caspervk/nixos
1
0
Fork 0
Code Actions Activity

Alejandra 💅

Browse source
This commit is contained in:
Casper V. Kristensen 2024-03-05 22:57:41 +01:00
parent 163a7f38c4
commit a7b28837ee
61 changed files with 472 additions and 306 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
flake.nix
View file

@ -38,9 +38,13 @@
};
};
outputs = { self, nixpkgs, ... } @ inputs: {
# https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-fmt.html
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
outputs = {
self,
nixpkgs,
...
} @ inputs: {
# https://kamadorueda.com/alejandra/
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
nixosConfigurations = {
# Home desktop

9
hosts/alpha/hardware.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, modulesPath, ... }: {
{
config,
lib,
pkgs,
modulesPath,
...
}: {
# https://nixos.wiki/wiki/Install_NixOS_on_Hetzner_Cloud
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
@ -38,4 +44,3 @@
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

7
hosts/mu/git.nix
View file

@ -1,4 +1,8 @@
{ home-manager, lib, ... }: {
{
home-manager,
lib,
...
}: {
home-manager.users.caspervk = {
programs.git = {
userEmail = lib.mkForce "vk@magenta.dk";
@ -6,7 +10,6 @@
# https://docs.gitlab.com/ee/user/project/push_options.html
mr = "push --push-option=merge_request.create --push-option=merge_request.assign='vk'";
};
};
};
}

10
hosts/mu/hardware.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, modulesPath, nixos-hardware, ... }: {
{
config,
lib,
pkgs,
modulesPath,
nixos-hardware,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.common-cpu-intel
@ -14,7 +21,6 @@
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
fileSystems."/" = {
device = "none";

5
hosts/mu/sway.nix
View file

@ -18,7 +18,10 @@
};
};
workspaceOutputAssign = [
{ workspace = "9"; output = "eDP-1"; }
{
workspace = "9";
output = "eDP-1";
}
];
};
};

9
hosts/omega/hardware.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, modulesPath, nixos-hardware, ... }: {
{
config,
lib,
pkgs,
modulesPath,
nixos-hardware,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.common-cpu-amd

10
hosts/omega/sway.nix
View file

@ -14,8 +14,14 @@
};
};
workspaceOutputAssign = [
{ workspace = "8"; output = "DP-2"; }
{ workspace = "9"; output = "DP-2"; }
{
workspace = "8";
output = "DP-2";
}
{
workspace = "9";
output = "DP-2";
}
];
};
};

9
hosts/tor/hardware.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, modulesPath, ... }: {
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
@ -36,4 +42,3 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

7
hosts/tor/network.nix
View file

@ -10,7 +10,12 @@
];
routes = [
{routeConfig = {Gateway = "91.210.59.1";};}
{ routeConfig = { Gateway = "2a0d:3e83:1::1"; GatewayOnLink = true; }; }
{
routeConfig = {
Gateway = "2a0d:3e83:1::1";
GatewayOnLink = true;
};
}
];
};
};

10
hosts/tor/tor.nix
View file

@ -3,8 +3,14 @@
settings = {
Nickname = "DXV7520";
ORPort = [
{ addr = "91.210.59.57"; port = 443; }
{ addr = "[2a0d:3e83:1:b284::1]"; port = 443; }
{
addr = "91.210.59.57";
port = 443;
}
{
addr = "[2a0d:3e83:1:b284::1]";
port = 443;
}
];
};
};

9
hosts/zeta/hardware.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, modulesPath, nixos-hardware, ... }: {
{
config,
lib,
pkgs,
modulesPath,
nixos-hardware,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.common-cpu-intel

6
modules/base/agenix.nix
View file

@ -1,4 +1,8 @@
{ agenix, pkgs, ... }: {
{
agenix,
pkgs,
...
}: {
# Agenix manages the deployment of secrets by public-key encrypting them to
# each system's ssh host key. See the README for more information.
# https://github.com/ryantm/agenix

7
modules/base/docker.nix
View file

@ -19,7 +19,12 @@
# Persist docker volumes
environment.persistence."/nix/persist" = {
directories = [
{ directory = "/var/lib/docker"; user = "root"; group = "root"; mode = "0700"; }
{
directory = "/var/lib/docker";
user = "root";
group = "root";
mode = "0700";
}
];
};
}

6
modules/base/home-manager.nix
View file

@ -1,4 +1,8 @@
{ config, home-manager, ... }: {
{
config,
home-manager,
...
}: {
# Like NixOS manages the system configuration, Home Manager manages the user
# environment.
#

21
modules/base/impermanence.nix
View file

@ -28,10 +28,25 @@
hideMounts = true;
directories = [
# See comment above for /tmp
{ directory = "/tmp"; user = "root"; group = "root"; mode = "1777"; }
{
directory = "/tmp";
user = "root";
group = "root";
mode = "1777";
}
# Save the last run time of persistent timers so systemd knows if they were missed
{ directory = "/var/lib/systemd/timers"; user = "root"; group = "root"; mode = "0755"; }
{ directory = "/var/log"; user = "root"; group = "root"; mode = "0755"; }
{
directory = "/var/lib/systemd/timers";
user = "root";
group = "root";
mode = "0755";
}
{
directory = "/var/log";
user = "root";
group = "root";
mode = "0755";
}
];
files = [
"/etc/machine-id" # needed for /var/log

7
modules/base/network.nix
View file

@ -51,7 +51,12 @@
services.vnstat.enable = true;
environment.persistence."/nix/persist" = {
directories = [
{ directory = "/var/lib/vnstat"; user = "root"; group = "root"; mode = "0755"; }
{
directory = "/var/lib/vnstat";
user = "root";
group = "root";
mode = "0755";
}
];
};
}

7
modules/base/nix.nix
View file

@ -1,4 +1,9 @@
{ nix-index-database, nixpkgs-unstable, nixpkgs, ... }: {
{
nix-index-database,
nixpkgs-unstable,
nixpkgs,
...
}: {
imports = [
nix-index-database.nixosModules.nix-index
];

6
modules/base/users.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
users = {
# Don't allow imperative modifications to users (incompatible with impermanence)
mutableUsers = false;

6
modules/base/vim/default.nix
View file

@ -1,4 +1,8 @@
{ home-manager, pkgs, ... }: {
{
home-manager,
pkgs,
...
}: {
home-manager.users.caspervk = {
programs.neovim = {
enable = true;

7
modules/borg.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}: {
# BorgBackup (short: Borg) is a deduplicating backup program.
# https://nixos.wiki/wiki/Borg_backup
# https://nixos.org/manual/nixos/stable/#module-borgbase

6
modules/desktop/alacritty.nix
View file

@ -10,7 +10,11 @@
# It's easy to open a new terminal using Mod+Enter in sway, but it
# always opens in the home directly. This binds Control+Shift+Enter
# to open a new terminal in the current directory.
{ key = "Return"; mods = "Control|Shift"; action = "SpawnNewInstance"; }
{
key = "Return";
mods = "Control|Shift";
action = "SpawnNewInstance";
}
];
};
};

7
modules/desktop/clipman.nix
View file

@ -1,4 +1,9 @@
{ home-manager, lib, pkgs, ... }: {
{
home-manager,
lib,
pkgs,
...
}: {
# Clipboard manager. It can help persist clipboard contents after closing an
# application - which otherwise isn't supported in Wayland - but that breaks
# rich content copying in general. Therefore, we only use it for clipboard

7
modules/desktop/flatpak.nix
View file

@ -14,7 +14,12 @@
# Persist flatpaks
environment.persistence."/nix/persist" = {
directories = [
{ directory = "/var/lib/flatpak"; user = "root"; group = "root"; mode = "0755"; }
{
directory = "/var/lib/flatpak";
user = "root";
group = "root";
mode = "0755";
}
];
};
}

7
modules/desktop/network.nix
View file

@ -14,7 +14,12 @@
# Persist WiFi passwords and other network configuration
environment.persistence."/nix/persist" = {
directories = [
{ directory = "/etc/NetworkManager/system-connections"; user = "root"; group = "root"; mode = "0700"; }
{
directory = "/etc/NetworkManager/system-connections";
user = "root";
group = "root";
mode = "0700";
}
];
};

14
modules/desktop/programs.nix
View file

@ -1,4 +1,10 @@
{ home-manager, lib, nixpkgs, pkgs, ... }: {
{
home-manager,
lib,
nixpkgs,
pkgs,
...
}: {
# Packages useful on a desktop computer which don't require their own module
environment.systemPackages = with pkgs; [
@ -6,7 +12,8 @@
gimp
jetbrains.pycharm-professional
keepassxc
(kodi-wayland.withPackages (kodiPackages: with kodiPackages; [
(kodi-wayland.withPackages (kodiPackages:
with kodiPackages; [
jellyfin
]))
libqalculate
@ -19,7 +26,8 @@
webcord # discord
];
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"android-studio-stable"
"pycharm-professional"
"spotify"

6
modules/desktop/rofi.nix
View file

@ -1,4 +1,8 @@
{ home-manager, pkgs, ... }: {
{
home-manager,
pkgs,
...
}: {
# A window switcher, application launcher and dmenu replacement. Used to open
# programs, view the clipboard history, and select emojis.
# https://github.com/davatorium/rofi

40
modules/desktop/sway.nix
View file

@ -1,4 +1,9 @@
{ home-manager, lib, pkgs, ... }: {
{
home-manager,
lib,
pkgs,
...
}: {
# https://nixos.wiki/wiki/Sway
programs.sway = {
@ -125,8 +130,7 @@
# https://github.com/Alexays/Waybar/wiki/Configuration
# https://github.com/Alexays/Waybar/blob/master/resources/config
programs.waybar =
let
programs.waybar = let
# It isn't possible to extend the default Waybar config in Home
# Manager; as soon as any setting is defined it overwrites the entire
# default configuration. To combat this, we parse the default config
@ -140,8 +144,7 @@
'';
};
defaultConfig = builtins.fromJSON (lib.readFile "${mkDefaultConfig}");
in
{
in {
enable = true;
settings = {
bar = lib.mkMerge [
@ -234,22 +237,33 @@
};
# https://github.com/swaywm/swayidle
services.swayidle =
let
services.swayidle = let
lock = "${pkgs.swaylock}/bin/swaylock --daemonize";
outputOff = "${pkgs.sway}/bin/swaymsg 'output * power off'";
outputOn = "${pkgs.sway}/bin/swaymsg 'output * power on'";
suspend = "${pkgs.systemd}/bin/systemctl suspend";
in
{
in {
enable = true;
events = [
{ event = "lock"; command = lock; }
{ event = "before-sleep"; command = lock; }
{
event = "lock";
command = lock;
}
{
event = "before-sleep";
command = lock;
}
];
timeouts = [
{ timeout = 60 * 20; command = outputOff; resumeCommand = outputOn; }
{ timeout = 60 * 60 * 3; command = suspend; }
{
timeout = 60 * 20;
command = outputOff;
resumeCommand = outputOn;
}
{
timeout = 60 * 60 * 3;
command = suspend;
}
];
};

7
modules/desktop/virtd.nix
View file

@ -20,7 +20,12 @@
# Persist libvirt data
environment.persistence."/nix/persist" = {
directories = [
{ directory = "/var/lib/libvirt"; user = "root"; group = "root"; mode = "0755"; }
{
directory = "/var/lib/libvirt";
user = "root";
group = "root";
mode = "0755";
}
];
};
}

13
modules/tor/default.nix
View file

@ -1,4 +1,8 @@
{ config, pkgs, ... }: {
{
config,
pkgs,
...
}: {
services.tor = {
enable = true;
openFirewall = true;
@ -26,7 +30,12 @@
environment.persistence."/nix/persist" = {
directories = [
{ directory = "/var/lib/tor"; user = "tor"; group = "tor"; mode = "0700"; }
{
directory = "/var/lib/tor";
user = "tor";
group = "tor";
mode = "0700";
}
];
};
}

1
secrets/secrets.nix
View file

@ -2,7 +2,6 @@
# the agenix CLI tool to know which public keys to use for encryption. See the
# README for more information.
# https://github.com/ryantm/agenix
let
# Get a system's public key using:
# > cat /etc/ssh/ssh_host_ed25519_key.pub