Compare commits
100 Commits
12466b4426
...
flake-upda
| Author | SHA1 | Date | |
|---|---|---|---|
|
a9d601e574 | ||
|
|
7dca7c15ff | ||
|
|
e53144fb5d | ||
|
|
8416942602 | ||
|
|
0c83332bd6 | ||
|
|
d03d05242c | ||
|
|
79d4a2ba40 | ||
|
|
74dc373016 | ||
|
|
35ddbd4da4 | ||
|
|
683eec8608 | ||
|
|
d87b25d05d | ||
|
|
545ee874d6 | ||
|
|
3536264b14 | ||
|
|
6a568ae565 | ||
|
|
15e284bf9e | ||
|
|
98c4806b4b | ||
|
|
f9d1edfbf9 | ||
|
|
7272df733f | ||
|
|
35979ddc96 | ||
|
|
f864679da6 | ||
|
|
87a7910dfc | ||
|
|
22903c92cf | ||
|
|
03efc68a7f | ||
|
|
98a91544f4 | ||
|
|
32eda11d42 | ||
|
|
7989c032ab | ||
|
|
4746f44a15 | ||
|
|
9f8668d646 | ||
|
|
4ddf3c4522 | ||
|
|
40f10a98b4 | ||
|
|
3fb91bfff8 | ||
|
|
91538ed268 | ||
|
|
58285beed1 | ||
|
|
a999b8bb78 | ||
|
|
c331f6b776 | ||
|
|
536906d529 | ||
|
|
3548df93a6 | ||
| fec13e08b9 | |||
| a540ca622d | |||
| 7fb0bcdac0 | |||
| b7726fce94 | |||
| 30c987bd9b | |||
| 539e9a0b8e | |||
| 1e4593ea17 | |||
| ec8a71de95 | |||
| 0c39388b21 | |||
| ebb043b589 | |||
| fcfc9f6450 | |||
| fe3cd057cd | |||
| b9cdb9299e | |||
| 8b6ba76848 | |||
| 2e79bd9e00 | |||
| cfdc9f7001 | |||
| a12b50edfa | |||
| 194d4bcec0 | |||
| 5badb000be | |||
| 08b3f2c194 | |||
| 5f9a110464 | |||
| bcd041484d | |||
| fd3b9f20f0 | |||
| bc160af26a | |||
| a34abd0f05 | |||
| 2fd1f5ee53 | |||
| 88547dc82c | |||
| ccf38c2da2 | |||
| b1107ae904 | |||
| 48f53b3884 | |||
| 9bcca96597 | |||
| 78e219a6cb | |||
| 8b958d6a56 | |||
| 1a1aa20690 | |||
| 54952923f3 | |||
| ca20fa6c35 | |||
| c1b2b51d13 | |||
| 28f78bb67e | |||
| 114647aa96 | |||
| 64ae389f27 | |||
| fd39dbfcd4 | |||
| b13cca7173 | |||
| 7807091b83 | |||
| d3026afb97 | |||
| 152daf1230 | |||
| ffda398f8d | |||
| 3e179960de | |||
| 93e655ed27 | |||
| 710c1dedb8 | |||
| 28ec5c73d4 | |||
| fc7285bd5c | |||
| 11ee156b29 | |||
| 2dba549787 | |||
| d28c7d870c | |||
| 8bf17e74ef | |||
| 08cf457aa3 | |||
| 448002ebf4 | |||
| 9735d3f0c0 | |||
| 8f1b0ade4d | |||
| db05024dc6 | |||
| 21053dac8c | |||
| 1ab0bf54fa | |||
| 5070d4dbfc |
@@ -1,7 +1,7 @@
|
||||
keys:
|
||||
- &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
|
||||
- &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
|
||||
- &pianonix-ssh age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
|
||||
- &pianonix-ssh age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
|
||||
- &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
|
||||
- &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
|
||||
|
||||
@@ -20,7 +20,7 @@ creation_rules:
|
||||
- *primary
|
||||
- *builder-ssh
|
||||
|
||||
- path_regex: hosts/pianonix/secrets.yaml$
|
||||
- path_regex: hosts/pianonix/secrets*
|
||||
key_groups:
|
||||
- age:
|
||||
- *primary
|
||||
|
||||
@@ -24,7 +24,7 @@ sops edit secrets/secrets.yaml
|
||||
** Authorize new device
|
||||
- Generate public key from ssh -> Private age key generation not needed
|
||||
#+begin_src sh
|
||||
ssh-to-age < /etc/ssh/ssh_host_ed25519_key
|
||||
ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
|
||||
#+end_src
|
||||
- Add age public key to file:.sops.yaml
|
||||
- Update keys
|
||||
|
||||
811
flake.lock
generated
811
flake.lock
generated
File diff suppressed because it is too large
Load Diff
25
flake.nix
25
flake.nix
@@ -2,16 +2,21 @@
|
||||
description = "Home Manager configuration of julian";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
|
||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
|
||||
systems.url = "github:nix-systems/default-linux";
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
nix-colors.url = "github:misterio77/nix-colors";
|
||||
deploy-rs.url = "github:serokell/deploy-rs";
|
||||
|
||||
nixos-generators = {
|
||||
url = "github:nix-community/nixos-generators";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager";
|
||||
url = "github:nix-community/home-manager/release-25.11";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
sops-nix = {
|
||||
@@ -33,7 +38,7 @@
|
||||
flake = false;
|
||||
};
|
||||
nixvim = {
|
||||
url = "github:nix-community/nixvim";
|
||||
url = "github:nix-community/nixvim/nixos-25.11";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nix-matlab = {
|
||||
@@ -84,7 +89,7 @@
|
||||
|
||||
packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
|
||||
devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
|
||||
formatter = forEachSystem (pkgs: pkgs.alejandra);
|
||||
formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt *
|
||||
|
||||
nixosConfigurations = {
|
||||
# Main laptop
|
||||
@@ -183,5 +188,15 @@
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# substitutes: nixos-generate --flake .#pianonix -f sd-aarch64 --system aarch64-linux
|
||||
pianonix-image = inputs.nixos-generators.nixosGenerate {
|
||||
system = "aarch64-linux";
|
||||
format = "sd-aarch64";
|
||||
modules = [./hosts/pianonix];
|
||||
specialArgs = {
|
||||
inherit inputs outputs;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -11,6 +11,8 @@
|
||||
./features/alacritty
|
||||
./features/yazi
|
||||
./features/emacs
|
||||
./features/tmux
|
||||
./features/qt-distrobox
|
||||
|
||||
./features/hyprland
|
||||
|
||||
|
||||
@@ -52,6 +52,14 @@ in {
|
||||
shfmt
|
||||
pyright
|
||||
clang-tools # c++ lsp etc
|
||||
ccls # alternative c++ lsp
|
||||
cmake
|
||||
bear
|
||||
cmake-language-server
|
||||
|
||||
# qt6.full # qt tools and libs including lsp
|
||||
tinymist # typst lsp
|
||||
|
||||
ltex-ls # latex languagetool
|
||||
|
||||
graphviz
|
||||
|
||||
@@ -47,6 +47,10 @@ with lib; {
|
||||
end
|
||||
nix shell $args
|
||||
'';
|
||||
fish_user_key_bindings = ''
|
||||
bind ctrl-space 'zi; commandline -f repaint'
|
||||
bind -M insert ctrl-space 'zi; commandline -f repaint'
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ with lib; {
|
||||
dejavu_fonts
|
||||
noto-fonts
|
||||
noto-fonts-cjk-sans
|
||||
noto-fonts-emoji
|
||||
noto-fonts-color-emoji
|
||||
liberation_ttf
|
||||
fira-code
|
||||
fira-code-symbols
|
||||
|
||||
@@ -24,7 +24,7 @@ in {
|
||||
./zathura.nix
|
||||
./waypipe.nix
|
||||
|
||||
./hyprbars.nix
|
||||
# ./hyprbars.nix
|
||||
];
|
||||
|
||||
xdg.portal = {
|
||||
@@ -228,6 +228,10 @@ in {
|
||||
vfr = true; # power saving
|
||||
};
|
||||
|
||||
cursor = {
|
||||
no_hardware_cursors = 1; # disable hardware cursors to fix tearing on kardorf
|
||||
};
|
||||
|
||||
render = {
|
||||
# we do, in fact, want direct scanout
|
||||
direct_scanout = true;
|
||||
@@ -244,7 +248,9 @@ in {
|
||||
windowrulev2 = [
|
||||
"suppressevent maximize, class:.*"
|
||||
"workspace 1, class:firefox"
|
||||
"workspace 8, class:Zotero"
|
||||
"workspace 9, class:nheko"
|
||||
"workspace 9, class:discord"
|
||||
"workspace 9, class:org.telegram.desktop"
|
||||
"workspace 10, class:thunderbird"
|
||||
"float, class:qalculate-gtk"
|
||||
|
||||
@@ -3,8 +3,9 @@
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
imports = [inputs.nixvim.homeManagerModules.nixvim];
|
||||
}:
|
||||
{
|
||||
imports = [ inputs.nixvim.homeModules.nixvim ];
|
||||
|
||||
home.sessionVariables = {
|
||||
EDITOR = "nvim";
|
||||
@@ -36,6 +37,8 @@
|
||||
opts = {
|
||||
number = false;
|
||||
relativenumber = false;
|
||||
ignorecase = true;
|
||||
smartcase = true;
|
||||
};
|
||||
clipboard.register = "unnamedplus"; # Use system clipboard
|
||||
|
||||
@@ -49,7 +52,7 @@
|
||||
key = "<leader><space>";
|
||||
}
|
||||
{
|
||||
action = "<cmd>Telescope file_browser<cr>";
|
||||
action = "<cmd>Telescope file_browser path=%:p:h<cr>";
|
||||
key = "<leader>.";
|
||||
}
|
||||
{
|
||||
@@ -76,6 +79,7 @@
|
||||
neogit.enable = true; # like magit
|
||||
trouble.enable = true;
|
||||
web-devicons.enable = true;
|
||||
orgmode.enable = true; # org-mode support
|
||||
|
||||
# Shows file trees
|
||||
oil = {
|
||||
@@ -89,9 +93,9 @@
|
||||
conform-nvim = {
|
||||
enable = true;
|
||||
settings.formatters_by_ft = with pkgs; {
|
||||
lua = ["stylua"];
|
||||
python = ["black"];
|
||||
nix = ["nixfmt"];
|
||||
lua = [ "stylua" ];
|
||||
python = [ "black" ];
|
||||
nix = [ "nixfmt" ];
|
||||
};
|
||||
# extraOptions = {
|
||||
# default_format_opts.lsp_format = "fallback";
|
||||
@@ -103,9 +107,9 @@
|
||||
enable = true;
|
||||
autoEnableSources = true;
|
||||
settings.sources = [
|
||||
{name = "nvim_lsp";}
|
||||
{name = "path";}
|
||||
{name = "buffer";}
|
||||
{ name = "nvim_lsp"; }
|
||||
{ name = "path"; }
|
||||
{ name = "buffer"; }
|
||||
];
|
||||
settings.mapping = {
|
||||
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
|
||||
@@ -140,18 +144,21 @@
|
||||
};
|
||||
|
||||
lsp = {
|
||||
enable = true;
|
||||
enable = true; # includes lsp-config, default settings for the lsps
|
||||
servers = {
|
||||
rust_analyzer = {
|
||||
enable = true;
|
||||
installCargo = true;
|
||||
installRustc = true;
|
||||
};
|
||||
nixd.enable = true;
|
||||
pyright.enable = true;
|
||||
dockerls.enable = true;
|
||||
lua_ls.enable = true;
|
||||
clangd.enable = true;
|
||||
nixd.enable = true; # nix
|
||||
pyright.enable = true; # python
|
||||
dockerls.enable = true; # docker
|
||||
lua_ls.enable = true; # lua
|
||||
clangd.enable = true; # c, c++
|
||||
dartls.enable = true; # dart, flutter
|
||||
digestif.enable = true; # latex
|
||||
tinymist.enable = true; # typst
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
22
homes/julian/features/qt-distrobox/default.nix
Normal file
22
homes/julian/features/qt-distrobox/default.nix
Normal file
@@ -0,0 +1,22 @@
|
||||
{
|
||||
programs.distrobox = {
|
||||
enable = true;
|
||||
containers."qt-distrobox" = {
|
||||
image = "debian:12.2";
|
||||
exported_apps = "qtcreator";
|
||||
enableSystemdUnit = false; # fails in creating and does not recreate. Do distrobox-assemble create --replace --file ~/.config/distrobox/containers.ini instead
|
||||
additional_packages = [
|
||||
"qtcreator"
|
||||
"qt6-base-dev"
|
||||
"qt6-wayland"
|
||||
"qt6-tools-dev-tools"
|
||||
"qt6-tools-dev"
|
||||
"qt6-serialbus-dev"
|
||||
"qt6-websockets-dev"
|
||||
"libgl1-mesa-dev"
|
||||
"build-essential"
|
||||
"cmake"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,7 +1,7 @@
|
||||
{pkgs, ...}: {
|
||||
home.packages = with pkgs; [
|
||||
bat
|
||||
du-dust # Like du tree but better
|
||||
dust # Like du tree but better
|
||||
fd # better find
|
||||
fdupes # find and delete duplicate files
|
||||
ffmpeg
|
||||
@@ -24,7 +24,7 @@
|
||||
p7zip # unzip 7zip archives
|
||||
parted
|
||||
pciutils # lspci
|
||||
poppler_utils # Pdf utils including pdfimages
|
||||
poppler-utils # Pdf utils including pdfimages
|
||||
libqalculate # Nice tui calculator (qalc)
|
||||
ripgrep # better grep
|
||||
rnr # renaming tool
|
||||
@@ -40,6 +40,7 @@
|
||||
wireguard-tools # wg-quick
|
||||
xorg.xkill
|
||||
zip
|
||||
dig
|
||||
|
||||
## My scripts
|
||||
frajul.edit-config
|
||||
|
||||
@@ -22,15 +22,17 @@
|
||||
calibre # ebook manager and viewer
|
||||
# digikam
|
||||
discord
|
||||
discord-ptb # in case discord updates take their time
|
||||
# dvdisaster
|
||||
# element-desktop
|
||||
# rocketchat-desktop
|
||||
thunderbird
|
||||
tdesktop # telegram
|
||||
telegram-desktop # telegram
|
||||
# schildichat-desktop # not updated regularly
|
||||
nheko
|
||||
evince # Simple pdf reader, good for focusing on document content
|
||||
firefox
|
||||
vivaldi
|
||||
# geogebra
|
||||
cheese
|
||||
handbrake
|
||||
@@ -46,10 +48,10 @@
|
||||
qpdfview
|
||||
# qutebrowser
|
||||
# realvnc-vnc-viewer
|
||||
rpi-imager # make isos
|
||||
# rpi-imager # make isos
|
||||
# rustdesk
|
||||
tor-browser
|
||||
unstable.path-of-building # Path of Building
|
||||
rusty-path-of-building # Path of Building for poe1 and poe2
|
||||
# frajul.pob-dev-version # Path of Building
|
||||
vlc
|
||||
wineWowPackages.stable # 32-bit and 64-bit wine
|
||||
@@ -61,8 +63,12 @@
|
||||
zotero # Manage papers and other sources
|
||||
pdfpc # Present slides in pdf form
|
||||
|
||||
networkmanager-openvpn
|
||||
keepassxc
|
||||
|
||||
## My scripts
|
||||
frajul.open-messaging
|
||||
frajul.xwacomcalibrate
|
||||
frajul.pob2-frajul
|
||||
];
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
clippy
|
||||
cntr # nix debugger
|
||||
conda
|
||||
micromamba # a better, faster conda
|
||||
# micromamba # a better, faster conda
|
||||
devcontainer # development container
|
||||
devenv # devbox alternative
|
||||
dbeaver-bin
|
||||
@@ -21,20 +21,21 @@
|
||||
unstable.zed-editor
|
||||
jdk
|
||||
julia-bin
|
||||
(texlive.combine {
|
||||
# for rendering latex in inkscape
|
||||
inherit
|
||||
(texlive)
|
||||
scheme-medium
|
||||
standalone
|
||||
amsmath
|
||||
preview
|
||||
# needed for org mode export
|
||||
wrapfig
|
||||
capt-of
|
||||
biblatex
|
||||
;
|
||||
})
|
||||
# (texlive.combine {
|
||||
# # for rendering latex in inkscape
|
||||
# inherit
|
||||
# (texlive)
|
||||
# scheme-medium
|
||||
# standalone
|
||||
# amsmath
|
||||
# preview
|
||||
# # needed for org mode export
|
||||
# wrapfig
|
||||
# capt-of
|
||||
# biblatex
|
||||
# ;
|
||||
# })
|
||||
vagrant
|
||||
matlab # Using nix-matlab overlay defined in flake
|
||||
maven
|
||||
nodejs
|
||||
|
||||
10
homes/julian/features/tmux/default.nix
Normal file
10
homes/julian/features/tmux/default.nix
Normal file
@@ -0,0 +1,10 @@
|
||||
{
|
||||
programs.tmux = {
|
||||
enable = true;
|
||||
clock24 = true;
|
||||
keyMode = "vi";
|
||||
customPaneNavigationAndResize = true; # use hjkl
|
||||
mouse = true;
|
||||
prefix = "C-Space"; # use instead of C-b
|
||||
};
|
||||
}
|
||||
@@ -9,8 +9,8 @@
|
||||
home.packages = with pkgs; [
|
||||
exiftool
|
||||
unar # extract archives
|
||||
xdragon # dragndrop
|
||||
poppler_utils # pdf preview
|
||||
dragon-drop # dragndrop
|
||||
poppler-utils # pdf preview
|
||||
fd
|
||||
ripgrep
|
||||
fzf
|
||||
|
||||
@@ -19,12 +19,13 @@
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cache.nixos.org/"
|
||||
"https://hyprland.cachix.org"
|
||||
"http://binarycache.julian-mutter.de"
|
||||
"https://devenv.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||
"binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
|
||||
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
||||
];
|
||||
|
||||
trusted-users = [
|
||||
|
||||
@@ -8,11 +8,14 @@
|
||||
./features/neovim
|
||||
./features/ghostty
|
||||
./features/wezterm
|
||||
./features/alacritty
|
||||
./features/yazi
|
||||
./features/emacs
|
||||
|
||||
# ./features/hyprland
|
||||
./features/i3
|
||||
./features/tmux
|
||||
./features/qt-distrobox
|
||||
./features/hyprland
|
||||
# ./features/i3
|
||||
|
||||
./features/suites/cli
|
||||
./features/suites/desktop
|
||||
@@ -21,7 +24,7 @@
|
||||
|
||||
hostName = "kardorf";
|
||||
is-nixos = true;
|
||||
terminal = "ghostty";
|
||||
terminal = "alacritty";
|
||||
|
||||
# --------- ---------
|
||||
# | DVI-D-1 | | DVI-D-2 |
|
||||
|
||||
@@ -14,8 +14,8 @@
|
||||
is-nixos = true;
|
||||
terminal = "wezterm";
|
||||
|
||||
services.syncthing.tray.enable = true;
|
||||
services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
|
||||
# services.syncthing.tray.enable = true;
|
||||
# services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
|
||||
|
||||
home.packages = with pkgs; [
|
||||
music-reader
|
||||
@@ -27,9 +27,34 @@
|
||||
onboard
|
||||
];
|
||||
|
||||
programs.firefox = {
|
||||
enable = true;
|
||||
|
||||
profiles.default = {
|
||||
isDefault = true;
|
||||
|
||||
settings = {
|
||||
"browser.startup.homepage" = "https://sheets.julian-mutter.de";
|
||||
"browser.startup.page" = 1; # 0=blank, 1=home page, 3=restore previous session
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
programs.chromium = {
|
||||
enable = true;
|
||||
|
||||
# commandLineArgs = [
|
||||
# "--homepage=https://sheets.julian-mutter.de"
|
||||
# "--no-first-run"
|
||||
# ];
|
||||
};
|
||||
|
||||
# Autostart link
|
||||
home.file = {
|
||||
".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
|
||||
# ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
|
||||
".config/autostart/firefox.desktop".source = "${pkgs.firefox}/share/applications/firefox.desktop";
|
||||
".config/autostart/onboard.desktop".source = "${pkgs.onboard}/share/applications/onboard.desktop";
|
||||
# ".config/autostart/chromium.desktop".source = "${pkgs.chromium}/share/applications/chromium.desktop";
|
||||
".config/sheet-organizer/config.toml".text = ''
|
||||
working_directory = "/home/julian/Klavier"
|
||||
'';
|
||||
|
||||
@@ -13,6 +13,7 @@
|
||||
../features/yazi
|
||||
../features/emacs
|
||||
../features/nix-helper
|
||||
../features/qt-distrobox
|
||||
];
|
||||
|
||||
hostName = "aspi";
|
||||
|
||||
@@ -5,7 +5,7 @@ with pkgs; [
|
||||
dejavu_fonts
|
||||
noto-fonts
|
||||
noto-fonts-cjk-sans
|
||||
noto-fonts-emoji
|
||||
noto-fonts-color-emoji
|
||||
liberation_ttf
|
||||
fira-code
|
||||
fira-code-symbols
|
||||
|
||||
@@ -31,7 +31,7 @@ with pkgs; [
|
||||
ffmpeg
|
||||
julia-bin
|
||||
|
||||
poppler_utils # Pdf utils including pdfimages
|
||||
poppler-utils # Pdf utils including pdfimages
|
||||
sage
|
||||
|
||||
pkg-config # Often needed to build something
|
||||
|
||||
@@ -4,6 +4,8 @@
|
||||
|
||||
../common/global
|
||||
../common/users/julian
|
||||
../common/users/yukari
|
||||
../common/users/pob
|
||||
../common/optional/binarycaches.nix
|
||||
|
||||
../common/optional/remote-builder.nix
|
||||
@@ -27,6 +29,8 @@
|
||||
networking.hostName = "aspi";
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
# networking.firewall.checkReversePath = false; # Makes wg interface with all ips work
|
||||
|
||||
modules = {
|
||||
syncthing = {
|
||||
enable = true;
|
||||
@@ -38,14 +42,17 @@
|
||||
};
|
||||
};
|
||||
|
||||
programs.hyprland.enable = true;
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
|
||||
services.blueman.enable = true;
|
||||
services.upower.enable = true;
|
||||
|
||||
programs.steam.enable = true;
|
||||
|
||||
# TODO: not working
|
||||
services.logind.lidSwitch = "lock";
|
||||
services.logind.lidSwitchDocked = "lock";
|
||||
# services.logind.lidSwitch = "lock";
|
||||
# services.logind.lidSwitchDocked = "lock";
|
||||
|
||||
programs.kdeconnect.enable = true;
|
||||
|
||||
|
||||
@@ -1,16 +1,32 @@
|
||||
# sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118
|
||||
# or
|
||||
# deploy .#builder
|
||||
{config, ...}: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
../common/global
|
||||
../common/global/fish.nix # fish for admin
|
||||
../common/global/locale.nix
|
||||
../common/global/nix.nix
|
||||
../common/global/sops.nix
|
||||
../common/global/root.nix
|
||||
];
|
||||
|
||||
networking.hostName = "builder";
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
networking.nameservers = [
|
||||
"192.168.3.252"
|
||||
"172.30.20.10"
|
||||
"1.1.1.1"
|
||||
];
|
||||
|
||||
users.mutableUsers = false;
|
||||
users.users.nix = {
|
||||
isNormalUser = true;
|
||||
description = "Nix";
|
||||
@@ -32,25 +48,31 @@
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cache.nixos.org/"
|
||||
"https://hyprland.cachix.org"
|
||||
"https://devenv.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
||||
];
|
||||
|
||||
trusted-users = ["nix"];
|
||||
max-jobs = "auto";
|
||||
cores = 0;
|
||||
|
||||
# Ensure we can still build when missing-server is not accessible
|
||||
fallback = true;
|
||||
};
|
||||
|
||||
system.autoUpgrade = {
|
||||
enable = true;
|
||||
flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles";
|
||||
flags = [
|
||||
"--recreate-lock-file" # update lock file
|
||||
];
|
||||
dates = "02:13";
|
||||
};
|
||||
# system.autoUpgrade = {
|
||||
# enable = true;
|
||||
# flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles";
|
||||
# flags = [
|
||||
# "--recreate-lock-file" # update lock file
|
||||
# ];
|
||||
# dates = "02:13";
|
||||
# };
|
||||
|
||||
# optimize store by hardlinking store files
|
||||
nix.optimise.automatic = true;
|
||||
@@ -97,9 +119,28 @@
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
# require public key authentication for better security
|
||||
settings.PasswordAuthentication = true;
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
settings.PermitRootLogin = "yes";
|
||||
# Add older algorithms for jenkins ssh-agents-plugin to be compatible
|
||||
settings.Macs = [
|
||||
"hmac-sha2-512-etm@openssh.com"
|
||||
"hmac-sha2-256-etm@openssh.com"
|
||||
"umac-128-etm@openssh.com"
|
||||
"hmac-sha2-512"
|
||||
"hmac-sha2-256"
|
||||
"umac-128@openssh.com"
|
||||
];
|
||||
settings.KexAlgorithms = [
|
||||
"diffie-hellman-group-exchange-sha1"
|
||||
"diffie-hellman-group14-sha1"
|
||||
"mlkem768x25519-sha256"
|
||||
"sntrup761x25519-sha512"
|
||||
"sntrup761x25519-sha512@openssh.com"
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
"diffie-hellman-group-exchange-sha256"
|
||||
];
|
||||
};
|
||||
users.users."root".openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
|
||||
@@ -197,7 +238,16 @@
|
||||
url = "https://gitlab.julian-mutter.de";
|
||||
name = "builder";
|
||||
tokenFile = config.sops.secrets."gitea_token".path;
|
||||
labels = []; # use default labels
|
||||
labels = [
|
||||
# provide a debian base with nodejs for actions
|
||||
"debian-latest:docker://node:18-bullseye"
|
||||
# fake the ubuntu name, because node provides no ubuntu builds
|
||||
"ubuntu-latest:docker://node:18-bullseye"
|
||||
# devenv
|
||||
"devenv:docker://ghcr.io/cachix/devenv/devenv:latest"
|
||||
# provide native execution on the host
|
||||
"nixos:host"
|
||||
];
|
||||
};
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
@@ -268,4 +318,28 @@
|
||||
"/var/run/docker.sock:/var/run/docker.sock"
|
||||
];
|
||||
};
|
||||
|
||||
### Jenkins node
|
||||
users.users.jenkins = {
|
||||
createHome = true;
|
||||
home = "/var/lib/jenkins";
|
||||
group = "jenkins";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ36sQhVz3kUEi8754G7r3rboihhG4iqFK/UvQm6SING jenkins@home"
|
||||
];
|
||||
packages = with pkgs; [
|
||||
git
|
||||
devenv
|
||||
];
|
||||
extraGroups = [
|
||||
"docker"
|
||||
];
|
||||
};
|
||||
|
||||
users.groups.jenkins = {};
|
||||
programs.java = {
|
||||
enable = true;
|
||||
package = pkgs.jdk21; # Same as jenkins version on home
|
||||
};
|
||||
}
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -3,6 +3,7 @@
|
||||
inputs,
|
||||
outputs,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
imports =
|
||||
@@ -30,11 +31,19 @@
|
||||
];
|
||||
};
|
||||
services.resolved.enable = true;
|
||||
# MDNS Taken by avahi
|
||||
services.resolved.extraConfig = ''
|
||||
MulticastDNS=false
|
||||
'';
|
||||
|
||||
programs.dconf.enable = true;
|
||||
networking.nameservers = lib.mkDefault [
|
||||
"1.1.1.1"
|
||||
"8.8.8.8"
|
||||
];
|
||||
|
||||
# HM
|
||||
home-manager.useGlobalPkgs = true;
|
||||
# HM module
|
||||
home-manager.useGlobalPkgs = true; # hm module uses the pkgs of the nixos config
|
||||
home-manager.backupFileExtension = "hm-backup"; # backup conflicting files. So hm activation never fails
|
||||
home-manager.extraSpecialArgs = {
|
||||
inherit inputs outputs;
|
||||
};
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
lib,
|
||||
outputs,
|
||||
...
|
||||
}: {
|
||||
}:
|
||||
{
|
||||
# Apply overlays
|
||||
nixpkgs = {
|
||||
# TODO: apply this to hm and nixos without duplicate code
|
||||
@@ -18,7 +19,9 @@
|
||||
};
|
||||
};
|
||||
|
||||
nix.settings.auto-optimise-store = lib.mkDefault true;
|
||||
# optimize at every build, slows down builds
|
||||
# better to do optimise.automatic for regular optimising
|
||||
# nix.settings.auto-optimise-store = lib.mkDefault true;
|
||||
nix.settings.experimental-features = [
|
||||
"nix-command"
|
||||
"flakes"
|
||||
@@ -29,8 +32,11 @@
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
# Keep the last 3 generations
|
||||
options = "--delete-older-than +3";
|
||||
options = "--delete-older-than 30d";
|
||||
};
|
||||
nix.optimise = {
|
||||
automatic = true;
|
||||
dates = [ "weekly" ]; # Optional; allows customizing optimisation schedule
|
||||
};
|
||||
|
||||
programs.nix-ld.enable = true;
|
||||
|
||||
@@ -13,7 +13,7 @@ in {
|
||||
sshKeyPaths = map getKeyPath keys;
|
||||
|
||||
# TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
|
||||
keyFile = "/home/julian/.config/sops/age/keys.txt";
|
||||
# keyFile = "/home/julian/.config/sops/age/keys.txt";
|
||||
# Generate key if none of the above worked. With this, building will still work, just without secrets
|
||||
generateKey = false; # TODO: building should not work without secrets!?
|
||||
};
|
||||
|
||||
@@ -3,7 +3,10 @@
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns4 = true;
|
||||
nssmdns6 = true;
|
||||
publish.enable = true;
|
||||
publish.addresses = true;
|
||||
ipv4 = true;
|
||||
ipv6 = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -10,11 +10,14 @@
|
||||
"https://cache.nixos.org/"
|
||||
"https://hyprland.cachix.org"
|
||||
"http://binarycache.julian-mutter.de"
|
||||
"https://devenv.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||
"binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
||||
];
|
||||
|
||||
trusted-users = [
|
||||
|
||||
@@ -1,26 +1,9 @@
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
{config, ...}: let
|
||||
homeCfgs = config.home-manager.users;
|
||||
homeSharePaths = lib.mapAttrsToList (_: v: "${v.home.path}/share") homeCfgs;
|
||||
vars = ''XDG_DATA_DIRS="$XDG_DATA_DIRS:${lib.concatStringsSep ":" homeSharePaths}" GTK_USE_PORTAL=0'';
|
||||
|
||||
julianCfg = homeCfgs.julian;
|
||||
|
||||
sway-kiosk = command: "${lib.getExe pkgs.sway} --unsupported-gpu --config ${pkgs.writeText "kiosk.config" ''
|
||||
output * bg #000000 solid_color
|
||||
xwayland disable
|
||||
input "type:touchpad" {
|
||||
tap enabled
|
||||
}
|
||||
exec '${vars} ${command}; ${pkgs.sway}/bin/swaymsg exit'
|
||||
''}";
|
||||
in {
|
||||
users.extraUsers.greeter = {
|
||||
# For caching and such
|
||||
# For caching
|
||||
home = "/tmp/greeter-home";
|
||||
createHome = true;
|
||||
};
|
||||
@@ -33,13 +16,22 @@ in {
|
||||
cursorTheme = {
|
||||
inherit (julianCfg.gtk.cursorTheme) name package;
|
||||
};
|
||||
cageArgs = [
|
||||
"-s"
|
||||
"-m"
|
||||
"last"
|
||||
]; # multimonitor use last monitor
|
||||
# settings.background = {
|
||||
# path = julianCfg.wallpaper;
|
||||
# fit = "Cover";
|
||||
# }; # TODO: fix
|
||||
};
|
||||
services.greetd = {
|
||||
enable = true;
|
||||
settings.default_session.command = sway-kiosk (lib.getExe config.programs.regreet.package);
|
||||
|
||||
# TODO: setting keyboard language does not work
|
||||
# settings = {
|
||||
# env = {
|
||||
# XKB_DEFAULT_LAYOUT = "de";
|
||||
# # XKB_DEFAULT_VARIANT = "altgr-intl";
|
||||
# };
|
||||
# };
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{pkgs, ...}: {
|
||||
environment.systemPackages = with pkgs; [
|
||||
shared-mime-info # extended mimetype support
|
||||
lxde.lxmenu-data # open with "Installed Applications"
|
||||
lxmenu-data # open with "Installed Applications"
|
||||
pcmanfm
|
||||
];
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
services.pulseaudio.enable = false;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
wireplumber.enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
@@ -14,6 +15,14 @@
|
||||
"module.x11.bell" = false;
|
||||
};
|
||||
};
|
||||
"10-increase-buffer" = {
|
||||
"context.properties" = {
|
||||
"default.clock.rate" = 48000;
|
||||
"default.clock.quantum" = 1024;
|
||||
"default.clock.min-quantum" = 1024;
|
||||
"default.clock.max-quantum" = 2048;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -14,38 +14,38 @@ sops:
|
||||
- recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxV2IzcEZ6eGYxbXAvaEta
|
||||
c3RLbmZubnVEL1EwSlNNY3ZNbkVSUXN5ZDBZClRTYWwzbHhDK1VsMzVVL0VMVzZF
|
||||
SEQ0ZHVMdytrY0xXUEppQkpNZEZ3VFkKLS0tIG95ZkJLWTZBWWpIOEQ4bHpBNWEx
|
||||
QXVpMTNSNzU1dTBPYjlsc1BvNHZ3dDgKMHrT9DCC5W6UwC1Mfq6YCwkvZtDs3I7j
|
||||
vKlnanFp8hMMyYONRVlkvh+vOGQdbgXco4Z5nr02LQDu6Rwm4jSp9g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBualdnWmtBTThhZDFVdDRP
|
||||
WHlMamk1MFhUYUwwa0hyQmpobGNocC9VR0ZVCmc3N1FjcUZCNUdTTm91OVpwZDhP
|
||||
bTNXekp2bDd3Tjh6a2ZVTVNTSW9RTU0KLS0tIGJpcUVHb2ZlODgvelhwQ0JFU3l5
|
||||
WU5VanhYMTUvNklYazJxOXVveXhpM2cKCo+4FhhcbRylASEbQb9rAQUzEO1D+0AR
|
||||
52Jzc9s9rSdypeBRE7SaSOI4eVnkEjPfyhNFvMdxiBzBj7GdocpmCw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTnpqclVmVHR3M1ZvMDZ0
|
||||
eEtrbnhpTW5uZlhOYWFxbktxcTJ3bXZISkhzClpud2tNVzUvT2N2SkRadWk5aVpE
|
||||
S2VkTFlIVUhFclA0WEh5cEp0Qjg3ejgKLS0tIDNXY0lpKys4Q3NBRFcya2RoSG1F
|
||||
YW0raHlNekdWT3p0WHpGMk9xMmgzWFUKCue4GvgmH3nJBa7ny7rqft5MuSWHqAsP
|
||||
5HnaAudL+rh2j1swm635QUrf9UnpUznE5NSOGrQDmA6RCBypNM4rsw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4STZpU0ZnRzVVOFFRUXZG
|
||||
akcwS2Z5V3lmQzRTSGNHT2hDME5JMks2QTNNClpkZzNMc0wyRjVEaVlBRFlyNFhs
|
||||
M1pyeW1XdnZubnRxMzEzMFJoK0lkVVEKLS0tIENhRExzUWRWMUlObmhxazM5cU9y
|
||||
aDFyaDJackFoaEZOYWdTbWt0ODB1bm8Kg1VDAj5/i8ZbYxspIdXrI474YN5YkV4H
|
||||
86maCRDfUxO5lvu4zBa9pOmFtJ2iuJ2MxDnmCSHTl+GOk8yyUT8JhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
|
||||
- recipient: age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESlZOeHY0T01ra0gwMS8z
|
||||
R3c1eW45WVkyeTBuRlFMRngrb2NFL1hkcmhRCitwZ3lweXM0di9EdEdQZmF4ZUZr
|
||||
M1hqNkM3Q1Jrb09Kb2M0ZkhTcFZPYkkKLS0tIHpCTEFCV0JlRzQwK3hndDJ4aHVC
|
||||
S1o0QVlXSVl0dmlpWUQ3ZXdqUU5maTgKY4UJPx37CU5OUgkqYWlz9+0rA+dQkrH9
|
||||
+/kTT/2qZ2Op67WKtlas7arC7BjU8uygM208q+nr48Lic5n1fMtnXA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveE9NV2JCOW9odlN6Wmkw
|
||||
WFEvU2pka3htV2FTTFlpc05ES2JjbGxTaFJZCjhYdG1sRVBFaEF3YjNkWEw3Ny8x
|
||||
MlYyTjJBMHA2YVpHRkkwWW5hNDdrS1UKLS0tIFZXTFNVbkd6VFExc0dSVU4vd3JF
|
||||
ajlFY2pvWW13VGxOZ0hEc3dMbU9IeUUKNSf7ycj+1XHhsoghmY2iR1BwIySqfIOF
|
||||
zawE+MQcQg0u+fy6Aik26eUGvQG3rya2Fx2+3VlAbKB+rbiP0fwsgg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYkdwSy9vc0lEWXJIdWRw
|
||||
VmJ2NStaZDVxaG1LNU1NQlErdElPdkQvY3pjCkJyL1BRR2w1dmpqYnk5Tys3eHpX
|
||||
c0FJdzA1bU5GWWhrUWhOK1Jqa2lTaU0KLS0tIDMzMEQwL3I0ckVyYWFubU9VNlAr
|
||||
NlBud3VHczNnMm5wOGhHdEoxTG5CNDgK4s7cFGvUCeztjjIAWtMW7TUqFP+YEQIg
|
||||
So5A7DGxVsUcqarTUPazpIBBlO4n9zj79Qe+eQd6ti0EZG6sYX6+2Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaTNJNkJ0RVJiYlRzcmlX
|
||||
TmEweVdLaGpoVXMxZEFDU3dOZTJCRjdiNENBCkZ3bjJUNm1vcmY1ZUpZcEo4OGxa
|
||||
UWJKSjNKL002UDhmTmJER2M0MjJ3aG8KLS0tIFMvZjBkOS83T3NDUE82M3kweVNw
|
||||
VXhoN0VyWkVxMEJPQ3orVUNDK21rRU0KvnmuFxcCpP+LZg7v5jaStw9F0owVrQl9
|
||||
AkIq7GUJh7xewLxcVZfiBRpXMhw/mM8LYnd2KGP8R/TfYg+v0//+5A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-23T07:00:17Z"
|
||||
mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str]
|
||||
|
||||
@@ -17,6 +17,8 @@ in {
|
||||
"networkmanager"
|
||||
"wheel"
|
||||
"audio"
|
||||
"realtime"
|
||||
"rtkit"
|
||||
"network"
|
||||
"video"
|
||||
"podman"
|
||||
|
||||
28
hosts/common/users/pob/default.nix
Normal file
28
hosts/common/users/pob/default.nix
Normal file
@@ -0,0 +1,28 @@
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
|
||||
in {
|
||||
users.mutableUsers = false;
|
||||
users.users.pob = {
|
||||
description = "A helper user to use another profile for some applications";
|
||||
group = "pob";
|
||||
isNormalUser = true;
|
||||
shell = pkgs.fish;
|
||||
extraGroups = ifTheyExist [
|
||||
"networkmanager"
|
||||
];
|
||||
packages = with pkgs; [
|
||||
firefox
|
||||
wineWowPackages.stable # 32-bit and 64-bit wine
|
||||
winetricks
|
||||
];
|
||||
};
|
||||
users.groups.pob = {};
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
julian ALL=(pob) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
||||
97
hosts/common/users/yukari/default.nix
Normal file
97
hosts/common/users/yukari/default.nix
Normal file
@@ -0,0 +1,97 @@
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
outputs,
|
||||
...
|
||||
}: let
|
||||
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
|
||||
in {
|
||||
users.mutableUsers = false;
|
||||
users.users.yukari = {
|
||||
description = "Yukari";
|
||||
group = "yukari";
|
||||
isNormalUser = true;
|
||||
shell = pkgs.fish;
|
||||
extraGroups = ifTheyExist [
|
||||
"networkmanager"
|
||||
"audio"
|
||||
"network"
|
||||
"video"
|
||||
"podman"
|
||||
"docker"
|
||||
"git"
|
||||
"gamemode"
|
||||
];
|
||||
|
||||
createHome = true;
|
||||
hashedPassword = "$y$j9T$rGuTL0rfiy7ht8L58BGCw0$fN.KwHjYlIitFEPHndKvV06ezgeWzP3/58o1kkviZwB";
|
||||
packages = [pkgs.home-manager];
|
||||
};
|
||||
users.groups.yukari = {};
|
||||
|
||||
home-manager.users.yukari = {
|
||||
imports =
|
||||
[
|
||||
../../../../homes/julian/features/fonts
|
||||
../../../../homes/julian/features/suites/cli
|
||||
]
|
||||
++ (builtins.attrValues outputs.homeManagerModules);
|
||||
|
||||
home = {
|
||||
username = lib.mkDefault "yukari";
|
||||
homeDirectory = lib.mkDefault "/home/${config.home.username}";
|
||||
stateVersion = lib.mkDefault "23.11";
|
||||
|
||||
sessionPath = ["$HOME/.local/bin"];
|
||||
|
||||
packages = with pkgs; [
|
||||
arandr
|
||||
calibre # ebook manager and viewer
|
||||
# digikam
|
||||
discord
|
||||
discord-ptb # in case discord updates take their time
|
||||
# dvdisaster
|
||||
# element-desktop
|
||||
# rocketchat-desktop
|
||||
thunderbird
|
||||
telegram-desktop # telegram
|
||||
# schildichat-desktop # not updated regularly
|
||||
nheko
|
||||
evince # Simple pdf reader, good for focusing on document content
|
||||
firefox
|
||||
vivaldi
|
||||
# geogebra
|
||||
cheese
|
||||
handbrake
|
||||
# kitty # Terminal, already available as feature
|
||||
libnotify
|
||||
libreoffice
|
||||
mate.engrampa
|
||||
nomacs # Image viewer
|
||||
kdePackages.okular # Pdf reader with many features, good for commenting documents
|
||||
pavucontrol
|
||||
qalculate-gtk # Nice gui calculator
|
||||
qpdfview
|
||||
# qutebrowser
|
||||
# realvnc-vnc-viewer
|
||||
# rustdesk
|
||||
tor-browser
|
||||
# frajul.pob-dev-version # Path of Building
|
||||
vlc
|
||||
wineWowPackages.stable # 32-bit and 64-bit wine
|
||||
winetricks
|
||||
xclip # x11 clipboard access from terminal
|
||||
xfce.mousepad # simple text editor
|
||||
xournalpp # Edit pdf files
|
||||
zoom-us # Video conferencing
|
||||
zotero # Manage papers and other sources
|
||||
pdfpc # Present slides in pdf form
|
||||
];
|
||||
};
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
git.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -1,4 +1,5 @@
|
||||
{pkgs, ...}: {
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
@@ -7,21 +8,22 @@
|
||||
../common/users/wolfi
|
||||
../common/optional/binarycaches.nix
|
||||
|
||||
../common/optional/xserver.nix
|
||||
# ../common/optional/xserver.nix
|
||||
../common/optional/remote-builder.nix
|
||||
../common/optional/boot-efi.nix
|
||||
|
||||
# ../common/optional/greetd.nix
|
||||
|
||||
../common/optional/gdm.nix
|
||||
../common/optional/i3.nix
|
||||
|
||||
../common/optional/openssh.nix
|
||||
|
||||
../common/optional/greetd.nix
|
||||
../common/optional/authentication.nix
|
||||
../common/optional/pcmanfm.nix
|
||||
../common/optional/pipewire.nix
|
||||
|
||||
../common/optional/virtualbox.nix
|
||||
|
||||
# ../common/optional/gdm.nix
|
||||
# ../common/optional/i3.nix
|
||||
|
||||
../common/optional/openssh.nix
|
||||
|
||||
../common/optional/podman.nix
|
||||
../common/optional/flatpak.nix
|
||||
];
|
||||
@@ -32,14 +34,17 @@
|
||||
# Not using the drivers leads to way better results
|
||||
# services.xserver.videoDrivers = [ "nvidia" ];
|
||||
|
||||
networking.networkmanager.insertNameservers = [ "192.168.3.252" ];
|
||||
|
||||
programs.kdeconnect.enable = true;
|
||||
|
||||
programs.hyprland.enable = true;
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
services.printing.enable = true;
|
||||
services.printing.browsing = true;
|
||||
services.printing.drivers = with pkgs; [gutenprint];
|
||||
services.printing.drivers = with pkgs; [ gutenprint ];
|
||||
|
||||
services.libinput.enable = true;
|
||||
}
|
||||
|
||||
@@ -22,21 +22,67 @@
|
||||
../common/optional/pcmanfm.nix
|
||||
../common/optional/redshift.nix
|
||||
../common/optional/authentication.nix
|
||||
|
||||
../common/optional/avahi.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.python3.withPackages (p:
|
||||
with p; [
|
||||
numpy
|
||||
pillow
|
||||
flask
|
||||
rpi-gpio
|
||||
webcolors
|
||||
psutil
|
||||
mido
|
||||
rtmidi-python
|
||||
spidev
|
||||
waitress
|
||||
websockets
|
||||
werkzeug
|
||||
|
||||
pkgs.frajul.rpi-ws281x-python
|
||||
]))
|
||||
];
|
||||
|
||||
# disko.devices.disk.main.device = "/dev/mmcblk1";
|
||||
|
||||
# networking.wireless.enable = true;
|
||||
# networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path;
|
||||
# networking.wireless.networks = {
|
||||
# "@SSID@".psk = "@PSK@";
|
||||
# enabled by fish, disabling speeds up builds
|
||||
documentation.man.generateCaches = false;
|
||||
|
||||
# networking.enableIPv6 = false; # This only leads to issues with avahi
|
||||
# services.avahi.ipv6 = false;
|
||||
|
||||
hardware.raspberry-pi."4".bluetooth.enable = true;
|
||||
hardware.bluetooth.enable = true;
|
||||
hardware.bluetooth.powerOnBoot = true;
|
||||
services.blueman.enable = true; # bluetooth gui
|
||||
# raspberry pi specific
|
||||
# systemd.services.btattach = {
|
||||
# before = [ "bluetooth.service" ];
|
||||
# after = [ "dev-ttyAMA0.device" ];
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# serviceConfig = {
|
||||
# ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
|
||||
# };
|
||||
# };
|
||||
# networking.wireless.enable = true;
|
||||
# networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path;
|
||||
# networking.wireless.networks = {
|
||||
# "SMARTments".pskRaw = "ext:PSK";
|
||||
# };
|
||||
|
||||
# networking.networkmanager.enable = lib.mkForce false;
|
||||
|
||||
services.gnome.at-spi2-core.enable = true; # for onboard
|
||||
|
||||
networking.hostName = "pianonix";
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
sops.secrets."vnc-passwd" = {
|
||||
owner = config.users.users.julian.name;
|
||||
sopsFile = ./vnc-passwd;
|
||||
sopsFile = ./secrets-vnc-passwd.bin;
|
||||
format = "binary";
|
||||
};
|
||||
sops.secrets."wifi/pianonix" = {};
|
||||
@@ -45,6 +91,18 @@
|
||||
# sops.secrets."syncthing/public-keys/aspi-nix" = { };
|
||||
# sops.secrets."syncthing/public-keys/pianonix" = { };
|
||||
|
||||
sops.secrets."wg-config" = {
|
||||
sopsFile = ./secrets-wg-config.bin;
|
||||
format = "binary";
|
||||
};
|
||||
|
||||
networking.wg-quick.interfaces = {
|
||||
home = {
|
||||
configFile = config.sops.secrets."wg-config".path;
|
||||
autostart = true; # This interface is started on boot
|
||||
};
|
||||
};
|
||||
|
||||
modules = {
|
||||
syncthing = {
|
||||
enable = true;
|
||||
@@ -54,6 +112,7 @@
|
||||
|
||||
# Enable the Desktop Environment.
|
||||
# services.xserver.displayManager.lightdm.enable = true;
|
||||
services.displayManager.defaultSession = "xfce";
|
||||
services.displayManager.autoLogin = {
|
||||
enable = true;
|
||||
user = "julian";
|
||||
@@ -73,10 +132,11 @@
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.timeout = 1; # Set boot loader timeout to 1s
|
||||
boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s
|
||||
|
||||
# De-facto disable network manager, which is enabled by gnome
|
||||
# networking.networkmanager.unmanaged = [ "*" ];
|
||||
services.xserver.enable = true;
|
||||
services.xserver.desktopManager = {
|
||||
xfce = {
|
||||
enable = true;
|
||||
@@ -129,7 +189,7 @@
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.enable = true;
|
||||
networking.firewall.enable = false;
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
5900 # for vnc
|
||||
];
|
||||
@@ -156,4 +216,61 @@
|
||||
# boot.loader.raspberryPi.firmwareConfig = ''
|
||||
# dtparam=audio=on
|
||||
# '';
|
||||
|
||||
## Enable SPI
|
||||
hardware.raspberry-pi."4".apply-overlays-dtmerge.enable = true;
|
||||
hardware.deviceTree = {
|
||||
enable = true;
|
||||
filter = lib.mkForce "*-rpi-4*.dtb";
|
||||
overlays = [
|
||||
{
|
||||
name = "spi";
|
||||
dtboFile = ./spi0-0cs.dtbo;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
users.groups.spi = {};
|
||||
|
||||
# services.udev.extraRules = ''
|
||||
# SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660"
|
||||
# '';
|
||||
|
||||
## Use GPIO as non-root
|
||||
# Create gpio group
|
||||
users.groups.gpio = {};
|
||||
|
||||
# Change permissions gpio devices
|
||||
services.udev.extraRules = ''
|
||||
SUBSYSTEM=="spidev", KERNEL=="spidev0.0", GROUP="spi", MODE="0660"
|
||||
|
||||
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
|
||||
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
|
||||
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
|
||||
'';
|
||||
|
||||
# Add user to group
|
||||
users.users.julian.extraGroups = ["gpio"];
|
||||
|
||||
## My own Piano LED Visualizer
|
||||
services.piano-led-visualizer.enable = true;
|
||||
|
||||
## Crude fix for avahi
|
||||
systemd.timers.avahiRestart = {
|
||||
description = "Restart avahi-daemon every 5 minutes";
|
||||
wantedBy = ["timers.target"];
|
||||
timerConfig = {
|
||||
OnBootSec = "5min";
|
||||
OnUnitActiveSec = "5min";
|
||||
Unit = "avahiRestart.service";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.avahiRestart = {
|
||||
description = "Restart avahi-daemon service";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.systemd}/bin/systemctl restart avahi-daemon.service";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -14,9 +14,16 @@
|
||||
boot.initrd.kernelModules = [];
|
||||
boot.kernelModules = [];
|
||||
boot.extraModulePackages = [];
|
||||
boot.kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
|
||||
boot.blacklistedKernelModules = ["snd_bcm2835"]; # Disables sound, required for ws281x to work
|
||||
# boot.supportedFilesystems = lib.mkForce [
|
||||
# # remove zfs, since its incompatible with latest kernel
|
||||
# "vfat"
|
||||
# "ext4"
|
||||
# ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
|
||||
19
hosts/pianonix/secrets-vnc-passwd.bin
Normal file
19
hosts/pianonix/secrets-vnc-passwd.bin
Normal file
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:13hToequR4A=,iv:U7a6mIOYanQjozPrL92edFrhdyuSJj14pqVa2tGE/zA=,tag:uyeE3dj7NTKPi0jNLkFMLA==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWEFYNThYQkpuTW10MjNM\nU3pWYmE5UnBPUzhQSTltc3hXdk9EWkg5czI0CmxnK3FuYitGci9ndnRCZms4a0lD\nOWh4alF1MEtJUis5YVNyYXRLbVppNnMKLS0tIEQ5WVVIMzlIV0pnc2ZWMnc5bjE4\nR3lpbzJiRmljcWI4SWlOS2svZVBSYnMKYIfhDjNZPDxmws3Z3P55K7V/NHiukQ0u\n00Kk603U+1JhgfJBk0Y3tMo//vKCHQj87wtZoqDLEN7Gu+ZtHhkhow==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSVpBR1NPY0svSWNWYzFC\nZE1uTjZTRm9XM24wcXByajVDYUJ4Y3FmNUc0CkJMMXRtUE5mSjYwU25MYy9xNFlP\ndUNmYmJ5RVF0dG5LYjA4L1NnNEtCMVEKLS0tIFl0Slovd2NiWjg1VXJ1VDJwTWJQ\nTWFZeW1ZYisvenVycWYwZ1lkOXBaVVUKqGu6Q8IbiUAzazLKN95uAtmXJMPzx02u\nr/R8q7ugG8lX5pWX3H3P7vtBz57Oo3rWlRpUhN/4+PpijkJNUyr3XQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-12-01T16:14:57Z",
|
||||
"mac": "ENC[AES256_GCM,data:zKz8OX1yi68Qn3X6HwdbgTCr/3ZVBh5Wz4KUACmWG3XhOEVi8uoDEdAxfKMDBqNzXLeDmxxTKj6TMLkk68ozDYJqu0OevVritnZqvBTr9VKGpMPBFN3DuaeqSZ6wjHGbce1iqO0kusnwopRbEWHmr/lZxiXTNgLPdN+p5Aszi54=,iv:resppfGPecKvKwqNwqecDBcXGhcTWSGZis8hf1jT0Us=,tag:V80P25Pr4HD9pUUrQHZSQg==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
||||
19
hosts/pianonix/secrets-wg-config.bin
Normal file
19
hosts/pianonix/secrets-wg-config.bin
Normal file
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:SFc3K1hvBjeCS6ikLZl3vIPFJqsUrZZi9yO9tVuv14exKhOuK17HN/d+cYMtVxGwqQ/biFdXYdP8/sfTPwwZgd/wRLT2xRDMOg5ru7kj8sEhcOEYmrgYRLo3ImdWANFaxelWOmjEvzphTQ7guvXTo7BACUA9AygYa9Ou9bklYImWhOCsk8e9uz5afLZXscidiqUqqFuJNo3QGMDEAxFI2YC3OpLwEj5zlsI4AXEEHRVUxU1sVtspdolDaeiFIs/JW4jLu/2la6JyGJUluYXAThzL1LO39NA/MSNskMSedatz89vnCd9CP6Q3eT93vrUYAEY=,iv:e+tWIlHm4NH1w8AQAw6tvgCX9XOiroE1XmrSua3Bcg4=,tag:RwGpKtG9JzQ3TgcnzEV5Rg==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYTFjRnpPVDAvQ0ZHZU0v\neEduOTVockFoZGhuMmZNd0w3bVFCVUQzUlI4CmZTaktOQWxrTDNpYXlPTm9SdlZZ\nN0dURmlHVFlHSjZpbkpGb09lTmVzWm8KLS0tIDhMWlFIRWFkQjcya0hjeUdUSklB\nbWlqNlVoR1BnWG9TM0RhWnI4a0J4YUEKGWIX77EVXYFVyA2u6CkF1cGfwd4Gq0Vb\nNqrlMUYEDZ5nO/eLWsAt2kj1/YFjkGw0iI02HLRHdxQ59vFyl3CS1Q==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNlZGdktzSGp0bzIyUjlR\nUU9LSXRrZTgxcEZwczhidWVOdGRnRFYrOVZZCmx3VzM4V2dsWmZpUWxNUG82MzU2\nT3dmQjRwdmRJbTJxVm9vQjJKU3JXSncKLS0tIFlhYy9uQW5aa1E0K3Q1RUFSQkZP\nR29sY3RCYVg5bGdqMU1uc0E3Szhmb0kKFzKHUVNDdHWfycb7xWeAyIVlC4ab7ivR\nVlfmbPAXq2THw/s4zk/ckfE5RP82a1aX4++XRa7fm5KXpI8vExjJ5A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-10-14T06:56:31Z",
|
||||
"mac": "ENC[AES256_GCM,data:DrcOET5U6veg0qhcBjQQ5neCdTUufMxhIz4ZQzvzd+YxKfAqaq8R1PW5VVlUjhDBaUH9i3J1Wj6X4E600uhayY0E9I5VqfO84hqlosfZWPiWPO8prK46Y7R3Ybdh9uvWQxiaSxy8KHXsdDgsBFLlmLe/QvsDSUv56rPofkm06vg=,iv:XBFP8ANpsszeXqQIE/v7+GmZGlFtxgE/EtgL/Cc3x+8=,tag:ZJgO+hLuwIatE55wo94RVw==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
}
|
||||
BIN
hosts/pianonix/spi0-0cs.dtbo
Normal file
BIN
hosts/pianonix/spi0-0cs.dtbo
Normal file
Binary file not shown.
@@ -1,28 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:13hToequR4A=,iv:U7a6mIOYanQjozPrL92edFrhdyuSJj14pqVa2tGE/zA=,tag:uyeE3dj7NTKPi0jNLkFMLA==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWUp5TU9kWTNpa0s5TFRC\nK1hoc0d0K3JQYWN3VVVWM2JvemtieGo2UGpVCit5MUcvZldBZkNNZ3ZWTWRtd0Zx\nT3I4aTdUcitPRmhhV0htZlhEYjhRakUKLS0tIEdmYUI4N1g1Nkp3YzdtaHJybVcz\neFNwUnd0Vyt2MTBpRTZlMzZnNHJGd1EKy/0zXv9CPf5k0ky7TBGY9GbcIeQyPk1L\nKmMCuWMLX0yTGqB3M3/UNdoc4L0q//7keUZH5PlkxJbnu6IN3fE5qg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdy9tZlZtNFJPRFNUUUNI\nUWtPZmZOY1V5SHc5bTZOZVluTUV6N3dlQWprClVqK2tKNFlBWHdyNDF1Q0d2bi9z\naldTTDdWYzZ6WmgrNHlZSDlTSU9SbmsKLS0tIDJZM2Y4ZDVmZk54eTZLOTU4Ui9X\nR3l3WDkwRWUyakFLdGZXeDJxRUJsaHMK6hgZ1KYe9qx4tO7RervEAKGjNHg4mi0E\nxx3I9P8MFzPiCVKG5ZNxRx25y7H4bQSRRtxIlXIhqzf2+5Q6U7/Hrw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cUg4dUlCY0IwS3pPeTF5\nZTVkRTkzaVBYTmh0MmYyaHlOaFRHSnk5dWs4CmhvaTlSOTFDQzZmbHVudXpwQitV\nQjhRQWl3OHNLVGJYMm1ObVEyQmhxS0kKLS0tIDJsZnN4K2pUOEdIYVg4ZlQ5Ujhn\nNlpGL1hMVXd5cWR2YkdIVmJiblMzR1EKJYS51sKQ/tBV7dv88pOxJhzHQGckoF8q\nwIioVjs9sm4JBgQqSIbVhXwnKl05IUkyAgw6LfsbSJz3nKe7lmmRpg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-12-01T16:14:57Z",
|
||||
"mac": "ENC[AES256_GCM,data:zKz8OX1yi68Qn3X6HwdbgTCr/3ZVBh5Wz4KUACmWG3XhOEVi8uoDEdAxfKMDBqNzXLeDmxxTKj6TMLkk68ozDYJqu0OevVritnZqvBTr9VKGpMPBFN3DuaeqSZ6wjHGbce1iqO0kusnwopRbEWHmr/lZxiXTNgLPdN+p5Aszi54=,iv:resppfGPecKvKwqNwqecDBcXGhcTWSGZis8hf1jT0Us=,tag:V80P25Pr4HD9pUUrQHZSQg==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
||||
@@ -2,4 +2,5 @@
|
||||
# hydra-auto-upgrade = import ./hydra-auto-upgrade.nix;
|
||||
syncthing = import ./syncthing.nix;
|
||||
frajulAutoUpgrade = import ./frajul-auto-upgrade.nix;
|
||||
pianoLEDVisualizer = import ./piano-led-visualizer.nix;
|
||||
}
|
||||
|
||||
@@ -27,6 +27,10 @@ in {
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
security.sudo.extraConfig = ''
|
||||
root ALL=(julian) NOPASSWD: ${pkgs.git}/bin/git -C "${cfg.flakePath}" commit -m *
|
||||
'';
|
||||
|
||||
# Ensure the flag directory exists
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/frajul-auto-upgrade 0755 root root -"
|
||||
@@ -67,10 +71,16 @@ in {
|
||||
echo $$ > "$LOCK_FILE"
|
||||
trap 'rm -f "$LOCK_FILE"' EXIT
|
||||
|
||||
if /run/current-system/sw/bin/nix flake update --flake "${cfg.flakePath}" && /run/current-system/sw/bin/nixos-rebuild switch --flake "${cfg.flakePath}"; then
|
||||
# Back up flake.lock
|
||||
cp -f "${cfg.flakePath}/flake.lock" /var/lib/frajul-auto-upgrade/flake.lock.bak
|
||||
|
||||
# Try updating
|
||||
if /run/current-system/sw/bin/nix flake update --flake "${cfg.flakePath}" && /run/current-system/sw/bin/nixos-rebuild switch --flake "${cfg.flakePath}" && ${pkgs.sudo}/bin/sudo -u julian git -C "${cfg.flakePath}" commit -m "Auto-update flake.lock" -- flake.lock; then
|
||||
echo "success" > "$LAST_STATUS_FILE"
|
||||
else
|
||||
echo "failure" > "$LAST_STATUS_FILE"
|
||||
# Restore flake.lock
|
||||
cp -f /var/lib/frajul-auto-upgrade/flake.lock.bak "${cfg.flakePath}/flake.lock"
|
||||
fi
|
||||
|
||||
# Write full timestamp
|
||||
|
||||
@@ -11,7 +11,10 @@ in {
|
||||
system.hydraAutoUpgrade = {
|
||||
enable = lib.mkEnableOption "periodic hydra-based auto upgrade";
|
||||
operation = lib.mkOption {
|
||||
type = lib.types.enum ["switch" "boot"];
|
||||
type = lib.types.enum [
|
||||
"switch"
|
||||
"boot"
|
||||
];
|
||||
default = "switch";
|
||||
};
|
||||
dates = lib.mkOption {
|
||||
|
||||
51
modules/nixos/piano-led-visualizer.nix
Normal file
51
modules/nixos/piano-led-visualizer.nix
Normal file
@@ -0,0 +1,51 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
cfg = config.services.piano-led-visualizer;
|
||||
in {
|
||||
options.services.piano-led-visualizer = {
|
||||
enable = lib.mkEnableOption "Enable Piano LED Visualizer";
|
||||
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "plv";
|
||||
description = "User to run the Piano LED Visualizer service.";
|
||||
};
|
||||
|
||||
group = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "plv";
|
||||
description = "Group to run the Piano LED Visualizer service.";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
users.users.${cfg.user} = {
|
||||
isSystemUser = true;
|
||||
group = cfg.group;
|
||||
createHome = true;
|
||||
home = "/home/${cfg.user}";
|
||||
extraGroups = ["wheel" "gpio"];
|
||||
};
|
||||
users.groups.${cfg.group} = {};
|
||||
|
||||
systemd.services.piano-led-visualizer = {
|
||||
description = "Piano LED Visualizer";
|
||||
after = ["network-online.target"];
|
||||
wants = ["network-online.target"];
|
||||
wantedBy = ["multi-user.target"];
|
||||
|
||||
serviceConfig = {
|
||||
WorkingDirectory = "/home/${cfg.user}/Piano-LED-Visualizer";
|
||||
ExecStart = "${pkgs.frajul.piano-led-visualizer}/bin/piano-led-visualizer";
|
||||
Restart = "always";
|
||||
Type = "simple";
|
||||
# User = cfg.user;
|
||||
# Group = cfg.group;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -25,11 +25,11 @@
|
||||
my-pkgs = final: prev: {frajul = import ../pkgs {pkgs = final;};};
|
||||
|
||||
nixpkgs-stable-unstable = final: prev: {
|
||||
unstable = import inputs.nixpkgs {
|
||||
unstable = import inputs.nixpkgs-unstable {
|
||||
system = prev.system;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
stable = import inputs.nixpkgs-stable {
|
||||
stable = import inputs.nixpkgs {
|
||||
system = prev.system;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
|
||||
@@ -13,4 +13,8 @@
|
||||
pob2 = pkgs.callPackage ./pob2 {};
|
||||
wl-ocr = pkgs.callPackage ./wl-ocr {};
|
||||
rtklib = pkgs.qt6Packages.callPackage ./rtklib {};
|
||||
pob2-frajul = pkgs.callPackage ./pob2-frajul {};
|
||||
|
||||
rpi-ws281x-python = pkgs.callPackage ./rpi-ws281x-python {};
|
||||
piano-led-visualizer = pkgs.callPackage ./piano-led-visualizer {};
|
||||
}
|
||||
|
||||
63
pkgs/piano-led-visualizer/default.nix
Normal file
63
pkgs/piano-led-visualizer/default.nix
Normal file
@@ -0,0 +1,63 @@
|
||||
{
|
||||
lib,
|
||||
python3,
|
||||
callPackage,
|
||||
fetchFromGitHub,
|
||||
...
|
||||
}: let
|
||||
pythonPackages = python3.pkgs;
|
||||
rpi-ws281x-python = callPackage ../rpi-ws281x-python {inherit python3;};
|
||||
in
|
||||
pythonPackages.buildPythonApplication rec {
|
||||
pname = "piano-led-visualizer";
|
||||
version = "1.6";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "onlaj";
|
||||
repo = "Piano-LED-Visualizer";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-SkNNu2pqVG40HBZZYJMCCKiRj1h1QdkteaPR3Ek2P7I=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
./fix-log-dir.patch
|
||||
];
|
||||
|
||||
propagatedBuildInputs = with pythonPackages; [
|
||||
setuptools
|
||||
|
||||
numpy
|
||||
pillow
|
||||
flask
|
||||
rpi-gpio
|
||||
webcolors
|
||||
psutil
|
||||
mido
|
||||
rtmidi-python
|
||||
spidev
|
||||
waitress
|
||||
websockets
|
||||
werkzeug
|
||||
|
||||
rpi-ws281x-python
|
||||
];
|
||||
|
||||
format = "setuptools";
|
||||
|
||||
preBuild = ''
|
||||
cp ${./setup.py} setup.py
|
||||
sed -i 's/PLACEHOLDER_VERSION/${version}/' setup.py
|
||||
'';
|
||||
|
||||
postInstall = ''
|
||||
mv -v $out/bin/visualizer.py $out/bin/piano-led-visualizer
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Piano LED Visualizer for Raspberry Pi";
|
||||
homepage = "https://github.com/onlaj/Piano-LED-Visualizer";
|
||||
license = licenses.gpl3;
|
||||
maintainers = [];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
24
pkgs/piano-led-visualizer/fix-log-dir.patch
Normal file
24
pkgs/piano-led-visualizer/fix-log-dir.patch
Normal file
@@ -0,0 +1,24 @@
|
||||
diff --git a/lib/log_setup.py b/lib/log_setup.py
|
||||
index 34f9156..e164d14 100644
|
||||
--- a/lib/log_setup.py
|
||||
+++ b/lib/log_setup.py
|
||||
@@ -1,6 +1,7 @@
|
||||
import logging
|
||||
from logging.handlers import RotatingFileHandler
|
||||
import sys
|
||||
+import os
|
||||
|
||||
# Create a custom logger
|
||||
logger = logging.getLogger("my_app")
|
||||
@@ -10,7 +11,10 @@ logger.setLevel(logging.DEBUG)
|
||||
|
||||
# Create handlers
|
||||
console_handler = logging.StreamHandler()
|
||||
-file_handler = RotatingFileHandler('/home/Piano-LED-Visualizer/visualizer.log', maxBytes=500000, backupCount=10)
|
||||
+
|
||||
+log_path = os.path.expanduser('~/Piano-LED-Visualizer/visualizer.log')
|
||||
+os.makedirs(os.path.dirname(log_path), exist_ok=True)
|
||||
+file_handler = RotatingFileHandler(log_path, maxBytes=500000, backupCount=10)
|
||||
|
||||
|
||||
# Set the level for handlers
|
||||
24
pkgs/piano-led-visualizer/setup.py
Normal file
24
pkgs/piano-led-visualizer/setup.py
Normal file
@@ -0,0 +1,24 @@
|
||||
from setuptools import setup, find_packages
|
||||
|
||||
setup(
|
||||
name="piano_led_visualizer",
|
||||
version="PLACEHOLDER_VERSION",
|
||||
py_modules=["visualizer"],
|
||||
packages=find_packages(), # includes all packages with __init__.py
|
||||
install_requires=[
|
||||
"numpy",
|
||||
"pillow",
|
||||
"flask",
|
||||
"rpi-gpio",
|
||||
"webcolors",
|
||||
"psutil",
|
||||
"mido",
|
||||
"rtmidi",
|
||||
"spidev",
|
||||
"waitress",
|
||||
"websockets",
|
||||
"werkzeug",
|
||||
"rpi_ws281x",
|
||||
],
|
||||
scripts=["visualizer.py"],
|
||||
)
|
||||
16
pkgs/pob2-frajul/default.nix
Normal file
16
pkgs/pob2-frajul/default.nix
Normal file
@@ -0,0 +1,16 @@
|
||||
{
|
||||
writeShellApplication,
|
||||
xhost,
|
||||
}:
|
||||
writeShellApplication {
|
||||
name = "pob2-frajul";
|
||||
|
||||
runtimeInputs = [
|
||||
xhost
|
||||
];
|
||||
|
||||
text = ''
|
||||
xhost +
|
||||
sudo -u pob -i sh /home/pob/pob2.sh
|
||||
'';
|
||||
}
|
||||
37
pkgs/rpi-ws281x-python/default.nix
Normal file
37
pkgs/rpi-ws281x-python/default.nix
Normal file
@@ -0,0 +1,37 @@
|
||||
{
|
||||
lib,
|
||||
python3,
|
||||
fetchFromGitHub,
|
||||
pkgs,
|
||||
}:
|
||||
python3.pkgs.buildPythonPackage rec {
|
||||
pname = "rpi-ws281x";
|
||||
version = "5.0.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "rpi-ws281x";
|
||||
repo = "rpi-ws281x-python";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-CVPibDs1QLeXhtoEBw3JplKIIUpzahjgJKy8GVy99Wk=";
|
||||
fetchSubmodules = true;
|
||||
};
|
||||
|
||||
format = "setuptools";
|
||||
|
||||
propagatedBuildInputs = with python3.pkgs; [
|
||||
setuptools
|
||||
wheel
|
||||
];
|
||||
|
||||
postUnpack = ''
|
||||
sourceRoot="$sourceRoot/library"
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Python bindings for the rpi_ws281x C library";
|
||||
homepage = "https://github.com/rpi-ws281x/rpi-ws281x-python";
|
||||
license = licenses.mit;
|
||||
maintainers = [];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user