pim/nixos-laptop
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Compare commits

merge into: pim:hyprland
Branches Tags
pim:master
pim:hyprland
pim:vuescan
...
pull from: pim:master
Branches Tags
pim:master
pim:hyprland
pim:vuescan

54 commits
hyprland ... master

Author SHA1 Message Date
Pim Kunis
59b58faeb5 Add module to configure sshd 2024-11-09 16:54:33 +01:00
Pim Kunis
14e269c02c gamepc: Increase swap to 4GB 
Separate installed packages in home-manager
 2024-11-09 12:49:23 +01:00
Pim Kunis
87153f15be Put boot partition on RAID1 device 
Create users with empty password on gamepc
 2024-11-09 12:25:07 +01:00
Pim Kunis
3e3f589e4f Fix boot for gamepc 2024-11-09 10:29:18 +01:00
Pim Kunis
a58aa96a60 Add configuration for gamepc 2024-11-07 20:47:40 +01:00
Pim Kunis
d3684cdd1f Remove nixos-hardware 2024-11-07 19:16:33 +01:00
Pim Kunis
02108d60ae Use nixos-facter for hardware configuration 2024-11-07 19:10:08 +01:00
Pim Kunis
f27055e57a Update git-hooks 2024-10-30 21:18:18 +01:00
Pim Kunis
e42a6ceacf Git ignore .pre-commit-config.yaml 
Add fish abbreviation for git commit --amend
Don't autoformat when writing commit message in neovim
 2024-10-28 13:16:31 +01:00
Pim Kunis
4cb90679a2 Run treefmt on nvim buffer save 2024-10-28 13:02:12 +01:00
Pim Kunis
0d6ad4b9c1 Add git-hooks 2024-10-28 12:25:19 +01:00
Pim Kunis
41785ece70 Add specialisation with nixos-cosmic 2024-10-28 11:38:31 +01:00
Pim Kunis
d427be6e4a Modularize stuff better 2024-10-27 12:23:43 +01:00
Pim Kunis
5b92ddde89 Make system compliant with company policy 2024-10-27 10:36:13 +01:00
Pim Kunis
cb6849ccd0 Remove old systems 2024-10-26 20:35:14 +02:00
Pim Kunis
573a8cc407 Format repo 2024-10-26 20:33:47 +02:00
Pim Kunis
db14de3471 Add formatter 2024-10-26 20:33:37 +02:00
Pim Kunis
08b0fbcd0c Move some stuff to modules 2024-10-26 20:24:13 +02:00
Pim Kunis
61640c0580 WIP: Working cosmic installation 2024-10-26 11:59:32 +02:00
Pim Kunis
ebfff58648 Update flake inputs 2024-10-25 15:12:53 +02:00
Pim Kunis
ed259d06cf Add tidal module 
Tweak vscode settings
 2024-10-25 14:30:53 +02:00
Pim Kunis
778208078c Uninstall vitals and runcat again 
Uninstall thunderbird
 2024-10-12 11:38:06 +02:00
Pim Kunis
a7e1fcd0d9 Install some Gnome extensions 
Disable neovim auto formatting
 2024-10-11 00:46:14 +02:00
Pim Kunis
cd66409759 Update flake inputs 2024-10-10 20:29:46 +02:00
Pim Kunis
ebe6523622 Add vscode 2024-10-10 19:57:32 +02:00
Pim Kunis
c6a6b22c5c Update flake inputs 2024-09-24 22:33:07 +02:00
Pim Kunis
f115729b24 Replace zsh with fish 
Install nix-index and nix-index-database
Update flake inputs
 2024-09-24 22:19:37 +02:00
Pim Kunis
5d675cbaad Update flake inputs 2024-09-19 19:13:23 +02:00
Pim Kunis
e692a80d1c Update flake inputs 
Disable Nheko due to insecure dependency
Unmanage tailscale0 with NetworkManager
 2024-09-02 08:13:33 +02:00
Pim Kunis
d754476865 Enable fzf to find files 
Install feishin
closes #34
 2024-09-01 16:32:12 +02:00
Pim Kunis
ca6d704524 Revert "Update flake inputs" 
This reverts commit aa7c2bac3b.
 2024-08-09 18:38:19 +02:00
Pim Kunis
17433101a5 Revert "fix: Fix audio for xps 9315" 
This reverts commit 1f70f75ca7.
 2024-08-09 18:38:16 +02:00
Pim Kunis
1f70f75ca7 fix: Fix audio for xps 9315 2024-08-04 10:58:07 +02:00
Pim Kunis
aa7c2bac3b Update flake inputs 2024-07-30 18:41:46 +02:00
Pim Kunis
d40bbc417c feat(tailscale): Enable routing features 
fix(wireguard): Disable autoconnect to prevent clashing with tailscale
fix(ssh): Remove aliases that clash with tailscale magicDNS
 2024-07-23 22:52:04 +02:00
Pim Kunis
f933a38b7d Enable tailscale 
Install nheko and handbrake
Enable cdrom kernel module
 2024-07-22 20:26:10 +02:00
Pim Kunis
03164646a5 chore(nix): Update Nix flake inputs 2024-07-12 17:00:02 +02:00
Pim Kunis
ebc3ad8204 Autostart Wireguard tunnel again 
Disable up arrow for Atuin
 2024-07-12 11:49:18 +02:00
Pim Kunis
95f36524e2 Update flake inputs 
Explicitly enable stylix
 2024-07-12 10:20:51 +02:00
Pim Kunis
46cf4907cb Disable ipv6 for wireguard tunnel until fixed 2024-06-30 22:18:28 +02:00
Pim Kunis
93104ed7e0 Enable camera for Dell XPS 
Install lshw
Set default Git branch to master
 2024-06-22 16:24:50 +02:00
Pim Kunis
0cecc75e3d Clean up secret management 
Update readme
 2024-06-15 18:21:07 +02:00
Pim Kunis
5d752cb279 Replace homeage with sops-nix 2024-06-15 18:10:55 +02:00
Pim Kunis
03608f96d7 Replace agenix with sops-nix 2024-06-15 16:20:03 +02:00
Pim Kunis
80530d6290 Disable safe operations in zsh 
Install ncdu
Rotate wallpaper every 30 minutes
 2024-06-15 15:16:59 +02:00
Pim Kunis
62265a466c Manage default applications with home-manager 2024-06-15 14:18:36 +02:00
Pim Kunis
b6b5d5901c Add gnome extension to use random wallpapers 
Add collection of wallpapers
 2024-06-13 23:32:04 +02:00
Pim Kunis
9c83729db0 Deploy sops age key with homeage 2024-06-13 09:01:57 +02:00
Pim Kunis
d11fc9ba6d Add Atuin 
Disable fzf
Add keybindings to move panes in tmux
Fix gnome move to workspace 1 keybinding
Set number of gnome workspaces
Enable edge tiling in gnome
 2024-06-12 23:12:04 +02:00
Pim Kunis
5bfab60b73 Use tmux 2024-06-11 19:59:58 +02:00
Pim Kunis
867912a676 Replace Bash with ZSH 
Uninstall some unneeded GNOME programs
 2024-06-09 23:01:34 +02:00
Pim Kunis
c3bddc6c44 Remove unnecessary directories 2024-06-09 22:06:21 +02:00
Pim Kunis
afcc583dcf Reorganize and refactor project 2024-06-09 22:00:47 +02:00
Pim Kunis
ed1e654706 Install Stylix 
Install Pop!_OS shell
Enable Jack emulation in Pipewire
Set a wallpaper
Replace Terminator with Alacritty
Copy GNOME config to dconf
 2024-06-09 20:31:39 +02:00
87 changed files with 13013 additions and 923 deletions
Show stats Expand all files Collapse all files

2
.envrc
View file

@ -1 +1 @@
PATH_add . use flake

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
result result
.direnv .direnv
.pre-commit-config.yaml

2
.sops.yaml Normal file
View file

@ -0,0 +1,2 @@
creation_rules:
- age: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw

28
README.md
View file

@ -1,22 +1,22 @@
# nixos-laptop # nixos-laptop
NixOS configuration for my laptop. NixOS configuration for my personal laptop.
My configuration is simple: I have one personal laptop with one user.
Currently contains config for only one systems:
- **sue**: My current laptop, a Dell XPS 9315
## Features ## Features
- Nixpkgs 23.11 - Nixpkgs 24.05
- Flakes!
- [Nix User Repository (NUR)](https://github.com/nix-community/NUR) - [Nix User Repository (NUR)](https://github.com/nix-community/NUR)
- Currently only used for Firefox Plugins - Currently only used for Firefox Plugins
- [Home Manager](https://github.com/nix-community/home-manager) - [Home Manager](https://github.com/nix-community/home-manager)
- For managing my configuration for my user - For managing the configuration for my user
- [Agenix](https://github.com/ryantm/agenix) - [sops-nix](https://github.com/Mic92/sops-nix)
- To deploy global system secrets, like: - For secret management
- Wireguard private key and shared secret - [stylix](https://stylix.danth.me/)
- [Homeage](https://github.com/jordanisaacs/homeage) - Apply theming and styling to many programs
- To deploy secrets in my home directory, like: - [lanzaboote](https://github.com/nix-community/lanzaboote)
- SSH keys - Secure boot for NixOS
- Syncthing private key - [disko](https://github.com/nix-community/disko)
- [nixos-hardware](https://github.com/NixOS/nixos-hardware) - Declarative disk partitioning and formatting; currently only used for my x201
- To add hardware-specific tweaks to NixOS for my laptop (currently a Levono ThinkPad x260)

174
configuration.nix
View file

@ -1,174 +0,0 @@
{ pkgs, config, lib, ... }: {
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
services = {
gnome.gnome-keyring.enable = lib.mkForce false;
xserver = {
enable = true;
displayManager.gdm = { enable = true; };
desktopManager.gnome.enable = true;
excludePackages = with pkgs; [ xterm ];
};
printing = {
enable = true;
drivers = [ pkgs.hplip pkgs.gutenprint ];
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
users = {
users.pim = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" "input" "wireshark" "dialout" ];
};
};
environment = {
systemPackages = with pkgs; [
wget
curl
git
btop
ripgrep
vim
dogdns
tree
dig
];
gnome.excludePackages = with pkgs; with pkgs.gnome; [
totem
gnome-tour
epiphany
geary
gnome-console
gnome-music
gnome-calendar
];
};
system = {
stateVersion = "23.05";
activationScripts.diff = ''
if [[ -e /run/current-system ]]; then
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
fi
'';
};
programs.ssh.startAgent = true;
security = {
rtkit.enable = true;
sudo.extraConfig = ''
Defaults timestamp_timeout=30
'';
};
nix = {
package = pkgs.nixFlakes;
settings.trusted-users = [ "root" "pim" ];
extraOptions = ''
experimental-features = nix-command flakes
'';
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
age = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
secrets = {
wg-quick-home-privkey.file = ./secrets/wg-quick-home-privkey.age;
wg-quick-home-preshared-key.file =
./secrets/wg-quick-home-preshared-key.age;
};
};
networking = {
useDHCP = lib.mkDefault true;
wg-quick.interfaces = {
home = {
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
address = [ "10.225.191.4/24" "fd11:5ee:bad:c0de::4/128" ];
dns = [ "192.168.30.131" ];
autostart = false;
mtu = 1412;
peers = [{
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
}];
};
home-no-pihole = {
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
address = [ "10.225.191.4/24" "fd11:5ee:bad:c0de::4/128" ];
dns = [ "192.168.10.1" ];
autostart = false;
mtu = 1412;
peers = [{
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
}];
};
};
};
virtualisation.docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
permittedInsecurePackages = [ "electron-25.9.0" ];
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "vmware-horizon-client" "libfprint-2-tod1-goodix" "vmware-workstation" ];
};
};
boot = {
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
initrd = {
availableKernelModules = [ "sd_mod" ];
kernelModules = [ ];
};
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
};
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = false;
};
}

592
flake.lock
View file

@ -1,27 +1,116 @@
{ {
"nodes": { "nodes": {
"agenix": { "base16": {
"inputs": { "inputs": {
"darwin": "darwin", "fromYaml": "fromYaml"
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1716561646, "lastModified": 1708890466,
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", "narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=",
"owner": "ryantm", "owner": "SenchoPens",
"repo": "agenix", "repo": "base16.nix",
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "rev": "665b3c6748534eb766c777298721cece9453fdae",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "ryantm", "owner": "SenchoPens",
"repo": "agenix", "repo": "base16.nix",
"type": "github"
}
},
"base16-fish": {
"flake": false,
"locked": {
"lastModified": 1622559957,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"type": "github"
}
},
"base16-foot": {
"flake": false,
"locked": {
"lastModified": 1696725948,
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
"owner": "tinted-theming",
"repo": "base16-foot",
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-foot",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1696727917,
"narHash": "sha256-FVrbPk+NtMra0jtlC5oxyNchbm8FosmvXIatkRbYy1g=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "dbe1480d99fe80f08df7970e471fac24c05f2ddb",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-kitty": {
"flake": false,
"locked": {
"lastModified": 1665001328,
"narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
"owner": "kdrag0n",
"repo": "base16-kitty",
"rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
"type": "github"
},
"original": {
"owner": "kdrag0n",
"repo": "base16-kitty",
"type": "github"
}
},
"base16-tmux": {
"flake": false,
"locked": {
"lastModified": 1696725902,
"narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
"owner": "tinted-theming",
"repo": "base16-tmux",
"rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-tmux",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1663659192,
"narHash": "sha256-uJvaYYDMXvoo0fhBZUhN8WBXeJ87SRgof6GEK2efFT0=",
"owner": "chriskempson",
"repo": "base16-vim",
"rev": "3be3cd82cd31acfcab9a41bad853d9c68d30478d",
"type": "github"
},
"original": {
"owner": "chriskempson",
"repo": "base16-vim",
"type": "github" "type": "github"
} }
}, },
@ -58,28 +147,6 @@
"type": "github" "type": "github"
} }
}, },
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -87,11 +154,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717490821, "lastModified": 1729712798,
"narHash": "sha256-CivVhYExnMJ2afm+o1ogB231pKW/azhUghMI53MHmOM=", "narHash": "sha256-a+Aakkb+amHw4biOZ0iMo8xYl37uUL48YEXIC5PYJ/8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "a838e83e21502a211b83373109a260e5ef5fbcf1", "rev": "09a776702b004fdf9c41a024e1299d575ee18a7d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -101,6 +168,54 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1717312683,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -139,7 +254,7 @@
}, },
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -155,7 +270,67 @@
"type": "github" "type": "github"
} }
}, },
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1689549921,
"narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1730302582,
"narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": {
"nixpkgs": [
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
@ -177,6 +352,23 @@
"type": "github" "type": "github"
} }
}, },
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1713702291,
"narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "46.1",
"repo": "gnome-shell",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -184,11 +376,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717527182, "lastModified": 1726989464,
"narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "845a5c4c073f74105022533907703441e0464bc3", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -198,30 +390,31 @@
"type": "github" "type": "github"
} }
}, },
"homeage": { "home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"stylix",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1669234151, "lastModified": 1714981474,
"narHash": "sha256-TwT87E3m2TZLgwYJESlype14HxUOrRGojPM5C2akrMg=", "narHash": "sha256-b3/U21CJjCjJKmA9WqUbZGZgCvospO3ArOUTgJugkOY=",
"owner": "jordanisaacs", "owner": "nix-community",
"repo": "homeage", "repo": "home-manager",
"rev": "02bfe4ca06962d222e522fff0240c93946b20278", "rev": "6ebe7be2e67be7b9b54d61ce5704f6fb466c536f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "jordanisaacs", "owner": "nix-community",
"repo": "homeage", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
@ -245,39 +438,113 @@
"type": "github" "type": "github"
} }
}, },
"nixos-hardware": { "nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1717515267, "lastModified": 1729394935,
"narHash": "sha256-3d/rDckP583688YqVPc6SyXTy2gHpma0HzCv3idi1OE=", "narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=",
"owner": "NixOS", "owner": "nix-community",
"repo": "nixos-hardware", "repo": "nix-index-database",
"rev": "82b2e20fbffe6a5f0555701af136ad3e734a5faa", "rev": "04f8a11f247ba00263b060fbcdc95484fd046104",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nix-community",
"ref": "master", "repo": "nix-index-database",
"repo": "nixos-hardware", "type": "github"
}
},
"nixos-artwork": {
"flake": false,
"locked": {
"lastModified": 1727557872,
"narHash": "sha256-JHbMSIIrHDkbAHO6vSsDRBiwuQcxLoIilbxptrTrXB4=",
"ref": "refs/heads/master",
"rev": "ea1384e183f556a94df85c7aa1dcd411f5a69646",
"revCount": 212,
"type": "git",
"url": "https://github.com/NixOS/nixos-artwork.git"
},
"original": {
"type": "git",
"url": "https://github.com/NixOS/nixos-artwork.git"
}
},
"nixos-cosmic": {
"inputs": {
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": [
"nixpkgs-unstable"
],
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1729857853,
"narHash": "sha256-IVaFOTG4i2K0YWKrJui09YCAEWyTSK+zaUTUvj/SbC4=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "04408bf4afe2bf2b15227c43914130c8bdf4ed3c",
"type": "github"
},
"original": {
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"type": "github"
}
},
"nixos-facter-modules": {
"locked": {
"lastModified": 1730798058,
"narHash": "sha256-2KexAe17KRg2191SdBxVXqJKwV6MxKzlE35DDcAX+Ds=",
"owner": "numtide",
"repo": "nixos-facter-modules",
"rev": "d0e205eafca7091caad3925ff82a46fea08351e1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nixos-facter-modules",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1717281328, "lastModified": 1729665710,
"narHash": "sha256-evZPzpf59oNcDUXxh2GHcxHkTEG4fjae2ytWP85jXRo=", "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b3b2b28c1daa04fe2ae47c21bb76fd226eac4ca1", "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-24.05", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": {
"lastModified": 1720386169,
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1678872516, "lastModified": 1678872516,
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
@ -293,13 +560,29 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-stable_3": {
"locked": { "locked": {
"lastModified": 1717399147, "lastModified": 1729357638,
"narHash": "sha256-eCWaE/q1VItpFAxxLVt171MdtDcjEnwi6QB/yuF73JU=", "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4a4ecb0ab415c9fccfb005567a215e6a9564cdf5", "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1729818716,
"narHash": "sha256-XRfkUsxLzFkMn3Tpstio1gNOIQ+2PZPCKbifJ2IXxlw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "062c4f59744fcffa2e5aa3ef443dc8b4d1674ed6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -309,13 +592,61 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1729691686,
"narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1714912032,
"narHash": "sha256-clkcOIkg8G4xuJh+1onLG4HPMpbtzdLv4rHxFzgsH9c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ee4a6e0f566fe5ec79968c57a9c2c3c25f2cf41d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1726871744,
"narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1717521378, "lastModified": 1729855863,
"narHash": "sha256-3UMMPUmY+sqGXuz+cZg5Ul7x8awrgrXmVg9L/Tv91QM=", "narHash": "sha256-TEefmNTtVeQpxziZ9PjWkxAkRQexLEsXk22Wj6Q7IQ8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "9a42df165c2851b40e9288564e09b0aa54dda5f5", "rev": "7d7cbe07852abdfd4a3bc09cb565e294f3251548",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -334,12 +665,12 @@
"lanzaboote", "lanzaboote",
"flake-utils" "flake-utils"
], ],
"gitignore": "gitignore", "gitignore": "gitignore_2",
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1681413034, "lastModified": 1681413034,
@ -357,15 +688,20 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"disko": "disko", "disko": "disko",
"git-hooks": "git-hooks",
"home-manager": "home-manager", "home-manager": "home-manager",
"homeage": "homeage",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixos-hardware": "nixos-hardware", "nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs", "nixos-artwork": "nixos-artwork",
"nixos-cosmic": "nixos-cosmic",
"nixos-facter-modules": "nixos-facter-modules",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur" "nur": "nur",
"sops-nix": "sops-nix",
"stylix": "stylix",
"treefmt-nix": "treefmt-nix"
} }
}, },
"rust-overlay": { "rust-overlay": {
@ -393,6 +729,77 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"nixos-cosmic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729736953,
"narHash": "sha256-Rb6JUop7NRklg0uzcre+A+Ebrn/ZiQPkm4QdKg6/3pw=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "29b1275740d9283467b8117499ec8cbb35250584",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1729775275,
"narHash": "sha256-J2vtHq9sw1wWm0aTMXpEEAzsVCUMZDTEe5kiBYccpLE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "78a0e634fc8981d6b564f08b6715c69a755c4c7d",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-foot": "base16-foot",
"base16-helix": "base16-helix",
"base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_4",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1726776484,
"narHash": "sha256-SPnk08RnllF8CD9Ndbe828Z1OmlviJ+ZJLsiT7V/+4A=",
"owner": "pizzapim",
"repo": "stylix",
"rev": "d444b97c5e691a2a468000c939119798e42b4f0f",
"type": "github"
},
"original": {
"owner": "pizzapim",
"ref": "release-24.05",
"repo": "stylix",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -408,18 +815,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": { "treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1730025913,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Y9NtFmP8ciLyRsopcCx1tyoaaStKeq+EndwtGCgww7I=",
"owner": "nix-systems", "owner": "numtide",
"repo": "default", "repo": "treefmt-nix",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "rev": "bae131e525cc8718da22fbeb8d8c7c43c4ea502a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "owner": "numtide",
"repo": "default", "repo": "treefmt-nix",
"type": "github" "type": "github"
} }
} }

242
flake.nix
View file

@ -5,24 +5,25 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; stylix.url = "github:pizzapim/stylix/release-24.05";
treefmt-nix.url = "github:numtide/treefmt-nix";
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
git-hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager?ref=release-24.05"; url = "github:nix-community/home-manager?ref=release-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
homeage = {
url = "github:jordanisaacs/homeage";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.3.0"; url = "github:nix-community/lanzaboote/v0.3.0";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -32,160 +33,87 @@
url = "github:nix-community/disko"; url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-artwork = {
type = "git";
url = "https://github.com/NixOS/nixos-artwork.git";
flake = false;
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-cosmic = {
url = "github:lilyinstarlight/nixos-cosmic";
inputs.nixpkgs-stable.follows = "nixpkgs-unstable";
};
}; };
outputs = outputs = {
{ nixpkgs self,
, nixpkgs-unstable nixpkgs,
, home-manager ...
, homeage } @ inputs: let
, agenix supportedSystems = [
, nur "x86_64-linux"
, nixos-hardware "i686-linux"
, ... "aarch64-linux"
}@inputs: ];
let forAllSystems' = nixpkgs.lib.genAttrs;
mkNixosSystem = extraModule: nixpkgs.lib.nixosSystem rec { forAllSystems = forAllSystems' supportedSystems;
system = "x86_64-linux"; pkgsForSystem = system:
specialArgs = { inherit inputs; }; import nixpkgs {
inherit system;
modules = [
{
nixpkgs.overlays = [
nur.overlay
(final: _prev: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
})
];
}
./configuration.nix
./modules/nixos/lanzaboote.nix
agenix.nixosModules.default
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.pim = {
imports = [ ./home-manager homeage.homeManagerModules.homeage ];
};
}
extraModule
];
}; };
in
{
nixosConfigurations = {
x260 = mkNixosSystem ({ pkgs, lib, ... }: {
imports = [ nixos-hardware.nixosModules.lenovo-thinkpad-x260 ];
config = { treefmtEval = forAllSystems (
pim.lanzaboote.enable = true; system: inputs.treefmt-nix.lib.evalModule (pkgsForSystem system) ./treefmt.nix
networking.hostName = "x260"; );
in {
formatter = forAllSystems (system: (treefmtEval.${system}.config.build.wrapper));
fprintd = { nixosConfigurations = nixpkgs.lib.mapAttrs (
enable = true; name: {
nixosModule,
homeManagerModule,
}:
nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
tod = { specialArgs = {
enable = true; inherit inputs system;
driver = pkgs.libfprint-2-tod1-vfs0090; flake = self;
};
};
swapDevices = [{ device = "/dev/disk/by-uuid/6028bf52-404d-4143-9cb0-9b06cd60a373"; }];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
}; };
});
x201 = mkNixosSystem ({ pkgs, lib, ... }: { modules = [
imports = [ inputs.disko.nixosModules.disko ]; nixosModule
config = { ./nixos
networking.hostName = "x201"; {
home-manager.users.pim.imports = [homeManagerModule];
}
];
}
) (import ./machines);
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" ]; checks = forAllSystems (system: {
pre-commit-check = inputs.git-hooks.lib.${system}.run {
src = ./.;
disko.devices = { hooks = {
disk = { treefmt = {
sda = { enable = true;
device = "/dev/sda"; package = treefmtEval.${system}.config.build.wrapper;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1; # Needs to be first partition
};
pv_os = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg_os";
};
};
};
};
};
};
lvm_vg.vg_os = {
type = "lvm_vg";
lvs = {
swap = {
size = "3GB";
content.type = "swap";
};
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
};
};
};
}; };
}); };
sue = mkNixosSystem ({ ... }: {
imports = [ nixos-hardware.nixosModules.dell-xps-13-9310 ];
config = {
pim.lanzaboote.enable = true;
networking.hostName = "xps-9315";
swapDevices = [{ device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b"; }];
fileSystems = {
"/" =
{
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" =
{
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" ];
};
});
}; };
}; });
devShells = forAllSystems (system: {
default = nixpkgs.legacyPackages.${system}.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
};
});
};
} }

20
home-manager/bash/default.nix
View file

@ -1,20 +0,0 @@
{
config = {
programs.bash = {
enable = true;
shellAliases = {
htop = "btop";
gp = "git push";
gco = "git checkout";
gd = "git diff";
gc = "git commit";
gpl = "git pull";
gb = "git branch";
ga = "git add";
gl = "git log";
gs = "git status";
tf = "tofu";
};
};
};
}

8
home-manager/bat/default.nix
View file

@ -1,8 +0,0 @@
{
config = {
programs.bat = {
enable = true;
config.theme = "gruvbox-dark";
};
};
}

332
home-manager/default.nix
View file

@ -1,101 +1,220 @@
{ pkgs, lib, config, ... }: { {
lib,
config,
inputs,
flake,
...
}: {
imports = [ imports = [
./bash
./neovim ./neovim
./firefox ./firefox
./ssh ./tidal.nix
./syncthing ./gnome.nix
./keepassxc ./syncthing.nix
./git ./vscode.nix
./direnv inputs.sops-nix.homeManagerModules.sops
./thunderbird inputs.nix-index-database.hmModules.nix-index
./fzf
./bat
]; ];
xsession.enable = true;
xdg = {
userDirs.enable = true;
mimeApps = {
enable = true;
defaultApplications = let
applications = {
telegram = {
mimeApp = "org.telegram.desktop.desktop";
mimeTypes = ["x-scheme-handler/tg"];
};
librewolf = {
mimeApp = "librewolf.desktop";
mimeTypes = [
"x-scheme-handler/http"
"text/html"
"application/xhtml+xml"
"x-scheme-handler/https"
"application/pdf"
];
};
gnomeTextEditor = {
mimeApp = "org.gnome.TextEditor.desktop";
mimeTypes = ["text/plain"];
};
loupe = {
mimeApp = "org.gnome.Loupe.desktop";
mimeTypes = [
"image/jpeg"
"image/png"
"image/gif"
"image/webp"
"image/tiff"
"image/x-tga"
"image/vnd-ms.dds"
"image/x-dds"
"image/bmp"
"image/vnd.microsoft.icon"
"image/vnd.radiance"
"image/x-exr"
"image/x-portable-bitmap"
"image/x-portable-graymap"
"image/x-portable-pixmap"
"image/x-portable-anymap"
"image/x-qoi"
"image/svg+xml"
"image/svg+xml-compressed"
"image/avif"
"image/heic"
"image/jxl"
];
};
};
mimeTypesForApp = {
mimeApp,
mimeTypes,
}:
map
(
mimeType: {"${mimeType}" = mimeApp;}
)
mimeTypes;
in
lib.zipAttrs (lib.flatten (map mimeTypesForApp (builtins.attrValues applications)));
};
};
home = { home = {
username = "pim"; username = "pim";
homeDirectory = "/home/pim"; homeDirectory = "/home/pim";
stateVersion = "23.05"; stateVersion = "23.05";
packages = with pkgs; [
unstable.moonlight-qt
unstable.vlc
unstable.nicotine-plus
unstable.logseq
unstable.signal-desktop
unstable.telegram-desktop
unstable.strawberry
unstable.gimp
unstable.libreoffice
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
virt-manager
gnome.gnome-tweaks
unstable.impression
poppler_utils # For pdfunite
silicon
unstable.dbeaver-bin
unstable.wireshark
units
btrfs-progs
exfat
unstable.qFlipper
f3
unstable.insomnia
unstable.vorta
jellyfin-media-player
jq
kubectl
file
yq
age
sops
nmap
unstable.devenv
unstable.attic-client
unstable.hexchat
sbctl
borgbackup
unstable.krita
unstable.bottles-unwrapped
];
}; };
programs = { programs = {
home-manager.enable = true; home-manager.enable = true;
chromium.enable = true; chromium.enable = true;
bat.enable = true;
terminator = { fzf = {
enable = true; enable = true;
config = { enableZshIntegration = true;
profiles.default = { };
# Gruvbox theme: https://github.com/egel/terminator-gruvbox
background_color = "#282828";
cursor_color = "#7c6f64";
foreground_color = "#ebdbb2";
palette =
"#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2";
};
keybindings = { alacritty = {
zoom_in = "<Ctrl>plus"; enable = true;
zoom_out = "<Ctrl>minus"; settings.shell = {
new_tab = "<Ctrl><Shift>T"; program = lib.getExe config.programs.tmux.package;
cycle_next = "<Ctrl>Tab"; args = ["attach"];
cycle_prev = "<Ctrl><Shift>Tab"; };
split_horiz = "<Alt>C"; };
split_vert = "<Alt>V";
go_left = "<Alt>H"; direnv = {
go_right = "<Alt>L"; enable = true;
go_up = "<Alt>K"; enableBashIntegration = true;
go_down = "<Alt>J"; nix-direnv.enable = true;
};
copy = "<Ctrl><Shift>C"; atuin = {
paste = "<Ctrl><Shift>V"; enable = true;
flags = ["--disable-up-arrow"];
enableFishIntegration = true;
layout_launcher = ""; # Default <Alt>L settings = {
}; auto_sync = true;
sync_frequency = "5m";
sync_address = "https://atuin.kun.is";
};
};
fish = {
enable = true;
interactiveShellInit = ''
set -U fish_greeting
'';
shellAbbrs = {
htop = "btop";
gp = "git push";
gco = "git checkout";
gd = "git diff";
gc = "git commit";
gca = "git commit --amend";
gpl = "git pull";
gb = "git branch";
ga = "git add";
gl = "git log";
gs = "git status";
tf = "tofu";
};
};
starship = {
enable = true;
enableFishIntegration = true;
enableTransience = true;
settings.nix_shell.heuristic = true;
};
nix-index = {
enable = true;
enableFishIntegration = true;
};
tmux = {
enable = true;
shell = lib.getExe config.programs.fish.package;
shortcut = "a";
clock24 = true;
newSession = true;
mouse = true;
escapeTime = 10;
terminal = "screen-256color";
extraConfig = ''
unbind _
bind _ split-window -h
unbind -
bind - split-window -v
unbind h
bind h select-pane -L
unbind j
bind j select-pane -D
unbind k
bind k select-pane -U
unbind l
bind l select-pane -R
'';
};
ssh = {
enable = true;
extraConfig = "User root";
matchBlocks.github = lib.hm.dag.entryBefore ["*"] {
hostname = "github.com";
user = "pizzapim";
identitiesOnly = true;
};
};
git = {
enable = true;
userName = "Pim Kunis";
userEmail = "pim@kunis.nl";
extraConfig = {
push.autoSetupRemote = true;
commit.verbose = true;
pull.rebase = true;
init.defaultBranch = "master";
}; };
}; };
@ -115,6 +234,7 @@
# - refined-github # - refined-github
librewolf = { librewolf = {
enable = true; enable = true;
settings = { settings = {
"identity.fxaccounts.enabled" = true; "identity.fxaccounts.enabled" = true;
"privacy.clearOnShutdown.history" = false; "privacy.clearOnShutdown.history" = false;
@ -126,58 +246,12 @@
}; };
}; };
# Let home-manager manage the X session sops = {
xsession = { enable = true; }; age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
defaultSopsFile = "${flake}/secrets/pim.yaml";
xdg = { secrets = {
userDirs.enable = true; "keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
configFile."home/postgresql_server.crt".source = ./postgresql_server.crt;
configFile."home/postgresql_client.crt".source = ./postgresql_client.crt;
};
homeage = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
installationType = "systemd";
file."common-pg-tfbackend" = {
source = ../secrets/common-pg-tfbackend.age;
symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ];
};
file."ansible-vault-secret" = {
source = ../secrets/ansible-vault-secret.age;
symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
};
file."powerdns-api-key" = {
source = ../secrets/powerdns-api-key.json.age;
symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
};
file."postgresql_client.key" = {
source = ../secrets/postgresql_client.key.age;
symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ];
};
};
fonts.fontconfig.enable = true;
dconf.settings = with lib.hm.gvariant; {
"org/gnome/desktop/input-sources" = {
sources = [ (mkTuple [ "xkb" "us" ]) ];
xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
};
"org/gnome/desktop/interface" = {
monospace-font-name = "Hack Nerd Font Mono 10";
};
"org/gnome/desktop/sound" = {
allow-volume-above-100-percent = true;
};
"org.gnome.desktop.wm.preferences" = {
auto-raise = true;
}; };
}; };
} }

9
home-manager/direnv/default.nix
View file

@ -1,9 +0,0 @@
{
config = {
programs.direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
};
}

15
home-manager/firefox/addons.nix
View file

@ -1,11 +1,10 @@
pkgs: lib: pkgs: lib: let
let
rycee-addons = pkgs.nur.repos.rycee.firefox-addons; rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
custom-addons = import ./custom-addons.nix pkgs lib; custom-addons = import ./custom-addons.nix pkgs lib;
in in
with rycee-addons; [ with rycee-addons; [
ublock-origin ublock-origin
istilldontcareaboutcookies istilldontcareaboutcookies
keepassxc-browser keepassxc-browser
custom-addons.simple-style-fox-2 custom-addons.simple-style-fox-2
] ]

46
home-manager/firefox/custom-addons.nix
View file

@ -1,15 +1,22 @@
pkgs: lib: pkgs: lib: let
let
# Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix # Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix
buildFirefoxXpiAddon = lib.makeOverridable ({ stdenv ? pkgs.stdenv buildFirefoxXpiAddon = lib.makeOverridable ({
, fetchurl ? pkgs.fetchurl, pname, version, addonId, url, sha256, meta, ... stdenv ? pkgs.stdenv,
}: fetchurl ? pkgs.fetchurl,
pname,
version,
addonId,
url,
sha256,
meta,
...
}:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "${pname}-${version}"; name = "${pname}-${version}";
inherit meta; inherit meta;
src = fetchurl { inherit url sha256; }; src = fetchurl {inherit url sha256;};
preferLocalBuild = true; preferLocalBuild = true;
allowSubstitutes = true; allowSubstitutes = true;
@ -25,14 +32,12 @@ in {
pname = "http-version-indicator"; pname = "http-version-indicator";
version = "3.2.1"; version = "3.2.1";
addonId = "spdyindicator@chengsun.github.com"; addonId = "spdyindicator@chengsun.github.com";
url = url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
"https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8"; sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8";
meta = with lib; { meta = with lib; {
homepage = "https://github.com/bsiegel/http-version-indicator"; homepage = "https://github.com/bsiegel/http-version-indicator";
description = description = "An indicator showing the HTTP version used to load the page in the address bar.";
"An indicator showing the HTTP version used to load the page in the address bar."; mozPermissions = ["<all_urls>" "tabs" "webNavigation" "webRequest"];
mozPermissions = [ "<all_urls>" "tabs" "webNavigation" "webRequest" ];
platforms = platforms.all; platforms = platforms.all;
}; };
}; };
@ -40,13 +45,11 @@ in {
pname = "indicatetls"; pname = "indicatetls";
version = "0.3.0"; version = "0.3.0";
addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}"; addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}";
url = url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
"https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465"; sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465";
meta = with lib; { meta = with lib; {
homepage = "https://github.com/jannispinter/indicatetls"; homepage = "https://github.com/jannispinter/indicatetls";
description = description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
"Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
license = licenses.mpl20; license = licenses.mpl20;
mozPermissions = [ mozPermissions = [
"tabs" "tabs"
@ -63,15 +66,13 @@ in {
pname = "sixindicator"; pname = "sixindicator";
version = "1.3.0"; version = "1.3.0";
addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}"; addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}";
url = url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
"https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d"; sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d";
meta = with lib; { meta = with lib; {
homepage = "https://github.com/HostedDinner/SixIndicator"; homepage = "https://github.com/HostedDinner/SixIndicator";
description = description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
"Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
license = licenses.mit; license = licenses.mit;
mozPermissions = [ "tabs" "webRequest" "<all_urls>" ]; mozPermissions = ["tabs" "webRequest" "<all_urls>"];
platforms = platforms.all; platforms = platforms.all;
}; };
}; };
@ -79,13 +80,12 @@ in {
pname = "simple-style-fox-2"; pname = "simple-style-fox-2";
version = "10.0"; version = "10.0";
addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}"; addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}";
url = url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
"https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d"; sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d";
meta = with lib; { meta = with lib; {
description = "Simple style fox 2"; description = "Simple style fox 2";
license = licenses.cc-by-30; license = licenses.cc-by-30;
mozPermissions = [ ]; mozPermissions = [];
platforms = platforms.all; platforms = platforms.all;
}; };
}; };

16
home-manager/firefox/default.nix
View file

@ -1,5 +1,9 @@
{ pkgs, lib, ... }: {
let pkgs,
lib,
config,
...
}: let
firefoxAddons = import ./addons.nix pkgs lib; firefoxAddons = import ./addons.nix pkgs lib;
firefoxSettings = { firefoxSettings = {
"browser.aboutConfig.showWarning" = false; "browser.aboutConfig.showWarning" = false;
@ -14,9 +18,11 @@ let
"browser.newtabpage.activity-stream.showSponsored" = false; "browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false; "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
}; };
in cfg = config.pim.firefox;
{ in {
config = { options.pim.firefox.enable = lib.mkEnableOption "firefox";
config = lib.mkIf cfg.enable {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
profiles = { profiles = {

8
home-manager/fzf/default.nix
View file

@ -1,8 +0,0 @@
{
config = {
programs.fzf = {
enable = true;
enableBashIntegration = true;
};
};
}

18
home-manager/git/default.nix
View file

@ -1,18 +0,0 @@
{
config = {
programs.git = {
enable = true;
userName = "Pim Kunis";
userEmail = "pim@kunis.nl";
extraConfig = {
push.autoSetupRemote = true;
commit.verbose = true;
pull.rebase = true;
};
includes = [{
path = "~/git/suecode/.gitconfig";
condition = "gitdir:~/git/suecode/**";
}];
};
};
}

94
home-manager/gnome.nix Normal file
View file

@ -0,0 +1,94 @@
{
pkgs,
lib,
flake,
config,
...
}: let
cfg = config.pim.gnome;
in {
options.pim.gnome.enable = lib.mkEnableOption "gnome";
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [gnome.gnome-tweaks];
dconf.settings = with lib.hm.gvariant; {
"org/gnome/desktop/sound".allow-volume-above-100-percent = true;
"org/gnome/desktop/wm.preferences".num-workspaces = 4;
"org/gnome/mutter".edge-tiling = true;
"org/gnome/shell" = {
disable-extension-version-validation = true;
enabled-extensions = [
"workspaces-by-open-apps@favo02.github.com"
"pop-shell@system76.com"
"windowIsReady_Remover@nunofarruca@gmail.com"
"randomwallpaper@iflow.space"
"Vitals@CoreCoding.com"
"tailscale-status@maxgallup.github.com"
];
};
"org/gnome/desktop/input-sources" = {
sources = [(mkTuple ["xkb" "us"])];
xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"];
};
"org/gnome/shell/extensions/pop-shell" = {
active-hint = true;
fullscreen-launcher = false;
mouse-cursor-focus-location = mkUint32 4;
mouse-cursor-follows-active-window = true;
show-skip-taskbar = false;
show-title = true;
smart-gaps = false;
snap-to-grid = false;
stacking-with-mouse = true;
tile-by-default = true;
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "<Super>t";
command = lib.getExe config.programs.alacritty.package;
name = "Terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "<Super>e";
command = "${lib.getExe config.programs.librewolf.package} --browser";
name = "Browser";
};
"org/gnome/desktop/wm/keybindings" = {
close = ["<Shift><Super>q"];
minimize = mkEmptyArray type.string;
move-to-workspace-1 = ["<Shift><Super>1"];
move-to-workspace-2 = ["<Shift><Super>2"];
move-to-workspace-3 = ["<Shift><Super>3"];
move-to-workspace-4 = ["<Shift><Super>4"];
switch-applications = mkEmptyArray type.string;
switch-applications-backward = mkEmptyArray type.string;
switch-to-workspace-1 = ["<Super>1"];
switch-to-workspace-2 = ["<Super>2"];
switch-to-workspace-3 = ["<Super>3"];
switch-to-workspace-4 = ["<Super>4"];
toggle-fullscreen = ["<Super>f"];
};
"org/gnome/shell/extensions/space-iflow-randomwallpaper" = {
auto-fetch = true;
change-type = 2;
hide-panel-icon = true;
history-length = 1;
hours = 0;
minutes = 30;
sources = ["42"];
fetch-on-startup = true;
};
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4;
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${flake}/wallpapers";
};
};
}

9
home-manager/keepassxc/default.nix
View file

@ -1,9 +0,0 @@
{ pkgs, config, ... }: {
config = {
home.packages = [ pkgs.unstable.keepassxc ];
homeage.file."keepassxc.ini" = {
source = ../../secrets/keepassxc.ini.age;
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
};
};
}

14
home-manager/neovim/default.nix
View file

@ -1,5 +1,14 @@
{ pkgs, ... }: { {
config = { pkgs,
config,
lib,
...
}: let
cfg = config.pim.neovim;
in {
options.pim.neovim.enable = lib.mkEnableOption "neovim";
config = lib.mkIf cfg.enable {
programs.neovim = { programs.neovim = {
enable = true; enable = true;
viAlias = true; viAlias = true;
@ -11,7 +20,6 @@
extraPackages = with pkgs; [ extraPackages = with pkgs; [
nil nil
nodePackages.pyright nodePackages.pyright
neofetch
gopls gopls
terraform-ls terraform-ls
nixfmt-classic nixfmt-classic

29
home-manager/neovim/lspconfig.lua
View file

@ -45,14 +45,21 @@ require("lspconfig").terraformls.setup({
capabilities = capabilities, capabilities = capabilities,
}) })
-- require'lspconfig'.efm.setup { local function has_treefmt()
-- on_attach = require("lsp-format").on_attach, local git_root = vim.fn.systemlist("git rev-parse --show-toplevel")[1]
-- init_options = {documentFormatting = true}, if vim.v.shell_error ~= 0 then
-- settings = { return false
-- languages = { end
-- lua = {{formatCommand = "lua-format -i", formatStdin = true}}, local treefmt_path = git_root .. "/treefmt.nix"
-- nix = {{formatCommand = "nixfmt", formatStdin = true}} return vim.fn.filereadable(treefmt_path) == 1
-- } end
-- },
-- filetypes = {"lua", "nix"} vim.api.nvim_create_autocmd("BufWritePost", {
-- } pattern = "*",
callback = function()
if vim.fn.expand("%:p") ~= vim.fn.getcwd() .. "/.git/COMMIT_EDITMSG" and has_treefmt() then
vim.cmd("silent !treefmt > /dev/null 2>&1")
end
end,
group = vim.api.nvim_create_augroup("TreefmtAutoformat", { clear = true }),
})

36
home-manager/neovim/none-ls.lua
View file

@ -20,24 +20,24 @@ require("null-ls").setup({
}, },
-- configure format on save -- configure format on save
on_attach = function(current_client, bufnr) -- on_attach = function(current_client, bufnr)
if current_client.supports_method("textDocument/formatting") then -- if current_client.supports_method("textDocument/formatting") then
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr }) -- vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", { -- vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup, -- group = augroup,
buffer = bufnr, -- buffer = bufnr,
callback = function() -- callback = function()
vim.lsp.buf.format({ -- vim.lsp.buf.format({
filter = function(client) -- filter = function(client)
-- only use null-ls for formatting instead of lsp server -- -- only use null-ls for formatting instead of lsp server
return client.name == "null-ls" -- return client.name == "null-ls"
end, -- end,
bufnr = bufnr, -- bufnr = bufnr,
}) -- })
end, -- end,
}) -- })
end -- end
end, -- end,
}) })
-- formatting command -- formatting command

17
home-manager/postgresql_client.crt
View file

@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICrzCCAZcCFApupXAa2tPytpi3av47+az0Ggb4MA0GCSqGSIb3DQEBCwUAMBQx
EjAQBgNVBAMMCWplZmtlLmh5cDAeFw0yMzExMjQyMjAzMjhaFw0yNDExMjMyMjAz
MjhaMBQxEjAQBgNVBAMMCXRlcnJhZm9ybTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALeJ/fYUCmwislUw4XcCxivCUuWuUWI+t/nke9/hWEWTmDG4Z7/a
IAKqsGk0zNATQViAXmYZwdYK70AKQhxat3OJcuZarsurOXVjVJdT4Wr5SxHGHjd0
bwd8JzFZPIfgYCILCISFjCIfpD58kBq2bkvI4rpn4tb2iPunXp0+S8iHDMB5wAOb
FgT0muuz9ua4R76nq79O9wLbAVf38CDR9bMGcPcKknz0sl37jr7A/pDvQzpFWO33
eJb64b7Qe4CHslWFj1tdEkXaMpMNWHhc2TmtLtlt6a+RY1R9KdX5x0lQTyJnEwJZ
8YTKnlMoNvkfBznuARFmNNmUYPoHE6WgonMCAwEAATANBgkqhkiG9w0BAQsFAAOC
AQEAaH1HVPThhAkrXE4Zmh49D1zvq5uy6moV326/ovnPQfco2jYBYO5mYxBF32mx
ShEanbJJKkFjWkQHmsWt7nrkeloz6q8sD19nLyyWmMj0Pd6wcLv017Zdo902fh27
Rl8qZS44vEc+N/5gc2eINMfXm/JOdXYntOVpFO/I+6b9Q2iWFX3YUAXiIDiEYBvS
BBqyXC2nVg6Lp1KVg+EaYW27sj8b5HHXnpEGdXduVmOWttdaQVjYslqmH7mUKi9f
2U9FicMvw6KvkRki+SLKeZr2yIP1QQOnWg0BPbeCpMfdMSu/AtLkAtugZeT8p1Ko
3hMMyKKzyyhiwpzvk21QFNZ5LA==
-----END CERTIFICATE-----

67
home-manager/postgresql_server.crt
View file

@ -1,67 +0,0 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
ef:2f:4d:d4:26:7e:33:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=jefke.hyp
Validity
Not Before: Nov 22 19:12:03 2023 GMT
Not After : Oct 29 19:12:03 2123 GMT
Subject: CN=jefke.hyp
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:ab:eb:9c:d0:7f:4f:f1:ba:65:0a:8b:07:7b:
2e:5b:f0:26:82:33:c9:73:e6:91:cc:11:94:05:1c:
8d:67:29:cb:5e:67:35:02:80:54:af:99:4b:aa:ce:
e8:56:62:be:63:cb:b2:4a:b0:a9:28:12:e2:77:50:
7d:d5:d2:3b:48:d8:32:59:25:26:ff:a6:5c:f6:eb:
ae:5b:3d:7a:14:10:ba:90:9c:6f:1f:b9:d8:99:0e:
b7:09:5e:62:69:c4:c0:c6:27:b0:d3:60:0d:47:4c:
a5:11:53:f2:f1:4a:f9:a6:bc:d6:a3:35:a2:e8:e5:
a9:d1:60:e8:e5:18:ce:d2:60:80:4e:dc:48:ae:7f:
b7:ea:76:51:28:39:a4:b0:95:82:95:93:98:b2:9f:
23:c9:81:69:59:a3:e4:f7:5a:1c:01:31:96:c1:4b:
59:21:f8:a2:e6:9e:21:78:0e:6b:c1:68:c7:5c:16:
9a:06:54:df:b6:77:1d:2d:89:d0:c8:9e:db:b5:d4:
8c:fb:b9:4f:b7:6e:39:5f:39:8e:48:73:76:7d:46:
6e:1f:8d:14:cb:40:b5:ff:c6:f0:c0:44:3c:ed:52:
3f:4f:7b:69:63:93:c6:41:e6:5e:ed:33:50:20:46:
db:93:bf:e8:52:51:95:f1:81:73:58:da:67:21:7b:
12:bd
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
aa:5c:89:41:a6:b7:3d:65:87:ca:50:c4:f3:58:aa:d3:b4:55:
b1:a7:8d:18:26:17:e5:8a:21:24:a1:49:53:77:31:5b:55:63:
be:01:d8:fe:b7:06:7c:da:07:1f:94:6a:de:96:ad:ca:3b:20:
2a:e1:35:90:19:83:6d:37:d1:15:12:de:3c:0e:46:be:66:a1:
6a:1d:ec:72:dc:46:79:69:e4:af:77:c8:ff:cd:d6:7d:16:88:
ab:44:fd:70:fc:40:47:ff:43:95:11:5a:9a:56:0c:d2:dd:7c:
3b:87:aa:10:26:fa:25:a3:a0:43:8a:1b:ec:54:11:7e:65:67:
d2:06:e1:3e:3b:e1:0e:b0:80:ef:4b:35:3f:fc:34:1d:95:2e:
ee:c1:67:38:da:b3:74:86:4b:95:8c:0c:1d:51:28:c1:42:e9:
77:68:d7:ec:3b:66:30:c6:e5:2a:62:ea:15:fb:24:56:cf:02:
d0:25:54:a7:58:15:b5:2a:71:93:56:c0:69:7a:36:18:6c:31:
b1:8e:3c:77:d7:77:ac:fc:e1:94:c5:08:bb:35:ac:48:5f:6b:
8b:c8:c8:78:f4:a9:ca:4f:9d:51:54:89:97:c9:af:a1:fa:71:
df:58:f6:ff:04:7c:c8:1c:95:6b:1a:e3:a7:f6:43:1c:27:94:
10:03:ce:ec
-----BEGIN CERTIFICATE-----
MIICpjCCAY4CCQDvL03UJn4zGzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlq
ZWZrZS5oeXAwIBcNMjMxMTIyMTkxMjAzWhgPMjEyMzEwMjkxOTEyMDNaMBQxEjAQ
BgNVBAMMCWplZmtlLmh5cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMer65zQf0/xumUKiwd7LlvwJoIzyXPmkcwRlAUcjWcpy15nNQKAVK+ZS6rO6FZi
vmPLskqwqSgS4ndQfdXSO0jYMlklJv+mXPbrrls9ehQQupCcbx+52JkOtwleYmnE
wMYnsNNgDUdMpRFT8vFK+aa81qM1oujlqdFg6OUYztJggE7cSK5/t+p2USg5pLCV
gpWTmLKfI8mBaVmj5PdaHAExlsFLWSH4ouaeIXgOa8Fox1wWmgZU37Z3HS2J0Mie
27XUjPu5T7duOV85jkhzdn1Gbh+NFMtAtf/G8MBEPO1SP097aWOTxkHmXu0zUCBG
25O/6FJRlfGBc1jaZyF7Er0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqlyJQaa3
PWWHylDE81iq07RVsaeNGCYX5YohJKFJU3cxW1VjvgHY/rcGfNoHH5Rq3patyjsg
KuE1kBmDbTfRFRLePA5Gvmahah3sctxGeWnkr3fI/83WfRaIq0T9cPxAR/9DlRFa
mlYM0t18O4eqECb6JaOgQ4ob7FQRfmVn0gbhPjvhDrCA70s1P/w0HZUu7sFnONqz
dIZLlYwMHVEowULpd2jX7DtmMMblKmLqFfskVs8C0CVUp1gVtSpxk1bAaXo2GGwx
sY48d9d3rPzhlMUIuzWsSF9ri8jIePSpyk+dUVSJl8mvofpx31j2/wR8yByVaxrj
p/ZDHCeUEAPO7A==
-----END CERTIFICATE-----

30
home-manager/ssh/default.nix
View file

@ -1,30 +0,0 @@
{ config, lib, ... }: {
config = {
programs.ssh = {
enable = true;
extraConfig = "User root";
matchBlocks = {
github = lib.hm.dag.entryBefore [ "*" ] {
hostname = "github.com";
user = "pizzapim";
identitiesOnly = true;
};
lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.dmz"; };
atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.dmz"; };
jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.dmz"; };
warwick = lib.hm.dag.entryBefore [ "*" ] { hostname = "warwick.dmz"; };
};
};
homeage.file."sue_ed25519" = {
source = ../../secrets/sue_ed25519.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
};
homeage.file."sue_azure_rsa" = {
source = ../../secrets/sue_azure_rsa.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
};
};
}

18
home-manager/syncthing.nix Normal file
View file

@ -0,0 +1,18 @@
{
config,
lib,
...
}: let
cfg = config.pim.syncthing;
in {
options.pim.syncthing.enable = lib.mkEnableOption "syncthing";
config = lib.mkIf cfg.enable {
services.syncthing.enable = true;
sops.secrets = {
"syncthing/key".path = "${config.xdg.configHome}/syncthing/key.pem";
"syncthing/cert".path = "${config.xdg.configHome}/syncthing/cert.pem";
};
};
}

15
home-manager/syncthing/default.nix
View file

@ -1,15 +0,0 @@
{ config, ... }: {
config = {
services.syncthing.enable = true;
homeage.file."syncthing-key.pem" = {
source = ../../secrets/syncthing-key.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
};
homeage.file."syncthing-cert.pem" = {
source = ../../secrets/syncthing-cert.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
};
};
}

8
home-manager/thunderbird/default.nix
View file

@ -1,8 +0,0 @@
{
config = {
programs.thunderbird = {
enable = true;
profiles.default = { isDefault = true; };
};
};
}

16
home-manager/tidal.nix Normal file
View file

@ -0,0 +1,16 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.pim.tidal;
in {
options.pim.tidal.enable = lib.mkEnableOption "tidal";
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
supercollider-with-sc3-plugins
];
};
}

32
home-manager/vscode.nix Normal file
View file

@ -0,0 +1,32 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.pim.vscode;
in {
options.pim.vscode.enable = lib.mkEnableOption "vscode";
config = lib.mkIf cfg.enable {
programs.vscode = {
enable = true;
package = pkgs.vscodium;
extensions = with pkgs.vscode-extensions; [
vscodevim.vim
marp-team.marp-vscode
jnoortheen.nix-ide
mkhl.direnv
];
userSettings = {
"nix.enableLanguageServer" = true;
"nix.serverPath" = lib.getExe pkgs.nil;
"terminal.integrated.defaultProfile.linux" = "fish";
"explorer.confirmDragAndDrop" = false;
"explorer.confirmPasteNative" = false;
"explorer.confirmDelete" = false;
};
};
};
}

4
machines/default.nix Normal file
View file

@ -0,0 +1,4 @@
{
sue = import ./sue;
gamepc = import ./gamepc;
}

94
machines/gamepc/configuration.nix Normal file
View file

@ -0,0 +1,94 @@
{
config,
lib,
...
}: {
config = {
pim = {
cinnamon.enable = true;
};
facter.reportPath = ./facter.json;
networking.hostName = "gamepc";
services.openssh.enable = true;
users.users = {
root.password = "";
pim = {
openssh.authorizedKeys.keys = config.pim.ssh.keys.pim;
password = "";
};
};
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
disko.devices.disk = lib.genAttrs ["0" "1"] (name: {
type = "disk";
device = "/dev/nvme${name}n1";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "500M";
type = "EF00";
content = {
type = "mdraid";
name = "boot";
};
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
});
disko.devices.mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.0";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
end = "-4G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "100%";
content = {
type = "swap";
};
};
};
};
};
};
};
}

4
machines/gamepc/default.nix Normal file
View file

@ -0,0 +1,4 @@
{
nixosModule = import ./configuration.nix;
homeManagerModule = import ./home.nix;
}

4792
machines/gamepc/facter.json Normal file
View file

File diff suppressed because it is too large Load diff

7
machines/gamepc/home.nix Normal file
View file

@ -0,0 +1,7 @@
{pkgs, ...}: {
home.packages = with pkgs.unstable; [
devenv
vlc
handbrake
];
}

49
machines/sue/configuration.nix Normal file
View file

@ -0,0 +1,49 @@
{inputs, ...}: {
config = {
pim = {
lanzaboote.enable = true;
tidal.enable = true;
gnome.enable = true;
stylix.enable = true;
wireguard.enable = true;
tailscale.enable = true;
compliance.enable = true;
sops.enable = true;
};
facter.reportPath = ./facter.json;
networking.hostName = "xps-9315";
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
nix.settings = {
substituters = ["https://cosmic.cachix.org/"];
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
specialisation.cosmic.configuration = {
imports = [
inputs.nixos-cosmic.nixosModules.default
];
services = {
desktopManager.cosmic.enable = true;
displayManager.cosmic-greeter.enable = true;
};
};
};
}

4
machines/sue/default.nix Normal file
View file

@ -0,0 +1,4 @@
{
nixosModule = import ./configuration.nix;
homeManagerModule = import ./home.nix;
}

6453
machines/sue/facter.json Normal file
View file

File diff suppressed because it is too large Load diff

44
machines/sue/home.nix Normal file
View file

@ -0,0 +1,44 @@
{pkgs, ...}: {
config = {
pim = {
tidal.enable = true;
gnome.enable = true;
vscode.enable = true;
syncthing.enable = true;
neovim.enable = true;
firefox.enable = true;
};
home.packages =
(with pkgs; [
jellyfin-media-player
virt-manager
])
++ (with pkgs.unstable; [
attic-client
dbeaver-bin
devenv
bottles-unwrapped
gimp
hexchat
impression
insomnia
keepassxc
krita
libreoffice
# logseq # Has insecure electron dependency
moonlight-qt
nicotine-plus
qFlipper
signal-desktop
strawberry
telegram-desktop
vlc
vorta
wireshark
# nheko # Has insecure olm dependency
handbrake
feishin
]);
};
}

19
nixos/cinnamon.nix Normal file
View file

@ -0,0 +1,19 @@
{
config,
lib,
...
}: let
cfg = config.pim.cinnamon;
in {
options.pim.cinnamon.enable = lib.mkEnableOption "cinnamon";
config = lib.mkIf cfg.enable {
services = {
displayManager.defaultSession = "cinnamon";
libinput.enable = true;
xserver = {
desktopManager.cinnamon.enable = true;
displayManager.lightdm.enable = true;
};
};
};
}

14
nixos/compliance.nix Normal file
View file

@ -0,0 +1,14 @@
{
config,
lib,
...
}: let
cfg = config.pim.compliance;
in {
options.pim.compliance.enable = lib.mkEnableOption "compliance";
config = lib.mkIf cfg.enable {
services.clamav = {
daemon.enable = true;
};
};
}

174
nixos/default.nix Normal file
View file

@ -0,0 +1,174 @@
{
pkgs,
config,
lib,
inputs,
flake,
system,
...
}: {
imports = [
inputs.home-manager.nixosModules.home-manager
inputs.nixos-facter-modules.nixosModules.facter
inputs.disko.nixosModules.disko
./lanzaboote.nix
./tidal.nix
./sops.nix
./stylix.nix
./wireguard.nix
./gnome.nix
./tailscale.nix
./compliance.nix
./cinnamon.nix
./ssh.nix
];
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
programs.ssh.startAgent = true;
services = {
xserver.enable = true;
printing = {
enable = true;
drivers = [pkgs.hplip pkgs.gutenprint];
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
};
users.users.pim = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
};
environment = {
systemPackages = with pkgs; [
age
borgbackup
btop
btrfs-progs
curl
dig
exfat
f3
fastfetch
file
git
jq
kubectl
nmap
poppler_utils # For pdfunite
ripgrep
sbctl
silicon
tree
units
vim
wget
yq
ncdu
lshw
];
};
system = {
stateVersion = "23.05";
activationScripts.diff = ''
if [[ -e /run/current-system ]]; then
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
fi
'';
};
security = {
rtkit.enable = true;
sudo.extraConfig = ''
Defaults timestamp_timeout=30
'';
};
nix = {
package = pkgs.nixFlakes;
settings.trusted-users = ["root" "pim"];
extraOptions = ''
experimental-features = nix-command flakes
'';
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
networking.useDHCP = lib.mkDefault true;
virtualisation.docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"libfprint-2-tod1-goodix"
];
};
overlays = [
inputs.nur.overlay
(final: _prev: {
unstable = import inputs.nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
})
];
};
boot = {
kernelModules = ["kvm-intel" "cdrom"];
extraModulePackages = [];
initrd = {
availableKernelModules = ["sd_mod"];
kernelModules = [];
};
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
};
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = false;
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit flake inputs;};
users.pim.imports = ["${flake}/home-manager"];
};
}

57
nixos/gnome.nix Normal file
View file

@ -0,0 +1,57 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.pim.gnome;
in {
options.pim.gnome.enable = lib.mkEnableOption "gnome";
config = lib.mkIf cfg.enable {
services = {
gnome.gnome-keyring.enable = lib.mkForce false;
xserver = {
desktopManager.gnome.enable = true;
displayManager.gdm.enable = true;
excludePackages = [pkgs.xterm];
};
};
environment = {
systemPackages =
[
pkgs.gnome.gnome-shell-extensions
]
++ (with pkgs.gnomeExtensions; [
pop-shell
window-is-ready-remover
random-wallpaper
workspaces-indicator-by-open-apps
]);
gnome.excludePackages =
(with pkgs; [
epiphany
gnome-connections
gnome-console
gnome-tour
])
++ (with pkgs.gnome; [
geary
gnome-calendar
gnome-clocks
gnome-contacts
gnome-font-viewer
gnome-logs
gnome-maps
gnome-music
seahorse
totem
yelp
gnome-weather
]);
};
};
}

7
modules/nixos/lanzaboote.nix → nixos/lanzaboote.nix
View file

@ -1,4 +1,9 @@
{ config, lib, inputs, ... }: { {
config,
lib,
inputs,
...
}: {
imports = [ imports = [
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
]; ];

22
nixos/sops.nix Normal file
View file

@ -0,0 +1,22 @@
{
inputs,
pkgs,
flake,
config,
lib,
...
}: let
cfg = config.pim.sops;
in {
imports = [inputs.sops-nix.nixosModules.sops];
options.pim.sops.enable = lib.mkEnableOption "sops";
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [sops];
sops = {
age.keyFile = "/home/pim/.config/sops/age/keys.txt";
defaultSopsFile = "${flake}/secrets/secrets.yaml";
};
};
}

27
nixos/ssh.nix Normal file
View file

@ -0,0 +1,27 @@
{lib, ...}: {
options = {
pim.ssh.keys = lib.mkOption {
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
};
};
config = {
pim.ssh.keys = {
pim = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"];
niels = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"];
};
services = {
openssh = {
openFirewall = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
GSSAPIAuthentication = false;
UseDns = false;
};
};
};
};
}

47
nixos/stylix.nix Normal file
View file

@ -0,0 +1,47 @@
{
pkgs,
inputs,
config,
lib,
...
}: let
cfg = config.pim.stylix;
in {
imports = [inputs.stylix.nixosModules.stylix];
options.pim.stylix.enable = lib.mkEnableOption "stylix";
config = {
stylix = lib.mkMerge [
{
image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png";
}
(lib.mkIf cfg.enable {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
cursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 28;
};
fonts = {
monospace = {
package = pkgs.nerdfonts.override {fonts = ["JetBrainsMono"];};
name = "JetBrainsMono Nerd Font Mono";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
};
})
];
};
}

20
nixos/tailscale.nix Normal file
View file

@ -0,0 +1,20 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.pim.tailscale;
in {
options.pim.tailscale.enable = lib.mkEnableOption "tailscale";
config = lib.mkIf cfg.enable {
environment.systemPackages = [pkgs.gnomeExtensions.tailscale-status];
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
networking.networkmanager.unmanaged = ["tailscale0"];
};
}

13
nixos/tidal.nix Normal file
View file

@ -0,0 +1,13 @@
{
lib,
config,
...
}: let
cfg = config.pim.tidal;
in {
options.pim.tidal.enable = lib.mkEnableOption "tidal";
config = lib.mkIf cfg.enable {
users.users.pim.extraGroups = ["audio"];
};
}

55
nixos/wireguard.nix Normal file
View file

@ -0,0 +1,55 @@
{
lib,
config,
...
}: let
cfg = config.pim.wireguard;
in {
options.pim.wireguard.enable = lib.mkEnableOption "wireguard";
config = lib.mkIf cfg.enable {
networking = {
useDHCP = lib.mkDefault true;
networkmanager.unmanaged = ["tailscale0"];
wg-quick.interfaces = {
home = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = ["10.225.191.4/24"];
dns = ["192.168.30.131"];
autostart = false;
mtu = 1412;
peers = [
{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = ["0.0.0.0/0"];
}
];
};
home-no-pihole = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = ["10.225.191.4/24"];
dns = ["192.168.10.1"];
autostart = false;
mtu = 1412;
peers = [
{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = ["0.0.0.0/0"];
}
];
};
};
};
sops.secrets = {
"wireguard/home/presharedKey" = {};
"wireguard/home/privateKey" = {};
};
};
}

3
secrets/README.md
View file

@ -1,3 +0,0 @@
```bash
nix run github:ryantm/agenix# -- -e secret1.age
```

BIN
secrets/ansible-vault-secret.age
View file

Binary file not shown.

12
secrets/common-pg-tfbackend.age
View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww i6BkkMy9gSSVZ+L+EMYSLakp1qA4yOGbEkLrO4Ddbxs
FsoRnCiPsJEKQj+2iJaqn+BbU+bFMAkReRotiV+0WCs
-> ssh-ed25519 vBZj5g +6YFp3yYXSEzRMXu7WyURkJk/cA87irnW5FpKRYnGSA
dJkMmnxyVEv/S9FmCrRkrYDCh+OwXK+UYno3ncr5nOk
-> 6gQa-grease Yt+ucm#U |<d\`t
SxpuSh2ee/jDNu7mXcn82fTt6/wy7ksA+W1xHQHiShJGvyyr6dTIPEk0qY1oqIPt
HkQNvNYLpMwpAqSTvmcmybps4CoWt0x6GJ0aBPOlYEIuwHnJ5Pkvnf4U9wPuwr6Y
zQ
--- hHweNMiKEIEw/TwSGhElfRiQYqLtmhwylkMWvfthyGY
?×%Ö¿H¹§G¤/Pì#
ÚŠÐÛäF±QÙç„lRÊDcNÖЉ ç$Hs©ŠTæžø<C5BE>ÊÁÏqVf¤àˆÝkëã•ø<E280A2>ï¡×OŒÞÛµæE•êgißžXŒ§sá”)gO¢.·]·æÐCJcè<63>E^EŸq:<3A>qß&™E™#¾ArÄªÉ ™€ñì

BIN
secrets/keepassxc.ini.age
View file

Binary file not shown.

24
secrets/pim.yaml Normal file
View file

File diff suppressed because one or more lines are too long

BIN
secrets/postgresql_client.key.age
View file

Binary file not shown.

11
secrets/powerdns-api-key.json.age
View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww NnvaPUzk3WjwC3nu7T47DXtNqDuysbgAccdF1kWO5yQ
XYX2GfZSHrnhoKutbqVxB9zghbl1kZDyOTphUXvt8oQ
-> ssh-ed25519 vBZj5g mpi+OE3ST+mP05IKimQrwOZxOaDgeUUoKujOOSXEljQ
kwHkJu14Xpqgd4POeuLLcbech+Kh2XSfBed3M1Cu8DA
-> =6-grease C`Yq5 Y2 4
8sgSLLYCXkFRy0SFfNH0fhb14HonKVpVfkc1rc7sC7bXVXi8FGri/d/AW42G2J9m
W/FfhKnGBAOj1cA/wPw4cqCcQKbux78C7BdN6EfrF+ddzF+n98EwtBJ/cjzRky+A
FJJY
--- sytjLDBFLb2VqtF3LSiSS1Nxb56oNtx2AGzhYCPItW8
.ÚËr-Ò†±–åØè/ BD$Õ¬F³Ðó¡FÜЙó‰SÅÙ/MœÎËâò ª¸òi/<2F># šÙï%u7ÍŸ6ƒör…W ¸öe?…ƒÉi,·ÐÑä[ÁY¤9ÙÿÀÁ

22
secrets/secrets.nix
View file

@ -1,22 +0,0 @@
let
pkgs = import <nixpkgs> { };
publicKeysURL =
"https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
publicKeys = pkgs.lib.strings.splitString "\n"
(pkgs.lib.strings.fileContents publicKeysFile);
in
{
"wg-quick-home-privkey.age".publicKeys = publicKeys;
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
"sue_ed25519.age".publicKeys = publicKeys;
"sue_azure_rsa.age".publicKeys = publicKeys;
"syncthing-key.pem.age".publicKeys = publicKeys;
"syncthing-cert.pem.age".publicKeys = publicKeys;
"common-pg-tfbackend.age".publicKeys = publicKeys;
"ansible-vault-secret.age".publicKeys = publicKeys;
"powerdns-api-key.json.age".publicKeys = publicKeys;
"keepassxc.ini.age".publicKeys =
publicKeys; # Secret agent causes private keys in config file.
"postgresql_client.key.age".publicKeys = publicKeys;
}

25
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,25 @@
testje: ENC[AES256_GCM,data:kMnaocttth1O6g==,iv:mV9gEMdomVhmOTBUWIFz3o23TBb7DLM2rXI/Tb81bSg=,tag:qj6TlvW5sY6Ek9M0GIqB3A==,type:str]
wireguard:
home:
presharedKey: ENC[AES256_GCM,data:H+oCRsg2ikN9KyVacEFasYmx5XE1zrnjBthkL5OitOXHTr4Ls0zwoF5StXs=,iv:N63wO4TKagbweStqf7wL3YZ0njxDNvrISErPao5wf7o=,tag:67kZcNaCzv3RI41XmA+UFQ==,type:str]
privateKey: ENC[AES256_GCM,data:WcPVrLiy2JJvzIh7sUpHMnt1MNx5rw5bI+xGmkitC9nEiNytMG71wmlC4d0=,iv:sl8gZgCzaW10UH0GLycvQVHqBlDVq7BUgoIEl41lc20=,tag:7oLlVjulxuEsW+pS8sZ+Ew==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWL1dlTjFNTXRPd0ppbE1i
THlsMzB1K041eUdTemRseGk5dkVwUDk2TFIwCnR1WE9iYXhHWHprZCtlSFExakhs
R0FtcEc0VTJ4WFBORFluYTdBTFh1NzAKLS0tIGtrYkVPSEVXV1dnb1J4V1pkQktW
VjNXUkpmVmxyNDNsT0ZjQjhOYklEbW8KV86AD+8QE14BZxWb7TVolwlcy1eFKxks
rOpqcXBqtUPaBC10IhVV434DGFIZMtRuYEQ4G/sdCsc3qiNxO3Cl4A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-15T14:04:18Z"
mac: ENC[AES256_GCM,data:6YKdfUk4ltXQ6U7FHs9ehGDUVzfZo1cKnSJMp+zYBEBnhmz7LdCBZycBpJ9syJn4WW1jZ8Bz7+lIxDsXm35AhjI+Mia20BqcWotcCaoHUslK+QV/YRIw8wxP7pvOKNeTa9UMhrcpXBVJxdQvKEBZPWziD4Xk3RGomvGEjB3xXKY=,iv:Tvgo/tlxnNk31C/cqCAKIGRdYEug9DdqeIUdJgQj4yE=,tag:z/tWTyiYmUmc2zVc3mQq0Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

BIN
secrets/sue_azure_rsa.age
View file

Binary file not shown.

BIN
secrets/sue_ed25519.age
View file

Binary file not shown.

BIN
secrets/syncthing-cert.pem.age
View file

Binary file not shown.

12
secrets/syncthing-key.pem.age
View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww 0YS+10yTGhQwLKj5SZkyHLAOMHScnEXuW8H1LJSJJl8
fYIEukt41D5s417B6EcCj5DP0JCcqDKIzdUqGeNLguQ
-> ssh-ed25519 vBZj5g ufNv/vQfhTj203S9NhLoTs3AK3v1MQC73oPLhj7TJQ8
/ExO1bN02B6uJoWiVQDqRQ6yMd4o3qR3sUpN9OHEW50
-> 9f-grease p
6eUQ4dl855OIlCfN61wQ/7n8
--- WTuEDM+CWDqaep0MlbCL1QXXzDumVR4WCXhyA3b7zm8
Û,”ùQÎófç¥w— >Óœ×ÿ¿g7QÂå×Ú¤2*ð<>„ù 0­.Ž3zy•DØ<31>4™¹ÀE$Nw7îqAÊp¹&g;„®
¢VÊ\oø_^èW¼<>-WÞ(k\¬ÝRµb£{h<*ì èÒçظ¤11gKÏâk<C3A2>U,Ñ$>­p®zoÑlÏ5\dSÌ4OOû\¯+yÿúà(–Ä×Çå+»ñëÿçbãj¼Eº)}ì$ÒŽ¬T?»
ÿ%;Ž¿QFiçº4ŽJH®Ÿ­å<C2AD>™6AúSâÑÜЉãˆ<C3A3>k˜Z²?ܸ”MY26ËhÊ]e”µ(¤a¤&[ͳ°0‡juSóXKúNd>,Ûçv®ÔŠ¬
ѳ /BnùšgæO ©m}~¦‡z™i‰Üx£GàÈöb­

9
secrets/wg-quick-home-preshared-key.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww Wlatyvlg6jc+ISAQu1QEA62IUeWnriQJg+ChseMcyFI
tRhEc/mkG7FFZO2G5A+0NNCj693Q3dbDhMOBxKmCBjw
-> ssh-ed25519 vBZj5g HdeqB71NJkEFgXb0LPefYl+kwQNUYJQAHBEDxKdPqxk
6mUCxbBT6PpAf0BwTD6Tv7pDZzWmHxBWw+/IbgLXQZA
-> N-grease
OKOvPc2zAXju6FzjNzuCZiF9pN2hmmxMMRWxZwXar8MR
--- QR9PJv7R2ASeHrsBO7SuZzAB9s5fD0jT/qEFuJx8CNg
Š·_AéZñR IWnO†¢'j—̤,ÄØÃ#†ò™ZPjJ©è&Zô˜ôÎÃ…ÿ°ë…{ÕW…ðÚ˜×wÞˆ %Ó±‰%

10
secrets/wg-quick-home-privkey.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww ST/R4vPro6VMrJgRJqMIYkhaQJ0EV0ss/yX94BAxSWE
VIWQpIuuf0OS4z1D1QsFRvvWrmbo6LJEdPJ7jmbhv+w
-> ssh-ed25519 vBZj5g GAlVKDrXvlR7FqID4Rbpb64QChS8rwUCyJdxg2PXSw0
cS8pDXkYvvFsiTt0i6s5r/7cxbf5IcjiNQWQAcgoXFg
-> w-grease s,fAjpd YvL[bWVw $h4j|^ >JU
EO9ZKdn19mADx6rwhpKftX/QxZ4yNlXgZttyn0rBpSZuVfX8Oj430VppAZ5RYwn9
zHqBvBs6VEYUt4jOWOGl/idBNg
--- OnaKsFMYoiOP1T2o4GIgME6KQqWqwIQM9WADk28E9qA
<<16>˜±n-ã¸þ”iìÙ÷bÖRä¿·â;¢©Ö)¸“[ G[Õ„·FÔX°ä<C2B0>?Hne•®ò&­n¸m#œ$}”¸e]Õ-6ᢾx„

4
treefmt.nix Normal file
View file

@ -0,0 +1,4 @@
{...}: {
projectRootFile = "flake.nix";
programs.alejandra.enable = true;
}

BIN
wallpapers/Famous Places in the Eastern Capital/Decorations_for_Season-opening_Kabuki_Performances_at_Saruwakamachi_LACMA_M.2007.152.22.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.2 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/Hiroshige,_A_bridge_in_the_rain.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/Hiroshige,_Evening_Cherry_Blossoms,_Yoshiwara_Nakanochô_(Yoshiwara_nakanochô_yozakura)_From_the_series_Famous_Views.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 486 KiB

BIN
wallpapers/Famous Places in the Eastern Capital/Kameido_umeyashiki_no_zu_LCCN2008660840.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 10 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1301973-Utagawa_Hiroshige-東都名所-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.7 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303508-Utagawa_Hiroshige-東都名所_永代橋深川新地-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.5 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303509-Utagawa_Hiroshige-東都名所_王子滝の川-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3.2 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303510-Utagawa_Hiroshige-東都名所_神田明神-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303511-Utagawa_Hiroshige-東都名所_真土山之図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.7 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303513-Utagawa_Hiroshige-東都名所_道潅山虫聞之図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303514-Utagawa_Hiroshige-東都名所_深川三拾三間堂-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303515-Utagawa_Hiroshige-東都名所_五百羅漢さゞゐ堂-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.6 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303516-Utagawa_Hiroshige-東都名所_芝増上寺山内図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.8 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308372-Utagawa_Hiroshige-東都名所_日暮里-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.6 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308374-Utagawa_Hiroshige-東都名所_芝赤羽橋之図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308375-Utagawa_Hiroshige-東都名所_芝増上寺-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.6 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308376-Utagawa_Hiroshige-東都名所_芝愛宕山之図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.7 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308381-Utagawa_Hiroshige-東都名所_駿河町之図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.8 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308382-Utagawa_Hiroshige-東都名所_浅草金竜山年之市群集-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3.1 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/東都名所_二丁町芝居の図-View_of_the_Kabuki_Theaters_at_Sakai-cho_on_Opening_Day_of_the_New_Season_(Sakai-cho_Shibai_no_Zu),_from_the_series,_ Toto_Meisho _MET_DP123276.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/東都名所_真崎雪晴ノ図-Clearing_Weather_after_Snow_at_Massaki_MET_DP123291.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/東都名所_芝愛宕山上の図-Shiba_Atago_Sanjo_no_Zu_MET_DP123284.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.9 MiB