Merge remote-tracking branch 'origin/nixos' into nixos

2023-02-24 14:08:36 +01:00 · 2023-02-24 14:08:36 +01:00 · 9b7403f235
parent 05014b9ec7 968e70c387
commit 9b7403f235
15 changed files with 165 additions and 71 deletions
--- a/flake.lock
+++ b/flake.lock
@ -775,6 +775,7 @@
        "nixpkgs": "nixpkgs_8",
        "nvim-treesitter-textsubjects": "nvim-treesitter-textsubjects",
        "pre-commit-hooks": "pre-commit-hooks_3",
+        "smartcolumn-nvim": "smartcolumn-nvim",
        "stable": "stable",
        "utils": "utils_2"
      }
@ -804,6 +805,22 @@
        "type": "github"
      }
    },
+    "smartcolumn-nvim": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1677125264,
+        "narHash": "sha256-Om0t759e6JYwcg6V+HdJk59h2yVt9kPLwGBMKNnP8AA=",
+        "owner": "m4xshen",
+        "repo": "smartcolumn.nvim",
+        "rev": "1202b0741b87b0815bdc6fc6ebacb2df9e6628ee",
+        "type": "github"
+      },
+      "original": {
+        "owner": "m4xshen",
+        "repo": "smartcolumn.nvim",
+        "type": "github"
+      }
+    },
    "stable": {
      "locked": {
        "lastModified": 1676817468,
--- a/flake.nix
+++ b/flake.nix
@ -61,6 +61,12 @@
      url = "github:RRethy/nvim-treesitter-textsubjects";
      flake = false;
    };
+
+    smartcolumn-nvim = {
+      url = "github:m4xshen/smartcolumn.nvim";
+      flake = false;
+    };
+
  };

  outputs =
--- a/modules/profiles/base.nix
+++ b/modules/profiles/base.nix
@ -5,6 +5,16 @@
 }:

 with lib;
+let
+  nom-system = pkgs.writeShellApplication {
+    name = "nom-system";
+    runtimeInputs = with pkgs; [ nix-output-monitor ];
+    text = ''
+      nom build --no-link "/home/moritz/.dotfiles#nixosConfigurations.$(hostname).config.system.build.toplevel"
+    '';
+  };
+  nom-system-command = command: "${nom-system}/bin/nom-system && ${command}";
+in
 {
  users.users.moritz = {
    isNormalUser = true;
@ -39,8 +49,8 @@ with lib;
        rm = "rm -i";
        mv = "mv -i";

-        nixos-switch = "sudo nixos-rebuild switch --flake ~/.dotfiles";
-        nixos-boot = "sudo nixos-rebuild boot --flake ~/.dotfiles";
+        nixos-switch = nom-system-command "sudo nixos-rebuild switch --flake ~/.dotfiles";
+        nixos-boot = nom-system-command "sudo nixos-rebuild boot --flake ~/.dotfiles";
        nixos-update = "pushd ~/.dotfiles && nix flake update && popd";

        latexwatch = ''find -type f -name "*.tex" | entr -c latexmk -pdf -silent'';
@ -77,6 +87,7 @@ with lib;
    nixpkgs-fmt
    statix
    manix
+    nix-output-monitor

    # other
    bat
--- a/modules/profiles/desktop.nix
+++ b/modules/profiles/desktop.nix
@ -93,9 +93,9 @@ with lib; {
      kdeconnect.enable = true;
      mullvad.enable = true;
      openconnect.enable = true;
-      openvpn.enable = true;
      printing.enable = true;
      redshift.enable = true;
+      wireguard.enable = true;
    };
  };

--- a/modules/programs/hyprland/config.nix
+++ b/modules/programs/hyprland/config.nix
@ -146,26 +146,32 @@ in
  $windowMod = ALT

  # Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
-  bind = $mainMod, D, exec, hyprctl keyword general:layout dwindle
-  bind = $mainMod, E, exec, emacsclient -c -a emacs
-  bind = $mainMod, F, togglefloating,
-  bind = $mainMod SHIFT, F, fullscreen,
-  bind = $mainMod, M, exec, hyprctl keyword general:layout master
-  bind = $mainMod, P, pseudo, # dwindle
-  bind = $mainMod, Q, killactive,
-  bind = $mainMod, R, exec, rofi -show combi
-  bind = $mainMod, C, exec, rofi -show calc -modi calc -no-show-match -no-sort | wl-copy
-  bind = $mainMod, B, exec, rofi-bluetooth
-  bind = $mainMod, RETURN, exec, kitty
-  bind = $mainMod, T, togglesplit, # dwindle
-  bind = , XF86AudioLowerVolume, exec, pamixer -d 5
-  bind = , XF86AudioMute, exec, pamixer -t
-  bind = , XF86AudioNext, exec, playerctl -p "spotifyd,firefox" next
-  bind = , XF86AudioPlay, exec, playerctl -p "spotifyd,firefox" play-pause
-  bind = , XF86AudioPrev, exec, playerctl -p "spotifyd,firefox" previous
-  bind = , XF86AudioRaiseVolume, exec, pamixer -i 5
-  bind = , XF86MonBrightnessDown, exec, brightnessctl s 10%-
-  bind = , XF86MonBrightnessUp, exec, brightnessctl s 10%+
+
+  # Window binds
+  bind = $mainMod       , F      , togglefloating ,
+  bind = $mainMod       , P      , pseudo         , 
+  bind = $mainMod       , Q      , killactive     ,
+  bind = $mainMod       , T      , togglesplit    , 
+  bind = $mainMod SHIFT , F      , fullscreen     ,
+
+  # Program binds
+  bind = $mainMod , B      , exec , rofi-bluetooth
+  bind = $mainMod , C      , exec , rofi -show calc -modi calc -no-show-match -no-sort | wl-copy
+  bind = $mainMod , D      , exec , hyprctl keyword general:layout dwindle
+  bind = $mainMod , E      , exec , emacsclient -c -a emacs
+  bind = $mainMod , M      , exec , hyprctl keyword general:layout master
+  bind = $mainMod , R      , exec , rofi -show combi
+  bind = $mainMod , RETURN , exec , kitty
+
+  # XF86 keys
+  bind = , XF86AudioLowerVolume  , exec , pamixer -d 5
+  bind = , XF86AudioRaiseVolume  , exec , pamixer -i 5
+  bind = , XF86AudioMute         , exec , pamixer -t
+  bind = , XF86AudioNext         , exec , playerctl -p "spotifyd,firefox" next
+  bind = , XF86AudioPlay         , exec , playerctl -p "spotifyd,firefox" play-pause
+  bind = , XF86AudioPrev         , exec , playerctl -p "spotifyd,firefox" previous
+  bind = , XF86MonBrightnessDown , exec , brightnessctl s 10%-
+  bind = , XF86MonBrightnessUp   , exec , brightnessctl s 10%+

  # Move focus with mainMod + hjkl
  bind = $mainMod, H, movefocus, l
@ -173,11 +179,17 @@ in
  bind = $mainMod, K, movefocus, u
  bind = $mainMod, J, movefocus, d

-  # Change current active window size with mainMod + hjkl
+  # Change current active window size with mainMod + SHIFT + hjkl
  bind = $mainMod SHIFT, H, resizeactive, -10 0
-  bind = $mainMod SHIFT, L, resizeactive, 10 0
-  bind = $mainMod SHIFT, K, resizeactive, 0 -10
  bind = $mainMod SHIFT, J, resizeactive, 0 10
+  bind = $mainMod SHIFT, K, resizeactive, 0 -10
+  bind = $mainMod SHIFT, L, resizeactive, 10 0
+
+  # Move current active window with mainMod + ALT + hjkl
+  bind = $mainMod ALT, H, movewindow, l
+  bind = $mainMod ALT, J, movewindow, d
+  bind = $mainMod ALT, K, movewindow, u
+  bind = $mainMod ALT, L, movewindow, r

  # Switch workspaces with mainMod + [0-9]
  bind = $mainMod, 1, workspace, 1
--- a/modules/programs/nvim/default.nix
+++ b/modules/programs/nvim/default.nix
@ -22,6 +22,12 @@ let
    version = mkVersionInput inputs.nvim-treesitter-textsubjects;
    src = inputs.nvim-treesitter-textsubjects;
  };
+
+  smartcolumn-nvim = pkgs.vimUtils.buildVimPluginFrom2Nix {
+    pname = "smartcolumn-nvim";
+    version = mkVersionInput inputs.smartcolumn-nvim;
+    src = inputs.smartcolumn-nvim;
+  };
 in
 {
  options.my.programs.vim = {
@ -83,6 +89,8 @@ in
        nvim-web-devicons # for dashboard-nvim
        orgmode
        plenary-nvim # for telescope, neogit
+        smartcolumn-nvim
+        telescope-fzf-native-nvim
        telescope-nvim
        vim-lion
        which-key-nvim
--- a/modules/programs/nvim/init.lua
+++ b/modules/programs/nvim/init.lua
@ -75,6 +75,9 @@ wk.register({
    b = { "<cmd>Telescope buffers<cr>", "find buffer" },
  },
 }, { prefix = "<leader>" })
+-- To get fzf loaded and working with telescope, you need to call
+-- load_extension, somewhere after setup function:
+require("telescope").load_extension("fzf")

 require("neogit").setup({
  disable_commit_confirmation = true,
@ -100,8 +103,8 @@ cmp.setup({
  formatting = {
    format = lspkind.cmp_format({
      mode = "symbol", -- show only symbol annotations
-      maxwidth = 50, -- prevent the popup from showing more than provided characters (e.g 50 will not show more than 50 characters)
-      ellipsis_char = "...", -- when popup menu exceed maxwidth, the truncated part would show ellipsis_char instead (must define maxwidth first)
+      maxwidth = 50, -- prevent the popup from showing more than provided characters
+      ellipsis_char = "...", -- when popup menu exceed maxwidth, the truncated part would show ellipsis_char instead
      symbol_map = {
        Copilot = "",
      },
@ -118,7 +121,7 @@ cmp.setup({
    ["<C-f>"] = cmp.mapping.scroll_docs(4),
    ["<C-Space>"] = cmp.mapping.complete(),
    ["<C-e>"] = cmp.mapping.abort(),
-    ["<CR>"] = cmp.mapping.confirm({ select = true }), -- Accept currently selected item. Set `select` to `false` to only confirm explicitly selected items.
+    ["<CR>"] = cmp.mapping.confirm({ select = true }),
    ["<Tab>"] = cmp.mapping(function(fallback)
      if cmp.visible() then
        cmp.select_next_item()
@ -447,3 +450,7 @@ require("nvim-tree").setup()
 wk.register({
  t = { "<cmd>NvimTreeFindFileToggle<cr>", "nvim tree" },
 }, { prefix = "<leader>t", silent = true })
+
+require("smartcolumn").setup({
+  colorcolumn = 120,
+})
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@ -8,9 +8,9 @@
    ./kdeconnect.nix
    ./mullvad.nix
    ./openconnect.nix
-    ./openvpn.nix
    ./picom.nix
    ./printing.nix
    ./redshift.nix
+    ./wireguard.nix
  ];
 }
--- a/modules/services/openvpn.nix
+++ b/modules/services/openvpn.nix
@ -1,39 +0,0 @@
-{ config
-, lib
-, pkgs
-, ...
-}:
-
-with lib;
-let
-  cfg = config.my.services.openvpn;
-in
-{
-  options.my.services.openvpn.enable = mkEnableOption "openvpn";
-
-  config = lib.mkIf cfg.enable {
-    age.secrets = {
-      homeVPN = {
-        file = ../../secrets/home-vpn.age;
-        owner = "1000";
-      };
-      homeVPNPassword = {
-        file = ../../secrets/home-vpn-password.age;
-        owner = "1000";
-      };
-    };
-    services.openvpn.servers = {
-      homeVPN = {
-        config = "config /run/agenix/homeVPN ";
-        autoStart = false;
-        updateResolvConf = true;
-      };
-    };
-    systemd.services.openvpn-homeVPN-password = {
-      description = "Enter homeVPN password";
-      script = "cat /run/agenix/homeVPNPassword | systemd-tty-ask-password-agent";
-      wantedBy = [ "openvpn-homeVPN.service" ];
-      after = [ "openvpn-homeVPN.service" ];
-    };
-  };
-}
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@ -0,0 +1,41 @@
+{ config
+, lib
+, pkgs
+, ...
+}:
+
+with lib;
+let
+  cfg = config.my.services.wireguard;
+in
+{
+  options.my.services.wireguard.enable = mkEnableOption "wireguard";
+
+  config = lib.mkIf cfg.enable {
+    age.secrets = {
+      wireguard-private-key.file = ../../secrets/wireguard-private-key.age;
+      wireguard-preshared-key.file = ../../secrets/wireguard-preshared-key.age;
+    };
+    networking.firewall = {
+      allowedUDPPorts = [ 51820 ];
+    };
+    networking.wg-quick.interfaces = {
+      wg0 = {
+        autostart = false;
+        address = [ "10.8.0.3/24" ];
+        listenPort = 51820;
+        privateKeyFile = "/run/agenix/wireguard-private-key";
+        peers = [
+          {
+            publicKey = "bT/U8ko3i//vH8LNn2R56JkGMg+0GLFrZSF81BBax08=";
+            presharedKeyFile = "/run/agenix/wireguard-preshared-key";
+            # Forward all the traffic via VPN.
+            allowedIPs = [ "0.0.0.0/0" ];
+            endpoint = "wg.moritzboeh.me:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
+  };
+}
--- a/secrets/home-vpn-password.age
+++ b/secrets/home-vpn-password.age
--- a/secrets/home-vpn.age
+++ b/secrets/home-vpn.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -12,10 +12,10 @@ let
 in
 {
  "github.age".publicKeys = all;
-  "home-vpn-password.age".publicKeys = all;
-  "home-vpn.age".publicKeys = all;
  "nordvpn.age".publicKeys = all;
  "spotifyd.age".publicKeys = all;
  "ssh-home.age".publicKeys = all;
  "uni-vpn.age".publicKeys = all;
+  "wireguard-preshared-key.age".publicKeys = all;
+  "wireguard-private-key.age".publicKeys = all;
 }
--- a/secrets/wireguard-preshared-key.age
+++ b/secrets/wireguard-preshared-key.age
@ -0,0 +1,16 @@
+age-encryption.org/v1
+-> ssh-ed25519 CjuqfA HUg3FETh6ezG8DcEaFW/VYrzKoqpGKpWQKk2R+e4zzM
+Hnj5vK3gT2+BpGVYfQBPnosUiBgp2shs4g3Va1Z1JzU
+-> ssh-ed25519 QRYDmg vc5Qzx8lbFF6BYV/BVNDv7+4tvwdGV8nyUHoVEr1yEA
+mp4s4Kg7UcS6HEcaZaFhypPQh6BzeeovpEzxn0Q91Q4
+-> ssh-ed25519 wG6LYg ZDy84tJ1nyrtCdOVlF464rPAmWEQXcP11B30+ccXJ2k
+i+efuVas6vT9K55/soO2SOLxo29heQTR12gO5gx5SSI
+-> ssh-ed25519 ZYd7Zg jmWJkTLgzrt3nU7KA3xRU37T3EriWngdbCC4GwS/pik
+PYtUFRBv8yIuHgDrMJNdrsUsqjjKc/+hmvj1+pY3MpQ
+-> ssh-ed25519 as9VYQ qpAgrLdj/1tLgGSH/ixGisVSBAoDB2A/nednmGKqLiM
+AD6i7RrNgXcPW6ebr8T1vwsbGDQkWX/zNX7kLZ1bkTI
+-> syy03-grease G1Yn Zq| $0
+EmxSuXdlQfAHuTHTAd4nvyFFhfOVswM9F79VwDNuXVkf/SatEO2uhCM4RmInrNhP
+a7U1TNxhGd4HuT0k5wqaN2Vr67adR6Hh024vaTxw9OHneQ
+--- 7AIOs1wK0DIhK+AVkPDlOZjzFLfhsqZlWXVkLnXNcN8
+!È®¼^Ã.CJ°„¸ ª]¼J<C2BC>N‚§Äºfú0¼'Äajy+
î?;à¼…Üw0<77>w<>ÒE`Sß¤¥¯Ò'¬Lá#1½Ò×ET¤.k=÷
--- a/secrets/wireguard-private-key.age
+++ b/secrets/wireguard-private-key.age
@ -0,0 +1,15 @@
+age-encryption.org/v1
+-> ssh-ed25519 CjuqfA EQLHOBOVfp+j3x+coXt1isDkG+LvsSYkU8PT1cg97FQ
+NJWJKvmN4hUHsC34n1ap4HlipC0rGWlqrbgR4vm91YY
+-> ssh-ed25519 QRYDmg LOvHPzC4zfX2rlQBxYwHoHhjftCyWnBRLXZ/aB1ekQM
+lVtsflczWZwhBx4FZeJK6jtcUCvwQKIA5Gmbth2to9U
+-> ssh-ed25519 wG6LYg nqcLDqaVL7D0seK7kW52vmG/lm0Nd28lBroYrRMVynI
+oYA8E4DDR26gpRCdJMWtzoGvUTErI6GMSdF99kTNKtc
+-> ssh-ed25519 ZYd7Zg vz3LZxq0+KTx6E4J0X6duivLP0TFtA8WaOQaiSmMcF4
+5g+3H/6J9FjsWifcfmEq8dz0hk4mpZhhJaEndPE3Mpw
+-> ssh-ed25519 as9VYQ VIQ18yC/qEiP66hfCwWAbAbNCBypB47gbWkFg/TJmWE
+MXK5RnuwAlKt676CPO0N/3BeM9gsgMPZNEG1DXq8uXA
+-> 8kx-grease s%obC ~GOw1 C
+
+--- V8z981BPe2yVOaMCj2np9Vvvy/6zP8xHCFKRFwsceXs
+¢»„•¤ÇÜà+<2B>’Xobë_)È<zÝ¯mDPoçßê±KðÂ½ùÛÞZåé=Ø,ŒÂ¥ºt-·b+}vûçµpgÝÊU'
	þø#/89„