From 6cbe60c7848a28db80a876faa6db504ad3e02b0d Mon Sep 17 00:00:00 2001 From: Julian Mutter Date: Mon, 23 Mar 2026 20:34:48 +0100 Subject: [PATCH] Start migration to using flake-parts --- .../alacritty/default.nix | 0 .../direnv/default.nix | 0 .../emacs/default.nix | 0 .../fish/default.nix | 0 .../fish/last-working-dir.fish | 0 .../fish/starship.toml | 0 .../fonts/default.nix | 0 .../gammastep/default.nix | 0 .../ghostty/default.nix | 0 .../gtk/default.nix | 0 .../hyprland/default.nix | 0 .../hyprland/hyprbars.nix | 0 .../hyprland/hyprlock/default.nix | 0 .../hyprland/mako/default.nix | 0 .../hyprland/swayidle.nix | 0 .../hyprland/swaylock.nix | 0 .../hyprland/toggle-screen-mirroring.sh | 0 .../hyprland/waybar/config.json | 0 .../hyprland/waybar/default.nix | 0 .../hyprland/waybar/style.css | 0 .../hyprland/waypipe.nix | 0 .../hyprland/wlogout/default.nix | 0 .../hyprland/wofi/config | 0 .../hyprland/wofi/default.nix | 0 .../hyprland/zathura.nix | 0 .../i3/default.nix | 0 .../i3/i3-scrot.conf | 0 .../i3/i3/config | 0 .../i3/i3/config-kardorf | 0 .../i3/i3/manjaro-default-config | 0 .../i3/i3/scripts/display-layoutpicker | 0 .../i3/i3/scripts/display-toggle-mirror | 0 .../i3/i3/scripts/jupyter-calculator | 0 .../i3/i3/scripts/mymatlab.sh | 0 .../i3/i3/scripts/rofi_calc | 0 .../i3/i3/scripts/setupZoom | 0 .../i3/i3/workspace-chat-element-tele.json | 0 .../workspace-chat-schildi-tele-rocket.json | 0 .../i3/i3/workspace-chat-schildi-tele.json | 0 .../i3/i3/workspace-zoom.json | 0 .../i3/i3status-rust/config.toml | 0 .../kitty/default.nix | 0 .../neovim/default.nix | 0 .../nix-helper/default.nix | 0 .../qt-distrobox/default.nix | 0 .../rofi/config.rasi | 0 .../rofi/default.nix | 0 .../suites/cli/default.nix | 0 .../suites/desktop/default.nix | 0 .../suites/development/default.nix | 0 .../tmux/default.nix | 0 .../topgrade/default.nix | 0 .../wezterm/default.nix | 0 .../yazi/default.nix | 0 .../zsh/default.nix | 0 .../zsh/dir-navigation.zsh | 0 .../zsh/functions.zsh | 0 .../zsh/key-bindings.zsh | 0 .../zsh/last-working-dir.zsh | 0 .../zsh/starship.toml | 0 features-nixos/base/auto-upgrade.nix | 18 + features-nixos/base/default.nix | 40 ++ features-nixos/base/fish.nix | 12 + features-nixos/base/locale.nix | 28 + features-nixos/base/nix.nix | 48 ++ features-nixos/base/root.nix | 11 + .../base/sops}/secrets.yaml | 0 features-nixos/base/sops/sops.nix | 24 + features-nixos/optional/authentication.nix | 31 + features-nixos/optional/avahi.nix | 14 + features-nixos/optional/binarycaches.nix | 33 + features-nixos/optional/boot-efi.nix | 19 + features-nixos/optional/docker.nix | 7 + features-nixos/optional/flatpak.nix | 8 + features-nixos/optional/gamemode.nix | 23 + features-nixos/optional/gdm.nix | 15 + features-nixos/optional/greetd.nix | 39 ++ features-nixos/optional/i3.nix | 18 + features-nixos/optional/kerberos.nix | 25 + features-nixos/optional/openssh.nix | 51 ++ features-nixos/optional/pcmanfm.nix | 11 + features-nixos/optional/pipewire.nix | 30 + features-nixos/optional/podman.nix | 12 + features-nixos/optional/redshift.nix | 14 + features-nixos/optional/remote-builder.nix | 36 + features-nixos/optional/thunar.nix | 18 + features-nixos/optional/virtualbox.nix | 14 + features-nixos/optional/wireguard.nix | 14 + features-nixos/optional/wireshark.nix | 11 + features-nixos/optional/xserver.nix | 8 + features-nixos/users/julian/default.nix | 52 ++ features-nixos/users/pob/default.nix | 30 + features-nixos/users/wolfi/default.nix | 32 + features-nixos/users/yukari/default.nix | 99 +++ flake.nix | 300 +++++---- hosts/aspi/default.nix | 116 ++-- hosts/aspi/hardware-configuration.nix | 144 ++-- hosts/builder/default.nix | 636 +++++++++--------- hosts/builder/hardware-configuration.nix | 96 +-- hosts/common/global/auto-upgrade.nix | 16 - hosts/common/global/default.nix | 47 -- hosts/common/global/fish.nix | 10 - hosts/common/global/locale.nix | 26 - hosts/common/global/nix.nix | 46 -- hosts/common/global/root.nix | 9 - hosts/common/global/sops.nix | 22 - hosts/common/optional/authentication.nix | 29 - hosts/common/optional/avahi.nix | 12 - hosts/common/optional/binarycaches.nix | 31 - hosts/common/optional/boot-efi.nix | 17 - hosts/common/optional/docker.nix | 5 - hosts/common/optional/flatpak.nix | 6 - hosts/common/optional/gamemode.nix | 21 - hosts/common/optional/gdm.nix | 13 - hosts/common/optional/greetd.nix | 37 - hosts/common/optional/i3.nix | 16 - hosts/common/optional/kerberos.nix | 23 - hosts/common/optional/openssh.nix | 49 -- hosts/common/optional/pcmanfm.nix | 9 - hosts/common/optional/pipewire.nix | 28 - hosts/common/optional/podman.nix | 10 - hosts/common/optional/redshift.nix | 12 - hosts/common/optional/remote-builder.nix | 34 - hosts/common/optional/thunar.nix | 16 - hosts/common/optional/virtualbox.nix | 12 - hosts/common/optional/wireguard.nix | 12 - hosts/common/optional/wireshark.nix | 9 - hosts/common/optional/xserver.nix | 6 - hosts/common/users/julian/default.nix | 50 -- hosts/common/users/pob/default.nix | 28 - hosts/common/users/wolfi/default.nix | 30 - hosts/common/users/yukari/default.nix | 97 --- hosts/kardorf/default.nix | 81 ++- hosts/kardorf/hardware-configuration.nix | 165 +++-- hosts/pianonix/default.nix | 523 +++++++------- hosts/pianonix/hardware-configuration.nix | 71 +- .../acer-battery-health-mode/default.nix | 0 {pkgs => packages}/conda-direnv/default.nix | 0 {pkgs => packages}/default.nix | 0 .../deploy-to-pianopi/default.nix | 0 {pkgs => packages}/edit-config/default.nix | 0 {pkgs => packages}/hyprshot-gui/default.nix | 0 {pkgs => packages}/install/default.nix | 0 {pkgs => packages}/lntocp/default.nix | 0 {pkgs => packages}/open-messaging/default.nix | 0 .../piano-led-visualizer/default.nix | 0 .../piano-led-visualizer/fix-log-dir.patch | 0 .../piano-led-visualizer/setup.py | 0 {pkgs => packages}/pob2-frajul/default.nix | 0 {pkgs => packages}/pob2/default.nix | 0 .../pulseaudio-popup/default.nix | 0 .../rpi-ws281x-python/default.nix | 0 {pkgs => packages}/rtklib/default.nix | 0 {pkgs => packages}/sos/default.nix | 0 .../typst-languagetool/default.nix | 0 {pkgs => packages}/wl-ocr/default.nix | 0 .../xwacomcalibrate/default.nix | 0 .../xwacomcalibrate/xwacomcalibrate.sh | 0 158 files changed, 1935 insertions(+), 1830 deletions(-) rename {homes/julian/features => features-home-manager}/alacritty/default.nix (100%) rename {homes/julian/features => features-home-manager}/direnv/default.nix (100%) rename {homes/julian/features => features-home-manager}/emacs/default.nix (100%) rename {homes/julian/features => features-home-manager}/fish/default.nix (100%) rename {homes/julian/features => features-home-manager}/fish/last-working-dir.fish (100%) rename {homes/julian/features => features-home-manager}/fish/starship.toml (100%) rename {homes/julian/features => features-home-manager}/fonts/default.nix (100%) rename {homes/julian/features => features-home-manager}/gammastep/default.nix (100%) rename {homes/julian/features => features-home-manager}/ghostty/default.nix (100%) rename {homes/julian/features => features-home-manager}/gtk/default.nix (100%) rename {homes/julian/features => features-home-manager}/hyprland/default.nix (100%) rename {homes/julian/features => features-home-manager}/hyprland/hyprbars.nix (100%) rename {homes/julian/features => features-home-manager}/hyprland/hyprlock/default.nix (100%) rename {homes/julian/features => features-home-manager}/hyprland/mako/default.nix (100%) rename {homes/julian/features => features-home-manager}/hyprland/swayidle.nix (100%) rename {homes/julian/features => features-home-manager}/hyprland/swaylock.nix (100%) rename {homes/julian/features => features-home-manager}/hyprland/toggle-screen-mirroring.sh (100%) rename {homes/julian/features => features-home-manager}/hyprland/waybar/config.json (100%) rename {homes/julian/features => features-home-manager}/hyprland/waybar/default.nix (100%) rename {homes/julian/features => features-home-manager}/hyprland/waybar/style.css (100%) rename {homes/julian/features => features-home-manager}/hyprland/waypipe.nix (100%) rename {homes/julian/features => features-home-manager}/hyprland/wlogout/default.nix (100%) rename {homes/julian/features => features-home-manager}/hyprland/wofi/config (100%) rename {homes/julian/features => features-home-manager}/hyprland/wofi/default.nix (100%) rename {homes/julian/features => features-home-manager}/hyprland/zathura.nix (100%) rename {homes/julian/features => features-home-manager}/i3/default.nix (100%) rename {homes/julian/features => features-home-manager}/i3/i3-scrot.conf (100%) rename {homes/julian/features => features-home-manager}/i3/i3/config (100%) rename {homes/julian/features => features-home-manager}/i3/i3/config-kardorf (100%) rename {homes/julian/features => features-home-manager}/i3/i3/manjaro-default-config (100%) rename {homes/julian/features => features-home-manager}/i3/i3/scripts/display-layoutpicker (100%) rename {homes/julian/features => features-home-manager}/i3/i3/scripts/display-toggle-mirror (100%) rename {homes/julian/features => features-home-manager}/i3/i3/scripts/jupyter-calculator (100%) rename {homes/julian/features => features-home-manager}/i3/i3/scripts/mymatlab.sh (100%) rename {homes/julian/features => features-home-manager}/i3/i3/scripts/rofi_calc (100%) rename {homes/julian/features => features-home-manager}/i3/i3/scripts/setupZoom (100%) rename {homes/julian/features => features-home-manager}/i3/i3/workspace-chat-element-tele.json (100%) rename {homes/julian/features => features-home-manager}/i3/i3/workspace-chat-schildi-tele-rocket.json (100%) rename {homes/julian/features => features-home-manager}/i3/i3/workspace-chat-schildi-tele.json (100%) rename {homes/julian/features => features-home-manager}/i3/i3/workspace-zoom.json (100%) rename {homes/julian/features => features-home-manager}/i3/i3status-rust/config.toml (100%) rename {homes/julian/features => features-home-manager}/kitty/default.nix (100%) rename {homes/julian/features => features-home-manager}/neovim/default.nix (100%) rename {homes/julian/features => features-home-manager}/nix-helper/default.nix (100%) rename {homes/julian/features => features-home-manager}/qt-distrobox/default.nix (100%) rename {homes/julian/features => features-home-manager}/rofi/config.rasi (100%) rename {homes/julian/features => features-home-manager}/rofi/default.nix (100%) rename {homes/julian/features => features-home-manager}/suites/cli/default.nix (100%) rename {homes/julian/features => features-home-manager}/suites/desktop/default.nix (100%) rename {homes/julian/features => features-home-manager}/suites/development/default.nix (100%) rename {homes/julian/features => features-home-manager}/tmux/default.nix (100%) rename {homes/julian/features => features-home-manager}/topgrade/default.nix (100%) rename {homes/julian/features => features-home-manager}/wezterm/default.nix (100%) rename {homes/julian/features => features-home-manager}/yazi/default.nix (100%) rename {homes/julian/features => features-home-manager}/zsh/default.nix (100%) rename {homes/julian/features => features-home-manager}/zsh/dir-navigation.zsh (100%) rename {homes/julian/features => features-home-manager}/zsh/functions.zsh (100%) rename {homes/julian/features => features-home-manager}/zsh/key-bindings.zsh (100%) rename {homes/julian/features => features-home-manager}/zsh/last-working-dir.zsh (100%) rename {homes/julian/features => features-home-manager}/zsh/starship.toml (100%) create mode 100644 features-nixos/base/auto-upgrade.nix create mode 100644 features-nixos/base/default.nix create mode 100644 features-nixos/base/fish.nix create mode 100644 features-nixos/base/locale.nix create mode 100644 features-nixos/base/nix.nix create mode 100644 features-nixos/base/root.nix rename {hosts/common => features-nixos/base/sops}/secrets.yaml (100%) create mode 100644 features-nixos/base/sops/sops.nix create mode 100644 features-nixos/optional/authentication.nix create mode 100644 features-nixos/optional/avahi.nix create mode 100644 features-nixos/optional/binarycaches.nix create mode 100644 features-nixos/optional/boot-efi.nix create mode 100644 features-nixos/optional/docker.nix create mode 100644 features-nixos/optional/flatpak.nix create mode 100644 features-nixos/optional/gamemode.nix create mode 100644 features-nixos/optional/gdm.nix create mode 100644 features-nixos/optional/greetd.nix create mode 100644 features-nixos/optional/i3.nix create mode 100644 features-nixos/optional/kerberos.nix create mode 100644 features-nixos/optional/openssh.nix create mode 100644 features-nixos/optional/pcmanfm.nix create mode 100644 features-nixos/optional/pipewire.nix create mode 100644 features-nixos/optional/podman.nix create mode 100644 features-nixos/optional/redshift.nix create mode 100644 features-nixos/optional/remote-builder.nix create mode 100644 features-nixos/optional/thunar.nix create mode 100644 features-nixos/optional/virtualbox.nix create mode 100644 features-nixos/optional/wireguard.nix create mode 100644 features-nixos/optional/wireshark.nix create mode 100644 features-nixos/optional/xserver.nix create mode 100644 features-nixos/users/julian/default.nix create mode 100644 features-nixos/users/pob/default.nix create mode 100644 features-nixos/users/wolfi/default.nix create mode 100644 features-nixos/users/yukari/default.nix delete mode 100644 hosts/common/global/auto-upgrade.nix delete mode 100644 hosts/common/global/default.nix delete mode 100644 hosts/common/global/fish.nix delete mode 100644 hosts/common/global/locale.nix delete mode 100644 hosts/common/global/nix.nix delete mode 100644 hosts/common/global/root.nix delete mode 100644 hosts/common/global/sops.nix delete mode 100644 hosts/common/optional/authentication.nix delete mode 100644 hosts/common/optional/avahi.nix delete mode 100644 hosts/common/optional/binarycaches.nix delete mode 100644 hosts/common/optional/boot-efi.nix delete mode 100644 hosts/common/optional/docker.nix delete mode 100644 hosts/common/optional/flatpak.nix delete mode 100644 hosts/common/optional/gamemode.nix delete mode 100644 hosts/common/optional/gdm.nix delete mode 100644 hosts/common/optional/greetd.nix delete mode 100644 hosts/common/optional/i3.nix delete mode 100644 hosts/common/optional/kerberos.nix delete mode 100644 hosts/common/optional/openssh.nix delete mode 100644 hosts/common/optional/pcmanfm.nix delete mode 100644 hosts/common/optional/pipewire.nix delete mode 100644 hosts/common/optional/podman.nix delete mode 100644 hosts/common/optional/redshift.nix delete mode 100644 hosts/common/optional/remote-builder.nix delete mode 100644 hosts/common/optional/thunar.nix delete mode 100644 hosts/common/optional/virtualbox.nix delete mode 100644 hosts/common/optional/wireguard.nix delete mode 100644 hosts/common/optional/wireshark.nix delete mode 100644 hosts/common/optional/xserver.nix delete mode 100644 hosts/common/users/julian/default.nix delete mode 100644 hosts/common/users/pob/default.nix delete mode 100644 hosts/common/users/wolfi/default.nix delete mode 100644 hosts/common/users/yukari/default.nix rename {pkgs => packages}/acer-battery-health-mode/default.nix (100%) rename {pkgs => packages}/conda-direnv/default.nix (100%) rename {pkgs => packages}/default.nix (100%) rename {pkgs => packages}/deploy-to-pianopi/default.nix (100%) rename {pkgs => packages}/edit-config/default.nix (100%) rename {pkgs => packages}/hyprshot-gui/default.nix (100%) rename {pkgs => packages}/install/default.nix (100%) rename {pkgs => packages}/lntocp/default.nix (100%) rename {pkgs => packages}/open-messaging/default.nix (100%) rename {pkgs => packages}/piano-led-visualizer/default.nix (100%) rename {pkgs => packages}/piano-led-visualizer/fix-log-dir.patch (100%) rename {pkgs => packages}/piano-led-visualizer/setup.py (100%) rename {pkgs => packages}/pob2-frajul/default.nix (100%) rename {pkgs => packages}/pob2/default.nix (100%) rename {pkgs => packages}/pulseaudio-popup/default.nix (100%) rename {pkgs => packages}/rpi-ws281x-python/default.nix (100%) rename {pkgs => packages}/rtklib/default.nix (100%) rename {pkgs => packages}/sos/default.nix (100%) rename {pkgs => packages}/typst-languagetool/default.nix (100%) rename {pkgs => packages}/wl-ocr/default.nix (100%) rename {pkgs => packages}/xwacomcalibrate/default.nix (100%) rename {pkgs => packages}/xwacomcalibrate/xwacomcalibrate.sh (100%) diff --git a/homes/julian/features/alacritty/default.nix b/features-home-manager/alacritty/default.nix similarity index 100% rename from homes/julian/features/alacritty/default.nix rename to features-home-manager/alacritty/default.nix diff --git a/homes/julian/features/direnv/default.nix b/features-home-manager/direnv/default.nix similarity index 100% rename from homes/julian/features/direnv/default.nix rename to features-home-manager/direnv/default.nix diff --git a/homes/julian/features/emacs/default.nix b/features-home-manager/emacs/default.nix similarity index 100% rename from homes/julian/features/emacs/default.nix rename to features-home-manager/emacs/default.nix diff --git a/homes/julian/features/fish/default.nix b/features-home-manager/fish/default.nix similarity index 100% rename from homes/julian/features/fish/default.nix rename to features-home-manager/fish/default.nix diff --git a/homes/julian/features/fish/last-working-dir.fish b/features-home-manager/fish/last-working-dir.fish similarity index 100% rename from homes/julian/features/fish/last-working-dir.fish rename to features-home-manager/fish/last-working-dir.fish diff --git a/homes/julian/features/fish/starship.toml b/features-home-manager/fish/starship.toml similarity index 100% rename from homes/julian/features/fish/starship.toml rename to features-home-manager/fish/starship.toml diff --git a/homes/julian/features/fonts/default.nix b/features-home-manager/fonts/default.nix similarity index 100% rename from homes/julian/features/fonts/default.nix rename to features-home-manager/fonts/default.nix diff --git a/homes/julian/features/gammastep/default.nix b/features-home-manager/gammastep/default.nix similarity index 100% rename from homes/julian/features/gammastep/default.nix rename to features-home-manager/gammastep/default.nix diff --git a/homes/julian/features/ghostty/default.nix b/features-home-manager/ghostty/default.nix similarity index 100% rename from homes/julian/features/ghostty/default.nix rename to features-home-manager/ghostty/default.nix diff --git a/homes/julian/features/gtk/default.nix b/features-home-manager/gtk/default.nix similarity index 100% rename from homes/julian/features/gtk/default.nix rename to features-home-manager/gtk/default.nix diff --git a/homes/julian/features/hyprland/default.nix b/features-home-manager/hyprland/default.nix similarity index 100% rename from homes/julian/features/hyprland/default.nix rename to features-home-manager/hyprland/default.nix diff --git a/homes/julian/features/hyprland/hyprbars.nix b/features-home-manager/hyprland/hyprbars.nix similarity index 100% rename from homes/julian/features/hyprland/hyprbars.nix rename to features-home-manager/hyprland/hyprbars.nix diff --git a/homes/julian/features/hyprland/hyprlock/default.nix b/features-home-manager/hyprland/hyprlock/default.nix similarity index 100% rename from homes/julian/features/hyprland/hyprlock/default.nix rename to features-home-manager/hyprland/hyprlock/default.nix diff --git a/homes/julian/features/hyprland/mako/default.nix b/features-home-manager/hyprland/mako/default.nix similarity index 100% rename from homes/julian/features/hyprland/mako/default.nix rename to features-home-manager/hyprland/mako/default.nix diff --git a/homes/julian/features/hyprland/swayidle.nix b/features-home-manager/hyprland/swayidle.nix similarity index 100% rename from homes/julian/features/hyprland/swayidle.nix rename to features-home-manager/hyprland/swayidle.nix diff --git a/homes/julian/features/hyprland/swaylock.nix b/features-home-manager/hyprland/swaylock.nix similarity index 100% rename from homes/julian/features/hyprland/swaylock.nix rename to features-home-manager/hyprland/swaylock.nix diff --git a/homes/julian/features/hyprland/toggle-screen-mirroring.sh b/features-home-manager/hyprland/toggle-screen-mirroring.sh similarity index 100% rename from homes/julian/features/hyprland/toggle-screen-mirroring.sh rename to features-home-manager/hyprland/toggle-screen-mirroring.sh diff --git a/homes/julian/features/hyprland/waybar/config.json b/features-home-manager/hyprland/waybar/config.json similarity index 100% rename from homes/julian/features/hyprland/waybar/config.json rename to features-home-manager/hyprland/waybar/config.json diff --git a/homes/julian/features/hyprland/waybar/default.nix b/features-home-manager/hyprland/waybar/default.nix similarity index 100% rename from homes/julian/features/hyprland/waybar/default.nix rename to features-home-manager/hyprland/waybar/default.nix diff --git a/homes/julian/features/hyprland/waybar/style.css b/features-home-manager/hyprland/waybar/style.css similarity index 100% rename from homes/julian/features/hyprland/waybar/style.css rename to features-home-manager/hyprland/waybar/style.css diff --git a/homes/julian/features/hyprland/waypipe.nix b/features-home-manager/hyprland/waypipe.nix similarity index 100% rename from homes/julian/features/hyprland/waypipe.nix rename to features-home-manager/hyprland/waypipe.nix diff --git a/homes/julian/features/hyprland/wlogout/default.nix b/features-home-manager/hyprland/wlogout/default.nix similarity index 100% rename from homes/julian/features/hyprland/wlogout/default.nix rename to features-home-manager/hyprland/wlogout/default.nix diff --git a/homes/julian/features/hyprland/wofi/config b/features-home-manager/hyprland/wofi/config similarity index 100% rename from homes/julian/features/hyprland/wofi/config rename to features-home-manager/hyprland/wofi/config diff --git a/homes/julian/features/hyprland/wofi/default.nix b/features-home-manager/hyprland/wofi/default.nix similarity index 100% rename from homes/julian/features/hyprland/wofi/default.nix rename to features-home-manager/hyprland/wofi/default.nix diff --git a/homes/julian/features/hyprland/zathura.nix b/features-home-manager/hyprland/zathura.nix similarity index 100% rename from homes/julian/features/hyprland/zathura.nix rename to features-home-manager/hyprland/zathura.nix diff --git a/homes/julian/features/i3/default.nix b/features-home-manager/i3/default.nix similarity index 100% rename from homes/julian/features/i3/default.nix rename to features-home-manager/i3/default.nix diff --git a/homes/julian/features/i3/i3-scrot.conf b/features-home-manager/i3/i3-scrot.conf similarity index 100% rename from homes/julian/features/i3/i3-scrot.conf rename to features-home-manager/i3/i3-scrot.conf diff --git a/homes/julian/features/i3/i3/config b/features-home-manager/i3/i3/config similarity index 100% rename from homes/julian/features/i3/i3/config rename to features-home-manager/i3/i3/config diff --git a/homes/julian/features/i3/i3/config-kardorf b/features-home-manager/i3/i3/config-kardorf similarity index 100% rename from homes/julian/features/i3/i3/config-kardorf rename to features-home-manager/i3/i3/config-kardorf diff --git a/homes/julian/features/i3/i3/manjaro-default-config b/features-home-manager/i3/i3/manjaro-default-config similarity index 100% rename from homes/julian/features/i3/i3/manjaro-default-config rename to features-home-manager/i3/i3/manjaro-default-config diff --git a/homes/julian/features/i3/i3/scripts/display-layoutpicker b/features-home-manager/i3/i3/scripts/display-layoutpicker similarity index 100% rename from homes/julian/features/i3/i3/scripts/display-layoutpicker rename to features-home-manager/i3/i3/scripts/display-layoutpicker diff --git a/homes/julian/features/i3/i3/scripts/display-toggle-mirror b/features-home-manager/i3/i3/scripts/display-toggle-mirror similarity index 100% rename from homes/julian/features/i3/i3/scripts/display-toggle-mirror rename to features-home-manager/i3/i3/scripts/display-toggle-mirror diff --git a/homes/julian/features/i3/i3/scripts/jupyter-calculator b/features-home-manager/i3/i3/scripts/jupyter-calculator similarity index 100% rename from homes/julian/features/i3/i3/scripts/jupyter-calculator rename to features-home-manager/i3/i3/scripts/jupyter-calculator diff --git a/homes/julian/features/i3/i3/scripts/mymatlab.sh b/features-home-manager/i3/i3/scripts/mymatlab.sh similarity index 100% rename from homes/julian/features/i3/i3/scripts/mymatlab.sh rename to features-home-manager/i3/i3/scripts/mymatlab.sh diff --git a/homes/julian/features/i3/i3/scripts/rofi_calc b/features-home-manager/i3/i3/scripts/rofi_calc similarity index 100% rename from homes/julian/features/i3/i3/scripts/rofi_calc rename to features-home-manager/i3/i3/scripts/rofi_calc diff --git a/homes/julian/features/i3/i3/scripts/setupZoom b/features-home-manager/i3/i3/scripts/setupZoom similarity index 100% rename from homes/julian/features/i3/i3/scripts/setupZoom rename to features-home-manager/i3/i3/scripts/setupZoom diff --git a/homes/julian/features/i3/i3/workspace-chat-element-tele.json b/features-home-manager/i3/i3/workspace-chat-element-tele.json similarity index 100% rename from homes/julian/features/i3/i3/workspace-chat-element-tele.json rename to features-home-manager/i3/i3/workspace-chat-element-tele.json diff --git a/homes/julian/features/i3/i3/workspace-chat-schildi-tele-rocket.json b/features-home-manager/i3/i3/workspace-chat-schildi-tele-rocket.json similarity index 100% rename from homes/julian/features/i3/i3/workspace-chat-schildi-tele-rocket.json rename to features-home-manager/i3/i3/workspace-chat-schildi-tele-rocket.json diff --git a/homes/julian/features/i3/i3/workspace-chat-schildi-tele.json b/features-home-manager/i3/i3/workspace-chat-schildi-tele.json similarity index 100% rename from homes/julian/features/i3/i3/workspace-chat-schildi-tele.json rename to features-home-manager/i3/i3/workspace-chat-schildi-tele.json diff --git a/homes/julian/features/i3/i3/workspace-zoom.json b/features-home-manager/i3/i3/workspace-zoom.json similarity index 100% rename from homes/julian/features/i3/i3/workspace-zoom.json rename to features-home-manager/i3/i3/workspace-zoom.json diff --git a/homes/julian/features/i3/i3status-rust/config.toml b/features-home-manager/i3/i3status-rust/config.toml similarity index 100% rename from homes/julian/features/i3/i3status-rust/config.toml rename to features-home-manager/i3/i3status-rust/config.toml diff --git a/homes/julian/features/kitty/default.nix b/features-home-manager/kitty/default.nix similarity index 100% rename from homes/julian/features/kitty/default.nix rename to features-home-manager/kitty/default.nix diff --git a/homes/julian/features/neovim/default.nix b/features-home-manager/neovim/default.nix similarity index 100% rename from homes/julian/features/neovim/default.nix rename to features-home-manager/neovim/default.nix diff --git a/homes/julian/features/nix-helper/default.nix b/features-home-manager/nix-helper/default.nix similarity index 100% rename from homes/julian/features/nix-helper/default.nix rename to features-home-manager/nix-helper/default.nix diff --git a/homes/julian/features/qt-distrobox/default.nix b/features-home-manager/qt-distrobox/default.nix similarity index 100% rename from homes/julian/features/qt-distrobox/default.nix rename to features-home-manager/qt-distrobox/default.nix diff --git a/homes/julian/features/rofi/config.rasi b/features-home-manager/rofi/config.rasi similarity index 100% rename from homes/julian/features/rofi/config.rasi rename to features-home-manager/rofi/config.rasi diff --git a/homes/julian/features/rofi/default.nix b/features-home-manager/rofi/default.nix similarity index 100% rename from homes/julian/features/rofi/default.nix rename to features-home-manager/rofi/default.nix diff --git a/homes/julian/features/suites/cli/default.nix b/features-home-manager/suites/cli/default.nix similarity index 100% rename from homes/julian/features/suites/cli/default.nix rename to features-home-manager/suites/cli/default.nix diff --git a/homes/julian/features/suites/desktop/default.nix b/features-home-manager/suites/desktop/default.nix similarity index 100% rename from homes/julian/features/suites/desktop/default.nix rename to features-home-manager/suites/desktop/default.nix diff --git a/homes/julian/features/suites/development/default.nix b/features-home-manager/suites/development/default.nix similarity index 100% rename from homes/julian/features/suites/development/default.nix rename to features-home-manager/suites/development/default.nix diff --git a/homes/julian/features/tmux/default.nix b/features-home-manager/tmux/default.nix similarity index 100% rename from homes/julian/features/tmux/default.nix rename to features-home-manager/tmux/default.nix diff --git a/homes/julian/features/topgrade/default.nix b/features-home-manager/topgrade/default.nix similarity index 100% rename from homes/julian/features/topgrade/default.nix rename to features-home-manager/topgrade/default.nix diff --git a/homes/julian/features/wezterm/default.nix b/features-home-manager/wezterm/default.nix similarity index 100% rename from homes/julian/features/wezterm/default.nix rename to features-home-manager/wezterm/default.nix diff --git a/homes/julian/features/yazi/default.nix b/features-home-manager/yazi/default.nix similarity index 100% rename from homes/julian/features/yazi/default.nix rename to features-home-manager/yazi/default.nix diff --git a/homes/julian/features/zsh/default.nix b/features-home-manager/zsh/default.nix similarity index 100% rename from homes/julian/features/zsh/default.nix rename to features-home-manager/zsh/default.nix diff --git a/homes/julian/features/zsh/dir-navigation.zsh b/features-home-manager/zsh/dir-navigation.zsh similarity index 100% rename from homes/julian/features/zsh/dir-navigation.zsh rename to features-home-manager/zsh/dir-navigation.zsh diff --git a/homes/julian/features/zsh/functions.zsh b/features-home-manager/zsh/functions.zsh similarity index 100% rename from homes/julian/features/zsh/functions.zsh rename to features-home-manager/zsh/functions.zsh diff --git a/homes/julian/features/zsh/key-bindings.zsh b/features-home-manager/zsh/key-bindings.zsh similarity index 100% rename from homes/julian/features/zsh/key-bindings.zsh rename to features-home-manager/zsh/key-bindings.zsh diff --git a/homes/julian/features/zsh/last-working-dir.zsh b/features-home-manager/zsh/last-working-dir.zsh similarity index 100% rename from homes/julian/features/zsh/last-working-dir.zsh rename to features-home-manager/zsh/last-working-dir.zsh diff --git a/homes/julian/features/zsh/starship.toml b/features-home-manager/zsh/starship.toml similarity index 100% rename from homes/julian/features/zsh/starship.toml rename to features-home-manager/zsh/starship.toml diff --git a/features-nixos/base/auto-upgrade.nix b/features-nixos/base/auto-upgrade.nix new file mode 100644 index 0000000..0400463 --- /dev/null +++ b/features-nixos/base/auto-upgrade.nix @@ -0,0 +1,18 @@ +{ + flake.nixosModules.base = { + inputs, + config, + ... + }: { + system.hydraAutoUpgrade = { + # Only enable if not dirty + enable = inputs.self ? rev; + dates = "*:0/10"; # Every 10 minutes + instance = "http://hydra.julian-mutter.de"; + project = "dotfiles"; + jobset = "main"; + job = "hosts.${config.networking.hostName}"; + oldFlakeRef = "self"; + }; + }; +} diff --git a/features-nixos/base/default.nix b/features-nixos/base/default.nix new file mode 100644 index 0000000..de70b80 --- /dev/null +++ b/features-nixos/base/default.nix @@ -0,0 +1,40 @@ +# Common config for all hosts +{ + flake.nixosModules.base = { + inputs, + outputs, + pkgs, + lib, + ... + }: { + imports = [ + inputs.home-manager.nixosModules.home-manager + ]; + + # Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix + # Enables non-free firmware + hardware.enableRedistributableFirmware = true; + + # Networking + networking.networkmanager = { + enable = true; + plugins = with pkgs; [ + networkmanager-openconnect + ]; + }; + services.resolved.enable = false; + # MDNS Taken by avahi + # networking.networkmanager.dns = "none"; + networking.nameservers = lib.mkDefault [ + "1.1.1.1" + "8.8.8.8" + ]; + + # HM module + home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config + home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails + home-manager.extraSpecialArgs = { + inherit inputs outputs; + }; + }; +} diff --git a/features-nixos/base/fish.nix b/features-nixos/base/fish.nix new file mode 100644 index 0000000..42341ff --- /dev/null +++ b/features-nixos/base/fish.nix @@ -0,0 +1,12 @@ +{ + flake.nixosModules.base = { + programs.fish = { + enable = true; + vendor = { + completions.enable = true; + config.enable = true; + functions.enable = true; + }; + }; + }; +} diff --git a/features-nixos/base/locale.nix b/features-nixos/base/locale.nix new file mode 100644 index 0000000..c35b72d --- /dev/null +++ b/features-nixos/base/locale.nix @@ -0,0 +1,28 @@ +{ + flake.nixosModules.base = { + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + + # Keymap + services.xserver.xkb = { + layout = "de"; + variant = ""; + }; + + console.keyMap = "de"; + + time.timeZone = "Europe/Berlin"; + }; +} diff --git a/features-nixos/base/nix.nix b/features-nixos/base/nix.nix new file mode 100644 index 0000000..bc0ed38 --- /dev/null +++ b/features-nixos/base/nix.nix @@ -0,0 +1,48 @@ +{ + flake.nixosModules.base = {outputs, ...}: { + # Apply overlays + nixpkgs = { + # TODO: apply this to hm and nixos without duplicate code + overlays = builtins.attrValues outputs.overlays; + config = { + nvidia.acceptLicense = true; + allowUnfree = true; + allowUnfreePredicate = _: true; # TODO: what is this + warn-dirty = false; + permittedInsecurePackages = [ + "olm-3.2.16" + ]; + }; + }; + + # optimize at every build, slows down builds + # better to do optimise.automatic for regular optimising + # nix.settings.auto-optimise-store = lib.mkDefault true; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + "ca-derivations" + ]; + # warn-dirty = false; + + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + persistent = true; + }; + nix.optimise = { + automatic = true; + dates = ["weekly"]; # Optional; allows customizing optimisation schedule + persistent = true; + }; + + programs.nix-ld.enable = true; + + # TODO: is this useful?, what does it do? + # nix.settings.flake-registry = ""; # Disable global flake registry + # Add each flake input as a registry and nix_path + # registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; + # nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; + }; +} diff --git a/features-nixos/base/root.nix b/features-nixos/base/root.nix new file mode 100644 index 0000000..c433e01 --- /dev/null +++ b/features-nixos/base/root.nix @@ -0,0 +1,11 @@ +{ + flake.nixosModules.base = {pkgs, ...}: { + # Packages needed as root + environment.systemPackages = with pkgs; [ + vim + htop + mc + gparted-xhost # needs to be installed as system package so it can be actually opened + ]; + }; +} diff --git a/hosts/common/secrets.yaml b/features-nixos/base/sops/secrets.yaml similarity index 100% rename from hosts/common/secrets.yaml rename to features-nixos/base/sops/secrets.yaml diff --git a/features-nixos/base/sops/sops.nix b/features-nixos/base/sops/sops.nix new file mode 100644 index 0000000..948917e --- /dev/null +++ b/features-nixos/base/sops/sops.nix @@ -0,0 +1,24 @@ +{ + flake.nixosModules.base = { + inputs, + config, + ... + }: let + isEd25519 = k: k.type == "ed25519"; + getKeyPath = k: k.path; + keys = builtins.filter isEd25519 config.services.openssh.hostKeys; + in { + imports = [inputs.sops-nix.nixosModules.sops]; + + sops.age = { + sshKeyPaths = map getKeyPath keys; + + # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!) + # keyFile = "/home/julian/.config/sops/age/keys.txt"; + # Generate key if none of the above worked. With this, building will still work, just without secrets + generateKey = false; # TODO: building should not work without secrets!? + }; + + sops.defaultSopsFile = ./secrets.yaml; + }; +} diff --git a/features-nixos/optional/authentication.nix b/features-nixos/optional/authentication.nix new file mode 100644 index 0000000..aebe448 --- /dev/null +++ b/features-nixos/optional/authentication.nix @@ -0,0 +1,31 @@ +{ + flake.nixosModules.authentication = { + pkgs, + lib, + ... + }: { + # Make programs like nextcloud client access saved passwords + services.gnome.gnome-keyring.enable = true; + + programs.seahorse.enable = true; + programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6 + + # Make authentication work for e.g. gparted + security.polkit.enable = true; + systemd = { + user.services.polkit-gnome-authentication-agent-1 = { + description = "polkit-gnome-authentication-agent-1"; + wantedBy = ["graphical-session.target"]; + wants = ["graphical-session.target"]; + after = ["graphical-session.target"]; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; + Restart = "on-failure"; + RestartSec = 1; + TimeoutStopSec = 10; + }; + }; + }; + }; +} diff --git a/features-nixos/optional/avahi.nix b/features-nixos/optional/avahi.nix new file mode 100644 index 0000000..dd9b201 --- /dev/null +++ b/features-nixos/optional/avahi.nix @@ -0,0 +1,14 @@ +{ + flake.nixosModules.avahi = { + # MDNS on local network + services.avahi = { + enable = true; + nssmdns4 = true; + nssmdns6 = true; + publish.enable = true; + publish.addresses = true; + ipv4 = true; + ipv6 = true; + }; + }; +} diff --git a/features-nixos/optional/binarycaches.nix b/features-nixos/optional/binarycaches.nix new file mode 100644 index 0000000..2c31574 --- /dev/null +++ b/features-nixos/optional/binarycaches.nix @@ -0,0 +1,33 @@ +{ + flake.nixosModules.binarycaches = { + lib, + outputs, + ... + }: { + # Setup binary caches + nix.settings = { + substituters = [ + "https://nix-community.cachix.org" + "https://cache.nixos.org/" + "https://hyprland.cachix.org" + "http://binarycache.julian-mutter.de" + "https://devenv.cachix.org" + ]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" + ]; + + trusted-users = [ + "root" + "@wheel" + ]; # needed for devenv to add custom caches + + # Ensure we can still build when missing-server is not accessible + fallback = true; + }; + }; +} diff --git a/features-nixos/optional/boot-efi.nix b/features-nixos/optional/boot-efi.nix new file mode 100644 index 0000000..1b09472 --- /dev/null +++ b/features-nixos/optional/boot-efi.nix @@ -0,0 +1,19 @@ +{ + flake.nixosModules.boot-efi = { + # Bootloader + # Use this for simple nix boot menu, if no dual boot required + boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot.configurationLimit = 10; + boot.loader.efi.canTouchEfiVariables = true; + + # https://github.com/NixOS/nixpkgs/blob/c32c39d6f3b1fe6514598fa40ad2cf9ce22c3fb7/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix#L66 + boot.loader.systemd-boot.editor = false; + + boot.supportedFilesystems = [ + "btrfs" + "ntfs" + "nfs" + "cifs" + ]; + }; +} diff --git a/features-nixos/optional/docker.nix b/features-nixos/optional/docker.nix new file mode 100644 index 0000000..982fd3c --- /dev/null +++ b/features-nixos/optional/docker.nix @@ -0,0 +1,7 @@ +{ + flake.nixosModules.docker = { + virtualisation.docker = { + enable = true; + }; + }; +} diff --git a/features-nixos/optional/flatpak.nix b/features-nixos/optional/flatpak.nix new file mode 100644 index 0000000..89727a0 --- /dev/null +++ b/features-nixos/optional/flatpak.nix @@ -0,0 +1,8 @@ +{ + flake.nixosModules.flatpak = {pkgs, ...}: { + services.flatpak.enable = true; + xdg.portal.enable = true; + xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk]; + xdg.portal.config.common.default = "*"; # Use first portal implementation found + }; +} diff --git a/features-nixos/optional/gamemode.nix b/features-nixos/optional/gamemode.nix new file mode 100644 index 0000000..120772e --- /dev/null +++ b/features-nixos/optional/gamemode.nix @@ -0,0 +1,23 @@ +{ + flake.nixosModules.gamemode = {pkgs, ...}: { + programs.gamemode = { + enable = true; + settings = { + general = { + softrealtime = "auto"; + inhibit_screensaver = 1; + renice = 5; + }; + # gpu = { + # apply_gpu_optimisations = "accept-responsibility"; + # gpu_device = 1; + # amd_performance_level = "high"; + # }; + custom = { + start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'"; + end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'"; + }; + }; + }; + }; +} diff --git a/features-nixos/optional/gdm.nix b/features-nixos/optional/gdm.nix new file mode 100644 index 0000000..b5be45a --- /dev/null +++ b/features-nixos/optional/gdm.nix @@ -0,0 +1,15 @@ +{ + flake.nixosModules.gdm = { + config, + lib, + pkgs, + ... + }: { + services.xserver.displayManager.gdm = { + enable = true; + }; + + # unlock GPG keyring on login + security.pam.services.gdm.enableGnomeKeyring = true; + }; +} diff --git a/features-nixos/optional/greetd.nix b/features-nixos/optional/greetd.nix new file mode 100644 index 0000000..6a8ec34 --- /dev/null +++ b/features-nixos/optional/greetd.nix @@ -0,0 +1,39 @@ +{ + flake.nixosModules.greetd = {config, ...}: let + homeCfgs = config.home-manager.users; + julianCfg = homeCfgs.julian; + in { + users.extraUsers.greeter = { + # For caching + home = "/tmp/greeter-home"; + createHome = true; + }; + + programs.regreet = { + enable = true; + iconTheme = julianCfg.gtk.iconTheme; + theme = julianCfg.gtk.theme; + # font = julianCfg.fontProfiles.regular; # TODO: do + cursorTheme = { + inherit (julianCfg.gtk.cursorTheme) name package; + }; + cageArgs = [ + "-s" + "-m" + "last" + ]; # multimonitor use last monitor + # settings.background = { + # path = julianCfg.wallpaper; + # fit = "Cover"; + # }; # TODO: fix + + # TODO: setting keyboard language does not work + # settings = { + # env = { + # XKB_DEFAULT_LAYOUT = "de"; + # # XKB_DEFAULT_VARIANT = "altgr-intl"; + # }; + # }; + }; + }; +} diff --git a/features-nixos/optional/i3.nix b/features-nixos/optional/i3.nix new file mode 100644 index 0000000..defd512 --- /dev/null +++ b/features-nixos/optional/i3.nix @@ -0,0 +1,18 @@ +{ + flake.nixosModules.i3 = { + config, + lib, + pkgs, + ... + }: { + services.xserver.windowManager.i3.enable = true; + services.xserver.windowManager.i3.package = pkgs.i3-gaps; + services.displayManager.defaultSession = "none+i3"; + + programs.xss-lock = { + # responds to "loginctl lock-session" via dbus + enable = true; + lockerCommand = "${pkgs.i3lock}/bin/i3lock --ignore-empty-password --color=000000"; + }; + }; +} diff --git a/features-nixos/optional/kerberos.nix b/features-nixos/optional/kerberos.nix new file mode 100644 index 0000000..f84d149 --- /dev/null +++ b/features-nixos/optional/kerberos.nix @@ -0,0 +1,25 @@ +{ + flake.nixosModules.kerberos = { + security.krb5.enable = true; + security.krb5.settings = { + # domain_realm = { + # ".julian-mutter.de" = "julian-mutter.de"; + # "julian-mutter.de" = "julian-mutter.de"; + # }; + libdefaults = { + default_realm = "julian-mutter.de"; + # dns_lookup_realm = true; + # dns_lookup_kdc = true; + # ticket_lifetime = "24h"; + # renew_lifetime = "7d"; + }; + realms = { + "julian-mutter.de" = { + kdc = ["kerberos.julian-mutter.de"]; + admin_server = "kerberos-admin.julian-mutter.de"; + default_domain = "julian-mutter.de"; + }; + }; + }; + }; +} diff --git a/features-nixos/optional/openssh.nix b/features-nixos/optional/openssh.nix new file mode 100644 index 0000000..781b2ca --- /dev/null +++ b/features-nixos/optional/openssh.nix @@ -0,0 +1,51 @@ +{ + flake.nixosModules.openssh = { + outputs, + lib, + config, + ... + }: let + hosts = lib.attrNames outputs.nixosConfigurations; + in { + services.openssh = { + enable = true; + settings = { + # Harden + PasswordAuthentication = false; + PermitRootLogin = "no"; + + # TODO: what does this do + # Let WAYLAND_DISPLAY be forwarded + AcceptEnv = "WAYLAND_DISPLAY"; + X11Forwarding = true; + }; + + hostKeys = [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + }; + + # TODO: is automatic known hosts file even necessary? + # programs.ssh = { + # # Each hosts public key + # knownHosts = lib.genAttrs hosts (hostname: { + # publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub; + # extraHostNames = + # [ + # # "${hostname}.m7.rs" + # ] + # ++ + # # Alias for localhost if it's the same host + # (lib.optional (hostname == config.networking.hostName) "localhost") + # # Alias to m7.rs and git.m7.rs if it's alcyone + # ++ (lib.optionals (hostname == "alcyone") [ + # "m7.rs" + # "git.m7.rs" + # ]); + # }); + # }; + }; +} diff --git a/features-nixos/optional/pcmanfm.nix b/features-nixos/optional/pcmanfm.nix new file mode 100644 index 0000000..df4efa8 --- /dev/null +++ b/features-nixos/optional/pcmanfm.nix @@ -0,0 +1,11 @@ +{ + flake.nixosModules.pcmanfm = {pkgs, ...}: { + environment.systemPackages = with pkgs; [ + shared-mime-info # extended mimetype support + lxmenu-data # open with "Installed Applications" + pcmanfm + ]; + + services.gvfs.enable = true; # Mount, trash, and other functionalities + }; +} diff --git a/features-nixos/optional/pipewire.nix b/features-nixos/optional/pipewire.nix new file mode 100644 index 0000000..e9fb20f --- /dev/null +++ b/features-nixos/optional/pipewire.nix @@ -0,0 +1,30 @@ +{ + flake.nixosModules.pipewire = { + security.rtkit.enable = true; + services.pulseaudio.enable = false; + services.pipewire = { + enable = true; + wireplumber.enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + extraConfig.pipewire = { + "99-no-bell" = { + # Disable bell sound + "context.properties" = { + "module.x11.bell" = false; + }; + }; + "10-increase-buffer" = { + "context.properties" = { + "default.clock.rate" = 48000; + "default.clock.quantum" = 1024; + "default.clock.min-quantum" = 1024; + "default.clock.max-quantum" = 2048; + }; + }; + }; + }; + }; +} diff --git a/features-nixos/optional/podman.nix b/features-nixos/optional/podman.nix new file mode 100644 index 0000000..6e5d23f --- /dev/null +++ b/features-nixos/optional/podman.nix @@ -0,0 +1,12 @@ +{ + flake.nixosModules.podman = {config, ...}: let + dockerEnabled = config.virtualisation.docker.enable; + in { + virtualisation.podman = { + enable = true; + dockerCompat = !dockerEnabled; + dockerSocket.enable = !dockerEnabled; + defaultNetwork.settings.dns_enabled = true; + }; + }; +} diff --git a/features-nixos/optional/redshift.nix b/features-nixos/optional/redshift.nix new file mode 100644 index 0000000..66eefb9 --- /dev/null +++ b/features-nixos/optional/redshift.nix @@ -0,0 +1,14 @@ +{ + flake.nixosModules.redshift = { + config, + lib, + pkgs, + ... + }: { + # Set location used by redshift + location.provider = "manual"; + location.latitude = 47.92; + location.longitude = 10.12; + services.redshift.enable = true; + }; +} diff --git a/features-nixos/optional/remote-builder.nix b/features-nixos/optional/remote-builder.nix new file mode 100644 index 0000000..117e737 --- /dev/null +++ b/features-nixos/optional/remote-builder.nix @@ -0,0 +1,36 @@ +{ + flake.nixosModules.remote-builder = { + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = [ + { + hostName = "builder.julian-mutter.de"; + protocol = "ssh"; + sshUser = "nix"; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + maxJobs = 4; + speedFactor = 3; + supportedFeatures = [ + "nixos-test" + "benchmark" + "big-parallel" + "kvm" + ]; + mandatoryFeatures = []; + } + # { + # hostName = "localhost"; + # protocol = null; + # systems = [ + # "x86_64-linux" + # ]; + # maxJobs = 4; + # speedFactor = 1; + # } + ]; + }; +} diff --git a/features-nixos/optional/thunar.nix b/features-nixos/optional/thunar.nix new file mode 100644 index 0000000..ebc926d --- /dev/null +++ b/features-nixos/optional/thunar.nix @@ -0,0 +1,18 @@ +{ + flake.nixosModules.thunar = { + config, + lib, + pkgs, + ... + }: { + programs.thunar.enable = true; + programs.xfconf.enable = true; # Persist saved preferences + programs.thunar.plugins = with pkgs.xfce; [ + thunar-archive-plugin + thunar-volman + thunar-media-tags-plugin + ]; + services.gvfs.enable = true; # Mount, trash, and other functionalities + services.tumbler.enable = true; # Thumbnail support for images + }; +} diff --git a/features-nixos/optional/virtualbox.nix b/features-nixos/optional/virtualbox.nix new file mode 100644 index 0000000..99c9870 --- /dev/null +++ b/features-nixos/optional/virtualbox.nix @@ -0,0 +1,14 @@ +{ + flake.nixosModules.virtualbox = { + config, + lib, + pkgs, + ... + }: { + virtualisation.virtualbox.host.enable = true; + # virtualisation.virtualbox.host.enableExtensionPack = true; + # virtualisation.virtualbox.guest.enable = true; + # virtualisation.virtualbox.guest.x11 = true; + users.extraGroups.vboxusers.members = ["julian"]; + }; +} diff --git a/features-nixos/optional/wireguard.nix b/features-nixos/optional/wireguard.nix new file mode 100644 index 0000000..6401be3 --- /dev/null +++ b/features-nixos/optional/wireguard.nix @@ -0,0 +1,14 @@ +{ + flake.nixosModules.wireguard = { + networking.wg-quick.interfaces = { + julian = { + configFile = "/etc/wireguard/julian.conf"; + autostart = true; # This interface is started on boot + }; + comu = { + configFile = "/etc/wireguard/comu.conf"; + autostart = false; + }; + }; + }; +} diff --git a/features-nixos/optional/wireshark.nix b/features-nixos/optional/wireshark.nix new file mode 100644 index 0000000..037ea6f --- /dev/null +++ b/features-nixos/optional/wireshark.nix @@ -0,0 +1,11 @@ +{ + flake.nixosModules.wireshark = { + programs.wireshark = { + enable = true; + dumpcap.enable = true; + usbmon.enable = true; + }; + + users.users.julian.extraGroups = ["wireshark"]; + }; +} diff --git a/features-nixos/optional/xserver.nix b/features-nixos/optional/xserver.nix new file mode 100644 index 0000000..e2dded1 --- /dev/null +++ b/features-nixos/optional/xserver.nix @@ -0,0 +1,8 @@ +{ + flake.nixosModules.xserver = { + services.xserver = { + enable = true; + wacom.enable = true; + }; + }; +} diff --git a/features-nixos/users/julian/default.nix b/features-nixos/users/julian/default.nix new file mode 100644 index 0000000..00c0798 --- /dev/null +++ b/features-nixos/users/julian/default.nix @@ -0,0 +1,52 @@ +{ + flake.nixosModules.users.julian = { + pkgs, + config, + lib, + ... + }: let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + in { + users.mutableUsers = false; + users.users.julian = { + description = "Julian"; + group = "julian"; + isNormalUser = true; + uid = 1000; + shell = pkgs.fish; + extraGroups = ifTheyExist [ + "networkmanager" + "wheel" + "audio" + "realtime" + "rtkit" + "network" + "video" + "podman" + "docker" + "git" + "gamemode" + "dialout" + ]; + + openssh.authorizedKeys.keys = lib.splitString "\n" ( + builtins.readFile ../../../../homes/julian/ssh.pub + ); + # hashedPasswordFile = config.sops.secrets.julian-password.path; + hashedPassword = "$y$j9T$N33kLJQbV8soUoCbDkpwA1$r/yahJDgOPo4GGOrAi6BUG5zLTzmaBrA5NQ4nno561A"; + packages = [pkgs.home-manager]; + }; + users.groups.julian = { + gid = 1000; + }; + + sops.secrets.julian-password = { + sopsFile = ../../secrets.yaml; + neededForUsers = true; + }; + + home-manager.users.julian = import ../../../../homes/julian/${config.networking.hostName}.nix; + + security.pam.services.swaylock = {}; # Make swaylock unlocking work + }; +} diff --git a/features-nixos/users/pob/default.nix b/features-nixos/users/pob/default.nix new file mode 100644 index 0000000..2e9f23b --- /dev/null +++ b/features-nixos/users/pob/default.nix @@ -0,0 +1,30 @@ +{ + flake.nixosModules.users.pob = { + pkgs, + config, + ... + }: let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + in { + users.mutableUsers = false; + users.users.pob = { + description = "A helper user to use another profile for some applications"; + group = "pob"; + isNormalUser = true; + shell = pkgs.fish; + extraGroups = ifTheyExist [ + "networkmanager" + ]; + packages = with pkgs; [ + firefox + wineWowPackages.stable # 32-bit and 64-bit wine + winetricks + ]; + }; + users.groups.pob = {}; + + security.sudo.extraConfig = '' + julian ALL=(pob) NOPASSWD: ALL + ''; + }; +} diff --git a/features-nixos/users/wolfi/default.nix b/features-nixos/users/wolfi/default.nix new file mode 100644 index 0000000..58c86df --- /dev/null +++ b/features-nixos/users/wolfi/default.nix @@ -0,0 +1,32 @@ +{ + flake.nixosModules.users.wolfi = { + pkgs, + config, + ... + }: let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + in { + users.mutableUsers = false; + users.users.wolfi = { + description = "Wolfi"; + group = "wolfi"; + isNormalUser = true; + shell = pkgs.fish; + extraGroups = ifTheyExist [ + "networkmanager" + "wheel" + "audio" + "network" + "video" + "podman" + "docker" + "git" + "gamemode" + ]; + + hashedPassword = "$y$j9T$ifzWjoZaRtPUOOfMYnbJ20$uFOO1EyDApL52vRUicZYgupaTA/a6sGNUj3imZ/lcb6"; + packages = [pkgs.home-manager]; + }; + users.groups.wolfi = {}; + }; +} diff --git a/features-nixos/users/yukari/default.nix b/features-nixos/users/yukari/default.nix new file mode 100644 index 0000000..f2a5f35 --- /dev/null +++ b/features-nixos/users/yukari/default.nix @@ -0,0 +1,99 @@ +{ + flake.nixosModules.users.yukari = { + pkgs, + config, + lib, + outputs, + ... + }: let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; + in { + users.mutableUsers = false; + users.users.yukari = { + description = "Yukari"; + group = "yukari"; + isNormalUser = true; + shell = pkgs.fish; + extraGroups = ifTheyExist [ + "networkmanager" + "audio" + "network" + "video" + "podman" + "docker" + "git" + "gamemode" + ]; + + createHome = true; + hashedPassword = "$y$j9T$rGuTL0rfiy7ht8L58BGCw0$fN.KwHjYlIitFEPHndKvV06ezgeWzP3/58o1kkviZwB"; + packages = [pkgs.home-manager]; + }; + users.groups.yukari = {}; + + home-manager.users.yukari = { + imports = + [ + ../../../../homes/julian/features/fonts + ../../../../homes/julian/features/suites/cli + ] + ++ (builtins.attrValues outputs.homeManagerModules); + + home = { + username = lib.mkDefault "yukari"; + homeDirectory = lib.mkDefault "/home/${config.home.username}"; + stateVersion = lib.mkDefault "23.11"; + + sessionPath = ["$HOME/.local/bin"]; + + packages = with pkgs; [ + arandr + calibre # ebook manager and viewer + # digikam + discord + discord-ptb # in case discord updates take their time + # dvdisaster + # element-desktop + # rocketchat-desktop + thunderbird + telegram-desktop # telegram + # schildichat-desktop # not updated regularly + nheko + evince # Simple pdf reader, good for focusing on document content + firefox + vivaldi + # geogebra + cheese + handbrake + # kitty # Terminal, already available as feature + libnotify + libreoffice + mate.engrampa + nomacs # Image viewer + kdePackages.okular # Pdf reader with many features, good for commenting documents + pavucontrol + qalculate-gtk # Nice gui calculator + qpdfview + # qutebrowser + # realvnc-vnc-viewer + # rustdesk + tor-browser + # frajul.pob-dev-version # Path of Building + vlc + wineWowPackages.stable # 32-bit and 64-bit wine + winetricks + xclip # x11 clipboard access from terminal + xfce.mousepad # simple text editor + xournalpp # Edit pdf files + zoom-us # Video conferencing + zotero # Manage papers and other sources + pdfpc # Present slides in pdf form + ]; + }; + programs = { + home-manager.enable = true; + git.enable = true; + }; + }; + }; +} diff --git a/flake.nix b/flake.nix index cbd5cf8..7f47c73 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,9 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + flake-parts.url = "github:hercules-ci/flake-parts"; + import-tree.url = "github:vic/import-tree"; + # Various flakes yazi-flavors = { url = "github:yazi-rs/flavors"; @@ -61,158 +64,163 @@ }; }; - outputs = { - self, - nixpkgs, - home-manager, - systems, - ... - } @ inputs: let - inherit (self) outputs; - lib = nixpkgs.lib // home-manager.lib; - forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system}); - pkgsFor = lib.genAttrs (import systems) ( - system: - import nixpkgs { - inherit system; - config.allowUnfree = true; - config.permittedInsecurePackages = [ - "olm-3.2.16" - ]; - warn-dirty = false; - } - ); - in { - inherit lib; + outputs = inputs: + inputs.flake-parts.lib.mkFlake {inherit inputs;} (inputs.import-tree + [ + ./hosts + ./features-nixos + ./homes + ./features-home-manager + # ./modules + # ./overlays + # ./packages + ]); + # let + # inherit (self) outputs; + # lib = nixpkgs.lib // home-manager.lib; + # forEachSystem = f: lib.genAttrs (import systems) (system: f pkgsFor.${system}); + # pkgsFor = lib.genAttrs (import systems) ( + # system: + # import nixpkgs { + # inherit system; + # config.allowUnfree = true; + # config.permittedInsecurePackages = [ + # "olm-3.2.16" + # ]; + # warn-dirty = false; + # } + # ); + # in { + # inherit lib; - nixosModules = import ./modules/nixos; - homeManagerModules = import ./modules/home-manager; + # nixosModules = import ./modules/nixos; + # homeManagerModules = import ./modules/home-manager; - overlays = import ./overlays {inherit inputs outputs;}; - # hydraJobs = import ./hydra.nix { inherit inputs outputs; }; # TODO add hydra jobs here? + # overlays = import ./overlays {inherit inputs outputs;}; + # # hydraJobs = import ./hydra.nix { inherit inputs outputs; }; # TODO add hydra jobs here? - packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;}); - devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;}); - formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt * + # packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;}); + # devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;}); + # formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt * - nixosConfigurations = { - # Main laptop - aspi = lib.nixosSystem { - modules = [ - ./hosts/aspi - ]; - specialArgs = { - inherit inputs outputs; - }; - }; - # Piano raspberry pi - # pianonix = lib.nixosSystem { - # modules = [./hosts/pianonix]; - # specialArgs = { - # inherit inputs outputs; - # }; - # }; - kardorf = lib.nixosSystem { - modules = [./hosts/kardorf]; - specialArgs = { - inherit inputs outputs; - }; - }; - builder = lib.nixosSystem { - modules = [./hosts/builder]; - specialArgs = { - inherit inputs outputs; - }; - }; - }; + # nixosConfigurations = { + # # Main laptop + # aspi = lib.nixosSystem { + # modules = [ + # ./hosts/aspi + # ]; + # specialArgs = { + # inherit inputs outputs; + # }; + # }; + # # Piano raspberry pi + # # pianonix = lib.nixosSystem { + # # modules = [./hosts/pianonix]; + # # specialArgs = { + # # inherit inputs outputs; + # # }; + # # }; + # kardorf = lib.nixosSystem { + # modules = [./hosts/kardorf]; + # specialArgs = { + # inherit inputs outputs; + # }; + # }; + # builder = lib.nixosSystem { + # modules = [./hosts/builder]; + # specialArgs = { + # inherit inputs outputs; + # }; + # }; + # }; - # Standalone HM - homeConfigurations = { - # Main laptop - "julian@aspi" = lib.homeManagerConfiguration { - modules = [ - ./homes/julian/aspi.nix - ./homes/julian/hm-standalone-config.nix - ]; - pkgs = pkgsFor.x86_64-linux; - extraSpecialArgs = { - inherit inputs outputs; - }; - }; - # Media server (RPi) - # "julian@pianonix" = lib.homeManagerConfiguration { - # modules = [ - # ./homes/julian/pianonix.nix - # ./homes/julian/hm-standalone-config.nix - # ]; - # pkgs = pkgsFor.aarch64-linux; - # extraSpecialArgs = { - # inherit inputs outputs; - # }; - # }; - "julian@kardorf" = lib.homeManagerConfiguration { - modules = [ - ./homes/julian/kardorf.nix - ./homes/julian/hm-standalone-config.nix - ]; - pkgs = pkgsFor.x86_64-linux; - extraSpecialArgs = { - inherit inputs outputs; - }; - }; - "julian@v3ms" = lib.homeManagerConfiguration { - modules = [ - ./homes/julian/v3ms - ./homes/julian/hm-standalone-config.nix - ]; - pkgs = pkgsFor.x86_64-linux; - extraSpecialArgs = { - inherit inputs outputs; - }; - }; - "julian@quickstart" = lib.homeManagerConfiguration { - modules = [ - ./homes/julian/quickstart.nix - ./homes/julian/hm-standalone-config.nix - ]; - pkgs = pkgsFor.x86_64-linux; - extraSpecialArgs = { - inherit inputs outputs; - }; - }; - }; + # # Standalone HM + # homeConfigurations = { + # # Main laptop + # "julian@aspi" = lib.homeManagerConfiguration { + # modules = [ + # ./homes/julian/aspi.nix + # ./homes/julian/hm-standalone-config.nix + # ]; + # pkgs = pkgsFor.x86_64-linux; + # extraSpecialArgs = { + # inherit inputs outputs; + # }; + # }; + # # Media server (RPi) + # # "julian@pianonix" = lib.homeManagerConfiguration { + # # modules = [ + # # ./homes/julian/pianonix.nix + # # ./homes/julian/hm-standalone-config.nix + # # ]; + # # pkgs = pkgsFor.aarch64-linux; + # # extraSpecialArgs = { + # # inherit inputs outputs; + # # }; + # # }; + # "julian@kardorf" = lib.homeManagerConfiguration { + # modules = [ + # ./homes/julian/kardorf.nix + # ./homes/julian/hm-standalone-config.nix + # ]; + # pkgs = pkgsFor.x86_64-linux; + # extraSpecialArgs = { + # inherit inputs outputs; + # }; + # }; + # "julian@v3ms" = lib.homeManagerConfiguration { + # modules = [ + # ./homes/julian/v3ms + # ./homes/julian/hm-standalone-config.nix + # ]; + # pkgs = pkgsFor.x86_64-linux; + # extraSpecialArgs = { + # inherit inputs outputs; + # }; + # }; + # "julian@quickstart" = lib.homeManagerConfiguration { + # modules = [ + # ./homes/julian/quickstart.nix + # ./homes/julian/hm-standalone-config.nix + # ]; + # pkgs = pkgsFor.x86_64-linux; + # extraSpecialArgs = { + # inherit inputs outputs; + # }; + # }; + # }; - # deploy-rs node configuration - deploy.nodes = { - # pianonix = { - # hostname = "pianonix.local"; - # profiles.system = { - # sshUser = "root"; - # user = "root"; - # path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pianonix; - # confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services - # }; - # }; + # # deploy-rs node configuration + # deploy.nodes = { + # # pianonix = { + # # hostname = "pianonix.local"; + # # profiles.system = { + # # sshUser = "root"; + # # user = "root"; + # # path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pianonix; + # # confirmTimeout = 90; # default: 30s; raspberrypi takes a little longer restarting services + # # }; + # # }; - builder = { - hostname = "builder.julian-mutter.de"; - profiles.system = { - sshUser = "root"; - user = "root"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.builder; - remoteBuild = true; - }; - }; - }; + # builder = { + # hostname = "builder.julian-mutter.de"; + # profiles.system = { + # sshUser = "root"; + # user = "root"; + # path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.builder; + # remoteBuild = true; + # }; + # }; + # }; - # substitutes: nixos-generate --flake .#pianonix -f sd-aarch64 --system aarch64-linux - pianonix-image = inputs.nixos-generators.nixosGenerate { - system = "aarch64-linux"; - format = "sd-aarch64"; - modules = [./hosts/pianonix]; - specialArgs = { - inherit inputs outputs; - }; - }; - }; + # # substitutes: nixos-generate --flake .#pianonix -f sd-aarch64 --system aarch64-linux + # pianonix-image = inputs.nixos-generators.nixosGenerate { + # system = "aarch64-linux"; + # format = "sd-aarch64"; + # modules = [./hosts/pianonix]; + # specialArgs = { + # inherit inputs outputs; + # }; + # }; + # }; } diff --git a/hosts/aspi/default.nix b/hosts/aspi/default.nix index 11fec89..db8a888 100644 --- a/hosts/aspi/default.nix +++ b/hosts/aspi/default.nix @@ -1,62 +1,72 @@ { - imports = [ - ./hardware-configuration.nix - - ../common/global - ../common/users/julian - ../common/users/yukari - ../common/users/pob - ../common/optional/binarycaches.nix - - ../common/optional/remote-builder.nix - ../common/optional/boot-efi.nix - - ../common/optional/greetd.nix - ../common/optional/authentication.nix - ../common/optional/pcmanfm.nix - ../common/optional/pipewire.nix - - ../common/optional/gamemode.nix - ../common/optional/virtualbox.nix - - ../common/optional/podman.nix - ../common/optional/wireguard.nix - ../common/optional/wireshark.nix - ../common/optional/flatpak.nix - - ../common/optional/avahi.nix - ]; - - networking.hostName = "aspi"; - system.stateVersion = "24.05"; - - # networking.firewall.checkReversePath = false; # Makes wg interface with all ips work - - modules = { - syncthing = { - enable = true; - overrideSettings = false; - }; - frajulAutoUpgrade = { - enable = true; - flakePath = "/home/julian/.dotfiles"; - }; + inputs, + self, + ... +}: { + flake.nixosConfigurations.aspi = inputs.nixpkgs.lib.nixosSystem { + modules = [ + self.nixosModules.hosts.aspi + ]; }; - programs.hyprland.enable = true; - services.desktopManager.plasma6.enable = true; + flake.nixosModules.hosts.aspi = { + imports = [ + ../common/global + ../common/users/julian + ../common/users/yukari + ../common/users/pob + ../common/optional/binarycaches.nix - services.blueman.enable = true; - services.upower.enable = true; + ../common/optional/remote-builder.nix + ../common/optional/boot-efi.nix - programs.steam.enable = true; + ../common/optional/greetd.nix + ../common/optional/authentication.nix + ../common/optional/pcmanfm.nix + ../common/optional/pipewire.nix - # TODO: not working - # services.logind.lidSwitch = "lock"; - # services.logind.lidSwitchDocked = "lock"; + ../common/optional/gamemode.nix + ../common/optional/virtualbox.nix - programs.kdeconnect.enable = true; + ../common/optional/podman.nix + ../common/optional/wireguard.nix + ../common/optional/wireshark.nix + ../common/optional/flatpak.nix - # Enable touchpad support - services.libinput.enable = true; + ../common/optional/avahi.nix + ]; + + networking.hostName = "aspi"; + system.stateVersion = "24.05"; + + # networking.firewall.checkReversePath = false; # Makes wg interface with all ips work + + modules = { + syncthing = { + enable = true; + overrideSettings = false; + }; + frajulAutoUpgrade = { + enable = true; + flakePath = "/home/julian/.dotfiles"; + }; + }; + + programs.hyprland.enable = true; + services.desktopManager.plasma6.enable = true; + + services.blueman.enable = true; + services.upower.enable = true; + + programs.steam.enable = true; + + # TODO: not working + # services.logind.lidSwitch = "lock"; + # services.logind.lidSwitchDocked = "lock"; + + programs.kdeconnect.enable = true; + + # Enable touchpad support + services.libinput.enable = true; + }; } diff --git a/hosts/aspi/hardware-configuration.nix b/hosts/aspi/hardware-configuration.nix index ea1a6a3..7e0e14a 100644 --- a/hosts/aspi/hardware-configuration.nix +++ b/hosts/aspi/hardware-configuration.nix @@ -1,78 +1,80 @@ { - config, - lib, - ... -}: { - boot.initrd.availableKernelModules = [ - "vmd" - "xhci_pci" - "ahci" - "nvme" - "usb_storage" - "usbhid" - "sd_mod" - ]; - boot.initrd.kernelModules = ["dm-snapshot"]; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - boot.blacklistedKernelModules = ["pcspkr"]; # Disables "beep" - boot.binfmt.emulatedSystems = ["aarch64-linux"]; + flake.nixosModules.hosts.aspi = { + config, + lib, + ... + }: { + boot.initrd.availableKernelModules = [ + "vmd" + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "usbhid" + "sd_mod" + ]; + boot.initrd.kernelModules = ["dm-snapshot"]; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + boot.blacklistedKernelModules = ["pcspkr"]; # Disables "beep" + boot.binfmt.emulatedSystems = ["aarch64-linux"]; - boot.initrd.luks.devices = { - root = { - device = "/dev/disk/by-uuid/a4dc9a2c-725b-4252-8fbb-093a271c31ba"; - preLVM = true; - allowDiscards = true; + boot.initrd.luks.devices = { + root = { + device = "/dev/disk/by-uuid/a4dc9a2c-725b-4252-8fbb-093a271c31ba"; + preLVM = true; + allowDiscards = true; + }; }; - }; - fileSystems."/" = { - device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" + fileSystems."/" = { + device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c"; + fsType = "btrfs"; + options = [ + "subvol=home" + "compress=zstd" + ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c"; + fsType = "btrfs"; + options = [ + "subvol=nix" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/7040-F37C"; + fsType = "vfat"; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/26140b4a-0579-406d-a484-35aa31b32e80";} ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.nvidia.open = false; }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c"; - fsType = "btrfs"; - options = [ - "subvol=home" - "compress=zstd" - ]; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/bbc45be3-75f5-40c5-8427-2a425de8422c"; - fsType = "btrfs"; - options = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/7040-F37C"; - fsType = "vfat"; - }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/26140b4a-0579-406d-a484-35aa31b32e80";} - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - hardware.nvidia.open = false; } diff --git a/hosts/builder/default.nix b/hosts/builder/default.nix index b981f58..37865f5 100644 --- a/hosts/builder/default.nix +++ b/hosts/builder/default.nix @@ -2,352 +2,362 @@ # or # deploy .#builder { - config, - pkgs, + inputs, + self, ... }: { - imports = [ - ./hardware-configuration.nix - - ../common/global/fish.nix # fish for admin - ../common/global/locale.nix - ../common/global/nix.nix - ../common/global/sops.nix - ../common/global/root.nix - ]; - - networking.hostName = "builder"; - system.stateVersion = "23.11"; - - networking.networkmanager.enable = true; - networking.nameservers = [ - "192.168.3.252" - "172.30.20.10" - "1.1.1.1" - ]; - - users.mutableUsers = false; - users.users.nix = { - isNormalUser = true; - description = "Nix"; - extraGroups = [ - "networkmanager" - "wheel" - "docker" + flake.nixosConfigurations.builder = inputs.nixpkgs.lib.nixosSystem { + modules = [ + self.nixosModules.hosts.builder ]; }; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - # Setup binary caches - nix.settings = { - substituters = [ - "https://nix-community.cachix.org" - "https://cache.nixos.org/" - "https://hyprland.cachix.org" - "https://devenv.cachix.org" - ]; - trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" + flake.nixosModules.hosts.builder = { + config, + pkgs, + ... + }: { + imports = [ + ../common/global/fish.nix # fish for admin + ../common/global/locale.nix + ../common/global/nix.nix + ../common/global/sops.nix + ../common/global/root.nix ]; - trusted-users = ["nix"]; - max-jobs = "auto"; - cores = 0; + networking.hostName = "builder"; + system.stateVersion = "23.11"; - # Ensure we can still build when missing-server is not accessible - fallback = true; - }; - - # system.autoUpgrade = { - # enable = true; - # flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles"; - # flags = [ - # "--recreate-lock-file" # update lock file - # ]; - # dates = "02:13"; - # }; - - # optimize store by hardlinking store files - nix.optimise.automatic = true; - nix.optimise.dates = ["03:15"]; - - # nix.gc.automatic = true; - # nix.gc.dates = "daily"; - # nix.gc.options = "--delete-old"; - - # nix.settings.keep-derivations = false; - # nix.settings.keep-outputs = true; - - # Garbage collect up to 100 GiB when only 20 GiB storage left - nix.extraOptions = '' - min-free = ${toString (20 * 1024 * 1024 * 1024)} - max-free = ${toString (100 * 1024 * 1024 * 1024)} - ''; - - nix.nrBuildUsers = 64; - - # prevent memory to get filled - systemd.services.nix-daemon.serviceConfig = { - MemoryAccounting = true; - MemoryMax = "90%"; - OOMScoreAdjust = 500; - }; - - # Ollama used by open-webui as llm backend - services.ollama = { - enable = true; - # acceleration = "rocm"; - openFirewall = true; - }; - - services.nextjs-ollama-llm-ui = { - enable = true; - hostname = "192.168.3.118"; - port = 3001; - }; - # services.open-webui = { - # enable = true; - # port = 8080; - # openFirewall = true; - # host = "builder.julian-mutter.de"; - # }; - - networking.firewall.allowedTCPPorts = [ - 80 - 3001 # ollama-ui - ]; - - services.openssh = { - enable = true; - # require public key authentication for better security - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; - settings.PermitRootLogin = "yes"; - # Add older algorithms for jenkins ssh-agents-plugin to be compatible - settings.Macs = [ - "hmac-sha2-512-etm@openssh.com" - "hmac-sha2-256-etm@openssh.com" - "umac-128-etm@openssh.com" - "hmac-sha2-512" - "hmac-sha2-256" - "umac-128@openssh.com" + networking.networkmanager.enable = true; + networking.nameservers = [ + "192.168.3.252" + "172.30.20.10" + "1.1.1.1" ]; - settings.KexAlgorithms = [ - "diffie-hellman-group-exchange-sha1" - "diffie-hellman-group14-sha1" - "mlkem768x25519-sha256" - "sntrup761x25519-sha512" - "sntrup761x25519-sha512@openssh.com" - "curve25519-sha256" - "curve25519-sha256@libssh.org" - "diffie-hellman-group-exchange-sha256" - ]; - }; - users.users."root".openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFcS+3d1tNgHmYCjueymCV9Bd2LcJcKGhVobrDe3r0s julian@kardorf" - ]; - users.users."nix".openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIQ+qMuXvyoxO1DuCR3/x+IQRfSA2WyMuzuotWZjCye root@aspi" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnfLJnS2SKUs47J0qpLTkk0LQA5quOuAhnxE6yppUDm root@kardorf" - ]; - # security.pam.sshAgentAuth.enable = true; # enable sudo via ssh - - services.hydra = { - enable = true; - hydraURL = "http://hydra.julian-mutter.de"; # externally visible URL - port = 3000; - notificationSender = "hydra@julian-mutter.de"; # e-mail of hydra service - # a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines - # buildMachinesFiles = [ ]; - # you will probably also want, otherwise *everything* will be built from scratch - useSubstitutes = true; - - minimumDiskFree = 5; # in GB - minimumDiskFreeEvaluator = 4; # in GB - }; - - # add builder itself as build machine so system emulation is properly supported - # nix.distributedBuilds = true; - nix.buildMachines = [ - { - hostName = "localhost"; - protocol = null; - # sshUser = "nix"; - systems = [ - "x86_64-linux" - "aarch64-linux" + users.mutableUsers = false; + users.users.nix = { + isNormalUser = true; + description = "Nix"; + extraGroups = [ + "networkmanager" + "wheel" + "docker" ]; - maxJobs = 4; - speedFactor = 3; - supportedFeatures = [ - "nixos-test" - "benchmark" - "big-parallel" - "kvm" + }; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + # Setup binary caches + nix.settings = { + substituters = [ + "https://nix-community.cachix.org" + "https://cache.nixos.org/" + "https://hyprland.cachix.org" + "https://devenv.cachix.org" + ]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" ]; - } - ]; - # Uris allowed as flake inputs, otherwise hydra does not fetch them - nix.settings.allowed-uris = [ - "github:" - "gitlab:" - "git+https://github.com/hyprwm/Hyprland" - "https://github.com/hyprwm/Hyprland" - "https://github" - "https://gitlab" - "https://gitlab.julian-mutter.de" - "git+https://gitlab.julian-mutter.de" - ]; + trusted-users = ["nix"]; + max-jobs = "auto"; + cores = 0; - services.nginx = { - enable = true; - recommendedProxySettings = true; - # recommendedTlsSettings = true; - # other Nginx options - virtualHosts."hydra.julian-mutter.de" = { - # enableACME = true; - # forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; - # proxyWebsockets = true; # needed if you need to use WebSocket - # extraConfig = - # # required when the target is also TLS server with multiple hosts - # "proxy_ssl_server_name on;" + - # # required when the server wants to use HTTP Authentication - # "proxy_pass_header Authorization;" - # ; + # Ensure we can still build when missing-server is not accessible + fallback = true; + }; + + # system.autoUpgrade = { + # enable = true; + # flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles"; + # flags = [ + # "--recreate-lock-file" # update lock file + # ]; + # dates = "02:13"; + # }; + + # optimize store by hardlinking store files + nix.optimise.automatic = true; + nix.optimise.dates = ["03:15"]; + + # nix.gc.automatic = true; + # nix.gc.dates = "daily"; + # nix.gc.options = "--delete-old"; + + # nix.settings.keep-derivations = false; + # nix.settings.keep-outputs = true; + + # Garbage collect up to 100 GiB when only 20 GiB storage left + nix.extraOptions = '' + min-free = ${toString (20 * 1024 * 1024 * 1024)} + max-free = ${toString (100 * 1024 * 1024 * 1024)} + ''; + + nix.nrBuildUsers = 64; + + # prevent memory to get filled + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; + + # Ollama used by open-webui as llm backend + services.ollama = { + enable = true; + # acceleration = "rocm"; + openFirewall = true; + }; + + services.nextjs-ollama-llm-ui = { + enable = true; + hostname = "192.168.3.118"; + port = 3001; + }; + # services.open-webui = { + # enable = true; + # port = 8080; + # openFirewall = true; + # host = "builder.julian-mutter.de"; + # }; + + networking.firewall.allowedTCPPorts = [ + 80 + 3001 # ollama-ui + ]; + + services.openssh = { + enable = true; + # require public key authentication for better security + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = "yes"; + # Add older algorithms for jenkins ssh-agents-plugin to be compatible + settings.Macs = [ + "hmac-sha2-512-etm@openssh.com" + "hmac-sha2-256-etm@openssh.com" + "umac-128-etm@openssh.com" + "hmac-sha2-512" + "hmac-sha2-256" + "umac-128@openssh.com" + ]; + settings.KexAlgorithms = [ + "diffie-hellman-group-exchange-sha1" + "diffie-hellman-group14-sha1" + "mlkem768x25519-sha256" + "sntrup761x25519-sha512" + "sntrup761x25519-sha512@openssh.com" + "curve25519-sha256" + "curve25519-sha256@libssh.org" + "diffie-hellman-group-exchange-sha256" + ]; + }; + users.users."root".openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFcS+3d1tNgHmYCjueymCV9Bd2LcJcKGhVobrDe3r0s julian@kardorf" + ]; + users.users."nix".openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIQ+qMuXvyoxO1DuCR3/x+IQRfSA2WyMuzuotWZjCye root@aspi" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnfLJnS2SKUs47J0qpLTkk0LQA5quOuAhnxE6yppUDm root@kardorf" + ]; + + # security.pam.sshAgentAuth.enable = true; # enable sudo via ssh + + services.hydra = { + enable = true; + hydraURL = "http://hydra.julian-mutter.de"; # externally visible URL + port = 3000; + notificationSender = "hydra@julian-mutter.de"; # e-mail of hydra service + # a standalone hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines + # buildMachinesFiles = [ ]; + # you will probably also want, otherwise *everything* will be built from scratch + useSubstitutes = true; + + minimumDiskFree = 5; # in GB + minimumDiskFreeEvaluator = 4; # in GB + }; + + # add builder itself as build machine so system emulation is properly supported + # nix.distributedBuilds = true; + nix.buildMachines = [ + { + hostName = "localhost"; + protocol = null; + # sshUser = "nix"; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + maxJobs = 4; + speedFactor = 3; + supportedFeatures = [ + "nixos-test" + "benchmark" + "big-parallel" + "kvm" + ]; + } + ]; + + # Uris allowed as flake inputs, otherwise hydra does not fetch them + nix.settings.allowed-uris = [ + "github:" + "gitlab:" + "git+https://github.com/hyprwm/Hyprland" + "https://github.com/hyprwm/Hyprland" + "https://github" + "https://gitlab" + "https://gitlab.julian-mutter.de" + "git+https://gitlab.julian-mutter.de" + ]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + # recommendedTlsSettings = true; + # other Nginx options + virtualHosts."hydra.julian-mutter.de" = { + # enableACME = true; + # forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + # proxyWebsockets = true; # needed if you need to use WebSocket + # extraConfig = + # # required when the target is also TLS server with multiple hosts + # "proxy_ssl_server_name on;" + + # # required when the server wants to use HTTP Authentication + # "proxy_pass_header Authorization;" + # ; + }; + }; + + virtualHosts."binarycache.julian-mutter.de" = { + locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + }; + + clientMaxBodySize = "2G"; + virtualHosts."cache.julian-mutter.de" = { + locations."/".proxyPass = "http://127.0.0.1:8080"; }; }; - virtualHosts."binarycache.julian-mutter.de" = { - locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; + # =========== Gitea actions ========== + services.gitea-actions-runner.instances."builder" = { + enable = true; + url = "https://gitlab.julian-mutter.de"; + name = "builder"; + tokenFile = config.sops.secrets."gitea_token".path; + labels = [ + # provide a debian base with nodejs for actions + "debian-latest:docker://node:18-bullseye" + # fake the ubuntu name, because node provides no ubuntu builds + "ubuntu-latest:docker://node:18-bullseye" + # devenv + "devenv:docker://ghcr.io/cachix/devenv/devenv:latest" + # provide native execution on the host + "nixos:host" + ]; }; - clientMaxBodySize = "2G"; - virtualHosts."cache.julian-mutter.de" = { - locations."/".proxyPass = "http://127.0.0.1:8080"; + virtualisation.docker.enable = true; + + # TODO: podman fails with: "cannot resolve hostname" + # virtualisation.podman = { + # enable = true; + # dockerCompat = true; + # defaultNetwork.settings.dns_enabled = true; + # }; + + sops.secrets."gitea_token" = { + owner = config.users.users.nix.name; + sopsFile = ./secrets.yaml; }; - }; - # =========== Gitea actions ========== - services.gitea-actions-runner.instances."builder" = { - enable = true; - url = "https://gitlab.julian-mutter.de"; - name = "builder"; - tokenFile = config.sops.secrets."gitea_token".path; - labels = [ - # provide a debian base with nodejs for actions - "debian-latest:docker://node:18-bullseye" - # fake the ubuntu name, because node provides no ubuntu builds - "ubuntu-latest:docker://node:18-bullseye" - # devenv - "devenv:docker://ghcr.io/cachix/devenv/devenv:latest" - # provide native execution on the host - "nixos:host" - ]; - }; + # =========== Binary Cache ========== + services.nix-serve = { + enable = true; + secretKeyFile = "/var/cache-priv-key.pem"; + }; - virtualisation.docker.enable = true; + # =========== Binary Cache with attic ========== + sops.secrets."attic_token".sopsFile = ./secrets.yaml; - # TODO: podman fails with: "cannot resolve hostname" - # virtualisation.podman = { - # enable = true; - # dockerCompat = true; - # defaultNetwork.settings.dns_enabled = true; - # }; + services.atticd = { + enable = true; + environmentFile = config.sops.secrets."attic_token".path; + settings = { + listen = "[::]:8080"; - sops.secrets."gitea_token" = { - owner = config.users.users.nix.name; - sopsFile = ./secrets.yaml; - }; + jwt = {}; - # =========== Binary Cache ========== - services.nix-serve = { - enable = true; - secretKeyFile = "/var/cache-priv-key.pem"; - }; - - # =========== Binary Cache with attic ========== - sops.secrets."attic_token".sopsFile = ./secrets.yaml; - - services.atticd = { - enable = true; - environmentFile = config.sops.secrets."attic_token".path; - settings = { - listen = "[::]:8080"; - - jwt = {}; - - # Data chunking - # - # Warning: If you change any of the values here, it will be - # difficult to reuse existing chunks for newly-uploaded NARs - # since the cutpoints will be different. As a result, the - # deduplication ratio will suffer for a while after the change. - chunking = { - # The minimum NAR size to trigger chunking + # Data chunking # - # If 0, chunking is disabled entirely for newly-uploaded NARs. - # If 1, all NARs are chunked. - nar-size-threshold = 64 * 1024; # 64 KiB + # Warning: If you change any of the values here, it will be + # difficult to reuse existing chunks for newly-uploaded NARs + # since the cutpoints will be different. As a result, the + # deduplication ratio will suffer for a while after the change. + chunking = { + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 64 * 1024; # 64 KiB - # The preferred minimum size of a chunk, in bytes - min-size = 16 * 1024; # 16 KiB + # The preferred minimum size of a chunk, in bytes + min-size = 16 * 1024; # 16 KiB - # The preferred average size of a chunk, in bytes - avg-size = 64 * 1024; # 64 KiB + # The preferred average size of a chunk, in bytes + avg-size = 64 * 1024; # 64 KiB - # The preferred maximum size of a chunk, in bytes - max-size = 256 * 1024; # 256 KiB + # The preferred maximum size of a chunk, in bytes + max-size = 256 * 1024; # 256 KiB + }; }; }; - }; - services.gitlab-runner.enable = true; - # runner for everything else - # - sops.secrets."gitlab_runner_token".sopsFile = ./secrets.yaml; - services.gitlab-runner.services.default = { - # File should contain at least these two variables: - authenticationTokenConfigFile = config.sops.secrets."gitlab_runner_token".path; - dockerImage = "alpine:latest"; - dockerVolumes = [ - "/var/run/docker.sock:/var/run/docker.sock" - ]; - }; + services.gitlab-runner.enable = true; + # runner for everything else + # + sops.secrets."gitlab_runner_token".sopsFile = ./secrets.yaml; + services.gitlab-runner.services.default = { + # File should contain at least these two variables: + authenticationTokenConfigFile = config.sops.secrets."gitlab_runner_token".path; + dockerImage = "alpine:latest"; + dockerVolumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + ]; + }; - ### Jenkins node - users.users.jenkins = { - createHome = true; - home = "/var/lib/jenkins"; - group = "jenkins"; - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ36sQhVz3kUEi8754G7r3rboihhG4iqFK/UvQm6SING jenkins@home" - ]; - packages = with pkgs; [ - git - devenv - ]; - extraGroups = [ - "docker" - ]; - }; + ### Jenkins node + users.users.jenkins = { + createHome = true; + home = "/var/lib/jenkins"; + group = "jenkins"; + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ36sQhVz3kUEi8754G7r3rboihhG4iqFK/UvQm6SING jenkins@home" + ]; + packages = with pkgs; [ + git + devenv + ]; + extraGroups = [ + "docker" + ]; + }; - users.groups.jenkins = {}; - programs.java = { - enable = true; - package = pkgs.jdk21; # Same as jenkins version on home + users.groups.jenkins = {}; + programs.java = { + enable = true; + package = pkgs.jdk21; # Same as jenkins version on home + }; }; } diff --git a/hosts/builder/hardware-configuration.nix b/hosts/builder/hardware-configuration.nix index 2761945..78ffb1a 100644 --- a/hosts/builder/hardware-configuration.nix +++ b/hosts/builder/hardware-configuration.nix @@ -1,50 +1,52 @@ -{lib, ...}: { - boot.initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - "sd_mod" - "sr_mod" - ]; - # boot.initrd.kernelModules = [ "amdgpu" ]; # GPU support - boot.kernelModules = []; - boot.extraModulePackages = []; +{ + flake.nixosModules.hosts.builder = {lib, ...}: { + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + # boot.initrd.kernelModules = [ "amdgpu" ]; # GPU support + boot.kernelModules = []; + boot.extraModulePackages = []; - fileSystems."/" = { - device = "/dev/disk/by-uuid/f088fe8e-bf3d-4a89-98bd-ead9852d381f"; - fsType = "ext4"; + fileSystems."/" = { + device = "/dev/disk/by-uuid/f088fe8e-bf3d-4a89-98bd-ead9852d381f"; + fsType = "ext4"; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + # hardware.graphics = { + # enable = true; + # extraPackages = with pkgs; [ + # rocmPackages.clr.icd + # linuxPackages.amdgpu-pro + # ]; + # }; + + # boot.kernelParams = [ + # "radeon.si_support=0" + # "radeon.cik_support=1" + # "amdgpu.si_support=0" + # "amdgpu.cik_support=1" + # ]; + # boot.extraModulePackages = with config.boot.kernelPackages; [ amdgpu-pro ]; + # boot.blacklistedKernelModules = [ "radeon" ]; + + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + + # Emulated systems used as alternative to cross-compiling + boot.binfmt.emulatedSystems = ["aarch64-linux"]; }; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - # hardware.graphics = { - # enable = true; - # extraPackages = with pkgs; [ - # rocmPackages.clr.icd - # linuxPackages.amdgpu-pro - # ]; - # }; - - # boot.kernelParams = [ - # "radeon.si_support=0" - # "radeon.cik_support=1" - # "amdgpu.si_support=0" - # "amdgpu.cik_support=1" - # ]; - # boot.extraModulePackages = with config.boot.kernelPackages; [ amdgpu-pro ]; - # boot.blacklistedKernelModules = [ "radeon" ]; - - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - - # Emulated systems used as alternative to cross-compiling - boot.binfmt.emulatedSystems = ["aarch64-linux"]; } diff --git a/hosts/common/global/auto-upgrade.nix b/hosts/common/global/auto-upgrade.nix deleted file mode 100644 index ccf295c..0000000 --- a/hosts/common/global/auto-upgrade.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - inputs, - config, - ... -}: { - system.hydraAutoUpgrade = { - # Only enable if not dirty - enable = inputs.self ? rev; - dates = "*:0/10"; # Every 10 minutes - instance = "http://hydra.julian-mutter.de"; - project = "dotfiles"; - jobset = "main"; - job = "hosts.${config.networking.hostName}"; - oldFlakeRef = "self"; - }; -} diff --git a/hosts/common/global/default.nix b/hosts/common/global/default.nix deleted file mode 100644 index b7fc332..0000000 --- a/hosts/common/global/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -# Common config for all hosts -{ - inputs, - outputs, - pkgs, - lib, - ... -}: { - imports = - [ - ./fish.nix # fish for admin - ./locale.nix - ./nix.nix - ./sops.nix - ./root.nix - ] - ++ [ - inputs.home-manager.nixosModules.home-manager - ] - ++ (builtins.attrValues outputs.nixosModules); - - # Replaces the (modulesPath + "/installer/scan/not-detected.nix") from default hardware-configuration.nix - # Enables non-free firmware - hardware.enableRedistributableFirmware = true; - - # Networking - networking.networkmanager = { - enable = true; - plugins = with pkgs; [ - networkmanager-openconnect - ]; - }; - services.resolved.enable = false; - # MDNS Taken by avahi - # networking.networkmanager.dns = "none"; - networking.nameservers = lib.mkDefault [ - "1.1.1.1" - "8.8.8.8" - ]; - - # HM module - home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config - home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails - home-manager.extraSpecialArgs = { - inherit inputs outputs; - }; -} diff --git a/hosts/common/global/fish.nix b/hosts/common/global/fish.nix deleted file mode 100644 index e53f255..0000000 --- a/hosts/common/global/fish.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - programs.fish = { - enable = true; - vendor = { - completions.enable = true; - config.enable = true; - functions.enable = true; - }; - }; -} diff --git a/hosts/common/global/locale.nix b/hosts/common/global/locale.nix deleted file mode 100644 index f2f8402..0000000 --- a/hosts/common/global/locale.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; - }; - - # Keymap - services.xserver.xkb = { - layout = "de"; - variant = ""; - }; - - console.keyMap = "de"; - - time.timeZone = "Europe/Berlin"; -} diff --git a/hosts/common/global/nix.nix b/hosts/common/global/nix.nix deleted file mode 100644 index 543fc05..0000000 --- a/hosts/common/global/nix.nix +++ /dev/null @@ -1,46 +0,0 @@ -{outputs, ...}: { - # Apply overlays - nixpkgs = { - # TODO: apply this to hm and nixos without duplicate code - overlays = builtins.attrValues outputs.overlays; - config = { - nvidia.acceptLicense = true; - allowUnfree = true; - allowUnfreePredicate = _: true; # TODO: what is this - warn-dirty = false; - permittedInsecurePackages = [ - "olm-3.2.16" - ]; - }; - }; - - # optimize at every build, slows down builds - # better to do optimise.automatic for regular optimising - # nix.settings.auto-optimise-store = lib.mkDefault true; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - "ca-derivations" - ]; - # warn-dirty = false; - - nix.gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - persistent = true; - }; - nix.optimise = { - automatic = true; - dates = ["weekly"]; # Optional; allows customizing optimisation schedule - persistent = true; - }; - - programs.nix-ld.enable = true; - - # TODO: is this useful?, what does it do? - # nix.settings.flake-registry = ""; # Disable global flake registry - # Add each flake input as a registry and nix_path - # registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs; - # nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; -} diff --git a/hosts/common/global/root.nix b/hosts/common/global/root.nix deleted file mode 100644 index 55c14aa..0000000 --- a/hosts/common/global/root.nix +++ /dev/null @@ -1,9 +0,0 @@ -{pkgs, ...}: { - # Packages needed as root - environment.systemPackages = with pkgs; [ - vim - htop - mc - gparted-xhost # needs to be installed as system package so it can be actually opened - ]; -} diff --git a/hosts/common/global/sops.nix b/hosts/common/global/sops.nix deleted file mode 100644 index 1ffa13a..0000000 --- a/hosts/common/global/sops.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - inputs, - config, - ... -}: let - isEd25519 = k: k.type == "ed25519"; - getKeyPath = k: k.path; - keys = builtins.filter isEd25519 config.services.openssh.hostKeys; -in { - imports = [inputs.sops-nix.nixosModules.sops]; - - sops.age = { - sshKeyPaths = map getKeyPath keys; - - # TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!) - # keyFile = "/home/julian/.config/sops/age/keys.txt"; - # Generate key if none of the above worked. With this, building will still work, just without secrets - generateKey = false; # TODO: building should not work without secrets!? - }; - - sops.defaultSopsFile = ../secrets.yaml; -} diff --git a/hosts/common/optional/authentication.nix b/hosts/common/optional/authentication.nix deleted file mode 100644 index ca8ac8e..0000000 --- a/hosts/common/optional/authentication.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - pkgs, - lib, - ... -}: { - # Make programs like nextcloud client access saved passwords - services.gnome.gnome-keyring.enable = true; - - programs.seahorse.enable = true; - programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6 - - # Make authentication work for e.g. gparted - security.polkit.enable = true; - systemd = { - user.services.polkit-gnome-authentication-agent-1 = { - description = "polkit-gnome-authentication-agent-1"; - wantedBy = ["graphical-session.target"]; - wants = ["graphical-session.target"]; - after = ["graphical-session.target"]; - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; - Restart = "on-failure"; - RestartSec = 1; - TimeoutStopSec = 10; - }; - }; - }; -} diff --git a/hosts/common/optional/avahi.nix b/hosts/common/optional/avahi.nix deleted file mode 100644 index b56a8f9..0000000 --- a/hosts/common/optional/avahi.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - # MDNS on local network - services.avahi = { - enable = true; - nssmdns4 = true; - nssmdns6 = true; - publish.enable = true; - publish.addresses = true; - ipv4 = true; - ipv6 = true; - }; -} diff --git a/hosts/common/optional/binarycaches.nix b/hosts/common/optional/binarycaches.nix deleted file mode 100644 index 8042737..0000000 --- a/hosts/common/optional/binarycaches.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - lib, - outputs, - ... -}: { - # Setup binary caches - nix.settings = { - substituters = [ - "https://nix-community.cachix.org" - "https://cache.nixos.org/" - "https://hyprland.cachix.org" - "http://binarycache.julian-mutter.de" - "https://devenv.cachix.org" - ]; - trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - "binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E=" - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" - ]; - - trusted-users = [ - "root" - "@wheel" - ]; # needed for devenv to add custom caches - - # Ensure we can still build when missing-server is not accessible - fallback = true; - }; -} diff --git a/hosts/common/optional/boot-efi.nix b/hosts/common/optional/boot-efi.nix deleted file mode 100644 index 31bf063..0000000 --- a/hosts/common/optional/boot-efi.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - # Bootloader - # Use this for simple nix boot menu, if no dual boot required - boot.loader.systemd-boot.enable = true; - boot.loader.systemd-boot.configurationLimit = 10; - boot.loader.efi.canTouchEfiVariables = true; - - # https://github.com/NixOS/nixpkgs/blob/c32c39d6f3b1fe6514598fa40ad2cf9ce22c3fb7/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix#L66 - boot.loader.systemd-boot.editor = false; - - boot.supportedFilesystems = [ - "btrfs" - "ntfs" - "nfs" - "cifs" - ]; -} diff --git a/hosts/common/optional/docker.nix b/hosts/common/optional/docker.nix deleted file mode 100644 index a0f86ac..0000000 --- a/hosts/common/optional/docker.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - virtualisation.docker = { - enable = true; - }; -} diff --git a/hosts/common/optional/flatpak.nix b/hosts/common/optional/flatpak.nix deleted file mode 100644 index e36cbc3..0000000 --- a/hosts/common/optional/flatpak.nix +++ /dev/null @@ -1,6 +0,0 @@ -{pkgs, ...}: { - services.flatpak.enable = true; - xdg.portal.enable = true; - xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk]; - xdg.portal.config.common.default = "*"; # Use first portal implementation found -} diff --git a/hosts/common/optional/gamemode.nix b/hosts/common/optional/gamemode.nix deleted file mode 100644 index 11362f5..0000000 --- a/hosts/common/optional/gamemode.nix +++ /dev/null @@ -1,21 +0,0 @@ -{pkgs, ...}: { - programs.gamemode = { - enable = true; - settings = { - general = { - softrealtime = "auto"; - inhibit_screensaver = 1; - renice = 5; - }; - # gpu = { - # apply_gpu_optimisations = "accept-responsibility"; - # gpu_device = 1; - # amd_performance_level = "high"; - # }; - custom = { - start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'"; - end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'"; - }; - }; - }; -} diff --git a/hosts/common/optional/gdm.nix b/hosts/common/optional/gdm.nix deleted file mode 100644 index ec66ccb..0000000 --- a/hosts/common/optional/gdm.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - services.xserver.displayManager.gdm = { - enable = true; - }; - - # unlock GPG keyring on login - security.pam.services.gdm.enableGnomeKeyring = true; -} diff --git a/hosts/common/optional/greetd.nix b/hosts/common/optional/greetd.nix deleted file mode 100644 index 0d55e74..0000000 --- a/hosts/common/optional/greetd.nix +++ /dev/null @@ -1,37 +0,0 @@ -{config, ...}: let - homeCfgs = config.home-manager.users; - julianCfg = homeCfgs.julian; -in { - users.extraUsers.greeter = { - # For caching - home = "/tmp/greeter-home"; - createHome = true; - }; - - programs.regreet = { - enable = true; - iconTheme = julianCfg.gtk.iconTheme; - theme = julianCfg.gtk.theme; - # font = julianCfg.fontProfiles.regular; # TODO: do - cursorTheme = { - inherit (julianCfg.gtk.cursorTheme) name package; - }; - cageArgs = [ - "-s" - "-m" - "last" - ]; # multimonitor use last monitor - # settings.background = { - # path = julianCfg.wallpaper; - # fit = "Cover"; - # }; # TODO: fix - - # TODO: setting keyboard language does not work - # settings = { - # env = { - # XKB_DEFAULT_LAYOUT = "de"; - # # XKB_DEFAULT_VARIANT = "altgr-intl"; - # }; - # }; - }; -} diff --git a/hosts/common/optional/i3.nix b/hosts/common/optional/i3.nix deleted file mode 100644 index d4773e5..0000000 --- a/hosts/common/optional/i3.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - services.xserver.windowManager.i3.enable = true; - services.xserver.windowManager.i3.package = pkgs.i3-gaps; - services.displayManager.defaultSession = "none+i3"; - - programs.xss-lock = { - # responds to "loginctl lock-session" via dbus - enable = true; - lockerCommand = "${pkgs.i3lock}/bin/i3lock --ignore-empty-password --color=000000"; - }; -} diff --git a/hosts/common/optional/kerberos.nix b/hosts/common/optional/kerberos.nix deleted file mode 100644 index 8dda9f2..0000000 --- a/hosts/common/optional/kerberos.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - security.krb5.enable = true; - security.krb5.settings = { - # domain_realm = { - # ".julian-mutter.de" = "julian-mutter.de"; - # "julian-mutter.de" = "julian-mutter.de"; - # }; - libdefaults = { - default_realm = "julian-mutter.de"; - # dns_lookup_realm = true; - # dns_lookup_kdc = true; - # ticket_lifetime = "24h"; - # renew_lifetime = "7d"; - }; - realms = { - "julian-mutter.de" = { - kdc = ["kerberos.julian-mutter.de"]; - admin_server = "kerberos-admin.julian-mutter.de"; - default_domain = "julian-mutter.de"; - }; - }; - }; -} diff --git a/hosts/common/optional/openssh.nix b/hosts/common/optional/openssh.nix deleted file mode 100644 index 4e6b738..0000000 --- a/hosts/common/optional/openssh.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - outputs, - lib, - config, - ... -}: let - hosts = lib.attrNames outputs.nixosConfigurations; -in { - services.openssh = { - enable = true; - settings = { - # Harden - PasswordAuthentication = false; - PermitRootLogin = "no"; - - # TODO: what does this do - # Let WAYLAND_DISPLAY be forwarded - AcceptEnv = "WAYLAND_DISPLAY"; - X11Forwarding = true; - }; - - hostKeys = [ - { - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - }; - - # TODO: is automatic known hosts file even necessary? - # programs.ssh = { - # # Each hosts public key - # knownHosts = lib.genAttrs hosts (hostname: { - # publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub; - # extraHostNames = - # [ - # # "${hostname}.m7.rs" - # ] - # ++ - # # Alias for localhost if it's the same host - # (lib.optional (hostname == config.networking.hostName) "localhost") - # # Alias to m7.rs and git.m7.rs if it's alcyone - # ++ (lib.optionals (hostname == "alcyone") [ - # "m7.rs" - # "git.m7.rs" - # ]); - # }); - # }; -} diff --git a/hosts/common/optional/pcmanfm.nix b/hosts/common/optional/pcmanfm.nix deleted file mode 100644 index debaff0..0000000 --- a/hosts/common/optional/pcmanfm.nix +++ /dev/null @@ -1,9 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [ - shared-mime-info # extended mimetype support - lxmenu-data # open with "Installed Applications" - pcmanfm - ]; - - services.gvfs.enable = true; # Mount, trash, and other functionalities -} diff --git a/hosts/common/optional/pipewire.nix b/hosts/common/optional/pipewire.nix deleted file mode 100644 index eec649e..0000000 --- a/hosts/common/optional/pipewire.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - security.rtkit.enable = true; - services.pulseaudio.enable = false; - services.pipewire = { - enable = true; - wireplumber.enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - extraConfig.pipewire = { - "99-no-bell" = { - # Disable bell sound - "context.properties" = { - "module.x11.bell" = false; - }; - }; - "10-increase-buffer" = { - "context.properties" = { - "default.clock.rate" = 48000; - "default.clock.quantum" = 1024; - "default.clock.min-quantum" = 1024; - "default.clock.max-quantum" = 2048; - }; - }; - }; - }; -} diff --git a/hosts/common/optional/podman.nix b/hosts/common/optional/podman.nix deleted file mode 100644 index 8a57d28..0000000 --- a/hosts/common/optional/podman.nix +++ /dev/null @@ -1,10 +0,0 @@ -{config, ...}: let - dockerEnabled = config.virtualisation.docker.enable; -in { - virtualisation.podman = { - enable = true; - dockerCompat = !dockerEnabled; - dockerSocket.enable = !dockerEnabled; - defaultNetwork.settings.dns_enabled = true; - }; -} diff --git a/hosts/common/optional/redshift.nix b/hosts/common/optional/redshift.nix deleted file mode 100644 index 9fad0e4..0000000 --- a/hosts/common/optional/redshift.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - # Set location used by redshift - location.provider = "manual"; - location.latitude = 47.92; - location.longitude = 10.12; - services.redshift.enable = true; -} diff --git a/hosts/common/optional/remote-builder.nix b/hosts/common/optional/remote-builder.nix deleted file mode 100644 index a38e1ce..0000000 --- a/hosts/common/optional/remote-builder.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - nix.distributedBuilds = true; - nix.settings.builders-use-substitutes = true; - - nix.buildMachines = [ - { - hostName = "builder.julian-mutter.de"; - protocol = "ssh"; - sshUser = "nix"; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - maxJobs = 4; - speedFactor = 3; - supportedFeatures = [ - "nixos-test" - "benchmark" - "big-parallel" - "kvm" - ]; - mandatoryFeatures = []; - } - # { - # hostName = "localhost"; - # protocol = null; - # systems = [ - # "x86_64-linux" - # ]; - # maxJobs = 4; - # speedFactor = 1; - # } - ]; -} diff --git a/hosts/common/optional/thunar.nix b/hosts/common/optional/thunar.nix deleted file mode 100644 index b1e26ba..0000000 --- a/hosts/common/optional/thunar.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - programs.thunar.enable = true; - programs.xfconf.enable = true; # Persist saved preferences - programs.thunar.plugins = with pkgs.xfce; [ - thunar-archive-plugin - thunar-volman - thunar-media-tags-plugin - ]; - services.gvfs.enable = true; # Mount, trash, and other functionalities - services.tumbler.enable = true; # Thumbnail support for images -} diff --git a/hosts/common/optional/virtualbox.nix b/hosts/common/optional/virtualbox.nix deleted file mode 100644 index d80ddae..0000000 --- a/hosts/common/optional/virtualbox.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - virtualisation.virtualbox.host.enable = true; - # virtualisation.virtualbox.host.enableExtensionPack = true; - # virtualisation.virtualbox.guest.enable = true; - # virtualisation.virtualbox.guest.x11 = true; - users.extraGroups.vboxusers.members = ["julian"]; -} diff --git a/hosts/common/optional/wireguard.nix b/hosts/common/optional/wireguard.nix deleted file mode 100644 index cce1a4f..0000000 --- a/hosts/common/optional/wireguard.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - networking.wg-quick.interfaces = { - julian = { - configFile = "/etc/wireguard/julian.conf"; - autostart = true; # This interface is started on boot - }; - comu = { - configFile = "/etc/wireguard/comu.conf"; - autostart = false; - }; - }; -} diff --git a/hosts/common/optional/wireshark.nix b/hosts/common/optional/wireshark.nix deleted file mode 100644 index 83e9ae9..0000000 --- a/hosts/common/optional/wireshark.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - programs.wireshark = { - enable = true; - dumpcap.enable = true; - usbmon.enable = true; - }; - - users.users.julian.extraGroups = ["wireshark"]; -} diff --git a/hosts/common/optional/xserver.nix b/hosts/common/optional/xserver.nix deleted file mode 100644 index b50d83b..0000000 --- a/hosts/common/optional/xserver.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - services.xserver = { - enable = true; - wacom.enable = true; - }; -} diff --git a/hosts/common/users/julian/default.nix b/hosts/common/users/julian/default.nix deleted file mode 100644 index 83521a2..0000000 --- a/hosts/common/users/julian/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: let - ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; -in { - users.mutableUsers = false; - users.users.julian = { - description = "Julian"; - group = "julian"; - isNormalUser = true; - uid = 1000; - shell = pkgs.fish; - extraGroups = ifTheyExist [ - "networkmanager" - "wheel" - "audio" - "realtime" - "rtkit" - "network" - "video" - "podman" - "docker" - "git" - "gamemode" - "dialout" - ]; - - openssh.authorizedKeys.keys = lib.splitString "\n" ( - builtins.readFile ../../../../homes/julian/ssh.pub - ); - # hashedPasswordFile = config.sops.secrets.julian-password.path; - hashedPassword = "$y$j9T$N33kLJQbV8soUoCbDkpwA1$r/yahJDgOPo4GGOrAi6BUG5zLTzmaBrA5NQ4nno561A"; - packages = [pkgs.home-manager]; - }; - users.groups.julian = { - gid = 1000; - }; - - sops.secrets.julian-password = { - sopsFile = ../../secrets.yaml; - neededForUsers = true; - }; - - home-manager.users.julian = import ../../../../homes/julian/${config.networking.hostName}.nix; - - security.pam.services.swaylock = {}; # Make swaylock unlocking work -} diff --git a/hosts/common/users/pob/default.nix b/hosts/common/users/pob/default.nix deleted file mode 100644 index beb5b6f..0000000 --- a/hosts/common/users/pob/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - pkgs, - config, - ... -}: let - ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; -in { - users.mutableUsers = false; - users.users.pob = { - description = "A helper user to use another profile for some applications"; - group = "pob"; - isNormalUser = true; - shell = pkgs.fish; - extraGroups = ifTheyExist [ - "networkmanager" - ]; - packages = with pkgs; [ - firefox - wineWowPackages.stable # 32-bit and 64-bit wine - winetricks - ]; - }; - users.groups.pob = {}; - - security.sudo.extraConfig = '' - julian ALL=(pob) NOPASSWD: ALL - ''; -} diff --git a/hosts/common/users/wolfi/default.nix b/hosts/common/users/wolfi/default.nix deleted file mode 100644 index e455a7a..0000000 --- a/hosts/common/users/wolfi/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - pkgs, - config, - ... -}: let - ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; -in { - users.mutableUsers = false; - users.users.wolfi = { - description = "Wolfi"; - group = "wolfi"; - isNormalUser = true; - shell = pkgs.fish; - extraGroups = ifTheyExist [ - "networkmanager" - "wheel" - "audio" - "network" - "video" - "podman" - "docker" - "git" - "gamemode" - ]; - - hashedPassword = "$y$j9T$ifzWjoZaRtPUOOfMYnbJ20$uFOO1EyDApL52vRUicZYgupaTA/a6sGNUj3imZ/lcb6"; - packages = [pkgs.home-manager]; - }; - users.groups.wolfi = {}; -} diff --git a/hosts/common/users/yukari/default.nix b/hosts/common/users/yukari/default.nix deleted file mode 100644 index a22ce5b..0000000 --- a/hosts/common/users/yukari/default.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ - pkgs, - config, - lib, - outputs, - ... -}: let - ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; -in { - users.mutableUsers = false; - users.users.yukari = { - description = "Yukari"; - group = "yukari"; - isNormalUser = true; - shell = pkgs.fish; - extraGroups = ifTheyExist [ - "networkmanager" - "audio" - "network" - "video" - "podman" - "docker" - "git" - "gamemode" - ]; - - createHome = true; - hashedPassword = "$y$j9T$rGuTL0rfiy7ht8L58BGCw0$fN.KwHjYlIitFEPHndKvV06ezgeWzP3/58o1kkviZwB"; - packages = [pkgs.home-manager]; - }; - users.groups.yukari = {}; - - home-manager.users.yukari = { - imports = - [ - ../../../../homes/julian/features/fonts - ../../../../homes/julian/features/suites/cli - ] - ++ (builtins.attrValues outputs.homeManagerModules); - - home = { - username = lib.mkDefault "yukari"; - homeDirectory = lib.mkDefault "/home/${config.home.username}"; - stateVersion = lib.mkDefault "23.11"; - - sessionPath = ["$HOME/.local/bin"]; - - packages = with pkgs; [ - arandr - calibre # ebook manager and viewer - # digikam - discord - discord-ptb # in case discord updates take their time - # dvdisaster - # element-desktop - # rocketchat-desktop - thunderbird - telegram-desktop # telegram - # schildichat-desktop # not updated regularly - nheko - evince # Simple pdf reader, good for focusing on document content - firefox - vivaldi - # geogebra - cheese - handbrake - # kitty # Terminal, already available as feature - libnotify - libreoffice - mate.engrampa - nomacs # Image viewer - kdePackages.okular # Pdf reader with many features, good for commenting documents - pavucontrol - qalculate-gtk # Nice gui calculator - qpdfview - # qutebrowser - # realvnc-vnc-viewer - # rustdesk - tor-browser - # frajul.pob-dev-version # Path of Building - vlc - wineWowPackages.stable # 32-bit and 64-bit wine - winetricks - xclip # x11 clipboard access from terminal - xfce.mousepad # simple text editor - xournalpp # Edit pdf files - zoom-us # Video conferencing - zotero # Manage papers and other sources - pdfpc # Present slides in pdf form - ]; - }; - programs = { - home-manager.enable = true; - git.enable = true; - }; - }; -} diff --git a/hosts/kardorf/default.nix b/hosts/kardorf/default.nix index 6c04e94..ddd8cf5 100644 --- a/hosts/kardorf/default.nix +++ b/hosts/kardorf/default.nix @@ -1,50 +1,59 @@ -{pkgs, ...}: { - imports = [ - ./hardware-configuration.nix +{ + inputs, + self, + ... +}: { + flake.nixosConfigurations.kardorf = inputs.nixpkgs.lib.nixosSystem { + modules = [ + self.nixosModules.hosts.kardorf + ]; + }; + flake.nixosModules.hosts.kardorf = {pkgs, ...}: { + imports = [ + ../common/global + ../common/users/julian + ../common/users/wolfi + ../common/optional/binarycaches.nix - ../common/global - ../common/users/julian - ../common/users/wolfi - ../common/optional/binarycaches.nix + # ../common/optional/xserver.nix + ../common/optional/remote-builder.nix + ../common/optional/boot-efi.nix - # ../common/optional/xserver.nix - ../common/optional/remote-builder.nix - ../common/optional/boot-efi.nix + ../common/optional/greetd.nix + ../common/optional/authentication.nix + ../common/optional/pcmanfm.nix + ../common/optional/pipewire.nix - ../common/optional/greetd.nix - ../common/optional/authentication.nix - ../common/optional/pcmanfm.nix - ../common/optional/pipewire.nix + ../common/optional/virtualbox.nix - ../common/optional/virtualbox.nix + # ../common/optional/gdm.nix + # ../common/optional/i3.nix - # ../common/optional/gdm.nix - # ../common/optional/i3.nix + ../common/optional/openssh.nix - ../common/optional/openssh.nix + ../common/optional/podman.nix + ../common/optional/flatpak.nix + ]; - ../common/optional/podman.nix - ../common/optional/flatpak.nix - ]; + networking.hostName = "kardorf"; + system.stateVersion = "22.11"; - networking.hostName = "kardorf"; - system.stateVersion = "22.11"; + # Not using the drivers leads to way better results + # services.xserver.videoDrivers = [ "nvidia" ]; - # Not using the drivers leads to way better results - # services.xserver.videoDrivers = [ "nvidia" ]; + networking.networkmanager.insertNameservers = ["192.168.3.252"]; - networking.networkmanager.insertNameservers = ["192.168.3.252"]; + programs.kdeconnect.enable = true; + programs.steam.enable = true; - programs.kdeconnect.enable = true; - programs.steam.enable = true; + programs.hyprland.enable = true; + services.desktopManager.plasma6.enable = true; - programs.hyprland.enable = true; - services.desktopManager.plasma6.enable = true; + # Enable CUPS to print documents. + services.printing.enable = true; + services.printing.browsing = true; + services.printing.drivers = with pkgs; [gutenprint]; - # Enable CUPS to print documents. - services.printing.enable = true; - services.printing.browsing = true; - services.printing.drivers = with pkgs; [gutenprint]; - - services.libinput.enable = true; + services.libinput.enable = true; + }; } diff --git a/hosts/kardorf/hardware-configuration.nix b/hosts/kardorf/hardware-configuration.nix index d0a7a18..0e6299d 100644 --- a/hosts/kardorf/hardware-configuration.nix +++ b/hosts/kardorf/hardware-configuration.nix @@ -1,89 +1,88 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { - config, - lib, - ... -}: { - boot.initrd.availableKernelModules = [ - "ehci_pci" - "ahci" - "xhci_pci" - "usbhid" - "uas" - "usb_storage" - "sd_mod" - "sr_mod" - ]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; - boot.loader.efi.efiSysMountPoint = "/boot/efi"; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" + flake.nixosModules.hosts.kardorf = { + config, + lib, + ... + }: { + boot.initrd.availableKernelModules = [ + "ehci_pci" + "ahci" + "xhci_pci" + "usbhid" + "uas" + "usb_storage" + "sd_mod" + "sr_mod" ]; - }; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + boot.loader.efi.efiSysMountPoint = "/boot/efi"; - fileSystems."/home" = { - device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94"; - fsType = "btrfs"; - options = [ - "subvol=home" - "compress=zstd" + fileSystems."/" = { + device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94"; + fsType = "btrfs"; + options = [ + "subvol=home" + "compress=zstd" + ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94"; + fsType = "btrfs"; + options = [ + "subvol=nix" + "compress=zstd" + "noatime" + ]; + }; + + fileSystems."/swap" = { + device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94"; + fsType = "btrfs"; + options = [ + "subvol=swap" + "noatime" + ]; + }; + + fileSystems."/boot/efi" = { + device = "/dev/disk/by-uuid/7D48-A59C"; + fsType = "vfat"; + }; + + swapDevices = [ + { + device = "/swap/swapfile"; + size = 16 * 1024; + } ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.docker0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + # Use latest version of driver + # hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; + hardware.nvidia.modesetting.enable = true; # produces errors, display manager fails to start + + hardware.nvidia.nvidiaSettings = true; + hardware.nvidia.open = false; }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94"; - fsType = "btrfs"; - options = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - - fileSystems."/swap" = { - device = "/dev/disk/by-uuid/97a9342e-0be0-4193-9a25-03400fc7da94"; - fsType = "btrfs"; - options = [ - "subvol=swap" - "noatime" - ]; - }; - - fileSystems."/boot/efi" = { - device = "/dev/disk/by-uuid/7D48-A59C"; - fsType = "vfat"; - }; - - swapDevices = [ - { - device = "/swap/swapfile"; - size = 16 * 1024; - } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.docker0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - # Use latest version of driver - # hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; - hardware.nvidia.modesetting.enable = true; # produces errors, display manager fails to start - - hardware.nvidia.nvidiaSettings = true; - hardware.nvidia.open = false; } diff --git a/hosts/pianonix/default.nix b/hosts/pianonix/default.nix index 792f002..084fd6e 100644 --- a/hosts/pianonix/default.nix +++ b/hosts/pianonix/default.nix @@ -1,276 +1,285 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { - lib, inputs, - config, - pkgs, + self, ... }: { - imports = [ - inputs.nixos-hardware.nixosModules.raspberry-pi-4 - - ./hardware-configuration.nix - - ../common/global - ../common/users/julian - ../common/optional/binarycaches.nix - - ../common/optional/pipewire.nix - ../common/optional/remote-builder.nix - ../common/optional/pcmanfm.nix - ../common/optional/redshift.nix - ../common/optional/authentication.nix - - ../common/optional/avahi.nix - ]; - - environment.systemPackages = [ - (pkgs.python3.withPackages (p: - with p; [ - numpy - pillow - flask - rpi-gpio - webcolors - psutil - mido - rtmidi-python - spidev - waitress - websockets - werkzeug - - pkgs.frajul.rpi-ws281x-python - ])) - ]; - - # disko.devices.disk.main.device = "/dev/mmcblk1"; - - # enabled by fish, disabling speeds up builds - documentation.man.generateCaches = false; - - # networking.enableIPv6 = false; # This only leads to issues with avahi - # services.avahi.ipv6 = false; - - hardware.raspberry-pi."4".bluetooth.enable = true; - hardware.bluetooth.enable = true; - hardware.bluetooth.powerOnBoot = true; - services.blueman.enable = true; # bluetooth gui - # raspberry pi specific - # systemd.services.btattach = { - # before = [ "bluetooth.service" ]; - # after = [ "dev-ttyAMA0.device" ]; - # wantedBy = [ "multi-user.target" ]; - # serviceConfig = { - # ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000"; - # }; - # }; - # networking.wireless.enable = true; - # networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path; - # networking.wireless.networks = { - # "SMARTments".pskRaw = "ext:PSK"; - # }; - - # networking.networkmanager.enable = lib.mkForce false; - - services.gnome.at-spi2-core.enable = true; # for onboard - - networking.hostName = "pianonix"; - system.stateVersion = "22.11"; - - sops.secrets."vnc-passwd" = { - owner = config.users.users.julian.name; - sopsFile = ./secrets-vnc-passwd.bin; - format = "binary"; - }; - sops.secrets."wifi/pianonix" = {}; - sops.secrets."syncthing/pianonix/key" = {}; - sops.secrets."syncthing/pianonix/cert" = {}; - # sops.secrets."syncthing/public-keys/aspi-nix" = { }; - # sops.secrets."syncthing/public-keys/pianonix" = { }; - - sops.secrets."wg-config" = { - sopsFile = ./secrets-wg-config.bin; - format = "binary"; - }; - - networking.wg-quick.interfaces = { - home = { - configFile = config.sops.secrets."wg-config".path; - autostart = true; # This interface is started on boot - }; - }; - - modules = { - syncthing = { - enable = true; - overrideSettings = true; - }; - }; - - # Enable the Desktop Environment. - # services.xserver.displayManager.lightdm.enable = true; - services.displayManager.defaultSession = "xfce"; - services.displayManager.autoLogin = { - enable = true; - user = "julian"; - }; - - systemd.services.x11vnc = { - description = "Run x11vnc server"; - after = ["display-manager.service"]; - wantedBy = ["multi-user.target"]; - serviceConfig = { - ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${ - config.sops.secrets."vnc-passwd".path - } -forever -loop -noxdamage -repeat -rfbport 5900 -shared"; - User = config.users.users.julian.name; - Restart = "on-failure"; - Environment = "DISPLAY=:0"; - }; - }; - - boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s - - # De-facto disable network manager, which is enabled by gnome - # networking.networkmanager.unmanaged = [ "*" ]; - services.xserver.enable = true; - services.xserver.desktopManager = { - xfce = { - enable = true; - }; - }; - - services.xserver.displayManager.sessionCommands = '' - # Prevent screen from going blank or turning off (values in min) - ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0 - ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0 - ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0 - ''; - - services.xserver.xautolock.enable = false; - services.xserver.desktopManager.xfce.enableScreensaver = false; - - # xdg.portal.lxqt.enable = true; - - services.openssh = { - enable = true; - # require public key authentication for better security - settings.PasswordAuthentication = false; - settings.KbdInteractiveAuthentication = false; - settings.PermitRootLogin = "yes"; - }; - users.users."root".openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi" - ]; - - services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path; - services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path; - services.syncthing.settings = { - devices = { - "aspi-nix" = { - id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3"; - }; - "pianonix" = { - id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH"; - }; - }; - folders = { - "Klavier" = { - path = "/home/julian/Klavier"; - id = "flc3m-q4gp2"; - devices = [ - "aspi-nix" - "pianonix" - ]; - }; - }; - }; - - networking.firewall.enable = false; - networking.firewall.allowedTCPPorts = [ - 5900 # for vnc - ]; - - # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI! - # If no user is logged in, the machine will power down after 20 minutes. - systemd.targets.sleep.enable = false; - systemd.targets.suspend.enable = false; - systemd.targets.hibernate.enable = false; - systemd.targets.hybrid-sleep.enable = false; - - ## Raspberry pi specific config - # hardware.raspberry-pi."4" = { - # fkms-3d.enable = true; - # touch-ft5406.enable = true; - # }; - # Prevent host becoming unreachable on wifi after some time (for raspberry pi) - networking.networkmanager.wifi.powersave = false; - # Enable audio devices on raspberry pi - # boot.kernelParams = [ - # "snd_bcm2835.enable_hdmi=1" - # "snd_bcm2835.enable_headphones=1" - # ]; - # boot.loader.raspberryPi.firmwareConfig = '' - # dtparam=audio=on - # ''; - - ## Enable SPI - hardware.raspberry-pi."4".apply-overlays-dtmerge.enable = true; - hardware.deviceTree = { - enable = true; - filter = lib.mkForce "*-rpi-4*.dtb"; - overlays = [ - { - name = "spi"; - dtboFile = ./spi0-0cs.dtbo; - } + flake.nixosConfigurations.pianonix = inputs.nixpkgs.lib.nixosSystem { + modules = [ + self.nixosModules.hosts.pianonix ]; }; - users.groups.spi = {}; + flake.nixosModules.hosts.pianonix = { + lib, + inputs, + config, + pkgs, + ... + }: { + imports = [ + inputs.nixos-hardware.nixosModules.raspberry-pi-4 - # services.udev.extraRules = '' - # SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660" - # ''; + ./hardware-configuration.nix - ## Use GPIO as non-root - # Create gpio group - users.groups.gpio = {}; + ../common/global + ../common/users/julian + ../common/optional/binarycaches.nix - # Change permissions gpio devices - services.udev.extraRules = '' - SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660" + ../common/optional/pipewire.nix + ../common/optional/remote-builder.nix + ../common/optional/pcmanfm.nix + ../common/optional/redshift.nix + ../common/optional/authentication.nix - SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" - SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" - SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" - ''; + ../common/optional/avahi.nix + ]; - # Add user to group - users.users.julian.extraGroups = ["gpio"]; + environment.systemPackages = [ + (pkgs.python3.withPackages (p: + with p; [ + numpy + pillow + flask + rpi-gpio + webcolors + psutil + mido + rtmidi-python + spidev + waitress + websockets + werkzeug - ## My own Piano LED Visualizer - services.piano-led-visualizer.enable = true; + pkgs.frajul.rpi-ws281x-python + ])) + ]; - ## Crude fix for avahi - systemd.timers.avahiRestart = { - description = "Restart avahi-daemon every 5 minutes"; - wantedBy = ["timers.target"]; - timerConfig = { - OnBootSec = "5min"; - OnUnitActiveSec = "5min"; - Unit = "avahiRestart.service"; + # disko.devices.disk.main.device = "/dev/mmcblk1"; + + # enabled by fish, disabling speeds up builds + documentation.man.generateCaches = false; + + # networking.enableIPv6 = false; # This only leads to issues with avahi + # services.avahi.ipv6 = false; + + hardware.raspberry-pi."4".bluetooth.enable = true; + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + services.blueman.enable = true; # bluetooth gui + # raspberry pi specific + # systemd.services.btattach = { + # before = [ "bluetooth.service" ]; + # after = [ "dev-ttyAMA0.device" ]; + # wantedBy = [ "multi-user.target" ]; + # serviceConfig = { + # ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000"; + # }; + # }; + # networking.wireless.enable = true; + # networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path; + # networking.wireless.networks = { + # "SMARTments".pskRaw = "ext:PSK"; + # }; + + # networking.networkmanager.enable = lib.mkForce false; + + services.gnome.at-spi2-core.enable = true; # for onboard + + networking.hostName = "pianonix"; + system.stateVersion = "22.11"; + + sops.secrets."vnc-passwd" = { + owner = config.users.users.julian.name; + sopsFile = ./secrets-vnc-passwd.bin; + format = "binary"; }; - }; + sops.secrets."wifi/pianonix" = {}; + sops.secrets."syncthing/pianonix/key" = {}; + sops.secrets."syncthing/pianonix/cert" = {}; + # sops.secrets."syncthing/public-keys/aspi-nix" = { }; + # sops.secrets."syncthing/public-keys/pianonix" = { }; - systemd.services.avahiRestart = { - description = "Restart avahi-daemon service"; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${pkgs.systemd}/bin/systemctl restart avahi-daemon.service"; + sops.secrets."wg-config" = { + sopsFile = ./secrets-wg-config.bin; + format = "binary"; + }; + + networking.wg-quick.interfaces = { + home = { + configFile = config.sops.secrets."wg-config".path; + autostart = true; # This interface is started on boot + }; + }; + + modules = { + syncthing = { + enable = true; + overrideSettings = true; + }; + }; + + # Enable the Desktop Environment. + # services.xserver.displayManager.lightdm.enable = true; + services.displayManager.defaultSession = "xfce"; + services.displayManager.autoLogin = { + enable = true; + user = "julian"; + }; + + systemd.services.x11vnc = { + description = "Run x11vnc server"; + after = ["display-manager.service"]; + wantedBy = ["multi-user.target"]; + serviceConfig = { + ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbauth ${ + config.sops.secrets."vnc-passwd".path + } -forever -loop -noxdamage -repeat -rfbport 5900 -shared"; + User = config.users.users.julian.name; + Restart = "on-failure"; + Environment = "DISPLAY=:0"; + }; + }; + + boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s + + # De-facto disable network manager, which is enabled by gnome + # networking.networkmanager.unmanaged = [ "*" ]; + services.xserver.enable = true; + services.xserver.desktopManager = { + xfce = { + enable = true; + }; + }; + + services.xserver.displayManager.sessionCommands = '' + # Prevent screen from going blank or turning off (values in min) + ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/blank-on-ac -s 0 + ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-sleep -s 0 + ${pkgs.xfce.xfconf}/bin/xfconf-query -c xfce4-power-manager -p /xfce4-power-manager/dpms-on-ac-off -s 0 + ''; + + services.xserver.xautolock.enable = false; + services.xserver.desktopManager.xfce.enableScreensaver = false; + + # xdg.portal.lxqt.enable = true; + + services.openssh = { + enable = true; + # require public key authentication for better security + settings.PasswordAuthentication = false; + settings.KbdInteractiveAuthentication = false; + settings.PermitRootLogin = "yes"; + }; + users.users."root".openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDVk/m4ydcYXzHxTWeNw2MlwxKU+JirTVOeHsYR4wdTokwYyNWZ3/zPcU4+XekSRatwJW1LJYrZ1Y5IJkobzgnOvYVI7SXZ1Tbzb1kAcnChSt+Dp/pKdMPZ8yY3PTFZh+R5F3rWFA/YZqTRhh0vuxPIVbLl7zOPExWwYGn9crkZaYZvKHVvgE5660hXo9pxbUKsSs+DIy/AE7gfKiZLusY95nk9T/jZ7Vmhl0UsF0RiDsfxgE664/vEKe8b+82kKCDt5nJVe8THSrjaw4+NUhef6R8UoUO1/Pn4TKq3Gil3Z36wPEPdkw2lYzX+d1EFyaC3hZJedSUfdFliPOejIbNvvhPBBD1wAGxxyuJZB5KLwWN7/efwCgw45buLbVfUuwwug7K7GK84A3yzqClbZKKv8rYdO04UG64A+Taq2LeyxQIDjygTgGk/1j/0Neb1RO0FbjlbTeNMZ54P+u7BTEcikJCsbFeseWDtYzupQtLt96KMbcdRgHy0CTGqFHE+my8= julian@julian-aspi" + ]; + + services.syncthing.key = config.sops.secrets."syncthing/pianonix/key".path; + services.syncthing.cert = config.sops.secrets."syncthing/pianonix/cert".path; + services.syncthing.settings = { + devices = { + "aspi-nix" = { + id = "DM5QRYU-ILJ4XYB-4V6NZDG-RAMVOND-3RSDSYR-52TW6RW-3XIU333-T7FNAA3"; + }; + "pianonix" = { + id = "FD3XSFW-7LQSCIQ-KHZPLNQ-7VZYGKH-RJ2ZKTJ-BG67NRH-36TQIZM-CXDYWAH"; + }; + }; + folders = { + "Klavier" = { + path = "/home/julian/Klavier"; + id = "flc3m-q4gp2"; + devices = [ + "aspi-nix" + "pianonix" + ]; + }; + }; + }; + + networking.firewall.enable = false; + networking.firewall.allowedTCPPorts = [ + 5900 # for vnc + ]; + + # Disable the GNOME3/GDM auto-suspend feature that cannot be disabled in GUI! + # If no user is logged in, the machine will power down after 20 minutes. + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; + + ## Raspberry pi specific config + # hardware.raspberry-pi."4" = { + # fkms-3d.enable = true; + # touch-ft5406.enable = true; + # }; + # Prevent host becoming unreachable on wifi after some time (for raspberry pi) + networking.networkmanager.wifi.powersave = false; + # Enable audio devices on raspberry pi + # boot.kernelParams = [ + # "snd_bcm2835.enable_hdmi=1" + # "snd_bcm2835.enable_headphones=1" + # ]; + # boot.loader.raspberryPi.firmwareConfig = '' + # dtparam=audio=on + # ''; + + ## Enable SPI + hardware.raspberry-pi."4".apply-overlays-dtmerge.enable = true; + hardware.deviceTree = { + enable = true; + filter = lib.mkForce "*-rpi-4*.dtb"; + overlays = [ + { + name = "spi"; + dtboFile = ./spi0-0cs.dtbo; + } + ]; + }; + + users.groups.spi = {}; + + # services.udev.extraRules = '' + # SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660" + # ''; + + ## Use GPIO as non-root + # Create gpio group + users.groups.gpio = {}; + + # Change permissions gpio devices + services.udev.extraRules = '' + SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660" + + SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660" + SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'" + SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'" + ''; + + # Add user to group + users.users.julian.extraGroups = ["gpio"]; + + ## My own Piano LED Visualizer + services.piano-led-visualizer.enable = true; + + ## Crude fix for avahi + systemd.timers.avahiRestart = { + description = "Restart avahi-daemon every 5 minutes"; + wantedBy = ["timers.target"]; + timerConfig = { + OnBootSec = "5min"; + OnUnitActiveSec = "5min"; + Unit = "avahiRestart.service"; + }; + }; + + systemd.services.avahiRestart = { + description = "Restart avahi-daemon service"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl restart avahi-daemon.service"; + }; }; }; } diff --git a/hosts/pianonix/hardware-configuration.nix b/hosts/pianonix/hardware-configuration.nix index d106d57..b5c84ec 100644 --- a/hosts/pianonix/hardware-configuration.nix +++ b/hosts/pianonix/hardware-configuration.nix @@ -1,41 +1,40 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + flake.nixosModules.hosts.pianonix = { + config, + lib, + pkgs, + modulesPath, + ... + }: { + imports = [(modulesPath + "/installer/scan/not-detected.nix")]; - boot.initrd.availableKernelModules = ["xhci_pci"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; - boot.blacklistedKernelModules = ["snd_bcm2835"]; # Disables sound, required for ws281x to work - # boot.supportedFilesystems = lib.mkForce [ - # # remove zfs, since its incompatible with latest kernel - # "vfat" - # "ext4" - # ]; + boot.initrd.availableKernelModules = ["xhci_pci"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; + boot.blacklistedKernelModules = ["snd_bcm2835"]; # Disables sound, required for ws281x to work + # boot.supportedFilesystems = lib.mkForce [ + # # remove zfs, since its incompatible with latest kernel + # "vfat" + # "ext4" + # ]; - fileSystems."/" = { - device = "/dev/disk/by-label/NIXOS_SD"; - fsType = "ext4"; + fileSystems."/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.end0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; }; - - swapDevices = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.end0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; } diff --git a/pkgs/acer-battery-health-mode/default.nix b/packages/acer-battery-health-mode/default.nix similarity index 100% rename from pkgs/acer-battery-health-mode/default.nix rename to packages/acer-battery-health-mode/default.nix diff --git a/pkgs/conda-direnv/default.nix b/packages/conda-direnv/default.nix similarity index 100% rename from pkgs/conda-direnv/default.nix rename to packages/conda-direnv/default.nix diff --git a/pkgs/default.nix b/packages/default.nix similarity index 100% rename from pkgs/default.nix rename to packages/default.nix diff --git a/pkgs/deploy-to-pianopi/default.nix b/packages/deploy-to-pianopi/default.nix similarity index 100% rename from pkgs/deploy-to-pianopi/default.nix rename to packages/deploy-to-pianopi/default.nix diff --git a/pkgs/edit-config/default.nix b/packages/edit-config/default.nix similarity index 100% rename from pkgs/edit-config/default.nix rename to packages/edit-config/default.nix diff --git a/pkgs/hyprshot-gui/default.nix b/packages/hyprshot-gui/default.nix similarity index 100% rename from pkgs/hyprshot-gui/default.nix rename to packages/hyprshot-gui/default.nix diff --git a/pkgs/install/default.nix b/packages/install/default.nix similarity index 100% rename from pkgs/install/default.nix rename to packages/install/default.nix diff --git a/pkgs/lntocp/default.nix b/packages/lntocp/default.nix similarity index 100% rename from pkgs/lntocp/default.nix rename to packages/lntocp/default.nix diff --git a/pkgs/open-messaging/default.nix b/packages/open-messaging/default.nix similarity index 100% rename from pkgs/open-messaging/default.nix rename to packages/open-messaging/default.nix diff --git a/pkgs/piano-led-visualizer/default.nix b/packages/piano-led-visualizer/default.nix similarity index 100% rename from pkgs/piano-led-visualizer/default.nix rename to packages/piano-led-visualizer/default.nix diff --git a/pkgs/piano-led-visualizer/fix-log-dir.patch b/packages/piano-led-visualizer/fix-log-dir.patch similarity index 100% rename from pkgs/piano-led-visualizer/fix-log-dir.patch rename to packages/piano-led-visualizer/fix-log-dir.patch diff --git a/pkgs/piano-led-visualizer/setup.py b/packages/piano-led-visualizer/setup.py similarity index 100% rename from pkgs/piano-led-visualizer/setup.py rename to packages/piano-led-visualizer/setup.py diff --git a/pkgs/pob2-frajul/default.nix b/packages/pob2-frajul/default.nix similarity index 100% rename from pkgs/pob2-frajul/default.nix rename to packages/pob2-frajul/default.nix diff --git a/pkgs/pob2/default.nix b/packages/pob2/default.nix similarity index 100% rename from pkgs/pob2/default.nix rename to packages/pob2/default.nix diff --git a/pkgs/pulseaudio-popup/default.nix b/packages/pulseaudio-popup/default.nix similarity index 100% rename from pkgs/pulseaudio-popup/default.nix rename to packages/pulseaudio-popup/default.nix diff --git a/pkgs/rpi-ws281x-python/default.nix b/packages/rpi-ws281x-python/default.nix similarity index 100% rename from pkgs/rpi-ws281x-python/default.nix rename to packages/rpi-ws281x-python/default.nix diff --git a/pkgs/rtklib/default.nix b/packages/rtklib/default.nix similarity index 100% rename from pkgs/rtklib/default.nix rename to packages/rtklib/default.nix diff --git a/pkgs/sos/default.nix b/packages/sos/default.nix similarity index 100% rename from pkgs/sos/default.nix rename to packages/sos/default.nix diff --git a/pkgs/typst-languagetool/default.nix b/packages/typst-languagetool/default.nix similarity index 100% rename from pkgs/typst-languagetool/default.nix rename to packages/typst-languagetool/default.nix diff --git a/pkgs/wl-ocr/default.nix b/packages/wl-ocr/default.nix similarity index 100% rename from pkgs/wl-ocr/default.nix rename to packages/wl-ocr/default.nix diff --git a/pkgs/xwacomcalibrate/default.nix b/packages/xwacomcalibrate/default.nix similarity index 100% rename from pkgs/xwacomcalibrate/default.nix rename to packages/xwacomcalibrate/default.nix diff --git a/pkgs/xwacomcalibrate/xwacomcalibrate.sh b/packages/xwacomcalibrate/xwacomcalibrate.sh similarity index 100% rename from pkgs/xwacomcalibrate/xwacomcalibrate.sh rename to packages/xwacomcalibrate/xwacomcalibrate.sh