fuckwit/nix-config
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

Compare commits

base: fuckwit:db5caf234777d93f1c8e7e59151d1356ec97bf4a
Branches Tags
fuckwit:master fuckwit:renovate/lock-file-maintenance
..
compare: fuckwit:renovate/lock-file-maintenance
Branches Tags
fuckwit:master fuckwit:renovate/lock-file-maintenance

56 Commits
db5caf2347 ... renovate/l

Author SHA1 Message Date
Renovate Bot
677ecfbb3c Lock file maintenance
All checks were successful
nix flake check / nix-flake-update (push) Successful in 2m26s
Details
2025-01-19 18:01:46 +00:00
Renovate Bot
e738985f41 Lock file maintenance
All checks were successful
nix flake check / nix-flake-update (push) Successful in 2m33s
Details
2025-01-19 17:31:42 +00:00
fuckwit
42ec135959 enable fingerprint unlock in hyprlock 2025-01-19 18:25:00 +01:00
fuckwit
51b871ecda add udisks2 and udiskie to framework 2025-01-19 18:11:42 +01:00
Renovate Bot
89a775c1e8 Lock file maintenance
All checks were successful
nix flake check / nix-flake-update (push) Successful in 2m30s
Details
2025-01-13 20:01:49 +00:00
Renovate Bot
4f2119b767 Lock file maintenance
All checks were successful
nix flake check / nix-flake-update (push) Successful in 2m35s
Details
2025-01-13 19:31:48 +00:00
Renovate Bot
197784db20 Lock file maintenance
All checks were successful
nix flake check / nix-flake-update (push) Successful in 2m30s
Details
2025-01-13 19:01:47 +00:00
fuckwit
6289bf15d9 disable actions caching for now and increase runner concurrency 2025-01-12 18:20:54 +01:00
Renovate Bot
4e47e87075 Lock file maintenance
All checks were successful
nix flake check / nix-flake-update (push) Successful in 11m15s
Details
2025-01-11 21:01:41 +00:00
Renovate Bot
48253567c2 Lock file maintenance
All checks were successful
nix flake check / nix-flake-update (push) Successful in 11m13s
Details
2025-01-11 20:01:39 +00:00
Renovate Bot
dd5c3c3a48 Lock file maintenance
All checks were successful
nix flake check / nix-flake-update (push) Successful in 11m12s
Details
2025-01-11 19:01:39 +00:00
fuckwit
5e50a8235d unify config a bit 2025-01-11 19:52:15 +01:00
Renovate Bot
a57efbacda Lock file maintenance
Some checks failed
nix flake check / nix-flake-update (push) Has been cancelled
Details
2025-01-11 18:00:09 +00:00
Renovate Bot
db13ab54b6 Lock file maintenance
All checks were successful
nix flake check / nix-flake-update (push) Successful in 11m37s
Details
2025-01-10 23:32:27 +00:00
fuckwit
b959147b69 install nix via detsys and check then
All checks were successful
nix flake check / nix-flake-update (push) Successful in 11m42s
Details
2025-01-11 00:17:23 +01:00
fuckwit
3fc00f521c add flake check action
Some checks failed
nix flake check / nix-flake-update (push) Failing after 0s
Details
2025-01-11 00:14:34 +01:00
fuckwit
7df23c160a enable automerge for lockfile maintenance 2025-01-10 23:55:50 +01:00
fuckwit
fb060c9068 use https for inputs 2025-01-10 23:47:53 +01:00
fuckwit
d30921202e schedule is part of group 2025-01-10 23:12:23 +01:00
fuckwit
8a90f6a82c does the renovate schedule work now? 2025-01-10 23:06:07 +01:00
fuckwit
412bf0a33b fix renovate.json error 2025-01-10 23:04:25 +01:00
fuckwit
9df08b4882 tell renovate to always run this when bot runs 2025-01-10 23:03:25 +01:00
fuckwit
259c7b1fd9 .... this time for real enable nix in renovate 2025-01-10 22:53:47 +01:00
fuckwit
2bb38b1634 enable nix for renovate 2025-01-10 22:53:00 +01:00
fuckwit
b5e2ce9d1b configure renovate 2025-01-10 22:48:03 +01:00
fuckwit
afa5e8aab7 update secrets 2025-01-10 22:25:41 +01:00
fuckwit
e7940f6177 switch docker image to ubuntu-latest and test actions flow
Some checks failed
update-flake-lock / lockfile (push) Failing after 11m56s
Details
2025-01-09 20:36:18 +01:00
fuckwit
e3b38cc453 add runner on primordial 2025-01-09 20:23:38 +01:00
fuckwit
1ae33bf279 run action on push for now
Some checks failed
update-flake-lock / lockfile (push) Failing after 20s
Details
2025-01-09 19:53:03 +01:00
fuckwit
60c364dd22 try actions 2025-01-09 19:50:56 +01:00
fuckwit
8a74d36bd7 let act_runner use docker/podman 2025-01-09 19:11:11 +01:00
fuckwit
9031dfb62d pass nur as overlay and fix firefox module 2025-01-09 19:10:30 +01:00
fuckwit
7539947bb0 firefox module 2025-01-04 15:16:42 +01:00
fuckwit
acc9c123df fix firefox tabs at bottom 2025-01-03 17:21:24 +01:00
fuckwit
15ea443308 cleanup framework homemanager config 2024-12-22 21:51:42 +01:00
fuckwit
e458325578 allow EOL .NET6 for arr services 2024-12-22 20:32:42 +01:00
fuckwit
00f39fbd66 swap to hyprlock and hypridle 2024-12-22 20:03:55 +01:00
fuckwit
07e17650a8 fix tailscale 2024-12-09 19:06:45 +01:00
fuckwit
7d82ca8f5d add prune options for backups 2024-12-09 18:45:52 +01:00
fuckwit
482463c8d4 allow more uploads 2024-12-08 18:42:17 +01:00
fuckwit
a8df9404f0 add tailwind to framework 2024-11-26 00:24:10 +01:00
fuckwit
f9bb7a157a fix deprecations and add sdr stuff 2024-11-25 10:32:26 +01:00
fuckwit
30d45c55f6 use lts kernel for work 2024-11-20 06:06:10 +01:00
fuckwit
55137bcd83 Merge pull request 'update nixvim and fix deprecations' (#2) from laptop into master 
Reviewed-on: #2
 2024-11-19 16:48:01 +01:00
fuckwit
461d94f808 update nixvim and fix deprecations 2024-11-19 16:46:13 +01:00
fuckwit
1d2679af96 fix samba deprecations 2024-11-18 19:24:25 +01:00
fuckwit
ab27ee081a add backups for NAS 2024-11-18 19:21:50 +01:00
fuckwit
13925c6490 fix programs.eza.icons deprecation 2024-11-18 18:51:05 +01:00
fuckwit
b90ac7e424 use newer kernel 2024-11-18 18:46:20 +01:00
fuckwit
382c1be9b6 update nixvim 2024-11-18 18:31:52 +01:00
fuckwit
cd7cc0cea1 update flake, add mail backup and fix formatting 2024-11-17 20:56:50 +01:00
fuckwit
391c15be69 stuff 2024-11-17 18:05:37 +01:00
fuckwit
5ebf139b8f add nvim config 2024-11-04 18:05:01 +01:00
fuckwit
4eed14ce1f update flake 2024-10-11 11:13:51 +02:00
fuckwit
99bba0ff23 fixes 2024-10-11 11:11:30 +02:00
fuckwit
e96f3340c4 fixes for work setup 2024-10-08 06:20:39 +02:00
36 changed files with 1401 additions and 1404 deletions
Expand all files Collapse all files

14
.gitea/workflows/nix-flake-check.yaml Normal file
View File

@ -0,0 +1,14 @@
name: nix flake check
on:
push:
branches:
- 'renovate/**'
jobs:
nix-flake-update:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- run: /root/.nix-profile/bin/nix flake check --all-systems

8
.sops.yaml
View File

@ -2,7 +2,7 @@ keys:
- &user_patrick 5FA64909521A5C85992F26E0F819AEFF941BB849 - &user_patrick 5FA64909521A5C85992F26E0F819AEFF941BB849
- &host_celestia age1vadwmwh8ckfal7j83gwrwn9324gqufwgkxskznhp9v867amndcwqgp2w6t - &host_celestia age1vadwmwh8ckfal7j83gwrwn9324gqufwgkxskznhp9v867amndcwqgp2w6t
- &host_primordial age12u7ayy2q5dps2pcpc6z7962pz07jxv3tt03hna6jyumlu4fdjvtqdg2n3e - &host_primordial age12u7ayy2q5dps2pcpc6z7962pz07jxv3tt03hna6jyumlu4fdjvtqdg2n3e
- &host_laptop age1fhnujflp29sekvwjgw0ue2hnmjum3fpcj80vly0rkt07u9xwlf7ql25mkk - &host_framework age18kc63lpfutqlw505fkqagumqup6dtpudajeaheueuaf0frjpdc3suz49qk
creation_rules: creation_rules:
- path_regex: nixos/celestia/secrets\.yaml$ - path_regex: nixos/celestia/secrets\.yaml$
key_groups: key_groups:
@ -16,3 +16,9 @@ creation_rules:
- *user_patrick - *user_patrick
age: age:
- *host_primordial - *host_primordial
- path_regex: nixos/framework/secrets\.yaml$
key_groups:
- pgp:
- *user_patrick
age:
- *host_framework

1265
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

45
flake.nix
View File

@ -3,31 +3,40 @@
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.11";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
deploy.url = "github:serokell/deploy-rs";
nurpkgs.url = "github:nix-community/NUR"; lanzaboote = {
sops-nix.url = "github:Mic92/sops-nix"; url = "github:nix-community/lanzaboote";
lanzaboote.url = "github:nix-community/lanzaboote"; inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager"; };
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nur = {
url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs";
};
deploy = {
url = "github:serokell/deploy-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver = { simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
rycee-nurpkgs = { nixvim = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; url = "git+https://git.fuckwit.dev/fuckwit/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-f2k = {
url = "github:fortuneteller2k/nixpkgs-f2k";
inputs.nixpkgs.follows = "nixpkgs";
};
devenv = {
url = "github:cachix/devenv/latest";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };

6
home-modules/firefox-webapp.nix
View File

@ -14,7 +14,11 @@
nameValuePair "home-manager-webapp-${name}" { nameValuePair "home-manager-webapp-${name}" {
id = cfg.id; id = cfg.id;
userChrome = '' userChrome =
/*
css
*/
''
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"); @namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul");
browser { browser {

111
home-modules/firefox/default.nix Normal file
View File

@ -0,0 +1,111 @@
{
pkgs,
config,
lib,
...
}: let
inherit (lib) mkOption mkEnableOption mkPackageOption types;
defaultExtensions = with pkgs.nur.repos.rycee.firefox-addons; [
bitwarden
darkreader
i-dont-care-about-cookies
privacy-badger
ublock-origin
];
defaultSettings = {
"app.normandy.first_run" = false;
"app.shield.optoutstudies.enabled" = false;
# disable updates (pretty pointless with nix)
"app.update.channel" = "default";
"browser.contentblocking.category" = "standard"; # "strict"
"browser.ctrlTab.recentlyUsedOrder" = false;
"browser.download.viewableInternally.typeWasRegistered.svg" = true;
"browser.download.viewableInternally.typeWasRegistered.webp" = true;
"browser.download.viewableInternally.typeWasRegistered.xml" = true;
"browser.search.region" = "DE";
"browser.shell.checkDefaultBrowser" = false;
"browser.tabs.loadInBackground" = true;
"browser.urlbar.placeholderName" = "EnteEnteLauf";
"browser.urlbar.showSearchSuggestionsFirst" = false;
# disable all the annoying quick actions
"browser.urlbar.quickactions.enabled" = false;
"browser.urlbar.quickactions.showPrefs" = false;
"browser.urlbar.shortcuts.quickactions" = false;
"browser.urlbar.suggest.quickactions" = false;
"distribution.searchplugins.defaultLocale" = "en-US";
"doh-rollout.balrog-migration-done" = true;
"doh-rollout.doneFirstRun" = true;
"general.useragent.locale" = "en-US";
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"extensions.extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"extensions.update.enabled" = false;
"extensions.webcompat.enable_picture_in_picture_overrides" = true;
"extensions.webcompat.enable_shims" = true;
"extensions.webcompat.perform_injections" = true;
"extensions.webcompat.perform_ua_overrides" = true;
"privacy.donottrackheader.enabled" = true;
"browser.translations.enable" = false;
# Yubikey
"security.webauth.u2f" = true;
"security.webauth.webauthn" = true;
"security.webauth.webauthn_enable_softtoken" = false;
"security.webauth.webauthn_enable_usbtoken" = true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"layout.word_select.stop_at_punctuation" = false;
};
cfg = config.personal.firefox;
in {
options.personal.firefox = {
enable = mkEnableOption "Apply personal firefox defaults.";
package = mkPackageOption pkgs "firefox-bin" {};
extraExtensions = mkOption {
type = types.listOf types.package;
default = [];
description = "Extra Firefox extensions to install.";
};
settings = mkOption {
type = types.attrsOf ((pkgs.formats.json {}).type
// {
description = "Preferences (int, bool, string, and also attrs, list, float as a JSON string)";
});
default = defaultSettings;
description = "Attribute set of preferences.";
};
};
config = {
programs.firefox = lib.mkIf cfg.enable {
enable = true;
package = cfg.package;
profiles = {
default = {
isDefault = true;
id = 0;
userChrome = builtins.readFile ./userChrome.css;
extensions = defaultExtensions ++ cfg.extraExtensions;
inherit (cfg) settings;
};
};
};
};
}

76
home-modules/firefox/userChrome.css Normal file
View File

@ -0,0 +1,76 @@
/* Source file https://github.com/MrOtherGuy/firefox-csshacks/tree/master/chrome/toolbars_below_content_v2.css made available under Mozilla Public License v. 2.0
See the above repository for updates as well as full license text. */
/* This requires Firefox 133
* By default tabs will be the top-most toolbar, but you can set the following pref to move them to bottom:
* userchrome.toolbars-below-content.tabs-at-bottom.enabled
*/
#navigator-toolbox{
display: contents;
--uc-navbar-height: 40px;
}
:root[uidensity="compact"] #navigator-toolbox{
--uc-navbar-height: 34px;
}
#main-window > body > #browser,
.global-notificationbox,
#tab-notification-deck,
#toolbar-menubar{
order: -1;
}
#TabsToolbar{
max-height: calc((var(--tab-min-height) + 2 * var(--tab-block-margin,0px)) * var(--multirow-n-rows,1));
}
#toolbar-menubar,
#TabsToolbar{
background: inherit !important;
}
@media (-moz-platform: linux){
:root[sizemode="normal"][customtitlebar] #toolbar-menubar{
border-top-left-radius: inherit;
border-top-right-radius: inherit;
}
#toolbar-menubar,
#TabsToolbar{
opacity: 1 !important;
will-change: unset !important;
}
#notification-popup[side="top"]{
margin-top: calc(-2 * var(--panel-padding-block) - 40px - 32px - 8.5em) !important;
}
#permission-popup[side="top"]{
margin-top: calc(-2 * var(--panel-padding-block) - 2.5em);
}
}
#nav-bar,
#PersonalToolbar{
background-image: linear-gradient(var(--toolbar-bgcolor),var(--toolbar-bgcolor)), var(--lwt-additional-images,var(--toolbar-bgimage)) !important;
background-position: top,var(--lwt-background-alignment);
background-position-y: calc(0px - var(--tab-min-height) - 2*var(--tab-block-margin,0px));
background-repeat: repeat,var(--lwt-background-tiling);
}
:root[lwtheme-image] #nav-bar,
:root[lwtheme-image] #PersonalToolbar{
background-image: linear-gradient(var(--toolbar-bgcolor),var(--toolbar-bgcolor)),var(--lwt-header-image), var(--lwt-additional-images,var(--toolbar-bgimage)) !important;
}
#PersonalToolbar{
background-position-y: calc(0px - var(--tab-min-height) - 2*var(--tab-block-margin,0px) - var( --uc-navbar-height));
}
#urlbar[breakout][breakout-extend]{
display: flex !important;
flex-direction: column-reverse !important;
transform: translateY(calc(var(--urlbar-container-height) - 100%));
}
#urlbar[breakout-extend]:not([usertyping]) > .urlbar-input-container::after{
display: flex;
content: "";
height: calc(var(--urlbar-min-height) - 2px - 2 * var(--urlbar-container-padding));
}
.urlbarView-body-inner{ border-top-style: none !important; }
#TabsToolbar{
order: 3
}

1
home-modules/modules-list.nix
View File

@ -1,5 +1,6 @@
{...}: { {...}: {
imports = [ imports = [
./firefox
./firefox-webapp.nix ./firefox-webapp.nix
]; ];
} }

23
home/configurations.nix
View File

@ -1,27 +1,18 @@
{ {
nixpkgs, nixpkgs,
nurpkgs, nur,
home-manager, home-manager,
devenv, nixvim,
... ...
}: let }: let
pkgs = import nixpkgs { pkgs = import nixpkgs rec {
system = "x86_64-linux"; system = "x86_64-linux";
}; overlays = [(final: prev: {nixvim = nixvim.packages.${system}.default;}) nur.overlays.default];
nur = import nurpkgs {
inherit pkgs;
nurpkgs = pkgs;
}; };
in { in {
work = home-manager.lib.homeManagerConfiguration { work = home-manager.lib.homeManagerConfiguration {
inherit pkgs; inherit pkgs;
extraSpecialArgs = {
inherit devenv; # TODO: Remove dependency on devenv
ff-addons = nur.repos.rycee.firefox-addons;
};
modules = [ modules = [
../home-modules/modules-list.nix ../home-modules/modules-list.nix
./work ./work
@ -31,12 +22,8 @@ in {
framework = home-manager.lib.homeManagerConfiguration { framework = home-manager.lib.homeManagerConfiguration {
inherit pkgs; inherit pkgs;
extraSpecialArgs = {
ff-addons = nur.repos.rycee.firefox-addons;
};
modules = [ modules = [
# ../home-modules/modules-list.nix ../home-modules/modules-list.nix
./framework ./framework
]; ];
}; };

3
home/framework/default.nix
View File

@ -14,6 +14,7 @@
moonlight-qt moonlight-qt
vesktop vesktop
telegram-desktop telegram-desktop
nixvim
]; ];
sessionPath = ["~/.local/bin"]; sessionPath = ["~/.local/bin"];
sessionVariables = { sessionVariables = {
@ -27,6 +28,8 @@
./programs ./programs
]; ];
services.udiskie.enable = true;
accounts.email.accounts = { accounts.email.accounts = {
patrick = { patrick = {
primary = true; primary = true;

35
home/framework/programs/alacritty/default.nix Normal file
View File

@ -0,0 +1,35 @@
{...}: {
programs.alacritty = {
enable = true;
settings = {
general.live_config_reload = true;
env.TERM = "xterm-256color";
bell.duration = 0;
cursor.style = "Block";
scrolling = {
history = 10000;
multiplier = 3;
};
window = {
opacity = 0.9;
};
mouse.bindings = [
{
mouse = "Middle";
action = "PasteSelection";
}
];
colors = {
primary = {
background = "0x000000";
foreground = "0xeaeaea";
};
};
};
};
}

1
home/framework/programs/default.nix
View File

@ -1,4 +1,5 @@
[ [
./alacritty
./firefox ./firefox
./hyprland ./hyprland
{ {

128
home/framework/programs/firefox/default.nix
View File

@ -1,129 +1,5 @@
{ {...}: {
pkgs, personal.firefox = {
lib,
stdenv,
specialArgs,
...
}: let
extensions = with specialArgs.ff-addons; [
bitwarden
darkreader
i-dont-care-about-cookies
privacy-badger
ublock-origin
tree-style-tab
tridactyl
];
customChrome = ''
@-moz-document url(chrome://browser/content/browser.xhtml) {
/* tabs on bottom of window */
/* requires that you set
* toolkit.legacyUserProfileCustomizations.stylesheets = true
* in about:config
*/
#main-window body { flex-direction: column-reverse !important; }
#navigator-toolbox { flex-direction: column-reverse !important; }
#urlbar {
top: unset !important;
bottom: calc((var(--urlbar-toolbar-height) - var(--urlbar-height)) / 2) !important;
box-shadow: none !important;
display: flex !important;
flex-direction: column !important;
}
#urlbar-input-container {
order: 2;
}
#urlbar > .urlbarView {
order: 1;
border-bottom: 1px solid #666;
}
#urlbar-results {
display: flex;
flex-direction: column-reverse;
}
.search-one-offs { display: none !important; }
.tab-background { border-top: none !important; }
#navigator-toolbox::after { border: none; }
#TabsToolbar .tabbrowser-arrowscrollbox,
#tabbrowser-tabs, .tab-stack { min-height: 28px !important; }
.tabbrowser-tab { font-size: 80%; }
.tab-content { padding: 0 5px; }
.tab-close-button .toolbarbutton-icon { width: 12px !important; height: 12px !important; }
toolbox[inFullscreen=true] { display: none; }
}
'';
userChrome = customChrome;
# ~/.mozilla/firefox/PROFILE_NAME/prefs.js | user.js
settings = {
"app.normandy.first_run" = false;
"app.shield.optoutstudies.enabled" = false;
# disable updates (pretty pointless with nix)
"app.update.channel" = "default";
"browser.contentblocking.category" = "standard"; # "strict"
"browser.ctrlTab.recentlyUsedOrder" = false;
"browser.download.viewableInternally.typeWasRegistered.svg" = true;
"browser.download.viewableInternally.typeWasRegistered.webp" = true;
"browser.download.viewableInternally.typeWasRegistered.xml" = true;
"browser.search.region" = "DE";
"browser.shell.checkDefaultBrowser" = false;
"browser.tabs.loadInBackground" = true;
"browser.urlbar.placeholderName" = "EnteEnteLauf";
"browser.urlbar.showSearchSuggestionsFirst" = false;
# disable all the annoying quick actions
"browser.urlbar.quickactions.enabled" = false;
"browser.urlbar.quickactions.showPrefs" = false;
"browser.urlbar.shortcuts.quickactions" = false;
"browser.urlbar.suggest.quickactions" = false;
"distribution.searchplugins.defaultLocale" = "en-US";
"doh-rollout.balrog-migration-done" = true;
"doh-rollout.doneFirstRun" = true;
"general.useragent.locale" = "en-US";
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"extensions.extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"extensions.update.enabled" = false;
"extensions.webcompat.enable_picture_in_picture_overrides" = true;
"extensions.webcompat.enable_shims" = true;
"extensions.webcompat.perform_injections" = true;
"extensions.webcompat.perform_ua_overrides" = true;
"privacy.donottrackheader.enabled" = true;
"browser.translations.enable" = false;
# Yubikey
"security.webauth.u2f" = true;
"security.webauth.webauthn" = true;
"security.webauth.webauthn_enable_softtoken" = false;
"security.webauth.webauthn_enable_usbtoken" = true;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"layout.word_select.stop_at_punctuation" = false;
};
in {
programs.firefox = {
enable = true; enable = true;
package = pkgs.firefox-bin;
profiles = {
default = {
isDefault = true;
id = 0;
inherit extensions settings userChrome;
};
};
}; };
} }

109
home/framework/programs/hyprland/default.nix
View File

@ -1,19 +1,84 @@
{pkgs, ...}: { {pkgs, ...}: {
wayland.windowManager.hyprland = let services.hypridle = {
locker = "${pkgs.swaylock}/bin/swaylock"; enable = true;
set-dpms = "${pkgs.hyprland}/bin/hyprctl dispatcher dpms";
locked-dpms = pkgs.writeShellScript "locked-dpms.sh" '' settings = {
${pkgs.swayidle}/bin/swayidle -w \ general = {
timeout 10 'if pgrep -x swaylock; then ${set-dpms} off; fi' \ lock_cmd = "pidof hyprlock || hyprlock";
resume '${set-dpms} on' };
'';
idle-script = pkgs.writeShellScript "idle-lock.sh" '' listener = [
${pkgs.swayidle}/bin/swayidle -w \ {
timeout 300 '${locker} -f' \ timeout = 300;
timeout 330 '${set-dpms} off' \ on-timeout = "loginctl lock-session";
resume '${set-dpms} on' }
''; {
in { timeout = 330;
on-timeout = "hyprctl dispatch dpms off";
on-resume = "hyprctl dispatch dpms on";
}
];
};
};
programs.hyprlock = {
enable = true;
settings = {
background = {
monitor = "";
path = "screenshot";
blur_passes = 2;
blur_size = 7;
noise = 1.17e-2;
};
auth.fingerprint.enabled = true;
label = [
{
monitor = "";
text = "$TIME";
color = "rgba(242, 243, 244, 0.75)";
font_size = 95;
position = "0, 300";
halign = "center";
valign = "center";
}
{
monitor = "";
text = ''cmd[update:1000] echo $(date +"%A, %B %d")'';
color = "rgba(242, 243, 244, 0.75)";
font_size = 22;
position = "0, 200";
halign = "center";
valign = "center";
}
];
input-field = {
monitor = "";
size = "200,50";
outline_thickness = 2;
dots_size = 0.2;
dots_spacing = 0.35;
dots_center = true;
outer_color = "rgba(0, 0, 0, 0)";
inner_color = "rgba(0, 0, 0, 0.2)";
font_color = "rgb(111, 45, 104)";
fade_on_empty = false;
rounding = -1;
check_color = "rgb(30, 107, 204)";
placeholder_text = ''<i><span foreground="##cdd6f4">Input Password...</span></i>'';
hide_input = false;
position = "0, -100";
halign = "center";
valign = "center";
};
};
};
wayland.windowManager.hyprland = {
enable = true; enable = true;
settings = { settings = {
"$mod" = "SUPER"; "$mod" = "SUPER";
@ -28,8 +93,6 @@
exec-once = [ exec-once = [
"${pkgs.waybar}/bin/waybar" "${pkgs.waybar}/bin/waybar"
"${pkgs.mako}/bin/mako" "${pkgs.mako}/bin/mako"
idle-script
locked-dpms
]; ];
input = { input = {
@ -49,10 +112,12 @@
decoration = { decoration = {
rounding = 5; rounding = 5;
drop_shadow = true; shadow = {
shadow_range = 4; enabled = true;
shadow_render_power = 3; range = 4;
"col.shadow" = "rgba(1a1a1aee)"; render_power = 3;
color = "rgba(1a1a1aee)";
};
blur = { blur = {
enabled = true; enabled = true;
@ -81,7 +146,7 @@
"$mod, return, exec, ${pkgs.alacritty}/bin/alacritty" "$mod, return, exec, ${pkgs.alacritty}/bin/alacritty"
"$mod, D, exec, ${pkgs.rofi-wayland}/bin/rofi -show drun" "$mod, D, exec, ${pkgs.rofi-wayland}/bin/rofi -show drun"
"$mod SHIFT, Q, killactive, " "$mod SHIFT, Q, killactive, "
"$mod, L, exec, ${locker}" "$mod, L, exec, loginctl lock-session"
"$mod, V, togglefloating, " "$mod, V, togglefloating, "
"$mod, F, fullscreen, 1" "$mod, F, fullscreen, 1"
"$mod, P, pseudo, # dwindle" "$mod, P, pseudo, # dwindle"

8
home/work/default.nix
View File

@ -1,14 +1,15 @@
{ {
config, config,
pkgs, pkgs,
devenv, # devenv,
... ...
}: { }: {
home = { home = {
stateVersion = "22.11"; stateVersion = "22.11";
username = "patrick"; username = "patrick";
homeDirectory = "/home/${config.home.username}"; homeDirectory = "/home/${config.home.username}";
packages = (pkgs.callPackage ./pkgs.nix {}) ++ [devenv.packages.${pkgs.system}.devenv]; packages = pkgs.callPackage ./pkgs.nix {};
# packages = (pkgs.callPackage ./pkgs.nix {}) ++ [devenv.packages.${pkgs.system}.devenv];
sessionPath = ["~/.local/bin"]; sessionPath = ["~/.local/bin"];
sessionVariables = { sessionVariables = {
SSH_AUTH_SOCK = "/run/user/1000/ssh-agent"; SSH_AUTH_SOCK = "/run/user/1000/ssh-agent";
@ -21,4 +22,7 @@
./programs ./programs
./services ./services
]; ];
nixpkgs.config.permittedInsecurePackages = [
"electron-27.3.11"
];
} }

14
home/work/pkgs.nix
View File

@ -1,15 +1,10 @@
{pkgs, ...}: {pkgs, ...}:
with pkgs; [ with pkgs; [
age # Modern encryption tool with small explicit keys age # Modern encryption tool with small explicit keys
arandr # simple GUI for xrandr
atuin atuin
dig # dns command-line tool dig # dns command-line tool
fd # "find" for files fd # "find" for files
geckodriver # remote controll firefox
helix # modal editor
htop # process monitor htop # process monitor
hyperfine # command-line benchmarking tool
i3lock # screen locker
imagemagick # selection screenshot stuff imagemagick # selection screenshot stuff
just # just a command runner just # just a command runner
keepassxc # password manager keepassxc # password manager
@ -22,21 +17,16 @@ with pkgs; [
mtr # traceroute mtr # traceroute
mumble # voice call client mumble # voice call client
ncdu # disk space info (a better du) ncdu # disk space info (a better du)
neovim-unwrapped # best code editor on the planet
networkmanagerapplet # systray applet for NetworkManager networkmanagerapplet # systray applet for NetworkManager
nitrogen # wallpapger manager
nushellFull # A modern shell written in Rust
ouch # painless compression and decompression for your terminal ouch # painless compression and decompression for your terminal
pavucontrol # pulseaudio volume control pavucontrol # pulseaudio volume control
playerctl # music player controller playerctl # music player controller
podman-compose # podman manager podman-compose # podman manager
restic # incremental backup tool
ripgrep # fast grep ripgrep # fast grep
rocketchat-desktop # company chat
sops # Mozilla sops (Secrets OPerationS) is an editor of encrypted files sops # Mozilla sops (Secrets OPerationS) is an editor of encrypted files
thunderbird # email client thunderbird # email client
xclip # clipboard support
xsel # clipboard support (also for neovim)
zeal # offline documentation browser zeal # offline documentation browser
zellij # A terminal workspace with batteries included zellij # A terminal workspace with batteries included
wl-clipboard
nixvim
] ]

3
home/work/programs/alacritty/default.nix
View File

@ -3,8 +3,7 @@
enable = true; enable = true;
settings = { settings = {
live_config_reload = true; general.live_config_reload = true;
env.TERM = "xterm-256color"; env.TERM = "xterm-256color";
bell.duration = 0; bell.duration = 0;
cursor.style = "Block"; cursor.style = "Block";

6
home/work/programs/bash/default.nix
View File

@ -9,7 +9,11 @@
rescue = "ssh-wrapper rescue"; rescue = "ssh-wrapper rescue";
}; };
initExtra = '' initExtra =
/*
bash
*/
''
source ${pkgs.blesh}/share/blesh/ble.sh source ${pkgs.blesh}/share/blesh/ble.sh
export PATH=$PATH:~/.local/bin export PATH=$PATH:~/.local/bin
export SSH_AUTH_SOCK=/run/user/1000/ssh-agent export SSH_AUTH_SOCK=/run/user/1000/ssh-agent

3
home/work/programs/default.nix
View File

@ -3,6 +3,7 @@
./autorandr ./autorandr
./bash ./bash
./firefox ./firefox
./nvim
./rofi ./rofi
./tmate ./tmate
./xresources ./xresources
@ -17,7 +18,7 @@
eza = { eza = {
enable = true; enable = true;
icons = true; icons = "auto";
git = true; git = true;
}; };

140
home/work/programs/firefox/default.nix
View File

@ -1,140 +1,6 @@
{ {pkgs, ...}: {
pkgs, personal.firefox = {
lib,
stdenv,
specialArgs,
...
}: let
extensions = with specialArgs.ff-addons; [
bitwarden
darkreader
i-dont-care-about-cookies
privacy-badger
ublock-origin
tree-style-tab
tridactyl
];
customChrome = ''
@-moz-document url(chrome://browser/content/browser.xhtml) {
/* tabs on bottom of window */
/* requires that you set
* toolkit.legacyUserProfileCustomizations.stylesheets = true
* in about:config
*/
#main-window body { flex-direction: column-reverse !important; }
#navigator-toolbox { flex-direction: column-reverse !important; }
#urlbar {
top: unset !important;
bottom: calc((var(--urlbar-toolbar-height) - var(--urlbar-height)) / 2) !important;
box-shadow: none !important;
display: flex !important;
flex-direction: column !important;
}
#urlbar-input-container {
order: 2;
}
#urlbar > .urlbarView {
order: 1;
border-bottom: 1px solid #666;
}
#urlbar-results {
display: flex;
flex-direction: column-reverse;
}
.search-one-offs { display: none !important; }
.tab-background { border-top: none !important; }
#navigator-toolbox::after { border: none; }
#TabsToolbar .tabbrowser-arrowscrollbox,
#tabbrowser-tabs, .tab-stack { min-height: 28px !important; }
.tabbrowser-tab { font-size: 80%; }
.tab-content { padding: 0 5px; }
.tab-close-button .toolbarbutton-icon { width: 12px !important; height: 12px !important; }
toolbox[inFullscreen=true] { display: none; }
}
'';
userChrome = customChrome;
# ~/.mozilla/firefox/PROFILE_NAME/prefs.js | user.js
settings = {
"app.normandy.first_run" = false;
"app.shield.optoutstudies.enabled" = false;
# disable updates (pretty pointless with nix)
"app.update.channel" = "default";
"browser.contentblocking.category" = "standard"; # "strict"
"browser.ctrlTab.recentlyUsedOrder" = false;
"browser.download.viewableInternally.typeWasRegistered.svg" = true;
"browser.download.viewableInternally.typeWasRegistered.webp" = true;
"browser.download.viewableInternally.typeWasRegistered.xml" = true;
"browser.search.region" = "DE";
"browser.shell.checkDefaultBrowser" = false;
"browser.tabs.loadInBackground" = true;
"browser.urlbar.placeholderName" = "EnteEnteLauf";
"browser.urlbar.showSearchSuggestionsFirst" = false;
# disable all the annoying quick actions
"browser.urlbar.quickactions.enabled" = false;
"browser.urlbar.quickactions.showPrefs" = false;
"browser.urlbar.shortcuts.quickactions" = false;
"browser.urlbar.suggest.quickactions" = false;
"distribution.searchplugins.defaultLocale" = "en-US";
"doh-rollout.balrog-migration-done" = true;
"doh-rollout.doneFirstRun" = true;
"general.useragent.locale" = "en-US";
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"extensions.extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"extensions.update.enabled" = false;
"extensions.webcompat.enable_picture_in_picture_overrides" = true;
"extensions.webcompat.enable_shims" = true;
"extensions.webcompat.perform_injections" = true;
"extensions.webcompat.perform_ua_overrides" = true;
"privacy.donottrackheader.enabled" = true;
# Yubikey
"security.webauth.u2f" = true;
"security.webauth.webauthn" = true;
"security.webauth.webauthn_enable_softtoken" = false;
"security.webauth.webauthn_enable_usbtoken" = true;
"network.dns.ipv4OnlyDomains" = "google.com";
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"layout.word_select.stop_at_punctuation" = false;
};
in {
programs.firefox = {
enable = true; enable = true;
extraExtensions = with pkgs.nur.repos.rycee.firefox-addons; [keepassxc-browser];
package = pkgs.firefox-bin;
profiles = {
default = {
isDefault = true;
id = 0;
inherit extensions settings userChrome;
};
};
webapps = {
rocket-chat = {
url = "https://chat.hetzner.company";
id = 1;
genericName = "Internet Messenger";
categories = ["Network" "InstantMessaging"];
};
};
}; };
} }

116
home/work/programs/hyprland/default.nix
View File

@ -1,19 +1,82 @@
{pkgs, ...}: { {pkgs, ...}: {
wayland.windowManager.hyprland = let services.hypridle = {
locker = "${pkgs.swaylock}/bin/swaylock"; enable = true;
set-dpms = "${pkgs.hyprland}/bin/hyprctl dispatcher dpms";
locked-dpms = pkgs.writeShellScript "locked-dpms.sh" '' settings = {
${pkgs.swayidle}/bin/swayidle -w \ general = {
timeout 10 'if pgrep -x swaylock; then ${set-dpms} off; fi' \ lock_cmd = "pidof hyprlock || hyprlock";
resume '${set-dpms} on' };
'';
idle-script = pkgs.writeShellScript "idle-lock.sh" '' listener = [
${pkgs.swayidle}/bin/swayidle -w \ {
timeout 300 '${locker} -f' \ timeout = 300;
timeout 330 '${set-dpms} off' \ on-timeout = "loginctl lock-session";
resume '${set-dpms} on' }
''; {
in { timeout = 330;
on-timeout = "hyprctl dispatch dpms off";
on-resume = "hyprctl dispatch dpms on";
}
];
};
};
programs.hyprlock = {
enable = true;
settings = {
background = {
monitor = "";
path = "screenshot";
blur_passes = 2;
blur_size = 7;
noise = 1.17e-2;
};
label = [
{
monitor = "";
text = "$TIME";
color = "rgba(242, 243, 244, 0.75)";
font_size = 95;
position = "0, 300";
halign = "center";
valign = "center";
}
{
monitor = "";
text = ''cmd[update:1000] echo $(date +"%A, %B %d")'';
color = "rgba(242, 243, 244, 0.75)";
font_size = 22;
position = "0, 200";
halign = "center";
valign = "center";
}
];
input-field = {
monitor = "";
size = "200,50";
outline_thickness = 2;
dots_size = 0.2;
dots_spacing = 0.35;
dots_center = true;
outer_color = "rgba(0, 0, 0, 0)";
inner_color = "rgba(0, 0, 0, 0.2)";
font_color = "rgb(111, 45, 104)";
fade_on_empty = false;
rounding = -1;
check_color = "rgb(30, 107, 204)";
placeholder_text = ''<i><span foreground="##cdd6f4">Input Password...</span></i>'';
hide_input = false;
position = "0, -100";
halign = "center";
valign = "center";
};
};
};
wayland.windowManager.hyprland = {
enable = true; enable = true;
settings = { settings = {
@ -22,14 +85,12 @@
exec-once = [ exec-once = [
"${pkgs.waybar}/bin/waybar" "${pkgs.waybar}/bin/waybar"
"${pkgs.mako}/bin/mako" "${pkgs.mako}/bin/mako"
idle-script
locked-dpms
]; ];
monitor = [ monitor = [
"eDP-1,1920x1080,0x0,1.333333" # Laptop screen "eDP-1,1920x1080,0x0,1.333333" # Laptop screen
"desc:LG Electronics LG ULTRAWIDE 0x000219F2,2560x1080,1440x0,1" # Primary @home "desc:Dell Inc. DELL P2723DE 79RFH14,2560x1440,1440x0,1"
# "desc:Fujitsu Siemens Computers GmbH B22W-6 LED YV3U164923,1680x1050,4000x0,1" # Secondary @home "desc:Dell Inc. DELL P2723DE 39RFH14,2560x1440,4000x0,1"
",preferred,auto,1" # Automatically configure everything else ",preferred,auto,1" # Automatically configure everything else
]; ];
@ -61,10 +122,12 @@
decoration = { decoration = {
rounding = 5; rounding = 5;
drop_shadow = true; shadow = {
shadow_range = 4; enabled = true;
shadow_render_power = 3; range = 4;
"col.shadow" = "rgba(1a1a1aee)"; render_power = 3;
color = "rgba(1a1a1aee)";
};
blur = { blur = {
enabled = true; enabled = true;
@ -93,7 +156,7 @@
"$mod, return, exec, ${pkgs.alacritty}/bin/alacritty" "$mod, return, exec, ${pkgs.alacritty}/bin/alacritty"
"$mod, D, exec, ${pkgs.rofi-wayland}/bin/rofi -show drun" "$mod, D, exec, ${pkgs.rofi-wayland}/bin/rofi -show drun"
"$mod SHIFT, Q, killactive, " "$mod SHIFT, Q, killactive, "
"$mod, L, exec, ${locker}" "$mod, L, exec, loginctl lock-session"
"$mod, V, togglefloating, " "$mod, V, togglefloating, "
"$mod, F, fullscreen, 1" "$mod, F, fullscreen, 1"
"$mod, P, pseudo, # dwindle" "$mod, P, pseudo, # dwindle"
@ -120,10 +183,6 @@
"$mod, mouse:273, resizewindow" "$mod, mouse:273, resizewindow"
]; ];
bindl = [
"$mod SHIFT, L, exec, ${locker}"
];
windowrulev2 = [ windowrulev2 = [
# KeePassXC # KeePassXC
"float,class:(org.keepassxc.KeePassXC)" "float,class:(org.keepassxc.KeePassXC)"
@ -139,6 +198,7 @@
misc = { misc = {
mouse_move_enables_dpms = true; mouse_move_enables_dpms = true;
key_press_enables_dpms = true; key_press_enables_dpms = true;
vfr = true;
}; };
}; };
}; };

357
home/work/programs/nvim/default.nix Normal file
View File

@ -0,0 +1,357 @@
{pkgs, ...}: {
programs.neovim = {
enable = false;
defaultEditor = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
withRuby = false;
withPython3 = false;
plugins = with pkgs.vimPlugins; [
vim-commentary
plenary-nvim
cmp-nvim-lsp
cmp-buffer
cmp-path
nvim-web-devicons
lsp_extensions-nvim
lsp_signature-nvim
telescope-nvim
onedark-nvim
{
plugin = fidget-nvim;
type = "lua";
config =
/*
lua
*/
''
require('fidget').setup {}
'';
}
{
plugin = symbols-outline-nvim;
type = "lua";
config =
/*
lua
*/
''
require('symbols-outline').setup()
'';
}
{
plugin = nvim-treesitter.withAllGrammars;
type = "lua";
config =
/*
lua
*/
''
require('nvim-treesitter.configs').setup {
highlight = {
enable = true, -- false will disable the whole extension
},
incremental_selection = {
enable = false,
keymaps = {
init_selection = 'gnn',
node_incremental = 'grn',
scope_incremental = 'grc',
node_decremental = 'grm',
},
},
indent = {
enable = true,
}
}
'';
}
{
plugin = nvim-tree-lua;
type = "lua";
config =
/*
lua
*/
''
local function my_on_attach(bufnr)
local api = require "nvim-tree.api"
local function opts(desc)
return { desc = "nvim-tree: " .. desc, buffer = bufnr, noremap = true, silent = true, nowait = true }
end
-- default mappings
api.config.mappings.default_on_attach(bufnr)
-- custom mappings
vim.keymap.set('n', '?', api.tree.toggle_help, opts('Help'))
vim.keymap.set('n', 's', api.node.open.horizontal, opts('Paste File'))
vim.keymap.set('n', 'ma', api.fs.create, opts('New File'))
vim.keymap.set('n', 'md', api.fs.remove, opts('Delete File'))
vim.keymap.set('n', 'me', api.fs.rename_node, opts('Rename File'))
vim.keymap.set('n', 'yy', api.fs.copy.node, opts('Copy File'))
vim.keymap.set('n', 'mp', api.fs.paste, opts('Paste File'))
end
require("nvim-tree").setup {
on_attach = my_on_attach,
}
'';
}
{
plugin = nvim-cmp;
type = "lua";
config =
/*
lua
*/
''
-- local luasnip = require 'luasnip'
local cmp = require 'cmp'
cmp.setup {
-- snippet = {
-- expand = function(args)
-- require('luasnip').lsp_expand(args.body)
-- end,
-- },
window = {
-- documentation = true,
},
mapping = cmp.mapping.preset.insert({
['<C-p>'] = cmp.mapping.select_prev_item(),
['<C-n>'] = cmp.mapping.select_next_item(),
['<C-d>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete(),
['<C-e>'] = cmp.mapping.close(),
['<CR>'] = cmp.mapping.confirm {
behavior = cmp.ConfirmBehavior.Replace,
select = true,
},
['<Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_next_item()
else
fallback()
end
end,
['<S-Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_prev_item()
else
fallback()
end
end,
}),
sources = {
{ name = 'nvim_lsp' },
-- { name = 'luasnip' },
{ name = 'buffer' },
{ name = 'path' },
-- { name = 'latex_symbols' },
},
}
'';
}
{
plugin = nvim-lspconfig;
type = "lua";
config =
/*
lua
*/
''
function hi(name, opts)
local options = ""
for k, v in pairs(opts) do
options = options.." "..k.."="..v
end
vim.cmd("highlight "..name..options)
end
local u = require('utils')
local lspc = require('lspconfig')
local ih = require("inlay-hints")
ih.setup()
local on_attach = function(client, bufnr)
local function buf_set_keymap(...) vim.api.nvim_buf_set_keymap(bufnr, ...) end
local function buf_set_option(...) vim.api.nvim_buf_set_option(bufnr, ...) end
buf_set_option('omnifunc', 'v:lua.vim.lsp.omnifunc')
local opts = { noremap=true, silent=true }
buf_set_keymap('n', '<c-]>', ':lua vim.lsp.buf.definition()<CR>', opts)
buf_set_keymap('n', 'K', ':lua vim.lsp.buf.hover()<CR>', opts)
buf_set_keymap('n', 'gD', ':lua vim.lsp.buf.implementation()<CR>', opts)
buf_set_keymap('n', '<c-k>', ':lua vim.lsp.buf.signature_help()<CR>', opts)
buf_set_keymap('n', '1gD', ':lua vim.lsp.buf.type_definition()<CR>', opts)
buf_set_keymap('n', 'gr', ':lua vim.lsp.buf.references()<CR>', opts)
buf_set_keymap('n', 'g0', ':lua vim.lsp.buf.document_symbol()<CR>', opts)
buf_set_keymap('n', 'gW', ':lua vim.lsp.buf.workspace_symbol()<CR>', opts)
buf_set_keymap('n', 'gd', ':lua vim.lsp.buf.definition()<CR>', opts)
buf_set_keymap('n', 'ga', ':lua vim.lsp.buf.code_action()<CR>', opts)
buf_set_keymap('n', 'ff', ':lua vim.lsp.buf.format({async = true})<CR>', opts)
buf_set_keymap('n', 'gn', '<cmd>lua vim.lsp.buf.rename()<CR>', opts)
--require'completion'.on_attach(client)
-- Set highlight colors
local highlights = {
Error = "Red",
Warning = "Yellow",
Information = "Blue",
Hint = "Green",
}
for typ, color in pairs(highlights) do
hi('LspDiagnosticsDefault'..typ, {ctermfg = color})
hi('LspDiagnosticsUnderline'..typ, {cterm = 'underline'})
end
vim.lsp.handlers['textDocument/publishDiagnostics'] = vim.lsp.with(
vim.lsp.diagnostic.on_publish_diagnostics,
{
virtual_text = true,
signs = true,
update_in_insert = true,
underline = true
}
)
require "lsp_signature".on_attach({doc_lines = 0})
ih.on_attach(client, bufnr)
end
-- nvim-cmp supports additional completion capabilities
local capabilities = vim.lsp.protocol.make_client_capabilities()
capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities)
local config = {
on_attach = on_attach,
capabilities = capabilities,
flags = {debounce_text_changes = 150}
}
lspc.bashls.setup(config)
lspc.nixd.setup(config)
lspc.solargraph.setup(config)
lspc.rust_analyzer.setup{
on_attach = on_attach,
capabilities = capabilities,
flags = {debounce_text_changes = 150},
settings = {
['rust-analyzer'] = {
assist = {
importGranularity = "module",
importPrefix = "by_self",
},
cargo = {
loadOutDirsFromCheck = true
},
procMacro = {
enable = true
},
checkOnSave = {
command = "clippy"
},
}
}
}
-- Set completeopt to have a better completion experience
vim.o.completeopt = 'menuone,noselect'
'';
}
];
extraLuaConfig =
/*
lua
*/
''
local onedark = require('onedark')
onedark.setup { style = 'warmer' }
onedark.load()
vim.cmd('set background=dark')
local llc = require('lualine').get_config()
llc.options.theme = 'onedark'
require('lualine').setup(llc)
local key = vim.api.nvim_set_keymap
local o = vim.o
local wo = vim.wo
local bo = vim.bo
local cmd = vim.cmd
vim.cmd([[autocmd CursorHold * lua vim.diagnostic.open_float({focusable = false})]])
key('n', ';', ':Telescope find_files<CR>', {})
key('n', '<C-n>', ':NvimTreeToggle<CR>', {})
key('n', 'gh', '/<c-r>=expand("<cword>")<CR><CR>N', {})
key('i', '<TAB>', 'pumvisible() ? "<C-n>" : "<Tab>"', { expr = true, silent = true })
key('i', '<S-TAB>', 'pumvisible() ? "<C-p>" : "<S-Tab>"', { expr = true, silent = true })
key('n', '<leader>g', ':lua require"telescope.builtin".live_grep{}<CR>', {})
key('v', '<leader>c', ':w !wl-copy<CR><CR>', { silent = true })
vim.api.nvim_exec(
[[
augroup YankHighlight
autocmd!
autocmd TextYankPost * silent! lua vim.highlight.on_yank()
augroup end
]] ,
false
)
vim.api.nvim_create_autocmd("BufEnter", {
nested = true,
callback = function()
if #vim.api.nvim_list_wins() == 1 and vim.api.nvim_buf_get_name(0):match("NvimTree_") ~= nil then
vim.cmd 'quit'
end
end
})
cmd('syntax on')
cmd('set number')
cmd('set completeopt=menuone,noinsert,noselect')
cmd('set shortmess+=c')
cmd("autocmd CursorHold,CursorHoldI *.rs :lua require'lsp_extensions'.inlay_hints{ only_current_line = true }")
o.startofline = true
wo.cursorline = true
o.updatetime = 300
wo.signcolumn='yes'
o.showcmd = true
o.shell = 'bash'
o.mouse = 'a'
o.smarttab = true
bo.tabstop = 2
bo.shiftwidth = 2
bo.expandtab = true
wo.relativenumber = true
o.hidden = true
'';
extraPackages = with pkgs; [
shfmt
nixd
nodePackages.bash-language-server
];
};
}

4
home/work/programs/tmate/.tmate.conf
View File

@ -1,8 +1,10 @@
set -g history-limit 50000 set -g history-limit 50000
set -g default-terminal "screen-256color"
set -g mouse on set -g mouse on
set -sg escape-time 50 set -sg escape-time 50
set -g default-terminal "xterm-256color"
set -as terminal-overrides ",xterm-*:Tc"
unbind C-b unbind C-b
set-option -g prefix C-a set-option -g prefix C-a
bind-key C-a send-prefix bind-key C-a send-prefix

63
nixos/celestia/configuration.nix
View File

@ -35,6 +35,9 @@ in {
sops.secrets."tailscale-auth-key" = {}; sops.secrets."tailscale-auth-key" = {};
sops.secrets."act-runner-token" = {}; sops.secrets."act-runner-token" = {};
sops.secrets."photoprism-password-file" = {}; sops.secrets."photoprism-password-file" = {};
sops.secrets."restic_ssh_key" = {};
sops.secrets."restic_documents_repository_password" = {};
sops.secrets."restic_images_repository_password" = {};
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -49,6 +52,14 @@ in {
]; ];
boot.kernelModules = ["amd-pstate"]; boot.kernelModules = ["amd-pstate"];
# *arr services are not yet all updated to .NET 8
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
networking = { networking = {
hostName = "celestia"; hostName = "celestia";
@ -81,6 +92,9 @@ in {
zfs zfs
lm_sensors lm_sensors
ffmpeg ffmpeg
rtl_433
dump1090
rtl-sdr
]; ];
users.users."root".openssh.authorizedKeys.keys = [ users.users."root".openssh.authorizedKeys.keys = [
@ -161,8 +175,10 @@ in {
samba = { samba = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
extraConfig = "map to guest = bad user"; settings = {
shares = { global = {
"map to guest" = "bad user";
};
dump = { dump = {
path = "/tank/dump"; path = "/tank/dump";
browsable = "yes"; browsable = "yes";
@ -196,16 +212,39 @@ in {
url = "https://git.fuckwit.dev"; url = "https://git.fuckwit.dev";
tokenFile = config.sops.secrets."act-runner-token".path; tokenFile = config.sops.secrets."act-runner-token".path;
labels = [ labels = [
"native:host" "nix:docker://nixos/nix:latest"
]; ];
hostPackages = with pkgs; [ # hostPackages = with pkgs; [
bash # bash
coreutils # coreutils
curl # curl
wget # wget
gnused # gnused
gitMinimal # gitMinimal
# ];
};
};
restic = let
mkBackup = repo: paths: exclude: pruneOpts: {
repository = "sftp:u169497-sub5@u169497.your-storagebox.de:${repo}";
passwordFile = config.sops.secrets."restic_${repo}_repository_password".path;
initialize = true;
extraOptions = [
"sftp.command='ssh -p23 u169497-sub5@u169497.your-storagebox.de -i ${config.sops.secrets."restic_ssh_key".path} -s sftp'"
]; ];
paths = paths;
exclude = exclude;
pruneOpts = pruneOpts;
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "1h";
};
};
in {
backups = {
documents = mkBackup "documents" ["/tank/documents"] [] ["-d 7" "-w 5" "-m 12"];
images = mkBackup "images" ["/tank/images"] ["/tank/images/import"] ["-d 7" "-w 5" "-m 12"];
}; };
}; };
@ -297,6 +336,8 @@ in {
settings = { settings = {
PHOTOPRISM_ADMIN_USER = "root"; PHOTOPRISM_ADMIN_USER = "root";
PHOTOPRISM_DEFAULT_LOCALE = "de"; PHOTOPRISM_DEFAULT_LOCALE = "de";
PHOTOPRISM_DETECT_NSFW = "true";
PHOTOPRISM_UPLOAD_NSFW = "true";
}; };
}; };
@ -397,6 +438,8 @@ in {
}; };
hardware = { hardware = {
rtl-sdr.enable = true;
fancontrol = { fancontrol = {
enable = true; enable = true;
config = '' config = ''

2
nixos/celestia/hardware-configuration.nix
View File

@ -21,7 +21,6 @@
forceImportRoot = false; forceImportRoot = false;
extraPools = ["tank"]; extraPools = ["tank"];
}; };
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/3652c231-d679-42dd-80f1-e9afccb4ca13"; device = "/dev/disk/by-uuid/3652c231-d679-42dd-80f1-e9afccb4ca13";
@ -34,6 +33,7 @@
allowDiscards = true; allowDiscards = true;
keyFileSize = 4096; keyFileSize = 4096;
keyFile = "/dev/disk/by-id/usb-Generic_Flash_Disk_D5A325A0-0:0"; keyFile = "/dev/disk/by-id/usb-Generic_Flash_Disk_D5A325A0-0:0";
tryEmptyPassphrase = true;
}; };
}; };

9
nixos/celestia/secrets.yaml
View File

@ -2,6 +2,9 @@ acme.env: ENC[AES256_GCM,data:VgSJO2Q32csfN0DEH6kTsaN0z/hRa0fRHLUleju+gqBPjoQmZG
tailscale-auth-key: ENC[AES256_GCM,data:Rvq2wL9civCoH6acKk3lYIXbVAME+kUmeuQYOTl+rvdb5bFoI5i688qI58ceF47PGKi1jeXe46SkJGJe0iY=,iv:b0kavSFEG40Jxa3yAjttarN5N3nOLEbZYqP3LOXvBrU=,tag:cpgYzoX9L6+1IHnmjfZfQg==,type:str] tailscale-auth-key: ENC[AES256_GCM,data:Rvq2wL9civCoH6acKk3lYIXbVAME+kUmeuQYOTl+rvdb5bFoI5i688qI58ceF47PGKi1jeXe46SkJGJe0iY=,iv:b0kavSFEG40Jxa3yAjttarN5N3nOLEbZYqP3LOXvBrU=,tag:cpgYzoX9L6+1IHnmjfZfQg==,type:str]
act-runner-token: ENC[AES256_GCM,data:vNYCpt96yFeEUERCXYlk5p1NbVrQOBps7jEUI+4aXonxTDTDfyPZF8tjCjERfg==,iv:hMUz99UdHlXwhTGKr4QlrvkDTfy+jVCSOQlQEENTDI8=,tag:buvPFy10R0BKu4tQBMJhEg==,type:str] act-runner-token: ENC[AES256_GCM,data:vNYCpt96yFeEUERCXYlk5p1NbVrQOBps7jEUI+4aXonxTDTDfyPZF8tjCjERfg==,iv:hMUz99UdHlXwhTGKr4QlrvkDTfy+jVCSOQlQEENTDI8=,tag:buvPFy10R0BKu4tQBMJhEg==,type:str]
photoprism-password-file: ENC[AES256_GCM,data:a0fqrjRDc2M=,iv:H/kLPIJsti8QsOJjwPGFSELD4LHb8u8dIkq8pd7W61E=,tag:xp/vpqE/n+alm17d9eIRcA==,type:str] photoprism-password-file: ENC[AES256_GCM,data:a0fqrjRDc2M=,iv:H/kLPIJsti8QsOJjwPGFSELD4LHb8u8dIkq8pd7W61E=,tag:xp/vpqE/n+alm17d9eIRcA==,type:str]
restic_ssh_key: ENC[AES256_GCM,data:NK7WXhnnueZ6kVZJnjShZ/QaNXINrJ6+youN3EPBmNjiLBTJHFg4LVR3MCU1GaK2HJpbz3qEJa/kto9LPONRR0F6LO6/7U17O0fdzF7Ca7u4xHI7uKBE6x9/dhd5MHJ2yQpEUwJnTB6i/++OcbSfTJmp062jTgWxdarngt6skx0m5JIlu6lhLKyFzGa+cBIesFItredQ2SJroUC4rK3CiQLutuaBlhw90wys3T2uTtRRgzQ08AF90+JY5jqflZposQPT0ox+xEegOyZ4UJxX2WToxD998N7/eETxo2E94zL/5f2mGoubDxwPTZp8cPX+1g85tFjhn361OSgHBwgRRT3rs/js1xZkQQO2McKPyGZVHOzQ0GSrpvxiSiUZk8/49eynEkWUsY2YXQxvl3/s6r/Toh9Wbr9mo3X67A2phTx1beEnU8XMwWS/5ZnqtFNHvxC6tfkAIwblNvCc9mTigSYhOji9TBpcZNOCumY/MYzGSCzxSFXcOnsKZKjxdE3ByHFKcMvJ+uiaav000MbdplOOsYLCSpdQAAZH,iv:JFcu2GO8k7awfB8RV17tcFj5KhXmUxnzjnoEdmMaqxc=,tag:awy4njmuS/l5CCFqWdsy3A==,type:str]
restic_documents_repository_password: ENC[AES256_GCM,data:rcQ5PsvJW2i3e2v1FqbqCOoqiblqFDsqRifzY6YxIKZTNSNrRPgqUduqei/0aSGJTNG+zYS4YRCooCZ/E7mYFg==,iv:IO6OGY+Dfai0Hl/NWT7bqqhTkfhXlUqqnJyQjm87fSw=,tag:K3D112tm+kC5OpEF2t+oZQ==,type:str]
restic_images_repository_password: ENC[AES256_GCM,data:yNWUqZ9ddkfD15mO7NocUYwqNWPaTHXfLkMNq7yy5xgSG4I3G01mFTt5qCPbZ0n+Y6DFlhDQBLAC5SwOvVNggA==,iv:LqA7TG9TS7eyHZ/xqF+L1w5imPdogQGH0DyokaQj4Bc=,tag:1OLRp7VO8Lfy1nQcUr3OWA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -17,8 +20,8 @@ sops:
K0RaVVNSczZBcDNtaXhGem5iQnlVTDAK+XogkPQD2xYQ7sW8DwAXaaLA/ftw6vZM K0RaVVNSczZBcDNtaXhGem5iQnlVTDAK+XogkPQD2xYQ7sW8DwAXaaLA/ftw6vZM
wsNs0uun9dgGjZIXcU6AIsrJeUiWBl5zgc6CCd/ad/3QxpmKj1p9Mg== wsNs0uun9dgGjZIXcU6AIsrJeUiWBl5zgc6CCd/ad/3QxpmKj1p9Mg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-26T08:34:59Z" lastmodified: "2024-11-18T18:21:19Z"
mac: ENC[AES256_GCM,data:bqt8+j+t4p2T6+y3+GkeZB2DsHpf9ugBNBnnR1+m9nyKRsS1bR7divl0GZyndlmPMEzOxGJSeHjDhTwrQ/w6szmmHFuUEpogkiJUxzZM9UUa/k4zBQlgVliQM/uuAvYEQJgWVwBJgkIEHsn/F3QGFPCOY/9N9epkhqr1BgfkMQo=,iv:3DhlnJQ70blHqK+n1DrV8FdjUj6qDQ7L8t/r7tOkEQY=,tag:exY8TN8XIuLvoRDhEHDWTQ==,type:str] mac: ENC[AES256_GCM,data:3QqYfYJpIb1kcd6Kh92BbfQIBrsniet3HYVR56V5g/eHRwJpy526A8Gpntc0vdu7Adpv/bbaaPzmCTeanhEXwXB38iXnEsWSsUBn/KyT0bhIi7HcXNfRM6al7cWA6YBwSyy12ElD0Bf/fX2ptUId39tOj3yr7Rg4VaXMr9gEsMk=,iv:s5LlkeHcjoqWeQDBQmoOTZWI7L18bJi/yz3yv8uGoSM=,tag:FH/CbzCyqBp1ebeKIPox8g==,type:str]
pgp: pgp:
- created_at: "2024-01-25T08:00:56Z" - created_at: "2024-01-25T08:00:56Z"
enc: |- enc: |-
@ -33,4 +36,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5FA64909521A5C85992F26E0F819AEFF941BB849 fp: 5FA64909521A5C85992F26E0F819AEFF941BB849
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.1

8
nixos/configurations.nix
View File

@ -1,9 +1,7 @@
{ {
self, self,
nixpkgs, nixpkgs,
nixpkgs-stable,
sops-nix, sops-nix,
home-manager,
lanzaboote, lanzaboote,
simple-nixos-mailserver, simple-nixos-mailserver,
inputs, inputs,
@ -61,7 +59,9 @@
inherit ip sshUser sshPort allowLocalDeployment remoteBuild; inherit ip sshUser sshPort allowLocalDeployment remoteBuild;
}; };
} }
{nixpkgs.system = "${system}";} {
nixpkgs.system = "${system}";
}
] ]
++ additionalModules ++ additionalModules
++ [file]; ++ [file];
@ -90,7 +90,7 @@ in {
np = nixpkgs; np = nixpkgs;
system = "x86_64-linux"; system = "x86_64-linux";
ip = "192.168.1.11"; ip = "192.168.1.11";
# remoteBuild = false; remoteBuild = false;
file = ./celestia/configuration.nix; file = ./celestia/configuration.nix;
}; };

23
nixos/framework/configuration.nix
View File

@ -6,6 +6,8 @@
... ...
}: { }: {
imports = [./hardware-configuration.nix]; imports = [./hardware-configuration.nix];
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets."tailscale-auth-key" = {};
boot.bootspec.enable = true; boot.bootspec.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.systemd-boot.enable = lib.mkForce false;
@ -14,7 +16,7 @@
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
}; };
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_6_9; boot.kernelPackages = pkgs.linuxPackages_6_11;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -33,21 +35,26 @@
extraPackages = [pkgs.vaapiVdpau]; extraPackages = [pkgs.vaapiVdpau];
}; };
hardware.rtl-sdr.enable = true;
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
security.pam.services.swaylock = {}; security.pam.services.swaylock = {};
security.pam.services.hyprlock = {};
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
font-awesome font-awesome
(nerdfonts.override {fonts = ["FiraMono"];}) nerd-fonts.fira-mono
mypkgs.comic-mono mypkgs.comic-mono
]; ];
services = { services = {
illum.enable = true; illum.enable = true;
fwupd.enable = true; fwupd.enable = true;
fprintd.enable = false; # currently broken fprintd.enable = true; # currently broken
pcscd.enable = true; pcscd.enable = true;
udisks2.enable = true;
tlp = { tlp = {
enable = true; enable = true;
settings = { settings = {
@ -97,6 +104,14 @@
lidSwitchExternalPower = "ignore"; lidSwitchExternalPower = "ignore";
extraConfig = "HoldoffTimeoutSec=300s"; extraConfig = "HoldoffTimeoutSec=300s";
}; };
tailscale = {
enable = true;
extraUpFlags = [
"--accept-routes=true"
];
authKeyFile = config.sops.secrets."tailscale-auth-key".path;
};
}; };
services.pipewire = { services.pipewire = {
@ -111,7 +126,7 @@
users.users.patrick = { users.users.patrick = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel"]; extraGroups = ["wheel" "plugdev"];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

33
nixos/framework/secrets.yaml Normal file
View File

@ -0,0 +1,33 @@
tailscale-auth-key: ENC[AES256_GCM,data:jReYmVBmruNXXOlB9ep1Vx84XSKA8JAPReuxXglPMNDCUOIaX2S7zPuxAJp4KYhE91CnCNzprW/rdGejMw==,iv:251dyqcTqRh6N/lM07spgcyBnsxvwTdhKXdM45hepTc=,tag:/JqRTN80TJmA3H06Efbx8A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age18kc63lpfutqlw505fkqagumqup6dtpudajeaheueuaf0frjpdc3suz49qk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQ29IUmRFcjNXNFRVZDh5
ZGE0YUJxYmFITHJ1N1RtVkNHbnpBYS9IM0g0CmFWak94ZE9BR2x2cHhrTkxxVWVn
czlRNUJoSm5FUVVPQVdXMnp6V1dMRjAKLS0tIFNUWVNCMEhjbEpjUXhRS05QTFpL
bk1raG5pVE10ZEh1RXdYUXY0ZkVkUW8K5JWNqbd6k6slfOR9xfc6a58tdouElwlX
w4MzIE7dUlqYux4MxbTzXhnX/A3D2oXg60Ya5rKqakgnAYvWlNwwAw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-25T15:49:24Z"
mac: ENC[AES256_GCM,data:GQcgu7CWkUPrcsYlSK8rbnZIu3Ph/q5ohEt2F46Q5afEh2j0aQQfdlO7suFUmO93qoQ4Z4qo6HmSsqajR5QTMvWMjERSdAYh8WiX64zgnxzYD32GCLjvtp3NSraIHy5RsnX/+4vNDsGVq1pJIEr6McWuvxuuZ3cT2JbHiui8cGI=,iv:GkHo9aM6JXM1+kY42au7Rm3fJrqOnncKLxLC52JrVUw=,tag:7Ua+LTsfihrr+qcVhKvJPA==,type:str]
pgp:
- created_at: "2024-11-25T15:46:53Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DMGJRmcuHhnsSAQdAIUNST8klTbwju58Y6yBe8tZtn0yK4hCrocSfV5qAOz8w
eDZyWmShWVeAMIksZPJthyq2GmExd6S+BPjgn6sLmeaDBHzUsLV2lexpGSTif6MW
1GgBCQIQVijI8dBnboVzsQHN1Yaj9Ntfb++u29TBmYiXLm455jsr/Aqwp8I9ZM0P
tMPkxT6kHebICXpsbZvkSxv3kaPK1+TBGZkk8VEZxZZBl7NpvCAKufOiCHU/sH8I
UOJGtqbpiWwqJQ==
=qjQD
-----END PGP MESSAGE-----
fp: 5FA64909521A5C85992F26E0F819AEFF941BB849
unencrypted_suffix: _unencrypted
version: 3.9.1

51
nixos/laptop/configuration.nix
View File

@ -17,7 +17,7 @@
preLVM = true; preLVM = true;
}; };
}; };
boot.kernelPackages = pkgs.linuxPackages_6_8; boot.kernelPackages = pkgs.linuxPackages_6_6;
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
@ -113,14 +113,7 @@
xserver = { xserver = {
enable = true; enable = true;
# windowManager.awesome = {
# enable = true;
# package = pkgs.callPackage ../../overrides/awesome.nix {};
# };
displayManager = { displayManager = {
# sddm.enable = true;
# defaultSession = "none+awesome";
gdm = { gdm = {
enable = true; enable = true;
wayland = true; wayland = true;
@ -134,46 +127,6 @@
}; };
}; };
# services.jupyter = {
# enable = true;
# package = pkgs.jupyter-all;
# command = "jupyter-lab";
# group = "users";
# password = "'$argon2i$v=19$m=4096,t=3,p=1$a2pzamhrdjgzaGtzZGZoZGY4NzcydWhkZnM$fuPanvCWOsPNpBjyLaBz3YRRzmSSdpp8kaYJAyEPtWA'";
# kernels = let
# juliaEnv = pkgs.julia_19-bin.withPackages ["IJulia" "Plots"];
# ijulia = builtins.readFile (
# pkgs.runCommand "${juliaEnv.name}-ijulia-pkgdir"
# {
# buildInputs = [juliaEnv];
# } ''
# ${juliaEnv}/bin/julia -e 'using IJulia; print(pkgdir(IJulia))' >$out
# ''
# );
# in {
# ijulia = {
# displayName = "Julia ${juliaEnv.julia.version}";
# argv = [
# "${juliaEnv}/bin/julia"
# "-i"
# "--color=yes"
# "${ijulia}/src/kernel.jl"
# "{connection_file}"
# ];
# language = "julia";
# interruptMode = "signal";
# logo32 = "${ijulia}/deps/logo-32x32.png";
# logo64 = "${ijulia}/deps/logo-64x64.png";
# };
# };
# };
# # systemd.services.jupyter.environment.JUPYTER_DATA_DIR = builtins.toString (pkgs.jupyter-kernel.create {
# # definitions = config.services.jupyter.kernels;
# # });
# systemd.services.jupyter.environment.JUPYTER_DATA_DIR = ".jupyter/data";
# systemd.services.jupyter.environment.JUPYTER_RUNTIME_DIR = "/var/lib/jupyter/.local/share/jupyter/runtime";
security.sudo.configFile = '' security.sudo.configFile = ''
Defaults lecture=always Defaults lecture=always
Defaults lecture_file=${../../misc/sudo_lecture} Defaults lecture_file=${../../misc/sudo_lecture}
@ -182,7 +135,7 @@
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
font-awesome font-awesome
(nerdfonts.override {fonts = ["FiraMono"];}) nerd-fonts.fira-mono
mypkgs.comic-mono mypkgs.comic-mono
]; ];

67
nixos/primordial/configuration.nix
View File

@ -12,6 +12,9 @@ in {
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
sops.secrets."gitea.env" = {}; sops.secrets."gitea.env" = {};
sops.secrets."keycloak_db_pw" = {}; sops.secrets."keycloak_db_pw" = {};
sops.secrets."restic_mail_repository_password" = {};
sops.secrets."restic_ssh_key" = {};
sops.secrets."act-runner-token" = {};
imports = [ imports = [
./mail.nix ./mail.nix
@ -229,6 +232,22 @@ in {
lfs.enable = true; lfs.enable = true;
}; };
gitea-actions-runner.instances = {
docker-runner = {
enable = true;
name = "primordial-docker";
url = "https://git.fuckwit.dev";
tokenFile = config.sops.secrets."act-runner-token".path;
labels = [
"ubuntu-latest:docker://node:16-bullseye"
];
settings = {
runner.capacity = 5;
cache.enabled = false;
};
};
};
grafana = { grafana = {
enable = true; enable = true;
@ -248,22 +267,40 @@ in {
}; };
}; };
keycloak = { restic = {
enable = true; backups = {
mail = {
database = { repository = "sftp:u169497-sub5@u169497.your-storagebox.de:mail";
type = "postgresql"; initialize = true;
createLocally = true; extraOptions = [
passwordFile = config.sops.secrets."keycloak_db_pw".path; "sftp.command='ssh -p23 u169497-sub5@u169497.your-storagebox.de -i ${config.sops.secrets."restic_ssh_key".path} -s sftp'"
];
passwordFile = config.sops.secrets."restic_mail_repository_password".path;
paths = ["/var/vmail" "/var/dkim"];
timerConfig = {
OnCalendar = "00:05";
RandomizedDelaySec = "1h";
};
};
};
}; };
settings = { # keycloak = {
hostname = "sso.fuckwit.dev"; # enable = true;
http-host = "127.0.0.1"; #
http-port = 8004; # database = {
proxy = "edge"; # type = "postgresql";
}; # createLocally = true;
}; # passwordFile = config.sops.secrets."keycloak_db_pw".path;
# };
#
# settings = {
# hostname = "sso.fuckwit.dev";
# http-host = "127.0.0.1";
# http-port = 8004;
# proxy = "edge";
# };
# };
# drone-server = { # drone-server = {
# enable = true; # enable = true;
@ -277,6 +314,8 @@ in {
# }; # };
}; };
virtualisation.podman.enable = true;
users.users."root".openssh.authorizedKeys.keys = [ users.users."root".openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8zNAXScQ4FoWNxF4+ALJXMSi3EbpqZP5pO9kfg9t8o patrick@NBG1-DC3-PC20-2017-10-24" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8zNAXScQ4FoWNxF4+ALJXMSi3EbpqZP5pO9kfg9t8o patrick@NBG1-DC3-PC20-2017-10-24"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPflDQOANGhgtfo2psRwSFtY5ETHX/bsDmqrho3iX9jt root@arschlinux" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPflDQOANGhgtfo2psRwSFtY5ETHX/bsDmqrho3iX9jt root@arschlinux"

1
nixos/primordial/mail.nix
View File

@ -5,6 +5,7 @@
}: { }: {
mailserver = { mailserver = {
enable = true; enable = true;
enableManageSieve = true;
fqdn = "mail.fuckwit.dev"; fqdn = "mail.fuckwit.dev";
domains = ["fuckwit.dev"]; domains = ["fuckwit.dev"];

9
nixos/primordial/secrets.yaml
View File

@ -1,5 +1,8 @@
gitea.env: ENC[AES256_GCM,data:wkSPzLQtL3vGNIjG+jG6I3+R7wLBBdXeaCHbKxMbpVOldo8zrPLu8HdoryneRro58d7D9Cao9x+n5SvYNfGwHPgDJG8saXTeyEffIWIKNC+5+8fjiWwIkAvstckmZjSLitVxcwhifs49jmZgW/xQBPEPiAHzVkjeueV7p/Jm9WgyD2ycPrKUvNEYJ6DWZqQq9r10Y/KsRZsvRzF2cp6YeX7YGjW7E2wuQz9yy8gOFHxmoJxAc4zM7XaKZWKtow1UPCjTtxiY7qRkWK7KQt21Xf3FCsU=,iv:qQv7hbqh3Kl6sE/XW37D9AbYt4gLJw5BnfbbLIkzOd4=,tag:g6Cecvdb67W01HvIULNzsQ==,type:str] gitea.env: ENC[AES256_GCM,data:wkSPzLQtL3vGNIjG+jG6I3+R7wLBBdXeaCHbKxMbpVOldo8zrPLu8HdoryneRro58d7D9Cao9x+n5SvYNfGwHPgDJG8saXTeyEffIWIKNC+5+8fjiWwIkAvstckmZjSLitVxcwhifs49jmZgW/xQBPEPiAHzVkjeueV7p/Jm9WgyD2ycPrKUvNEYJ6DWZqQq9r10Y/KsRZsvRzF2cp6YeX7YGjW7E2wuQz9yy8gOFHxmoJxAc4zM7XaKZWKtow1UPCjTtxiY7qRkWK7KQt21Xf3FCsU=,iv:qQv7hbqh3Kl6sE/XW37D9AbYt4gLJw5BnfbbLIkzOd4=,tag:g6Cecvdb67W01HvIULNzsQ==,type:str]
keycloak_db_pw: ENC[AES256_GCM,data:1oBqzpFokAmjkT770YKYwzCllaGTprtDR9W4B/+V6ZUXPhJ1R9DNWZHqpQ==,iv:dK36GBiDj12HVjUkZqTVk/rR6s1sf6dmQTk1ZJQwi+I=,tag:6Ix9QSf+A0U82sG0z8wSmw==,type:str] keycloak_db_pw: ENC[AES256_GCM,data:1oBqzpFokAmjkT770YKYwzCllaGTprtDR9W4B/+V6ZUXPhJ1R9DNWZHqpQ==,iv:dK36GBiDj12HVjUkZqTVk/rR6s1sf6dmQTk1ZJQwi+I=,tag:6Ix9QSf+A0U82sG0z8wSmw==,type:str]
restic_mail_repository_password: ENC[AES256_GCM,data:B2XAP9tnztl/c7HB7bHywfJcwV9sLahfqCfI0TajWaWHPhRsZow4yxhn813FN4pINb5i1kYyiRG/sMXMKAFo9g==,iv:pQnVRVtuhcVtH/Kot9hcx8DSA4qlkksuUiY8HaOawfk=,tag:4lbmh8bQDSVNbI06/gNUlQ==,type:str]
restic_ssh_key: ENC[AES256_GCM,data:HpS73OEFvqSLYg8Qh1syJEjCfv5og5VxxzK2VPmAFRk5BzM4xF3Dn0cmJtQpwMMwaRGRWFdCTMrQCBWRrLgDt7wUyMpBn1HivLr4nwEOU4oDStv+1zKmrNbWLSYw3TbHoNJ2K+C46lfpV9CBdb+8dmv2vto6HoKFrOYc5/ftYd7lD9zMhueAMCc3q7aPsIFGb2TRGNz1wrF6Cn9ew1Oqh/P7xlUuIgS0kAKRrybhiIO9IUgQsTV3qqZIXogP4Yy2OLSyhbtDuvtLAncL2pJ/ZsGme47G8HoFomyqEIf0eq7YKqlpTqKPbbnxfWSlWYGg+l9OtCJOeyp5oEZ6sjPNdTUYjpcVZpHNEEa2zkaZzRj5Jo/GIiJfCu4F0kk4opbqEUTeDQHgesylxwpd/v5zaplGEqpYZ7y/DAud+YUw7XWYWjy60kjlZdkbKwrL/Cg4dxWY8Cc7v42Ve7aADgSEpEhwo5rHxM3JSVHHHunfC6y+/Qin26wQZhF1w+d8/yqSaJidx6FsDSipGCJtXa9liIG7oG2vUlmYm4rE,iv:d/AFzPAJGSGv1WzQY4+p8mImFoWKkaoMRtIBNAYiU0E=,tag:mdE/e2VX5zdrFT43NZaYNQ==,type:str]
act-runner-token: ENC[AES256_GCM,data:QEiYYYg8fZQIwVPT+vG2Eo8JO9y5PgVJBm5E1UlujANigQKvVkhPbVtulIB1Fg==,iv:V88x7xqYlbZuawPFU824bZtvM/b44BBVIjhnmtdYCwo=,tag:PgQcH1nkRpHCiBBMCSXfxg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -15,8 +18,8 @@ sops:
V1h2NGxyNVc3WnF2ZFBpQm1oK1AzeGcK4GoD2E8nwOl/WKtgMgs0Y1Q8abRX4mpy V1h2NGxyNVc3WnF2ZFBpQm1oK1AzeGcK4GoD2E8nwOl/WKtgMgs0Y1Q8abRX4mpy
GdHGDQUWvySCisJo4JXsooYkLjOyKvir+vcVbX4nDd4L1W2OMULkrg== GdHGDQUWvySCisJo4JXsooYkLjOyKvir+vcVbX4nDd4L1W2OMULkrg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-25T19:17:29Z" lastmodified: "2025-01-10T21:24:52Z"
mac: ENC[AES256_GCM,data:Qnou0/umwMX2XD7gDF6SceFI5tLjOO30OVhFSXhxc2yuFj/gB0R1bPplLm5j/wmxfRQDvvm2zLgGFMqt+8i4Z+6OYgbuwFcv4FR2E001aWVj1zh+F8pRZVTxqnsvegoKWQwoXkhZe5S/fjX9N09SMYhBkjLUh9fboGXajEpDws8=,iv:hTQgeyli/MPaUVxJSzhDK+ssxv78w7hRBtQ1pnZGASg=,tag:HDKQ2duHMYvGa74Vp0fIjw==,type:str] mac: ENC[AES256_GCM,data:8zOgUn3QPUk6pZxaAVYN+yxIBRAihG9UpHEWSR37gQUT2hYG6ddHDBF56u0G0Hmpa2jUHUNw7hKe2YH7UVxc84Gmsv2oAQL6TPhgtwDBazViF0N9imt3+SEphx0t9Is58pzgFNp7uqy45GaoFtuQ1DIQOG090mHTLHZpnf1YL8o=,iv:EDNwgcGDqAZK4ZSQHxTjyLGhwKkK/TriyeL1FJ6J/Cs=,tag:5WZk+MnZb0kLrVrs601SiA==,type:str]
pgp: pgp:
- created_at: "2024-01-25T11:10:44Z" - created_at: "2024-01-25T11:10:44Z"
enc: |- enc: |-
@ -31,4 +34,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5FA64909521A5C85992F26E0F819AEFF941BB849 fp: 5FA64909521A5C85992F26E0F819AEFF941BB849
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.9.2

1
outputs.nix
View File

@ -2,7 +2,6 @@
self, self,
flake-utils, flake-utils,
nixpkgs, nixpkgs,
nurpkgs,
deploy, deploy,
home-manager, home-manager,
... ...

4
pkgs/comic-mono/default.nix
View File

@ -22,8 +22,8 @@ pkgs.stdenv.mkDerivation rec {
}; };
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
python39 python311
python39Packages.fontforge python311Packages.fontforge
pkgs.unzip pkgs.unzip
]; ];

12
renovate.json Normal file
View File

@ -0,0 +1,12 @@
{
"nix": {
"enabled": true
},
"lockFileMaintenance": {
"enabled": true,
"schedule": [
"at any time"
]
},
"automerge": true
}