fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

merge

Browse source
This commit is contained in:
fwastring 2025-04-07 14:02:44 +02:00
commit 125ad513d7
16 changed files with 197 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

23
config/base.nix
View file

@ -50,8 +50,20 @@
liveRestore = false; liveRestore = false;
}; };
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services = {
tailscale = {
enable = true;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
hardware = { hardware = {
pulseaudio.enable = true;
bluetooth = { bluetooth = {
enable = true; enable = true;
powerOnBoot = true; powerOnBoot = true;
@ -65,11 +77,9 @@
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.nameservers = [ "8.8.8.8" ]; networking.nameservers = [ "8.8.8.8" ];
networking.resolvconf.enable = pkgs.lib.mkForce false; # networking.resolvconf.enable = pkgs.lib.mkForce false;
networking.dhcpcd.extraConfig = "nohook resolv.conf"; # networking.dhcpcd.extraConfig = "nohook resolv.conf";
networking.networkmanager.dns = "none"; # networking.networkmanager.dns = "none";
services.resolved.enable = false;
environment.sessionVariables = { environment.sessionVariables = {
EDITOR = "nvim"; EDITOR = "nvim";
@ -118,6 +128,7 @@ services.resolved.enable = false;
neovim neovim
git git
openssh openssh
rofi
]; ];

48
config/home.nix
View file

@ -11,8 +11,9 @@
imports = [ imports = [
../shared/dwm.nix ../shared/dwm.nix
../shared/vscode.nix ../shared/vscode.nix
../shared/dmenu.nix # ../shared/dmenu.nix
../shared/rofi.nix # ../shared/rofi.nix
# ../shared/mpv.nix
../shared/kitty.nix ../shared/kitty.nix
../shared/alacritty.nix ../shared/alacritty.nix
../shared/tmux.nix ../shared/tmux.nix
@ -59,8 +60,8 @@
bluez bluez
bluez-tools bluez-tools
unstable.betterlockscreen unstable.betterlockscreen
tmux # tmux
unstable.fzf fzf
eza eza
btop btop
thttpd thttpd
@ -68,21 +69,30 @@
openssl openssl
dig dig
jq jq
wireguard-tools
acpi
light
# Dev # Dev
unstable.fluxcd
argocd
gh
unstable.deno unstable.deno
unstable.hugo unstable.hugo
unstable.logstash unstable.logstash
ngrok ngrok
tailwindcss tailwindcss
nodejs_22 nodejs_23
gh-f
gh
yarn yarn
plantuml plantuml
go go
dotnetCorePackages.sdk_8_0_3xx # dotnetCorePackages.sdk_8_0_3xx
dotnetCorePackages.sdk_9_0_1xx
templ templ
goa
azuredatastudio
mdbtools
prettierd
#Tools #Tools
qrencode qrencode
@ -93,26 +103,27 @@
kubectl kubectl
#LSP #LSP
roslyn # roslyn
roslyn-ls roslyn-ls
dockerfile-language-server-nodejs
docker-compose-language-service
bash-language-server
python312Packages.python-lsp-server python312Packages.python-lsp-server
yaml-language-server yaml-language-server
lua-language-server
typescript
nil nil
jdt-language-server jdt-language-server
texlab texlab
marksman marksman
nodePackages_latest.bash-language-server
typescript
nodePackages_latest.typescript-language-server
nodePackages_latest.vls
nodePackages_latest.volar
lua-language-server
tree-sitter tree-sitter
vue-language-server
typescript-language-server
gopls gopls
rust-analyzer rust-analyzer
# UI # UI
rofi-bluetooth # rofi-bluetooth
pastel pastel
imagemagick imagemagick
@ -121,6 +132,7 @@
networkmanagerapplet networkmanagerapplet
networkmanager-l2tp networkmanager-l2tp
strongswan strongswan
networkmanager_strongswan
# Display # Display
scrot scrot
@ -137,8 +149,8 @@
poppler_utils poppler_utils
#Desktop #Desktop
fluent-reader
unstable.feishin unstable.feishin
firefox
libreoffice libreoffice
unstable.signal-desktop unstable.signal-desktop
pinta pinta
@ -146,7 +158,7 @@
vial vial
thunderbird thunderbird
alacritty alacritty
unstable.neovim neovim
fastfetch fastfetch
lazygit lazygit
byzanz byzanz

2
config/lill-home.nix
View file

@ -128,7 +128,7 @@
zathura zathura
thunderbird thunderbird
alacritty alacritty
unstable.neovim neovim
fastfetch fastfetch
lazygit lazygit
byzanz byzanz

10
flake.nix
View file

@ -3,12 +3,12 @@
inputs = { inputs = {
# Nixpkgs # Nixpkgs
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
fw-pkgs.url = "github:fwastring/fwpkgs/main"; fw-pkgs.url = "github:fwastring/fwpkgs/main";
# Home manager # Home manager
home-manager.url = "github:nix-community/home-manager/release-24.05"; home-manager.url = "github:nix-community/home-manager/release-24.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -72,12 +72,12 @@
}; };
modules = [./maskiner/work-desktop/configuration.nix]; modules = [./maskiner/work-desktop/configuration.nix];
}; };
lillen = nixpkgs.lib.nixosSystem { macmini = nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
inherit inputs outputs; inherit inputs outputs;
myhostname = "lillen"; myhostname = "macmini";
}; };
modules = [./maskiner/lillen/configuration.nix]; modules = [./maskiner/macmini/configuration.nix];
}; };
}; };

8
jobb/users.nix
View file

@ -35,6 +35,14 @@
"docker" "docker"
]; ];
}; };
runner = {
initialPassword = "password";
isNormalUser = true;
description = "github runner";
extraGroups = [
"docker"
];
};
}; };
}; };
} }

7
maskiner/laptop/hardware-configuration.nix
View file

@ -14,17 +14,18 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/af77f921-bcba-43c6-8670-a90e1bde1915"; { device = "/dev/disk/by-uuid/0f9de0d5-cdca-42a8-bb8a-070e3147396a";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/346C-F5FE"; { device = "/dev/disk/by-uuid/3340-1019";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/3fa47cf3-f18d-4ab7-80e5-39bfaeada0d1"; } [ { device = "/dev/disk/by-uuid/36870c0d-2200-4850-a8af-7021f6776651"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

53
maskiner/macmini/configuration.nix Normal file
View file

@ -0,0 +1,53 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{
inputs,
lib,
config,
pkgs,
myhostname,
...
}: {
# You can import other NixOS modules here
imports = [
./hardware-configuration.nix
../../config/users.nix
];
environment.systemPackages = with pkgs; [
unstable.lego
];
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 443 3000 8384 22000];
allowedUDPPortRanges = [
{ from = 4000; to = 4007; }
{ from = 8000; to = 8010; }
];
};
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
services = {
openssh = {
enable = true;
ports = [22];
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
X11Forwarding = true;
};
extraConfig = ''
AllowUsers fw
'';
};
};
security.rtkit.enable = true;
networking.hostName = myhostname;
services.xserver.dpi = 100;
system.stateVersion = "24.11";
}

39
maskiner/macmini/hardware-configuration.nix Normal file
View file

@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ohci_pci" "ehci_pci" "ahci" "firewire_ohci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1c7e7116-3486-45a8-90c0-d3deea8e96b0";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/B70D-941F";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0b1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

6
maskiner/server/configuration.nix
View file

@ -30,7 +30,7 @@
]; ];
fileSystems."/data" = { fileSystems."/data" = {
fsType = "fuse.mergerfs"; fsType = "fuse.mergerfs";
device = "/mnt/drive*"; device = "/mnt/extern*";
options = ["cache.files=partial" "dropcacheonclose=true" "category.create=mfs"]; options = ["cache.files=partial" "dropcacheonclose=true" "category.create=mfs"];
}; };
@ -96,7 +96,11 @@
console.keyMap = "sv-latin1"; console.keyMap = "sv-latin1";
programs.zsh.enable = true; programs.zsh.enable = true;
security.auditd.enable = true;
services = { services = {
fail2ban = {
enable = true;
};
xserver = { xserver = {
enable = true; enable = true;
displayManager = { displayManager = {

3
maskiner/work-desktop/configuration.nix
View file

@ -12,7 +12,8 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../config/base.nix ../../config/base.nix
../../config/users.nix ../../shared/openssh.nix
../../jobb/users.nix
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

4
shared/dwm.nix
View file

@ -3,7 +3,7 @@ let
dwm = pkgs.dwm.overrideAttrs (old: { dwm = pkgs.dwm.overrideAttrs (old: {
src = builtins.fetchGit { src = builtins.fetchGit {
url = "https://github.com/FredzyW/dwm-conf.git"; url = "https://github.com/FredzyW/dwm-conf.git";
rev = "05276318843d1bfe90a8aae266c9e997bf97e577"; rev = "7e10a592cbfd1cea2b6c5e77c3738716a390eb65";
}; };
nativeBuildInputs = with pkgs; [ nativeBuildInputs = with pkgs; [
xorg.libX11.dev xorg.libX11.dev
@ -28,3 +28,5 @@ in
home.packages = [ dwm dwmblocks ]; home.packages = [ dwm dwmblocks ];
} }

2
shared/firefox.nix
View file

@ -9,7 +9,7 @@
builtins.fetchGit { builtins.fetchGit {
url = "https://github.com/rockofox/firefox-minima"; url = "https://github.com/rockofox/firefox-minima";
ref = "main"; ref = "main";
rev = "c5580fd04e9b198320f79d441c78a641517d7af5"; # <-- Change this rev = "dc40a861b24b378982c265a7769e3228ffccd45a"; # <-- Change this
} }
}/userChrome.css"; }/userChrome.css";
''; '';

2
shared/fish.nix
View file

@ -61,6 +61,8 @@
set SYSTEM_DIR "$FLAKE_DIR#jobb" set SYSTEM_DIR "$FLAKE_DIR#jobb"
set -Ux FZF_CTRL_R_OPTS "--reverse" set -Ux FZF_CTRL_R_OPTS "--reverse"
set -Ux FZF_TMUX_OPTS "-p" set -Ux FZF_TMUX_OPTS "-p"
set -e GOROOT
set -e GOPATH
# Mocha # Mocha
set -Ux FZF_DEFAULT_OPTS "\ set -Ux FZF_DEFAULT_OPTS "\

4
shared/kitty.nix
View file

@ -11,12 +11,12 @@
# name = "Iosevka Nerd Font Bold"; # name = "Iosevka Nerd Font Bold";
# name = "ComicShannsMono Nerd Font Bold"; # name = "ComicShannsMono Nerd Font Bold";
name = "Hack Nerd Font Mono Bold"; name = "Hack Nerd Font Mono Bold";
size = 13; size = 12;
}; };
shellIntegration = { shellIntegration = {
mode = "no-cursor"; mode = "no-cursor";
}; };
theme = "Catppuccin-Mocha"; themeFile = "Catppuccin-Mocha";
settings = { settings = {
confirm_os_window_close = 2; confirm_os_window_close = 2;
cursor_shape = "block"; cursor_shape = "block";

54
shared/ssh.nix
View file

@ -27,42 +27,12 @@
user = "fw"; user = "fw";
identityFile = "/home/fw/.ssh/fw-ssh-key"; identityFile = "/home/fw/.ssh/fw-ssh-key";
}; };
"ha1" = {
hostname = "192.168.0.180";
port = 22;
user = "fw";
identityFile = "/home/fw/.ssh/fw-ssh-key";
};
"ha2" = {
hostname = "192.168.0.133";
port = 22;
user = "fw";
identityFile = "/home/fw/.ssh/fw-ssh-key";
};
"ha3" = {
hostname = "192.168.0.120";
port = 22;
user = "fw";
identityFile = "/home/fw/.ssh/fw-ssh-key";
};
"ha4" = {
hostname = "192.168.0.52";
port = 22;
user = "fw";
identityFile = "/home/fw/.ssh/fw-ssh-key";
};
"mac" = { "mac" = {
hostname = "192.168.0.149"; hostname = "192.168.0.149";
port = 22; port = 22;
user = "ifacts"; user = "ifacts";
identityFile = "/home/fw/.ssh/ifacts-ssh-key"; identityFile = "/home/fw/.ssh/ifacts-ssh-key";
}; };
"backups" = {
hostname = "192.168.0.120";
port = 22;
user = "github";
identityFile = "/home/fw/.ssh/github-ssh-key";
};
"malmo" = { "malmo" = {
hostname = "192.168.0.138"; hostname = "192.168.0.138";
port = 22; port = 22;
@ -86,6 +56,30 @@
user = "fw"; user = "fw";
identityFile = "/home/fw/.ssh/id_rsa"; identityFile = "/home/fw/.ssh/id_rsa";
}; };
"kube01" = {
hostname = "192.168.0.177";
port = 22;
user = "fw";
identityFile = "/home/fw/.ssh/fw-ssh-key";
};
"runner01" = {
hostname = "192.168.0.184";
port = 22;
user = "fw";
identityFile = "/home/fw/.ssh/fw-ssh-key";
};
"docker03" = {
hostname = "192.168.0.118";
port = 22;
user = "fw";
identityFile = "/home/fw/.ssh/fw-ssh-key";
};
"table" = {
hostname = "192.168.0.157";
port = 22;
user = "fw";
identityFile = "/home/fw/.ssh/fw-ssh-key";
};
}; };
}; };
} }

12
shared/tmux.nix
View file

@ -7,16 +7,6 @@
tmuxPlugins.sensible tmuxPlugins.sensible
tmuxPlugins.pain-control tmuxPlugins.pain-control
tmuxPlugins.sessionist tmuxPlugins.sessionist
tmuxPlugins.logging
{
plugin = tmuxPlugins.resurrect;
extraConfig = ''
resurrect_dir="$HOME/.tmux/resurrect"
set -g @resurrect-dir $resurrect_dir
set -g @resurrect-hook-post-save-all 'target=$(readlink -f $resurrect_dir/last); sed "s| --cmd .*-vim-pack-dir||g; s|/etc/profiles/per-user/$USER/bin/||g" $target | sponge $target'
set -g @resurrect-strategy-nvim 'session'
'';
}
{ {
plugin = tmuxPlugins.continuum; plugin = tmuxPlugins.continuum;
extraConfig = '' extraConfig = ''
@ -24,8 +14,6 @@
set -g @continuum-restore 'on' set -g @continuum-restore 'on'
''; '';
} }
fw-pkgs.tmuxPlugins.spotify
fw-pkgs.tmuxPlugins.tmux-fzf-window
{ {
plugin = fw-pkgs.tmuxPlugins.minimal; plugin = fw-pkgs.tmuxPlugins.minimal;
extraConfig = '' extraConfig = ''