From 72d321f478c2a67a4d37e41f8a85853f41f7f044 Mon Sep 17 00:00:00 2001 From: Swarsel Date: Fri, 19 Jul 2024 00:45:48 +0200 Subject: [PATCH] feat: Add automatic formatting for .nix files --- .github/workflows/flake-checks.yaml | 6 +- SwarselSystems.org | 55 +- flake.nix | 330 ++- index.html | 63 +- profiles/TEMPLATE/home.nix | 79 +- profiles/TEMPLATE/nixos.nix | 32 +- profiles/common/home.nix | 2536 +++++++++-------- profiles/common/nixos.nix | 901 +++--- profiles/fourside/hardware-configuration.nix | 43 +- profiles/fourside/home.nix | 88 +- profiles/fourside/nixos.nix | 115 +- profiles/mysticant/configuration.nix | 5 +- .../oracle/matrix/hardware-configuration.nix | 20 +- profiles/remote/oracle/matrix/nixos.nix | 128 +- .../oracle/sync/hardware-configuration.nix | 43 +- profiles/remote/oracle/sync/nixos.nix | 44 +- profiles/sandbox/hardware-configuration.nix | 31 +- profiles/sandbox/nixos.nix | 421 ++- profiles/server1/TEMPLATE/nixos.nix | 74 +- .../calibre/hardware-configuration.nix | 24 +- profiles/server1/calibre/nixos.nix | 123 +- .../jellyfin/hardware-configuration.nix | 32 +- profiles/server1/jellyfin/nixos.nix | 14 +- .../server1/matrix/hardware-configuration.nix | 24 +- profiles/server1/matrix/nixos.nix | 128 +- .../server1/nginx/hardware-configuration.nix | 24 +- profiles/server1/nginx/nixos.nix | 56 +- .../paperless/hardware-configuration.nix | 24 +- profiles/server1/paperless/nixos.nix | 41 +- .../server1/sound/hardware-configuration.nix | 34 +- profiles/server1/sound/nixos.nix | 44 +- .../spotifyd/hardware-configuration.nix | 24 +- profiles/server1/spotifyd/nixos.nix | 38 +- .../transmission/hardware-configuration.nix | 24 +- profiles/server1/transmission/nixos.nix | 262 +- profiles/threed/hardware-configuration.nix | 43 +- profiles/threed/home.nix | 73 +- profiles/threed/nixos.nix | 33 +- profiles/winters/home.nix | 84 +- profiles/winters/nixos.nix | 59 +- programs/emacs/init.el | 39 +- templates/cpp_flake.nix | 4 +- templates/cu_flake.nix | 7 +- templates/other_flake.nix | 1 - templates/py_flake.nix | 1 - templates/rust_flake.nix | 10 +- 46 files changed, 3162 insertions(+), 3122 deletions(-) diff --git a/.github/workflows/flake-checks.yaml b/.github/workflows/flake-checks.yaml index af58897..e965c8a 100644 --- a/.github/workflows/flake-checks.yaml +++ b/.github/workflows/flake-checks.yaml @@ -14,7 +14,9 @@ jobs: - name: Install Nix uses: DeterminateSystems/nix-installer-action@v3 - uses: DeterminateSystems/magic-nix-cache-action@main - - name: Check for dead code + - name: Check for dead code in .nix files run: git ls-files '*.nix' | nix run nixpkgs#deadnix - - name: Check for lints + - name: Check for lints in .nix files run: nix run nixpkgs#statix -- check + - name: Check formatting in .nix files + run: git ls-files '*.nix' | xargs nix run nixpkgs#alejandra -- --check diff --git a/SwarselSystems.org b/SwarselSystems.org index db906a3..c77f6f6 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -5131,6 +5131,11 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 nmap lsof + # nix + alejandra + deadnix + statix + # local file sharing wormhole-rs @@ -7524,41 +7529,37 @@ Used in: [[#h:bbcfa895-4d46-4b1d-b84e-f634e982c46e][Centered org-mode Buffers]] #+end_src -**** org-mode: Auto-tangle and export Configuration Files +**** org-mode: Upon-save actions (Auto-tangle, export to html, formatting) :PROPERTIES: :CUSTOM_ID: h:59d4306e-9b73-4b2c-b039-6a6518c357fc :END: -This section automatically tangles all configuration blocks in this file to the defined Emacs org-file. It also exports the configuration file as html. +This section handles everything that shoudld happen when I save =SwarselSystems.org=. It: +1) automatically tangles all configuration blocks in this file +2) exports the configuration file as html for an easier reading experience with working links and index +3) formats the generated =.nix= files in accordance to the =Alejandra=-style. +We set a hook that runs everytime we save the file. It would be a bit more efficient to only export and format when we enter a magit window for instance (since especially the html export takes times), however, since I cannot be sure to only ever commit from magit (I do indeed sometimes use git from the command line), I prefer this approach. #+begin_src emacs-lisp - - (defun swarsel/org-babel-tangle-config () - (when (string-equal (buffer-file-name) - swarsel-swarsel-org-filepath) - ;; Dynamic scoping to the rescue - (let ((org-confirm-babel-evaluate nil)) - (org-html-export-to-html) - (org-babel-tangle))) - (when (string-equal (buffer-file-name) - swarsel-emacs-org-filepath) - ;; Dynamic scoping to the rescue - (let ((org-confirm-babel-evaluate nil)) - (org-html-export-to-html) - (org-babel-tangle))) - (when (string-equal (buffer-file-name) - swarsel-nix-org-filepath) - ;; Dynamic scoping to the rescue - (let ((org-confirm-babel-evaluate nil)) - (org-babel-tangle)))) - - (setq org-html-htmlize-output-type nil) - - (add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config))) - - + (defun run-alejandra () + (interactive) + (let ((default-directory (expand-file-name "~/.dotfiles"))) + (shell-command "alejandra . -q"))) + + (defun swarsel/org-babel-tangle-config () + (when (string-equal (buffer-file-name) + swarsel-swarsel-org-filepath) + ;; Dynamic scoping to the rescue + (let ((org-confirm-babel-evaluate nil)) + (org-html-export-to-html) + (org-babel-tangle) + (run-alejandra)))) + + (setq org-html-htmlize-output-type nil) + + (add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config))) #+end_src diff --git a/flake.nix b/flake.nix index 2632648..df2dcdb 100644 --- a/flake.nix +++ b/flake.nix @@ -2,76 +2,73 @@ description = "SwarseFlake - Nix Flake for all SwarselSystems"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05"; - + # user-level configuration home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; - + # overlay to access bleeding edge emacs emacs-overlay = { url = "github:nix-community/emacs-overlay"; inputs.nixpkgs.follows = "nixpkgs"; }; - + # nix user repository # i use this mainly to not have to build all firefox extensions # myself as well as for the emacs-init package (tbd) nur.url = "github:nix-community/NUR"; - + # provides GL to non-NixOS hosts nixgl.url = "github:guibou/nixGL"; - + # manages all theming using Home-Manager stylix.url = "github:danth/stylix"; - + # nix secrets management sops-nix.url = "github:Mic92/sops-nix"; - + # enable secure boot on NixOS lanzaboote.url = "github:nix-community/lanzaboote"; - + # nix for android nix-on-droid = { url = "github:t184256/nix-on-droid/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - + # generate NixOS images nixos-generators = { url = "github:nix-community/nixos-generators"; inputs.nixpkgs.follows = "nixpkgs"; }; - + # patches for gaming on nix nix-gaming = { url = "github:fufexan/nix-gaming"; }; - + # hardware quirks on nix nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; }; - + # dynamic library loading nix-alien = { url = "github:thiagokokada/nix-alien"; }; - + # automatic nintendo switch payload injection nswitch-rcm-nix = { url = "github:Swarsel/nswitch-rcm-nix"; }; - }; - outputs = inputs@{ - + outputs = inputs @ { nixpkgs, nixpkgs-stable, home-manager, @@ -85,49 +82,54 @@ nixos-hardware, nix-alien, nswitch-rcm-nix, - ... }: let - system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment - pkgs = import nixpkgs { inherit system; - overlays = [ emacs-overlay.overlay - nur.overlay - nixgl.overlay - (final: _prev: { - stable = import nixpkgs-stable { - inherit (final) system config; - }; - }) - ]; - config.allowUnfree = true; - }; - + pkgs = import nixpkgs { + inherit system; + overlays = [ + emacs-overlay.overlay + nur.overlay + nixgl.overlay + (final: _prev: { + stable = import nixpkgs-stable { + inherit (final) system config; + }; + }) + ]; + config.allowUnfree = true; + }; + # NixOS modules that can only be used on NixOS systems - nixModules = [ stylix.nixosModules.stylix - sops-nix.nixosModules.sops - nswitch-rcm-nix.nixosModules.nswitch-rcm - ./profiles/common/nixos.nix - # dynamic library loading - ({ self, system, ... }: { - environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [ - nix-alien - ]; - # needed for `nix-alien-ld` - programs.nix-ld.enable = true; - }) - ]; - + nixModules = [ + stylix.nixosModules.stylix + sops-nix.nixosModules.sops + nswitch-rcm-nix.nixosModules.nswitch-rcm + ./profiles/common/nixos.nix + # dynamic library loading + ({ + self, + system, + ... + }: { + environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [ + nix-alien + ]; + # needed for `nix-alien-ld` + programs.nix-ld.enable = true; + }) + ]; + # Home-Manager modules wanted on non-NixOS systems - homeModules = [ stylix.homeManagerModules.stylix - ]; + homeModules = [ + stylix.homeManagerModules.stylix + ]; # Home-Manager modules wanted on both NixOS and non-NixOS systems - mixedModules = [ sops-nix.homeManagerModules.sops - ./profiles/common/home.nix - ]; - + mixedModules = [ + sops-nix.homeManagerModules.sops + ./profiles/common/home.nix + ]; in { - # NixOS setups - run home-manager as a NixOS module for better compatibility # another benefit - full rebuild on nixos-rebuild switch # run rebuild using `nswitch` @@ -136,130 +138,153 @@ # Make sure to move hardware-configuration to the appropriate location, by default it is found in /etc/nixos/. nixosConfigurations = { - onett = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = nixModules ++ [ - ./profiles/onett/nixos.nix - home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/onett/home.nix - ]; - } - ]; + specialArgs = {inherit inputs pkgs;}; + modules = + nixModules + ++ [ + ./profiles/onett/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = + mixedModules + ++ [ + ./profiles/onett/home.nix + ]; + } + ]; }; - + sandbox = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = {inherit inputs pkgs;}; modules = [ sops-nix.nixosModules.sops ./profiles/sandbox/nixos.nix ]; }; - + twoson = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = nixModules ++ [ - ./profiles/twoson/nixos.nix - home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/twoson/home.nix - ]; - } - ]; + specialArgs = {inherit inputs pkgs;}; + modules = + nixModules + ++ [ + ./profiles/twoson/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = + mixedModules + ++ [ + ./profiles/twoson/home.nix + ]; + } + ]; }; - + threed = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = nixModules ++ [ - lanzaboote.nixosModules.lanzaboote - ./profiles/threed/nixos.nix - home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/threed/home.nix - ]; - } - ]; + specialArgs = {inherit inputs pkgs;}; + modules = + nixModules + ++ [ + lanzaboote.nixosModules.lanzaboote + ./profiles/threed/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = + mixedModules + ++ [ + ./profiles/threed/home.nix + ]; + } + ]; }; - + fourside = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = nixModules ++ [ - nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 - ./profiles/fourside/nixos.nix - home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/fourside/home.nix - ]; - } - ]; + specialArgs = {inherit inputs pkgs;}; + modules = + nixModules + ++ [ + nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 + ./profiles/fourside/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = + mixedModules + ++ [ + ./profiles/fourside/home.nix + ]; + } + ]; }; - + winters = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = nixModules ++ [ - nixos-hardware.nixosModules.framework-16-inch-7040-amd - ./profiles/winters/nixos.nix - home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/winters/home.nix - ]; - } - ]; + specialArgs = {inherit inputs pkgs;}; + modules = + nixModules + ++ [ + nixos-hardware.nixosModules.framework-16-inch-7040-amd + ./profiles/winters/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = + mixedModules + ++ [ + ./profiles/winters/home.nix + ]; + } + ]; }; - + stand = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = nixModules ++ [ - ./profiles/stand/nixos.nix - home-manager.nixosModules.home-manager - { - home-manager.users.homelen.imports = mixedModules ++ [ - ./profiles/stand/home.nix - ]; - } - ]; + specialArgs = {inherit inputs pkgs;}; + modules = + nixModules + ++ [ + ./profiles/stand/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.homelen.imports = + mixedModules + ++ [ + ./profiles/stand/home.nix + ]; + } + ]; }; - + nginx = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = {inherit inputs pkgs;}; modules = [ sops-nix.nixosModules.sops ./profiles/server1/nginx/nixos.nix ]; }; - + calibre = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = {inherit inputs pkgs;}; modules = [ sops-nix.nixosModules.sops ./profiles/server1/calibre/nixos.nix ]; }; - + jellyfin = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = {inherit inputs pkgs;}; modules = [ # sops-nix.nixosModules.sops ./profiles/server1/jellyfin/nixos.nix ]; }; - + transmission = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = {inherit inputs pkgs;}; modules = [ sops-nix.nixosModules.sops ./profiles/server1/transmission/nixos.nix ]; }; - + matrix = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = {inherit inputs pkgs;}; # this is to import a service module that is not on nixpkgs # this way avoids infinite recursion errors modules = [ @@ -267,43 +292,43 @@ ./profiles/server1/matrix/nixos.nix ]; }; - + sound = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = {inherit inputs pkgs;}; modules = [ sops-nix.nixosModules.sops ./profiles/server1/sound/nixos.nix ]; }; - + spotifyd = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = {inherit inputs pkgs;}; modules = [ sops-nix.nixosModules.sops ./profiles/server1/spotifyd/nixos.nix ]; }; - + paperless = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = {inherit inputs pkgs;}; modules = [ sops-nix.nixosModules.sops ./profiles/server1/paperless/nixos.nix ]; }; - + #ovm swarsel sync = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = {inherit inputs pkgs;}; modules = [ sops-nix.nixosModules.sops ./profiles/remote/oracle/sync/nixos.nix ]; }; - + #ovm swarsel swatrix = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = {inherit inputs pkgs;}; modules = [ sops-nix.nixosModules.sops ./profiles/remote/oracle/matrix/nixos.nix @@ -315,29 +340,26 @@ # run rebuild using `hmswitch` homeConfigurations = { - "leons@PCisLee" = home-manager.lib.homeManagerConfiguration { inherit pkgs; - modules = homeModules ++ mixedModules ++ [ - ./profiles/surface/home.nix - ]; + modules = + homeModules + ++ mixedModules + ++ [ + ./profiles/surface/home.nix + ]; }; - }; nixOnDroidConfigurations = { - default = nix-on-droid.lib.nixOnDroidConfiguration { modules = [ ./profiles/mysticant/configuration.nix ]; }; - }; packages.x86_64-linux = { - }; - }; } diff --git a/index.html b/index.html index b1ab052..90ff89c 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + SwarselSystems: NixOS + Emacs Configuration @@ -387,7 +387,7 @@

Table of Contents

-This file has 40971 words spanning 10908 lines and was last revised on 2024-07-19 00:29:02 +0200. +This file has 41033 words spanning 10909 lines and was last revised on 2024-07-19 00:52:31 +0200.

@@ -437,7 +437,7 @@

1

-My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-19 00:29:02 +0200) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-19 00:52:31 +0200)

@@ -6335,6 +6335,11 @@

3 nmap lsof + # nix + alejandra + deadnix + statix + # local file sharing wormhole-rs @@ -9194,40 +9199,40 @@

4 -
  • org-mode: Auto-tangle and export Configuration Files
    +
  • org-mode: Upon-save actions (Auto-tangle, export to html, formatting)

    -This section automatically tangles all configuration blocks in this file to the defined Emacs org-file. It also exports the configuration file as html. +This section handles everything that shoudld happen when I save SwarselSystems.org. It:

    +
      +
    1. automatically tangles all configuration blocks in this file
      2. +
    2. exports the configuration file as html for an easier reading experience with working links and index
      3. +
    3. formats the generated .nix files in accordance to the Alejandra-style.
      4. +
    +

    +We set a hook that runs everytime we save the file. It would be a bit more efficient to only export and format when we enter a magit window for instance (since especially the html export takes times), however, since I cannot be sure to only ever commit from magit (I do indeed sometimes use git from the command line), I prefer this approach. +

    -
    -(defun swarsel/org-babel-tangle-config ()
-  (when (string-equal (buffer-file-name)
-                      swarsel-swarsel-org-filepath)
-    ;; Dynamic scoping to the rescue
-    (let ((org-confirm-babel-evaluate nil))
-      (org-html-export-to-html)
-      (org-babel-tangle)))
-  (when (string-equal (buffer-file-name)
-                      swarsel-emacs-org-filepath)
-    ;; Dynamic scoping to the rescue
-    (let ((org-confirm-babel-evaluate nil))
-      (org-html-export-to-html)
-      (org-babel-tangle)))
-  (when (string-equal (buffer-file-name)
-                      swarsel-nix-org-filepath)
-    ;; Dynamic scoping to the rescue
-    (let ((org-confirm-babel-evaluate nil))
-      (org-babel-tangle))))
-
-(setq org-html-htmlize-output-type nil)
+
    (defun run-alejandra ()
+  (interactive)
+  (let ((default-directory (expand-file-name "~/.dotfiles")))
+    (shell-command "alejandra . -q")))
 
-(add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config)))
+  (defun swarsel/org-babel-tangle-config ()
+    (when (string-equal (buffer-file-name)
+                        swarsel-swarsel-org-filepath)
+      ;; Dynamic scoping to the rescue
+      (let ((org-confirm-babel-evaluate nil))
+        (org-html-export-to-html)
+        (org-babel-tangle)
+        (run-alejandra))))
 
+  (setq org-html-htmlize-output-type nil)
 
+  (add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config)))
    @@ -9336,7 +9341,7 @@

    4

    • -
  • Nix common prefix bracketer
    +
  • Nix common prefix bracketer

    This function searches for common delimiters in region and removes them, summarizing all captured lines by it. @@ -12907,7 +12912,7 @@

    5

    Author: Leon Schwarzäugl

    -

    Created: 2024-07-19 Fr 00:29

    +

    Created: 2024-07-19 Fr 00:52

    Validate

    diff --git a/profiles/TEMPLATE/home.nix b/profiles/TEMPLATE/home.nix index f46c488..037c9a8 100644 --- a/profiles/TEMPLATE/home.nix +++ b/profiles/TEMPLATE/home.nix @@ -1,8 +1,8 @@ -{ config, pkgs, ... }: - { - - + config, + pkgs, + ... +}: { services.gpg-agent = { enable = true; enableSshSupport = true; @@ -11,11 +11,11 @@ defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry + allow-loopback-pinentry + allow-emacs-pinentry ''; - }; - + }; + home = { username = "TEMPLATE"; homeDirectory = "/home/TEMPLATE"; @@ -29,7 +29,7 @@ ]; }; # update path if the sops private key is stored somewhere else - sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; + sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"]; # waybar config - TEMPLATE - update for cores and temp programs.waybar.settings.mainBar = { @@ -40,7 +40,7 @@ # ----------------------------------------------------------------- # is this machine always connected to power? If yes, use this block: - # + # # programs.waybar.settings.mainBar."custom/pseudobat"= { # format= ""; # on-click-right= "wlogout -p layer-shell"; @@ -61,32 +61,33 @@ # "custom/left-arrow-dark" # "clock#1" # ]; - # + # # ----------------------------------------------------------------- # ----------------------------------------------------------------- # if not always connected to power (laptop), use this (default): - - programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "custom/pseudobat" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; - + + programs.waybar.settings.mainBar.modules-right = [ + "custom/outer-left-arrow-dark" + "mpris" + "custom/left-arrow-light" + "network" + "custom/left-arrow-dark" + "pulseaudio" + "custom/left-arrow-light" + "custom/pseudobat" + "battery" + "custom/left-arrow-dark" + "group/hardware" + "custom/left-arrow-light" + "clock#2" + "custom/left-arrow-dark" + "clock#1" + ]; + # ----------------------------------------------------------------- - wayland.windowManager.sway= { + wayland.windowManager.sway = { config = rec { # update for actual inputs here, input = { @@ -94,7 +95,8 @@ xkb_layout = "us"; xkb_variant = "altgr-intl"; }; - "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE + "1:1:AT_Translated_Set_2_keyboard" = { + # TEMPLATE xkb_layout = "us"; xkb_options = "grp:win_space_toggle"; # xkb_options = "ctrl:nocaps,grp:win_space_toggle"; @@ -106,7 +108,6 @@ natural_scroll = "enabled"; middle_emulation = "enabled"; }; - }; output = { @@ -126,14 +127,12 @@ }; startup = [ - - { command = "nextcloud --background";} - { command = "discord --start-minimized";} - { command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} - { command = "ANKI_WAYLAND=1 anki";} - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} - { command = "nm-applet";} - + {command = "nextcloud --background";} + {command = "discord --start-minimized";} + {command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} + {command = "ANKI_WAYLAND=1 anki";} + {command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} + {command = "nm-applet";} ]; }; }; diff --git a/profiles/TEMPLATE/nixos.nix b/profiles/TEMPLATE/nixos.nix index 2d1c7f4..f40d741 100644 --- a/profiles/TEMPLATE/nixos.nix +++ b/profiles/TEMPLATE/nixos.nix @@ -1,17 +1,11 @@ -{ pkgs, ... }: - -{ - - - imports = - [ - ./hardware-configuration.nix - ]; - +{pkgs, ...}: { + imports = [ + ./hardware-configuration.nix + ]; services = { getty.autologinUser = "TEMPLATE"; - greetd.settings.initial_session.user="TEMPLATE"; + greetd.settings.initial_session.user = "TEMPLATE"; }; # Bootloader @@ -37,7 +31,7 @@ networking.hostName = "TEMPLATE"; # Define your hostname. stylix.image = ../../wallpaper/TEMPLATEwp.png; - + stylix = { enable = true; base16Scheme = ../../wallpaper/swarsel.yaml; @@ -62,7 +56,7 @@ # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; - + sansSerif = { # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); package = pkgs.cantarell-fonts; @@ -71,21 +65,18 @@ # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; - + monospace = { - package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; + package = pkgs.nerdfonts.override {fonts = ["FiraCode"];}; name = "FiraCode Nerd Font Mono"; }; - + emoji = { package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; }; }; }; - - - # Configure keymap in X11 (only used for login) services.xserver = { @@ -96,7 +87,7 @@ users.users.TEMPLATE = { isNormalUser = true; description = "TEMPLATE"; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; + extraGroups = ["networkmanager" "wheel" "lp" "audio" "video"]; packages = with pkgs; []; }; @@ -104,5 +95,4 @@ ]; system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - } diff --git a/profiles/common/home.nix b/profiles/common/home.nix index 03c2cd3..8e6db0a 100644 --- a/profiles/common/home.nix +++ b/profiles/common/home.nix @@ -1,8 +1,10 @@ -{ config, pkgs, fetchFromGitHub , ... }: - { + config, + pkgs, + fetchFromGitHub, + ... +}: { home.packages = with pkgs; [ - # audio stuff spek # spectrum analyzer losslessaudiochecker @@ -18,13 +20,18 @@ simple-scan # dict - (aspellWithDicts (dicts: with dicts; [ de en en-computers en-science ])) + (aspellWithDicts (dicts: with dicts; [de en en-computers en-science])) # utilities util-linux nmap lsof + # nix + alejandra + deadnix + statix + # local file sharing wormhole-rs @@ -142,1136 +149,1161 @@ # latex and related packages (pkgs.texlive.combine { - inherit (pkgs.texlive) scheme-full - dvisvgm dvipng # for preview and export as html - wrapfig amsmath ulem hyperref capt-of; + inherit + (pkgs.texlive) + scheme-full + dvisvgm + dvipng # for preview and export as html + wrapfig + amsmath + ulem + hyperref + capt-of + ; }) # font stuff - (nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly"]; }) + (nerdfonts.override {fonts = ["FiraMono" "FiraCode" "NerdFontsSymbolsOnly"];}) noto-fonts-emoji font-awesome_5 noto-fonts noto-fonts-cjk-sans -# cura -(let cura5 = appimageTools.wrapType2 rec { - name = "cura5"; - version = "5.4.0"; - src = fetchurl { - url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage"; - hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74="; - }; - extraPkgs = pkgs: with pkgs; [ ]; - }; in writeScriptBin "cura" '' - #! ${pkgs.bash}/bin/bash - # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. - # So we convert each of the files passed as argument to an absolute path. - # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`. - args=() - for a in "$@"; do - if [ -e "$a" ]; then - a="$(realpath "$a")" - fi - args+=("$a") - done - exec "${cura5}/bin/cura5" "''${args[@]}" - '') - - #E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state - (pkgs.writeShellScriptBin "e" '' - bash ~/.dotfiles/scripts/editor_nowait.sh "$@" - '') - (pkgs.writeShellScriptBin "timer" '' - sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done; - '') - - (pkgs.writeScriptBin "project" '' - #! ${pkgs.bash}/bin/bash - if [ "$1" == "rust" ]; then - cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix - cp ~/.dotfiles/templates/toolchain.toml . - elif [ "$1" == "cpp" ]; then - cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix - elif [ "$1" == "python" ]; then - cp ~/.dotfiles/templates/py_flake.nix ./flake.nix - elif [ "$1" == "cuda" ]; then - cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix - elif [ "$1" == "other" ]; then - cp ~/.dotfiles/templates/other_flake.nix ./flake.nix - elif [ "$1" == "latex" ]; then - if [ "$2" == "" ]; then - echo "No filename specified, usage: 'project latex '" - exit 0 - fi - cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex - exit 0 - else - echo "No valid argument given. Valid arguments are rust cpp python, cuda" - exit 0 - fi - echo "use flake" >> .envrc - direnv allow - '') - - (pkgs.writeShellApplication { - name = "pass-fuzzel"; - runtimeInputs = [ pkgs.pass pkgs.fuzzel ]; - text = '' - shopt -s nullglob globstar - - typeit=0 - if [[ $# -ge 1 && $1 == "--type" ]]; then - typeit=1 - shift - fi - - export PASSWORD_STORE_DIR=~/.local/share/password-store - prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} - password_files=( "$prefix"/**/*.gpg ) - password_files=( "''${password_files[@]#"$prefix"/}" ) - password_files=( "''${password_files[@]%.gpg}" ) - - password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") - - [[ -n $password ]] || exit - - if [[ $typeit -eq 0 ]]; then - pass show -c "$password" &>/tmp/pass-fuzzel - else - pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - - fi - notify-send -u critical -a pass -t 1000 "Copied/Typed Password" - ''; - }) - - (pkgs.writeShellApplication { - name = "pass-fuzzel-otp"; - runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [exts.pass-otp]))]; - text = '' - shopt -s nullglob globstar - - typeit=0 - if [[ $# -ge 1 && $1 == "--type" ]]; then - typeit=1 - shift - fi - - export PASSWORD_STORE_DIR=~/.local/share/password-store - prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} - password_files=( "$prefix"/otp/**/*.gpg ) - password_files=( "''${password_files[@]#"$prefix"/}" ) - password_files=( "''${password_files[@]%.gpg}" ) - - password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") - - [[ -n $password ]] || exit - - if [[ $typeit -eq 0 ]]; then - pass otp -c "$password" &>/tmp/pass-fuzzel - else - pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - - fi - notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword" - ''; - }) - - (pkgs.writeShellApplication { - name = "cdw"; - runtimeInputs = [ pkgs.fzf ]; - text = '' - cd "$(git worktree list | fzf | awk '{print $1}')" - ''; - }) + # cura + (let + cura5 = appimageTools.wrapType2 rec { + name = "cura5"; + version = "5.4.0"; + src = fetchurl { + url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage"; + hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74="; + }; + extraPkgs = pkgs: with pkgs; []; + }; + in + writeScriptBin "cura" '' + #! ${pkgs.bash}/bin/bash + # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. + # So we convert each of the files passed as argument to an absolute path. + # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`. + args=() + for a in "$@"; do + if [ -e "$a" ]; then + a="$(realpath "$a")" + fi + args+=("$a") + done + exec "${cura5}/bin/cura5" "''${args[@]}" + '') + + #E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state + (pkgs.writeShellScriptBin "e" '' + bash ~/.dotfiles/scripts/editor_nowait.sh "$@" + '') + (pkgs.writeShellScriptBin "timer" '' + sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done; + '') + + (pkgs.writeScriptBin "project" '' + #! ${pkgs.bash}/bin/bash + if [ "$1" == "rust" ]; then + cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix + cp ~/.dotfiles/templates/toolchain.toml . + elif [ "$1" == "cpp" ]; then + cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix + elif [ "$1" == "python" ]; then + cp ~/.dotfiles/templates/py_flake.nix ./flake.nix + elif [ "$1" == "cuda" ]; then + cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix + elif [ "$1" == "other" ]; then + cp ~/.dotfiles/templates/other_flake.nix ./flake.nix + elif [ "$1" == "latex" ]; then + if [ "$2" == "" ]; then + echo "No filename specified, usage: 'project latex '" + exit 0 + fi + cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex + exit 0 + else + echo "No valid argument given. Valid arguments are rust cpp python, cuda" + exit 0 + fi + echo "use flake" >> .envrc + direnv allow + '') + + (pkgs.writeShellApplication { + name = "pass-fuzzel"; + runtimeInputs = [pkgs.pass pkgs.fuzzel]; + text = '' + shopt -s nullglob globstar + + typeit=0 + if [[ $# -ge 1 && $1 == "--type" ]]; then + typeit=1 + shift + fi + + export PASSWORD_STORE_DIR=~/.local/share/password-store + prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} + password_files=( "$prefix"/**/*.gpg ) + password_files=( "''${password_files[@]#"$prefix"/}" ) + password_files=( "''${password_files[@]%.gpg}" ) + + password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") + + [[ -n $password ]] || exit + + if [[ $typeit -eq 0 ]]; then + pass show -c "$password" &>/tmp/pass-fuzzel + else + pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - + fi + notify-send -u critical -a pass -t 1000 "Copied/Typed Password" + ''; + }) - (pkgs.writeShellApplication { - name = "cdb"; - runtimeInputs = [ pkgs.fzf ]; - text = '' - git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')" - ''; - }) + (pkgs.writeShellApplication { + name = "pass-fuzzel-otp"; + runtimeInputs = [pkgs.fuzzel (pkgs.pass.withExtensions (exts: [exts.pass-otp]))]; + text = '' + shopt -s nullglob globstar + + typeit=0 + if [[ $# -ge 1 && $1 == "--type" ]]; then + typeit=1 + shift + fi + + export PASSWORD_STORE_DIR=~/.local/share/password-store + prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} + password_files=( "$prefix"/otp/**/*.gpg ) + password_files=( "''${password_files[@]#"$prefix"/}" ) + password_files=( "''${password_files[@]%.gpg}" ) + + password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") + + [[ -n $password ]] || exit + + if [[ $typeit -eq 0 ]]; then + pass otp -c "$password" &>/tmp/pass-fuzzel + else + pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - + fi + notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword" + ''; + }) - (pkgs.writeShellApplication { - name = "bak"; - text = '' - cp "$1"{,.bak} - ''; - }) - -]; - -sops = { - defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; - validateSopsFiles = false; - secrets = { - mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";}; - nautilus = {path = "/run/user/1000/secrets/nautilus";}; - leon = {path = "/run/user/1000/secrets/leon";}; - swarselmail = {path = "/run/user/1000/secrets/swarselmail";}; - caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";}; - }; -}; - -programs.ssh= { - enable = true; - extraConfig = "SetEnv TERM=xterm-256color"; - matchBlocks = { - "nginx" = { - hostname = "192.168.1.14"; - user = "root"; - }; - "jellyfin" = { - hostname = "192.168.1.16"; - user = "root"; - }; - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "proxmox" = { - hostname = "192.168.1.2"; - user = "root"; - }; - "transmission" = { - hostname = "192.168.1.6"; - user = "root"; - }; - "fetcher" = { - hostname = "192.168.1.7"; - user = "root"; - }; - "omv" = { - hostname = "192.168.1.3"; - user = "root"; - }; - "webbot" = { - hostname = "192.168.1.11"; - user = "root"; - }; - "nextcloud" = { - hostname = "192.168.1.5"; - user = "root"; - }; - "sound" = { - hostname = "192.168.1.13"; - user = "root"; - }; - "spotify" = { - hostname = "192.168.1.17"; - user = "root"; - }; - "wordpress" = { - hostname = "192.168.1.9"; - user = "root"; - }; - "turn" = { - hostname = "192.168.1.18"; - user = "root"; + (pkgs.writeShellApplication { + name = "cdw"; + runtimeInputs = [pkgs.fzf]; + text = '' + cd "$(git worktree list | fzf | awk '{print $1}')" + ''; + }) + + (pkgs.writeShellApplication { + name = "cdb"; + runtimeInputs = [pkgs.fzf]; + text = '' + git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')" + ''; + }) + + (pkgs.writeShellApplication { + name = "bak"; + text = '' + cp "$1"{,.bak} + ''; + }) + ]; + + sops = { + defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; + validateSopsFiles = false; + secrets = { + mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";}; + nautilus = {path = "/run/user/1000/secrets/nautilus";}; + leon = {path = "/run/user/1000/secrets/leon";}; + swarselmail = {path = "/run/user/1000/secrets/swarselmail";}; + caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";}; }; - "hugo" = { - hostname = "192.168.1.19"; - user = "root"; + }; + + programs.ssh = { + enable = true; + extraConfig = "SetEnv TERM=xterm-256color"; + matchBlocks = { + "nginx" = { + hostname = "192.168.1.14"; + user = "root"; + }; + "jellyfin" = { + hostname = "192.168.1.16"; + user = "root"; + }; + "pfsense" = { + hostname = "192.168.1.1"; + user = "root"; + }; + "proxmox" = { + hostname = "192.168.1.2"; + user = "root"; + }; + "transmission" = { + hostname = "192.168.1.6"; + user = "root"; + }; + "fetcher" = { + hostname = "192.168.1.7"; + user = "root"; + }; + "omv" = { + hostname = "192.168.1.3"; + user = "root"; + }; + "webbot" = { + hostname = "192.168.1.11"; + user = "root"; + }; + "nextcloud" = { + hostname = "192.168.1.5"; + user = "root"; + }; + "sound" = { + hostname = "192.168.1.13"; + user = "root"; + }; + "spotify" = { + hostname = "192.168.1.17"; + user = "root"; + }; + "wordpress" = { + hostname = "192.168.1.9"; + user = "root"; + }; + "turn" = { + hostname = "192.168.1.18"; + user = "root"; + }; + "hugo" = { + hostname = "192.168.1.19"; + user = "root"; + }; + "matrix" = { + hostname = "192.168.1.23"; + user = "root"; + }; + "scroll" = { + hostname = "192.168.1.22"; + user = "root"; + }; + "minecraft" = { + hostname = "130.61.119.129"; + user = "opc"; + }; + "sync" = { + hostname = "193.122.53.173"; + user = "root"; #this is a oracle vm server but needs root due to nixos-infect + }; + "pkv" = { + hostname = "46.232.248.161"; + user = "root"; + }; + "nebula" = { + hostname = "128.131.171.15"; + user = "amp23s56"; + compression = true; + identityFile = "~/.ssh/id_ed25519"; + proxyCommand = "ssh -p 1022 -i ~/.ssh/id_ed25519 -q -W %h:%p %r@venus.par.tuwien.ac.at"; + extraOptions = { + "TCPKeepAlive" = "yes"; + }; + }; + "efficient" = { + hostname = "g0.complang.tuwien.ac.at"; + forwardAgent = true; + user = "ep01427399"; + + # leaving the below lines in for future reference + + # remoteForwards = [ + # { + # bind.address = "/run/user/21217/gnupg/S.gpg-agent"; + # host.address = "/run/user/1000/gnupg/S.gpg-agent.extra"; + # } + # { + # bind.address = "/run/user/21217/gnupg/S.gpg-agent.ssh"; + # host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh"; + # } + # ]; + # extraOptions = { + # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra"; + # "StreamLocalBindUnlink" = "yes"; + # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent.ssh /run/user/1000/gnupg/S.gpg-agent.ssh"; + # }; + # setEnv = { + # "TERM" = "xterm"; + # }; + }; + "hydra" = { + hostname = "128.131.171.215"; + user = "hpc23w33"; + compression = true; + forwardAgent = true; + # identityFile = "~/.ssh/id_tuwien_hpc"; + # proxyCommand = "ssh -p 1022 -i ~/.ssh/id_tuwien_hpc -q -W %h:%p %r@venus.par.tuwien.ac.at"; + proxyCommand = "ssh -p 1022 -q -W %h:%p %r@venus.par.tuwien.ac.at"; + extraOptions = { + "TCPKeepAlive" = "yes"; + }; + }; }; - "matrix" = { - hostname = "192.168.1.23"; - user = "root"; + }; + + stylix.targets.emacs.enable = false; + + xdg.desktopEntries = { + cura = { + name = "Ultimaker Cura"; + genericName = "Cura"; + exec = "cura"; + terminal = false; + categories = ["Application"]; }; - "scroll" = { - hostname = "192.168.1.22"; - user = "root"; + + anki = { + name = "Anki Flashcards"; + genericName = "Anki"; + exec = "anki"; + terminal = false; + categories = ["Application"]; }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; + + # schlidichat = { + # name = "SchildiChat Matrix Client"; + # genericName = "SchildiChat"; + # exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; + # terminal = false; + # categories = [ "Application"]; + # }; + + element = { + name = "Element Matrix Client"; + genericName = "Element"; + exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; + terminal = false; + categories = ["Application"]; }; - "sync" = { - hostname = "193.122.53.173"; - user = "root"; #this is a oracle vm server but needs root due to nixos-infect + + emacsclient-newframe = { + name = "Emacs (Client, New Frame)"; + genericName = "Emacs (Client, New Frame)"; + exec = "emacsclient -r %u"; + icon = "emacs"; + terminal = false; + categories = ["Development" "TextEditor"]; }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; + }; + + home.file = { + "init.el" = { + source = ../../programs/emacs/init.el; + target = ".emacs.d/init.el"; }; - "nebula" = { - hostname = "128.131.171.15"; - user = "amp23s56"; - compression = true; - identityFile = "~/.ssh/id_ed25519"; - proxyCommand = "ssh -p 1022 -i ~/.ssh/id_ed25519 -q -W %h:%p %r@venus.par.tuwien.ac.at"; - extraOptions = { - "TCPKeepAlive" = "yes"; - }; + "early-init.el" = { + source = ../../programs/emacs/early-init.el; + target = ".emacs.d/early-init.el"; }; - "efficient" = { - hostname = "g0.complang.tuwien.ac.at"; - forwardAgent = true; - user = "ep01427399"; - - # leaving the below lines in for future reference - - # remoteForwards = [ - # { - # bind.address = "/run/user/21217/gnupg/S.gpg-agent"; - # host.address = "/run/user/1000/gnupg/S.gpg-agent.extra"; - # } - # { - # bind.address = "/run/user/21217/gnupg/S.gpg-agent.ssh"; - # host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh"; - # } - # ]; - # extraOptions = { - # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra"; - # "StreamLocalBindUnlink" = "yes"; - # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent.ssh /run/user/1000/gnupg/S.gpg-agent.ssh"; - # }; - # setEnv = { - # "TERM" = "xterm"; - # }; + # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually + ".aspell.conf" = { + source = ../../programs/config/.aspell.conf; + target = ".aspell.conf"; }; - "hydra" = { - hostname = "128.131.171.215"; - user = "hpc23w33"; - compression = true; - forwardAgent = true; - # identityFile = "~/.ssh/id_tuwien_hpc"; - # proxyCommand = "ssh -p 1022 -i ~/.ssh/id_tuwien_hpc -q -W %h:%p %r@venus.par.tuwien.ac.at"; - proxyCommand = "ssh -p 1022 -q -W %h:%p %r@venus.par.tuwien.ac.at"; - extraOptions = { - "TCPKeepAlive" = "yes"; - }; + ".gitmessage" = { + source = ../../programs/git/.gitmessage; + target = ".gitmessage"; }; }; -}; - -stylix.targets.emacs.enable = false; -xdg.desktopEntries = { - - cura = { - name = "Ultimaker Cura"; - genericName = "Cura"; - exec = "cura"; - terminal = false; - categories = [ "Application"]; + xdg.configFile = { + "tridactyl/tridactylrc".source = ../../programs/firefox/tridactyl/tridactylrc; + "tridactyl/themes/base16-codeschool.css".source = ../../programs/firefox/tridactyl/themes/base16-codeschool.css; }; - anki = { - name = "Anki Flashcards"; - genericName = "Anki"; - exec = "anki"; - terminal = false; - categories = [ "Application"]; + home.sessionVariables = { + EDITOR = "bash ~/.dotfiles/scripts/editor.sh"; }; - # schlidichat = { - # name = "SchildiChat Matrix Client"; - # genericName = "SchildiChat"; - # exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; - # terminal = false; - # categories = [ "Application"]; - # }; - - element = { - name = "Element Matrix Client"; - genericName = "Element"; - exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; - terminal = false; - categories = [ "Application"]; + programs = { + bottom.enable = true; + imv.enable = true; + sioyek.enable = true; + bat.enable = true; + carapace.enable = true; + wlogout.enable = true; + swayr.enable = true; + yt-dlp.enable = true; + mpv.enable = true; + jq.enable = true; + nix-index.enable = true; + ripgrep.enable = true; + pandoc.enable = true; + fzf.enable = true; + zoxide.enable = true; }; - emacsclient-newframe = { - name = "Emacs (Client, New Frame)"; - genericName = "Emacs (Client, New Frame)"; - exec = "emacsclient -r %u"; - icon = "emacs"; - terminal = false; - categories = [ "Development" "TextEditor"]; + programs.password-store = { + enable = true; + package = pkgs.pass.withExtensions (exts: [exts.pass-otp]); }; -}; - -home.file = { - "init.el" = { - source = ../../programs/emacs/init.el; - target = ".emacs.d/init.el"; - }; - "early-init.el" = { - source = ../../programs/emacs/early-init.el; - target = ".emacs.d/early-init.el"; - }; - # on NixOS, Emacs does not find the aspell dicts easily. Write the configuration manually - ".aspell.conf" = { - source = ../../programs/config/.aspell.conf; - target = ".aspell.conf"; - }; - ".gitmessage" = { - source = ../../programs/git/.gitmessage; - target = ".gitmessage"; - }; -}; - -xdg.configFile = { - "tridactyl/tridactylrc".source = ../../programs/firefox/tridactyl/tridactylrc; - "tridactyl/themes/base16-codeschool.css".source = ../../programs/firefox/tridactyl/themes/base16-codeschool.css; -}; - -home.sessionVariables = { - EDITOR = "bash ~/.dotfiles/scripts/editor.sh"; -}; - -programs = { - bottom.enable = true; - imv.enable = true; - sioyek.enable = true; - bat.enable = true; - carapace.enable = true; - wlogout.enable = true; - swayr.enable = true; - yt-dlp.enable = true; - mpv.enable = true; - jq.enable = true; - nix-index.enable = true; - ripgrep.enable = true; - pandoc.enable = true; - fzf.enable = true; - zoxide.enable = true; -}; - -programs.password-store = { - enable = true; - package = pkgs.pass.withExtensions (exts: [exts.pass-otp]); -}; - -programs.direnv = { - enable = true; - nix-direnv.enable = true; -}; - -programs.eza = { - enable = true; - icons = true; - git = true; - extraOptions = [ - "-l" - "--group-directories-first" - ]; -}; - -programs.git = { - enable = true; - aliases = { - a = "add"; - c = "commit"; - cl = "clone"; - co = "checkout"; - b = "branch"; - i = "init"; - m = "merge"; - s = "status"; - r = "restore"; - p = "pull"; - pp = "push"; + programs.direnv = { + enable = true; + nix-direnv.enable = true; }; - signing = { - key = "0x76FD3810215AE097"; - signByDefault = true; + + programs.eza = { + enable = true; + icons = true; + git = true; + extraOptions = [ + "-l" + "--group-directories-first" + ]; }; - userEmail = "leon.schwarzaeugl@gmail.com"; - userName = "Swarsel"; - difftastic.enable = true; - lfs.enable = true; - includes = [ - { - contents = { - github = { - user = "Swarsel"; - }; - commit = { - template = "~/.gitmessage"; + + programs.git = { + enable = true; + aliases = { + a = "add"; + c = "commit"; + cl = "clone"; + co = "checkout"; + b = "branch"; + i = "init"; + m = "merge"; + s = "status"; + r = "restore"; + p = "pull"; + pp = "push"; + }; + signing = { + key = "0x76FD3810215AE097"; + signByDefault = true; + }; + userEmail = "leon.schwarzaeugl@gmail.com"; + userName = "Swarsel"; + difftastic.enable = true; + lfs.enable = true; + includes = [ + { + contents = { + github = { + user = "Swarsel"; + }; + commit = { + template = "~/.gitmessage"; + }; }; + } + ]; + }; + + programs.fuzzel = { + enable = true; + settings = { + main = { + layer = "overlay"; + lines = "10"; + width = "40"; }; - } - ]; -}; - -programs.fuzzel = { - enable = true; - settings = { - main = { - layer = "overlay"; - lines = "10"; - width = "40"; + border.radius = "0"; }; - border.radius = "0"; }; -}; - -programs.starship = { - enable = true; - enableZshIntegration = true; - settings = { - add_newline = false; - format = "$character"; - right_format = "$all"; - command_timeout = 3000; - - directory.substitutions = { - "Documents" = "󰈙 "; - "Downloads" = " "; - "Music" = " "; - "Pictures" = " "; - }; - git_status = { - style = "bg:#394260"; - format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)"; - }; + programs.starship = { + enable = true; + enableZshIntegration = true; + settings = { + add_newline = false; + format = "$character"; + right_format = "$all"; + command_timeout = 3000; + + directory.substitutions = { + "Documents" = "󰈙 "; + "Downloads" = " "; + "Music" = " "; + "Pictures" = " "; + }; - character = { - success_symbol = "[λ](bold green)"; - error_symbol = "[λ](bold red)"; - }; + git_status = { + style = "bg:#394260"; + format = "[[($all_status$ahead_behind )](fg:#769ff0 bg:#394260)]($style)"; + }; + + character = { + success_symbol = "[λ](bold green)"; + error_symbol = "[λ](bold red)"; + }; + + aws.symbol = " "; + buf.symbol = " "; + c.symbol = " "; + conda.symbol = " "; + dart.symbol = " "; + directory.read_only = " 󰌾"; + docker_context.symbol = " "; + elixir.symbol = " "; + elm.symbol = " "; + fossil_branch.symbol = " "; + git_branch.symbol = " "; + golang.symbol = " "; + guix_shell.symbol = " "; + haskell.symbol = " "; + haxe.symbol = " "; + hg_branch.symbol = " "; + hostname.ssh_symbol = " "; + java.symbol = " "; + julia.symbol = " "; + lua.symbol = " "; + memory_usage.symbol = "󰍛 "; + meson.symbol = "󰔷 "; + nim.symbol = "󰆥 "; + nix_shell.symbol = " "; + nodejs.symbol = " "; + + os.symbols = { + Alpaquita = " "; + Alpine = " "; + Amazon = " "; + Android = " "; + Arch = " "; + Artix = " "; + CentOS = " "; + Debian = " "; + DragonFly = " "; + Emscripten = " "; + EndeavourOS = " "; + Fedora = " "; + FreeBSD = " "; + Garuda = "󰛓 "; + Gentoo = " "; + HardenedBSD = "󰞌 "; + Illumos = "󰈸 "; + Linux = " "; + Mabox = " "; + Macos = " "; + Manjaro = " "; + Mariner = " "; + MidnightBSD = " "; + Mint = " "; + NetBSD = " "; + NixOS = " "; + OpenBSD = "󰈺 "; + openSUSE = " "; + OracleLinux = "󰌷 "; + Pop = " "; + Raspbian = " "; + Redhat = " "; + RedHatEnterprise = " "; + Redox = "󰀘 "; + Solus = "󰠳 "; + SUSE = " "; + Ubuntu = " "; + Unknown = " "; + Windows = "󰍲 "; + }; - aws.symbol = " "; - buf.symbol = " "; - c.symbol = " "; - conda.symbol = " "; - dart.symbol = " "; - directory.read_only = " 󰌾"; - docker_context.symbol = " "; - elixir.symbol = " "; - elm.symbol = " "; - fossil_branch.symbol = " "; - git_branch.symbol = " "; - golang.symbol = " "; - guix_shell.symbol = " "; - haskell.symbol = " "; - haxe.symbol = " "; - hg_branch.symbol = " "; - hostname.ssh_symbol = " "; - java.symbol = " "; - julia.symbol = " "; - lua.symbol = " "; - memory_usage.symbol = "󰍛 "; - meson.symbol = "󰔷 "; - nim.symbol = "󰆥 "; - nix_shell.symbol = " "; - nodejs.symbol = " "; - - os.symbols = { - Alpaquita = " "; - Alpine = " "; - Amazon = " "; - Android = " "; - Arch = " "; - Artix = " "; - CentOS = " "; - Debian = " "; - DragonFly = " "; - Emscripten = " "; - EndeavourOS = " "; - Fedora = " "; - FreeBSD = " "; - Garuda = "󰛓 "; - Gentoo = " "; - HardenedBSD = "󰞌 "; - Illumos = "󰈸 "; - Linux = " "; - Mabox = " "; - Macos = " "; - Manjaro = " "; - Mariner = " "; - MidnightBSD = " "; - Mint = " "; - NetBSD = " "; - NixOS = " "; - OpenBSD = "󰈺 "; - openSUSE = " "; - OracleLinux = "󰌷 "; - Pop = " "; - Raspbian = " "; - Redhat = " "; - RedHatEnterprise = " "; - Redox = "󰀘 "; - Solus = "󰠳 "; - SUSE = " "; - Ubuntu = " "; - Unknown = " "; - Windows = "󰍲 "; + package.symbol = "󰏗 "; + pijul_channel.symbol = " "; + python.symbol = " "; + rlang.symbol = "󰟔 "; + ruby.symbol = " "; + rust.symbol = " "; + scala.symbol = " "; }; + }; - package.symbol = "󰏗 "; - pijul_channel.symbol = " "; - python.symbol = " "; - rlang.symbol = "󰟔 "; - ruby.symbol = " "; - rust.symbol = " "; - scala.symbol = " "; + programs.kitty = { + enable = true; + keybindings = { + "ctrl+shift+left" = "no_op"; + "ctrl+shift+right" = "no_op"; + "ctrl+shift+home" = "no_op"; + "ctrl+shift+end" = "no_op"; + }; }; -}; - -programs.kitty = { - enable = true; - keybindings = { - "ctrl+shift+left" = "no_op"; - "ctrl+shift+right" = "no_op"; - "ctrl+shift+home" = "no_op"; - "ctrl+shift+end" = "no_op"; + + programs.zsh = { + enable = true; + shellAliases = { + hg = "history | grep"; + hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;"; + nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; + edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org"; + magit = "emacsclient -nc -e \"(magit-status)\""; + config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; + g = "git"; + c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; + passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; + passpull = "cd ~/.local/share/password-store; git pull; cd -;"; + hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; + cd = "z"; + cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; + }; + autosuggestion.enable = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + autocd = false; + cdpath = [ + "~/.dotfiles" + # "~/Documents/GitHub" + ]; + defaultKeymap = "emacs"; + dirHashes = { + dl = "$HOME/Downloads"; + gh = "$HOME/Documents/GitHub"; + }; + history = { + expireDuplicatesFirst = true; + path = "$HOME/.histfile"; + save = 10000; + size = 10000; + }; + historySubstringSearch.enable = true; + plugins = [ + { + name = "fzf-tab"; + src = pkgs.zsh-fzf-tab; + } + ]; + initExtra = '' + bindkey "^[[1;5D" backward-word + bindkey "^[[1;5C" forward-word + ''; }; -}; - -programs.zsh = { - enable = true; - shellAliases = { - hg = "history | grep"; - hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;"; - nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; - edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org"; - magit = "emacsclient -nc -e \"(magit-status)\""; - config="git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; - g="git"; - c="git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; - passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; - passpull = "cd ~/.local/share/password-store; git pull; cd -;"; - hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; - cd="z"; - cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; + + programs.mbsync = { + enable = true; }; - autosuggestion.enable = true; - enableCompletion = true; - syntaxHighlighting.enable = true; - autocd = false; - cdpath = [ - "~/.dotfiles" - # "~/Documents/GitHub" - ]; - defaultKeymap = "emacs"; - dirHashes = { - dl = "$HOME/Downloads"; - gh = "$HOME/Documents/GitHub"; + # this is needed so that mbsync can use the passwords from sops + systemd.user.services.mbsync.Unit.After = ["sops-nix.service"]; + + programs.msmtp = { + enable = true; }; - history = { - expireDuplicatesFirst = true; - path = "$HOME/.histfile"; - save = 10000; - size = 10000; + + programs.mu = { + enable = true; }; - historySubstringSearch.enable = true; - plugins = [ - { - name = "fzf-tab"; - src = pkgs.zsh-fzf-tab; - } - ]; - initExtra = '' - bindkey "^[[1;5D" backward-word - bindkey "^[[1;5C" forward-word - ''; -}; - -programs.mbsync = { - enable = true; -}; -# this is needed so that mbsync can use the passwords from sops -systemd.user.services.mbsync.Unit.After = [ "sops-nix.service" ]; - -programs.msmtp = { - enable = true; -}; - -programs.mu = { - enable = true; -}; - -accounts.email = { - maildirBasePath = "Mail"; - accounts.leon = { - primary = true; - address = "leon.schwarzaeugl@gmail.com"; - userName = "leon.schwarzaeugl@gmail.com"; - realName = "Leon Schwarzäugl"; - passwordCommand = "cat ${config.sops.secrets.leon.path}"; - # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/leon.schwarzaeugl@gmail.com.gpg"; - gpg = { - key = "0x76FD3810215AE097"; - signByDefault = true; - }; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - mu.enable = true; - msmtp = { - enable = true; - }; - mbsync = { - enable = true; - create= "maildir"; - expunge = "both"; - patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; + + accounts.email = { + maildirBasePath = "Mail"; + accounts.leon = { + primary = true; + address = "leon.schwarzaeugl@gmail.com"; + userName = "leon.schwarzaeugl@gmail.com"; + realName = "Leon Schwarzäugl"; + passwordCommand = "cat ${config.sops.secrets.leon.path}"; + # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/leon.schwarzaeugl@gmail.com.gpg"; + gpg = { + key = "0x76FD3810215AE097"; + signByDefault = true; + }; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + mu.enable = true; + msmtp = { + enable = true; + }; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; }; }; }; - }; - accounts.swarsel = { - address = "leon@swarsel.win"; - userName = "8227dc594dd515ce232eda1471cb9a19"; - realName = "Leon Schwarzäugl"; - passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; - smtp = { - host = "in-v3.mailjet.com"; - port = 587; - tls = { + accounts.swarsel = { + address = "leon@swarsel.win"; + userName = "8227dc594dd515ce232eda1471cb9a19"; + realName = "Leon Schwarzäugl"; + passwordCommand = "cat ${config.sops.secrets.swarselmail.path}"; + smtp = { + host = "in-v3.mailjet.com"; + port = 587; + tls = { + enable = true; + useStartTls = true; + }; + }; + mu.enable = false; + msmtp = { enable = true; - useStartTls = true; + }; + mbsync = { + enable = false; }; }; - mu.enable = false; - msmtp = { - enable = true; - }; - mbsync = { - enable = false; - }; - }; - accounts.nautilus = { - primary = false; - address = "nautilus.dw@gmail.com"; - userName = "nautilus.dw@gmail.com"; - realName = "Nautilus"; - passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; - # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/nautilus.dw@gmail.com.gpg"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create= "maildir"; - expunge = "both"; - patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; + accounts.nautilus = { + primary = false; + address = "nautilus.dw@gmail.com"; + userName = "nautilus.dw@gmail.com"; + realName = "Nautilus"; + passwordCommand = "cat ${config.sops.secrets.nautilus.path}"; + # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/nautilus.dw@gmail.com.gpg"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + msmtp.enable = true; + mu.enable = true; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; }; }; }; - }; - accounts.mrswarsel = { - primary = false; - address = "mrswarsel@gmail.com"; - userName = "mrswarsel@gmail.com"; - realName = "Swarsel"; - # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/mrswarsel@gmail.com.gpg"; - passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; - imap.host = "imap.gmail.com"; - smtp.host = "smtp.gmail.com"; - msmtp.enable = true; - mu.enable = true; - mbsync = { - enable = true; - create= "maildir"; - expunge = "both"; - patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; - extraConfig = { - channel = { - Sync = "All"; - }; - account = { - Timeout = 120; - PipelineDepth = 1; + accounts.mrswarsel = { + primary = false; + address = "mrswarsel@gmail.com"; + userName = "mrswarsel@gmail.com"; + realName = "Swarsel"; + # passwordCommand = "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.local/share/password-store/mail/mbsync/mrswarsel@gmail.com.gpg"; + passwordCommand = "cat ${config.sops.secrets.mrswarsel.path}"; + imap.host = "imap.gmail.com"; + smtp.host = "smtp.gmail.com"; + msmtp.enable = true; + mu.enable = true; + mbsync = { + enable = true; + create = "maildir"; + expunge = "both"; + patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; + extraConfig = { + channel = { + Sync = "All"; + }; + account = { + Timeout = 120; + PipelineDepth = 1; + }; }; }; }; }; -}; - -# enable emacs overlay for bleeding edge features -# also read init.el file and install use-package packages -programs.emacs = { - enable = true; - package = pkgs.emacsWithPackagesFromUsePackage { - config = ../../programs/emacs/init.el; - package = pkgs.emacs-pgtk; - alwaysEnsure = true; - alwaysTangle = true; - extraEmacsPackages = epkgs: [ - epkgs.mu4e - epkgs.use-package - # epkgs.lsp-bridge - epkgs.doom-themes - - # build the rest of the packages myself - # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup - # build the package from the haji-ali fork, which is well-maintained - (epkgs.trivialBuild rec { - pname = "calfw"; - version = "1.0.0-20231002"; - src = pkgs.fetchFromGitHub { - owner = "haji-ali"; - repo = "emacs-calfw"; - rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; - hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; - }; - packageRequires = [ epkgs.howm ]; - }) - - (epkgs.trivialBuild rec { - pname = "fast-scroll"; - version = "1.0.0-20191016"; - src = pkgs.fetchFromGitHub { - owner = "ahungry"; - repo = "fast-scroll"; - rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; - hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; - }; - packageRequires = []; - }) - ]; + # enable emacs overlay for bleeding edge features + # also read init.el file and install use-package packages + programs.emacs = { + enable = true; + package = pkgs.emacsWithPackagesFromUsePackage { + config = ../../programs/emacs/init.el; + package = pkgs.emacs-pgtk; + alwaysEnsure = true; + alwaysTangle = true; + extraEmacsPackages = epkgs: [ + epkgs.mu4e + epkgs.use-package + # epkgs.lsp-bridge + epkgs.doom-themes + + # build the rest of the packages myself + # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup + # build the package from the haji-ali fork, which is well-maintained + (epkgs.trivialBuild rec { + pname = "calfw"; + version = "1.0.0-20231002"; + src = pkgs.fetchFromGitHub { + owner = "haji-ali"; + repo = "emacs-calfw"; + rev = "bc99afee611690f85f0cd0bd33300f3385ddd3d3"; + hash = "sha256-0xMII1KJhTBgQ57tXJks0ZFYMXIanrOl9XyqVmu7a7Y="; + }; + packageRequires = [epkgs.howm]; + }) + + (epkgs.trivialBuild rec { + pname = "fast-scroll"; + version = "1.0.0-20191016"; + src = pkgs.fetchFromGitHub { + owner = "ahungry"; + repo = "fast-scroll"; + rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; + hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; + }; + packageRequires = []; + }) + ]; + }; }; -}; - -programs.waybar = { - - enable = true; - # systemd.enable = true; - settings = { - mainBar = { - layer = "top"; - position = "top"; - modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window"]; - modules-center = [ "sway/mode" "custom/configwarn" ]; - "sway/mode" = { - format = "{}"; - }; - "custom/configwarn" = { - exec= "bash ~/.dotfiles/scripts/checkconfigstatus.sh"; - interval= 60; - }; + programs.waybar = { + enable = true; + # systemd.enable = true; + settings = { + mainBar = { + layer = "top"; + position = "top"; + modules-left = ["sway/workspaces" "custom/outer-right-arrow-dark" "sway/window"]; + modules-center = ["sway/mode" "custom/configwarn"]; + "sway/mode" = { + format = "{}"; + }; - "group/hardware" = { - orientation = "inherit"; - drawer = { - "transition-left-to-right" = false; + "custom/configwarn" = { + exec = "bash ~/.dotfiles/scripts/checkconfigstatus.sh"; + interval = 60; }; - modules = [ - "tray" - "temperature" - "power-profiles-daemon" - "custom/left-arrow-light" - "disk" - "custom/left-arrow-dark" - "memory" - "custom/left-arrow-light" - "cpu" - "custom/left-arrow-dark" - ]; - }; - power-profiles-daemon = { - format= "{icon}"; - tooltip-format= "Power profile: {profile}\nDriver: {driver}"; - tooltip= true; - format-icons= { - "default"= ""; - "performance"= ""; - "balanced"= ""; - "power-saver"= ""; + "group/hardware" = { + orientation = "inherit"; + drawer = { + "transition-left-to-right" = false; + }; + modules = [ + "tray" + "temperature" + "power-profiles-daemon" + "custom/left-arrow-light" + "disk" + "custom/left-arrow-dark" + "memory" + "custom/left-arrow-light" + "cpu" + "custom/left-arrow-dark" + ]; }; - }; - temperature = { - critical-threshold = 80; - format-critical = " {temperatureC}°C"; - format = " {temperatureC}°C"; + power-profiles-daemon = { + format = "{icon}"; + tooltip-format = "Power profile: {profile}\nDriver: {driver}"; + tooltip = true; + format-icons = { + "default" = ""; + "performance" = ""; + "balanced" = ""; + "power-saver" = ""; + }; + }; - }; + temperature = { + critical-threshold = 80; + format-critical = " {temperatureC}°C"; + format = " {temperatureC}°C"; + }; - mpris = { - format= "{player_icon} {title} [{position}/{length}]"; - format-paused= "{player_icon} {title} [{position}/{length}]"; - player-icons= { - "default" = "▶ "; - "mpv" = "🎵 "; - "spotify" = " "; + mpris = { + format = "{player_icon} {title} [{position}/{length}]"; + format-paused = "{player_icon} {title} [{position}/{length}]"; + player-icons = { + "default" = "▶ "; + "mpv" = "🎵 "; + "spotify" = " "; + }; + status-icons = { + "paused" = " "; + }; + interval = 1; + title-len = 20; + artist-len = 20; + album-len = 10; }; - status-icons= { - "paused"= " "; + "custom/left-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/outer-left-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/left-arrow-light" = { + format = ""; + tooltip = false; + }; + "custom/right-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/outer-right-arrow-dark" = { + format = ""; + tooltip = false; + }; + "custom/right-arrow-light" = { + format = ""; + tooltip = false; + }; + "sway/workspaces" = { + disable-scroll = true; + format = "{name}"; }; - interval = 1; - title-len = 20; - artist-len = 20; - album-len = 10; - }; - "custom/left-arrow-dark" = { - format = ""; - tooltip = false; - }; - "custom/outer-left-arrow-dark"= { - format = ""; - tooltip = false; - }; - "custom/left-arrow-light"= { - format= ""; - tooltip= false; - }; - "custom/right-arrow-dark"= { - format= ""; - tooltip= false; - }; - "custom/outer-right-arrow-dark"= { - format= ""; - tooltip= false; - }; - "custom/right-arrow-light"= { - format= ""; - tooltip= false; - }; - "sway/workspaces"= { - disable-scroll= true; - format= "{name}"; - }; - "clock#1"= { - min-length= 8; - interval= 1; - format= "{:%H:%M:%S}"; - # on-click-right= "gnome-clocks"; - tooltip-format= "{:%Y %B}\n{calendar}"; - }; + "clock#1" = { + min-length = 8; + interval = 1; + format = "{:%H:%M:%S}"; + # on-click-right= "gnome-clocks"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; - "clock#2"= { - format= "{:%d. %B %Y}"; - # on-click-right= "gnome-clocks"; - tooltip-format= "{:%Y %B}\n{calendar}"; - }; + "clock#2" = { + format = "{:%d. %B %Y}"; + # on-click-right= "gnome-clocks"; + tooltip-format = "{:%Y %B}\n{calendar}"; + }; - pulseaudio= { - format= "{icon} {volume:2}%"; - format-bluetooth= "{icon} {volume}%"; - format-muted= "MUTE"; - format-icons= { - headphones= ""; - default= [ - "" - "" + pulseaudio = { + format = "{icon} {volume:2}%"; + format-bluetooth = "{icon} {volume}%"; + format-muted = "MUTE"; + format-icons = { + headphones = ""; + default = [ + "" + "" + ]; + }; + scroll-step = 1; + on-click = "pamixer -t"; + on-click-right = "pavucontrol"; + }; + memory = { + interval = 5; + format = " {}%"; + tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; + }; + cpu = { + min-length = 6; + interval = 5; + format-icons = ["▁" "▂" "▃" "▄" "▅" "▆" "▇" "█"]; + # on-click-right= "com.github.stsdc.monitor"; + on-click-right = "kitty -o confirm_os_window_close=0 btm"; + }; + battery = { + states = { + "warning" = 60; + "error" = 30; + "critical" = 15; + }; + interval = 5; + format = "{icon} {capacity}%"; + format-charging = "{capacity}% "; + format-plugged = "{capacity}% "; + format-icons = [ + "" + "" + "" + "" + "" ]; + on-click-right = "wlogout -p layer-shell"; }; - scroll-step= 1; - on-click= "pamixer -t"; - on-click-right= "pavucontrol"; - }; - memory= { - interval= 5; - format= " {}%"; - tooltip-format= "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; - }; - cpu= { - min-length= 6; - interval= 5; - format-icons = ["▁" "▂" "▃" "▄" "▅" "▆" "▇" "█"]; - # on-click-right= "com.github.stsdc.monitor"; - on-click-right= "kitty -o confirm_os_window_close=0 btm"; - - }; - battery= { - states= { - "warning"= 60; - "error"= 30; - "critical"= 15; + disk = { + interval = 30; + format = "Disk {percentage_used:2}%"; + path = "/"; + states = { + "warning" = 80; + "critical" = 90; + }; + tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; }; - interval=5; - format= "{icon} {capacity}%"; - format-charging= "{capacity}% "; - format-plugged= "{capacity}% "; - format-icons= [ - "" - "" - "" - "" - "" - ]; - on-click-right= "wlogout -p layer-shell"; - }; - disk= { - interval= 30; - format= "Disk {percentage_used:2}%"; - path= "/"; - states= { - "warning"= 80; - "critical"= 90; + tray = { + icon-size = 20; + }; + network = { + interval = 5; + format-wifi = "{signalStrength}% "; + format-ethernet = ""; + format-linked = "{ifname} (No IP) "; + format-disconnected = "Disconnected ⚠"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; + tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; }; - tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; - }; - tray= { - icon-size= 20; - }; - network= { - interval = 5; - format-wifi= "{signalStrength}% "; - format-ethernet= ""; - format-linked= "{ifname} (No IP) "; - format-disconnected= "Disconnected ⚠"; - format-alt= "{ifname}: {ipaddr}/{cidr}"; - tooltip-format-ethernet= "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; - tooltip-format-wifi= "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; }; }; + style = builtins.readFile ../../programs/waybar/style.css; }; - style = builtins.readFile ../../programs/waybar/style.css; -}; - -programs.firefox = { - enable = true; - package = pkgs.firefox.override { - nativeMessagingHosts = [ - pkgs.tridactyl-native - pkgs.browserpass - pkgs.plasma5Packages.plasma-browser-integration - ]; - }; - policies = { - CaptivePortal = false; - DisableFirefoxStudies = true; - DisablePocket = true; - DisableTelemetry = true; - DisableFirefoxAccounts = false; - NoDefaultBookmarks = true; - OfferToSaveLogins = false; - OfferToSaveLoginsDefault = false; - EnableTrackingProtection = true; - }; - profiles.default = { - isDefault = true; - userChrome = builtins.readFile ../../programs/firefox/chrome/userChrome.css; - extensions = with pkgs.nur.repos.rycee.firefox-addons; [ - tridactyl - browserpass - clearurls - darkreader - enhancer-for-youtube - istilldontcareaboutcookies - translate-web-pages - ublock-origin - reddit-enhancement-suite - pushbullet - sponsorblock - web-archives - single-file - widegithub - enhanced-github - unpaywall - don-t-fuck-with-paste - plasma-integration - ]; - search.engines = { - "Nix Packages" = { - urls = [{ - template = "https://search.nixos.org/packages"; - params = [ - { name = "type"; value = "packages"; } - { name = "query"; value = "{searchTerms}"; } + programs.firefox = { + enable = true; + package = pkgs.firefox.override { + nativeMessagingHosts = [ + pkgs.tridactyl-native + pkgs.browserpass + pkgs.plasma5Packages.plasma-browser-integration + ]; + }; + policies = { + CaptivePortal = false; + DisableFirefoxStudies = true; + DisablePocket = true; + DisableTelemetry = true; + DisableFirefoxAccounts = false; + NoDefaultBookmarks = true; + OfferToSaveLogins = false; + OfferToSaveLoginsDefault = false; + EnableTrackingProtection = true; + }; + profiles.default = { + isDefault = true; + userChrome = builtins.readFile ../../programs/firefox/chrome/userChrome.css; + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + tridactyl + browserpass + clearurls + darkreader + enhancer-for-youtube + istilldontcareaboutcookies + translate-web-pages + ublock-origin + reddit-enhancement-suite + pushbullet + sponsorblock + web-archives + single-file + widegithub + enhanced-github + unpaywall + don-t-fuck-with-paste + plasma-integration + ]; + + search.engines = { + "Nix Packages" = { + urls = [ + { + template = "https://search.nixos.org/packages"; + params = [ + { + name = "type"; + value = "packages"; + } + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } ]; - }]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@np" ]; - }; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@np"]; + }; - "NixOS Wiki" = { - urls = [{ - template = "https://nixos.wiki/index.php?search={searchTerms}"; - }]; - iconUpdateURL = "https://nixos.wiki/favicon.png"; - updateInterval = 24 * 60 * 60 * 1000; # every day - definedAliases = [ "@nw" ]; - }; + "NixOS Wiki" = { + urls = [ + { + template = "https://nixos.wiki/index.php?search={searchTerms}"; + } + ]; + iconUpdateURL = "https://nixos.wiki/favicon.png"; + updateInterval = 24 * 60 * 60 * 1000; # every day + definedAliases = ["@nw"]; + }; - "NixOS Options" = { - urls = [{ - template = "https://search.nixos.org/options"; - params = [ - { name = "query"; value = "{searchTerms}"; } + "NixOS Options" = { + urls = [ + { + template = "https://search.nixos.org/options"; + params = [ + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } ]; - }]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@no" ]; - }; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@no"]; + }; - "Home Manager Options" = { - urls = [{ template = "https://home-manager-options.extranix.com/"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; + "Home Manager Options" = { + urls = [ + { + template = "https://home-manager-options.extranix.com/"; + params = [ + { + name = "query"; + value = "{searchTerms}"; + } + ]; + } + ]; - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@hm" "@ho" "@hmo" ]; - }; + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = ["@hm" "@ho" "@hmo"]; + }; - "Google".metaData.alias = "@g"; + "Google".metaData.alias = "@g"; + }; + search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart }; - search.force = true; # this is required because otherwise the search.json.mozlz4 symlink gets replaced on every firefox restart }; -}; -services.gnome-keyring = { - enable = true; -}; + services.gnome-keyring = { + enable = true; + }; -services.mbsync = { - enable = true; -}; + services.mbsync = { + enable = true; + }; -services.kdeconnect = { - enable = true; - indicator = true; -}; + services.kdeconnect = { + enable = true; + indicator = true; + }; -services.syncthing = { - enable = true; - tray = { - enable = false; # we enable this by installing the syncthingtray package instead, it works better. + services.syncthing = { + enable = true; + tray = { + enable = false; # we enable this by installing the syncthingtray package instead, it works better. + }; }; -}; - -services.emacs = { - enable = true; - # socketActivation.enable = false; - # startWithUserSession = "graphical"; -}; - -services.mako = { - enable = true; - # backgroundColor = "#2e3440"; - # borderColor = "#88c0d0"; - borderRadius = 15; - borderSize = 1; - defaultTimeout = 5000; - height = 150; - icons = true; - ignoreTimeout = true; - layer = "overlay"; - maxIconSize = 64; - sort = "-time"; - width = 300; - # font = "monospace 10"; - extraConfig = "[urgency=low] + + services.emacs = { + enable = true; + # socketActivation.enable = false; + # startWithUserSession = "graphical"; + }; + + services.mako = { + enable = true; + # backgroundColor = "#2e3440"; + # borderColor = "#88c0d0"; + borderRadius = 15; + borderSize = 1; + defaultTimeout = 5000; + height = 150; + icons = true; + ignoreTimeout = true; + layer = "overlay"; + maxIconSize = 64; + sort = "-time"; + width = 300; + # font = "monospace 10"; + extraConfig = "[urgency=low] border-color=#cccccc [urgency=normal] border-color=#d08770 @@ -1282,220 +1314,219 @@ default-timeout=3000 default-timeout=2000 group-by=category "; -}; + }; -wayland.windowManager.sway = { - enable = true; - checkConfig = false; # delete this line once SwayFX is fixed upstream - package = pkgs.swayfx; - systemd = { + wayland.windowManager.sway = { enable = true; - xdgAutostart = true; - }; - wrapperFeatures.gtk = true; - config = rec { - modifier = "Mod4"; - terminal = "kitty"; - menu = "fuzzel"; - bars = [{ command = "waybar";}]; - keybindings = let - inherit (config.wayland.windowManager.sway.config) modifier; - in { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; - "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; - "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\""; - "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\""; - "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\""; - "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\""; - "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\""; - "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\""; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+c" = "exec qalculate-gtk"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel-otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type"; - "${modifier}+Escape" = "mode $exit"; - # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\""; - "${modifier}+1" = "workspace 1:一"; - "${modifier}+Shift+1" = "move container to workspace 1:一"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:三"; - "${modifier}+Shift+3" = "move container to workspace 3:三"; - "${modifier}+4" = "workspace 4:四"; - "${modifier}+Shift+4" = "move container to workspace 4:四"; - "${modifier}+5" = "workspace 5:五"; - "${modifier}+Shift+5" = "move container to workspace 5:五"; - "${modifier}+6" = "workspace 6:六"; - "${modifier}+Shift+6" = "move container to workspace 6:六"; - "${modifier}+7" = "workspace 7:七"; - "${modifier}+Shift+7" = "move container to workspace 7:七"; - "${modifier}+8" = "workspace 8:八"; - "${modifier}+Shift+8" = "move container to workspace 8:八"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; - "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; - "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; - "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; - "${modifier}+Shift+Left" = "move left 40px"; - "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; - "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+h" = "focus left"; - "${modifier}+l" = "focus right"; - "${modifier}+j" = "focus down"; - "${modifier}+k" = "focus up"; - "${modifier}+Shift+h" = "move left 40px"; - "${modifier}+Shift+l" = "move right 40px"; - "${modifier}+Shift+j" = "move down 40px"; - "${modifier}+Shift+k" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - "${modifier}+r" = "mode resize"; - "${modifier}+Return" = "exec kitty"; + checkConfig = false; # delete this line once SwayFX is fixed upstream + package = pkgs.swayfx; + systemd = { + enable = true; + xdgAutostart = true; }; - modes = { - resize = { - Down = "resize grow height 10 px or 10 ppt"; - Escape = "mode default"; - Left = "resize shrink width 10 px or 10 ppt"; - Return = "mode default"; - Right = "resize grow width 10 px or 10 ppt"; - Up = "resize shrink height 10 px or 10 ppt"; + wrapperFeatures.gtk = true; + config = rec { + modifier = "Mod4"; + terminal = "kitty"; + menu = "fuzzel"; + bars = [{command = "waybar";}]; + keybindings = let + inherit (config.wayland.windowManager.sway.config) modifier; + in { + "${modifier}+q" = "kill"; + "${modifier}+f" = "exec firefox"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; + "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; + "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\""; + "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\""; + "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\""; + "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\""; + "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\""; + "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\""; + "${modifier}+Shift+F12" = "move scratchpad"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+c" = "exec qalculate-gtk"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+o" = "exec pass-fuzzel-otp"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type"; + "${modifier}+Escape" = "mode $exit"; + # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\""; + "${modifier}+1" = "workspace 1:一"; + "${modifier}+Shift+1" = "move container to workspace 1:一"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+3" = "workspace 3:三"; + "${modifier}+Shift+3" = "move container to workspace 3:三"; + "${modifier}+4" = "workspace 4:四"; + "${modifier}+Shift+4" = "move container to workspace 4:四"; + "${modifier}+5" = "workspace 5:五"; + "${modifier}+Shift+5" = "move container to workspace 5:五"; + "${modifier}+6" = "workspace 6:六"; + "${modifier}+Shift+6" = "move container to workspace 6:六"; + "${modifier}+7" = "workspace 7:七"; + "${modifier}+Shift+7" = "move container to workspace 7:七"; + "${modifier}+8" = "workspace 8:八"; + "${modifier}+Shift+8" = "move container to workspace 8:八"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+0" = "workspace 10:十"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; + "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "${modifier}+Left" = "focus left"; + "${modifier}+Right" = "focus right"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; + "${modifier}+Shift+Left" = "move left 40px"; + "${modifier}+Shift+Right" = "move right 40px"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Up" = "move up 40px"; + "${modifier}+h" = "focus left"; + "${modifier}+l" = "focus right"; + "${modifier}+j" = "focus down"; + "${modifier}+k" = "focus up"; + "${modifier}+Shift+h" = "move left 40px"; + "${modifier}+Shift+l" = "move right 40px"; + "${modifier}+Shift+j" = "move down 40px"; + "${modifier}+Shift+k" = "move up 40px"; + "${modifier}+Ctrl+Shift+c" = "reload"; + "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+r" = "mode resize"; + "${modifier}+Return" = "exec kitty"; }; - }; - defaultWorkspace = "workspace 1:一"; - startup = [ - { command = "kitty -T kittyterm";} - { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";} - ]; - window = { - border = 1; - titlebar = false; - }; - assigns = { - "1:一" = [{ app_id = "firefox"; }]; - }; - floating = { - border = 1; - criteria = [ - {title = "^Picture-in-Picture$";} - {app_id = "qalculate-gtk";} - {app_id = "org.gnome.clocks";} - {app_id = "com.github.stsdc.monitor";} - {app_id = "blueman";} - {app_id = "pavucontrol";} - {app_id = "syncthingtray";} - {title = "Syncthing Tray";} - {app_id = "SchildiChat";} - {app_id = "Element";} - {app_id = "com.nextcloud.desktopclient.nextcloud";} - {app_id = "gnome-system-monitor";} - {title = "(?:Open|Save) (?:File|Folder|As)";} - {title = "^Add$";} - {title = "com-jgoodies-jdiskreport-JDiskReport";} - {app_id = "discord";} - {window_role = "pop-up";} - {window_role = "bubble";} - {window_role = "dialog";} - {window_role = "task_dialog";} - {window_role = "menu";} - {window_role = "Preferences";} - ]; - titlebar = false; - }; - window = { - commands = [ - { - command = "opacity 0.95"; - criteria = { - class = ".*"; - }; - } - { - command = "opacity 1"; - criteria = { - app_id = "Gimp-2.10"; - }; - } - { - command = "opacity 0.99"; - criteria = { - app_id = "firefox"; - }; - } - { - command = "sticky enable, shadows enable"; - criteria = { - title="^Picture-in-Picture$"; - }; - } - { - command = "opacity 0.8, sticky enable, border normal, move container to scratchpad"; - criteria = { - title="^kittyterm$"; - }; - } - { - command = "opacity 0.95, sticky enable, border normal, move container to scratchpad"; - criteria = { - title="^spotifytui$"; - }; - } - # { - # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; - # criteria = { - # app_id="^$"; - # class="^$"; - # }; - # } - { - - command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; - criteria = { - class="Spotify"; - }; - } - { - command = "sticky enable"; - criteria = { - app_id = "discord"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, sticky enable"; - criteria = { - class = "Element"; - }; - } - { - command = "resize set width 60 ppt height 60 ppt, sticky enable"; - criteria = { - app_id = "SchildiChat"; - }; - } + modes = { + resize = { + Down = "resize grow height 10 px or 10 ppt"; + Escape = "mode default"; + Left = "resize shrink width 10 px or 10 ppt"; + Return = "mode default"; + Right = "resize grow width 10 px or 10 ppt"; + Up = "resize shrink height 10 px or 10 ppt"; + }; + }; + defaultWorkspace = "workspace 1:一"; + startup = [ + {command = "kitty -T kittyterm";} + {command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";} ]; + window = { + border = 1; + titlebar = false; + }; + assigns = { + "1:一" = [{app_id = "firefox";}]; + }; + floating = { + border = 1; + criteria = [ + {title = "^Picture-in-Picture$";} + {app_id = "qalculate-gtk";} + {app_id = "org.gnome.clocks";} + {app_id = "com.github.stsdc.monitor";} + {app_id = "blueman";} + {app_id = "pavucontrol";} + {app_id = "syncthingtray";} + {title = "Syncthing Tray";} + {app_id = "SchildiChat";} + {app_id = "Element";} + {app_id = "com.nextcloud.desktopclient.nextcloud";} + {app_id = "gnome-system-monitor";} + {title = "(?:Open|Save) (?:File|Folder|As)";} + {title = "^Add$";} + {title = "com-jgoodies-jdiskreport-JDiskReport";} + {app_id = "discord";} + {window_role = "pop-up";} + {window_role = "bubble";} + {window_role = "dialog";} + {window_role = "task_dialog";} + {window_role = "menu";} + {window_role = "Preferences";} + ]; + titlebar = false; + }; + window = { + commands = [ + { + command = "opacity 0.95"; + criteria = { + class = ".*"; + }; + } + { + command = "opacity 1"; + criteria = { + app_id = "Gimp-2.10"; + }; + } + { + command = "opacity 0.99"; + criteria = { + app_id = "firefox"; + }; + } + { + command = "sticky enable, shadows enable"; + criteria = { + title = "^Picture-in-Picture$"; + }; + } + { + command = "opacity 0.8, sticky enable, border normal, move container to scratchpad"; + criteria = { + title = "^kittyterm$"; + }; + } + { + command = "opacity 0.95, sticky enable, border normal, move container to scratchpad"; + criteria = { + title = "^spotifytui$"; + }; + } + # { + # command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; + # criteria = { + # app_id="^$"; + # class="^$"; + # }; + # } + { + command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; + criteria = { + class = "Spotify"; + }; + } + { + command = "sticky enable"; + criteria = { + app_id = "discord"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, sticky enable"; + criteria = { + class = "Element"; + }; + } + { + command = "resize set width 60 ppt height 60 ppt, sticky enable"; + criteria = { + app_id = "SchildiChat"; + }; + } + ]; + }; + gaps = { + inner = 5; + }; }; - gaps = { - inner = 5; - }; - }; - extraSessionCommands ='' + extraSessionCommands = '' export SDL_VIDEODRIVER=wayland export QT_QPA_PLATFORM=wayland export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" @@ -1506,13 +1537,13 @@ wayland.windowManager.sway = { export ANKI_WAYLAND=1; export OBSIDIAN_USE_WAYLAND=1; ''; - # extraConfigEarly = " - # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK - # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK - # "; - extraConfig =let - inherit (config.wayland.windowManager.sway.config) modifier; - swayfxSettings = " + # extraConfigEarly = " + # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK + # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK + # "; + extraConfig = let + inherit (config.wayland.windowManager.sway.config) modifier; + swayfxSettings = " blur enable blur_xray disable blur_passes 1 @@ -1522,7 +1553,7 @@ wayland.windowManager.sway = { titlebar_separator disable default_dim_inactive 0.02 "; - in " + in " exec_always autotiling set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\" mode $exit { @@ -1544,6 +1575,5 @@ wayland.windowManager.sway = { ${swayfxSettings} "; -}; - + }; } diff --git a/profiles/common/nixos.nix b/profiles/common/nixos.nix index b19d00c..9aa87cf 100644 --- a/profiles/common/nixos.nix +++ b/profiles/common/nixos.nix @@ -1,511 +1,508 @@ -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { home-manager = { useGlobalPkgs = true; useUserPackages = true; }; -services.xserver = { - xkb = { - layout = "us"; - variant = "altgr-intl"; - }; -}; - -nix.settings.experimental-features = ["nix-command" "flakes"]; - -users.mutableUsers = false; - -environment = { - wordlist.enable = true; - sessionVariables = { - NIXOS_OZONE_WL = "1"; - GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ - gst-plugins-good - gst-plugins-bad - gst-plugins-ugly - gst-libav - ]); + services.xserver = { + xkb = { + layout = "us"; + variant = "altgr-intl"; + }; }; -}; -# gstreamer plugins for nautilus (used for file metadata) -time.hardwareClockInLocalTime = true; + nix.settings.experimental-features = ["nix-command" "flakes"]; -# dont style GRUB with stylix -stylix.targets.grub.enable = false; # the styling makes grub more ugly + users.mutableUsers = false; -security.polkit.enable = true; + environment = { + wordlist.enable = true; + sessionVariables = { + NIXOS_OZONE_WL = "1"; + GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-libav + ]); + }; + }; + # gstreamer plugins for nautilus (used for file metadata) -nix.gc = { - automatic = true; - randomizedDelaySec = "14m"; - dates = "weekly"; - options = "--delete-older-than 10d"; -}; + time.hardwareClockInLocalTime = true; -nix.optimise = { - automatic = true; - dates = [ "weekly" ]; -}; + # dont style GRUB with stylix + stylix.targets.grub.enable = false; # the styling makes grub more ugly -# systemd -systemd.extraConfig = '' - DefaultTimeoutStartSec=60s - DefaultTimeoutStopSec=15s -''; + security.polkit.enable = true; -hardware = { - graphics = { - enable = true; - enable32Bit = true; + nix.gc = { + automatic = true; + randomizedDelaySec = "14m"; + dates = "weekly"; + options = "--delete-older-than 10d"; }; - pulseaudio= { - enable = true; - package = pkgs.pulseaudioFull; + nix.optimise = { + automatic = true; + dates = ["weekly"]; }; - enableAllFirmware = true; + # systemd + systemd.extraConfig = '' + DefaultTimeoutStartSec=60s + DefaultTimeoutStopSec=15s + ''; - bluetooth = { - powerOnBoot = true; - settings = { - General = { - Enable = "Source,Sink,Media,Socket"; - }; + hardware = { + graphics = { + enable = true; + enable32Bit = true; }; - }; -}; -networking.networkmanager = { - enable = true; - ensureProfiles = { - environmentFiles = [ - "${config.sops.templates."network-manager.env".path}" - ]; - profiles = { - "Ernest Routerford" = { - connection = { - id = "Ernest Routerford"; - permissions = ""; - type = "wifi"; - }; - ipv4 = { - dns-search = ""; - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - dns-search = ""; - method = "auto"; - }; - wifi = { - mac-address-blacklist = ""; - mode = "infrastructure"; - ssid = "Ernest Routerford"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$ERNEST"; - }; - }; + pulseaudio = { + enable = true; + package = pkgs.pulseaudioFull; + }; - LAN-Party = { - connection = { - autoconnect = "false"; - id = "LAN-Party"; - type = "ethernet"; - }; - ethernet = { - auto-negotiate = "true"; - cloned-mac-address = "preserve"; - mac-address = "90:2E:16:D0:A1:87"; - }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - }; + enableAllFirmware = true; - eduroam = { - "802-1x" = { - eap = "ttls;"; - identity = "$EDUID"; - password = "$EDUPASS"; - phase2-auth = "mschapv2"; - }; - connection = { - id = "eduroam"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "eduroam"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-eap"; + bluetooth = { + powerOnBoot = true; + settings = { + General = { + Enable = "Source,Sink,Media,Socket"; }; }; + }; + }; - local = { - connection = { - autoconnect = "false"; - id = "local"; - type = "ethernet"; - }; - ethernet = { }; - ipv4 = { - address1 = "10.42.1.1/24"; - method = "shared"; - }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; + networking.networkmanager = { + enable = true; + ensureProfiles = { + environmentFiles = [ + "${config.sops.templates."network-manager.env".path}" + ]; + profiles = { + "Ernest Routerford" = { + connection = { + id = "Ernest Routerford"; + permissions = ""; + type = "wifi"; + }; + ipv4 = { + dns-search = ""; + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + dns-search = ""; + method = "auto"; + }; + wifi = { + mac-address-blacklist = ""; + mode = "infrastructure"; + ssid = "Ernest Routerford"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$ERNEST"; + }; }; - proxy = { }; - }; - HH40V_39F5 = { - connection = { - id = "HH40V_39F5"; - type = "wifi"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; - }; - proxy = { }; - wifi = { - band = "bg"; - mode = "infrastructure"; - ssid = "HH40V_39F5"; + LAN-Party = { + connection = { + autoconnect = "false"; + id = "LAN-Party"; + type = "ethernet"; + }; + ethernet = { + auto-negotiate = "true"; + cloned-mac-address = "preserve"; + mac-address = "90:2E:16:D0:A1:87"; + }; + ipv4 = {method = "shared";}; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = {}; }; - wifi-security = { - key-mgmt = "wpa-psk"; - psk = "$FRAUNS"; - }; - }; - magicant = { - connection = { - id = "magicant"; - type = "wifi"; + eduroam = { + "802-1x" = { + eap = "ttls;"; + identity = "$EDUID"; + password = "$EDUPASS"; + phase2-auth = "mschapv2"; + }; + connection = { + id = "eduroam"; + type = "wifi"; + }; + ipv4 = {method = "auto";}; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = {}; + wifi = { + mode = "infrastructure"; + ssid = "eduroam"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; - }; - proxy = { }; - wifi = { - mode = "infrastructure"; - ssid = "magicant"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-psk"; - psk = "$HANDYHOTSPOT"; - }; - }; - "sweden-aes-128-cbc-udp-dns" = { - connection = { - autoconnect = "false"; - id = "PIA Sweden"; - type = "vpn"; - }; - ipv4 = { method = "auto"; }; - ipv6 = { - addr-gen-mode = "stable-privacy"; - method = "auto"; + local = { + connection = { + autoconnect = "false"; + id = "local"; + type = "ethernet"; + }; + ethernet = {}; + ipv4 = { + address1 = "10.42.1.1/24"; + method = "shared"; + }; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = {}; }; - proxy = { }; - vpn = { - auth = "sha1"; - ca = - "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem"; - challenge-response-flags = "2"; - cipher = "aes-128-cbc"; - compress = "yes"; - connection-type = "password"; - crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem"; - dev = "tun"; - password-flags = "0"; - remote = "sweden.privacy.network:1198"; - remote-cert-tls = "server"; - reneg-seconds = "0"; - service-type = "org.freedesktop.NetworkManager.openvpn"; - username = "$VPNUSER"; - }; - vpn-secrets = { password = "$VPNPASS"; }; - }; - Hotspot = { - connection = { - autoconnect = "false"; - id = "Hotspot"; - type = "wifi"; + HH40V_39F5 = { + connection = { + id = "HH40V_39F5"; + type = "wifi"; + }; + ipv4 = {method = "auto";}; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = {}; + wifi = { + band = "bg"; + mode = "infrastructure"; + ssid = "HH40V_39F5"; + }; + wifi-security = { + key-mgmt = "wpa-psk"; + psk = "$FRAUNS"; + }; }; - ipv4 = { method = "shared"; }; - ipv6 = { - addr-gen-mode = "default"; - method = "ignore"; + + magicant = { + connection = { + id = "magicant"; + type = "wifi"; + }; + ipv4 = {method = "auto";}; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; + proxy = {}; + wifi = { + mode = "infrastructure"; + ssid = "magicant"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-psk"; + psk = "$HANDYHOTSPOT"; + }; }; - proxy = { }; - wifi = { - mode = "ap"; - ssid = "Hotspot-fourside"; + + "sweden-aes-128-cbc-udp-dns" = { + connection = { + autoconnect = "false"; + id = "PIA Sweden"; + type = "vpn"; + }; + ipv4 = {method = "auto";}; + ipv6 = { + addr-gen-mode = "stable-privacy"; + method = "auto"; + }; + proxy = {}; + vpn = { + auth = "sha1"; + ca = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem"; + challenge-response-flags = "2"; + cipher = "aes-128-cbc"; + compress = "yes"; + connection-type = "password"; + crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem"; + dev = "tun"; + password-flags = "0"; + remote = "sweden.privacy.network:1198"; + remote-cert-tls = "server"; + reneg-seconds = "0"; + service-type = "org.freedesktop.NetworkManager.openvpn"; + username = "$VPNUSER"; + }; + vpn-secrets = {password = "$VPNPASS";}; }; - wifi-security = { - group = "ccmp;"; - key-mgmt = "wpa-psk"; - pairwise = "ccmp;"; - proto = "rsn;"; - psk = "$HOTSPOT"; + + Hotspot = { + connection = { + autoconnect = "false"; + id = "Hotspot"; + type = "wifi"; + }; + ipv4 = {method = "shared";}; + ipv6 = { + addr-gen-mode = "default"; + method = "ignore"; + }; + proxy = {}; + wifi = { + mode = "ap"; + ssid = "Hotspot-fourside"; + }; + wifi-security = { + group = "ccmp;"; + key-mgmt = "wpa-psk"; + pairwise = "ccmp;"; + proto = "rsn;"; + psk = "$HOTSPOT"; + }; }; }; + }; + }; + systemd.services.NetworkManager-ensure-profiles.after = ["NetworkManager.service"]; + + time.timeZone = "Europe/Vienna"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "de_AT.UTF-8"; + LC_IDENTIFICATION = "de_AT.UTF-8"; + LC_MEASUREMENT = "de_AT.UTF-8"; + LC_MONETARY = "de_AT.UTF-8"; + LC_NAME = "de_AT.UTF-8"; + LC_NUMERIC = "de_AT.UTF-8"; + LC_PAPER = "de_AT.UTF-8"; + LC_TELEPHONE = "de_AT.UTF-8"; + LC_TIME = "de_AT.UTF-8"; }; }; -}; - -systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ]; - -time.timeZone = "Europe/Vienna"; - -i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "de_AT.UTF-8"; - LC_IDENTIFICATION = "de_AT.UTF-8"; - LC_MEASUREMENT = "de_AT.UTF-8"; - LC_MONETARY = "de_AT.UTF-8"; - LC_NAME = "de_AT.UTF-8"; - LC_NUMERIC = "de_AT.UTF-8"; - LC_PAPER = "de_AT.UTF-8"; - LC_TELEPHONE = "de_AT.UTF-8"; - LC_TIME = "de_AT.UTF-8"; + + sops = { + defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; + validateSopsFiles = false; + + secrets = { + swarseluser = {neededForUsers = true;}; + ernest = {}; + frauns = {}; + hotspot = {}; + eduid = {}; + edupass = {}; + handyhotspot = {}; + vpnuser = {}; + vpnpass = {}; + }; + templates = { + "network-manager.env".content = '' + ERNEST=${config.sops.placeholder.ernest} + FRAUNS=${config.sops.placeholder.frauns} + HOTSPOT=${config.sops.placeholder.hotspot} + EDUID=${config.sops.placeholder.eduid} + EDUPASS=${config.sops.placeholder.edupass} + HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} + VPNUSER=${config.sops.placeholder.vpnuser} + VPNPASS=${config.sops.placeholder.vpnpass} + ''; + }; }; -}; - -sops = { - - defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml"; - validateSopsFiles = false; - - secrets = { - swarseluser = {neededForUsers = true;}; - ernest = {}; - frauns = {}; - hotspot = {}; - eduid = {}; - edupass = {}; - handyhotspot = {}; - vpnuser = {}; - vpnpass = {}; + + environment.systemPackages = with pkgs; [ + # yubikey packages + gnupg + yubikey-personalization + yubikey-personalization-gui + yubico-pam + yubioath-flutter + yubikey-manager + yubikey-manager-qt + yubico-piv-tool + cfssl + pcsctools + pcscliteWithPolkit.out + + # ledger packages + ledger-live-desktop + + # pinentry + + # theme related + adwaita-icon-theme + + # kde-connect + xdg-desktop-portal + + # bluetooth + bluez + + # lsp-related ------------------------------- + # nix + # latex + texlab + ghostscript_headless + # wireguard + wireguard-tools + # rust + rust-analyzer + clippy + rustfmt + # go + go + gopls + # zig + zig + zls + # cpp + clang-tools + # + cuda + cudatoolkit + #lsp-bridge / python + gcc + gdb + (python3.withPackages (ps: with ps; [jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) + # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) + # -------------------------------------------- + + (stdenv.mkDerivation { + name = "oama"; + + src = pkgs.fetchurl { + name = "oama"; + url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz"; + sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc="; + }; + + phases = [ + "unpackPhase" + ]; + + unpackPhase = '' + mkdir -p $out/bin + tar xvf $src -C $out/ + mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ + ''; + }) + ]; + + programs = { + dconf.enable = true; + evince.enable = true; + kdeconnect.enable = true; }; - templates = { - "network-manager.env".content = '' - ERNEST=${config.sops.placeholder.ernest} - FRAUNS=${config.sops.placeholder.frauns} - HOTSPOT=${config.sops.placeholder.hotspot} - EDUID=${config.sops.placeholder.eduid} - EDUPASS=${config.sops.placeholder.edupass} - HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} - VPNUSER=${config.sops.placeholder.vpnuser} - VPNPASS=${config.sops.placeholder.vpnpass} - ''; + + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + environment.shells = with pkgs; [zsh]; + environment.pathsToLink = ["/share/zsh"]; + + services.blueman.enable = true; + + # enable scanners over network + hardware.sane = { + enable = true; + extraBackends = [pkgs.sane-airscan]; }; -}; - -environment.systemPackages = with pkgs; [ - # yubikey packages - gnupg - yubikey-personalization - yubikey-personalization-gui - yubico-pam - yubioath-flutter - yubikey-manager - yubikey-manager-qt - yubico-piv-tool - cfssl - pcsctools - pcscliteWithPolkit.out - - # ledger packages - ledger-live-desktop - - # pinentry - - # theme related - adwaita-icon-theme - - # kde-connect - xdg-desktop-portal - - # bluetooth - bluez - - # lsp-related ------------------------------- - # nix - # latex - texlab - ghostscript_headless - # wireguard - wireguard-tools - # rust - rust-analyzer - clippy - rustfmt - # go - go - gopls - # zig - zig - zls - # cpp - clang-tools - # + cuda - cudatoolkit - #lsp-bridge / python - gcc - gdb - (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) - # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) - # -------------------------------------------- - - (stdenv.mkDerivation { - name = "oama"; - - src = pkgs.fetchurl { - name = "oama"; - url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz"; - sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc="; - }; - phases = [ - "unpackPhase" + # enable discovery and usage of network devices (esp. printers) + services.printing = { + enable = true; + drivers = [ + pkgs.gutenprint + pkgs.gutenprintBin ]; - - unpackPhase = '' - mkdir -p $out/bin - tar xvf $src -C $out/ - mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ + browsedConf = '' + BrowseDNSSDSubTypes _cups,_print + BrowseLocalProtocols all + BrowseRemoteProtocols all + CreateIPPPrinterQueues All + BrowseProtocols all ''; + }; - }) + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; -]; + services.gvfs.enable = true; -programs = { - dconf.enable = true; - evince.enable = true; - kdeconnect.enable = true; -}; + # Make CAPS work as a dual function ESC/CTRL key + services.interception-tools = { + enable = true; + udevmonConfig = let + dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' + TIMING: + TAP_MILLISEC: 200 + DOUBLE_TAP_MILLISEC: 0 + + MAPPINGS: + - KEY: KEY_CAPSLOCK + TAP: KEY_ESC + HOLD: KEY_LEFTCTRL + ''; + in '' + - JOB: | + ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ + | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ + | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE + DEVICE: + EVENTS: + EV_KEY: [KEY_CAPSLOCK] + ''; + }; -programs.zsh.enable = true; -users.defaultUserShell = pkgs.zsh; -environment.shells = with pkgs; [ zsh ]; -environment.pathsToLink = [ "/share/zsh" ]; + programs.ssh.startAgent = false; -services.blueman.enable = true; + services.pcscd.enable = true; -# enable scanners over network -hardware.sane = { - enable = true; - extraBackends = [ pkgs.sane-airscan ]; -}; + hardware.ledger.enable = true; -# enable discovery and usage of network devices (esp. printers) -services.printing = { - enable = true; - drivers = [ - pkgs.gutenprint - pkgs.gutenprintBin + services.udev.packages = with pkgs; [ + yubikey-personalization + ledger-udev-rules ]; - browsedConf = '' -BrowseDNSSDSubTypes _cups,_print -BrowseLocalProtocols all -BrowseRemoteProtocols all -CreateIPPPrinterQueues All -BrowseProtocols all - ''; -}; - -services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; -}; - -services.gvfs.enable = true; - -# Make CAPS work as a dual function ESC/CTRL key -services.interception-tools = { - enable = true; - udevmonConfig = let - dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' - TIMING: - TAP_MILLISEC: 200 - DOUBLE_TAP_MILLISEC: 0 - - MAPPINGS: - - KEY: KEY_CAPSLOCK - TAP: KEY_ESC - HOLD: KEY_LEFTCTRL - ''; - in '' - - JOB: | - ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ - | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ - | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE - DEVICE: - EVENTS: - EV_KEY: [KEY_CAPSLOCK] - ''; -}; - -programs.ssh.startAgent = false; - -services.pcscd.enable = true; - -hardware.ledger.enable = true; - -services.udev.packages = with pkgs; [ - yubikey-personalization - ledger-udev-rules -]; - -services.greetd = { - enable = true; - settings = { - initial_session.command = "sway"; - # initial_session.user ="swarsel"; - default_session.command = '' - ${pkgs.greetd.tuigreet}/bin/tuigreet \ - --time \ - --asterisks \ - --user-menu \ - --cmd sway - ''; - }; -}; -environment.etc."greetd/environments".text = '' - sway - ''; + services.greetd = { + enable = true; + settings = { + initial_session.command = "sway"; + # initial_session.user ="swarsel"; + default_session.command = '' + ${pkgs.greetd.tuigreet}/bin/tuigreet \ + --time \ + --asterisks \ + --user-menu \ + --cmd sway + ''; + }; + }; + environment.etc."greetd/environments".text = '' + sway + ''; } diff --git a/profiles/fourside/hardware-configuration.nix b/profiles/fourside/hardware-configuration.nix index 4e22cc7..8dc27e6 100644 --- a/profiles/fourside/hardware-configuration.nix +++ b/profiles/fourside/hardware-configuration.nix @@ -1,31 +1,34 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/55eee3d2-4125-4aba-a326-10cde2abdf26"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/55eee3d2-4125-4aba-a326-10cde2abdf26"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/BC7A-F7D9"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/BC7A-F7D9"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/0a74b04a-99e0-48cd-afcf-6ca849f6f85a"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/0a74b04a-99e0-48cd-afcf-6ca849f6f85a";} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/fourside/home.nix b/profiles/fourside/home.nix index b4abad7..14fe1ab 100644 --- a/profiles/fourside/home.nix +++ b/profiles/fourside/home.nix @@ -1,8 +1,8 @@ -{ config, pkgs, ... }: - { - - + config, + pkgs, + ... +}: { services.gpg-agent = { enable = true; enableSshSupport = true; @@ -11,11 +11,11 @@ defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry + allow-loopback-pinentry + allow-emacs-pinentry ''; - }; - + }; + home = { username = "swarsel"; homeDirectory = "/home/swarsel"; @@ -24,7 +24,7 @@ packages = with pkgs; [ ]; }; - sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; + sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"]; # waybar config - TEMPLATE - update for cores and temp programs.waybar.settings.mainBar = { @@ -34,26 +34,25 @@ temperature.input-filename = "temp1_input"; }; - - programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "custom/pseudobat" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; - + programs.waybar.settings.mainBar.modules-right = [ + "custom/outer-left-arrow-dark" + "mpris" + "custom/left-arrow-light" + "network" + "custom/left-arrow-dark" + "pulseaudio" + "custom/left-arrow-light" + "custom/pseudobat" + "battery" + "custom/left-arrow-dark" + "group/hardware" + "custom/left-arrow-light" + "clock#2" + "custom/left-arrow-dark" + "clock#1" + ]; - wayland.windowManager.sway= { + wayland.windowManager.sway = { config = rec { # update for actual inputs here, input = { @@ -61,7 +60,8 @@ xkb_layout = "us"; xkb_variant = "altgr-intl"; }; - "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE + "1:1:AT_Translated_Set_2_keyboard" = { + # TEMPLATE xkb_layout = "us"; xkb_options = "grp:win_space_toggle"; xkb_variant = "altgr-intl"; @@ -72,7 +72,6 @@ natural_scroll = "enabled"; middle_emulation = "enabled"; }; - }; output = { @@ -91,17 +90,22 @@ }; workspaceOutputAssign = [ - { output = "eDP-1"; workspace = "1:一";} - { output = "DP-4"; workspace = "2:二";} + { + output = "eDP-1"; + workspace = "1:一"; + } + { + output = "DP-4"; + workspace = "2:二"; + } ]; - keybindings = let inherit (config.wayland.windowManager.sway.config) modifier; in { "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; - "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; - "XF86MonBrightnessDown"= "exec brightnessctl set 5%-"; + "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; + "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; "XF86Display" = "exec wl-mirror eDP-1"; # these are left open to use # "XF86WLAN" = "exec wl-mirror eDP-1"; @@ -115,14 +119,12 @@ }; startup = [ - - { command = "nextcloud --background";} - { command = "discord --start-minimized";} - { command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} - { command = "ANKI_WAYLAND=1 anki";} - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} - { command = "nm-applet";} - + {command = "nextcloud --background";} + {command = "discord --start-minimized";} + {command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} + {command = "ANKI_WAYLAND=1 anki";} + {command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} + {command = "nm-applet";} ]; }; }; diff --git a/profiles/fourside/nixos.nix b/profiles/fourside/nixos.nix index a695966..d4dde2c 100644 --- a/profiles/fourside/nixos.nix +++ b/profiles/fourside/nixos.nix @@ -1,21 +1,21 @@ -{ config, pkgs, ... }: - { - - # + config, + pkgs, + ... +}: { + # # imports = # [ # ./hardware-configuration.nix # ]; - # - imports = - [ - ./hardware-configuration.nix - ]; + # + imports = [ + ./hardware-configuration.nix + ]; services = { getty.autologinUser = "swarsel"; - greetd.settings.initial_session.user="swarsel"; + greetd.settings.initial_session.user = "swarsel"; }; boot = { @@ -24,7 +24,7 @@ # kernelPackages = pkgs.linuxPackages_latest; }; - sops.age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ]; + sops.age.sshKeyPaths = ["${config.users.users.swarsel.home}/.ssh/sops"]; networking = { hostName = "fourside"; # Define your hostname. @@ -33,32 +33,44 @@ firewall.checkReversePath = false; firewall = { enable = true; - allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard - allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard + allowedUDPPorts = [4380 27036 14242 34197 51820]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard + allowedTCPPorts = []; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard allowedTCPPortRanges = [ - {from = 27015; to = 27030;} # barotrauma - {from = 27036; to = 27037;} # barotrauma + { + from = 27015; + to = 27030; + } # barotrauma + { + from = 27036; + to = 27037; + } # barotrauma ]; allowedUDPPortRanges = [ - {from = 27000; to = 27031;} # barotrauma - {from = 58962; to = 58964;} # barotrauma + { + from = 27000; + to = 27031; + } # barotrauma + { + from = 58962; + to = 58964; + } # barotrauma ]; }; }; virtualisation.virtualbox = { host = { - enable = true; - enableExtensionPack = true; + enable = true; + enableExtensionPack = true; }; # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch guest = { enable = false; - }; }; + }; stylix.image = ../../wallpaper/lenovowp.png; - + stylix = { enable = true; base16Scheme = ../../wallpaper/swarsel.yaml; @@ -83,7 +95,7 @@ # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; - + sansSerif = { # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); package = pkgs.cantarell-fonts; @@ -92,38 +104,35 @@ # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; - + monospace = { - package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; + package = pkgs.nerdfonts.override {fonts = ["FiraCode"];}; name = "FiraCode Nerd Font Mono"; }; - + emoji = { package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; }; }; }; - - - hardware = { - graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ - vulkan-loader - vulkan-validation-layers - vulkan-extension-layer - ]; - }; - bluetooth.enable = true; - trackpoint = { - enable = true; - device = "TPPS/2 Elan TrackPoint"; - }; + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + vulkan-loader + vulkan-validation-layers + vulkan-extension-layer + ]; }; + bluetooth.enable = true; + trackpoint = { + enable = true; + device = "TPPS/2 Elan TrackPoint"; + }; + }; programs.steam = { enable = true; @@ -132,7 +141,7 @@ ]; }; - # Configure keymap in X11 (only used for login) + # Configure keymap in X11 (only used for login) services.thinkfan = { enable = false; @@ -143,7 +152,7 @@ services.nswitch-rcm = { enable = true; - package = pkgs.fetchurl { + package = pkgs.fetchurl { url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; }; @@ -153,21 +162,19 @@ isNormalUser = true; description = "Leon S"; hashedPasswordFile = config.sops.secrets.swarseluser.path; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; + extraGroups = ["networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner"]; packages = with pkgs; []; }; environment.systemPackages = with pkgs; [ - # gog games installing - heroic - # minecraft - temurin-bin-17 - (prismlauncher.override { - glfw = pkgs.glfw-wayland-minecraft; - }) + # gog games installing + heroic + # minecraft + temurin-bin-17 + (prismlauncher.override { + glfw = pkgs.glfw-wayland-minecraft; + }) ]; system.stateVersion = "23.05"; - - } diff --git a/profiles/mysticant/configuration.nix b/profiles/mysticant/configuration.nix index 9ae16b3..163ac6f 100644 --- a/profiles/mysticant/configuration.nix +++ b/profiles/mysticant/configuration.nix @@ -1,6 +1,4 @@ -{ pkgs, ... }: - -{ +{pkgs, ...}: { environment.packages = with pkgs; [ vim git @@ -18,5 +16,4 @@ nix.extraOptions = '' experimental-features = nix-command flakes ''; - } diff --git a/profiles/remote/oracle/matrix/hardware-configuration.nix b/profiles/remote/oracle/matrix/hardware-configuration.nix index 9098a32..a1c0b22 100644 --- a/profiles/remote/oracle/matrix/hardware-configuration.nix +++ b/profiles/remote/oracle/matrix/hardware-configuration.nix @@ -1,14 +1,18 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; +{modulesPath, ...}: { + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = true; device = "nodev"; }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/A1B2-7E6F"; fsType = "vfat"; }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; - boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; }; - + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/A1B2-7E6F"; + fsType = "vfat"; + }; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; + boot.initrd.kernelModules = ["nvme"]; + fileSystems."/" = { + device = "/dev/mapper/ocivolume-root"; + fsType = "xfs"; + }; } diff --git a/profiles/remote/oracle/matrix/nixos.nix b/profiles/remote/oracle/matrix/nixos.nix index a2d7cdf..67b8178 100644 --- a/profiles/remote/oracle/matrix/nixos.nix +++ b/profiles/remote/oracle/matrix/nixos.nix @@ -1,7 +1,11 @@ -{ config, pkgs, sops, ... }: let +{ + config, + pkgs, + sops, + ... +}: let matrixDomain = "swatrix.swarsel.win"; in { - imports = [ ./hardware-configuration.nix ]; @@ -23,24 +27,24 @@ in { nix.settings.experimental-features = ["nix-command" "flakes"]; sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; + age.sshKeyPaths = ["/etc/ssh/sops"]; defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml"; validateSopsFiles = false; secrets = { - dnstokenfull = {owner="acme";}; - matrixsharedsecret = {owner="matrix-synapse";}; - mautrixtelegram_as = {owner="matrix-synapse";}; - mautrixtelegram_hs = {owner="matrix-synapse";}; - mautrixtelegram_api_id = {owner="matrix-synapse";}; - mautrixtelegram_api_hash = {owner="matrix-synapse";}; + dnstokenfull = {owner = "acme";}; + matrixsharedsecret = {owner = "matrix-synapse";}; + mautrixtelegram_as = {owner = "matrix-synapse";}; + mautrixtelegram_hs = {owner = "matrix-synapse";}; + mautrixtelegram_api_id = {owner = "matrix-synapse";}; + mautrixtelegram_api_hash = {owner = "matrix-synapse";}; }; templates = { "certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} - ''; + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; "matrix_user_register.sh".content = '' - register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 - ''; + register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + ''; mautrixtelegram = { owner = "matrix-synapse"; content = '' @@ -48,13 +52,13 @@ in { MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} - ''; + ''; }; matrixshared = { owner = "matrix-synapse"; content = '' registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} - ''; + ''; }; }; }; @@ -78,7 +82,6 @@ in { recommendedOptimisation = true; recommendedGzipSettings = true; virtualHosts = { - "swatrix.swarsel.win" = { enableACME = true; forceSSL = true; @@ -87,8 +90,8 @@ in { "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://localhost:8008"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -102,13 +105,13 @@ in { enableIPv6 = false; domain = "swarsel.win"; firewall.extraCommands = '' - iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT - ''; + iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT + ''; }; services.openssh = { enable = true; @@ -129,27 +132,27 @@ in { services.postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; - CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; - CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; }; services.matrix-synapse = { settings.app_service_config_files = [ @@ -164,14 +167,15 @@ in { public_baseurl = "https://${matrixDomain}"; }; listeners = [ - { port = 8008; - bind_addresses = [ "0.0.0.0" ]; + { + port = 8008; + bind_addresses = ["0.0.0.0"]; type = "http"; tls = false; x_forwarded = true; resources = [ { - names = [ "client" "federation" ]; + names = ["client" "federation"]; compress = true; } ]; @@ -191,7 +195,7 @@ in { domain = matrixDomain; }; appservice = { - address= "http://localhost:29317"; + address = "http://localhost:29317"; hostname = "0.0.0.0"; port = "29317"; provisioning.enabled = true; @@ -220,16 +224,16 @@ in { args = { width = 256; height = 256; - fps = 30; # only for webm - background = "020202"; # only for gif, transparency not supported + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported }; }; }; }; }; systemd.services.mautrix-telegram.path = with pkgs; [ - lottieconverter # for animated stickers conversion, unfree package - ffmpeg # if converting animated stickers to webm (very slow!) + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) ]; services.mautrix-whatsapp = { @@ -240,7 +244,7 @@ in { domain = matrixDomain; }; appservice = { - address= "http://localhost:29318"; + address = "http://localhost:29318"; hostname = "0.0.0.0"; port = 29318; database = { @@ -287,8 +291,7 @@ in { domain = matrixDomain; }; appservice = { - - address= "http://localhost:29328"; + address = "http://localhost:29328"; hostname = "0.0.0.0"; port = 29328; database = { @@ -314,7 +317,7 @@ in { # messages out after a while. systemd.timers."restart-bridges" = { - wantedBy = [ "timers.target" ]; + wantedBy = ["timers.target"]; timerConfig = { OnBootSec = "1d"; OnUnitActiveSec = "1d"; @@ -324,14 +327,13 @@ in { systemd.services."restart-bridges" = { script = '' - systemctl restart mautrix-whatsapp.service - systemctl restart mautrix-signal.service - systemctl restart mautrix-telegram.service - ''; + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; serviceConfig = { Type = "oneshot"; User = "root"; }; }; - } diff --git a/profiles/remote/oracle/sync/hardware-configuration.nix b/profiles/remote/oracle/sync/hardware-configuration.nix index f4ac213..973bc2b 100644 --- a/profiles/remote/oracle/sync/hardware-configuration.nix +++ b/profiles/remote/oracle/sync/hardware-configuration.nix @@ -1,28 +1,31 @@ -{ config, lib, modulesPath, ... }: - { - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/4b47378a-02eb-4548-bab8-59cbf379252a"; - fsType = "xfs"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/4b47378a-02eb-4548-bab8-59cbf379252a"; + fsType = "xfs"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2B75-2AD5"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/2B75-2AD5"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/f0126a93-753e-4769-ada8-7499a1efb3a9"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/f0126a93-753e-4769-ada8-7499a1efb3a9";} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/remote/oracle/sync/nixos.nix b/profiles/remote/oracle/sync/nixos.nix index e349239..f740d1f 100644 --- a/profiles/remote/oracle/sync/nixos.nix +++ b/profiles/remote/oracle/sync/nixos.nix @@ -1,6 +1,8 @@ -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { imports = [ ./hardware-configuration.nix ]; @@ -19,13 +21,13 @@ nix.settings.experimental-features = ["nix-command" "flakes"]; sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; + age.sshKeyPaths = ["/etc/ssh/sops"]; defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml"; validateSopsFiles = false; - secrets.swarsel = { owner = "root";}; - secrets.dnstokenfull = {owner="acme";}; + secrets.swarsel = {owner = "root";}; + secrets.dnstokenfull = {owner = "acme";}; templates."certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; }; @@ -44,7 +46,6 @@ recommendedOptimisation = true; recommendedGzipSettings = true; virtualHosts = { - "synki.swarsel.win" = { enableACME = true; forceSSL = true; @@ -53,8 +54,8 @@ "/" = { proxyPass = "http://localhost:27701"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -67,8 +68,8 @@ "/" = { proxyPass = "http://localhost:8384/"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -81,8 +82,8 @@ "/" = { proxyPass = "http://localhost:3000"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -96,14 +97,14 @@ enableIPv6 = false; domain = "subnet03112148.vcn03112148.oraclevcn.com"; firewall.extraCommands = '' - iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT - iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT - iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT + iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT + iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT ''; }; services.openssh = { @@ -160,5 +161,4 @@ }; }; }; - } diff --git a/profiles/sandbox/hardware-configuration.nix b/profiles/sandbox/hardware-configuration.nix index d321391..518af3e 100644 --- a/profiles/sandbox/hardware-configuration.nix +++ b/profiles/sandbox/hardware-configuration.nix @@ -1,24 +1,27 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69"; + fsType = "ext4"; + }; - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/sandbox/nixos.nix b/profiles/sandbox/nixos.nix index d88489f..b7e6e4f 100644 --- a/profiles/sandbox/nixos.nix +++ b/profiles/sandbox/nixos.nix @@ -1,7 +1,11 @@ -{ config, pkgs, sops, ... }: let +{ + config, + pkgs, + sops, + ... +}: let matrixDomain = "swatrix.swarsel.win"; in { - imports = [ ./hardware-configuration.nix ]; @@ -10,9 +14,9 @@ in { enable = true; device = "/dev/sda"; useOSProber = true; - supportedFilesystems = [ "zfs" ]; + supportedFilesystems = ["zfs"]; zfs.forceImportRoot = false; - kernelModules = [ "tun" ]; + kernelModules = ["tun"]; kernel.sysctl = { "net.ipv4.conf.all.rp_filter" = 2; "net.ipv4.conf.default.rp_filter" = 2; @@ -26,13 +30,13 @@ in { enableIPv6 = true; firewall.enable = false; firewall.extraCommands = '' - sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP - ''; + sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP + ''; iproute2 = { enable = true; rttablesExtraConfig = '' - 200 vpn - ''; + 200 vpn + ''; }; }; @@ -41,7 +45,7 @@ in { hardware.enableAllFirmware = true; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiVdpau libvdpau-va-gl ]; @@ -64,7 +68,7 @@ in { }; users = { jellyfin = { - extraGroups = [ "video" "render" ]; + extraGroups = ["video" "render"]; }; vpn = { isNormalUser = true; @@ -75,23 +79,23 @@ in { isSystemUser = true; uid = 61593; group = "navidrome"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = ["audio" "utmp"]; }; spotifyd = { isSystemUser = true; uid = 65136; group = "spotifyd"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = ["audio" "utmp"]; }; mpd = { isSystemUser = true; group = "mpd"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = ["audio" "utmp"]; }; swarsel = { isNormalUser = true; description = "Leon S"; - extraGroups = [ "networkmanager" "wheel" "lp"]; + extraGroups = ["networkmanager" "wheel" "lp"]; packages = with pkgs; []; }; root = { @@ -133,26 +137,26 @@ in { zfs ]; etc = { - "openvpn/iptables.sh" = - { source = ../../scripts/server1/iptables.sh; - mode = "0755"; - }; - "openvpn/update-resolv-conf" = - { source = ../../scripts/server1/update-resolv-conf; - mode = "0755"; - }; - "openvpn/routing.sh" = - { source = ../../scripts/server1/routing.sh; - mode = "0755"; - }; - "openvpn/ca.rsa.2048.crt" = - { source = ../../secrets/certs/ca.rsa.2048.crt; - mode = "0644"; - }; - "openvpn/crl.rsa.2048.pem" = - { source = ../../secrets/certs/crl.rsa.2048.pem; - mode = "0644"; - }; + "openvpn/iptables.sh" = { + source = ../../scripts/server1/iptables.sh; + mode = "0755"; + }; + "openvpn/update-resolv-conf" = { + source = ../../scripts/server1/update-resolv-conf; + mode = "0755"; + }; + "openvpn/routing.sh" = { + source = ../../scripts/server1/routing.sh; + mode = "0755"; + }; + "openvpn/ca.rsa.2048.crt" = { + source = ../../secrets/certs/ca.rsa.2048.crt; + mode = "0644"; + }; + "openvpn/crl.rsa.2048.pem" = { + source = ../../secrets/certs/crl.rsa.2048.pem; + mode = "0644"; + }; }; shellAliases = { nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; @@ -161,7 +165,7 @@ in { systemd = { timers."restart-bridges" = { - wantedBy = [ "timers.target" ]; + wantedBy = ["timers.target"]; timerConfig = { OnBootSec = "1d"; OnUnitActiveSec = "1d"; @@ -171,10 +175,10 @@ in { services."restart-bridges" = { script = '' - systemctl restart mautrix-whatsapp.service - systemctl restart mautrix-signal.service - systemctl restart mautrix-telegram.service - ''; + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; serviceConfig = { Type = "oneshot"; User = "root"; @@ -190,19 +194,19 @@ in { }; sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; + age.sshKeyPaths = ["/etc/ssh/sops"]; defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml"; validateSopsFiles = false; secrets = { - dnstokenfull = {owner="acme";}; - kavita = { owner = "kavita";}; + dnstokenfull = {owner = "acme";}; + kavita = {owner = "kavita";}; vpnuser = {}; - rpcuser = {owner="vpn";}; + rpcuser = {owner = "vpn";}; vpnpass = {}; - rpcpass = {owner="vpn";}; + rpcpass = {owner = "vpn";}; vpnprot = {}; vpnloc = {}; - mpdpass = { owner = "mpd";}; + mpdpass = {owner = "mpd";}; }; templates = { "transmission-rpc" = { @@ -214,37 +218,37 @@ in { }; pia.content = '' - ${config.sops.placeholder.vpnuser} - ${config.sops.placeholder.vpnpass} - ''; + ${config.sops.placeholder.vpnuser} + ${config.sops.placeholder.vpnpass} + ''; vpn.content = '' - client - dev tun - proto ${config.sops.placeholder.vpnprot} - remote ${config.sops.placeholder.vpnloc} - resolv-retry infinite - nobind - persist-key - persist-tun - cipher aes-128-cbc - auth sha1 - tls-client - remote-cert-tls server - - auth-user-pass ${config.sops.templates.pia.path} - compress - verb 1 - reneg-sec 0 - - crl-verify /etc/openvpn/crl.rsa.2048.pem - ca /etc/openvpn/ca.rsa.2048.crt - - disable-occ - ''; + client + dev tun + proto ${config.sops.placeholder.vpnprot} + remote ${config.sops.placeholder.vpnloc} + resolv-retry infinite + nobind + persist-key + persist-tun + cipher aes-128-cbc + auth sha1 + tls-client + remote-cert-tls server + + auth-user-pass ${config.sops.templates.pia.path} + compress + verb 1 + reneg-sec 0 + + crl-verify /etc/openvpn/crl.rsa.2048.pem + ca /etc/openvpn/ca.rsa.2048.crt + + disable-occ + ''; "certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} - ''; + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; }; }; @@ -265,10 +269,12 @@ in { openssh = { enable = true; settings.PermitRootLogin = "yes"; - listenAddresses = [{ - port = 22; - addr = "0.0.0.0"; - }]; + listenAddresses = [ + { + port = 22; + addr = "0.0.0.0"; + } + ]; }; nginx = { @@ -278,7 +284,6 @@ in { recommendedOptimisation = true; recommendedGzipSettings = true; virtualHosts = { - "stash.swarsel.win" = { enableACME = true; forceSSL = true; @@ -287,8 +292,8 @@ in { "/" = { proxyPass = "https://192.168.1.5"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; "/.well-known/carddav" = { return = "301 $scheme://$host/remote.php/dav"; @@ -307,13 +312,12 @@ in { "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://127.0.0.1:8008"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; - "sound.swarsel.win" = { enableACME = true; forceSSL = true; @@ -323,13 +327,13 @@ in { proxyPass = "http://127.0.0.1:4040"; proxyWebsockets = true; extraConfig = '' - proxy_redirect http:// https://; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - proxy_buffering off; - proxy_request_buffering off; - client_max_body_size 0; - ''; + proxy_redirect http:// https://; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_buffering off; + proxy_request_buffering off; + client_max_body_size 0; + ''; }; }; }; @@ -342,8 +346,8 @@ in { "/" = { proxyPass = "http://127.0.0.1:28981"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -356,8 +360,8 @@ in { "/" = { proxyPass = "http://127.0.0.1:8096"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -370,8 +374,8 @@ in { "/" = { proxyPass = "http://127.0.0.1:8080"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -417,74 +421,74 @@ in { credentialsFile = config.sops.templates."transmission-rpc".path; user = "vpn"; settings = { - alt-speed-down= 8000; - alt-speed-enabled= false; - alt-speed-time-begin= 0; - alt-speed-time-day= 127; - alt-speed-time-enabled= true; - alt-speed-time-end= 360; - alt-speed-up= 2000; - bind-address-ipv4= "0.0.0.0"; - bind-address-ipv6= "::"; - blocklist-enabled= false; - blocklist-url= "http://www.example.com/blocklist"; - cache-size-mb= 256; - dht-enabled= false; - download-dir= "/test"; - download-limit= 100; - download-limit-enabled= 0; - download-queue-enabled= true; - download-queue-size= 5; - encryption= 2; - idle-seeding-limit= 30; - idle-seeding-limit-enabled= false; - incomplete-dir= "/var/lib/transmission-daemon/Downloads"; - incomplete-dir-enabled= false; - lpd-enabled= false; - max-peers-global= 200; - message-level= 1; - peer-congestion-algorithm= ""; - peer-id-ttl-hours= 6; - peer-limit-global= 100; - peer-limit-per-torrent= 40; - peer-port= 22371; - peer-port-random-high= 65535; - peer-port-random-low= 49152; - peer-port-random-on-start= false; - peer-socket-tos= "default"; - pex-enabled= false; - port-forwarding-enabled= false; - preallocation= 1; - prefetch-enabled= true; - queue-stalled-enabled= true; - queue-stalled-minutes= 30; - ratio-limit= 2; - ratio-limit-enabled= false; - rename-partial-files= true; - rpc-authentication-required= true; - rpc-bind-address= "0.0.0.0"; - rpc-enabled= true; - rpc-host-whitelist= ""; - rpc-host-whitelist-enabled= true; - rpc-port= 9091; - rpc-url= "/transmission/"; - rpc-whitelist= "127.0.0.1,192.168.3.2"; - rpc-whitelist-enabled= true; - scrape-paused-torrents-enabled= true; - script-torrent-done-enabled= false; - seed-queue-enabled= false; - seed-queue-size= 10; - speed-limit-down= 6000; - speed-limit-down-enabled= true; - speed-limit-up= 500; - speed-limit-up-enabled= true; - start-added-torrents= true; - trash-original-torrent-files= false; - umask= 2; - upload-limit= 100; - upload-limit-enabled= 0; - upload-slots-per-torrent= 14; - utp-enabled= false; + alt-speed-down = 8000; + alt-speed-enabled = false; + alt-speed-time-begin = 0; + alt-speed-time-day = 127; + alt-speed-time-enabled = true; + alt-speed-time-end = 360; + alt-speed-up = 2000; + bind-address-ipv4 = "0.0.0.0"; + bind-address-ipv6 = "::"; + blocklist-enabled = false; + blocklist-url = "http://www.example.com/blocklist"; + cache-size-mb = 256; + dht-enabled = false; + download-dir = "/test"; + download-limit = 100; + download-limit-enabled = 0; + download-queue-enabled = true; + download-queue-size = 5; + encryption = 2; + idle-seeding-limit = 30; + idle-seeding-limit-enabled = false; + incomplete-dir = "/var/lib/transmission-daemon/Downloads"; + incomplete-dir-enabled = false; + lpd-enabled = false; + max-peers-global = 200; + message-level = 1; + peer-congestion-algorithm = ""; + peer-id-ttl-hours = 6; + peer-limit-global = 100; + peer-limit-per-torrent = 40; + peer-port = 22371; + peer-port-random-high = 65535; + peer-port-random-low = 49152; + peer-port-random-on-start = false; + peer-socket-tos = "default"; + pex-enabled = false; + port-forwarding-enabled = false; + preallocation = 1; + prefetch-enabled = true; + queue-stalled-enabled = true; + queue-stalled-minutes = 30; + ratio-limit = 2; + ratio-limit-enabled = false; + rename-partial-files = true; + rpc-authentication-required = true; + rpc-bind-address = "0.0.0.0"; + rpc-enabled = true; + rpc-host-whitelist = ""; + rpc-host-whitelist-enabled = true; + rpc-port = 9091; + rpc-url = "/transmission/"; + rpc-whitelist = "127.0.0.1,192.168.3.2"; + rpc-whitelist-enabled = true; + scrape-paused-torrents-enabled = true; + script-torrent-done-enabled = false; + seed-queue-enabled = false; + seed-queue-size = 10; + speed-limit-down = 6000; + speed-limit-down-enabled = true; + speed-limit-up = 500; + speed-limit-up-enabled = true; + start-added-torrents = true; + trash-original-torrent-files = false; + umask = 2; + upload-limit = 100; + upload-limit-enabled = 0; + upload-slots-per-torrent = 14; + utp-enabled = false; }; }; @@ -508,9 +512,6 @@ in { # MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} # ''; - - - # ---------------- # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; @@ -521,27 +522,27 @@ in { postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; - CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; - CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; }; matrix-synapse = { settings.app_service_config_files = [ @@ -557,14 +558,15 @@ in { config.sops.templates.matrixshared.path ]; settings.listeners = [ - { port = 8008; - bind_addresses = [ "0.0.0.0" ]; + { + port = 8008; + bind_addresses = ["0.0.0.0"]; type = "http"; tls = false; x_forwarded = true; resources = [ { - names = [ "client" "federation" ]; + names = ["client" "federation"]; compress = true; } ]; @@ -581,7 +583,7 @@ in { domain = matrixDomain; }; appservice = { - address= "http://localhost:29317"; + address = "http://localhost:29317"; hostname = "0.0.0.0"; port = "29317"; provisioning.enabled = true; @@ -613,8 +615,8 @@ in { args = { width = 256; height = 256; - fps = 30; # only for webm - background = "020202"; # only for gif, transparency not supported + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported }; }; }; @@ -630,7 +632,7 @@ in { domain = matrixDomain; }; appservice = { - address= "http://localhost:29318"; + address = "http://localhost:29318"; hostname = "0.0.0.0"; port = 29318; database = { @@ -676,8 +678,7 @@ in { domain = matrixDomain; }; appservice = { - - address= "http://localhost:29328"; + address = "http://localhost:29328"; hostname = "0.0.0.0"; port = 29328; database = { @@ -740,7 +741,6 @@ in { ]; }; - spotifyd = { enable = true; settings = { @@ -760,18 +760,18 @@ in { samba = { package = pkgs.samba4Full; extraConfig = '' - workgroup = WORKGROUP - server role = standalone server - dns proxy = no - - pam password change = yes - map to guest = bad user - create mask = 0664 - force create mode = 0664 - directory mask = 0775 - force directory mode = 0775 - follow symlinks = yes - ''; + workgroup = WORKGROUP + server role = standalone server + dns proxy = no + + pam password change = yes + map to guest = bad user + create mask = 0664 + force create mode = 0664 + directory mask = 0775 + force directory mode = 0775 + follow symlinks = yes + ''; # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba` # Required for samba to register mDNS records for auto discovery @@ -789,7 +789,6 @@ in { }; }; - avahi = { publish.enable = true; publish.userServices = true; diff --git a/profiles/server1/TEMPLATE/nixos.nix b/profiles/server1/TEMPLATE/nixos.nix index 4e0814c..1e4ca63 100644 --- a/profiles/server1/TEMPLATE/nixos.nix +++ b/profiles/server1/TEMPLATE/nixos.nix @@ -1,41 +1,43 @@ -{ pkgs, modulesPath, ... }: +{ + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") + ]; - { - imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") - ]; + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + ]; - environment.systemPackages = with pkgs; [ - git - gnupg - ssh-to-age - ]; + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; - services.xserver = { - layout = "us"; - xkbVariant = "altgr-intl"; - }; + nix.settings.experimental-features = ["nix-command" "flakes"]; - nix.settings.experimental-features = ["nix-command" "flakes"]; + proxmoxLXC = { + manageNetwork = true; # manage network myself + manageHostName = false; # manage hostname myself + }; + networking = { + hostName = "TEMPLATE"; # Define your hostname. + useDHCP = true; + enableIPv6 = false; + firewall.enable = false; + }; + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../../secrets/keys/authorized_keys + ]; + # users.users.root.password = "TEMPLATE"; - proxmoxLXC = { -manageNetwork = true; # manage network myself -manageHostName = false; # manage hostname myself -}; - networking = { -hostName = "TEMPLATE"; # Define your hostname. -useDHCP = true; -enableIPv6 = false; -firewall.enable = false; -}; - services.openssh = { - enable = true; - settings.PermitRootLogin = "yes"; - }; - users.users.root.openssh.authorizedKeys.keyFiles = [ - ../../../secrets/keys/authorized_keys - ]; - # users.users.root.password = "TEMPLATE"; - - system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - } + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change +} diff --git a/profiles/server1/calibre/hardware-configuration.nix b/profiles/server1/calibre/hardware-configuration.nix index e879412..b63666a 100644 --- a/profiles/server1/calibre/hardware-configuration.nix +++ b/profiles/server1/calibre/hardware-configuration.nix @@ -1,22 +1,20 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ lib, ... }: +{lib, ...}: { + imports = []; -{ - imports = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + fileSystems."/" = { + device = "/dev/mapper/pve-vm--120--disk--0"; + fsType = "ext4"; + }; - fileSystems."/" = - { device = "/dev/mapper/pve-vm--120--disk--0"; - fsType = "ext4"; - }; - - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/server1/calibre/nixos.nix b/profiles/server1/calibre/nixos.nix index 3a207a2..32e26a8 100644 --- a/profiles/server1/calibre/nixos.nix +++ b/profiles/server1/calibre/nixos.nix @@ -1,70 +1,71 @@ -{ config, pkgs, modulesPath, ... }: +{ + config, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") + ./hardware-configuration.nix + ]; - { - imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") - ./hardware-configuration.nix - ]; + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + calibre + ]; - environment.systemPackages = with pkgs; [ - git - gnupg - ssh-to-age - calibre + users.groups.lxc_shares = { + gid = 10000; + members = [ + "kavita" + "calibre-web" + "root" ]; + }; - users.groups.lxc_shares = { - gid = 10000; - members = [ - "kavita" - "calibre-web" - "root" - ]; - }; - - services.xserver = { - layout = "us"; - xkbVariant = "altgr-intl"; - }; - - nix.settings.experimental-features = ["nix-command" "flakes"]; - - sops = { -age.sshKeyPaths = [ "/etc/ssh/sops" ]; -defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml"; -validateSopsFiles = false; -secrets.kavita = { owner = "kavita";}; -}; - proxmoxLXC = { -manageNetwork = true; # manage network myself -manageHostName = false; # manage hostname myself -}; - networking = { -hostName = "calibre"; # Define your hostname. -useDHCP = true; -enableIPv6 = false; -firewall.enable = false; -}; - services.openssh = { - enable = true; - settings.PermitRootLogin = "yes"; - }; - users.users.root.openssh.authorizedKeys.keyFiles = [ - ../../../secrets/keys/authorized_keys - ]; + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; - system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change + nix.settings.experimental-features = ["nix-command" "flakes"]; - environment.shellAliases = { - nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; - }; + sops = { + age.sshKeyPaths = ["/etc/ssh/sops"]; + defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml"; + validateSopsFiles = false; + secrets.kavita = {owner = "kavita";}; + }; + proxmoxLXC = { + manageNetwork = true; # manage network myself + manageHostName = false; # manage hostname myself + }; + networking = { + hostName = "calibre"; # Define your hostname. + useDHCP = true; + enableIPv6 = false; + firewall.enable = false; + }; + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../../secrets/keys/authorized_keys + ]; - services.kavita = { - enable = true; - user = "kavita"; - port = 8080; - tokenKeyFile = config.sops.secrets.kavita.path; - }; + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change + environment.shellAliases = { + nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; + }; - } + services.kavita = { + enable = true; + user = "kavita"; + port = 8080; + tokenKeyFile = config.sops.secrets.kavita.path; + }; +} diff --git a/profiles/server1/jellyfin/hardware-configuration.nix b/profiles/server1/jellyfin/hardware-configuration.nix index 710e320..5fa49fb 100644 --- a/profiles/server1/jellyfin/hardware-configuration.nix +++ b/profiles/server1/jellyfin/hardware-configuration.nix @@ -1,27 +1,25 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ lib, ... }: +{lib, ...}: { + imports = []; -{ - imports = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + fileSystems."/" = { + device = "/dev/mapper/pve-vm--121--disk--0"; + fsType = "ext4"; + }; - fileSystems."/" = - { device = "/dev/mapper/pve-vm--121--disk--0"; - fsType = "ext4"; - }; + fileSystems."/media/Videos" = { + device = "//192.168.1.3/Eternor"; + fsType = "cifs"; + }; - fileSystems."/media/Videos" = - { device = "//192.168.1.3/Eternor"; - fsType = "cifs"; - }; - - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/server1/jellyfin/nixos.nix b/profiles/server1/jellyfin/nixos.nix index 6033d41..54b8ab1 100644 --- a/profiles/server1/jellyfin/nixos.nix +++ b/profiles/server1/jellyfin/nixos.nix @@ -1,6 +1,9 @@ -{ config, pkgs, modulesPath, ... }: - { + config, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix @@ -21,7 +24,7 @@ }; users.users.jellyfin = { - extraGroups = [ "video" "render" ]; + extraGroups = ["video" "render"]; }; services.xserver = { @@ -56,13 +59,13 @@ }; nixpkgs.config.packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;}; }; hardware.graphics = { enable = true; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiVdpau libvdpau-va-gl ]; @@ -73,5 +76,4 @@ user = "jellyfin"; # openFirewall = true; # this works only for the default ports }; - } diff --git a/profiles/server1/matrix/hardware-configuration.nix b/profiles/server1/matrix/hardware-configuration.nix index 02c7840..81f8c28 100644 --- a/profiles/server1/matrix/hardware-configuration.nix +++ b/profiles/server1/matrix/hardware-configuration.nix @@ -1,22 +1,20 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ lib, ... }: +{lib, ...}: { + imports = []; -{ - imports = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + fileSystems."/" = { + device = "/dev/mapper/pve-vm--102--disk--0"; + fsType = "ext4"; + }; - fileSystems."/" = - { device = "/dev/mapper/pve-vm--102--disk--0"; - fsType = "ext4"; - }; - - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/server1/matrix/nixos.nix b/profiles/server1/matrix/nixos.nix index 4a97c4c..592f517 100644 --- a/profiles/server1/matrix/nixos.nix +++ b/profiles/server1/matrix/nixos.nix @@ -1,8 +1,12 @@ -{ config, pkgs, modulesPath, sops, ... }: let +{ + config, + pkgs, + modulesPath, + sops, + ... +}: let matrixDomain = "matrix2.swarsel.win"; in { - - services = { xserver = { layout = "us"; @@ -11,35 +15,36 @@ in { openssh = { enable = true; settings.PermitRootLogin = "yes"; - listenAddresses = [{ - port = 22; - addr = "0.0.0.0"; - }]; + listenAddresses = [ + { + port = 22; + addr = "0.0.0.0"; + } + ]; }; }; - + nix.settings.experimental-features = ["nix-command" "flakes"]; - + proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; - + networking = { useDHCP = true; enableIPv6 = false; }; - + users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; - + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - + environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; - imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") @@ -62,25 +67,25 @@ in { ]; sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; + age.sshKeyPaths = ["/etc/ssh/sops"]; defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml"; validateSopsFiles = false; secrets = { - matrixsharedsecret = {owner="matrix-synapse";}; - mautrixtelegram_as = {owner="matrix-synapse";}; - mautrixtelegram_hs = {owner="matrix-synapse";}; - mautrixtelegram_api_id = {owner="matrix-synapse";}; - mautrixtelegram_api_hash = {owner="matrix-synapse";}; + matrixsharedsecret = {owner = "matrix-synapse";}; + mautrixtelegram_as = {owner = "matrix-synapse";}; + mautrixtelegram_hs = {owner = "matrix-synapse";}; + mautrixtelegram_api_id = {owner = "matrix-synapse";}; + mautrixtelegram_api_hash = {owner = "matrix-synapse";}; }; templates = { "matrix_user_register.sh".content = '' - register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 - ''; + register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + ''; matrixshared = { owner = "matrix-synapse"; content = '' registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} - ''; + ''; }; mautrixtelegram = { owner = "matrix-synapse"; @@ -89,7 +94,7 @@ in { MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} - ''; + ''; }; }; }; @@ -97,27 +102,27 @@ in { services.postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; - CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; - CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; }; services.matrix-synapse = { @@ -132,14 +137,15 @@ in { server_name = matrixDomain; public_baseurl = "https://${matrixDomain}"; listeners = [ - { port = 8008; - bind_addresses = [ "0.0.0.0" ]; + { + port = 8008; + bind_addresses = ["0.0.0.0"]; type = "http"; tls = false; x_forwarded = true; resources = [ { - names = [ "client" "federation" ]; + names = ["client" "federation"]; compress = true; } ]; @@ -160,7 +166,7 @@ in { domain = matrixDomain; }; appservice = { - address= "http://localhost:29317"; + address = "http://localhost:29317"; hostname = "0.0.0.0"; port = "29317"; provisioning.enabled = true; @@ -189,16 +195,16 @@ in { args = { width = 256; height = 256; - fps = 30; # only for webm - background = "020202"; # only for gif, transparency not supported + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported }; }; }; }; }; systemd.services.mautrix-telegram.path = with pkgs; [ - lottieconverter # for animated stickers conversion, unfree package - ffmpeg # if converting animated stickers to webm (very slow!) + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) ]; services.mautrix-whatsapp = { @@ -209,7 +215,7 @@ in { domain = matrixDomain; }; appservice = { - address= "http://localhost:29318"; + address = "http://localhost:29318"; hostname = "0.0.0.0"; port = 29318; database = { @@ -255,8 +261,7 @@ in { domain = matrixDomain; }; appservice = { - - address= "http://localhost:29328"; + address = "http://localhost:29328"; hostname = "0.0.0.0"; port = 29328; database = { @@ -282,7 +287,7 @@ in { # messages out after a while. systemd.timers."restart-bridges" = { - wantedBy = [ "timers.target" ]; + wantedBy = ["timers.target"]; timerConfig = { OnBootSec = "1d"; OnUnitActiveSec = "1d"; @@ -292,14 +297,13 @@ in { systemd.services."restart-bridges" = { script = '' - systemctl restart mautrix-whatsapp.service - systemctl restart mautrix-signal.service - systemctl restart mautrix-telegram.service - ''; + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; serviceConfig = { Type = "oneshot"; User = "root"; }; }; - } diff --git a/profiles/server1/nginx/hardware-configuration.nix b/profiles/server1/nginx/hardware-configuration.nix index 3fb34e8..0005a22 100644 --- a/profiles/server1/nginx/hardware-configuration.nix +++ b/profiles/server1/nginx/hardware-configuration.nix @@ -1,22 +1,20 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ lib, ... }: +{lib, ...}: { + imports = []; -{ - imports = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + fileSystems."/" = { + device = "/dev/mapper/pve-vm--119--disk--0"; + fsType = "ext4"; + }; - fileSystems."/" = - { device = "/dev/mapper/pve-vm--119--disk--0"; - fsType = "ext4"; - }; - - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/server1/nginx/nixos.nix b/profiles/server1/nginx/nixos.nix index 0b521f2..5f46699 100644 --- a/profiles/server1/nginx/nixos.nix +++ b/profiles/server1/nginx/nixos.nix @@ -1,5 +1,9 @@ -{ config, pkgs, modulesPath, ... }: { + config, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix @@ -21,12 +25,12 @@ nix.settings.experimental-features = ["nix-command" "flakes"]; sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; + age.sshKeyPaths = ["/etc/ssh/sops"]; defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml"; validateSopsFiles = false; - secrets.dnstokenfull = {owner="acme";}; + secrets.dnstokenfull = {owner = "acme";}; templates."certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; }; proxmoxLXC = { @@ -69,7 +73,6 @@ recommendedOptimisation = true; recommendedGzipSettings = true; virtualHosts = { - "stash.swarsel.win" = { enableACME = true; forceSSL = true; @@ -79,7 +82,7 @@ proxyPass = "https://192.168.1.5"; extraConfig = '' client_max_body_size 0; - ''; + ''; }; # "/push/" = { # proxyPass = "http://192.168.2.5:7867"; @@ -101,13 +104,12 @@ "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://192.168.1.23:8008"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; - "sound.swarsel.win" = { enableACME = true; forceSSL = true; @@ -117,13 +119,13 @@ proxyPass = "http://192.168.1.13:4040"; proxyWebsockets = true; extraConfig = '' - proxy_redirect http:// https://; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - proxy_buffering off; - proxy_request_buffering off; - client_max_body_size 0; - ''; + proxy_redirect http:// https://; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_buffering off; + proxy_request_buffering off; + client_max_body_size 0; + ''; }; }; }; @@ -136,8 +138,8 @@ "/" = { proxyPass = "http://192.168.1.24:28981"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -150,8 +152,8 @@ "/" = { proxyPass = "http://192.168.1.16:8096"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -164,8 +166,8 @@ "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://192.168.1.20:8008"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -178,8 +180,8 @@ "/" = { proxyPass = "http://192.168.1.22:8080"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -192,13 +194,11 @@ "/" = { proxyPass = "https://192.168.1.7"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; - }; }; - } diff --git a/profiles/server1/paperless/hardware-configuration.nix b/profiles/server1/paperless/hardware-configuration.nix index d670daf..269a999 100644 --- a/profiles/server1/paperless/hardware-configuration.nix +++ b/profiles/server1/paperless/hardware-configuration.nix @@ -1,22 +1,20 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ lib, ... }: +{lib, ...}: { + imports = []; -{ - imports = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + fileSystems."/" = { + device = "/dev/mapper/pve-vm--117--disk--0"; + fsType = "ext4"; + }; - fileSystems."/" = - { device = "/dev/mapper/pve-vm--117--disk--0"; - fsType = "ext4"; - }; - - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/server1/paperless/nixos.nix b/profiles/server1/paperless/nixos.nix index 0799aeb..50bc18a 100644 --- a/profiles/server1/paperless/nixos.nix +++ b/profiles/server1/paperless/nixos.nix @@ -1,14 +1,14 @@ -{ config, pkgs, modulesPath, ... }: - { - + config, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix ]; - - - + services = { xserver = { layout = "us"; @@ -17,36 +17,36 @@ openssh = { enable = true; settings.PermitRootLogin = "yes"; - listenAddresses = [{ - port = 22; - addr = "0.0.0.0"; - }]; + listenAddresses = [ + { + port = 22; + addr = "0.0.0.0"; + } + ]; }; }; - + nix.settings.experimental-features = ["nix-command" "flakes"]; - + proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; - + networking = { useDHCP = true; enableIPv6 = false; }; - + users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; - + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - + environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; - - users.groups.lxc_shares = { gid = 10000; @@ -68,10 +68,10 @@ }; sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; + age.sshKeyPaths = ["/etc/ssh/sops"]; defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml"; validateSopsFiles = false; - secrets.admin = { owner = "paperless";}; + secrets.admin = {owner = "paperless";}; }; services.paperless = { @@ -90,5 +90,4 @@ }; }; }; - } diff --git a/profiles/server1/sound/hardware-configuration.nix b/profiles/server1/sound/hardware-configuration.nix index 90e9724..5dd0f3c 100644 --- a/profiles/server1/sound/hardware-configuration.nix +++ b/profiles/server1/sound/hardware-configuration.nix @@ -1,28 +1,26 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ lib, ... }: +{lib, ...}: { + imports = []; -{ - imports = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + fileSystems."/" = { + device = "/mnt/data/images/118/vm-118-disk-0.raw"; + fsType = "ext4"; + options = ["loop"]; + }; - fileSystems."/" = - { device = "/mnt/data/images/118/vm-118-disk-0.raw"; - fsType = "ext4"; - options = [ "loop" ]; - }; + fileSystems."/media" = { + device = "//192.168.1.3/Eternor"; + fsType = "cifs"; + }; - fileSystems."/media" = - { device = "//192.168.1.3/Eternor"; - fsType = "cifs"; - }; - - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/server1/sound/nixos.nix b/profiles/server1/sound/nixos.nix index bb52dcb..7182bdf 100644 --- a/profiles/server1/sound/nixos.nix +++ b/profiles/server1/sound/nixos.nix @@ -1,14 +1,14 @@ -{ config, pkgs, modulesPath, ... }: - { - + config, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix ]; - - - + services = { xserver = { layout = "us"; @@ -17,36 +17,36 @@ openssh = { enable = true; settings.PermitRootLogin = "yes"; - listenAddresses = [{ - port = 22; - addr = "0.0.0.0"; - }]; + listenAddresses = [ + { + port = 22; + addr = "0.0.0.0"; + } + ]; }; }; - + nix.settings.experimental-features = ["nix-command" "flakes"]; - + proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; - + networking = { useDHCP = true; enableIPv6 = false; }; - + users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; - + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - + environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; - - proxmoxLXC.privileged = true; # manage hostname myself @@ -73,13 +73,13 @@ isSystemUser = true; uid = 61593; group = "navidrome"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = ["audio" "utmp"]; }; mpd = { isSystemUser = true; group = "mpd"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = ["audio" "utmp"]; }; }; }; @@ -103,10 +103,10 @@ ]; sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; + age.sshKeyPaths = ["/etc/ssh/sops"]; defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml"; validateSopsFiles = false; - secrets.mpdpass = { owner = "mpd";}; + secrets.mpdpass = {owner = "mpd";}; }; services.navidrome = { diff --git a/profiles/server1/spotifyd/hardware-configuration.nix b/profiles/server1/spotifyd/hardware-configuration.nix index c60b60b..45bf80c 100644 --- a/profiles/server1/spotifyd/hardware-configuration.nix +++ b/profiles/server1/spotifyd/hardware-configuration.nix @@ -1,22 +1,20 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ lib, ... }: +{lib, ...}: { + imports = []; -{ - imports = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + fileSystems."/" = { + device = "/dev/mapper/pve-vm--123--disk--0"; + fsType = "ext4"; + }; - fileSystems."/" = - { device = "/dev/mapper/pve-vm--123--disk--0"; - fsType = "ext4"; - }; - - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/server1/spotifyd/nixos.nix b/profiles/server1/spotifyd/nixos.nix index 4d66265..94846a8 100644 --- a/profiles/server1/spotifyd/nixos.nix +++ b/profiles/server1/spotifyd/nixos.nix @@ -1,14 +1,13 @@ -{ pkgs, modulesPath, ... }: - { - + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix ]; - - - + services = { xserver = { layout = "us"; @@ -17,36 +16,36 @@ openssh = { enable = true; settings.PermitRootLogin = "yes"; - listenAddresses = [{ - port = 22; - addr = "0.0.0.0"; - }]; + listenAddresses = [ + { + port = 22; + addr = "0.0.0.0"; + } + ]; }; }; - + nix.settings.experimental-features = ["nix-command" "flakes"]; - + proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself }; - + networking = { useDHCP = true; enableIPv6 = false; }; - + users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys ]; - + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - + environment.shellAliases = { nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; }; - - proxmoxLXC.privileged = true; # manage hostname myself @@ -58,7 +57,7 @@ isSystemUser = true; uid = 65136; group = "spotifyd"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = ["audio" "utmp"]; }; sound = { @@ -89,5 +88,4 @@ }; }; }; - } diff --git a/profiles/server1/transmission/hardware-configuration.nix b/profiles/server1/transmission/hardware-configuration.nix index b06fcbc..2468676 100644 --- a/profiles/server1/transmission/hardware-configuration.nix +++ b/profiles/server1/transmission/hardware-configuration.nix @@ -1,22 +1,20 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ lib, ... }: +{lib, ...}: { + imports = []; -{ - imports = [ ]; + boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + fileSystems."/" = { + device = "/dev/mapper/pve-vm--122--disk--0"; + fsType = "ext4"; + }; - fileSystems."/" = - { device = "/dev/mapper/pve-vm--122--disk--0"; - fsType = "ext4"; - }; - - swapDevices = [ ]; + swapDevices = []; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/server1/transmission/nixos.nix b/profiles/server1/transmission/nixos.nix index a90b8aa..6c78940 100644 --- a/profiles/server1/transmission/nixos.nix +++ b/profiles/server1/transmission/nixos.nix @@ -1,6 +1,9 @@ -{ config, pkgs, modulesPath, ... }: - { + config, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ./hardware-configuration.nix @@ -45,12 +48,12 @@ nix.settings.experimental-features = ["nix-command" "flakes"]; sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; + age.sshKeyPaths = ["/etc/ssh/sops"]; defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml"; validateSopsFiles = false; }; - boot.kernelModules = [ "tun" ]; + boot.kernelModules = ["tun"]; proxmoxLXC = { manageNetwork = true; # manage network myself manageHostName = false; # manage hostname myself @@ -83,38 +86,40 @@ networking.iproute2 = { enable = true; rttablesExtraConfig = '' - 200 vpn - ''; + 200 vpn + ''; }; environment.etc = { - "openvpn/iptables.sh" = - { source = ../../../scripts/server1/iptables.sh; - mode = "0755"; - }; - "openvpn/update-resolv-conf" = - { source = ../../../scripts/server1/update-resolv-conf; - mode = "0755"; - }; - "openvpn/routing.sh" = - { source = ../../../scripts/server1/routing.sh; - mode = "0755"; - }; - "openvpn/ca.rsa.2048.crt" = - { source = ../../../secrets/certs/ca.rsa.2048.crt; - mode = "0644"; - }; - "openvpn/crl.rsa.2048.pem" = - { source = ../../../secrets/certs/crl.rsa.2048.pem; - mode = "0644"; - }; + "openvpn/iptables.sh" = { + source = ../../../scripts/server1/iptables.sh; + mode = "0755"; + }; + "openvpn/update-resolv-conf" = { + source = ../../../scripts/server1/update-resolv-conf; + mode = "0755"; + }; + "openvpn/routing.sh" = { + source = ../../../scripts/server1/routing.sh; + mode = "0755"; + }; + "openvpn/ca.rsa.2048.crt" = { + source = ../../../secrets/certs/ca.rsa.2048.crt; + mode = "0644"; + }; + "openvpn/crl.rsa.2048.pem" = { + source = ../../../secrets/certs/crl.rsa.2048.pem; + mode = "0644"; + }; }; services.openssh = { enable = true; settings.PermitRootLogin = "yes"; - listenAddresses = [{ - port = 22; - addr = "0.0.0.0"; - }]; + listenAddresses = [ + { + port = 22; + addr = "0.0.0.0"; + } + ]; }; users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../secrets/keys/authorized_keys @@ -138,44 +143,44 @@ }; pia.content = '' - ${config.sops.placeholder.vpnuser} - ${config.sops.placeholder.vpnpass} - ''; + ${config.sops.placeholder.vpnuser} + ${config.sops.placeholder.vpnpass} + ''; vpn.content = '' - client - dev tun - proto ${config.sops.placeholder.vpnprot} - remote ${config.sops.placeholder.vpnloc} - resolv-retry infinite - nobind - persist-key - persist-tun - cipher aes-128-cbc - auth sha1 - tls-client - remote-cert-tls server + client + dev tun + proto ${config.sops.placeholder.vpnprot} + remote ${config.sops.placeholder.vpnloc} + resolv-retry infinite + nobind + persist-key + persist-tun + cipher aes-128-cbc + auth sha1 + tls-client + remote-cert-tls server - auth-user-pass ${config.sops.templates.pia.path} - compress - verb 1 - reneg-sec 0 + auth-user-pass ${config.sops.templates.pia.path} + compress + verb 1 + reneg-sec 0 - crl-verify /etc/openvpn/crl.rsa.2048.pem - ca /etc/openvpn/ca.rsa.2048.crt + crl-verify /etc/openvpn/crl.rsa.2048.pem + ca /etc/openvpn/ca.rsa.2048.crt - disable-occ - dhcp-option DNS 209.222.18.222 - dhcp-option DNS 209.222.18.218 - dhcp-option DNS 8.8.8.8 - route-noexec - ''; + disable-occ + dhcp-option DNS 209.222.18.222 + dhcp-option DNS 209.222.18.218 + dhcp-option DNS 8.8.8.8 + route-noexec + ''; }; secrets = { vpnuser = {}; - rpcuser = {owner="vpn";}; + rpcuser = {owner = "vpn";}; vpnpass = {}; - rpcpass = {owner="vpn";}; + rpcpass = {owner = "vpn";}; vpnprot = {}; vpnloc = {}; }; @@ -194,77 +199,74 @@ user = "vpn"; group = "lxc_shares"; settings = { - - alt-speed-down= 8000; - alt-speed-enabled= false; - alt-speed-time-begin= 0; - alt-speed-time-day= 127; - alt-speed-time-enabled= true; - alt-speed-time-end= 360; - alt-speed-up= 2000; - bind-address-ipv4= "0.0.0.0"; - bind-address-ipv6= "::"; - blocklist-enabled= false; - blocklist-url= "http://www.example.com/blocklist"; - cache-size-mb= 4; - dht-enabled= false; - download-dir= "/media/Eternor/New"; - download-limit= 100; - download-limit-enabled= 0; - download-queue-enabled= true; - download-queue-size= 5; - encryption= 2; - idle-seeding-limit= 30; - idle-seeding-limit-enabled= false; - incomplete-dir= "/var/lib/transmission-daemon/Downloads"; - incomplete-dir-enabled= false; - lpd-enabled= false; - max-peers-global= 200; - message-level= 1; - peer-congestion-algorithm= ""; - peer-id-ttl-hours= 6; - peer-limit-global= 100; - peer-limit-per-torrent= 40; - peer-port= 22371; - peer-port-random-high= 65535; - peer-port-random-low= 49152; - peer-port-random-on-start= false; - peer-socket-tos= "default"; - pex-enabled= false; - port-forwarding-enabled= false; - preallocation= 1; - prefetch-enabled= true; - queue-stalled-enabled= true; - queue-stalled-minutes= 30; - ratio-limit= 2; - ratio-limit-enabled= false; - rename-partial-files= true; - rpc-authentication-required= true; - rpc-bind-address= "0.0.0.0"; - rpc-enabled= true; - rpc-host-whitelist= ""; - rpc-host-whitelist-enabled= true; - rpc-port= 9091; - rpc-url= "/transmission/"; - rpc-whitelist= "127.0.0.1,192.168.3.2"; - rpc-whitelist-enabled= true; - scrape-paused-torrents-enabled= true; - script-torrent-done-enabled= false; - seed-queue-enabled= false; - seed-queue-size= 10; - speed-limit-down= 6000; - speed-limit-down-enabled= true; - speed-limit-up= 500; - speed-limit-up-enabled= true; - start-added-torrents= true; - trash-original-torrent-files= false; - umask= 2; - upload-limit= 100; - upload-limit-enabled= 0; - upload-slots-per-torrent= 14; - utp-enabled= false; + alt-speed-down = 8000; + alt-speed-enabled = false; + alt-speed-time-begin = 0; + alt-speed-time-day = 127; + alt-speed-time-enabled = true; + alt-speed-time-end = 360; + alt-speed-up = 2000; + bind-address-ipv4 = "0.0.0.0"; + bind-address-ipv6 = "::"; + blocklist-enabled = false; + blocklist-url = "http://www.example.com/blocklist"; + cache-size-mb = 4; + dht-enabled = false; + download-dir = "/media/Eternor/New"; + download-limit = 100; + download-limit-enabled = 0; + download-queue-enabled = true; + download-queue-size = 5; + encryption = 2; + idle-seeding-limit = 30; + idle-seeding-limit-enabled = false; + incomplete-dir = "/var/lib/transmission-daemon/Downloads"; + incomplete-dir-enabled = false; + lpd-enabled = false; + max-peers-global = 200; + message-level = 1; + peer-congestion-algorithm = ""; + peer-id-ttl-hours = 6; + peer-limit-global = 100; + peer-limit-per-torrent = 40; + peer-port = 22371; + peer-port-random-high = 65535; + peer-port-random-low = 49152; + peer-port-random-on-start = false; + peer-socket-tos = "default"; + pex-enabled = false; + port-forwarding-enabled = false; + preallocation = 1; + prefetch-enabled = true; + queue-stalled-enabled = true; + queue-stalled-minutes = 30; + ratio-limit = 2; + ratio-limit-enabled = false; + rename-partial-files = true; + rpc-authentication-required = true; + rpc-bind-address = "0.0.0.0"; + rpc-enabled = true; + rpc-host-whitelist = ""; + rpc-host-whitelist-enabled = true; + rpc-port = 9091; + rpc-url = "/transmission/"; + rpc-whitelist = "127.0.0.1,192.168.3.2"; + rpc-whitelist-enabled = true; + scrape-paused-torrents-enabled = true; + script-torrent-done-enabled = false; + seed-queue-enabled = false; + seed-queue-size = 10; + speed-limit-down = 6000; + speed-limit-down-enabled = true; + speed-limit-up = 500; + speed-limit-up-enabled = true; + start-added-torrents = true; + trash-original-torrent-files = false; + umask = 2; + upload-limit = 100; + upload-limit-enabled = 0; + upload-slots-per-torrent = 14; + utp-enabled = false; }; }; - - } diff --git a/profiles/threed/hardware-configuration.nix b/profiles/threed/hardware-configuration.nix index daeeba4..8b50088 100644 --- a/profiles/threed/hardware-configuration.nix +++ b/profiles/threed/hardware-configuration.nix @@ -1,31 +1,34 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: - { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; - fileSystems."/" = - { device = "/dev/disk/by-uuid/4a590cad-28d9-4153-bdb8-e424ec3bd5c8"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/4a590cad-28d9-4153-bdb8-e424ec3bd5c8"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/C67D-61AD"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/C67D-61AD"; + fsType = "vfat"; + }; - swapDevices = - [ { device = "/dev/disk/by-uuid/b07aac27-a443-489c-9fdb-01c1ef633699"; } - ]; + swapDevices = [ + {device = "/dev/disk/by-uuid/b07aac27-a443-489c-9fdb-01c1ef633699";} + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/profiles/threed/home.nix b/profiles/threed/home.nix index 5bdc6c3..57cef2b 100644 --- a/profiles/threed/home.nix +++ b/profiles/threed/home.nix @@ -1,8 +1,8 @@ -{ config, pkgs, ... }: - { - - + config, + pkgs, + ... +}: { services.gpg-agent = { enable = true; enableSshSupport = true; @@ -11,11 +11,10 @@ defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry + allow-loopback-pinentry + allow-emacs-pinentry ''; - }; - + }; home = { username = "swarsel"; @@ -26,32 +25,32 @@ ]; }; - sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; + sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"]; programs.waybar.settings.mainBar = { cpu.format = "{icon0} {icon1} {icon2} {icon3}"; temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input"; }; - - programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "custom/pseudobat" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; - - wayland.windowManager.sway= { + programs.waybar.settings.mainBar.modules-right = [ + "custom/outer-left-arrow-dark" + "mpris" + "custom/left-arrow-light" + "network" + "custom/left-arrow-dark" + "pulseaudio" + "custom/left-arrow-light" + "custom/pseudobat" + "battery" + "custom/left-arrow-dark" + "group/hardware" + "custom/left-arrow-light" + "clock#2" + "custom/left-arrow-dark" + "clock#1" + ]; + + wayland.windowManager.sway = { config = rec { input = { "*" = { @@ -78,8 +77,8 @@ keybindings = let inherit (config.wayland.windowManager.sway.config) modifier; in { - "${modifier}+F2" = "exec brightnessctl set +5%"; - "${modifier}+F1"= "exec brightnessctl set 5%-"; + "${modifier}+F2" = "exec brightnessctl set +5%"; + "${modifier}+F1" = "exec brightnessctl set 5%-"; "${modifier}+n" = "exec sway output eDP-1 transform normal, splith"; "${modifier}+Ctrl+p" = "exec wl-mirror eDP-1"; "${modifier}+t" = "exec sway output eDP-1 transform 90, splitv"; @@ -89,14 +88,12 @@ }; startup = [ - - { command = "nextcloud --background";} - { command = "discord --start-minimized";} - { command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} - { command = "ANKI_WAYLAND=1 anki";} - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} - { command = "nm-applet";} - + {command = "nextcloud --background";} + {command = "discord --start-minimized";} + {command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} + {command = "ANKI_WAYLAND=1 anki";} + {command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} + {command = "nm-applet";} ]; keycodebindings = { diff --git a/profiles/threed/nixos.nix b/profiles/threed/nixos.nix index a22d575..010739d 100644 --- a/profiles/threed/nixos.nix +++ b/profiles/threed/nixos.nix @@ -1,16 +1,15 @@ -{ lib, pkgs, ... }: - { - - imports = - [ - ./hardware-configuration.nix - ]; - + lib, + pkgs, + ... +}: { + imports = [ + ./hardware-configuration.nix + ]; services = { getty.autologinUser = "swarsel"; - greetd.settings.initial_session.user="swarsel"; + greetd.settings.initial_session.user = "swarsel"; }; hardware.bluetooth.enable = true; @@ -35,7 +34,7 @@ }; stylix.image = ../../wallpaper/surfacewp.png; - + stylix = { enable = true; base16Scheme = ../../wallpaper/swarsel.yaml; @@ -60,7 +59,7 @@ # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; - + sansSerif = { # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); package = pkgs.cantarell-fonts; @@ -69,26 +68,23 @@ # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; - + monospace = { - package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; + package = pkgs.nerdfonts.override {fonts = ["FiraCode"];}; name = "FiraCode Nerd Font Mono"; }; - + emoji = { package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; }; }; }; - - - users.users.swarsel = { isNormalUser = true; description = "Leon S"; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; + extraGroups = ["networkmanager" "wheel" "lp" "audio" "video"]; packages = with pkgs; []; }; @@ -96,5 +92,4 @@ ]; system.stateVersion = "23.05"; - } diff --git a/profiles/winters/home.nix b/profiles/winters/home.nix index b6c00bd..9ec26a8 100644 --- a/profiles/winters/home.nix +++ b/profiles/winters/home.nix @@ -1,8 +1,8 @@ -{ config, pkgs, ... }: - { - - + config, + pkgs, + ... +}: { services.gpg-agent = { enable = true; enableSshSupport = true; @@ -11,11 +11,11 @@ defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry + allow-loopback-pinentry + allow-emacs-pinentry ''; - }; - + }; + home = { username = "swarsel"; homeDirectory = "/home/swarsel"; @@ -24,7 +24,7 @@ packages = with pkgs; [ ]; }; - sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; + sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"]; # waybar config - TEMPLATE - update for cores and temp programs.waybar.settings.mainBar = { @@ -34,26 +34,25 @@ temperature.input-filename = "temp1_input"; }; - - programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "custom/pseudobat" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; - + programs.waybar.settings.mainBar.modules-right = [ + "custom/outer-left-arrow-dark" + "mpris" + "custom/left-arrow-light" + "network" + "custom/left-arrow-dark" + "pulseaudio" + "custom/left-arrow-light" + "custom/pseudobat" + "battery" + "custom/left-arrow-dark" + "group/hardware" + "custom/left-arrow-light" + "clock#2" + "custom/left-arrow-dark" + "clock#1" + ]; - wayland.windowManager.sway= { + wayland.windowManager.sway = { config = rec { # update for actual inputs here, input = { @@ -61,7 +60,8 @@ xkb_layout = "us"; xkb_variant = "altgr-intl"; }; - "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE + "1:1:AT_Translated_Set_2_keyboard" = { + # TEMPLATE xkb_layout = "us"; xkb_options = "grp:win_space_toggle"; xkb_variant = "altgr-intl"; @@ -72,7 +72,6 @@ natural_scroll = "enabled"; middle_emulation = "enabled"; }; - }; output = { @@ -92,11 +91,16 @@ }; workspaceOutputAssign = [ - { output = "eDP-1"; workspace = "1:一";} - { output = "HDMI-A-1"; workspace = "2:二";} + { + output = "eDP-1"; + workspace = "1:一"; + } + { + output = "HDMI-A-1"; + workspace = "2:二"; + } ]; - # keybindings = let # inherit (config.wayland.windowManager.sway.config) modifier; # in { @@ -104,14 +108,12 @@ # }; startup = [ - - { command = "nextcloud --background";} - { command = "discord --start-minimized";} - { command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} - { command = "ANKI_WAYLAND=1 anki";} - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} - { command = "nm-applet";} - + {command = "nextcloud --background";} + {command = "discord --start-minimized";} + {command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} + {command = "ANKI_WAYLAND=1 anki";} + {command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} + {command = "nm-applet";} ]; }; }; diff --git a/profiles/winters/nixos.nix b/profiles/winters/nixos.nix index c272248..72c6d73 100644 --- a/profiles/winters/nixos.nix +++ b/profiles/winters/nixos.nix @@ -1,21 +1,17 @@ -{ pkgs, ... }: - -{ - - # +{pkgs, ...}: { + # # imports = # [ # ./hardware-configuration.nix # ]; - # - imports = - [ - ./hardware-configuration.nix - ]; + # + imports = [ + ./hardware-configuration.nix + ]; services = { getty.autologinUser = "swarsel"; - greetd.settings.initial_session.user="swarsel"; + greetd.settings.initial_session.user = "swarsel"; }; boot = { @@ -31,8 +27,8 @@ firewall.checkReversePath = "strict"; firewall = { enable = true; - allowedUDPPorts = [ ]; - allowedTCPPorts = [ ]; + allowedUDPPorts = []; + allowedTCPPorts = []; allowedTCPPortRanges = [ ]; allowedUDPPortRanges = [ @@ -42,17 +38,17 @@ virtualisation.virtualbox = { host = { - enable = true; - enableExtensionPack = true; + enable = true; + enableExtensionPack = true; }; # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch guest = { enable = false; - }; }; + }; stylix.image = ../../wallpaper/lenovowp.png; - + stylix = { enable = true; base16Scheme = ../../wallpaper/swarsel.yaml; @@ -77,7 +73,7 @@ # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; - + sansSerif = { # package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; }); package = pkgs.cantarell-fonts; @@ -86,31 +82,28 @@ # name = "FiraCode Nerd Font Propo"; # name = "Montserrat"; }; - + monospace = { - package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; + package = pkgs.nerdfonts.override {fonts = ["FiraCode"];}; name = "FiraCode Nerd Font Mono"; }; - + emoji = { package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji"; }; }; }; - - - hardware = { - graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ - ]; - }; - bluetooth.enable = true; + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + ]; }; + bluetooth.enable = true; + }; programs.steam = { enable = true; @@ -124,7 +117,7 @@ users.users.swarsel = { isNormalUser = true; description = "Leon S"; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; + extraGroups = ["networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner"]; packages = with pkgs; []; }; @@ -140,6 +133,4 @@ ]; system.stateVersion = "23.05"; - - } diff --git a/programs/emacs/init.el b/programs/emacs/init.el index c543a8a..b44bff4 100644 --- a/programs/emacs/init.el +++ b/programs/emacs/init.el @@ -171,28 +171,23 @@ create a new one." visual-fill-column-center-text t) (visual-fill-column-mode 1)) -(defun swarsel/org-babel-tangle-config () - (when (string-equal (buffer-file-name) - swarsel-swarsel-org-filepath) - ;; Dynamic scoping to the rescue - (let ((org-confirm-babel-evaluate nil)) - (org-html-export-to-html) - (org-babel-tangle))) - (when (string-equal (buffer-file-name) - swarsel-emacs-org-filepath) - ;; Dynamic scoping to the rescue - (let ((org-confirm-babel-evaluate nil)) - (org-html-export-to-html) - (org-babel-tangle))) - (when (string-equal (buffer-file-name) - swarsel-nix-org-filepath) - ;; Dynamic scoping to the rescue - (let ((org-confirm-babel-evaluate nil)) - (org-babel-tangle)))) - -(setq org-html-htmlize-output-type nil) - -(add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config))) +(defun run-alejandra () + (interactive) + (let ((default-directory (expand-file-name "~/.dotfiles"))) + (shell-command "alejandra . -q"))) + + (defun swarsel/org-babel-tangle-config () + (when (string-equal (buffer-file-name) + swarsel-swarsel-org-filepath) + ;; Dynamic scoping to the rescue + (let ((org-confirm-babel-evaluate nil)) + (org-html-export-to-html) + (org-babel-tangle) + (run-alejandra)))) + + (setq org-html-htmlize-output-type nil) + + (add-hook 'org-mode-hook (lambda () (add-hook 'after-save-hook #'swarsel/org-babel-tangle-config))) (defun org-fold-outer () (interactive) diff --git a/templates/cpp_flake.nix b/templates/cpp_flake.nix index 58f9dd4..e45392c 100644 --- a/templates/cpp_flake.nix +++ b/templates/cpp_flake.nix @@ -11,7 +11,6 @@ llvm = pkgs.llvmPackages_latest; in { devShells.${system}.default = pkgs.mkShell { - packages = with pkgs; [ gcc #builder @@ -29,10 +28,9 @@ hardeningDisable = ["all"]; # direnv does not allow aliases, use scripts as a workaround shellHook = '' - PATH_add ~/.dotfiles/scripts/devShell + PATH_add ~/.dotfiles/scripts/devShell ''; # ... - }; }; } diff --git a/templates/cu_flake.nix b/templates/cu_flake.nix index 3ffd432..a0d2035 100644 --- a/templates/cu_flake.nix +++ b/templates/cu_flake.nix @@ -7,10 +7,12 @@ outputs = {nixpkgs, ...}: let system = "x86_64-linux"; - pkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; }; + pkgs = import nixpkgs { + system = "x86_64-linux"; + config.allowUnfree = true; + }; in { devShells.${system}.default = pkgs.mkShell { - packages = with pkgs; [ # gcc #builder @@ -39,7 +41,6 @@ ]; hardeningDisable = ["all"]; # ... - }; }; } diff --git a/templates/other_flake.nix b/templates/other_flake.nix index 514cce1..d0e050f 100644 --- a/templates/other_flake.nix +++ b/templates/other_flake.nix @@ -9,7 +9,6 @@ pkgs = nixpkgs.legacyPackages.${system}; in { devShells.${system}.default = pkgs.mkShell { - packages = with pkgs; [ # fill here ]; diff --git a/templates/py_flake.nix b/templates/py_flake.nix index 5664ef9..5fd0c86 100644 --- a/templates/py_flake.nix +++ b/templates/py_flake.nix @@ -9,7 +9,6 @@ pkgs = nixpkgs.legacyPackages.${system}; in { devShells.${system}.default = pkgs.mkShell { - packages = [ (pkgs.python3.withPackages (python-pkgs: [ python-pkgs.numpy diff --git a/templates/rust_flake.nix b/templates/rust_flake.nix index 95a7bd2..125affb 100644 --- a/templates/rust_flake.nix +++ b/templates/rust_flake.nix @@ -5,7 +5,11 @@ rust-overlay.url = "github:oxalica/rust-overlay"; }; - outputs = { nixpkgs, rust-overlay, ...}: let + outputs = { + nixpkgs, + rust-overlay, + ... + }: let system = "x86_64-linux"; pkgs = import nixpkgs { inherit system; @@ -14,7 +18,6 @@ toolchain = pkgs.rust-bin.fromRustupToolchainFile ./toolchain.toml; in { devShells.${system}.default = pkgs.mkShell { - packages = with pkgs; [ cargo clippy @@ -27,10 +30,9 @@ env = { RUST_BACKTRACE = "full"; }; - RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library"; + RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library"; # ... - }; }; }