9 Commits

Author SHA1 Message Date
materus a7421ce7dd add nix-vscode-extensions 2024-10-31 21:08:37 +01:00
materus 40869ddd02 Add plasma-manager, remove inputs from devshell 2024-10-21 23:11:44 +02:00
materus ac5447eff2 inputs: use inputs directly, without additional "inputs" 2024-03-02 19:48:03 +01:00
materus 361ed098b4 inputs: add devshell, git-agecrypt, base16, flake-utils 2024-02-25 18:09:09 +01:00
materus 748756208f inputs: add sops-nix 2024-02-23 01:23:18 +01:00
materus 06a35210af inputs: nixos-hardware 2023-10-27 12:35:07 +02:00
materus cae14663b5 inputs 2023-10-08 16:17:46 +02:00
materus ad14e1976a inputs 2023-10-08 16:14:06 +02:00
materus f86ef1c2db inputs init 2023-10-08 16:13:36 +02:00
114 changed files with 102 additions and 9507 deletions
-4
View File
@@ -1,4 +0,0 @@
# Do not edit this file. To specify the files to encrypt, create your own
# .gitattributes file in the directory where your files are.
* !filter !diff
*.gpg binary
-2
View File
@@ -1,2 +0,0 @@
**/private/** filter=git-crypt diff=git-crypt
encrypted-test filter=git-crypt diff=git-crypt
-1
View File
@@ -1 +0,0 @@
\#*\#
-18
View File
@@ -1,18 +0,0 @@
# nixos-config
My NixOS and home-manager configs.
Dotfiles and helper scripts.
Not all config is here, some I keep in private flake.
## Hosts
materusPC - my main PC
Old-materusPC - my old PC, barely used
flamaster - my laptop, used mostly as server for games.
valkyrie - VPS, my website and pleroma instance
waffentrager - raspberry pi4, home server
@@ -1,308 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, materusArg, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.supportedFilesystems = [ "ntfs" ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.auto-optimise-store = true;
nix.settings.substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
nix.settings.trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
nixpkgs.config.allowUnfree = true;
# Use the systemd-boot EFI boot loader.
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = "1920x1080";
gfxmodeBios = "1920x1080";
useOSProber = true;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.tmpOnTmpfs = true;
services.flatpak.enable = true;
services.gvfs.enable = true;
networking.hostName = "Old-materusPC"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Warsaw";
services.fstrim = {
enable = true;
interval = "weekly";
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "lat2-16";
# keyMap = "pl";
useXkbConfig = true; # use xkbOptions in tty.
};
hardware.bluetooth.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
materus.profile.steam.enable = true;
# Configure keymap in X11
services.xserver.layout = "pl";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound.
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
hardware.pulseaudio.enable = false;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "kvm" "input" "libvirt" "libvirtd" "podman" ];
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
};
environment.sessionVariables = rec {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
#SSH_ASKPASS_REQUIRE = "prefer";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
MOZ_USE_XINPUT2 = "1";
PATH = [
"\${XDG_BIN_HOME}"
];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
# List packages installed in system profile. To search, run:
# $ nix search wget
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.libsForQt5.fcitx5-qt ];
environment.systemPackages = with pkgs; [
brave
glibc
patchelf
vim
wget
killall
xorg.xkill
xorg.xhost
nix-top
gitFull
curl
jdk
nss_latest
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
distrobox
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
nix-du
git-crypt
wineWowPackages.stagingFull
winetricks
protontricks
openal
gnupg
ncurses
monkeysphere
gparted
inkscape
gimp
virt-manager
libguestfs
bubblewrap
bindfs
pulseaudio
binutils
];
fonts.fontDir.enable = true;
fonts.enableDefaultFonts = true;
fonts.fonts = with pkgs; [
dejavu_fonts
hack-font
noto-fonts
noto-fonts-extra
noto-fonts-emoji
noto-fonts-cjk-sans
noto-fonts-cjk-serif
ubuntu_font_family
wqy_zenhei
monocraft
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "Meslo" "ProFont" ]; })
];
fonts.fontconfig.enable = true;
fonts.fontconfig.cache32Bit = true;
fonts.fontconfig.defaultFonts.sansSerif = [ "Noto Sans" "DejaVu Sans" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.serif = [ "Noto Serif" "DejaVu Serif" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.emoji = [ "Noto Color Emoji" "OpenMoji Color" ];
fonts.fontconfig.defaultFonts.monospace = [ "Hack Nerd Font" "Noto Sans Mono" "WenQuanYi Zen Hei Mono" ];
environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" ];
environment.shells = with pkgs; [ zsh ];
programs = {
steam = {
enable = true;
dedicatedServer.openFirewall = true;
remotePlay.openFirewall = true;
};
fish.enable = true;
java.enable = true;
command-not-found.enable = false;
dconf.enable = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
services.pcscd.enable = true;
/*systemd.user.services.gpg-agent.serviceConfig.ExecStart = [
""
''
${pkgs.gnupg}/bin/gpg-agent --supervised \
--pinentry-program ${pkgs.kwalletcli}/bin/pinentry-kwallet
''
];*/
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.ssh.startAgent = true;
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 ];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}
@@ -1,13 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports =
[
./secrets
./configuration.nix
./nvidia.nix
./plasma.nix
];
}
@@ -1,91 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "vfio-pci" ];
boot.extraModulePackages = [ ];
boot.kernel.sysctl = { "vm.swappiness" = 10; };
boot.kernelParams = [ "ibt=off" "intel_iommu=on" "iommu=pt" "pcie_acs_override=downstream,multifunction" ];
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/materus" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
neededForBoot = true;
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-label/NixOS_Home";
fsType = "btrfs";
options = [ "subvol=@home" "nossd" "noatime" "compress=zstd" "space_cache=v2" "autodefrag" ];
};
fileSystems."/materus/data" =
{
device = "/dev/disk/by-label/NixOS_Home";
fsType = "btrfs";
options = [ "subvol=@data" "nossd" "noatime" "compress=zstd" "space_cache=v2" "autodefrag" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/A5C2-31D1";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-label/NixOS_Swap"; }];
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
depends = [ "/materus" ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkForce true;
}
@@ -1,79 +0,0 @@
{ config, pkgs, materusArg, lib, ... }:
{
home.stateVersion = "22.11";
home.homeDirectory = "/home/materus";
programs.wezterm.enable = true;
programs.git = {
userEmail = "materus@podkos.pl";
userName = "materus";
signing.signByDefault = true;
signing.key = "${materusArg.cfg.path}/extraFiles/keys/ssh/materus.pub";
extraConfig = {
commit.gpgsign = true;
gpg.format = "ssh";
};
};
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_16; in [
llvmpkgs.clang
llvmpkgs.llvm
llvmpkgs.bintools
llvmpkgs.lld
llvmpkgs.lldb
llvmpkgs.libllvm
llvmpkgs.libllvm.dev
gcc
gdb
cmake
gnumake
ninja
binutils
coreutils
util-linux
dotnet-sdk_8
mono
mold
python3
lua
gtk4.dev
gtk4
miniaudio
SDL2.dev
SDL2
freeglut.dev
freeglut
boost.dev
boost
glew.dev
libGL.dev
libGLU.dev
vulkan-loader.dev
jdk
ldc
dmd
dub
]);
editor.emacs.enable = false;
};
home.packages = [
pkgs.papirus-icon-theme
];
}
@@ -1,32 +0,0 @@
{ config, pkgs, ... }:
{
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
nvidiaSettings = true;
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
};
hardware.opengl.extraPackages = with pkgs; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];
materus.profile.steam.extraEnv = {
VK_ICD_FILENAMES=''''$VK_ICD_FILENAMES:/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json:/run/opengl-driver-32/share/vulkan/icd.d/nvidia_icd.i686.json'';
};
}
@@ -1,27 +0,0 @@
{ pkgs, ... }:
{
services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.wayland.enable = true;
services.xserver.displayManager.sddm.settings = {
General = {
InputMethod = "";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
};
environment.variables = {
QT_PLUGIN_PATH = [ "${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}" ];
XCURSOR_THEME = "breeze_cursors";
};
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
environment.plasma6.excludePackages = with pkgs.kdePackages; [ kwallet kwalletmanager kwallet-pam ];
environment.systemPackages = with pkgs.kdePackages; [
ark
kate
];
materus.profile.steam.extraPkgs = [ pkgs.kdePackages.breeze pkgs.kdePackages.breeze-gtk pkgs.kdePackages.dolphin ];
}
@@ -1,25 +0,0 @@
{ config, pkgs, lib, materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets."wg-key" = { };
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -1,33 +0,0 @@
wg-key: ENC[AES256_GCM,data:+z+Xxq6A1h5ceCOZry9PSz871zVZpd9Y6vtqpfoAulHCN03DjzZ/PLmRvYQ=,iv:7hdjnUuaRk30hFJ8rv4zXxI8v42RWC1iQb64LMNgBnQ=,tag:eUSTVygR+u9ERPU9gfhYIw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1el7zhjxkrlravpt7hw36fuac0xfgd42qkjjkvxzqmyl28u8csasqkd4a40
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsT2w4SCt2ZGdLYktHckMw
QVhza2tqU2M1Q3lsYnhld1dKcTdYUHcvSzFrCjMxT05yU01nUmFQK0FCUThUNDNN
V2EyTUhoVUNjNlNwTU9FeTlGRkxvVDgKLS0tIDBFYys1TmI0T0x0RnE2N3JCWWpq
VFVjMGUvRVBaY0JsR2lVcUFsdk4rYjQKEiiqEcTaQSVXSAm5c9uylaf2Tt/KJtPl
GDp+2YSBHHnVYjtYf7k9WqsIEe5/0AifDp3YA8jNhOXuZwZdvk+fLw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-30T18:21:12Z"
mac: ENC[AES256_GCM,data:0DMB+ukujc6PMU45n1QJGryGie25Bj2hXmia69QgYZNk2vgfO+nYmWSpmqK4Z00xXNtbsgejfDto5mrzU/OJ4FF3eOfwWfdIwxQLEQKoPF5U3niON3YO8FEA+JIn+/fNGF3fY1AgBfhberST5ikKnmff1Nwe5GOwQHSB3LU+CZE=,iv:V89EFUby3bwsoZKpoJRmJS9E/UheMBkKDq7j40IzBTA=,tag:aOJnFFGIuzQ3T7YrIFiWtw==,type:str]
pgp:
- created_at: "2024-03-30T18:20:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAnUVLGsgIKd3EtSAGTPyXqSlsz1T8RnDvAtBz/XaH0y0w
pkp84zTe85FRZDnTO8a44WkpNIrUih0CYQSPPCZqSi/qnIxPWgx67HTC1bPAO9Iw
1GgBCQIQNcrKr4YNKSP5XxJqMXOyZD7rZ4g02Xdw5XplZ/y34m9c83S44XRgHwg4
0obXI1UlsqyHf/ZnTM1pbXO/kdTdFomWvWbfbuKDgDvyiJJ18mJ48GOsv/SBBJjJ
3877O+Ia5I8Chg==
=q58P
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
Binary file not shown.
-61
View File
@@ -1,61 +0,0 @@
{ inputs, materusFlake }:
let
profiles = import ../profile;
makeSystem = { host, arch ? "x86_64-linux", extraModules ? [ ], stable ? true, hmAsModule ? true, hmUsers ? [ "materus" ] }:
let
nixosSystem = if stable then inputs.nixpkgs-stable.lib.nixosSystem else inputs.nixpkgs.lib.nixosSystem;
hm = if stable then inputs.configInputs-stable.home-manager else inputs.configInputs.home-manager;
materusCfg = {
inherit stable;
inherit materusFlake;
inherit host;
inherit hm;
inherit hmAsModule;
nixerus = if stable then inputs.configInputs-stable.nixerus else inputs.configInputs.nixerus;
configInputs = if stable then inputs.configInputs-stable else inputs.configInputs;
path = materusFlake.selfPath;
hostPath = materusFlake.selfPath + "/configurations/host/${host}";
isHm = false;
};
in
(nixosSystem {
specialArgs = { inherit materusCfg; };
system = arch;
modules = [
./${host}
profiles.osProfile
materusCfg.configInputs.sops-nix.nixosModules.sops
(if hmAsModule then hm.nixosModules.home-manager else { })
(if hmAsModule then
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users = (builtins.foldl' (a: b: a // b) { } (builtins.map
(user: {
${user} = ({ ... }:
{
imports = [
(materusFlake.selfPath + "/configurations/shared/home/${user}")
(materusFlake.selfPath + "/configurations/host/${host}/home/${user}")
profiles.homeProfile
];
});
})
hmUsers));
home-manager.extraSpecialArgs = { materusCfg = materusCfg // { isHm = true; }; };
} else { })
] ++ extraModules;
}) // { inherit materusCfg; };
in
{
materusPC = makeSystem { host = "materusPC"; stable = false; };
flamaster = makeSystem { host = "flamaster"; stable = true; };
valkyrie = makeSystem { host = "valkyrie"; stable = true; };
waffentrager = makeSystem { host = "waffentrager"; stable = true; arch = "aarch64-linux"; };
Old-materusPC = makeSystem { host = "Old-materusPC"; stable = false; };
}
@@ -1,192 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, materusArg, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.wireless.iwd.enable = true;
services.logind.lidSwitch = "ignore";
services.logind.lidSwitchExternalPower = "ignore";
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
programs.tmux = {
enable = true;
clock24 = true;
};
programs.java = {
enable = true;
package = pkgs.graalvm-ce;
binfmt = true;
};
# Bootloader.
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
useOSProber = true;
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080";
#efiInstallAsRemovable = true;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
networking.hostName = "flamaster"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
networking.networkmanager.wifi.backend = "iwd";
# Set your time zone.
time.timeZone = "Europe/Warsaw";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.utf8";
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl.enable = true;
hardware.nvidia.prime = {
offload.enable = true;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
};
# Enable the KDE Plasma Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# Configure keymap in X11
services.xserver = {
layout = "pl";
xkbVariant = "";
};
# Configure console keymap
console.keyMap = "pl2";
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.materus = {
isNormalUser = true;
description = "Mateusz Słodkowicz";
extraGroups = [ "networkmanager" "wheel" ];
openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
packages = with pkgs; [
kate
];
shell = pkgs.zsh;
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
util-linux
killall
pciutils
lshw
steamcmd
distrobox
config.materus.profile.packages.firefox
config.programs.java.package
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 27015 25565 24454 8123 ];
networking.firewall.allowedTCPPortRanges = [{ from = 16262; to = 16272; }];
networking.firewall.allowedUDPPorts = [ 22 16261 16262 8766 8767 25565 24454 8123 ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
networking.networkmanager.extraConfig = lib.mkDefault ''
[connectivity]
uri=http://nmcheck.gnome.org/check_network_status.txt
'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
programs.neovim.enable = true;
programs.neovim.vimAlias = true;
programs.neovim.viAlias = true;
services.flatpak.enable = true;
xdg.portal.enable = true;
virtualisation.podman.enable = true;
virtualisation.podman.dockerCompat = true;
virtualisation.podman.enableNvidia = true;
virtualisation.podman.dockerSocket.enable = true;
}
-12
View File
@@ -1,12 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./configuration.nix
];
materus.profile.nix.enable = true;
materus.profile.steam.enable = true;
}
@@ -1,67 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" "compress=zstd" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-label/NixOS_EFI_L";
fsType = "vfat";
};
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [{
device = "/var/.swapfile";
size = 32 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
@@ -1,23 +0,0 @@
{ config, pkgs, materusArg, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
zsh.enable = true;
};
home.packages = [
pkgs.papirus-icon-theme
(materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; })
];
}
-106
View File
@@ -1,106 +0,0 @@
{config, pkgs, materusArg, ...}:
{
environment.systemPackages = with pkgs; [
gamescope
#(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
materusArg.pkgs.amdgpu-pro-libs.prefixes
(pkgs.bottles.override { extraPkgs = pkgs: [ pkgs.libsForQt5.breeze-qt5 pkgs.kdePackages.breeze-gtk pkgs.nss_latest ]; extraLibraries = pkgs: [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
glibc
glib
gtk3
gtk4
gsettings-desktop-schemas
kdePackages.dolphin
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
patchelf
killall
util-linux
xorg.xhost
nix-top
gitFull
curl
wget
config.programs.java.package
nss_latest
pciutils
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
steamtinkerlaunch
distrobox
# WebP support
libwebp
webp-pixbuf-loader
# Compression
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
tldr
bat
##config.materus.profile.packages.home-manager
gcr
# pgcli
# litecli
materusArg.pkgs.alvr
#zenmonitor
nix-du
kate
krusader
wineWowPackages.stagingFull
winetricks
protontricks
gnupg
pinentry
pinentry-gnome3
pinentry-curses
ncurses
monkeysphere
gparted
virt-viewer
inkscape
gimp
git-crypt
bubblewrap
bindfs
binutils
];
}
-63
View File
@@ -1,63 +0,0 @@
{ pkgs, lib, ... }:
{
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
audio.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = false;
jack.enable = true;
};
hardware.pulseaudio.enable = false;
environment.sessionVariables =
let
makePluginPath = format:
(lib.makeSearchPath format [
"$HOME/.nix-profile/lib"
"/run/current-system/sw/lib"
"/etc/profiles/per-user/$USER/lib"
])
+ ":$HOME/.${format}";
in
{
ALSOFT_DRIVERS = "pulse";
DSSI_PATH = makePluginPath "dssi";
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
LXVST_PATH = makePluginPath "lxvst";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
};
services.udev = {
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
};
environment.systemPackages = with pkgs; [
openal
pulseaudio
reaper
yabridge
yabridgectl
vital
odin2
surge
fire
decent-sampler
lsp-plugins
];
}
-31
View File
@@ -1,31 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports =
[
./hardware
./vm
./secrets
./scripts.nix
./tmp.nix
./network.nix
./kde.nix
./audio.nix
./apps.nix
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
system.copySystemConfiguration = false;
system.stateVersion = "23.05";
materus.profile.nix.enable = true;
materus.profile.nixpkgs.enable = true;
materus.profile.fonts.enable = true;
materus.profile.steam.enable = true;
}
-44
View File
@@ -1,44 +0,0 @@
{ config, pkgs, lib, ... }:
{
services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.gdm.wayland = true;
services.xserver.desktopManager.gnome.enable = true;
services.xserver.desktopManager.gnome.sessionPath = [ pkgs.gnome.gpaste ];
services.gnome.gnome-online-accounts.enable = true;
services.gnome.gnome-browser-connector.enable = true;
services.gnome.core-utilities.enable = true;
services.gnome.core-shell.enable = true;
services.gnome.core-os-services.enable = true;
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
programs.gnome-terminal.enable = true;
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
services.dbus.packages = with pkgs; [ gnome2.GConf ];
environment.systemPackages = with pkgs; [
gnome3.adwaita-icon-theme
gnome3.gnome-tweaks
gnome3.gnome-color-manager
gnome3.gnome-shell-extensions
gnomeExtensions.appindicator
gnomeExtensions.desktop-clock
gnomeExtensions.gtk4-desktop-icons-ng-ding
gnomeExtensions.compiz-windows-effect
gnomeExtensions.burn-my-windows
gnomeExtensions.user-themes
gnomeExtensions.gsconnect
];
}
@@ -1,59 +0,0 @@
{ config, pkgs, lib, ... }:
let
video = [
"video=HDMI-A-3:1920x1080@144"
"video=DP-3:1920x1080@240"
#"video=DP-1:1920x1080@240"
#"video=DP-2:1920x1080@240"
#"video=HDMI-A-1:1920x1080@240"
#"video=HDMI-A-2:1920x1080@240"
];
in
{
#Kernel
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.kernelParams = [ "rcu_nocbs=8-15,24-31" "nohz_full=8-15,24-31" "vfio_iommu_type1.allow_unsafe_interrupts=1" "pcie_acs_override=downstream,multifunction" /*"pci-stub.ids=1002:744c"*/ "nox2apic" "nvme_core.default_ps_max_latency_us=0" "nvme_core.io_timeout=255" "nvme_core.max_retries=10" "nvme_core.shutdown_timeout=10" "amd_iommu=on" "iommu=pt" ] ++ video;
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci"];
boot.extraModprobeConfig = ''
options kvm_amd nested=1 avic=1 npt=1 sev=0
options vfio_iommu_type1 allow_unsafe_interrupts=1
'';
boot.kernel.sysctl = {
"vm.max_map_count" = 1000000;
"vm.swappiness" = 10;
};
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.supportedFilesystems = [ "ntfs" "btrfs" "vfat" "exfat" "ext4" ];
boot.tmp.useTmpfs = true;
#bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
useOSProber = true;
memtest86.enable = true;
};
boot.plymouth.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}
@@ -1,61 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
{
imports =
[
./filesystem.nix
./boot.nix
];
hardware.firmware = with pkgs; [
materusArg.pkgs.amdgpu-pro-libs.firmware.vcn
#materusArg.pkgs.amdgpu-pro-libs.firmware
linux-firmware
alsa-firmware
sof-firmware
];
environment.variables = {
DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1";
VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json";
AMD_VULKAN_ICD = "RADV";
RADV_PERFTEST = "gpl,rt,sam";
OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/";
};
hardware.cpu.amd.updateMicrocode = lib.mkForce true;
#extra
hardware.wooting.enable = true;
hardware.bluetooth.enable = true;
#Graphics
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
amdvlk
rocmPackages.clr.icd
rocmPackages.clr
materusArg.pkgs.amdgpu-pro-libs.vulkan
materusArg.pkgs.amdgpu-pro-libs.amf
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
pkgs.driversi686Linux.amdvlk
materusArg.pkgs.i686Linux.amdgpu-pro-libs.vulkan
libvdpau-va-gl
];
services.udev.extraRules = ''
#GPU bar size
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource0_resize}="15"
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource2_resize}="8"
'';
#Trim
services.fstrim = {
enable = true;
interval = "weekly";
};
}
@@ -1,68 +0,0 @@
{ config, pkgs, lib, ... }:
{
zramSwap = {
enable = true;
memoryPercent = 25;
};
swapDevices = [
{
label = "NixOS_Swap";
}
];
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
depends = [ "/materus" ];
};
fileSystems."/materus" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
neededForBoot = true;
};
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" "compress=zstd" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@home" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-label/NixOS_EFI";
fsType = "vfat";
};
}
@@ -1,96 +0,0 @@
{ pkgs, materusArg, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
programs.git.signing.signByDefault = true;
xdg.userDirs.enable = true;
xdg.portal.enable = true;
xdg.portal.xdgOpenUsePortal = true;
xdg.portal.extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
xdg.portal.configPackages = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_16; in [
llvmpkgs.clang
llvmpkgs.llvm
llvmpkgs.bintools
llvmpkgs.lld
llvmpkgs.lldb
llvmpkgs.libllvm
llvmpkgs.libllvm.dev
raylib
gcc
gdb
nil
nixfmt
nixpkgs-fmt
cmake
gnumake
ninja
binutils
coreutils
util-linux
openssl
openssl.dev
pkg-config
dotnet-sdk_8
mono
mold
python3
lua
gtk4.dev
gtk4
miniaudio
SDL2.dev
SDL2
freeglut.dev
freeglut
boost.dev
boost
glew.dev
libGL.dev
libGLU.dev
vulkan-loader.dev
xorg.xorgproto
xorg.libX11.dev
xorg.libXrandr.dev
xorg.libXrender.dev
rustup
freetype.dev
fpc
openjdk21
bison
flex
ldc
dmd
dub
]);
editor.emacs.enable = false;
};
home.packages = [
pkgs.papirus-icon-theme
materusArg.pkgs.ffmpeg6-amf-full
(materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; extraLibs = [ ]; })
pkgs.git-crypt
];
programs.obs-studio = {
enable = false;
plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-vkcapture obs-gstreamer input-overlay obs-multi-rtmp obs-pipewire-audio-capture ];
package = materusArg.pkgs.obs-amf;
};
}
-73
View File
@@ -1,73 +0,0 @@
{ config, pkgs, lib, ... }:
let
westonSddm = let xcfg = config.services.xserver; in pkgs.writeText "weston.ini"
''
[core]
xwayland=false
shell=fullscreen-shell.so
[keyboard]
keymap_model = ${builtins.toString xcfg.xkb.model};
keymap_layout = ${builtins.toString xcfg.xkb.layout};
keymap_variant = ${builtins.toString xcfg.xkb.variant};
keymap_options = ${builtins.toString xcfg.xkb.options};
[libinput]
enable-tap = ${builtins.toString xcfg.libinput.mouse.tapping};
left-handed = ${builtins.toString xcfg.libinput.mouse.leftHanded};
[output]
name=DP-3
mode=1920x1080@240
[output]
name=DP-2
mode=off
[output]
name=HDMI-A-3
mode=off
'';
in
{
services.displayManager.defaultSession = "plasma";
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.displayManager.sddm.wayland.compositor = lib.mkForce "weston";
services.displayManager.sddm.wayland.compositorCommand = lib.concatStringsSep " " [
"${lib.getExe pkgs.weston}"
"--shell=kiosk"
"-c ${westonSddm}"
];
services.displayManager.sddm.settings = {
General = {
InputMethod = "";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
};
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
environment.plasma6.excludePackages = with pkgs.kdePackages; [ kwallet kwalletmanager kwallet-pam ];
environment.variables = {
# Old fix for black cursor on amdgpu, seems to work fine now
#KWIN_DRM_NO_AMS = "1";
#Fix for amdgpu crashes
KWIN_DRM_USE_MODIFIERS = "0";
KWIN_DRM_NO_DIRECT_SCANOUT = "1";
QT_PLUGIN_PATH = [ "${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}" ];
XCURSOR_THEME = "breeze_cursors";
};
environment.systemPackages = with pkgs; [
kdePackages.ark
];
materus.profile.steam.extraPkgs = [ pkgs.kdePackages.breeze pkgs.kdePackages.breeze-gtk pkgs.kdePackages.dolphin ];
}
-51
View File
@@ -1,51 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
{
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
'';
networking.useDHCP = lib.mkDefault true;
networking.hostName = "materusPC";
networking.wireless.iwd.enable = true;
networking.networkmanager.enable = true;
#networking.networkmanager.wifi.backend = "iwd";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 8080 9943 9944 ];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 6000 9943 9944 ];
#Fix warning
networking.networkmanager.extraConfig = lib.mkDefault ''
[connectivity]
uri=http://nmcheck.gnome.org/check_network_status.txt
'';
networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path
];
networking.networkmanager.ensureProfiles.profiles = {
wg0 = {
connection = {
id = "wg0";
type = "wireguard";
interface-name = "wg0";
};
wireguard = {
private-key = "$WIREGUARD_PRIVATEKEY";
};
"wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
allowed-ips = "${materusArg.ip-masks.wireguard.general};";
};
ipv4 = {
address1 = "${materusArg.ips.wireguard.materusPC}/23";
dns = "${materusArg.ips.wireguard.valkyrie};";
method = "manual";
never-default = "true";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "disabled";
};
proxy = { };
};
};
}
-59
View File
@@ -1,59 +0,0 @@
{ config, pkgs, lib, ... }:
let
valkyrie-sync = pkgs.writeShellScriptBin "valkyrie-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/nixos-config materus@valkyrie:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/valkyrie materus@valkyrie:/materus/config/private
'';
valkyrie-flakelock = pkgs.writeShellScriptBin "valkyrie-flakelock" ''
${pkgs.openssh}/bin/ssh materus@valkyrie "nix flake update /materus/config/nixos-config --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-boot = pkgs.writeShellScriptBin "valkyrie-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild boot --flake /materus/config/nixos-config#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-switch = pkgs.writeShellScriptBin "valkyrie-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild switch --flake /materus/config/nixos-config#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
flamaster-sync = pkgs.writeShellScriptBin "flamaster-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/nixos-config materus@flamaster:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/flamaster materus@flamaster:/materus/config/private
'';
flamaster-flakelock = pkgs.writeShellScriptBin "flamaster-flakelock" ''
${pkgs.openssh}/bin/ssh materus@flamaster "nix flake update /materus/config/nixos-config --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-boot = pkgs.writeShellScriptBin "flamaster-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild boot --flake /materus/config/nixos-config#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-switch = pkgs.writeShellScriptBin "flamaster-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild switch --flake /materus/config/nixos-config#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
in
{
environment.systemPackages = [
valkyrie-rebuild-boot
valkyrie-rebuild-switch
valkyrie-sync
valkyrie-flakelock
flamaster-rebuild-boot
flamaster-rebuild-switch
flamaster-sync
flamaster-flakelock
];
}
@@ -1,27 +0,0 @@
{ config, pkgs, lib, materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.age.sshKeyPaths = [ "/materus/root/ssh_host_ed25519_key" ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.wireguard = { };
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -1,36 +0,0 @@
users:
materus: ENC[AES256_GCM,data:okqSgMvdFq1BMAg+Gs725zaNbeAQIpJKSPB2Sa83i3EYimphZNBtrJLen+gQEGNq4yeTyAc9Ih/hcnr+3z+Tea/g9ffh/UC4YA==,iv:OhKoWLREAqCbtmS3Rw9nE9+PtcBLwEHimJXcj4oejRA=,tag:Ht/SQSwumnQR6E45Pl47AQ==,type:str]
root: ENC[AES256_GCM,data:vnPjK+xayk/Zk895rERYAeCzpjv5NJ7EAyK4MRDUzDbW++4Dy+UEI81v1v7w9dfpDeL+x5kOqUFO5zVVDUGfZ3yf/l8M8N8KcA==,iv:gGFGcy3K27nQxn0+7I/t0kg3nZyXeGWqysOl2auZJXo=,tag:N+LYhKpPCbI1EjEBwxuh1g==,type:str]
wireguard: ENC[AES256_GCM,data:rBkftzBcdamhP0xZB3qxfLptL8bX1qc7SdcfPNpYV67TeQs6i79+5KB/da4=,iv:22J5SZbFtYco7iSHvD2GD1bcazfGWlyEJ2isa3Ab4bI=,tag:BeUn9Srl2vyoDgK5Xv0UCg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1fq9ckkwtgvm69w045rf9pgurnhch6ukdxejr8yxgrthn7j8vp48qvd9rkx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbHZZUVF1dVJSU1NvNXVk
N3VtTm00ZHRWb082T0FkNXJncUxCU3haVmpVCk9FQkJBZnVJVFNLOThjZzlxNVF1
b0phQ2daejRrdVhEZ2YvRHVRRU5BQlEKLS0tIGdQeDlOSzl4VDhGNURQditCWUFG
dWVzbzUyakxXUGpTQjNsYzcyVG1aRDgKXVa8tIAbmggw1vSt3NJYRLgXhbagpNrX
RNXyndPaeQXVPVXuJWmHgRCYbwPTcfAFpGwFlX2IxVLlmC914Zklhw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-19T15:58:46Z"
mac: ENC[AES256_GCM,data:BLa0G3ci8EWH43UkLI2OoFJp2F9YeuKDrg6+2I/bq/lLi/YUitkJvBkA9VSIbvCyYWs/5SlEL5MayX8iiVdJ7r9bCiw+LVsWNAdaYDCafbZRW5F7KiHS5WXV3v4c201kFok7rmnRhEfKfdDxLlQ/mFHqOhupHU/qCNMTuUzJBiA=,iv:EPRoXHVMB6I16lTFJdFVAuSnMD/B55fPYtSBOQddutE=,tag:gohg+BdRlMPAQmNpRdk8sg==,type:str]
pgp:
- created_at: "2024-03-02T22:10:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAvGVUu56Pd2+DMHqgIcJokyh11952nQK2eVtQNj42CAUw
NQfulNRUHX5BonsLyvXPx74bVku6Wxr80loIWoz049/xbFj4S7FyftkakY8rOUGu
1GgBCQIQOoEFvTQB8qGbea/85fktuljXPou/WgUY6Mxd4n0dBz54f69B/NttnBGc
7eUDKfe79Omr0o/0CVC/6SGKoiS38suV903QHeF1MXFPeOG72k4TvfF9lVlBgK8H
k4DXtzC7wm3WWg==
=eh7Z
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
-158
View File
@@ -1,158 +0,0 @@
{ config, pkgs, materusArg, ... }:
{
virtualisation.lxc.enable = true;
virtualisation.lxc.lxcfs.enable = true;
virtualisation.lxd.enable = true;
programs.gamemode.enable = true;
services.teamviewer.enable = true;
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
services.flatpak.enable = true;
services.gvfs.enable = true;
services.xserver.xkb.layout = "pl";
services.xserver.enable = true;
services.xserver.videoDrivers = [ "amdgpu" ];
services.dbus.enable = true;
services.dbus.packages = [ pkgs.gcr ];
services.xserver.displayManager.startx.enable = false;
xdg.portal.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.xdgOpenUsePortal = true;
services.xserver.exportConfiguration = true;
services.xserver.extraConfig = pkgs.lib.mkDefault ''
Section "OutputClass"
Identifier "amd-options"
Option "TearFree" "True"
Option "SWCursor" "True"
Option "VariableRefresh" "true"
Option "AsyncFlipSecondaries" "true"
Option "DRI3" "1"
MatchDriver "amdgpu"
EndSection
'';
services.printing.enable = true;
services.xserver.libinput.enable = true;
virtualisation.waydroid.enable = false;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
users.users.materus = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
"render"
"pipewire"
"wheel"
"networkmanager"
"input"
"kvm"
"libvirt-qemu"
"libvirt"
"libvirtd"
"podman"
"lxd"
];
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
};
environment.sessionVariables = {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
QT_XKB_CONFIG_ROOT = "\${XKB_CONFIG_ROOT}";
GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
XMODIFIERS = "@im=fcitx";
SDL_IM_MODULE = "fcitx";
MOZ_USE_XINPUT2 = "1";
PATH = [
"\${XDG_BIN_HOME}"
];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.kdePackages.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.fcitx5-gtk pkgs.kdePackages.fcitx5-qt ];
services.pcscd.enable = true;
services.samba-wsdd.enable = true;
services.samba = {
enable = true;
package = pkgs.sambaFull;
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.ssh.startAgent = true;
services.openssh.enable = true;
environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" "/share/bash-completion" "/share/fish" ];
environment.shells = with pkgs; [ zsh bashInteractive fish ];
programs = {
fish.enable = true;
java.enable = true;
java.package = pkgs.graalvm-ce;
java.binfmt = true;
command-not-found.enable = false;
dconf.enable = true;
};
materus.profile.browser.enable = true;
services.davfs2.enable = true;
}
@@ -1,77 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./win10
];
systemd.mounts = [
{
where = "/dev/hugepages";
enable = false;
}
{
where = "/dev/hugepages/hugepages-2048kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=2M";
requiredBy = [ "basic.target" ];
}
{
where = "/dev/hugepages/hugepages-1048576kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=1G";
requiredBy = [ "basic.target" ];
}
];
virtualisation.libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu.ovmf.enable = true;
qemu.ovmf.packages = [ pkgs.OVMFFull.fd ];
qemu.runAsRoot = true;
qemu.swtpm.enable = true;
qemu.package = pkgs.qemu_full;
};
virtualisation.spiceUSBRedirection.enable = true;
environment.systemPackages = with pkgs; [
virtiofsd
config.virtualisation.libvirtd.qemu.package
looking-glass-client
virt-manager
libguestfs-with-appliance
];
systemd.services.libvirtd = {
path =
let
env = pkgs.buildEnv {
name = "qemu-hook-env";
paths = with pkgs; [
bash
libvirt
kmod
systemd
ripgrep
sd
coreutils
sudo
su
killall
procps
util-linux
bindfs
qemu-utils
psmisc
];
};
in
[ env ];
};
}
@@ -1,134 +0,0 @@
{ config, pkgs, ... }:
let
startHook = /*''
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
''
+*/
''
# Make sure nothing renders on gpu to prevent "sysfs: cannot create duplicate filename" after rebinding to amdgpu
chmod 0 /dev/dri/renderD128
fuser -k /dev/dri/renderD128
# Seems to fix reset bug for 7900 XTX
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
systemctl stop mountWin10Share.service
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
sleep 1s
echo "10" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
echo "3" > /proc/sys/vm/drop_caches
echo "1" > /proc/sys/vm/compact_memory
#echo "8192" > /sys/devices/system/node/node1/hugepages/hugepages-2048kB/nr_hugepages
systemctl set-property --runtime -- user.slice AllowedCPUs=0-7,16-23
systemctl set-property --runtime -- system.slice AllowedCPUs=0-7,16-23
systemctl set-property --runtime -- init.scope AllowedCPUs=0-7,16-23
'';
stopHook = ''
# Debugging
# exec 19>/home/materus/stoplogfile
# BASH_XTRACEFD=19
# set -x
# exec 3>&1 4>&2
# trap 'exec 2>&4 1>&3' 0 1 2 3
# exec 1>/home/materus/stoplogfile.out 2>&1
sleep 1s
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
echo "15" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
echo "1" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind
echo ''$VIRSH_GPU_AUDIO > /sys/bus/pci/drivers/snd_hda_intel/bind
#echo "0" > /sys/devices/system/node/node1/hugepages/hugepages-2048kB/nr_hugepages
systemctl start mountWin10Share.service
systemctl set-property --runtime -- user.slice AllowedCPUs=0-31
systemctl set-property --runtime -- system.slice AllowedCPUs=0-31
systemctl set-property --runtime -- init.scope AllowedCPUs=0-31
'';
in
{
virtualisation.libvirtd.hooks.qemu = {
"win10" = pkgs.writeShellScript "win10.sh" ''
VIRSH_GPU_VIDEO="0000:03:00.0"
VIRSH_GPU_AUDIO="0000:03:00.1"
VIRSH_USB1="0000:10:00.0"
if [ ''$1 = "win10" ] || [ ''$1 = "win11" ]; then
if [ ''$2 = "prepare" ] && [ ''$3 = "begin" ]; then
${startHook}
fi
if [ ''$2 = "release" ] && [ ''$3 = "end" ]; then
${stopHook}
fi
fi
'';
};
systemd.services.mountWin10Share = {
wantedBy = [ "multi-user.target" ];
path = [ config.virtualisation.libvirtd.qemu.package pkgs.util-linux pkgs.kmod pkgs.coreutils ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
modprobe nbd max_part=16
sleep 1
qemu-nbd -c /dev/nbd0 /materus/data/VM/data.qcow2 --cache=unsafe --discard=unmap
sleep 1
mount /dev/nbd0p1 /materus/data/Windows -o uid=1000,gid=100
'';
preStop = ''
umount /materus/data/Windows
qemu-nbd -d /dev/nbd0
'';
};
}
-180
View File
@@ -1,180 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ pkgs, materusArg, config, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./services
./secrets
];
materus.profile.nix.enable = true;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
networking.hostName = "valkyrie"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = false;
# Set your time zone.
time.timeZone = "Europe/Warsaw";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "lat2-16";
keyMap = "pl";
useXkbConfig = false; # use xkbOptions in tty.
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = [
];
openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
shell = pkgs.zsh;
};
users.users.acme.openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/waffentrager.pub") ];
users.users.acme.shell = pkgs.scponly;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
nano
git
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.openFirewall = false;
services.openssh.settings.PermitRootLogin = "no";
services.openssh.settings.PasswordAuthentication = false;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
services.nginx = {
enable = true;
package = pkgs.tengine;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
'';
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "materus+acme@podkos.pl";
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
security.acme.defaults.dnsResolver = "9.9.9.9:53";
security.acme.certs."materus.pl" = {
domain = "materus.pl";
group = "nginx";
extraDomainNames = [ "*.materus.pl" ];
dnsProvider = "ovh";
};
security.acme.certs."podkos.pl" = {
domain = "podkos.pl";
group = "nginx";
extraDomainNames = [ "*.podkos.pl" ];
dnsProvider = "ovh";
};
security.acme.certs."podkos.xyz" = {
domain = "podkos.xyz";
group = "nginx";
extraDomainNames = [ "*.podkos.xyz" ];
dnsProvider = "ovh";
};
security.acme.certs."${materusArg.waffentrager.samba.domain}" = {
domain = materusArg.waffentrager.samba.domain;
extraDomainNames = [
"${materusArg.waffentrager.samba.netbiosName}.${materusArg.waffentrager.samba.domain}"
];
dnsProvider = "ovh";
};
}
@@ -1,47 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "floppy" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; };
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = true;
fileSystems."/" =
{
device = "/dev/disk/by-uuid/924b1a69-2256-444f-baf6-d2d9405e451d";
fsType = "ext4";
};
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [
{
device = "/swapfile";
size = 4 * 1024;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = false;
networking.nameservers = [ "9.9.9.9" "1.1.1.1" "8.8.8.8" ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}
@@ -1,17 +0,0 @@
{ ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = false;
nixpkgs.enable = false;
enableDesktop = false;
enableTerminal = false;
enableTerminalExtra = false;
enableNixDevel = false;
fish.enable = false;
bash.enable = true;
zsh.enable = true;
};
}
@@ -1,35 +0,0 @@
{ materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets.wireguard = { };
sops.secrets.discord-token = {};
sops.secrets.spotify-client-id = {};
sops.secrets.spotify-client-secret = {};
sops.secrets.youtube-api = {};
sops.secrets.certs = {};
sops.secrets.steamladder-api = {};
sops.secrets.webarchive-accesskey = {};
sops.secrets.webarchive-secretkey = {};
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -1,41 +0,0 @@
wireguard: ENC[AES256_GCM,data:i98U0ugxbNqWNuKR8u+mdWoSMLViHXfsWRBS1lvjb+hgGxveyzjBcagBIeY=,iv:/hF9oH2R6NSeHT/UQTlbmtx+gPX/3CJOLPNnxrzsY/g=,tag:2ub5w8uH2O1B2hoku8Kowg==,type:str]
discord-token: ENC[AES256_GCM,data:JQ/6MJvBlJpKzs/L0hFB1LPpQSfJvDdEB6YerVZyDqGo7plA0S5wORACgA88Dei1x1NGsXhYtiwT4vE9jjeCOlWXZdl1mA==,iv:BsDu1De0qLX/8VDiZ5co1q1LXxkz/Som9+hvm/67/xU=,tag:YO0wQNF3/AXbifpeAa935Q==,type:str]
spotify-client-id: ENC[AES256_GCM,data:WK7CJGw6mtIG3Jfp59cWx3ool4z1P09TvHcpbOQ2JV0=,iv:EaJ5ecXdmx0Ky+43xZITM811IOo4EisvPSyogXrJXng=,tag:NYTI4vLsWGa695CJ+TIgbw==,type:str]
spotify-client-secret: ENC[AES256_GCM,data:TnR+zLLklTfzMdR4woaZWuMVJQ9VIYsFM588GRO6WCY=,iv:cYiqw8ZdMgLeug4ptwPV3L+MeY6xIldfUBfiYg1mFD8=,tag:YDLh6BXFcBHnpdgM7e87wg==,type:str]
youtube-api: ENC[AES256_GCM,data:qmpFlFvudS9rXQfN+Th/UrPWCW0mg5GkpMucS/01AmOnlChqtojC,iv:q3bKwI2I6BNa3L9ezKCE1fWT/vZLiJ8uzug1z2z+TWA=,tag:gKG3HTz8jp2LAFh8e8O6sg==,type:str]
steamladder-api: ENC[AES256_GCM,data:m30o5atqugwqn/WbXGkUq5GvqiIKQT0kSRQCtHc1Gxk/dC3YcbDvMw==,iv:duLKl1NvysD0XMaUOkl/6nclMQB6seXcQYkGMrm7K7Y=,tag:9dw+UH10uAdca5fVdlw1Mg==,type:str]
webarchive-accesskey: ENC[AES256_GCM,data:jdKlHsZq2Dkk1BcBfUVv5g==,iv:BXCgPb/2W57PYXxRktInz1LxSEwlw6m3xnQU4TOPMeY=,tag:kK4+InaH7K4D4n1hyGaR+w==,type:str]
webarchive-secretkey: ENC[AES256_GCM,data:nuA9G5dNtrNfbcx0G/GUTg==,iv:RRuTm4kZr5dNjBt9Zvk/NVefHCZYODmRvWAqZizKGJY=,tag:J2V0Q3BzXNWifVVvAkwYyg==,type:str]
certs: ENC[AES256_GCM,data:ttmSNTTx51a3L2HTC8RnSphDLHO2OSyIgXQ0YpZGySTdu69mgEyhaiSi+IAXg/1AHKRjpFJgE4fhsLAiW78pNYb+Zg7aDL47YtABO99sTZrZnBxZo6k6itpZ3oClDch2ZALzoXChLroc0tUbZKwsfOwGe3pw9lOJZJT34AhV+BVoXDDLQcpQoxz23Baa8oxklecT6wpJ1u1nW+aAHw33gm41Vw==,iv:b0aNZwaRKBg+ipe5+19BowyFbCjZt52S738om6emYGo=,tag:lUqtcc4vVWKx/fnc19vj7A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1wscr6kv8393wv0fjaux8juplaxq55znlzrp62qyteq0fauu3yg0s7d7k98
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSRXNLdUZaVU13alNhVGgz
aXdMb3IzNjNQcHJFV2JLNVM2SUVBa3VNZlRFCkxxd21CTWVDUkVXbzR6ZEkxbm5J
VGorSkp6a2xSdHRHcFk5T3VYVlJJa0UKLS0tIE1WdHo5eTlpNEEyN25oSjk1KzdS
d2dMUUh1RDB3UnpEdFJsNHpQRXFWemMKc41dlOapTsvH91QLNhdPbrzerPFakOiX
J/uoZDMIhsmQxgQM7Fqxr05NywhI/ZjOtJS2bayp73O57xjjMYcyNQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-05T22:42:16Z"
mac: ENC[AES256_GCM,data:KSRGzHipb58uNYaRYXAy3y+D9cBG53RGxZpNrx2gy+CHbGtkUW1SWc4PPrBwBhb6+TN0vb1zHuOB4HK4Bys/jqmvGgVkO2VKj15MTFMpF5n6w0blFM7d5bCDydHAhvXEZA/PFWq97DTI1Zxb+N/HWJlefKCzYOHHWj7i4leKNjk=,iv:88Ekp0sjEo5UTBLUyYSrkP+MbIFcCmegclJIK3+0jOQ=,tag:H/ESeQhC1PEF00RiDnamyw==,type:str]
pgp:
- created_at: "2024-03-21T22:55:36Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdA667A9P/3ktuS2iEjxkv3aYMAGSu0oPGIX7dsC23VVgkw
OmcwhXxBnipcG+izbtNylXz5VonyyKHwdR2QIgkt9FEuC8lI17GHVyogTCFiP7Dj
1GgBCQIQN4EqFdiXqzJUeeE+PdOzVPs+1kStz+S1H22NjrJAFv67cbyIgwpItuXD
Sfao+MU1HWDY4iKZrcfWArUgpQj/pvsmUeJ72iXD3bkTTrK61g3GZA+g9lFewl/B
SORJMu9btS4GAw==
=aBMP
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
@@ -1,38 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable dcbot";
config =
let
cfg = config.valkyrieService.dcbot;
in
lib.mkIf cfg.enable {
sops.templates."dcbot.env".content = ''
TOKEN=${config.sops.placeholder.discord-token}
MAX_PLAYLIST_SIZE=100
PRUNING=false
LOCALE=pl
DEFAULT_VOLUME=100
STAY_TIME=30
'';
systemd.tmpfiles.rules = [
"d /var/lib/muse 0776 root root -"
];
virtualisation.oci-containers.containers.dcbot = {
image = "eritislami/evobot:latest";
volumes = [
];
environmentFiles = [
config.sops.templates."dcbot.env".path
];
};
};
}
@@ -1,17 +0,0 @@
{ config, pkgs, ... }:
{
imports =
[
./pleroma.nix
./pihole.nix
./dcbot.nix
./secureyoursoul.nix
];
services.adguardhome.enable = true;
valkyrieService.pihole.enable = false;
valkyrieService.pleroma.enable = true;
valkyrieService.dcbot.enable = true;
valkyrieService.secureyoursoul.enable = true;
}
@@ -1,56 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.pihole.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable pihole";
options.valkyrieService.pihole.dnsIP = lib.mkOption { default = "127.0.0.1"; };
options.valkyrieService.pihole.webIP = lib.mkOption { default = "127.0.0.1"; };
config =
let
cfg = config.valkyrieService.pihole;
dnsmasqConf = pkgs.writeText "02-dnsmasq-custom.conf" ''
no-hosts
'';
in
lib.mkIf config.valkyrieService.pihole.enable {
systemd.tmpfiles.rules = [
"d /var/lib/dnsmasq.d 0776 root root -"
"d /var/lib/pihole 0776 root root -"
"L+ /var/lib/dnsmasq.d/02-dnsmasq-custom.conf 0776 root root - ${dnsmasqConf}"
];
virtualisation.oci-containers.containers.pihole = {
image = "pihole/pihole:latest";
ports =
[
"${cfg.dnsIP}:53:53/tcp"
"${cfg.dnsIP}:53:53/udp"
"${cfg.webIP}:3000:80"
];
environment = {
TZ = "Europe/Warsaw";
FTLCONF_LOCAL_IPV4 = "127.0.0.1";
DNSMASQ_USER = "root";
VIRTUAL_HOST = "pi.hole";
PROXY_LOCATION = "pi.hole";
};
volumes = [
"/var/lib/pihole/:/etc/pihole/"
"/var/lib/dnsmasq.d:/etc/dnsmasq.d/"
"/nix/store:/nix/store"
];
extraOptions =
[
"--cap-add=NET_ADMIN"
"--dns=127.0.0.1"
"--dns=9.9.9.9"
"--hostname=pi.hole"
];
};
};
}
@@ -1,149 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
socketPath = "/run/pleroma/http.sock";
socketChmod = with pkgs; with lib; pkgs.writers.writeBashBin "pleroma-socket"
''
coproc {
${inotify-tools}/bin/inotifywait -q -m -e create ${escapeShellArg (dirOf socketPath)}
}
trap 'kill "$COPROC_PID"' EXIT TERM
until ${pkgs.coreutils}/bin/test -S ${escapeShellArg socketPath}
do read -r -u "''${COPROC[0]}"
done
${pkgs.coreutils}/bin/chmod 0666 ${socketPath}
'';
soapbox = pkgs.stdenv.mkDerivation rec {
pname = "soapbox";
version = "v3.2.0";
dontBuild = true;
dontConfigure = true;
src = pkgs.fetchurl {
name = "soapbox";
url = "https://gitlab.com/soapbox-pub/soapbox/-/jobs/artifacts/${version}/download?job=build-production";
sha256 = "sha256-AdW6JK7JkIKLZ8X+N9STeOHqmGNUdhcXyC9jsQPTa9o=";
};
nativeBuildInputs = [ pkgs.unzip ];
unpackPhase = ''
unzip $src -d .
'';
installPhase = ''
mv ./static $out
'';
};
in
{
options.valkyrieService.pleroma.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable pleroma";
config = lib.mkIf config.valkyrieService.pleroma.enable {
systemd.tmpfiles.rules = [
"d /var/lib/pleroma 0766 pleroma pleroma -"
"d /var/lib/pleroma/static 0766 pleroma pleroma -"
"d /var/lib/pleroma/uploads 0766 pleroma pleroma -"
"L+ /var/lib/pleroma/static/frontends/soapbox/${soapbox.version} 0766 pleroma pleroma - ${soapbox}"
];
services.nginx.virtualHosts."podkos.xyz" = {
http2 = true;
useACMEHost = "podkos.xyz";
forceSSL = true;
locations."/" = {
proxyPass = "http://unix:${socketPath}";
extraConfig = ''
etag on;
gzip on;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
if ($request_method = OPTIONS) {
return 204;
}
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy same-origin;
add_header X-Download-Options noopen;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
client_max_body_size 8m;
'';
};
};
systemd.services.pleroma.serviceConfig = {
RuntimeDirectory = "pleroma";
RuntimeDirectoryPreserve = true;
ExecStartPost = "${socketChmod}/bin/pleroma-socket";
ExecStopPost = ''${pkgs.coreutils}/bin/rm -f ${socketPath}'';
};
services.pleroma = {
enable = true;
secretConfigFile = "/var/lib/pleroma/secrets.exs";
configs = [
''
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "podkos.xyz", scheme: "https", port: 443],
http: [ip: {:local, "${socketPath}"}, port: 0]
config :pleroma, :instance,
name: "Podziemia Kosmosu",
email: "admin@podkos.xyz",
notify_email: "noreply@podkos.xyz",
limit: 5000,
registrations_open: false
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
socket: "/run/postgresql/.s.PGSQL.5432",
username: "pleroma",
database: "pleroma"
# Configure web push notifications
config :web_push_encryption, :vapid_details,
subject: "mailto:admin@podkos.x yz"
config :pleroma, :frontends,
primary: %{
"name" => "soapbox",
"ref" => "${soapbox.version}"
}
config :pleroma, :database, rum_enabled: false
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
config :pleroma, configurable_from_database: true
config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.AnonymizeFilename]
''
];
};
};
}
@@ -1,141 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.secureyoursoul.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable secureyoursoul, web archive";
config =
let
cfg = config.valkyrieService.secureyoursoul;
in
lib.mkIf cfg.enable {
systemd.timers.secureyoursoul-steam = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-1,7,14,21 3:00:00";
Persistent = true;
Unit = "secureyoursoul-steam.service";
};
};
systemd.timers.secureyoursoul-p1 = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-3,9,16,23 3:00:00";
Persistent = true;
Unit = "secureyoursoul-p1.service";
};
};
systemd.timers.secureyoursoul-p2 = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-5,11,18,25 3:00:00";
Persistent = true;
Unit = "secureyoursoul-p2.service";
};
};
systemd.services.secureyoursoul-steam = {
description = "Make curl requests to archive steam related things";
path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
STEAM_IDS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.steamids })
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks-steam })
steamladder() {
for id in ''${STEAM_IDS[@]}; do
curl -X POST -H "Authorization: Token ''$(cat ${config.sops.secrets.steamladder-api.path})" \
"https://steamladder.com/api/v1/profile/$id/"
done;
}
webarchive(){
for id in ''${STEAM_IDS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=https://steamcommunity.com/profiles/$id" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
for link in ''${EXTRA_LINKS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=$link" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
}
steamladder &
webarchive
wait
'';
};
systemd.services.secureyoursoul-p1 = {
description = "Make curl requests to archive related things";
path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks1 })
webarchive(){
for link in ''${EXTRA_LINKS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=$link" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
}
webarchive
'';
};
systemd.services.secureyoursoul-p2 = {
description = "Make curl requests to archive related things - part 2";
path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks2 })
webarchive(){
for link in ''${EXTRA_LINKS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=$link" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
}
webarchive
'';
};
};
}
@@ -1,155 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
materus.profile.nixpkgs.enable = true;
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
git
p7zip
unrar
bzip2
unzip
zstd
xz
zip
gzip
];
sound.enable = false;
boot.tmp.useTmpfs = true;
services.xserver.enable = false;
networking.hostName = "waffentrager";
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "no";
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPEDY+H8Hc/RSLE064AAh8IojvqxPd8BE5gec2aOfYMh materus@podkos.pl"
];
hashedPasswordFile = config.sops.secrets."users/materus".path;
shell = pkgs.zsh;
};
nix = {
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" "repl-flake" "no-url-literals" ];
trusted-users = [ "root" "@wheel" ];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE=" ];
};
};
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}
@@ -1,10 +0,0 @@
{ config, pkgs, materusCfg, ... }:
{
imports = [
materusCfg.configInputs.nixos-hardware.nixosModules.raspberry-pi-4
./configuration.nix
./secrets
./services
];
}
@@ -1,46 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernel.sysctl = {
"vm.swappiness" = 10;
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [{
device = "/var/.swapfile";
size = 8 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}
@@ -1,17 +0,0 @@
{ config, pkgs, lib, ... }:
{
home.stateVersion = "23.11";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = false;
nixpkgs.enable = false;
enableDesktop = false;
enableTerminal = false;
enableTerminalExtra = false;
enableNixDevel = false;
fish.enable = false;
bash.enable = true;
zsh.enable = true;
};
}
@@ -1,28 +0,0 @@
{ materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
sops.secrets.wireguard = { };
sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.elements = { };
sops.secrets.nextcloud-adminpass = { };
}
@@ -1,37 +0,0 @@
wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
nextcloud-adminpass: ENC[AES256_GCM,data:5vohRPEcJJ8gIRro38O73ufSYYEp1DXpBgjCPdPnMcg=,iv:STh3k5wUwx3AfSDTPCXhuXbPb3d+Vi1cAaQN2a9eW1w=,tag:Ef/Z2Idvl6575Jvs2GDJ8A==,type:str]
elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
users:
materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1j34lqh0z6ak2c94n564wgyjeykn9srma34f5e5e7xvf498fwk3rqxvwx0l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvejRrcGVwZHNkTVB5dkYr
RnhVVjNEblFVd0xXSStqdjFhWVVNS3ljUTNZCnBFVmRRVVVENGhJUVg2L1lSM1NO
dkQydVhOaFVxd0p0aFhVcmp6eXdGeVEKLS0tIFIvRDlvZDdsbm1USEZUZ3FYMmla
eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-12T11:21:33Z"
mac: ENC[AES256_GCM,data:TbWjHvrJAB55AjFsbOK/IPb7v4wzqL2JGLvnNTr+ah/c2brdlq6DWeAF2+HA3FpLRt2a0MajwMTCsconoe8hW6Am/WO0FJBoYlneLAl/RlAv7BYfyorTD/Vyp9am7ml5T3f2pdYdsw1k/5RSn1ulUg43vSgi5es5Co8CtzC5hPE=,iv:+V48Azrr9yArwqNi3POYh7QaRMfUreCf7Bmv7kjV9qo=,tag:HDcMMCnyfVQRHTQJZB0R3Q==,type:str]
pgp:
- created_at: "2024-03-21T18:15:00Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAWetrf0jhs/b9qcQc4b21+PJUPdSjk372BjokfwJ2oXQw
4LaIaNB3LRmY4FF3UOqk28NwkwBw6n0AzYKC/k1G4ntaNBMI9eDtFJ1c1+KkxSl2
1GYBCQIQMCKcu2aBEMiIGOyG08vcRW2T23DUAfTQqQdRKD/SgSTqAZLSICVJ91xU
TBsdiPBKO2cRDfPc7DlVLbPNe/SUqVUX9N4GTGPUocXc1s6lvgx3NBP5cGoSNx+A
xCmXl373IDc=
=uSyc
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
@@ -1,63 +0,0 @@
{ config, materusArg, lib, pkgs, ... }:
let
cfg = config.waffentragerService.auth;
in
{
options.waffentragerService.auth.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable auth";
imports =
[
./samba.nix
];
config = lib.mkIf cfg.enable
{
waffentragerService.elements.enable = true;
waffentragerService.nginx.enable = true;
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
systemd.services.resolvconf.enable = false;
networking.hosts = {
"${materusArg.ips.wireguard.waffentrager}" = [
materusArg.waffentrager.samba.domain
"${materusArg.waffentrager.samba.netbiosName}.${materusArg.waffentrager.samba.domain}"
materusArg.waffentrager.samba.netbiosName
];
};
environment.etc = {
resolvconf = {
text = ''
search ${materusArg.waffentrager.samba.domain}
nameserver ${materusArg.waffentrager.samba.dnsIp}
nameserver 9.9.9.9
'';
};
};
systemd.timers.rsync-acme = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1min";
OnUnitActiveSec = "1h";
Unit = "rsync-acme.service";
};
};
systemd.services.rsync-acme = {
description = "Sync acme for samba";
path = [ pkgs.rsync ];
requires = [ "var-lib-mnt_acme.mount" ];
after = [ "var-lib-mnt_acme.mount" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
rsync -avzr --chmod=0600 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/key.pem ${materusArg.waffentrager.samba.servicePath}/tls/
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/chain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/fullchain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
'';
};
};
}
@@ -1,91 +0,0 @@
{ materusArg, config, lib, pkgs, ... }:
{
config =
let
cfg = config.waffentragerService.auth;
sambaCfg = config.services.samba;
servicePath = materusArg.waffentrager.samba.servicePath;
smbToString = x:
if builtins.typeOf x == "bool"
then lib.boolToString x
else builtins.toString x;
shareConfig = name:
let share = lib.getAttr name cfg.shares; in
"[${name}]\n " + (smbToString (
map
(key: "${key} = ${smbToString (lib.getAttr key share)}\n")
(lib.attrNames share)
));
in
lib.mkIf cfg.enable {
systemd.services.samba-smbd.enable = false;
systemd.services.samba = {
description = "Samba Service Daemon";
requires = [ "rsync-acme.service" ];
after = [ "rsync-acme.service" ];
requiredBy = [ "samba.target" ];
partOf = [ "samba.target" ];
serviceConfig = {
ExecStart = "${pkgs.samba4Full}/sbin/samba --foreground --no-process-group";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
LimitNOFILE = 16384;
PIDFile = "/run/samba.pid";
Type = "notify";
NotifyAccess = "all";
};
unitConfig.RequiresMountsFor = servicePath;
};
# https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
networking.firewall.allowedTCPPorts = [ 139 445 389 88 53 464 636 3268];
networking.firewall.allowedUDPPorts = [ 135 137 138 389 88 53 123 464];
systemd.tmpfiles.rules = [
"d ${servicePath}/tls/ 0600 root 3000000 -"
"d ${servicePath}/private/ 0600 root 3000000 -"
"d ${servicePath}/lock/ 0600 root 3000000 -"
"d ${servicePath}/cache/ 0600 root 3000000 -"
];
services.samba = {
enable = true;
enableNmbd = false;
enableWinbindd = false;
package = pkgs.samba4Full;
configText = ''
# Global parameters
[global]
dns forwarder = ${materusArg.waffentrager.samba.dnsIp}
netbios name = ${materusArg.waffentrager.samba.netbiosName}
realm = ${lib.toUpper materusArg.waffentrager.samba.domain}
server role = active directory domain controller
workgroup = ${materusArg.waffentrager.samba.workgroup}
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = yes
private dir = ${servicePath}/private
lock dir = ${servicePath}/lock
state directory = ${servicePath}/lock
cache directory = ${servicePath}/cache
tls enabled = yes
tls keyfile = ${servicePath}/tls/key.pem
tls certfile = ${servicePath}/tls/fullchain.pem
tls cafile = ${servicePath}/tls/chain.pem
[sysvol]
path = ${servicePath}/sysvol
read only = No
[netlogon]
path = ${servicePath}/sysvol/${materusArg.waffentrager.samba.domain}/scripts
read only = No
${sambaCfg.extraConfig}
${smbToString (map shareConfig (lib.attrNames sambaCfg.shares))}
'';
};
};
}
@@ -1,20 +0,0 @@
{ ... }:
{
imports =
[
./elements.nix
./postgresql.nix
./mount-acme.nix
./gitea.nix
./nginx.nix
./nextcloud.nix
./auth
];
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.mount-acme.enable = true;
waffentragerService.gitea.enable = true;
waffentragerService.nginx.enable = true;
waffentragerService.nextcloud.enable = true;
waffentragerService.auth.enable = true;
}
@@ -1,40 +0,0 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.elements.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable elements drive";
options.waffentragerService.elements.path = lib.mkOption { default = "/var/lib/elements"; };
options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; };
options.waffentragerService.elements.postgresqlDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/postgresql"; };
options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
config =
let
cfg = config.waffentragerService.elements;
in
lib.mkIf cfg.enable {
systemd.services.elements-mount = {
description = "Decrypt and mount elements drive";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.cryptsetup pkgs.coreutils pkgs.util-linux ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
mkdir -p ${cfg.path}
cryptsetup luksOpen /dev/disk/by-uuid/${cfg.uuid} elements -d ${config.sops.secrets.elements.path}
mount /dev/mapper/elements ${cfg.path}
'' + lib.optionalString config.waffentragerService.postgresql.enable ''
mkdir -p ${cfg.postgresqlDir}/${config.waffentragerService.postgresql.version}
chown -R postgres:postgres ${cfg.postgresqlDir}
'' + lib.optionalString config.waffentragerService.nextcloud.enable ''
mkdir -p ${cfg.nextcloudDir}
chown -R nextcloud:nextcloud ${cfg.nextcloudDir}
''
;
preStop = ''
umount ${cfg.path}
cryptsetup luksClose elements
'';
};
};
}
@@ -1,62 +0,0 @@
{ materusArg, config, lib, ... }:
{
options.waffentragerService.gitea.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable gitea";
config =
let
cfg = config.waffentragerService.gitea;
in
lib.mkMerge
[
(lib.mkIf cfg.enable {
waffentragerService.postgresql.enable = true;
waffentragerService.elements.enable = true;
services.gitea.enable = true;
services.gitea.lfs.enable = true;
services.gitea.stateDir = "${config.waffentragerService.elements.path}/services/gitea";
services.gitea.settings.service.DISABLE_REGISTRATION = true;
services.gitea.settings.server.DOMAIN = "baka.materus.pl";
services.gitea.settings.server.ROOT_URL = lib.mkForce "https://baka.materus.pl/";
services.gitea.settings.server.PROTOCOL = "fcgi+unix";
services.gitea.settings.cors = {
ENABLED = true;
X_FRAME_OPTIONS = "ALLOW-FROM https://*.materus.pl/";
};
services.gitea.database.type = "postgres";
services.gitea.database.socket = "/var/run/postgresql/";
})
(lib.mkIf (cfg.enable && config.waffentragerService.nginx.enable) {
services.nginx.virtualHosts = {
"baka.materus.pl" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
locations."/" = {
extraConfig = ''
client_max_body_size 2G;
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_pass unix:/var/run/gitea/gitea.sock;
'';
};
};
};
}
)
];
}
@@ -1,20 +0,0 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.mount-acme.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable mount-acme";
config =
let
cfg = config.waffentragerService.mount-acme;
in
lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ sshfs ];
systemd.mounts = [{
description = "Mount remote acme dir from valkyrie";
what = "acme@valkyrie:/var/lib/acme";
where = "/var/lib/mnt_acme";
type = "fuse.sshfs";
options = "reconnect,gid=${builtins.toString config.ids.gids.nginx},_netdev,rw,nosuid,allow_other,default_permissions,follow_symlinks,idmap=user,compression=yes,identityfile=/materus/root/ssh_host_ed25519_key";
wantedBy = [ "multi-user.target" ];
}];
};
}
@@ -1,95 +0,0 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.nextcloud.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable nextcloud";
config =
let
cfg = config.waffentragerService.nextcloud;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.nginx.enable = true;
environment.systemPackages = [ pkgs.samba pkgs.exiftool pkgs.ffmpeg-headless ];
sops.secrets.nextcloud-adminpass.owner = config.users.users.nextcloud.name;
sops.secrets.nextcloud-adminpass.group = config.users.users.nextcloud.group;
services.postgresql.ensureDatabases = [ "nextcloud" ];
services.postgresql.ensureUsers = [{
name = "nextcloud";
ensureDBOwnership = true;
}];
services.nextcloud = {
enable = true;
notify_push.enable = true;
package = pkgs.nextcloud28;
hostName = "waffentrager.materus.pl";
home = config.waffentragerService.elements.nextcloudDir;
config.adminuser = "master";
config.adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
config.dbtype = "pgsql";
config.defaultPhoneRegion = "PL";
config.trustedProxies = [ materusArg.ips.valkyrie materusArg.ips.wireguard.valkyrie materusArg.ips.wireguard.waffentrager ];
extraAppsEnable = true;
maxUploadSize = "4G";
https = true;
enableImagemagick = true;
configureRedis = true;
webfinger = true;
appstoreEnable = true;
database.createLocally = true;
nginx.recommendedHttpHeaders = true;
extraApps = with pkgs.nextcloud28Packages.apps; {
inherit notify_push previewgenerator;
};
extraOptions = {
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
enable_previews = true;
preview_format = "webp";
enabledPreviewProviders = [
''OC\Preview\Movie''
''OC\Preview\PNG''
''OC\Preview\JPEG''
''OC\Preview\GIF''
''OC\Preview\BMP''
''OC\Preview\XBitmap''
''OC\Preview\MP3''
''OC\Preview\MP4''
''OC\Preview\TXT''
''OC\Preview\MarkDown''
''OC\Preview\PDF''
''OC\Preview\WebP''
''OC\Preview\OpenDocument''
''OC\Preview\Krita''
''OC\Preview\AVIF''
];
"overwrite.cli.url" = "https://${config.services.nextcloud.hostName}";
};
globalProfiles = true;
phpOptions = {
"opcache.memory_consumption" = "512";
"opcache.interned_strings_buffer" = "64";
"opcache.max_accelerated_files"="50000";
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "128M";
"opcache.validate_timestamps" = "0";
"opcache.revalidate_freq" = "0";
"opcache.fast_shutdown" = "1";
"opcache.save_comments" = "1";
};
phpExtraExtensions = ex: [ ex.zip ex.zlib ex.tidy ex.smbclient ];
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
http3 = true;
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
}
@@ -1,29 +0,0 @@
{ materusArg, config, lib, ... }:
{
options.waffentragerService.nginx.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable nginx";
config =
let
cfg = config.waffentragerService.nginx;
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
};
systemd.services.nginx = {
requires = [ "var-lib-mnt_acme.mount" ];
after = [ "var-lib-mnt_acme.mount" ];
serviceConfig = {
restart = "always";
restartSec = 60;
};
};
};
}
@@ -1,27 +0,0 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.postgresql.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable postgresql";
options.waffentragerService.postgresql.version = lib.mkOption { default = "16"; };
config =
let
cfg = config.waffentragerService.postgresql;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
services.postgresql.enable = true;
services.postgresql.package = pkgs."postgresql_${cfg.version}";
services.postgresql.dataDir = "${config.waffentragerService.elements.postgresqlDir}/${cfg.version}";
services.postgresql.enableJIT = true;
services.postgresql.authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 scram-sha-256
'';
systemd.services.postgresql = {
partOf = [ "elements-mount.service" ];
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
};
}
-26
View File
@@ -1,26 +0,0 @@
{ config, pkgs, lib, materusCfg, ... }:
let
materusArg = {
pkgs = (import materusCfg.nixerus { inherit pkgs; }) //
(if pkgs.system == "x86_64-linux" then { i686Linux = import materusCfg.nixerus { pkgs = pkgs.pkgsi686Linux; }; } else { });
cfg = materusCfg;
};
in
{
imports = [
./nixpkgs.nix
./packages
./private
];
options.materus.materusArg = lib.mkOption { default = { }; };
config._module.args.materusArg = config.materus.materusArg // materusArg;
config.assertions = [
{
assertion = materusCfg.materusFlake.decrypted;
message = "Repository not decrypted, use crypt.sh to decrypt";
}
];
}
-91
View File
@@ -1,91 +0,0 @@
{ config, pkgs, lib, materusArg, materusCfg, ... }:
let
mkBoolOpt = default: description: lib.mkOption {
inherit default;
inherit description;
type = lib.types.bool;
example = true;
};
cfg = config.materus.profile.nixpkgs;
in
{
options.materus.profile.nixpkgs.enable = mkBoolOpt false "Enable materus nixpkgs config";
options.materus.profile.nixpkgs.enableOverlays = mkBoolOpt (cfg.enable) "Enable materus overlays";
options.materus.profile.nix.enableRegistry = mkBoolOpt (!materusCfg.isHm) "Enable materus nix registry";
config.nixpkgs.config = lib.mkIf cfg.enable {
allowUnfree = lib.mkDefault true;
joypixels.acceptLicense = lib.mkDefault true;
};
config.nixpkgs.overlays = lib.mkIf cfg.enableOverlays [ materusArg.cfg.configInputs.emacs-overlay.overlay ];
config.nix.package = lib.mkDefault pkgs.nixUnstable;
config.nix.registry = lib.mkIf config.materus.profile.nix.enableRegistry {
nixpkgs-stable = {
from = { type = "indirect"; id = "nixpkgs-stable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs-stable;
};
nixpkgs-unstable = {
from = { type = "indirect"; id = "nixpkgs-unstable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs;
};
nixpkgs = {
from = { type = "indirect"; id = "nixpkgs"; };
flake = materusCfg.configInputs.nixpkgs;
};
emacs-overlay = {
from = { type = "indirect"; id = "emacs-overlay"; };
flake = materusCfg.configInputs.emacs-overlay;
};
flake-utils = {
from = { type = "indirect"; id = "flake-utils"; };
flake = materusCfg.configInputs.flake-utils;
};
nixos-hardware = {
from = { type = "indirect"; id = "nixos-hardware"; };
flake = materusCfg.configInputs.nixos-hardware;
};
nixerus = {
from = { type = "indirect"; id = "nixerus"; };
flake = materusCfg.configInputs.nixerus;
};
devshell = {
from = { type = "indirect"; id = "devshell"; };
flake = materusCfg.configInputs.devshell;
};
home-manager = {
from = { type = "indirect"; id = "home-manager"; };
flake = materusCfg.configInputs.home-manager;
};
sops-nix = {
from = { type = "indirect"; id = "sops-nix"; };
flake = materusCfg.configInputs.sops-nix;
};
base16 = {
from = { type = "indirect"; id = "base16"; };
flake = materusCfg.configInputs.base16;
};
git-agecrypt = {
from = { type = "indirect"; id = "git-agecrypt"; };
flake = materusCfg.configInputs.git-agecrypt;
};
nur = {
from = { type = "indirect"; id = "nur"; };
flake = materusCfg.configInputs.nur;
};
};
}
@@ -1,53 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
with materusArg.pkgs.lib;
{
imports = [
./fonts.nix
];
#Single Packages
options.materus.profile.packages.home-manager = mkPrivateVar materusArg.cfg.configInputs.home-manager.packages.${pkgs.system}.home-manager;
options.materus.profile.packages.firefox = mkPrivateVar (pkgs.firefox.override {
nativeMessagingHosts = [
pkgs.plasma-browser-integration
];
});
#Package Lists
options.materus.profile.packages.list.nixRelated = mkPrivateVar (with pkgs; [
nix-prefetch
nix-prefetch-scripts
nix-prefetch-github
nix-prefetch-docker
nixfmt
nix-top
nix-tree
nix-diff
nix-ld
nil
nixpkgs-fmt
nixpkgs-review
]);
options.materus.profile.packages.list.desktopApps = mkPrivateVar (with pkgs; [
(discord.override { nss = nss_latest; withOpenASAR = true; withTTS = true; })
tdesktop
mpv
ani-cli
obsidian
nextcloud-client
spotify
thunderbird
keepassxc
(aspellWithDicts (ds: with ds; [ en en-computers en-science pl ]))
onlyoffice-bin
]);
options.materus.profile.packages.list.terminalApps = mkPrivateVar (with pkgs; [
neofetch
ripgrep
fd
]);
}
@@ -1,35 +0,0 @@
{ pkgs, lib, ... }:
let
defaultFonts = [
pkgs.dejavu_fonts
pkgs.freefont_ttf
pkgs.gyre-fonts
pkgs.liberation_ttf
pkgs.unifont
];
fonts = [
pkgs.noto-fonts
pkgs.noto-fonts-extra
pkgs.noto-fonts-emoji
pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-cjk-serif
pkgs.wqy_zenhei
pkgs.corefonts
pkgs.hack-font
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
] ++ defaultFonts;
moreFonts = [
pkgs.ubuntu_font_family
pkgs.monocraft
(pkgs.nerdfonts.override { fonts = [ "DroidSansMono" "Meslo" "ProFont" "FiraCode"]; })
];
in
{
options.materus.profile.packages.list.fonts = lib.mkOption { default = fonts; readOnly = true; visible = false; };
options.materus.profile.packages.list.moreFonts = lib.mkOption { default = moreFonts; readOnly = true; visible = false; };
}
Binary file not shown.
-16
View File
@@ -1,16 +0,0 @@
{
osProfile = {
imports = [
./os
./common
];
};
homeProfile = {
imports = [
./common
./home
];
};
}
-25
View File
@@ -1,25 +0,0 @@
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.browser;
osConfig = (if (builtins.hasAttr "osConfig" config._module.args) then config._module.args.osConfig else null);
in
{
options = let mkBoolOpt = materusArg.pkgs.lib.mkBoolOpt; in {
materus.profile.browser.firefox.enable = mkBoolOpt false "Enable Firefox with materus cfg";
materus.profile.browser.vivaldi.enable = mkBoolOpt false "Enable Vivaldi with materus cfg";
materus.profile.browser.brave.enable = mkBoolOpt false "Enable Brave with materus cfg";
};
#TODO: Make some config
config = lib.mkMerge [{
home.packages = [
(lib.mkIf cfg.firefox.enable config.materus.profile.packages.firefox)
(lib.mkIf cfg.vivaldi.enable pkgs.vivaldi)
(lib.mkIf cfg.brave.enable pkgs.brave)
] ++ [ (lib.mkIf (osConfig != null && osConfig.materus.profile.browser.enable) osConfig.materus.profile.browser.package)];
}
];
}
-71
View File
@@ -1,71 +0,0 @@
{ config, lib, pkgs, materusArg, ... }:
let
packages = cfg.packages;
cfg = config.materus.profile;
in
{
imports = [
./fonts.nix
./browser.nix
./xdg.nix
./shell
./editor
./terminal
];
options.materus.profile.enableDesktop = materusArg.pkgs.lib.mkBoolOpt false "Enable settings for desktop";
options.materus.profile.enableTerminal = materusArg.pkgs.lib.mkBoolOpt true "Enable settings for terminal";
options.materus.profile.enableTerminalExtra = materusArg.pkgs.lib.mkBoolOpt false "Enable extra settings for terminal";
options.materus.profile.enableNixDevel = materusArg.pkgs.lib.mkBoolOpt false "Enable settings for nix devel";
config =
{
home.packages = (if cfg.enableDesktop then packages.list.desktopApps else [ ]) ++
(if cfg.enableNixDevel then packages.list.nixRelated else [ ]) ++
(if cfg.enableTerminal then packages.list.terminalApps else [ ]);
#Desktop
programs.feh.enable = lib.mkDefault cfg.enableDesktop;
#Terminal
programs.git = {
enable = lib.mkDefault cfg.enableTerminal;
package = lib.mkDefault pkgs.gitFull;
delta.enable = lib.mkDefault cfg.enableTerminal;
lfs.enable = lib.mkDefault cfg.enableTerminal;
};
programs.gitui.enable = cfg.enableTerminalExtra;
programs.nix-index = {
enable = lib.mkDefault cfg.enableTerminal;
enableBashIntegration = lib.mkDefault config.programs.bash.enable;
enableFishIntegration = lib.mkDefault config.programs.fish.enable;
enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
};
programs.direnv = {
enable = lib.mkDefault (cfg.enableTerminalExtra || cfg.enableNixDevel);
nix-direnv.enable = lib.mkDefault (cfg.enableNixDevel && (config.programs.direnv.enable == true));
enableBashIntegration = lib.mkDefault config.programs.bash.enable;
#enableFishIntegration = lib.mkDefault config.programs.fish.enable;
enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
};
programs.fzf = {
enable = lib.mkDefault cfg.enableTerminalExtra;
enableBashIntegration = lib.mkDefault config.programs.bash.enable;
enableFishIntegration = lib.mkDefault config.programs.fish.enable;
enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
};
programs.eza.enable = lib.mkDefault cfg.enableTerminalExtra;
programs.yt-dlp.enable = lib.mkDefault cfg.enableTerminalExtra;
};
}
@@ -1,17 +0,0 @@
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.editor.code;
in
{
options.materus.profile.editor.code.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable VSCodium with materus cfg";
options.materus.profile.editor.code.fhs.enable = materusArg.pkgs.lib.mkBoolOpt false "Use fhs vscodium";
options.materus.profile.editor.code.fhs.packages = lib.mkOption { default = (ps: [ ]); };
config = lib.mkIf cfg.enable {
programs.vscode = {
enable = lib.mkDefault true;
package = lib.mkDefault (if (cfg.fhs.enable) then (pkgs.vscodium.fhsWithPackages cfg.fhs.packages) else pkgs.vscodium);
mutableExtensionsDir = lib.mkDefault true;
};
materus.profile.fonts.enable = lib.mkDefault true;
};
}
@@ -1,8 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
./code.nix
./neovim.nix
./emacs
];
}
@@ -1,122 +0,0 @@
{ config, lib, pkgs, materusArg, ... }:
let
configPath = "${materusArg.cfg.path}" + "/extraFiles/config/emacs/";
inits = import ./init.nix { path = configPath; inherit pkgs; };
packages = epkgs: with epkgs; [
load-relative
elcord
persp-mode
dashboard
magit
helm
avy
corfu
vterm
centaur-tabs
projectile
company
clipetty
treemacs
treemacs-nerd-icons
treemacs-perspective
treemacs-icons-dired
treemacs-magit
treemacs-projectile
tree-edit
vertico
nerd-icons
nerd-icons-completion
perspective
minions
telephone-line
rainbow-delimiters
use-package
cmake-mode
lsp-mode
lsp-java
lsp-jedi
lsp-haskell
lsp-ui
lsp-treemacs
dap-mode
d-mode
multiple-cursors
org
org-rainbow-tags
org-roam
org-roam-ui
org-review
markdown-mode
json-mode
nix-mode
minimap
moe-theme
doom-themes
];
default-config = ''
(defvar materus/nix-packages t)
(defvar materus/init-from-home nil)
(unless materus/init-from-home
(message "Config loading not from homeDir, need \"materus/init-from-home\" variable in init.el")
${setNixInit}
${inits.initText}
)
'';
emacsPkgs = with pkgs;[
python3
lua
multimarkdown
git
];
cfg = config.materus.profile.editor.emacs;
setNixInit = ''
(setenv "PATH" (concat (getenv "PATH") ":${lib.makeBinPath emacsPkgs}"))
${builtins.concatStringsSep "\n" (builtins.map (x: "(setq exec-path (append exec-path '(\""+x+"/bin\")))" ) emacsPkgs)}
(call-process-shell-command "${pkgs.xorg.xmodmap}/bin/xmodmap -e \"keycode 66 = Hyper_L\" -e \"remove Mod4 = Hyper_L\" -e \"add Mod3 = Hyper_L\" &" nil 0)
'';
in
{
options.materus.profile.editor.emacs.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable emacs with materus cfg";
config = lib.mkIf cfg.enable {
home.activation.emacsCompile = lib.hm.dag.entryAfter [ "linkGeneration" ] ''
run ${config.programs.emacs.finalPackage}/bin/emacs --batch \
--eval '(setq warning-minimum-log-level :error)' \
--eval '(byte-compile-file "${config.xdg.configHome}/emacs/early-init.el")' \
--eval '(byte-compile-file "${config.xdg.configHome}/emacs/init.el")'
'';
xdg.configFile."emacs/init.el".text = ''
(defvar materus/nix-packages nil)
(defvar materus/init-from-home t)
(setq-default materus/init-from-home t)
${setNixInit}
${inits.initText}
'';
xdg.configFile."emacs/early-init.el".text = ''
${inits.earlyInitText}
'';
programs.emacs = {
enable = true;
package = with pkgs; lib.mkDefault materusArg.pkgs.emacs-materus;
extraPackages = epkgs: ((packages epkgs));
extraConfig = default-config;
};
};
}
@@ -1,17 +0,0 @@
{ path, pkgs }:
{
earlyInitText = ''
${builtins.readFile (path + "early-init.el")}
'';
initText = ''
(defvar materus/init-from-home nil)
(when materus/init-from-home
(setq-default inhibit-defaul-init 1)
)
(setq-default materus/nix-packages (require 'doom-themes nil 'noerror))
${builtins.readFile (path + "packages.el")}
${builtins.readFile (path + "init.el")}
'';
}
@@ -1,35 +0,0 @@
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.editor.neovim;
in
{
options.materus.profile.editor.neovim.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable neovim with materus cfg";
config = lib.mkIf cfg.enable {
programs.neovim = {
enable = true;
coc.enable = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
extraConfig = ''
set number
'';
plugins = with pkgs.vimPlugins;[
syntastic
vim-fugitive
vim-airline
vim-nix
nvim-fzf
nvim-treesitter.withAllGrammars
];
};
};
}
-13
View File
@@ -1,13 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
packages = config.materus.profile.packages;
cfg = config.materus.profile.fonts;
in
{
options.materus.profile.fonts.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable materus font settings";
config = lib.mkIf cfg.enable {
fonts.fontconfig.enable = lib.mkDefault true;
home.packages = packages.list.fonts;
};
}
@@ -1,20 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.bash;
in
{
options.materus.profile.bash.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminal "Enable materus bash config";
config = lib.mkIf cfg.enable {
programs.bash = {
enable = true;
enableCompletion = lib.mkDefault true;
enableVteIntegration = lib.mkDefault true;
historyControl = lib.mkDefault [ "erasedups" "ignorespace" ];
shellOptions = lib.mkDefault [ "autocd" "checkwinsize" "cmdhist" "expand_aliases" "extglob" "globstar" "checkjobs" "nocaseglob" ];
};
};
}
@@ -1,9 +0,0 @@
{
imports = [
./zsh.nix
./bash.nix
./fish.nix
./starship.nix
];
}
@@ -1,12 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.fish;
in
{
options.materus.profile.fish.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable materus fish config";
config = lib.mkIf cfg.enable {
programs.fish = {
enable = true;
};
};
}
@@ -1,48 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
profile = config.materus.profile;
cfg = config.materus.profile.starship;
in
{
options.materus.profile.starship.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus starship config";
config = lib.mkIf cfg.enable {
programs.starship.enable = true;
programs.starship.settings = {
python = {
symbol = " ";
};
format = "$username@$hostname$all";
right_format = "$cmd_duration $time";
time = {
disabled = false;
style = "bold bright-black";
format = "[$time]($style)";
};
line_break = { disabled = true; };
shell = {
disabled = false;
fish_indicator = "fish";
bash_indicator = "bash";
zsh_indicator = "zsh";
style = "blue bold";
};
hostname = {
ssh_only = false;
};
username = {
disabled = false;
show_always = true;
format = "[$user]($style)";
style_user = "white bold";
style_root = "black bold";
};
};
};
}
-189
View File
@@ -1,189 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
relToDotDir = file: (lib.optionalString (config.programs.zsh.dotDir != null) (config.programs.zsh.dotDir + "/")) + file;
pluginsDir =
if config.programs.zsh.dotDir != null then
relToDotDir "plugins" else "${config.home.homeDirectory}/.zsh/plugins";
p10kcfg = "${zshcfg}/p10kcfg";
zshcfg = "${materusArg.cfg.path}" + "/extraFiles/config/zsh";
cfg = config.materus.profile.zsh;
makeEnv = name: val: ''${name}=''${${name}:-"${val}"}'';
makeIfVar = var: val: ret: ''
if [[ "''$${var}" = "${val}" ]]; then
${ret}
fi
'';
makePlugin = nameArg: fileArg: srcArg: rec {
name = nameArg;
src = srcArg;
path = pluginsDir + "/" + name;
file = fileArg;
fullPath = path + "/" + file;
};
extraPlugins = {
powerlevel10k = makePlugin "powerlevel10k" "powerlevel10k.zsh-theme" (pkgs.fetchFromGitHub {
owner = "romkatv";
repo = "powerlevel10k";
rev = "v1.20.0";
sha256 = "sha256-ES5vJXHjAKw/VHjWs8Au/3R+/aotSbY7PWnWAMzCR8E=";
});
sudo = makePlugin "sudo" "sudo.plugin.zsh" "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/sudo";
extract = makePlugin "extract" "extract.plugin.zsh" "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/extract";
};
in
{
options.materus.profile.zsh.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable materus zsh config";
options.materus.profile.zsh.prompt = lib.mkOption {
type = lib.types.enum [ "p10k" ];
example = "p10k";
default = "p10k";
};
options.materus.profile.zsh.endConfig = lib.mkOption {
default = "";
description = "Zsh config after all of config";
type = lib.types.lines;
};
config = lib.mkIf cfg.enable {
home.packages = [
pkgs.ripgrep
];
home.file = lib.mkMerge [
(builtins.foldl' (a: b: a // b) { } (builtins.map (plugin: { ${plugin.path}.source = plugin.src; }) (builtins.attrValues extraPlugins)))
{ "${relToDotDir ".zshrc"}".text = lib.mkAfter cfg.endConfig; }
];
programs.zsh = {
enable = true;
enableAutosuggestions = true;
enableSyntaxHighlighting = true;
enableVteIntegration = true;
historySubstringSearch.enable = true;
historySubstringSearch.searchUpKey = "$key[Up]";
historySubstringSearch.searchDownKey = "$key[Down]";
envExtra = ''
${makeEnv "__MATERUS_HM_ZSH" "1"}
${makeEnv "__MATERUS_HM_ZSH_PROMPT" cfg.prompt}
${makeEnv "__MATERUS_HM_ZSH_PRIVATE" "0"}
'';
initExtraFirst = ''
${makeIfVar "__MATERUS_HM_ZSH_PROMPT" "p10k" ''
if [[ -r "''${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''${(%):-%n}.zsh" ]]; then
source "''${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''${(%):-%n}.zsh"
fi
if [[ -f "${extraPlugins.powerlevel10k.fullPath}" ]]; then
source "${extraPlugins.powerlevel10k.fullPath}"
fi
''
}
if zmodload zsh/terminfo && (( "$terminfo[colors]" >= "256" )); then
__MATERUS_HM_ZSH_256COLORS="''${__MATERUS_HM_ZSH_256COLORS:-1}"; else
__MATERUS_HM_ZSH_256COLORS="''${__MATERUS_HM_ZSH_256COLORS:-0}";
fi
if [[ -f "${extraPlugins.sudo.fullPath}" ]]; then
source "${extraPlugins.sudo.fullPath}"
fi
if [[ -f "${extraPlugins.extract.fullPath}" ]]; then
source "${extraPlugins.extract.fullPath}"
path+="${extraPlugins.extract.path}"
fpath+="${extraPlugins.extract.path}"
fi
'';
plugins = [
];
history = {
extended = true;
save = 100000;
size = 100000;
share = true;
ignoreDups = true;
ignoreAllDups = true;
ignoreSpace = true;
};
completionInit = ''
ZSH_COMPDUMP="''${ZSH_COMPDUMP:-''${XDG_CACHE_HOME:-${config.home.homeDirectory}/.cache}/.zcompdump-''${HOST}-''${ZSH_VERSION}}"
autoload -U compinit && compinit -d $ZSH_COMPDUMP
'';
initExtra = ''
if [[ "$__ETC_ZSHRC_SOURCED" != "1" ]]; then
. ${zshcfg}/zinputrc
fi
source ${zshcfg}/zshcompletion.zsh
history-substring-search-up-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-up
}
history-substring-search-down-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-down
}
zle -N history-substring-search-up-prefixed
zle -N history-substring-search-down-prefixed
bindkey -r "^["
bindkey "^[[1;5C" forward-word
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5A" history-substring-search-up-prefixed
bindkey "^[[1;5B" history-substring-search-down-prefixed
zsh-private() {
__MATERUS_HM_ZSH_PRIVATE=1 ${lib.getExe config.programs.zsh.package}
}
myip() {
${lib.getExe pkgs.wget} -qO- https://wtfismyip.com/text
}
speedtest() {
${lib.getExe pkgs.curl} -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | ${lib.getExe pkgs.python3}
}
'' +
makeIfVar "__MATERUS_HM_ZSH_PROMPT" "p10k" ''
if [[ "$__MATERUS_HM_ZSH_256COLORS" = "1" ]] ; then
[[ ! -f ${p10kcfg}/fullcolor.zsh ]] || source ${p10kcfg}/fullcolor.zsh
else
[[ ! -f ${p10kcfg}/compatibility.zsh ]] || source ${p10kcfg}/compatibility.zsh
fi
'' + makeIfVar "__MATERUS_HM_ZSH_PRIVATE" "1" ''
unset HISTFILE
${lib.optionalString config.programs.zsh.history.share "unsetopt SHARE_HISTORY"}
alias -- 'zsh'="__MATERUS_HM_ZSH_PRIVATE=0 zsh "
''
;
};
programs.starship.enableZshIntegration = lib.mkDefault false;
};
}
@@ -1,9 +0,0 @@
{...}:
{
imports = [
./wezterm.nix
./tmux.nix
];
}
@@ -1,20 +0,0 @@
{ materusArg, config, lib, ... }:
let
cfg = config.materus.profile.tmux;
in
{
options.materus.profile.tmux.enable = materusArg.pkgs.lib.mkBoolOpt true "Enable materus tmux config";
config = lib.mkIf cfg.enable
{
programs.tmux = {
enable = true;
clock24 = lib.mkDefault true;
aggressiveResize = lib.mkDefault true;
escapeTime = lib.mkDefault 0;
historyLimit = lib.mkDefault 10000;
mouse = lib.mkDefault true;
terminal = lib.mkDefault "tmux-256color";
};
};
}
@@ -1,45 +0,0 @@
{ config, lib, materusArg, pkgs, ... }:
let
cfg = config.materus.profile.wezterm;
zshCfg = ''
source "${config.programs.wezterm.package}/etc/profile.d/wezterm.sh"
'';
in
{
options.materus.profile.wezterm.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable materus wezterm config";
options.materus.profile.wezterm.enableHackFont = materusArg.pkgs.lib.mkBoolOpt true "Enable hack nerd font for wezterm";
options.materus.profile.wezterm.enableWezcraft = materusArg.pkgs.lib.mkBoolOpt true "Enable alias to start wezcraft with monocraft font";
options.materus.profile.wezterm.extraConfig = lib.mkOption {
default = "";
description = "Config for wezterm";
type = lib.types.lines;
};
config = lib.mkIf cfg.enable
{
programs.wezterm.enable = true;
programs.wezterm.colorSchemes = { };
programs.wezterm.enableZshIntegration = false;
programs.wezterm.extraConfig = ''
package.path = package.path .. ";${materusArg.cfg.path}/extraFiles/config/wezterm/?.lua"
require("wezterm_config");
local config = materus_wezterm_config();
${lib.optionalString cfg.enableHackFont "config.font = wezterm.font 'Hack Nerd Font';"}
${cfg.extraConfig}
return config;
'';
home.packages = [
(lib.mkIf cfg.enableHackFont (pkgs.nerdfonts.override {
fonts = [ "Hack" ];
}))
(lib.mkIf cfg.enableWezcraft (pkgs.monocraft))
(lib.mkIf cfg.enableWezcraft (pkgs.writeShellScriptBin "wezcraft" ''
${lib.getExe config.programs.wezterm.package} --config font="wezterm.font 'Monocraft Nerd Font'" $@
''))
];
materus.profile.zsh.endConfig = lib.optionalString cfg.enableWezcraft zshCfg;
};
}
-40
View File
@@ -1,40 +0,0 @@
{ config, lib, materusArg, pkgs, ... }:
{
options.materus.profile.xdg =
{
enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable xdg settings";
};
config =
let
cfg = config.materus.profile.xdg;
in
lib.mkIf cfg.enable {
xdg.enable = true;
xdg.userDirs.enable = lib.mkDefault true;
xdg.userDirs.createDirectories = lib.mkDefault config.xdg.userDirs.enable;
xdg.userDirs.desktop = lib.mkDefault "${config.home.homeDirectory}/Pulpit";
xdg.userDirs.documents = lib.mkDefault "${config.home.homeDirectory}/Dokumenty";
xdg.userDirs.download = lib.mkDefault "${config.home.homeDirectory}/Pobrane";
xdg.userDirs.music = lib.mkDefault "${config.xdg.userDirs.extraConfig.XDG_AUDIO_DIR}/Muzyka";
xdg.userDirs.pictures = lib.mkDefault "${config.home.homeDirectory}/Obrazy";
xdg.userDirs.publicShare = lib.mkDefault "${config.home.homeDirectory}/Publiczny";
xdg.userDirs.templates = lib.mkDefault "${config.home.homeDirectory}/Szablony";
xdg.userDirs.videos = lib.mkDefault "${config.home.homeDirectory}/Wideo";
xdg.userDirs.extraConfig = {
XDG_MISC_DIR = lib.mkDefault "${config.home.homeDirectory}/Inne";
XDG_PIC_SCREENSHOTS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zrzuty ekranu";
XDG_PIC_MEMES_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Memy";
XDG_PIC_MISC_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Inne";
XDG_PIC_PHOTOS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zdjęcia";
XDG_PIC_AVATARS_DIR = "${config.xdg.userDirs.pictures}/Avatar";
XDG_AUDIO_DIR = lib.mkDefault "${config.home.homeDirectory}/Audio";
XDG_KEYS_DIR = lib.mkDefault "${config.xdg.userDirs.documents}/Klucze";
};
};
}
-29
View File
@@ -1,29 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
./nix.nix
./fonts.nix
./shell
./games
./desktop
];
time.timeZone = lib.mkDefault "Europe/Warsaw";
i18n.defaultLocale = lib.mkDefault "pl_PL.UTF-8";
console = {
enable = lib.mkDefault true;
earlySetup = lib.mkDefault true;
font = lib.mkDefault "LatArCyrHeb-16";
keyMap = lib.mkDefault "pl";
};
programs.tmux = {
enable = lib.mkDefault true;
clock24 = lib.mkDefault true;
};
environment.systemPackages = lib.mkIf config.programs.tmux.enable [ pkgs.tmux.terminfo ];
}
@@ -1,24 +0,0 @@
{ materusArg, config, pkgs, lib, ... }:
let
cfg = config.materus.profile.browser;
in
{
options.materus.profile.browser.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus default browser config";
options.materus.profile.browser.default = lib.mkOption {
type = lib.types.enum [ "firefox" "brave" "vivaldi" ];
example = "vivaldi";
default = "brave";
};
options.materus.profile.browser.package = materusArg.pkgs.lib.mkPrivateVar
(if (cfg.default == "firefox") then config.materus.profile.packages.firefox else
if (cfg.default == "vivaldi") then pkgs.vivaldi else
if (cfg.default == "brave") then pkgs.brave else { });
config = lib.mkIf cfg.enable {
environment.systemPackages = [
config.materus.profile.browser.package
];
};
}
@@ -1,6 +0,0 @@
{
imports = [
./browser.nix
];
}
-24
View File
@@ -1,24 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
packages = config.materus.profile.packages;
cfg = config.materus.profile.fonts;
in
{
options.materus.profile.fonts.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus font settings for OS";
config = lib.mkIf cfg.enable {
fonts.packages = packages.list.fonts ++ packages.list.moreFonts;
fonts.enableDefaultPackages = lib.mkDefault true;
fonts.fontconfig.enable = lib.mkDefault true;
fonts.fontconfig.cache32Bit = lib.mkDefault true;
fonts.fontconfig.defaultFonts.sansSerif = [ "Noto Sans" "DejaVu Sans" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.serif = [ "Noto Serif" "DejaVu Serif" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.emoji = [ "Noto Color Emoji" "OpenMoji Color" ];
fonts.fontconfig.defaultFonts.monospace = [ "Hack Nerd Font" "Noto Sans Mono" "WenQuanYi Zen Hei Mono" ];
fonts.fontDir.enable = lib.mkDefault true;
};
}
@@ -1,6 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./steam.nix
];
}
-115
View File
@@ -1,115 +0,0 @@
{ config, pkgs, lib, materusArg, inputs, ... }:
let
steamPkg = pkgs.steam.override {
extraPkgs = pkgs: [
pkgs.libdecor
pkgs.obs-studio-plugins.obs-vkcapture
pkgs.steamcmd
pkgs.nss_latest
pkgs.libstrangle
pkgs.libkrb5
pkgs.keyutils
pkgs.libGL
pkgs.libglvnd
pkgs.gamescope
pkgs.steamPackages.steam
pkgs.libxcrypt
pkgs.gnutls
pkgs.xorg.libXcursor
pkgs.xorg.libXi
pkgs.xorg.libXinerama
pkgs.xorg.libXScrnSaver
pkgs.xorg.xinput
pkgs.xorg.xcbutilwm
pkgs.xorg.xcbutilimage
pkgs.xorg.xcbutilkeysyms
pkgs.xorg.xcbutilerrors
pkgs.xorg.xcbutilrenderutil
pkgs.xorg.xcbutil
pkgs.xorg.xwininfo
pkgs.yad
pkgs.xdotool
pkgs.libinput
pkgs.openvdb
pkgs.openssl
pkgs.tbb
pkgs.gtk4
pkgs.gtk3
pkgs.glib
pkgs.gsettings-desktop-schemas
pkgs.fuse
pkgs.samba4Full
pkgs.tdb
pkgs.jbig2enc
pkgs.jbig2dec
pkgs.vivaldi
pkgs.x264.lib
pkgs.steamtinkerlaunch
pkgs.pipewire
pkgs.gitFull
pkgs.git-lfs
] ++ config.materus.profile.packages.list.fonts ++ config.materus.profile.steam.extraPkgs;
extraLibraries = pkgs: [
pkgs.libkrb5
pkgs.keyutils
pkgs.ncurses6
pkgs.xorg.xinput
pkgs.libinput
pkgs.fontconfig
pkgs.libxcrypt
pkgs.gnutls
pkgs.samba
pkgs.tdb
pkgs.jemalloc
pkgs.gperftools
] ++
(with config.hardware.opengl; if pkgs.hostPlatform.is64bit
then [ package ] ++ extraPackages
else [ package32 ] ++ extraPackages32);
extraEnv = config.materus.profile.steam.extraEnv;
};
cfg = config.materus.profile.steam;
in
{
options.materus.profile.steam.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus steam settings for OS";
options.materus.profile.steam.package = lib.mkOption {
type = lib.types.package;
default = steamPkg;
description = "Package used by steam";
};
options.materus.profile.steam.extraPkgs = lib.mkOption {
default = [ ];
description = "Extra packages for steam";
};
options.materus.profile.steam.extraEnv = lib.mkOption {
default = { };
description = "Extra Env for steam";
};
config = lib.mkIf cfg.enable {
hardware.steam-hardware.enable = lib.mkDefault true;
materus.profile.steam.extraEnv = {
XDG_DATA_DIRS = "/usr/share:\${XDG_DATA_DIRS}";
OBS_VKCAPTURE = "1";
};
programs.steam = {
enable = lib.mkDefault true;
dedicatedServer.openFirewall = lib.mkDefault true;
remotePlay.openFirewall = lib.mkDefault true;
};
environment.sessionVariables = rec {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = lib.mkDefault "\${HOME}/.steam/root/compatibilitytools.d";
};
environment.systemPackages = [
steamPkg
steamPkg.run
];
};
}
-22
View File
@@ -1,22 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.nix;
in
{
options.materus.profile.nix.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus nix settings";
config.nix = lib.mkIf cfg.enable {
settings = {
experimental-features = [ "nix-command" "flakes" "repl-flake" "no-url-literals" ];
auto-optimise-store = true;
trusted-users = [ "root" "@wheel" ];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE=" ];
};
};
}
@@ -1,7 +0,0 @@
{
imports = [
./zsh.nix
];
}
-22
View File
@@ -1,22 +0,0 @@
{materusArg, config, pkgs, lib, ...}:
let
cfg = config.materus.profile.zsh;
in
{
options.materus.profile.zsh.enable = materusArg.pkgs.lib.mkBoolOpt true "Enable materus system zsh config";
config = lib.mkIf cfg.enable {
users.defaultUserShell = pkgs.zsh;
environment.shells = [ pkgs.zsh ];
programs.zsh = {
enable = true;
enableGlobalCompInit=false;
interactiveShellInit = ''
if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then
source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
fi
'';
promptInit = ''
'';
};
};
}
-5
View File
@@ -1,5 +0,0 @@
{ inputs, materusFlake, ... }:
let
genHomes = import ./genHomes.nix { inherit inputs; inherit materusFlake; };
in
genHomes "materus"
-56
View File
@@ -1,56 +0,0 @@
{ inputs, materusFlake, ... }:
let
profiles = import (materusFlake.selfPath + "/configurations/profile");
hosts = builtins.attrNames materusFlake.nixosConfigurations;
genHomes = username:
let
#Make host specific user profile "username@host"
_list = builtins.map (host: username + "@" + host) hosts;
_for = i: (
let len = builtins.length hosts; in
([{
name = builtins.elemAt _list i;
value = let host = builtins.elemAt hosts i; in
materusFlake.nixosConfigurations.${host}.materusCfg.hm.lib.homeManagerConfiguration {
pkgs = materusFlake.nixosConfigurations.${host}.pkgs;
extraSpecialArgs = { materusCfg = materusFlake.nixosConfigurations.${host}.materusCfg // { isHm = true; }; };
modules = [
(materusFlake.selfPath + "/configurations/shared/home/${username}")
(materusFlake.selfPath + "/configurations/host/${host}/home/${username}")
profiles.homeProfile
materusFlake.nixosConfigurations.${host}.materusCfg.configInputs.sops-nix.homeManagerModules.sops
];
};
}]
++ (if ((i + 1) < len) then _for (i + 1) else [ ]))
);
in
(builtins.listToAttrs (_for 0)) // {
#Make generic x86_64-linux user profile "username"
${username} =
let
materusCfg = {
stable = false;
inherit materusFlake;
host = "Generic";
hm = inputs.configInputs.home-manager;
hmAsModule = false;
nixerus = inputs.configInputs.nixerus;
configInputs = inputs.configInputs;
path = materusFlake.selfPath;
isHm = true;
};
in
inputs.configInputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs { system = "x86_64-linux"; config = { allowUnfree = true; }; };
extraSpecialArgs = { inherit materusCfg; };
modules = [
./${username}
profiles.homeProfile
materusCfg.configInputs.sops-nix.homeManagerModules.sops
];
};
};
in
genHomes
@@ -1,15 +0,0 @@
{ config, pkgs, lib, ... }:
{
home.username = "materus";
home.packages = [ ];
programs.git.signing.key = lib.mkDefault "28D140BCA60B4FD1";
programs.git.userEmail = lib.mkDefault "materus@podkos.pl";
programs.git.userName = lib.mkDefault "materus";
home.stateVersion = lib.mkDefault "23.05";
home.homeDirectory = lib.mkDefault "/home/materus";
programs.home-manager.enable = lib.mkDefault true;
}

Some files were not shown because too many files have changed in this diff Show More