M flake.lock => flake.lock +1 -59
@@ 88,21 88,6 @@
"type": "github"
}
},
- "flake-utils_2": {
- "locked": {
- "lastModified": 1659877975,
- "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
"gitignore": {
"inputs": {
"nixpkgs": [
@@ 213,27 198,6 @@
"type": "github"
}
},
- "nixgl": {
- "inputs": {
- "flake-utils": "flake-utils_2",
- "nixpkgs": [
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1710868679,
- "narHash": "sha256-V1o2bCZdeYKP/0zgVp4EN0KUjMItAMk6J7SvCXUI5IU=",
- "owner": "guibou",
- "repo": "nixGL",
- "rev": "d709a8abcde5b01db76ca794280745a43c8662be",
- "type": "github"
- },
- "original": {
- "owner": "guibou",
- "repo": "nixGL",
- "type": "github"
- }
- },
"nixos-hardware": {
"locked": {
"lastModified": 1711352745,
@@ 350,12 314,10 @@
"lanzaboote": "lanzaboote",
"nix-fpga-tools": "nix-fpga-tools",
"nix-index-database": "nix-index-database",
- "nixgl": "nixgl",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable_2",
- "nur": "nur",
- "semi-secrets": "semi-secrets"
+ "nur": "nur"
}
},
"rust-overlay": {
@@ 383,26 345,6 @@
"type": "github"
}
},
- "semi-secrets": {
- "inputs": {
- "nixpkgs": [
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1710275391,
- "narHash": "sha256-YF9Yey+QQltY+WpuI4NxhkFVlHdCfc0Ck0TVS67A7AY=",
- "ref": "refs/heads/main",
- "rev": "a592efb2437f8a0ef332faf7e95b29a2499c0c98",
- "revCount": 4,
- "type": "git",
- "url": "ssh://git@github.com/Rutherther/nixos-semi-secrets"
- },
- "original": {
- "type": "git",
- "url": "ssh://git@github.com/Rutherther/nixos-semi-secrets"
- }
- },
"systems": {
"locked": {
"lastModified": 1681028828,
M flake.nix => flake.nix +7 -35
@@ 14,30 14,15 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.05";
- semi-secrets = {
- url = "git+ssh://git@github.com/Rutherther/nixos-semi-secrets";
- inputs.nixpkgs.follows = "nixpkgs";
- };
-
- home-manager = { # User Package Management
+ home-manager = {
url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs";
};
- nur = { # NUR Packages
- url = "github:nix-community/NUR"; # Add "nur.nixosModules.nur" to the host modules
+ nur = {
+ url = "github:nix-community/NUR";
};
- nixgl = { # OpenGL
- url = "github:guibou/nixGL";
- inputs.nixpkgs.follows = "nixpkgs";
- };
-
- # nix-vscode-extensions = {
- # url = "github:nix-community/nix-vscode-extensions";
- # inputs.nixpkgs.follows = "nixpkgs";
- # };
-
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
@@ 58,27 43,14 @@
};
};
- outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nix-index-database, home-manager, nur, nixgl, nixos-hardware, lanzaboote, ... }:
+ outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nix-index-database, home-manager, nur, nixos-hardware, lanzaboote, ... }:
let
- user = "ruther";
- location = "$HOME/.setup";
-
- pkgs = import nixpkgs {
- system = "x86_64-linux";
- };
- in
- {
+ pkgs = nixpkgs.legacyPackages.x86_64-linux;
+ in {
nixosConfigurations = (
import ./hosts {
inherit (nixpkgs) lib;
- inherit inputs nixpkgs nixpkgs-stable nix-index-database home-manager nur user location;
- }
- );
-
- homeConfigurations = (
- import ./nix {
- inherit (nixpkgs) lib;
- inherit inputs nixpkgs nixpkgs-stable nix-index-database home-manager nixgl user location;
+ inherit inputs nixpkgs nixpkgs-stable nix-index-database nur;
}
);
M hosts/configuration.nix => hosts/configuration.nix +46 -61
@@ 11,33 11,56 @@
# └─ default.nix
#
-{ config, nixpkgs, lib, pkgs, inputs, user, ... }:
+{ stable, pkgs, inputs, config, ... }:
{
- imports = # Home Manager Modules
- [(import ../modules/desktop)] ++
- (import ../modules/services);
+ imports = [
+ ../modules/desktop
+ ../modules/services
+ ./nixos-config-options.nix
+
+ inputs.home-manager.nixosModules.home-manager
+ ];
boot.tmp = {
cleanOnBoot = true;
useTmpfs = true;
};
+ home-manager.useUserPackages = true;
+ home-manager.useGlobalPkgs = true;
+ home-manager.extraSpecialArgs = {
+ inherit inputs stable;
+ };
+ home-manager.users.${config.nixos-config.defaultUser} = {
+ imports = [
+ inputs.nix-index-database.hmModules.nix-index
+ ./home.nix
+ ./${config.networking.hostName}/home.nix
+ ./nixos-config-options.nix
+
+ {
+ nixos-config = {
+ inherit (config.nixos-config) defaultUser location;
+ };
+ }
+ ];
+ };
+
hardware.pulseaudio.enable = false;
- users.groups.plugdev.members = [ "${user}" ];
- users.users.${user} = { # System User
+ users.users.${config.nixos-config.defaultUser} = {
isNormalUser = true;
- extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "scanner" "kvm" "libvirtd" "plex" "podman" "input" "tty" ];
- shell = pkgs.zsh; # Default shell
+ extraGroups = [
+ "wheel" "video" "audio" "camera"
+ "networkmanager" "lp" "scanner"
+ "plex" ];
+ shell = pkgs.zsh;
};
- programs.zsh.enable = true; # has to be here to set shell to zsh
- # zsh is configured at home-manager level afterwards
+ programs.zsh.enable = true;
networking.networkmanager.enable = true;
-
programs.command-not-found.enable = false;
-
security.sudo.wheelNeedsPassword = true;
programs.dconf.enable = true;
services.udisks2.enable = true;
@@ 45,15 68,11 @@
time.timeZone = "Europe/Prague"; # Time zone and internationalisation
i18n = {
defaultLocale = "en_US.UTF-8";
- extraLocaleSettings = { # Extra locale settings that need to be overwritten
- # LC_TIME = "cs_CZ.UTF-8";
- # LC_MONETARY = "cs_CZ.UTF-8";
- };
};
console = {
font = "Lat2-Terminus16";
- keyMap = "us"; # or us/azerty/etc
+ keyMap = "us";
};
security.rtkit.enable = true;
@@ 99,9 118,9 @@
environment = {
variables = {
- TERMINAL = "alacritty";
- EDITOR = "nvim";
- VISUAL = "nvim";
+ TERMINAL = "kitty";
+ EDITOR = "emacsclient";
+ VISUAL = "emacsclient";
};
pathsToLink = [ "/share/zsh" ];
systemPackages = with pkgs; [ # Default packages installed system-wide
@@ 131,23 150,8 @@
};
};
- # services.pipewire.wireplumber.configPackages =
- # environment.etc = {
- # "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
- # bluez_monitor.properties = {
- # ["bluez5.msbc-support"] = true;
- # ["bluez5.sbc-xq-support"] = true;
- # ["bluez5.enable-faststream"] = true;
- # ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag ]";
- # ["bluez5.hfphsp-backend"] = "hsphfpd";
- # }
- # '';
- # };
-
systemd.network = {
- wait-online = {
- enable = false;
- };
+ wait-online.enable = false;
};
nix = { # Nix Package Manager settings
@@ 158,18 162,7 @@
"nixpkgs-stable=flake:nixpkgs-stable"
];
- # package = pkgs.nixVersions.stable.overrideAttrs (old: {
- # patches = old.patches or [ ] ++ [
- # (pkgs.fetchpatch {
- # url = "https://github.com/NixOS/nix/commit/b6ae3be9c6ec4e9de55479188e76fc330b2304dd.patch";
- # hash = "sha256-VyIywGo1ie059wXmGWx+bNeHz9lNk6nlkJ/Qgd1kmzw=";
- # })
- # ];
- # });
-
settings = {
- # reject-flake-config = true;
-
connect-timeout = 5;
flake-registry = ""; # Do not pollute with external flake registry
@@ 178,6 171,10 @@
substituters = [
"https://cache.nixos.org"
];
+
+ keep-outputs = true;
+ keep-derivations = true;
+ experimental-features = [ "nix-command" "flakes" ];
};
gc = { # Automatic garbage collection
@@ 185,24 182,12 @@
dates = "weekly";
options = "--delete-older-than 2d";
};
-
- extraOptions = ''
- experimental-features = nix-command flakes
- keep-outputs = true
- keep-derivations = true
- '';
};
- nixpkgs.config.allowUnfree = true; # Allow proprietary software.
-
- # nixpkgs.overlays = [
- # (final: prev: {
- # xz = inputs.nixpkgs-stable.legacyPackages.${prev.hostPlatform.system}.xz;
- # })
- # ];
+ nixpkgs.config.allowUnfree = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
- system = { # NixOS settings
+ system = {
stateVersion = "23.05";
};
}
M hosts/default.nix => hosts/default.nix +10 -106
@@ 1,40 1,23 @@
#
# These are the different profiles that can be used when building NixOS.
#
-# flake.nix
-# └─ ./hosts
+# flake.nix
+# └─ ./hosts
# ├─ default.nix *
# ├─ configuration.nix
# ├─ home.nix
# └─ ./desktop OR ./laptop OR ./work OR ./vm
# ├─ ./default.nix
-# └─ ./home.nix
+# └─ ./home.nix
#
-{ lib, inputs, nixpkgs, nixpkgs-stable, nix-index-database, home-manager, nur, user, location, ... }:
+{ lib, inputs, ...}:
-let
- system = "x86_64-linux"; # System architecture
-
- pkgs = import nixpkgs {
- inherit system;
- config.allowUnfree = true; # Allow proprietary software
- };
-
- stable = import nixpkgs-stable {
- inherit system;
- config.allowUnfree = true; # Allow proprietary software
- };
-
- lib = nixpkgs.lib;
-in
{
-
laptop-iapetus = lib.nixosSystem { # Laptop profile
# Ideapad S540
- inherit system;
specialArgs = {
- inherit inputs stable user location;
+ inherit inputs;
};
modules = [
inputs.nixos-hardware.nixosModules.common-cpu-intel
@@ 42,120 25,41 @@ in
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-laptop-acpi_call
inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd
- nur.nixosModules.nur
- { nixpkgs.overlays = [ nur.overlay ]; }
./laptop-iapetus
./configuration.nix
-
- home-manager.nixosModules.home-manager {
- home-manager.useUserPackages = true;
- home-manager.useGlobalPkgs = true;
- home-manager.extraSpecialArgs = {
- inherit inputs stable user location;
- };
- home-manager.users.${user} = {
- imports = [
- nur.hmModules.nur
- nix-index-database.hmModules.nix-index
- { nixpkgs.overlays = [ nur.overlay ]; }
- (import ./home.nix)
- (import ./laptop-iapetus/home.nix)
- ];
- };
- }
];
};
laptop-phobos = lib.nixosSystem { # Laptop profile
# Thinkpad T14s
- inherit system;
specialArgs = {
- inherit inputs stable user location;
+ inherit inputs;
};
modules = [
inputs.lanzaboote.nixosModules.lanzaboote
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
- nur.nixosModules.nur
- { nixpkgs.overlays = [ nur.overlay ]; }
./laptop-phobos
./configuration.nix
-
- home-manager.nixosModules.home-manager {
- home-manager.useUserPackages = true;
- home-manager.useGlobalPkgs = true;
- home-manager.extraSpecialArgs = {
- inherit inputs stable user location;
- };
- home-manager.users.${user} = {
- imports = [
- nur.hmModules.nur
- nix-index-database.hmModules.nix-index
- { nixpkgs.overlays = [ nur.overlay ]; }
- (import ./home.nix)
- (import ./laptop-phobos/home.nix)
- ];
- };
- }
];
};
desktop-clotho = lib.nixosSystem { # Desktop profile
- inherit system;
specialArgs = {
- inherit inputs stable system user location;
- }; # Pass flake variable
- modules = [ # Modules that are used.
- nur.nixosModules.nur
- { nixpkgs.overlays = [ nur.overlay ]; }
+ inherit inputs;
+ };
+ modules = [
./desktop-clotho
./configuration.nix
-
- home-manager.nixosModules.home-manager { # Home-Manager module that is used.
- home-manager.useUserPackages = true;
- home-manager.useGlobalPkgs = true;
- home-manager.extraSpecialArgs = {
- inherit inputs stable user location;
- }; # Pass flake variable
- home-manager.users.${user} = {
- imports = [
- nur.hmModules.nur
- nix-index-database.hmModules.nix-index
- { nixpkgs.overlays = [ nur.overlay ]; }
- ./home.nix
- ./desktop-clotho/home.nix
- ];
- };
- }
];
};
vm = lib.nixosSystem { # VM profile
- inherit system;
specialArgs = {
- inherit inputs stable user location;
+ inherit inputs;
};
modules = [
- nur.nixosModules.nur
- { nixpkgs.overlays = [ nur.overlay ]; }
./vm
./configuration.nix
-
- home-manager.nixosModules.home-manager {
- home-manager.useUserPackages = true;
- home-manager.useGlobalPkgs = true;
- home-manager.extraSpecialArgs = {
- inherit inputs stable user location;
- };
- home-manager.users.${user} = {
- imports = [
- nur.hmModules.nur
- nix-index-database.hmModules.nix-index
- { nixpkgs.overlays = [ nur.overlay ]; }
- (import ./home.nix)
- (import ./vm/home.nix)
- ];
- };
- }
];
};
}
M hosts/desktop-clotho/default.nix => hosts/desktop-clotho/default.nix +10 -28
@@ 18,20 18,17 @@
# └─ default.nix
#
-{ inputs, pkgs, lib, user, config, location, ... }:
+{ pkgs, ... }:
{
- imports = # For now, if applying to other system, swap files
- [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
- [(import ../../modules/desktop/dm/sddm.nix)] ++ # Desktop manager
- [(import ../../modules/desktop/qtile/default.nix)] ++ # Window Manager
- [(import ../../modules/programs/games.nix)] ++
- (import ../../modules/desktop/virtualisation) ++ # Window Manager
- (import ../../modules/hardware) ++ # Hardware devices
- [(import ../../modules/programs/fpga/vivado {
- inherit pkgs lib config;
- vivadoPath = "/data/Linux/fpga/apps/xilinx/Vivado/2023.1/bin/vivado";
- })];
+ imports = [
+ ./hardware-configuration.nix
+ ../../modules/desktop/dm/sddm.nix
+ ../../modules/desktop/qtile/default.nix
+ ../../modules/programs/games.nix
+ ../../modules/desktop/virtualisation
+ ../../modules/hardware
+ ];
networking.hostName = "desktop-clotho";
@@ 76,26 73,11 @@
xserver.videoDrivers = [ "amdgpu" ];
};
- networking.wireguard.interfaces = {
- wg0 = {
- ips = [ "${inputs.semi-secrets.wg.lan.desktopIp}/32" ];
- };
- };
+ wg.ip = "192.168.32.21";
services.nix-serve = {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
openFirewall = true;
};
-
- # nixpkgs.overlays = [ # This overlay will pull the latest version of Discord
- # (self: super: {
- # discord = super.discord.overrideAttrs (
- # _: { src = builtins.fetchTarball {
- # url = "https://discord.com/api/download?platform=linux&format=tar.gz";
- # sha256 = "1z980p3zmwmy29cdz2v8c36ywrybr7saw8n0w7wlb74m63zb9gpi";
- # };}
- # );
- # })
- # ];
}
M hosts/home.nix => hosts/home.nix +10 -9
@@ 11,20 11,21 @@
# └─ default.nix
#
-{ config, lib, nix-index-database, nixpkgs, inputs, stable, pkgs, user, location, ... }:
+{ config, inputs, pkgs, ... }:
{
- imports = # Home Manager Modules
- (import ../modules/programs/home.nix) ++
- (import ../modules/shell/home.nix) ++
- (import ../modules/editors/home.nix) ++
- (import ../modules/services/home.nix);
+ imports = [
+ ../modules/programs/home.nix
+ ../modules/shell/home.nix
+ ../modules/editors/home.nix
+ ../modules/services/home.nix
+ ];
- # nixpkgs.config.allowUnfree = true;
nix = {
registry.nixpkgs.flake = inputs.nixpkgs;
registry.nixpkgs-stable.flake = inputs.nixpkgs-stable;
};
+
home.sessionVariables.NIX_PATH =
"nixpkgs=flake:nixpkgs$\{NIX_PATH:+:$NIX_PATH}";
@@ 92,8 93,8 @@
};
home = {
- username = "${user}";
- homeDirectory = "/home/${user}";
+ username = config.nixos-config.defaultUser;
+ homeDirectory = "/home/${config.nixos-config.defaultUser}";
packages = with pkgs; [
# Terminal
M hosts/laptop-iapetus/default.nix => hosts/laptop-iapetus/default.nix +11 -29
@@ 16,19 16,16 @@
# └─ default.nix
#
-{ inputs, config, pkgs, lib, user, ... }:
+{ pkgs, ... }:
{
- imports = # For now, if applying to other system, swap files
- [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
- [(import ../../modules/desktop/dm/sddm.nix)] ++ # Desktop manager
- [(import ../../modules/desktop/qtile/default.nix)] ++ # Window Manager
- (import ../../modules/hardware) ++
- (import ../../modules/desktop/virtualisation) ++
- [(import ../../modules/programs/fpga/vivado {
- inherit pkgs lib config;
- vivadoPath = "/data/fpga/xilinx/Vivado/2023.1/bin/vivado";
- })]; # Hardware devices
+ imports = [
+ ./hardware-configuration.nix
+ ../../modules/desktop/dm/sddm.nix
+ ../../modules/desktop/qtile/default.nix
+ ../../modules/hwardware
+ ../../modules/desktop/virtualisation
+ ];
networking.hostName = "laptop-iapetus";
@@ 56,8 53,8 @@
};
environment = {
- systemPackages = with pkgs; [
- xorg.xf86videointel
+ systemPackages = [
+ pkgs.xorg.xf86videointel
];
};
@@ 102,20 99,5 @@
};
};
- networking.wireguard.interfaces = {
- wg0 = {
- ips = [ "${inputs.semi-secrets.wg.lan.laptopIp}/32" ];
- };
- };
-
- nix = {
- settings = {
- substituters = [
- "desktop.local"
- ];
- trusted-substituters = [
- "desktop.local:3XEsbBcVpKcx0ViXnZwcagllTUazVnc+Rzx5DKUU1Rs="
- ];
- };
- };
+ wg.ip = "192.168.32.22";
}
M hosts/laptop-phobos/default.nix => hosts/laptop-phobos/default.nix +17 -97
@@ 16,84 16,18 @@
# └─ default.nix
#
-{ inputs, config, pkgs, lib, user, ... }:
-
-let
- trezor-udev-rules = pkgs.writeTextFile {
- name = "trezor-udev-rules";
- destination = "/etc/udev/rules.d/100-trezor.rules";
- text = ''
- # Trezor: The Original Hardware Wallet
- # https://trezor.io/
- #
- # Put this file into /etc/udev/rules.d
- #
- # If you are creating a distribution package,
- # put this into /usr/lib/udev/rules.d or /lib/udev/rules.d
- # depending on your distribution
-
- # Trezor
- SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
- KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
-
- # Trezor v2
- SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
- SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
- KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
- '';
- };
-
- ti-udev-rules = pkgs.writeTextFile {
- name = "tiva-c-launchpad-udev-rules";
- destination = "/etc/udev/rules.d/100-tiva-c.rules";
- text = ''
- SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0403",ATTRS{idProduct}=="a6d0",MODE:="600", TAG+="uaccess"
- SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0403",ATTRS{idProduct}=="a6d1",MODE:="600", TAG+="uaccess"
- SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0403",ATTRS{idProduct}=="6010",MODE:="600", TAG+="uaccess"
- SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1cbe",ATTRS{idProduct}=="00fd",MODE:="600", TAG+="uaccess"
- SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1cbe",ATTRS{idProduct}=="00ff",MODE:="600", TAG+="uaccess"
- SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0451",ATTRS{idProduct}=="bef1",MODE:="600", TAG+="uaccess"
- SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0451",ATTRS{idProduct}=="bef2",MODE:="600", TAG+="uaccess"
- SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0451",ATTRS{idProduct}=="bef3",MODE:="600", TAG+="uaccess"
- SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0451",ATTRS{idProduct}=="bef4",MODE:="600", TAG+="uaccess"
- SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0451",ATTRS{idProduct}=="f432",MODE:="600", TAG+="uaccess"
- SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0d28",ATTRS{idProduct}=="0204",MODE:="600", TAG+="uaccess"
- KERNEL=="hidraw*",ATTRS{busnum}=="*",ATTRS{idVendor}=="0d28",ATTRS{idProduct}=="0204",MODE:="600", TAG+="uaccess"
- ATTRS{idVendor}=="0451",ATTRS{idProduct}=="bef0",ENV{ID_MM_DEVICE_IGNORE}="1"
- ATTRS{idVendor}=="0c55",ATTRS{idProduct}=="0220",ENV{ID_MM_DEVICE_IGNORE}="1"
- KERNEL=="ttyACM[0-9]*",MODE:="0600", TAG+="uaccess"
- '';
- };
-
- stlink-udev-rules = pkgs.writeTextFile {
- name = "stlink-udev-rules";
- destination ="/etc/udev/rules.d/100-stlink.rules";
- text = ''
- # ST-LINK V2
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2_%n"
-
- # ST-LINK V2.1
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3752", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
-
- # ST-LINK V3
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374d", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3loader_%n"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374e", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374f", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
- SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3753", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
- '';
- };
-in {
- imports = # For now, if applying to other system, swap files
- [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
- #[(import ../../modules/desktop/dm/sddm.nix)] ++ # Desktop manager
- [(import ../../modules/desktop/dm/gdm.nix)] ++ # Desktop manager
- [(import ../../modules/desktop/qtile/default.nix)] ++ # Window Manager
- [(import ../../modules/desktop/gnome/default.nix)] ++ # Window Manager
- (import ../../modules/hardware) ++
- [(import ../../modules/hardware/rocm)] ++
- [(import ../../modules/programs/games.nix)] ++
- (import ../../modules/desktop/virtualisation);
+{ pkgs, lib, ... }:
+
+{
+ imports = [
+ ./hardware-configuration.nix
+ ../../modules/desktop/dm/gdm.nix
+ ../../modules/desktop/qtile/default.nix
+ ../../modules/desktop/gnome/default.nix
+ ../../modules/hardware
+ ../../modules/desktop/virtualisation
+ ./udev.nix
+ ];
networking.hostName = "laptop-phobos";
@@ 143,10 77,10 @@ in {
programs = {
xss-lock = let
xsecurelock = (pkgs.xsecurelock.overrideAttrs(attrs: {
- postInstall = attrs.postInstall or "" + ''
- wrapProgram $out/bin/xsecurelock --set XSECURELOCK_COMPOSITE_OBSCURER 0
- '';
- }));
+ postInstall = attrs.postInstall or "" + ''
+ wrapProgram $out/bin/xsecurelock --set XSECURELOCK_COMPOSITE_OBSCURER 0
+ '';
+ }));
in {
enable = true;
lockerCommand = "${xsecurelock}/bin/xsecurelock";
@@ 156,16 90,6 @@ in {
services = {
logind.lidSwitch = "suspend"; # suspend on lid close
- udev = {
- packages = [
- inputs.nix-fpga-tools.packages.x86_64-linux.ise-udev-rules
- inputs.nix-fpga-tools.packages.x86_64-linux.vivado-udev-rules
- trezor-udev-rules
- ti-udev-rules
- stlink-udev-rules
- ];
- };
-
xserver.libinput = {
enable = true;
touchpad = {
@@ 184,9 108,5 @@ in {
};
# Wireguard
- networking.wireguard.interfaces = {
- wg0 = {
- ips = [ "${inputs.semi-secrets.wg.lan.laptopPhobosIp}/32" ];
- };
- };
+ wg.ip = "192.168.32.25";
}
A hosts/laptop-phobos/udev.nix => hosts/laptop-phobos/udev.nix +77 -0
@@ 0,0 1,77 @@
+{ inputs, config, pkgs, ... }:
+
+let
+ trezor-udev-rules = pkgs.writeTextFile {
+ name = "trezor-udev-rules";
+ destination = "/etc/udev/rules.d/100-trezor.rules";
+ text = ''
+ # Trezor: The Original Hardware Wallet
+ # https://trezor.io/
+ #
+ # Put this file into /etc/udev/rules.d
+ #
+ # If you are creating a distribution package,
+ # put this into /usr/lib/udev/rules.d or /lib/udev/rules.d
+ # depending on your distribution
+
+ # Trezor
+ SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
+ KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
+
+ # Trezor v2
+ SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
+ SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
+ KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
+ '';
+ };
+
+ ti-udev-rules = pkgs.writeTextFile {
+ name = "tiva-c-launchpad-udev-rules";
+ destination = "/etc/udev/rules.d/100-tiva-c.rules";
+ text = ''
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0403",ATTRS{idProduct}=="a6d0",MODE:="600", TAG+="uaccess"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0403",ATTRS{idProduct}=="a6d1",MODE:="600", TAG+="uaccess"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0403",ATTRS{idProduct}=="6010",MODE:="600", TAG+="uaccess"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1cbe",ATTRS{idProduct}=="00fd",MODE:="600", TAG+="uaccess"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="1cbe",ATTRS{idProduct}=="00ff",MODE:="600", TAG+="uaccess"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0451",ATTRS{idProduct}=="bef1",MODE:="600", TAG+="uaccess"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0451",ATTRS{idProduct}=="bef2",MODE:="600", TAG+="uaccess"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0451",ATTRS{idProduct}=="bef3",MODE:="600", TAG+="uaccess"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0451",ATTRS{idProduct}=="bef4",MODE:="600", TAG+="uaccess"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0451",ATTRS{idProduct}=="f432",MODE:="600", TAG+="uaccess"
+ SUBSYSTEM=="usb",ENV{DEVTYPE}=="usb_device",ATTRS{idVendor}=="0d28",ATTRS{idProduct}=="0204",MODE:="600", TAG+="uaccess"
+ KERNEL=="hidraw*",ATTRS{busnum}=="*",ATTRS{idVendor}=="0d28",ATTRS{idProduct}=="0204",MODE:="600", TAG+="uaccess"
+ ATTRS{idVendor}=="0451",ATTRS{idProduct}=="bef0",ENV{ID_MM_DEVICE_IGNORE}="1"
+ ATTRS{idVendor}=="0c55",ATTRS{idProduct}=="0220",ENV{ID_MM_DEVICE_IGNORE}="1"
+ KERNEL=="ttyACM[0-9]*",MODE:="0600", TAG+="uaccess"
+ '';
+ };
+
+ stlink-udev-rules = pkgs.writeTextFile {
+ name = "stlink-udev-rules";
+ destination ="/etc/udev/rules.d/100-stlink.rules";
+ text = ''
+ # ST-LINK V2
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2_%n"
+
+ # ST-LINK V2.1
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3752", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
+
+ # ST-LINK V3
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374d", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3loader_%n"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374e", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374f", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
+ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3753", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
+ '';
+ };
+in {
+ services.udev.packages = [
+ trezor-udev-rules
+ ti-udev-rules
+ stlink-udev-rules
+
+ inputs.nix-fpga-tools.packages.${config.nixpkgs.hostPlatform.system}.ise-udev-rules
+ inputs.nix-fpga-tools.packages.${config.nixpkgs.hostPlatform.system}.vivado-udev-rules
+ ];
+}
A hosts/nixos-config-options.nix => hosts/nixos-config-options.nix +15 -0
@@ 0,0 1,15 @@
+{ lib, ... }:
+
+{
+ options.nixos-config = {
+ defaultUser = lib.mkOption {
+ type = lib.types.str;
+ default = "ruther";
+ };
+
+ location = lib.mkOption {
+ type = lib.types.str;
+ default = "$HOME/.setup";
+ };
+ };
+}
M modules/desktop/default.nix => modules/desktop/default.nix +1 -1
@@ 1,4 1,4 @@
-{ config, lib, pkgs, ... }:
+{ pkgs, ... }:
{
services = {
M modules/desktop/dm/sddm-themes/sugar-dark.nix => modules/desktop/dm/sddm-themes/sugar-dark.nix +9 -1
@@ 1,10 1,17 @@
-{ stdenv, fetchFromGitHub }:
+{ stdenv, fetchFromGitHub, libsForQt5 }:
{
sddm-sugar-dark = stdenv.mkDerivation rec {
pname = "sddm-sugar-dark-theme";
version = "1.2";
dontBuild = true;
+
+ propagatedBuildInputs = [
+ libsForQt5.qt5.qtquickcontrols2
+ libsForQt5.qt5.qtgraphicaleffects
+ libsForQt5.qt5.qtsvg
+ ];
+
installPhase = ''
mkdir -p $out/share/sddm/themes/sugar-dark
@@ 14,6 21,7 @@
cp -aR $src/* theme.conf.user $out/share/sddm/themes/sugar-dark/
'';
+
src = fetchFromGitHub {
owner = "MarianArlt";
repo = "sddm-sugar-dark";
M modules/desktop/dm/sddm.nix => modules/desktop/dm/sddm.nix +1 -6
@@ 3,13 3,8 @@
let
themes = pkgs.callPackage ./sddm-themes/sugar-dark.nix {};
in {
- environment.systemPackages = with pkgs; [
+ environment.systemPackages = [
themes.sddm-sugar-dark
-
- # Dependencies of sugar dark theme
- libsForQt5.qt5.qtquickcontrols2
- libsForQt5.qt5.qtgraphicaleffects
- libsForQt5.qt5.qtsvg
];
services = {
M modules/desktop/gnome/default.nix => modules/desktop/gnome/default.nix +2 -30
@@ 2,35 2,9 @@
# Gnome configuration
#
-{ config, lib, pkgs, ... }:
+{ pkgs, ... }:
-let
- paperwm = pkgs.stdenv.mkDerivation (finalAttrs: rec {
- pname = "gnome-shell-extension-paperwm";
- version = "44.15.1";
-
- src = pkgs.fetchFromGitHub {
- owner = "paperwm";
- repo = "PaperWM";
- rev = "v${version}";
- hash = "sha256-89tW/3TLx7gvjnQfpfH8fkaxx7duYXRiCi5bkBRm9UU=";
- };
-
- dontConfigure = true;
- dontBuild = true;
-
- installPhase = ''
- runHook preInstall
-
- mkdir -p "$out/share/gnome-shell/extensions/paperwm@paperwm.github.com"
- cp -r . "$out/share/gnome-shell/extensions/paperwm@paperwm.github.com"
-
- runHook postInstall
- '';
-
- passthru.extensionUuid = "paperwm@paperwm.github.com";
- });
-in {
+{
programs = {
zsh.enable = true;
dconf.enable = true;
@@ 66,8 40,6 @@ in {
hash = "sha256-Ual7kAOeGPe3DF5XHf5eziscYeMLUnDktEGU41Yl4E4=";
} + "/instantworkspaceswitcher@amalantony.net";
})
-
- # paperwm
];
gnome.excludePackages = (with pkgs; [ # Gnome ignored packages
gnome-tour
M modules/desktop/qtile/home.nix => modules/desktop/qtile/home.nix +4 -4
@@ 1,4 1,4 @@
-{ config, lib, pkgs, user, location, ... }:
+{ config, pkgs, ... }:
{
systemd.user.targets.qtile-services = {
@@ 27,12 27,12 @@
from string import Template
import os
- setupLocationRef = Template("${location}")
- configLocationRef = Template("${location}/modules/desktop/qtile/config")
+ setupLocationRef = Template("${config.nixos-config.location}")
+ configLocationRef = Template("${config.nixos-config.location}/modules/desktop/qtile/config")
setupLocation = setupLocationRef.substitute(os.environ)
configLocation = configLocationRef.substitute(os.environ)
- sequenceDetectorExec = "sequence_detector -c /home/${user}/.config/qtile/sequence-detector.config.json "
+ sequenceDetectorExec = "sequence_detector -c /home/${config.nixos-config.defaultUser}/.config/qtile/sequence-detector.config.json "
'';
}
M modules/desktop/virtualisation/default.nix => modules/desktop/virtualisation/default.nix +6 -17
@@ 1,17 1,6 @@
-#
-# Specific system configuration settings for desktop
-#
-# flake.nix
-# ├─ ./hosts
-# │ └─ ./desktop
-# │ └─ default.nix
-# └─ ./modules
-# └─ ./desktop
-# └─ ./virtualisation
-# └─ default.nix *
-#
-
-[
- ./podman.nix
- ./qemu.nix
-]
+{
+ imports = [
+ ./qemu.nix
+ ./podman.nix
+ ];
+}
M modules/desktop/virtualisation/podman.nix => modules/desktop/virtualisation/podman.nix +2 -0
@@ 5,6 5,8 @@
{ config, pkgs, user, ... }:
{
+ users.groups.podman.members = [ "root" config.nixos-config.defaultUser ];
+
virtualisation.podman = {
enable = true;
dockerCompat = true;
M modules/desktop/virtualisation/qemu.nix => modules/desktop/virtualisation/qemu.nix +7 -9
@@ 1,17 1,16 @@
#
-# Qemu/KVM with virt-manager
+# Qemu/KVM with virt-manager
#
-{ config, pkgs, user, ... }:
+{ config, pkgs, ... }:
{
- users.groups.libvirtd.members = [ "root" "${user}" ];
- users.groups.kvm.members = [ "root" "${user}" ];
+ users.groups.libvirtd.members = [ "root" config.nixos-config.defaultUser ];
+ users.groups.kvm.members = [ "root" config.nixos-config.defaultUser ];
virtualisation = {
libvirtd = {
- enable = true; # Virtual drivers
- #qemuPackage = pkgs.qemu_kvm; # Default
+ enable = true;
qemu = {
ovmf.enable = true;
ovmf.packages = [ pkgs.OVMFFull.fd ];
@@ 24,7 23,6 @@
spiceUSBRedirection.enable = true; # USB passthrough
};
-
environment = {
etc = {
"ovmf/edk2-x86_64-secure-code.fd" = {
@@ 41,12 39,12 @@
virt-viewer
qemu
OVMF
- gvfs # Used for shared folders between Linux and Windows
+ gvfs # Used for shared folders between Linux and Windows
swtpm
];
};
- services = { # Enable file sharing between OS
+ services = { # Enable file sharing between OS
gvfs.enable = true;
};
}
D modules/desktop/virtualisation/x11vnc.nix => modules/desktop/virtualisation/x11vnc.nix +0 -43
@@ 1,43 0,0 @@
-#
-# VNC Remote Connect Server
-#
-
-{ config, lib, pkgs, user, ... }:
-
-{
- config = lib.mkIf (config.services.xserver.enable) {# Only evaluate code if using X11
- networking.firewall.allowedTCPPorts = [ 5900 ]; # Since x11vpn defaults to port 5900. Open this port in firewall
-
- environment = { # VNC used for remote access to the desktop
- systemPackages = with pkgs; [
- x11vnc
- ];
- };
-
- systemd.services."x11vnc" = { # Made into a custom service
- enable = true;
- description = "VNC Server for X11";
- requires = [ "display-manager.service" ];
- after = [ "display-manager.service" ];
- serviceConfig = { # Password is stored in document passwd at $HOME. This needs auth and link to display. Otherwise x11vnc won't detect the display
- ExecStart = "${pkgs.x11vnc}/bin/x11vnc -passwdfile /home/${user}/passwd -noxdamage -nap -many -repeat -clear_keys -capslock -xkb -forever -loop100 -auth /var/run/lightdm/root/:0 -display :0 -clip 1920x1080+1920+0";
- #ExecStart = "${pkgs.x11vnc}/bin/x11vnc -passwdfile /home/${user}/passwd -noxdamage -nap -many -repeat -clear_keys -capslock -xkb -forever -loop100 -auth /var/run/lightdm/root/:0 -display :0";
- ExecStop = "${pkgs.x11vnc}/bin/x11vnc -R stop";
- };
- wantedBy = [ "multi-user.target" ];
- };
- };
- # passwdfile: File on /home/{user}/passwd
- # noxdamage: Quicker render (maybe not optimal)
- # nap: If no acitivity, take longer naps
- # many: keep listening for more connections
- # repeat: X server key auto repeat
- # clear_keys: clear modifier keys on startup and exit
- # capslock: Dont ignore capslock
- # xkb: Use xkeyboard
- # forever: Keep listening for connection after disconnect
- # loop100: Loop to restart service but wait 100ms
- # auth: X authority file location so vnc also works from display manager (lightdm)
- # display: Which display to show. Even with multiple monitors it's 0
- # clip: Only show specific monitor using xinerama<displaynumber> or pixel coordinates you can find using $ xrandr -q. Can be removed to show all.
-}
M modules/editors/emacs/doom.d/config.el => modules/editors/emacs/doom.d/config.el +1 -1
@@ 263,4 263,4 @@
(remove-hook 'doom-first-buffer-hook #'smartparens-global-mode)
-(add-hook 'write-file-hooks 'delete-trailing-whitespace)
+(add-hook 'write-file-functions 'delete-trailing-whitespace)
M modules/editors/emacs/home.nix => modules/editors/emacs/home.nix +8 -3
@@ 11,10 11,10 @@
#
-{ config, user, unstable, pkgs, inputs, location, ... }:
+{ lib, pkgs, config, ... }:
let
- doomRev = "844a82c";
+ doomRev = "5f5a163c49207a7083ab1ecc9e78d268fd6600b8";
in {
services.emacs = {
enable = true;
@@ 44,9 44,14 @@ in {
if [ ! -d "$EMACS" ]; then
${pkgs.git}/bin/git clone https://github.com/doomemacs/doomemacs $EMACS
(cd $EMACS && ${pkgs.git}/bin/git checkout ${doomRev})
+ else
+ curr_rev=$(cd $EMACS && ${lib.getExe pkgs.git} rev-parse HEAD)
+ if [[ "$curr_rev" != "${doomRev}" ]]; then
+ (cd $EMACS && ${lib.getExe pkgs.git} fetch --all && ${lib.getExe pkgs.git} checkout ${doomRev})
+ fi
fi
if [ ! -d "$HOME/.doom.d" ]; then
- ln -s ${location}/modules/editors/emacs/doom.d $HOME/.doom.d
+ ln -s ${config.nixos-config.location}/modules/editors/emacs/doom.d $HOME/.doom.d
fi
'';
};
M modules/editors/home.nix => modules/editors/home.nix +6 -6
@@ 9,11 9,11 @@
# └─ default.nix *
# └─ ...
#
-
-[
- ./emacs/home.nix
- ./nvim/home.nix
- # ./vscode/home.nix
-]
+{
+ imports = [
+ ./emacs/home.nix
+ ./nvim/home.nix
+ ];
+}
# Comment out emacs if you are not using native doom emacs. (import from host configuration.nix)
M modules/hardware/default.nix => modules/hardware/default.nix +5 -3
@@ 10,6 10,8 @@
# └─ default.nix *
# └─ ...
#
-[
- ./bluetooth.nix
-]
+{
+ imports = [
+ ./bluetooth.nix
+ ];
+}
M modules/hardware/rocm/default.nix => modules/hardware/rocm/default.nix +1 -1
@@ 1,4 1,4 @@
-{ config, nixpkgs, lib, pkgs, ... }:
+{ pkgs }:
{
systemd.tmpfiles.rules = [
D modules/hardware/work/default.nix => modules/hardware/work/default.nix +0 -18
@@ 1,18 0,0 @@
-#
-# Hardware
-#
-# flake.nix
-# ├─ ./hosts
-# │ └─ ./work
-# │ └─ default.nix
-# └─ ./modules
-# └─ ./hardware
-# └─ ./work
-# └─ default.nix *
-# └─ ...
-#
-
-[
- #./nvidia.nix
- ./wpa.nix
-]
D modules/hardware/work/eduroam.patch => modules/hardware/work/eduroam.patch +0 -11
@@ 1,11 0,0 @@
---- wpa_supplicant-2.10/src/crypto/tls_openssl.c
-+++ src/crypto/tls_openssl.c.legacy
-@@ -1048,7 +1048,7 @@
-
- SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv2);
- SSL_CTX_set_options(ssl, SSL_OP_NO_SSLv3);
--
-+ SSL_CTX_set_options(ssl, SSL_OP_LEGACY_SERVER_CONNECT);
- SSL_CTX_set_mode(ssl, SSL_MODE_AUTO_RETRY);
-
- #ifdef SSL_MODE_NO_AUTO_CHAIN
D modules/hardware/work/nvidia.nix => modules/hardware/work/nvidia.nix +0 -38
@@ 1,38 0,0 @@
-#
-# NVIDIA drivers so that the laptop video card can get offloaded to specific applications.
-# Either start the desktop or packages using nvidia-offload.
-# For example $ nvidia-offload kdenlive
-# Currently only used with work laptop using NVIDIA MX330
-#
-
-{ config, pkgs, ... }:
-
-let
- nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''
- export __NV_PRIME_RENDER_OFFLOAD=1
- export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0
- export __GLX_VENDOR_LIBRARY_NAME=nvidia
- export __VK_LAYER_NV_optimus=NVIDIA_only
- exec "$@"
- '';
-in
-{
- environment.systemPackages = [ nvidia-offload ];
-
- services.xserver.videoDrivers = [ "nvidia" ];
- hardware = {
- opengl.enable = true;
- nvidia = {
- package = config.boot.kernelPackages.nvidiaPackages.stable;
- prime = {
- offload.enable = true;
- intelBusId = "PCI:0:2:0";
- nvidiaBusId = "PCI:45:0:0";
- };
- modesetting.enable = true;
- powerManagement.enable = true;
- };
- };
-
- #boot.kernelParams = [ "modules_blacklist=i915" ];
-}
D modules/hardware/work/wpa.nix => modules/hardware/work/wpa.nix +0 -15
@@ 1,15 0,0 @@
-#
-# The latest OpenSSL package uses SSL3, meaning it will no longer support certain legacy protocols.
-# I guess my work's network isn't set up as securaly as they want us to think.
-# This patch makes it back available to connect to legacy servers.
-#
-
-{ config, lib, pkgs, ... }:
-
-{
- nixpkgs.config.packageOverrides = pkgs: rec {
- wpa_supplicant = pkgs.wpa_supplicant.overrideAttrs (attrs: {
- patches = attrs.patches ++ [ ./eduroam.patch ];
- });
- };
-}
M modules/programs/firefox.nix => modules/programs/firefox.nix +8 -13
@@ 1,18 1,13 @@
-{ inputs, config, lib, nixpkgs, pkgs, ... }:
+{ inputs, config, pkgs, ... }:
let
- nur = config.nur.repos;
- buildFirefoxXpiAddon = pkgs.nur.repos.rycee.firefox-addons.buildFirefoxXpiAddon;
- my-nur = import (builtins.fetchTarball {
- url = "https://github.com/Rutherther/nur-pkgs/archive/179f884ebb068f1803bd54647aee1f672b90db49.tar.gz";
- sha256 = "06kx9pn0682gn1r4kfhjbsg3b80gp4wpp8mp0p8v47zhbcvwqka6";
- }) { inherit pkgs; };
+ nur = import inputs.nur {
+ # TODO replace this x86 64 linux with actual host system
+ # will have to be passed from nixos config probably
+ nurpkgs = import inputs.nixpkgs { system = "x86_64-linux"; };
+ inherit pkgs;
+ };
in {
- nixpkgs.overlays = [
- # my-nur.overlays.firefoxpwa
- # my-nur.overlays.firefox-native-messaging
- ];
-
home.packages = [
# pkgs.firefoxpwa
];
@@ 34,7 29,7 @@ in {
#navigator-toolbox { font-family:Ubuntu !important }
'';
- extensions = with nur.rycee.firefox-addons; [
+ extensions = with nur.repos.rycee.firefox-addons; [
# Basic
proton-pass # Password manager
darkreader # Dark pages
M modules/programs/games.nix => modules/programs/games.nix +1 -1
@@ 5,7 5,7 @@
# Do not forget to enable Steam play for all title in the settings menu
#
-{ config, pkgs, nur, lib, ... }:
+{ pkgs, lib, ... }:
{
environment.systemPackages = [
M modules/programs/home.nix => modules/programs/home.nix +10 -8
@@ 10,11 10,13 @@
# └─ ...
#
-[
- ./alacritty.nix
- ./iamb.nix
- ./rofi.nix
- ./clipmenu.nix
- ./firefox.nix
- ./email.nix
-]
+{
+ imports = [
+ ./alacritty.nix
+ ./iamb.nix
+ ./rofi.nix
+ ./clipmenu.nix
+ ./firefox.nix
+ ./email.nix
+ ];
+}
A modules/programs/iamb.nix => modules/programs/iamb.nix +26 -0
@@ 0,0 1,26 @@
+{ config, pkgs, lib, ... }:
+
+let
+ cfg = config.programs.iamb;
+ settingsFormat = pkgs.formats.toml {};
+in {
+ options = {
+ programs.iamb = {
+ enable = lib.mkEnableOption "Enable iamb program";
+ package = lib.mkPackageOption pkgs "iamb" { nullable = true;};
+
+ settings = lib.mkOption {
+ inherit (settingsFormat) type;
+ };
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ home.packages = [
+ cfg.package
+ ];
+
+ xdg.configFile."iamb/config.toml".source =
+ settingsFormat.generate "config.toml" config.programs.iamb.settings;
+ };
+}
M modules/services/default.nix => modules/services/default.nix +7 -5
@@ 10,8 10,10 @@
# └─ ...
#
-[
- ./syncthing.nix
- ./wireguard.nix
- ./ssh.nix
-]
+{
+ imports = [
+ ./syncthing.nix
+ ./wireguard.nix
+ ./ssh.nix
+ ];
+}
M modules/services/flameshot.nix => modules/services/flameshot.nix +2 -2
@@ 2,10 2,10 @@
# Screenshots
#
-{ config, lib, pkgs, user, ... }:
+{ config, lib, ... }:
let
- screensDir = "/home/${user}/screens";
+ screensDir = "${config.home.homeDirectory}/screens";
in {
systemd.user.services.flameshot = lib.mkIf config.services.flameshot.enable {
M modules/services/home.nix => modules/services/home.nix +11 -9
@@ 10,12 10,14 @@
# └─ ...
#
-[
- ./dunst.nix
- ./flameshot.nix
- ./picom.nix
- ./udiskie.nix
- ./redshift.nix
- ./mpris-ctl.nix
- ./autorandr.nix
-]
+{
+ imports = [
+ ./dunst.nix
+ ./flameshot.nix
+ ./picom.nix
+ ./udiskie.nix
+ ./redshift.nix
+ ./mpris-ctl.nix
+ ./autorandr.nix
+ ];
+}
M modules/services/ssh.nix => modules/services/ssh.nix +2 -2
@@ 1,4 1,4 @@
-{ config, lib, pkgs, user, ... }:
+{ config, ... }:
{
services.openssh = {
@@ 12,7 12,7 @@
};
};
- users.users.${user}.openssh.authorizedKeys.keys = [
+ users.users.${config.nixos-config.defaultUser}.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCLdKvP+WQmsoJebj4x0o8k/RniDpYDv3H+b+PWByChKPq4ThEnpL6P4sr0dpZ4NbWmDT9YPGuDEyZRxhrIerUKw+z8Jm32b8FeeYcEdoBlZTBz4WuN7G9FkDIYdqBYdnUaWh8/KeuZbUp/jB/d1Uv8rBdPSML1JlUPg8U/Z5Oky68LYUO60DfLoQZ+qD5AeTw4zPRACA5OOJj20eIDhiXKyp60eTXAiwrfC2RZJWURc4i92Oforua3OZEZfL1Z+xOjAhbKymPZIzKuzIIIVP/abnWv3b/shCCrR70wuZZ6QleY+DTcNsburmDfUP+3f+C1fF3mg6loZaGokGMwKtNI/0UVWHQW5BPkWfvkQmsW4jl02P174IlAGwvEkhTfBzmuaPKuf+0D+rJH+1FengEFmAPhaN6WIMFYGTScbOn46BS8v3oWhW5A+CQ1pMA9myu1fDr7WKrNCDdW9X398ByKA88OpEOU+vQcwgg6EPb/SuAlFDYBSgz0TX6IGl4demc= ruther@ntb-nixos"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQD0mhvKW3dgLTGLGMgGdMgUFz14F16pRzSAH7IU/OssnYXmi+TlkXLakHtmNWLdb6IEEjS2od0iDW4I71awJjL/VqRSBBt/1t6ndM6M79pD6feU9uYaPMB20ORyZh5D+1zjWX4cFVlcfCQ2bUyV0D+VRoDrN/YWFhPU0XNMZjatqN8JNKljM0hwWt9OPuQdlwG5KnrbDPUn8gf6kZtfVWRamDrLLMKsGBeGw4oZVJLAPYJlaYps15VuySTw114n6/L16qpH/rUgDc5QFyrmtIE+l5wd5QteH489eG+8gAZfsbYj+pihek09rHch318ecsLYz/DxotB71BXsQH7nb0NPHk1VI8L6//meoCXNJc4Itbg7Jh2Oo/bDfYX9IyPEw2TRa3P+rbEO9N4vMxCgX+TuHNX/mTk0OFpJVu8AAwMlF2lalI8fpBKospP5PFoyIgrW7ab5dkQRGDTk+Bw1ed4KXMKl6RJejvDPuOAmpeOlosinz6OPj/rbR9hR48makxk= ruther@desktop-nixos"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIbHBbRaxwfOIyYYL6caWx8Afre8R+GRIgbX/zSGNmMq ruther@nord2-phone"
M modules/services/syncthing.nix => modules/services/syncthing.nix +16 -15
@@ 1,6 1,9 @@
-{ inputs, config, lib, pkgs, user, ... }:
+{ config, ... }:
-{
+let
+ user = config.nixos-config.defaultUser;
+ homePath = config.home-manager.users.${user}.home.homeDirectory;
+in {
networking.firewall = {
allowedTCPPorts = [ 22000 ];
allowedUDPPorts = [ 22000 21027 ];
@@ 16,28 19,27 @@
settings = {
devices = {
- "phone" = { id = inputs.semi-secrets.syncthing.devices.phone; };
- "desktop" = { id = inputs.semi-secrets.syncthing.devices.desktop; };
- "laptop-old" = { id = inputs.semi-secrets.syncthing.devices.laptop; };
- "laptop" = { id = inputs.semi-secrets.syncthing.devices.laptopPhobos; };
+ phone = { id = "SRCBWOD-UBR76WT-ZB4OLV2-34U6TRL-YLVMSGQ-I5JYZP6-VD7XR6S-5732ZAZ"; };
+ desktop = { id = "BVFWKZE-DWZTSJR-OHCLGY3-X2PU7F3-XMPMGEH-QONACL5-MMRJE5O-CHRY4Q5"; };
+ laptop = { id = "3AGVM6S-RFTHVHR-OGK5RHI-YDEO6GN-RU4ZH77-VLBZAC7-JVHD6S6-VISXGQT"; };
};
folders = {
"uni" = {
- path = "/home/${user}/doc/uni";
- devices = [ "phone" "desktop" "laptop" "laptop-old" ];
+ path = "${homePath}/doc/uni";
+ devices = [ "phone" "desktop" "laptop" ];
};
"notes" = {
- path = "/home/${user}/doc/notes/obsidian/Notes";
- devices = [ "phone" "desktop" "laptop" "laptop-old" ];
+ path = "${homePath}/doc/notes/obsidian/Notes";
+ devices = [ "phone" "desktop" "laptop" ];
};
"camera" = {
- path = "/home/${user}/doc/camera";
- devices = [ "phone" "desktop" "laptop" "laptop-old" ];
+ path = "${homePath}/doc/camera";
+ devices = [ "phone" "desktop" "laptop" ];
};
"study" = {
- path = "/home/${user}/doc/study";
- devices = [ "phone" "desktop" "laptop" "laptop-old" ];
+ path = "${homePath}/doc/study";
+ devices = [ "phone" "desktop" "laptop" ];
};
};
options = {
@@ 45,7 47,6 @@
relaysEnabled = false;
globalAnnounceEnabled = false;
localAnnounceEnabled = true;
- #alwaysLocalNets = true;
};
};
};
A modules/services/wg-options.nix => modules/services/wg-options.nix +9 -0
@@ 0,0 1,9 @@
+{ lib, ... }:
+
+{
+ options.wg = {
+ ip = lib.mkOption {
+ type = lib.types.str;
+ };
+ };
+}
M modules/services/wireguard.nix => modules/services/wireguard.nix +8 -4
@@ 1,13 1,16 @@
-{ inputs, config, lib, pkgs, user, location, ... }:
+{ config, ... }:
{
+ imports = [
+ ./wg-options.nix
+ ];
+
networking.firewall = {
allowedUDPPorts = [ 51820 ];
};
networking = {
nameservers = [
- #inputs.semi-secrets.wg.lan.serverIp
"1.1.1.1"
"1.0.0.1"
];
@@ 23,6 26,7 @@
networking.wireguard.interfaces = {
wg0 = {
+ ips = [ "${config.wg.ip}/32" ];
listenPort = 51820;
generatePrivateKeyFile = true;
@@ 31,11 35,11 @@
peers = [
{
publicKey = "ZOVjmgUak67kLhNVgZwyb0bro3Yi4vCJbGArv+35IWQ=";
- endpoint = inputs.semi-secrets.wg.serverEndpoint;
+ endpoint = "78.46.201.50:51820";
# The ip is not refreshed, as the kernel cannot perform DNS resolution. Use dynamicEndpointRefreshSeconds,
# in case the ip is refreshed often. If not, sync after refresh should be alright.
- allowedIPs = [ inputs.semi-secrets.wg.allowedIp ];
+ allowedIPs = [ "192.168.32.0/24" ];
persistentKeepalive = 25;
}
];
M modules/shell/home.nix => modules/shell/home.nix +7 -5
@@ 10,8 10,10 @@
# └─ ...
#
-[
- ./git.nix
- ./zsh.nix
- ./direnv.nix
-]
+{
+ imports = [
+ ./git.nix
+ ./zsh.nix
+ ./direnv.nix
+ ];
+}
D nix/default.nix => nix/default.nix +0 -34
@@ 1,34 0,0 @@
-#
-# These are the diffent profiles that can be used when building Nix.
-#
-# flake.nix
-# └─ ./nix
-# └─ default.nix *
-#
-
-{ lib, inputs, nixpkgs, home-manager, nixgl, user, location, ... }:
-
-let
- system = "x86_64-linux";
- pkgs = nixpkgs.legacyPackages.${system};
-in
-{
- pacman = home-manager.lib.homeManagerConfiguration { # Currently only host that can be built
- pkgs = import nixpkgs {
- inherit system;
- config.allowUnfree = true;
- };
- extraSpecialArgs = { inherit inputs nixgl user location; };
- modules = [
- ./pacman.nix
- {
- home = {
- username = "${user}";
- homeDirectory = "/home/${user}";
- packages = [ pkgs.home-manager ];
- stateVersion = "23.05";
- };
- }
- ];
- };
-}
D nix/pacman.nix => nix/pacman.nix +0 -54
@@ 1,54 0,0 @@
-#
-# Nix setup using Home-manager
-#
-# flake.nix
-# └─ ./nix
-# ├─ default.nix
-# └─ pacman.nix *
-#
-
-{ config, pkgs, inputs, nixgl, user, location, ... }:
-
-{
- imports =
- (import ../modules/editors/home.nix) ++
- # (import ../modules/programs/home.nix) ++ # Some problems with alacritty, see nixGL, but still, the .desktop files are not great
- (import ../modules/shell/home.nix);
-
- fonts.fontconfig.enable = true;
- home = {
- packages = with pkgs; [
- # Fonts
- carlito # NixOS
- vegur # NixOS
- source-code-pro
- jetbrains-mono
- font-awesome # Icons
- corefonts # MS
- (nerdfonts.override { # Nerdfont Icons override
- fonts = [
- "FiraCode"
- ];
- })
- ];
- };
-
- xdg = {
- enable = true;
- systemDirs.data = [ "/home/${user}/.nix-profile/share" ]; # Will add nix packages to XDG_DATA_DIRS and thus accessible from the menus.
- };
-
- nix = { # Nix Package Manager settings
- settings ={
- auto-optimise-store = true; # Optimise syslinks
- };
- package = pkgs.nixFlakes; # Enable nixFlakes on system
- registry.nixpkgs.flake = inputs.nixpkgs;
- extraOptions = ''
- experimental-features = nix-command flakes
- keep-outputs = true
- keep-derivations = true
- '';
- };
- nixpkgs.config.allowUnfree = true; # Allow proprietary software.
-}