diff --git a/certificates/id_ed25519_ext-julia.pub b/certificates/id_ed25519_ext-julia.pub deleted file mode 100644 index facb9b4..0000000 --- a/certificates/id_ed25519_ext-julia.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAtsLGI/S6473jzw4BlWTRfxVO7mhEhClRF0gzpexG9V game-luanti diff --git a/certificates/id_ed25519_game-luanti.pub b/certificates/id_ed25519_game-luanti.pub deleted file mode 100644 index 74077ab..0000000 --- a/certificates/id_ed25519_game-luanti.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPydzO5SD6CwZUyiXYGleCGzGLdOqplPWSrJ8dAhs8J game-luanti diff --git a/flake.lock b/flake.lock index c646fe8..63e5de6 100644 --- a/flake.lock +++ b/flake.lock @@ -1,205 +1,5 @@ { "nodes": { - "base16": { - "inputs": { - "fromYaml": "fromYaml" - }, - "locked": { - "lastModified": 1746562888, - "narHash": "sha256-YgNJQyB5dQiwavdDFBMNKk1wyS77AtdgDk/VtU6wEaI=", - "owner": "SenchoPens", - "repo": "base16.nix", - "rev": "806a1777a5db2a1ef9d5d6f493ef2381047f2b89", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "base16.nix", - "type": "github" - } - }, - "base16-fish": { - "flake": false, - "locked": { - "lastModified": 1622559957, - "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", - "owner": "tomyun", - "repo": "base16-fish", - "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", - "type": "github" - }, - "original": { - "owner": "tomyun", - "repo": "base16-fish", - "type": "github" - } - }, - "base16-helix": { - "flake": false, - "locked": { - "lastModified": 1736852337, - "narHash": "sha256-esD42YdgLlEh7koBrSqcT7p2fsMctPAcGl/+2sYJa2o=", - "owner": "tinted-theming", - "repo": "base16-helix", - "rev": "03860521c40b0b9c04818f2218d9cc9efc21e7a5", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-helix", - "type": "github" - } - }, - "base16-vim": { - "flake": false, - "locked": { - "lastModified": 1732806396, - "narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=", - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-vim", - "rev": "577fe8125d74ff456cf942c733a85d769afe58b7", - "type": "github" - } - }, - "firefox-gnome-theme": { - "flake": false, - "locked": { - "lastModified": 1744642301, - "narHash": "sha256-5A6LL7T0lttn1vrKsNOKUk9V0ittdW0VEqh6AtefxJ4=", - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "rev": "59e3de00f01e5adb851d824cf7911bd90c31083a", - "type": "github" - }, - "original": { - "owner": "rafaelmardojai", - "repo": "firefox-gnome-theme", - "type": "github" - } - }, - "flake-compat": { - "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733312601, - "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "fromYaml": { - "flake": false, - "locked": { - "lastModified": 1731966426, - "narHash": "sha256-lq95WydhbUTWig/JpqiB7oViTcHFP8Lv41IGtayokA8=", - "owner": "SenchoPens", - "repo": "fromYaml", - "rev": "106af9e2f715e2d828df706c386a685698f3223b", - "type": "github" - }, - "original": { - "owner": "SenchoPens", - "repo": "fromYaml", - "type": "github" - } - }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "stylix", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1742649964, - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "stylix", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "gnome-shell": { - "flake": false, - "locked": { - "lastModified": 1744584021, - "narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", - "owner": "GNOME", - "repo": "gnome-shell", - "rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", - "type": "github" - }, - "original": { - "owner": "GNOME", - "ref": "48.1", - "repo": "gnome-shell", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -207,49 +7,27 @@ ] }, "locked": { - "lastModified": 1749154018, - "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", + "lastModified": 1746171682, + "narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=", "owner": "nix-community", "repo": "home-manager", - "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", + "rev": "50eee705bbdbac942074a8c120e8194185633675", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-25.05", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "stylix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1747556831, - "narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-25.05", + "ref": "release-24.11", "repo": "home-manager", "type": "github" } }, "nix-flatpak": { "locked": { - "lastModified": 1749394952, - "narHash": "sha256-WbWkzIvB0gqAdBLghdmUpGveY7MlAS2iMj3VEJnJ9yE=", + "lastModified": 1744659587, + "narHash": "sha256-xJnbmRVte13akgn+Prg06IaRHJ5OX3uVltwsCP/mxoc=", "owner": "gmodena", "repo": "nix-flatpak", - "rev": "64c6e53a3999957c19ab95cda78bde466d8374cc", + "rev": "928d868a9141b48f152d3b2b00c433e688d4b106", "type": "github" }, "original": { @@ -281,11 +59,11 @@ ] }, "locked": { - "lastModified": 1747663185, - "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", + "lastModified": 1742568034, + "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", + "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "type": "github" }, "original": { @@ -296,11 +74,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749195551, - "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", + "lastModified": 1746621361, + "narHash": "sha256-T9vOxEqI1j1RYugV0b9dgy0AreiZ9yBDKZJYyclF0og=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", + "rev": "2ea3ad8a1f26a76f8a8e23fc4f7757c46ef30ee5", "type": "github" }, "original": { @@ -312,11 +90,11 @@ }, "nixos-unstable": { "locked": { - "lastModified": 1749285348, - "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "lastModified": 1746461020, + "narHash": "sha256-7+pG1I9jvxNlmln4YgnlW4o+w0TZX24k688mibiFDUE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "rev": "3730d8a308f94996a9ba7c7138ede69c1b9ac4ae", "type": "github" }, "original": { @@ -328,46 +106,20 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749237914, - "narHash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw=", + "lastModified": 1746557022, + "narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70c74b02eac46f4e4aa071e45a6189ce0f6d9265", + "rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-25.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } }, - "nur": { - "inputs": { - "flake-parts": [ - "stylix", - "flake-parts" - ], - "nixpkgs": [ - "stylix", - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1746056780, - "narHash": "sha256-/emueQGaoT4vu0QjU9LDOG5roxRSfdY0K2KkxuzazcM=", - "owner": "nix-community", - "repo": "NUR", - "rev": "d476cd0972dd6242d76374fcc277e6735715c167", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, "root": { "inputs": { "home-manager": "home-manager", @@ -375,164 +127,7 @@ "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nixos-unstable": "nixos-unstable", - "nixpkgs": "nixpkgs", - "stylix": "stylix" - } - }, - "stylix": { - "inputs": { - "base16": "base16", - "base16-fish": "base16-fish", - "base16-helix": "base16-helix", - "base16-vim": "base16-vim", - "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "git-hooks": "git-hooks", - "gnome-shell": "gnome-shell", - "home-manager": "home-manager_2", - "nixpkgs": [ - "nixpkgs" - ], - "nur": "nur", - "systems": "systems", - "tinted-foot": "tinted-foot", - "tinted-kitty": "tinted-kitty", - "tinted-schemes": "tinted-schemes", - "tinted-tmux": "tinted-tmux", - "tinted-zed": "tinted-zed" - }, - "locked": { - "lastModified": 1749389855, - "narHash": "sha256-//wZBnlBJ7Ki5/ZdafiAZwVFZd/2HhKqEbOupo/HcRA=", - "owner": "danth", - "repo": "stylix", - "rev": "bf5ab9df57a3d77847289c39c3a537bd6e6ac6f4", - "type": "github" - }, - "original": { - "owner": "danth", - "ref": "release-25.05", - "repo": "stylix", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "tinted-foot": { - "flake": false, - "locked": { - "lastModified": 1726913040, - "narHash": "sha256-+eDZPkw7efMNUf3/Pv0EmsidqdwNJ1TaOum6k7lngDQ=", - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-foot", - "rev": "fd1b924b6c45c3e4465e8a849e67ea82933fcbe4", - "type": "github" - } - }, - "tinted-kitty": { - "flake": false, - "locked": { - "lastModified": 1735730497, - "narHash": "sha256-4KtB+FiUzIeK/4aHCKce3V9HwRvYaxX+F1edUrfgzb8=", - "owner": "tinted-theming", - "repo": "tinted-kitty", - "rev": "de6f888497f2c6b2279361bfc790f164bfd0f3fa", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-kitty", - "type": "github" - } - }, - "tinted-schemes": { - "flake": false, - "locked": { - "lastModified": 1744974599, - "narHash": "sha256-Fg+rdGs5FAgfkYNCs74lnl8vkQmiZVdBsziyPhVqrlY=", - "owner": "tinted-theming", - "repo": "schemes", - "rev": "28c26a621123ad4ebd5bbfb34ab39421c0144bdd", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "schemes", - "type": "github" - } - }, - "tinted-tmux": { - "flake": false, - "locked": { - "lastModified": 1745111349, - "narHash": "sha256-udV+nHdpqgkJI9D0mtvvAzbqubt9jdifS/KhTTbJ45w=", - "owner": "tinted-theming", - "repo": "tinted-tmux", - "rev": "e009f18a01182b63559fb28f1c786eb027c3dee9", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "tinted-tmux", - "type": "github" - } - }, - "tinted-zed": { - "flake": false, - "locked": { - "lastModified": 1725758778, - "narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=", - "owner": "tinted-theming", - "repo": "base16-zed", - "rev": "122c9e5c0e6f27211361a04fae92df97940eccf9", - "type": "github" - }, - "original": { - "owner": "tinted-theming", - "repo": "base16-zed", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "stylix", - "nur", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1733222881, - "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "49717b5af6f80172275d47a418c9719a31a78b53", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" + "nixpkgs": "nixpkgs" } } }, diff --git a/flake.nix b/flake.nix index ef446c9..6ac302d 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,12 @@ { inputs = { # Main nix package repository - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; - # NixOS unstable - nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - - # ready made hardware configurations. e.G.: Power saving - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + home-manager = { + url = "github:nix-community/home-manager/release-24.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # generating filesystems in different formats nixos-generators = { @@ -15,17 +14,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # additional user specific nix modules - home-manager = { - url = "github:nix-community/home-manager/release-25.05"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # NixOS unstable channel + nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - # theming - stylix = { - url = "github:danth/stylix/release-25.05"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + # ready made hardware configurations. e.G.: Power saving + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; # for managing flatpaks, like which ones are installed and which not nix-flatpak.url = "github:gmodena/nix-flatpak"; diff --git a/lib/hostHelper.nix b/hostHelper.nix similarity index 87% rename from lib/hostHelper.nix rename to hostHelper.nix index e4ab867..3602016 100644 --- a/lib/hostHelper.nix +++ b/hostHelper.nix @@ -5,13 +5,9 @@ inArgs: hostname: hostOptions: let else inArgs.nixpkgs.lib.nixosSystem; in nixosSystem { - specialArgs = { - inArgs = inArgs; - rootPath = inArgs.self; - }; + specialArgs = {inherit inArgs;}; modules = [ - ../hosts/${hostname} - #./debug.nix + ./hosts/${hostname} { networking.hostName = hostname; diff --git a/hosts/crocoite/default.nix b/hosts/crocoite/default.nix index 9275f72..2b546da 100644 --- a/hosts/crocoite/default.nix +++ b/hosts/crocoite/default.nix @@ -5,15 +5,14 @@ nixos-unstable, ... }: { - + #nixpkgs.overlays = [ overlays.unstable-packages ]; nixpkgs = { # You can add overlays here overlays = with inArgs.self.overlays; [ # Add overlays your own flake exports (from overlays and pkgs dir): - unstable-packages - #additions #modifications + unstable-packages # You can also add overlays exported from other flakes: # neovim-nightly-overlay.overlays.default @@ -28,12 +27,34 @@ }; imports = [ + # steam and other stuff seems to depend on perl + #"${modulesPath}/profiles/perlless.nix" + inArgs.nix-flatpak.nixosModules.nix-flatpak + + #nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1 ./hardware-configuration.nix ./boot.nix + ../../modules - ../../system_profiles/desktop.nix - # ../../experiments + ../../modules/users + + ../../modules/hardware + + ../../modules/sec_auth + + ../../modules/software + ../../modules/software/browser + ../../modules/software/nix-helper + ../../modules/software/shells + ../../modules/software/office + + ../../modules/wm_and_de + + ../../modules/pkg_mgrmnt + + ../../system_profiles/defaults.nix + # ../../tests ]; } diff --git a/hosts/crocoite/hardware-configuration.nix b/hosts/crocoite/hardware-configuration.nix index 50cf88e..99cf29f 100644 --- a/hosts/crocoite/hardware-configuration.nix +++ b/hosts/crocoite/hardware-configuration.nix @@ -10,7 +10,6 @@ }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") - #nixos-hardware.nixosModules.lenovo-thinkpad-t14-amd-gen1 ]; boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; diff --git a/hosts/ext-julia/boot.nix b/hosts/ext-julia/boot.nix deleted file mode 100644 index 82bde96..0000000 --- a/hosts/ext-julia/boot.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - # Use the GRUB 2 boot loader. - boot.loader.grub = { - enable = true; - # efiSupport = true; - # efiInstallAsRemovable = true; - # Define on which hard drive you want to install Grub. - device = "/dev/vda"; # or "nodev" for efi only - }; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; -} diff --git a/hosts/ext-julia/default.nix b/hosts/ext-julia/default.nix deleted file mode 100644 index 92c90f8..0000000 --- a/hosts/ext-julia/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{pkgs, ...}:{ - imports = [ - ./boot.nix - ./hardware-configuration.nix - - #../../modules/hosting/wordpress-simple/kiezpalme.nix - #../../modules/hosting/wordpress-simple/pertineo.nix - ../../modules/hosting/wordpress.nix - ../../modules/sec_auth/ssh-server.nix - - ../../system_profiles/server.nix - ]; - - #services.mysql = { - # enable = true; - # package = pkgs.mariadb; - #}; - - services.cWordpress."example-site" = { - enable = true; - sitePort = 80; - }; - - services.cWordpress."example-site2" = { - enable = true; - sitePort = 81; - }; - - services.openssh.ports = [11522]; - users = let - username = "root"; - in { - users."${username}".openssh.authorizedKeys.keyFiles = [ - ../../certificates/id_ed25519_ext-julia.pub - ]; - }; -} diff --git a/hosts/ext-julia/hardware-configuration.nix b/hosts/ext-julia/hardware-configuration.nix deleted file mode 100644 index 1e4a7ab..0000000 --- a/hosts/ext-julia/hardware-configuration.nix +++ /dev/null @@ -1,37 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - lib, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot = { - initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; - initrd.kernelModules = []; - kernelModules = []; - extraModulePackages = []; - }; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/d290e12c-d93c-45f6-b737-135b551c1951"; - fsType = "ext4"; - }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/8c56f52e-568a-4e03-b22c-6d1c7de7c118";} - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/hosts/factorio/hardware-configuration.nix b/hosts/factorio/hardware-configuration.nix index 88e834a..a458278 100644 --- a/hosts/factorio/hardware-configuration.nix +++ b/hosts/factorio/hardware-configuration.nix @@ -1,7 +1,13 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{lib, ...}: { +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; # maybe instruct nix to just use available swap partition diff --git a/hosts/game-luanti/boot.nix b/hosts/game-luanti/boot.nix deleted file mode 100644 index 82bde96..0000000 --- a/hosts/game-luanti/boot.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - # Use the GRUB 2 boot loader. - boot.loader.grub = { - enable = true; - # efiSupport = true; - # efiInstallAsRemovable = true; - # Define on which hard drive you want to install Grub. - device = "/dev/vda"; # or "nodev" for efi only - }; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; -} diff --git a/hosts/game-luanti/default.nix b/hosts/game-luanti/default.nix index c69c055..9072876 100644 --- a/hosts/game-luanti/default.nix +++ b/hosts/game-luanti/default.nix @@ -1,26 +1,13 @@ { + pkgs, + lib, + modulesPath, + ... +}: { imports = [ - ./boot.nix ./hardware-configuration.nix - ../../modules/game/server/luanti - ../../modules/sec_auth/ssh-server.nix - ../../modules/pkg_mgrmnt/unattended-updates.nix - - ../../system_profiles/server.nix + ../../system_profiles/defaults.nix + ../../system_profiles/mini-container.nix ]; - - users = let - username = "root"; - in { - users."${username}".openssh.authorizedKeys.keyFiles = [ - ../../certificates/id_ed25519_game-luanti.pub - ]; - }; - - services.journald.extraConfig = '' - Storage=persistent - SystemMaxUse=100M - SystemKeepFree=50M - ''; } diff --git a/hosts/game-luanti/hardware-configuration.nix b/hosts/game-luanti/hardware-configuration.nix index 6bbf7a7..f8c86aa 100644 --- a/hosts/game-luanti/hardware-configuration.nix +++ b/hosts/game-luanti/hardware-configuration.nix @@ -1,36 +1,3 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - lib, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - boot = { - initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; - initrd.kernelModules = []; - kernelModules = []; - extraModulePackages = []; - }; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/d290e12c-d93c-45f6-b737-135b551c1951"; - fsType = "ext4"; - }; - - swapDevices = [ - {device = "/dev/disk/by-uuid/8c56f52e-568a-4e03-b22c-6d1c7de7c118";} - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - +{lib, ...}: { nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/hosts/jitsi/default.nix b/hosts/jitsi/default.nix index a13ea41..1893723 100644 --- a/hosts/jitsi/default.nix +++ b/hosts/jitsi/default.nix @@ -1,4 +1,9 @@ -{...}: { +{ + pkgs, + lib, + modulesPath, + ... +}: { nixpkgs.config = { # Disable if you don't want unfree packages allowUnfree = true; diff --git a/lib/debug.nix b/lib/debug.nix deleted file mode 100644 index f17441d..0000000 --- a/lib/debug.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: -{ - imports = [ - {lib, config, ... }: { - options.tempDebugVar = lib.mkOption { - type = lib.types.str; - default = ""; - description = "tempDebugVar"; - }; - } - ]; - - environment.etc."debugfile".text = '' - ${config.tempDebugVar} - ''; -} diff --git a/modules/customisation.nix b/modules/customisation.nix index 4a07150..65e1092 100644 --- a/modules/customisation.nix +++ b/modules/customisation.nix @@ -1,13 +1,10 @@ {pkgs, ...}: { # install and set neovim as MANPAGER - environment = { - systemPackages = [pkgs.neovim]; - variables = { - # set neovim as default editor - "EDITOR" = "nvim"; + environment.systemPackages = [pkgs.neovim]; + environment.variables = { + "MANPAGER" = "nvim +Man!"; - # use neovim as manpager! :3 - "MANPAGER" = "nvim +Man!"; - }; + # set neovim as default editor + "EDITOR" = "nvim"; }; } diff --git a/modules/default.nix b/modules/default.nix index e1045b5..3d82f4f 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,17 +1,11 @@ { imports = [ + #./plymouth.nix ./accessibility.nix ./customisation.nix - - # should only be imported directly or via system_profiles - #./dhcp-all-interfaces.nix - ./environment.nix - ./firewall.nix ./locale.nix ./networking.nix - #./plymouth.nix # increases boot time too much - #./serial-console.nix # probably only for servers - ./theming.nix + ./firewall.nix ]; } diff --git a/modules/dhcp-all-interfaces.nix b/modules/dhcp-all-interfaces.nix deleted file mode 100644 index a009914..0000000 --- a/modules/dhcp-all-interfaces.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - # Enables DHCP on each ethernet and wireless interface. - # In case of scripted networking (the default) this is the recommended approach. - # When using systemd-networkd it's still possible to use this option, - # but it's recommended to use it in conjunction with - # explicit per-interface declarations with: - # `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; -} diff --git a/modules/environment.nix b/modules/environment.nix index 44215ab..d399d08 100644 --- a/modules/environment.nix +++ b/modules/environment.nix @@ -1,35 +1,33 @@ {pkgs, ...}: { - environment = { - etc = { - "xdg/user-dirs.defaults".text = '' - DESKTOP=Desktop - DOWNLOAD=Downloads - TEMPLATES=Documents/Templates - PUBLICSHARE=Public - DOCUMENTS=Documents - MUSIC=Media/Music - PICTURES=Media/Pictures - VIDEOS=Media/Videos - ''; - }; - # This is using a rec (recursive) expression to set and access XDG_BIN_HOME within the expression - # For more on rec expressions see https://nix.dev/tutorials/first-steps/nix-language#recursive-attribute-set-rec - sessionVariables = rec { - XDG_CACHE_HOME = "$HOME/.cache"; - XDG_CONFIG_HOME = "$HOME/.config"; - XDG_DATA_HOME = "$HOME/.local/share"; - XDG_STATE_HOME = "$HOME/.local/state"; + environment.etc = { + "xdg/user-dirs.defaults".text = '' + DESKTOP=Desktop + DOWNLOAD=Downloads + TEMPLATES=Documents/Templates + PUBLICSHARE=Public + DOCUMENTS=Documents + MUSIC=Media/Music + PICTURES=Media/Pictures + VIDEOS=Media/Videos + ''; + }; + # This is using a rec (recursive) expression to set and access XDG_BIN_HOME within the expression + # For more on rec expressions see https://nix.dev/tutorials/first-steps/nix-language#recursive-attribute-set-rec + environment.sessionVariables = rec { + XDG_CACHE_HOME = "$HOME/.cache"; + XDG_CONFIG_HOME = "$HOME/.config"; + XDG_DATA_HOME = "$HOME/.local/share"; + XDG_STATE_HOME = "$HOME/.local/state"; - # Not officially in the specification - XDG_BIN_HOME = "$HOME/.local/mybin"; - PATH = [ - "${XDG_BIN_HOME}" - ]; - }; - - # XDG-USER-DIR package and config - systemPackages = with pkgs; [ - xdg-user-dirs + # Not officially in the specification + XDG_BIN_HOME = "$HOME/.local/mybin"; + PATH = [ + "${XDG_BIN_HOME}" ]; }; + + # XDG-USER-DIR package and config + environment.systemPackages = with pkgs; [ + xdg-user-dirs + ]; } diff --git a/modules/firewall.nix b/modules/firewall.nix index dfd6753..f8cb4bb 100644 --- a/modules/firewall.nix +++ b/modules/firewall.nix @@ -1,6 +1,6 @@ { networking.firewall = { - enable = true; + enable = false; # Open ports in the firewall. allowedTCPPorts = [8080 10001 10002]; diff --git a/modules/game/server/luanti/default.nix b/modules/game/server/luanti/default.nix index a6f8da3..06628ea 100644 --- a/modules/game/server/luanti/default.nix +++ b/modules/game/server/luanti/default.nix @@ -1,8 +1,5 @@ -{ - imports = [ - ./luanti.nix - #./mods.nix - ./olivetin.nix - ./postgresql.nix - ]; +{...}: { + services.minetest = { + enable = true; + }; } diff --git a/modules/game/server/luanti/luanti.nix b/modules/game/server/luanti/luanti.nix deleted file mode 100644 index b2f52c0..0000000 --- a/modules/game/server/luanti/luanti.nix +++ /dev/null @@ -1,20 +0,0 @@ -{pkgs, ...}: let - port = 10523; -in { - services.minetest-server = { - enable = true; - - gameId = "EinsDreiDreiSieben"; - port = port; - }; - - # open port since luanti does not do it by itself - networking.firewall = { - allowedUDPPorts = [port]; - }; - - # install luanti seperatly so it is available through the command line - environment.systemPackages = with pkgs; [ - luanti - ]; -} diff --git a/modules/game/server/luanti/mods.nix b/modules/game/server/luanti/mods.nix deleted file mode 100644 index 22c4748..0000000 --- a/modules/game/server/luanti/mods.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, config, ... }: let - GitMod = curl: pkgs.fetchgit rec { - url = curl; - fetchSubmodules = true; - deepClone = false; - leaveDotGit = false; - }; - this-variable-should-exist = GitMod "https://gitlab.com/rubenwardy/accountmgr"; -in { - config.tempDebugVar = break this-variable-should-exist; -} diff --git a/modules/game/server/luanti/olivetin.nix b/modules/game/server/luanti/olivetin.nix deleted file mode 100644 index e84a9c3..0000000 --- a/modules/game/server/luanti/olivetin.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ pkgs, lib, ... }: let - _pull = pkgs.writeShellScript "pull" '' - export GIT_SSH_COMMAND='ssh -i /var/lib/minetest/.ssh/id_ed25519_temp -o IdentitiesOnly=yes' - git -C /var/lib/minetest/.minetest/games/EinsDreiDreiSieben pull - ''; - pull = _pull.outPath; - - _restart = pkgs.writeShellScript "restart" '' - echo "before" - systemctl restart minetest-server.service - echo "after" - ''; - restart = _restart.outPath; - -in { - users.users."minetest".linger = true; - services.olivetin = { - enable = true; - settings = { - actions = [ - { - title = "puuuull!"; - shell = "/run/wrappers/bin/sudo -u minetest - ${pull}"; - popupOnStart = "execution-dialog-stdout-only"; - icon = "⬇"; - } - { - title = "restart"; - shell = "/run/wrappers/bin/sudo -u minetest - ${restart}"; - popupOnStart = "execution-dialog-stdout-only"; - icon = "⬇"; - } - ]; - }; - - path = [ - pkgs.git - pkgs.openssh - ]; - }; - security.sudo-rs.extraRules = [ - { - users = [ "olivetin" ]; - runAs = "minetest"; - commands = [ - { - command = pull; - options = [ "NOPASSWD" ]; - } - ]; - } - { - - users = [ "olivetin" ]; - runAs = "root"; - commands = [ - { - command = restart; - options = [ "NOPASSWD" ]; - } - ]; - } - ]; -} diff --git a/modules/game/server/luanti/postgresql.nix b/modules/game/server/luanti/postgresql.nix deleted file mode 100644 index 1755b1e..0000000 --- a/modules/game/server/luanti/postgresql.nix +++ /dev/null @@ -1,18 +0,0 @@ -{pkgs, ...}: { - config.services.postgresql = { - enable = true; - - authentication = pkgs.lib.mkOverride 10 '' - #type database DBuser auth-method - local all all trust - ''; - - ensureDatabases = ["luanti_world"]; - ensureUsers = [ - { - name = "luanti_world"; - ensureDBOwnership = true; - } - ]; - }; -} diff --git a/modules/hardware/bluetooth.nix b/modules/hardware/bluetooth.nix index cea96f4..900e469 100644 --- a/modules/hardware/bluetooth.nix +++ b/modules/hardware/bluetooth.nix @@ -1,8 +1,6 @@ { - hardware = { - bluetooth.enable = true; # enables support for Bluetooth - bluetooth.powerOnBoot = false; # powers up the default Bluetooth controller on boot - }; + hardware.bluetooth.enable = true; # enables support for Bluetooth + hardware.bluetooth.powerOnBoot = false; # powers up the default Bluetooth controller on boot services.blueman.enable = true; # provides blueman-applet and blueman-manager } diff --git a/modules/hardware/default.nix b/modules/hardware/default.nix index c6ebe66..e24baff 100644 --- a/modules/hardware/default.nix +++ b/modules/hardware/default.nix @@ -2,9 +2,8 @@ imports = [ ./bluetooth.nix ./fwupd.nix - ./gpu.nix - ./print.nix - ./scan.nix + ./scan_and_print.nix #./trackpoint.nix + ./gpu.nix ]; } diff --git a/modules/hardware/gpu.nix b/modules/hardware/gpu.nix index 577529b..13c2a0b 100644 --- a/modules/hardware/gpu.nix +++ b/modules/hardware/gpu.nix @@ -1,8 +1,6 @@ {pkgs, ...}: { - hardware.graphics = { - enable = true; - extraPackages = with pkgs; [ - libvdpau-va-gl - ]; - }; + hardware.graphics.enable = true; + hardware.graphics.extraPackages = with pkgs; [ + libvdpau-va-gl + ]; } diff --git a/modules/hardware/print.nix b/modules/hardware/print.nix deleted file mode 100644 index 3697cf9..0000000 --- a/modules/hardware/print.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - # Enable CUPS to print documents. - services.printing.enable = true; -} diff --git a/modules/hardware/scan.nix b/modules/hardware/scan.nix deleted file mode 100644 index 949137b..0000000 --- a/modules/hardware/scan.nix +++ /dev/null @@ -1,27 +0,0 @@ -{pkgs, ...}: { - services.ipp-usb.enable = true; # enable usb support - - hardware.sane = { - enable = true; # enables support for SANE scanners - - backends-package = pkgs.sane-backends.overrideAttrs (old: { - configureFlags = - (old.configureFlags or []) - ++ [ - # "--localstatedir=/var" # `sane-backends` puts e.g. lock files in here, must not be in /nix/store - # "--with-lockdir=/var/lock/sane" # `sane-backends` puts e.g. lock files in here, must not be in /nix/store - - # Ugly workaround for https://github.com/NixOS/nixpkgs/issues/273280#issuecomment-1848873028 - # Really we should make `sane-backends` be able to provide a real lock dir (e.g. `/var/lock/sane`). - "--disable-locking" - ]; - }); - }; - - users.users.ranomier.extraGroups = ["scanner" "lp"]; - - # only for the scan and maybe print clients - environment.systemPackages = with pkgs; [ - simple-scan - ]; -} diff --git a/modules/hardware/scan_and_print.nix b/modules/hardware/scan_and_print.nix new file mode 100644 index 0000000..a83884c --- /dev/null +++ b/modules/hardware/scan_and_print.nix @@ -0,0 +1,27 @@ +{pkgs, ...}: { + hardware.sane.enable = true; # enables support for SANE scanners + services.ipp-usb.enable = true; # enable usb support + + hardware.sane.backends-package = pkgs.sane-backends.overrideAttrs (old: { + configureFlags = + (old.configureFlags or []) + ++ [ + # "--localstatedir=/var" # `sane-backends` puts e.g. lock files in here, must not be in /nix/store + # "--with-lockdir=/var/lock/sane" # `sane-backends` puts e.g. lock files in here, must not be in /nix/store + + # Ugly workaround for https://github.com/NixOS/nixpkgs/issues/273280#issuecomment-1848873028 + # Really we should make `sane-backends` be able to provide a real lock dir (e.g. `/var/lock/sane`). + "--disable-locking" + ]; + }); + + users.users.ranomier.extraGroups = ["scanner" "lp"]; + + # only for the scan and maybe print clients + environment.systemPackages = with pkgs; [ + simple-scan + ]; + + # Enable CUPS to print documents. + services.printing.enable = true; +} diff --git a/modules/hosting/wordpress-simple/kiezpalme.nix b/modules/hosting/wordpress-simple/kiezpalme.nix deleted file mode 100644 index 636cc00..0000000 --- a/modules/hosting/wordpress-simple/kiezpalme.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - siteName = "shop.kiezpalme.de"; - sitePort = 80; - siteDataDir = "/srv/http/${siteName}"; - siteUser = "user-${siteName}"; - siteGroup = config.services.nginx.user; - siteUserPhp = "${siteUser}-php"; - siteGroupPhp = siteUserPhp; - sitePhpPool = "wordpress-${siteName}"; -in { - users = { - users = { - "${siteUser}" = { - isSystemUser = true; - group = siteGroup; - home = siteDataDir; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - - "${siteUserPhp}" = { - isSystemUser = true; - group = siteGroupPhp; - home = "/var/empty"; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - }; - - groups = { - "${siteGroup}" = {}; - "${siteGroupPhp}" = {}; - }; - }; - - services = { - - phpfpm.pools."${sitePhpPool}" = { - user = siteUserPhp; - group = siteGroupPhp; - - settings = { - # Socket ownership so Nginx can connect - "listen.owner" = config.services.nginx.user; - "listen.group" = siteGroupPhp; - "listen.mode" = "0660"; - - # Dynamic process management tuned for small sites - pm = "dynamic"; - "pm.max_children" = "5"; - "pm.start_servers" = "2"; - "pm.min_spare_servers" = "1"; - "pm.max_spare_servers" = "3"; - - # Logging - "catch_workers_output" = true; - "php_admin_flag[log_errors]" = true; - }; - }; - - nginx = { - enable = true; - virtualHosts."${siteName}" = { - default = true; - root = siteDataDir; - - listen = [ - { - addr = "0.0.0.0"; - port = sitePort; - ssl = false; - } - ]; - - # Fallback for pretty permalinks - locations."/" = { - tryFiles = "$uri $uri/ /index.php?$args"; - }; - - extraConfig = '' - index index.php; - ''; - - # Handle PHP scripts - locations."~ \\.php$" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include ${pkgs.nginx}/conf/fastcgi_params; - ''; - }; - }; - }; - }; - - # Bootstrap WordPress on activation - environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here? - system.activationScripts."setupWordpress-${siteName}".text = '' - mkdir -p ${siteDataDir} - if [ ! -f ${siteDataDir}/wp-config.php ]; then - cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/ - chown -R ${siteUser}:${siteGroup} ${siteDataDir} - chmod -R 755 ${siteDataDir} - fi - ''; # TODO: tighten permissions (not 755) -} diff --git a/modules/hosting/wordpress-simple/pertineo.nix b/modules/hosting/wordpress-simple/pertineo.nix deleted file mode 100644 index 2a83ad5..0000000 --- a/modules/hosting/wordpress-simple/pertineo.nix +++ /dev/null @@ -1,113 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - siteName = "pertineo.de"; - sitePort = 81; - siteDataDir = "/srv/http/${siteName}"; - siteUser = "user-${siteName}"; - siteGroup = config.services.nginx.user; - siteUserPhp = "${siteUser}-php"; - siteGroupPhp = siteUserPhp; - sitePhpPool = "wordpress-${siteName}"; -in { - users = { - users = { - "${siteUser}" = { - isSystemUser = true; - group = siteGroup; - home = siteDataDir; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - - "${siteUserPhp}" = { - isSystemUser = true; - group = siteGroupPhp; - home = "/var/empty"; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - }; - - groups = { - "${siteGroup}" = {}; - "${siteGroupPhp}" = {}; - }; - }; - - services = { - - phpfpm.pools."${sitePhpPool}" = { - user = siteUserPhp; - group = siteGroupPhp; - - settings = { - # Socket ownership so Nginx can connect - "listen.owner" = config.services.nginx.user; - "listen.group" = siteGroupPhp; - "listen.mode" = "0660"; - - # Dynamic process management tuned for small sites - pm = "dynamic"; - "pm.max_children" = "5"; - "pm.start_servers" = "2"; - "pm.min_spare_servers" = "1"; - "pm.max_spare_servers" = "3"; - - # Logging - "catch_workers_output" = true; - "php_admin_flag[log_errors]" = true; - }; - }; - - nginx = { - enable = true; - virtualHosts."${siteName}" = { - default = true; - root = siteDataDir; - - listen = [ - { - addr = "0.0.0.0"; - port = sitePort; - ssl = false; - } - ]; - - # Fallback for pretty permalinks - locations."/" = { - tryFiles = "$uri $uri/ /index.php?$args"; - }; - - extraConfig = '' - index index.php; - ''; - - # Handle PHP scripts - locations."~ \\.php$" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include ${pkgs.nginx}/conf/fastcgi_params; - ''; - }; - }; - }; - }; - - # Bootstrap WordPress on activation - environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here? - system.activationScripts."setupWordpress-${siteName}".text = '' - mkdir -p ${siteDataDir} - if [ ! -f ${siteDataDir}/wp-config.php ]; then - cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/ - chown -R ${siteUser}:${siteGroup} ${siteDataDir} - chmod -R 755 ${siteDataDir} - fi - ''; # TODO: tighten permissions (not 755) -} diff --git a/modules/hosting/wordpress.nix b/modules/hosting/wordpress.nix deleted file mode 100644 index fb22fb9..0000000 --- a/modules/hosting/wordpress.nix +++ /dev/null @@ -1,186 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - siteOpts = lib.types.submodule ({ - options = { - enable = lib.mkEnableOption "custom WordPress service"; - - siteName = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - }; - - sitePort = lib.mkOption { - type = lib.types.port; - default = 80; - description = ""; # TODO: - }; - - #siteDataDir = lib.mkOption { - # type = lib.types.str; - # default = "/srv/http/${siteName}"; - #}; - #siteUser = lib.mkOption { - # type = lib.types.str; - # default = "user-${siteName}"; - #}; - #siteGroup = lib.mkOption { - # type = lib.types.str; - # default = config.services.nginx.user; - #}; - #siteUserPhp = lib.mkOption { - # type = lib.types.str; - # default = "${siteUser}-php"; - #}; - #siteGroupPhp = lib.mkOption { - # type = lib.types.str; - # default = siteUserPhp; - #}; - #sitePhpPool = lib.mkOption { - # type = lib.types.str; - # default = "wordpress-${siteName}"; - #}; - }; - }); - #sites = builtins.mapAttrs (siteName2: siteConfig: - # let - # siteName = if siteConfig.siteName != null then siteConfig.siteName else siteName2; - # in siteConfig // {siteName = siteName;} - #) cfg; - # - #enabledSites = lib.filterAttrs (name: config: config.enable) cfg; - #magie = banana: builtins.mapAttrs (siteName: site: banana) enabledSites; - - mkMergeTopLevel = names: attrs: - lib.getAttrs names ( - lib.mapAttrs (k: v: lib.mkMerge v) (lib.foldAttrs (n: a: [n] ++ a) [] attrs) - ); - - cfg = config.services.cWordpress; -in { - options = { - services.cWordpress = lib.mkOption { - type = lib.types.attrsOf siteOpts; - - default = {}; - description = ""; # TODO: - }; - }; - - config = mkMergeTopLevel ["users" "services" "environment" "system"] (lib.mapAttrsToList ( - siteName: opts: let - siteDataDir = "/srv/http/${siteName}"; - siteUser = "user-${siteName}"; - siteGroup = config.services.nginx.user; - siteUserPhp = "${siteUser}-php"; - siteGroupPhp = siteUserPhp; - sitePhpPool = "wordpress-${siteName}"; - in { - users = { - users = { - "${siteUser}" = { - isSystemUser = true; - group = siteGroup; - home = siteDataDir; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - - "${siteUserPhp}" = { - isSystemUser = true; - group = siteGroupPhp; - home = "/var/empty"; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - }; - - groups = { - "${siteGroup}" = {}; - "${siteGroupPhp}" = {}; - }; - }; - - services = { - mysql = { - enable = true; - package = pkgs.mariadb; - }; - - phpfpm.pools."${sitePhpPool}" = { - user = siteUserPhp; - group = siteGroupPhp; - - settings = { - # Socket ownership so Nginx can connect - "listen.owner" = config.services.nginx.user; - "listen.group" = siteGroupPhp; - "listen.mode" = "0660"; - - # Dynamic process management tuned for small sites - pm = "dynamic"; - "pm.max_children" = "5"; - "pm.start_servers" = "2"; - "pm.min_spare_servers" = "1"; - "pm.max_spare_servers" = "3"; - - # Logging - "catch_workers_output" = true; - "php_admin_flag[log_errors]" = true; - }; - }; - - nginx = { - enable = true; - virtualHosts."${siteName}" = { - default = true; - root = siteDataDir; - - listen = [ - { - addr = "0.0.0.0"; - port = opts.sitePort; - ssl = false; - } - ]; - - # Fallback for pretty permalinks - locations."/" = { - tryFiles = "$uri $uri/ /index.php?$args"; - }; - - extraConfig = '' - index index.php; - ''; - - # Handle PHP scripts - locations."~ \\.php$" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include ${pkgs.nginx}/conf/fastcgi_params; - ''; - }; - }; - }; - }; - - # Bootstrap WordPress on activation - environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here? - system.activationScripts."setupWordpress-${siteName}".text = '' - mkdir -p ${siteDataDir} - if [ ! -f ${siteDataDir}/wp-config.php ]; then - cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/ - chown -R ${siteUser}:${siteGroup} ${siteDataDir} - chmod -R 755 ${siteDataDir} - fi - ''; # TODO: tighten permissions (not 755) - } - ) - cfg); -} diff --git a/modules/hosting/wordpress_from_krebs.nix b/modules/hosting/wordpress_from_krebs.nix deleted file mode 100644 index 28c143f..0000000 --- a/modules/hosting/wordpress_from_krebs.nix +++ /dev/null @@ -1,186 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - siteOpts = lib.types.submodule ({name, ...}: { - options = { - enable = lib.mkEnableOption "custom WordPress service"; - - siteName = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - }; - - sitePort = lib.mkOption { - type = lib.types.port; - default = 80; - description = ""; # TODO: - }; - - #siteDataDir = lib.mkOption { - # type = lib.types.str; - # default = "/srv/http/${siteName}"; - #}; - #siteUser = lib.mkOption { - # type = lib.types.str; - # default = "user-${siteName}"; - #}; - #siteGroup = lib.mkOption { - # type = lib.types.str; - # default = config.services.nginx.user; - #}; - #siteUserPhp = lib.mkOption { - # type = lib.types.str; - # default = "${siteUser}-php"; - #}; - #siteGroupPhp = lib.mkOption { - # type = lib.types.str; - # default = siteUserPhp; - #}; - #sitePhpPool = lib.mkOption { - # type = lib.types.str; - # default = "wordpress-${siteName}"; - #}; - }; - }); - #sites = builtins.mapAttrs (siteName2: siteConfig: - # let - # siteName = if siteConfig.siteName != null then siteConfig.siteName else siteName2; - # in siteConfig // {siteName = siteName;} - #) cfg; - # - #enabledSites = lib.filterAttrs (name: config: config.enable) cfg; - #magie = banana: builtins.mapAttrs (siteName: site: banana) enabledSites; - - mkMergeTopLevel = names: attrs: - lib.getAttrs names ( - lib.mapAttrs (k: v: lib.mkMerge v) (lib.foldAttrs (n: a: [n] ++ a) [] attrs) - ); - - cfg = config.services.cWordpress; - - opts = siteName: { - siteDataDir = "/srv/http/${siteName}"; - siteUser = "user-${siteName}"; - siteGroup = config.services.nginx.user; - siteUserPhp = "${siteUser}-php"; - siteGroupPhp = siteUserPhp; - sitePhpPool = "wordpress-${siteName}"; - }; -in { - options = { - services.cWordpress = lib.mkOption { - type = lib.types.attrsOf siteOpts; - - default = {}; - description = ""; # TODO: - }; - }; - - config = { - users.users = lib.mapAttrs' (siteName: siteConfig: { - "user-${siteName}" = { - isSystemUser = true; - group = config.services.nginx.user; - home = "/srv/http/${siteName}"; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - - "user-${siteName}-php" = { - isSystemUser = true; - group = "user-${siteName}-php"; - home = "/var/empty"; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - }) cfg; - - users.groups = lib.mapAttrs' (siteName: siteConfig: { - ${config.services.nginx.user} = {}; - "user-${siteName}-php" = {}; - }) cfg; - - services = { - mysql = { - enable = true; - package = pkgs.mariadb; - }; - - phpfpm.pools."${sitePhpPool}" = { - user = siteUserPhp; - group = siteGroupPhp; - - settings = { - # Socket ownership so Nginx can connect - "listen.owner" = config.services.nginx.user; - "listen.group" = siteGroupPhp; - "listen.mode" = "0660"; - - # Dynamic process management tuned for small sites - pm = "dynamic"; - "pm.max_children" = "5"; - "pm.start_servers" = "2"; - "pm.min_spare_servers" = "1"; - "pm.max_spare_servers" = "3"; - - # Logging - "catch_workers_output" = true; - "php_admin_flag[log_errors]" = true; - }; - }; - - nginx = { - enable = true; - virtualHosts."${siteName}" = { - default = true; - root = siteDataDir; - - listen = [ - { - addr = "0.0.0.0"; - port = opts.sitePort; - ssl = false; - } - ]; - - # Fallback for pretty permalinks - locations."/" = { - tryFiles = "$uri $uri/ /index.php?$args"; - }; - - extraConfig = '' - index index.php; - ''; - - # Handle PHP scripts - locations."~ \\.php$" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include ${pkgs.nginx}/conf/fastcgi_params; - ''; - }; - }; - }; - }; - - # Bootstrap WordPress on activation - environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here? - system.activationScripts."setupWordpress-${siteName}".text = '' - mkdir -p ${siteDataDir} - if [ ! -f ${siteDataDir}/wp-config.php ]; then - cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/ - chown -R ${siteUser}:${siteGroup} ${siteDataDir} - chmod -R 755 ${siteDataDir} - fi - ''; # TODO: tighten permissions (not 755) - } - ) - cfg); -} - diff --git a/modules/hosting/wordpress_new.nix b/modules/hosting/wordpress_new.nix deleted file mode 100644 index 0bb7752..0000000 --- a/modules/hosting/wordpress_new.nix +++ /dev/null @@ -1,138 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.services.cWordpress; -in { - options = { - services.cWordpress = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule { - options.enable = lib.mkEnableOption "custom WordPress service"; - - options.sitePort = lib.mkOption { - type = lib.types.port; - default = 80; - description = ""; # TODO: - }; - }); - default = {}; - description = ""; # TODO: per-site WordPress configs - }; - }; - - config = lib.foldAttrs' (siteName: cfg: let - siteDataDir = "/srv/http/${siteName}"; - siteUser = "user-${siteName}"; - siteGroup = config.services.nginx.user; - siteUserPhp = "${siteUser}-php"; - siteGroupPhp= siteUserPhp; - sitePhpPool = "wordpress-${siteName}"; - in - lib.mkIf cfg.enable { - users = { - users = { - "${siteUser}" = { - isSystemUser = true; - group = siteGroup; - home = siteDataDir; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - - ### 3) Service account for PHP-FPM pool - "${siteUserPhp}" = { - isSystemUser = true; - group = siteGroupPhp; - home = "/var/empty"; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - }; - - groups = { - "${siteGroup}" = {}; - "${siteGroupPhp}" = {}; - }; - }; - - services = { - mysql = { - enable = true; - package = pkgs.mariadb; - }; - - phpfpm.pools."${sitePhpPool}" = { - user = siteUserPhp; - group = siteGroupPhp; - - settings = { - # Socket ownership so Nginx can connect - "listen.owner" = config.services.nginx.user; - "listen.group" = siteGroupPhp; - "listen.mode" = "0660"; - - # Dynamic process management tuned for small sites - pm = "dynamic"; - "pm.max_children" = "5"; - "pm.start_servers" = "2"; - "pm.min_spare_servers" = "1"; - "pm.max_spare_servers" = "3"; - - # Logging - "catch_workers_output" = true; - "php_admin_flag[log_errors]" = true; - }; - }; - - nginx = { - enable = true; - virtualHosts."${siteName}" = { - default = true; - root = siteDataDir; - - listen = [ - { - addr = "0.0.0.0"; - port = cfg.sitePort; - ssl = false; - } - ]; - - # Fallback for pretty permalinks - locations."/" = { - tryFiles = "$uri $uri/ /index.php?$args"; - }; - - extraConfig = '' - index index.php; - ''; - - # Handle PHP scripts - locations."~ \\.php$" = { - extraConfig = '' - fastcgi_split_path_info ^(.+\\.php)(/.+)$; - fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket}; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include ${pkgs.nginx}/conf/fastcgi_params; - ''; - }; - }; - }; - }; - - # Bootstrap WordPress on activation - environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here? - system.activationScripts."setupWordpress-${siteName}".text = '' - mkdir -p ${siteDataDir} - if [ ! -f ${siteDataDir}/wp-config.php ]; then - cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/ - chown -R ${siteUser}:${siteGroup} ${siteDataDir} - chmod -R 755 ${siteDataDir} - fi - ''; - }}) {} cfg; -} - diff --git a/modules/hosting/wordpress_refactor.nix b/modules/hosting/wordpress_refactor.nix deleted file mode 100644 index 953f5f9..0000000 --- a/modules/hosting/wordpress_refactor.nix +++ /dev/null @@ -1,145 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - siteOpts = lib.types.submodule ({...}: { - options = { - enable = lib.mkEnableOption "custom WordPress service"; - - siteName = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = null; - }; - - sitePort = lib.mkOption { - type = lib.types.port; - default = 80; - description = ""; # TODO: - }; - }; - }); - - cfg = config.services.cWordpress; - - opts = siteName: rec { - siteDataDir = "/srv/http/${siteName}"; - siteUser = "user-${siteName}"; - siteGroup = config.services.nginx.user; - siteUserPhp = "${siteUser}-php"; - siteGroupPhp = siteUserPhp; - sitePhpPool = "wordpress-${siteName}"; - }; -in { - options = { - services.cWordpress = lib.mkOption { - type = lib.types.attrsOf siteOpts; - - default = {}; - description = ""; # TODO: - }; - }; - - config = { - users.users = lib.mapAttrs' (siteName: siteConfig: { - "user-${siteName}" = { - isSystemUser = true; - group = config.services.nginx.user; - home = "/srv/http/${siteName}"; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - - "user-${siteName}-php" = { - isSystemUser = true; - group = "user-${siteName}-php"; - home = "/var/empty"; - createHome = false; - shell = "${pkgs.shadow}/bin/nologin"; - }; - }) cfg; - - users.groups = lib.mapAttrs' (siteName: siteConfig: { - ${config.services.nginx.user} = {}; - "user-${siteName}-php" = {}; - }) cfg; - - # services = { - # mysql = { - # enable = true; - # package = pkgs.mariadb; - # }; - # - # phpfpm.pools."${sitePhpPool}" = { - # user = siteUserPhp; - # group = siteGroupPhp; - # - # settings = { - # # Socket ownership so Nginx can connect - # "listen.owner" = config.services.nginx.user; - # "listen.group" = siteGroupPhp; - # "listen.mode" = "0660"; - # - # # Dynamic process management tuned for small sites - # pm = "dynamic"; - # "pm.max_children" = "5"; - # "pm.start_servers" = "2"; - # "pm.min_spare_servers" = "1"; - # "pm.max_spare_servers" = "3"; - # - # # Logging - # "catch_workers_output" = true; - # "php_admin_flag[log_errors]" = true; - # }; - # }; - # - # nginx = { - # enable = true; - # virtualHosts."${siteName}" = { - # default = true; - # root = siteDataDir; - # - # listen = [ - # { - # addr = "0.0.0.0"; - # port = opts.sitePort; - # ssl = false; - # } - # ]; - # - # # Fallback for pretty permalinks - # locations."/" = { - # tryFiles = "$uri $uri/ /index.php?$args"; - # }; - # - # extraConfig = '' - # index index.php; - # ''; - # - # # Handle PHP scripts - # locations."~ \\.php$" = { - # extraConfig = '' - # fastcgi_split_path_info ^(.+\\.php)(/.+)$; - # fastcgi_pass unix:${config.services.phpfpm.pools."${sitePhpPool}".socket}; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - # include ${pkgs.nginx}/conf/fastcgi_params; - # ''; - # }; - # }; - # }; - # }; - # - # # Bootstrap WordPress on activation - # environment.systemPackages = [pkgs.unzip]; # TODO: why is unzip needed here? - # system.activationScripts."setupWordpress-${siteName}".text = '' - # mkdir -p ${siteDataDir} - # if [ ! -f ${siteDataDir}/wp-config.php ]; then - # cp -R ${pkgs.wordpress}/share/wordpress/* ${siteDataDir}/ - # chown -R ${siteUser}:${siteGroup} ${siteDataDir} - # chmod -R 755 ${siteDataDir} - # fi - # ''; # TODO: tighten permissions (not 755) - }; -} diff --git a/modules/locale.nix b/modules/locale.nix index fbc9d55..f4903ee 100644 --- a/modules/locale.nix +++ b/modules/locale.nix @@ -1,31 +1,26 @@ { - # Configure console keymap - console.keyMap = "de"; - # Set your time zone. time.timeZone = "Europe/Berlin"; - i18n = { - # Select internationalisation properties. - defaultLocale = "en_GB.UTF-8"; + # Select internationalisation properties. + i18n.defaultLocale = "en_GB.UTF-8"; - #supportedLocales = [ - # "en_GB.UTF-8" - # "en_US.UTF-8" - # "de_DE.UTF-8" - #]; + #i18n.supportedLocales = [ + # "en_GB.UTF-8" + # "en_US.UTF-8" + # "de_DE.UTF-8" + #]; - extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "de_DE.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; - }; + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; }; # Configure keymap in X11 @@ -33,4 +28,7 @@ layout = "de"; variant = ""; }; + + # Configure console keymap + console.keyMap = "de"; } diff --git a/modules/pkg_mgrmnt/default.nix b/modules/pkg_mgrmnt/default.nix index 6567a47..49732db 100644 --- a/modules/pkg_mgrmnt/default.nix +++ b/modules/pkg_mgrmnt/default.nix @@ -1,8 +1,8 @@ { imports = [ ./flatpak.nix - ./garbage-collect.nix ./podman.nix ./store_pkg_file.nix + ./garbage-collect.nix ]; } diff --git a/modules/pkg_mgrmnt/flatpak.nix b/modules/pkg_mgrmnt/flatpak.nix index 4fdf226..023ed07 100644 --- a/modules/pkg_mgrmnt/flatpak.nix +++ b/modules/pkg_mgrmnt/flatpak.nix @@ -1,5 +1,4 @@ -{inArgs, ...}: { - imports = [ inArgs.nix-flatpak.nixosModules.nix-flatpak ]; +{ services.flatpak = { enable = true; update.auto = { diff --git a/modules/pkg_mgrmnt/podman.nix b/modules/pkg_mgrmnt/podman.nix index 1299590..96379cf 100644 --- a/modules/pkg_mgrmnt/podman.nix +++ b/modules/pkg_mgrmnt/podman.nix @@ -19,8 +19,8 @@ # Useful other development tools environment.systemPackages = with pkgs; [ dive # look into docker image layers + podman-tui # status of containers in the terminal #docker-compose # start group of containers for dev podman-compose # start group of containers for dev - podman-tui # status of containers in the terminal ]; } diff --git a/modules/pkg_mgrmnt/store_pkg_file.nix b/modules/pkg_mgrmnt/store_pkg_file.nix index da04794..4f4e02b 100644 --- a/modules/pkg_mgrmnt/store_pkg_file.nix +++ b/modules/pkg_mgrmnt/store_pkg_file.nix @@ -10,5 +10,5 @@ formatted = builtins.concatStringsSep "\n" sortedUnique; in formatted; - # TODO: in the far future: add a little alias that greps through that file + # TODO: in the far future: add a little alias that greps throgh that file } diff --git a/modules/pkg_mgrmnt/unattended-updates.nix b/modules/pkg_mgrmnt/unattended-updates.nix deleted file mode 100644 index 0fe8f1c..0000000 --- a/modules/pkg_mgrmnt/unattended-updates.nix +++ /dev/null @@ -1,13 +0,0 @@ -{inArgs, ...}: { - system.autoUpgrade = { - enable = true; - flake = inArgs.self.outPath; - flags = [ - "--update-input" - "nixpkgs" - "--print-build-logs" - ]; - dates = "07:00"; - randomizedDelaySec = "45min"; - }; -} diff --git a/modules/sec_auth/apparmor.nix b/modules/sec_auth/apparmor.nix index 25c70cd..dad5775 100644 --- a/modules/sec_auth/apparmor.nix +++ b/modules/sec_auth/apparmor.nix @@ -4,9 +4,9 @@ # XDG-USER-DIR package and config environment.systemPackages = with pkgs; [ apparmor-pam + apparmor-utils apparmor-parser apparmor-profiles - apparmor-utils roddhjav-apparmor-rules ]; } diff --git a/modules/sec_auth/default.nix b/modules/sec_auth/default.nix index 27bdd07..2bfd404 100644 --- a/modules/sec_auth/default.nix +++ b/modules/sec_auth/default.nix @@ -3,8 +3,6 @@ ./apparmor.nix ./firejail.nix ./login-manager.nix - ./ssh-client.nix - #./ssh-server.nix - ./sudo-rs.nix + ./ssh.nix ]; } diff --git a/modules/sec_auth/firejail.nix b/modules/sec_auth/firejail.nix index 07224c5..11f7836 100644 --- a/modules/sec_auth/firejail.nix +++ b/modules/sec_auth/firejail.nix @@ -44,21 +44,6 @@ ]; }; - librewolf = { - executable = "${pkgs.librewolf}/bin/librewolf"; - profile = "${pkgs.firejail}/etc/firejail/librewolf.profile"; - extraArgs = [ - # Required for U2F USB stick - "--ignore=private-dev" - # Enforce dark mode - "--env=GTK_THEME=Adwaita:dark" - # Enable system notifications - "--dbus-user.talk=org.freedesktop.Notifications" - # For screen sharing - "--dbus-user.talk=org.freedesktop.portal.*" - ]; - }; - nyxt = { executable = "${pkgs.nyxt}/bin/nyxt"; profile = "${pkgs.firejail}/etc/firejail/chromium-browser.profile"; diff --git a/modules/sec_auth/ssh-server.nix b/modules/sec_auth/ssh-server.nix deleted file mode 100644 index 8deb4f9..0000000 --- a/modules/sec_auth/ssh-server.nix +++ /dev/null @@ -1,13 +0,0 @@ -{lib, ...}: { - services.openssh = { - enable = true; - - ports = lib.mkDefault [10522]; - - settings = { - PasswordAuthentication = false; - PermitRootLogin = "yes"; - X11Forwarding = false; - }; - }; -} diff --git a/modules/sec_auth/ssh-client.nix b/modules/sec_auth/ssh.nix similarity index 100% rename from modules/sec_auth/ssh-client.nix rename to modules/sec_auth/ssh.nix diff --git a/modules/sec_auth/sudo-rs.nix b/modules/sec_auth/sudo-rs.nix deleted file mode 100644 index bb57d00..0000000 --- a/modules/sec_auth/sudo-rs.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - security.sudo-rs.enable = true; -} diff --git a/modules/serial-console.nix b/modules/serial-console.nix deleted file mode 100644 index 521887f..0000000 --- a/modules/serial-console.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - boot.kernelParams = [ "console=ttyS0,115200n8" ]; - boot.loader.grub.extraConfig = " - serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 - terminal_input serial - terminal_output serial - "; -} diff --git a/modules/software/audio_video/audio_video.nix b/modules/software/audio_video/audio_video.nix index 810aa06..e878b5a 100644 --- a/modules/software/audio_video/audio_video.nix +++ b/modules/software/audio_video/audio_video.nix @@ -1,24 +1,21 @@ {pkgs, ...}: { # Enable sound with pipewire + hardware.pulseaudio.enable = false; security.rtkit.enable = true; - services = { - pulseaudio.enable = false; - pipewire = { + services.pipewire = { + enable = true; + + # If you want to use JACK applications, uncomment this + jack.enable = true; + pulse.enable = true; + + alsa = { enable = true; - - # If you want to use JACK applications, uncomment this - jack.enable = true; - pulse.enable = true; - - alsa = { - enable = true; - support32Bit = true; - }; + support32Bit = true; }; }; - # only for more system kinda packages not editing and such environment.systemPackages = with pkgs; [ helvum pwvucontrol diff --git a/modules/software/browser/default.nix b/modules/software/browser/default.nix index ab10d64..9903eb0 100644 --- a/modules/software/browser/default.nix +++ b/modules/software/browser/default.nix @@ -1,22 +1,7 @@ -{pkgs, ...}: let - package = pkgs.librewolf; -in { +{ imports = [ ./brave.nix - #./firefox.nix - ./librewolf.nix + ./firefox.nix ./nyxt.nix ]; - - environment.sessionVariables.DEFAULT_BROWSER = - "${package}/bin/" - + builtins.replaceStrings [".desktop"] [""] package.desktopItem.name; - - xdg.mime.defaultApplications = let - browser_desktop_file = package.desktopItem.name; - in { - "text/html" = browser_desktop_file; - "x-scheme-handler/http" = browser_desktop_file; - "x-scheme-handler/https" = browser_desktop_file; - }; } diff --git a/modules/software/browser/firefox.nix b/modules/software/browser/firefox.nix index a27d896..3f4b90a 100644 --- a/modules/software/browser/firefox.nix +++ b/modules/software/browser/firefox.nix @@ -1,10 +1,13 @@ -{pkgs, ...}: let - package = pkgs.firefox; -in { +{pkgs, ...}: { # The logical browser of choice - programs.firefox = { - enable = true; + programs.firefox.enable = true; - package = package; + xdg.mime.defaultApplications = let + browser_desktop_file = "firefox.desktop"; + in { + "text/html" = browser_desktop_file; + "x-scheme-handler/http" = browser_desktop_file; + "x-scheme-handler/https" = browser_desktop_file; }; + environment.sessionVariables.DEFAULT_BROWSER = "${pkgs.firefox}/bin/firefox"; } diff --git a/modules/software/browser/librewolf.nix b/modules/software/browser/librewolf.nix deleted file mode 100644 index 7e10a70..0000000 --- a/modules/software/browser/librewolf.nix +++ /dev/null @@ -1,10 +0,0 @@ -{pkgs, ...}: let - package = pkgs.librewolf; -in { - # The logical browser of choice - programs.firefox = { - enable = true; - - package = package; - }; -} diff --git a/modules/software/default.nix b/modules/software/default.nix index f7f8664..2ffa239 100644 --- a/modules/software/default.nix +++ b/modules/software/default.nix @@ -8,7 +8,7 @@ #./mpv.nix ./neovim.nix ./obs-studio.nix - ./packages + ./packages.nix ./programs.nix ./virt.nix ]; diff --git a/modules/software/fonts.nix b/modules/software/fonts.nix index 0530e20..1d1c26e 100644 --- a/modules/software/fonts.nix +++ b/modules/software/fonts.nix @@ -12,9 +12,12 @@ fira-code fira-code-symbols #droid-sans-mono - - nerd-fonts.fira-code - nerd-fonts.droid-sans-mono - nerd-fonts.jetbrains-mono + (nerdfonts.override { + fonts = [ + "FiraCode" + "DroidSansMono" + "JetBrainsMono" + ]; + }) ]; } diff --git a/modules/software/neovim.nix b/modules/software/neovim.nix index 6329185..8e9546e 100644 --- a/modules/software/neovim.nix +++ b/modules/software/neovim.nix @@ -1,18 +1,4 @@ -{pkgs, ...}: let - makeDiff = name: - pkgs.writeShellScriptBin name '' - #!/usr/bin/env bash - if [ $# -lt 2 ]; then - echo "Usage: ${name} [more args…]" >&2 - exit 1 - fi - exec nvim -d "$@" - ''; -in { - environment.systemPackages = [ - (makeDiff "vimdiff") - (makeDiff "nvimdiff") - ]; +{ programs.neovim = { enable = true; viAlias = true; diff --git a/modules/software/obs-studio.nix b/modules/software/obs-studio.nix index 1d6bef4..a93ee14 100644 --- a/modules/software/obs-studio.nix +++ b/modules/software/obs-studio.nix @@ -3,9 +3,6 @@ config, ... }: { - # The virtual camera requires the v4l2loopback kernel module to be installed, a loopback device configured, and polkit enabled so OBS can access the virtual device. - security.polkit.enable = true; - environment.systemPackages = [ (pkgs.wrapOBS { plugins = with pkgs.obs-studio-plugins; [ @@ -15,16 +12,12 @@ ]; }) ]; - - boot = { - kernelModules = ["v4l2loopback"]; - - extraModulePackages = with config.boot.kernelPackages; [ - v4l2loopback - ]; - - extraModprobeConfig = '' - options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 - ''; - }; + boot.extraModulePackages = with config.boot.kernelPackages; [ + v4l2loopback + ]; + boot.kernelModules = ["v4l2loopback"]; + boot.extraModprobeConfig = '' + options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 + ''; + security.polkit.enable = true; } diff --git a/modules/software/packages/extended.nix b/modules/software/packages.nix similarity index 90% rename from modules/software/packages/extended.nix rename to modules/software/packages.nix index 028ac4d..8e7ea71 100644 --- a/modules/software/packages/extended.nix +++ b/modules/software/packages.nix @@ -16,6 +16,7 @@ unstable.neovim + git gitui lazygit @@ -30,13 +31,21 @@ rustc # tooling + htop btop + ncdu + wget unstable.yt-dlp miniserve + file + unzip + tmux fzf + ripgrep qemu home-manager dfc + p7zip sops # move to homemanager? @@ -55,6 +64,5 @@ rustdesk-flutter timer unstable.prusa-slicer - tenacity ]; } diff --git a/modules/software/packages/core.nix b/modules/software/packages/core.nix deleted file mode 100644 index 6e620a0..0000000 --- a/modules/software/packages/core.nix +++ /dev/null @@ -1,13 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [ - file - git - htop - ncdu - p7zip - ripgrep - tmux - unzip - wget - ]; -} diff --git a/modules/software/packages/default.nix b/modules/software/packages/default.nix deleted file mode 100644 index 1941358..0000000 --- a/modules/software/packages/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./core.nix - ./extended.nix - ]; -} diff --git a/modules/software/virt.nix b/modules/software/virt.nix index 9f512f0..29a6c8e 100644 --- a/modules/software/virt.nix +++ b/modules/software/virt.nix @@ -1,4 +1,8 @@ {pkgs, ...}: { + # for running android apps + virtualisation.waydroid.enable = + true; # also starts the systemd service waydroid-container + # virt manager, for running VM's virtualisation.libvirtd.enable = true; programs.virt-manager.enable = true; diff --git a/modules/theming.nix b/modules/theming.nix deleted file mode 100644 index 8e39278..0000000 --- a/modules/theming.nix +++ /dev/null @@ -1,10 +0,0 @@ -{pkgs, inArgs, ...}: { - imports = [ - inArgs.stylix.nixosModules.stylix - ]; - stylix = { - enable = true; - base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-dark.yaml"; - polarity = "dark"; - }; -} diff --git a/modules/users/default.nix b/modules/users/default.nix index 46e834e..dc0b97d 100644 --- a/modules/users/default.nix +++ b/modules/users/default.nix @@ -1,5 +1,5 @@ { imports = [ - ./ranomier + ./ranomier.nix ]; } diff --git a/modules/users/ranomier/ranomier.nix b/modules/users/ranomier.nix similarity index 90% rename from modules/users/ranomier/ranomier.nix rename to modules/users/ranomier.nix index d93bc36..9bd1e06 100644 --- a/modules/users/ranomier/ranomier.nix +++ b/modules/users/ranomier.nix @@ -6,5 +6,6 @@ extraGroups = ["networkmanager" "wheel" "podman"]; shell = pkgs.zsh; useDefaultShell = true; + #packages = with pkgs; []; }; } diff --git a/modules/users/ranomier/default.nix b/modules/users/ranomier/default.nix deleted file mode 100644 index 125fcee..0000000 --- a/modules/users/ranomier/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./home-manager.nix - ./ranomier.nix - ]; -} diff --git a/modules/users/ranomier/home-manager.nix b/modules/users/ranomier/home-manager.nix deleted file mode 100644 index f097950..0000000 --- a/modules/users/ranomier/home-manager.nix +++ /dev/null @@ -1,16 +0,0 @@ -{inArgs, pkgs, ...}: { - imports = [ - inArgs.home-manager.nixosModules.home-manager - ]; - home-manager.useUserPackages = true; - home-manager.useGlobalPkgs = true; - home-manager.users."ranomier" = { - - stylix.iconTheme = { - enable = true; - package = pkgs.gruvbox-plus-icons; - dark = "Gruvbox-Plus-Dark"; - }; - home.stateVersion = "25.05"; - }; -} diff --git a/modules/wm_and_de/hyprland.nix b/modules/wm_and_de/hyprland.nix index 8482832..112817c 100644 --- a/modules/wm_and_de/hyprland.nix +++ b/modules/wm_and_de/hyprland.nix @@ -41,11 +41,11 @@ # for mounting stuff, also needs a auth agent like lxqt.lxqt-policykit services.gvfs.enable = true; - #qt = { - # enable = true; - # platformTheme = "qt5ct"; - # style = "kvantum"; - #}; + qt = { + enable = true; + platformTheme = "qt5ct"; + style = "kvantum"; + }; environment.pathsToLink = ["/share/foot"]; diff --git a/outputs.nix b/outputs.nix index 67d0073..aab3468 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,5 +1,6 @@ inArgs: let - hostHelper = import ./lib/hostHelper.nix inArgs; + lib = inArgs.nixpkgs.lib; + hostHelper = import ./hostHelper.nix inArgs; # Supported systems for your flake packages, shell, etc. systems = [ @@ -15,11 +16,11 @@ in { nixosConfigurations = builtins.mapAttrs (hostName: hostOptions: (hostHelper hostName hostOptions)) { crocoite = {stateVersion = "24.05";}; - #jitsi = {stateVersion = "24.11";}; - - game-luanti = {stateVersion = "25.05";}; - - #ext-julia = {stateVersion = "24.11";}; + jitsi = {stateVersion = "24.11";}; + game-luanti = { + stateVersion = "25.05"; + unstable = true; + }; }; # Your custom packages @@ -27,7 +28,7 @@ in { #packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); # Your custom packages and modifications, exported as overlays - overlays = import ./overlays {inArgs = inArgs;}; + overlays = import ./overlays {inherit inArgs;}; # Reusable nixos modules you might want to export # These are usually stuff you would upstream into nixpkgs diff --git a/readme.md b/readme.md deleted file mode 100644 index 6b38d20..0000000 --- a/readme.md +++ /dev/null @@ -1,23 +0,0 @@ -# My flake config - -Some awesome descriptive text here - -## folder structure - -### system_profiles - -This whole folder is for the most part just a system to clean up importing - -- In files in this (`system_profiles`) directory: - - should never import anything from parent directories - - can import things from the child directories -- The `importers` directory: - - Should only import things outside (above/parent) of the `system_profiles` directories. - - Probably only from the module directory or maybe a future nix-modules directory, - this rule is not set in stone yet - - should **not** import anything outside of this repository -- The `components` directory: - - Should never import anything from this repository - - It can import things from nixpkgs - - Should set only basic "system" settings - ("system" is not well defined) diff --git a/system_profiles/components/minify.nix b/system_profiles/components/minify.nix deleted file mode 100644 index 429faa5..0000000 --- a/system_profiles/components/minify.nix +++ /dev/null @@ -1,16 +0,0 @@ -# This makes an installation smaller at the cost of -# features (and maybe even stability) -{lib, modulesPath, ...}: { - imports = [ - (modulesPath + "/profiles/minimal.nix") - #(modulesPath + "/profiles/perlless.nix") - ]; - - disabledModules = [ - (modulesPath + "/profiles/all-hardware.nix") - (modulesPath + "/profiles/base.nix") - ]; - - environment.defaultPackages = lib.mkDefault []; - nixpkgs.overlays = lib.mkDefault [(self: super: {})]; -} diff --git a/system_profiles/components/nix-defaults.nix b/system_profiles/defaults.nix similarity index 51% rename from system_profiles/components/nix-defaults.nix rename to system_profiles/defaults.nix index 13be0a2..8fb3c00 100644 --- a/system_profiles/components/nix-defaults.nix +++ b/system_profiles/defaults.nix @@ -1,21 +1,23 @@ -# This loads some nix and nixpkgs specific settints -# i often need -{lib, pkgs, ...}: { +{ + lib, + pkgs, + ... +}: { + nix.settings.experimental-features = lib.mkDefault ["nix-command" "flakes"]; + # Disable if you don't want unfree packages nixpkgs.config.allowUnfree = lib.mkDefault true; nix = { - # https://lix.systems/ - # Lix is a modern, delicious implementation of the Nix package manager, + # https://lix.systems/ Lix is a modern, delicious implementation of the Nix package manager, # focused on correctness, usability, and growth – # and committed to doing right by its community. package = lib.mkDefault pkgs.lix; channel.enable = lib.mkDefault false; - - settings.experimental-features = lib.mkDefault [ - "nix-command" - "flakes" - ]; }; + + imports = [ + ../modules/locale.nix + ]; } diff --git a/system_profiles/desktop.nix b/system_profiles/desktop.nix deleted file mode 100644 index c2da4f2..0000000 --- a/system_profiles/desktop.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - imports = [ - ./components/nix-defaults.nix - - ./importers/desktop.nix - ./importers/general.nix - ]; -} diff --git a/system_profiles/importers/desktop.nix b/system_profiles/importers/desktop.nix deleted file mode 100644 index 6fc76ec..0000000 --- a/system_profiles/importers/desktop.nix +++ /dev/null @@ -1,22 +0,0 @@ -# This basicly imports the whole modules folder -{rootPath, ...}: { - imports = [ - (rootPath + /modules) - - (rootPath + /modules/hardware) - - (rootPath + /modules/pkg_mgrmnt) - - (rootPath + /modules/sec_auth) - - (rootPath + /modules/software) - (rootPath + /modules/software/browser) - (rootPath + /modules/software/nix-helper) - (rootPath + /modules/software/office) - (rootPath + /modules/software/shells) - - (rootPath + /modules/users) - - (rootPath + /modules/wm_and_de) - ]; -} diff --git a/system_profiles/importers/general.nix b/system_profiles/importers/general.nix deleted file mode 100644 index d9ccb24..0000000 --- a/system_profiles/importers/general.nix +++ /dev/null @@ -1,7 +0,0 @@ -# This loads some "general" defaults -{rootPath, ...}: { - imports = [ - (rootPath + /modules/locale.nix) - (rootPath + /modules/sec_auth/sudo-rs.nix) - ]; -} diff --git a/system_profiles/importers/server.nix b/system_profiles/importers/server.nix deleted file mode 100644 index 66f1e60..0000000 --- a/system_profiles/importers/server.nix +++ /dev/null @@ -1,7 +0,0 @@ -{rootPath, ...}: { - imports = [ - (rootPath + /modules/customisation.nix) - (rootPath + /modules/software/neovim.nix) - (rootPath + /modules/software/packages/core.nix) - ]; -} diff --git a/system_profiles/components/container.nix b/system_profiles/mini-container.nix similarity index 54% rename from system_profiles/components/container.nix rename to system_profiles/mini-container.nix index 529d942..ce05d95 100644 --- a/system_profiles/components/container.nix +++ b/system_profiles/mini-container.nix @@ -1,6 +1,6 @@ -# For when to deploy to a container, -# can be used with minify to make things smaller {lib, ...}: { boot.isContainer = lib.mkDefault true; boot.kernel.enable = lib.mkDefault false; + + imports = [./mini.nix]; } diff --git a/system_profiles/mini.nix b/system_profiles/mini.nix new file mode 100644 index 0000000..1df7357 --- /dev/null +++ b/system_profiles/mini.nix @@ -0,0 +1,26 @@ +{ + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/minimal.nix") + (modulesPath + "/profiles/perlless.nix") + + { + environment.defaultPackages = lib.mkDefault []; + nixpkgs.overlays = lib.mkDefault [(self: super: {})]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + } + ]; + + disabledModules = [ + (modulesPath + "/profiles/all-hardware.nix") + (modulesPath + "/profiles/base.nix") + ]; +} diff --git a/system_profiles/server.nix b/system_profiles/server.nix deleted file mode 100644 index 8810958..0000000 --- a/system_profiles/server.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - imports = [ - ./components/minify.nix - ./components/nix-defaults.nix - - ./importers/general.nix - ./importers/server.nix - ]; -} diff --git a/experiments/default.nix b/tests/default.nix similarity index 100% rename from experiments/default.nix rename to tests/default.nix diff --git a/experiments/glitchtip-container.nix b/tests/glitchtip-container.nix similarity index 100% rename from experiments/glitchtip-container.nix rename to tests/glitchtip-container.nix