julian/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Compare commits

base: julian:55ba4125d6695d2913ecf98bf07076fc8608d9cd
Branches Tags
julian:master julian:flake-updates julian:aurora julian:laptop
...
compare: julian:flake-updates
Branches Tags
julian:flake-updates julian:master julian:aurora julian:laptop

89 Commits
55ba4125d6 ... flake-upda

Author SHA1 Message Date
Gitea Actions
8c8e2abde5 Update flake.lock 2025-04-28 2025-10-22 00:30:13 +00:00
Gitea Actions
ec7618ea19 Update flake.lock 2025-04-27 2025-10-22 00:30:13 +00:00
Gitea Actions
ba64806a7b Update flake.lock 2025-04-26 2025-10-22 00:30:13 +00:00
Gitea Actions
9e2d79f557 Update flake.lock 2025-04-25 2025-10-22 00:30:13 +00:00
Gitea Actions
7e4216e657 Update flake.lock 2025-04-24 2025-10-22 00:30:13 +00:00
Gitea Actions
10e0de84eb Update flake.lock 2025-04-23 2025-10-22 00:30:13 +00:00
Gitea Actions
ae025fe9d6 Update flake.lock 2025-04-22 2025-10-22 00:30:12 +00:00
Gitea Actions
33636cb452 Update flake.lock 2025-04-21 2025-10-22 00:30:12 +00:00
Gitea Actions
15f3bb1435 Update flake.lock 2025-04-20 2025-10-22 00:30:12 +00:00
Gitea Actions
4d729ce925 Update flake.lock 2025-04-19 2025-10-22 00:30:12 +00:00
Gitea Actions
f14964fe5a Update flake.lock 2025-04-18 2025-10-22 00:30:12 +00:00
Gitea Actions
39098d34e1 Update flake.lock 2025-04-17 2025-10-22 00:30:12 +00:00
Gitea Actions
7d33b4af76 Update flake.lock 2025-04-16 2025-10-22 00:30:12 +00:00
Gitea Actions
98221a4272 Update flake.lock 2025-04-15 2025-10-22 00:30:12 +00:00
Gitea Actions
312e5b31af Update flake.lock 2025-04-14 2025-10-22 00:30:12 +00:00
Gitea Actions
85c8543ee5 Update flake.lock 2025-04-13 2025-10-22 00:30:12 +00:00
Gitea Actions
3cd94302d6 Update flake.lock 2025-04-12 2025-10-22 00:30:12 +00:00
Gitea Actions
97ed8e5009 Update flake.lock 2025-04-11 2025-10-22 00:30:12 +00:00
Gitea Actions
7c98ad5e05 Update flake.lock 2025-04-10 2025-10-22 00:30:12 +00:00
Gitea Actions
a235bfe104 Update flake.lock 2025-04-09 2025-10-22 00:30:12 +00:00
Gitea Actions
500aee7e85 Update flake.lock 2025-04-08 2025-10-22 00:30:12 +00:00
Gitea Actions
4bc4a45ada Update flake.lock 2025-04-07 2025-10-22 00:30:12 +00:00
Gitea Actions
1de19a3f0f Update flake.lock 2025-04-06 2025-10-22 00:30:12 +00:00
Gitea Actions
3654acf608 Update flake.lock 2025-04-05 2025-10-22 00:30:12 +00:00
Gitea Actions
c557583009 Update flake.lock 2025-04-04 2025-10-22 00:30:12 +00:00
Gitea Actions
874a31a119 Update flake.lock 2025-04-03 2025-10-22 00:30:12 +00:00
Gitea Actions
0e06dda96a Update flake.lock 2025-04-02 2025-10-22 00:30:12 +00:00
Gitea Actions
52f2764e44 Update flake.lock 2025-04-01 2025-10-22 00:30:12 +00:00
Gitea Actions
5111de254c Update flake.lock 2025-03-31 2025-10-22 00:30:12 +00:00
Gitea Actions
39e2d66f43 Update flake.lock 2025-03-30 2025-10-22 00:30:12 +00:00
Gitea Actions
ac2bfa1544 Update flake.lock 2025-03-29 2025-10-22 00:30:12 +00:00
Gitea Actions
d1a95af60e Update flake.lock 2025-03-28 2025-10-22 00:30:12 +00:00
Gitea Actions
94bf5729bc Update flake.lock 2025-03-27 2025-10-22 00:30:12 +00:00
Gitea Actions
eb6327bfd9 Update flake.lock 2025-03-26 2025-10-22 00:30:12 +00:00
Gitea Actions
0c06143ab4 Update flake.lock 2025-03-25 2025-10-22 00:30:12 +00:00
Gitea Actions
b3c8d94ab7 Update flake.lock 2025-03-24 2025-10-22 00:30:12 +00:00
Gitea Actions
4ada4b9376 Update flake.lock 2025-03-23 2025-10-22 00:30:12 +00:00
Julian Mutter
c1b2b51d13 update flake
Some checks failed
Update Nix Flake / update-flake (push) Failing after 15s
Details
2025-10-21 20:04:02 +02:00
Julian Mutter
28f78bb67e flake: add nixos-generators for output pianonix-image 2025-10-21 20:03:46 +02:00
Julian Mutter
114647aa96 pianonix: update commented wireless networking config 2025-10-21 20:03:25 +02:00
Julian Mutter
64ae389f27 pianonix: update secrets for new installation 2025-10-21 20:03:12 +02:00
Julian Mutter
fd39dbfcd4 readme: update ssh-to-age command 2025-10-21 20:02:18 +02:00
Julian Mutter
b13cca7173 shell: add nix helper programs
Some checks failed
Update Nix Flake / update-flake (push) Failing after 20s
Details
2025-10-20 19:37:44 +02:00
Julian Mutter
7807091b83 builder: use networkmanager again 2025-10-20 19:37:16 +02:00
Julian Mutter
d3026afb97 update flake 2025-10-20 19:37:05 +02:00
Julian Mutter
152daf1230 pianonix: multiple improvements, improve secrets, add wireguard, use sheetless in browser 2025-10-20 19:36:24 +02:00
Julian Mutter
ffda398f8d builder: disable autoupgrade
Some checks failed
Update Nix Flake / update-flake (push) Failing after 13s
Details
2025-10-09 21:29:40 +02:00
Julian Mutter
3e179960de builder: simplify network config by using static dns list 2025-10-09 21:28:34 +02:00
Julian Mutter
93e655ed27 aspi: use wireguard via networkmanager 2025-10-09 21:28:14 +02:00
Julian Mutter
710c1dedb8 install additional software
Some checks failed
Update Nix Flake / update-flake (push) Failing after 13s
Details
2025-10-05 15:36:37 +02:00
Julian Mutter
28ec5c73d4 format code 2025-10-05 15:36:26 +02:00
Julian Mutter
fc7285bd5c setup pob user for running pob2-frajul 2025-10-05 15:36:06 +02:00
Julian Mutter
11ee156b29 pipewire: try fixing video conference freeze 2025-10-05 15:34:21 +02:00
Julian Mutter
2dba549787 builder: setup as jenkins node 2025-10-05 15:33:58 +02:00
Julian Mutter
d28c7d870c add caches to substituters 2025-10-05 15:32:52 +02:00
Julian Mutter
8bf17e74ef use stable nixos-25.05 instead of unstable 2025-10-05 15:30:41 +02:00
Julian Mutter
08cf457aa3 neovim: use smartcase search 2025-09-11 08:04:03 +02:00
Julian Mutter
448002ebf4 update config syntax 2025-09-11 08:03:22 +02:00
Julian Mutter
9735d3f0c0 frajul-auto-upgrade: restore flake.lock if update failed 2025-09-09 21:47:35 +02:00
Julian Mutter
8f1b0ade4d user: add to rtkit groups to maybe fix audio 2025-09-09 21:47:08 +02:00
Julian Mutter
db05024dc6 builder: add fallback to substituters 2025-09-09 21:46:36 +02:00
Julian Mutter
21053dac8c install dig 2025-09-09 21:46:19 +02:00
Julian Mutter
1ab0bf54fa neovim: fix telescope file_browser, add lsps 2025-09-09 21:46:13 +02:00
Julian Mutter
5070d4dbfc Add yukari user 2025-09-01 17:24:27 +02:00
Julian Mutter
12466b4426 frajul-auto-upgrade: re-add lock file usage
Some checks failed
Update Nix Flake / update-flake (push) Failing after 11s
Details
2025-08-03 16:05:46 +02:00
Julian Mutter
23155d57b7 update flake
Some checks failed
Update Nix Flake / update-flake (push) Failing after 18s
Details
2025-07-26 08:13:42 +02:00
Julian Mutter
a9e30bd84b Set fallback for binary caches 
This makes builds not fail when my own binary cache is offline for some reason
 2025-07-26 08:13:02 +02:00
Julian Mutter
e62f6e9dce Fix frajul-auto-upgrade git permission issue 2025-07-26 08:12:43 +02:00
Julian Mutter
c543bc13ea hm: disable warn-dirty
Some checks failed
Update Nix Flake / update-flake (push) Failing after 16s
Details
2025-07-12 15:52:17 +02:00
Julian Mutter
b4d1681b99 hyprland: fix waybar by running it with exec-once 2025-07-12 15:51:43 +02:00
Julian Mutter
6c32ffbe94 frajul-auto-upgrade: only run once a day
Some checks failed
Update Nix Flake / update-flake (push) Failing after 14s
Details
2025-07-11 16:22:17 +02:00
Julian Mutter
6787243414 flake: update 2025-07-11 13:15:42 +02:00
Julian Mutter
d350807e8c builder: do enable auto-upgrades 2025-07-11 13:15:25 +02:00
Julian Mutter
f872c8db0c aspi: enable frajul auto upgrade module and integrate into waybar 2025-07-11 13:15:02 +02:00
Julian Mutter
8c53c66c4d Add frajul-auto-upgrade module 2025-07-11 13:14:48 +02:00
Julian Mutter
0f07029660 Add openconnect plugin to networkmanager
Some checks failed
Update Nix Flake / update-flake (push) Failing after 17s
Details
2025-07-10 17:50:34 +02:00
Julian Mutter
8010d771a1 builder: add gitlab-runner
Some checks failed
Update Nix Flake / update-flake (push) Failing after 17s
Details
2025-07-09 21:34:52 +02:00
Julian Mutter
7f4c41429e update flake
Some checks failed
Update Nix Flake / update-flake (push) Failing after 15s
Details
2025-07-04 14:44:51 +02:00
Julian Mutter
6d21fe4262 format code 2025-07-04 14:44:31 +02:00
Julian Mutter
c081f95aaf open-messaging: adapt to new telegram program name 2025-07-04 14:44:01 +02:00
Julian Mutter
452a34c7e8 Neovim: add clangd 2025-07-04 14:43:51 +02:00
Julian Mutter
15c4616b91 Fix emacs not having TERMINAL env var 2025-07-04 14:43:45 +02:00
Julian Mutter
07274a0364 Update alacritty config, use as default 2025-07-04 14:41:58 +02:00
Julian Mutter
3bb8db1349 Fix builder using itself as remote subsituter 2025-07-04 14:40:58 +02:00
Julian Mutter
65a3dcdc08 Use ghostty as primary terminal
Some checks failed
Update Nix Flake / update-flake (push) Failing after 16s
Details
2025-06-30 08:37:24 +02:00
Julian Mutter
9fe40bfd13 package rtklib 2025-05-26 21:51:07 +02:00
Julian Mutter
07943d4f95 format file
Some checks failed
Update Nix Flake / update-flake (push) Failing after 12s
Details
2025-05-23 09:59:30 +02:00
Julian Mutter
815a79ff41 kardorf: fix seahorse and plasma6 config conflict 2025-05-23 09:58:59 +02:00
Julian Mutter
32ddceba8f kardorf: use i3 instead of hyprland 2025-05-23 09:58:38 +02:00
50 changed files with 1592 additions and 258 deletions
Expand all files Collapse all files

4
.sops.yaml
View File

@@ -1,7 +1,7 @@
keys: keys:
- &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
- &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4 - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
- &pianonix-ssh age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct - &pianonix-ssh age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
- &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
- &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5 - &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
@@ -20,7 +20,7 @@ creation_rules:
- *primary - *primary
- *builder-ssh - *builder-ssh
- path_regex: hosts/pianonix/secrets.yaml$ - path_regex: hosts/pianonix/secrets*
key_groups: key_groups:
- age: - age:
- *primary - *primary

2
Readme.org
View File

@@ -24,7 +24,7 @@ sops edit secrets/secrets.yaml
** Authorize new device ** Authorize new device
- Generate public key from ssh -> Private age key generation not needed - Generate public key from ssh -> Private age key generation not needed
#+begin_src sh #+begin_src sh
ssh-to-age < /etc/ssh/ssh_host_ed25519_key ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
#+end_src #+end_src
- Add age public key to file:.sops.yaml - Add age public key to file:.sops.yaml
- Update keys - Update keys

870
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

29
flake.nix
View File

@@ -2,16 +2,21 @@
description = "Home Manager configuration of julian"; description = "Home Manager configuration of julian";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
systems.url = "github:nix-systems/default-linux"; systems.url = "github:nix-systems/default-linux";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nix-colors.url = "github:misterio77/nix-colors"; nix-colors.url = "github:misterio77/nix-colors";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = { sops-nix = {
@@ -28,16 +33,12 @@
}; };
# Various flakes # Various flakes
alacritty-theme = {
url = "github:alacritty/alacritty-theme";
flake = false;
};
yazi-flavors = { yazi-flavors = {
url = "github:yazi-rs/flavors"; url = "github:yazi-rs/flavors";
flake = false; flake = false;
}; };
nixvim = { nixvim = {
url = "github:nix-community/nixvim"; url = "github:nix-community/nixvim/nixos-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-matlab = { nix-matlab = {
@@ -88,7 +89,7 @@
packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;}); packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;}); devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
formatter = forEachSystem (pkgs: pkgs.alejandra); formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt *
nixosConfigurations = { nixosConfigurations = {
# Main laptop # Main laptop
@@ -187,5 +188,15 @@
}; };
}; };
}; };
# substitutes: nixos-generate --flake .#pianonix -f sd-aarch64 --system aarch64-linux
pianonix-image = inputs.nixos-generators.nixosGenerate {
system = "aarch64-linux";
format = "sd-aarch64";
modules = [./hosts/pianonix];
specialArgs = {
inherit inputs outputs;
};
};
}; };
} }

5
homes/julian/aspi.nix
View File

@@ -6,8 +6,9 @@
./features/direnv ./features/direnv
./features/topgrade ./features/topgrade
./features/neovim ./features/neovim
./features/kitty ./features/ghostty
./features/wezterm ./features/wezterm
./features/alacritty
./features/yazi ./features/yazi
./features/emacs ./features/emacs
@@ -20,7 +21,7 @@
hostName = "aspi"; hostName = "aspi";
is-nixos = true; is-nixos = true;
terminal = "kitty"; terminal = "alacritty";
# ------- ---------- # ------- ----------
# | eDP-1 | | HDMI-A-1 | # | eDP-1 | | HDMI-A-1 |

3
homes/julian/features/alacritty/alacritty.toml
View File

@@ -1,3 +0,0 @@
import = [
"~/.config/alacritty/theme/themes/smoooooth.toml"
]

11
homes/julian/features/alacritty/default.nix
View File

@@ -1,15 +1,12 @@
{ {
lib, lib,
pkgs,
inputs,
config, config,
... ...
}: { }: {
home.packages = with pkgs; [alacritty]; programs.alacritty = {
enable = true;
home.file = { settings = {};
".config/alacritty/theme".source = "${inputs.alacritty-theme}"; theme = "smoooooth";
".config/alacritty/alacritty.toml".source = ./alacritty.toml;
}; };
home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "alacritty") "alacritty"; home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "alacritty") "alacritty";

16
homes/julian/features/ghostty/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{
lib,
config,
...
}: {
programs.ghostty = {
enable = true;
enableFishIntegration = true;
settings = {
theme = "catppuccin-mocha";
font-size = 12;
};
};
home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "ghostty") "ghostty";
}

36
homes/julian/features/hyprland/default.nix
View File

@@ -24,7 +24,7 @@ in {
./zathura.nix ./zathura.nix
./waypipe.nix ./waypipe.nix
./hyprbars.nix # ./hyprbars.nix
]; ];
xdg.portal = { xdg.portal = {
@@ -48,23 +48,21 @@ in {
wf-recorder wf-recorder
wl-clipboard wl-clipboard
(pkgs.writeShellScriptBin (pkgs.writeShellScriptBin "toggle-screen-mirroring" (
"toggle-screen-mirroring" builtins.readFile ./toggle-screen-mirroring.sh
(builtins.readFile ))
./toggle-screen-mirroring.sh))
( (pkgs.writeShellScriptBin "correct-workspace-locations" (
pkgs.writeShellScriptBin lib.concatStringsSep "\n" (
"correct-workspace-locations" builtins.concatLists (
( map (
lib.concatStringsSep "\n" monitor:
( map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces
builtins.concatLists (
map (monitor: map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces) config.monitors
) )
config.monitors
) )
) )
) ))
]; ];
services.cliphist = { services.cliphist = {
@@ -157,11 +155,17 @@ in {
settings = { settings = {
"$mod" = "SUPER"; "$mod" = "SUPER";
# Environment variables programs like emacs have access to
env = "TERMINAL,${config.terminal}";
# Monitors # Monitors
monitor = ",preferred,auto,1"; monitor = ",preferred,auto,1";
# Autostart # Autostart
exec-once = ["firefox"]; exec-once = [
(lib.getExe pkgs.firefox)
(lib.getExe pkgs.waybar)
];
# Look and Feel # Look and Feel
general = { general = {
@@ -280,7 +284,7 @@ in {
# opening applications # opening applications
"$mod, D, exec, wofi --show drun,run" "$mod, D, exec, wofi --show drun,run"
"$mod, E, exec, pcmanfm" "$mod, E, exec, pcmanfm"
"$mod, Return, exec, kitty" "$mod, Return, exec, ${config.terminal}"
"$mod, B, exec, firefox" "$mod, B, exec, firefox"
"$mod, C, exec, qalculate-gtk" "$mod, C, exec, qalculate-gtk"

10
homes/julian/features/hyprland/waybar/config.json
View File

@@ -12,7 +12,14 @@
"modules-center": [], "modules-center": [],
"modules-right": ["idle_inhibitor", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"], "modules-right": ["idle_inhibitor", "custom/nixos-update", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
"custom/nixos-update": {
"exec": "frajul-auto-upgrade-status",
"return-type": "json",
"interval": 2,
"on-click-right": "frajul-auto-upgrade-toggle"
},
"hyprland/workspaces": { "hyprland/workspaces": {
"on-scroll-up": "hyprctl dispatch workspace m+1", "on-scroll-up": "hyprctl dispatch workspace m+1",
@@ -35,6 +42,7 @@
}, },
"idle_inhibitor": { "idle_inhibitor": {
"start-activated": true,
"format": "{icon}", "format": "{icon}",
"format-icons": { "format-icons": {
"activated": "", "activated": "",

2
homes/julian/features/hyprland/waybar/default.nix
View File

@@ -10,7 +10,7 @@
in { in {
programs.waybar = { programs.waybar = {
enable = true; enable = true;
systemd.enable = true; # systemd.enable = true;
settings.mainBar = builtins.fromJSON (builtins.readFile ./config.json); settings.mainBar = builtins.fromJSON (builtins.readFile ./config.json);
}; };

4
homes/julian/features/i3/i3/config-kardorf
View File

@@ -142,8 +142,8 @@ bindsym $mod+Shift+9 move container to workspace number $ws9; workspace $ws9
bindsym $mod+Shift+0 move container to workspace number $ws10; workspace $ws10 bindsym $mod+Shift+0 move container to workspace number $ws10; workspace $ws10
# Monitor config # Monitor config
set $monitor_left "DVI-D-0" set $monitor_left "DVI-D-1"
set $monitor_right "DVI-D-1" set $monitor_right "DVI-D-2"
workspace $ws1 output $monitor_left workspace $ws1 output $monitor_left
workspace $ws2 output $monitor_left workspace $ws2 output $monitor_left

18
homes/julian/features/neovim/default.nix
View File

@@ -36,6 +36,8 @@
opts = { opts = {
number = false; number = false;
relativenumber = false; relativenumber = false;
ignorecase = true;
smartcase = true;
}; };
clipboard.register = "unnamedplus"; # Use system clipboard clipboard.register = "unnamedplus"; # Use system clipboard
@@ -49,7 +51,7 @@
key = "<leader><space>"; key = "<leader><space>";
} }
{ {
action = "<cmd>Telescope file_browser<cr>"; action = "<cmd>Telescope file_browser path=%:p:h<cr>";
key = "<leader>."; key = "<leader>.";
} }
{ {
@@ -140,17 +142,21 @@
}; };
lsp = { lsp = {
enable = true; enable = true; # includes lsp-config, default settings for the lsps
servers = { servers = {
rust_analyzer = { rust_analyzer = {
enable = true; enable = true;
installCargo = true; installCargo = true;
installRustc = true; installRustc = true;
}; };
nixd.enable = true; nixd.enable = true; # nix
pyright.enable = true; pyright.enable = true; # python
dockerls.enable = true; dockerls.enable = true; # docker
lua_ls.enable = true; lua_ls.enable = true; # lua
clangd.enable = true; # c, c++
dartls.enable = true; # dart, flutter
digestif.enable = true; # latex
tinymist.enable = true; # typst
}; };
}; };
}; };

1
homes/julian/features/suites/cli/default.nix
View File

@@ -40,6 +40,7 @@
wireguard-tools # wg-quick wireguard-tools # wg-quick
xorg.xkill xorg.xkill
zip zip
dig
## My scripts ## My scripts
frajul.edit-config frajul.edit-config

8
homes/julian/features/suites/desktop/default.nix
View File

@@ -22,6 +22,7 @@
calibre # ebook manager and viewer calibre # ebook manager and viewer
# digikam # digikam
discord discord
discord-ptb # in case discord updates take their time
# dvdisaster # dvdisaster
# element-desktop # element-desktop
# rocketchat-desktop # rocketchat-desktop
@@ -31,10 +32,11 @@
nheko nheko
evince # Simple pdf reader, good for focusing on document content evince # Simple pdf reader, good for focusing on document content
firefox firefox
vivaldi
# geogebra # geogebra
cheese cheese
handbrake handbrake
kitty # Terminal # kitty # Terminal, already available as feature
libnotify libnotify
libreoffice libreoffice
mate.engrampa mate.engrampa
@@ -61,8 +63,12 @@
zotero # Manage papers and other sources zotero # Manage papers and other sources
pdfpc # Present slides in pdf form pdfpc # Present slides in pdf form
networkmanager-openvpn
keepassxc
## My scripts ## My scripts
frajul.open-messaging frajul.open-messaging
frajul.xwacomcalibrate frajul.xwacomcalibrate
frajul.pob2-frajul
]; ];
} }

1
homes/julian/features/suites/development/default.nix
View File

@@ -62,6 +62,7 @@
## My scripts ## My scripts
frajul.deploy-to-pianopi frajul.deploy-to-pianopi
frajul.rtklib
(pkgs.writeShellScriptBin "matlab-rsp" '' (pkgs.writeShellScriptBin "matlab-rsp" ''
matlab -desktop -sd "/home/julian/git/uwa-channel-model" -softwareopengl matlab -desktop -sd "/home/julian/git/uwa-channel-model" -softwareopengl

2
homes/julian/global/default.nix
View File

@@ -20,7 +20,7 @@
"flakes" "flakes"
"ca-derivations" "ca-derivations"
]; ];
# warn-dirty = false; # TODO: do I want it? also for systems warn-dirty = false; # TODO: do I want it? also for systems
}; };
}; };

3
homes/julian/hm-standalone-config.nix
View File

@@ -39,5 +39,8 @@
]; ];
# nix.settings. # warn-dirty = false; # TODO: do I want this # nix.settings. # warn-dirty = false; # TODO: do I want this
#
# Ensure we can still build when missing-server is not accessible
fallback = true;
}; };
} }

8
homes/julian/kardorf.nix
View File

@@ -6,13 +6,13 @@
./features/direnv ./features/direnv
./features/topgrade ./features/topgrade
./features/neovim ./features/neovim
./features/kitty ./features/ghostty
./features/wezterm ./features/wezterm
./features/yazi ./features/yazi
./features/emacs ./features/emacs
./features/hyprland # ./features/hyprland
# ./features/i3 ./features/i3
./features/suites/cli ./features/suites/cli
./features/suites/desktop ./features/suites/desktop
@@ -21,7 +21,7 @@
hostName = "kardorf"; hostName = "kardorf";
is-nixos = true; is-nixos = true;
terminal = "kitty"; terminal = "ghostty";
# --------- --------- # --------- ---------
# | DVI-D-1 | | DVI-D-2 | # | DVI-D-1 | | DVI-D-2 |

30
homes/julian/pianonix.nix
View File

@@ -14,8 +14,8 @@
is-nixos = true; is-nixos = true;
terminal = "wezterm"; terminal = "wezterm";
services.syncthing.tray.enable = true; # services.syncthing.tray.enable = true;
services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available # services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
home.packages = with pkgs; [ home.packages = with pkgs; [
music-reader music-reader
@@ -27,9 +27,33 @@
onboard onboard
]; ];
programs.firefox = {
enable = true;
profiles.default = {
isDefault = true;
settings = {
"browser.startup.homepage" = "https://sheets.julian-mutter.de";
"browser.startup.page" = 1; # 0=blank, 1=home page, 3=restore previous session
};
};
};
programs.chromium = {
enable = true;
# commandLineArgs = [
# "--homepage=https://sheets.julian-mutter.de"
# "--no-first-run"
# ];
};
# Autostart link # Autostart link
home.file = { home.file = {
".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop"; # ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
# ".config/autostart/firefox.desktop".source = "${pkgs.firefox}/share/applications/firefox.desktop";
".config/autostart/chromium.desktop".source = "${pkgs.chromium}/share/applications/chromium.desktop";
".config/sheet-organizer/config.toml".text = '' ".config/sheet-organizer/config.toml".text = ''
working_directory = "/home/julian/Klavier" working_directory = "/home/julian/Klavier"
''; '';

2
homes/julian/v3ms/default.nix
View File

@@ -19,7 +19,7 @@
is-nixos = false; is-nixos = false;
# terminal = "kitty"; # terminal = "kitty";
home.sessionPath = [ "/snap/bin" ]; home.sessionPath = ["/snap/bin"];
home.packages = home.packages =
lib.lists.concatMap (packages-list-file: import packages-list-file {inherit pkgs;}) lib.lists.concatMap (packages-list-file: import packages-list-file {inherit pkgs;})

11
hosts/aspi/default.nix
View File

@@ -4,6 +4,9 @@
../common/global ../common/global
../common/users/julian ../common/users/julian
../common/users/yukari
../common/users/pob
../common/optional/binarycaches.nix
../common/optional/remote-builder.nix ../common/optional/remote-builder.nix
../common/optional/boot-efi.nix ../common/optional/boot-efi.nix
@@ -17,7 +20,7 @@
../common/optional/virtualbox.nix ../common/optional/virtualbox.nix
../common/optional/podman.nix ../common/optional/podman.nix
../common/optional/wireguard.nix # ../common/optional/wireguard.nix
../common/optional/flatpak.nix ../common/optional/flatpak.nix
../common/optional/avahi.nix ../common/optional/avahi.nix
@@ -31,8 +34,14 @@
enable = true; enable = true;
overrideSettings = false; overrideSettings = false;
}; };
frajulAutoUpgrade = {
enable = true;
flakePath = "/home/julian/.dotfiles";
};
}; };
services.desktopManager.plasma6.enable = true;
services.blueman.enable = true; services.blueman.enable = true;
services.upower.enable = true; services.upower.enable = true;

111
hosts/builder/default.nix
View File

@@ -1,22 +1,39 @@
# sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118 # sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118
# or # or
# deploy .#builder # deploy .#builder
{config, ...}: { {
config,
pkgs,
...
}: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../common/global ../common/global/fish.nix # fish for admin
../common/global/locale.nix
../common/global/nix.nix
../common/global/sops.nix
../common/global/root.nix
]; ];
networking.hostName = "builder"; networking.hostName = "builder";
system.stateVersion = "23.11"; system.stateVersion = "23.11";
networking.networkmanager.enable = true;
networking.nameservers = [
"192.168.3.252"
"172.30.20.10"
"1.1.1.1"
];
users.mutableUsers = false;
users.users.nix = { users.users.nix = {
isNormalUser = true; isNormalUser = true;
description = "Nix"; description = "Nix";
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"wheel" "wheel"
"docker"
]; ];
}; };
@@ -30,14 +47,33 @@
substituters = [ substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.nixos.org/" "https://cache.nixos.org/"
"https://hyprland.cachix.org"
"https://devenv.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
]; ];
trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];
trusted-users = ["nix"]; trusted-users = ["nix"];
max-jobs = "auto"; max-jobs = "auto";
cores = 0; cores = 0;
# Ensure we can still build when missing-server is not accessible
fallback = true;
}; };
# system.autoUpgrade = {
# enable = true;
# flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles";
# flags = [
# "--recreate-lock-file" # update lock file
# ];
# dates = "02:13";
# };
# optimize store by hardlinking store files # optimize store by hardlinking store files
nix.optimise.automatic = true; nix.optimise.automatic = true;
nix.optimise.dates = ["03:15"]; nix.optimise.dates = ["03:15"];
@@ -83,9 +119,28 @@
services.openssh = { services.openssh = {
enable = true; enable = true;
# require public key authentication for better security # require public key authentication for better security
settings.PasswordAuthentication = true; settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false; settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
# Add older algorithms for jenkins ssh-agents-plugin to be compatible
settings.Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
settings.KexAlgorithms = [
"diffie-hellman-group-exchange-sha1"
"diffie-hellman-group14-sha1"
"mlkem768x25519-sha256"
"sntrup761x25519-sha512"
"sntrup761x25519-sha512@openssh.com"
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
}; };
users.users."root".openssh.authorizedKeys.keys = [ users.users."root".openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
@@ -183,7 +238,16 @@
url = "https://gitlab.julian-mutter.de"; url = "https://gitlab.julian-mutter.de";
name = "builder"; name = "builder";
tokenFile = config.sops.secrets."gitea_token".path; tokenFile = config.sops.secrets."gitea_token".path;
labels = []; # use default labels labels = [
# provide a debian base with nodejs for actions
"debian-latest:docker://node:18-bullseye"
# fake the ubuntu name, because node provides no ubuntu builds
"ubuntu-latest:docker://node:18-bullseye"
# devenv
"devenv:docker://ghcr.io/cachix/devenv/devenv:latest"
# provide native execution on the host
"nixos:host"
];
}; };
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
@@ -241,4 +305,41 @@
}; };
}; };
}; };
services.gitlab-runner.enable = true;
# runner for everything else
#
sops.secrets."gitlab_runner_token".sopsFile = ./secrets.yaml;
services.gitlab-runner.services.default = {
# File should contain at least these two variables:
authenticationTokenConfigFile = config.sops.secrets."gitlab_runner_token".path;
dockerImage = "alpine:latest";
dockerVolumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
};
### Jenkins node
users.users.jenkins = {
createHome = true;
home = "/var/lib/jenkins";
group = "jenkins";
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ36sQhVz3kUEi8754G7r3rboihhG4iqFK/UvQm6SING jenkins@home"
];
packages = with pkgs; [
git
devenv
];
extraGroups = [
"docker"
];
};
users.groups.jenkins = {};
programs.java = {
enable = true;
package = pkgs.jdk21; # Same as jenkins version on home
};
} }

14
hosts/builder/secrets.yaml
View File

File diff suppressed because one or more lines are too long

14
hosts/common/global/default.nix
View File

@@ -2,6 +2,8 @@
{ {
inputs, inputs,
outputs, outputs,
pkgs,
lib,
... ...
}: { }: {
imports = imports =
@@ -22,10 +24,18 @@
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Networking # Networking
networking.networkmanager.enable = true; networking.networkmanager = {
enable = true;
plugins = with pkgs; [
networkmanager-openconnect
];
};
services.resolved.enable = true; services.resolved.enable = true;
programs.dconf.enable = true; networking.nameservers = lib.mkDefault [
"1.1.1.1"
"8.8.8.8"
];
# HM # HM
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;

20
hosts/common/global/nix.nix
View File

@@ -26,26 +26,6 @@
]; ];
# warn-dirty = false; # warn-dirty = false;
# Setup binary caches
nix.settings = {
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://hyprland.cachix.org"
"http://binarycache.julian-mutter.de"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
];
trusted-users = [
"root"
"@wheel"
]; # needed for devenv to add custom caches
};
nix.gc = { nix.gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";

10
hosts/common/optional/authentication.nix
View File

@@ -1,8 +1,14 @@
{pkgs, ...}: { {
pkgs,
lib,
...
}: {
# Make programs like nextcloud client access saved passwords # Make programs like nextcloud client access saved passwords
programs.seahorse.enable = true;
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
programs.seahorse.enable = true;
programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
# Make authentication work for e.g. gparted # Make authentication work for e.g. gparted
security.polkit.enable = true; security.polkit.enable = true;
systemd = { systemd = {

31
hosts/common/optional/binarycaches.nix Normal file
View File

@@ -0,0 +1,31 @@
{
lib,
outputs,
...
}: {
# Setup binary caches
nix.settings = {
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://hyprland.cachix.org"
"http://binarycache.julian-mutter.de"
"https://devenv.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
];
trusted-users = [
"root"
"@wheel"
]; # needed for devenv to add custom caches
# Ensure we can still build when missing-server is not accessible
fallback = true;
};
}

9
hosts/common/optional/pipewire.nix
View File

@@ -3,6 +3,7 @@
services.pulseaudio.enable = false; services.pulseaudio.enable = false;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
wireplumber.enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
@@ -14,6 +15,14 @@
"module.x11.bell" = false; "module.x11.bell" = false;
}; };
}; };
"10-increase-buffer" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.quantum" = 1024;
"default.clock.min-quantum" = 1024;
"default.clock.max-quantum" = 2048;
};
};
}; };
}; };
} }

42
hosts/common/secrets.yaml
View File

@@ -14,38 +14,38 @@ sops:
- recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg - recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxV2IzcEZ6eGYxbXAvaEta YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBualdnWmtBTThhZDFVdDRP
c3RLbmZubnVEL1EwSlNNY3ZNbkVSUXN5ZDBZClRTYWwzbHhDK1VsMzVVL0VMVzZF WHlMamk1MFhUYUwwa0hyQmpobGNocC9VR0ZVCmc3N1FjcUZCNUdTTm91OVpwZDhP
SEQ0ZHVMdytrY0xXUEppQkpNZEZ3VFkKLS0tIG95ZkJLWTZBWWpIOEQ4bHpBNWEx bTNXekp2bDd3Tjh6a2ZVTVNTSW9RTU0KLS0tIGJpcUVHb2ZlODgvelhwQ0JFU3l5
QXVpMTNSNzU1dTBPYjlsc1BvNHZ3dDgKMHrT9DCC5W6UwC1Mfq6YCwkvZtDs3I7j WU5VanhYMTUvNklYazJxOXVveXhpM2cKCo+4FhhcbRylASEbQb9rAQUzEO1D+0AR
vKlnanFp8hMMyYONRVlkvh+vOGQdbgXco4Z5nr02LQDu6Rwm4jSp9g== 52Jzc9s9rSdypeBRE7SaSOI4eVnkEjPfyhNFvMdxiBzBj7GdocpmCw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4 - recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTnpqclVmVHR3M1ZvMDZ0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4STZpU0ZnRzVVOFFRUXZG
eEtrbnhpTW5uZlhOYWFxbktxcTJ3bXZISkhzClpud2tNVzUvT2N2SkRadWk5aVpE akcwS2Z5V3lmQzRTSGNHT2hDME5JMks2QTNNClpkZzNMc0wyRjVEaVlBRFlyNFhs
S2VkTFlIVUhFclA0WEh5cEp0Qjg3ejgKLS0tIDNXY0lpKys4Q3NBRFcya2RoSG1F M1pyeW1XdnZubnRxMzEzMFJoK0lkVVEKLS0tIENhRExzUWRWMUlObmhxazM5cU9y
YW0raHlNekdWT3p0WHpGMk9xMmgzWFUKCue4GvgmH3nJBa7ny7rqft5MuSWHqAsP aDFyaDJackFoaEZOYWdTbWt0ODB1bm8Kg1VDAj5/i8ZbYxspIdXrI474YN5YkV4H
5HnaAudL+rh2j1swm635QUrf9UnpUznE5NSOGrQDmA6RCBypNM4rsw== 86maCRDfUxO5lvu4zBa9pOmFtJ2iuJ2MxDnmCSHTl+GOk8yyUT8JhA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct - recipient: age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESlZOeHY0T01ra0gwMS8z YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveE9NV2JCOW9odlN6Wmkw
R3c1eW45WVkyeTBuRlFMRngrb2NFL1hkcmhRCitwZ3lweXM0di9EdEdQZmF4ZUZr WFEvU2pka3htV2FTTFlpc05ES2JjbGxTaFJZCjhYdG1sRVBFaEF3YjNkWEw3Ny8x
M1hqNkM3Q1Jrb09Kb2M0ZkhTcFZPYkkKLS0tIHpCTEFCV0JlRzQwK3hndDJ4aHVC MlYyTjJBMHA2YVpHRkkwWW5hNDdrS1UKLS0tIFZXTFNVbkd6VFExc0dSVU4vd3JF
S1o0QVlXSVl0dmlpWUQ3ZXdqUU5maTgKY4UJPx37CU5OUgkqYWlz9+0rA+dQkrH9 ajlFY2pvWW13VGxOZ0hEc3dMbU9IeUUKNSf7ycj+1XHhsoghmY2iR1BwIySqfIOF
+/kTT/2qZ2Op67WKtlas7arC7BjU8uygM208q+nr48Lic5n1fMtnXA== zawE+MQcQg0u+fy6Aik26eUGvQG3rya2Fx2+3VlAbKB+rbiP0fwsgg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5 - recipient: age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYkdwSy9vc0lEWXJIdWRw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaTNJNkJ0RVJiYlRzcmlX
VmJ2NStaZDVxaG1LNU1NQlErdElPdkQvY3pjCkJyL1BRR2w1dmpqYnk5Tys3eHpX TmEweVdLaGpoVXMxZEFDU3dOZTJCRjdiNENBCkZ3bjJUNm1vcmY1ZUpZcEo4OGxa
c0FJdzA1bU5GWWhrUWhOK1Jqa2lTaU0KLS0tIDMzMEQwL3I0ckVyYWFubU9VNlAr UWJKSjNKL002UDhmTmJER2M0MjJ3aG8KLS0tIFMvZjBkOS83T3NDUE82M3kweVNw
NlBud3VHczNnMm5wOGhHdEoxTG5CNDgK4s7cFGvUCeztjjIAWtMW7TUqFP+YEQIg VXhoN0VyWkVxMEJPQ3orVUNDK21rRU0KvnmuFxcCpP+LZg7v5jaStw9F0owVrQl9
So5A7DGxVsUcqarTUPazpIBBlO4n9zj79Qe+eQd6ti0EZG6sYX6+2Q== AkIq7GUJh7xewLxcVZfiBRpXMhw/mM8LYnd2KGP8R/TfYg+v0//+5A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-23T07:00:17Z" lastmodified: "2025-04-23T07:00:17Z"
mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str] mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str]

2
hosts/common/users/julian/default.nix
View File

@@ -17,6 +17,8 @@ in {
"networkmanager" "networkmanager"
"wheel" "wheel"
"audio" "audio"
"realtime"
"rtkit"
"network" "network"
"video" "video"
"podman" "podman"

28
hosts/common/users/pob/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{
pkgs,
config,
...
}: let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in {
users.mutableUsers = false;
users.users.pob = {
description = "A helper user to use another profile for some applications";
group = "pob";
isNormalUser = true;
shell = pkgs.fish;
extraGroups = ifTheyExist [
"networkmanager"
];
packages = with pkgs; [
firefox
wineWowPackages.stable # 32-bit and 64-bit wine
winetricks
];
};
users.groups.pob = {};
security.sudo.extraConfig = ''
julian ALL=(pob) NOPASSWD: ALL
'';
}

100
hosts/common/users/yukari/default.nix Normal file
View File

@@ -0,0 +1,100 @@
{
pkgs,
config,
lib,
outputs,
...
}: let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in {
users.mutableUsers = false;
users.users.yukari = {
description = "Yukari";
group = "yukari";
isNormalUser = true;
shell = pkgs.fish;
extraGroups = ifTheyExist [
"networkmanager"
"audio"
"network"
"video"
"podman"
"docker"
"git"
"gamemode"
];
createHome = true;
hashedPassword = "$y$j9T$rGuTL0rfiy7ht8L58BGCw0$fN.KwHjYlIitFEPHndKvV06ezgeWzP3/58o1kkviZwB";
packages = [pkgs.home-manager];
};
users.groups.yukari = {};
home-manager.users.yukari = {
imports =
[
../../../../homes/julian/features/fonts
../../../../homes/julian/features/suites/cli
]
++ (builtins.attrValues outputs.homeManagerModules);
home = {
username = lib.mkDefault "yukari";
homeDirectory = lib.mkDefault "/home/${config.home.username}";
stateVersion = lib.mkDefault "23.11";
sessionPath = ["$HOME/.local/bin"];
packages = with pkgs; [
arandr
calibre # ebook manager and viewer
# digikam
discord
discord-ptb # in case discord updates take their time
# dvdisaster
# element-desktop
# rocketchat-desktop
thunderbird
tdesktop # telegram
# schildichat-desktop # not updated regularly
nheko
evince # Simple pdf reader, good for focusing on document content
firefox
vivaldi
# geogebra
cheese
handbrake
# kitty # Terminal, already available as feature
libnotify
libreoffice
mate.engrampa
nomacs # Image viewer
kdePackages.okular # Pdf reader with many features, good for commenting documents
pavucontrol
pdfsam-basic # Split, merge, etc for pdfs
qalculate-gtk # Nice gui calculator
qpdfview
# qutebrowser
# realvnc-vnc-viewer
rpi-imager # make isos
# rustdesk
tor-browser
unstable.path-of-building # Path of Building
# frajul.pob-dev-version # Path of Building
vlc
wineWowPackages.stable # 32-bit and 64-bit wine
winetricks
xclip # x11 clipboard access from terminal
xfce.mousepad # simple text editor
xournalpp # Edit pdf files
zoom-us # Video conferencing
zotero # Manage papers and other sources
pdfpc # Present slides in pdf form
];
};
programs = {
home-manager.enable = true;
git.enable = true;
};
};
}

9
hosts/kardorf/default.nix
View File

@@ -5,14 +5,16 @@
../common/global ../common/global
../common/users/julian ../common/users/julian
../common/users/wolfi ../common/users/wolfi
../common/optional/binarycaches.nix
../common/optional/xserver.nix
../common/optional/remote-builder.nix ../common/optional/remote-builder.nix
../common/optional/boot-efi.nix ../common/optional/boot-efi.nix
../common/optional/greetd.nix # ../common/optional/greetd.nix
# ../common/optional/gdm.nix ../common/optional/gdm.nix
# ../common/optional/i3.nix ../common/optional/i3.nix
../common/optional/openssh.nix ../common/optional/openssh.nix
@@ -32,7 +34,6 @@
programs.kdeconnect.enable = true; programs.kdeconnect.enable = true;
# services.xserver.desktopManager.xfce.enable = true;
services.desktopManager.plasma6.enable = true; services.desktopManager.plasma6.enable = true;
# Enable CUPS to print documents. # Enable CUPS to print documents.

7
hosts/kardorf/hardware-configuration.nix
View File

@@ -80,9 +80,10 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; # Use latest version of driver
# hardware.nvidia.modesetting.enable = true; # produces errors, display manager fails to start # hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
hardware.nvidia.modesetting.enable = true; # produces errors, display manager fails to start
# hardware.nvidia.nvidiaSettings = true; hardware.nvidia.nvidiaSettings = true;
hardware.nvidia.open = false; hardware.nvidia.open = false;
} }

50
hosts/pianonix/default.nix
View File

@@ -15,27 +15,51 @@
../common/global ../common/global
../common/users/julian ../common/users/julian
../common/optional/binarycaches.nix
../common/optional/pipewire.nix ../common/optional/pipewire.nix
../common/optional/remote-builder.nix ../common/optional/remote-builder.nix
../common/optional/pcmanfm.nix ../common/optional/pcmanfm.nix
../common/optional/redshift.nix ../common/optional/redshift.nix
../common/optional/authentication.nix ../common/optional/authentication.nix
../common/optional/avahi.nix
]; ];
# disko.devices.disk.main.device = "/dev/mmcblk1"; # disko.devices.disk.main.device = "/dev/mmcblk1";
# networking.wireless.enable = true; # enabled by fish, disabling speeds up builds
# networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path; documentation.man.generateCaches = false;
# networking.wireless.networks = {
# "@SSID@".psk = "@PSK@"; networking.enableIPv6 = false; # This only leads to issues with avahi
hardware.bluetooth.enable = true;
services.blueman.enable = true; # bluetooth gui
# raspberry pi specific
# systemd.services.btattach = {
# before = [ "bluetooth.service" ];
# after = [ "dev-ttyAMA0.device" ];
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
# };
# }; # };
# networking.wireless.enable = true;
# networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path;
# networking.wireless.networks = {
# "SMARTments".pskRaw = "ext:PSK";
# };
# networking.networkmanager.enable = lib.mkForce false;
services.gnome.at-spi2-core.enable = true; # for onboard
networking.hostName = "pianonix"; networking.hostName = "pianonix";
system.stateVersion = "22.11"; system.stateVersion = "22.11";
sops.secrets."vnc-passwd" = { sops.secrets."vnc-passwd" = {
owner = config.users.users.julian.name; owner = config.users.users.julian.name;
sopsFile = ./vnc-passwd; sopsFile = ./secrets-vnc-passwd.bin;
format = "binary"; format = "binary";
}; };
sops.secrets."wifi/pianonix" = {}; sops.secrets."wifi/pianonix" = {};
@@ -44,6 +68,18 @@
# sops.secrets."syncthing/public-keys/aspi-nix" = { }; # sops.secrets."syncthing/public-keys/aspi-nix" = { };
# sops.secrets."syncthing/public-keys/pianonix" = { }; # sops.secrets."syncthing/public-keys/pianonix" = { };
sops.secrets."wg-config" = {
sopsFile = ./secrets-wg-config.bin;
format = "binary";
};
networking.wg-quick.interfaces = {
home = {
configFile = config.sops.secrets."wg-config".path;
autostart = true; # This interface is started on boot
};
};
modules = { modules = {
syncthing = { syncthing = {
enable = true; enable = true;
@@ -53,6 +89,7 @@
# Enable the Desktop Environment. # Enable the Desktop Environment.
# services.xserver.displayManager.lightdm.enable = true; # services.xserver.displayManager.lightdm.enable = true;
services.displayManager.defaultSession = "xfce";
services.displayManager.autoLogin = { services.displayManager.autoLogin = {
enable = true; enable = true;
user = "julian"; user = "julian";
@@ -72,10 +109,11 @@
}; };
}; };
boot.loader.timeout = 1; # Set boot loader timeout to 1s boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s
# De-facto disable network manager, which is enabled by gnome # De-facto disable network manager, which is enabled by gnome
# networking.networkmanager.unmanaged = [ "*" ]; # networking.networkmanager.unmanaged = [ "*" ];
services.xserver.enable = true;
services.xserver.desktopManager = { services.xserver.desktopManager = {
xfce = { xfce = {
enable = true; enable = true;

8
hosts/pianonix/hardware-configuration.nix
View File

@@ -14,9 +14,15 @@
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = []; boot.kernelModules = [];
boot.extraModulePackages = []; boot.extraModulePackages = [];
boot.kernelPackages = pkgs.linuxPackages_latest; # use latest linux kernel
boot.supportedFilesystems = lib.mkForce [
# remove zfs, since its incompatible with latest kernel
"vfat"
"ext4"
];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4"; fsType = "ext4";
}; };

19
hosts/pianonix/secrets-vnc-passwd.bin Normal file
View File

@@ -0,0 +1,19 @@
{
"data": "ENC[AES256_GCM,data:13hToequR4A=,iv:U7a6mIOYanQjozPrL92edFrhdyuSJj14pqVa2tGE/zA=,tag:uyeE3dj7NTKPi0jNLkFMLA==,type:str]",
"sops": {
"age": [
{
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWEFYNThYQkpuTW10MjNM\nU3pWYmE5UnBPUzhQSTltc3hXdk9EWkg5czI0CmxnK3FuYitGci9ndnRCZms4a0lD\nOWh4alF1MEtJUis5YVNyYXRLbVppNnMKLS0tIEQ5WVVIMzlIV0pnc2ZWMnc5bjE4\nR3lpbzJiRmljcWI4SWlOS2svZVBSYnMKYIfhDjNZPDxmws3Z3P55K7V/NHiukQ0u\n00Kk603U+1JhgfJBk0Y3tMo//vKCHQj87wtZoqDLEN7Gu+ZtHhkhow==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSVpBR1NPY0svSWNWYzFC\nZE1uTjZTRm9XM24wcXByajVDYUJ4Y3FmNUc0CkJMMXRtUE5mSjYwU25MYy9xNFlP\ndUNmYmJ5RVF0dG5LYjA4L1NnNEtCMVEKLS0tIFl0Slovd2NiWjg1VXJ1VDJwTWJQ\nTWFZeW1ZYisvenVycWYwZ1lkOXBaVVUKqGu6Q8IbiUAzazLKN95uAtmXJMPzx02u\nr/R8q7ugG8lX5pWX3H3P7vtBz57Oo3rWlRpUhN/4+PpijkJNUyr3XQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-12-01T16:14:57Z",
"mac": "ENC[AES256_GCM,data:zKz8OX1yi68Qn3X6HwdbgTCr/3ZVBh5Wz4KUACmWG3XhOEVi8uoDEdAxfKMDBqNzXLeDmxxTKj6TMLkk68ozDYJqu0OevVritnZqvBTr9VKGpMPBFN3DuaeqSZ6wjHGbce1iqO0kusnwopRbEWHmr/lZxiXTNgLPdN+p5Aszi54=,iv:resppfGPecKvKwqNwqecDBcXGhcTWSGZis8hf1jT0Us=,tag:V80P25Pr4HD9pUUrQHZSQg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

19
hosts/pianonix/secrets-wg-config.bin Normal file
View File

@@ -0,0 +1,19 @@
{
"data": "ENC[AES256_GCM,data:SFc3K1hvBjeCS6ikLZl3vIPFJqsUrZZi9yO9tVuv14exKhOuK17HN/d+cYMtVxGwqQ/biFdXYdP8/sfTPwwZgd/wRLT2xRDMOg5ru7kj8sEhcOEYmrgYRLo3ImdWANFaxelWOmjEvzphTQ7guvXTo7BACUA9AygYa9Ou9bklYImWhOCsk8e9uz5afLZXscidiqUqqFuJNo3QGMDEAxFI2YC3OpLwEj5zlsI4AXEEHRVUxU1sVtspdolDaeiFIs/JW4jLu/2la6JyGJUluYXAThzL1LO39NA/MSNskMSedatz89vnCd9CP6Q3eT93vrUYAEY=,iv:e+tWIlHm4NH1w8AQAw6tvgCX9XOiroE1XmrSua3Bcg4=,tag:RwGpKtG9JzQ3TgcnzEV5Rg==,type:str]",
"sops": {
"age": [
{
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYTFjRnpPVDAvQ0ZHZU0v\neEduOTVockFoZGhuMmZNd0w3bVFCVUQzUlI4CmZTaktOQWxrTDNpYXlPTm9SdlZZ\nN0dURmlHVFlHSjZpbkpGb09lTmVzWm8KLS0tIDhMWlFIRWFkQjcya0hjeUdUSklB\nbWlqNlVoR1BnWG9TM0RhWnI4a0J4YUEKGWIX77EVXYFVyA2u6CkF1cGfwd4Gq0Vb\nNqrlMUYEDZ5nO/eLWsAt2kj1/YFjkGw0iI02HLRHdxQ59vFyl3CS1Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNlZGdktzSGp0bzIyUjlR\nUU9LSXRrZTgxcEZwczhidWVOdGRnRFYrOVZZCmx3VzM4V2dsWmZpUWxNUG82MzU2\nT3dmQjRwdmRJbTJxVm9vQjJKU3JXSncKLS0tIFlhYy9uQW5aa1E0K3Q1RUFSQkZP\nR29sY3RCYVg5bGdqMU1uc0E3Szhmb0kKFzKHUVNDdHWfycb7xWeAyIVlC4ab7ivR\nVlfmbPAXq2THw/s4zk/ckfE5RP82a1aX4++XRa7fm5KXpI8vExjJ5A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-10-14T06:56:31Z",
"mac": "ENC[AES256_GCM,data:DrcOET5U6veg0qhcBjQQ5neCdTUufMxhIz4ZQzvzd+YxKfAqaq8R1PW5VVlUjhDBaUH9i3J1Wj6X4E600uhayY0E9I5VqfO84hqlosfZWPiWPO8prK46Y7R3Ybdh9uvWQxiaSxy8KHXsdDgsBFLlmLe/QvsDSUv56rPofkm06vg=,iv:XBFP8ANpsszeXqQIE/v7+GmZGlFtxgE/EtgL/Cc3x+8=,tag:ZJgO+hLuwIatE55wo94RVw==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
}
}

28
hosts/pianonix/vnc-passwd
View File

@@ -1,28 +0,0 @@
{
"data": "ENC[AES256_GCM,data:13hToequR4A=,iv:U7a6mIOYanQjozPrL92edFrhdyuSJj14pqVa2tGE/zA=,tag:uyeE3dj7NTKPi0jNLkFMLA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWUp5TU9kWTNpa0s5TFRC\nK1hoc0d0K3JQYWN3VVVWM2JvemtieGo2UGpVCit5MUcvZldBZkNNZ3ZWTWRtd0Zx\nT3I4aTdUcitPRmhhV0htZlhEYjhRakUKLS0tIEdmYUI4N1g1Nkp3YzdtaHJybVcz\neFNwUnd0Vyt2MTBpRTZlMzZnNHJGd1EKy/0zXv9CPf5k0ky7TBGY9GbcIeQyPk1L\nKmMCuWMLX0yTGqB3M3/UNdoc4L0q//7keUZH5PlkxJbnu6IN3fE5qg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdy9tZlZtNFJPRFNUUUNI\nUWtPZmZOY1V5SHc5bTZOZVluTUV6N3dlQWprClVqK2tKNFlBWHdyNDF1Q0d2bi9z\naldTTDdWYzZ6WmgrNHlZSDlTSU9SbmsKLS0tIDJZM2Y4ZDVmZk54eTZLOTU4Ui9X\nR3l3WDkwRWUyakFLdGZXeDJxRUJsaHMK6hgZ1KYe9qx4tO7RervEAKGjNHg4mi0E\nxx3I9P8MFzPiCVKG5ZNxRx25y7H4bQSRRtxIlXIhqzf2+5Q6U7/Hrw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cUg4dUlCY0IwS3pPeTF5\nZTVkRTkzaVBYTmh0MmYyaHlOaFRHSnk5dWs4CmhvaTlSOTFDQzZmbHVudXpwQitV\nQjhRQWl3OHNLVGJYMm1ObVEyQmhxS0kKLS0tIDJsZnN4K2pUOEdIYVg4ZlQ5Ujhn\nNlpGL1hMVXd5cWR2YkdIVmJiblMzR1EKJYS51sKQ/tBV7dv88pOxJhzHQGckoF8q\nwIioVjs9sm4JBgQqSIbVhXwnKl05IUkyAgw6LfsbSJz3nKe7lmmRpg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-12-01T16:14:57Z",
"mac": "ENC[AES256_GCM,data:zKz8OX1yi68Qn3X6HwdbgTCr/3ZVBh5Wz4KUACmWG3XhOEVi8uoDEdAxfKMDBqNzXLeDmxxTKj6TMLkk68ozDYJqu0OevVritnZqvBTr9VKGpMPBFN3DuaeqSZ6wjHGbce1iqO0kusnwopRbEWHmr/lZxiXTNgLPdN+p5Aszi54=,iv:resppfGPecKvKwqNwqecDBcXGhcTWSGZis8hf1jT0Us=,tag:V80P25Pr4HD9pUUrQHZSQg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

7
modules/home-manager/terminal.nix
View File

@@ -1,9 +1,4 @@
{ {lib, ...}: {
config,
lib,
pkgs,
...
}: {
options.terminal = lib.mkOption { options.terminal = lib.mkOption {
type = lib.types.str; type = lib.types.str;
example = "alacritty"; example = "alacritty";

1
modules/nixos/default.nix
View File

@@ -1,4 +1,5 @@
{ {
# hydra-auto-upgrade = import ./hydra-auto-upgrade.nix; # hydra-auto-upgrade = import ./hydra-auto-upgrade.nix;
syncthing = import ./syncthing.nix; syncthing = import ./syncthing.nix;
frajulAutoUpgrade = import ./frajul-auto-upgrade.nix;
} }

173
modules/nixos/frajul-auto-upgrade.nix Normal file
View File

@@ -0,0 +1,173 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.modules.frajulAutoUpgrade;
flagFile = "/var/lib/frajul-auto-upgrade/flag";
lockFile = "/var/lib/frajul-auto-upgrade/lock";
lastStatusFile = "/var/lib/frajul-auto-upgrade/last-status";
lastAttemptFile = "/var/lib/frajul-auto-upgrade/last-attempt";
in {
options.modules.frajulAutoUpgrade = {
enable = lib.mkEnableOption "NixOS auto-upgrade on boot";
user = lib.mkOption {
type = lib.types.str;
default = "root";
description = "User account to run the upgrade service as.";
};
flakePath = lib.mkOption {
type = lib.types.path;
description = "The path to your flake";
};
};
config = lib.mkIf cfg.enable {
# Ensure the flag directory exists
systemd.tmpfiles.rules = [
"d /var/lib/frajul-auto-upgrade 0755 root root -"
"f ${flagFile} 0766 root root -"
"f ${lastStatusFile} 0644 root root -"
"f ${lastAttemptFile} 0644 root root -"
];
environment.systemPackages = [
(pkgs.writeShellScriptBin "frajul-auto-upgrade" ''
#!/bin/sh
FLAG_FILE="${flagFile}"
LOCK_FILE="${lockFile}"
LAST_STATUS_FILE="${lastStatusFile}"
LAST_ATTEMPT_FILE="${lastAttemptFile}"
TODAY=$(date +%Y-%m-%d)
if [ ! -f "$FLAG_FILE" ] || [ "$(cat "$FLAG_FILE")" != "enabled" ]; then
echo "Auto upgrade disabled. Exiting."
exit 0
fi
# Check if already attempted today
if [ -f "$LAST_ATTEMPT_FILE" ]; then
LAST_ATTEMPT_DATE=$(cut -d' ' -f1 "$LAST_ATTEMPT_FILE")
if [ "$LAST_ATTEMPT_DATE" = "$TODAY" ]; then
echo "Update already attempted today. Skipping."
exit 0
fi
fi
if [ -f "$LOCK_FILE" ]; then
echo "Already running"
exit 1
fi
echo $$ > "$LOCK_FILE"
trap 'rm -f "$LOCK_FILE"' EXIT
if /run/current-system/sw/bin/nix flake update --flake "${cfg.flakePath}" && /run/current-system/sw/bin/nixos-rebuild switch --flake "${cfg.flakePath}"; then
echo "success" > "$LAST_STATUS_FILE"
else
echo "failure" > "$LAST_STATUS_FILE"
git -C "${cfg.flakePath}" restore flake.lock
fi
# Write full timestamp
date '+%Y-%m-%d %H:%M:%S' > "$LAST_ATTEMPT_FILE"
'')
(pkgs.writeShellScriptBin "frajul-auto-upgrade-status" ''
#!/bin/sh
FLAG_FILE="${flagFile}"
LOCK_FILE="${lockFile}"
LAST_STATUS_FILE="${lastStatusFile}"
LAST_ATTEMPT_FILE="${lastAttemptFile}"
if [ -f "$LOCK_FILE" ]; then
ICON=" "
STATUS="running"
elif [ -f "$FLAG_FILE" ] && [ "$(cat "$FLAG_FILE")" == "enabled" ]; then
LAST_STATUS="unknown"
LAST_ATTEMPT="never"
if [ -f "$LAST_STATUS_FILE" ]; then
LAST_STATUS=$(cat "$LAST_STATUS_FILE")
fi
if [ -f "$LAST_ATTEMPT_FILE" ]; then
LAST_ATTEMPT=$(cat "$LAST_ATTEMPT_FILE")
fi
if [ "$LAST_STATUS" = "success" ]; then
ICON=""
elif [ "$LAST_STATUS" = "failure" ]; then
ICON=""
else
ICON=""
fi
STATUS="enabled (last attempt: $LAST_ATTEMPT, $LAST_STATUS)"
else
ICON=" "
STATUS="disabled"
fi
echo "{\"text\": \"$ICON\", \"tooltip\": \"NixOS Auto Update: $STATUS\"}"
'')
(pkgs.writeShellScriptBin "frajul-auto-upgrade-toggle" ''
#!/bin/sh
FLAG_FILE="${flagFile}"
LOCK_FILE="${lockFile}"
if [ ! -f "$FLAG_FILE" ] || [ "$(cat "$FLAG_FILE")" != "enabled" ]; then
echo "enabled" > "$FLAG_FILE"
else
echo "disabled" > "$FLAG_FILE"
if [ -f "$LOCK_FILE" ]; then
kill -TERM "$(cat "$LOCK_FILE")"
fi
fi
'')
];
# Fixes error: repository path '...' is not owned by current user
environment.etc."root/.gitconfig".text = ''
[safe]
directory = ${cfg.flakePath}
'';
systemd.services.frajul-auto-upgrade = {
description = "Frajul's NixOS Auto Upgrade";
after = ["network-online.target"];
wants = ["network-online.target"];
restartIfChanged = false; # Do not start service on nixos switch
path = with pkgs; [
coreutils
gnutar
xz.bin
gzip
gitMinimal
config.nix.package.out
config.programs.ssh.package
];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
ExecStart = "/run/current-system/sw/bin/frajul-auto-upgrade";
};
};
systemd.timers.frajul-auto-upgrade = {
description = "Run Frajul's NixOS Auto Upgrade at boot";
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "1min";
AccuracySec = "10s";
Unit = "frajul-auto-upgrade.service";
};
};
};
}

5
modules/nixos/hydra-auto-upgrade.nix
View File

@@ -11,7 +11,10 @@ in {
system.hydraAutoUpgrade = { system.hydraAutoUpgrade = {
enable = lib.mkEnableOption "periodic hydra-based auto upgrade"; enable = lib.mkEnableOption "periodic hydra-based auto upgrade";
operation = lib.mkOption { operation = lib.mkOption {
type = lib.types.enum ["switch" "boot"]; type = lib.types.enum [
"switch"
"boot"
];
default = "switch"; default = "switch";
}; };
dates = lib.mkOption { dates = lib.mkOption {

4
overlays/default.nix
View File

@@ -25,11 +25,11 @@
my-pkgs = final: prev: {frajul = import ../pkgs {pkgs = final;};}; my-pkgs = final: prev: {frajul = import ../pkgs {pkgs = final;};};
nixpkgs-stable-unstable = final: prev: { nixpkgs-stable-unstable = final: prev: {
unstable = import inputs.nixpkgs { unstable = import inputs.nixpkgs-unstable {
system = prev.system; system = prev.system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
stable = import inputs.nixpkgs-stable { stable = import inputs.nixpkgs {
system = prev.system; system = prev.system;
config.allowUnfree = true; config.allowUnfree = true;
}; };

2
pkgs/default.nix
View File

@@ -12,4 +12,6 @@
acer-battery-health-mode = pkgs.callPackage ./acer-battery-health-mode {}; acer-battery-health-mode = pkgs.callPackage ./acer-battery-health-mode {};
pob2 = pkgs.callPackage ./pob2 {}; pob2 = pkgs.callPackage ./pob2 {};
wl-ocr = pkgs.callPackage ./wl-ocr {}; wl-ocr = pkgs.callPackage ./wl-ocr {};
rtklib = pkgs.qt6Packages.callPackage ./rtklib {};
pob2-frajul = pkgs.callPackage ./pob2-frajul {};
} }

2
pkgs/open-messaging/default.nix
View File

@@ -20,7 +20,7 @@ writeShellApplication {
sleep 0.1 sleep 0.1
nheko & nheko &
sleep 0.1 sleep 0.1
telegram-desktop & Telegram &
sleep 0.1 sleep 0.1
discord & discord &
''; '';

16
pkgs/pob2-frajul/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{
writeShellApplication,
xhost,
}:
writeShellApplication {
name = "pob2-frajul";
runtimeInputs = [
xhost
];
text = ''
xhost +
sudo -u pob -i sh /home/pob/pob2.sh
'';
}

40
pkgs/rtklib/default.nix Normal file
View File

@@ -0,0 +1,40 @@
{
stdenv,
fetchFromGitHub,
cmake,
pkg-config,
qtbase,
wrapQtAppsHook,
qtserialport,
qttools,
...
}:
stdenv.mkDerivation rec {
pname = "RTKLIB";
version = "b34L";
src = fetchFromGitHub {
owner = "rtklibexplorer";
repo = "${pname}";
rev = "${version}";
hash = "sha256-bQcia3aRQNcZ55fvJViAxpo2Ev276HFTZ28SEXJD5Ds=";
};
nativeBuildInputs = [
cmake
pkg-config
wrapQtAppsHook
];
buildInputs = [
qtbase
qtserialport
qttools
];
cmakeFlags = [
"-DCMAKE_INSTALL_DATAROOTDIR=share"
];
doCheck = true;
}

3
shell.nix
View File

@@ -3,6 +3,9 @@
NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations"; NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations";
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
nix nix
deploy-rs # for deploy
nixos-generators # for nixos-generate -f iso --flake .#host
nh # nix helper for nice interfaces
home-manager home-manager
git git