commit bc8d69ddb5a94a4efd94851bf475b825d5a21511
parent 48a73f07b68402e6b2c61bcce795228df1407de0
Author: Katja (ctucx) <git@ctu.cx>
Date: Mon, 3 Mar 2025 17:12:50 +0100
parent 48a73f07b68402e6b2c61bcce795228df1407de0
Author: Katja (ctucx) <git@ctu.cx>
Date: Mon, 3 Mar 2025 17:12:50 +0100
configurations: refactor
126 files changed, 2625 insertions(+), 3270 deletions(-)
M
|
127
++++++++++++++++++++++++-------------------------------------------------------
M
|
59
++++++++++++++++++++++++-----------------------------------
M
|
206
+++++++++++++++++++++++++++++++++++++------------------------------------------
M
|
85
++++++++++++++++++++++++++++++++++---------------------------------------------
M
|
69
+++++++++++++++++++++++++++++----------------------------------------
M
|
47
++++++++++++++++++-----------------------------
M
|
49
+++++++++++++++++++------------------------------
M
|
96
++++++++++++++++++++++++++++++++++++++++++++-----------------------------------
D
|
152
-------------------------------------------------------------------------------
A
|
151
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
D
|
174
-------------------------------------------------------------------------------
D
|
278
-------------------------------------------------------------------------------
D
|
74
--------------------------------------------------------------------------
D
|
255
-------------------------------------------------------------------------------
D
|
54
------------------------------------------------------
D
|
63
---------------------------------------------------------------
D
|
252
-------------------------------------------------------------------------------
D
|
60
------------------------------------------------------------
D
|
187
-------------------------------------------------------------------------------
D
|
58
----------------------------------------------------------
D
|
53
-----------------------------------------------------
D
|
58
----------------------------------------------------------
D
|
213
-------------------------------------------------------------------------------
A
|
202
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
156
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
62
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
244
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
234
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
189
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A
|
47
+++++++++++++++++++++++++++++++++++++++++++++++
A
|
281
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/configurations/common/common.nix b/configurations/common/common.nix @@ -0,0 +1,49 @@ +{ ctucxConfig, pkgs, lib, ... }: + +let + NIXPKGS_PATH = lib.cleanSource pkgs.path; + +in { + + imports = [ + ctucxConfig.programs.bash + ctucxConfig.programs.starship + ctucxConfig.programs.mcfly + ctucxConfig.programs.eza + + ctucxConfig.programs.micro + ctucxConfig.programs.tmux + ctucxConfig.programs.htop + + ctucxConfig.programs.shellUtilities + ctucxConfig.programs.networkUtilities + + ctucxConfig.programs.scripts + ]; + + time.timeZone = "Europe/Berlin"; + + home-manager.useGlobalPkgs = true; + home-manager.users.katja = { + home.sessionVariables = { + NIXPKGS_PATH = NIXPKGS_PATH; + NIX_PATH = "nixpkgs=${NIXPKGS_PATH}"; + }; + }; + + environment.systemPackages = with pkgs; [ + alacritty.terminfo + ghostty.terminfo + ]; + + nix = { + nixPath = lib.mkForce [ "nixpkgs=${NIXPKGS_PATH}" ]; + settings = { + trusted-users = [ "@wheel" ]; + experimental-features = [ "nix-command" "flakes" ]; + extra-substituters = [ "https://cache.lix.systems" ]; + trusted-public-keys = [ "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" ]; + }; + }; + +}
diff --git a/configurations/common/default.nix b/configurations/common/default.nix @@ -1,48 +0,0 @@ -{ inputs, config, pkgs, lib, currentSystem, ... }: - -let - NIXPKGS_PATH = lib.cleanSource pkgs.path; - -in { - - imports = (builtins.concatLists [ - [ - ../../modules - ./programs - ] - (if (currentSystem == "x86_64-linux") then [ - ../linux - ] else []) - (if (currentSystem == "aarch64-darwin") || (currentSystem == "x86_64-darwin") then [ - ../darwin - ] else []) - ]); - - time.timeZone = "Europe/Berlin"; - - home-manager.useGlobalPkgs = true; - home-manager.users.katja.home.sessionVariables = { - NIXPKGS_PATH = NIXPKGS_PATH; - NIX_PATH = "nixpkgs=${NIXPKGS_PATH}"; - }; - - environment.systemPackages = with pkgs; [ - alacritty.terminfo ghostty.terminfo - ]; - - nix = { - nixPath = lib.mkForce [ "nixpkgs=${NIXPKGS_PATH}" ]; - settings = { - trusted-users = [ "root" "katja" "@wheel" ]; - experimental-features = [ "nix-command" "flakes" ]; - extra-substituters = [ - "https://cache.lix.systems" - ]; - - trusted-public-keys = [ - "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" - ]; - }; - }; - -}
diff --git a/configurations/common/programs/ansible.nix b/configurations/common/programs/ansible.nix @@ -8,7 +8,9 @@ let })); in { + home-manager.users.katja = { home.packages = [ ansible pkgs.ansible-lint ]; }; + }
diff --git a/configurations/common/programs/bash.nix b/configurations/common/programs/bash.nix @@ -1,94 +1,43 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.bash; - -in { - - options = { - ctucxConfig.programs.bash = { - enable = lib.mkEnableOption "bash"; - }; - }; - - config = lib.mkIf cfg.enable { - ctucxConfig.programs = { - starship.enable = true; - mcfly.enable = true; - eza.enable = true; - }; - - home-manager.users.katja = { - programs = { - bash = { - enable = true; - enableVteIntegration = lib.mkIf pkgs.stdenv.isLinux true; - - historyFileSize = 999999; - historyControl = [ "ignoredups" "ignorespace" ]; - historyIgnore = [ "ls" "clear" "exit" ]; - - shellAliases = { - ".." = "cd .."; - "..." = "cd ../.."; - - rm = "rm -i"; - - cat = lib.mkIf (builtins.elem "bat" config.home-manager.users.katja.home.packages) "bat -p"; - grep = lib.mkIf (builtins.elem "rg" config.home-manager.users.katja.home.packages) "rg"; - find = lib.mkIf (builtins.elem "rd" config.home-manager.users.katja.home.packages) "fd"; - - diff = "diff --color"; - - killall = "pkill"; - - reinitgit = "rm -rf .git && git init && git add -A && git commit -m 'init'"; - - zzz = ( - if pkgs.stdenv.isLinux then - "sleep 1 && systemctl suspend" - else - "pmset sleepnow" - ); - - backgrounditems = "bgiparser -f \"\$HOME/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems.btm\" -c"; - - }; - - bashrcExtra = '' - use() { - declare -a all - for p in "$@"; do - all+=("''${NIXPKGS_PATH}#$p") - done - eval nix shell ''${all[@]} - } - '' + lib.optionalString pkgs.stdenv.isDarwin '' - if [ "$TERM" != "dumb" ]; then - source "${pkgs.bash-completion}/etc/profile.d/bash_completion.sh" - nullglobStatus=$(shopt -p nullglob) - shopt -s nullglob - for p in $NIX_PROFILES; do - for m in "$p/etc/bash_completion.d/"*; do - source $m - done - done - eval "$nullglobStatus" - unset nullglobStatus p m - fi - - # Make bash check its window size after a process completes - shopt -s checkwinsize - - ${if pkgs.system == "aarch64-darwin" then '' - eval "$(/opt/homebrew/bin/brew shellenv)" - '' else '' - eval "$(/usr/local/bin/brew shellenv)" - ''} - ''; - - }; - }; +{ + + home-manager.users.katja = { + programs.bash = { + enable = true; + enableVteIntegration = lib.mkIf pkgs.stdenv.isLinux true; + + historyFileSize = 999999; + historyControl = [ "ignoredups" "ignorespace" ]; + historyIgnore = [ "ls" "clear" "exit" ]; + + bashrcExtra = '' + use() { + declare -a all + for p in "$@"; do + all+=("''${NIXPKGS_PATH}#$p") + done + eval nix shell ''${all[@]} + } + '' + lib.optionalString pkgs.stdenv.isDarwin '' + if [ "$TERM" != "dumb" ]; then + source "${pkgs.bash-completion}/etc/profile.d/bash_completion.sh" + nullglobStatus=$(shopt -p nullglob) + shopt -s nullglob + for p in $NIX_PROFILES; do + for m in "$p/etc/bash_completion.d/"*; do + source $m + done + done + eval "$nullglobStatus" + unset nullglobStatus p m + fi + + # Make bash check its window size after a process completes + shopt -s checkwinsize + + eval "$(/opt/homebrew/bin/brew shellenv)" + ''; }; };
diff --git a/configurations/common/programs/bitwarden-cli.nix b/configurations/common/programs/bitwarden-cli.nix @@ -1,22 +1,9 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.bitwarden-cli; +{ -in { - - options = { - ctucxConfig.programs.bitwarden-cli = { - enable = lib.mkEnableOption "bitwarden-cli"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - home = { - packages = [ pkgs.bitwarden-cli ]; - }; - }; + home-manager.users.katja = { + home.packages = [ pkgs.bitwarden-cli ]; }; }
diff --git a/configurations/common/programs/default.nix b/configurations/common/programs/default.nix @@ -1,46 +0,0 @@ -{ config, lib, ... }: - -{ - - imports = [ - ./bash.nix - - ./eza.nix - ./starship.nix - ./mcfly.nix - ./micro.nix - ./tmux.nix - ./htop.nix - - ./ssh.nix - ./git.nix - ./gpg.nix - - ./shellUtilities.nix - ./networkUtilities.nix - - ./yt-dlp.nix - ./ocrmypdf.nix - ./phockup.nix - ./texlive.nix - - ./password-store.nix - ./bitwarden-cli.nix - - ./scripts.nix - ]; - - ctucxConfig.programs.bash.enable = lib.mkDefault true; - - ctucxConfig.programs.shellUtilities.enable = lib.mkDefault true; - ctucxConfig.programs.networkUtilities.enable = lib.mkDefault true; - - ctucxConfig.programs.htop.enable = lib.mkDefault true; - ctucxConfig.programs.tmux.enable = lib.mkDefault true; - ctucxConfig.programs.micro.enable = lib.mkDefault true; - - ctucxConfig.programs.git.enable = lib.mkDefault true; - ctucxConfig.programs.gpg.enable = lib.mkDefault true; - ctucxConfig.programs.ssh.enable = lib.mkDefault true; - -}
diff --git a/configurations/common/programs/eza.nix b/configurations/common/programs/eza.nix @@ -1,22 +1,11 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.eza; +{ -in { + home-manager.users.katja = { + home.packages = [ pkgs.eza ]; - options = { - ctucxConfig.programs.eza = { - enable = lib.mkEnableOption "eza"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja.home.packages = with pkgs; [ - eza - ]; - - home-manager.users.katja.home.shellAliases = { + home.shellAliases = { ls = "eza"; ll = "eza -l"; la = "eza -a";
diff --git a/configurations/common/programs/git.nix b/configurations/common/programs/git.nix @@ -1,49 +1,38 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.git; +{ -in { - - options = { - ctucxConfig.programs.git = { - enable = lib.mkEnableOption "git"; + home-manager.users.katja = { + home.packages = [ pkgs.gitui ]; + home.shellAliases = { + reinitgit = "rm -rf .git && git init && git add -A && git commit -m 'init'"; }; - }; - config = lib.mkIf cfg.enable { - home-manager.users.katja = { -# home.packages = [ pkgs.gitui ]; + programs.lazygit.enable = true; + programs.git = { + enable = true; - programs = { -# bash.shellAliases.lazygit = "gitui"; - lazygit.enable = true; - git = { - enable = true; + package = pkgs.gitFull; - package = pkgs.gitFull; + userName = "Katja (ctucx)"; + userEmail = "git@ctu.cx"; - userName = "Katja (ctucx)"; - userEmail = "git@ctu.cx"; + difftastic.enable = true; - difftastic.enable = true; + ignores = [ + ".DS_Store" + "*.swp" + ]; - ignores = [ - ".DS_Store" - "*.swp" - ]; - - aliases = { - log-gpg = "log --show-signature"; - pfusch = "push"; - }; + aliases = { + log-gpg = "log --show-signature"; + pfusch = "push"; + }; - extraConfig = { - features.manyFiles = true; - pull.rebase = false; -# "url \"git@git.ctu.cx:\"".insteadOf = "https://git.ctu.cx/"; - }; - }; + extraConfig = { + features.manyFiles = true; + pull.rebase = false; +# "url \"git@git.ctu.cx:\"".insteadOf = "https://git.ctu.cx/"; }; }; };
diff --git a/configurations/common/programs/gpg.nix b/configurations/common/programs/gpg.nix @@ -1,135 +1,123 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.gpg; +{ -in { - - options = { - ctucxConfig.programs.gpg = { - enable = lib.mkEnableOption "gpg"; - }; + services = { + pcscd.enable = (if pkgs.stdenv.isLinux then true else false); + udev.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ libu2f-host yubikey-personalization ]) else []); + dbus.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ gcr ]) else []); }; - config = lib.mkIf cfg.enable { - services = { - pcscd.enable = (if pkgs.stdenv.isLinux then true else false); - udev.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ libu2f-host yubikey-personalization ]) else []); - dbus.packages = (if pkgs.stdenv.isLinux then (with pkgs; [ gcr ]) else []); - }; - - home-manager.users.katja = { - xdg = lib.mkIf pkgs.stdenv.isLinux { - desktopEntries = { - gscriptor = { - name = "gscriptor"; - settings = { - NoDisplay = "true"; - }; + home-manager.users.katja = { + xdg = lib.mkIf pkgs.stdenv.isLinux { + desktopEntries = { + gscriptor = { + name = "gscriptor"; + settings = { + NoDisplay = "true"; }; }; }; + }; - home = { - packages = lib.mkIf pkgs.stdenv.isLinux [ pkgs.pcsctools ]; - - sessionVariables = { - GNUPGHOME = lib.mkForce "$HOME/.gnupg"; - }; + home = { + packages = lib.mkIf pkgs.stdenv.isLinux [ pkgs.pcsctools ]; - shellAliases = { - gpg-card-relearn = "gpg-connect-agent 'scd serialno' 'learn --force' /bye"; - }; + sessionVariables = { + GNUPGHOME = lib.mkForce "$HOME/.gnupg"; + }; - file = lib.mkIf pkgs.stdenv.isDarwin { - ".gnupg/gpg-agent.conf".text = '' - enable-ssh-support - pinentry-program ${pkgs.pinentry_mac}/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac - ''; - }; + shellAliases = { + gpg-card-relearn = "gpg-connect-agent 'scd serialno' 'learn --force' /bye"; }; - wayland.windowManager.sway.extraConfig = '' - exec_always 'gpgconf --kill gpg-agent' - ''; + file = lib.mkIf pkgs.stdenv.isDarwin { + ".gnupg/gpg-agent.conf".text = '' + enable-ssh-support + pinentry-program ${pkgs.pinentry_mac}/Applications/pinentry-mac.app/Contents/MacOS/pinentry-mac + ''; + }; + }; - programs = { - gpg = { - enable = true; - mutableTrust = true; - mutableKeys = true; - - publicKeys = [ - - # my own key - { - trust = "ultimate"; - source = "${pkgs.ctucx-website}/gpg_pubkey.asc"; - } - { - trust = "ultimate"; - source = "${pkgs.ctucx-website}/gpg_pubkey_leah.asc"; - } - - # f2k1de's key - { - trust = "full"; - source = (pkgs.fetchurl { - url = "https://f2k1.de/gpg-key.asc"; - sha256 = "sha256-GvrsMDokWphfIAiabJTzNNzbHP7QtWkt2cn3piGBdzc"; - }); - } - - # governikus german eid verificaion pubkey - { - trust = "full"; - source = (pkgs.fetchurl { - url = "https://www.governikus.de/wp-content/uploads/2023/06/governikusPubKey.asc"; - sha256 = "sha256-eU7g+c2CAYGLxHCRb0qsnL3CvKgK3lWcKcgrS1WFwz0="; - }); - } - - - ]; - - settings = { - keyserver = "hkps://keyserver.ubuntu.com:443"; - }; + wayland.windowManager.sway.extraConfig = '' + exec_always 'gpgconf --kill gpg-agent' + ''; + + programs = { + gpg = { + enable = true; + mutableTrust = true; + mutableKeys = true; + + publicKeys = [ + # my own key + { + trust = "ultimate"; + source = "${pkgs.ctucx-website}/gpg_pubkey.asc"; + } + { + trust = "ultimate"; + source = "${pkgs.ctucx-website}/gpg_pubkey_leah.asc"; + } + + # f2k1de's key + { + trust = "full"; + source = (pkgs.fetchurl { + url = "https://f2k1.de/gpg-key.asc"; + sha256 = "sha256-GvrsMDokWphfIAiabJTzNNzbHP7QtWkt2cn3piGBdzc"; + }); + } + + # governikus german eid verificaion pubkey + { + trust = "full"; + source = (pkgs.fetchurl { + url = "https://www.governikus.de/wp-content/uploads/2023/06/governikusPubKey.asc"; + sha256 = "sha256-eU7g+c2CAYGLxHCRb0qsnL3CvKgK3lWcKcgrS1WFwz0="; + }); + } + + + ]; + + settings = { + keyserver = "hkps://keyserver.ubuntu.com:443"; + }; - scdaemonSettings = { - disable-ccid = true; - }; + scdaemonSettings = { + disable-ccid = true; }; + }; - bash.initExtra = '' - export GPG_TTY=$(tty) - export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) - gpgconf --launch gpg-agent - ''; + bash.initExtra = '' + export GPG_TTY=$(tty) + export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) + gpgconf --launch gpg-agent + ''; - git.signing = { - key = "4F1D8CCB"; - signByDefault = true; - }; - }; + git.signing = { + key = "4F1D8CCB"; + signByDefault = true; + }; + }; - services = lib.mkIf pkgs.stdenv.isLinux { - gpg-agent = { - enable = true; - enableSshSupport = true; - enableExtraSocket = true; + services = lib.mkIf pkgs.stdenv.isLinux { + gpg-agent = { + enable = true; + enableSshSupport = true; + enableExtraSocket = true; - pinentryPackage = pkgs.pinentry-gnome3; + pinentryPackage = pkgs.pinentry-gnome3; - defaultCacheTtl = 600; - defaultCacheTtlSsh = 600; + defaultCacheTtl = 600; + defaultCacheTtlSsh = 600; - sshKeys = [ - "8C11B9BF8B535049F6C87A9CF0C595421E6B8798" - "29FA1059F28D2ED1C6398F7CFA918605F53786C0" - ]; - }; + sshKeys = [ + "8C11B9BF8B535049F6C87A9CF0C595421E6B8798" + "29FA1059F28D2ED1C6398F7CFA918605F53786C0" + ]; }; }; };
diff --git a/configurations/common/programs/htop.nix b/configurations/common/programs/htop.nix @@ -1,60 +1,47 @@ { config, pkgs, lib, currentSystem, ... }: -let - cfg = config.ctucxConfig.programs.htop; +{ -in { - - options = { - ctucxConfig.programs.htop = { - enable = lib.mkEnableOption "htop"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - programs = { - htop = { - enable = true; - package = ( - if pkgs.stdenv.isDarwin then - pkgs.htop - else - pkgs.htop.override { - sensorsSupport = true; - } - ); - settings = { - hide_userland_threads = 1; - tree_view = 1; - show_program_path = 0; - show_cpu_frequency = (if currentSystem == "aarch64-darwin" then 0 else 1); - }; - }; - }; - - xdg = ( + home-manager.users.katja = { + programs.htop = { + enable = true; + package = ( if pkgs.stdenv.isDarwin then - {} + pkgs.htop else - { - desktopEntries = { - htop = { - name = "Htop"; - genericName = "Process Viewer"; - icon = "htop"; - exec = "htop"; - terminal = true; - categories = [ "ConsoleOnly" "System" ]; - settings = { - NoDisplay = "true"; - }; - }; - }; + pkgs.htop.override { + sensorsSupport = true; } ); - + settings = { + hide_userland_threads = 1; + tree_view = 1; + show_program_path = 0; + show_cpu_frequency = (if pkgs.stdenv.isDarwin then 0 else 1); + }; }; + + xdg = ( + if pkgs.stdenv.isDarwin then + {} + else + { + desktopEntries = { + htop = { + name = "Htop"; + genericName = "Process Viewer"; + icon = "htop"; + exec = "htop"; + terminal = true; + categories = [ "ConsoleOnly" "System" ]; + settings = { + NoDisplay = "true"; + }; + }; + }; + } + ); + }; }
diff --git a/configurations/common/programs/mcfly.nix b/configurations/common/programs/mcfly.nix @@ -1,18 +1,9 @@ { config, lib, ... }: -let - cfg = config.ctucxConfig.programs.mcfly; +{ -in { - - options = { - ctucxConfig.programs.mcfly = { - enable = lib.mkEnableOption "mcfly"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja.programs.mcfly = { + home-manager.users.katja = { + programs.mcfly = { enable = true; enableBashIntegration = true; enableZshIntegration = true;
diff --git a/configurations/common/programs/micro.nix b/configurations/common/programs/micro.nix @@ -1,53 +1,42 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.micro; +{ -in { - - options = { - ctucxConfig.programs.micro = { - enable = lib.mkEnableOption "micro"; + home-manager.users.katja = { + home = { + sessionVariables.EDITOR = "micro"; + shellAliases.nano = "micro"; }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - programs.micro = { - enable = true; - settings = { - "*.nix".tabstospaces = true; - "*.nix".tabmovement = true; - "*.nix".tabsize = 2; - "*.nim".tabstospaces = true; - "*.nim".tabmovement = true; - "*.nim".tabsize = 2; - - scrollbar = true; - eofnewline = false; - wordwrap = true; - softwrap = true; - ignorecase = true; - savehistory = false; - }; + programs.micro = { + enable = true; + settings = { + "*.nix".tabstospaces = true; + "*.nix".tabmovement = true; + "*.nix".tabsize = 2; + "*.nim".tabstospaces = true; + "*.nim".tabmovement = true; + "*.nim".tabsize = 2; + + scrollbar = true; + eofnewline = false; + wordwrap = true; + softwrap = true; + + ignorecase = true; + savehistory = false; }; + }; - xdg = lib.mkIf pkgs.stdenv.isLinux { - desktopEntries = { - micro = { - name = "micro"; - settings = { - NoDisplay = "true"; - }; + xdg = lib.mkIf pkgs.stdenv.isLinux { + desktopEntries = { + micro = { + name = "micro"; + settings = { + NoDisplay = "true"; }; }; }; - - home = { - sessionVariables.EDITOR = "micro"; - shellAliases.nano = "micro"; - }; }; };
diff --git a/configurations/common/programs/networkUtilities.nix b/configurations/common/programs/networkUtilities.nix @@ -1,37 +1,26 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.networkUtilities; +{ -in { + programs.mtr.enable = (if pkgs.stdenv.isLinux then true else false); + programs.traceroute.enable = (if pkgs.stdenv.isLinux then true else false); - options = { - ctucxConfig.programs.networkUtilities = { - enable = lib.mkEnableOption "some networking related utilities"; - }; - }; - - config = lib.mkIf cfg.enable { - programs.mtr.enable = (if pkgs.stdenv.isLinux then true else false); - programs.traceroute.enable = (if pkgs.stdenv.isLinux then true else false); - - home-manager.users.katja.home = { - packages = with pkgs; [ - dnsutils - nmap - tcpdump - iperf3 - ] ++ (if pkgs.stdenv.isDarwin then [ - mtr - spoof-mac - ] else [ - whois - macchanger - ]); + home-manager.users.katja.home = { + packages = with pkgs; [ + dnsutils + nmap + tcpdump + iperf3 + ] ++ (if pkgs.stdenv.isDarwin then [ + mtr + spoof-mac + ] else [ + whois + macchanger + ]); - shellAliases = lib.mkIf pkgs.stdenv.isDarwin { - mtr = "sudo mtr"; - }; + shellAliases = lib.mkIf pkgs.stdenv.isDarwin { + mtr = "sudo mtr"; }; };
diff --git a/configurations/common/programs/ocrmypdf.nix b/configurations/common/programs/ocrmypdf.nix @@ -1,20 +1,9 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.ocrmypdf; +{ -in { - - options = { - ctucxConfig.programs.ocrmypdf = { - enable = lib.mkEnableOption "OCRmyPDF"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja.home.packages = with pkgs; [ - ocrmypdf - ]; + home-manager.users.katja = { + home.packages = [ pkgs.ocrmypdf ]; }; }
diff --git a/configurations/common/programs/password-store.nix b/configurations/common/programs/password-store.nix @@ -1,43 +1,32 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.password-store; +{ -in { - - options = { - ctucxConfig.programs.password-store = { - enable = lib.mkEnableOption "passwordStore"; + home-manager.users.katja = { + home = { + packages = [ pkgs.pwgen ]; + sessionVariables = { + PASSWORD_STORE_DIR = lib.mkForce "\$HOME/.local/share/password-store"; + }; }; - }; - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - home = { - packages = [ pkgs.pwgen ]; - sessionVariables = { - PASSWORD_STORE_DIR = lib.mkForce "\$HOME/.local/share/password-store"; - }; + programs = { + password-store = { + enable = true; + package = pkgs.pass.withExtensions (exts: [ + exts.pass-otp + exts.pass-update + exts.pass-genphrase + ]); }; - programs = { - password-store = { - enable = true; - package = pkgs.pass.withExtensions (exts: [ - exts.pass-otp - exts.pass-update - exts.pass-genphrase - ]); - }; - - browserpass = { - enable = true; - browsers = [ "firefox" ]; - }; - + browserpass = { + enable = true; + browsers = [ "firefox" ]; }; }; + }; }
diff --git a/configurations/common/programs/phockup.nix b/configurations/common/programs/phockup.nix @@ -1,18 +1,9 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.phockup; +{ -in { - - options = { - ctucxConfig.programs.phockup = { - enable = lib.mkEnableOption "phockup"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja.home.packages = with pkgs; [ + home-manager.users.katja = { + home.packages = with pkgs; [ phockup ]; };
diff --git a/configurations/common/programs/shellUtilities.nix b/configurations/common/programs/shellUtilities.nix @@ -1,61 +1,71 @@ { config, inputs, currentSystem, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.shellUtilities; +{ -in { - - options = { - ctucxConfig.programs.shellUtilities = { - enable = lib.mkEnableOption "basic shell utilities"; + home-manager.users.katja = { + programs = { + bat.enable = true; + jq.enable = true; }; - }; - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - home = { - packages = with pkgs; [ - coreutils - inputs.colmena.packages."${currentSystem}".colmena + home.shellAliases = { + ".." = "cd .."; + "..." = "cd ../.."; - agenix - age + rm = "rm -i"; - wget - curl - rsync + diff = "diff --color"; - eza - bat - ripgrep - fd - file - bc - fx + killall = "pkill"; - unzip + cat = "bat -p"; + grep = "rg"; + find = "fd"; - smartmontools + backgrounditems = "bgiparser -f \"\$HOME/Library/Application Support/com.apple.backgroundtaskmanagementagent/backgrounditems.btm\" -c"; - e2fsprogs - dosfstools + zzz = ( + if pkgs.stdenv.isLinux then + "sleep 1 && systemctl suspend" + else + "pmset sleepnow" + ); + }; - gptfdisk + home.packages = with pkgs; [ + coreutils + inputs.colmena.packages."${currentSystem}".colmena - ] ++ (if pkgs.stdenv.isLinux then [ - usbutils - pciutils + agenix + age - lm_sensors - ] else [ - ]); - }; + wget + curl + rsync - programs = { - bat.enable = true; - jq.enable = true; - }; - }; + eza + bat + ripgrep + fd + file + bc + fx + + unzip + + smartmontools + + e2fsprogs + dosfstools + + gptfdisk + + ] ++ (if pkgs.stdenv.isLinux then [ + usbutils + pciutils + + lm_sensors + ] else []); }; }
diff --git a/configurations/common/programs/ssh.nix b/configurations/common/programs/ssh.nix @@ -1,18 +1,9 @@ { config, lib, ... }: -let - cfg = config.ctucxConfig.programs.ssh; +{ -in { - - options = { - ctucxConfig.programs.ssh = { - enable = lib.mkEnableOption "ssh"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja.programs.ssh = { + home-manager.users.katja = { + programs.ssh = { enable = true; compression = true;
diff --git a/configurations/common/programs/starship.nix b/configurations/common/programs/starship.nix @@ -1,18 +1,9 @@ { config, lib, ... }: -let - cfg = config.ctucxConfig.programs.starship; +{ -in { - - options = { - ctucxConfig.programs.starship = { - enable = lib.mkEnableOption "starship"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja.programs.starship = { + home-manager.users.katja = { + programs.starship = { enable = true; enableBashIntegration = true; enableZshIntegration = true;
diff --git a/configurations/common/programs/texlive.nix b/configurations/common/programs/texlive.nix @@ -1,20 +1,9 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.texlive; +{ -in { - - options = { - ctucxConfig.programs.texlive = { - enable = lib.mkEnableOption "texlive full"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja.home.packages = with pkgs; [ - texlive.combined.scheme-full - ]; + home-manager.users.katja = { + home.packages = [ pkgs.texlive.combined.scheme-full ]; }; }
diff --git a/configurations/common/programs/tmux.nix b/configurations/common/programs/tmux.nix @@ -1,18 +1,9 @@ { config, lib, ... }: -let - cfg = config.ctucxConfig.programs.tmux; +{ -in { - - options = { - ctucxConfig.programs.tmux = { - enable = lib.mkEnableOption "tmux"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja.programs.tmux = { + home-manager.users.katja = { + programs.tmux = { enable = true; clock24 = true; terminal = "xterm-256color";
diff --git a/configurations/common/programs/yt-dlp.nix b/configurations/common/programs/yt-dlp.nix @@ -1,27 +1,16 @@ { config, pkgs, lib, ... }: -let - cfg = config.ctucxConfig.programs.yt-dlp; +{ -in { + home-manager.users.katja = { + home.shellAliases.yt-dlp-audio = "yt-dlp --format bestaudio -x --audio-format opus --add-metadata --embed-thumbnail"; - options = { - ctucxConfig.programs.yt-dlp = { - enable = lib.mkEnableOption "yt-dlp"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja.home.packages = with pkgs; [ + home.packages = with pkgs; [ yt-dlp (pkgs.writeShellScriptBin "youtube-dl" '' exec ${pkgs.yt-dlp}/bin/yt-dlp --compat-options youtube-dl "$@" '') ]; - - home-manager.users.katja.home.shellAliases = { - yt-dlp-audio = "yt-dlp --format bestaudio -x --audio-format opus --add-metadata --embed-thumbnail"; - }; }; }
diff --git a/configurations/darwin/aerospace.nix b/configurations/darwin/aerospace.nix @@ -1,151 +0,0 @@ -{ inputs, pkgs, ... }: - -let - newTerminal = pkgs.writeScript "newTerminalWindow.sh" '' - #!/usr/bin/env bash - # Open iTerm2 with single instance - - # Detects if iTerm2 is running - if ! pgrep -f "iTerm" > /dev/null; then - open -a "${pkgs.iterm2}/Applications/iTerm2.app" - else - # Create a new window - if ! osascript -e 'tell application "iTerm2" to create window with default profile' > /dev/null; then - # Get pids for any app with "iTerm" and kill - for i in $(pgrep -f "iTerm"); do kill -15 "$i"; done - open -a "${pkgs.iterm2}/Applications/iTerm2.app" - fi - fi - ''; - -in { - - homebrew = { - enable = true; - - - casks = [ - "nikitabobko/tap/aerospace" - ]; - }; - - home-manager.users.katja.home.file.".aerospace.toml".text = (builtins.replaceStrings - [ "\"mode.main.binding\"" "\"mode.resize.binding\"" "\"if.app-id\"" "\"if.during-aerospace-startup\"" ] - [ "mode.main.binding" "mode.resize.binding" "if.app-id" "if.during-aerospace-startup"] - (pkgs.std.serde.toTOML { - enable-normalization-flatten-containers = false; - enable-normalization-opposite-orientation-for-nested-containers = false; - - on-window-detected = [ - { - "if.app-id" = "org.mozilla.firefox"; - "run" = [ "move-node-to-workspace 1" ]; - } - { - "if.app-id" = "org.mozilla.thunderbird"; - "run" = [ "move-node-to-workspace 2" ]; - } - { - "if.app-id" = "com.googlecode.iterm2"; - "if.during-aerospace-startup" = true; - "run" = [ "move-node-to-workspace 3" ]; - } - { - "if.app-id" = "com.apple.finder"; - "if.during-aerospace-startup" = true; - "run" = [ "move-node-to-workspace 4" ]; - } - { - "if.app-id" = "com.apple.iCal"; - "run" = [ "move-node-to-workspace 5" ]; - } - - { - "if.app-id" = "ru.keepcoder.Telegram"; - "if.during-aerospace-startup" = true; - "run" = [ "layout floating" "move-node-to-workspace 1" ]; - } - { - "if.app-id" = "com.jonny.mona"; - "if.during-aerospace-startup" = true; - "run" = [ "layout floating" "move-node-to-workspace 1" ]; - } - - ]; - - "mode.main.binding" = { - "cmd-h" = []; - - - "alt-enter" = "exec-and-forget ${newTerminal}"; - - "alt-z" = "exec-and-forget pmset sleepnow"; - "alt-x" = "exec-and-forget pmset displaysleepnow"; - - "alt-left" = "focus left"; - "alt-right" = "focus right"; - "alt-up" = "focus up"; - "alt-down" = "focus down"; - - "alt-shift-left" = "move left"; - "alt-shift-right" = "move right"; - "alt-shift-up" = "move up"; - "alt-shift-down" = "move down"; - - # Consider using 'join-with' command as a 'split' replacement if you want to enable normalizations - "alt-h" = "split horizontal"; - "alt-v" = "split vertical"; - - "alt-f" = "fullscreen"; - - "alt-s" = "layout v_accordion"; # 'layout stacking' in i3 - "alt-w" = "layout h_accordion"; # 'layout tabbed' in i3 - "alt-e" = "layout tiles horizontal vertical"; # 'layout toggle split' in i3 - - "alt-shift-space" = "layout floating tiling"; # 'floating toggle' in i3 - - # Not supported, because this command is redundant in AeroSpace mental model. - # See: https://nikitabobko.github.io/AeroSpace/guide#floating-windows - #alt-space = 'focus toggle_tiling_floating' - - # `focus parent`/`focus child` are not yet supported, and it's not clear whether they - # should be supported at all https://github.com/nikitabobko/AeroSpace/issues/5 - # alt-a = 'focus parent' - - "alt-1" = "workspace 1"; - "alt-2" = "workspace 2"; - "alt-3" = "workspace 3"; - "alt-4" = "workspace 4"; - "alt-5" = "workspace 5"; - "alt-6" = "workspace 6"; - "alt-7" = "workspace 7"; - "alt-8" = "workspace 8"; - "alt-9" = "workspace 9"; - "alt-0" = "workspace 10"; - - "alt-shift-1" = "move-node-to-workspace 1"; - "alt-shift-2" = "move-node-to-workspace 2"; - "alt-shift-3" = "move-node-to-workspace 3"; - "alt-shift-4" = "move-node-to-workspace 4"; - "alt-shift-5" = "move-node-to-workspace 5"; - "alt-shift-6" = "move-node-to-workspace 6"; - "alt-shift-7" = "move-node-to-workspace 7"; - "alt-shift-8" = "move-node-to-workspace 8"; - "alt-shift-9" = "move-node-to-workspace 9"; - "alt-shift-0" = "move-node-to-workspace 10"; - - "alt-shift-c" = "reload-config"; - - "alt-r" = "mode resize"; - }; - - "mode.resize.binding" = { - "h" = "resize width -50"; - "j" = "resize height +50"; - "k" = "resize height -50"; - "l" = "resize width +50"; - "enter" = "mode main"; - }; - })); - -}- \ No newline at end of file
diff --git a/configurations/darwin/appSettings.nix b/configurations/darwin/configure/appSettings.nix
diff --git a/configurations/darwin/icons/Firefox.icns b/configurations/darwin/configure/icons/Firefox.icns Binary files differ.
diff --git a/configurations/darwin/icons/LibreOffice.icns b/configurations/darwin/configure/icons/LibreOffice.icns Binary files differ.
diff --git a/configurations/darwin/icons/Spotify.icns b/configurations/darwin/configure/icons/Spotify.icns Binary files differ.
diff --git a/configurations/darwin/icons/Telegram.icns b/configurations/darwin/configure/icons/Telegram.icns Binary files differ.
diff --git a/configurations/darwin/icons/Thunderbird.icns b/configurations/darwin/configure/icons/Thunderbird.icns Binary files differ.
diff --git a/configurations/darwin/icons/WhatsApp.icns b/configurations/darwin/configure/icons/WhatsApp.icns Binary files differ.
diff --git a/configurations/darwin/icons/coconutBattery.icns b/configurations/darwin/configure/icons/coconutBattery.icns Binary files differ.
diff --git a/configurations/darwin/macAppStore.nix b/configurations/darwin/configure/macAppStore.nix
diff --git a/configurations/darwin/default.nix b/configurations/darwin/default.nix @@ -19,6 +19,15 @@ ./homebrew.nix ./macAppStore.nix ./programs + + ctucxConfig.programs.ssh + ctucxConfig.programs.git + ctucxConfig.programs.gpg + + ctucxConfig.programs.yt-dlp + ctucxConfig.programs.ocrmypdf + ctucxConfig.programs.phockup + ctucxConfig.programs.bitwarden-cli ]; ctucxConfig.programs = { @@ -31,11 +40,10 @@ services.nix-daemon.enable = true; - home-manager = { - useUserPackages = true; - - users.katja.home.homeDirectory = lib.mkForce "/Users/katja/"; - users.katja.home.packages = with pkgs; [ + home-manager.useUserPackages = true; + home-manager.users.katja = { + home.homeDirectory = lib.mkForce "/Users/katja/"; + home.packages = with pkgs; [ bgiparser asitop
diff --git a/configurations/darwin/programs/aerospace.nix b/configurations/darwin/programs/aerospace.nix @@ -0,0 +1,150 @@ +{ inputs, pkgs, ... }: + +let + newTerminal = pkgs.writeScript "newTerminalWindow.sh" '' + #!/usr/bin/env bash + # Open iTerm2 with single instance + + # Detects if iTerm2 is running + if ! pgrep -f "iTerm" > /dev/null; then + open -a "${pkgs.iterm2}/Applications/iTerm2.app" + else + # Create a new window + if ! osascript -e 'tell application "iTerm2" to create window with default profile' > /dev/null; then + # Get pids for any app with "iTerm" and kill + for i in $(pgrep -f "iTerm"); do kill -15 "$i"; done + open -a "${pkgs.iterm2}/Applications/iTerm2.app" + fi + fi + ''; + +in { + + homebrew = { + enable = true; + + casks = [ + "nikitabobko/tap/aerospace" + ]; + }; + + home-manager.users.katja.home.file.".aerospace.toml".text = (builtins.replaceStrings + [ "\"mode.main.binding\"" "\"mode.resize.binding\"" "\"if.app-id\"" "\"if.during-aerospace-startup\"" ] + [ "mode.main.binding" "mode.resize.binding" "if.app-id" "if.during-aerospace-startup"] + (pkgs.std.serde.toTOML { + enable-normalization-flatten-containers = false; + enable-normalization-opposite-orientation-for-nested-containers = false; + + on-window-detected = [ + { + "if.app-id" = "org.mozilla.firefox"; + "run" = [ "move-node-to-workspace 1" ]; + } + { + "if.app-id" = "org.mozilla.thunderbird"; + "run" = [ "move-node-to-workspace 2" ]; + } + { + "if.app-id" = "com.googlecode.iterm2"; + "if.during-aerospace-startup" = true; + "run" = [ "move-node-to-workspace 3" ]; + } + { + "if.app-id" = "com.apple.finder"; + "if.during-aerospace-startup" = true; + "run" = [ "move-node-to-workspace 4" ]; + } + { + "if.app-id" = "com.apple.iCal"; + "run" = [ "move-node-to-workspace 5" ]; + } + + { + "if.app-id" = "ru.keepcoder.Telegram"; + "if.during-aerospace-startup" = true; + "run" = [ "layout floating" "move-node-to-workspace 1" ]; + } + { + "if.app-id" = "com.jonny.mona"; + "if.during-aerospace-startup" = true; + "run" = [ "layout floating" "move-node-to-workspace 1" ]; + } + + ]; + + "mode.main.binding" = { + "cmd-h" = []; + + + "alt-enter" = "exec-and-forget ${newTerminal}"; + + "alt-z" = "exec-and-forget pmset sleepnow"; + "alt-x" = "exec-and-forget pmset displaysleepnow"; + + "alt-left" = "focus left"; + "alt-right" = "focus right"; + "alt-up" = "focus up"; + "alt-down" = "focus down"; + + "alt-shift-left" = "move left"; + "alt-shift-right" = "move right"; + "alt-shift-up" = "move up"; + "alt-shift-down" = "move down"; + + # Consider using 'join-with' command as a 'split' replacement if you want to enable normalizations + "alt-h" = "split horizontal"; + "alt-v" = "split vertical"; + + "alt-f" = "fullscreen"; + + "alt-s" = "layout v_accordion"; # 'layout stacking' in i3 + "alt-w" = "layout h_accordion"; # 'layout tabbed' in i3 + "alt-e" = "layout tiles horizontal vertical"; # 'layout toggle split' in i3 + + "alt-shift-space" = "layout floating tiling"; # 'floating toggle' in i3 + + # Not supported, because this command is redundant in AeroSpace mental model. + # See: https://nikitabobko.github.io/AeroSpace/guide#floating-windows + #alt-space = 'focus toggle_tiling_floating' + + # `focus parent`/`focus child` are not yet supported, and it's not clear whether they + # should be supported at all https://github.com/nikitabobko/AeroSpace/issues/5 + # alt-a = 'focus parent' + + "alt-1" = "workspace 1"; + "alt-2" = "workspace 2"; + "alt-3" = "workspace 3"; + "alt-4" = "workspace 4"; + "alt-5" = "workspace 5"; + "alt-6" = "workspace 6"; + "alt-7" = "workspace 7"; + "alt-8" = "workspace 8"; + "alt-9" = "workspace 9"; + "alt-0" = "workspace 10"; + + "alt-shift-1" = "move-node-to-workspace 1"; + "alt-shift-2" = "move-node-to-workspace 2"; + "alt-shift-3" = "move-node-to-workspace 3"; + "alt-shift-4" = "move-node-to-workspace 4"; + "alt-shift-5" = "move-node-to-workspace 5"; + "alt-shift-6" = "move-node-to-workspace 6"; + "alt-shift-7" = "move-node-to-workspace 7"; + "alt-shift-8" = "move-node-to-workspace 8"; + "alt-shift-9" = "move-node-to-workspace 9"; + "alt-shift-0" = "move-node-to-workspace 10"; + + "alt-shift-c" = "reload-config"; + + "alt-r" = "mode resize"; + }; + + "mode.resize.binding" = { + "h" = "resize width -50"; + "j" = "resize height +50"; + "k" = "resize height -50"; + "l" = "resize width +50"; + "enter" = "mode main"; + }; + })); + +}+ \ No newline at end of file
diff --git a/configurations/linux/default.nix b/configurations/linux/default.nix @@ -1,174 +0,0 @@ -{ inputs, config, lib, pkgs, ... }@args: - -{ - - imports = [ - ./services - ./programs - - ./bluetooth.nix - ./fonts.nix - ./xdg.nix - ./mobile-device.nix - ./thunderbolt.nix - ]; - - age.secrets.katja-systempassword.file = ../../secrets/passwords/katja.age; - age.secrets.acmeTSIGKey.file = ./. + "/../../secrets/${config.networking.hostName}/acme-tsig-key.age"; - - deployment = { - buildOnTarget = lib.mkDefault false; - targetUser = lib.mkDefault "root"; - targetHost = lib.mkDefault config.networking.fqdn; - targetPort = lib.mkDefault (lib.head config.services.openssh.ports); - }; - - system = { - nixos.revision = lib.mkIf (inputs.nixpkgs.sourceInfo ? rev) inputs.nixpkgs.sourceInfo.rev; - nixos.versionSuffix = ".${lib.substring 0 8 (inputs.nixpkgs.sourceInfo.lastModifiedDate or inputs.nixpkgs.sourceInfo.lastModified or "19700101")}.${inputs.nixpkgs.sourceInfo.shortRev or "dirty"}"; - # thanks piegames (https://git.darmstadt.ccc.de/piegames/home-config/-/blob/master/modules/generic.nix#L84) - activationScripts.diff = { - supportsDryActivation = true; - text = '' - ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff "$(readlink /run/current-system)" "$systemConfig" - # Ignore "failures" because these tools have weird exit codes - ${pkgs.colordiff}/bin/colordiff --nobanner --fakeexitcode --color=always -ur -I '\/nix\/store' \ - -- "$(readlink /run/current-system)/activate" "$systemConfig/activate" | ${pkgs.gnugrep}/bin/grep -v "^Binary files" || true - ${pkgs.colordiff}/bin/colordiff --nobanner --fakeexitcode --color=always -ur -I '\/nix\/store' \ - -x "os-release" -x "issue" \ - -- "$(readlink /run/current-system)/etc" "$systemConfig/etc" | ${pkgs.gnugrep}/bin/grep -v "^Binary files" || true - ${pkgs.colordiff}/bin/colordiff --nobanner --fakeexitcode --color=always -ur -I '\/nix\/store' \ - -x "environment.d" \ - -x "hwdb.d" \ - -- "$(readlink /run/current-system)/systemd" "$systemConfig/systemd" | ${pkgs.gnugrep}/bin/grep -v "^Binary files" || true - ''; - }; - }; - - networking.hostName = lib.mkDefault args.name; - networking.domain = lib.mkDefault "ctu.cx"; - - i18n.defaultLocale = "en_US.UTF-8"; - i18n.supportedLocales = ["de_DE.UTF-8/UTF-8" "en_US.UTF-8/UTF-8"]; - - nix = { - channel.enable = false; - - settings.trusted-users = [ "@wheel" ]; - settings.auto-optimise-store = true; - - daemonCPUSchedPolicy = lib.mkDefault "idle"; - daemonIOSchedClass = lib.mkDefault "idle"; - - optimise = { - automatic = lib.mkDefault true; - dates = [ "12:00" "15:00" "18:00" "21:00" ]; - }; - - gc = { - automatic = lib.mkDefault true; - options = "--delete-older-than 3d"; - dates = "18:00"; - }; - }; - - systemd.services.nginx.onFailure = [ "email-notify@%i.service" ]; - - services = { - timesyncd.enable = true; - fstrim.enable = true; - vnstat.enable = true; - vnstati.enable = (lib.mkDefault (if (config.networking.primaryIP != "") || (config.networking.primaryIP4 != "") then true else false)); - - journald.extraConfig = "SystemMaxUse=1G"; - - logind.killUserProcesses = true; - - nginx = { - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - commonHttpConfig = '' - server_names_hash_bucket_size 64; - charset utf-8; - - access_log off; - ''; - virtualHosts.default = { - default = true; - rejectSSL = true; - }; - }; - - openssh = { - enable = true; - startWhenNeeded = true; - ports = [ 22 ]; - extraConfig = "StreamLocalBindUnlink yes"; - settings = { - PasswordAuthentication = false; - PermitRootLogin = "without-password"; - }; - }; - }; - - security.acme = { - acceptTerms = true; - defaults = { - email = "letsencrypt@ctu.cx"; - keyType = "ec384"; - dnsProvider = "rfc2136"; - environmentFile = pkgs.writeText "acme-dns-env" '' - RFC2136_NAMESERVER=ns1.ctu.cx - RFC2136_TSIG_KEY=acme-nix-${config.networking.hostName} - RFC2136_TSIG_ALGORITHM=hmac-sha384. - ''; - credentialFiles = { - RFC2136_TSIG_SECRET_FILE = config.age.secrets.acmeTSIGKey.path; - }; - }; - certs."${config.networking.hostName}.${config.networking.domain}" = { - group = "nginx"; - extraDomainNames = ( - config.services.nginx.virtualHosts - |> lib.mapAttrsToList (key: config: [ (if config ? serverAliases then config.serverAliases else []) key ]) - |> lib.flatten - |> builtins.filter (val: val != "default") - ); - }; - }; - - users.mutableUsers = false; - users.users = let - katja-pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIHFm/bePR+HT5MAuMslUHt68nTrEhlqcKIS+9Rfi9FzRKAia/DdLbwpfC1iXuM+iQd8fIMp4Ir+kBMqoZaVzyCtqKH6QHbhwBiWIdMA7FndMbfDcO9BzUcqCAVt8HxcGd1Z4bE9ZgZZuIsJiPbqJ+QbK1rkY8uJLDVR2MXI5jpU/m+9RJzrwVZ6JxwjdY4cNaIYwoOW6ZxL+ukLRwy+spBWmWdcHeq6zeLsl/OjUV6WIh2pM9O0o9nsiDekhOBf2MJLlM+e8rWICwYsfLqGAeRAuDe03BFBXsbDg/lqTYB5G8XSaT2R8ty2RyeEBySS32pUyErdKVXnyHNBEvxC6+cJiZtL8rhkpU1qRg/MIUjprMVUWisMlYnai2K0VpNpc5w09YXQl7aXSge8L/5+IzugPj17+FK4FVwRptXxynnYeKiwWEsOiiFe3IVaQ6vyRN66fbMjx/d0JSfadbwV7L++aT85bsb05zhNDpaqK1I5sGs3uV3CglkmhxBmky67Eq/qkMlJZMVtgE7i88H8+XzTiofJaKYTeyq+XQnK6a6OVGyca2dEorBFmBTEtz70nQnSrhPqQrS4zgr4OTSFtUtdFVDzgHaxRC+y4/SP5zCA8Xfwp0q1M0jVE9XpVpGydXtGGV08uXOsDPv5E4euxq6qgv8d2azDeBHXp+kEHm4w== (none)"; - in { - - root.openssh.authorizedKeys.keys = [ - katja-pubkey - ]; - - katja = { - isNormalUser = true; - hashedPasswordFile = config.age.secrets.katja-systempassword.path; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - openssh.authorizedKeys.keys = [ - katja-pubkey - ]; - }; - - }; - - home-manager.users.katja = { - home = { - language = { - "base" = "en_US.UTF-8"; - "time" = "de_DE.utf8"; - "address" = "de_DE.utf8"; - "monetary" = "de_DE.utf8"; - "paper" = "de_DE.utf8"; - }; - }; - }; - -}
diff --git a/configurations/linux/gnome.nix b/configurations/linux/gnome.nix @@ -1,278 +0,0 @@ -{ inputs, config, lib, pkgs, homeManager, ... }: - -{ - - nixpkgs.overlays = [(final: prev: { - # patch gdm to automaticly select the first user - gnome-shell = prev.gnome-shell.overrideAttrs (prevAttrs: { - patches = prevAttrs.patches ++ [ ../../pkgs/gdm-autoselect-user.patch ]; - }); - - # deactivate some backends - gnome-online-accounts = prev.gnome-online-accounts.overrideAttrs( prevAttrs: { - mesonFlags = prevAttrs.mesonFlags ++ [ "-Dexchange=false" "-Dgoogle=false" "-Dkerberos=false" "-Downcloud=false" "-Dwindows_live=false" "-Dms_graph=false" ]; - }); - })]; - - boot.plymouth.enable = true; - - hardware.bluetooth.settings = { - General.Experimental = true; - }; - - users.users.katja.extraGroups = [ "dialout" "networkmanager"]; - - # networking.networkmanager.wifi.backend = "iwd"; - - services = { - nscd.enable = true; - printing.enable = true; - avahi.enable = true; - gvfs.package = (pkgs.gvfs.overrideAttrs (old: { - mesonFlags = (old.mesonFlags or []) ++ [ - "-Dafp=false" - "-Dafc=false" - "-Dmtp=false" - "-Dgphoto2=false" - ]; - })).override { - samba = null; - gnomeSupport = false; - }; - - #required for gnome-calendar - gnome.evolution-data-server.enable = true; - gnome.gnome-online-accounts.enable = true; - }; - - programs.evince.enable = true; - - home-manager.users.katja = { - manual.html.enable = true; - - home.sessionVariables = { - QT_QPA_PLATFORMTHEME = "gnome"; - }; - - home.packages = with pkgs; [ - wl-clipboard-x11 - gnome-calendar - gnome-text-editor - gnome-podcasts - gnome-obfuscate - gnome-power-manager - loupe - errands - diebahn - cozy - xdg-utils - qgnomeplatform - # look and feel from libadwaita ported to GTK-3 - adw-gtk3 - ] ++ (with pkgs.gnomeExtensions; [ - just-perfection - airpod-battery-monitor - battery-time-percentage-compact - space-bar - dash-to-dock - search-light - pip-on-top - emoji-copy - ]); - - gtk = { - enable = true; - - iconTheme.package = pkgs.adwaita-colors-icon-theme; - iconTheme.name = "Adwaita-green"; - - gtk3.extraConfig = { - gtk-application-prefer-dark-theme = 1; - gtk-theme-name = "adw-gtk3-dark"; - }; - - gtk4.extraCss = '' - /* remove 'starred' in nautilus side-panel */ - .nautilus-window .navigation-sidebar > .sidebar-row:nth-child(2) { - min-height:0; - font-size: 0; - -gtk-icon-size: 0; - margin-top: -2px; - } - ''; - }; - - # Use `dconf watch /` to track stateful changes you are doing and store them here. - dconf.settings = with inputs.homeManager.lib.hm.gvariant; let - numWorkspaces = 7; - workspaces = lib.lists.reverseList( pkgs.std.list.unfold( n: if n == 0 then pkgs.std.optional.nothing else pkgs.std.optional.just( pkgs.std.tuple.tuple2 n (n - 1))) numWorkspaces); - in { - "org/gnome/mutter" = { - edge-tiling = true; - dynamic-workspaces = false; - }; - - "org/gnome/desktop/wm/preferences" = { - button-layout = "close:appmenu"; - auto-raise = false; - focus-mode = "sloppy"; - num-workspaces = lib.lists.last workspaces; - workspace-names = [ "Main" "Mail" "Term" ]; - }; - "org/gnome/desktop/wm/keybindings" = builtins.listToAttrs( builtins.concatMap( v: [ - { name = "switch-to-workspace-${toString v}"; value = [ "<Super>${toString v}" ]; } - { name = "move-to-workspace-${toString v}"; value = [ "<Super><Shift>${toString v}" ]; } - ]) workspaces) // { - switch-input-source = [ "<Control><Super>space" ]; - switch-input-source-backward = [ "<Shift><Control><Super>space" ]; - }; - - "org/gnome/shell" = { - disable-extension-version-validation = true; - disable-user-extensions = false; - enabled-extensions = with pkgs.gnomeExtensions; [ - just-perfection.extensionUuid - airpod-battery-monitor.extensionUuid - battery-time-percentage-compact.extensionUuid - space-bar.extensionUuid - dash-to-dock.extensionUuid - search-light.extensionUuid - pip-on-top.extensionUuid - emoji-copy.extensionUuid - ]; - favorite-apps = [ - "org.gnome.Nautilus.desktop" - "firefox.desktop" - "thunderbird.desktop" - "org.gnome.Fractal.desktop" - "app.drey.PaperPlane.desktop" - "dev.geopjr.Tuba.desktop" - "de.schmidhuberj.DieBahn.desktop" - "org.gnome.Calendar.desktop" - "io.github.mrvladus.List.desktop" - "org.gnome.Podcasts.desktop" - "com.mitchellh.ghostty.desktop" - "org.gnome.Settings.desktop" - ]; - }; - "org/gnome/shell/keybindings" = builtins.listToAttrs( map( v: { name = "switch-to-application-${toString v}"; value = []; }) workspaces); - "org/gnome/settings-daemon/plugins/color" = { - night-light-enabled = true; - }; - - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = [ "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" ]; - }; - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - name = "Start Terminal"; - command = "ghostty"; - binding = "<Super>Return"; - }; - "org/gnome/settings-daemon/plugins/power" = { - sleep-inactive-ac-type = "nothing"; - }; - - "org/gnome/desktop/a11y".always-show-universal-access-status = false; - "org/gnome/desktop/privacy".remember-recent-files = false; - "org/gnome/desktop/interface" = { - color-scheme = "prefer-dark"; - accent-color = "green"; - enable-hot-corners = false; - show-battery-percentage = true; - }; - "org/gnome/desktop/input-sources" = { - sources = [ - (mkTuple ["xkb" "us+mac"]) - (mkTuple ["xkb" "de"]) - (mkTuple ["xkb" "ru+mac"]) - ]; - }; - "org/gnome/desktop/background" = { - picture-uri = "file://${pkgs.nixos-artwork.wallpapers.simple-blue.gnomeFilePath}"; - picture-uri-dark = "file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray.gnomeFilePath}"; - }; - "org/gnome/desktop/screensaver" = { - picture-uri = "file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray.gnomeFilePath}"; - primary-color = "#3465a4"; - secondary-color = "#000000"; - }; - - "org/gnome/nautilus/list-view" = { - use-tree-view = true; - default-zoom-level = "small"; - }; - "org/gnome/nautilus/preferences" = { - date-time-format = "detailed"; - default-folder-viewer = "list-view"; - }; - - "org/gnome/shell/extensions/pip-on-top".stick = true; - "org/gnome/shell/extensions/just-perfection" = { - clock-menu-position = 1; - clock-menu-position-offset = 6; - quick-settings-dark-mode = false; - notification-banner-position = 2; - window-demands-attention-focus = true; - }; - "org/gnome/shell/extensions/space-bar/behavior" = { - show-empty-workspaces = false; - always-show-numbers = true; - }; - "org/gnome/shell/extensions/dash-to-dock" = { - multi-monitor = true; - apply-custom-theme = true; - custom-theme-shrink = true; - show-show-apps-button = false; - show-mounts = false; - hot-keys = false; - }; - "org/gnome/shell/extensions/search-light".shortcut-search = [ "<Super>space" ]; - "org/gnome/shell/extensions/emoji-copy".always-show = false; - }; - }; - - ctucxConfig = { - configure = { - mobileDevice = false; - thunderbolt = true; - fonts = true; - xdg = true; - }; - - wm.gnome.enable = true; - wm.gnome.gdm.dconfSettings = { - "org/gnome/desktop/a11y" = { - always-show-universal-access-status = false; - }; - "org/gnome/login-screen" = { - banner-message-enable = true; - banner-message-text = "katja (fedi/mail: katja@ctu.cx)"; - }; - }; - - services = { - pipewire.enable = true; -# easyeffects.enable = true; - - syncthing.enable = true; - }; - - programs = { - ddcutil.enable = true; - - firefox.enable = true; - thunderbird.enable = true; - fractal.enable = true; - tuba.enable = true; - paper-plane.enable = true; - - libreoffice.enable = true; - ausweisapp.enable = true; - - mpv.enable = true; - - bitwarden-cli.enable = true; - }; - }; - -}
diff --git a/configurations/linux/programs/alacritty.nix b/configurations/linux/programs/alacritty.nix @@ -1,74 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.programs.alacritty; - -in { - - options = { - ctucxConfig.programs.alacritty = { - enable = lib.mkEnableOption "alacritty terminal emulator"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - home = { - sessionVariables = { - TERMINAL = "alacritty"; - }; - }; - - programs = { - alacritty = { - enable = true; - settings = { - window.opacity = 0.9; - - font = { - size = 12.0; - normal.family = "DejaVu Sans Mono"; - }; - - colors = { - primary = { - background = "0x000000"; - foreground = "0xeaeaea"; - }; - - normal = { - black = "0x6c6c6c"; - red = "0xe9897c"; - green = "0xb6e77d"; - yellow = "0xecebbe"; - blue = "0xa9cdeb"; - magenta = "0xea96eb"; - cyan = "0xc9caec"; - white = "0xf2f2f2"; - }; - - bright = { - black = "0x747474"; - red = "0xf99286"; - green = "0xc3f786"; - yellow = "0xfcfbcc"; - blue = "0xb6defb"; - magenta = "0xfba1fb"; - cyan = "0xd7d9fc"; - white = "0xe2e2e2"; - }; - }; - }; - }; - }; - - wayland.windowManager.sway = { - config.terminal = "${pkgs.alacritty}/bin/alacritty"; - extraConfig = '' - exec swaymsg 'workspace 3: Term; exec ${pkgs.alacritty}/bin/alacritty; exec ${pkgs.alacritty}/bin/alacritty; workspace 1: Web;' - ''; - }; - }; - }; - -}
diff --git a/configurations/linux/programs/ausweisapp.nix b/configurations/linux/programs/ausweisapp.nix @@ -1,23 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.programs.ausweisapp; - -in { - - options = { - ctucxConfig.programs.ausweisapp = { - enable = lib.mkEnableOption "ausweisapp"; - }; - }; - - config = lib.mkIf cfg.enable { - networking.firewall.allowedUDPPorts = [ 24727 ]; - - home-manager.users.katja = { - home.packages = with pkgs; [ - AusweisApp2 - ]; - }; - }; -}
diff --git a/configurations/linux/programs/communication.nix b/configurations/linux/programs/communication.nix @@ -1,35 +0,0 @@ -{ inputs, config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.programs; - -in { - - options = { - ctucxConfig.programs = { - fractal.enable = lib.mkEnableOption "fractal matrix-client"; - tuba.enable = lib.mkEnableOption "tuba fediverse client"; - paper-plane.enable = lib.mkEnableOption "paper-plane telegram client"; - }; - }; - - config = { - home-manager.users.katja = { - home.packages = [ - (lib.mkIf cfg.fractal.enable pkgs.fractal) - (lib.mkIf cfg.tuba.enable pkgs.tuba) - (lib.mkIf cfg.paper-plane.enable pkgs.paper-plane) - ]; - - dconf.settings = with inputs.home-manager.lib.hm.gvariant; { - "dev/geopjr/Tuba" = lib.mkIf cfg.tuba.enable { - work-in-background = true; - dim-trivial-notifications = true; - group-push-notifications = true; - reply-to-old-post-reminder = false; - show-spoilers = true; - }; - }; - }; - }; -}
diff --git a/configurations/linux/programs/ddcutil.nix b/configurations/linux/programs/ddcutil.nix @@ -1,32 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.programs.ddcutil; - -in { - - options = { - ctucxConfig.programs.ddcutil = { - enable = lib.mkEnableOption "ddcutil"; - }; - }; - - config = lib.mkIf cfg.enable { - boot.kernelModules = [ "i2c-dev" ]; - - security.sudo.extraRules= [ - { users = [ "katja" ]; - commands = [ - { command = "${pkgs.ddcutil}/bin/ddcutil" ; - options= [ "NOPASSWD" ]; - } - ]; - } - ]; - - home-manager.users.katja = { - home.packages = [ pkgs.ddcutil ]; - }; - }; - -}
diff --git a/configurations/linux/programs/default.nix b/configurations/linux/programs/default.nix @@ -1,25 +0,0 @@ -{ ... }: - -{ - - imports = [ - ./sway.nix - ./gnome.nix - - ./alacritty.nix - - ./ddcutil.nix - - ./firefox.nix - ./thunderbird.nix - ./libreoffice.nix - ./ausweisapp.nix - ./communication.nix - - ./thunar.nix - ./zathura.nix - ./mpv.nix - ./imv.nix - ]; - -}- \ No newline at end of file
diff --git a/configurations/linux/programs/firefox.nix b/configurations/linux/programs/firefox.nix @@ -1,255 +0,0 @@ -{ inputs, config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.programs.firefox; - -in { - - options = { - ctucxConfig.programs.firefox = { - enable = lib.mkEnableOption "firefox web browser"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - home = { - packages = [ - pkgs.firefoxpwa - ]; - sessionVariables = { - BROWSER = "firefox"; - }; - - file."firefox-gnome-theme" = { - source = inputs.firefoxGnomeTheme; - target = ".mozilla/firefox/katja/chrome/firefox-gnome-theme"; - }; - }; - - programs = { - firefox = { - enable = true; - package = pkgs.firefox; - nativeMessagingHosts = [ pkgs.ff2mpv-rust ]; - - profiles.katja = { - id = 0; - isDefault = true; - - settings = { - # required for firefox-gnome-theme - "browser.toolbars.bookmarks.visibility" = "never"; - "browser.tabs.drawInTitlebar" = true; - "browser.theme.dark-private-windows" = false; - "browser.uidensity" = 0; - "svg.context-properties.content.enabled" = true; - "toolkit.legacyUserProfileCustomizations.stylesheets" = true; - }; - - userChrome = '' - @import "firefox-gnome-theme/userChrome.css"; - ''; - - userContent = '' - @import "firefox-gnome-theme/userContent.css"; - ''; - - search.force = true; # Required to prevent search engine symlink being overwritten. See https://github.com/nix-community/home-manager/issues/3698 - search.engines = { - "Noogle" = { - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@noogle" ]; - urls = [{ template = "https://noogle.dev/q?term={searchTerms}"; }]; - }; - - "NixOS Options" = { - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@nixos" ]; - urls = [{ template = "https://search.nixos.org/options?query={searchTerms}"; }]; - }; - - "Nix Packages" = { - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; - definedAliases = [ "@nixpkgs" ]; - urls = [{ template = "https://search.nixos.org/packages?query={searchTerms}"; }]; - }; - }; - }; - - policies = { - # disable tracking bullshit - DisableTelemetry = true; - DisablePocket = true; - - # disable password manager - PasswordManagerEnabled = false; - OfferToSaveLogins = false; - PrimaryPassword = false; - AutofillCreditCardEnabled = false; - - # disable bookmark-toolbar - NoDefaultBookmarks = true; - DisplayBookmarksToolbar = "never"; - - Homepage.StartPage = "previous-session"; - Homepage.Locked = true; - - # disable DoH - DNSOverHTTPS.Enabled = false; - DNSOverHTTPS.Locked = true; - - # enable tracking protection - EnableTrackingProtection.Cryptomining = true; - EnableTrackingProtection.Fingerprinting = true; - EnableTrackingProtection.Value = true; - EnableTrackingProtection.Locked = true; - - UserMessaging.ExtensionRecommendations = false; - UserMessaging.FeatureRecommendations = false; - UserMessaging.UrlbarInterventions = false; - UserMessaging.SkipOnboarding = true; - UserMessaging.MoreFromMozilla = false; - UserMessaging.FirefoxLabs = false; - UserMessaging.Locked = true; - - Handlers.schemes.dbnav = { - action = "useHelperApp"; - ask = true; - handlers = [{ - name = "VDV PKPass DB Navigator Hook"; - path = pkgs.writeShellScript "db-hook" '' - #!/usr/bin/env bash - - if [[ "$1" == "dbnav:"* ]]; then - url=$(echo -n $1 | base64) - xdg-open "https://vdv-pkpass.magicalcodewit.ch/account/db_login/callback?url=$url" - else - xdg-open "$1" - fi - ''; - }]; - }; - - Preferences = { - "browser.uiCustomization.state".Status = "default"; - "browser.uiCustomization.state".Value = builtins.toJSON { - currentVersion = 21; - newElementCount = 7; - seen = []; - dirtyAreaCache = []; - placements = { - widget-overflow-fixed-list = []; - toolbar-menubar = [ "menubar-items" ]; - vertical-tabs = []; - PersonalToolbar = []; - unified-extensions-area = []; - nav-bar = [ - "back-button" - "forward-button" - "vertical-spacer" - "stop-reload-button" - "urlbar-container" - "downloads-button" - "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" - "ublock0_raymondhill_net-browser-action" - "unified-extensions-button" - ]; - TabsToolbar = [ "tabbrowser-tabs" "new-tab-button" ]; - }; - }; - } // ({ - # disable some password-manager/autofill features - "signon.generation.enabled" = false; - "signon.autofillForms" = false; - "signon.firefoxRelay.feature" = "disabled"; - "signon.management.page.breach-alerts.enabled" = false; - - # ask websites to not share or sell data - "privacy.globalprivacycontrol.enabled" = true; - - # disable warning on `abou:config` - "browser.aboutConfig.showWarning" = false; - - # disable telemetry stuff - "browser.ping-centre.telemetry" = false; - "browser.topsites.contile.enabled" = false; - "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; - - # disable trending search suggestions - "browser.urlbar.suggest.trending" = false; - - # disable 'fancy' newtab page bullshit with tons of tracking and ads - "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; - "browser.newtabpage.enabled" = false; - "browser.newtabpage.activity-stream.telemetry" = false; - "browser.newtabpage.activity-stream.showSearch" = false; - "browser.newtabpage.activity-stream.showSponsored" = false; - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "browser.newtabpage.activity-stream.feeds.telemetry" = false; - "browser.newtabpage.activity-stream.feeds.topsites" = false; - "browser.newtabpage.activity-stream.feeds.snippets" = false; - "browser.newtabpage.activity-stream.feeds.system.topsites" = false; - "browser.newtabpage.activity-stream.feeds.section.highlights" = false; - "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; - "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; - "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; - "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; - } |> lib.mapAttrs (name: value: { - Status = "locked"; - Value = value; - })); - - ExtensionSettings = ([ - [ "navbar" "{446900e4-71c2-419f-a6a7-df9c091e268b}" ] # Bitwarden Password Manager - [ "navbar" "uBlock0@raymondhill.net" ] # uBlock Origin - [ "menupanel" "@ublacklist" ] # uBlacklist - [ "menupanel" "@contain-facebook" ] # Facebook Container - [ "menupanel" "@contain-google" ] # Google Container - [ "menupanel" "containerise@kinte.sh" ] # Containerise - [ "menupanel" "{12cf650b-1822-40aa-bff0-996df6948878}" ] # cookies.txt - [ "menupanel" "@testpilot-containers" ] # Firefox Multi-Account Containers - [ "menupanel" "{252ee273-8c8d-4609-b54d-62ae345be0a1}" ] # IndicateTLS - [ "menupanel" "ipvfoo@pmarks.net" ] # IPvFoo - [ "menupanel" "{e9090647-32ff-48e4-9c3c-1361e8fd270e}" ] # Modern for Wikipedia - [ "menupanel" "sponsorBlocker@ajay.app" ] # SponsorBlock for YouTube - Skip Sponsorships - [ "menupanel" "de-DE@dictionaries.addons.mozilla.org" ] # German Dictionary - ] |> lib.map (config: { name = (lib.elemAt config 1); value = { - installation_mode = "normal_installed"; - default_area = (lib.elemAt config 0); - install_url = "https://addons.mozilla.org/firefox/downloads/latest/${lib.elemAt config 1}/latest.xpi"; - }; }) |> lib.listToAttrs); - }; - }; - }; - - wayland.windowManager.sway.config.startup = [ - { command = "firefox"; } - ]; - - xdg = { - enable = true; - mime.enable = true; - - #force hm to override existing mimeapps.list file - configFile."mimeapps.list".force = true; - - mimeApps = { - enable = true; - defaultApplications = { - "x-scheme-handler/http" = "firefox.desktop"; - "x-scheme-handler/https" = "firefox.desktop"; - "x-scheme-handler/chrome" = "firefox.desktop"; - - "image/svg+xml" = "firefox.desktop"; - - "text/html" = "firefox.desktop"; - "text/xml" = "firefox.desktop"; - }; - }; - }; - - }; - }; - -}
diff --git a/configurations/linux/programs/imv.nix b/configurations/linux/programs/imv.nix @@ -1,31 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.programs.imv; - -in { - - options = { - ctucxConfig.programs.imv = { - enable = lib.mkEnableOption "imv image viewer"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - home.packages = [ pkgs.imv ]; - - xdg = { - desktopEntries = { - imv-folder = { - name = "imv (Folder)"; - settings = { - NoDisplay = "true"; - }; - }; - }; - }; - }; - }; - -}
diff --git a/configurations/linux/programs/libreoffice.nix b/configurations/linux/programs/libreoffice.nix @@ -1,54 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.programs.libreoffice; - -in { - - options = { - ctucxConfig.programs.libreoffice = { - enable = lib.mkEnableOption "libreoffice office suite"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - home = { - packages = [ pkgs.libreoffice-fresh ]; - }; - - xdg = { - desktopEntries = { - impress = { - name = "LibreOffice Impress"; - settings = { - NoDisplay = "true"; - }; - }; - - math = { - name = "LibreOffice Math"; - settings = { - NoDisplay = "true"; - }; - }; - - base = { - name = "LibreOffice Base"; - settings = { - NoDisplay = "true"; - }; - }; - - draw = { - name = "LibreOffice Draw"; - settings = { - NoDisplay = "true"; - }; - }; - }; - }; - }; - }; - -}
diff --git a/configurations/linux/programs/mpv.nix b/configurations/linux/programs/mpv.nix @@ -1,63 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.programs.mpv; - -in { - - options = { - ctucxConfig.programs.mpv = { - enable = lib.mkEnableOption "mpv media player"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - home.packages = lib.mkIf config.ctucxConfig.wm.gnome.enable [ - pkgs.celluloid - ]; - - programs = lib.mkIf (config.ctucxConfig.wm.gnome.enable != true) { - mpv = { - enable = true; - scripts = [ - pkgs.mpvScripts.mpris - ]; - }; - }; - - xdg = lib.mkIf (config.ctucxConfig.wm.gnome.enable != true) { - desktopEntries = { - mpv = { - name = "mpv Media Player"; - genericName = "Multimedia player"; - icon = "mpv"; - exec = "mpv --player-operation-mode=pseudo-gui -- %U"; - terminal = false; - mimeType = [ "application/ogg" "application/x-ogg" "application/mxf" "application/sdp" "application/smil" "application/x-smil" "application/streamingmedia" "application/x-streamingmedia" - "application/vnd.rn-realmedia" "application/vnd.rn-realmedia-vbr" "audio/aac" "audio/x-aac" "audio/vnd.dolby.heaac.1" "audio/vnd.dolby.heaac.2" "audio/aiff" "audio/x-aiff" - "audio/m4a" "audio/x-m4a" "application/x-extension-m4a" "audio/mp1" "audio/x-mp1" "audio/mp2" "audio/x-mp2" "audio/mp3" "audio/x-mp3" "audio/mpeg" "audio/mpeg2" "audio/mpeg3" - "audio/mpegurl" "audio/x-mpegurl" "audio/mpg" "audio/x-mpg" "audio/rn-mpeg" "audio/musepack" "audio/x-musepack" "audio/ogg" "audio/scpls" "audio/x-scpls" "audio/vnd.rn-realaudio" - "audio/wav" "audio/x-pn-wav" "audio/x-pn-windows-pcm" "audio/x-realaudio" "audio/x-pn-realaudio" "audio/x-ms-wma" "audio/x-pls" "audio/x-wav" "video/mpeg" "video/x-mpeg2" - "video/x-mpeg3" "video/mp4v-es" "video/x-m4v" "video/mp4" "application/x-extension-mp4" "video/divx" "video/vnd.divx" "video/msvideo" "video/x-msvideo" "video/ogg" "video/quicktime" - "video/vnd.rn-realvideo" "video/x-ms-afs" "video/x-ms-asf" "audio/x-ms-asf" "application/vnd.ms-asf" "video/x-ms-wmv" "video/x-ms-wmx" "video/x-ms-wvxvideo" "video/x-avi" - "video/avi" "video/x-flic" "video/fli" "video/x-flc" "video/flv" "video/x-flv" "video/x-theora" "video/x-theora+ogg" "video/x-matroska" "video/mkv" "audio/x-matroska" - "application/x-matroska" "video/webm" "audio/webm" "audio/vorbis" "audio/x-vorbis" "audio/x-vorbis+ogg" "video/x-ogm" "video/x-ogm+ogg" "application/x-ogm" "application/x-ogm-audio" - "application/x-ogm-video" "application/x-shorten" "audio/x-shorten" "audio/x-ape" "audio/x-wavpack" "audio/x-tta" "audio/AMR" "audio/ac3" "audio/eac3" "audio/amr-wb" - "video/mp2t" "audio/flac" "audio/mp4" "application/x-mpegurl" "video/vnd.mpegurl" "application/vnd.apple.mpegurl" "audio/x-pn-au" "video/3gp" "video/3gpp" "video/3gpp2" - "audio/3gpp" "audio/3gpp2" "video/dv" "audio/dv" "audio/opus" "audio/vnd.dts" "audio/vnd.dts.hd" "audio/x-adpcm" "application/x-cue" "audio/m3u" ]; - categories = [ "AudioVideo" "Audio" "Video" "Player" "TV" ]; - }; - - umpv = { - name = "umpv Media Player"; - settings = { - NoDisplay = "true"; - }; - }; - }; - }; - }; - }; - -}
diff --git a/configurations/linux/programs/sway.nix b/configurations/linux/programs/sway.nix @@ -1,252 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.wm.sway; - -in { - - options = { - ctucxConfig.wm.sway = { - enable = lib.mkEnableOption "swaywm"; - }; - }; - - config = lib.mkIf cfg.enable { - nixpkgs.overlays = [(self: super: { - - wlroots = super.wlroots.overrideAttrs (old: { - mesonFlags = (old.mesonFlags or []) ++ [ - "-Dxwayland=disabled" - ]; - }); - - sway-unwrapped = super.sway-unwrapped.overrideAttrs (old: { - mesonFlags = (old.mesonFlags or []) ++ [ - "-Dxwayland=disabled" - ]; - }); - - xsel = super.wl-clipboard-x11; - xclip = super.wl-clipboard-x11; - - })]; - - - - xdg.portal = { - config.common.default = [ "wlr" ]; - wlr.enable = true; - }; - - home-manager.users.katja = { - - home.packages = with pkgs; [ - qt5.qtwayland wl-clipboard - ]; - - programs.bash.initExtra = '' - if [ "$(tty)" = "/dev/tty1" ]; then - exec sway - fi - ''; - - wayland.windowManager.sway = let - cfg = config.home-manager.users.katja.wayland.windowManager.sway; - modifier = cfg.config.modifier; - - in { - enable = true; - systemd.enable = true; - - xwayland = false; - wrapperFeatures.gtk = true; - - extraSessionCommands = '' - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_FORCE_DPI=physical - export QT_WAYLAND_DISABLE_WINDOWDECORATION=1 - - export _JAVA_AWT_WM_NONREPARENTING=1 - - # be careful with those, they *will* break some applications - export SDL_VIDEODRIVER=wayland - export GDK_BACKEND=wayland - ''; - - extraConfig = '' - # Import the most important environment variables into the D-Bus and systemd - # user environments (e.g. required for screen sharing and Pinentry prompts): - exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP - ''; - - config = { - fonts = { - names = [ "Noto Sans Mono" "FontAwesome5Free" ]; - style = ""; - size = 11.0; - }; - - colors = { - focused = { - background = "#3b8756"; - border = "#3b8756"; - childBorder = "#3b8756"; - text = "#eceff4"; - indicator = "#8fbcbb"; - }; - }; - - window = { - titlebar = false; - hideEdgeBorders = "smart"; - border = 5; - }; - - input = { - - "*" = { - xkb_layout = "us,ru,de"; - xkb_variant = "mac,mac,qwerty"; - xkb_options = "grp:alt_shift_toggle"; - natural_scroll = "enabled"; - }; - - "1046:9110:Goodix_Capacitive_TouchScreen" = { - map_to_output = "DSI-1"; - }; - - "1452:613:Apple_Inc._Magic_Trackpad_2" = { - accel_profile = "adaptive"; - }; - - }; - - output = { - - "DSI-1" = { - transform = "90"; - scale = "1.2"; - }; - - "*" = { -# bg = "~/Pictures/photos.ctu.cx/Bahnbilder/2019.06/20190622-153441.jpg fill"; - scale = lib.mkDefault "1"; - }; - - }; - - assigns = { - "1: Web" = [{ app_id = "firefox"; }]; - "2: Mail" = [{ app_id = "thunderbird"; }]; - }; - - bars = []; - - modifier = "Mod4"; - - workspaceAutoBackAndForth = true; - - keybindings = { - "${modifier}+Return" = "exec ${cfg.config.terminal}"; - "${modifier}+Space" = "exec ${pkgs.wofi}/bin/wofi --style ${./wofi/style.css} --conf ${./wofi/config} --show drun"; - "${modifier}+l" = "exec ${pkgs.systemd}/bin/loginctl lock-session"; - "${modifier}+z" = "exec sleep 1 && systemctl suspend"; - "${modifier}+Tab" = "exec ${pkgs.rofi-wayland}/bin/rofi -show wifi -modi 'wifi:${pkgs.rofi-iwd-wifi-menu}/bin/iwdrofimenu'"; - - - "${modifier}+Control+Print" = "exec ${pkgs.grim}/bin/grim ~/Pictures/Screenshots/$(date +\"%Y-%m-%d_%H:%m:%S\").png"; - "${modifier}+Control+Shift+Print" = "exec ${pkgs.grim}/bin/grim - | ${pkgs.wl-clipboard}/bin/wl-copy -t image/png"; - "${modifier}+Print" = "exec ${pkgs.grim}/bin/grim -g \"$(${pkgs.slurp}/bin/slurp)\" ~/Pictures/Screenshots/$(date +\"%Y-%m-%d_%H:%m:%S\").png"; - "${modifier}+Shift+Print" = "exec ${pkgs.grim}/bin/grim -g \"$(${pkgs.slurp}/bin/slurp)\" - | ${pkgs.wl-clipboard}/bin/wl-copy -t image/png"; - - "XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s +5%"; - "XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s 5%-"; - - "XF86AudioRaiseVolume" = "exec ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%"; - "XF86AudioLowerVolume" = "exec ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "XF86AudioMute" = "exec ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle"; - "XF86AudioMicMute" = "exec ${pkgs.pulseaudio}/bin/pactl set-source-mute @DEFAULT_SOURCE@ toggle"; - - "XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause"; - "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next"; - "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous"; - - "${modifier}+Shift+e" = "exec swaynag -t warning -m 'Do you really want to exit sway?' -b 'Yep' 'swaymsg exit'"; - - "${modifier}+q" = "kill"; - - "${modifier}+Shift+c" = "reload"; - - "${modifier}+Left" = "focus left"; - "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; - "${modifier}+Right" = "focus right"; - "${modifier}+a" = "focus parent"; - - - "${modifier}+Shift+Left" = "move left"; - "${modifier}+Shift+Down" = "move down"; - "${modifier}+Shift+Up" = "move up"; - "${modifier}+Shift+Right" = "move right"; - - "${modifier}+1" = "workspace 1: Web"; - "${modifier}+2" = "workspace 2: Mail"; - "${modifier}+3" = "workspace 3: Term; layout tabbed"; - "${modifier}+4" = "workspace 4: Files"; - "${modifier}+5" = "workspace number 5"; - "${modifier}+6" = "workspace number 6"; - "${modifier}+7" = "workspace number 7"; - "${modifier}+8" = "workspace number 8"; - "${modifier}+9" = "workspace number 9"; - "${modifier}+0" = "workspace number 10"; - - "${modifier}+Shift+1" = "move container to workspace 1: Web"; - "${modifier}+Shift+2" = "move container to workspace 2: Mail"; - "${modifier}+Shift+3" = "move container to workspace 3: Term"; - "${modifier}+Shift+4" = "move container to workspace 4: Files"; - "${modifier}+Shift+5" = "move container to workspace number 5"; - "${modifier}+Shift+6" = "move container to workspace number 6"; - "${modifier}+Shift+7" = "move container to workspace number 7"; - "${modifier}+Shift+8" = "move container to workspace number 8"; - "${modifier}+Shift+9" = "move container to workspace number 9"; - "${modifier}+Shift+0" = "move container to workspace number 10"; - - "${modifier}+s" = "layout stacking"; - "${modifier}+w" = "layout tabbed"; - "${modifier}+e" = "layout toggle split"; - - "${modifier}+f" = "fullscreen"; - - "${modifier}+r" = "mode \"resize\""; - "${modifier}+b" = "mode \"waybar\""; - - "${modifier}+Shift+space" = "floating toggle"; - }; - - modes = { - "resize" = { - "Right" = "resize shrink width 10px"; - "Left" = "resize grow width 10px"; - "Down" = "resize shrink height 10px"; - "Up" = "resize grow height 10px"; - - "Return" = "mode \"default\""; - "Escape" = "mode \"default\""; - "${modifier}+r" = "mode \"default\""; - }; - - "waybar" = { - "space" = "exec pkill -SIGUSR1 waybar"; - "r" = "exec pkill -SIGUSR2 waybar"; - - "Return" = "mode \"default\""; - "Escape" = "mode \"default\""; - "${modifier}+r" = "mode \"default\""; - }; - }; - }; - }; - }; - }; - -}
diff --git a/configurations/linux/programs/thunar.nix b/configurations/linux/programs/thunar.nix @@ -1,50 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.programs.thunar; - -in { - - options = { - ctucxConfig.programs.thunar = { - enable = lib.mkEnableOption "thunar file manager"; - }; - }; - - config = lib.mkIf cfg.enable { - ctucxConfig.services.gvfs.enable = true; - - services = { - tumbler.enable = true; - }; - - home-manager.users.katja = { - home.packages = with pkgs; [ - xfce.thunar - ]; - - xdg = { - desktopEntries = { - thunar-bulk-rename = { - name = "Bulk Rename"; - settings = { - NoDisplay = "true"; - }; - }; - - thunar-settings = { - name = "Thunar settings"; - settings = { - NoDisplay = "true"; - }; - }; - }; - }; - - wayland.windowManager.sway.extraConfig = '' - exec swaymsg 'workspace 4: Files; exec thunar; workspace 1: Web;' - ''; - }; - }; - -}
diff --git a/configurations/linux/programs/thunderbird.nix b/configurations/linux/programs/thunderbird.nix @@ -1,60 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.programs.thunderbird; - -in { - - options = { - ctucxConfig.programs.thunderbird = { - enable = lib.mkEnableOption "thunderbird mail "; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - home.packages = with pkgs; [ - thunderbird - ]; - - systemd.user.services.thunderbird = lib.mkIf config.home-manager.users.katja.wayland.windowManager.sway.enable { - Unit = { - After = [ "graphical-session-pre.target" ]; - PartOf = [ "graphical-session.target" ]; - }; - - Service = { - Environment = "PATH=/run/wrappers/bin:/home/katja/.nix-profile/bin:/etc/profiles/per-user/katja/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"; - ExecStart = "${pkgs.thunderbird}/bin/thunderbird"; - Restart = "always"; - RestartSec = 5; - }; - - Install = { - WantedBy = [ "graphical-session.target" ]; - }; - }; - - wayland.windowManager.sway.config.startup = [ - { always = true; command = "systemctl --user restart thunderbird"; } - ]; - - xdg = { - enable = true; - mime.enable = true; - - #force hm to override existing mimeapps.list file - configFile."mimeapps.list".force = true; - - mimeApps = { - enable = true; - defaultApplications = { - "x-scheme-handler/mailto" = "thunderbird.desktop"; - }; - }; - }; - - }; - }; - -}
diff --git a/configurations/linux/programs/zathura.nix b/configurations/linux/programs/zathura.nix @@ -1,19 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.programs.zathura; - -in { - - options = { - ctucxConfig.programs = { - zathura.enable = lib.mkEnableOption "zathura pdf reader"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja.home.packages = [ - pkgs.zathura - ]; - }; -}
diff --git a/configurations/linux/services/avahi.nix b/configurations/linux/services/avahi.nix @@ -1,9 +0,0 @@ -{ pkgs, ... }: - -{ - services = { - avahi.enable = true; - avahi.publish.enable = true; - avahi.publish.userServices = true; - }; -}
diff --git a/configurations/linux/services/default.nix b/configurations/linux/services/default.nix @@ -1,27 +0,0 @@ -{ config, lib, ... }: - -{ - - imports = [ - ./prometheus-exporters.nix - ./restic-server.nix - ./dns.nix - ./syncthing.nix - ./syncthing-nginx.nix - - ./systemd-lock-handler.nix - - ./swaylock.nix - ./waybar.nix - ./mako.nix - ./wlsunset.nix - - ./pipewire.nix - ./easyeffects.nix - ./gvfs.nix - ]; - - ctucxConfig.monitoring.exporters.enable = (lib.mkDefault (if (config.networking.primaryIP != "") || (config.networking.primaryIP4 != "") then true else false)); - ctucxConfig.services.resticServer.enable = (lib.mkDefault (builtins.elem "resticServer" config.deployment.tags)); - -}- \ No newline at end of file
diff --git a/configurations/linux/services/dns.nix b/configurations/linux/services/dns.nix @@ -1,187 +0,0 @@ -{ currentSystem, nodes, config, lib, pkgs, ...}: - -let - acmeZone = "acme.ctu.cx"; - - generateACMERecord = recordName: ( - (builtins.hashString "sha1" recordName) + ".${acmeZone}." - ); - - nodesWithACMERecords = ( - nodes - |> lib.filterAttrs (hostName: nodeCfg: nodeCfg.config.security.acme.certs != {}) - ); - - getAllDomainsPerNode = hostName: ( - nodes.${hostName}.config.security.acme.certs - |> lib.mapAttrsToList (domain: cfg: [ domain ] ++ cfg.extraDomainNames) - |> lib.flatten - ); - - getACMERecordsPerNode = hostName: ( - hostName - |> getAllDomainsPerNode - |> builtins.map (recordName: (generateACMERecord recordName)) - ); - - generateACMERecordsPerZone = zoneName: ( - nodesWithACMERecords - |> lib.mapAttrsToList (hostName: _: (getAllDomainsPerNode hostName)) - |> lib.flatten - |> builtins.filter (lib.hasSuffix zoneName) - |> builtins.map (recordName: { - name = "_acme-challenge${if zoneName != recordName then "." else ""}${lib.removeSuffix "${if zoneName != recordName then "." else ""}${zoneName}" recordName}"; - value = { - CNAME = [ (generateACMERecord recordName) ]; - }; - }) - |> builtins.listToAttrs - ); - -in { - - age.secrets = lib.mkIf config.dns.primary { - knotKeys = { - file = ./. + "/../../../secrets/${config.networking.hostName}/knot-keys.age"; - owner = "knot"; - group = "knot"; - }; - }; - - systemd.tmpfiles.settings.knotExtraZones = lib.mkIf config.dns.primary { - "${config.dns.dataDir}/extraZones".d = { - group = "knot"; - user = "knot"; - mode = "770"; - age = "-"; - }; - - "${config.dns.dataDir}/extraZones/${acmeZone}.zone"."f~" = { - group = "knot"; - user = "knot"; - mode = "770"; - age = "-"; - argument = pkgs.toBase64 ( - pkgs.dns.lib.types.zoneToString acmeZone (pkgs.dns.lib.evalZone acmeZone (with pkgs.dns.lib.combinators; { - NS = [ "ns1.ctu.cx." "ns2.ctu.cx." ]; - SOA = { - nameServer = "ns1.ctu.cx."; - adminEmail = "dns@ctu.cx"; # Email address with a real `@`! - serial = 0; - }; - })) - ); - }; - }; - - dns = { - enable = lib.mkDefault (builtins.elem "dnsServer" config.deployment.tags); - primary = lib.mkDefault (config.networking.hostName == "hector"); - keyFiles = lib.mkIf config.dns.primary [ config.age.secrets.knotKeys.path ]; - extraZones = lib.mkIf config.dns.primary { - "${acmeZone}" = { - storage = "${config.dns.dataDir}/extraZones"; - file = "${acmeZone}.zone"; - - zonefile-sync = 0; - zonefile-load = "difference-no-serial"; - - journal-content = "all"; - - acl = ( - nodesWithACMERecords - |> lib.mapAttrsToList (hostName: _: "acme-nix-${hostName}") - ); - }; - }; - - extraACL = lib.mkIf config.dns.primary ( - nodesWithACMERecords - |> lib.mapAttrs' (hostName: _: { - name = "acme-nix-${hostName}"; - value = { - key = [ "acme-nix-${hostName}" ]; - action = "update"; - update-owner = "name"; - update-owner-match = "equal"; - update-owner-name = getACMERecordsPerNode hostName; - }; - }) - ); - - allZones = with pkgs.dns.lib.combinators; let - CAA = [ { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; } ]; - NS = [ "ns1.ctu.cx." "ns2.ctu.cx." ]; - SOA = { - nameServer = "ns1.ctu.cx."; - adminEmail = "dns@ctu.cx"; # Email address with a real `@`! - serial = 0; - }; - - in { - "ctu.cx" = { - inherit SOA NS CAA; - - subdomains = { - ns1 = (host nodes.hector.config.networking.primaryIP4 nodes.hector.config.networking.primaryIP); - ns2 = (host nodes.wanderduene.config.networking.primaryIP4 nodes.wanderduene.config.networking.primaryIP); - - "acme".NS = [ "ns1" "ns2" ]; - - _atproto.TXT = [ "did=did:plc:zaeuok3fmh2pcp4cjiicku4i" ]; - test.TXT = [ "test uwu"]; - } // (generateACMERecordsPerZone "ctu.cx"); - }; - - "wifionic.de" = { - inherit SOA NS CAA; - - subdomains = generateACMERecordsPerZone "wifionic.de"; - }; - - "trans-agenda.de" = { - inherit SOA NS CAA; - - subdomains = generateACMERecordsPerZone "trans-agenda.de"; - }; - - "katja.wtf" = { - inherit SOA NS CAA; - - subdomains = generateACMERecordsPerZone "katja.wtf"; - }; - - "ctucx.de" = { - inherit SOA NS CAA; - - subdomains = generateACMERecordsPerZone "ctucx.de"; - }; - - "zuggeschmack.de" = { - inherit SOA NS CAA; - - subdomains = generateACMERecordsPerZone "zuggeschmack.de"; - }; - - "thein.ovh" = { - inherit SOA NS CAA; - - subdomains = generateACMERecordsPerZone "thein.ovh"; - }; - - "flauschehorn.sexy" = { - inherit SOA NS CAA; - - MX = with mx; [ (mx 10 "rx300.kunbox.net.") ]; - TXT = [ "v=spf1 mx ~all" ]; - - subdomains = { - _dmarc.TXT = [ "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" ]; - "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB" ]; - } // (generateACMERecordsPerZone "flauschehorn.sexy"); - }; - - }; - }; - -}
diff --git a/configurations/linux/services/easyeffects.nix b/configurations/linux/services/easyeffects.nix @@ -1,44 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.ctucxConfig.services.easyeffects; - -in { - - options = { - ctucxConfig.services.easyeffects = { - enable = lib.mkEnableOption "easyeffects"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - home.packages = with pkgs; [ - easyeffects - ]; - - systemd.user.services.easyeffects = { - Unit = { - After = [ "graphical-session-pre.target" ]; - PartOf = [ "graphical-session.target" ]; - }; - - Service = { - Environment = "PATH=/run/wrappers/bin:/home/katja/.nix-profile/bin:/etc/profiles/per-user/katja/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"; - ExecStart = "${pkgs.easyeffects}/bin/easyeffects --gapplication-service"; - Restart = "always"; - RestartSec = 5; - }; - - Install = { - WantedBy = [ "graphical-session.target" ]; - }; - }; - - wayland.windowManager.sway.config.startup = [ - { always = true; command = "systemctl --user restart easyeffects"; } - ]; - }; - }; - -}
diff --git a/configurations/linux/services/gvfs.nix b/configurations/linux/services/gvfs.nix @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.ctucxConfig.services.gvfs; - -in { - - options = { - ctucxConfig.services.gvfs = { - enable = lib.mkEnableOption "gvfs"; - }; - }; - - config = lib.mkIf cfg.enable { - services = { - gvfs.enable = true; - gvfs.package = (pkgs.gvfs.overrideAttrs (old: { - mesonFlags = (old.mesonFlags or []) ++ [ - "-Dafp=false" - "-Dgphoto2=false" - ]; - })).override { - gnomeSupport = false; - samba = null; - }; - }; - }; - -}
diff --git a/configurations/linux/services/mako.nix b/configurations/linux/services/mako.nix @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.ctucxConfig.services.mako; - -in { - - options = { - ctucxConfig.services.mako = { - enable = lib.mkEnableOption "mako notification deamon"; - }; - }; - - config = lib.mkIf cfg.enable { - home-manager.users.katja = { - services.mako = { - enable = true; - - defaultTimeout = 20000; - - borderColor = "#002028"; - borderSize = 2; - - backgroundColor = "#002b36AA"; - - textColor = "#fdf6e3"; - font = "Fira Code 11"; - format = "<b>%s</b> <span color=\"#93a1a1\">(%a)</span>\\n%b"; - }; - - systemd.user.services.mako = { - Unit = { - After = [ "graphical-session-pre.target" ]; - PartOf = [ "graphical-session.target" ]; - }; - - Service = { - ExecStart = "${pkgs.mako}/bin/mako"; - Restart = "always"; - RestartSec = 5; - }; - - Install = { - WantedBy = [ "graphical-session.target" ]; - }; - }; - - wayland.windowManager.sway.config.startup = [ - { always = true; command = "systemctl --user restart mako"; } - ]; - }; - }; - -}- \ No newline at end of file
diff --git a/configurations/linux/services/pipewire.nix b/configurations/linux/services/pipewire.nix @@ -1,33 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.ctucxConfig.services.pipewire; - -in { - - options = { - ctucxConfig.services.pipewire = { - enable = lib.mkEnableOption "pipewire sound server"; - }; - }; - - config = lib.mkIf cfg.enable { - - security.rtkit.enable = true; - - services = { - pipewire = { - enable = true; - socketActivation = true; - - alsa.enable = true; - pulse.enable = true; - }; - }; - - home-manager.users.katja.home.packages = lib.mkIf config.ctucxConfig.wm.sway.enable [ - pkgs.pavucontrol - ]; - }; - -}
diff --git a/configurations/linux/services/prometheus-exporters.nix b/configurations/linux/services/prometheus-exporters.nix @@ -1,58 +0,0 @@ -{ config, lib, pkgs, ...}: - -let - cfg = config.ctucxConfig.monitoring; - -in { - - options = { - ctucxConfig.monitoring = { - exporters.enable = lib.mkEnableOption "prometheus exporters"; - }; - }; - - config = lib.mkIf cfg.exporters.enable { - services = { - prometheus.exporters = { - node = { - enable = true; - listenAddress = "[::1]"; - port = 9100; - enabledCollectors = [ - "systemd" "processes" - ]; - }; - - systemd = { - enable = true; - listenAddress = "[::1]"; - port = 9558; - }; - - scaphandre = { - enable = (if (builtins.elem "intel_rapl_common" config.boot.kernelModules) then true else false); - user = "root"; - group = "root"; - listenAddress = "::1"; - port = 9080; - telemetryPath = "scaphandre-exporter"; - }; - }; - - nginx = { - enable = true; - virtualHosts."${config.networking.fqdn}" = { - useACMEHost = "${config.networking.hostName}.${config.networking.domain}"; - forceSSL = true; - kTLS = true; - locations."/node-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.node.listenAddress}:${toString config.services.prometheus.exporters.node.port}/metrics"; - locations."/systemd-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.systemd.listenAddress}:${toString config.services.prometheus.exporters.systemd.port}/metrics"; - locations."/scaphandre-exporter".proxyPass = lib.mkIf config.services.prometheus.exporters.scaphandre.enable "http://[::1]:${toString config.services.prometheus.exporters.scaphandre.port}/scaphandre-exporter"; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - }; - -}
diff --git a/configurations/linux/services/restic-server.nix b/configurations/linux/services/restic-server.nix @@ -1,53 +0,0 @@ -{ config, lib, pkgs, ...}: - -let - cfg = config.ctucxConfig.services.resticServer; - -in { - - options = { - ctucxConfig.services.resticServer = { - enable = lib.mkEnableOption "restic server"; - }; - }; - - config = lib.mkIf cfg.enable { - - age.secrets.restic-server-htpasswd = { - file = ./. + "/../../../secrets/${config.networking.hostName}/restic-server-htpasswd.age"; - owner = "nginx"; - }; - - dns.zones."ctu.cx".subdomains."restic.${config.networking.hostName}".CNAME = [ "${config.networking.hostName}.ctu.cx." ]; - - systemd.services.restic-rest-server.onFailure = [ "email-notify@%i.service" ]; - - services = { - restic.server = { - enable = true; - listenAddress = "[::1]:8000"; - appendOnly = true; - extraFlags = [ "--no-auth" ]; - dataDir = "/var/lib/restic"; - }; - - nginx = { - enable = true; - virtualHosts."restic.${config.networking.hostName}.ctu.cx" = { - useACMEHost = "${config.networking.hostName}.${config.networking.domain}"; - forceSSL = lib.mkDefault true; - kTLS = lib.mkDefault true; - locations."/" = { - proxyPass = "http://${toString config.services.restic.server.listenAddress}/"; - extraConfig = '' - client_max_body_size 10G; - auth_basic Auth; - auth_basic_user_file ${config.age.secrets.restic-server-htpasswd.path}; - ''; - }; - }; - }; - }; - }; - -}
diff --git a/configurations/linux/services/swaylock.nix b/configurations/linux/services/swaylock.nix @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.ctucxConfig.services.swaylock; - -in { - - options = { - ctucxConfig.services.swaylock = { - enable = lib.mkEnableOption "swaybar screenlock"; - }; - }; - - config = lib.mkIf cfg.enable { - - ctucxConfig.services.systemd-lock-handler.enable = true; - - security.pam.services.swaylock = {}; - - home-manager.users.katja.systemd.user.services = { - swaylock = { - Unit = { - Requisite = [ "graphical-session.target" ]; - PartOf = [ "lock.target" "sleep.target" ]; - }; - - Service = { - ExecStart = "${pkgs.swaylock}/bin/swaylock -i /home/katja/Pictures/Backgrounds/lock.png"; - ExecStopPost = "${pkgs.systemd}/bin/loginctl unlock-session"; - }; - - Install = { - WantedBy = [ "lock.target" "sleep.target" ]; - }; - }; - }; - - }; - -}
diff --git a/configurations/linux/services/syncthing-nginx.nix b/configurations/linux/services/syncthing-nginx.nix @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.ctucxConfig.services.syncthingWithNginx; - -in { - options = { - ctucxConfig.services.syncthingWithNginx = { - enable = lib.mkEnableOption "syncthing with nginx reverse-proxy"; - }; - }; - - config = lib.mkIf cfg.enable { - ctucxConfig.services.syncthing.enable = true; - - dns.zones."ctu.cx".subdomains."syncthing.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ]; - - systemd.services.syncthing.onFailure = [ "email-notify@%i.service" ]; - - services = { - syncthing = { - guiAddress = "[::1]:8384"; - settings.gui.insecureSkipHostcheck = true; - }; - - nginx = { - enable = true; - virtualHosts."syncthing.${config.networking.hostName}.ctu.cx" = { - useACMEHost = "${config.networking.hostName}.${config.networking.domain}"; - forceSSL = true; - kTLS = true; - locations."/".proxyPass = "http://${toString config.services.syncthing.guiAddress}"; - }; - }; - }; - }; - -}
diff --git a/configurations/linux/services/syncthing.nix b/configurations/linux/services/syncthing.nix @@ -1,46 +0,0 @@ -{ inputs, config, pkgs, lib, ... }: - -let - cfg = config.ctucxConfig.services.syncthing; - syncthingConfig = import ../../common/syncthing-config.nix { inherit inputs pkgs config lib; }; - -in { - options = { - ctucxConfig.services.syncthing = { - enable = lib.mkEnableOption "syncthing"; - }; - }; - - config = lib.mkIf cfg.enable { - age.secrets = { - syncthing-key = { - file = ../../../secrets + "/${config.networking.hostName}/syncthing/key.age"; - owner = "katja"; - }; - syncthing-cert = { - file = ../../../secrets + "/${config.networking.hostName}/syncthing/cert.age"; - owner = "katja"; - }; - }; - - systemd.services.syncthing.onFailure = [ "email-notify@%i.service" ]; - - services.syncthing = { - enable = true; - openDefaultPorts = true; - - user = "katja"; - group = "users"; - - key = lib.mkDefault config.age.secrets.syncthing-key.path; - cert = lib.mkDefault config.age.secrets.syncthing-cert.path; - - dataDir = lib.mkDefault "/home/katja"; - configDir = lib.mkDefault "/home/katja/.config/syncthing"; - - settings.devices = syncthingConfig.devices; - settings.folders = syncthingConfig.folders; - }; - }; - -}
diff --git a/configurations/linux/services/systemd-lock-handler.nix b/configurations/linux/services/systemd-lock-handler.nix @@ -1,58 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.ctucxConfig.services.systemd-lock-handler; - -in { - - options = { - ctucxConfig.services.systemd-lock-handler = { - enable = lib.mkEnableOption "waybar"; - }; - }; - - config = lib.mkIf cfg.enable { - - home-manager.users.katja.systemd.user = { - services.systemd-lock-handler = { - Unit = { - Description = "Logind lock event to systemd target translation"; - Documentation = [ "https://sr.ht/~whynothugo/systemd-lock-handler" ]; - }; - - Service = { - Type = "notify"; - ExecStart = "${pkgs.systemd-lock-handler}/lib/systemd-lock-handler"; - }; - - Install = { - WantedBy = [ "default.target" ]; - }; - }; - - targets = { - lock = { - Unit = { - Description = "Lock the current session"; - Conflicts = [ "unlock.target" ]; - }; - }; - - unlock = { - Unit = { - Description = "Unlock the current session"; - Conflicts = [ "lock.target" ]; - }; - }; - - sleep = { - Unit = { - Description = "User-level target triggered when the system is about to sleep"; - }; - }; - }; - }; - - }; - -}
diff --git a/configurations/linux/services/usbmuxd.nix b/configurations/linux/services/usbmuxd.nix @@ -1,36 +0,0 @@ -{ pkgs, ... }: - -{ -# services = { -# usbmuxd.enable = true; -# }; - - - users.groups.usbmux = {}; - - users.users = { - katja.extraGroups = [ "usbmux" ]; - - usbmux.description = "usbmuxd user"; - usbmux.group = "usbmux"; - usbmux.isSystemUser = true; - }; - - # Give usbmuxd permission for Apple devices - services.udev.extraRules = '' - SUBSYSTEM=="usb", ATTR{idVendor}=="05ac", GROUP="usbmux" - ''; - - systemd.services.usbmuxd = { - description = "usbmuxd"; - wantedBy = [ "multi-user.target" ]; - unitConfig.Documentation = "man:usbmuxd(8)"; - serviceConfig = { - # Trigger the udev rule manually. This doesn't require replugging the - # device when first enabling the option to get it to work - ExecStartPre = "${pkgs.udev}/bin/udevadm trigger -s usb -a idVendor=05ac"; - # Start usbmuxd with `--systemd` otherwise it hangs on shutdown - ExecStart = "${pkgs.usbmuxd}/bin/usbmuxd -U usbmux --systemd"; - }; - }; -}
diff --git a/configurations/linux/services/waybar.nix b/configurations/linux/services/waybar.nix @@ -1,213 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.ctucxConfig.services.waybar; - -in { - - options = { - ctucxConfig.services.waybar = { - enable = lib.mkEnableOption "waybar"; - }; - }; - - config = lib.mkIf cfg.enable { - - home-manager.users.katja = { - wayland.windowManager.sway.config.startup = [ - { always = true; command = "systemctl --user restart waybar"; } - ]; - - systemd.user.services.waybar.Service.Environment = "PATH=$PATH:${pkgs.iwd}/bin"; - - programs = { - waybar = { - enable = true; - systemd.enable = true; - - package = pkgs.waybar.override { - hyprlandSupport = false; - }; - - settings = [{ - layer = "top"; - position = "top"; - - height = 40; - - modules-left = [ "sway/workspaces" "sway/mode" ]; - modules-center = [ "clock" ]; - modules-right = [ - "tray" "disk" "memory" "cpu" "idle_inhibitor" "network#wifi" "battery" "pulseaudio" - ]; - - "sway/workspaces" = { - disable-scroll = true; - }; - - "sway/mode" = { - tooltip = false; - format = "<span style=\"italic\">{}</span>"; - }; - - clock = { - interval = 1; - format = "{:%H:%M:%S}"; - format-alt = "{:%Y-%m-%d}"; - tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>"; - }; - - tray = { - tooltip = false; - # icon-size = 21; - spacing = 10; - }; - - disk = { - format = " {}%"; - tooltip-format = "SSD: {used} / {total} used"; - }; - - memory = { - format = " {}%"; - tooltip-format = "RAM: {used:0.1f}G / {total:0.1f}G used"; - }; - - cpu = { - format = " {usage}%"; - tooltip = false; - }; - - battery = { - bat = "BAT0"; - adapter = "AC"; - interval = 10; - full-at = 99; - states = { - full = 100; - good = 99; - warning = 40; - critical = 15; - }; - - format = "{icon} <span color='white'>{capacity}%</span>"; - format-charging = " <span color='white'>{capacity}%</span>"; - format-plugged = " <span color='white'>{capacity}%</span>"; - format-empty = ""; - format-full = ""; - format-icons = ["" "" "" "" ""]; - }; - - "network#wifi" = { - interface = "wlan0*"; - tooltip-format = "{ifname}: {ipaddr}/{cidr}"; - - on-click = "${pkgs.rofi-wayland}/bin/rofi -show wifi -modi 'wifi:${pkgs.rofi-iwd-wifi-menu}/bin/iwdrofimenu'"; - - format-ethernet = ""; - format-wifi = " {essid} ({signalStrength}%)"; - format-linked = ""; - format-disconnected = ""; - }; - - pulseaudio = { - scroll-step = 1; - on-click = "${pkgs.pavucontrol}/bin/pavucontrol"; - - format = "{format_source} {icon} {volume}%"; - format-bluetooth = "{format_source} {icon} {volume}%"; - format-bluetooth-muted = "{format_source} "; - format-muted = "{format_source} "; - format-source = ""; - format-source-muted = ""; - format-icons = { - headphone = ""; - phone = ""; - portable = ""; - car = ""; - default = ["" "" ""]; - }; - }; - - idle_inhibitor = { - format = "{icon}"; - format-icons = { - activated = ""; - deactivated = ""; - }; - }; - }]; - - style = '' - @keyframes blink { - to { - background: transparent; - color: #fff; - } - } - - * { - font-family: 'Noto Sans'; - font-size: 15px; - border: none; - border-radius: 0; - min-height: 0; - transition: none; - box-shadow: none; - } - - window#waybar { - /* background: linear-gradient(rgba(0, 0, 0, 0.5), rgba(0, 0, 0, 0)); */ - background: rgba(0, 0, 0, 0.5); - color: white; - border-bottom: 2px solid rgba(59, 135, 86, 0.5); - } - - #workspaces button.focused { - background: rgba(255, 255, 255, 0.1); - border-bottom: 3px solid rgb(74, 169, 108); - } - - #workspaces button:hover { - background: rgba(255, 255, 255, 0.06); - } - - #clock { - font-size: 16px; - font-family: 'Noto Mono', monospace; - } - - #disk, #memory, #cpu, #idle_inhibitor, #battery, #pulseaudio, #network { - padding: 0px 15px; - } - - #battery { - color: #a3be8c; - } - - #battery.charging { - color: #a3be8c; - } - - #battery.critical:not(.charging) { - background: rgba(245, 60, 60, 0.4); - color: #fff; - - border-radius: 15px; - margin: 6px; - - animation-name: blink; - animation-duration: 1s; - animation-timing-function: linear; - animation-iteration-count: infinite; - animation-direction: alternate; - } - ''; - - }; - }; - - }; - }; - -}
diff --git a/configurations/linux/services/wlsunset.nix b/configurations/linux/services/wlsunset.nix @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.ctucxConfig.services.wlsunset; - -in { - - options = { - ctucxConfig.services.wlsunset = { - enable = lib.mkEnableOption "waybar"; - }; - }; - - config = lib.mkIf cfg.enable { - - home-manager.users.katja.services.wlsunset = { - enable = true; - latitude = "8.26"; - longitude = "49.01"; - temperature = { - night = 3000; - day = 4500; - }; - }; - - }; - -}
diff --git a/configurations/linux/thunderbolt.nix b/configurations/linux/thunderbolt.nix @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.ctucxConfig.configure.thunderbolt; - -in { - - options = { - ctucxConfig.configure.thunderbolt = lib.mkEnableOption "thunderbolt"; - }; - - config = lib.mkIf cfg { - boot.kernelModules = [ "thunderbolt-net"]; - environment.systemPackages = [ pkgs.bolt ]; - - services = { - hardware.bolt.enable = true; - udev.extraRules = '' - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" - ''; - }; - }; - -}
diff --git a/configurations/nixos/configure/avahi.nix b/configurations/nixos/configure/avahi.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +{ + + services = { + avahi.enable = true; + avahi.publish.enable = true; + avahi.publish.userServices = true; + }; + +}
diff --git a/configurations/nixos/configure/easyeffects.nix b/configurations/nixos/configure/easyeffects.nix @@ -0,0 +1,36 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.ctucxConfig.services.easyeffects; + +in { + + home-manager.users.katja = { + home.packages = with pkgs; [ + easyeffects + ]; + + systemd.user.services.easyeffects = { + Unit = { + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + + Service = { + Environment = "PATH=/run/wrappers/bin:/home/katja/.nix-profile/bin:/etc/profiles/per-user/katja/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"; + ExecStart = "${pkgs.easyeffects}/bin/easyeffects --gapplication-service"; + Restart = "always"; + RestartSec = 5; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + }; + + wayland.windowManager.sway.config.startup = [ + { always = true; command = "systemctl --user restart easyeffects"; } + ]; + }; + +}
diff --git a/configurations/nixos/configure/gvfs.nix b/configurations/nixos/configure/gvfs.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.ctucxConfig.services.gvfs; + +in { + + services = { + gvfs.enable = true; + gvfs.package = (pkgs.gvfs.overrideAttrs (old: { + mesonFlags = (old.mesonFlags or []) ++ [ + "-Dafp=false" + "-Dgphoto2=false" + ]; + })).override { + gnomeSupport = false; + samba = null; + }; + }; + +}
diff --git a/configurations/nixos/configure/mako.nix b/configurations/nixos/configure/mako.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: + +{ + + home-manager.users.katja = { + services.mako = { + enable = true; + + defaultTimeout = 20000; + + borderColor = "#002028"; + borderSize = 2; + + backgroundColor = "#002b36AA"; + + textColor = "#fdf6e3"; + font = "Fira Code 11"; + format = "<b>%s</b> <span color=\"#93a1a1\">(%a)</span>\\n%b"; + }; + + systemd.user.services.mako = { + Unit = { + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + + Service = { + ExecStart = "${pkgs.mako}/bin/mako"; + Restart = "always"; + RestartSec = 5; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + }; + + wayland.windowManager.sway.config.startup = [ + { always = true; command = "systemctl --user restart mako"; } + ]; + }; + +}+ \ No newline at end of file
diff --git a/configurations/nixos/configure/pipewire.nix b/configurations/nixos/configure/pipewire.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +{ + + security.rtkit.enable = true; + + services = { + pipewire = { + enable = true; + socketActivation = true; + + alsa.enable = true; + pulse.enable = true; + }; + }; + + home-manager.users.katja.home.packages = lib.mkIf config.home-manager.users.katja.wayland.windowManager.sway.enable [ + pkgs.pavucontrol + ]; + +}+ \ No newline at end of file
diff --git a/configurations/nixos/configure/swaylock.nix b/configurations/nixos/configure/swaylock.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +{ + + security.pam.services.swaylock = {}; + + services.systemd-lock-handler.enable = true; + + home-manager.users.katja.systemd.user.services = { + swaylock = { + Unit = { + Requisite = [ "graphical-session.target" ]; + PartOf = [ "lock.target" "sleep.target" ]; + }; + + Service = { + ExecStart = "${pkgs.swaylock}/bin/swaylock -i /home/katja/Pictures/Backgrounds/lock.png"; + ExecStopPost = "${pkgs.systemd}/bin/loginctl unlock-session"; + }; + + Install = { + WantedBy = [ "lock.target" "sleep.target" ]; + }; + }; + }; + +}
diff --git a/configurations/nixos/configure/thunderbolt.nix b/configurations/nixos/configure/thunderbolt.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: + +{ + + boot.kernelModules = [ "thunderbolt-net"]; + environment.systemPackages = [ pkgs.bolt ]; + + services.hardware.bolt.enable = true; + services.udev.extraRules = '' + ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1" + ''; + +}
diff --git a/configurations/nixos/configure/usbmuxd.nix b/configurations/nixos/configure/usbmuxd.nix @@ -0,0 +1,35 @@ +{ pkgs, ... }: + +{ + + users = { + groups.usbmux = {}; + + users = { + katja.extraGroups = [ "usbmux" ]; + + usbmux.description = "usbmuxd user"; + usbmux.group = "usbmux"; + usbmux.isSystemUser = true; + }; + }; + + # Give usbmuxd permission for Apple devices + services.udev.extraRules = '' + SUBSYSTEM=="usb", ATTR{idVendor}=="05ac", GROUP="usbmux" + ''; + + systemd.services.usbmuxd = { + description = "usbmuxd"; + wantedBy = [ "multi-user.target" ]; + unitConfig.Documentation = "man:usbmuxd(8)"; + serviceConfig = { + # Trigger the udev rule manually. This doesn't require replugging the + # device when first enabling the option to get it to work + ExecStartPre = "${pkgs.udev}/bin/udevadm trigger -s usb -a idVendor=05ac"; + # Start usbmuxd with `--systemd` otherwise it hangs on shutdown + ExecStart = "${pkgs.usbmuxd}/bin/usbmuxd -U usbmux --systemd"; + }; + }; + +}
diff --git a/configurations/nixos/configure/waybar.nix b/configurations/nixos/configure/waybar.nix @@ -0,0 +1,202 @@ +{ config, lib, pkgs, ... }: + +{ + + home-manager.users.katja = { + + wayland.windowManager.sway.config.startup = [ + { always = true; command = "systemctl --user restart waybar"; } + ]; + + systemd.user.services.waybar.Service.Environment = "PATH=$PATH:${pkgs.iwd}/bin"; + + programs = { + waybar = { + enable = true; + systemd.enable = true; + + package = pkgs.waybar.override { + hyprlandSupport = false; + }; + + settings = [{ + layer = "top"; + position = "top"; + + height = 40; + + modules-left = [ "sway/workspaces" "sway/mode" ]; + modules-center = [ "clock" ]; + modules-right = [ + "tray" "disk" "memory" "cpu" "idle_inhibitor" "network#wifi" "battery" "pulseaudio" + ]; + + "sway/workspaces" = { + disable-scroll = true; + }; + + "sway/mode" = { + tooltip = false; + format = "<span style=\"italic\">{}</span>"; + }; + + clock = { + interval = 1; + format = "{:%H:%M:%S}"; + format-alt = "{:%Y-%m-%d}"; + tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>"; + }; + + tray = { + tooltip = false; +# icon-size = 21; + spacing = 10; + }; + + disk = { + format = " {}%"; + tooltip-format = "SSD: {used} / {total} used"; + }; + + memory = { + format = " {}%"; + tooltip-format = "RAM: {used:0.1f}G / {total:0.1f}G used"; + }; + + cpu = { + format = " {usage}%"; + tooltip = false; + }; + + battery = { + bat = "BAT0"; + adapter = "AC"; + interval = 10; + full-at = 99; + states = { + full = 100; + good = 99; + warning = 40; + critical = 15; + }; + + format = "{icon} <span color='white'>{capacity}%</span>"; + format-charging = " <span color='white'>{capacity}%</span>"; + format-plugged = " <span color='white'>{capacity}%</span>"; + format-empty = ""; + format-full = ""; + format-icons = ["" "" "" "" ""]; + }; + + "network#wifi" = { + interface = "wlan0*"; + tooltip-format = "{ifname}: {ipaddr}/{cidr}"; + + on-click = "${pkgs.rofi-wayland}/bin/rofi -show wifi -modi 'wifi:${pkgs.rofi-iwd-wifi-menu}/bin/iwdrofimenu'"; + + format-ethernet = ""; + format-wifi = " {essid} ({signalStrength}%)"; + format-linked = ""; + format-disconnected = ""; + }; + + pulseaudio = { + scroll-step = 1; + on-click = "${pkgs.pavucontrol}/bin/pavucontrol"; + + format = "{format_source} {icon} {volume}%"; + format-bluetooth = "{format_source} {icon} {volume}%"; + format-bluetooth-muted = "{format_source} "; + format-muted = "{format_source} "; + format-source = ""; + format-source-muted = ""; + format-icons = { + headphone = ""; + phone = ""; + portable = ""; + car = ""; + default = ["" "" ""]; + }; + }; + + idle_inhibitor = { + format = "{icon}"; + format-icons = { + activated = ""; + deactivated = ""; + }; + }; + }]; + + style = '' + @keyframes blink { + to { + background: transparent; + color: #fff; + } + } + + * { + font-family: 'Noto Sans'; + font-size: 15px; + border: none; + border-radius: 0; + min-height: 0; + transition: none; + box-shadow: none; + } + + window#waybar { + /* background: linear-gradient(rgba(0, 0, 0, 0.5), rgba(0, 0, 0, 0)); */ + background: rgba(0, 0, 0, 0.5); + color: white; + border-bottom: 2px solid rgba(59, 135, 86, 0.5); + } + + #workspaces button.focused { + background: rgba(255, 255, 255, 0.1); + border-bottom: 3px solid rgb(74, 169, 108); + } + + #workspaces button:hover { + background: rgba(255, 255, 255, 0.06); + } + + #clock { + font-size: 16px; + font-family: 'Noto Mono', monospace; + } + + #disk, #memory, #cpu, #idle_inhibitor, #battery, #pulseaudio, #network { + padding: 0px 15px; + } + + #battery { + color: #a3be8c; + } + + #battery.charging { + color: #a3be8c; + } + + #battery.critical:not(.charging) { + background: rgba(245, 60, 60, 0.4); + color: #fff; + + border-radius: 15px; + margin: 6px; + + animation-name: blink; + animation-duration: 1s; + animation-timing-function: linear; + animation-iteration-count: infinite; + animation-direction: alternate; + } + ''; + + }; + }; + + }; + +}
diff --git a/configurations/nixos/configure/wlsunset.nix b/configurations/nixos/configure/wlsunset.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +{ + + home-manager.users.katja.services.wlsunset = { + enable = true; + latitude = "8.26"; + longitude = "49.01"; + temperature = { + night = 3000; + day = 4500; + }; + }; + +}
diff --git a/configurations/nixos/default.nix b/configurations/nixos/default.nix @@ -0,0 +1,156 @@ +{ inputs, config, ctucxConfig, lib, pkgs, ... }@args: + +let + katja-pubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIHFm/bePR+HT5MAuMslUHt68nTrEhlqcKIS+9Rfi9FzRKAia/DdLbwpfC1iXuM+iQd8fIMp4Ir+kBMqoZaVzyCtqKH6QHbhwBiWIdMA7FndMbfDcO9BzUcqCAVt8HxcGd1Z4bE9ZgZZuIsJiPbqJ+QbK1rkY8uJLDVR2MXI5jpU/m+9RJzrwVZ6JxwjdY4cNaIYwoOW6ZxL+ukLRwy+spBWmWdcHeq6zeLsl/OjUV6WIh2pM9O0o9nsiDekhOBf2MJLlM+e8rWICwYsfLqGAeRAuDe03BFBXsbDg/lqTYB5G8XSaT2R8ty2RyeEBySS32pUyErdKVXnyHNBEvxC6+cJiZtL8rhkpU1qRg/MIUjprMVUWisMlYnai2K0VpNpc5w09YXQl7aXSge8L/5+IzugPj17+FK4FVwRptXxynnYeKiwWEsOiiFe3IVaQ6vyRN66fbMjx/d0JSfadbwV7L++aT85bsb05zhNDpaqK1I5sGs3uV3CglkmhxBmky67Eq/qkMlJZMVtgE7i88H8+XzTiofJaKYTeyq+XQnK6a6OVGyca2dEorBFmBTEtz70nQnSrhPqQrS4zgr4OTSFtUtdFVDzgHaxRC+y4/SP5zCA8Xfwp0q1M0jVE9XpVpGydXtGGV08uXOsDPv5E4euxq6qgv8d2azDeBHXp+kEHm4w== (none)"; + +in { + + imports = [ + ctucxConfig.common + ]; + + age.secrets.katja-systempassword.file = ../../secrets/passwords/katja.age; + age.secrets.acmeTSIGKey.file = ./. + "/../../secrets/${config.networking.hostName}/acme-tsig-key.age"; + + deployment = { + buildOnTarget = lib.mkDefault false; + targetUser = lib.mkDefault "root"; + targetHost = lib.mkDefault config.networking.fqdn; + targetPort = lib.mkDefault (lib.head config.services.openssh.ports); + }; + + system = { + nixos.revision = lib.mkIf (inputs.nixpkgs.sourceInfo ? rev) inputs.nixpkgs.sourceInfo.rev; + nixos.versionSuffix = ".${lib.substring 0 8 (inputs.nixpkgs.sourceInfo.lastModifiedDate or inputs.nixpkgs.sourceInfo.lastModified or "19700101")}.${inputs.nixpkgs.sourceInfo.shortRev or "dirty"}"; + # thanks piegames (https://git.darmstadt.ccc.de/piegames/home-config/-/blob/master/modules/generic.nix#L84) + activationScripts.diff = { + supportsDryActivation = true; + text = '' + ${pkgs.nvd}/bin/nvd --color=always --nix-bin-dir=${pkgs.nix}/bin diff "$(readlink /run/current-system)" "$systemConfig" + # Ignore "failures" because these tools have weird exit codes + ${pkgs.colordiff}/bin/colordiff --nobanner --fakeexitcode --color=always -ur -I '\/nix\/store' \ + -- "$(readlink /run/current-system)/activate" "$systemConfig/activate" | ${pkgs.gnugrep}/bin/grep -v "^Binary files" || true + ${pkgs.colordiff}/bin/colordiff --nobanner --fakeexitcode --color=always -ur -I '\/nix\/store' \ + -x "os-release" -x "issue" \ + -- "$(readlink /run/current-system)/etc" "$systemConfig/etc" | ${pkgs.gnugrep}/bin/grep -v "^Binary files" || true + ${pkgs.colordiff}/bin/colordiff --nobanner --fakeexitcode --color=always -ur -I '\/nix\/store' \ + -x "environment.d" \ + -x "hwdb.d" \ + -- "$(readlink /run/current-system)/systemd" "$systemConfig/systemd" | ${pkgs.gnugrep}/bin/grep -v "^Binary files" || true + ''; + }; + }; + + networking.hostName = lib.mkDefault args.name; + networking.domain = lib.mkDefault "ctu.cx"; + + i18n.defaultLocale = "en_US.UTF-8"; + i18n.supportedLocales = ["de_DE.UTF-8/UTF-8" "en_US.UTF-8/UTF-8"]; + + systemd.services.nginx.onFailure = [ "email-notify@%i.service" ]; + + nix = { + channel.enable = false; + + settings.auto-optimise-store = true; + + daemonCPUSchedPolicy = lib.mkDefault "idle"; + daemonIOSchedClass = lib.mkDefault "idle"; + + optimise.automatic = lib.mkDefault true; + optimise.dates = [ "12:00" "15:00" "18:00" "21:00" ]; + + gc.automatic = lib.mkDefault true; + gc.options = "--delete-older-than 3d"; + gc.dates = "18:00"; + }; + + + services = { + timesyncd.enable = true; + fstrim.enable = true; + vnstat.enable = true; + vnstati.enable = (lib.mkDefault (if (config.networking.primaryIP != "") || (config.networking.primaryIP4 != "") then true else false)); + + journald.extraConfig = "SystemMaxUse=1G"; + + logind.killUserProcesses = true; + + nginx = { + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + commonHttpConfig = '' + server_names_hash_bucket_size 64; + charset utf-8; + + access_log off; + ''; + virtualHosts.default = { + default = true; + rejectSSL = true; + }; + }; + + openssh = { + enable = true; + startWhenNeeded = true; + ports = [ 22 ]; + extraConfig = "StreamLocalBindUnlink yes"; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "without-password"; + }; + }; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = "letsencrypt@ctu.cx"; + keyType = "ec384"; + dnsProvider = "rfc2136"; + environmentFile = pkgs.writeText "acme-dns-env" '' + RFC2136_NAMESERVER=ns1.ctu.cx + RFC2136_TSIG_KEY=acme-nix-${config.networking.hostName} + RFC2136_TSIG_ALGORITHM=hmac-sha384. + ''; + credentialFiles = { + RFC2136_TSIG_SECRET_FILE = config.age.secrets.acmeTSIGKey.path; + }; + }; + certs."${config.networking.hostName}.${config.networking.domain}" = { + group = "nginx"; + extraDomainNames = ( + config.services.nginx.virtualHosts + |> lib.mapAttrsToList (key: config: [ (if config ? serverAliases then config.serverAliases else []) key ]) + |> lib.flatten + |> builtins.filter (val: val != "default") + ); + }; + }; + + users.mutableUsers = false; + users.users = { + root.openssh.authorizedKeys.keys = [ katja-pubkey ]; + katja = { + isNormalUser = true; + hashedPasswordFile = config.age.secrets.katja-systempassword.path; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + openssh.authorizedKeys.keys = [ katja-pubkey ]; + }; + + }; + + home-manager.users.katja = { + home.language = { + "base" = "en_US.UTF-8"; + "time" = "de_DE.utf8"; + "address" = "de_DE.utf8"; + "monetary" = "de_DE.utf8"; + "paper" = "de_DE.utf8"; + }; + }; + +}
diff --git a/configurations/nixos/programs/alacritty.nix b/configurations/nixos/programs/alacritty.nix @@ -0,0 +1,62 @@ +{ config, pkgs, lib, ... }: + +{ + + home-manager.users.katja = { + + home.sessionVariables = { + TERMINAL = "alacritty"; + }; + + programs = { + alacritty = { + enable = true; + settings = { + window.opacity = 0.9; + + font = { + size = 12.0; + normal.family = "DejaVu Sans Mono"; + }; + + colors = { + primary = { + background = "0x000000"; + foreground = "0xeaeaea"; + }; + + normal = { + black = "0x6c6c6c"; + red = "0xe9897c"; + green = "0xb6e77d"; + yellow = "0xecebbe"; + blue = "0xa9cdeb"; + magenta = "0xea96eb"; + cyan = "0xc9caec"; + white = "0xf2f2f2"; + }; + + bright = { + black = "0x747474"; + red = "0xf99286"; + green = "0xc3f786"; + yellow = "0xfcfbcc"; + blue = "0xb6defb"; + magenta = "0xfba1fb"; + cyan = "0xd7d9fc"; + white = "0xe2e2e2"; + }; + }; + }; + }; + }; + + wayland.windowManager.sway = { + config.terminal = "${pkgs.alacritty}/bin/alacritty"; + extraConfig = '' + exec swaymsg 'workspace 3: Term; exec ${pkgs.alacritty}/bin/alacritty; exec ${pkgs.alacritty}/bin/alacritty; workspace 1: Web;' + ''; + }; + }; + +}
diff --git a/configurations/nixos/programs/ausweisapp.nix b/configurations/nixos/programs/ausweisapp.nix @@ -0,0 +1,13 @@ +{ config, pkgs, lib, ... }: + +{ + + networking.firewall.allowedUDPPorts = [ 24727 ]; + + home-manager.users.katja = { + home.packages = with pkgs; [ + AusweisApp2 + ]; + }; + +}
diff --git a/configurations/nixos/programs/ddcutil.nix b/configurations/nixos/programs/ddcutil.nix @@ -0,0 +1,20 @@ +{ config, pkgs, lib, ... }: + +{ + + boot.kernelModules = [ "i2c-dev" ]; + + security.sudo.extraRules= [{ + users = [ "katja" ]; + commands = [ + { command = "${pkgs.ddcutil}/bin/ddcutil" ; + options= [ "NOPASSWD" ]; + } + ]; + }]; + + home-manager.users.katja = { + home.packages = [ pkgs.ddcutil ]; + }; + +}
diff --git a/configurations/nixos/programs/firefox.nix b/configurations/nixos/programs/firefox.nix @@ -0,0 +1,244 @@ +{ inputs, config, pkgs, lib, ... }: + +{ + + home-manager.users.katja = { + home = { + packages = [ + pkgs.firefoxpwa + ]; + sessionVariables = { + BROWSER = "firefox"; + }; + + file."firefox-gnome-theme" = { + source = inputs.firefoxGnomeTheme; + target = ".mozilla/firefox/katja/chrome/firefox-gnome-theme"; + }; + }; + + programs = { + firefox = { + enable = true; + package = pkgs.firefox; + nativeMessagingHosts = [ pkgs.ff2mpv-rust ]; + + profiles.katja = { + id = 0; + isDefault = true; + + settings = { + # required for firefox-gnome-theme + "browser.toolbars.bookmarks.visibility" = "never"; + "browser.tabs.drawInTitlebar" = true; + "browser.theme.dark-private-windows" = false; + "browser.uidensity" = 0; + "svg.context-properties.content.enabled" = true; + "toolkit.legacyUserProfileCustomizations.stylesheets" = true; + }; + + userChrome = '' + @import "firefox-gnome-theme/userChrome.css"; + ''; + + userContent = '' + @import "firefox-gnome-theme/userContent.css"; + ''; + + search.force = true; # Required to prevent search engine symlink being overwritten. See https://github.com/nix-community/home-manager/issues/3698 + search.engines = { + "Noogle" = { + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@noogle" ]; + urls = [{ template = "https://noogle.dev/q?term={searchTerms}"; }]; + }; + + "NixOS Options" = { + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@nixos" ]; + urls = [{ template = "https://search.nixos.org/options?query={searchTerms}"; }]; + }; + + "Nix Packages" = { + icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + definedAliases = [ "@nixpkgs" ]; + urls = [{ template = "https://search.nixos.org/packages?query={searchTerms}"; }]; + }; + }; + }; + + policies = { + # disable tracking bullshit + DisableTelemetry = true; + DisablePocket = true; + + # disable password manager + PasswordManagerEnabled = false; + OfferToSaveLogins = false; + PrimaryPassword = false; + AutofillCreditCardEnabled = false; + + # disable bookmark-toolbar + NoDefaultBookmarks = true; + DisplayBookmarksToolbar = "never"; + + Homepage.StartPage = "previous-session"; + Homepage.Locked = true; + + # disable DoH + DNSOverHTTPS.Enabled = false; + DNSOverHTTPS.Locked = true; + + # enable tracking protection + EnableTrackingProtection.Cryptomining = true; + EnableTrackingProtection.Fingerprinting = true; + EnableTrackingProtection.Value = true; + EnableTrackingProtection.Locked = true; + + UserMessaging.ExtensionRecommendations = false; + UserMessaging.FeatureRecommendations = false; + UserMessaging.UrlbarInterventions = false; + UserMessaging.SkipOnboarding = true; + UserMessaging.MoreFromMozilla = false; + UserMessaging.FirefoxLabs = false; + UserMessaging.Locked = true; + + Handlers.schemes.dbnav = { + action = "useHelperApp"; + ask = true; + handlers = [{ + name = "VDV PKPass DB Navigator Hook"; + path = pkgs.writeShellScript "db-hook" '' + #!/usr/bin/env bash + + if [[ "$1" == "dbnav:"* ]]; then + url=$(echo -n $1 | base64) + xdg-open "https://vdv-pkpass.magicalcodewit.ch/account/db_login/callback?url=$url" + else + xdg-open "$1" + fi + ''; + }]; + }; + + Preferences = { + "browser.uiCustomization.state".Status = "default"; + "browser.uiCustomization.state".Value = builtins.toJSON { + currentVersion = 21; + newElementCount = 7; + seen = []; + dirtyAreaCache = []; + placements = { + widget-overflow-fixed-list = []; + toolbar-menubar = [ "menubar-items" ]; + vertical-tabs = []; + PersonalToolbar = []; + unified-extensions-area = []; + nav-bar = [ + "back-button" + "forward-button" + "vertical-spacer" + "stop-reload-button" + "urlbar-container" + "downloads-button" + "_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action" + "ublock0_raymondhill_net-browser-action" + "unified-extensions-button" + ]; + TabsToolbar = [ "tabbrowser-tabs" "new-tab-button" ]; + }; + }; + } // ({ + # disable some password-manager/autofill features + "signon.generation.enabled" = false; + "signon.autofillForms" = false; + "signon.firefoxRelay.feature" = "disabled"; + "signon.management.page.breach-alerts.enabled" = false; + + # ask websites to not share or sell data + "privacy.globalprivacycontrol.enabled" = true; + + # disable warning on `abou:config` + "browser.aboutConfig.showWarning" = false; + + # disable telemetry stuff + "browser.ping-centre.telemetry" = false; + "browser.topsites.contile.enabled" = false; + "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; + + # disable trending search suggestions + "browser.urlbar.suggest.trending" = false; + + # disable 'fancy' newtab page bullshit with tons of tracking and ads + "browser.startup.homepage" = "chrome://browser/content/blanktab.html"; + "browser.newtabpage.enabled" = false; + "browser.newtabpage.activity-stream.telemetry" = false; + "browser.newtabpage.activity-stream.showSearch" = false; + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + "browser.newtabpage.activity-stream.feeds.telemetry" = false; + "browser.newtabpage.activity-stream.feeds.topsites" = false; + "browser.newtabpage.activity-stream.feeds.snippets" = false; + "browser.newtabpage.activity-stream.feeds.system.topsites" = false; + "browser.newtabpage.activity-stream.feeds.section.highlights" = false; + "browser.newtabpage.activity-stream.section.highlights.includePocket" = false; + "browser.newtabpage.activity-stream.section.highlights.includeBookmarks" = false; + "browser.newtabpage.activity-stream.section.highlights.includeDownloads" = false; + "browser.newtabpage.activity-stream.section.highlights.includeVisited" = false; + } |> lib.mapAttrs (name: value: { + Status = "locked"; + Value = value; + })); + + ExtensionSettings = ([ + [ "navbar" "{446900e4-71c2-419f-a6a7-df9c091e268b}" ] # Bitwarden Password Manager + [ "navbar" "uBlock0@raymondhill.net" ] # uBlock Origin + [ "menupanel" "@ublacklist" ] # uBlacklist + [ "menupanel" "@contain-facebook" ] # Facebook Container + [ "menupanel" "@contain-google" ] # Google Container + [ "menupanel" "containerise@kinte.sh" ] # Containerise + [ "menupanel" "{12cf650b-1822-40aa-bff0-996df6948878}" ] # cookies.txt + [ "menupanel" "@testpilot-containers" ] # Firefox Multi-Account Containers + [ "menupanel" "{252ee273-8c8d-4609-b54d-62ae345be0a1}" ] # IndicateTLS + [ "menupanel" "ipvfoo@pmarks.net" ] # IPvFoo + [ "menupanel" "{e9090647-32ff-48e4-9c3c-1361e8fd270e}" ] # Modern for Wikipedia + [ "menupanel" "sponsorBlocker@ajay.app" ] # SponsorBlock for YouTube - Skip Sponsorships + [ "menupanel" "de-DE@dictionaries.addons.mozilla.org" ] # German Dictionary + ] |> lib.map (config: { name = (lib.elemAt config 1); value = { + installation_mode = "normal_installed"; + default_area = (lib.elemAt config 0); + install_url = "https://addons.mozilla.org/firefox/downloads/latest/${lib.elemAt config 1}/latest.xpi"; + }; }) |> lib.listToAttrs); + }; + }; + }; + + wayland.windowManager.sway.config.startup = [ + { command = "firefox"; } + ]; + + xdg = { + enable = true; + mime.enable = true; + + #force hm to override existing mimeapps.list file + configFile."mimeapps.list".force = true; + + mimeApps = { + enable = true; + defaultApplications = { + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/chrome" = "firefox.desktop"; + + "image/svg+xml" = "firefox.desktop"; + + "text/html" = "firefox.desktop"; + "text/xml" = "firefox.desktop"; + }; + }; + }; + + }; + +}
diff --git a/configurations/nixos/programs/fractal.nix b/configurations/nixos/programs/fractal.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: + +{ + + home-manager.users.katja = { + home.packages = [ pkgs.fractal ]; + }; + +}+ \ No newline at end of file
diff --git a/configurations/nixos/programs/imv.nix b/configurations/nixos/programs/imv.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: + +{ + + home-manager.users.katja = { + home.packages = [ pkgs.imv ]; + + xdg.desktopEntries = { + imv-folder = { + name = "imv (Folder)"; + settings = { + NoDisplay = "true"; + }; + }; + }; + }; + +}
diff --git a/configurations/nixos/programs/libreoffice.nix b/configurations/nixos/programs/libreoffice.nix @@ -0,0 +1,40 @@ +{ config, pkgs, lib, ... }: + +{ + + home-manager.users.katja = { + + home.packages = [ pkgs.libreoffice-fresh ]; + + xdg.desktopEntries = { + impress = { + name = "LibreOffice Impress"; + settings = { + NoDisplay = "true"; + }; + }; + + math = { + name = "LibreOffice Math"; + settings = { + NoDisplay = "true"; + }; + }; + + base = { + name = "LibreOffice Base"; + settings = { + NoDisplay = "true"; + }; + }; + + draw = { + name = "LibreOffice Draw"; + settings = { + NoDisplay = "true"; + }; + }; + }; + }; + +}
diff --git a/configurations/nixos/programs/mpv.nix b/configurations/nixos/programs/mpv.nix @@ -0,0 +1,31 @@ +{ config, pkgs, lib, ... }: + +{ + + home-manager.users.katja = { + home.packages = lib.mkIf config.wm.gnome.enable [ + pkgs.celluloid + ]; + + programs = lib.mkIf (config.wm.gnome.enable != true) { + mpv = { + enable = true; + scripts = [ + pkgs.mpvScripts.mpris + ]; + }; + }; + + xdg = lib.mkIf (config.wm.gnome.enable != true) { + desktopEntries = { + umpv = { + name = "umpv Media Player"; + settings = { + NoDisplay = "true"; + }; + }; + }; + }; + }; + +}
diff --git a/configurations/nixos/programs/paper-plane.nix b/configurations/nixos/programs/paper-plane.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: + +{ + + home-manager.users.katja = { + home.packages = [ pkgs.paper-plane ]; + }; + +}+ \ No newline at end of file
diff --git a/configurations/nixos/programs/sway.nix b/configurations/nixos/programs/sway.nix @@ -0,0 +1,234 @@ +{ config, pkgs, lib, ... }: + +{ + + nixpkgs.overlays = [(self: super: { + xsel = super.wl-clipboard-x11; + xclip = super.wl-clipboard-x11; + + wlroots = super.wlroots.overrideAttrs (old: { + mesonFlags = (old.mesonFlags or []) ++ [ + "-Dxwayland=disabled" + ]; + }); + + sway-unwrapped = super.sway-unwrapped.overrideAttrs (old: { + mesonFlags = (old.mesonFlags or []) ++ [ + "-Dxwayland=disabled" + ]; + }); + })]; + + xdg.portal = { + config.common.default = [ "wlr" ]; + wlr.enable = true; + }; + + home-manager.users.katja = { + home.packages = with pkgs; [ qt5.qtwayland wl-clipboard ]; + + programs.bash.initExtra = '' + if [ "$(tty)" = "/dev/tty1" ]; then + exec sway + fi + ''; + + wayland.windowManager.sway = let + cfg = config.home-manager.users.katja.wayland.windowManager.sway; + modifier = cfg.config.modifier; + + in { + enable = true; + systemd.enable = true; + + xwayland = false; + wrapperFeatures.gtk = true; + + extraSessionCommands = '' + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_FORCE_DPI=physical + export QT_WAYLAND_DISABLE_WINDOWDECORATION=1 + + export _JAVA_AWT_WM_NONREPARENTING=1 + + # be careful with those, they *will* break some applications + export SDL_VIDEODRIVER=wayland + export GDK_BACKEND=wayland + ''; + + extraConfig = '' + # Import the most important environment variables into the D-Bus and systemd + # user environments (e.g. required for screen sharing and Pinentry prompts): + exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP + ''; + + config = { + fonts = { + names = [ "Noto Sans Mono" "FontAwesome5Free" ]; + style = ""; + size = 11.0; + }; + + colors = { + focused = { + background = "#3b8756"; + border = "#3b8756"; + childBorder = "#3b8756"; + text = "#eceff4"; + indicator = "#8fbcbb"; + }; + }; + + window = { + titlebar = false; + hideEdgeBorders = "smart"; + border = 5; + }; + + input = { + + "*" = { + xkb_layout = "us,ru,de"; + xkb_variant = "mac,mac,qwerty"; + xkb_options = "grp:alt_shift_toggle"; + natural_scroll = "enabled"; + }; + + "1046:9110:Goodix_Capacitive_TouchScreen" = { + map_to_output = "DSI-1"; + }; + + "1452:613:Apple_Inc._Magic_Trackpad_2" = { + accel_profile = "adaptive"; + }; + + }; + + output = { + + "DSI-1" = { + transform = "90"; + scale = "1.2"; + }; + + "*" = { +# bg = "~/Pictures/photos.ctu.cx/Bahnbilder/2019.06/20190622-153441.jpg fill"; + scale = lib.mkDefault "1"; + }; + + }; + + assigns = { + "1: Web" = [{ app_id = "firefox"; }]; + "2: Mail" = [{ app_id = "thunderbird"; }]; + }; + + bars = []; + + modifier = "Mod4"; + + workspaceAutoBackAndForth = true; + + keybindings = { + "${modifier}+Return" = "exec ${cfg.config.terminal}"; + "${modifier}+Space" = "exec ${pkgs.wofi}/bin/wofi --style ${./wofi/style.css} --conf ${./wofi/config} --show drun"; + "${modifier}+l" = "exec ${pkgs.systemd}/bin/loginctl lock-session"; + "${modifier}+z" = "exec sleep 1 && systemctl suspend"; + "${modifier}+Tab" = "exec ${pkgs.rofi-wayland}/bin/rofi -show wifi -modi 'wifi:${pkgs.rofi-iwd-wifi-menu}/bin/iwdrofimenu'"; + + + "${modifier}+Control+Print" = "exec ${pkgs.grim}/bin/grim ~/Pictures/Screenshots/$(date +\"%Y-%m-%d_%H:%m:%S\").png"; + "${modifier}+Control+Shift+Print" = "exec ${pkgs.grim}/bin/grim - | ${pkgs.wl-clipboard}/bin/wl-copy -t image/png"; + "${modifier}+Print" = "exec ${pkgs.grim}/bin/grim -g \"$(${pkgs.slurp}/bin/slurp)\" ~/Pictures/Screenshots/$(date +\"%Y-%m-%d_%H:%m:%S\").png"; + "${modifier}+Shift+Print" = "exec ${pkgs.grim}/bin/grim -g \"$(${pkgs.slurp}/bin/slurp)\" - | ${pkgs.wl-clipboard}/bin/wl-copy -t image/png"; + + "XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s +5%"; + "XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl s 5%-"; + + "XF86AudioRaiseVolume" = "exec ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%"; + "XF86AudioLowerVolume" = "exec ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "XF86AudioMute" = "exec ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle"; + "XF86AudioMicMute" = "exec ${pkgs.pulseaudio}/bin/pactl set-source-mute @DEFAULT_SOURCE@ toggle"; + + "XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause"; + "XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next"; + "XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous"; + + "${modifier}+Shift+e" = "exec swaynag -t warning -m 'Do you really want to exit sway?' -b 'Yep' 'swaymsg exit'"; + + "${modifier}+q" = "kill"; + + "${modifier}+Shift+c" = "reload"; + + "${modifier}+Left" = "focus left"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; + "${modifier}+Right" = "focus right"; + "${modifier}+a" = "focus parent"; + + + "${modifier}+Shift+Left" = "move left"; + "${modifier}+Shift+Down" = "move down"; + "${modifier}+Shift+Up" = "move up"; + "${modifier}+Shift+Right" = "move right"; + + "${modifier}+1" = "workspace 1: Web"; + "${modifier}+2" = "workspace 2: Mail"; + "${modifier}+3" = "workspace 3: Term; layout tabbed"; + "${modifier}+4" = "workspace 4: Files"; + "${modifier}+5" = "workspace number 5"; + "${modifier}+6" = "workspace number 6"; + "${modifier}+7" = "workspace number 7"; + "${modifier}+8" = "workspace number 8"; + "${modifier}+9" = "workspace number 9"; + "${modifier}+0" = "workspace number 10"; + + "${modifier}+Shift+1" = "move container to workspace 1: Web"; + "${modifier}+Shift+2" = "move container to workspace 2: Mail"; + "${modifier}+Shift+3" = "move container to workspace 3: Term"; + "${modifier}+Shift+4" = "move container to workspace 4: Files"; + "${modifier}+Shift+5" = "move container to workspace number 5"; + "${modifier}+Shift+6" = "move container to workspace number 6"; + "${modifier}+Shift+7" = "move container to workspace number 7"; + "${modifier}+Shift+8" = "move container to workspace number 8"; + "${modifier}+Shift+9" = "move container to workspace number 9"; + "${modifier}+Shift+0" = "move container to workspace number 10"; + + "${modifier}+s" = "layout stacking"; + "${modifier}+w" = "layout tabbed"; + "${modifier}+e" = "layout toggle split"; + + "${modifier}+f" = "fullscreen"; + + "${modifier}+r" = "mode \"resize\""; + "${modifier}+b" = "mode \"waybar\""; + + "${modifier}+Shift+space" = "floating toggle"; + }; + + modes = { + "resize" = { + "Right" = "resize shrink width 10px"; + "Left" = "resize grow width 10px"; + "Down" = "resize shrink height 10px"; + "Up" = "resize grow height 10px"; + + "Return" = "mode \"default\""; + "Escape" = "mode \"default\""; + "${modifier}+r" = "mode \"default\""; + }; + + "waybar" = { + "space" = "exec pkill -SIGUSR1 waybar"; + "r" = "exec pkill -SIGUSR2 waybar"; + + "Return" = "mode \"default\""; + "Escape" = "mode \"default\""; + "${modifier}+r" = "mode \"default\""; + }; + }; + }; + }; + }; + +}
diff --git a/configurations/nixos/programs/thunar.nix b/configurations/nixos/programs/thunar.nix @@ -0,0 +1,35 @@ +{ config, pkgs, lib, ... }: + +{ + + ctucxConfig.configure.gvfs = true; + + services.tumbler.enable = true; + + home-manager.users.katja = { + home.packages = with pkgs; [ xfce.thunar ]; + + xdg = { + desktopEntries = { + thunar-bulk-rename = { + name = "Bulk Rename"; + settings = { + NoDisplay = "true"; + }; + }; + + thunar-settings = { + name = "Thunar settings"; + settings = { + NoDisplay = "true"; + }; + }; + }; + }; + + wayland.windowManager.sway.extraConfig = '' + exec swaymsg 'workspace 4: Files; exec thunar; workspace 1: Web;' + ''; + }; + +}
diff --git a/configurations/nixos/programs/thunderbird.nix b/configurations/nixos/programs/thunderbird.nix @@ -0,0 +1,47 @@ +{ config, pkgs, lib, ... }: + +{ + + home-manager.users.katja = { + home.packages = with pkgs; [ thunderbird ]; + + systemd.user.services.thunderbird = lib.mkIf config.home-manager.users.katja.wayland.windowManager.sway.enable { + Unit = { + After = [ "graphical-session-pre.target" ]; + PartOf = [ "graphical-session.target" ]; + }; + + Service = { + Environment = "PATH=/run/wrappers/bin:/home/katja/.nix-profile/bin:/etc/profiles/per-user/katja/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin"; + ExecStart = "${pkgs.thunderbird}/bin/thunderbird"; + Restart = "always"; + RestartSec = 5; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + }; + + wayland.windowManager.sway.config.startup = [ + { always = true; command = "systemctl --user restart thunderbird"; } + ]; + + xdg = { + enable = true; + mime.enable = true; + + #force hm to override existing mimeapps.list file + configFile."mimeapps.list".force = true; + + mimeApps = { + enable = true; + defaultApplications = { + "x-scheme-handler/mailto" = "thunderbird.desktop"; + }; + }; + }; + + }; + +}
diff --git a/configurations/nixos/programs/tuba.nix b/configurations/nixos/programs/tuba.nix @@ -0,0 +1,19 @@ +{ inputs, pkgs, ... }: + +{ + + home-manager.users.katja = { + home.packages = [ pkgs.tuba ]; + + dconf.settings = with inputs.home-manager.lib.hm.gvariant; { + "dev/geopjr/Tuba" = { + work-in-background = true; + dim-trivial-notifications = true; + group-push-notifications = true; + reply-to-old-post-reminder = false; + show-spoilers = true; + }; + }; + }; + +}
diff --git a/configurations/nixos/programs/zathura.nix b/configurations/nixos/programs/zathura.nix @@ -0,0 +1,9 @@ +{ config, pkgs, lib, ... }: + +{ + + home-manager.users.katja = { + home.packages = [ pkgs.zathura ]; + }; + +}
diff --git a/configurations/nixos/services/dns-server.nix b/configurations/nixos/services/dns-server.nix @@ -0,0 +1,189 @@ +{ currentSystem, nodes, config, lib, pkgs, ...}: + +let + acmeZone = "acme.ctu.cx"; + + generateACMERecord = recordName: ( + (builtins.hashString "sha1" recordName) + ".${acmeZone}." + ); + + nodesWithACMERecords = ( + nodes + |> lib.filterAttrs (hostName: nodeCfg: nodeCfg.config.security.acme.certs != {}) + ); + + getAllDomainsPerNode = hostName: ( + nodes.${hostName}.config.security.acme.certs + |> lib.mapAttrsToList (domain: cfg: [ domain ] ++ cfg.extraDomainNames) + |> lib.flatten + ); + + getACMERecordsPerNode = hostName: ( + hostName + |> getAllDomainsPerNode + |> builtins.map (recordName: (generateACMERecord recordName)) + ); + + generateACMERecordsPerZone = zoneName: ( + nodesWithACMERecords + |> lib.mapAttrsToList (hostName: _: (getAllDomainsPerNode hostName)) + |> lib.flatten + |> builtins.filter (lib.hasSuffix zoneName) + |> builtins.map (recordName: { + name = "_acme-challenge${if zoneName != recordName then "." else ""}${lib.removeSuffix "${if zoneName != recordName then "." else ""}${zoneName}" recordName}"; + value = { + CNAME = [ (generateACMERecord recordName) ]; + }; + }) + |> builtins.listToAttrs + ); + +in { + + deployment.tags = [ "dnsServer" ]; + + age.secrets = lib.mkIf config.dns.primary { + knotKeys = { + file = ./. + "/../../../secrets/${config.networking.hostName}/knot-keys.age"; + owner = "knot"; + group = "knot"; + }; + }; + + systemd.tmpfiles.settings.knotExtraZones = lib.mkIf config.dns.primary { + "${config.dns.dataDir}/extraZones".d = { + group = "knot"; + user = "knot"; + mode = "770"; + age = "-"; + }; + + "${config.dns.dataDir}/extraZones/${acmeZone}.zone"."f~" = { + group = "knot"; + user = "knot"; + mode = "770"; + age = "-"; + argument = pkgs.toBase64 ( + pkgs.dns.lib.types.zoneToString acmeZone (pkgs.dns.lib.evalZone acmeZone (with pkgs.dns.lib.combinators; { + NS = [ "ns1.ctu.cx." "ns2.ctu.cx." ]; + SOA = { + nameServer = "ns1.ctu.cx."; + adminEmail = "dns@ctu.cx"; # Email address with a real `@`! + serial = 0; + }; + })) + ); + }; + }; + + dns = { + enable = lib.mkDefault (builtins.elem "dnsServer" config.deployment.tags); + primary = lib.mkDefault (config.networking.hostName == "hector"); + keyFiles = lib.mkIf config.dns.primary [ config.age.secrets.knotKeys.path ]; + extraZones = lib.mkIf config.dns.primary { + "${acmeZone}" = { + storage = "${config.dns.dataDir}/extraZones"; + file = "${acmeZone}.zone"; + + zonefile-sync = 0; + zonefile-load = "difference-no-serial"; + + journal-content = "all"; + + acl = ( + nodesWithACMERecords + |> lib.mapAttrsToList (hostName: _: "acme-nix-${hostName}") + ); + }; + }; + + extraACL = lib.mkIf config.dns.primary ( + nodesWithACMERecords + |> lib.mapAttrs' (hostName: _: { + name = "acme-nix-${hostName}"; + value = { + key = [ "acme-nix-${hostName}" ]; + action = "update"; + update-owner = "name"; + update-owner-match = "equal"; + update-owner-name = getACMERecordsPerNode hostName; + }; + }) + ); + + allZones = with pkgs.dns.lib.combinators; let + CAA = [ { issuerCritical = false; tag = "issue"; value = "letsencrypt.org"; } ]; + NS = [ "ns1.ctu.cx." "ns2.ctu.cx." ]; + SOA = { + nameServer = "ns1.ctu.cx."; + adminEmail = "dns@ctu.cx"; # Email address with a real `@`! + serial = 0; + }; + + in { + "ctu.cx" = { + inherit SOA NS CAA; + + subdomains = { + ns1 = (host nodes.hector.config.networking.primaryIP4 nodes.hector.config.networking.primaryIP); + ns2 = (host nodes.wanderduene.config.networking.primaryIP4 nodes.wanderduene.config.networking.primaryIP); + + "acme".NS = [ "ns1" "ns2" ]; + + _atproto.TXT = [ "did=did:plc:zaeuok3fmh2pcp4cjiicku4i" ]; + test.TXT = [ "test uwu"]; + } // (generateACMERecordsPerZone "ctu.cx"); + }; + + "wifionic.de" = { + inherit SOA NS CAA; + + subdomains = generateACMERecordsPerZone "wifionic.de"; + }; + + "trans-agenda.de" = { + inherit SOA NS CAA; + + subdomains = generateACMERecordsPerZone "trans-agenda.de"; + }; + + "katja.wtf" = { + inherit SOA NS CAA; + + subdomains = generateACMERecordsPerZone "katja.wtf"; + }; + + "ctucx.de" = { + inherit SOA NS CAA; + + subdomains = generateACMERecordsPerZone "ctucx.de"; + }; + + "zuggeschmack.de" = { + inherit SOA NS CAA; + + subdomains = generateACMERecordsPerZone "zuggeschmack.de"; + }; + + "thein.ovh" = { + inherit SOA NS CAA; + + subdomains = generateACMERecordsPerZone "thein.ovh"; + }; + + "flauschehorn.sexy" = { + inherit SOA NS CAA; + + MX = with mx; [ (mx 10 "rx300.kunbox.net.") ]; + TXT = [ "v=spf1 mx ~all" ]; + + subdomains = { + _dmarc.TXT = [ "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" ]; + "mail._domainkey".TXT = [ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnh5Ym9PO7r+wdOIKfopvHzn3KU3qT6IlCG/gvvbmIqoeFQfRbAe3gQmcG6RcLue55cJQGhI6y2r0lm59ZeoHR40aM+VabAOlplekM7xWmoXb/9vG2OZLIqAyF4I+7GQmTN6B9keBHp9SWtDUkI0B0G9neZ5MkXJP705M0duxritqQlb4YvCZwteHiyckKcg9aE9j+GF2EEawBoVDpoveoB3+wgde3lWEUjjwKFtXNXxuN354o6jgXgPNWtIEdPMLfK/o0CaCjZNlzaLTsTegY/+67hdHFqDmm8zXO9s+Xiyfq7CVq21t7wDhQ2W1agj+up6lH82FMh5rZNxJ6XB0yQIDAQAB" ]; + } // (generateACMERecordsPerZone "flauschehorn.sexy"); + }; + + }; + }; + +}
diff --git a/configurations/nixos/services/prometheus-exporters.nix b/configurations/nixos/services/prometheus-exporters.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ...}: + +{ + + services = { + prometheus.exporters = { + node = { + enable = true; + listenAddress = "[::1]"; + port = 9100; + enabledCollectors = [ + "systemd" "processes" + ]; + }; + + systemd = { + enable = true; + listenAddress = "[::1]"; + port = 9558; + }; + + scaphandre = { + enable = (if (builtins.elem "intel_rapl_common" config.boot.kernelModules) then true else false); + user = "root"; + group = "root"; + listenAddress = "::1"; + port = 9080; + telemetryPath = "scaphandre-exporter"; + }; + }; + + nginx = { + enable = true; + virtualHosts."${config.networking.fqdn}" = { + useACMEHost = "${config.networking.hostName}.${config.networking.domain}"; + forceSSL = true; + kTLS = true; + locations."/node-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.node.listenAddress}:${toString config.services.prometheus.exporters.node.port}/metrics"; + locations."/systemd-exporter".proxyPass = "http://${toString config.services.prometheus.exporters.systemd.listenAddress}:${toString config.services.prometheus.exporters.systemd.port}/metrics"; + locations."/scaphandre-exporter".proxyPass = lib.mkIf config.services.prometheus.exporters.scaphandre.enable "http://[::1]:${toString config.services.prometheus.exporters.scaphandre.port}/scaphandre-exporter"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + +}
diff --git a/configurations/nixos/services/restic-server.nix b/configurations/nixos/services/restic-server.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ...}: + +{ + + deployment.tags = [ "resticServer" ]; + + age.secrets.restic-server-htpasswd = { + file = ./. + "/../../../secrets/${config.networking.hostName}/restic-server-htpasswd.age"; + owner = "nginx"; + }; + + dns.zones."ctu.cx".subdomains."restic.${config.networking.hostName}".CNAME = [ "${config.networking.hostName}.ctu.cx." ]; + + systemd.services.restic-rest-server.onFailure = [ "email-notify@%i.service" ]; + + services = { + restic.server = { + enable = true; + listenAddress = "[::1]:8000"; + appendOnly = true; + extraFlags = [ "--no-auth" ]; + dataDir = "/var/lib/restic"; + }; + + nginx = { + enable = true; + virtualHosts."restic.${config.networking.hostName}.ctu.cx" = { + useACMEHost = "${config.networking.hostName}.${config.networking.domain}"; + forceSSL = lib.mkDefault true; + kTLS = lib.mkDefault true; + locations."/" = { + proxyPass = "http://${toString config.services.restic.server.listenAddress}/"; + extraConfig = '' + client_max_body_size 10G; + auth_basic Auth; + auth_basic_user_file ${config.age.secrets.restic-server-htpasswd.path}; + ''; + }; + }; + }; + }; + +}
diff --git a/configurations/nixos/services/syncthing-nginx.nix b/configurations/nixos/services/syncthing-nginx.nix @@ -0,0 +1,30 @@ +{ config, ctucxConfig, lib, pkgs, ... }: + +{ + + imports = [ + ctucxConfig.services.syncthing + ] + + dns.zones."ctu.cx".subdomains."syncthing.${config.networking.hostName}".CNAME = [ "${config.networking.fqdn}." ]; + + systemd.services.syncthing.onFailure = [ "email-notify@%i.service" ]; + + services = { + syncthing = { + guiAddress = "[::1]:8384"; + settings.gui.insecureSkipHostcheck = true; + }; + + nginx = { + enable = true; + virtualHosts."syncthing.${config.networking.hostName}.ctu.cx" = { + useACMEHost = "${config.networking.hostName}.${config.networking.domain}"; + forceSSL = true; + kTLS = true; + locations."/".proxyPass = "http://${toString config.services.syncthing.guiAddress}"; + }; + }; + }; + +}
diff --git a/configurations/nixos/services/syncthing.nix b/configurations/nixos/services/syncthing.nix @@ -0,0 +1,38 @@ +{ inputs, ctucxConfig, config, pkgs, lib, ... }: + +let + syncthingConfig = import ctucxConfig.syncthing { inherit inputs pkgs config lib; }; + +in { + + age.secrets = { + syncthing-key = { + file = ../../../secrets + "/${config.networking.hostName}/syncthing/key.age"; + owner = "katja"; + }; + syncthing-cert = { + file = ../../../secrets + "/${config.networking.hostName}/syncthing/cert.age"; + owner = "katja"; + }; + }; + + systemd.services.syncthing.onFailure = [ "email-notify@%i.service" ]; + + services.syncthing = { + enable = true; + openDefaultPorts = true; + + user = "katja"; + group = "users"; + + key = lib.mkDefault config.age.secrets.syncthing-key.path; + cert = lib.mkDefault config.age.secrets.syncthing-cert.path; + + dataDir = lib.mkDefault "/home/katja"; + configDir = lib.mkDefault "/home/katja/.config/syncthing"; + + settings.devices = syncthingConfig.devices; + settings.folders = syncthingConfig.folders; + }; + +}
diff --git a/configurations/nixos/wm/gnome.nix b/configurations/nixos/wm/gnome.nix @@ -0,0 +1,281 @@ +{ inputs, config, ctucxConfig, lib, pkgs, homeManager, ... }: + +{ + + nixpkgs.overlays = [(final: prev: { + # patch gdm to automaticly select the first user + gnome-shell = prev.gnome-shell.overrideAttrs (prevAttrs: { + patches = prevAttrs.patches ++ [ ../../../pkgs/gdm-autoselect-user.patch ]; + }); + + # deactivate some backends + gnome-online-accounts = prev.gnome-online-accounts.overrideAttrs( prevAttrs: { + mesonFlags = prevAttrs.mesonFlags ++ [ "-Dexchange=false" "-Dgoogle=false" "-Dkerberos=false" "-Downcloud=false" "-Dwindows_live=false" "-Dms_graph=false" ]; + }); + })]; + + imports = [ + ctucxConfig.configure.mobile-device + ctucxConfig.configure.thunderbolt + ctucxConfig.configure.fonts + ctucxConfig.configure.xdg + ctucxConfig.configure.pipewire + + ctucxConfig.services.syncthing + + ctucxConfig.programs.ssh + ctucxConfig.programs.git + ctucxConfig.programs.gpg + + ctucxConfig.programs.yt-dlp + ctucxConfig.programs.ocrmypdf + ctucxConfig.programs.phockup + ctucxConfig.programs.bitwarden-cli + # ctucxConfig.programs.password-store + + ctucxConfig.programs.ddcutil + ctucxConfig.programs.bitwarden-cli + + ctucxConfig.programs.firefox + ctucxConfig.programs.thunderbird + + ctucxConfig.programs.fractal + ctucxConfig.programs.tuba + ctucxConfig.programs.paper-plane + + ctucxConfig.programs.libreoffice + ctucxConfig.programs.mpv + + ctucxConfig.programs.ausweisapp + ]; + + wm.gnome.enable = true; + wm.gnome.gdm.dconfSettings = { + "org/gnome/desktop/a11y" = { + always-show-universal-access-status = false; + }; + "org/gnome/login-screen" = { + banner-message-enable = true; + banner-message-text = "katja (fedi/mail: katja@ctu.cx)"; + }; + }; + + boot.plymouth.enable = true; + + hardware.bluetooth.settings = { + General.Experimental = true; + }; + + users.users.katja.extraGroups = [ "dialout" "networkmanager"]; + + # networking.networkmanager.wifi.backend = "iwd"; + + services = { + nscd.enable = true; + printing.enable = true; + avahi.enable = true; + gvfs.package = (pkgs.gvfs.overrideAttrs (old: { + mesonFlags = (old.mesonFlags or []) ++ [ + "-Dafp=false" + "-Dafc=false" + "-Dmtp=false" + "-Dgphoto2=false" + ]; + })).override { + samba = null; + gnomeSupport = false; + }; + + #required for gnome-calendar + gnome.evolution-data-server.enable = true; + gnome.gnome-online-accounts.enable = true; + }; + + programs.evince.enable = true; + + home-manager.users.katja = { + manual.html.enable = true; + + home.sessionVariables = { + QT_QPA_PLATFORMTHEME = "gnome"; + }; + + home.packages = with pkgs; [ + wl-clipboard-x11 + gnome-calendar + gnome-text-editor + gnome-podcasts + gnome-obfuscate + gnome-power-manager + loupe + errands + diebahn + cozy + xdg-utils + qgnomeplatform + # look and feel from libadwaita ported to GTK-3 + adw-gtk3 + ] ++ (with pkgs.gnomeExtensions; [ + just-perfection + airpod-battery-monitor + battery-time-percentage-compact + space-bar + dash-to-dock + search-light + pip-on-top + emoji-copy + caffeine + ]); + + gtk = { + enable = true; + + iconTheme.package = pkgs.adwaita-colors-icon-theme; + iconTheme.name = "Adwaita-green"; + + gtk3.extraConfig = { + gtk-application-prefer-dark-theme = 1; + gtk-theme-name = "adw-gtk3-dark"; + }; + + gtk4.extraCss = '' + /* remove 'starred' in nautilus side-panel */ + .nautilus-window .navigation-sidebar > .sidebar-row:nth-child(2) { + min-height:0; + font-size: 0; + -gtk-icon-size: 0; + margin-top: -2px; + } + ''; + }; + + # Use `dconf watch /` to track stateful changes you are doing and store them here. + dconf.settings = with inputs.homeManager.lib.hm.gvariant; let + numWorkspaces = 7; + workspaces = lib.lists.reverseList( pkgs.std.list.unfold( n: if n == 0 then pkgs.std.optional.nothing else pkgs.std.optional.just( pkgs.std.tuple.tuple2 n (n - 1))) numWorkspaces); + in { + "org/gnome/mutter" = { + edge-tiling = true; + dynamic-workspaces = false; + }; + + "org/gnome/desktop/wm/preferences" = { + button-layout = "close:appmenu"; + auto-raise = false; + focus-mode = "sloppy"; + num-workspaces = lib.lists.last workspaces; + workspace-names = [ "Main" "Mail" "Term" ]; + }; + "org/gnome/desktop/wm/keybindings" = builtins.listToAttrs( builtins.concatMap( v: [ + { name = "switch-to-workspace-${toString v}"; value = [ "<Super>${toString v}" ]; } + { name = "move-to-workspace-${toString v}"; value = [ "<Super><Shift>${toString v}" ]; } + ]) workspaces) // { + switch-input-source = [ "<Control><Super>space" ]; + switch-input-source-backward = [ "<Shift><Control><Super>space" ]; + }; + + "org/gnome/shell" = { + disable-extension-version-validation = true; + disable-user-extensions = false; + enabled-extensions = with pkgs.gnomeExtensions; [ + just-perfection.extensionUuid + airpod-battery-monitor.extensionUuid + battery-time-percentage-compact.extensionUuid + space-bar.extensionUuid + dash-to-dock.extensionUuid + search-light.extensionUuid + pip-on-top.extensionUuid + emoji-copy.extensionUuid + caffeine.extensionUuid + ]; + favorite-apps = [ + "org.gnome.Nautilus.desktop" + "firefox.desktop" + "thunderbird.desktop" + "org.gnome.Fractal.desktop" + "app.drey.PaperPlane.desktop" + "dev.geopjr.Tuba.desktop" + "de.schmidhuberj.DieBahn.desktop" + "org.gnome.Calendar.desktop" + "io.github.mrvladus.List.desktop" + "org.gnome.Podcasts.desktop" + "com.mitchellh.ghostty.desktop" + "org.gnome.Settings.desktop" + ]; + }; + "org/gnome/shell/keybindings" = builtins.listToAttrs( map( v: { name = "switch-to-application-${toString v}"; value = []; }) workspaces); + "org/gnome/settings-daemon/plugins/color" = { + night-light-enabled = true; + }; + + "org/gnome/settings-daemon/plugins/media-keys" = { + custom-keybindings = [ "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/" ]; + }; + "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { + name = "Start Terminal"; + command = "ghostty"; + binding = "<Super>Return"; + }; + "org/gnome/settings-daemon/plugins/power" = { + sleep-inactive-ac-type = "nothing"; + }; + + "org/gnome/desktop/a11y".always-show-universal-access-status = false; + "org/gnome/desktop/privacy".remember-recent-files = false; + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + accent-color = "green"; + enable-hot-corners = false; + show-battery-percentage = true; + }; + "org/gnome/desktop/input-sources" = { + sources = [ + (mkTuple ["xkb" "us+mac"]) + (mkTuple ["xkb" "de"]) + (mkTuple ["xkb" "ru+mac"]) + ]; + }; + "org/gnome/desktop/background" = { + picture-uri = "file://${pkgs.nixos-artwork.wallpapers.simple-blue.gnomeFilePath}"; + picture-uri-dark = "file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray.gnomeFilePath}"; + }; + "org/gnome/desktop/screensaver" = { + picture-uri = "file://${pkgs.nixos-artwork.wallpapers.simple-dark-gray.gnomeFilePath}"; + primary-color = "#3465a4"; + secondary-color = "#000000"; + }; + + "org/gnome/nautilus/list-view" = { + use-tree-view = true; + default-zoom-level = "small"; + }; + "org/gnome/nautilus/preferences" = { + date-time-format = "detailed"; + default-folder-viewer = "list-view"; + }; + + "org/gnome/shell/extensions/pip-on-top".stick = true; + "org/gnome/shell/extensions/just-perfection" = { + clock-menu-position = 1; + clock-menu-position-offset = 6; + quick-settings-dark-mode = false; + notification-banner-position = 2; + window-demands-attention-focus = true; + }; + "org/gnome/shell/extensions/space-bar/behavior" = { + show-empty-workspaces = false; + always-show-numbers = true; + }; + "org/gnome/shell/extensions/dash-to-dock" = { + multi-monitor = true; + apply-custom-theme = true; + custom-theme-shrink = true; + show-show-apps-button = false; + show-mounts = false; + hot-keys = false; + }; + "org/gnome/shell/extensions/search-light".shortcut-search = [ "<Super>space" ]; + "org/gnome/shell/extensions/emoji-copy".always-show = false; + }; + }; +}
diff --git a/flake.nix b/flake.nix @@ -4,6 +4,20 @@ outputs = { self, ... } @ inputs: rec { + loadDir = path: inputs.haumea.lib.load { + src = path; + loader = inputs.haumea.lib.loaders.path; + transformer = name: value: ( + if name == [] then value else ( + if (builtins.hasAttr "default" value) then value.default else value + ) + ); + }; + + ctucxConfig.common = loadDir ./configurations/common; + ctucxConfig.darwin = inputs.nixpkgs.lib.recursiveUpdate ctucxConfig.common (loadDir ./configurations/darwin); + ctucxConfig.nixos = inputs.nixpkgs.lib.recursiveUpdate ctucxConfig.common (loadDir ./configurations/nixos); + darwinConfigurations = { blechkasten = inputs.nixDarwin.lib.darwinSystem rec { system = "aarch64-darwin"; @@ -16,10 +30,12 @@ specialArgs = { currentSystem = system; + ctucxConfig = ctucxConfig.darwin; inherit inputs; }; modules = [ + ctucxConfig.darwin.default ./machines/blechkasten ]; }; @@ -37,11 +53,17 @@ specialArgs = { inherit inputs; + ctucxConfig = ctucxConfig.nixos; currentSystem = nixpkgs.system; }; }; - defaults = import ./configurations/common; + defaults = { + imports = [ + ctucxConfig.nixos.default + ./modules + ]; + }; seifenkiste = import ./machines/seifenkiste; briefkasten = import ./machines/briefkasten; @@ -62,9 +84,10 @@ (import ./pkgs/overlay.nix) (final: prev: { - dns = inputs.dnsNix; - std = inputs.nixStd.lib; - unstable = inputs.nixpkgsUnstable.legacyPackages.${prev.system}; + dns = inputs.dnsNix; + std = inputs.nixStd.lib; + unstable = inputs.nixpkgsUnstable.legacyPackages.${prev.system}; + ctucxConfig = ctucxConfig; }) inputs.colmena.overlay
diff --git a/machines/blechkasten/default.nix b/machines/blechkasten/default.nix @@ -1,16 +1,10 @@ { config, pkgs, lib, ... }: { - imports = [ - ../../configurations/common - ]; networking.hostName = "blechkasten"; networking.computerName = config.networking.hostName; - #currently broken in nixpkgs-darwin - ctucxConfig.programs.ocrmypdf.enable = lib.mkForce false; - home-manager.users.katja.home.stateVersion = "24.11"; system.stateVersion = 4;
diff --git a/machines/briefkasten/default.nix b/machines/briefkasten/default.nix @@ -1,14 +1,17 @@ -{ inputs, config, lib, pkgs, ... }: +{ inputs, config, ctucxConfig, lib, pkgs, ... }: { - #this enables the following services: restic-server - deployment.tags = [ "resticServer" ]; - imports = [ ./hardware-configuration.nix ./impermanence.nix + ctucxConfig.services.prometheus-exporters + ctucxConfig.services.restic-server + + ctucxConfig.programs.yt-dlp + ctucxConfig.programs.ocrmypdf + # syncthing (and it's backup) ./syncthing.nix @@ -90,14 +93,6 @@ email-notify.enable = true; }; - ctucxConfig.programs = { - yt-dlp.enable = true; - ocrmypdf.enable = true; - gpg.enable = false; - ssh.enable = false; - git.enable = false; - }; - system.stateVersion = "22.11"; # Did you read the comment? home-manager.users.katja.home.stateVersion = "22.11";
diff --git a/machines/briefkasten/syncthing.nix b/machines/briefkasten/syncthing.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ...}: +{ config, ctucxConfig, lib, ...}: let backups = { @@ -13,8 +13,8 @@ let in { - ctucxConfig.services.syncthing.enable = true; - + imports = [ ctucxConfig.services.syncthing ]; + age.secrets = lib.mapAttrs' ( name: path: lib.nameValuePair "restic-syncthing-${name}" { file = ./. + "/../../secrets/${config.networking.hostName}/restic/syncthing-${name}.age";
diff --git a/machines/hector/default.nix b/machines/hector/default.nix @@ -1,13 +1,13 @@ -{ config, lib, pkgs, ... }: +{ config, ctucxConfig, lib, pkgs, ... }: { - #this enables the following services: dns - deployment.tags = [ "dnsServer" ]; - imports = [ ./hardware-configuration.nix + ctucxConfig.services.prometheus-exporters + ctucxConfig.services.dns-server + # monitoring ./prometheus.nix ./grafana @@ -105,7 +105,6 @@ }; }; - services.email-notify.enable = true; system.stateVersion = "24.11";
diff --git a/machines/hector/syncthing.nix b/machines/hector/syncthing.nix @@ -1,11 +1,9 @@ -{ config, lib, pkgs, ... }: +{ ctucxConfig, ... }: { - ctucxConfig.services.syncthing.enable = true; + imports = [ ctucxConfig.services.syncthing ]; - services.syncthing = rec { - dataDir = "/home/katja/syncthing"; - }; + services.syncthing.dataDir = "/home/katja/syncthing"; } \ No newline at end of file
diff --git a/machines/seifenkiste/default.nix b/machines/seifenkiste/default.nix @@ -1,17 +1,19 @@ -{ config, lib, pkgs, ... }: +{ config, ctucxConfig, lib, pkgs, ... }: { imports = [ ./hardware-configuration.nix - ../../configurations/linux/gnome.nix ./keyboard.nix + + ctucxConfig.services.prometheus-exporters + + ctucxConfig.wm.gnome + ]; deployment.allowLocalDeployment = true; - ctucxConfig.monitoring.exporters.enable = true; - boot = { loader.systemd-boot.enable = lib.mkForce false; loader.efi.canTouchEfiVariables = true;
diff --git a/machines/trabbi/default.nix b/machines/trabbi/default.nix @@ -1,13 +1,13 @@ -{ config, lib, pkgs, ... }: +{ config, ctucxConfig, lib, pkgs, ... }: { - #this enables the following services: dns - deployment.tags = [ "dnsServer" ]; - imports = [ ./hardware-configuration.nix + ctucxConfig.services.prometheus-exporters + ctucxConfig.services.dns-server + ./gotosocial.nix ];
diff --git a/machines/wanderduene/default.nix b/machines/wanderduene/default.nix @@ -1,17 +1,16 @@ -{ nodes, config, lib, pkgs, ... }: +{ nodes, config, ctucxConfig, lib, pkgs, ... }: { deployment.buildOnTarget = false; - #this enables the following services: dns - deployment.tags = [ "dnsServer" ]; - - documentation.nixos.enable = false; imports = [ ./hardware-configuration.nix + ctucxConfig.services.prometheus-exporters + ctucxConfig.services.dns-server + ./rclone-restic-server.nix ./syncthing.nix @@ -21,6 +20,8 @@ ./websites ]; + documentation.nixos.enable = false; + dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (pkgs.dns.lib.combinators.host config.networking.primaryIP4 config.networking.primaryIP); age.secrets.wireguard-privkey = { @@ -140,12 +141,6 @@ }; }; - ctucxConfig.programs = { - gpg.enable = false; - ssh.enable = false; - git.enable = false; - }; - system.stateVersion = "23.05"; home-manager.users.katja.home.stateVersion = "23.05";
diff --git a/machines/wanderduene/syncthing.nix b/machines/wanderduene/syncthing.nix @@ -1,8 +1,8 @@ -{ config, lib, pkgs, ... }: +{ ctucxConfig, lib, ... }: { - ctucxConfig.services.syncthing.enable = true; + imports = [ ctucxConfig.services.syncthing ]; services.syncthing = rec { dataDir = "/home/katja/syncthing";