Compare commits
85 commits
Author | SHA1 | Date | |
---|---|---|---|
59b58faeb5 | |||
14e269c02c | |||
87153f15be | |||
3e3f589e4f | |||
a58aa96a60 | |||
d3684cdd1f | |||
02108d60ae | |||
f27055e57a | |||
e42a6ceacf | |||
4cb90679a2 | |||
0d6ad4b9c1 | |||
41785ece70 | |||
d427be6e4a | |||
5b92ddde89 | |||
cb6849ccd0 | |||
573a8cc407 | |||
db14de3471 | |||
08b0fbcd0c | |||
61640c0580 | |||
ebfff58648 | |||
ed259d06cf | |||
778208078c | |||
a7e1fcd0d9 | |||
cd66409759 | |||
ebe6523622 | |||
c6a6b22c5c | |||
f115729b24 | |||
5d675cbaad | |||
e692a80d1c | |||
d754476865 | |||
ca6d704524 | |||
17433101a5 | |||
1f70f75ca7 | |||
aa7c2bac3b | |||
d40bbc417c | |||
f933a38b7d | |||
03164646a5 | |||
ebc3ad8204 | |||
95f36524e2 | |||
46cf4907cb | |||
93104ed7e0 | |||
0cecc75e3d | |||
5d752cb279 | |||
03608f96d7 | |||
80530d6290 | |||
62265a466c | |||
b6b5d5901c | |||
9c83729db0 | |||
d11fc9ba6d | |||
5bfab60b73 | |||
867912a676 | |||
c3bddc6c44 | |||
afcc583dcf | |||
ed1e654706 | |||
235efa07e8 | |||
a3ed1136f1 | |||
3d33b0c7a5 | |||
955f9e3a07 | |||
e069bd25a2 | |||
b6b5d8344c | |||
db7238afe3 | |||
1d3125a5b4 | |||
3d4ac7c7e1 | |||
dbe5349bae | |||
f03c7117bb | |||
acdf4f02af | |||
9f678ee151 | |||
07538a39d1 | |||
2ac437d742 | |||
6bfdf579c5 | |||
e0825def24 | |||
60e417e003 | |||
1a11f3af42 | |||
5dfe47a4a0 | |||
351fc8384c | |||
260fd7d573 | |||
fed5e8010d | |||
cad90372d4 | |||
9765e72a99 | |||
8251863999 | |||
adf2f1e7cb | |||
9e639175fd | |||
48e3ccc742 | |||
f1f9432f3e | |||
c2f9f4a83a |
2
.envrc
|
@ -1 +1 @@
|
|||
PATH_add .
|
||||
use flake
|
||||
|
|
1
.gitignore
vendored
|
@ -1,2 +1,3 @@
|
|||
result
|
||||
.direnv
|
||||
.pre-commit-config.yaml
|
||||
|
|
2
.sops.yaml
Normal file
|
@ -0,0 +1,2 @@
|
|||
creation_rules:
|
||||
- age: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
26
README.md
|
@ -1,20 +1,22 @@
|
|||
# nixos-laptop
|
||||
|
||||
NixOS configuration for my laptop.
|
||||
My configuration is simple: I have one personal laptop with one user.
|
||||
NixOS configuration for my personal laptop.
|
||||
|
||||
Currently contains config for only one systems:
|
||||
- **sue**: My current laptop, a Dell XPS 9315
|
||||
|
||||
## Features
|
||||
|
||||
- Nixpkgs 23.11
|
||||
- Flakes!
|
||||
- Nixpkgs 24.05
|
||||
- [Nix User Repository (NUR)](https://github.com/nix-community/NUR)
|
||||
- Currently only used for Firefox Plugins
|
||||
- [Home Manager](https://github.com/nix-community/home-manager)
|
||||
- For managing my configuration for my user
|
||||
- [Agenix](https://github.com/ryantm/agenix)
|
||||
- To deploy global system secrets, like:
|
||||
- Wireguard private key and shared secret
|
||||
- [Homeage](https://github.com/jordanisaacs/homeage)
|
||||
- To deploy secrets in my home directory, like:
|
||||
- SSH keys
|
||||
- Syncthing private key
|
||||
- For managing the configuration for my user
|
||||
- [sops-nix](https://github.com/Mic92/sops-nix)
|
||||
- For secret management
|
||||
- [stylix](https://stylix.danth.me/)
|
||||
- Apply theming and styling to many programs
|
||||
- [lanzaboote](https://github.com/nix-community/lanzaboote)
|
||||
- Secure boot for NixOS
|
||||
- [disko](https://github.com/nix-community/disko)
|
||||
- Declarative disk partitioning and formatting; currently only used for my x201
|
||||
|
|
784
flake.lock
|
@ -1,49 +1,371 @@
|
|||
{
|
||||
"nodes": {
|
||||
"agenix": {
|
||||
"base16": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
"home-manager": [
|
||||
"home-manager"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"systems": "systems"
|
||||
"fromYaml": "fromYaml"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703433843,
|
||||
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "417caa847f9383e111d1397039c9d4337d024bf0",
|
||||
"lastModified": 1708890466,
|
||||
"narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=",
|
||||
"owner": "SenchoPens",
|
||||
"repo": "base16.nix",
|
||||
"rev": "665b3c6748534eb766c777298721cece9453fdae",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"owner": "SenchoPens",
|
||||
"repo": "base16.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"base16-fish": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1622559957,
|
||||
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
|
||||
"owner": "tomyun",
|
||||
"repo": "base16-fish",
|
||||
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tomyun",
|
||||
"repo": "base16-fish",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16-foot": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696725948,
|
||||
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-foot",
|
||||
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-foot",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16-helix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696727917,
|
||||
"narHash": "sha256-FVrbPk+NtMra0jtlC5oxyNchbm8FosmvXIatkRbYy1g=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-helix",
|
||||
"rev": "dbe1480d99fe80f08df7970e471fac24c05f2ddb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-helix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16-kitty": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1665001328,
|
||||
"narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
|
||||
"owner": "kdrag0n",
|
||||
"repo": "base16-kitty",
|
||||
"rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "kdrag0n",
|
||||
"repo": "base16-kitty",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16-tmux": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696725902,
|
||||
"narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-tmux",
|
||||
"rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "tinted-theming",
|
||||
"repo": "base16-tmux",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"base16-vim": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1663659192,
|
||||
"narHash": "sha256-uJvaYYDMXvoo0fhBZUhN8WBXeJ87SRgof6GEK2efFT0=",
|
||||
"owner": "chriskempson",
|
||||
"repo": "base16-vim",
|
||||
"rev": "3be3cd82cd31acfcab9a41bad853d9c68d30478d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "chriskempson",
|
||||
"repo": "base16-vim",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"flake-compat": [
|
||||
"lanzaboote",
|
||||
"flake-compat"
|
||||
],
|
||||
"flake-utils": [
|
||||
"lanzaboote",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"lanzaboote",
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-overlay": [
|
||||
"lanzaboote",
|
||||
"rust-overlay"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681177078,
|
||||
"narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "0c9f468ff00576577d83f5019a66c557ede5acf6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"agenix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700795494,
|
||||
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
|
||||
"lastModified": 1729712798,
|
||||
"narHash": "sha256-a+Aakkb+amHw4biOZ0iMo8xYl37uUL48YEXIC5PYJ/8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "09a776702b004fdf9c41a024e1299d575ee18a7d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lnl7",
|
||||
"ref": "master",
|
||||
"repo": "nix-darwin",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1717312683,
|
||||
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "flake-compat",
|
||||
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_4": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"lanzaboote",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1680392223,
|
||||
"narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"fromYaml": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1689549921,
|
||||
"narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=",
|
||||
"owner": "SenchoPens",
|
||||
"repo": "fromYaml",
|
||||
"rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "SenchoPens",
|
||||
"repo": "fromYaml",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"git-hooks": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"gitignore": "gitignore",
|
||||
"nixpkgs": [
|
||||
"nixpkgs-unstable"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1730302582,
|
||||
"narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "cachix",
|
||||
"repo": "git-hooks.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"git-hooks",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709087332,
|
||||
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gitignore_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"lanzaboote",
|
||||
"pre-commit-hooks-nix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1660459072,
|
||||
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gnome-shell": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1713702291,
|
||||
"narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=",
|
||||
"owner": "GNOME",
|
||||
"repo": "gnome-shell",
|
||||
"rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "GNOME",
|
||||
"ref": "46.1",
|
||||
"repo": "gnome-shell",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
|
@ -54,79 +376,213 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703367386,
|
||||
"narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=",
|
||||
"lastModified": 1726989464,
|
||||
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224",
|
||||
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "release-23.11",
|
||||
"ref": "release-24.05",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"homeage": {
|
||||
"home-manager_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"stylix",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714981474,
|
||||
"narHash": "sha256-b3/U21CJjCjJKmA9WqUbZGZgCvospO3ArOUTgJugkOY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "6ebe7be2e67be7b9b54d61ce5704f6fb466c536f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"lanzaboote": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-parts": "flake-parts",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
|
||||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682802423,
|
||||
"narHash": "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "lanzaboote",
|
||||
"rev": "64b903ca87d18cef2752c19c098af275c6e51d63",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"ref": "v0.3.0",
|
||||
"repo": "lanzaboote",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-index-database": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1669234151,
|
||||
"narHash": "sha256-TwT87E3m2TZLgwYJESlype14HxUOrRGojPM5C2akrMg=",
|
||||
"owner": "jordanisaacs",
|
||||
"repo": "homeage",
|
||||
"rev": "02bfe4ca06962d222e522fff0240c93946b20278",
|
||||
"lastModified": 1729394935,
|
||||
"narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "04f8a11f247ba00263b060fbcdc95484fd046104",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "jordanisaacs",
|
||||
"repo": "homeage",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"nixos-artwork": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1702453208,
|
||||
"narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6",
|
||||
"lastModified": 1727557872,
|
||||
"narHash": "sha256-JHbMSIIrHDkbAHO6vSsDRBiwuQcxLoIilbxptrTrXB4=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "ea1384e183f556a94df85c7aa1dcd411f5a69646",
|
||||
"revCount": 212,
|
||||
"type": "git",
|
||||
"url": "https://github.com/NixOS/nixos-artwork.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/NixOS/nixos-artwork.git"
|
||||
}
|
||||
},
|
||||
"nixos-cosmic": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_3",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-stable": [
|
||||
"nixpkgs-unstable"
|
||||
],
|
||||
"rust-overlay": "rust-overlay_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729857853,
|
||||
"narHash": "sha256-IVaFOTG4i2K0YWKrJui09YCAEWyTSK+zaUTUvj/SbC4=",
|
||||
"owner": "lilyinstarlight",
|
||||
"repo": "nixos-cosmic",
|
||||
"rev": "04408bf4afe2bf2b15227c43914130c8bdf4ed3c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "master",
|
||||
"repo": "nixos-hardware",
|
||||
"owner": "lilyinstarlight",
|
||||
"repo": "nixos-cosmic",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-facter-modules": {
|
||||
"locked": {
|
||||
"lastModified": 1730798058,
|
||||
"narHash": "sha256-2KexAe17KRg2191SdBxVXqJKwV6MxKzlE35DDcAX+Ds=",
|
||||
"owner": "numtide",
|
||||
"repo": "nixos-facter-modules",
|
||||
"rev": "d0e205eafca7091caad3925ff82a46fea08351e1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "nixos-facter-modules",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1703200384,
|
||||
"narHash": "sha256-q5j06XOsy0qHOarsYPfZYJPWbTbc8sryRxianlEPJN0=",
|
||||
"owner": "nixos",
|
||||
"lastModified": 1729665710,
|
||||
"narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "0b3d618173114c64ab666f557504d6982665d328",
|
||||
"rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-23.11",
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1720386169,
|
||||
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1678872516,
|
||||
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-22.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_3": {
|
||||
"locked": {
|
||||
"lastModified": 1729357638,
|
||||
"narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1703134684,
|
||||
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
|
||||
"lastModified": 1729818716,
|
||||
"narHash": "sha256-XRfkUsxLzFkMn3Tpstio1gNOIQ+2PZPCKbifJ2IXxlw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d6863cbcbbb80e71cecfc03356db1cda38919523",
|
||||
"rev": "062c4f59744fcffa2e5aa3ef443dc8b4d1674ed6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -136,13 +592,61 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1729691686,
|
||||
"narHash": "sha256-BAuPWW+9fa1moZTU+jFh+1cUtmsuF8asgzFwejM4wac=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "32e940c7c420600ef0d1ef396dc63b04ee9cad37",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1714912032,
|
||||
"narHash": "sha256-clkcOIkg8G4xuJh+1onLG4HPMpbtzdLv4rHxFzgsH9c=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ee4a6e0f566fe5ec79968c57a9c2c3c25f2cf41d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1726871744,
|
||||
"narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nur": {
|
||||
"locked": {
|
||||
"lastModified": 1703528695,
|
||||
"narHash": "sha256-vHC5auhnV5JZLaERNpYu0A2+zX0eiwzsT0iIuT40Dmo=",
|
||||
"lastModified": 1729855863,
|
||||
"narHash": "sha256-TEefmNTtVeQpxziZ9PjWkxAkRQexLEsXk22Wj6Q7IQ8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "NUR",
|
||||
"rev": "747c0cbbecc987e67f49680b6753cc0e8ab355c5",
|
||||
"rev": "7d7cbe07852abdfd4a3bc09cb565e294f3251548",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -151,15 +655,149 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pre-commit-hooks-nix": {
|
||||
"inputs": {
|
||||
"flake-compat": [
|
||||
"lanzaboote",
|
||||
"flake-compat"
|
||||
],
|
||||
"flake-utils": [
|
||||
"lanzaboote",
|
||||
"flake-utils"
|
||||
],
|
||||
"gitignore": "gitignore_2",
|
||||
"nixpkgs": [
|
||||
"lanzaboote",
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681413034,
|
||||
"narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"disko": "disko",
|
||||
"git-hooks": "git-hooks",
|
||||
"home-manager": "home-manager",
|
||||
"homeage": "homeage",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"lanzaboote": "lanzaboote",
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nixos-artwork": "nixos-artwork",
|
||||
"nixos-cosmic": "nixos-cosmic",
|
||||
"nixos-facter-modules": "nixos-facter-modules",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"nur": "nur"
|
||||
"nur": "nur",
|
||||
"sops-nix": "sops-nix",
|
||||
"stylix": "stylix",
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
"inputs": {
|
||||
"flake-utils": [
|
||||
"lanzaboote",
|
||||
"flake-utils"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"lanzaboote",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1682129965,
|
||||
"narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "2c417c0460b788328220120c698630947547ee83",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rust-overlay_2": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixos-cosmic",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729736953,
|
||||
"narHash": "sha256-Rb6JUop7NRklg0uzcre+A+Ebrn/ZiQPkm4QdKg6/3pw=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "29b1275740d9283467b8117499ec8cbb35250584",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729775275,
|
||||
"narHash": "sha256-J2vtHq9sw1wWm0aTMXpEEAzsVCUMZDTEe5kiBYccpLE=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "78a0e634fc8981d6b564f08b6715c69a755c4c7d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"stylix": {
|
||||
"inputs": {
|
||||
"base16": "base16",
|
||||
"base16-fish": "base16-fish",
|
||||
"base16-foot": "base16-foot",
|
||||
"base16-helix": "base16-helix",
|
||||
"base16-kitty": "base16-kitty",
|
||||
"base16-tmux": "base16-tmux",
|
||||
"base16-vim": "base16-vim",
|
||||
"flake-compat": "flake-compat_4",
|
||||
"gnome-shell": "gnome-shell",
|
||||
"home-manager": "home-manager_2",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726776484,
|
||||
"narHash": "sha256-SPnk08RnllF8CD9Ndbe828Z1OmlviJ+ZJLsiT7V/+4A=",
|
||||
"owner": "pizzapim",
|
||||
"repo": "stylix",
|
||||
"rev": "d444b97c5e691a2a468000c939119798e42b4f0f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "pizzapim",
|
||||
"ref": "release-24.05",
|
||||
"repo": "stylix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
|
@ -176,6 +814,24 @@
|
|||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"treefmt-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1730025913,
|
||||
"narHash": "sha256-Y9NtFmP8ciLyRsopcCx1tyoaaStKeq+EndwtGCgww7I=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "bae131e525cc8718da22fbeb8d8c7c43c4ea502a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
|
149
flake.nix
|
@ -2,63 +2,118 @@
|
|||
description = "My NixOS configuration";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
|
||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
nur.url = "github:nix-community/NUR";
|
||||
stylix.url = "github:pizzapim/stylix/release-24.05";
|
||||
treefmt-nix.url = "github:numtide/treefmt-nix";
|
||||
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
|
||||
|
||||
git-hooks = {
|
||||
url = "github:cachix/git-hooks.nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
};
|
||||
|
||||
nix-index-database = {
|
||||
url = "github:nix-community/nix-index-database";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager?ref=release-23.11";
|
||||
url = "github:nix-community/home-manager?ref=release-24.05";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
homeage = {
|
||||
url = "github:jordanisaacs/homeage";
|
||||
|
||||
lanzaboote = {
|
||||
url = "github:nix-community/lanzaboote/v0.3.0";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
agenix = {
|
||||
url = "github:ryantm/agenix";
|
||||
|
||||
disko = {
|
||||
url = "github:nix-community/disko";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.home-manager.follows = "home-manager";
|
||||
};
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
|
||||
nixos-artwork = {
|
||||
type = "git";
|
||||
url = "https://github.com/NixOS/nixos-artwork.git";
|
||||
flake = false;
|
||||
};
|
||||
|
||||
sops-nix = {
|
||||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
nixos-cosmic = {
|
||||
url = "github:lilyinstarlight/nixos-cosmic";
|
||||
inputs.nixpkgs-stable.follows = "nixpkgs-unstable";
|
||||
};
|
||||
};
|
||||
|
||||
outputs =
|
||||
{ nixpkgs
|
||||
, nixpkgs-unstable
|
||||
, home-manager
|
||||
, homeage
|
||||
, agenix
|
||||
, nur
|
||||
, nixos-hardware
|
||||
, ...
|
||||
}: {
|
||||
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
|
||||
|
||||
nixosConfigurations.pim = nixpkgs.lib.nixosSystem rec {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
nur.overlay
|
||||
(final: _prev: {
|
||||
unstable = import nixpkgs-unstable {
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
||||
./nixos
|
||||
agenix.nixosModules.default
|
||||
nixos-hardware.nixosModules.lenovo-thinkpad-x260
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.pim = {
|
||||
imports = [ ./home-manager homeage.homeManagerModules.homeage ];
|
||||
};
|
||||
}
|
||||
];
|
||||
outputs = {
|
||||
self,
|
||||
nixpkgs,
|
||||
...
|
||||
} @ inputs: let
|
||||
supportedSystems = [
|
||||
"x86_64-linux"
|
||||
"i686-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
forAllSystems' = nixpkgs.lib.genAttrs;
|
||||
forAllSystems = forAllSystems' supportedSystems;
|
||||
pkgsForSystem = system:
|
||||
import nixpkgs {
|
||||
inherit system;
|
||||
};
|
||||
};
|
||||
|
||||
treefmtEval = forAllSystems (
|
||||
system: inputs.treefmt-nix.lib.evalModule (pkgsForSystem system) ./treefmt.nix
|
||||
);
|
||||
in {
|
||||
formatter = forAllSystems (system: (treefmtEval.${system}.config.build.wrapper));
|
||||
|
||||
nixosConfigurations = nixpkgs.lib.mapAttrs (
|
||||
name: {
|
||||
nixosModule,
|
||||
homeManagerModule,
|
||||
}:
|
||||
nixpkgs.lib.nixosSystem rec {
|
||||
system = "x86_64-linux";
|
||||
|
||||
specialArgs = {
|
||||
inherit inputs system;
|
||||
flake = self;
|
||||
};
|
||||
|
||||
modules = [
|
||||
nixosModule
|
||||
./nixos
|
||||
{
|
||||
home-manager.users.pim.imports = [homeManagerModule];
|
||||
}
|
||||
];
|
||||
}
|
||||
) (import ./machines);
|
||||
|
||||
checks = forAllSystems (system: {
|
||||
pre-commit-check = inputs.git-hooks.lib.${system}.run {
|
||||
src = ./.;
|
||||
hooks = {
|
||||
treefmt = {
|
||||
enable = true;
|
||||
package = treefmtEval.${system}.config.build.wrapper;
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
|
||||
devShells = forAllSystems (system: {
|
||||
default = nixpkgs.legacyPackages.${system}.mkShell {
|
||||
inherit (self.checks.${system}.pre-commit-check) shellHook;
|
||||
buildInputs = self.checks.${system}.pre-commit-check.enabledPackages;
|
||||
};
|
||||
});
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
{
|
||||
config = {
|
||||
programs.bash = {
|
||||
enable = true;
|
||||
shellAliases = {
|
||||
htop = "btop";
|
||||
gp = "git push";
|
||||
gco = "git checkout";
|
||||
gd = "git diff";
|
||||
gc = "git commit";
|
||||
gpl = "git pull";
|
||||
gb = "git branch";
|
||||
ga = "git add";
|
||||
gl = "git log";
|
||||
gs = "git status";
|
||||
tf = "tofu";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
{
|
||||
config = {
|
||||
programs.bat = {
|
||||
enable = true;
|
||||
config.theme = "gruvbox-dark";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,135 +1,257 @@
|
|||
{ pkgs, lib, config, ... }: {
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
inputs,
|
||||
flake,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./bash
|
||||
./neovim
|
||||
./firefox
|
||||
./ssh
|
||||
./syncthing
|
||||
./keepassxc
|
||||
./git
|
||||
./direnv
|
||||
./thunderbird
|
||||
./fzf
|
||||
./bat
|
||||
./tidal.nix
|
||||
./gnome.nix
|
||||
./syncthing.nix
|
||||
./vscode.nix
|
||||
inputs.sops-nix.homeManagerModules.sops
|
||||
inputs.nix-index-database.hmModules.nix-index
|
||||
];
|
||||
|
||||
xsession.enable = true;
|
||||
|
||||
xdg = {
|
||||
userDirs.enable = true;
|
||||
|
||||
mimeApps = {
|
||||
enable = true;
|
||||
|
||||
defaultApplications = let
|
||||
applications = {
|
||||
telegram = {
|
||||
mimeApp = "org.telegram.desktop.desktop";
|
||||
mimeTypes = ["x-scheme-handler/tg"];
|
||||
};
|
||||
|
||||
librewolf = {
|
||||
mimeApp = "librewolf.desktop";
|
||||
|
||||
mimeTypes = [
|
||||
"x-scheme-handler/http"
|
||||
"text/html"
|
||||
"application/xhtml+xml"
|
||||
"x-scheme-handler/https"
|
||||
"application/pdf"
|
||||
];
|
||||
};
|
||||
|
||||
gnomeTextEditor = {
|
||||
mimeApp = "org.gnome.TextEditor.desktop";
|
||||
mimeTypes = ["text/plain"];
|
||||
};
|
||||
|
||||
loupe = {
|
||||
mimeApp = "org.gnome.Loupe.desktop";
|
||||
mimeTypes = [
|
||||
"image/jpeg"
|
||||
"image/png"
|
||||
"image/gif"
|
||||
"image/webp"
|
||||
"image/tiff"
|
||||
"image/x-tga"
|
||||
"image/vnd-ms.dds"
|
||||
"image/x-dds"
|
||||
"image/bmp"
|
||||
"image/vnd.microsoft.icon"
|
||||
"image/vnd.radiance"
|
||||
"image/x-exr"
|
||||
"image/x-portable-bitmap"
|
||||
"image/x-portable-graymap"
|
||||
"image/x-portable-pixmap"
|
||||
"image/x-portable-anymap"
|
||||
"image/x-qoi"
|
||||
"image/svg+xml"
|
||||
"image/svg+xml-compressed"
|
||||
"image/avif"
|
||||
"image/heic"
|
||||
"image/jxl"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
mimeTypesForApp = {
|
||||
mimeApp,
|
||||
mimeTypes,
|
||||
}:
|
||||
map
|
||||
(
|
||||
mimeType: {"${mimeType}" = mimeApp;}
|
||||
)
|
||||
mimeTypes;
|
||||
in
|
||||
lib.zipAttrs (lib.flatten (map mimeTypesForApp (builtins.attrValues applications)));
|
||||
};
|
||||
};
|
||||
|
||||
home = {
|
||||
username = "pim";
|
||||
homeDirectory = "/home/pim";
|
||||
stateVersion = "23.05";
|
||||
|
||||
packages = with pkgs; [
|
||||
moonlight-qt
|
||||
vlc
|
||||
nicotine-plus
|
||||
logseq
|
||||
signal-desktop
|
||||
telegram-desktop
|
||||
strawberry
|
||||
gimp
|
||||
libreoffice
|
||||
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
|
||||
virt-manager
|
||||
gnome.gnome-tweaks
|
||||
impression
|
||||
poppler_utils # For pdfunite
|
||||
silicon
|
||||
];
|
||||
|
||||
file.k3s-pim-privkey = {
|
||||
target = ".kube/config";
|
||||
source = ./kubeconfig.yml;
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
chromium.enable = true;
|
||||
bat.enable = true;
|
||||
|
||||
terminator = {
|
||||
fzf = {
|
||||
enable = true;
|
||||
config = {
|
||||
profiles.default = {
|
||||
# Gruvbox theme: https://github.com/egel/terminator-gruvbox
|
||||
background_color = "#282828";
|
||||
cursor_color = "#7c6f64";
|
||||
foreground_color = "#ebdbb2";
|
||||
palette =
|
||||
"#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2";
|
||||
};
|
||||
enableZshIntegration = true;
|
||||
};
|
||||
|
||||
keybindings = {
|
||||
zoom_in = "<Ctrl>plus";
|
||||
zoom_out = "<Ctrl>minus";
|
||||
new_tab = "<Ctrl><Shift>T";
|
||||
cycle_next = "<Ctrl>Tab";
|
||||
cycle_prev = "<Ctrl><Shift>Tab";
|
||||
split_horiz = "<Alt>C";
|
||||
split_vert = "<Alt>V";
|
||||
alacritty = {
|
||||
enable = true;
|
||||
settings.shell = {
|
||||
program = lib.getExe config.programs.tmux.package;
|
||||
args = ["attach"];
|
||||
};
|
||||
};
|
||||
|
||||
go_left = "<Alt>H";
|
||||
go_right = "<Alt>L";
|
||||
go_up = "<Alt>K";
|
||||
go_down = "<Alt>J";
|
||||
direnv = {
|
||||
enable = true;
|
||||
enableBashIntegration = true;
|
||||
nix-direnv.enable = true;
|
||||
};
|
||||
|
||||
copy = "<Ctrl><Shift>C";
|
||||
paste = "<Ctrl><Shift>V";
|
||||
atuin = {
|
||||
enable = true;
|
||||
flags = ["--disable-up-arrow"];
|
||||
enableFishIntegration = true;
|
||||
|
||||
layout_launcher = ""; # Default <Alt>L
|
||||
};
|
||||
settings = {
|
||||
auto_sync = true;
|
||||
sync_frequency = "5m";
|
||||
sync_address = "https://atuin.kun.is";
|
||||
};
|
||||
};
|
||||
|
||||
fish = {
|
||||
enable = true;
|
||||
|
||||
interactiveShellInit = ''
|
||||
set -U fish_greeting
|
||||
'';
|
||||
|
||||
shellAbbrs = {
|
||||
htop = "btop";
|
||||
gp = "git push";
|
||||
gco = "git checkout";
|
||||
gd = "git diff";
|
||||
gc = "git commit";
|
||||
gca = "git commit --amend";
|
||||
gpl = "git pull";
|
||||
gb = "git branch";
|
||||
ga = "git add";
|
||||
gl = "git log";
|
||||
gs = "git status";
|
||||
tf = "tofu";
|
||||
};
|
||||
};
|
||||
|
||||
starship = {
|
||||
enable = true;
|
||||
enableFishIntegration = true;
|
||||
enableTransience = true;
|
||||
settings.nix_shell.heuristic = true;
|
||||
};
|
||||
|
||||
nix-index = {
|
||||
enable = true;
|
||||
enableFishIntegration = true;
|
||||
};
|
||||
|
||||
tmux = {
|
||||
enable = true;
|
||||
shell = lib.getExe config.programs.fish.package;
|
||||
shortcut = "a";
|
||||
clock24 = true;
|
||||
newSession = true;
|
||||
mouse = true;
|
||||
escapeTime = 10;
|
||||
terminal = "screen-256color";
|
||||
|
||||
extraConfig = ''
|
||||
unbind _
|
||||
bind _ split-window -h
|
||||
unbind -
|
||||
bind - split-window -v
|
||||
unbind h
|
||||
bind h select-pane -L
|
||||
unbind j
|
||||
bind j select-pane -D
|
||||
unbind k
|
||||
bind k select-pane -U
|
||||
unbind l
|
||||
bind l select-pane -R
|
||||
'';
|
||||
};
|
||||
|
||||
ssh = {
|
||||
enable = true;
|
||||
extraConfig = "User root";
|
||||
|
||||
matchBlocks.github = lib.hm.dag.entryBefore ["*"] {
|
||||
hostname = "github.com";
|
||||
user = "pizzapim";
|
||||
identitiesOnly = true;
|
||||
};
|
||||
};
|
||||
|
||||
git = {
|
||||
enable = true;
|
||||
userName = "Pim Kunis";
|
||||
userEmail = "pim@kunis.nl";
|
||||
|
||||
extraConfig = {
|
||||
push.autoSetupRemote = true;
|
||||
commit.verbose = true;
|
||||
pull.rebase = true;
|
||||
init.defaultBranch = "master";
|
||||
};
|
||||
};
|
||||
|
||||
# Currently, it is not possible to have Home Manager manage Liberwolf extensions.
|
||||
# There is a draft PR which addresses this:
|
||||
# https://github.com/nix-community/home-manager/pull/3339
|
||||
# The extensions I currently use are:
|
||||
# - ublock-origin (already installed by librewolf)
|
||||
# - cookie-autodelete
|
||||
# - clearurls
|
||||
# - istilldontcareaboutcookies
|
||||
# - keepassxc-browser
|
||||
# - redirector
|
||||
# - violentmonkey
|
||||
# - boring-rss
|
||||
# - kagi-search
|
||||
# - refined-github
|
||||
librewolf = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
"identity.fxaccounts.enabled" = true;
|
||||
"privacy.clearOnShutdown.history" = false;
|
||||
"privacy.clearOnShutdown.downloads" = false;
|
||||
"browser.translations.automaticallyPopup" = false;
|
||||
"browser.aboutConfig.showWarning" = false;
|
||||
"privacy.clearOnShutdown.cookies" = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Let home-manager manage the X session
|
||||
xsession = { enable = true; };
|
||||
sops = {
|
||||
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
|
||||
defaultSopsFile = "${flake}/secrets/pim.yaml";
|
||||
|
||||
xdg = {
|
||||
userDirs.enable = true;
|
||||
configFile."home/postgresql_server.crt".source = ./postgresql_server.crt;
|
||||
configFile."home/postgresql_client.crt".source = ./postgresql_client.crt;
|
||||
};
|
||||
|
||||
homeage = {
|
||||
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
|
||||
installationType = "systemd";
|
||||
|
||||
file."common-pg-tfbackend" = {
|
||||
source = ../secrets/common-pg-tfbackend.age;
|
||||
symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ];
|
||||
};
|
||||
|
||||
file."ansible-vault-secret" = {
|
||||
source = ../secrets/ansible-vault-secret.age;
|
||||
symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
|
||||
};
|
||||
|
||||
file."powerdns-api-key" = {
|
||||
source = ../secrets/powerdns-api-key.json.age;
|
||||
symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
|
||||
};
|
||||
|
||||
file."postgresql_client.key" = {
|
||||
source = ../secrets/postgresql_client.key.age;
|
||||
symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ];
|
||||
};
|
||||
|
||||
file."k3s-pim-privkey" = {
|
||||
source = ../secrets/k3s-pim-privkey.age;
|
||||
symlinks = [ "${config.home.homeDirectory}/.kube/k3s-pim-privkey" ];
|
||||
};
|
||||
};
|
||||
|
||||
fonts.fontconfig.enable = true;
|
||||
|
||||
dconf.settings = with lib.hm.gvariant; {
|
||||
"org/gnome/desktop/input-sources" = {
|
||||
sources = [ (mkTuple [ "xkb" "us" ]) ];
|
||||
xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
|
||||
};
|
||||
|
||||
"org/gnome/desktop/interface" = {
|
||||
monospace-font-name = "Hack Nerd Font Mono 10";
|
||||
secrets = {
|
||||
"keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
{
|
||||
config = {
|
||||
programs.direnv = {
|
||||
enable = true;
|
||||
enableBashIntegration = true;
|
||||
nix-direnv.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,28 +1,10 @@
|
|||
pkgs: lib:
|
||||
let
|
||||
pkgs: lib: let
|
||||
rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
|
||||
custom-addons = import ./custom-addons.nix pkgs lib;
|
||||
in {
|
||||
default = lib.concatLists [
|
||||
(with rycee-addons; [
|
||||
ublock-origin
|
||||
clearurls
|
||||
cookie-autodelete
|
||||
istilldontcareaboutcookies
|
||||
keepassxc-browser
|
||||
redirector
|
||||
ublacklist
|
||||
umatrix
|
||||
violentmonkey
|
||||
boring-rss
|
||||
# rycee.bypass-paywalls-clean
|
||||
])
|
||||
(with custom-addons; [ http-version-indicator indicatetls sixindicator ])
|
||||
];
|
||||
sue = with rycee-addons; [
|
||||
in
|
||||
with rycee-addons; [
|
||||
ublock-origin
|
||||
istilldontcareaboutcookies
|
||||
keepassxc-browser
|
||||
custom-addons.simple-style-fox-2
|
||||
];
|
||||
}
|
||||
]
|
||||
|
|
|
@ -1,15 +1,22 @@
|
|||
pkgs: lib:
|
||||
let
|
||||
pkgs: lib: let
|
||||
# Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix
|
||||
buildFirefoxXpiAddon = lib.makeOverridable ({ stdenv ? pkgs.stdenv
|
||||
, fetchurl ? pkgs.fetchurl, pname, version, addonId, url, sha256, meta, ...
|
||||
}:
|
||||
buildFirefoxXpiAddon = lib.makeOverridable ({
|
||||
stdenv ? pkgs.stdenv,
|
||||
fetchurl ? pkgs.fetchurl,
|
||||
pname,
|
||||
version,
|
||||
addonId,
|
||||
url,
|
||||
sha256,
|
||||
meta,
|
||||
...
|
||||
}:
|
||||
stdenv.mkDerivation {
|
||||
name = "${pname}-${version}";
|
||||
|
||||
inherit meta;
|
||||
|
||||
src = fetchurl { inherit url sha256; };
|
||||
src = fetchurl {inherit url sha256;};
|
||||
|
||||
preferLocalBuild = true;
|
||||
allowSubstitutes = true;
|
||||
|
@ -25,14 +32,12 @@ in {
|
|||
pname = "http-version-indicator";
|
||||
version = "3.2.1";
|
||||
addonId = "spdyindicator@chengsun.github.com";
|
||||
url =
|
||||
"https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
|
||||
url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
|
||||
sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8";
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/bsiegel/http-version-indicator";
|
||||
description =
|
||||
"An indicator showing the HTTP version used to load the page in the address bar.";
|
||||
mozPermissions = [ "<all_urls>" "tabs" "webNavigation" "webRequest" ];
|
||||
description = "An indicator showing the HTTP version used to load the page in the address bar.";
|
||||
mozPermissions = ["<all_urls>" "tabs" "webNavigation" "webRequest"];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
};
|
||||
|
@ -40,13 +45,11 @@ in {
|
|||
pname = "indicatetls";
|
||||
version = "0.3.0";
|
||||
addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}";
|
||||
url =
|
||||
"https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
|
||||
url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
|
||||
sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465";
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/jannispinter/indicatetls";
|
||||
description =
|
||||
"Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
|
||||
description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
|
||||
license = licenses.mpl20;
|
||||
mozPermissions = [
|
||||
"tabs"
|
||||
|
@ -63,15 +66,13 @@ in {
|
|||
pname = "sixindicator";
|
||||
version = "1.3.0";
|
||||
addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}";
|
||||
url =
|
||||
"https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
|
||||
url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
|
||||
sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d";
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/HostedDinner/SixIndicator";
|
||||
description =
|
||||
"Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
|
||||
description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
|
||||
license = licenses.mit;
|
||||
mozPermissions = [ "tabs" "webRequest" "<all_urls>" ];
|
||||
mozPermissions = ["tabs" "webRequest" "<all_urls>"];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
};
|
||||
|
@ -79,13 +80,12 @@ in {
|
|||
pname = "simple-style-fox-2";
|
||||
version = "10.0";
|
||||
addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}";
|
||||
url =
|
||||
"https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
|
||||
url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
|
||||
sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d";
|
||||
meta = with lib; {
|
||||
description = "Simple style fox 2";
|
||||
license = licenses.cc-by-30;
|
||||
mozPermissions = [ ];
|
||||
mozPermissions = [];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
{ pkgs, lib, ... }:
|
||||
let
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
firefoxAddons = import ./addons.nix pkgs lib;
|
||||
firefoxSettings = {
|
||||
"browser.aboutConfig.showWarning" = false;
|
||||
|
@ -11,9 +15,14 @@ let
|
|||
"media.webspeech.synth.dont_notify_on_error" = true;
|
||||
"browser.gesture.swipe.left" = false;
|
||||
"browser.gesture.swipe.right" = false;
|
||||
"browser.newtabpage.activity-stream.showSponsored" = false;
|
||||
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
|
||||
};
|
||||
cfg = config.pim.firefox;
|
||||
in {
|
||||
config = {
|
||||
options.pim.firefox.enable = lib.mkEnableOption "firefox";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
programs.firefox = {
|
||||
enable = true;
|
||||
profiles = {
|
||||
|
@ -21,52 +30,9 @@ in {
|
|||
id = 0;
|
||||
isDefault = true;
|
||||
settings = firefoxSettings;
|
||||
extensions = firefoxAddons.default;
|
||||
};
|
||||
sue = {
|
||||
id = 1;
|
||||
settings = firefoxSettings;
|
||||
extensions = firefoxAddons.sue;
|
||||
extensions = firefoxAddons;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
xdg.desktopEntries.firefox-sue = {
|
||||
categories = [ "Network" "WebBrowser" ];
|
||||
exec = "firefox -P sue --name firefox %U";
|
||||
genericName = "Web Browser";
|
||||
icon = "firefox";
|
||||
mimeType = [
|
||||
"text/html"
|
||||
"text/xml"
|
||||
"application/xhtml+xml"
|
||||
"application/vnd.mozilla.xul+xml"
|
||||
"x-scheme-handler/http"
|
||||
"x-scheme-handler/https"
|
||||
];
|
||||
name = "Firefox | Sue";
|
||||
startupNotify = true;
|
||||
terminal = false;
|
||||
type = "Application";
|
||||
};
|
||||
|
||||
xdg.desktopEntries.firefox = lib.mkForce {
|
||||
categories = [ "Network" "WebBrowser" ];
|
||||
exec = "firefox --new-window --name firefox %U";
|
||||
genericName = "Web Browser";
|
||||
icon = "firefox";
|
||||
mimeType = [
|
||||
"text/html"
|
||||
"text/xml"
|
||||
"application/xhtml+xml"
|
||||
"application/vnd.mozilla.xul+xml"
|
||||
"x-scheme-handler/http"
|
||||
"x-scheme-handler/https"
|
||||
];
|
||||
name = "Firefox";
|
||||
startupNotify = true;
|
||||
terminal = false;
|
||||
type = "Application";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
{
|
||||
config = {
|
||||
programs.fzf = {
|
||||
enable = true;
|
||||
enableBashIntegration = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
{
|
||||
config = {
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userName = "Pim Kunis";
|
||||
userEmail = "pim@kunis.nl";
|
||||
extraConfig = {
|
||||
push.autoSetupRemote = true;
|
||||
commit.verbose = true;
|
||||
pull.rebase = true;
|
||||
};
|
||||
includes = [{
|
||||
path = "~/git/suecode/.gitconfig";
|
||||
condition = "gitdir:~/git/suecode/**";
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
94
home-manager/gnome.nix
Normal file
|
@ -0,0 +1,94 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
flake,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.gnome;
|
||||
in {
|
||||
options.pim.gnome.enable = lib.mkEnableOption "gnome";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
home.packages = with pkgs; [gnome.gnome-tweaks];
|
||||
|
||||
dconf.settings = with lib.hm.gvariant; {
|
||||
"org/gnome/desktop/sound".allow-volume-above-100-percent = true;
|
||||
"org/gnome/desktop/wm.preferences".num-workspaces = 4;
|
||||
"org/gnome/mutter".edge-tiling = true;
|
||||
|
||||
"org/gnome/shell" = {
|
||||
disable-extension-version-validation = true;
|
||||
|
||||
enabled-extensions = [
|
||||
"workspaces-by-open-apps@favo02.github.com"
|
||||
"pop-shell@system76.com"
|
||||
"windowIsReady_Remover@nunofarruca@gmail.com"
|
||||
"randomwallpaper@iflow.space"
|
||||
"Vitals@CoreCoding.com"
|
||||
"tailscale-status@maxgallup.github.com"
|
||||
];
|
||||
};
|
||||
|
||||
"org/gnome/desktop/input-sources" = {
|
||||
sources = [(mkTuple ["xkb" "us"])];
|
||||
xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"];
|
||||
};
|
||||
|
||||
"org/gnome/shell/extensions/pop-shell" = {
|
||||
active-hint = true;
|
||||
fullscreen-launcher = false;
|
||||
mouse-cursor-focus-location = mkUint32 4;
|
||||
mouse-cursor-follows-active-window = true;
|
||||
show-skip-taskbar = false;
|
||||
show-title = true;
|
||||
smart-gaps = false;
|
||||
snap-to-grid = false;
|
||||
stacking-with-mouse = true;
|
||||
tile-by-default = true;
|
||||
};
|
||||
|
||||
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
|
||||
binding = "<Super>t";
|
||||
command = lib.getExe config.programs.alacritty.package;
|
||||
name = "Terminal";
|
||||
};
|
||||
|
||||
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
|
||||
binding = "<Super>e";
|
||||
command = "${lib.getExe config.programs.librewolf.package} --browser";
|
||||
name = "Browser";
|
||||
};
|
||||
|
||||
"org/gnome/desktop/wm/keybindings" = {
|
||||
close = ["<Shift><Super>q"];
|
||||
minimize = mkEmptyArray type.string;
|
||||
move-to-workspace-1 = ["<Shift><Super>1"];
|
||||
move-to-workspace-2 = ["<Shift><Super>2"];
|
||||
move-to-workspace-3 = ["<Shift><Super>3"];
|
||||
move-to-workspace-4 = ["<Shift><Super>4"];
|
||||
switch-applications = mkEmptyArray type.string;
|
||||
switch-applications-backward = mkEmptyArray type.string;
|
||||
switch-to-workspace-1 = ["<Super>1"];
|
||||
switch-to-workspace-2 = ["<Super>2"];
|
||||
switch-to-workspace-3 = ["<Super>3"];
|
||||
switch-to-workspace-4 = ["<Super>4"];
|
||||
toggle-fullscreen = ["<Super>f"];
|
||||
};
|
||||
|
||||
"org/gnome/shell/extensions/space-iflow-randomwallpaper" = {
|
||||
auto-fetch = true;
|
||||
change-type = 2;
|
||||
hide-panel-icon = true;
|
||||
history-length = 1;
|
||||
hours = 0;
|
||||
minutes = 30;
|
||||
sources = ["42"];
|
||||
fetch-on-startup = true;
|
||||
};
|
||||
|
||||
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4;
|
||||
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${flake}/wallpapers";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{ pkgs, config, ... }: {
|
||||
config = {
|
||||
home.packages = [ pkgs.keepassxc ];
|
||||
homeage.file."keepassxc.ini" = {
|
||||
source = ../../secrets/keepassxc.ini.age;
|
||||
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
apiVersion: v1
|
||||
clusters:
|
||||
- cluster:
|
||||
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTURJMU56UXlOVGt3SGhjTk1qTXhNakUwTVRjeE56TTVXaGNOTXpNeE1qRXhNVGN4TnpNNQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTURJMU56UXlOVGt3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUMzdYdlBzUG9DeTk3Nm1zWm9qTHBlUklieVB5NWFPV0NJWXpyZVpUcVYKUlo4cDVyME1RdVViV0crNTJqQ1ZjNCtrZGN3WVkwRXRDaUpkZ21LSU5RcTRvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWx1ZGcvZWd0bUMvWkNiaTZMRkNnClhIaXFtL2t3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUlTbHJ2TmVTc3RtVlFLVWp2STF3UlZPb0RMWEJjWDEKelpZOURUNW9WM214QWlBT2JKRThOaldOSUdSZE1FcWpXZXhUd1M5RUlGbGs2eUEwOXNjS0FmRUNXUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
server: https://jefke.hyp:6443
|
||||
name: default
|
||||
contexts:
|
||||
- context:
|
||||
cluster: default
|
||||
user: pim
|
||||
name: default
|
||||
current-context: default
|
||||
kind: Config
|
||||
preferences: {}
|
||||
users:
|
||||
- name: pim
|
||||
user:
|
||||
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJWVENCL0tBREFnRUNBaEFWemhyQ3QwZzFQMWJXZW1IUGx2SUZNQW9HQ0NxR1NNNDlCQU1DTUNNeElUQWYKQmdOVkJBTU1HR3N6Y3kxamJHbGxiblF0WTJGQU1UY3dNalUzTkRJMU9UQWVGdzB5TXpFeU1UUXhPVEl3TURCYQpGdzB5TkRFeU1UTXhPVEl3TURCYU1BNHhEREFLQmdOVkJBTVRBM0JwYlRBcU1BVUdBeXRsY0FNaEFDYWxxaUdFCjdvcVo0SFNvLy95RGhqZXJrVVA5WWg4QXdFbHFnMXI4NGpvbG8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXcKRXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTZQpkenA2TzVhajU4NGtML2FJM0pvTHhkOUtQakFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUF3eDJISGNOcVd4bkhyCmkvRVg2SmJRVlRZYThmTzhpYTdMOXRYWS84OXlQQUloQVBSanlmMU0waWtCZU95VUVUODVLS1dNaDFhbWRNZVUKSUFBZTM2WDVUSVRDCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
|
||||
client-key: k3s-pim-privkey
|
|
@ -1,5 +1,14 @@
|
|||
{ pkgs, ... }: {
|
||||
config = {
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.neovim;
|
||||
in {
|
||||
options.pim.neovim.enable = lib.mkEnableOption "neovim";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
programs.neovim = {
|
||||
enable = true;
|
||||
viAlias = true;
|
||||
|
@ -11,10 +20,9 @@
|
|||
extraPackages = with pkgs; [
|
||||
nil
|
||||
nodePackages.pyright
|
||||
neofetch
|
||||
gopls
|
||||
terraform-ls
|
||||
nixfmt
|
||||
nixfmt-classic
|
||||
stylua
|
||||
black
|
||||
nixpkgs-fmt
|
||||
|
@ -71,7 +79,7 @@
|
|||
nvim-web-devicons
|
||||
lsp-format-nvim
|
||||
{
|
||||
plugin = pkgs.unstable.vimPlugins.none-ls-nvim;
|
||||
plugin = pkgs.vimPlugins.none-ls-nvim;
|
||||
type = "lua";
|
||||
config = builtins.readFile ./none-ls.lua;
|
||||
}
|
||||
|
|
|
@ -45,14 +45,21 @@ require("lspconfig").terraformls.setup({
|
|||
capabilities = capabilities,
|
||||
})
|
||||
|
||||
-- require'lspconfig'.efm.setup {
|
||||
-- on_attach = require("lsp-format").on_attach,
|
||||
-- init_options = {documentFormatting = true},
|
||||
-- settings = {
|
||||
-- languages = {
|
||||
-- lua = {{formatCommand = "lua-format -i", formatStdin = true}},
|
||||
-- nix = {{formatCommand = "nixfmt", formatStdin = true}}
|
||||
-- }
|
||||
-- },
|
||||
-- filetypes = {"lua", "nix"}
|
||||
-- }
|
||||
local function has_treefmt()
|
||||
local git_root = vim.fn.systemlist("git rev-parse --show-toplevel")[1]
|
||||
if vim.v.shell_error ~= 0 then
|
||||
return false
|
||||
end
|
||||
local treefmt_path = git_root .. "/treefmt.nix"
|
||||
return vim.fn.filereadable(treefmt_path) == 1
|
||||
end
|
||||
|
||||
vim.api.nvim_create_autocmd("BufWritePost", {
|
||||
pattern = "*",
|
||||
callback = function()
|
||||
if vim.fn.expand("%:p") ~= vim.fn.getcwd() .. "/.git/COMMIT_EDITMSG" and has_treefmt() then
|
||||
vim.cmd("silent !treefmt > /dev/null 2>&1")
|
||||
end
|
||||
end,
|
||||
group = vim.api.nvim_create_augroup("TreefmtAutoformat", { clear = true }),
|
||||
})
|
||||
|
|
|
@ -20,24 +20,24 @@ require("null-ls").setup({
|
|||
},
|
||||
|
||||
-- configure format on save
|
||||
on_attach = function(current_client, bufnr)
|
||||
if current_client.supports_method("textDocument/formatting") then
|
||||
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
|
||||
vim.api.nvim_create_autocmd("BufWritePre", {
|
||||
group = augroup,
|
||||
buffer = bufnr,
|
||||
callback = function()
|
||||
vim.lsp.buf.format({
|
||||
filter = function(client)
|
||||
-- only use null-ls for formatting instead of lsp server
|
||||
return client.name == "null-ls"
|
||||
end,
|
||||
bufnr = bufnr,
|
||||
})
|
||||
end,
|
||||
})
|
||||
end
|
||||
end,
|
||||
-- on_attach = function(current_client, bufnr)
|
||||
-- if current_client.supports_method("textDocument/formatting") then
|
||||
-- vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
|
||||
-- vim.api.nvim_create_autocmd("BufWritePre", {
|
||||
-- group = augroup,
|
||||
-- buffer = bufnr,
|
||||
-- callback = function()
|
||||
-- vim.lsp.buf.format({
|
||||
-- filter = function(client)
|
||||
-- -- only use null-ls for formatting instead of lsp server
|
||||
-- return client.name == "null-ls"
|
||||
-- end,
|
||||
-- bufnr = bufnr,
|
||||
-- })
|
||||
-- end,
|
||||
-- })
|
||||
-- end
|
||||
-- end,
|
||||
})
|
||||
|
||||
-- formatting command
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICrzCCAZcCFApupXAa2tPytpi3av47+az0Ggb4MA0GCSqGSIb3DQEBCwUAMBQx
|
||||
EjAQBgNVBAMMCWplZmtlLmh5cDAeFw0yMzExMjQyMjAzMjhaFw0yNDExMjMyMjAz
|
||||
MjhaMBQxEjAQBgNVBAMMCXRlcnJhZm9ybTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
ADCCAQoCggEBALeJ/fYUCmwislUw4XcCxivCUuWuUWI+t/nke9/hWEWTmDG4Z7/a
|
||||
IAKqsGk0zNATQViAXmYZwdYK70AKQhxat3OJcuZarsurOXVjVJdT4Wr5SxHGHjd0
|
||||
bwd8JzFZPIfgYCILCISFjCIfpD58kBq2bkvI4rpn4tb2iPunXp0+S8iHDMB5wAOb
|
||||
FgT0muuz9ua4R76nq79O9wLbAVf38CDR9bMGcPcKknz0sl37jr7A/pDvQzpFWO33
|
||||
eJb64b7Qe4CHslWFj1tdEkXaMpMNWHhc2TmtLtlt6a+RY1R9KdX5x0lQTyJnEwJZ
|
||||
8YTKnlMoNvkfBznuARFmNNmUYPoHE6WgonMCAwEAATANBgkqhkiG9w0BAQsFAAOC
|
||||
AQEAaH1HVPThhAkrXE4Zmh49D1zvq5uy6moV326/ovnPQfco2jYBYO5mYxBF32mx
|
||||
ShEanbJJKkFjWkQHmsWt7nrkeloz6q8sD19nLyyWmMj0Pd6wcLv017Zdo902fh27
|
||||
Rl8qZS44vEc+N/5gc2eINMfXm/JOdXYntOVpFO/I+6b9Q2iWFX3YUAXiIDiEYBvS
|
||||
BBqyXC2nVg6Lp1KVg+EaYW27sj8b5HHXnpEGdXduVmOWttdaQVjYslqmH7mUKi9f
|
||||
2U9FicMvw6KvkRki+SLKeZr2yIP1QQOnWg0BPbeCpMfdMSu/AtLkAtugZeT8p1Ko
|
||||
3hMMyKKzyyhiwpzvk21QFNZ5LA==
|
||||
-----END CERTIFICATE-----
|
|
@ -1,67 +0,0 @@
|
|||
Certificate:
|
||||
Data:
|
||||
Version: 1 (0x0)
|
||||
Serial Number:
|
||||
ef:2f:4d:d4:26:7e:33:1b
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
Issuer: CN=jefke.hyp
|
||||
Validity
|
||||
Not Before: Nov 22 19:12:03 2023 GMT
|
||||
Not After : Oct 29 19:12:03 2123 GMT
|
||||
Subject: CN=jefke.hyp
|
||||
Subject Public Key Info:
|
||||
Public Key Algorithm: rsaEncryption
|
||||
RSA Public-Key: (2048 bit)
|
||||
Modulus:
|
||||
00:c7:ab:eb:9c:d0:7f:4f:f1:ba:65:0a:8b:07:7b:
|
||||
2e:5b:f0:26:82:33:c9:73:e6:91:cc:11:94:05:1c:
|
||||
8d:67:29:cb:5e:67:35:02:80:54:af:99:4b:aa:ce:
|
||||
e8:56:62:be:63:cb:b2:4a:b0:a9:28:12:e2:77:50:
|
||||
7d:d5:d2:3b:48:d8:32:59:25:26:ff:a6:5c:f6:eb:
|
||||
ae:5b:3d:7a:14:10:ba:90:9c:6f:1f:b9:d8:99:0e:
|
||||
b7:09:5e:62:69:c4:c0:c6:27:b0:d3:60:0d:47:4c:
|
||||
a5:11:53:f2:f1:4a:f9:a6:bc:d6:a3:35:a2:e8:e5:
|
||||
a9:d1:60:e8:e5:18:ce:d2:60:80:4e:dc:48:ae:7f:
|
||||
b7:ea:76:51:28:39:a4:b0:95:82:95:93:98:b2:9f:
|
||||
23:c9:81:69:59:a3:e4:f7:5a:1c:01:31:96:c1:4b:
|
||||
59:21:f8:a2:e6:9e:21:78:0e:6b:c1:68:c7:5c:16:
|
||||
9a:06:54:df:b6:77:1d:2d:89:d0:c8:9e:db:b5:d4:
|
||||
8c:fb:b9:4f:b7:6e:39:5f:39:8e:48:73:76:7d:46:
|
||||
6e:1f:8d:14:cb:40:b5:ff:c6:f0:c0:44:3c:ed:52:
|
||||
3f:4f:7b:69:63:93:c6:41:e6:5e:ed:33:50:20:46:
|
||||
db:93:bf:e8:52:51:95:f1:81:73:58:da:67:21:7b:
|
||||
12:bd
|
||||
Exponent: 65537 (0x10001)
|
||||
Signature Algorithm: sha256WithRSAEncryption
|
||||
aa:5c:89:41:a6:b7:3d:65:87:ca:50:c4:f3:58:aa:d3:b4:55:
|
||||
b1:a7:8d:18:26:17:e5:8a:21:24:a1:49:53:77:31:5b:55:63:
|
||||
be:01:d8:fe:b7:06:7c:da:07:1f:94:6a:de:96:ad:ca:3b:20:
|
||||
2a:e1:35:90:19:83:6d:37:d1:15:12:de:3c:0e:46:be:66:a1:
|
||||
6a:1d:ec:72:dc:46:79:69:e4:af:77:c8:ff:cd:d6:7d:16:88:
|
||||
ab:44:fd:70:fc:40:47:ff:43:95:11:5a:9a:56:0c:d2:dd:7c:
|
||||
3b:87:aa:10:26:fa:25:a3:a0:43:8a:1b:ec:54:11:7e:65:67:
|
||||
d2:06:e1:3e:3b:e1:0e:b0:80:ef:4b:35:3f:fc:34:1d:95:2e:
|
||||
ee:c1:67:38:da:b3:74:86:4b:95:8c:0c:1d:51:28:c1:42:e9:
|
||||
77:68:d7:ec:3b:66:30:c6:e5:2a:62:ea:15:fb:24:56:cf:02:
|
||||
d0:25:54:a7:58:15:b5:2a:71:93:56:c0:69:7a:36:18:6c:31:
|
||||
b1:8e:3c:77:d7:77:ac:fc:e1:94:c5:08:bb:35:ac:48:5f:6b:
|
||||
8b:c8:c8:78:f4:a9:ca:4f:9d:51:54:89:97:c9:af:a1:fa:71:
|
||||
df:58:f6:ff:04:7c:c8:1c:95:6b:1a:e3:a7:f6:43:1c:27:94:
|
||||
10:03:ce:ec
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIICpjCCAY4CCQDvL03UJn4zGzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlq
|
||||
ZWZrZS5oeXAwIBcNMjMxMTIyMTkxMjAzWhgPMjEyMzEwMjkxOTEyMDNaMBQxEjAQ
|
||||
BgNVBAMMCWplZmtlLmh5cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
||||
AMer65zQf0/xumUKiwd7LlvwJoIzyXPmkcwRlAUcjWcpy15nNQKAVK+ZS6rO6FZi
|
||||
vmPLskqwqSgS4ndQfdXSO0jYMlklJv+mXPbrrls9ehQQupCcbx+52JkOtwleYmnE
|
||||
wMYnsNNgDUdMpRFT8vFK+aa81qM1oujlqdFg6OUYztJggE7cSK5/t+p2USg5pLCV
|
||||
gpWTmLKfI8mBaVmj5PdaHAExlsFLWSH4ouaeIXgOa8Fox1wWmgZU37Z3HS2J0Mie
|
||||
27XUjPu5T7duOV85jkhzdn1Gbh+NFMtAtf/G8MBEPO1SP097aWOTxkHmXu0zUCBG
|
||||
25O/6FJRlfGBc1jaZyF7Er0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqlyJQaa3
|
||||
PWWHylDE81iq07RVsaeNGCYX5YohJKFJU3cxW1VjvgHY/rcGfNoHH5Rq3patyjsg
|
||||
KuE1kBmDbTfRFRLePA5Gvmahah3sctxGeWnkr3fI/83WfRaIq0T9cPxAR/9DlRFa
|
||||
mlYM0t18O4eqECb6JaOgQ4ob7FQRfmVn0gbhPjvhDrCA70s1P/w0HZUu7sFnONqz
|
||||
dIZLlYwMHVEowULpd2jX7DtmMMblKmLqFfskVs8C0CVUp1gVtSpxk1bAaXo2GGwx
|
||||
sY48d9d3rPzhlMUIuzWsSF9ri8jIePSpyk+dUVSJl8mvofpx31j2/wR8yByVaxrj
|
||||
p/ZDHCeUEAPO7A==
|
||||
-----END CERTIFICATE-----
|
|
@ -1,35 +0,0 @@
|
|||
{ config, lib, ... }: {
|
||||
config = {
|
||||
programs.ssh = {
|
||||
enable = true;
|
||||
extraConfig = "User root";
|
||||
|
||||
matchBlocks = {
|
||||
github = lib.hm.dag.entryBefore [ "*" ] {
|
||||
hostname = "github.com";
|
||||
user = "pizzapim";
|
||||
identitiesOnly = true;
|
||||
};
|
||||
lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.hyp"; };
|
||||
atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.hyp"; };
|
||||
jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.hyp"; };
|
||||
hermes = lib.hm.dag.entryBefore [ "*" ] { hostname = "hermes.dmz"; };
|
||||
maestro = lib.hm.dag.entryBefore [ "*" ] { hostname = "maestro.dmz"; };
|
||||
bancomart =
|
||||
lib.hm.dag.entryBefore [ "*" ] { hostname = "bancomart.dmz"; };
|
||||
handjecontantje =
|
||||
lib.hm.dag.entryBefore [ "*" ] { hostname = "handjecontantje.dmz"; };
|
||||
};
|
||||
};
|
||||
|
||||
homeage.file."sue_ed25519" = {
|
||||
source = ../../secrets/sue_ed25519.age;
|
||||
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
|
||||
};
|
||||
|
||||
homeage.file."sue_azure_rsa" = {
|
||||
source = ../../secrets/sue_azure_rsa.age;
|
||||
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
|
||||
};
|
||||
};
|
||||
}
|
18
home-manager/syncthing.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.syncthing;
|
||||
in {
|
||||
options.pim.syncthing.enable = lib.mkEnableOption "syncthing";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.syncthing.enable = true;
|
||||
|
||||
sops.secrets = {
|
||||
"syncthing/key".path = "${config.xdg.configHome}/syncthing/key.pem";
|
||||
"syncthing/cert".path = "${config.xdg.configHome}/syncthing/cert.pem";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,17 +0,0 @@
|
|||
{ config, ... }: {
|
||||
config = {
|
||||
services.syncthing.enable = true;
|
||||
xdg.configFile."syncthing/config.xml".source = ./syncthing.xml;
|
||||
xdg.userDirs.music = "${config.home.homeDirectory}/sync/Music";
|
||||
|
||||
homeage.file."syncthing-key.pem" = {
|
||||
source = ../../secrets/syncthing-key.pem.age;
|
||||
symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
|
||||
};
|
||||
|
||||
homeage.file."syncthing-cert.pem" = {
|
||||
source = ../../secrets/syncthing-cert.pem.age;
|
||||
symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,175 +0,0 @@
|
|||
<configuration version="37">
|
||||
<folder id="nncij-isaoe" label="Nextcloud" path="/home/pim/sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
|
||||
<filesystemType>basic</filesystemType>
|
||||
<device id="IGS4TYV-TQ6X2CG-OE3M2RE-DKZWKQZ-HEKIGHT-C6EIGHL-CBP2ULE-M3WZ7QC" introducedBy="">
|
||||
<encryptionPassword></encryptionPassword>
|
||||
</device>
|
||||
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" introducedBy="">
|
||||
<encryptionPassword></encryptionPassword>
|
||||
</device>
|
||||
<minDiskFree unit="%">1</minDiskFree>
|
||||
<versioning>
|
||||
<cleanupIntervalS>3600</cleanupIntervalS>
|
||||
<fsPath></fsPath>
|
||||
<fsType>basic</fsType>
|
||||
</versioning>
|
||||
<copiers>0</copiers>
|
||||
<pullerMaxPendingKiB>0</pullerMaxPendingKiB>
|
||||
<hashers>0</hashers>
|
||||
<order>random</order>
|
||||
<ignoreDelete>false</ignoreDelete>
|
||||
<scanProgressIntervalS>0</scanProgressIntervalS>
|
||||
<pullerPauseS>0</pullerPauseS>
|
||||
<maxConflicts>10</maxConflicts>
|
||||
<disableSparseFiles>false</disableSparseFiles>
|
||||
<disableTempIndexes>false</disableTempIndexes>
|
||||
<paused>false</paused>
|
||||
<weakHashThresholdPct>25</weakHashThresholdPct>
|
||||
<markerName>.stfolder</markerName>
|
||||
<copyOwnershipFromParent>false</copyOwnershipFromParent>
|
||||
<modTimeWindowS>0</modTimeWindowS>
|
||||
<maxConcurrentWrites>2</maxConcurrentWrites>
|
||||
<disableFsync>false</disableFsync>
|
||||
<blockPullOrder>standard</blockPullOrder>
|
||||
<copyRangeMethod>standard</copyRangeMethod>
|
||||
<caseSensitiveFS>false</caseSensitiveFS>
|
||||
<junctionsAsDirs>false</junctionsAsDirs>
|
||||
<syncOwnership>false</syncOwnership>
|
||||
<sendOwnership>false</sendOwnership>
|
||||
<syncXattrs>false</syncXattrs>
|
||||
<sendXattrs>false</sendXattrs>
|
||||
<xattrFilter>
|
||||
<maxSingleEntrySize>1024</maxSingleEntrySize>
|
||||
<maxTotalSize>4096</maxTotalSize>
|
||||
</xattrFilter>
|
||||
</folder>
|
||||
<device id="IGS4TYV-TQ6X2CG-OE3M2RE-DKZWKQZ-HEKIGHT-C6EIGHL-CBP2ULE-M3WZ7QC" name="Home" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
|
||||
<address>dynamic</address>
|
||||
<paused>false</paused>
|
||||
<autoAcceptFolders>false</autoAcceptFolders>
|
||||
<maxSendKbps>0</maxSendKbps>
|
||||
<maxRecvKbps>0</maxRecvKbps>
|
||||
<maxRequestKiB>0</maxRequestKiB>
|
||||
<untrusted>false</untrusted>
|
||||
<remoteGUIPort>0</remoteGUIPort>
|
||||
</device>
|
||||
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" name="x260" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
|
||||
<address>dynamic</address>
|
||||
<paused>false</paused>
|
||||
<autoAcceptFolders>false</autoAcceptFolders>
|
||||
<maxSendKbps>0</maxSendKbps>
|
||||
<maxRecvKbps>0</maxRecvKbps>
|
||||
<maxRequestKiB>0</maxRequestKiB>
|
||||
<untrusted>false</untrusted>
|
||||
<remoteGUIPort>0</remoteGUIPort>
|
||||
</device>
|
||||
<gui enabled="true" tls="false" debugging="false">
|
||||
<address>127.0.0.1:8384</address>
|
||||
<apikey></apikey>
|
||||
<theme>default</theme>
|
||||
</gui>
|
||||
<ldap></ldap>
|
||||
<options>
|
||||
<listenAddress>default</listenAddress>
|
||||
<globalAnnounceServer>default</globalAnnounceServer>
|
||||
<globalAnnounceEnabled>true</globalAnnounceEnabled>
|
||||
<localAnnounceEnabled>true</localAnnounceEnabled>
|
||||
<localAnnouncePort>21027</localAnnouncePort>
|
||||
<localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
|
||||
<maxSendKbps>0</maxSendKbps>
|
||||
<maxRecvKbps>0</maxRecvKbps>
|
||||
<reconnectionIntervalS>60</reconnectionIntervalS>
|
||||
<relaysEnabled>true</relaysEnabled>
|
||||
<relayReconnectIntervalM>10</relayReconnectIntervalM>
|
||||
<startBrowser>true</startBrowser>
|
||||
<natEnabled>true</natEnabled>
|
||||
<natLeaseMinutes>60</natLeaseMinutes>
|
||||
<natRenewalMinutes>30</natRenewalMinutes>
|
||||
<natTimeoutSeconds>10</natTimeoutSeconds>
|
||||
<urAccepted>-1</urAccepted>
|
||||
<urSeen>3</urSeen>
|
||||
<urUniqueID></urUniqueID>
|
||||
<urURL>https://data.syncthing.net/newdata</urURL>
|
||||
<urPostInsecurely>false</urPostInsecurely>
|
||||
<urInitialDelayS>1800</urInitialDelayS>
|
||||
<autoUpgradeIntervalH>12</autoUpgradeIntervalH>
|
||||
<upgradeToPreReleases>false</upgradeToPreReleases>
|
||||
<keepTemporariesH>24</keepTemporariesH>
|
||||
<cacheIgnoredFiles>false</cacheIgnoredFiles>
|
||||
<progressUpdateIntervalS>5</progressUpdateIntervalS>
|
||||
<limitBandwidthInLan>false</limitBandwidthInLan>
|
||||
<minHomeDiskFree unit="%">1</minHomeDiskFree>
|
||||
<releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
|
||||
<overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
|
||||
<tempIndexMinBlocks>10</tempIndexMinBlocks>
|
||||
<trafficClass>0</trafficClass>
|
||||
<setLowPriority>true</setLowPriority>
|
||||
<maxFolderConcurrency>0</maxFolderConcurrency>
|
||||
<crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
|
||||
<crashReportingEnabled>true</crashReportingEnabled>
|
||||
<stunKeepaliveStartS>180</stunKeepaliveStartS>
|
||||
<stunKeepaliveMinS>20</stunKeepaliveMinS>
|
||||
<stunServer>default</stunServer>
|
||||
<databaseTuning>auto</databaseTuning>
|
||||
<maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
|
||||
<announceLANAddresses>true</announceLANAddresses>
|
||||
<sendFullIndexOnUpgrade>false</sendFullIndexOnUpgrade>
|
||||
<connectionLimitEnough>0</connectionLimitEnough>
|
||||
<connectionLimitMax>0</connectionLimitMax>
|
||||
<insecureAllowOldTLSVersions>false</insecureAllowOldTLSVersions>
|
||||
</options>
|
||||
<defaults>
|
||||
<folder id="" label="" path="~" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
|
||||
<filesystemType>basic</filesystemType>
|
||||
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" introducedBy="">
|
||||
<encryptionPassword></encryptionPassword>
|
||||
</device>
|
||||
<minDiskFree unit="%">1</minDiskFree>
|
||||
<versioning>
|
||||
<cleanupIntervalS>3600</cleanupIntervalS>
|
||||
<fsPath></fsPath>
|
||||
<fsType>basic</fsType>
|
||||
</versioning>
|
||||
<copiers>0</copiers>
|
||||
<pullerMaxPendingKiB>0</pullerMaxPendingKiB>
|
||||
<hashers>0</hashers>
|
||||
<order>random</order>
|
||||
<ignoreDelete>false</ignoreDelete>
|
||||
<scanProgressIntervalS>0</scanProgressIntervalS>
|
||||
<pullerPauseS>0</pullerPauseS>
|
||||
<maxConflicts>10</maxConflicts>
|
||||
<disableSparseFiles>false</disableSparseFiles>
|
||||
<disableTempIndexes>false</disableTempIndexes>
|
||||
<paused>false</paused>
|
||||
<weakHashThresholdPct>25</weakHashThresholdPct>
|
||||
<markerName>.stfolder</markerName>
|
||||
<copyOwnershipFromParent>false</copyOwnershipFromParent>
|
||||
<modTimeWindowS>0</modTimeWindowS>
|
||||
<maxConcurrentWrites>2</maxConcurrentWrites>
|
||||
<disableFsync>false</disableFsync>
|
||||
<blockPullOrder>standard</blockPullOrder>
|
||||
<copyRangeMethod>standard</copyRangeMethod>
|
||||
<caseSensitiveFS>false</caseSensitiveFS>
|
||||
<junctionsAsDirs>false</junctionsAsDirs>
|
||||
<syncOwnership>false</syncOwnership>
|
||||
<sendOwnership>false</sendOwnership>
|
||||
<syncXattrs>false</syncXattrs>
|
||||
<sendXattrs>false</sendXattrs>
|
||||
<xattrFilter>
|
||||
<maxSingleEntrySize>1024</maxSingleEntrySize>
|
||||
<maxTotalSize>4096</maxTotalSize>
|
||||
</xattrFilter>
|
||||
</folder>
|
||||
<device id="" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
|
||||
<address>dynamic</address>
|
||||
<paused>false</paused>
|
||||
<autoAcceptFolders>false</autoAcceptFolders>
|
||||
<maxSendKbps>0</maxSendKbps>
|
||||
<maxRecvKbps>0</maxRecvKbps>
|
||||
<maxRequestKiB>0</maxRequestKiB>
|
||||
<untrusted>false</untrusted>
|
||||
<remoteGUIPort>0</remoteGUIPort>
|
||||
</device>
|
||||
<ignores></ignores>
|
||||
</defaults>
|
||||
</configuration>
|
|
@ -1,8 +0,0 @@
|
|||
{
|
||||
config = {
|
||||
programs.thunderbird = {
|
||||
enable = true;
|
||||
profiles.default = { isDefault = true; };
|
||||
};
|
||||
};
|
||||
}
|
16
home-manager/tidal.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.tidal;
|
||||
in {
|
||||
options.pim.tidal.enable = lib.mkEnableOption "tidal";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
home.packages = with pkgs; [
|
||||
supercollider-with-sc3-plugins
|
||||
];
|
||||
};
|
||||
}
|
32
home-manager/vscode.nix
Normal file
|
@ -0,0 +1,32 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.vscode;
|
||||
in {
|
||||
options.pim.vscode.enable = lib.mkEnableOption "vscode";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
programs.vscode = {
|
||||
enable = true;
|
||||
package = pkgs.vscodium;
|
||||
extensions = with pkgs.vscode-extensions; [
|
||||
vscodevim.vim
|
||||
marp-team.marp-vscode
|
||||
jnoortheen.nix-ide
|
||||
mkhl.direnv
|
||||
];
|
||||
|
||||
userSettings = {
|
||||
"nix.enableLanguageServer" = true;
|
||||
"nix.serverPath" = lib.getExe pkgs.nil;
|
||||
"terminal.integrated.defaultProfile.linux" = "fish";
|
||||
"explorer.confirmDragAndDrop" = false;
|
||||
"explorer.confirmPasteNative" = false;
|
||||
"explorer.confirmDelete" = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
4
machines/default.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
sue = import ./sue;
|
||||
gamepc = import ./gamepc;
|
||||
}
|
94
machines/gamepc/configuration.nix
Normal file
|
@ -0,0 +1,94 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
config = {
|
||||
pim = {
|
||||
cinnamon.enable = true;
|
||||
};
|
||||
|
||||
facter.reportPath = ./facter.json;
|
||||
networking.hostName = "gamepc";
|
||||
services.openssh.enable = true;
|
||||
|
||||
users.users = {
|
||||
root.password = "";
|
||||
pim = {
|
||||
openssh.authorizedKeys.keys = config.pim.ssh.keys.pim;
|
||||
password = "";
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
};
|
||||
|
||||
disko.devices.disk = lib.genAttrs ["0" "1"] (name: {
|
||||
type = "disk";
|
||||
device = "/dev/nvme${name}n1";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
size = "1M";
|
||||
type = "EF02"; # for grub MBR
|
||||
};
|
||||
ESP = {
|
||||
size = "500M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "mdraid";
|
||||
name = "boot";
|
||||
};
|
||||
};
|
||||
mdadm = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "mdraid";
|
||||
name = "raid0";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
});
|
||||
|
||||
disko.devices.mdadm = {
|
||||
boot = {
|
||||
type = "mdadm";
|
||||
level = 1;
|
||||
metadata = "1.0";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
raid0 = {
|
||||
type = "mdadm";
|
||||
level = 0;
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
primary = {
|
||||
end = "-4G";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
swap = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "swap";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
4
machines/gamepc/default.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
nixosModule = import ./configuration.nix;
|
||||
homeManagerModule = import ./home.nix;
|
||||
}
|
4792
machines/gamepc/facter.json
Normal file
7
machines/gamepc/home.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{pkgs, ...}: {
|
||||
home.packages = with pkgs.unstable; [
|
||||
devenv
|
||||
vlc
|
||||
handbrake
|
||||
];
|
||||
}
|
49
machines/sue/configuration.nix
Normal file
|
@ -0,0 +1,49 @@
|
|||
{inputs, ...}: {
|
||||
config = {
|
||||
pim = {
|
||||
lanzaboote.enable = true;
|
||||
tidal.enable = true;
|
||||
gnome.enable = true;
|
||||
stylix.enable = true;
|
||||
wireguard.enable = true;
|
||||
tailscale.enable = true;
|
||||
compliance.enable = true;
|
||||
sops.enable = true;
|
||||
};
|
||||
|
||||
facter.reportPath = ./facter.json;
|
||||
|
||||
networking.hostName = "xps-9315";
|
||||
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/560E-F8A2";
|
||||
fsType = "vfat";
|
||||
options = ["fmask=0022" "dmask=0022"];
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings = {
|
||||
substituters = ["https://cosmic.cachix.org/"];
|
||||
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
|
||||
|
||||
specialisation.cosmic.configuration = {
|
||||
imports = [
|
||||
inputs.nixos-cosmic.nixosModules.default
|
||||
];
|
||||
|
||||
services = {
|
||||
desktopManager.cosmic.enable = true;
|
||||
displayManager.cosmic-greeter.enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
4
machines/sue/default.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
nixosModule = import ./configuration.nix;
|
||||
homeManagerModule = import ./home.nix;
|
||||
}
|
6453
machines/sue/facter.json
Normal file
44
machines/sue/home.nix
Normal file
|
@ -0,0 +1,44 @@
|
|||
{pkgs, ...}: {
|
||||
config = {
|
||||
pim = {
|
||||
tidal.enable = true;
|
||||
gnome.enable = true;
|
||||
vscode.enable = true;
|
||||
syncthing.enable = true;
|
||||
neovim.enable = true;
|
||||
firefox.enable = true;
|
||||
};
|
||||
|
||||
home.packages =
|
||||
(with pkgs; [
|
||||
jellyfin-media-player
|
||||
virt-manager
|
||||
])
|
||||
++ (with pkgs.unstable; [
|
||||
attic-client
|
||||
dbeaver-bin
|
||||
devenv
|
||||
bottles-unwrapped
|
||||
gimp
|
||||
hexchat
|
||||
impression
|
||||
insomnia
|
||||
keepassxc
|
||||
krita
|
||||
libreoffice
|
||||
# logseq # Has insecure electron dependency
|
||||
moonlight-qt
|
||||
nicotine-plus
|
||||
qFlipper
|
||||
signal-desktop
|
||||
strawberry
|
||||
telegram-desktop
|
||||
vlc
|
||||
vorta
|
||||
wireshark
|
||||
# nheko # Has insecure olm dependency
|
||||
handbrake
|
||||
feishin
|
||||
]);
|
||||
};
|
||||
}
|
19
nixos/cinnamon.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.cinnamon;
|
||||
in {
|
||||
options.pim.cinnamon.enable = lib.mkEnableOption "cinnamon";
|
||||
config = lib.mkIf cfg.enable {
|
||||
services = {
|
||||
displayManager.defaultSession = "cinnamon";
|
||||
libinput.enable = true;
|
||||
xserver = {
|
||||
desktopManager.cinnamon.enable = true;
|
||||
displayManager.lightdm.enable = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
14
nixos/compliance.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.compliance;
|
||||
in {
|
||||
options.pim.compliance.enable = lib.mkEnableOption "compliance";
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.clamav = {
|
||||
daemon.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,69 +1,81 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
|
||||
let
|
||||
vuescan = pkgs.callPackage ./vuescan.nix { };
|
||||
in
|
||||
{
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
boot = { loader.systemd-boot.enable = true; };
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
flake,
|
||||
system,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
inputs.nixos-facter-modules.nixosModules.facter
|
||||
inputs.disko.nixosModules.disko
|
||||
./lanzaboote.nix
|
||||
./tidal.nix
|
||||
./sops.nix
|
||||
./stylix.nix
|
||||
./wireguard.nix
|
||||
./gnome.nix
|
||||
./tailscale.nix
|
||||
./compliance.nix
|
||||
./cinnamon.nix
|
||||
./ssh.nix
|
||||
];
|
||||
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
programs.ssh.startAgent = true;
|
||||
|
||||
services = {
|
||||
udev.packages = [ vuescan ];
|
||||
gnome.gnome-keyring.enable = lib.mkForce false;
|
||||
|
||||
xserver = {
|
||||
enable = true;
|
||||
displayManager.gdm = { enable = true; };
|
||||
desktopManager.gnome.enable = true;
|
||||
excludePackages = with pkgs; [ xterm ];
|
||||
};
|
||||
xserver.enable = true;
|
||||
|
||||
printing = {
|
||||
enable = true;
|
||||
drivers = [ pkgs.hplip pkgs.gutenprint ];
|
||||
drivers = [pkgs.hplip pkgs.gutenprint];
|
||||
};
|
||||
|
||||
fprintd = {
|
||||
pipewire = {
|
||||
enable = true;
|
||||
|
||||
tod = {
|
||||
enable = true;
|
||||
driver = pkgs.libfprint-2-tod1-vfs0090;
|
||||
};
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
users.pim = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "docker" "input" ];
|
||||
};
|
||||
users.users.pim = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
|
||||
};
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
wget
|
||||
curl
|
||||
git
|
||||
age
|
||||
borgbackup
|
||||
btop
|
||||
ripgrep
|
||||
vim
|
||||
dogdns
|
||||
tree
|
||||
btrfs-progs
|
||||
curl
|
||||
dig
|
||||
vuescan
|
||||
];
|
||||
gnome.excludePackages = with pkgs; [
|
||||
gnome.totem
|
||||
gnome-tour
|
||||
gnome.epiphany
|
||||
gnome.geary
|
||||
gnome-console
|
||||
gnome.gnome-music
|
||||
exfat
|
||||
f3
|
||||
fastfetch
|
||||
file
|
||||
git
|
||||
jq
|
||||
kubectl
|
||||
nmap
|
||||
poppler_utils # For pdfunite
|
||||
ripgrep
|
||||
sbctl
|
||||
silicon
|
||||
tree
|
||||
units
|
||||
vim
|
||||
wget
|
||||
yq
|
||||
ncdu
|
||||
lshw
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -77,32 +89,18 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
programs.ssh = {
|
||||
startAgent = true;
|
||||
security = {
|
||||
rtkit.enable = true;
|
||||
|
||||
knownHosts = {
|
||||
dmz = {
|
||||
hostNames = [ "*.dmz" ];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
|
||||
certAuthority = true;
|
||||
};
|
||||
|
||||
hypervisors = {
|
||||
hostNames = [ "*.hyp" ];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
|
||||
certAuthority = true;
|
||||
};
|
||||
};
|
||||
sudo.extraConfig = ''
|
||||
Defaults timestamp_timeout=30
|
||||
'';
|
||||
};
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
Defaults timestamp_timeout=30
|
||||
'';
|
||||
|
||||
nix = {
|
||||
package = pkgs.nixFlakes;
|
||||
settings.trusted-users = ["root" "pim"];
|
||||
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
'';
|
||||
|
@ -115,31 +113,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
age = {
|
||||
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
|
||||
|
||||
secrets = {
|
||||
wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age;
|
||||
wg-quick-home-preshared-key.file =
|
||||
../secrets/wg-quick-home-preshared-key.age;
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "x260";
|
||||
|
||||
wg-quick.interfaces.home = {
|
||||
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
|
||||
address = [ "10.225.191.4/24" ];
|
||||
dns = [ "192.168.30.8" ];
|
||||
peers = [{
|
||||
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
|
||||
endpoint = "wg.geokunis2.nl:51820";
|
||||
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
||||
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
||||
}];
|
||||
};
|
||||
};
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
|
@ -149,7 +123,52 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"electron-25.9.0"
|
||||
];
|
||||
nixpkgs = {
|
||||
hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
|
||||
config = {
|
||||
allowUnfreePredicate = pkg:
|
||||
builtins.elem (lib.getName pkg) [
|
||||
"libfprint-2-tod1-goodix"
|
||||
];
|
||||
};
|
||||
|
||||
overlays = [
|
||||
inputs.nur.overlay
|
||||
(final: _prev: {
|
||||
unstable = import inputs.nixpkgs-unstable {
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
boot = {
|
||||
kernelModules = ["kvm-intel" "cdrom"];
|
||||
extraModulePackages = [];
|
||||
|
||||
initrd = {
|
||||
availableKernelModules = ["sd_mod"];
|
||||
kernelModules = [];
|
||||
};
|
||||
|
||||
kernel.sysctl = {
|
||||
"net.core.default_qdisc" = "fq";
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
};
|
||||
};
|
||||
|
||||
hardware = {
|
||||
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
pulseaudio.enable = false;
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
useGlobalPkgs = true;
|
||||
useUserPackages = true;
|
||||
extraSpecialArgs = {inherit flake inputs;};
|
||||
|
||||
users.pim.imports = ["${flake}/home-manager"];
|
||||
};
|
||||
}
|
||||
|
|
57
nixos/gnome.nix
Normal file
|
@ -0,0 +1,57 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.gnome;
|
||||
in {
|
||||
options.pim.gnome.enable = lib.mkEnableOption "gnome";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
services = {
|
||||
gnome.gnome-keyring.enable = lib.mkForce false;
|
||||
|
||||
xserver = {
|
||||
desktopManager.gnome.enable = true;
|
||||
displayManager.gdm.enable = true;
|
||||
excludePackages = [pkgs.xterm];
|
||||
};
|
||||
};
|
||||
|
||||
environment = {
|
||||
systemPackages =
|
||||
[
|
||||
pkgs.gnome.gnome-shell-extensions
|
||||
]
|
||||
++ (with pkgs.gnomeExtensions; [
|
||||
pop-shell
|
||||
window-is-ready-remover
|
||||
random-wallpaper
|
||||
workspaces-indicator-by-open-apps
|
||||
]);
|
||||
|
||||
gnome.excludePackages =
|
||||
(with pkgs; [
|
||||
epiphany
|
||||
gnome-connections
|
||||
gnome-console
|
||||
gnome-tour
|
||||
])
|
||||
++ (with pkgs.gnome; [
|
||||
geary
|
||||
gnome-calendar
|
||||
gnome-clocks
|
||||
gnome-contacts
|
||||
gnome-font-viewer
|
||||
gnome-logs
|
||||
gnome-maps
|
||||
gnome-music
|
||||
seahorse
|
||||
totem
|
||||
yelp
|
||||
gnome-weather
|
||||
]);
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,41 +0,0 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }: {
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot.initrd.availableKernelModules =
|
||||
[ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device =
|
||||
"/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9";
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/87DA-B083";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[{ device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa"; }];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
hardware.cpu.intel.updateMicrocode =
|
||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
41
nixos/lanzaboote.nix
Normal file
|
@ -0,0 +1,41 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
inputs.lanzaboote.nixosModules.lanzaboote
|
||||
];
|
||||
|
||||
options = {
|
||||
pim.lanzaboote.enable = lib.mkEnableOption {
|
||||
description = ''
|
||||
Whether to enable lanzaboote
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf config.pim.lanzaboote.enable {
|
||||
boot = {
|
||||
# generate keys first with: `sudo nix run nixpkgs#sbctl create-keys`
|
||||
# switch from lzb to bootspec by adding following line to the system configuration:
|
||||
# bootspec.enable = true;
|
||||
|
||||
loader = {
|
||||
systemd-boot.enable = lib.mkForce false;
|
||||
# Use lanzaboote instead see below, default is:
|
||||
# systemd-boot.enable = true;
|
||||
|
||||
efi = {
|
||||
canTouchEfiVariables = true;
|
||||
};
|
||||
};
|
||||
|
||||
lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
22
nixos/sops.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{
|
||||
inputs,
|
||||
pkgs,
|
||||
flake,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.sops;
|
||||
in {
|
||||
imports = [inputs.sops-nix.nixosModules.sops];
|
||||
options.pim.sops.enable = lib.mkEnableOption "sops";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [sops];
|
||||
|
||||
sops = {
|
||||
age.keyFile = "/home/pim/.config/sops/age/keys.txt";
|
||||
defaultSopsFile = "${flake}/secrets/secrets.yaml";
|
||||
};
|
||||
};
|
||||
}
|
27
nixos/ssh.nix
Normal file
|
@ -0,0 +1,27 @@
|
|||
{lib, ...}: {
|
||||
options = {
|
||||
pim.ssh.keys = lib.mkOption {
|
||||
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
pim.ssh.keys = {
|
||||
pim = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"];
|
||||
niels = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"];
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh = {
|
||||
openFirewall = true;
|
||||
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
GSSAPIAuthentication = false;
|
||||
UseDns = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
47
nixos/stylix.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.stylix;
|
||||
in {
|
||||
imports = [inputs.stylix.nixosModules.stylix];
|
||||
options.pim.stylix.enable = lib.mkEnableOption "stylix";
|
||||
|
||||
config = {
|
||||
stylix = lib.mkMerge [
|
||||
{
|
||||
image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png";
|
||||
}
|
||||
(lib.mkIf cfg.enable {
|
||||
enable = true;
|
||||
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
|
||||
|
||||
cursor = {
|
||||
package = pkgs.bibata-cursors;
|
||||
name = "Bibata-Modern-Classic";
|
||||
size = 28;
|
||||
};
|
||||
|
||||
fonts = {
|
||||
monospace = {
|
||||
package = pkgs.nerdfonts.override {fonts = ["JetBrainsMono"];};
|
||||
name = "JetBrainsMono Nerd Font Mono";
|
||||
};
|
||||
|
||||
sansSerif = {
|
||||
package = pkgs.dejavu_fonts;
|
||||
name = "DejaVu Sans";
|
||||
};
|
||||
|
||||
serif = {
|
||||
package = pkgs.dejavu_fonts;
|
||||
name = "DejaVu Serif";
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
20
nixos/tailscale.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.tailscale;
|
||||
in {
|
||||
options.pim.tailscale.enable = lib.mkEnableOption "tailscale";
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = [pkgs.gnomeExtensions.tailscale-status];
|
||||
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
useRoutingFeatures = "client";
|
||||
};
|
||||
|
||||
networking.networkmanager.unmanaged = ["tailscale0"];
|
||||
};
|
||||
}
|
13
nixos/tidal.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.tidal;
|
||||
in {
|
||||
options.pim.tidal.enable = lib.mkEnableOption "tidal";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.users.pim.extraGroups = ["audio"];
|
||||
};
|
||||
}
|
|
@ -1,60 +0,0 @@
|
|||
{ stdenv
|
||||
, fetchurl
|
||||
, gnutar
|
||||
, autoPatchelfHook
|
||||
, glibc
|
||||
, gtk2
|
||||
, xorg
|
||||
, libgudev
|
||||
, makeDesktopItem
|
||||
}:
|
||||
let
|
||||
pname = "vuescan";
|
||||
version = "9.8";
|
||||
desktopItem = makeDesktopItem {
|
||||
name = "VueScan";
|
||||
desktopName = "VueScan";
|
||||
genericName = "Scanning Program";
|
||||
comment = "Scanning Program";
|
||||
icon = "vuescan";
|
||||
terminal = false;
|
||||
type = "Application";
|
||||
startupNotify = true;
|
||||
categories = [ "Graphics" "Utility" ];
|
||||
keywords = [ "scan" "scanner" ];
|
||||
|
||||
exec = "vuescan";
|
||||
};
|
||||
in
|
||||
stdenv.mkDerivation {
|
||||
name = "${pname}-${version}";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.hamrick.com/files/vuex6498.tgz";
|
||||
hash = "sha256-qTSZuNPCi+G4e7PfnJEDj8rBMYV/Tw/ye3nDspqIPlE=";
|
||||
};
|
||||
|
||||
# Stripping breaks the program
|
||||
dontStrip = true;
|
||||
|
||||
nativeBuildInputs = [ gnutar autoPatchelfHook ];
|
||||
|
||||
buildInputs = [ glibc gtk2 xorg.libSM libgudev ];
|
||||
|
||||
unpackPhase = ''
|
||||
tar xfz $src
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
install -m755 -D VueScan/vuescan $out/bin/vuescan
|
||||
|
||||
mkdir -p $out/share/icons/hicolor/scalable/apps/
|
||||
cp VueScan/vuescan.svg $out/share/icons/hicolor/scalable/apps/vuescan.svg
|
||||
|
||||
mkdir -p $out/lib/udev/rules.d/
|
||||
cp VueScan/vuescan.rul $out/lib/udev/rules.d/60-vuescan.rules
|
||||
|
||||
mkdir -p $out/share/applications/
|
||||
ln -s ${desktopItem}/share/applications/* $out/share/applications
|
||||
'';
|
||||
}
|
55
nixos/wireguard.nix
Normal file
|
@ -0,0 +1,55 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
cfg = config.pim.wireguard;
|
||||
in {
|
||||
options.pim.wireguard.enable = lib.mkEnableOption "wireguard";
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
networking = {
|
||||
useDHCP = lib.mkDefault true;
|
||||
networkmanager.unmanaged = ["tailscale0"];
|
||||
|
||||
wg-quick.interfaces = {
|
||||
home = {
|
||||
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
|
||||
address = ["10.225.191.4/24"];
|
||||
dns = ["192.168.30.131"];
|
||||
autostart = false;
|
||||
mtu = 1412;
|
||||
peers = [
|
||||
{
|
||||
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
|
||||
endpoint = "wg.kun.is:51820";
|
||||
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
||||
allowedIPs = ["0.0.0.0/0"];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
home-no-pihole = {
|
||||
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
|
||||
address = ["10.225.191.4/24"];
|
||||
dns = ["192.168.10.1"];
|
||||
autostart = false;
|
||||
mtu = 1412;
|
||||
peers = [
|
||||
{
|
||||
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
|
||||
endpoint = "wg.kun.is:51820";
|
||||
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
||||
allowedIPs = ["0.0.0.0/0"];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
sops.secrets = {
|
||||
"wireguard/home/presharedKey" = {};
|
||||
"wireguard/home/privateKey" = {};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
```bash
|
||||
nix run github:ryantm/agenix# -- -e secret1.age
|
||||
```
|
|
@ -1,12 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 LAPUww i6BkkMy9gSSVZ+L+EMYSLakp1qA4yOGbEkLrO4Ddbxs
|
||||
FsoRnCiPsJEKQj+2iJaqn+BbU+bFMAkReRotiV+0WCs
|
||||
-> ssh-ed25519 vBZj5g +6YFp3yYXSEzRMXu7WyURkJk/cA87irnW5FpKRYnGSA
|
||||
dJkMmnxyVEv/S9FmCrRkrYDCh+OwXK+UYno3ncr5nOk
|
||||
-> 6gQa-grease Yt+ucm#U |<d\`t
|
||||
SxpuSh2ee/jDNu7mXcn82fTt6/wy7ksA+W1xHQHiShJGvyyr6dTIPEk0qY1oqIPt
|
||||
HkQNvNYLpMwpAqSTvmcmybps4CoWt0x6GJ0aBPOlYEIuwHnJ5Pkvnf4U9wPuwr6Y
|
||||
zQ
|
||||
--- hHweNMiKEIEw/TwSGhElfRiQYqLtmhwylkMWvfthyGY
|
||||
?×%Ö¿H¹§G¤/Pì#’
|
||||
ÚŠÐÛäF±QÙç„lRÊDcNÖЉ
ç$Hs©ŠTæžø<C5BE>C¹ÊÁÏqVf¤àˆÝkëã•ø<E280A2>ï¡×OŒÞÛµæE•êgißžXŒ§sá”)gO¢.·]·æÐCJcè<63>E^EŸq:<3A>qß&™E™#¾ArĪə€ñì
|
24
secrets/pim.yaml
Normal file
|
@ -1,11 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 LAPUww NnvaPUzk3WjwC3nu7T47DXtNqDuysbgAccdF1kWO5yQ
|
||||
XYX2GfZSHrnhoKutbqVxB9zghbl1kZDyOTphUXvt8oQ
|
||||
-> ssh-ed25519 vBZj5g mpi+OE3ST+mP05IKimQrwOZxOaDgeUUoKujOOSXEljQ
|
||||
kwHkJu14Xpqgd4POeuLLcbech+Kh2XSfBed3M1Cu8DA
|
||||
-> =6-grease C`Yq5 Y2 4
|
||||
8sgSLLYCXkFRy0SFfNH0fhb14HonKVpVfkc1rc7sC7bXVXi8FGri/d/AW42G2J9m
|
||||
W/FfhKnGBAOj1cA/wPw4cqCcQKbux78C7BdN6EfrF+ddzF+n98EwtBJ/cjzRky+A
|
||||
FJJY
|
||||
--- sytjLDBFLb2VqtF3LSiSS1Nxb56oNtx2AGzhYCPItW8
|
||||
.ÚËr-Ò†±–åØè/BD$Õ¬F³Ðó¡FÜЙó‰SÅÙ/MœÎËâò ª¸òi/<2F># ‹šÙqžï%u7ÍŸ6ƒör…W ¸öe?…ƒÉ…i,·ÐÑä[ÁY¤9ÙÿÀÁ
|
|
@ -1,23 +0,0 @@
|
|||
let
|
||||
pkgs = import <nixpkgs> { };
|
||||
publicKeysURL =
|
||||
"https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
|
||||
publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
|
||||
publicKeys = pkgs.lib.strings.splitString "\n"
|
||||
(pkgs.lib.strings.fileContents publicKeysFile);
|
||||
in
|
||||
{
|
||||
"wg-quick-home-privkey.age".publicKeys = publicKeys;
|
||||
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
|
||||
"sue_ed25519.age".publicKeys = publicKeys;
|
||||
"sue_azure_rsa.age".publicKeys = publicKeys;
|
||||
"syncthing-key.pem.age".publicKeys = publicKeys;
|
||||
"syncthing-cert.pem.age".publicKeys = publicKeys;
|
||||
"common-pg-tfbackend.age".publicKeys = publicKeys;
|
||||
"ansible-vault-secret.age".publicKeys = publicKeys;
|
||||
"powerdns-api-key.json.age".publicKeys = publicKeys;
|
||||
"keepassxc.ini.age".publicKeys =
|
||||
publicKeys; # Secret agent causes private keys in config file.
|
||||
"postgresql_client.key.age".publicKeys = publicKeys;
|
||||
"k3s-pim-privkey.age".publicKeys = publicKeys;
|
||||
}
|
25
secrets/secrets.yaml
Normal file
|
@ -0,0 +1,25 @@
|
|||
testje: ENC[AES256_GCM,data:kMnaocttth1O6g==,iv:mV9gEMdomVhmOTBUWIFz3o23TBb7DLM2rXI/Tb81bSg=,tag:qj6TlvW5sY6Ek9M0GIqB3A==,type:str]
|
||||
wireguard:
|
||||
home:
|
||||
presharedKey: ENC[AES256_GCM,data:H+oCRsg2ikN9KyVacEFasYmx5XE1zrnjBthkL5OitOXHTr4Ls0zwoF5StXs=,iv:N63wO4TKagbweStqf7wL3YZ0njxDNvrISErPao5wf7o=,tag:67kZcNaCzv3RI41XmA+UFQ==,type:str]
|
||||
privateKey: ENC[AES256_GCM,data:WcPVrLiy2JJvzIh7sUpHMnt1MNx5rw5bI+xGmkitC9nEiNytMG71wmlC4d0=,iv:sl8gZgCzaW10UH0GLycvQVHqBlDVq7BUgoIEl41lc20=,tag:7oLlVjulxuEsW+pS8sZ+Ew==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWL1dlTjFNTXRPd0ppbE1i
|
||||
THlsMzB1K041eUdTemRseGk5dkVwUDk2TFIwCnR1WE9iYXhHWHprZCtlSFExakhs
|
||||
R0FtcEc0VTJ4WFBORFluYTdBTFh1NzAKLS0tIGtrYkVPSEVXV1dnb1J4V1pkQktW
|
||||
VjNXUkpmVmxyNDNsT0ZjQjhOYklEbW8KV86AD+8QE14BZxWb7TVolwlcy1eFKxks
|
||||
rOpqcXBqtUPaBC10IhVV434DGFIZMtRuYEQ4G/sdCsc3qiNxO3Cl4A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-15T14:04:18Z"
|
||||
mac: ENC[AES256_GCM,data:6YKdfUk4ltXQ6U7FHs9ehGDUVzfZo1cKnSJMp+zYBEBnhmz7LdCBZycBpJ9syJn4WW1jZ8Bz7+lIxDsXm35AhjI+Mia20BqcWotcCaoHUslK+QV/YRIw8wxP7pvOKNeTa9UMhrcpXBVJxdQvKEBZPWziD4Xk3RGomvGEjB3xXKY=,iv:Tvgo/tlxnNk31C/cqCAKIGRdYEug9DdqeIUdJgQj4yE=,tag:z/tWTyiYmUmc2zVc3mQq0Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,12 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 LAPUww 0YS+10yTGhQwLKj5SZkyHLAOMHScnEXuW8H1LJSJJl8
|
||||
fYIEukt41D5s417B6EcCj5DP0JCcqDKIzdUqGeNLguQ
|
||||
-> ssh-ed25519 vBZj5g ufNv/vQfhTj203S9NhLoTs3AK3v1MQC73oPLhj7TJQ8
|
||||
/ExO1bN02B6uJoWiVQDqRQ6yMd4o3qR3sUpN9OHEW50
|
||||
-> 9f-grease p
|
||||
6eUQ4dl855OIlCfN61wQ/7n8
|
||||
--- WTuEDM+CWDqaep0MlbCL1QXXzDumVR4WCXhyA3b7zm8
|
||||
Û,”ùQÎófç¥w—‹>Óœ×ÿ¿g7QÂå×Ú¤2*ð<>„ù0.Ž3zy‹•DØ#ö1ö<31>4™¹ÀE$Nw7îqAÊp¹&g;„®
|
||||
¢VÊ\oø_^èW¼<>-WÞ‚(k\¬ÝRµb£{h<*ìèÒçظ¤11gKÏâk<C3A2>U,Ñ$>p®zoÑlÏ5\dSÌ4OOû\¯+yÿúà(–Ä×Çå+»ñëÿçbãj¼Eº)}ì$ÒŽ¬T?»
|
||||
ÿ%;Ž¿QFiçº4ŽJH®Ÿå<C2AD>™6‹AúSâÑÜЉãˆ<C3A3>k˜Z²?ܸ”MY26ËhÊ]e”µ(¤a¤&[‘ͳ°0‡juSóXKúNd>,Ûçv®ÔŠ¬
|
||||
ѳF¾/BnùšgæO©m}~¦‡z™‚i‰Üx£GàÈöb
|
|
@ -1,9 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 LAPUww Wlatyvlg6jc+ISAQu1QEA62IUeWnriQJg+ChseMcyFI
|
||||
tRhEc/mkG7FFZO2G5A+0NNCj693Q3dbDhMOBxKmCBjw
|
||||
-> ssh-ed25519 vBZj5g HdeqB71NJkEFgXb0LPefYl+kwQNUYJQAHBEDxKdPqxk
|
||||
6mUCxbBT6PpAf0BwTD6Tv7pDZzWmHxBWw+/IbgLXQZA
|
||||
-> N-grease
|
||||
OKOvPc2zAXju6FzjNzuCZiF9pN2hmmxMMRWxZwXar8MR
|
||||
--- QR9PJv7R2ASeHrsBO7SuZzAB9s5fD0jT/qEFuJx8CNg
|
||||
Š·_AéZñRIWnO†¢'j—̤,ÄØÃ#†ò™ZPjJ©è&Zô˜ôÎÃ…›ÿ°ë…{ÕW…ðÚ˜,°×w›Þˆ %Ó±‰%
|
|
@ -1,10 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 LAPUww ST/R4vPro6VMrJgRJqMIYkhaQJ0EV0ss/yX94BAxSWE
|
||||
VIWQpIuuf0OS4z1D1QsFRvvWrmbo6LJEdPJ7jmbhv+w
|
||||
-> ssh-ed25519 vBZj5g GAlVKDrXvlR7FqID4Rbpb64QChS8rwUCyJdxg2PXSw0
|
||||
cS8pDXkYvvFsiTt0i6s5r/7cxbf5IcjiNQWQAcgoXFg
|
||||
-> w-grease s,fAjpd YvL[bWVw $h4j|^ >JU
|
||||
EO9ZKdn19mADx6rwhpKftX/QxZ4yNlXgZttyn0rBpSZuVfX8Oj430VppAZ5RYwn9
|
||||
zHqBvBs6VEYUt4jOWOGl/idBNg
|
||||
--- OnaKsFMYoiOP1T2o4GIgME6KQqWqwIQM9WADk28E9qA
|
||||
<<16>˜±n-ã¸þ”iìÙ÷bÖRä¿·â;¢©Ö)¸“[G[Õ–„·FÔX°ä<C2B0>?Hne•®ò&’n¸m#œ$}”¸e]Õ-6ᢾx„
|
3
switch
|
@ -1,3 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
sudo nixos-rebuild switch --flake ./#pim
|
4
treefmt.nix
Normal file
|
@ -0,0 +1,4 @@
|
|||
{...}: {
|
||||
projectRootFile = "flake.nix";
|
||||
programs.alejandra.enable = true;
|
||||
}
|
After Width: | Height: | Size: 1.2 MiB |
After Width: | Height: | Size: 1.1 MiB |
After Width: | Height: | Size: 486 KiB |
After Width: | Height: | Size: 10 MiB |
After Width: | Height: | Size: 2.7 MiB |
After Width: | Height: | Size: 2.5 MiB |
After Width: | Height: | Size: 3.2 MiB |
After Width: | Height: | Size: 2.9 MiB |
After Width: | Height: | Size: 2.7 MiB |
After Width: | Height: | Size: 2.9 MiB |
After Width: | Height: | Size: 3 MiB |
After Width: | Height: | Size: 2.6 MiB |
After Width: | Height: | Size: 2.8 MiB |
After Width: | Height: | Size: 2.6 MiB |
After Width: | Height: | Size: 2.9 MiB |
After Width: | Height: | Size: 2.6 MiB |
After Width: | Height: | Size: 2.7 MiB |
After Width: | Height: | Size: 2.8 MiB |
After Width: | Height: | Size: 3.1 MiB |
After Width: | Height: | Size: 3 MiB |
After Width: | Height: | Size: 2.9 MiB |
After Width: | Height: | Size: 2.9 MiB |