kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format

Browse Source
This commit is contained in:
Kopatz
2025-03-18 16:27:20 +01:00
parent 923ab37209
commit cc32af7b80
131 changed files with 2383 additions and 2224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
flake.nix
View File

@@ -63,9 +63,25 @@
# inputs.nixpkgs.follows = "nixpkgs-unstable";
#};
};
outputs = { self, nur, nixpkgs, nixos-hardware, nixos-wsl, nixpkgs-unstable
, agenix, home-manager, home-manager-unstable, nix-colors, nixos-cosmic
, nixvim, nixos-generators, stylix, disko, flake-utils, ... }@inputs:
outputs =
{ self
, nur
, nixpkgs
, nixos-hardware
, nixos-wsl
, nixpkgs-unstable
, agenix
, home-manager
, home-manager-unstable
, nix-colors
, nixos-cosmic
, nixvim
, nixos-generators
, stylix
, disko
, flake-utils
, ...
}@inputs:
let
inherit (self) outputs;
system = "x86_64-linux";
@@ -82,30 +98,41 @@
defaultModules = [ ./modules agenix.nixosModules.default overlays ];
merge = list:
builtins.foldl' (acc: elem: nixpkgs.lib.recursiveUpdate acc elem) { }
list;
list;
# helper function to create a machine
mkHost = { modules, specialArgs ? {
pkgsVersion = nixpkgs-unstable;
home-manager-version = home-manager-unstable;
}, system ? "x86_64-linux", minimal ? false, graphical ? true }:
mkHost =
{ modules
, specialArgs ? {
pkgsVersion = nixpkgs-unstable;
home-manager-version = home-manager-unstable;
}
, system ? "x86_64-linux"
, minimal ? false
, graphical ? true
}:
let lib = specialArgs.pkgsVersion.lib;
in specialArgs.pkgsVersion.lib.nixosSystem {
inherit system;
modules = modules ++ defaultModules ++ lib.lists.optionals (!minimal)
[ specialArgs.home-manager-version.nixosModules.home-manager ]
++ lib.lists.optionals (!minimal && graphical) [
./modules/graphical
stylix.nixosModules.stylix
./modules/graphical/stylix.nix
nixos-cosmic.nixosModules.default
./modules/graphical/cosmic.nix
];
./modules/graphical
stylix.nixosModules.stylix
./modules/graphical/stylix.nix
nixos-cosmic.nixosModules.default
./modules/graphical/cosmic.nix
];
specialArgs = specialArgs // { inherit inputs outputs; };
};
mkStableServer = { modules, specialArgs ? {
pkgsVersion = nixpkgs;
home-manager-version = home-manager;
}, system ? "x86_64-linux", minimal ? false }:
mkStableServer =
{ modules
, specialArgs ? {
pkgsVersion = nixpkgs;
home-manager-version = home-manager;
}
, system ? "x86_64-linux"
, minimal ? false
}:
let lib = specialArgs.pkgsVersion.lib;
in specialArgs.pkgsVersion.lib.nixosSystem {
inherit system;
@@ -141,7 +168,8 @@
};
};
});
in {
in
{
overlays = import ./overlays.nix { inherit inputs; };
nixosConfigurations = {

36
home-manager/code.nix
View File

@@ -1,22 +1,24 @@
{ osConfig, config, pkgs, inputs, lib, ... }: {
config = lib.mkIf osConfig.custom.graphical.code.enable rec {
home.activation.makeVSCodeConfigWritable = let
configDirName = {
"vscode" = "Code";
"vscode-insiders" = "Code - Insiders";
"vscodium" = "VSCodium";
}.${programs.vscode.package.pname};
configPath =
"${config.xdg.configHome}/${configDirName}/User/settings.json";
in {
after = [ "writeBoundary" ];
before = [ ];
data = ''
if [ -e "$(readlink ${configPath})" ]; then
install -m 0640 "$(readlink ${configPath})" ${configPath}
fi
'';
};
home.activation.makeVSCodeConfigWritable =
let
configDirName = {
"vscode" = "Code";
"vscode-insiders" = "Code - Insiders";
"vscodium" = "VSCodium";
}.${programs.vscode.package.pname};
configPath =
"${config.xdg.configHome}/${configDirName}/User/settings.json";
in
{
after = [ "writeBoundary" ];
before = [ ];
data = ''
if [ -e "$(readlink ${configPath})" ]; then
install -m 0640 "$(readlink ${configPath})" ${configPath}
fi
'';
};
programs.vscode = {
enable = true;
package = pkgs.vscodium;

12
home-manager/direnv.nix
View File

@@ -1,8 +1,8 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
programs.direnv = {
enable = true;
enableZshIntegration = true;
nix-direnv.enable = true;
};
programs.direnv = {
enable = true;
enableZshIntegration = true;
nix-direnv.enable = true;
};
}

4
home-manager/firefox/config/browser-features.nix
View File

@@ -122,9 +122,9 @@
"pdfjs.enableScripting" = true;
# copied these from a blog
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.feeds.asrouterfeed" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
"browser.ping-centre.telemetry" = false;
"devtools.onboarding.telemetry.logged" = false;
"accessibility.force_disabled" = 1;

3
home-manager/firefox/default.nix
View File

@@ -58,7 +58,8 @@ let
};
};
};
in {
in
{
stylix = lib.mkIf osConfig.custom.graphical.stylix.enable {
targets.firefox = {
profileNames = [ "default" ];

3
home-manager/floorp/default.nix
View File

@@ -58,7 +58,8 @@ let
};
};
};
in {
in
{
programs.floorp = {
enable = true;
policies = {

2
home-manager/gitconfig.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
home.file.".gitconfig" = {
enable = true;

262
home-manager/hyprland/hyprland-settings.nix
View File

@@ -12,7 +12,8 @@ let
'';
monitor1 = if isPc then "DP-1" else if isLaptop then "eDP-1" else "eDP-1";
monitor2 = "HDMI-A-1";
in {
in
{
config = lib.mkIf cfg.enable {
home.file.".config/hypr/hyprshade.toml".source =
@@ -29,21 +30,22 @@ in {
#
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor = if isPc then [
"${monitor2},1920x1080@60,0x0,1"
"${monitor1},2560x1440@144,1920x0,1"
"Unknown-1,disable"
] else if isLaptop then [
# laptop
"eDP-1,1920x1080@60,0x0,1"
#"DP-3,1920x1080@60,1920x0,1"
#",preferred,auto,1,mirror,eDP-1"
",preferred,auto,auto"
] else
[
# Default
monitor =
if isPc then [
"${monitor2},1920x1080@60,0x0,1"
"${monitor1},2560x1440@144,1920x0,1"
"Unknown-1,disable"
] else if isLaptop then [
# laptop
"eDP-1,1920x1080@60,0x0,1"
#"DP-3,1920x1080@60,1920x0,1"
#",preferred,auto,1,mirror,eDP-1"
",preferred,auto,auto"
];
] else
[
# Default
",preferred,auto,auto"
];
workspace =
lib.lists.optionals (osConfig.networking.hostName == "kop-pc") [
@@ -181,90 +183,92 @@ in {
"$mainMod" = "SUPER";
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = let
rofi = "${pkgs.rofi-wayland}/bin/rofi";
kitty = "${pkgs.kitty}/bin/kitty";
#dolphin = "${pkgs.dolphin}/bin/dolphin";
thunar = "${pkgs.xfce.thunar}/bin/thunar";
wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";
wl-paste = "${pkgs.wl-clipboard}/bin/wl-paste";
grim = "${pkgs.grim}/bin/grim";
slurp = "${pkgs.slurp}/bin/slurp";
swww = "${pkgs.swww}/bin/swww";
pdfgrep = "${pkgs.pdfgrep}/bin/pdfgrep";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
#swaylock = "${pkgs.swaylock}/bin/swaylock";
hyprlock = "${pkgs.hyprlock}/bin/hyprlock";
playerctl = "${pkgs.playerctl}/bin/playerctl";
in [
"$mainMod, Q, exec, ${kitty}"
"$mainMod, C, killactive"
#"$mainMod, L, exec, ${swaylock} -f -c 000000"
"$mainMod, L, exec, ${hyprlock}"
"$mainMod, M, exit,"
"$mainMod, E, exec, ${thunar}"
"$mainMod, F, fullscreen"
"$mainMod, V, togglefloating"
"$mainMod, I, exec, ${rofi} -show drun -show-icons"
''
$mainMod, S, exec, cat ~/songs | shuf -n 1 | sed "s/^/b.p /g" | ${wl-copy}''
"$mainMod, R, exec, ${swww} img $(ls -d /synced/default/dinge/Bg/* | shuf -n 1)"
"$mainMod, W, exec, ${swww} img ${config.stylix.image}"
" , Print, exec, ${grim} -g \"$(${slurp} -d)\" - | ${wl-copy}"
''
$mainMod, Print, exec, ${grim} -g "$(${slurp} -d)" /tmp/$(date +'%s_grim.png')''
''
Shift_L, Print, exec, ${grim} -g "$(${slurp} -d)" ~/Pictures/$(date +'%s_grim.png')''
"$mainMod, SPACE, exec, ${rofi} -modi drun -show drun -config ~/.config/rofi/rofidmenu.rasi"
" , XF86MonBrightnessUp, exec, ${brightnessctl} s +5%"
" , XF86MonBrightnessDown, exec, ${brightnessctl} s 5%-"
" , XF86AudioPlay, exec, ${playerctl} play-pause"
" , XF86AudioNext, exec, ${playerctl} next"
" , XF86AudioPrev, exec, ${playerctl} previous"
"$mainMod, P, pseudo" # dwindle
"$mainMod, J, togglesplit" # dwindle
# Move focus with mainMod + arrow keys
"$mainMod, left, movefocus, l"
"$mainMod, right, movefocus, r"
"$mainMod, up, movefocus, u"
"$mainMod, down, movefocus, d"
"$mainMod SHIFT, left, resizeactive, -30 0"
"$mainMod SHIFT, right, resizeactive, 30 0"
"$mainMod SHIFT, up, resizeactive, 0 -30"
"$mainMod SHIFT, down, resizeactive, 0 30"
bind =
let
rofi = "${pkgs.rofi-wayland}/bin/rofi";
kitty = "${pkgs.kitty}/bin/kitty";
#dolphin = "${pkgs.dolphin}/bin/dolphin";
thunar = "${pkgs.xfce.thunar}/bin/thunar";
wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";
wl-paste = "${pkgs.wl-clipboard}/bin/wl-paste";
grim = "${pkgs.grim}/bin/grim";
slurp = "${pkgs.slurp}/bin/slurp";
swww = "${pkgs.swww}/bin/swww";
pdfgrep = "${pkgs.pdfgrep}/bin/pdfgrep";
brightnessctl = "${pkgs.brightnessctl}/bin/brightnessctl";
#swaylock = "${pkgs.swaylock}/bin/swaylock";
hyprlock = "${pkgs.hyprlock}/bin/hyprlock";
playerctl = "${pkgs.playerctl}/bin/playerctl";
in
[
"$mainMod, Q, exec, ${kitty}"
"$mainMod, C, killactive"
#"$mainMod, L, exec, ${swaylock} -f -c 000000"
"$mainMod, L, exec, ${hyprlock}"
"$mainMod, M, exit,"
"$mainMod, E, exec, ${thunar}"
"$mainMod, F, fullscreen"
"$mainMod, V, togglefloating"
"$mainMod, I, exec, ${rofi} -show drun -show-icons"
''
$mainMod, S, exec, cat ~/songs | shuf -n 1 | sed "s/^/b.p /g" | ${wl-copy}''
"$mainMod, R, exec, ${swww} img $(ls -d /synced/default/dinge/Bg/* | shuf -n 1)"
"$mainMod, W, exec, ${swww} img ${config.stylix.image}"
" , Print, exec, ${grim} -g \"$(${slurp} -d)\" - | ${wl-copy}"
''
$mainMod, Print, exec, ${grim} -g "$(${slurp} -d)" /tmp/$(date +'%s_grim.png')''
''
Shift_L, Print, exec, ${grim} -g "$(${slurp} -d)" ~/Pictures/$(date +'%s_grim.png')''
"$mainMod, SPACE, exec, ${rofi} -modi drun -show drun -config ~/.config/rofi/rofidmenu.rasi"
" , XF86MonBrightnessUp, exec, ${brightnessctl} s +5%"
" , XF86MonBrightnessDown, exec, ${brightnessctl} s 5%-"
" , XF86AudioPlay, exec, ${playerctl} play-pause"
" , XF86AudioNext, exec, ${playerctl} next"
" , XF86AudioPrev, exec, ${playerctl} previous"
"$mainMod, P, pseudo" # dwindle
"$mainMod, J, togglesplit" # dwindle
# Move focus with mainMod + arrow keys
"$mainMod, left, movefocus, l"
"$mainMod, right, movefocus, r"
"$mainMod, up, movefocus, u"
"$mainMod, down, movefocus, d"
"$mainMod SHIFT, left, resizeactive, -30 0"
"$mainMod SHIFT, right, resizeactive, 30 0"
"$mainMod SHIFT, up, resizeactive, 0 -30"
"$mainMod SHIFT, down, resizeactive, 0 30"
# Switch workspaces with mainMod + [0-9]
"$mainMod, 1, workspace, 1"
"$mainMod, 2, workspace, 2"
"$mainMod, 3, workspace, 3"
"$mainMod, 4, workspace, 4"
"$mainMod, 5, workspace, 5"
"$mainMod, 6, workspace, 6"
"$mainMod, 7, workspace, 7"
"$mainMod, 8, workspace, 8"
"$mainMod, 9, workspace, 9"
"$mainMod, 0, workspace, 10"
# Switch workspaces with mainMod + [0-9]
"$mainMod, 1, workspace, 1"
"$mainMod, 2, workspace, 2"
"$mainMod, 3, workspace, 3"
"$mainMod, 4, workspace, 4"
"$mainMod, 5, workspace, 5"
"$mainMod, 6, workspace, 6"
"$mainMod, 7, workspace, 7"
"$mainMod, 8, workspace, 8"
"$mainMod, 9, workspace, 9"
"$mainMod, 0, workspace, 10"
# Move active window to a workspace with mainMod + SHIFT + [0-9]
"$mainMod SHIFT, 1, movetoworkspace, 1"
"$mainMod SHIFT, 2, movetoworkspace, 2"
"$mainMod SHIFT, 3, movetoworkspace, 3"
"$mainMod SHIFT, 4, movetoworkspace, 4"
"$mainMod SHIFT, 5, movetoworkspace, 5"
"$mainMod SHIFT, 6, movetoworkspace, 6"
"$mainMod SHIFT, 7, movetoworkspace, 7"
"$mainMod SHIFT, 8, movetoworkspace, 8"
"$mainMod SHIFT, 9, movetoworkspace, 9"
"$mainMod SHIFT, 0, movetoworkspace, 10"
# Move active window to a workspace with mainMod + SHIFT + [0-9]
"$mainMod SHIFT, 1, movetoworkspace, 1"
"$mainMod SHIFT, 2, movetoworkspace, 2"
"$mainMod SHIFT, 3, movetoworkspace, 3"
"$mainMod SHIFT, 4, movetoworkspace, 4"
"$mainMod SHIFT, 5, movetoworkspace, 5"
"$mainMod SHIFT, 6, movetoworkspace, 6"
"$mainMod SHIFT, 7, movetoworkspace, 7"
"$mainMod SHIFT, 8, movetoworkspace, 8"
"$mainMod SHIFT, 9, movetoworkspace, 9"
"$mainMod SHIFT, 0, movetoworkspace, 10"
# Scroll through existing workspaces with mainMod + scroll
"$mainMod, mouse_down, workspace, e+1"
"$mainMod, mouse_up, workspace, e-1"
# Scroll through existing workspaces with mainMod + scroll
"$mainMod, mouse_down, workspace, e+1"
"$mainMod, mouse_up, workspace, e-1"
# "ALT, Tab, cyclenext,"
# "ALT, Tab, bringactivetotop,"
];
# "ALT, Tab, cyclenext,"
# "ALT, Tab, bringactivetotop,"
];
bindm = [
# Move/resize windows with mainMod + LMB/RMB and dragging
@@ -318,44 +322,46 @@ in {
"xrandr --monitor ${monitor1} --primary"
];
};
extraConfig = let
wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";
wl-paste = "${pkgs.wl-clipboard}/bin/wl-paste";
dunstify = "${pkgs.dunst}/bin/dunstify";
dunstctl = "${pkgs.dunst}/bin/dunstctl";
pdfgrep = "${pkgs.pdfgrep}/bin/pdfgrep --cache";
path = "/synced/fh/os-hardening/**/slides";
in ''
bind = $mainMod, A, submap, notes
extraConfig =
let
wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";
wl-paste = "${pkgs.wl-clipboard}/bin/wl-paste";
dunstify = "${pkgs.dunst}/bin/dunstify";
dunstctl = "${pkgs.dunst}/bin/dunstctl";
pdfgrep = "${pkgs.pdfgrep}/bin/pdfgrep --cache";
path = "/synced/fh/os-hardening/**/slides";
in
''
bind = $mainMod, A, submap, notes
submap = notes
# below
bind = $mainMod, B, exec, ${wl-paste} | xargs -I {} ${pdfgrep} -B 15 -h -i "{}" ${path}/*.pdf | sed 's/[ \t]*$//' | ${wl-copy}
# above
bind = $mainMod, A, exec, ${wl-paste} | xargs -I {} ${pdfgrep} -A 15 -h -i "{}" ${path}/*.pdf | sed 's/[ \t]*$//' | ${wl-copy}
# context
bind = $mainMod, C, exec, ${wl-paste} | xargs -I {} ${pdfgrep} -C 15 -h -i "{}" ${path}/*.pdf | sed 's/[ \t]*$//' | ${wl-copy}
# trim
bind = $mainMod, T, exec, ${wl-paste} | sed 's/[ \t]*$//' | sed 's/^[ \t]*//' | sed '/^[[:space:]]*$/d' | ${wl-copy}
bind = $mainMod, N, exec, ${dunstify} "$(${wl-paste})"
bind = $mainMod, D, exec, ${dunstctl} close-all
# I win
bind = $mainMod, P, exec, ${wl-paste} | sgpt --model="gpt-4o" "Respond with the correct answer to the following question." | ${wl-copy}
# notes
submap = notes
# below
bind = $mainMod, B, exec, ${wl-paste} | xargs -I {} ${pdfgrep} -B 15 -h -i "{}" ${path}/*.pdf | sed 's/[ \t]*$//' | ${wl-copy}
# above
bind = $mainMod, A, exec, ${wl-paste} | xargs -I {} ${pdfgrep} -A 15 -h -i "{}" ${path}/*.pdf | sed 's/[ \t]*$//' | ${wl-copy}
# context
bind = $mainMod, C, exec, ${wl-paste} | xargs -I {} ${pdfgrep} -C 15 -h -i "{}" ${path}/*.pdf | sed 's/[ \t]*$//' | ${wl-copy}
# trim
bind = $mainMod, T, exec, ${wl-paste} | sed 's/[ \t]*$//' | sed 's/^[ \t]*//' | sed '/^[[:space:]]*$/d' | ${wl-copy}
bind = $mainMod, N, exec, ${dunstify} "$(${wl-paste})"
bind = $mainMod, D, exec, ${dunstctl} close-all
# I win
bind = $mainMod, P, exec, ${wl-paste} | sgpt --model="gpt-4o" "Respond with the correct answer to the following question." | ${wl-copy}
# notes
bind = $mainMod, 2, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 3, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 4, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 5, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 6, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 7, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 8, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 0, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 2, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 3, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 4, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 5, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 6, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 7, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 8, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = $mainMod, 0, exec, cat ~/Nextcloud/test.txt | ${wl-copy}
bind = , escape, submap, reset
submap = reset
bind = , escape, submap, reset
submap = reset
'';
'';
#experimental:explicit_sync = true
};
};

26
home-manager/hyprland/hyprland-xwaylandvideobridge.nix
View File

@@ -1,22 +1,22 @@
{ config, osConfig, pkgs, inputs, lib, ... }:
with lib;
let
cfg = osConfig.custom.graphical.hyprland.videobridge;
cfg = osConfig.custom.graphical.hyprland.videobridge;
in
{
config = lib.mkIf cfg.enable {
wayland.windowManager.hyprland.settings.windowrulev2 = [
"opacity 0.0 override 0.0 override,class:^(xwaylandvideobridge)$"
"noanim,class:^(xwaylandvideobridge)$"
"noinitialfocus,class:^(xwaylandvideobridge)$"
"maxsize 1 1,class:^(xwaylandvideobridge)$"
"noblur,class:^(xwaylandvideobridge)$"
];
wayland.windowManager.hyprland.settings.windowrulev2 = [
"opacity 0.0 override 0.0 override,class:^(xwaylandvideobridge)$"
"noanim,class:^(xwaylandvideobridge)$"
"noinitialfocus,class:^(xwaylandvideobridge)$"
"maxsize 1 1,class:^(xwaylandvideobridge)$"
"noblur,class:^(xwaylandvideobridge)$"
];
systemd.user.services.xwaylandvideobridge = {
Unit.Description = "XWaylandVideoBridge";
Service.ExecStart = lib.getExe pkgs.unstable.xwaylandvideobridge;
Install.WantedBy = ["graphical-session.target"];
};
systemd.user.services.xwaylandvideobridge = {
Unit.Description = "XWaylandVideoBridge";
Service.ExecStart = lib.getExe pkgs.unstable.xwaylandvideobridge;
Install.WantedBy = [ "graphical-session.target" ];
};
};
}

448
home-manager/hyprland/waybar.nix
View File

@@ -2,239 +2,241 @@
with lib;
let cfg = osConfig.custom.graphical.hyprland;
in {
config = let
# styles from https://github.com/khaneliman/khanelinix/blob/8375f8cfbe5bfd87565b4dc34c9d30630c17336d/modules/home/desktop/addons/waybar/default.nix
base16 = config.stylix.base16Scheme;
readAndReplace = path: replace: builtins.readFile (pkgs.replaceVars path replace);
# base 1, 7, 0
#theme = readAndReplace ./styles/theme.css { BASE="#5c4133"; BORDER="#fef1de"; TEXT="#dab353";};
theme = builtins.readFile ./styles/theme.css;
style = builtins.readFile ./styles/style.css;
notificationsStyle = builtins.readFile ./styles/notifications.css;
powerStyle = builtins.readFile ./styles/power.css;
statsStyle = builtins.readFile ./styles/stats.css;
workspacesStyle = builtins.readFile ./styles/workspaces.css;
in lib.mkIf cfg.enable {
config =
let
# styles from https://github.com/khaneliman/khanelinix/blob/8375f8cfbe5bfd87565b4dc34c9d30630c17336d/modules/home/desktop/addons/waybar/default.nix
base16 = config.stylix.base16Scheme;
readAndReplace = path: replace: builtins.readFile (pkgs.replaceVars path replace);
# base 1, 7, 0
#theme = readAndReplace ./styles/theme.css { BASE="#5c4133"; BORDER="#fef1de"; TEXT="#dab353";};
theme = builtins.readFile ./styles/theme.css;
style = builtins.readFile ./styles/style.css;
notificationsStyle = builtins.readFile ./styles/notifications.css;
powerStyle = builtins.readFile ./styles/power.css;
statsStyle = builtins.readFile ./styles/stats.css;
workspacesStyle = builtins.readFile ./styles/workspaces.css;
in
lib.mkIf cfg.enable {
home.file.".config/waybar" = {
recursive = true;
source = ../../.config/waybar;
};
programs.waybar = {
enable = true;
#systemd.enable = true;
#systemd.target = "sway-session.target";
settings.main = {
layer = "top";
position = "bottom";
#output = lib.mapAttrsToList (n: v: v.monitor) outputs;
height = 25;
spacing = 4;
modules-left = [
"hyprland/workspaces"
#"hyprland/window"
];
modules-center = [ ];
modules-right = [ "group/stats" "group/other" ];
"group/stats" = {
"orientation" = "horizontal";
"modules" = [ "network" "cpu" "memory" "temperature" ]
home.file.".config/waybar" = {
recursive = true;
source = ../../.config/waybar;
};
programs.waybar = {
enable = true;
#systemd.enable = true;
#systemd.target = "sway-session.target";
settings.main = {
layer = "top";
position = "bottom";
#output = lib.mapAttrsToList (n: v: v.monitor) outputs;
height = 25;
spacing = 4;
modules-left = [
"hyprland/workspaces"
#"hyprland/window"
];
modules-center = [ ];
modules-right = [ "group/stats" "group/other" ];
"group/stats" = {
"orientation" = "horizontal";
"modules" = [ "network" "cpu" "memory" "temperature" ]
++ lib.optionals osConfig.custom.hardware.nvidia.enable [ "custom/nvidia" ]
++ lib.optionals osConfig.custom.hardware.amd-gpu.enable [ "custom/amd-gpu" ];
};
"group/other" = {
"orientation" = "horizontal";
"modules" =
[ "tray" "backlight" "pulseaudio" "mpris" "battery" "clock" ];
};
"cpu" = {
"format" = " {usage}%";
"tooltip" = true;
};
"disk" = { "format" = " {percentage_used}%"; };
"memory" = { "format" = "󰍛 {}%"; };
"idle_inhibitor" = {
"format" = "{icon} ";
"format-icons" = {
"activated" = "";
"deactivated" = "";
};
};
"keyboard-state" = {
"numlock" = true;
"capslock" = true;
"format" = "{icon} {name}";
"format-icons" = {
"locked" = "";
"unlocked" = "";
"group/other" = {
"orientation" = "horizontal";
"modules" =
[ "tray" "backlight" "pulseaudio" "mpris" "battery" "clock" ];
};
};
"network" = {
"interval" = 2;
"format-wifi" = " 󰜮 {bandwidthDownBytes} 󰜷 {bandwidthUpBytes}";
"format-ethernet" = "󰈀 󰜮 {bandwidthDownBytes} 󰜷 {bandwidthUpBytes}";
"tooltip-format" = " {ifname} via {gwaddr}";
"format-linked" = "󰈁 {ifname} (No IP)";
"format-disconnected" = " Disconnected";
"format-alt" = "{ifname}: {ipaddr}/{cidr}";
};
"pulseaudio" = {
"format" = "{volume}% {icon}";
"format-bluetooth" = "{volume}% {icon}";
"format-muted" = "";
"format-icons" = {
"headphone" = " ";
"hands-free" = " ";
"headset" = " ";
"phone" = "";
"portable" = "";
"car" = "";
"default" = [ "" "" ];
"cpu" = {
"format" = " {usage}%";
"tooltip" = true;
};
"scroll-step" = 1;
"on-click" = "${pkgs.pavucontrol}/bin/pavucontrol";
"ignored-sinks" = [ "Easy Effects Sink" ];
};
"disk" = { "format" = " {percentage_used}%"; };
"memory" = { "format" = "󰍛 {}%"; };
"pulseaudio/slider" = {
"min" = 0;
"max" = 100;
"orientation" = "horizontal";
};
"temperature".critical-threshold = 80;
"temperature".format = "{temperatureC}°C ";
"temperature".interval = 5;
"temperature".hwmon-path =
lib.mkIf (osConfig.networking.hostName == "nix-laptop")
"/sys/class/hwmon/hwmon6/temp1_input";
"backlight".format = "{percent}% {icon}";
"backlight".states = [ 0 50 ];
"backlight".format-icons = [ "" "" ];
"battery".states.good = 95;
"battery".interval = 5;
"battery".states.warning = 30;
"battery".states.critical = 15;
"battery".format = "{capacity}% / {power:.2}W {icon}";
"battery".format-icons = [ "" "" "" "" "" ];
"clock" = {
format = "{:%F %H:%M}";
tooltip-format = "<tt><small>{calendar}</small></tt>";
"calendar" = {
"mode" = "year";
"mode-mon-col" = 3;
"weeks-pos" = "right";
"on-scroll" = 1;
"format" = {
"months" = "<span color='#ffead3'><b>{}</b></span>";
"days" = "<span color='#ecc6d9'><b>{}</b></span>";
"weeks" = "<span color='#99ffdd'><b>W{}</b></span>";
"weekdays" = "<span color='#ffcc66'><b>{}</b></span>";
"today" = "<span color='#ff6699'><b><u>{}</u></b></span>";
"idle_inhibitor" = {
"format" = "{icon} ";
"format-icons" = {
"activated" = "";
"deactivated" = "";
};
};
"keyboard-state" = {
"numlock" = true;
"capslock" = true;
"format" = "{icon} {name}";
"format-icons" = {
"locked" = "";
"unlocked" = "";
};
};
"network" = {
"interval" = 2;
"format-wifi" = " 󰜮 {bandwidthDownBytes} 󰜷 {bandwidthUpBytes}";
"format-ethernet" = "󰈀 󰜮 {bandwidthDownBytes} 󰜷 {bandwidthUpBytes}";
"tooltip-format" = " {ifname} via {gwaddr}";
"format-linked" = "󰈁 {ifname} (No IP)";
"format-disconnected" = " Disconnected";
"format-alt" = "{ifname}: {ipaddr}/{cidr}";
};
"pulseaudio" = {
"format" = "{volume}% {icon}";
"format-bluetooth" = "{volume}% {icon}";
"format-muted" = "";
"format-icons" = {
"headphone" = " ";
"hands-free" = " ";
"headset" = " ";
"phone" = "";
"portable" = "";
"car" = "";
"default" = [ "" "" ];
};
"scroll-step" = 1;
"on-click" = "${pkgs.pavucontrol}/bin/pavucontrol";
"ignored-sinks" = [ "Easy Effects Sink" ];
};
"pulseaudio/slider" = {
"min" = 0;
"max" = 100;
"orientation" = "horizontal";
};
"temperature".critical-threshold = 80;
"temperature".format = "{temperatureC}°C ";
"temperature".interval = 5;
"temperature".hwmon-path =
lib.mkIf (osConfig.networking.hostName == "nix-laptop")
"/sys/class/hwmon/hwmon6/temp1_input";
"backlight".format = "{percent}% {icon}";
"backlight".states = [ 0 50 ];
"backlight".format-icons = [ "" "" ];
"battery".states.good = 95;
"battery".interval = 5;
"battery".states.warning = 30;
"battery".states.critical = 15;
"battery".format = "{capacity}% / {power:.2}W {icon}";
"battery".format-icons = [ "" "" "" "" "" ];
"clock" = {
format = "{:%F %H:%M}";
tooltip-format = "<tt><small>{calendar}</small></tt>";
"calendar" = {
"mode" = "year";
"mode-mon-col" = 3;
"weeks-pos" = "right";
"on-scroll" = 1;
"format" = {
"months" = "<span color='#ffead3'><b>{}</b></span>";
"days" = "<span color='#ecc6d9'><b>{}</b></span>";
"weeks" = "<span color='#99ffdd'><b>W{}</b></span>";
"weekdays" = "<span color='#ffcc66'><b>{}</b></span>";
"today" = "<span color='#ff6699'><b><u>{}</u></b></span>";
};
};
};
"mpris" = {
"format" = "{player_icon} {dynamic}";
"format-paused" = "{status_icon} <i>{dynamic}</i>";
"title-len" = 35;
"dynamic-len" = 35;
"player-icons" = {
"default" = "";
"mpv" = "🎵";
};
"status-icons" = { "paused" = ""; };
};
"custom/nvidia" = {
"format" = "{}";
"interval" = 5;
"exec" = "~/.config/waybar/nvidia.sh";
"exec-if" = "nvidia-smi";
};
"custom/amd-gpu" = {
"format" = "{}";
"interval" = 5;
"exec" = "~/.config/waybar/amd-gpu.sh";
};
"tray".icon-size = 21;
"tray".spacing = 10;
"hyprland/window" = {
"format" = "{}";
"separate-outputs" = true;
};
"hyprland/workspaces" = {
"disable-scroll" = true;
"all-outputs" = false;
"active-only" = false;
"on-click" = "activate";
"format" = "{icon} {windows}";
"format-icons" = {
"1" = "󰎤";
"2" = "󰎧";
"3" = "󰎪";
"4" = "󰎭";
"5" = "󰎱";
"6" = "󰎳";
"7" = "󰎶";
"8" = "󰎹";
"9" = "󰎼";
"10" = "󰽽";
"urgent" = "󱨇";
"default" = "";
"empty" = "󱓼";
};
# "format-window-separator" = "->";
"window-rewrite-default" = "";
"window-rewrite" = {
"class<org.keepassxc.KeePassXC>" = "󰢁";
"class<Caprine>" = "󰈎";
"class<Github Desktop>" = "󰊤";
"class<Godot>" = "";
"class<Mysql-workbench-bin>" = "";
"class<Slack>" = "󰒱";
"class<code>" = "󰨞";
"class<codium>" = "󰨞";
"code-url-handler" = "󰨞";
"class<discord>" = "󰙯";
"class<firefox>" = "";
"class<firefox-beta>" = "";
"class<firefox-developer-edition>" = "";
"class<firefox> title<.*github.*>" = "";
"class<firefox> title<.*twitch|youtube|plex|tntdrama|bally sports.*>" =
"";
"class<kitty>" = "";
"class<org.wezfurlong.wezterm>" = "";
"class<mediainfo-gui>" = "󱂷";
"class<org.kde.digikam>" = "󰄄";
"class<org.telegram.desktop>" = "";
"class<.pitivi-wrapped>" = "󱄢";
"class<steam>" = "";
"class<thunderbird>" = "";
"class<virt-manager>" = "󰢹";
"class<vlc>" = "󰕼";
"class<thunar>" = "󰉋";
"class<org.gnome.Nautilus>" = "󰉋";
"class<Spotify>" = "";
"title<Spotify Free>" = "";
"class<libreoffice-draw>" = "󰽉";
"class<libreoffice-writer>" = "";
"class<libreoffice-calc>" = "󱎏";
"class<libreoffice-impress>" = "󱎐";
"class<teams-for-linux>" = "󰊻";
"class<org.prismlauncher.PrismLauncher>" = "󰍳";
"class<minecraft-launcher>" = "󰍳";
"class<Postman>" = "󰛮";
"class<jetbrains-idea>" = "";
"class<Logseq>" = "";
"class<brave-browser>" = "";
};
};
};
"mpris" = {
"format" = "{player_icon} {dynamic}";
"format-paused" = "{status_icon} <i>{dynamic}</i>";
"title-len" = 35;
"dynamic-len" = 35;
"player-icons" = {
"default" = "";
"mpv" = "🎵";
};
"status-icons" = { "paused" = ""; };
};
"custom/nvidia" = {
"format" = "{}";
"interval" = 5;
"exec" = "~/.config/waybar/nvidia.sh";
"exec-if" = "nvidia-smi";
};
"custom/amd-gpu" = {
"format" = "{}";
"interval" = 5;
"exec" = "~/.config/waybar/amd-gpu.sh";
};
"tray".icon-size = 21;
"tray".spacing = 10;
"hyprland/window" = {
"format" = "{}";
"separate-outputs" = true;
};
"hyprland/workspaces" = {
"disable-scroll" = true;
"all-outputs" = false;
"active-only" = false;
"on-click" = "activate";
"format" = "{icon} {windows}";
"format-icons" = {
"1" = "󰎤";
"2" = "󰎧";
"3" = "󰎪";
"4" = "󰎭";
"5" = "󰎱";
"6" = "󰎳";
"7" = "󰎶";
"8" = "󰎹";
"9" = "󰎼";
"10" = "󰽽";
"urgent" = "󱨇";
"default" = "";
"empty" = "󱓼";
};
# "format-window-separator" = "->";
"window-rewrite-default" = "";
"window-rewrite" = {
"class<org.keepassxc.KeePassXC>" = "󰢁";
"class<Caprine>" = "󰈎";
"class<Github Desktop>" = "󰊤";
"class<Godot>" = "";
"class<Mysql-workbench-bin>" = "";
"class<Slack>" = "󰒱";
"class<code>" = "󰨞";
"class<codium>" = "󰨞";
"code-url-handler" = "󰨞";
"class<discord>" = "󰙯";
"class<firefox>" = "";
"class<firefox-beta>" = "";
"class<firefox-developer-edition>" = "";
"class<firefox> title<.*github.*>" = "";
"class<firefox> title<.*twitch|youtube|plex|tntdrama|bally sports.*>" =
"";
"class<kitty>" = "";
"class<org.wezfurlong.wezterm>" = "";
"class<mediainfo-gui>" = "󱂷";
"class<org.kde.digikam>" = "󰄄";
"class<org.telegram.desktop>" = "";
"class<.pitivi-wrapped>" = "󱄢";
"class<steam>" = "";
"class<thunderbird>" = "";
"class<virt-manager>" = "󰢹";
"class<vlc>" = "󰕼";
"class<thunar>" = "󰉋";
"class<org.gnome.Nautilus>" = "󰉋";
"class<Spotify>" = "";
"title<Spotify Free>" = "";
"class<libreoffice-draw>" = "󰽉";
"class<libreoffice-writer>" = "";
"class<libreoffice-calc>" = "󱎏";
"class<libreoffice-impress>" = "󱎐";
"class<teams-for-linux>" = "󰊻";
"class<org.prismlauncher.PrismLauncher>" = "󰍳";
"class<minecraft-launcher>" = "󰍳";
"class<Postman>" = "󰛮";
"class<jetbrains-idea>" = "";
"class<Logseq>" = "";
"class<brave-browser>" = "";
};
};
style =
"${theme}${style}${notificationsStyle}${powerStyle}${statsStyle}${workspacesStyle}";
};
style =
"${theme}${style}${notificationsStyle}${powerStyle}${statsStyle}${workspacesStyle}";
};
};
}

61
home-manager/i3.nix
View File

@@ -56,8 +56,8 @@ in {
modules-left = "i3 xwindow";
modules-center = "";
modules-right = [ "music network memory cpu cpu-wattage cpu-temp" ]
++ lib.optionals osConfig.custom.hardware.nvidia.enable [ "nvidia-gpu" ]
++ lib.optionals osConfig.custom.hardware.amd-gpu.enable [ "amd-gpu" ]
++ lib.optionals osConfig.custom.hardware.nvidia.enable [ "nvidia-gpu" ]
++ lib.optionals osConfig.custom.hardware.amd-gpu.enable [ "amd-gpu" ]
++ [ "pulseaudio date tray" ];
cursor-click = "pointer";
cursor-scroll = "ns-resize";
@@ -68,33 +68,34 @@ in {
# wm-restack = "i3";
# override-redirect = true;
};
"module/i3" = let padding = 2;
in {
type = "internal/i3";
pin-workspaces = true;
show-urgent = true;
strip-wsnumbers = true;
index-sort = true;
enable-click = true;
wrapping-scroll = true;
fuzzy-match = true;
format = "<label-state> <label-mode>";
label-focused = "%name%";
label-focused-foreground = config.stylix.base16Scheme.base01;
label-focused-background = config.stylix.base16Scheme.base05;
label-focused-underline = config.stylix.base16Scheme.base03;
label-focused-padding = padding;
label-unfocused = "%name%";
label-unfocused-padding = padding;
label-visible = "%name%";
label-visible-underline = config.stylix.base16Scheme.base01;
label-visible-padding = padding;
label-urgent = "%name%";
label-urgent-foreground = config.stylix.base16Scheme.base00;
label-urgent-background = config.stylix.base16Scheme.base08;
label-urgent-underline = config.stylix.base16Scheme.base0F;
label-urgent-padding = padding;
};
"module/i3" =
let padding = 2;
in {
type = "internal/i3";
pin-workspaces = true;
show-urgent = true;
strip-wsnumbers = true;
index-sort = true;
enable-click = true;
wrapping-scroll = true;
fuzzy-match = true;
format = "<label-state> <label-mode>";
label-focused = "%name%";
label-focused-foreground = config.stylix.base16Scheme.base01;
label-focused-background = config.stylix.base16Scheme.base05;
label-focused-underline = config.stylix.base16Scheme.base03;
label-focused-padding = padding;
label-unfocused = "%name%";
label-unfocused-padding = padding;
label-visible = "%name%";
label-visible-underline = config.stylix.base16Scheme.base01;
label-visible-padding = padding;
label-urgent = "%name%";
label-urgent-foreground = config.stylix.base16Scheme.base00;
label-urgent-background = config.stylix.base16Scheme.base08;
label-urgent-underline = config.stylix.base16Scheme.base0F;
label-urgent-padding = padding;
};
"module/xworkspaces" = {
type = "internal/xworkspaces";
label-active = "%name%";
@@ -198,7 +199,7 @@ in {
};
"module/amd-gpu" = {
type = "custom/script";
format-foreground = "ed1c24";
format-foreground = "ed1c24";
label = "%output:0:35:...%";
exec = "~/.config/polybar/amd-gpu.sh";
interval = 3;

82
home-manager/kde-path.nix
View File

@@ -1,47 +1,47 @@
{ config, ... }:
{
home.file."path.sh" = {
enable = true;
recursive = true;
executable = true;
text = ''
#!/usr/bin/env sh
if [ "$XDG_SESSION_TYPE" = "wayland" ]; then
export MOZ_DBUS_REMOTE="1"
export KITTY_ENABLE_WAYLAND="1"
export _JAVA_AWT_WM_NONREPARENTING="1"
export MOZ_ENABLE_WAYLAND="1"
export WLR_NO_HARDWARE_CURSORS="1"
export NIXOS_OZONE_WL="1"
home.file."path.sh" = {
enable = true;
recursive = true;
executable = true;
text = ''
#!/usr/bin/env sh
if [ "$XDG_SESSION_TYPE" = "wayland" ]; then
export MOZ_DBUS_REMOTE="1"
export KITTY_ENABLE_WAYLAND="1"
export _JAVA_AWT_WM_NONREPARENTING="1"
export MOZ_ENABLE_WAYLAND="1"
export WLR_NO_HARDWARE_CURSORS="1"
export NIXOS_OZONE_WL="1"
export LIBVA_DRIVER_NAME="nvidia"
export __GLX_VENDOR_LIBRARY_NAME="nvidia"
export GBM_BACKEND="nvidia-drm"
export LIBVA_DRIVER_NAME="nvidia"
export __GLX_VENDOR_LIBRARY_NAME="nvidia"
export GBM_BACKEND="nvidia-drm"
export XDG_SESSION_TYPE="wayland"
export QT_QPA_PLATFORM="wayland;xcb"
export ELECTRON_OZONE_PLATFORM_HINT="wayland"
fi
'';
target = ".config/plasma-workspace/env/path.sh";
};
# home.file."path.desktop" = {
# enable = true;
# recursive = true;
# executable = true;
# text = ''
# [Desktop Entry]
# Type=Application
# Exec=${config.xdg.configHome}/autostart/path.sh
# Hidden=false
# NoDisplay=false
# X-GNOME-Autostart-enabled=true
# Name[en_US]=Login Script
# Name=Login Script
# Comment[en_US]=Launches login script and sets environment variables
# Comment=Launches login script and sets environment variables
# '';
# target = ".config/autostart/path.desktop";
# };
export XDG_SESSION_TYPE="wayland"
export QT_QPA_PLATFORM="wayland;xcb"
export ELECTRON_OZONE_PLATFORM_HINT="wayland"
fi
'';
target = ".config/plasma-workspace/env/path.sh";
};
# home.file."path.desktop" = {
# enable = true;
# recursive = true;
# executable = true;
# text = ''
# [Desktop Entry]
# Type=Application
# Exec=${config.xdg.configHome}/autostart/path.sh
# Hidden=false
# NoDisplay=false
# X-GNOME-Autostart-enabled=true
# Name[en_US]=Login Script
# Name=Login Script
# Comment[en_US]=Launches login script and sets environment variables
# Comment=Launches login script and sets environment variables
# '';
# target = ".config/autostart/path.desktop";
# };
}

2
home-manager/kitty.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, lib, ...}:
{ config, pkgs, inputs, lib, ... }:
{
programs.kitty = {
enable = true;

28
home-manager/lf.nix
View File

@@ -1,16 +1,16 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
programs.lf = {
enable = true;
previewer.source = pkgs.writeShellScript "pv.sh" ''
#!/bin/sh
case "$(${pkgs.file}/bin/file -Lb --mime-type -- "$1")" in
#image/*|video/*) ${pkgs.chafa}/bin/chafa -f sixel -s "$2x$3" --animate false $1;;
application/x-tar) tar tf "$1";;
application/vnd.rar) ${pkgs.p7zip}/bin/7z l "$1";;
application/x-7z-compressed) ${pkgs.p7zip}/bin/7z l "$1";;
*) ${pkgs.ctpv}/bin/ctpv "$1";;
esac
'';
};
programs.lf = {
enable = true;
previewer.source = pkgs.writeShellScript "pv.sh" ''
#!/bin/sh
case "$(${pkgs.file}/bin/file -Lb --mime-type -- "$1")" in
#image/*|video/*) ${pkgs.chafa}/bin/chafa -f sixel -s "$2x$3" --animate false $1;;
application/x-tar) tar tf "$1";;
application/vnd.rar) ${pkgs.p7zip}/bin/7z l "$1";;
application/x-7z-compressed) ${pkgs.p7zip}/bin/7z l "$1";;
*) ${pkgs.ctpv}/bin/ctpv "$1";;
esac
'';
};
}

2
home-manager/mpv.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
programs.mpv = {
enable = true;

4
home-manager/nixvim/auto-pairs.nix
View File

@@ -1,3 +1,3 @@
{
plugins.nvim-autopairs = { enable = true; };
{
plugins.nvim-autopairs = { enable = true; };
}

2
home-manager/nixvim/config.nix
View File

@@ -1,4 +1,4 @@
{lib, pkgs, ...}:
{ lib, pkgs, ... }:
{
enable = true;
viAlias = true;

3
home-manager/nixvim/default.nix
View File

@@ -30,7 +30,8 @@ let
];
merged =
builtins.foldl' (acc: elem: lib.recursiveUpdate acc elem) { } configs;
in {
in
{
home.sessionVariables = { EDITOR = "nvim"; };
programs.nixvim = merged;
}

2
home-manager/nixvim/images.nix
View File

@@ -1,4 +1,4 @@
{pkgs, ...}:
{ pkgs, ... }:
{
plugins = {
image.enable = true;

15
home-manager/nixvim/lsp.nix
View File

@@ -1,19 +1,28 @@
{pkgs, ...}:
{ pkgs, ... }:
{
plugins = {
otter = { # provide lsp functionality for code embedded in other languages
otter = {
# provide lsp functionality for code embedded in other languages
enable = true;
settings.handle_leading_whitespace = true;
};
lsp = {
enable = true;
inlayHints = true;
servers = {
bashls.enable = true;
#ccls.enable = true;
clangd.enable = true;
cssls.enable = true;
gopls.enable = true;
nixd.enable = true;
nixd = {
enable = true;
settings = {
nixpkgs.expr = ''import <nixpkgs> { }'';
formatting.command = [ "nixpkgs-fmt" ];
options.nixos.expr = ''(builtins.getFlake ("/home/kopatz/projects/github/nix-config")).nixosConfigurations.kop-pc.options'';
};
};
html.enable = true;
dartls.enable = true;
ts_ls.enable = true;

2
home-manager/nixvim/none-ls.nix
View File

@@ -10,7 +10,7 @@
fantomas.enable = true;
gofmt.enable = true;
goimports.enable = true;
nixfmt.enable = true;
#nixfmt.enable = true;
markdownlint.enable = true;
shellharden.enable = true;
shfmt.enable = true;

5
home-manager/nixvim/which_key.nix
View File

@@ -1,5 +1,6 @@
{
{
opts = {
timeoutlen = 500;
};
plugins.which-key = { enable = true; }; }
plugins.which-key = { enable = true; };
}

44
home-manager/nvim.nix
View File

@@ -1,24 +1,24 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
home.file.".config/nvim" = {
enable = true;
recursive = true;
source = ../.config/nvim;
target = ".config/nvim";
};
programs.neovim = {
enable = true;
defaultEditor = true;
extraPackages = with pkgs; [
gcc
ripgrep
fd
cmake
pyright
nodePackages.eslint
ccls
nodejs_22
go
];
};
home.file.".config/nvim" = {
enable = true;
recursive = true;
source = ../.config/nvim;
target = ".config/nvim";
};
programs.neovim = {
enable = true;
defaultEditor = true;
extraPackages = with pkgs; [
gcc
ripgrep
fd
cmake
pyright
nodePackages.eslint
ccls
nodejs_22
go
];
};
}

6
home-manager/rofi/default.nix
View File

@@ -8,7 +8,8 @@ let
r = c."${color}-rgb-r";
g = c."${color}-rgb-g";
b = c."${color}-rgb-b";
in "rgba ( ${r}, ${g}, ${b}, ${opacity} % )";
in
"rgba ( ${r}, ${g}, ${b}, ${opacity} % )";
mkRgb = mkRgba "100";
rofiOpacity =
builtins.toString (builtins.ceil (config.stylix.opacity.popups * 100));
@@ -55,7 +56,8 @@ let
alternate-active-text = mkRgb "base0D";
alternate-urgent-text = mkRgb "base08";
};
in {
in
{
home.file.".config/rofi" = {
enable = true;
recursive = true;

8
home-manager/stylix.nix
View File

@@ -1,7 +1,9 @@
{ osConfig, pkgs, config, lib, ... }:
let cfg = osConfig.custom.graphical.stylix;
let
cfg = osConfig.custom.graphical.stylix;
base16 = config.stylix.base16Scheme;
in {
in
{
config = lib.mkIf cfg.enable {
stylix = {
enable = true;
@@ -17,7 +19,7 @@ in {
};
wayland.windowManager.hyprland.settings = lib.mkIf osConfig.custom.graphical.hyprland.enable {
env = ["GTK_THEME,adw-gtk3"];
env = [ "GTK_THEME,adw-gtk3" ];
general."col.active_border" = lib.mkForce "rgb(${base16.base07}) rgb(${base16.base04}) 45deg";
};
};

4
home-manager/theme.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
home = {
pointerCursor = {
@@ -10,7 +10,7 @@
};
gtk = {
enable = true;
theme = {
theme = {
name = "Tokyonight-Dark-BL";
package = pkgs.tokyo-night-gtk;
};

42
home-manager/themes/yorha/colors.nix
View File

@@ -1,23 +1,23 @@
{
slug = "yorha";
name = "yorha";
author = "flick0 (https://github.com/flick0)";
palette = {
base00 = "#1e1d1c";
base01 = "#A39D8F";
base02 = "#AFA899";
base03 = "#BBB4A5";
base04 = "#C3BCAB";
base05 = "#D2CCB9";
base06 = "#DBD5C2";
base07 = "#e8e5da";
base08 = "#a2a098";
base09 = "#A39D8F";
base10 = "#AFA899";
base11 = "#BBB4A5";
base12 = "#C3BCAB";
base13 = "#D2CCB9";
base14 = "#DBD5C2";
base15 = "#e8e5da";
};
slug = "yorha";
name = "yorha";
author = "flick0 (https://github.com/flick0)";
palette = {
base00 = "#1e1d1c";
base01 = "#A39D8F";
base02 = "#AFA899";
base03 = "#BBB4A5";
base04 = "#C3BCAB";
base05 = "#D2CCB9";
base06 = "#DBD5C2";
base07 = "#e8e5da";
base08 = "#a2a098";
base09 = "#A39D8F";
base10 = "#AFA899";
base11 = "#BBB4A5";
base12 = "#C3BCAB";
base13 = "#D2CCB9";
base14 = "#DBD5C2";
base15 = "#e8e5da";
};
}

6
modules/cron.nix
View File

@@ -1,5 +1,5 @@
{
services.cron = {
enable = true;
};
services.cron = {
enable = true;
};
}

54
modules/cursed-ssh-conf-for-3neo.nix
View File

@@ -1,40 +1,40 @@
{
services.openssh.enable = true;
services.openssh.extraConfig = ''
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
'';
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
'';
services.openssh.settings.Macs = [
"hmac-md5"
"hmac-md5"
];
services.openssh.settings.Ciphers = [
"3des-cbc"
"aes128-cbc"
"aes192-cbc"
"aes256-cbc"
"aes128-ctr"
"aes192-ctr"
"aes256-ctr"
"aes128-gcm@openssh.com"
"aes256-gcm@openssh.com"
"chacha20-poly1305@openssh.com"
"3des-cbc"
"aes128-cbc"
"aes192-cbc"
"aes256-cbc"
"aes128-ctr"
"aes192-ctr"
"aes256-ctr"
"aes128-gcm@openssh.com"
"aes256-gcm@openssh.com"
"chacha20-poly1305@openssh.com"
];
services.openssh.settings.KexAlgorithms = [
"diffie-hellman-group1-sha1"
"diffie-hellman-group14-sha1"
"diffie-hellman-group14-sha256"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
"diffie-hellman-group-exchange-sha1"
"diffie-hellman-group-exchange-sha256"
"ecdh-sha2-nistp256"
"ecdh-sha2-nistp384"
"ecdh-sha2-nistp521"
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"sntrup761x25519-sha512@openssh.com"
"diffie-hellman-group1-sha1"
"diffie-hellman-group14-sha1"
"diffie-hellman-group14-sha256"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
"diffie-hellman-group-exchange-sha1"
"diffie-hellman-group-exchange-sha256"
"ecdh-sha2-nistp256"
"ecdh-sha2-nistp384"
"ecdh-sha2-nistp521"
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"sntrup761x25519-sha512@openssh.com"
];
services.atftpd.enable = true;
}

2
modules/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [
./fh

4
modules/ecryptfs.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}:
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
ecryptfs
@@ -6,5 +6,5 @@
security.pam.enableEcryptfs = true;
programs.ecryptfs.enable = true;
boot.kernelModules = ["ecryptfs"];
boot.kernelModules = [ "ecryptfs" ];
}

2
modules/fh/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [

18
modules/fh/forensik.nix
View File

@@ -1,11 +1,11 @@
{ pkgs, ...} :
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
regripper
foremost
binwalk
sleuthkit
samdump2
apktool
];
environment.systemPackages = with pkgs; [
regripper
foremost
binwalk
sleuthkit
samdump2
apktool
];
}

22
modules/fh/scanning.nix
View File

@@ -1,13 +1,13 @@
{ pkgs, ...} :
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
nmap
gobuster
thc-hydra
seclists
aircrack-ng
hashcat
hashcat-utils
john
];
environment.systemPackages = with pkgs; [
nmap
gobuster
thc-hydra
seclists
aircrack-ng
hashcat
hashcat-utils
john
];
}

2
modules/fh/writing.nix
View File

@@ -1,4 +1,4 @@
{pkgs, ...}: {
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
typst
];

2
modules/flatpak.nix
View File

@@ -1,3 +1,3 @@
{
services.flatpak.enable = true;
services.flatpak.enable = true;
}

4
modules/gpg.nix
View File

@@ -1,4 +1,4 @@
{pkgs, ...}:
{ pkgs, ... }:
{
#services.pcscd.enable = true;
@@ -9,5 +9,5 @@
};
#environment.systemPackages = with pkgs; [
# pinentry-curses
# ];
# ];
}

6
modules/graphical/audio.nix
View File

@@ -1,4 +1,4 @@
{config, lib, pkgs, ...} :
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.custom.graphical.audio;
@@ -7,11 +7,11 @@ in
options.custom.graphical.audio = {
enable = mkEnableOption "Enables audio";
};
config = mkIf cfg.enable {
# Enable sound with pipewire.
security.rtkit.enable = true;
services.pulseaudio.enable = false;
services.pipewire = {
enable = true;

4
modules/graphical/code.nix
View File

@@ -7,7 +7,7 @@ in
options.custom.graphical.code = {
enable = mkEnableOption "Enables code";
};
config = mkIf cfg.enable {
documentation.dev.enable = true;
environment.systemPackages = with pkgs; [
@@ -18,7 +18,7 @@ in
insomnia
nodejs_22 # needed for tabby extension
];
#environment.sessionVariables = {
# DOTNET_ROOT = "${pkgs.dotnet-sdk_7}";
#};

2
modules/graphical/cosmic.nix
View File

@@ -6,7 +6,7 @@ in
options.custom.graphical.cosmic = {
enable = lib.mkEnableOption "Enables cosmic";
};
config = lib.mkIf cfg.enable {
nix.settings = {
substituters = [ "https://cosmic.cachix.org/" ];

2
modules/graphical/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, lib, ...}:
{ pkgs, config, lib, ... }:
{
imports = [

4
modules/graphical/emulators.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, inputs, ... }:
{ lib, config, pkgs, inputs, ... }:
with lib;
let
cfg = config.custom.graphical.emulators;
@@ -7,7 +7,7 @@ in
options.custom.graphical.emulators = {
enable = mkEnableOption "Enables emulators";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
snes9x

23
modules/graphical/games.nix
View File

@@ -11,7 +11,8 @@ let
# hash = "sha256-aWpTUAm9FBuZI2KwEvhSnLB7Mfp5nYgUwvvLF47FIfM=";
# };
#});
in {
in
{
options.custom.graphical.games = {
enable = mkEnableOption "Enables games";
enablePreinstalled = mkEnableOption "Enables preinstalled games";
@@ -42,16 +43,16 @@ in {
];
environment.systemPackages = [ pkgs.mangohud ]
++ optionals cfg.enablePreinstalled (with pkgs; [
#taisei
#osu-lazer-bin
wineWowPackages.unstableFull
winetricks
lutris
prismlauncher
steamtinkerlaunch
tetrio-desktop
#libs
]) ++ optionals cfg.enableVr (with pkgs; [ beatsabermodmanager ]);
#taisei
#osu-lazer-bin
wineWowPackages.unstableFull
winetricks
lutris
prismlauncher
steamtinkerlaunch
tetrio-desktop
#libs
]) ++ optionals cfg.enableVr (with pkgs; [ beatsabermodmanager ]);
};
}

6
modules/graphical/lxqt.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, ...}:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.custom.graphical.lxqt;
@@ -7,10 +7,10 @@ in
options.custom.graphical.lxqt = {
enable = mkEnableOption "Enables lxqt";
};
config = mkIf cfg.enable {
services.xserver = {
xkb.layout = config.mainUser.layout;
xkb.layout = config.mainUser.layout;
xkb.variant = config.mainUser.variant;
enable = true;
displayManager.sddm.enable = true;

22
modules/graphical/noise-supression.nix
View File

@@ -1,15 +1,15 @@
{config, pkgs, lib, ...}:
{ config, pkgs, lib, ... }:
let
cfg = config.custom.graphical.noise-supression;
cfg = config.custom.graphical.noise-supression;
in
{
options.custom.graphical.noise-supression = {
enable = lib.mkEnableOption "Enables noise-supression";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
easyeffects
];
};
options.custom.graphical.noise-supression = {
enable = lib.mkEnableOption "Enables noise-supression";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
easyeffects
];
};
}

6
modules/graphical/obs.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, ...}:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.custom.graphical.obs;
@@ -7,14 +7,14 @@ in
options.custom.graphical.obs = {
enable = mkEnableOption "Enables obs";
};
config = mkIf cfg.enable {
# borked in unstable branch
#boot = {
# kernelModules = ["v4l2loopback"]; # Autostart kernel modules on boot
# extraModulePackages = with config.boot.kernelPackages; [v4l2loopback]; # loopback module to make OBS virtual camera work
#};
environment.systemPackages = with pkgs; [
(wrapOBS {
plugins = with obs-studio-plugins; [

4
modules/graphical/openrgb.nix
View File

@@ -1,4 +1,4 @@
{config, lib, pkgs, ...}:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.custom.graphical.openrgb;
@@ -7,7 +7,7 @@ in
options.custom.graphical.openrgb = {
enable = mkEnableOption "Enables openrgb";
};
config = mkIf cfg.enable {
services.hardware.openrgb.enable = true;
services.hardware.openrgb.package = pkgs.openrgb-with-all-plugins;

118
modules/graphical/shared.nix
View File

@@ -6,68 +6,70 @@ in {
enable = mkEnableOption "Enables shared";
};
config = let
screenshot = pkgs.writeShellScriptBin "screenshot" ''
${pkgs.scrot}/bin/scrot -fs - | ${pkgs.xclip}/bin/xclip -selection clipboard -t image/png -i
'';
in mkIf cfg.enable {
programs.dconf.enable = true;
config =
let
screenshot = pkgs.writeShellScriptBin "screenshot" ''
${pkgs.scrot}/bin/scrot -fs - | ${pkgs.xclip}/bin/xclip -selection clipboard -t image/png -i
'';
in
mkIf cfg.enable {
programs.dconf.enable = true;
fonts.fontDir.enable = true;
fonts.packages = with pkgs; [
#uw-ttyp0
#corefonts
nerd-fonts.noto
nerd-fonts.hack
#noto-fonts
#noto-fonts-emoji
noto-fonts-cjk-sans
#font-awesome
];
services.libinput = {
enable = true;
fonts.fontDir.enable = true;
fonts.packages = with pkgs; [
#uw-ttyp0
#corefonts
nerd-fonts.noto
nerd-fonts.hack
#noto-fonts
#noto-fonts-emoji
noto-fonts-cjk-sans
#font-awesome
];
services.libinput = {
enable = true;
# disabling mouse acceleration
mouse = {
accelProfile = "flat";
middleEmulation = false;
# disabling mouse acceleration
mouse = {
accelProfile = "flat";
middleEmulation = false;
};
};
};
programs.kdeconnect.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [ 25565 53317 ]; # localsend
allowedUDPPorts = [ 1194 53317 ]; # openvpn, localsend
allowedTCPPortRanges = [{
from = 1714;
to = 1764;
} # KDE Connect
programs.kdeconnect.enable = true;
networking.firewall = {
enable = true;
allowedTCPPorts = [ 25565 53317 ]; # localsend
allowedUDPPorts = [ 1194 53317 ]; # openvpn, localsend
allowedTCPPortRanges = [{
from = 1714;
to = 1764;
} # KDE Connect
];
allowedUDPPortRanges = [{
from = 1714;
to = 1764;
} # KDE Connect
allowedUDPPortRanges = [{
from = 1714;
to = 1764;
} # KDE Connect
];
};
#services.xserver.wacom.enable = true;
services.tumbler.enable = true; # for thumbnails
programs.file-roller.enable = true;
programs.thunar.enable = true;
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
services.gvfs.enable = true; # for file manager, trash support, etc.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
keepassxc
screenshot
wl-clipboard
xarchiver # archive tool
adwaita-icon-theme
];
};
#services.xserver.wacom.enable = true;
services.tumbler.enable = true; # for thumbnails
programs.file-roller.enable = true;
programs.thunar.enable = true;
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
services.gvfs.enable = true; # for file manager, trash support, etc.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
keepassxc
screenshot
wl-clipboard
xarchiver # archive tool
adwaita-icon-theme
];
};
}

6
modules/graphical/xfce.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, ...}:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.custom.graphical.xfce;
@@ -7,10 +7,10 @@ in
options.custom.graphical.xfce = {
enable = mkEnableOption "Enables lxqt";
};
config = mkIf cfg.enable {
services.xserver = {
xkb.layout = config.mainUser.layout;
xkb.layout = config.mainUser.layout;
xkb.variant = config.mainUser.variant;
enable = true;
desktopManager.xfce.enable = true;

4
modules/hardware/firmware.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.hardware.firmware;
@@ -7,7 +7,7 @@ in
options.custom.hardware.firmware = {
enable = mkEnableOption "Enables firmware";
};
config = mkIf cfg.enable {
services.fwupd.enable = true;
};

163
modules/hardware/nvidia.nix
View File

@@ -28,94 +28,97 @@ in {
};
};
config = let
# the option was renamed in unstable
nvidiaOption = if (pkgsVersion == inputs.nixpkgs-unstable) then {
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [ nvidia-vaapi-driver ];
};
} else {
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
nvidia_oc = "${pkgs.nvidia_oc}/bin/nvidia_oc";
in lib.mkIf cfg.enable (lib.recursiveUpdate nvidiaOption {
boot.kernelParams =
[ "nvidia-drm.fbdev=1" "nvidia.NVreg_PreserveVideoMemoryAllocations=1" ];
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.deviceSection = ''
Option "Coolbits" "24"
'';
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Open drivers with gsp stutters in VR - https://github.com/ValveSoftware/SteamVR-for-Linux/issues/631
gsp.enable = config.hardware.nvidia.open;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# GSP must be enabled for this to work.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
config =
let
# the option was renamed in unstable
nvidiaOption =
if (pkgsVersion == inputs.nixpkgs-unstable) then {
hardware.graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [ nvidia-vaapi-driver ];
};
} else {
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
};
nvidia_oc = "${pkgs.nvidia_oc}/bin/nvidia_oc";
in
lib.mkIf cfg.enable (lib.recursiveUpdate nvidiaOption {
boot.kernelParams =
[ "nvidia-drm.fbdev=1" "nvidia.NVreg_PreserveVideoMemoryAllocations=1" ];
services.xserver.videoDrivers = [ "nvidia" ];
services.xserver.deviceSection = ''
Option "Coolbits" "24"
'';
hardware.nvidia = {
# Modesetting is required.
modesetting.enable = true;
# Open drivers with gsp stutters in VR - https://github.com/ValveSoftware/SteamVR-for-Linux/issues/631
gsp.enable = config.hardware.nvidia.open;
# Nvidia power management. Experimental, and can cause sleep/suspend to fail.
powerManagement.enable = false;
# Fine-grained power management. Turns off GPU when not in use.
# Experimental and only works on modern Nvidia GPUs (Turing or newer).
powerManagement.finegrained = false;
# Use the NVidia open source kernel module (not to be confused with the
# independent third-party "nouveau" open source driver).
# Support is limited to the Turing and later architectures. Full list of
# supported GPUs is at:
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# GSP must be enabled for this to work.
open = false;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
#package = config.boot.kernelPackages.nvidiaPackages.beta;
package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "570.124.04";
sha256_64bit = "sha256-G3hqS3Ei18QhbFiuQAdoik93jBlsFI2RkWOBXuENU8Q=";
sha256_aarch64 = "";
openSha256 = "";
settingsSha256 = "sha256-LNL0J/sYHD8vagkV1w8tb52gMtzj/F0QmJTV1cMaso8=";
persistencedSha256 = "";
package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "570.124.04";
sha256_64bit = "sha256-G3hqS3Ei18QhbFiuQAdoik93jBlsFI2RkWOBXuENU8Q=";
sha256_aarch64 = "";
openSha256 = "";
settingsSha256 = "sha256-LNL0J/sYHD8vagkV1w8tb52gMtzj/F0QmJTV1cMaso8=";
persistencedSha256 = "";
};
};
};
environment.systemPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
libva
libva-utils
pkgs.nvidia_oc
(gwe.override { nvidia_x11 = config.hardware.nvidia.package; })
];
environment.systemPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
libva
libva-utils
pkgs.nvidia_oc
(gwe.override { nvidia_x11 = config.hardware.nvidia.package; })
];
environment.sessionVariables = {
# for firefox, see https://github.com/elFarto/nvidia-vaapi-driver/#firefox
MOZ_DISABLE_RDD_SANDBOX = "1";
LIBVA_DRIVER_NAME = "nvidia";
};
environment.sessionVariables = {
# for firefox, see https://github.com/elFarto/nvidia-vaapi-driver/#firefox
MOZ_DISABLE_RDD_SANDBOX = "1";
LIBVA_DRIVER_NAME = "nvidia";
};
systemd.services.nvidiaSetPower = lib.mkIf cfg.powerLimit.enable {
description =
"Increase GPU power limit to ${toString cfg.powerLimit.wattage} watts";
script = "/run/current-system/sw/bin/nvidia-smi -pl=${
systemd.services.nvidiaSetPower = lib.mkIf cfg.powerLimit.enable {
description =
"Increase GPU power limit to ${toString cfg.powerLimit.wattage} watts";
script = "/run/current-system/sw/bin/nvidia-smi -pl=${
toString cfg.powerLimit.wattage
}";
wantedBy = [ "multi-user.target" ];
};
systemd.services.nvidiaSetClocks = lib.mkIf cfg.clock.enable {
description = "Set GPU clocks";
script =
"${nvidia_oc} set -i 0 --min-clock ${toString cfg.clock.min} --max-clock ${
wantedBy = [ "multi-user.target" ];
};
systemd.services.nvidiaSetClocks = lib.mkIf cfg.clock.enable {
description = "Set GPU clocks";
script =
"${nvidia_oc} set -i 0 --min-clock ${toString cfg.clock.min} --max-clock ${
toString cfg.clock.max
} --freq-offset ${toString cfg.clock.offset}";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
};
});
});
}

24
modules/hardware/scheduler.nix
View File

@@ -1,19 +1,19 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.hardware.scheduler;
cfg = config.custom.hardware.scheduler;
in
{
options.custom.hardware.scheduler = {
enable = mkEnableOption "Enables scheduler";
};
config = mkIf cfg.enable {
services.system76-scheduler = {
enable = true;
};
hardware.system76.enableAll = true;
options.custom.hardware.scheduler = {
enable = mkEnableOption "Enables scheduler";
};
config = mkIf cfg.enable {
services.system76-scheduler = {
enable = true;
};
hardware.system76.enableAll = true;
};
}

18
modules/hardware/ssd.nix
View File

@@ -1,15 +1,15 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.hardware.ssd;
cfg = config.custom.hardware.ssd;
in
{
options.custom.hardware.ssd = {
enable = mkEnableOption "Enables fstrim";
};
config = mkIf cfg.enable {
services.fstrim.enable = true;
};
options.custom.hardware.ssd = {
enable = mkEnableOption "Enables fstrim";
};
config = mkIf cfg.enable {
services.fstrim.enable = true;
};
}

2
modules/hardware/vfio.nix
View File

@@ -7,7 +7,7 @@ in
options.custom.hardware.vfio = {
enable = mkEnableOption "Enables vfio";
};
config = mkIf (cfg.enable && config.virtualisation.libvirtd.enable) {
boot.kernelParams = [ "amd_iommu=on" "iommu=pt" ];
};

54
modules/hardware/wooting.nix
View File

@@ -1,40 +1,42 @@
{ config, pkgs, lib, ...}:
{ config, pkgs, lib, ... }:
with lib;
let
let
cfg = config.custom.hardware.wooting;
in
{
{
options.custom.hardware.wooting = {
enable = mkEnableOption "Enable wooting hardware support";
};
config = let
wooting-udev = pkgs.stdenv.mkDerivation rec {
pname = "wooting-udev-rules";
version = "unstable-2023-03-31";
config =
let
wooting-udev = pkgs.stdenv.mkDerivation rec {
pname = "wooting-udev-rules";
version = "unstable-2023-03-31";
# Source: https://help.wooting.io/en/article/wootility-configuring-device-access-for-wootility-under-linux-udev-rules-r6lb2o/
src = [ ./wooting.rules ];
# Source: https://help.wooting.io/en/article/wootility-configuring-device-access-for-wootility-under-linux-udev-rules-r6lb2o/
src = [ ./wooting.rules ];
dontUnpack = true;
dontUnpack = true;
installPhase = ''
install -Dpm644 $src $out/lib/udev/rules.d/70-wooting.rules
'';
installPhase = ''
install -Dpm644 $src $out/lib/udev/rules.d/70-wooting.rules
'';
meta = with lib; {
homepage = "https://help.wooting.io/en/article/wootility-configuring-device-access-for-wootility-under-linux-udev-rules-r6lb2o/";
description = "udev rules that give NixOS permission to communicate with Wooting keyboards";
platforms = platforms.linux;
license = "unknown";
maintainers = with maintainers; [ davidtwco ];
meta = with lib; {
homepage = "https://help.wooting.io/en/article/wootility-configuring-device-access-for-wootility-under-linux-udev-rules-r6lb2o/";
description = "udev rules that give NixOS permission to communicate with Wooting keyboards";
platforms = platforms.linux;
license = "unknown";
maintainers = with maintainers; [ davidtwco ];
};
};
};
in mkIf cfg.enable {
services.udev.packages = [ wooting-udev ];
in
mkIf cfg.enable {
services.udev.packages = [ wooting-udev ];
environment.systemPackages = with pkgs; [
wootility
];
};
environment.systemPackages = with pkgs; [
wootility
];
};
}

10
modules/hdd-spindown.nix
View File

@@ -1,7 +1,7 @@
{ pkgs, ...}:
{ pkgs, ... }:
{
powerManagement.powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -B 127 /dev/sd[ab]
${pkgs.hdparm}/sbin/hdparm -S 120 /dev/sd[ab]
'';
powerManagement.powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -B 127 /dev/sd[ab]
${pkgs.hdparm}/sbin/hdparm -S 120 /dev/sd[ab]
'';
}

131
modules/kernel.nix
View File

@@ -1,53 +1,54 @@
{ pkgs, config, ... }:
let
#amdgpu_module_pkg =
# { pkgs, lib, fetchurl, kernel ? pkgs.linuxPackages_latest.kernel, ... }:
#
# pkgs.stdenv.mkDerivation {
# pname = "amdgpu-kernel-module";
# inherit (kernel) version postPatch nativeBuildInputs;
# src = fetchurl {
# url =
# "https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-next-6.15-2025-03-14/linux-amd-drm-next-6.15-2025-03-14.tar.gz";
# # After the first build attempt, look for "hash mismatch" and then 2 lines below at the "got:" line.
# # Use "sha256-....." value here.
# hash = "sha256-/9EvJNBSKteXljrZzmaQkbZ7o4etCe0yFM3JJg/jD7o=";
# };
#
# kernel_dev = kernel.dev;
# kernelVersion = kernel.modDirVersion;
#
# modulePath = "drivers/gpu/drm/amd/amdgpu";
#
# buildPhase = ''
# BUILT_KERNEL=$kernel_dev/lib/modules/$kernelVersion/build
#
# cp $BUILT_KERNEL/Module.symvers .
# cp $BUILT_KERNEL/.config .
# cp $kernel_dev/vmlinux .
#
# make "-j$NIX_BUILD_CORES" modules_prepare
# make "-j$NIX_BUILD_CORES" M=$modulePath modules
# '';
#
# installPhase = ''
# make \
# INSTALL_MOD_PATH="$out" \
# XZ="xz -T$NIX_BUILD_CORES" \
# M="$modulePath" \
# modules_install
# '';
#
# meta = {
# description = "AMD GPU kernel module";
# license = lib.licenses.gpl3;
# };
# };
# amdgpu_module = pkgs.callPackage amdgpu_module_pkg {
# kernel = config.boot.kernelPackages.kernel;
# };
#amdgpu_module_pkg =
# { pkgs, lib, fetchurl, kernel ? pkgs.linuxPackages_latest.kernel, ... }:
#
# pkgs.stdenv.mkDerivation {
# pname = "amdgpu-kernel-module";
# inherit (kernel) version postPatch nativeBuildInputs;
# src = fetchurl {
# url =
# "https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-next-6.15-2025-03-14/linux-amd-drm-next-6.15-2025-03-14.tar.gz";
# # After the first build attempt, look for "hash mismatch" and then 2 lines below at the "got:" line.
# # Use "sha256-....." value here.
# hash = "sha256-/9EvJNBSKteXljrZzmaQkbZ7o4etCe0yFM3JJg/jD7o=";
# };
#
# kernel_dev = kernel.dev;
# kernelVersion = kernel.modDirVersion;
#
# modulePath = "drivers/gpu/drm/amd/amdgpu";
#
# buildPhase = ''
# BUILT_KERNEL=$kernel_dev/lib/modules/$kernelVersion/build
#
# cp $BUILT_KERNEL/Module.symvers .
# cp $BUILT_KERNEL/.config .
# cp $kernel_dev/vmlinux .
#
# make "-j$NIX_BUILD_CORES" modules_prepare
# make "-j$NIX_BUILD_CORES" M=$modulePath modules
# '';
#
# installPhase = ''
# make \
# INSTALL_MOD_PATH="$out" \
# XZ="xz -T$NIX_BUILD_CORES" \
# M="$modulePath" \
# modules_install
# '';
#
# meta = {
# description = "AMD GPU kernel module";
# license = lib.licenses.gpl3;
# };
# };
# amdgpu_module = pkgs.callPackage amdgpu_module_pkg {
# kernel = config.boot.kernelPackages.kernel;
# };
in {
in
{
#boot.extraModulePackages = [ amdgpu_module ];
#boot.kernelPackages = pkgs.linuxPackages_latest;
#boot.kernelPackages = pkgs.linuxPackages_testing;
@@ -62,24 +63,26 @@ in {
# };
#});
boot.kernelPackages = let
amd_drm_next_pkg = { fetchurl, buildLinux, ... }@args:
boot.kernelPackages =
let
amd_drm_next_pkg = { fetchurl, buildLinux, ... }@args:
buildLinux (args // rec {
version = "6.14.0-rc4";
modDirVersion = version;
buildLinux (args // rec {
version = "6.14.0-rc4";
modDirVersion = version;
src = fetchurl {
url =
"https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-next-6.15-2025-03-14/linux-amd-drm-next-6.15-2025-03-14.tar.gz";
# After the first build attempt, look for "hash mismatch" and then 2 lines below at the "got:" line.
# Use "sha256-....." value here.
hash = "sha256-/9EvJNBSKteXljrZzmaQkbZ7o4etCe0yFM3JJg/jD7o=";
};
kernelPatches = [ ];
src = fetchurl {
url =
"https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-next-6.15-2025-03-14/linux-amd-drm-next-6.15-2025-03-14.tar.gz";
# After the first build attempt, look for "hash mismatch" and then 2 lines below at the "got:" line.
# Use "sha256-....." value here.
hash = "sha256-/9EvJNBSKteXljrZzmaQkbZ7o4etCe0yFM3JJg/jD7o=";
};
kernelPatches = [ ];
extraMeta.branch = "6.14.0-rc4";
} // (args.argsOverride or { }));
linux_amd_drm_next = pkgs.callPackage amd_drm_next_pkg { };
in pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_amd_drm_next);
extraMeta.branch = "6.14.0-rc4";
} // (args.argsOverride or { }));
linux_amd_drm_next = pkgs.callPackage amd_drm_next_pkg { };
in
pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_amd_drm_next);
}

2
modules/logging.nix
View File

@@ -1,3 +1,3 @@
{
services.journald.extraConfig = "SystemMaxUse=4G";
services.journald.extraConfig = "SystemMaxUse=4G";
}

178
modules/misc/backup.nix
View File

@@ -4,75 +4,77 @@ let
cfg = config.custom.misc.backup;
in
{
options.custom.misc.backup = {
enable = mkEnableOption "Enables backup";
small = lib.mkOption {
type = types.listOf types.str;
description = "paths to include in the small backup";
};
medium = lib.mkOption {
type = types.listOf types.str;
default = cfg.small;
description = "paths to include in the medium backup";
};
large = lib.mkOption {
type = types.listOf types.str;
default = cfg.small // cfg.medium;
description = "paths to include in the large backup";
};
excludePaths = lib.mkOption {
type = types.listOf types.str;
default = [ "**/Cache" "**/.cache" "**/__pycache__" "**/node_modules" "**/venv" "*.o" "*.out"];
description = "paths to exclude from the backup";
};
excludePathsRemote = lib.mkOption {
type = types.listOf types.str;
default = cfg.excludePaths ++ [ "**/dont_remotebackup"];
description = "paths to exclude from the remote backup";
};
};
config = let
checkStorageSpace = pkgs.writeShellApplication {
name = "checkBackupStorageSpace";
text = ''
# Check how much space is used by the backup paths
echo "Checking storage space (small) with excluded paths..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)} ${builtins.concatStringsSep " " cfg.small}
echo "Checking storage space (small) with excluded paths (remote)..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.small}
echo "Checking storage space (medium) with excluded paths..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)} ${builtins.concatStringsSep " " cfg.medium}
echo "Checking storage space (medium) with excluded paths (remote)..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.medium}
echo "Checking storage space (full) with excluded paths..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)} ${builtins.concatStringsSep " " cfg.large}
echo "Checking storage space (full) with excluded paths (remote)..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.large}
'';
options.custom.misc.backup = {
enable = mkEnableOption "Enables backup";
small = lib.mkOption {
type = types.listOf types.str;
description = "paths to include in the small backup";
};
medium = lib.mkOption {
type = types.listOf types.str;
default = cfg.small;
description = "paths to include in the medium backup";
};
large = lib.mkOption {
type = types.listOf types.str;
default = cfg.small // cfg.medium;
description = "paths to include in the large backup";
};
excludePaths = lib.mkOption {
type = types.listOf types.str;
default = [ "**/Cache" "**/.cache" "**/__pycache__" "**/node_modules" "**/venv" "*.o" "*.out" ];
description = "paths to exclude from the backup";
};
excludePathsRemote = lib.mkOption {
type = types.listOf types.str;
default = cfg.excludePaths ++ [ "**/dont_remotebackup" ];
description = "paths to exclude from the remote backup";
};
in mkIf cfg.enable {
environment.systemPackages = with pkgs; [ checkStorageSpace ];
age.secrets.restic-pw = {
file = ../../secrets/restic-pw.age;
};
age.secrets.restic-s3 = {
file = ../../secrets/restic-s3.age;
};
age.secrets.restic-gdrive = {
file = ../../secrets/restic-gdrive.age;
};
services.restic = {
backups = {
#localbackup = {
# initialize = true;
# passwordFile = config.age.secrets.restic-pw.path;
# exclude = cfg.excludePaths;
# paths = cfg.large;
# pruneOpts = [ "--keep-daily 7" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
# repository = "/mnt/2tb/restic";
#};
localbackup-1tb-ssd = {
config =
let
checkStorageSpace = pkgs.writeShellApplication {
name = "checkBackupStorageSpace";
text = ''
# Check how much space is used by the backup paths
echo "Checking storage space (small) with excluded paths..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)} ${builtins.concatStringsSep " " cfg.small}
echo "Checking storage space (small) with excluded paths (remote)..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.small}
echo "Checking storage space (medium) with excluded paths..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)} ${builtins.concatStringsSep " " cfg.medium}
echo "Checking storage space (medium) with excluded paths (remote)..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.medium}
echo "Checking storage space (full) with excluded paths..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePaths)} ${builtins.concatStringsSep " " cfg.large}
echo "Checking storage space (full) with excluded paths (remote)..."
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.large}
'';
};
in
mkIf cfg.enable {
environment.systemPackages = with pkgs; [ checkStorageSpace ];
age.secrets.restic-pw = {
file = ../../secrets/restic-pw.age;
};
age.secrets.restic-s3 = {
file = ../../secrets/restic-s3.age;
};
age.secrets.restic-gdrive = {
file = ../../secrets/restic-gdrive.age;
};
services.restic = {
backups = {
#localbackup = {
# initialize = true;
# passwordFile = config.age.secrets.restic-pw.path;
# exclude = cfg.excludePaths;
# paths = cfg.large;
# pruneOpts = [ "--keep-daily 7" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
# repository = "/mnt/2tb/restic";
#};
localbackup-1tb-ssd = {
initialize = true;
passwordFile = config.age.secrets.restic-pw.path;
exclude = cfg.excludePaths;
@@ -83,33 +85,33 @@ in mkIf cfg.enable {
};
pruneOpts = [ "--keep-daily 7" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
repository = "/1tbssd/restic";
};
#localbackup-1tb = {
# initialize = true;
# passwordFile = config.age.secrets.restic-pw.path;
# exclude = cfg.excludePaths;
# paths = cfg.large;
# repository = "/mnt/1tb/restic";
# pruneOpts = [ "--keep-daily 5" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
# timerConfig = {
# OnCalendar = "*-*-03,06,09,12,15,18,21,24,27,30 02:00:00";
# Persistent = true;
# };
#};
remotebackup-gdrive = {
};
#localbackup-1tb = {
# initialize = true;
# passwordFile = config.age.secrets.restic-pw.path;
# exclude = cfg.excludePaths;
# paths = cfg.large;
# repository = "/mnt/1tb/restic";
# pruneOpts = [ "--keep-daily 5" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
# timerConfig = {
# OnCalendar = "*-*-03,06,09,12,15,18,21,24,27,30 02:00:00";
# Persistent = true;
# };
#};
remotebackup-gdrive = {
initialize = true;
passwordFile = config.age.secrets.restic-pw.path;
exclude = cfg.excludePathsRemote;
paths = cfg.medium;
rcloneConfigFile = config.age.secrets.restic-gdrive.path;
rcloneConfigFile = config.age.secrets.restic-gdrive.path;
repository = "rclone:it-experts:backup";
pruneOpts = [ "--keep-daily 5" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
timerConfig = {
OnCalendar = "*-*-03,06,09,12,15,18,21,24,27,30 02:00:00";
Persistent = true;
OnCalendar = "*-*-03,06,09,12,15,18,21,24,27,30 02:00:00";
Persistent = true;
};
};
remotebackup = {
};
remotebackup = {
initialize = true;
passwordFile = config.age.secrets.restic-pw.path;
environmentFile = config.age.secrets.restic-s3.path;
@@ -121,8 +123,8 @@ in mkIf cfg.enable {
Persistent = true;
};
repository = "s3:s3.us-west-002.backblazeb2.com/kop-bucket";
};
};
};
};
};
};
}

4
modules/misc/btrfs.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.misc.btrfs;
@@ -7,7 +7,7 @@ in
options.custom.misc.btrfs = {
enable = mkEnableOption "Enables btrfs scrubbing";
};
config = mkIf cfg.enable {
services.btrfs.autoScrub.enable = true;
};

154
modules/misc/cli-tools.nix
View File

@@ -4,83 +4,85 @@ let cfg = config.custom.cli-tools;
in {
options.custom.cli-tools = { enable = mkEnableOption "Enables cli-tools"; };
config = let
getTotalPowerUsed = pkgs.writeShellScriptBin "total-power" ''
echo "$(sudo cat /sys/class/powercap/*/energy_uj | awk 'BEGIN { sum = 0; } { sum += $1; } END { print sum; }' "$@") / 1000000" | bc | xargs -I _ echo "_ W"
'';
watchCurrentPowerUsed = pkgs.writeShellScriptBin "watch-current-power" ''
function getCurrentPowerUsed() {
local energy_uj=$(sudo cat $energy_path | awk 'BEGIN { sum = 0; } { sum += $1; } END { print sum; }' "$@")
echo "scale=2; $energy_uj / 1000000" | bc
}
config =
let
getTotalPowerUsed = pkgs.writeShellScriptBin "total-power" ''
echo "$(sudo cat /sys/class/powercap/*/energy_uj | awk 'BEGIN { sum = 0; } { sum += $1; } END { print sum; }' "$@") / 1000000" | bc | xargs -I _ echo "_ W"
'';
watchCurrentPowerUsed = pkgs.writeShellScriptBin "watch-current-power" ''
function getCurrentPowerUsed() {
local energy_uj=$(sudo cat $energy_path | awk 'BEGIN { sum = 0; } { sum += $1; } END { print sum; }' "$@")
echo "scale=2; $energy_uj / 1000000" | bc
}
energy_path=$(grep package /sys/class/powercap/*/name | sed 's/name.*$/energy_uj/')
power_prev=0
power_curr=$(getCurrentPowerUsed)
while true; do
power_prev=$power_curr
sleep 1
energy_path=$(grep package /sys/class/powercap/*/name | sed 's/name.*$/energy_uj/')
power_prev=0
power_curr=$(getCurrentPowerUsed)
echo "scale=2; ($power_curr - $power_prev) / 1" | bc | xargs -I _ echo "_ W"
done
'';
in mkIf cfg.enable {
environment.systemPackages = with pkgs; [
getTotalPowerUsed
watchCurrentPowerUsed
(if lib.versionOlder lib.version "25.05" then
while true; do
power_prev=$power_curr
sleep 1
power_curr=$(getCurrentPowerUsed)
echo "scale=2; ($power_curr - $power_prev) / 1" | bc | xargs -I _ echo "_ W"
done
'';
in
mkIf cfg.enable {
environment.systemPackages = with pkgs; [
getTotalPowerUsed
watchCurrentPowerUsed
(if lib.versionOlder lib.version "25.05" then
wget
else
powerjoular) # monitor power usage
fzf # fuzzy finder
bat # fancy cat
fd # nicer find
duf # nicer du
eza # nicer ls
ripgrep # faster grep
gdu
wget
else
powerjoular) # monitor power usage
fzf # fuzzy finder
bat # fancy cat
fd # nicer find
duf # nicer du
eza # nicer ls
ripgrep # faster grep
gdu
wget
pciutils
rippkgs # faster nixpkgs search, init with `rippkgs-index nixpkgs && mv rippkgs-index.sqlite ~/.local/share/`;
nixos-option
btop
git
gh # github
killall
xclip
usbutils
inputs.agenix.packages."x86_64-linux".default
fastfetch
pdfgrep
glxinfo
vulkan-tools
ffmpeg
nethogs
dig
smartmontools
bc
xxd
tldr
file
unzip
lsof
lshw
screen
tmux
fatrace # monitor filesystem events
nh
nix-output-monitor # nom
nvd # nix diff, example: nvd diff /nix/var/nix/profiles/system-389-link /nix/var/nix/profiles/system-390-link
compsize
trashy # move files to trash
shell-gpt
libheif # convert heic to jpg with `heif-convert something.heic something.jpg`
imagemagick # convert images
tree
kop-newproject # creates a shell.nix and .envrc
nix-tree # show nix derivations
binwalk # show what's inside a binary
iotop
];
};
pciutils
rippkgs # faster nixpkgs search, init with `rippkgs-index nixpkgs && mv rippkgs-index.sqlite ~/.local/share/`;
nixos-option
btop
git
gh # github
killall
xclip
usbutils
inputs.agenix.packages."x86_64-linux".default
fastfetch
pdfgrep
glxinfo
vulkan-tools
ffmpeg
nethogs
dig
smartmontools
bc
xxd
tldr
file
unzip
lsof
lshw
screen
tmux
fatrace # monitor filesystem events
nh
nix-output-monitor # nom
nvd # nix diff, example: nvd diff /nix/var/nix/profiles/system-389-link /nix/var/nix/profiles/system-390-link
compsize
trashy # move files to trash
shell-gpt
libheif # convert heic to jpg with `heif-convert something.heic something.jpg`
imagemagick # convert images
tree
kop-newproject # creates a shell.nix and .envrc
nix-tree # show nix derivations
binwalk # show what's inside a binary
iotop
];
};
}

2
modules/misc/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [
./packages-list.nix

2
modules/misc/docker.nix
View File

@@ -11,7 +11,7 @@ in
virtualisation.docker.enable = true;
virtualisation.docker.daemon.settings = { ip = "127.0.0.1"; };
environment.systemPackages = with pkgs; [
docker-compose
docker-compose
];
hardware.nvidia-container-toolkit.enable = lib.mkIf config.custom.hardware.nvidia.enable true;
};

2
modules/misc/faster-boot-time.nix
View File

@@ -1,4 +1,4 @@
{ lib, pkgs, config, ... }: {
{ lib, pkgs, config, ... }: {
# before: Startup finished in 18.830s (firmware) + 5.844s (loader) + 4.422s (kernel) + 7.616s (userspace) = 36.713s
# after: Startup finished in 14.115s (firmware) + 789ms (loader) + 4.312s (kernel) + 5.777s (userspace) = 24.995s
systemd = {

18
modules/misc/nftables.nix
View File

@@ -1,15 +1,15 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.nftables;
cfg = config.custom.nftables;
in
{
options.custom.nftables = {
enable = mkEnableOption "Enables nftables";
};
config = mkIf cfg.enable {
networking.nftables.enable = true;
};
options.custom.nftables = {
enable = mkEnableOption "Enables nftables";
};
config = mkIf cfg.enable {
networking.nftables.enable = true;
};
}

14
modules/misc/packages-list.nix
View File

@@ -1,8 +1,10 @@
{ config, pkgs, ... }: {
environment.etc."current-system-packages".text = let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique =
builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in formatted;
environment.etc."current-system-packages".text =
let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique =
builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in
formatted;
}

39
modules/misc/static-ip.nix
View File

@@ -22,27 +22,28 @@ in {
description = "Default gateway";
};
};
config = let fallback = "1.1.1.1";
in mkIf cfg.enable {
networking = {
defaultGateway = cfg.gateway;
useDHCP = false;
nameservers = [ cfg.dns ]
++ lib.lists.optionals (!config.services.resolved.enable) [ fallback ];
interfaces = {
${cfg.interface} = {
name = "eth0";
ipv4.addresses = [{
address = cfg.ip;
prefixLength = 24;
}];
config =
let fallback = "1.1.1.1";
in mkIf cfg.enable {
networking = {
defaultGateway = cfg.gateway;
useDHCP = false;
nameservers = [ cfg.dns ]
++ lib.lists.optionals (!config.services.resolved.enable) [ fallback ];
interfaces = {
${cfg.interface} = {
name = "eth0";
ipv4.addresses = [{
address = cfg.ip;
prefixLength = 24;
}];
};
};
};
};
services.resolved = lib.mkIf config.services.resolved.enable {
llmnr = "false";
fallbackDns = [ "1.1.1.1" ];
services.resolved = lib.mkIf config.services.resolved.enable {
llmnr = "false";
fallbackDns = [ "1.1.1.1" ];
};
};
};
}

18
modules/misc/tmpfs.nix
View File

@@ -1,15 +1,15 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.tmpfs;
cfg = config.custom.tmpfs;
in
{
options.custom.tmpfs = {
enable = mkEnableOption "Enables tmpfs";
};
config = mkIf cfg.enable {
boot.tmp.useTmpfs = true;
};
options.custom.tmpfs = {
enable = mkEnableOption "Enables tmpfs";
};
config = mkIf cfg.enable {
boot.tmp.useTmpfs = true;
};
}

24
modules/misc/wireshark.nix
View File

@@ -1,18 +1,18 @@
{lib, config, pkgs, ... }:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.custom.wireshark;
cfg = config.custom.wireshark;
in
{
options.custom.wireshark = {
enable = mkEnableOption "Enables wireshark";
};
config = mkIf cfg.enable {
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
users.users.${config.mainUser.name}.extraGroups = [ "wireshark" ];
};
options.custom.wireshark = {
enable = mkEnableOption "Enables wireshark";
};
config = mkIf cfg.enable {
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
users.users.${config.mainUser.name}.extraGroups = [ "wireshark" ];
};
}

98
modules/motd.nix
View File

@@ -1,52 +1,52 @@
{
users.motd = ''
'';
'';
}

4
modules/networkmanager.nix
View File

@@ -1,5 +1,5 @@
{pkgs, lib, ...}:
{ pkgs, lib, ... }:
{
networking.networkmanager.enable = true;
networking.networkmanager.enable = true;
networking.networkmanager.plugins = lib.mkForce [ pkgs.networkmanager-openvpn ];
}

2
modules/nix/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [
./index.nix

4
modules/nix/ld.nix
View File

@@ -1,4 +1,4 @@
{config, lib, pkgs, ... }:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.custom.nix.ld;
@@ -7,7 +7,7 @@ in
options.custom.nix.ld = {
enable = mkEnableOption "Enables nix ld";
};
config = mkIf cfg.enable {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [

3
modules/nix/settings.nix
View File

@@ -3,7 +3,8 @@ with lib;
let
cfg = config.custom.nix.settings;
cache = "https://cache.nixos.org";
in {
in
{
options.custom.nix.settings = {
enable = mkEnableOption "Enables various nix settings";
optimise = mkOption {

1
modules/no-sleep-lid-closed.nix
View File

@@ -1,4 +1,3 @@
{
services.logind.lidSwitchExternalPower = "ignore";
}

1
modules/services/adam-site.nix
View File

@@ -1,4 +1,3 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let cfg = config.custom.services.adam-site;

284
modules/services/adguard.nix
View File

@@ -19,157 +19,159 @@ in {
description = "use https for the adguard instance";
};
};
config = let
ip = cfg.ip;
wireguardIp = config.custom.services.wireguard.ip;
in lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
config =
let
ip = cfg.ip;
wireguardIp = config.custom.services.wireguard.ip;
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
security.acme.certs."${cfg.fqdn}".server =
"https://127.0.0.1:8443/acme/kop-acme/directory";
# nginx reverse proxy
services.nginx.virtualHosts.${cfg.fqdn} = {
forceSSL = cfg.useHttps;
enableACME = cfg.useHttps;
quic = cfg.useHttps;
http3 = cfg.useHttps;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.adguardhome.port}";
proxyWebsockets = true;
};
};
systemd.services.adguardhome = {
after = [ "nginx.service" "step-ca.service" ];
};
services.adguardhome = {
enable = true;
settings = {
schema_version = 28;
users = [{
name = "admin";
password =
"$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W";
}];
dns = {
bind_hosts = [ "127.0.0.1" ip ] ++ lib.lists.optionals config.custom.services.wireguard.enable [ wireguardIp ];
port = 53;
protection_enabled = true;
filtering_enabled = true;
upstream_dns = [
"https://dns10.quad9.net/dns-query"
"https://dns.adguard-dns.com/dns-query"
];
use_http3_upstreams = true;
security.acme.certs."${cfg.fqdn}".server =
"https://127.0.0.1:8443/acme/kop-acme/directory";
# nginx reverse proxy
services.nginx.virtualHosts.${cfg.fqdn} = {
forceSSL = cfg.useHttps;
enableACME = cfg.useHttps;
quic = cfg.useHttps;
http3 = cfg.useHttps;
locations."/" = {
proxyPass =
"http://127.0.0.1:${toString config.services.adguardhome.port}";
proxyWebsockets = true;
};
querylog = { enabled = false; };
filters = [
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
name = "adguard dns list";
id = 1;
}
{
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
name = "adguard block list";
id = 2;
}
{
enabled = true;
url = "https://dbl.oisd.nl/";
name = "big block list";
id = 3;
}
];
dhcp = { enabled = false; };
tls = { enabled = false; };
filtering = {
rewrites = [
};
systemd.services.adguardhome = {
after = [ "nginx.service" "step-ca.service" ];
};
services.adguardhome = {
enable = true;
settings = {
schema_version = 28;
users = [{
name = "admin";
password =
"$2y$15$iPzjmUJPTwWUOsDp46GOPO/LYor/jDJjndwy2QlPddaKSD4QXvq9W";
}];
dns = {
bind_hosts = [ "127.0.0.1" ip ] ++ lib.lists.optionals config.custom.services.wireguard.enable [ wireguardIp ];
port = 53;
protection_enabled = true;
filtering_enabled = true;
upstream_dns = [
"https://dns10.quad9.net/dns-query"
"https://dns.adguard-dns.com/dns-query"
];
use_http3_upstreams = true;
};
querylog = { enabled = false; };
filters = [
{
"domain" = "kopatz.ddns.net";
"answer" = ip;
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt";
name = "adguard dns list";
id = 1;
}
{
"domain" = "kop.oasch.net";
"answer" = ip;
enabled = true;
url =
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt";
name = "adguard block list";
id = 2;
}
{
"domain" = "kavita-kopatz.duckdns.org";
"answer" = ip;
enabled = true;
url = "https://dbl.oisd.nl/";
name = "big block list";
id = 3;
}
{
"domain" = "server.home";
"answer" = ip;
}
{
"domain" = "server.home.arpa";
"answer" = ip;
}
{
"domain" = "adguard.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = ip;
}
{
"domain" = "kavita.home.arpa";
"answer" = ip;
}
{
"domain" = "grafana.home.arpa";
"answer" = ip;
}
{
"domain" = "yt.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "kavita.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "yt.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "turnserver.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "powerline.home.arpa";
"answer" = "192.168.0.2";
}
{
"domain" = "3neo.home.arpa";
"answer" = "192.168.0.4";
}
{
"domain" = "alcatel.home.arpa";
"answer" = "192.168.0.5";
}
{
"domain" = "extender.home.arpa";
"answer" = "192.168.0.8";
}
{
"domain" = "inverter.home.arpa";
"answer" = "192.168.0.9";
}
];
dhcp = { enabled = false; };
tls = { enabled = false; };
filtering = {
rewrites = [
{
"domain" = "kopatz.ddns.net";
"answer" = ip;
}
{
"domain" = "kop.oasch.net";
"answer" = ip;
}
{
"domain" = "kavita-kopatz.duckdns.org";
"answer" = ip;
}
{
"domain" = "server.home";
"answer" = ip;
}
{
"domain" = "server.home.arpa";
"answer" = ip;
}
{
"domain" = "adguard.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = ip;
}
{
"domain" = "kavita.home.arpa";
"answer" = ip;
}
{
"domain" = "grafana.home.arpa";
"answer" = ip;
}
{
"domain" = "yt.home.arpa";
"answer" = ip;
}
{
"domain" = "nextcloud.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "kavita.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "yt.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "turnserver.home.arpa";
"answer" = wireguardIp;
}
{
"domain" = "powerline.home.arpa";
"answer" = "192.168.0.2";
}
{
"domain" = "3neo.home.arpa";
"answer" = "192.168.0.4";
}
{
"domain" = "alcatel.home.arpa";
"answer" = "192.168.0.5";
}
{
"domain" = "extender.home.arpa";
"answer" = "192.168.0.8";
}
{
"domain" = "inverter.home.arpa";
"answer" = "192.168.0.9";
}
];
};
};
};
};
};
}

77
modules/services/caldav.nix
View File

@@ -28,44 +28,47 @@ in {
large = [ "/var/lib/radicale/" ];
};
systemd.services.kop-fhcalendar = let
radicale = if lib.versionOlder lib.version "25.05" then
(builtins.elemAt
config.services.radicale.settings.storage.filesystem_folder 0)
else
config.services.radicale.settings.storage.filesystem_folder;
# not reproducible
working =
"${radicale}/collection-root/kopatz/b6d2c446-8109-714a-397f-1f35d3136639";
in {
description = "Download fh calendar";
wants = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ];
wantedBy = [ "multi-user.target" ];
startAt = "*-*-* 06:00:00";
systemd.services.kop-fhcalendar =
let
radicale =
if lib.versionOlder lib.version "25.05" then
(builtins.elemAt
config.services.radicale.settings.storage.filesystem_folder 0)
else
config.services.radicale.settings.storage.filesystem_folder;
# not reproducible
working =
"${radicale}/collection-root/kopatz/b6d2c446-8109-714a-397f-1f35d3136639";
in
{
description = "Download fh calendar";
wants = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ];
wantedBy = [ "multi-user.target" ];
startAt = "*-*-* 06:00:00";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.kop-fhcalendar}/bin/kop-fhcalendar";
WorkingDirectory = working;
BindPaths = [ working ];
User = "radicale";
Restart = "on-failure";
RestartSec = "5s";
PrivateMounts = lib.mkDefault true;
PrivateTmp = lib.mkDefault true;
PrivateUsers = lib.mkDefault true;
ProtectClock = lib.mkDefault true;
ProtectControlGroups = lib.mkDefault true;
ProtectHome = lib.mkDefault true;
ProtectHostname = lib.mkDefault true;
ProtectKernelLogs = lib.mkDefault true;
ProtectKernelModules = lib.mkDefault true;
ProtectKernelTunables = lib.mkDefault true;
ProtectSystem = lib.mkDefault "strict";
# Needs network access
PrivateNetwork = lib.mkDefault false;
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.kop-fhcalendar}/bin/kop-fhcalendar";
WorkingDirectory = working;
BindPaths = [ working ];
User = "radicale";
Restart = "on-failure";
RestartSec = "5s";
PrivateMounts = lib.mkDefault true;
PrivateTmp = lib.mkDefault true;
PrivateUsers = lib.mkDefault true;
ProtectClock = lib.mkDefault true;
ProtectControlGroups = lib.mkDefault true;
ProtectHome = lib.mkDefault true;
ProtectHostname = lib.mkDefault true;
ProtectKernelLogs = lib.mkDefault true;
ProtectKernelModules = lib.mkDefault true;
ProtectKernelTunables = lib.mkDefault true;
ProtectSystem = lib.mkDefault "strict";
# Needs network access
PrivateNetwork = lib.mkDefault false;
};
};
};
};
}

26
modules/services/coturn.nix
View File

@@ -1,12 +1,12 @@
{ config, pkgs, lib, inputs, ... }:
{
age.secrets.coturn-secret = {
file = ../../secrets/coturn-secret.age;
owner = "turnserver";
group = "turnserver";
};
age.secrets.coturn-secret = {
file = ../../secrets/coturn-secret.age;
owner = "turnserver";
group = "turnserver";
};
networking.firewall.allowedUDPPortRanges = [ { from = 49000; to=50000; } ];
networking.firewall.allowedUDPPortRanges = [{ from = 49000; to = 50000; }];
networking.firewall.allowedUDPPorts = [ 3478 ]; #5349 ];
networking.firewall.allowedTCPPorts = [ 3478 ]; #5349 ];
@@ -21,10 +21,10 @@
use-auth-secret = true;
static-auth-secret-file = config.age.secrets.coturn-secret.path;
relay-ips = [
"192.168.2.1"
"192.168.2.1"
];
listening-ips = [
"192.168.2.1"
"192.168.2.1"
];
realm = "kopatz.ddns.net";
#cert = "${config.security.acme.certs."kopatz.ddns.net".directory}/full.pem";
@@ -65,9 +65,9 @@
};
#systemd.services.coturn = {
# serviceConfig = {
# User = lib.mkForce "root";
# Group = lib.mkForce "root";
# };
# };
# serviceConfig = {
# User = lib.mkForce "root";
# Group = lib.mkForce "root";
# };
# };
}

2
modules/services/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [
./acme.nix

16
modules/services/dyndns.nix
View File

@@ -1,12 +1,12 @@
{ config, pkgs, lib, inputs, ... }:
{
age.secrets.duckdns = {
file = ../../secrets/duckdns.age;
};
services.ddclient = {
enable = true;
protocol = "duckdns";
passwordFile = config.age.secrets.duckdns.path;
domains = ["wachbirn.duckdns.org"];
age.secrets.duckdns = {
file = ../../secrets/duckdns.age;
};
services.ddclient = {
enable = true;
protocol = "duckdns";
passwordFile = config.age.secrets.duckdns.path;
domains = [ "wachbirn.duckdns.org" ];
};
}

14
modules/services/fileshelter.nix
View File

@@ -13,17 +13,17 @@ in
};
config = lib.mkIf cfg.enable {
users.users.fileshelter = {
isSystemUser = true;
uid = cfg.uid;
group = "fileshelter";
isSystemUser = true;
uid = cfg.uid;
group = "fileshelter";
};
users.groups.fileshelter = {};
users.groups.fileshelter = { };
age.secrets.fileshelter-conf = {
file = ../../secrets/fileshelter-conf.age;
owner = "fileshelter";
file = ../../secrets/fileshelter-conf.age;
owner = "fileshelter";
};
systemd.tmpfiles.rules = [
"d /data/fileshelter 0770 fileshelter fileshelter -"
"d /data/fileshelter 0770 fileshelter fileshelter -"
];
custom.misc.docker.enable = true;
virtualisation.oci-containers.backend = "docker";

2
modules/services/games/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [
./terraria.nix

102
modules/services/games/palworld.nix
View File

@@ -1,59 +1,61 @@
# valheim.nix
{config, pkgs, lib, ...}: let
{ config, pkgs, lib, ... }:
let
join = builtins.concatStringsSep " ";
in {
in
{
services.cron = {
enable = true;
systemCronJobs = [
"0 6 * * * root systemctl restart palworld"
];
};
services.cron = {
enable = true;
systemCronJobs = [
"0 6 * * * root systemctl restart palworld"
];
};
networking.firewall.allowedUDPPorts = [ 8211 ]; #5349 ];
users.users.palworld = {
isSystemUser = true;
# Valheim puts save data in the home directory.
home = "/var/lib/palworld";
createHome = true;
homeMode = "750";
group = "palworld";
};
networking.firewall.allowedUDPPorts = [ 8211 ]; #5349 ];
users.users.palworld = {
isSystemUser = true;
# Valheim puts save data in the home directory.
home = "/var/lib/palworld";
createHome = true;
homeMode = "750";
group = "palworld";
};
users.groups.palworld = {};
users.groups.palworld = { };
systemd.services.palworld = {
wantedBy = [ "multi-user.target" ];
systemd.services.palworld = {
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
serviceConfig = {
ExecStartPre = join [
"${pkgs.steamcmd}/bin/steamcmd"
"+force_install_dir /var/lib/palworld"
"+login anonymous"
"+app_update 2394010"
"+quit"
"&& mkdir -p /var/lib/palworld/.steam/sdk64"
"&& cp /var/lib/palworld/linux64/steamclient.so /var/lib/palworld/.steam/sdk64/."
];
ExecStart = join [
"${pkgs.steam-run}/bin/steam-run /var/lib/palworld/Pal/Binaries/Linux/PalServer-Linux-Test Pal"
"-useperfthreads"
"-NoAsyncLoadingThread"
"-UseMultithreadForDS"
];
Nice = "-5";
PrivateTmp = true;
Restart = "on-failure";
User = "palworld";
WorkingDirectory = "~";
};
environment = {
# linux64 directory is required by Valheim.
LD_LIBRARY_PATH = "/var/lib/palworld/linux64:${pkgs.glibc}/lib";
SteamAppId = "2394010";
};
};
serviceConfig = {
ExecStartPre = join [
"${pkgs.steamcmd}/bin/steamcmd"
"+force_install_dir /var/lib/palworld"
"+login anonymous"
"+app_update 2394010"
"+quit"
"&& mkdir -p /var/lib/palworld/.steam/sdk64"
"&& cp /var/lib/palworld/linux64/steamclient.so /var/lib/palworld/.steam/sdk64/."
];
ExecStart = join [
"${pkgs.steam-run}/bin/steam-run /var/lib/palworld/Pal/Binaries/Linux/PalServer-Linux-Test Pal"
"-useperfthreads"
"-NoAsyncLoadingThread"
"-UseMultithreadForDS"
];
Nice = "-5";
PrivateTmp = true;
Restart = "on-failure";
User = "palworld";
WorkingDirectory = "~";
};
environment = {
# linux64 directory is required by Valheim.
LD_LIBRARY_PATH = "/var/lib/palworld/linux64:${pkgs.glibc}/lib";
SteamAppId = "2394010";
};
};
}

54
modules/services/grafana.nix
View File

@@ -1,4 +1,4 @@
{pkgs, config, lib, ...}:
{ pkgs, config, lib, ... }:
let
useHttps = config.services.step-ca.enable;
fqdn = "grafana.home.arpa";
@@ -25,25 +25,25 @@ in
};
provision.alerting.contactPoints.path = config.age.secrets.grafana-contact-points.path;
provision.alerting.policies.path = ./grafana/notification-policies.yml;
provision.alerting.policies.path = ./grafana/notification-policies.yml;
provision.alerting.templates.path = ./grafana/alerts.yml;
provision.datasources.settings = {
datasources =
[
{
name = "DS_PROMETHEUS";
url = "http://127.0.0.1:${toString config.services.prometheus.port}";
type = "prometheus";
isDefault = true;
# This has to match the prometheus scrape interval, otherwise the $__rate_interval variable wont work.
jsonData.timeInterval = "60s";
}
{
name = "loki";
url = "http://localhost:3100";
type = "loki";
}
];
datasources =
[
{
name = "DS_PROMETHEUS";
url = "http://127.0.0.1:${toString config.services.prometheus.port}";
type = "prometheus";
isDefault = true;
# This has to match the prometheus scrape interval, otherwise the $__rate_interval variable wont work.
jsonData.timeInterval = "60s";
}
{
name = "loki";
url = "http://localhost:3100";
type = "loki";
}
];
};
provision.dashboards.settings.providers = [{
name = "provisioned-dashboards";
@@ -63,8 +63,8 @@ in
quic = useHttps;
http3 = useHttps;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
proxyPass = "http://127.0.0.1:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
};
@@ -91,7 +91,7 @@ in
settings.namespaces = [
{
name = "nginxlog";
source.files = ["/var/log/nginx/access.log"];
source.files = [ "/var/log/nginx/access.log" ];
format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\"";
}
];
@@ -101,18 +101,18 @@ in
{
job_name = "scrapema";
static_configs = [{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
] ++
(lib.optional config.services.cadvisor.enable "${config.services.cadvisor.listenAddress}:${toString config.services.cadvisor.port}") ++
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
] ++
(lib.optional config.services.cadvisor.enable "${config.services.cadvisor.listenAddress}:${toString config.services.cadvisor.port}") ++
(lib.optional config.services.prometheus.exporters.nginx.enable "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}") ++
(lib.optional config.services.prometheus.exporters.nginxlog.enable "127.0.0.1:${toString config.services.prometheus.exporters.nginxlog.port}")
;
}];
}];
}
];
};
services.cadvisor = {
enable = true;
listenAddress = "127.0.0.1";

4
modules/services/home-assistant.nix
View File

@@ -13,7 +13,7 @@
config = {
# Includes dependencies for a basic setup
# https://www.home-assistant.io/integrations/default_config/
default_config = {};
default_config = { };
};
};
}
}

2
modules/services/invidious.nix
View File

@@ -1,4 +1,4 @@
{ config, vars, ...} :
{ config, vars, ... }:
let
fqdn = "yt.home.arpa";
useHttps = config.services.step-ca.enable;

245
modules/services/kavita.nix
View File

@@ -21,133 +21,138 @@ in {
};
isTest = mkEnableOption "Is this a test vm?";
};
config = let
fqdn = "kavita-kopatz.duckdns.org";
useStepCa = false; # config.services.step-ca.enable;
useHttps = cfg.https;
baseDir = cfg.dir;
mangal = "${pkgs.mangal-patched}/bin/mangal";
githubRunnerEnabled = config.services.github-runners ? oberprofis.enable;
in lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 5000 ];
systemd.tmpfiles.rules = [
(if githubRunnerEnabled then
"d ${baseDir} 0750 kavita github-actions-runner -"
else
"d ${baseDir} 0770 kavita kavita -")
"d ${baseDir}/manga 0770 kavita kavita -"
] ++ lib.optional githubRunnerEnabled
"d ${baseDir}/github 0770 github-actions-runner kavita -";
config =
let
fqdn = "kavita-kopatz.duckdns.org";
useStepCa = false; # config.services.step-ca.enable;
useHttps = cfg.https;
baseDir = cfg.dir;
mangal = "${pkgs.mangal-patched}/bin/mangal";
githubRunnerEnabled = config.services.github-runners ? oberprofis.enable;
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 5000 ];
systemd.tmpfiles.rules = [
(if githubRunnerEnabled then
"d ${baseDir} 0750 kavita github-actions-runner -"
else
"d ${baseDir} 0770 kavita kavita -")
"d ${baseDir}/manga 0770 kavita kavita -"
] ++ lib.optional githubRunnerEnabled
"d ${baseDir}/github 0770 github-actions-runner kavita -";
age.secrets.kavita = mkIf (!cfg.isTest) {
file = ../../secrets/kavita.age;
owner = "kavita";
group = "kavita";
};
services.kavita = {
enable = true;
user = "kavita";
package = let
backend = pkgs.unstable.kavita.backend.overrideAttrs
(old: { patches = old.patches ++ [ ./kavita-patches-chapter-parsing.diff ./kavita-page-size.diff ]; });
kavitaPatched = pkgs.unstable.kavita.overrideAttrs (old: { backend = backend; });
in kavitaPatched;
settings = {
Port = 5000;
IpAddresses = "127.0.0.1";
BaseUrl = "/kavita";
age.secrets.kavita = mkIf (!cfg.isTest) {
file = ../../secrets/kavita.age;
owner = "kavita";
group = "kavita";
};
dataDir = baseDir;
tokenKeyFile = if cfg.isTest then
(builtins.toFile "test"
"wWKNeGUslGILrUUp8Dnn4xyYnivZWBb8uqjKg3ALyCs7reV5v3CtE/E2b6i0Mwz1Xw1p9a0wcduRDNoa8Yh8kQ==")
else
config.age.secrets.kavita.path;
};
#todo: base url needs new kavita version
systemd.services = {
kavita = {
after = [ "nginx.service" ] ++ lib.optional useStepCa "step-ca.service";
services.kavita = {
enable = true;
user = "kavita";
package =
let
backend = pkgs.unstable.kavita.backend.overrideAttrs
(old: { patches = old.patches ++ [ ./kavita-patches-chapter-parsing.diff ./kavita-page-size.diff ]; });
kavitaPatched = pkgs.unstable.kavita.overrideAttrs (old: { backend = backend; });
in
kavitaPatched;
settings = {
Port = 5000;
IpAddresses = "127.0.0.1";
BaseUrl = "/kavita";
};
dataDir = baseDir;
tokenKeyFile =
if cfg.isTest then
(builtins.toFile "test"
"wWKNeGUslGILrUUp8Dnn4xyYnivZWBb8uqjKg3ALyCs7reV5v3CtE/E2b6i0Mwz1Xw1p9a0wcduRDNoa8Yh8kQ==")
else
config.age.secrets.kavita.path;
};
download-manga = mkIf cfg.autoDownload {
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
startAt = "*-*-* 19:00:00";
restartIfChanged = false;
script = ''
${mangal} clear -q
${mangal} clear -c
${mangal} inline -S Mangapill -q omniscient -m first -d
${mangal} inline -S Mangapill --query "oshi-no-ko" --manga first --download
${mangal} inline -S Mangapill --query "Frieren" --manga first --download -f
${mangal} inline -S Mangapill --query "Chainsaw" --manga first --download
${mangal} inline -S Mangapill --query "Jujutsu%20Kaisen" --manga first --download
${mangal} inline -S Mangapill --query "solo-leveling" --manga first --download
${mangal} inline -S Mangapill --query "the-greatest-real-estate" --manga first --download
${mangal} inline -S Mangapill --query "66666_years" --manga first --download
${mangal} inline -S Mangapill --query "Return_of_the_blossoming" --manga first --download
${mangal} inline -S Mangapill --query "path_of_the_shaman" --manga first --download
${mangal} inline -S Mangapill --query "pick_me_up" --manga first --download
${mangal} inline -S Mangapill --query "revenge_of_the_iron_blooded" --manga first --download
${mangal} inline -S Mangapill --query "northern_blade" --manga first --download
${mangal} inline -S Mangapill --query "Dungeon_reset" --manga first --download
${mangal} inline -S Mangapill --query "iruma-kun" --manga first --download
${mangal} inline -S Manganato --query "grand_blue" --manga first --download
${mangal} inline -S Manganato --query "sss-class_suicide" --manga first --download
${mangal} inline -S Manganato --query "cultivation_chat" --manga first --download
${mangal} inline -S Manganato --query "gokushufudo" --manga first --download
${mangal} inline -S Manganato --query "slime" --manga first --download
${mangal} inline -S Manganato --query "nano_machine" --manga first --download
${mangal} inline -S Manganato --query "kill_the_hero" --manga first --download
${mangal} inline -S Manganato --query "Seoul_Station_Necromancer" --manga first --download
${mangal} inline -S Manganato --query "grandmaster_of_demonic" --manga first --download
${mangal} inline -S Manganato --query "becoming_the_monarch" --manga first --download
${mangal} inline -S Manganato --query "sleeping" --manga first --download
${mangal} inline -S Manganato --query "Terror_man" --manga first --download
${mangal} inline -S Manganato --query "I_Stole_the_Number_One_Ranker" --manga first --download
${mangal} inline -S Manganato --query "hidan_no_aria" --manga first --download
${mangal} inline -S AsuraScans --query "the_max_level_hero" --manga first --download
${mangal} inline -S Manganato --query "Parallel_City" --manga first --download
${mangal} inline -S Manganato --query "Existence" --manga first --download
${mangal} inline -S Mangapill --query "Call_of_the_Night" --manga first --download
'';
serviceConfig = {
PrivateTmp = true;
User = "kavita";
Group = "kavita";
Type = "oneshot";
WorkingDirectory = "${baseDir}/manga";
#todo: base url needs new kavita version
systemd.services = {
kavita = {
after = [ "nginx.service" ] ++ lib.optional useStepCa "step-ca.service";
};
download-manga = mkIf cfg.autoDownload {
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
startAt = "*-*-* 19:00:00";
restartIfChanged = false;
script = ''
${mangal} clear -q
${mangal} clear -c
${mangal} inline -S Mangapill -q omniscient -m first -d
${mangal} inline -S Mangapill --query "oshi-no-ko" --manga first --download
${mangal} inline -S Mangapill --query "Frieren" --manga first --download -f
${mangal} inline -S Mangapill --query "Chainsaw" --manga first --download
${mangal} inline -S Mangapill --query "Jujutsu%20Kaisen" --manga first --download
${mangal} inline -S Mangapill --query "solo-leveling" --manga first --download
${mangal} inline -S Mangapill --query "the-greatest-real-estate" --manga first --download
${mangal} inline -S Mangapill --query "66666_years" --manga first --download
${mangal} inline -S Mangapill --query "Return_of_the_blossoming" --manga first --download
${mangal} inline -S Mangapill --query "path_of_the_shaman" --manga first --download
${mangal} inline -S Mangapill --query "pick_me_up" --manga first --download
${mangal} inline -S Mangapill --query "revenge_of_the_iron_blooded" --manga first --download
${mangal} inline -S Mangapill --query "northern_blade" --manga first --download
${mangal} inline -S Mangapill --query "Dungeon_reset" --manga first --download
${mangal} inline -S Mangapill --query "iruma-kun" --manga first --download
${mangal} inline -S Manganato --query "grand_blue" --manga first --download
${mangal} inline -S Manganato --query "sss-class_suicide" --manga first --download
${mangal} inline -S Manganato --query "cultivation_chat" --manga first --download
${mangal} inline -S Manganato --query "gokushufudo" --manga first --download
${mangal} inline -S Manganato --query "slime" --manga first --download
${mangal} inline -S Manganato --query "nano_machine" --manga first --download
${mangal} inline -S Manganato --query "kill_the_hero" --manga first --download
${mangal} inline -S Manganato --query "Seoul_Station_Necromancer" --manga first --download
${mangal} inline -S Manganato --query "grandmaster_of_demonic" --manga first --download
${mangal} inline -S Manganato --query "becoming_the_monarch" --manga first --download
${mangal} inline -S Manganato --query "sleeping" --manga first --download
${mangal} inline -S Manganato --query "Terror_man" --manga first --download
${mangal} inline -S Manganato --query "I_Stole_the_Number_One_Ranker" --manga first --download
${mangal} inline -S Manganato --query "hidan_no_aria" --manga first --download
${mangal} inline -S AsuraScans --query "the_max_level_hero" --manga first --download
${mangal} inline -S Manganato --query "Parallel_City" --manga first --download
${mangal} inline -S Manganato --query "Existence" --manga first --download
${mangal} inline -S Mangapill --query "Call_of_the_Night" --manga first --download
'';
serviceConfig = {
PrivateTmp = true;
User = "kavita";
Group = "kavita";
Type = "oneshot";
WorkingDirectory = "${baseDir}/manga";
};
};
};
};
# services.nginx.virtualHosts."kopatz.ddns.net".locations."/kavita" = {
# proxyPass = "http://127.0.0.1:5000";
# extraConfig = ''
# add_header Access-Control-Allow-Origin *;
# add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
# add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept";
# '';
# };
security.acme.certs."${fqdn}" = lib.mkIf useStepCa {
server = "https://127.0.0.1:8443/acme/kop-acme/directory";
# services.nginx.virtualHosts."kopatz.ddns.net".locations."/kavita" = {
# proxyPass = "http://127.0.0.1:5000";
# extraConfig = ''
# add_header Access-Control-Allow-Origin *;
# add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
# add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept";
# '';
# };
security.acme.certs."${fqdn}" = lib.mkIf useStepCa {
server = "https://127.0.0.1:8443/acme/kop-acme/directory";
};
services.nginx.virtualHosts."${fqdn}" = {
forceSSL = useHttps;
enableACME = useHttps;
quic = useHttps;
http3 = useHttps;
locations."/".proxyPass = "http://127.0.0.1:5000";
locations."/".extraConfig = ''
more_clear_headers 'x-frame-options';
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept";
'';
};
};
services.nginx.virtualHosts."${fqdn}" = {
forceSSL = useHttps;
enableACME = useHttps;
quic = useHttps;
http3 = useHttps;
locations."/".proxyPass = "http://127.0.0.1:5000";
locations."/".extraConfig = ''
more_clear_headers 'x-frame-options';
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization, Origin, X-Requested-With, Content-Type, Accept";
'';
};
};
}

68
modules/services/kubernetes.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, lib, ...}:
{ pkgs, config, lib, ... }:
# idk, dont need this
with lib;
let
@@ -6,38 +6,40 @@ let
in
{
options.custom.services.kubernetes = {
enable = mkEnableOption "Enables kubernetes";
enable = mkEnableOption "Enables kubernetes";
};
config = let
kubeMasterIP = "localhost";
kubeMasterHostname = "localhost";
in lib.mkIf cfg.enable {
config =
let
kubeMasterIP = "localhost";
kubeMasterHostname = "localhost";
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
# 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
# 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
];
networking.firewall.allowedUDPPorts = [
# 8472 # k3s, flannel: required if using multi-node for inter-node networking
];
services.k3s.enable = true;
services.k3s.role = "server";
services.k3s.extraFlags = toString [
# "--kubelet-arg=v=4" # Optionally add additional args to k3s
];
environment.systemPackages = with pkgs; [
k3s
];
#services.kubernetes = {
# roles = ["master" "node"];
# masterAddress = "localhost";
# apiserverAddress = "https://localhost:6443";
# apiserver = {
# advertiseAddress = "127.0.0.1";
# securePort = 6443;
# allowPrivileged = true;
# };
#};
};
networking.firewall.allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
# 2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
# 2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
];
networking.firewall.allowedUDPPorts = [
# 8472 # k3s, flannel: required if using multi-node for inter-node networking
];
services.k3s.enable = true;
services.k3s.role = "server";
services.k3s.extraFlags = toString [
# "--kubelet-arg=v=4" # Optionally add additional args to k3s
];
environment.systemPackages = with pkgs; [
k3s
];
#services.kubernetes = {
# roles = ["master" "node"];
# masterAddress = "localhost";
# apiserverAddress = "https://localhost:6443";
# apiserver = {
# advertiseAddress = "127.0.0.1";
# securePort = 6443;
# allowPrivileged = true;
# };
#};
};
}

126
modules/services/minecraft-server.nix
View File

@@ -1,66 +1,66 @@
{ pkgs, ...}:
{ pkgs, ... }:
{
services.minecraft-server = {
enable = true;
eula = true;
openFirewall = true;
package = pkgs.unstable.papermc;
declarative = true;
whitelist = {
coolBayram = "514afd03-8ca2-4f60-abe4-4c2a365d223b";
filipus098 = "a09fb009-be78-4e26-9f33-1534186e2228";
};
serverProperties = {
allow-flight=true;
allow-nether=true;
broadcast-console-to-ops=true;
broadcast-rcon-to-ops=true;
debug=false;
difficulty="hard";
enable-command-block=false;
enable-jmx-monitoring=false;
enable-query=false;
enable-rcon=false;
enable-status=true;
enforce-secure-profile=true;
enforce-whitelist=false;
entity-broadcast-range-percentage=100;
force-gamemode=false;
function-permission-level=2;
gamemode="survival";
generate-structures=true;
hardcore=false;
hide-online-players=false;
initial-enabled-packs="vanilla";
level-name="budak";
level-type="minecraft\:normal";
log-ips=true;
max-chained-neighbor-updates=1000000;
max-players=5;
max-tick-time=60000;
max-world-size=29999984;
motd="A Minecraft Server";
network-compression-threshold=256;
online-mode=true;
op-permission-level=4;
player-idle-timeout=0;
prevent-proxy-connections=false;
pvp=true;
"query.port"=25565;
rate-limit=0;
"rcon.password"="123asdadsqwe123123";
"rcon.port"=25575;
require-resource-pack=false;
server-port=25565;
simulation-distance=10;
spawn-animals=true;
spawn-monsters=true;
spawn-npcs=true;
spawn-protection=16;
sync-chunk-writes=true;
use-native-transport=true;
view-distance=10;
white-list=true;
};
services.minecraft-server = {
enable = true;
eula = true;
openFirewall = true;
package = pkgs.unstable.papermc;
declarative = true;
whitelist = {
coolBayram = "514afd03-8ca2-4f60-abe4-4c2a365d223b";
filipus098 = "a09fb009-be78-4e26-9f33-1534186e2228";
};
serverProperties = {
allow-flight = true;
allow-nether = true;
broadcast-console-to-ops = true;
broadcast-rcon-to-ops = true;
debug = false;
difficulty = "hard";
enable-command-block = false;
enable-jmx-monitoring = false;
enable-query = false;
enable-rcon = false;
enable-status = true;
enforce-secure-profile = true;
enforce-whitelist = false;
entity-broadcast-range-percentage = 100;
force-gamemode = false;
function-permission-level = 2;
gamemode = "survival";
generate-structures = true;
hardcore = false;
hide-online-players = false;
initial-enabled-packs = "vanilla";
level-name = "budak";
level-type = "minecraft\:normal";
log-ips = true;
max-chained-neighbor-updates = 1000000;
max-players = 5;
max-tick-time = 60000;
max-world-size = 29999984;
motd = "A Minecraft Server";
network-compression-threshold = 256;
online-mode = true;
op-permission-level = 4;
player-idle-timeout = 0;
prevent-proxy-connections = false;
pvp = true;
"query.port" = 25565;
rate-limit = 0;
"rcon.password" = "123asdadsqwe123123";
"rcon.port" = 25575;
require-resource-pack = false;
server-port = 25565;
simulation-distance = 10;
spawn-animals = true;
spawn-monsters = true;
spawn-npcs = true;
spawn-protection = 16;
sync-chunk-writes = true;
use-native-transport = true;
view-distance = 10;
white-list = true;
};
};
}

4
modules/services/netdata.nix
View File

@@ -1,5 +1,5 @@
{ vars, ... }:
let
let
ip = vars.ipv4;
wireguardIp = vars.wireguardIp;
in
@@ -54,6 +54,6 @@ in
perf = no
freeipmi = no
apps = yes
'';
'';
};
}

120
modules/services/nextcloud.nix
View File

@@ -5,70 +5,70 @@ let
useHttps = config.services.step-ca.enable;
in
{
imports = [ ./postgres.nix ];
security.acme.certs."${fqdn}".server = "https://127.0.0.1:8443/acme/kop-acme/directory";
services.nginx = {
enable = true;
imports = [ ./postgres.nix ];
security.acme.certs."${fqdn}".server = "https://127.0.0.1:8443/acme/kop-acme/directory";
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"${fqdn}" = {
serverAliases = [ wireguardIp ];
## Force HTTP redirect to HTTPS
forceSSL = useHttps;
enableACME = useHttps;
locations."~ \\.php(?:$|/)".extraConfig = ''
client_max_body_size 20G;
'';
};
};
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"${fqdn}" = {
serverAliases = [ wireguardIp ];
## Force HTTP redirect to HTTPS
forceSSL = useHttps;
enableACME = useHttps;
locations."~ \\.php(?:$|/)".extraConfig = ''
client_max_body_size 20G;
'';
};
};
};
age.secrets.nextcloud-admin = {
file = ../../secrets/nextcloud-admin.age;
owner = "nextcloud";
group = "nextcloud";
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud28;
https = true;
hostName = "nextcloud.home.arpa";
config.adminpassFile = config.age.secrets.nextcloud-admin.path;
config.dbtype = "pgsql";
database.createLocally = true;
settings.trusted_domains = [ wireguardIp "nextcloud.home.arpa" ];
home = "/mnt/250ssd/nextcloud";
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit onlyoffice calendar mail;
};
age.secrets.nextcloud-admin = {
file = ../../secrets/nextcloud-admin.age;
owner = "nextcloud";
group = "nextcloud";
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud28;
https = true;
hostName = "nextcloud.home.arpa";
config.adminpassFile = config.age.secrets.nextcloud-admin.path;
config.dbtype = "pgsql";
database.createLocally = true;
settings.trusted_domains = [ wireguardIp "nextcloud.home.arpa" ];
home = "/mnt/250ssd/nextcloud";
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit onlyoffice calendar mail;
};
phpOptions = {
upload_max_filesize = lib.mkForce "20G";
post_max_size = lib.mkForce "20G";
};
extraAppsEnable = true;
settings.enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
];
phpOptions = {
upload_max_filesize = lib.mkForce "20G";
post_max_size = lib.mkForce "20G";
};
extraAppsEnable = true;
settings.enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
];
};
}

124
modules/services/nginx.nix
View File

@@ -45,72 +45,74 @@ in {
more_set_headers "Permissions-Policy: geolocation=(), microphone=()";
'';
virtualHosts = let
kopConfig = {
root = pkgs.kop-website;
forceSSL = cfg.https;
enableACME = cfg.https;
quic = cfg.https;
http3 = cfg.https;
locations = {
"~* \\.(jpg|png)$".extraConfig = ''
add_header Access-Control-Allow-Origin *;
'';
"/stash" = {
basicAuthFile = config.age.secrets.stash-auth.path;
extraConfig = ''
client_max_body_size 20000M;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:7777;
virtualHosts =
let
kopConfig = {
root = pkgs.kop-website;
forceSSL = cfg.https;
enableACME = cfg.https;
quic = cfg.https;
http3 = cfg.https;
locations = {
"~* \\.(jpg|png)$".extraConfig = ''
add_header Access-Control-Allow-Origin *;
'';
};
"/tracker-site" = {
tryFiles = "$uri $uri/ /tracker-site/index.html =404";
};
"/tracker-site/api" = {
extraConfig = ''
rewrite /tracker-site/api/(.*) /$1 break;
'';
proxyPass = "http://127.0.0.1:8080";
};
"/radicale/" = {
extraConfig = ''
proxy_set_header X-Script-Name /radicale;
'';
proxyPass = "http://localhost:5232/";
};
"/socket.io" = { proxyPass = "http://localhost:9955"; proxyWebsockets = true; };
"/comms/" = {
extraConfig = ''
"/stash" = {
basicAuthFile = config.age.secrets.stash-auth.path;
extraConfig = ''
client_max_body_size 20000M;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:7777;
'';
};
"/tracker-site" = {
tryFiles = "$uri $uri/ /tracker-site/index.html =404";
};
"/tracker-site/api" = {
extraConfig = ''
rewrite /tracker-site/api/(.*) /$1 break;
'';
proxyPass = "http://127.0.0.1:8080";
};
"/radicale/" = {
extraConfig = ''
proxy_set_header X-Script-Name /radicale;
'';
proxyPass = "http://localhost:5232/";
};
"/socket.io" = { proxyPass = "http://localhost:9955"; proxyWebsockets = true; };
"/comms/" = {
extraConfig = ''
more_set_headers "Permissions-Policy: geolocation=(), microphone=(self), camera=(self)";
'';
alias = "/comms/";
tryFiles = "$uri $uri/ /comms/index.html";
};
"/comms" = {
extraConfig = ''
return 301 /comms/;
'';
};
"/kavita-client" = {
extraConfig = ''
return 301 /kavita-client/;
'';
};
"/kavita-client/" = {
alias = "/kavita-client/";
'';
alias = "/comms/";
tryFiles = "$uri $uri/ /comms/index.html";
};
"/comms" = {
extraConfig = ''
return 301 /comms/;
'';
};
"/kavita-client" = {
extraConfig = ''
return 301 /kavita-client/;
'';
};
"/kavita-client/" = {
alias = "/kavita-client/";
};
};
};
in
{
"kopatz.ddns.net" = kopConfig;
"kop.oasch.net" = kopConfig;
};
in {
"kopatz.ddns.net" = kopConfig;
"kop.oasch.net" = kopConfig;
};
};
};
}

28
modules/services/paperless.nix
View File

@@ -1,20 +1,20 @@
{ config, pkgs, lib, inputs, vars, ... }:
let
let
ip = vars.ipv4;
wireguardIp = vars.wireguardIp;
in
{
networking.firewall.allowedTCPPorts = [ 28981 ];
age.secrets.paperless = {
file = ../../secrets/paperless.age;
owner = "paperless";
group = "paperless";
};
services.paperless = {
enable = true;
port = 28981;
passwordFile = config.age.secrets.paperless.path;
address = wireguardIp;
mediaDir = "/mnt/250ssd/paperless";
};
networking.firewall.allowedTCPPorts = [ 28981 ];
age.secrets.paperless = {
file = ../../secrets/paperless.age;
owner = "paperless";
group = "paperless";
};
services.paperless = {
enable = true;
port = 28981;
passwordFile = config.age.secrets.paperless.path;
address = wireguardIp;
mediaDir = "/mnt/250ssd/paperless";
};
}

40
modules/services/postgres.nix
View File

@@ -1,23 +1,23 @@
{ pkgs, ... }:
{
services.postgresql = {
enable = true;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method optional_ident_map
local sameuser all peer map=superuser_map
local all postgres peer
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
};
services.postgresqlBackup = {
enable = true;
location = "/var/backup/postgresql";
backupAll = true;
};
services.postgresql = {
enable = true;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method optional_ident_map
local sameuser all peer map=superuser_map
local all postgres peer
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
};
services.postgresqlBackup = {
enable = true;
location = "/var/backup/postgresql";
backupAll = true;
};
}

6
modules/services/rdp.nix
View File

@@ -3,7 +3,7 @@ let
wm = vars.wm;
in
{
services.xrdp.enable = true;
services.xrdp.defaultWindowManager = wm;
services.xrdp.openFirewall = true;
services.xrdp.enable = true;
services.xrdp.defaultWindowManager = wm;
services.xrdp.openFirewall = true;
}

68
modules/services/samba.nix
View File

@@ -1,37 +1,37 @@
{
#services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
#networking.firewall.allowedTCPPorts = [
#5357 # wsdd
#];
#networking.firewall.allowedUDPPorts = [
#3702 # wsdd
#];
services.samba.openFirewall = true;
services.samba = {
enable = true;
securityType = "user";
invalidUsers = [
"root"
];
extraConfig = ''
disable netbios = yes
smb ports = 445
workgroup = WORKGROUP
server string = smbnix
security = user
#use sendfile = yes
#max protocol = smb2
# note: localhost is the ipv6 localhost ::1
hosts allow = 192.168.0. 192.168.174.1 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
homes = {
browseable = "no";
writable = "yes";
};
};
#services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
#networking.firewall.allowedTCPPorts = [
#5357 # wsdd
#];
#networking.firewall.allowedUDPPorts = [
#3702 # wsdd
#];
services.samba.openFirewall = true;
services.samba = {
enable = true;
securityType = "user";
invalidUsers = [
"root"
];
extraConfig = ''
disable netbios = yes
smb ports = 445
workgroup = WORKGROUP
server string = smbnix
security = user
#use sendfile = yes
#max protocol = smb2
# note: localhost is the ipv6 localhost ::1
hosts allow = 192.168.0. 192.168.174.1 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
homes = {
browseable = "no";
writable = "yes";
};
};
};
}

3
modules/services/smartd.nix
View File

@@ -17,7 +17,8 @@ let
--data "$JSON"
'';
cfg = config.custom.services.smartd;
in {
in
{
options.custom.services.smartd = {
enable = lib.mkEnableOption "Enables smartd monitoring";

28
modules/services/ssh.nix
View File

@@ -1,16 +1,16 @@
{
networking.firewall.allowedTCPPorts = [ 22 ];
services.openssh = {
enable = true;
allowSFTP = false;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.X11Forwarding = false;
settings.PermitRootLogin = "prohibit-password";
extraConfig = ''
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
networking.firewall.allowedTCPPorts = [ 22 ];
services.openssh = {
enable = true;
allowSFTP = false;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.X11Forwarding = false;
settings.PermitRootLogin = "prohibit-password";
extraConfig = ''
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
}

54
modules/services/step-ca.nix
View File

@@ -2,33 +2,33 @@
let
root_ca =
''
-----BEGIN CERTIFICATE-----
MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
MTZaFw0zMzEyMDUxNDUxMTZaMCQxDDAKBgNVBAoTA0tvcDEUMBIGA1UEAxMLS29w
IFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATdZBOkNynShXipzhuX
f6dUByD3chNupNWsagYC5AlPRJT9fAeHEIK/bxWkFwRtLBDopWvBu9lHahBgpHc7
y7rTo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNV
HQ4EFgQU9AVtwipW5HDBLfZRH1KZCnIKCfowCgYIKoZIzj0EAwIDSQAwRgIhAMHj
AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
gpuVkfVkA8gQCXNs5F9TnxA=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
MTZaFw0zMzEyMDUxNDUxMTZaMCQxDDAKBgNVBAoTA0tvcDEUMBIGA1UEAxMLS29w
IFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATdZBOkNynShXipzhuX
f6dUByD3chNupNWsagYC5AlPRJT9fAeHEIK/bxWkFwRtLBDopWvBu9lHahBgpHc7
y7rTo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNV
HQ4EFgQU9AVtwipW5HDBLfZRH1KZCnIKCfowCgYIKoZIzj0EAwIDSQAwRgIhAMHj
AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
gpuVkfVkA8gQCXNs5F9TnxA=
-----END CERTIFICATE-----
'';
intermediate_ca =
''
-----BEGIN CERTIFICATE-----
MIIBtDCCAVqgAwIBAgIQbEVEV7LgtjVWO+qBrrmgETAKBggqhkjOPQQDAjAkMQww
CgYDVQQKEwNLb3AxFDASBgNVBAMTC0tvcCBSb290IENBMB4XDTIzMTIwODE0NTEx
N1oXDTMzMTIwNTE0NTExN1owLDEMMAoGA1UEChMDS29wMRwwGgYDVQQDExNLb3Ag
SW50ZXJtZWRpYXRlIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmv7jg7Cs
4L5v52+3yUmn79hZFS2vmm/5wwcUCL63dokEXQsHgbEjaRKsF/MW0yJDLTB6Sdhl
pCvoNJqITWuEN6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFDgVolMCmdrhDIXhuIs4q/KwRKNLMB8GA1UdIwQYMBaAFPQF
bcIqVuRwwS32UR9SmQpyCgn6MAoGCCqGSM49BAMCA0gAMEUCIQCQa01E+UvAJ8KR
DFfDducZUpW4tZRN35lqoge7T9nM2QIgK4FFt1NqDqcjOSabAXPOQ68bvdxlHW0y
AgN9qNc3Jbo=
-----END CERTIFICATE-----
'';
-----BEGIN CERTIFICATE-----
MIIBtDCCAVqgAwIBAgIQbEVEV7LgtjVWO+qBrrmgETAKBggqhkjOPQQDAjAkMQww
CgYDVQQKEwNLb3AxFDASBgNVBAMTC0tvcCBSb290IENBMB4XDTIzMTIwODE0NTEx
N1oXDTMzMTIwNTE0NTExN1owLDEMMAoGA1UEChMDS29wMRwwGgYDVQQDExNLb3Ag
SW50ZXJtZWRpYXRlIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmv7jg7Cs
4L5v52+3yUmn79hZFS2vmm/5wwcUCL63dokEXQsHgbEjaRKsF/MW0yJDLTB6Sdhl
pCvoNJqITWuEN6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFDgVolMCmdrhDIXhuIs4q/KwRKNLMB8GA1UdIwQYMBaAFPQF
bcIqVuRwwS32UR9SmQpyCgn6MAoGCCqGSM49BAMCA0gAMEUCIQCQa01E+UvAJ8KR
DFfDducZUpW4tZRN35lqoge7T9nM2QIgK4FFt1NqDqcjOSabAXPOQ68bvdxlHW0y
AgN9qNc3Jbo=
-----END CERTIFICATE-----
'';
in
{
@@ -82,9 +82,9 @@ in
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
];
minVersion = 1.2;
maxVersion = 1.3;
renegotiation = false;
minVersion = 1.2;
maxVersion = 1.3;
renegotiation = false;
};
};
};

Some files were not shown because too many files have changed in this diff Show More