52 Commits

Author SHA1 Message Date
materus b7086ad070 waffentrager: update 2026-06-27 15:16:35 +02:00
materus 506c6844a8 materusPC: updates 2026-06-27 15:16:23 +02:00
materus 80f1b5e177 common: update config 2026-06-27 15:15:59 +02:00
materus 9fcfab613d flake: update lock 2026-06-27 15:15:37 +02:00
materus fb653eb0f4 waffentrager: init 2026-06-24 00:06:21 +02:00
materus 29adb6e6b0 valkyrie: some changes 2026-06-23 16:42:16 +02:00
materus 0c8f567a7e valkyrie: init 2026-06-23 12:13:21 +02:00
materus f89ff639c7 oldie: add samba 2026-06-21 14:51:00 +02:00
materus 1aa560a248 common: zprofile load home-manager profile.d 2026-06-21 09:04:13 +02:00
materus 9b7da5e109 oldie: add data folder 2026-06-20 23:18:25 +02:00
materus 1035825618 oldie: test searxng 2026-06-20 18:19:19 +02:00
materus f40403e725 oldie/materusPC: add waypipe and tmux 2026-06-19 14:53:27 +02:00
materus 481bfdde77 oldie/materusPC: KDE config 2026-06-19 13:30:34 +02:00
materus ac43221eec common: restructure config, update tmux and wezterm 2026-06-18 17:29:42 +02:00
materus a485b83e49 materusPC: More wezterm things 2026-06-16 22:07:39 +02:00
materus 6197a64c4a common: tmux config 2026-06-16 21:54:12 +02:00
materus 38afb1aa4f materusPC: Add wezterm to home-manager 2026-06-16 21:53:59 +02:00
materus 5a7e4a5020 materusPC: Update inputMethod
common: override path in default.nix
2026-06-15 22:49:36 +02:00
materus e37d2bb716 materusPC: replace sddm with plasma-login 2026-06-15 22:05:43 +02:00
materus 76b54b8800 common: init wezterm 2026-06-14 13:02:33 +02:00
materus 33dcdb8c61 common: zsh alias for eza 2026-06-14 11:14:57 +02:00
materus 640907f9e1 common: zsh changes 2026-06-14 10:39:13 +02:00
materus 5440b8aaf2 oldie: tmux 2026-06-14 09:38:07 +02:00
materus 65f9c1bb9d oldie: more updates 2026-06-14 09:07:33 +02:00
materus 71710a3aa0 oldie: init secrets, connect to wireguard 2026-06-13 23:14:06 +02:00
materus 0c4725063c oldie: add vivaldi to home 2026-06-13 22:57:46 +02:00
materus 1401ddc71c Init oldie PC (Old-materusPC previously) 2026-06-13 22:45:05 +02:00
materus bc3fa6788b User vim.plug instead of lazy 2026-06-13 14:00:56 +02:00
materus 9afcf62bf3 Zsh - Move MSYS to zshrc 2026-06-10 11:40:00 +02:00
materus c159b6dfdd Zsh completions changes 2026-06-10 11:36:26 +02:00
materus 5f753f2050 Update to 26.05 2026-06-09 17:40:53 +02:00
materus 791e88e8a5 Update flake.lock 2026-06-09 00:00:41 +02:00
materus 9cc357c618 Update VSCodium config 2026-06-09 00:00:26 +02:00
materus 4d38367fdb materusPC: Use nftables 2026-05-15 17:06:12 +02:00
materus 8f3b2266d3 Update flake, add flake registry, fix xhost, others 2026-04-11 19:33:39 +02:00
materus 9292f61a3f Neovim: Fix treesitter on non-nix 2026-04-04 07:55:24 +02:00
materus 3afafba3ce wake on lan udev, SSH initrd, flake lock update, TODO nix settings 2026-04-03 23:16:53 +02:00
materus d51b13294c VSCodium settings update 2026-04-02 14:02:23 +02:00
materus 32e6adb6e3 Use dracula theme 2026-04-01 18:27:42 +02:00
materus e916b8ca78 Add theia to .gitignore. VSCodium config. neovim theme change 2026-04-01 17:43:05 +02:00
materus 7a2647d5ae Add more neovim plugins 2026-03-25 21:18:58 +01:00
materus ec3cac1c98 Add neovim plugins 2026-03-25 21:03:57 +01:00
materus 8eb8d54d93 Update system. Changes in neovim config 2026-03-25 20:16:21 +01:00
materus bf522e0b25 Neovim: Add suda 2026-03-21 23:01:29 +01:00
materus 6db3e9995c Neovim: Treesitter, indent config 2026-03-21 20:46:29 +01:00
materus a0af6e0844 Change tab size and tab to spaces in nvim 2026-03-21 19:52:35 +01:00
materus 7111005253 Add nvim aliases to zsh 2026-03-21 10:36:26 +01:00
materus 1cecb465c2 Use system clipboard in neovim 2026-03-20 12:02:20 +01:00
materus 8b9b884bc3 Move neovide out of nvim nix 2026-03-20 08:39:34 +01:00
materus 576b955023 Neovim init config. Formatting. Updates. 2026-03-20 08:35:04 +01:00
materus bd10321f19 materusPC: Init new config 2026-02-08 10:52:41 +01:00
materus e31a724c4b Add 1 git-crypt collaborator
New collaborators:

    090B38BD59460ADC381FB1221542894AB75B790D
        Mateusz "materus" Słodkowicz (materus.pl) <materus@podkos.pl>
2026-02-08 10:51:05 +01:00
167 changed files with 4594 additions and 4409 deletions
+3 -1
View File
@@ -1 +1,3 @@
\#*\#
\#*\#
.vscode
.theia
-18
View File
@@ -1,18 +0,0 @@
# nixos-config
My NixOS and home-manager configs.
Dotfiles and helper scripts.
Not all config is here, some I keep in private flake.
## Hosts
materusPC - my main PC
Old-materusPC - my old PC, barely used
flamaster - my laptop, used mostly as server for games.
valkyrie - VPS, my website and pleroma instance
waffentrager - raspberry pi4, home server
+2
View File
@@ -0,0 +1,2 @@
MATERUS = {}
require("materus")
+32
View File
@@ -0,0 +1,32 @@
vim.opt.number = true
vim.opt.expandtab = true
vim.opt.cursorline = true
vim.opt.shiftwidth = 2
vim.opt.softtabstop = 2
vim.opt.tabstop = 2
vim.opt.clipboard:append { 'unnamed', 'unnamedplus' }
--vim.g.cord_defer_startup = true
vim.pack.add({
"https://github.com/nvim-lua/plenary.nvim",
"https://github.com/muniftanjim/nui.nvim",
"https://github.com/nvim-tree/nvim-web-devicons",
"https://github.com/lewis6991/gitsigns.nvim",
"https://github.com/mofiqul/dracula.nvim",
"https://github.com/hrsh7th/nvim-cmp",
"https://github.com/neovim/nvim-lspconfig",
"https://github.com/stevearc/oil.nvim",
"https://github.com/nvim-mini/mini.icons",
"https://github.com/nvim-neo-tree/neo-tree.nvim",
"https://github.com/romgrk/barbar.nvim",
"https://github.com/nvim-telescope/telescope.nvim",
"https://github.com/lambdalisue/vim-suda",
"https://github.com/dstein64/nvim-scrollview",
"https://github.com/vyfor/cord.nvim"
})
vim.cmd.colorscheme("dracula")
if vim.fn.executable("tree-sitter") == 1 and MATERUS.NIXOS ~= 1 then
end
+6
View File
@@ -0,0 +1,6 @@
__HOME_ZPROFILE_SOURCED=1
[[ -f "$ZSH_DATA_DIR/nix_profile.sh" ]] && source "$ZSH_DATA_DIR/nix_profile.sh"
[[ -f "/etc/profile" ]] && emulate sh -c "source /etc/profile"
[[ -f "~/.profile" ]] && emulate sh -c "source ~/.profile"
+141
View File
@@ -0,0 +1,141 @@
__HOME_ZSHRC_SOURCED=1
if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then
source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh"
fi
bindkey -e
if [ -n "$EAT_SHELL_INTEGRATION_DIR" ]; then
source "$EAT_SHELL_INTEGRATION_DIR/zsh";
fi
#Check if terminal is fullcolor
if zmodload zsh/terminfo && (( "$terminfo[colors]" >= "256" )); then
__MATERUS_ZSH_256COLORS="${__MATERUS_ZSH_256COLORS:-1}"; else
__MATERUS_ZSH_256COLORS="${__MATERUS_ZSH_256COLORS:-0}";
fi
#MSYS
if [[ "$(uname -s)" =~ ^MSYS_NT.* ]]; then
#Use windows symlink instead copy
MSYS=winsymlinks:nativestrict
fi
#region Plugins
# Clone plugins if not exists
[ -d $ZSH_DATA_DIR/plugins/powerlevel10k ] || git clone https://github.com/romkatv/powerlevel10k $ZSH_DATA_DIR/plugins/powerlevel10k
[ -d $ZSH_DATA_DIR/plugins/zsh-syntax-highlighting ] || git clone https://github.com/zsh-users/zsh-syntax-highlighting.git $ZSH_DATA_DIR/plugins/zsh-syntax-highlighting
[ -d $ZSH_DATA_DIR/plugins/zsh-history-substring-search ] || git clone https://github.com/zsh-users/zsh-history-substring-search.git $ZSH_DATA_DIR/plugins/zsh-history-substring-search
[ -d $ZSH_DATA_DIR/plugins/zsh-autosuggestions ] || git clone https://github.com/zsh-users/zsh-autosuggestions $ZSH_DATA_DIR/plugins/zsh-autosuggestions
source ${ZSH_DATA_DIR}/plugins/powerlevel10k/powerlevel10k.zsh-theme
source ${ZSH_DATA_DIR}/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
source ${ZSH_DATA_DIR}/plugins/zsh-history-substring-search/zsh-history-substring-search.zsh
source ${ZSH_DATA_DIR}/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh
#endregion
#region SUBSTRING SEARCH
history-substring-search-up-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-up
}
history-substring-search-down-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-down
}
zle -N history-substring-search-up-prefixed
zle -N history-substring-search-down-prefixed
#endregion
#region Init Variables
export SAVEHIST=100000
export HISTSIZE=$SAVEHIST
export ZSH_PRIVATE=${ZSH_PRIVATE:-0}
mkdir -p $ZSH_DATA_DIR
mkdir -p $ZSH_DATA_DIR/plugins
# Load config generated by nix
[[ -f "$ZSH_DATA_DIR/nix.sh" ]] && source "$ZSH_DATA_DIR/nix.sh"
setopt HIST_SAVE_NO_DUPS
setopt HIST_IGNORE_SPACE
setopt HIST_IGNORE_DUPS
setopt HIST_IGNORE_ALL_DUPS
setopt EXTENDED_HISTORY
# Private history mode
if [[ $ZSH_PRIVATE == 1 ]] then
export HISTFILE="/dev/null";
unsetopt SHARE_HISTORY;
else
export HISTFILE="$ZSH_DATA_DIR/zsh_history";
setopt SHARE_HISTORY;
fi
#endregion
#region Bindings
source ${ZSH_CONFIG_DIR}/extra/zinputrc
bindkey -r "^["
bindkey "^[[1;5C" forward-word
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5A" history-substring-search-up-prefixed
bindkey "^[[1;5B" history-substring-search-down-prefixed
bindkey "$key[Up]" history-substring-search-up
bindkey "$key[Down]" history-substring-search-down
bindkey '^[[3~' delete-char
bindkey '^[[3;2~' delete-word
#endregion
#region Completions
ZSH_COMPDIR="${ZSH_COMPDIR:-${XDG_CACHE_HOME:-${HOME}/.cache}/zsh}"
ZSH_COMPDUMP="${ZSH_COMPDUMP:-${ZSH_COMPDIR}/.zcompdump-${HOST}-${ZSH_VERSION}}"
if [[ ! -d ${ZSH_COMPDIR} ]]; then
command mkdir -p "${ZSH_COMPDIR}"
fi
autoload -U compinit && compinit -d $ZSH_COMPDUMP
source ${ZSH_CONFIG_DIR}/extra/zshcompletion.zsh
#endregion
#region Functions
zsh-private() {
ZSH_PRIVATE=1 zsh
}
myip() {
wget -qO- https://wtfismyip.com/text
}
speedtest() {
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python3
}
#endregion
#region Aliases
if [[ "$TERM" = "xterm-kitty" ]]; then
alias ssh="kitty +kitten ssh"
fi
if [[ $(whence -p "nvim") ]]; then
EDITOR="${EDITOR:-nvim}"
alias vim="nvim"
alias vi="nvim"
alias vimdiff="nvim -d"
fi
if [[ $(whence -p "eza") ]]; then
alias l="eza -lahg --color=auto --hyperlink"
alias ll="eza -alF --color=auto --hyperlink"
alias ls="eza --color=auto"
else
alias l="ls -lah --color=auto"
alias ll="ls -alF --color=auto"
alias ls="ls --color=auto"
fi
#endregion
if [[ "$__MATERUS_ZSH_256COLORS" = "1" ]] ; then [[ ! -f ${ZSH_CONFIG_DIR}/p10kcfg/fullcolor.zsh ]] || source ${ZSH_CONFIG_DIR}/p10kcfg/fullcolor.zsh;
else [[ ! -f ${ZSH_CONFIG_DIR}/p10kcfg/compatibility.zsh ]] || source ${ZSH_CONFIG_DIR}/p10kcfg/compatibility.zsh;
fi
@@ -140,12 +140,11 @@ function __zsh_compl () {
# Some functions, like _apt and _dpkg, are very slow. We can use a cache in
# order to speed things up
if [[ ${__COMP_CACHING:-yes} == yes ]]; then
__COMP_CACHE_DIR=${__COMP_CACHE_DIR:-${ZDOTDIR:-$HOME}/.cache}
if [[ ! -d ${__COMP_CACHE_DIR} ]]; then
command mkdir -p "${__COMP_CACHE_DIR}"
if [[ ! -d ${ZSH_COMPDIR} ]]; then
command mkdir -p "${ZSH_COMPDIR}"
fi
zstyle ':completion:*' use-cache yes
zstyle ':completion:*:complete:*' cache-path "${__COMP_CACHE_DIR}"
zstyle ':completion:*:complete:*' cache-path "${ZSH_COMPDIR}"
fi
# host completion
@@ -1577,7 +1577,7 @@
p10k segment -f 2 -i '*' -t 'hello, %n'
}
function prompt_private() {
if [ $__MATERUS_HM_ZSH_PRIVATE = "1" ]; then
if [ $ZSH_PRIVATE = "1" ]; then
p10k segment -f 5 -t 'PRIVATE'
fi
}
@@ -1682,7 +1682,7 @@
#
# Type `p10k help segment` for documentation and a more sophisticated example.
function prompt_private() {
if [ $__MATERUS_HM_ZSH_PRIVATE = "1" ]; then
if [ $ZSH_PRIVATE = "1" ]; then
p10k segment -b 54 -f 11 -i '󰗹' -t 'PRIVATE'
fi
}
+6
View File
@@ -0,0 +1,6 @@
#TODO: Set ZDOTDIR based on MKK_CONFIG_PATH
__HOME_ZSHENV_SOURCED=1
ZDOTDIR=${XDG_CONFIG_HOME:-"$HOME/.config"}/zsh/cfg
ZSH_DATA_DIR="${XDG_CONFIG_HOME:-"$HOME/.config"}/zsh/data"
ZSH_CONFIG_DIR="${XDG_CONFIG_HOME:-"$HOME/.config"}/zsh/cfg"
setopt no_global_rcs
+9
View File
@@ -0,0 +1,9 @@
local wezterm = require 'wezterm'
local config = wezterm.config_builder()
-- config.color_scheme = 'Duotone Dark'
config.enable_scroll_bar = true
config.scrollback_lines = 50000
return config
+12
View File
@@ -0,0 +1,12 @@
set -g history-limit 50000
set -g display-time 4000
set -g status-interval 5
set -g default-terminal "screen-256color"
set -g status-keys emacs
set -g focus-events on
setw -g aggressive-resize on
setw -g mouse on
setw -g clock-mode-style 24
set -ga terminal-overrides ',xterm*:smcup@:rmcup@'
set -g allow-passthrough on
@@ -1,308 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, materusArg, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.supportedFilesystems = [ "ntfs" ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.auto-optimise-store = true;
nix.settings.substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
nix.settings.trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
nixpkgs.config.allowUnfree = true;
# Use the systemd-boot EFI boot loader.
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = "1920x1080";
gfxmodeBios = "1920x1080";
useOSProber = true;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.tmpOnTmpfs = true;
services.flatpak.enable = true;
services.gvfs.enable = true;
networking.hostName = "Old-materusPC"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Warsaw";
services.fstrim = {
enable = true;
interval = "weekly";
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "lat2-16";
# keyMap = "pl";
useXkbConfig = true; # use xkbOptions in tty.
};
hardware.bluetooth.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
materus.profile.steam.enable = true;
# Configure keymap in X11
services.xserver.layout = "pl";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound.
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
hardware.pulseaudio.enable = false;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "kvm" "input" "libvirt" "libvirtd" "podman" ];
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
};
environment.sessionVariables = rec {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
#SSH_ASKPASS_REQUIRE = "prefer";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
MOZ_USE_XINPUT2 = "1";
PATH = [
"\${XDG_BIN_HOME}"
];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
# List packages installed in system profile. To search, run:
# $ nix search wget
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.libsForQt5.fcitx5-qt ];
environment.systemPackages = with pkgs; [
brave
glibc
patchelf
vim
wget
killall
xorg.xkill
xorg.xhost
nix-top
gitFull
curl
jdk
nss_latest
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
distrobox
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
nix-du
git-crypt
wineWowPackages.stagingFull
winetricks
protontricks
openal
gnupg
ncurses
monkeysphere
gparted
inkscape
gimp
virt-manager
libguestfs
bubblewrap
bindfs
pulseaudio
binutils
];
fonts.fontDir.enable = true;
fonts.enableDefaultFonts = true;
fonts.fonts = with pkgs; [
dejavu_fonts
hack-font
noto-fonts
noto-fonts-extra
noto-fonts-emoji
noto-fonts-cjk-sans
noto-fonts-cjk-serif
ubuntu_font_family
wqy_zenhei
monocraft
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "Meslo" "ProFont" ]; })
];
fonts.fontconfig.enable = true;
fonts.fontconfig.cache32Bit = true;
fonts.fontconfig.defaultFonts.sansSerif = [ "Noto Sans" "DejaVu Sans" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.serif = [ "Noto Serif" "DejaVu Serif" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.emoji = [ "Noto Color Emoji" "OpenMoji Color" ];
fonts.fontconfig.defaultFonts.monospace = [ "Hack Nerd Font" "Noto Sans Mono" "WenQuanYi Zen Hei Mono" ];
environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" ];
environment.shells = with pkgs; [ zsh ];
programs = {
steam = {
enable = true;
dedicatedServer.openFirewall = true;
remotePlay.openFirewall = true;
};
fish.enable = true;
java.enable = true;
command-not-found.enable = false;
dconf.enable = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
services.pcscd.enable = true;
/*systemd.user.services.gpg-agent.serviceConfig.ExecStart = [
""
''
${pkgs.gnupg}/bin/gpg-agent --supervised \
--pinentry-program ${pkgs.kwalletcli}/bin/pinentry-kwallet
''
];*/
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.ssh.startAgent = true;
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 ];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}
@@ -1,13 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports =
[
./secrets
./configuration.nix
./nvidia.nix
./plasma.nix
];
}
@@ -1,91 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "vfio-pci" ];
boot.extraModulePackages = [ ];
boot.kernel.sysctl = { "vm.swappiness" = 10; };
boot.kernelParams = [ "ibt=off" "intel_iommu=on" "iommu=pt" "pcie_acs_override=downstream,multifunction" ];
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/materus" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
neededForBoot = true;
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-label/NixOS_Home";
fsType = "btrfs";
options = [ "subvol=@home" "nossd" "noatime" "compress=zstd" "space_cache=v2" "autodefrag" ];
};
fileSystems."/materus/data" =
{
device = "/dev/disk/by-label/NixOS_Home";
fsType = "btrfs";
options = [ "subvol=@data" "nossd" "noatime" "compress=zstd" "space_cache=v2" "autodefrag" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/A5C2-31D1";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-label/NixOS_Swap"; }];
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
depends = [ "/materus" ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkForce true;
}
@@ -1,79 +0,0 @@
{ config, pkgs, materusArg, lib, ... }:
{
home.stateVersion = "22.11";
home.homeDirectory = "/home/materus";
programs.wezterm.enable = true;
programs.git = {
userEmail = "materus@podkos.pl";
userName = "materus";
signing.signByDefault = true;
signing.key = "${materusArg.cfg.path}/extraFiles/keys/ssh/materus.pub";
extraConfig = {
commit.gpgsign = true;
gpg.format = "ssh";
};
};
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_16; in [
llvmpkgs.clang
llvmpkgs.llvm
llvmpkgs.bintools
llvmpkgs.lld
llvmpkgs.lldb
llvmpkgs.libllvm
llvmpkgs.libllvm.dev
gcc
gdb
cmake
gnumake
ninja
binutils
coreutils
util-linux
dotnet-sdk_8
mono
mold
python3
lua
gtk4.dev
gtk4
miniaudio
SDL2.dev
SDL2
freeglut.dev
freeglut
boost.dev
boost
glew.dev
libGL.dev
libGLU.dev
vulkan-loader.dev
jdk
ldc
dmd
dub
]);
editor.emacs.enable = false;
};
home.packages = [
pkgs.papirus-icon-theme
];
}
@@ -1,32 +0,0 @@
{ config, pkgs, ... }:
{
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
nvidiaSettings = true;
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
};
hardware.opengl.extraPackages = with pkgs; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];
materus.profile.steam.extraEnv = {
VK_ICD_FILENAMES=''''$VK_ICD_FILENAMES:/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json:/run/opengl-driver-32/share/vulkan/icd.d/nvidia_icd.i686.json'';
};
}
@@ -1,27 +0,0 @@
{ pkgs, ... }:
{
services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.wayland.enable = true;
services.xserver.displayManager.sddm.settings = {
General = {
InputMethod = "";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
};
environment.variables = {
QT_PLUGIN_PATH = [ "${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}" ];
XCURSOR_THEME = "breeze_cursors";
};
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
environment.plasma6.excludePackages = with pkgs.kdePackages; [ kwallet kwalletmanager kwallet-pam ];
environment.systemPackages = with pkgs.kdePackages; [
ark
kate
];
materus.profile.steam.extraPkgs = [ pkgs.kdePackages.breeze pkgs.kdePackages.breeze-gtk pkgs.kdePackages.dolphin ];
}
@@ -1,25 +0,0 @@
{ config, pkgs, lib, materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets."wg-key" = { };
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -1,33 +0,0 @@
wg-key: ENC[AES256_GCM,data:+z+Xxq6A1h5ceCOZry9PSz871zVZpd9Y6vtqpfoAulHCN03DjzZ/PLmRvYQ=,iv:7hdjnUuaRk30hFJ8rv4zXxI8v42RWC1iQb64LMNgBnQ=,tag:eUSTVygR+u9ERPU9gfhYIw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1el7zhjxkrlravpt7hw36fuac0xfgd42qkjjkvxzqmyl28u8csasqkd4a40
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsT2w4SCt2ZGdLYktHckMw
QVhza2tqU2M1Q3lsYnhld1dKcTdYUHcvSzFrCjMxT05yU01nUmFQK0FCUThUNDNN
V2EyTUhoVUNjNlNwTU9FeTlGRkxvVDgKLS0tIDBFYys1TmI0T0x0RnE2N3JCWWpq
VFVjMGUvRVBaY0JsR2lVcUFsdk4rYjQKEiiqEcTaQSVXSAm5c9uylaf2Tt/KJtPl
GDp+2YSBHHnVYjtYf7k9WqsIEe5/0AifDp3YA8jNhOXuZwZdvk+fLw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-30T18:21:12Z"
mac: ENC[AES256_GCM,data:0DMB+ukujc6PMU45n1QJGryGie25Bj2hXmia69QgYZNk2vgfO+nYmWSpmqK4Z00xXNtbsgejfDto5mrzU/OJ4FF3eOfwWfdIwxQLEQKoPF5U3niON3YO8FEA+JIn+/fNGF3fY1AgBfhberST5ikKnmff1Nwe5GOwQHSB3LU+CZE=,iv:V89EFUby3bwsoZKpoJRmJS9E/UheMBkKDq7j40IzBTA=,tag:aOJnFFGIuzQ3T7YrIFiWtw==,type:str]
pgp:
- created_at: "2024-03-30T18:20:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAnUVLGsgIKd3EtSAGTPyXqSlsz1T8RnDvAtBz/XaH0y0w
pkp84zTe85FRZDnTO8a44WkpNIrUih0CYQSPPCZqSi/qnIxPWgx67HTC1bPAO9Iw
1GgBCQIQNcrKr4YNKSP5XxJqMXOyZD7rZ4g02Xdw5XplZ/y34m9c83S44XRgHwg4
0obXI1UlsqyHf/ZnTM1pbXO/kdTdFomWvWbfbuKDgDvyiJJ18mJ48GOsv/SBBJjJ
3877O+Ia5I8Chg==
=q58P
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
Binary file not shown.
-61
View File
@@ -1,61 +0,0 @@
{ inputs, materusFlake }:
let
profiles = import ../profile;
makeSystem = { host, arch ? "x86_64-linux", extraModules ? [ ], stable ? true, hmAsModule ? true, hmUsers ? [ "materus" ] }:
let
nixosSystem = if stable then inputs.nixpkgs-stable.lib.nixosSystem else inputs.nixpkgs.lib.nixosSystem;
hm = if stable then inputs.configInputs-stable.home-manager else inputs.configInputs.home-manager;
materusCfg = {
inherit stable;
inherit materusFlake;
inherit host;
inherit hm;
inherit hmAsModule;
nixerus = if stable then inputs.configInputs-stable.nixerus else inputs.configInputs.nixerus;
configInputs = if stable then inputs.configInputs-stable else inputs.configInputs;
path = materusFlake.selfPath;
hostPath = materusFlake.selfPath + "/configurations/host/${host}";
isHm = false;
};
in
(nixosSystem {
specialArgs = { inherit materusCfg; };
system = arch;
modules = [
./${host}
profiles.osProfile
materusCfg.configInputs.sops-nix.nixosModules.sops
(if hmAsModule then hm.nixosModules.home-manager else { })
(if hmAsModule then
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users = (builtins.foldl' (a: b: a // b) { } (builtins.map
(user: {
${user} = ({ ... }:
{
imports = [
(materusFlake.selfPath + "/configurations/shared/home/${user}")
(materusFlake.selfPath + "/configurations/host/${host}/home/${user}")
profiles.homeProfile
];
});
})
hmUsers));
home-manager.extraSpecialArgs = { materusCfg = materusCfg // { isHm = true; }; };
} else { })
] ++ extraModules;
}) // { inherit materusCfg; };
in
{
materusPC = makeSystem { host = "materusPC"; stable = false; };
flamaster = makeSystem { host = "flamaster"; stable = true; };
valkyrie = makeSystem { host = "valkyrie"; stable = true; };
waffentrager = makeSystem { host = "waffentrager"; stable = true; arch = "aarch64-linux"; };
Old-materusPC = makeSystem { host = "Old-materusPC"; stable = false; };
}
@@ -1,192 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, materusArg, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.wireless.iwd.enable = true;
services.logind.lidSwitch = "ignore";
services.logind.lidSwitchExternalPower = "ignore";
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
programs.tmux = {
enable = true;
clock24 = true;
};
programs.java = {
enable = true;
package = pkgs.graalvm-ce;
binfmt = true;
};
# Bootloader.
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
useOSProber = true;
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080";
#efiInstallAsRemovable = true;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
networking.hostName = "flamaster"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
networking.networkmanager.wifi.backend = "iwd";
# Set your time zone.
time.timeZone = "Europe/Warsaw";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.utf8";
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl.enable = true;
hardware.nvidia.prime = {
offload.enable = true;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
};
# Enable the KDE Plasma Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# Configure keymap in X11
services.xserver = {
layout = "pl";
xkbVariant = "";
};
# Configure console keymap
console.keyMap = "pl2";
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.materus = {
isNormalUser = true;
description = "Mateusz Słodkowicz";
extraGroups = [ "networkmanager" "wheel" ];
openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
packages = with pkgs; [
kate
];
shell = pkgs.zsh;
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
util-linux
killall
pciutils
lshw
steamcmd
distrobox
config.materus.profile.packages.firefox
config.programs.java.package
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 27015 25565 24454 8123 ];
networking.firewall.allowedTCPPortRanges = [{ from = 16262; to = 16272; }];
networking.firewall.allowedUDPPorts = [ 22 16261 16262 8766 8767 25565 24454 8123 ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
networking.networkmanager.extraConfig = lib.mkDefault ''
[connectivity]
uri=http://nmcheck.gnome.org/check_network_status.txt
'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
programs.neovim.enable = true;
programs.neovim.vimAlias = true;
programs.neovim.viAlias = true;
services.flatpak.enable = true;
xdg.portal.enable = true;
virtualisation.podman.enable = true;
virtualisation.podman.dockerCompat = true;
virtualisation.podman.enableNvidia = true;
virtualisation.podman.dockerSocket.enable = true;
}
-12
View File
@@ -1,12 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./configuration.nix
];
materus.profile.nix.enable = true;
materus.profile.steam.enable = true;
}
@@ -1,67 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" "compress=zstd" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-label/NixOS_EFI_L";
fsType = "vfat";
};
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [{
device = "/var/.swapfile";
size = 32 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
@@ -1,23 +0,0 @@
{ config, pkgs, materusArg, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
zsh.enable = true;
};
home.packages = [
pkgs.papirus-icon-theme
(materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; })
];
}
-106
View File
@@ -1,106 +0,0 @@
{config, pkgs, materusArg, ...}:
{
environment.systemPackages = with pkgs; [
gamescope
#(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
materusArg.pkgs.amdgpu-pro-libs.prefixes
(pkgs.bottles.override { extraPkgs = pkgs: [ pkgs.libsForQt5.breeze-qt5 pkgs.kdePackages.breeze-gtk pkgs.nss_latest ]; extraLibraries = pkgs: [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
glibc
glib
gtk3
gtk4
gsettings-desktop-schemas
kdePackages.dolphin
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
patchelf
killall
util-linux
xorg.xhost
nix-top
gitFull
curl
wget
config.programs.java.package
nss_latest
pciutils
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
steamtinkerlaunch
distrobox
# WebP support
libwebp
webp-pixbuf-loader
# Compression
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
tldr
bat
##config.materus.profile.packages.home-manager
gcr
# pgcli
# litecli
materusArg.pkgs.alvr
#zenmonitor
nix-du
kate
krusader
wineWowPackages.stagingFull
winetricks
protontricks
gnupg
pinentry
pinentry-gnome3
pinentry-curses
ncurses
monkeysphere
gparted
virt-viewer
inkscape
gimp
git-crypt
bubblewrap
bindfs
binutils
];
}
-31
View File
@@ -1,31 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports =
[
./hardware
./vm
./secrets
./scripts.nix
./tmp.nix
./network.nix
./kde.nix
./audio.nix
./apps.nix
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
system.copySystemConfiguration = false;
system.stateVersion = "23.05";
materus.profile.nix.enable = true;
materus.profile.nixpkgs.enable = true;
materus.profile.fonts.enable = true;
materus.profile.steam.enable = true;
}
-44
View File
@@ -1,44 +0,0 @@
{ config, pkgs, lib, ... }:
{
services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.gdm.wayland = true;
services.xserver.desktopManager.gnome.enable = true;
services.xserver.desktopManager.gnome.sessionPath = [ pkgs.gnome.gpaste ];
services.gnome.gnome-online-accounts.enable = true;
services.gnome.gnome-browser-connector.enable = true;
services.gnome.core-utilities.enable = true;
services.gnome.core-shell.enable = true;
services.gnome.core-os-services.enable = true;
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
programs.gnome-terminal.enable = true;
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
services.dbus.packages = with pkgs; [ gnome2.GConf ];
environment.systemPackages = with pkgs; [
gnome3.adwaita-icon-theme
gnome3.gnome-tweaks
gnome3.gnome-color-manager
gnome3.gnome-shell-extensions
gnomeExtensions.appindicator
gnomeExtensions.desktop-clock
gnomeExtensions.gtk4-desktop-icons-ng-ding
gnomeExtensions.compiz-windows-effect
gnomeExtensions.burn-my-windows
gnomeExtensions.user-themes
gnomeExtensions.gsconnect
];
}
@@ -1,59 +0,0 @@
{ config, pkgs, lib, ... }:
let
video = [
"video=HDMI-A-3:1920x1080@144"
"video=DP-3:1920x1080@240"
#"video=DP-1:1920x1080@240"
#"video=DP-2:1920x1080@240"
#"video=HDMI-A-1:1920x1080@240"
#"video=HDMI-A-2:1920x1080@240"
];
in
{
#Kernel
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.kernelParams = [ "rcu_nocbs=8-15,24-31" "nohz_full=8-15,24-31" "vfio_iommu_type1.allow_unsafe_interrupts=1" "pcie_acs_override=downstream,multifunction" /*"pci-stub.ids=1002:744c"*/ "nox2apic" "nvme_core.default_ps_max_latency_us=0" "nvme_core.io_timeout=255" "nvme_core.max_retries=10" "nvme_core.shutdown_timeout=10" "amd_iommu=on" "iommu=pt" ] ++ video;
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci"];
boot.extraModprobeConfig = ''
options kvm_amd nested=1 avic=1 npt=1 sev=0
options vfio_iommu_type1 allow_unsafe_interrupts=1
'';
boot.kernel.sysctl = {
"vm.max_map_count" = 1000000;
"vm.swappiness" = 10;
};
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.supportedFilesystems = [ "ntfs" "btrfs" "vfat" "exfat" "ext4" ];
boot.tmp.useTmpfs = true;
#bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
useOSProber = true;
memtest86.enable = true;
};
boot.plymouth.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}
@@ -1,61 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
{
imports =
[
./filesystem.nix
./boot.nix
];
hardware.firmware = with pkgs; [
materusArg.pkgs.amdgpu-pro-libs.firmware.vcn
#materusArg.pkgs.amdgpu-pro-libs.firmware
linux-firmware
alsa-firmware
sof-firmware
];
environment.variables = {
DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1";
VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json";
AMD_VULKAN_ICD = "RADV";
RADV_PERFTEST = "gpl,rt,sam";
OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/";
};
hardware.cpu.amd.updateMicrocode = lib.mkForce true;
#extra
hardware.wooting.enable = true;
hardware.bluetooth.enable = true;
#Graphics
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
amdvlk
rocmPackages.clr.icd
rocmPackages.clr
materusArg.pkgs.amdgpu-pro-libs.vulkan
materusArg.pkgs.amdgpu-pro-libs.amf
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
pkgs.driversi686Linux.amdvlk
materusArg.pkgs.i686Linux.amdgpu-pro-libs.vulkan
libvdpau-va-gl
];
services.udev.extraRules = ''
#GPU bar size
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource0_resize}="15"
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource2_resize}="8"
'';
#Trim
services.fstrim = {
enable = true;
interval = "weekly";
};
}
@@ -1,68 +0,0 @@
{ config, pkgs, lib, ... }:
{
zramSwap = {
enable = true;
memoryPercent = 25;
};
swapDevices = [
{
label = "NixOS_Swap";
}
];
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
depends = [ "/materus" ];
};
fileSystems."/materus" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
neededForBoot = true;
};
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" "compress=zstd" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@home" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-label/NixOS_EFI";
fsType = "vfat";
};
}
@@ -1,96 +0,0 @@
{ pkgs, materusArg, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
programs.git.signing.signByDefault = true;
xdg.userDirs.enable = true;
xdg.portal.enable = true;
xdg.portal.xdgOpenUsePortal = true;
xdg.portal.extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
xdg.portal.configPackages = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_16; in [
llvmpkgs.clang
llvmpkgs.llvm
llvmpkgs.bintools
llvmpkgs.lld
llvmpkgs.lldb
llvmpkgs.libllvm
llvmpkgs.libllvm.dev
raylib
gcc
gdb
nil
nixfmt
nixpkgs-fmt
cmake
gnumake
ninja
binutils
coreutils
util-linux
openssl
openssl.dev
pkg-config
dotnet-sdk_8
mono
mold
python3
lua
gtk4.dev
gtk4
miniaudio
SDL2.dev
SDL2
freeglut.dev
freeglut
boost.dev
boost
glew.dev
libGL.dev
libGLU.dev
vulkan-loader.dev
xorg.xorgproto
xorg.libX11.dev
xorg.libXrandr.dev
xorg.libXrender.dev
rustup
freetype.dev
fpc
openjdk21
bison
flex
ldc
dmd
dub
]);
editor.emacs.enable = false;
};
home.packages = [
pkgs.papirus-icon-theme
materusArg.pkgs.ffmpeg6-amf-full
(materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; extraLibs = [ ]; })
pkgs.git-crypt
];
programs.obs-studio = {
enable = false;
plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-vkcapture obs-gstreamer input-overlay obs-multi-rtmp obs-pipewire-audio-capture ];
package = materusArg.pkgs.obs-amf;
};
}
-73
View File
@@ -1,73 +0,0 @@
{ config, pkgs, lib, ... }:
let
westonSddm = let xcfg = config.services.xserver; in pkgs.writeText "weston.ini"
''
[core]
xwayland=false
shell=fullscreen-shell.so
[keyboard]
keymap_model = ${builtins.toString xcfg.xkb.model};
keymap_layout = ${builtins.toString xcfg.xkb.layout};
keymap_variant = ${builtins.toString xcfg.xkb.variant};
keymap_options = ${builtins.toString xcfg.xkb.options};
[libinput]
enable-tap = ${builtins.toString xcfg.libinput.mouse.tapping};
left-handed = ${builtins.toString xcfg.libinput.mouse.leftHanded};
[output]
name=DP-3
mode=1920x1080@240
[output]
name=DP-2
mode=off
[output]
name=HDMI-A-3
mode=off
'';
in
{
services.displayManager.defaultSession = "plasma";
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.displayManager.sddm.wayland.compositor = lib.mkForce "weston";
services.displayManager.sddm.wayland.compositorCommand = lib.concatStringsSep " " [
"${lib.getExe pkgs.weston}"
"--shell=kiosk"
"-c ${westonSddm}"
];
services.displayManager.sddm.settings = {
General = {
InputMethod = "";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
};
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
environment.plasma6.excludePackages = with pkgs.kdePackages; [ kwallet kwalletmanager kwallet-pam ];
environment.variables = {
# Old fix for black cursor on amdgpu, seems to work fine now
#KWIN_DRM_NO_AMS = "1";
#Fix for amdgpu crashes
KWIN_DRM_USE_MODIFIERS = "0";
KWIN_DRM_NO_DIRECT_SCANOUT = "1";
QT_PLUGIN_PATH = [ "${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}" ];
XCURSOR_THEME = "breeze_cursors";
};
environment.systemPackages = with pkgs; [
kdePackages.ark
];
materus.profile.steam.extraPkgs = [ pkgs.kdePackages.breeze pkgs.kdePackages.breeze-gtk pkgs.kdePackages.dolphin ];
}
-51
View File
@@ -1,51 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
{
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
'';
networking.useDHCP = lib.mkDefault true;
networking.hostName = "materusPC";
networking.wireless.iwd.enable = true;
networking.networkmanager.enable = true;
#networking.networkmanager.wifi.backend = "iwd";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 8080 9943 9944 ];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 6000 9943 9944 ];
#Fix warning
networking.networkmanager.extraConfig = lib.mkDefault ''
[connectivity]
uri=http://nmcheck.gnome.org/check_network_status.txt
'';
networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path
];
networking.networkmanager.ensureProfiles.profiles = {
wg0 = {
connection = {
id = "wg0";
type = "wireguard";
interface-name = "wg0";
};
wireguard = {
private-key = "$WIREGUARD_PRIVATEKEY";
};
"wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
allowed-ips = "${materusArg.ip-masks.wireguard.general};";
};
ipv4 = {
address1 = "${materusArg.ips.wireguard.materusPC}/23";
dns = "${materusArg.ips.wireguard.valkyrie};";
method = "manual";
never-default = "true";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "disabled";
};
proxy = { };
};
};
}
-59
View File
@@ -1,59 +0,0 @@
{ config, pkgs, lib, ... }:
let
valkyrie-sync = pkgs.writeShellScriptBin "valkyrie-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/nixos-config materus@valkyrie:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/valkyrie materus@valkyrie:/materus/config/private
'';
valkyrie-flakelock = pkgs.writeShellScriptBin "valkyrie-flakelock" ''
${pkgs.openssh}/bin/ssh materus@valkyrie "nix flake update /materus/config/nixos-config --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-boot = pkgs.writeShellScriptBin "valkyrie-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild boot --flake /materus/config/nixos-config#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-switch = pkgs.writeShellScriptBin "valkyrie-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild switch --flake /materus/config/nixos-config#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
flamaster-sync = pkgs.writeShellScriptBin "flamaster-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/nixos-config materus@flamaster:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/flamaster materus@flamaster:/materus/config/private
'';
flamaster-flakelock = pkgs.writeShellScriptBin "flamaster-flakelock" ''
${pkgs.openssh}/bin/ssh materus@flamaster "nix flake update /materus/config/nixos-config --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-boot = pkgs.writeShellScriptBin "flamaster-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild boot --flake /materus/config/nixos-config#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-switch = pkgs.writeShellScriptBin "flamaster-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild switch --flake /materus/config/nixos-config#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
in
{
environment.systemPackages = [
valkyrie-rebuild-boot
valkyrie-rebuild-switch
valkyrie-sync
valkyrie-flakelock
flamaster-rebuild-boot
flamaster-rebuild-switch
flamaster-sync
flamaster-flakelock
];
}
@@ -1,27 +0,0 @@
{ config, pkgs, lib, materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.age.sshKeyPaths = [ "/materus/root/ssh_host_ed25519_key" ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.wireguard = { };
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -1,36 +0,0 @@
users:
materus: ENC[AES256_GCM,data:okqSgMvdFq1BMAg+Gs725zaNbeAQIpJKSPB2Sa83i3EYimphZNBtrJLen+gQEGNq4yeTyAc9Ih/hcnr+3z+Tea/g9ffh/UC4YA==,iv:OhKoWLREAqCbtmS3Rw9nE9+PtcBLwEHimJXcj4oejRA=,tag:Ht/SQSwumnQR6E45Pl47AQ==,type:str]
root: ENC[AES256_GCM,data:vnPjK+xayk/Zk895rERYAeCzpjv5NJ7EAyK4MRDUzDbW++4Dy+UEI81v1v7w9dfpDeL+x5kOqUFO5zVVDUGfZ3yf/l8M8N8KcA==,iv:gGFGcy3K27nQxn0+7I/t0kg3nZyXeGWqysOl2auZJXo=,tag:N+LYhKpPCbI1EjEBwxuh1g==,type:str]
wireguard: ENC[AES256_GCM,data:rBkftzBcdamhP0xZB3qxfLptL8bX1qc7SdcfPNpYV67TeQs6i79+5KB/da4=,iv:22J5SZbFtYco7iSHvD2GD1bcazfGWlyEJ2isa3Ab4bI=,tag:BeUn9Srl2vyoDgK5Xv0UCg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1fq9ckkwtgvm69w045rf9pgurnhch6ukdxejr8yxgrthn7j8vp48qvd9rkx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbHZZUVF1dVJSU1NvNXVk
N3VtTm00ZHRWb082T0FkNXJncUxCU3haVmpVCk9FQkJBZnVJVFNLOThjZzlxNVF1
b0phQ2daejRrdVhEZ2YvRHVRRU5BQlEKLS0tIGdQeDlOSzl4VDhGNURQditCWUFG
dWVzbzUyakxXUGpTQjNsYzcyVG1aRDgKXVa8tIAbmggw1vSt3NJYRLgXhbagpNrX
RNXyndPaeQXVPVXuJWmHgRCYbwPTcfAFpGwFlX2IxVLlmC914Zklhw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-19T15:58:46Z"
mac: ENC[AES256_GCM,data:BLa0G3ci8EWH43UkLI2OoFJp2F9YeuKDrg6+2I/bq/lLi/YUitkJvBkA9VSIbvCyYWs/5SlEL5MayX8iiVdJ7r9bCiw+LVsWNAdaYDCafbZRW5F7KiHS5WXV3v4c201kFok7rmnRhEfKfdDxLlQ/mFHqOhupHU/qCNMTuUzJBiA=,iv:EPRoXHVMB6I16lTFJdFVAuSnMD/B55fPYtSBOQddutE=,tag:gohg+BdRlMPAQmNpRdk8sg==,type:str]
pgp:
- created_at: "2024-03-02T22:10:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAvGVUu56Pd2+DMHqgIcJokyh11952nQK2eVtQNj42CAUw
NQfulNRUHX5BonsLyvXPx74bVku6Wxr80loIWoz049/xbFj4S7FyftkakY8rOUGu
1GgBCQIQOoEFvTQB8qGbea/85fktuljXPou/WgUY6Mxd4n0dBz54f69B/NttnBGc
7eUDKfe79Omr0o/0CVC/6SGKoiS38suV903QHeF1MXFPeOG72k4TvfF9lVlBgK8H
k4DXtzC7wm3WWg==
=eh7Z
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
-158
View File
@@ -1,158 +0,0 @@
{ config, pkgs, materusArg, ... }:
{
virtualisation.lxc.enable = true;
virtualisation.lxc.lxcfs.enable = true;
virtualisation.lxd.enable = true;
programs.gamemode.enable = true;
services.teamviewer.enable = true;
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
services.flatpak.enable = true;
services.gvfs.enable = true;
services.xserver.xkb.layout = "pl";
services.xserver.enable = true;
services.xserver.videoDrivers = [ "amdgpu" ];
services.dbus.enable = true;
services.dbus.packages = [ pkgs.gcr ];
services.xserver.displayManager.startx.enable = false;
xdg.portal.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.xdgOpenUsePortal = true;
services.xserver.exportConfiguration = true;
services.xserver.extraConfig = pkgs.lib.mkDefault ''
Section "OutputClass"
Identifier "amd-options"
Option "TearFree" "True"
Option "SWCursor" "True"
Option "VariableRefresh" "true"
Option "AsyncFlipSecondaries" "true"
Option "DRI3" "1"
MatchDriver "amdgpu"
EndSection
'';
services.printing.enable = true;
services.xserver.libinput.enable = true;
virtualisation.waydroid.enable = false;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
users.users.materus = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
"render"
"pipewire"
"wheel"
"networkmanager"
"input"
"kvm"
"libvirt-qemu"
"libvirt"
"libvirtd"
"podman"
"lxd"
];
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
};
environment.sessionVariables = {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
QT_XKB_CONFIG_ROOT = "\${XKB_CONFIG_ROOT}";
GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
XMODIFIERS = "@im=fcitx";
SDL_IM_MODULE = "fcitx";
MOZ_USE_XINPUT2 = "1";
PATH = [
"\${XDG_BIN_HOME}"
];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.kdePackages.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.fcitx5-gtk pkgs.kdePackages.fcitx5-qt ];
services.pcscd.enable = true;
services.samba-wsdd.enable = true;
services.samba = {
enable = true;
package = pkgs.sambaFull;
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.ssh.startAgent = true;
services.openssh.enable = true;
environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" "/share/bash-completion" "/share/fish" ];
environment.shells = with pkgs; [ zsh bashInteractive fish ];
programs = {
fish.enable = true;
java.enable = true;
java.package = pkgs.graalvm-ce;
java.binfmt = true;
command-not-found.enable = false;
dconf.enable = true;
};
materus.profile.browser.enable = true;
services.davfs2.enable = true;
}
@@ -1,134 +0,0 @@
{ config, pkgs, ... }:
let
startHook = /*''
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
''
+*/
''
# Make sure nothing renders on gpu to prevent "sysfs: cannot create duplicate filename" after rebinding to amdgpu
chmod 0 /dev/dri/renderD128
fuser -k /dev/dri/renderD128
# Seems to fix reset bug for 7900 XTX
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
systemctl stop mountWin10Share.service
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
sleep 1s
echo "10" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
echo "3" > /proc/sys/vm/drop_caches
echo "1" > /proc/sys/vm/compact_memory
#echo "8192" > /sys/devices/system/node/node1/hugepages/hugepages-2048kB/nr_hugepages
systemctl set-property --runtime -- user.slice AllowedCPUs=0-7,16-23
systemctl set-property --runtime -- system.slice AllowedCPUs=0-7,16-23
systemctl set-property --runtime -- init.scope AllowedCPUs=0-7,16-23
'';
stopHook = ''
# Debugging
# exec 19>/home/materus/stoplogfile
# BASH_XTRACEFD=19
# set -x
# exec 3>&1 4>&2
# trap 'exec 2>&4 1>&3' 0 1 2 3
# exec 1>/home/materus/stoplogfile.out 2>&1
sleep 1s
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
echo "15" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
echo "1" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind
echo ''$VIRSH_GPU_AUDIO > /sys/bus/pci/drivers/snd_hda_intel/bind
#echo "0" > /sys/devices/system/node/node1/hugepages/hugepages-2048kB/nr_hugepages
systemctl start mountWin10Share.service
systemctl set-property --runtime -- user.slice AllowedCPUs=0-31
systemctl set-property --runtime -- system.slice AllowedCPUs=0-31
systemctl set-property --runtime -- init.scope AllowedCPUs=0-31
'';
in
{
virtualisation.libvirtd.hooks.qemu = {
"win10" = pkgs.writeShellScript "win10.sh" ''
VIRSH_GPU_VIDEO="0000:03:00.0"
VIRSH_GPU_AUDIO="0000:03:00.1"
VIRSH_USB1="0000:10:00.0"
if [ ''$1 = "win10" ] || [ ''$1 = "win11" ]; then
if [ ''$2 = "prepare" ] && [ ''$3 = "begin" ]; then
${startHook}
fi
if [ ''$2 = "release" ] && [ ''$3 = "end" ]; then
${stopHook}
fi
fi
'';
};
systemd.services.mountWin10Share = {
wantedBy = [ "multi-user.target" ];
path = [ config.virtualisation.libvirtd.qemu.package pkgs.util-linux pkgs.kmod pkgs.coreutils ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
modprobe nbd max_part=16
sleep 1
qemu-nbd -c /dev/nbd0 /materus/data/VM/data.qcow2 --cache=unsafe --discard=unmap
sleep 1
mount /dev/nbd0p1 /materus/data/Windows -o uid=1000,gid=100
'';
preStop = ''
umount /materus/data/Windows
qemu-nbd -d /dev/nbd0
'';
};
}
@@ -1,17 +0,0 @@
{ ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = false;
nixpkgs.enable = false;
enableDesktop = false;
enableTerminal = false;
enableTerminalExtra = false;
enableNixDevel = false;
fish.enable = false;
bash.enable = true;
zsh.enable = true;
};
}
@@ -1,35 +0,0 @@
{ materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets.wireguard = { };
sops.secrets.discord-token = {};
sops.secrets.spotify-client-id = {};
sops.secrets.spotify-client-secret = {};
sops.secrets.youtube-api = {};
sops.secrets.certs = {};
sops.secrets.steamladder-api = {};
sops.secrets.webarchive-accesskey = {};
sops.secrets.webarchive-secretkey = {};
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -1,41 +0,0 @@
wireguard: ENC[AES256_GCM,data:i98U0ugxbNqWNuKR8u+mdWoSMLViHXfsWRBS1lvjb+hgGxveyzjBcagBIeY=,iv:/hF9oH2R6NSeHT/UQTlbmtx+gPX/3CJOLPNnxrzsY/g=,tag:2ub5w8uH2O1B2hoku8Kowg==,type:str]
discord-token: ENC[AES256_GCM,data:JQ/6MJvBlJpKzs/L0hFB1LPpQSfJvDdEB6YerVZyDqGo7plA0S5wORACgA88Dei1x1NGsXhYtiwT4vE9jjeCOlWXZdl1mA==,iv:BsDu1De0qLX/8VDiZ5co1q1LXxkz/Som9+hvm/67/xU=,tag:YO0wQNF3/AXbifpeAa935Q==,type:str]
spotify-client-id: ENC[AES256_GCM,data:WK7CJGw6mtIG3Jfp59cWx3ool4z1P09TvHcpbOQ2JV0=,iv:EaJ5ecXdmx0Ky+43xZITM811IOo4EisvPSyogXrJXng=,tag:NYTI4vLsWGa695CJ+TIgbw==,type:str]
spotify-client-secret: ENC[AES256_GCM,data:TnR+zLLklTfzMdR4woaZWuMVJQ9VIYsFM588GRO6WCY=,iv:cYiqw8ZdMgLeug4ptwPV3L+MeY6xIldfUBfiYg1mFD8=,tag:YDLh6BXFcBHnpdgM7e87wg==,type:str]
youtube-api: ENC[AES256_GCM,data:qmpFlFvudS9rXQfN+Th/UrPWCW0mg5GkpMucS/01AmOnlChqtojC,iv:q3bKwI2I6BNa3L9ezKCE1fWT/vZLiJ8uzug1z2z+TWA=,tag:gKG3HTz8jp2LAFh8e8O6sg==,type:str]
steamladder-api: ENC[AES256_GCM,data:m30o5atqugwqn/WbXGkUq5GvqiIKQT0kSRQCtHc1Gxk/dC3YcbDvMw==,iv:duLKl1NvysD0XMaUOkl/6nclMQB6seXcQYkGMrm7K7Y=,tag:9dw+UH10uAdca5fVdlw1Mg==,type:str]
webarchive-accesskey: ENC[AES256_GCM,data:jdKlHsZq2Dkk1BcBfUVv5g==,iv:BXCgPb/2W57PYXxRktInz1LxSEwlw6m3xnQU4TOPMeY=,tag:kK4+InaH7K4D4n1hyGaR+w==,type:str]
webarchive-secretkey: ENC[AES256_GCM,data:nuA9G5dNtrNfbcx0G/GUTg==,iv:RRuTm4kZr5dNjBt9Zvk/NVefHCZYODmRvWAqZizKGJY=,tag:J2V0Q3BzXNWifVVvAkwYyg==,type:str]
certs: ENC[AES256_GCM,data:ttmSNTTx51a3L2HTC8RnSphDLHO2OSyIgXQ0YpZGySTdu69mgEyhaiSi+IAXg/1AHKRjpFJgE4fhsLAiW78pNYb+Zg7aDL47YtABO99sTZrZnBxZo6k6itpZ3oClDch2ZALzoXChLroc0tUbZKwsfOwGe3pw9lOJZJT34AhV+BVoXDDLQcpQoxz23Baa8oxklecT6wpJ1u1nW+aAHw33gm41Vw==,iv:b0aNZwaRKBg+ipe5+19BowyFbCjZt52S738om6emYGo=,tag:lUqtcc4vVWKx/fnc19vj7A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1wscr6kv8393wv0fjaux8juplaxq55znlzrp62qyteq0fauu3yg0s7d7k98
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSRXNLdUZaVU13alNhVGgz
aXdMb3IzNjNQcHJFV2JLNVM2SUVBa3VNZlRFCkxxd21CTWVDUkVXbzR6ZEkxbm5J
VGorSkp6a2xSdHRHcFk5T3VYVlJJa0UKLS0tIE1WdHo5eTlpNEEyN25oSjk1KzdS
d2dMUUh1RDB3UnpEdFJsNHpQRXFWemMKc41dlOapTsvH91QLNhdPbrzerPFakOiX
J/uoZDMIhsmQxgQM7Fqxr05NywhI/ZjOtJS2bayp73O57xjjMYcyNQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-05T22:42:16Z"
mac: ENC[AES256_GCM,data:KSRGzHipb58uNYaRYXAy3y+D9cBG53RGxZpNrx2gy+CHbGtkUW1SWc4PPrBwBhb6+TN0vb1zHuOB4HK4Bys/jqmvGgVkO2VKj15MTFMpF5n6w0blFM7d5bCDydHAhvXEZA/PFWq97DTI1Zxb+N/HWJlefKCzYOHHWj7i4leKNjk=,iv:88Ekp0sjEo5UTBLUyYSrkP+MbIFcCmegclJIK3+0jOQ=,tag:H/ESeQhC1PEF00RiDnamyw==,type:str]
pgp:
- created_at: "2024-03-21T22:55:36Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdA667A9P/3ktuS2iEjxkv3aYMAGSu0oPGIX7dsC23VVgkw
OmcwhXxBnipcG+izbtNylXz5VonyyKHwdR2QIgkt9FEuC8lI17GHVyogTCFiP7Dj
1GgBCQIQN4EqFdiXqzJUeeE+PdOzVPs+1kStz+S1H22NjrJAFv67cbyIgwpItuXD
Sfao+MU1HWDY4iKZrcfWArUgpQj/pvsmUeJ72iXD3bkTTrK61g3GZA+g9lFewl/B
SORJMu9btS4GAw==
=aBMP
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
@@ -1,38 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable dcbot";
config =
let
cfg = config.valkyrieService.dcbot;
in
lib.mkIf cfg.enable {
sops.templates."dcbot.env".content = ''
TOKEN=${config.sops.placeholder.discord-token}
MAX_PLAYLIST_SIZE=100
PRUNING=false
LOCALE=pl
DEFAULT_VOLUME=100
STAY_TIME=30
'';
systemd.tmpfiles.rules = [
"d /var/lib/muse 0776 root root -"
];
virtualisation.oci-containers.containers.dcbot = {
image = "eritislami/evobot:latest";
volumes = [
];
environmentFiles = [
config.sops.templates."dcbot.env".path
];
};
};
}
@@ -1,10 +0,0 @@
{ config, pkgs, materusCfg, ... }:
{
imports = [
materusCfg.configInputs.nixos-hardware.nixosModules.raspberry-pi-4
./configuration.nix
./secrets
./services
];
}
@@ -1,17 +0,0 @@
{ config, pkgs, lib, ... }:
{
home.stateVersion = "23.11";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = false;
nixpkgs.enable = false;
enableDesktop = false;
enableTerminal = false;
enableTerminalExtra = false;
enableNixDevel = false;
fish.enable = false;
bash.enable = true;
zsh.enable = true;
};
}
@@ -1,28 +0,0 @@
{ materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
sops.secrets.wireguard = { };
sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.elements = { };
sops.secrets.nextcloud-adminpass = { };
}
@@ -1,37 +0,0 @@
wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
nextcloud-adminpass: ENC[AES256_GCM,data:5vohRPEcJJ8gIRro38O73ufSYYEp1DXpBgjCPdPnMcg=,iv:STh3k5wUwx3AfSDTPCXhuXbPb3d+Vi1cAaQN2a9eW1w=,tag:Ef/Z2Idvl6575Jvs2GDJ8A==,type:str]
elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
users:
materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1j34lqh0z6ak2c94n564wgyjeykn9srma34f5e5e7xvf498fwk3rqxvwx0l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvejRrcGVwZHNkTVB5dkYr
RnhVVjNEblFVd0xXSStqdjFhWVVNS3ljUTNZCnBFVmRRVVVENGhJUVg2L1lSM1NO
dkQydVhOaFVxd0p0aFhVcmp6eXdGeVEKLS0tIFIvRDlvZDdsbm1USEZUZ3FYMmla
eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-12T11:21:33Z"
mac: ENC[AES256_GCM,data:TbWjHvrJAB55AjFsbOK/IPb7v4wzqL2JGLvnNTr+ah/c2brdlq6DWeAF2+HA3FpLRt2a0MajwMTCsconoe8hW6Am/WO0FJBoYlneLAl/RlAv7BYfyorTD/Vyp9am7ml5T3f2pdYdsw1k/5RSn1ulUg43vSgi5es5Co8CtzC5hPE=,iv:+V48Azrr9yArwqNi3POYh7QaRMfUreCf7Bmv7kjV9qo=,tag:HDcMMCnyfVQRHTQJZB0R3Q==,type:str]
pgp:
- created_at: "2024-03-21T18:15:00Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAWetrf0jhs/b9qcQc4b21+PJUPdSjk372BjokfwJ2oXQw
4LaIaNB3LRmY4FF3UOqk28NwkwBw6n0AzYKC/k1G4ntaNBMI9eDtFJ1c1+KkxSl2
1GYBCQIQMCKcu2aBEMiIGOyG08vcRW2T23DUAfTQqQdRKD/SgSTqAZLSICVJ91xU
TBsdiPBKO2cRDfPc7DlVLbPNe/SUqVUX9N4GTGPUocXc1s6lvgx3NBP5cGoSNx+A
xCmXl373IDc=
=uSyc
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
@@ -1,63 +0,0 @@
{ config, materusArg, lib, pkgs, ... }:
let
cfg = config.waffentragerService.auth;
in
{
options.waffentragerService.auth.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable auth";
imports =
[
./samba.nix
];
config = lib.mkIf cfg.enable
{
waffentragerService.elements.enable = true;
waffentragerService.nginx.enable = true;
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
systemd.services.resolvconf.enable = false;
networking.hosts = {
"${materusArg.ips.wireguard.waffentrager}" = [
materusArg.waffentrager.samba.domain
"${materusArg.waffentrager.samba.netbiosName}.${materusArg.waffentrager.samba.domain}"
materusArg.waffentrager.samba.netbiosName
];
};
environment.etc = {
resolvconf = {
text = ''
search ${materusArg.waffentrager.samba.domain}
nameserver ${materusArg.waffentrager.samba.dnsIp}
nameserver 9.9.9.9
'';
};
};
systemd.timers.rsync-acme = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1min";
OnUnitActiveSec = "1h";
Unit = "rsync-acme.service";
};
};
systemd.services.rsync-acme = {
description = "Sync acme for samba";
path = [ pkgs.rsync ];
requires = [ "var-lib-mnt_acme.mount" ];
after = [ "var-lib-mnt_acme.mount" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
rsync -avzr --chmod=0600 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/key.pem ${materusArg.waffentrager.samba.servicePath}/tls/
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/chain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/fullchain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
'';
};
};
}
@@ -1,91 +0,0 @@
{ materusArg, config, lib, pkgs, ... }:
{
config =
let
cfg = config.waffentragerService.auth;
sambaCfg = config.services.samba;
servicePath = materusArg.waffentrager.samba.servicePath;
smbToString = x:
if builtins.typeOf x == "bool"
then lib.boolToString x
else builtins.toString x;
shareConfig = name:
let share = lib.getAttr name cfg.shares; in
"[${name}]\n " + (smbToString (
map
(key: "${key} = ${smbToString (lib.getAttr key share)}\n")
(lib.attrNames share)
));
in
lib.mkIf cfg.enable {
systemd.services.samba-smbd.enable = false;
systemd.services.samba = {
description = "Samba Service Daemon";
requires = [ "rsync-acme.service" ];
after = [ "rsync-acme.service" ];
requiredBy = [ "samba.target" ];
partOf = [ "samba.target" ];
serviceConfig = {
ExecStart = "${pkgs.samba4Full}/sbin/samba --foreground --no-process-group";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
LimitNOFILE = 16384;
PIDFile = "/run/samba.pid";
Type = "notify";
NotifyAccess = "all";
};
unitConfig.RequiresMountsFor = servicePath;
};
# https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
networking.firewall.allowedTCPPorts = [ 139 445 389 88 53 464 636 3268];
networking.firewall.allowedUDPPorts = [ 135 137 138 389 88 53 123 464];
systemd.tmpfiles.rules = [
"d ${servicePath}/tls/ 0600 root 3000000 -"
"d ${servicePath}/private/ 0600 root 3000000 -"
"d ${servicePath}/lock/ 0600 root 3000000 -"
"d ${servicePath}/cache/ 0600 root 3000000 -"
];
services.samba = {
enable = true;
enableNmbd = false;
enableWinbindd = false;
package = pkgs.samba4Full;
configText = ''
# Global parameters
[global]
dns forwarder = ${materusArg.waffentrager.samba.dnsIp}
netbios name = ${materusArg.waffentrager.samba.netbiosName}
realm = ${lib.toUpper materusArg.waffentrager.samba.domain}
server role = active directory domain controller
workgroup = ${materusArg.waffentrager.samba.workgroup}
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = yes
private dir = ${servicePath}/private
lock dir = ${servicePath}/lock
state directory = ${servicePath}/lock
cache directory = ${servicePath}/cache
tls enabled = yes
tls keyfile = ${servicePath}/tls/key.pem
tls certfile = ${servicePath}/tls/fullchain.pem
tls cafile = ${servicePath}/tls/chain.pem
[sysvol]
path = ${servicePath}/sysvol
read only = No
[netlogon]
path = ${servicePath}/sysvol/${materusArg.waffentrager.samba.domain}/scripts
read only = No
${sambaCfg.extraConfig}
${smbToString (map shareConfig (lib.attrNames sambaCfg.shares))}
'';
};
};
}
@@ -1,20 +0,0 @@
{ ... }:
{
imports =
[
./elements.nix
./postgresql.nix
./mount-acme.nix
./gitea.nix
./nginx.nix
./nextcloud.nix
./auth
];
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.mount-acme.enable = true;
waffentragerService.gitea.enable = true;
waffentragerService.nginx.enable = true;
waffentragerService.nextcloud.enable = true;
waffentragerService.auth.enable = true;
}
@@ -1,20 +0,0 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.mount-acme.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable mount-acme";
config =
let
cfg = config.waffentragerService.mount-acme;
in
lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ sshfs ];
systemd.mounts = [{
description = "Mount remote acme dir from valkyrie";
what = "acme@valkyrie:/var/lib/acme";
where = "/var/lib/mnt_acme";
type = "fuse.sshfs";
options = "reconnect,gid=${builtins.toString config.ids.gids.nginx},_netdev,rw,nosuid,allow_other,default_permissions,follow_symlinks,idmap=user,compression=yes,identityfile=/materus/root/ssh_host_ed25519_key";
wantedBy = [ "multi-user.target" ];
}];
};
}
-26
View File
@@ -1,26 +0,0 @@
{ config, pkgs, lib, materusCfg, ... }:
let
materusArg = {
pkgs = (import materusCfg.nixerus { inherit pkgs; }) //
(if pkgs.system == "x86_64-linux" then { i686Linux = import materusCfg.nixerus { pkgs = pkgs.pkgsi686Linux; }; } else { });
cfg = materusCfg;
};
in
{
imports = [
./nixpkgs.nix
./packages
./private
];
options.materus.materusArg = lib.mkOption { default = { }; };
config._module.args.materusArg = config.materus.materusArg // materusArg;
config.assertions = [
{
assertion = materusCfg.materusFlake.decrypted;
message = "Repository not decrypted, use crypt.sh to decrypt";
}
];
}
-91
View File
@@ -1,91 +0,0 @@
{ config, pkgs, lib, materusArg, materusCfg, ... }:
let
mkBoolOpt = default: description: lib.mkOption {
inherit default;
inherit description;
type = lib.types.bool;
example = true;
};
cfg = config.materus.profile.nixpkgs;
in
{
options.materus.profile.nixpkgs.enable = mkBoolOpt false "Enable materus nixpkgs config";
options.materus.profile.nixpkgs.enableOverlays = mkBoolOpt (cfg.enable) "Enable materus overlays";
options.materus.profile.nix.enableRegistry = mkBoolOpt (!materusCfg.isHm) "Enable materus nix registry";
config.nixpkgs.config = lib.mkIf cfg.enable {
allowUnfree = lib.mkDefault true;
joypixels.acceptLicense = lib.mkDefault true;
};
config.nixpkgs.overlays = lib.mkIf cfg.enableOverlays [ materusArg.cfg.configInputs.emacs-overlay.overlay ];
config.nix.package = lib.mkDefault pkgs.nixUnstable;
config.nix.registry = lib.mkIf config.materus.profile.nix.enableRegistry {
nixpkgs-stable = {
from = { type = "indirect"; id = "nixpkgs-stable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs-stable;
};
nixpkgs-unstable = {
from = { type = "indirect"; id = "nixpkgs-unstable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs;
};
nixpkgs = {
from = { type = "indirect"; id = "nixpkgs"; };
flake = materusCfg.configInputs.nixpkgs;
};
emacs-overlay = {
from = { type = "indirect"; id = "emacs-overlay"; };
flake = materusCfg.configInputs.emacs-overlay;
};
flake-utils = {
from = { type = "indirect"; id = "flake-utils"; };
flake = materusCfg.configInputs.flake-utils;
};
nixos-hardware = {
from = { type = "indirect"; id = "nixos-hardware"; };
flake = materusCfg.configInputs.nixos-hardware;
};
nixerus = {
from = { type = "indirect"; id = "nixerus"; };
flake = materusCfg.configInputs.nixerus;
};
devshell = {
from = { type = "indirect"; id = "devshell"; };
flake = materusCfg.configInputs.devshell;
};
home-manager = {
from = { type = "indirect"; id = "home-manager"; };
flake = materusCfg.configInputs.home-manager;
};
sops-nix = {
from = { type = "indirect"; id = "sops-nix"; };
flake = materusCfg.configInputs.sops-nix;
};
base16 = {
from = { type = "indirect"; id = "base16"; };
flake = materusCfg.configInputs.base16;
};
git-agecrypt = {
from = { type = "indirect"; id = "git-agecrypt"; };
flake = materusCfg.configInputs.git-agecrypt;
};
nur = {
from = { type = "indirect"; id = "nur"; };
flake = materusCfg.configInputs.nur;
};
};
}
@@ -1,53 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
with materusArg.pkgs.lib;
{
imports = [
./fonts.nix
];
#Single Packages
options.materus.profile.packages.home-manager = mkPrivateVar materusArg.cfg.configInputs.home-manager.packages.${pkgs.system}.home-manager;
options.materus.profile.packages.firefox = mkPrivateVar (pkgs.firefox.override {
nativeMessagingHosts = [
pkgs.plasma-browser-integration
];
});
#Package Lists
options.materus.profile.packages.list.nixRelated = mkPrivateVar (with pkgs; [
nix-prefetch
nix-prefetch-scripts
nix-prefetch-github
nix-prefetch-docker
nixfmt
nix-top
nix-tree
nix-diff
nix-ld
nil
nixpkgs-fmt
nixpkgs-review
]);
options.materus.profile.packages.list.desktopApps = mkPrivateVar (with pkgs; [
(discord.override { nss = nss_latest; withOpenASAR = true; withTTS = true; })
tdesktop
mpv
ani-cli
obsidian
nextcloud-client
spotify
thunderbird
keepassxc
(aspellWithDicts (ds: with ds; [ en en-computers en-science pl ]))
onlyoffice-bin
]);
options.materus.profile.packages.list.terminalApps = mkPrivateVar (with pkgs; [
neofetch
ripgrep
fd
]);
}
@@ -1,35 +0,0 @@
{ pkgs, lib, ... }:
let
defaultFonts = [
pkgs.dejavu_fonts
pkgs.freefont_ttf
pkgs.gyre-fonts
pkgs.liberation_ttf
pkgs.unifont
];
fonts = [
pkgs.noto-fonts
pkgs.noto-fonts-extra
pkgs.noto-fonts-emoji
pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-cjk-serif
pkgs.wqy_zenhei
pkgs.corefonts
pkgs.hack-font
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
] ++ defaultFonts;
moreFonts = [
pkgs.ubuntu_font_family
pkgs.monocraft
(pkgs.nerdfonts.override { fonts = [ "DroidSansMono" "Meslo" "ProFont" "FiraCode"]; })
];
in
{
options.materus.profile.packages.list.fonts = lib.mkOption { default = fonts; readOnly = true; visible = false; };
options.materus.profile.packages.list.moreFonts = lib.mkOption { default = moreFonts; readOnly = true; visible = false; };
}
Binary file not shown.
-16
View File
@@ -1,16 +0,0 @@
{
osProfile = {
imports = [
./os
./common
];
};
homeProfile = {
imports = [
./common
./home
];
};
}
-25
View File
@@ -1,25 +0,0 @@
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.browser;
osConfig = (if (builtins.hasAttr "osConfig" config._module.args) then config._module.args.osConfig else null);
in
{
options = let mkBoolOpt = materusArg.pkgs.lib.mkBoolOpt; in {
materus.profile.browser.firefox.enable = mkBoolOpt false "Enable Firefox with materus cfg";
materus.profile.browser.vivaldi.enable = mkBoolOpt false "Enable Vivaldi with materus cfg";
materus.profile.browser.brave.enable = mkBoolOpt false "Enable Brave with materus cfg";
};
#TODO: Make some config
config = lib.mkMerge [{
home.packages = [
(lib.mkIf cfg.firefox.enable config.materus.profile.packages.firefox)
(lib.mkIf cfg.vivaldi.enable pkgs.vivaldi)
(lib.mkIf cfg.brave.enable pkgs.brave)
] ++ [ (lib.mkIf (osConfig != null && osConfig.materus.profile.browser.enable) osConfig.materus.profile.browser.package)];
}
];
}
-71
View File
@@ -1,71 +0,0 @@
{ config, lib, pkgs, materusArg, ... }:
let
packages = cfg.packages;
cfg = config.materus.profile;
in
{
imports = [
./fonts.nix
./browser.nix
./xdg.nix
./shell
./editor
./terminal
];
options.materus.profile.enableDesktop = materusArg.pkgs.lib.mkBoolOpt false "Enable settings for desktop";
options.materus.profile.enableTerminal = materusArg.pkgs.lib.mkBoolOpt true "Enable settings for terminal";
options.materus.profile.enableTerminalExtra = materusArg.pkgs.lib.mkBoolOpt false "Enable extra settings for terminal";
options.materus.profile.enableNixDevel = materusArg.pkgs.lib.mkBoolOpt false "Enable settings for nix devel";
config =
{
home.packages = (if cfg.enableDesktop then packages.list.desktopApps else [ ]) ++
(if cfg.enableNixDevel then packages.list.nixRelated else [ ]) ++
(if cfg.enableTerminal then packages.list.terminalApps else [ ]);
#Desktop
programs.feh.enable = lib.mkDefault cfg.enableDesktop;
#Terminal
programs.git = {
enable = lib.mkDefault cfg.enableTerminal;
package = lib.mkDefault pkgs.gitFull;
delta.enable = lib.mkDefault cfg.enableTerminal;
lfs.enable = lib.mkDefault cfg.enableTerminal;
};
programs.gitui.enable = cfg.enableTerminalExtra;
programs.nix-index = {
enable = lib.mkDefault cfg.enableTerminal;
enableBashIntegration = lib.mkDefault config.programs.bash.enable;
enableFishIntegration = lib.mkDefault config.programs.fish.enable;
enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
};
programs.direnv = {
enable = lib.mkDefault (cfg.enableTerminalExtra || cfg.enableNixDevel);
nix-direnv.enable = lib.mkDefault (cfg.enableNixDevel && (config.programs.direnv.enable == true));
enableBashIntegration = lib.mkDefault config.programs.bash.enable;
#enableFishIntegration = lib.mkDefault config.programs.fish.enable;
enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
};
programs.fzf = {
enable = lib.mkDefault cfg.enableTerminalExtra;
enableBashIntegration = lib.mkDefault config.programs.bash.enable;
enableFishIntegration = lib.mkDefault config.programs.fish.enable;
enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
};
programs.eza.enable = lib.mkDefault cfg.enableTerminalExtra;
programs.yt-dlp.enable = lib.mkDefault cfg.enableTerminalExtra;
};
}
@@ -1,17 +0,0 @@
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.editor.code;
in
{
options.materus.profile.editor.code.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable VSCodium with materus cfg";
options.materus.profile.editor.code.fhs.enable = materusArg.pkgs.lib.mkBoolOpt false "Use fhs vscodium";
options.materus.profile.editor.code.fhs.packages = lib.mkOption { default = (ps: [ ]); };
config = lib.mkIf cfg.enable {
programs.vscode = {
enable = lib.mkDefault true;
package = lib.mkDefault (if (cfg.fhs.enable) then (pkgs.vscodium.fhsWithPackages cfg.fhs.packages) else pkgs.vscodium);
mutableExtensionsDir = lib.mkDefault true;
};
materus.profile.fonts.enable = lib.mkDefault true;
};
}
@@ -1,8 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
./code.nix
./neovim.nix
./emacs
];
}
@@ -1,122 +0,0 @@
{ config, lib, pkgs, materusArg, ... }:
let
configPath = "${materusArg.cfg.path}" + "/extraFiles/config/emacs/";
inits = import ./init.nix { path = configPath; inherit pkgs; };
packages = epkgs: with epkgs; [
load-relative
elcord
persp-mode
dashboard
magit
helm
avy
corfu
vterm
centaur-tabs
projectile
company
clipetty
treemacs
treemacs-nerd-icons
treemacs-perspective
treemacs-icons-dired
treemacs-magit
treemacs-projectile
tree-edit
vertico
nerd-icons
nerd-icons-completion
perspective
minions
telephone-line
rainbow-delimiters
use-package
cmake-mode
lsp-mode
lsp-java
lsp-jedi
lsp-haskell
lsp-ui
lsp-treemacs
dap-mode
d-mode
multiple-cursors
org
org-rainbow-tags
org-roam
org-roam-ui
org-review
markdown-mode
json-mode
nix-mode
minimap
moe-theme
doom-themes
];
default-config = ''
(defvar materus/nix-packages t)
(defvar materus/init-from-home nil)
(unless materus/init-from-home
(message "Config loading not from homeDir, need \"materus/init-from-home\" variable in init.el")
${setNixInit}
${inits.initText}
)
'';
emacsPkgs = with pkgs;[
python3
lua
multimarkdown
git
];
cfg = config.materus.profile.editor.emacs;
setNixInit = ''
(setenv "PATH" (concat (getenv "PATH") ":${lib.makeBinPath emacsPkgs}"))
${builtins.concatStringsSep "\n" (builtins.map (x: "(setq exec-path (append exec-path '(\""+x+"/bin\")))" ) emacsPkgs)}
(call-process-shell-command "${pkgs.xorg.xmodmap}/bin/xmodmap -e \"keycode 66 = Hyper_L\" -e \"remove Mod4 = Hyper_L\" -e \"add Mod3 = Hyper_L\" &" nil 0)
'';
in
{
options.materus.profile.editor.emacs.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable emacs with materus cfg";
config = lib.mkIf cfg.enable {
home.activation.emacsCompile = lib.hm.dag.entryAfter [ "linkGeneration" ] ''
run ${config.programs.emacs.finalPackage}/bin/emacs --batch \
--eval '(setq warning-minimum-log-level :error)' \
--eval '(byte-compile-file "${config.xdg.configHome}/emacs/early-init.el")' \
--eval '(byte-compile-file "${config.xdg.configHome}/emacs/init.el")'
'';
xdg.configFile."emacs/init.el".text = ''
(defvar materus/nix-packages nil)
(defvar materus/init-from-home t)
(setq-default materus/init-from-home t)
${setNixInit}
${inits.initText}
'';
xdg.configFile."emacs/early-init.el".text = ''
${inits.earlyInitText}
'';
programs.emacs = {
enable = true;
package = with pkgs; lib.mkDefault materusArg.pkgs.emacs-materus;
extraPackages = epkgs: ((packages epkgs));
extraConfig = default-config;
};
};
}
@@ -1,17 +0,0 @@
{ path, pkgs }:
{
earlyInitText = ''
${builtins.readFile (path + "early-init.el")}
'';
initText = ''
(defvar materus/init-from-home nil)
(when materus/init-from-home
(setq-default inhibit-defaul-init 1)
)
(setq-default materus/nix-packages (require 'doom-themes nil 'noerror))
${builtins.readFile (path + "packages.el")}
${builtins.readFile (path + "init.el")}
'';
}
@@ -1,35 +0,0 @@
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.editor.neovim;
in
{
options.materus.profile.editor.neovim.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable neovim with materus cfg";
config = lib.mkIf cfg.enable {
programs.neovim = {
enable = true;
coc.enable = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
extraConfig = ''
set number
'';
plugins = with pkgs.vimPlugins;[
syntastic
vim-fugitive
vim-airline
vim-nix
nvim-fzf
nvim-treesitter.withAllGrammars
];
};
};
}
-13
View File
@@ -1,13 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
packages = config.materus.profile.packages;
cfg = config.materus.profile.fonts;
in
{
options.materus.profile.fonts.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable materus font settings";
config = lib.mkIf cfg.enable {
fonts.fontconfig.enable = lib.mkDefault true;
home.packages = packages.list.fonts;
};
}
@@ -1,20 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.bash;
in
{
options.materus.profile.bash.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminal "Enable materus bash config";
config = lib.mkIf cfg.enable {
programs.bash = {
enable = true;
enableCompletion = lib.mkDefault true;
enableVteIntegration = lib.mkDefault true;
historyControl = lib.mkDefault [ "erasedups" "ignorespace" ];
shellOptions = lib.mkDefault [ "autocd" "checkwinsize" "cmdhist" "expand_aliases" "extglob" "globstar" "checkjobs" "nocaseglob" ];
};
};
}
@@ -1,9 +0,0 @@
{
imports = [
./zsh.nix
./bash.nix
./fish.nix
./starship.nix
];
}
@@ -1,12 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.fish;
in
{
options.materus.profile.fish.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable materus fish config";
config = lib.mkIf cfg.enable {
programs.fish = {
enable = true;
};
};
}
@@ -1,48 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
profile = config.materus.profile;
cfg = config.materus.profile.starship;
in
{
options.materus.profile.starship.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus starship config";
config = lib.mkIf cfg.enable {
programs.starship.enable = true;
programs.starship.settings = {
python = {
symbol = " ";
};
format = "$username@$hostname$all";
right_format = "$cmd_duration $time";
time = {
disabled = false;
style = "bold bright-black";
format = "[$time]($style)";
};
line_break = { disabled = true; };
shell = {
disabled = false;
fish_indicator = "fish";
bash_indicator = "bash";
zsh_indicator = "zsh";
style = "blue bold";
};
hostname = {
ssh_only = false;
};
username = {
disabled = false;
show_always = true;
format = "[$user]($style)";
style_user = "white bold";
style_root = "black bold";
};
};
};
}
-189
View File
@@ -1,189 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
relToDotDir = file: (lib.optionalString (config.programs.zsh.dotDir != null) (config.programs.zsh.dotDir + "/")) + file;
pluginsDir =
if config.programs.zsh.dotDir != null then
relToDotDir "plugins" else "${config.home.homeDirectory}/.zsh/plugins";
p10kcfg = "${zshcfg}/p10kcfg";
zshcfg = "${materusArg.cfg.path}" + "/extraFiles/config/zsh";
cfg = config.materus.profile.zsh;
makeEnv = name: val: ''${name}=''${${name}:-"${val}"}'';
makeIfVar = var: val: ret: ''
if [[ "''$${var}" = "${val}" ]]; then
${ret}
fi
'';
makePlugin = nameArg: fileArg: srcArg: rec {
name = nameArg;
src = srcArg;
path = pluginsDir + "/" + name;
file = fileArg;
fullPath = path + "/" + file;
};
extraPlugins = {
powerlevel10k = makePlugin "powerlevel10k" "powerlevel10k.zsh-theme" (pkgs.fetchFromGitHub {
owner = "romkatv";
repo = "powerlevel10k";
rev = "v1.20.0";
sha256 = "sha256-ES5vJXHjAKw/VHjWs8Au/3R+/aotSbY7PWnWAMzCR8E=";
});
sudo = makePlugin "sudo" "sudo.plugin.zsh" "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/sudo";
extract = makePlugin "extract" "extract.plugin.zsh" "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/extract";
};
in
{
options.materus.profile.zsh.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable materus zsh config";
options.materus.profile.zsh.prompt = lib.mkOption {
type = lib.types.enum [ "p10k" ];
example = "p10k";
default = "p10k";
};
options.materus.profile.zsh.endConfig = lib.mkOption {
default = "";
description = "Zsh config after all of config";
type = lib.types.lines;
};
config = lib.mkIf cfg.enable {
home.packages = [
pkgs.ripgrep
];
home.file = lib.mkMerge [
(builtins.foldl' (a: b: a // b) { } (builtins.map (plugin: { ${plugin.path}.source = plugin.src; }) (builtins.attrValues extraPlugins)))
{ "${relToDotDir ".zshrc"}".text = lib.mkAfter cfg.endConfig; }
];
programs.zsh = {
enable = true;
enableAutosuggestions = true;
enableSyntaxHighlighting = true;
enableVteIntegration = true;
historySubstringSearch.enable = true;
historySubstringSearch.searchUpKey = "$key[Up]";
historySubstringSearch.searchDownKey = "$key[Down]";
envExtra = ''
${makeEnv "__MATERUS_HM_ZSH" "1"}
${makeEnv "__MATERUS_HM_ZSH_PROMPT" cfg.prompt}
${makeEnv "__MATERUS_HM_ZSH_PRIVATE" "0"}
'';
initExtraFirst = ''
${makeIfVar "__MATERUS_HM_ZSH_PROMPT" "p10k" ''
if [[ -r "''${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''${(%):-%n}.zsh" ]]; then
source "''${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''${(%):-%n}.zsh"
fi
if [[ -f "${extraPlugins.powerlevel10k.fullPath}" ]]; then
source "${extraPlugins.powerlevel10k.fullPath}"
fi
''
}
if zmodload zsh/terminfo && (( "$terminfo[colors]" >= "256" )); then
__MATERUS_HM_ZSH_256COLORS="''${__MATERUS_HM_ZSH_256COLORS:-1}"; else
__MATERUS_HM_ZSH_256COLORS="''${__MATERUS_HM_ZSH_256COLORS:-0}";
fi
if [[ -f "${extraPlugins.sudo.fullPath}" ]]; then
source "${extraPlugins.sudo.fullPath}"
fi
if [[ -f "${extraPlugins.extract.fullPath}" ]]; then
source "${extraPlugins.extract.fullPath}"
path+="${extraPlugins.extract.path}"
fpath+="${extraPlugins.extract.path}"
fi
'';
plugins = [
];
history = {
extended = true;
save = 100000;
size = 100000;
share = true;
ignoreDups = true;
ignoreAllDups = true;
ignoreSpace = true;
};
completionInit = ''
ZSH_COMPDUMP="''${ZSH_COMPDUMP:-''${XDG_CACHE_HOME:-${config.home.homeDirectory}/.cache}/.zcompdump-''${HOST}-''${ZSH_VERSION}}"
autoload -U compinit && compinit -d $ZSH_COMPDUMP
'';
initExtra = ''
if [[ "$__ETC_ZSHRC_SOURCED" != "1" ]]; then
. ${zshcfg}/zinputrc
fi
source ${zshcfg}/zshcompletion.zsh
history-substring-search-up-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-up
}
history-substring-search-down-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-down
}
zle -N history-substring-search-up-prefixed
zle -N history-substring-search-down-prefixed
bindkey -r "^["
bindkey "^[[1;5C" forward-word
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5A" history-substring-search-up-prefixed
bindkey "^[[1;5B" history-substring-search-down-prefixed
zsh-private() {
__MATERUS_HM_ZSH_PRIVATE=1 ${lib.getExe config.programs.zsh.package}
}
myip() {
${lib.getExe pkgs.wget} -qO- https://wtfismyip.com/text
}
speedtest() {
${lib.getExe pkgs.curl} -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | ${lib.getExe pkgs.python3}
}
'' +
makeIfVar "__MATERUS_HM_ZSH_PROMPT" "p10k" ''
if [[ "$__MATERUS_HM_ZSH_256COLORS" = "1" ]] ; then
[[ ! -f ${p10kcfg}/fullcolor.zsh ]] || source ${p10kcfg}/fullcolor.zsh
else
[[ ! -f ${p10kcfg}/compatibility.zsh ]] || source ${p10kcfg}/compatibility.zsh
fi
'' + makeIfVar "__MATERUS_HM_ZSH_PRIVATE" "1" ''
unset HISTFILE
${lib.optionalString config.programs.zsh.history.share "unsetopt SHARE_HISTORY"}
alias -- 'zsh'="__MATERUS_HM_ZSH_PRIVATE=0 zsh "
''
;
};
programs.starship.enableZshIntegration = lib.mkDefault false;
};
}
@@ -1,9 +0,0 @@
{...}:
{
imports = [
./wezterm.nix
./tmux.nix
];
}
@@ -1,20 +0,0 @@
{ materusArg, config, lib, ... }:
let
cfg = config.materus.profile.tmux;
in
{
options.materus.profile.tmux.enable = materusArg.pkgs.lib.mkBoolOpt true "Enable materus tmux config";
config = lib.mkIf cfg.enable
{
programs.tmux = {
enable = true;
clock24 = lib.mkDefault true;
aggressiveResize = lib.mkDefault true;
escapeTime = lib.mkDefault 0;
historyLimit = lib.mkDefault 10000;
mouse = lib.mkDefault true;
terminal = lib.mkDefault "tmux-256color";
};
};
}
@@ -1,45 +0,0 @@
{ config, lib, materusArg, pkgs, ... }:
let
cfg = config.materus.profile.wezterm;
zshCfg = ''
source "${config.programs.wezterm.package}/etc/profile.d/wezterm.sh"
'';
in
{
options.materus.profile.wezterm.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable materus wezterm config";
options.materus.profile.wezterm.enableHackFont = materusArg.pkgs.lib.mkBoolOpt true "Enable hack nerd font for wezterm";
options.materus.profile.wezterm.enableWezcraft = materusArg.pkgs.lib.mkBoolOpt true "Enable alias to start wezcraft with monocraft font";
options.materus.profile.wezterm.extraConfig = lib.mkOption {
default = "";
description = "Config for wezterm";
type = lib.types.lines;
};
config = lib.mkIf cfg.enable
{
programs.wezterm.enable = true;
programs.wezterm.colorSchemes = { };
programs.wezterm.enableZshIntegration = false;
programs.wezterm.extraConfig = ''
package.path = package.path .. ";${materusArg.cfg.path}/extraFiles/config/wezterm/?.lua"
require("wezterm_config");
local config = materus_wezterm_config();
${lib.optionalString cfg.enableHackFont "config.font = wezterm.font 'Hack Nerd Font';"}
${cfg.extraConfig}
return config;
'';
home.packages = [
(lib.mkIf cfg.enableHackFont (pkgs.nerdfonts.override {
fonts = [ "Hack" ];
}))
(lib.mkIf cfg.enableWezcraft (pkgs.monocraft))
(lib.mkIf cfg.enableWezcraft (pkgs.writeShellScriptBin "wezcraft" ''
${lib.getExe config.programs.wezterm.package} --config font="wezterm.font 'Monocraft Nerd Font'" $@
''))
];
materus.profile.zsh.endConfig = lib.optionalString cfg.enableWezcraft zshCfg;
};
}
-40
View File
@@ -1,40 +0,0 @@
{ config, lib, materusArg, pkgs, ... }:
{
options.materus.profile.xdg =
{
enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable xdg settings";
};
config =
let
cfg = config.materus.profile.xdg;
in
lib.mkIf cfg.enable {
xdg.enable = true;
xdg.userDirs.enable = lib.mkDefault true;
xdg.userDirs.createDirectories = lib.mkDefault config.xdg.userDirs.enable;
xdg.userDirs.desktop = lib.mkDefault "${config.home.homeDirectory}/Pulpit";
xdg.userDirs.documents = lib.mkDefault "${config.home.homeDirectory}/Dokumenty";
xdg.userDirs.download = lib.mkDefault "${config.home.homeDirectory}/Pobrane";
xdg.userDirs.music = lib.mkDefault "${config.xdg.userDirs.extraConfig.XDG_AUDIO_DIR}/Muzyka";
xdg.userDirs.pictures = lib.mkDefault "${config.home.homeDirectory}/Obrazy";
xdg.userDirs.publicShare = lib.mkDefault "${config.home.homeDirectory}/Publiczny";
xdg.userDirs.templates = lib.mkDefault "${config.home.homeDirectory}/Szablony";
xdg.userDirs.videos = lib.mkDefault "${config.home.homeDirectory}/Wideo";
xdg.userDirs.extraConfig = {
XDG_MISC_DIR = lib.mkDefault "${config.home.homeDirectory}/Inne";
XDG_PIC_SCREENSHOTS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zrzuty ekranu";
XDG_PIC_MEMES_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Memy";
XDG_PIC_MISC_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Inne";
XDG_PIC_PHOTOS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zdjęcia";
XDG_PIC_AVATARS_DIR = "${config.xdg.userDirs.pictures}/Avatar";
XDG_AUDIO_DIR = lib.mkDefault "${config.home.homeDirectory}/Audio";
XDG_KEYS_DIR = lib.mkDefault "${config.xdg.userDirs.documents}/Klucze";
};
};
}
-29
View File
@@ -1,29 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
./nix.nix
./fonts.nix
./shell
./games
./desktop
];
time.timeZone = lib.mkDefault "Europe/Warsaw";
i18n.defaultLocale = lib.mkDefault "pl_PL.UTF-8";
console = {
enable = lib.mkDefault true;
earlySetup = lib.mkDefault true;
font = lib.mkDefault "LatArCyrHeb-16";
keyMap = lib.mkDefault "pl";
};
programs.tmux = {
enable = lib.mkDefault true;
clock24 = lib.mkDefault true;
};
environment.systemPackages = lib.mkIf config.programs.tmux.enable [ pkgs.tmux.terminfo ];
}
@@ -1,24 +0,0 @@
{ materusArg, config, pkgs, lib, ... }:
let
cfg = config.materus.profile.browser;
in
{
options.materus.profile.browser.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus default browser config";
options.materus.profile.browser.default = lib.mkOption {
type = lib.types.enum [ "firefox" "brave" "vivaldi" ];
example = "vivaldi";
default = "brave";
};
options.materus.profile.browser.package = materusArg.pkgs.lib.mkPrivateVar
(if (cfg.default == "firefox") then config.materus.profile.packages.firefox else
if (cfg.default == "vivaldi") then pkgs.vivaldi else
if (cfg.default == "brave") then pkgs.brave else { });
config = lib.mkIf cfg.enable {
environment.systemPackages = [
config.materus.profile.browser.package
];
};
}
@@ -1,6 +0,0 @@
{
imports = [
./browser.nix
];
}
-24
View File
@@ -1,24 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
packages = config.materus.profile.packages;
cfg = config.materus.profile.fonts;
in
{
options.materus.profile.fonts.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus font settings for OS";
config = lib.mkIf cfg.enable {
fonts.packages = packages.list.fonts ++ packages.list.moreFonts;
fonts.enableDefaultPackages = lib.mkDefault true;
fonts.fontconfig.enable = lib.mkDefault true;
fonts.fontconfig.cache32Bit = lib.mkDefault true;
fonts.fontconfig.defaultFonts.sansSerif = [ "Noto Sans" "DejaVu Sans" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.serif = [ "Noto Serif" "DejaVu Serif" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.emoji = [ "Noto Color Emoji" "OpenMoji Color" ];
fonts.fontconfig.defaultFonts.monospace = [ "Hack Nerd Font" "Noto Sans Mono" "WenQuanYi Zen Hei Mono" ];
fonts.fontDir.enable = lib.mkDefault true;
};
}
@@ -1,6 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./steam.nix
];
}
-115
View File
@@ -1,115 +0,0 @@
{ config, pkgs, lib, materusArg, inputs, ... }:
let
steamPkg = pkgs.steam.override {
extraPkgs = pkgs: [
pkgs.libdecor
pkgs.obs-studio-plugins.obs-vkcapture
pkgs.steamcmd
pkgs.nss_latest
pkgs.libstrangle
pkgs.libkrb5
pkgs.keyutils
pkgs.libGL
pkgs.libglvnd
pkgs.gamescope
pkgs.steamPackages.steam
pkgs.libxcrypt
pkgs.gnutls
pkgs.xorg.libXcursor
pkgs.xorg.libXi
pkgs.xorg.libXinerama
pkgs.xorg.libXScrnSaver
pkgs.xorg.xinput
pkgs.xorg.xcbutilwm
pkgs.xorg.xcbutilimage
pkgs.xorg.xcbutilkeysyms
pkgs.xorg.xcbutilerrors
pkgs.xorg.xcbutilrenderutil
pkgs.xorg.xcbutil
pkgs.xorg.xwininfo
pkgs.yad
pkgs.xdotool
pkgs.libinput
pkgs.openvdb
pkgs.openssl
pkgs.tbb
pkgs.gtk4
pkgs.gtk3
pkgs.glib
pkgs.gsettings-desktop-schemas
pkgs.fuse
pkgs.samba4Full
pkgs.tdb
pkgs.jbig2enc
pkgs.jbig2dec
pkgs.vivaldi
pkgs.x264.lib
pkgs.steamtinkerlaunch
pkgs.pipewire
pkgs.gitFull
pkgs.git-lfs
] ++ config.materus.profile.packages.list.fonts ++ config.materus.profile.steam.extraPkgs;
extraLibraries = pkgs: [
pkgs.libkrb5
pkgs.keyutils
pkgs.ncurses6
pkgs.xorg.xinput
pkgs.libinput
pkgs.fontconfig
pkgs.libxcrypt
pkgs.gnutls
pkgs.samba
pkgs.tdb
pkgs.jemalloc
pkgs.gperftools
] ++
(with config.hardware.opengl; if pkgs.hostPlatform.is64bit
then [ package ] ++ extraPackages
else [ package32 ] ++ extraPackages32);
extraEnv = config.materus.profile.steam.extraEnv;
};
cfg = config.materus.profile.steam;
in
{
options.materus.profile.steam.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus steam settings for OS";
options.materus.profile.steam.package = lib.mkOption {
type = lib.types.package;
default = steamPkg;
description = "Package used by steam";
};
options.materus.profile.steam.extraPkgs = lib.mkOption {
default = [ ];
description = "Extra packages for steam";
};
options.materus.profile.steam.extraEnv = lib.mkOption {
default = { };
description = "Extra Env for steam";
};
config = lib.mkIf cfg.enable {
hardware.steam-hardware.enable = lib.mkDefault true;
materus.profile.steam.extraEnv = {
XDG_DATA_DIRS = "/usr/share:\${XDG_DATA_DIRS}";
OBS_VKCAPTURE = "1";
};
programs.steam = {
enable = lib.mkDefault true;
dedicatedServer.openFirewall = lib.mkDefault true;
remotePlay.openFirewall = lib.mkDefault true;
};
environment.sessionVariables = rec {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = lib.mkDefault "\${HOME}/.steam/root/compatibilitytools.d";
};
environment.systemPackages = [
steamPkg
steamPkg.run
];
};
}
-22
View File
@@ -1,22 +0,0 @@
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.nix;
in
{
options.materus.profile.nix.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus nix settings";
config.nix = lib.mkIf cfg.enable {
settings = {
experimental-features = [ "nix-command" "flakes" "repl-flake" "no-url-literals" ];
auto-optimise-store = true;
trusted-users = [ "root" "@wheel" ];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE=" ];
};
};
}
@@ -1,7 +0,0 @@
{
imports = [
./zsh.nix
];
}
-22
View File
@@ -1,22 +0,0 @@
{materusArg, config, pkgs, lib, ...}:
let
cfg = config.materus.profile.zsh;
in
{
options.materus.profile.zsh.enable = materusArg.pkgs.lib.mkBoolOpt true "Enable materus system zsh config";
config = lib.mkIf cfg.enable {
users.defaultUserShell = pkgs.zsh;
environment.shells = [ pkgs.zsh ];
programs.zsh = {
enable = true;
enableGlobalCompInit=false;
interactiveShellInit = ''
if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then
source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
fi
'';
promptInit = ''
'';
};
};
}
-5
View File
@@ -1,5 +0,0 @@
{ inputs, materusFlake, ... }:
let
genHomes = import ./genHomes.nix { inherit inputs; inherit materusFlake; };
in
genHomes "materus"
-56
View File
@@ -1,56 +0,0 @@
{ inputs, materusFlake, ... }:
let
profiles = import (materusFlake.selfPath + "/configurations/profile");
hosts = builtins.attrNames materusFlake.nixosConfigurations;
genHomes = username:
let
#Make host specific user profile "username@host"
_list = builtins.map (host: username + "@" + host) hosts;
_for = i: (
let len = builtins.length hosts; in
([{
name = builtins.elemAt _list i;
value = let host = builtins.elemAt hosts i; in
materusFlake.nixosConfigurations.${host}.materusCfg.hm.lib.homeManagerConfiguration {
pkgs = materusFlake.nixosConfigurations.${host}.pkgs;
extraSpecialArgs = { materusCfg = materusFlake.nixosConfigurations.${host}.materusCfg // { isHm = true; }; };
modules = [
(materusFlake.selfPath + "/configurations/shared/home/${username}")
(materusFlake.selfPath + "/configurations/host/${host}/home/${username}")
profiles.homeProfile
materusFlake.nixosConfigurations.${host}.materusCfg.configInputs.sops-nix.homeManagerModules.sops
];
};
}]
++ (if ((i + 1) < len) then _for (i + 1) else [ ]))
);
in
(builtins.listToAttrs (_for 0)) // {
#Make generic x86_64-linux user profile "username"
${username} =
let
materusCfg = {
stable = false;
inherit materusFlake;
host = "Generic";
hm = inputs.configInputs.home-manager;
hmAsModule = false;
nixerus = inputs.configInputs.nixerus;
configInputs = inputs.configInputs;
path = materusFlake.selfPath;
isHm = true;
};
in
inputs.configInputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs { system = "x86_64-linux"; config = { allowUnfree = true; }; };
extraSpecialArgs = { inherit materusCfg; };
modules = [
./${username}
profiles.homeProfile
materusCfg.configInputs.sops-nix.homeManagerModules.sops
];
};
};
in
genHomes
@@ -1,15 +0,0 @@
{ config, pkgs, lib, ... }:
{
home.username = "materus";
home.packages = [ ];
programs.git.signing.key = lib.mkDefault "28D140BCA60B4FD1";
programs.git.userEmail = lib.mkDefault "materus@podkos.pl";
programs.git.userName = lib.mkDefault "materus";
home.stateVersion = lib.mkDefault "23.05";
home.homeDirectory = lib.mkDefault "/home/materus";
programs.home-manager.enable = lib.mkDefault true;
}
-63
View File
@@ -1,63 +0,0 @@
#!/usr/bin/env bash
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
cd $SCRIPT_DIR
if [ $# = 0 ] || ( [ $# = 1 ] && [ $1 = "help" ] ); then
echo "Use \"unlock\" to unlock with pgp"
echo "Use \"unlock\" /path/to/key to unlock with symmetric key"
echo "Use \"lock\": to lock repository"
exit
fi
check_git () {
if [ "$(git status --porcelain)" ]; then
echo "Working directory not clean."
echo "Please commit your changes or 'git stash' them before running this script"
exit 1
fi
}
create_decrypt () {
touch decrypted
git add --intent-to-add decrypted
git update-index --assume-unchanged decrypted
}
delete_decrypt () {
rm decrypted
git rm decrypted
}
if [ $# = 1 ]; then
if [ $1 = "unlock" ]; then
check_git
git-crypt unlock
create_decrypt
exit
fi
if [ $1 = "lock" ]; then
check_git
delete_decrypt
git-crypt lock
exit
fi
if [ $1 = "create_decrypt" ]; then
create_decrypt
exit
fi
if [ $1 = "delete_decrypt" ]; then
delete_decrypt
exit
fi
fi
if [ $# = 2 ] && [ $1 = "unlock" ]; then
git-crypt unlock $2
create_decrypt
exit
fi
View File
+22
View File
@@ -0,0 +1,22 @@
let
flake-compatish = import (
builtins.fetchTree {
type = "github";
owner = "lillecarl";
repo = "flake-compatish";
ref = "main";
}
);
flake = flake-compatish {
source = ./.;
overrides = {
self = ./.;
materus-inputs = ./nix-config/subflake;
materus-inputs-unstable = ./nix-config/subflake;
};
};
in
flake.impure
# sudo -i nixos-rebuild switch --file . --attr nixosConfigurations.${HOSTNAME}
+18
View File
@@ -0,0 +1,18 @@
diff --git a/bubblewrap.c b/bubblewrap.c
index f606257..4ccb199 100644
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -876,13 +876,6 @@ acquire_privs (void)
/* Keep only the required capabilities for setup */
set_required_caps ();
}
- else if (real_uid != 0 && has_caps ())
- {
- /* We have some capabilities in the non-setuid case, which should not happen.
- Probably caused by the binary being setcap instead of setuid which we
- don't support anymore */
- die ("Unexpected capabilities but not setuid, old file caps config?");
- }
else if (real_uid == 0)
{
/* If our uid is 0, default to inheriting all caps; the caller

Some files were not shown because too many files have changed in this diff Show More