Compare commits

100 Commits

Author SHA1 Message Date
Gitea Actions
8c8e2abde5 Update flake.lock 2025-04-28 2025-10-22 00:30:13 +00:00
Gitea Actions
ec7618ea19 Update flake.lock 2025-04-27 2025-10-22 00:30:13 +00:00
Gitea Actions
ba64806a7b Update flake.lock 2025-04-26 2025-10-22 00:30:13 +00:00
Gitea Actions
9e2d79f557 Update flake.lock 2025-04-25 2025-10-22 00:30:13 +00:00
Gitea Actions
7e4216e657 Update flake.lock 2025-04-24 2025-10-22 00:30:13 +00:00
Gitea Actions
10e0de84eb Update flake.lock 2025-04-23 2025-10-22 00:30:13 +00:00
Gitea Actions
ae025fe9d6 Update flake.lock 2025-04-22 2025-10-22 00:30:12 +00:00
Gitea Actions
33636cb452 Update flake.lock 2025-04-21 2025-10-22 00:30:12 +00:00
Gitea Actions
15f3bb1435 Update flake.lock 2025-04-20 2025-10-22 00:30:12 +00:00
Gitea Actions
4d729ce925 Update flake.lock 2025-04-19 2025-10-22 00:30:12 +00:00
Gitea Actions
f14964fe5a Update flake.lock 2025-04-18 2025-10-22 00:30:12 +00:00
Gitea Actions
39098d34e1 Update flake.lock 2025-04-17 2025-10-22 00:30:12 +00:00
Gitea Actions
7d33b4af76 Update flake.lock 2025-04-16 2025-10-22 00:30:12 +00:00
Gitea Actions
98221a4272 Update flake.lock 2025-04-15 2025-10-22 00:30:12 +00:00
Gitea Actions
312e5b31af Update flake.lock 2025-04-14 2025-10-22 00:30:12 +00:00
Gitea Actions
85c8543ee5 Update flake.lock 2025-04-13 2025-10-22 00:30:12 +00:00
Gitea Actions
3cd94302d6 Update flake.lock 2025-04-12 2025-10-22 00:30:12 +00:00
Gitea Actions
97ed8e5009 Update flake.lock 2025-04-11 2025-10-22 00:30:12 +00:00
Gitea Actions
7c98ad5e05 Update flake.lock 2025-04-10 2025-10-22 00:30:12 +00:00
Gitea Actions
a235bfe104 Update flake.lock 2025-04-09 2025-10-22 00:30:12 +00:00
Gitea Actions
500aee7e85 Update flake.lock 2025-04-08 2025-10-22 00:30:12 +00:00
Gitea Actions
4bc4a45ada Update flake.lock 2025-04-07 2025-10-22 00:30:12 +00:00
Gitea Actions
1de19a3f0f Update flake.lock 2025-04-06 2025-10-22 00:30:12 +00:00
Gitea Actions
3654acf608 Update flake.lock 2025-04-05 2025-10-22 00:30:12 +00:00
Gitea Actions
c557583009 Update flake.lock 2025-04-04 2025-10-22 00:30:12 +00:00
Gitea Actions
874a31a119 Update flake.lock 2025-04-03 2025-10-22 00:30:12 +00:00
Gitea Actions
0e06dda96a Update flake.lock 2025-04-02 2025-10-22 00:30:12 +00:00
Gitea Actions
52f2764e44 Update flake.lock 2025-04-01 2025-10-22 00:30:12 +00:00
Gitea Actions
5111de254c Update flake.lock 2025-03-31 2025-10-22 00:30:12 +00:00
Gitea Actions
39e2d66f43 Update flake.lock 2025-03-30 2025-10-22 00:30:12 +00:00
Gitea Actions
ac2bfa1544 Update flake.lock 2025-03-29 2025-10-22 00:30:12 +00:00
Gitea Actions
d1a95af60e Update flake.lock 2025-03-28 2025-10-22 00:30:12 +00:00
Gitea Actions
94bf5729bc Update flake.lock 2025-03-27 2025-10-22 00:30:12 +00:00
Gitea Actions
eb6327bfd9 Update flake.lock 2025-03-26 2025-10-22 00:30:12 +00:00
Gitea Actions
0c06143ab4 Update flake.lock 2025-03-25 2025-10-22 00:30:12 +00:00
Gitea Actions
b3c8d94ab7 Update flake.lock 2025-03-24 2025-10-22 00:30:12 +00:00
Gitea Actions
4ada4b9376 Update flake.lock 2025-03-23 2025-10-22 00:30:12 +00:00
c1b2b51d13 update flake
Some checks failed
Update Nix Flake / update-flake (push) Failing after 15s
2025-10-21 20:04:02 +02:00
28f78bb67e flake: add nixos-generators for output pianonix-image 2025-10-21 20:03:46 +02:00
114647aa96 pianonix: update commented wireless networking config 2025-10-21 20:03:25 +02:00
64ae389f27 pianonix: update secrets for new installation 2025-10-21 20:03:12 +02:00
fd39dbfcd4 readme: update ssh-to-age command 2025-10-21 20:02:18 +02:00
b13cca7173 shell: add nix helper programs
Some checks failed
Update Nix Flake / update-flake (push) Failing after 20s
2025-10-20 19:37:44 +02:00
7807091b83 builder: use networkmanager again 2025-10-20 19:37:16 +02:00
d3026afb97 update flake 2025-10-20 19:37:05 +02:00
152daf1230 pianonix: multiple improvements, improve secrets, add wireguard, use sheetless in browser 2025-10-20 19:36:24 +02:00
ffda398f8d builder: disable autoupgrade
Some checks failed
Update Nix Flake / update-flake (push) Failing after 13s
2025-10-09 21:29:40 +02:00
3e179960de builder: simplify network config by using static dns list 2025-10-09 21:28:34 +02:00
93e655ed27 aspi: use wireguard via networkmanager 2025-10-09 21:28:14 +02:00
710c1dedb8 install additional software
Some checks failed
Update Nix Flake / update-flake (push) Failing after 13s
2025-10-05 15:36:37 +02:00
28ec5c73d4 format code 2025-10-05 15:36:26 +02:00
fc7285bd5c setup pob user for running pob2-frajul 2025-10-05 15:36:06 +02:00
11ee156b29 pipewire: try fixing video conference freeze 2025-10-05 15:34:21 +02:00
2dba549787 builder: setup as jenkins node 2025-10-05 15:33:58 +02:00
d28c7d870c add caches to substituters 2025-10-05 15:32:52 +02:00
8bf17e74ef use stable nixos-25.05 instead of unstable 2025-10-05 15:30:41 +02:00
08cf457aa3 neovim: use smartcase search 2025-09-11 08:04:03 +02:00
448002ebf4 update config syntax 2025-09-11 08:03:22 +02:00
9735d3f0c0 frajul-auto-upgrade: restore flake.lock if update failed 2025-09-09 21:47:35 +02:00
8f1b0ade4d user: add to rtkit groups to maybe fix audio 2025-09-09 21:47:08 +02:00
db05024dc6 builder: add fallback to substituters 2025-09-09 21:46:36 +02:00
21053dac8c install dig 2025-09-09 21:46:19 +02:00
1ab0bf54fa neovim: fix telescope file_browser, add lsps 2025-09-09 21:46:13 +02:00
5070d4dbfc Add yukari user 2025-09-01 17:24:27 +02:00
12466b4426 frajul-auto-upgrade: re-add lock file usage
Some checks failed
Update Nix Flake / update-flake (push) Failing after 11s
2025-08-03 16:05:46 +02:00
23155d57b7 update flake
Some checks failed
Update Nix Flake / update-flake (push) Failing after 18s
2025-07-26 08:13:42 +02:00
a9e30bd84b Set fallback for binary caches
This makes builds not fail when my own binary cache is offline for some reason
2025-07-26 08:13:02 +02:00
e62f6e9dce Fix frajul-auto-upgrade git permission issue 2025-07-26 08:12:43 +02:00
c543bc13ea hm: disable warn-dirty
Some checks failed
Update Nix Flake / update-flake (push) Failing after 16s
2025-07-12 15:52:17 +02:00
b4d1681b99 hyprland: fix waybar by running it with exec-once 2025-07-12 15:51:43 +02:00
6c32ffbe94 frajul-auto-upgrade: only run once a day
Some checks failed
Update Nix Flake / update-flake (push) Failing after 14s
2025-07-11 16:22:17 +02:00
6787243414 flake: update 2025-07-11 13:15:42 +02:00
d350807e8c builder: do enable auto-upgrades 2025-07-11 13:15:25 +02:00
f872c8db0c aspi: enable frajul auto upgrade module and integrate into waybar 2025-07-11 13:15:02 +02:00
8c53c66c4d Add frajul-auto-upgrade module 2025-07-11 13:14:48 +02:00
0f07029660 Add openconnect plugin to networkmanager
Some checks failed
Update Nix Flake / update-flake (push) Failing after 17s
2025-07-10 17:50:34 +02:00
8010d771a1 builder: add gitlab-runner
Some checks failed
Update Nix Flake / update-flake (push) Failing after 17s
2025-07-09 21:34:52 +02:00
7f4c41429e update flake
Some checks failed
Update Nix Flake / update-flake (push) Failing after 15s
2025-07-04 14:44:51 +02:00
6d21fe4262 format code 2025-07-04 14:44:31 +02:00
c081f95aaf open-messaging: adapt to new telegram program name 2025-07-04 14:44:01 +02:00
452a34c7e8 Neovim: add clangd 2025-07-04 14:43:51 +02:00
15c4616b91 Fix emacs not having TERMINAL env var 2025-07-04 14:43:45 +02:00
07274a0364 Update alacritty config, use as default 2025-07-04 14:41:58 +02:00
3bb8db1349 Fix builder using itself as remote subsituter 2025-07-04 14:40:58 +02:00
65a3dcdc08 Use ghostty as primary terminal
Some checks failed
Update Nix Flake / update-flake (push) Failing after 16s
2025-06-30 08:37:24 +02:00
9fe40bfd13 package rtklib 2025-05-26 21:51:07 +02:00
07943d4f95 format file
Some checks failed
Update Nix Flake / update-flake (push) Failing after 12s
2025-05-23 09:59:30 +02:00
815a79ff41 kardorf: fix seahorse and plasma6 config conflict 2025-05-23 09:58:59 +02:00
32ddceba8f kardorf: use i3 instead of hyprland 2025-05-23 09:58:38 +02:00
55ba4125d6 add latex packages to fix org mode exporting
Some checks failed
Update Nix Flake / update-flake (push) Failing after 11s
2025-05-21 23:01:09 +02:00
b9274f546f update flake 2025-05-21 23:01:03 +02:00
fd246d7daf Add hydra-auto-upgrade module, still wip
Some checks failed
Update Nix Flake / update-flake (push) Failing after 16s
2025-05-16 13:13:47 +02:00
edae0d2bb0 Delete i3 scripts also available in my nix pkgs 2025-05-16 12:56:22 +02:00
1cb23dd0a4 Add todo 2025-05-16 12:53:20 +02:00
ab1052193a rename deprecated options 2025-05-16 12:12:22 +02:00
6dadb2008c kardorf: enable ssh access 2025-05-16 12:11:45 +02:00
18f9cc3fa8 Add user julian to dialout for serial port access 2025-05-16 08:27:45 +02:00
9295ad7010 add kardorf ssh key to common secrets.yaml 2025-05-16 08:27:45 +02:00
e3cf2379ab yazi: update config to new version 2025-05-16 08:27:45 +02:00
f6c3f676b2 update flake 2025-05-16 08:27:45 +02:00
55 changed files with 1768 additions and 303 deletions

View File

@@ -1,7 +1,7 @@
keys: keys:
- &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg - &primary age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
- &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4 - &aspi-ssh age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
- &pianonix-ssh age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct - &pianonix-ssh age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
- &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja - &builder-ssh age1kw4kmdm45zprvdkrrpvgq966l7585vhusmum083qlwnr0xxgd3uqatcyja
- &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5 - &kardorf-ssh age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
@@ -20,7 +20,7 @@ creation_rules:
- *primary - *primary
- *builder-ssh - *builder-ssh
- path_regex: hosts/pianonix/secrets.yaml$ - path_regex: hosts/pianonix/secrets*
key_groups: key_groups:
- age: - age:
- *primary - *primary

View File

@@ -24,7 +24,7 @@ sops edit secrets/secrets.yaml
** Authorize new device ** Authorize new device
- Generate public key from ssh -> Private age key generation not needed - Generate public key from ssh -> Private age key generation not needed
#+begin_src sh #+begin_src sh
ssh-to-age < /etc/ssh/ssh_host_ed25519_key ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub
#+end_src #+end_src
- Add age public key to file:.sops.yaml - Add age public key to file:.sops.yaml
- Update keys - Update keys

884
flake.lock generated

File diff suppressed because it is too large Load Diff

View File

@@ -2,16 +2,21 @@
description = "Home Manager configuration of julian"; description = "Home Manager configuration of julian";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
systems.url = "github:nix-systems/default-linux"; systems.url = "github:nix-systems/default-linux";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nix-colors.url = "github:misterio77/nix-colors"; nix-colors.url = "github:misterio77/nix-colors";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
sops-nix = { sops-nix = {
@@ -28,16 +33,12 @@
}; };
# Various flakes # Various flakes
alacritty-theme = {
url = "github:alacritty/alacritty-theme";
flake = false;
};
yazi-flavors = { yazi-flavors = {
url = "github:yazi-rs/flavors"; url = "github:yazi-rs/flavors";
flake = false; flake = false;
}; };
nixvim = { nixvim = {
url = "github:nix-community/nixvim"; url = "github:nix-community/nixvim/nixos-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-matlab = { nix-matlab = {
@@ -88,7 +89,7 @@
packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;}); packages = forEachSystem (pkgs: import ./pkgs {inherit pkgs;});
devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;}); devShells = forEachSystem (pkgs: import ./shell.nix {inherit pkgs;});
formatter = forEachSystem (pkgs: pkgs.alejandra); formatter = forEachSystem (pkgs: pkgs.alejandra); # nix fmt *
nixosConfigurations = { nixosConfigurations = {
# Main laptop # Main laptop
@@ -187,5 +188,15 @@
}; };
}; };
}; };
# substitutes: nixos-generate --flake .#pianonix -f sd-aarch64 --system aarch64-linux
pianonix-image = inputs.nixos-generators.nixosGenerate {
system = "aarch64-linux";
format = "sd-aarch64";
modules = [./hosts/pianonix];
specialArgs = {
inherit inputs outputs;
};
};
}; };
} }

View File

@@ -6,8 +6,9 @@
./features/direnv ./features/direnv
./features/topgrade ./features/topgrade
./features/neovim ./features/neovim
./features/kitty ./features/ghostty
./features/wezterm ./features/wezterm
./features/alacritty
./features/yazi ./features/yazi
./features/emacs ./features/emacs
@@ -20,7 +21,7 @@
hostName = "aspi"; hostName = "aspi";
is-nixos = true; is-nixos = true;
terminal = "kitty"; terminal = "alacritty";
# ------- ---------- # ------- ----------
# | eDP-1 | | HDMI-A-1 | # | eDP-1 | | HDMI-A-1 |

View File

@@ -1,3 +0,0 @@
import = [
"~/.config/alacritty/theme/themes/smoooooth.toml"
]

View File

@@ -1,15 +1,12 @@
{ {
lib, lib,
pkgs,
inputs,
config, config,
... ...
}: { }: {
home.packages = with pkgs; [alacritty]; programs.alacritty = {
enable = true;
home.file = { settings = {};
".config/alacritty/theme".source = "${inputs.alacritty-theme}"; theme = "smoooooth";
".config/alacritty/alacritty.toml".source = ./alacritty.toml;
}; };
home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "alacritty") "alacritty"; home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "alacritty") "alacritty";

View File

@@ -0,0 +1,16 @@
{
lib,
config,
...
}: {
programs.ghostty = {
enable = true;
enableFishIntegration = true;
settings = {
theme = "catppuccin-mocha";
font-size = 12;
};
};
home.sessionVariables.TERMINAL = lib.mkIf (config.terminal == "ghostty") "ghostty";
}

View File

@@ -24,7 +24,7 @@ in {
./zathura.nix ./zathura.nix
./waypipe.nix ./waypipe.nix
./hyprbars.nix # ./hyprbars.nix
]; ];
xdg.portal = { xdg.portal = {
@@ -48,23 +48,21 @@ in {
wf-recorder wf-recorder
wl-clipboard wl-clipboard
(pkgs.writeShellScriptBin (pkgs.writeShellScriptBin "toggle-screen-mirroring" (
"toggle-screen-mirroring" builtins.readFile ./toggle-screen-mirroring.sh
(builtins.readFile ))
./toggle-screen-mirroring.sh))
( (pkgs.writeShellScriptBin "correct-workspace-locations" (
pkgs.writeShellScriptBin lib.concatStringsSep "\n" (
"correct-workspace-locations"
(
lib.concatStringsSep "\n"
(
builtins.concatLists ( builtins.concatLists (
map (monitor: map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces) config.monitors map (
) monitor:
) map (ws: "hyprctl dispatch moveworkspacetomonitor ${ws} ${monitor.name}") monitor.workspaces
)
config.monitors
) )
) )
))
]; ];
services.cliphist = { services.cliphist = {
@@ -157,11 +155,17 @@ in {
settings = { settings = {
"$mod" = "SUPER"; "$mod" = "SUPER";
# Environment variables programs like emacs have access to
env = "TERMINAL,${config.terminal}";
# Monitors # Monitors
monitor = ",preferred,auto,1"; monitor = ",preferred,auto,1";
# Autostart # Autostart
exec-once = ["firefox"]; exec-once = [
(lib.getExe pkgs.firefox)
(lib.getExe pkgs.waybar)
];
# Look and Feel # Look and Feel
general = { general = {
@@ -280,7 +284,7 @@ in {
# opening applications # opening applications
"$mod, D, exec, wofi --show drun,run" "$mod, D, exec, wofi --show drun,run"
"$mod, E, exec, pcmanfm" "$mod, E, exec, pcmanfm"
"$mod, Return, exec, kitty" "$mod, Return, exec, ${config.terminal}"
"$mod, B, exec, firefox" "$mod, B, exec, firefox"
"$mod, C, exec, qalculate-gtk" "$mod, C, exec, qalculate-gtk"

View File

@@ -12,7 +12,14 @@
"modules-center": [], "modules-center": [],
"modules-right": ["idle_inhibitor", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"], "modules-right": ["idle_inhibitor", "custom/nixos-update", "disk", "cpu", "memory", "pulseaudio", "battery", "clock", "tray"],
"custom/nixos-update": {
"exec": "frajul-auto-upgrade-status",
"return-type": "json",
"interval": 2,
"on-click-right": "frajul-auto-upgrade-toggle"
},
"hyprland/workspaces": { "hyprland/workspaces": {
"on-scroll-up": "hyprctl dispatch workspace m+1", "on-scroll-up": "hyprctl dispatch workspace m+1",
@@ -35,6 +42,7 @@
}, },
"idle_inhibitor": { "idle_inhibitor": {
"start-activated": true,
"format": "{icon}", "format": "{icon}",
"format-icons": { "format-icons": {
"activated": "", "activated": "",

View File

@@ -10,7 +10,7 @@
in { in {
programs.waybar = { programs.waybar = {
enable = true; enable = true;
systemd.enable = true; # systemd.enable = true;
settings.mainBar = builtins.fromJSON (builtins.readFile ./config.json); settings.mainBar = builtins.fromJSON (builtins.readFile ./config.json);
}; };

View File

@@ -142,8 +142,8 @@ bindsym $mod+Shift+9 move container to workspace number $ws9; workspace $ws9
bindsym $mod+Shift+0 move container to workspace number $ws10; workspace $ws10 bindsym $mod+Shift+0 move container to workspace number $ws10; workspace $ws10
# Monitor config # Monitor config
set $monitor_left "DVI-D-0" set $monitor_left "DVI-D-1"
set $monitor_right "DVI-D-1" set $monitor_right "DVI-D-2"
workspace $ws1 output $monitor_left workspace $ws1 output $monitor_left
workspace $ws2 output $monitor_left workspace $ws2 output $monitor_left

View File

@@ -1,27 +0,0 @@
#!/bin/sh
start_if_not_running()
{
program=$1
pidof -sq $program
if [ "$?" -eq "1" ]; then
start_program $1
else
echo "$program is already running"
fi
}
start_program()
{
program=$1
echo "Starting $program..."
$program & > /dev/null
}
i3-msg 'workspace 9; append_layout ~/.config/i3/workspace-messaging.json'
start_program nheko
sleep 0.1
start_program telegram-desktop
sleep 0.1
start_program thunderbird
sleep 0.1

View File

@@ -1,20 +0,0 @@
#!/bin/sh
HDMI_SINK="alsa_output.pci-0000_00_1f.3-platform-skl_hda_dsp_generic.HiFi__hw_sofhdadsp_3__sink"
LAPTOP_SINK="alsa_output.pci-0000_00_1f.3-platform-skl_hda_dsp_generic.HiFi__hw_sofhdadsp__sink"
HDMI_ICON=$(pactl info | grep -q $HDMI_SINK && echo "checkbox")
LAPTOP_ICON=$(pactl info | grep -q $LAPTOP_SINK && echo "checkbox")
HDMI_VOLUME=$(pactl get-sink-volume $HDMI_SINK | head -n 1 | awk '{print $5}')
LAPTOP_VOLUME=$(pactl get-sink-volume $LAPTOP_SINK | head -n 1 | awk '{print $5}')
read -r -d '' CONF <<EOF
Open Pavucontrol,pavucontrol,pavucontrol
^sep()
HDMI - $HDMI_VOLUME,pactl set-default-sink $HDMI_SINK,$HDMI_ICON
Laptop - $LAPTOP_VOLUME,pactl set-default-sink $LAPTOP_SINK,$LAPTOP_ICON
EOF
echo "$CONF" | jgmenu --simple

View File

@@ -36,6 +36,8 @@
opts = { opts = {
number = false; number = false;
relativenumber = false; relativenumber = false;
ignorecase = true;
smartcase = true;
}; };
clipboard.register = "unnamedplus"; # Use system clipboard clipboard.register = "unnamedplus"; # Use system clipboard
@@ -49,7 +51,7 @@
key = "<leader><space>"; key = "<leader><space>";
} }
{ {
action = "<cmd>Telescope file_browser<cr>"; action = "<cmd>Telescope file_browser path=%:p:h<cr>";
key = "<leader>."; key = "<leader>.";
} }
{ {
@@ -140,17 +142,21 @@
}; };
lsp = { lsp = {
enable = true; enable = true; # includes lsp-config, default settings for the lsps
servers = { servers = {
rust_analyzer = { rust_analyzer = {
enable = true; enable = true;
installCargo = true; installCargo = true;
installRustc = true; installRustc = true;
}; };
nixd.enable = true; nixd.enable = true; # nix
pyright.enable = true; pyright.enable = true; # python
dockerls.enable = true; dockerls.enable = true; # docker
lua_ls.enable = true; lua_ls.enable = true; # lua
clangd.enable = true; # c, c++
dartls.enable = true; # dart, flutter
digestif.enable = true; # latex
tinymist.enable = true; # typst
}; };
}; };
}; };

View File

@@ -40,6 +40,7 @@
wireguard-tools # wg-quick wireguard-tools # wg-quick
xorg.xkill xorg.xkill
zip zip
dig
## My scripts ## My scripts
frajul.edit-config frajul.edit-config

View File

@@ -22,6 +22,7 @@
calibre # ebook manager and viewer calibre # ebook manager and viewer
# digikam # digikam
discord discord
discord-ptb # in case discord updates take their time
# dvdisaster # dvdisaster
# element-desktop # element-desktop
# rocketchat-desktop # rocketchat-desktop
@@ -31,10 +32,11 @@
nheko nheko
evince # Simple pdf reader, good for focusing on document content evince # Simple pdf reader, good for focusing on document content
firefox firefox
vivaldi
# geogebra # geogebra
cheese cheese
handbrake handbrake
kitty # Terminal # kitty # Terminal, already available as feature
libnotify libnotify
libreoffice libreoffice
mate.engrampa mate.engrampa
@@ -61,8 +63,12 @@
zotero # Manage papers and other sources zotero # Manage papers and other sources
pdfpc # Present slides in pdf form pdfpc # Present slides in pdf form
networkmanager-openvpn
keepassxc
## My scripts ## My scripts
frajul.open-messaging frajul.open-messaging
frajul.xwacomcalibrate frajul.xwacomcalibrate
frajul.pob2-frajul
]; ];
} }

View File

@@ -29,6 +29,10 @@
standalone standalone
amsmath amsmath
preview preview
# needed for org mode export
wrapfig
capt-of
biblatex
; ;
}) })
matlab # Using nix-matlab overlay defined in flake matlab # Using nix-matlab overlay defined in flake
@@ -58,6 +62,7 @@
## My scripts ## My scripts
frajul.deploy-to-pianopi frajul.deploy-to-pianopi
frajul.rtklib
(pkgs.writeShellScriptBin "matlab-rsp" '' (pkgs.writeShellScriptBin "matlab-rsp" ''
matlab -desktop -sd "/home/julian/git/uwa-channel-model" -softwareopengl matlab -desktop -sd "/home/julian/git/uwa-channel-model" -softwareopengl

View File

@@ -26,7 +26,7 @@
programs.yazi.enable = true; programs.yazi.enable = true;
programs.yazi.enableFishIntegration = true; programs.yazi.enableFishIntegration = true;
programs.yazi.settings.manager = { programs.yazi.settings.manager = {
sort_by = "modified"; sort_by = "mtime";
sort_reverse = true; sort_reverse = true;
show_hidden = true; show_hidden = true;
}; };

View File

@@ -20,7 +20,7 @@
"flakes" "flakes"
"ca-derivations" "ca-derivations"
]; ];
# warn-dirty = false; # TODO: do I want it? also for systems warn-dirty = false; # TODO: do I want it? also for systems
}; };
}; };

View File

@@ -39,5 +39,8 @@
]; ];
# nix.settings. # warn-dirty = false; # TODO: do I want this # nix.settings. # warn-dirty = false; # TODO: do I want this
#
# Ensure we can still build when missing-server is not accessible
fallback = true;
}; };
} }

View File

@@ -6,13 +6,13 @@
./features/direnv ./features/direnv
./features/topgrade ./features/topgrade
./features/neovim ./features/neovim
./features/kitty ./features/ghostty
./features/wezterm ./features/wezterm
./features/yazi ./features/yazi
./features/emacs ./features/emacs
./features/hyprland # ./features/hyprland
# ./features/i3 ./features/i3
./features/suites/cli ./features/suites/cli
./features/suites/desktop ./features/suites/desktop
@@ -21,7 +21,7 @@
hostName = "kardorf"; hostName = "kardorf";
is-nixos = true; is-nixos = true;
terminal = "kitty"; terminal = "ghostty";
# --------- --------- # --------- ---------
# | DVI-D-1 | | DVI-D-2 | # | DVI-D-1 | | DVI-D-2 |

View File

@@ -14,8 +14,8 @@
is-nixos = true; is-nixos = true;
terminal = "wezterm"; terminal = "wezterm";
services.syncthing.tray.enable = true; # services.syncthing.tray.enable = true;
services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available # services.syncthing.tray.command = "syncthingtray --wait"; # Wait for tray to become available
home.packages = with pkgs; [ home.packages = with pkgs; [
music-reader music-reader
@@ -27,9 +27,33 @@
onboard onboard
]; ];
programs.firefox = {
enable = true;
profiles.default = {
isDefault = true;
settings = {
"browser.startup.homepage" = "https://sheets.julian-mutter.de";
"browser.startup.page" = 1; # 0=blank, 1=home page, 3=restore previous session
};
};
};
programs.chromium = {
enable = true;
# commandLineArgs = [
# "--homepage=https://sheets.julian-mutter.de"
# "--no-first-run"
# ];
};
# Autostart link # Autostart link
home.file = { home.file = {
".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop"; # ".config/autostart/sheet-organizer.desktop".source = "${pkgs.sheet-organizer}/share/applications/sheet-organizer.desktop";
# ".config/autostart/firefox.desktop".source = "${pkgs.firefox}/share/applications/firefox.desktop";
".config/autostart/chromium.desktop".source = "${pkgs.chromium}/share/applications/chromium.desktop";
".config/sheet-organizer/config.toml".text = '' ".config/sheet-organizer/config.toml".text = ''
working_directory = "/home/julian/Klavier" working_directory = "/home/julian/Klavier"
''; '';

View File

@@ -19,7 +19,7 @@
is-nixos = false; is-nixos = false;
# terminal = "kitty"; # terminal = "kitty";
home.sessionPath = [ "/snap/bin" ]; home.sessionPath = ["/snap/bin"];
home.packages = home.packages =
lib.lists.concatMap (packages-list-file: import packages-list-file {inherit pkgs;}) lib.lists.concatMap (packages-list-file: import packages-list-file {inherit pkgs;})

View File

@@ -4,6 +4,9 @@
../common/global ../common/global
../common/users/julian ../common/users/julian
../common/users/yukari
../common/users/pob
../common/optional/binarycaches.nix
../common/optional/remote-builder.nix ../common/optional/remote-builder.nix
../common/optional/boot-efi.nix ../common/optional/boot-efi.nix
@@ -17,7 +20,7 @@
../common/optional/virtualbox.nix ../common/optional/virtualbox.nix
../common/optional/podman.nix ../common/optional/podman.nix
../common/optional/wireguard.nix # ../common/optional/wireguard.nix
../common/optional/flatpak.nix ../common/optional/flatpak.nix
../common/optional/avahi.nix ../common/optional/avahi.nix
@@ -31,7 +34,13 @@
enable = true; enable = true;
overrideSettings = false; overrideSettings = false;
}; };
frajulAutoUpgrade = {
enable = true;
flakePath = "/home/julian/.dotfiles";
}; };
};
services.desktopManager.plasma6.enable = true;
services.blueman.enable = true; services.blueman.enable = true;
services.upower.enable = true; services.upower.enable = true;

View File

@@ -1,22 +1,39 @@
# sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118 # sudo nixos-rebuild switch --flake .#builder --target-host root@192.168.3.118
# or # or
# deploy .#builder # deploy .#builder
{config, ...}: { {
config,
pkgs,
...
}: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../common/global ../common/global/fish.nix # fish for admin
../common/global/locale.nix
../common/global/nix.nix
../common/global/sops.nix
../common/global/root.nix
]; ];
networking.hostName = "builder"; networking.hostName = "builder";
system.stateVersion = "23.11"; system.stateVersion = "23.11";
networking.networkmanager.enable = true;
networking.nameservers = [
"192.168.3.252"
"172.30.20.10"
"1.1.1.1"
];
users.mutableUsers = false;
users.users.nix = { users.users.nix = {
isNormalUser = true; isNormalUser = true;
description = "Nix"; description = "Nix";
extraGroups = [ extraGroups = [
"networkmanager" "networkmanager"
"wheel" "wheel"
"docker"
]; ];
}; };
@@ -30,14 +47,33 @@
substituters = [ substituters = [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.nixos.org/" "https://cache.nixos.org/"
"https://hyprland.cachix.org"
"https://devenv.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
]; ];
trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="];
trusted-users = ["nix"]; trusted-users = ["nix"];
max-jobs = "auto"; max-jobs = "auto";
cores = 0; cores = 0;
# Ensure we can still build when missing-server is not accessible
fallback = true;
}; };
# system.autoUpgrade = {
# enable = true;
# flake = "git+https://gitlab.julian-mutter.de/julian/dotfiles";
# flags = [
# "--recreate-lock-file" # update lock file
# ];
# dates = "02:13";
# };
# optimize store by hardlinking store files # optimize store by hardlinking store files
nix.optimise.automatic = true; nix.optimise.automatic = true;
nix.optimise.dates = ["03:15"]; nix.optimise.dates = ["03:15"];
@@ -83,9 +119,28 @@
services.openssh = { services.openssh = {
enable = true; enable = true;
# require public key authentication for better security # require public key authentication for better security
settings.PasswordAuthentication = true; settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false; settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
# Add older algorithms for jenkins ssh-agents-plugin to be compatible
settings.Macs = [
"hmac-sha2-512-etm@openssh.com"
"hmac-sha2-256-etm@openssh.com"
"umac-128-etm@openssh.com"
"hmac-sha2-512"
"hmac-sha2-256"
"umac-128@openssh.com"
];
settings.KexAlgorithms = [
"diffie-hellman-group-exchange-sha1"
"diffie-hellman-group14-sha1"
"mlkem768x25519-sha256"
"sntrup761x25519-sha512"
"sntrup761x25519-sha512@openssh.com"
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256"
];
}; };
users.users."root".openssh.authorizedKeys.keys = [ users.users."root".openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjSZYdoF/51F+ykcBAYVCzCPTF5EEigWBL1APiR0h+H julian@aspi"
@@ -183,7 +238,16 @@
url = "https://gitlab.julian-mutter.de"; url = "https://gitlab.julian-mutter.de";
name = "builder"; name = "builder";
tokenFile = config.sops.secrets."gitea_token".path; tokenFile = config.sops.secrets."gitea_token".path;
labels = []; # use default labels labels = [
# provide a debian base with nodejs for actions
"debian-latest:docker://node:18-bullseye"
# fake the ubuntu name, because node provides no ubuntu builds
"ubuntu-latest:docker://node:18-bullseye"
# devenv
"devenv:docker://ghcr.io/cachix/devenv/devenv:latest"
# provide native execution on the host
"nixos:host"
];
}; };
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
@@ -241,4 +305,41 @@
}; };
}; };
}; };
services.gitlab-runner.enable = true;
# runner for everything else
#
sops.secrets."gitlab_runner_token".sopsFile = ./secrets.yaml;
services.gitlab-runner.services.default = {
# File should contain at least these two variables:
authenticationTokenConfigFile = config.sops.secrets."gitlab_runner_token".path;
dockerImage = "alpine:latest";
dockerVolumes = [
"/var/run/docker.sock:/var/run/docker.sock"
];
};
### Jenkins node
users.users.jenkins = {
createHome = true;
home = "/var/lib/jenkins";
group = "jenkins";
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ36sQhVz3kUEi8754G7r3rboihhG4iqFK/UvQm6SING jenkins@home"
];
packages = with pkgs; [
git
devenv
];
extraGroups = [
"docker"
];
};
users.groups.jenkins = {};
programs.java = {
enable = true;
package = pkgs.jdk21; # Same as jenkins version on home
};
} }

File diff suppressed because one or more lines are too long

View File

@@ -0,0 +1,16 @@
{
inputs,
config,
...
}: {
system.hydraAutoUpgrade = {
# Only enable if not dirty
enable = inputs.self ? rev;
dates = "*:0/10"; # Every 10 minutes
instance = "http://hydra.julian-mutter.de";
project = "dotfiles";
jobset = "main";
job = "hosts.${config.networking.hostName}";
oldFlakeRef = "self";
};
}

View File

@@ -2,6 +2,8 @@
{ {
inputs, inputs,
outputs, outputs,
pkgs,
lib,
... ...
}: { }: {
imports = imports =
@@ -22,10 +24,18 @@
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Networking # Networking
networking.networkmanager.enable = true; networking.networkmanager = {
enable = true;
plugins = with pkgs; [
networkmanager-openconnect
];
};
services.resolved.enable = true; services.resolved.enable = true;
programs.dconf.enable = true; networking.nameservers = lib.mkDefault [
"1.1.1.1"
"8.8.8.8"
];
# HM # HM
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;

View File

@@ -26,26 +26,6 @@
]; ];
# warn-dirty = false; # warn-dirty = false;
# Setup binary caches
nix.settings = {
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://hyprland.cachix.org"
"http://binarycache.julian-mutter.de"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
];
trusted-users = [
"root"
"@wheel"
]; # needed for devenv to add custom caches
};
nix.gc = { nix.gc = {
automatic = true; automatic = true;
dates = "weekly"; dates = "weekly";

View File

@@ -1,8 +1,14 @@
{pkgs, ...}: { {
pkgs,
lib,
...
}: {
# Make programs like nextcloud client access saved passwords # Make programs like nextcloud client access saved passwords
programs.seahorse.enable = true;
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
programs.seahorse.enable = true;
programs.ssh.askPassword = lib.mkForce "${pkgs.seahorse}/libexec/seahorse/ssh-askpass"; # Solve conflicting definition in seahorse and plasma6
# Make authentication work for e.g. gparted # Make authentication work for e.g. gparted
security.polkit.enable = true; security.polkit.enable = true;
systemd = { systemd = {

View File

@@ -0,0 +1,31 @@
{
lib,
outputs,
...
}: {
# Setup binary caches
nix.settings = {
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://hyprland.cachix.org"
"http://binarycache.julian-mutter.de"
"https://devenv.cachix.org"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"binarycache.julian-mutter.de:oJ67uRFwRhNPKL58CHzy3QQLv38Kx7OA1K+6xlEPu7E="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
];
trusted-users = [
"root"
"@wheel"
]; # needed for devenv to add custom caches
# Ensure we can still build when missing-server is not accessible
fallback = true;
};
}

View File

@@ -13,7 +13,7 @@ in {
PasswordAuthentication = false; PasswordAuthentication = false;
PermitRootLogin = "no"; PermitRootLogin = "no";
# TODO: what does this d # TODO: what does this do
# Let WAYLAND_DISPLAY be forwarded # Let WAYLAND_DISPLAY be forwarded
AcceptEnv = "WAYLAND_DISPLAY"; AcceptEnv = "WAYLAND_DISPLAY";
X11Forwarding = true; X11Forwarding = true;
@@ -34,7 +34,7 @@ in {
# publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub; # publicKeyFile = ../../${hostname}/ssh_host_ed25519_key.pub;
# extraHostNames = # extraHostNames =
# [ # [
# "${hostname}.m7.rs" # # "${hostname}.m7.rs"
# ] # ]
# ++ # ++
# # Alias for localhost if it's the same host # # Alias for localhost if it's the same host

View File

@@ -3,6 +3,7 @@
services.pulseaudio.enable = false; services.pulseaudio.enable = false;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
wireplumber.enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
@@ -14,6 +15,14 @@
"module.x11.bell" = false; "module.x11.bell" = false;
}; };
}; };
"10-increase-buffer" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.quantum" = 1024;
"default.clock.min-quantum" = 1024;
"default.clock.max-quantum" = 2048;
};
};
}; };
}; };
} }

View File

@@ -14,29 +14,38 @@ sops:
- recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg - recipient: age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTY3lFZlIyRnZOMzNQdnJ2 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBualdnWmtBTThhZDFVdDRP
Z0xQQnY1eHFYekVMV3M0UE5hK2xkbStveFRnCncwVVduSEFFQkpwME5XQzF2Z0tK WHlMamk1MFhUYUwwa0hyQmpobGNocC9VR0ZVCmc3N1FjcUZCNUdTTm91OVpwZDhP
MnhFQ3ZZMk51aGJHUmJFbHA4d1dmdkEKLS0tIHBkVEhaZEY5ZGtYcXRkZzREa0xR bTNXekp2bDd3Tjh6a2ZVTVNTSW9RTU0KLS0tIGJpcUVHb2ZlODgvelhwQ0JFU3l5
eUNsNjE2VS9MTjNtYWluUjJhYXVuTmcKq175s9vx1tPVS+voO+HSkyaT+GbjC/Z+ WU5VanhYMTUvNklYazJxOXVveXhpM2cKCo+4FhhcbRylASEbQb9rAQUzEO1D+0AR
PyKVKyqFAJCRcNP2byaFgAHjXtDFZdipt/0lbw+4UfHrZGpn+9B59Q== 52Jzc9s9rSdypeBRE7SaSOI4eVnkEjPfyhNFvMdxiBzBj7GdocpmCw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4 - recipient: age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByRmxCNUE4MTdZNWlOcmxX YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4STZpU0ZnRzVVOFFRUXZG
RmhDS2NpQ0hoWG83SDlIeVhXaFdxNE4yTUVzCkRxS3M5aU5mdWZkYnpNeC9YR3BX akcwS2Z5V3lmQzRTSGNHT2hDME5JMks2QTNNClpkZzNMc0wyRjVEaVlBRFlyNFhs
N1NEdzlyTm9YT3NQSnowWTZUc1FvYWsKLS0tICs2OVo2djNjUW0yOG41ZTJQeFFB M1pyeW1XdnZubnRxMzEzMFJoK0lkVVEKLS0tIENhRExzUWRWMUlObmhxazM5cU9y
djFENU5USG1QSnRVdlErN1h5bXJhYzQKPDvAHIMR/vT47zbeK3NsS+jSl4HSFRIA aDFyaDJackFoaEZOYWdTbWt0ODB1bm8Kg1VDAj5/i8ZbYxspIdXrI474YN5YkV4H
NbSKwTbEGn963metTh4HJItdWBAOyiCc3l1Ye49ms9JhYM8n4wHLRQ== 86maCRDfUxO5lvu4zBa9pOmFtJ2iuJ2MxDnmCSHTl+GOk8yyUT8JhA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct - recipient: age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVeHJ3NmMzaTh0Zm13Vm1r YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveE9NV2JCOW9odlN6Wmkw
RmNtMi9FYmJGUmxXeEppM3Fnazl1NTl3ajJjCjFrbXM4WGdOV05qckhkbjlSODZR WFEvU2pka3htV2FTTFlpc05ES2JjbGxTaFJZCjhYdG1sRVBFaEF3YjNkWEw3Ny8x
a0VuakllVTdOc2Uxd3BqRmtsN3NJdHcKLS0tIHRRMXFEcWNZOFE4dFJycGdGTzdP MlYyTjJBMHA2YVpHRkkwWW5hNDdrS1UKLS0tIFZXTFNVbkd6VFExc0dSVU4vd3JF
WittUTFFNU5kUWdGcncwdWRQSi9STTgK3GuwolsItCEt3Dh5Lycb8TjfaHTuV/JB ajlFY2pvWW13VGxOZ0hEc3dMbU9IeUUKNSf7ycj+1XHhsoghmY2iR1BwIySqfIOF
P2KSuVsbgjYuCJSknYmSZ+9gdTYC8cVqDnKo7HYFNrCDHZ0P4QwGSg== zawE+MQcQg0u+fy6Aik26eUGvQG3rya2Fx2+3VlAbKB+rbiP0fwsgg==
-----END AGE ENCRYPTED FILE-----
- recipient: age15lxw97z03q40xrdscnxqqugh5ky5aqrerg2t2rphkcqm6rnllurq8v98q5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxaTNJNkJ0RVJiYlRzcmlX
TmEweVdLaGpoVXMxZEFDU3dOZTJCRjdiNENBCkZ3bjJUNm1vcmY1ZUpZcEo4OGxa
UWJKSjNKL002UDhmTmJER2M0MjJ3aG8KLS0tIFMvZjBkOS83T3NDUE82M3kweVNw
VXhoN0VyWkVxMEJPQ3orVUNDK21rRU0KvnmuFxcCpP+LZg7v5jaStw9F0owVrQl9
AkIq7GUJh7xewLxcVZfiBRpXMhw/mM8LYnd2KGP8R/TfYg+v0//+5A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-23T07:00:17Z" lastmodified: "2025-04-23T07:00:17Z"
mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str] mac: ENC[AES256_GCM,data:JgaTIRbzD0hs2o86xUlQrPN2cPXvsuTH/zKG5xbQIDaYcEvD/mkuVa3hfnYKrA91kWg2Y1DgEi9583+o6UCl/+ldY4ptu+xpnYfyQFdhM4rB+KoP/pDt8vQKQ3zAX8fpAkugCgTTbuvm3TfQ1nt98V8boyhCn4JHNC1T0j7ZtZI=,iv:G3YJOLeDWDKuANo2mxS2JAdrRaonD87CU9BpCZZrlRs=,tag:mcKIdP5cSQUwNL2tcv/o6g==,type:str]

View File

@@ -17,12 +17,15 @@ in {
"networkmanager" "networkmanager"
"wheel" "wheel"
"audio" "audio"
"realtime"
"rtkit"
"network" "network"
"video" "video"
"podman" "podman"
"docker" "docker"
"git" "git"
"gamemode" "gamemode"
"dialout"
]; ];
openssh.authorizedKeys.keys = lib.splitString "\n" ( openssh.authorizedKeys.keys = lib.splitString "\n" (

View File

@@ -0,0 +1,28 @@
{
pkgs,
config,
...
}: let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in {
users.mutableUsers = false;
users.users.pob = {
description = "A helper user to use another profile for some applications";
group = "pob";
isNormalUser = true;
shell = pkgs.fish;
extraGroups = ifTheyExist [
"networkmanager"
];
packages = with pkgs; [
firefox
wineWowPackages.stable # 32-bit and 64-bit wine
winetricks
];
};
users.groups.pob = {};
security.sudo.extraConfig = ''
julian ALL=(pob) NOPASSWD: ALL
'';
}

View File

@@ -0,0 +1,100 @@
{
pkgs,
config,
lib,
outputs,
...
}: let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in {
users.mutableUsers = false;
users.users.yukari = {
description = "Yukari";
group = "yukari";
isNormalUser = true;
shell = pkgs.fish;
extraGroups = ifTheyExist [
"networkmanager"
"audio"
"network"
"video"
"podman"
"docker"
"git"
"gamemode"
];
createHome = true;
hashedPassword = "$y$j9T$rGuTL0rfiy7ht8L58BGCw0$fN.KwHjYlIitFEPHndKvV06ezgeWzP3/58o1kkviZwB";
packages = [pkgs.home-manager];
};
users.groups.yukari = {};
home-manager.users.yukari = {
imports =
[
../../../../homes/julian/features/fonts
../../../../homes/julian/features/suites/cli
]
++ (builtins.attrValues outputs.homeManagerModules);
home = {
username = lib.mkDefault "yukari";
homeDirectory = lib.mkDefault "/home/${config.home.username}";
stateVersion = lib.mkDefault "23.11";
sessionPath = ["$HOME/.local/bin"];
packages = with pkgs; [
arandr
calibre # ebook manager and viewer
# digikam
discord
discord-ptb # in case discord updates take their time
# dvdisaster
# element-desktop
# rocketchat-desktop
thunderbird
tdesktop # telegram
# schildichat-desktop # not updated regularly
nheko
evince # Simple pdf reader, good for focusing on document content
firefox
vivaldi
# geogebra
cheese
handbrake
# kitty # Terminal, already available as feature
libnotify
libreoffice
mate.engrampa
nomacs # Image viewer
kdePackages.okular # Pdf reader with many features, good for commenting documents
pavucontrol
pdfsam-basic # Split, merge, etc for pdfs
qalculate-gtk # Nice gui calculator
qpdfview
# qutebrowser
# realvnc-vnc-viewer
rpi-imager # make isos
# rustdesk
tor-browser
unstable.path-of-building # Path of Building
# frajul.pob-dev-version # Path of Building
vlc
wineWowPackages.stable # 32-bit and 64-bit wine
winetricks
xclip # x11 clipboard access from terminal
xfce.mousepad # simple text editor
xournalpp # Edit pdf files
zoom-us # Video conferencing
zotero # Manage papers and other sources
pdfpc # Present slides in pdf form
];
};
programs = {
home-manager.enable = true;
git.enable = true;
};
};
}

View File

@@ -5,13 +5,18 @@
../common/global ../common/global
../common/users/julian ../common/users/julian
../common/users/wolfi ../common/users/wolfi
../common/optional/binarycaches.nix
../common/optional/xserver.nix
../common/optional/remote-builder.nix ../common/optional/remote-builder.nix
../common/optional/boot-efi.nix ../common/optional/boot-efi.nix
../common/optional/greetd.nix # ../common/optional/greetd.nix
# ../common/optional/gdm.nix
# ../common/optional/i3.nix ../common/optional/gdm.nix
../common/optional/i3.nix
../common/optional/openssh.nix
../common/optional/authentication.nix ../common/optional/authentication.nix
../common/optional/pcmanfm.nix ../common/optional/pcmanfm.nix
@@ -29,8 +34,7 @@
programs.kdeconnect.enable = true; programs.kdeconnect.enable = true;
# services.xserver.desktopManager.xfce.enable = true; services.desktopManager.plasma6.enable = true;
services.xserver.desktopManager.plasma6.enable = true;
# Enable CUPS to print documents. # Enable CUPS to print documents.
services.printing.enable = true; services.printing.enable = true;

View File

@@ -80,9 +80,10 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; # Use latest version of driver
# hardware.nvidia.modesetting.enable = true; # produces errors, display manager fails to start # hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
hardware.nvidia.modesetting.enable = true; # produces errors, display manager fails to start
# hardware.nvidia.nvidiaSettings = true; hardware.nvidia.nvidiaSettings = true;
hardware.nvidia.open = false; hardware.nvidia.open = false;
} }

View File

@@ -15,27 +15,51 @@
../common/global ../common/global
../common/users/julian ../common/users/julian
../common/optional/binarycaches.nix
../common/optional/pipewire.nix ../common/optional/pipewire.nix
../common/optional/remote-builder.nix ../common/optional/remote-builder.nix
../common/optional/pcmanfm.nix ../common/optional/pcmanfm.nix
../common/optional/redshift.nix ../common/optional/redshift.nix
../common/optional/authentication.nix ../common/optional/authentication.nix
../common/optional/avahi.nix
]; ];
# disko.devices.disk.main.device = "/dev/mmcblk1"; # disko.devices.disk.main.device = "/dev/mmcblk1";
# networking.wireless.enable = true; # enabled by fish, disabling speeds up builds
# networking.wireless.environmentFile = config.sops.secrets."wifi/pianonix".path; documentation.man.generateCaches = false;
# networking.wireless.networks = {
# "@SSID@".psk = "@PSK@"; networking.enableIPv6 = false; # This only leads to issues with avahi
hardware.bluetooth.enable = true;
services.blueman.enable = true; # bluetooth gui
# raspberry pi specific
# systemd.services.btattach = {
# before = [ "bluetooth.service" ];
# after = [ "dev-ttyAMA0.device" ];
# wantedBy = [ "multi-user.target" ];
# serviceConfig = {
# ExecStart = "${pkgs.bluez}/bin/btattach -B /dev/ttyAMA0 -P bcm -S 3000000";
# }; # };
# };
# networking.wireless.enable = true;
# networking.wireless.secretsFile = config.sops.secrets."wifi/pianonix".path;
# networking.wireless.networks = {
# "SMARTments".pskRaw = "ext:PSK";
# };
# networking.networkmanager.enable = lib.mkForce false;
services.gnome.at-spi2-core.enable = true; # for onboard
networking.hostName = "pianonix"; networking.hostName = "pianonix";
system.stateVersion = "22.11"; system.stateVersion = "22.11";
sops.secrets."vnc-passwd" = { sops.secrets."vnc-passwd" = {
owner = config.users.users.julian.name; owner = config.users.users.julian.name;
sopsFile = ./vnc-passwd; sopsFile = ./secrets-vnc-passwd.bin;
format = "binary"; format = "binary";
}; };
sops.secrets."wifi/pianonix" = {}; sops.secrets."wifi/pianonix" = {};
@@ -44,6 +68,18 @@
# sops.secrets."syncthing/public-keys/aspi-nix" = { }; # sops.secrets."syncthing/public-keys/aspi-nix" = { };
# sops.secrets."syncthing/public-keys/pianonix" = { }; # sops.secrets."syncthing/public-keys/pianonix" = { };
sops.secrets."wg-config" = {
sopsFile = ./secrets-wg-config.bin;
format = "binary";
};
networking.wg-quick.interfaces = {
home = {
configFile = config.sops.secrets."wg-config".path;
autostart = true; # This interface is started on boot
};
};
modules = { modules = {
syncthing = { syncthing = {
enable = true; enable = true;
@@ -53,6 +89,7 @@
# Enable the Desktop Environment. # Enable the Desktop Environment.
# services.xserver.displayManager.lightdm.enable = true; # services.xserver.displayManager.lightdm.enable = true;
services.displayManager.defaultSession = "xfce";
services.displayManager.autoLogin = { services.displayManager.autoLogin = {
enable = true; enable = true;
user = "julian"; user = "julian";
@@ -72,10 +109,11 @@
}; };
}; };
boot.loader.timeout = 1; # Set boot loader timeout to 1s boot.loader.timeout = lib.mkForce 1; # Set boot loader timeout to 1s
# De-facto disable network manager, which is enabled by gnome # De-facto disable network manager, which is enabled by gnome
# networking.networkmanager.unmanaged = [ "*" ]; # networking.networkmanager.unmanaged = [ "*" ];
services.xserver.enable = true;
services.xserver.desktopManager = { services.xserver.desktopManager = {
xfce = { xfce = {
enable = true; enable = true;

View File

@@ -14,9 +14,15 @@
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [];
boot.kernelModules = []; boot.kernelModules = [];
boot.extraModulePackages = []; boot.extraModulePackages = [];
boot.kernelPackages = pkgs.linuxPackages_latest; # use latest linux kernel
boot.supportedFilesystems = lib.mkForce [
# remove zfs, since its incompatible with latest kernel
"vfat"
"ext4"
];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4"; fsType = "ext4";
}; };

View File

@@ -0,0 +1,19 @@
{
"data": "ENC[AES256_GCM,data:13hToequR4A=,iv:U7a6mIOYanQjozPrL92edFrhdyuSJj14pqVa2tGE/zA=,tag:uyeE3dj7NTKPi0jNLkFMLA==,type:str]",
"sops": {
"age": [
{
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWEFYNThYQkpuTW10MjNM\nU3pWYmE5UnBPUzhQSTltc3hXdk9EWkg5czI0CmxnK3FuYitGci9ndnRCZms4a0lD\nOWh4alF1MEtJUis5YVNyYXRLbVppNnMKLS0tIEQ5WVVIMzlIV0pnc2ZWMnc5bjE4\nR3lpbzJiRmljcWI4SWlOS2svZVBSYnMKYIfhDjNZPDxmws3Z3P55K7V/NHiukQ0u\n00Kk603U+1JhgfJBk0Y3tMo//vKCHQj87wtZoqDLEN7Gu+ZtHhkhow==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSVpBR1NPY0svSWNWYzFC\nZE1uTjZTRm9XM24wcXByajVDYUJ4Y3FmNUc0CkJMMXRtUE5mSjYwU25MYy9xNFlP\ndUNmYmJ5RVF0dG5LYjA4L1NnNEtCMVEKLS0tIFl0Slovd2NiWjg1VXJ1VDJwTWJQ\nTWFZeW1ZYisvenVycWYwZ1lkOXBaVVUKqGu6Q8IbiUAzazLKN95uAtmXJMPzx02u\nr/R8q7ugG8lX5pWX3H3P7vtBz57Oo3rWlRpUhN/4+PpijkJNUyr3XQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-12-01T16:14:57Z",
"mac": "ENC[AES256_GCM,data:zKz8OX1yi68Qn3X6HwdbgTCr/3ZVBh5Wz4KUACmWG3XhOEVi8uoDEdAxfKMDBqNzXLeDmxxTKj6TMLkk68ozDYJqu0OevVritnZqvBTr9VKGpMPBFN3DuaeqSZ6wjHGbce1iqO0kusnwopRbEWHmr/lZxiXTNgLPdN+p5Aszi54=,iv:resppfGPecKvKwqNwqecDBcXGhcTWSGZis8hf1jT0Us=,tag:V80P25Pr4HD9pUUrQHZSQg==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

View File

@@ -0,0 +1,19 @@
{
"data": "ENC[AES256_GCM,data:SFc3K1hvBjeCS6ikLZl3vIPFJqsUrZZi9yO9tVuv14exKhOuK17HN/d+cYMtVxGwqQ/biFdXYdP8/sfTPwwZgd/wRLT2xRDMOg5ru7kj8sEhcOEYmrgYRLo3ImdWANFaxelWOmjEvzphTQ7guvXTo7BACUA9AygYa9Ou9bklYImWhOCsk8e9uz5afLZXscidiqUqqFuJNo3QGMDEAxFI2YC3OpLwEj5zlsI4AXEEHRVUxU1sVtspdolDaeiFIs/JW4jLu/2la6JyGJUluYXAThzL1LO39NA/MSNskMSedatz89vnCd9CP6Q3eT93vrUYAEY=,iv:e+tWIlHm4NH1w8AQAw6tvgCX9XOiroE1XmrSua3Bcg4=,tag:RwGpKtG9JzQ3TgcnzEV5Rg==,type:str]",
"sops": {
"age": [
{
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTYTFjRnpPVDAvQ0ZHZU0v\neEduOTVockFoZGhuMmZNd0w3bVFCVUQzUlI4CmZTaktOQWxrTDNpYXlPTm9SdlZZ\nN0dURmlHVFlHSjZpbkpGb09lTmVzWm8KLS0tIDhMWlFIRWFkQjcya0hjeUdUSklB\nbWlqNlVoR1BnWG9TM0RhWnI4a0J4YUEKGWIX77EVXYFVyA2u6CkF1cGfwd4Gq0Vb\nNqrlMUYEDZ5nO/eLWsAt2kj1/YFjkGw0iI02HLRHdxQ59vFyl3CS1Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tguyu2yd5xv8rgjjl50cq6dq5rr7umqgv098dgre4u9wyj30ea7sexw62c",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNlZGdktzSGp0bzIyUjlR\nUU9LSXRrZTgxcEZwczhidWVOdGRnRFYrOVZZCmx3VzM4V2dsWmZpUWxNUG82MzU2\nT3dmQjRwdmRJbTJxVm9vQjJKU3JXSncKLS0tIFlhYy9uQW5aa1E0K3Q1RUFSQkZP\nR29sY3RCYVg5bGdqMU1uc0E3Szhmb0kKFzKHUVNDdHWfycb7xWeAyIVlC4ab7ivR\nVlfmbPAXq2THw/s4zk/ckfE5RP82a1aX4++XRa7fm5KXpI8vExjJ5A==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-10-14T06:56:31Z",
"mac": "ENC[AES256_GCM,data:DrcOET5U6veg0qhcBjQQ5neCdTUufMxhIz4ZQzvzd+YxKfAqaq8R1PW5VVlUjhDBaUH9i3J1Wj6X4E600uhayY0E9I5VqfO84hqlosfZWPiWPO8prK46Y7R3Ybdh9uvWQxiaSxy8KHXsdDgsBFLlmLe/QvsDSUv56rPofkm06vg=,iv:XBFP8ANpsszeXqQIE/v7+GmZGlFtxgE/EtgL/Cc3x+8=,tag:ZJgO+hLuwIatE55wo94RVw==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.11.0"
}
}

View File

@@ -1,28 +0,0 @@
{
"data": "ENC[AES256_GCM,data:13hToequR4A=,iv:U7a6mIOYanQjozPrL92edFrhdyuSJj14pqVa2tGE/zA=,tag:uyeE3dj7NTKPi0jNLkFMLA==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1ee5udznhadk6m7jtglu4709rep080yjyd2ukzdl8jma4mm92y3psv0slpg",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWWUp5TU9kWTNpa0s5TFRC\nK1hoc0d0K3JQYWN3VVVWM2JvemtieGo2UGpVCit5MUcvZldBZkNNZ3ZWTWRtd0Zx\nT3I4aTdUcitPRmhhV0htZlhEYjhRakUKLS0tIEdmYUI4N1g1Nkp3YzdtaHJybVcz\neFNwUnd0Vyt2MTBpRTZlMzZnNHJGd1EKy/0zXv9CPf5k0ky7TBGY9GbcIeQyPk1L\nKmMCuWMLX0yTGqB3M3/UNdoc4L0q//7keUZH5PlkxJbnu6IN3fE5qg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1q8lc5340gz5xw2f57nglrss68wv0j0hf36py2pdtrl6ky3yrq9qqk0njr4",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdy9tZlZtNFJPRFNUUUNI\nUWtPZmZOY1V5SHc5bTZOZVluTUV6N3dlQWprClVqK2tKNFlBWHdyNDF1Q0d2bi9z\naldTTDdWYzZ6WmgrNHlZSDlTSU9SbmsKLS0tIDJZM2Y4ZDVmZk54eTZLOTU4Ui9X\nR3l3WDkwRWUyakFLdGZXeDJxRUJsaHMK6hgZ1KYe9qx4tO7RervEAKGjNHg4mi0E\nxx3I9P8MFzPiCVKG5ZNxRx25y7H4bQSRRtxIlXIhqzf2+5Q6U7/Hrw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1hsmfz8fjxu83sax9lr487h8xr6cyge0apdq4zpge4c8jpcjj2cksj825ct",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cUg4dUlCY0IwS3pPeTF5\nZTVkRTkzaVBYTmh0MmYyaHlOaFRHSnk5dWs4CmhvaTlSOTFDQzZmbHVudXpwQitV\nQjhRQWl3OHNLVGJYMm1ObVEyQmhxS0kKLS0tIDJsZnN4K2pUOEdIYVg4ZlQ5Ujhn\nNlpGL1hMVXd5cWR2YkdIVmJiblMzR1EKJYS51sKQ/tBV7dv88pOxJhzHQGckoF8q\nwIioVjs9sm4JBgQqSIbVhXwnKl05IUkyAgw6LfsbSJz3nKe7lmmRpg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-12-01T16:14:57Z",
"mac": "ENC[AES256_GCM,data:zKz8OX1yi68Qn3X6HwdbgTCr/3ZVBh5Wz4KUACmWG3XhOEVi8uoDEdAxfKMDBqNzXLeDmxxTKj6TMLkk68ozDYJqu0OevVritnZqvBTr9VKGpMPBFN3DuaeqSZ6wjHGbce1iqO0kusnwopRbEWHmr/lZxiXTNgLPdN+p5Aszi54=,iv:resppfGPecKvKwqNwqecDBcXGhcTWSGZis8hf1jT0Us=,tag:V80P25Pr4HD9pUUrQHZSQg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

View File

@@ -1,9 +1,4 @@
{ {lib, ...}: {
config,
lib,
pkgs,
...
}: {
options.terminal = lib.mkOption { options.terminal = lib.mkOption {
type = lib.types.str; type = lib.types.str;
example = "alacritty"; example = "alacritty";

View File

@@ -1,4 +1,5 @@
{ {
# hydra-auto-upgrade = import ./hydra-auto-upgrade.nix; # hydra-auto-upgrade = import ./hydra-auto-upgrade.nix;
syncthing = import ./syncthing.nix; syncthing = import ./syncthing.nix;
frajulAutoUpgrade = import ./frajul-auto-upgrade.nix;
} }

View File

@@ -0,0 +1,173 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.modules.frajulAutoUpgrade;
flagFile = "/var/lib/frajul-auto-upgrade/flag";
lockFile = "/var/lib/frajul-auto-upgrade/lock";
lastStatusFile = "/var/lib/frajul-auto-upgrade/last-status";
lastAttemptFile = "/var/lib/frajul-auto-upgrade/last-attempt";
in {
options.modules.frajulAutoUpgrade = {
enable = lib.mkEnableOption "NixOS auto-upgrade on boot";
user = lib.mkOption {
type = lib.types.str;
default = "root";
description = "User account to run the upgrade service as.";
};
flakePath = lib.mkOption {
type = lib.types.path;
description = "The path to your flake";
};
};
config = lib.mkIf cfg.enable {
# Ensure the flag directory exists
systemd.tmpfiles.rules = [
"d /var/lib/frajul-auto-upgrade 0755 root root -"
"f ${flagFile} 0766 root root -"
"f ${lastStatusFile} 0644 root root -"
"f ${lastAttemptFile} 0644 root root -"
];
environment.systemPackages = [
(pkgs.writeShellScriptBin "frajul-auto-upgrade" ''
#!/bin/sh
FLAG_FILE="${flagFile}"
LOCK_FILE="${lockFile}"
LAST_STATUS_FILE="${lastStatusFile}"
LAST_ATTEMPT_FILE="${lastAttemptFile}"
TODAY=$(date +%Y-%m-%d)
if [ ! -f "$FLAG_FILE" ] || [ "$(cat "$FLAG_FILE")" != "enabled" ]; then
echo "Auto upgrade disabled. Exiting."
exit 0
fi
# Check if already attempted today
if [ -f "$LAST_ATTEMPT_FILE" ]; then
LAST_ATTEMPT_DATE=$(cut -d' ' -f1 "$LAST_ATTEMPT_FILE")
if [ "$LAST_ATTEMPT_DATE" = "$TODAY" ]; then
echo "Update already attempted today. Skipping."
exit 0
fi
fi
if [ -f "$LOCK_FILE" ]; then
echo "Already running"
exit 1
fi
echo $$ > "$LOCK_FILE"
trap 'rm -f "$LOCK_FILE"' EXIT
if /run/current-system/sw/bin/nix flake update --flake "${cfg.flakePath}" && /run/current-system/sw/bin/nixos-rebuild switch --flake "${cfg.flakePath}"; then
echo "success" > "$LAST_STATUS_FILE"
else
echo "failure" > "$LAST_STATUS_FILE"
git -C "${cfg.flakePath}" restore flake.lock
fi
# Write full timestamp
date '+%Y-%m-%d %H:%M:%S' > "$LAST_ATTEMPT_FILE"
'')
(pkgs.writeShellScriptBin "frajul-auto-upgrade-status" ''
#!/bin/sh
FLAG_FILE="${flagFile}"
LOCK_FILE="${lockFile}"
LAST_STATUS_FILE="${lastStatusFile}"
LAST_ATTEMPT_FILE="${lastAttemptFile}"
if [ -f "$LOCK_FILE" ]; then
ICON=" "
STATUS="running"
elif [ -f "$FLAG_FILE" ] && [ "$(cat "$FLAG_FILE")" == "enabled" ]; then
LAST_STATUS="unknown"
LAST_ATTEMPT="never"
if [ -f "$LAST_STATUS_FILE" ]; then
LAST_STATUS=$(cat "$LAST_STATUS_FILE")
fi
if [ -f "$LAST_ATTEMPT_FILE" ]; then
LAST_ATTEMPT=$(cat "$LAST_ATTEMPT_FILE")
fi
if [ "$LAST_STATUS" = "success" ]; then
ICON=""
elif [ "$LAST_STATUS" = "failure" ]; then
ICON=""
else
ICON=""
fi
STATUS="enabled (last attempt: $LAST_ATTEMPT, $LAST_STATUS)"
else
ICON=" "
STATUS="disabled"
fi
echo "{\"text\": \"$ICON\", \"tooltip\": \"NixOS Auto Update: $STATUS\"}"
'')
(pkgs.writeShellScriptBin "frajul-auto-upgrade-toggle" ''
#!/bin/sh
FLAG_FILE="${flagFile}"
LOCK_FILE="${lockFile}"
if [ ! -f "$FLAG_FILE" ] || [ "$(cat "$FLAG_FILE")" != "enabled" ]; then
echo "enabled" > "$FLAG_FILE"
else
echo "disabled" > "$FLAG_FILE"
if [ -f "$LOCK_FILE" ]; then
kill -TERM "$(cat "$LOCK_FILE")"
fi
fi
'')
];
# Fixes error: repository path '...' is not owned by current user
environment.etc."root/.gitconfig".text = ''
[safe]
directory = ${cfg.flakePath}
'';
systemd.services.frajul-auto-upgrade = {
description = "Frajul's NixOS Auto Upgrade";
after = ["network-online.target"];
wants = ["network-online.target"];
restartIfChanged = false; # Do not start service on nixos switch
path = with pkgs; [
coreutils
gnutar
xz.bin
gzip
gitMinimal
config.nix.package.out
config.programs.ssh.package
];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
ExecStart = "/run/current-system/sw/bin/frajul-auto-upgrade";
};
};
systemd.timers.frajul-auto-upgrade = {
description = "Run Frajul's NixOS Auto Upgrade at boot";
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "1min";
AccuracySec = "10s";
Unit = "frajul-auto-upgrade.service";
};
};
};
}

View File

@@ -0,0 +1,132 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.system.hydraAutoUpgrade;
in {
# Taken from Misterio
options = {
system.hydraAutoUpgrade = {
enable = lib.mkEnableOption "periodic hydra-based auto upgrade";
operation = lib.mkOption {
type = lib.types.enum [
"switch"
"boot"
];
default = "switch";
};
dates = lib.mkOption {
type = lib.types.str;
default = "04:40";
example = "daily";
};
instance = lib.mkOption {
type = lib.types.str;
example = "http://hydra.julian-mutter.de";
};
project = lib.mkOption {
type = lib.types.str;
example = "dotfiles";
};
jobset = lib.mkOption {
type = lib.types.str;
example = "main";
};
job = lib.mkOption {
type = lib.types.str;
default = config.networking.hostName;
};
oldFlakeRef = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = ''
Current system's flake reference
If non-null, the service will only upgrade if the new config is newer
than this one's.
'';
};
};
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = cfg.enable -> !config.system.autoUpgrade.enable;
message = ''
hydraAutoUpgrade and autoUpgrade are mutually exclusive.
'';
}
];
systemd.services.nixos-upgrade = {
description = "NixOS Upgrade";
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig.Type = "oneshot";
path = with pkgs; [
config.nix.package.out
config.programs.ssh.package
coreutils
curl
gitMinimal
gnutar
gzip
jq
nvd
];
script = let
buildUrl = "${cfg.instance}/job/${cfg.project}/${cfg.jobset}/${cfg.job}/latest";
in
(lib.optionalString (cfg.oldFlakeRef != null) ''
eval="$(curl -sLH 'accept: application/json' "${buildUrl}" | jq -r '.jobsetevals[0]')"
flake="$(curl -sLH 'accept: application/json' "${cfg.instance}/eval/$eval" | jq -r '.flake')"
echo "New flake: $flake" >&2
new="$(nix flake metadata "$flake" --json | jq -r '.lastModified')"
echo "Modified at: $(date -d @$new)" >&2
echo "Current flake: ${cfg.oldFlakeRef}" >&2
current="$(nix flake metadata "${cfg.oldFlakeRef}" --json | jq -r '.lastModified')"
echo "Modified at: $(date -d @$current)" >&2
if [ "$new" -le "$current" ]; then
echo "Skipping upgrade, not newer" >&2
exit 0
fi
'')
+ ''
profile="/nix/var/nix/profiles/system"
path="$(curl -sLH 'accept: application/json' ${buildUrl} | jq -r '.buildoutputs.out.path')"
if [ "$(readlink -f "$profile")" = "$path" ]; then
echo "Already up to date" >&2
exit 0
fi
echo "Building $path" >&2
nix build --no-link "$path"
echo "Comparing changes" >&2
nvd --color=always diff "$profile" "$path"
echo "Activating configuration" >&2
"$path/bin/switch-to-configuration" test
echo "Setting profile" >&2
nix build --no-link --profile "$profile" "$path"
echo "Adding to bootloader" >&2
"$path/bin/switch-to-configuration" boot
'';
startAt = cfg.dates;
after = ["network-online.target"];
wants = ["network-online.target"];
};
};
}

View File

@@ -25,11 +25,11 @@
my-pkgs = final: prev: {frajul = import ../pkgs {pkgs = final;};}; my-pkgs = final: prev: {frajul = import ../pkgs {pkgs = final;};};
nixpkgs-stable-unstable = final: prev: { nixpkgs-stable-unstable = final: prev: {
unstable = import inputs.nixpkgs { unstable = import inputs.nixpkgs-unstable {
system = prev.system; system = prev.system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
stable = import inputs.nixpkgs-stable { stable = import inputs.nixpkgs {
system = prev.system; system = prev.system;
config.allowUnfree = true; config.allowUnfree = true;
}; };

View File

@@ -12,4 +12,6 @@
acer-battery-health-mode = pkgs.callPackage ./acer-battery-health-mode {}; acer-battery-health-mode = pkgs.callPackage ./acer-battery-health-mode {};
pob2 = pkgs.callPackage ./pob2 {}; pob2 = pkgs.callPackage ./pob2 {};
wl-ocr = pkgs.callPackage ./wl-ocr {}; wl-ocr = pkgs.callPackage ./wl-ocr {};
rtklib = pkgs.qt6Packages.callPackage ./rtklib {};
pob2-frajul = pkgs.callPackage ./pob2-frajul {};
} }

View File

@@ -3,7 +3,7 @@
nheko, nheko,
telegram-desktop, telegram-desktop,
thunderbird, thunderbird,
discord, discord, # TODO: discord not available for aarch64, this leads to flake evaluation for this arch fail.
}: }:
writeShellApplication { writeShellApplication {
name = "open-messaging"; name = "open-messaging";
@@ -20,7 +20,7 @@ writeShellApplication {
sleep 0.1 sleep 0.1
nheko & nheko &
sleep 0.1 sleep 0.1
telegram-desktop & Telegram &
sleep 0.1 sleep 0.1
discord & discord &
''; '';

View File

@@ -0,0 +1,16 @@
{
writeShellApplication,
xhost,
}:
writeShellApplication {
name = "pob2-frajul";
runtimeInputs = [
xhost
];
text = ''
xhost +
sudo -u pob -i sh /home/pob/pob2.sh
'';
}

40
pkgs/rtklib/default.nix Normal file
View File

@@ -0,0 +1,40 @@
{
stdenv,
fetchFromGitHub,
cmake,
pkg-config,
qtbase,
wrapQtAppsHook,
qtserialport,
qttools,
...
}:
stdenv.mkDerivation rec {
pname = "RTKLIB";
version = "b34L";
src = fetchFromGitHub {
owner = "rtklibexplorer";
repo = "${pname}";
rev = "${version}";
hash = "sha256-bQcia3aRQNcZ55fvJViAxpo2Ev276HFTZ28SEXJD5Ds=";
};
nativeBuildInputs = [
cmake
pkg-config
wrapQtAppsHook
];
buildInputs = [
qtbase
qtserialport
qttools
];
cmakeFlags = [
"-DCMAKE_INSTALL_DATAROOTDIR=share"
];
doCheck = true;
}

View File

@@ -3,6 +3,9 @@
NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations"; NIX_CONFIG = "extra-experimental-features = nix-command flakes ca-derivations";
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
nix nix
deploy-rs # for deploy
nixos-generators # for nixos-generate -f iso --flake .#host
nh # nix helper for nice interfaces
home-manager home-manager
git git