215 Commits

Author SHA1 Message Date
materus 400dadba7f materusPC: more vm tuning 2024-04-22 15:33:31 +02:00
materus c6cdd9d8af materusPC: Window VM changes 2024-04-22 11:33:57 +02:00
materus fd3599f7f3 materusPC & Old-materusPC: set "/materus" as needed for boot to fix sops 2024-04-19 19:54:06 +02:00
materus d90b32d282 home-profile: add desktop packages 2024-04-19 18:30:42 +02:00
materus d6a451b6c5 materusPC: add wireguard config to networkmanager 2024-04-19 18:28:40 +02:00
materus f19a1bd613 materusPC: import apps.nix 2024-04-19 18:28:22 +02:00
materus be955fe3ca materusPC: fix kde after flake update 2024-04-19 18:27:59 +02:00
materus 7fabda1305 os-config: change steam tbb pkg 2024-04-19 18:27:36 +02:00
materus 15d193b2eb flake: update lock 2024-04-19 18:27:17 +02:00
materus 3fd49d452b materusPC: add apps.nix 2024-04-19 18:27:05 +02:00
materus 2959e10532 waffentrager: remove cert 2024-04-19 17:21:22 +02:00
materus 5d9c165df4 waffentrager: samba change dirs 2024-04-12 11:49:25 +02:00
materus afac05dad3 waffentrager: samba changes 2024-04-12 09:56:47 +02:00
materus d4125a7370 waffentrager: prepare samba DC 2024-04-12 01:38:50 +02:00
materus 98c975c430 os-config: wireguard settings 2024-04-11 22:12:03 +02:00
materus 6050896298 materusPC: change x11 options 2024-04-11 18:44:03 +02:00
materus 80e17cc9f4 waffentrager: add restart to nginx 2024-04-11 18:43:38 +02:00
materus b2d466a450 valkyrie: add links 2024-04-11 18:42:30 +02:00
materus a49963bb5c materusPC: disable emacs 2024-04-09 11:12:09 +02:00
materus c022070323 materusPC: change boot settings 2024-04-06 18:51:08 +02:00
materus 353bc71e19 os-config: remove setfont from zsh 2024-04-06 18:50:52 +02:00
materus b014b62c60 os-config: make default console config 2024-04-06 18:28:17 +02:00
materus 778fcb1b9d os-config: add zsh to "environment.shells" 2024-04-06 15:20:44 +02:00
materus 4cd531103a os-config: set zsh as default shell for users 2024-04-06 15:10:57 +02:00
materus f374e1a698 materusPC: console change font to full path 2024-04-06 14:23:59 +02:00
materus a0a81309cb materusPC: change console settings 2024-04-06 14:10:24 +02:00
materus 5fc7a32788 valkyrie: reorder links 2024-04-06 09:24:02 +02:00
materus 214c293128 valkyrie: slice archive timer to 3 units 2024-04-06 09:21:05 +02:00
materus cb5feba4a0 valkyrie: change links order 2024-04-06 03:17:29 +02:00
materus 7a2306bbd8 valkyrie: fix name 2024-04-06 03:14:41 +02:00
materus b28248d90f valkyrie: add links for webarchive 2024-04-06 02:39:27 +02:00
materus b28f17bc1c valkyrie: add links for webarchive 2024-04-06 02:17:06 +02:00
materus 563278d09a valkyrie: add links for webarchive 2024-04-06 01:43:21 +02:00
materus ebd32b675e valkyrie: add links for webarchive 2024-04-06 01:42:56 +02:00
materus 5da0de61a1 valkyrie: add web archive and steamladder curl request timer 2024-04-06 01:32:24 +02:00
materus f4107f214a home-profile: init tmux config 2024-04-05 23:02:26 +02:00
materus 575c698aa1 hosts: use zsh for materus user 2024-04-05 22:41:31 +02:00
materus 860c28efad waffentrager: fix auth 2024-04-05 22:41:05 +02:00
materus b4e3c7cea3 home-profile: change emacs package and font. materusPC: enable emacs 2024-04-05 21:57:37 +02:00
materus 38eafec797 valkyrie: increase dc bot playlist limit 2024-04-05 21:57:02 +02:00
materus 6870263c6a flake: update lock 2024-04-05 21:56:31 +02:00
materus 2cfdcf34bb valkyrie: change muse bot to evobot 2024-04-03 18:02:23 +02:00
materus b6ce980d0d valkyrie: change muse bot to evobot 2024-04-03 17:54:07 +02:00
materus 91c694193c valkyrie: add 404 error page 2024-04-03 14:28:48 +02:00
materus 75906dd151 flake: update lock 2024-04-03 11:08:59 +02:00
materus aff6076875 os-config: use brave as default browser 2024-04-03 11:08:02 +02:00
materus 6b5b53956b waffentrager: make auth emtpy 2024-04-03 10:52:20 +02:00
materus 12cba54eee materusPC: remove some comments 2024-04-03 10:45:17 +02:00
materus fe49e00096 materusPC: change materus shell to zsh, group formatting 2024-04-02 19:45:43 +02:00
materus b485f8a228 waffentrager: prepare auth service 2024-04-02 19:43:49 +02:00
materus 47c8d1c4ea home-profile & os-profile: zsh compinit changes 2024-04-01 22:52:49 +02:00
materus 0c31caf113 home-profile: updates 2024-04-01 22:14:27 +02:00
materus e4a320cbc8 home-profile: updates 2024-04-01 22:10:17 +02:00
materus fd039ff7cd home-profile: zsh remove starship option 2024-04-01 22:06:42 +02:00
materus e69a55340e home-profile: zsh and wezterm change 2024-04-01 21:57:25 +02:00
materus a19b5b9a3f home-profile: zsh ignore all hist dups 2024-04-01 21:15:32 +02:00
materus f0ae63d1b6 home-profile: change zsh keybind 2024-04-01 21:10:56 +02:00
materus 48e82bb70f os-profile: use hack instead firacode 2024-04-01 19:13:49 +02:00
materus 61ca7ef3bb home-profile: fix zsh propt if no env var 2024-03-31 23:52:36 +02:00
materus 62c24e24b8 home-profile: fix completion for zsh extract 2024-03-31 23:44:10 +02:00
materus 2a65700253 home-profile: changes to wezterm 2024-03-31 23:15:38 +02:00
materus eceae11a41 home-profile: changes to zsh and wezterm 2024-03-31 23:07:50 +02:00
materus b925022a9e home-profile: fix zsh config, fix type of wezterm option 2024-03-31 22:49:39 +02:00
materus ee7bcb1c0d home-profile: add extract plugin to zsh 2024-03-31 22:42:18 +02:00
materus a1eccd4d77 home-profile: move wezterm config to own file 2024-03-31 22:28:57 +02:00
materus 369ed384a4 home-profile: add "run" to emacs command 2024-03-31 22:09:15 +02:00
materus 8b1d9ff963 home-profile: init wezterm 2024-03-31 21:11:40 +02:00
materus e046b8878e home-profile: prepare for wezterm 2024-03-31 20:01:34 +02:00
materus 305c891d7d home-profile: zsh move colors check from zshenv 2024-03-31 19:03:36 +02:00
materus 6da0978779 home-profile: zsh add speedtest, use lib.getExe 2024-03-31 00:35:26 +01:00
materus e442af49ba home-profile: zsh add sudo plugin 2024-03-31 00:28:17 +01:00
materus cb65f9b455 Old-materusPC,materusPC: kde set XCURSOR_THEME 2024-03-30 23:21:37 +01:00
materus b299e40e3a home-profile: zsh change private mode 2024-03-30 21:23:50 +01:00
materus 8691fcd211 home-profile: zsh change colors detect 2024-03-30 21:10:34 +01:00
materus b91142f643 home-profile: zsh style changes 2 2024-03-30 20:58:11 +01:00
materus 8870c0e7e7 home-profile: zsh style changes 2024-03-30 20:44:41 +01:00
materus 9a18e2a37e Old-materusPC: ssh changes 2024-03-30 19:55:07 +01:00
materus 5f363c0709 Old-materusPC: add import of secrets 2024-03-30 19:52:14 +01:00
materus 9c09161f7b Old-materusPC: add import of secrets 2024-03-30 19:27:11 +01:00
materus 22bc3e753a Old-materusPC: init secrets 2024-03-30 19:22:46 +01:00
materus 6b9b5c42eb Old-materusPC: changes after reinstall 2024-03-30 18:58:33 +01:00
materus c8d584f8a4 configuration: prepare for browser changes 2024-03-30 15:41:52 +01:00
materus 1ccceb3415 configuration: clean, fix genHomes 2024-03-30 15:34:52 +01:00
materus 8f8ca90bba configuration: changes to browsers 2024-03-30 15:26:48 +01:00
materus 01c2d9809a home-profile: zsh change substring search 2024-03-30 00:32:38 +01:00
materus 9d791cf738 home-profile: zsh updates 2024-03-30 00:01:34 +01:00
materus 96c76e1578 Old-materusPC: update 2024-03-29 23:25:54 +01:00
materus 170cc0fc10 materusPC: xdg changes 2024-03-29 15:01:25 +01:00
materus 20683564ce materusPC: use wayland sddm 2024-03-29 14:51:39 +01:00
materus 8fda1956a1 home-config: add xdg.userDirs options 2024-03-28 22:49:38 +01:00
materus b20da0c854 waffentrager: postgres auth 2024-03-28 19:41:57 +01:00
materus 2deb047c86 materusPC: add hosts 2024-03-28 17:18:59 +01:00
materus 53566aa9e4 waffentrager: nextcloud php settings 2024-03-28 17:13:49 +01:00
materus 2c3ac41ee3 flake: update lock 2024-03-28 17:13:31 +01:00
materus 8ce0c144e5 configuration: changes 2024-03-27 11:23:52 +01:00
materus d1b0530596 waffentrager: nextcloud - edit preview formats 2024-03-26 20:14:37 +01:00
materus b08931075a materusPC: add webp support 2024-03-26 20:01:48 +01:00
materus 9dc390d1a4 waffentrager: nextcloud - add preview config 2024-03-26 15:29:45 +01:00
materus c2cac01772 waffentrager: nextcloud - enable profiles 2024-03-26 13:34:43 +01:00
materus 9329921cfb waffentrager: nextcloud - add config 2024-03-26 13:30:07 +01:00
materus 4d4157e63a waffentrager: nextcloud - add php extensions 2024-03-26 10:53:37 +01:00
materus f4e0d49672 waffentrager: postgresql - enable jit 2024-03-26 10:21:50 +01:00
materus f141ffaf89 waffentrager: nextcloud php settings 2024-03-26 10:21:34 +01:00
materus 382504ee53 waffentrager: add archivizers 2024-03-26 09:22:50 +01:00
materus 9242bc2a04 valkyrie: redirect change 2024-03-26 01:42:38 +01:00
materus e60d1a81f9 waffentrager: add nextcloud deps 2024-03-26 00:52:23 +01:00
materus 45d7f70792 waffentrager: allow iframe of gitea from nextcloud 2024-03-25 21:56:28 +01:00
materus f242dd700d waffentrager: add samba for nextcloud 2024-03-25 21:56:01 +01:00
materus f8b7da96a7 valkyrie: reverse proxy for nextcloud 2024-03-25 21:55:35 +01:00
materus f9d19b1d66 waffentrager: update gitea option 2024-03-25 20:13:18 +01:00
materus a9146bb628 waffentrager: add nextcloud, config: remove private inputs 2024-03-25 19:46:18 +01:00
materus cd78aabf19 Update README.md 2024-03-24 01:38:21 +01:00
materus 31cb2f4e65 valkyrie: nginx changes 2024-03-23 21:42:56 +01:00
materus d1cf546ac6 waffentrager: add gitea 2024-03-23 20:58:26 +01:00
materus 68e64038ff waffentrager: disable ssh root login 2024-03-23 17:56:09 +01:00
materus 4e0b7b6dd0 waffentrager: use nginx gid instead of uid 2024-03-23 16:36:22 +01:00
materus 3b285229d7 waffentrager: add acme mount from valkyrie 2024-03-23 16:18:53 +01:00
materus 597131aba4 waffentrager: add elements service description 2024-03-23 15:48:51 +01:00
materus 7c52e76348 valkyrie: add acme access for waffentrager 2024-03-23 15:39:15 +01:00
materus bc4d4750c0 valkyrie: move certs to sops file 2024-03-23 15:21:13 +01:00
materus b9397c8fd4 home-profile: restore old zsh settings name to work on stable 2024-03-23 15:21:05 +01:00
materus 78ee10572a configuration: update options to get rid of deprecation warnings 2024-03-23 14:02:51 +01:00
materus 0e985b318f waffentrager: postresql dir creation 2024-03-23 12:42:02 +01:00
materus d5ef421ebb waffentrager: postresql version 2024-03-23 12:39:23 +01:00
materus b700364ac1 waffentrager: changes to postgresql dir 2024-03-23 12:33:10 +01:00
materus d204976cce waffentrager: add postgresql 2024-03-23 11:45:10 +01:00
materus c47555fec7 waffentrager: add elements drive service 2024-03-23 02:30:39 +01:00
materus e9998e42c3 valkyrie: fix muse description 2024-03-23 01:49:03 +01:00
materus a66570226c Add muse bot to valkyrie 2024-03-22 20:12:00 +01:00
materus a76b42c3da valkyrie: move secrets 2024-03-22 00:00:20 +01:00
materus e17d19dcfd commond: change warning to assertion 2024-03-21 23:43:36 +01:00
materus 1c58fc1a2f crypt.sh: check git only before encrypt/decrypt 2024-03-21 23:36:48 +01:00
materus cdc41c3934 configurations: use home-manager module by default 2024-03-21 23:01:42 +01:00
materus bc40af000f waffentrager: import secrets 2024-03-21 19:36:19 +01:00
materus 8217fb3c80 flake: update lock 2024-03-21 19:33:18 +01:00
materus 15cf859638 waffentrager: add secrets 2024-03-21 19:30:54 +01:00
materus 114c2e93be Fix zsh prompt 2024-03-21 18:55:50 +01:00
materus fe55b38bf9 Change usage of mkForce 2024-03-17 10:25:09 +01:00
materus 14349441ac materusPC: updates to work on unstable 2024-03-16 19:24:04 +01:00
materus bec5c7e764 flake: update lock 2024-03-16 19:23:25 +01:00
materus 4e9a593443 materusPC: fixes for plasma 6 2024-03-11 16:46:48 +01:00
materus 04ad6ac1cd code: nixpkgs-fmt to format code 2024-03-11 16:19:31 +01:00
materus 8ecb892244 common: change remove rnix-lsp, add nil and nixpkgs-fmt, move nix default package to common 2024-03-11 16:15:04 +01:00
materus c88c7c029a flake: update lock 2024-03-11 15:36:12 +01:00
materus 990e23c0af Merge branch 'master' of github.com:materusPL/nixos-config 2024-03-11 15:34:41 +01:00
materus c48c02593f materusPC: add rustup again 2024-03-11 15:33:14 +01:00
materus b76733543c Old-materusPC: home, disable emacs 2024-03-09 19:33:08 +01:00
materus 59b65b3dd6 Old-materusPC: add git-crypt 2024-03-09 19:32:51 +01:00
materus 205ab654f3 flake: update lock 2024-03-09 19:17:31 +01:00
materus 130fbaddb4 Revert "materusPC: add rustup to vscodium"
This reverts commit 60542cf0c9.
2024-03-07 12:15:23 +01:00
materus 60542cf0c9 materusPC: add rustup to vscodium 2024-03-07 11:43:15 +01:00
materus dee6533fd1 materusPC: add audio plugins 2024-03-05 13:36:20 +01:00
materus 53ef892a5b materusPC: change audio settings 2024-03-05 13:25:01 +01:00
materus 2cd1ceb0b9 materusPC: kde changes 2024-03-05 12:46:35 +01:00
materus 98129881a1 config: add flake registry option 2024-03-05 12:46:21 +01:00
materus c9e496d80c flake: update lock 2024-03-05 12:45:46 +01:00
materus f9182a61b8 materusPC: change to plasma6 2024-03-04 12:33:48 +01:00
materus 81d7fdfec1 crypt.sh: add delete and create file func 2024-03-03 13:20:02 +01:00
materus 24885efdb4 materusPC: use gnome3 pinentry 2024-03-03 13:19:40 +01:00
materus 8293c9ff44 hosts: add hostPath; home: add homePath 2024-03-03 02:50:46 +01:00
materus 41114f4960 fix typo 2024-03-03 01:24:55 +01:00
materus e702504dee git-crypt: more tests 2024-03-03 01:23:53 +01:00
materus deaa785e1f git-crypt: add simple script to unlock repo 2024-03-03 00:55:45 +01:00
materus 3e93bbfd82 materusPC: add git-crypt to all users 2024-03-03 00:31:40 +01:00
materus e449ce8c56 git-cryp: test 2024-03-03 00:26:24 +01:00
materus cf78dd369e materusPC: secrets test 2024-03-03 00:03:02 +01:00
materus 36e1db6cb1 materusPC: secrets 2024-03-02 23:34:32 +01:00
materus 2af5e3f2a3 materusPC: add git-crypt to home 2024-03-02 22:50:52 +01:00
materus 960ee6fee6 git-crypt: test 2024-03-02 22:41:06 +01:00
materus ad67342e5d Add 1 git-crypt collaborator
New collaborators:

	B75B790D Mateusz "materus" Słodkowicz (materus.pl) <materus@podkos.pl>
2024-03-02 22:39:35 +01:00
materus e8a91e22b6 git-crypt: attributes 2024-03-02 22:38:39 +01:00
materus 8218e3e8cb materusPC: prepare sops 2024-03-02 22:36:43 +01:00
materus c5a5265557 flake: update lock; change all configInputs.inputs to configInputs 2024-03-02 19:51:38 +01:00
materus a7ad639465 flake: update lock; materusPC: remove useless caps config, change sddm to x11 2024-03-02 19:43:32 +01:00
materus 547fd5165c zsh: update 2024-02-26 01:23:15 +01:00
materus 88bdef3961 config: add check if home-manager 2024-02-25 22:30:13 +01:00
materus 64e8520dbd Revert "config: add check if home-manager"
This reverts commit 1b6e1b5d58.
2024-02-25 22:21:11 +01:00
materus 1b6e1b5d58 config: add check if home-manager 2024-02-25 22:07:53 +01:00
materus c1f9da7b40 config: add materusArg module 2024-02-25 18:51:56 +01:00
materus f0d5df9cca flake: update, config: code cleaning 2024-02-25 18:25:39 +01:00
materus 011ceddcb5 flake: update lock 2024-02-23 01:26:47 +01:00
materus 0ea4fac018 remove args, disable emacs, change jdk 2024-02-23 01:19:54 +01:00
materus 59e69924bb update 2024-02-10 12:29:42 +01:00
materus 44dc207b5b config update 2023-12-22 11:53:49 +01:00
materus 4198f3d2d9 configurations: update 2023-11-20 14:14:23 +01:00
materus 32c47479b1 emacs: create one config file 2023-11-15 00:07:16 +01:00
materus cf3a2d98c7 update lock and emacs 2023-11-14 23:25:05 +01:00
materus cf0c1a685e configuration: changes to emacs and others 2023-11-13 00:44:03 +01:00
materus c0cd2a0f19 configurations: update 2023-11-08 10:46:45 +01:00
materus a6c581ee04 emacs: update 2023-11-05 11:59:54 +01:00
materus 4dde3a0e00 .gitignore 2023-11-05 00:16:44 +01:00
materus cc175120b5 emacs: remove evil, add .gitignore 2023-11-04 16:44:02 +01:00
materus dd8779a2e4 emacs: changes to config 2023-11-04 10:50:50 +01:00
materus 1bd2fc3ae1 flake: update lock, change to home-manager stable flake 2023-11-03 16:07:18 +01:00
materus c999f5581d Old-materusPC: Move config of old PC here 2023-11-03 16:06:37 +01:00
materus da1a963d51 configurations: update 2023-10-31 14:40:57 +01:00
materus 54fde216c1 valkyrie: resolved adguard problems, go back to adguard instead of pihole 2023-10-29 01:17:48 +02:00
materus 12926bd6a1 flake: update lock 2023-10-29 01:16:55 +02:00
materus 8896ae977e configurations: add waffentrager host 2023-10-27 19:04:55 +02:00
materus f2c82ea93f configurations: formatting and some cleaning 2023-10-27 17:00:26 +02:00
materus 0ac720823c Create README.md 2023-10-27 14:52:21 +02:00
materus 203a6d868a remove pointless flake 2023-10-27 14:03:09 +02:00
materus 2f0a613381 configurations: Add stable nixpkgs for other hosts, use one Arg 2023-10-27 14:01:54 +02:00
materus 154d850e49 configurations: formatting 2023-10-27 12:30:38 +02:00
materus 1bbf628ea9 configurations: update emacs conf 2023-10-25 19:28:25 +02:00
materus 614dea0e57 configurations: update 2023-10-25 15:34:43 +02:00
materus fbcd102ea1 configurations: update 2023-10-25 00:06:20 +02:00
materus 6e78af6852 flake: update lock 2023-10-25 00:06:05 +02:00
materus 1b234d065d configurations: update 2023-10-20 23:29:09 +02:00
materus 1c7efbba8d valkyrie: change adguard to pihole 2023-10-20 23:28:59 +02:00
materus e7e17d4e39 flake: update lock 2023-10-20 23:28:10 +02:00
materus 736d751962 configurations: update 2023-10-14 15:01:22 +02:00
materus 609f9252dc configurations: update 2023-10-14 14:40:37 +02:00
materus 08819b8107 flake: update configInputs 2023-10-08 16:38:42 +02:00
materus ef9fa061e6 update flake 2023-10-08 16:32:38 +02:00
117 changed files with 4260 additions and 1502 deletions
+4
View File
@@ -0,0 +1,4 @@
# Do not edit this file. To specify the files to encrypt, create your own
# .gitattributes file in the directory where your files are.
* !filter !diff
*.gpg binary
+2
View File
@@ -0,0 +1,2 @@
**/private/** filter=git-crypt diff=git-crypt
encrypted-test filter=git-crypt diff=git-crypt
+1
View File
@@ -0,0 +1 @@
\#*\#
+18
View File
@@ -0,0 +1,18 @@
# nixos-config
My NixOS and home-manager configs.
Dotfiles and helper scripts.
Not all config is here, some I keep in private flake.
## Hosts
materusPC - my main PC
Old-materusPC - my old PC, barely used
flamaster - my laptop, used mostly as server for games.
valkyrie - VPS, my website and pleroma instance
waffentrager - raspberry pi4, home server
-44
View File
@@ -1,44 +0,0 @@
{ inputs, materusFlake, ... }:
let
profiles = import ../profile;
hosts = builtins.attrNames materusFlake.nixosConfigurations;
genHomes = username:
let
#Make host specific user profile "username@host"
_list = builtins.map (host: username + "@" + host) hosts;
_for = i: (
let len = builtins.length hosts; in
([{
name = builtins.elemAt _list i;
value = let host = builtins.elemAt hosts i; in
inputs.configInputs.inputs.home-manager.lib.homeManagerConfiguration {
pkgs = materusFlake.nixosConfigurations.${host}.pkgs;
extraSpecialArgs = { inherit inputs; inherit materusFlake; };
modules = [
./${username}
../host/${host}/extraHome.nix
profiles.homeProfile
inputs.private.homeModule
];
};
}]
++ (if ((i + 1) < len) then _for (i + 1) else [ ]))
);
in
(builtins.listToAttrs (_for 0)) // {
#Make generic x86_64-linux user profile "username"
${username} = inputs.configInputs.inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs { system = "x86_64-linux"; config = {allowUnfree = true;}; };
extraSpecialArgs = { inherit inputs; inherit materusFlake; };
modules = [
./${username}
profiles.homeProfile
inputs.private.homeModule
];
};
};
in
genHomes
+308
View File
@@ -0,0 +1,308 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, materusArg, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.supportedFilesystems = [ "ntfs" ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.auto-optimise-store = true;
nix.settings.substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
nix.settings.trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
nixpkgs.config.allowUnfree = true;
# Use the systemd-boot EFI boot loader.
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = "1920x1080";
gfxmodeBios = "1920x1080";
useOSProber = true;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.tmpOnTmpfs = true;
services.flatpak.enable = true;
services.gvfs.enable = true;
networking.hostName = "Old-materusPC"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Warsaw";
services.fstrim = {
enable = true;
interval = "weekly";
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "lat2-16";
# keyMap = "pl";
useXkbConfig = true; # use xkbOptions in tty.
};
hardware.bluetooth.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
materus.profile.steam.enable = true;
# Configure keymap in X11
services.xserver.layout = "pl";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound.
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
hardware.pulseaudio.enable = false;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "kvm" "input" "libvirt" "libvirtd" "podman" ];
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
};
environment.sessionVariables = rec {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
#SSH_ASKPASS_REQUIRE = "prefer";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
MOZ_USE_XINPUT2 = "1";
PATH = [
"\${XDG_BIN_HOME}"
];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
# List packages installed in system profile. To search, run:
# $ nix search wget
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.libsForQt5.fcitx5-qt ];
environment.systemPackages = with pkgs; [
brave
glibc
patchelf
vim
wget
killall
xorg.xkill
xorg.xhost
nix-top
gitFull
curl
jdk
nss_latest
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
distrobox
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
nix-du
git-crypt
wineWowPackages.stagingFull
winetricks
protontricks
openal
gnupg
ncurses
monkeysphere
gparted
inkscape
gimp
virt-manager
libguestfs
bubblewrap
bindfs
pulseaudio
binutils
];
fonts.fontDir.enable = true;
fonts.enableDefaultFonts = true;
fonts.fonts = with pkgs; [
dejavu_fonts
hack-font
noto-fonts
noto-fonts-extra
noto-fonts-emoji
noto-fonts-cjk-sans
noto-fonts-cjk-serif
ubuntu_font_family
wqy_zenhei
monocraft
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "Meslo" "ProFont" ]; })
];
fonts.fontconfig.enable = true;
fonts.fontconfig.cache32Bit = true;
fonts.fontconfig.defaultFonts.sansSerif = [ "Noto Sans" "DejaVu Sans" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.serif = [ "Noto Serif" "DejaVu Serif" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.emoji = [ "Noto Color Emoji" "OpenMoji Color" ];
fonts.fontconfig.defaultFonts.monospace = [ "Hack Nerd Font" "Noto Sans Mono" "WenQuanYi Zen Hei Mono" ];
environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" ];
environment.shells = with pkgs; [ zsh ];
programs = {
steam = {
enable = true;
dedicatedServer.openFirewall = true;
remotePlay.openFirewall = true;
};
fish.enable = true;
java.enable = true;
command-not-found.enable = false;
dconf.enable = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
services.pcscd.enable = true;
/*systemd.user.services.gpg-agent.serviceConfig.ExecStart = [
""
''
${pkgs.gnupg}/bin/gpg-agent --supervised \
--pinentry-program ${pkgs.kwalletcli}/bin/pinentry-kwallet
''
];*/
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.ssh.startAgent = true;
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 ];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}
@@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
{
imports =
[
./secrets
./configuration.nix
./nvidia.nix
./plasma.nix
];
}
@@ -0,0 +1,91 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "vfio-pci" ];
boot.extraModulePackages = [ ];
boot.kernel.sysctl = { "vm.swappiness" = 10; };
boot.kernelParams = [ "ibt=off" "intel_iommu=on" "iommu=pt" "pcie_acs_override=downstream,multifunction" ];
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/materus" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
neededForBoot = true;
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-label/NixOS_Home";
fsType = "btrfs";
options = [ "subvol=@home" "nossd" "noatime" "compress=zstd" "space_cache=v2" "autodefrag" ];
};
fileSystems."/materus/data" =
{
device = "/dev/disk/by-label/NixOS_Home";
fsType = "btrfs";
options = [ "subvol=@data" "nossd" "noatime" "compress=zstd" "space_cache=v2" "autodefrag" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/A5C2-31D1";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-label/NixOS_Swap"; }];
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
depends = [ "/materus" ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkForce true;
}
@@ -0,0 +1,79 @@
{ config, pkgs, materusArg, lib, ... }:
{
home.stateVersion = "22.11";
home.homeDirectory = "/home/materus";
programs.wezterm.enable = true;
programs.git = {
userEmail = "materus@podkos.pl";
userName = "materus";
signing.signByDefault = true;
signing.key = "${materusArg.cfg.path}/extraFiles/keys/ssh/materus.pub";
extraConfig = {
commit.gpgsign = true;
gpg.format = "ssh";
};
};
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_16; in [
llvmpkgs.clang
llvmpkgs.llvm
llvmpkgs.bintools
llvmpkgs.lld
llvmpkgs.lldb
llvmpkgs.libllvm
llvmpkgs.libllvm.dev
gcc
gdb
cmake
gnumake
ninja
binutils
coreutils
util-linux
dotnet-sdk_8
mono
mold
python3
lua
gtk4.dev
gtk4
miniaudio
SDL2.dev
SDL2
freeglut.dev
freeglut
boost.dev
boost
glew.dev
libGL.dev
libGLU.dev
vulkan-loader.dev
jdk
ldc
dmd
dub
]);
editor.emacs.enable = false;
};
home.packages = [
pkgs.papirus-icon-theme
];
}
@@ -0,0 +1,32 @@
{ config, pkgs, ... }:
{
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
nvidiaSettings = true;
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
};
hardware.opengl.extraPackages = with pkgs; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];
materus.profile.steam.extraEnv = {
VK_ICD_FILENAMES=''''$VK_ICD_FILENAMES:/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json:/run/opengl-driver-32/share/vulkan/icd.d/nvidia_icd.i686.json'';
};
}
@@ -0,0 +1,27 @@
{ pkgs, ... }:
{
services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.wayland.enable = true;
services.xserver.displayManager.sddm.settings = {
General = {
InputMethod = "";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
};
environment.variables = {
QT_PLUGIN_PATH = [ "${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}" ];
XCURSOR_THEME = "breeze_cursors";
};
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
environment.plasma6.excludePackages = with pkgs.kdePackages; [ kwallet kwalletmanager kwallet-pam ];
environment.systemPackages = with pkgs.kdePackages; [
ark
kate
];
materus.profile.steam.extraPkgs = [ pkgs.kdePackages.breeze pkgs.kdePackages.breeze-gtk pkgs.kdePackages.dolphin ];
}
@@ -0,0 +1,25 @@
{ config, pkgs, lib, materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets."wg-key" = { };
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -0,0 +1,33 @@
wg-key: ENC[AES256_GCM,data:+z+Xxq6A1h5ceCOZry9PSz871zVZpd9Y6vtqpfoAulHCN03DjzZ/PLmRvYQ=,iv:7hdjnUuaRk30hFJ8rv4zXxI8v42RWC1iQb64LMNgBnQ=,tag:eUSTVygR+u9ERPU9gfhYIw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1el7zhjxkrlravpt7hw36fuac0xfgd42qkjjkvxzqmyl28u8csasqkd4a40
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsT2w4SCt2ZGdLYktHckMw
QVhza2tqU2M1Q3lsYnhld1dKcTdYUHcvSzFrCjMxT05yU01nUmFQK0FCUThUNDNN
V2EyTUhoVUNjNlNwTU9FeTlGRkxvVDgKLS0tIDBFYys1TmI0T0x0RnE2N3JCWWpq
VFVjMGUvRVBaY0JsR2lVcUFsdk4rYjQKEiiqEcTaQSVXSAm5c9uylaf2Tt/KJtPl
GDp+2YSBHHnVYjtYf7k9WqsIEe5/0AifDp3YA8jNhOXuZwZdvk+fLw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-30T18:21:12Z"
mac: ENC[AES256_GCM,data:0DMB+ukujc6PMU45n1QJGryGie25Bj2hXmia69QgYZNk2vgfO+nYmWSpmqK4Z00xXNtbsgejfDto5mrzU/OJ4FF3eOfwWfdIwxQLEQKoPF5U3niON3YO8FEA+JIn+/fNGF3fY1AgBfhberST5ikKnmff1Nwe5GOwQHSB3LU+CZE=,iv:V89EFUby3bwsoZKpoJRmJS9E/UheMBkKDq7j40IzBTA=,tag:aOJnFFGIuzQ3T7YrIFiWtw==,type:str]
pgp:
- created_at: "2024-03-30T18:20:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAnUVLGsgIKd3EtSAGTPyXqSlsz1T8RnDvAtBz/XaH0y0w
pkp84zTe85FRZDnTO8a44WkpNIrUih0CYQSPPCZqSi/qnIxPWgx67HTC1bPAO9Iw
1GgBCQIQNcrKr4YNKSP5XxJqMXOyZD7rZ4g02Xdw5XplZ/y34m9c83S44XRgHwg4
0obXI1UlsqyHf/ZnTM1pbXO/kdTdFomWvWbfbuKDgDvyiJJ18mJ48GOsv/SBBJjJ
3877O+Ia5I8Chg==
=q58P
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
Binary file not shown.
+53 -58
View File
@@ -2,65 +2,60 @@
let
profiles = import ../profile;
makeSystem = { host, arch ? "x86_64-linux", extraModules ? [ ], stable ? true, hmAsModule ? true, hmUsers ? [ "materus" ] }:
let
nixosSystem = if stable then inputs.nixpkgs-stable.lib.nixosSystem else inputs.nixpkgs.lib.nixosSystem;
hm = if stable then inputs.configInputs-stable.home-manager else inputs.configInputs.home-manager;
materusCfg = {
inherit stable;
inherit materusFlake;
inherit host;
inherit hm;
inherit hmAsModule;
nixerus = if stable then inputs.configInputs-stable.nixerus else inputs.configInputs.nixerus;
configInputs = if stable then inputs.configInputs-stable else inputs.configInputs;
path = materusFlake.selfPath;
hostPath = materusFlake.selfPath + "/configurations/host/${host}";
isHm = false;
};
in
(nixosSystem {
specialArgs = { inherit materusCfg; };
system = arch;
modules = [
./${host}
profiles.osProfile
materusCfg.configInputs.sops-nix.nixosModules.sops
(if hmAsModule then hm.nixosModules.home-manager else { })
(if hmAsModule then
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users = (builtins.foldl' (a: b: a // b) { } (builtins.map
(user: {
${user} = ({ ... }:
{
imports = [
(materusFlake.selfPath + "/configurations/shared/home/${user}")
(materusFlake.selfPath + "/configurations/host/${host}/home/${user}")
profiles.homeProfile
];
});
})
hmUsers));
home-manager.extraSpecialArgs = { materusCfg = materusCfg // { isHm = true; }; };
} else { })
] ++ extraModules;
}) // { inherit materusCfg; };
in
{
materusPC = inputs.nixpkgs.lib.nixosSystem rec {
specialArgs = { inherit inputs; inherit materusFlake; };
system = "x86_64-linux";
modules = [
./materusPC
inputs.private.systemModule
profiles.osProfile
];
};
flamaster = inputs.nixpkgs.lib.nixosSystem rec {
specialArgs = { inherit inputs; inherit materusFlake; };
system = "x86_64-linux";
modules = [
./flamaster
inputs.private.systemModule
profiles.osProfile
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.materus = { config ,... }: {
imports = [
../home/materus
flamaster/extraHome.nix
profiles.homeProfile
inputs.private.homeModule
];
materus.profile.nixpkgs.enable = false;
};
home-manager.extraSpecialArgs = { inherit inputs; inherit materusFlake; };
}
];
};
valkyrie = inputs.nixpkgs.lib.nixosSystem rec {
specialArgs = { inherit inputs; inherit materusFlake; };
system = "x86_64-linux";
modules = [
./valkyrie
inputs.private.systemModule
profiles.osProfile
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.materus = { config ,... }: {
imports = [
../home/materus
valkyrie/extraHome.nix
profiles.homeProfile
inputs.private.homeModule
];
materus.profile.nixpkgs.enable = false;
};
home-manager.extraSpecialArgs = { inherit inputs; inherit materusFlake; };
}
];
};
materusPC = makeSystem { host = "materusPC"; stable = false; };
flamaster = makeSystem { host = "flamaster"; stable = true; };
valkyrie = makeSystem { host = "valkyrie"; stable = true; };
waffentrager = makeSystem { host = "waffentrager"; stable = true; arch = "aarch64-linux"; };
Old-materusPC = makeSystem { host = "Old-materusPC"; stable = false; };
}
@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, materusFlake, materusPkgs, ... }:
{ config, lib, pkgs, materusArg, ... }:
{
imports =
@@ -115,10 +115,11 @@
isNormalUser = true;
description = "Mateusz Słodkowicz";
extraGroups = [ "networkmanager" "wheel" ];
openssh.authorizedKeys.keyFiles = [ (materusFlake.selfPath + /extraFiles/keys/ssh/materus.pub) ];
openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
packages = with pkgs; [
kate
];
shell = pkgs.zsh;
};
# Allow unfree packages
@@ -135,7 +136,7 @@
lshw
steamcmd
distrobox
steamcmd
config.materus.profile.packages.firefox
config.programs.java.package
@@ -16,13 +16,26 @@
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "ext4";
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" "compress=zstd" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-label/NixOS_EFI";
device = "/dev/disk/by-label/NixOS_EFI_L";
fsType = "vfat";
};
@@ -1,4 +1,4 @@
{ config, pkgs, materusPkgs, lib, ... }:
{ config, pkgs, materusArg, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
@@ -11,11 +11,13 @@
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
zsh.enable = true;
};
home.packages = [
pkgs.papirus-icon-theme
(materusPkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; })
(materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; })
];
}
+106
View File
@@ -0,0 +1,106 @@
{config, pkgs, materusArg, ...}:
{
environment.systemPackages = with pkgs; [
gamescope
#(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
materusArg.pkgs.amdgpu-pro-libs.prefixes
(pkgs.bottles.override { extraPkgs = pkgs: [ pkgs.libsForQt5.breeze-qt5 pkgs.kdePackages.breeze-gtk pkgs.nss_latest ]; extraLibraries = pkgs: [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
glibc
glib
gtk3
gtk4
gsettings-desktop-schemas
kdePackages.dolphin
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
patchelf
killall
util-linux
xorg.xhost
nix-top
gitFull
curl
wget
config.programs.java.package
nss_latest
pciutils
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
steamtinkerlaunch
distrobox
# WebP support
libwebp
webp-pixbuf-loader
# Compression
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
tldr
bat
##config.materus.profile.packages.home-manager
gcr
# pgcli
# litecli
materusArg.pkgs.alvr
#zenmonitor
nix-du
kate
krusader
wineWowPackages.stagingFull
winetricks
protontricks
gnupg
pinentry
pinentry-gnome3
pinentry-curses
ncurses
monkeysphere
gparted
virt-viewer
inkscape
gimp
git-crypt
bubblewrap
bindfs
binutils
];
}
+63
View File
@@ -0,0 +1,63 @@
{ pkgs, lib, ... }:
{
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
audio.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = false;
jack.enable = true;
};
hardware.pulseaudio.enable = false;
environment.sessionVariables =
let
makePluginPath = format:
(lib.makeSearchPath format [
"$HOME/.nix-profile/lib"
"/run/current-system/sw/lib"
"/etc/profiles/per-user/$USER/lib"
])
+ ":$HOME/.${format}";
in
{
ALSOFT_DRIVERS = "pulse";
DSSI_PATH = makePluginPath "dssi";
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
LXVST_PATH = makePluginPath "lxvst";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
};
services.udev = {
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
};
environment.systemPackages = with pkgs; [
openal
pulseaudio
reaper
yabridge
yabridgectl
vital
odin2
surge
fire
decent-sampler
lsp-plugins
];
}
+6 -1
View File
@@ -1,18 +1,23 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
{ config, pkgs, lib, ... }:
{
imports =
[
./hardware
./vm
./secrets
./scripts.nix
./tmp.nix
./network.nix
./kde.nix
./audio.nix
./apps.nix
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
system.copySystemConfiguration = false;
system.stateVersion = "23.05";
@@ -1,38 +0,0 @@
{ config, pkgs, materusPkgs, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
programs.git.signing.signByDefault = true;
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps;[
llvmPackages_16.clang
llvmPackages_16.llvm
llvmPackages_16.bintools
llvmPackages_16.lld
llvmPackages_16.lldb
llvmPackages_16.libllvm
]);
};
home.packages = [
pkgs.papirus-icon-theme
materusPkgs.ffmpeg6-amf-full
(materusPkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; extraLibs = [ ]; })
];
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-vkcapture obs-gstreamer input-overlay obs-multi-rtmp obs-pipewire-audio-capture ];
package = materusPkgs.obs-amf;
};
}
+17 -18
View File
@@ -1,5 +1,4 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
{ config, pkgs, lib, ... }:
{
@@ -18,28 +17,28 @@
services.gnome.core-shell.enable = true;
services.gnome.core-os-services.enable = true;
programs.gnupg.agent.pinentryFlavor = "gnome3";
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
programs.gnome-terminal.enable = true;
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
services.dbus.packages = with pkgs; [ gnome2.GConf ];
environment.systemPackages = with pkgs; [
gnome3.adwaita-icon-theme
gnome3.gnome-tweaks
gnome3.gnome-color-manager
gnome3.gnome-shell-extensions
gnome3.adwaita-icon-theme
gnome3.gnome-tweaks
gnome3.gnome-color-manager
gnome3.gnome-shell-extensions
gnomeExtensions.appindicator
gnomeExtensions.desktop-clock
gnomeExtensions.gtk4-desktop-icons-ng-ding
gnomeExtensions.compiz-windows-effect
gnomeExtensions.burn-my-windows
gnomeExtensions.user-themes
gnomeExtensions.gsconnect
gnomeExtensions.appindicator
gnomeExtensions.desktop-clock
gnomeExtensions.gtk4-desktop-icons-ng-ding
gnomeExtensions.compiz-windows-effect
gnomeExtensions.burn-my-windows
gnomeExtensions.user-themes
gnomeExtensions.gsconnect
];
}
}
+33 -29
View File
@@ -1,41 +1,41 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
let
video = [
"video=HDMI-A-3:1920x1080@144"
"video=DP-3:1920x1080@240"
{ config, pkgs, lib, materusArg, ... }:
let
video = [
#"video=DP-1:1920x1080@240"
#"video=DP-2:1920x1080@240"
#"video=HDMI-A-1:1920x1080@240"
#"video=HDMI-A-2:1920x1080@240"
"video=HDMI-A-3:1920x1080@144"
"video=DP-3:1920x1080@240"
];
in
#"video=DP-1:1920x1080@240"
#"video=DP-2:1920x1080@240"
#"video=HDMI-A-1:1920x1080@240"
#"video=HDMI-A-2:1920x1080@240"
];
in
{
#Kernel
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.kernelParams = [ /*"pci-stub.ids=1002:744c"*/ "nox2apic" "nvme_core.default_ps_max_latency_us=0" "nvme_core.io_timeout=255" "nvme_core.max_retries=10" "nvme_core.shutdown_timeout=10" "amd_iommu=on" "iommu=pt"] ++ video;
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" "v4l2loopback" ];
boot.kernelParams = [ "rcu_nocbs=${materusArg.materusPC.vmCores}" "nohz_full=${materusArg.materusPC.vmCores}" "vfio_iommu_type1.allow_unsafe_interrupts=1" "pcie_acs_override=downstream,multifunction" /*"pci-stub.ids=1002:744c"*/ "nox2apic" "nvme_core.default_ps_max_latency_us=0" "nvme_core.io_timeout=255" "nvme_core.max_retries=10" "nvme_core.shutdown_timeout=10" "amd_iommu=on" "iommu=pt" ] ++ video;
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" ];
boot.extraModprobeConfig = ''
options kvm_amd nested=1 avic=1 npt=1
options vfio_iommu_type1 allow_unsafe_interrupts=1
options kvm_amd nested=1 avic=1 npt=1 sev=0
options vfio_iommu_type1 allow_unsafe_interrupts=1
'';
boot.kernel.sysctl = {
"vm.max_map_count" = 1000000;
"vm.swappiness" = 10;
};
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
"vm.max_map_count" = 1000000;
"vm.swappiness" = 10;
};
boot.supportedFilesystems = [ "ntfs" "btrfs" "vfat" "exfat" "ext4"];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.supportedFilesystems = [ "ntfs" "btrfs" "vfat" "exfat" "ext4" ];
boot.tmp.useTmpfs = true;
@@ -52,4 +52,8 @@ in
useOSProber = true;
memtest86.enable = true;
};
boot.plymouth.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}
@@ -1,4 +1,4 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
{ config, pkgs, lib, materusArg, ... }:
{
imports =
[
@@ -7,19 +7,25 @@
];
hardware.firmware = with pkgs; [
materusPkgs.amdgpu-pro-libs.firmware.vcn
#materusPkgs.amdgpu-pro-libs.firmware
materusArg.pkgs.amdgpu-pro-libs.firmware.vcn
#materusArg.pkgs.amdgpu-pro-libs.firmware
linux-firmware
alsa-firmware
sof-firmware
];
environment.variables = {
DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1";
VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json";
AMD_VULKAN_ICD = "RADV";
RADV_PERFTEST = "gpl,rt,sam";
OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/";
};
hardware.cpu.amd.updateMicrocode = lib.mkForce true;
#extra
hardware.wooting.enable = true;
hardware.bluetooth.enable = true;
#Graphics
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
@@ -27,15 +33,15 @@
vaapiVdpau
libvdpau-va-gl
amdvlk
rocm-opencl-icd
rocm-opencl-runtime
materusPkgs.amdgpu-pro-libs.vulkan
materusPkgs.amdgpu-pro-libs.amf
rocmPackages.clr.icd
rocmPackages.clr
materusArg.pkgs.amdgpu-pro-libs.vulkan
materusArg.pkgs.amdgpu-pro-libs.amf
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
pkgs.driversi686Linux.amdvlk
materusPkgs.i686Linux.amdgpu-pro-libs.vulkan
materusArg.pkgs.i686Linux.amdgpu-pro-libs.vulkan
libvdpau-va-gl
];
services.udev.extraRules = ''
@@ -44,7 +50,7 @@
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource0_resize}="15"
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource2_resize}="8"
'';
#Trim
services.fstrim = {
@@ -1,4 +1,4 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
{ config, pkgs, lib, ... }:
{
zramSwap = {
enable = true;
@@ -12,14 +12,12 @@
];
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
depends = [ "/materus" ];
};
@@ -28,6 +26,7 @@
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
neededForBoot = true;
};
fileSystems."/" =
@@ -0,0 +1,96 @@
{ pkgs, materusArg, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
programs.git.signing.signByDefault = true;
xdg.userDirs.enable = true;
xdg.portal.enable = true;
xdg.portal.xdgOpenUsePortal = true;
xdg.portal.extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
xdg.portal.configPackages = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_16; in [
llvmpkgs.clang
llvmpkgs.llvm
llvmpkgs.bintools
llvmpkgs.lld
llvmpkgs.lldb
llvmpkgs.libllvm
llvmpkgs.libllvm.dev
raylib
gcc
gdb
nil
nixfmt
nixpkgs-fmt
cmake
gnumake
ninja
binutils
coreutils
util-linux
openssl
openssl.dev
pkg-config
dotnet-sdk_8
mono
mold
python3
lua
gtk4.dev
gtk4
miniaudio
SDL2.dev
SDL2
freeglut.dev
freeglut
boost.dev
boost
glew.dev
libGL.dev
libGLU.dev
vulkan-loader.dev
xorg.xorgproto
xorg.libX11.dev
xorg.libXrandr.dev
xorg.libXrender.dev
rustup
freetype.dev
fpc
openjdk21
bison
flex
ldc
dmd
dub
]);
editor.emacs.enable = false;
};
home.packages = [
pkgs.papirus-icon-theme
materusArg.pkgs.ffmpeg6-amf-full
(materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; extraLibs = [ ]; })
pkgs.git-crypt
];
programs.obs-studio = {
enable = false;
plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-vkcapture obs-gstreamer input-overlay obs-multi-rtmp obs-pipewire-audio-capture ];
package = materusArg.pkgs.obs-amf;
};
}
+38 -26
View File
@@ -1,13 +1,20 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
{ config, pkgs, lib, ... }:
let
westonSddm = pkgs.writeText "weston.ini"
westonSddm = let xcfg = config.services.xserver; in pkgs.writeText "weston.ini"
''
[core]
xwayland=true
xwayland=false
shell=fullscreen-shell.so
[keyboard]
keymap_layout=pl
keymap_model = ${builtins.toString xcfg.xkb.model};
keymap_layout = ${builtins.toString xcfg.xkb.layout};
keymap_variant = ${builtins.toString xcfg.xkb.variant};
keymap_options = ${builtins.toString xcfg.xkb.options};
[libinput]
enable-tap = ${builtins.toString xcfg.libinput.mouse.tapping};
left-handed = ${builtins.toString xcfg.libinput.mouse.leftHanded};
[output]
name=DP-3
@@ -20,42 +27,47 @@ let
[output]
name=HDMI-A-3
mode=off
''
;
'';
in
{
services.xserver.displayManager.defaultSession = "plasmawayland";
services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.settings = {
services.displayManager.defaultSession = "plasma";
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.displayManager.sddm.wayland.compositor = lib.mkForce "weston";
services.displayManager.sddm.wayland.compositorCommand = lib.concatStringsSep " " [
"${lib.getExe pkgs.weston}"
"--shell=kiosk"
"-c ${westonSddm}"
];
services.displayManager.sddm.settings = {
General = {
DisplayServer = "wayland";
InputMethod="";
InputMethod = "";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
Wayland = {
CompositorCommand = "${pkgs.weston}/bin/weston -c ${westonSddm}";
};
};
services.xserver.desktopManager.plasma5.enable = true;
services.xserver.desktopManager.plasma5.phononBackend = "gstreamer";
services.xserver.desktopManager.plasma5.useQtScaling = true;
services.xserver.desktopManager.plasma5.runUsingSystemd = true;
programs.gnupg.agent.pinentryFlavor = "qt";
environment.plasma5.excludePackages = with pkgs; [ libsForQt5.kwallet libsForQt5.kwalletmanager libsForQt5.kwallet-pam ];
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
environment.plasma6.excludePackages = with pkgs.kdePackages; [ kwallet kwalletmanager kwallet-pam ];
environment.variables = {
# Old fix for black cursor on amdgpu, seems to work fine now
#KWIN_DRM_NO_AMS = "1";
#Fix fo amdgpu crashes
KWIN_DRM_USE_MODIFIERS="0";
KWIN_DRM_NO_DIRECT_SCANOUT="1";
#Fix for amdgpu crashes
KWIN_DRM_USE_MODIFIERS = "0";
KWIN_DRM_NO_DIRECT_SCANOUT = "1";
QT_PLUGIN_PATH = [ "${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}" ];
XCURSOR_THEME = "breeze_cursors";
};
environment.systemPackages = with pkgs; [
kdePackages.ark
];
materus.profile.steam.extraPkgs = [ pkgs.kdePackages.breeze pkgs.kdePackages.breeze-gtk pkgs.kdePackages.dolphin ];
}
+38 -5
View File
@@ -1,18 +1,51 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
{ config, pkgs, lib, materusArg, ... }:
{
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
'';
networking.useDHCP = lib.mkDefault true;
networking.hostName = "materusPC";
networking.wireless.iwd.enable = true;
networking.networkmanager.enable = true;
networking.networkmanager.wifi.backend = "iwd";
#networking.networkmanager.wifi.backend = "iwd";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 8080 9943 9944];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 6000 9943 9944];
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 8080 9943 9944 ];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 6000 9943 9944 ];
#Fix warning
networking.networkmanager.extraConfig = lib.mkDefault ''
[connectivity]
uri=http://nmcheck.gnome.org/check_network_status.txt
'';
networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path
];
networking.networkmanager.ensureProfiles.profiles = {
wg0 = {
connection = {
id = "wg0";
type = "wireguard";
interface-name = "wg0";
};
wireguard = {
private-key = "$WIREGUARD_PRIVATEKEY";
};
"wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
allowed-ips = "${materusArg.ip-masks.wireguard.general};";
};
ipv4 = {
address1 = "${materusArg.ips.wireguard.materusPC}/23";
dns = "${materusArg.ips.wireguard.valkyrie};";
method = "manual";
never-default = "true";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "disabled";
};
proxy = { };
};
};
}
+37 -37
View File
@@ -1,50 +1,50 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
{ config, pkgs, lib, ... }:
let
valkyrie-sync = pkgs.writeShellScriptBin "valkyrie-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/Nixerus materus@valkyrie:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/valkyrie materus@valkyrie:/materus/config/private
'';
valkyrie-sync = pkgs.writeShellScriptBin "valkyrie-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/nixos-config materus@valkyrie:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/valkyrie materus@valkyrie:/materus/config/private
'';
valkyrie-flakelock = pkgs.writeShellScriptBin "valkyrie-flakelock" ''
${pkgs.openssh}/bin/ssh materus@valkyrie "nix flake update /materus/config/Nixerus --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-flakelock = pkgs.writeShellScriptBin "valkyrie-flakelock" ''
${pkgs.openssh}/bin/ssh materus@valkyrie "nix flake update /materus/config/nixos-config --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-boot = pkgs.writeShellScriptBin "valkyrie-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild boot --flake /materus/config/Nixerus#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-switch = pkgs.writeShellScriptBin "valkyrie-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild switch --flake /materus/config/Nixerus#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-boot = pkgs.writeShellScriptBin "valkyrie-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild boot --flake /materus/config/nixos-config#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-switch = pkgs.writeShellScriptBin "valkyrie-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild switch --flake /materus/config/nixos-config#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
flamaster-sync = pkgs.writeShellScriptBin "flamaster-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/Nixerus materus@flamaster:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/flamaster materus@flamaster:/materus/config/private
'';
flamaster-sync = pkgs.writeShellScriptBin "flamaster-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/nixos-config materus@flamaster:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/flamaster materus@flamaster:/materus/config/private
'';
flamaster-flakelock = pkgs.writeShellScriptBin "flamaster-flakelock" ''
${pkgs.openssh}/bin/ssh materus@flamaster "nix flake update /materus/config/Nixerus --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-flakelock = pkgs.writeShellScriptBin "flamaster-flakelock" ''
${pkgs.openssh}/bin/ssh materus@flamaster "nix flake update /materus/config/nixos-config --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-boot = pkgs.writeShellScriptBin "flamaster-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild boot --flake /materus/config/Nixerus#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-switch = pkgs.writeShellScriptBin "flamaster-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild switch --flake /materus/config/Nixerus#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-boot = pkgs.writeShellScriptBin "flamaster-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild boot --flake /materus/config/nixos-config#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-switch = pkgs.writeShellScriptBin "flamaster-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild switch --flake /materus/config/nixos-config#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
in
{
{
environment.systemPackages = [
valkyrie-rebuild-boot
valkyrie-rebuild-switch
@@ -55,5 +55,5 @@ in
flamaster-rebuild-switch
flamaster-sync
flamaster-flakelock
];
];
}
@@ -0,0 +1,27 @@
{ config, pkgs, lib, materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.age.sshKeyPaths = [ "/materus/root/ssh_host_ed25519_key" ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.wireguard = { };
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -0,0 +1,36 @@
users:
materus: ENC[AES256_GCM,data:okqSgMvdFq1BMAg+Gs725zaNbeAQIpJKSPB2Sa83i3EYimphZNBtrJLen+gQEGNq4yeTyAc9Ih/hcnr+3z+Tea/g9ffh/UC4YA==,iv:OhKoWLREAqCbtmS3Rw9nE9+PtcBLwEHimJXcj4oejRA=,tag:Ht/SQSwumnQR6E45Pl47AQ==,type:str]
root: ENC[AES256_GCM,data:vnPjK+xayk/Zk895rERYAeCzpjv5NJ7EAyK4MRDUzDbW++4Dy+UEI81v1v7w9dfpDeL+x5kOqUFO5zVVDUGfZ3yf/l8M8N8KcA==,iv:gGFGcy3K27nQxn0+7I/t0kg3nZyXeGWqysOl2auZJXo=,tag:N+LYhKpPCbI1EjEBwxuh1g==,type:str]
wireguard: ENC[AES256_GCM,data:rBkftzBcdamhP0xZB3qxfLptL8bX1qc7SdcfPNpYV67TeQs6i79+5KB/da4=,iv:22J5SZbFtYco7iSHvD2GD1bcazfGWlyEJ2isa3Ab4bI=,tag:BeUn9Srl2vyoDgK5Xv0UCg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1fq9ckkwtgvm69w045rf9pgurnhch6ukdxejr8yxgrthn7j8vp48qvd9rkx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbHZZUVF1dVJSU1NvNXVk
N3VtTm00ZHRWb082T0FkNXJncUxCU3haVmpVCk9FQkJBZnVJVFNLOThjZzlxNVF1
b0phQ2daejRrdVhEZ2YvRHVRRU5BQlEKLS0tIGdQeDlOSzl4VDhGNURQditCWUFG
dWVzbzUyakxXUGpTQjNsYzcyVG1aRDgKXVa8tIAbmggw1vSt3NJYRLgXhbagpNrX
RNXyndPaeQXVPVXuJWmHgRCYbwPTcfAFpGwFlX2IxVLlmC914Zklhw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-19T15:58:46Z"
mac: ENC[AES256_GCM,data:BLa0G3ci8EWH43UkLI2OoFJp2F9YeuKDrg6+2I/bq/lLi/YUitkJvBkA9VSIbvCyYWs/5SlEL5MayX8iiVdJ7r9bCiw+LVsWNAdaYDCafbZRW5F7KiHS5WXV3v4c201kFok7rmnRhEfKfdDxLlQ/mFHqOhupHU/qCNMTuUzJBiA=,iv:EPRoXHVMB6I16lTFJdFVAuSnMD/B55fPYtSBOQddutE=,tag:gohg+BdRlMPAQmNpRdk8sg==,type:str]
pgp:
- created_at: "2024-03-02T22:10:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAvGVUu56Pd2+DMHqgIcJokyh11952nQK2eVtQNj42CAUw
NQfulNRUHX5BonsLyvXPx74bVku6Wxr80loIWoz049/xbFj4S7FyftkakY8rOUGu
1GgBCQIQOoEFvTQB8qGbea/85fktuljXPou/WgUY6Mxd4n0dBz54f69B/NttnBGc
7eUDKfe79Omr0o/0CVC/6SGKoiS38suV903QHeF1MXFPeOG72k4TvfF9lVlBgK8H
k4DXtzC7wm3WWg==
=eh7Z
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
+71 -330
View File
@@ -1,14 +1,10 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
{ config, pkgs, materusArg, ... }:
{
virtualisation.lxc.enable = false;
virtualisation.lxc.lxcfs.enable = false;
virtualisation.lxd.enable = false;
#virtualisation.lxd.recommendedSysctlSettings = true;
virtualisation.lxc.enable = true;
virtualisation.lxc.lxcfs.enable = true;
virtualisation.lxd.enable = true;
programs.corectrl.enable = true;
programs.corectrl.gpuOverclock.enable = true;
programs.corectrl.gpuOverclock.ppfeaturemask = "0xffffffff";
programs.gamemode.enable = true;
@@ -17,44 +13,38 @@
services.teamviewer.enable = true;
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.hip}"
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
services.flatpak.enable = true;
services.gvfs.enable = true;
services.xserver.xkb.layout = "pl";
time.timeZone = "Europe/Warsaw";
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "lat2-16";
# keyMap = "pl";
useXkbConfig = true; # use xkbOptions in tty.
};
services.xserver.layout = "pl";
services.xserver.enable = true;
services.xserver.videoDrivers = [ "amdgpu" ];
services.dbus.enable = true;
services.dbus.packages = [ pkgs.gcr_4 ];
services.dbus.packages = [ pkgs.gcr ];
#services.xserver.displayManager.autoLogin.user = "materus";
services.xserver.displayManager.startx.enable = false;
/*
services.xserver.displayManager.lightdm.enable = true;
services.xserver.displayManager.lightdm.greeters.enso.enable = true;
services.xserver.displayManager.lightdm.greeters.enso.blur = true;
*/
services.xserver.config = pkgs.lib.mkAfter ''
xdg.portal.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.xdgOpenUsePortal = true;
services.xserver.exportConfiguration = true;
services.xserver.extraConfig = pkgs.lib.mkDefault ''
Section "OutputClass"
Identifier "amd-options"
Option "TearFree" "True"
Option "SWCursor" "True"
Option "VariableRefresh" "true"
Option "AsyncFlipSecondaries" "true"
Option "DRI3" "1"
MatchDriver "amdgpu"
EndSection
@@ -66,26 +56,13 @@
services.printing.enable = true;
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
audio.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = false;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
hardware.pulseaudio.enable = false;
services.xserver.libinput.enable = true;
virtualisation.waydroid.enable = false;
virtualisation.podman = {
enable = true;
#enableNvidia = true;
dockerCompat = true;
dockerSocket.enable = true;
};
@@ -96,30 +73,36 @@
users.users.materus = {
isNormalUser = true;
extraGroups = [ "audio" "video" "render" "pipewire" "wheel" "networkmanager" "input" "kvm" "libvirt-qemu" "libvirt" "libvirtd" "podman" "lxd" ]; # Enable sudo for the user.
shell = pkgs.bashInteractive;
extraGroups = [
"audio"
"video"
"render"
"pipewire"
"wheel"
"networkmanager"
"input"
"kvm"
"libvirt-qemu"
"libvirt"
"libvirtd"
"podman"
"lxd"
];
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
# packages = with pkgs; [
# firefox
# thunderbird
# ];
};
environment.variables = {
DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1";
VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json:/run/opengl-driver-32/share/vulkan/icd.d/radeon_icd.i686.json";
AMD_VULKAN_ICD = "RADV";
RADV_PERFTEST = "gpl,rt,sam";
ALSOFT_DRIVERS = "pulse";
};
environment.sessionVariables = rec {
environment.sessionVariables = {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
QT_XKB_CONFIG_ROOT = "\${XKB_CONFIG_ROOT}";
GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
XMODIFIERS = "@im=fcitx";
SDL_IM_MODULE = "fcitx";
SDL_AUDIODRIVER = "pipewire";
#SSH_ASKPASS_REQUIRE = "prefer";
MOZ_USE_XINPUT2 = "1";
PATH = [
@@ -132,26 +115,48 @@
'';
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.fcitx5-gtk pkgs.libsForQt5.fcitx5-qt ];
i18n.inputMethod.fcitx5.addons = [ pkgs.kdePackages.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.fcitx5-gtk pkgs.kdePackages.fcitx5-qt ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
services.pcscd.enable = true;
services.samba-wsdd.enable = true;
services.samba-wsdd.openFirewall = true;
services.samba = {
enable = true;
package = pkgs.sambaFull;
securityType = "user";
openFirewall = true;
extraConfig = ''
workgroup = WORKGROUP
server string = smbmaterus
netbios name = smbmaterus
security = user
hosts allow = 192.168.122. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
windows = {
path = "/materus/data/VM/windows_shared";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "materus";
"force group" = "users";
};
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.ssh.startAgent = true;
services.openssh.enable = true;
@@ -161,17 +166,6 @@
environment.shells = with pkgs; [ zsh bashInteractive fish ];
programs = {
fish.enable = true;
zsh = {
enable = true;
interactiveShellInit = ''
if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then
source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
fi
'';
promptInit = ''
'';
};
java.enable = true;
java.package = pkgs.graalvm-ce;
java.binfmt = true;
@@ -179,264 +173,11 @@
dconf.enable = true;
};
materus.profile.browser.enable = true;
services.davfs2.enable = true;
/*containers.test = {
config = { config, pkgs, ... }: { environment.systemPackages = with pkgs; [ wayfire ]; };
autoStart = false;
};*/
environment.systemPackages = with pkgs; [
firefox
gamescope
#(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
materusPkgs.amdgpu-pro-libs.prefixes
(pkgs.bottles.override { extraPkgs = pkgs: with pkgs; [ pkgs.libsForQt5.breeze-qt5 pkgs.libsForQt5.breeze-gtk pkgs.nss_latest ]; extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
glibc
glib
gtk3
gtk4
gsettings-desktop-schemas
libsForQt5.dolphin
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
patchelf
killall
util-linux
xorg.xhost
nix-top
gitFull
curl
wget
config.programs.java.package
nss_latest
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
steamtinkerlaunch
distrobox
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
tldr
bat
##config.materus.profile.packages.home-manager
# pgcli
# litecli
#zenmonitor
nix-du
ark
kate
krusader
wineWowPackages.stagingFull
winetricks
protontricks
openal
gnupg
pinentry
pinentry-gnome
pinentry-curses
ncurses
monkeysphere
gparted
virt-viewer
inkscape
gimp
bubblewrap
bindfs
pulseaudio
binutils
config.materus.profile.packages.firefox
];
environment.etc = {
/*
"libvirt/hooks/qemu.d/win11/prepare/begin/start.sh" = {
text =
''
#!/usr/bin/env bash
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
# Stop display manager
killall -u materus
systemctl stop display-manager.service
killall gdm-x-session
#systemctl isolate multi-user.target
sleep 1
# Load variables we defined
source "/etc/libvirt/hooks/kvm.conf"
# Isolate host to core 0
systemctl set-property --runtime -- user.slice AllowedCPUs=0
systemctl set-property --runtime -- system.slice AllowedCPUs=0
systemctl set-property --runtime -- init.scope AllowedCPUs=0
# Unbind VTconsoles
for (( i = 0; i < 16; i++))
do
if test -x /sys/class/vtconsole/vtcon"''${i}"; then
if [ "$(grep -c "frame buffer" /sys/class/vtconsole/vtcon"''${i}"/name)" = 1 ]; then
echo 0 > /sys/class/vtconsole/vtcon"''${i}"/bind
echo "$DATE Unbinding Console ''${i}"
fi
fi
done
# Unbind EFI Framebuffer
echo "efi-framebuffer.0" > /sys/bus/platform/drivers/efi-framebuffer/unbind
# Avoid race condition
sleep 1
# Unload NVIDIA kernel modules
modprobe -r nvidia_uvm
modprobe -r nvidia_drm
modprobe -r nvidia_modeset
modprobe -r nvidia
modprobe -r i2c_nvidia_gpu
modprobe -r drm_kms_helper
modprobe -r drm
# Detach GPU devices from host
#virsh nodedev-detach $VIRSH_GPU_VIDEO
#virsh nodedev-detach $VIRSH_GPU_AUDIO
#virsh nodedev-detach $VIRSH_GPU_USB
#virsh nodedev-detach $VIRSH_GPU_SERIAL_BUS
# Load vfio module
modprobe vfio
modprobe vfio_pci
modprobe vfio_iommu_type1
'';
mode = "0755";
};
"libvirt/hooks/qemu.d/win11/release/end/stop.sh" = {
text =
''
#!/usr/bin/env bash
# Debugging
exec 19>/home/materus/stoplogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/stoplogfile.out 2>&1
# Load variables we defined
source "/etc/libvirt/hooks/kvm.conf"
# Unload vfio module
modprobe -r vfio-pci
modprobe -r vfio_iommu_type1
modprobe -r vfio
modprobe drm
modprobe drm_kms_helper
modprobe i2c_nvidia_gpu
modprobe nvidia
modprobe nvidia_modeset
modprobe nvidia_drm
modprobe nvidia_uvm
# Attach GPU devices from host
#virsh nodedev-reattach $VIRSH_GPU_VIDEO
#virsh nodedev-reattach $VIRSH_GPU_AUDIO
#virsh nodedev-reattach $VIRSH_GPU_USB
#virsh nodedev-reattach $VIRSH_GPU_SERIAL_BUS
#echo "0000:01:00.0" > /sys/bus/pci/drivers/nvidia/bind
# Bind EFI Framebuffer
echo "efi-framebuffer.0" > /sys/bus/platform/drivers/efi-framebuffer/bind
# Bind VTconsoles
echo 1 > /sys/class/vtconsole/vtcon0/bind
#echo 1 > /sys/class/vtconsole/vtcon1/bind
# Start display manager
sleep 1
systemctl start display-manager.service
# Return host to all cores
systemctl set-property --runtime -- user.slice AllowedCPUs=0-3
systemctl set-property --runtime -- system.slice AllowedCPUs=0-3
systemctl set-property --runtime -- init.scope AllowedCPUs=0-3
'';
text = ''
#!/usr/bin/env bash
reboot
'';*-/
mode = "0755";
};
"libvirt/vgabios/patched.rom".source = ./vbios.rom;
};
};
*/
};
}
+32 -2
View File
@@ -1,9 +1,38 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
{ config, pkgs, ... }:
{
imports = [
./win10
];
materus.materusArg.materusPC = {
allCores = "0-31";
allCoresMask = "ffffffff";
hostCores = "0-7,16-23";
hostCoresMask = "00ff00ff";
vmCores = "8-15,24-31";
vmCoresMask = "ff00ff00";
};
systemd.mounts = [
{
where = "/dev/hugepages";
enable = false;
}
{
where = "/dev/hugepages/hugepages-2048kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=2M";
requiredBy = [ "basic.target" ];
}
{
where = "/dev/hugepages/hugepages-1048576kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=1G";
requiredBy = [ "basic.target" ];
}
];
virtualisation.libvirtd = {
enable = true;
@@ -47,6 +76,7 @@
bindfs
qemu-utils
psmisc
procps
];
};
in
@@ -1,5 +1,27 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
{ config, pkgs, materusArg, ... }:
let
VM_UUID = "ad2632db-0da0-4204-98b3-0592a185ebd0";
startedHook = ''
QEMU_PID=$(ps aux | grep qemu-system-x86_64 | grep "${VM_UUID}" | tr -s ' ' | cut -d " " -f 2)
for pid in $(cat /sys/fs/cgroup/cpu/machine.slice/machine-qemu*$1.scope/libvirt/vcpu*/tasks); do
renice -n "-15" -p "$pid";
done
renice -n "-10" -p "$QEMU_PID";
echo "${materusArg.materusPC.hostCoresMask}" > /proc/irq/default_smp_affinity
for irq in /proc/irq/[0-9]*/smp_affinity; do
if [ $(cat $irq) = "${materusArg.materusPC.allCoresMask}" ]; then
echo "${materusArg.materusPC.hostCoresMask}" > $irq 2> /dev/null
fi;
done;
for irq in $(cat /proc/interrupts | grep vfio | cut -d ":" -f 1); do
echo "${materusArg.materusPC.vmCoresMask}" > /proc/irq/$irq/smp_affinity;
done
'';
startHook = /*''
@@ -14,31 +36,42 @@ let
''
+*/
''
# Make sure nothing renders on gpu to prevent "sysfs: cannot create duplicate filename" after rebinding to amdgpu
chmod 0 /dev/dri/renderD128
fuser -k /dev/dri/renderD128
# Make sure nothing renders on gpu to prevent "sysfs: cannot create duplicate filename" after rebinding to amdgpu
chmod 0 /dev/dri/renderD128
fuser -k /dev/dri/renderD128
# Seems to fix reset bug for 7900 XTX
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
# Seems to fix reset bug for 7900 XTX
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
systemctl stop mountWin10Share.service
systemctl stop windows-share-mount.service
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
sleep 1s
sleep 1s
echo "10" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
echo "15" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
sync
echo "3" > /proc/sys/vm/drop_caches
sync
echo "1" > /proc/sys/vm/compact_memory
systemctl set-property --runtime -- user.slice AllowedCPUs=12-15,28-31
systemctl set-property --runtime -- system.slice AllowedCPUs=12-15,28-31
systemctl set-property --runtime -- init.scope AllowedCPUs=12-15,28-31
systemctl set-property --runtime -- user.slice AllowedCPUs=${materusArg.materusPC.hostCores}
systemctl set-property --runtime -- system.slice AllowedCPUs=${materusArg.materusPC.hostCores}
systemctl set-property --runtime -- init.scope AllowedCPUs=${materusArg.materusPC.hostCores}
echo "${materusArg.materusPC.hostCoresMask}" > /sys/bus/workqueue/devices/writeback/cpumask
echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
sysctl vm.stat_interval=120
sysctl -w kernel.watchdog=0
'';
'';
stopHook = ''
# Debugging
@@ -66,14 +99,24 @@ let
echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind
echo ''$VIRSH_GPU_AUDIO > /sys/bus/pci/drivers/snd_hda_intel/bind
systemctl start windows-share-mount.service
systemctl start mountWin10Share.service
systemctl set-property --runtime -- user.slice AllowedCPUs=0-31
systemctl set-property --runtime -- system.slice AllowedCPUs=0-31
systemctl set-property --runtime -- init.scope AllowedCPUs=0-31
systemctl set-property --runtime -- user.slice AllowedCPUs=${materusArg.materusPC.allCores}
systemctl set-property --runtime -- system.slice AllowedCPUs=${materusArg.materusPC.allCores}
systemctl set-property --runtime -- init.scope AllowedCPUs=${materusArg.materusPC.allCores}
echo "${materusArg.materusPC.allCoresMask}" > /sys/bus/workqueue/devices/writeback/cpumask
echo powersave | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
sysctl vm.stat_interval=1
sysctl -w kernel.watchdog=1
echo "${materusArg.materusPC.allCoresMask}" > /proc/irq/default_smp_affinity
for irq in /proc/irq/[0-9]*/smp_affinity; do
if [ $(cat $irq) = "${materusArg.materusPC.hostCoresMask}" ] || [ $(cat $irq) = "${materusArg.materusPC.vmCoresMask}" ]; then
echo "${materusArg.materusPC.allCoresMask}" > $irq 2> /dev/null
fi;
done;
'';
@@ -98,6 +141,10 @@ in
${startHook}
fi
if [ ''$2 = "started" ] && [ ''$3 = "begin" ]; then
${startedHook}
fi
if [ ''$2 = "release" ] && [ ''$3 = "end" ]; then
${stopHook}
fi
@@ -108,21 +155,19 @@ in
'';
};
systemd.services.mountWin10Share = {
systemd.services.windows-share-mount = {
wantedBy = [ "multi-user.target" ];
path = [ config.virtualisation.libvirtd.qemu.package pkgs.util-linux pkgs.kmod pkgs.coreutils ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
modprobe nbd max_part=16
sleep 1
qemu-nbd -c /dev/nbd0 /materus/data/VM/data.qcow2 --cache=unsafe --discard=unmap
sleep 1
mount /dev/nbd0p1 /materus/data/Windows -o uid=1000,gid=100
losetup -P /dev/loop6 /materus/data/VM/data.raw
mount /dev/loop6p1 /materus/data/Windows -o uid=1000,gid=100
'';
preStop = ''
umount /materus/data/Windows
qemu-nbd -d /dev/nbd0
umount -lf /materus/data/Windows
losetup -d /dev/loop6
'';
};
}
+23 -12
View File
@@ -2,15 +2,16 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, materusFlake, ... }:
{ pkgs, materusArg, config, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./pleroma.nix
];
./services
./secrets
];
materus.profile.nix.enable = true;
@@ -28,7 +29,7 @@
networking.hostName = "valkyrie"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = false; # Easiest to use and most distros use this by default.
networking.networkmanager.enable = false;
# Set your time zone.
time.timeZone = "Europe/Warsaw";
@@ -69,11 +70,13 @@
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [
packages = [
];
openssh.authorizedKeys.keyFiles = [ (materusFlake.selfPath + /extraFiles/keys/ssh/materus.pub) ];
openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
shell = pkgs.zsh;
};
users.users.acme.openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/waffentrager.pub") ];
users.users.acme.shell = pkgs.scponly;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
@@ -97,10 +100,10 @@
services.openssh.enable = true;
services.openssh.openFirewall = false;
services.openssh.settings.PermitRootLogin = "no";
services.openssh.settings.PasswordAuthentication = true;
services.openssh.settings.PasswordAuthentication = false;
services.adguardhome.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
@@ -141,12 +144,13 @@
security.acme.acceptTerms = true;
security.acme.defaults.email = "materus+acme@podkos.pl";
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
security.acme.defaults.dnsResolver = "9.9.9.9:53";
security.acme.certs."materus.pl" = {
domain = "materus.pl";
group = "nginx";
extraDomainNames = [ "*.materus.pl" ];
dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
};
security.acme.certs."podkos.pl" = {
@@ -154,7 +158,6 @@
group = "nginx";
extraDomainNames = [ "*.podkos.pl" ];
dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
};
security.acme.certs."podkos.xyz" = {
@@ -162,7 +165,15 @@
group = "nginx";
extraDomainNames = [ "*.podkos.xyz" ];
dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
};
security.acme.certs."${materusArg.waffentrager.samba.domain}" = {
domain = materusArg.waffentrager.samba.domain;
extraDomainNames = [
"${materusArg.waffentrager.samba.netbiosName}.${materusArg.waffentrager.samba.domain}"
];
dnsProvider = "ovh";
};
}
@@ -1,4 +1,4 @@
{ config, pkgs, materusPkgs, lib, ... }:
{ ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
@@ -10,7 +10,8 @@
enableTerminalExtra = false;
enableNixDevel = false;
fish.enable = true;
fish.enable = false;
bash.enable = true;
zsh.enable = true;
};
}
-146
View File
@@ -1,146 +0,0 @@
{ config, pkgs, lib, materusFlake, ... }:
let
socketPath = "/run/pleroma/http.sock";
socketChmod = with pkgs; with lib; pkgs.writers.writeBashBin "pleroma-socket"
''
coproc {
${inotify-tools}/bin/inotifywait -q -m -e create ${escapeShellArg (dirOf socketPath)}
}
trap 'kill "$COPROC_PID"' EXIT TERM
until ${pkgs.coreutils}/bin/test -S ${escapeShellArg socketPath}
do read -r -u "''${COPROC[0]}"
done
${pkgs.coreutils}/bin/chmod 0666 ${socketPath}
'';
soapbox = pkgs.stdenv.mkDerivation rec {
pname = "soapbox";
version = "v3.2.0";
dontBuild = true;
dontConfigure = true;
src = pkgs.fetchurl {
name = "soapbox";
url = "https://gitlab.com/soapbox-pub/soapbox/-/jobs/artifacts/${version}/download?job=build-production";
sha256 = "sha256-AdW6JK7JkIKLZ8X+N9STeOHqmGNUdhcXyC9jsQPTa9o=";
};
nativeBuildInputs = [pkgs.unzip];
unpackPhase = ''
unzip $src -d .
'';
installPhase = ''
mv ./static $out
'';
};
in
{
systemd.tmpfiles.rules = [
"d /var/lib/pleroma 0766 pleroma pleroma -"
"d /var/lib/pleroma/static 0766 pleroma pleroma -"
"d /var/lib/pleroma/uploads 0766 pleroma pleroma -"
"L+ /var/lib/pleroma/static/frontends/soapbox/${soapbox.version} 0766 pleroma pleroma - ${soapbox}"
];
services.nginx.virtualHosts."podkos.xyz" = {
http2 = true;
useACMEHost = "podkos.xyz";
forceSSL = true;
locations."/" = {
proxyPass = "http://unix:${socketPath}";
extraConfig = ''
etag on;
gzip on;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
if ($request_method = OPTIONS) {
return 204;
}
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy same-origin;
add_header X-Download-Options noopen;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
client_max_body_size 8m;
'';
};
};
systemd.services.pleroma.serviceConfig = {
RuntimeDirectory = "pleroma";
RuntimeDirectoryPreserve = true;
ExecStartPost = "${socketChmod}/bin/pleroma-socket";
ExecStopPost = ''${pkgs.coreutils}/bin/rm -f ${socketPath}'';
};
services.pleroma = {
enable = true;
secretConfigFile = "/var/lib/pleroma/secrets.exs";
configs = [
''
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "podkos.xyz", scheme: "https", port: 443],
http: [ip: {:local, "${socketPath}"}, port: 0]
config :pleroma, :instance,
name: "Podziemia Kosmosu",
email: "admin@podkos.xyz",
notify_email: "noreply@podkos.xyz",
limit: 5000,
registrations_open: false
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
socket: "/run/postgresql/.s.PGSQL.5432",
username: "pleroma",
database: "pleroma"
# Configure web push notifications
config :web_push_encryption, :vapid_details,
subject: "mailto:admin@podkos.x yz"
config :pleroma, :frontends,
primary: %{
"name" => "soapbox",
"ref" => "${soapbox.version}"
}
config :pleroma, :database, rum_enabled: false
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
config :pleroma, configurable_from_database: true
config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.AnonymizeFilename]
''
];
};
}
@@ -0,0 +1,35 @@
{ materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets.wireguard = { };
sops.secrets.discord-token = {};
sops.secrets.spotify-client-id = {};
sops.secrets.spotify-client-secret = {};
sops.secrets.youtube-api = {};
sops.secrets.certs = {};
sops.secrets.steamladder-api = {};
sops.secrets.webarchive-accesskey = {};
sops.secrets.webarchive-secretkey = {};
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -0,0 +1,41 @@
wireguard: ENC[AES256_GCM,data:i98U0ugxbNqWNuKR8u+mdWoSMLViHXfsWRBS1lvjb+hgGxveyzjBcagBIeY=,iv:/hF9oH2R6NSeHT/UQTlbmtx+gPX/3CJOLPNnxrzsY/g=,tag:2ub5w8uH2O1B2hoku8Kowg==,type:str]
discord-token: ENC[AES256_GCM,data:JQ/6MJvBlJpKzs/L0hFB1LPpQSfJvDdEB6YerVZyDqGo7plA0S5wORACgA88Dei1x1NGsXhYtiwT4vE9jjeCOlWXZdl1mA==,iv:BsDu1De0qLX/8VDiZ5co1q1LXxkz/Som9+hvm/67/xU=,tag:YO0wQNF3/AXbifpeAa935Q==,type:str]
spotify-client-id: ENC[AES256_GCM,data:WK7CJGw6mtIG3Jfp59cWx3ool4z1P09TvHcpbOQ2JV0=,iv:EaJ5ecXdmx0Ky+43xZITM811IOo4EisvPSyogXrJXng=,tag:NYTI4vLsWGa695CJ+TIgbw==,type:str]
spotify-client-secret: ENC[AES256_GCM,data:TnR+zLLklTfzMdR4woaZWuMVJQ9VIYsFM588GRO6WCY=,iv:cYiqw8ZdMgLeug4ptwPV3L+MeY6xIldfUBfiYg1mFD8=,tag:YDLh6BXFcBHnpdgM7e87wg==,type:str]
youtube-api: ENC[AES256_GCM,data:qmpFlFvudS9rXQfN+Th/UrPWCW0mg5GkpMucS/01AmOnlChqtojC,iv:q3bKwI2I6BNa3L9ezKCE1fWT/vZLiJ8uzug1z2z+TWA=,tag:gKG3HTz8jp2LAFh8e8O6sg==,type:str]
steamladder-api: ENC[AES256_GCM,data:m30o5atqugwqn/WbXGkUq5GvqiIKQT0kSRQCtHc1Gxk/dC3YcbDvMw==,iv:duLKl1NvysD0XMaUOkl/6nclMQB6seXcQYkGMrm7K7Y=,tag:9dw+UH10uAdca5fVdlw1Mg==,type:str]
webarchive-accesskey: ENC[AES256_GCM,data:jdKlHsZq2Dkk1BcBfUVv5g==,iv:BXCgPb/2W57PYXxRktInz1LxSEwlw6m3xnQU4TOPMeY=,tag:kK4+InaH7K4D4n1hyGaR+w==,type:str]
webarchive-secretkey: ENC[AES256_GCM,data:nuA9G5dNtrNfbcx0G/GUTg==,iv:RRuTm4kZr5dNjBt9Zvk/NVefHCZYODmRvWAqZizKGJY=,tag:J2V0Q3BzXNWifVVvAkwYyg==,type:str]
certs: ENC[AES256_GCM,data:ttmSNTTx51a3L2HTC8RnSphDLHO2OSyIgXQ0YpZGySTdu69mgEyhaiSi+IAXg/1AHKRjpFJgE4fhsLAiW78pNYb+Zg7aDL47YtABO99sTZrZnBxZo6k6itpZ3oClDch2ZALzoXChLroc0tUbZKwsfOwGe3pw9lOJZJT34AhV+BVoXDDLQcpQoxz23Baa8oxklecT6wpJ1u1nW+aAHw33gm41Vw==,iv:b0aNZwaRKBg+ipe5+19BowyFbCjZt52S738om6emYGo=,tag:lUqtcc4vVWKx/fnc19vj7A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1wscr6kv8393wv0fjaux8juplaxq55znlzrp62qyteq0fauu3yg0s7d7k98
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSRXNLdUZaVU13alNhVGgz
aXdMb3IzNjNQcHJFV2JLNVM2SUVBa3VNZlRFCkxxd21CTWVDUkVXbzR6ZEkxbm5J
VGorSkp6a2xSdHRHcFk5T3VYVlJJa0UKLS0tIE1WdHo5eTlpNEEyN25oSjk1KzdS
d2dMUUh1RDB3UnpEdFJsNHpQRXFWemMKc41dlOapTsvH91QLNhdPbrzerPFakOiX
J/uoZDMIhsmQxgQM7Fqxr05NywhI/ZjOtJS2bayp73O57xjjMYcyNQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-05T22:42:16Z"
mac: ENC[AES256_GCM,data:KSRGzHipb58uNYaRYXAy3y+D9cBG53RGxZpNrx2gy+CHbGtkUW1SWc4PPrBwBhb6+TN0vb1zHuOB4HK4Bys/jqmvGgVkO2VKj15MTFMpF5n6w0blFM7d5bCDydHAhvXEZA/PFWq97DTI1Zxb+N/HWJlefKCzYOHHWj7i4leKNjk=,iv:88Ekp0sjEo5UTBLUyYSrkP+MbIFcCmegclJIK3+0jOQ=,tag:H/ESeQhC1PEF00RiDnamyw==,type:str]
pgp:
- created_at: "2024-03-21T22:55:36Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdA667A9P/3ktuS2iEjxkv3aYMAGSu0oPGIX7dsC23VVgkw
OmcwhXxBnipcG+izbtNylXz5VonyyKHwdR2QIgkt9FEuC8lI17GHVyogTCFiP7Dj
1GgBCQIQN4EqFdiXqzJUeeE+PdOzVPs+1kStz+S1H22NjrJAFv67cbyIgwpItuXD
Sfao+MU1HWDY4iKZrcfWArUgpQj/pvsmUeJ72iXD3bkTTrK61g3GZA+g9lFewl/B
SORJMu9btS4GAw==
=aBMP
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
@@ -0,0 +1,38 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable dcbot";
config =
let
cfg = config.valkyrieService.dcbot;
in
lib.mkIf cfg.enable {
sops.templates."dcbot.env".content = ''
TOKEN=${config.sops.placeholder.discord-token}
MAX_PLAYLIST_SIZE=100
PRUNING=false
LOCALE=pl
DEFAULT_VOLUME=100
STAY_TIME=30
'';
systemd.tmpfiles.rules = [
"d /var/lib/muse 0776 root root -"
];
virtualisation.oci-containers.containers.dcbot = {
image = "eritislami/evobot:latest";
volumes = [
];
environmentFiles = [
config.sops.templates."dcbot.env".path
];
};
};
}
@@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
imports =
[
./pleroma.nix
./pihole.nix
./dcbot.nix
./secureyoursoul.nix
];
services.adguardhome.enable = true;
valkyrieService.pihole.enable = false;
valkyrieService.pleroma.enable = true;
valkyrieService.dcbot.enable = true;
valkyrieService.secureyoursoul.enable = true;
}
@@ -0,0 +1,56 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.pihole.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable pihole";
options.valkyrieService.pihole.dnsIP = lib.mkOption { default = "127.0.0.1"; };
options.valkyrieService.pihole.webIP = lib.mkOption { default = "127.0.0.1"; };
config =
let
cfg = config.valkyrieService.pihole;
dnsmasqConf = pkgs.writeText "02-dnsmasq-custom.conf" ''
no-hosts
'';
in
lib.mkIf config.valkyrieService.pihole.enable {
systemd.tmpfiles.rules = [
"d /var/lib/dnsmasq.d 0776 root root -"
"d /var/lib/pihole 0776 root root -"
"L+ /var/lib/dnsmasq.d/02-dnsmasq-custom.conf 0776 root root - ${dnsmasqConf}"
];
virtualisation.oci-containers.containers.pihole = {
image = "pihole/pihole:latest";
ports =
[
"${cfg.dnsIP}:53:53/tcp"
"${cfg.dnsIP}:53:53/udp"
"${cfg.webIP}:3000:80"
];
environment = {
TZ = "Europe/Warsaw";
FTLCONF_LOCAL_IPV4 = "127.0.0.1";
DNSMASQ_USER = "root";
VIRTUAL_HOST = "pi.hole";
PROXY_LOCATION = "pi.hole";
};
volumes = [
"/var/lib/pihole/:/etc/pihole/"
"/var/lib/dnsmasq.d:/etc/dnsmasq.d/"
"/nix/store:/nix/store"
];
extraOptions =
[
"--cap-add=NET_ADMIN"
"--dns=127.0.0.1"
"--dns=9.9.9.9"
"--hostname=pi.hole"
];
};
};
}
@@ -0,0 +1,149 @@
{ config, pkgs, lib, materusArg, ... }:
let
socketPath = "/run/pleroma/http.sock";
socketChmod = with pkgs; with lib; pkgs.writers.writeBashBin "pleroma-socket"
''
coproc {
${inotify-tools}/bin/inotifywait -q -m -e create ${escapeShellArg (dirOf socketPath)}
}
trap 'kill "$COPROC_PID"' EXIT TERM
until ${pkgs.coreutils}/bin/test -S ${escapeShellArg socketPath}
do read -r -u "''${COPROC[0]}"
done
${pkgs.coreutils}/bin/chmod 0666 ${socketPath}
'';
soapbox = pkgs.stdenv.mkDerivation rec {
pname = "soapbox";
version = "v3.2.0";
dontBuild = true;
dontConfigure = true;
src = pkgs.fetchurl {
name = "soapbox";
url = "https://gitlab.com/soapbox-pub/soapbox/-/jobs/artifacts/${version}/download?job=build-production";
sha256 = "sha256-AdW6JK7JkIKLZ8X+N9STeOHqmGNUdhcXyC9jsQPTa9o=";
};
nativeBuildInputs = [ pkgs.unzip ];
unpackPhase = ''
unzip $src -d .
'';
installPhase = ''
mv ./static $out
'';
};
in
{
options.valkyrieService.pleroma.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable pleroma";
config = lib.mkIf config.valkyrieService.pleroma.enable {
systemd.tmpfiles.rules = [
"d /var/lib/pleroma 0766 pleroma pleroma -"
"d /var/lib/pleroma/static 0766 pleroma pleroma -"
"d /var/lib/pleroma/uploads 0766 pleroma pleroma -"
"L+ /var/lib/pleroma/static/frontends/soapbox/${soapbox.version} 0766 pleroma pleroma - ${soapbox}"
];
services.nginx.virtualHosts."podkos.xyz" = {
http2 = true;
useACMEHost = "podkos.xyz";
forceSSL = true;
locations."/" = {
proxyPass = "http://unix:${socketPath}";
extraConfig = ''
etag on;
gzip on;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
if ($request_method = OPTIONS) {
return 204;
}
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy same-origin;
add_header X-Download-Options noopen;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
client_max_body_size 8m;
'';
};
};
systemd.services.pleroma.serviceConfig = {
RuntimeDirectory = "pleroma";
RuntimeDirectoryPreserve = true;
ExecStartPost = "${socketChmod}/bin/pleroma-socket";
ExecStopPost = ''${pkgs.coreutils}/bin/rm -f ${socketPath}'';
};
services.pleroma = {
enable = true;
secretConfigFile = "/var/lib/pleroma/secrets.exs";
configs = [
''
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "podkos.xyz", scheme: "https", port: 443],
http: [ip: {:local, "${socketPath}"}, port: 0]
config :pleroma, :instance,
name: "Podziemia Kosmosu",
email: "admin@podkos.xyz",
notify_email: "noreply@podkos.xyz",
limit: 5000,
registrations_open: false
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
socket: "/run/postgresql/.s.PGSQL.5432",
username: "pleroma",
database: "pleroma"
# Configure web push notifications
config :web_push_encryption, :vapid_details,
subject: "mailto:admin@podkos.x yz"
config :pleroma, :frontends,
primary: %{
"name" => "soapbox",
"ref" => "${soapbox.version}"
}
config :pleroma, :database, rum_enabled: false
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
config :pleroma, configurable_from_database: true
config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.AnonymizeFilename]
''
];
};
};
}
@@ -0,0 +1,141 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.secureyoursoul.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable secureyoursoul, web archive";
config =
let
cfg = config.valkyrieService.secureyoursoul;
in
lib.mkIf cfg.enable {
systemd.timers.secureyoursoul-steam = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-1,7,14,21 3:00:00";
Persistent = true;
Unit = "secureyoursoul-steam.service";
};
};
systemd.timers.secureyoursoul-p1 = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-3,9,16,23 3:00:00";
Persistent = true;
Unit = "secureyoursoul-p1.service";
};
};
systemd.timers.secureyoursoul-p2 = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-5,11,18,25 3:00:00";
Persistent = true;
Unit = "secureyoursoul-p2.service";
};
};
systemd.services.secureyoursoul-steam = {
description = "Make curl requests to archive steam related things";
path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
STEAM_IDS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.steamids })
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks-steam })
steamladder() {
for id in ''${STEAM_IDS[@]}; do
curl -X POST -H "Authorization: Token ''$(cat ${config.sops.secrets.steamladder-api.path})" \
"https://steamladder.com/api/v1/profile/$id/"
done;
}
webarchive(){
for id in ''${STEAM_IDS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=https://steamcommunity.com/profiles/$id" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
for link in ''${EXTRA_LINKS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=$link" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
}
steamladder &
webarchive
wait
'';
};
systemd.services.secureyoursoul-p1 = {
description = "Make curl requests to archive related things";
path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks1 })
webarchive(){
for link in ''${EXTRA_LINKS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=$link" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
}
webarchive
'';
};
systemd.services.secureyoursoul-p2 = {
description = "Make curl requests to archive related things - part 2";
path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks2 })
webarchive(){
for link in ''${EXTRA_LINKS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=$link" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
}
webarchive
'';
};
};
}
@@ -0,0 +1,155 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
materus.profile.nixpkgs.enable = true;
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
git
p7zip
unrar
bzip2
unzip
zstd
xz
zip
gzip
];
sound.enable = false;
boot.tmp.useTmpfs = true;
services.xserver.enable = false;
networking.hostName = "waffentrager";
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "no";
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPEDY+H8Hc/RSLE064AAh8IojvqxPd8BE5gec2aOfYMh materus@podkos.pl"
];
hashedPasswordFile = config.sops.secrets."users/materus".path;
shell = pkgs.zsh;
};
nix = {
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" "repl-flake" "no-url-literals" ];
trusted-users = [ "root" "@wheel" ];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE=" ];
};
};
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}
@@ -0,0 +1,10 @@
{ config, pkgs, materusCfg, ... }:
{
imports = [
materusCfg.configInputs.nixos-hardware.nixosModules.raspberry-pi-4
./configuration.nix
./secrets
./services
];
}
@@ -0,0 +1,46 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernel.sysctl = {
"vm.swappiness" = 10;
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [{
device = "/var/.swapfile";
size = 8 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}
@@ -0,0 +1,17 @@
{ config, pkgs, lib, ... }:
{
home.stateVersion = "23.11";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = false;
nixpkgs.enable = false;
enableDesktop = false;
enableTerminal = false;
enableTerminalExtra = false;
enableNixDevel = false;
fish.enable = false;
bash.enable = true;
zsh.enable = true;
};
}
@@ -0,0 +1,28 @@
{ materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
sops.secrets.wireguard = { };
sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.elements = { };
sops.secrets.nextcloud-adminpass = { };
}
@@ -0,0 +1,37 @@
wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
nextcloud-adminpass: ENC[AES256_GCM,data:5vohRPEcJJ8gIRro38O73ufSYYEp1DXpBgjCPdPnMcg=,iv:STh3k5wUwx3AfSDTPCXhuXbPb3d+Vi1cAaQN2a9eW1w=,tag:Ef/Z2Idvl6575Jvs2GDJ8A==,type:str]
elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
users:
materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1j34lqh0z6ak2c94n564wgyjeykn9srma34f5e5e7xvf498fwk3rqxvwx0l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvejRrcGVwZHNkTVB5dkYr
RnhVVjNEblFVd0xXSStqdjFhWVVNS3ljUTNZCnBFVmRRVVVENGhJUVg2L1lSM1NO
dkQydVhOaFVxd0p0aFhVcmp6eXdGeVEKLS0tIFIvRDlvZDdsbm1USEZUZ3FYMmla
eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-12T11:21:33Z"
mac: ENC[AES256_GCM,data:TbWjHvrJAB55AjFsbOK/IPb7v4wzqL2JGLvnNTr+ah/c2brdlq6DWeAF2+HA3FpLRt2a0MajwMTCsconoe8hW6Am/WO0FJBoYlneLAl/RlAv7BYfyorTD/Vyp9am7ml5T3f2pdYdsw1k/5RSn1ulUg43vSgi5es5Co8CtzC5hPE=,iv:+V48Azrr9yArwqNi3POYh7QaRMfUreCf7Bmv7kjV9qo=,tag:HDcMMCnyfVQRHTQJZB0R3Q==,type:str]
pgp:
- created_at: "2024-03-21T18:15:00Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAWetrf0jhs/b9qcQc4b21+PJUPdSjk372BjokfwJ2oXQw
4LaIaNB3LRmY4FF3UOqk28NwkwBw6n0AzYKC/k1G4ntaNBMI9eDtFJ1c1+KkxSl2
1GYBCQIQMCKcu2aBEMiIGOyG08vcRW2T23DUAfTQqQdRKD/SgSTqAZLSICVJ91xU
TBsdiPBKO2cRDfPc7DlVLbPNe/SUqVUX9N4GTGPUocXc1s6lvgx3NBP5cGoSNx+A
xCmXl373IDc=
=uSyc
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
@@ -0,0 +1,63 @@
{ config, materusArg, lib, pkgs, ... }:
let
cfg = config.waffentragerService.auth;
in
{
options.waffentragerService.auth.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable auth";
imports =
[
./samba.nix
];
config = lib.mkIf cfg.enable
{
waffentragerService.elements.enable = true;
waffentragerService.nginx.enable = true;
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
systemd.services.resolvconf.enable = false;
networking.hosts = {
"${materusArg.ips.wireguard.waffentrager}" = [
materusArg.waffentrager.samba.domain
"${materusArg.waffentrager.samba.netbiosName}.${materusArg.waffentrager.samba.domain}"
materusArg.waffentrager.samba.netbiosName
];
};
environment.etc = {
resolvconf = {
text = ''
search ${materusArg.waffentrager.samba.domain}
nameserver ${materusArg.waffentrager.samba.dnsIp}
nameserver 9.9.9.9
'';
};
};
systemd.timers.rsync-acme = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1min";
OnUnitActiveSec = "1h";
Unit = "rsync-acme.service";
};
};
systemd.services.rsync-acme = {
description = "Sync acme for samba";
path = [ pkgs.rsync ];
requires = [ "var-lib-mnt_acme.mount" ];
after = [ "var-lib-mnt_acme.mount" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
rsync -avzr --chmod=0600 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/key.pem ${materusArg.waffentrager.samba.servicePath}/tls/
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/chain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/fullchain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
'';
};
};
}
@@ -0,0 +1,91 @@
{ materusArg, config, lib, pkgs, ... }:
{
config =
let
cfg = config.waffentragerService.auth;
sambaCfg = config.services.samba;
servicePath = materusArg.waffentrager.samba.servicePath;
smbToString = x:
if builtins.typeOf x == "bool"
then lib.boolToString x
else builtins.toString x;
shareConfig = name:
let share = lib.getAttr name cfg.shares; in
"[${name}]\n " + (smbToString (
map
(key: "${key} = ${smbToString (lib.getAttr key share)}\n")
(lib.attrNames share)
));
in
lib.mkIf cfg.enable {
systemd.services.samba-smbd.enable = false;
systemd.services.samba = {
description = "Samba Service Daemon";
requires = [ "rsync-acme.service" ];
after = [ "rsync-acme.service" ];
requiredBy = [ "samba.target" ];
partOf = [ "samba.target" ];
serviceConfig = {
ExecStart = "${pkgs.samba4Full}/sbin/samba --foreground --no-process-group";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
LimitNOFILE = 16384;
PIDFile = "/run/samba.pid";
Type = "notify";
NotifyAccess = "all";
};
unitConfig.RequiresMountsFor = servicePath;
};
# https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
networking.firewall.allowedTCPPorts = [ 139 445 389 88 53 464 636 3268];
networking.firewall.allowedUDPPorts = [ 135 137 138 389 88 53 123 464];
systemd.tmpfiles.rules = [
"d ${servicePath}/tls/ 0600 root 3000000 -"
"d ${servicePath}/private/ 0600 root 3000000 -"
"d ${servicePath}/lock/ 0600 root 3000000 -"
"d ${servicePath}/cache/ 0600 root 3000000 -"
];
services.samba = {
enable = true;
enableNmbd = false;
enableWinbindd = false;
package = pkgs.samba4Full;
configText = ''
# Global parameters
[global]
dns forwarder = ${materusArg.waffentrager.samba.dnsIp}
netbios name = ${materusArg.waffentrager.samba.netbiosName}
realm = ${lib.toUpper materusArg.waffentrager.samba.domain}
server role = active directory domain controller
workgroup = ${materusArg.waffentrager.samba.workgroup}
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = yes
private dir = ${servicePath}/private
lock dir = ${servicePath}/lock
state directory = ${servicePath}/lock
cache directory = ${servicePath}/cache
tls enabled = yes
tls keyfile = ${servicePath}/tls/key.pem
tls certfile = ${servicePath}/tls/fullchain.pem
tls cafile = ${servicePath}/tls/chain.pem
[sysvol]
path = ${servicePath}/sysvol
read only = No
[netlogon]
path = ${servicePath}/sysvol/${materusArg.waffentrager.samba.domain}/scripts
read only = No
${sambaCfg.extraConfig}
${smbToString (map shareConfig (lib.attrNames sambaCfg.shares))}
'';
};
};
}
@@ -0,0 +1,20 @@
{ ... }:
{
imports =
[
./elements.nix
./postgresql.nix
./mount-acme.nix
./gitea.nix
./nginx.nix
./nextcloud.nix
./auth
];
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.mount-acme.enable = true;
waffentragerService.gitea.enable = true;
waffentragerService.nginx.enable = true;
waffentragerService.nextcloud.enable = true;
waffentragerService.auth.enable = true;
}
@@ -0,0 +1,40 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.elements.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable elements drive";
options.waffentragerService.elements.path = lib.mkOption { default = "/var/lib/elements"; };
options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; };
options.waffentragerService.elements.postgresqlDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/postgresql"; };
options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
config =
let
cfg = config.waffentragerService.elements;
in
lib.mkIf cfg.enable {
systemd.services.elements-mount = {
description = "Decrypt and mount elements drive";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.cryptsetup pkgs.coreutils pkgs.util-linux ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
mkdir -p ${cfg.path}
cryptsetup luksOpen /dev/disk/by-uuid/${cfg.uuid} elements -d ${config.sops.secrets.elements.path}
mount /dev/mapper/elements ${cfg.path}
'' + lib.optionalString config.waffentragerService.postgresql.enable ''
mkdir -p ${cfg.postgresqlDir}/${config.waffentragerService.postgresql.version}
chown -R postgres:postgres ${cfg.postgresqlDir}
'' + lib.optionalString config.waffentragerService.nextcloud.enable ''
mkdir -p ${cfg.nextcloudDir}
chown -R nextcloud:nextcloud ${cfg.nextcloudDir}
''
;
preStop = ''
umount ${cfg.path}
cryptsetup luksClose elements
'';
};
};
}
@@ -0,0 +1,62 @@
{ materusArg, config, lib, ... }:
{
options.waffentragerService.gitea.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable gitea";
config =
let
cfg = config.waffentragerService.gitea;
in
lib.mkMerge
[
(lib.mkIf cfg.enable {
waffentragerService.postgresql.enable = true;
waffentragerService.elements.enable = true;
services.gitea.enable = true;
services.gitea.lfs.enable = true;
services.gitea.stateDir = "${config.waffentragerService.elements.path}/services/gitea";
services.gitea.settings.service.DISABLE_REGISTRATION = true;
services.gitea.settings.server.DOMAIN = "baka.materus.pl";
services.gitea.settings.server.ROOT_URL = lib.mkForce "https://baka.materus.pl/";
services.gitea.settings.server.PROTOCOL = "fcgi+unix";
services.gitea.settings.cors = {
ENABLED = true;
X_FRAME_OPTIONS = "ALLOW-FROM https://*.materus.pl/";
};
services.gitea.database.type = "postgres";
services.gitea.database.socket = "/var/run/postgresql/";
})
(lib.mkIf (cfg.enable && config.waffentragerService.nginx.enable) {
services.nginx.virtualHosts = {
"baka.materus.pl" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
locations."/" = {
extraConfig = ''
client_max_body_size 2G;
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_pass unix:/var/run/gitea/gitea.sock;
'';
};
};
};
}
)
];
}
@@ -0,0 +1,20 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.mount-acme.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable mount-acme";
config =
let
cfg = config.waffentragerService.mount-acme;
in
lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ sshfs ];
systemd.mounts = [{
description = "Mount remote acme dir from valkyrie";
what = "acme@valkyrie:/var/lib/acme";
where = "/var/lib/mnt_acme";
type = "fuse.sshfs";
options = "reconnect,gid=${builtins.toString config.ids.gids.nginx},_netdev,rw,nosuid,allow_other,default_permissions,follow_symlinks,idmap=user,compression=yes,identityfile=/materus/root/ssh_host_ed25519_key";
wantedBy = [ "multi-user.target" ];
}];
};
}
@@ -0,0 +1,95 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.nextcloud.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable nextcloud";
config =
let
cfg = config.waffentragerService.nextcloud;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.nginx.enable = true;
environment.systemPackages = [ pkgs.samba pkgs.exiftool pkgs.ffmpeg-headless ];
sops.secrets.nextcloud-adminpass.owner = config.users.users.nextcloud.name;
sops.secrets.nextcloud-adminpass.group = config.users.users.nextcloud.group;
services.postgresql.ensureDatabases = [ "nextcloud" ];
services.postgresql.ensureUsers = [{
name = "nextcloud";
ensureDBOwnership = true;
}];
services.nextcloud = {
enable = true;
notify_push.enable = true;
package = pkgs.nextcloud28;
hostName = "waffentrager.materus.pl";
home = config.waffentragerService.elements.nextcloudDir;
config.adminuser = "master";
config.adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
config.dbtype = "pgsql";
config.defaultPhoneRegion = "PL";
config.trustedProxies = [ materusArg.ips.valkyrie materusArg.ips.wireguard.valkyrie materusArg.ips.wireguard.waffentrager ];
extraAppsEnable = true;
maxUploadSize = "4G";
https = true;
enableImagemagick = true;
configureRedis = true;
webfinger = true;
appstoreEnable = true;
database.createLocally = true;
nginx.recommendedHttpHeaders = true;
extraApps = with pkgs.nextcloud28Packages.apps; {
inherit notify_push previewgenerator;
};
extraOptions = {
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
enable_previews = true;
preview_format = "webp";
enabledPreviewProviders = [
''OC\Preview\Movie''
''OC\Preview\PNG''
''OC\Preview\JPEG''
''OC\Preview\GIF''
''OC\Preview\BMP''
''OC\Preview\XBitmap''
''OC\Preview\MP3''
''OC\Preview\MP4''
''OC\Preview\TXT''
''OC\Preview\MarkDown''
''OC\Preview\PDF''
''OC\Preview\WebP''
''OC\Preview\OpenDocument''
''OC\Preview\Krita''
''OC\Preview\AVIF''
];
"overwrite.cli.url" = "https://${config.services.nextcloud.hostName}";
};
globalProfiles = true;
phpOptions = {
"opcache.memory_consumption" = "512";
"opcache.interned_strings_buffer" = "64";
"opcache.max_accelerated_files"="50000";
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "128M";
"opcache.validate_timestamps" = "0";
"opcache.revalidate_freq" = "0";
"opcache.fast_shutdown" = "1";
"opcache.save_comments" = "1";
};
phpExtraExtensions = ex: [ ex.zip ex.zlib ex.tidy ex.smbclient ];
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
http3 = true;
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
};
};
}
@@ -0,0 +1,29 @@
{ materusArg, config, lib, ... }:
{
options.waffentragerService.nginx.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable nginx";
config =
let
cfg = config.waffentragerService.nginx;
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
};
systemd.services.nginx = {
requires = [ "var-lib-mnt_acme.mount" ];
after = [ "var-lib-mnt_acme.mount" ];
serviceConfig = {
restart = "always";
restartSec = 60;
};
};
};
}
@@ -0,0 +1,27 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.postgresql.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable postgresql";
options.waffentragerService.postgresql.version = lib.mkOption { default = "16"; };
config =
let
cfg = config.waffentragerService.postgresql;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
services.postgresql.enable = true;
services.postgresql.package = pkgs."postgresql_${cfg.version}";
services.postgresql.dataDir = "${config.waffentragerService.elements.postgresqlDir}/${cfg.version}";
services.postgresql.enableJIT = true;
services.postgresql.authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 scram-sha-256
'';
systemd.services.postgresql = {
partOf = [ "elements-mount.service" ];
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
};
}
+20 -3
View File
@@ -1,9 +1,26 @@
{ config, pkgs, lib, materusFlake, inputs, ... }:
{ config, pkgs, lib, materusCfg, ... }:
let
materusArg = {
pkgs = (import materusCfg.nixerus { inherit pkgs; }) //
(if pkgs.system == "x86_64-linux" then { i686Linux = import materusCfg.nixerus { pkgs = pkgs.pkgsi686Linux; }; } else { });
cfg = materusCfg;
};
in
{
imports = [
./nixpkgs.nix
./packages
./private
];
config._module.args.materusPkgs = (import inputs.configInputs.inputs.nixerus { inherit pkgs; }) //
(if pkgs.system == "x86_64-linux" then { i686Linux = import inputs.configInputs.inputs.nixerus { pkgs = pkgs.pkgsi686Linux; }; } else { });
options.materus.materusArg = lib.mkOption { default = { }; };
config._module.args.materusArg = config.materus.materusArg // materusArg;
config.assertions = [
{
assertion = materusCfg.materusFlake.decrypted;
message = "Repository not decrypted, use crypt.sh to decrypt";
}
];
}
+73 -4
View File
@@ -1,4 +1,4 @@
{ config, pkgs, inputs, lib,... }:
{ config, pkgs, lib, materusArg, materusCfg, ... }:
let
mkBoolOpt = default: description: lib.mkOption {
inherit default;
@@ -12,11 +12,80 @@ in
{
options.materus.profile.nixpkgs.enable = mkBoolOpt false "Enable materus nixpkgs config";
options.materus.profile.nixpkgs.enableOverlays = mkBoolOpt (cfg.enable) "Enable materus overlays";
options.materus.profile.nix.enableRegistry = mkBoolOpt (!materusCfg.isHm) "Enable materus nix registry";
config.nixpkgs.config = lib.mkIf cfg.enable{
config.nixpkgs.config = lib.mkIf cfg.enable {
allowUnfree = lib.mkDefault true;
joypixels.acceptLicense = lib.mkDefault true;
firefox.enablePlasmaBrowserIntegration = true;
};
config.nixpkgs.overlays = lib.mkIf cfg.enableOverlays [inputs.configInputs.inputs.emacs-overlay.overlay];
config.nixpkgs.overlays = lib.mkIf cfg.enableOverlays [ materusArg.cfg.configInputs.emacs-overlay.overlay ];
config.nix.package = lib.mkDefault pkgs.nixUnstable;
config.nix.registry = lib.mkIf config.materus.profile.nix.enableRegistry {
nixpkgs-stable = {
from = { type = "indirect"; id = "nixpkgs-stable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs-stable;
};
nixpkgs-unstable = {
from = { type = "indirect"; id = "nixpkgs-unstable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs;
};
nixpkgs = {
from = { type = "indirect"; id = "nixpkgs"; };
flake = materusCfg.configInputs.nixpkgs;
};
emacs-overlay = {
from = { type = "indirect"; id = "emacs-overlay"; };
flake = materusCfg.configInputs.emacs-overlay;
};
flake-utils = {
from = { type = "indirect"; id = "flake-utils"; };
flake = materusCfg.configInputs.flake-utils;
};
nixos-hardware = {
from = { type = "indirect"; id = "nixos-hardware"; };
flake = materusCfg.configInputs.nixos-hardware;
};
nixerus = {
from = { type = "indirect"; id = "nixerus"; };
flake = materusCfg.configInputs.nixerus;
};
devshell = {
from = { type = "indirect"; id = "devshell"; };
flake = materusCfg.configInputs.devshell;
};
home-manager = {
from = { type = "indirect"; id = "home-manager"; };
flake = materusCfg.configInputs.home-manager;
};
sops-nix = {
from = { type = "indirect"; id = "sops-nix"; };
flake = materusCfg.configInputs.sops-nix;
};
base16 = {
from = { type = "indirect"; id = "base16"; };
flake = materusCfg.configInputs.base16;
};
git-agecrypt = {
from = { type = "indirect"; id = "git-agecrypt"; };
flake = materusCfg.configInputs.git-agecrypt;
};
nur = {
from = { type = "indirect"; id = "nur"; };
flake = materusCfg.configInputs.nur;
};
};
}
@@ -1,14 +1,18 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
with materusPkgs.lib;
{ config, pkgs, lib, materusArg, ... }:
with materusArg.pkgs.lib;
{
imports = [
./fonts.nix
];
#Single Packages
options.materus.profile.packages.home-manager = mkPrivateVar inputs.configInputs.inputs.home-manager.packages.${pkgs.system}.home-manager;
options.materus.profile.packages.firefox = mkPrivateVar pkgs.firefox;
options.materus.profile.packages.home-manager = mkPrivateVar materusArg.cfg.configInputs.home-manager.packages.${pkgs.system}.home-manager;
options.materus.profile.packages.firefox = mkPrivateVar (pkgs.firefox.override {
nativeMessagingHosts = [
pkgs.plasma-browser-integration
];
});
#Package Lists
options.materus.profile.packages.list.nixRelated = mkPrivateVar (with pkgs; [
nix-prefetch
@@ -20,18 +24,18 @@ with materusPkgs.lib;
nix-tree
nix-diff
nix-ld
rnix-hashes
rnix-lsp
nil
nixpkgs-fmt
nixpkgs-review
]);
options.materus.profile.packages.list.desktopApps = mkPrivateVar (with pkgs; [
barrier
(discord.override { nss = nss_latest; withOpenASAR = true; withTTS = true;})
(discord.override { nss = nss_latest; withOpenASAR = true; withTTS = true; })
tdesktop
mpv
ani-cli
(pkgs.obsidian)
obsidian
nextcloud-client
spotify
thunderbird
keepassxc
@@ -16,14 +16,15 @@ let
pkgs.noto-fonts-cjk-serif
pkgs.wqy_zenhei
pkgs.corefonts
pkgs.hack-font
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
] ++ defaultFonts;
moreFonts = [
pkgs.ubuntu_font_family
pkgs.monocraft
pkgs.hack-font
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "Meslo" "ProFont" ]; })
(pkgs.nerdfonts.override { fonts = [ "DroidSansMono" "Meslo" "ProFont" "FiraCode"]; })
];
in
{
Binary file not shown.
+1 -1
View File
@@ -13,4 +13,4 @@
];
};
}
}
+18 -14
View File
@@ -1,21 +1,25 @@
{ config, lib, pkgs, materusPkgs, ... }:
let
cfg = config.materus.profile.browser;
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.browser;
osConfig = (if (builtins.hasAttr "osConfig" config._module.args) then config._module.args.osConfig else null);
in
{
options= let mkBoolOpt = materusPkgs.lib.mkBoolOpt; in{
materus.profile.browser.firefox.enable = mkBoolOpt config.materus.profile.enableDesktop "Enable Firefox with materus cfg";
materus.profile.browser.vivaldi.enable = mkBoolOpt config.materus.profile.enableDesktop "Enable Vivaldi with materus cfg";
materus.profile.browser.brave.enable = mkBoolOpt false "Enable Brave with materus cfg";
options = let mkBoolOpt = materusArg.pkgs.lib.mkBoolOpt; in {
materus.profile.browser.firefox.enable = mkBoolOpt false "Enable Firefox with materus cfg";
materus.profile.browser.vivaldi.enable = mkBoolOpt false "Enable Vivaldi with materus cfg";
materus.profile.browser.brave.enable = mkBoolOpt false "Enable Brave with materus cfg";
};
#TODO: Make some config
config.home.packages = [
(lib.mkIf cfg.firefox.enable config.materus.profile.packages.firefox)
(lib.mkIf cfg.vivaldi.enable pkgs.vivaldi)
(lib.mkIf cfg.brave.enable pkgs.brave)
config = lib.mkMerge [{
home.packages = [
(lib.mkIf cfg.firefox.enable config.materus.profile.packages.firefox)
(lib.mkIf cfg.vivaldi.enable pkgs.vivaldi)
(lib.mkIf cfg.brave.enable pkgs.brave)
] ++ [ (lib.mkIf (osConfig != null && osConfig.materus.profile.browser.enable) osConfig.materus.profile.browser.package)];
}
];
}
}
+12 -12
View File
@@ -1,4 +1,4 @@
{ config, lib, pkgs, materusPkgs, ... }:
{ config, lib, pkgs, materusArg, ... }:
let
packages = cfg.packages;
cfg = config.materus.profile;
@@ -7,22 +7,24 @@ in
imports = [
./fonts.nix
./browser.nix
./xdg.nix
./shell
./editor
./terminal
];
options.materus.profile.enableDesktop = materusPkgs.lib.mkBoolOpt false "Enable settings for desktop";
options.materus.profile.enableTerminal = materusPkgs.lib.mkBoolOpt true "Enable settings for terminal";
options.materus.profile.enableTerminalExtra = materusPkgs.lib.mkBoolOpt false "Enable extra settings for terminal";
options.materus.profile.enableNixDevel = materusPkgs.lib.mkBoolOpt false "Enable settings for nix devel";
options.materus.profile.enableDesktop = materusArg.pkgs.lib.mkBoolOpt false "Enable settings for desktop";
options.materus.profile.enableTerminal = materusArg.pkgs.lib.mkBoolOpt true "Enable settings for terminal";
options.materus.profile.enableTerminalExtra = materusArg.pkgs.lib.mkBoolOpt false "Enable extra settings for terminal";
options.materus.profile.enableNixDevel = materusArg.pkgs.lib.mkBoolOpt false "Enable settings for nix devel";
config =
{
home.packages = (if cfg.enableDesktop then packages.list.desktopApps else []) ++
(if cfg.enableNixDevel then packages.list.nixRelated else []) ++
(if cfg.enableTerminal then packages.list.terminalApps else []);
home.packages = (if cfg.enableDesktop then packages.list.desktopApps else [ ]) ++
(if cfg.enableNixDevel then packages.list.nixRelated else [ ]) ++
(if cfg.enableTerminal then packages.list.terminalApps else [ ]);
#Desktop
programs.feh.enable = lib.mkDefault cfg.enableDesktop;
@@ -50,8 +52,7 @@ in
enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
};
programs.tmux.enable = lib.mkDefault cfg.enableTerminal;
programs.tmux.clock24 = lib.mkDefault config.programs.tmux.enable;
programs.fzf = {
enable = lib.mkDefault cfg.enableTerminalExtra;
@@ -60,8 +61,7 @@ in
enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
};
programs.exa.enable = lib.mkDefault cfg.enableTerminalExtra;
programs.exa.enableAliases = lib.mkDefault config.programs.exa.enable;
programs.eza.enable = lib.mkDefault cfg.enableTerminalExtra;
programs.yt-dlp.enable = lib.mkDefault cfg.enableTerminalExtra;
+5 -5
View File
@@ -1,15 +1,15 @@
{ config, lib, pkgs, materusPkgs, ... }:
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.editor.code;
in
{
options.materus.profile.editor.code.enable = materusPkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable VSCodium with materus cfg";
options.materus.profile.editor.code.fhs.enable = materusPkgs.lib.mkBoolOpt false "Use fhs vscodium";
options.materus.profile.editor.code.fhs.packages = lib.mkOption { default = (ps: []);};
options.materus.profile.editor.code.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable VSCodium with materus cfg";
options.materus.profile.editor.code.fhs.enable = materusArg.pkgs.lib.mkBoolOpt false "Use fhs vscodium";
options.materus.profile.editor.code.fhs.packages = lib.mkOption { default = (ps: [ ]); };
config = lib.mkIf cfg.enable {
programs.vscode = {
enable = lib.mkDefault true;
package = lib.mkDefault (if (cfg.fhs.enable) then (pkgs.vscodium.fhsWithPackages cfg.fhs.packages) else pkgs.vscodium);
package = lib.mkDefault (if (cfg.fhs.enable) then (pkgs.vscodium.fhsWithPackages cfg.fhs.packages) else pkgs.vscodium);
mutableExtensionsDir = lib.mkDefault true;
};
materus.profile.fonts.enable = lib.mkDefault true;
@@ -3,6 +3,6 @@
imports = [
./code.nix
./neovim.nix
./emacs.nix
./emacs
];
}
}
@@ -1,25 +0,0 @@
{ config, lib, pkgs, materusPkgs, ... }:
let
cfg = config.materus.profile.editor.emacs;
in
{
options.materus.profile.editor.emacs.enable = materusPkgs.lib.mkBoolOpt false "Enable emacs with materus cfg";
config = lib.mkIf cfg.enable {
#TODO: Make config
/*home.activation.doomEmacs = lib.hm.dag.entryBetween [ "onFilesChange" ] [ "writeBoundry" ] ''
if [ ! -d ~/.emacs.d ] ;
then ${pkgs.git}/bin/git clone --depth 1 https://github.com/doomemacs/doomemacs ~/.emacs.d
fi
PATH="${config.programs.git.package}/bin:${config.programs.emacs.package}/bin:$PATH"
~/.emacs.d/bin/doom sync
'';
home.file.doomEmacs.source = "${materusArg.flakeData.extraFiles}/config/emacs/doom";
home.file.doomEmacs.target = "${config.xdg.configHome}/doom";*/
programs.emacs.enable = true;
programs.emacs.package = with pkgs; lib.mkDefault (if pkgs ? emacsUnstablePgtk then emacsUnstablePgtk else emacs-gtk);
};
}
@@ -0,0 +1,122 @@
{ config, lib, pkgs, materusArg, ... }:
let
configPath = "${materusArg.cfg.path}" + "/extraFiles/config/emacs/";
inits = import ./init.nix { path = configPath; inherit pkgs; };
packages = epkgs: with epkgs; [
load-relative
elcord
persp-mode
dashboard
magit
helm
avy
corfu
vterm
centaur-tabs
projectile
company
clipetty
treemacs
treemacs-nerd-icons
treemacs-perspective
treemacs-icons-dired
treemacs-magit
treemacs-projectile
tree-edit
vertico
nerd-icons
nerd-icons-completion
perspective
minions
telephone-line
rainbow-delimiters
use-package
cmake-mode
lsp-mode
lsp-java
lsp-jedi
lsp-haskell
lsp-ui
lsp-treemacs
dap-mode
d-mode
multiple-cursors
org
org-rainbow-tags
org-roam
org-roam-ui
org-review
markdown-mode
json-mode
nix-mode
minimap
moe-theme
doom-themes
];
default-config = ''
(defvar materus/nix-packages t)
(defvar materus/init-from-home nil)
(unless materus/init-from-home
(message "Config loading not from homeDir, need \"materus/init-from-home\" variable in init.el")
${setNixInit}
${inits.initText}
)
'';
emacsPkgs = with pkgs;[
python3
lua
multimarkdown
git
];
cfg = config.materus.profile.editor.emacs;
setNixInit = ''
(setenv "PATH" (concat (getenv "PATH") ":${lib.makeBinPath emacsPkgs}"))
${builtins.concatStringsSep "\n" (builtins.map (x: "(setq exec-path (append exec-path '(\""+x+"/bin\")))" ) emacsPkgs)}
(call-process-shell-command "${pkgs.xorg.xmodmap}/bin/xmodmap -e \"keycode 66 = Hyper_L\" -e \"remove Mod4 = Hyper_L\" -e \"add Mod3 = Hyper_L\" &" nil 0)
'';
in
{
options.materus.profile.editor.emacs.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable emacs with materus cfg";
config = lib.mkIf cfg.enable {
home.activation.emacsCompile = lib.hm.dag.entryAfter [ "linkGeneration" ] ''
run ${config.programs.emacs.finalPackage}/bin/emacs --batch \
--eval '(setq warning-minimum-log-level :error)' \
--eval '(byte-compile-file "${config.xdg.configHome}/emacs/early-init.el")' \
--eval '(byte-compile-file "${config.xdg.configHome}/emacs/init.el")'
'';
xdg.configFile."emacs/init.el".text = ''
(defvar materus/nix-packages nil)
(defvar materus/init-from-home t)
(setq-default materus/init-from-home t)
${setNixInit}
${inits.initText}
'';
xdg.configFile."emacs/early-init.el".text = ''
${inits.earlyInitText}
'';
programs.emacs = {
enable = true;
package = with pkgs; lib.mkDefault materusArg.pkgs.emacs-materus;
extraPackages = epkgs: ((packages epkgs));
extraConfig = default-config;
};
};
}
@@ -0,0 +1,17 @@
{ path, pkgs }:
{
earlyInitText = ''
${builtins.readFile (path + "early-init.el")}
'';
initText = ''
(defvar materus/init-from-home nil)
(when materus/init-from-home
(setq-default inhibit-defaul-init 1)
)
(setq-default materus/nix-packages (require 'doom-themes nil 'noerror))
${builtins.readFile (path + "packages.el")}
${builtins.readFile (path + "init.el")}
'';
}
+15 -34
View File
@@ -1,9 +1,9 @@
{ config, lib, pkgs, materusPkgs, ... }:
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.editor.neovim;
cfg = config.materus.profile.editor.neovim;
in
{
options.materus.profile.editor.neovim.enable = materusPkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable neovim with materus cfg";
options.materus.profile.editor.neovim.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable neovim with materus cfg";
config = lib.mkIf cfg.enable {
programs.neovim = {
enable = true;
@@ -11,43 +11,24 @@ in
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
withNodeJs = true;
withPython3 = true;
withRuby = true;
defaultEditor = true;
extraConfig = ''
set number
set number
'';
plugins = with pkgs.vimPlugins;[
nerdtree
syntastic
vim-fugitive
vim-airline
vim-nix
plugins = with pkgs.vimPlugins;[
syntastic
nvim-fzf
nvim-treesitter.withAllGrammars
coc-clangd
coc-python
coc-pyright
coc-sh
coc-git
coc-css
coc-yaml
coc-toml
coc-json
coc-html
coc-highlight
coc-java
coc-cmake
coc-vimlsp
];
vim-fugitive
vim-airline
vim-nix
nvim-fzf
nvim-treesitter.withAllGrammars
];
};
};
+4 -4
View File
@@ -1,13 +1,13 @@
{ config, pkgs, lib, materusPkgs, ... }:
{ config, pkgs, lib, materusArg, ... }:
let
packages = config.materus.profile.packages;
cfg = config.materus.profile.fonts;
in
{
options.materus.profile.fonts.enable = materusPkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable materus font settings";
options.materus.profile.fonts.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable materus font settings";
config = lib.mkIf cfg.enable {
fonts.fontconfig.enable = lib.mkDefault true;
home.packages = packages.list.fonts;
};
}
}
+12 -12
View File
@@ -1,20 +1,20 @@
{ config, pkgs, lib, materusFlake, materusPkgs, ... }:
let
cfg = config.materus.profile.bash;
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.bash;
in
{
options.materus.profile.bash.enable = materusPkgs.lib.mkBoolOpt config.materus.profile.enableTerminal "Enable materus bash config";
options.materus.profile.bash.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminal "Enable materus bash config";
config = lib.mkIf cfg.enable {
config = lib.mkIf cfg.enable {
programs.bash = {
enable = lib.mkDefault true;
enableCompletion = lib.mkDefault true;
enableVteIntegration = lib.mkDefault true;
historyControl = lib.mkDefault ["erasedups" "ignorespace"];
shellOptions = lib.mkDefault [ "autocd" "checkwinsize" "cmdhist" "expand_aliases" "extglob" "globstar" "checkjobs" "nocaseglob" ];
};
programs.bash = {
enable = true;
enableCompletion = lib.mkDefault true;
enableVteIntegration = lib.mkDefault true;
historyControl = lib.mkDefault [ "erasedups" "ignorespace" ];
shellOptions = lib.mkDefault [ "autocd" "checkwinsize" "cmdhist" "expand_aliases" "extglob" "globstar" "checkjobs" "nocaseglob" ];
};
};
}
@@ -1,9 +1,9 @@
{
imports = [
imports = [
./zsh.nix
./bash.nix
./fish.nix
./starship.nix
];
}
];
}
+6 -6
View File
@@ -1,12 +1,12 @@
{ config, pkgs, lib, materusFlake, materusPkgs, ... }:
let
cfg = config.materus.profile.fish;
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.fish;
in
{
options.materus.profile.fish.enable = materusPkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable materus fish config";
options.materus.profile.fish.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable materus fish config";
config = lib.mkIf cfg.enable {
programs.fish = {
enable = lib.mkDefault true;
enable = true;
};
};
}
}
@@ -1,13 +1,13 @@
{ config, pkgs, lib, materusFlake, materusPkgs, ... }:
{ config, pkgs, lib, materusArg, ... }:
let
profile = config.materus.profile;
cfg = config.materus.profile.starship;
in
{
options.materus.profile.starship.enable = materusPkgs.lib.mkBoolOpt (profile.zsh.enable || profile.bash.enable || profile.fish.enable) "Enable materus fish config";
options.materus.profile.starship.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus starship config";
config = lib.mkIf cfg.enable {
programs.starship.enable = lib.mkDefault cfg.enable;
programs.starship.enable = true;
programs.starship.settings = {
@@ -17,7 +17,7 @@ in
format = "$username@$hostname$all";
right_format = "$cmd_duration $time";
time = {
disabled = false;
style = "bold bright-black";
@@ -28,8 +28,8 @@ in
shell = {
disabled = false;
fish_indicator = "fish";
bash_indicator= "bash";
zsh_indicator= "zsh";
bash_indicator = "bash";
zsh_indicator = "zsh";
style = "blue bold";
};
+137 -44
View File
@@ -1,16 +1,61 @@
{ config, pkgs, lib, materusFlake, materusPkgs, options, ... }:
{ config, pkgs, lib, materusArg, ... }:
let
relToDotDir = file: (lib.optionalString (config.programs.zsh.dotDir != null) (config.programs.zsh.dotDir + "/")) + file;
pluginsDir =
if config.programs.zsh.dotDir != null then
relToDotDir "plugins" else "${config.home.homeDirectory}/.zsh/plugins";
p10kcfg = "${zshcfg}/p10kcfg";
zshcfg = "${materusFlake.selfPath}/extraFiles/config/zsh";
zshcfg = "${materusArg.cfg.path}" + "/extraFiles/config/zsh";
cfg = config.materus.profile.zsh;
enableStarship = config.materus.starship.enable;
makeEnv = name: val: ''${name}=''${${name}:-"${val}"}'';
makeIfVar = var: val: ret: ''
if [[ "''$${var}" = "${val}" ]]; then
${ret}
fi
'';
makePlugin = nameArg: fileArg: srcArg: rec {
name = nameArg;
src = srcArg;
path = pluginsDir + "/" + name;
file = fileArg;
fullPath = path + "/" + file;
};
extraPlugins = {
powerlevel10k = makePlugin "powerlevel10k" "powerlevel10k.zsh-theme" (pkgs.fetchFromGitHub {
owner = "romkatv";
repo = "powerlevel10k";
rev = "v1.20.0";
sha256 = "sha256-ES5vJXHjAKw/VHjWs8Au/3R+/aotSbY7PWnWAMzCR8E=";
});
sudo = makePlugin "sudo" "sudo.plugin.zsh" "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/sudo";
extract = makePlugin "extract" "extract.plugin.zsh" "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/extract";
};
in
{
options.materus.profile.zsh.enable = materusPkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable materus zsh config";
options.materus.profile.zsh.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable materus zsh config";
options.materus.profile.zsh.prompt = lib.mkOption {
type = lib.types.enum ["p10k" "starship"];
example = "p10k";
default = "p10k";
type = lib.types.enum [ "p10k" ];
example = "p10k";
default = "p10k";
};
options.materus.profile.zsh.endConfig = lib.mkOption {
default = "";
description = "Zsh config after all of config";
type = lib.types.lines;
};
@@ -19,77 +64,125 @@ in
pkgs.ripgrep
];
home.file = lib.mkMerge [
(builtins.foldl' (a: b: a // b) { } (builtins.map (plugin: { ${plugin.path}.source = plugin.src; }) (builtins.attrValues extraPlugins)))
{ "${relToDotDir ".zshrc"}".text = lib.mkAfter cfg.endConfig; }
];
programs.zsh = {
enable = true;
enableAutosuggestions = true;
enableSyntaxHighlighting = true;
enableVteIntegration = true;
historySubstringSearch.enable = true;
historySubstringSearch.searchUpKey = ";5A";
historySubstringSearch.searchDownKey = ";5B";
historySubstringSearch.searchUpKey = "$key[Up]";
historySubstringSearch.searchDownKey = "$key[Down]";
envExtra = ''
if [[ -z "$__MATERUS_HM_ZSH" ]]; then
__MATERUS_HM_ZSH=1
fi
if [[ -z "$__MATERUS_HM_ZSH_PROMPT" ]]; then
__MATERUS_HM_ZSH_PROMPT=${cfg.prompt}
fi
${makeEnv "__MATERUS_HM_ZSH" "1"}
${makeEnv "__MATERUS_HM_ZSH_PROMPT" cfg.prompt}
${makeEnv "__MATERUS_HM_ZSH_PRIVATE" "0"}
'';
initExtraFirst = lib.mkIf (cfg.prompt == "p10k" ) ''
if [[ -r "''${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''${(%):-%n}.zsh" ]]; then
source "''${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''${(%):-%n}.zsh"
initExtraFirst = ''
${makeIfVar "__MATERUS_HM_ZSH_PROMPT" "p10k" ''
if [[ -r "''${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''${(%):-%n}.zsh" ]]; then
source "''${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''${(%):-%n}.zsh"
fi
if [[ -f "${extraPlugins.powerlevel10k.fullPath}" ]]; then
source "${extraPlugins.powerlevel10k.fullPath}"
fi
''
}
if zmodload zsh/terminfo && (( "$terminfo[colors]" >= "256" )); then
__MATERUS_HM_ZSH_256COLORS="''${__MATERUS_HM_ZSH_256COLORS:-1}"; else
__MATERUS_HM_ZSH_256COLORS="''${__MATERUS_HM_ZSH_256COLORS:-0}";
fi
'';
if [[ -f "${extraPlugins.sudo.fullPath}" ]]; then
source "${extraPlugins.sudo.fullPath}"
fi
if [[ -f "${extraPlugins.extract.fullPath}" ]]; then
source "${extraPlugins.extract.fullPath}"
path+="${extraPlugins.extract.path}"
fpath+="${extraPlugins.extract.path}"
fi
'';
plugins = [
(lib.mkIf (cfg.prompt == "p10k" ) {
name = "powerlevel10k";
src = pkgs.fetchFromGitHub {
owner = "romkatv";
repo = "powerlevel10k";
rev = "bc5983543a10cff2eac30cced9208bbfd91428b8";
sha256 = "0s8ndbpmlqakg7s7hryyi1pqij1h5dv0xv9xvr2qwwyhyj6zrx2i";
};
file = "powerlevel10k.zsh-theme";
})
];
history = {
extended = true;
save = 100000;
size = 100000;
share = false;
share = true;
ignoreDups = true;
ignoreAllDups = true;
ignoreSpace = true;
};
completionInit = ''
ZSH_COMPDUMP="''${ZSH_COMPDUMP:-''${XDG_CACHE_HOME:-${config.home.homeDirectory}/.cache}/.zcompdump-''${HOST}-''${ZSH_VERSION}}"
autoload -U compinit && compinit -d $ZSH_COMPDUMP
'';
initExtra = ''
. ${zshcfg}/zinputrc
if [[ "$__ETC_ZSHRC_SOURCED" != "1" ]]; then
. ${zshcfg}/zinputrc
fi
source ${zshcfg}/zshcompletion.zsh
history-substring-search-up-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-up
}
history-substring-search-down-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-down
}
zle -N history-substring-search-up-prefixed
zle -N history-substring-search-down-prefixed
bindkey -r "^["
bindkey ";5C" forward-word
bindkey ";5D" backward-word
'' +
(if (cfg.prompt == "p10k" ) then
''
if zmodload zsh/terminfo && (( terminfo[colors] >= 256 )); then
bindkey "^[[1;5C" forward-word
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5A" history-substring-search-up-prefixed
bindkey "^[[1;5B" history-substring-search-down-prefixed
zsh-private() {
__MATERUS_HM_ZSH_PRIVATE=1 ${lib.getExe config.programs.zsh.package}
}
myip() {
${lib.getExe pkgs.wget} -qO- https://wtfismyip.com/text
}
speedtest() {
${lib.getExe pkgs.curl} -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | ${lib.getExe pkgs.python3}
}
'' +
makeIfVar "__MATERUS_HM_ZSH_PROMPT" "p10k" ''
if [[ "$__MATERUS_HM_ZSH_256COLORS" = "1" ]] ; then
[[ ! -f ${p10kcfg}/fullcolor.zsh ]] || source ${p10kcfg}/fullcolor.zsh
else
[[ ! -f ${p10kcfg}/compatibility.zsh ]] || source ${p10kcfg}/compatibility.zsh
fi
'' else "");
'' + makeIfVar "__MATERUS_HM_ZSH_PRIVATE" "1" ''
unset HISTFILE
${lib.optionalString config.programs.zsh.history.share "unsetopt SHARE_HISTORY"}
alias -- 'zsh'="__MATERUS_HM_ZSH_PRIVATE=0 zsh "
''
;
};
programs.starship.enableZshIntegration = lib.mkForce false;
programs.starship.enableZshIntegration = lib.mkDefault false;
};
@@ -0,0 +1,9 @@
{...}:
{
imports = [
./wezterm.nix
./tmux.nix
];
}
@@ -0,0 +1,20 @@
{ materusArg, config, lib, ... }:
let
cfg = config.materus.profile.tmux;
in
{
options.materus.profile.tmux.enable = materusArg.pkgs.lib.mkBoolOpt true "Enable materus tmux config";
config = lib.mkIf cfg.enable
{
programs.tmux = {
enable = true;
clock24 = lib.mkDefault true;
aggressiveResize = lib.mkDefault true;
escapeTime = lib.mkDefault 0;
historyLimit = lib.mkDefault 10000;
mouse = lib.mkDefault true;
terminal = lib.mkDefault "tmux-256color";
};
};
}
@@ -0,0 +1,45 @@
{ config, lib, materusArg, pkgs, ... }:
let
cfg = config.materus.profile.wezterm;
zshCfg = ''
source "${config.programs.wezterm.package}/etc/profile.d/wezterm.sh"
'';
in
{
options.materus.profile.wezterm.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable materus wezterm config";
options.materus.profile.wezterm.enableHackFont = materusArg.pkgs.lib.mkBoolOpt true "Enable hack nerd font for wezterm";
options.materus.profile.wezterm.enableWezcraft = materusArg.pkgs.lib.mkBoolOpt true "Enable alias to start wezcraft with monocraft font";
options.materus.profile.wezterm.extraConfig = lib.mkOption {
default = "";
description = "Config for wezterm";
type = lib.types.lines;
};
config = lib.mkIf cfg.enable
{
programs.wezterm.enable = true;
programs.wezterm.colorSchemes = { };
programs.wezterm.enableZshIntegration = false;
programs.wezterm.extraConfig = ''
package.path = package.path .. ";${materusArg.cfg.path}/extraFiles/config/wezterm/?.lua"
require("wezterm_config");
local config = materus_wezterm_config();
${lib.optionalString cfg.enableHackFont "config.font = wezterm.font 'Hack Nerd Font';"}
${cfg.extraConfig}
return config;
'';
home.packages = [
(lib.mkIf cfg.enableHackFont (pkgs.nerdfonts.override {
fonts = [ "Hack" ];
}))
(lib.mkIf cfg.enableWezcraft (pkgs.monocraft))
(lib.mkIf cfg.enableWezcraft (pkgs.writeShellScriptBin "wezcraft" ''
${lib.getExe config.programs.wezterm.package} --config font="wezterm.font 'Monocraft Nerd Font'" $@
''))
];
materus.profile.zsh.endConfig = lib.optionalString cfg.enableWezcraft zshCfg;
};
}
+40
View File
@@ -0,0 +1,40 @@
{ config, lib, materusArg, pkgs, ... }:
{
options.materus.profile.xdg =
{
enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable xdg settings";
};
config =
let
cfg = config.materus.profile.xdg;
in
lib.mkIf cfg.enable {
xdg.enable = true;
xdg.userDirs.enable = lib.mkDefault true;
xdg.userDirs.createDirectories = lib.mkDefault config.xdg.userDirs.enable;
xdg.userDirs.desktop = lib.mkDefault "${config.home.homeDirectory}/Pulpit";
xdg.userDirs.documents = lib.mkDefault "${config.home.homeDirectory}/Dokumenty";
xdg.userDirs.download = lib.mkDefault "${config.home.homeDirectory}/Pobrane";
xdg.userDirs.music = lib.mkDefault "${config.xdg.userDirs.extraConfig.XDG_AUDIO_DIR}/Muzyka";
xdg.userDirs.pictures = lib.mkDefault "${config.home.homeDirectory}/Obrazy";
xdg.userDirs.publicShare = lib.mkDefault "${config.home.homeDirectory}/Publiczny";
xdg.userDirs.templates = lib.mkDefault "${config.home.homeDirectory}/Szablony";
xdg.userDirs.videos = lib.mkDefault "${config.home.homeDirectory}/Wideo";
xdg.userDirs.extraConfig = {
XDG_MISC_DIR = lib.mkDefault "${config.home.homeDirectory}/Inne";
XDG_PIC_SCREENSHOTS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zrzuty ekranu";
XDG_PIC_MEMES_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Memy";
XDG_PIC_MISC_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Inne";
XDG_PIC_PHOTOS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zdjęcia";
XDG_PIC_AVATARS_DIR = "${config.xdg.userDirs.pictures}/Avatar";
XDG_AUDIO_DIR = lib.mkDefault "${config.home.homeDirectory}/Audio";
XDG_KEYS_DIR = lib.mkDefault "${config.xdg.userDirs.documents}/Klucze";
};
};
}
+23 -3
View File
@@ -1,9 +1,29 @@
{ config, pkgs, ... }:
{
{ config, pkgs, lib, ... }:
{
imports = [
./nix.nix
./fonts.nix
./shell
./games
./desktop
];
time.timeZone = lib.mkDefault "Europe/Warsaw";
i18n.defaultLocale = lib.mkDefault "pl_PL.UTF-8";
console = {
enable = lib.mkDefault true;
earlySetup = lib.mkDefault true;
font = lib.mkDefault "LatArCyrHeb-16";
keyMap = lib.mkDefault "pl";
};
programs.tmux = {
enable = lib.mkDefault true;
clock24 = lib.mkDefault true;
};
environment.systemPackages = lib.mkIf config.programs.tmux.enable [ pkgs.tmux.terminfo ];
}
@@ -0,0 +1,24 @@
{ materusArg, config, pkgs, lib, ... }:
let
cfg = config.materus.profile.browser;
in
{
options.materus.profile.browser.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus default browser config";
options.materus.profile.browser.default = lib.mkOption {
type = lib.types.enum [ "firefox" "brave" "vivaldi" ];
example = "vivaldi";
default = "brave";
};
options.materus.profile.browser.package = materusArg.pkgs.lib.mkPrivateVar
(if (cfg.default == "firefox") then config.materus.profile.packages.firefox else
if (cfg.default == "vivaldi") then pkgs.vivaldi else
if (cfg.default == "brave") then pkgs.brave else { });
config = lib.mkIf cfg.enable {
environment.systemPackages = [
config.materus.profile.browser.package
];
};
}
@@ -0,0 +1,6 @@
{
imports = [
./browser.nix
];
}
+12 -12
View File
@@ -1,24 +1,24 @@
{ config, pkgs, lib, materusPkgs, ... }:
{ config, pkgs, lib, materusArg, ... }:
let
packages = config.materus.profile.packages;
cfg = config.materus.profile.fonts;
in
{
options.materus.profile.fonts.enable = materusPkgs.lib.mkBoolOpt false "Enable materus font settings for OS";
options.materus.profile.fonts.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus font settings for OS";
config = lib.mkIf cfg.enable {
fonts.fonts = packages.list.fonts ++ packages.list.moreFonts;
fonts.enableDefaultFonts = lib.mkForce true;
fonts.fontconfig.enable = lib.mkForce true;
fonts.fontconfig.cache32Bit = lib.mkForce true;
fonts.packages = packages.list.fonts ++ packages.list.moreFonts;
fonts.enableDefaultPackages = lib.mkDefault true;
fonts.fontconfig.defaultFonts.sansSerif = [ "Noto Sans" "DejaVu Sans" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.serif = [ "Noto Serif" "DejaVu Serif" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.emoji = [ "Noto Color Emoji" "OpenMoji Color" ];
fonts.fontconfig.defaultFonts.monospace = [ "FiraCode Nerd Font Mono" "Noto Sans Mono" "WenQuanYi Zen Hei Mono" ];
fonts.fontconfig.enable = lib.mkDefault true;
fonts.fontconfig.cache32Bit = lib.mkDefault true;
fonts.fontDir.enable = lib.mkForce true;
fonts.fontconfig.defaultFonts.sansSerif = [ "Noto Sans" "DejaVu Sans" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.serif = [ "Noto Serif" "DejaVu Serif" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.emoji = [ "Noto Color Emoji" "OpenMoji Color" ];
fonts.fontconfig.defaultFonts.monospace = [ "Hack Nerd Font" "Noto Sans Mono" "WenQuanYi Zen Hei Mono" ];
fonts.fontDir.enable = lib.mkDefault true;
};
}
+1 -1
View File
@@ -1,5 +1,5 @@
{ config, pkgs, ... }:
{
{
imports = [
./steam.nix
];
+24 -36
View File
@@ -1,31 +1,8 @@
{ config, pkgs, lib, materusPkgs, inputs, ... }:
{ config, pkgs, lib, materusArg, inputs, ... }:
let
optHip = pkgs.stdenv.mkDerivation rec {
pname = "optHip";
version = pkgs.hip.version;
dontFixup = true;
dontBuild = true;
dontPatchELF = true;
dontUnpack = true;
sourceRoot = ".";
buildInputs = [
pkgs.hip
];
installPhase = ''
mkdir -p $out/opt/rocm
ln -s ${pkgs.hip} $out/opt/rocm/hip
'';
};
steamPkg = pkgs.steam.override {
extraPkgs = pkgs: [
#config.materus.profile.packages.firefox
optHip #for blender
pkgs.libdecor
pkgs.obs-studio-plugins.obs-vkcapture
pkgs.steamcmd
pkgs.nss_latest
@@ -55,15 +32,12 @@ let
pkgs.libinput
pkgs.openvdb
pkgs.openssl
pkgs.tbb_2021_8
pkgs.tbb
pkgs.gtk4
pkgs.gtk3
pkgs.glib
pkgs.gsettings-desktop-schemas
pkgs.fuse
pkgs.libsForQt5.breeze-qt5
pkgs.libsForQt5.breeze-gtk
pkgs.libsForQt5.dolphin
pkgs.samba4Full
pkgs.tdb
pkgs.jbig2enc
@@ -71,8 +45,11 @@ let
pkgs.vivaldi
pkgs.x264.lib
pkgs.steamtinkerlaunch
pkgs.pipewire
pkgs.gitFull
pkgs.git-lfs
] ++ config.materus.profile.packages.list.fonts;
] ++ config.materus.profile.packages.list.fonts ++ config.materus.profile.steam.extraPkgs;
extraLibraries = pkgs: [
pkgs.libkrb5
@@ -83,33 +60,44 @@ let
pkgs.fontconfig
pkgs.libxcrypt
pkgs.gnutls
pkgs.samba
pkgs.samba
pkgs.tdb
pkgs.jemalloc
pkgs.gperftools
] ++
(with config.hardware.opengl; if pkgs.hostPlatform.is64bit
then [ package ] ++ extraPackages
else [ package32 ] ++ extraPackages32);
extraEnv = {
XDG_DATA_DIRS = "/usr/share:\${XDG_DATA_DIRS}";
OBS_VKCAPTURE = "1";
};
extraEnv = config.materus.profile.steam.extraEnv;
};
cfg = config.materus.profile.steam;
in
{
options.materus.profile.steam.enable = materusPkgs.lib.mkBoolOpt false "Enable materus steam settings for OS";
options.materus.profile.steam.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus steam settings for OS";
options.materus.profile.steam.package = lib.mkOption {
type = lib.types.package;
default = steamPkg;
description = "Package used by steam";
};
options.materus.profile.steam.extraPkgs = lib.mkOption {
default = [ ];
description = "Extra packages for steam";
};
options.materus.profile.steam.extraEnv = lib.mkOption {
default = { };
description = "Extra Env for steam";
};
config = lib.mkIf cfg.enable {
hardware.steam-hardware.enable = lib.mkDefault true;
materus.profile.steam.extraEnv = {
XDG_DATA_DIRS = "/usr/share:\${XDG_DATA_DIRS}";
OBS_VKCAPTURE = "1";
};
programs.steam = {
enable = lib.mkDefault true;
dedicatedServer.openFirewall = lib.mkDefault true;
+3 -4
View File
@@ -1,11 +1,10 @@
{ config, pkgs, lib, inputs, materusPkgs, ... }:
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.nix;
in
{
options.materus.profile.nix.enable = materusPkgs.lib.mkBoolOpt false "Enable materus nix settings";
options.materus.profile.nix.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus nix settings";
config.nix = lib.mkIf cfg.enable {
package = lib.mkDefault pkgs.nixVersions.unstable;
settings = {
experimental-features = [ "nix-command" "flakes" "repl-flake" "no-url-literals" ];
@@ -17,7 +16,7 @@ in
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE="];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE=" ];
};
};
}
@@ -0,0 +1,7 @@
{
imports = [
./zsh.nix
];
}
+22
View File
@@ -0,0 +1,22 @@
{materusArg, config, pkgs, lib, ...}:
let
cfg = config.materus.profile.zsh;
in
{
options.materus.profile.zsh.enable = materusArg.pkgs.lib.mkBoolOpt true "Enable materus system zsh config";
config = lib.mkIf cfg.enable {
users.defaultUserShell = pkgs.zsh;
environment.shells = [ pkgs.zsh ];
programs.zsh = {
enable = true;
enableGlobalCompInit=false;
interactiveShellInit = ''
if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then
source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
fi
'';
promptInit = ''
'';
};
};
}
@@ -2,5 +2,4 @@
let
genHomes = import ./genHomes.nix { inherit inputs; inherit materusFlake; };
in
{ }
// genHomes "materus"
genHomes "materus"

Some files were not shown because too many files have changed in this diff Show More