = "sudo nixos-rebuild build --flake ~/src/nixos-config";
};
programs.zsh = {
enable = true;
enableCompletion = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
initContent = ''
[ $TERM = "dumb" ] && unsetopt zle && PS1='$ '
'';
oh-my-zsh = {
enable = true;
plugins = [
"git"
"fzf"
"z"
];
theme = "simple";
};
};
}

5
home/alex/programs/simplex-chat/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.home.packages = [ pkgs.simplex-chat-desktop ];
}

157
home/alex/programs/xmonad/config.hs
View file

@ -1,157 +0,0 @@
import XMonad
import XMonad.Actions.CycleWS qualified as WS
import XMonad.Actions.Navigation2D (navigation2DP, windowGo, windowSwap)
import XMonad.Hooks.EwmhDesktops
import XMonad.Hooks.ManageDocks qualified as Docks
import XMonad.Hooks.ManageHelpers (doCenterFloat, doFullFloat, isDialog, isFullscreen)
import XMonad.Hooks.SetWMName
import XMonad.Layout.BinarySpacePartition
import XMonad.Layout.BorderResize (borderResize)
import XMonad.Layout.NoBorders (smartBorders)
import XMonad.Layout.ThreeColumns
import XMonad.Layout.ToggleLayouts (ToggleLayout (..), toggleLayouts)
import XMonad.ManageHook (doFloat)
import XMonad.StackSet as W
import XMonad.Util.EZConfig qualified as EZ
import XMonad.Util.NamedScratchpad
import XMonad.Util.Ungrab (unGrab)
import XMonad.Util.WorkspaceCompare qualified as WS
import Control.Monad (when)
import Numeric.Natural
import System.Environment (getArgs)
import System.FilePath ((</>))
import System.Info (arch, os)
import System.Posix.Process (executeFile)
import Text.Printf (printf)
compiledConfig = printf "xmonad-%s-%s" arch os
compileRestart resume = do
dirs <- asks directories
whenX (recompile dirs True) $ do
when resume writeStateToFile
catchIO
( do
args <- getArgs
executeFile (cacheDir dirs </> compiledConfig) False args Nothing
)
myLayout = smartBorders . borderResize . Docks.avoidStruts $ toggleLayouts Full emptyBSP
main :: IO ()
main = getDirectories >>= launch myConfig
-- change size of window using direction so that it can be used together with the navigation2D function
-- see: similar to windowGo and windowSwap
windowMoveSplit :: Direction2D -> Bool -> X ()
windowMoveSplit direction _ = sendMessage $ MoveSplit direction
data VolumeCommand
= ToggleVolume
| LowerVolume Natural
| RaiseVolume Natural
interpretVolumeCommand :: VolumeCommand -> String
interpretVolumeCommand command = "amixer -q set Master " <> cmd
where
cmd = case command of
ToggleVolume -> "toggle"
LowerVolume delta -> show delta <> "%-"
RaiseVolume delta -> show delta <> "%+"
changeVolume :: VolumeCommand -> X ()
changeVolume = spawn . interpretVolumeCommand
myWorkspaceFilter :: X WS.WorkspaceSort
myWorkspaceFilter = do
sortXineramaAware <- WS.getSortByXineramaRule
pure $ sortXineramaAware . WS.filterOutWs [scratchpadWorkspaceTag]
scratchpads =
[ NS
"notes"
"emacsclient -c -F '((name . \"gtd\"))'"
(resource =? "gtd")
doCenterFloat
, -- (customFloating $ W.RationalRect (1/6) (1/6) (2/3) (2/3))
NS
"shell"
"alacritty --class scratchpad"
(resource =? "scratchpad")
(customFloating $ W.RationalRect (1 / 6) (1 / 6) (2 / 3) (2 / 3))
]
myConfig =
addEwmhWorkspaceSort myWorkspaceFilter
. ewmhFullscreen
. ewmh
. Docks.docks
. nav
$ def
{ modMask = mod4Mask -- Use Super instead of Alt
, terminal = "alacritty"
, layoutHook = myLayout
, handleEventHook = handleEventHook def <+> fullscreenEventHook
, -- this seems to be necessary to make java gui applications work :(
startupHook = ewmhDesktopsStartup >> setWMName "LG3D"
, manageHook =
mconcat
[ namedScratchpadManageHook scratchpads
, isDialog --> doFloat
, isFullscreen --> doFullFloat
, className =? "steam_proton" --> doFloat
, manageHook def
]
}
`EZ.additionalKeysP` [ ("M-S-z", spawn "xscreensaver-command -lock")
, ("M-S-r", compileRestart True)
, ("M-S-q", restart "xmonad" True)
, ("M-C-s", unGrab *> spawn "scrot -s")
, ("M-S-s", sendMessage Docks.ToggleStruts)
, ("M-f", sendMessage (Toggle "Full"))
, ("M-p", spawn appLauncher)
, ("M-i", spawn passLauncher)
, ("M-w", kill)
, ("M-l", WS.toggleWS)
, ("M-g", WS.prevWS)
, ("M-C-g", WS.swapPrevScreen)
, ("M-S-g", WS.shiftPrevScreen)
, ("M-r", WS.nextWS)
, ("M-C-r", WS.swapNextScreen)
, ("M-S-r", WS.shiftNextScreen)
, -- scratchpads
("M-s M-t", namedScratchpadAction scratchpads "shell")
, ("M-s M-s", namedScratchpadAction scratchpads "notes")
, -- backlight control
("<XF86MonBrightnessDown>", spawn "xbacklight -dec 5")
, ("<XF86MonBrightnessUp>", spawn "xbacklight -inc 5")
, ("<F5>", spawn "xbacklight -dec 5")
, ("<F6>", spawn "xbacklight -inc 5")
, -- transparency
("S-<XF86MonBrightnessDown>", spawn "picom-trans -c -5")
, ("S-<XF86MonBrightnessUp>", spawn "picom-trans -c +5")
, ("M-S-d", spawn "picom-trans -c +5")
, ("M-S-b", spawn "picom-trans -c -5")
, -- volume control
("<XF86AudioMute>", changeVolume ToggleVolume)
, ("<XF86AudioLowerVolume>", changeVolume $ LowerVolume 5)
, ("<XF86AudioRaiseVolume>", changeVolume $ RaiseVolume 5)
, ("M-d", changeVolume $ RaiseVolume 5)
, ("M-b", changeVolume $ LowerVolume 5)
, ("M-a", sendMessage Balance)
, ("M-S-a", sendMessage Equalize)
, ("M-o", sendMessage Rotate)
, ("M-y", withFocused $ windows . W.sink)
]
where
-- navigate using dvorak bindings
nav = navigation2DP def ("c", "h", "t", "n") [("M-", windowGo), ("M-C-", windowSwap), ("M-S-", windowMoveSplit)] True
appLauncher = "rofi -show combi -modes combi -combi-modes window,drun,run,ssh"
passLauncher = "rofi-pass"
-- myManageHook :: ManageHook
-- myManageHook = composeAll
-- [ className =? "Gimp" --> doFloat
-- , isDialog --> doFloat
-- ]

19
home/alex/programs/xmonad/default.nix
View file

@ -1,19 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.xsession.windowManager.xmonad = {
enable = true;
enableContribAndExtras = true;
config = ./config.hs;
};
# control backlight
config.home.packages = [
pkgs.xorg.xbacklight
pkgs.scrot
];
}

8
home/alex/programs/zathura/default.nix
View file

@ -1,8 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.programs.zathura = {
enable = true;
extraConfig = builtins.readFile ./gruvbox-dark.zathurarc;
};
}

40
home/alex/programs/zathura/gruvbox-dark.zathurarc
View file

@ -1,40 +0,0 @@
set notification-error-bg "#282828" # bg
set notification-error-fg "#fb4934" # bright:red
set notification-warning-bg "#282828" # bg
set notification-warning-fg "#fabd2f" # bright:yellow
set notification-bg "#282828" # bg
set notification-fg "#b8bb26" # bright:green
set completion-bg "#504945" # bg2
set completion-fg "#ebdbb2" # fg
set completion-group-bg "#3c3836" # bg1
set completion-group-fg "#928374" # gray
set completion-highlight-bg "#83a598" # bright:blue
set completion-highlight-fg "#504945" # bg2
# Define the color in index mode
set index-bg "#504945" # bg2
set index-fg "#ebdbb2" # fg
set index-active-bg "#83a598" # bright:blue
set index-active-fg "#504945" # bg2
set inputbar-bg "#282828" # bg
set inputbar-fg "#ebdbb2" # fg
set statusbar-bg "#504945" # bg2
set statusbar-fg "#ebdbb2" # fg
set highlight-color "#fabd2f" # bright:yellow
set highlight-active-color "#fe8019" # bright:orange
set default-bg "#282828" # bg
set default-fg "#ebdbb2" # fg
set render-loading true
set render-loading-bg "#282828" # bg
set render-loading-fg "#ebdbb2" # fg
# Recolor book content's color
set recolor-lightcolor "#282828" # bg
set recolor-darkcolor "#ebdbb2" # fg
set recolor "true"
# set recolor-keephue true # keep original color

5
home/alex/services/blueman-applet/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.blueman-applet = { enable = true; };
}

30
home/alex/services/dunst/default.nix
View file

@ -1,30 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.services.dunst = {
enable = true;
iconTheme = {
name = "Adwaita";
package = pkgs.adwaita-icon-theme;
size = "16x16";
};
settings = {
global = {
monitor = 0;
geometry = "600x50-50+65";
shrink = "yes";
transparency = 10;
padding = 16;
horizontal_padding = 16;
font = "JetBrainsMono Nerd Font 10";
line_height = 4;
format = "<b>%s</b>\\n%b";
};
};
};
}

15
home/alex/services/git-sync/default.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
let cfg = config.my.git-sync;
in {
options.my.git-sync = { enable = lib.mkEnableOption "git-sync"; };
config.services.git-sync = lib.mkIf cfg.enable {
enable = true;
repositories = {
"org" = {
path = "${config.home.homeDirectory}/org";
uri = "git+ssh://git@git.failco.de:jakalx/org.git";
};
};
};
}

5
home/alex/services/network-manager/default.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.network-manager-applet = { enable = true; };
}

15
home/alex/services/picom/default.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.picom = {
enable = true;
activeOpacity = 1.0;
inactiveOpacity = 0.8;
backend = "glx";
fade = true;
fadeDelta = 5;
opacityRules = [ "100:name *= 'i3lock'" ];
shadow = true;
shadowOpacity = 0.75;
};
}

235
home/alex/services/polybar/config.ini
View file

@ -1,235 +0,0 @@
;==========================================================
;
;
; ██████╗ ██████╗ ██╗ ██╗ ██╗██████╗ █████╗ ██████╗
; ██╔══██╗██╔═══██╗██║ ╚██╗ ██╔╝██╔══██╗██╔══██╗██╔══██╗
; ██████╔╝██║ ██║██║ ╚████╔╝ ██████╔╝███████║██████╔╝
; ██╔═══╝ ██║ ██║██║ ╚██╔╝ ██╔══██╗██╔══██║██╔══██╗
; ██║ ╚██████╔╝███████╗██║ ██████╔╝██║ ██║██║ ██║
; ╚═╝ ╚═════╝ ╚══════╝╚═╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝
;
;
; To learn more about how to configure Polybar
; go to https://github.com/polybar/polybar
;
; The README contains a lot of information
;
;==========================================================
[colors]
background = #282A2E
background-alt = #373B41
foreground = #C5C8C6
primary = #F0C674
secondary = #8ABEB7
alert = #A54242
disabled = #707880
[bar/main]
width = 100%
height = 24pt
radius = 6
; dpi = 96
background = ${colors.background}
foreground = ${colors.foreground}
line-size = 3pt
border-size = 4pt
border-color = #00000000
padding-left = 0
padding-right = 1
module-margin = 1
separator = |
separator-foreground = ${colors.disabled}
font-0 = monospace;2
modules-left = xworkspaces xwindow
modules-center = systray
modules-right = filesystem pulseaudio xkeyboard memory cpu battery wlan eth backlight date
cursor-click = pointer
cursor-scroll = ns-resize
enable-ipc = true
tray-position = center
; wm-restack = generic
; wm-restack = bspwm
; wm-restack = i3
; override-redirect = true
[module/systray]
type = internal/tray
format-margin = 8pt
tray-spacing = 16pt
[module/battery]
type = internal/battery
; This is useful in case the battery never reports 100% charge
; Default: 100
full-at = 99
; format-low once this charge percentage is reached
; Default: 10
; New in version 3.6.0
low-at = 10
; Use the following command to list batteries and adapters:
; $ ls -1 /sys/class/power_supply/
battery = BAT0
adapter = ADP0
; If an inotify event haven't been reported in this many
; seconds, manually poll for new values.
;
; Needed as a fallback for systems that don't report events
; on sysfs/procfs.
;
; Disable polling by setting the interval to 0.
;
; Default: 5
poll-interval = 5
[module/backlight]
type = internal/xbacklight
; XRandR output to get get values from
; Default: the monitor defined for the running bar
;output = DP-4
; Create scroll handlers used to set the backlight value
; Default: true
enable-scroll = true
; Available tags:
; <label> (default)
; <ramp>
; <bar>
format = <ramp>
; Available tokens:
; %percentage% (default)
label = %percentage%%
; Only applies if <ramp> is used
ramp-0 = 🌕
ramp-1 = 🌔
ramp-2 = 🌓
ramp-3 = 🌒
ramp-4 = 🌑
[module/xworkspaces]
type = internal/xworkspaces
label-active = %name%
label-active-background = ${colors.background-alt}
label-active-underline= ${colors.primary}
label-active-padding = 1
label-occupied = %name%
label-occupied-padding = 1
label-urgent = %name%
label-urgent-background = ${colors.alert}
label-urgent-padding = 1
label-empty = %name%
label-empty-foreground = ${colors.disabled}
label-empty-padding = 1
[module/xwindow]
type = internal/xwindow
label = %title:0:60:...%
[module/filesystem]
type = internal/fs
interval = 25
mount-0 = /
label-mounted = %{F#F0C674}%mountpoint%%{F-} %percentage_used%%
label-unmounted = %mountpoint% not mounted
label-unmounted-foreground = ${colors.disabled}
[module/pulseaudio]
type = internal/pulseaudio
format-volume-prefix = "VOL "
format-volume-prefix-foreground = ${colors.primary}
format-volume = <label-volume>
label-volume = %percentage%%
label-muted = muted
label-muted-foreground = ${colors.disabled}
[module/xkeyboard]
type = internal/xkeyboard
blacklist-0 = num lock
label-layout = %layout%
label-layout-foreground = ${colors.primary}
label-indicator-padding = 2
label-indicator-margin = 1
label-indicator-foreground = ${colors.background}
label-indicator-background = ${colors.secondary}
[module/memory]
type = internal/memory
interval = 2
format-prefix = "RAM "
format-prefix-foreground = ${colors.primary}
label = %percentage_used:2%%
[module/cpu]
type = internal/cpu
interval = 2
format-prefix = "CPU "
format-prefix-foreground = ${colors.primary}
label = %percentage:2%%
[network-base]
type = internal/network
interval = 5
format-connected = <label-connected>
format-disconnected = <label-disconnected>
label-disconnected = %{F#F0C674}%ifname%%{F#707880} disconnected
[module/wlan]
inherit = network-base
interface-type = wireless
label-connected = %{F#F0C674}%ifname%%{F-} %essid% %local_ip%
[module/eth]
inherit = network-base
interface-type = wired
label-connected = %{F#F0C674}%ifname%%{F-} %local_ip%
[module/date]
type = internal/date
interval = 1
date = %H:%M
date-alt = %Y-%m-%d %H:%M:%S
label = %date%
label-foreground = ${colors.primary}
[settings]
screenchange-reload = true
pseudo-transparency = true
; vim:ft=dosini

19
home/alex/services/polybar/default.nix
View file

@ -1,19 +0,0 @@
{ config, lib, pkgs, ... }:
let
mypolybar = pkgs.polybar.override {
alsaSupport = true;
mpdSupport = true;
pulseSupport = true;
};
in {
config.home.packages = with pkgs; [ font-awesome material-design-icons ];
config.services.polybar = {
enable = true;
package = mypolybar;
config = ./config.ini;
script = ''
polybar & disown
'';
};
}

15
home/alex/services/screen-locker/default.nix
View file

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config.services.screen-locker = {
enable = false;
inactiveInterval = 30;
lockCmd = "${pkgs.i3lock}/bin/i3lock -n -c 000000";
xautolock.extraOptions = [ "-detectsleep" ];
};
}

11
home/alex/services/syncthing/default.nix
View file

@ -1,11 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.syncthing = {
enable = true;
tray = {
enable = true;
command = "syncthingtray --wait";
};
};
}

8
home/alex/services/udiskie/default.nix
View file

@ -1,8 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services.udiskie = {
enable = true;
tray = "always";
};
}

14
home/anne/default.nix
View file

@ -1,14 +0,0 @@
{ config, lib, pkgs, ... }:
let username = "anne";
in {
users.users.${username} = {
isNormalUser = true;
extraGroups = [ "input" ];
description = "Anne Kobjolke";
home = "/home/${username}";
hashedPassword =
"$6$Lq3kAyI7Oh3uvf9T$lxE1V9adw1lqjRT0tvCdj17zUz.nJkqkMSA8Y6ipuBIHoZqJKJcQPLby/BWdDvzcmCbyEOtA7grToclNnbV49/";
};
home-manager.users.${username} = import ./home.nix;
}

26
home/anne/home.nix
View file

@ -1,26 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
home = {
language.base = "de_DE.UTF-8";
stateVersion = "23.05";
packages = with pkgs; [
firefox
alacritty
gnome-session
gnome-control-center
];
keyboard.layout = "de";
keyboard.variant = "nodeadkeys";
};
xsession = {
enable = true;
windowManager.command = "${pkgs.gnome-session}/bin/gnome-session";
};
}

160
home/cli.nix Normal file
View file

@ -0,0 +1,160 @@
{ config, pkgs, ... }:
# minimal config, suitable for servers
let
myUser = "alex";
myName = "Alexander Kobjolke";
myMail = "me@failco.de";
in {
imports = [
# shell config
#./modules/shell
];
programs.home-manager.enable = true;
home = {
username = myUser;
homeDirectory = "/home/${myUser}";
stateVersion = "21.05";
sessionPath = [ "$HOME/.local/bin" "$HOME/.emacs.d/bin" ];
};
home.packages = with pkgs; [
# archives
#p7zip
#unrar
# nix tools
nix-index
nixfmt
# misc
fd # better find
file # info about files
unzip
dropbox
gotop
gnumake
ripgrep # better grep
pijul
sqlite.dev
sqlite
# pass
pandoc
hledger
hledger-web
hledger-iadd
hledger-ui
#smos
#haskellPackages.patat # terminal based presentations using pandoc
nix-prefetch-git
];
home.extraOutputsToInstall = [ "doc" "info" "devdoc" ];
xdg.enable = true;
# xdg.configFile = {
# "emacs".source = ./emacs.d;
# };
xdg.configFile.tmux = {
target = "tmux/tmux.conf";
text = ''
set -g default-terminal "tmux-256color"
set -g prefix C-z
# do not wait for a manually entered escape sequence, just forward it immediately
set -g escape-time 0
bind-key C-z send-prefix
set -g renumber-windows on
'';
};
xdg.configFile.pijul = {
target = "pijul/config.toml";
text = ''
[author]
name = "${myUser}"
full_name = "${myName}"
email = "${myMail}"
'';
};
programs = {
zsh = {
enable = true;
enableAutosuggestions = true;
# enableSyntaxHighlighting = true;
shellAliases = { e = "emacsclient -c $@"; };
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
theme = "simple";
};
};
# better cat
bat.enable = true;
direnv = {
enable = true;
nix-direnv = { enable = true; };
enableZshIntegration = true;
enableBashIntegration = true;
};
emacs = {
enable = true;
package = pkgs.emacsGit;
extraPackages = epkgs: with epkgs; [ vterm ];
#package = pkgs.emacsUnstable;
};
gh = {
enable = true;
settings.git_protocol = "ssh";
};
git = {
enable = true;
ignores = [ "*~" "*.swp" "result" "dist-newstyle" ];
userEmail = myMail;
userName = myName;
aliases = { st = "status"; };
extraConfig = { init.defaultBranch = "main"; };
};
gpg = {
enable = true;
settings = { homedir = "~/.local/share/gnupg"; };
};
helix = {
enable = true;
settings.theme = "gruvbox";
};
password-store = {
enable = true;
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
settings = { PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; };
};
ssh.enable = true;
neovim = import ./modules/nvim.nix pkgs;
texlive.enable = true;
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
defaultCacheTtl = 300;
defaultCacheTtlSsh = 300;
};
services.emacs = { enable = true; };
home.file.".local" = {
recursive = true;
source = ./local;
};
}

1
home/emacs.d Submodule

@ -0,0 +1 @@
Subproject commit bf8495b4122701fb30cb6cea37281dc8f3bedcd0

0
home/alex/local/bin/kill-old-mosh → home/local/bin/kill-old-mosh
View file

0
home/alex/local/bin/merge-pdf → home/local/bin/merge-pdf
View file

152
hosts/dregil/configuration.nix
View file

@ -2,13 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
inputs,
config,
pkgs,
lib,
...
}:
{ inputs, config, pkgs, lib, ... }:
let
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1
@ -19,20 +13,16 @@ let
'';
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# <nixos-hardware/lenovo/legion/15ich>
../../modules/appimage.nix
../../modules/sudo.nix
../../modules/wm/x.nix
../../modules/wm/xmonad/default.nix
];
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# <nixos-hardware/lenovo/legion/15ich>
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.timeout = 5;
# do not protect the kernel image to allow hibernation
security.protectKernelImage = lib.mkForce false;
@ -40,68 +30,94 @@ in
networking.hostName = "dregil"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.extraHosts = ''
127.0.0.1 localhost dregil.localdomain dregil
'';
i18n = {
extraLocaleSettings = {
TIME_STYLE = "iso";
};
extraLocales = "all";
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
console = {
font = "Lat2-Terminus16";
keyMap = "dvorak";
useXkbConfig = true; # use xkbOptions in tty.
};
# Enable the X11 windowing system.
services.xserver = {
enable = true;
exportConfiguration = true;
# Configure keymap in X11
layout = "dvorak";
xkbOptions = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt";
videoDrivers = [ "nvidia" ]; # "modesetting" ];
displayManager.lightdm = {
enable = true;
};
desktopManager.xfce.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
libinput = {
enable = true;
touchpad.disableWhileTyping = true;
touchpad.naturalScrolling = true;
mouse.naturalScrolling = config.services.xserver.libinput.touchpad.naturalScrolling;
};
};
fonts = {
enableDefaultPackages = true;
packages =
with pkgs;
[
enableDefaultFonts = true;
fonts = with pkgs; [
corefonts
noto-fonts
noto-fonts-emoji
fira-code
fira-code-symbols
]
++ builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
nerdfonts
];
};
# Enable CUPS to print documents.
# services.printing.enable = true;
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
# Enable sound.
sound.enable = true;
hardware.pulseaudio.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.alex = {
isNormalUser = true;
extraGroups = [ "wheel" # Enable sudo for the user.
"input"
];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget
ripgrep
git
nvidia-offload
pinentry
wget
ripgrep
git
nvidia-offload
pinentry
];
# adjust channels to nixpkgs used on this system via this flake
environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs.outPath;
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs-unstable.outPath;
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs-unstable}"
];
nix.settings.max-jobs = 3;
nix.settings.cores = 4;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.neovim = {
enable = true;
@ -111,30 +127,24 @@ in
enable = true;
};
programs.zsh = {
enable = true;
};
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.blueman.enable = true;
# Open ports in the firewall
# 22000, 21027 syncthing discovery and connectivity
networking.firewall.allowedTCPPorts = [
5223
22000
];
networking.firewall.allowedUDPPorts = [
21027
22000
];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
system.nixos.tags = [ "HiDPI" "nvidia-only" ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
@ -142,4 +152,6 @@ in
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

44
hosts/dregil/default.nix
View file

@ -1,32 +1,22 @@
{
inputs,
stable,
system,
...
}:
{
imports = [
(
{ inputs, lib, ... }:
{
nixpkgs = {
config.allowUnfree = true;
};
home-manager.extraSpecialArgs = { inherit stable; };
}
)
{ inputs, ... }:
let
inherit (inputs.nixpkgs-unstable.lib) nixosSystem;
system = "x86_64-linux";
pkgs = import inputs.nixpkgs-unstable {
inherit system;
config = {
allowUnfree = true;
};
};
in
nixosSystem {
inherit system pkgs;
specialArgs = { inherit inputs; };
modules = [
../../modules/security.nix
../../modules/common-system.nix
./configuration.nix
inputs.home-manager.nixosModules.home-manager
inputs.distro-grub-themes.nixosModules.${system}.default
../../home/anne/default.nix
../../home/alex/default.nix
../../modules/grub-themes
../../modules/hyprland
../../modules/podman
../../modules/tailscale
../../modules/flatpak.nix
../../modules/nh.nix
];
}

131
hosts/dregil/hardware-configuration.nix
View file

@ -1,34 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [
"dm-snapshot"
"uas"
"usbcore"
"usb_storage"
"vfat"
"nls_cp437"
"nls_iso8859_1"
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
boot.initrd.luks.devices = {
root = {
device = "/dev/disk/by-uuid/bebf96d1-2a2b-412c-a5f0-f9ed5730a05f";
@ -39,46 +20,37 @@
keyFileSize = 4096;
};
};
boot.kernelModules = [
"kvm-intel"
"nvidia"
];
boot.kernelModules = [ "kvm-intel" "nvidia" ];
boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ];
boot.kernelParams = [ "module_blacklist=i915" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [
"subvol=root"
"compress=zstd"
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/786D-42D7";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95";
}
];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [
"subvol=home"
"compress=zstd"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [
"subvol=nix"
"compress=zstd"
"noatime"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/786D-42D7";
fsType = "vfat";
};
swapDevices = [ { device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -92,28 +64,29 @@
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.nvidia = {
nvidiaSettings = true;
nvidiaPersistenced = true;
open = true;
hardware.video.hidpi.enable = true;
# modesetting.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
# prime = {
# offload.enable = true;
#
# intelBusId = "PCI:1:0:0";
# nvidiaBusId = "PCI:1:0:0";
# intelBusId = "0@0:2:0";
# nvidiaBusId = "1@1:0:0";
# };
hardware.nvidia = {
nvidiaSettings = true;
nvidiaPersistenced = true;
# modesetting.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
# prime = {
# offload.enable = true;
#
# intelBusId = "PCI:1:0:0";
# nvidiaBusId = "PCI:1:0:0";
# intelBusId = "0@0:2:0";
# nvidiaBusId = "1@1:0:0";
# };
};
hardware.graphics = {
hardware.opengl = {
enable = true;
enable32Bit = true;
driSupport = true;
driSupport32Bit = true;
};
hardware.keyboard.uhk.enable = true;
hardware.bluetooth.enable = true;
}

147
hosts/igor/default.nix
View file

@ -1,147 +0,0 @@
{
inputs,
pkgs,
config,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
./syncthing.nix
../../modules/security.nix
../../modules/nix-config.nix
../../modules/timezone.nix
../../modules/keybase.nix
../../modules/ssh.nix
../../modules/tailscale
../../modules/vsftpd
../../modules/mosh.nix
];
config.boot.loader.grub.enable = true;
config.boot.loader.grub.efiSupport = true;
config.boot.loader.grub.efiInstallAsRemovable = true;
#config.boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
config.boot.loader.grub.device = "/dev/disk/by-id/ata-HGST_HTS725050A7E630_TF655AY92SM3XL"; # or "nodev" for efi only
config.security.sudo.wheelNeedsPassword = false;
config.networking = {
hostName = "igor";
domain = "failco.de";
wireless = {
enable = true;
userControlled.enable = true;
allowAuxiliaryImperativeNetworks = true;
secretsFile = "/etc/wireless.conf";
networks = {
Prapsschnalinen.pskRaw = "ext:home";
};
};
useDHCP = true;
enableIPv6 = true;
networkmanager.enable = false;
firewall.enable = true;
firewall.allowedTCPPorts = [
config.services.mysql.settings.mysqld.port
];
};
config.security.sudo = {
enable = true;
execWheelOnly = true;
};
# Select internationalization properties.
config.i18n.defaultLocale = "en_US.UTF-8";
config.console = {
font = "Lat2-Terminus16";
keyMap = "dvorak";
};
# Set your time zone.
config.time.timeZone = "Europe/Berlin";
# Enable the X11 windowing system.
config.services.xserver.enable = true;
config.services.logind.lidSwitch = "lock";
# Enable the GNOME Desktop Environment.
config.services.xserver.displayManager.gdm.enable = true;
config.services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
config.services.xserver.xkb.layout = "us";
config.services.xserver.xkb.variant = "dvorak";
config.services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
config.services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
config.services.pipewire = {
enable = true;
pulse.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
config.services.libinput.enable = true;
config.services.mysql = {
enable = true;
package = pkgs.mariadb;
};
config.programs.firefox.enable = true;
config.programs.git.enable = true;
config.programs.nm-applet.enable = true;
# Define a user account. Don't forget to set a password with passwd.
config.users.users.alex = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.zsh;
packages = [ pkgs.devenv ];
};
config.environment.systemPackages = with pkgs; [
alacritty
dolphin
waybar
hyprpaper
wofi
tmux
lftp
];
config.programs.direnv = {
enable = true;
silent = true;
};
config.programs.hyprland = {
enable = true;
withUWSM = true;
};
config.programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
config.programs.zsh.enable = true;
config.system.stateVersion = "24.11";
}

67
hosts/igor/disko-config.nix
View file

@ -1,67 +0,0 @@
{
disko.devices = {
disk.main = {
type = "disk";
device = "/dev/sdb";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
ESP = {
priority = 1;
name = "ESP";
start = "1M";
end = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/rootfs" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"/home" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [
"compress=zstd"
"noatime"
];
mountpoint = "/nix";
};
"/swap" = {
mountpoint = "/.swapvol";
swap = {
swapfile.size = "2G";
};
};
};
};
};
};
};
};
};
}

72
hosts/igor/hardware-configuration.nix
View file

@ -1,72 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# fileSystems."/" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=rootfs" ];
# };
#
# fileSystems."/.swapvol" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=swap" ];
# };
#
# fileSystems."/boot" =
# { device = "/dev/disk/by-uuid/2EDA-47FD";
# fsType = "vfat";
# options = [ "fmask=0022" "dmask=0022" ];
# };
#
# fileSystems."/home" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=home" ];
# };
#
# fileSystems."/nix" =
# { device = "/dev/disk/by-uuid/e7720a57-f96a-4f37-a2ad-43527868418c";
# fsType = "btrfs";
# options = [ "subvol=nix" ];
# };
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wwp0s20u4i6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

29
hosts/igor/syncthing.nix
View file

@ -1,29 +0,0 @@
{ config, lib, ... }:
{
config.services.syncthing = {
enable = true;
user = "vsftpd";
group = "vsftpd";
dataDir = "/var/lib/vsftpd";
settings.devices = {
thrall = {
id = "P52YQU2-7LCEOVV-DSGTAZG-AJ2DSJD-JPHSUJE-HC2KAGO-YR4SXQD-V6OQ7QF";
addresses = [ "tcp://195.90.211.228:22000" ];
};
};
settings.folders = {
paperless = {
path = "${config.services.vsftpd.localRoot}/scan";
devices = [ "thrall" ];
versioning = {
type = "trashcan";
params.cleanoutDays = "90";
};
};
};
};
}

11
hosts/redmi/default.nix
View file

@ -4,14 +4,12 @@
# Simply install just the packages
environment.packages = with pkgs; [
# User-facing stuff that you really really want to have
neovim
vim # or some other editor, e.g. nano or neovim
git
git-annex
mosh
openssh
wget
tmux
# Some common stuff that people expect to have
#diffutils
@ -29,18 +27,13 @@
#xz
#zip
#unzip
inetutils
];
# Backup etc files instead of failing to activate generation if a file already exists in /etc
environment.etcBackupExtension = ".bak";
environment.sessionVariables = {
EDITOR = "${pkgs.neovim}/bin/nvim";
};
# Read the changelog before changing this value
system.stateVersion = "24.05";
system.stateVersion = "22.11";
# Set up nix for flakes
nix.extraOptions = ''

7
hosts/thrall/alex.nix
View file

@ -1,7 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [ ../../home/alex/cli.nix ../../home/alex/services/git-sync ];
config.my.git-sync.enable = true;
}

413
hosts/thrall/default.nix
View file

@ -2,39 +2,28 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
inputs,
lib,
config,
pkgs,
...
}:
let
authorityFromUrl = url: builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url));
in
{
disabledModules = [ "services/web-apps/hledger-web.nix" ];
imports = [
{ config, pkgs, ... }:
let extIface = "ens3";
in {
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
inputs.snm.nixosModule
inputs.agenix.nixosModules.age
../../modules/security.nix
../../modules/sudo.nix
../../modules/upgrade-pg-cluster.nix
../../modules/nix-config.nix
../../modules/iohk.nix
../../modules/timezone.nix
../../modules/keybase.nix
../../modules/ssh.nix
../../modules/hledger-web.nix
../../modules/tailscale
../../modules/mosh.nix
../../modules/nh.nix
];
nix.package = pkgs.nixUnstable;
nix.extraOptions = ''
experimental-features = nix-command flakes ca-derivations
'';
# nix.registry.nixpkgs.flake = nixpkgs;
# Binary Cache for Haskell.nix
nix.settings.trusted-public-keys =
[ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
#nix.binaryCaches = [ "https://hydra.iohk.io" ];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
@ -42,6 +31,9 @@ in
boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
# boot.loader.systemd-boot.enable = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
age.secrets = {
mailPass.file = ../../secrets/mailPass.age;
paperless-mail.file = ../../secrets/paperless-mail.age;
@ -49,98 +41,85 @@ in
hledger-web = {
file = ../../secrets/hledger-web.htaccess.age;
mode = "440";
owner = config.services.nginx.user;
group = config.services.nginx.group;
owner = "nginx";
group = "nginx";
};
};
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking =
let
extIface = "ens3";
in
{
hostName = "thrall";
domain = "failco.de";
wireless.enable = false;
useDHCP = false;
enableIPv6 = false;
interfaces.${extIface} = {
ipv4.addresses = [
networking = {
hostName = "thrall";
domain = "failco.de";
wireless.enable = false;
useDHCP = false;
enableIPv6 = false;
interfaces.${extIface}.ipv4.addresses = [{
address = "195.90.211.228";
prefixLength = 22;
}];
defaultGateway = "195.90.208.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
allowedTCPPorts = [ 22 53 80 443 5000 ];
allowedUDPPorts = [ 53 42666 ];
};
# wireguard related config
nat.enable = true;
nat.externalInterface = extIface;
nat.internalInterfaces = [ "wg0" ];
wireguard.interfaces = {
wg0 = {
ips = [ "10.0.0.1/24" ];
listenPort = 42666;
postSetup = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
privateKeyFile = config.age.secrets.wireguard-thrall.path;
peers = [
{
address = "195.90.211.228";
prefixLength = 22;
# my phone
publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
allowedIPs = [ "10.0.0.2/32" ];
}
{
# my tablet
publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k=";
allowedIPs = [ "10.0.0.3/32" ];
}
];
};
defaultGateway = "195.90.208.1";
nameservers = [
"8.8.8.8"
"8.8.4.4"
];
firewall = {
allowedTCPPorts = [
22
53
80
443
5000
40005 # syncthing
];
allowedUDPPorts = [
53
];
};
# wireguard related config
nat.enable = true;
nat.externalInterface = extIface;
nat.internalInterfaces = [ "wg0" ];
wireguard.interfaces = {
wg0 = {
ips = [ "10.0.0.1/24" ];
listenPort = 42666;
postSetup = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE
'';
privateKeyFile = config.age.secrets.wireguard-thrall.path;
peers = [
{
# my phone
publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk=";
allowedIPs = [ "10.0.0.2/32" ];
}
{
# my tablet
publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k=";
allowedIPs = [ "10.0.0.3/32" ];
}
{
# homematic
publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4=";
allowedIPs = [ "10.0.0.4/32" ];
}
];
};
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "alex@jakalx.net";
};
# Select internationalization properties.
security.sudo = {
enable = true;
execWheelOnly = true;
extraRules = [{
groups = [ "wheel" ];
commands = [{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}];
}];
};
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
@ -149,7 +128,6 @@ in
# Define a user account. Don't forget to set a password with passwd.
users.users.alex = {
description = "Alexander Kobjolke";
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.zsh;
@ -163,16 +141,21 @@ in
htop
tmux
git
git-annex
#agenix.defaultPackage.x86_64-linux
restic # fast and secure backup
rclone
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.mosh.enable = true;
programs.neovim = {
enable = true;
defaultEditor = true;
@ -185,19 +168,20 @@ in
# List services that you want to enable:
# depending on wireguard
services.kresd = {
enable = true;
listenPlain = [
"[::1]:53"
"127.0.0.1:53"
"10.0.0.1:53"
];
listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ];
};
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.lorri.enable = true;
# configure backup via restic to gdrive
services.restic.backups = { };
services.keybase = { enable = true; };
services.nginx = {
enable = true;
@ -219,16 +203,6 @@ in
extraConfig = ''
add_header X-Frame-Options 'SAMEORIGIN';
'';
locations."/photo-groove" = {
proxyPass = "http://127.0.0.1:8000/";
proxyWebsockets = true;
};
locations."/elfeed" = {
proxyPass = "http://127.0.0.1:8080/elfeed";
proxyWebsockets = true;
};
};
"www.jakalx.net" = {
@ -241,80 +215,56 @@ in
'';
};
"kobjolke.de" = {
forceSSL = true;
enableACME = true;
root = "/srv/www/kobjolke.de";
serverAliases = [ "www.kobjolke.de" ];
extraConfig = ''
add_header X-Frame-Options 'SAMEORIGIN';
'';
};
# forgejo - git web frontend
"${config.services.forgejo.settings.server.DOMAIN}" = {
# gitea
"git.failco.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}/";
proxyPass = "http://127.0.0.1:3001/";
proxyWebsockets = true;
};
};
# paperless
"${authorityFromUrl config.services.paperless.settings.PAPERLESS_URL}" = {
"docs.failco.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}/";
proxyPass = "http://127.0.0.1:3002/";
proxyWebsockets = true;
};
};
# hledger
"${authorityFromUrl config.services.hledger-web.baseUrl}" = {
"ledger.failco.de" = {
forceSSL = true;
enableACME = true;
basicAuthFile = config.age.secrets.hledger-web.path;
locations."/" = {
proxyPass = "http://${config.services.hledger-web.host}:${toString config.services.hledger-web.port}/";
proxyPass = "http://127.0.0.1:3003/";
proxyWebsockets = true;
};
};
};
users.users.git = {
home = config.services.forgejo.stateDir;
useDefaultShell = true;
group = config.services.forgejo.group;
isSystemUser = true;
};
services.forgejo = {
services.gitea = {
enable = true;
user = "git";
database.type = "sqlite3";
lfs.enable = true;
domain = "git.failco.de";
rootUrl = "https://git.failco.de";
httpAddress = "127.0.0.1";
httpPort = 3001;
settings = {
service.DISABLE_REGISTRATION = true;
server = {
DOMAIN = "git.failco.de";
ROOT_URL = "https://git.failco.de";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3001;
};
mailer = {
ENABLED = true;
PROTOCOL = "smtp";
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
FROM = "noreply@failco.de";
};
other = {
SHOW_FOOTER_VERSION = false;
MAILER_TYPE = "smtp";
FROM = "git@failco.de";
HOST = "thrall.failco.de:25";
IS_TLS_ENABLED = false;
};
};
};
@ -324,125 +274,63 @@ in
address = "127.0.0.1";
port = 3002;
consumptionDirIsPublic = true;
configureTika = true;
settings = {
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_OCR_USER_ARGS = ''{"invalidate_digital_signatures": true}'';
PAPERLESS_URL = "https://docs.failco.de";
PAPERLESS_CONSUMER_RECURSIVE = true;
PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true;
# workaround for classification getting stuck, see
# https://github.com/NixOS/nixpkgs/issues/240591#issuecomment-1915678490
OMP_NUM_THREADS = 1;
};
};
services.hledger-web = {
enable = true;
baseUrl = "https://ledger.failco.de";
port = 3003;
capabilities = {
view = true;
add = true;
manage = true;
};
journalFiles = [ "current.journal" ];
extraOptions = [
"-B"
"--value=then"
];
};
services.fail2ban = {
enable = true;
maxretry = 5;
bantime = "1h";
bantime-increment.enable = true;
ignoreIP = [
"127.0.0.0/8"
"195.90.211.228"
"10.0.0.0/8"
"192.168.0.0/16"
];
jails.postfix = ''
filter = postfix
maxretry = 3
action = iptables[name=postfix, port=smtp, protocol=tcp]
enabled = true
'';
ignoreIP =
[ "127.0.0.0/8" "195.90.211.228/22" "10.0.0.0/8" "192.168.0.0/16" ];
};
services.syncthing = {
enable = true;
user = "alex";
dataDir = "/home/alex/sync";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
settings = {
folders = {
"org" = {
path = "/home/alex/org";
devices = [ "redmi" ];
};
"paperless" = {
path = "${config.services.paperless.consumptionDir}";
devices = [
"redmi"
"dregil"
"igor"
];
};
overrideDevices =
true; # overrides any devices added or deleted through the WebUI
overrideFolders =
true; # overrides any folders added or deleted through the WebUI
folders = {
"org" = {
path = "/home/alex/org";
devices = [ "redmi" ];
};
devices = {
redmi = {
id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
};
dregil = {
id = "SMVQO7Q-EB2V7PC-B4LP5IN-SM2UUE4-FUI2RI4-LARFW3S-LXHPAT5-FLNY7QH";
};
igor = {
id = "NHSYYF6-I5GWMTI-2SQ6PIA-EU3TYZF-3I7BI3K-QTSRGCT-QVLSFG4-74TL2QW";
};
"scan" = {
path = "/home/alex/media/scan";
devices = [ "redmi" ];
};
};
devices = {
"redmi" = {
id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
};
};
};
mailserver = {
enable = true;
stateVersion = 3;
fqdn = "thrall.failco.de";
domains = [
"failco.de"
"jakalx.net"
"kobjolke.de"
];
domains = [ "failco.de" "jakalx.net" ];
loginAccounts = {
"me@failco.de" = {
# nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt'
hashedPasswordFile = config.age.secrets.mailPass.path;
aliases = [
"lx@failco.de"
"alex@failco.de"
"abuse@failco.de"
"postmaster@failco.de"
"abuse@kobjolke.de"
"postmaster@kobjolke.de"
"abuse@jakalx.net"
"postmaster@jakalx.net"
];
aliases = [ "lx@failco.de" "alex@failco.de" ];
catchAll = [
];
catchAll = [ "failco.de" ];
};
"alex@jakalx.net" = {
hashedPasswordFile = config.age.secrets.mailPass.path;
catchAll = [ "jakalx.net" ];
};
"archive@failco.de" = {
@ -450,45 +338,18 @@ in
};
};
extraVirtualAliases = {
"alex@kobjolke.de" = [ "me@failco.de" ];
};
forwards = {
"familie@kobjolke.de" = [
"alex@kobjolke.de"
"anne@kobjolke.de"
];
"anne@kobjolke.de" = "anne.kobjolke@gmail.com";
"alexander@kobjolke.de" = "alex@kobjolke.de";
"ida@kobjolke.de" = "alex@kobjolke.de";
"klara@kobjolke.de" = "alex@kobjolke.de";
"charlie@kobjolke.de" = "alex@kobjolke.de";
};
certificateScheme = "acme-nginx";
certificateScheme = 3;
enableImapSsl = true;
enableManageSieve = true;
virusScanning = true;
};
services.postgresql = {
package = pkgs.postgresql_15;
};
services.roundcube = {
enable = true;
hostName = "mail.failco.de";
dicts = with pkgs.aspellDicts; [
en
de
];
plugins = [
"archive"
"attachment_reminder"
"managesieve"
"markasjunk"
];
dicts = with pkgs.aspellDicts; [ en de ];
plugins = [ "archive" "attachment_reminder" "managesieve" "markasjunk" ];
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
@ -505,4 +366,6 @@ in
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}

12
modules/appimage.nix
View file

@ -1,12 +0,0 @@
{ config, lib, pkgs, ... }:
{
boot.binfmt.registrations.appimage = {
wrapInterpreterInShell = false;
interpreter = "${pkgs.appimage-run}/bin/appimage-run";
recognitionType = "magic";
offset = 0;
mask = "\\xff\\xff\\xff\\xff\\x00\\x00\\x00\\x00\\xff\\xff\\xff";
magicOrExtension = "\\x7fELF....AI\\x02";
};
}

30
modules/common-system.nix
View file

@ -1,6 +1,5 @@
{ config, pkgs, inputs, ... }: {
imports = [ ./nix-config.nix ];
{config, pkgs, inputs, ...}:
{
i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "Europe/Berlin";
@ -11,7 +10,7 @@
git
dua
erdtree
eza
exa
fd
fzf
bat
@ -21,5 +20,26 @@
networking.firewall.enable = true;
nix = { registry = { nixpkgs.flake = inputs.nixpkgs; }; };
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
registry = {
nixpkgs.flake = inputs.nixpkgs;
nixpkgs-unstable.flake = inputs.nixpkgs-unstable;
};
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" ];
warn-dirty = false;
# avoid unwanted garbage collection when using direnv
keep-outputs = true;
keep-derivations = true;
};
};
}

18
modules/flatpak.nix
View file

@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
services.flatpak.enable = true;
systemd.services.flatpak-repo = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.flatpak ];
script = ''
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
'';
};
}

7
modules/grub-themes/default.nix
View file

@ -1,7 +0,0 @@
{ ... }:
{
config.distro-grub-themes = {
enable = true;
theme = "nixos";
};
}

752
modules/hardening.nix
View file

@ -1,752 +0,0 @@
{ config, lib, pkgs, ... }: {
systemd.services.systemd-rfkill = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.syslog = {
serviceConfig = {
PrivateNetwork = true;
CapabilityBoundingSet =
[ "CAP_DAC_READ_SEARCH" "CAP_SYSLOG" "CAP_NET_BIND_SERVICE" ];
NoNewPrivileges = true;
PrivateDevices = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
PrivateMounts = true;
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
LockPersonality = true;
ProtectKernelTunables = true;
RestrictRealtime = true;
PrivateUsers = true;
PrivateTmp = true;
UMask = "0077";
RestrictNamespace = true;
ProtectProc = "invisible";
ProtectHome = true;
DeviceAllow = false;
ProtectSystem = "full";
};
};
systemd.services.systemd-journald = {
serviceConfig = {
UMask = 77;
PrivateNetwork = true;
ProtectHostname = true;
ProtectKernelModules = true;
};
};
systemd.services.auto-cpufreq = {
serviceConfig = {
CapabilityBoundingSet = "";
ProtectSystem = "full";
ProtectHome = true;
PrivateNetwork = true;
IPAddressDeny = "any";
NoNewPrivileges = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectHostname = false;
MemoryDenyWriteExecute = true;
ProtectClock = true;
RestrictNamespaces = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectProc = true;
ReadOnlyPaths = [ "/" ];
InaccessiblePaths = [ "/home" "/root" "/proc" ];
SystemCallFilter = [ "@system-service" ];
SystemCallArchitectures = "native";
UMask = "0077";
};
};
systemd.services.NetworkManager-dispatcher = {
serviceConfig = {
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectHostname = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateUsers = true;
PrivateDevices = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.display-manager = {
serviceConfig = {
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectKernelLogs = true; # so we won't need all of this
};
};
systemd.services.emergency = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # Might need adjustment for emergency access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."getty@tty1" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."getty@tty7" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET";
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.NetworkManager = {
serviceConfig = {
NoNewPrivileges = true;
ProtectClock = true;
ProtectKernelLogs = true;
ProtectControlGroups = true;
ProtectKernelModules = true;
SystemCallArchitectures = "native";
MemoryDenyWriteExecute = true;
ProtectProc = "invisible";
ProcSubset = "pid";
RestrictNamespaces = true;
ProtectKernelTunables = true;
ProtectHome = true;
PrivateTmp = true;
UMask = "0077";
};
};
systemd.services."nixos-rebuild-switch-to-configuration" = {
serviceConfig = {
ProtectHome = true;
NoNewPrivileges = true; # Prevent gaining new privileges
};
};
systemd.services."dbus" = {
serviceConfig = {
PrivateTmp = true;
PrivateNetwork = true;
ProtectSystem = "full";
ProtectHome = true;
SystemCallFilter =
"~@clock @cpu-emulation @module @mount @obsolete @raw-io @reboot @swap";
ProtectKernelTunables = true;
NoNewPrivileges = true;
CapabilityBoundingSet = [
"~CAP_SYS_TIME"
"~CAP_SYS_PACCT"
"~CAP_KILL"
"~CAP_WAKE_ALARM"
"~CAP_SYS_BOOT"
"~CAP_SYS_CHROOT"
"~CAP_LEASE"
"~CAP_MKNOD"
"~CAP_NET_ADMIN"
"~CAP_SYS_ADMIN"
"~CAP_SYSLOG"
"~CAP_NET_BIND_SERVICE"
"~CAP_NET_BROADCAST"
"~CAP_AUDIT_WRITE"
"~CAP_AUDIT_CONTROL"
"~CAP_SYS_RAWIO"
"~CAP_SYS_NICE"
"~CAP_SYS_RESOURCE"
"~CAP_SYS_TTY_CONFIG"
"~CAP_SYS_MODULE"
"~CAP_IPC_LOCK"
"~CAP_LINUX_IMMUTABLE"
"~CAP_BLOCK_SUSPEND"
"~CAP_MAC_*"
"~CAP_DAC_*"
"~CAP_FOWNER"
"~CAP_IPC_OWNER"
"~CAP_SYS_PTRACE"
"~CAP_SETUID"
"~CAP_SETGID"
"~CAP_SETPCAP"
"~CAP_FSETID"
"~CAP_SETFCAP"
"~CAP_CHOWN"
];
ProtectKernelModules = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectControlGroups = true;
RestrictNamespaces = true;
MemoryDenyWriteExecute = true;
RestrictAddressFamilies = [ "~AF_PACKET" "~AF_NETLINK" ];
ProtectHostname = true;
LockPersonality = true;
RestrictRealtime = true;
PrivateUsers = true;
};
};
systemd.services.nix-daemon = {
serviceConfig = {
ProtectHome = true;
PrivateUsers = false;
};
};
systemd.services.reload-systemd-vconsole-setup = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
PrivateUsers = true;
PrivateDevices = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictNamespaces = true;
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.rescue = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # Might need adjustment for rescue operations
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Networking might be necessary in rescue mode
RestrictNamespaces = true;
SystemCallFilter = [
"write"
"read"
"openat"
"close"
"brk"
"fstat"
"lseek"
"mmap"
"mprotect"
"munmap"
"rt_sigaction"
"rt_sigprocmask"
"ioctl"
"nanosleep"
"select"
"access"
"execve"
"getuid"
"arch_prctl"
"set_tid_address"
"set_robust_list"
"prlimit64"
"pread64"
"getrandom"
];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny =
"any"; # May need to be relaxed for network troubleshooting in rescue mode
};
};
systemd.services."systemd-ask-password-console" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for console access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # A more permissive filter
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services."systemd-ask-password-wall" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # A more permissive filter
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.thermald = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for adjusting cooling policies
ProtectKernelModules = true; # May need adjustment for module control
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May require access to specific hardware devices
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
CapabilityBoundingSet = "";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ];
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
DeviceAllow = [ ];
RestrictAddressFamilies = [ ];
};
};
systemd.services."user@1000" = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true; # Be cautious, as this may restrict user operations
PrivateDevices = true;
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on user needs
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any";
};
};
systemd.services.virtlockd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for accessing VM resources
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust as necessary
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need adjustment for network operations
};
};
systemd.services.virtlogd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers = true;
PrivateDevices = true; # May need adjustment for accessing VM logs
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies = "AF_INET AF_INET6";
RestrictNamespaces = true;
SystemCallFilter =
[ "@system-service" ]; # Adjust based on log management needs
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny =
"any"; # May need to be relaxed for network-based log collection
};
};
systemd.services.virtlxcd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for container management
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for container user management
PrivateDevices = true; # Containers might require broader device access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked containers
RestrictNamespaces = true;
SystemCallFilter =
[ "@system-service" ]; # Adjust based on container operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
systemd.services.virtqemud = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Necessary for VM management
ProtectKernelModules =
true; # May need adjustment for VM hardware emulation
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for VM user management
PrivateDevices = true; # VMs might require broader device access
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked VMs
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on VM operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
systemd.services.virtvboxd = {
serviceConfig = {
ProtectSystem = "strict";
ProtectHome = true;
ProtectKernelTunables = true; # Required for some VM management tasks
ProtectKernelModules = true; # May need adjustment for module handling
ProtectControlGroups = true;
ProtectKernelLogs = true;
ProtectClock = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateTmp = true;
PrivateUsers =
true; # Be cautious, might need adjustment for VM user management
PrivateDevices = true; # VMs may require access to certain devices
PrivateIPC = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
LockPersonality = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
RestrictAddressFamilies =
"AF_INET AF_INET6"; # Necessary for networked VMs
RestrictNamespaces = true;
SystemCallFilter = [ "@system-service" ]; # Adjust based on VM operations
SystemCallArchitectures = "native";
UMask = "0077";
IPAddressDeny = "any"; # May need to be relaxed for network functionality
};
};
}

140
modules/hledger-web.nix
View file

@ -1,140 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let cfg = config.services.hledger-web;
in {
options.services.hledger-web = {
enable = mkEnableOption (lib.mdDoc "hledger-web service");
serveApi = mkEnableOption
(lib.mdDoc "serving only the JSON web API, without the web UI");
host = mkOption {
type = types.str;
default = "127.0.0.1";
description = lib.mdDoc ''
Address to listen on.
'';
};
port = mkOption {
type = types.port;
default = 5000;
example = 80;
description = lib.mdDoc ''
Port to listen on.
'';
};
capabilities = {
view = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Enable the view capability.
'';
};
add = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable the add capability.
'';
};
manage = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable the manage capability.
'';
};
};
stateDir = mkOption {
type = types.path;
default = "/var/lib/hledger-web";
description = lib.mdDoc ''
Path the service has access to. If left as the default value this
directory will automatically be created before the hledger-web server
starts, otherwise the sysadmin is responsible for ensuring the
directory exists with appropriate ownership and permissions.
'';
};
journalFiles = mkOption {
type = types.listOf types.str;
default = [ ".hledger.journal" ];
description = lib.mdDoc ''
Paths to journal files relative to {option}`services.hledger-web.stateDir`.
'';
};
baseUrl = mkOption {
type = with types; nullOr str;
default = null;
example = "https://example.org";
description = lib.mdDoc ''
Base URL, when sharing over a network.
'';
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [ ];
example = [ "--forecast" ];
description = lib.mdDoc ''
Extra command line arguments to pass to hledger-web.
'';
};
};
config = mkIf cfg.enable {
users.users.hledger = {
name = "hledger";
group = "hledger";
isSystemUser = true;
home = cfg.stateDir;
useDefaultShell = true;
};
users.groups.hledger = { };
systemd.services.hledger-web = let
serverArgs = with cfg;
escapeShellArgs ([
"--serve"
"--host=${host}"
"--port=${toString port}"
(optionalString capabilities.add "--allow=add")
(optionalString capabilities.view "--allow=view")
(optionalString capabilities.manage "--allow=edit")
(optionalString (cfg.baseUrl != null) "--base-url=${cfg.baseUrl}")
(optionalString (cfg.serveApi) "--serve-api")
] ++ (map (f: "--file=${stateDir}/${f}") cfg.journalFiles)
++ extraOptions);
in {
description = "hledger-web - web-app for the hledger accounting tool.";
documentation = [ "https://hledger.org/hledger-web.html" ];
wantedBy = [ "multi-user.target" ];
after = [ "networking.target" ];
serviceConfig = mkMerge [
{
ExecStart = "${pkgs.hledger-web}/bin/hledger-web ${serverArgs}";
Restart = "always";
WorkingDirectory = cfg.stateDir;
User = "hledger";
Group = "hledger";
PrivateTmp = true;
}
(mkIf (cfg.stateDir == "/var/lib/hledger-web") {
StateDirectory = "hledger-web";
})
];
};
};
meta.maintainers = with lib.maintainers; [ marijanp erictapen ];
}

19
modules/hleger-web.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.services.hledger;
in {
options = {
services.hledger = {
enable = mkEnableOption (lib.mdDoc "hledger web service");
package = mkOption {
default = pkgs.hledger;
defaultText = literalExpression "pkgs.hledger";
type = types.package;
description = lib.mdDoc ''
HLedger package to use.
'';
};
};
};
}

10
modules/hyprland/default.nix
View file

@ -1,10 +0,0 @@
{
pkgs,
...
}:
{
config.programs.hyprland.enable = true;
config.environment.systemPackages = [ pkgs.kitty ];
config.environment.sessionVariables.NIXOS_OZONE_WL = "1";
}

9
modules/iohk.nix
View file

@ -1,9 +0,0 @@
{ config, lib, pkgs, ... }:
{
# Binary Cache for Haskell.nix
nix.settings.trusted-public-keys =
[ "cache.iog.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
nix.settings.substituters = lib.mkAfter [ "https://cache.iog.io" ];
}

5
modules/keybase.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.keybase.enable = true;
}

8
modules/mosh.nix
View file

@ -1,8 +0,0 @@
{ ... }:
{
programs.mosh = {
enable = true;
openFirewall = true;
};
}

23
modules/nh.nix
View file

@ -1,23 +0,0 @@
{
lib,
config,
...
}:
let
cfg = config.programs.nh;
in
{
config.programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/alex/src/nixos-config";
};
config.nix.gc.automatic = lib.mkIf cfg.enable (lib.mkForce false);
config.environment = lib.mkIf cfg.enable {
variables = lib.mkIf (cfg.flake != null) {
NH_FLAKE = cfg.flake;
};
};
}

43
modules/nix-config.nix
View file

@ -1,43 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
nix = {
package = pkgs.nixVersions.latest;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
settings = {
auto-optimise-store = true;
experimental-features = [
"nix-command"
"flakes"
];
warn-dirty = false;
# avoid unwanted garbage collection when using direnv
keep-outputs = true;
keep-derivations = true;
trusted-substituters = [
"https://devenv.cachix.org"
"https://nixcache.reflex-frp.org"
];
trusted-public-keys = [
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI="
];
trusted-users = [
"root"
"alex"
];
};
};
}

24
modules/podman/default.nix
View file

@ -1,24 +0,0 @@
{ pkgs, ... }:
{
# Enable common container config files in /etc/containers
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# Useful other development tools
environment.systemPackages = with pkgs; [
dive # look into docker image layers
podman-tui # status of containers in the terminal
# docker-compose # start group of containers for dev
podman-compose # start group of containers for dev
];
}

4
modules/security.nix
View file

@ -9,10 +9,10 @@
# tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy
# on ssd systems, and volatile! Because it's wiped on reboot.
# boot.tmpOnTmpfs = lib.mkDefault true;
# boot.tmpOnTmpfs = lib.mkDefault true;
# If not using tmpfs, which is naturally purged on reboot, we must clean it
# /tmp ourselves. /tmp should be volatile storage!
boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
boot.cleanTmpDir = lib.mkDefault (!config.boot.tmpOnTmpfs);
# Fix a security hole in place for backwards compatibility. See desc in
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix

14
modules/ssh.nix
View file

@ -1,14 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.openssh.enable = true;
users.users.alex.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/aaVGcys7ZJ3chImea/8jTGtIVYKzDxXBGIeZMiLm/ u0_a204@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrPC2OMHYJX41vedlsgQeLobapDOZ8StPVwmTTp0Qc83OeXGXiaJ2P0wA65NoIjh+I7OZjc/kRCO+mC4BZs2Em3pmWOZNTvW4YA8lvhpkwFNrvmx+G+HKKG7F04lOgo9zAJltY8ENj0T5jddbWWuSRDNPrHCwet2jdiTWc2Ri5QNAdxXSmp+XG9rTPF6JfuH3kjU7UYgMG0c9dJAy7KzCj4p6GhlfvZlFndhmT+PMkJbn5liv8ldFIuHAqA0Hyo3UYfAieeUDBloevbZKpbsp7wVdtmySfJCgwRaOqVPyB+5QK6sY32s2L8sHHdKgnJ1czeLaX11ZEGQIb4wMd6VYD (none)"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIScA09BrNhQjUzoKhU8xl0Giq4o+eN4tOhdRrS3AHg9QtDd+cZ/6gx5iuVguwVPwCBSGlyilIhtTvUHBft7vEqdoSWDzsIv4nAq5+m4wBAV1WtNuzdIjgDBVtYqIKI+KHasIuj5ol8tDbMmNUfG4kvPgaIudGo9G+ynWSVR1mZyk+W0sAKJAeWmcv5EDxMaSS/4WWXZ7GeLy5t0RJlyO4Pspm69hb63Urz5N2YJHUwgXLZbirsTK0cKRGLKvyEwUOQDvnj13VvnSt5mjfYNGr0g770PLNRPno2PeS5ux2+/4dx03+enh6CA70a+Ialu1Z7qMsaZhLPwuUDTGJJX4F ads-1700w"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOlzj6jMbFgBeNIq1u6ixwtfsjcTV/S5VUchpH2GskodrAuWTE6G+eIj40nVO3JbaErderhfosIhN8HnZTP9uhXvDcAgqE98rVKLC1Pm0bDST4H+Qc358h4BRWamkojF7ub1RdMKVsIX9xQFAPCv+6iyLKBU5F8lNu70Wr9cNSPaMS1zvKdJzUzq34kdjKf6Jsc+64ux254MUbkoD9VgJpNq9cCbkI6JHDLL+6fer/66dvsEggEEoCgbupJljsHo+4SGDqiFFT8l81gfgsV6CwAib7gkSiR9ZgCDgwjd5QPMqPBFytIc5F8Gz4sbsB2TMlLraaD+vcTt7p3HlWCsDpW0QBeeDvmupZoWpQuT8R/4G3FnGAf5sJgccffO8R/na8/TpSrRdfj0GlGYvxasMKDJnbrVig+zi7JpdH9hvAXmpv6c8QHhjr191I15PV2m4Z2bPPo5BXDt1YEqSgAaFHpTlkIUheEpbKRJI28YwOWOv3r1CcaGM64KxFXSZIIIk= nix-on-droid@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0itMeWUBtvAjNUzU0iCNHvRo2DUewlGjmHgy8qk7QyYvrFO0DhadDUrkqGK3RjfPue5eM+L/4sib+fr4OIAjzTxvSBpZWfMZtU41/iWiT2bvz7mNvi9j/TDBl/+PfFt0VBUgSPk1cO00P4sExVvseF9hXq5h4NNR4iSuC9P9u6mbaUeg9X6ydlld9+W300erxEToK54alZ0+YOwEMypjytjCBSPFG2QfmFoeU8bCqJvSotOw5nu974LKHOxZgxluBKprlusrRjCxZim9XwTS07I9gZhiDKIdvThSzEWZX4nwLrTyIh19DlZTO2vPUwwqBZyGlwMPCjfFazeViBKuQXCEAmifFHc/4f5Ae1zRA+ombJQveigomlcMXdV9E7HsD0I976ErJbYmfH+QwI78HbwFvbOX3yazdrw02ltdjvasO30dH7wdckoC7fYEXOij3M2pKlLOUojKUF589uPjiBiGNtxGKGpg0TKG9Nj1rvYHljfzQNwqgHKKrRdZo5pOHwzhvl4/fQubu5S/eAppstDuVHTZwIzpd9sHez1JNYS7SKNxT1cIW8NfW41RUe/8rVF678FvIDzuqkcYLsmPd+tg+w78stMEJHaTLHYOCbfYqEdBnvcNRPUFY30MwCVkG7s9X3cEuOwMx8KbTlH5AFZj9IBVUNeJ4p4aMUw3Pbw== /home/alex/.ssh/id_rsa"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDG4BlH07+a+U3i89U11Oz81X1lZnMnzu5d0Em2zlQJYiIqnwj7uRUl7TerXxmum9vOYsDGLGP8RwQRzySM5xfIIEmn5wHb6zPzD8jC8sJQws9d7q84PJMDVUfUeTHR/xZ9QbzG3NHTNnGdbtQptkDwxzLnr/kL5rvGrudgYa0RwHHZbz0WK15iVcsRIHglhsf9gLlXhZZ8Hn2r2qS7jj32InH58KAtawRBd8/WE56h/QY5vUt2F4M8ZvvIJHndynOn71iPJY0tr+b/VIG5JSK89aIQyVRk222TlTn3BrYW2VudrKkkLtssDEIfTmQeALN/LYev4+bJNGDI7bmg7TD4L6AlgrkTJGvXoup410oeiOWP2vrbK2OLB8lcs4lH9iauFg6fMAQuboJjUisicj6tD2SyjELCP2Hvf625k1H2vyp5366dUROBRaUX/AKIZwkIstNgcaLkF7gmeAc1Atr3DK4Jtxc9CHTO7Dv0os+p2q4LJm+mnJy8H7PnfPiRB3thTfULUAWQ2H8RpAn1r0Txur/3D/Jde6PPzL41CefmF6z+UOd4gwMONns7FLjru5z6HG/egaXlJPJkfYbgB+253VDDOga2Y+1W99rgvX0UsF//dhYCqa/XWvmk3htjRTgz80B7tm/eKQwaM7Cm7YZzWq5mjfgxPptkB9SDS8HORw== joyeuse"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDad0tKjdZluogJz9Tir9szwd3olnmY+XqrZtaabgAv9M1V3+ktjZxb11fqbhxpspEW889fG0PrdDsKrYrp6Adm6mVcFXb2Rx8uEIcQ4XQfMqzTBLgNipBcU+7DiWHrejLf9hcrH6HL4o6py59CrX5lnAf1Elt9HxUXTVl9rbMp0SHif6EbYumrCwipWWmcLJWKWVJrJ6rf4YBsmLNtxhf7myjCJxECetQeWyAJodguJa8T7hDJSiE6rfPLanU673T/CU1IBgexriUxcSk09PmjLGB3fFbZnGJlIOAua7ctXtwVjzat5WAWoNo5JdC3cnEUoNkyx7krLbQ2oOzNJi9YgYneTR0KWHYG/v/WVoI+VtW0RQIS+QzVW+ox8Y2j209BZGBFN1d+/ZarUsizg5OEyO7ntiL/UhL/YbI9jknBiw08mzUwIHLpNrpz17duIFNaNkmaN1FAt3b5HBVyq9h4x9FXmp/zaiVzN//Md4GD8xnGmiR3fd+l51mz+WjHIQM= alex@dregil"
];
}

15
modules/sudo.nix
View file

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.security.sudo = {
enable = true;
execWheelOnly = true;
extraRules = [{
groups = [ "wheel" ];
commands = [{
command = "/run/current-system/sw/bin/nixos-rebuild";
options = [ "NOPASSWD" ];
}];
}];
};
}

8
modules/tailscale/default.nix
View file

@ -1,8 +0,0 @@
{
...
}:
{
config.services.tailscale.enable = true;
config.services.resolved.enable = true;
}

5
modules/timezone.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
time.timeZone = lib.mkDefault "Europe/Berlin";
}

32
modules/upgrade-pg-cluster.nix
View file

@ -1,32 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [
(let
# XXX specify the postgresql package you'd like to upgrade to.
# Do not forget to list the extensions you need.
newPostgres = pkgs.postgresql_15.withPackages (pp: [
# pp.plv8
]);
in pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${config.services.postgresql.dataDir}"
export OLDBIN="${config.services.postgresql.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
];
}

16
modules/vsftpd/default.nix
View file

@ -1,16 +0,0 @@
{ lib, pkgs, ... }:
{
config.services.vsftpd = {
enable = true;
localUsers = true;
writeEnable = true;
chrootlocalUser = true;
userDbPath = "/etc/vsftpd/users";
enableVirtualUsers = true;
virtualUseLocalPrivs = true;
localRoot = "/var/lib/vsftpd/data";
extraConfig = "local_umask=002";
};
config.networking.firewall.allowedTCPPorts = [ 20 21 ];
}

5
modules/wm/gnome.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
}

18
modules/wm/greetd.nix
View file

@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
user = "greeter";
};
};
};
}

22
modules/wm/light.nix
View file

@ -1,22 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.programs.light = { enable = true; };
config.services.actkbd = let light = "${pkgs.light}/bin/light";
in {
enable = true;
bindings = [
{
keys = [ 232 ];
events = [ "key" ];
command = "${light} -U 10";
}
{
keys = [ 233 ];
events = [ "key" ];
command = "${light} -A 10";
}
];
};
}

24
modules/wm/sway.nix
View file

@ -1,24 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
environment.systemPackages = with pkgs; [
grim # screenshot functionality
slurp # screenshot functionality
wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
mako # notification system developed by swaywm maintainer
];
# Enable the gnome-keyring secrets vault.
# Will be exposed through DBus to programs willing to store secrets.
services.gnome.gnome-keyring.enable = true;
# enable Sway window manager
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
}

41
modules/wm/x.nix
View file

@ -1,41 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
# Enable the X11 windowing system.
services = {
dbus = {
enable = true;
};
xserver = {
enable = true;
xkb = {
options = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt";
layout = "us";
};
videoDrivers = [ "nvidia" ]; # "modesetting" ];
displayManager.lightdm = {
enable = true;
greeters.slick.enable = true;
};
};
desktopManager.gnome.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
libinput = {
enable = true;
touchpad.disableWhileTyping = true;
touchpad.tapping = false;
mouse.naturalScrolling = config.services.libinput.touchpad.naturalScrolling;
};
};
}

16
modules/wm/xmonad/default.nix
View file

@ -1,16 +0,0 @@
{ config, lib, pkgs, ... }:
{
config.services = {
upower.enable = true;
xserver = {
windowManager.xmonad = {
enable = true;
enableContribAndExtras = true;
};
};
};
config.systemd.services.upower.enable = true;
}

69
outputs/homeConfigurations/default.nix Normal file
View file

@ -0,0 +1,69 @@
inputs: with inputs;
let
pkgs = import nixpkgs-unstable {
system = "x86_64-linux";
config.allowUnfree = true;
overlays = [];
};
in
{
"alex@dregil" = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [
{
programs.home-manager.enable = true;
home = {
username = "alex";
homeDirectory = "/home/alex";
stateVersion = "22.11";
packages = with pkgs; [
alacritty # fast terminal
firefox # the browser with the fox
# social
jitsi-meet-electron # jitsi as a stand-alone app
discord # talk to other people
#inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat"
# editing
helix # vim like editor
nil # nix language server
# system tools
htop-vim # htop with vim bindings
erdtree # du+tree had sex
dua # ncdu but better
bat # better cat
uhk-agent # my keyboard
mosh # ssh via udp
# gaming support
lutris
];
};
programs.bash = {
enable = true;
};
programs.zsh = {
enable = true;
};
programs.git = {
enable = true;
userName = "Alexander Kobjolke";
userEmail = "me@failco.de";
};
programs.password-store = {
enable = true;
};
# do not show home-manager notifications
news.display = "silent";
}
];
};
}

142
scripts/nixos-mailserver-migration-03.py
View file

@ -1,142 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i python3 -p python3
import argparse
import os
import shutil
import sys
from enum import Enum
from pathlib import Path
from pwd import getpwnam
class FolderLayout(Enum):
Default = 1
Folder = 2
def check_user(vmail_root: Path):
owner = vmail_root.owner()
owner_uid = getpwnam(owner).pw_uid
if os.geteuid() == owner_uid:
return
try:
print(
f"Trying to switch effective user id to {owner_uid} ({owner})",
file=sys.stderr,
)
os.seteuid(owner_uid)
return
except PermissionError:
print(
f"Failed switching to virtual mail user. Please run this script under it, for example by using `sudo -u {owner}`)",
file=sys.stderr,
)
sys.exit(1)
def is_maildir_related(path: Path, layout: FolderLayout) -> bool:
if path.name in [
"subscriptions"
# https://doc.dovecot.org/2.3/admin_manual/mailbox_formats/maildir/#imap-uid-mapping
"dovecot-uidlist",
# https://doc.dovecot.org/2.3/admin_manual/mailbox_formats/maildir/#imap-keywords
"dovecot-keywords",
]:
return True
if not path.is_dir():
return False
if path.name in ["cur", "new", "tmp"]:
return True
if layout is FolderLayout.Default and path.name.startswith("."):
return True
if layout is FolderLayout.Folder:
if path.name in ["mail"]:
return False
return True
return False
def mkdir(dst: Path, dry_run: bool = True):
print(f'mkdir "{dst}"')
if not dry_run:
# u+rwx, setgid
dst.mkdir(mode=0o2700)
def move(src: Path, dst: Path, dry_run: bool = True):
print(f'mv "{src}" "{dst}"')
if not dry_run:
src.rename(dst)
def delete(dst: Path, dry_run: bool = True):
if not dst.exists():
return
if dst.is_dir():
print(f'rm --recursive "{dst}"')
if not dry_run:
shutil.rmtree(dst)
else:
print(f'rm "{dst}"')
if not dry_run:
dst.unlink()
def main(vmail_root: Path, layout: FolderLayout, dry_run: bool = True):
maildirs = {path.parent for path in vmail_root.glob("*/*/cur")}
maybe_delete = []
# The old maildir will be the new home directory
for homedir in maildirs:
maildir = homedir / "mail"
mkdir(maildir, dry_run)
for path in homedir.iterdir():
if is_maildir_related(path, layout):
move(path, maildir / path.name, dry_run)
else:
maybe_delete.append(path)
# Files that are part of the previous home directory, but now obsolete
for path in [
vmail_root / ".dovecot.lda-dupes",
vmail_root / ".dovecot.lda-dupes.locks",
]:
delete(path, dry_run)
# The remaining files are likely obsolete, but should still be checked with care
for path in maybe_delete:
print(f"# rm {str(path)}")
if __name__ == "__main__":
parser = argparse.ArgumentParser(
description="""
NixOS Mailserver Migration #3: Dovecot mail directory migration
(https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#dovecot-mail-directory-migration)
"""
)
parser.add_argument(
"vmail_root", type=Path, help="Path to the `mailserver.mailDirectory`"
)
parser.add_argument(
"--layout",
choices=["default", "folder"],
required=True,
help="Folder layout: 'default' unless `mailserver.useFsLayout` was enabled, then'folder'",
)
parser.add_argument(
"--execute", action="store_true", help="Actually perform changes"
)
args = parser.parse_args()
layout = FolderLayout.Default if args.layout == "default" else FolderLayout.Folder
check_user(args.vmail_root)
main(args.vmail_root, layout, not args.execute)

18
secrets/hledger-web.htaccess.age
View file

@ -1,10 +1,10 @@
age-encryption.org/v1
-> X25519 FrE3cLVPZshP6+VgS5aRSggS/3XEjLZW2/yCcxQT6z0
xlPC1bF0NqiDVEk/xU+7GPGpwbTPZk+iSZ4QvvJzCcU
-> ssh-ed25519 NCz+gA Ag6jD9h0FTR+jVR2K3wpQgGqyLJzQZyNvU2+AJPz+Xc
3QJhYsIl23/ve++5r9X/a2YUPSUgIBHJ8srPmeSnpKw
-> BaPA]-grease A\OcT5|
L4Nk5eiaKq72ELBFQemUGlXJXpmUt5aN++g9ljz+DBG8XL3bQ9RbPMhbEy/gzKf6
8WbY
--- hVjNjD1o1TI5B+CZqTdcoHjx3rRJCgrd4f13Vbhazmw
Řľt,AýĬ[w3¬LŘśbÎ`´4Ţ?¬”6 üЬśŢ®ŐŞş„1qźÍ?.'K¤jú€če¦idĹUëŤ˙÷¤ád¬<64><C2AC>“Ňf÷éeJJ=·«ĂpĹ—‰?oá ú
-> X25519 ntNFHjGdIlYJTbloT8Ujpn8Yh+oAaX/m0DHrq9ukLHQ
CTj9AefZLuZ0sBuFatp8/lEL8bUf2IXOHW00XJEdSVY
-> ssh-ed25519 NCz+gA kj420yScWjDD95LtvEb/62uXVzJU/v0ZSuJ+15MRdS8
vFZNC94TxoXh1vVjHFPwPIV+nta5rWgdYWTokbBitxE
-> 9-grease %8XR5/t }
22U6Glc0+L2vlRnrx1Sd1g9b4sfpt/1d0ihfEk5ZQOgEcy45+eNmbHTLQHYzpkFo
PmIBJrRj07B93Pp1MR4sHmOMtK358D9l1LSURdWQtmtcocOoKdQWmPq+IQ
--- 1F50mU6ZhA2vbJq1Nkae6KWzxGY1DGdPNhlA6S3r2GM
—F<EFBFBD>ŁśMŃ®ćťL~š†:5vÖ3 ß<>d? ő¬l~˝Š:_€Ő„ZůDřÔJÝR„Ő+Ź"