pim/nixos-configs
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

format nix files

Browse source
This commit is contained in:
Pim Kunis 2023-11-05 18:49:51 +01:00
parent ee1dc21112
commit 3d34c1e691
13 changed files with 228 additions and 199 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
flake.nix
View file

@ -20,15 +20,26 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
};
outputs = { nixpkgs, home-manager, homeage, agenix, nur, nixos-hardware, ... }: {
outputs = {
nixpkgs,
home-manager,
homeage,
agenix,
nur,
nixos-hardware,
...
}: {
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
nixosConfigurations.pim = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{ nixpkgs.overlays = [ nur.overlay ]; }
{nixpkgs.overlays = [nur.overlay];}
./nixos
agenix.nixosModules.default
nixos-hardware.nixosModules.lenovo-thinkpad-x260
home-manager.nixosModules.home-manager {
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.pim = {

21
home-manager/default.nix
View file

@ -1,6 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}: {
imports = [
./bash
./neovim
@ -30,7 +33,7 @@
strawberry
gimp
libreoffice
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
(pkgs.nerdfonts.override {fonts = ["Hack"];})
virt-manager
gnome.gnome-tweaks
];
@ -82,22 +85,22 @@
xdg.userDirs.enable = true;
homeage = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
identityPaths = ["/home/pim/.ssh/age_ed25519"];
installationType = "systemd";
file."common-pg-tfbackend" = {
source = ../secrets/common-pg-tfbackend.age;
symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ];
symlinks = ["${config.xdg.configHome}/home/common.pg.tfbackend"];
};
file."ansible-vault-secret" = {
source = ../secrets/ansible-vault-secret.age;
symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
symlinks = ["${config.xdg.configHome}/home/ansible-vault-secret"];
};
file."powerdns-api-key" = {
source = ../secrets/powerdns-api-key.json.age;
symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
symlinks = ["${config.xdg.configHome}/home/powerdns-api-key.json"];
};
};
@ -105,8 +108,8 @@
dconf.settings = with lib.hm.gvariant; {
"org/gnome/desktop/input-sources" = {
sources = [ (mkTuple [ "xkb" "us" ]) ];
xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
sources = [(mkTuple ["xkb" "us"])];
xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"];
};
"org/gnome/desktop/interface" = {

8
home-manager/firefox/addons.nix
View file

@ -1,9 +1,7 @@
pkgs: lib:
let
pkgs: lib: let
rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
custom-addons = import ./custom-addons.nix pkgs lib;
in
{
in {
default = lib.concatLists [
(with rycee-addons; [
ublock-origin
@ -30,4 +28,4 @@ in
keepassxc-browser
custom-addons.simple-style-fox-2
];
}
}

40
home-manager/firefox/custom-addons.nix
View file

@ -1,13 +1,22 @@
pkgs: lib:
let
pkgs: lib: let
# Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix
buildFirefoxXpiAddon = lib.makeOverridable ({ stdenv ? pkgs.stdenv, fetchurl ? pkgs.fetchurl,
pname, version, addonId, url, sha256, meta, ... }: stdenv.mkDerivation {
buildFirefoxXpiAddon = lib.makeOverridable ({
stdenv ? pkgs.stdenv,
fetchurl ? pkgs.fetchurl,
pname,
version,
addonId,
url,
sha256,
meta,
...
}:
stdenv.mkDerivation {
name = "${pname}-${version}";
inherit meta;
src = fetchurl { inherit url sha256; };
src = fetchurl {inherit url sha256;};
preferLocalBuild = true;
allowSubstitutes = true;
@ -18,19 +27,17 @@ let
install -v -m644 "$src" "$dst/${addonId}.xpi"
'';
});
in
{
in {
"http-version-indicator" = buildFirefoxXpiAddon {
pname = "http-version-indicator";
version = "3.2.1";
addonId = "spdyindicator@chengsun.github.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8";
meta = with lib;
{
meta = with lib; {
homepage = "https://github.com/bsiegel/http-version-indicator";
description = "An indicator showing the HTTP version used to load the page in the address bar.";
mozPermissions = [ "<all_urls>" "tabs" "webNavigation" "webRequest" ];
mozPermissions = ["<all_urls>" "tabs" "webNavigation" "webRequest"];
platforms = platforms.all;
};
};
@ -40,8 +47,7 @@ in
addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}";
url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465";
meta = with lib;
{
meta = with lib; {
homepage = "https://github.com/jannispinter/indicatetls";
description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
license = licenses.mpl20;
@ -62,12 +68,11 @@ in
addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}";
url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d";
meta = with lib;
{
meta = with lib; {
homepage = "https://github.com/HostedDinner/SixIndicator";
description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
license = licenses.mit;
mozPermissions = [ "tabs" "webRequest" "<all_urls>" ];
mozPermissions = ["tabs" "webRequest" "<all_urls>"];
platforms = platforms.all;
};
};
@ -77,12 +82,11 @@ in
addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}";
url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d";
meta = with lib;
{
meta = with lib; {
description = "Simple style fox 2";
license = licenses.cc-by-30;
mozPermissions = [];
platforms = platforms.all;
};
};
}
}

15
home-manager/firefox/default.nix
View file

@ -1,6 +1,8 @@
{ pkgs, lib, ... }:
let
{
pkgs,
lib,
...
}: let
firefoxAddons = import ./addons.nix pkgs lib;
firefoxSettings = {
"browser.aboutConfig.showWarning" = false;
@ -13,8 +15,7 @@ let
"browser.gesture.swipe.left" = false;
"browser.gesture.swipe.right" = false;
};
in
{
in {
config = {
programs.firefox = {
enable = true;
@ -34,7 +35,7 @@ in
};
xdg.desktopEntries.firefox-sue = {
categories = [ "Network" "WebBrowser" ];
categories = ["Network" "WebBrowser"];
exec = "firefox -P sue --name firefox %U";
genericName = "Web Browser";
icon = "firefox";
@ -53,7 +54,7 @@ in
};
xdg.desktopEntries.firefox = lib.mkForce {
categories = [ "Network" "WebBrowser" ];
categories = ["Network" "WebBrowser"];
exec = "firefox --new-window --name firefox %U";
genericName = "Web Browser";
icon = "firefox";

6
home-manager/git/default.nix
View file

@ -9,10 +9,12 @@
commit.verbose = true;
pull.rebase = true;
};
includes = [{
includes = [
{
path = "~/git/suecode/.gitconfig";
condition = "gitdir:~/git/suecode/**";
}];
}
];
};
};
}

10
home-manager/keepassxc/default.nix
View file

@ -1,11 +1,13 @@
{ pkgs, config, ...}:
{
pkgs,
config,
...
}: {
config = {
home.packages = [ pkgs.keepassxc ];
home.packages = [pkgs.keepassxc];
homeage.file."keepassxc.ini" = {
source = ../../secrets/keepassxc.ini.age;
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
symlinks = ["${config.xdg.configHome}/keepassxc/keepassxc.ini"];
};
};
}

4
home-manager/neovim/default.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
config = {
programs.neovim = {
enable = true;

26
home-manager/ssh/default.nix
View file

@ -1,36 +1,38 @@
{ config, lib, ...}:
{
config,
lib,
...
}: {
config = {
programs.ssh = {
enable = true;
extraConfig = "User root";
matchBlocks = {
github = lib.hm.dag.entryBefore [ "*" ] {
github = lib.hm.dag.entryBefore ["*"] {
hostname = "github.com";
user = "pizzapim";
identitiesOnly = true;
};
lewis = lib.hm.dag.entryBefore [ "*" ] {
lewis = lib.hm.dag.entryBefore ["*"] {
hostname = "lewis.hyp";
};
atlas = lib.hm.dag.entryBefore [ "*" ] {
atlas = lib.hm.dag.entryBefore ["*"] {
hostname = "atlas.hyp";
};
jefke = lib.hm.dag.entryBefore [ "*" ] {
jefke = lib.hm.dag.entryBefore ["*"] {
hostname = "jefke.hyp";
};
hermes = lib.hm.dag.entryBefore [ "*" ] {
hermes = lib.hm.dag.entryBefore ["*"] {
hostname = "hermes.dmz";
};
maestro = lib.hm.dag.entryBefore [ "*" ] {
maestro = lib.hm.dag.entryBefore ["*"] {
hostname = "maestro.dmz";
};
bancomart = lib.hm.dag.entryBefore [ "*" ] {
bancomart = lib.hm.dag.entryBefore ["*"] {
hostname = "bancomart.dmz";
};
handjecontantje = lib.hm.dag.entryBefore [ "*" ] {
handjecontantje = lib.hm.dag.entryBefore ["*"] {
hostname = "handjecontantje.dmz";
};
};
@ -38,12 +40,12 @@
homeage.file."sue_ed25519" = {
source = ../../secrets/sue_ed25519.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
symlinks = ["${config.home.homeDirectory}/.ssh/sue_ed25519"];
};
homeage.file."sue_azure_rsa" = {
source = ../../secrets/sue_azure_rsa.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
symlinks = ["${config.home.homeDirectory}/.ssh/sue_azure_rsa"];
};
};
}

8
home-manager/syncthing/default.nix
View file

@ -1,6 +1,4 @@
{ config, ... }:
{
{config, ...}: {
config = {
services.syncthing.enable = true;
xdg.configFile."syncthing/config.xml".source = ./syncthing.xml;
@ -8,12 +6,12 @@
homeage.file."syncthing-key.pem" = {
source = ../../secrets/syncthing-key.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
symlinks = ["${config.xdg.configHome}/syncthing/key.pem"];
};
homeage.file."syncthing-cert.pem" = {
source = ../../secrets/syncthing-cert.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
symlinks = ["${config.xdg.configHome}/syncthing/cert.pem"];
};
};
}

23
nixos/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
{
pkgs,
config,
lib,
...
}: {
imports = [
./hardware-configuration.nix
];
@ -19,12 +24,12 @@
enable = true;
};
desktopManager.gnome.enable = true;
excludePackages = with pkgs; [ xterm ];
excludePackages = with pkgs; [xterm];
};
printing = {
enable = true;
drivers = [ pkgs.hplip pkgs.gutenprint ];
drivers = [pkgs.hplip pkgs.gutenprint];
};
fprintd = {
@ -40,7 +45,7 @@
users = {
users.pim = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" "input" ];
extraGroups = ["wheel" "docker" "input"];
};
};
@ -104,7 +109,7 @@
};
age = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
identityPaths = ["/home/pim/.ssh/age_ed25519"];
secrets = {
wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age;
@ -121,8 +126,9 @@
"10.225.191.4/24"
"fd11:5ee:bad:c0de::4/64"
];
dns = [ "192.168.30.8" ];
peers = [{
dns = ["192.168.30.8"];
peers = [
{
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
endpoint = "84.245.14.149:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
@ -130,7 +136,8 @@
"0.0.0.0/0"
"::0/0"
];
}];
}
];
};
};

32
nixos/hardware-configuration.nix
View file

@ -1,32 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
fileSystems."/" = {
device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device = "/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/87DA-B083";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/87DA-B083";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa"; }
swapDevices = [
{device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

5
secrets/secrets.nix
View file

@ -1,10 +1,9 @@
let
pkgs = import <nixpkgs> {};
publicKeysURL = "https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
publicKeysFile = builtins.fetchurl {url = publicKeysURL;};
publicKeys = pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents publicKeysFile);
in
{
in {
"wg-quick-home-privkey.age".publicKeys = publicKeys;
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
"sue_ed25519.age".publicKeys = publicKeys;