From 85fbdb5795fac7c6351924fc3cf4c195657595bd Mon Sep 17 00:00:00 2001 From: Jonas Hahn Date: Sun, 31 Aug 2025 22:38:24 +0200 Subject: [PATCH] Some lsp refactor. Made webdav finally work with some internet search --- .sops.yaml | 19 +++- flake.nix | 93 +++++++++---------- hosts/minoxy-workstation/configuration.nix | 3 +- hosts/nixyos-asus/configuration.nix | 3 +- hosts/thinix-thinkpad/configuration.nix | 3 +- modules/common/sops.nix | 8 ++ modules/{common.nix => essential.nix} | 1 + modules/hardware/nvidia.nix | 38 ++++---- modules/hardware/xremap.nix | 66 +++++++------- modules/laptop/battery.nix | 100 ++++++++++----------- modules/laptop/powersave.nix | 6 +- modules/services/scanning.nix | 14 +-- modules/services/webdav.nix | 26 ++++-- secrets.yaml | 25 ++++-- 14 files changed, 224 insertions(+), 181 deletions(-) create mode 100644 modules/common/sops.nix rename modules/{common.nix => essential.nix} (95%) diff --git a/.sops.yaml b/.sops.yaml index 77d327d..6e0f693 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,2 +1,19 @@ +# Documentation https://github.com/Mic92/sops-nix +# For example see here https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml + +# Get the public host key with +# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' + +# The user key should be in ~/.config/sops/age/keys.txt + keys: - - &primary age1a2kpues0gayampkn9pn2czhk24r0yl4jnw84qg4gh5l72dflx95qkmyqzv + - &jonas age1a2kpues0gayampkn9pn2czhk24r0yl4jnw84qg4gh5l72dflx95qkmyqzv + - &minoxy age1qddfn6apphafe4muvvv3vguxewa03ay2jlgqkng3uwwzfjw204dsfpt0uu + +creation_rules: + - path_regex: secrets.yaml + key_groups: + - age: + - *jonas + - *minoxy + diff --git a/flake.nix b/flake.nix index ef877b2..30236c5 100644 --- a/flake.nix +++ b/flake.nix @@ -1,52 +1,55 @@ { - description = "Main nixos system configuration management by Jonas Hahn"; + description = "Main nixos system configuration management by Jonas Hahn"; - inputs = { - nixpkgs.url = "nixpkgs/nixos-25.05"; - nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - sops-nix = { - url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - home-manager = { - url = "github:nix-community/home-manager/release-25.05"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - xremap-flake.url = "github:xremap/nix-flake?rev=8001f37b1ffe86e76b62f36afadee2f4acf90e70"; # One commit behind head - }; + inputs = { + nixpkgs.url = "nixpkgs/nixos-25.05"; + nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, home-manager, ... }@inputs: - let - system = "x86_64-linux"; + sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - overlay-unstable = final: prev: { - unstable = nixpkgs-unstable.legacyPackages.${prev.system}; - }; + home-manager = { + url = "github:nix-community/home-manager/release-25.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; - helperModules = [ - ({ config, pkgs, ... }: { - nixpkgs.overlays = [ overlay-unstable ]; - }) - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = { inherit inputs; }; - home-manager.users.jonas = import ./user/home.nix; - } - ]; + xremap-flake.url = + "github:xremap/nix-flake?rev=8001f37b1ffe86e76b62f36afadee2f4acf90e70"; # One commit behind head + }; - mkHost = name: path: - nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { inherit inputs; }; - modules = [ path ] ++ helperModules; - }; - in { - nixosConfigurations = { - thinix = mkHost "thinix" ./hosts/thinix-thinkpad/configuration.nix; - nixyos = mkHost "nixyos" ./hosts/nixyos-asus/configuration.nix; - minoxy = mkHost "minoxy" ./hosts/minoxy-workstation/configuration.nix; - }; - }; + outputs = + { self, nixpkgs, nixpkgs-unstable, sops-nix, home-manager, ... }@inputs: + let + system = "x86_64-linux"; + + overlay-unstable = final: prev: { + unstable = nixpkgs-unstable.legacyPackages.${prev.system}; + }; + + helperModules = [ + ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.users.jonas = import ./user/home.nix; + } + ]; + + mkHost = name: path: + nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { inherit inputs; }; + modules = [ path sops-nix.nixosModules.sops ] ++ helperModules; + }; + in { + nixosConfigurations = { + thinix = mkHost "thinix" ./hosts/thinix-thinkpad/configuration.nix; + nixyos = mkHost "nixyos" ./hosts/nixyos-asus/configuration.nix; + minoxy = mkHost "minoxy" ./hosts/minoxy-workstation/configuration.nix; + }; + }; } diff --git a/hosts/minoxy-workstation/configuration.nix b/hosts/minoxy-workstation/configuration.nix index 3696ad7..af17666 100644 --- a/hosts/minoxy-workstation/configuration.nix +++ b/hosts/minoxy-workstation/configuration.nix @@ -6,7 +6,8 @@ ./../../user/users.nix - ./../../modules/common.nix + ./../../modules/essential.nix + ./../../modules/common/sops.nix ./../../modules/services/webdav.nix diff --git a/hosts/nixyos-asus/configuration.nix b/hosts/nixyos-asus/configuration.nix index 2a7d4a8..709caa3 100644 --- a/hosts/nixyos-asus/configuration.nix +++ b/hosts/nixyos-asus/configuration.nix @@ -6,7 +6,8 @@ ./../../user/users.nix - ./../../modules/common.nix + ./../../modules/essential.nix + ./../../modules/common/sops.nix ./../../modules/hardware/xremap.nix ./../../modules/hardware/boot.nix diff --git a/hosts/thinix-thinkpad/configuration.nix b/hosts/thinix-thinkpad/configuration.nix index 37abbf5..450e533 100644 --- a/hosts/thinix-thinkpad/configuration.nix +++ b/hosts/thinix-thinkpad/configuration.nix @@ -6,7 +6,8 @@ ./../../user/users.nix - ./../../modules/common.nix + ./../../modules/essential.nix + ./../../modules/common/sops.nix ./../../modules/hardware/xremap.nix ./../../modules/hardware/boot.nix diff --git a/modules/common/sops.nix b/modules/common/sops.nix new file mode 100644 index 0000000..abdb420 --- /dev/null +++ b/modules/common/sops.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + sops.defaultSopsFile = ./../../secrets.yaml; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.age.keyFile = "/var/lib/sops-nix/key.txt"; + sops.age.generateKey = true; +} diff --git a/modules/common.nix b/modules/essential.nix similarity index 95% rename from modules/common.nix rename to modules/essential.nix index 131e8eb..75ab9a1 100644 --- a/modules/common.nix +++ b/modules/essential.nix @@ -3,6 +3,7 @@ { # Basic services services.locate.enable = true; + services.openssh.enable = true; # Nix fun nixpkgs.config.allowUnfree = true; diff --git a/modules/hardware/nvidia.nix b/modules/hardware/nvidia.nix index 48b6b83..29ed959 100644 --- a/modules/hardware/nvidia.nix +++ b/modules/hardware/nvidia.nix @@ -1,26 +1,26 @@ { config, ... }: { - hardware.graphics = { - enable = true; - }; - services.xserver.videoDrivers = ["nvidia"]; - hardware.nvidia = { - modesetting.enable = true; - powerManagement.enable = false; - open = false; - nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.stable; - }; + hardware.graphics = { enable = true; }; + + services.xserver.videoDrivers = [ "nvidia" ]; + + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = false; + open = false; + nvidiaSettings = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; # Cuda for blender long build times - #environment.systemPackages = with pkgs; [ - # (blender.override { - # cudaSupport = true; - # }) - #]; + #environment.systemPackages = with pkgs; [ + # (blender.override { + # cudaSupport = true; + # }) + #]; - # This causes very long build times - #nixpkgs.config.cudaSupport = true; - #hardware.enableAllFirmware = true; + # This causes very long build times + #nixpkgs.config.cudaSupport = true; + #hardware.enableAllFirmware = true; } diff --git a/modules/hardware/xremap.nix b/modules/hardware/xremap.nix index 1fc5aa7..6cccb12 100644 --- a/modules/hardware/xremap.nix +++ b/modules/hardware/xremap.nix @@ -1,39 +1,37 @@ { inputs, ... }: { - imports = [ - inputs.xremap-flake.nixosModules.default - ]; + imports = [ inputs.xremap-flake.nixosModules.default ]; - services.xremap = { - withHypr = true; - userName = "jonas"; - config = { - modmap = [ - { - name = "Capslock to esc and ctrl"; - remap = { - "CAPSLOCK" = { - "alone" = "ESC"; - "held" = "CTRL_L"; - }; - "ESC" = "CAPSLOCK"; - }; - } - { - name = "Switch super and alt"; - remap = { - "SUPER_L" = { - "alone" = "ALT_L"; - "held" = "ALT_L"; - }; - "ALT_L" = { - "alone" = "SUPER_L"; - "held" = "SUPER_L"; - }; - }; - } - ]; - }; - }; + services.xremap = { + withHypr = true; + userName = "jonas"; + config = { + modmap = [ + { + name = "Capslock to esc and ctrl"; + remap = { + "CAPSLOCK" = { + "alone" = "ESC"; + "held" = "CTRL_L"; + }; + "ESC" = "CAPSLOCK"; + }; + } + { + name = "Switch super and alt"; + remap = { + "SUPER_L" = { + "alone" = "ALT_L"; + "held" = "ALT_L"; + }; + "ALT_L" = { + "alone" = "SUPER_L"; + "held" = "SUPER_L"; + }; + }; + } + ]; + }; + }; } diff --git a/modules/laptop/battery.nix b/modules/laptop/battery.nix index ed40dcd..2af4623 100644 --- a/modules/laptop/battery.nix +++ b/modules/laptop/battery.nix @@ -1,67 +1,65 @@ { config, lib, ... }: -let - inherit (lib) mkOption types; -in - { +let inherit (lib) mkOption types; +in { - options.batMode = mkOption { - type = types.enum [ "single" "double" ]; - default = "single"; - }; + options.batMode = mkOption { + type = types.enum [ "single" "double" ]; + default = "single"; + }; - config = { - powerManagement.powertop.enable = true; - services.upower = { - enable = true; + config = { + powerManagement.powertop.enable = true; + services.upower = { + enable = true; - # In accordance with the waybar battery colors - percentageLow = 30; - percentageCritical = 20; - percentageAction = 10; + # In accordance with the waybar battery colors + percentageLow = 30; + percentageCritical = 20; + percentageAction = 10; - criticalPowerAction = "PowerOff"; # This can destroy work - usePercentageForPolicy = true; - }; + criticalPowerAction = "PowerOff"; # This can destroy work + usePercentageForPolicy = true; + }; - services.tlp = if config.batMode == "single" then { - enable = true; - settings = { - START_CHARGE_THRESH_BAT0 = 65; - STOP_CHARGE_THRESH_BAT0 = 85; + services.tlp = if config.batMode == "single" then { + enable = true; + settings = { + START_CHARGE_THRESH_BAT0 = 65; + STOP_CHARGE_THRESH_BAT0 = 85; - CPU_SCALING_GOVERNOR_ON_AC = "performance"; - CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; - CPU_MIN_PERF_ON_AC = 0; - CPU_MAX_PERF_ON_AC = 100; - CPU_MIN_PERF_ON_BAT = 0; - CPU_MAX_PERF_ON_BAT = 65; - }; - } else { - enable = true; - settings = { - CPU_SCALING_GOVERNOR_ON_AC = "performance"; - CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + CPU_MIN_PERF_ON_AC = 0; + CPU_MAX_PERF_ON_AC = 100; + CPU_MIN_PERF_ON_BAT = 0; + CPU_MAX_PERF_ON_BAT = 65; + }; + } else { + enable = true; + settings = { + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; - CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; - CPU_MIN_PERF_ON_AC = 0; - CPU_MAX_PERF_ON_AC = 100; - CPU_MIN_PERF_ON_BAT = 0; - CPU_MAX_PERF_ON_BAT = 75; + CPU_MIN_PERF_ON_AC = 0; + CPU_MAX_PERF_ON_AC = 100; + CPU_MIN_PERF_ON_BAT = 0; + CPU_MAX_PERF_ON_BAT = 75; - # 0 is first - START_CHARGE_THRESH_BAT0 = 60; - STOP_CHARGE_THRESH_BAT0 = 85; + # 0 is first + START_CHARGE_THRESH_BAT0 = 60; + STOP_CHARGE_THRESH_BAT0 = 85; - # 1 is second - START_CHARGE_THRESH_BAT1 = 60; - STOP_CHARGE_THRESH_BAT1 = 85; - }; - }; + # 1 is second + START_CHARGE_THRESH_BAT1 = 60; + STOP_CHARGE_THRESH_BAT1 = 85; + }; + }; - }; + }; } diff --git a/modules/laptop/powersave.nix b/modules/laptop/powersave.nix index 1e8cf4b..e7aa8c8 100644 --- a/modules/laptop/powersave.nix +++ b/modules/laptop/powersave.nix @@ -1,9 +1,5 @@ { ... }: { - networking = { - networkmanager = { - wifi.powersave = true; - }; - }; + networking = { networkmanager = { wifi.powersave = true; }; }; } diff --git a/modules/services/scanning.nix b/modules/services/scanning.nix index b15b9b9..2497cf7 100644 --- a/modules/services/scanning.nix +++ b/modules/services/scanning.nix @@ -1,11 +1,11 @@ { pkgs, ... }: { - # Scanning over the network support - hardware.sane.enable = true; - hardware.sane.extraBackends = [ pkgs.sane-airscan ]; - hardware.sane.disabledDefaultBackends = [ "escl" ]; - services.udev.packages = [ pkgs.sane-airscan ]; - services.avahi.enable = true; - services.avahi.nssmdns = true; + # Scanning over the network support + hardware.sane.enable = true; + hardware.sane.extraBackends = [ pkgs.sane-airscan ]; + hardware.sane.disabledDefaultBackends = [ "escl" ]; + services.udev.packages = [ pkgs.sane-airscan ]; + services.avahi.enable = true; + services.avahi.nssmdns = true; } diff --git a/modules/services/webdav.nix b/modules/services/webdav.nix index 1a36867..87a2ba0 100644 --- a/modules/services/webdav.nix +++ b/modules/services/webdav.nix @@ -1,20 +1,22 @@ -{ inputs, ... }: +{ ... }: { - imports = [ inputs.sops-nix.nixosModules.sops ]; - # For web mounting services.davfs2.enable = true; - # Maybe the failed encryption is due to the btrfs system please remove this in the future + # Load the secret sops = { - defaultSopsFile = ./../../secrets.yaml; - age.keyFile = "/home/jonas/.config/sops/age/keys.txt"; - secrets = { webdav_secret = { path = "/etc/davfs2/secrets"; }; }; + secrets = { + webdav_authstring = { + mode = "0600"; + path = "/etc/davfs2/secrets"; + }; + }; }; systemd.mounts = [{ - description = "WebDAV mount point"; + description = "Webdav mount point"; + after = [ "network-online.target" ]; wants = [ "network-online.target" ]; what = "https://dav.hahn1.one"; where = "/mnt/webdav"; @@ -22,4 +24,12 @@ options = "uid=1000,gid=1000,file_mode=0664,dir_mode=2775,_netdev"; mountConfig.TimeoutSec = "5s"; }]; + + # Is this too much power drain? + systemd.automounts = [{ + description = "Webdav automount"; + where = "/mnt/webdav"; + wantedBy = [ "multi-user.target" ]; + automountConfig = { TimeoutIdleSec = "2m"; }; + }]; } diff --git a/secrets.yaml b/secrets.yaml index 14b7f53..4e7a623 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -1,16 +1,25 @@ -webdav_secret: ENC[AES256_GCM,data:OZyEFW/Aw2dPqZFvZoPWA/BBO7k/lzw0UVffuuEuNBTkjN+eHAxFZw==,iv:Y6kTyMb5wD5iJ1g6OHPiHGuu8qFjiduau0mjcS8KLjs=,tag:97OIL+aegLCMjlJM0SdJBg==,type:str] +webdav_authstring: ENC[AES256_GCM,data:9Q9hEgwNjKs75/5KDok4DGQZ7EAJakcFYLLjehmVDzgdXJyv8D52oQ==,iv:dWGWgZXyw49zJqIbPdy4zpGzGk5H/m47DV08NB1w9go=,tag:PAVUDk8+6ZXlD8o8MHyD3Q==,type:str] sops: age: - recipient: age1a2kpues0gayampkn9pn2czhk24r0yl4jnw84qg4gh5l72dflx95qkmyqzv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncWNwT2F1ZkxhY3h4UFFs - U2lpM3lXdVZqNDFiSTRTaDI4UFFDRk1QNUUwCnpvdjAzNFQ0dnJ5Wm52b1hBUUFL - dzdHb0RwbU02Y3FzMkM2eFNPUzg2UGMKLS0tIDZrdXc1RFc5NUJNb0ZhclNuYUNX - dmFEc1hrR3czZTBzU2pLQ0ZUL3VPblEKRwy03xI+qiTMJsmG/pe/3WoB8c+vLtXo - kaYY18r3tICKfxQQyDWh3Gevo2+CGhblCcgJ3AnyWQBqIZwIudDuHw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGV1BLWnpIWlVCMHRLRFJR + UXhBOGFNN2ZMd1JNVGhyOU12b1JaajNBYUh3CkZFNzR6NElhYldQbmtTTlpIK0sx + UUVZb3BqYWEwQUxiTklKeGJFYmxUaWcKLS0tIDExc1lqV3BITzA3ME9jM3FWU09V + Q2p1UHVBNW54UnIydU5yM25OK0llRkUKnr2SftBM+rBFfakhoHL1UyVm9BIgmW05 + ARXyD4DR2MF5pPRnE6s1avfocX4IObB0xNHeuOegXUYhKWlSkTztNw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-31T02:50:46Z" - mac: ENC[AES256_GCM,data:Gl7cLnEJ3TVL4gS4CAZQESJyzVWqm3aSLN/doLBHnAYL/Shu42ygJuuT+jKdFXo4tXKjYJuvw7gmuoVFx0L23lRpqUeU4b9fExmJX/ZVGZwJC3nreFCBqx8LWkF2cGtZJ1HObu97EzlKBxQ8c/QZZ/v3C4pAfwxNNiVavu8BUfg=,iv:qeKjETggLjtCNCyuM2z5WX4JGPcxcN99QBPQmK/a0NE=,tag:NwV56PeRGcxsdn46lre2Sg==,type:str] + - recipient: age1qddfn6apphafe4muvvv3vguxewa03ay2jlgqkng3uwwzfjw204dsfpt0uu + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQUlLNm5wdHc1Q3VFZFZQ + eEN2VzkycStHQUlMK1MrdElrYTFJN0VCUFgwCjlsT1BpZVNWdzBmeDdSbXpTbEtB + MEhXVTJ1czRSLzdXQ0l2bzlLMU53ak0KLS0tIG5yUHVQSDk3eTJTenBDNXhGYXk2 + SnM5V2VDMmxiRExqeFZrcm01ME5FRlUKCq047F8LGPCAdcpLBr66O4FVAt9q7Ug6 + o5Dpn6Mo5c08tdF2m88Q1fXMSXIpfdTJCffIjk82WiU4M3Ni/8Mmaw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-31T20:35:46Z" + mac: ENC[AES256_GCM,data:trZFOIIrxWXpj5+qL1fWGYWBKlnkU+SSqra+k1S7NW3LtSsmx1ZW/qRCSoiFIJeP+jWEQ32S95d53Kt2Fw0hta+7r/rMc9MOwmy4U/ML66p0bj7A57QZQ1sbi3fkEbCSRU3G0es215I8Db7zeyBXBSfqoukBekcs3GsESBDVhkQ=,iv:Z2CNOzLWB/DRPoekiwroU4aftEhm2hYzXx9Vzmz7EA0=,tag:0PsB6B2RHu6l0EZlaYkqKA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2