fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'main' of https://git.wastring.com/fw/nix

Browse source
This commit is contained in:
fwastring 2025-11-30 23:04:38 +01:00
commit 66c3692ea4
13 changed files with 300 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -10,3 +10,11 @@
@ Old Computers @ Old Computers
- laptop (Acer Swift 3) † 2025-08-05 - laptop (Acer Swift 3) † 2025-08-05
```
nixos-anywhere -- \
--flake .#kiosk \
--generate-hardware-config nixos-generate-config ./machines/kiosk/hardware-configuration.nix \
--target-host fw@192.168.1.186
```

41
maskiner/core/disk-config.nix Normal file
View file

@ -0,0 +1,41 @@
{ lib, ... }:
{
disko.devices = {
disk = {
main = {
device = lib.mkDefault "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "1G";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "101G";
content = {
type = "swap";
};
};
};
};
};
};
};
}

8
maskiner/core/hardware-configuration.nix
View file

@ -8,24 +8,24 @@
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/751f2210-9f0a-46da-bc62-25ede9a5f8a7"; { device = "/dev/disk/by-uuid/23905182-cee8-4336-8b2f-803dbd761c84";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1947-AC4C"; { device = "/dev/disk/by-uuid/39A0-5A5F";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ]; options = [ "fmask=0077" "dmask=0077" ];
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/0eea714d-1c2f-4981-b25b-920205959594"; } [ { device = "/dev/disk/by-uuid/d599597d-d111-48a3-98e9-da81075e38f8"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

5
moduler/base.nix
View file

@ -6,9 +6,6 @@
... ...
}: }:
{ {
sops.defaultSopsFile = ../secrets/sops.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
nixpkgs = { nixpkgs = {
config = { config = {
allowUnfree = true; allowUnfree = true;
@ -96,7 +93,7 @@
garamond-libre garamond-libre
]; ];
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "sv_SE.UTF-8";
i18n.extraLocaleSettings = { i18n.extraLocaleSettings = {
LC_ADDRESS = "sv_SE.UTF-8"; LC_ADDRESS = "sv_SE.UTF-8";
LC_IDENTIFICATION = "sv_SE.UTF-8"; LC_IDENTIFICATION = "sv_SE.UTF-8";

24
moduler/dev.nix
View file

@ -1,9 +1,6 @@
{ {
inputs, inputs,
lib,
config,
pkgs, pkgs,
myhostname,
... ...
}: }:
let let
@ -22,24 +19,23 @@ in
inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default
# Nix # Nix
devenv
nixfmt-rfc-style nixfmt-rfc-style
# Docker # Docker
dive # dive
lazydocker lazydocker
# Jobb # Jobb
dotnetCorePackages.dotnet_9.sdk
gh gh
awscli # awscli
minio-client # minio-client
# dotnetCorePackages.dotnet_9.sdk
# opentofu # opentofu
# azure-cli # azure-cli
# jira-cli-go # jira-cli-go
# Blogging # Blogging
zola # zola
# System Design # System Design
# sqlc # sqlc
@ -48,10 +44,10 @@ in
# Web Dev # Web Dev
# tailwindcss # tailwindcss
prettierd # prettierd
# Go # Go
go # go
# air # air
# templ # templ
# go-migrate-pg # go-migrate-pg
@ -59,13 +55,13 @@ in
# Build # Build
git git
gcc gcc
gnumake # gnumake
cmake # cmake
# System Tools # System Tools
yq yq
jq jq
git git
qrencode # qrencode
]; ];
} }

29
moduler/lsp.nix Normal file
View file

@ -0,0 +1,29 @@
{
lib,
config,
pkgs,
...
}:
{
environment.systemPackages = with pkgs; [
nixd
dockerfile-language-server
bash-language-server
helm-ls
yaml-language-server
lua-language-server
marksman
# tofu-ls
# gopls
# omnisharp-roslyn
# nodejs_22
# vue-language-server
# vtsls
# typescript
# typescript-language-server
# nodePackages.vscode-json-languageserver
# tailwindcss-language-server
];
}

11
moduler/network.nix
View file

@ -15,13 +15,12 @@
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
networkmanagerapplet # networkmanager
networkmanager
iperf3
dnsutils dnsutils
aria2 # nmap
nmap # ipcalc
ipcalc # iperf3
# networkmanagerapplet
# (octodns.withProviders (ps: [ # (octodns.withProviders (ps: [
# octodns-providers.gandi # octodns-providers.gandi

52
moduler/programs.nix
View file

@ -8,17 +8,51 @@
{ {
services.udev = { services.udev = {
extraRules = '' extraRules = ''
KERNEL=="ttyACM0", MODE:="666" KERNEL=="ttyACM0", MODE:="666"
ACTION=="add", KERNEL=="sd[a-e][0-9]", ENV{ID_FS_UUID}=="3039-3932", RUN+="${pkgs.systemd}/bin/systemd-mount --no-block -A -G -o gid=users,fmask=113,dmask=002 /dev/%k /mnt/sdcard" ACTION=="add", KERNEL=="sd[a-e][0-9]", ENV{ID_FS_UUID}=="3039-3932", RUN+="${pkgs.systemd}/bin/systemd-mount --no-block -A -G -o gid=users,fmask=113,dmask=002 /dev/%k /mnt/sdcard"
ACTION=="add", KERNEL=="sd[a-e]", ENV{ID_FS_UUID}=="66BA-4EBA", RUN+="${pkgs.systemd}/bin/systemd-mount --no-block -A -G -o gid=users,fmask=113,dmask=002 /dev/%k /mnt/kobo" ACTION=="add", KERNEL=="sd[a-e]", ENV{ID_FS_UUID}=="66BA-4EBA", RUN+="${pkgs.systemd}/bin/systemd-mount --no-block -A -G -o gid=users,fmask=113,dmask=002 /dev/%k /mnt/kobo"
KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput" KERNEL=="uinput", GROUP="input", MODE="0660", OPTIONS+="static_node=uinput"
''; '';
packages = with pkgs; [ packages = with pkgs; [
vial vial
via via
]; ];
}; };
home-manager.users.fw = {
xdg.mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "librewolf.desktop";
"x-scheme-handler/http" = "librewolf.desktop";
"x-scheme-handler/https" = "librewolf.desktop";
"x-scheme-handler/about" = "librewolf.desktop";
"x-scheme-handler/unknown" = "librewolf.desktop";
"text/plain" = "nvim.desktop";
"text/markdown" = "nvim.desktop";
"text/x-markdown" = "nvim.desktop";
"application/json" = "nvim.desktop";
"application/x-ndjson" = "nvim.desktop";
"application/x-yaml" = "nvim.desktop";
"text/yaml" = "nvim.desktop";
"text/x-shellscript" = "nvim.desktop";
"text/x-python" = "nvim.desktop";
"text/x-csrc" = "nvim.desktop";
"text/x-c++src" = "nvim.desktop";
"application/x-sql" = "nvim.desktop";
"text/xml" = "nvim.desktop";
"application/xml" = "nvim.desktop";
"application/pdf" = "org.gnome.Evince.desktop";
"image/jpeg" = "feh.desktop";
"image/png" = "feh.desktop";
"image/gif" = "feh.desktop";
"image/webp" = "feh.desktop";
"image/tiff" = "feh.desktop";
"image/bmp" = "feh.desktop";
"image/svg+xml" = "feh.desktop";
};
};
};
environment.sessionVariables.DEFAULT_BROWSER = "${pkgs.librewolf}/bin/librewolf";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# GUI # GUI
@ -29,10 +63,10 @@
slack slack
drawio drawio
evince evince
spotify spotify
firefox firefox
# ansible # ansible
# freecad-wayland # freecad-wayland
# TUI # TUI

22
moduler/programs/waybar/waybar-latte.css
View file

@ -60,14 +60,14 @@ button {
/* hover */ /* hover */
button:hover { button:hover {
background: rgba(255,255,255,0.08); background: rgba(255,255,255,0.08);
box-shadow: inset 0 -3px @green; box-shadow: inset 0 -3px @peach;
} }
/* active (no CSS transform in GTK; simulate press with padding + shadow) */ /* active (no CSS transform in GTK; simulate press with padding + shadow) */
button:active { button:active {
padding-top: 1px; /* nudge down visually */ padding-top: 1px; /* nudge down visually */
padding-bottom: 1px; /* keep height stable */ padding-bottom: 1px; /* keep height stable */
box-shadow: inset 0 -2px @green; box-shadow: inset 0 -2px @peach;
color: @base; color: @base;
} }
@ -88,9 +88,9 @@ button:active {
} }
#workspaces button.active, #workspaces button.focused { #workspaces button.active, #workspaces button.focused {
background: @green; background: @peach;
color: @base; color: @base;
box-shadow: inset 0 -3px @green; box-shadow: inset 0 -3px @peach;
} }
#workspaces button.urgent { #workspaces button.urgent {
@ -101,7 +101,7 @@ button:active {
/* -------- Clock -------- */ /* -------- Clock -------- */
#clock { #clock {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -109,7 +109,7 @@ button:active {
/* -------- Mpris -------- */ /* -------- Mpris -------- */
#mpris { #mpris {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -117,7 +117,7 @@ button:active {
/* -------- Pavu -------- */ /* -------- Pavu -------- */
#pulseaudio { #pulseaudio {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -125,7 +125,7 @@ button:active {
/* -------- Bluetooth -------- */ /* -------- Bluetooth -------- */
#bluetooth { #bluetooth {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -133,7 +133,7 @@ button:active {
/* -------- Upower -------- */ /* -------- Upower -------- */
#upower { #upower {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -141,7 +141,7 @@ button:active {
/* -------- Network -------- */ /* -------- Network -------- */
#network { #network {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -149,5 +149,5 @@ button:active {
/* -------- Helpers -------- */ /* -------- Helpers -------- */
@keyframes blink { @keyframes blink {
to { background-color: @green; color: @base; } to { background-color: @peach; color: @base; }
} }

22
moduler/programs/waybar/waybar-mocha.css
View file

@ -60,14 +60,14 @@ button {
/* hover */ /* hover */
button:hover { button:hover {
background: rgba(255,255,255,0.08); background: rgba(255,255,255,0.08);
box-shadow: inset 0 -3px @green; box-shadow: inset 0 -3px @peach;
} }
/* active (no CSS transform in GTK; simulate press with padding + shadow) */ /* active (no CSS transform in GTK; simulate press with padding + shadow) */
button:active { button:active {
padding-top: 1px; /* nudge down visually */ padding-top: 1px; /* nudge down visually */
padding-bottom: 1px; /* keep height stable */ padding-bottom: 1px; /* keep height stable */
box-shadow: inset 0 -2px @green; box-shadow: inset 0 -2px @peach;
color: @base; color: @base;
} }
@ -88,9 +88,9 @@ button:active {
} }
#workspaces button.active, #workspaces button.focused { #workspaces button.active, #workspaces button.focused {
background: @green; background: @peach;
color: @base; color: @base;
box-shadow: inset 0 -3px @green; box-shadow: inset 0 -3px @peach;
} }
#workspaces button.urgent { #workspaces button.urgent {
@ -101,7 +101,7 @@ button:active {
/* -------- Clock -------- */ /* -------- Clock -------- */
#clock { #clock {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -109,7 +109,7 @@ button:active {
/* -------- Mpris -------- */ /* -------- Mpris -------- */
#mpris { #mpris {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -117,7 +117,7 @@ button:active {
/* -------- Pavu -------- */ /* -------- Pavu -------- */
#pulseaudio { #pulseaudio {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -125,7 +125,7 @@ button:active {
/* -------- Bluetooth -------- */ /* -------- Bluetooth -------- */
#bluetooth { #bluetooth {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -133,7 +133,7 @@ button:active {
/* -------- Upower -------- */ /* -------- Upower -------- */
#upower { #upower {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -141,7 +141,7 @@ button:active {
/* -------- Network -------- */ /* -------- Network -------- */
#network { #network {
background: @green; background: @peach;
color: @base; color: @base;
font-weight: 600; font-weight: 600;
letter-spacing: 0.2px; letter-spacing: 0.2px;
@ -149,5 +149,5 @@ button:active {
/* -------- Helpers -------- */ /* -------- Helpers -------- */
@keyframes blink { @keyframes blink {
to { background-color: @green; color: @base; } to { background-color: @peach; color: @base; }
} }

102
moduler/services/nextcloud/default.nix Normal file
View file

@ -0,0 +1,102 @@
{
lib,
pkgs,
config,
myhost,
...
}:
let
cfg = config.services.nextcloud;
srv = cfg.settings.server;
in
with lib;
{
options = {
nextcloud = {
enable = mkEnableOption "enables nextcloud";
port = lib.mkOption {
type = lib.types.int;
default = 8003;
description = "The port that Nextcloud is served on.";
};
domain = lib.mkOption {
type = lib.types.str;
default = "files.wastring.com";
description = "The hostname that Nextcloud is served on.";
};
};
};
config = mkMerge [
(mkIf config.nextloud.enable {
services.nginx = {
virtualHosts.${config.nextcloud.domain} = {
forceSSL = true;
enableACME = true;
};
};
sops.secrets.nextcloud-admin-password = { };
sops.secrets.nextcloud-fw-password = { };
sops.secrets.nextcloud-disa-password = { };
services.nextcloud = {
enable = true;
package = pkgs.nextcloud31;
hostName = config.nextcloud.domain;
https = true;
configureRedis = true;
config.adminpassFile = config.sops.secrets.nextcloud-admin-password.path;
config.dbtype = "sqlite";
ensureUsers = {
fw = {
email = "fredrik@wastring.com";
passwordFile = config.sops.secrets.nextcloud-fw-password.path;
};
disa = {
email = "disahorner@hotmail.com";
passwordFile = config.sops.secrets.nextcloud-disa-password.path;
};
};
extraApps = {
inherit (config.services.nextcloud.package.packages.apps)
contacts
calendar
onlyoffice
;
};
extraAppsEnable = true;
settings.enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
];
};
services.fail2ban = {
enable = true;
jails = {
nextcloud.settings = {
backend = "systemd";
journalmatch = "SYSLOG_IDENTIFIER=Nextcloud";
enabled = true;
port = 443;
protocol = "tcp";
filter = "nextcloud";
maxretry = 3;
bantime = 86400;
findtime = 43200;
};
};
};
})
];
}

73
moduler/system.nix
View file

@ -21,9 +21,6 @@
poppler-utils poppler-utils
imagemagick
pandoc
alsa-utils alsa-utils
sops sops
@ -33,19 +30,16 @@
wget wget
htop htop
procps procps
btop
procs
dysk
grc grc
vim vim
fastfetch fastfetch
bc bc
sysstat # sysstat
lm_sensors # lm_sensors
ethtool # ethtool
pciutils # pciutils
usbutils # usbutils
fzf fzf
eza eza
@ -57,40 +51,37 @@
fortune fortune
cowsay cowsay
openssl
lazygit lazygit
hyprpicker hyprpicker
typst typst
typstyle typstyle
tinymist tinymist
# (
( # let
let # base = pkgs.appimageTools.defaultFhsEnvArgs;
base = pkgs.appimageTools.defaultFhsEnvArgs; # in
in # pkgs.buildFHSEnv (
pkgs.buildFHSEnv ( # base
base # // {
// { # name = "fhs";
name = "fhs"; # targetPkgs =
targetPkgs = # pkgs:
pkgs: # # pkgs.buildFHSUserEnv provides only a minimal FHS environment,
# pkgs.buildFHSUserEnv provides only a minimal FHS environment, # # lacking many basic packages needed by most software.
# lacking many basic packages needed by most software. # # Therefore, we need to add them manually.
# Therefore, we need to add them manually. # #
# # # pkgs.appimageTools provides basic packages required by most software.
# pkgs.appimageTools provides basic packages required by most software. # (base.targetPkgs pkgs)
(base.targetPkgs pkgs) # ++ (with pkgs; [
++ (with pkgs; [ # pkg-config
pkg-config # ncurses
ncurses # # Feel free to add more packages here if needed.
# Feel free to add more packages here if needed. # ]);
]); # profile = "export FHS=1";
profile = "export FHS=1"; # runScript = "bash";
runScript = "bash"; # extraOutputsToInstall = [ "dev" ];
extraOutputsToInstall = [ "dev" ]; # }
} # )
) # )
)
]; ];
} }

6
moduler/users.nix
View file

@ -4,13 +4,13 @@
... ...
}: }:
{ {
sops.secrets.user-password = { }; # sops.secrets.user-password = { };
users = { users = {
defaultUserShell = pkgs.bash; defaultUserShell = pkgs.bash;
mutableUsers = false;
users = { users = {
fw = { fw = {
hashedPasswordFile = config.sops.secrets.user-password.path; # hashedPasswordFile = config.sops.secrets.user-password.path;
initialPassword = "password";
isNormalUser = true; isNormalUser = true;
description = "Fredrik Wastring"; description = "Fredrik Wastring";
extraGroups = [ extraGroups = [