Compare commits

..

100 commits

Author SHA1 Message Date
5374402dde Install Steam and Lutris on gamepc 2024-11-13 23:03:23 +01:00
5bd06edb5d Disable NetworkManager-wait-online 2024-11-12 21:57:40 +01:00
1ed220cbb0 Update flake inputs
Disable wait-online
Disable wpa_supplicant p2p
Disable cosmic specialiastion for now
2024-11-12 21:32:42 +01:00
a2dc4931ce Format JSON files
Update facter.json for sue and gamepc
2024-11-11 22:44:45 +01:00
3d56dde874 Add deployment instructions to README 2024-11-11 22:39:22 +01:00
5b18f0bbf6 Remove relative path in flake check 2024-11-11 22:33:24 +01:00
ae3b8d2c4a Put dev-shells back in flake.nix for automatic reload
Add colmena to dev shell
2024-11-11 22:29:39 +01:00
fbf713321c Add shell abbreviation for git push --force 2024-11-11 22:05:28 +01:00
c248f8b3c5 Update README.md 2024-11-11 22:01:56 +01:00
9ccbf41324 Create home-manager module for sops 2024-11-11 21:57:58 +01:00
8c35cb9f61 Fix nixosConfigurations flake output 2024-11-11 21:50:00 +01:00
d70a737bc2 Split flake into multiple files 2024-11-11 21:40:36 +01:00
47c2a10ee7 Configure Tailscale on gamepc 2024-11-11 21:00:51 +01:00
cca6d259a7 Use Colmena for deployment 2024-11-11 20:43:36 +01:00
51312397b5 Simplify tailscale configuration 2024-11-10 12:16:05 +01:00
59b58faeb5 Add module to configure sshd 2024-11-09 16:54:33 +01:00
14e269c02c gamepc: Increase swap to 4GB
Separate installed packages in home-manager
2024-11-09 12:49:23 +01:00
87153f15be Put boot partition on RAID1 device
Create users with empty password on gamepc
2024-11-09 12:25:07 +01:00
3e3f589e4f Fix boot for gamepc 2024-11-09 10:29:18 +01:00
a58aa96a60 Add configuration for gamepc 2024-11-07 20:47:40 +01:00
d3684cdd1f Remove nixos-hardware 2024-11-07 19:16:33 +01:00
02108d60ae Use nixos-facter for hardware configuration 2024-11-07 19:10:08 +01:00
f27055e57a Update git-hooks 2024-10-30 21:18:18 +01:00
e42a6ceacf Git ignore .pre-commit-config.yaml
Add fish abbreviation for git commit --amend
Don't autoformat when writing commit message in neovim
2024-10-28 13:16:31 +01:00
4cb90679a2 Run treefmt on nvim buffer save 2024-10-28 13:02:12 +01:00
0d6ad4b9c1 Add git-hooks 2024-10-28 12:25:19 +01:00
41785ece70 Add specialisation with nixos-cosmic 2024-10-28 11:38:31 +01:00
d427be6e4a Modularize stuff better 2024-10-27 12:23:43 +01:00
5b92ddde89 Make system compliant with company policy 2024-10-27 10:36:13 +01:00
cb6849ccd0 Remove old systems 2024-10-26 20:35:14 +02:00
573a8cc407 Format repo 2024-10-26 20:33:47 +02:00
db14de3471 Add formatter 2024-10-26 20:33:37 +02:00
08b0fbcd0c Move some stuff to modules 2024-10-26 20:24:13 +02:00
61640c0580 WIP: Working cosmic installation 2024-10-26 11:59:32 +02:00
ebfff58648 Update flake inputs 2024-10-25 15:12:53 +02:00
ed259d06cf Add tidal module
Tweak vscode settings
2024-10-25 14:30:53 +02:00
778208078c Uninstall vitals and runcat again
Uninstall thunderbird
2024-10-12 11:38:06 +02:00
a7e1fcd0d9 Install some Gnome extensions
Disable neovim auto formatting
2024-10-11 00:46:14 +02:00
cd66409759 Update flake inputs 2024-10-10 20:29:46 +02:00
ebe6523622 Add vscode 2024-10-10 19:57:32 +02:00
c6a6b22c5c Update flake inputs 2024-09-24 22:33:07 +02:00
f115729b24 Replace zsh with fish
Install nix-index and nix-index-database
Update flake inputs
2024-09-24 22:19:37 +02:00
5d675cbaad Update flake inputs 2024-09-19 19:13:23 +02:00
e692a80d1c Update flake inputs
Disable Nheko due to insecure dependency
Unmanage tailscale0 with NetworkManager
2024-09-02 08:13:33 +02:00
d754476865 Enable fzf to find files
Install feishin
closes #34
2024-09-01 16:32:12 +02:00
ca6d704524 Revert "Update flake inputs"
This reverts commit aa7c2bac3b.
2024-08-09 18:38:19 +02:00
17433101a5 Revert "fix: Fix audio for xps 9315"
This reverts commit 1f70f75ca7.
2024-08-09 18:38:16 +02:00
1f70f75ca7 fix: Fix audio for xps 9315 2024-08-04 10:58:07 +02:00
aa7c2bac3b Update flake inputs 2024-07-30 18:41:46 +02:00
d40bbc417c feat(tailscale): Enable routing features
fix(wireguard): Disable autoconnect to prevent clashing with tailscale
fix(ssh): Remove aliases that clash with tailscale magicDNS
2024-07-23 22:52:04 +02:00
f933a38b7d Enable tailscale
Install nheko and handbrake
Enable cdrom kernel module
2024-07-22 20:26:10 +02:00
03164646a5 chore(nix): Update Nix flake inputs 2024-07-12 17:00:02 +02:00
ebc3ad8204 Autostart Wireguard tunnel again
Disable up arrow for Atuin
2024-07-12 11:49:18 +02:00
95f36524e2 Update flake inputs
Explicitly enable stylix
2024-07-12 10:20:51 +02:00
46cf4907cb Disable ipv6 for wireguard tunnel until fixed 2024-06-30 22:18:28 +02:00
93104ed7e0 Enable camera for Dell XPS
Install lshw
Set default Git branch to master
2024-06-22 16:24:50 +02:00
0cecc75e3d Clean up secret management
Update readme
2024-06-15 18:21:07 +02:00
5d752cb279 Replace homeage with sops-nix 2024-06-15 18:10:55 +02:00
03608f96d7 Replace agenix with sops-nix 2024-06-15 16:20:03 +02:00
80530d6290 Disable safe operations in zsh
Install ncdu
Rotate wallpaper every 30 minutes
2024-06-15 15:16:59 +02:00
62265a466c Manage default applications with home-manager 2024-06-15 14:18:36 +02:00
b6b5d5901c Add gnome extension to use random wallpapers
Add collection of wallpapers
2024-06-13 23:32:04 +02:00
9c83729db0 Deploy sops age key with homeage 2024-06-13 09:01:57 +02:00
d11fc9ba6d Add Atuin
Disable fzf
Add keybindings to move panes in tmux
Fix gnome move to workspace 1 keybinding
Set number of gnome workspaces
Enable edge tiling in gnome
2024-06-12 23:12:04 +02:00
5bfab60b73 Use tmux 2024-06-11 19:59:58 +02:00
867912a676 Replace Bash with ZSH
Uninstall some unneeded GNOME programs
2024-06-09 23:01:34 +02:00
c3bddc6c44 Remove unnecessary directories 2024-06-09 22:06:21 +02:00
afcc583dcf Reorganize and refactor project 2024-06-09 22:00:47 +02:00
ed1e654706 Install Stylix
Install Pop!_OS shell
Enable Jack emulation in Pipewire
Set a wallpaper
Replace Terminator with Alacritty
Copy GNOME config to dconf
2024-06-09 20:31:39 +02:00
235efa07e8 Update system to NixOS 24.05 2024-06-04 21:21:38 +02:00
a3ed1136f1 Install Krita and Bottles 2024-06-04 20:50:14 +02:00
3d33b0c7a5 Fix mounting of /boot
Fix importing disko for x201
2024-05-26 20:57:48 +02:00
955f9e3a07 Add x201 configuration
Create module for lanzaboote
2024-05-26 17:12:52 +02:00
e069bd25a2 Install pipewire
Install borgbackup tools
Don't clean cookies in librewolf
Merge nixos configuration and hardware configuration
2024-05-25 16:37:37 +02:00
b6b5d8344c Move from firefox to librewolf for dialy browsing
Fix wrong hostname set
2024-05-19 13:01:27 +02:00
db7238afe3 Split between personal and work laptop 2024-05-16 18:48:46 +02:00
1d3125a5b4 Update flake inputs 2024-05-11 14:37:56 +02:00
3d4ac7c7e1 Disable USB webcam 2024-05-11 09:53:50 +02:00
dbe5349bae Install hexchat
Reduce MTU on wireguard tunnel
2024-05-05 18:07:40 +02:00
f03c7117bb Disable sponsored Firefox top sites 2024-05-03 22:31:15 +02:00
acdf4f02af Run unstable of various desktop apps 2024-05-03 22:14:13 +02:00
9f678ee151 Update flake 2024-05-03 21:30:07 +02:00
07538a39d1 Add my username to trusted nix users
Add attic client
Use BBR as TCP congestion control algorithm
2024-04-29 15:19:17 +02:00
2ac437d742 update nixpkgs unstable
add devenv
2024-04-20 18:48:35 +02:00
6bfdf579c5 don't manage k8s config
clean up ssh config hosts
remove cert authorities from ssh config
2024-04-20 10:57:13 +02:00
e0825def24 instal lrefined-github firefox addon
use stable none-ls
2024-03-04 21:20:48 +01:00
60e417e003 add jellyfin client 2024-02-18 22:05:23 +01:00
1a11f3af42 add vorta 2024-02-12 22:42:00 +01:00
5dfe47a4a0 update flake inputs
install insomnia
2024-02-11 13:13:32 +01:00
351fc8384c use kagi for web search 2024-02-03 10:11:07 +01:00
260fd7d573 use lanzaboote 2024-01-29 21:05:48 +01:00
fed5e8010d add vmware horizon client 2024-01-28 14:31:45 +01:00
cad90372d4 replace wireguard endpoint domain name 2024-01-21 12:11:52 +01:00
9765e72a99 fix ipv6 for wireguard
add myself to dialout group
2024-01-20 16:51:25 +01:00
8251863999 update readme 2024-01-13 14:03:13 +01:00
adf2f1e7cb add additional wireguard interface without pihole
install traceroute and units
2024-01-13 14:00:17 +01:00
9e639175fd install wireshark and dbeaver 2023-12-31 16:18:12 +01:00
48e3ccc742 update flake inputs 2023-12-30 14:22:11 +01:00
f1f9432f3e don't manage syncthing config in nix 2023-12-29 12:38:33 +01:00
c2f9f4a83a allow volume above 100% 2023-12-29 11:02:34 +01:00
95 changed files with 10528 additions and 1049 deletions

2
.envrc
View file

@ -1 +1 @@
PATH_add . use flake

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
result result
.direnv .direnv
.pre-commit-config.yaml

2
.sops.yaml Normal file
View file

@ -0,0 +1,2 @@
creation_rules:
- age: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw

View file

@ -1,20 +1,17 @@
# nixos-laptop # nixos-laptop
NixOS configuration for my laptop. NixOS configurations for my personal machines (contrary to the repo's name, it contains a desktop).
My configuration is simple: I have one personal laptop with one user.
## Features Currently managed systems:
- **sue**: My current laptop, a Dell XPS 9315. It has two flavours:
- Default running GNOME
- Specialisation running Cosmic
- **gamepc**: My gaming PC running Cinnamon
- Nixpkgs 23.11 ## Deployment
- Flakes!
- [Nix User Repository (NUR)](https://github.com/nix-community/NUR) - **sue**: `colmena apply-local --sudo --impure`
- Currently only used for Firefox Plugins - **gamepc**: `colmena apply --on gamepc --impure`
- [Home Manager](https://github.com/nix-community/home-manager)
- For managing my configuration for my user > [!NOTE]
- [Agenix](https://github.com/ryantm/agenix) > Currently the `--impure` is necessary until I upgrade to NixOS 24.11. See [this PR](https://github.com/zhaofengli/colmena/pull/228).
- To deploy global system secrets, like:
- Wireguard private key and shared secret
- [Homeage](https://github.com/jordanisaacs/homeage)
- To deploy secrets in my home directory, like:
- SSH keys
- Syncthing private key

15
checks.nix Normal file
View file

@ -0,0 +1,15 @@
{
self,
flake-utils,
git-hooks,
...
}:
flake-utils.lib.eachDefaultSystem (system: {
checks.pre-commit-check = git-hooks.lib.${system}.run {
src = self;
hooks.treefmt = {
enable = true;
package = self.packages.${system}.formatter;
};
};
})

41
colmena.nix Normal file
View file

@ -0,0 +1,41 @@
inputs @ {
self,
nixpkgs,
...
}: {
colmena = {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
};
specialArgs = {
inherit inputs self;
};
};
sue = {
deployment = {
allowLocalDeployment = true;
targetHost = null;
};
imports = [
(import ./machines).sue.module
./nixos
];
};
gamepc = {
deployment = {
targetHost = "gamepc";
targetUser = "root";
};
imports = [
(import ./machines).gamepc.module
./nixos
];
};
};
}

View file

@ -1,49 +1,389 @@
{ {
"nodes": { "nodes": {
"agenix": { "base16": {
"inputs": { "inputs": {
"darwin": "darwin", "fromYaml": "fromYaml"
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1703433843, "lastModified": 1708890466,
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", "narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=",
"owner": "ryantm", "owner": "SenchoPens",
"repo": "agenix", "repo": "base16.nix",
"rev": "417caa847f9383e111d1397039c9d4337d024bf0", "rev": "665b3c6748534eb766c777298721cece9453fdae",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "ryantm", "owner": "SenchoPens",
"repo": "agenix", "repo": "base16.nix",
"type": "github" "type": "github"
} }
}, },
"darwin": { "base16-fish": {
"flake": false,
"locked": {
"lastModified": 1622559957,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"type": "github"
}
},
"base16-foot": {
"flake": false,
"locked": {
"lastModified": 1696725948,
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
"owner": "tinted-theming",
"repo": "base16-foot",
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-foot",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1696727917,
"narHash": "sha256-FVrbPk+NtMra0jtlC5oxyNchbm8FosmvXIatkRbYy1g=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "dbe1480d99fe80f08df7970e471fac24c05f2ddb",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-kitty": {
"flake": false,
"locked": {
"lastModified": 1665001328,
"narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=",
"owner": "kdrag0n",
"repo": "base16-kitty",
"rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805",
"type": "github"
},
"original": {
"owner": "kdrag0n",
"repo": "base16-kitty",
"type": "github"
}
},
"base16-tmux": {
"flake": false,
"locked": {
"lastModified": 1696725902,
"narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
"owner": "tinted-theming",
"repo": "base16-tmux",
"rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-tmux",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1663659192,
"narHash": "sha256-uJvaYYDMXvoo0fhBZUhN8WBXeJ87SRgof6GEK2efFT0=",
"owner": "chriskempson",
"repo": "base16-vim",
"rev": "3be3cd82cd31acfcab9a41bad853d9c68d30478d",
"type": "github"
},
"original": {
"owner": "chriskempson",
"repo": "base16-vim",
"type": "github"
}
},
"crane": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"rust-overlay": [
"lanzaboote",
"rust-overlay"
]
},
"locked": {
"lastModified": 1681177078,
"narHash": "sha256-ZNIjBDou2GOabcpctiQykEQVkI8BDwk7TyvlWlI4myE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "0c9f468ff00576577d83f5019a66c557ede5acf6",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"agenix",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1700795494, "lastModified": 1731274291,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=",
"owner": "lnl7", "owner": "nix-community",
"repo": "nix-darwin", "repo": "disko",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "lnl7", "owner": "nix-community",
"ref": "master", "repo": "disko",
"repo": "nix-darwin", "type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1717312683,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1680392223,
"narHash": "sha256-n3g7QFr85lDODKt250rkZj2IFS3i4/8HBU2yKHO3tqw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "dcc36e45d054d7bb554c9cdab69093debd91a0b5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1689549921,
"narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nixpkgs-unstable"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1730814269,
"narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "d70155fdc00df4628446352fc58adc640cd705c2",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1713702291,
"narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "46.1",
"repo": "gnome-shell",
"type": "github" "type": "github"
} }
}, },
@ -54,79 +394,213 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703367386, "lastModified": 1726989464,
"narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-23.11", "ref": "release-24.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"homeage": { "home-manager_2": {
"inputs": {
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1714981474,
"narHash": "sha256-b3/U21CJjCjJKmA9WqUbZGZgCvospO3ArOUTgJugkOY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6ebe7be2e67be7b9b54d61ce5704f6fb466c536f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1682802423,
"narHash": "sha256-Fb5TeRTdvUlo/5Yi2d+FC8a6KoRLk2h1VE0/peMhWPs=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "64b903ca87d18cef2752c19c098af275c6e51d63",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.3.0",
"repo": "lanzaboote",
"type": "github"
}
},
"nix-index-database": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1669234151, "lastModified": 1731209121,
"narHash": "sha256-TwT87E3m2TZLgwYJESlype14HxUOrRGojPM5C2akrMg=", "narHash": "sha256-BF7FBh1hIYPDihdUlImHGsQzaJZVLLfYqfDx41wjuF0=",
"owner": "jordanisaacs", "owner": "nix-community",
"repo": "homeage", "repo": "nix-index-database",
"rev": "02bfe4ca06962d222e522fff0240c93946b20278", "rev": "896019f04b22ce5db4c0ee4f89978694f44345c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "jordanisaacs", "owner": "nix-community",
"repo": "homeage", "repo": "nix-index-database",
"type": "github" "type": "github"
} }
}, },
"nixos-hardware": { "nixos-artwork": {
"flake": false,
"locked": { "locked": {
"lastModified": 1702453208, "lastModified": 1727557872,
"narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=", "narHash": "sha256-JHbMSIIrHDkbAHO6vSsDRBiwuQcxLoIilbxptrTrXB4=",
"owner": "NixOS", "ref": "refs/heads/master",
"repo": "nixos-hardware", "rev": "ea1384e183f556a94df85c7aa1dcd411f5a69646",
"rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6", "revCount": 212,
"type": "git",
"url": "https://github.com/NixOS/nixos-artwork.git"
},
"original": {
"type": "git",
"url": "https://github.com/NixOS/nixos-artwork.git"
}
},
"nixos-cosmic": {
"inputs": {
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": [
"nixpkgs-unstable"
],
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1731289077,
"narHash": "sha256-8Waya6WKqgWkYqbr1zkuyd1vNKgQb/QxfHLSMzp/LqU=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "274f08b587d403940cd8d8da13a89ee094d3bc96",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "lilyinstarlight",
"ref": "master", "repo": "nixos-cosmic",
"repo": "nixos-hardware", "type": "github"
}
},
"nixos-facter-modules": {
"locked": {
"lastModified": 1730798058,
"narHash": "sha256-2KexAe17KRg2191SdBxVXqJKwV6MxKzlE35DDcAX+Ds=",
"owner": "numtide",
"repo": "nixos-facter-modules",
"rev": "d0e205eafca7091caad3925ff82a46fea08351e1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nixos-facter-modules",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1703200384, "lastModified": 1731139594,
"narHash": "sha256-q5j06XOsy0qHOarsYPfZYJPWbTbc8sryRxianlEPJN0=", "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0b3d618173114c64ab666f557504d6982665d328", "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-23.11", "ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1678872516,
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1730602179,
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1703134684, "lastModified": 1730958623,
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", "narHash": "sha256-JwQZIGSYnRNOgDDoIgqKITrPVil+RMWHsZH1eE1VGN0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d6863cbcbbb80e71cecfc03356db1cda38919523", "rev": "85f7e662eda4fa3a995556527c87b2524b691933",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -136,13 +610,61 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1731239293,
"narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9256f7c71a195ebe7a218043d9f93390d49e6884",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1714912032,
"narHash": "sha256-clkcOIkg8G4xuJh+1onLG4HPMpbtzdLv4rHxFzgsH9c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ee4a6e0f566fe5ec79968c57a9c2c3c25f2cf41d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1726871744,
"narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1703528695, "lastModified": 1731361079,
"narHash": "sha256-vHC5auhnV5JZLaERNpYu0A2+zX0eiwzsT0iIuT40Dmo=", "narHash": "sha256-pDgguZxBXKxLkZljiYCmJpWM341Cj52A41IdbNqlEWU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "747c0cbbecc987e67f49680b6753cc0e8ab355c5", "rev": "2fa8be0cf07b2ddcca3615f19e8d07e831bf4d40",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -151,15 +673,150 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore_2",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1681413034,
"narHash": "sha256-/t7OjNQcNkeWeSq/CFLYVBfm+IEnkjoSm9iKvArnUUI=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "d3de8f69ca88fb6f8b09e5b598be5ac98d28ede5",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "disko": "disko",
"flake-utils": "flake-utils",
"git-hooks": "git-hooks",
"home-manager": "home-manager", "home-manager": "home-manager",
"homeage": "homeage", "lanzaboote": "lanzaboote",
"nixos-hardware": "nixos-hardware", "nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs", "nixos-artwork": "nixos-artwork",
"nixos-cosmic": "nixos-cosmic",
"nixos-facter-modules": "nixos-facter-modules",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur" "nur": "nur",
"sops-nix": "sops-nix",
"stylix": "stylix",
"treefmt-nix": "treefmt-nix"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682129965,
"narHash": "sha256-1KRPIorEL6pLpJR04FwAqqnt4Tzcm4MqD84yhlD+XSk=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "2c417c0460b788328220120c698630947547ee83",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"nixos-cosmic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731119076,
"narHash": "sha256-2eVhmocCZHJlFAz6Mt3EwPdFFVAtGgIySJc1EHQVxcc=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "23c4b3ba5f806fcf25d5a3b6b54fa0d07854c032",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1731213149,
"narHash": "sha256-jR8i6nFLmSmm0cIoeRQ8Q4EBARa3oGaAtEER/OMMxus=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "f1675e3b0e1e663a4af49be67ecbc9e749f85eb7",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-foot": "base16-foot",
"base16-helix": "base16-helix",
"base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_4",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1726776484,
"narHash": "sha256-SPnk08RnllF8CD9Ndbe828Z1OmlviJ+ZJLsiT7V/+4A=",
"owner": "pizzapim",
"repo": "stylix",
"rev": "d444b97c5e691a2a468000c939119798e42b4f0f",
"type": "github"
},
"original": {
"owner": "pizzapim",
"ref": "release-24.05",
"repo": "stylix",
"type": "github"
} }
}, },
"systems": { "systems": {
@ -176,6 +833,39 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1730321837,
"narHash": "sha256-vK+a09qq19QNu2MlLcvN4qcRctJbqWkX7ahgPZ/+maI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "746901bb8dba96d154b66492a29f5db0693dbfcc",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

114
flake.nix
View file

@ -2,63 +2,75 @@
description = "My NixOS configuration"; description = "My NixOS configuration";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
stylix.url = "github:pizzapim/stylix/release-24.05";
treefmt-nix.url = "github:numtide/treefmt-nix";
nixos-facter-modules.url = "github:numtide/nixos-facter-modules";
flake-utils.url = "github:numtide/flake-utils";
git-hooks = {
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nix-index-database = {
url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager?ref=release-23.11"; url = "github:nix-community/home-manager?ref=release-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
homeage = {
url = "github:jordanisaacs/homeage";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
};
outputs = lanzaboote = {
{ nixpkgs url = "github:nix-community/lanzaboote/v0.3.0";
, nixpkgs-unstable inputs.nixpkgs.follows = "nixpkgs";
, home-manager };
, homeage
, agenix
, nur
, nixos-hardware
, ...
}: {
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
nixosConfigurations.pim = nixpkgs.lib.nixosSystem rec { disko = {
system = "x86_64-linux"; url = "github:nix-community/disko";
modules = [ inputs.nixpkgs.follows = "nixpkgs";
{
nixpkgs.overlays = [
nur.overlay
(final: _prev: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
})
];
}
./nixos
agenix.nixosModules.default
nixos-hardware.nixosModules.lenovo-thinkpad-x260
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.pim = {
imports = [ ./home-manager homeage.homeManagerModules.homeage ];
};
}
];
};
}; };
nixos-artwork = {
type = "git";
url = "https://github.com/NixOS/nixos-artwork.git";
flake = false;
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-cosmic = {
url = "github:lilyinstarlight/nixos-cosmic";
inputs.nixpkgs-stable.follows = "nixpkgs-unstable";
};
};
outputs = inputs @ {
self,
nixpkgs,
flake-utils,
...
}:
(flake-utils.lib.meld inputs [
./packages.nix
./formatter.nix
./nixos-configurations.nix
./checks.nix
./colmena.nix
])
// flake-utils.lib.eachDefaultSystem (system: {
devShells.default = nixpkgs.legacyPackages.${system}.mkShell {
inherit (self.checks.${system}.pre-commit-check) shellHook;
buildInputs =
self.checks.${system}.pre-commit-check.enabledPackages
++ (with nixpkgs.legacyPackages.${system}; [colmena]);
};
});
} }

8
formatter.nix Normal file
View file

@ -0,0 +1,8 @@
{
self,
flake-utils,
...
}:
flake-utils.lib.eachDefaultSystem (system: {
formatter = self.packages.${system}.formatter;
})

View file

@ -1,20 +0,0 @@
{
config = {
programs.bash = {
enable = true;
shellAliases = {
htop = "btop";
gp = "git push";
gco = "git checkout";
gd = "git diff";
gc = "git commit";
gpl = "git pull";
gb = "git branch";
ga = "git add";
gl = "git log";
gs = "git status";
tf = "tofu";
};
};
};
}

View file

@ -1,8 +0,0 @@
{
config = {
programs.bat = {
enable = true;
config.theme = "gruvbox-dark";
};
};
}

View file

@ -1,135 +1,249 @@
{ pkgs, lib, config, ... }: { {
lib,
config,
inputs,
self,
...
}: {
imports = [ imports = [
./bash
./neovim ./neovim
./firefox ./firefox
./ssh ./tidal.nix
./syncthing ./gnome.nix
./keepassxc ./syncthing.nix
./git ./vscode.nix
./direnv ./sops.nix
./thunderbird inputs.nix-index-database.hmModules.nix-index
./fzf
./bat
]; ];
xsession.enable = true;
xdg = {
userDirs.enable = true;
mimeApps = {
enable = true;
defaultApplications = let
applications = {
telegram = {
mimeApp = "org.telegram.desktop.desktop";
mimeTypes = ["x-scheme-handler/tg"];
};
librewolf = {
mimeApp = "librewolf.desktop";
mimeTypes = [
"x-scheme-handler/http"
"text/html"
"application/xhtml+xml"
"x-scheme-handler/https"
"application/pdf"
];
};
gnomeTextEditor = {
mimeApp = "org.gnome.TextEditor.desktop";
mimeTypes = ["text/plain"];
};
loupe = {
mimeApp = "org.gnome.Loupe.desktop";
mimeTypes = [
"image/jpeg"
"image/png"
"image/gif"
"image/webp"
"image/tiff"
"image/x-tga"
"image/vnd-ms.dds"
"image/x-dds"
"image/bmp"
"image/vnd.microsoft.icon"
"image/vnd.radiance"
"image/x-exr"
"image/x-portable-bitmap"
"image/x-portable-graymap"
"image/x-portable-pixmap"
"image/x-portable-anymap"
"image/x-qoi"
"image/svg+xml"
"image/svg+xml-compressed"
"image/avif"
"image/heic"
"image/jxl"
];
};
};
mimeTypesForApp = {
mimeApp,
mimeTypes,
}:
map
(
mimeType: {"${mimeType}" = mimeApp;}
)
mimeTypes;
in
lib.zipAttrs (lib.flatten (map mimeTypesForApp (builtins.attrValues applications)));
};
};
home = { home = {
username = "pim"; username = "pim";
homeDirectory = "/home/pim"; homeDirectory = "/home/pim";
stateVersion = "23.05"; stateVersion = "23.05";
packages = with pkgs; [
moonlight-qt
vlc
nicotine-plus
logseq
signal-desktop
telegram-desktop
strawberry
gimp
libreoffice
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
virt-manager
gnome.gnome-tweaks
impression
poppler_utils # For pdfunite
silicon
];
file.k3s-pim-privkey = {
target = ".kube/config";
source = ./kubeconfig.yml;
};
}; };
programs = { programs = {
home-manager.enable = true; home-manager.enable = true;
chromium.enable = true; chromium.enable = true;
bat.enable = true;
terminator = { fzf = {
enable = true; enable = true;
config = { enableZshIntegration = true;
profiles.default = {
# Gruvbox theme: https://github.com/egel/terminator-gruvbox
background_color = "#282828";
cursor_color = "#7c6f64";
foreground_color = "#ebdbb2";
palette =
"#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2";
}; };
keybindings = { alacritty = {
zoom_in = "<Ctrl>plus"; enable = true;
zoom_out = "<Ctrl>minus"; settings.shell = {
new_tab = "<Ctrl><Shift>T"; program = lib.getExe config.programs.tmux.package;
cycle_next = "<Ctrl>Tab"; args = ["attach"];
cycle_prev = "<Ctrl><Shift>Tab";
split_horiz = "<Alt>C";
split_vert = "<Alt>V";
go_left = "<Alt>H";
go_right = "<Alt>L";
go_up = "<Alt>K";
go_down = "<Alt>J";
copy = "<Ctrl><Shift>C";
paste = "<Ctrl><Shift>V";
layout_launcher = ""; # Default <Alt>L
};
};
}; };
}; };
# Let home-manager manage the X session direnv = {
xsession = { enable = true; }; enable = true;
enableBashIntegration = true;
xdg = { nix-direnv.enable = true;
userDirs.enable = true;
configFile."home/postgresql_server.crt".source = ./postgresql_server.crt;
configFile."home/postgresql_client.crt".source = ./postgresql_client.crt;
}; };
homeage = { atuin = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ]; enable = true;
installationType = "systemd"; flags = ["--disable-up-arrow"];
enableFishIntegration = true;
file."common-pg-tfbackend" = { settings = {
source = ../secrets/common-pg-tfbackend.age; auto_sync = true;
symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ]; sync_frequency = "5m";
}; sync_address = "https://atuin.kun.is";
file."ansible-vault-secret" = {
source = ../secrets/ansible-vault-secret.age;
symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
};
file."powerdns-api-key" = {
source = ../secrets/powerdns-api-key.json.age;
symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
};
file."postgresql_client.key" = {
source = ../secrets/postgresql_client.key.age;
symlinks = [ "${config.xdg.configHome}/home/postgresql_client.key" ];
};
file."k3s-pim-privkey" = {
source = ../secrets/k3s-pim-privkey.age;
symlinks = [ "${config.home.homeDirectory}/.kube/k3s-pim-privkey" ];
}; };
}; };
fonts.fontconfig.enable = true; fish = {
enable = true;
dconf.settings = with lib.hm.gvariant; { interactiveShellInit = ''
"org/gnome/desktop/input-sources" = { set -U fish_greeting
sources = [ (mkTuple [ "xkb" "us" ]) ]; '';
xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
shellAbbrs = {
htop = "btop";
gp = "git push";
gpf = "git push --force";
gco = "git checkout";
gd = "git diff";
gc = "git commit";
gca = "git commit --amend";
gpl = "git pull";
gb = "git branch";
ga = "git add";
gl = "git log";
gs = "git status";
tf = "tofu";
};
}; };
"org/gnome/desktop/interface" = { starship = {
monospace-font-name = "Hack Nerd Font Mono 10"; enable = true;
enableFishIntegration = true;
enableTransience = true;
settings.nix_shell.heuristic = true;
};
nix-index = {
enable = true;
enableFishIntegration = true;
};
tmux = {
enable = true;
shell = lib.getExe config.programs.fish.package;
shortcut = "a";
clock24 = true;
newSession = true;
mouse = true;
escapeTime = 10;
terminal = "screen-256color";
extraConfig = ''
unbind _
bind _ split-window -h
unbind -
bind - split-window -v
unbind h
bind h select-pane -L
unbind j
bind j select-pane -D
unbind k
bind k select-pane -U
unbind l
bind l select-pane -R
'';
};
ssh = {
enable = true;
extraConfig = "User root";
matchBlocks.github = lib.hm.dag.entryBefore ["*"] {
hostname = "github.com";
user = "pizzapim";
identitiesOnly = true;
};
};
git = {
enable = true;
userName = "Pim Kunis";
userEmail = "pim@kunis.nl";
extraConfig = {
push.autoSetupRemote = true;
commit.verbose = true;
pull.rebase = true;
init.defaultBranch = "master";
};
};
# Currently, it is not possible to have Home Manager manage Liberwolf extensions.
# There is a draft PR which addresses this:
# https://github.com/nix-community/home-manager/pull/3339
# The extensions I currently use are:
# - ublock-origin (already installed by librewolf)
# - cookie-autodelete
# - clearurls
# - istilldontcareaboutcookies
# - keepassxc-browser
# - redirector
# - violentmonkey
# - boring-rss
# - kagi-search
# - refined-github
librewolf = {
enable = true;
settings = {
"identity.fxaccounts.enabled" = true;
"privacy.clearOnShutdown.history" = false;
"privacy.clearOnShutdown.downloads" = false;
"browser.translations.automaticallyPopup" = false;
"browser.aboutConfig.showWarning" = false;
"privacy.clearOnShutdown.cookies" = false;
};
}; };
}; };
} }

View file

@ -1,9 +0,0 @@
{
config = {
programs.direnv = {
enable = true;
enableBashIntegration = true;
nix-direnv.enable = true;
};
};
}

View file

@ -1,28 +1,10 @@
pkgs: lib: pkgs: lib: let
let
rycee-addons = pkgs.nur.repos.rycee.firefox-addons; rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
custom-addons = import ./custom-addons.nix pkgs lib; custom-addons = import ./custom-addons.nix pkgs lib;
in { in
default = lib.concatLists [ with rycee-addons; [
(with rycee-addons; [
ublock-origin
clearurls
cookie-autodelete
istilldontcareaboutcookies
keepassxc-browser
redirector
ublacklist
umatrix
violentmonkey
boring-rss
# rycee.bypass-paywalls-clean
])
(with custom-addons; [ http-version-indicator indicatetls sixindicator ])
];
sue = with rycee-addons; [
ublock-origin ublock-origin
istilldontcareaboutcookies istilldontcareaboutcookies
keepassxc-browser keepassxc-browser
custom-addons.simple-style-fox-2 custom-addons.simple-style-fox-2
]; ]
}

View file

@ -1,8 +1,15 @@
pkgs: lib: pkgs: lib: let
let
# Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix # Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix
buildFirefoxXpiAddon = lib.makeOverridable ({ stdenv ? pkgs.stdenv buildFirefoxXpiAddon = lib.makeOverridable ({
, fetchurl ? pkgs.fetchurl, pname, version, addonId, url, sha256, meta, ... stdenv ? pkgs.stdenv,
fetchurl ? pkgs.fetchurl,
pname,
version,
addonId,
url,
sha256,
meta,
...
}: }:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "${pname}-${version}"; name = "${pname}-${version}";
@ -25,13 +32,11 @@ in {
pname = "http-version-indicator"; pname = "http-version-indicator";
version = "3.2.1"; version = "3.2.1";
addonId = "spdyindicator@chengsun.github.com"; addonId = "spdyindicator@chengsun.github.com";
url = url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
"https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8"; sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8";
meta = with lib; { meta = with lib; {
homepage = "https://github.com/bsiegel/http-version-indicator"; homepage = "https://github.com/bsiegel/http-version-indicator";
description = description = "An indicator showing the HTTP version used to load the page in the address bar.";
"An indicator showing the HTTP version used to load the page in the address bar.";
mozPermissions = ["<all_urls>" "tabs" "webNavigation" "webRequest"]; mozPermissions = ["<all_urls>" "tabs" "webNavigation" "webRequest"];
platforms = platforms.all; platforms = platforms.all;
}; };
@ -40,13 +45,11 @@ in {
pname = "indicatetls"; pname = "indicatetls";
version = "0.3.0"; version = "0.3.0";
addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}"; addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}";
url = url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
"https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465"; sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465";
meta = with lib; { meta = with lib; {
homepage = "https://github.com/jannispinter/indicatetls"; homepage = "https://github.com/jannispinter/indicatetls";
description = description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
"Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
license = licenses.mpl20; license = licenses.mpl20;
mozPermissions = [ mozPermissions = [
"tabs" "tabs"
@ -63,13 +66,11 @@ in {
pname = "sixindicator"; pname = "sixindicator";
version = "1.3.0"; version = "1.3.0";
addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}"; addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}";
url = url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
"https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d"; sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d";
meta = with lib; { meta = with lib; {
homepage = "https://github.com/HostedDinner/SixIndicator"; homepage = "https://github.com/HostedDinner/SixIndicator";
description = description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
"Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
license = licenses.mit; license = licenses.mit;
mozPermissions = ["tabs" "webRequest" "<all_urls>"]; mozPermissions = ["tabs" "webRequest" "<all_urls>"];
platforms = platforms.all; platforms = platforms.all;
@ -79,8 +80,7 @@ in {
pname = "simple-style-fox-2"; pname = "simple-style-fox-2";
version = "10.0"; version = "10.0";
addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}"; addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}";
url = url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
"https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d"; sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d";
meta = with lib; { meta = with lib; {
description = "Simple style fox 2"; description = "Simple style fox 2";

View file

@ -1,5 +1,9 @@
{ pkgs, lib, ... }: {
let pkgs,
lib,
config,
...
}: let
firefoxAddons = import ./addons.nix pkgs lib; firefoxAddons = import ./addons.nix pkgs lib;
firefoxSettings = { firefoxSettings = {
"browser.aboutConfig.showWarning" = false; "browser.aboutConfig.showWarning" = false;
@ -11,9 +15,14 @@ let
"media.webspeech.synth.dont_notify_on_error" = true; "media.webspeech.synth.dont_notify_on_error" = true;
"browser.gesture.swipe.left" = false; "browser.gesture.swipe.left" = false;
"browser.gesture.swipe.right" = false; "browser.gesture.swipe.right" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
}; };
cfg = config.pim.firefox;
in { in {
config = { options.pim.firefox.enable = lib.mkEnableOption "firefox";
config = lib.mkIf cfg.enable {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
profiles = { profiles = {
@ -21,52 +30,9 @@ in {
id = 0; id = 0;
isDefault = true; isDefault = true;
settings = firefoxSettings; settings = firefoxSettings;
extensions = firefoxAddons.default; extensions = firefoxAddons;
};
sue = {
id = 1;
settings = firefoxSettings;
extensions = firefoxAddons.sue;
}; };
}; };
}; };
xdg.desktopEntries.firefox-sue = {
categories = [ "Network" "WebBrowser" ];
exec = "firefox -P sue --name firefox %U";
genericName = "Web Browser";
icon = "firefox";
mimeType = [
"text/html"
"text/xml"
"application/xhtml+xml"
"application/vnd.mozilla.xul+xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
];
name = "Firefox | Sue";
startupNotify = true;
terminal = false;
type = "Application";
};
xdg.desktopEntries.firefox = lib.mkForce {
categories = [ "Network" "WebBrowser" ];
exec = "firefox --new-window --name firefox %U";
genericName = "Web Browser";
icon = "firefox";
mimeType = [
"text/html"
"text/xml"
"application/xhtml+xml"
"application/vnd.mozilla.xul+xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
];
name = "Firefox";
startupNotify = true;
terminal = false;
type = "Application";
};
}; };
} }

View file

@ -1,8 +0,0 @@
{
config = {
programs.fzf = {
enable = true;
enableBashIntegration = true;
};
};
}

View file

@ -1,18 +0,0 @@
{
config = {
programs.git = {
enable = true;
userName = "Pim Kunis";
userEmail = "pim@kunis.nl";
extraConfig = {
push.autoSetupRemote = true;
commit.verbose = true;
pull.rebase = true;
};
includes = [{
path = "~/git/suecode/.gitconfig";
condition = "gitdir:~/git/suecode/**";
}];
};
};
}

94
home-manager/gnome.nix Normal file
View file

@ -0,0 +1,94 @@
{
pkgs,
lib,
self,
config,
...
}: let
cfg = config.pim.gnome;
in {
options.pim.gnome.enable = lib.mkEnableOption "gnome";
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [gnome.gnome-tweaks];
dconf.settings = with lib.hm.gvariant; {
"org/gnome/desktop/sound".allow-volume-above-100-percent = true;
"org/gnome/desktop/wm.preferences".num-workspaces = 4;
"org/gnome/mutter".edge-tiling = true;
"org/gnome/shell" = {
disable-extension-version-validation = true;
enabled-extensions = [
"workspaces-by-open-apps@favo02.github.com"
"pop-shell@system76.com"
"windowIsReady_Remover@nunofarruca@gmail.com"
"randomwallpaper@iflow.space"
"Vitals@CoreCoding.com"
"tailscale-status@maxgallup.github.com"
];
};
"org/gnome/desktop/input-sources" = {
sources = [(mkTuple ["xkb" "us"])];
xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"];
};
"org/gnome/shell/extensions/pop-shell" = {
active-hint = true;
fullscreen-launcher = false;
mouse-cursor-focus-location = mkUint32 4;
mouse-cursor-follows-active-window = true;
show-skip-taskbar = false;
show-title = true;
smart-gaps = false;
snap-to-grid = false;
stacking-with-mouse = true;
tile-by-default = true;
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = {
binding = "<Super>t";
command = lib.getExe config.programs.alacritty.package;
name = "Terminal";
};
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom1" = {
binding = "<Super>e";
command = "${lib.getExe config.programs.librewolf.package} --browser";
name = "Browser";
};
"org/gnome/desktop/wm/keybindings" = {
close = ["<Shift><Super>q"];
minimize = mkEmptyArray type.string;
move-to-workspace-1 = ["<Shift><Super>1"];
move-to-workspace-2 = ["<Shift><Super>2"];
move-to-workspace-3 = ["<Shift><Super>3"];
move-to-workspace-4 = ["<Shift><Super>4"];
switch-applications = mkEmptyArray type.string;
switch-applications-backward = mkEmptyArray type.string;
switch-to-workspace-1 = ["<Super>1"];
switch-to-workspace-2 = ["<Super>2"];
switch-to-workspace-3 = ["<Super>3"];
switch-to-workspace-4 = ["<Super>4"];
toggle-fullscreen = ["<Super>f"];
};
"org/gnome/shell/extensions/space-iflow-randomwallpaper" = {
auto-fetch = true;
change-type = 2;
hide-panel-icon = true;
history-length = 1;
hours = 0;
minutes = 30;
sources = ["42"];
fetch-on-startup = true;
};
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/general/42".type = 4;
"org/gnome/shell/extensions/space-iflow-randomwallpaper/sources/localFolder/42".folder = "${self}/wallpapers";
};
};
}

View file

@ -1,9 +0,0 @@
{ pkgs, config, ... }: {
config = {
home.packages = [ pkgs.keepassxc ];
homeage.file."keepassxc.ini" = {
source = ../../secrets/keepassxc.ini.age;
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
};
};
}

View file

@ -1,19 +0,0 @@
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTURJMU56UXlOVGt3SGhjTk1qTXhNakUwTVRjeE56TTVXaGNOTXpNeE1qRXhNVGN4TnpNNQpXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTURJMU56UXlOVGt3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFUMzdYdlBzUG9DeTk3Nm1zWm9qTHBlUklieVB5NWFPV0NJWXpyZVpUcVYKUlo4cDVyME1RdVViV0crNTJqQ1ZjNCtrZGN3WVkwRXRDaUpkZ21LSU5RcTRvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWx1ZGcvZWd0bUMvWkNiaTZMRkNnClhIaXFtL2t3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUlTbHJ2TmVTc3RtVlFLVWp2STF3UlZPb0RMWEJjWDEKelpZOURUNW9WM214QWlBT2JKRThOaldOSUdSZE1FcWpXZXhUd1M5RUlGbGs2eUEwOXNjS0FmRUNXUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://jefke.hyp:6443
name: default
contexts:
- context:
cluster: default
user: pim
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: pim
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJWVENCL0tBREFnRUNBaEFWemhyQ3QwZzFQMWJXZW1IUGx2SUZNQW9HQ0NxR1NNNDlCQU1DTUNNeElUQWYKQmdOVkJBTU1HR3N6Y3kxamJHbGxiblF0WTJGQU1UY3dNalUzTkRJMU9UQWVGdzB5TXpFeU1UUXhPVEl3TURCYQpGdzB5TkRFeU1UTXhPVEl3TURCYU1BNHhEREFLQmdOVkJBTVRBM0JwYlRBcU1BVUdBeXRsY0FNaEFDYWxxaUdFCjdvcVo0SFNvLy95RGhqZXJrVVA5WWg4QXdFbHFnMXI4NGpvbG8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXcKRXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JTZQpkenA2TzVhajU4NGtML2FJM0pvTHhkOUtQakFLQmdncWhrak9QUVFEQWdOSUFEQkZBaUF3eDJISGNOcVd4bkhyCmkvRVg2SmJRVlRZYThmTzhpYTdMOXRYWS84OXlQQUloQVBSanlmMU0waWtCZU95VUVUODVLS1dNaDFhbWRNZVUKSUFBZTM2WDVUSVRDCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key: k3s-pim-privkey

View file

@ -1,5 +1,14 @@
{ pkgs, ... }: { {
config = { pkgs,
config,
lib,
...
}: let
cfg = config.pim.neovim;
in {
options.pim.neovim.enable = lib.mkEnableOption "neovim";
config = lib.mkIf cfg.enable {
programs.neovim = { programs.neovim = {
enable = true; enable = true;
viAlias = true; viAlias = true;
@ -11,10 +20,9 @@
extraPackages = with pkgs; [ extraPackages = with pkgs; [
nil nil
nodePackages.pyright nodePackages.pyright
neofetch
gopls gopls
terraform-ls terraform-ls
nixfmt nixfmt-classic
stylua stylua
black black
nixpkgs-fmt nixpkgs-fmt
@ -71,7 +79,7 @@
nvim-web-devicons nvim-web-devicons
lsp-format-nvim lsp-format-nvim
{ {
plugin = pkgs.unstable.vimPlugins.none-ls-nvim; plugin = pkgs.vimPlugins.none-ls-nvim;
type = "lua"; type = "lua";
config = builtins.readFile ./none-ls.lua; config = builtins.readFile ./none-ls.lua;
} }

View file

@ -45,14 +45,21 @@ require("lspconfig").terraformls.setup({
capabilities = capabilities, capabilities = capabilities,
}) })
-- require'lspconfig'.efm.setup { local function has_treefmt()
-- on_attach = require("lsp-format").on_attach, local git_root = vim.fn.systemlist("git rev-parse --show-toplevel")[1]
-- init_options = {documentFormatting = true}, if vim.v.shell_error ~= 0 then
-- settings = { return false
-- languages = { end
-- lua = {{formatCommand = "lua-format -i", formatStdin = true}}, local treefmt_path = git_root .. "/treefmt.nix"
-- nix = {{formatCommand = "nixfmt", formatStdin = true}} return vim.fn.filereadable(treefmt_path) == 1
-- } end
-- },
-- filetypes = {"lua", "nix"} vim.api.nvim_create_autocmd("BufWritePost", {
-- } pattern = "*",
callback = function()
if vim.fn.expand("%:p") ~= vim.fn.getcwd() .. "/.git/COMMIT_EDITMSG" and has_treefmt() then
vim.cmd("silent !treefmt > /dev/null 2>&1")
end
end,
group = vim.api.nvim_create_augroup("TreefmtAutoformat", { clear = true }),
})

View file

@ -20,24 +20,24 @@ require("null-ls").setup({
}, },
-- configure format on save -- configure format on save
on_attach = function(current_client, bufnr) -- on_attach = function(current_client, bufnr)
if current_client.supports_method("textDocument/formatting") then -- if current_client.supports_method("textDocument/formatting") then
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr }) -- vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", { -- vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup, -- group = augroup,
buffer = bufnr, -- buffer = bufnr,
callback = function() -- callback = function()
vim.lsp.buf.format({ -- vim.lsp.buf.format({
filter = function(client) -- filter = function(client)
-- only use null-ls for formatting instead of lsp server -- -- only use null-ls for formatting instead of lsp server
return client.name == "null-ls" -- return client.name == "null-ls"
end, -- end,
bufnr = bufnr, -- bufnr = bufnr,
}) -- })
end, -- end,
}) -- })
end -- end
end, -- end,
}) })
-- formatting command -- formatting command

View file

@ -1,17 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICrzCCAZcCFApupXAa2tPytpi3av47+az0Ggb4MA0GCSqGSIb3DQEBCwUAMBQx
EjAQBgNVBAMMCWplZmtlLmh5cDAeFw0yMzExMjQyMjAzMjhaFw0yNDExMjMyMjAz
MjhaMBQxEjAQBgNVBAMMCXRlcnJhZm9ybTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALeJ/fYUCmwislUw4XcCxivCUuWuUWI+t/nke9/hWEWTmDG4Z7/a
IAKqsGk0zNATQViAXmYZwdYK70AKQhxat3OJcuZarsurOXVjVJdT4Wr5SxHGHjd0
bwd8JzFZPIfgYCILCISFjCIfpD58kBq2bkvI4rpn4tb2iPunXp0+S8iHDMB5wAOb
FgT0muuz9ua4R76nq79O9wLbAVf38CDR9bMGcPcKknz0sl37jr7A/pDvQzpFWO33
eJb64b7Qe4CHslWFj1tdEkXaMpMNWHhc2TmtLtlt6a+RY1R9KdX5x0lQTyJnEwJZ
8YTKnlMoNvkfBznuARFmNNmUYPoHE6WgonMCAwEAATANBgkqhkiG9w0BAQsFAAOC
AQEAaH1HVPThhAkrXE4Zmh49D1zvq5uy6moV326/ovnPQfco2jYBYO5mYxBF32mx
ShEanbJJKkFjWkQHmsWt7nrkeloz6q8sD19nLyyWmMj0Pd6wcLv017Zdo902fh27
Rl8qZS44vEc+N/5gc2eINMfXm/JOdXYntOVpFO/I+6b9Q2iWFX3YUAXiIDiEYBvS
BBqyXC2nVg6Lp1KVg+EaYW27sj8b5HHXnpEGdXduVmOWttdaQVjYslqmH7mUKi9f
2U9FicMvw6KvkRki+SLKeZr2yIP1QQOnWg0BPbeCpMfdMSu/AtLkAtugZeT8p1Ko
3hMMyKKzyyhiwpzvk21QFNZ5LA==
-----END CERTIFICATE-----

View file

@ -1,67 +0,0 @@
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
ef:2f:4d:d4:26:7e:33:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=jefke.hyp
Validity
Not Before: Nov 22 19:12:03 2023 GMT
Not After : Oct 29 19:12:03 2123 GMT
Subject: CN=jefke.hyp
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:ab:eb:9c:d0:7f:4f:f1:ba:65:0a:8b:07:7b:
2e:5b:f0:26:82:33:c9:73:e6:91:cc:11:94:05:1c:
8d:67:29:cb:5e:67:35:02:80:54:af:99:4b:aa:ce:
e8:56:62:be:63:cb:b2:4a:b0:a9:28:12:e2:77:50:
7d:d5:d2:3b:48:d8:32:59:25:26:ff:a6:5c:f6:eb:
ae:5b:3d:7a:14:10:ba:90:9c:6f:1f:b9:d8:99:0e:
b7:09:5e:62:69:c4:c0:c6:27:b0:d3:60:0d:47:4c:
a5:11:53:f2:f1:4a:f9:a6:bc:d6:a3:35:a2:e8:e5:
a9:d1:60:e8:e5:18:ce:d2:60:80:4e:dc:48:ae:7f:
b7:ea:76:51:28:39:a4:b0:95:82:95:93:98:b2:9f:
23:c9:81:69:59:a3:e4:f7:5a:1c:01:31:96:c1:4b:
59:21:f8:a2:e6:9e:21:78:0e:6b:c1:68:c7:5c:16:
9a:06:54:df:b6:77:1d:2d:89:d0:c8:9e:db:b5:d4:
8c:fb:b9:4f:b7:6e:39:5f:39:8e:48:73:76:7d:46:
6e:1f:8d:14:cb:40:b5:ff:c6:f0:c0:44:3c:ed:52:
3f:4f:7b:69:63:93:c6:41:e6:5e:ed:33:50:20:46:
db:93:bf:e8:52:51:95:f1:81:73:58:da:67:21:7b:
12:bd
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
aa:5c:89:41:a6:b7:3d:65:87:ca:50:c4:f3:58:aa:d3:b4:55:
b1:a7:8d:18:26:17:e5:8a:21:24:a1:49:53:77:31:5b:55:63:
be:01:d8:fe:b7:06:7c:da:07:1f:94:6a:de:96:ad:ca:3b:20:
2a:e1:35:90:19:83:6d:37:d1:15:12:de:3c:0e:46:be:66:a1:
6a:1d:ec:72:dc:46:79:69:e4:af:77:c8:ff:cd:d6:7d:16:88:
ab:44:fd:70:fc:40:47:ff:43:95:11:5a:9a:56:0c:d2:dd:7c:
3b:87:aa:10:26:fa:25:a3:a0:43:8a:1b:ec:54:11:7e:65:67:
d2:06:e1:3e:3b:e1:0e:b0:80:ef:4b:35:3f:fc:34:1d:95:2e:
ee:c1:67:38:da:b3:74:86:4b:95:8c:0c:1d:51:28:c1:42:e9:
77:68:d7:ec:3b:66:30:c6:e5:2a:62:ea:15:fb:24:56:cf:02:
d0:25:54:a7:58:15:b5:2a:71:93:56:c0:69:7a:36:18:6c:31:
b1:8e:3c:77:d7:77:ac:fc:e1:94:c5:08:bb:35:ac:48:5f:6b:
8b:c8:c8:78:f4:a9:ca:4f:9d:51:54:89:97:c9:af:a1:fa:71:
df:58:f6:ff:04:7c:c8:1c:95:6b:1a:e3:a7:f6:43:1c:27:94:
10:03:ce:ec
-----BEGIN CERTIFICATE-----
MIICpjCCAY4CCQDvL03UJn4zGzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlq
ZWZrZS5oeXAwIBcNMjMxMTIyMTkxMjAzWhgPMjEyMzEwMjkxOTEyMDNaMBQxEjAQ
BgNVBAMMCWplZmtlLmh5cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMer65zQf0/xumUKiwd7LlvwJoIzyXPmkcwRlAUcjWcpy15nNQKAVK+ZS6rO6FZi
vmPLskqwqSgS4ndQfdXSO0jYMlklJv+mXPbrrls9ehQQupCcbx+52JkOtwleYmnE
wMYnsNNgDUdMpRFT8vFK+aa81qM1oujlqdFg6OUYztJggE7cSK5/t+p2USg5pLCV
gpWTmLKfI8mBaVmj5PdaHAExlsFLWSH4ouaeIXgOa8Fox1wWmgZU37Z3HS2J0Mie
27XUjPu5T7duOV85jkhzdn1Gbh+NFMtAtf/G8MBEPO1SP097aWOTxkHmXu0zUCBG
25O/6FJRlfGBc1jaZyF7Er0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAqlyJQaa3
PWWHylDE81iq07RVsaeNGCYX5YohJKFJU3cxW1VjvgHY/rcGfNoHH5Rq3patyjsg
KuE1kBmDbTfRFRLePA5Gvmahah3sctxGeWnkr3fI/83WfRaIq0T9cPxAR/9DlRFa
mlYM0t18O4eqECb6JaOgQ4ob7FQRfmVn0gbhPjvhDrCA70s1P/w0HZUu7sFnONqz
dIZLlYwMHVEowULpd2jX7DtmMMblKmLqFfskVs8C0CVUp1gVtSpxk1bAaXo2GGwx
sY48d9d3rPzhlMUIuzWsSF9ri8jIePSpyk+dUVSJl8mvofpx31j2/wR8yByVaxrj
p/ZDHCeUEAPO7A==
-----END CERTIFICATE-----

23
home-manager/sops.nix Normal file
View file

@ -0,0 +1,23 @@
{
self,
config,
inputs,
lib,
...
}: let
cfg = config.pim.sops;
in {
imports = [inputs.sops-nix.homeManagerModules.sops];
options.pim.sops.enable = lib.mkEnableOption "sops";
config = lib.mkIf cfg.enable {
sops = {
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
defaultSopsFile = "${self}/secrets/pim.yaml";
secrets = {
"keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
};
};
};
}

View file

@ -1,35 +0,0 @@
{ config, lib, ... }: {
config = {
programs.ssh = {
enable = true;
extraConfig = "User root";
matchBlocks = {
github = lib.hm.dag.entryBefore [ "*" ] {
hostname = "github.com";
user = "pizzapim";
identitiesOnly = true;
};
lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.hyp"; };
atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.hyp"; };
jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.hyp"; };
hermes = lib.hm.dag.entryBefore [ "*" ] { hostname = "hermes.dmz"; };
maestro = lib.hm.dag.entryBefore [ "*" ] { hostname = "maestro.dmz"; };
bancomart =
lib.hm.dag.entryBefore [ "*" ] { hostname = "bancomart.dmz"; };
handjecontantje =
lib.hm.dag.entryBefore [ "*" ] { hostname = "handjecontantje.dmz"; };
};
};
homeage.file."sue_ed25519" = {
source = ../../secrets/sue_ed25519.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
};
homeage.file."sue_azure_rsa" = {
source = ../../secrets/sue_azure_rsa.age;
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
};
};
}

View file

@ -0,0 +1,18 @@
{
config,
lib,
...
}: let
cfg = config.pim.syncthing;
in {
options.pim.syncthing.enable = lib.mkEnableOption "syncthing";
config = lib.mkIf cfg.enable {
services.syncthing.enable = true;
sops.secrets = {
"syncthing/key".path = "${config.xdg.configHome}/syncthing/key.pem";
"syncthing/cert".path = "${config.xdg.configHome}/syncthing/cert.pem";
};
};
}

View file

@ -1,17 +0,0 @@
{ config, ... }: {
config = {
services.syncthing.enable = true;
xdg.configFile."syncthing/config.xml".source = ./syncthing.xml;
xdg.userDirs.music = "${config.home.homeDirectory}/sync/Music";
homeage.file."syncthing-key.pem" = {
source = ../../secrets/syncthing-key.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
};
homeage.file."syncthing-cert.pem" = {
source = ../../secrets/syncthing-cert.pem.age;
symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
};
};
}

View file

@ -1,175 +0,0 @@
<configuration version="37">
<folder id="nncij-isaoe" label="Nextcloud" path="/home/pim/sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
<filesystemType>basic</filesystemType>
<device id="IGS4TYV-TQ6X2CG-OE3M2RE-DKZWKQZ-HEKIGHT-C6EIGHL-CBP2ULE-M3WZ7QC" introducedBy="">
<encryptionPassword></encryptionPassword>
</device>
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" introducedBy="">
<encryptionPassword></encryptionPassword>
</device>
<minDiskFree unit="%">1</minDiskFree>
<versioning>
<cleanupIntervalS>3600</cleanupIntervalS>
<fsPath></fsPath>
<fsType>basic</fsType>
</versioning>
<copiers>0</copiers>
<pullerMaxPendingKiB>0</pullerMaxPendingKiB>
<hashers>0</hashers>
<order>random</order>
<ignoreDelete>false</ignoreDelete>
<scanProgressIntervalS>0</scanProgressIntervalS>
<pullerPauseS>0</pullerPauseS>
<maxConflicts>10</maxConflicts>
<disableSparseFiles>false</disableSparseFiles>
<disableTempIndexes>false</disableTempIndexes>
<paused>false</paused>
<weakHashThresholdPct>25</weakHashThresholdPct>
<markerName>.stfolder</markerName>
<copyOwnershipFromParent>false</copyOwnershipFromParent>
<modTimeWindowS>0</modTimeWindowS>
<maxConcurrentWrites>2</maxConcurrentWrites>
<disableFsync>false</disableFsync>
<blockPullOrder>standard</blockPullOrder>
<copyRangeMethod>standard</copyRangeMethod>
<caseSensitiveFS>false</caseSensitiveFS>
<junctionsAsDirs>false</junctionsAsDirs>
<syncOwnership>false</syncOwnership>
<sendOwnership>false</sendOwnership>
<syncXattrs>false</syncXattrs>
<sendXattrs>false</sendXattrs>
<xattrFilter>
<maxSingleEntrySize>1024</maxSingleEntrySize>
<maxTotalSize>4096</maxTotalSize>
</xattrFilter>
</folder>
<device id="IGS4TYV-TQ6X2CG-OE3M2RE-DKZWKQZ-HEKIGHT-C6EIGHL-CBP2ULE-M3WZ7QC" name="Home" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
<address>dynamic</address>
<paused>false</paused>
<autoAcceptFolders>false</autoAcceptFolders>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<maxRequestKiB>0</maxRequestKiB>
<untrusted>false</untrusted>
<remoteGUIPort>0</remoteGUIPort>
</device>
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" name="x260" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
<address>dynamic</address>
<paused>false</paused>
<autoAcceptFolders>false</autoAcceptFolders>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<maxRequestKiB>0</maxRequestKiB>
<untrusted>false</untrusted>
<remoteGUIPort>0</remoteGUIPort>
</device>
<gui enabled="true" tls="false" debugging="false">
<address>127.0.0.1:8384</address>
<apikey></apikey>
<theme>default</theme>
</gui>
<ldap></ldap>
<options>
<listenAddress>default</listenAddress>
<globalAnnounceServer>default</globalAnnounceServer>
<globalAnnounceEnabled>true</globalAnnounceEnabled>
<localAnnounceEnabled>true</localAnnounceEnabled>
<localAnnouncePort>21027</localAnnouncePort>
<localAnnounceMCAddr>[ff12::8384]:21027</localAnnounceMCAddr>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<reconnectionIntervalS>60</reconnectionIntervalS>
<relaysEnabled>true</relaysEnabled>
<relayReconnectIntervalM>10</relayReconnectIntervalM>
<startBrowser>true</startBrowser>
<natEnabled>true</natEnabled>
<natLeaseMinutes>60</natLeaseMinutes>
<natRenewalMinutes>30</natRenewalMinutes>
<natTimeoutSeconds>10</natTimeoutSeconds>
<urAccepted>-1</urAccepted>
<urSeen>3</urSeen>
<urUniqueID></urUniqueID>
<urURL>https://data.syncthing.net/newdata</urURL>
<urPostInsecurely>false</urPostInsecurely>
<urInitialDelayS>1800</urInitialDelayS>
<autoUpgradeIntervalH>12</autoUpgradeIntervalH>
<upgradeToPreReleases>false</upgradeToPreReleases>
<keepTemporariesH>24</keepTemporariesH>
<cacheIgnoredFiles>false</cacheIgnoredFiles>
<progressUpdateIntervalS>5</progressUpdateIntervalS>
<limitBandwidthInLan>false</limitBandwidthInLan>
<minHomeDiskFree unit="%">1</minHomeDiskFree>
<releasesURL>https://upgrades.syncthing.net/meta.json</releasesURL>
<overwriteRemoteDeviceNamesOnConnect>false</overwriteRemoteDeviceNamesOnConnect>
<tempIndexMinBlocks>10</tempIndexMinBlocks>
<trafficClass>0</trafficClass>
<setLowPriority>true</setLowPriority>
<maxFolderConcurrency>0</maxFolderConcurrency>
<crashReportingURL>https://crash.syncthing.net/newcrash</crashReportingURL>
<crashReportingEnabled>true</crashReportingEnabled>
<stunKeepaliveStartS>180</stunKeepaliveStartS>
<stunKeepaliveMinS>20</stunKeepaliveMinS>
<stunServer>default</stunServer>
<databaseTuning>auto</databaseTuning>
<maxConcurrentIncomingRequestKiB>0</maxConcurrentIncomingRequestKiB>
<announceLANAddresses>true</announceLANAddresses>
<sendFullIndexOnUpgrade>false</sendFullIndexOnUpgrade>
<connectionLimitEnough>0</connectionLimitEnough>
<connectionLimitMax>0</connectionLimitMax>
<insecureAllowOldTLSVersions>false</insecureAllowOldTLSVersions>
</options>
<defaults>
<folder id="" label="" path="~" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
<filesystemType>basic</filesystemType>
<device id="LX5I2N3-WXPGTGV-ZMYTG3X-SZXJGKQ-KDGUBIA-KVFXMXX-2U2I3BX-M3H53Q2" introducedBy="">
<encryptionPassword></encryptionPassword>
</device>
<minDiskFree unit="%">1</minDiskFree>
<versioning>
<cleanupIntervalS>3600</cleanupIntervalS>
<fsPath></fsPath>
<fsType>basic</fsType>
</versioning>
<copiers>0</copiers>
<pullerMaxPendingKiB>0</pullerMaxPendingKiB>
<hashers>0</hashers>
<order>random</order>
<ignoreDelete>false</ignoreDelete>
<scanProgressIntervalS>0</scanProgressIntervalS>
<pullerPauseS>0</pullerPauseS>
<maxConflicts>10</maxConflicts>
<disableSparseFiles>false</disableSparseFiles>
<disableTempIndexes>false</disableTempIndexes>
<paused>false</paused>
<weakHashThresholdPct>25</weakHashThresholdPct>
<markerName>.stfolder</markerName>
<copyOwnershipFromParent>false</copyOwnershipFromParent>
<modTimeWindowS>0</modTimeWindowS>
<maxConcurrentWrites>2</maxConcurrentWrites>
<disableFsync>false</disableFsync>
<blockPullOrder>standard</blockPullOrder>
<copyRangeMethod>standard</copyRangeMethod>
<caseSensitiveFS>false</caseSensitiveFS>
<junctionsAsDirs>false</junctionsAsDirs>
<syncOwnership>false</syncOwnership>
<sendOwnership>false</sendOwnership>
<syncXattrs>false</syncXattrs>
<sendXattrs>false</sendXattrs>
<xattrFilter>
<maxSingleEntrySize>1024</maxSingleEntrySize>
<maxTotalSize>4096</maxTotalSize>
</xattrFilter>
</folder>
<device id="" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
<address>dynamic</address>
<paused>false</paused>
<autoAcceptFolders>false</autoAcceptFolders>
<maxSendKbps>0</maxSendKbps>
<maxRecvKbps>0</maxRecvKbps>
<maxRequestKiB>0</maxRequestKiB>
<untrusted>false</untrusted>
<remoteGUIPort>0</remoteGUIPort>
</device>
<ignores></ignores>
</defaults>
</configuration>

View file

@ -1,8 +0,0 @@
{
config = {
programs.thunderbird = {
enable = true;
profiles.default = { isDefault = true; };
};
};
}

16
home-manager/tidal.nix Normal file
View file

@ -0,0 +1,16 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.pim.tidal;
in {
options.pim.tidal.enable = lib.mkEnableOption "tidal";
config = lib.mkIf cfg.enable {
home.packages = with pkgs; [
supercollider-with-sc3-plugins
];
};
}

32
home-manager/vscode.nix Normal file
View file

@ -0,0 +1,32 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.pim.vscode;
in {
options.pim.vscode.enable = lib.mkEnableOption "vscode";
config = lib.mkIf cfg.enable {
programs.vscode = {
enable = true;
package = pkgs.vscodium;
extensions = with pkgs.vscode-extensions; [
vscodevim.vim
marp-team.marp-vscode
jnoortheen.nix-ide
mkhl.direnv
];
userSettings = {
"nix.enableLanguageServer" = true;
"nix.serverPath" = lib.getExe pkgs.nil;
"terminal.integrated.defaultProfile.linux" = "fish";
"explorer.confirmDragAndDrop" = false;
"explorer.confirmPasteNative" = false;
"explorer.confirmDelete" = false;
};
};
};
}

11
machines/default.nix Normal file
View file

@ -0,0 +1,11 @@
{
sue = {
system = "x86_64-linux";
module = import ./sue;
};
gamepc = {
system = "x86_64-linux";
module = import ./gamepc;
};
}

View file

@ -0,0 +1,97 @@
{
config,
lib,
...
}: {
config = {
pim = {
cinnamon.enable = true;
};
facter.reportPath = ./facter.json;
networking.hostName = "gamepc";
home-manager.users.pim.imports = [./home.nix];
programs.steam.enable = true;
services = {
openssh.enable = true;
tailscale.enable = true;
};
users.users = {
root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim;
pim.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim;
};
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
};
disko.devices.disk = lib.genAttrs ["0" "1"] (name: {
type = "disk";
device = "/dev/nvme${name}n1";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "500M";
type = "EF00";
content = {
type = "mdraid";
name = "boot";
};
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
});
disko.devices.mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.0";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
end = "-4G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "100%";
content = {
type = "swap";
};
};
};
};
};
};
};
}

4606
machines/gamepc/facter.json Normal file

File diff suppressed because it is too large Load diff

8
machines/gamepc/home.nix Normal file
View file

@ -0,0 +1,8 @@
{pkgs, ...}: {
home.packages = with pkgs.unstable; [
devenv
vlc
handbrake
lutris
];
}

50
machines/sue/default.nix Normal file
View file

@ -0,0 +1,50 @@
{inputs, ...}: {
config = {
pim = {
lanzaboote.enable = true;
tidal.enable = true;
gnome.enable = true;
stylix.enable = true;
wireguard.enable = true;
compliance.enable = true;
sops.enable = true;
};
services.tailscale.enable = true;
facter.reportPath = ./facter.json;
home-manager.users.pim.imports = [./home.nix];
networking.hostName = "sue";
swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/560E-F8A2";
fsType = "vfat";
options = ["fmask=0022" "dmask=0022"];
};
};
nix.settings = {
substituters = ["https://cosmic.cachix.org/"];
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
};
boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494";
# specialisation.cosmic.configuration = {
# imports = [
# inputs.nixos-cosmic.nixosModules.default
# ];
# services = {
# desktopManager.cosmic.enable = true;
# displayManager.cosmic-greeter.enable = true;
# };
# };
};
}

3817
machines/sue/facter.json Normal file

File diff suppressed because it is too large Load diff

45
machines/sue/home.nix Normal file
View file

@ -0,0 +1,45 @@
{pkgs, ...}: {
config = {
pim = {
tidal.enable = true;
gnome.enable = true;
vscode.enable = true;
syncthing.enable = true;
neovim.enable = true;
firefox.enable = true;
sops.enable = true;
};
home.packages =
(with pkgs; [
jellyfin-media-player
virt-manager
])
++ (with pkgs.unstable; [
attic-client
dbeaver-bin
devenv
bottles-unwrapped
gimp
hexchat
impression
insomnia
keepassxc
krita
libreoffice
# logseq # Has insecure electron dependency
moonlight-qt
nicotine-plus
qFlipper
signal-desktop
strawberry
telegram-desktop
vlc
vorta
wireshark
# nheko # Has insecure olm dependency
handbrake
feishin
]);
};
}

18
nixos-configurations.nix Normal file
View file

@ -0,0 +1,18 @@
inputs @ {
nixpkgs,
self,
...
}: {
nixosConfigurations = nixpkgs.lib.mapAttrs (name: {
system,
module,
}:
nixpkgs.lib.nixosSystem {
inherit system;
modules = [./nixos module];
specialArgs = {
inherit inputs system self;
};
}) (import ./machines);
}

19
nixos/cinnamon.nix Normal file
View file

@ -0,0 +1,19 @@
{
config,
lib,
...
}: let
cfg = config.pim.cinnamon;
in {
options.pim.cinnamon.enable = lib.mkEnableOption "cinnamon";
config = lib.mkIf cfg.enable {
services = {
displayManager.defaultSession = "cinnamon";
libinput.enable = true;
xserver = {
desktopManager.cinnamon.enable = true;
displayManager.lightdm.enable = true;
};
};
};
}

14
nixos/compliance.nix Normal file
View file

@ -0,0 +1,14 @@
{
config,
lib,
...
}: let
cfg = config.pim.compliance;
in {
options.pim.compliance.enable = lib.mkEnableOption "compliance";
config = lib.mkIf cfg.enable {
services.clamav = {
daemon.enable = true;
};
};
}

View file

@ -1,25 +1,37 @@
{ pkgs, config, lib, ... }:
let
vuescan = pkgs.callPackage ./vuescan.nix { };
in
{ {
imports = [ ./hardware-configuration.nix ]; pkgs,
config,
boot = { loader.systemd-boot.enable = true; }; lib,
inputs,
self,
...
}: {
imports = [
inputs.home-manager.nixosModules.home-manager
inputs.nixos-facter-modules.nixosModules.facter
inputs.disko.nixosModules.disko
./lanzaboote.nix
./tidal.nix
./sops.nix
./stylix.nix
./wireguard.nix
./gnome.nix
./compliance.nix
./cinnamon.nix
./ssh.nix
];
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
programs.ssh.startAgent = true;
systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
services = { services = {
udev.packages = [ vuescan ]; xserver.enable = true;
gnome.gnome-keyring.enable = lib.mkForce false;
xserver = { tailscale = {
enable = true; useRoutingFeatures = "client";
displayManager.gdm = { enable = true; }; extraSetFlags = ["--accept-routes"];
desktopManager.gnome.enable = true;
excludePackages = with pkgs; [ xterm ];
}; };
printing = { printing = {
@ -27,43 +39,47 @@ in
drivers = [pkgs.hplip pkgs.gutenprint]; drivers = [pkgs.hplip pkgs.gutenprint];
}; };
fprintd = { pipewire = {
enable = true; enable = true;
alsa.enable = true;
tod = { alsa.support32Bit = true;
enable = true; pulse.enable = true;
driver = pkgs.libfprint-2-tod1-vfs0090; jack.enable = true;
};
}; };
}; };
users = { users.users.pim = {
users.pim = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "docker" "input" ]; extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
};
}; };
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
wget age
curl borgbackup
git
btop btop
ripgrep btrfs-progs
vim curl
dogdns
tree
dig dig
vuescan exfat
]; f3
gnome.excludePackages = with pkgs; [ fastfetch
gnome.totem file
gnome-tour git
gnome.epiphany jq
gnome.geary kubectl
gnome-console nmap
gnome.gnome-music poppler_utils # For pdfunite
ripgrep
sbctl
silicon
tree
units
vim
wget
yq
ncdu
lshw
]; ];
}; };
@ -77,32 +93,18 @@ in
''; '';
}; };
programs.ssh = { security = {
startAgent = true; rtkit.enable = true;
knownHosts = { sudo.extraConfig = ''
dmz = {
hostNames = [ "*.dmz" ];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
certAuthority = true;
};
hypervisors = {
hostNames = [ "*.hyp" ];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
certAuthority = true;
};
};
};
security.sudo.extraConfig = ''
Defaults timestamp_timeout=30 Defaults timestamp_timeout=30
''; '';
};
nix = { nix = {
package = pkgs.nixFlakes; package = pkgs.nixFlakes;
settings.trusted-users = ["root" "pim"];
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
@ -115,30 +117,12 @@ in
}; };
}; };
age = {
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
secrets = {
wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age;
wg-quick-home-preshared-key.file =
../secrets/wg-quick-home-preshared-key.age;
};
};
networking = { networking = {
hostName = "x260"; useDHCP = lib.mkDefault true;
networkmanager.unmanaged = lib.mkIf config.services.tailscale.enable ["tailscale0"];
wg-quick.interfaces.home = { wireless.extraConfig = ''
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path; p2p_disabled=1
address = [ "10.225.191.4/24" ]; '';
dns = [ "192.168.30.8" ];
peers = [{
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
endpoint = "wg.geokunis2.nl:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
}];
};
}; };
virtualisation.docker = { virtualisation.docker = {
@ -149,7 +133,55 @@ in
}; };
}; };
nixpkgs.config.permittedInsecurePackages = [ nixpkgs = {
"electron-25.9.0" hostPlatform = lib.mkDefault "x86_64-linux";
config = {
allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"libfprint-2-tod1-goodix"
"steam"
"steam-original"
"steam-run"
]; ];
};
overlays = [
inputs.nur.overlay
(final: _prev: {
unstable = import inputs.nixpkgs-unstable {
inherit (pkgs) system;
config.allowUnfree = true;
};
})
];
};
boot = {
kernelModules = ["kvm-intel" "cdrom"];
extraModulePackages = [];
initrd = {
availableKernelModules = ["sd_mod"];
kernelModules = [];
};
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
};
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = false;
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit self inputs;};
users.pim.imports = ["${self}/home-manager"];
};
} }

58
nixos/gnome.nix Normal file
View file

@ -0,0 +1,58 @@
{
pkgs,
config,
lib,
...
}: let
cfg = config.pim.gnome;
in {
options.pim.gnome.enable = lib.mkEnableOption "gnome";
config = lib.mkIf cfg.enable {
services = {
gnome.gnome-keyring.enable = lib.mkForce false;
xserver = {
desktopManager.gnome.enable = true;
displayManager.gdm.enable = true;
excludePackages = [pkgs.xterm];
};
};
environment = {
systemPackages =
[
pkgs.gnome.gnome-shell-extensions
]
++ (with pkgs.gnomeExtensions; [
pop-shell
window-is-ready-remover
random-wallpaper
workspaces-indicator-by-open-apps
])
++ lib.optional config.services.tailscale.enable pkgs.gnomeExtensions.tailscale-status;
gnome.excludePackages =
(with pkgs; [
epiphany
gnome-connections
gnome-console
gnome-tour
])
++ (with pkgs.gnome; [
geary
gnome-calendar
gnome-clocks
gnome-contacts
gnome-font-viewer
gnome-logs
gnome-maps
gnome-music
seahorse
totem
yelp
gnome-weather
]);
};
};
}

View file

@ -1,41 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device =
"/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/87DA-B083";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

41
nixos/lanzaboote.nix Normal file
View file

@ -0,0 +1,41 @@
{
config,
lib,
inputs,
...
}: {
imports = [
inputs.lanzaboote.nixosModules.lanzaboote
];
options = {
pim.lanzaboote.enable = lib.mkEnableOption {
description = ''
Whether to enable lanzaboote
'';
};
};
config = lib.mkIf config.pim.lanzaboote.enable {
boot = {
# generate keys first with: `sudo nix run nixpkgs#sbctl create-keys`
# switch from lzb to bootspec by adding following line to the system configuration:
# bootspec.enable = true;
loader = {
systemd-boot.enable = lib.mkForce false;
# Use lanzaboote instead see below, default is:
# systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
};
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
};
}

22
nixos/sops.nix Normal file
View file

@ -0,0 +1,22 @@
{
inputs,
pkgs,
self,
config,
lib,
...
}: let
cfg = config.pim.sops;
in {
imports = [inputs.sops-nix.nixosModules.sops];
options.pim.sops.enable = lib.mkEnableOption "sops";
config = lib.mkIf cfg.enable {
environment.systemPackages = [pkgs.sops];
sops = {
age.keyFile = "/home/pim/.config/sops/age/keys.txt";
defaultSopsFile = "${self}/secrets/secrets.yaml";
};
};
}

27
nixos/ssh.nix Normal file
View file

@ -0,0 +1,27 @@
{lib, ...}: {
options = {
pim.ssh.keys = lib.mkOption {
type = lib.types.attrsOf (lib.types.listOf lib.types.str);
};
};
config = {
pim.ssh.keys = {
pim = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOodpLr+FDRyKyHjucHizNLVFHZ5AQmE9GmxMnOsSoaw pimkunis@thinkpadpim"];
niels = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINUZp4BCxf7uLa1QWonx/Crf8tYZ5MKIZ+EuaBa82LrV user@user-laptop"];
};
services = {
openssh = {
openFirewall = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
GSSAPIAuthentication = false;
UseDns = false;
};
};
};
};
}

47
nixos/stylix.nix Normal file
View file

@ -0,0 +1,47 @@
{
pkgs,
inputs,
config,
lib,
...
}: let
cfg = config.pim.stylix;
in {
imports = [inputs.stylix.nixosModules.stylix];
options.pim.stylix.enable = lib.mkEnableOption "stylix";
config = {
stylix = lib.mkMerge [
{
image = "${inputs.nixos-artwork}/wallpapers/nix-wallpaper-binary-blue.png";
}
(lib.mkIf cfg.enable {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark-medium.yaml";
cursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 28;
};
fonts = {
monospace = {
package = pkgs.nerdfonts.override {fonts = ["JetBrainsMono"];};
name = "JetBrainsMono Nerd Font Mono";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
};
})
];
};
}

13
nixos/tidal.nix Normal file
View file

@ -0,0 +1,13 @@
{
lib,
config,
...
}: let
cfg = config.pim.tidal;
in {
options.pim.tidal.enable = lib.mkEnableOption "tidal";
config = lib.mkIf cfg.enable {
users.users.pim.extraGroups = ["audio"];
};
}

View file

@ -1,60 +0,0 @@
{ stdenv
, fetchurl
, gnutar
, autoPatchelfHook
, glibc
, gtk2
, xorg
, libgudev
, makeDesktopItem
}:
let
pname = "vuescan";
version = "9.8";
desktopItem = makeDesktopItem {
name = "VueScan";
desktopName = "VueScan";
genericName = "Scanning Program";
comment = "Scanning Program";
icon = "vuescan";
terminal = false;
type = "Application";
startupNotify = true;
categories = [ "Graphics" "Utility" ];
keywords = [ "scan" "scanner" ];
exec = "vuescan";
};
in
stdenv.mkDerivation {
name = "${pname}-${version}";
src = fetchurl {
url = "https://www.hamrick.com/files/vuex6498.tgz";
hash = "sha256-qTSZuNPCi+G4e7PfnJEDj8rBMYV/Tw/ye3nDspqIPlE=";
};
# Stripping breaks the program
dontStrip = true;
nativeBuildInputs = [ gnutar autoPatchelfHook ];
buildInputs = [ glibc gtk2 xorg.libSM libgudev ];
unpackPhase = ''
tar xfz $src
'';
installPhase = ''
install -m755 -D VueScan/vuescan $out/bin/vuescan
mkdir -p $out/share/icons/hicolor/scalable/apps/
cp VueScan/vuescan.svg $out/share/icons/hicolor/scalable/apps/vuescan.svg
mkdir -p $out/lib/udev/rules.d/
cp VueScan/vuescan.rul $out/lib/udev/rules.d/60-vuescan.rules
mkdir -p $out/share/applications/
ln -s ${desktopItem}/share/applications/* $out/share/applications
'';
}

55
nixos/wireguard.nix Normal file
View file

@ -0,0 +1,55 @@
{
lib,
config,
...
}: let
cfg = config.pim.wireguard;
in {
options.pim.wireguard.enable = lib.mkEnableOption "wireguard";
config = lib.mkIf cfg.enable {
networking = {
useDHCP = lib.mkDefault true;
networkmanager.unmanaged = ["tailscale0"];
wg-quick.interfaces = {
home = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = ["10.225.191.4/24"];
dns = ["192.168.30.131"];
autostart = false;
mtu = 1412;
peers = [
{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = ["0.0.0.0/0"];
}
];
};
home-no-pihole = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = ["10.225.191.4/24"];
dns = ["192.168.10.1"];
autostart = false;
mtu = 1412;
peers = [
{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = ["0.0.0.0/0"];
}
];
};
};
};
sops.secrets = {
"wireguard/home/presharedKey" = {};
"wireguard/home/privateKey" = {};
};
};
}

13
packages.nix Normal file
View file

@ -0,0 +1,13 @@
{
nixpkgs,
flake-utils,
treefmt-nix,
...
}:
flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
treefmtWrapper = treefmtEval.config.build.wrapper;
in {
packages.formatter = treefmtWrapper;
})

View file

@ -1,3 +0,0 @@
```bash
nix run github:ryantm/agenix# -- -e secret1.age
```

Binary file not shown.

View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww i6BkkMy9gSSVZ+L+EMYSLakp1qA4yOGbEkLrO4Ddbxs
FsoRnCiPsJEKQj+2iJaqn+BbU+bFMAkReRotiV+0WCs
-> ssh-ed25519 vBZj5g +6YFp3yYXSEzRMXu7WyURkJk/cA87irnW5FpKRYnGSA
dJkMmnxyVEv/S9FmCrRkrYDCh+OwXK+UYno3ncr5nOk
-> 6gQa-grease Yt+ucm#U |<d\`t
SxpuSh2ee/jDNu7mXcn82fTt6/wy7ksA+W1xHQHiShJGvyyr6dTIPEk0qY1oqIPt
HkQNvNYLpMwpAqSTvmcmybps4CoWt0x6GJ0aBPOlYEIuwHnJ5Pkvnf4U9wPuwr6Y
zQ
--- hHweNMiKEIEw/TwSGhElfRiQYqLtmhwylkMWvfthyGY
?×%Ö¿H¹§G¤/Pì#
ÚŠÐÛäF±QÙç„lRÊDcNÖЉ ç$Hs©ŠTæžø<C5BE>ÊÁÏqVf¤àˆÝkëã•ø<E280A2>ï¡×OŒÞÛµæE•êgißžXŒ§sá”)gO¢.·]·æÐCJcè<63>E^EŸq:<3A>qß&™E™#¾ArÄªÉ ™€ñì

Binary file not shown.

Binary file not shown.

24
secrets/pim.yaml Normal file

File diff suppressed because one or more lines are too long

Binary file not shown.

View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww NnvaPUzk3WjwC3nu7T47DXtNqDuysbgAccdF1kWO5yQ
XYX2GfZSHrnhoKutbqVxB9zghbl1kZDyOTphUXvt8oQ
-> ssh-ed25519 vBZj5g mpi+OE3ST+mP05IKimQrwOZxOaDgeUUoKujOOSXEljQ
kwHkJu14Xpqgd4POeuLLcbech+Kh2XSfBed3M1Cu8DA
-> =6-grease C`Yq5 Y2 4
8sgSLLYCXkFRy0SFfNH0fhb14HonKVpVfkc1rc7sC7bXVXi8FGri/d/AW42G2J9m
W/FfhKnGBAOj1cA/wPw4cqCcQKbux78C7BdN6EfrF+ddzF+n98EwtBJ/cjzRky+A
FJJY
--- sytjLDBFLb2VqtF3LSiSS1Nxb56oNtx2AGzhYCPItW8
.ÚËr-Ò†±–åØè/ BD$Õ¬F³Ðó¡FÜЙó‰SÅÙ/MœÎËâò ª¸òi/<2F># šÙï%u7ÍŸ6ƒör…W ¸öe?…ƒÉi,·ÐÑä[ÁY¤9ÙÿÀÁ

View file

@ -1,23 +0,0 @@
let
pkgs = import <nixpkgs> { };
publicKeysURL =
"https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
publicKeys = pkgs.lib.strings.splitString "\n"
(pkgs.lib.strings.fileContents publicKeysFile);
in
{
"wg-quick-home-privkey.age".publicKeys = publicKeys;
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
"sue_ed25519.age".publicKeys = publicKeys;
"sue_azure_rsa.age".publicKeys = publicKeys;
"syncthing-key.pem.age".publicKeys = publicKeys;
"syncthing-cert.pem.age".publicKeys = publicKeys;
"common-pg-tfbackend.age".publicKeys = publicKeys;
"ansible-vault-secret.age".publicKeys = publicKeys;
"powerdns-api-key.json.age".publicKeys = publicKeys;
"keepassxc.ini.age".publicKeys =
publicKeys; # Secret agent causes private keys in config file.
"postgresql_client.key.age".publicKeys = publicKeys;
"k3s-pim-privkey.age".publicKeys = publicKeys;
}

25
secrets/secrets.yaml Normal file
View file

@ -0,0 +1,25 @@
testje: ENC[AES256_GCM,data:kMnaocttth1O6g==,iv:mV9gEMdomVhmOTBUWIFz3o23TBb7DLM2rXI/Tb81bSg=,tag:qj6TlvW5sY6Ek9M0GIqB3A==,type:str]
wireguard:
home:
presharedKey: ENC[AES256_GCM,data:H+oCRsg2ikN9KyVacEFasYmx5XE1zrnjBthkL5OitOXHTr4Ls0zwoF5StXs=,iv:N63wO4TKagbweStqf7wL3YZ0njxDNvrISErPao5wf7o=,tag:67kZcNaCzv3RI41XmA+UFQ==,type:str]
privateKey: ENC[AES256_GCM,data:WcPVrLiy2JJvzIh7sUpHMnt1MNx5rw5bI+xGmkitC9nEiNytMG71wmlC4d0=,iv:sl8gZgCzaW10UH0GLycvQVHqBlDVq7BUgoIEl41lc20=,tag:7oLlVjulxuEsW+pS8sZ+Ew==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWL1dlTjFNTXRPd0ppbE1i
THlsMzB1K041eUdTemRseGk5dkVwUDk2TFIwCnR1WE9iYXhHWHprZCtlSFExakhs
R0FtcEc0VTJ4WFBORFluYTdBTFh1NzAKLS0tIGtrYkVPSEVXV1dnb1J4V1pkQktW
VjNXUkpmVmxyNDNsT0ZjQjhOYklEbW8KV86AD+8QE14BZxWb7TVolwlcy1eFKxks
rOpqcXBqtUPaBC10IhVV434DGFIZMtRuYEQ4G/sdCsc3qiNxO3Cl4A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-15T14:04:18Z"
mac: ENC[AES256_GCM,data:6YKdfUk4ltXQ6U7FHs9ehGDUVzfZo1cKnSJMp+zYBEBnhmz7LdCBZycBpJ9syJn4WW1jZ8Bz7+lIxDsXm35AhjI+Mia20BqcWotcCaoHUslK+QV/YRIw8wxP7pvOKNeTa9UMhrcpXBVJxdQvKEBZPWziD4Xk3RGomvGEjB3xXKY=,iv:Tvgo/tlxnNk31C/cqCAKIGRdYEug9DdqeIUdJgQj4yE=,tag:z/tWTyiYmUmc2zVc3mQq0Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww 0YS+10yTGhQwLKj5SZkyHLAOMHScnEXuW8H1LJSJJl8
fYIEukt41D5s417B6EcCj5DP0JCcqDKIzdUqGeNLguQ
-> ssh-ed25519 vBZj5g ufNv/vQfhTj203S9NhLoTs3AK3v1MQC73oPLhj7TJQ8
/ExO1bN02B6uJoWiVQDqRQ6yMd4o3qR3sUpN9OHEW50
-> 9f-grease p
6eUQ4dl855OIlCfN61wQ/7n8
--- WTuEDM+CWDqaep0MlbCL1QXXzDumVR4WCXhyA3b7zm8
Û,”ùQÎófç¥w— >Óœ×ÿ¿g7QÂå×Ú¤2*ð<>„ù 0­.Ž3zy•DØ<31>4™¹ÀE$Nw7îqAÊp¹&g;„®
¢VÊ\oø_^èW¼<>-WÞ(k\¬ÝRµb£{h<*ì èÒçظ¤11gKÏâk<C3A2>U,Ñ$>­p®zoÑlÏ5\dSÌ4OOû\¯+yÿúà(–Ä×Çå+»ñëÿçbãj¼Eº)}ì$ÒŽ¬T?»
ÿ%;Ž¿QFiçº4ŽJH®Ÿ­å<C2AD>™6AúSâÑÜЉãˆ<C3A3>k˜Z²?ܸ”MY26ËhÊ]e”µ(¤a¤&[ͳ°0‡juSóXKúNd>,Ûçv®ÔŠ¬
ѳ /BnùšgæO ©m}~¦‡z™i‰Üx£GàÈöb­

View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww Wlatyvlg6jc+ISAQu1QEA62IUeWnriQJg+ChseMcyFI
tRhEc/mkG7FFZO2G5A+0NNCj693Q3dbDhMOBxKmCBjw
-> ssh-ed25519 vBZj5g HdeqB71NJkEFgXb0LPefYl+kwQNUYJQAHBEDxKdPqxk
6mUCxbBT6PpAf0BwTD6Tv7pDZzWmHxBWw+/IbgLXQZA
-> N-grease
OKOvPc2zAXju6FzjNzuCZiF9pN2hmmxMMRWxZwXar8MR
--- QR9PJv7R2ASeHrsBO7SuZzAB9s5fD0jT/qEFuJx8CNg
Š·_AéZñR IWnO†¢'j—̤,ÄØÃ#†ò™ZPjJ©è&Zô˜ôÎÃ…ÿ°ë…{ÕW…ðÚ˜×wÞˆ %Ó±‰%

View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 LAPUww ST/R4vPro6VMrJgRJqMIYkhaQJ0EV0ss/yX94BAxSWE
VIWQpIuuf0OS4z1D1QsFRvvWrmbo6LJEdPJ7jmbhv+w
-> ssh-ed25519 vBZj5g GAlVKDrXvlR7FqID4Rbpb64QChS8rwUCyJdxg2PXSw0
cS8pDXkYvvFsiTt0i6s5r/7cxbf5IcjiNQWQAcgoXFg
-> w-grease s,fAjpd YvL[bWVw $h4j|^ >JU
EO9ZKdn19mADx6rwhpKftX/QxZ4yNlXgZttyn0rBpSZuVfX8Oj430VppAZ5RYwn9
zHqBvBs6VEYUt4jOWOGl/idBNg
--- OnaKsFMYoiOP1T2o4GIgME6KQqWqwIQM9WADk28E9qA
<<16>˜±n-ã¸þ”iìÙ÷bÖRä¿·â;¢©Ö)¸“[ G[Õ„·FÔX°ä<C2B0>?Hne•®ò&­n¸m#œ$}”¸e]Õ-6ᢾx„

3
switch
View file

@ -1,3 +0,0 @@
#!/usr/bin/env bash
sudo nixos-rebuild switch --flake ./#pim

5
treefmt.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
projectRootFile = "flake.nix";
programs.alejandra.enable = true;
programs.jsonfmt.enable = true;
}

Binary file not shown.

After

Width:  |  Height:  |  Size: 1.1 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 10 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.7 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.9 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.6 MiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.6 MiB