pim/nixos-laptop
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: pim:master
Branches Tags
pim:master
pim:hyprland
pim:vuescan
..
compare: pim:hyprland
Branches Tags
pim:master
pim:hyprland
pim:vuescan

1 commit
master ... hyprland

Author SHA1 Message Date
Pim Kunis
d7898e19e8 Add hyprland 2024-06-09 19:08:00 +02:00
91 changed files with 1905 additions and 12793 deletions
Show stats Expand all files Collapse all files

2
.envrc
View file

@ -1 +1 @@
use flake
PATH_add .

1
.gitignore vendored
View file

@ -1,3 +1,2 @@
result
.direnv
.pre-commit-config.yaml

2
.sops.yaml
View file

@ -1,2 +0,0 @@
creation_rules:
- age: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw

28
README.md
View file

@ -1,22 +1,22 @@
# nixos-laptop
NixOS configuration for my personal laptop.
Currently contains config for only one systems:
- **sue**: My current laptop, a Dell XPS 9315
NixOS configuration for my laptop.
My configuration is simple: I have one personal laptop with one user.
## Features
- Nixpkgs 24.05
- Nixpkgs 23.11
- Flakes!
- [Nix User Repository (NUR)](https://github.com/nix-community/NUR)
- Currently only used for Firefox Plugins
- [Home Manager](https://github.com/nix-community/home-manager)
- For managing the configuration for my user
- [sops-nix](https://github.com/Mic92/sops-nix)
- For secret management
- [stylix](https://stylix.danth.me/)
- Apply theming and styling to many programs
- [lanzaboote](https://github.com/nix-community/lanzaboote)
- Secure boot for NixOS
- [disko](https://github.com/nix-community/disko)
- Declarative disk partitioning and formatting; currently only used for my x201
- For managing my configuration for my user
- [Agenix](https://github.com/ryantm/agenix)
- To deploy global system secrets, like:
- Wireguard private key and shared secret
- [Homeage](https://github.com/jordanisaacs/homeage)
- To deploy secrets in my home directory, like:
- SSH keys
- Syncthing private key
- [nixos-hardware](https://github.com/NixOS/nixos-hardware)
- To add hardware-specific tweaks to NixOS for my laptop (currently a Levono ThinkPad x260)

174
configuration.nix Normal file
View file

@ -0,0 +1,174 @@
{ pkgs, config, lib, ... }: {
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
services = {
gnome.gnome-keyring.enable = lib.mkForce false;
xserver = {
enable = true;
displayManager.gdm = { enable = true; };
desktopManager.gnome.enable = true;
excludePackages = with pkgs; [ xterm ];
};
printing = {
enable = true;
drivers = [ pkgs.hplip pkgs.gutenprint ];
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
users = {
users.pim = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" "input" "wireshark" "dialout" ];
};
};
environment = {
systemPackages = with pkgs; [
wget
curl
git
btop
ripgrep
vim
dogdns
tree
dig
];
gnome.excludePackages = with pkgs; with pkgs.gnome; [
totem
gnome-tour
epiphany
geary
gnome-console
gnome-music
gnome-calendar
];
};
system = {
stateVersion = "23.05";
activationScripts.diff = ''
if [[ -e /run/current-system ]]; then
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
fi
'';
};
programs.ssh.startAgent = true;
security = {
rtkit.enable = true;
sudo.extraConfig = ''
Defaults timestamp_timeout=30
'';
};
nix = {
package = pkgs.nixFlakes;
settings.trusted-users = [ "root" "pim" ];
extraOptions = ''
experimental-features = nix-command flakes
'';
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
age = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
secrets = {
wg-quick-home-privkey.file = ./secrets/wg-quick-home-privkey.age;
wg-quick-home-preshared-key.file =
./secrets/wg-quick-home-preshared-key.age;
};
};
networking = {
useDHCP = lib.mkDefault true;
wg-quick.interfaces = {
home = {
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
address = [ "10.225.191.4/24" "fd11:5ee:bad:c0de::4/128" ];
dns = [ "192.168.30.131" ];
autostart = false;
mtu = 1412;
peers = [{
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
}];
};
home-no-pihole = {
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
address = [ "10.225.191.4/24" "fd11:5ee:bad:c0de::4/128" ];
dns = [ "192.168.10.1" ];
autostart = false;
mtu = 1412;
peers = [{
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
}];
};
};
};
virtualisation.docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
permittedInsecurePackages = [ "electron-25.9.0" ];
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "vmware-horizon-client" "libfprint-2-tod1-goodix" "vmware-workstation" ];
};
};
boot = {
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
initrd = {
availableKernelModules = [ "sd_mod" ];
kernelModules = [ ];
};
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
};
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = false;
};
}

576
flake.lock
View file

@ -1,5 +1,30 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1716561646,
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
"owner": "ryantm",
"repo": "agenix",
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"base16": {
"inputs": {
"fromYaml": "fromYaml"
@ -147,6 +172,28 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -154,11 +201,11 @@
]
},
"locked": {
"lastModified": 1729712798,
"narHash": "sha256-a+Aakkb+amHw4biOZ0iMo8xYl37uUL48YEXIC5PYJ/8=",
"lastModified": 1717490821,
"narHash": "sha256-CivVhYExnMJ2afm+o1ogB231pKW/azhUghMI53MHmOM=",
"owner": "nix-community",
"repo": "disko",
"rev": "09a776702b004fdf9c41a024e1299d575ee18a7d",
"rev": "a838e83e21502a211b83373109a260e5ef5fbcf1",
"type": "github"
},
"original": {
@ -168,22 +215,6 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -199,23 +230,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1717312683,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -254,7 +269,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems"
"systems": "systems_3"
},
"locked": {
"lastModified": 1681202837,
@ -286,51 +301,7 @@
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1730302582,
"narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"lanzaboote",
@ -376,11 +347,11 @@
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"lastModified": 1717527182,
"narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"rev": "845a5c4c073f74105022533907703441e0464bc3",
"type": "github"
},
"original": {
@ -411,10 +382,161 @@
"type": "github"
}
},
"homeage": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1669234151,
"narHash": "sha256-TwT87E3m2TZLgwYJESlype14HxUOrRGojPM5C2akrMg=",
"owner": "jordanisaacs",
"repo": "homeage",
"rev": "02bfe4ca06962d222e522fff0240c93946b20278",
"type": "github"
},
"original": {
"owner": "jordanisaacs",
"repo": "homeage",
"type": "github"
}
},
"hyprcursor": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1716576411,
"narHash": "sha256-FIN1wMoyePBTtibCbaeJaoKNLuAYIGwLCWAYC1DJanw=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "57298fc4f13c807e50ada2c986a3114b7fc2e621",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprcursor",
"type": "github"
}
},
"hyprland": {
"inputs": {
"hyprcursor": "hyprcursor",
"hyprlang": "hyprlang",
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": "nixpkgs",
"systems": "systems_2",
"xdph": "xdph"
},
"locked": {
"lastModified": 1717784649,
"narHash": "sha256-rU23X1kppflHachNGlwjjVNtz5haTVgFAUrrQjRE1o0=",
"ref": "refs/heads/main",
"rev": "c31d9ef4172452f6f219f91d9b87a24d91f0cf3a",
"revCount": 4774,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
},
"original": {
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"hyprland",
"xdph",
"nixpkgs"
],
"systems": [
"hyprland",
"xdph",
"systems"
]
},
"locked": {
"lastModified": 1691753796,
"narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1716473782,
"narHash": "sha256-+qLn4lsHU6iL3+HTo1gTQ1tWzet8K9h+IfVemzEQZj8=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "87d5d984109c839482b88b4795db073eb9ed446f",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprlang",
"type": "github"
}
},
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1716058375,
"narHash": "sha256-CwjWoVnBZE5SBpRx9dgSQGCr4Goxyfcyv3zZbOhVqzk=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "3afed4364790aebe0426077631af1e164a9650cc",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [
@ -438,87 +560,29 @@
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"nixos-hardware": {
"locked": {
"lastModified": 1729394935,
"narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "04f8a11f247ba00263b060fbcdc95484fd046104",
"lastModified": 1717515267,
"narHash": "sha256-3d/rDckP583688YqVPc6SyXTy2gHpma0HzCv3idi1OE=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "82b2e20fbffe6a5f0555701af136ad3e734a5faa",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nixos-artwork": {
"flake": false,
"locked": {
"lastModified": 1727557872,
"narHash": "sha256-JHbMSIIrHDkbAHO6vSsDRBiwuQcxLoIilbxptrTrXB4=",
"ref": "refs/heads/master",
"rev": "ea1384e183f556a94df85c7aa1dcd411f5a69646",
"revCount": 212,
"type": "git",
"url": "https://github.com/NixOS/nixos-artwork.git"
},
"original": {
"type": "git",
"url": "https://github.com/NixOS/nixos-artwork.git"
}
},
"nixos-cosmic": {
"inputs": {
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": [
"nixpkgs-unstable"
],
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1729857853,
"narHash": "sha256-IVaFOTG4i2K0YWKrJui09YCAEWyTSK+zaUTUvj/SbC4=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "04408bf4afe2bf2b15227c43914130c8bdf4ed3c",
"type": "github"
},
"original": {
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"type": "github"
}
},
"nixos-facter-modules": {
"locked": {
"lastModified": 1730798058,
"narHash": "sha256-2KexAe17KRg2191SdBxVXqJKwV6MxKzlE35DDcAX+Ds=",
"owner": "numtide",
"repo": "nixos-facter-modules",
"rev": "d0e205eafca7091caad3925ff82a46fea08351e1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nixos-facter-modules",
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1729665710,
"narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
"lastModified": 1716330097,
"narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
"rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
"type": "github"
},
"original": {
@ -529,22 +593,6 @@
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1720386169,
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1678872516,
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
@ -560,29 +608,13 @@
"type": "github"
}
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1729357638,
"narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1729818716,
"narHash": "sha256-XRfkUsxLzFkMn3Tpstio1gNOIQ+2PZPCKbifJ2IXxlw=",
"lastModified": 1717399147,
"narHash": "sha256-eCWaE/q1VItpFAxxLVt171MdtDcjEnwi6QB/yuF73JU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "062c4f59744fcffa2e5aa3ef443dc8b4d1674ed6",
"rev": "4a4ecb0ab415c9fccfb005567a215e6a9564cdf5",
"type": "github"
},
"original": {
@ -594,11 +626,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1729691686,
"narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=",
"lastModified": 1717281328,
"narHash": "sha256-evZPzpf59oNcDUXxh2GHcxHkTEG4fjae2ytWP85jXRo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37",
"rev": "b3b2b28c1daa04fe2ae47c21bb76fd226eac4ca1",
"type": "github"
},
"original": {
@ -624,29 +656,13 @@
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1726871744,
"narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1729855863,
"narHash": "sha256-TEefmNTtVeQpxziZ9PjWkxAkRQexLEsXk22Wj6Q7IQ8=",
"lastModified": 1717521378,
"narHash": "sha256-3UMMPUmY+sqGXuz+cZg5Ul7x8awrgrXmVg9L/Tv91QM=",
"owner": "nix-community",
"repo": "NUR",
"rev": "7d7cbe07852abdfd4a3bc09cb565e294f3251548",
"rev": "9a42df165c2851b40e9288564e09b0aa54dda5f5",
"type": "github"
},
"original": {
@ -665,12 +681,12 @@
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore_2",
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1681413034,
@ -688,20 +704,17 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"git-hooks": "git-hooks",
"home-manager": "home-manager",
"homeage": "homeage",
"hyprland": "hyprland",
"lanzaboote": "lanzaboote",
"nix-index-database": "nix-index-database",
"nixos-artwork": "nixos-artwork",
"nixos-cosmic": "nixos-cosmic",
"nixos-facter-modules": "nixos-facter-modules",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur",
"sops-nix": "sops-nix",
"stylix": "stylix",
"treefmt-nix": "treefmt-nix"
"stylix": "stylix"
}
},
"rust-overlay": {
@ -729,48 +742,6 @@
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"nixos-cosmic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729736953,
"narHash": "sha256-Rb6JUop7NRklg0uzcre+A+Ebrn/ZiQPkm4QdKg6/3pw=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "29b1275740d9283467b8117499ec8cbb35250584",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1729775275,
"narHash": "sha256-J2vtHq9sw1wWm0aTMXpEEAzsVCUMZDTEe5kiBYccpLE=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "78a0e634fc8981d6b564f08b6715c69a755c4c7d",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
@ -780,22 +751,21 @@
"base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_2",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1726776484,
"narHash": "sha256-SPnk08RnllF8CD9Ndbe828Z1OmlviJ+ZJLsiT7V/+4A=",
"owner": "pizzapim",
"lastModified": 1717859878,
"narHash": "sha256-4tVJ4y2fRykrlBozQ1t1nSDcseSzpuODabBCQZi72lQ=",
"owner": "danth",
"repo": "stylix",
"rev": "d444b97c5e691a2a468000c939119798e42b4f0f",
"rev": "f0ddd45fbe8d72964e4b92701fe2243da7e48937",
"type": "github"
},
"original": {
"owner": "pizzapim",
"ref": "release-24.05",
"owner": "danth",
"repo": "stylix",
"type": "github"
}
@ -815,21 +785,63 @@
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"systems_2": {
"locked": {
"lastModified": 1730025913,
"narHash": "sha256-Y9NtFmP8ciLyRsopcCx1tyoaaStKeq+EndwtGCgww7I=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "bae131e525cc8718da22fbeb8d8c7c43c4ea502a",
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"hyprlang": [
"hyprland",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1716290197,
"narHash": "sha256-1u9Exrc7yx9qtES2brDh7/DDZ8w8ap1nboIOAtCgeuM=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "91e48d6acd8a5a611d26f925e51559ab743bc438",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
}

259
flake.nix
View file

@ -5,25 +5,25 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nur.url = "github:nix-community/NUR";
stylix.url = "github:pizzapim/stylix/release-24.05";
treefmt-nix.url = "github:numtide/treefmt-nix";
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
git-hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
stylix.url = "github:danth/stylix";
home-manager = {
url = "github:nix-community/home-manager?ref=release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
homeage = {
url = "github:jordanisaacs/homeage";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.3.0";
inputs.nixpkgs.follows = "nixpkgs";
@ -34,86 +34,177 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-artwork = {
hyprland = {
type = "git";
url = "https://github.com/NixOS/nixos-artwork.git";
flake = false;
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-cosmic = {
url = "github:lilyinstarlight/nixos-cosmic";
inputs.nixpkgs-stable.follows = "nixpkgs-unstable";
url = "https://github.com/hyprwm/Hyprland";
submodules = true;
};
};
outputs = {
self,
nixpkgs,
...
} @ inputs: let
supportedSystems = [
"x86_64-linux"
"i686-linux"
"aarch64-linux"
];
forAllSystems' = nixpkgs.lib.genAttrs;
forAllSystems = forAllSystems' supportedSystems;
pkgsForSystem = system:
import nixpkgs {
inherit system;
};
treefmtEval = forAllSystems (
system: inputs.treefmt-nix.lib.evalModule (pkgsForSystem system) ./treefmt.nix
);
in {
formatter = forAllSystems (system: (treefmtEval.${system}.config.build.wrapper));
nixosConfigurations = nixpkgs.lib.mapAttrs (
name: {
nixosModule,
homeManagerModule,
}:
nixpkgs.lib.nixosSystem rec {
outputs =
{ nixpkgs
, nixpkgs-unstable
, home-manager
, homeage
, agenix
, nur
, nixos-hardware
, ...
}@inputs:
let
mkNixosSystem = extraModule: nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
inherit inputs system;
flake = self;
};
specialArgs = { inherit inputs; };
modules = [
nixosModule
./nixos
{
home-manager.users.pim.imports = [homeManagerModule];
}
nixpkgs.overlays = [
nur.overlay
(final: _prev: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
})
];
}
) (import ./machines);
checks = forAllSystems (system: {
pre-commit-check = inputs.git-hooks.lib.${system}.run {
src = ./.;
hooks = {
treefmt = {
enable = true;
package = treefmtEval.${system}.config.build.wrapper;
};
};
};
});
devShells = forAllSystems (system: {
default = nixpkgs.legacyPackages.${system}.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
};
});
./configuration.nix
./modules/nixos/lanzaboote.nix
agenix.nixosModules.default
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.pim = {
imports = [ ./home-manager homeage.homeManagerModules.homeage ];
};
}
extraModule
];
};
in
{
nixosConfigurations = {
x260 = mkNixosSystem ({ pkgs, lib, ... }: {
imports = [ nixos-hardware.nixosModules.lenovo-thinkpad-x260 ];
config = {
pim.lanzaboote.enable = true;
networking.hostName = "x260";
fprintd = {
enable = true;
tod = {
enable = true;
driver = pkgs.libfprint-2-tod1-vfs0090;
};
};
swapDevices = [{ device = "/dev/disk/by-uuid/6028bf52-404d-4143-9cb0-9b06cd60a373"; }];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
};
});
x201 = mkNixosSystem ({ pkgs, lib, ... }: {
imports = [ inputs.disko.nixosModules.disko ];
config = {
networking.hostName = "x201";
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" ];
disko.devices = {
disk = {
sda = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1; # Needs to be first partition
};
pv_os = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg_os";
};
};
};
};
};
};
lvm_vg.vg_os = {
type = "lvm_vg";
lvs = {
swap = {
size = "3GB";
content.type = "swap";
};
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
};
};
};
};
});
sue = mkNixosSystem ({ ... }: {
imports = [ nixos-hardware.nixosModules.dell-xps-13-9310 ];
config = {
pim.lanzaboote.enable = true;
networking.hostName = "xps-9315";
swapDevices = [{ device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b"; }];
fileSystems = {
"/" =
{
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" =
{
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" ];
specialisation.hyprland = {
inheritParentConfig = false;
configuration = import ./hyprland;
};
};
});
hyprland = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ ./hyprland ];
};
};
};
}

20
home-manager/bash/default.nix Normal file
View file

@ -0,0 +1,20 @@
{
config = {
programs.bash = {
enable = true;
shellAliases = {
htop = "btop";
gp = "git push";
gco = "git checkout";
gd = "git diff";
gc = "git commit";
gpl = "git pull";
gb = "git branch";
ga = "git add";
gl = "git log";
gs = "git status";
tf = "tofu";
};
};
};
}

8
home-manager/bat/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
config = {
programs.bat = {
enable = true;
config.theme = "gruvbox-dark";
};
};
}

334
home-manager/default.nix
View file

@ -1,221 +1,102 @@
{
lib,
config,
inputs,
flake,
...
}: {
{ pkgs, lib, config, ... }: {
imports = [
./bash
./neovim
./firefox
./tidal.nix
./gnome.nix
./syncthing.nix
./vscode.nix
inputs.sops-nix.homeManagerModules.sops
inputs.nix-index-database.hmModules.nix-index
./ssh
./syncthing
./keepassxc
./git
./direnv
./thunderbird
./fzf
./bat
];
xsession.enable = true;
xdg = {
userDirs.enable = true;
mimeApps = {
enable = true;
defaultApplications = let
applications = {
telegram = {
mimeApp = "org.telegram.desktop.desktop";
mimeTypes = ["x-scheme-handler/tg"];
};
librewolf = {
mimeApp = "librewolf.desktop";
mimeTypes = [
"x-scheme-handler/http"
"text/html"
"application/xhtml+xml"
"x-scheme-handler/https"
"application/pdf"
];
};
gnomeTextEditor = {
mimeApp = "org.gnome.TextEditor.desktop";
mimeTypes = ["text/plain"];
};
loupe = {
mimeApp = "org.gnome.Loupe.desktop";
mimeTypes = [
"image/jpeg"
"image/png"
"image/gif"
"image/webp"
"image/tiff"
"image/x-tga"
"image/vnd-ms.dds"
"image/x-dds"
"image/bmp"
"image/vnd.microsoft.icon"
"image/vnd.radiance"
"image/x-exr"
"image/x-portable-bitmap"
"image/x-portable-graymap"
"image/x-portable-pixmap"
"image/x-portable-anymap"
"image/x-qoi"
"image/svg+xml"
"image/svg+xml-compressed"
"image/avif"
"image/heic"
"image/jxl"
];
};
};
mimeTypesForApp = {
mimeApp,
mimeTypes,
}:
map
(
mimeType: {"${mimeType}" = mimeApp;}
)
mimeTypes;
in
lib.zipAttrs (lib.flatten (map mimeTypesForApp (builtins.attrValues applications)));
};
};
home = {
username = "pim";
homeDirectory = "/home/pim";
stateVersion = "23.05";
packages = with pkgs; [
unstable.moonlight-qt
unstable.vlc
unstable.nicotine-plus
unstable.logseq
unstable.signal-desktop
unstable.telegram-desktop
unstable.strawberry
unstable.gimp
unstable.libreoffice
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
virt-manager
gnome.gnome-tweaks
unstable.impression
poppler_utils # For pdfunite
silicon
unstable.dbeaver-bin
unstable.wireshark
units
btrfs-progs
exfat
unstable.qFlipper
f3
unstable.insomnia
unstable.vorta
jellyfin-media-player
jq
kubectl
file
yq
age
sops
nmap
unstable.devenv
unstable.attic-client
unstable.hexchat
sbctl
borgbackup
unstable.krita
unstable.bottles-unwrapped
];
};
programs = {
home-manager.enable = true;
chromium.enable = true;
bat.enable = true;
fzf = {
terminator = {
enable = true;
enableZshIntegration = true;
config = {
profiles.default = {
# Gruvbox theme: https://github.com/egel/terminator-gruvbox
background_color = "#282828";
cursor_color = "#7c6f64";
foreground_color = "#ebdbb2";
palette =
"#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2";
};
alacritty = {
enable = true;
settings.shell = {
program = lib.getExe config.programs.tmux.package;
args = ["attach"];
keybindings = {
zoom_in = "<Ctrl>plus";
zoom_out = "<Ctrl>minus";
new_tab = "<Ctrl><Shift>T";
cycle_next = "<Ctrl>Tab";
cycle_prev = "<Ctrl><Shift>Tab";
split_horiz = "<Alt>C";
split_vert = "<Alt>V";
go_left = "<Alt>H";
go_right = "<Alt>L";
go_up = "<Alt>K";
go_down = "<Alt>J";
copy = "<Ctrl><Shift>C";
paste = "<Ctrl><Shift>V";
layout_launcher = ""; # Default <Alt>L
};
};
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
atuin = {
enable = true;
flags = ["--disable-up-arrow"];
enableFishIntegration = true;
settings = {
auto_sync = true;
sync_frequency = "5m";
sync_address = "https://atuin.kun.is";
};
};
fish = {
enable = true;
interactiveShellInit = ''
set -U fish_greeting
'';
shellAbbrs = {
htop = "btop";
gp = "git push";
gco = "git checkout";
gd = "git diff";
gc = "git commit";
gca = "git commit --amend";
gpl = "git pull";
gb = "git branch";
ga = "git add";
gl = "git log";
gs = "git status";
tf = "tofu";
};
};
starship = {
enable = true;
enableFishIntegration = true;
enableTransience = true;
settings.nix_shell.heuristic = true;
};
nix-index = {
enable = true;
enableFishIntegration = true;
};
tmux = {
enable = true;
shell = lib.getExe config.programs.fish.package;
shortcut = "a";
clock24 = true;
newSession = true;
mouse = true;
escapeTime = 10;
terminal = "screen-256color";
extraConfig = ''
unbind _
bind _ split-window -h
unbind -
bind - split-window -v
unbind h
bind h select-pane -L
unbind j
bind j select-pane -D
unbind k
bind k select-pane -U
unbind l
bind l select-pane -R
'';
};
ssh = {
enable = true;
extraConfig = "User root";
matchBlocks.github = lib.hm.dag.entryBefore ["*"] {
hostname = "github.com";
user = "pizzapim";
identitiesOnly = true;
};
};
git = {
enable = true;
userName = "Pim Kunis";
userEmail = "pim@kunis.nl";
extraConfig = {
push.autoSetupRemote = true;
commit.verbose = true;
pull.rebase = true;
init.defaultBranch = "master";
};
};
# Currently, it is not possible to have Home Manager manage Liberwolf extensions.
@ -234,7 +115,6 @@
# - refined-github
librewolf = {
enable = true;
settings = {
"identity.fxaccounts.enabled" = true;
"privacy.clearOnShutdown.history" = false;
@ -246,12 +126,58 @@
};
};
sops = {
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
defaultSopsFile = "${flake}/secrets/pim.yaml";
# Let home-manager manage the X session
xsession = { enable = true; };
secrets = {
"keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
xdg = {
userDirs.enable = true;
configFile."home/postgresql_server.crt".source = ./postgresql_server.crt;
configFile."home/postgresql_client.crt".source = ./postgresql_client.crt;
};
homeage = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
installationType = "systemd";
file."common-pg-tfbackend" = {
source = ../secrets/common-pg-tfbackend.age;
symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ];
};
file."ansible-vault-secret" = {
source = ../secrets/ansible-vault-secret.age;
symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
};
file."powerdns-api-key" = {
source = ../secrets/powerdns-api-key.json.age;
symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
};
file."postgresql_client.key" = {
source = ../secrets/postgresql_client.key.age;
symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ];
};
};
fonts.fontconfig.enable = true;
dconf.settings = with lib.hm.gvariant; {
"org/gnome/desktop/input-sources" = {
sources = [ (mkTuple [ "xkb" "us" ]) ];
xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
};
"org/gnome/desktop/interface" = {
monospace-font-name = "Hack Nerd Font Mono 10";
};
"org/gnome/desktop/sound" = {
allow-volume-above-100-percent = true;
};
"org.gnome.desktop.wm.preferences" = {
auto-raise = true;
};
};
}

9
home-manager/direnv/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
config = {
programs.direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
};
}

3
home-manager/firefox/addons.nix
View file

@ -1,4 +1,5 @@
pkgs: lib: let
pkgs: lib:
let
rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
custom-addons = import ./custom-addons.nix pkgs lib;
in

36
home-manager/firefox/custom-addons.nix
View file

@ -1,15 +1,8 @@
pkgs: lib: let
pkgs: lib:
let
# Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix
buildFirefoxXpiAddon = lib.makeOverridable ({
stdenv ? pkgs.stdenv,
fetchurl ? pkgs.fetchurl,
pname,
version,
addonId,
url,
sha256,
meta,
...
buildFirefoxXpiAddon = lib.makeOverridable ({ stdenv ? pkgs.stdenv
, fetchurl ? pkgs.fetchurl, pname, version, addonId, url, sha256, meta, ...
}:
stdenv.mkDerivation {
name = "${pname}-${version}";
@ -32,11 +25,13 @@ in {
pname = "http-version-indicator";
version = "3.2.1";
addonId = "spdyindicator@chengsun.github.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
url =
"https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8";
meta = with lib; {
homepage = "https://github.com/bsiegel/http-version-indicator";
description = "An indicator showing the HTTP version used to load the page in the address bar.";
description =
"An indicator showing the HTTP version used to load the page in the address bar.";
mozPermissions = [ "<all_urls>" "tabs" "webNavigation" "webRequest" ];
platforms = platforms.all;
};
@ -45,11 +40,13 @@ in {
pname = "indicatetls";
version = "0.3.0";
addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}";
url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
url =
"https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465";
meta = with lib; {
homepage = "https://github.com/jannispinter/indicatetls";
description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
description =
"Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
license = licenses.mpl20;
mozPermissions = [
"tabs"
@ -66,11 +63,13 @@ in {
pname = "sixindicator";
version = "1.3.0";
addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}";
url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
url =
"https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d";
meta = with lib; {
homepage = "https://github.com/HostedDinner/SixIndicator";
description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
description =
"Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
license = licenses.mit;
mozPermissions = [ "tabs" "webRequest" "<all_urls>" ];
platforms = platforms.all;
@ -80,7 +79,8 @@ in {
pname = "simple-style-fox-2";
version = "10.0";
addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}";
url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
url =
"https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d";
meta = with lib; {
description = "Simple style fox 2";

16
home-manager/firefox/default.nix
View file

@ -1,9 +1,5 @@
{
pkgs,
lib,
config,
...
}: let
{ pkgs, lib, ... }:
let
firefoxAddons = import ./addons.nix pkgs lib;
firefoxSettings = {
"browser.aboutConfig.showWarning" = false;
@ -18,11 +14,9 @@
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
};
cfg = config.pim.firefox;
in {
options.pim.firefox.enable = lib.mkEnableOption "firefox";
config = lib.mkIf cfg.enable {
in
{
config = {
programs.firefox = {
enable = true;
profiles = {

8
home-manager/fzf/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
config = {
programs.fzf = {
enable = true;
enableBashIntegration = true;
};
};
}

18
home-manager/git/default.nix Normal file
View file

@ -0,0 +1,18 @@
{
config = {
programs.git = {
enable = true;
userName = "Pim Kunis";
userEmail = "pim@kunis.nl";
extraConfig = {
push.autoSetupRemote = true;
commit.verbose = true;
pull.rebase = true;
};
includes = [{
path = "~/git/suecode/.gitconfig";
condition = "gitdir:~/git/suecode/**";
}];
};
};
}

94
home-manager/gnome.nix
View file

@ -1,94 +0,0 @@
{
pkgs,
lib,
flake,
config,
...
}: let
cfg = config.pim.gnome;
in {
options.pim.gnome.enable = lib.mkEnableOption "gnome";
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [gnome.gnome-tweaks];
dconf.settings = with lib.hm.gvariant; {
"org/gnome/desktop/sound".allow-volume-above-100-percent = true;
"org/gnome/desktop/wm.preferences".num-workspaces = 4;
"org/gnome/mutter".edge-tiling = true;
"org/gnome/shell" = {
disable-extension-version-validation = true;
enabled-extensions = [
"workspaces-by-open-apps@favo02.github.com"
"pop-shell@system76.com"
"windowIsReady_Remover@nunofarruca@gmail.com"
"randomwallpaper@iflow.space"
"Vitals@CoreCoding.com"
"tailscale-status@maxgallup.github.com"
];
};
"org/gnome/desktop/input-sources" = {
sources = [(mkTuple ["xkb" "us"])];
xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"];
};
"org/gnome/shell/extensions/pop-shell" = {
active-hint = true;
fullscreen-launcher = false;
mouse-cursor-focus-location = mkUint32 4;
mouse-cursor-follows-active-window = true;
show-skip-taskbar = false;
show-title = true;
smart-gaps = false;
snap-to-grid = false;
stacking-with-mouse = true;
tile-by-default = true;
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "<Super>t";
command = lib.getExe config.programs.alacritty.package;
name = "Terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "<Super>e";
command = "${lib.getExe config.programs.librewolf.package} --browser";
name = "Browser";
};
"org/gnome/desktop/wm/keybindings" = {
close = ["<Shift><Super>q"];
minimize = mkEmptyArray type.string;
move-to-workspace-1 = ["<Shift><Super>1"];
move-to-workspace-2 = ["<Shift><Super>2"];
move-to-workspace-3 = ["<Shift><Super>3"];
move-to-workspace-4 = ["<Shift><Super>4"];
switch-applications = mkEmptyArray type.string;
switch-applications-backward = mkEmptyArray type.string;
switch-to-workspace-1 = ["<Super>1"];
switch-to-workspace-2 = ["<Super>2"];
switch-to-workspace-3 = ["<Super>3"];
switch-to-workspace-4 = ["<Super>4"];
toggle-fullscreen = ["<Super>f"];
};
"org/gnome/shell/extensions/space-iflow-randomwallpaper" = {
auto-fetch = true;
change-type = 2;
hide-panel-icon = true;
history-length = 1;
hours = 0;
minutes = 30;
sources = ["42"];
fetch-on-startup = true;
};
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4;
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${flake}/wallpapers";
};
};
}

9
home-manager/keepassxc/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ pkgs, config, ... }: {
config = {
home.packages = [ pkgs.unstable.keepassxc ];
homeage.file."keepassxc.ini" = {
source = ../../secrets/keepassxc.ini.age;
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
};
};
}

14
home-manager/neovim/default.nix
View file

@ -1,14 +1,5 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.pim.neovim;
in {
options.pim.neovim.enable = lib.mkEnableOption "neovim";
config = lib.mkIf cfg.enable {
{ pkgs, ... }: {
config = {
programs.neovim = {
enable = true;
viAlias = true;
@ -20,6 +11,7 @@ in {
extraPackages = with pkgs; [
nil
nodePackages.pyright
neofetch
gopls
terraform-ls
nixfmt-classic

29
home-manager/neovim/lspconfig.lua
View file

@ -45,21 +45,14 @@ require("lspconfig").terraformls.setup({
capabilities = capabilities,
})
local function has_treefmt()
local git_root = vim.fn.systemlist("git rev-parse --show-toplevel")[1]
if vim.v.shell_error ~= 0 then
return false
end
local treefmt_path = git_root .. "/treefmt.nix"
return vim.fn.filereadable(treefmt_path) == 1
end
vim.api.nvim_create_autocmd("BufWritePost", {
pattern = "*",
callback = function()
if vim.fn.expand("%:p") ~= vim.fn.getcwd() .. "/.git/COMMIT_EDITMSG" and has_treefmt() then
vim.cmd("silent !treefmt > /dev/null 2>&1")
end
end,
group = vim.api.nvim_create_augroup("TreefmtAutoformat", { clear = true }),
})
-- require'lspconfig'.efm.setup {
-- on_attach = require("lsp-format").on_attach,
-- init_options = {documentFormatting = true},
-- settings = {
-- languages = {
-- lua = {{formatCommand = "lua-format -i", formatStdin = true}},
-- nix = {{formatCommand = "nixfmt", formatStdin = true}}
-- }
-- },
-- filetypes = {"lua", "nix"}
-- }

36
home-manager/neovim/none-ls.lua
View file

@ -20,24 +20,24 @@ require("null-ls").setup({
},
-- configure format on save
-- on_attach = function(current_client, bufnr)
-- if current_client.supports_method("textDocument/formatting") then
-- vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
-- vim.api.nvim_create_autocmd("BufWritePre", {
-- group = augroup,
-- buffer = bufnr,
-- callback = function()
-- vim.lsp.buf.format({
-- filter = function(client)
-- -- only use null-ls for formatting instead of lsp server
-- return client.name == "null-ls"
-- end,
-- bufnr = bufnr,
-- })
-- end,
-- })
-- end
-- end,
on_attach = function(current_client, bufnr)
if current_client.supports_method("textDocument/formatting") then
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = function()
vim.lsp.buf.format({
filter = function(client)
-- only use null-ls for formatting instead of lsp server
return client.name == "null-ls"
end,
bufnr = bufnr,
})
end,
})
end
end,
})
-- formatting command

17
home-manager/postgresql_client.crt Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICrzCCAZcCFApupXAa2tPytpi3av47+az0Ggb4MA0GCSqGSIb3DQEBCwUAMBQx
EjAQBgNVBAMMCWplZmtlLmh5cDAeFw0yMzExMjQyMjAzMjhaFw0yNDExMjMyMjAz
MjhaMBQxEjAQBgNVBAMMCXRlcnJhZm9ybTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALeJ/fYUCmwislUw4XcCxivCUuWuUWI+t/nke9/hWEWTmDG4Z7/a
IAKqsGk0zNATQViAXmYZwdYK70AKQhxat3OJcuZarsurOXVjVJdT4Wr5SxHGHjd0
bwd8JzFZPIfgYCILCISFjCIfpD58kBq2bkvI4rpn4tb2iPunXp0+S8iHDMB5wAOb
FgT0muuz9ua4R76nq79O9wLbAVf38CDR9bMGcPcKknz0sl37jr7A/pDvQzpFWO33
eJb64b7Qe4CHslWFj1tdEkXaMpMNWHhc2TmtLtlt6a+RY1R9KdX5x0lQTyJnEwJZ
8YTKnlMoNvkfBznuARFmNNmUYPoHE6WgonMCAwEAATANBgkqhkiG9w0BAQsFAAOC
AQEAaH1HVPThhAkrXE4Zmh49D1zvq5uy6moV326/ovnPQfco2jYBYO5mYxBF32mx
ShEanbJJKkFjWkQHmsWt7nrkeloz6q8sD19nLyyWmMj0Pd6wcLv017Zdo902fh27
Rl8qZS44vEc+N/5gc2eINMfXm/JOdXYntOVpFO/I+6b9Q2iWFX3YUAXiIDiEYBvS
BBqyXC2nVg6Lp1KVg+EaYW27sj8b5HHXnpEGdXduVmOWttdaQVjYslqmH7mUKi9f
2U9FicMvw6KvkRki+SLKeZr2yIP1QQOnWg0BPbeCpMfdMSu/AtLkAtugZeT8p1Ko
3hMMyKKzyyhiwpzvk21QFNZ5LA==
-----END CERTIFICATE-----

67
home-manager/postgresql_server.crt Normal file
View file

@ -0,0 +1,67 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
ef:2f:4d:d4:26:7e:33:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=jefke.hyp
Validity
Not Before: Nov 22 19:12:03 2023 GMT
Not After : Oct 29 19:12:03 2123 GMT
Subject: CN=jefke.hyp
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:ab:eb:9c:d0:7f:4f:f1:ba:65:0a:8b:07:7b:
2e:5b:f0:26:82:33:c9:73:e6:91:cc:11:94:05:1c:
8d:67:29:cb:5e:67:35:02:80:54:af:99:4b:aa:ce:
e8:56:62:be:63:cb:b2:4a:b0:a9:28:12:e2:77:50:
7d:d5:d2:3b:48:d8:32:59:25:26:ff:a6:5c:f6:eb:
ae:5b:3d:7a:14:10:ba:90:9c:6f:1f:b9:d8:99:0e:
b7:09:5e:62:69:c4:c0:c6:27:b0:d3:60:0d:47:4c:
a5:11:53:f2:f1:4a:f9:a6:bc:d6:a3:35:a2:e8:e5:
a9:d1:60:e8:e5:18:ce:d2:60:80:4e:dc:48:ae:7f:
b7:ea:76:51:28:39:a4:b0:95:82:95:93:98:b2:9f:
23:c9:81:69:59:a3:e4:f7:5a:1c:01:31:96:c1:4b:
59:21:f8:a2:e6:9e:21:78:0e:6b:c1:68:c7:5c:16:
9a:06:54:df:b6:77:1d:2d:89:d0:c8:9e:db:b5:d4:
8c:fb:b9:4f:b7:6e:39:5f:39:8e:48:73:76:7d:46:
6e:1f:8d:14:cb:40:b5:ff:c6:f0:c0:44:3c:ed:52:
3f:4f:7b:69:63:93:c6:41:e6:5e:ed:33:50:20:46:
db:93:bf:e8:52:51:95:f1:81:73:58:da:67:21:7b:
12:bd
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
aa:5c:89:41:a6:b7:3d:65:87:ca:50:c4:f3:58:aa:d3:b4:55:
b1:a7:8d:18:26:17:e5:8a:21:24:a1:49:53:77:31:5b:55:63:
be:01:d8:fe:b7:06:7c:da:07:1f:94:6a:de:96:ad:ca:3b:20:
2a:e1:35:90:19:83:6d:37:d1:15:12:de:3c:0e:46:be:66:a1:
6a:1d:ec:72:dc:46:79:69:e4:af:77:c8:ff:cd:d6:7d:16:88:
ab:44:fd:70:fc:40:47:ff:43:95:11:5a:9a:56:0c:d2:dd:7c:
3b:87:aa:10:26:fa:25:a3:a0:43:8a:1b:ec:54:11:7e:65:67:
d2:06:e1:3e:3b:e1:0e:b0:80:ef:4b:35:3f:fc:34:1d:95:2e:
ee:c1:67:38:da:b3:74:86:4b:95:8c:0c:1d:51:28:c1:42:e9:
77:68:d7:ec:3b:66:30:c6:e5:2a:62:ea:15:fb:24:56:cf:02:
d0:25:54:a7:58:15:b5:2a:71:93:56:c0:69:7a:36:18:6c:31:
b1:8e:3c:77:d7:77:ac:fc:e1:94:c5:08:bb:35:ac:48:5f:6b:
8b:c8:c8:78:f4:a9:ca:4f:9d:51:54:89:97:c9:af:a1:fa:71:
df:58:f6:ff:04:7c:c8:1c:95:6b:1a:e3:a7:f6:43:1c:27:94:
10:03:ce:ec
-----BEGIN CERTIFICATE-----
MIICpjCCAY4CCQDvL03UJn4zGzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlq
ZWZrZS5oeXAwIBcNMjMxMTIyMTkxMjAzWhgPMjEyMzEwMjkxOTEyMDNaMBQxEjAQ
BgNVBAMMCWplZmtlLmh5cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMer65zQf0/xumUKiwd7LlvwJoIzyXPmkcwRlAUcjWcpy15nNQKAVK+ZS6rO6FZi
vmPLskqwqSgS4ndQfdXSO0jYMlklJv+mXPbrrls9ehQQupCcbx+52JkOtwleYmnE
wMYnsNNgDUdMpRFT8vFK+aa81qM1oujlqdFg6OUYztJggE7cSK5/t+p2USg5pLCV
gpWTmLKfI8mBaVmj5PdaHAExlsFLWSH4ouaeIXgOa8Fox1wWmgZU37Z3HS2J0Mie
27XUjPu5T7duOV85jkhzdn1Gbh+NFMtAtf/G8MBEPO1SP097aWOTxkHmXu0zUCBG
25O/6FJRlfGBc1jaZyF7Er0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqlyJQaa3
PWWHylDE81iq07RVsaeNGCYX5YohJKFJU3cxW1VjvgHY/rcGfNoHH5Rq3patyjsg
KuE1kBmDbTfRFRLePA5Gvmahah3sctxGeWnkr3fI/83WfRaIq0T9cPxAR/9DlRFa
mlYM0t18O4eqECb6JaOgQ4ob7FQRfmVn0gbhPjvhDrCA70s1P/w0HZUu7sFnONqz
dIZLlYwMHVEowULpd2jX7DtmMMblKmLqFfskVs8C0CVUp1gVtSpxk1bAaXo2GGwx
sY48d9d3rPzhlMUIuzWsSF9ri8jIePSpyk+dUVSJl8mvofpx31j2/wR8yByVaxrj
p/ZDHCeUEAPO7A==
-----END CERTIFICATE-----

30
home-manager/ssh/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, ... }: {
config = {
programs.ssh = {
enable = true;
extraConfig = "User root";
matchBlocks = {
github = lib.hm.dag.entryBefore [ "*" ] {
hostname = "github.com";
user = "pizzapim";
identitiesOnly = true;
};
lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.dmz"; };
atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.dmz"; };
jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.dmz"; };
warwick = lib.hm.dag.entryBefore [ "*" ] { hostname = "warwick.dmz"; };
};
};
homeage.file."sue_ed25519" = {
source = ../../secrets/sue_ed25519.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
};
homeage.file."sue_azure_rsa" = {
source = ../../secrets/sue_azure_rsa.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
};
};
}

18
home-manager/syncthing.nix
View file

@ -1,18 +0,0 @@
{
config,
lib,
...
}: let
cfg = config.pim.syncthing;
in {
options.pim.syncthing.enable = lib.mkEnableOption "syncthing";
config = lib.mkIf cfg.enable {
services.syncthing.enable = true;
sops.secrets = {
"syncthing/key".path = "${config.xdg.configHome}/syncthing/key.pem";
"syncthing/cert".path = "${config.xdg.configHome}/syncthing/cert.pem";
};
};
}

15
home-manager/syncthing/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, ... }: {
config = {
services.syncthing.enable = true;
homeage.file."syncthing-key.pem" = {
source = ../../secrets/syncthing-key.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
};
homeage.file."syncthing-cert.pem" = {
source = ../../secrets/syncthing-cert.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
};
};
}

8
home-manager/thunderbird/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
config = {
programs.thunderbird = {
enable = true;
profiles.default = { isDefault = true; };
};
};
}

16
home-manager/tidal.nix
View file

@ -1,16 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.pim.tidal;
in {
options.pim.tidal.enable = lib.mkEnableOption "tidal";
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
supercollider-with-sc3-plugins
];
};
}

32
home-manager/vscode.nix
View file

@ -1,32 +0,0 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.pim.vscode;
in {
options.pim.vscode.enable = lib.mkEnableOption "vscode";
config = lib.mkIf cfg.enable {
programs.vscode = {
enable = true;
package = pkgs.vscodium;
extensions = with pkgs.vscode-extensions; [
vscodevim.vim
marp-team.marp-vscode
jnoortheen.nix-ide
mkhl.direnv
];
userSettings = {
"nix.enableLanguageServer" = true;
"nix.serverPath" = lib.getExe pkgs.nil;
"terminal.integrated.defaultProfile.linux" = "fish";
"explorer.confirmDragAndDrop" = false;
"explorer.confirmPasteNative" = false;
"explorer.confirmDelete" = false;
};
};
};
}

183
hyprland/default.nix Normal file
View file

@ -0,0 +1,183 @@
{ pkgs, config, lib, inputs, ... }: {
imports = [
inputs.stylix.nixosModules.stylix
../modules/nixos/lanzaboote.nix
inputs.nixos-hardware.nixosModules.dell-xps-13-9310
inputs.home-manager.nixosModules.home-manager
];
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
sound.enable = true;
programs = {
hyprland = {
enable = true;
package = inputs.hyprland.packages."${pkgs.system}".hyprland;
};
dconf.enable = true;
file-roller.enable = true;
};
services = {
xserver = {
displayManager.gdm = {
enable = true;
wayland = true;
};
enable = true;
excludePackages = [ pkgs.xterm ];
};
printing.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
dbus = {
enable = true;
packages = [ pkgs.gnome3.gnome-keyring pkgs.gcr ];
};
gnome = {
gnome-keyring.enable = true;
sushi.enable = true;
};
};
users = {
users.pim = {
isNormalUser = true;
extraGroups = [ "wheel" "input" "wireshark" "dialout" ];
};
};
environment = {
variables.NIXOS_OZONE_WL = "1";
systemPackages = with pkgs; [
wget
curl
git
btop
ripgrep
vim
tree
dig
jq
file
sbctl
];
etc."greetd/environments".text = "hyprland";
};
system.stateVersion = "24.05";
security = {
rtkit.enable = true;
sudo.extraConfig = ''
Defaults timestamp_timeout=30
'';
};
nix = {
package = pkgs.nixFlakes;
settings.trusted-users = [ "root" "pim" ];
extraOptions = ''
experimental-features = nix-command flakes
'';
};
nixpkgs.hostPlatform = "x86_64-linux";
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "libfprint-2-tod1-goodix" ];
boot = {
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
initrd = {
kernelModules = [ ];
};
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
};
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = false;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [ vaapiVdpau libvdpau-va-gl ];
};
};
pim.lanzaboote.enable = true;
networking.hostName = "xps-9315";
swapDevices = [{ device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b"; }];
fileSystems = {
"/" =
{
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" =
{
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
boot.initrd.availableKernelModules = [ "sd_mod" "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" ];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit inputs; };
users.pim = {
imports = [ ./home.nix ];
};
};
stylix = {
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
image = "${inputs.hyprland}/assets/wall2.png";
cursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
};
fonts = {
monospace = {
package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; };
name = "JetBrainsMono Nerd Font Mono";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
};
};
}

191
hyprland/home.nix Normal file
View file

@ -0,0 +1,191 @@
{ pkgs, lib, config, inputs, ... }: {
imports = [
../home-manager/neovim
./waybar/style.css.nix
./waybar/config.jsonc.nix
];
home = {
username = "pim";
homeDirectory = "/home/pim";
stateVersion = "23.05";
packages = with pkgs; [
hyprland
telegram-desktop
signal-desktop
];
};
programs = {
home-manager.enable = true;
alacritty.enable = true;
librewolf = {
enable = true;
settings = {
"identity.fxaccounts.enabled" = true;
"privacy.clearOnShutdown.history" = false;
"privacy.clearOnShutdown.downloads" = false;
"browser.translations.automaticallyPopup" = false;
"browser.aboutConfig.showWarning" = false;
"privacy.clearOnShutdown.cookies" = false;
};
};
waybar = {
enable = true;
systemd = {
enable = true;
target = "hyprland-session.target";
};
};
};
fonts.fontconfig.enable = true;
wayland.windowManager.hyprland =
let
mainMod = "SUPER";
terminalEmulator = lib.getExe config.programs.alacritty.package;
fileManager = lib.getExe pkgs.gnome.nautilus;
webBrowser = lib.getExe config.programs.librewolf.package;
launcherCommand = "${lib.getExe pkgs.wofi} --show drun --allow-images --insensitive --matching fuzzy";
# startupScript = pkgs.writeShellScriptBin "hyprlandStart.sh" ''
# ${lib.getExe pkgs.waybar} &
# '';
in
{
enable = true;
settings = {
# exec-once = "${lib.getExe startupScript}";
monitor = ",preferred,auto,auto";
env = [
"XCURSOR_SIZE,24"
"HYPRCURSOR_SIZE,24"
];
general = {
gaps_in = 5;
gaps_out = 20;
border_size = 2;
resize_on_border = false;
layout = "dwindle";
};
decoration = {
rounding = 10;
active_opacity = "1.0";
inactive_opacity = "1.0";
drop_shadow = true;
shadow_range = 4;
shadow_render_power = 3;
blur = {
enabled = true;
size = 3;
passes = 1;
vibrancy = "0.1696";
};
};
animations = {
enabled = true;
bezier = "myBezier, 0.05, 0.9, 0.1, 1.05";
animation = [
"windows, 1, 7, myBezier"
"windowsOut, 1, 7, default, popin 80%"
"border, 1, 10, default"
"borderangle, 1, 8, default"
"fade, 1, 7, default"
"workspaces, 1, 6, default"
];
};
dwindle = {
pseudotile = true;
preserve_split = true;
};
master.new_is_master = true;
misc = {
force_default_wallpaper = -1;
disable_hyprland_logo = false;
};
input = {
follow_mouse = 1;
sensitivity = 0;
touchpad.natural_scroll = true;
};
gestures.workspace_swipe = false;
bind = [
"${mainMod}, T, exec, ${terminalEmulator}"
"${mainMod}, D, exec, ${fileManager}"
"${mainMod}, E, exec, ${webBrowser}"
"${mainMod}, W, exec, ${launcherCommand}"
"${mainMod} SHIFT, Q, killactive"
"${mainMod}, M, exit"
"${mainMod}, V, togglefloating"
"${mainMod}, P, pseudo,"
"${mainMod}, C, togglesplit,"
"${mainMod}, F, fullscreen, 0"
"${mainMod}, left, movefocus, l"
"${mainMod}, right, movefocus, r"
"${mainMod}, up, movefocus, u"
"${mainMod}, down, movefocus, d"
"${mainMod}, H, movefocus, l"
"${mainMod}, L, movefocus, r"
"${mainMod}, K, movefocus, u"
"${mainMod}, J, movefocus, d"
"${mainMod} SHIFT, H, movewindow, l"
"${mainMod} SHIFT, L, movewindow, r"
"${mainMod} SHIFT, K, movewindow, u"
"${mainMod} SHIFT, J, movewindow, d"
"${mainMod} Control&SHIFT, H, resizeactive, exact -10% 0"
"${mainMod} Control&SHIFT, L, resizeactive, exact 10% 0"
"${mainMod} Control&SHIFT, K, resizeactive, exact 0 -10%"
"${mainMod} Control&SHIFT, J, resizeactive, exact 0 10%"
"${mainMod}, 1, workspace, 1"
"${mainMod}, 2, workspace, 2"
"${mainMod}, 3, workspace, 3"
"${mainMod}, 4, workspace, 4"
"${mainMod}, 5, workspace, 5"
"${mainMod}, 6, workspace, 6"
"${mainMod}, 7, workspace, 7"
"${mainMod}, 8, workspace, 8"
"${mainMod}, 9, workspace, 9"
"${mainMod}, 0, workspace, 10"
"${mainMod} SHIFT, 1, movetoworkspace, 1"
"${mainMod} SHIFT, 2, movetoworkspace, 2"
"${mainMod} SHIFT, 3, movetoworkspace, 3"
"${mainMod} SHIFT, 4, movetoworkspace, 4"
"${mainMod} SHIFT, 5, movetoworkspace, 5"
"${mainMod} SHIFT, 6, movetoworkspace, 6"
"${mainMod} SHIFT, 7, movetoworkspace, 7"
"${mainMod} SHIFT, 8, movetoworkspace, 8"
"${mainMod} SHIFT, 9, movetoworkspace, 9"
"${mainMod} SHIFT, 0, movetoworkspace, 10"
"${mainMod}, mouse_down, workspace, e+1"
"${mainMod}, mouse_up, workspace, e-1"
];
bindm = [
"${mainMod}, mouse:272, movewindow"
"${mainMod}, mouse:273, resizewindow"
];
windowrulev2 = "suppressevent maximize, class:.*";
};
};
}

183
hyprland/waybar/config.jsonc.nix Normal file
View file

@ -0,0 +1,183 @@
{ pkgs, config, lib, ... }: {
xdg.configFile."waybar/config" = {
onChange = ''
${pkgs.procps}/bin/pkill -u $USER -USR2 waybar || true
'';
text =
let
palette = config.stylix.generated.palette;
in
''
{
"layer": "top",
// "output": [],
"position": "top",
"height": 36,
// "width": 900,
// "margin": "",
"margin-top": 10,
"margin-bottom": 0,
"margin-left": 10,
"margin-right": 10,
"spacing": 10,
"gtk-layer-shell": true,
"border-radius": 10,
"clock": {
"interval": 1,
"format": " {:%I:%M} ",
"format-alt": " {:%A, %d %B} ",
// "on-click": "gnome-calendar",
"tooltip": true,
"tooltip-format": "{calendar}",
"calendar": {
"mode": "year",
"mode-mon-col": 3,
"format": {
"today": "<span color='#${palette.base0F}'>{}</span>"
}
}
},
"modules-left": [
"clock",
"hyprland/workspaces",
"custom/notification"
],
"modules-center": [
"hyprland/submap",
"hyprland/window"
],
"modules-right": [
// "cpu",
// "memory",
"network#wlp2s0",
"bluetooth",
"backlight",
// "pulseaudio#microphone",
"pulseaudio#audio",
"battery",
"tray"
],
"hyprland/workspaces": {
"format": " {icon} ",
"format-icons": {
"default": "󰄰",
"active": ""
},
"on-click": "activate"
},
"hyprland/submap": {
"format": "{}",
"tooltip": false
},
"hyprland/window": {
"format": " {} ",
"separate-outputs": false
},
"tray": {
"icon-size": 15,
"spacing": 10
},
"cpu": {
"format": " {usage}%",
"on-click": "",
"tooltip": false
},
"memory": {
"format": "󰍛 {used:0.1f}GB ({percentage}%) / {total:0.1f}GB",
"on-click": "",
"tooltip": false
},
"backlight": {
"format": " {icon} {percent} ",
"format-icons": [
"󰃟"
],
"on-scroll-up": "${lib.getExe pkgs.brightnessctl} set +5%",
"on-scroll-down": "${lib.getExe pkgs.brightnessctl} set 5%-",
"on-click": "${lib.getExe pkgs.brightnessctl} set 1",
"tooltip": false
},
"pulseaudio#audio": {
"format": " {icon} {volume:2} ",
"format-bluetooth": " {icon} {volume}% ",
"format-muted": " {icon} Muted ",
"format-icons": {
"headphones": "",
"default": [
"",
""
]
},
"scroll-step": 5,
"on-click": "pavucontrol",
"on-click-right": "pamixer -t"
},
"network#wlp2s0": {
"interval": 1,
"interface": "wlan0",
"format-icons": [
"󰤯",
"󰤟",
"󰤢",
"󰤥",
"󰤨"
],
"format-wifi": " {icon} ", // added multiple spaces to the right, was not aligning center correctly, still is not :(
"format-disconnected": "󰤮",
"on-click": "iwgtk",
"tooltip": true,
"tooltip-format": "󰢮 {ifname}\n󰩟 {ipaddr}/{cidr}\n{icon} {essid}\n󱑽 {signalStrength}% {signaldBm} dBm {frequency} MHz\n󰞒 {bandwidthDownBytes}\n󰞕 {bandwidthUpBytes}"
},
"bluetooth": {
"format-disabled": " 󰂲 ",
"format-off": " 󰂲 ",
"format-on": " 󰂯 ",
"format-connected": " 󰂯 ",
"format-connected-battery": " 󰂯 ",
"tooltip-format-connected": " {device_alias} 󰂄{device_battery_percentage} ",
"on-click": "blueberry",
"tooltip": true
},
"battery": {
"states": {
"warning": 20,
"critical": 10
},
"format": " {icon} {capacity} ",
"format-charging": " 󰂄 {capacity} ",
"format-plugged": " 󱘖 {capacity} ",
"format-icons": [
"󰁺",
"󰁻",
"󰁼",
"󰁽",
"󰁾",
"󰁿",
"󰂀",
"󰂁",
"󰂂",
"󰁹"
],
"on-click": "",
"tooltip": false
}
}
'';
};
}

204
hyprland/waybar/style.css.nix Normal file
View file

@ -0,0 +1,204 @@
{ config, ... }: {
programs.waybar.style =
let
palette = config.stylix.generated.palette;
in
''
* {
font-size: 14px;
font-family: "Hack Nerd Font";
border-radius: 10;
}
window#waybar {
background-color: transparent;
color: #${palette.base05};
/* border-radius: 20px; */
/* border: 1px solid #${palette.base00}; */
}
tooltip {
background: #${palette.base00};
border: 1px solid #${palette.base05};
border-radius: 10px;
}
tooltip label {
color: #${palette.base05};
}
#workspaces {
background-color: transparent;
margin-top: 0;
margin-bottom: 0;
}
#workspaces button {
background-color: #${palette.base00};
color: #${palette.base05};
border-radius: 10px;
transition: all 0.3s ease;
margin-right: 10;
}
#workspaces button:hover {
box-shadow: inherit;
text-shadow: inherit;
background-color: #${palette.base04};
color: #${palette.base09};
min-width: 30px;
transition: all 0.3s ease;
}
#workspaces button.focused,
#workspaces button.active {
background-color: #${palette.base02};
color: #${palette.base09};
min-width: 30px;
transition: all 0.3s ease;
animation: colored-gradient 10s ease infinite;
}
/* #workspaces button.focused:hover,
#workspaces button.active:hover {
background-color: #${palette.base09};
transition: all 1s ease;
} */
#workspaces button.urgent {
background-color: #${palette.base0F};
color: #${palette.base00};
transition: all 0.3s ease;
}
/* #workspaces button.hidden {} */
#taskbar {
border-radius: 8px;
margin-top: 4px;
margin-bottom: 4px;
margin-left: 1px;
margin-right: 1px;
}
#taskbar button {
color: #${palette.base05};
padding: 1px 8px;
margin-left: 1px;
margin-right: 1px;
}
#taskbar button:hover {
background: transparent;
border: 1px solid #${palette.base02};
border-radius: 8px;
transition: all 0.3s ease;
animation: colored-gradient 10s ease infinite;
}
/* #taskbar button.maximized {} */
/* #taskbar button.minimized {} */
#taskbar button.active {
border: 1px solid #${palette.base02};
border-radius: 8px;
transition: all 0.3s ease;
animation: colored-gradient 10s ease infinite;
}
/* #taskbar button.fullscreen {} */
/* -------------------------------------------------------------------------------- */
#custom-launcher,
/* #window, */
#submap
#mode,
/* #tray, */
#cpu,
#memory,
#backlight,
#window { background-color: #${palette.base02}; }
#pulseaudio.audio { background-color: #${palette.base02}; }
#pulseaudio.microphone,
#network { background-color: #${palette.base02}; }
#bluetooth { background-color: #${palette.base02}; }
#battery { background-color: #${palette.base02}; }
#clock { background-color: #${palette.base02}; }
#custom-powermenu,
#custom-notification {
background-color: transparent;
color: #${palette.base05};
padding: 1px 8px;
margin-top: 5px;
margin-bottom: 5px;
margin-left: 2px;
margin-right: 2px;
border-radius: 20px;
transition: all 0.3s ease;
}
#submap {
background-color: #${palette.base00};
border: 0;
}
/* If workspaces is the leftmost module, omit left margin */
/* .modules-left > widget:first-child > #workspaces, */
.modules-left > widget:first-child > #workspaces button,
.modules-left > widget:first-child > #taskbar button,
.modules-left > widget:first-child > #custom-launcher,
.modules-left > widget:first-child > #window,
.modules-left > widget:first-child > #tray,
.modules-left > widget:first-child > #cpu,
.modules-left > widget:first-child > #memory,
.modules-left > widget:first-child > #backlight,
.modules-left > widget:first-child > #pulseaudio.audio,
.modules-left > widget:first-child > #pulseaudio.microphone,
.modules-left > widget:first-child > #network,
.modules-left > widget:first-child > #bluetooth,
.modules-left > widget:first-child > #battery,
.modules-left > widget:first-child > #clock,
.modules-left > widget:first-child > #custom-powermenu,
.modules-left > widget:first-child > #custom-notification {
margin-left: 5px;
}
/* If workspaces is the rightmost module, omit right margin */
/* .modules-right > widget:last-child > #workspaces, */
/* .modules-right > widget:last-child > #workspaces, */
.modules-right > widget:last-child > #workspaces button,
.modules-right > widget:last-child > #taskbar button,
.modules-right > widget:last-child > #custom-launcher,
.modules-right > widget:last-child > #window,
.modules-right > widget:last-child > #tray,
.modules-right > widget:last-child > #cpu,
.modules-right > widget:last-child > #memory,
.modules-right > widget:last-child > #backlight,
.modules-right > widget:last-child > #pulseaudio.audio,
.modules-right > widget:last-child > #pulseaudio.microphone,
.modules-right > widget:last-child > #network,
.modules-right > widget:last-child > #bluetooth,
.modules-right > widget:last-child > #battery,
.modules-right > widget:last-child > #clock,
.modules-right > widget:last-child > #custom-powermenu,
.modules-right > widget:last-child > #custom-notification {
margin-right: 5px;
}
/* -------------------------------------------------------------------------------- */
#tray {
background-color: #${palette.base00};
padding: 1px 8px;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #${palette.base0F};
}
'';
}

4
machines/default.nix
View file

@ -1,4 +0,0 @@
{
sue = import ./sue;
gamepc = import ./gamepc;
}

94
machines/gamepc/configuration.nix
View file

@ -1,94 +0,0 @@
{
config,
lib,
...
}: {
config = {
pim = {
cinnamon.enable = true;
};
facter.reportPath = ./facter.json;
networking.hostName = "gamepc";
services.openssh.enable = true;
users.users = {
root.password = "";
pim = {
openssh.authorizedKeys.keys = config.pim.ssh.keys.pim;
password = "";
};
};
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
disko.devices.disk = lib.genAttrs ["0" "1"] (name: {
type = "disk";
device = "/dev/nvme${name}n1";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "500M";
type = "EF00";
content = {
type = "mdraid";
name = "boot";
};
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
});
disko.devices.mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.0";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
end = "-4G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "100%";
content = {
type = "swap";
};
};
};
};
};
};
};
}

4
machines/gamepc/default.nix
View file

@ -1,4 +0,0 @@
{
nixosModule = import ./configuration.nix;
homeManagerModule = import ./home.nix;
}

4792
machines/gamepc/facter.json
View file

File diff suppressed because it is too large Load diff

7
machines/gamepc/home.nix
View file

@ -1,7 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs.unstable; [
devenv
vlc
handbrake
];
}

49
machines/sue/configuration.nix
View file

@ -1,49 +0,0 @@
{inputs, ...}: {
config = {
pim = {
lanzaboote.enable = true;
tidal.enable = true;
gnome.enable = true;
stylix.enable = true;
wireguard.enable = true;
tailscale.enable = true;
compliance.enable = true;
sops.enable = true;
};
facter.reportPath = ./facter.json;
networking.hostName = "xps-9315";
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
nix.settings = {
substituters = ["https://cosmic.cachix.org/"];
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
specialisation.cosmic.configuration = {
imports = [
inputs.nixos-cosmic.nixosModules.default
];
services = {
desktopManager.cosmic.enable = true;
displayManager.cosmic-greeter.enable = true;
};
};
};
}

4
machines/sue/default.nix
View file

@ -1,4 +0,0 @@
{
nixosModule = import ./configuration.nix;
homeManagerModule = import ./home.nix;
}

6453
machines/sue/facter.json
View file

File diff suppressed because it is too large Load diff

44
machines/sue/home.nix
View file

@ -1,44 +0,0 @@
{pkgs, ...}: {
config = {
pim = {
tidal.enable = true;
gnome.enable = true;
vscode.enable = true;
syncthing.enable = true;
neovim.enable = true;
firefox.enable = true;
};
home.packages =
(with pkgs; [
jellyfin-media-player
virt-manager
])
++ (with pkgs.unstable; [
attic-client
dbeaver-bin
devenv
bottles-unwrapped
gimp
hexchat
impression
insomnia
keepassxc
krita
libreoffice
# logseq # Has insecure electron dependency
moonlight-qt
nicotine-plus
qFlipper
signal-desktop
strawberry
telegram-desktop
vlc
vorta
wireshark
# nheko # Has insecure olm dependency
handbrake
feishin
]);
};
}

7
nixos/lanzaboote.nix → modules/nixos/lanzaboote.nix
View file

@ -1,9 +1,4 @@
{
config,
lib,
inputs,
...
}: {
{ config, lib, inputs, ... }: {
imports = [
inputs.lanzaboote.nixosModules.lanzaboote
];

19
nixos/cinnamon.nix
View file

@ -1,19 +0,0 @@
{
config,
lib,
...
}: let
cfg = config.pim.cinnamon;
in {
options.pim.cinnamon.enable = lib.mkEnableOption "cinnamon";
config = lib.mkIf cfg.enable {
services = {
displayManager.defaultSession = "cinnamon";
libinput.enable = true;
xserver = {
desktopManager.cinnamon.enable = true;
displayManager.lightdm.enable = true;
};
};
};
}

14
nixos/compliance.nix
View file

@ -1,14 +0,0 @@
{
config,
lib,
...
}: let
cfg = config.pim.compliance;
in {
options.pim.compliance.enable = lib.mkEnableOption "compliance";
config = lib.mkIf cfg.enable {
services.clamav = {
daemon.enable = true;
};
};
}

174
nixos/default.nix
View file

@ -1,174 +0,0 @@
{
pkgs,
config,
lib,
inputs,
flake,
system,
...
}: {
imports = [
inputs.home-manager.nixosModules.home-manager
inputs.nixos-facter-modules.nixosModules.facter
inputs.disko.nixosModules.disko
./lanzaboote.nix
./tidal.nix
./sops.nix
./stylix.nix
./wireguard.nix
./gnome.nix
./tailscale.nix
./compliance.nix
./cinnamon.nix
./ssh.nix
];
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
programs.ssh.startAgent = true;
services = {
xserver.enable = true;
printing = {
enable = true;
drivers = [pkgs.hplip pkgs.gutenprint];
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
};
users.users.pim = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
};
environment = {
systemPackages = with pkgs; [
age
borgbackup
btop
btrfs-progs
curl
dig
exfat
f3
fastfetch
file
git
jq
kubectl
nmap
poppler_utils # For pdfunite
ripgrep
sbctl
silicon
tree
units
vim
wget
yq
ncdu
lshw
];
};
system = {
stateVersion = "23.05";
activationScripts.diff = ''
if [[ -e /run/current-system ]]; then
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
fi
'';
};
security = {
rtkit.enable = true;
sudo.extraConfig = ''
Defaults timestamp_timeout=30
'';
};
nix = {
package = pkgs.nixFlakes;
settings.trusted-users = ["root" "pim"];
extraOptions = ''
experimental-features = nix-command flakes
'';
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
networking.useDHCP = lib.mkDefault true;
virtualisation.docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"libfprint-2-tod1-goodix"
];
};
overlays = [
inputs.nur.overlay
(final: _prev: {
unstable = import inputs.nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
})
];
};
boot = {
kernelModules = ["kvm-intel" "cdrom"];
extraModulePackages = [];
initrd = {
availableKernelModules = ["sd_mod"];
kernelModules = [];
};
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
};
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = false;
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit flake inputs;};
users.pim.imports = ["${flake}/home-manager"];
};
}

57
nixos/gnome.nix
View file

@ -1,57 +0,0 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.pim.gnome;
in {
options.pim.gnome.enable = lib.mkEnableOption "gnome";
config = lib.mkIf cfg.enable {
services = {
gnome.gnome-keyring.enable = lib.mkForce false;
xserver = {
desktopManager.gnome.enable = true;
displayManager.gdm.enable = true;
excludePackages = [pkgs.xterm];
};
};
environment = {
systemPackages =
[
pkgs.gnome.gnome-shell-extensions
]
++ (with pkgs.gnomeExtensions; [
pop-shell
window-is-ready-remover
random-wallpaper
workspaces-indicator-by-open-apps
]);
gnome.excludePackages =
(with pkgs; [
epiphany
gnome-connections
gnome-console
gnome-tour
])
++ (with pkgs.gnome; [
geary
gnome-calendar
gnome-clocks
gnome-contacts
gnome-font-viewer
gnome-logs
gnome-maps
gnome-music
seahorse
totem
yelp
gnome-weather
]);
};
};
}

22
nixos/sops.nix
View file

@ -1,22 +0,0 @@
{
inputs,
pkgs,
flake,
config,
lib,
...
}: let
cfg = config.pim.sops;
in {
imports = [inputs.sops-nix.nixosModules.sops];
options.pim.sops.enable = lib.mkEnableOption "sops";
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [sops];
sops = {
age.keyFile = "/home/pim/.config/sops/age/keys.txt";
defaultSopsFile = "${flake}/secrets/secrets.yaml";
};
};
}

27
nixos/ssh.nix
View file

@ -1,27 +0,0 @@
{lib, ...}: {
options = {
pim.ssh.keys = lib.mkOption {
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
};
};
config = {
pim.ssh.keys = {
pim = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"];
niels = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"];
};
services = {
openssh = {
openFirewall = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
GSSAPIAuthentication = false;
UseDns = false;
};
};
};
};
}

47
nixos/stylix.nix
View file

@ -1,47 +0,0 @@
{
pkgs,
inputs,
config,
lib,
...
}: let
cfg = config.pim.stylix;
in {
imports = [inputs.stylix.nixosModules.stylix];
options.pim.stylix.enable = lib.mkEnableOption "stylix";
config = {
stylix = lib.mkMerge [
{
image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png";
}
(lib.mkIf cfg.enable {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
cursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 28;
};
fonts = {
monospace = {
package = pkgs.nerdfonts.override {fonts = ["JetBrainsMono"];};
name = "JetBrainsMono Nerd Font Mono";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
};
})
];
};
}

20
nixos/tailscale.nix
View file

@ -1,20 +0,0 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.pim.tailscale;
in {
options.pim.tailscale.enable = lib.mkEnableOption "tailscale";
config = lib.mkIf cfg.enable {
environment.systemPackages = [pkgs.gnomeExtensions.tailscale-status];
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
networking.networkmanager.unmanaged = ["tailscale0"];
};
}

13
nixos/tidal.nix
View file

@ -1,13 +0,0 @@
{
lib,
config,
...
}: let
cfg = config.pim.tidal;
in {
options.pim.tidal.enable = lib.mkEnableOption "tidal";
config = lib.mkIf cfg.enable {
users.users.pim.extraGroups = ["audio"];
};
}

55
nixos/wireguard.nix
View file

@ -1,55 +0,0 @@
{
lib,
config,
...
}: let
cfg = config.pim.wireguard;
in {
options.pim.wireguard.enable = lib.mkEnableOption "wireguard";
config = lib.mkIf cfg.enable {
networking = {
useDHCP = lib.mkDefault true;
networkmanager.unmanaged = ["tailscale0"];
wg-quick.interfaces = {
home = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = ["10.225.191.4/24"];
dns = ["192.168.30.131"];
autostart = false;
mtu = 1412;
peers = [
{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = ["0.0.0.0/0"];
}
];
};
home-no-pihole = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = ["10.225.191.4/24"];
dns = ["192.168.10.1"];
autostart = false;
mtu = 1412;
peers = [
{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = ["0.0.0.0/0"];
}
];
};
};
};
sops.secrets = {
"wireguard/home/presharedKey" = {};
"wireguard/home/privateKey" = {};
};
};
}

3
secrets/README.md Normal file
View file

@ -0,0 +1,3 @@
```bash
nix run github:ryantm/agenix# -- -e secret1.age
```

BIN
secrets/ansible-vault-secret.age Normal file
View file

Binary file not shown.

12
secrets/common-pg-tfbackend.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww i6BkkMy9gSSVZ+L+EMYSLakp1qA4yOGbEkLrO4Ddbxs
FsoRnCiPsJEKQj+2iJaqn+BbU+bFMAkReRotiV+0WCs
-> ssh-ed25519 vBZj5g +6YFp3yYXSEzRMXu7WyURkJk/cA87irnW5FpKRYnGSA
dJkMmnxyVEv/S9FmCrRkrYDCh+OwXK+UYno3ncr5nOk
-> 6gQa-grease Yt+ucm#U |<d\`t
SxpuSh2ee/jDNu7mXcn82fTt6/wy7ksA+W1xHQHiShJGvyyr6dTIPEk0qY1oqIPt
HkQNvNYLpMwpAqSTvmcmybps4CoWt0x6GJ0aBPOlYEIuwHnJ5Pkvnf4U9wPuwr6Y
zQ
--- hHweNMiKEIEw/TwSGhElfRiQYqLtmhwylkMWvfthyGY
?×%Ö¿H¹§G¤/Pì#
ÚŠÐÛäF±QÙç„lRÊDcNÖЉ ç$Hs©ŠTæžø<C5BE>ÊÁÏqVf¤àˆÝkëã•ø<E280A2>ï¡×OŒÞÛµæE•êgißžXŒ§sá”)gO¢.·]·æÐCJcè<63>E^EŸq:<3A>qß&™E™#¾ArÄªÉ ™€ñì

BIN
secrets/keepassxc.ini.age Normal file
View file

Binary file not shown.

24
secrets/pim.yaml
View file

File diff suppressed because one or more lines are too long

BIN
secrets/postgresql_client.key.age Normal file
View file

Binary file not shown.

11
secrets/powerdns-api-key.json.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww NnvaPUzk3WjwC3nu7T47DXtNqDuysbgAccdF1kWO5yQ
XYX2GfZSHrnhoKutbqVxB9zghbl1kZDyOTphUXvt8oQ
-> ssh-ed25519 vBZj5g mpi+OE3ST+mP05IKimQrwOZxOaDgeUUoKujOOSXEljQ
kwHkJu14Xpqgd4POeuLLcbech+Kh2XSfBed3M1Cu8DA
-> =6-grease C`Yq5 Y2 4
8sgSLLYCXkFRy0SFfNH0fhb14HonKVpVfkc1rc7sC7bXVXi8FGri/d/AW42G2J9m
W/FfhKnGBAOj1cA/wPw4cqCcQKbux78C7BdN6EfrF+ddzF+n98EwtBJ/cjzRky+A
FJJY
--- sytjLDBFLb2VqtF3LSiSS1Nxb56oNtx2AGzhYCPItW8
.ÚËr-Ò†±–åØè/ BD$Õ¬F³Ðó¡FÜЙó‰SÅÙ/MœÎËâò ª¸òi/<2F># šÙï%u7ÍŸ6ƒör…W ¸öe?…ƒÉi,·ÐÑä[ÁY¤9ÙÿÀÁ

22
secrets/secrets.nix Normal file
View file

@ -0,0 +1,22 @@
let
pkgs = import <nixpkgs> { };
publicKeysURL =
"https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
publicKeys = pkgs.lib.strings.splitString "\n"
(pkgs.lib.strings.fileContents publicKeysFile);
in
{
"wg-quick-home-privkey.age".publicKeys = publicKeys;
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
"sue_ed25519.age".publicKeys = publicKeys;
"sue_azure_rsa.age".publicKeys = publicKeys;
"syncthing-key.pem.age".publicKeys = publicKeys;
"syncthing-cert.pem.age".publicKeys = publicKeys;
"common-pg-tfbackend.age".publicKeys = publicKeys;
"ansible-vault-secret.age".publicKeys = publicKeys;
"powerdns-api-key.json.age".publicKeys = publicKeys;
"keepassxc.ini.age".publicKeys =
publicKeys; # Secret agent causes private keys in config file.
"postgresql_client.key.age".publicKeys = publicKeys;
}

25
secrets/secrets.yaml
View file

@ -1,25 +0,0 @@
testje: ENC[AES256_GCM,data:kMnaocttth1O6g==,iv:mV9gEMdomVhmOTBUWIFz3o23TBb7DLM2rXI/Tb81bSg=,tag:qj6TlvW5sY6Ek9M0GIqB3A==,type:str]
wireguard:
home:
presharedKey: ENC[AES256_GCM,data:H+oCRsg2ikN9KyVacEFasYmx5XE1zrnjBthkL5OitOXHTr4Ls0zwoF5StXs=,iv:N63wO4TKagbweStqf7wL3YZ0njxDNvrISErPao5wf7o=,tag:67kZcNaCzv3RI41XmA+UFQ==,type:str]
privateKey: ENC[AES256_GCM,data:WcPVrLiy2JJvzIh7sUpHMnt1MNx5rw5bI+xGmkitC9nEiNytMG71wmlC4d0=,iv:sl8gZgCzaW10UH0GLycvQVHqBlDVq7BUgoIEl41lc20=,tag:7oLlVjulxuEsW+pS8sZ+Ew==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWL1dlTjFNTXRPd0ppbE1i
THlsMzB1K041eUdTemRseGk5dkVwUDk2TFIwCnR1WE9iYXhHWHprZCtlSFExakhs
R0FtcEc0VTJ4WFBORFluYTdBTFh1NzAKLS0tIGtrYkVPSEVXV1dnb1J4V1pkQktW
VjNXUkpmVmxyNDNsT0ZjQjhOYklEbW8KV86AD+8QE14BZxWb7TVolwlcy1eFKxks
rOpqcXBqtUPaBC10IhVV434DGFIZMtRuYEQ4G/sdCsc3qiNxO3Cl4A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-15T14:04:18Z"
mac: ENC[AES256_GCM,data:6YKdfUk4ltXQ6U7FHs9ehGDUVzfZo1cKnSJMp+zYBEBnhmz7LdCBZycBpJ9syJn4WW1jZ8Bz7+lIxDsXm35AhjI+Mia20BqcWotcCaoHUslK+QV/YRIw8wxP7pvOKNeTa9UMhrcpXBVJxdQvKEBZPWziD4Xk3RGomvGEjB3xXKY=,iv:Tvgo/tlxnNk31C/cqCAKIGRdYEug9DdqeIUdJgQj4yE=,tag:z/tWTyiYmUmc2zVc3mQq0Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

BIN
secrets/sue_azure_rsa.age Normal file
View file

Binary file not shown.

BIN
secrets/sue_ed25519.age Normal file
View file

Binary file not shown.

BIN
secrets/syncthing-cert.pem.age Normal file
View file

Binary file not shown.

12
secrets/syncthing-key.pem.age Normal file
View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww 0YS+10yTGhQwLKj5SZkyHLAOMHScnEXuW8H1LJSJJl8
fYIEukt41D5s417B6EcCj5DP0JCcqDKIzdUqGeNLguQ
-> ssh-ed25519 vBZj5g ufNv/vQfhTj203S9NhLoTs3AK3v1MQC73oPLhj7TJQ8
/ExO1bN02B6uJoWiVQDqRQ6yMd4o3qR3sUpN9OHEW50
-> 9f-grease p
6eUQ4dl855OIlCfN61wQ/7n8
--- WTuEDM+CWDqaep0MlbCL1QXXzDumVR4WCXhyA3b7zm8
Û,”ùQÎófç¥w— >Óœ×ÿ¿g7QÂå×Ú¤2*ð<>„ù 0­.Ž3zy•DØ<31>4™¹ÀE$Nw7îqAÊp¹&g;„®
¢VÊ\oø_^èW¼<>-WÞ(k\¬ÝRµb£{h<*ì èÒçظ¤11gKÏâk<C3A2>U,Ñ$>­p®zoÑlÏ5\dSÌ4OOû\¯+yÿúà(–Ä×Çå+»ñëÿçbãj¼Eº)}ì$ÒŽ¬T?»
ÿ%;Ž¿QFiçº4ŽJH®Ÿ­å<C2AD>™6AúSâÑÜЉãˆ<C3A3>k˜Z²?ܸ”MY26ËhÊ]e”µ(¤a¤&[ͳ°0‡juSóXKúNd>,Ûçv®ÔŠ¬
ѳ /BnùšgæO ©m}~¦‡z™i‰Üx£GàÈöb­

9
secrets/wg-quick-home-preshared-key.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww Wlatyvlg6jc+ISAQu1QEA62IUeWnriQJg+ChseMcyFI
tRhEc/mkG7FFZO2G5A+0NNCj693Q3dbDhMOBxKmCBjw
-> ssh-ed25519 vBZj5g HdeqB71NJkEFgXb0LPefYl+kwQNUYJQAHBEDxKdPqxk
6mUCxbBT6PpAf0BwTD6Tv7pDZzWmHxBWw+/IbgLXQZA
-> N-grease
OKOvPc2zAXju6FzjNzuCZiF9pN2hmmxMMRWxZwXar8MR
--- QR9PJv7R2ASeHrsBO7SuZzAB9s5fD0jT/qEFuJx8CNg
Š·_AéZñR IWnO†¢'j—̤,ÄØÃ#†ò™ZPjJ©è&Zô˜ôÎÃ…ÿ°ë…{ÕW…ðÚ˜×wÞˆ %Ó±‰%

10
secrets/wg-quick-home-privkey.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww ST/R4vPro6VMrJgRJqMIYkhaQJ0EV0ss/yX94BAxSWE
VIWQpIuuf0OS4z1D1QsFRvvWrmbo6LJEdPJ7jmbhv+w
-> ssh-ed25519 vBZj5g GAlVKDrXvlR7FqID4Rbpb64QChS8rwUCyJdxg2PXSw0
cS8pDXkYvvFsiTt0i6s5r/7cxbf5IcjiNQWQAcgoXFg
-> w-grease s,fAjpd YvL[bWVw $h4j|^ >JU
EO9ZKdn19mADx6rwhpKftX/QxZ4yNlXgZttyn0rBpSZuVfX8Oj430VppAZ5RYwn9
zHqBvBs6VEYUt4jOWOGl/idBNg
--- OnaKsFMYoiOP1T2o4GIgME6KQqWqwIQM9WADk28E9qA
<<16>˜±n-ã¸þ”iìÙ÷bÖRä¿·â;¢©Ö)¸“[ G[Õ„·FÔX°ä<C2B0>?Hne•®ò&­n¸m#œ$}”¸e]Õ-6ᢾx„

4
treefmt.nix
View file

@ -1,4 +0,0 @@
{...}: {
projectRootFile = "flake.nix";
programs.alejandra.enable = true;
}

BIN
wallpapers/Famous Places in the Eastern Capital/Decorations_for_Season-opening_Kabuki_Performances_at_Saruwakamachi_LACMA_M.2007.152.22.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.2 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/Hiroshige,_A_bridge_in_the_rain.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.1 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/Hiroshige,_Evening_Cherry_Blossoms,_Yoshiwara_Nakanochô_(Yoshiwara_nakanochô_yozakura)_From_the_series_Famous_Views.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 486 KiB

BIN
wallpapers/Famous Places in the Eastern Capital/Kameido_umeyashiki_no_zu_LCCN2008660840.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 10 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1301973-Utagawa_Hiroshige-東都名所-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.7 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303508-Utagawa_Hiroshige-東都名所_永代橋深川新地-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.5 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303509-Utagawa_Hiroshige-東都名所_王子滝の川-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3.2 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303510-Utagawa_Hiroshige-東都名所_神田明神-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303511-Utagawa_Hiroshige-東都名所_真土山之図-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.7 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303513-Utagawa_Hiroshige-東都名所_道潅山虫聞之図-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303514-Utagawa_Hiroshige-東都名所_深川三拾三間堂-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303515-Utagawa_Hiroshige-東都名所_五百羅漢さゞゐ堂-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.6 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303516-Utagawa_Hiroshige-東都名所_芝増上寺山内図-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.8 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308372-Utagawa_Hiroshige-東都名所_日暮里-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.6 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308374-Utagawa_Hiroshige-東都名所_芝赤羽橋之図-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308375-Utagawa_Hiroshige-東都名所_芝増上寺-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.6 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308376-Utagawa_Hiroshige-東都名所_芝愛宕山之図-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.7 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308381-Utagawa_Hiroshige-東都名所_駿河町之図-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.8 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308382-Utagawa_Hiroshige-東都名所_浅草金竜山年之市群集-crd.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3.1 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/東都名所_二丁町芝居の図-View_of_the_Kabuki_Theaters_at_Sakai-cho_on_Opening_Day_of_the_New_Season_(Sakai-cho_Shibai_no_Zu),_from_the_series,_ Toto_Meisho _MET_DP123276.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/東都名所_真崎雪晴ノ図-Clearing_Weather_after_Snow_at_Massaki_MET_DP123291.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/東都名所_芝愛宕山上の図-Shiba_Atago_Sanjo_no_Zu_MET_DP123284.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 2.9 MiB