Compare commits
58 commits
Author | SHA1 | Date | |
---|---|---|---|
5d675cbaad | |||
e692a80d1c | |||
d754476865 | |||
ca6d704524 | |||
17433101a5 | |||
1f70f75ca7 | |||
aa7c2bac3b | |||
d40bbc417c | |||
f933a38b7d | |||
03164646a5 | |||
ebc3ad8204 | |||
95f36524e2 | |||
46cf4907cb | |||
93104ed7e0 | |||
0cecc75e3d | |||
5d752cb279 | |||
03608f96d7 | |||
80530d6290 | |||
62265a466c | |||
b6b5d5901c | |||
9c83729db0 | |||
d11fc9ba6d | |||
5bfab60b73 | |||
867912a676 | |||
c3bddc6c44 | |||
afcc583dcf | |||
ed1e654706 | |||
235efa07e8 | |||
a3ed1136f1 | |||
3d33b0c7a5 | |||
955f9e3a07 | |||
e069bd25a2 | |||
b6b5d8344c | |||
db7238afe3 | |||
1d3125a5b4 | |||
3d4ac7c7e1 | |||
dbe5349bae | |||
f03c7117bb | |||
acdf4f02af | |||
9f678ee151 | |||
07538a39d1 | |||
2ac437d742 | |||
6bfdf579c5 | |||
e0825def24 | |||
60e417e003 | |||
1a11f3af42 | |||
5dfe47a4a0 | |||
351fc8384c | |||
260fd7d573 | |||
fed5e8010d | |||
cad90372d4 | |||
9765e72a99 | |||
8251863999 | |||
adf2f1e7cb | |||
9e639175fd | |||
48e3ccc742 | |||
f1f9432f3e | |||
c2f9f4a83a |
1
.envrc
|
@ -1 +0,0 @@
|
||||||
PATH_add .
|
|
2
.sops.yaml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
creation_rules:
|
||||||
|
- age: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
30
README.md
|
@ -1,20 +1,26 @@
|
||||||
# nixos-laptop
|
# nixos-laptop
|
||||||
|
|
||||||
NixOS configuration for my laptop.
|
NixOS configuration for my personal laptop.
|
||||||
My configuration is simple: I have one personal laptop with one user.
|
|
||||||
|
Currently contains config for three systems:
|
||||||
|
- **sue**: My current laptop, a Dell XPS 9315
|
||||||
|
- **x260**: My previous laptop, a Lenovo Thinkpad x260 which is broken
|
||||||
|
- **x201**: A Lenovo Thinkpad x201 which I have as a backup system
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|
||||||
- Nixpkgs 23.11
|
- Nixpkgs 24.05
|
||||||
- Flakes!
|
|
||||||
- [Nix User Repository (NUR)](https://github.com/nix-community/NUR)
|
- [Nix User Repository (NUR)](https://github.com/nix-community/NUR)
|
||||||
- Currently only used for Firefox Plugins
|
- Currently only used for Firefox Plugins
|
||||||
- [Home Manager](https://github.com/nix-community/home-manager)
|
- [Home Manager](https://github.com/nix-community/home-manager)
|
||||||
- For managing my configuration for my user
|
- For managing the configuration for my user
|
||||||
- [Agenix](https://github.com/ryantm/agenix)
|
- [sops-nix](https://github.com/Mic92/sops-nix)
|
||||||
- To deploy global system secrets, like:
|
- For secret management
|
||||||
- Wireguard private key and shared secret
|
- [nixos-hardware](https://github.com/NixOS/nixos-hardware)
|
||||||
- [Homeage](https://github.com/jordanisaacs/homeage)
|
- To add hardware-specific tweaks to NixOS for my laptop
|
||||||
- To deploy secrets in my home directory, like:
|
- [stylix](https://stylix.danth.me/)
|
||||||
- SSH keys
|
- Apply theming and styling to many programs
|
||||||
- Syncthing private key
|
- [lanzaboote](https://github.com/nix-community/lanzaboote)
|
||||||
|
- Secure boot for NixOS
|
||||||
|
- [disko](https://github.com/nix-community/disko)
|
||||||
|
- Declarative disk partitioning and formatting; currently only used for my x201
|
||||||
|
|
279
configuration.nix
Normal file
|
@ -0,0 +1,279 @@
|
||||||
|
{ pkgs, config, lib, inputs, flake, system, ... }: {
|
||||||
|
imports = [
|
||||||
|
inputs.stylix.nixosModules.stylix
|
||||||
|
inputs.home-manager.nixosModules.home-manager
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
|
"${flake}/modules/nixos/lanzaboote.nix"
|
||||||
|
];
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Amsterdam";
|
||||||
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
programs.ssh.startAgent = true;
|
||||||
|
|
||||||
|
services = {
|
||||||
|
gnome.gnome-keyring.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
tailscale = {
|
||||||
|
enable = true;
|
||||||
|
useRoutingFeatures = "client";
|
||||||
|
};
|
||||||
|
|
||||||
|
xserver = {
|
||||||
|
enable = true;
|
||||||
|
displayManager.gdm = { enable = true; };
|
||||||
|
desktopManager.gnome.enable = true;
|
||||||
|
excludePackages = with pkgs; [ xterm ];
|
||||||
|
};
|
||||||
|
|
||||||
|
printing = {
|
||||||
|
enable = true;
|
||||||
|
drivers = [ pkgs.hplip pkgs.gutenprint ];
|
||||||
|
};
|
||||||
|
|
||||||
|
pipewire = {
|
||||||
|
enable = true;
|
||||||
|
alsa.enable = true;
|
||||||
|
alsa.support32Bit = true;
|
||||||
|
pulse.enable = true;
|
||||||
|
jack.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users = {
|
||||||
|
users.pim = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "wheel" "docker" "input" "wireshark" "dialout" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
# https://nix-community.github.io/home-manager/options.xhtml#opt-programs.zsh.enableCompletion
|
||||||
|
pathsToLink = [ "/share/zsh" ];
|
||||||
|
|
||||||
|
systemPackages = (with pkgs; [
|
||||||
|
age
|
||||||
|
borgbackup
|
||||||
|
btop
|
||||||
|
btrfs-progs
|
||||||
|
curl
|
||||||
|
dig
|
||||||
|
exfat
|
||||||
|
f3
|
||||||
|
fastfetch
|
||||||
|
file
|
||||||
|
git
|
||||||
|
gnome.gnome-shell-extensions
|
||||||
|
jq
|
||||||
|
kubectl
|
||||||
|
nmap
|
||||||
|
poppler_utils # For pdfunite
|
||||||
|
ripgrep
|
||||||
|
sbctl
|
||||||
|
silicon
|
||||||
|
sops
|
||||||
|
tree
|
||||||
|
units
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
yq
|
||||||
|
ncdu
|
||||||
|
lshw
|
||||||
|
]) ++ (with pkgs.gnomeExtensions; [
|
||||||
|
pop-shell
|
||||||
|
window-is-ready-remover
|
||||||
|
random-wallpaper
|
||||||
|
]);
|
||||||
|
|
||||||
|
gnome.excludePackages = (with pkgs; [
|
||||||
|
epiphany
|
||||||
|
gnome-connections
|
||||||
|
gnome-console
|
||||||
|
gnome-tour
|
||||||
|
]) ++ (with pkgs.gnome; [
|
||||||
|
geary
|
||||||
|
gnome-calendar
|
||||||
|
gnome-clocks
|
||||||
|
gnome-contacts
|
||||||
|
gnome-font-viewer
|
||||||
|
gnome-logs
|
||||||
|
gnome-maps
|
||||||
|
gnome-music
|
||||||
|
seahorse
|
||||||
|
totem
|
||||||
|
yelp
|
||||||
|
gnome-weather
|
||||||
|
]);
|
||||||
|
};
|
||||||
|
|
||||||
|
system = {
|
||||||
|
stateVersion = "23.05";
|
||||||
|
|
||||||
|
activationScripts.diff = ''
|
||||||
|
if [[ -e /run/current-system ]]; then
|
||||||
|
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
security = {
|
||||||
|
rtkit.enable = true;
|
||||||
|
|
||||||
|
sudo.extraConfig = ''
|
||||||
|
Defaults timestamp_timeout=30
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
package = pkgs.nixFlakes;
|
||||||
|
settings.trusted-users = [ "root" "pim" ];
|
||||||
|
|
||||||
|
extraOptions = ''
|
||||||
|
experimental-features = nix-command flakes
|
||||||
|
'';
|
||||||
|
|
||||||
|
gc = {
|
||||||
|
automatic = true;
|
||||||
|
persistent = true;
|
||||||
|
dates = "weekly";
|
||||||
|
options = "--delete-older-than 7d";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
useDHCP = lib.mkDefault true;
|
||||||
|
networkmanager.unmanaged = [ "tailscale0" ];
|
||||||
|
|
||||||
|
wg-quick.interfaces = {
|
||||||
|
home = {
|
||||||
|
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
|
||||||
|
address = [ "10.225.191.4/24" ];
|
||||||
|
dns = [ "192.168.30.131" ];
|
||||||
|
autostart = false;
|
||||||
|
mtu = 1412;
|
||||||
|
peers = [{
|
||||||
|
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
|
||||||
|
endpoint = "wg.kun.is:51820";
|
||||||
|
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
||||||
|
allowedIPs = [ "0.0.0.0/0" ];
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
home-no-pihole = {
|
||||||
|
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
|
||||||
|
address = [ "10.225.191.4/24" ];
|
||||||
|
dns = [ "192.168.10.1" ];
|
||||||
|
autostart = false;
|
||||||
|
mtu = 1412;
|
||||||
|
peers = [{
|
||||||
|
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
|
||||||
|
endpoint = "wg.kun.is:51820";
|
||||||
|
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
||||||
|
allowedIPs = [ "0.0.0.0/0" ];
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.docker = {
|
||||||
|
enable = true;
|
||||||
|
rootless = {
|
||||||
|
enable = true;
|
||||||
|
setSocketVariable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs = {
|
||||||
|
hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
|
||||||
|
config = {
|
||||||
|
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
||||||
|
"vmware-horizon-client"
|
||||||
|
"libfprint-2-tod1-goodix"
|
||||||
|
"vmware-workstation"
|
||||||
|
"ipu6-camera-bins-unstable"
|
||||||
|
"ipu6-camera-bins"
|
||||||
|
"ivsc-firmware-unstable"
|
||||||
|
"ivsc-firmware"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
overlays = [
|
||||||
|
inputs.nur.overlay
|
||||||
|
(final: _prev: {
|
||||||
|
unstable = import inputs.nixpkgs-unstable {
|
||||||
|
inherit system;
|
||||||
|
config.allowUnfree = true;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
kernelModules = [ "kvm-intel" "cdrom" ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
|
||||||
|
initrd = {
|
||||||
|
availableKernelModules = [ "sd_mod" ];
|
||||||
|
kernelModules = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
kernel.sysctl = {
|
||||||
|
"net.core.default_qdisc" = "fq";
|
||||||
|
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware = {
|
||||||
|
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
pulseaudio.enable = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
stylix = {
|
||||||
|
enable = true;
|
||||||
|
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
|
||||||
|
image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png";
|
||||||
|
|
||||||
|
cursor = {
|
||||||
|
package = pkgs.bibata-cursors;
|
||||||
|
name = "Bibata-Modern-Classic";
|
||||||
|
size = 28;
|
||||||
|
};
|
||||||
|
|
||||||
|
fonts = {
|
||||||
|
monospace = {
|
||||||
|
package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; };
|
||||||
|
name = "JetBrainsMono Nerd Font Mono";
|
||||||
|
};
|
||||||
|
|
||||||
|
sansSerif = {
|
||||||
|
package = pkgs.dejavu_fonts;
|
||||||
|
name = "DejaVu Sans";
|
||||||
|
};
|
||||||
|
|
||||||
|
serif = {
|
||||||
|
package = pkgs.dejavu_fonts;
|
||||||
|
name = "DejaVu Serif";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
home-manager = {
|
||||||
|
useGlobalPkgs = true;
|
||||||
|
useUserPackages = true;
|
||||||
|
extraSpecialArgs = { inherit flake inputs; };
|
||||||
|
|
||||||
|
users.pim.imports = [
|
||||||
|
./home.nix
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
age.keyFile = "/home/pim/.config/sops/age/keys.txt";
|
||||||
|
defaultSopsFile = ./secrets/secrets.yaml;
|
||||||
|
|
||||||
|
secrets = {
|
||||||
|
"wireguard/home/presharedKey" = { };
|
||||||
|
"wireguard/home/privateKey" = { };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
555
flake.lock
|
@ -1,49 +1,295 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"agenix": {
|
"base16": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"darwin": "darwin",
|
"fromYaml": "fromYaml"
|
||||||
"home-manager": [
|
|
||||||
"home-manager"
|
|
||||||
],
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"systems": "systems"
|
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703433843,
|
"lastModified": 1708890466,
|
||||||
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
|
"narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=",
|
||||||
"owner": "ryantm",
|
"owner": "SenchoPens",
|
||||||
"repo": "agenix",
|
"repo": "base16.nix",
|
||||||
"rev": "417caa847f9383e111d1397039c9d4337d024bf0",
|
"rev": "665b3c6748534eb766c777298721cece9453fdae",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "ryantm",
|
"owner": "SenchoPens",
|
||||||
"repo": "agenix",
|
"repo": "base16.nix",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"darwin": {
|
"base16-fish": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1622559957,
|
||||||
|
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
|
||||||
|
"owner": "tomyun",
|
||||||
|
"repo": "base16-fish",
|
||||||
|
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "tomyun",
|
||||||
|
"repo": "base16-fish",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"base16-foot": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1696725948,
|
||||||
|
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
|
||||||
|
"owner": "tinted-theming",
|
||||||
|
"repo": "base16-foot",
|
||||||
|
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "tinted-theming",
|
||||||
|
"repo": "base16-foot",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"base16-helix": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1696727917,
|
||||||
|
"narHash": "sha256-FVrbPk+NtMra0jtlC5oxyNchbm8FosmvXIatkRbYy1g=",
|
||||||
|
"owner": "tinted-theming",
|
||||||
|
"repo": "base16-helix",
|
||||||
|
"rev": "dbe1480d99fe80f08df7970e471fac24c05f2ddb",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "tinted-theming",
|
||||||
|
"repo": "base16-helix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"base16-kitty": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1665001328,
|
||||||
|
"narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
|
||||||
|
"owner": "kdrag0n",
|
||||||
|
"repo": "base16-kitty",
|
||||||
|
"rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "kdrag0n",
|
||||||
|
"repo": "base16-kitty",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"base16-tmux": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1696725902,
|
||||||
|
"narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
|
||||||
|
"owner": "tinted-theming",
|
||||||
|
"repo": "base16-tmux",
|
||||||
|
"rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "tinted-theming",
|
||||||
|
"repo": "base16-tmux",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"base16-vim": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1663659192,
|
||||||
|
"narHash": "sha256-uJvaYYDMXvoo0fhBZUhN8WBXeJ87SRgof6GEK2efFT0=",
|
||||||
|
"owner": "chriskempson",
|
||||||
|
"repo": "base16-vim",
|
||||||
|
"rev": "3be3cd82cd31acfcab9a41bad853d9c68d30478d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "chriskempson",
|
||||||
|
"repo": "base16-vim",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"crane": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": [
|
||||||
|
"lanzaboote",
|
||||||
|
"flake-compat"
|
||||||
|
],
|
||||||
|
"flake-utils": [
|
||||||
|
"lanzaboote",
|
||||||
|
"flake-utils"
|
||||||
|
],
|
||||||
|
"nixpkgs": [
|
||||||
|
"lanzaboote",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"rust-overlay": [
|
||||||
|
"lanzaboote",
|
||||||
|
"rust-overlay"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681177078,
|
||||||
|
"narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=",
|
||||||
|
"owner": "ipetkov",
|
||||||
|
"repo": "crane",
|
||||||
|
"rev": "0c9f468ff00576577d83f5019a66c557ede5acf6",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "ipetkov",
|
||||||
|
"repo": "crane",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"disko": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"agenix",
|
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1700795494,
|
"lastModified": 1726730453,
|
||||||
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
"narHash": "sha256-Kdi7liMdbr1/uyMhMDl19O5b9LESxcnYgBRZblrJi9E=",
|
||||||
"owner": "lnl7",
|
"owner": "nix-community",
|
||||||
"repo": "nix-darwin",
|
"repo": "disko",
|
||||||
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
"rev": "a31fe5ef162f2f963308289e6e27d37e3948a983",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "lnl7",
|
"owner": "nix-community",
|
||||||
"ref": "master",
|
"repo": "disko",
|
||||||
"repo": "nix-darwin",
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-compat": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1673956053,
|
||||||
|
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-compat_2": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1673956053,
|
||||||
|
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "edolstra",
|
||||||
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-parts": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs-lib": [
|
||||||
|
"lanzaboote",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1680392223,
|
||||||
|
"narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "flake-parts",
|
||||||
|
"rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "flake-parts",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681202837,
|
||||||
|
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"fromYaml": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1689549921,
|
||||||
|
"narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=",
|
||||||
|
"owner": "SenchoPens",
|
||||||
|
"repo": "fromYaml",
|
||||||
|
"rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "SenchoPens",
|
||||||
|
"repo": "fromYaml",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"gitignore": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"lanzaboote",
|
||||||
|
"pre-commit-hooks-nix",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1660459072,
|
||||||
|
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "gitignore.nix",
|
||||||
|
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "gitignore.nix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"gnome-shell": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1713702291,
|
||||||
|
"narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=",
|
||||||
|
"owner": "GNOME",
|
||||||
|
"repo": "gnome-shell",
|
||||||
|
"rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "GNOME",
|
||||||
|
"ref": "46.1",
|
||||||
|
"repo": "gnome-shell",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -54,47 +300,91 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703367386,
|
"lastModified": 1726592409,
|
||||||
"narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=",
|
"narHash": "sha256-2Y6CDvD/BD43WLS77PHu6dUHbdUfFhuzkY8oJAecD/U=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224",
|
"rev": "2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"ref": "release-23.11",
|
"ref": "release-24.05",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"homeage": {
|
"home-manager_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
"stylix",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1669234151,
|
"lastModified": 1714981474,
|
||||||
"narHash": "sha256-TwT87E3m2TZLgwYJESlype14HxUOrRGojPM5C2akrMg=",
|
"narHash": "sha256-b3/U21CJjCjJKmA9WqUbZGZgCvospO3ArOUTgJugkOY=",
|
||||||
"owner": "jordanisaacs",
|
"owner": "nix-community",
|
||||||
"repo": "homeage",
|
"repo": "home-manager",
|
||||||
"rev": "02bfe4ca06962d222e522fff0240c93946b20278",
|
"rev": "6ebe7be2e67be7b9b54d61ce5704f6fb466c536f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "jordanisaacs",
|
"owner": "nix-community",
|
||||||
"repo": "homeage",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"lanzaboote": {
|
||||||
|
"inputs": {
|
||||||
|
"crane": "crane",
|
||||||
|
"flake-compat": "flake-compat",
|
||||||
|
"flake-parts": "flake-parts",
|
||||||
|
"flake-utils": "flake-utils",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
|
||||||
|
"rust-overlay": "rust-overlay"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1682802423,
|
||||||
|
"narHash": "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "lanzaboote",
|
||||||
|
"rev": "64b903ca87d18cef2752c19c098af275c6e51d63",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"ref": "v0.3.0",
|
||||||
|
"repo": "lanzaboote",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixos-artwork": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1719676066,
|
||||||
|
"narHash": "sha256-78FyNyGtDZogJUWcCT6A/T2MK87nGN/muC7ANH1b1V8=",
|
||||||
|
"ref": "refs/heads/master",
|
||||||
|
"rev": "de03e887f03037e7e781a678b57fdae603c9ca20",
|
||||||
|
"revCount": 208,
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/NixOS/nixos-artwork.git"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/NixOS/nixos-artwork.git"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702453208,
|
"lastModified": 1726724509,
|
||||||
"narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=",
|
"narHash": "sha256-sVeAM1tgVi52S1e29fFBTPUAFSzgQwgLon3CrztXGm8=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6",
|
"rev": "10d5e0ecc32984c1bf1a9a46586be3451c42fd94",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -106,27 +396,75 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703200384,
|
"lastModified": 1726447378,
|
||||||
"narHash": "sha256-q5j06XOsy0qHOarsYPfZYJPWbTbc8sryRxianlEPJN0=",
|
"narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "0b3d618173114c64ab666f557504d6982665d328",
|
"rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"ref": "nixos-23.11",
|
"ref": "nixos-24.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-stable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1678872516,
|
||||||
|
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-22.11",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-stable_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1725762081,
|
||||||
|
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "release-24.05",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703134684,
|
"lastModified": 1726583932,
|
||||||
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
|
"narHash": "sha256-zACxiQx8knB3F8+Ze+1BpiYrI+CbhxyWpcSID9kVhkQ=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "d6863cbcbbb80e71cecfc03356db1cda38919523",
|
"rev": "658e7223191d2598641d50ee4e898126768fe847",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixpkgs-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1714912032,
|
||||||
|
"narHash": "sha256-clkcOIkg8G4xuJh+1onLG4HPMpbtzdLv4rHxFzgsH9c=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "ee4a6e0f566fe5ec79968c57a9c2c3c25f2cf41d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -138,11 +476,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1703528695,
|
"lastModified": 1726764615,
|
||||||
"narHash": "sha256-vHC5auhnV5JZLaERNpYu0A2+zX0eiwzsT0iIuT40Dmo=",
|
"narHash": "sha256-8cVUZZd9Z/bT0JIQy/hOPta2nhZjT2b6xW7xZhFMh1M=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "747c0cbbecc987e67f49680b6753cc0e8ab355c5",
|
"rev": "4cec60b7d77b33f845c35fcd222376c0ea866a77",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -151,15 +489,124 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"pre-commit-hooks-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": [
|
||||||
|
"lanzaboote",
|
||||||
|
"flake-compat"
|
||||||
|
],
|
||||||
|
"flake-utils": [
|
||||||
|
"lanzaboote",
|
||||||
|
"flake-utils"
|
||||||
|
],
|
||||||
|
"gitignore": "gitignore",
|
||||||
|
"nixpkgs": [
|
||||||
|
"lanzaboote",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681413034,
|
||||||
|
"narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=",
|
||||||
|
"owner": "cachix",
|
||||||
|
"repo": "pre-commit-hooks.nix",
|
||||||
|
"rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "cachix",
|
||||||
|
"repo": "pre-commit-hooks.nix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"agenix": "agenix",
|
"disko": "disko",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"homeage": "homeage",
|
"lanzaboote": "lanzaboote",
|
||||||
|
"nixos-artwork": "nixos-artwork",
|
||||||
"nixos-hardware": "nixos-hardware",
|
"nixos-hardware": "nixos-hardware",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||||
"nur": "nur"
|
"nur": "nur",
|
||||||
|
"sops-nix": "sops-nix",
|
||||||
|
"stylix": "stylix"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"rust-overlay": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": [
|
||||||
|
"lanzaboote",
|
||||||
|
"flake-utils"
|
||||||
|
],
|
||||||
|
"nixpkgs": [
|
||||||
|
"lanzaboote",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1682129965,
|
||||||
|
"narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
|
"rev": "2c417c0460b788328220120c698630947547ee83",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "oxalica",
|
||||||
|
"repo": "rust-overlay",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"sops-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1726524647,
|
||||||
|
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Mic92",
|
||||||
|
"repo": "sops-nix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"stylix": {
|
||||||
|
"inputs": {
|
||||||
|
"base16": "base16",
|
||||||
|
"base16-fish": "base16-fish",
|
||||||
|
"base16-foot": "base16-foot",
|
||||||
|
"base16-helix": "base16-helix",
|
||||||
|
"base16-kitty": "base16-kitty",
|
||||||
|
"base16-tmux": "base16-tmux",
|
||||||
|
"base16-vim": "base16-vim",
|
||||||
|
"flake-compat": "flake-compat_2",
|
||||||
|
"gnome-shell": "gnome-shell",
|
||||||
|
"home-manager": "home-manager_2",
|
||||||
|
"nixpkgs": "nixpkgs_2"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1718122552,
|
||||||
|
"narHash": "sha256-A+dBkSwp8ssHKV/WyXb9uqIYrHBqHvtSedU24Lq9lqw=",
|
||||||
|
"owner": "danth",
|
||||||
|
"repo": "stylix",
|
||||||
|
"rev": "e59d2c1725b237c362e4a62f5722f5b268d566c7",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "danth",
|
||||||
|
"ref": "release-24.05",
|
||||||
|
"repo": "stylix",
|
||||||
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"systems": {
|
"systems": {
|
||||||
|
|
203
flake.nix
|
@ -2,63 +2,174 @@
|
||||||
description = "My NixOS configuration";
|
description = "My NixOS configuration";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
|
||||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||||
nur.url = "github:nix-community/NUR";
|
nur.url = "github:nix-community/NUR";
|
||||||
home-manager = {
|
|
||||||
url = "github:nix-community/home-manager?ref=release-23.11";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
homeage = {
|
|
||||||
url = "github:jordanisaacs/homeage";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
agenix = {
|
|
||||||
url = "github:ryantm/agenix";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
inputs.home-manager.follows = "home-manager";
|
|
||||||
};
|
|
||||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||||
|
stylix.url = "github:danth/stylix/release-24.05";
|
||||||
|
|
||||||
|
home-manager = {
|
||||||
|
url = "github:nix-community/home-manager?ref=release-24.05";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
|
lanzaboote = {
|
||||||
|
url = "github:nix-community/lanzaboote/v0.3.0";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
|
disko = {
|
||||||
|
url = "github:nix-community/disko";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
|
|
||||||
|
nixos-artwork = {
|
||||||
|
type = "git";
|
||||||
|
url = "https://github.com/NixOS/nixos-artwork.git";
|
||||||
|
flake = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
sops-nix = {
|
||||||
|
url = "github:Mic92/sops-nix";
|
||||||
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
{ nixpkgs
|
{ self
|
||||||
, nixpkgs-unstable
|
, nixpkgs
|
||||||
, home-manager
|
|
||||||
, homeage
|
|
||||||
, agenix
|
|
||||||
, nur
|
|
||||||
, nixos-hardware
|
|
||||||
, ...
|
, ...
|
||||||
}: {
|
}@inputs:
|
||||||
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
|
let
|
||||||
|
mkNixosSystem = extraModule: nixpkgs.lib.nixosSystem rec {
|
||||||
nixosConfigurations.pim = nixpkgs.lib.nixosSystem rec {
|
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
|
||||||
|
specialArgs = {
|
||||||
|
inherit inputs system;
|
||||||
|
flake = self;
|
||||||
|
};
|
||||||
|
|
||||||
modules = [
|
modules = [
|
||||||
{
|
./configuration.nix
|
||||||
nixpkgs.overlays = [
|
extraModule
|
||||||
nur.overlay
|
|
||||||
(final: _prev: {
|
|
||||||
unstable = import nixpkgs-unstable {
|
|
||||||
inherit system;
|
|
||||||
config.allowUnfree = true;
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
];
|
||||||
}
|
|
||||||
./nixos
|
|
||||||
agenix.nixosModules.default
|
|
||||||
nixos-hardware.nixosModules.lenovo-thinkpad-x260
|
|
||||||
home-manager.nixosModules.home-manager
|
|
||||||
{
|
|
||||||
home-manager.useGlobalPkgs = true;
|
|
||||||
home-manager.useUserPackages = true;
|
|
||||||
home-manager.users.pim = {
|
|
||||||
imports = [ ./home-manager homeage.homeManagerModules.homeage ];
|
|
||||||
};
|
};
|
||||||
}
|
in
|
||||||
];
|
{
|
||||||
|
nixosConfigurations = {
|
||||||
|
x260 = mkNixosSystem ({ pkgs, lib, ... }: {
|
||||||
|
imports = [ inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x260 ];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
pim.lanzaboote.enable = true;
|
||||||
|
networking.hostName = "x260";
|
||||||
|
|
||||||
|
fprintd = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
tod = {
|
||||||
|
enable = true;
|
||||||
|
driver = pkgs.libfprint-2-tod1-vfs0090;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [{ device = "/dev/disk/by-uuid/6028bf52-404d-4143-9cb0-9b06cd60a373"; }];
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
|
||||||
|
};
|
||||||
|
});
|
||||||
|
|
||||||
|
x201 = mkNixosSystem ({ pkgs, lib, ... }: {
|
||||||
|
imports = [ inputs.disko.nixosModules.disko ];
|
||||||
|
config = {
|
||||||
|
networking.hostName = "x201";
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" ];
|
||||||
|
|
||||||
|
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
sda = {
|
||||||
|
device = "/dev/sda";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
boot = {
|
||||||
|
size = "1M";
|
||||||
|
type = "EF02"; # for grub MBR
|
||||||
|
priority = 1; # Needs to be first partition
|
||||||
|
};
|
||||||
|
|
||||||
|
pv_os = {
|
||||||
|
size = "100%";
|
||||||
|
|
||||||
|
content = {
|
||||||
|
type = "lvm_pv";
|
||||||
|
vg = "vg_os";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
lvm_vg.vg_os = {
|
||||||
|
type = "lvm_vg";
|
||||||
|
|
||||||
|
lvs = {
|
||||||
|
swap = {
|
||||||
|
size = "3GB";
|
||||||
|
content.type = "swap";
|
||||||
|
};
|
||||||
|
|
||||||
|
root = {
|
||||||
|
size = "100%FREE";
|
||||||
|
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/";
|
||||||
|
mountOptions = [ "defaults" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
|
|
||||||
|
sue = mkNixosSystem ({ ... }: {
|
||||||
|
imports = [ inputs.nixos-hardware.nixosModules.dell-xps-13-9310 ];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
pim.lanzaboote.enable = true;
|
||||||
|
networking.hostName = "xps-9315";
|
||||||
|
swapDevices = [{ device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b"; }];
|
||||||
|
fileSystems = {
|
||||||
|
"/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
"/boot" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/560E-F8A2";
|
||||||
|
fsType = "vfat";
|
||||||
|
options = [ "fmask=0022" "dmask=0022" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" ];
|
||||||
|
|
||||||
|
hardware.ipu6 = {
|
||||||
|
enable = true;
|
||||||
|
platform = "ipu6ep";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
});
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.bash = {
|
|
||||||
enable = true;
|
|
||||||
shellAliases = {
|
|
||||||
htop = "btop";
|
|
||||||
gp = "git push";
|
|
||||||
gco = "git checkout";
|
|
||||||
gd = "git diff";
|
|
||||||
gc = "git commit";
|
|
||||||
gpl = "git pull";
|
|
||||||
gb = "git branch";
|
|
||||||
ga = "git add";
|
|
||||||
gl = "git log";
|
|
||||||
gs = "git status";
|
|
||||||
tf = "tofu";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.bat = {
|
|
||||||
enable = true;
|
|
||||||
config.theme = "gruvbox-dark";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,135 +0,0 @@
|
||||||
{ pkgs, lib, config, ... }: {
|
|
||||||
imports = [
|
|
||||||
./bash
|
|
||||||
./neovim
|
|
||||||
./firefox
|
|
||||||
./ssh
|
|
||||||
./syncthing
|
|
||||||
./keepassxc
|
|
||||||
./git
|
|
||||||
./direnv
|
|
||||||
./thunderbird
|
|
||||||
./fzf
|
|
||||||
./bat
|
|
||||||
];
|
|
||||||
|
|
||||||
home = {
|
|
||||||
username = "pim";
|
|
||||||
homeDirectory = "/home/pim";
|
|
||||||
stateVersion = "23.05";
|
|
||||||
|
|
||||||
packages = with pkgs; [
|
|
||||||
moonlight-qt
|
|
||||||
vlc
|
|
||||||
nicotine-plus
|
|
||||||
logseq
|
|
||||||
signal-desktop
|
|
||||||
telegram-desktop
|
|
||||||
strawberry
|
|
||||||
gimp
|
|
||||||
libreoffice
|
|
||||||
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
|
|
||||||
virt-manager
|
|
||||||
gnome.gnome-tweaks
|
|
||||||
impression
|
|
||||||
poppler_utils # For pdfunite
|
|
||||||
silicon
|
|
||||||
];
|
|
||||||
|
|
||||||
file.k3s-pim-privkey = {
|
|
||||||
target = ".kube/config";
|
|
||||||
source = ./kubeconfig.yml;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs = {
|
|
||||||
home-manager.enable = true;
|
|
||||||
chromium.enable = true;
|
|
||||||
|
|
||||||
terminator = {
|
|
||||||
enable = true;
|
|
||||||
config = {
|
|
||||||
profiles.default = {
|
|
||||||
# Gruvbox theme: https://github.com/egel/terminator-gruvbox
|
|
||||||
background_color = "#282828";
|
|
||||||
cursor_color = "#7c6f64";
|
|
||||||
foreground_color = "#ebdbb2";
|
|
||||||
palette =
|
|
||||||
"#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2";
|
|
||||||
};
|
|
||||||
|
|
||||||
keybindings = {
|
|
||||||
zoom_in = "<Ctrl>plus";
|
|
||||||
zoom_out = "<Ctrl>minus";
|
|
||||||
new_tab = "<Ctrl><Shift>T";
|
|
||||||
cycle_next = "<Ctrl>Tab";
|
|
||||||
cycle_prev = "<Ctrl><Shift>Tab";
|
|
||||||
split_horiz = "<Alt>C";
|
|
||||||
split_vert = "<Alt>V";
|
|
||||||
|
|
||||||
go_left = "<Alt>H";
|
|
||||||
go_right = "<Alt>L";
|
|
||||||
go_up = "<Alt>K";
|
|
||||||
go_down = "<Alt>J";
|
|
||||||
|
|
||||||
copy = "<Ctrl><Shift>C";
|
|
||||||
paste = "<Ctrl><Shift>V";
|
|
||||||
|
|
||||||
layout_launcher = ""; # Default <Alt>L
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Let home-manager manage the X session
|
|
||||||
xsession = { enable = true; };
|
|
||||||
|
|
||||||
xdg = {
|
|
||||||
userDirs.enable = true;
|
|
||||||
configFile."home/postgresql_server.crt".source = ./postgresql_server.crt;
|
|
||||||
configFile."home/postgresql_client.crt".source = ./postgresql_client.crt;
|
|
||||||
};
|
|
||||||
|
|
||||||
homeage = {
|
|
||||||
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
|
|
||||||
installationType = "systemd";
|
|
||||||
|
|
||||||
file."common-pg-tfbackend" = {
|
|
||||||
source = ../secrets/common-pg-tfbackend.age;
|
|
||||||
symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
file."ansible-vault-secret" = {
|
|
||||||
source = ../secrets/ansible-vault-secret.age;
|
|
||||||
symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
file."powerdns-api-key" = {
|
|
||||||
source = ../secrets/powerdns-api-key.json.age;
|
|
||||||
symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
file."postgresql_client.key" = {
|
|
||||||
source = ../secrets/postgresql_client.key.age;
|
|
||||||
symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
file."k3s-pim-privkey" = {
|
|
||||||
source = ../secrets/k3s-pim-privkey.age;
|
|
||||||
symlinks = [ "${config.home.homeDirectory}/.kube/k3s-pim-privkey" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
fonts.fontconfig.enable = true;
|
|
||||||
|
|
||||||
dconf.settings = with lib.hm.gvariant; {
|
|
||||||
"org/gnome/desktop/input-sources" = {
|
|
||||||
sources = [ (mkTuple [ "xkb" "us" ]) ];
|
|
||||||
xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
"org/gnome/desktop/interface" = {
|
|
||||||
monospace-font-name = "Hack Nerd Font Mono 10";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,9 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.direnv = {
|
|
||||||
enable = true;
|
|
||||||
enableBashIntegration = true;
|
|
||||||
nix-direnv.enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,28 +0,0 @@
|
||||||
pkgs: lib:
|
|
||||||
let
|
|
||||||
rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
|
|
||||||
custom-addons = import ./custom-addons.nix pkgs lib;
|
|
||||||
in {
|
|
||||||
default = lib.concatLists [
|
|
||||||
(with rycee-addons; [
|
|
||||||
ublock-origin
|
|
||||||
clearurls
|
|
||||||
cookie-autodelete
|
|
||||||
istilldontcareaboutcookies
|
|
||||||
keepassxc-browser
|
|
||||||
redirector
|
|
||||||
ublacklist
|
|
||||||
umatrix
|
|
||||||
violentmonkey
|
|
||||||
boring-rss
|
|
||||||
# rycee.bypass-paywalls-clean
|
|
||||||
])
|
|
||||||
(with custom-addons; [ http-version-indicator indicatetls sixindicator ])
|
|
||||||
];
|
|
||||||
sue = with rycee-addons; [
|
|
||||||
ublock-origin
|
|
||||||
istilldontcareaboutcookies
|
|
||||||
keepassxc-browser
|
|
||||||
custom-addons.simple-style-fox-2
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,72 +0,0 @@
|
||||||
{ pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
firefoxAddons = import ./addons.nix pkgs lib;
|
|
||||||
firefoxSettings = {
|
|
||||||
"browser.aboutConfig.showWarning" = false;
|
|
||||||
"browser.toolbars.bookmarks.visibility" = "always";
|
|
||||||
"browser.tabs.firefox-view" = false;
|
|
||||||
"browser.shell.checkDefaultBrowser" = false;
|
|
||||||
"browser.translations.automaticallyPopup" = false;
|
|
||||||
"signon.rememberSignons" = false;
|
|
||||||
"media.webspeech.synth.dont_notify_on_error" = true;
|
|
||||||
"browser.gesture.swipe.left" = false;
|
|
||||||
"browser.gesture.swipe.right" = false;
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
config = {
|
|
||||||
programs.firefox = {
|
|
||||||
enable = true;
|
|
||||||
profiles = {
|
|
||||||
default = {
|
|
||||||
id = 0;
|
|
||||||
isDefault = true;
|
|
||||||
settings = firefoxSettings;
|
|
||||||
extensions = firefoxAddons.default;
|
|
||||||
};
|
|
||||||
sue = {
|
|
||||||
id = 1;
|
|
||||||
settings = firefoxSettings;
|
|
||||||
extensions = firefoxAddons.sue;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
xdg.desktopEntries.firefox-sue = {
|
|
||||||
categories = [ "Network" "WebBrowser" ];
|
|
||||||
exec = "firefox -P sue --name firefox %U";
|
|
||||||
genericName = "Web Browser";
|
|
||||||
icon = "firefox";
|
|
||||||
mimeType = [
|
|
||||||
"text/html"
|
|
||||||
"text/xml"
|
|
||||||
"application/xhtml+xml"
|
|
||||||
"application/vnd.mozilla.xul+xml"
|
|
||||||
"x-scheme-handler/http"
|
|
||||||
"x-scheme-handler/https"
|
|
||||||
];
|
|
||||||
name = "Firefox | Sue";
|
|
||||||
startupNotify = true;
|
|
||||||
terminal = false;
|
|
||||||
type = "Application";
|
|
||||||
};
|
|
||||||
|
|
||||||
xdg.desktopEntries.firefox = lib.mkForce {
|
|
||||||
categories = [ "Network" "WebBrowser" ];
|
|
||||||
exec = "firefox --new-window --name firefox %U";
|
|
||||||
genericName = "Web Browser";
|
|
||||||
icon = "firefox";
|
|
||||||
mimeType = [
|
|
||||||
"text/html"
|
|
||||||
"text/xml"
|
|
||||||
"application/xhtml+xml"
|
|
||||||
"application/vnd.mozilla.xul+xml"
|
|
||||||
"x-scheme-handler/http"
|
|
||||||
"x-scheme-handler/https"
|
|
||||||
];
|
|
||||||
name = "Firefox";
|
|
||||||
startupNotify = true;
|
|
||||||
terminal = false;
|
|
||||||
type = "Application";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.fzf = {
|
|
||||||
enable = true;
|
|
||||||
enableBashIntegration = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,18 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.git = {
|
|
||||||
enable = true;
|
|
||||||
userName = "Pim Kunis";
|
|
||||||
userEmail = "pim@kunis.nl";
|
|
||||||
extraConfig = {
|
|
||||||
push.autoSetupRemote = true;
|
|
||||||
commit.verbose = true;
|
|
||||||
pull.rebase = true;
|
|
||||||
};
|
|
||||||
includes = [{
|
|
||||||
path = "~/git/suecode/.gitconfig";
|
|
||||||
condition = "gitdir:~/git/suecode/**";
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,9 +0,0 @@
|
||||||
{ pkgs, config, ... }: {
|
|
||||||
config = {
|
|
||||||
home.packages = [ pkgs.keepassxc ];
|
|
||||||
homeage.file."keepassxc.ini" = {
|
|
||||||
source = ../../secrets/keepassxc.ini.age;
|
|
||||||
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,19 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
clusters:
|
|
||||||
- cluster:
|
|
||||||
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTURJMU56UXlOVGt3SGhjTk1qTXhNakUwTVRjeE56TTVXaGNOTXpNeE1qRXhNVGN4TnpNNQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTURJMU56UXlOVGt3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUMzdYdlBzUG9DeTk3Nm1zWm9qTHBlUklieVB5NWFPV0NJWXpyZVpUcVYKUlo4cDVyME1RdVViV0crNTJqQ1ZjNCtrZGN3WVkwRXRDaUpkZ21LSU5RcTRvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWx1ZGcvZWd0bUMvWkNiaTZMRkNnClhIaXFtL2t3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUlTbHJ2TmVTc3RtVlFLVWp2STF3UlZPb0RMWEJjWDEKelpZOURUNW9WM214QWlBT2JKRThOaldOSUdSZE1FcWpXZXhUd1M5RUlGbGs2eUEwOXNjS0FmRUNXUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
|
||||||
server: https://jefke.hyp:6443
|
|
||||||
name: default
|
|
||||||
contexts:
|
|
||||||
- context:
|
|
||||||
cluster: default
|
|
||||||
user: pim
|
|
||||||
name: default
|
|
||||||
current-context: default
|
|
||||||
kind: Config
|
|
||||||
preferences: {}
|
|
||||||
users:
|
|
||||||
- name: pim
|
|
||||||
user:
|
|
||||||
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJWVENCL0tBREFnRUNBaEFWemhyQ3QwZzFQMWJXZW1IUGx2SUZNQW9HQ0NxR1NNNDlCQU1DTUNNeElUQWYKQmdOVkJBTU1HR3N6Y3kxamJHbGxiblF0WTJGQU1UY3dNalUzTkRJMU9UQWVGdzB5TXpFeU1UUXhPVEl3TURCYQpGdzB5TkRFeU1UTXhPVEl3TURCYU1BNHhEREFLQmdOVkJBTVRBM0JwYlRBcU1BVUdBeXRsY0FNaEFDYWxxaUdFCjdvcVo0SFNvLy95RGhqZXJrVVA5WWg4QXdFbHFnMXI4NGpvbG8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXcKRXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTZQpkenA2TzVhajU4NGtML2FJM0pvTHhkOUtQakFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUF3eDJISGNOcVd4bkhyCmkvRVg2SmJRVlRZYThmTzhpYTdMOXRYWS84OXlQQUloQVBSanlmMU0waWtCZU95VUVUODVLS1dNaDFhbWRNZVUKSUFBZTM2WDVUSVRDCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
|
||||||
client-key: k3s-pim-privkey
|
|
|
@ -1,17 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIICrzCCAZcCFApupXAa2tPytpi3av47+az0Ggb4MA0GCSqGSIb3DQEBCwUAMBQx
|
|
||||||
EjAQBgNVBAMMCWplZmtlLmh5cDAeFw0yMzExMjQyMjAzMjhaFw0yNDExMjMyMjAz
|
|
||||||
MjhaMBQxEjAQBgNVBAMMCXRlcnJhZm9ybTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
|
||||||
ADCCAQoCggEBALeJ/fYUCmwislUw4XcCxivCUuWuUWI+t/nke9/hWEWTmDG4Z7/a
|
|
||||||
IAKqsGk0zNATQViAXmYZwdYK70AKQhxat3OJcuZarsurOXVjVJdT4Wr5SxHGHjd0
|
|
||||||
bwd8JzFZPIfgYCILCISFjCIfpD58kBq2bkvI4rpn4tb2iPunXp0+S8iHDMB5wAOb
|
|
||||||
FgT0muuz9ua4R76nq79O9wLbAVf38CDR9bMGcPcKknz0sl37jr7A/pDvQzpFWO33
|
|
||||||
eJb64b7Qe4CHslWFj1tdEkXaMpMNWHhc2TmtLtlt6a+RY1R9KdX5x0lQTyJnEwJZ
|
|
||||||
8YTKnlMoNvkfBznuARFmNNmUYPoHE6WgonMCAwEAATANBgkqhkiG9w0BAQsFAAOC
|
|
||||||
AQEAaH1HVPThhAkrXE4Zmh49D1zvq5uy6moV326/ovnPQfco2jYBYO5mYxBF32mx
|
|
||||||
ShEanbJJKkFjWkQHmsWt7nrkeloz6q8sD19nLyyWmMj0Pd6wcLv017Zdo902fh27
|
|
||||||
Rl8qZS44vEc+N/5gc2eINMfXm/JOdXYntOVpFO/I+6b9Q2iWFX3YUAXiIDiEYBvS
|
|
||||||
BBqyXC2nVg6Lp1KVg+EaYW27sj8b5HHXnpEGdXduVmOWttdaQVjYslqmH7mUKi9f
|
|
||||||
2U9FicMvw6KvkRki+SLKeZr2yIP1QQOnWg0BPbeCpMfdMSu/AtLkAtugZeT8p1Ko
|
|
||||||
3hMMyKKzyyhiwpzvk21QFNZ5LA==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,67 +0,0 @@
|
||||||
Certificate:
|
|
||||||
Data:
|
|
||||||
Version: 1 (0x0)
|
|
||||||
Serial Number:
|
|
||||||
ef:2f:4d:d4:26:7e:33:1b
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
Issuer: CN=jefke.hyp
|
|
||||||
Validity
|
|
||||||
Not Before: Nov 22 19:12:03 2023 GMT
|
|
||||||
Not After : Oct 29 19:12:03 2123 GMT
|
|
||||||
Subject: CN=jefke.hyp
|
|
||||||
Subject Public Key Info:
|
|
||||||
Public Key Algorithm: rsaEncryption
|
|
||||||
RSA Public-Key: (2048 bit)
|
|
||||||
Modulus:
|
|
||||||
00:c7:ab:eb:9c:d0:7f:4f:f1:ba:65:0a:8b:07:7b:
|
|
||||||
2e:5b:f0:26:82:33:c9:73:e6:91:cc:11:94:05:1c:
|
|
||||||
8d:67:29:cb:5e:67:35:02:80:54:af:99:4b:aa:ce:
|
|
||||||
e8:56:62:be:63:cb:b2:4a:b0:a9:28:12:e2:77:50:
|
|
||||||
7d:d5:d2:3b:48:d8:32:59:25:26:ff:a6:5c:f6:eb:
|
|
||||||
ae:5b:3d:7a:14:10:ba:90:9c:6f:1f:b9:d8:99:0e:
|
|
||||||
b7:09:5e:62:69:c4:c0:c6:27:b0:d3:60:0d:47:4c:
|
|
||||||
a5:11:53:f2:f1:4a:f9:a6:bc:d6:a3:35:a2:e8:e5:
|
|
||||||
a9:d1:60:e8:e5:18:ce:d2:60:80:4e:dc:48:ae:7f:
|
|
||||||
b7:ea:76:51:28:39:a4:b0:95:82:95:93:98:b2:9f:
|
|
||||||
23:c9:81:69:59:a3:e4:f7:5a:1c:01:31:96:c1:4b:
|
|
||||||
59:21:f8:a2:e6:9e:21:78:0e:6b:c1:68:c7:5c:16:
|
|
||||||
9a:06:54:df:b6:77:1d:2d:89:d0:c8:9e:db:b5:d4:
|
|
||||||
8c:fb:b9:4f:b7:6e:39:5f:39:8e:48:73:76:7d:46:
|
|
||||||
6e:1f:8d:14:cb:40:b5:ff:c6:f0:c0:44:3c:ed:52:
|
|
||||||
3f:4f:7b:69:63:93:c6:41:e6:5e:ed:33:50:20:46:
|
|
||||||
db:93:bf:e8:52:51:95:f1:81:73:58:da:67:21:7b:
|
|
||||||
12:bd
|
|
||||||
Exponent: 65537 (0x10001)
|
|
||||||
Signature Algorithm: sha256WithRSAEncryption
|
|
||||||
aa:5c:89:41:a6:b7:3d:65:87:ca:50:c4:f3:58:aa:d3:b4:55:
|
|
||||||
b1:a7:8d:18:26:17:e5:8a:21:24:a1:49:53:77:31:5b:55:63:
|
|
||||||
be:01:d8:fe:b7:06:7c:da:07:1f:94:6a:de:96:ad:ca:3b:20:
|
|
||||||
2a:e1:35:90:19:83:6d:37:d1:15:12:de:3c:0e:46:be:66:a1:
|
|
||||||
6a:1d:ec:72:dc:46:79:69:e4:af:77:c8:ff:cd:d6:7d:16:88:
|
|
||||||
ab:44:fd:70:fc:40:47:ff:43:95:11:5a:9a:56:0c:d2:dd:7c:
|
|
||||||
3b:87:aa:10:26:fa:25:a3:a0:43:8a:1b:ec:54:11:7e:65:67:
|
|
||||||
d2:06:e1:3e:3b:e1:0e:b0:80:ef:4b:35:3f:fc:34:1d:95:2e:
|
|
||||||
ee:c1:67:38:da:b3:74:86:4b:95:8c:0c:1d:51:28:c1:42:e9:
|
|
||||||
77:68:d7:ec:3b:66:30:c6:e5:2a:62:ea:15:fb:24:56:cf:02:
|
|
||||||
d0:25:54:a7:58:15:b5:2a:71:93:56:c0:69:7a:36:18:6c:31:
|
|
||||||
b1:8e:3c:77:d7:77:ac:fc:e1:94:c5:08:bb:35:ac:48:5f:6b:
|
|
||||||
8b:c8:c8:78:f4:a9:ca:4f:9d:51:54:89:97:c9:af:a1:fa:71:
|
|
||||||
df:58:f6:ff:04:7c:c8:1c:95:6b:1a:e3:a7:f6:43:1c:27:94:
|
|
||||||
10:03:ce:ec
|
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIICpjCCAY4CCQDvL03UJn4zGzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlq
|
|
||||||
ZWZrZS5oeXAwIBcNMjMxMTIyMTkxMjAzWhgPMjEyMzEwMjkxOTEyMDNaMBQxEjAQ
|
|
||||||
BgNVBAMMCWplZmtlLmh5cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
|
||||||
AMer65zQf0/xumUKiwd7LlvwJoIzyXPmkcwRlAUcjWcpy15nNQKAVK+ZS6rO6FZi
|
|
||||||
vmPLskqwqSgS4ndQfdXSO0jYMlklJv+mXPbrrls9ehQQupCcbx+52JkOtwleYmnE
|
|
||||||
wMYnsNNgDUdMpRFT8vFK+aa81qM1oujlqdFg6OUYztJggE7cSK5/t+p2USg5pLCV
|
|
||||||
gpWTmLKfI8mBaVmj5PdaHAExlsFLWSH4ouaeIXgOa8Fox1wWmgZU37Z3HS2J0Mie
|
|
||||||
27XUjPu5T7duOV85jkhzdn1Gbh+NFMtAtf/G8MBEPO1SP097aWOTxkHmXu0zUCBG
|
|
||||||
25O/6FJRlfGBc1jaZyF7Er0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqlyJQaa3
|
|
||||||
PWWHylDE81iq07RVsaeNGCYX5YohJKFJU3cxW1VjvgHY/rcGfNoHH5Rq3patyjsg
|
|
||||||
KuE1kBmDbTfRFRLePA5Gvmahah3sctxGeWnkr3fI/83WfRaIq0T9cPxAR/9DlRFa
|
|
||||||
mlYM0t18O4eqECb6JaOgQ4ob7FQRfmVn0gbhPjvhDrCA70s1P/w0HZUu7sFnONqz
|
|
||||||
dIZLlYwMHVEowULpd2jX7DtmMMblKmLqFfskVs8C0CVUp1gVtSpxk1bAaXo2GGwx
|
|
||||||
sY48d9d3rPzhlMUIuzWsSF9ri8jIePSpyk+dUVSJl8mvofpx31j2/wR8yByVaxrj
|
|
||||||
p/ZDHCeUEAPO7A==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,35 +0,0 @@
|
||||||
{ config, lib, ... }: {
|
|
||||||
config = {
|
|
||||||
programs.ssh = {
|
|
||||||
enable = true;
|
|
||||||
extraConfig = "User root";
|
|
||||||
|
|
||||||
matchBlocks = {
|
|
||||||
github = lib.hm.dag.entryBefore [ "*" ] {
|
|
||||||
hostname = "github.com";
|
|
||||||
user = "pizzapim";
|
|
||||||
identitiesOnly = true;
|
|
||||||
};
|
|
||||||
lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.hyp"; };
|
|
||||||
atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.hyp"; };
|
|
||||||
jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.hyp"; };
|
|
||||||
hermes = lib.hm.dag.entryBefore [ "*" ] { hostname = "hermes.dmz"; };
|
|
||||||
maestro = lib.hm.dag.entryBefore [ "*" ] { hostname = "maestro.dmz"; };
|
|
||||||
bancomart =
|
|
||||||
lib.hm.dag.entryBefore [ "*" ] { hostname = "bancomart.dmz"; };
|
|
||||||
handjecontantje =
|
|
||||||
lib.hm.dag.entryBefore [ "*" ] { hostname = "handjecontantje.dmz"; };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
homeage.file."sue_ed25519" = {
|
|
||||||
source = ../../secrets/sue_ed25519.age;
|
|
||||||
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
homeage.file."sue_azure_rsa" = {
|
|
||||||
source = ../../secrets/sue_azure_rsa.age;
|
|
||||||
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,17 +0,0 @@
|
||||||
{ config, ... }: {
|
|
||||||
config = {
|
|
||||||
services.syncthing.enable = true;
|
|
||||||
xdg.configFile."syncthing/config.xml".source = ./syncthing.xml;
|
|
||||||
xdg.userDirs.music = "${config.home.homeDirectory}/sync/Music";
|
|
||||||
|
|
||||||
homeage.file."syncthing-key.pem" = {
|
|
||||||
source = ../../secrets/syncthing-key.pem.age;
|
|
||||||
symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
homeage.file."syncthing-cert.pem" = {
|
|
||||||
source = ../../secrets/syncthing-cert.pem.age;
|
|
||||||
symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,175 +0,0 @@
|
||||||
<configuration version="37">
|
|
||||||
<folder id="nncij-isaoe" label="Nextcloud" path="/home/pim/sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
|
|
||||||
<filesystemType>basic</filesystemType>
|
|
||||||
<device id="IGS4TYV-TQ6X2CG-OE3M2RE-DKZWKQZ-HEKIGHT-C6EIGHL-CBP2ULE-M3WZ7QC" introducedBy="">
|
|
||||||
<encryptionPassword></encryptionPassword>
|
|
||||||
</device>
|
|
||||||
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" introducedBy="">
|
|
||||||
<encryptionPassword></encryptionPassword>
|
|
||||||
</device>
|
|
||||||
<minDiskFree unit="%">1</minDiskFree>
|
|
||||||
<versioning>
|
|
||||||
<cleanupIntervalS>3600</cleanupIntervalS>
|
|
||||||
<fsPath></fsPath>
|
|
||||||
<fsType>basic</fsType>
|
|
||||||
</versioning>
|
|
||||||
<copiers>0</copiers>
|
|
||||||
<pullerMaxPendingKiB>0</pullerMaxPendingKiB>
|
|
||||||
<hashers>0</hashers>
|
|
||||||
<order>random</order>
|
|
||||||
<ignoreDelete>false</ignoreDelete>
|
|
||||||
<scanProgressIntervalS>0</scanProgressIntervalS>
|
|
||||||
<pullerPauseS>0</pullerPauseS>
|
|
||||||
<maxConflicts>10</maxConflicts>
|
|
||||||
<disableSparseFiles>false</disableSparseFiles>
|
|
||||||
<disableTempIndexes>false</disableTempIndexes>
|
|
||||||
<paused>false</paused>
|
|
||||||
<weakHashThresholdPct>25</weakHashThresholdPct>
|
|
||||||
<markerName>.stfolder</markerName>
|
|
||||||
<copyOwnershipFromParent>false</copyOwnershipFromParent>
|
|
||||||
<modTimeWindowS>0</modTimeWindowS>
|
|
||||||
<maxConcurrentWrites>2</maxConcurrentWrites>
|
|
||||||
<disableFsync>false</disableFsync>
|
|
||||||
<blockPullOrder>standard</blockPullOrder>
|
|
||||||
<copyRangeMethod>standard</copyRangeMethod>
|
|
||||||
<caseSensitiveFS>false</caseSensitiveFS>
|
|
||||||
<junctionsAsDirs>false</junctionsAsDirs>
|
|
||||||
<syncOwnership>false</syncOwnership>
|
|
||||||
<sendOwnership>false</sendOwnership>
|
|
||||||
<syncXattrs>false</syncXattrs>
|
|
||||||
<sendXattrs>false</sendXattrs>
|
|
||||||
<xattrFilter>
|
|
||||||
<maxSingleEntrySize>1024</maxSingleEntrySize>
|
|
||||||
<maxTotalSize>4096</maxTotalSize>
|
|
||||||
</xattrFilter>
|
|
||||||
</folder>
|
|
||||||
<device id="IGS4TYV-TQ6X2CG-OE3M2RE-DKZWKQZ-HEKIGHT-C6EIGHL-CBP2ULE-M3WZ7QC" name="Home" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
|
|
||||||
<address>dynamic</address>
|
|
||||||
<paused>false</paused>
|
|
||||||
<autoAcceptFolders>false</autoAcceptFolders>
|
|
||||||
<maxSendKbps>0</maxSendKbps>
|
|
||||||
<maxRecvKbps>0</maxRecvKbps>
|
|
||||||
<maxRequestKiB>0</maxRequestKiB>
|
|
||||||
<untrusted>false</untrusted>
|
|
||||||
<remoteGUIPort>0</remoteGUIPort>
|
|
||||||
</device>
|
|
||||||
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" name="x260" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
|
|
||||||
<address>dynamic</address>
|
|
||||||
<paused>false</paused>
|
|
||||||
<autoAcceptFolders>false</autoAcceptFolders>
|
|
||||||
<maxSendKbps>0</maxSendKbps>
|
|
||||||
<maxRecvKbps>0</maxRecvKbps>
|
|
||||||
<maxRequestKiB>0</maxRequestKiB>
|
|
||||||
<untrusted>false</untrusted>
|
|
||||||
<remoteGUIPort>0</remoteGUIPort>
|
|
||||||
</device>
|
|
||||||
<gui enabled="true" tls="false" debugging="false">
|
|
||||||
<address>127.0.0.1:8384</address>
|
|
||||||
<apikey></apikey>
|
|
||||||
<theme>default</theme>
|
|
||||||
</gui>
|
|
||||||
<ldap></ldap>
|
|
||||||
<options>
|
|
||||||
<listenAddress>default</listenAddress>
|
|
||||||
<globalAnnounceServer>default</globalAnnounceServer>
|
|
||||||
<globalAnnounceEnabled>true</globalAnnounceEnabled>
|
|
||||||
<localAnnounceEnabled>true</localAnnounceEnabled>
|
|
||||||
<localAnnouncePort>21027</localAnnouncePort>
|
|
||||||
<localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
|
|
||||||
<maxSendKbps>0</maxSendKbps>
|
|
||||||
<maxRecvKbps>0</maxRecvKbps>
|
|
||||||
<reconnectionIntervalS>60</reconnectionIntervalS>
|
|
||||||
<relaysEnabled>true</relaysEnabled>
|
|
||||||
<relayReconnectIntervalM>10</relayReconnectIntervalM>
|
|
||||||
<startBrowser>true</startBrowser>
|
|
||||||
<natEnabled>true</natEnabled>
|
|
||||||
<natLeaseMinutes>60</natLeaseMinutes>
|
|
||||||
<natRenewalMinutes>30</natRenewalMinutes>
|
|
||||||
<natTimeoutSeconds>10</natTimeoutSeconds>
|
|
||||||
<urAccepted>-1</urAccepted>
|
|
||||||
<urSeen>3</urSeen>
|
|
||||||
<urUniqueID></urUniqueID>
|
|
||||||
<urURL>https://data.syncthing.net/newdata</urURL>
|
|
||||||
<urPostInsecurely>false</urPostInsecurely>
|
|
||||||
<urInitialDelayS>1800</urInitialDelayS>
|
|
||||||
<autoUpgradeIntervalH>12</autoUpgradeIntervalH>
|
|
||||||
<upgradeToPreReleases>false</upgradeToPreReleases>
|
|
||||||
<keepTemporariesH>24</keepTemporariesH>
|
|
||||||
<cacheIgnoredFiles>false</cacheIgnoredFiles>
|
|
||||||
<progressUpdateIntervalS>5</progressUpdateIntervalS>
|
|
||||||
<limitBandwidthInLan>false</limitBandwidthInLan>
|
|
||||||
<minHomeDiskFree unit="%">1</minHomeDiskFree>
|
|
||||||
<releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
|
|
||||||
<overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
|
|
||||||
<tempIndexMinBlocks>10</tempIndexMinBlocks>
|
|
||||||
<trafficClass>0</trafficClass>
|
|
||||||
<setLowPriority>true</setLowPriority>
|
|
||||||
<maxFolderConcurrency>0</maxFolderConcurrency>
|
|
||||||
<crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
|
|
||||||
<crashReportingEnabled>true</crashReportingEnabled>
|
|
||||||
<stunKeepaliveStartS>180</stunKeepaliveStartS>
|
|
||||||
<stunKeepaliveMinS>20</stunKeepaliveMinS>
|
|
||||||
<stunServer>default</stunServer>
|
|
||||||
<databaseTuning>auto</databaseTuning>
|
|
||||||
<maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
|
|
||||||
<announceLANAddresses>true</announceLANAddresses>
|
|
||||||
<sendFullIndexOnUpgrade>false</sendFullIndexOnUpgrade>
|
|
||||||
<connectionLimitEnough>0</connectionLimitEnough>
|
|
||||||
<connectionLimitMax>0</connectionLimitMax>
|
|
||||||
<insecureAllowOldTLSVersions>false</insecureAllowOldTLSVersions>
|
|
||||||
</options>
|
|
||||||
<defaults>
|
|
||||||
<folder id="" label="" path="~" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
|
|
||||||
<filesystemType>basic</filesystemType>
|
|
||||||
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" introducedBy="">
|
|
||||||
<encryptionPassword></encryptionPassword>
|
|
||||||
</device>
|
|
||||||
<minDiskFree unit="%">1</minDiskFree>
|
|
||||||
<versioning>
|
|
||||||
<cleanupIntervalS>3600</cleanupIntervalS>
|
|
||||||
<fsPath></fsPath>
|
|
||||||
<fsType>basic</fsType>
|
|
||||||
</versioning>
|
|
||||||
<copiers>0</copiers>
|
|
||||||
<pullerMaxPendingKiB>0</pullerMaxPendingKiB>
|
|
||||||
<hashers>0</hashers>
|
|
||||||
<order>random</order>
|
|
||||||
<ignoreDelete>false</ignoreDelete>
|
|
||||||
<scanProgressIntervalS>0</scanProgressIntervalS>
|
|
||||||
<pullerPauseS>0</pullerPauseS>
|
|
||||||
<maxConflicts>10</maxConflicts>
|
|
||||||
<disableSparseFiles>false</disableSparseFiles>
|
|
||||||
<disableTempIndexes>false</disableTempIndexes>
|
|
||||||
<paused>false</paused>
|
|
||||||
<weakHashThresholdPct>25</weakHashThresholdPct>
|
|
||||||
<markerName>.stfolder</markerName>
|
|
||||||
<copyOwnershipFromParent>false</copyOwnershipFromParent>
|
|
||||||
<modTimeWindowS>0</modTimeWindowS>
|
|
||||||
<maxConcurrentWrites>2</maxConcurrentWrites>
|
|
||||||
<disableFsync>false</disableFsync>
|
|
||||||
<blockPullOrder>standard</blockPullOrder>
|
|
||||||
<copyRangeMethod>standard</copyRangeMethod>
|
|
||||||
<caseSensitiveFS>false</caseSensitiveFS>
|
|
||||||
<junctionsAsDirs>false</junctionsAsDirs>
|
|
||||||
<syncOwnership>false</syncOwnership>
|
|
||||||
<sendOwnership>false</sendOwnership>
|
|
||||||
<syncXattrs>false</syncXattrs>
|
|
||||||
<sendXattrs>false</sendXattrs>
|
|
||||||
<xattrFilter>
|
|
||||||
<maxSingleEntrySize>1024</maxSingleEntrySize>
|
|
||||||
<maxTotalSize>4096</maxTotalSize>
|
|
||||||
</xattrFilter>
|
|
||||||
</folder>
|
|
||||||
<device id="" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
|
|
||||||
<address>dynamic</address>
|
|
||||||
<paused>false</paused>
|
|
||||||
<autoAcceptFolders>false</autoAcceptFolders>
|
|
||||||
<maxSendKbps>0</maxSendKbps>
|
|
||||||
<maxRecvKbps>0</maxRecvKbps>
|
|
||||||
<maxRequestKiB>0</maxRequestKiB>
|
|
||||||
<untrusted>false</untrusted>
|
|
||||||
<remoteGUIPort>0</remoteGUIPort>
|
|
||||||
</device>
|
|
||||||
<ignores></ignores>
|
|
||||||
</defaults>
|
|
||||||
</configuration>
|
|
|
@ -1,8 +0,0 @@
|
||||||
{
|
|
||||||
config = {
|
|
||||||
programs.thunderbird = {
|
|
||||||
enable = true;
|
|
||||||
profiles.default = { isDefault = true; };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
357
home.nix
Normal file
|
@ -0,0 +1,357 @@
|
||||||
|
{ pkgs, lib, config, flake, inputs, ... }: {
|
||||||
|
imports = [
|
||||||
|
./modules/home-manager/neovim
|
||||||
|
./modules/home-manager/firefox
|
||||||
|
inputs.sops-nix.homeManagerModules.sops
|
||||||
|
];
|
||||||
|
|
||||||
|
xsession.enable = true;
|
||||||
|
services.syncthing.enable = true;
|
||||||
|
|
||||||
|
xdg = {
|
||||||
|
userDirs.enable = true;
|
||||||
|
|
||||||
|
mimeApps = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
defaultApplications =
|
||||||
|
let
|
||||||
|
applications = {
|
||||||
|
telegram = {
|
||||||
|
mimeApp = "org.telegram.desktop.desktop";
|
||||||
|
mimeTypes = [ "x-scheme-handler/tg" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
librewolf = {
|
||||||
|
mimeApp = "librewolf.desktop";
|
||||||
|
|
||||||
|
mimeTypes = [
|
||||||
|
"x-scheme-handler/http"
|
||||||
|
"text/html"
|
||||||
|
"application/xhtml+xml"
|
||||||
|
"x-scheme-handler/https"
|
||||||
|
"application/pdf"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
gnomeTextEditor = {
|
||||||
|
mimeApp = "org.gnome.TextEditor.desktop";
|
||||||
|
mimeTypes = [ "text/plain" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
thunderbird = {
|
||||||
|
mimeApp = "thunderbird.desktop";
|
||||||
|
mimeTypes = [ "x-scheme-handler/mailto" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
loupe = {
|
||||||
|
mimeApp = "org.gnome.Loupe.desktop";
|
||||||
|
mimeTypes = [
|
||||||
|
"image/jpeg"
|
||||||
|
"image/png"
|
||||||
|
"image/gif"
|
||||||
|
"image/webp"
|
||||||
|
"image/tiff"
|
||||||
|
"image/x-tga"
|
||||||
|
"image/vnd-ms.dds"
|
||||||
|
"image/x-dds"
|
||||||
|
"image/bmp"
|
||||||
|
"image/vnd.microsoft.icon"
|
||||||
|
"image/vnd.radiance"
|
||||||
|
"image/x-exr"
|
||||||
|
"image/x-portable-bitmap"
|
||||||
|
"image/x-portable-graymap"
|
||||||
|
"image/x-portable-pixmap"
|
||||||
|
"image/x-portable-anymap"
|
||||||
|
"image/x-qoi"
|
||||||
|
"image/svg+xml"
|
||||||
|
"image/svg+xml-compressed"
|
||||||
|
"image/avif"
|
||||||
|
"image/heic"
|
||||||
|
"image/jxl"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
mimeTypesForApp = { mimeApp, mimeTypes }: map
|
||||||
|
(
|
||||||
|
mimeType: { "${mimeType}" = mimeApp; }
|
||||||
|
)
|
||||||
|
mimeTypes;
|
||||||
|
in
|
||||||
|
lib.zipAttrs (lib.flatten (map mimeTypesForApp (builtins.attrValues applications)));
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
home = {
|
||||||
|
username = "pim";
|
||||||
|
homeDirectory = "/home/pim";
|
||||||
|
stateVersion = "23.05";
|
||||||
|
|
||||||
|
packages = (with pkgs; [
|
||||||
|
gnome.gnome-tweaks
|
||||||
|
jellyfin-media-player
|
||||||
|
virt-manager
|
||||||
|
]) ++ (with pkgs.unstable; [
|
||||||
|
attic-client
|
||||||
|
dbeaver-bin
|
||||||
|
devenv
|
||||||
|
bottles-unwrapped
|
||||||
|
gimp
|
||||||
|
hexchat
|
||||||
|
impression
|
||||||
|
insomnia
|
||||||
|
keepassxc
|
||||||
|
krita
|
||||||
|
libreoffice
|
||||||
|
# logseq # Has insecure electron dependency
|
||||||
|
moonlight-qt
|
||||||
|
nicotine-plus
|
||||||
|
qFlipper
|
||||||
|
signal-desktop
|
||||||
|
strawberry
|
||||||
|
telegram-desktop
|
||||||
|
vlc
|
||||||
|
vorta
|
||||||
|
wireshark
|
||||||
|
# nheko # Has insecure olm dependency
|
||||||
|
handbrake
|
||||||
|
feishin
|
||||||
|
]);
|
||||||
|
};
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
home-manager.enable = true;
|
||||||
|
chromium.enable = true;
|
||||||
|
bat.enable = true;
|
||||||
|
|
||||||
|
fzf = {
|
||||||
|
enable = true;
|
||||||
|
enableZshIntegration = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
alacritty = {
|
||||||
|
enable = true;
|
||||||
|
settings.shell = {
|
||||||
|
program = lib.getExe config.programs.tmux.package;
|
||||||
|
args = [ "attach" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
thunderbird = {
|
||||||
|
enable = true;
|
||||||
|
profiles.default.isDefault = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
direnv = {
|
||||||
|
enable = true;
|
||||||
|
enableBashIntegration = true;
|
||||||
|
nix-direnv.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
atuin = {
|
||||||
|
enable = true;
|
||||||
|
flags = [ "--disable-up-arrow" ];
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
auto_sync = true;
|
||||||
|
sync_frequency = "5m";
|
||||||
|
sync_address = "https://atuin.kun.is";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
zsh = {
|
||||||
|
enable = true;
|
||||||
|
autocd = true;
|
||||||
|
autosuggestion.enable = true;
|
||||||
|
|
||||||
|
prezto = {
|
||||||
|
enable = true;
|
||||||
|
utility.safeOps = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
shellAliases =
|
||||||
|
let
|
||||||
|
gitExe = lib.getExe config.programs.git.package;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
htop = lib.getExe pkgs.btop;
|
||||||
|
gp = "${gitExe} push";
|
||||||
|
gco = "${gitExe} checkout";
|
||||||
|
gd = "${gitExe} diff";
|
||||||
|
gc = "${gitExe} commit";
|
||||||
|
gpl = "${gitExe} pull";
|
||||||
|
gb = "${gitExe} branch";
|
||||||
|
ga = "${gitExe} add";
|
||||||
|
gl = "${gitExe} log";
|
||||||
|
gs = "${gitExe} status";
|
||||||
|
tf = lib.getExe pkgs.opentofu;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
tmux = {
|
||||||
|
enable = true;
|
||||||
|
shell = lib.getExe config.programs.zsh.package;
|
||||||
|
shortcut = "a";
|
||||||
|
clock24 = true;
|
||||||
|
newSession = true;
|
||||||
|
mouse = true;
|
||||||
|
escapeTime = 10;
|
||||||
|
terminal = "screen-256color";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
unbind _
|
||||||
|
bind _ split-window -h
|
||||||
|
unbind -
|
||||||
|
bind - split-window -v
|
||||||
|
unbind h
|
||||||
|
bind h select-pane -L
|
||||||
|
unbind j
|
||||||
|
bind j select-pane -D
|
||||||
|
unbind k
|
||||||
|
bind k select-pane -U
|
||||||
|
unbind l
|
||||||
|
bind l select-pane -R
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
extraConfig = "User root";
|
||||||
|
|
||||||
|
matchBlocks.github = lib.hm.dag.entryBefore [ "*" ] {
|
||||||
|
hostname = "github.com";
|
||||||
|
user = "pizzapim";
|
||||||
|
identitiesOnly = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
git = {
|
||||||
|
enable = true;
|
||||||
|
userName = "Pim Kunis";
|
||||||
|
userEmail = "pim@kunis.nl";
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
push.autoSetupRemote = true;
|
||||||
|
commit.verbose = true;
|
||||||
|
pull.rebase = true;
|
||||||
|
init.defaultBranch = "master";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Currently, it is not possible to have Home Manager manage Liberwolf extensions.
|
||||||
|
# There is a draft PR which addresses this:
|
||||||
|
# https://github.com/nix-community/home-manager/pull/3339
|
||||||
|
# The extensions I currently use are:
|
||||||
|
# - ublock-origin (already installed by librewolf)
|
||||||
|
# - cookie-autodelete
|
||||||
|
# - clearurls
|
||||||
|
# - istilldontcareaboutcookies
|
||||||
|
# - keepassxc-browser
|
||||||
|
# - redirector
|
||||||
|
# - violentmonkey
|
||||||
|
# - boring-rss
|
||||||
|
# - kagi-search
|
||||||
|
# - refined-github
|
||||||
|
librewolf = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
"identity.fxaccounts.enabled" = true;
|
||||||
|
"privacy.clearOnShutdown.history" = false;
|
||||||
|
"privacy.clearOnShutdown.downloads" = false;
|
||||||
|
"browser.translations.automaticallyPopup" = false;
|
||||||
|
"browser.aboutConfig.showWarning" = false;
|
||||||
|
"privacy.clearOnShutdown.cookies" = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
dconf.settings = with lib.hm.gvariant; {
|
||||||
|
"org/gnome/desktop/sound".allow-volume-above-100-percent = true;
|
||||||
|
"org/gnome/desktop/wm.preferences".num-workspaces = 4;
|
||||||
|
"org/gnome/mutter".edge-tiling = true;
|
||||||
|
|
||||||
|
"org/gnome/shell" = {
|
||||||
|
disable-extension-version-validation = true;
|
||||||
|
|
||||||
|
enabled-extensions = [
|
||||||
|
"workspace-indicator@gnome-shell-extensions.gcampax.github.com"
|
||||||
|
"pop-shell@system76.com"
|
||||||
|
"windowIsReady_Remover@nunofarruca@gmail.com"
|
||||||
|
"randomwallpaper@iflow.space"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"org/gnome/desktop/input-sources" = {
|
||||||
|
sources = [ (mkTuple [ "xkb" "us" ]) ];
|
||||||
|
xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
"org/gnome/shell/extensions/pop-shell" = {
|
||||||
|
active-hint = true;
|
||||||
|
fullscreen-launcher = false;
|
||||||
|
mouse-cursor-focus-location = mkUint32 4;
|
||||||
|
mouse-cursor-follows-active-window = true;
|
||||||
|
show-skip-taskbar = false;
|
||||||
|
show-title = true;
|
||||||
|
smart-gaps = false;
|
||||||
|
snap-to-grid = false;
|
||||||
|
stacking-with-mouse = true;
|
||||||
|
tile-by-default = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
|
||||||
|
binding = "<Super>t";
|
||||||
|
command = lib.getExe config.programs.alacritty.package;
|
||||||
|
name = "Terminal";
|
||||||
|
};
|
||||||
|
|
||||||
|
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
|
||||||
|
binding = "<Super>e";
|
||||||
|
command = "${lib.getExe config.programs.librewolf.package} --browser";
|
||||||
|
name = "Browser";
|
||||||
|
};
|
||||||
|
|
||||||
|
"org/gnome/desktop/wm/keybindings" = {
|
||||||
|
close = [ "<Shift><Super>q" ];
|
||||||
|
minimize = mkEmptyArray type.string;
|
||||||
|
move-to-workspace-1 = [ "<Shift><Super>1" ];
|
||||||
|
move-to-workspace-2 = [ "<Shift><Super>2" ];
|
||||||
|
move-to-workspace-3 = [ "<Shift><Super>3" ];
|
||||||
|
move-to-workspace-4 = [ "<Shift><Super>4" ];
|
||||||
|
switch-applications = mkEmptyArray type.string;
|
||||||
|
switch-applications-backward = mkEmptyArray type.string;
|
||||||
|
switch-to-workspace-1 = [ "<Super>1" ];
|
||||||
|
switch-to-workspace-2 = [ "<Super>2" ];
|
||||||
|
switch-to-workspace-3 = [ "<Super>3" ];
|
||||||
|
switch-to-workspace-4 = [ "<Super>4" ];
|
||||||
|
toggle-fullscreen = [ "<Super>f" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
"org/gnome/shell/extensions/space-iflow-randomwallpaper" = {
|
||||||
|
auto-fetch = true;
|
||||||
|
change-type = 2;
|
||||||
|
hide-panel-icon = true;
|
||||||
|
history-length = 1;
|
||||||
|
hours = 0;
|
||||||
|
minutes = 30;
|
||||||
|
sources = [ "42" ];
|
||||||
|
fetch-on-startup = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4;
|
||||||
|
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${flake}/wallpapers";
|
||||||
|
};
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
||||||
|
defaultSopsFile = ./secrets/pim.yaml;
|
||||||
|
|
||||||
|
secrets = {
|
||||||
|
"keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
|
||||||
|
"syncthing/key".path = "${config.xdg.configHome}/syncthing/key.pem";
|
||||||
|
"syncthing/cert".path = "${config.xdg.configHome}/syncthing/cert.pem";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
11
modules/home-manager/firefox/addons.nix
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
pkgs: lib:
|
||||||
|
let
|
||||||
|
rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
|
||||||
|
custom-addons = import ./custom-addons.nix pkgs lib;
|
||||||
|
in
|
||||||
|
with rycee-addons; [
|
||||||
|
ublock-origin
|
||||||
|
istilldontcareaboutcookies
|
||||||
|
keepassxc-browser
|
||||||
|
custom-addons.simple-style-fox-2
|
||||||
|
]
|
32
modules/home-manager/firefox/default.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
firefoxAddons = import ./addons.nix pkgs lib;
|
||||||
|
firefoxSettings = {
|
||||||
|
"browser.aboutConfig.showWarning" = false;
|
||||||
|
"browser.toolbars.bookmarks.visibility" = "always";
|
||||||
|
"browser.tabs.firefox-view" = false;
|
||||||
|
"browser.shell.checkDefaultBrowser" = false;
|
||||||
|
"browser.translations.automaticallyPopup" = false;
|
||||||
|
"signon.rememberSignons" = false;
|
||||||
|
"media.webspeech.synth.dont_notify_on_error" = true;
|
||||||
|
"browser.gesture.swipe.left" = false;
|
||||||
|
"browser.gesture.swipe.right" = false;
|
||||||
|
"browser.newtabpage.activity-stream.showSponsored" = false;
|
||||||
|
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = {
|
||||||
|
programs.firefox = {
|
||||||
|
enable = true;
|
||||||
|
profiles = {
|
||||||
|
default = {
|
||||||
|
id = 0;
|
||||||
|
isDefault = true;
|
||||||
|
settings = firefoxSettings;
|
||||||
|
extensions = firefoxAddons;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -11,10 +11,9 @@
|
||||||
extraPackages = with pkgs; [
|
extraPackages = with pkgs; [
|
||||||
nil
|
nil
|
||||||
nodePackages.pyright
|
nodePackages.pyright
|
||||||
neofetch
|
|
||||||
gopls
|
gopls
|
||||||
terraform-ls
|
terraform-ls
|
||||||
nixfmt
|
nixfmt-classic
|
||||||
stylua
|
stylua
|
||||||
black
|
black
|
||||||
nixpkgs-fmt
|
nixpkgs-fmt
|
||||||
|
@ -71,7 +70,7 @@
|
||||||
nvim-web-devicons
|
nvim-web-devicons
|
||||||
lsp-format-nvim
|
lsp-format-nvim
|
||||||
{
|
{
|
||||||
plugin = pkgs.unstable.vimPlugins.none-ls-nvim;
|
plugin = pkgs.vimPlugins.none-ls-nvim;
|
||||||
type = "lua";
|
type = "lua";
|
||||||
config = builtins.readFile ./none-ls.lua;
|
config = builtins.readFile ./none-ls.lua;
|
||||||
}
|
}
|
36
modules/nixos/lanzaboote.nix
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
{ config, lib, inputs, ... }: {
|
||||||
|
imports = [
|
||||||
|
inputs.lanzaboote.nixosModules.lanzaboote
|
||||||
|
];
|
||||||
|
|
||||||
|
options = {
|
||||||
|
pim.lanzaboote.enable = lib.mkEnableOption {
|
||||||
|
description = ''
|
||||||
|
Whether to enable lanzaboote
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf config.pim.lanzaboote.enable {
|
||||||
|
boot = {
|
||||||
|
# generate keys first with: `sudo nix run nixpkgs#sbctl create-keys`
|
||||||
|
# switch from lzb to bootspec by adding following line to the system configuration:
|
||||||
|
# bootspec.enable = true;
|
||||||
|
|
||||||
|
loader = {
|
||||||
|
systemd-boot.enable = lib.mkForce false;
|
||||||
|
# Use lanzaboote instead see below, default is:
|
||||||
|
# systemd-boot.enable = true;
|
||||||
|
|
||||||
|
efi = {
|
||||||
|
canTouchEfiVariables = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
lanzaboote = {
|
||||||
|
enable = true;
|
||||||
|
pkiBundle = "/etc/secureboot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,148 +0,0 @@
|
||||||
{ pkgs, config, lib, ... }: {
|
|
||||||
imports = [ ./hardware-configuration.nix ];
|
|
||||||
|
|
||||||
boot = { loader.systemd-boot.enable = true; };
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Amsterdam";
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
|
||||||
|
|
||||||
services = {
|
|
||||||
gnome.gnome-keyring.enable = lib.mkForce false;
|
|
||||||
|
|
||||||
xserver = {
|
|
||||||
enable = true;
|
|
||||||
displayManager.gdm = { enable = true; };
|
|
||||||
desktopManager.gnome.enable = true;
|
|
||||||
excludePackages = with pkgs; [ xterm ];
|
|
||||||
};
|
|
||||||
|
|
||||||
printing = {
|
|
||||||
enable = true;
|
|
||||||
drivers = [ pkgs.hplip pkgs.gutenprint ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fprintd = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
tod = {
|
|
||||||
enable = true;
|
|
||||||
driver = pkgs.libfprint-2-tod1-vfs0090;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
users = {
|
|
||||||
users.pim = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "wheel" "docker" "input" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment = {
|
|
||||||
systemPackages = with pkgs; [
|
|
||||||
wget
|
|
||||||
curl
|
|
||||||
git
|
|
||||||
btop
|
|
||||||
ripgrep
|
|
||||||
vim
|
|
||||||
dogdns
|
|
||||||
tree
|
|
||||||
dig
|
|
||||||
];
|
|
||||||
gnome.excludePackages = with pkgs; [
|
|
||||||
gnome.totem
|
|
||||||
gnome-tour
|
|
||||||
gnome.epiphany
|
|
||||||
gnome.geary
|
|
||||||
gnome-console
|
|
||||||
gnome.gnome-music
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
system = {
|
|
||||||
stateVersion = "23.05";
|
|
||||||
|
|
||||||
activationScripts.diff = ''
|
|
||||||
if [[ -e /run/current-system ]]; then
|
|
||||||
${pkgs.nix}/bin/nix store diff-closures /run/current-system "$systemConfig"
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.ssh = {
|
|
||||||
startAgent = true;
|
|
||||||
|
|
||||||
knownHosts = {
|
|
||||||
dmz = {
|
|
||||||
hostNames = [ "*.dmz" ];
|
|
||||||
publicKey =
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
|
|
||||||
certAuthority = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
hypervisors = {
|
|
||||||
hostNames = [ "*.hyp" ];
|
|
||||||
publicKey =
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
|
|
||||||
certAuthority = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
security.sudo.extraConfig = ''
|
|
||||||
Defaults timestamp_timeout=30
|
|
||||||
'';
|
|
||||||
|
|
||||||
nix = {
|
|
||||||
package = pkgs.nixFlakes;
|
|
||||||
extraOptions = ''
|
|
||||||
experimental-features = nix-command flakes
|
|
||||||
'';
|
|
||||||
|
|
||||||
gc = {
|
|
||||||
automatic = true;
|
|
||||||
persistent = true;
|
|
||||||
dates = "weekly";
|
|
||||||
options = "--delete-older-than 7d";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
age = {
|
|
||||||
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
|
|
||||||
|
|
||||||
secrets = {
|
|
||||||
wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age;
|
|
||||||
wg-quick-home-preshared-key.file =
|
|
||||||
../secrets/wg-quick-home-preshared-key.age;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
hostName = "x260";
|
|
||||||
|
|
||||||
wg-quick.interfaces.home = {
|
|
||||||
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
|
|
||||||
address = [ "10.225.191.4/24" ];
|
|
||||||
dns = [ "192.168.30.8" ];
|
|
||||||
peers = [{
|
|
||||||
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
|
|
||||||
endpoint = "wg.geokunis2.nl:51820";
|
|
||||||
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
|
||||||
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation.docker = {
|
|
||||||
enable = true;
|
|
||||||
rootless = {
|
|
||||||
enable = true;
|
|
||||||
setSocketVariable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs.config.permittedInsecurePackages = [
|
|
||||||
"electron-25.9.0"
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,41 +0,0 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, modulesPath, ... }: {
|
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules =
|
|
||||||
[ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device =
|
|
||||||
"/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9";
|
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
|
||||||
device = "/dev/disk/by-uuid/87DA-B083";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices =
|
|
||||||
[{ device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa"; }];
|
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
|
||||||
hardware.cpu.intel.updateMicrocode =
|
|
||||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
||||||
}
|
|
|
@ -1,3 +0,0 @@
|
||||||
```bash
|
|
||||||
nix run github:ryantm/agenix# -- -e secret1.age
|
|
||||||
```
|
|
|
@ -1,12 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 LAPUww i6BkkMy9gSSVZ+L+EMYSLakp1qA4yOGbEkLrO4Ddbxs
|
|
||||||
FsoRnCiPsJEKQj+2iJaqn+BbU+bFMAkReRotiV+0WCs
|
|
||||||
-> ssh-ed25519 vBZj5g +6YFp3yYXSEzRMXu7WyURkJk/cA87irnW5FpKRYnGSA
|
|
||||||
dJkMmnxyVEv/S9FmCrRkrYDCh+OwXK+UYno3ncr5nOk
|
|
||||||
-> 6gQa-grease Yt+ucm#U |<d\`t
|
|
||||||
SxpuSh2ee/jDNu7mXcn82fTt6/wy7ksA+W1xHQHiShJGvyyr6dTIPEk0qY1oqIPt
|
|
||||||
HkQNvNYLpMwpAqSTvmcmybps4CoWt0x6GJ0aBPOlYEIuwHnJ5Pkvnf4U9wPuwr6Y
|
|
||||||
zQ
|
|
||||||
--- hHweNMiKEIEw/TwSGhElfRiQYqLtmhwylkMWvfthyGY
|
|
||||||
?×%Ö¿H¹§G¤/Pì#’
|
|
||||||
ÚŠÐÛäF±QÙç„lRÊDcNÖЉ
ç$Hs©ŠTæžø<C5BE>C¹ÊÁÏqVf¤àˆÝkëã•ø<E280A2>ï¡×OŒÞÛµæE•êgißžXŒ§sá”)gO¢.·]·æÐCJcè<63>E^EŸq:<3A>qß&™E™#¾ArĪə€ñì
|
|
24
secrets/pim.yaml
Normal file
|
@ -1,11 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 LAPUww NnvaPUzk3WjwC3nu7T47DXtNqDuysbgAccdF1kWO5yQ
|
|
||||||
XYX2GfZSHrnhoKutbqVxB9zghbl1kZDyOTphUXvt8oQ
|
|
||||||
-> ssh-ed25519 vBZj5g mpi+OE3ST+mP05IKimQrwOZxOaDgeUUoKujOOSXEljQ
|
|
||||||
kwHkJu14Xpqgd4POeuLLcbech+Kh2XSfBed3M1Cu8DA
|
|
||||||
-> =6-grease C`Yq5 Y2 4
|
|
||||||
8sgSLLYCXkFRy0SFfNH0fhb14HonKVpVfkc1rc7sC7bXVXi8FGri/d/AW42G2J9m
|
|
||||||
W/FfhKnGBAOj1cA/wPw4cqCcQKbux78C7BdN6EfrF+ddzF+n98EwtBJ/cjzRky+A
|
|
||||||
FJJY
|
|
||||||
--- sytjLDBFLb2VqtF3LSiSS1Nxb56oNtx2AGzhYCPItW8
|
|
||||||
.ÚËr-Ò†±–åØè/BD$Õ¬F³Ðó¡FÜЙó‰SÅÙ/MœÎËâò ª¸òi/<2F># ‹šÙqžï%u7ÍŸ6ƒör…W ¸öe?…ƒÉ…i,·ÐÑä[ÁY¤9ÙÿÀÁ
|
|
|
@ -1,23 +0,0 @@
|
||||||
let
|
|
||||||
pkgs = import <nixpkgs> { };
|
|
||||||
publicKeysURL =
|
|
||||||
"https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
|
|
||||||
publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
|
|
||||||
publicKeys = pkgs.lib.strings.splitString "\n"
|
|
||||||
(pkgs.lib.strings.fileContents publicKeysFile);
|
|
||||||
in
|
|
||||||
{
|
|
||||||
"wg-quick-home-privkey.age".publicKeys = publicKeys;
|
|
||||||
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
|
|
||||||
"sue_ed25519.age".publicKeys = publicKeys;
|
|
||||||
"sue_azure_rsa.age".publicKeys = publicKeys;
|
|
||||||
"syncthing-key.pem.age".publicKeys = publicKeys;
|
|
||||||
"syncthing-cert.pem.age".publicKeys = publicKeys;
|
|
||||||
"common-pg-tfbackend.age".publicKeys = publicKeys;
|
|
||||||
"ansible-vault-secret.age".publicKeys = publicKeys;
|
|
||||||
"powerdns-api-key.json.age".publicKeys = publicKeys;
|
|
||||||
"keepassxc.ini.age".publicKeys =
|
|
||||||
publicKeys; # Secret agent causes private keys in config file.
|
|
||||||
"postgresql_client.key.age".publicKeys = publicKeys;
|
|
||||||
"k3s-pim-privkey.age".publicKeys = publicKeys;
|
|
||||||
}
|
|
25
secrets/secrets.yaml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
testje: ENC[AES256_GCM,data:kMnaocttth1O6g==,iv:mV9gEMdomVhmOTBUWIFz3o23TBb7DLM2rXI/Tb81bSg=,tag:qj6TlvW5sY6Ek9M0GIqB3A==,type:str]
|
||||||
|
wireguard:
|
||||||
|
home:
|
||||||
|
presharedKey: ENC[AES256_GCM,data:H+oCRsg2ikN9KyVacEFasYmx5XE1zrnjBthkL5OitOXHTr4Ls0zwoF5StXs=,iv:N63wO4TKagbweStqf7wL3YZ0njxDNvrISErPao5wf7o=,tag:67kZcNaCzv3RI41XmA+UFQ==,type:str]
|
||||||
|
privateKey: ENC[AES256_GCM,data:WcPVrLiy2JJvzIh7sUpHMnt1MNx5rw5bI+xGmkitC9nEiNytMG71wmlC4d0=,iv:sl8gZgCzaW10UH0GLycvQVHqBlDVq7BUgoIEl41lc20=,tag:7oLlVjulxuEsW+pS8sZ+Ew==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWL1dlTjFNTXRPd0ppbE1i
|
||||||
|
THlsMzB1K041eUdTemRseGk5dkVwUDk2TFIwCnR1WE9iYXhHWHprZCtlSFExakhs
|
||||||
|
R0FtcEc0VTJ4WFBORFluYTdBTFh1NzAKLS0tIGtrYkVPSEVXV1dnb1J4V1pkQktW
|
||||||
|
VjNXUkpmVmxyNDNsT0ZjQjhOYklEbW8KV86AD+8QE14BZxWb7TVolwlcy1eFKxks
|
||||||
|
rOpqcXBqtUPaBC10IhVV434DGFIZMtRuYEQ4G/sdCsc3qiNxO3Cl4A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-06-15T14:04:18Z"
|
||||||
|
mac: ENC[AES256_GCM,data:6YKdfUk4ltXQ6U7FHs9ehGDUVzfZo1cKnSJMp+zYBEBnhmz7LdCBZycBpJ9syJn4WW1jZ8Bz7+lIxDsXm35AhjI+Mia20BqcWotcCaoHUslK+QV/YRIw8wxP7pvOKNeTa9UMhrcpXBVJxdQvKEBZPWziD4Xk3RGomvGEjB3xXKY=,iv:Tvgo/tlxnNk31C/cqCAKIGRdYEug9DdqeIUdJgQj4yE=,tag:z/tWTyiYmUmc2zVc3mQq0Q==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -1,12 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 LAPUww 0YS+10yTGhQwLKj5SZkyHLAOMHScnEXuW8H1LJSJJl8
|
|
||||||
fYIEukt41D5s417B6EcCj5DP0JCcqDKIzdUqGeNLguQ
|
|
||||||
-> ssh-ed25519 vBZj5g ufNv/vQfhTj203S9NhLoTs3AK3v1MQC73oPLhj7TJQ8
|
|
||||||
/ExO1bN02B6uJoWiVQDqRQ6yMd4o3qR3sUpN9OHEW50
|
|
||||||
-> 9f-grease p
|
|
||||||
6eUQ4dl855OIlCfN61wQ/7n8
|
|
||||||
--- WTuEDM+CWDqaep0MlbCL1QXXzDumVR4WCXhyA3b7zm8
|
|
||||||
Û,”ùQÎófç¥w—‹>Óœ×ÿ¿g7QÂå×Ú¤2*ð<>„ù0.Ž3zy‹•DØ#ö1ö<31>4™¹ÀE$Nw7îqAÊp¹&g;„®
|
|
||||||
¢VÊ\oø_^èW¼<>-WÞ‚(k\¬ÝRµb£{h<*ìèÒçظ¤11gKÏâk<C3A2>U,Ñ$>p®zoÑlÏ5\dSÌ4OOû\¯+yÿúà(–Ä×Çå+»ñëÿçbãj¼Eº)}ì$ÒŽ¬T?»
|
|
||||||
ÿ%;Ž¿QFiçº4ŽJH®Ÿå<C2AD>™6‹AúSâÑÜЉãˆ<C3A3>k˜Z²?ܸ”MY26ËhÊ]e”µ(¤a¤&[‘ͳ°0‡juSóXKúNd>,Ûçv®ÔŠ¬
|
|
||||||
ѳF¾/BnùšgæO©m}~¦‡z™‚i‰Üx£GàÈöb
|
|
|
@ -1,9 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 LAPUww Wlatyvlg6jc+ISAQu1QEA62IUeWnriQJg+ChseMcyFI
|
|
||||||
tRhEc/mkG7FFZO2G5A+0NNCj693Q3dbDhMOBxKmCBjw
|
|
||||||
-> ssh-ed25519 vBZj5g HdeqB71NJkEFgXb0LPefYl+kwQNUYJQAHBEDxKdPqxk
|
|
||||||
6mUCxbBT6PpAf0BwTD6Tv7pDZzWmHxBWw+/IbgLXQZA
|
|
||||||
-> N-grease
|
|
||||||
OKOvPc2zAXju6FzjNzuCZiF9pN2hmmxMMRWxZwXar8MR
|
|
||||||
--- QR9PJv7R2ASeHrsBO7SuZzAB9s5fD0jT/qEFuJx8CNg
|
|
||||||
Š·_AéZñRIWnO†¢'j—̤,ÄØÃ#†ò™ZPjJ©è&Zô˜ôÎÃ…›ÿ°ë…{ÕW…ðÚ˜,°×w›Þˆ %Ó±‰%
|
|
|
@ -1,10 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 LAPUww ST/R4vPro6VMrJgRJqMIYkhaQJ0EV0ss/yX94BAxSWE
|
|
||||||
VIWQpIuuf0OS4z1D1QsFRvvWrmbo6LJEdPJ7jmbhv+w
|
|
||||||
-> ssh-ed25519 vBZj5g GAlVKDrXvlR7FqID4Rbpb64QChS8rwUCyJdxg2PXSw0
|
|
||||||
cS8pDXkYvvFsiTt0i6s5r/7cxbf5IcjiNQWQAcgoXFg
|
|
||||||
-> w-grease s,fAjpd YvL[bWVw $h4j|^ >JU
|
|
||||||
EO9ZKdn19mADx6rwhpKftX/QxZ4yNlXgZttyn0rBpSZuVfX8Oj430VppAZ5RYwn9
|
|
||||||
zHqBvBs6VEYUt4jOWOGl/idBNg
|
|
||||||
--- OnaKsFMYoiOP1T2o4GIgME6KQqWqwIQM9WADk28E9qA
|
|
||||||
<<16>˜±n-ã¸þ”iìÙ÷bÖRä¿·â;¢©Ö)¸“[G[Õ–„·FÔX°ä<C2B0>?Hne•®ò&’n¸m#œ$}”¸e]Õ-6ᢾx„
|
|
3
switch
|
@ -1,3 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
|
|
||||||
sudo nixos-rebuild switch --flake ./#pim
|
|
After Width: | Height: | Size: 1.2 MiB |
After Width: | Height: | Size: 1.1 MiB |
After Width: | Height: | Size: 486 KiB |
After Width: | Height: | Size: 10 MiB |
After Width: | Height: | Size: 2.7 MiB |
After Width: | Height: | Size: 2.5 MiB |
After Width: | Height: | Size: 3.2 MiB |
After Width: | Height: | Size: 2.9 MiB |
After Width: | Height: | Size: 2.7 MiB |
After Width: | Height: | Size: 2.9 MiB |
After Width: | Height: | Size: 3 MiB |
After Width: | Height: | Size: 2.6 MiB |
After Width: | Height: | Size: 2.8 MiB |
After Width: | Height: | Size: 2.6 MiB |
After Width: | Height: | Size: 2.9 MiB |
After Width: | Height: | Size: 2.6 MiB |
After Width: | Height: | Size: 2.7 MiB |
After Width: | Height: | Size: 2.8 MiB |
After Width: | Height: | Size: 3.1 MiB |
After Width: | Height: | Size: 3 MiB |
After Width: | Height: | Size: 2.9 MiB |
After Width: | Height: | Size: 2.9 MiB |