jakalx/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update main branch #1

Merged
jakalx merged 120 commits from develop into main 2024-02-05 21:51:32 +01:00
Conversation 0 Commits 120 Files changed 43 +1764 -438
43 changed files with 1764 additions and 438 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitmodules vendored
View file

@ -1,3 +0,0 @@
[submodule "home/emacs.d"]
path = home/emacs.d
url = https://github.com/hlissner/doom-emacs

271
flake.lock generated
View file

@ -3,16 +3,17 @@
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1677969766,
"narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=",
"lastModified": 1701216516,
"narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
"owner": "ryantm",
"repo": "agenix",
"rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e",
"rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
"type": "github"
},
"original": {
@ -59,19 +60,40 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1706302763,
"narHash": "sha256-Le1wk75qlzOSfzDk8vqYxSdoEyr/ORIbMhziltVNGYw=",
"owner": "nix-community",
"repo": "disko",
"rev": "f7424625dc1f2e4eceac3009cbd1203d566feebc",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"emacs": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs-unstable"
]
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1680257010,
"narHash": "sha256-pNMB9sdoZOXEsszLD5TS0WG5Ysj2rVRmf92uxsxH/9A=",
"lastModified": 1702399955,
"narHash": "sha256-FnB5O1RVFzj3h7Ayf7UxFnOL1gsJuG6gn1LCTd9dKFs=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "cfec7f9501cc0e001f49d725a7cd733af7deb2ed",
"rev": "47798c4ab07d5f055bb2625010cf6d8e3f384923",
"type": "github"
},
"original": {
@ -80,13 +102,32 @@
"type": "github"
}
},
"flake-utils": {
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -98,16 +139,36 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
],
"utils": "utils"
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1678831854,
"narHash": "sha256-7HBmLFNVD2KjovSzypIN9NfyzpWelMe8sNbUVZIRsS0=",
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "cae54dc45c0d61c99c1dc8b04bc42f36c76f9771",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager-unstable": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1702538064,
"narHash": "sha256-At5GwJPu2tzvS9dllhBoZmqK6lkkh/sOp2YefWRlaL8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0e2e443ff24f9d75925e91b89d1da44b863734af",
"type": "github"
},
"original": {
@ -117,12 +178,33 @@
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1702195709,
"narHash": "sha256-+zRjWkm5rKqQ57PuLZ3JF3xi3vPMiOJzItb1m/43Cq4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6761b8188b860f374b457eddfdb05c82eef9752f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
],
"utils": "utils_2"
"utils": "utils"
},
"locked": {
"lastModified": 1663932797,
@ -163,68 +245,130 @@
},
"nix-on-droid": {
"inputs": {
"home-manager": "home-manager_2",
"home-manager": "home-manager_3",
"nix-formatter-pack": "nix-formatter-pack",
"nixpkgs": [
"nixpkgs"
"nixpkgs-droid"
],
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd_2"
},
"locked": {
"lastModified": 1670198918,
"narHash": "sha256-oNlUhAM0/a3pDdCMmBWA+CLrDAIYJqAAMyrDp8fNSM4=",
"lastModified": 1688144254,
"narHash": "sha256-8KL1l/7eP2Zm1aJjdVaSOk0W5kTnJo9kcgW03gqWuiI=",
"owner": "t184256",
"repo": "nix-on-droid",
"rev": "b00cb5e7e2a47d85a019119069b153cda4002d0a",
"rev": "2301e01d48c90b60751005317de7a84a51a87eb6",
"type": "github"
},
"original": {
"owner": "t184256",
"ref": "release-22.11",
"ref": "release-23.05",
"repo": "nix-on-droid",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1678703398,
"narHash": "sha256-Y1mW3dBsoWLHpYm+UIHb5VZ7rx024NNHaF16oZBx++o=",
"lastModified": 1702346276,
"narHash": "sha256-eAQgwIWApFQ40ipeOjVSoK4TEHVd6nbSd9fApiHIw5A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "67f26c1cfc5d5783628231e776a81c1ade623e0b",
"rev": "cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-22_11": {
"locked": {
"lastModified": 1669558522,
"narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-22.11",
"type": "indirect"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1704290814,
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-droid": {
"locked": {
"lastModified": 1702350026,
"narHash": "sha256-A+GNZFZdfl4JdDphYKBJ5Ef1HOiFsP18vQe9mqjmUis=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9463103069725474698139ab10f17a9d125da859",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1669834992,
"narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=",
"lastModified": 1686921029,
"narHash": "sha256-J1bX9plPCFhTSh6E3TWn9XSxggBh/zDD4xigyaIQBy8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502",
"rev": "c7ff1b9b95620ce8728c0d7bd501c458e6da9e04",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1702221085,
"narHash": "sha256-Br3GCSkkvkmw46cT6wCz6ro2H1WgDMWbKE0qctbdtL0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c2786e7084cbad90b4f9472d5b5e35ecb57958af",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1678654296,
"narHash": "sha256-aVfw3ThpY7vkUeF1rFy10NAkpKDS2imj3IakrzT0Occ=",
"lastModified": 1705316053,
"narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5a1dc8acd977ff3dccd1328b7c4a6995429a656b",
"rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
"type": "github"
},
"original": {
@ -236,11 +380,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1669542132,
"narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=",
"lastModified": 1670751203,
"narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a115bb9bd56831941be3776c8a94005867f316a7",
"rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
"type": "github"
},
"original": {
@ -300,10 +444,13 @@
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"emacs": "emacs",
"home-manager": "home-manager",
"home-manager": "home-manager_2",
"home-manager-unstable": "home-manager-unstable",
"nix-on-droid": "nix-on-droid",
"nixpkgs": "nixpkgs",
"nixpkgs-droid": "nixpkgs-droid",
"nixpkgs-unstable": "nixpkgs-unstable",
"snm": "snm"
}
@ -311,43 +458,43 @@
"snm": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"nixpkgs-22_11": [
"nixpkgs"
],
"utils": "utils_3"
"nixpkgs-22_11": "nixpkgs-22_11",
"nixpkgs-23_05": "nixpkgs-23_05",
"utils": "utils_2"
},
"locked": {
"lastModified": 1671659164,
"narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=",
"lastModified": 1703666786,
"narHash": "sha256-SLPNpM/rI8XPyVJAxMYAe+n6NiYSpuXvdwPILHP4yZI=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd",
"rev": "b5023b36a1f6628865cb42b4353bd2ddde0ea9f4",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"ref": "nixos-22.11",
"ref": "master",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -362,7 +509,7 @@
"type": "github"
}
},
"utils_3": {
"utils_2": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",

74
flake.nix
View file

@ -1,22 +1,28 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs-droid.url = "github:NixOS/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-unstable = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# simple mailserver
snm = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-22.11";
inputs.nixpkgs-22_11.follows = "nixpkgs";
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
# inputs.nixpkgs-23_05.follows = "nixpkgs";
};
nix-on-droid = {
url = "github:t184256/nix-on-droid/release-22.11";
inputs.nixpkgs.follows = "nixpkgs";
url = "github:t184256/nix-on-droid/release-23.05";
inputs.nixpkgs.follows = "nixpkgs-droid";
};
emacs = {
@ -24,50 +30,66 @@
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# simplex-chat = {
# url = "github:simplex-chat/simplex-chat";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# simplex-chat = {
# url = "github:simplex-chat/simplex-chat";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# age for nix to store encrypted passwords conveniently
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { home-manager, nixpkgs, agenix, snm, ... }@inputs: {
outputs = { home-manager, nixpkgs, nixpkgs-unstable, ... }@inputs: {
nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
({
specialArgs = { inherit inputs; };
modules = let
postfix-overlay = final: prev: {
postfix = nixpkgs-unstable.legacyPackages."x86_64-linux".postfix;
};
in [
({ inputs, lib, ... }: {
nixpkgs = {
config.allowUnfree = true;
overlays = with inputs; [ emacs.overlay ];
overlays = with inputs; [ emacs.overlay postfix-overlay ];
};
nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
})
snm.nixosModule
./modules/security.nix
./hosts/thrall
agenix.nixosModules.age
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alex = import ./home/cli.nix;
home-manager.users.alex = import ./home/alex/cli.nix;
}
];
};
nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; };
homeConfigurations = import ./outputs/homeConfigurations inputs;
nixOnDroidConfigurations.default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
./hosts/redmi
{ nix.registry.nixpkgs.flake = nixpkgs; }
{ nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; }
];
nixosConfigurations."dregil" = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./hosts/dregil ];
};
nixosConfigurations."igor" = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./hosts/igor ];
};
nixOnDroidConfigurations.default = with inputs;
nix-on-droid.lib.nixOnDroidConfiguration {
modules = [
./hosts/redmi
{ nix.registry.nixpkgs.flake = nixpkgs-droid; }
{ nix.nixPath = [ "nixpkgs=${nixpkgs-droid}" ]; }
];
};
};
}

106
home/cli.nix → home/alex/cli.nix
View file

@ -2,27 +2,39 @@
# minimal config, suitable for servers
let
myUser = "alex";
myName = "Alexander Kobjolke";
myMail = "me@failco.de";
user = {
name = config.home.username;
fullName = "Alexander Kobjolke";
mail = "me@failco.de";
};
myEza = if builtins.hasAttr "eza" pkgs then "eza" else "exa";
in {
imports = [
# shell config
#./modules/shell
./programs/neovim/default.nix
./programs/emacs/default.nix
./programs/editorconfig
];
programs.home-manager.enable = true;
home = {
username = myUser;
homeDirectory = "/home/${myUser}";
stateVersion = "21.05";
sessionPath = [ "$HOME/.local/bin" "$HOME/.emacs.d/bin" ];
sessionPath = [ "$HOME/.local/bin" ];
};
# do not show home-manager notifications
news.display = "silent";
home.packages = with pkgs; [
# archives
#p7zip
#unrar
git-absorb
git-annex
git-annex-remote-rclone
tea # command-line frontend for gitea
# nix tools
nix-index
nixfmt
@ -37,23 +49,40 @@ in {
pijul
sqlite.dev
sqlite
# pass
# editing
nil # nix language server
shellcheck
editorconfig-core-c
shfmt
(aspellWithDicts (dicts: with dicts; [ en en-computers en-science de ]))
# system tools
htop-vim # htop with vim bindings
erdtree # du+tree had sex
dua # ncdu but better
fzf
gopass
gopass-jsonapi
gopass-hibp
gcc
cmake
graphviz
plantuml
gnuplot
pandoc
hledger
hledger-web
hledger-iadd
hledger-ui
#smos
#haskellPackages.patat # terminal based presentations using pandoc
nix-prefetch-git
];
home.extraOutputsToInstall = [ "doc" "info" "devdoc" ];
xdg.enable = true;
# xdg.configFile = {
# "emacs".source = ./emacs.d;
# };
xdg.configFile.tmux = {
target = "tmux/tmux.conf";
@ -64,6 +93,8 @@ in {
set -g escape-time 0
bind-key C-z send-prefix
set -g renumber-windows on
bind-key T swap-window -t 0
'';
};
@ -71,27 +102,39 @@ in {
target = "pijul/config.toml";
text = ''
[author]
name = "${myUser}"
full_name = "${myName}"
email = "${myMail}"
name = "${user.name}"
full_name = "${user.fullName}"
email = "${user.mail}"
'';
};
programs = {
bash = { enable = true; };
# better cat
bat.enable = true;
# htop replacement with a nice UI
btop.enable = true;
zsh = {
enable = true;
enableAutosuggestions = true;
# enableSyntaxHighlighting = true;
shellAliases = { e = "emacsclient -c $@"; };
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
plugins = [ "git" "fzf" "fd" "z" ];
theme = "simple";
};
};
# better cat
bat.enable = true;
# better ls with icons and stuff, maybe also try lsd
${myEza} = {
enable = true;
icons = true;
enableAliases = true;
};
starship = { enable = true; };
direnv = {
enable = true;
@ -100,13 +143,6 @@ in {
enableBashIntegration = true;
};
emacs = {
enable = true;
package = pkgs.emacsGit;
extraPackages = epkgs: with epkgs; [ vterm ];
#package = pkgs.emacsUnstable;
};
gh = {
enable = true;
settings.git_protocol = "ssh";
@ -115,8 +151,8 @@ in {
git = {
enable = true;
ignores = [ "*~" "*.swp" "result" "dist-newstyle" ];
userEmail = myMail;
userName = myName;
userEmail = user.mail;
userName = user.fullName;
aliases = { st = "status"; };
extraConfig = { init.defaultBranch = "main"; };
};
@ -133,14 +169,12 @@ in {
password-store = {
enable = true;
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
package = pkgs.gopass;
settings = { PASSWORD_STORE_DIR = "$HOME/.local/share/password-store"; };
};
ssh.enable = true;
neovim = import ./modules/nvim.nix pkgs;
texlive.enable = true;
};
@ -151,8 +185,6 @@ in {
defaultCacheTtlSsh = 300;
};
services.emacs = { enable = true; };
home.file.".local" = {
recursive = true;
source = ./local;

17
home/alex/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, pkgs, inputs, ... }:
let electron-overlay = final: prev: { electron = final.electron_25; };
in {
imports = [ ];
users.users."alex" = {
isNormalUser = true;
extraGroups = [ "input" "networkmanager" "wheel" ];
description = "Alexander Kobjolke";
home = "/home/alex";
shell = pkgs.zsh;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alex = import ./home.nix;
}

93
home/alex/home.nix Normal file
View file

@ -0,0 +1,93 @@
{ config, lib, pkgs, ... }:
{
imports = [
./cli.nix
# ./programs/xmonad/default.nix
];
home = {
homeDirectory = "/home/alex";
stateVersion = "21.05";
language.base = "en_US.UTF-8";
keyboard.layout = "us";
keyboard.variant = "dvorak";
keyboard.options =
[ "terminate:ctrl_alt_bksp" "caps:escape" "compose:ralt" ];
packages = with pkgs; [
# social
(jitsi-meet-electron.overrideAttrs (prev: rec {
version = "2023.10.0";
src = fetchurl {
url =
"https://github.com/jitsi/jitsi-meet-electron/releases/download/v${version}/jitsi-meet-x86_64.AppImage";
sha256 = "sha256-zhOx/gdsiQMuOCCE5sn+JNu0WJrH36XfvqqNvE24St8=";
name = "jitsi-meet-electron-${version}.AppImage";
};
})) # jitsi as a stand-alone app
discord # talk to other people
# system tools
uhk-agent # my keyboard
mosh # ssh via udp
# gaming support
lutris
winePackages.stagingFull
# reading
calibre
];
};
news.display = "silent";
programs = {
alacritty.enable = true;
# autorandr.enable = true;
browserpass = {
enable = true;
browsers = [ "firefox" ];
};
feh.enable = true;
firefox = {
enable = true;
package = pkgs.firefox.override {
cfg = {
nativeMessagingHosts.packages =
[ pkgs.browserpass pkgs.tridactyl-native ];
enableGnomeExtensions = true;
};
};
};
mpv.enable = true;
rofi.enable = true;
rofi.pass.enable = true;
zathura.enable = true;
zsh = let
auth-socket-env = ''
export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf -L agent-ssh-socket)"
'';
in {
enable = true;
loginExtra = auth-socket-env;
initExtra = auth-socket-env;
};
};
services.gpg-agent = {
enable = true;
enableSshSupport = true;
sshKeys = [ "9027AB16B9A7C20BD29F30F55CBA054430BF014C" ];
};
# services.autorandr = { enable = true; };
xsession.enable = true;
}

0
home/local/bin/kill-old-mosh → home/alex/local/bin/kill-old-mosh
View file

0
home/local/bin/merge-pdf → home/alex/local/bin/merge-pdf
View file

18
home/alex/programs/editorconfig/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
{
editorconfig = {
enable = true;
settings = {
"*" = {
charset = "utf-8";
end_of_line = "lf";
trim_trailing_whitespace = true;
insert_final_newline = true;
max_line_width = 78;
indent_style = "space";
indent_size = 2;
};
};
};
}

29
home/alex/programs/emacs/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ inputs, config, lib, pkgs, ... }:
let
emacsclient-wrapper = pkgs.writeShellScriptBin "e" ''
exec ${pkgs.emacs}/bin/emacsclient --reuse-frame --no-wait "$@"
'';
in {
nixpkgs.overlays = [ inputs.emacs.overlay ];
home = {
sessionPath = [ "$HOME/.emacs.d/bin" ];
packages = [ emacsclient-wrapper ];
};
programs.emacs = {
enable = true;
extraPackages = epkgs: with epkgs; [ vterm ];
};
services.emacs = {
enable = true;
defaultEditor = true;
startWithUserSession = true;
};
xdg.configFile.doom = {
target = "doom";
source = ./doom;
};
}

282
home/alex/programs/emacs/doom/config.el Normal file
View file

@ -0,0 +1,282 @@
;;; $DOOMDIR/config.el -*- lexical-binding: t; -*-
;; Place your private configuration here! Remember, you do not need to run 'doom
;; sync' after modifying this file!
;; Some functionality uses this to identify you, e.g. GPG configuration, email
;; clients, file templates and snippets.
(setq user-full-name "Alexander Kobjolke"
user-mail-address "me@failco.de")
;; Doom exposes five (optional) variables for controlling fonts in Doom. Here
;; are the three important ones:
;;
;; + `doom-font'
;; + `doom-variable-pitch-font'
;; + `doom-big-font' -- used for `doom-big-font-mode'; use this for
;; presentations or streaming.
;;
;; They all accept either a font-spec, font string ("Input Mono-12"), or xlfd
;; font string. You generally only need these two:
;; (setq doom-font (font-spec :family "monospace" :size 12 :weight 'semi-light)
;; doom-variable-pitch-font (font-spec :family "sans" :size 13))
;; There are two ways to load a theme. Both assume the theme is installed and
;; available. You can either set `doom-theme' or manually load a theme with the
;; `load-theme' function. This is the default:
(setq doom-theme 'doom-gruvbox)
(require 're-builder)
(setq reb-re-syntax 'string)
;; If you use `org' and don't want your org files in the default location below,
;; change `org-directory'. It must be set before org loads!
(setq org-directory "~/org/"
org-roam-directory (file-truename "~/org/notes"))
;; do not create a new workspace for each emacsclient
(after! persp-mode
  (setq persp-emacsclient-init-frame-behaviour-override "main"))
(defun my/org-id-update-org-roam-files ()
"Update Org-ID locations for all Org-roam files."
(interactive)
(org-id-update-id-locations (org-roam-list-files)))
(defun my/org-id-update-id-current-file ()
"Scan the current buffer for Org-ID locations and update them."
(interactive)
(org-id-update-id-locations (list (buffer-file-name (current-buffer)))))
(setq undo-limit 80000000 ; Raise undo-limit to 80Mb
evil-want-fine-undo t ; By default while in insert all changes are one big blob. Be more granular
auto-save-default t ; Nobody likes to loose work, I certainly don't
)
;; This determines the style of line numbers in effect. If set to `nil', line
;; numbers are disabled. For relative line numbers, set this to `relative'.
(setq display-line-numbers-type t)
;; mouse
;; enable mouse reporting for terminal emulators
(unless window-system
(xterm-mouse-mode 1)
(global-set-key [mouse-4] (lambda ()
(interactive)
(scroll-down 1)))
(global-set-key [mouse-5] (lambda ()
(interactive)
(scroll-up 1))))
;; disable highlight lines
;(remove-hook 'doom-first-buffer-hook #'global-hl-line-mode)
(setq haskell-process-type 'cabal-new-repl)
(setq evil-snipe-override-evil-repeat-keys nil)
(setq doom-localleader-key ",")
(setq doom-localleader-alt-key "M-,")
(use-package! org
:config (setq org-log-into-drawer t
org-todo-keywords '(
(sequence "NEXT(n)" "TODO(t)" "WAIT(w@/!)" "|" "DONE(d!)" "CNCL(k@)")
(sequence "[ ](T)" "[-](S)" "[?](W)" "|" "[X](D)")
)))
(use-package! org-ql)
(use-package! elfeed-web)
(setq ak/bibliography (list (concat org-directory "references.bib")))
;(setq org-cite-global-bibliography (list (concat org-directory "references.bib")))
(setq! bibtex-completion-bibliography ak/bibliography)
(setq! citar-bibliography ak/bibliography)
;; Use an ISO date format for ledger entries
(setq ledger-default-date-format "%Y-%m-%d"
ledger-binary-path "hledger"
ledger-report-auto-width nil
ledger-mode-should-check-version nil
ledger-init-file-name " "
ledger-post-amount-alignment-column 58
ledger-report-native-highlighting-arguments '("--color=always")
ledger-highlight-xact-under-point t)
(setq ledger-reports
'(("bal" "%(binary) -f %(ledger-file) bal -B")
("reg" "%(binary) -f %(ledger-file) reg -B")
("payee" "%(binary) -f %(ledger-file) reg -B @%(payee)")
("account" "%(binary) -f %(ledger-file) reg -B %(account)")))
;; (use-package! ormolu
;; :hook (haskell-mode . ormolu-format-on-save-mode)
;; :bind
;; (:map haskell-mode-map
(after! lsp-haskell
(setq lsp-haskell-formatting-provider "fourmolu"))
;; tweak some VI defaults
(after! evil
(setq evil-ex-substitute-global t ; I like my s/../.. to by global by default
evil-move-cursor-back nil ; Don't move the block cursor when toggling insert mode
evil-kill-on-visual-paste nil)) ; Don't put overwritten text in the kill ring
(setq org-gtd-update-ack "3.0.0")
;; Org GTD support
(use-package! org-gtd
:after org
:demand t
:config
(setq org-gtd-directory "~/org")
(setq org-gtd-default-file-name "actionable")
(setq org-edna-use-inheritance t)
;(setq org-gtd-areas-of-focus '("house" "haskell" "foss"))
;(setq org-gtd-organize-hooks '(org-gtd-set-area-of-focus org-set-tags-command))
(org-edna-mode)
(map! :leader
:desc "Capture" "X" #'org-gtd-capture
(:prefix ("d" . "org-gtd")
:desc "Capture" "c" #'org-gtd-capture
:desc "Engage" "e" #'org-gtd-engage-grouped-by-context
:desc "Process inbox" "p" #'org-gtd-process-inbox
:desc "Show all next" "n" #'org-gtd-show-all-next
(:prefix ("r" . "Review")
:desc "Stuck projects" "p" #'org-gtd-review-stuck-projects
:desc "Stuck actions" "a" #'org-gtd-review-stuck-single-action-items
:desc "Stuck habits" "h" #'org-gtd-review-stuck-habit-items
)
))
(map! :map org-gtd-clarify-map
:desc "Organize this item" "C-c C-c" #'org-gtd-organize)
:bind
(("C-c d c" . #'org-gtd-capture)
("C-c d e" . #'org-gtd-engage-grouped-by-context)
("C-c d p" . #'org-gtd-process-inbox)
("C-c d n" . #'org-gtd-show-all-next)
("C-c d r p" . #'org-gtd-review-stuck-projects))
)
(defun ak/org-roam-node-insert-immediate (arg &rest args)
(interactive "P")
(let ((args (cons arg args))
(org-roam-capture-templates (list (append (car org-capture-templates) '(:immediate-finish t))))
)
(apply #'org-roam-node-insert args)))
(use-package! org-habit
:after org
:config (setq org-habit-show-habits t
org-habit-preceding-days 35
org-habit-following-days 7
)
)
(use-package! org-edna
:after org-gtd
:init
(setq org-edna-use-inheritance t)
:config
(org-edna-mode 1)
)
(use-package! emacsql-sqlite3
:custom
(org-roam-database-connector 'sqlite3))
(use-package! nov
:mode ("\\.epub\\'" . nov-mode)
:config
(setq nov-save-place-file (concat doom-cache-dir "nov-places")))
(use-package! org-present
:after org)
(use-package! denote
:after org
:config
(setq denote-directory (concat org-directory "/notes")
)
(map! :leader
(:prefix ("n" . "notes")
:desc "Denote" "d" #'denote-open-or-create-with-command
))
:bind
(("C-c n d" . #'denote-open-or-create-with-command))
)
(use-package! org-super-agenda
:after org-agenda
:init
(setq org-agenda-skip-deadline-if-done t
org-agenda-skip-scheduled-if-done t
org-agenda-include-deadlines t
org-agenda-block-separator nil
org-agenda-compact-blocks t
org-agenda-start-day nil
org-agenda-span 1
org-agenda-start-on-weekday nil
)
(setq org-agenda-custom-commands
'(("a" "Getting Things done"
((agenda "" ((org-agenda-overriding-header "")
(org-super-agenda-groups
'((:name "Today"
:time-grid t
:date today
:order 1)))))
(alltodo "" ((org-agenda-overriding-header "")
(org-super-agenda-groups
'(;(:log t)
(:name "Waiting for..."
:todo "WAIT"
:order 1)
(:discard (:not (:todo ("NEXT" "START"))))
(:name "Next actions"
:auto-parent (:todo ("NEXT" "STRT"))
:order 2
)
(:discard (:anything t)
:order 99)
))))
))))
:config
(org-super-agenda-mode)
)
(use-package! org-fc
:after org
:init
(setq org-fc-directories (concat org-directory "/cards"))
)
(use-package! vterm
:config
(setq vterm-min-window-width 50)
)
(map! :desc "Move workspace to the left" :leader :n "TAB <" #'+workspace/swap-left)
(map! :desc "Move workspace to the left" :leader :n "TAB >" #'+workspace/swap-right)
(map! :desc "Denote" :leader :n "n d" #'denote)
;; Here are some additional functions/macros that could help you configure Doom:
;;
;; - `load!' for loading external *.el files relative to this one
;; - `use-package!' for configuring packages
;; - `after!' for running code after a package has loaded
;; - `add-load-path!' for adding directories to the `load-path', relative to
;; this file. Emacs searches the `load-path' when you load packages with
;; `require' or `use-package'.
;; - `map!' for binding new keys
;;
;; To get information about any of these functions/macros, move the cursor over
;; the highlighted symbol at press 'K' (non-evil users must press 'C-c c k').
;; This will open documentation for it, including demos of how they are used.
;;
;; You can also try 'gd' (or 'C-c c d') to jump to their definition and see how
;; they are implemented.

51
home/alex/programs/emacs/doom/custom.el Normal file
View file

@ -0,0 +1,51 @@
(custom-set-variables
;; custom-set-variables was added by Custom.
;; If you edit it by hand, you could mess it up, so be careful.
;; Your init file should contain only one such instance.
;; If there is more than one, they won't work right.
'(ansi-color-names-vector
["#282c34" "#ff6c6b" "#98be65" "#ECBE7B" "#51afef" "#c678dd" "#46D9FF" "#bbc2cf"])
'(custom-safe-themes
'("c4063322b5011829f7fdd7509979b5823e8eea2abf1fe5572ec4b7af1dd78519" "835868dcd17131ba8b9619d14c67c127aa18b90a82438c8613586331129dda63" "7eea50883f10e5c6ad6f81e153c640b3a288cd8dc1d26e4696f7d40f754cc703" default))
'(exwm-floating-border-color "#191b20")
'(fci-rule-color "#5B6268")
'(highlight-tail-colors
((("#333a38" "#99bb66" "green")
. 0)
(("#2b3d48" "#46D9FF" "brightcyan")
. 20)))
'(jdee-db-active-breakpoint-face-colors (cons "#1B2229" "#51afef"))
'(jdee-db-requested-breakpoint-face-colors (cons "#1B2229" "#98be65"))
'(jdee-db-spec-breakpoint-face-colors (cons "#1B2229" "#3f444a"))
'(objed-cursor-color "#ff6c6b")
'(pdf-view-midnight-colors (cons "#bbc2cf" "#282c34"))
'(rustic-ansi-faces
["#282c34" "#ff6c6b" "#98be65" "#ECBE7B" "#51afef" "#c678dd" "#46D9FF" "#bbc2cf"])
'(vc-annotate-background "#282c34")
'(vc-annotate-color-map
(list
(cons 20 "#98be65")
(cons 40 "#b4be6c")
(cons 60 "#d0be73")
(cons 80 "#ECBE7B")
(cons 100 "#e6ab6a")
(cons 120 "#e09859")
(cons 140 "#da8548")
(cons 160 "#d38079")
(cons 180 "#cc7cab")
(cons 200 "#c678dd")
(cons 220 "#d974b7")
(cons 240 "#ec7091")
(cons 260 "#ff6c6b")
(cons 280 "#cf6162")
(cons 300 "#9f585a")
(cons 320 "#6f4e52")
(cons 340 "#5B6268")
(cons 360 "#5B6268")))
'(vc-annotate-very-old-color nil))
(custom-set-faces
;; custom-set-faces was added by Custom.
;; If you edit it by hand, you could mess it up, so be careful.
;; Your init file should contain only one such instance.
;; If there is more than one, they won't work right.
)

196
home/alex/programs/emacs/doom/init.el Normal file
View file

@ -0,0 +1,196 @@
;;; init.el -*- lexical-binding: t; -*-
;; This file controls what Doom modules are enabled and what order they load
;; in. Remember to run 'doom sync' after modifying it!
;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
;; documentation. There you'll find a "Module Index" link where you'll find
;; a comprehensive list of Doom's modules and what flags they support.
;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
;; 'C-c c k' for non-vim users) to view its documentation. This works on
;; flags as well (those symbols that start with a plus).
;;
;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
;; directory (for easy access to its source code).
(doom! :input
;;chinese
;;japanese
;;layout ; auie,ctsrnm is the superior home row
:completion
company ; the ultimate code completion backend
;;helm ; the *other* search engine for love and life
;;ido ; the other *other* search engine...
;;ivy ; a search engine for love and life
(vertico +icons) ; the search engine of the future
:ui
;;deft ; notational velocity for Emacs
doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs
;;doom-quit ; DOOM quit-message prompts when you quit Emacs
(emoji +unicode +github +ascii) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;hydra
;;indent-guides ; highlighted indent columns
;;(ligatures +extra) ; ligatures and symbols to make your code pretty again
;;minimap ; show a map of the code on the side
modeline ; snazzy, Atom-inspired modeline, plus API
nav-flash ; blink cursor line after big motions
;;neotree ; a project drawer, like NERDTree for vim
ophints ; highlight the region an operation acts on
(popup +defaults +all) ; tame sudden yet inevitable temporary windows
;;tabs ; a tab bar for Emacs
;;treemacs ; a project drawer, like neotree but cooler
unicode ; extended unicode support for various languages
vc-gutter ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB
(window-select +numbers) ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces
zen ; distraction-free coding or writing
:editor
(evil +everywhere); come to the dark side, we have cookies
file-templates ; auto-snippets for empty files
fold ; (nigh) universal code folding
(format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys
;;lispy ; vim for lisp, for people who don't like vim
multiple-cursors ; editing in many places at once
;;objed ; text object editing for the innocent
;;parinfer ; turn lisp into python, sort of
rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to
word-wrap ; soft wrapping with language-aware indent
:emacs
(dired +ranger +icons) ; making dired pretty [functional]
electric ; smarter, keyword-based electric-indent
(ibuffer +icons) ; interactive buffer management
undo ; persistent, smarter undo for your inevitable mistakes
vc ; version-control and Emacs, sitting in a tree
:term
eshell ; the elisp shell that works everywhere
;;shell ; simple shell REPL for Emacs
;;term ; basic terminal emulator for Emacs
vterm ; the best terminal emulation in Emacs
:checkers
syntax ; tasing you for every semicolon you forget
(spell +flyspell +everywhere +aspell) ; tasing you for misspelling mispelling
;;grammar ; tasing grammar mistake every you make
:tools
ansible
biblio ; Writes a PhD for you (citation needed)
(debugger +lsp) ; FIXME stepping through code, to help you add bugs
direnv
;;docker
editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls)
;;gist ; interacting with github gists
lookup ; navigate your code and its documentation
lsp ; M-x vscode
(magit +forge) ; a git porcelain for Emacs
make ; run make tasks from Emacs
pass ; password manager for nerds
pdf ; pdf enhancements
;;prodigy ; FIXME managing external services & code builders
;;rgb ; creating color strings
;;taskrunner ; taskrunner for all your projects
;;terraform ; infrastructure as code
tmux ; an API for interacting with tmux
tree-sitter
;;upload ; map local to remote projects via ssh/ftp
:os
(:if IS-MAC macos) ; improve compatibility with macOS
(tty +osc) ; improve the terminal Emacs experience
:lang
;;agda ; types of types of types of types...
;;beancount ; mind the GAAP
(cc +lsp) ; C > C++ == 1
;;clojure ; java with a lisp
;;common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c
;;csharp ; unity, .NET, and mono shenanigans
data ; config/data formats
;;(dart +flutter) ; paint ui and not much else
;;dhall
;;elixir ; erlang done right
(elm +lsp) ; care for a cup of TEA?
emacs-lisp ; drown in parentheses
;;erlang ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics
;;factor
;;faust ; dsp, but you get to keep your soul
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
(go +lsp) ; the hipster dialect
(graphql +lsp) ; Give queries a REST
(haskell +lsp) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on
json ; At least it ain't XML
(java +lsp +tree-sitter) ; the poster child for carpal tunnel syndrome
javascript ; all(hope(abandon(ye(who(enter(here))))))
;;julia ; a better, faster MATLAB
;;kotlin ; a better, slicker Java(Script)
latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove
ledger ; be audit you can be
lua ; one-based indices? one-based indices
markdown ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c
nix ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel
(org +roam2 +pandoc +present +gnuplot +noter) ; organize your plain life in plain text
;;php ; perl's insecure younger brother
plantuml ; diagrams for confusing people more
;;purescript ; javascript, but functional
python ; beautiful is better than ugly
qt ; the 'cutest' gui framework ever
;;racket ; a DSL for DSLs
;;raku ; the artist formerly known as perl6
rest ; Emacs as a REST client
;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
(rust +lsp) ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps
sh ; she sells {ba,z,fi}sh shells on the C xor
;;sml
;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance.
;;web ; the tubes
yaml ; JSON, but readable
;;zig ; C, but simpler
:email
(mu4e +org +gmail)
;;notmuch
;;(wanderlust +gmail)
:app
calendar
;;emms
;;everywhere ; *leave* Emacs!? You must be joking
irc ; how neckbeards socialize
(rss +org) ; emacs as an RSS reader
;;twitter ; twitter client https://twitter.com/vnought
:config
;;literate
(default +bindings +smartparens))
(setq native-comp-deferred-compilation nil)
(after! (doom-packages straight)
(setq straight--native-comp-available t))

71
home/alex/programs/emacs/doom/packages.el Normal file
View file

@ -0,0 +1,71 @@
;; -*- no-byte-compile: t; -*-
;;; $DOOMDIR/packages.el
;; To install a package with Doom you must declare them here and run 'doom sync'
;; on the command line, then restart Emacs for the changes to take effect -- or
;; use 'M-x doom/reload'.
;; To install SOME-PACKAGE from MELPA, ELPA or emacsmirror:
;;(package! some-package)
;; To install a package directly from a remote git repo, you must specify a
;; `:recipe'. You'll find documentation on what `:recipe' accepts here:
;; https://github.com/raxod502/straight.el#the-recipe-format
;;(package! another-package
;; :recipe (:host github :repo "username/repo"))
;; If the package you are trying to install does not contain a PACKAGENAME.el
;; file, or is located in a subdirectory of the repo, you'll need to specify
;; `:files' in the `:recipe':
;;(package! this-package
;; :recipe (:host github :repo "username/repo"
;; :files ("some-file.el" "src/lisp/*.el")))
;; If you'd like to disable a package included with Doom, you can do so here
;; with the `:disable' property:
;;(package! builtin-package :disable t)
;; You can override the recipe of a built in package without having to specify
;; all the properties for `:recipe'. These will inherit the rest of its recipe
;; from Doom or MELPA/ELPA/Emacsmirror:
;;(package! builtin-package :recipe (:nonrecursive t))
;;(package! builtin-package-2 :recipe (:repo "myfork/package"))
;; Specify a `:branch' to install a package from a particular branch or tag.
;; This is required for some packages whose default branch isn't 'master' (which
;; our package manager can't deal with; see raxod502/straight.el#279)
;;(package! builtin-package :recipe (:branch "develop"))
;; Use `:pin' to specify a particular commit to install.
;(package! builtin-package :pin "1a2b3c4d5e")
;; Doom's packages are pinned to a specific commit and updated from release to
;; release. The `unpin!' macro allows you to unpin single packages...
;(unpin! pinned-package)
;; ...or multiple packages
;(unpin! pinned-package another-pinned-package)
;; ...Or *all* packages (NOT RECOMMENDED; will likely break things)
;;(unpin! t)
;;(package! this-package
;; :recipe (:host github :repo "username/repo"
;; :files ("some-file.el" "src/lisp/*.el")))
(package! ormolu)
(package! org-gtd
:recipe (:host github :repo "Trevoke/org-gtd.el" :branch "master"))
(package! org-fc
:recipe (:host sourcehut :repo "l3kn/org-fc" :branch "main"))
(package! org-edna)
(package! org-review
:recipe (:host github :repo "jakalx/org-review" :branch "master"))
(package! sqlite3)
(package! emacsql-sqlite3)
(package! nov)
(package! org-present)
(package! denote)
(package! org-super-agenda)
(package! org-ql)
(package! elfeed-web)

3
home/alex/programs/emacs/doom/snippets/org-mode/__ Normal file
View file

@ -0,0 +1,3 @@
# -*- mode: snippet -*-
# name: Org Template file
# --

20
home/alex/programs/neovim/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
{
programs.neovim = {
enable = true;
vimAlias = true;
extraConfig = ''
set nowrap
'';
plugins = with pkgs.vimPlugins; [
vim-nix
indentLine
indent-blankline-nvim
neoformat
];
};
}

77
home/alex/programs/xmonad/config.hs Normal file
View file

@ -0,0 +1,77 @@
import XMonad
import XMonad.Hooks.DynamicLog
import XMonad.Hooks.ManageDocks
import XMonad.Hooks.ManageHelpers
import XMonad.Hooks.StatusBar
import XMonad.Hooks.StatusBar.PP
import XMonad.Util.EZConfig
import XMonad.Util.Loggers
import XMonad.Util.Ungrab
import XMonad.Layout.Magnifier
import XMonad.Layout.ThreeColumns
import XMonad.Hooks.EwmhDesktops
main :: IO ()
main = xmonad
. ewmhFullscreen
. ewmh
. withEasySB (statusBarProp "xmobar" (pure myXmobarPP)) defToggleStrutsKey
$ myConfig
myConfig = def
{ modMask = mod4Mask -- Rebind Mod to the Super key
, layoutHook = myLayout -- Use custom layouts
, manageHook = myManageHook -- Match on certain windows
}
`additionalKeysP`
[ ("M-S-z", spawn "xscreensaver-command -lock")
, ("M-C-s", unGrab *> spawn "scrot -s" )
, ("M-f" , spawn "firefox" )
]
myManageHook :: ManageHook
myManageHook = composeAll
[ className =? "Gimp" --> doFloat
, isDialog --> doFloat
]
myLayout = tiled ||| Mirror tiled ||| Full ||| threeCol
where
threeCol = magnifiercz' 1.3 $ ThreeColMid nmaster delta ratio
tiled = Tall nmaster delta ratio
nmaster = 1 -- Default number of windows in the master pane
ratio = 1/2 -- Default proportion of screen occupied by master pane
delta = 3/100 -- Percent of screen to increment by when resizing panes
myXmobarPP :: PP
myXmobarPP = def
{ ppSep = magenta ""
, ppTitleSanitize = xmobarStrip
, ppCurrent = wrap " " "" . xmobarBorder "Top" "#8be9fd" 2
, ppHidden = white . wrap " " ""
, ppHiddenNoWindows = lowWhite . wrap " " ""
, ppUrgent = red . wrap (yellow "!") (yellow "!")
, ppOrder = \[ws, l, _, wins] -> [ws, l, wins]
, ppExtras = [logTitles formatFocused formatUnfocused]
}
where
formatFocused = wrap (white "[") (white "]") . magenta . ppWindow
formatUnfocused = wrap (lowWhite "[") (lowWhite "]") . blue . ppWindow
-- | Windows should have *some* title, which should not not exceed a
-- sane length.
ppWindow :: String -> String
ppWindow = xmobarRaw . (\w -> if null w then "untitled" else w) . shorten 30
blue, lowWhite, magenta, red, white, yellow :: String -> String
magenta = xmobarColor "#ff79c6" ""
blue = xmobarColor "#bd93f9" ""
white = xmobarColor "#f8f8f2" ""
yellow = xmobarColor "#f1fa8c" ""
red = xmobarColor "#ff5555" ""
lowWhite = xmobarColor "#bbbbbb" ""

11
home/alex/programs/xmonad/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, lib, pkgs, ... }:
{
xsession = {
windowManager.command = let
xmonad = pkgs.xmonad-with-packages.override {
packages = self: [ self.xmonad-contrib ];
};
in "${xmonad}/bin/xmonad";
};
}

14
home/anne/default.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
let username = "anne";
in {
users.users.${username} = {
isNormalUser = true;
extraGroups = [ "input" ];
description = "Anne Kobjolke";
home = "/home/${username}";
hashedPassword =
"$6$Lq3kAyI7Oh3uvf9T$lxE1V9adw1lqjRT0tvCdj17zUz.nJkqkMSA8Y6ipuBIHoZqJKJcQPLby/BWdDvzcmCbyEOtA7grToclNnbV49/";
};
home-manager.users.${username} = import ./home.nix;
}

21
home/anne/home.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
{
home = {
language.base = "de_DE.UTF-8";
stateVersion = "23.05";
packages = with pkgs; [
firefox
alacritty
gnome.gnome-session
gnome.gnome-control-center
];
keyboard.layout = "de";
keyboard.variant = "nodeadkeys";
};
xsession = {
enable = true;
windowManager.command = "${pkgs.gnome.gnome-session}/bin/gnome-session";
};
}

1
home/emacs.d

@ -1 +0,0 @@
Subproject commit bf8495b4122701fb30cb6cea37281dc8f3bedcd0

129
hosts/dregil/configuration.nix
View file

@ -11,18 +11,19 @@ let
export __VK_LAYER_NV_optimus=NVIDIA_only
exec "$@"
'';
in
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# <nixos-hardware/lenovo/legion/15ich>
];
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# <nixos-hardware/lenovo/legion/15ich>
../../modules/wm/x.nix
../../modules/wm/xmonad.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.timeout = 5;
# do not protect the kernel image to allow hibernation
security.protectKernelImage = lib.mkForce false;
@ -30,53 +31,33 @@ in
networking.hostName = "dregil"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networking.extraHosts = ''
127.0.0.1 localhost dregil.localdomain dregil
'';
i18n = {
extraLocaleSettings = { TIME_STYLE = "iso"; };
supportedLocales =
[ "C.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" "de_DE.UTF-8/UTF-8" ];
};
console = {
font = "Lat2-Terminus16";
useXkbConfig = true; # use xkbOptions in tty.
};
# Enable the X11 windowing system.
services.xserver = {
enable = true;
exportConfiguration = true;
# Configure keymap in X11
layout = "dvorak";
xkbOptions = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt";
videoDrivers = [ "nvidia" ]; # "modesetting" ];
displayManager.lightdm = {
enable = true;
};
desktopManager.xfce.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
libinput = {
enable = true;
touchpad.disableWhileTyping = true;
touchpad.naturalScrolling = true;
mouse.naturalScrolling = config.services.xserver.libinput.touchpad.naturalScrolling;
};
keyMap = "dvorak";
};
fonts = {
enableDefaultFonts = true;
fonts = with pkgs; [
corefonts
noto-fonts
noto-fonts-emoji
fira-code
fira-code-symbols
nerdfonts
enableDefaultPackages = true;
packages = with pkgs; [
corefonts
noto-fonts
noto-fonts-emoji
fira-code
fira-code-symbols
nerdfonts
];
};
@ -87,64 +68,42 @@ in
sound.enable = true;
hardware.pulseaudio.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.alex = {
isNormalUser = true;
extraGroups = [ "wheel" # Enable sudo for the user.
"input"
];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget
ripgrep
git
nvidia-offload
pinentry
wget
ripgrep
git
nvidia-offload
pinentry
];
# adjust channels to nixpkgs used on this system via this flake
environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs-unstable.outPath;
nix.nixPath = [
"nixpkgs=${inputs.nixpkgs-unstable}"
];
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs-unstable}" ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
nix.settings.max-jobs = 3;
nix.settings.cores = 4;
programs.neovim = {
enable = true;
};
programs.neovim = { enable = true; };
programs.steam = {
enable = true;
};
programs.steam = { enable = true; };
programs.zsh = { enable = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.blueman.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
system.nixos.tags = [ "HiDPI" "nvidia-only" ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
@ -152,6 +111,4 @@ in
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

26
hosts/dregil/default.nix
View file

@ -1,22 +1,14 @@
{ inputs, ... }:
let
inherit (inputs.nixpkgs-unstable.lib) nixosSystem;
system = "x86_64-linux";
pkgs = import inputs.nixpkgs-unstable {
inherit system;
config = {
allowUnfree = true;
};
};
in
nixosSystem {
inherit system pkgs;
specialArgs = { inherit inputs; };
modules = [
{ lib, config, pkgs, inputs, ... }: {
imports = [
({ inputs, lib, ... }: {
nixpkgs = { config.allowUnfree = true; };
nix.registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
})
../../modules/security.nix
../../modules/common-system.nix
./configuration.nix
inputs.home-manager-unstable.nixosModules.home-manager
../../home/anne/default.nix
../../home/alex/default.nix
];
}

89
hosts/dregil/hardware-configuration.nix
View file

@ -4,12 +4,19 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [
"dm-snapshot"
"uas"
"usbcore"
"usb_storage"
"vfat"
"nls_cp437"
"nls_iso8859_1"
];
boot.initrd.luks.devices = {
root = {
device = "/dev/disk/by-uuid/bebf96d1-2a2b-412c-a5f0-f9ed5730a05f";
@ -24,33 +31,31 @@
boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ];
boot.kernelParams = [ "module_blacklist=i915" ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/786D-42D7";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/786D-42D7";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95";
}
];
[{ device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@ -62,24 +67,23 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.video.hidpi.enable = true;
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.nvidia = {
nvidiaSettings = true;
nvidiaPersistenced = true;
nvidiaSettings = true;
nvidiaPersistenced = true;
# modesetting.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
# prime = {
# offload.enable = true;
#
# intelBusId = "PCI:1:0:0";
# nvidiaBusId = "PCI:1:0:0";
# intelBusId = "0@0:2:0";
# nvidiaBusId = "1@1:0:0";
# };
# modesetting.enable = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
# prime = {
# offload.enable = true;
#
# intelBusId = "PCI:1:0:0";
# nvidiaBusId = "PCI:1:0:0";
# intelBusId = "0@0:2:0";
# nvidiaBusId = "1@1:0:0";
# };
};
hardware.opengl = {
@ -89,4 +93,5 @@
};
hardware.keyboard.uhk.enable = true;
hardware.bluetooth.enable = true;
}

65
hosts/igor/default.nix Normal file
View file

@ -0,0 +1,65 @@
{ config, inputs, lib, pkgs, ... }:
{
imports = [
inputs.disko.nixosModules.disko
../../modules/security.nix
../../modules/nix-config.nix
../../modules/iohk.nix
../../modules/timezone.nix
../../modules/keybase.nix
../../modules/ssh.nix
./disko-config.nix
];
networking = let extIface = "ens3";
in {
hostName = "igor";
domain = "failco.de";
wireless.enable = false;
useDHCP = false;
enableIPv6 = false;
interfaces.${extIface} = {
ipv4.addresses = [{
address = "192.168.0.2";
prefixLength = 24;
}];
};
defaultGateway = "192.168.0.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
allowedTCPPorts = [ 22 80 443 ];
allowedUDPPorts = [ ];
};
};
security.sudo = {
enable = true;
execWheelOnly = true;
};
# Select internationalization properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "dvorak";
};
# Define a user account. Don't forget to set a password with passwd.
users.users.me = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.zsh;
};
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
};
programs.zsh.enable = true;
system.stateVersion = "23.11";
}

49
hosts/igor/disko-config.nix Normal file
View file

@ -0,0 +1,49 @@
{
disko.devices = {
disk.main = {
type = "disk";
device = "/dev/mmcblk0";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1M";
end = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/rootfs" = { mountpoint = "/"; };
"/home" = {
mountOptions = [ "compress=zstd" ];
mountpoint = "/home";
};
"/nix" = {
mountOptions = [ "compress=zstd" "noatime" ];
mountpoint = "/nix";
};
"/swap" = {
mountpoint = "/.swapvol";
swap = { swapfile.size = "2G"; };
};
};
};
};
};
};
};
};
}

2
hosts/redmi/default.nix
View file

@ -7,9 +7,11 @@
vim # or some other editor, e.g. nano or neovim
git
git-annex
mosh
openssh
wget
helix
# Some common stuff that people expect to have
#diffutils

216
hosts/thrall/default.nix
View file

@ -2,28 +2,26 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
let extIface = "ens3";
{ inputs, config, pkgs, ... }:
let
authorityFromUrl = url:
builtins.head (pkgs.lib.drop 1 (pkgs.lib.splitString "://" url));
in {
imports = [ # Include the results of the hardware scan.
imports = [
./hardware-configuration.nix
inputs.snm.nixosModule
inputs.agenix.nixosModules.age
../../modules/security.nix
../../modules/upgrade-pg-cluster.nix
../../modules/nix-config.nix
../../modules/iohk.nix
../../modules/timezone.nix
../../modules/keybase.nix
../../modules/ssh.nix
];
nix.package = pkgs.nixUnstable;
nix.extraOptions = ''
experimental-features = nix-command flakes ca-derivations
'';
# nix.registry.nixpkgs.flake = nixpkgs;
# Binary Cache for Haskell.nix
nix.settings.trusted-public-keys =
[ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
#nix.binaryCaches = [ "https://hydra.iohk.io" ];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
@ -31,28 +29,34 @@ in {
boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
# boot.loader.systemd-boot.enable = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
age.secrets = {
mailPass.file = ../../secrets/mailPass.age;
paperless-mail.file = ../../secrets/paperless-mail.age;
wireguard-thrall.file = ../../secrets/wireguard-thrall.age;
hledger-web = {
file = ../../secrets/hledger-web.htaccess.age;
mode = "440";
owner = config.services.nginx.user;
group = config.services.nginx.group;
};
};
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking = {
networking = let extIface = "ens3";
in {
hostName = "thrall";
domain = "failco.de";
wireless.enable = false;
useDHCP = false;
enableIPv6 = false;
interfaces.${extIface}.ipv4.addresses = [{
address = "195.90.211.228";
prefixLength = 22;
}];
interfaces.${extIface} = {
ipv4.addresses = [{
address = "195.90.211.228";
prefixLength = 22;
}];
};
defaultGateway = "195.90.208.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
firewall = {
@ -91,6 +95,11 @@ in {
publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k=";
allowedIPs = [ "10.0.0.3/32" ];
}
{
# homematic
publicKey = "slqWgVksOCav0bASxupaFGqfr6vajxDRNIlZYocONQ4=";
allowedIPs = [ "10.0.0.4/32" ];
}
];
};
};
@ -113,7 +122,7 @@ in {
}];
};
# Select internationalisation properties.
# Select internationalization properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
@ -122,6 +131,7 @@ in {
# Define a user account. Don't forget to set a password with passwd.
users.users.alex = {
description = "Alexander Kobjolke";
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
shell = pkgs.zsh;
@ -129,21 +139,10 @@ in {
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
wget
rsync
htop
tmux
git
git-annex
#agenix.defaultPackage.x86_64-linux
restic # fast and secure backup
rclone
];
environment.systemPackages = with pkgs; [ wget rsync htop tmux git rclone ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
@ -162,20 +161,15 @@ in {
# List services that you want to enable:
# depending on wireguard
services.kresd = {
enable = true;
listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ];
};
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.lorri.enable = true;
# configure backup via restic to gdrive
services.restic.backups = { };
services.keybase = { enable = true; };
services.nginx = {
enable = true;
@ -193,10 +187,20 @@ in {
forceSSL = true;
enableACME = true;
root = "/srv/www/failco.de";
serverAliases = [ "www.failco.de" "mail.failco.de" ];
serverAliases = [ "www.failco.de" ];
extraConfig = ''
add_header X-Frame-Options 'SAMEORIGIN';
'';
locations."/photo-groove" = {
proxyPass = "http://127.0.0.1:8000/";
proxyWebsockets = true;
};
locations."/elfeed" = {
proxyPass = "http://127.0.0.1:8080/elfeed";
proxyWebsockets = true;
};
};
"www.jakalx.net" = {
@ -209,22 +213,49 @@ in {
'';
};
"kobjolke.de" = {
forceSSL = true;
enableACME = true;
root = "/srv/www/kobjolke.de";
serverAliases = [ "www.kobjolke.de" ];
extraConfig = ''
add_header X-Frame-Options 'SAMEORIGIN';
'';
};
# gitea
"git.failco.de" = {
"${config.services.gitea.settings.server.DOMAIN}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3001/";
proxyPass = "http://127.0.0.1:${
toString config.services.gitea.settings.server.HTTP_PORT
}/";
proxyWebsockets = true;
};
};
# paperless
"docs.failco.de" = {
"${authorityFromUrl config.services.paperless.extraConfig.PAPERLESS_URL}" =
{
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.paperless.port}/";
proxyWebsockets = true;
};
};
# hledger
"${authorityFromUrl config.services.hledger-web.baseUrl}" = {
forceSSL = true;
enableACME = true;
basicAuthFile = config.age.secrets.hledger-web.path;
locations."/" = {
proxyPass = "http://127.0.0.1:3002/";
proxyPass = "http://${config.services.hledger-web.host}:${
toString config.services.hledger-web.port
}/";
proxyWebsockets = true;
};
};
@ -234,14 +265,17 @@ in {
enable = true;
database.type = "sqlite3";
lfs.enable = true;
domain = "git.failco.de";
rootUrl = "https://git.failco.de";
httpAddress = "127.0.0.1";
httpPort = 3001;
settings = {
service.DISABLE_REGISTRATION = true;
server = {
DOMAIN = "git.failco.de";
ROOT_URL = "https://git.failco.de";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3001;
};
mailer = {
ENABLED = true;
MAILER_TYPE = "smtp";
@ -263,11 +297,35 @@ in {
};
};
services.hledger-web = {
enable = true;
baseUrl = "https://ledger.failco.de";
port = 3003;
capabilities = {
view = true;
add = true;
manage = true;
};
journalFiles = [ "current.journal" ];
extraOptions = [ "-B" "--value=then" ];
};
services.fail2ban = {
enable = true;
maxretry = 5;
bantime = "1h";
bantime-increment.enable = true;
ignoreIP =
[ "127.0.0.0/8" "195.90.211.228/22" "10.0.0.0/8" "192.168.0.0/16" ];
jails.postfix = ''
filter = postfix
maxretry = 3
action = iptables[name=postfix, port=smtp, protocol=tcp]
enabled = true
'';
};
services.syncthing = {
@ -278,19 +336,22 @@ in {
true; # overrides any devices added or deleted through the WebUI
overrideFolders =
true; # overrides any folders added or deleted through the WebUI
folders = {
"org" = {
path = "/home/alex/org";
devices = [ "redmi" ];
settings = {
folders = {
"org" = {
path = "/home/alex/org";
devices = [ "redmi" ];
};
"scan" = {
path = "/home/alex/media/scan";
devices = [ "redmi" ];
};
};
"scan" = {
path = "/home/alex/media/scan";
devices = [ "redmi" ];
};
};
devices = {
"redmi" = {
id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
devices = {
"redmi" = {
id =
"C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW";
};
};
};
};
@ -298,15 +359,16 @@ in {
mailserver = {
enable = true;
fqdn = "thrall.failco.de";
domains = [ "failco.de" "jakalx.net" ];
domains = [ "failco.de" "jakalx.net" "kobjolke.de" ];
loginAccounts = {
"me@failco.de" = {
# nix-shell -p mkpasswd --run 'mkpasswd -sm sha512crypt'
hashedPasswordFile = config.age.secrets.mailPass.path;
aliases = [ "lx@failco.de" "alex@failco.de" ];
catchAll = [ "failco.de" ];
catchAll = [ "failco.de" "kobjolke.de" ];
};
"alex@jakalx.net" = {
@ -320,13 +382,35 @@ in {
};
};
certificateScheme = 3;
extraVirtualAliases = { "familie@kobjolke.de" = [ "me@failco.de" ]; };
forwards = {
"anne@kobjolke.de" = "anne.kobjolke@gmail.cem";
"alex@kobjolke.de" = "me@failco.de";
};
certificateScheme = "acme-nginx";
enableImapSsl = true;
enableManageSieve = true;
virusScanning = true;
};
services.postgresql = { package = pkgs.postgresql_15; };
services.roundcube = {
enable = true;
hostName = "mail.failco.de";
dicts = with pkgs.aspellDicts; [ en de ];
plugins = [ "archive" "attachment_reminder" "managesieve" "markasjunk" ];
extraConfig = ''
# starttls needed for authentication, so the fqdn required to match
# the certificate
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave

31
modules/common-system.nix
View file

@ -1,5 +1,6 @@
{config, pkgs, inputs, ...}:
{
{ config, pkgs, inputs, ... }: {
imports = [ ./nix-config.nix ];
i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "Europe/Berlin";
@ -10,7 +11,7 @@
git
dua
erdtree
exa
eza
fd
fzf
bat
@ -21,25 +22,9 @@
networking.firewall.enable = true;
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
registry = {
nixpkgs.flake = inputs.nixpkgs;
nixpkgs-unstable.flake = inputs.nixpkgs-unstable;
};
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" ];
warn-dirty = false;
# avoid unwanted garbage collection when using direnv
keep-outputs = true;
keep-derivations = true;
};
registry = {
nixpkgs.flake = inputs.nixpkgs;
nixpkgs-unstable.flake = inputs.nixpkgs-unstable;
};
};
}

9
modules/iohk.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, lib, pkgs, ... }:
{
# Binary Cache for Haskell.nix
nix.settings.trusted-public-keys =
[ "cache.iog.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
nix.settings.substituters = lib.mkAfter [ "https://cache.iog.io" ];
}

5
modules/keybase.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
services.keybase.enable = true;
}

22
modules/nix-config.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
{
nix = {
package = pkgs.nixUnstable;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" "repl-flake" ];
warn-dirty = false;
# avoid unwanted garbage collection when using direnv
keep-outputs = true;
keep-derivations = true;
};
};
}

4
modules/security.nix
View file

@ -9,10 +9,10 @@
# tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy
# on ssd systems, and volatile! Because it's wiped on reboot.
# boot.tmpOnTmpfs = lib.mkDefault true;
# boot.tmpOnTmpfs = lib.mkDefault true;
# If not using tmpfs, which is naturally purged on reboot, we must clean it
# /tmp ourselves. /tmp should be volatile storage!
boot.cleanTmpDir = lib.mkDefault (!config.boot.tmpOnTmpfs);
boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
# Fix a security hole in place for backwards compatibility. See desc in
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix

14
modules/ssh.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
{
services.openssh.enable = true;
users.users.alex.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/aaVGcys7ZJ3chImea/8jTGtIVYKzDxXBGIeZMiLm/ u0_a204@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrPC2OMHYJX41vedlsgQeLobapDOZ8StPVwmTTp0Qc83OeXGXiaJ2P0wA65NoIjh+I7OZjc/kRCO+mC4BZs2Em3pmWOZNTvW4YA8lvhpkwFNrvmx+G+HKKG7F04lOgo9zAJltY8ENj0T5jddbWWuSRDNPrHCwet2jdiTWc2Ri5QNAdxXSmp+XG9rTPF6JfuH3kjU7UYgMG0c9dJAy7KzCj4p6GhlfvZlFndhmT+PMkJbn5liv8ldFIuHAqA0Hyo3UYfAieeUDBloevbZKpbsp7wVdtmySfJCgwRaOqVPyB+5QK6sY32s2L8sHHdKgnJ1czeLaX11ZEGQIb4wMd6VYD (none)"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIScA09BrNhQjUzoKhU8xl0Giq4o+eN4tOhdRrS3AHg9QtDd+cZ/6gx5iuVguwVPwCBSGlyilIhtTvUHBft7vEqdoSWDzsIv4nAq5+m4wBAV1WtNuzdIjgDBVtYqIKI+KHasIuj5ol8tDbMmNUfG4kvPgaIudGo9G+ynWSVR1mZyk+W0sAKJAeWmcv5EDxMaSS/4WWXZ7GeLy5t0RJlyO4Pspm69hb63Urz5N2YJHUwgXLZbirsTK0cKRGLKvyEwUOQDvnj13VvnSt5mjfYNGr0g770PLNRPno2PeS5ux2+/4dx03+enh6CA70a+Ialu1Z7qMsaZhLPwuUDTGJJX4F ads-1700w"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOlzj6jMbFgBeNIq1u6ixwtfsjcTV/S5VUchpH2GskodrAuWTE6G+eIj40nVO3JbaErderhfosIhN8HnZTP9uhXvDcAgqE98rVKLC1Pm0bDST4H+Qc358h4BRWamkojF7ub1RdMKVsIX9xQFAPCv+6iyLKBU5F8lNu70Wr9cNSPaMS1zvKdJzUzq34kdjKf6Jsc+64ux254MUbkoD9VgJpNq9cCbkI6JHDLL+6fer/66dvsEggEEoCgbupJljsHo+4SGDqiFFT8l81gfgsV6CwAib7gkSiR9ZgCDgwjd5QPMqPBFytIc5F8Gz4sbsB2TMlLraaD+vcTt7p3HlWCsDpW0QBeeDvmupZoWpQuT8R/4G3FnGAf5sJgccffO8R/na8/TpSrRdfj0GlGYvxasMKDJnbrVig+zi7JpdH9hvAXmpv6c8QHhjr191I15PV2m4Z2bPPo5BXDt1YEqSgAaFHpTlkIUheEpbKRJI28YwOWOv3r1CcaGM64KxFXSZIIIk= nix-on-droid@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0itMeWUBtvAjNUzU0iCNHvRo2DUewlGjmHgy8qk7QyYvrFO0DhadDUrkqGK3RjfPue5eM+L/4sib+fr4OIAjzTxvSBpZWfMZtU41/iWiT2bvz7mNvi9j/TDBl/+PfFt0VBUgSPk1cO00P4sExVvseF9hXq5h4NNR4iSuC9P9u6mbaUeg9X6ydlld9+W300erxEToK54alZ0+YOwEMypjytjCBSPFG2QfmFoeU8bCqJvSotOw5nu974LKHOxZgxluBKprlusrRjCxZim9XwTS07I9gZhiDKIdvThSzEWZX4nwLrTyIh19DlZTO2vPUwwqBZyGlwMPCjfFazeViBKuQXCEAmifFHc/4f5Ae1zRA+ombJQveigomlcMXdV9E7HsD0I976ErJbYmfH+QwI78HbwFvbOX3yazdrw02ltdjvasO30dH7wdckoC7fYEXOij3M2pKlLOUojKUF589uPjiBiGNtxGKGpg0TKG9Nj1rvYHljfzQNwqgHKKrRdZo5pOHwzhvl4/fQubu5S/eAppstDuVHTZwIzpd9sHez1JNYS7SKNxT1cIW8NfW41RUe/8rVF678FvIDzuqkcYLsmPd+tg+w78stMEJHaTLHYOCbfYqEdBnvcNRPUFY30MwCVkG7s9X3cEuOwMx8KbTlH5AFZj9IBVUNeJ4p4aMUw3Pbw== /home/alex/.ssh/id_rsa"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDG4BlH07+a+U3i89U11Oz81X1lZnMnzu5d0Em2zlQJYiIqnwj7uRUl7TerXxmum9vOYsDGLGP8RwQRzySM5xfIIEmn5wHb6zPzD8jC8sJQws9d7q84PJMDVUfUeTHR/xZ9QbzG3NHTNnGdbtQptkDwxzLnr/kL5rvGrudgYa0RwHHZbz0WK15iVcsRIHglhsf9gLlXhZZ8Hn2r2qS7jj32InH58KAtawRBd8/WE56h/QY5vUt2F4M8ZvvIJHndynOn71iPJY0tr+b/VIG5JSK89aIQyVRk222TlTn3BrYW2VudrKkkLtssDEIfTmQeALN/LYev4+bJNGDI7bmg7TD4L6AlgrkTJGvXoup410oeiOWP2vrbK2OLB8lcs4lH9iauFg6fMAQuboJjUisicj6tD2SyjELCP2Hvf625k1H2vyp5366dUROBRaUX/AKIZwkIstNgcaLkF7gmeAc1Atr3DK4Jtxc9CHTO7Dv0os+p2q4LJm+mnJy8H7PnfPiRB3thTfULUAWQ2H8RpAn1r0Txur/3D/Jde6PPzL41CefmF6z+UOd4gwMONns7FLjru5z6HG/egaXlJPJkfYbgB+253VDDOga2Y+1W99rgvX0UsF//dhYCqa/XWvmk3htjRTgz80B7tm/eKQwaM7Cm7YZzWq5mjfgxPptkB9SDS8HORw== joyeuse"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDad0tKjdZluogJz9Tir9szwd3olnmY+XqrZtaabgAv9M1V3+ktjZxb11fqbhxpspEW889fG0PrdDsKrYrp6Adm6mVcFXb2Rx8uEIcQ4XQfMqzTBLgNipBcU+7DiWHrejLf9hcrH6HL4o6py59CrX5lnAf1Elt9HxUXTVl9rbMp0SHif6EbYumrCwipWWmcLJWKWVJrJ6rf4YBsmLNtxhf7myjCJxECetQeWyAJodguJa8T7hDJSiE6rfPLanU673T/CU1IBgexriUxcSk09PmjLGB3fFbZnGJlIOAua7ctXtwVjzat5WAWoNo5JdC3cnEUoNkyx7krLbQ2oOzNJi9YgYneTR0KWHYG/v/WVoI+VtW0RQIS+QzVW+ox8Y2j209BZGBFN1d+/ZarUsizg5OEyO7ntiL/UhL/YbI9jknBiw08mzUwIHLpNrpz17duIFNaNkmaN1FAt3b5HBVyq9h4x9FXmp/zaiVzN//Md4GD8xnGmiR3fd+l51mz+WjHIQM= alex@dregil"
];
}

5
modules/timezone.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
time.timeZone = lib.mkDefault "Europe/Berlin";
}

32
modules/upgrade-pg-cluster.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [
(let
# XXX specify the postgresql package you'd like to upgrade to.
# Do not forget to list the extensions you need.
newPostgres = pkgs.postgresql_15.withPackages (pp: [
# pp.plv8
]);
in pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${config.services.postgresql.dataDir}"
export OLDBIN="${config.services.postgresql.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA"
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
];
}

5
modules/wm/gnome.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
}

36
modules/wm/x.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, pkgs, ... }:
{
# Enable the X11 windowing system.
services = {
dbus = { enable = true; };
xserver = {
enable = true;
exportConfiguration = true;
# Configure keymap in X11
layout = "us";
xkbOptions = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt";
videoDrivers = [ "nvidia" ]; # "modesetting" ];
displayManager.lightdm = {
enable = true;
greeters.slick.enable = true;
};
desktopManager.xfce.enable = true;
desktopManager.gnome.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
libinput = {
enable = true;
touchpad.disableWhileTyping = true;
mouse.naturalScrolling =
config.services.xserver.libinput.touchpad.naturalScrolling;
};
};
};
}

16
modules/wm/xmonad.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, lib, pkgs, ... }:
{
services = {
upower.enable = true;
xserver = {
windowManager.xmonad = {
enable = true;
enableContribAndExtras = true;
};
};
};
systemd.services.upower.enable = true;
}

69
outputs/homeConfigurations/default.nix
View file

@ -1,69 +0,0 @@
inputs: with inputs;
let
pkgs = import nixpkgs-unstable {
system = "x86_64-linux";
config.allowUnfree = true;
overlays = [];
};
in
{
"alex@dregil" = home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [
{
programs.home-manager.enable = true;
home = {
username = "alex";
homeDirectory = "/home/alex";
stateVersion = "22.11";
packages = with pkgs; [
alacritty # fast terminal
firefox # the browser with the fox
# social
jitsi-meet-electron # jitsi as a stand-alone app
discord # talk to other people
#inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat"
# editing
helix # vim like editor
nil # nix language server
# system tools
htop-vim # htop with vim bindings
erdtree # du+tree had sex
dua # ncdu but better
bat # better cat
uhk-agent # my keyboard
mosh # ssh via udp
# gaming support
lutris
];
};
programs.bash = {
enable = true;
};
programs.zsh = {
enable = true;
};
programs.git = {
enable = true;
userName = "Alexander Kobjolke";
userEmail = "me@failco.de";
};
programs.password-store = {
enable = true;
};
# do not show home-manager notifications
news.display = "silent";
}
];
};
}

10
secrets/hledger-web.htaccess.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> X25519 FrE3cLVPZshP6+VgS5aRSggS/3XEjLZW2/yCcxQT6z0
xlPC1bF0NqiDVEk/xU+7GPGpwbTPZk+iSZ4QvvJzCcU
-> ssh-ed25519 NCz+gA Ag6jD9h0FTR+jVR2K3wpQgGqyLJzQZyNvU2+AJPz+Xc
3QJhYsIl23/ve++5r9X/a2YUPSUgIBHJ8srPmeSnpKw
-> BaPA]-grease A\OcT5|
L4Nk5eiaKq72ELBFQemUGlXJXpmUt5aN++g9ljz+DBG8XL3bQ9RbPMhbEy/gzKf6
8WbY
--- hVjNjD1o1TI5B+CZqTdcoHjx3rRJCgrd4f13Vbhazmw
ؾt,AýĬ[w3¬LØœbÎ`´4Þ?¬”6 üЬœÞ®Õªº„1qŸÍ?.'K¤jú€èe¦idÅUë<>ÿ÷¤ád¬ˆ<C2AC>“Òf÷éeJJ=·«ÃpÅ—‰?oá ú

BIN
secrets/paperless-mail.age
View file

Binary file not shown.

10
secrets/secrets.nix
View file

@ -1,12 +1,14 @@
# nix run github:ryantm/agenix -- -i <identity> -e password.age
let
thrall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHNRSYszckbCwKoX/cci8D40DGM/SG/NJ/u/uB361re";
thrall =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHNRSYszckbCwKoX/cci8D40DGM/SG/NJ/u/uB361re";
alex = "age13uv5phqjuvd90rr3aa7mg3xsmcmyx8cfz9v52w2a782qecssja9sw9nt8a";
systems = [ thrall ];
users = [ alex ];
in
{
in {
"mailPass.age".publicKeys = users ++ systems;
"paperless-mail.age".publicKeys = users ++ systems;
"wireguard-thrall.age".publicKeys = [thrall];
"wireguard-thrall.age".publicKeys = [ thrall ];
"hledger-web.htaccess.age".publicKeys = users ++ systems;
}