diff --git a/flake.nix b/flake.nix index f709798..3ae99ce 100644 --- a/flake.nix +++ b/flake.nix @@ -19,16 +19,27 @@ }; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - - outputs = { nixpkgs, home-manager, homeage, agenix, nur, nixos-hardware, ... }: { + + outputs = { + nixpkgs, + home-manager, + homeage, + agenix, + nur, + nixos-hardware, + ... + }: { + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra; + nixosConfigurations.pim = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; + system = "x86_64-linux"; modules = [ - { nixpkgs.overlays = [ nur.overlay ]; } + {nixpkgs.overlays = [nur.overlay];} ./nixos agenix.nixosModules.default nixos-hardware.nixosModules.lenovo-thinkpad-x260 - home-manager.nixosModules.home-manager { + home-manager.nixosModules.home-manager + { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.users.pim = { diff --git a/home-manager/default.nix b/home-manager/default.nix index ed52009..07e15e8 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -1,6 +1,9 @@ -{ pkgs, lib, config, ... }: - { + pkgs, + lib, + config, + ... +}: { imports = [ ./bash ./neovim @@ -30,7 +33,7 @@ strawberry gimp libreoffice - (pkgs.nerdfonts.override { fonts = [ "Hack" ]; }) + (pkgs.nerdfonts.override {fonts = ["Hack"];}) virt-manager gnome.gnome-tweaks ]; @@ -82,22 +85,22 @@ xdg.userDirs.enable = true; homeage = { - identityPaths = [ "/home/pim/.ssh/age_ed25519" ]; + identityPaths = ["/home/pim/.ssh/age_ed25519"]; installationType = "systemd"; file."common-pg-tfbackend" = { source = ../secrets/common-pg-tfbackend.age; - symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ]; + symlinks = ["${config.xdg.configHome}/home/common.pg.tfbackend"]; }; file."ansible-vault-secret" = { source = ../secrets/ansible-vault-secret.age; - symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ]; + symlinks = ["${config.xdg.configHome}/home/ansible-vault-secret"]; }; file."powerdns-api-key" = { source = ../secrets/powerdns-api-key.json.age; - symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ]; + symlinks = ["${config.xdg.configHome}/home/powerdns-api-key.json"]; }; }; @@ -105,8 +108,8 @@ dconf.settings = with lib.hm.gvariant; { "org/gnome/desktop/input-sources" = { - sources = [ (mkTuple [ "xkb" "us" ]) ]; - xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ]; + sources = [(mkTuple ["xkb" "us"])]; + xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"]; }; "org/gnome/desktop/interface" = { diff --git a/home-manager/firefox/addons.nix b/home-manager/firefox/addons.nix index 38cf1ff..4d7f21c 100644 --- a/home-manager/firefox/addons.nix +++ b/home-manager/firefox/addons.nix @@ -1,33 +1,31 @@ -pkgs: lib: -let +pkgs: lib: let rycee-addons = pkgs.nur.repos.rycee.firefox-addons; custom-addons = import ./custom-addons.nix pkgs lib; -in - { - default = lib.concatLists [ - (with rycee-addons; [ - ublock-origin - clearurls - cookie-autodelete - istilldontcareaboutcookies - keepassxc-browser - redirector - ublacklist - umatrix - violentmonkey - boring-rss - # rycee.bypass-paywalls-clean - ]) - (with custom-addons; [ - http-version-indicator - indicatetls - sixindicator - ]) - ]; - sue = with rycee-addons; [ +in { + default = lib.concatLists [ + (with rycee-addons; [ ublock-origin + clearurls + cookie-autodelete istilldontcareaboutcookies keepassxc-browser - custom-addons.simple-style-fox-2 - ]; - } + redirector + ublacklist + umatrix + violentmonkey + boring-rss + # rycee.bypass-paywalls-clean + ]) + (with custom-addons; [ + http-version-indicator + indicatetls + sixindicator + ]) + ]; + sue = with rycee-addons; [ + ublock-origin + istilldontcareaboutcookies + keepassxc-browser + custom-addons.simple-style-fox-2 + ]; +} diff --git a/home-manager/firefox/custom-addons.nix b/home-manager/firefox/custom-addons.nix index ed14f16..3d3c4a0 100644 --- a/home-manager/firefox/custom-addons.nix +++ b/home-manager/firefox/custom-addons.nix @@ -1,88 +1,92 @@ -pkgs: lib: -let +pkgs: lib: let # Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix - buildFirefoxXpiAddon = lib.makeOverridable ({ stdenv ? pkgs.stdenv, fetchurl ? pkgs.fetchurl, - pname, version, addonId, url, sha256, meta, ... }: stdenv.mkDerivation { - name = "${pname}-${version}"; + buildFirefoxXpiAddon = lib.makeOverridable ({ + stdenv ? pkgs.stdenv, + fetchurl ? pkgs.fetchurl, + pname, + version, + addonId, + url, + sha256, + meta, + ... + }: + stdenv.mkDerivation { + name = "${pname}-${version}"; - inherit meta; + inherit meta; - src = fetchurl { inherit url sha256; }; + src = fetchurl {inherit url sha256;}; - preferLocalBuild = true; - allowSubstitutes = true; + preferLocalBuild = true; + allowSubstitutes = true; - buildCommand = '' - dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" - mkdir -p "$dst" - install -v -m644 "$src" "$dst/${addonId}.xpi" - ''; - }); -in - { - "http-version-indicator" = buildFirefoxXpiAddon { - pname = "http-version-indicator"; - version = "3.2.1"; - addonId = "spdyindicator@chengsun.github.com"; - url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi"; - sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8"; - meta = with lib; - { - homepage = "https://github.com/bsiegel/http-version-indicator"; - description = "An indicator showing the HTTP version used to load the page in the address bar."; - mozPermissions = [ "" "tabs" "webNavigation" "webRequest" ]; - platforms = platforms.all; - }; - }; - "indicatetls" = buildFirefoxXpiAddon { - pname = "indicatetls"; - version = "0.3.0"; - addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}"; - url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi"; - sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465"; - meta = with lib; - { - homepage = "https://github.com/jannispinter/indicatetls"; - description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar"; - license = licenses.mpl20; - mozPermissions = [ - "tabs" - "webNavigation" - "webRequest" - "webRequestBlocking" - "http://*/*" - "https://*/*" - ]; - platforms = platforms.all; - }; - }; - "sixindicator" = buildFirefoxXpiAddon { - pname = "sixindicator"; - version = "1.3.0"; - addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}"; - url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi"; - sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d"; - meta = with lib; - { - homepage = "https://github.com/HostedDinner/SixIndicator"; - description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4."; - license = licenses.mit; - mozPermissions = [ "tabs" "webRequest" "" ]; - platforms = platforms.all; - }; - }; - "simple-style-fox-2" = buildFirefoxXpiAddon { - pname = "simple-style-fox-2"; - version = "10.0"; - addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}"; - url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi"; - sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d"; - meta = with lib; - { - description = "Simple style fox 2"; - license = licenses.cc-by-30; - mozPermissions = []; - platforms = platforms.all; - }; - }; - } + buildCommand = '' + dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}" + mkdir -p "$dst" + install -v -m644 "$src" "$dst/${addonId}.xpi" + ''; + }); +in { + "http-version-indicator" = buildFirefoxXpiAddon { + pname = "http-version-indicator"; + version = "3.2.1"; + addonId = "spdyindicator@chengsun.github.com"; + url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi"; + sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8"; + meta = with lib; { + homepage = "https://github.com/bsiegel/http-version-indicator"; + description = "An indicator showing the HTTP version used to load the page in the address bar."; + mozPermissions = ["" "tabs" "webNavigation" "webRequest"]; + platforms = platforms.all; + }; + }; + "indicatetls" = buildFirefoxXpiAddon { + pname = "indicatetls"; + version = "0.3.0"; + addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}"; + url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi"; + sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465"; + meta = with lib; { + homepage = "https://github.com/jannispinter/indicatetls"; + description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar"; + license = licenses.mpl20; + mozPermissions = [ + "tabs" + "webNavigation" + "webRequest" + "webRequestBlocking" + "http://*/*" + "https://*/*" + ]; + platforms = platforms.all; + }; + }; + "sixindicator" = buildFirefoxXpiAddon { + pname = "sixindicator"; + version = "1.3.0"; + addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}"; + url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi"; + sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d"; + meta = with lib; { + homepage = "https://github.com/HostedDinner/SixIndicator"; + description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4."; + license = licenses.mit; + mozPermissions = ["tabs" "webRequest" ""]; + platforms = platforms.all; + }; + }; + "simple-style-fox-2" = buildFirefoxXpiAddon { + pname = "simple-style-fox-2"; + version = "10.0"; + addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}"; + url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi"; + sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d"; + meta = with lib; { + description = "Simple style fox 2"; + license = licenses.cc-by-30; + mozPermissions = []; + platforms = platforms.all; + }; + }; +} diff --git a/home-manager/firefox/default.nix b/home-manager/firefox/default.nix index 9778057..a057abc 100644 --- a/home-manager/firefox/default.nix +++ b/home-manager/firefox/default.nix @@ -1,6 +1,8 @@ -{ pkgs, lib, ... }: - -let +{ + pkgs, + lib, + ... +}: let firefoxAddons = import ./addons.nix pkgs lib; firefoxSettings = { "browser.aboutConfig.showWarning" = false; @@ -13,12 +15,11 @@ let "browser.gesture.swipe.left" = false; "browser.gesture.swipe.right" = false; }; -in -{ +in { config = { programs.firefox = { enable = true; - profiles = { + profiles = { default = { id = 0; isDefault = true; @@ -34,7 +35,7 @@ in }; xdg.desktopEntries.firefox-sue = { - categories = [ "Network" "WebBrowser" ]; + categories = ["Network" "WebBrowser"]; exec = "firefox -P sue --name firefox %U"; genericName = "Web Browser"; icon = "firefox"; @@ -53,7 +54,7 @@ in }; xdg.desktopEntries.firefox = lib.mkForce { - categories = [ "Network" "WebBrowser" ]; + categories = ["Network" "WebBrowser"]; exec = "firefox --new-window --name firefox %U"; genericName = "Web Browser"; icon = "firefox"; diff --git a/home-manager/git/default.nix b/home-manager/git/default.nix index cf6c930..25c0dcf 100644 --- a/home-manager/git/default.nix +++ b/home-manager/git/default.nix @@ -9,10 +9,12 @@ commit.verbose = true; pull.rebase = true; }; - includes = [{ - path = "~/git/suecode/.gitconfig"; - condition = "gitdir:~/git/suecode/**"; - }]; + includes = [ + { + path = "~/git/suecode/.gitconfig"; + condition = "gitdir:~/git/suecode/**"; + } + ]; }; }; } diff --git a/home-manager/keepassxc/default.nix b/home-manager/keepassxc/default.nix index 8a560dd..8f99b37 100644 --- a/home-manager/keepassxc/default.nix +++ b/home-manager/keepassxc/default.nix @@ -1,11 +1,13 @@ -{ pkgs, config, ...}: - { + pkgs, + config, + ... +}: { config = { - home.packages = [ pkgs.keepassxc ]; + home.packages = [pkgs.keepassxc]; homeage.file."keepassxc.ini" = { source = ../../secrets/keepassxc.ini.age; - symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ]; + symlinks = ["${config.xdg.configHome}/keepassxc/keepassxc.ini"]; }; }; } diff --git a/home-manager/neovim/default.nix b/home-manager/neovim/default.nix index e4ac199..7303449 100644 --- a/home-manager/neovim/default.nix +++ b/home-manager/neovim/default.nix @@ -1,6 +1,4 @@ -{ pkgs, ... }: - -{ +{pkgs, ...}: { config = { programs.neovim = { enable = true; diff --git a/home-manager/ssh/default.nix b/home-manager/ssh/default.nix index 0718130..5931c82 100644 --- a/home-manager/ssh/default.nix +++ b/home-manager/ssh/default.nix @@ -1,36 +1,38 @@ -{ config, lib, ...}: - { + config, + lib, + ... +}: { config = { programs.ssh = { enable = true; extraConfig = "User root"; matchBlocks = { - github = lib.hm.dag.entryBefore [ "*" ] { + github = lib.hm.dag.entryBefore ["*"] { hostname = "github.com"; user = "pizzapim"; identitiesOnly = true; }; - lewis = lib.hm.dag.entryBefore [ "*" ] { + lewis = lib.hm.dag.entryBefore ["*"] { hostname = "lewis.hyp"; }; - atlas = lib.hm.dag.entryBefore [ "*" ] { + atlas = lib.hm.dag.entryBefore ["*"] { hostname = "atlas.hyp"; }; - jefke = lib.hm.dag.entryBefore [ "*" ] { + jefke = lib.hm.dag.entryBefore ["*"] { hostname = "jefke.hyp"; }; - hermes = lib.hm.dag.entryBefore [ "*" ] { + hermes = lib.hm.dag.entryBefore ["*"] { hostname = "hermes.dmz"; }; - maestro = lib.hm.dag.entryBefore [ "*" ] { + maestro = lib.hm.dag.entryBefore ["*"] { hostname = "maestro.dmz"; }; - bancomart = lib.hm.dag.entryBefore [ "*" ] { + bancomart = lib.hm.dag.entryBefore ["*"] { hostname = "bancomart.dmz"; }; - handjecontantje = lib.hm.dag.entryBefore [ "*" ] { + handjecontantje = lib.hm.dag.entryBefore ["*"] { hostname = "handjecontantje.dmz"; }; }; @@ -38,12 +40,12 @@ homeage.file."sue_ed25519" = { source = ../../secrets/sue_ed25519.age; - symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ]; + symlinks = ["${config.home.homeDirectory}/.ssh/sue_ed25519"]; }; homeage.file."sue_azure_rsa" = { source = ../../secrets/sue_azure_rsa.age; - symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ]; + symlinks = ["${config.home.homeDirectory}/.ssh/sue_azure_rsa"]; }; }; } diff --git a/home-manager/syncthing/default.nix b/home-manager/syncthing/default.nix index 6612746..fd9aa04 100644 --- a/home-manager/syncthing/default.nix +++ b/home-manager/syncthing/default.nix @@ -1,6 +1,4 @@ -{ config, ... }: - -{ +{config, ...}: { config = { services.syncthing.enable = true; xdg.configFile."syncthing/config.xml".source = ./syncthing.xml; @@ -8,12 +6,12 @@ homeage.file."syncthing-key.pem" = { source = ../../secrets/syncthing-key.pem.age; - symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ]; + symlinks = ["${config.xdg.configHome}/syncthing/key.pem"]; }; homeage.file."syncthing-cert.pem" = { source = ../../secrets/syncthing-cert.pem.age; - symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ]; + symlinks = ["${config.xdg.configHome}/syncthing/cert.pem"]; }; }; } diff --git a/nixos/default.nix b/nixos/default.nix index a9cae4f..3094601 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: { +{ + pkgs, + config, + lib, + ... +}: { imports = [ ./hardware-configuration.nix ]; @@ -19,12 +24,12 @@ enable = true; }; desktopManager.gnome.enable = true; - excludePackages = with pkgs; [ xterm ]; + excludePackages = with pkgs; [xterm]; }; printing = { enable = true; - drivers = [ pkgs.hplip pkgs.gutenprint ]; + drivers = [pkgs.hplip pkgs.gutenprint]; }; fprintd = { @@ -40,7 +45,7 @@ users = { users.pim = { isNormalUser = true; - extraGroups = [ "wheel" "docker" "input" ]; + extraGroups = ["wheel" "docker" "input"]; }; }; @@ -104,7 +109,7 @@ }; age = { - identityPaths = [ "/home/pim/.ssh/age_ed25519" ]; + identityPaths = ["/home/pim/.ssh/age_ed25519"]; secrets = { wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age; @@ -121,16 +126,18 @@ "10.225.191.4/24" "fd11:5ee:bad:c0de::4/64" ]; - dns = [ "192.168.30.8" ]; - peers = [{ - presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path; - endpoint = "84.245.14.149:51820"; - publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; - allowedIPs = [ - "0.0.0.0/0" - "::0/0" - ]; - }]; + dns = ["192.168.30.8"]; + peers = [ + { + presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path; + endpoint = "84.245.14.149:51820"; + publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; + allowedIPs = [ + "0.0.0.0/0" + "::0/0" + ]; + } + ]; }; }; diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix index dc1ce1f..cb338f2 100644 --- a/nixos/hardware-configuration.nix +++ b/nixos/hardware-configuration.nix @@ -1,33 +1,37 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa"; + fsType = "ext4"; + }; boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device = "/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9"; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/87DA-B083"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/87DA-B083"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa";} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7b8f80f..523f6e6 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,10 +1,9 @@ let pkgs = import {}; publicKeysURL = "https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys - publicKeysFile = builtins.fetchurl { url = publicKeysURL; }; + publicKeysFile = builtins.fetchurl {url = publicKeysURL;}; publicKeys = pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents publicKeysFile); -in -{ +in { "wg-quick-home-privkey.age".publicKeys = publicKeys; "wg-quick-home-preshared-key.age".publicKeys = publicKeys; "sue_ed25519.age".publicKeys = publicKeys;