217 Commits

Author SHA1 Message Date
materus 400dadba7f materusPC: more vm tuning 2024-04-22 15:33:31 +02:00
materus c6cdd9d8af materusPC: Window VM changes 2024-04-22 11:33:57 +02:00
materus fd3599f7f3 materusPC & Old-materusPC: set "/materus" as needed for boot to fix sops 2024-04-19 19:54:06 +02:00
materus d90b32d282 home-profile: add desktop packages 2024-04-19 18:30:42 +02:00
materus d6a451b6c5 materusPC: add wireguard config to networkmanager 2024-04-19 18:28:40 +02:00
materus f19a1bd613 materusPC: import apps.nix 2024-04-19 18:28:22 +02:00
materus be955fe3ca materusPC: fix kde after flake update 2024-04-19 18:27:59 +02:00
materus 7fabda1305 os-config: change steam tbb pkg 2024-04-19 18:27:36 +02:00
materus 15d193b2eb flake: update lock 2024-04-19 18:27:17 +02:00
materus 3fd49d452b materusPC: add apps.nix 2024-04-19 18:27:05 +02:00
materus 2959e10532 waffentrager: remove cert 2024-04-19 17:21:22 +02:00
materus 5d9c165df4 waffentrager: samba change dirs 2024-04-12 11:49:25 +02:00
materus afac05dad3 waffentrager: samba changes 2024-04-12 09:56:47 +02:00
materus d4125a7370 waffentrager: prepare samba DC 2024-04-12 01:38:50 +02:00
materus 98c975c430 os-config: wireguard settings 2024-04-11 22:12:03 +02:00
materus 6050896298 materusPC: change x11 options 2024-04-11 18:44:03 +02:00
materus 80e17cc9f4 waffentrager: add restart to nginx 2024-04-11 18:43:38 +02:00
materus b2d466a450 valkyrie: add links 2024-04-11 18:42:30 +02:00
materus a49963bb5c materusPC: disable emacs 2024-04-09 11:12:09 +02:00
materus c022070323 materusPC: change boot settings 2024-04-06 18:51:08 +02:00
materus 353bc71e19 os-config: remove setfont from zsh 2024-04-06 18:50:52 +02:00
materus b014b62c60 os-config: make default console config 2024-04-06 18:28:17 +02:00
materus 778fcb1b9d os-config: add zsh to "environment.shells" 2024-04-06 15:20:44 +02:00
materus 4cd531103a os-config: set zsh as default shell for users 2024-04-06 15:10:57 +02:00
materus f374e1a698 materusPC: console change font to full path 2024-04-06 14:23:59 +02:00
materus a0a81309cb materusPC: change console settings 2024-04-06 14:10:24 +02:00
materus 5fc7a32788 valkyrie: reorder links 2024-04-06 09:24:02 +02:00
materus 214c293128 valkyrie: slice archive timer to 3 units 2024-04-06 09:21:05 +02:00
materus cb5feba4a0 valkyrie: change links order 2024-04-06 03:17:29 +02:00
materus 7a2306bbd8 valkyrie: fix name 2024-04-06 03:14:41 +02:00
materus b28248d90f valkyrie: add links for webarchive 2024-04-06 02:39:27 +02:00
materus b28f17bc1c valkyrie: add links for webarchive 2024-04-06 02:17:06 +02:00
materus 563278d09a valkyrie: add links for webarchive 2024-04-06 01:43:21 +02:00
materus ebd32b675e valkyrie: add links for webarchive 2024-04-06 01:42:56 +02:00
materus 5da0de61a1 valkyrie: add web archive and steamladder curl request timer 2024-04-06 01:32:24 +02:00
materus f4107f214a home-profile: init tmux config 2024-04-05 23:02:26 +02:00
materus 575c698aa1 hosts: use zsh for materus user 2024-04-05 22:41:31 +02:00
materus 860c28efad waffentrager: fix auth 2024-04-05 22:41:05 +02:00
materus b4e3c7cea3 home-profile: change emacs package and font. materusPC: enable emacs 2024-04-05 21:57:37 +02:00
materus 38eafec797 valkyrie: increase dc bot playlist limit 2024-04-05 21:57:02 +02:00
materus 6870263c6a flake: update lock 2024-04-05 21:56:31 +02:00
materus 2cfdcf34bb valkyrie: change muse bot to evobot 2024-04-03 18:02:23 +02:00
materus b6ce980d0d valkyrie: change muse bot to evobot 2024-04-03 17:54:07 +02:00
materus 91c694193c valkyrie: add 404 error page 2024-04-03 14:28:48 +02:00
materus 75906dd151 flake: update lock 2024-04-03 11:08:59 +02:00
materus aff6076875 os-config: use brave as default browser 2024-04-03 11:08:02 +02:00
materus 6b5b53956b waffentrager: make auth emtpy 2024-04-03 10:52:20 +02:00
materus 12cba54eee materusPC: remove some comments 2024-04-03 10:45:17 +02:00
materus fe49e00096 materusPC: change materus shell to zsh, group formatting 2024-04-02 19:45:43 +02:00
materus b485f8a228 waffentrager: prepare auth service 2024-04-02 19:43:49 +02:00
materus 47c8d1c4ea home-profile & os-profile: zsh compinit changes 2024-04-01 22:52:49 +02:00
materus 0c31caf113 home-profile: updates 2024-04-01 22:14:27 +02:00
materus e4a320cbc8 home-profile: updates 2024-04-01 22:10:17 +02:00
materus fd039ff7cd home-profile: zsh remove starship option 2024-04-01 22:06:42 +02:00
materus e69a55340e home-profile: zsh and wezterm change 2024-04-01 21:57:25 +02:00
materus a19b5b9a3f home-profile: zsh ignore all hist dups 2024-04-01 21:15:32 +02:00
materus f0ae63d1b6 home-profile: change zsh keybind 2024-04-01 21:10:56 +02:00
materus 48e82bb70f os-profile: use hack instead firacode 2024-04-01 19:13:49 +02:00
materus 61ca7ef3bb home-profile: fix zsh propt if no env var 2024-03-31 23:52:36 +02:00
materus 62c24e24b8 home-profile: fix completion for zsh extract 2024-03-31 23:44:10 +02:00
materus 2a65700253 home-profile: changes to wezterm 2024-03-31 23:15:38 +02:00
materus eceae11a41 home-profile: changes to zsh and wezterm 2024-03-31 23:07:50 +02:00
materus b925022a9e home-profile: fix zsh config, fix type of wezterm option 2024-03-31 22:49:39 +02:00
materus ee7bcb1c0d home-profile: add extract plugin to zsh 2024-03-31 22:42:18 +02:00
materus a1eccd4d77 home-profile: move wezterm config to own file 2024-03-31 22:28:57 +02:00
materus 369ed384a4 home-profile: add "run" to emacs command 2024-03-31 22:09:15 +02:00
materus 8b1d9ff963 home-profile: init wezterm 2024-03-31 21:11:40 +02:00
materus e046b8878e home-profile: prepare for wezterm 2024-03-31 20:01:34 +02:00
materus 305c891d7d home-profile: zsh move colors check from zshenv 2024-03-31 19:03:36 +02:00
materus 6da0978779 home-profile: zsh add speedtest, use lib.getExe 2024-03-31 00:35:26 +01:00
materus e442af49ba home-profile: zsh add sudo plugin 2024-03-31 00:28:17 +01:00
materus cb65f9b455 Old-materusPC,materusPC: kde set XCURSOR_THEME 2024-03-30 23:21:37 +01:00
materus b299e40e3a home-profile: zsh change private mode 2024-03-30 21:23:50 +01:00
materus 8691fcd211 home-profile: zsh change colors detect 2024-03-30 21:10:34 +01:00
materus b91142f643 home-profile: zsh style changes 2 2024-03-30 20:58:11 +01:00
materus 8870c0e7e7 home-profile: zsh style changes 2024-03-30 20:44:41 +01:00
materus 9a18e2a37e Old-materusPC: ssh changes 2024-03-30 19:55:07 +01:00
materus 5f363c0709 Old-materusPC: add import of secrets 2024-03-30 19:52:14 +01:00
materus 9c09161f7b Old-materusPC: add import of secrets 2024-03-30 19:27:11 +01:00
materus 22bc3e753a Old-materusPC: init secrets 2024-03-30 19:22:46 +01:00
materus 6b9b5c42eb Old-materusPC: changes after reinstall 2024-03-30 18:58:33 +01:00
materus c8d584f8a4 configuration: prepare for browser changes 2024-03-30 15:41:52 +01:00
materus 1ccceb3415 configuration: clean, fix genHomes 2024-03-30 15:34:52 +01:00
materus 8f8ca90bba configuration: changes to browsers 2024-03-30 15:26:48 +01:00
materus 01c2d9809a home-profile: zsh change substring search 2024-03-30 00:32:38 +01:00
materus 9d791cf738 home-profile: zsh updates 2024-03-30 00:01:34 +01:00
materus 96c76e1578 Old-materusPC: update 2024-03-29 23:25:54 +01:00
materus 170cc0fc10 materusPC: xdg changes 2024-03-29 15:01:25 +01:00
materus 20683564ce materusPC: use wayland sddm 2024-03-29 14:51:39 +01:00
materus 8fda1956a1 home-config: add xdg.userDirs options 2024-03-28 22:49:38 +01:00
materus b20da0c854 waffentrager: postgres auth 2024-03-28 19:41:57 +01:00
materus 2deb047c86 materusPC: add hosts 2024-03-28 17:18:59 +01:00
materus 53566aa9e4 waffentrager: nextcloud php settings 2024-03-28 17:13:49 +01:00
materus 2c3ac41ee3 flake: update lock 2024-03-28 17:13:31 +01:00
materus 8ce0c144e5 configuration: changes 2024-03-27 11:23:52 +01:00
materus d1b0530596 waffentrager: nextcloud - edit preview formats 2024-03-26 20:14:37 +01:00
materus b08931075a materusPC: add webp support 2024-03-26 20:01:48 +01:00
materus 9dc390d1a4 waffentrager: nextcloud - add preview config 2024-03-26 15:29:45 +01:00
materus c2cac01772 waffentrager: nextcloud - enable profiles 2024-03-26 13:34:43 +01:00
materus 9329921cfb waffentrager: nextcloud - add config 2024-03-26 13:30:07 +01:00
materus 4d4157e63a waffentrager: nextcloud - add php extensions 2024-03-26 10:53:37 +01:00
materus f4e0d49672 waffentrager: postgresql - enable jit 2024-03-26 10:21:50 +01:00
materus f141ffaf89 waffentrager: nextcloud php settings 2024-03-26 10:21:34 +01:00
materus 382504ee53 waffentrager: add archivizers 2024-03-26 09:22:50 +01:00
materus 9242bc2a04 valkyrie: redirect change 2024-03-26 01:42:38 +01:00
materus e60d1a81f9 waffentrager: add nextcloud deps 2024-03-26 00:52:23 +01:00
materus 45d7f70792 waffentrager: allow iframe of gitea from nextcloud 2024-03-25 21:56:28 +01:00
materus f242dd700d waffentrager: add samba for nextcloud 2024-03-25 21:56:01 +01:00
materus f8b7da96a7 valkyrie: reverse proxy for nextcloud 2024-03-25 21:55:35 +01:00
materus f9d19b1d66 waffentrager: update gitea option 2024-03-25 20:13:18 +01:00
materus a9146bb628 waffentrager: add nextcloud, config: remove private inputs 2024-03-25 19:46:18 +01:00
materus cd78aabf19 Update README.md 2024-03-24 01:38:21 +01:00
materus 31cb2f4e65 valkyrie: nginx changes 2024-03-23 21:42:56 +01:00
materus d1cf546ac6 waffentrager: add gitea 2024-03-23 20:58:26 +01:00
materus 68e64038ff waffentrager: disable ssh root login 2024-03-23 17:56:09 +01:00
materus 4e0b7b6dd0 waffentrager: use nginx gid instead of uid 2024-03-23 16:36:22 +01:00
materus 3b285229d7 waffentrager: add acme mount from valkyrie 2024-03-23 16:18:53 +01:00
materus 597131aba4 waffentrager: add elements service description 2024-03-23 15:48:51 +01:00
materus 7c52e76348 valkyrie: add acme access for waffentrager 2024-03-23 15:39:15 +01:00
materus bc4d4750c0 valkyrie: move certs to sops file 2024-03-23 15:21:13 +01:00
materus b9397c8fd4 home-profile: restore old zsh settings name to work on stable 2024-03-23 15:21:05 +01:00
materus 78ee10572a configuration: update options to get rid of deprecation warnings 2024-03-23 14:02:51 +01:00
materus 0e985b318f waffentrager: postresql dir creation 2024-03-23 12:42:02 +01:00
materus d5ef421ebb waffentrager: postresql version 2024-03-23 12:39:23 +01:00
materus b700364ac1 waffentrager: changes to postgresql dir 2024-03-23 12:33:10 +01:00
materus d204976cce waffentrager: add postgresql 2024-03-23 11:45:10 +01:00
materus c47555fec7 waffentrager: add elements drive service 2024-03-23 02:30:39 +01:00
materus e9998e42c3 valkyrie: fix muse description 2024-03-23 01:49:03 +01:00
materus a66570226c Add muse bot to valkyrie 2024-03-22 20:12:00 +01:00
materus a76b42c3da valkyrie: move secrets 2024-03-22 00:00:20 +01:00
materus e17d19dcfd commond: change warning to assertion 2024-03-21 23:43:36 +01:00
materus 1c58fc1a2f crypt.sh: check git only before encrypt/decrypt 2024-03-21 23:36:48 +01:00
materus cdc41c3934 configurations: use home-manager module by default 2024-03-21 23:01:42 +01:00
materus bc40af000f waffentrager: import secrets 2024-03-21 19:36:19 +01:00
materus 8217fb3c80 flake: update lock 2024-03-21 19:33:18 +01:00
materus 15cf859638 waffentrager: add secrets 2024-03-21 19:30:54 +01:00
materus 114c2e93be Fix zsh prompt 2024-03-21 18:55:50 +01:00
materus fe55b38bf9 Change usage of mkForce 2024-03-17 10:25:09 +01:00
materus 14349441ac materusPC: updates to work on unstable 2024-03-16 19:24:04 +01:00
materus bec5c7e764 flake: update lock 2024-03-16 19:23:25 +01:00
materus 4e9a593443 materusPC: fixes for plasma 6 2024-03-11 16:46:48 +01:00
materus 04ad6ac1cd code: nixpkgs-fmt to format code 2024-03-11 16:19:31 +01:00
materus 8ecb892244 common: change remove rnix-lsp, add nil and nixpkgs-fmt, move nix default package to common 2024-03-11 16:15:04 +01:00
materus c88c7c029a flake: update lock 2024-03-11 15:36:12 +01:00
materus 990e23c0af Merge branch 'master' of github.com:materusPL/nixos-config 2024-03-11 15:34:41 +01:00
materus c48c02593f materusPC: add rustup again 2024-03-11 15:33:14 +01:00
materus b76733543c Old-materusPC: home, disable emacs 2024-03-09 19:33:08 +01:00
materus 59b65b3dd6 Old-materusPC: add git-crypt 2024-03-09 19:32:51 +01:00
materus 205ab654f3 flake: update lock 2024-03-09 19:17:31 +01:00
materus 130fbaddb4 Revert "materusPC: add rustup to vscodium"
This reverts commit 60542cf0c9.
2024-03-07 12:15:23 +01:00
materus 60542cf0c9 materusPC: add rustup to vscodium 2024-03-07 11:43:15 +01:00
materus dee6533fd1 materusPC: add audio plugins 2024-03-05 13:36:20 +01:00
materus 53ef892a5b materusPC: change audio settings 2024-03-05 13:25:01 +01:00
materus 2cd1ceb0b9 materusPC: kde changes 2024-03-05 12:46:35 +01:00
materus 98129881a1 config: add flake registry option 2024-03-05 12:46:21 +01:00
materus c9e496d80c flake: update lock 2024-03-05 12:45:46 +01:00
materus f9182a61b8 materusPC: change to plasma6 2024-03-04 12:33:48 +01:00
materus 81d7fdfec1 crypt.sh: add delete and create file func 2024-03-03 13:20:02 +01:00
materus 24885efdb4 materusPC: use gnome3 pinentry 2024-03-03 13:19:40 +01:00
materus 8293c9ff44 hosts: add hostPath; home: add homePath 2024-03-03 02:50:46 +01:00
materus 41114f4960 fix typo 2024-03-03 01:24:55 +01:00
materus e702504dee git-crypt: more tests 2024-03-03 01:23:53 +01:00
materus deaa785e1f git-crypt: add simple script to unlock repo 2024-03-03 00:55:45 +01:00
materus 3e93bbfd82 materusPC: add git-crypt to all users 2024-03-03 00:31:40 +01:00
materus e449ce8c56 git-cryp: test 2024-03-03 00:26:24 +01:00
materus cf78dd369e materusPC: secrets test 2024-03-03 00:03:02 +01:00
materus 36e1db6cb1 materusPC: secrets 2024-03-02 23:34:32 +01:00
materus 2af5e3f2a3 materusPC: add git-crypt to home 2024-03-02 22:50:52 +01:00
materus 960ee6fee6 git-crypt: test 2024-03-02 22:41:06 +01:00
materus ad67342e5d Add 1 git-crypt collaborator
New collaborators:

	B75B790D Mateusz "materus" Słodkowicz (materus.pl) <materus@podkos.pl>
2024-03-02 22:39:35 +01:00
materus e8a91e22b6 git-crypt: attributes 2024-03-02 22:38:39 +01:00
materus 8218e3e8cb materusPC: prepare sops 2024-03-02 22:36:43 +01:00
materus c5a5265557 flake: update lock; change all configInputs.inputs to configInputs 2024-03-02 19:51:38 +01:00
materus a7ad639465 flake: update lock; materusPC: remove useless caps config, change sddm to x11 2024-03-02 19:43:32 +01:00
materus 547fd5165c zsh: update 2024-02-26 01:23:15 +01:00
materus 88bdef3961 config: add check if home-manager 2024-02-25 22:30:13 +01:00
materus 64e8520dbd Revert "config: add check if home-manager"
This reverts commit 1b6e1b5d58.
2024-02-25 22:21:11 +01:00
materus 1b6e1b5d58 config: add check if home-manager 2024-02-25 22:07:53 +01:00
materus c1f9da7b40 config: add materusArg module 2024-02-25 18:51:56 +01:00
materus f0d5df9cca flake: update, config: code cleaning 2024-02-25 18:25:39 +01:00
materus 011ceddcb5 flake: update lock 2024-02-23 01:26:47 +01:00
materus 0ea4fac018 remove args, disable emacs, change jdk 2024-02-23 01:19:54 +01:00
materus 59e69924bb update 2024-02-10 12:29:42 +01:00
materus 44dc207b5b config update 2023-12-22 11:53:49 +01:00
materus 4198f3d2d9 configurations: update 2023-11-20 14:14:23 +01:00
materus 32c47479b1 emacs: create one config file 2023-11-15 00:07:16 +01:00
materus cf3a2d98c7 update lock and emacs 2023-11-14 23:25:05 +01:00
materus cf0c1a685e configuration: changes to emacs and others 2023-11-13 00:44:03 +01:00
materus c0cd2a0f19 configurations: update 2023-11-08 10:46:45 +01:00
materus a6c581ee04 emacs: update 2023-11-05 11:59:54 +01:00
materus 4dde3a0e00 .gitignore 2023-11-05 00:16:44 +01:00
materus cc175120b5 emacs: remove evil, add .gitignore 2023-11-04 16:44:02 +01:00
materus dd8779a2e4 emacs: changes to config 2023-11-04 10:50:50 +01:00
materus 1bd2fc3ae1 flake: update lock, change to home-manager stable flake 2023-11-03 16:07:18 +01:00
materus c999f5581d Old-materusPC: Move config of old PC here 2023-11-03 16:06:37 +01:00
materus da1a963d51 configurations: update 2023-10-31 14:40:57 +01:00
materus 54fde216c1 valkyrie: resolved adguard problems, go back to adguard instead of pihole 2023-10-29 01:17:48 +02:00
materus 12926bd6a1 flake: update lock 2023-10-29 01:16:55 +02:00
materus 8896ae977e configurations: add waffentrager host 2023-10-27 19:04:55 +02:00
materus f2c82ea93f configurations: formatting and some cleaning 2023-10-27 17:00:26 +02:00
materus 0ac720823c Create README.md 2023-10-27 14:52:21 +02:00
materus 203a6d868a remove pointless flake 2023-10-27 14:03:09 +02:00
materus 2f0a613381 configurations: Add stable nixpkgs for other hosts, use one Arg 2023-10-27 14:01:54 +02:00
materus 154d850e49 configurations: formatting 2023-10-27 12:30:38 +02:00
materus 1bbf628ea9 configurations: update emacs conf 2023-10-25 19:28:25 +02:00
materus 614dea0e57 configurations: update 2023-10-25 15:34:43 +02:00
materus fbcd102ea1 configurations: update 2023-10-25 00:06:20 +02:00
materus 6e78af6852 flake: update lock 2023-10-25 00:06:05 +02:00
materus 1b234d065d configurations: update 2023-10-20 23:29:09 +02:00
materus 1c7efbba8d valkyrie: change adguard to pihole 2023-10-20 23:28:59 +02:00
materus e7e17d4e39 flake: update lock 2023-10-20 23:28:10 +02:00
materus 736d751962 configurations: update 2023-10-14 15:01:22 +02:00
materus 609f9252dc configurations: update 2023-10-14 14:40:37 +02:00
materus 08819b8107 flake: update configInputs 2023-10-08 16:38:42 +02:00
materus ef9fa061e6 update flake 2023-10-08 16:32:38 +02:00
materus f25e201e50 inputs 2023-10-08 16:12:00 +02:00
materus bf276c349f Init commit 2023-10-08 11:42:08 +02:00
167 changed files with 4446 additions and 4559 deletions
-2
View File
@@ -1,3 +1 @@
\#*\#
.vscode
.theia
+18
View File
@@ -0,0 +1,18 @@
# nixos-config
My NixOS and home-manager configs.
Dotfiles and helper scripts.
Not all config is here, some I keep in private flake.
## Hosts
materusPC - my main PC
Old-materusPC - my old PC, barely used
flamaster - my laptop, used mostly as server for games.
valkyrie - VPS, my website and pleroma instance
waffentrager - raspberry pi4, home server
-2
View File
@@ -1,2 +0,0 @@
MATERUS = {}
require("materus")
-32
View File
@@ -1,32 +0,0 @@
vim.opt.number = true
vim.opt.expandtab = true
vim.opt.cursorline = true
vim.opt.shiftwidth = 2
vim.opt.softtabstop = 2
vim.opt.tabstop = 2
vim.opt.clipboard:append { 'unnamed', 'unnamedplus' }
--vim.g.cord_defer_startup = true
vim.pack.add({
"https://github.com/nvim-lua/plenary.nvim",
"https://github.com/muniftanjim/nui.nvim",
"https://github.com/nvim-tree/nvim-web-devicons",
"https://github.com/lewis6991/gitsigns.nvim",
"https://github.com/mofiqul/dracula.nvim",
"https://github.com/hrsh7th/nvim-cmp",
"https://github.com/neovim/nvim-lspconfig",
"https://github.com/stevearc/oil.nvim",
"https://github.com/nvim-mini/mini.icons",
"https://github.com/nvim-neo-tree/neo-tree.nvim",
"https://github.com/romgrk/barbar.nvim",
"https://github.com/nvim-telescope/telescope.nvim",
"https://github.com/lambdalisue/vim-suda",
"https://github.com/dstein64/nvim-scrollview",
"https://github.com/vyfor/cord.nvim"
})
vim.cmd.colorscheme("dracula")
if vim.fn.executable("tree-sitter") == 1 and MATERUS.NIXOS ~= 1 then
end
-6
View File
@@ -1,6 +0,0 @@
__HOME_ZPROFILE_SOURCED=1
[[ -f "$ZSH_DATA_DIR/nix_profile.sh" ]] && source "$ZSH_DATA_DIR/nix_profile.sh"
[[ -f "/etc/profile" ]] && emulate sh -c "source /etc/profile"
[[ -f "~/.profile" ]] && emulate sh -c "source ~/.profile"
-141
View File
@@ -1,141 +0,0 @@
__HOME_ZSHRC_SOURCED=1
if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then
source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh"
fi
bindkey -e
if [ -n "$EAT_SHELL_INTEGRATION_DIR" ]; then
source "$EAT_SHELL_INTEGRATION_DIR/zsh";
fi
#Check if terminal is fullcolor
if zmodload zsh/terminfo && (( "$terminfo[colors]" >= "256" )); then
__MATERUS_ZSH_256COLORS="${__MATERUS_ZSH_256COLORS:-1}"; else
__MATERUS_ZSH_256COLORS="${__MATERUS_ZSH_256COLORS:-0}";
fi
#MSYS
if [[ "$(uname -s)" =~ ^MSYS_NT.* ]]; then
#Use windows symlink instead copy
MSYS=winsymlinks:nativestrict
fi
#region Plugins
# Clone plugins if not exists
[ -d $ZSH_DATA_DIR/plugins/powerlevel10k ] || git clone https://github.com/romkatv/powerlevel10k $ZSH_DATA_DIR/plugins/powerlevel10k
[ -d $ZSH_DATA_DIR/plugins/zsh-syntax-highlighting ] || git clone https://github.com/zsh-users/zsh-syntax-highlighting.git $ZSH_DATA_DIR/plugins/zsh-syntax-highlighting
[ -d $ZSH_DATA_DIR/plugins/zsh-history-substring-search ] || git clone https://github.com/zsh-users/zsh-history-substring-search.git $ZSH_DATA_DIR/plugins/zsh-history-substring-search
[ -d $ZSH_DATA_DIR/plugins/zsh-autosuggestions ] || git clone https://github.com/zsh-users/zsh-autosuggestions $ZSH_DATA_DIR/plugins/zsh-autosuggestions
source ${ZSH_DATA_DIR}/plugins/powerlevel10k/powerlevel10k.zsh-theme
source ${ZSH_DATA_DIR}/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
source ${ZSH_DATA_DIR}/plugins/zsh-history-substring-search/zsh-history-substring-search.zsh
source ${ZSH_DATA_DIR}/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh
#endregion
#region SUBSTRING SEARCH
history-substring-search-up-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-up
}
history-substring-search-down-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-down
}
zle -N history-substring-search-up-prefixed
zle -N history-substring-search-down-prefixed
#endregion
#region Init Variables
export SAVEHIST=100000
export HISTSIZE=$SAVEHIST
export ZSH_PRIVATE=${ZSH_PRIVATE:-0}
mkdir -p $ZSH_DATA_DIR
mkdir -p $ZSH_DATA_DIR/plugins
# Load config generated by nix
[[ -f "$ZSH_DATA_DIR/nix.sh" ]] && source "$ZSH_DATA_DIR/nix.sh"
setopt HIST_SAVE_NO_DUPS
setopt HIST_IGNORE_SPACE
setopt HIST_IGNORE_DUPS
setopt HIST_IGNORE_ALL_DUPS
setopt EXTENDED_HISTORY
# Private history mode
if [[ $ZSH_PRIVATE == 1 ]] then
export HISTFILE="/dev/null";
unsetopt SHARE_HISTORY;
else
export HISTFILE="$ZSH_DATA_DIR/zsh_history";
setopt SHARE_HISTORY;
fi
#endregion
#region Bindings
source ${ZSH_CONFIG_DIR}/extra/zinputrc
bindkey -r "^["
bindkey "^[[1;5C" forward-word
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5A" history-substring-search-up-prefixed
bindkey "^[[1;5B" history-substring-search-down-prefixed
bindkey "$key[Up]" history-substring-search-up
bindkey "$key[Down]" history-substring-search-down
bindkey '^[[3~' delete-char
bindkey '^[[3;2~' delete-word
#endregion
#region Completions
ZSH_COMPDIR="${ZSH_COMPDIR:-${XDG_CACHE_HOME:-${HOME}/.cache}/zsh}"
ZSH_COMPDUMP="${ZSH_COMPDUMP:-${ZSH_COMPDIR}/.zcompdump-${HOST}-${ZSH_VERSION}}"
if [[ ! -d ${ZSH_COMPDIR} ]]; then
command mkdir -p "${ZSH_COMPDIR}"
fi
autoload -U compinit && compinit -d $ZSH_COMPDUMP
source ${ZSH_CONFIG_DIR}/extra/zshcompletion.zsh
#endregion
#region Functions
zsh-private() {
ZSH_PRIVATE=1 zsh
}
myip() {
wget -qO- https://wtfismyip.com/text
}
speedtest() {
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python3
}
#endregion
#region Aliases
if [[ "$TERM" = "xterm-kitty" ]]; then
alias ssh="kitty +kitten ssh"
fi
if [[ $(whence -p "nvim") ]]; then
EDITOR="${EDITOR:-nvim}"
alias vim="nvim"
alias vi="nvim"
alias vimdiff="nvim -d"
fi
if [[ $(whence -p "eza") ]]; then
alias l="eza -lahg --color=auto --hyperlink"
alias ll="eza -alF --color=auto --hyperlink"
alias ls="eza --color=auto"
else
alias l="ls -lah --color=auto"
alias ll="ls -alF --color=auto"
alias ls="ls --color=auto"
fi
#endregion
if [[ "$__MATERUS_ZSH_256COLORS" = "1" ]] ; then [[ ! -f ${ZSH_CONFIG_DIR}/p10kcfg/fullcolor.zsh ]] || source ${ZSH_CONFIG_DIR}/p10kcfg/fullcolor.zsh;
else [[ ! -f ${ZSH_CONFIG_DIR}/p10kcfg/compatibility.zsh ]] || source ${ZSH_CONFIG_DIR}/p10kcfg/compatibility.zsh;
fi
-6
View File
@@ -1,6 +0,0 @@
#TODO: Set ZDOTDIR based on MKK_CONFIG_PATH
__HOME_ZSHENV_SOURCED=1
ZDOTDIR=${XDG_CONFIG_HOME:-"$HOME/.config"}/zsh/cfg
ZSH_DATA_DIR="${XDG_CONFIG_HOME:-"$HOME/.config"}/zsh/data"
ZSH_CONFIG_DIR="${XDG_CONFIG_HOME:-"$HOME/.config"}/zsh/cfg"
setopt no_global_rcs
-9
View File
@@ -1,9 +0,0 @@
local wezterm = require 'wezterm'
local config = wezterm.config_builder()
-- config.color_scheme = 'Duotone Dark'
config.enable_scroll_bar = true
config.scrollback_lines = 50000
return config
-12
View File
@@ -1,12 +0,0 @@
set -g history-limit 50000
set -g display-time 4000
set -g status-interval 5
set -g default-terminal "screen-256color"
set -g status-keys emacs
set -g focus-events on
setw -g aggressive-resize on
setw -g mouse on
setw -g clock-mode-style 24
set -ga terminal-overrides ',xterm*:smcup@:rmcup@'
set -g allow-passthrough on
+308
View File
@@ -0,0 +1,308 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, materusArg, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.supportedFilesystems = [ "ntfs" ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.auto-optimise-store = true;
nix.settings.substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
nix.settings.trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
nixpkgs.config.allowUnfree = true;
# Use the systemd-boot EFI boot loader.
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = "1920x1080";
gfxmodeBios = "1920x1080";
useOSProber = true;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.tmpOnTmpfs = true;
services.flatpak.enable = true;
services.gvfs.enable = true;
networking.hostName = "Old-materusPC"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Warsaw";
services.fstrim = {
enable = true;
interval = "weekly";
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "lat2-16";
# keyMap = "pl";
useXkbConfig = true; # use xkbOptions in tty.
};
hardware.bluetooth.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
materus.profile.steam.enable = true;
# Configure keymap in X11
services.xserver.layout = "pl";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound.
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
hardware.pulseaudio.enable = false;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "kvm" "input" "libvirt" "libvirtd" "podman" ];
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
};
environment.sessionVariables = rec {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
#SSH_ASKPASS_REQUIRE = "prefer";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
MOZ_USE_XINPUT2 = "1";
PATH = [
"\${XDG_BIN_HOME}"
];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
# List packages installed in system profile. To search, run:
# $ nix search wget
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.libsForQt5.fcitx5-qt ];
environment.systemPackages = with pkgs; [
brave
glibc
patchelf
vim
wget
killall
xorg.xkill
xorg.xhost
nix-top
gitFull
curl
jdk
nss_latest
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
distrobox
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
nix-du
git-crypt
wineWowPackages.stagingFull
winetricks
protontricks
openal
gnupg
ncurses
monkeysphere
gparted
inkscape
gimp
virt-manager
libguestfs
bubblewrap
bindfs
pulseaudio
binutils
];
fonts.fontDir.enable = true;
fonts.enableDefaultFonts = true;
fonts.fonts = with pkgs; [
dejavu_fonts
hack-font
noto-fonts
noto-fonts-extra
noto-fonts-emoji
noto-fonts-cjk-sans
noto-fonts-cjk-serif
ubuntu_font_family
wqy_zenhei
monocraft
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "Meslo" "ProFont" ]; })
];
fonts.fontconfig.enable = true;
fonts.fontconfig.cache32Bit = true;
fonts.fontconfig.defaultFonts.sansSerif = [ "Noto Sans" "DejaVu Sans" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.serif = [ "Noto Serif" "DejaVu Serif" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.emoji = [ "Noto Color Emoji" "OpenMoji Color" ];
fonts.fontconfig.defaultFonts.monospace = [ "Hack Nerd Font" "Noto Sans Mono" "WenQuanYi Zen Hei Mono" ];
environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" ];
environment.shells = with pkgs; [ zsh ];
programs = {
steam = {
enable = true;
dedicatedServer.openFirewall = true;
remotePlay.openFirewall = true;
};
fish.enable = true;
java.enable = true;
command-not-found.enable = false;
dconf.enable = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
services.pcscd.enable = true;
/*systemd.user.services.gpg-agent.serviceConfig.ExecStart = [
""
''
${pkgs.gnupg}/bin/gpg-agent --supervised \
--pinentry-program ${pkgs.kwalletcli}/bin/pinentry-kwallet
''
];*/
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.ssh.startAgent = true;
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 ];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}
@@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
{
imports =
[
./secrets
./configuration.nix
./nvidia.nix
./plasma.nix
];
}
@@ -0,0 +1,91 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "vfio-pci" ];
boot.extraModulePackages = [ ];
boot.kernel.sysctl = { "vm.swappiness" = 10; };
boot.kernelParams = [ "ibt=off" "intel_iommu=on" "iommu=pt" "pcie_acs_override=downstream,multifunction" ];
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/materus" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
neededForBoot = true;
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-label/NixOS_Home";
fsType = "btrfs";
options = [ "subvol=@home" "nossd" "noatime" "compress=zstd" "space_cache=v2" "autodefrag" ];
};
fileSystems."/materus/data" =
{
device = "/dev/disk/by-label/NixOS_Home";
fsType = "btrfs";
options = [ "subvol=@data" "nossd" "noatime" "compress=zstd" "space_cache=v2" "autodefrag" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/A5C2-31D1";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-label/NixOS_Swap"; }];
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
depends = [ "/materus" ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkForce true;
}
@@ -0,0 +1,79 @@
{ config, pkgs, materusArg, lib, ... }:
{
home.stateVersion = "22.11";
home.homeDirectory = "/home/materus";
programs.wezterm.enable = true;
programs.git = {
userEmail = "materus@podkos.pl";
userName = "materus";
signing.signByDefault = true;
signing.key = "${materusArg.cfg.path}/extraFiles/keys/ssh/materus.pub";
extraConfig = {
commit.gpgsign = true;
gpg.format = "ssh";
};
};
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_16; in [
llvmpkgs.clang
llvmpkgs.llvm
llvmpkgs.bintools
llvmpkgs.lld
llvmpkgs.lldb
llvmpkgs.libllvm
llvmpkgs.libllvm.dev
gcc
gdb
cmake
gnumake
ninja
binutils
coreutils
util-linux
dotnet-sdk_8
mono
mold
python3
lua
gtk4.dev
gtk4
miniaudio
SDL2.dev
SDL2
freeglut.dev
freeglut
boost.dev
boost
glew.dev
libGL.dev
libGLU.dev
vulkan-loader.dev
jdk
ldc
dmd
dub
]);
editor.emacs.enable = false;
};
home.packages = [
pkgs.papirus-icon-theme
];
}
@@ -0,0 +1,32 @@
{ config, pkgs, ... }:
{
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.stable;
modesetting.enable = true;
nvidiaSettings = true;
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
};
hardware.opengl.extraPackages = with pkgs; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];
materus.profile.steam.extraEnv = {
VK_ICD_FILENAMES=''''$VK_ICD_FILENAMES:/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json:/run/opengl-driver-32/share/vulkan/icd.d/nvidia_icd.i686.json'';
};
}
@@ -0,0 +1,27 @@
{ pkgs, ... }:
{
services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.wayland.enable = true;
services.xserver.displayManager.sddm.settings = {
General = {
InputMethod = "";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
};
environment.variables = {
QT_PLUGIN_PATH = [ "${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}" ];
XCURSOR_THEME = "breeze_cursors";
};
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
environment.plasma6.excludePackages = with pkgs.kdePackages; [ kwallet kwalletmanager kwallet-pam ];
environment.systemPackages = with pkgs.kdePackages; [
ark
kate
];
materus.profile.steam.extraPkgs = [ pkgs.kdePackages.breeze pkgs.kdePackages.breeze-gtk pkgs.kdePackages.dolphin ];
}
@@ -0,0 +1,25 @@
{ config, pkgs, lib, materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets."wg-key" = { };
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -0,0 +1,33 @@
wg-key: ENC[AES256_GCM,data:+z+Xxq6A1h5ceCOZry9PSz871zVZpd9Y6vtqpfoAulHCN03DjzZ/PLmRvYQ=,iv:7hdjnUuaRk30hFJ8rv4zXxI8v42RWC1iQb64LMNgBnQ=,tag:eUSTVygR+u9ERPU9gfhYIw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1el7zhjxkrlravpt7hw36fuac0xfgd42qkjjkvxzqmyl28u8csasqkd4a40
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsT2w4SCt2ZGdLYktHckMw
QVhza2tqU2M1Q3lsYnhld1dKcTdYUHcvSzFrCjMxT05yU01nUmFQK0FCUThUNDNN
V2EyTUhoVUNjNlNwTU9FeTlGRkxvVDgKLS0tIDBFYys1TmI0T0x0RnE2N3JCWWpq
VFVjMGUvRVBaY0JsR2lVcUFsdk4rYjQKEiiqEcTaQSVXSAm5c9uylaf2Tt/KJtPl
GDp+2YSBHHnVYjtYf7k9WqsIEe5/0AifDp3YA8jNhOXuZwZdvk+fLw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-30T18:21:12Z"
mac: ENC[AES256_GCM,data:0DMB+ukujc6PMU45n1QJGryGie25Bj2hXmia69QgYZNk2vgfO+nYmWSpmqK4Z00xXNtbsgejfDto5mrzU/OJ4FF3eOfwWfdIwxQLEQKoPF5U3niON3YO8FEA+JIn+/fNGF3fY1AgBfhberST5ikKnmff1Nwe5GOwQHSB3LU+CZE=,iv:V89EFUby3bwsoZKpoJRmJS9E/UheMBkKDq7j40IzBTA=,tag:aOJnFFGIuzQ3T7YrIFiWtw==,type:str]
pgp:
- created_at: "2024-03-30T18:20:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAnUVLGsgIKd3EtSAGTPyXqSlsz1T8RnDvAtBz/XaH0y0w
pkp84zTe85FRZDnTO8a44WkpNIrUih0CYQSPPCZqSi/qnIxPWgx67HTC1bPAO9Iw
1GgBCQIQNcrKr4YNKSP5XxJqMXOyZD7rZ4g02Xdw5XplZ/y34m9c83S44XRgHwg4
0obXI1UlsqyHf/ZnTM1pbXO/kdTdFomWvWbfbuKDgDvyiJJ18mJ48GOsv/SBBJjJ
3877O+Ia5I8Chg==
=q58P
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
Binary file not shown.
+61
View File
@@ -0,0 +1,61 @@
{ inputs, materusFlake }:
let
profiles = import ../profile;
makeSystem = { host, arch ? "x86_64-linux", extraModules ? [ ], stable ? true, hmAsModule ? true, hmUsers ? [ "materus" ] }:
let
nixosSystem = if stable then inputs.nixpkgs-stable.lib.nixosSystem else inputs.nixpkgs.lib.nixosSystem;
hm = if stable then inputs.configInputs-stable.home-manager else inputs.configInputs.home-manager;
materusCfg = {
inherit stable;
inherit materusFlake;
inherit host;
inherit hm;
inherit hmAsModule;
nixerus = if stable then inputs.configInputs-stable.nixerus else inputs.configInputs.nixerus;
configInputs = if stable then inputs.configInputs-stable else inputs.configInputs;
path = materusFlake.selfPath;
hostPath = materusFlake.selfPath + "/configurations/host/${host}";
isHm = false;
};
in
(nixosSystem {
specialArgs = { inherit materusCfg; };
system = arch;
modules = [
./${host}
profiles.osProfile
materusCfg.configInputs.sops-nix.nixosModules.sops
(if hmAsModule then hm.nixosModules.home-manager else { })
(if hmAsModule then
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users = (builtins.foldl' (a: b: a // b) { } (builtins.map
(user: {
${user} = ({ ... }:
{
imports = [
(materusFlake.selfPath + "/configurations/shared/home/${user}")
(materusFlake.selfPath + "/configurations/host/${host}/home/${user}")
profiles.homeProfile
];
});
})
hmUsers));
home-manager.extraSpecialArgs = { materusCfg = materusCfg // { isHm = true; }; };
} else { })
] ++ extraModules;
}) // { inherit materusCfg; };
in
{
materusPC = makeSystem { host = "materusPC"; stable = false; };
flamaster = makeSystem { host = "flamaster"; stable = true; };
valkyrie = makeSystem { host = "valkyrie"; stable = true; };
waffentrager = makeSystem { host = "waffentrager"; stable = true; arch = "aarch64-linux"; };
Old-materusPC = makeSystem { host = "Old-materusPC"; stable = false; };
}
@@ -0,0 +1,192 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, materusArg, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.wireless.iwd.enable = true;
services.logind.lidSwitch = "ignore";
services.logind.lidSwitchExternalPower = "ignore";
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
programs.tmux = {
enable = true;
clock24 = true;
};
programs.java = {
enable = true;
package = pkgs.graalvm-ce;
binfmt = true;
};
# Bootloader.
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
useOSProber = true;
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080";
#efiInstallAsRemovable = true;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
networking.hostName = "flamaster"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
networking.networkmanager.wifi.backend = "iwd";
# Set your time zone.
time.timeZone = "Europe/Warsaw";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.utf8";
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl.enable = true;
hardware.nvidia.prime = {
offload.enable = true;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
};
# Enable the KDE Plasma Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# Configure keymap in X11
services.xserver = {
layout = "pl";
xkbVariant = "";
};
# Configure console keymap
console.keyMap = "pl2";
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.materus = {
isNormalUser = true;
description = "Mateusz Słodkowicz";
extraGroups = [ "networkmanager" "wheel" ];
openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
packages = with pkgs; [
kate
];
shell = pkgs.zsh;
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
util-linux
killall
pciutils
lshw
steamcmd
distrobox
config.materus.profile.packages.firefox
config.programs.java.package
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 27015 25565 24454 8123 ];
networking.firewall.allowedTCPPortRanges = [{ from = 16262; to = 16272; }];
networking.firewall.allowedUDPPorts = [ 22 16261 16262 8766 8767 25565 24454 8123 ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
networking.networkmanager.extraConfig = lib.mkDefault ''
[connectivity]
uri=http://nmcheck.gnome.org/check_network_status.txt
'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
programs.neovim.enable = true;
programs.neovim.vimAlias = true;
programs.neovim.viAlias = true;
services.flatpak.enable = true;
xdg.portal.enable = true;
virtualisation.podman.enable = true;
virtualisation.podman.dockerCompat = true;
virtualisation.podman.enableNvidia = true;
virtualisation.podman.dockerSocket.enable = true;
}
+12
View File
@@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./configuration.nix
];
materus.profile.nix.enable = true;
materus.profile.steam.enable = true;
}
@@ -0,0 +1,67 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" "compress=zstd" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-label/NixOS_EFI_L";
fsType = "vfat";
};
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [{
device = "/var/.swapfile";
size = 32 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
@@ -0,0 +1,23 @@
{ config, pkgs, materusArg, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
zsh.enable = true;
};
home.packages = [
pkgs.papirus-icon-theme
(materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; })
];
}
+106
View File
@@ -0,0 +1,106 @@
{config, pkgs, materusArg, ...}:
{
environment.systemPackages = with pkgs; [
gamescope
#(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
materusArg.pkgs.amdgpu-pro-libs.prefixes
(pkgs.bottles.override { extraPkgs = pkgs: [ pkgs.libsForQt5.breeze-qt5 pkgs.kdePackages.breeze-gtk pkgs.nss_latest ]; extraLibraries = pkgs: [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
glibc
glib
gtk3
gtk4
gsettings-desktop-schemas
kdePackages.dolphin
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
patchelf
killall
util-linux
xorg.xhost
nix-top
gitFull
curl
wget
config.programs.java.package
nss_latest
pciutils
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
steamtinkerlaunch
distrobox
# WebP support
libwebp
webp-pixbuf-loader
# Compression
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
tldr
bat
##config.materus.profile.packages.home-manager
gcr
# pgcli
# litecli
materusArg.pkgs.alvr
#zenmonitor
nix-du
kate
krusader
wineWowPackages.stagingFull
winetricks
protontricks
gnupg
pinentry
pinentry-gnome3
pinentry-curses
ncurses
monkeysphere
gparted
virt-viewer
inkscape
gimp
git-crypt
bubblewrap
bindfs
binutils
];
}
@@ -1,5 +1,7 @@
{ pkgs, lib, ... }:
{
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
@@ -7,20 +9,20 @@
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = true;
systemWide = false;
jack.enable = true;
};
hardware.pulseaudio.enable = false;
environment.sessionVariables =
let
makePluginPath =
format:
"$HOME/.${format}:"
+ (lib.makeSearchPath format [
makePluginPath = format:
(lib.makeSearchPath format [
"$HOME/.nix-profile/lib"
"/run/current-system/sw/lib"
"/etc/profiles/per-user/$USER/lib"
]);
])
+ ":$HOME/.${format}";
in
{
ALSOFT_DRIVERS = "pulse";
@@ -31,8 +33,15 @@
LXVST_PATH = makePluginPath "lxvst";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
};
services.udev = {
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
'';
};
environment.systemPackages = with pkgs; [
openal
pulseaudio
@@ -44,14 +53,11 @@
vital
odin2
surge
fire
decent-sampler
lsp-plugins
];
services.udev.extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
DEVPATH=="/devices/virtual/misc/cpu_dma_latency", OWNER="root", GROUP="audio", MODE="0660"
'';
}
+31
View File
@@ -0,0 +1,31 @@
{ config, pkgs, lib, ... }:
{
imports =
[
./hardware
./vm
./secrets
./scripts.nix
./tmp.nix
./network.nix
./kde.nix
./audio.nix
./apps.nix
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
system.copySystemConfiguration = false;
system.stateVersion = "23.05";
materus.profile.nix.enable = true;
materus.profile.nixpkgs.enable = true;
materus.profile.fonts.enable = true;
materus.profile.steam.enable = true;
}
+44
View File
@@ -0,0 +1,44 @@
{ config, pkgs, lib, ... }:
{
services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.gdm.wayland = true;
services.xserver.desktopManager.gnome.enable = true;
services.xserver.desktopManager.gnome.sessionPath = [ pkgs.gnome.gpaste ];
services.gnome.gnome-online-accounts.enable = true;
services.gnome.gnome-browser-connector.enable = true;
services.gnome.core-utilities.enable = true;
services.gnome.core-shell.enable = true;
services.gnome.core-os-services.enable = true;
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
programs.gnome-terminal.enable = true;
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
services.dbus.packages = with pkgs; [ gnome2.GConf ];
environment.systemPackages = with pkgs; [
gnome3.adwaita-icon-theme
gnome3.gnome-tweaks
gnome3.gnome-color-manager
gnome3.gnome-shell-extensions
gnomeExtensions.appindicator
gnomeExtensions.desktop-clock
gnomeExtensions.gtk4-desktop-icons-ng-ding
gnomeExtensions.compiz-windows-effect
gnomeExtensions.burn-my-windows
gnomeExtensions.user-themes
gnomeExtensions.gsconnect
];
}
@@ -0,0 +1,59 @@
{ config, pkgs, lib, materusArg, ... }:
let
video = [
"video=HDMI-A-3:1920x1080@144"
"video=DP-3:1920x1080@240"
#"video=DP-1:1920x1080@240"
#"video=DP-2:1920x1080@240"
#"video=HDMI-A-1:1920x1080@240"
#"video=HDMI-A-2:1920x1080@240"
];
in
{
#Kernel
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.kernelParams = [ "rcu_nocbs=${materusArg.materusPC.vmCores}" "nohz_full=${materusArg.materusPC.vmCores}" "vfio_iommu_type1.allow_unsafe_interrupts=1" "pcie_acs_override=downstream,multifunction" /*"pci-stub.ids=1002:744c"*/ "nox2apic" "nvme_core.default_ps_max_latency_us=0" "nvme_core.io_timeout=255" "nvme_core.max_retries=10" "nvme_core.shutdown_timeout=10" "amd_iommu=on" "iommu=pt" ] ++ video;
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" ];
boot.extraModprobeConfig = ''
options kvm_amd nested=1 avic=1 npt=1 sev=0
options vfio_iommu_type1 allow_unsafe_interrupts=1
'';
boot.kernel.sysctl = {
"vm.max_map_count" = 1000000;
"vm.swappiness" = 10;
};
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.supportedFilesystems = [ "ntfs" "btrfs" "vfat" "exfat" "ext4" ];
boot.tmp.useTmpfs = true;
#bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
useOSProber = true;
memtest86.enable = true;
};
boot.plymouth.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}
@@ -0,0 +1,61 @@
{ config, pkgs, lib, materusArg, ... }:
{
imports =
[
./filesystem.nix
./boot.nix
];
hardware.firmware = with pkgs; [
materusArg.pkgs.amdgpu-pro-libs.firmware.vcn
#materusArg.pkgs.amdgpu-pro-libs.firmware
linux-firmware
alsa-firmware
sof-firmware
];
environment.variables = {
DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1";
VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json";
AMD_VULKAN_ICD = "RADV";
RADV_PERFTEST = "gpl,rt,sam";
OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/";
};
hardware.cpu.amd.updateMicrocode = lib.mkForce true;
#extra
hardware.wooting.enable = true;
hardware.bluetooth.enable = true;
#Graphics
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
amdvlk
rocmPackages.clr.icd
rocmPackages.clr
materusArg.pkgs.amdgpu-pro-libs.vulkan
materusArg.pkgs.amdgpu-pro-libs.amf
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
pkgs.driversi686Linux.amdvlk
materusArg.pkgs.i686Linux.amdgpu-pro-libs.vulkan
libvdpau-va-gl
];
services.udev.extraRules = ''
#GPU bar size
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource0_resize}="15"
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource2_resize}="8"
'';
#Trim
services.fstrim = {
enable = true;
interval = "weekly";
};
}
@@ -0,0 +1,68 @@
{ config, pkgs, lib, ... }:
{
zramSwap = {
enable = true;
memoryPercent = 25;
};
swapDevices = [
{
label = "NixOS_Swap";
}
];
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
depends = [ "/materus" ];
};
fileSystems."/materus" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
neededForBoot = true;
};
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" "compress=zstd" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@home" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-label/NixOS_EFI";
fsType = "vfat";
};
}
@@ -0,0 +1,96 @@
{ pkgs, materusArg, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
programs.git.signing.signByDefault = true;
xdg.userDirs.enable = true;
xdg.portal.enable = true;
xdg.portal.xdgOpenUsePortal = true;
xdg.portal.extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
xdg.portal.configPackages = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_16; in [
llvmpkgs.clang
llvmpkgs.llvm
llvmpkgs.bintools
llvmpkgs.lld
llvmpkgs.lldb
llvmpkgs.libllvm
llvmpkgs.libllvm.dev
raylib
gcc
gdb
nil
nixfmt
nixpkgs-fmt
cmake
gnumake
ninja
binutils
coreutils
util-linux
openssl
openssl.dev
pkg-config
dotnet-sdk_8
mono
mold
python3
lua
gtk4.dev
gtk4
miniaudio
SDL2.dev
SDL2
freeglut.dev
freeglut
boost.dev
boost
glew.dev
libGL.dev
libGLU.dev
vulkan-loader.dev
xorg.xorgproto
xorg.libX11.dev
xorg.libXrandr.dev
xorg.libXrender.dev
rustup
freetype.dev
fpc
openjdk21
bison
flex
ldc
dmd
dub
]);
editor.emacs.enable = false;
};
home.packages = [
pkgs.papirus-icon-theme
materusArg.pkgs.ffmpeg6-amf-full
(materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; extraLibs = [ ]; })
pkgs.git-crypt
];
programs.obs-studio = {
enable = false;
plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-vkcapture obs-gstreamer input-overlay obs-multi-rtmp obs-pipewire-audio-capture ];
package = materusArg.pkgs.obs-amf;
};
}
+73
View File
@@ -0,0 +1,73 @@
{ config, pkgs, lib, ... }:
let
westonSddm = let xcfg = config.services.xserver; in pkgs.writeText "weston.ini"
''
[core]
xwayland=false
shell=fullscreen-shell.so
[keyboard]
keymap_model = ${builtins.toString xcfg.xkb.model};
keymap_layout = ${builtins.toString xcfg.xkb.layout};
keymap_variant = ${builtins.toString xcfg.xkb.variant};
keymap_options = ${builtins.toString xcfg.xkb.options};
[libinput]
enable-tap = ${builtins.toString xcfg.libinput.mouse.tapping};
left-handed = ${builtins.toString xcfg.libinput.mouse.leftHanded};
[output]
name=DP-3
mode=1920x1080@240
[output]
name=DP-2
mode=off
[output]
name=HDMI-A-3
mode=off
'';
in
{
services.displayManager.defaultSession = "plasma";
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.displayManager.sddm.wayland.compositor = lib.mkForce "weston";
services.displayManager.sddm.wayland.compositorCommand = lib.concatStringsSep " " [
"${lib.getExe pkgs.weston}"
"--shell=kiosk"
"-c ${westonSddm}"
];
services.displayManager.sddm.settings = {
General = {
InputMethod = "";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
};
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
environment.plasma6.excludePackages = with pkgs.kdePackages; [ kwallet kwalletmanager kwallet-pam ];
environment.variables = {
# Old fix for black cursor on amdgpu, seems to work fine now
#KWIN_DRM_NO_AMS = "1";
#Fix for amdgpu crashes
KWIN_DRM_USE_MODIFIERS = "0";
KWIN_DRM_NO_DIRECT_SCANOUT = "1";
QT_PLUGIN_PATH = [ "${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}" ];
XCURSOR_THEME = "breeze_cursors";
};
environment.systemPackages = with pkgs; [
kdePackages.ark
];
materus.profile.steam.extraPkgs = [ pkgs.kdePackages.breeze pkgs.kdePackages.breeze-gtk pkgs.kdePackages.dolphin ];
}
+51
View File
@@ -0,0 +1,51 @@
{ config, pkgs, lib, materusArg, ... }:
{
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
'';
networking.useDHCP = lib.mkDefault true;
networking.hostName = "materusPC";
networking.wireless.iwd.enable = true;
networking.networkmanager.enable = true;
#networking.networkmanager.wifi.backend = "iwd";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 8080 9943 9944 ];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 6000 9943 9944 ];
#Fix warning
networking.networkmanager.extraConfig = lib.mkDefault ''
[connectivity]
uri=http://nmcheck.gnome.org/check_network_status.txt
'';
networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path
];
networking.networkmanager.ensureProfiles.profiles = {
wg0 = {
connection = {
id = "wg0";
type = "wireguard";
interface-name = "wg0";
};
wireguard = {
private-key = "$WIREGUARD_PRIVATEKEY";
};
"wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
allowed-ips = "${materusArg.ip-masks.wireguard.general};";
};
ipv4 = {
address1 = "${materusArg.ips.wireguard.materusPC}/23";
dns = "${materusArg.ips.wireguard.valkyrie};";
method = "manual";
never-default = "true";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "disabled";
};
proxy = { };
};
};
}
+59
View File
@@ -0,0 +1,59 @@
{ config, pkgs, lib, ... }:
let
valkyrie-sync = pkgs.writeShellScriptBin "valkyrie-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/nixos-config materus@valkyrie:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/valkyrie materus@valkyrie:/materus/config/private
'';
valkyrie-flakelock = pkgs.writeShellScriptBin "valkyrie-flakelock" ''
${pkgs.openssh}/bin/ssh materus@valkyrie "nix flake update /materus/config/nixos-config --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-boot = pkgs.writeShellScriptBin "valkyrie-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild boot --flake /materus/config/nixos-config#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-switch = pkgs.writeShellScriptBin "valkyrie-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild switch --flake /materus/config/nixos-config#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
flamaster-sync = pkgs.writeShellScriptBin "flamaster-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/nixos-config materus@flamaster:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/flamaster materus@flamaster:/materus/config/private
'';
flamaster-flakelock = pkgs.writeShellScriptBin "flamaster-flakelock" ''
${pkgs.openssh}/bin/ssh materus@flamaster "nix flake update /materus/config/nixos-config --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-boot = pkgs.writeShellScriptBin "flamaster-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild boot --flake /materus/config/nixos-config#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-switch = pkgs.writeShellScriptBin "flamaster-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild switch --flake /materus/config/nixos-config#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
in
{
environment.systemPackages = [
valkyrie-rebuild-boot
valkyrie-rebuild-switch
valkyrie-sync
valkyrie-flakelock
flamaster-rebuild-boot
flamaster-rebuild-switch
flamaster-sync
flamaster-flakelock
];
}
@@ -0,0 +1,27 @@
{ config, pkgs, lib, materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.age.sshKeyPaths = [ "/materus/root/ssh_host_ed25519_key" ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.wireguard = { };
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -0,0 +1,36 @@
users:
materus: ENC[AES256_GCM,data:okqSgMvdFq1BMAg+Gs725zaNbeAQIpJKSPB2Sa83i3EYimphZNBtrJLen+gQEGNq4yeTyAc9Ih/hcnr+3z+Tea/g9ffh/UC4YA==,iv:OhKoWLREAqCbtmS3Rw9nE9+PtcBLwEHimJXcj4oejRA=,tag:Ht/SQSwumnQR6E45Pl47AQ==,type:str]
root: ENC[AES256_GCM,data:vnPjK+xayk/Zk895rERYAeCzpjv5NJ7EAyK4MRDUzDbW++4Dy+UEI81v1v7w9dfpDeL+x5kOqUFO5zVVDUGfZ3yf/l8M8N8KcA==,iv:gGFGcy3K27nQxn0+7I/t0kg3nZyXeGWqysOl2auZJXo=,tag:N+LYhKpPCbI1EjEBwxuh1g==,type:str]
wireguard: ENC[AES256_GCM,data:rBkftzBcdamhP0xZB3qxfLptL8bX1qc7SdcfPNpYV67TeQs6i79+5KB/da4=,iv:22J5SZbFtYco7iSHvD2GD1bcazfGWlyEJ2isa3Ab4bI=,tag:BeUn9Srl2vyoDgK5Xv0UCg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1fq9ckkwtgvm69w045rf9pgurnhch6ukdxejr8yxgrthn7j8vp48qvd9rkx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbHZZUVF1dVJSU1NvNXVk
N3VtTm00ZHRWb082T0FkNXJncUxCU3haVmpVCk9FQkJBZnVJVFNLOThjZzlxNVF1
b0phQ2daejRrdVhEZ2YvRHVRRU5BQlEKLS0tIGdQeDlOSzl4VDhGNURQditCWUFG
dWVzbzUyakxXUGpTQjNsYzcyVG1aRDgKXVa8tIAbmggw1vSt3NJYRLgXhbagpNrX
RNXyndPaeQXVPVXuJWmHgRCYbwPTcfAFpGwFlX2IxVLlmC914Zklhw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-19T15:58:46Z"
mac: ENC[AES256_GCM,data:BLa0G3ci8EWH43UkLI2OoFJp2F9YeuKDrg6+2I/bq/lLi/YUitkJvBkA9VSIbvCyYWs/5SlEL5MayX8iiVdJ7r9bCiw+LVsWNAdaYDCafbZRW5F7KiHS5WXV3v4c201kFok7rmnRhEfKfdDxLlQ/mFHqOhupHU/qCNMTuUzJBiA=,iv:EPRoXHVMB6I16lTFJdFVAuSnMD/B55fPYtSBOQddutE=,tag:gohg+BdRlMPAQmNpRdk8sg==,type:str]
pgp:
- created_at: "2024-03-02T22:10:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAvGVUu56Pd2+DMHqgIcJokyh11952nQK2eVtQNj42CAUw
NQfulNRUHX5BonsLyvXPx74bVku6Wxr80loIWoz049/xbFj4S7FyftkakY8rOUGu
1GgBCQIQOoEFvTQB8qGbea/85fktuljXPou/WgUY6Mxd4n0dBz54f69B/NttnBGc
7eUDKfe79Omr0o/0CVC/6SGKoiS38suV903QHeF1MXFPeOG72k4TvfF9lVlBgK8H
k4DXtzC7wm3WWg==
=eh7Z
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
+183
View File
@@ -0,0 +1,183 @@
{ config, pkgs, materusArg, ... }:
{
virtualisation.lxc.enable = true;
virtualisation.lxc.lxcfs.enable = true;
virtualisation.lxd.enable = true;
programs.gamemode.enable = true;
services.teamviewer.enable = true;
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
services.flatpak.enable = true;
services.gvfs.enable = true;
services.xserver.xkb.layout = "pl";
services.xserver.enable = true;
services.xserver.videoDrivers = [ "amdgpu" ];
services.dbus.enable = true;
services.dbus.packages = [ pkgs.gcr ];
services.xserver.displayManager.startx.enable = false;
xdg.portal.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.xdgOpenUsePortal = true;
services.xserver.exportConfiguration = true;
services.xserver.extraConfig = pkgs.lib.mkDefault ''
Section "OutputClass"
Identifier "amd-options"
Option "TearFree" "True"
Option "SWCursor" "True"
Option "VariableRefresh" "true"
Option "AsyncFlipSecondaries" "true"
Option "DRI3" "1"
MatchDriver "amdgpu"
EndSection
'';
services.printing.enable = true;
services.xserver.libinput.enable = true;
virtualisation.waydroid.enable = false;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
users.users.materus = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
"render"
"pipewire"
"wheel"
"networkmanager"
"input"
"kvm"
"libvirt-qemu"
"libvirt"
"libvirtd"
"podman"
"lxd"
];
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
};
environment.sessionVariables = {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
QT_XKB_CONFIG_ROOT = "\${XKB_CONFIG_ROOT}";
GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
XMODIFIERS = "@im=fcitx";
SDL_IM_MODULE = "fcitx";
MOZ_USE_XINPUT2 = "1";
PATH = [
"\${XDG_BIN_HOME}"
];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.kdePackages.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.fcitx5-gtk pkgs.kdePackages.fcitx5-qt ];
services.pcscd.enable = true;
services.samba-wsdd.enable = true;
services.samba-wsdd.openFirewall = true;
services.samba = {
enable = true;
package = pkgs.sambaFull;
securityType = "user";
openFirewall = true;
extraConfig = ''
workgroup = WORKGROUP
server string = smbmaterus
netbios name = smbmaterus
security = user
hosts allow = 192.168.122. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
windows = {
path = "/materus/data/VM/windows_shared";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "materus";
"force group" = "users";
};
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.ssh.startAgent = true;
services.openssh.enable = true;
environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" "/share/bash-completion" "/share/fish" ];
environment.shells = with pkgs; [ zsh bashInteractive fish ];
programs = {
fish.enable = true;
java.enable = true;
java.package = pkgs.graalvm-ce;
java.binfmt = true;
command-not-found.enable = false;
dconf.enable = true;
};
materus.profile.browser.enable = true;
services.davfs2.enable = true;
}
@@ -1,10 +1,45 @@
{ pkgs, config, ... }:
{ config, pkgs, ... }:
{
imports = [
./win10
];
materus.materusArg.materusPC = {
allCores = "0-31";
allCoresMask = "ffffffff";
hostCores = "0-7,16-23";
hostCoresMask = "00ff00ff";
vmCores = "8-15,24-31";
vmCoresMask = "ff00ff00";
};
systemd.mounts = [
{
where = "/dev/hugepages";
enable = false;
}
{
where = "/dev/hugepages/hugepages-2048kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=2M";
requiredBy = [ "basic.target" ];
}
{
where = "/dev/hugepages/hugepages-1048576kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=1G";
requiredBy = [ "basic.target" ];
}
];
virtualisation.libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu.ovmf.enable = true;
qemu.ovmf.packages = [ pkgs.OVMFFull.fd ];
qemu.runAsRoot = true;
qemu.swtpm.enable = true;
qemu.package = pkgs.qemu_full;
@@ -20,7 +55,6 @@
libguestfs-with-appliance
];
# Packages for QEMU hooks
systemd.services.libvirtd = {
path =
let
@@ -48,64 +82,4 @@
in
[ env ];
};
# Shared qcow drive
systemd.services.windows-share-mount = {
wantedBy = [ "multi-user.target" ];
path = [
config.virtualisation.libvirtd.qemu.package
pkgs.util-linux
pkgs.kmod
pkgs.coreutils
];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
unitConfig.ConditionPathExists = "/mkk/data/vm/data.qcow2";
script = ''
modprobe nbd max_part=10
sleep 1
qemu-nbd -c /dev/nbd10 /mkk/data/vm/data.qcow2 --discard=unmap
sleep 1
mount /dev/nbd10p1 /mkk/data/mounts/windows -o uid=1000,gid=100
'';
preStop = ''
umount -r /dev/nbd10p1
qemu-nbd -d /dev/nbd10
'';
};
#Hugepages
systemd.mounts = [
{
where = "/dev/hugepages";
enable = false;
}
{
where = "/dev/hugepages/hugepages-2048kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=2M";
requiredBy = [ "basic.target" ];
}
{
where = "/dev/hugepages/hugepages-1048576kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=1G";
requiredBy = [ "basic.target" ];
}
];
virtualisation.libvirtd.qemu.verbatimConfig = ''
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
"/dev/kvmfr0"
]
'';
}
@@ -0,0 +1,173 @@
{ config, pkgs, materusArg, ... }:
let
VM_UUID = "ad2632db-0da0-4204-98b3-0592a185ebd0";
startedHook = ''
QEMU_PID=$(ps aux | grep qemu-system-x86_64 | grep "${VM_UUID}" | tr -s ' ' | cut -d " " -f 2)
for pid in $(cat /sys/fs/cgroup/cpu/machine.slice/machine-qemu*$1.scope/libvirt/vcpu*/tasks); do
renice -n "-15" -p "$pid";
done
renice -n "-10" -p "$QEMU_PID";
echo "${materusArg.materusPC.hostCoresMask}" > /proc/irq/default_smp_affinity
for irq in /proc/irq/[0-9]*/smp_affinity; do
if [ $(cat $irq) = "${materusArg.materusPC.allCoresMask}" ]; then
echo "${materusArg.materusPC.hostCoresMask}" > $irq 2> /dev/null
fi;
done;
for irq in $(cat /proc/interrupts | grep vfio | cut -d ":" -f 1); do
echo "${materusArg.materusPC.vmCoresMask}" > /proc/irq/$irq/smp_affinity;
done
'';
startHook = /*''
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
''
+*/
''
# Make sure nothing renders on gpu to prevent "sysfs: cannot create duplicate filename" after rebinding to amdgpu
chmod 0 /dev/dri/renderD128
fuser -k /dev/dri/renderD128
# Seems to fix reset bug for 7900 XTX
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
systemctl stop windows-share-mount.service
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
sleep 1s
echo "15" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
sync
echo "3" > /proc/sys/vm/drop_caches
sync
echo "1" > /proc/sys/vm/compact_memory
systemctl set-property --runtime -- user.slice AllowedCPUs=${materusArg.materusPC.hostCores}
systemctl set-property --runtime -- system.slice AllowedCPUs=${materusArg.materusPC.hostCores}
systemctl set-property --runtime -- init.scope AllowedCPUs=${materusArg.materusPC.hostCores}
echo "${materusArg.materusPC.hostCoresMask}" > /sys/bus/workqueue/devices/writeback/cpumask
echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
sysctl vm.stat_interval=120
sysctl -w kernel.watchdog=0
'';
stopHook = ''
# Debugging
# exec 19>/home/materus/stoplogfile
# BASH_XTRACEFD=19
# set -x
# exec 3>&1 4>&2
# trap 'exec 2>&4 1>&3' 0 1 2 3
# exec 1>/home/materus/stoplogfile.out 2>&1
sleep 1s
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
echo "15" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
echo "1" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind
echo ''$VIRSH_GPU_AUDIO > /sys/bus/pci/drivers/snd_hda_intel/bind
systemctl start windows-share-mount.service
systemctl set-property --runtime -- user.slice AllowedCPUs=${materusArg.materusPC.allCores}
systemctl set-property --runtime -- system.slice AllowedCPUs=${materusArg.materusPC.allCores}
systemctl set-property --runtime -- init.scope AllowedCPUs=${materusArg.materusPC.allCores}
echo "${materusArg.materusPC.allCoresMask}" > /sys/bus/workqueue/devices/writeback/cpumask
echo powersave | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
sysctl vm.stat_interval=1
sysctl -w kernel.watchdog=1
echo "${materusArg.materusPC.allCoresMask}" > /proc/irq/default_smp_affinity
for irq in /proc/irq/[0-9]*/smp_affinity; do
if [ $(cat $irq) = "${materusArg.materusPC.hostCoresMask}" ] || [ $(cat $irq) = "${materusArg.materusPC.vmCoresMask}" ]; then
echo "${materusArg.materusPC.allCoresMask}" > $irq 2> /dev/null
fi;
done;
'';
in
{
virtualisation.libvirtd.hooks.qemu = {
"win10" = pkgs.writeShellScript "win10.sh" ''
VIRSH_GPU_VIDEO="0000:03:00.0"
VIRSH_GPU_AUDIO="0000:03:00.1"
VIRSH_USB1="0000:10:00.0"
if [ ''$1 = "win10" ] || [ ''$1 = "win11" ]; then
if [ ''$2 = "prepare" ] && [ ''$3 = "begin" ]; then
${startHook}
fi
if [ ''$2 = "started" ] && [ ''$3 = "begin" ]; then
${startedHook}
fi
if [ ''$2 = "release" ] && [ ''$3 = "end" ]; then
${stopHook}
fi
fi
'';
};
systemd.services.windows-share-mount = {
wantedBy = [ "multi-user.target" ];
path = [ config.virtualisation.libvirtd.qemu.package pkgs.util-linux pkgs.kmod pkgs.coreutils ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
losetup -P /dev/loop6 /materus/data/VM/data.raw
mount /dev/loop6p1 /materus/data/Windows -o uid=1000,gid=100
'';
preStop = ''
umount -lf /materus/data/Windows
losetup -d /dev/loop6
'';
};
}
@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ lib, pkgs, mkk, materusArgs, config, ... }:
{ pkgs, materusArg, config, ... }:
{
imports =
@@ -10,11 +10,13 @@
# Include the results of the hardware scan.
./hardware-configuration.nix
./services
./private
./secrets
];
programs.zsh.enable = true;
environment.etc."current-flake".source = materusArgs.self;
materus.profile.nix.enable = true;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
@@ -62,7 +64,7 @@
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true;
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.materus = {
@@ -70,10 +72,10 @@
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = [
];
openssh.authorizedKeys.keyFiles = [ "${mkk.files.ssh-keys.materus}" ];
openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
shell = pkgs.zsh;
};
users.users.acme.openssh.authorizedKeys.keyFiles = [ "${mkk.files.ssh-keys.waffentrager}" ];
users.users.acme.openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/waffentrager.pub") ];
users.users.acme.shell = pkgs.scponly;
# List packages installed in system profile. To search, run:
# $ nix search wget
@@ -130,37 +132,19 @@
recommendedGzipSettings = true;
};
virtualisation.podman.autoPrune.enable = true;
virtualisation.podman.autoPrune.dates = "daily";
virtualisation.oci-containers.backend = "podman";
nix.settings = {
experimental-features = lib.mkMerge [
[
"nix-command"
"flakes"
]
];
auto-optimise-store = true;
trusted-users = [
"root"
"@wheel"
];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE="
];
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
'';
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "materus+acme@podkos.pl";
security.acme.defaults.credentialFiles.OVH_FILE = config.sops.secrets.certs.path;
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
security.acme.defaults.dnsResolver = "9.9.9.9:53";
security.acme.certs."materus.pl" = {
domain = "materus.pl";
@@ -176,5 +160,21 @@
dnsProvider = "ovh";
};
security.acme.certs."podkos.xyz" = {
domain = "podkos.xyz";
group = "nginx";
extraDomainNames = [ "*.podkos.xyz" ];
dnsProvider = "ovh";
};
security.acme.certs."${materusArg.waffentrager.samba.domain}" = {
domain = materusArg.waffentrager.samba.domain;
extraDomainNames = [
"${materusArg.waffentrager.samba.netbiosName}.${materusArg.waffentrager.samba.domain}"
];
dnsProvider = "ovh";
};
}
@@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, modulesPath, ... }:
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
@@ -11,7 +11,7 @@
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "floppy" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; "net.ipv6.conf.all.forwarding" = 1; };
boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; };
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = true;
@@ -22,6 +22,13 @@
fsType = "ext4";
};
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [
{
device = "/swapfile";
@@ -0,0 +1,17 @@
{ ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = false;
nixpkgs.enable = false;
enableDesktop = false;
enableTerminal = false;
enableTerminalExtra = false;
enableNixDevel = false;
fish.enable = false;
bash.enable = true;
zsh.enable = true;
};
}
@@ -0,0 +1,35 @@
{ materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets.wireguard = { };
sops.secrets.discord-token = {};
sops.secrets.spotify-client-id = {};
sops.secrets.spotify-client-secret = {};
sops.secrets.youtube-api = {};
sops.secrets.certs = {};
sops.secrets.steamladder-api = {};
sops.secrets.webarchive-accesskey = {};
sops.secrets.webarchive-secretkey = {};
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -0,0 +1,41 @@
wireguard: ENC[AES256_GCM,data:i98U0ugxbNqWNuKR8u+mdWoSMLViHXfsWRBS1lvjb+hgGxveyzjBcagBIeY=,iv:/hF9oH2R6NSeHT/UQTlbmtx+gPX/3CJOLPNnxrzsY/g=,tag:2ub5w8uH2O1B2hoku8Kowg==,type:str]
discord-token: ENC[AES256_GCM,data:JQ/6MJvBlJpKzs/L0hFB1LPpQSfJvDdEB6YerVZyDqGo7plA0S5wORACgA88Dei1x1NGsXhYtiwT4vE9jjeCOlWXZdl1mA==,iv:BsDu1De0qLX/8VDiZ5co1q1LXxkz/Som9+hvm/67/xU=,tag:YO0wQNF3/AXbifpeAa935Q==,type:str]
spotify-client-id: ENC[AES256_GCM,data:WK7CJGw6mtIG3Jfp59cWx3ool4z1P09TvHcpbOQ2JV0=,iv:EaJ5ecXdmx0Ky+43xZITM811IOo4EisvPSyogXrJXng=,tag:NYTI4vLsWGa695CJ+TIgbw==,type:str]
spotify-client-secret: ENC[AES256_GCM,data:TnR+zLLklTfzMdR4woaZWuMVJQ9VIYsFM588GRO6WCY=,iv:cYiqw8ZdMgLeug4ptwPV3L+MeY6xIldfUBfiYg1mFD8=,tag:YDLh6BXFcBHnpdgM7e87wg==,type:str]
youtube-api: ENC[AES256_GCM,data:qmpFlFvudS9rXQfN+Th/UrPWCW0mg5GkpMucS/01AmOnlChqtojC,iv:q3bKwI2I6BNa3L9ezKCE1fWT/vZLiJ8uzug1z2z+TWA=,tag:gKG3HTz8jp2LAFh8e8O6sg==,type:str]
steamladder-api: ENC[AES256_GCM,data:m30o5atqugwqn/WbXGkUq5GvqiIKQT0kSRQCtHc1Gxk/dC3YcbDvMw==,iv:duLKl1NvysD0XMaUOkl/6nclMQB6seXcQYkGMrm7K7Y=,tag:9dw+UH10uAdca5fVdlw1Mg==,type:str]
webarchive-accesskey: ENC[AES256_GCM,data:jdKlHsZq2Dkk1BcBfUVv5g==,iv:BXCgPb/2W57PYXxRktInz1LxSEwlw6m3xnQU4TOPMeY=,tag:kK4+InaH7K4D4n1hyGaR+w==,type:str]
webarchive-secretkey: ENC[AES256_GCM,data:nuA9G5dNtrNfbcx0G/GUTg==,iv:RRuTm4kZr5dNjBt9Zvk/NVefHCZYODmRvWAqZizKGJY=,tag:J2V0Q3BzXNWifVVvAkwYyg==,type:str]
certs: ENC[AES256_GCM,data:ttmSNTTx51a3L2HTC8RnSphDLHO2OSyIgXQ0YpZGySTdu69mgEyhaiSi+IAXg/1AHKRjpFJgE4fhsLAiW78pNYb+Zg7aDL47YtABO99sTZrZnBxZo6k6itpZ3oClDch2ZALzoXChLroc0tUbZKwsfOwGe3pw9lOJZJT34AhV+BVoXDDLQcpQoxz23Baa8oxklecT6wpJ1u1nW+aAHw33gm41Vw==,iv:b0aNZwaRKBg+ipe5+19BowyFbCjZt52S738om6emYGo=,tag:lUqtcc4vVWKx/fnc19vj7A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1wscr6kv8393wv0fjaux8juplaxq55znlzrp62qyteq0fauu3yg0s7d7k98
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSRXNLdUZaVU13alNhVGgz
aXdMb3IzNjNQcHJFV2JLNVM2SUVBa3VNZlRFCkxxd21CTWVDUkVXbzR6ZEkxbm5J
VGorSkp6a2xSdHRHcFk5T3VYVlJJa0UKLS0tIE1WdHo5eTlpNEEyN25oSjk1KzdS
d2dMUUh1RDB3UnpEdFJsNHpQRXFWemMKc41dlOapTsvH91QLNhdPbrzerPFakOiX
J/uoZDMIhsmQxgQM7Fqxr05NywhI/ZjOtJS2bayp73O57xjjMYcyNQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-05T22:42:16Z"
mac: ENC[AES256_GCM,data:KSRGzHipb58uNYaRYXAy3y+D9cBG53RGxZpNrx2gy+CHbGtkUW1SWc4PPrBwBhb6+TN0vb1zHuOB4HK4Bys/jqmvGgVkO2VKj15MTFMpF5n6w0blFM7d5bCDydHAhvXEZA/PFWq97DTI1Zxb+N/HWJlefKCzYOHHWj7i4leKNjk=,iv:88Ekp0sjEo5UTBLUyYSrkP+MbIFcCmegclJIK3+0jOQ=,tag:H/ESeQhC1PEF00RiDnamyw==,type:str]
pgp:
- created_at: "2024-03-21T22:55:36Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdA667A9P/3ktuS2iEjxkv3aYMAGSu0oPGIX7dsC23VVgkw
OmcwhXxBnipcG+izbtNylXz5VonyyKHwdR2QIgkt9FEuC8lI17GHVyogTCFiP7Dj
1GgBCQIQN4EqFdiXqzJUeeE+PdOzVPs+1kStz+S1H22NjrJAFv67cbyIgwpItuXD
Sfao+MU1HWDY4iKZrcfWArUgpQj/pvsmUeJ72iXD3bkTTrK61g3GZA+g9lFewl/B
SORJMu9btS4GAw==
=aBMP
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
@@ -0,0 +1,38 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable dcbot";
config =
let
cfg = config.valkyrieService.dcbot;
in
lib.mkIf cfg.enable {
sops.templates."dcbot.env".content = ''
TOKEN=${config.sops.placeholder.discord-token}
MAX_PLAYLIST_SIZE=100
PRUNING=false
LOCALE=pl
DEFAULT_VOLUME=100
STAY_TIME=30
'';
systemd.tmpfiles.rules = [
"d /var/lib/muse 0776 root root -"
];
virtualisation.oci-containers.containers.dcbot = {
image = "eritislami/evobot:latest";
volumes = [
];
environmentFiles = [
config.sops.templates."dcbot.env".path
];
};
};
}
@@ -10,7 +10,7 @@
services.adguardhome.enable = true;
valkyrieService.pihole.enable = false;
valkyrieService.pleroma.enable = false;
valkyrieService.pleroma.enable = true;
valkyrieService.dcbot.enable = true;
valkyrieService.secureyoursoul.enable = true;
@@ -1,6 +1,6 @@
{ config, pkgs, lib, mkk, ... }:
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.pihole.enable = mkk.lib.mkBoolOpt false "Enable pihole";
options.valkyrieService.pihole.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable pihole";
options.valkyrieService.pihole.dnsIP = lib.mkOption { default = "127.0.0.1"; };
options.valkyrieService.pihole.webIP = lib.mkOption { default = "127.0.0.1"; };
@@ -1,4 +1,4 @@
{ config, pkgs, lib, mkk, ... }:
{ config, pkgs, lib, materusArg, ... }:
let
socketPath = "/run/pleroma/http.sock";
@@ -41,7 +41,7 @@ let
in
{
options.valkyrieService.pleroma.enable = mkk.lib.mkBoolOpt false "Enable pleroma";
options.valkyrieService.pleroma.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable pleroma";
config = lib.mkIf config.valkyrieService.pleroma.enable {
systemd.tmpfiles.rules = [
"d /var/lib/pleroma 0766 pleroma pleroma -"
@@ -50,7 +50,7 @@ in
"L+ /var/lib/pleroma/static/frontends/soapbox/${soapbox.version} 0766 pleroma pleroma - ${soapbox}"
];
services.nginx.virtualHosts."podkos.xyz" = {
services.nginx.virtualHosts."podkos.xyz" = {
http2 = true;
useACMEHost = "podkos.xyz";
forceSSL = true;
@@ -1,6 +1,6 @@
{ config, pkgs, lib, mkk, ... }:
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.secureyoursoul.enable = mkk.lib.mkBoolOpt false "Enable secureyoursoul, web archive";
options.valkyrieService.secureyoursoul.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable secureyoursoul, web archive";
@@ -41,8 +41,8 @@
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
STEAM_IDS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" mkk.to_save.steamids })
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" mkk.to_save.extraLinks-steam })
STEAM_IDS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.steamids })
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks-steam })
steamladder() {
for id in ''${STEAM_IDS[@]}; do
@@ -92,7 +92,7 @@
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" mkk.to_save.extraLinks1 })
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks1 })
webarchive(){
for link in ''${EXTRA_LINKS[@]}; do
curl -X POST -H "Accept: application/json" \
@@ -116,7 +116,7 @@
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" mkk.to_save.extraLinks2 })
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks2 })
webarchive(){
for link in ''${EXTRA_LINKS[@]}; do
curl -X POST -H "Accept: application/json" \
@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, mkk, lib, materusArgs, ... }:
{ config, pkgs, ... }:
{
imports =
@@ -10,34 +10,8 @@
# Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.firewall.allowedTCPPorts = [ 1900 ];
networking.firewall.allowedUDPPorts = [ 1900 7359];
environment.etc."current-flake".source = materusArgs.self;
nix.settings = {
experimental-features = lib.mkMerge [
[
"nix-command"
"flakes"
]
];
auto-optimise-store = true;
trusted-users = [
"root"
"@wheel"
];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE="
];
};
materus.profile.nixpkgs.enable = true;
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
@@ -53,7 +27,7 @@
gzip
];
sound.enable = false;
boot.tmp.useTmpfs = true;
services.xserver.enable = false;
networking.hostName = "waffentrager";
@@ -64,11 +38,26 @@
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keyFiles = [ mkk.files.ssh-keys.materus ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPEDY+H8Hc/RSLE064AAh8IojvqxPd8BE5gec2aOfYMh materus@podkos.pl"
];
hashedPasswordFile = config.sops.secrets."users/materus".path;
shell = pkgs.zsh;
};
nix = {
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" "repl-flake" "no-url-literals" ];
trusted-users = [ "root" "@wheel" ];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE=" ];
};
};
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
@@ -111,7 +100,7 @@
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true;
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
@@ -160,8 +149,6 @@
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
nixpkgs.config.allowUnfree = true;
programs.zsh.enable = true;
system.stateVersion = "23.11"; # Did you read the comment?
}
@@ -0,0 +1,10 @@
{ config, pkgs, materusCfg, ... }:
{
imports = [
materusCfg.configInputs.nixos-hardware.nixosModules.raspberry-pi-4
./configuration.nix
./secrets
./services
];
}
@@ -1,27 +1,14 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, materusArgs, ... }:
let
crossPkgs = import pkgs.path {
localSystem = "x86_64-linux";
crossSystem = pkgs.stdenv.hostPlatform.system;
};
rpi4-kernel =
crossPkgs.callPackage (materusArgs.inputs.nixos-hardware.outPath + "/raspberry-pi/common/kernel.nix")
{
rpiVersion = 4;
};
in
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
materusArgs.inputs.nixos-hardware.nixosModules.raspberry-pi-4
];
#boot.kernelPackages = pkgs.linuxPackagesFor materusArgs.inputs.nixos-hardware.packages.aarch64-linux.rpi4-kernel;
boot.kernelPackages = crossPkgs.linuxPackagesFor rpi4-kernel;
boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
@@ -34,6 +21,13 @@ in
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [{
device = "/var/.swapfile";
size = 8 * 1024;
@@ -0,0 +1,17 @@
{ config, pkgs, lib, ... }:
{
home.stateVersion = "23.11";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = false;
nixpkgs.enable = false;
enableDesktop = false;
enableTerminal = false;
enableTerminalExtra = false;
enableNixDevel = false;
fish.enable = false;
bash.enable = true;
zsh.enable = true;
};
}
@@ -0,0 +1,28 @@
{ materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
sops.secrets.wireguard = { };
sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.elements = { };
sops.secrets.nextcloud-adminpass = { };
}
@@ -0,0 +1,37 @@
wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
nextcloud-adminpass: ENC[AES256_GCM,data:5vohRPEcJJ8gIRro38O73ufSYYEp1DXpBgjCPdPnMcg=,iv:STh3k5wUwx3AfSDTPCXhuXbPb3d+Vi1cAaQN2a9eW1w=,tag:Ef/Z2Idvl6575Jvs2GDJ8A==,type:str]
elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
users:
materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1j34lqh0z6ak2c94n564wgyjeykn9srma34f5e5e7xvf498fwk3rqxvwx0l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvejRrcGVwZHNkTVB5dkYr
RnhVVjNEblFVd0xXSStqdjFhWVVNS3ljUTNZCnBFVmRRVVVENGhJUVg2L1lSM1NO
dkQydVhOaFVxd0p0aFhVcmp6eXdGeVEKLS0tIFIvRDlvZDdsbm1USEZUZ3FYMmla
eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-12T11:21:33Z"
mac: ENC[AES256_GCM,data:TbWjHvrJAB55AjFsbOK/IPb7v4wzqL2JGLvnNTr+ah/c2brdlq6DWeAF2+HA3FpLRt2a0MajwMTCsconoe8hW6Am/WO0FJBoYlneLAl/RlAv7BYfyorTD/Vyp9am7ml5T3f2pdYdsw1k/5RSn1ulUg43vSgi5es5Co8CtzC5hPE=,iv:+V48Azrr9yArwqNi3POYh7QaRMfUreCf7Bmv7kjV9qo=,tag:HDcMMCnyfVQRHTQJZB0R3Q==,type:str]
pgp:
- created_at: "2024-03-21T18:15:00Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAWetrf0jhs/b9qcQc4b21+PJUPdSjk372BjokfwJ2oXQw
4LaIaNB3LRmY4FF3UOqk28NwkwBw6n0AzYKC/k1G4ntaNBMI9eDtFJ1c1+KkxSl2
1GYBCQIQMCKcu2aBEMiIGOyG08vcRW2T23DUAfTQqQdRKD/SgSTqAZLSICVJ91xU
TBsdiPBKO2cRDfPc7DlVLbPNe/SUqVUX9N4GTGPUocXc1s6lvgx3NBP5cGoSNx+A
xCmXl373IDc=
=uSyc
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
@@ -0,0 +1,63 @@
{ config, materusArg, lib, pkgs, ... }:
let
cfg = config.waffentragerService.auth;
in
{
options.waffentragerService.auth.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable auth";
imports =
[
./samba.nix
];
config = lib.mkIf cfg.enable
{
waffentragerService.elements.enable = true;
waffentragerService.nginx.enable = true;
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
systemd.services.resolvconf.enable = false;
networking.hosts = {
"${materusArg.ips.wireguard.waffentrager}" = [
materusArg.waffentrager.samba.domain
"${materusArg.waffentrager.samba.netbiosName}.${materusArg.waffentrager.samba.domain}"
materusArg.waffentrager.samba.netbiosName
];
};
environment.etc = {
resolvconf = {
text = ''
search ${materusArg.waffentrager.samba.domain}
nameserver ${materusArg.waffentrager.samba.dnsIp}
nameserver 9.9.9.9
'';
};
};
systemd.timers.rsync-acme = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1min";
OnUnitActiveSec = "1h";
Unit = "rsync-acme.service";
};
};
systemd.services.rsync-acme = {
description = "Sync acme for samba";
path = [ pkgs.rsync ];
requires = [ "var-lib-mnt_acme.mount" ];
after = [ "var-lib-mnt_acme.mount" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
rsync -avzr --chmod=0600 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/key.pem ${materusArg.waffentrager.samba.servicePath}/tls/
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/chain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
rsync -avzr --chmod=0640 --chown=root:root /var/lib/mnt_acme/${materusArg.waffentrager.samba.domain}/fullchain.pem ${materusArg.waffentrager.samba.servicePath}/tls/
'';
};
};
}
@@ -0,0 +1,91 @@
{ materusArg, config, lib, pkgs, ... }:
{
config =
let
cfg = config.waffentragerService.auth;
sambaCfg = config.services.samba;
servicePath = materusArg.waffentrager.samba.servicePath;
smbToString = x:
if builtins.typeOf x == "bool"
then lib.boolToString x
else builtins.toString x;
shareConfig = name:
let share = lib.getAttr name cfg.shares; in
"[${name}]\n " + (smbToString (
map
(key: "${key} = ${smbToString (lib.getAttr key share)}\n")
(lib.attrNames share)
));
in
lib.mkIf cfg.enable {
systemd.services.samba-smbd.enable = false;
systemd.services.samba = {
description = "Samba Service Daemon";
requires = [ "rsync-acme.service" ];
after = [ "rsync-acme.service" ];
requiredBy = [ "samba.target" ];
partOf = [ "samba.target" ];
serviceConfig = {
ExecStart = "${pkgs.samba4Full}/sbin/samba --foreground --no-process-group";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
LimitNOFILE = 16384;
PIDFile = "/run/samba.pid";
Type = "notify";
NotifyAccess = "all";
};
unitConfig.RequiresMountsFor = servicePath;
};
# https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
networking.firewall.allowedTCPPorts = [ 139 445 389 88 53 464 636 3268];
networking.firewall.allowedUDPPorts = [ 135 137 138 389 88 53 123 464];
systemd.tmpfiles.rules = [
"d ${servicePath}/tls/ 0600 root 3000000 -"
"d ${servicePath}/private/ 0600 root 3000000 -"
"d ${servicePath}/lock/ 0600 root 3000000 -"
"d ${servicePath}/cache/ 0600 root 3000000 -"
];
services.samba = {
enable = true;
enableNmbd = false;
enableWinbindd = false;
package = pkgs.samba4Full;
configText = ''
# Global parameters
[global]
dns forwarder = ${materusArg.waffentrager.samba.dnsIp}
netbios name = ${materusArg.waffentrager.samba.netbiosName}
realm = ${lib.toUpper materusArg.waffentrager.samba.domain}
server role = active directory domain controller
workgroup = ${materusArg.waffentrager.samba.workgroup}
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = yes
private dir = ${servicePath}/private
lock dir = ${servicePath}/lock
state directory = ${servicePath}/lock
cache directory = ${servicePath}/cache
tls enabled = yes
tls keyfile = ${servicePath}/tls/key.pem
tls certfile = ${servicePath}/tls/fullchain.pem
tls cafile = ${servicePath}/tls/chain.pem
[sysvol]
path = ${servicePath}/sysvol
read only = No
[netlogon]
path = ${servicePath}/sysvol/${materusArg.waffentrager.samba.domain}/scripts
read only = No
${sambaCfg.extraConfig}
${smbToString (map shareConfig (lib.attrNames sambaCfg.shares))}
'';
};
};
}
@@ -0,0 +1,20 @@
{ ... }:
{
imports =
[
./elements.nix
./postgresql.nix
./mount-acme.nix
./gitea.nix
./nginx.nix
./nextcloud.nix
./auth
];
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.mount-acme.enable = true;
waffentragerService.gitea.enable = true;
waffentragerService.nginx.enable = true;
waffentragerService.nextcloud.enable = true;
waffentragerService.auth.enable = true;
}
@@ -1,14 +1,10 @@
{ mkk, config, lib, pkgs, ... }:
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.elements.enable = mkk.lib.mkBoolOpt false "Enable elements drive";
options.waffentragerService.elements.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable elements drive";
options.waffentragerService.elements.path = lib.mkOption { default = "/var/lib/elements"; };
options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; };
options.waffentragerService.elements.postgresqlDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/postgresql"; };
options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
options.waffentragerService.elements.lldapDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/lldap"; };
options.waffentragerService.elements.jellyfinDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/jellyfin"; };
options.waffentragerService.elements.malojaDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/maloja"; };
config =
let
cfg = config.waffentragerService.elements;
@@ -25,6 +21,12 @@
mkdir -p ${cfg.path}
cryptsetup luksOpen /dev/disk/by-uuid/${cfg.uuid} elements -d ${config.sops.secrets.elements.path}
mount /dev/mapper/elements ${cfg.path}
'' + lib.optionalString config.waffentragerService.postgresql.enable ''
mkdir -p ${cfg.postgresqlDir}/${config.waffentragerService.postgresql.version}
chown -R postgres:postgres ${cfg.postgresqlDir}
'' + lib.optionalString config.waffentragerService.nextcloud.enable ''
mkdir -p ${cfg.nextcloudDir}
chown -R nextcloud:nextcloud ${cfg.nextcloudDir}
''
;
@@ -34,32 +36,5 @@
'';
};
systemd.services.elements-dirmake = {
description = "Create dirs in elements drive";
path = [ pkgs.cryptsetup pkgs.coreutils pkgs.util-linux ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = lib.optionalString config.waffentragerService.postgresql.enable ''
mkdir -p ${cfg.postgresqlDir}/${config.waffentragerService.postgresql.version}
chown -R postgres:postgres ${cfg.postgresqlDir}
'' + lib.optionalString config.waffentragerService.nextcloud.enable ''
mkdir -p ${cfg.nextcloudDir}
chown -R nextcloud:nextcloud ${cfg.nextcloudDir}
'' + lib.optionalString config.waffentragerService.auth.lldap.enable ''
mkdir -p ${cfg.lldapDir}
chown -R lldap:lldap ${cfg.lldapDir}
'' + lib.optionalString config.waffentragerService.jellyfin.enable ''
mkdir -p ${cfg.jellyfinDir}
chown -R materus:nextcloud ${cfg.jellyfinDir}
'' + lib.optionalString config.waffentragerService.scrobbling.enable ''
mkdir -p ${cfg.malojaDir}/multi-scrobbler
chown -R scrobbler:scrobbler ${cfg.malojaDir}
''
;
};
};
}
@@ -1,6 +1,6 @@
{ config, lib, mkk, ... }:
{ materusArg, config, lib, ... }:
{
options.waffentragerService.gitea.enable = mkk.lib.mkBoolOpt false "Enable gitea";
options.waffentragerService.gitea.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable gitea";
config =
@@ -0,0 +1,20 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.mount-acme.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable mount-acme";
config =
let
cfg = config.waffentragerService.mount-acme;
in
lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ sshfs ];
systemd.mounts = [{
description = "Mount remote acme dir from valkyrie";
what = "acme@valkyrie:/var/lib/acme";
where = "/var/lib/mnt_acme";
type = "fuse.sshfs";
options = "reconnect,gid=${builtins.toString config.ids.gids.nginx},_netdev,rw,nosuid,allow_other,default_permissions,follow_symlinks,idmap=user,compression=yes,identityfile=/materus/root/ssh_host_ed25519_key";
wantedBy = [ "multi-user.target" ];
}];
};
}
@@ -1,12 +1,6 @@
{ materusArg, config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
mkk,
...
}:
{
options.waffentragerService.nextcloud.enable = mkk.lib.mkBoolOpt false "Enable nextcloud";
options.waffentragerService.nextcloud.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable nextcloud";
config =
let
@@ -16,49 +10,39 @@
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.nginx.enable = true;
environment.systemPackages = [
pkgs.samba
pkgs.exiftool
pkgs.ffmpeg-headless
];
environment.systemPackages = [ pkgs.samba pkgs.exiftool pkgs.ffmpeg-headless ];
sops.secrets.nextcloud-adminpass.owner = config.users.users.nextcloud.name;
sops.secrets.nextcloud-adminpass.group = config.users.users.nextcloud.group;
services.postgresql.ensureDatabases = [ "nextcloud" ];
services.postgresql.ensureUsers = [
{
name = "nextcloud";
ensureDBOwnership = true;
}
];
services.postgresql.ensureUsers = [{
name = "nextcloud";
ensureDBOwnership = true;
}];
services.nextcloud = {
enable = true;
package = pkgs.nextcloud33;
notify_push.enable = true;
package = pkgs.nextcloud28;
hostName = "waffentrager.materus.pl";
home = config.waffentragerService.elements.nextcloudDir;
config.adminuser = "nextcloud-master";
config.adminuser = "master";
config.adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
config.dbtype = "pgsql";
config.defaultPhoneRegion = "PL";
config.trustedProxies = [ materusArg.ips.valkyrie materusArg.ips.wireguard.valkyrie materusArg.ips.wireguard.waffentrager ];
extraAppsEnable = true;
maxUploadSize = "8G";
maxUploadSize = "4G";
https = true;
enableImagemagick = true;
configureRedis = true;
webfinger = true;
appstoreEnable = true;
database.createLocally = true;
extraApps = with pkgs.nextcloud33Packages.apps; {
nginx.recommendedHttpHeaders = true;
extraApps = with pkgs.nextcloud28Packages.apps; {
inherit notify_push previewgenerator;
};
settings = {
log_type = "file";
"profile.enabled" = true;
default_phone_region = "PL";
trusted_proxies = [
mkk.network.valkyrie.ip
mkk.wireguard.peers.valkyrie.ip
mkk.wireguard.peers.waffentrager.ip
];
extraOptions = {
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
enable_previews = true;
@@ -71,8 +55,6 @@
''OC\Preview\BMP''
''OC\Preview\XBitmap''
''OC\Preview\MP3''
''OC\Preview\OGG''
''OC\Preview\OPUS''
''OC\Preview\MP4''
''OC\Preview\TXT''
''OC\Preview\MarkDown''
@@ -84,11 +66,12 @@
];
"overwrite.cli.url" = "https://${config.services.nextcloud.hostName}";
};
globalProfiles = true;
phpOptions = {
"opcache.memory_consumption" = "512";
"opcache.interned_strings_buffer" = "64";
"opcache.max_accelerated_files" = "50000";
"opcache.max_accelerated_files"="50000";
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "128M";
"opcache.validate_timestamps" = "0";
@@ -96,13 +79,7 @@
"opcache.fast_shutdown" = "1";
"opcache.save_comments" = "1";
};
phpExtraExtensions = ex: [
ex.zip
ex.zlib
ex.tidy
ex.smbclient
ex.sodium
];
phpExtraExtensions = ex: [ ex.zip ex.zlib ex.tidy ex.smbclient ];
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
@@ -112,10 +89,6 @@
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
create_full_put_path on;
dav_access user:rw group:rw all:r;
'';
};
};
@@ -1,6 +1,6 @@
{ config, lib, pkgs, mkk, ... }:
{ materusArg, config, lib, ... }:
{
options.waffentragerService.nginx.enable = mkk.lib.mkBoolOpt false "Enable nginx";
options.waffentragerService.nginx.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable nginx";
config =
@@ -14,16 +14,6 @@
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
package = pkgs.tengine;
virtualHosts."default" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
forceSSL = true;
http2 = false;
default = true;
locations."/" = { extraConfig = ''deny all;''; };
};
};
systemd.services.nginx = {
@@ -1,6 +1,6 @@
{ config, lib, pkgs, mkk, ... }:
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.postgresql.enable = mkk.lib.mkBoolOpt false "Enable postgresql";
options.waffentragerService.postgresql.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable postgresql";
options.waffentragerService.postgresql.version = lib.mkOption { default = "16"; };
config =
@@ -17,9 +17,9 @@
services.postgresql.authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256
'';
systemd.services.postgresql = {
partOf = [ "elements-mount.service" ];
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
+26
View File
@@ -0,0 +1,26 @@
{ config, pkgs, lib, materusCfg, ... }:
let
materusArg = {
pkgs = (import materusCfg.nixerus { inherit pkgs; }) //
(if pkgs.system == "x86_64-linux" then { i686Linux = import materusCfg.nixerus { pkgs = pkgs.pkgsi686Linux; }; } else { });
cfg = materusCfg;
};
in
{
imports = [
./nixpkgs.nix
./packages
./private
];
options.materus.materusArg = lib.mkOption { default = { }; };
config._module.args.materusArg = config.materus.materusArg // materusArg;
config.assertions = [
{
assertion = materusCfg.materusFlake.decrypted;
message = "Repository not decrypted, use crypt.sh to decrypt";
}
];
}
+91
View File
@@ -0,0 +1,91 @@
{ config, pkgs, lib, materusArg, materusCfg, ... }:
let
mkBoolOpt = default: description: lib.mkOption {
inherit default;
inherit description;
type = lib.types.bool;
example = true;
};
cfg = config.materus.profile.nixpkgs;
in
{
options.materus.profile.nixpkgs.enable = mkBoolOpt false "Enable materus nixpkgs config";
options.materus.profile.nixpkgs.enableOverlays = mkBoolOpt (cfg.enable) "Enable materus overlays";
options.materus.profile.nix.enableRegistry = mkBoolOpt (!materusCfg.isHm) "Enable materus nix registry";
config.nixpkgs.config = lib.mkIf cfg.enable {
allowUnfree = lib.mkDefault true;
joypixels.acceptLicense = lib.mkDefault true;
};
config.nixpkgs.overlays = lib.mkIf cfg.enableOverlays [ materusArg.cfg.configInputs.emacs-overlay.overlay ];
config.nix.package = lib.mkDefault pkgs.nixUnstable;
config.nix.registry = lib.mkIf config.materus.profile.nix.enableRegistry {
nixpkgs-stable = {
from = { type = "indirect"; id = "nixpkgs-stable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs-stable;
};
nixpkgs-unstable = {
from = { type = "indirect"; id = "nixpkgs-unstable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs;
};
nixpkgs = {
from = { type = "indirect"; id = "nixpkgs"; };
flake = materusCfg.configInputs.nixpkgs;
};
emacs-overlay = {
from = { type = "indirect"; id = "emacs-overlay"; };
flake = materusCfg.configInputs.emacs-overlay;
};
flake-utils = {
from = { type = "indirect"; id = "flake-utils"; };
flake = materusCfg.configInputs.flake-utils;
};
nixos-hardware = {
from = { type = "indirect"; id = "nixos-hardware"; };
flake = materusCfg.configInputs.nixos-hardware;
};
nixerus = {
from = { type = "indirect"; id = "nixerus"; };
flake = materusCfg.configInputs.nixerus;
};
devshell = {
from = { type = "indirect"; id = "devshell"; };
flake = materusCfg.configInputs.devshell;
};
home-manager = {
from = { type = "indirect"; id = "home-manager"; };
flake = materusCfg.configInputs.home-manager;
};
sops-nix = {
from = { type = "indirect"; id = "sops-nix"; };
flake = materusCfg.configInputs.sops-nix;
};
base16 = {
from = { type = "indirect"; id = "base16"; };
flake = materusCfg.configInputs.base16;
};
git-agecrypt = {
from = { type = "indirect"; id = "git-agecrypt"; };
flake = materusCfg.configInputs.git-agecrypt;
};
nur = {
from = { type = "indirect"; id = "nur"; };
flake = materusCfg.configInputs.nur;
};
};
}
@@ -0,0 +1,53 @@
{ config, pkgs, lib, materusArg, ... }:
with materusArg.pkgs.lib;
{
imports = [
./fonts.nix
];
#Single Packages
options.materus.profile.packages.home-manager = mkPrivateVar materusArg.cfg.configInputs.home-manager.packages.${pkgs.system}.home-manager;
options.materus.profile.packages.firefox = mkPrivateVar (pkgs.firefox.override {
nativeMessagingHosts = [
pkgs.plasma-browser-integration
];
});
#Package Lists
options.materus.profile.packages.list.nixRelated = mkPrivateVar (with pkgs; [
nix-prefetch
nix-prefetch-scripts
nix-prefetch-github
nix-prefetch-docker
nixfmt
nix-top
nix-tree
nix-diff
nix-ld
nil
nixpkgs-fmt
nixpkgs-review
]);
options.materus.profile.packages.list.desktopApps = mkPrivateVar (with pkgs; [
(discord.override { nss = nss_latest; withOpenASAR = true; withTTS = true; })
tdesktop
mpv
ani-cli
obsidian
nextcloud-client
spotify
thunderbird
keepassxc
(aspellWithDicts (ds: with ds; [ en en-computers en-science pl ]))
onlyoffice-bin
]);
options.materus.profile.packages.list.terminalApps = mkPrivateVar (with pkgs; [
neofetch
ripgrep
fd
]);
}
@@ -0,0 +1,35 @@
{ pkgs, lib, ... }:
let
defaultFonts = [
pkgs.dejavu_fonts
pkgs.freefont_ttf
pkgs.gyre-fonts
pkgs.liberation_ttf
pkgs.unifont
];
fonts = [
pkgs.noto-fonts
pkgs.noto-fonts-extra
pkgs.noto-fonts-emoji
pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-cjk-serif
pkgs.wqy_zenhei
pkgs.corefonts
pkgs.hack-font
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
] ++ defaultFonts;
moreFonts = [
pkgs.ubuntu_font_family
pkgs.monocraft
(pkgs.nerdfonts.override { fonts = [ "DroidSansMono" "Meslo" "ProFont" "FiraCode"]; })
];
in
{
options.materus.profile.packages.list.fonts = lib.mkOption { default = fonts; readOnly = true; visible = false; };
options.materus.profile.packages.list.moreFonts = lib.mkOption { default = moreFonts; readOnly = true; visible = false; };
}
Binary file not shown.
+16
View File
@@ -0,0 +1,16 @@
{
osProfile = {
imports = [
./os
./common
];
};
homeProfile = {
imports = [
./common
./home
];
};
}
+25
View File
@@ -0,0 +1,25 @@
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.browser;
osConfig = (if (builtins.hasAttr "osConfig" config._module.args) then config._module.args.osConfig else null);
in
{
options = let mkBoolOpt = materusArg.pkgs.lib.mkBoolOpt; in {
materus.profile.browser.firefox.enable = mkBoolOpt false "Enable Firefox with materus cfg";
materus.profile.browser.vivaldi.enable = mkBoolOpt false "Enable Vivaldi with materus cfg";
materus.profile.browser.brave.enable = mkBoolOpt false "Enable Brave with materus cfg";
};
#TODO: Make some config
config = lib.mkMerge [{
home.packages = [
(lib.mkIf cfg.firefox.enable config.materus.profile.packages.firefox)
(lib.mkIf cfg.vivaldi.enable pkgs.vivaldi)
(lib.mkIf cfg.brave.enable pkgs.brave)
] ++ [ (lib.mkIf (osConfig != null && osConfig.materus.profile.browser.enable) osConfig.materus.profile.browser.package)];
}
];
}
+71
View File
@@ -0,0 +1,71 @@
{ config, lib, pkgs, materusArg, ... }:
let
packages = cfg.packages;
cfg = config.materus.profile;
in
{
imports = [
./fonts.nix
./browser.nix
./xdg.nix
./shell
./editor
./terminal
];
options.materus.profile.enableDesktop = materusArg.pkgs.lib.mkBoolOpt false "Enable settings for desktop";
options.materus.profile.enableTerminal = materusArg.pkgs.lib.mkBoolOpt true "Enable settings for terminal";
options.materus.profile.enableTerminalExtra = materusArg.pkgs.lib.mkBoolOpt false "Enable extra settings for terminal";
options.materus.profile.enableNixDevel = materusArg.pkgs.lib.mkBoolOpt false "Enable settings for nix devel";
config =
{
home.packages = (if cfg.enableDesktop then packages.list.desktopApps else [ ]) ++
(if cfg.enableNixDevel then packages.list.nixRelated else [ ]) ++
(if cfg.enableTerminal then packages.list.terminalApps else [ ]);
#Desktop
programs.feh.enable = lib.mkDefault cfg.enableDesktop;
#Terminal
programs.git = {
enable = lib.mkDefault cfg.enableTerminal;
package = lib.mkDefault pkgs.gitFull;
delta.enable = lib.mkDefault cfg.enableTerminal;
lfs.enable = lib.mkDefault cfg.enableTerminal;
};
programs.gitui.enable = cfg.enableTerminalExtra;
programs.nix-index = {
enable = lib.mkDefault cfg.enableTerminal;
enableBashIntegration = lib.mkDefault config.programs.bash.enable;
enableFishIntegration = lib.mkDefault config.programs.fish.enable;
enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
};
programs.direnv = {
enable = lib.mkDefault (cfg.enableTerminalExtra || cfg.enableNixDevel);
nix-direnv.enable = lib.mkDefault (cfg.enableNixDevel && (config.programs.direnv.enable == true));
enableBashIntegration = lib.mkDefault config.programs.bash.enable;
#enableFishIntegration = lib.mkDefault config.programs.fish.enable;
enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
};
programs.fzf = {
enable = lib.mkDefault cfg.enableTerminalExtra;
enableBashIntegration = lib.mkDefault config.programs.bash.enable;
enableFishIntegration = lib.mkDefault config.programs.fish.enable;
enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
};
programs.eza.enable = lib.mkDefault cfg.enableTerminalExtra;
programs.yt-dlp.enable = lib.mkDefault cfg.enableTerminalExtra;
};
}
@@ -0,0 +1,17 @@
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.editor.code;
in
{
options.materus.profile.editor.code.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable VSCodium with materus cfg";
options.materus.profile.editor.code.fhs.enable = materusArg.pkgs.lib.mkBoolOpt false "Use fhs vscodium";
options.materus.profile.editor.code.fhs.packages = lib.mkOption { default = (ps: [ ]); };
config = lib.mkIf cfg.enable {
programs.vscode = {
enable = lib.mkDefault true;
package = lib.mkDefault (if (cfg.fhs.enable) then (pkgs.vscodium.fhsWithPackages cfg.fhs.packages) else pkgs.vscodium);
mutableExtensionsDir = lib.mkDefault true;
};
materus.profile.fonts.enable = lib.mkDefault true;
};
}
@@ -0,0 +1,8 @@
{ config, lib, pkgs, ... }:
{
imports = [
./code.nix
./neovim.nix
./emacs
];
}
@@ -0,0 +1,122 @@
{ config, lib, pkgs, materusArg, ... }:
let
configPath = "${materusArg.cfg.path}" + "/extraFiles/config/emacs/";
inits = import ./init.nix { path = configPath; inherit pkgs; };
packages = epkgs: with epkgs; [
load-relative
elcord
persp-mode
dashboard
magit
helm
avy
corfu
vterm
centaur-tabs
projectile
company
clipetty
treemacs
treemacs-nerd-icons
treemacs-perspective
treemacs-icons-dired
treemacs-magit
treemacs-projectile
tree-edit
vertico
nerd-icons
nerd-icons-completion
perspective
minions
telephone-line
rainbow-delimiters
use-package
cmake-mode
lsp-mode
lsp-java
lsp-jedi
lsp-haskell
lsp-ui
lsp-treemacs
dap-mode
d-mode
multiple-cursors
org
org-rainbow-tags
org-roam
org-roam-ui
org-review
markdown-mode
json-mode
nix-mode
minimap
moe-theme
doom-themes
];
default-config = ''
(defvar materus/nix-packages t)
(defvar materus/init-from-home nil)
(unless materus/init-from-home
(message "Config loading not from homeDir, need \"materus/init-from-home\" variable in init.el")
${setNixInit}
${inits.initText}
)
'';
emacsPkgs = with pkgs;[
python3
lua
multimarkdown
git
];
cfg = config.materus.profile.editor.emacs;
setNixInit = ''
(setenv "PATH" (concat (getenv "PATH") ":${lib.makeBinPath emacsPkgs}"))
${builtins.concatStringsSep "\n" (builtins.map (x: "(setq exec-path (append exec-path '(\""+x+"/bin\")))" ) emacsPkgs)}
(call-process-shell-command "${pkgs.xorg.xmodmap}/bin/xmodmap -e \"keycode 66 = Hyper_L\" -e \"remove Mod4 = Hyper_L\" -e \"add Mod3 = Hyper_L\" &" nil 0)
'';
in
{
options.materus.profile.editor.emacs.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable emacs with materus cfg";
config = lib.mkIf cfg.enable {
home.activation.emacsCompile = lib.hm.dag.entryAfter [ "linkGeneration" ] ''
run ${config.programs.emacs.finalPackage}/bin/emacs --batch \
--eval '(setq warning-minimum-log-level :error)' \
--eval '(byte-compile-file "${config.xdg.configHome}/emacs/early-init.el")' \
--eval '(byte-compile-file "${config.xdg.configHome}/emacs/init.el")'
'';
xdg.configFile."emacs/init.el".text = ''
(defvar materus/nix-packages nil)
(defvar materus/init-from-home t)
(setq-default materus/init-from-home t)
${setNixInit}
${inits.initText}
'';
xdg.configFile."emacs/early-init.el".text = ''
${inits.earlyInitText}
'';
programs.emacs = {
enable = true;
package = with pkgs; lib.mkDefault materusArg.pkgs.emacs-materus;
extraPackages = epkgs: ((packages epkgs));
extraConfig = default-config;
};
};
}
@@ -0,0 +1,17 @@
{ path, pkgs }:
{
earlyInitText = ''
${builtins.readFile (path + "early-init.el")}
'';
initText = ''
(defvar materus/init-from-home nil)
(when materus/init-from-home
(setq-default inhibit-defaul-init 1)
)
(setq-default materus/nix-packages (require 'doom-themes nil 'noerror))
${builtins.readFile (path + "packages.el")}
${builtins.readFile (path + "init.el")}
'';
}
@@ -0,0 +1,35 @@
{ config, lib, pkgs, materusArg, ... }:
let
cfg = config.materus.profile.editor.neovim;
in
{
options.materus.profile.editor.neovim.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable neovim with materus cfg";
config = lib.mkIf cfg.enable {
programs.neovim = {
enable = true;
coc.enable = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
extraConfig = ''
set number
'';
plugins = with pkgs.vimPlugins;[
syntastic
vim-fugitive
vim-airline
vim-nix
nvim-fzf
nvim-treesitter.withAllGrammars
];
};
};
}
+13
View File
@@ -0,0 +1,13 @@
{ config, pkgs, lib, materusArg, ... }:
let
packages = config.materus.profile.packages;
cfg = config.materus.profile.fonts;
in
{
options.materus.profile.fonts.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable materus font settings";
config = lib.mkIf cfg.enable {
fonts.fontconfig.enable = lib.mkDefault true;
home.packages = packages.list.fonts;
};
}
@@ -0,0 +1,20 @@
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.bash;
in
{
options.materus.profile.bash.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminal "Enable materus bash config";
config = lib.mkIf cfg.enable {
programs.bash = {
enable = true;
enableCompletion = lib.mkDefault true;
enableVteIntegration = lib.mkDefault true;
historyControl = lib.mkDefault [ "erasedups" "ignorespace" ];
shellOptions = lib.mkDefault [ "autocd" "checkwinsize" "cmdhist" "expand_aliases" "extglob" "globstar" "checkjobs" "nocaseglob" ];
};
};
}
@@ -0,0 +1,9 @@
{
imports = [
./zsh.nix
./bash.nix
./fish.nix
./starship.nix
];
}
@@ -0,0 +1,12 @@
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.fish;
in
{
options.materus.profile.fish.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable materus fish config";
config = lib.mkIf cfg.enable {
programs.fish = {
enable = true;
};
};
}
@@ -0,0 +1,48 @@
{ config, pkgs, lib, materusArg, ... }:
let
profile = config.materus.profile;
cfg = config.materus.profile.starship;
in
{
options.materus.profile.starship.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus starship config";
config = lib.mkIf cfg.enable {
programs.starship.enable = true;
programs.starship.settings = {
python = {
symbol = " ";
};
format = "$username@$hostname$all";
right_format = "$cmd_duration $time";
time = {
disabled = false;
style = "bold bright-black";
format = "[$time]($style)";
};
line_break = { disabled = true; };
shell = {
disabled = false;
fish_indicator = "fish";
bash_indicator = "bash";
zsh_indicator = "zsh";
style = "blue bold";
};
hostname = {
ssh_only = false;
};
username = {
disabled = false;
show_always = true;
format = "[$user]($style)";
style_user = "white bold";
style_root = "black bold";
};
};
};
}
+189
View File
@@ -0,0 +1,189 @@
{ config, pkgs, lib, materusArg, ... }:
let
relToDotDir = file: (lib.optionalString (config.programs.zsh.dotDir != null) (config.programs.zsh.dotDir + "/")) + file;
pluginsDir =
if config.programs.zsh.dotDir != null then
relToDotDir "plugins" else "${config.home.homeDirectory}/.zsh/plugins";
p10kcfg = "${zshcfg}/p10kcfg";
zshcfg = "${materusArg.cfg.path}" + "/extraFiles/config/zsh";
cfg = config.materus.profile.zsh;
makeEnv = name: val: ''${name}=''${${name}:-"${val}"}'';
makeIfVar = var: val: ret: ''
if [[ "''$${var}" = "${val}" ]]; then
${ret}
fi
'';
makePlugin = nameArg: fileArg: srcArg: rec {
name = nameArg;
src = srcArg;
path = pluginsDir + "/" + name;
file = fileArg;
fullPath = path + "/" + file;
};
extraPlugins = {
powerlevel10k = makePlugin "powerlevel10k" "powerlevel10k.zsh-theme" (pkgs.fetchFromGitHub {
owner = "romkatv";
repo = "powerlevel10k";
rev = "v1.20.0";
sha256 = "sha256-ES5vJXHjAKw/VHjWs8Au/3R+/aotSbY7PWnWAMzCR8E=";
});
sudo = makePlugin "sudo" "sudo.plugin.zsh" "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/sudo";
extract = makePlugin "extract" "extract.plugin.zsh" "${pkgs.oh-my-zsh}/share/oh-my-zsh/plugins/extract";
};
in
{
options.materus.profile.zsh.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableTerminalExtra "Enable materus zsh config";
options.materus.profile.zsh.prompt = lib.mkOption {
type = lib.types.enum [ "p10k" ];
example = "p10k";
default = "p10k";
};
options.materus.profile.zsh.endConfig = lib.mkOption {
default = "";
description = "Zsh config after all of config";
type = lib.types.lines;
};
config = lib.mkIf cfg.enable {
home.packages = [
pkgs.ripgrep
];
home.file = lib.mkMerge [
(builtins.foldl' (a: b: a // b) { } (builtins.map (plugin: { ${plugin.path}.source = plugin.src; }) (builtins.attrValues extraPlugins)))
{ "${relToDotDir ".zshrc"}".text = lib.mkAfter cfg.endConfig; }
];
programs.zsh = {
enable = true;
enableAutosuggestions = true;
enableSyntaxHighlighting = true;
enableVteIntegration = true;
historySubstringSearch.enable = true;
historySubstringSearch.searchUpKey = "$key[Up]";
historySubstringSearch.searchDownKey = "$key[Down]";
envExtra = ''
${makeEnv "__MATERUS_HM_ZSH" "1"}
${makeEnv "__MATERUS_HM_ZSH_PROMPT" cfg.prompt}
${makeEnv "__MATERUS_HM_ZSH_PRIVATE" "0"}
'';
initExtraFirst = ''
${makeIfVar "__MATERUS_HM_ZSH_PROMPT" "p10k" ''
if [[ -r "''${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''${(%):-%n}.zsh" ]]; then
source "''${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''${(%):-%n}.zsh"
fi
if [[ -f "${extraPlugins.powerlevel10k.fullPath}" ]]; then
source "${extraPlugins.powerlevel10k.fullPath}"
fi
''
}
if zmodload zsh/terminfo && (( "$terminfo[colors]" >= "256" )); then
__MATERUS_HM_ZSH_256COLORS="''${__MATERUS_HM_ZSH_256COLORS:-1}"; else
__MATERUS_HM_ZSH_256COLORS="''${__MATERUS_HM_ZSH_256COLORS:-0}";
fi
if [[ -f "${extraPlugins.sudo.fullPath}" ]]; then
source "${extraPlugins.sudo.fullPath}"
fi
if [[ -f "${extraPlugins.extract.fullPath}" ]]; then
source "${extraPlugins.extract.fullPath}"
path+="${extraPlugins.extract.path}"
fpath+="${extraPlugins.extract.path}"
fi
'';
plugins = [
];
history = {
extended = true;
save = 100000;
size = 100000;
share = true;
ignoreDups = true;
ignoreAllDups = true;
ignoreSpace = true;
};
completionInit = ''
ZSH_COMPDUMP="''${ZSH_COMPDUMP:-''${XDG_CACHE_HOME:-${config.home.homeDirectory}/.cache}/.zcompdump-''${HOST}-''${ZSH_VERSION}}"
autoload -U compinit && compinit -d $ZSH_COMPDUMP
'';
initExtra = ''
if [[ "$__ETC_ZSHRC_SOURCED" != "1" ]]; then
. ${zshcfg}/zinputrc
fi
source ${zshcfg}/zshcompletion.zsh
history-substring-search-up-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-up
}
history-substring-search-down-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-down
}
zle -N history-substring-search-up-prefixed
zle -N history-substring-search-down-prefixed
bindkey -r "^["
bindkey "^[[1;5C" forward-word
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5A" history-substring-search-up-prefixed
bindkey "^[[1;5B" history-substring-search-down-prefixed
zsh-private() {
__MATERUS_HM_ZSH_PRIVATE=1 ${lib.getExe config.programs.zsh.package}
}
myip() {
${lib.getExe pkgs.wget} -qO- https://wtfismyip.com/text
}
speedtest() {
${lib.getExe pkgs.curl} -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | ${lib.getExe pkgs.python3}
}
'' +
makeIfVar "__MATERUS_HM_ZSH_PROMPT" "p10k" ''
if [[ "$__MATERUS_HM_ZSH_256COLORS" = "1" ]] ; then
[[ ! -f ${p10kcfg}/fullcolor.zsh ]] || source ${p10kcfg}/fullcolor.zsh
else
[[ ! -f ${p10kcfg}/compatibility.zsh ]] || source ${p10kcfg}/compatibility.zsh
fi
'' + makeIfVar "__MATERUS_HM_ZSH_PRIVATE" "1" ''
unset HISTFILE
${lib.optionalString config.programs.zsh.history.share "unsetopt SHARE_HISTORY"}
alias -- 'zsh'="__MATERUS_HM_ZSH_PRIVATE=0 zsh "
''
;
};
programs.starship.enableZshIntegration = lib.mkDefault false;
};
}
@@ -0,0 +1,9 @@
{...}:
{
imports = [
./wezterm.nix
./tmux.nix
];
}
@@ -0,0 +1,20 @@
{ materusArg, config, lib, ... }:
let
cfg = config.materus.profile.tmux;
in
{
options.materus.profile.tmux.enable = materusArg.pkgs.lib.mkBoolOpt true "Enable materus tmux config";
config = lib.mkIf cfg.enable
{
programs.tmux = {
enable = true;
clock24 = lib.mkDefault true;
aggressiveResize = lib.mkDefault true;
escapeTime = lib.mkDefault 0;
historyLimit = lib.mkDefault 10000;
mouse = lib.mkDefault true;
terminal = lib.mkDefault "tmux-256color";
};
};
}
@@ -0,0 +1,45 @@
{ config, lib, materusArg, pkgs, ... }:
let
cfg = config.materus.profile.wezterm;
zshCfg = ''
source "${config.programs.wezterm.package}/etc/profile.d/wezterm.sh"
'';
in
{
options.materus.profile.wezterm.enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable materus wezterm config";
options.materus.profile.wezterm.enableHackFont = materusArg.pkgs.lib.mkBoolOpt true "Enable hack nerd font for wezterm";
options.materus.profile.wezterm.enableWezcraft = materusArg.pkgs.lib.mkBoolOpt true "Enable alias to start wezcraft with monocraft font";
options.materus.profile.wezterm.extraConfig = lib.mkOption {
default = "";
description = "Config for wezterm";
type = lib.types.lines;
};
config = lib.mkIf cfg.enable
{
programs.wezterm.enable = true;
programs.wezterm.colorSchemes = { };
programs.wezterm.enableZshIntegration = false;
programs.wezterm.extraConfig = ''
package.path = package.path .. ";${materusArg.cfg.path}/extraFiles/config/wezterm/?.lua"
require("wezterm_config");
local config = materus_wezterm_config();
${lib.optionalString cfg.enableHackFont "config.font = wezterm.font 'Hack Nerd Font';"}
${cfg.extraConfig}
return config;
'';
home.packages = [
(lib.mkIf cfg.enableHackFont (pkgs.nerdfonts.override {
fonts = [ "Hack" ];
}))
(lib.mkIf cfg.enableWezcraft (pkgs.monocraft))
(lib.mkIf cfg.enableWezcraft (pkgs.writeShellScriptBin "wezcraft" ''
${lib.getExe config.programs.wezterm.package} --config font="wezterm.font 'Monocraft Nerd Font'" $@
''))
];
materus.profile.zsh.endConfig = lib.optionalString cfg.enableWezcraft zshCfg;
};
}
+40
View File
@@ -0,0 +1,40 @@
{ config, lib, materusArg, pkgs, ... }:
{
options.materus.profile.xdg =
{
enable = materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable xdg settings";
};
config =
let
cfg = config.materus.profile.xdg;
in
lib.mkIf cfg.enable {
xdg.enable = true;
xdg.userDirs.enable = lib.mkDefault true;
xdg.userDirs.createDirectories = lib.mkDefault config.xdg.userDirs.enable;
xdg.userDirs.desktop = lib.mkDefault "${config.home.homeDirectory}/Pulpit";
xdg.userDirs.documents = lib.mkDefault "${config.home.homeDirectory}/Dokumenty";
xdg.userDirs.download = lib.mkDefault "${config.home.homeDirectory}/Pobrane";
xdg.userDirs.music = lib.mkDefault "${config.xdg.userDirs.extraConfig.XDG_AUDIO_DIR}/Muzyka";
xdg.userDirs.pictures = lib.mkDefault "${config.home.homeDirectory}/Obrazy";
xdg.userDirs.publicShare = lib.mkDefault "${config.home.homeDirectory}/Publiczny";
xdg.userDirs.templates = lib.mkDefault "${config.home.homeDirectory}/Szablony";
xdg.userDirs.videos = lib.mkDefault "${config.home.homeDirectory}/Wideo";
xdg.userDirs.extraConfig = {
XDG_MISC_DIR = lib.mkDefault "${config.home.homeDirectory}/Inne";
XDG_PIC_SCREENSHOTS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zrzuty ekranu";
XDG_PIC_MEMES_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Memy";
XDG_PIC_MISC_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Inne";
XDG_PIC_PHOTOS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zdjęcia";
XDG_PIC_AVATARS_DIR = "${config.xdg.userDirs.pictures}/Avatar";
XDG_AUDIO_DIR = lib.mkDefault "${config.home.homeDirectory}/Audio";
XDG_KEYS_DIR = lib.mkDefault "${config.xdg.userDirs.documents}/Klucze";
};
};
}
+29
View File
@@ -0,0 +1,29 @@
{ config, pkgs, lib, ... }:
{
imports = [
./nix.nix
./fonts.nix
./shell
./games
./desktop
];
time.timeZone = lib.mkDefault "Europe/Warsaw";
i18n.defaultLocale = lib.mkDefault "pl_PL.UTF-8";
console = {
enable = lib.mkDefault true;
earlySetup = lib.mkDefault true;
font = lib.mkDefault "LatArCyrHeb-16";
keyMap = lib.mkDefault "pl";
};
programs.tmux = {
enable = lib.mkDefault true;
clock24 = lib.mkDefault true;
};
environment.systemPackages = lib.mkIf config.programs.tmux.enable [ pkgs.tmux.terminfo ];
}
@@ -0,0 +1,24 @@
{ materusArg, config, pkgs, lib, ... }:
let
cfg = config.materus.profile.browser;
in
{
options.materus.profile.browser.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus default browser config";
options.materus.profile.browser.default = lib.mkOption {
type = lib.types.enum [ "firefox" "brave" "vivaldi" ];
example = "vivaldi";
default = "brave";
};
options.materus.profile.browser.package = materusArg.pkgs.lib.mkPrivateVar
(if (cfg.default == "firefox") then config.materus.profile.packages.firefox else
if (cfg.default == "vivaldi") then pkgs.vivaldi else
if (cfg.default == "brave") then pkgs.brave else { });
config = lib.mkIf cfg.enable {
environment.systemPackages = [
config.materus.profile.browser.package
];
};
}
@@ -0,0 +1,6 @@
{
imports = [
./browser.nix
];
}
+24
View File
@@ -0,0 +1,24 @@
{ config, pkgs, lib, materusArg, ... }:
let
packages = config.materus.profile.packages;
cfg = config.materus.profile.fonts;
in
{
options.materus.profile.fonts.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus font settings for OS";
config = lib.mkIf cfg.enable {
fonts.packages = packages.list.fonts ++ packages.list.moreFonts;
fonts.enableDefaultPackages = lib.mkDefault true;
fonts.fontconfig.enable = lib.mkDefault true;
fonts.fontconfig.cache32Bit = lib.mkDefault true;
fonts.fontconfig.defaultFonts.sansSerif = [ "Noto Sans" "DejaVu Sans" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.serif = [ "Noto Serif" "DejaVu Serif" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.emoji = [ "Noto Color Emoji" "OpenMoji Color" ];
fonts.fontconfig.defaultFonts.monospace = [ "Hack Nerd Font" "Noto Sans Mono" "WenQuanYi Zen Hei Mono" ];
fonts.fontDir.enable = lib.mkDefault true;
};
}
@@ -0,0 +1,6 @@
{ config, pkgs, ... }:
{
imports = [
./steam.nix
];
}
+115
View File
@@ -0,0 +1,115 @@
{ config, pkgs, lib, materusArg, inputs, ... }:
let
steamPkg = pkgs.steam.override {
extraPkgs = pkgs: [
pkgs.libdecor
pkgs.obs-studio-plugins.obs-vkcapture
pkgs.steamcmd
pkgs.nss_latest
pkgs.libstrangle
pkgs.libkrb5
pkgs.keyutils
pkgs.libGL
pkgs.libglvnd
pkgs.gamescope
pkgs.steamPackages.steam
pkgs.libxcrypt
pkgs.gnutls
pkgs.xorg.libXcursor
pkgs.xorg.libXi
pkgs.xorg.libXinerama
pkgs.xorg.libXScrnSaver
pkgs.xorg.xinput
pkgs.xorg.xcbutilwm
pkgs.xorg.xcbutilimage
pkgs.xorg.xcbutilkeysyms
pkgs.xorg.xcbutilerrors
pkgs.xorg.xcbutilrenderutil
pkgs.xorg.xcbutil
pkgs.xorg.xwininfo
pkgs.yad
pkgs.xdotool
pkgs.libinput
pkgs.openvdb
pkgs.openssl
pkgs.tbb
pkgs.gtk4
pkgs.gtk3
pkgs.glib
pkgs.gsettings-desktop-schemas
pkgs.fuse
pkgs.samba4Full
pkgs.tdb
pkgs.jbig2enc
pkgs.jbig2dec
pkgs.vivaldi
pkgs.x264.lib
pkgs.steamtinkerlaunch
pkgs.pipewire
pkgs.gitFull
pkgs.git-lfs
] ++ config.materus.profile.packages.list.fonts ++ config.materus.profile.steam.extraPkgs;
extraLibraries = pkgs: [
pkgs.libkrb5
pkgs.keyutils
pkgs.ncurses6
pkgs.xorg.xinput
pkgs.libinput
pkgs.fontconfig
pkgs.libxcrypt
pkgs.gnutls
pkgs.samba
pkgs.tdb
pkgs.jemalloc
pkgs.gperftools
] ++
(with config.hardware.opengl; if pkgs.hostPlatform.is64bit
then [ package ] ++ extraPackages
else [ package32 ] ++ extraPackages32);
extraEnv = config.materus.profile.steam.extraEnv;
};
cfg = config.materus.profile.steam;
in
{
options.materus.profile.steam.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus steam settings for OS";
options.materus.profile.steam.package = lib.mkOption {
type = lib.types.package;
default = steamPkg;
description = "Package used by steam";
};
options.materus.profile.steam.extraPkgs = lib.mkOption {
default = [ ];
description = "Extra packages for steam";
};
options.materus.profile.steam.extraEnv = lib.mkOption {
default = { };
description = "Extra Env for steam";
};
config = lib.mkIf cfg.enable {
hardware.steam-hardware.enable = lib.mkDefault true;
materus.profile.steam.extraEnv = {
XDG_DATA_DIRS = "/usr/share:\${XDG_DATA_DIRS}";
OBS_VKCAPTURE = "1";
};
programs.steam = {
enable = lib.mkDefault true;
dedicatedServer.openFirewall = lib.mkDefault true;
remotePlay.openFirewall = lib.mkDefault true;
};
environment.sessionVariables = rec {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = lib.mkDefault "\${HOME}/.steam/root/compatibilitytools.d";
};
environment.systemPackages = [
steamPkg
steamPkg.run
];
};
}
+22
View File
@@ -0,0 +1,22 @@
{ config, pkgs, lib, materusArg, ... }:
let
cfg = config.materus.profile.nix;
in
{
options.materus.profile.nix.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable materus nix settings";
config.nix = lib.mkIf cfg.enable {
settings = {
experimental-features = [ "nix-command" "flakes" "repl-flake" "no-url-literals" ];
auto-optimise-store = true;
trusted-users = [ "root" "@wheel" ];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE=" ];
};
};
}

Some files were not shown because too many files have changed in this diff Show More