Compare commits
89 Commits
55ba4125d6
...
flake-upda
| Author | SHA1 | Date | |
|---|---|---|---|
|
8c8e2abde5 | ||
|
|
ec7618ea19 | ||
|
|
ba64806a7b | ||
|
|
9e2d79f557 | ||
|
|
7e4216e657 | ||
|
|
10e0de84eb | ||
|
|
ae025fe9d6 | ||
|
|
33636cb452 | ||
|
|
15f3bb1435 | ||
|
|
4d729ce925 | ||
|
|
f14964fe5a | ||
|
|
39098d34e1 | ||
|
|
7d33b4af76 | ||
|
|
98221a4272 | ||
|
|
312e5b31af | ||
|
|
85c8543ee5 | ||
|
|
3cd94302d6 | ||
|
|
97ed8e5009 | ||
|
|
7c98ad5e05 | ||
|
|
a235bfe104 | ||
|
|
500aee7e85 | ||
|
|
4bc4a45ada | ||
|
|
1de19a3f0f | ||
|
|
3654acf608 | ||
|
|
c557583009 | ||
|
|
874a31a119 | ||
|
|
0e06dda96a | ||
|
|
52f2764e44 | ||
|
|
5111de254c | ||
|
|
39e2d66f43 | ||
|
|
ac2bfa1544 | ||
|
|
d1a95af60e | ||
|
|
94bf5729bc | ||
|
|
eb6327bfd9 | ||
|
|
0c06143ab4 | ||
|
|
b3c8d94ab7 | ||
|
|
4ada4b9376 | ||
| c1b2b51d13 | |||
| 28f78bb67e | |||
| 114647aa96 | |||
| 64ae389f27 | |||
| fd39dbfcd4 | |||
| b13cca7173 | |||
| 7807091b83 | |||
| d3026afb97 | |||
| 152daf1230 | |||
| ffda398f8d | |||
| 3e179960de | |||
| 93e655ed27 | |||
| 710c1dedb8 | |||
| 28ec5c73d4 | |||
| fc7285bd5c | |||
| 11ee156b29 | |||
| 2dba549787 | |||
| d28c7d870c | |||
| 8bf17e74ef | |||
| 08cf457aa3 | |||
| 448002ebf4 | |||
| 9735d3f0c0 | |||
| 8f1b0ade4d | |||
| db05024dc6 | |||
| 21053dac8c | |||
| 1ab0bf54fa | |||
| 5070d4dbfc | |||
| 12466b4426 | |||
| 23155d57b7 | |||
| a9e30bd84b | |||
| e62f6e9dce | |||
| c543bc13ea | |||
| b4d1681b99 | |||
| 6c32ffbe94 | |||
| 6787243414 | |||
| d350807e8c | |||
| f872c8db0c | |||
| 8c53c66c4d | |||
| 0f07029660 | |||
| 8010d771a1 | |||
| 7f4c41429e | |||
| 6d21fe4262 | |||
| c081f95aaf | |||
| 452a34c7e8 | |||
| 15c4616b91 | |||
| 07274a0364 | |||
| 3bb8db1349 | |||
| 65a3dcdc08 | |||
| 9fe40bfd13 | |||
| 07943d4f95 | |||
| 815a79ff41 | |||
| 32ddceba8f |
@@ -1,7 +1,7 @@
|
||||
keys:
|
||||
- &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
|
||||
- &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
|
||||
- &pianonix-ssh age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
|
||||
- &pianonix-ssh age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
|
||||
- &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
|
||||
- &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
|
||||
|
||||
@@ -20,7 +20,7 @@ creation_rules:
|
||||
- *primary
|
||||
- *builder-ssh
|
||||
|
||||
- path_regex: hosts/pianonix/secrets.yaml$
|
||||
- path_regex: hosts/pianonix/secrets*
|
||||
key_groups:
|
||||
- age:
|
||||
- *primary
|
||||
|
||||
@@ -24,7 +24,7 @@ sops edit secrets/secrets.yaml
|
||||
** Authorize new device
|
||||
- Generate public key from ssh -> Private age key generation not needed
|
||||
#+begin_src sh
|
||||
ssh-to-age < /etc/ssh/ssh_host_ed25519_key
|
||||
ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
|
||||
#+end_src
|
||||
- Add age public key to file:.sops.yaml
|
||||
- Update keys
|
||||
|
||||
870
flake.lock
generated
870
flake.lock
generated
File diff suppressed because it is too large
Load Diff
29
flake.nix
29
flake.nix
@@ -2,16 +2,21 @@
|
||||
description = "Home Manager configuration of julian";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
|
||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
|
||||
systems.url = "github:nix-systems/default-linux";
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
nix-colors.url = "github:misterio77/nix-colors";
|
||||
deploy-rs.url = "github:serokell/deploy-rs";
|
||||
|
||||
nixos-generators = {
|
||||
url = "github:nix-community/nixos-generators";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager";
|
||||
url = "github:nix-community/home-manager/release-25.05";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
sops-nix = {
|
||||
@@ -28,16 +33,12 @@
|
||||
};
|
||||
|
||||
# Various flakes
|
||||
alacritty-theme = {
|
||||
url = "github:alacritty/alacritty-theme";
|
||||
flake = false;
|
||||
};
|
||||
yazi-flavors = {
|
||||
url = "github:yazi-rs/flavors";
|
||||
flake = false;
|
||||
};
|
||||
nixvim = {
|
||||
url = "github:nix-community/nixvim";
|
||||
url = "github:nix-community/nixvim/nixos-25.05";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nix-matlab = {
|
||||
@@ -88,7 +89,7 @@
|
||||
|
||||
packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
|
||||
devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
|
||||
formatter = forEachSystem (pkgs: pkgs.alejandra);
|
||||
formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt *
|
||||
|
||||
nixosConfigurations = {
|
||||
# Main laptop
|
||||
@@ -187,5 +188,15 @@
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# substitutes: nixos-generate --flake .#pianonix -f sd-aarch64 --system aarch64-linux
|
||||
pianonix-image = inputs.nixos-generators.nixosGenerate {
|
||||
system = "aarch64-linux";
|
||||
format = "sd-aarch64";
|
||||
modules = [./hosts/pianonix];
|
||||
specialArgs = {
|
||||
inherit inputs outputs;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -6,8 +6,9 @@
|
||||
./features/direnv
|
||||
./features/topgrade
|
||||
./features/neovim
|
||||
./features/kitty
|
||||
./features/ghostty
|
||||
./features/wezterm
|
||||
./features/alacritty
|
||||
./features/yazi
|
||||
./features/emacs
|
||||
|
||||
@@ -20,7 +21,7 @@
|
||||
|
||||
hostName = "aspi";
|
||||
is-nixos = true;
|
||||
terminal = "kitty";
|
||||
terminal = "alacritty";
|
||||
|
||||
# ------- ----------
|
||||
# | eDP-1 | | HDMI-A-1 |
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
import = [
|
||||
"~/.config/alacritty/theme/themes/smoooooth.toml"
|
||||
]
|
||||
@@ -1,15 +1,12 @@
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
inputs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
home.packages = with pkgs; [alacritty];
|
||||
|
||||
home.file = {
|
||||
".config/alacritty/theme".source = "${inputs.alacritty-theme}";
|
||||
".config/alacritty/alacritty.toml".source = ./alacritty.toml;
|
||||
programs.alacritty = {
|
||||
enable = true;
|
||||
settings = {};
|
||||
theme = "smoooooth";
|
||||
};
|
||||
|
||||
home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "alacritty") "alacritty";
|
||||
|
||||
16
homes/julian/features/ghostty/default.nix
Normal file
16
homes/julian/features/ghostty/default.nix
Normal file
@@ -0,0 +1,16 @@
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
programs.ghostty = {
|
||||
enable = true;
|
||||
enableFishIntegration = true;
|
||||
settings = {
|
||||
theme = "catppuccin-mocha";
|
||||
font-size = 12;
|
||||
};
|
||||
};
|
||||
|
||||
home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "ghostty") "ghostty";
|
||||
}
|
||||
@@ -24,7 +24,7 @@ in {
|
||||
./zathura.nix
|
||||
./waypipe.nix
|
||||
|
||||
./hyprbars.nix
|
||||
# ./hyprbars.nix
|
||||
];
|
||||
|
||||
xdg.portal = {
|
||||
@@ -48,23 +48,21 @@ in {
|
||||
wf-recorder
|
||||
wl-clipboard
|
||||
|
||||
(pkgs.writeShellScriptBin
|
||||
"toggle-screen-mirroring"
|
||||
(builtins.readFile
|
||||
./toggle-screen-mirroring.sh))
|
||||
(pkgs.writeShellScriptBin "toggle-screen-mirroring" (
|
||||
builtins.readFile ./toggle-screen-mirroring.sh
|
||||
))
|
||||
|
||||
(
|
||||
pkgs.writeShellScriptBin
|
||||
"correct-workspace-locations"
|
||||
(
|
||||
lib.concatStringsSep "\n"
|
||||
(
|
||||
(pkgs.writeShellScriptBin "correct-workspace-locations" (
|
||||
lib.concatStringsSep "\n" (
|
||||
builtins.concatLists (
|
||||
map (monitor: map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces) config.monitors
|
||||
)
|
||||
)
|
||||
map (
|
||||
monitor:
|
||||
map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces
|
||||
)
|
||||
config.monitors
|
||||
)
|
||||
)
|
||||
))
|
||||
];
|
||||
|
||||
services.cliphist = {
|
||||
@@ -157,11 +155,17 @@ in {
|
||||
settings = {
|
||||
"$mod" = "SUPER";
|
||||
|
||||
# Environment variables programs like emacs have access to
|
||||
env = "TERMINAL,${config.terminal}";
|
||||
|
||||
# Monitors
|
||||
monitor = ",preferred,auto,1";
|
||||
|
||||
# Autostart
|
||||
exec-once = ["firefox"];
|
||||
exec-once = [
|
||||
(lib.getExe pkgs.firefox)
|
||||
(lib.getExe pkgs.waybar)
|
||||
];
|
||||
|
||||
# Look and Feel
|
||||
general = {
|
||||
@@ -280,7 +284,7 @@ in {
|
||||
# opening applications
|
||||
"$mod, D, exec, wofi --show drun,run"
|
||||
"$mod, E, exec, pcmanfm"
|
||||
"$mod, Return, exec, kitty"
|
||||
"$mod, Return, exec, ${config.terminal}"
|
||||
"$mod, B, exec, firefox"
|
||||
"$mod, C, exec, qalculate-gtk"
|
||||
|
||||
|
||||
@@ -12,7 +12,14 @@
|
||||
|
||||
"modules-center": [],
|
||||
|
||||
"modules-right": ["idle_inhibitor", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
|
||||
"modules-right": ["idle_inhibitor", "custom/nixos-update", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
|
||||
|
||||
"custom/nixos-update": {
|
||||
"exec": "frajul-auto-upgrade-status",
|
||||
"return-type": "json",
|
||||
"interval": 2,
|
||||
"on-click-right": "frajul-auto-upgrade-toggle"
|
||||
},
|
||||
|
||||
"hyprland/workspaces": {
|
||||
"on-scroll-up": "hyprctl dispatch workspace m+1",
|
||||
@@ -35,6 +42,7 @@
|
||||
},
|
||||
|
||||
"idle_inhibitor": {
|
||||
"start-activated": true,
|
||||
"format": "{icon}",
|
||||
"format-icons": {
|
||||
"activated": "",
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
in {
|
||||
programs.waybar = {
|
||||
enable = true;
|
||||
systemd.enable = true;
|
||||
# systemd.enable = true;
|
||||
settings.mainBar = builtins.fromJSON (builtins.readFile ./config.json);
|
||||
};
|
||||
|
||||
|
||||
@@ -142,8 +142,8 @@ bindsym $mod+Shift+9 move container to workspace number $ws9; workspace $ws9
|
||||
bindsym $mod+Shift+0 move container to workspace number $ws10; workspace $ws10
|
||||
|
||||
# Monitor config
|
||||
set $monitor_left "DVI-D-0"
|
||||
set $monitor_right "DVI-D-1"
|
||||
set $monitor_left "DVI-D-1"
|
||||
set $monitor_right "DVI-D-2"
|
||||
|
||||
workspace $ws1 output $monitor_left
|
||||
workspace $ws2 output $monitor_left
|
||||
|
||||
@@ -36,6 +36,8 @@
|
||||
opts = {
|
||||
number = false;
|
||||
relativenumber = false;
|
||||
ignorecase = true;
|
||||
smartcase = true;
|
||||
};
|
||||
clipboard.register = "unnamedplus"; # Use system clipboard
|
||||
|
||||
@@ -49,7 +51,7 @@
|
||||
key = "<leader><space>";
|
||||
}
|
||||
{
|
||||
action = "<cmd>Telescope file_browser<cr>";
|
||||
action = "<cmd>Telescope file_browser path=%:p:h<cr>";
|
||||
key = "<leader>.";
|
||||
}
|
||||
{
|
||||
@@ -140,17 +142,21 @@
|
||||
};
|
||||
|
||||
lsp = {
|
||||
enable = true;
|
||||
enable = true; # includes lsp-config, default settings for the lsps
|
||||
servers = {
|
||||
rust_analyzer = {
|
||||
enable = true;
|
||||
installCargo = true;
|
||||
installRustc = true;
|
||||
};
|
||||
nixd.enable = true;
|
||||
pyright.enable = true;
|
||||
dockerls.enable = true;
|
||||
lua_ls.enable = true;
|
||||
nixd.enable = true; # nix
|
||||
pyright.enable = true; # python
|
||||
dockerls.enable = true; # docker
|
||||
lua_ls.enable = true; # lua
|
||||
clangd.enable = true; # c, c++
|
||||
dartls.enable = true; # dart, flutter
|
||||
digestif.enable = true; # latex
|
||||
tinymist.enable = true; # typst
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@@ -40,6 +40,7 @@
|
||||
wireguard-tools # wg-quick
|
||||
xorg.xkill
|
||||
zip
|
||||
dig
|
||||
|
||||
## My scripts
|
||||
frajul.edit-config
|
||||
|
||||
@@ -22,6 +22,7 @@
|
||||
calibre # ebook manager and viewer
|
||||
# digikam
|
||||
discord
|
||||
discord-ptb # in case discord updates take their time
|
||||
# dvdisaster
|
||||
# element-desktop
|
||||
# rocketchat-desktop
|
||||
@@ -31,10 +32,11 @@
|
||||
nheko
|
||||
evince # Simple pdf reader, good for focusing on document content
|
||||
firefox
|
||||
vivaldi
|
||||
# geogebra
|
||||
cheese
|
||||
handbrake
|
||||
kitty # Terminal
|
||||
# kitty # Terminal, already available as feature
|
||||
libnotify
|
||||
libreoffice
|
||||
mate.engrampa
|
||||
@@ -61,8 +63,12 @@
|
||||
zotero # Manage papers and other sources
|
||||
pdfpc # Present slides in pdf form
|
||||
|
||||
networkmanager-openvpn
|
||||
keepassxc
|
||||
|
||||
## My scripts
|
||||
frajul.open-messaging
|
||||
frajul.xwacomcalibrate
|
||||
frajul.pob2-frajul
|
||||
];
|
||||
}
|
||||
|
||||
@@ -62,6 +62,7 @@
|
||||
|
||||
## My scripts
|
||||
frajul.deploy-to-pianopi
|
||||
frajul.rtklib
|
||||
|
||||
(pkgs.writeShellScriptBin "matlab-rsp" ''
|
||||
matlab -desktop -sd "/home/julian/git/uwa-channel-model" -softwareopengl
|
||||
|
||||
@@ -20,7 +20,7 @@
|
||||
"flakes"
|
||||
"ca-derivations"
|
||||
];
|
||||
# warn-dirty = false; # TODO: do I want it? also for systems
|
||||
warn-dirty = false; # TODO: do I want it? also for systems
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -39,5 +39,8 @@
|
||||
];
|
||||
|
||||
# nix.settings. # warn-dirty = false; # TODO: do I want this
|
||||
#
|
||||
# Ensure we can still build when missing-server is not accessible
|
||||
fallback = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -6,13 +6,13 @@
|
||||
./features/direnv
|
||||
./features/topgrade
|
||||
./features/neovim
|
||||
./features/kitty
|
||||
./features/ghostty
|
||||
./features/wezterm
|
||||
./features/yazi
|
||||
./features/emacs
|
||||
|
||||
./features/hyprland
|
||||
# ./features/i3
|
||||
# ./features/hyprland
|
||||
./features/i3
|
||||
|
||||
./features/suites/cli
|
||||
./features/suites/desktop
|
||||
@@ -21,7 +21,7 @@
|
||||
|
||||
hostName = "kardorf";
|
||||
is-nixos = true;
|
||||
terminal = "kitty";
|
||||
terminal = "ghostty";
|
||||
|
||||
# --------- ---------
|
||||
# | DVI-D-1 | | DVI-D-2 |
|
||||
|
||||
@@ -14,8 +14,8 @@
|
||||
is-nixos = true;
|
||||
terminal = "wezterm";
|
||||
|
||||
services.syncthing.tray.enable = true;
|
||||
services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
|
||||
# services.syncthing.tray.enable = true;
|
||||
# services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
|
||||
|
||||
home.packages = with pkgs; [
|
||||
music-reader
|
||||
@@ -27,9 +27,33 @@
|
||||
onboard
|
||||
];
|
||||
|
||||
programs.firefox = {
|
||||
enable = true;
|
||||
|
||||
profiles.default = {
|
||||
isDefault = true;
|
||||
|
||||
settings = {
|
||||
"browser.startup.homepage" = "https://sheets.julian-mutter.de";
|
||||
"browser.startup.page" = 1; # 0=blank, 1=home page, 3=restore previous session
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
programs.chromium = {
|
||||
enable = true;
|
||||
|
||||
# commandLineArgs = [
|
||||
# "--homepage=https://sheets.julian-mutter.de"
|
||||
# "--no-first-run"
|
||||
# ];
|
||||
};
|
||||
|
||||
# Autostart link
|
||||
home.file = {
|
||||
".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
|
||||
# ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
|
||||
# ".config/autostart/firefox.desktop".source = "${pkgs.firefox}/share/applications/firefox.desktop";
|
||||
".config/autostart/chromium.desktop".source = "${pkgs.chromium}/share/applications/chromium.desktop";
|
||||
".config/sheet-organizer/config.toml".text = ''
|
||||
working_directory = "/home/julian/Klavier"
|
||||
'';
|
||||
|
||||
@@ -19,7 +19,7 @@
|
||||
is-nixos = false;
|
||||
# terminal = "kitty";
|
||||
|
||||
home.sessionPath = [ "/snap/bin" ];
|
||||
home.sessionPath = ["/snap/bin"];
|
||||
|
||||
home.packages =
|
||||
lib.lists.concatMap (packages-list-file: import packages-list-file {inherit pkgs;})
|
||||
|
||||
@@ -4,6 +4,9 @@
|
||||
|
||||
../common/global
|
||||
../common/users/julian
|
||||
../common/users/yukari
|
||||
../common/users/pob
|
||||
../common/optional/binarycaches.nix
|
||||
|
||||
../common/optional/remote-builder.nix
|
||||
../common/optional/boot-efi.nix
|
||||
@@ -17,7 +20,7 @@
|
||||
../common/optional/virtualbox.nix
|
||||
|
||||
../common/optional/podman.nix
|
||||
../common/optional/wireguard.nix
|
||||
# ../common/optional/wireguard.nix
|
||||
../common/optional/flatpak.nix
|
||||
|
||||
../common/optional/avahi.nix
|
||||
@@ -31,7 +34,13 @@
|
||||
enable = true;
|
||||
overrideSettings = false;
|
||||
};
|
||||
frajulAutoUpgrade = {
|
||||
enable = true;
|
||||
flakePath = "/home/julian/.dotfiles";
|
||||
};
|
||||
};
|
||||
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
|
||||
services.blueman.enable = true;
|
||||
services.upower.enable = true;
|
||||
|
||||
@@ -1,22 +1,39 @@
|
||||
# sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118
|
||||
# or
|
||||
# deploy .#builder
|
||||
{config, ...}: {
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
||||
../common/global
|
||||
../common/global/fish.nix # fish for admin
|
||||
../common/global/locale.nix
|
||||
../common/global/nix.nix
|
||||
../common/global/sops.nix
|
||||
../common/global/root.nix
|
||||
];
|
||||
|
||||
networking.hostName = "builder";
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
networking.nameservers = [
|
||||
"192.168.3.252"
|
||||
"172.30.20.10"
|
||||
"1.1.1.1"
|
||||
];
|
||||
|
||||
users.mutableUsers = false;
|
||||
users.users.nix = {
|
||||
isNormalUser = true;
|
||||
description = "Nix";
|
||||
extraGroups = [
|
||||
"networkmanager"
|
||||
"wheel"
|
||||
"docker"
|
||||
];
|
||||
};
|
||||
|
||||
@@ -30,14 +47,33 @@
|
||||
substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cache.nixos.org/"
|
||||
"https://hyprland.cachix.org"
|
||||
"https://devenv.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
||||
];
|
||||
trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];
|
||||
|
||||
trusted-users = ["nix"];
|
||||
max-jobs = "auto";
|
||||
cores = 0;
|
||||
|
||||
# Ensure we can still build when missing-server is not accessible
|
||||
fallback = true;
|
||||
};
|
||||
|
||||
# system.autoUpgrade = {
|
||||
# enable = true;
|
||||
# flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles";
|
||||
# flags = [
|
||||
# "--recreate-lock-file" # update lock file
|
||||
# ];
|
||||
# dates = "02:13";
|
||||
# };
|
||||
|
||||
# optimize store by hardlinking store files
|
||||
nix.optimise.automatic = true;
|
||||
nix.optimise.dates = ["03:15"];
|
||||
@@ -83,9 +119,28 @@
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
# require public key authentication for better security
|
||||
settings.PasswordAuthentication = true;
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
settings.PermitRootLogin = "yes";
|
||||
# Add older algorithms for jenkins ssh-agents-plugin to be compatible
|
||||
settings.Macs = [
|
||||
"hmac-sha2-512-etm@openssh.com"
|
||||
"hmac-sha2-256-etm@openssh.com"
|
||||
"umac-128-etm@openssh.com"
|
||||
"hmac-sha2-512"
|
||||
"hmac-sha2-256"
|
||||
"umac-128@openssh.com"
|
||||
];
|
||||
settings.KexAlgorithms = [
|
||||
"diffie-hellman-group-exchange-sha1"
|
||||
"diffie-hellman-group14-sha1"
|
||||
"mlkem768x25519-sha256"
|
||||
"sntrup761x25519-sha512"
|
||||
"sntrup761x25519-sha512@openssh.com"
|
||||
"curve25519-sha256"
|
||||
"curve25519-sha256@libssh.org"
|
||||
"diffie-hellman-group-exchange-sha256"
|
||||
];
|
||||
};
|
||||
users.users."root".openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
|
||||
@@ -183,7 +238,16 @@
|
||||
url = "https://gitlab.julian-mutter.de";
|
||||
name = "builder";
|
||||
tokenFile = config.sops.secrets."gitea_token".path;
|
||||
labels = []; # use default labels
|
||||
labels = [
|
||||
# provide a debian base with nodejs for actions
|
||||
"debian-latest:docker://node:18-bullseye"
|
||||
# fake the ubuntu name, because node provides no ubuntu builds
|
||||
"ubuntu-latest:docker://node:18-bullseye"
|
||||
# devenv
|
||||
"devenv:docker://ghcr.io/cachix/devenv/devenv:latest"
|
||||
# provide native execution on the host
|
||||
"nixos:host"
|
||||
];
|
||||
};
|
||||
|
||||
virtualisation.docker.enable = true;
|
||||
@@ -241,4 +305,41 @@
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.gitlab-runner.enable = true;
|
||||
# runner for everything else
|
||||
#
|
||||
sops.secrets."gitlab_runner_token".sopsFile = ./secrets.yaml;
|
||||
services.gitlab-runner.services.default = {
|
||||
# File should contain at least these two variables:
|
||||
authenticationTokenConfigFile = config.sops.secrets."gitlab_runner_token".path;
|
||||
dockerImage = "alpine:latest";
|
||||
dockerVolumes = [
|
||||
"/var/run/docker.sock:/var/run/docker.sock"
|
||||
];
|
||||
};
|
||||
|
||||
### Jenkins node
|
||||
users.users.jenkins = {
|
||||
createHome = true;
|
||||
home = "/var/lib/jenkins";
|
||||
group = "jenkins";
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ36sQhVz3kUEi8754G7r3rboihhG4iqFK/UvQm6SING jenkins@home"
|
||||
];
|
||||
packages = with pkgs; [
|
||||
git
|
||||
devenv
|
||||
];
|
||||
extraGroups = [
|
||||
"docker"
|
||||
];
|
||||
};
|
||||
|
||||
users.groups.jenkins = {};
|
||||
programs.java = {
|
||||
enable = true;
|
||||
package = pkgs.jdk21; # Same as jenkins version on home
|
||||
};
|
||||
}
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -2,6 +2,8 @@
|
||||
{
|
||||
inputs,
|
||||
outputs,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
imports =
|
||||
@@ -22,10 +24,18 @@
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
||||
# Networking
|
||||
networking.networkmanager.enable = true;
|
||||
networking.networkmanager = {
|
||||
enable = true;
|
||||
plugins = with pkgs; [
|
||||
networkmanager-openconnect
|
||||
];
|
||||
};
|
||||
services.resolved.enable = true;
|
||||
|
||||
programs.dconf.enable = true;
|
||||
networking.nameservers = lib.mkDefault [
|
||||
"1.1.1.1"
|
||||
"8.8.8.8"
|
||||
];
|
||||
|
||||
# HM
|
||||
home-manager.useGlobalPkgs = true;
|
||||
|
||||
@@ -26,26 +26,6 @@
|
||||
];
|
||||
# warn-dirty = false;
|
||||
|
||||
# Setup binary caches
|
||||
nix.settings = {
|
||||
substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cache.nixos.org/"
|
||||
"https://hyprland.cachix.org"
|
||||
"http://binarycache.julian-mutter.de"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||
"binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
|
||||
];
|
||||
|
||||
trusted-users = [
|
||||
"root"
|
||||
"@wheel"
|
||||
]; # needed for devenv to add custom caches
|
||||
};
|
||||
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
|
||||
@@ -1,8 +1,14 @@
|
||||
{pkgs, ...}: {
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
# Make programs like nextcloud client access saved passwords
|
||||
programs.seahorse.enable = true;
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
|
||||
programs.seahorse.enable = true;
|
||||
programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
|
||||
|
||||
# Make authentication work for e.g. gparted
|
||||
security.polkit.enable = true;
|
||||
systemd = {
|
||||
|
||||
31
hosts/common/optional/binarycaches.nix
Normal file
31
hosts/common/optional/binarycaches.nix
Normal file
@@ -0,0 +1,31 @@
|
||||
{
|
||||
lib,
|
||||
outputs,
|
||||
...
|
||||
}: {
|
||||
# Setup binary caches
|
||||
nix.settings = {
|
||||
substituters = [
|
||||
"https://nix-community.cachix.org"
|
||||
"https://cache.nixos.org/"
|
||||
"https://hyprland.cachix.org"
|
||||
"http://binarycache.julian-mutter.de"
|
||||
"https://devenv.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
|
||||
"binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
|
||||
];
|
||||
|
||||
trusted-users = [
|
||||
"root"
|
||||
"@wheel"
|
||||
]; # needed for devenv to add custom caches
|
||||
|
||||
# Ensure we can still build when missing-server is not accessible
|
||||
fallback = true;
|
||||
};
|
||||
}
|
||||
@@ -3,6 +3,7 @@
|
||||
services.pulseaudio.enable = false;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
wireplumber.enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
@@ -14,6 +15,14 @@
|
||||
"module.x11.bell" = false;
|
||||
};
|
||||
};
|
||||
"10-increase-buffer" = {
|
||||
"context.properties" = {
|
||||
"default.clock.rate" = 48000;
|
||||
"default.clock.quantum" = 1024;
|
||||
"default.clock.min-quantum" = 1024;
|
||||
"default.clock.max-quantum" = 2048;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -14,38 +14,38 @@ sops:
|
||||
- recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxV2IzcEZ6eGYxbXAvaEta
|
||||
c3RLbmZubnVEL1EwSlNNY3ZNbkVSUXN5ZDBZClRTYWwzbHhDK1VsMzVVL0VMVzZF
|
||||
SEQ0ZHVMdytrY0xXUEppQkpNZEZ3VFkKLS0tIG95ZkJLWTZBWWpIOEQ4bHpBNWEx
|
||||
QXVpMTNSNzU1dTBPYjlsc1BvNHZ3dDgKMHrT9DCC5W6UwC1Mfq6YCwkvZtDs3I7j
|
||||
vKlnanFp8hMMyYONRVlkvh+vOGQdbgXco4Z5nr02LQDu6Rwm4jSp9g==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBualdnWmtBTThhZDFVdDRP
|
||||
WHlMamk1MFhUYUwwa0hyQmpobGNocC9VR0ZVCmc3N1FjcUZCNUdTTm91OVpwZDhP
|
||||
bTNXekp2bDd3Tjh6a2ZVTVNTSW9RTU0KLS0tIGJpcUVHb2ZlODgvelhwQ0JFU3l5
|
||||
WU5VanhYMTUvNklYazJxOXVveXhpM2cKCo+4FhhcbRylASEbQb9rAQUzEO1D+0AR
|
||||
52Jzc9s9rSdypeBRE7SaSOI4eVnkEjPfyhNFvMdxiBzBj7GdocpmCw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKTnpqclVmVHR3M1ZvMDZ0
|
||||
eEtrbnhpTW5uZlhOYWFxbktxcTJ3bXZISkhzClpud2tNVzUvT2N2SkRadWk5aVpE
|
||||
S2VkTFlIVUhFclA0WEh5cEp0Qjg3ejgKLS0tIDNXY0lpKys4Q3NBRFcya2RoSG1F
|
||||
YW0raHlNekdWT3p0WHpGMk9xMmgzWFUKCue4GvgmH3nJBa7ny7rqft5MuSWHqAsP
|
||||
5HnaAudL+rh2j1swm635QUrf9UnpUznE5NSOGrQDmA6RCBypNM4rsw==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4STZpU0ZnRzVVOFFRUXZG
|
||||
akcwS2Z5V3lmQzRTSGNHT2hDME5JMks2QTNNClpkZzNMc0wyRjVEaVlBRFlyNFhs
|
||||
M1pyeW1XdnZubnRxMzEzMFJoK0lkVVEKLS0tIENhRExzUWRWMUlObmhxazM5cU9y
|
||||
aDFyaDJackFoaEZOYWdTbWt0ODB1bm8Kg1VDAj5/i8ZbYxspIdXrI474YN5YkV4H
|
||||
86maCRDfUxO5lvu4zBa9pOmFtJ2iuJ2MxDnmCSHTl+GOk8yyUT8JhA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct
|
||||
- recipient: age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBESlZOeHY0T01ra0gwMS8z
|
||||
R3c1eW45WVkyeTBuRlFMRngrb2NFL1hkcmhRCitwZ3lweXM0di9EdEdQZmF4ZUZr
|
||||
M1hqNkM3Q1Jrb09Kb2M0ZkhTcFZPYkkKLS0tIHpCTEFCV0JlRzQwK3hndDJ4aHVC
|
||||
S1o0QVlXSVl0dmlpWUQ3ZXdqUU5maTgKY4UJPx37CU5OUgkqYWlz9+0rA+dQkrH9
|
||||
+/kTT/2qZ2Op67WKtlas7arC7BjU8uygM208q+nr48Lic5n1fMtnXA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveE9NV2JCOW9odlN6Wmkw
|
||||
WFEvU2pka3htV2FTTFlpc05ES2JjbGxTaFJZCjhYdG1sRVBFaEF3YjNkWEw3Ny8x
|
||||
MlYyTjJBMHA2YVpHRkkwWW5hNDdrS1UKLS0tIFZXTFNVbkd6VFExc0dSVU4vd3JF
|
||||
ajlFY2pvWW13VGxOZ0hEc3dMbU9IeUUKNSf7ycj+1XHhsoghmY2iR1BwIySqfIOF
|
||||
zawE+MQcQg0u+fy6Aik26eUGvQG3rya2Fx2+3VlAbKB+rbiP0fwsgg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvYkdwSy9vc0lEWXJIdWRw
|
||||
VmJ2NStaZDVxaG1LNU1NQlErdElPdkQvY3pjCkJyL1BRR2w1dmpqYnk5Tys3eHpX
|
||||
c0FJdzA1bU5GWWhrUWhOK1Jqa2lTaU0KLS0tIDMzMEQwL3I0ckVyYWFubU9VNlAr
|
||||
NlBud3VHczNnMm5wOGhHdEoxTG5CNDgK4s7cFGvUCeztjjIAWtMW7TUqFP+YEQIg
|
||||
So5A7DGxVsUcqarTUPazpIBBlO4n9zj79Qe+eQd6ti0EZG6sYX6+2Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaTNJNkJ0RVJiYlRzcmlX
|
||||
TmEweVdLaGpoVXMxZEFDU3dOZTJCRjdiNENBCkZ3bjJUNm1vcmY1ZUpZcEo4OGxa
|
||||
UWJKSjNKL002UDhmTmJER2M0MjJ3aG8KLS0tIFMvZjBkOS83T3NDUE82M3kweVNw
|
||||
VXhoN0VyWkVxMEJPQ3orVUNDK21rRU0KvnmuFxcCpP+LZg7v5jaStw9F0owVrQl9
|
||||
AkIq7GUJh7xewLxcVZfiBRpXMhw/mM8LYnd2KGP8R/TfYg+v0//+5A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-04-23T07:00:17Z"
|
||||
mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str]
|
||||
|
||||
@@ -17,6 +17,8 @@ in {
|
||||
"networkmanager"
|
||||
"wheel"
|
||||
"audio"
|
||||
"realtime"
|
||||
"rtkit"
|
||||
"network"
|
||||
"video"
|
||||
"podman"
|
||||
|
||||
28
hosts/common/users/pob/default.nix
Normal file
28
hosts/common/users/pob/default.nix
Normal file
@@ -0,0 +1,28 @@
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
|
||||
in {
|
||||
users.mutableUsers = false;
|
||||
users.users.pob = {
|
||||
description = "A helper user to use another profile for some applications";
|
||||
group = "pob";
|
||||
isNormalUser = true;
|
||||
shell = pkgs.fish;
|
||||
extraGroups = ifTheyExist [
|
||||
"networkmanager"
|
||||
];
|
||||
packages = with pkgs; [
|
||||
firefox
|
||||
wineWowPackages.stable # 32-bit and 64-bit wine
|
||||
winetricks
|
||||
];
|
||||
};
|
||||
users.groups.pob = {};
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
julian ALL=(pob) NOPASSWD: ALL
|
||||
'';
|
||||
}
|
||||
100
hosts/common/users/yukari/default.nix
Normal file
100
hosts/common/users/yukari/default.nix
Normal file
@@ -0,0 +1,100 @@
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
outputs,
|
||||
...
|
||||
}: let
|
||||
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
|
||||
in {
|
||||
users.mutableUsers = false;
|
||||
users.users.yukari = {
|
||||
description = "Yukari";
|
||||
group = "yukari";
|
||||
isNormalUser = true;
|
||||
shell = pkgs.fish;
|
||||
extraGroups = ifTheyExist [
|
||||
"networkmanager"
|
||||
"audio"
|
||||
"network"
|
||||
"video"
|
||||
"podman"
|
||||
"docker"
|
||||
"git"
|
||||
"gamemode"
|
||||
];
|
||||
|
||||
createHome = true;
|
||||
hashedPassword = "$y$j9T$rGuTL0rfiy7ht8L58BGCw0$fN.KwHjYlIitFEPHndKvV06ezgeWzP3/58o1kkviZwB";
|
||||
packages = [pkgs.home-manager];
|
||||
};
|
||||
users.groups.yukari = {};
|
||||
|
||||
home-manager.users.yukari = {
|
||||
imports =
|
||||
[
|
||||
../../../../homes/julian/features/fonts
|
||||
../../../../homes/julian/features/suites/cli
|
||||
]
|
||||
++ (builtins.attrValues outputs.homeManagerModules);
|
||||
|
||||
home = {
|
||||
username = lib.mkDefault "yukari";
|
||||
homeDirectory = lib.mkDefault "/home/${config.home.username}";
|
||||
stateVersion = lib.mkDefault "23.11";
|
||||
|
||||
sessionPath = ["$HOME/.local/bin"];
|
||||
|
||||
packages = with pkgs; [
|
||||
arandr
|
||||
calibre # ebook manager and viewer
|
||||
# digikam
|
||||
discord
|
||||
discord-ptb # in case discord updates take their time
|
||||
# dvdisaster
|
||||
# element-desktop
|
||||
# rocketchat-desktop
|
||||
thunderbird
|
||||
tdesktop # telegram
|
||||
# schildichat-desktop # not updated regularly
|
||||
nheko
|
||||
evince # Simple pdf reader, good for focusing on document content
|
||||
firefox
|
||||
vivaldi
|
||||
# geogebra
|
||||
cheese
|
||||
handbrake
|
||||
# kitty # Terminal, already available as feature
|
||||
libnotify
|
||||
libreoffice
|
||||
mate.engrampa
|
||||
nomacs # Image viewer
|
||||
kdePackages.okular # Pdf reader with many features, good for commenting documents
|
||||
pavucontrol
|
||||
pdfsam-basic # Split, merge, etc for pdfs
|
||||
qalculate-gtk # Nice gui calculator
|
||||
qpdfview
|
||||
# qutebrowser
|
||||
# realvnc-vnc-viewer
|
||||
rpi-imager # make isos
|
||||
# rustdesk
|
||||
tor-browser
|
||||
unstable.path-of-building # Path of Building
|
||||
# frajul.pob-dev-version # Path of Building
|
||||
vlc
|
||||
wineWowPackages.stable # 32-bit and 64-bit wine
|
||||
winetricks
|
||||
xclip # x11 clipboard access from terminal
|
||||
xfce.mousepad # simple text editor
|
||||
xournalpp # Edit pdf files
|
||||
zoom-us # Video conferencing
|
||||
zotero # Manage papers and other sources
|
||||
pdfpc # Present slides in pdf form
|
||||
];
|
||||
};
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
git.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -5,14 +5,16 @@
|
||||
../common/global
|
||||
../common/users/julian
|
||||
../common/users/wolfi
|
||||
../common/optional/binarycaches.nix
|
||||
|
||||
../common/optional/xserver.nix
|
||||
../common/optional/remote-builder.nix
|
||||
../common/optional/boot-efi.nix
|
||||
|
||||
../common/optional/greetd.nix
|
||||
# ../common/optional/greetd.nix
|
||||
|
||||
# ../common/optional/gdm.nix
|
||||
# ../common/optional/i3.nix
|
||||
../common/optional/gdm.nix
|
||||
../common/optional/i3.nix
|
||||
|
||||
../common/optional/openssh.nix
|
||||
|
||||
@@ -32,7 +34,6 @@
|
||||
|
||||
programs.kdeconnect.enable = true;
|
||||
|
||||
# services.xserver.desktopManager.xfce.enable = true;
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
|
||||
@@ -80,9 +80,10 @@
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
|
||||
# hardware.nvidia.modesetting.enable = true; # produces errors, display manager fails to start
|
||||
# Use latest version of driver
|
||||
# hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
|
||||
hardware.nvidia.modesetting.enable = true; # produces errors, display manager fails to start
|
||||
|
||||
# hardware.nvidia.nvidiaSettings = true;
|
||||
hardware.nvidia.nvidiaSettings = true;
|
||||
hardware.nvidia.open = false;
|
||||
}
|
||||
|
||||
@@ -15,27 +15,51 @@
|
||||
|
||||
../common/global
|
||||
../common/users/julian
|
||||
../common/optional/binarycaches.nix
|
||||
|
||||
../common/optional/pipewire.nix
|
||||
../common/optional/remote-builder.nix
|
||||
../common/optional/pcmanfm.nix
|
||||
../common/optional/redshift.nix
|
||||
../common/optional/authentication.nix
|
||||
|
||||
../common/optional/avahi.nix
|
||||
];
|
||||
|
||||
# disko.devices.disk.main.device = "/dev/mmcblk1";
|
||||
|
||||
# networking.wireless.enable = true;
|
||||
# networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path;
|
||||
# networking.wireless.networks = {
|
||||
# "@SSID@".psk = "@PSK@";
|
||||
# enabled by fish, disabling speeds up builds
|
||||
documentation.man.generateCaches = false;
|
||||
|
||||
networking.enableIPv6 = false; # This only leads to issues with avahi
|
||||
|
||||
hardware.bluetooth.enable = true;
|
||||
services.blueman.enable = true; # bluetooth gui
|
||||
# raspberry pi specific
|
||||
# systemd.services.btattach = {
|
||||
# before = [ "bluetooth.service" ];
|
||||
# after = [ "dev-ttyAMA0.device" ];
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# serviceConfig = {
|
||||
# ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
|
||||
# };
|
||||
# };
|
||||
# networking.wireless.enable = true;
|
||||
# networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path;
|
||||
# networking.wireless.networks = {
|
||||
# "SMARTments".pskRaw = "ext:PSK";
|
||||
# };
|
||||
|
||||
# networking.networkmanager.enable = lib.mkForce false;
|
||||
|
||||
services.gnome.at-spi2-core.enable = true; # for onboard
|
||||
|
||||
networking.hostName = "pianonix";
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
sops.secrets."vnc-passwd" = {
|
||||
owner = config.users.users.julian.name;
|
||||
sopsFile = ./vnc-passwd;
|
||||
sopsFile = ./secrets-vnc-passwd.bin;
|
||||
format = "binary";
|
||||
};
|
||||
sops.secrets."wifi/pianonix" = {};
|
||||
@@ -44,6 +68,18 @@
|
||||
# sops.secrets."syncthing/public-keys/aspi-nix" = { };
|
||||
# sops.secrets."syncthing/public-keys/pianonix" = { };
|
||||
|
||||
sops.secrets."wg-config" = {
|
||||
sopsFile = ./secrets-wg-config.bin;
|
||||
format = "binary";
|
||||
};
|
||||
|
||||
networking.wg-quick.interfaces = {
|
||||
home = {
|
||||
configFile = config.sops.secrets."wg-config".path;
|
||||
autostart = true; # This interface is started on boot
|
||||
};
|
||||
};
|
||||
|
||||
modules = {
|
||||
syncthing = {
|
||||
enable = true;
|
||||
@@ -53,6 +89,7 @@
|
||||
|
||||
# Enable the Desktop Environment.
|
||||
# services.xserver.displayManager.lightdm.enable = true;
|
||||
services.displayManager.defaultSession = "xfce";
|
||||
services.displayManager.autoLogin = {
|
||||
enable = true;
|
||||
user = "julian";
|
||||
@@ -72,10 +109,11 @@
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.timeout = 1; # Set boot loader timeout to 1s
|
||||
boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s
|
||||
|
||||
# De-facto disable network manager, which is enabled by gnome
|
||||
# networking.networkmanager.unmanaged = [ "*" ];
|
||||
services.xserver.enable = true;
|
||||
services.xserver.desktopManager = {
|
||||
xfce = {
|
||||
enable = true;
|
||||
|
||||
@@ -14,9 +14,15 @@
|
||||
boot.initrd.kernelModules = [];
|
||||
boot.kernelModules = [];
|
||||
boot.extraModulePackages = [];
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest; # use latest linux kernel
|
||||
boot.supportedFilesystems = lib.mkForce [
|
||||
# remove zfs, since its incompatible with latest kernel
|
||||
"vfat"
|
||||
"ext4"
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
|
||||
19
hosts/pianonix/secrets-vnc-passwd.bin
Normal file
19
hosts/pianonix/secrets-vnc-passwd.bin
Normal file
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:13hToequR4A=,iv:U7a6mIOYanQjozPrL92edFrhdyuSJj14pqVa2tGE/zA=,tag:uyeE3dj7NTKPi0jNLkFMLA==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWEFYNThYQkpuTW10MjNM\nU3pWYmE5UnBPUzhQSTltc3hXdk9EWkg5czI0CmxnK3FuYitGci9ndnRCZms4a0lD\nOWh4alF1MEtJUis5YVNyYXRLbVppNnMKLS0tIEQ5WVVIMzlIV0pnc2ZWMnc5bjE4\nR3lpbzJiRmljcWI4SWlOS2svZVBSYnMKYIfhDjNZPDxmws3Z3P55K7V/NHiukQ0u\n00Kk603U+1JhgfJBk0Y3tMo//vKCHQj87wtZoqDLEN7Gu+ZtHhkhow==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSVpBR1NPY0svSWNWYzFC\nZE1uTjZTRm9XM24wcXByajVDYUJ4Y3FmNUc0CkJMMXRtUE5mSjYwU25MYy9xNFlP\ndUNmYmJ5RVF0dG5LYjA4L1NnNEtCMVEKLS0tIFl0Slovd2NiWjg1VXJ1VDJwTWJQ\nTWFZeW1ZYisvenVycWYwZ1lkOXBaVVUKqGu6Q8IbiUAzazLKN95uAtmXJMPzx02u\nr/R8q7ugG8lX5pWX3H3P7vtBz57Oo3rWlRpUhN/4+PpijkJNUyr3XQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-12-01T16:14:57Z",
|
||||
"mac": "ENC[AES256_GCM,data:zKz8OX1yi68Qn3X6HwdbgTCr/3ZVBh5Wz4KUACmWG3XhOEVi8uoDEdAxfKMDBqNzXLeDmxxTKj6TMLkk68ozDYJqu0OevVritnZqvBTr9VKGpMPBFN3DuaeqSZ6wjHGbce1iqO0kusnwopRbEWHmr/lZxiXTNgLPdN+p5Aszi54=,iv:resppfGPecKvKwqNwqecDBcXGhcTWSGZis8hf1jT0Us=,tag:V80P25Pr4HD9pUUrQHZSQg==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
||||
19
hosts/pianonix/secrets-wg-config.bin
Normal file
19
hosts/pianonix/secrets-wg-config.bin
Normal file
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:SFc3K1hvBjeCS6ikLZl3vIPFJqsUrZZi9yO9tVuv14exKhOuK17HN/d+cYMtVxGwqQ/biFdXYdP8/sfTPwwZgd/wRLT2xRDMOg5ru7kj8sEhcOEYmrgYRLo3ImdWANFaxelWOmjEvzphTQ7guvXTo7BACUA9AygYa9Ou9bklYImWhOCsk8e9uz5afLZXscidiqUqqFuJNo3QGMDEAxFI2YC3OpLwEj5zlsI4AXEEHRVUxU1sVtspdolDaeiFIs/JW4jLu/2la6JyGJUluYXAThzL1LO39NA/MSNskMSedatz89vnCd9CP6Q3eT93vrUYAEY=,iv:e+tWIlHm4NH1w8AQAw6tvgCX9XOiroE1XmrSua3Bcg4=,tag:RwGpKtG9JzQ3TgcnzEV5Rg==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYTFjRnpPVDAvQ0ZHZU0v\neEduOTVockFoZGhuMmZNd0w3bVFCVUQzUlI4CmZTaktOQWxrTDNpYXlPTm9SdlZZ\nN0dURmlHVFlHSjZpbkpGb09lTmVzWm8KLS0tIDhMWlFIRWFkQjcya0hjeUdUSklB\nbWlqNlVoR1BnWG9TM0RhWnI4a0J4YUEKGWIX77EVXYFVyA2u6CkF1cGfwd4Gq0Vb\nNqrlMUYEDZ5nO/eLWsAt2kj1/YFjkGw0iI02HLRHdxQ59vFyl3CS1Q==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNlZGdktzSGp0bzIyUjlR\nUU9LSXRrZTgxcEZwczhidWVOdGRnRFYrOVZZCmx3VzM4V2dsWmZpUWxNUG82MzU2\nT3dmQjRwdmRJbTJxVm9vQjJKU3JXSncKLS0tIFlhYy9uQW5aa1E0K3Q1RUFSQkZP\nR29sY3RCYVg5bGdqMU1uc0E3Szhmb0kKFzKHUVNDdHWfycb7xWeAyIVlC4ab7ivR\nVlfmbPAXq2THw/s4zk/ckfE5RP82a1aX4++XRa7fm5KXpI8vExjJ5A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-10-14T06:56:31Z",
|
||||
"mac": "ENC[AES256_GCM,data:DrcOET5U6veg0qhcBjQQ5neCdTUufMxhIz4ZQzvzd+YxKfAqaq8R1PW5VVlUjhDBaUH9i3J1Wj6X4E600uhayY0E9I5VqfO84hqlosfZWPiWPO8prK46Y7R3Ybdh9uvWQxiaSxy8KHXsdDgsBFLlmLe/QvsDSUv56rPofkm06vg=,iv:XBFP8ANpsszeXqQIE/v7+GmZGlFtxgE/EtgL/Cc3x+8=,tag:ZJgO+hLuwIatE55wo94RVw==,type:str]",
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
}
|
||||
@@ -1,28 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:13hToequR4A=,iv:U7a6mIOYanQjozPrL92edFrhdyuSJj14pqVa2tGE/zA=,tag:uyeE3dj7NTKPi0jNLkFMLA==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWUp5TU9kWTNpa0s5TFRC\nK1hoc0d0K3JQYWN3VVVWM2JvemtieGo2UGpVCit5MUcvZldBZkNNZ3ZWTWRtd0Zx\nT3I4aTdUcitPRmhhV0htZlhEYjhRakUKLS0tIEdmYUI4N1g1Nkp3YzdtaHJybVcz\neFNwUnd0Vyt2MTBpRTZlMzZnNHJGd1EKy/0zXv9CPf5k0ky7TBGY9GbcIeQyPk1L\nKmMCuWMLX0yTGqB3M3/UNdoc4L0q//7keUZH5PlkxJbnu6IN3fE5qg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdy9tZlZtNFJPRFNUUUNI\nUWtPZmZOY1V5SHc5bTZOZVluTUV6N3dlQWprClVqK2tKNFlBWHdyNDF1Q0d2bi9z\naldTTDdWYzZ6WmgrNHlZSDlTSU9SbmsKLS0tIDJZM2Y4ZDVmZk54eTZLOTU4Ui9X\nR3l3WDkwRWUyakFLdGZXeDJxRUJsaHMK6hgZ1KYe9qx4tO7RervEAKGjNHg4mi0E\nxx3I9P8MFzPiCVKG5ZNxRx25y7H4bQSRRtxIlXIhqzf2+5Q6U7/Hrw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cUg4dUlCY0IwS3pPeTF5\nZTVkRTkzaVBYTmh0MmYyaHlOaFRHSnk5dWs4CmhvaTlSOTFDQzZmbHVudXpwQitV\nQjhRQWl3OHNLVGJYMm1ObVEyQmhxS0kKLS0tIDJsZnN4K2pUOEdIYVg4ZlQ5Ujhn\nNlpGL1hMVXd5cWR2YkdIVmJiblMzR1EKJYS51sKQ/tBV7dv88pOxJhzHQGckoF8q\nwIioVjs9sm4JBgQqSIbVhXwnKl05IUkyAgw6LfsbSJz3nKe7lmmRpg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-12-01T16:14:57Z",
|
||||
"mac": "ENC[AES256_GCM,data:zKz8OX1yi68Qn3X6HwdbgTCr/3ZVBh5Wz4KUACmWG3XhOEVi8uoDEdAxfKMDBqNzXLeDmxxTKj6TMLkk68ozDYJqu0OevVritnZqvBTr9VKGpMPBFN3DuaeqSZ6wjHGbce1iqO0kusnwopRbEWHmr/lZxiXTNgLPdN+p5Aszi54=,iv:resppfGPecKvKwqNwqecDBcXGhcTWSGZis8hf1jT0Us=,tag:V80P25Pr4HD9pUUrQHZSQg==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.8.1"
|
||||
}
|
||||
}
|
||||
@@ -1,9 +1,4 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
{lib, ...}: {
|
||||
options.terminal = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
example = "alacritty";
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
{
|
||||
# hydra-auto-upgrade = import ./hydra-auto-upgrade.nix;
|
||||
syncthing = import ./syncthing.nix;
|
||||
frajulAutoUpgrade = import ./frajul-auto-upgrade.nix;
|
||||
}
|
||||
|
||||
173
modules/nixos/frajul-auto-upgrade.nix
Normal file
173
modules/nixos/frajul-auto-upgrade.nix
Normal file
@@ -0,0 +1,173 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
cfg = config.modules.frajulAutoUpgrade;
|
||||
|
||||
flagFile = "/var/lib/frajul-auto-upgrade/flag";
|
||||
lockFile = "/var/lib/frajul-auto-upgrade/lock";
|
||||
lastStatusFile = "/var/lib/frajul-auto-upgrade/last-status";
|
||||
lastAttemptFile = "/var/lib/frajul-auto-upgrade/last-attempt";
|
||||
in {
|
||||
options.modules.frajulAutoUpgrade = {
|
||||
enable = lib.mkEnableOption "NixOS auto-upgrade on boot";
|
||||
|
||||
user = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "root";
|
||||
description = "User account to run the upgrade service as.";
|
||||
};
|
||||
|
||||
flakePath = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
description = "The path to your flake";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
# Ensure the flag directory exists
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/frajul-auto-upgrade 0755 root root -"
|
||||
"f ${flagFile} 0766 root root -"
|
||||
"f ${lastStatusFile} 0644 root root -"
|
||||
"f ${lastAttemptFile} 0644 root root -"
|
||||
];
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.writeShellScriptBin "frajul-auto-upgrade" ''
|
||||
#!/bin/sh
|
||||
FLAG_FILE="${flagFile}"
|
||||
LOCK_FILE="${lockFile}"
|
||||
LAST_STATUS_FILE="${lastStatusFile}"
|
||||
LAST_ATTEMPT_FILE="${lastAttemptFile}"
|
||||
|
||||
TODAY=$(date +%Y-%m-%d)
|
||||
|
||||
if [ ! -f "$FLAG_FILE" ] || [ "$(cat "$FLAG_FILE")" != "enabled" ]; then
|
||||
echo "Auto upgrade disabled. Exiting."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Check if already attempted today
|
||||
if [ -f "$LAST_ATTEMPT_FILE" ]; then
|
||||
LAST_ATTEMPT_DATE=$(cut -d' ' -f1 "$LAST_ATTEMPT_FILE")
|
||||
if [ "$LAST_ATTEMPT_DATE" = "$TODAY" ]; then
|
||||
echo "Update already attempted today. Skipping."
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f "$LOCK_FILE" ]; then
|
||||
echo "Already running"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo $$ > "$LOCK_FILE"
|
||||
trap 'rm -f "$LOCK_FILE"' EXIT
|
||||
|
||||
if /run/current-system/sw/bin/nix flake update --flake "${cfg.flakePath}" && /run/current-system/sw/bin/nixos-rebuild switch --flake "${cfg.flakePath}"; then
|
||||
echo "success" > "$LAST_STATUS_FILE"
|
||||
else
|
||||
echo "failure" > "$LAST_STATUS_FILE"
|
||||
git -C "${cfg.flakePath}" restore flake.lock
|
||||
fi
|
||||
|
||||
# Write full timestamp
|
||||
date '+%Y-%m-%d %H:%M:%S' > "$LAST_ATTEMPT_FILE"
|
||||
'')
|
||||
|
||||
(pkgs.writeShellScriptBin "frajul-auto-upgrade-status" ''
|
||||
#!/bin/sh
|
||||
FLAG_FILE="${flagFile}"
|
||||
LOCK_FILE="${lockFile}"
|
||||
LAST_STATUS_FILE="${lastStatusFile}"
|
||||
LAST_ATTEMPT_FILE="${lastAttemptFile}"
|
||||
|
||||
if [ -f "$LOCK_FILE" ]; then
|
||||
ICON=" "
|
||||
STATUS="running"
|
||||
elif [ -f "$FLAG_FILE" ] && [ "$(cat "$FLAG_FILE")" == "enabled" ]; then
|
||||
LAST_STATUS="unknown"
|
||||
LAST_ATTEMPT="never"
|
||||
if [ -f "$LAST_STATUS_FILE" ]; then
|
||||
LAST_STATUS=$(cat "$LAST_STATUS_FILE")
|
||||
fi
|
||||
|
||||
if [ -f "$LAST_ATTEMPT_FILE" ]; then
|
||||
LAST_ATTEMPT=$(cat "$LAST_ATTEMPT_FILE")
|
||||
fi
|
||||
|
||||
if [ "$LAST_STATUS" = "success" ]; then
|
||||
ICON=""
|
||||
elif [ "$LAST_STATUS" = "failure" ]; then
|
||||
ICON=""
|
||||
else
|
||||
ICON=""
|
||||
fi
|
||||
|
||||
STATUS="enabled (last attempt: $LAST_ATTEMPT, $LAST_STATUS)"
|
||||
else
|
||||
ICON=" "
|
||||
STATUS="disabled"
|
||||
fi
|
||||
|
||||
echo "{\"text\": \"$ICON\", \"tooltip\": \"NixOS Auto Update: $STATUS\"}"
|
||||
'')
|
||||
|
||||
(pkgs.writeShellScriptBin "frajul-auto-upgrade-toggle" ''
|
||||
#!/bin/sh
|
||||
FLAG_FILE="${flagFile}"
|
||||
LOCK_FILE="${lockFile}"
|
||||
|
||||
if [ ! -f "$FLAG_FILE" ] || [ "$(cat "$FLAG_FILE")" != "enabled" ]; then
|
||||
echo "enabled" > "$FLAG_FILE"
|
||||
else
|
||||
echo "disabled" > "$FLAG_FILE"
|
||||
if [ -f "$LOCK_FILE" ]; then
|
||||
kill -TERM "$(cat "$LOCK_FILE")"
|
||||
fi
|
||||
fi
|
||||
'')
|
||||
];
|
||||
|
||||
# Fixes error: repository path '...' is not owned by current user
|
||||
environment.etc."root/.gitconfig".text = ''
|
||||
[safe]
|
||||
directory = ${cfg.flakePath}
|
||||
'';
|
||||
|
||||
systemd.services.frajul-auto-upgrade = {
|
||||
description = "Frajul's NixOS Auto Upgrade";
|
||||
after = ["network-online.target"];
|
||||
wants = ["network-online.target"];
|
||||
restartIfChanged = false; # Do not start service on nixos switch
|
||||
|
||||
path = with pkgs; [
|
||||
coreutils
|
||||
gnutar
|
||||
xz.bin
|
||||
gzip
|
||||
gitMinimal
|
||||
config.nix.package.out
|
||||
config.programs.ssh.package
|
||||
];
|
||||
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
User = cfg.user;
|
||||
ExecStart = "/run/current-system/sw/bin/frajul-auto-upgrade";
|
||||
};
|
||||
};
|
||||
systemd.timers.frajul-auto-upgrade = {
|
||||
description = "Run Frajul's NixOS Auto Upgrade at boot";
|
||||
wantedBy = ["timers.target"];
|
||||
timerConfig = {
|
||||
OnBootSec = "1min";
|
||||
AccuracySec = "10s";
|
||||
Unit = "frajul-auto-upgrade.service";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -11,7 +11,10 @@ in {
|
||||
system.hydraAutoUpgrade = {
|
||||
enable = lib.mkEnableOption "periodic hydra-based auto upgrade";
|
||||
operation = lib.mkOption {
|
||||
type = lib.types.enum ["switch" "boot"];
|
||||
type = lib.types.enum [
|
||||
"switch"
|
||||
"boot"
|
||||
];
|
||||
default = "switch";
|
||||
};
|
||||
dates = lib.mkOption {
|
||||
|
||||
@@ -25,11 +25,11 @@
|
||||
my-pkgs = final: prev: {frajul = import ../pkgs {pkgs = final;};};
|
||||
|
||||
nixpkgs-stable-unstable = final: prev: {
|
||||
unstable = import inputs.nixpkgs {
|
||||
unstable = import inputs.nixpkgs-unstable {
|
||||
system = prev.system;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
stable = import inputs.nixpkgs-stable {
|
||||
stable = import inputs.nixpkgs {
|
||||
system = prev.system;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
|
||||
@@ -12,4 +12,6 @@
|
||||
acer-battery-health-mode = pkgs.callPackage ./acer-battery-health-mode {};
|
||||
pob2 = pkgs.callPackage ./pob2 {};
|
||||
wl-ocr = pkgs.callPackage ./wl-ocr {};
|
||||
rtklib = pkgs.qt6Packages.callPackage ./rtklib {};
|
||||
pob2-frajul = pkgs.callPackage ./pob2-frajul {};
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@ writeShellApplication {
|
||||
sleep 0.1
|
||||
nheko &
|
||||
sleep 0.1
|
||||
telegram-desktop &
|
||||
Telegram &
|
||||
sleep 0.1
|
||||
discord &
|
||||
'';
|
||||
|
||||
16
pkgs/pob2-frajul/default.nix
Normal file
16
pkgs/pob2-frajul/default.nix
Normal file
@@ -0,0 +1,16 @@
|
||||
{
|
||||
writeShellApplication,
|
||||
xhost,
|
||||
}:
|
||||
writeShellApplication {
|
||||
name = "pob2-frajul";
|
||||
|
||||
runtimeInputs = [
|
||||
xhost
|
||||
];
|
||||
|
||||
text = ''
|
||||
xhost +
|
||||
sudo -u pob -i sh /home/pob/pob2.sh
|
||||
'';
|
||||
}
|
||||
40
pkgs/rtklib/default.nix
Normal file
40
pkgs/rtklib/default.nix
Normal file
@@ -0,0 +1,40 @@
|
||||
{
|
||||
stdenv,
|
||||
fetchFromGitHub,
|
||||
cmake,
|
||||
pkg-config,
|
||||
qtbase,
|
||||
wrapQtAppsHook,
|
||||
qtserialport,
|
||||
qttools,
|
||||
...
|
||||
}:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "RTKLIB";
|
||||
version = "b34L";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "rtklibexplorer";
|
||||
repo = "${pname}";
|
||||
rev = "${version}";
|
||||
hash = "sha256-bQcia3aRQNcZ55fvJViAxpo2Ev276HFTZ28SEXJD5Ds=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
cmake
|
||||
pkg-config
|
||||
wrapQtAppsHook
|
||||
];
|
||||
|
||||
buildInputs = [
|
||||
qtbase
|
||||
qtserialport
|
||||
qttools
|
||||
];
|
||||
|
||||
cmakeFlags = [
|
||||
"-DCMAKE_INSTALL_DATAROOTDIR=share"
|
||||
];
|
||||
|
||||
doCheck = true;
|
||||
}
|
||||
Reference in New Issue
Block a user