diff --git a/configuration.nix b/configuration.nix deleted file mode 100644 index 9efc152..0000000 --- a/configuration.nix +++ /dev/null @@ -1,282 +0,0 @@ -{ pkgs, config, lib, inputs, flake, system, ... }: { - imports = [ - inputs.stylix.nixosModules.stylix - inputs.home-manager.nixosModules.home-manager - inputs.sops-nix.nixosModules.sops - "${flake}/modules/nixos/lanzaboote.nix" - "${flake}/modules/tidal.nix" - ]; - - time.timeZone = "Europe/Amsterdam"; - i18n.defaultLocale = "en_US.UTF-8"; - programs.ssh.startAgent = true; - - services = { - gnome.gnome-keyring.enable = lib.mkForce false; - - tailscale = { - enable = true; - useRoutingFeatures = "client"; - }; - - xserver = { - enable = true; - displayManager.gdm = { enable = true; }; - desktopManager.gnome.enable = true; - excludePackages = with pkgs; [ xterm ]; - }; - - printing = { - enable = true; - drivers = [ pkgs.hplip pkgs.gutenprint ]; - }; - - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; - }; - - users = { - users.pim = { - isNormalUser = true; - extraGroups = [ "wheel" "docker" "input" "wireshark" "dialout" ]; - }; - }; - - environment = { - # https://nix-community.github.io/home-manager/options.xhtml#opt-programs.zsh.enableCompletion - pathsToLink = [ "/share/zsh" ]; - - systemPackages = (with pkgs; [ - age - borgbackup - btop - btrfs-progs - curl - dig - exfat - f3 - fastfetch - file - git - gnome.gnome-shell-extensions - jq - kubectl - nmap - poppler_utils # For pdfunite - ripgrep - sbctl - silicon - sops - tree - units - vim - wget - yq - ncdu - lshw - ]) ++ (with pkgs.gnomeExtensions; [ - pop-shell - window-is-ready-remover - random-wallpaper - workspaces-indicator-by-open-apps - tailscale-status - ]); - - gnome.excludePackages = (with pkgs; [ - epiphany - gnome-connections - gnome-console - gnome-tour - ]) ++ (with pkgs.gnome; [ - geary - gnome-calendar - gnome-clocks - gnome-contacts - gnome-font-viewer - gnome-logs - gnome-maps - gnome-music - seahorse - totem - yelp - gnome-weather - ]); - }; - - system = { - stateVersion = "23.05"; - - activationScripts.diff = '' - if [[ -e /run/current-system ]]; then - ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig" - fi - ''; - }; - - security = { - rtkit.enable = true; - - sudo.extraConfig = '' - Defaults timestamp_timeout=30 - ''; - }; - - nix = { - package = pkgs.nixFlakes; - settings.trusted-users = [ "root" "pim" ]; - - extraOptions = '' - experimental-features = nix-command flakes - ''; - - gc = { - automatic = true; - persistent = true; - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - }; - - networking = { - useDHCP = lib.mkDefault true; - networkmanager.unmanaged = [ "tailscale0" ]; - - wg-quick.interfaces = { - home = { - privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path; - address = [ "10.225.191.4/24" ]; - dns = [ "192.168.30.131" ]; - autostart = false; - mtu = 1412; - peers = [{ - presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path; - endpoint = "wg.kun.is:51820"; - publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; - allowedIPs = [ "0.0.0.0/0" ]; - }]; - }; - - home-no-pihole = { - privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path; - address = [ "10.225.191.4/24" ]; - dns = [ "192.168.10.1" ]; - autostart = false; - mtu = 1412; - peers = [{ - presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path; - endpoint = "wg.kun.is:51820"; - publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; - allowedIPs = [ "0.0.0.0/0" ]; - }]; - }; - }; - }; - - virtualisation.docker = { - enable = true; - rootless = { - enable = true; - setSocketVariable = true; - }; - }; - - nixpkgs = { - hostPlatform = lib.mkDefault "x86_64-linux"; - - config = { - allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "vmware-horizon-client" - "libfprint-2-tod1-goodix" - "vmware-workstation" - "ipu6-camera-bins-unstable" - "ipu6-camera-bins" - "ivsc-firmware-unstable" - "ivsc-firmware" - ]; - }; - - overlays = [ - inputs.nur.overlay - (final: _prev: { - unstable = import inputs.nixpkgs-unstable { - inherit system; - config.allowUnfree = true; - }; - }) - ]; - }; - - boot = { - kernelModules = [ "kvm-intel" "cdrom" ]; - extraModulePackages = [ ]; - - initrd = { - availableKernelModules = [ "sd_mod" ]; - kernelModules = [ ]; - }; - - kernel.sysctl = { - "net.core.default_qdisc" = "fq"; - "net.ipv4.tcp_congestion_control" = "bbr"; - }; - }; - - hardware = { - cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - pulseaudio.enable = false; - }; - - stylix = { - enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml"; - image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png"; - - cursor = { - package = pkgs.bibata-cursors; - name = "Bibata-Modern-Classic"; - size = 28; - }; - - fonts = { - monospace = { - package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; }; - name = "JetBrainsMono Nerd Font Mono"; - }; - - sansSerif = { - package = pkgs.dejavu_fonts; - name = "DejaVu Sans"; - }; - - serif = { - package = pkgs.dejavu_fonts; - name = "DejaVu Serif"; - }; - }; - }; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { inherit flake inputs; }; - - users.pim.imports = [ - ./home.nix - ]; - }; - - sops = { - age.keyFile = "/home/pim/.config/sops/age/keys.txt"; - defaultSopsFile = ./secrets/secrets.yaml; - - secrets = { - "wireguard/home/presharedKey" = { }; - "wireguard/home/privateKey" = { }; - }; - }; -} diff --git a/flake.nix b/flake.nix index c719444..9116e86 100644 --- a/flake.nix +++ b/flake.nix @@ -62,7 +62,7 @@ modules = [ extraModule - ] ++ nixpkgs'.lib.optional useDefaultConfiguration ./configuration.nix; + ] ++ nixpkgs'.lib.optional useDefaultConfiguration ./nixos; }; in { @@ -170,7 +170,7 @@ users = { users.pim = { isNormalUser = true; - # extraGroups = [ "wheel" "docker" "input" "wireshark" "dialout" ]; + extraGroups = [ "wheel" "docker" "input" "wireshark" "dialout" ]; }; }; @@ -232,10 +232,10 @@ boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494"; boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" ]; - hardware.ipu6 = { - enable = true; - platform = "ipu6ep"; - }; + # hardware.ipu6 = { + # enable = true; + # platform = "ipu6ep"; + # }; }; }); }; diff --git a/home.nix b/home-manager/default.nix similarity index 63% rename from home.nix rename to home-manager/default.nix index 4644aa0..e5bdf7c 100644 --- a/home.nix +++ b/home-manager/default.nix @@ -1,13 +1,15 @@ -{ pkgs, lib, config, flake, inputs, ... }: { +{ pkgs, lib, config, inputs, flake, ... }: { imports = [ - ./modules/home-manager/neovim - ./modules/home-manager/firefox + ./neovim + ./firefox + ./tidal.nix + ./gnome.nix + ./gnome.nix inputs.sops-nix.homeManagerModules.sops inputs.nix-index-database.hmModules.nix-index ]; xsession.enable = true; - services.syncthing.enable = true; xdg = { userDirs.enable = true; @@ -85,7 +87,6 @@ stateVersion = "23.05"; packages = (with pkgs; [ - gnome.gnome-tweaks jellyfin-media-player virt-manager ]) ++ (with pkgs.unstable; [ @@ -121,26 +122,6 @@ chromium.enable = true; bat.enable = true; - vscode = { - enable = true; - package = pkgs.vscodium; - extensions = with pkgs.vscode-extensions; [ - vscodevim.vim - marp-team.marp-vscode - jnoortheen.nix-ide - mkhl.direnv - ]; - - userSettings = { - "nix.enableLanguageServer" = true; - "nix.serverPath" = lib.getExe pkgs.nil; - "terminal.integrated.defaultProfile.linux" = "fish"; - "explorer.confirmDragAndDrop" = false; - "explorer.confirmPasteNative" = false; - "explorer.confirmDelete" = false; - }; - }; - fzf = { enable = true; enableZshIntegration = true; @@ -284,93 +265,12 @@ }; }; - dconf.settings = with lib.hm.gvariant; { - "org/gnome/desktop/sound".allow-volume-above-100-percent = true; - "org/gnome/desktop/wm.preferences".num-workspaces = 4; - "org/gnome/mutter".edge-tiling = true; - - "org/gnome/shell" = { - disable-extension-version-validation = true; - - enabled-extensions = [ - "workspaces-by-open-apps@favo02.github.com" - "pop-shell@system76.com" - "windowIsReady_Remover@nunofarruca@gmail.com" - "randomwallpaper@iflow.space" - "Vitals@CoreCoding.com" - "tailscale-status@maxgallup.github.com" - ]; - }; - - "org/gnome/desktop/input-sources" = { - sources = [ (mkTuple [ "xkb" "us" ]) ]; - xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ]; - }; - - "org/gnome/shell/extensions/pop-shell" = { - active-hint = true; - fullscreen-launcher = false; - mouse-cursor-focus-location = mkUint32 4; - mouse-cursor-follows-active-window = true; - show-skip-taskbar = false; - show-title = true; - smart-gaps = false; - snap-to-grid = false; - stacking-with-mouse = true; - tile-by-default = true; - }; - - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = lib.getExe config.programs.alacritty.package; - name = "Terminal"; - }; - - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = { - binding = "e"; - command = "${lib.getExe config.programs.librewolf.package} --browser"; - name = "Browser"; - }; - - "org/gnome/desktop/wm/keybindings" = { - close = [ "q" ]; - minimize = mkEmptyArray type.string; - move-to-workspace-1 = [ "1" ]; - move-to-workspace-2 = [ "2" ]; - move-to-workspace-3 = [ "3" ]; - move-to-workspace-4 = [ "4" ]; - switch-applications = mkEmptyArray type.string; - switch-applications-backward = mkEmptyArray type.string; - switch-to-workspace-1 = [ "1" ]; - switch-to-workspace-2 = [ "2" ]; - switch-to-workspace-3 = [ "3" ]; - switch-to-workspace-4 = [ "4" ]; - toggle-fullscreen = [ "f" ]; - }; - - "org/gnome/shell/extensions/space-iflow-randomwallpaper" = { - auto-fetch = true; - change-type = 2; - hide-panel-icon = true; - history-length = 1; - hours = 0; - minutes = 30; - sources = [ "42" ]; - fetch-on-startup = true; - }; - - "org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4; - "org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${flake}/wallpapers"; - }; - sops = { age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt"; - defaultSopsFile = ./secrets/pim.yaml; + defaultSopsFile = "${flake}/secrets/pim.yaml"; secrets = { "keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini"; - "syncthing/key".path = "${config.xdg.configHome}/syncthing/key.pem"; - "syncthing/cert".path = "${config.xdg.configHome}/syncthing/cert.pem"; }; }; } diff --git a/modules/home-manager/firefox/addons.json b/home-manager/firefox/addons.json similarity index 100% rename from modules/home-manager/firefox/addons.json rename to home-manager/firefox/addons.json diff --git a/modules/home-manager/firefox/addons.nix b/home-manager/firefox/addons.nix similarity index 100% rename from modules/home-manager/firefox/addons.nix rename to home-manager/firefox/addons.nix diff --git a/modules/home-manager/firefox/custom-addons.nix b/home-manager/firefox/custom-addons.nix similarity index 100% rename from modules/home-manager/firefox/custom-addons.nix rename to home-manager/firefox/custom-addons.nix diff --git a/modules/home-manager/firefox/default.nix b/home-manager/firefox/default.nix similarity index 100% rename from modules/home-manager/firefox/default.nix rename to home-manager/firefox/default.nix diff --git a/home-manager/gnome.nix b/home-manager/gnome.nix new file mode 100644 index 0000000..30da37b --- /dev/null +++ b/home-manager/gnome.nix @@ -0,0 +1,82 @@ +{ pkgs, lib, flake, config, ... }: { + home.packages = with pkgs; [ gnome.gnome-tweaks ]; + + dconf.settings = with lib.hm.gvariant; { + "org/gnome/desktop/sound".allow-volume-above-100-percent = true; + "org/gnome/desktop/wm.preferences".num-workspaces = 4; + "org/gnome/mutter".edge-tiling = true; + + "org/gnome/shell" = { + disable-extension-version-validation = true; + + enabled-extensions = [ + "workspaces-by-open-apps@favo02.github.com" + "pop-shell@system76.com" + "windowIsReady_Remover@nunofarruca@gmail.com" + "randomwallpaper@iflow.space" + "Vitals@CoreCoding.com" + "tailscale-status@maxgallup.github.com" + ]; + }; + + "org/gnome/desktop/input-sources" = { + sources = [ (mkTuple [ "xkb" "us" ]) ]; + xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ]; + }; + + "org/gnome/shell/extensions/pop-shell" = { + active-hint = true; + fullscreen-launcher = false; + mouse-cursor-focus-location = mkUint32 4; + mouse-cursor-follows-active-window = true; + show-skip-taskbar = false; + show-title = true; + smart-gaps = false; + snap-to-grid = false; + stacking-with-mouse = true; + tile-by-default = true; + }; + + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + binding = "t"; + command = lib.getExe config.programs.alacritty.package; + name = "Terminal"; + }; + + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = { + binding = "e"; + command = "${lib.getExe config.programs.librewolf.package} --browser"; + name = "Browser"; + }; + + "org/gnome/desktop/wm/keybindings" = { + close = [ "q" ]; + minimize = mkEmptyArray type.string; + move-to-workspace-1 = [ "1" ]; + move-to-workspace-2 = [ "2" ]; + move-to-workspace-3 = [ "3" ]; + move-to-workspace-4 = [ "4" ]; + switch-applications = mkEmptyArray type.string; + switch-applications-backward = mkEmptyArray type.string; + switch-to-workspace-1 = [ "1" ]; + switch-to-workspace-2 = [ "2" ]; + switch-to-workspace-3 = [ "3" ]; + switch-to-workspace-4 = [ "4" ]; + toggle-fullscreen = [ "f" ]; + }; + + "org/gnome/shell/extensions/space-iflow-randomwallpaper" = { + auto-fetch = true; + change-type = 2; + hide-panel-icon = true; + history-length = 1; + hours = 0; + minutes = 30; + sources = [ "42" ]; + fetch-on-startup = true; + }; + + "org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4; + "org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${flake}/wallpapers"; + }; +} diff --git a/modules/home-manager/neovim/bufferline.lua b/home-manager/neovim/bufferline.lua similarity index 100% rename from modules/home-manager/neovim/bufferline.lua rename to home-manager/neovim/bufferline.lua diff --git a/modules/home-manager/neovim/cmp.lua b/home-manager/neovim/cmp.lua similarity index 100% rename from modules/home-manager/neovim/cmp.lua rename to home-manager/neovim/cmp.lua diff --git a/modules/home-manager/neovim/commentary.lua b/home-manager/neovim/commentary.lua similarity index 100% rename from modules/home-manager/neovim/commentary.lua rename to home-manager/neovim/commentary.lua diff --git a/modules/home-manager/neovim/core.lua b/home-manager/neovim/core.lua similarity index 100% rename from modules/home-manager/neovim/core.lua rename to home-manager/neovim/core.lua diff --git a/modules/home-manager/neovim/default.nix b/home-manager/neovim/default.nix similarity index 100% rename from modules/home-manager/neovim/default.nix rename to home-manager/neovim/default.nix diff --git a/modules/home-manager/neovim/leap.lua b/home-manager/neovim/leap.lua similarity index 100% rename from modules/home-manager/neovim/leap.lua rename to home-manager/neovim/leap.lua diff --git a/modules/home-manager/neovim/lspconfig.lua b/home-manager/neovim/lspconfig.lua similarity index 100% rename from modules/home-manager/neovim/lspconfig.lua rename to home-manager/neovim/lspconfig.lua diff --git a/modules/home-manager/neovim/none-ls.lua b/home-manager/neovim/none-ls.lua similarity index 100% rename from modules/home-manager/neovim/none-ls.lua rename to home-manager/neovim/none-ls.lua diff --git a/modules/home-manager/neovim/telescope.lua b/home-manager/neovim/telescope.lua similarity index 100% rename from modules/home-manager/neovim/telescope.lua rename to home-manager/neovim/telescope.lua diff --git a/modules/home-manager/neovim/treesitter.lua b/home-manager/neovim/treesitter.lua similarity index 100% rename from modules/home-manager/neovim/treesitter.lua rename to home-manager/neovim/treesitter.lua diff --git a/home-manager/syncthing.nix b/home-manager/syncthing.nix new file mode 100644 index 0000000..fe900c3 --- /dev/null +++ b/home-manager/syncthing.nix @@ -0,0 +1,8 @@ +{config, ...}: { + services.syncthing.enable = true; + + sops.secrets = { + "syncthing/key".path = "${config.xdg.configHome}/syncthing/key.pem"; + "syncthing/cert".path = "${config.xdg.configHome}/syncthing/cert.pem"; + }; +} diff --git a/home-manager/tidal.nix b/home-manager/tidal.nix new file mode 100644 index 0000000..c512a76 --- /dev/null +++ b/home-manager/tidal.nix @@ -0,0 +1,5 @@ +{ pkgs, ...}: { + home.packages = with pkgs; [ + supercollider-with-sc3-plugins + ]; +} diff --git a/home-manager/vscode.nix b/home-manager/vscode.nix new file mode 100644 index 0000000..0cffb17 --- /dev/null +++ b/home-manager/vscode.nix @@ -0,0 +1,21 @@ +{ pkgs, lib, ... }: { + programs.vscode = { + enable = true; + package = pkgs.vscodium; + extensions = with pkgs.vscode-extensions; [ + vscodevim.vim + marp-team.marp-vscode + jnoortheen.nix-ide + mkhl.direnv + ]; + + userSettings = { + "nix.enableLanguageServer" = true; + "nix.serverPath" = lib.getExe pkgs.nil; + "terminal.integrated.defaultProfile.linux" = "fish"; + "explorer.confirmDragAndDrop" = false; + "explorer.confirmPasteNative" = false; + "explorer.confirmDelete" = false; + }; + }; +} diff --git a/modules/tidal.nix b/modules/tidal.nix deleted file mode 100644 index cbe57b9..0000000 --- a/modules/tidal.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: { - config = { - home-manager.users.pim.imports = [({ pkgs, ... }: { - home.packages = with pkgs; [ - supercollider-with-sc3-plugins - ]; - })]; - - users.users.pim.extraGroups = [ "audio" ]; - }; -} diff --git a/nixos/default.nix b/nixos/default.nix new file mode 100644 index 0000000..3ef0f72 --- /dev/null +++ b/nixos/default.nix @@ -0,0 +1,168 @@ +{ pkgs, config, lib, inputs, flake, system, ... }: { + imports = [ + inputs.home-manager.nixosModules.home-manager + ./lanzaboote.nix + ./tidal.nix + ./sops.nix + ./stylix.nix + ./wireguard.nix + ./gnome.nix + ./tailscale.nix + ]; + + time.timeZone = "Europe/Amsterdam"; + i18n.defaultLocale = "en_US.UTF-8"; + programs.ssh.startAgent = true; + + services = { + gnome.gnome-keyring.enable = lib.mkForce false; + + xserver = { + enable = true; + displayManager.gdm = { enable = true; }; + excludePackages = with pkgs; [ xterm ]; + }; + + printing = { + enable = true; + drivers = [ pkgs.hplip pkgs.gutenprint ]; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + }; + + users = { + users.pim = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" "input" "wireshark" "dialout" ]; + }; + }; + + environment = { + systemPackages = with pkgs; [ + age + borgbackup + btop + btrfs-progs + curl + dig + exfat + f3 + fastfetch + file + git + jq + kubectl + nmap + poppler_utils # For pdfunite + ripgrep + sbctl + silicon + tree + units + vim + wget + yq + ncdu + lshw + ]; + }; + + system = { + stateVersion = "23.05"; + + activationScripts.diff = '' + if [[ -e /run/current-system ]]; then + ${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig" + fi + ''; + }; + + security = { + rtkit.enable = true; + + sudo.extraConfig = '' + Defaults timestamp_timeout=30 + ''; + }; + + nix = { + package = pkgs.nixFlakes; + settings.trusted-users = [ "root" "pim" ]; + + extraOptions = '' + experimental-features = nix-command flakes + ''; + + gc = { + automatic = true; + persistent = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + }; + + networking.useDHCP = lib.mkDefault true; + + virtualisation.docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + + nixpkgs = { + hostPlatform = lib.mkDefault "x86_64-linux"; + + config = { + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "libfprint-2-tod1-goodix" + ]; + }; + + overlays = [ + inputs.nur.overlay + (final: _prev: { + unstable = import inputs.nixpkgs-unstable { + inherit system; + config.allowUnfree = true; + }; + }) + ]; + }; + + boot = { + kernelModules = [ "kvm-intel" "cdrom" ]; + extraModulePackages = [ ]; + + initrd = { + availableKernelModules = [ "sd_mod" ]; + kernelModules = [ ]; + }; + + kernel.sysctl = { + "net.core.default_qdisc" = "fq"; + "net.ipv4.tcp_congestion_control" = "bbr"; + }; + }; + + hardware = { + cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + pulseaudio.enable = false; + }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { inherit flake inputs; }; + + users.pim.imports = [ "${flake}/home-manager" ]; + }; +} diff --git a/nixos/gnome.nix b/nixos/gnome.nix new file mode 100644 index 0000000..533ef2e --- /dev/null +++ b/nixos/gnome.nix @@ -0,0 +1,34 @@ +{ pkgs, ... }: { + services.xserver.desktopManager.gnome.enable = true; + + environment = { + systemPackages = [ + pkgs.gnome.gnome-shell-extensions + ] ++ (with pkgs.gnomeExtensions; [ + pop-shell + window-is-ready-remover + random-wallpaper + workspaces-indicator-by-open-apps + ]); + + gnome.excludePackages = (with pkgs; [ + epiphany + gnome-connections + gnome-console + gnome-tour + ]) ++ (with pkgs.gnome; [ + geary + gnome-calendar + gnome-clocks + gnome-contacts + gnome-font-viewer + gnome-logs + gnome-maps + gnome-music + seahorse + totem + yelp + gnome-weather + ]); + }; +} diff --git a/modules/nixos/lanzaboote.nix b/nixos/lanzaboote.nix similarity index 100% rename from modules/nixos/lanzaboote.nix rename to nixos/lanzaboote.nix diff --git a/nixos/sops.nix b/nixos/sops.nix new file mode 100644 index 0000000..90d1fd3 --- /dev/null +++ b/nixos/sops.nix @@ -0,0 +1,10 @@ +{ inputs, pkgs, flake, ... }: { + imports = [ inputs.sops-nix.nixosModules.sops ]; + + environment.systemPackages = with pkgs; [ sops ]; + + sops = { + age.keyFile = "/home/pim/.config/sops/age/keys.txt"; + defaultSopsFile = "${flake}/secrets/secrets.yaml"; + }; +} diff --git a/nixos/stylix.nix b/nixos/stylix.nix new file mode 100644 index 0000000..b2e6911 --- /dev/null +++ b/nixos/stylix.nix @@ -0,0 +1,32 @@ +{ pkgs, inputs, ... }: { + imports = [ inputs.stylix.nixosModules.stylix ]; + + stylix = { + enable = true; + base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml"; + image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png"; + + cursor = { + package = pkgs.bibata-cursors; + name = "Bibata-Modern-Classic"; + size = 28; + }; + + fonts = { + monospace = { + package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; }; + name = "JetBrainsMono Nerd Font Mono"; + }; + + sansSerif = { + package = pkgs.dejavu_fonts; + name = "DejaVu Sans"; + }; + + serif = { + package = pkgs.dejavu_fonts; + name = "DejaVu Serif"; + }; + }; + }; +} diff --git a/nixos/tailscale.nix b/nixos/tailscale.nix new file mode 100644 index 0000000..98b0ba2 --- /dev/null +++ b/nixos/tailscale.nix @@ -0,0 +1,10 @@ +{pkgs, ...}: { + environment.systemPackages = [ pkgs.gnomeExtensions.tailscale-status ]; + + services.tailscale = { + enable = true; + useRoutingFeatures = "client"; + }; + + networking.networkmanager.unmanaged = [ "tailscale0" ]; +} diff --git a/nixos/tidal.nix b/nixos/tidal.nix new file mode 100644 index 0000000..9d00035 --- /dev/null +++ b/nixos/tidal.nix @@ -0,0 +1,3 @@ +{ ... }: { + users.users.pim.extraGroups = ["audio"]; +} diff --git a/nixos/wireguard.nix b/nixos/wireguard.nix new file mode 100644 index 0000000..7977854 --- /dev/null +++ b/nixos/wireguard.nix @@ -0,0 +1,41 @@ +{ lib, config, ... }: { + networking = { + useDHCP = lib.mkDefault true; + networkmanager.unmanaged = [ "tailscale0" ]; + + wg-quick.interfaces = { + home = { + privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path; + address = [ "10.225.191.4/24" ]; + dns = [ "192.168.30.131" ]; + autostart = false; + mtu = 1412; + peers = [{ + presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path; + endpoint = "wg.kun.is:51820"; + publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; + allowedIPs = [ "0.0.0.0/0" ]; + }]; + }; + + home-no-pihole = { + privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path; + address = [ "10.225.191.4/24" ]; + dns = [ "192.168.10.1" ]; + autostart = false; + mtu = 1412; + peers = [{ + presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path; + endpoint = "wg.kun.is:51820"; + publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; + allowedIPs = [ "0.0.0.0/0" ]; + }]; + }; + }; + }; + + sops.secrets = { + "wireguard/home/presharedKey" = { }; + "wireguard/home/privateKey" = { }; + }; +}