pim/nixos-laptop
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

Compare commits

merge into: pim:vuescan
Branches Tags
pim:master
pim:hyprland
pim:vuescan
...
pull from: pim:master
Branches Tags
pim:master
pim:hyprland
pim:vuescan

58 commits
vuescan ... master

Author SHA1 Message Date
Pim Kunis
5d675cbaad Update flake inputs 2024-09-19 19:13:23 +02:00
Pim Kunis
e692a80d1c Update flake inputs 
Disable Nheko due to insecure dependency
Unmanage tailscale0 with NetworkManager
 2024-09-02 08:13:33 +02:00
Pim Kunis
d754476865 Enable fzf to find files 
Install feishin
closes #34
 2024-09-01 16:32:12 +02:00
Pim Kunis
ca6d704524 Revert "Update flake inputs" 
This reverts commit aa7c2bac3b.
 2024-08-09 18:38:19 +02:00
Pim Kunis
17433101a5 Revert "fix: Fix audio for xps 9315" 
This reverts commit 1f70f75ca7.
 2024-08-09 18:38:16 +02:00
Pim Kunis
1f70f75ca7 fix: Fix audio for xps 9315 2024-08-04 10:58:07 +02:00
Pim Kunis
aa7c2bac3b Update flake inputs 2024-07-30 18:41:46 +02:00
Pim Kunis
d40bbc417c feat(tailscale): Enable routing features 
fix(wireguard): Disable autoconnect to prevent clashing with tailscale
fix(ssh): Remove aliases that clash with tailscale magicDNS
 2024-07-23 22:52:04 +02:00
Pim Kunis
f933a38b7d Enable tailscale 
Install nheko and handbrake
Enable cdrom kernel module
 2024-07-22 20:26:10 +02:00
Pim Kunis
03164646a5 chore(nix): Update Nix flake inputs 2024-07-12 17:00:02 +02:00
Pim Kunis
ebc3ad8204 Autostart Wireguard tunnel again 
Disable up arrow for Atuin
 2024-07-12 11:49:18 +02:00
Pim Kunis
95f36524e2 Update flake inputs 
Explicitly enable stylix
 2024-07-12 10:20:51 +02:00
Pim Kunis
46cf4907cb Disable ipv6 for wireguard tunnel until fixed 2024-06-30 22:18:28 +02:00
Pim Kunis
93104ed7e0 Enable camera for Dell XPS 
Install lshw
Set default Git branch to master
 2024-06-22 16:24:50 +02:00
Pim Kunis
0cecc75e3d Clean up secret management 
Update readme
 2024-06-15 18:21:07 +02:00
Pim Kunis
5d752cb279 Replace homeage with sops-nix 2024-06-15 18:10:55 +02:00
Pim Kunis
03608f96d7 Replace agenix with sops-nix 2024-06-15 16:20:03 +02:00
Pim Kunis
80530d6290 Disable safe operations in zsh 
Install ncdu
Rotate wallpaper every 30 minutes
 2024-06-15 15:16:59 +02:00
Pim Kunis
62265a466c Manage default applications with home-manager 2024-06-15 14:18:36 +02:00
Pim Kunis
b6b5d5901c Add gnome extension to use random wallpapers 
Add collection of wallpapers
 2024-06-13 23:32:04 +02:00
Pim Kunis
9c83729db0 Deploy sops age key with homeage 2024-06-13 09:01:57 +02:00
Pim Kunis
d11fc9ba6d Add Atuin 
Disable fzf
Add keybindings to move panes in tmux
Fix gnome move to workspace 1 keybinding
Set number of gnome workspaces
Enable edge tiling in gnome
 2024-06-12 23:12:04 +02:00
Pim Kunis
5bfab60b73 Use tmux 2024-06-11 19:59:58 +02:00
Pim Kunis
867912a676 Replace Bash with ZSH 
Uninstall some unneeded GNOME programs
 2024-06-09 23:01:34 +02:00
Pim Kunis
c3bddc6c44 Remove unnecessary directories 2024-06-09 22:06:21 +02:00
Pim Kunis
afcc583dcf Reorganize and refactor project 2024-06-09 22:00:47 +02:00
Pim Kunis
ed1e654706 Install Stylix 
Install Pop!_OS shell
Enable Jack emulation in Pipewire
Set a wallpaper
Replace Terminator with Alacritty
Copy GNOME config to dconf
 2024-06-09 20:31:39 +02:00
Pim Kunis
235efa07e8 Update system to NixOS 24.05 2024-06-04 21:21:38 +02:00
Pim Kunis
a3ed1136f1 Install Krita and Bottles 2024-06-04 20:50:14 +02:00
Pim Kunis
3d33b0c7a5 Fix mounting of /boot 
Fix importing disko for x201
 2024-05-26 20:57:48 +02:00
Pim Kunis
955f9e3a07 Add x201 configuration 
Create module for lanzaboote
 2024-05-26 17:12:52 +02:00
Pim Kunis
e069bd25a2 Install pipewire 
Install borgbackup tools
Don't clean cookies in librewolf
Merge nixos configuration and hardware configuration
 2024-05-25 16:37:37 +02:00
Pim Kunis
b6b5d8344c Move from firefox to librewolf for dialy browsing 
Fix wrong hostname set
 2024-05-19 13:01:27 +02:00
Pim Kunis
db7238afe3 Split between personal and work laptop 2024-05-16 18:48:46 +02:00
Pim Kunis
1d3125a5b4 Update flake inputs 2024-05-11 14:37:56 +02:00
Pim Kunis
3d4ac7c7e1 Disable USB webcam 2024-05-11 09:53:50 +02:00
Pim Kunis
dbe5349bae Install hexchat 
Reduce MTU on wireguard tunnel
 2024-05-05 18:07:40 +02:00
Pim Kunis
f03c7117bb Disable sponsored Firefox top sites 2024-05-03 22:31:15 +02:00
Pim Kunis
acdf4f02af Run unstable of various desktop apps 2024-05-03 22:14:13 +02:00
Pim Kunis
9f678ee151 Update flake 2024-05-03 21:30:07 +02:00
Pim Kunis
07538a39d1 Add my username to trusted nix users 
Add attic client
Use BBR as TCP congestion control algorithm
 2024-04-29 15:19:17 +02:00
Pim Kunis
2ac437d742 update nixpkgs unstable 
add devenv
 2024-04-20 18:48:35 +02:00
Pim Kunis
6bfdf579c5 don't manage k8s config 
clean up ssh config hosts
remove cert authorities from ssh config
 2024-04-20 10:57:13 +02:00
Pim Kunis
e0825def24 instal lrefined-github firefox addon 
use stable none-ls
 2024-03-04 21:20:48 +01:00
Pim Kunis
60e417e003 add jellyfin client 2024-02-18 22:05:23 +01:00
Pim Kunis
1a11f3af42 add vorta 2024-02-12 22:42:00 +01:00
Pim Kunis
5dfe47a4a0 update flake inputs 
install insomnia
 2024-02-11 13:13:32 +01:00
Pim Kunis
351fc8384c use kagi for web search 2024-02-03 10:11:07 +01:00
Pim Kunis
260fd7d573 use lanzaboote 2024-01-29 21:05:48 +01:00
Pim Kunis
fed5e8010d add vmware horizon client 2024-01-28 14:31:45 +01:00
Pim Kunis
cad90372d4 replace wireguard endpoint domain name 2024-01-21 12:11:52 +01:00
Pim Kunis
9765e72a99 fix ipv6 for wireguard 
add myself to dialout group
 2024-01-20 16:51:25 +01:00
Pim Kunis
8251863999 update readme 2024-01-13 14:03:13 +01:00
Pim Kunis
adf2f1e7cb add additional wireguard interface without pihole 
install traceroute and units
 2024-01-13 14:00:17 +01:00
Pim Kunis
9e639175fd install wireshark and dbeaver 2023-12-31 16:18:12 +01:00
Pim Kunis
48e3ccc742 update flake inputs 2023-12-30 14:22:11 +01:00
Pim Kunis
f1f9432f3e don't manage syncthing config in nix 2023-12-29 12:38:33 +01:00
Pim Kunis
c2f9f4a83a allow volume above 100% 2023-12-29 11:02:34 +01:00
79 changed files with 1445 additions and 1034 deletions
Show stats Expand all files Collapse all files

1
.envrc
View file

@ -1 +0,0 @@
PATH_add .

2
.sops.yaml Normal file
View file

@ -0,0 +1,2 @@
creation_rules:
- age: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw

30
README.md
View file

@ -1,20 +1,26 @@
# nixos-laptop # nixos-laptop
NixOS configuration for my laptop. NixOS configuration for my personal laptop.
My configuration is simple: I have one personal laptop with one user.
Currently contains config for three systems:
- **sue**: My current laptop, a Dell XPS 9315
- **x260**: My previous laptop, a Lenovo Thinkpad x260 which is broken
- **x201**: A Lenovo Thinkpad x201 which I have as a backup system
## Features ## Features
- Nixpkgs 23.11 - Nixpkgs 24.05
- Flakes!
- [Nix User Repository (NUR)](https://github.com/nix-community/NUR) - [Nix User Repository (NUR)](https://github.com/nix-community/NUR)
- Currently only used for Firefox Plugins - Currently only used for Firefox Plugins
- [Home Manager](https://github.com/nix-community/home-manager) - [Home Manager](https://github.com/nix-community/home-manager)
- For managing my configuration for my user - For managing the configuration for my user
- [Agenix](https://github.com/ryantm/agenix) - [sops-nix](https://github.com/Mic92/sops-nix)
- To deploy global system secrets, like: - For secret management
- Wireguard private key and shared secret - [nixos-hardware](https://github.com/NixOS/nixos-hardware)
- [Homeage](https://github.com/jordanisaacs/homeage) - To add hardware-specific tweaks to NixOS for my laptop
- To deploy secrets in my home directory, like: - [stylix](https://stylix.danth.me/)
- SSH keys - Apply theming and styling to many programs
- Syncthing private key - [lanzaboote](https://github.com/nix-community/lanzaboote)
- Secure boot for NixOS
- [disko](https://github.com/nix-community/disko)
- Declarative disk partitioning and formatting; currently only used for my x201

279
configuration.nix Normal file
View file

@ -0,0 +1,279 @@
{ pkgs, config, lib, inputs, flake, system, ... }: {
imports = [
inputs.stylix.nixosModules.stylix
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
"${flake}/modules/nixos/lanzaboote.nix"
];
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
programs.ssh.startAgent = true;
services = {
gnome.gnome-keyring.enable = lib.mkForce false;
tailscale = {
enable = true;
useRoutingFeatures = "client";
};
xserver = {
enable = true;
displayManager.gdm = { enable = true; };
desktopManager.gnome.enable = true;
excludePackages = with pkgs; [ xterm ];
};
printing = {
enable = true;
drivers = [ pkgs.hplip pkgs.gutenprint ];
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
};
users = {
users.pim = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" "input" "wireshark" "dialout" ];
};
};
environment = {
# https://nix-community.github.io/home-manager/options.xhtml#opt-programs.zsh.enableCompletion
pathsToLink = [ "/share/zsh" ];
systemPackages = (with pkgs; [
age
borgbackup
btop
btrfs-progs
curl
dig
exfat
f3
fastfetch
file
git
gnome.gnome-shell-extensions
jq
kubectl
nmap
poppler_utils # For pdfunite
ripgrep
sbctl
silicon
sops
tree
units
vim
wget
yq
ncdu
lshw
]) ++ (with pkgs.gnomeExtensions; [
pop-shell
window-is-ready-remover
random-wallpaper
]);
gnome.excludePackages = (with pkgs; [
epiphany
gnome-connections
gnome-console
gnome-tour
]) ++ (with pkgs.gnome; [
geary
gnome-calendar
gnome-clocks
gnome-contacts
gnome-font-viewer
gnome-logs
gnome-maps
gnome-music
seahorse
totem
yelp
gnome-weather
]);
};
system = {
stateVersion = "23.05";
activationScripts.diff = ''
if [[ -e /run/current-system ]]; then
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
fi
'';
};
security = {
rtkit.enable = true;
sudo.extraConfig = ''
Defaults timestamp_timeout=30
'';
};
nix = {
package = pkgs.nixFlakes;
settings.trusted-users = [ "root" "pim" ];
extraOptions = ''
experimental-features = nix-command flakes
'';
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
networking = {
useDHCP = lib.mkDefault true;
networkmanager.unmanaged = [ "tailscale0" ];
wg-quick.interfaces = {
home = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = [ "10.225.191.4/24" ];
dns = [ "192.168.30.131" ];
autostart = false;
mtu = 1412;
peers = [{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" ];
}];
};
home-no-pihole = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = [ "10.225.191.4/24" ];
dns = [ "192.168.10.1" ];
autostart = false;
mtu = 1412;
peers = [{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" ];
}];
};
};
};
virtualisation.docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
nixpkgs = {
hostPlatform = lib.mkDefault "x86_64-linux";
config = {
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"vmware-horizon-client"
"libfprint-2-tod1-goodix"
"vmware-workstation"
"ipu6-camera-bins-unstable"
"ipu6-camera-bins"
"ivsc-firmware-unstable"
"ivsc-firmware"
];
};
overlays = [
inputs.nur.overlay
(final: _prev: {
unstable = import inputs.nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
})
];
};
boot = {
kernelModules = [ "kvm-intel" "cdrom" ];
extraModulePackages = [ ];
initrd = {
availableKernelModules = [ "sd_mod" ];
kernelModules = [ ];
};
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
};
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = false;
};
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png";
cursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 28;
};
fonts = {
monospace = {
package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; };
name = "JetBrainsMono Nerd Font Mono";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
};
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit flake inputs; };
users.pim.imports = [
./home.nix
];
};
sops = {
age.keyFile = "/home/pim/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets/secrets.yaml;
secrets = {
"wireguard/home/presharedKey" = { };
"wireguard/home/privateKey" = { };
};
};
}

555
flake.lock
View file

@ -1,49 +1,295 @@
{ {
"nodes": { "nodes": {
"agenix": { "base16": {
"inputs": { "inputs": {
"darwin": "darwin", "fromYaml": "fromYaml"
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1703433843, "lastModified": 1708890466,
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", "narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=",
"owner": "ryantm", "owner": "SenchoPens",
"repo": "agenix", "repo": "base16.nix",
"rev": "417caa847f9383e111d1397039c9d4337d024bf0", "rev": "665b3c6748534eb766c777298721cece9453fdae",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "ryantm", "owner": "SenchoPens",
"repo": "agenix", "repo": "base16.nix",
"type": "github" "type": "github"
} }
}, },
"darwin": { "base16-fish": {
"flake": false,
"locked": {
"lastModified": 1622559957,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"type": "github"
}
},
"base16-foot": {
"flake": false,
"locked": {
"lastModified": 1696725948,
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
"owner": "tinted-theming",
"repo": "base16-foot",
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-foot",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1696727917,
"narHash": "sha256-FVrbPk+NtMra0jtlC5oxyNchbm8FosmvXIatkRbYy1g=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "dbe1480d99fe80f08df7970e471fac24c05f2ddb",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-kitty": {
"flake": false,
"locked": {
"lastModified": 1665001328,
"narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
"owner": "kdrag0n",
"repo": "base16-kitty",
"rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
"type": "github"
},
"original": {
"owner": "kdrag0n",
"repo": "base16-kitty",
"type": "github"
}
},
"base16-tmux": {
"flake": false,
"locked": {
"lastModified": 1696725902,
"narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
"owner": "tinted-theming",
"repo": "base16-tmux",
"rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-tmux",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1663659192,
"narHash": "sha256-uJvaYYDMXvoo0fhBZUhN8WBXeJ87SRgof6GEK2efFT0=",
"owner": "chriskempson",
"repo": "base16-vim",
"rev": "3be3cd82cd31acfcab9a41bad853d9c68d30478d",
"type": "github"
},
"original": {
"owner": "chriskempson",
"repo": "base16-vim",
"type": "github"
}
},
"crane": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"rust-overlay": [
"lanzaboote",
"rust-overlay"
]
},
"locked": {
"lastModified": 1681177078,
"narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "0c9f468ff00576577d83f5019a66c557ede5acf6",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"agenix",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1700795494, "lastModified": 1726730453,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "narHash": "sha256-Kdi7liMdbr1/uyMhMDl19O5b9LESxcnYgBRZblrJi9E=",
"owner": "lnl7", "owner": "nix-community",
"repo": "nix-darwin", "repo": "disko",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "rev": "a31fe5ef162f2f963308289e6e27d37e3948a983",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "lnl7", "owner": "nix-community",
"ref": "master", "repo": "disko",
"repo": "nix-darwin", "type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1680392223,
"narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1689549921,
"narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1713702291,
"narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "46.1",
"repo": "gnome-shell",
"type": "github" "type": "github"
} }
}, },
@ -54,47 +300,91 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703367386, "lastModified": 1726592409,
"narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=", "narHash": "sha256-2Y6CDvD/BD43WLS77PHu6dUHbdUfFhuzkY8oJAecD/U=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224", "rev": "2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-23.11", "ref": "release-24.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"homeage": { "home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"stylix",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1669234151, "lastModified": 1714981474,
"narHash": "sha256-TwT87E3m2TZLgwYJESlype14HxUOrRGojPM5C2akrMg=", "narHash": "sha256-b3/U21CJjCjJKmA9WqUbZGZgCvospO3ArOUTgJugkOY=",
"owner": "jordanisaacs", "owner": "nix-community",
"repo": "homeage", "repo": "home-manager",
"rev": "02bfe4ca06962d222e522fff0240c93946b20278", "rev": "6ebe7be2e67be7b9b54d61ce5704f6fb466c536f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "jordanisaacs", "owner": "nix-community",
"repo": "homeage", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1682802423,
"narHash": "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "64b903ca87d18cef2752c19c098af275c6e51d63",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.3.0",
"repo": "lanzaboote",
"type": "github"
}
},
"nixos-artwork": {
"flake": false,
"locked": {
"lastModified": 1719676066,
"narHash": "sha256-78FyNyGtDZogJUWcCT6A/T2MK87nGN/muC7ANH1b1V8=",
"ref": "refs/heads/master",
"rev": "de03e887f03037e7e781a678b57fdae603c9ca20",
"revCount": 208,
"type": "git",
"url": "https://github.com/NixOS/nixos-artwork.git"
},
"original": {
"type": "git",
"url": "https://github.com/NixOS/nixos-artwork.git"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1702453208, "lastModified": 1726724509,
"narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=", "narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6", "rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -106,27 +396,75 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1703200384, "lastModified": 1726447378,
"narHash": "sha256-q5j06XOsy0qHOarsYPfZYJPWbTbc8sryRxianlEPJN0=", "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0b3d618173114c64ab666f557504d6982665d328", "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-23.11", "ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1678872516,
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1725762081,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1703134684, "lastModified": 1726583932,
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", "narHash": "sha256-zACxiQx8knB3F8+Ze+1BpiYrI+CbhxyWpcSID9kVhkQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d6863cbcbbb80e71cecfc03356db1cda38919523", "rev": "658e7223191d2598641d50ee4e898126768fe847",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1714912032,
"narHash": "sha256-clkcOIkg8G4xuJh+1onLG4HPMpbtzdLv4rHxFzgsH9c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ee4a6e0f566fe5ec79968c57a9c2c3c25f2cf41d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -138,11 +476,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1703528695, "lastModified": 1726764615,
"narHash": "sha256-vHC5auhnV5JZLaERNpYu0A2+zX0eiwzsT0iIuT40Dmo=", "narHash": "sha256-8cVUZZd9Z/bT0JIQy/hOPta2nhZjT2b6xW7xZhFMh1M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "747c0cbbecc987e67f49680b6753cc0e8ab355c5", "rev": "4cec60b7d77b33f845c35fcd222376c0ea866a77",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -151,15 +489,124 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1681413034,
"narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "disko": "disko",
"home-manager": "home-manager", "home-manager": "home-manager",
"homeage": "homeage", "lanzaboote": "lanzaboote",
"nixos-artwork": "nixos-artwork",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur" "nur": "nur",
"sops-nix": "sops-nix",
"stylix": "stylix"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682129965,
"narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "2c417c0460b788328220120c698630947547ee83",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1726524647,
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-foot": "base16-foot",
"base16-helix": "base16-helix",
"base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_2",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1718122552,
"narHash": "sha256-A+dBkSwp8ssHKV/WyXb9uqIYrHBqHvtSedU24Lq9lqw=",
"owner": "danth",
"repo": "stylix",
"rev": "e59d2c1725b237c362e4a62f5722f5b268d566c7",
"type": "github"
},
"original": {
"owner": "danth",
"ref": "release-24.05",
"repo": "stylix",
"type": "github"
} }
}, },
"systems": { "systems": {

203
flake.nix
View file

@ -2,63 +2,174 @@
description = "My NixOS configuration"; description = "My NixOS configuration";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
home-manager = {
url = "github:nix-community/home-manager?ref=release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
homeage = {
url = "github:jordanisaacs/homeage";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
stylix.url = "github:danth/stylix/release-24.05";
home-manager = {
url = "github:nix-community/home-manager?ref=release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.3.0";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-artwork = {
type = "git";
url = "https://github.com/NixOS/nixos-artwork.git";
flake = false;
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = outputs =
{ nixpkgs { self
, nixpkgs-unstable , nixpkgs
, home-manager
, homeage
, agenix
, nur
, nixos-hardware
, ... , ...
}: { }@inputs:
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt; let
mkNixosSystem = extraModule: nixpkgs.lib.nixosSystem rec {
nixosConfigurations.pim = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {
inherit inputs system;
flake = self;
};
modules = [ modules = [
{ ./configuration.nix
nixpkgs.overlays = [ extraModule
nur.overlay
(final: _prev: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
})
]; ];
}
./nixos
agenix.nixosModules.default
nixos-hardware.nixosModules.lenovo-thinkpad-x260
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.pim = {
imports = [ ./home-manager homeage.homeManagerModules.homeage ];
}; };
} in
]; {
nixosConfigurations = {
x260 = mkNixosSystem ({ pkgs, lib, ... }: {
imports = [ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x260 ];
config = {
pim.lanzaboote.enable = true;
networking.hostName = "x260";
fprintd = {
enable = true;
tod = {
enable = true;
driver = pkgs.libfprint-2-tod1-vfs0090;
};
};
swapDevices = [{ device = "/dev/disk/by-uuid/6028bf52-404d-4143-9cb0-9b06cd60a373"; }];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
};
});
x201 = mkNixosSystem ({ pkgs, lib, ... }: {
imports = [ inputs.disko.nixosModules.disko ];
config = {
networking.hostName = "x201";
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" ];
disko.devices = {
disk = {
sda = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
priority = 1; # Needs to be first partition
};
pv_os = {
size = "100%";
content = {
type = "lvm_pv";
vg = "vg_os";
};
};
};
};
};
};
lvm_vg.vg_os = {
type = "lvm_vg";
lvs = {
swap = {
size = "3GB";
content.type = "swap";
};
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "defaults" ];
};
};
};
};
};
};
});
sue = mkNixosSystem ({ ... }: {
imports = [ inputs.nixos-hardware.nixosModules.dell-xps-13-9310 ];
config = {
pim.lanzaboote.enable = true;
networking.hostName = "xps-9315";
swapDevices = [{ device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b"; }];
fileSystems = {
"/" =
{
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" =
{
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" ];
hardware.ipu6 = {
enable = true;
platform = "ipu6ep";
};
};
});
}; };
}; };
} }

20
home-manager/bash/default.nix
View file

@ -1,20 +0,0 @@
{
config = {
programs.bash = {
enable = true;
shellAliases = {
htop = "btop";
gp = "git push";
gco = "git checkout";
gd = "git diff";
gc = "git commit";
gpl = "git pull";
gb = "git branch";
ga = "git add";
gl = "git log";
gs = "git status";
tf = "tofu";
};
};
};
}

8
home-manager/bat/default.nix
View file

@ -1,8 +0,0 @@
{
config = {
programs.bat = {
enable = true;
config.theme = "gruvbox-dark";
};
};
}

135
home-manager/default.nix
View file

@ -1,135 +0,0 @@
{ pkgs, lib, config, ... }: {
imports = [
./bash
./neovim
./firefox
./ssh
./syncthing
./keepassxc
./git
./direnv
./thunderbird
./fzf
./bat
];
home = {
username = "pim";
homeDirectory = "/home/pim";
stateVersion = "23.05";
packages = with pkgs; [
moonlight-qt
vlc
nicotine-plus
logseq
signal-desktop
telegram-desktop
strawberry
gimp
libreoffice
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
virt-manager
gnome.gnome-tweaks
impression
poppler_utils # For pdfunite
silicon
];
file.k3s-pim-privkey = {
target = ".kube/config";
source = ./kubeconfig.yml;
};
};
programs = {
home-manager.enable = true;
chromium.enable = true;
terminator = {
enable = true;
config = {
profiles.default = {
# Gruvbox theme: https://github.com/egel/terminator-gruvbox
background_color = "#282828";
cursor_color = "#7c6f64";
foreground_color = "#ebdbb2";
palette =
"#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2";
};
keybindings = {
zoom_in = "<Ctrl>plus";
zoom_out = "<Ctrl>minus";
new_tab = "<Ctrl><Shift>T";
cycle_next = "<Ctrl>Tab";
cycle_prev = "<Ctrl><Shift>Tab";
split_horiz = "<Alt>C";
split_vert = "<Alt>V";
go_left = "<Alt>H";
go_right = "<Alt>L";
go_up = "<Alt>K";
go_down = "<Alt>J";
copy = "<Ctrl><Shift>C";
paste = "<Ctrl><Shift>V";
layout_launcher = ""; # Default <Alt>L
};
};
};
};
# Let home-manager manage the X session
xsession = { enable = true; };
xdg = {
userDirs.enable = true;
configFile."home/postgresql_server.crt".source = ./postgresql_server.crt;
configFile."home/postgresql_client.crt".source = ./postgresql_client.crt;
};
homeage = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
installationType = "systemd";
file."common-pg-tfbackend" = {
source = ../secrets/common-pg-tfbackend.age;
symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ];
};
file."ansible-vault-secret" = {
source = ../secrets/ansible-vault-secret.age;
symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
};
file."powerdns-api-key" = {
source = ../secrets/powerdns-api-key.json.age;
symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
};
file."postgresql_client.key" = {
source = ../secrets/postgresql_client.key.age;
symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ];
};
file."k3s-pim-privkey" = {
source = ../secrets/k3s-pim-privkey.age;
symlinks = [ "${config.home.homeDirectory}/.kube/k3s-pim-privkey" ];
};
};
fonts.fontconfig.enable = true;
dconf.settings = with lib.hm.gvariant; {
"org/gnome/desktop/input-sources" = {
sources = [ (mkTuple [ "xkb" "us" ]) ];
xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
};
"org/gnome/desktop/interface" = {
monospace-font-name = "Hack Nerd Font Mono 10";
};
};
}

9
home-manager/direnv/default.nix
View file

@ -1,9 +0,0 @@
{
config = {
programs.direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
};
}

28
home-manager/firefox/addons.nix
View file

@ -1,28 +0,0 @@
pkgs: lib:
let
rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
custom-addons = import ./custom-addons.nix pkgs lib;
in {
default = lib.concatLists [
(with rycee-addons; [
ublock-origin
clearurls
cookie-autodelete
istilldontcareaboutcookies
keepassxc-browser
redirector
ublacklist
umatrix
violentmonkey
boring-rss
# rycee.bypass-paywalls-clean
])
(with custom-addons; [ http-version-indicator indicatetls sixindicator ])
];
sue = with rycee-addons; [
ublock-origin
istilldontcareaboutcookies
keepassxc-browser
custom-addons.simple-style-fox-2
];
}

72
home-manager/firefox/default.nix
View file

@ -1,72 +0,0 @@
{ pkgs, lib, ... }:
let
firefoxAddons = import ./addons.nix pkgs lib;
firefoxSettings = {
"browser.aboutConfig.showWarning" = false;
"browser.toolbars.bookmarks.visibility" = "always";
"browser.tabs.firefox-view" = false;
"browser.shell.checkDefaultBrowser" = false;
"browser.translations.automaticallyPopup" = false;
"signon.rememberSignons" = false;
"media.webspeech.synth.dont_notify_on_error" = true;
"browser.gesture.swipe.left" = false;
"browser.gesture.swipe.right" = false;
};
in {
config = {
programs.firefox = {
enable = true;
profiles = {
default = {
id = 0;
isDefault = true;
settings = firefoxSettings;
extensions = firefoxAddons.default;
};
sue = {
id = 1;
settings = firefoxSettings;
extensions = firefoxAddons.sue;
};
};
};
xdg.desktopEntries.firefox-sue = {
categories = [ "Network" "WebBrowser" ];
exec = "firefox -P sue --name firefox %U";
genericName = "Web Browser";
icon = "firefox";
mimeType = [
"text/html"
"text/xml"
"application/xhtml+xml"
"application/vnd.mozilla.xul+xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
];
name = "Firefox | Sue";
startupNotify = true;
terminal = false;
type = "Application";
};
xdg.desktopEntries.firefox = lib.mkForce {
categories = [ "Network" "WebBrowser" ];
exec = "firefox --new-window --name firefox %U";
genericName = "Web Browser";
icon = "firefox";
mimeType = [
"text/html"
"text/xml"
"application/xhtml+xml"
"application/vnd.mozilla.xul+xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
];
name = "Firefox";
startupNotify = true;
terminal = false;
type = "Application";
};
};
}

8
home-manager/fzf/default.nix
View file

@ -1,8 +0,0 @@
{
config = {
programs.fzf = {
enable = true;
enableBashIntegration = true;
};
};
}

18
home-manager/git/default.nix
View file

@ -1,18 +0,0 @@
{
config = {
programs.git = {
enable = true;
userName = "Pim Kunis";
userEmail = "pim@kunis.nl";
extraConfig = {
push.autoSetupRemote = true;
commit.verbose = true;
pull.rebase = true;
};
includes = [{
path = "~/git/suecode/.gitconfig";
condition = "gitdir:~/git/suecode/**";
}];
};
};
}

9
home-manager/keepassxc/default.nix
View file

@ -1,9 +0,0 @@
{ pkgs, config, ... }: {
config = {
home.packages = [ pkgs.keepassxc ];
homeage.file."keepassxc.ini" = {
source = ../../secrets/keepassxc.ini.age;
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
};
};
}

19
home-manager/kubeconfig.yml
View file

@ -1,19 +0,0 @@
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTURJMU56UXlOVGt3SGhjTk1qTXhNakUwTVRjeE56TTVXaGNOTXpNeE1qRXhNVGN4TnpNNQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTURJMU56UXlOVGt3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUMzdYdlBzUG9DeTk3Nm1zWm9qTHBlUklieVB5NWFPV0NJWXpyZVpUcVYKUlo4cDVyME1RdVViV0crNTJqQ1ZjNCtrZGN3WVkwRXRDaUpkZ21LSU5RcTRvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWx1ZGcvZWd0bUMvWkNiaTZMRkNnClhIaXFtL2t3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUlTbHJ2TmVTc3RtVlFLVWp2STF3UlZPb0RMWEJjWDEKelpZOURUNW9WM214QWlBT2JKRThOaldOSUdSZE1FcWpXZXhUd1M5RUlGbGs2eUEwOXNjS0FmRUNXUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://jefke.hyp:6443
name: default
contexts:
- context:
cluster: default
user: pim
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: pim
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJWVENCL0tBREFnRUNBaEFWemhyQ3QwZzFQMWJXZW1IUGx2SUZNQW9HQ0NxR1NNNDlCQU1DTUNNeElUQWYKQmdOVkJBTU1HR3N6Y3kxamJHbGxiblF0WTJGQU1UY3dNalUzTkRJMU9UQWVGdzB5TXpFeU1UUXhPVEl3TURCYQpGdzB5TkRFeU1UTXhPVEl3TURCYU1BNHhEREFLQmdOVkJBTVRBM0JwYlRBcU1BVUdBeXRsY0FNaEFDYWxxaUdFCjdvcVo0SFNvLy95RGhqZXJrVVA5WWg4QXdFbHFnMXI4NGpvbG8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXcKRXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTZQpkenA2TzVhajU4NGtML2FJM0pvTHhkOUtQakFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUF3eDJISGNOcVd4bkhyCmkvRVg2SmJRVlRZYThmTzhpYTdMOXRYWS84OXlQQUloQVBSanlmMU0waWtCZU95VUVUODVLS1dNaDFhbWRNZVUKSUFBZTM2WDVUSVRDCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key: k3s-pim-privkey

17
home-manager/postgresql_client.crt
View file

@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICrzCCAZcCFApupXAa2tPytpi3av47+az0Ggb4MA0GCSqGSIb3DQEBCwUAMBQx
EjAQBgNVBAMMCWplZmtlLmh5cDAeFw0yMzExMjQyMjAzMjhaFw0yNDExMjMyMjAz
MjhaMBQxEjAQBgNVBAMMCXRlcnJhZm9ybTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALeJ/fYUCmwislUw4XcCxivCUuWuUWI+t/nke9/hWEWTmDG4Z7/a
IAKqsGk0zNATQViAXmYZwdYK70AKQhxat3OJcuZarsurOXVjVJdT4Wr5SxHGHjd0
bwd8JzFZPIfgYCILCISFjCIfpD58kBq2bkvI4rpn4tb2iPunXp0+S8iHDMB5wAOb
FgT0muuz9ua4R76nq79O9wLbAVf38CDR9bMGcPcKknz0sl37jr7A/pDvQzpFWO33
eJb64b7Qe4CHslWFj1tdEkXaMpMNWHhc2TmtLtlt6a+RY1R9KdX5x0lQTyJnEwJZ
8YTKnlMoNvkfBznuARFmNNmUYPoHE6WgonMCAwEAATANBgkqhkiG9w0BAQsFAAOC
AQEAaH1HVPThhAkrXE4Zmh49D1zvq5uy6moV326/ovnPQfco2jYBYO5mYxBF32mx
ShEanbJJKkFjWkQHmsWt7nrkeloz6q8sD19nLyyWmMj0Pd6wcLv017Zdo902fh27
Rl8qZS44vEc+N/5gc2eINMfXm/JOdXYntOVpFO/I+6b9Q2iWFX3YUAXiIDiEYBvS
BBqyXC2nVg6Lp1KVg+EaYW27sj8b5HHXnpEGdXduVmOWttdaQVjYslqmH7mUKi9f
2U9FicMvw6KvkRki+SLKeZr2yIP1QQOnWg0BPbeCpMfdMSu/AtLkAtugZeT8p1Ko
3hMMyKKzyyhiwpzvk21QFNZ5LA==
-----END CERTIFICATE-----

67
home-manager/postgresql_server.crt
View file

@ -1,67 +0,0 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
ef:2f:4d:d4:26:7e:33:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=jefke.hyp
Validity
Not Before: Nov 22 19:12:03 2023 GMT
Not After : Oct 29 19:12:03 2123 GMT
Subject: CN=jefke.hyp
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:ab:eb:9c:d0:7f:4f:f1:ba:65:0a:8b:07:7b:
2e:5b:f0:26:82:33:c9:73:e6:91:cc:11:94:05:1c:
8d:67:29:cb:5e:67:35:02:80:54:af:99:4b:aa:ce:
e8:56:62:be:63:cb:b2:4a:b0:a9:28:12:e2:77:50:
7d:d5:d2:3b:48:d8:32:59:25:26:ff:a6:5c:f6:eb:
ae:5b:3d:7a:14:10:ba:90:9c:6f:1f:b9:d8:99:0e:
b7:09:5e:62:69:c4:c0:c6:27:b0:d3:60:0d:47:4c:
a5:11:53:f2:f1:4a:f9:a6:bc:d6:a3:35:a2:e8:e5:
a9:d1:60:e8:e5:18:ce:d2:60:80:4e:dc:48:ae:7f:
b7:ea:76:51:28:39:a4:b0:95:82:95:93:98:b2:9f:
23:c9:81:69:59:a3:e4:f7:5a:1c:01:31:96:c1:4b:
59:21:f8:a2:e6:9e:21:78:0e:6b:c1:68:c7:5c:16:
9a:06:54:df:b6:77:1d:2d:89:d0:c8:9e:db:b5:d4:
8c:fb:b9:4f:b7:6e:39:5f:39:8e:48:73:76:7d:46:
6e:1f:8d:14:cb:40:b5:ff:c6:f0:c0:44:3c:ed:52:
3f:4f:7b:69:63:93:c6:41:e6:5e:ed:33:50:20:46:
db:93:bf:e8:52:51:95:f1:81:73:58:da:67:21:7b:
12:bd
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
aa:5c:89:41:a6:b7:3d:65:87:ca:50:c4:f3:58:aa:d3:b4:55:
b1:a7:8d:18:26:17:e5:8a:21:24:a1:49:53:77:31:5b:55:63:
be:01:d8:fe:b7:06:7c:da:07:1f:94:6a:de:96:ad:ca:3b:20:
2a:e1:35:90:19:83:6d:37:d1:15:12:de:3c:0e:46:be:66:a1:
6a:1d:ec:72:dc:46:79:69:e4:af:77:c8:ff:cd:d6:7d:16:88:
ab:44:fd:70:fc:40:47:ff:43:95:11:5a:9a:56:0c:d2:dd:7c:
3b:87:aa:10:26:fa:25:a3:a0:43:8a:1b:ec:54:11:7e:65:67:
d2:06:e1:3e:3b:e1:0e:b0:80:ef:4b:35:3f:fc:34:1d:95:2e:
ee:c1:67:38:da:b3:74:86:4b:95:8c:0c:1d:51:28:c1:42:e9:
77:68:d7:ec:3b:66:30:c6:e5:2a:62:ea:15:fb:24:56:cf:02:
d0:25:54:a7:58:15:b5:2a:71:93:56:c0:69:7a:36:18:6c:31:
b1:8e:3c:77:d7:77:ac:fc:e1:94:c5:08:bb:35:ac:48:5f:6b:
8b:c8:c8:78:f4:a9:ca:4f:9d:51:54:89:97:c9:af:a1:fa:71:
df:58:f6:ff:04:7c:c8:1c:95:6b:1a:e3:a7:f6:43:1c:27:94:
10:03:ce:ec
-----BEGIN CERTIFICATE-----
MIICpjCCAY4CCQDvL03UJn4zGzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlq
ZWZrZS5oeXAwIBcNMjMxMTIyMTkxMjAzWhgPMjEyMzEwMjkxOTEyMDNaMBQxEjAQ
BgNVBAMMCWplZmtlLmh5cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMer65zQf0/xumUKiwd7LlvwJoIzyXPmkcwRlAUcjWcpy15nNQKAVK+ZS6rO6FZi
vmPLskqwqSgS4ndQfdXSO0jYMlklJv+mXPbrrls9ehQQupCcbx+52JkOtwleYmnE
wMYnsNNgDUdMpRFT8vFK+aa81qM1oujlqdFg6OUYztJggE7cSK5/t+p2USg5pLCV
gpWTmLKfI8mBaVmj5PdaHAExlsFLWSH4ouaeIXgOa8Fox1wWmgZU37Z3HS2J0Mie
27XUjPu5T7duOV85jkhzdn1Gbh+NFMtAtf/G8MBEPO1SP097aWOTxkHmXu0zUCBG
25O/6FJRlfGBc1jaZyF7Er0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqlyJQaa3
PWWHylDE81iq07RVsaeNGCYX5YohJKFJU3cxW1VjvgHY/rcGfNoHH5Rq3patyjsg
KuE1kBmDbTfRFRLePA5Gvmahah3sctxGeWnkr3fI/83WfRaIq0T9cPxAR/9DlRFa
mlYM0t18O4eqECb6JaOgQ4ob7FQRfmVn0gbhPjvhDrCA70s1P/w0HZUu7sFnONqz
dIZLlYwMHVEowULpd2jX7DtmMMblKmLqFfskVs8C0CVUp1gVtSpxk1bAaXo2GGwx
sY48d9d3rPzhlMUIuzWsSF9ri8jIePSpyk+dUVSJl8mvofpx31j2/wR8yByVaxrj
p/ZDHCeUEAPO7A==
-----END CERTIFICATE-----

35
home-manager/ssh/default.nix
View file

@ -1,35 +0,0 @@
{ config, lib, ... }: {
config = {
programs.ssh = {
enable = true;
extraConfig = "User root";
matchBlocks = {
github = lib.hm.dag.entryBefore [ "*" ] {
hostname = "github.com";
user = "pizzapim";
identitiesOnly = true;
};
lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.hyp"; };
atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.hyp"; };
jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.hyp"; };
hermes = lib.hm.dag.entryBefore [ "*" ] { hostname = "hermes.dmz"; };
maestro = lib.hm.dag.entryBefore [ "*" ] { hostname = "maestro.dmz"; };
bancomart =
lib.hm.dag.entryBefore [ "*" ] { hostname = "bancomart.dmz"; };
handjecontantje =
lib.hm.dag.entryBefore [ "*" ] { hostname = "handjecontantje.dmz"; };
};
};
homeage.file."sue_ed25519" = {
source = ../../secrets/sue_ed25519.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
};
homeage.file."sue_azure_rsa" = {
source = ../../secrets/sue_azure_rsa.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
};
};
}

17
home-manager/syncthing/default.nix
View file

@ -1,17 +0,0 @@
{ config, ... }: {
config = {
services.syncthing.enable = true;
xdg.configFile."syncthing/config.xml".source = ./syncthing.xml;
xdg.userDirs.music = "${config.home.homeDirectory}/sync/Music";
homeage.file."syncthing-key.pem" = {
source = ../../secrets/syncthing-key.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
};
homeage.file."syncthing-cert.pem" = {
source = ../../secrets/syncthing-cert.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
};
};
}

175
home-manager/syncthing/syncthing.xml
View file

@ -1,175 +0,0 @@
<configuration version="37">
<folder id="nncij-isaoe" label="Nextcloud" path="/home/pim/sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
<filesystemType>basic</filesystemType>
<device id="IGS4TYV-TQ6X2CG-OE3M2RE-DKZWKQZ-HEKIGHT-C6EIGHL-CBP2ULE-M3WZ7QC" introducedBy="">
<encryptionPassword></encryptionPassword>
</device>
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" introducedBy="">
<encryptionPassword></encryptionPassword>
</device>
<minDiskFree unit="%">1</minDiskFree>
<versioning>
<cleanupIntervalS>3600</cleanupIntervalS>
<fsPath></fsPath>
<fsType>basic</fsType>
</versioning>
<copiers>0</copiers>
<pullerMaxPendingKiB>0</pullerMaxPendingKiB>
<hashers>0</hashers>
<order>random</order>
<ignoreDelete>false</ignoreDelete>
<scanProgressIntervalS>0</scanProgressIntervalS>
<pullerPauseS>0</pullerPauseS>
<maxConflicts>10</maxConflicts>
<disableSparseFiles>false</disableSparseFiles>
<disableTempIndexes>false</disableTempIndexes>
<paused>false</paused>
<weakHashThresholdPct>25</weakHashThresholdPct>
<markerName>.stfolder</markerName>
<copyOwnershipFromParent>false</copyOwnershipFromParent>
<modTimeWindowS>0</modTimeWindowS>
<maxConcurrentWrites>2</maxConcurrentWrites>
<disableFsync>false</disableFsync>
<blockPullOrder>standard</blockPullOrder>
<copyRangeMethod>standard</copyRangeMethod>
<caseSensitiveFS>false</caseSensitiveFS>
<junctionsAsDirs>false</junctionsAsDirs>
<syncOwnership>false</syncOwnership>
<sendOwnership>false</sendOwnership>
<syncXattrs>false</syncXattrs>
<sendXattrs>false</sendXattrs>
<xattrFilter>
<maxSingleEntrySize>1024</maxSingleEntrySize>
<maxTotalSize>4096</maxTotalSize>
</xattrFilter>
</folder>
<device id="IGS4TYV-TQ6X2CG-OE3M2RE-DKZWKQZ-HEKIGHT-C6EIGHL-CBP2ULE-M3WZ7QC" name="Home" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
<address>dynamic</address>
<paused>false</paused>
<autoAcceptFolders>false</autoAcceptFolders>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<maxRequestKiB>0</maxRequestKiB>
<untrusted>false</untrusted>
<remoteGUIPort>0</remoteGUIPort>
</device>
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" name="x260" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
<address>dynamic</address>
<paused>false</paused>
<autoAcceptFolders>false</autoAcceptFolders>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<maxRequestKiB>0</maxRequestKiB>
<untrusted>false</untrusted>
<remoteGUIPort>0</remoteGUIPort>
</device>
<gui enabled="true" tls="false" debugging="false">
<address>127.0.0.1:8384</address>
<apikey></apikey>
<theme>default</theme>
</gui>
<ldap></ldap>
<options>
<listenAddress>default</listenAddress>
<globalAnnounceServer>default</globalAnnounceServer>
<globalAnnounceEnabled>true</globalAnnounceEnabled>
<localAnnounceEnabled>true</localAnnounceEnabled>
<localAnnouncePort>21027</localAnnouncePort>
<localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<reconnectionIntervalS>60</reconnectionIntervalS>
<relaysEnabled>true</relaysEnabled>
<relayReconnectIntervalM>10</relayReconnectIntervalM>
<startBrowser>true</startBrowser>
<natEnabled>true</natEnabled>
<natLeaseMinutes>60</natLeaseMinutes>
<natRenewalMinutes>30</natRenewalMinutes>
<natTimeoutSeconds>10</natTimeoutSeconds>
<urAccepted>-1</urAccepted>
<urSeen>3</urSeen>
<urUniqueID></urUniqueID>
<urURL>https://data.syncthing.net/newdata</urURL>
<urPostInsecurely>false</urPostInsecurely>
<urInitialDelayS>1800</urInitialDelayS>
<autoUpgradeIntervalH>12</autoUpgradeIntervalH>
<upgradeToPreReleases>false</upgradeToPreReleases>
<keepTemporariesH>24</keepTemporariesH>
<cacheIgnoredFiles>false</cacheIgnoredFiles>
<progressUpdateIntervalS>5</progressUpdateIntervalS>
<limitBandwidthInLan>false</limitBandwidthInLan>
<minHomeDiskFree unit="%">1</minHomeDiskFree>
<releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
<overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
<tempIndexMinBlocks>10</tempIndexMinBlocks>
<trafficClass>0</trafficClass>
<setLowPriority>true</setLowPriority>
<maxFolderConcurrency>0</maxFolderConcurrency>
<crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
<crashReportingEnabled>true</crashReportingEnabled>
<stunKeepaliveStartS>180</stunKeepaliveStartS>
<stunKeepaliveMinS>20</stunKeepaliveMinS>
<stunServer>default</stunServer>
<databaseTuning>auto</databaseTuning>
<maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
<announceLANAddresses>true</announceLANAddresses>
<sendFullIndexOnUpgrade>false</sendFullIndexOnUpgrade>
<connectionLimitEnough>0</connectionLimitEnough>
<connectionLimitMax>0</connectionLimitMax>
<insecureAllowOldTLSVersions>false</insecureAllowOldTLSVersions>
</options>
<defaults>
<folder id="" label="" path="~" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
<filesystemType>basic</filesystemType>
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" introducedBy="">
<encryptionPassword></encryptionPassword>
</device>
<minDiskFree unit="%">1</minDiskFree>
<versioning>
<cleanupIntervalS>3600</cleanupIntervalS>
<fsPath></fsPath>
<fsType>basic</fsType>
</versioning>
<copiers>0</copiers>
<pullerMaxPendingKiB>0</pullerMaxPendingKiB>
<hashers>0</hashers>
<order>random</order>
<ignoreDelete>false</ignoreDelete>
<scanProgressIntervalS>0</scanProgressIntervalS>
<pullerPauseS>0</pullerPauseS>
<maxConflicts>10</maxConflicts>
<disableSparseFiles>false</disableSparseFiles>
<disableTempIndexes>false</disableTempIndexes>
<paused>false</paused>
<weakHashThresholdPct>25</weakHashThresholdPct>
<markerName>.stfolder</markerName>
<copyOwnershipFromParent>false</copyOwnershipFromParent>
<modTimeWindowS>0</modTimeWindowS>
<maxConcurrentWrites>2</maxConcurrentWrites>
<disableFsync>false</disableFsync>
<blockPullOrder>standard</blockPullOrder>
<copyRangeMethod>standard</copyRangeMethod>
<caseSensitiveFS>false</caseSensitiveFS>
<junctionsAsDirs>false</junctionsAsDirs>
<syncOwnership>false</syncOwnership>
<sendOwnership>false</sendOwnership>
<syncXattrs>false</syncXattrs>
<sendXattrs>false</sendXattrs>
<xattrFilter>
<maxSingleEntrySize>1024</maxSingleEntrySize>
<maxTotalSize>4096</maxTotalSize>
</xattrFilter>
</folder>
<device id="" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
<address>dynamic</address>
<paused>false</paused>
<autoAcceptFolders>false</autoAcceptFolders>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<maxRequestKiB>0</maxRequestKiB>
<untrusted>false</untrusted>
<remoteGUIPort>0</remoteGUIPort>
</device>
<ignores></ignores>
</defaults>
</configuration>

8
home-manager/thunderbird/default.nix
View file

@ -1,8 +0,0 @@
{
config = {
programs.thunderbird = {
enable = true;
profiles.default = { isDefault = true; };
};
};
}

357
home.nix Normal file
View file

@ -0,0 +1,357 @@
{ pkgs, lib, config, flake, inputs, ... }: {
imports = [
./modules/home-manager/neovim
./modules/home-manager/firefox
inputs.sops-nix.homeManagerModules.sops
];
xsession.enable = true;
services.syncthing.enable = true;
xdg = {
userDirs.enable = true;
mimeApps = {
enable = true;
defaultApplications =
let
applications = {
telegram = {
mimeApp = "org.telegram.desktop.desktop";
mimeTypes = [ "x-scheme-handler/tg" ];
};
librewolf = {
mimeApp = "librewolf.desktop";
mimeTypes = [
"x-scheme-handler/http"
"text/html"
"application/xhtml+xml"
"x-scheme-handler/https"
"application/pdf"
];
};
gnomeTextEditor = {
mimeApp = "org.gnome.TextEditor.desktop";
mimeTypes = [ "text/plain" ];
};
thunderbird = {
mimeApp = "thunderbird.desktop";
mimeTypes = [ "x-scheme-handler/mailto" ];
};
loupe = {
mimeApp = "org.gnome.Loupe.desktop";
mimeTypes = [
"image/jpeg"
"image/png"
"image/gif"
"image/webp"
"image/tiff"
"image/x-tga"
"image/vnd-ms.dds"
"image/x-dds"
"image/bmp"
"image/vnd.microsoft.icon"
"image/vnd.radiance"
"image/x-exr"
"image/x-portable-bitmap"
"image/x-portable-graymap"
"image/x-portable-pixmap"
"image/x-portable-anymap"
"image/x-qoi"
"image/svg+xml"
"image/svg+xml-compressed"
"image/avif"
"image/heic"
"image/jxl"
];
};
};
mimeTypesForApp = { mimeApp, mimeTypes }: map
(
mimeType: { "${mimeType}" = mimeApp; }
)
mimeTypes;
in
lib.zipAttrs (lib.flatten (map mimeTypesForApp (builtins.attrValues applications)));
};
};
home = {
username = "pim";
homeDirectory = "/home/pim";
stateVersion = "23.05";
packages = (with pkgs; [
gnome.gnome-tweaks
jellyfin-media-player
virt-manager
]) ++ (with pkgs.unstable; [
attic-client
dbeaver-bin
devenv
bottles-unwrapped
gimp
hexchat
impression
insomnia
keepassxc
krita
libreoffice
# logseq # Has insecure electron dependency
moonlight-qt
nicotine-plus
qFlipper
signal-desktop
strawberry
telegram-desktop
vlc
vorta
wireshark
# nheko # Has insecure olm dependency
handbrake
feishin
]);
};
programs = {
home-manager.enable = true;
chromium.enable = true;
bat.enable = true;
fzf = {
enable = true;
enableZshIntegration = true;
};
alacritty = {
enable = true;
settings.shell = {
program = lib.getExe config.programs.tmux.package;
args = [ "attach" ];
};
};
thunderbird = {
enable = true;
profiles.default.isDefault = true;
};
direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
atuin = {
enable = true;
flags = [ "--disable-up-arrow" ];
settings = {
auto_sync = true;
sync_frequency = "5m";
sync_address = "https://atuin.kun.is";
};
};
zsh = {
enable = true;
autocd = true;
autosuggestion.enable = true;
prezto = {
enable = true;
utility.safeOps = false;
};
shellAliases =
let
gitExe = lib.getExe config.programs.git.package;
in
{
htop = lib.getExe pkgs.btop;
gp = "${gitExe} push";
gco = "${gitExe} checkout";
gd = "${gitExe} diff";
gc = "${gitExe} commit";
gpl = "${gitExe} pull";
gb = "${gitExe} branch";
ga = "${gitExe} add";
gl = "${gitExe} log";
gs = "${gitExe} status";
tf = lib.getExe pkgs.opentofu;
};
};
tmux = {
enable = true;
shell = lib.getExe config.programs.zsh.package;
shortcut = "a";
clock24 = true;
newSession = true;
mouse = true;
escapeTime = 10;
terminal = "screen-256color";
extraConfig = ''
unbind _
bind _ split-window -h
unbind -
bind - split-window -v
unbind h
bind h select-pane -L
unbind j
bind j select-pane -D
unbind k
bind k select-pane -U
unbind l
bind l select-pane -R
'';
};
ssh = {
enable = true;
extraConfig = "User root";
matchBlocks.github = lib.hm.dag.entryBefore [ "*" ] {
hostname = "github.com";
user = "pizzapim";
identitiesOnly = true;
};
};
git = {
enable = true;
userName = "Pim Kunis";
userEmail = "pim@kunis.nl";
extraConfig = {
push.autoSetupRemote = true;
commit.verbose = true;
pull.rebase = true;
init.defaultBranch = "master";
};
};
# Currently, it is not possible to have Home Manager manage Liberwolf extensions.
# There is a draft PR which addresses this:
# https://github.com/nix-community/home-manager/pull/3339
# The extensions I currently use are:
# - ublock-origin (already installed by librewolf)
# - cookie-autodelete
# - clearurls
# - istilldontcareaboutcookies
# - keepassxc-browser
# - redirector
# - violentmonkey
# - boring-rss
# - kagi-search
# - refined-github
librewolf = {
enable = true;
settings = {
"identity.fxaccounts.enabled" = true;
"privacy.clearOnShutdown.history" = false;
"privacy.clearOnShutdown.downloads" = false;
"browser.translations.automaticallyPopup" = false;
"browser.aboutConfig.showWarning" = false;
"privacy.clearOnShutdown.cookies" = false;
};
};
};
dconf.settings = with lib.hm.gvariant; {
"org/gnome/desktop/sound".allow-volume-above-100-percent = true;
"org/gnome/desktop/wm.preferences".num-workspaces = 4;
"org/gnome/mutter".edge-tiling = true;
"org/gnome/shell" = {
disable-extension-version-validation = true;
enabled-extensions = [
"workspace-indicator@gnome-shell-extensions.gcampax.github.com"
"pop-shell@system76.com"
"windowIsReady_Remover@nunofarruca@gmail.com"
"randomwallpaper@iflow.space"
];
};
"org/gnome/desktop/input-sources" = {
sources = [ (mkTuple [ "xkb" "us" ]) ];
xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
};
"org/gnome/shell/extensions/pop-shell" = {
active-hint = true;
fullscreen-launcher = false;
mouse-cursor-focus-location = mkUint32 4;
mouse-cursor-follows-active-window = true;
show-skip-taskbar = false;
show-title = true;
smart-gaps = false;
snap-to-grid = false;
stacking-with-mouse = true;
tile-by-default = true;
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "<Super>t";
command = lib.getExe config.programs.alacritty.package;
name = "Terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "<Super>e";
command = "${lib.getExe config.programs.librewolf.package} --browser";
name = "Browser";
};
"org/gnome/desktop/wm/keybindings" = {
close = [ "<Shift><Super>q" ];
minimize = mkEmptyArray type.string;
move-to-workspace-1 = [ "<Shift><Super>1" ];
move-to-workspace-2 = [ "<Shift><Super>2" ];
move-to-workspace-3 = [ "<Shift><Super>3" ];
move-to-workspace-4 = [ "<Shift><Super>4" ];
switch-applications = mkEmptyArray type.string;
switch-applications-backward = mkEmptyArray type.string;
switch-to-workspace-1 = [ "<Super>1" ];
switch-to-workspace-2 = [ "<Super>2" ];
switch-to-workspace-3 = [ "<Super>3" ];
switch-to-workspace-4 = [ "<Super>4" ];
toggle-fullscreen = [ "<Super>f" ];
};
"org/gnome/shell/extensions/space-iflow-randomwallpaper" = {
auto-fetch = true;
change-type = 2;
hide-panel-icon = true;
history-length = 1;
hours = 0;
minutes = 30;
sources = [ "42" ];
fetch-on-startup = true;
};
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4;
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${flake}/wallpapers";
};
sops = {
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
defaultSopsFile = ./secrets/pim.yaml;
secrets = {
"keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
"syncthing/key".path = "${config.xdg.configHome}/syncthing/key.pem";
"syncthing/cert".path = "${config.xdg.configHome}/syncthing/cert.pem";
};
};
}

0
home-manager/firefox/addons.json → modules/home-manager/firefox/addons.json
View file

11
modules/home-manager/firefox/addons.nix Normal file
View file

@ -0,0 +1,11 @@
pkgs: lib:
let
rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
custom-addons = import ./custom-addons.nix pkgs lib;
in
with rycee-addons; [
ublock-origin
istilldontcareaboutcookies
keepassxc-browser
custom-addons.simple-style-fox-2
]

0
home-manager/firefox/custom-addons.nix → modules/home-manager/firefox/custom-addons.nix
View file

32
modules/home-manager/firefox/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ pkgs, lib, ... }:
let
firefoxAddons = import ./addons.nix pkgs lib;
firefoxSettings = {
"browser.aboutConfig.showWarning" = false;
"browser.toolbars.bookmarks.visibility" = "always";
"browser.tabs.firefox-view" = false;
"browser.shell.checkDefaultBrowser" = false;
"browser.translations.automaticallyPopup" = false;
"signon.rememberSignons" = false;
"media.webspeech.synth.dont_notify_on_error" = true;
"browser.gesture.swipe.left" = false;
"browser.gesture.swipe.right" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
};
in
{
config = {
programs.firefox = {
enable = true;
profiles = {
default = {
id = 0;
isDefault = true;
settings = firefoxSettings;
extensions = firefoxAddons;
};
};
};
};
}

0
home-manager/neovim/bufferline.lua → modules/home-manager/neovim/bufferline.lua
View file

0
home-manager/neovim/cmp.lua → modules/home-manager/neovim/cmp.lua
View file

0
home-manager/neovim/commentary.lua → modules/home-manager/neovim/commentary.lua
View file

0
home-manager/neovim/core.lua → modules/home-manager/neovim/core.lua
View file

5
home-manager/neovim/default.nix → modules/home-manager/neovim/default.nix
View file

@ -11,10 +11,9 @@
extraPackages = with pkgs; [ extraPackages = with pkgs; [
nil nil
nodePackages.pyright nodePackages.pyright
neofetch
gopls gopls
terraform-ls terraform-ls
nixfmt nixfmt-classic
stylua stylua
black black
nixpkgs-fmt nixpkgs-fmt
@ -71,7 +70,7 @@
nvim-web-devicons nvim-web-devicons
lsp-format-nvim lsp-format-nvim
{ {
plugin = pkgs.unstable.vimPlugins.none-ls-nvim; plugin = pkgs.vimPlugins.none-ls-nvim;
type = "lua"; type = "lua";
config = builtins.readFile ./none-ls.lua; config = builtins.readFile ./none-ls.lua;
} }

0
home-manager/neovim/leap.lua → modules/home-manager/neovim/leap.lua
View file

0
home-manager/neovim/lspconfig.lua → modules/home-manager/neovim/lspconfig.lua
View file

0
home-manager/neovim/none-ls.lua → modules/home-manager/neovim/none-ls.lua
View file

0
home-manager/neovim/telescope.lua → modules/home-manager/neovim/telescope.lua
View file

0
home-manager/neovim/treesitter.lua → modules/home-manager/neovim/treesitter.lua
View file

36
modules/nixos/lanzaboote.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, lib, inputs, ... }: {
imports = [
inputs.lanzaboote.nixosModules.lanzaboote
];
options = {
pim.lanzaboote.enable = lib.mkEnableOption {
description = ''
Whether to enable lanzaboote
'';
};
};
config = lib.mkIf config.pim.lanzaboote.enable {
boot = {
# generate keys first with: `sudo nix run nixpkgs#sbctl create-keys`
# switch from lzb to bootspec by adding following line to the system configuration:
# bootspec.enable = true;
loader = {
systemd-boot.enable = lib.mkForce false;
# Use lanzaboote instead see below, default is:
# systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
};
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
};
}

148
nixos/default.nix
View file

@ -1,148 +0,0 @@
{ pkgs, config, lib, ... }: {
imports = [ ./hardware-configuration.nix ];
boot = { loader.systemd-boot.enable = true; };
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8";
services = {
gnome.gnome-keyring.enable = lib.mkForce false;
xserver = {
enable = true;
displayManager.gdm = { enable = true; };
desktopManager.gnome.enable = true;
excludePackages = with pkgs; [ xterm ];
};
printing = {
enable = true;
drivers = [ pkgs.hplip pkgs.gutenprint ];
};
fprintd = {
enable = true;
tod = {
enable = true;
driver = pkgs.libfprint-2-tod1-vfs0090;
};
};
};
users = {
users.pim = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" "input" ];
};
};
environment = {
systemPackages = with pkgs; [
wget
curl
git
btop
ripgrep
vim
dogdns
tree
dig
];
gnome.excludePackages = with pkgs; [
gnome.totem
gnome-tour
gnome.epiphany
gnome.geary
gnome-console
gnome.gnome-music
];
};
system = {
stateVersion = "23.05";
activationScripts.diff = ''
if [[ -e /run/current-system ]]; then
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
fi
'';
};
programs.ssh = {
startAgent = true;
knownHosts = {
dmz = {
hostNames = [ "*.dmz" ];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
certAuthority = true;
};
hypervisors = {
hostNames = [ "*.hyp" ];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
certAuthority = true;
};
};
};
security.sudo.extraConfig = ''
Defaults timestamp_timeout=30
'';
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
gc = {
automatic = true;
persistent = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
age = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
secrets = {
wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age;
wg-quick-home-preshared-key.file =
../secrets/wg-quick-home-preshared-key.age;
};
};
networking = {
hostName = "x260";
wg-quick.interfaces.home = {
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
address = [ "10.225.191.4/24" ];
dns = [ "192.168.30.8" ];
peers = [{
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
endpoint = "wg.geokunis2.nl:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
}];
};
};
virtualisation.docker = {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
nixpkgs.config.permittedInsecurePackages = [
"electron-25.9.0"
];
}

41
nixos/hardware-configuration.nix
View file

@ -1,41 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device =
"/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/87DA-B083";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

3
secrets/README.md
View file

@ -1,3 +0,0 @@
```bash
nix run github:ryantm/agenix# -- -e secret1.age
```

BIN
secrets/ansible-vault-secret.age
View file

Binary file not shown.

12
secrets/common-pg-tfbackend.age
View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww i6BkkMy9gSSVZ+L+EMYSLakp1qA4yOGbEkLrO4Ddbxs
FsoRnCiPsJEKQj+2iJaqn+BbU+bFMAkReRotiV+0WCs
-> ssh-ed25519 vBZj5g +6YFp3yYXSEzRMXu7WyURkJk/cA87irnW5FpKRYnGSA
dJkMmnxyVEv/S9FmCrRkrYDCh+OwXK+UYno3ncr5nOk
-> 6gQa-grease Yt+ucm#U |<d\`t
SxpuSh2ee/jDNu7mXcn82fTt6/wy7ksA+W1xHQHiShJGvyyr6dTIPEk0qY1oqIPt
HkQNvNYLpMwpAqSTvmcmybps4CoWt0x6GJ0aBPOlYEIuwHnJ5Pkvnf4U9wPuwr6Y
zQ
--- hHweNMiKEIEw/TwSGhElfRiQYqLtmhwylkMWvfthyGY
?×%Ö¿H¹§G¤/Pì#
ÚŠÐÛäF±QÙç„lRÊDcNÖЉ ç$Hs©ŠTæžø<C5BE>ÊÁÏqVf¤àˆÝkëã•ø<E280A2>ï¡×OŒÞÛµæE•êgißžXŒ§sá”)gO¢.·]·æÐCJcè<63>E^EŸq:<3A>qß&™E™#¾ArÄªÉ ™€ñì

BIN
secrets/k3s-pim-privkey.age
View file

Binary file not shown.

BIN
secrets/keepassxc.ini.age
View file

Binary file not shown.

24
secrets/pim.yaml Normal file
View file

File diff suppressed because one or more lines are too long

BIN
secrets/postgresql_client.key.age
View file

Binary file not shown.

11
secrets/powerdns-api-key.json.age
View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww NnvaPUzk3WjwC3nu7T47DXtNqDuysbgAccdF1kWO5yQ
XYX2GfZSHrnhoKutbqVxB9zghbl1kZDyOTphUXvt8oQ
-> ssh-ed25519 vBZj5g mpi+OE3ST+mP05IKimQrwOZxOaDgeUUoKujOOSXEljQ
kwHkJu14Xpqgd4POeuLLcbech+Kh2XSfBed3M1Cu8DA
-> =6-grease C`Yq5 Y2 4
8sgSLLYCXkFRy0SFfNH0fhb14HonKVpVfkc1rc7sC7bXVXi8FGri/d/AW42G2J9m
W/FfhKnGBAOj1cA/wPw4cqCcQKbux78C7BdN6EfrF+ddzF+n98EwtBJ/cjzRky+A
FJJY
--- sytjLDBFLb2VqtF3LSiSS1Nxb56oNtx2AGzhYCPItW8
.ÚËr-Ò†±–åØè/ BD$Õ¬F³Ðó¡FÜЙó‰SÅÙ/MœÎËâò ª¸òi/<2F># šÙï%u7ÍŸ6ƒör…W ¸öe?…ƒÉi,·ÐÑä[ÁY¤9ÙÿÀÁ

23
secrets/secrets.nix
View file

@ -1,23 +0,0 @@
let
pkgs = import <nixpkgs> { };
publicKeysURL =
"https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
publicKeys = pkgs.lib.strings.splitString "\n"
(pkgs.lib.strings.fileContents publicKeysFile);
in
{
"wg-quick-home-privkey.age".publicKeys = publicKeys;
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
"sue_ed25519.age".publicKeys = publicKeys;
"sue_azure_rsa.age".publicKeys = publicKeys;
"syncthing-key.pem.age".publicKeys = publicKeys;
"syncthing-cert.pem.age".publicKeys = publicKeys;
"common-pg-tfbackend.age".publicKeys = publicKeys;
"ansible-vault-secret.age".publicKeys = publicKeys;
"powerdns-api-key.json.age".publicKeys = publicKeys;
"keepassxc.ini.age".publicKeys =
publicKeys; # Secret agent causes private keys in config file.
"postgresql_client.key.age".publicKeys = publicKeys;
"k3s-pim-privkey.age".publicKeys = publicKeys;
}

25
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,25 @@
testje: ENC[AES256_GCM,data:kMnaocttth1O6g==,iv:mV9gEMdomVhmOTBUWIFz3o23TBb7DLM2rXI/Tb81bSg=,tag:qj6TlvW5sY6Ek9M0GIqB3A==,type:str]
wireguard:
home:
presharedKey: ENC[AES256_GCM,data:H+oCRsg2ikN9KyVacEFasYmx5XE1zrnjBthkL5OitOXHTr4Ls0zwoF5StXs=,iv:N63wO4TKagbweStqf7wL3YZ0njxDNvrISErPao5wf7o=,tag:67kZcNaCzv3RI41XmA+UFQ==,type:str]
privateKey: ENC[AES256_GCM,data:WcPVrLiy2JJvzIh7sUpHMnt1MNx5rw5bI+xGmkitC9nEiNytMG71wmlC4d0=,iv:sl8gZgCzaW10UH0GLycvQVHqBlDVq7BUgoIEl41lc20=,tag:7oLlVjulxuEsW+pS8sZ+Ew==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWL1dlTjFNTXRPd0ppbE1i
THlsMzB1K041eUdTemRseGk5dkVwUDk2TFIwCnR1WE9iYXhHWHprZCtlSFExakhs
R0FtcEc0VTJ4WFBORFluYTdBTFh1NzAKLS0tIGtrYkVPSEVXV1dnb1J4V1pkQktW
VjNXUkpmVmxyNDNsT0ZjQjhOYklEbW8KV86AD+8QE14BZxWb7TVolwlcy1eFKxks
rOpqcXBqtUPaBC10IhVV434DGFIZMtRuYEQ4G/sdCsc3qiNxO3Cl4A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-15T14:04:18Z"
mac: ENC[AES256_GCM,data:6YKdfUk4ltXQ6U7FHs9ehGDUVzfZo1cKnSJMp+zYBEBnhmz7LdCBZycBpJ9syJn4WW1jZ8Bz7+lIxDsXm35AhjI+Mia20BqcWotcCaoHUslK+QV/YRIw8wxP7pvOKNeTa9UMhrcpXBVJxdQvKEBZPWziD4Xk3RGomvGEjB3xXKY=,iv:Tvgo/tlxnNk31C/cqCAKIGRdYEug9DdqeIUdJgQj4yE=,tag:z/tWTyiYmUmc2zVc3mQq0Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

BIN
secrets/sue_azure_rsa.age
View file

Binary file not shown.

BIN
secrets/sue_ed25519.age
View file

Binary file not shown.

BIN
secrets/syncthing-cert.pem.age
View file

Binary file not shown.

12
secrets/syncthing-key.pem.age
View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww 0YS+10yTGhQwLKj5SZkyHLAOMHScnEXuW8H1LJSJJl8
fYIEukt41D5s417B6EcCj5DP0JCcqDKIzdUqGeNLguQ
-> ssh-ed25519 vBZj5g ufNv/vQfhTj203S9NhLoTs3AK3v1MQC73oPLhj7TJQ8
/ExO1bN02B6uJoWiVQDqRQ6yMd4o3qR3sUpN9OHEW50
-> 9f-grease p
6eUQ4dl855OIlCfN61wQ/7n8
--- WTuEDM+CWDqaep0MlbCL1QXXzDumVR4WCXhyA3b7zm8
Û,”ùQÎófç¥w— >Óœ×ÿ¿g7QÂå×Ú¤2*ð<>„ù 0­.Ž3zy•DØ<31>4™¹ÀE$Nw7îqAÊp¹&g;„®
¢VÊ\oø_^èW¼<>-WÞ(k\¬ÝRµb£{h<*ì èÒçظ¤11gKÏâk<C3A2>U,Ñ$>­p®zoÑlÏ5\dSÌ4OOû\¯+yÿúà(–Ä×Çå+»ñëÿçbãj¼Eº)}ì$ÒŽ¬T?»
ÿ%;Ž¿QFiçº4ŽJH®Ÿ­å<C2AD>™6AúSâÑÜЉãˆ<C3A3>k˜Z²?ܸ”MY26ËhÊ]e”µ(¤a¤&[ͳ°0‡juSóXKúNd>,Ûçv®ÔŠ¬
ѳ /BnùšgæO ©m}~¦‡z™i‰Üx£GàÈöb­

9
secrets/wg-quick-home-preshared-key.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww Wlatyvlg6jc+ISAQu1QEA62IUeWnriQJg+ChseMcyFI
tRhEc/mkG7FFZO2G5A+0NNCj693Q3dbDhMOBxKmCBjw
-> ssh-ed25519 vBZj5g HdeqB71NJkEFgXb0LPefYl+kwQNUYJQAHBEDxKdPqxk
6mUCxbBT6PpAf0BwTD6Tv7pDZzWmHxBWw+/IbgLXQZA
-> N-grease
OKOvPc2zAXju6FzjNzuCZiF9pN2hmmxMMRWxZwXar8MR
--- QR9PJv7R2ASeHrsBO7SuZzAB9s5fD0jT/qEFuJx8CNg
Š·_AéZñR IWnO†¢'j—̤,ÄØÃ#†ò™ZPjJ©è&Zô˜ôÎÃ…ÿ°ë…{ÕW…ðÚ˜×wÞˆ %Ó±‰%

10
secrets/wg-quick-home-privkey.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww ST/R4vPro6VMrJgRJqMIYkhaQJ0EV0ss/yX94BAxSWE
VIWQpIuuf0OS4z1D1QsFRvvWrmbo6LJEdPJ7jmbhv+w
-> ssh-ed25519 vBZj5g GAlVKDrXvlR7FqID4Rbpb64QChS8rwUCyJdxg2PXSw0
cS8pDXkYvvFsiTt0i6s5r/7cxbf5IcjiNQWQAcgoXFg
-> w-grease s,fAjpd YvL[bWVw $h4j|^ >JU
EO9ZKdn19mADx6rwhpKftX/QxZ4yNlXgZttyn0rBpSZuVfX8Oj430VppAZ5RYwn9
zHqBvBs6VEYUt4jOWOGl/idBNg
--- OnaKsFMYoiOP1T2o4GIgME6KQqWqwIQM9WADk28E9qA
<<16>˜±n-ã¸þ”iìÙ÷bÖRä¿·â;¢©Ö)¸“[ G[Õ„·FÔX°ä<C2B0>?Hne•®ò&­n¸m#œ$}”¸e]Õ-6ᢾx„

3
switch
View file

@ -1,3 +0,0 @@
#!/usr/bin/env bash
sudo nixos-rebuild switch --flake ./#pim

BIN
wallpapers/Famous Places in the Eastern Capital/Decorations_for_Season-opening_Kabuki_Performances_at_Saruwakamachi_LACMA_M.2007.152.22.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.2 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/Hiroshige,_A_bridge_in_the_rain.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.1 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/Hiroshige,_Evening_Cherry_Blossoms,_Yoshiwara_Nakanochô_(Yoshiwara_nakanochô_yozakura)_From_the_series_Famous_Views.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 486 KiB

BIN
wallpapers/Famous Places in the Eastern Capital/Kameido_umeyashiki_no_zu_LCCN2008660840.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 10 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1301973-Utagawa_Hiroshige-東都名所-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.7 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303508-Utagawa_Hiroshige-東都名所_永代橋深川新地-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.5 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303509-Utagawa_Hiroshige-東都名所_王子滝の川-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3.2 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303510-Utagawa_Hiroshige-東都名所_神田明神-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303511-Utagawa_Hiroshige-東都名所_真土山之図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.7 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303513-Utagawa_Hiroshige-東都名所_道潅山虫聞之図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303514-Utagawa_Hiroshige-東都名所_深川三拾三間堂-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303515-Utagawa_Hiroshige-東都名所_五百羅漢さゞゐ堂-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.6 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1303516-Utagawa_Hiroshige-東都名所_芝増上寺山内図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.8 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308372-Utagawa_Hiroshige-東都名所_日暮里-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.6 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308374-Utagawa_Hiroshige-東都名所_芝赤羽橋之図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308375-Utagawa_Hiroshige-東都名所_芝増上寺-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.6 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308376-Utagawa_Hiroshige-東都名所_芝愛宕山之図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.7 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308381-Utagawa_Hiroshige-東都名所_駿河町之図-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.8 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/NDL-DC_1308382-Utagawa_Hiroshige-東都名所_浅草金竜山年之市群集-crd.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3.1 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/東都名所_二丁町芝居の図-View_of_the_Kabuki_Theaters_at_Sakai-cho_on_Opening_Day_of_the_New_Season_(Sakai-cho_Shibai_no_Zu),_from_the_series,_ Toto_Meisho _MET_DP123276.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 3 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/東都名所_真崎雪晴ノ図-Clearing_Weather_after_Snow_at_Massaki_MET_DP123291.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.9 MiB

BIN
wallpapers/Famous Places in the Eastern Capital/東都名所_芝愛宕山上の図-Shiba_Atago_Sanjo_no_Zu_MET_DP123284.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.9 MiB