Merge branch 'master' of github.com:Kropatz/dotfiles

flake.nix

@@ -49,7 +49,7 @@
         ./modules/motd.nix
         ./modules/postgres.nix
         ./modules/fail2ban.nix
-        ./modules/nix-settings.nix
+        ./modules/nix/settings.nix
         ./modules/adguard.nix
         ./modules/git.nix
         ./modules/github-runner.nix
@@ -87,6 +87,29 @@
         inherit inputs ;
       };
     };
+    nixosConfigurations."kop-pc" = nixpkgs.lib.nixosSystem {
+        inherit system;
+        specialArgs = {
+          inherit inputs ;
+        };
+        modules = [
+          ./users/kopatz.nix
+          ./modules/graphical/plasma.nix
+          ./modules/graphical/shared.nix
+          ./modules/nix/settings.nix
+          ./modules/nix/index.nix
+          ./modules/nix/ld.nix
+          ./modules/gpg.nix
+          ./modules/virt-manager.nix
+          ./modules/flatpak.nix
+          ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
+          ./modules/wooting.nix
+          ./modules/support/ntfs.nix
+          ./systems/pc/configuration.nix
+          agenix.nixosModules.default
+          home-manager.nixosModules.home-manager
+        ];
+    };
     nixosConfigurations."nix-laptop" = nixpkgs.lib.nixosSystem {
         inherit system;
         specialArgs = {
@@ -97,6 +120,7 @@
         modules = [
           ./users/kopatz.nix
           # Todo: refactor file layout
+          ./modules/graphical/gnome.nix
           ./laptop/configuration.nix
           ./modules/virt-manager.nix
           ./modules/ssh.nix

modules/flatpak.nix

@@ -0,0 +1,3 @@
+{
+      services.flatpak.enable = true;
+}

modules/gpg.nix

@@ -0,0 +1,13 @@
+{pkgs, ...}:
+{
+  #services.pcscd.enable = true;
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+    pinentryFlavor = "qt";
+  };
+  #environment.systemPackages = with pkgs; [
+  #  pinentry-curses
+ # ];
+}

modules/graphical/gnome.nix

@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+
+{
+  services.xserver = {
+    layout = "at";
+    xkbVariant = "";
+    enable = true;
+    displayManager.gdm.enable = true;
+    desktopManager.gnome.enable = true;
+  };
+
+  # Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
+  systemd.services."getty@tty1".enable = false;
+  systemd.services."autovt@tty1".enable = false;
+
+  environment.sessionVariables.NIXOS_OZONE_WL = "1";
+
+  environment.gnome.excludePackages = (with pkgs; [
+  gnome-photos
+  gnome-tour
+  ]) ++ (with pkgs.gnome; [
+    cheese # webcam tool
+    gnome-music
+    gnome-terminal
+    gedit # text editor
+    epiphany # web browser
+    #geary # email reader
+    evince # document viewer
+    gnome-characters
+    totem # video player
+    tali # poker game
+    iagno # go game
+    hitori # sudoku game
+    atomix # puzzle game
+  ]);
+
+  environment.systemPackages = with pkgs; [
+    wmctrl
+    gnome.mutter
+    gnome.adwaita-icon-theme
+    gnome.gnome-settings-daemon
+    gnome.gnome-tweaks
+    gnome.dconf-editor
+    gruvbox-gtk-theme
+    colloid-icon-theme
+    gnomeExtensions.appindicator
+    gnomeExtensions.just-perfection
+    gnomeExtensions.system-monitor
+    gnomeExtensions.dash2dock-lite
+    gnomeExtensions.dash-to-dock
+    gnomeExtensions.vitals
+    gnomeExtensions.rounded-window-corners
+    gnomeExtensions.wallpaper-switcher
+    gnomeExtensions.backslide
+    gnomeExtensions.nextcloud-folder
+    gnomeExtensions.tray-icons-reloaded
+    gnomeExtensions.blur-my-shell
+  ];
+}

modules/graphical/plasma.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+  services.xserver = {
+    layout = "at";
+    xkbVariant = "";
+    enable = true;
+    displayManager.sddm.enable = true;
+    desktopManager.plasma5.enable = true;
+  };
+}

modules/graphical/shared.nix

@@ -0,0 +1,83 @@
+{ config, pkgs, inputs, ... }:
+
+let
+  keepassWithPlugins = pkgs.keepass.override {
+    plugins = [
+      pkgs.keepass-keepassrpc
+    ];
+  };
+in
+{
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
+    dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
+  };
+
+  programs.kdeconnect.enable = true;
+
+  fonts.fontDir.enable = true;
+  fonts.fonts = with pkgs; [
+    nerdfonts
+  ];
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPortRanges = [
+      { from = 1714; to = 1764; } # KDE Connect
+    ];
+    allowedUDPPortRanges = [
+      { from = 1714; to = 1764; } # KDE Connect
+    ];
+  };
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  #  wget
+    wget
+    nixos-option
+    kate
+    keepassWithPlugins
+    jetbrains.idea-ultimate
+    jetbrains.rider
+    dotnet-sdk_7
+    dotnet-runtime_7
+    neovim
+    htop
+    btop
+    git
+    xfce.thunar
+    killall
+    xclip
+    usbutils
+    bun
+    inputs.agenix.packages."x86_64-linux".default
+    insomnia
+    remmina
+    nextcloud-client
+    #podman-compose
+    #arion # docker
+    neofetch
+    thunderbird
+    rofi
+    pdfgrep
+    taisei
+    ncdu
+    localsend
+    element-desktop
+    tetrio-desktop
+  ];
+
+  environment.sessionVariables = {
+    DOTNET_ROOT = "${pkgs.dotnet-sdk_7}";
+  };
+
+  ### docker
+  virtualisation.docker.enable = true;
+}

modules/nginx.nix

@@ -52,9 +52,28 @@
                     '';
                     proxyPass = "http://127.0.0.1:8080";
                 };
+ 
  	           #locations."~/books(.*)$" = {
                #    proxyPass = "http://127.0.0.1:5000";
                #};
+            };
+            #discord bot for tracking useractivity public version 
+            "activitytracker.site" = {
+                #serverAliases = [
+                #     "localhost"
+                #]; 
+                root = "/data/website";
+                forceSSL = true;
+                enableACME = true;
+                locations."/tracker-site-public" = {
+	                tryFiles = "$uri $uri/ /tracker-site-public/index.html =404";
+		        };
+                locations."/api" = {
+                    extraConfig =''
+                        rewrite /api/(.*) /$1 break;
+                    '';
+                    proxyPass = "http://127.0.0.1:8081";
+                };
            };
             "adguard.local" = {
                 locations."/".proxyPass = "http://127.0.0.1:3000";

modules/nix/index.nix

@@ -0,0 +1,7 @@
+{
+    programs.command-not-found.enable = false;
+    programs.nix-index = {
+        enable = true;
+        enableZshIntegration=true;
+    };
+}

modules/nix/ld.nix

@@ -0,0 +1,3 @@
+{
+  programs.nix-ld.enable = true;
+}

modules/support/ntfs.nix

@@ -0,0 +1,3 @@
+{
+  boot.supportedFilesystems = [ "ntfs" ];
+}

modules/wooting.nix

@@ -0,0 +1,31 @@
+{ pkgs, lib, ...}:
+let 
+  wooting-udev = pkgs.stdenv.mkDerivation rec {
+    pname = "wooting-udev-rules";
+    version = "unstable-2023-03-31";
+
+    # Source: https://help.wooting.io/en/article/wootility-configuring-device-access-for-wootility-under-linux-udev-rules-r6lb2o/
+    src = [ ./wooting.rules ];
+
+    dontUnpack = true;
+
+    installPhase = ''
+      install -Dpm644 $src $out/lib/udev/rules.d/70-wooting.rules
+    '';
+
+    meta = with lib; {
+      homepage = "https://help.wooting.io/en/article/wootility-configuring-device-access-for-wootility-under-linux-udev-rules-r6lb2o/";
+      description = "udev rules that give NixOS permission to communicate with Wooting keyboards";
+      platforms = platforms.linux;
+      license = "unknown";
+      maintainers = with maintainers; [ davidtwco ];
+    };
+};
+in
+{ 
+  services.udev.packages = [ wooting-udev ];
+
+  environment.systemPackages = with pkgs; [
+    wootility
+  ];
+}

modules/wooting.rules

@@ -0,0 +1,12 @@
+# Wooting Two HE (ARM)
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1230", MODE:="0666", GROUP="input"
+SUBSYSTEM=="usb", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1230", MODE:="0666", GROUP="input"
+# Wooting Two HE Alt-gamepad mode
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1231", MODE:="0666", GROUP="input"
+SUBSYSTEM=="usb", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1231", MODE:="0666", GROUP="input"
+# Wooting Two HE 2nd Alt-gamepad mode
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1232", MODE:="0666", GROUP="input"
+SUBSYSTEM=="usb", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1232", MODE:="0666", GROUP="input"
+
+# Wooting Two HE (ARM) update mode
+SUBSYSTEM=="hidraw", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="123f", MODE:="0666", GROUP="input"

systems/pc/configuration.nix

@@ -0,0 +1,127 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Enable OpenGL
+  hardware.opengl = {
+    enable = true;
+    driSupport = true;
+    driSupport32Bit = true;
+  };
+
+  services.xserver.videoDrivers = ["nvidia"];
+  hardware.nvidia = {
+    # Modesetting is required.
+    modesetting.enable = true;
+    # Nvidia power management. Experimental, and can cause sleep/suspend to fail.
+    powerManagement.enable = false;
+    # Fine-grained power management. Turns off GPU when not in use.
+    # Experimental and only works on modern Nvidia GPUs (Turing or newer).
+    powerManagement.finegrained = false;
+    # Use the NVidia open source kernel module (not to be confused with the
+    # independent third-party "nouveau" open source driver).
+    # Support is limited to the Turing and later architectures. Full list of 
+    # supported GPUs is at: 
+    # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 
+    # Only available from driver 515.43.04+
+    # Currently alpha-quality/buggy, so false is currently the recommended setting.
+    open = false;
+    # Enable the Nvidia settings menu,
+	# accessible via `nvidia-settings`.
+    nvidiaSettings = true;
+    # Optionally, you may need to select the appropriate driver version for your specific GPU.
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+  };
+  networking.hostName = "kop-pc"; # Define your hostname.
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Vienna";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_AT.UTF-8";
+    LC_IDENTIFICATION = "de_AT.UTF-8";
+    LC_MEASUREMENT = "de_AT.UTF-8";
+    LC_MONETARY = "de_AT.UTF-8";
+    LC_NAME = "de_AT.UTF-8";
+    LC_NUMERIC = "de_AT.UTF-8";
+    LC_PAPER = "de_AT.UTF-8";
+    LC_TELEPHONE = "de_AT.UTF-8";
+    LC_TIME = "de_AT.UTF-8";
+  };
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+  # Configure keymap in X11
+  services.xserver = {
+    layout = lib.mkForce "de";
+    xkbVariant = lib.mkForce "us";
+  };
+
+  # Configure console keymap
+  console.keyMap = "de";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound with pipewire.
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    #jack.enable = true;
+
+    # use the example session manager (no others are packaged yet so this is enabled by default,
+    # no need to redefine it in your config for now)
+    #media-session.enable = true;
+  };
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  # services.xserver.libinput.enable = true;
+
+  # Enable automatic login for the user.
+  services.xserver.displayManager.autoLogin.enable = true;
+  services.xserver.displayManager.autoLogin.user = "kopatz";
+
+  # Allow unfree packages
+  nixpkgs.config.allowUnfree = true;
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+  #  wget
+  ];
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+}

systems/pc/hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/dd65bdf8-c003-439c-a1aa-d050cb20959d";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/5AA5-45E0";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

users/anon.nix

@@ -17,6 +17,11 @@ in
     useUserPackages = true;
     users.${user} = {
       programs.git.enable = true;
+      programs.direnv = {
+        enable = true;
+        enableZshIntegration = true;
+        nix-direnv.enable = true;
+      };
       programs.zsh = {
         enable = true;
         enableCompletion = true;

users/kopatz.nix

@@ -33,6 +33,12 @@ in
           theme = "eastwood";
         };
       };
+      programs.git.enable = true;
+      programs.direnv = {
+        enable = true;
+        enableZshIntegration = true;
+        nix-direnv.enable = true;
+      };
       home.stateVersion = "23.05";
     };
   };
@@ -47,6 +53,7 @@ in
       (discord.override { withVencord = true; })
       librewolf
       ungoogled-chromium
+      brave
     ];
     openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas"