Merge remote-tracking branch 'origin/nixos' into nixos

nixos
Moritz Böhme 2023-10-20 13:43:01 +02:00
commit 41369784d2
43 changed files with 1291 additions and 1066 deletions

9
.nixd.json Normal file
View File

@ -0,0 +1,9 @@
{
"options": {
"enable": true,
"target": {
"args": [],
"installable": ".#nixosConfigurations.nixos-desktop.options"
}
}
}

File diff suppressed because it is too large Load Diff

343
flake.nix
View File

@ -1,60 +1,58 @@
{ {
description = "My awesome system config"; description = "My awesome system config";
/*
Inputs
*/
inputs = { inputs = {
# Nix # Nix
master.url = "github:nixos/nixpkgs";
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
stable.url = "github:nixos/nixpkgs/nixos-23.05";
flake-utils.url = "github:numtide/flake-utils";
agenix.inputs.nixpkgs.follows = "nixpkgs"; agenix.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
devshell.url = "github:numtide/devshell";
disko.url = "github:nix-community/disko";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-utils.url = "github:numtide/flake-utils";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
impermanence.url = "github:nix-community/impermanence";
nil.inputs.flake-utils.follows = "flake-utils"; master.url = "github:nixos/nixpkgs";
nil.inputs.nixpkgs.follows = "nixpkgs"; nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nil.url = "github:oxalica/nil";
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
stable.url = "github:nixos/nixpkgs/nixos-23.05";
nur.url = "github:nix-community/NUR";
nix-index-database.url = "github:Mic92/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
nix-super.url = "github:privatevoid-net/nix-super"; # Programs
nix-super.inputs.nixpkgs.follows = "stable"; nix-super.inputs.nixpkgs.follows = "stable";
nix-super.url = "github:privatevoid-net/nix-super/518ce777422c6ade8988a3dd1bebb407a08f3851"; # NOTE: because nix 1.18 is borked
rofi-wayland.url = "github:lbonn/rofi/wayland";
rofi-wayland.flake = false; rofi-wayland.flake = false;
rofi-wayland.url = "github:lbonn/rofi/wayland";
timers.url = "git+https://gitea.moritzboeh.me/moritz/timers.git";
# Neovim # Neovim
neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay";
smartcolumn-nvim.flake = false;
smartcolumn-nvim.url = "github:m4xshen/smartcolumn.nvim";
telekasten-nvim.flake = false;
telekasten-nvim.url = "github:renerocksai/telekasten.nvim";
telescope-nvim.flake = false;
telescope-nvim.url = "github:nvim-telescope/telescope.nvim";
nvim-treesitter.flake = false;
nvim-treesitter.url = "github:nvim-treesitter/nvim-treesitter/v0.9.1"; # NOTE: to fix weird latest issues
hmts-nvim.flake = false;
hmts-nvim.url = "github:calops/hmts.nvim";
actions-preview-nvim.flake = false; actions-preview-nvim.flake = false;
actions-preview-nvim.url = "github:aznhe21/actions-preview.nvim"; actions-preview-nvim.url = "github:aznhe21/actions-preview.nvim";
codeium-nvim = {
codeium-nvim.url = "github:jcdickinson/codeium.nvim"; inputs.nixpkgs.follows = "nixpkgs";
codeium-nvim.inputs.nixpkgs.follows = "nixpkgs"; inputs.flake-utils.follows = "flake-utils";
url = "github:jcdickinson/codeium.nvim";
};
hmts-nvim.flake = false;
hmts-nvim.url = "github:calops/hmts.nvim";
neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay";
nix-lazy-nvim.url = "git+https://git.moritzboeh.me/moritz/NixLazy.nvim";
nvim-lspconfig.flake = false;
nvim-lspconfig.url = "github:neovim/nvim-lspconfig";
nvim-puppeteer.flake = false;
nvim-puppeteer.url = "github:chrisgrieser/nvim-puppeteer";
nvim-treesitter.flake = false;
nvim-treesitter.url = "github:nvim-treesitter/nvim-treesitter/v0.9.1"; # NOTE: to fix weird latest issues
smartcolumn-nvim.flake = false;
smartcolumn-nvim.url = "github:m4xshen/smartcolumn.nvim";
telekasten-nvim.flake = false;
telekasten-nvim.url = "github:renerocksai/telekasten.nvim";
telescope-nvim.flake = false;
telescope-nvim.url = "github:nvim-telescope/telescope.nvim";
none-ls-nvim.flake = false;
none-ls-nvim.url = "github:nvimtools/none-ls.nvim";
# Hyprland # Hyprland
hypr-contrib.url = "github:hyprwm/contrib"; hypr-contrib.url = "github:hyprwm/contrib";
@ -68,147 +66,158 @@
# Firefox user.js # Firefox user.js
arkenfox-userjs.url = "github:arkenfox/user.js"; arkenfox-userjs.url = "github:arkenfox/user.js";
arkenfox-userjs.flake = false; arkenfox-userjs.flake = false;
timers.url = "git+https://gitea.moritzboeh.me/moritz/timers.git";
}; };
/* outputs = inputs@{ self, flake-parts, ... }:
Outputs
*/
outputs = inputs@{ self, nixpkgs, ... }:
let let
systems = [ "x86_64-linux" "aarch64-linux" ]; defaultOverlays = [
forEachSystem = lib.genAttrs systems;
lib = nixpkgs.lib.extend
(self: _: { my = import ./lib { lib = self; }; });
overlay = import ./overlays {
inherit inputs;
inherit (self) lib;
};
config.allowUnfree = true;
overlays = [
inputs.hypr-contrib.overlays.default inputs.hypr-contrib.overlays.default
inputs.neovim-nightly-overlay.overlay inputs.neovim-nightly-overlay.overlay
overlay self.overlays.default
]; ];
pkgsFor = system: import nixpkgs { finalOverlays = defaultOverlays ++ [
inherit system config; (
overlays = overlays ++ [ _: prev: {
( master = import inputs.master {
_: prev: { inherit (prev) system;
master = import inputs.master { overlays = defaultOverlays;
inherit (prev) system; };
inherit overlays config; stable = import inputs.stable {
}; inherit (prev) system;
stable = import inputs.stable { overlays = defaultOverlays;
inherit (prev) system; };
inherit overlays config; nur = import inputs.nur {
}; pkgs = prev;
nurpkgs = prev;
};
}
)
];
in
flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
inputs.pre-commit-hooks.flakeModule
inputs.devshell.flakeModule
];
systems = [ "x86_64-linux" ];
perSystem = { config, self', inputs', pkgs, system, ... }: {
_module.args.pkgs =
import inputs.nixpkgs {
inherit system;
overlays = finalOverlays;
};
devshells.default = {
devshell.startup.pre-commit-hook.text = config.pre-commit.installationScript;
commands = [
{
name = "agenix";
help = "wrapper around agenix";
command = ''
sudo EDITOR="${pkgs.lib.getExe pkgs.vim}" ${pkgs.lib.getExe' inputs'.agenix.packages.default "agenix"} --identity /etc/ssh/ssh_host_ed25519_key "$@"
'';
} }
) {
overlay name = "nixos-build";
]; help = "use nom to build system";
command =
''
nom build --no-link ".#nixosConfigurations.$(hostname).config.system.build.toplevel" $@
'';
}
{
name = "nixos-switch";
help = "wrapper for nixos-rebuild switch";
command = "sudo nixos-rebuild switch --flake . $@";
}
{
name = "nixos-test";
help = "wrapper for nixos-rebuild switch";
command = "sudo nixos-rebuild test --flake . $@";
}
{
name = "nixos-boot";
help = "wrapper for nixos-rebuild switch";
command = "sudo nixos-rebuild boot --flake . $@";
}
];
};
pre-commit = {
check.enable = true;
settings = {
hooks = {
nixpkgs-fmt.enable = true;
statix.enable = true;
shellcheck.enable = true;
stylua.enable = true;
};
};
};
legacyPackages = pkgs;
packages =
self.lib.filterAttrs (_: self.lib.isDerivation)
(self.overlays.default pkgs pkgs);
}; };
defaultModules = [ flake = {
{ nixpkgs = { inherit config; }; } lib = inputs.nixpkgs.lib.extend
./modules (self: _: { my = import ./lib { lib = self; }; });
inputs.home-manager.nixosModule
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit inputs self; };
};
}
inputs.agenix.nixosModules.age
];
hosts = self.lib.my.mapModules overlays.default = import ./overlays {
(path: inherit inputs;
let inherit (self) lib;
system = import "${path}/system.nix"; };
pkgs = pkgsFor system;
in nixosConfigurations = self.lib.my.mapModules
lib.nixosSystem { (path: self.lib.nixosSystem {
inherit pkgs system lib; inherit (self) lib;
specialArgs = { specialArgs = {
inherit inputs self; inherit inputs self;
}; };
modules = defaultModules ++ [ path ]; modules =
}) [
./hosts; ./modules
{
pre-commit-check = system: inputs.pre-commit-hooks.lib."${system}".run { nixpkgs = {
src = ./.; overlays = finalOverlays;
hooks = { config.allowUnfree = true;
nixpkgs-fmt.enable = true; };
statix.enable = true; }
shellcheck.enable = true; {
stylua.enable = true; home-manager = {
}; useGlobalPkgs = true;
}; useUserPackages = true;
in extraSpecialArgs = { inherit inputs self; };
with lib; { sharedModules = [ inputs.nix-lazy-nvim.homeManagerModules.default ];
inherit lib; };
}
# ╔══════════════════════════════════════════════════════════╗ inputs.agenix.nixosModules.age
# ║ NixOS Configurations ║ inputs.disko.nixosModules.default
# ╚══════════════════════════════════════════════════════════╝ inputs.home-manager.nixosModule
inputs.impermanence.nixosModules.impermanence
nixosConfigurations = hosts; inputs.nix-index-database.nixosModules.nix-index
path
# ╔══════════════════════════════════════════════════════════╗
# ║ Other Outputs ║
# ╚══════════════════════════════════════════════════════════╝
devShells = forEachSystem (system:
let
pkgs = pkgsFor system;
in
{
default = pkgs.mkShell
{
inherit (pre-commit-check system) shellHook;
name = "dotfiles";
packages = with pkgs; [
# Secrets
agenix
# cachix
cachix
]; ];
}; })
}); ./hosts;
};
checks = forEachSystem (system: {
pre-commit-check = pre-commit-check system;
});
legacyPackages = forEachSystem pkgsFor;
packages = forEachSystem (system:
let
pkgs = pkgsFor system;
in
filterAttrs (_: isDerivation)
(overlay pkgs pkgs)
);
overlays =
let
overlayNames = attrNames (overlay null null);
mkOverlay = name: final: prev: (overlay final prev).${name};
in
(genAttrs overlayNames mkOverlay) // {
default = overlay;
};
}; };
nixConfig = {
extra-substituters = [
"https://hyprland.cachix.org"
"https://nix-community.cachix.org"
"https://pre-commit-hooks.cachix.org"
];
extra-trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc="
];
};
} }

View File

@ -17,23 +17,41 @@
gaming.enable = true; gaming.enable = true;
personal.enable = true; personal.enable = true;
}; };
programs.hyprland.nvidiaSupport = true; programs.hyprland = {
programs.hyprland.keyboardLayouts = [ "us" "de" ]; nvidiaSupport = true;
monitors = [ "HDMI-A-1,3840x2160,auto,1.2" ",preferred,auto,1" ];
extraConfig = "exec=hyprctl keyword monitor HDMI-A-1,3840x2160@120,auto,1.2";
keyboardLayouts = [ "us" "de" ];
};
services.mullvad.enable = true; services.mullvad.enable = true;
services.wallpaper.enable = true;
programs.ledger.enable = true; programs.ledger.enable = true;
}; };
home-manager.users.moritz.home.packages = with pkgs; [ home-manager.users.moritz.home.packages = with pkgs; [
jetbrains.idea-community jetbrains.idea-community
]; ];
hardware = {
keyboard.qmk.enable = true;
nvidia.modesetting.enable = true;
opengl = {
enable = true;
driSupport32Bit = true;
driSupport = true;
};
hardware.keyboard.qmk.enable = true; # sensors
enableAllFirmware = true;
# KERNEL bluetooth.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest; };
# BOOT
boot = { boot = {
# KERNEL
kernelPackages = pkgs.linuxPackages_latest;
# BOOT
supportedFilesystems = [ "btrfs" "ntfs" ]; supportedFilesystems = [ "btrfs" "ntfs" ];
loader = { loader = {
grub = { grub = {
@ -44,6 +62,8 @@
}; };
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
kernelModules = [ "lm92" "drivetemp" ];
}; };
# NETWORKING # NETWORKING
@ -68,33 +88,23 @@
}; };
networkmanager.enable = true; networkmanager.enable = true;
}; };
hardware.nvidia.modesetting.enable = true; services = {
services.xserver.videoDrivers = [ "nvidia" ]; xserver.videoDrivers = [ "nvidia" ];
hardware.opengl = { xserver.xrandrHeads = [
enable = true; { output = "HDMI-1"; }
driSupport32Bit = true; {
driSupport = true; output = "HDMI-0";
primary = true;
}
];
# Powersaving
tlp.enable = true;
}; };
services.xserver.xrandrHeads = [
{ output = "HDMI-1"; }
{
output = "HDMI-0";
primary = true;
}
];
console.keyMap = "de"; console.keyMap = "de";
# Powersaving
services.tlp.enable = true;
powerManagement.enable = true; powerManagement.enable = true;
# sensors
hardware.enableAllFirmware = true;
environment.systemPackages = with pkgs; [ lm_sensors ]; environment.systemPackages = with pkgs; [ lm_sensors ];
boot.kernelModules = [ "lm92" "drivetemp" ];
hardware.bluetooth.enable = true;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

View File

@ -7,51 +7,56 @@
, ... , ...
}: { }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; initrd = {
boot.initrd.kernelModules = [ ]; availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-amd" ]; kernelModules = [ ];
boot.extraModulePackages = [ ]; luks.devices."enc".device = "/dev/disk/by-uuid/30025a9f-44cf-4074-8ae2-d4925efd67dd";
};
fileSystems."/" = { kernelModules = [ "kvm-amd" ];
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1"; extraModulePackages = [ ];
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
}; };
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/30025a9f-44cf-4074-8ae2-d4925efd67dd"; "/home" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/home" = { "/nix" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1"; device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ]; options = [ "subvol=nix" "compress=zstd" ];
}; };
fileSystems."/nix" = { "/var/log" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1"; device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" ]; options = [ "subvol=log" "compress=zstd" ];
}; neededForBoot = true;
};
fileSystems."/var/log" = { "/boot" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1"; device = "/dev/disk/by-uuid/297B-C04C";
fsType = "btrfs"; fsType = "vfat";
options = [ "subvol=log" "compress=zstd" ]; };
neededForBoot = true;
};
fileSystems."/boot" = { "/media/games" = {
device = "/dev/disk/by-uuid/297B-C04C"; device = "/dev/disk/by-uuid/8f92ff36-a685-4a67-a3d4-55136dc5f286";
fsType = "vfat"; fsType = "ext4";
}; };
fileSystems."/media/games" = {
device = "/dev/disk/by-uuid/8f92ff36-a685-4a67-a3d4-55136dc5f286";
fsType = "ext4";
}; };
swapDevices = [{ device = "/dev/disk/by-uuid/00ad6f74-f23e-4ac0-abfb-89bdfe5ab8ae"; }]; swapDevices = [{ device = "/dev/disk/by-uuid/00ad6f74-f23e-4ac0-abfb-89bdfe5ab8ae"; }];
hardware.cpu.amd.updateMicrocode = hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware; lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

View File

@ -1 +0,0 @@
"x86_64-linux"

View File

@ -3,37 +3,46 @@
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ pkgs { pkgs
, inputs , inputs
, lib
, ... , ...
}: { }: {
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./disko.nix
./impermanence.nix
]; ];
my = { my = {
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
yubikey.luksSupport.enable = false;
profiles = { profiles = {
desktop.enable = true; desktop.enable = true;
personal.enable = true; personal.enable = true;
webis.enable = true; # webis.enable = true;
}; };
}; };
environment.systemPackages = [
(
pkgs.writeShellApplication {
name = "zfs-diff";
runtimeInputs = with pkgs; [ zfs coreutils parallel tree ];
text = ''
zfs diff -F zroot/encrypted/root@blank | awk '$2 == "F" && system("test -e /persist/"$3) != 0 { print $3 }' 2>/dev/null | tree --fromfile . "$@"
'';
}
)
];
home-manager.users.moritz.home.packages = with pkgs; [ home-manager.users.moritz.home.packages = with pkgs; [
jetbrains.idea-ultimate # jetbrains.idea-ultimate
]; ];
# BOOT # BOOT
boot = { boot = {
supportedFilesystems = [ "btrfs" ]; supportedFilesystems = [ "zfs" ];
loader = { loader.systemd-boot.enable = true;
grub = {
enable = true;
device = "nodev";
efiSupport = true;
};
efi.canTouchEfiVariables = true;
};
}; };
# SERVICES # SERVICES
@ -65,54 +74,56 @@
services.tlp.enable = true; services.tlp.enable = true;
powerManagement.enable = true; powerManagement.enable = true;
# Hibernare on low battery systemd = {
systemd.timers.hibernate-on-low-battery = { # Hibernare on low battery
wantedBy = [ "multi-user.target" ]; timers.hibernate-on-low-battery = {
timerConfig = { wantedBy = [ "multi-user.target" ];
OnUnitActiveSec = "120"; timerConfig = {
OnBootSec = "120"; OnUnitActiveSec = "120";
OnBootSec = "120";
};
};
services.hibernate-on-low-battery =
let
batteryLevelSufficient =
let
batteryPath = "/sys/class/power_supply/BATT";
in
pkgs.writeShellScriptBin "battery-level-sufficient" ''
test "$(cat ${batteryPath}/status)" != Discharging \
|| test "$(cat ${batteryPath}/capacity)" -ge 5
'';
in
{
serviceConfig.Type = "oneshot";
onFailure = [ "hibernate.target" ];
script = "${batteryLevelSufficient}/bin/battery-level-sufficient";
};
services.asus-touchpad-numpad = {
description = "Activate Numpad inside the touchpad with top right corner switch";
documentation = [ "https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver" ];
path = [ pkgs.i2c-tools ];
script = ''
cd ${inputs.asus-touchpad-numpad-driver}
# In the last argument here you choose your layout.
${
pkgs.python3.withPackages (ps: [ps.libevdev])
}/bin/python asus_touchpad.py m433ia
'';
# Probably needed because it fails on boot seemingly because the driver
# is not ready yet. Alternativly, you can use `sleep 3` or similar in the
# `script`.
serviceConfig = {
RestartSec = "1s";
Restart = "on-failure";
};
wantedBy = [ "multi-user.target" ];
}; };
}; };
systemd.services.hibernate-on-low-battery =
let
batteryLevelSufficient =
let
batteryPath = "/sys/class/power_supply/BATT";
in
pkgs.writeShellScriptBin "battery-level-sufficient" ''
test "$(cat ${batteryPath}/status)" != Discharging \
|| test "$(cat ${batteryPath}/capacity)" -ge 5
'';
in
{
serviceConfig.Type = "oneshot";
onFailure = [ "hibernate.target" ];
script = "${batteryLevelSufficient}/bin/battery-level-sufficient";
};
# Trackpad # Trackpad
# i2c for https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver # i2c for https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver
hardware.i2c.enable = true; hardware.i2c.enable = true;
systemd.services.asus-touchpad-numpad = {
description = "Activate Numpad inside the touchpad with top right corner switch";
documentation = [ "https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver" ];
path = [ pkgs.i2c-tools ];
script = ''
cd ${inputs.asus-touchpad-numpad-driver}
# In the last argument here you choose your layout.
${
pkgs.python3.withPackages (ps: [ps.libevdev])
}/bin/python asus_touchpad.py m433ia
'';
# Probably needed because it fails on boot seemingly because the driver
# is not ready yet. Alternativly, you can use `sleep 3` or similar in the
# `script`.
serviceConfig = {
RestartSec = "1s";
Restart = "on-failure";
};
wantedBy = [ "multi-user.target" ];
};
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

View File

@ -0,0 +1,94 @@
{ lib, ... }:
{
# needed for zfs pool
networking.hostId = "9c85d185";
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "64M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
rootFsOptions = {
compression = "zstd";
"com.sun:auto-snapshot" = "false";
};
mountpoint = null;
datasets = {
encrypted = {
type = "zfs_fs";
options = {
mountpoint = "none";
encryption = "aes-256-gcm";
keyformat = "passphrase";
};
# use this to read the key during boot
postCreateHook = ''
zfs set keylocation="prompt" "zroot/$name";
'';
};
"encrypted/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs snapshot zroot/encrypted/root@blank";
};
"encrypted/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
};
"encrypted/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
options."com.sun:auto-snapshot" = "true";
};
};
};
};
};
# rollback to blank
boot.initrd.postDeviceCommands = lib.mkAfter ''
zfs rollback -r zroot/encrypted/root@blank
'';
fileSystems."/persist".neededForBoot = true;
# HACK: to fix issue of agenix running before impermanence
age.identityPaths = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
"/persist/etc/ssh/ssh_host_ed25519_key"
"/persist/etc/ssh/ssh_host_rsa_key"
];
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
autoSnapshot.enable = true;
};
}

View File

@ -2,53 +2,16 @@
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ modulesPath { modulesPath
, lib
, ... , ...
}: { }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "rtsx_pci_sdmmc" ]; initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
}; };
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/078b81ba-238e-471d-9951-b743588532b8"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
fileSystems."/log" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" ];
neededForBoot = true;
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/938D-F813";
fsType = "vfat";
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=persist" "compress=zstd" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
swapDevices = [{ device = "/dev/disk/by-uuid/29ebf65f-e6ca-4625-9f72-a9321152be1b"; }];
} }

View File

@ -0,0 +1,72 @@
{ config, ... }:
{
age.secrets = {
root-password.file = ../../secrets/root-password.age;
moritz-password.file = ../../secrets/moritz-password.age;
};
users.users = {
root.hashedPasswordFile = config.age.secrets.root-password.path;
moritz.hashedPasswordFile = config.age.secrets.moritz-password.path;
};
users.mutableUsers = false;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/etc/NetworkManager/system-connections"
"/var/db/dhcpcd/"
"/var/lib/NetworkManager/"
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/log"
];
files = [
"/etc/machine-id"
"/etc/nix/id_rsa"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
users.moritz = {
directories = [
".SynologyDrive/data"
".SynologyDrive/log"
".cache/keepassxc"
".cache/nvim/luac"
".config/Nextcloud"
".config/keepassxc"
".local/share/direnv"
".local/share/nvim"
".local/share/zoxide"
".local/state/nvim"
".config/kdeconnect"
".mozilla"
"Documents"
"Downloads"
"Music"
"Pictures"
"Videos"
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".local/share/keyrings"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
];
files = [
".local/share/fish/fish_history"
".local/share/nix/trusted-settings.json"
".parallel/will-cite"
];
};
users.root = {
home = "/root";
directories = [
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
];
files = [
".local/share/nix/trusted-settings.json"
];
};
};
}

View File

@ -1 +0,0 @@
"x86_64-linux"

View File

@ -21,12 +21,18 @@
services.synology-drive.enable = true; services.synology-drive.enable = true;
programs.hyprland.keyboardLayouts = [ "us" "de" ]; programs.hyprland.keyboardLayouts = [ "us" "de" ];
}; };
boot = {
loader = {
grub = {
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.grub.enable = true; enable = true;
boot.loader.grub.device = "nodev"; device = "nodev";
boot.loader.grub.efiSupport = true; efiSupport = true;
boot.loader.efi.canTouchEfiVariables = true; };
efi.canTouchEfiVariables = true;
};
};
networking.hostName = "scadspc25"; # Define your hostname. networking.hostName = "scadspc25"; # Define your hostname.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
@ -53,4 +59,3 @@
system.stateVersion = "23.05"; # Did you read the comment? system.stateVersion = "23.05"; # Did you read the comment?
} }

View File

@ -8,52 +8,55 @@
[ [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot = {
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; extraModulePackages = [ ];
};
fileSystems = {
"/" =
{
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" "noatime" ];
};
fileSystems."/" = "/home" =
{ {
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d"; device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" "noatime" ]; options = [ "subvol=home" "compress=zstd" "noatime" ];
}; };
fileSystems."/home" = "/nix" =
{ {
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d"; device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" "noatime" ]; options = [ "subvol=nix" "compress=zstd" "noatime" ];
}; };
fileSystems."/nix" = "/var/log" =
{ {
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d"; device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ]; options = [ "subvol=log" "compress=zstd" "noatime" ];
}; };
fileSystems."/var/log" = "/snapshots" =
{ {
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d"; device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" "noatime" ]; options = [ "subvol=snapshots" "compress=zstd" "noatime" ];
}; };
fileSystems."/snapshots" = "/boot" =
{ {
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d"; device = "/dev/disk/by-uuid/3B2B-63DB";
fsType = "btrfs"; fsType = "vfat";
options = [ "subvol=snapshots" "compress=zstd" "noatime" ]; };
}; };
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/3B2B-63DB";
fsType = "vfat";
};
swapDevices = swapDevices =
[{ device = "/dev/disk/by-uuid/c08ff6b6-d6e2-4620-95fc-6c20b04c7363"; }]; [{ device = "/dev/disk/by-uuid/c08ff6b6-d6e2-4620-95fc-6c20b04c7363"; }];

View File

@ -1 +0,0 @@
"x86_64-linux"

View File

@ -6,21 +6,6 @@
with lib; with lib;
let let
nom-system = pkgs.writeFishApplication {
name = "nom-system";
runtimeInputs = with pkgs; [ nix-output-monitor ];
text = /* fish */ ''
nom build --no-link "/home/moritz/.dotfiles#nixosConfigurations.$(hostname).config.system.build.toplevel" $argv
'';
};
nom-system-command = name: command: pkgs.writeFishApplication {
inherit name;
runtimeInputs = with pkgs; [ nom-system nix ];
text = /* fish */ ''
nom-system $argv && ${command}
'';
};
f = pkgs.writeFishApplication { f = pkgs.writeFishApplication {
name = "f"; name = "f";
runtimeInputs = with pkgs; [ fzf bat ]; runtimeInputs = with pkgs; [ fzf bat ];
@ -46,7 +31,7 @@ let
recurse (readlink $path) recurse (readlink $path)
end end
end end
for arg in $argv for arg in $argv
recurse (which $arg) recurse (which $arg)
end end
@ -84,6 +69,9 @@ let
}; };
in in
{ {
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoAqa2m7hIzZ2LS96Z+RCIlRvhBM/j7h27tMBCwMT+a" # Moritz
];
users.users.moritz = { users.users.moritz = {
isNormalUser = true; isNormalUser = true;
home = "/home/moritz"; home = "/home/moritz";
@ -105,17 +93,17 @@ in
abbreviations = { abbreviations = {
us = "systemctl --user"; us = "systemctl --user";
rs = "sudo systemctl"; rs = "sudo systemctl";
uj = "journalctl --user";
rj = "sudo journalctl";
}; };
aliases = { aliases = {
ls = "exa -lh --icons --git"; ls = "${getExe pkgs.eza} -lh --icons --git";
cat = "bat"; cat = "bat";
rm = "rm -i"; rm = "rm -i";
mv = "mv -i"; mv = "mv -i";
cd = "__zoxide_z"; cd = "__zoxide_z";
nixos-update = "pushd ~/.dotfiles && nix flake update && popd"; nixos-update = "pushd ~/.dotfiles && nix flake update && popd";
latexwatch = ''find -type f -name "*.tex" | entr -c latexmk -pdf -silent'';
}; };
variables = { EDITOR = "vim"; }; variables = { EDITOR = "vim"; };
}; };
@ -135,6 +123,8 @@ in
"|" = "split-window -h"; "|" = "split-window -h";
"C-l" = "send-keys C-l"; "C-l" = "send-keys C-l";
"R" = "source-file $XDG_CONFIG_HOME/tmux/tmux.conf \\; display-message 'Reloaded tmux.conf'"; "R" = "source-file $XDG_CONFIG_HOME/tmux/tmux.conf \\; display-message 'Reloaded tmux.conf'";
"f" = "new-window ts";
"a" = "new-window ta";
}; };
copy-mode-vi = { copy-mode-vi = {
"v" = "send -X begin-selection"; "v" = "send -X begin-selection";
@ -151,53 +141,40 @@ in
# archives # archives
ouch ouch
# file management
trash-cli
# monitoring # monitoring
htop
bottom bottom
# nix # nix
(nom-system-command "nixos-boot" "sudo nixos-rebuild boot --flake ~/.dotfiles")
(nom-system-command "nixos-switch" "sudo nixos-rebuild switch --flake ~/.dotfiles")
(nom-system-command "nixos-test" "sudo nixos-rebuild test --flake ~/.dotfiles")
manix
nix-index
nix-output-monitor nix-output-monitor
nixpkgs-fmt nixpkgs-fmt
statix
which-nix which-nix
# other # utils
bat bat
cht-sh cht-sh
du-dust
duf
entr
exa
f f
fd
gi gi
gparted parallel
neofetch
reptyr
ripgrep ripgrep
up
vim vim
viu viu
wget wget
]; ];
fonts.packages = with pkgs; [ fonts = {
(nerdfonts.override { enableDefaultPackages = true;
fonts = [ "FiraCode" ]; packages = with pkgs; [
}) (nerdfonts.override {
]; fonts = [ "FiraCode" ];
})
];
};
programs = { programs = {
mtr.enable = true; mtr.enable = true;
command-not-found.enable = true;
starship.enable = true; starship.enable = true;
command-not-found.enable = false;
}; };
services = { services = {

View File

@ -84,11 +84,7 @@ in
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
anki
calibre
fd
keepassxc keepassxc
nixpkgs-review
pavucontrol pavucontrol
stable.libreoffice # NOTE breaks often stable.libreoffice # NOTE breaks often
stable.signal-desktop # NOTE breaks often stable.signal-desktop # NOTE breaks often

View File

@ -69,24 +69,5 @@ in
}; };
}; };
}; };
nix.buildMachines = [{
hostName = "builder";
systems = [ "aarch64-linux" "x86_64-linux" ];
protocol = "ssh-ng";
maxJobs = 1;
speedFactor = 1;
supportedFeatures = [ "nixos-test" "benchmark" "kvm" ];
mandatoryFeatures = [ ];
}];
nix.distributedBuilds = true;
# optional, useful when the builder has a faster internet connection than yours
nix.extraOptions = ''
builders-use-substitutes = true
'';
age.secrets."ssh-builder" = {
file = ../../secrets/ssh-builder.age;
owner = "0";
path = "/root/.ssh/config";
};
}; };
} }

View File

@ -1,6 +1,7 @@
{ config { config
, lib , lib
, inputs , inputs
, pkgs
, ... , ...
}: }:
@ -33,13 +34,27 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
home-manager.users.moritz.programs.firefox = { home-manager.users.moritz.programs.firefox = {
enable = true; enable = true;
profiles."default".extraConfig = mkIf cfg.arkenfox.enable '' profiles."default" = {
// Arkenfox user.js extraConfig = mkIf cfg.arkenfox.enable ''
${arkenfox} // Arkenfox user.js
${arkenfox}
// Overrides // Overrides
${cfg.arkenfox.overrides} ${cfg.arkenfox.overrides}
''; '';
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
darkreader
firefox-color
istilldontcareaboutcookies
kagi-search
keepassxc-browser
languagetool
multi-account-containers
ublock-origin
wikiwand-wikipedia-modernized
vimium
];
};
}; };
}; };
} }

View File

@ -46,14 +46,46 @@ in
# visual mode, but due to fish_cursor_default, is redundant here # visual mode, but due to fish_cursor_default, is redundant here
set fish_cursor_visual block set fish_cursor_visual block
# Complex abbreviations
function last_history_item
echo $history[1]
end
abbr -a !! --position anywhere --function last_history_item
function sed_history_item
echo $history[1] | perl -p -e (string trim -l --chars=! $argv)
end
abbr -a sed_history --position command --regex '^!s/.+/.*/g?' --function sed_history_item
function multicd
echo cd (string repeat -n (math (string length -- $argv[1]) - 1) ../)
end
abbr --add dotdot --regex '^\.\.+$' --function multicd
abbr -a P --position anywhere --set-cursor "% | $PAGER"
function editor_edit
echo $EDITOR $argv
end
abbr -a editor_edit_files --position command --regex ".+\.(txt|md|org)" --function editor_edit
function editor
echo $EDITOR
end
abbr -a e --function editor
# Completions # Completions
complete -c c -kfa '(zoxide query -l | sed "s|$HOME|~|")' complete -c c -kfa '(zoxide query -l | sed "s|$HOME|~|")'
${optionalString config.virtualisation.podman.dockerCompat /* fish */ "complete -c docker -w podman"} ${optionalString config.virtualisation.podman.dockerCompat /* fish */ "complete -c docker -w podman"}
complete -c nom -fn "not __fish_seen_subcommand_from build shell develop" -a "build shell develop"
complete -c nom -fn "__fish_seen_subcommand_from build" -w "nix build"
complete -c nom -fn "__fish_seen_subcommand_from shell" -w "nix shell"
complete -c nom -fn "__fish_seen_subcommand_from develop" -w "nix develop"
complete -c timers \ complete -c timers \
-n "__fish_seen_subcommand_from toggle" \ -n "__fish_seen_subcommand_from toggle" \
-fa '(timers --json l | ${getExe pkgs.jq} -r .[][].name)' -fa '(timers --json l | ${getExe pkgs.jq} -r .[][].name)'
complete -c timers \ complete -c timers \
-n "__fish_seen_subcommand_from remove" \ -n "__fish_seen_subcommand_from remove" \
-fa '(timers --json l | ${getExe pkgs.jq} -r .[][].name)' -fa '(timers --json l | ${getExe pkgs.jq} -r .[][].name)'
@ -64,6 +96,22 @@ in
functions = { functions = {
fish_greeting = ""; fish_greeting = "";
cheat = "cht.sh $argv | bat -p"; cheat = "cht.sh $argv | bat -p";
sourceenv = ''
set -f envfile "$argv"
if not test -f "$envfile"
echo "Unable to load $envfile"
return 1
end
printf "exported"
while read line
if not string match -qr '^#|^$' "$line"
set item (string split -m 1 '=' $line)
printf " $item[1]"
set -gx "$item[1]" "$item[2]"
end
end < "$envfile"
printf "\n"
'';
}; };
}; };
}; };

View File

@ -17,7 +17,7 @@ in
# #
# See https://wiki.hyprland.org/Configuring/Monitors/ # See https://wiki.hyprland.org/Configuring/Monitors/
monitor=,preferred,auto,1 ${concatLines (map (x: "monitor=${x}") cfg.monitors)}
# See https://wiki.hyprland.org/Configuring/Keywords/ for more # See https://wiki.hyprland.org/Configuring/Keywords/ for more
@ -110,6 +110,13 @@ in
workspace_swipe = on workspace_swipe = on
} }
misc {
vrr = 1
mouse_move_enables_dpms = true
key_press_enables_dpms = true
force_default_wallpaper = 0
}
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more # See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# Firefox Sharing Indicator # Firefox Sharing Indicator
${mkRules ["float" "move 49% 40" "noborder" "nofullscreenrequest"] ["title:^(.*Sharing Indicator.*)$"]} ${mkRules ["float" "move 49% 40" "noborder" "nofullscreenrequest"] ["title:^(.*Sharing Indicator.*)$"]}
@ -207,5 +214,9 @@ in
bindm = $mainMod, mouse:272, movewindow bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow bindm = $mainMod, mouse:273, resizewindow
exec-once=${getExe config.my.programs.wallpaper.package} -r # Toggle waybar
bindr = $mainMod, SUPER_L, exec, pkill -USR1 waybar
# Extra Config
${cfg.extraConfig}
'' ''

View File

@ -31,6 +31,15 @@ in
description = "list of keyboard layouts"; description = "list of keyboard layouts";
default = [ "de" "us" ]; default = [ "de" "us" ];
}; };
monitors = mkOption {
type = types.listOf types.str;
description = "monitor settings";
default = [ ",preferred,auto,1" ];
};
extraConfig = mkOption {
type = types.str;
default = "";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -42,46 +51,47 @@ in
}; };
wallpapers.enable = true; wallpapers.enable = true;
services.dunst.enable = true; services.dunst.enable = true;
services.wallpaper.enable = true;
}; };
# enable home-manager module
home-manager.users.moritz = { home-manager.users.moritz = {
# import home-manager module # enable home-manager module
imports = [ inputs.hyprland.homeManagerModules.default ];
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
package = hyprland; package = hyprland;
recommendedEnvironment = true;
extraConfig = import ./_config.nix args; extraConfig = import ./_config.nix args;
}; };
};
# add waybar as a status bar
# add waybar as a status bar programs.waybar = {
home-manager.users.moritz.programs.waybar = {
enable = true;
# start using systemd service
systemd = {
enable = true; enable = true;
target = "graphical-session.target";
};
settings = { # start using systemd service
mainBar = { systemd = {
layer = "top"; enable = true;
position = "top"; target = "graphical-session.target";
height = 20; };
modules-left = [ "hyprland/workspaces" ];
modules-center = [ "hyprland/window" ]; settings = {
modules-right = [ "hyprland/language" "network" "memory" "cpu" "battery" "clock" ]; mainBar = {
start_hidden = true;
layer = "top";
position = "top";
height = 20;
modules-left = [ "hyprland/workspaces" ];
modules-center = [ "hyprland/window" ];
modules-right = [ "hyprland/language" "network" "memory" "cpu" "battery" "clock" ];
};
}; };
}; };
};
# lock screen after timeout # lock screen after timeout
home-manager.users.moritz = { programs.swaylock = {
enable = true;
settings = {
color = "000000";
};
};
services.swayidle = { services.swayidle = {
enable = true; enable = true;
events = [ events = [
@ -118,30 +128,23 @@ in
timeout = 30 * 60; timeout = 30 * 60;
command = "${pkgs.systemd}/bin/systemctl suspend-and-hibernate"; command = "${pkgs.systemd}/bin/systemctl suspend-and-hibernate";
}; };
systemdTarget = "hyprland-session.target"; systemdTarget = "graphical-session.target";
};
systemd.user.services.nextcloud-client.Service = {
RestartSec = "500ms";
Restart = "on-failure";
}; };
}; };
# adds pam module for swaylock # adds pam module for swaylock
security.pam.services.swaylock = { }; security.pam.services.swaylock = { };
# only consider graphical-session.target started when hyprland-sesstion.target is reached
systemd.user.targets.hyprland-session = {
partOf = [ "graphical-session.target" ];
wantedBy = [ "graphical-session.target" ];
before = [ "graphical-session.target" ];
};
systemd.user.services.xdg-desktop-portal-hyprland = { systemd.user.services.xdg-desktop-portal-hyprland = {
after = [ "hyrpland-session.target" ]; after = [ "hyprland-session.target" ];
requiredBy = [ "xdg-desktop-portal.service" ]; requiredBy = [ "xdg-desktop-portal.service" ];
}; };
home-manager.users.moritz.systemd.user.services.nextcloud-client.Service = {
RestartSec = "500ms";
Restart = "on-failure";
};
# add user packages for wayland and hyprland in particular # add user packages for wayland and hyprland in particular
users.users.moritz.packages = with pkgs; [ users.users.moritz.packages = with pkgs; [
brightnessctl # control brightness brightnessctl # control brightness

View File

@ -57,17 +57,9 @@ in
settings = { settings = {
substituters = [ substituters = [
"https://cache.nixos.org/" "https://cache.nixos.org/"
"https://jupyterwith.cachix.org"
"https://nix-community.cachix.org"
"https://pre-commit-hooks.cachix.org"
"https://hyprland.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"jupyterwith.cachix.org-1:/kDy2B6YEhXGJuNguG1qyqIodMyO4w8KwWH4/vAc7CI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
]; ];
trusted-users = [ "root" "@wheel" ]; trusted-users = [ "root" "@wheel" ];

View File

@ -3,242 +3,11 @@
with lib; with lib;
let let
cfg = config.my.programs.nvim; cfg = config.my.programs.nvim;
toLua = value: with builtins;
if value == null then "nil" else
if isBool value then boolToString value else
if isInt value || isFloat value then toString value else
if isString value then string value else
if isAttrs value then attrs value else
if isList value then list value else
abort "should never happen (value = ${value})";
string = str: ''"${toString str}"'';
attrs = set:
let
toKeyword = name: value: "${name} = ${toLua value}";
keywords = concatStringsSep ", " (mapAttrsToList toKeyword set);
in
"{ " + keywords + " }";
listContent = values: concatStringsSep ", " (map toLua values);
list = values: "{ " + listContent values + " }";
luaList = values: "{" + (concatStringsSep ", " values) + "}";
keybinding = { key, cmd, func, mode, desc }:
let
cmdString =
if cmd != null then toLua cmd else
if func != null then func else
abort "Either cmd or function must be set";
descString = optionalString (desc != null) "desc = ${toLua desc},";
in
''{ ${toLua key}, ${cmdString}, mode = ${toLua mode}, ${descString} }'';
lazySpecFromPlugin =
{ cmd
, conf
, dependencies
, enabled
, event
, ft
, init
, keys
, lazy
, opts
, plugin
, priority
}:
luaList
([
"dir = ${string plugin}"
"name = ${toLua (getName plugin)}"
]
++ (optional (opts != null) "opts = ${toLua opts}")
++ (optional (lazy != null) "lazy = ${toLua lazy}")
++ (optional (!enabled) "enabled = ${toLua enabled}")
++ (optional (dependencies != [ ]) "dependencies = ${luaList (map lazySpecFromPlugin dependencies)}")
++ (optional (init != null) "init = function(plugin)\n${init}\nend")
++ (optional (conf != null) "config = function(plugin, opts)\n${conf}\nend")
++ (optional (keys != [ ]) "keys = ${luaList (map keybinding keys)}")
++ (optional (event != [ ]) "event = ${toLua event}")
++ (optional (cmd != [ ]) "cmd = ${toLua cmd}")
++ (optional (ft != [ ]) "ft = ${toLua ft}")
++ (optional (priority != null) "priority = ${toLua priority}")
);
lazySpecs = luaList (map lazySpecFromPlugin cfg.plugins);
lazy = /* lua */ ''
require("lazy").setup(${lazySpecs})
'';
initLua =
let
text = lib.concatLines [ (builtins.readFile ./options.lua) lazy ];
in
pkgs.runCommand "init.lua" { inherit text; } ''
touch $out
echo -n "$text" > $out
${getExe pkgs.stylua} $out
'';
in in
{ {
imports = lib.my.listModulesRec ./plugins; imports = lib.my.listModulesRec ./plugins;
options.my.programs.nvim = { options.my.programs.nvim.enable = mkEnableOption "nvim";
enable = mkEnableOption "nvim";
plugins = mkOption {
default = [ ];
description = ''
List of plugins with config.
'';
type = with types; listOf (
let
sub = submodule {
options = {
conf = mkOption {
type = nullOr str;
default = null;
description = ''
Lua function to be executed when the plugin is loaded.
'';
};
opts = mkOption {
type =
let
valueType = nullOr
(oneOf [
str
bool
int
float
(listOf valueType)
(attrsOf valueType)
]) // {
description = "Lua value";
};
in
nullOr (attrsOf valueType);
default = null;
description = ''
Lua table to be passed to te plugin config function.
'';
};
dependencies = mkOption {
type = listOf sub;
default = [ ];
description = ''
List of plugins this plugin depends on.
'';
};
init = mkOption {
type = nullOr str;
default = null;
description = ''
Lua code to be executed when the plugin is initialized.
'';
};
event = mkOption {
type = listOf str;
default = [ ];
description = ''
Event to load the plugin on.
'';
};
lazy = mkOption {
type = nullOr bool;
default = null;
description = ''
Whether to load the plugin lazily.
'';
};
plugin = mkOption {
type = package;
description = ''
The plugin package.
'';
};
enabled = mkOption {
type = bool;
default = true;
description = ''
Whether to enable the plugin.
'';
};
cmd = mkOption {
type = listOf str;
default = [ ];
description = ''
Command to load the plugin.
'';
};
ft = mkOption {
type = listOf str;
default = [ ];
description = ''
Filetype to load the plugin on.
'';
};
priority = mkOption {
type = nullOr int;
default = null;
description = ''
Priority to load the plugin.
'';
};
keys = mkOption {
default = [ ];
description = ''
List of keybindings.
'';
type = listOf (submodule {
options = {
key = mkOption {
type = str;
description = ''
Key to bind.
'';
};
cmd = mkOption {
type = nullOr str;
default = null;
description = ''
Command to execute.
'';
};
func = mkOption {
type = nullOr str;
default = null;
description = ''
Function to execute.
'';
};
mode = mkOption {
type = listOf str;
default = [ "n" ];
description = ''
Mode to bind the key in.
'';
};
desc = mkOption {
type = nullOr str;
default = null;
description = ''
Description of the keybinding.
'';
};
};
});
};
};
};
in
sub
);
};
};
config = mkIf cfg.enable { config = mkIf cfg.enable {
home-manager.users.moritz = { home-manager.users.moritz = {
@ -250,8 +19,6 @@ in
) )
]; ];
xdg.configFile."nvim/init.lua".source = initLua;
programs.neovim = { programs.neovim = {
enable = true; enable = true;
package = pkgs.neovim-nightly; package = pkgs.neovim-nightly;
@ -259,24 +26,21 @@ in
vimdiffAlias = true; vimdiffAlias = true;
withNodeJs = true; withNodeJs = true;
withPython3 = true; withPython3 = true;
extraPython3Packages = ps:
let
plugins = map (getAttr "plugin") cfg.plugins;
depAttrName = "python3Dependencies";
filtered = filter (hasAttr depAttrName) plugins;
funcs = map (getAttr depAttrName) filtered;
in
foldl (list: f: list ++ (f ps)) [ ] funcs;
extraPackages = with pkgs; extraPackages = with pkgs;
[ [
alejandra alejandra
black black
checkmake
deadnix deadnix
dotenv-linter
fish
isort isort
jq jq
nil nixd
nixpkgs-fmt nixpkgs-fmt
nodePackages.bash-language-server nodePackages.bash-language-server
nodePackages.jsonlint
ruff-lsp
rustfmt rustfmt
shellcheck shellcheck
shfmt shfmt
@ -287,10 +51,10 @@ in
typst typst
typst-lsp typst-lsp
yamlfmt yamlfmt
yamllint
]; ];
plugins = [ extraLuaConfig = readFile ./options.lua;
pkgs.vimPlugins.lazy-nvim lazy.enable = true;
];
}; };
}; };
}; };

View File

@ -1,12 +1,6 @@
vim.g.mapleader = " " vim.g.mapleader = " "
vim.g.maplocalleader = "," vim.g.maplocalleader = ","
-- FIX to create spell dir if not existent
local spelldir = vim.fn.stdpath("config") .. "/spell"
if not vim.loop.fs_stat(spelldir) then
vim.fn.mkdir(spelldir, "p")
end
vim.opt.autoindent = true vim.opt.autoindent = true
vim.opt.backupdir = { vim.fn.stdpath("state") .. "/backup/" } -- don't store backup in files dir vim.opt.backupdir = { vim.fn.stdpath("state") .. "/backup/" } -- don't store backup in files dir
vim.opt.clipboard = "unnamedplus" -- sync with system clipboard vim.opt.clipboard = "unnamedplus" -- sync with system clipboard

View File

@ -1,8 +1,8 @@
{ pkgs, ... }: { pkgs, lib, ... }:
with builtins; with builtins;
{ {
config.my.programs.nvim.plugins = with pkgs.vimPlugins; [ config.home-manager.users.moritz.programs.neovim.lazy.plugins = with pkgs.vimPlugins; [
{ {
plugin = formatter-nvim; plugin = formatter-nvim;
cmd = [ "Format" "Fmt" ]; cmd = [ "Format" "Fmt" ];
@ -104,7 +104,6 @@ with builtins;
event = [ "BufRead" "BufNewFile" ]; event = [ "BufRead" "BufNewFile" ];
conf = readFile ./lua/nvim-lspconfig.lua; conf = readFile ./lua/nvim-lspconfig.lua;
dependencies = [ dependencies = [
{ plugin = lsp_signature-nvim; }
{ {
plugin = null-ls-nvim; plugin = null-ls-nvim;
conf = readFile ./lua/null-ls-nvim.lua; conf = readFile ./lua/null-ls-nvim.lua;
@ -192,7 +191,6 @@ with builtins;
]; ];
dependencies = [ dependencies = [
{ plugin = plenary-nvim; } { plugin = plenary-nvim; }
{ plugin = which-key-nvim; }
{ plugin = telescope-fzf-native-nvim; } { plugin = telescope-fzf-native-nvim; }
]; ];
} }
@ -301,5 +299,9 @@ with builtins;
]; ];
opts = { }; opts = { };
} }
{
plugin = nvim-puppeteer;
lazy = false; # NOTE: plugin lazy-loads itself.
}
]; ];
} }

View File

@ -8,9 +8,15 @@ null_ls.setup({
-- Completion -- Completion
null_ls.builtins.completion.spell, null_ls.builtins.completion.spell,
-- Diagnostics -- Diagnostics
null_ls.builtins.diagnostics.checkmake,
null_ls.builtins.diagnostics.deadnix, null_ls.builtins.diagnostics.deadnix,
null_ls.builtins.diagnostics.dotenv_linter,
null_ls.builtins.diagnostics.fish,
null_ls.builtins.diagnostics.jsonlint,
null_ls.builtins.diagnostics.shellcheck, null_ls.builtins.diagnostics.shellcheck,
null_ls.builtins.diagnostics.statix, null_ls.builtins.diagnostics.statix,
null_ls.builtins.diagnostics.trail_space,
null_ls.builtins.diagnostics.yamllint,
}, },
}) })

View File

@ -2,6 +2,14 @@ local cmp = require("cmp")
local luasnip = require("luasnip") local luasnip = require("luasnip")
require("luasnip.loaders.from_vscode").lazy_load() require("luasnip.loaders.from_vscode").lazy_load()
local has_words_before = function()
if vim.api.nvim_buf_get_option(0, "buftype") == "prompt" then
return false
end
local line, col = unpack(vim.api.nvim_win_get_cursor(0))
return col ~= 0 and vim.api.nvim_buf_get_text(0, line - 1, 0, line - 1, col, {})[1]:match("^%s*$") == nil
end
cmp.setup({ cmp.setup({
formatting = { formatting = {
format = require("lspkind").cmp_format({ format = require("lspkind").cmp_format({
@ -26,8 +34,8 @@ cmp.setup({
["<C-e>"] = cmp.mapping.abort(), ["<C-e>"] = cmp.mapping.abort(),
["<CR>"] = cmp.mapping.confirm({ select = true }), ["<CR>"] = cmp.mapping.confirm({ select = true }),
["<Tab>"] = cmp.mapping(function(fallback) ["<Tab>"] = cmp.mapping(function(fallback)
if cmp.visible() then if cmp.visible() and has_words_before() then
cmp.select_next_item() cmp.select_next_item({ behavior = cmp.SelectBehavior.Select })
elseif luasnip.expand_or_jumpable() then elseif luasnip.expand_or_jumpable() then
luasnip.expand_or_jump() luasnip.expand_or_jump()
else else
@ -49,7 +57,7 @@ cmp.setup({
{ name = "buffer", priority = 1 }, { name = "buffer", priority = 1 },
{ name = "luasnip", priority = 2 }, { name = "luasnip", priority = 2 },
{ name = "codeium", priority = 3 }, { name = "codeium", priority = 3 },
{ name = "nvim_lsp", priority = 4 }, { name = "nvim_lsp", priority = 3 },
}, },
}) })

View File

@ -134,7 +134,7 @@ end
local servers = { local servers = {
"bashls", "bashls",
"nil_ls", "nixd",
"pylsp", "pylsp",
"ruff_lsp", "ruff_lsp",
"typst_lsp", "typst_lsp",

View File

@ -2,7 +2,7 @@
with builtins; with builtins;
{ {
config.my.programs.nvim.plugins = with pkgs.vimPlugins; [ config.home-manager.users.moritz.programs.neovim.lazy.plugins = with pkgs.vimPlugins; [
{ {
plugin = nvim-treesitter; plugin = nvim-treesitter;
event = [ "BufReadPost" "BufNewFile" ]; event = [ "BufReadPost" "BufNewFile" ];

View File

@ -2,7 +2,7 @@
with builtins; with builtins;
{ {
config.my.programs.nvim.plugins = with pkgs.vimPlugins; [ config.home-manager.users.moritz.programs.neovim.lazy.plugins = with pkgs.vimPlugins; [
{ {
plugin = which-key-nvim; plugin = which-key-nvim;
lazy = false; lazy = false;

View File

@ -19,14 +19,14 @@ let
tmux-sessionizer = pkgs.writeFishApplication { tmux-sessionizer = pkgs.writeFishApplication {
name = "ts"; name = "ts";
runtimeInputs = with pkgs; [ tmux findutils coreutils procps fd fzf1 tmux-switch ]; runtimeInputs = with pkgs; [ tmux findutils coreutils procps fd tmux-switch gawk ];
text = readFile ./tmux-sessionizer/script.fish; text = readFile ./tmux-sessionizer/script.fish;
completions = readFile ./tmux-sessionizer/completions.fish; completions = readFile ./tmux-sessionizer/completions.fish;
}; };
tmux-attach = pkgs.writeFishApplication { tmux-attach = pkgs.writeFishApplication {
name = "ta"; name = "ta";
runtimeInputs = with pkgs; [ tmux fzf1 tmux-switch ]; runtimeInputs = with pkgs; [ tmux tmux-switch ];
text = readFile ./tmux-attach/script.fish; text = readFile ./tmux-attach/script.fish;
completions = readFile ./tmux-attach/completions.fish; completions = readFile ./tmux-attach/completions.fish;
}; };
@ -97,7 +97,7 @@ in
if ! fish_is_root_user && test "$TERM_PROGRAM" != 'vscode' && ${insideVariableMissing} if ! fish_is_root_user && test "$TERM_PROGRAM" != 'vscode' && ${insideVariableMissing}
if test -z $tmux_autostarted if test -z $tmux_autostarted
set -x tmux_autostarted true set -x tmux_autostarted true
ts tmux new -A -s home
end end
end end
''; '';

View File

@ -1,4 +1,4 @@
set selected (tmux list-sessions -F '#{session_name}' 2>/dev/null | fzf1 $argv) set selected (tmux list-sessions -F '#{session_name}' 2>/dev/null | fzf --query "$argv")
if not test -n "$selected" if not test -n "$selected"
exit 1 exit 1
end end

9
modules/programs/tmux/tmux-sessionizer/script.fish Normal file → Executable file
View File

@ -1,4 +1,11 @@
set selected (fd -HIg '.git' ~/ --min-depth 1 --max-depth 5 --type d --prune --exec dirname {} | fzf1 $argv) #!/usr/bin/env fish
set pipe (mktemp --dry-run)
mkfifo $pipe
fd -HIg '.git' ~/ --min-depth 1 --max-depth 5 --type d --prune --exec-batch dirname {} | tee $pipe >/dev/null &
fd . ~/ --min-depth 1 --max-depth 3 --type d --exec-batch realpath {} | tee $pipe >/dev/null &
set selected (cat $pipe | awk '!seen[$0]++' | fzf --query "$argv")
rm -f "$pipe"
set selected_name (basename $selected 2>/dev/null | string replace "." "_") set selected_name (basename $selected 2>/dev/null | string replace "." "_")

View File

@ -2,6 +2,7 @@
WALLPAPERS_PATH="$HOME/.config/wallpapers" WALLPAPERS_PATH="$HOME/.config/wallpapers"
WALLPAPERS=$(find "$WALLPAPERS_PATH" -type f,l) WALLPAPERS=$(find "$WALLPAPERS_PATH" -type f,l)
DEBUG=0
function help() { function help() {
echo "Usage:" echo "Usage:"
@ -22,7 +23,11 @@ function setWallpaperX {
} }
function setWallpaperWayland { function setWallpaperWayland {
swaybg --mode fill -i "$1" 2>/dev/null & if [[ $DEBUG -eq 1 ]]; then
swaybg --mode fill -i "$1" &
else
swaybg --mode fill -i "$1" 2>/dev/null &
fi
} }
function setWallpaper() { function setWallpaper() {
@ -53,6 +58,10 @@ while [[ $# -gt 0 ]]; do
shift # past argument shift # past argument
shift # past value shift # past value
;; ;;
-v | --verbose)
DEBUG=1
shift # past argument
;;
*) *)
POSITIONAL+=("$1") # save it in an array for later POSITIONAL+=("$1") # save it in an array for later
shift # past argument shift # past argument

View File

@ -5,62 +5,64 @@
## System security tweaks ## System security tweaks
# Prevent replacing the running kernel w/o reboot # Prevent replacing the running kernel w/o reboot
# security.protectKernelImage = lib.mkDefault true; # NOTE disabled for now to enable hibernate # security.protectKernelImage = lib.mkDefault true; # NOTE disabled for now to enable hibernate
boot = {
# tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy # tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy
# on ssd systems, and volatile! Because it's wiped on reboot. # on ssd systems, and volatile! Because it's wiped on reboot.
boot.tmp.useTmpfs = lib.mkDefault true; tmp.useTmpfs = lib.mkDefault true;
# If not using tmpfs, which is naturally purged on reboot, we must clean it # If not using tmpfs, which is naturally purged on reboot, we must clean it
# /tmp ourselves. /tmp should be volatile storage! # /tmp ourselves. /tmp should be volatile storage!
boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs); tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
# Fix a security hole in place for backwards compatibility. See desc in # Fix a security hole in place for backwards compatibility. See desc in
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix # nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
boot.loader.systemd-boot.editor = false; loader.systemd-boot.editor = false;
boot.kernel.sysctl = { kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the # The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands. # system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern. # Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0; "kernel.sysrq" = 0;
## TCP hardening ## TCP hardening
# Prevent bogus ICMP errors from filling up logs. # Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1; "net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of # Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing. # packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1; "net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1; "net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets (we're not a router) # Do not accept IP source route packets (we're not a router)
"net.ipv4.conf.all.accept_source_route" = 0; "net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0; "net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects (again, we're on a router) # Don't send ICMP redirects (again, we're on a router)
"net.ipv4.conf.all.send_redirects" = 0; "net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0; "net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations) # Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0; "net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0; "net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0; "net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0; "net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0; "net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0; "net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks # Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1; "net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination # Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1; "net.ipv4.tcp_rfc1337" = 1;
# Log martian packages # Log martian packages
"net.ipv4.conf.all.log_martians" = 1; "net.ipv4.conf.all.log_martians" = 1;
"net.ipv4.conf.default.log_martians" = 1; "net.ipv4.conf.default.log_martians" = 1;
## TCP optimization ## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing # TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for # data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections: # both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3; "net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency # Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake"; "net.core.default_qdisc" = "cake";
};
kernelModules = [ "tcp_bbr" ];
}; };
boot.kernelModules = [ "tcp_bbr" ];
# So we don't have to do this later... # So we don't have to do this later...
security.acme.acceptTerms = true; security.acme.acceptTerms = true;

View File

@ -0,0 +1,26 @@
{ lib, config, ... }:
with lib;
let
cfg = config.my.services.wallpaper;
in
{
options.my.services.wallpaper = {
enable = mkEnableOption "wallpaper changer";
frequency = mkOption {
type = types.str;
default = "30m";
};
};
config = mkIf cfg.enable {
systemd.user.services.wallpaper = {
script = "${getExe config.my.programs.wallpaper.package} -r -v";
wantedBy = [ "graphical-session.target" ];
serviceConfig = {
Restart = "always";
RuntimeMaxSec = cfg.frequency;
ExitType = "cgroup";
};
};
};
}

16
overlays/fixes.nix Normal file
View File

@ -0,0 +1,16 @@
{ lib, ... }:
final: prev: {
# python-poetry/poetry#5929
poetry = final.symlinkJoin {
name = "poetry";
paths = [ prev.poetry ];
postBuild =
let
regex = "s/'([a-z]*[[:blank:]][a-z]*)''/\1'/g";
in
''
${lib.getExe final.gnused} -i -E "${regex}" "$out/share/fish/vendor_completions.d/poetry.fish"
'';
};
}

View File

@ -4,7 +4,6 @@ final: prev:
{ {
agenix = inputs.agenix.packages.${prev.system}.default; agenix = inputs.agenix.packages.${prev.system}.default;
hyprpaper = inputs.hyprpaper.packages.${prev.system}.default; hyprpaper = inputs.hyprpaper.packages.${prev.system}.default;
nil = inputs.nil.packages.${prev.system}.default;
nix-super = inputs.nix-super.packages.${prev.system}.default; nix-super = inputs.nix-super.packages.${prev.system}.default;
rofi-wayland = prev.rofi-wayland.overrideAttrs (_: { rofi-wayland = prev.rofi-wayland.overrideAttrs (_: {
src = inputs.rofi-wayland; src = inputs.rofi-wayland;
@ -13,18 +12,9 @@ final: prev:
timers = inputs.timers.packages.${prev.system}.default; timers = inputs.timers.packages.${prev.system}.default;
hyprland = inputs.hyprland.packages.${prev.system}.default; hyprland = inputs.hyprland.packages.${prev.system}.default;
fzf1 = final.writeShellApplication { xorg = prev.xorg // {
name = "fzf1"; lndir = prev.xorg.lndir.overrideAttrs (_: {
runtimeInputs = with final; [ coreutils fzf fd ]; meta.mainProgram = "lndir";
text = '' });
#!/usr/bin/env bash
selected=$(fzf --query="$*" -1 < /dev/stdin)
if [[ -z $selected ]]; then
exit 0
fi
echo "$selected"
'';
}; };
} }

View File

@ -6,25 +6,25 @@ with lib.my;
vimPlugins = prev.vimPlugins // { vimPlugins = prev.vimPlugins // {
inherit (inputs.codeium-nvim.packages.${prev.system}.vimPlugins) codeium-nvim; inherit (inputs.codeium-nvim.packages.${prev.system}.vimPlugins) codeium-nvim;
smartcolumn-nvim = prev.vimUtils.buildVimPluginFrom2Nix { smartcolumn-nvim = prev.vimUtils.buildVimPlugin {
pname = "smartcolumn-nvim"; pname = "smartcolumn-nvim";
version = mkVersionInput inputs.smartcolumn-nvim; version = mkVersionInput inputs.smartcolumn-nvim;
src = inputs.smartcolumn-nvim; src = inputs.smartcolumn-nvim;
}; };
telekasten-nvim = prev.vimUtils.buildVimPluginFrom2Nix { telekasten-nvim = prev.vimUtils.buildVimPlugin {
pname = "telekasten-nvim"; pname = "telekasten-nvim";
version = mkVersionInput inputs.telekasten-nvim; version = mkVersionInput inputs.telekasten-nvim;
src = inputs.telekasten-nvim; src = inputs.telekasten-nvim;
}; };
hmts-nvim = prev.vimUtils.buildVimPluginFrom2Nix { hmts-nvim = prev.vimUtils.buildVimPlugin {
pname = "hmts-nvim"; pname = "hmts-nvim";
version = mkVersionInput inputs.hmts-nvim; version = mkVersionInput inputs.hmts-nvim;
src = inputs.hmts-nvim; src = inputs.hmts-nvim;
}; };
actions-preview-nvim = prev.vimUtils.buildVimPluginFrom2Nix { actions-preview-nvim = prev.vimUtils.buildVimPlugin {
pname = "actions-preview-nvim"; pname = "actions-preview-nvim";
version = mkVersionInput inputs.actions-preview-nvim; version = mkVersionInput inputs.actions-preview-nvim;
src = inputs.actions-preview-nvim; src = inputs.actions-preview-nvim;
@ -39,5 +39,22 @@ with lib.my;
version = mkVersionInput inputs.nvim-treesitter; version = mkVersionInput inputs.nvim-treesitter;
src = inputs.nvim-treesitter; src = inputs.nvim-treesitter;
}); });
# HACK: to fix error in nixpkgs version of nvim-lspconfig
nvim-lspconfig = prev.vimPlugins.nvim-lspconfig.overrideAttrs (_: {
version = mkVersionInput inputs.nvim-lspconfig;
src = inputs.nvim-lspconfig;
});
nvim-puppeteer = prev.vimUtils.buildVimPlugin {
pname = "nvim-puppeteer";
version = mkVersionInput inputs.nvim-puppeteer;
src = inputs.nvim-puppeteer;
};
null-ls-nvim = prev.vimPlugins.null-ls-nvim.overrideAttrs (a: {
version = mkVersionInput inputs.none-ls-nvim;
src = inputs.none-ls-nvim;
});
}; };
} }

View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 wG6LYg LK0u1kmnMlRkk3s1nqpHREr0pbtQwc+Or9XFGSk5Syo
HLc3gWskZTeWfMPgR+EBn3R3ycn+7rWKgheZuP4o9Tg
-> ssh-ed25519 ZYd7Zg w8wh8buUNQcPdihFgWVyZfCg74x01YTSbnj8Sw5dhBQ
i8/rwKnUn2QIuTpLayg1+SzUnHbpOu7CdhAnO3u3/VU
-> ssh-ed25519 CjuqfA FPR6pGls0nRXB7lFUagHCcY39iuoSBab+T40aMuD8hQ
pyrcWA0Knw0iZf8CpfvmP5hsJf0Gba9LBKSQO1yGfbQ
-> CQVJ}-grease pf }&%
7Q
--- Mn5qor9GWHRU52zTv+kCqQljCZYsG1tO6ekZSH/p1yc
ÖÉôJžåODša¸õ0Cµ¼c´ <72>X *ú…F\uãÄAÎFOƒ<4F> ÔsKùt<»ù(œ5¢JÛMTD¶<S-iÇ1ã7Ó9™<39>ä[Çhqr>ÕÌv²Rãõµ?Mþe

BIN
secrets/root-password.age Normal file

Binary file not shown.

View File

@ -18,10 +18,11 @@ in
{ {
"github.age".publicKeys = all; "github.age".publicKeys = all;
"ssh-home.age".publicKeys = personal; "ssh-home.age".publicKeys = personal;
"ssh-builder.age".publicKeys = personal;
"uni-vpn.age".publicKeys = personal; "uni-vpn.age".publicKeys = personal;
"wireguard-preshared-key.age".publicKeys = personal; "wireguard-preshared-key.age".publicKeys = personal;
"wireguard-private-key.age".publicKeys = personal; "wireguard-private-key.age".publicKeys = personal;
"webis.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ]; "webis.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ];
"webis-ssh.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ]; "webis-ssh.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ];
"root-password.age".publicKeys = hosts-personal ++ [ moritz ];
"moritz-password.age".publicKeys = hosts-personal ++ [ moritz ];
} }

View File

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wG6LYg 5umyOPP+KaUaQckEZYnh+nyX2RIMDp/KtJraFuATQBM
qsS9JiY0qxR7IMwpH2x1VWF5A5/wrAkbeOzuMcf1fS0
-> ssh-ed25519 ZYd7Zg L9EJulnOPk7fEcmrWU8mVRbEN80dHCji1n4bnwGJigk
KTnk+Ku96gJ7Tj2egXyqX6UIuytHTuMFM1ygDXoIDxg
-> XQ.ai[-grease a ) r]>2~U
7CDc3c+1EZaEB15RE8JMzmdbr2WmQeP2ivIh4qgYTnKImHxJaJEhgScd0EzyEXVP
NZxuP+0
--- CE/X6hjRUWT1ya1ySIjFBnLdmPkVbL4ugDwYv9XGYoo
Úô½çµß‰¦¥×3Ïÿ8ìež:Im…èúÔF?U¨~Ù83ÍÉÜóÝðµôìNC<4E>zAÅãõúû°õM]0¥²fšð´ku˜¯†<C2AF>FL§lš<åÀSXCÅÛhEh<45> Î¥GKF<15>È<+çÒoŒ_<C592>ÝÐIP´ùça<vJ<>SxzŸÇyà£_\ÿ<>8p‰¥æ0v