Ranomier/NixToSee
Ranomier/NixToSee
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Ranomier:7724f8cc5feea2356fc74821c9e651e47f6ed5f9
Branches Tags
Ranomier:main
...
compare: Ranomier:855b932cbd4a085d9418de60d96e2e599cddcd7b
Branches Tags
Ranomier:main

42 commits
7724f8cc5f ... 855b932cbd

Author SHA1 Message Date
Ranomier
855b932cbd feat: introduction of system_profiles 2025-06-14 21:43:23 +02:00
Ranomier
116aaaacff wip: home-manager + stylix 2025-06-14 12:40:08 +02:00
Ranomier
f9acc609b2 feat: reenable home-manager 2025-06-09 20:52:04 +02:00
Ranomier
fb74976f82 fix: move import 2025-06-09 20:37:55 +02:00
Ranomier
6972221bda feat: add stylix without home-manager yet 2025-06-09 18:14:05 +02:00
Ranomier
6168b5e200 fix: avoid inherit 2025-06-09 17:24:09 +02:00
Ranomier
8af91887ca feat: add stylix input 2025-06-08 23:16:20 +02:00
Ranomier
71487763a6 fix: sort and doc 2025-06-08 23:16:03 +02:00
Ranomier
5618c615f3 chore: update 2025-06-08 23:11:26 +02:00
Ranomier
c9e7080160 fix: rename tests to experiments 2025-06-08 03:35:07 +02:00
Ranomier
924304c8ea fix: correct path 2025-06-08 03:32:28 +02:00
Ranomier
68f44bcc3a feat: create lib folder, for functions 2025-06-04 23:01:41 +02:00
Ranomier
af0bb8743e wip: switch to librewolf 2025-06-04 22:43:01 +02:00
Ranomier
0b79642f7e wip: let olivetin access specific things 2025-06-04 22:42:23 +02:00
Ranomier
abdddf1ba4 feat: switch to sudo-rs! 2025-06-04 22:41:22 +02:00
Ranomier
e4fabdb3cb wip: add first olivetin tests 2025-06-01 22:11:55 +02:00
Ranomier
09946b885a feat: quota journald logs 2025-05-30 00:59:59 +02:00
Ranomier
022f6deec8 feat: add unattended-updates 2025-05-30 00:59:17 +02:00
Ranomier
cc466ff1e8 feat: 25.05 is now stable 2025-05-29 23:33:24 +02:00
Ranomier
d2a57431d5 fix: nicer syntax 2025-05-29 23:30:42 +02:00
Ranomier
5c013cf4f8 chore: flake.lock update 2025-05-29 23:28:22 +02:00
Ranomier
5274d24bef feat: updated to 25.05 (crocoite) 2025-05-28 22:29:12 +02:00
Ranomier
7eb4cac5ff wip: random expiriments 2025-05-24 12:17:49 +02:00
Ranomier
413726d368 chore: update flake.lock 2025-05-20 01:40:54 +02:00
Ranomier
81979fccae wip: interims solution 2025-05-20 01:40:29 +02:00
Ranomier
2ef666ad65 fix: why did we disable the firewall? 2025-05-15 20:36:37 +02:00
Ranomier
b76d837472 fix: refactor - make it beautiful! 2025-05-15 20:36:25 +02:00
Ranomier
14a58c86d1 feat: added nvimdiff and nvimdiff 2025-05-15 20:05:29 +02:00
Ranomier
b134344dd5 chore: activate game-lianti again 2025-05-14 23:17:57 +02:00
Ranomier
129d7ea780 feat: make it a module! 2025-05-14 22:59:09 +02:00
Ranomier
7de3e76509 chore: update lock 2025-05-14 22:57:53 +02:00
Ranomier
e831b0f402 wip: add julia server with wordpress 2025-05-13 19:02:56 +02:00
Ranomier
3efa686d83 wild hacking 2025-05-12 19:51:19 +02:00
Ranomier
66072b1d6e fix: remove system.copySystemConfiguration 
system.copySystemConfiguration is not compatible with flakes
 2025-05-11 10:33:57 +02:00
Ranomier
e827a97ead fix: remove uneeded imports 2025-05-10 22:42:21 +02:00
Ranomier
005c7590ec feat: copy config to system 2025-05-10 22:39:05 +02:00
Ranomier
c90c256097 feat: use correct gameID 2025-05-10 22:11:38 +02:00
Ranomier
6960c79fbd feat: differentiate between core and extended pkgs 
also use core packages in server system profile
 2025-05-10 22:09:55 +02:00
Ranomier
9320bd758a feat: added postgresql 2025-05-09 22:08:43 +02:00
Ranomier
6922232ec5 feat: add luanti server 2025-05-09 19:38:05 +02:00
Ranomier
ddf8154933 feat: added proper hardware-configuration and sshd 2025-05-08 23:45:04 +02:00
Ranomier
55a252b632 feat: added ssh-server 2025-05-08 23:44:32 +02:00
82 changed files with 2058 additions and 286 deletions
Download patch file Download diff file Expand all files Collapse all files

1
certificates/id_ed25519_ext-julia.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtsLGI/S6473jzw4BlWTRfxVO7mhEhClRF0gzpexG9V game-luanti

1
certificates/id_ed25519_game-luanti.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPydzO5SD6CwZUyiXYGleCGzGLdOqplPWSrJ8dAhs8J game-luanti

0
tests/default.nix → experiments/default.nix
View file

0
tests/glitchtip-container.nix → experiments/glitchtip-container.nix
View file

447
flake.lock generated
View file

@ -1,5 +1,205 @@
{
"nodes": {
"base16": {
"inputs": {
"fromYaml": "fromYaml"
},
"locked": {
"lastModified": 1746562888,
"narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "base16.nix",
"type": "github"
}
},
"base16-fish": {
"flake": false,
"locked": {
"lastModified": 1622559957,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1736852337,
"narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1732806396,
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
}
},
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1744642301,
"narHash": "sha256-5A6LL7T0lttn1vrKsNOKUk9V0ittdW0VEqh6AtefxJ4=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "59e3de00f01e5adb851d824cf7911bd90c31083a",
"type": "github"
},
"original": {
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1731966426,
"narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "106af9e2f715e2d828df706c386a685698f3223b",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"stylix",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1742649964,
"narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"stylix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1744584021,
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "48.1",
"repo": "gnome-shell",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -7,27 +207,49 @@
]
},
"locked": {
"lastModified": 1746171682,
"narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=",
"lastModified": 1749154018,
"narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "50eee705bbdbac942074a8c120e8194185633675",
"rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747556831,
"narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"nix-flatpak": {
"locked": {
"lastModified": 1744659587,
"narHash": "sha256-xJnbmRVte13akgn+Prg06IaRHJ5OX3uVltwsCP/mxoc=",
"lastModified": 1749394952,
"narHash": "sha256-WbWkzIvB0gqAdBLghdmUpGveY7MlAS2iMj3VEJnJ9yE=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "928d868a9141b48f152d3b2b00c433e688d4b106",
"rev": "64c6e53a3999957c19ab95cda78bde466d8374cc",
"type": "github"
},
"original": {
@ -59,11 +281,11 @@
]
},
"locked": {
"lastModified": 1742568034,
"narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=",
"lastModified": 1747663185,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
"type": "github"
},
"original": {
@ -74,11 +296,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1746621361,
"narHash": "sha256-T9vOxEqI1j1RYugV0b9dgy0AreiZ9yBDKZJYyclF0og=",
"lastModified": 1749195551,
"narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2ea3ad8a1f26a76f8a8e23fc4f7757c46ef30ee5",
"rev": "4602f7e1d3f197b3cb540d5accf5669121629628",
"type": "github"
},
"original": {
@ -90,11 +312,11 @@
},
"nixos-unstable": {
"locked": {
"lastModified": 1746461020,
"narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=",
"lastModified": 1749285348,
"narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae",
"rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
"type": "github"
},
"original": {
@ -106,20 +328,46 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1746557022,
"narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=",
"lastModified": 1749237914,
"narHash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860",
"rev": "70c74b02eac46f4e4aa071e45a6189ce0f6d9265",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": [
"stylix",
"flake-parts"
],
"nixpkgs": [
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1746056780,
"narHash": "sha256-/emueQGaoT4vu0QjU9LDOG5roxRSfdY0K2KkxuzazcM=",
"owner": "nix-community",
"repo": "NUR",
"rev": "d476cd0972dd6242d76374fcc277e6735715c167",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
@ -127,7 +375,164 @@
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixos-unstable": "nixos-unstable",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"stylix": "stylix"
}
},
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_2",
"nixpkgs": [
"nixpkgs"
],
"nur": "nur",
"systems": "systems",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1749389855,
"narHash": "sha256-//wZBnlBJ7Ki5/ZdafiAZwVFZd/2HhKqEbOupo/HcRA=",
"owner": "danth",
"repo": "stylix",
"rev": "bf5ab9df57a3d77847289c39c3a537bd6e6ac6f4",
"type": "github"
},
"original": {
"owner": "danth",
"ref": "release-25.05",
"repo": "stylix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1726913040,
"narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1735730497,
"narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1744974599,
"narHash": "sha256-Fg+rdGs5FAgfkYNCs74lnl8vkQmiZVdBsziyPhVqrlY=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "28c26a621123ad4ebd5bbfb34ab39421c0144bdd",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1745111349,
"narHash": "sha256-udV+nHdpqgkJI9D0mtvvAzbqubt9jdifS/KhTTbJ45w=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "e009f18a01182b63559fb28f1c786eb027c3dee9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1725758778,
"narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "122c9e5c0e6f27211361a04fae92df97940eccf9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-zed",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},

25
flake.nix
View file

@ -1,12 +1,13 @@
{
inputs = {
# Main nix package repository
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
home-manager = {
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
# NixOS unstable
nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
# ready made hardware configurations. e.G.: Power saving
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
# generating filesystems in different formats
nixos-generators = {
@ -14,11 +15,17 @@
inputs.nixpkgs.follows = "nixpkgs";
};
# NixOS unstable channel
nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
# additional user specific nix modules
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
# ready made hardware configurations. e.G.: Power saving
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
# theming
stylix = {
url = "github:danth/stylix/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
# for managing flatpaks, like which ones are installed and which not
nix-flatpak.url = "github:gmodena/nix-flatpak";

31
hosts/crocoite/default.nix
View file

@ -5,14 +5,15 @@
nixos-unstable,
...
}: {
#nixpkgs.overlays = [ overlays.unstable-packages ];
nixpkgs = {
# You can add overlays here
overlays = with inArgs.self.overlays; [
# Add overlays your own flake exports (from overlays and pkgs dir):
unstable-packages
#additions
#modifications
unstable-packages
# You can also add overlays exported from other flakes:
# neovim-nightly-overlay.overlays.default
@ -27,34 +28,12 @@
};
imports = [
# steam and other stuff seems to depend on perl
#"${modulesPath}/profiles/perlless.nix"
inArgs.nix-flatpak.nixosModules.nix-flatpak
#nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
./hardware-configuration.nix
./boot.nix
../../modules
../../modules/users
../../modules/hardware
../../modules/sec_auth
../../modules/software
../../modules/software/browser
../../modules/software/nix-helper
../../modules/software/shells
../../modules/software/office
../../modules/wm_and_de
../../modules/pkg_mgrmnt
../../system_profiles/defaults.nix
# ../../tests
../../system_profiles/desktop.nix
# ../../experiments
];
}

1
hosts/crocoite/hardware-configuration.nix
View file

@ -10,6 +10,7 @@
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
#nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1
];
boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];

11
hosts/ext-julia/boot.nix Normal file
View file

@ -0,0 +1,11 @@
{
# Use the GRUB 2 boot loader.
boot.loader.grub = {
enable = true;
# efiSupport = true;
# efiInstallAsRemovable = true;
# Define on which hard drive you want to install Grub.
device = "/dev/vda"; # or "nodev" for efi only
};
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
}

37
hosts/ext-julia/default.nix Normal file
View file

@ -0,0 +1,37 @@
{pkgs, ...}:{
imports = [
./boot.nix
./hardware-configuration.nix
#../../modules/hosting/wordpress-simple/kiezpalme.nix
#../../modules/hosting/wordpress-simple/pertineo.nix
../../modules/hosting/wordpress.nix
../../modules/sec_auth/ssh-server.nix
../../system_profiles/server.nix
];
#services.mysql = {
# enable = true;
# package = pkgs.mariadb;
#};
services.cWordpress."example-site" = {
enable = true;
sitePort = 80;
};
services.cWordpress."example-site2" = {
enable = true;
sitePort = 81;
};
services.openssh.ports = [11522];
users = let
username = "root";
in {
users."${username}".openssh.authorizedKeys.keyFiles = [
../../certificates/id_ed25519_ext-julia.pub
];
};
}

37
hosts/ext-julia/hardware-configuration.nix Normal file
View file

@ -0,0 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
initrd.kernelModules = [];
kernelModules = [];
extraModulePackages = [];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/d290e12c-d93c-45f6-b737-135b551c1951";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/8c56f52e-568a-4e03-b22c-6d1c7de7c118";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

8
hosts/factorio/hardware-configuration.nix
View file

@ -1,13 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
{lib, ...}: {
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
# maybe instruct nix to just use available swap partition

11
hosts/game-luanti/boot.nix Normal file
View file

@ -0,0 +1,11 @@
{
# Use the GRUB 2 boot loader.
boot.loader.grub = {
enable = true;
# efiSupport = true;
# efiInstallAsRemovable = true;
# Define on which hard drive you want to install Grub.
device = "/dev/vda"; # or "nodev" for efi only
};
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
}

27
hosts/game-luanti/default.nix
View file

@ -1,13 +1,26 @@
{
pkgs,
lib,
modulesPath,
...
}: {
imports = [
./boot.nix
./hardware-configuration.nix
../../system_profiles/defaults.nix
../../system_profiles/mini-container.nix
../../modules/game/server/luanti
../../modules/sec_auth/ssh-server.nix
../../modules/pkg_mgrmnt/unattended-updates.nix
../../system_profiles/server.nix
];
users = let
username = "root";
in {
users."${username}".openssh.authorizedKeys.keyFiles = [
../../certificates/id_ed25519_game-luanti.pub
];
};
services.journald.extraConfig = ''
Storage=persistent
SystemMaxUse=100M
SystemKeepFree=50M
'';
}

35
hosts/game-luanti/hardware-configuration.nix
View file

@ -1,3 +1,36 @@
{lib, ...}: {
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
initrd.kernelModules = [];
kernelModules = [];
extraModulePackages = [];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/d290e12c-d93c-45f6-b737-135b551c1951";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/8c56f52e-568a-4e03-b22c-6d1c7de7c118";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

7
hosts/jitsi/default.nix
View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
modulesPath,
...
}: {
{...}: {
nixpkgs.config = {
# Disable if you don't want unfree packages
allowUnfree = true;

16
lib/debug.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }:
{
imports = [
{lib, config, ... }: {
options.tempDebugVar = lib.mkOption {
type = lib.types.str;
default = "";
description = "tempDebugVar";
};
}
];
environment.etc."debugfile".text = ''
${config.tempDebugVar}
'';
}

8
hostHelper.nix → lib/hostHelper.nix
View file

@ -5,9 +5,13 @@ inArgs: hostname: hostOptions: let
else inArgs.nixpkgs.lib.nixosSystem;
in
nixosSystem {
specialArgs = {inherit inArgs;};
specialArgs = {
inArgs = inArgs;
rootPath = inArgs.self;
};
modules = [
./hosts/${hostname}
../hosts/${hostname}
#./debug.nix
{
networking.hostName = hostname;

13
modules/customisation.nix
View file

@ -1,10 +1,13 @@
{pkgs, ...}: {
# install and set neovim as MANPAGER
environment.systemPackages = [pkgs.neovim];
environment.variables = {
"MANPAGER" = "nvim +Man!";
environment = {
systemPackages = [pkgs.neovim];
variables = {
# set neovim as default editor
"EDITOR" = "nvim";
# set neovim as default editor
"EDITOR" = "nvim";
# use neovim as manpager! :3
"MANPAGER" = "nvim +Man!";
};
};
}

10
modules/default.nix
View file

@ -1,11 +1,17 @@
{
imports = [
#./plymouth.nix
./accessibility.nix
./customisation.nix
# should only be imported directly or via system_profiles
#./dhcp-all-interfaces.nix
./environment.nix
./firewall.nix
./locale.nix
./networking.nix
./firewall.nix
#./plymouth.nix # increases boot time too much
#./serial-console.nix # probably only for servers
./theming.nix
];
}

9
modules/dhcp-all-interfaces.nix Normal file
View file

@ -0,0 +1,9 @@
{
# Enables DHCP on each ethernet and wireless interface.
# In case of scripted networking (the default) this is the recommended approach.
# When using systemd-networkd it's still possible to use this option,
# but it's recommended to use it in conjunction with
# explicit per-interface declarations with:
# `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
}

58
modules/environment.nix
View file

@ -1,33 +1,35 @@
{pkgs, ...}: {
environment.etc = {
"xdg/user-dirs.defaults".text = ''
DESKTOP=Desktop
DOWNLOAD=Downloads
TEMPLATES=Documents/Templates
PUBLICSHARE=Public
DOCUMENTS=Documents
MUSIC=Media/Music
PICTURES=Media/Pictures
VIDEOS=Media/Videos
'';
};
# This is using a rec (recursive) expression to set and access XDG_BIN_HOME within the expression
# For more on rec expressions see https://nix.dev/tutorials/first-steps/nix-language#recursive-attribute-set-rec
environment.sessionVariables = rec {
XDG_CACHE_HOME = "$HOME/.cache";
XDG_CONFIG_HOME = "$HOME/.config";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_STATE_HOME = "$HOME/.local/state";
environment = {
etc = {
"xdg/user-dirs.defaults".text = ''
DESKTOP=Desktop
DOWNLOAD=Downloads
TEMPLATES=Documents/Templates
PUBLICSHARE=Public
DOCUMENTS=Documents
MUSIC=Media/Music
PICTURES=Media/Pictures
VIDEOS=Media/Videos
'';
};
# This is using a rec (recursive) expression to set and access XDG_BIN_HOME within the expression
# For more on rec expressions see https://nix.dev/tutorials/first-steps/nix-language#recursive-attribute-set-rec
sessionVariables = rec {
XDG_CACHE_HOME = "$HOME/.cache";
XDG_CONFIG_HOME = "$HOME/.config";
XDG_DATA_HOME = "$HOME/.local/share";
XDG_STATE_HOME = "$HOME/.local/state";
# Not officially in the specification
XDG_BIN_HOME = "$HOME/.local/mybin";
PATH = [
"${XDG_BIN_HOME}"
# Not officially in the specification
XDG_BIN_HOME = "$HOME/.local/mybin";
PATH = [
"${XDG_BIN_HOME}"
];
};
# XDG-USER-DIR package and config
systemPackages = with pkgs; [
xdg-user-dirs
];
};
# XDG-USER-DIR package and config
environment.systemPackages = with pkgs; [
xdg-user-dirs
];
}

2
modules/firewall.nix
View file

@ -1,6 +1,6 @@
{
networking.firewall = {
enable = false;
enable = true;
# Open ports in the firewall.
allowedTCPPorts = [8080 10001 10002];

11
modules/game/server/luanti/default.nix
View file

@ -1,5 +1,8 @@
{...}: {
services.minetest = {
enable = true;
};
{
imports = [
./luanti.nix
#./mods.nix
./olivetin.nix
./postgresql.nix
];
}

20
modules/game/server/luanti/luanti.nix Normal file
View file

@ -0,0 +1,20 @@
{pkgs, ...}: let
port = 10523;
in {
services.minetest-server = {
enable = true;
gameId = "EinsDreiDreiSieben";
port = port;
};
# open port since luanti does not do it by itself
networking.firewall = {
allowedUDPPorts = [port];
};
# install luanti seperatly so it is available through the command line
environment.systemPackages = with pkgs; [
luanti
];
}

11
modules/game/server/luanti/mods.nix Normal file
View file

@ -0,0 +1,11 @@
{ pkgs, config, ... }: let
GitMod = curl: pkgs.fetchgit rec {
url = curl;
fetchSubmodules = true;
deepClone = false;
leaveDotGit = false;
};
this-variable-should-exist = GitMod "https://gitlab.com/rubenwardy/accountmgr";
in {
config.tempDebugVar = break this-variable-should-exist;
}

64
modules/game/server/luanti/olivetin.nix Normal file
View file

@ -0,0 +1,64 @@
{ pkgs, lib, ... }: let
_pull = pkgs.writeShellScript "pull" ''
export GIT_SSH_COMMAND='ssh -i /var/lib/minetest/.ssh/id_ed25519_temp -o IdentitiesOnly=yes'
git -C /var/lib/minetest/.minetest/games/EinsDreiDreiSieben pull
'';
pull = _pull.outPath;
_restart = pkgs.writeShellScript "restart" ''
echo "before"
systemctl restart minetest-server.service
echo "after"
'';
restart = _restart.outPath;
in {
users.users."minetest".linger = true;
services.olivetin = {
enable = true;
settings = {
actions = [
{
title = "puuuull!";
shell = "/run/wrappers/bin/sudo -u minetest - ${pull}";
popupOnStart = "execution-dialog-stdout-only";
icon = "&#11015;";
}
{
title = "restart";
shell = "/run/wrappers/bin/sudo -u minetest - ${restart}";
popupOnStart = "execution-dialog-stdout-only";
icon = "&#11015;";
}
];
};
path = [
pkgs.git
pkgs.openssh
];
};
security.sudo-rs.extraRules = [
{
users = [ "olivetin" ];
runAs = "minetest";
commands = [
{
command = pull;
options = [ "NOPASSWD" ];
}
];
}
{
users = [ "olivetin" ];
runAs = "root";
commands = [
{
command = restart;
options = [ "NOPASSWD" ];
}
];
}
];
}

18
modules/game/server/luanti/postgresql.nix Normal file
View file

@ -0,0 +1,18 @@
{pkgs, ...}: {
config.services.postgresql = {
enable = true;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all all trust
'';
ensureDatabases = ["luanti_world"];
ensureUsers = [
{
name = "luanti_world";
ensureDBOwnership = true;
}
];
};
}

6
modules/hardware/bluetooth.nix
View file

@ -1,6 +1,8 @@
{
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = false; # powers up the default Bluetooth controller on boot
hardware = {
bluetooth.enable = true; # enables support for Bluetooth
bluetooth.powerOnBoot = false; # powers up the default Bluetooth controller on boot
};
services.blueman.enable = true; # provides blueman-applet and blueman-manager
}

5
modules/hardware/default.nix
View file

@ -2,8 +2,9 @@
imports = [
./bluetooth.nix
./fwupd.nix
./scan_and_print.nix
#./trackpoint.nix
./gpu.nix
./print.nix
./scan.nix
#./trackpoint.nix
];
}

10
modules/hardware/gpu.nix
View file

@ -1,6 +1,8 @@
{pkgs, ...}: {
hardware.graphics.enable = true;
hardware.graphics.extraPackages = with pkgs; [
libvdpau-va-gl
];
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
libvdpau-va-gl
];
};
}

4
modules/hardware/print.nix Normal file
View file

@ -0,0 +1,4 @@
{
# Enable CUPS to print documents.
services.printing.enable = true;
}

27
modules/hardware/scan.nix Normal file
View file

@ -0,0 +1,27 @@
{pkgs, ...}: {
services.ipp-usb.enable = true; # enable usb support
hardware.sane = {
enable = true; # enables support for SANE scanners
backends-package = pkgs.sane-backends.overrideAttrs (old: {
configureFlags =
(old.configureFlags or [])
++ [
# "--localstatedir=/var" # `sane-backends` puts e.g. lock files in here, must not be in /nix/store
# "--with-lockdir=/var/lock/sane" # `sane-backends` puts e.g. lock files in here, must not be in /nix/store
# Ugly workaround for https://github.com/NixOS/nixpkgs/issues/273280#issuecomment-1848873028
# Really we should make `sane-backends` be able to provide a real lock dir (e.g. `/var/lock/sane`).
"--disable-locking"
];
});
};
users.users.ranomier.extraGroups = ["scanner" "lp"];
# only for the scan and maybe print clients
environment.systemPackages = with pkgs; [
simple-scan
];
}

27
modules/hardware/scan_and_print.nix
View file

@ -1,27 +0,0 @@
{pkgs, ...}: {
hardware.sane.enable = true; # enables support for SANE scanners
services.ipp-usb.enable = true; # enable usb support
hardware.sane.backends-package = pkgs.sane-backends.overrideAttrs (old: {
configureFlags =
(old.configureFlags or [])
++ [
# "--localstatedir=/var" # `sane-backends` puts e.g. lock files in here, must not be in /nix/store
# "--with-lockdir=/var/lock/sane" # `sane-backends` puts e.g. lock files in here, must not be in /nix/store
# Ugly workaround for https://github.com/NixOS/nixpkgs/issues/273280#issuecomment-1848873028
# Really we should make `sane-backends` be able to provide a real lock dir (e.g. `/var/lock/sane`).
"--disable-locking"
];
});
users.users.ranomier.extraGroups = ["scanner" "lp"];
# only for the scan and maybe print clients
environment.systemPackages = with pkgs; [
simple-scan
];
# Enable CUPS to print documents.
services.printing.enable = true;
}

113
modules/hosting/wordpress-simple/kiezpalme.nix Normal file
View file

@ -0,0 +1,113 @@
{
config,
pkgs,
lib,
...
}: let
siteName = "shop.kiezpalme.de";
sitePort = 80;
siteDataDir = "/srv/http/${siteName}";
siteUser = "user-${siteName}";
siteGroup = config.services.nginx.user;
siteUserPhp = "${siteUser}-php";
siteGroupPhp = siteUserPhp;
sitePhpPool = "wordpress-${siteName}";
in {
users = {
users = {
"${siteUser}" = {
isSystemUser = true;
group = siteGroup;
home = siteDataDir;
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
"${siteUserPhp}" = {
isSystemUser = true;
group = siteGroupPhp;
home = "/var/empty";
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
};
groups = {
"${siteGroup}" = {};
"${siteGroupPhp}" = {};
};
};
services = {
phpfpm.pools."${sitePhpPool}" = {
user = siteUserPhp;
group = siteGroupPhp;
settings = {
# Socket ownership so Nginx can connect
"listen.owner" = config.services.nginx.user;
"listen.group" = siteGroupPhp;
"listen.mode" = "0660";
# Dynamic process management tuned for small sites
pm = "dynamic";
"pm.max_children" = "5";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
# Logging
"catch_workers_output" = true;
"php_admin_flag[log_errors]" = true;
};
};
nginx = {
enable = true;
virtualHosts."${siteName}" = {
default = true;
root = siteDataDir;
listen = [
{
addr = "0.0.0.0";
port = sitePort;
ssl = false;
}
];
# Fallback for pretty permalinks
locations."/" = {
tryFiles = "$uri $uri/ /index.php?$args";
};
extraConfig = ''
index index.php;
'';
# Handle PHP scripts
locations."~ \\.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
};
};
};
};
# Bootstrap WordPress on activation
environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here?
system.activationScripts."setupWordpress-${siteName}".text = ''
mkdir -p ${siteDataDir}
if [ ! -f ${siteDataDir}/wp-config.php ]; then
cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/
chown -R ${siteUser}:${siteGroup} ${siteDataDir}
chmod -R 755 ${siteDataDir}
fi
''; # TODO: tighten permissions (not 755)
}

113
modules/hosting/wordpress-simple/pertineo.nix Normal file
View file

@ -0,0 +1,113 @@
{
config,
pkgs,
lib,
...
}: let
siteName = "pertineo.de";
sitePort = 81;
siteDataDir = "/srv/http/${siteName}";
siteUser = "user-${siteName}";
siteGroup = config.services.nginx.user;
siteUserPhp = "${siteUser}-php";
siteGroupPhp = siteUserPhp;
sitePhpPool = "wordpress-${siteName}";
in {
users = {
users = {
"${siteUser}" = {
isSystemUser = true;
group = siteGroup;
home = siteDataDir;
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
"${siteUserPhp}" = {
isSystemUser = true;
group = siteGroupPhp;
home = "/var/empty";
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
};
groups = {
"${siteGroup}" = {};
"${siteGroupPhp}" = {};
};
};
services = {
phpfpm.pools."${sitePhpPool}" = {
user = siteUserPhp;
group = siteGroupPhp;
settings = {
# Socket ownership so Nginx can connect
"listen.owner" = config.services.nginx.user;
"listen.group" = siteGroupPhp;
"listen.mode" = "0660";
# Dynamic process management tuned for small sites
pm = "dynamic";
"pm.max_children" = "5";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
# Logging
"catch_workers_output" = true;
"php_admin_flag[log_errors]" = true;
};
};
nginx = {
enable = true;
virtualHosts."${siteName}" = {
default = true;
root = siteDataDir;
listen = [
{
addr = "0.0.0.0";
port = sitePort;
ssl = false;
}
];
# Fallback for pretty permalinks
locations."/" = {
tryFiles = "$uri $uri/ /index.php?$args";
};
extraConfig = ''
index index.php;
'';
# Handle PHP scripts
locations."~ \\.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
};
};
};
};
# Bootstrap WordPress on activation
environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here?
system.activationScripts."setupWordpress-${siteName}".text = ''
mkdir -p ${siteDataDir}
if [ ! -f ${siteDataDir}/wp-config.php ]; then
cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/
chown -R ${siteUser}:${siteGroup} ${siteDataDir}
chmod -R 755 ${siteDataDir}
fi
''; # TODO: tighten permissions (not 755)
}

186
modules/hosting/wordpress.nix Normal file
View file

@ -0,0 +1,186 @@
{
config,
pkgs,
lib,
...
}: let
siteOpts = lib.types.submodule ({
options = {
enable = lib.mkEnableOption "custom WordPress service";
siteName = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
sitePort = lib.mkOption {
type = lib.types.port;
default = 80;
description = ""; # TODO:
};
#siteDataDir = lib.mkOption {
# type = lib.types.str;
# default = "/srv/http/${siteName}";
#};
#siteUser = lib.mkOption {
# type = lib.types.str;
# default = "user-${siteName}";
#};
#siteGroup = lib.mkOption {
# type = lib.types.str;
# default = config.services.nginx.user;
#};
#siteUserPhp = lib.mkOption {
# type = lib.types.str;
# default = "${siteUser}-php";
#};
#siteGroupPhp = lib.mkOption {
# type = lib.types.str;
# default = siteUserPhp;
#};
#sitePhpPool = lib.mkOption {
# type = lib.types.str;
# default = "wordpress-${siteName}";
#};
};
});
#sites = builtins.mapAttrs (siteName2: siteConfig:
# let
# siteName = if siteConfig.siteName != null then siteConfig.siteName else siteName2;
# in siteConfig // {siteName = siteName;}
#) cfg;
#
#enabledSites = lib.filterAttrs (name: config: config.enable) cfg;
#magie = banana: builtins.mapAttrs (siteName: site: banana) enabledSites;
mkMergeTopLevel = names: attrs:
lib.getAttrs names (
lib.mapAttrs (k: v: lib.mkMerge v) (lib.foldAttrs (n: a: [n] ++ a) [] attrs)
);
cfg = config.services.cWordpress;
in {
options = {
services.cWordpress = lib.mkOption {
type = lib.types.attrsOf siteOpts;
default = {};
description = ""; # TODO:
};
};
config = mkMergeTopLevel ["users" "services" "environment" "system"] (lib.mapAttrsToList (
siteName: opts: let
siteDataDir = "/srv/http/${siteName}";
siteUser = "user-${siteName}";
siteGroup = config.services.nginx.user;
siteUserPhp = "${siteUser}-php";
siteGroupPhp = siteUserPhp;
sitePhpPool = "wordpress-${siteName}";
in {
users = {
users = {
"${siteUser}" = {
isSystemUser = true;
group = siteGroup;
home = siteDataDir;
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
"${siteUserPhp}" = {
isSystemUser = true;
group = siteGroupPhp;
home = "/var/empty";
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
};
groups = {
"${siteGroup}" = {};
"${siteGroupPhp}" = {};
};
};
services = {
mysql = {
enable = true;
package = pkgs.mariadb;
};
phpfpm.pools."${sitePhpPool}" = {
user = siteUserPhp;
group = siteGroupPhp;
settings = {
# Socket ownership so Nginx can connect
"listen.owner" = config.services.nginx.user;
"listen.group" = siteGroupPhp;
"listen.mode" = "0660";
# Dynamic process management tuned for small sites
pm = "dynamic";
"pm.max_children" = "5";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
# Logging
"catch_workers_output" = true;
"php_admin_flag[log_errors]" = true;
};
};
nginx = {
enable = true;
virtualHosts."${siteName}" = {
default = true;
root = siteDataDir;
listen = [
{
addr = "0.0.0.0";
port = opts.sitePort;
ssl = false;
}
];
# Fallback for pretty permalinks
locations."/" = {
tryFiles = "$uri $uri/ /index.php?$args";
};
extraConfig = ''
index index.php;
'';
# Handle PHP scripts
locations."~ \\.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
};
};
};
};
# Bootstrap WordPress on activation
environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here?
system.activationScripts."setupWordpress-${siteName}".text = ''
mkdir -p ${siteDataDir}
if [ ! -f ${siteDataDir}/wp-config.php ]; then
cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/
chown -R ${siteUser}:${siteGroup} ${siteDataDir}
chmod -R 755 ${siteDataDir}
fi
''; # TODO: tighten permissions (not 755)
}
)
cfg);
}

186
modules/hosting/wordpress_from_krebs.nix Normal file
View file

@ -0,0 +1,186 @@
{
config,
pkgs,
lib,
...
}: let
siteOpts = lib.types.submodule ({name, ...}: {
options = {
enable = lib.mkEnableOption "custom WordPress service";
siteName = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
sitePort = lib.mkOption {
type = lib.types.port;
default = 80;
description = ""; # TODO:
};
#siteDataDir = lib.mkOption {
# type = lib.types.str;
# default = "/srv/http/${siteName}";
#};
#siteUser = lib.mkOption {
# type = lib.types.str;
# default = "user-${siteName}";
#};
#siteGroup = lib.mkOption {
# type = lib.types.str;
# default = config.services.nginx.user;
#};
#siteUserPhp = lib.mkOption {
# type = lib.types.str;
# default = "${siteUser}-php";
#};
#siteGroupPhp = lib.mkOption {
# type = lib.types.str;
# default = siteUserPhp;
#};
#sitePhpPool = lib.mkOption {
# type = lib.types.str;
# default = "wordpress-${siteName}";
#};
};
});
#sites = builtins.mapAttrs (siteName2: siteConfig:
# let
# siteName = if siteConfig.siteName != null then siteConfig.siteName else siteName2;
# in siteConfig // {siteName = siteName;}
#) cfg;
#
#enabledSites = lib.filterAttrs (name: config: config.enable) cfg;
#magie = banana: builtins.mapAttrs (siteName: site: banana) enabledSites;
mkMergeTopLevel = names: attrs:
lib.getAttrs names (
lib.mapAttrs (k: v: lib.mkMerge v) (lib.foldAttrs (n: a: [n] ++ a) [] attrs)
);
cfg = config.services.cWordpress;
opts = siteName: {
siteDataDir = "/srv/http/${siteName}";
siteUser = "user-${siteName}";
siteGroup = config.services.nginx.user;
siteUserPhp = "${siteUser}-php";
siteGroupPhp = siteUserPhp;
sitePhpPool = "wordpress-${siteName}";
};
in {
options = {
services.cWordpress = lib.mkOption {
type = lib.types.attrsOf siteOpts;
default = {};
description = ""; # TODO:
};
};
config = {
users.users = lib.mapAttrs' (siteName: siteConfig: {
"user-${siteName}" = {
isSystemUser = true;
group = config.services.nginx.user;
home = "/srv/http/${siteName}";
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
"user-${siteName}-php" = {
isSystemUser = true;
group = "user-${siteName}-php";
home = "/var/empty";
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
}) cfg;
users.groups = lib.mapAttrs' (siteName: siteConfig: {
${config.services.nginx.user} = {};
"user-${siteName}-php" = {};
}) cfg;
services = {
mysql = {
enable = true;
package = pkgs.mariadb;
};
phpfpm.pools."${sitePhpPool}" = {
user = siteUserPhp;
group = siteGroupPhp;
settings = {
# Socket ownership so Nginx can connect
"listen.owner" = config.services.nginx.user;
"listen.group" = siteGroupPhp;
"listen.mode" = "0660";
# Dynamic process management tuned for small sites
pm = "dynamic";
"pm.max_children" = "5";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
# Logging
"catch_workers_output" = true;
"php_admin_flag[log_errors]" = true;
};
};
nginx = {
enable = true;
virtualHosts."${siteName}" = {
default = true;
root = siteDataDir;
listen = [
{
addr = "0.0.0.0";
port = opts.sitePort;
ssl = false;
}
];
# Fallback for pretty permalinks
locations."/" = {
tryFiles = "$uri $uri/ /index.php?$args";
};
extraConfig = ''
index index.php;
'';
# Handle PHP scripts
locations."~ \\.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
};
};
};
};
# Bootstrap WordPress on activation
environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here?
system.activationScripts."setupWordpress-${siteName}".text = ''
mkdir -p ${siteDataDir}
if [ ! -f ${siteDataDir}/wp-config.php ]; then
cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/
chown -R ${siteUser}:${siteGroup} ${siteDataDir}
chmod -R 755 ${siteDataDir}
fi
''; # TODO: tighten permissions (not 755)
}
)
cfg);
}

138
modules/hosting/wordpress_new.nix Normal file
View file

@ -0,0 +1,138 @@
{
config,
pkgs,
lib,
...
}: let
cfg = config.services.cWordpress;
in {
options = {
services.cWordpress = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
options.enable = lib.mkEnableOption "custom WordPress service";
options.sitePort = lib.mkOption {
type = lib.types.port;
default = 80;
description = ""; # TODO:
};
});
default = {};
description = ""; # TODO: per-site WordPress configs
};
};
config = lib.foldAttrs' (siteName: cfg: let
siteDataDir = "/srv/http/${siteName}";
siteUser = "user-${siteName}";
siteGroup = config.services.nginx.user;
siteUserPhp = "${siteUser}-php";
siteGroupPhp= siteUserPhp;
sitePhpPool = "wordpress-${siteName}";
in
lib.mkIf cfg.enable {
users = {
users = {
"${siteUser}" = {
isSystemUser = true;
group = siteGroup;
home = siteDataDir;
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
### 3) Service account for PHP-FPM pool
"${siteUserPhp}" = {
isSystemUser = true;
group = siteGroupPhp;
home = "/var/empty";
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
};
groups = {
"${siteGroup}" = {};
"${siteGroupPhp}" = {};
};
};
services = {
mysql = {
enable = true;
package = pkgs.mariadb;
};
phpfpm.pools."${sitePhpPool}" = {
user = siteUserPhp;
group = siteGroupPhp;
settings = {
# Socket ownership so Nginx can connect
"listen.owner" = config.services.nginx.user;
"listen.group" = siteGroupPhp;
"listen.mode" = "0660";
# Dynamic process management tuned for small sites
pm = "dynamic";
"pm.max_children" = "5";
"pm.start_servers" = "2";
"pm.min_spare_servers" = "1";
"pm.max_spare_servers" = "3";
# Logging
"catch_workers_output" = true;
"php_admin_flag[log_errors]" = true;
};
};
nginx = {
enable = true;
virtualHosts."${siteName}" = {
default = true;
root = siteDataDir;
listen = [
{
addr = "0.0.0.0";
port = cfg.sitePort;
ssl = false;
}
];
# Fallback for pretty permalinks
locations."/" = {
tryFiles = "$uri $uri/ /index.php?$args";
};
extraConfig = ''
index index.php;
'';
# Handle PHP scripts
locations."~ \\.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket};
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include ${pkgs.nginx}/conf/fastcgi_params;
'';
};
};
};
};
# Bootstrap WordPress on activation
environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here?
system.activationScripts."setupWordpress-${siteName}".text = ''
mkdir -p ${siteDataDir}
if [ ! -f ${siteDataDir}/wp-config.php ]; then
cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/
chown -R ${siteUser}:${siteGroup} ${siteDataDir}
chmod -R 755 ${siteDataDir}
fi
'';
}}) {} cfg;
}

145
modules/hosting/wordpress_refactor.nix Normal file
View file

@ -0,0 +1,145 @@
{
config,
pkgs,
lib,
...
}: let
siteOpts = lib.types.submodule ({...}: {
options = {
enable = lib.mkEnableOption "custom WordPress service";
siteName = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
};
sitePort = lib.mkOption {
type = lib.types.port;
default = 80;
description = ""; # TODO:
};
};
});
cfg = config.services.cWordpress;
opts = siteName: rec {
siteDataDir = "/srv/http/${siteName}";
siteUser = "user-${siteName}";
siteGroup = config.services.nginx.user;
siteUserPhp = "${siteUser}-php";
siteGroupPhp = siteUserPhp;
sitePhpPool = "wordpress-${siteName}";
};
in {
options = {
services.cWordpress = lib.mkOption {
type = lib.types.attrsOf siteOpts;
default = {};
description = ""; # TODO:
};
};
config = {
users.users = lib.mapAttrs' (siteName: siteConfig: {
"user-${siteName}" = {
isSystemUser = true;
group = config.services.nginx.user;
home = "/srv/http/${siteName}";
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
"user-${siteName}-php" = {
isSystemUser = true;
group = "user-${siteName}-php";
home = "/var/empty";
createHome = false;
shell = "${pkgs.shadow}/bin/nologin";
};
}) cfg;
users.groups = lib.mapAttrs' (siteName: siteConfig: {
${config.services.nginx.user} = {};
"user-${siteName}-php" = {};
}) cfg;
# services = {
# mysql = {
# enable = true;
# package = pkgs.mariadb;
# };
#
# phpfpm.pools."${sitePhpPool}" = {
# user = siteUserPhp;
# group = siteGroupPhp;
#
# settings = {
# # Socket ownership so Nginx can connect
# "listen.owner" = config.services.nginx.user;
# "listen.group" = siteGroupPhp;
# "listen.mode" = "0660";
#
# # Dynamic process management tuned for small sites
# pm = "dynamic";
# "pm.max_children" = "5";
# "pm.start_servers" = "2";
# "pm.min_spare_servers" = "1";
# "pm.max_spare_servers" = "3";
#
# # Logging
# "catch_workers_output" = true;
# "php_admin_flag[log_errors]" = true;
# };
# };
#
# nginx = {
# enable = true;
# virtualHosts."${siteName}" = {
# default = true;
# root = siteDataDir;
#
# listen = [
# {
# addr = "0.0.0.0";
# port = opts.sitePort;
# ssl = false;
# }
# ];
#
# # Fallback for pretty permalinks
# locations."/" = {
# tryFiles = "$uri $uri/ /index.php?$args";
# };
#
# extraConfig = ''
# index index.php;
# '';
#
# # Handle PHP scripts
# locations."~ \\.php$" = {
# extraConfig = ''
# fastcgi_split_path_info ^(.+\\.php)(/.+)$;
# fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket};
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# include ${pkgs.nginx}/conf/fastcgi_params;
# '';
# };
# };
# };
# };
#
# # Bootstrap WordPress on activation
# environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here?
# system.activationScripts."setupWordpress-${siteName}".text = ''
# mkdir -p ${siteDataDir}
# if [ ! -f ${siteDataDir}/wp-config.php ]; then
# cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/
# chown -R ${siteUser}:${siteGroup} ${siteDataDir}
# chmod -R 755 ${siteDataDir}
# fi
# ''; # TODO: tighten permissions (not 755)
};
}

42
modules/locale.nix
View file

@ -1,26 +1,31 @@
{
# Configure console keymap
console.keyMap = "de";
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n.defaultLocale = "en_GB.UTF-8";
i18n = {
# Select internationalisation properties.
defaultLocale = "en_GB.UTF-8";
#i18n.supportedLocales = [
# "en_GB.UTF-8"
# "en_US.UTF-8"
# "de_DE.UTF-8"
#];
#supportedLocales = [
# "en_GB.UTF-8"
# "en_US.UTF-8"
# "de_DE.UTF-8"
#];
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
};
# Configure keymap in X11
@ -28,7 +33,4 @@
layout = "de";
variant = "";
};
# Configure console keymap
console.keyMap = "de";
}

2
modules/pkg_mgrmnt/default.nix
View file

@ -1,8 +1,8 @@
{
imports = [
./flatpak.nix
./garbage-collect.nix
./podman.nix
./store_pkg_file.nix
./garbage-collect.nix
];
}

3
modules/pkg_mgrmnt/flatpak.nix
View file

@ -1,4 +1,5 @@
{
{inArgs, ...}: {
imports = [ inArgs.nix-flatpak.nixosModules.nix-flatpak ];
services.flatpak = {
enable = true;
update.auto = {

2
modules/pkg_mgrmnt/podman.nix
View file

@ -19,8 +19,8 @@
# Useful other development tools
environment.systemPackages = with pkgs; [
dive # look into docker image layers
podman-tui # status of containers in the terminal
#docker-compose # start group of containers for dev
podman-compose # start group of containers for dev
podman-tui # status of containers in the terminal
];
}

2
modules/pkg_mgrmnt/store_pkg_file.nix
View file

@ -10,5 +10,5 @@
formatted = builtins.concatStringsSep "\n" sortedUnique;
in
formatted;
# TODO: in the far future: add a little alias that greps throgh that file
# TODO: in the far future: add a little alias that greps through that file
}

13
modules/pkg_mgrmnt/unattended-updates.nix Normal file
View file

@ -0,0 +1,13 @@
{inArgs, ...}: {
system.autoUpgrade = {
enable = true;
flake = inArgs.self.outPath;
flags = [
"--update-input"
"nixpkgs"
"--print-build-logs"
];
dates = "07:00";
randomizedDelaySec = "45min";
};
}

2
modules/sec_auth/apparmor.nix
View file

@ -4,9 +4,9 @@
# XDG-USER-DIR package and config
environment.systemPackages = with pkgs; [
apparmor-pam
apparmor-utils
apparmor-parser
apparmor-profiles
apparmor-utils
roddhjav-apparmor-rules
];
}

4
modules/sec_auth/default.nix
View file

@ -3,6 +3,8 @@
./apparmor.nix
./firejail.nix
./login-manager.nix
./ssh.nix
./ssh-client.nix
#./ssh-server.nix
./sudo-rs.nix
];
}

15
modules/sec_auth/firejail.nix
View file

@ -44,6 +44,21 @@
];
};
librewolf = {
executable = "${pkgs.librewolf}/bin/librewolf";
profile = "${pkgs.firejail}/etc/firejail/librewolf.profile";
extraArgs = [
# Required for U2F USB stick
"--ignore=private-dev"
# Enforce dark mode
"--env=GTK_THEME=Adwaita:dark"
# Enable system notifications
"--dbus-user.talk=org.freedesktop.Notifications"
# For screen sharing
"--dbus-user.talk=org.freedesktop.portal.*"
];
};
nyxt = {
executable = "${pkgs.nyxt}/bin/nyxt";
profile = "${pkgs.firejail}/etc/firejail/chromium-browser.profile";

0
modules/sec_auth/ssh.nix → modules/sec_auth/ssh-client.nix
View file

13
modules/sec_auth/ssh-server.nix Normal file
View file

@ -0,0 +1,13 @@
{lib, ...}: {
services.openssh = {
enable = true;
ports = lib.mkDefault [10522];
settings = {
PasswordAuthentication = false;
PermitRootLogin = "yes";
X11Forwarding = false;
};
};
}

3
modules/sec_auth/sudo-rs.nix Normal file
View file

@ -0,0 +1,3 @@
{
security.sudo-rs.enable = true;
}

8
modules/serial-console.nix Normal file
View file

@ -0,0 +1,8 @@
{
boot.kernelParams = [ "console=ttyS0,115200n8" ];
boot.loader.grub.extraConfig = "
serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
terminal_input serial
terminal_output serial
";
}

23
modules/software/audio_video/audio_video.nix
View file

@ -1,21 +1,24 @@
{pkgs, ...}: {
# Enable sound with pipewire
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
pulse.enable = true;
alsa = {
services = {
pulseaudio.enable = false;
pipewire = {
enable = true;
support32Bit = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
pulse.enable = true;
alsa = {
enable = true;
support32Bit = true;
};
};
};
# only for more system kinda packages not editing and such
environment.systemPackages = with pkgs; [
helvum
pwvucontrol

19
modules/software/browser/default.nix
View file

@ -1,7 +1,22 @@
{
{pkgs, ...}: let
package = pkgs.librewolf;
in {
imports = [
./brave.nix
./firefox.nix
#./firefox.nix
./librewolf.nix
./nyxt.nix
];
environment.sessionVariables.DEFAULT_BROWSER =
"${package}/bin/"
+ builtins.replaceStrings [".desktop"] [""] package.desktopItem.name;
xdg.mime.defaultApplications = let
browser_desktop_file = package.desktopItem.name;
in {
"text/html" = browser_desktop_file;
"x-scheme-handler/http" = browser_desktop_file;
"x-scheme-handler/https" = browser_desktop_file;
};
}

15
modules/software/browser/firefox.nix
View file

@ -1,13 +1,10 @@
{pkgs, ...}: {
{pkgs, ...}: let
package = pkgs.firefox;
in {
# The logical browser of choice
programs.firefox.enable = true;
programs.firefox = {
enable = true;
xdg.mime.defaultApplications = let
browser_desktop_file = "firefox.desktop";
in {
"text/html" = browser_desktop_file;
"x-scheme-handler/http" = browser_desktop_file;
"x-scheme-handler/https" = browser_desktop_file;
package = package;
};
environment.sessionVariables.DEFAULT_BROWSER = "${pkgs.firefox}/bin/firefox";
}

10
modules/software/browser/librewolf.nix Normal file
View file

@ -0,0 +1,10 @@
{pkgs, ...}: let
package = pkgs.librewolf;
in {
# The logical browser of choice
programs.firefox = {
enable = true;
package = package;
};
}

2
modules/software/default.nix
View file

@ -8,7 +8,7 @@
#./mpv.nix
./neovim.nix
./obs-studio.nix
./packages.nix
./packages
./programs.nix
./virt.nix
];

11
modules/software/fonts.nix
View file

@ -12,12 +12,9 @@
fira-code
fira-code-symbols
#droid-sans-mono
(nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"JetBrainsMono"
];
})
nerd-fonts.fira-code
nerd-fonts.droid-sans-mono
nerd-fonts.jetbrains-mono
];
}

16
modules/software/neovim.nix
View file

@ -1,4 +1,18 @@
{
{pkgs, ...}: let
makeDiff = name:
pkgs.writeShellScriptBin name ''
#!/usr/bin/env bash
if [ $# -lt 2 ]; then
echo "Usage: ${name} <file1> <file2> [more args]" >&2
exit 1
fi
exec nvim -d "$@"
'';
in {
environment.systemPackages = [
(makeDiff "vimdiff")
(makeDiff "nvimdiff")
];
programs.neovim = {
enable = true;
viAlias = true;

23
modules/software/obs-studio.nix
View file

@ -3,6 +3,9 @@
config,
...
}: {
# The virtual camera requires the v4l2loopback kernel module to be installed, a loopback device configured, and polkit enabled so OBS can access the virtual device.
security.polkit.enable = true;
environment.systemPackages = [
(pkgs.wrapOBS {
plugins = with pkgs.obs-studio-plugins; [
@ -12,12 +15,16 @@
];
})
];
boot.extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
boot.kernelModules = ["v4l2loopback"];
boot.extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
security.polkit.enable = true;
boot = {
kernelModules = ["v4l2loopback"];
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
};
}

13
modules/software/packages/core.nix Normal file
View file

@ -0,0 +1,13 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
file
git
htop
ncdu
p7zip
ripgrep
tmux
unzip
wget
];
}

6
modules/software/packages/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./core.nix
./extended.nix
];
}

10
modules/software/packages.nix → modules/software/packages/extended.nix
View file

@ -16,7 +16,6 @@
unstable.neovim
git
gitui
lazygit
@ -31,21 +30,13 @@
rustc
# tooling
htop
btop
ncdu
wget
unstable.yt-dlp
miniserve
file
unzip
tmux
fzf
ripgrep
qemu
home-manager
dfc
p7zip
sops
# move to homemanager?
@ -64,5 +55,6 @@
rustdesk-flutter
timer
unstable.prusa-slicer
tenacity
];
}

4
modules/software/virt.nix
View file

@ -1,8 +1,4 @@
{pkgs, ...}: {
# for running android apps
virtualisation.waydroid.enable =
true; # also starts the systemd service waydroid-container
# virt manager, for running VM's
virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true;

10
modules/theming.nix Normal file
View file

@ -0,0 +1,10 @@
{pkgs, inArgs, ...}: {
imports = [
inArgs.stylix.nixosModules.stylix
];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark.yaml";
polarity = "dark";
};
}

2
modules/users/default.nix
View file

@ -1,5 +1,5 @@
{
imports = [
./ranomier.nix
./ranomier
];
}

6
modules/users/ranomier/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./home-manager.nix
./ranomier.nix
];
}

16
modules/users/ranomier/home-manager.nix Normal file
View file

@ -0,0 +1,16 @@
{inArgs, pkgs, ...}: {
imports = [
inArgs.home-manager.nixosModules.home-manager
];
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
home-manager.users."ranomier" = {
stylix.iconTheme = {
enable = true;
package = pkgs.gruvbox-plus-icons;
dark = "Gruvbox-Plus-Dark";
};
home.stateVersion = "25.05";
};
}

1
modules/users/ranomier.nix → modules/users/ranomier/ranomier.nix
View file

@ -6,6 +6,5 @@
extraGroups = ["networkmanager" "wheel" "podman"];
shell = pkgs.zsh;
useDefaultShell = true;
#packages = with pkgs; [];
};
}

10
modules/wm_and_de/hyprland.nix
View file

@ -41,11 +41,11 @@
# for mounting stuff, also needs a auth agent like lxqt.lxqt-policykit
services.gvfs.enable = true;
qt = {
enable = true;
platformTheme = "qt5ct";
style = "kvantum";
};
#qt = {
# enable = true;
# platformTheme = "qt5ct";
# style = "kvantum";
#};
environment.pathsToLink = ["/share/foot"];

15
outputs.nix
View file

@ -1,6 +1,5 @@
inArgs: let
lib = inArgs.nixpkgs.lib;
hostHelper = import ./hostHelper.nix inArgs;
hostHelper = import ./lib/hostHelper.nix inArgs;
# Supported systems for your flake packages, shell, etc.
systems = [
@ -16,11 +15,11 @@ in {
nixosConfigurations = builtins.mapAttrs (hostName: hostOptions: (hostHelper hostName hostOptions)) {
crocoite = {stateVersion = "24.05";};
jitsi = {stateVersion = "24.11";};
game-luanti = {
stateVersion = "25.05";
unstable = true;
};
#jitsi = {stateVersion = "24.11";};
game-luanti = {stateVersion = "25.05";};
#ext-julia = {stateVersion = "24.11";};
};
# Your custom packages
@ -28,7 +27,7 @@ in {
#packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
# Your custom packages and modifications, exported as overlays
overlays = import ./overlays {inherit inArgs;};
overlays = import ./overlays {inArgs = inArgs;};
# Reusable nixos modules you might want to export
# These are usually stuff you would upstream into nixpkgs

23
readme.md Normal file
View file

@ -0,0 +1,23 @@
# My flake config
Some awesome descriptive text here
## folder structure
### system_profiles
This whole folder is for the most part just a system to clean up importing
- In files in this (`system_profiles`) directory:
- should never import anything from parent directories
- can import things from the child directories
- The `importers` directory:
- Should only import things outside (above/parent) of the `system_profiles` directories.
- Probably only from the module directory or maybe a future nix-modules directory,
this rule is not set in stone yet
- should **not** import anything outside of this repository
- The `components` directory:
- Should never import anything from this repository
- It can import things from nixpkgs
- Should set only basic "system" settings
("system" is not well defined)

4
system_profiles/mini-container.nix → system_profiles/components/container.nix
View file

@ -1,6 +1,6 @@
# For when to deploy to a container,
# can be used with minify to make things smaller
{lib, ...}: {
boot.isContainer = lib.mkDefault true;
boot.kernel.enable = lib.mkDefault false;
imports = [./mini.nix];
}

16
system_profiles/components/minify.nix Normal file
View file

@ -0,0 +1,16 @@
# This makes an installation smaller at the cost of
# features (and maybe even stability)
{lib, modulesPath, ...}: {
imports = [
(modulesPath + "/profiles/minimal.nix")
#(modulesPath + "/profiles/perlless.nix")
];
disabledModules = [
(modulesPath + "/profiles/all-hardware.nix")
(modulesPath + "/profiles/base.nix")
];
environment.defaultPackages = lib.mkDefault [];
nixpkgs.overlays = lib.mkDefault [(self: super: {})];
}

22
system_profiles/defaults.nix → system_profiles/components/nix-defaults.nix
View file

@ -1,23 +1,21 @@
{
lib,
pkgs,
...
}: {
nix.settings.experimental-features = lib.mkDefault ["nix-command" "flakes"];
# This loads some nix and nixpkgs specific settints
# i often need
{lib, pkgs, ...}: {
# Disable if you don't want unfree packages
nixpkgs.config.allowUnfree = lib.mkDefault true;
nix = {
# https://lix.systems/ Lix is a modern, delicious implementation of the Nix package manager,
# https://lix.systems/
# Lix is a modern, delicious implementation of the Nix package manager,
# focused on correctness, usability, and growth
# and committed to doing right by its community.
package = lib.mkDefault pkgs.lix;
channel.enable = lib.mkDefault false;
};
imports = [
../modules/locale.nix
];
settings.experimental-features = lib.mkDefault [
"nix-command"
"flakes"
];
};
}

8
system_profiles/desktop.nix Normal file
View file

@ -0,0 +1,8 @@
{
imports = [
./components/nix-defaults.nix
./importers/desktop.nix
./importers/general.nix
];
}

22
system_profiles/importers/desktop.nix Normal file
View file

@ -0,0 +1,22 @@
# This basicly imports the whole modules folder
{rootPath, ...}: {
imports = [
(rootPath + /modules)
(rootPath + /modules/hardware)
(rootPath + /modules/pkg_mgrmnt)
(rootPath + /modules/sec_auth)
(rootPath + /modules/software)
(rootPath + /modules/software/browser)
(rootPath + /modules/software/nix-helper)
(rootPath + /modules/software/office)
(rootPath + /modules/software/shells)
(rootPath + /modules/users)
(rootPath + /modules/wm_and_de)
];
}

7
system_profiles/importers/general.nix Normal file
View file

@ -0,0 +1,7 @@
# This loads some "general" defaults
{rootPath, ...}: {
imports = [
(rootPath + /modules/locale.nix)
(rootPath + /modules/sec_auth/sudo-rs.nix)
];
}

7
system_profiles/importers/server.nix Normal file
View file

@ -0,0 +1,7 @@
{rootPath, ...}: {
imports = [
(rootPath + /modules/customisation.nix)
(rootPath + /modules/software/neovim.nix)
(rootPath + /modules/software/packages/core.nix)
];
}

26
system_profiles/mini.nix
View file

@ -1,26 +0,0 @@
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/minimal.nix")
(modulesPath + "/profiles/perlless.nix")
{
environment.defaultPackages = lib.mkDefault [];
nixpkgs.overlays = lib.mkDefault [(self: super: {})];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
}
];
disabledModules = [
(modulesPath + "/profiles/all-hardware.nix")
(modulesPath + "/profiles/base.nix")
];
}

9
system_profiles/server.nix Normal file
View file

@ -0,0 +1,9 @@
{
imports = [
./components/minify.nix
./components/nix-defaults.nix
./importers/general.nix
./importers/server.nix
];
}