commit 4ebc8b23feb231b4060d6d5819fb4e748f46376a Author: Jonas Hahn Date: Sat Aug 30 20:31:10 2025 +0200 Initial commit unclean diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..7b5bca3 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,10 @@ +# .sops.yaml +# Just the defaults + +keys: + - &primary age1a2kpues0gayampkn9pn2czhk24r0yl4jnw84qg4gh5l72dflx95qkmyqzv +creation_rules: + - path_regex: secrets.yaml$ + key_groups: + - age: + - *primary diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..28ecc41 --- /dev/null +++ b/flake.lock @@ -0,0 +1,1128 @@ +{ + "nodes": { + "aquamarine": { + "inputs": { + "hyprutils": [ + "xremap-flake", + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "xremap-flake", + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "xremap-flake", + "hyprland", + "nixpkgs" + ], + "systems": [ + "xremap-flake", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1751740947, + "narHash": "sha256-35040CHH7P3JGmhGVfEb2oJHL/A5mI2IXumhkxrBnao=", + "owner": "hyprwm", + "repo": "aquamarine", + "rev": "dfc1db15a08c4cd234288f66e1199c653495301f", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "aquamarine", + "type": "github" + } + }, + "base16": { + "inputs": { + "fromYaml": "fromYaml" + }, + "locked": { + "lastModified": 1746562888, + "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16-fish": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, + "base16-helix": { + "flake": false, + "locked": { + "lastModified": 1748408240, + "narHash": "sha256-9M2b1rMyMzJK0eusea0x3lyh3mu5nMeEDSc4RZkGm+g=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "6c711ab1a9db6f51e2f6887cc3345530b33e152e", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-vim": { + "flake": false, + "locked": { + "lastModified": 1732806396, + "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-vim", + "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", + "type": "github" + } + }, + "crane": { + "locked": { + "lastModified": 1751562746, + "narHash": "sha256-smpugNIkmDeicNz301Ll1bD7nFOty97T79m4GUMUczA=", + "owner": "ipetkov", + "repo": "crane", + "rev": "aed2020fd3dc26e1e857d4107a5a67a33ab6c1fd", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "devshell": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "firefox-gnome-theme": { + "flake": false, + "locked": { + "lastModified": 1748383148, + "narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=", + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf", + "type": "github" + }, + "original": { + "owner": "rafaelmardojai", + "repo": "firefox-gnome-theme", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "fromYaml": { + "flake": false, + "locked": { + "lastModified": 1731966426, + "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "106af9e2f715e2d828df706c386a685698f3223b", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "xremap-flake", + "hyprland", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gnome-shell": { + "flake": false, + "locked": { + "lastModified": 1744584021, + "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "48.1", + "repo": "gnome-shell", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753592768, + "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.05", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1751990210, + "narHash": "sha256-krWErNDl9ggMLSfK00Q2BcoSk3+IRTSON/DiDgUzzMw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "218da00bfa73f2a61682417efe74549416c16ba6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "hyprcursor": { + "inputs": { + "hyprlang": [ + "xremap-flake", + "hyprland", + "hyprlang" + ], + "nixpkgs": [ + "xremap-flake", + "hyprland", + "nixpkgs" + ], + "systems": [ + "xremap-flake", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1749155331, + "narHash": "sha256-XR9fsI0zwLiFWfqi/pdS/VD+YNorKb3XIykgTg4l1nA=", + "owner": "hyprwm", + "repo": "hyprcursor", + "rev": "45fcc10b4c282746d93ec406a740c43b48b4ef80", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprcursor", + "type": "github" + } + }, + "hyprgraphics": { + "inputs": { + "hyprutils": [ + "xremap-flake", + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "xremap-flake", + "hyprland", + "nixpkgs" + ], + "systems": [ + "xremap-flake", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1751808145, + "narHash": "sha256-OXgL0XaKMmfX2rRQkt9SkJw+QNfv0jExlySt1D6O72g=", + "owner": "hyprwm", + "repo": "hyprgraphics", + "rev": "b841473a0bd4a1a74a0b64f1ec2ab199035c349f", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprgraphics", + "type": "github" + } + }, + "hyprland": { + "inputs": { + "aquamarine": "aquamarine", + "hyprcursor": "hyprcursor", + "hyprgraphics": "hyprgraphics", + "hyprland-protocols": "hyprland-protocols", + "hyprland-qtutils": "hyprland-qtutils", + "hyprlang": "hyprlang", + "hyprutils": "hyprutils", + "hyprwayland-scanner": "hyprwayland-scanner", + "nixpkgs": "nixpkgs_5", + "pre-commit-hooks": "pre-commit-hooks", + "systems": "systems_2", + "xdph": "xdph" + }, + "locked": { + "lastModified": 1751995875, + "narHash": "sha256-ud9sl1RjmzAzalH2ocmGPs182xvr7GktjVIYvzJamwo=", + "owner": "hyprwm", + "repo": "Hyprland", + "rev": "9517d0eaa4ef93de67dc80fecca7a826f7ad556d", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "Hyprland", + "type": "github" + } + }, + "hyprland-protocols": { + "inputs": { + "nixpkgs": [ + "xremap-flake", + "hyprland", + "nixpkgs" + ], + "systems": [ + "xremap-flake", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1749046714, + "narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, + "hyprland-qt-support": { + "inputs": { + "hyprlang": [ + "xremap-flake", + "hyprland", + "hyprland-qtutils", + "hyprlang" + ], + "nixpkgs": [ + "xremap-flake", + "hyprland", + "hyprland-qtutils", + "nixpkgs" + ], + "systems": [ + "xremap-flake", + "hyprland", + "hyprland-qtutils", + "systems" + ] + }, + "locked": { + "lastModified": 1749154592, + "narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=", + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qt-support", + "type": "github" + } + }, + "hyprland-qtutils": { + "inputs": { + "hyprland-qt-support": "hyprland-qt-support", + "hyprlang": [ + "xremap-flake", + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "xremap-flake", + "hyprland", + "hyprland-qtutils", + "hyprlang", + "hyprutils" + ], + "nixpkgs": [ + "xremap-flake", + "hyprland", + "nixpkgs" + ], + "systems": [ + "xremap-flake", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1750371812, + "narHash": "sha256-D868K1dVEACw17elVxRgXC6hOxY+54wIEjURztDWLk8=", + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "rev": "b13c7481e37856f322177010bdf75fccacd1adc8", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-qtutils", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "hyprutils": [ + "xremap-flake", + "hyprland", + "hyprutils" + ], + "nixpkgs": [ + "xremap-flake", + "hyprland", + "nixpkgs" + ], + "systems": [ + "xremap-flake", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1750371198, + "narHash": "sha256-/iuJ1paQOBoSLqHflRNNGyroqfF/yvPNurxzcCT0cAE=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "cee01452bca58d6cadb3224e21e370de8bc20f0b", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "hyprutils": { + "inputs": { + "nixpkgs": [ + "xremap-flake", + "hyprland", + "nixpkgs" + ], + "systems": [ + "xremap-flake", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1751888065, + "narHash": "sha256-F2SV9WGqgtRsXIdUrl3sRe0wXlQD+kRRZcSfbepjPJY=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "a8229739cf36d159001cfc203871917b83fdf917", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprwayland-scanner": { + "inputs": { + "nixpkgs": [ + "xremap-flake", + "hyprland", + "nixpkgs" + ], + "systems": [ + "xremap-flake", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1751881472, + "narHash": "sha256-meB0SnXbwIe2trD041MLKEv6R7NZ759QwBcVIhlSBfE=", + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "rev": "8fb426b3e5452fd9169453fd6c10f8c14ca37120", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprwayland-scanner", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1754563854, + "narHash": "sha256-YzNTExe3kMY9lYs23mZR7jsVHe5TWnpwNrsPOpFs/b8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e728d7ae4bb6394bbd19eec52b7358526a44c414", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-25.05", + "type": "indirect" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1754498491, + "narHash": "sha256-erbiH2agUTD0Z30xcVSFcDHzkRvkRXOQ3lb887bcVrs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c2ae88e026f9525daf89587f3cbee584b92b6134", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1751211869, + "narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1722073938, + "narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1751637120, + "narHash": "sha256-xVNy/XopSfIG9c46nRmPaKfH1Gn/56vQ8++xWA8itO4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5c724ed1388e53cc231ed98330a60eb2f7be4be3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1751792365, + "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1751949589, + "narHash": "sha256-mgFxAPLWw0Kq+C8P3dRrZrOYEQXOtKuYVlo9xvPntt8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9b008d60392981ad674e04016d25619281550a9d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1747958103, + "narHash": "sha256-qmmFCrfBwSHoWw7cVK4Aj+fns+c54EBP8cGqp/yK410=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "fe51d34885f7b5e3e7b59572796e1bcb427eccb1", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nur": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754657805, + "narHash": "sha256-mGjro2RFdIg/1894aL4oSK5GCT1ofiVEs0z9kyDdlsc=", + "owner": "nix-community", + "repo": "NUR", + "rev": "913d4b0c82222afcf6da3e972641c124afc5514d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_2": { + "inputs": { + "flake-parts": [ + "stylix", + "flake-parts" + ], + "nixpkgs": [ + "stylix", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1751320053, + "narHash": "sha256-3m6RMw0FbbaUUa01PNaMLoO7D99aBClmY5ed9V3vz+0=", + "owner": "nix-community", + "repo": "NUR", + "rev": "cbde1735782f9c2bb2c63d5e05fba171a14a4670", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "xremap-flake", + "hyprland", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750779888, + "narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", + "nur": "nur", + "sops-nix": "sops-nix", + "stylix": "stylix", + "xremap-flake": "xremap-flake" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754328224, + "narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, + "stylix": { + "inputs": { + "base16": "base16", + "base16-fish": "base16-fish", + "base16-helix": "base16-helix", + "base16-vim": "base16-vim", + "firefox-gnome-theme": "firefox-gnome-theme", + "flake-parts": "flake-parts_2", + "gnome-shell": "gnome-shell", + "nixpkgs": "nixpkgs_2", + "nur": "nur_2", + "systems": "systems", + "tinted-foot": "tinted-foot", + "tinted-kitty": "tinted-kitty", + "tinted-schemes": "tinted-schemes", + "tinted-tmux": "tinted-tmux", + "tinted-zed": "tinted-zed" + }, + "locked": { + "lastModified": 1754599117, + "narHash": "sha256-AzAYdZlat002vCjCKWdFpGi2xUaiOU4DtIPnv1nomD8=", + "owner": "danth", + "repo": "stylix", + "rev": "312dec38b2231b21f36903d1bdce96daa11548ff", + "type": "github" + }, + "original": { + "owner": "danth", + "ref": "release-25.05", + "repo": "stylix", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "tinted-foot": { + "flake": false, + "locked": { + "lastModified": 1726913040, + "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-foot", + "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", + "type": "github" + } + }, + "tinted-kitty": { + "flake": false, + "locked": { + "lastModified": 1735730497, + "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", + "owner": "tinted-theming", + "repo": "tinted-kitty", + "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-kitty", + "type": "github" + } + }, + "tinted-schemes": { + "flake": false, + "locked": { + "lastModified": 1750770351, + "narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=", + "owner": "tinted-theming", + "repo": "schemes", + "rev": "5a775c6ffd6e6125947b393872cde95867d85a2a", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "schemes", + "type": "github" + } + }, + "tinted-tmux": { + "flake": false, + "locked": { + "lastModified": 1751159871, + "narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=", + "owner": "tinted-theming", + "repo": "tinted-tmux", + "rev": "bded5e24407cec9d01bd47a317d15b9223a1546c", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "tinted-tmux", + "type": "github" + } + }, + "tinted-zed": { + "flake": false, + "locked": { + "lastModified": 1751158968, + "narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=", + "owner": "tinted-theming", + "repo": "base16-zed", + "rev": "86a470d94204f7652b906ab0d378e4231a5b3384", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-zed", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "stylix", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733222881, + "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "49717b5af6f80172275d47a418c9719a31a78b53", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": "nixpkgs_7" + }, + "locked": { + "lastModified": 1750931469, + "narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "xdph": { + "inputs": { + "hyprland-protocols": [ + "xremap-flake", + "hyprland", + "hyprland-protocols" + ], + "hyprlang": [ + "xremap-flake", + "hyprland", + "hyprlang" + ], + "hyprutils": [ + "xremap-flake", + "hyprland", + "hyprutils" + ], + "hyprwayland-scanner": [ + "xremap-flake", + "hyprland", + "hyprwayland-scanner" + ], + "nixpkgs": [ + "xremap-flake", + "hyprland", + "nixpkgs" + ], + "systems": [ + "xremap-flake", + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1751300244, + "narHash": "sha256-PFuv1TZVYvQhha0ac53E3YgdtmLShrN0t4T6xqHl0jE=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "6115f3fdcb2c1a57b4a80a69f3c797e47607b90a", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } + }, + "xremap": { + "flake": false, + "locked": { + "lastModified": 1752020210, + "narHash": "sha256-yRYffVAqSriU3AebfL1JFIKP9gUSTq5OC8CyyBTx9KQ=", + "owner": "k0kubun", + "repo": "xremap", + "rev": "a00d6ad9e7a180f6b641b8188f53a8c66ae8379a", + "type": "github" + }, + "original": { + "owner": "k0kubun", + "ref": "v0.10.13", + "repo": "xremap", + "type": "github" + } + }, + "xremap-flake": { + "inputs": { + "crane": "crane", + "devshell": "devshell", + "flake-parts": "flake-parts_3", + "home-manager": "home-manager_2", + "hyprland": "hyprland", + "nixpkgs": "nixpkgs_6", + "treefmt-nix": "treefmt-nix_2", + "xremap": "xremap" + }, + "locked": { + "lastModified": 1752027487, + "narHash": "sha256-240ngBRC7SbAwpWqbkZzHXwc3wA3U4fLPJwjRg8+Fqg=", + "owner": "xremap", + "repo": "nix-flake", + "rev": "8001f37b1ffe86e76b62f36afadee2f4acf90e70", + "type": "github" + }, + "original": { + "owner": "xremap", + "repo": "nix-flake", + "rev": "8001f37b1ffe86e76b62f36afadee2f4acf90e70", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..fc65af0 --- /dev/null +++ b/flake.nix @@ -0,0 +1,145 @@ +# This is the main flake containing all the nix related stuff + +{ + description = "Main system configuration management - Jonas Hahn"; + + inputs = { + # The main nix inputs + nixpkgs.url = "nixpkgs/nixos-25.05"; + nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; + nur = { + url = "github:nix-community/NUR"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + sops-nix.url = "github:Mic92/sops-nix"; + # optional, not necessary for the module + sops-nix.inputs.nixpkgs.follows = "nixpkgs"; + + # Other utility stuff may be moved to a seperate flake in the future + # Love this system of just rolling to a certain commit! + xremap-flake.url = "github:xremap/nix-flake?rev=8001f37b1ffe86e76b62f36afadee2f4acf90e70"; + home-manager = { + url = "github:nix-community/home-manager/release-25.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + stylix.url = "github:danth/stylix/release-25.05"; + + #TODO: Add the mailserver to here + + # Testing + #nix-snapd.url = "github:nix-community/nix-snapd"; + #nix-snapd.inputs.nixpkgs.follows = "nixpkgs"; + #hyprland.url = "github:hyprwm/Hyprland"; + # hyprland-plugins = {, + # url = "github:hyprwm/hyprland-plugins"; + # #inputs.hyprland.follows = "hyprland"; + # }; + }; + + outputs = { self, nixpkgs, sops-nix, nixpkgs-unstable, nur, home-manager, stylix, ... }@inputs: + let + system = "x86_64-linux"; + + # Unserstand this overlay method or do another one + overlay-unstable = final: prev: { + unstable = nixpkgs-unstable.legacyPackages.${prev.system}; + }; + overlay-nur = final: prev: { + nur = nur.legacyPackages.${prev.system}; + }; + + helperModules = [ + ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable overlay-nur ]; }) + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + # messed up firefox + #home-manager.backupFileExtension = "backup"; + home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.users.jonas = import ./nixos/users/jonas/home.nix; + home-manager.users.root = import ./nixos/users/root/home.nix; + } + ]; + + in + { + # New thinkpad | main workstation + nixosConfigurations."thinix" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + # Use overlay magic with pkgs.unstable. + ./nixos/hosts/thinkpadt470s/configuration.nix + + #nix-snapd.nixosModules.default + #{ + # services.snap.enable = true; + #} + ] ++ helperModules; + }; + + # Acer laptop | second workstation + nixosConfigurations."nixyos" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./nixos/hosts/asus-vivo/configuration.nix + ] ++ helperModules; + }; + + nixosConfigurations."minoxy" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./nixos/hosts/minoxy/configuration.nix + ] ++ helperModules; + }; + + # Cloudserver minimal without all the (bloat) stuff + nixosConfigurations."stranox" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + + ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable overlay-nur ]; }) + ./nixos/hosts/stranox/configuration.nix + ]; + }; + + # Other system configurations + nixosConfigurations = { + # Testing server old computer + "misox" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./nixos/hosts/misox_msi/configuration.nix + ] ++ helperModules; + + }; + # Old Asus laptop + "asuox" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./nixos/hosts/acer-katze/configuration.nix + ] ++ helperModules; + }; + "gullfoss" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./nixos/hosts/gullfoss/configuration.nix + ] ++ helperModules; + }; + "fruitypi" = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs; }; + modules = [ + ./nixos/hosts/rpi3/configuration.nix + ]; + }; + }; + }; +} + diff --git a/hosts/asuox-acer/configuration.nix b/hosts/asuox-acer/configuration.nix new file mode 100644 index 0000000..d1c4406 --- /dev/null +++ b/hosts/asuox-acer/configuration.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +let + var22 = "22"; +in +{ + + nixpkgs.config.allowUnfree = true; + imports = [ + ./hardware-configuration.nix + + # Installing needed modules + ../../modules/tweaks.nix + ../../users.nix + ../../modules/workstation.nix + # Disabling the powersaving to save the wifi? + # ../../modules/laptop.nix + ../../common.nix + ]; + + networking.hostName = "asuox"; + bootMode = "legacy"; + + # TODO: make this a module + networking.networkmanager.wifi.powersave = false; + + # Never change this! + system.stateVersion = "24.11"; +} diff --git a/hosts/asuox-acer/hardware-configuration.nix b/hosts/asuox-acer/hardware-configuration.nix new file mode 100644 index 0000000..81d80dc --- /dev/null +++ b/hosts/asuox-acer/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "sd_mod" "sr_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" "wl" ]; + boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/95b00222-f6c7-4055-b4d8-9ef53ce69775"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/bananapi-rpi/configuration.nix b/hosts/bananapi-rpi/configuration.nix new file mode 100644 index 0000000..0f40418 --- /dev/null +++ b/hosts/bananapi-rpi/configuration.nix @@ -0,0 +1,35 @@ +{ config, pkgs, lib, ... }: +{ + # NixOS wants to enable GRUB by default + boot.loader.grub.enable = false; + # Enables the generation of /boot/extlinux/extlinux.conf + boot.loader.generic-extlinux-compatible.enable = true; + + # !!! If your board is a Raspberry Pi 1, select this: + boot.kernelPackages = pkgs.linuxPackages_rpi; + # On other boards, pick a different kernel, note that on most boards with good mainline support, default, latest and hardened should all work + # Others might need a BSP kernel, which should be noted in their respective wiki entries + + # nixos-generate-config should normally set up file systems correctly + imports = [ ./hardware-configuration.nix ]; + # If not, you can set them up manually as shown below + /* + fileSystems = { + # Prior to 19.09, the boot partition was hosted on the smaller first partition + # Starting with 19.09, the /boot folder is on the main bigger partition. + # The following is to be used only with older images. Note such old images should not be considered supported anymore whatsoever, but if you installed back then, this might be needed + /* + "/boot" = { + device = "/dev/disk/by-label/NIXOS_BOOT"; + fsType = "vfat"; + }; + */ + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + }; + + swapDevices = [ { device = "/swapfile"; size = 8192; } ]; +} + diff --git a/hosts/gullfoss-homelab/configuration.nix b/hosts/gullfoss-homelab/configuration.nix new file mode 100644 index 0000000..312e634 --- /dev/null +++ b/hosts/gullfoss-homelab/configuration.nix @@ -0,0 +1,59 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + imports = + [ + # Loading the high level modules + ./hardware-configuration.nix + + # Loading modules + ../../modules/server_gull + + # Loading single modules + ../../modules/misc/virt.nix + ../../common.nix + ../../users.nix + + # Random (can be disabled) + # ../../modules/minecraft.nix + + inputs.sops-nix.nixosModules.sops + ]; + + # This is the sops setup and should be done here?? + # Sops configuration and initialisation + sops.defaultSopsFile = ../../../secrets.yaml; + sops.defaultSopsFormat = "yaml"; + # hard code the username here + sops.age.keyFile = "/home/jonas/.config/sops/age/keys.txt"; + + # ensure a user is there to own the template + users.users.ddclient = { + isSystemUser = true; + group = "ddclient"; + }; + users.groups.ddclient = {}; + + # setup the templates to use them in services + sops.secrets.strato_dns_bitzz = {}; + sops.templates."ddclient-temp" = { + owner = "ddclient"; + # This is the main strato configuration + # use api6 for ipv6 + content = '' + ssl=yes + protocol=dyndns2 + use=web, web=api.ipify.org + server=dyndns.strato.com/nic/update + login=bitzz.de + password='${config.sops.placeholder.strato_dns_bitzz}' + bitzz.de,cloud.bitzz.de,app.bitzz.de + ''; + }; + + networking.hostName = "gullfoss"; + + #system.copySystemConfiguration = true; + system.stateVersion = "24.11"; +} + diff --git a/hosts/minoxy-workstation/configuration.nix b/hosts/minoxy-workstation/configuration.nix new file mode 100644 index 0000000..f2b7f7c --- /dev/null +++ b/hosts/minoxy-workstation/configuration.nix @@ -0,0 +1,116 @@ +{ config, lib, pkgs, ... }: + +let + var22 = "22"; +in + { + + nixpkgs.config.allowUnfree = true; + imports = [ + ./hardware-configuration.nix + + # Installing needed modules + ../../modules/tweaks.nix + ../../users.nix + ../../modules/workstation.nix + # Disabling the powersaving to save the wifi? + # ../../modules/laptop.nix + ../../common.nix + ]; + + networking.hostName = "minoxy"; + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # TODO: make this a module + hardware.graphics = { + enable = true; + }; + + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + nixpkgs.config.cudaSupport = true; + + hardware.nvidia = { + + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + #:powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + hardware.enableAllFirmware = true; + + services = { + pipewire = { + enable = true; + wireplumber = { + enable = true; + }; + alsa = { + enable = true; + support32Bit = true; + }; + audio.enable = true; + pulse.enable = true; + jack.enable = false; + }; + }; + + + # Rest the Display manager for the computer machine + services.displayManager.ly.enable = lib.mkForce false; + services.xserver.displayManager.gdm.enable = true; # We are pre 25.11 + + # TODO MAke this work + services.colord.enable = true; + systemd.targets.sleep.enable = true; + systemd.targets.suspend.enable = true; + + environment.systemPackages = with pkgs; [ + # replace blender with this line + (blender.override { + cudaSupport = true; + }) + go + libuuid + busybox + chromium + ]; + + # Fix VSC Speech plugin by manually linking those + environment = { + sessionVariables = { + LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib:${pkgs.libuuid.lib}/lib"; + }; + }; + + virtualisation.docker.enable = true; + virtualisation.docker.storageDriver = "btrfs"; + + # Never change this! + system.stateVersion = "25.05"; +} diff --git a/hosts/minoxy-workstation/hardware-configuration.nix b/hosts/minoxy-workstation/hardware-configuration.nix new file mode 100644 index 0000000..2426d09 --- /dev/null +++ b/hosts/minoxy-workstation/hardware-configuration.nix @@ -0,0 +1,53 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + # FUll btrfs config + fileSystems."/" = + { device = "/dev/disk/by-uuid/e52b1440-66f3-4129-b3c0-fba3491e2bbc"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + fileSystems."/home" = + { device = "/dev/disk/by-uuid/e52b1440-66f3-4129-b3c0-fba3491e2bbc"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/e52b1440-66f3-4129-b3c0-fba3491e2bbc"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3091-F0BF"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/3e591e27-c6c5-4e28-900b-f899bc3d5e70"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp112s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/misox-workstation/configuration.nix b/hosts/misox-workstation/configuration.nix new file mode 100644 index 0000000..7fd2d87 --- /dev/null +++ b/hosts/misox-workstation/configuration.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + imports = + [ + # Loading the high level modules + ./hardware-configuration.nix + + # Core of the config + ../../modules/server + + # Loading modules + ../../common.nix + ../../users.nix + ../../modules/misc/virt.nix + #../../modules/rare/minecraft.nix + + # set the keyboard for local dev + ../../modules/tweaks.nix + + # Load sops + inputs.sops-nix.nixosModules.sops + ]; + + # This is the sops setup and should be done here?? + # Sops configuration and initialisation + sops.defaultSopsFile = ../../../secrets.yaml; + sops.defaultSopsFormat = "yaml"; + # hard code the username here + sops.age.keyFile = "/home/jonas/.config/sops/age/keys.txt"; + + # ensure a user is there to own the template + users.users.ddclient = { + isSystemUser = true; + group = "ddclient"; + }; + users.groups.ddclient = {}; + + # setup the templates to use them in services + sops.secrets.strato_dns = {}; + sops.templates."ddclient-temp" = { + owner = "ddclient"; + # This is the main strato configuration + content = '' + ssl=yes + protocol=dyndns2 + use=web, web=api6.ipify.org + server=dyndns.strato.com/nic/update + login=hahn1.one + password='${config.sops.placeholder.strato_dns}' + hahn1.one,cloud.hahn1.one,app.hahn1.one,dash.hahn1.one,grafana.hahn1.one,cool.hahn1.one,acmechallenge.hahn1.one + ''; + }; + + #system.copySystemConfiguration = true; + system.stateVersion = "24.11"; +} + diff --git a/hosts/misox-workstation/hardware-configuration.nix b/hosts/misox-workstation/hardware-configuration.nix new file mode 100644 index 0000000..c898f63 --- /dev/null +++ b/hosts/misox-workstation/hardware-configuration.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/191c0c61-d012-4b35-8df9-75ae40d6004c"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/B425-9C77"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/94b57e8b-8417-4a1f-a9e4-b6c92cc26ba4"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/nixyos-asus/configuration.nix b/hosts/nixyos-asus/configuration.nix new file mode 100644 index 0000000..a462e4d --- /dev/null +++ b/hosts/nixyos-asus/configuration.nix @@ -0,0 +1,33 @@ +# Edit this configuration file to define what should be installed on +# your system. + +{ lib, pkgs, ... }: + +let + test_variable = "Hello world"; +in { + imports = [ + ./hardware-configuration.nix + + # Installing the common modules + # Still need to modularize this + # ../../modules/networking.nix + + # Common modules + ../../users.nix + ../../modules/tweaks.nix + ../../modules/laptop.nix + ../../common.nix + ]; + + # TEST INSERT + + nixpkgs.config.allowUnfree = true; + + + networking.networkmanager.wifi.powersave = true; + + networking.hostName = "nixyos"; + system.stateVersion = "24.11"; # Did you read the comment? +} + diff --git a/hosts/nixyos-asus/hardware-configuration.nix b/hosts/nixyos-asus/hardware-configuration.nix new file mode 100644 index 0000000..802b846 --- /dev/null +++ b/hosts/nixyos-asus/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. + +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/881615c5-5c12-46c5-8bd2-1959f9347980"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/515E-BF68"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/07f75e57-a125-4619-b65b-c37fb425275f"; } + ]; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/stranox-strato/configuration.nix b/hosts/stranox-strato/configuration.nix new file mode 100644 index 0000000..80aa493 --- /dev/null +++ b/hosts/stranox-strato/configuration.nix @@ -0,0 +1,541 @@ +{ pkgs, inputs, config, ... }: { + imports = [ + ./hardware-configuration.nix + ../../modules/rare/realmail.nix + ../../modules/misc/virt.nix + #../../modules/server/collabora.nix + + inputs.sops-nix.nixosModules.sops + ]; + + networking.hosts = { + "127.0.0.1" = [ + "dash.hahn1.one" + "sync.hahn1.one" + "jagd.hahn1.one" + "cloud.hahn1.one" + "cool.hahn1.one" + "hahn1.one" + ]; + "::1" = [ + "dash.hahn1.one" + "sync.hahn1.one" + "jagd.hahn1.one" + "cloud.hahn1.one" + "cool.hahn1.one" + "hahn1.one" + ]; + }; + + # Enable all the old services on gullfoss + services.postgresql = { + enable = true; + + # Ensure databases here + ensureDatabases = [ "mydatabase" ]; + # TODO: integrate the old permission + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local all all trust + ''; + }; + + #systemd.services.nixBuildTmuxSession = { + # description = "Start tmux nix build session if not already running"; + # after = [ "network.target" ]; + # path = with pkgs; [nix tmux ]; + + # serviceConfig = { + # Type = "oneshot"; + # User = "jonas"; # Change this! + # }; + + # script = ''exec /home/jonas/projects/perdash/start_server.sh''; + + #}; + + services.cron.enable = true; + + # Sops setup + sops = { + defaultSopsFile = ../../../secrets.yaml; + defaultSopsFormat = "yaml"; + # hard code the username here + age.keyFile = "/home/jonas/.config/sops/age/keys.txt"; + secrets = { + joncook = {}; + jondash = {}; + jondav = {}; + jondavpass = {}; + nextpass = { + group = "nextcloud"; + owner = "nextcloud"; + }; + }; + templates = { + "jontemp2" = { + owner = "nginx"; + group = "nginx"; + content = ''add_header Set-Cookie "letmein=${config.sops.placeholder.joncook};max-age=3153600000;path=/";''; + }; + "jontemp" = { + owner = "nginx"; + group = "nginx"; + content = ''"${config.sops.placeholder.joncook}" "yes";''; + }; + "webdavconf" = { + owner = "webdav"; + group = "webdav"; + content = '' +#permissions: CRUD +#debug: true +#behindProxy: true + +address: 0.0.0.0 +auth: true +modify: true +port: 6065 +#scope: /var/lib/webdav/ +directory: /var/lib/webdav/ +#rules: [] +#permissions: R + +users: +- password: '${config.sops.placeholder.jondavpass}' + username: ${config.sops.placeholder.jondav} + permissions: CRUD + +''; + path = "/etc/webdav/config.yaml"; + }; + + }; + }; + + systemd.tmpfiles.rules = [ + "d /var/lib/webdav 0750 webdav webdav -" + ]; + + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + swapDevices = [ { device = "/swapfile"; size = 8192; } ]; + + networking.hostName = "stranox"; + + # setup syncthing + # This is not needed for now because one should only use syncthing when not having battery problems + services = { + syncthing = { + enable = true; + user = "jonas"; + #guiAddress = "0.0.0.0:8384"; + dataDir = "/home/jonas/syncthing"; + configDir = "/home/jonas/.config/syncthing"; + overrideDevices = true; # overrides any devices added or deleted through the WebUI + overrideFolders = true; # overrides any folders added or deleted through the WebUI + settings = { + devices = { + "thinix" = { id = "3JHI72U-HQKX7S2-ITUD5U7-CS2P3TO-HM6Y6MZ-PFSUGWF-5OHHV7Q-NXYC5AP"; }; + "androidp" = { id = "UIJS6LQ-CQY7UWH-3KTJ2VH-3N73VNK-V6NWTIE-L4ZUEWW-R625SV4-YKMVKQY"; }; + }; + folders = { + # This is the mail folder to keep synced accross everything + # Its nice to have this declarativery and just work with the respectively ids + # "syncthing" = { + # "synct path = "/home/jonas/synced"; + # "synct devices = [ "thinix" ]; + # "synct ignorePerms = true; + # "synct versioning = { + # "synct type = "staggered"; + # "synct }; + # "synct}; + + "syncthingtest" = { + path = "/home/jonas/phonebla"; + devices = [ "androidp" ]; + ignorePerms = true; + versioning = { + type = "staggered"; + }; + }; + }; + }; + }; + }; + + services.radicale = { + enable = true; + settings.server.hosts = [ "127.0.0.1:5232" ]; + settings.auth.type = "none"; + }; + + services.nextcloud = { + enable = false; + # Use the defualt home + #home = "/mnt/nextcloudStorage"; + package = pkgs.nextcloud30; + hostName = "cloud.hahn1.one"; + settings = { + #trusted_domains = [""]; + }; + config = { + adminpassFile = config.sops.secrets.nextpass.path; + dbtype = "sqlite"; + }; + extraApps = {inherit (config.services.nextcloud.package.packages.apps) calendar ;}; + extraAppsEnable = true; + https = true; + configureRedis = true; + maxUploadSize = "1G"; + }; + + + # configure users for small machine + users = { + defaultUserShell = pkgs.zsh; + groups = { + nginx = {}; + nextcloud = {}; + podman = {}; + docker = {}; + webdav = {}; + }; + users = { + nginx = { + isSystemUser = true; + group = "nginx"; + }; + webdav = { + isSystemUser = true; + group = "webdav"; + }; + nextcloud = { + isSystemUser = true; + group = "nextcloud"; + }; + root = { + openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID44xurDPkTQr+f62llnHHAeXQRJi4JeVeo0vFL85CLA jonas@thinix'' ]; + }; + jonas = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" "podman" "webdav" "davfs2" ]; + openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID44xurDPkTQr+f62llnHHAeXQRJi4JeVeo0vFL85CLA jonas@thinix'' ]; + packages = with pkgs; [ + neovim + pkgs.unstable.yazi + zsh + git + starship + eza + bat + lazygit + btop + gdu + fastfetch + sops + w3m + typst + tmux + wget + curl + pipx + fd + python3 + nodejs + gcc + gnumake + findutils.locate + gradle + lua + todo-txt-cli + ]; + }; + }; + }; + + #environment.etc."nginx/htpasswd/jondash".source = config.sops.secrets.jondash.path; + # source the local httppass for the nginx login + + environment.etc."nginx/htpasswd/jondash".source = ./htpasswd; + + networking.firewall = { + enable = true; + allowedTCPPorts = [6065 6443 3478 80 443 8080 ]; + allowedUDPPorts = [3478 ]; + }; + + # Services for the cloud + services = { + openssh.enable = true; + nginx = { + mapHashBucketSize = 128; + enable = true; + appendHttpConfig = '' + map $cookie_letmein $dash_hascookie { + include ${config.sops.templates.jontemp.path}; + default "no"; + } + + map $dash_hascookie $dash_authentication { + "yes" "off"; + default "Your credentials please"; + } + ''; + virtualHosts = { + "dash.hahn1.one" = { + forceSSL = true; + enableACME = true; + #basicAuth = { jonas = "1234"; }; + + locations."/" = { + proxyPass = "http://127.0.0.1:8000"; + proxyWebsockets = true; + + extraConfig = '' + auth_basic $dash_authentication; + auth_basic_user_file /etc/nginx/htpasswd/jondash; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + include ${config.sops.templates.jontemp2.path}; + ''; + }; + + }; + "rad.hahn1.one" = { + forceSSL = true; + enableACME = true; + #basicAuth = { jonas = "1234"; }; + locations."/" = { + root = "${pkgs.nginx}/html"; + index = "index.html"; + }; + }; + "dev.hahn1.one" = { + forceSSL = true; + enableACME = true; + #basicAuth = { jonas = "1234"; }; + + locations."/" = { + proxyPass = "http://127.0.0.1:8384"; + proxyWebsockets = true; + }; + + }; + + # "qrank.hahn1.one" = { + # "qr forceSSL = true; + # "qr enableACME = true; + # "qr #basicAuth = { jonas = "1234"; }; + + # "qr locations."/" = { + # "qr proxyPass = "http://127.0.0.1:18765"; + # "qr proxyWebsockets = true; + # "qr }; + + # "qr}; + + # Easter special for having a schintzeljagt that implements modern technology + "jagd.hahn1.one" = { + forceSSL = true; + enableACME = true; + #basicAuth = { jonas = "1234"; }; + + locations."/" = { + proxyPass = "http://127.0.0.1:2345"; + proxyWebsockets = true; + }; + + }; + #"dev.hahn1.one" = { + # forceSSL = true; + # forenableACME = true; + # for#basicAuth = { jonas = "1234"; }; + + # forlocations."/" = { + # for proxyPass = "http://127.0.0.1:6065"; + # for proxyWebsockets = true; + # for}; + + #}; + #"dev.hahn1.one" = { + # forceSSL = true; + # enableACME = true; + + # # This is of course not secure but better than to have nothing + # # First one need to read this code to access + # basicAuth = { dev = "dev"; }; + + # # use a dev proxypass to test some applications + # locations."/" = { + # proxyPass = "http://127.0.0.1:8888"; + # proxyWebsockets = true; + # }; + + #}; + + "cloud.hahn1.one" = { + enableACME = true; + addSSL = true; + + + locations."/" = { + proxyPass = "http://localhost:11000"; + proxyWebsockets = true; + }; + }; + "sync.hahn1.one" = { + enableACME = true; + addSSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:6065"; + extraConfig = '' + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header REMOTE-HOST $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_redirect off; + + set $dest $http_destination; + if ($http_destination ~ "^https://dev.hahn1.one(?(.+))") { + set $dest /$path; + } + proxy_set_header Destination $dest; + ''; + proxyWebsockets = true; + }; + }; + "cool.hahn1.one" = { + enableACME = true; + addSSL = true; + + + locations."/" = { + proxyPass = "http://[::1]:${toString config.services.collabora-online.port}"; + proxyWebsockets = true; + }; + }; + # Default nginx site to felx + "hahn1.one" = { + forceSSL = true; + enableACME = true; + default = true; + + locations."/" = { + root = "${pkgs.nginx}/html"; + index = "index.html"; + }; + locations."/radicale/" = { + proxyPass = "http://127.0.0.1:5232/"; + extraConfig = '' + proxy_set_header X-Script-Name /radicale; + proxy_pass_header Authorization; + ''; + }; + }; + }; + }; + }; + + #networking.firewall.allowedTCPPorts = [ + # 6443 # k3s: required so that pods can reach the API server (running on port 6443 by default) + # # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration + # # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration + #]; + #networking.firewall.allowedUDPPorts = [ + # # 8472 # k3s, flannel: required if using multi-node for inter-node networking + #]; + + services.webdav.enable = true; # test turning off + services.webdav.user = "webdav"; + + services.webdav.group = "webdav"; + #services.webdav.settings = + # { + # address = "0.0.0.0"; + # port = 6065; + # #scope = "/var/lib/webdav/"; + # directory = "/var/lib/webdav"; + # modify = true; + # auth = true; + # users = [ + # { + # username = "jonas"; + # password = "jonasdav123"; + # } + # ]; + # }; + services.webdav.configFile = "/etc/webdav/config.yaml" ; + + # k3s testing + services.k3s = { + enable = true; + role = "server"; + extraFlags = [ + "--disable=traefik" + "--debug" + ]; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "security@hahn1.one"; + }; + + nixpkgs.config.allowUnfree = true; + nix.settings.experimental-features = ["flakes" "nix-command"]; + time.timeZone = "Europe/Berlin"; + + environment = { + sessionVariables = { + }; + systemPackages = with pkgs; [ + git + fastfetch + ripgrep + lazygit + unzip + fzf + zathura + + # everywhere support + starship + zoxide + + # add sync support + rsync + flock + unison + + # curl for scripting + curl + ]; + }; + + programs.zsh = { + enable = true; + autosuggestions.enable = true; + ohMyZsh = { + enable = true; + plugins = [ + "history-substring-search" + "git" + "zoxide" + "sudo" + "vi-mode" + "systemadmin" + ]; + }; + }; + + # In case of gui usage + programs = { + nix-ld.enable = true; + }; + + # This was generated by the infect script I may just keep it this way for + # Security reasons + system.stateVersion = "23.11"; +} + diff --git a/hosts/stranox-strato/configuration_new.nix b/hosts/stranox-strato/configuration_new.nix new file mode 100644 index 0000000..2786251 --- /dev/null +++ b/hosts/stranox-strato/configuration_new.nix @@ -0,0 +1,449 @@ +{ pkgs, inputs, config, ... }: { + imports = [ + ./hardware-configuration.nix + ../../modules/rare/realmail.nix + ../../modules/misc/virt.nix + #../../modules/server/collabora.nix + + inputs.sops-nix.nixosModules.sops + ]; + + networking.hosts = { + "127.0.0.1" = [ + "dash.hahn1.one" + "sync.hahn1.one" + "jagd.hahn1.one" + "cloud.hahn1.one" + "cool.hahn1.one" + "hahn1.one" + ]; + "::1" = [ + "dash.hahn1.one" + "sync.hahn1.one" + "jagd.hahn1.one" + "cloud.hahn1.one" + "cool.hahn1.one" + "hahn1.one" + ]; + }; + + # Enable all the old services on gullfoss + services.postgresql = { + enable = true; + + # Ensure databases here + ensureDatabases = [ "mydatabase" ]; + # TODO: integrate the old permission + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local all all trust + ''; + }; + + #systemd.services.nixBuildTmuxSession = { + # description = "Start tmux nix build session if not already running"; + # after = [ "network.target" ]; + # path = with pkgs; [nix tmux ]; + + # serviceConfig = { + # Type = "oneshot"; + # User = "jonas"; # Change this! + # }; + + # script = ''exec /home/jonas/projects/perdash/start_server.sh''; + + #}; + + services.cron.enable = true; + + # Sops setup + sops = { + defaultSopsFile = ../../../secrets.yaml; + defaultSopsFormat = "yaml"; + # hard code the username here + age.keyFile = "/home/jonas/.config/sops/age/keys.txt"; + secrets = { + joncook = {}; + jondash = {}; + jondav = {}; + jondavpass = {}; + nextpass = { + group = "nextcloud"; + owner = "nextcloud"; + }; + }; + templates = { + "jontemp2" = { + owner = "nginx"; + group = "nginx"; + content = ''add_header Set-Cookie "letmein=${config.sops.placeholder.joncook};max-age=3153600000;path=/";''; + }; + "jontemp" = { + owner = "nginx"; + group = "nginx"; + content = ''"${config.sops.placeholder.joncook}" "yes";''; + }; + "webdavconf" = { + owner = "webdav"; + group = "webdav"; + content = '' +address: 127.0.0.1 +port: 6065 + +# The directory that will be able to be accessed by the users when connecting. +# This directory will be used by users unless they have their own 'directory' defined. +# Default is '.' (current directory). +directory: /home/jonas/webdav + +# The default permissions for users. This is a case insensitive option. Possible +# permissions: C (Create), R (Read), U (Update), D (Delete). You can combine multiple +# permissions. For example, to allow to read and create, set "RC". Default is "R". +permissions: RCUD + +# noPassword: true +users: + # Example 'admin' user with plaintext password. + - username: ${config.sops.placeholder.jondav} + password: ${config.sops.placeholder.jondavpass} +''; + path = "/etc/webdav/config.yaml"; + }; + + }; + }; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + swapDevices = [ { device = "/swapfile"; size = 8192; } ]; + + networking.hostName = "stranox"; + + # setup syncthing + # This is not needed for now because one should only use syncthing when not having battery problems + services = { + syncthing = { + enable = true; + user = "jonas"; + #guiAddress = "0.0.0.0:8384"; + dataDir = "/home/jonas/syncthing"; + configDir = "/home/jonas/.config/syncthing"; + overrideDevices = true; # overrides any devices added or deleted through the WebUI + overrideFolders = true; # overrides any folders added or deleted through the WebUI + settings = { + devices = { + "thinix" = { id = "3JHI72U-HQKX7S2-ITUD5U7-CS2P3TO-HM6Y6MZ-PFSUGWF-5OHHV7Q-NXYC5AP"; }; + }; + folders = { + # This is the mail folder to keep synced accross everything + # Its nice to have this declarativery and just work with the respectively ids + # "syncthing" = { + # "synct path = "/home/jonas/synced"; + # "synct devices = [ "thinix" ]; + # "synct ignorePerms = true; + # "synct versioning = { + # "synct type = "staggered"; + # "synct }; + # "synct}; + }; + }; + }; + }; + + services.nextcloud = { + enable = false; + # Use the defualt home + #home = "/mnt/nextcloudStorage"; + package = pkgs.nextcloud30; + hostName = "cloud.hahn1.one"; + settings = { + #trusted_domains = [""]; + }; + config = { + adminpassFile = config.sops.secrets.nextpass.path; + dbtype = "sqlite"; + }; + extraApps = {inherit (config.services.nextcloud.package.packages.apps) calendar ;}; + extraAppsEnable = true; + https = true; + configureRedis = true; + maxUploadSize = "1G"; + }; + + + # configure users for small machine + users = { + defaultUserShell = pkgs.zsh; + groups = { + nginx = {}; + nextcloud = {}; + podman = {}; + docker = {}; + webdav = {}; + }; + users = { + nginx = { + isSystemUser = true; + group = "nginx"; + }; + webdav = { + isSystemUser = true; + group = "webdav"; + }; + nextcloud = { + isSystemUser = true; + group = "nextcloud"; + }; + root = { + openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID44xurDPkTQr+f62llnHHAeXQRJi4JeVeo0vFL85CLA jonas@thinix'' ]; + }; + jonas = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" "podman" ]; + openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID44xurDPkTQr+f62llnHHAeXQRJi4JeVeo0vFL85CLA jonas@thinix'' ]; + packages = with pkgs; [ + neovim + pkgs.unstable.yazi + zsh + git + starship + eza + bat + lazygit + btop + gdu + fastfetch + sops + w3m + typst + tmux + wget + curl + pipx + fd + python3 + nodejs + gcc + gnumake + findutils.locate + gradle + lua + todo-txt-cli + ]; + }; + }; + }; + + #environment.etc."nginx/htpasswd/jondash".source = config.sops.secrets.jondash.path; + # source the local httppass for the nginx login + + environment.etc."nginx/htpasswd/jondash".source = ./htpasswd; + + networking.firewall = { + enable = true; + allowedTCPPorts = [6065 6443 3478 80 443 8080 ]; + allowedUDPPorts = [3478 ]; + }; + + # Services for the cloud + services = { + openssh.enable = true; + nginx = { + mapHashBucketSize = 128; + enable = true; + appendHttpConfig = '' + map $cookie_letmein $dash_hascookie { + include ${config.sops.templates.jontemp.path}; + default "no"; + } + + map $dash_hascookie $dash_authentication { + "yes" "off"; + default "Your credentials please"; + } + ''; + virtualHosts = { + "dash.hahn1.one" = { + forceSSL = true; + enableACME = true; + #basicAuth = { jonas = "1234"; }; + + locations."/" = { + proxyPass = "http://127.0.0.1:8000"; + proxyWebsockets = true; + + extraConfig = '' + auth_basic $dash_authentication; + auth_basic_user_file /etc/nginx/htpasswd/jondash; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + include ${config.sops.templates.jontemp2.path}; + ''; + }; + + }; + "sync.hahn1.one" = { + forceSSL = true; + enableACME = true; + #basicAuth = { jonas = "1234"; }; + + locations."/" = { + proxyPass = "http://127.0.0.1:8384"; + proxyWebsockets = true; + }; + + }; + + # Easter special for having a schintzeljagt that implements modern technology + "jagd.hahn1.one" = { + forceSSL = true; + enableACME = true; + #basicAuth = { jonas = "1234"; }; + + locations."/" = { + proxyPass = "http://127.0.0.1:2345"; + proxyWebsockets = true; + }; + + }; + #"dev.hahn1.one" = { + # forceSSL = true; + # forenableACME = true; + # for#basicAuth = { jonas = "1234"; }; + + # forlocations."/" = { + # for proxyPass = "http://127.0.0.1:6065"; + # for proxyWebsockets = true; + # for}; + + #}; + #"dev.hahn1.one" = { + # forceSSL = true; + # enableACME = true; + + # # This is of course not secure but better than to have nothing + # # First one need to read this code to access + # basicAuth = { dev = "dev"; }; + + # # use a dev proxypass to test some applications + # locations."/" = { + # proxyPass = "http://127.0.0.1:8888"; + # proxyWebsockets = true; + # }; + + #}; + + "cloud.hahn1.one" = { + enableACME = true; + addSSL = true; + + + locations."/" = { + proxyPass = "http://localhost:11000"; + proxyWebsockets = true; + }; + }; + "cool.hahn1.one" = { + enableACME = true; + addSSL = true; + + + locations."/" = { + proxyPass = "http://[::1]:${toString config.services.collabora-online.port}"; + proxyWebsockets = true; + }; + }; + "hahn1.one" = { + forceSSL = true; + enableACME = true; + default = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:2345"; + proxyWebsockets = true; + }; + }; + }; + }; + }; + + #networking.firewall.allowedTCPPorts = [ + # 6443 # k3s: required so that pods can reach the API server (running on port 6443 by default) + # # 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration + # # 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration + #]; + #networking.firewall.allowedUDPPorts = [ + # # 8472 # k3s, flannel: required if using multi-node for inter-node networking + #]; + services.k3s.enable = true; # Not required for problem solving + + services.webdav.enable = true; # test turning off + services.webdav.user = "webdav"; + services.webdav.group = "webdav"; + services.webdav.configFile = "/etc/webdav/config.yaml" ; + + services.k3s.role = "server"; + services.k3s.extraFlags = toString [ + # "--debug" # Optionally add additional args to k3s + ]; + + security.acme = { + acceptTerms = true; + defaults.email = "security@hahn1.one"; + }; + + nixpkgs.config.allowUnfree = true; + nix.settings.experimental-features = ["flakes" "nix-command"]; + time.timeZone = "Europe/Berlin"; + + environment = { + sessionVariables = { + }; + systemPackages = with pkgs; [ + git + fastfetch + ripgrep + lazygit + unzip + fzf + zathura + + # everywhere support + starship + zoxide + + # add sync support + rsync + flock + unison + + # curl for scripting + curl + ]; + }; + + programs.zsh = { + enable = true; + autosuggestions.enable = true; + ohMyZsh = { + enable = true; + plugins = [ + "history-substring-search" + "git" + "zoxide" + "sudo" + "vi-mode" + "systemadmin" + ]; + }; + }; + + # In case of gui usage + programs = { + nix-ld.enable = true; + }; + + # This was generated by the infect script I may just keep it this way for + # Security reasons + system.stateVersion = "23.11"; +} + diff --git a/hosts/stranox-strato/configuration_old.nix b/hosts/stranox-strato/configuration_old.nix new file mode 100644 index 0000000..facee53 --- /dev/null +++ b/hosts/stranox-strato/configuration_old.nix @@ -0,0 +1,377 @@ +{ pkgs, inputs, config, ... }: { + imports = [ + ./hardware-configuration.nix + ../../modules/rare/realmail.nix + ../../modules/misc/virt.nix + #../../modules/server/collabora.nix + + inputs.sops-nix.nixosModules.sops + ]; + + networking.hosts = { + #"127.0.0.1" = ["cloud.hahn1.one" "cool.hahn1.one"]; + #"::1" = ["cloud.hahn1.one" "cool.hahn1.one"]; + }; + + # Enable all the old services on gullfoss + services.postgresql = { + enable = true; + + # Ensure databases here + ensureDatabases = [ "mydatabase" ]; + # TODO: integrate the old permission + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local all all trust + ''; + }; + + #systemd.services.nixBuildTmuxSession = { + # description = "Start tmux nix build session if not already running"; + # after = [ "network.target" ]; + # path = with pkgs; [nix tmux ]; + + # serviceConfig = { + # Type = "oneshot"; + # User = "jonas"; # Change this! + # }; + + # script = ''exec /home/jonas/projects/perdash/start_server.sh''; + + #}; + + services.cron.enable = true; + + # Sops setup + sops = { + defaultSopsFile = ../../../secrets.yaml; + defaultSopsFormat = "yaml"; + # hard code the username here + age.keyFile = "/home/jonas/.config/sops/age/keys.txt"; + secrets = { + joncook = {}; + jondash = {}; + nextpass = { + group = "nextcloud"; + owner = "nextcloud"; + }; + }; + templates = { + "jontemp2" = { + owner = "nginx"; + group = "nginx"; + content = ''add_header Set-Cookie "letmein=${config.sops.placeholder.joncook};max-age=3153600000;path=/";''; + }; + "jontemp" = { + owner = "nginx"; + group = "nginx"; + content = ''"${config.sops.placeholder.joncook}" "yes";''; + }; + + }; + }; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = true; + swapDevices = [ { device = "/swapfile"; size = 8192; } ]; + + networking.hostName = "stranox"; + + # setup syncthing + # This is not needed for now because one should only use syncthing when not having battery problems + services = { + syncthing = { + enable = true; + user = "jonas"; + #guiAddress = "0.0.0.0:8384"; + dataDir = "/home/jonas/syncthing"; + configDir = "/home/jonas/.config/syncthing"; + overrideDevices = true; # overrides any devices added or deleted through the WebUI + overrideFolders = true; # overrides any folders added or deleted through the WebUI + settings = { + devices = { + "thinix" = { id = "3JHI72U-HQKX7S2-ITUD5U7-CS2P3TO-HM6Y6MZ-PFSUGWF-5OHHV7Q-NXYC5AP"; }; + }; + folders = { + # This is the mail folder to keep synced accross everything + # Its nice to have this declarativery and just work with the respectively ids + # "syncthing" = { + # "synct path = "/home/jonas/synced"; + # "synct devices = [ "thinix" ]; + # "synct ignorePerms = true; + # "synct versioning = { + # "synct type = "staggered"; + # "synct }; + # "synct}; + }; + }; + }; + }; + + services.nextcloud = { + enable = false; + # Use the defualt home + #home = "/mnt/nextcloudStorage"; + package = pkgs.nextcloud30; + hostName = "cloud.hahn1.one"; + settings = { + #trusted_domains = [""]; + }; + config = { + adminpassFile = config.sops.secrets.nextpass.path; + dbtype = "sqlite"; + }; + extraApps = {inherit (config.services.nextcloud.package.packages.apps) calendar ;}; + extraAppsEnable = true; + https = true; + configureRedis = true; + maxUploadSize = "1G"; + }; + + + # configure users for small machine + users = { + defaultUserShell = pkgs.zsh; + groups = { + nginx = {}; + nextcloud = {}; + podman = {}; + docker = {}; + }; + users = { + nginx = { + isSystemUser = true; + group = "nginx"; + }; + nextcloud = { + isSystemUser = true; + group = "nextcloud"; + }; + root = { + openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID44xurDPkTQr+f62llnHHAeXQRJi4JeVeo0vFL85CLA jonas@thinix'' ]; + }; + jonas = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" "podman" ]; + openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID44xurDPkTQr+f62llnHHAeXQRJi4JeVeo0vFL85CLA jonas@thinix'' ]; + packages = with pkgs; [ + neovim + pkgs.unstable.yazi + zsh + git + starship + eza + bat + lazygit + btop + gdu + fastfetch + sops + w3m + typst + tmux + wget + curl + pipx + fd + python3 + nodejs + gcc + gnumake + findutils.locate + gradle + lua + todo-txt-cli + ]; + }; + }; + }; + + #environment.etc."nginx/htpasswd/jondash".source = config.sops.secrets.jondash.path; + # source the local httppass for the nginx login + + environment.etc."nginx/htpasswd/jondash".source = ./htpasswd; + + networking.firewall = { + enable = true; + allowedTCPPorts = [3478 80 443 8080 ]; + allowedUDPPorts = [3478 ]; + }; + + # Services for the cloud + services = { + openssh.enable = true; + nginx = { + + + mapHashBucketSize = 128; + enable = true; + appendHttpConfig = '' + map $cookie_letmein $dash_hascookie { + include ${config.sops.templates.jontemp.path}; + default "no"; + } + + map $dash_hascookie $dash_authentication { + "yes" "off"; + default "Your credentials please"; + } + ''; + virtualHosts = { + "dash.hahn1.one" = { + forceSSL = true; + enableACME = true; + #basicAuth = { jonas = "1234"; }; + + locations."/" = { + proxyPass = "http://127.0.0.1:8000"; + proxyWebsockets = true; + + extraConfig = '' + auth_basic $dash_authentication; + auth_basic_user_file /etc/nginx/htpasswd/jondash; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + include ${config.sops.templates.jontemp2.path}; + ''; + }; + + }; + "sync.hahn1.one" = { + forceSSL = true; + enableACME = true; + #basicAuth = { jonas = "1234"; }; + + locations."/" = { + proxyPass = "http://127.0.0.1:8384"; + proxyWebsockets = true; + }; + + }; + + # Easter special for having a schintzeljagt that implements modern technology + "jagd.hahn1.one" = { + forceSSL = true; + enableACME = true; + #basicAuth = { jonas = "1234"; }; + + locations."/" = { + proxyPass = "http://127.0.0.1:2345"; + proxyWebsockets = true; + }; + + }; + + "dev.hahn1.one" = { + forceSSL = true; + enableACME = true; + + # This is of course not secure but better than to have nothing + # First one need to read this code to access + basicAuth = { dev = "dev"; }; + + # use a dev proxypass to test some applications + locations."/" = { + proxyPass = "http://127.0.0.1:8888"; + proxyWebsockets = true; + }; + + }; + + "cloud.hahn1.one" = { + enableACME = true; + addSSL = true; + + + locations."/" = { + proxyPass = "http://localhost:11000"; + proxyWebsockets = true; + }; + }; + "cool.hahn1.one" = { + enableACME = true; + addSSL = true; + + + locations."/" = { + proxyPass = "http://[::1]:${toString config.services.collabora-online.port}"; + proxyWebsockets = true; + }; + }; + "hahn1.one" = { + forceSSL = true; + enableACME = true; + default = true; + + locations."/" = { + root = "${pkgs.nginx}/html"; + index = "index.html"; + }; + }; + }; + }; + }; + + security.acme = { + acceptTerms = true; + + #TODO: activate this mail + defaults.email = "security@hahn1.one"; + }; + + + nixpkgs.config.allowUnfree = true; + nix.settings.experimental-features = ["flakes" "nix-command"]; + time.timeZone = "Europe/Berlin"; + + environment = { + sessionVariables = { + }; + systemPackages = with pkgs; [ + git + fastfetch + lazygit + unzip + fzf + zathura + + # everywhere support + starship + zoxide + + # add sync support + rsync + flock + unison + + # curl for scripting + curl + ]; + }; + + programs.zsh = { + enable = true; + autosuggestions.enable = true; + ohMyZsh = { + enable = true; + plugins = [ + "history-substring-search" + "git" + "zoxide" + "sudo" + "vi-mode" + "systemadmin" + ]; + }; + }; + + # In case of gui usage + programs = { + nix-ld.enable = true; + }; + + # This was generated by the infect script I may just keep it this way for + # Security reasons + system.stateVersion = "23.11"; +} + diff --git a/hosts/stranox-strato/hardware-configuration.nix b/hosts/stranox-strato/hardware-configuration.nix new file mode 100644 index 0000000..d634744 --- /dev/null +++ b/hosts/stranox-strato/hardware-configuration.nix @@ -0,0 +1,9 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub.device = "/dev/vda"; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; }; + +} diff --git a/hosts/stranox-strato/htpasswd b/hosts/stranox-strato/htpasswd new file mode 100644 index 0000000..34b4052 --- /dev/null +++ b/hosts/stranox-strato/htpasswd @@ -0,0 +1 @@ +jonas:$2y$05$PQhZXP4kXq/hGvPwMQQ6A.G9T4VnxG4PJE4RG16D7z/rZffd6ezYu diff --git a/hosts/thinix-thinkpad/configuration.nix b/hosts/thinix-thinkpad/configuration.nix new file mode 100644 index 0000000..33c8ea6 --- /dev/null +++ b/hosts/thinix-thinkpad/configuration.nix @@ -0,0 +1,191 @@ +# Configuratoin for my thinkpad t470s +{ pkgs, config, inputs, ... }: + +{ + imports = [ + # Import neccessities + ./hardware-configuration.nix + + # Import own modules + ../../users.nix + # ../../modules/workstation.nix + ../../modules/tweaks.nix + ../../modules/laptop.nix + ../../common.nix + + inputs.sops-nix.nixosModules.sops + ]; + + sops = { + defaultSopsFile = ../../../secrets.yaml; + defaultSopsFormat = "yaml"; + # hard code the username here + age.keyFile = "/home/jonas/.config/sops/age/keys.txt"; + templates = { + "davtemp" = { + owner = "root"; + content = ''${config.sops.placeholder.davurl} ${config.sops.placeholder.jondav} ${config.sops.placeholder.jondavpass}''; + mode = "0600"; + path = "/etc/davfs2/secrets"; + }; + }; + secrets = { + davurl = { + owner = "jonas"; + }; + jondav = { + owner = "jonas"; + }; + jondavpass = { + owner = "jonas"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ + # Opening ssh and the web + 80 + 443 + + # Dev ports + 8888 + 2345 + 8080 + ]; + programs.gnupg.agent = { + enable = true; + pinentryPackage = with pkgs; pinentry-all; + enableSSHSupport = true; + }; + + # Scanning over the network support + hardware.sane.enable = true; + hardware.sane.extraBackends = [ pkgs.sane-airscan ]; + hardware.sane.disabledDefaultBackends = [ "escl" ]; + services.udev.packages = [ pkgs.sane-airscan ]; + services.avahi.enable = true; + services.avahi.nssmdns = true; + + services.davfs2.enable = true; + + # ensure the mountpoint directory exists + systemd.tmpfiles.rules = [ + "d /mnt/webdav 0755 jonas users -" + #"d /var/cache/davfs2/sync.hahn1.one+mnt-webdav+jonas 0700 jonas users -" + ]; + + # Just works + systemd.mounts = [ + { + description = "Webdav mount point"; + #after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + + what = "https://sync.hahn1.one"; + where = "/mnt/webdav"; + type = "davfs"; + options = "uid=1000,gid=1000,file_mode=0664,dir_mode=2775,_netdev"; + mountConfig.TimeoutSec = "15s"; + #wantedBy = [ "multi-user.target" ]; + } + ]; + # systemd.automounts = [ + # { + # where = "/mnt/webdav"; + # wantedBy = [ "multi-user.target" ]; + # automountConfig = { + # TimeoutIdleSec = "20m"; + # }; + # } + # ]; + + + + nixpkgs.config.allowUnfree = true; + + services = { + syncthing = { + enable = true; + user = "jonas"; + # Have to set the bandwidth for the syncing manually for laptops + #guiAddress = "0.0.0.0:8384"; + dataDir = "/home/jonas/synced"; + configDir = "/home/jonas/.config/syncthing"; + overrideDevices = true; # overrides any devices added or deleted through the WebUI + overrideFolders = false; # overrides any folders added or deleted through the WebUI + settings = { + devices = { + "stranox" = { id = "KTFN5YR-NU2Y6EV-WU6D635-H2AUZTJ-KL6UIVE-L7N2EU5-GPY34N7-ZQ36MAI"; }; + }; + folders = { + # This is the mail folder to keep synced accross everything + # Auto opt in for the sync folder that is on the server + # Further down the line you can split your sync setup into multiple folders + ## "synced" = { + # path = "/home/jonas/syncedokay"; + # devices = [ "stranox" ]; + # ignorePerms = true; + # #fsWatcherDelayS="10"; + + # # Try to save battery with this + # # Remember to also look at options that are not in the + # # nixos options search + # fsWatcherEnabled = true; + # #disableFsync = true; + # pullerPauseS = 600; + # rescanIntervalS = 1200; + # versioning = { + # type = "staggered"; + # }; + #}; + }; + }; + }; + }; + + ###### TEMP AREA + + # security.krb5 = { + # enable = true; + # settings = { + # libdefaults = { + # default_realm = "UNI-GOETTINGEN.DE"; # Replace with actual realm + # }; + # }; + # }; + + # Thinkpad specific fingerprint reader does not work yet + # For further information see: https://gitlab.freedesktop.org/3v1n0/libfprint-tod-vfs0090 + #services.fprintd = { + # enable = true; + # tod = { + # enable = true; + # driver = pkgs.libfprint-2-tod1-vfs0090; + # }; + #}; + + ##### + + networking.hostName = "thinix"; + batMode = "double"; + + networking = { + networkmanager = { + wifi.powersave = true; + }; + }; + services.dnsmasq.enable = true; + + # Setting up swap in case of emergency + swapDevices = [ + { + device = "/swapfile"; + size = 4096; # size in MB (4096 MB = 4 GB) + } + ]; + + + # this does not work with flakes + #system.copySystemConfiguration = true; + system.stateVersion = "24.11"; +} diff --git a/hosts/thinix-thinkpad/hardware-configuration.nix b/hosts/thinix-thinkpad/hardware-configuration.nix new file mode 100644 index 0000000..74ac402 --- /dev/null +++ b/hosts/thinix-thinkpad/hardware-configuration.nix @@ -0,0 +1,30 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" ]; + + fileSystems = { + "/" = + { device = "/dev/disk/by-uuid/46a20748-374f-443c-813a-b79408520076"; + fsType = "ext4"; + }; + + "/boot" = + { device = "/dev/disk/by-uuid/4ED9-4D41"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + }; + + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..310afbc --- /dev/null +++ b/install.sh @@ -0,0 +1,46 @@ +#!/bin/sh + +# Script to link the configuration of a host to the current directory +# to the root to make access easier +# +# This does not need to be used when flakes is enabled +# Yes need for nvim integration of nixos + +cd $HOME/configuration/nixos + +directory="hosts" + +# List all folder names in the specified directory +echo "Known hosts:" +folders=() +counter=1 +for folder in "$directory"/*/; do + if [ -d "$folder" ]; then + folder_name=$(basename "$folder") + folders+=("$folder_name") + echo "$counter: $folder_name" + ((counter++)) + fi +done + +echo "Please select a host (number):" +read -p "> " folder_number + +# Validate the selection +if ! echo "$folder_number" | grep -Eq '^[1-9][0-9]*$'; then + echo "Invalid selection: You must enter a positive integer." + exit 1 +fi + +folder_index=$((folder_number - 1)) +if [ "$folder_index" -lt 0 ] || [ "$folder_index" -ge "${#folders[@]}" ]; then + echo "Invalid selection: Number out of range." + exit 1 +fi + +selected_folder="${folders[$folder_index]}" # Use the 0-based index +selected_folder_path="$directory/$selected_folder" + +ln -sf "$selected_folder_path/configuration.nix" "configuration.nix" +echo "Switched to host configuration in the current directory." + diff --git a/modules/common.nix b/modules/common.nix new file mode 100644 index 0000000..0cfbc72 --- /dev/null +++ b/modules/common.nix @@ -0,0 +1,108 @@ +{ pkgs, ... }: + +{ + imports = [ + ./modules/smalls/bootmode.nix + ]; + + services.locate.enable = true; + services.printing.enable = true; + + # nix fun + nixpkgs.config.allowUnfree = true; + nix.settings.experimental-features = ["flakes" "nix-command"]; + time.timeZone = "Europe/Berlin"; + + environment = { + sessionVariables = { + NIXOS_OZONE_WL = "1"; + QTWEBENGINE_CHROMIUM_FLAGS="--blink-settings=darkModeEnabled=true"; + QT_QPA_PLATFORMTHEME = "qt6ct"; # kvantum for dolphin and qt for sioyek?? + WLR_NO_HARDWARE_CURSORS= "1"; + QT_STYLE_OVERRIDE = "kvantum"; + QT_QPA_PLATFORM="xcb"; + }; + systemPackages = with pkgs; [ + git + fastfetch + tor-browser + spotify + android-studio + lazygit + unzip + + # everywhere support + starship + zoxide + kdePackages.qtsvg + + # add sync support + rsync + flock + + # curl for scripting + curl + ]; + pathsToLink = [ + "/share/icons" + ]; + }; + + networking = { + networkmanager = { + enable = true; + }; + }; + + fonts.packages = with pkgs; [ + nerd-fonts.fira-code + nerd-fonts.droid-sans-mono + noto-fonts + noto-fonts-cjk-sans + noto-fonts-emoji + fira-code + fira-code-symbols + ]; + + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + services.displayManager.ly = { + enable = true; + settings = { + clock = "%c"; + box_title = "HahnComp"; + clear_password = true; + default_input = "password"; + }; + }; + + programs.zsh = { + enable = true; + autosuggestions.enable = true; + ohMyZsh = { + enable = true; + plugins = [ + "history-substring-search" + "git" + "zoxide" + "sudo" + "vi-mode" + "systemadmin" + ]; + }; + }; + + # In case of gui usage + programs = { + hyprland.enable = true; + hyprlock.enable = true; + nix-ld.enable = true; + firefox.enable = true; + }; + +} diff --git a/modules/hardware/bootmode.nix b/modules/hardware/bootmode.nix new file mode 100644 index 0000000..5fa2bab --- /dev/null +++ b/modules/hardware/bootmode.nix @@ -0,0 +1,28 @@ +{ config, lib, ... }: + +let + inherit (lib) mkOption types; +in +{ + options.bootMode = mkOption { + type = types.enum [ "uefi" "legacy" ]; + default = "uefi"; + description = "Select boot mode: 'uefi' or 'legacy'."; + }; + + config = { + boot.consoleLogLevel = 0; + boot.kernelParams = [ "quiet" "udev.log_level=3" ]; + + boot.loader = if config.bootMode == "uefi" then { + efi.canTouchEfiVariables = true; + systemd-boot.enable = true; + timeout = 0; + } else { + grub.enable = true; + grub.device = "/dev/sda"; # <- replace with actual target disk + timeout = 0; + }; + }; +} + diff --git a/modules/hardware/gaming.nix b/modules/hardware/gaming.nix new file mode 100644 index 0000000..c3e266a --- /dev/null +++ b/modules/hardware/gaming.nix @@ -0,0 +1,20 @@ +{ pkgs, ... }: + +{ + ########## TEsting + + # Load nvidia driver for Xorg and Wayland + services.steam.enable = true; + services.xserver.videoDrivers = ["nvidia"]; + + # Enable OpenGL + # Optional nvidia + hardware.graphics = { + enable = true; + }; + + hardware.nvidia = { + modesetting.enable = true; + open = false; + }; +}; diff --git a/modules/hardware/laptop.nix b/modules/hardware/laptop.nix new file mode 100644 index 0000000..2e999e7 --- /dev/null +++ b/modules/hardware/laptop.nix @@ -0,0 +1,95 @@ +{ pkgs, config, lib, ... }: + +let + inherit (lib) mkOption types; +in + { + + options.batMode = mkOption { + type = types.enum [ "single" "double" ]; + default = "single"; + description = "Select 'single' for one battery and 'double' for dual setup"; + }; + + # Dont run a tandem with tlp + #options.services.auto-cpufreq.enable = true; + #options.services.auto-cpufreq.settings = { + # battery = { + # governor = "powersave"; + # turbo = "never"; + # }; + # charger = { + # governor = "performance"; + # turbo = "auto"; + # }; + #}; + + config = { + powerManagement.powertop.enable = true; + services.upower = { + enable = true; + + # In accordance with the waybar battery colors + percentageLow = 30; + percentageCritical = 20; + percentageAction = 10; + + #percentageAction = "PowerOff"; + criticalPowerAction = "PowerOff"; # This can destroy work + usePercentageForPolicy = true; + }; + + services.tlp = if config.batMode == "single" then { + enable = true; + settings = { + #Optional helps save long term battery health + # Going almost full because the other bat is also charged + # 0 NEW first + START_CHARGE_THRESH_BAT0 = 65; + STOP_CHARGE_THRESH_BAT0 = 85; + + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + #CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + + #CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + + CPU_MIN_PERF_ON_AC = 0; + CPU_MAX_PERF_ON_AC = 100; + CPU_MIN_PERF_ON_BAT = 0; + CPU_MAX_PERF_ON_BAT = 65; + + + }; + } else { + enable = true; + settings = { + # Have to keep it this way or + # Otherwise the buil in stop at 5% stops worky + # The problem is here that only the second battery gets seen from the charging cap + # Workaround. Just charge the battery when you use it and then turn manually the battery off + # I mean it is the state you generate now that you can use on any laptop. so + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + + CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + + CPU_MIN_PERF_ON_AC = 0; + CPU_MAX_PERF_ON_AC = 100; + CPU_MIN_PERF_ON_BAT = 0; + CPU_MAX_PERF_ON_BAT = 75; + + # 0 NEW first + START_CHARGE_THRESH_BAT0 = 60; + STOP_CHARGE_THRESH_BAT0 = 85; + + # 1 OLD second + START_CHARGE_THRESH_BAT1 = 60; + STOP_CHARGE_THRESH_BAT1 = 85; + }; + }; + + }; +} + diff --git a/modules/hardware/virt.nix b/modules/hardware/virt.nix new file mode 100644 index 0000000..152f159 --- /dev/null +++ b/modules/hardware/virt.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +{ + # Enable common container config files in /etc/containers + # virtualisation.containers.enable = true; + # virtualisation = { + # podman = { + # enable = true; + # dockerSocket.enable = true; + # dockerCompat = true; + # defaultNetwork.settings.dns_enabled = true; + # }; + # }; + # + # # Useful other development tools + # environment.systemPackages = with pkgs; [ + # dive # look into docker image layers + # podman-tui # status of containers in the terminal + # docker-compose # start group of containers for dev + # ]; + virtualisation.docker.enable = true; +} diff --git a/modules/hardware/workstation.nix b/modules/hardware/workstation.nix new file mode 100644 index 0000000..a3bb19a --- /dev/null +++ b/modules/hardware/workstation.nix @@ -0,0 +1,58 @@ +{ pkgs, ... }: + +{ + # Experiments with services + systemd = { + timers."sync-manage-hourly" = { + enable = false; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "10s"; # Start 10 seconds after boot + OnUnitActiveSec = "1h"; # Repeat every hour + Unit = "sync-manage.service"; # Points to the service unit + }; + }; + services = { + "shutdown-script" = { + enable = false; + description = "Run custom script on shutdown"; + after = [ "shutdown.target" ]; # Ensure it runs during shutdown + script = "/home/jonas/projects/scripts/check_git.sh"; # Specify the path to your script + serviceConfig = { + Type = "oneshot"; + User = "jonas"; # Run as jonas + WorkingDirectory = "/home/jonas"; # Set working directory to jonas' home + execStop = "/home/jonas/projects/scripts/check_git.sh"; # Specify the path to your script + # To ensure the script finishes before the system powers off + TimeoutStopSec = "30"; # You can adjust this if necessary + }; + # To ensure the script finishes before the system powers off + }; + "sync-manage" = { + script = '' + # Run the script from jonas' home directory + /home/jonas/projects/scripts/sync_manage.sh + ''; + serviceConfig = { + Type = "oneshot"; + User = "jonas"; # Run as jonas + WorkingDirectory = "/home/jonas"; # Set working directory to jonas' home + }; + }; + "sync-manage-shutdown" = { + enable = false; + script = '' + # Check if the system is connected to Wi-Fi + /home/jonas/projects/scripts/sync_manage.sh + ''; + serviceConfig = { + Type = "oneshot"; + User = "jonas"; # Run as jonas + ExecStop = "/usr/bin/true"; + RemainAfterExit = true; + }; + }; + }; + }; +} + diff --git a/modules/other/minecraft.nix b/modules/other/minecraft.nix new file mode 100644 index 0000000..5a217a9 --- /dev/null +++ b/modules/other/minecraft.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: + +{ + services.minecraft-server = { + enable = true; + eula = true; + openFirewall = true; + declarative = true; + serverProperties = { + server-port = 25565; + gamemode = 0; + max-players = 5; + motd = "NixOS Minecraft server on misox!"; + allow-cheats = true; + }; + }; +} + diff --git a/modules/other/xremap.nix b/modules/other/xremap.nix new file mode 100644 index 0000000..bb9578d --- /dev/null +++ b/modules/other/xremap.nix @@ -0,0 +1,64 @@ +{ pkgs, inputs, ... }: + +{ + imports = [ + inputs.xremap-flake.nixosModules.default + ]; + + services.xremap = { + withHypr = true; + userName = "jonas"; + config = { + #--------------- INFO ----------------- + # For the MOD2- part, the following prefixes can be used (also case-insensitive): + # Shift: SHIFT- + # Control: C- + # Alt: M- + # Windows: SUPER- + # You can use multiple prefixes like C-M-Shift-a. + # You may also suffix them with _L or _R (case-insensitive) so that remapping is triggered only on a left or right modifier, e.g. Ctrl_L-a. + # + # KEYS: https://github.com/emberian/evdev/blob/2d020f11b283b0648427a2844b6b980f1a268221/src/scancodes.rs#L26-L572 + modmap = [ + { + name = "Capslock -> Esc and Ctrl"; + remap = { + "CAPSLOCK" = { + "alone" = "ESC"; + "held" = "CTRL_L"; + "alone_timeout_millis"= 1000; + }; + "ESC" = "CAPSLOCK"; + # Disable this + "CTRL_L" = { + "alone" = "RESERVED"; + "held" = "RESERVED"; + }; + }; + } + { + name = "Switch Super and Alt"; + remap = { + "SUPER_L" = { + "alone" = "ALT_L"; + "held" = "ALT_L"; + }; + "ALT_L" = { + "alone" = "SUPER_L"; + "held" = "SUPER_L"; + }; + }; + } + ]; + #keymap = [ + # { + #name = "Remove the key next to z on a german keyboard"; + #remap = { + #"103ND" = "RESERVED"; + #}; + # For the cutting key KEY_SYSRQ RIGHTALT for altGR + # } + #]; + }; + }; +} diff --git a/modules/server/cloud.nix b/modules/server/cloud.nix new file mode 100644 index 0000000..2ce0efb --- /dev/null +++ b/modules/server/cloud.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +{ + # Setting the filesystem for nextcloud + fileSystems."/mnt/nextcloudStorage" = { + device = "/dev/disk/by-label/nextcloud"; + options = [ + "users" + ]; + }; + + # Activating the nextcloud servce not optimized + environment.etc."nextcloud-admin-pass".text = "PWD"; + services.nextcloud = { + enable = true; + home = "/mnt/nextcloudStorage"; + package = pkgs.nextcloud30; + hostName = "cloud.hahn1.one"; + settings = { + trusted_domains = ["misox"]; + }; + config = { + adminpassFile = "/etc/nextcloud-admin-pass"; + dbtype = "sqlite"; + }; + extraApps = {inherit (config.services.nextcloud.package.packages.apps) richdocuments news contacts calendar tasks;}; + extraAppsEnable = true; + https = true; + configureRedis = true; + maxUploadSize = "1G"; + }; +} + diff --git a/modules/server/collabora.nix b/modules/server/collabora.nix new file mode 100644 index 0000000..ffe49f1 --- /dev/null +++ b/modules/server/collabora.nix @@ -0,0 +1,55 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + # setup collabora config declaratively + systemd.services.nextcloud-config-collabora = let + inherit (config.services.nextcloud) occ; + + wopi_url = "http://[::1]:${toString config.services.collabora-online.port}"; + public_wopi_url = "https://cool.hahn1.one"; + wopi_allowlist = lib.concatStringsSep "," [ + "127.0.0.1" + "::1" + ]; + in { + wantedBy = ["multi-user.target"]; + after = ["nextcloud-setup.service" "coolwsd.service"]; + requires = ["coolwsd.service"]; + script = '' + ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_url --value ${lib.escapeShellArg wopi_url} + ${occ}/bin/nextcloud-occ config:app:set richdocuments public_wopi_url --value ${lib.escapeShellArg public_wopi_url} + ${occ}/bin/nextcloud-occ config:app:set richdocuments wopi_allowlist --value ${lib.escapeShellArg wopi_allowlist} + ${occ}/bin/nextcloud-occ richdocuments:setup + ''; + serviceConfig = { + Type = "oneshot"; + User = "nextcloud"; + }; + }; + + # setup the collabora server + services.collabora-online = { + enable = true; + port = 9980; # default + settings = { + # Rely on reverse proxy for SSL + ssl = { + enable = false; + termination = true; + + # this is for dev purposes + # can be enabled in production when there is a real certificate + ssl_verification = true; + }; + + # Listen on loopback interface only, and accept requests from ::1 + net = { + listen = "loopback"; + post_allow.host = ["::1"]; + }; + + # Set FQDN of server + server_name = "cool.hahn1.one"; + }; + }; +} diff --git a/modules/server/ddclient.nix b/modules/server/ddclient.nix new file mode 100644 index 0000000..4a37d3e --- /dev/null +++ b/modules/server/ddclient.nix @@ -0,0 +1,16 @@ +{ pkgs, config, lib, inputs, ...}: + +{ + + imports = + [ + #inputs.sops-nix.nixosModules.sops + ]; + + # also one can access the path and then cat it + services.ddclient = { + enable = true; + configFile = config.sops.templates."ddclient-temp".path; + }; + +} diff --git a/modules/server/default.nix b/modules/server/default.nix new file mode 100644 index 0000000..2e58e93 --- /dev/null +++ b/modules/server/default.nix @@ -0,0 +1,20 @@ +{ pkgs, config, lib, inputs, ...}: +let + thisDir = ./.; + nixFiles = builtins.attrNames (builtins.readDir thisDir); + moduleFiles = builtins.filter (name: builtins.match ".*\\.nix" name != null && name != "default.nix") nixFiles; + modules = builtins.map (name: thisDir + "/${name}") moduleFiles; +in { + # Import all the old modules + imports = modules; + + + ############ TEMP Module inputs + + + # Got from here https://nixos.wiki/wiki/OpenLDAP#Setting_up_a_server_with_SSL_certs_via_ACME + + + +} + diff --git a/modules/server/monitor.nix b/modules/server/monitor.nix new file mode 100644 index 0000000..e85f6e4 --- /dev/null +++ b/modules/server/monitor.nix @@ -0,0 +1,144 @@ + # MONITORING: services run on loopback interface + # nginx reverse proxy exposes services to network + +{ config, lib, pkgs, ... }: + +let + grafana_port = 7000; +in { + # Logging metrics + # Disable loki + services.loki = { + enable = false; + configuration = { + server.http_listen_port = 3100; + auth_enabled = false; + + ingester = { + lifecycler = { + address = "127.0.0.1"; + ring = { + kvstore = { + store = "inmemory"; + }; + replication_factor = 1; + }; + }; + chunk_idle_period = "1h"; + max_chunk_age = "1h"; + chunk_target_size = 999999; + chunk_retain_period = "30s"; + }; + + schema_config = { + configs = [{ + store = "tsdb"; + object_store = "filesystem"; + schema = "v13"; + index = { + prefix = "index_"; + period = "24h"; + }; + }]; + }; + + storage_config = { + tsdb_shipper = { + active_index_directory = "/var/lib/loki/tsdb-shipper-active"; + cache_location = "/var/lib/loki/tsdb-shipper-cache"; + cache_ttl = "24h"; + }; + + filesystem = { + directory = "/var/lib/loki/chunks"; + }; + }; + + limits_config = { + reject_old_samples = true; + reject_old_samples_max_age = "168h"; + }; + + + table_manager = { + retention_deletes_enabled = false; + retention_period = "0s"; + }; + + compactor = { + working_directory = "/var/lib/loki"; + compactor_ring = { + kvstore = { + store = "inmemory"; + }; + }; + }; + }; + }; + + # Disable + services.promtail = { + enable = false; + configuration = { + server = { + http_listen_port = 3031; + grpc_listen_port = 0; + }; + positions = { + filename = "/tmp/positions.yaml"; + }; + clients = [{ + url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; + }]; + scrape_configs = [{ + job_name = "journal"; + journal = { + max_age = "12h"; + labels = { + job = "systemd-journal"; + host = "misox"; + }; + }; + relabel_configs = [{ + source_labels = [ "__journal__systemd_unit" ]; + target_label = "unit"; + }]; + }]; + }; + }; + + # System metrics + services.prometheus = { + enable = true; + exporters = { + node = { + enable = true; + enabledCollectors = [ "systemd" "tcpstat" "processes" "interrupts" ]; + port = 9100; + }; + }; + #globalConfig.scrape_interval = "1m"; + scrapeConfigs = [{ + job_name = "node"; + static_configs = [{ + targets = [ + "localhost:${toString config.services.prometheus.exporters.node.port}" + ]; + }]; + }]; + }; + + # Dashboard + services.grafana = { + enable = true; + settings = { + server = { + http_addr = "127.0.0.1"; + http_port = 3000; + domain = "grafana.misox"; + #root_url = "http://misox:${toString grafana_port}/"; + }; + }; + }; +} + diff --git a/modules/server/networking.nix b/modules/server/networking.nix new file mode 100644 index 0000000..637d194 --- /dev/null +++ b/modules/server/networking.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +{ + networking.hostName = "misox"; # Define your hostname. + + + # networking.interfaces.eno1 = { + + # Assign a static IPv6 address (same as your example) + # ipv6.addresses = [ + # { + # address = "2003:ca:7f20:cf00:dd2d:ebde:44e6:7eca"; # Static IPv6 address + # prefixLength = 64; # Prefix length (usually 64) + # } + # ]; + # + # Enable temporary addresses (privacy addresses) as well + #ipv6.useTempAddresses = true; + #}; + + # The ping behind fritzbox still does not work + networking.enableIPv6 = true; + networking.firewall.allowedTCPPorts = [ + # Opening ssh and the web + 22 + + 80 + 443 + + + ############ + # Jonas Stuff + + # LifeDash Deploy + 8000 + ]; + + + + # Rewrite for local host support + # to make this global you need to confifure a custom dns + networking.hosts = { + "127.0.0.1" = [ "hahn1.one" "cloud.hahn1.one" "cool.hahn1.one" "grafana.hahn1.one"]; + "::1" = [ "hahn1.one" "cloud.hahn1.one" "cool.hahn1.one" "grafana.hahn1.one"]; + #"127.0.0.1" = ["nextcloud.misox" "default.misox" "grafana.misox" "collabora.misox"]; + #"::1" = ["nextcloud.misox" "grafana.misox" "default.misox" "collabora.misox"]; + }; + + networking.networkmanager.wifi.powersave = false; +} diff --git a/modules/server/nginx.nix b/modules/server/nginx.nix new file mode 100644 index 0000000..b57c442 --- /dev/null +++ b/modules/server/nginx.nix @@ -0,0 +1,107 @@ +{ config, lib, pkgs, ... }: + +{ + security.acme = { + acceptTerms = true; + defaults.email = "jonashahn1@gmx.net"; + #defaults.dnsProvider = "route53"; + #defaults.dnsResolver = "2606:4700:4700::1111"; + certs = { + "cloud.hahn1.one" = { + webroot = "/var/lib/acme/.challenges"; + group = "nginx"; + }; + }; + }; + users.users.nginx.extraGroups = [ "acme" ]; + + # Setting the port for nextcloud + services.nginx = let + # support for local vars + mkDevCert = name: commonName: + pkgs.runCommandLocal "${name}-dev-cert" { buildInputs = [ pkgs.openssl ]; } '' + mkdir -p $out + openssl req -x509 -newkey rsa:4096 -keyout $out/key.pem -out $out/cert.pem -days 3650 -nodes \ + -subj "/CN=${commonName}" + ''; + + # dev certs + # collaboraCert = mkDevCert "collabora-misox-cert" "collabora.misox"; + # nextCert = mkDevCert "nextcloud-misox-cert" "nextcloud.misox"; + # defCert = mkDevCert "default-misox-cert" "misox"; + + # default domain to use in the configuration + domain = "hahn1.one"; + in { + # enable nginx + enable = true; + recommendedProxySettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + + # setup virtual hosts + virtualHosts = { + # Expose nextcloud + # this is how to setup a dev cert route with ssl + #"${config.services.nextcloud.hostName}" = { + # enableACME = false; + # forceSSL = true; + + # sslCertificate = "${nextCert}/cert.pem"; + # sslCertificateKey = "${nextCert}/key.pem"; + #}; + + "${config.services.nextcloud.hostName}" = { + enableACME = true; + addSSL = true; + }; + + "grafana.${domain}" = { + enableACME = true; + addSSL = true; + + # this is to create a default listener + #listen = [{ addr = "0.0.0.0"; port = grafana_port;}]; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}"; + proxyWebsockets = true; + }; + }; + "acmechallenge.${domain}" = { + # Catchall vhost, will redirect users to HTTPS for all vhosts + serverAliases = [ "*.example.com" ]; + locations."/.well-known/acme-challenge" = { + root = "/var/lib/acme/.challenges"; + }; + locations."/" = { + return = "301 https://$host$request_uri"; + }; + }; + "cool.${domain}" = { + enableACME = true; + addSSL = true; + + + locations."/" = { + proxyPass = "http://[::1]:${toString config.services.collabora-online.port}"; + proxyWebsockets = true; + }; + }; + # This is the last and therefor occupies the http://misox? + # NO! + "${domain}" = { + default = true; + enableACME = true; + addSSL = true; + + locations."/" = { + root = "${pkgs.nginx}/html"; + index = "index.html"; + }; + + }; + }; + }; + +} + diff --git a/modules/server/services.nix b/modules/server/services.nix new file mode 100644 index 0000000..efc1f3f --- /dev/null +++ b/modules/server/services.nix @@ -0,0 +1,114 @@ +{ pkgs, config, lib, inputs, ...}: + +{ + # figure out how this works + services.openldap = { + enable = true; + + /* enable plain connections only */ + urlList = [ "ldap:///" ]; + + + settings = { + attrs = { + olcLogLevel = "conns config"; + }; + + children = { + "cn=schema".includes = [ + "${pkgs.openldap}/etc/schema/core.ldif" + "${pkgs.openldap}/etc/schema/cosine.ldif" + "${pkgs.openldap}/etc/schema/inetorgperson.ldif" + ]; + + "olcDatabase={1}mdb".attrs = { + objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ]; + + olcDatabase = "{1}mdb"; + olcDbDirectory = "/var/lib/openldap/data"; + + olcSuffix = "dc=example,dc=com"; + + /* your admin account, do not use writeText on a production system */ + olcRootDN = "cn=admin,dc=example,dc=com"; + olcRootPW.path = pkgs.writeText "olcRootPW" "pass"; + + olcAccess = [ + /* custom access rules for userPassword attributes */ + ''{0}to attrs=userPassword + by self write + by anonymous auth + by * none'' + + /* allow read on anything else */ + ''{1}to * + by * read'' + ]; + }; + }; + }; + }; + + # Enable all the old services on gullfoss + services.postgresql = { + enable = true; + ensureDatabases = [ "mydatabase" ]; + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local all all trust + ''; + }; + + # TODO: need to configure this + services.samba = { + enable = true; + openFirewall = true; + settings = { + global = { + "workgroup" = "WORKGROUP"; + "server string" = "smbnix"; + "netbios name" = "smbnix"; + "security" = "user"; + #"use sendfile" = "yes"; + #"max protocol" = "smb2"; + # note: localhost is the ipv6 localhost ::1 + "hosts allow" = "192.168.0. 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + }; + "public" = { + "path" = "/mnt/Shares/Public"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "yes"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "username"; + "force group" = "groupname"; + }; + "private" = { + "path" = "/mnt/Shares/Private"; + "browseable" = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "username"; + "force group" = "groupname"; + }; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; + + services.cron = { + enable = true; + systemCronJobs = [ + "*/5 * * * * root date >> /tmp/cron.log" + ]; + }; +} diff --git a/modules/services/mail.nix b/modules/services/mail.nix new file mode 100644 index 0000000..eb02ac8 --- /dev/null +++ b/modules/services/mail.nix @@ -0,0 +1,21 @@ +{ config, ... }: { + services.postfix = { + enable = true; + relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"]; + sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem"; + sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem"; + config = { + transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + }; + }; + services.mailman = { + enable = true; + serve.enable = true; + hyperkitty.enable = true; + webHosts = ["lists.example.org"]; + siteOwner = "mailman@example.org"; + }; + services.nginx.virtualHosts."lists.example.org".enableACME = true; + #networking.firewall.allowedTCPPorts = [ 25 80 443 ]; +} diff --git a/modules/services/realmail.nix b/modules/services/realmail.nix new file mode 100644 index 0000000..dede1a9 --- /dev/null +++ b/modules/services/realmail.nix @@ -0,0 +1,51 @@ +{ config, pkgs, ... }: { + imports = [ + (builtins.fetchTarball { + # Pick a release version you are interested in and set its hash, e.g. + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.05/nixos-mailserver-nixos-25.05.tar.gz"; + # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command: + # release="nixos-25.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack + sha256 = "0jpp086m839dz6xh6kw5r8iq0cm4nd691zixzy6z11c4z2vf8v85"; + }) + ]; + + mailserver = { + enable = true; + fqdn = "mail.hahn1.one"; + domains = [ "hahn1.one" ]; + + # A list of all login accounts. To create the password hashes, use + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' + loginAccounts = { + "jonas@hahn1.one" = { + # mail4jonas + hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C"; + aliases = ["postmaster@hahn1.one" "j@hahn1.one"]; + }; + "security@hahn1.one" = { + # mail4jonas + hashedPassword = "$2b$05$aOMZAUvp4p42su99UwQ0FeKPTVKrHBJX1w7IBG9J39rSjSqyT5Y7C"; + aliases = ["sec@hahn1.one"]; + }; + "christiane@hahn1.one" = { + # mail4jonas + hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q"; + aliases = ["ch@hahn1.one"]; + }; + "horst@hahn1.one" = { + # mail4jonas + hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q"; + aliases = ["ho@hahn1.one"]; + }; + "theo@hahn1.one" = { + # mail4jonas + hashedPassword = "$2b$05$nfE1Iou57TvnAH.BfFdsEOsrbxZDovNPVme3PTG/ZMAG3T6OC968q"; + aliases = ["th@hahn1.one"]; + }; + }; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = "acme-nginx"; + }; +} diff --git a/secrets.yaml b/secrets.yaml new file mode 100644 index 0000000..4750329 --- /dev/null +++ b/secrets.yaml @@ -0,0 +1,45 @@ +hello: ENC[AES256_GCM,data:k1EMjZbnlcpYw5pcRtQHGDfa/O++mQfxdr9vBHx+UFVFbofKaCKGEIdrVUE16Q==,iv:ahDFZ2w9BIpIANQSU02lNVx/iSUJD5PhlLATAjQmEdY=,tag:w5+8IWG8zb211Vc+UTwg3g==,type:str] +example_key: ENC[AES256_GCM,data:4CVDitfwYOtRsALv7w==,iv:vIEkeLKQCpMeyP/Mp11vQjZypzo0zzLF7anzuFWoDUY=,tag:UUbIEdXm/gDxibO3TfhXBA==,type:str] +#ENC[AES256_GCM,data:hwfnw+hvTTbmHlaWYWoLAw==,iv:88K6o0ZZu4ZuARI550FtyhoZ10iFAzTj29vz1bA4Bck=,tag:Fc9gf5OhVpMwiqvE9CfFGg==,type:comment] +example_array: + - ENC[AES256_GCM,data:/iY4JlQgSbdFm55zIaI=,iv:4oiPSEreBgBnjHi2kCHpoXwtbeE/22g190ZK/Jbz7zM=,tag:O7BBYRRpY0JauGoSirsxrg==,type:str] + - ENC[AES256_GCM,data:LyF7/r3tcUNx/K9q5Bc=,iv:2ZLTzW2SjqgtxSANvondkcTKYHHkvydg3k7aGQJKyjs=,tag:II6Xhhd7c2D1QAxooVwMjQ==,type:str] +example_number: ENC[AES256_GCM,data:de+xGQ8Pb450jw==,iv:3WbXWQ0YyxTaLx/+7yA2R+M7n/0ZyJmSsLuxiAaq/m8=,tag:a4rmGu/Df4pZWMarhCuM8Q==,type:float] +example_booleans: + - ENC[AES256_GCM,data:9PWfow==,iv:hfaqc++IWghsUxJv87L8wd77yDsntZnyQAcVko2HKCs=,tag:qmriScWcH8zDeArJQPX/vg==,type:bool] + - ENC[AES256_GCM,data:lz3qG1I=,iv:2+nsk/nyNyj2wt38rUjher78K0TbNptdQuAaxfdKCGg=,tag:O5EZqszgq0UClHe8B15cbA==,type:bool] +myservice: + my_subdir: + my_secret: ENC[AES256_GCM,data:pcuzeFjjOHRz,iv:LS237ulXm9ny9NTgtOwB9NuZFi+iOS7FF3PUynYn2+A=,tag:1CQhg8qTJEOYcUnGHH6igg==,type:str] +#ENC[AES256_GCM,data:oMysXorqjBLn7l958hU8VNHMTt8W9OiSBw==,iv:PkYp5iJDnHh1eXEx7rDiqktrJT72YqoJ23YO83ccISw=,tag:KOqkGcK+uoJm1ysHX7Ju8g==,type:comment] +strato_dns: ENC[AES256_GCM,data:r1EkuHQaBZavJ4gigWQWiuUofJDdZilV7Q==,iv:CApwM3Cxu4ouM/XRA0pSx8djZdFumHqDn1Aek6blP5Y=,tag:BZwXnb4UxTXh6hFmnEAvtw==,type:str] +strato_dns_bitzz: ENC[AES256_GCM,data:RvDhxUpVuxomxJf3ztnDAcz8bA==,iv:4CsTQOIkooWMaMUhDHlTiqY/cCMY/Mq30JvqIIGuvtk=,tag:o8l74idKgCDcYNU7Xwscaw==,type:str] +jondash: ENC[AES256_GCM,data:HMzqDX0h9K9t,iv:n2wvnotpc8GFa8cxRaXS7n+4D0LcdJqDZnLnSocs4vQ=,tag:3UUiJwCQvQIka56A5q+B9w==,type:str] +joncook: ENC[AES256_GCM,data:bXBOZcT56U37SMGr1Kn9Fo8liebhYK5IWQw/sdDmiKpR3UYfNI83M6/k0LcGgzQ4hBk=,iv:mBu8SkcmrB4GwgkgOjnKNrrJzCEoOklhwpKNmlHzja0=,tag:5Har5T/1YGW3coHtl1a4LQ==,type:str] +nextpass: ENC[AES256_GCM,data:0lqmtGeffL0=,iv:FpPtZVs0Tiu89FTQ1LJUHj+x1J3vQceETsJo3aw9Rq0=,tag:1RvnPH1+ZWcsAH2D3BO7nA==,type:str] +sync_thinix_id: null +gull-pg-pass: ENC[AES256_GCM,data:zDDo3c4zs1EcGpBlAW/u,iv:2605kZzsx8j+pyZujq0qiHTead4hxYCwl9AhRx+L+FQ=,tag:pcLt5hjycGtiio7UE/Zzuw==,type:str] +#ENC[AES256_GCM,data:2VpuKSNRHRnNO5TA,iv:mTnXBL4q2h/mjwky5GN+772F7yG2o/L6UV051M5EnQY=,tag:YIhd3xWMVMIsprbAHZDewA==,type:comment] +davurl: ENC[AES256_GCM,data:lutWFhf3BzSGodIAi56yGwpzCoj5DA==,iv:/+woUlolqgsefNq5YA3exodp4CM24CBP2MIPbLcVodk=,tag:3NXrHtWCyy/mDmMCpaboAA==,type:str] +jondav: ENC[AES256_GCM,data:YrK3O6A=,iv:UN7jfsqGWSuQi2CahbAISQmJnLFb2YaCKvhPGYniBiY=,tag:UF8JGYww/97q7K9DA5OH9g==,type:str] +jondavpass: ENC[AES256_GCM,data:+ZZYUhCiId7VXLw=,iv:Vte1+asf07oiBaKbJc8lM5slM4Icds+MnqHyMEXgjbk=,tag:Ujfeig7Govj6S2AesmH1OQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1a2kpues0gayampkn9pn2czhk24r0yl4jnw84qg4gh5l72dflx95qkmyqzv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncWNwT2F1ZkxhY3h4UFFs + U2lpM3lXdVZqNDFiSTRTaDI4UFFDRk1QNUUwCnpvdjAzNFQ0dnJ5Wm52b1hBUUFL + dzdHb0RwbU02Y3FzMkM2eFNPUzg2UGMKLS0tIDZrdXc1RFc5NUJNb0ZhclNuYUNX + dmFEc1hrR3czZTBzU2pLQ0ZUL3VPblEKRwy03xI+qiTMJsmG/pe/3WoB8c+vLtXo + kaYY18r3tICKfxQQyDWh3Gevo2+CGhblCcgJ3AnyWQBqIZwIudDuHw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-12T20:35:04Z" + mac: ENC[AES256_GCM,data:VsJS7ZrUdOKiRxH/J2JvMM2XXG/7I1YJJt6TFtomrkTCAg91jiBPKpSFwjV27ix8iizWUqGM06xnGkutl8Ed8Uo4VZKX+YcKfYr8h22tTNiFkVg+LGriY/VhPXl+Oe3CAfCBz3EZcuL1khXx/dsk0XMGyKEXID1IoYLO+Cmp4GM=,iv:WGe9Q7Hf7FSscl8PbYPtuhjOADcIpTPCuFG8fuEQCQ8=,tag:/e6Sym8SdYjfzlztzMhU9g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.4 diff --git a/users/admin/home.nix b/users/admin/home.nix new file mode 100644 index 0000000..61208b3 --- /dev/null +++ b/users/admin/home.nix @@ -0,0 +1,23 @@ +# Only config stuff you cannot config with dotfiles +# Or stuff that does not interfere with the dotfiles + +{ config, pkgs, inputs, ... }: + +{ + imports = [ + # Load all the to be installed packages + # inputs.xremap-flake.homeManagerModules.default + ]; + + home = { + username = "admin"; + homeDirectory = "/home/admin"; + sessionVariables = { + EDITOR = "nvim"; + }; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + home.stateVersion = "24.11"; +} diff --git a/users/guest/home.nix b/users/guest/home.nix new file mode 100644 index 0000000..170e6fc --- /dev/null +++ b/users/guest/home.nix @@ -0,0 +1,25 @@ +# Only config stuff you cannot config with dotfiles +# Or stuff that does not interfere with the dotfiles + +{ config, pkgs, inputs, ... }: + +{ + imports = [ + # Load all the to be installed packages + # inputs.xremap-flake.homeManagerModules.default + ]; + + + home = { + username = "guest"; + homeDirectory = "/home/guest"; + sessionVariables = { + EDITOR = "nvim"; + STATUS_USER = "guest"; + }; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + home.stateVersion = "24.11"; +} diff --git a/users/horst/home.nix b/users/horst/home.nix new file mode 100644 index 0000000..c781f4e --- /dev/null +++ b/users/horst/home.nix @@ -0,0 +1,24 @@ +# Only config stuff you cannot config with dotfiles +# Or stuff that does not interfere with the dotfiles + +{ config, pkgs, inputs, ... }: + +{ + imports = [ + # Load all the to be installed packages + # inputs.xremap-flake.homeManagerModules.default + ]; + + + home = { + username = "horst"; + homeDirectory = "/home/horst"; + sessionVariables = { + EDITOR = "nvim"; + }; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + home.stateVersion = "24.11"; +} diff --git a/users/jonas/backg.jpg b/users/jonas/backg.jpg new file mode 100644 index 0000000..05d45f0 Binary files /dev/null and b/users/jonas/backg.jpg differ diff --git a/users/jonas/home.nix b/users/jonas/home.nix new file mode 100644 index 0000000..897fd62 --- /dev/null +++ b/users/jonas/home.nix @@ -0,0 +1,137 @@ +# Only config stuff you cannot config with dotfilesho +# Or stuff that does not interfere with the dotfiles + +{ config, pkgs, inputs, ... }: + +{ + imports = [ + # Load all the to be installed packages + ./packages.nix + # inputs.xremap-flake.homeManagerModules.default + # inputs.stylix.homeManagerModules.stylix + ]; + + + # This is very build intense + # wayland.windowManager.hyprland = { + # enable = true; + # plugins = [ + # inputs.hyprland-plugins.packages.${pkgs.system}.hyprexpo + # ]; + # }; + services.gnome-keyring.enable = true; + home.packages = [ pkgs.gcr ]; # Provides org.gnome.keyring.SystemPrompter + + + # change the defaults because I can! + xdg.mimeApps = { + enable = true; + defaultApplications = { + # Set for web-related content + "text/html" = "firefox.desktop"; + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/about" = "firefox.desktop"; + "x-scheme-handler/unknown" = "firefox.desktop"; + "application/pdf" = "sioyek.desktop"; + "application/rnote" = "rnote.desktop"; + "video/mp4" = "mpv.desktop"; + "image/*" = "fehcustom.desktop"; + }; + }; + + # custom feh + xdg.desktopEntries.fehcustom = { + name = "FehCustom"; + terminal = false; + exec = "${pkgs.feh}/bin/feh -d --keep-zoom-vp --draw-exif --start-at %u"; + }; + + # xdg.desktopEntries.flowblade = { + # name = "Flowblade"; + # terminal = false; + # exec = "${pkgs.flowblade}/bin/flowblade"; + # }; + + home = { + username = "jonas"; + homeDirectory = "/home/jonas"; + sessionVariables = { + EDITOR = "nvim"; + HTTP_HOME = "duckduckgo.com"; + MANPAGER="nvim +Man!"; + + }; + shellAliases = { + testt = "echo 'test'"; + flk = "sudo nixos-rebuild switch --flake '~/configuration/nixos#'"; + }; + pointerCursor = { + gtk.enable = true; + name = "catppuccin-frappe-rosewater-cursors"; + package = pkgs.catppuccin-cursors.frappeRosewater; + #hyprcursor.enable = true; + #hyprcursor.size = 16; + size = 18; + }; + }; + + # stylix.enable = true; + # stylix.image = ./backg.jpg; + + # Theming gtk + gtk = { + enable = true; + iconTheme = { + package = pkgs.papirus-icon-theme; + name = "Papirus-Dark"; + }; + theme = { + name = "Adwaita-dark"; + package = pkgs.gnome-themes-extra; + }; + }; + + # Qt6 Configuration Tool (qt6ct) configuration + qt = { + enable = true; + platformTheme.name = "qtct"; + style.name = "Kvantum"; + }; + xdg.configFile."Kvantum/kvantum.kvconfig".source = (pkgs.formats.ini { }).generate "kvantum.kvconfig" { + General.theme = "Catppuccin-Frappe-Rosewater"; + }; + xdg.configFile."qt6ct/qt6ct.conf".source = pkgs.writeTextFile { + name = "qt6ct.conf"; + text = '' + [Appearance] + color_scheme_path=${pkgs.qt6ct}/share/qt6ct/colors/airy.conf + custom_palette=false + icon_theme=Papirus-Dark + standard_dialogs=default + style=kvantum + ''; + }; + + # starship - an customizable prompt for any shell + programs.starship = { + enable = true; + settings = { + add_newline = false; + aws.disabled = true; + gcloud.disabled = true; + line_break.disabled = true; + + sudo = { + disabled = false; + symbol = "SUDO "; + style = "bold red"; + }; + + }; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + home.stateVersion = "24.11"; +} diff --git a/users/jonas/home_lite.nix b/users/jonas/home_lite.nix new file mode 100644 index 0000000..12f9485 --- /dev/null +++ b/users/jonas/home_lite.nix @@ -0,0 +1,126 @@ +# Only config stuff you cannot config with dotfilesho +# Or stuff that does not interfere with the dotfiles + +{ config, pkgs, inputs, ... }: + +{ + imports = [ + # Load all the to be installed packages + ./packages.nix + # inputs.xremap-flake.homeManagerModules.default + # inputs.stylix.homeManagerModules.stylix + ]; + + + # This is very build intense +# wayland.windowManager.hyprland = { +# enable = true; +# plugins = [ +# inputs.hyprland-plugins.packages.${pkgs.system}.hyprexpo +# ]; +# }; + + + # change the defaults because I can! + xdg.mimeApps = { + enable = true; + defaultApplications = { + # Set for web-related content + "text/html" = "firefox.desktop"; + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/about" = "firefox.desktop"; + "x-scheme-handler/unknown" = "firefox.desktop"; + "application/pdf" = "sioyek.desktop"; + "video/mp4" = "mpv.desktop"; + "image/*" = "fehcustom.desktop"; + }; + }; + + # custom feh + xdg.desktopEntries.fehcustom = { + name = "FehCustom"; + terminal = false; + exec = "${pkgs.feh}/bin/feh -d --keep-zoom-vp --draw-exif --start-at %u"; + }; + + home = { + username = "jonas"; + homeDirectory = "/home/jonas"; + sessionVariables = { + EDITOR = "nvim"; + HTTP_HOME = "duckduckgo.com"; + MANPAGER="nvim +Man!"; + + }; + shellAliases = { + testt = "echo 'test'"; + flk = "sudo nixos-rebuild switch --flake '~/configuration/nixos#'"; + }; + pointerCursor = { + gtk.enable = true; + name = "catppuccin-frappe-rosewater-cursors"; + package = pkgs.catppuccin-cursors.frappeRosewater; + size = 18; + }; + }; + + # stylix.enable = true; + # stylix.image = ./backg.jpg; + + # Theming gtk + gtk = { + enable = true; + iconTheme = { + package = pkgs.papirus-icon-theme; + name = "Papirus-Dark"; + }; + theme = { + name = "Adwaita-dark"; + package = pkgs.gnome-themes-extra; + }; + }; + + # Qt6 Configuration Tool (qt6ct) configuration + qt = { + enable = true; + platformTheme.name = "qtct"; + style.name = "Kvantum"; + }; + xdg.configFile."Kvantum/kvantum.kvconfig".source = (pkgs.formats.ini { }).generate "kvantum.kvconfig" { + General.theme = "Catppuccin-Frappe-Rosewater"; + }; + xdg.configFile."qt6ct/qt6ct.conf".source = pkgs.writeTextFile { + name = "qt6ct.conf"; + text = '' + [Appearance] + color_scheme_path=${pkgs.qt6ct}/share/qt6ct/colors/airy.conf + custom_palette=false + icon_theme=Papirus-Dark + standard_dialogs=default + style=kvantum + ''; + }; + + # starship - an customizable prompt for any shell + programs.starship = { + enable = true; + settings = { + add_newline = false; + aws.disabled = true; + gcloud.disabled = true; + line_break.disabled = true; + + sudo = { + disabled = false; + symbol = "SUDO "; + style = "bold red"; + }; + + }; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + home.stateVersion = "24.11"; +} diff --git a/users/jonas/packages.nix b/users/jonas/packages.nix new file mode 100644 index 0000000..cbf7acd --- /dev/null +++ b/users/jonas/packages.nix @@ -0,0 +1,227 @@ +{ pkgs, ...}: + +{ + home.packages = with pkgs; [ + (catppuccin-kvantum.override { + accent = "rosewater"; + variant = "frappe"; + }) + weechat + just + iamb + wiki-tui + + # some helpers and new stuff to try + vscode + mise + direnv + nushell + visidata + vuls + + # add scanner + simple-scan + obsidian + rclone + + scc + broot + gron + xh + #jujutsu # this is currently insecure + pkgs.unstable.spotify-player + pipewire + mesa + + sops + gimp + audio-recorder + cheese + age + kdePackages.konsole + kdePackages.dolphin + git-lfs + + # Privacy stuff + tor + torsocks + w3m + timer + castero + qbittorrent + lynx + links2 + newsboat + discord + blender + audacity + slack + zoom-us + vlc + thunderbird + steam + obsidian + obs-studio + prismlauncher + inkscape + + shotcut + #openshot-qt + #flowblade + + papirus-folders + todo-txt-cli + systemctl-tui + acpi + zsh + feh + + watson + slides + + kdePackages.falkon + epiphany + imagemagick + xdragon + + luarocks + lua + + gradle + openjdk + chafa + + libpulseaudio + pavucontrol + findutils.locate + ethtool + qalculate-qt + wl-clip-persist + btop + fastfetch + zathura + eza + fuzzel + catppuccin-cursors + networkmanagerapplet + gdu + hyprpaper + tokei + fzf + gcc + gnumake + lazygit + nodejs + ripgrep + pkgs.signal-desktop + unison + trash-cli + starship + python3 + fd + ttyper + zoxide + vim + tofi + bat + clipse + dunst + killall + libreoffice + perl + pipx + wpgtk + waybar + stow + brightnessctl + anki + pkgs.unstable.typst + dnsmasq + davfs2 + mediainfo + powertop + #midori + exiftool + gtk4.dev + curl + sioyek + qt6.qtbase + + libpulseaudio + xournalpp + rnote + libinput + libGL + libglvnd + emacs + cargo + hyprshot + hyprpicker + hyprsunset + wl-clipboard + mpv + gitui + keepassxc + kitty + wlsunset + pkgs.unstable.yazi + neovim + htop + alpine + #tree + #pkgs.qt5.full + wget + tmux + + zip + xz + unzip + p7zip + + jq # A lightweight and flexible command-line JSON processor + yq-go # yaml processor https://github.com/mikefarah/yq + + mtr # A network diagnostic tool + iperf3 + dnsutils # `dig` + `nslookup` + ldns # replacement of `dig`, it provide the command `drill` + aria2 # A lightweight multi-protocol & multi-source command-line download utility + socat # replacement of openbsd-netcat + nmap # A utility for network discovery and security auditing + ipcalc # it is a calculator for the IPv4/v6 addresses + + # misc + cowsay + file + which + gnused + gnutar + gawk + zstd + gnupg + + # nix related + # it provides the command `nom` works just like `nix` + # with more details log output + nix-output-monitor + + # productivity + hugo # static site generator + glow # markdown previewer in terminal + + iotop # io monitoring + iftop # network monitoring + + # system call monitoring + strace # system call monitoring + ltrace # library call monitoring + lsof # list open files + + # system tools + sysstat + lm_sensors # for `sensors` command + pciutils # lspci + usbutils # lsusb + ]; +} + diff --git a/users/root/home.nix b/users/root/home.nix new file mode 100644 index 0000000..30b3c0c --- /dev/null +++ b/users/root/home.nix @@ -0,0 +1,86 @@ +# Only config stuff you cannot config with dotfiles +# Or stuff that does not interfere with the dotfiles + +# Changed my mind +# Just do whats fun + +{ config, pkgs, inputs, ... }: + +{ + imports = [ + # Load all the to be installed packages + # ./packages.nix + # inputs.xremap-flake.homeManagerModules.default + # inputs.stylix.homeManagerModules.stylix + ]; + + home = { + username = "root"; + sessionVariables = { + EDITOR = "nvim"; + HTTP_HOME = "duckduckgo.com"; + MANPAGER="nvim +Man!"; + + }; + shellAliases = { + testting = "echo 'test'"; + }; + }; + + home.packages = with pkgs; [ + acpi + zsh + zoxide + btop + yazi + unzip + feh + ]; + + programs.zsh = { + enable = true; + initContent = '' + # Load Starship prompt + eval "$(starship init zsh)" + ''; + }; + + programs.bash = { + enable = true; + bashrcExtra = '' + # Interactive shell check + [[ $- != *i* ]] && return + + # Load Starship prompt + if command -v starship >/dev/null 2>&1; then + eval "$(starship init bash)" + fi + + # Add any other bash aliases or functions here + alias ll='ls -l' + alias la='ls -A' + ''; + profileExtra = '' + # Source the bashrc + if [ -f ~/.bashrc ]; then + . ~/.bashrc + fi + ''; + }; + + # starship - an customizable prompt for any shell + programs.starship = { + enable = true; + settings = { + add_newline = false; + aws.disabled = true; + gcloud.disabled = true; + line_break.disabled = true; + + }; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + home.stateVersion = "24.11"; +} diff --git a/users/theo/home.nix b/users/theo/home.nix new file mode 100644 index 0000000..3cc63c1 --- /dev/null +++ b/users/theo/home.nix @@ -0,0 +1,24 @@ +# Only config stuff you cannot config with dotfiles +# Or stuff that does not interfere with the dotfiles + +{ config, pkgs, inputs, ... }: + +{ + imports = [ + # Load all the to be installed packages + # inputs.xremap-flake.homeManagerModules.default + ]; + + + home = { + username = "theo"; + homeDirectory = "/home/theo"; + sessionVariables = { + EDITOR = "nvim"; + }; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + home.stateVersion = "24.11"; +} diff --git a/users/users.nix b/users/users.nix new file mode 100644 index 0000000..c25e65f --- /dev/null +++ b/users/users.nix @@ -0,0 +1,37 @@ +{ config, lib, pkgs, ... }: + +{ + # Define a user account. Don't forget to set a password with ‘passwd’. + users.defaultUserShell = pkgs.zsh; + + # Define groups + users.groups.dummy = {}; + + users.users = { + jonas = { + isNormalUser = true; + extraGroups = [ "docker" "input" "scanner" "lp" "davfs2" "wheel" "audio" "networkmanager" ]; + }; + theo = { + isNormalUser = true; + }; + horst = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; + }; + gui = { + isNormalUser = true; + }; + shared = { + isNormalUser = true; + }; + dummy = { + # Testing what this does + isNormalUser = false; + isSystemUser = true; + + # Set this to be safe + group = "dummy"; + }; + }; +}