VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Way too massive refactoring

Browse source
This commit is contained in:
Vili Sinervä 2025-05-29 15:39:42 +03:00
parent 113d68be68
commit 24aac9708b
Signed by: Vili Sinervä
SSH key fingerprint: SHA256:FladqYjaE4scJY3Hi+gnShZ6ygnTJgixy0I6BAoHyos
49 changed files with 481 additions and 407 deletions
Download patch file Download diff file Expand all files Collapse all files

4
custom-installer/minimal.nix
View file

@ -1,9 +1,9 @@
{ pkgs, ... }:
{ lib, ... }:
{
imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
./base.nix
];
networking.networkmanager.enable = pkgs.lib.mkForce false;
networking.networkmanager.enable = lib.mkForce false;
}

168
desktop.nix
View file

@ -1,168 +0,0 @@
{ config, pkgs, ... }:
let
Xresources = "${pkgs.writeText "Xresources" ''
Xft.dpi: 96
Xft.antialias: true
Xft.hinting: true
Xft.rgba: rgb
Xft.autohint: false
Xft.hintstyle: hintslight
Xft.lcdfilter: lcddefault
Xcursor.theme: xcursor-breeze
Xcursor.size: 0
''}";
in
{
assertions = [
{
assertion = config.users.users ? "vili";
message = "User 'vili' needed for desktop!";
}
];
imports = [ ./program-config-files/firefox.nix ];
environment.systemPackages = with pkgs; [
alacritty
i3status
rofi
arandr
telegram-desktop
signal-desktop
discord
vlc
pavucontrol
viewnior
xfce.mousepad
pcmanfm
libreoffice
evince
brightnessctl
networkmanagerapplet
flameshot
speedcrunch
bitwarden
zotero
kile
texliveFull
imagemagick
ghostscript
kdePackages.okular
];
programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
security = {
pam = {
rssh.enable = true;
services = {
sudo.rssh = true;
};
};
sudo.execWheelOnly = true;
};
programs.i3lock.enable = true;
services = {
displayManager = {
defaultSession = "none+i3";
autoLogin.enable = true;
autoLogin.user = "vili";
};
xserver = {
enable = true;
displayManager = {
lightdm.enable = true;
sessionCommands = ''${pkgs.xorg.xrdb}/bin/xrdb -merge < ${Xresources}'';
};
windowManager.i3 = {
enable = true;
extraPackages = [ ];
configFile = "${
(import ./program-config-files/i3.nix {
inherit config;
inherit pkgs;
})
}";
};
};
printing.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
pipewire.enable = false;
pulseaudio.enable = true;
};
nixpkgs.config.pulseaudio = true;
security.polkit.enable = true;
xdg.mime.defaultApplications = {
"application/pdf" = "org.gnome.Evince.desktop";
"text/plain" = "org.xfce.mousepad.desktop";
"text/x-tex" = "org.kde.kile.desktop";
"inode/directory" = "pcmanfm.description";
};
qt = {
enable = true;
style = "adwaita-dark";
platformTheme = "gnome";
};
system.userActivationScripts.mkDesktopSettingsSymlinks.text =
let
home = "/home/vili/";
paths = [
rec {
dir = "${home}.config/pcmanfm/default/";
file = "pcmanfm.conf";
full = "${dir}${file}";
source = "${./program-config-files/pcmanfm.conf}";
}
rec {
dir = "${home}.config/libfm/";
file = "libfm.conf";
full = "${dir}${file}";
source = "${./program-config-files/libfm.conf}";
}
rec {
dir = "${home}.config/gtk-3.0/";
file = "bookmarks";
full = "${dir}${file}";
source = "${./program-config-files/gtk-bookmarks}";
}
rec {
dir = "${home}";
file = ".gtkrc-2.0";
full = "${dir}${file}";
source = "${./program-config-files/gtkrc-2.0}";
}
rec {
dir = "${home}.config/gtk-3.0/";
file = "settings.ini";
full = "${dir}${file}";
source = "${./program-config-files/gtk-3-4-settings.ini}";
}
rec {
dir = "${home}.config/gtk-4.0/";
file = "settings.ini";
full = "${dir}${file}";
source = "${./program-config-files/gtk-3-4-settings.ini}";
}
];
in
toString (
map (path: ''
mkdir -p ${path.dir}
if test -e ${path.full} -a ! -L ${path.full}; then
mv -f ${path.full} ${path.full}.old
fi
ln -sf ${path.source} ${path.full}
'') paths
);
}

6
machine-confs/cert-store.nix
View file

@ -3,13 +3,9 @@
networking.hostName = "cert-store";
imports = [
../base.nix
../shared/base.nix
../servers/acme-cert-store.nix
];
#Many installs will need this, and it won't hurt either way
services.qemuGuest.enable = true;
#Prevent user from being locked out of the system before switching to proper config
users.mutableUsers = pkgs.lib.mkForce true;
}

11
machine-confs/exoplasim.nix
View file

@ -1,6 +1,11 @@
{ config, pkgs, ... }:
{
imports = [ ../base.nix ];
config,
pkgs,
lib,
...
}:
{
imports = [ ../shared/base.nix ];
# Networking conf including WireGuard
networking = {
@ -42,7 +47,7 @@
};
users.groups.worker.gid = 1001;
system.autoUpgrade.allowReboot = pkgs.lib.mkForce false;
system.autoUpgrade.allowReboot = lib.mkForce false;
programs.rust-motd = {
enable = true;

2
machine-confs/forgejo.nix
View file

@ -3,7 +3,7 @@
networking.hostName = "forgejo";
imports = [
../base.nix
../shared/base.nix
../servers/forgejo.nix
];

9
machine-confs/gaming.nix
View file

@ -3,11 +3,12 @@
networking.hostName = "gaming";
imports = [
../base.nix
../desktop.nix
../users/vili.nix
../shared/base.nix
../shared/hardware/nvidia.nix
../personal-machines/desktop.nix
../servers/gaming-server.nix
../hardware-specific/nvidia.nix
];
users.users.vili.hashedPasswordFile = lib.mkForce null;

6
machine-confs/generic.nix
View file

@ -1,12 +1,12 @@
{ pkgs, ... }:
{ lib, ... }:
{
networking.hostName = "nixos";
imports = [ ../base.nix ];
imports = [ ../shared/base.nix ];
#Many installs will need this, and it won't hurt either way
services.qemuGuest.enable = true;
#Prevent user from being locked out of the system before switching to proper config
users.mutableUsers = pkgs.lib.mkForce true;
users.mutableUsers = lib.mkForce true;
}

86
machine-confs/helium.nix
View file

@ -1,28 +1,12 @@
{ pkgs, config, ... }:
{ pkgs, lib, ... }:
{
custom.home_wg_suffix = "2";
system.autoUpgrade.allowReboot = lib.mkForce false;
networking = {
hostName = "helium";
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = [ "${config.custom.gua_pref}ff::2/64" ];
dns = [
"${config.custom.gua_pref}ff::1"
"vsinerva.fi"
];
privateKeyFile = "/root/wireguard-keys/privatekey-home";
listenPort = 51820;
peers = [
{
publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
presharedKeyFile = "/root/wireguard-keys/psk-home";
allowedIPs = [ "::/0" ];
endpoint = "wg.vsinerva.fi:51820";
}
];
};
wg1 = {
autostart = false;
address = [ "10.100.0.7/24" ];
@ -43,48 +27,11 @@
};
};
};
# Dirty hack to fix autostart failing due to DNS lookups
systemd.services."wg-quick-wg0".serviceConfig = {
Restart = "on-failure";
RestartSec = "1s";
};
services.clatd = {
enable = true;
settings.clat-v6-addr = "${config.custom.gua_pref}ff::c2";
};
systemd.services.clatd.wants = [ "wg-quick-wg0.service" ];
services.openssh.openFirewall = false;
services.fail2ban.enable = pkgs.lib.mkForce false;
imports = [
../base.nix
../users/vili.nix
../desktop.nix
../development.nix
../services/syncthing.nix
../services/redshift.nix
../services/moonlight.nix
../hardware-specific/onlykey.nix
../hardware-specific/keychron-q11.nix
../hardware-specific/trackball.nix
../hardware-specific/amd-laptop.nix
../hardware-specific/usb-automount.nix
];
services.xserver.displayManager.setupCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360
'';
system.autoUpgrade.allowReboot = pkgs.lib.mkForce false;
swapDevices = pkgs.lib.mkForce [
{
device = "/var/lib/swapfile";
size = 16 * 1024;
}
];
boot = {
loader.timeout = 3;
initrd.luks = {
@ -97,4 +44,29 @@
resumeDevice = "/dev/mapper/luks-f6e1979b-0dee-4ee9-8170-10490019854b";
kernelParams = [ "resume_offset=44537856" ];
};
imports = [
../shared/base.nix
../personal-machines/desktop.nix
../personal-machines/development.nix
../personal-machines/hardware/amd-laptop.nix
../personal-machines/hardware/hibernate.nix
../personal-machines/hardware/keychron-q11.nix
../personal-machines/hardware/onlykey.nix
../personal-machines/hardware/trackball.nix
../personal-machines/networking/home-wg.nix
../personal-machines/networking/printing.nix
../personal-machines/programs/bitwarden.nix
../personal-machines/programs/communication.nix
../personal-machines/programs/firefox.nix
../personal-machines/programs/i3.nix
../personal-machines/programs/moonlight.nix
../personal-machines/programs/redshift.nix
../personal-machines/programs/study.nix
../personal-machines/programs/usb-automount.nix
];
}

2
machine-confs/idacloud.nix
View file

@ -5,7 +5,7 @@
custom.collabora_domain = "idacollab.sinerva.eu";
imports = [
../base.nix
../shared/base.nix
../servers/nextcloud.nix
];

97
machine-confs/lithium.nix
View file

@ -1,78 +1,31 @@
{ pkgs, config, ... }:
{ lib, ... }:
{
networking = {
hostName = "lithium";
networking.hostName = "lithium";
custom.home_wg_suffix = "3";
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = [ "${config.custom.gua_pref}ff::3/64" ];
dns = [
"${config.custom.gua_pref}ff::1"
"vsinerva.fi"
];
privateKeyFile = "/root/wireguard-keys/privatekey-home";
listenPort = 51820;
peers = [
{
publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
presharedKeyFile = "/root/wireguard-keys/psk-home";
allowedIPs = [ "::/0" ];
endpoint = "wg.vsinerva.fi:51820";
}
];
};
};
};
# Dirty hack to fix autostart failing due to DNS lookups
systemd.services."wg-quick-wg0".serviceConfig = {
Restart = "on-failure";
RestartSec = "1s";
};
services.clatd = {
enable = true;
settings.clat-v6-addr = "${config.custom.gua_pref}ff::c3";
};
systemd.services.clatd.wants = [ "wg-quick-wg0.service" ];
services.openssh.openFirewall = false;
services.fail2ban.enable = pkgs.lib.mkForce false;
system.autoUpgrade.allowReboot = lib.mkForce false;
# boot.kernelParams = [ "resume_offset=39292928" ];
imports = [
../base.nix
../users/vili.nix
../desktop.nix
../development.nix
../services/syncthing.nix
../services/redshift.nix
../services/moonlight.nix
../hardware-specific/onlykey.nix
../hardware-specific/keychron-q11.nix
../hardware-specific/trackball.nix
../hardware-specific/usb-automount.nix
../hardware-specific/intel-laptop.nix
../shared/base.nix
../personal-machines/desktop.nix
../personal-machines/development.nix
../personal-machines/hardware/hibernate.nix
../personal-machines/hardware/intel-laptop.nix
../personal-machines/hardware/onlykey.nix
../personal-machines/networking/home-wg.nix
../personal-machines/networking/printing.nix
../personal-machines/programs/bitwarden.nix
../personal-machines/programs/communication.nix
../personal-machines/programs/firefox.nix
../personal-machines/programs/i3.nix
../personal-machines/programs/moonlight.nix
../personal-machines/programs/redshift.nix
../personal-machines/programs/study.nix
../personal-machines/programs/usb-automount.nix
];
system.autoUpgrade.allowReboot = pkgs.lib.mkForce false;
swapDevices = pkgs.lib.mkForce [
{
device = "/var/lib/swapfile";
size = 16 * 1024;
}
];
boot = {
loader.timeout = 10;
initrd.luks = {
fido2Support = true;
devices."nixos".fido2 = {
passwordLess = true;
credential = "f29b0760a6ec3b18b0a9958d77d8be8b15ff4fd90d42c3ceaeeb5d24a19c8f81315f52dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec014225afa01";
};
};
resumeDevice = "/dev/mapper/nixos";
kernelParams = [ "resume_offset=39292928" ];
};
}

2
machine-confs/nextcloud.nix
View file

@ -4,7 +4,7 @@
custom.nextcloud_domain = "nextcloud.vsinerva.fi";
imports = [
../base.nix
../shared/base.nix
../servers/nextcloud.nix
];

2
machine-confs/siit-dc.nix
View file

@ -3,7 +3,7 @@
networking.hostName = "siit-dc";
imports = [
../base.nix
../shared/base.nix
../servers/siit-dc.nix
];

9
machine-confs/syncthing.nix
View file

@ -1,14 +1,15 @@
{ pkgs, ... }:
{ lib, ... }:
{
networking.hostName = "syncthing";
imports = [
../base.nix
../users/vili.nix
../shared/base.nix
../shared/users/vili.nix
../servers/syncthing.nix
];
users.users.vili.hashedPasswordFile = pkgs.lib.mkForce null;
users.users.vili.hashedPasswordFile = lib.mkForce null;
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;

2
machine-confs/vaultwarden.nix
View file

@ -3,7 +3,7 @@
networking.hostName = "vaultwarden";
imports = [
../base.nix
../shared/base.nix
../servers/vaultwarden.nix
];

2
machine-confs/wg-rpi.nix
View file

@ -8,7 +8,7 @@ let
ddPassFile = "/root/wg-conf/ddPassFile";
in
{
imports = [ ../base.nix ];
imports = [ ../shared/base.nix ];
environment.systemPackages = with pkgs; [
wireguard-tools

49
personal-machines/desktop.nix Normal file
View file

@ -0,0 +1,49 @@
{ pkgs, ... }:
{
imports = [
./symlinked/symlinks.nix
../shared/users/vili
];
environment.systemPackages = with pkgs; [
alacritty
vlc
flameshot
speedcrunch
];
services = {
displayManager = {
autoLogin.enable = true;
autoLogin.user = "vili";
};
xserver = {
enable = true;
displayManager = {
lightdm.enable = true;
sessionCommands = ''${pkgs.xorg.xrdb}/bin/xrdb -merge < ${
(import ./embedded/xresources.nix { inherit pkgs; })
}'';
};
};
pipewire.enable = false;
pulseaudio.enable = true;
};
nixpkgs.config.pulseaudio = true;
security.polkit.enable = true;
xdg.mime.defaultApplications = {
"application/pdf" = "org.gnome.Evince.desktop";
"text/plain" = "org.xfce.mousepad.desktop";
"text/x-tex" = "org.kde.kile.desktop";
"inode/directory" = "pcmanfm.description";
};
qt = {
enable = true;
style = "adwaita-dark";
platformTheme = "gnome";
};
}

44
personal-machines/development.nix Normal file
View file

@ -0,0 +1,44 @@
{ pkgs, lib, ... }:
{
imports = [ ./programs/embedded/nvim.nix ];
#################### Git configuration ####################
programs.git = {
enable = true;
lfs.enable = true;
config = {
user = {
email = "vili.m.sinerva@gmail.com";
name = "Vili Sinervä";
signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
};
merge = {
ff = "true";
};
pull = {
ff = "only";
};
commit = {
verbose = "true";
};
gpg.format = "ssh";
commit.gpgsign = "true";
};
};
#################### Packages ####################
environment.systemPackages = with pkgs; [
nixfmt-rfc-style
nixd
vagrant
nmap
metasploit
armitage
];
virtualisation.virtualbox.host.enable = true;
virtualisation.virtualbox.host.addNetworkInterface = false;
users.extraGroups.vboxusers.members = [ "vili" ];
fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
}

9
hardware-specific/amd-laptop.nix → personal-machines/hardware/amd-laptop.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, ... }:
{
config,
pkgs,
lib,
...
}:
{
environment.systemPackages = with pkgs; [ zenmonitor ];
@ -7,7 +12,7 @@
boot.initrd.kernelModules = [ "amdgpu" ];
services = {
xserver = pkgs.lib.mkIf config.services.xserver.enable {
xserver = lib.mkIf config.services.xserver.enable {
videoDrivers = [
"amdgpu"
"modesetting"

13
personal-machines/hardware/hibernate.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, ... }:
{
swapDevices = lib.mkForce [
{
device = "/var/lib/swapfile";
size = 16 * 1024;
}
];
boot = {
resumeDevice = lib.mkDefault "/dev/mapper/nixos";
};
}

0
hardware-specific/intel-laptop.nix → personal-machines/hardware/intel-laptop.nix
View file

0
hardware-specific/keychron-q11.nix → personal-machines/hardware/keychron-q11.nix
View file

0
misc/mouse-accel.patch → personal-machines/hardware/moonlight-trackball-accel.patch
View file

11
hardware-specific/onlykey.nix → personal-machines/hardware/onlykey.nix
View file

@ -1,12 +1,5 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
{
assertions = [
{
assertion = config.users.users ? "vili";
message = "User 'vili' needed for onlykey!";
}
];
environment.systemPackages = with pkgs; [
(onlykey.override (prev: {
node_webkit = prev.node_webkit.overrideAttrs {
@ -21,7 +14,5 @@
onlykey-cli
];
security.pam.u2f.enable = true;
hardware.onlykey.enable = true;
programs.i3lock.u2fSupport = true;
}

2
hardware-specific/trackball.nix → personal-machines/hardware/trackball.nix
View file

@ -3,7 +3,7 @@
nixpkgs.overlays = [
(final: prev: {
moonlight-qt = prev.moonlight-qt.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ [ ../misc/mouse-accel.patch ];
patches = (old.patches or [ ]) ++ [ ./moonlight-trackball-accel.patch ];
});
})
];

50
personal-machines/networking/home-wg.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, lib, ... }:
{
options.custom.home_wg_suffix = lib.mkOption {
type = with lib.types; nullOr (strMatching "^[0-9a-zA-Z:]+$");
default = null;
description = "IPv6 GUA Suffix for Home WireGuard config";
};
config = {
networking = {
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = [ "${config.custom.gua_pref}ff::${config.custom.home_wg_suffix}/64" ];
dns = [
"${config.custom.gua_pref}ff::1"
"vsinerva.fi"
];
privateKeyFile = "/persist/secrets/wireguard/priv-home";
listenPort = 51820;
peers = [
{
publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
presharedKeyFile = "/persist/secrets/wireguard/psk-home";
allowedIPs = [ "::/0" ];
endpoint = "wg.vsinerva.fi:51820";
}
];
};
};
};
services.clatd = {
enable = true;
settings.clat-v6-addr = "${config.custom.gua_pref}ff::c${config.custom.home_wg_suffix}";
};
systemd.services = {
"wg-quick-wg0" = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
};
clatd = {
wants = [ "wg-quick-wg0.service" ];
after = [ "wg-quick-wg0.service" ];
};
};
};
}

12
personal-machines/networking/printing.nix Normal file
View file

@ -0,0 +1,12 @@
{ ... }:
{
programs.i3lock.enable = true;
services = {
printing.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
}

21
personal-machines/programs/bitwarden.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
bitwarden
bitwarden-cli
];
programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
security = {
pam = {
rssh.enable = true;
services = {
sudo.rssh = true;
};
};
sudo.execWheelOnly = true;
};
# We need SSH for the sudo, but generally don't want it open on machines with Bitwarden client
services.openssh.openFirewall = false;
}

8
personal-machines/programs/communication.nix Normal file
View file

@ -0,0 +1,8 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
telegram-desktop
signal-desktop
discord
];
}

13
personal-machines/programs/embedded/alacritty.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }:
pkgs.writeText "Xresources" ''
Xft.dpi: 96
Xft.antialias: true
Xft.hinting: true
Xft.rgba: rgb
Xft.autohint: false
Xft.hintstyle: hintslight
Xft.lcdfilter: lcddefault
Xcursor.theme: xcursor-breeze
Xcursor.size: 0
''

3
program-config-files/i3.nix → personal-machines/programs/embedded/i3-conf.nix
View file

@ -1,8 +1,7 @@
{ config, pkgs, ... }:
{ pkgs, ... }:
let
alacritty-conf = "${
(import ./alacritty.nix {
inherit config;
inherit pkgs;
})
}";

43
development.nix → personal-machines/programs/embedded/nvim.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }:
{ ... }:
let
nixvim = import (
builtins.fetchGit {
@ -8,47 +8,6 @@ let
);
in
{
#################### Git configuration ####################
programs.git = {
enable = true;
lfs.enable = true;
config = {
user = {
email = "vili.m.sinerva@gmail.com";
name = "Vili Sinervä";
signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
};
merge = {
ff = "true";
};
pull = {
ff = "only";
};
commit = {
verbose = "true";
};
gpg.format = "ssh";
commit.gpgsign = "true";
};
};
#################### Packages ####################
environment.systemPackages = with pkgs; [
nixfmt-rfc-style
nixd
vagrant
nmap
metasploit
armitage
];
virtualisation.virtualbox.host.enable = true;
virtualisation.virtualbox.host.addNetworkInterface = false;
users.extraGroups.vboxusers.members = [ "vili" ];
fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
#################### Neovim configuration ####################
imports = [ nixvim.nixosModules.nixvim ];
programs.nixvim = {

0
program-config-files/alacritty.nix → personal-machines/programs/embedded/xresources.nix
View file

0
program-config-files/firefox.nix → personal-machines/programs/firefox.nix
View file

28
personal-machines/programs/i3.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
i3status
rofi
arandr
pavucontrol
viewnior
xfce.mousepad
pcmanfm
evince
brightnessctl
networkmanagerapplet
];
programs.i3lock.enable = true;
services = {
displayManager = {
defaultSession = "none+i3";
};
xserver.windowManager.i3 = {
enable = true;
extraPackages = [ ];
configFile = "${(import ./embedded/i3.nix { inherit pkgs; })}";
};
};
}

7
personal-machines/programs/moonlight.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
moonlight-qt
parsec-bin
];
}

20
personal-machines/programs/redshift.nix Normal file
View file

@ -0,0 +1,20 @@
{ ... }:
{
services.redshift = {
executable = "/bin/redshift-gtk";
enable = true;
temperature = {
night = 2800;
day = 6500;
};
brightness = {
night = "0.5";
day = "1";
};
};
location = {
latitude = 60.17;
longitude = 24.94;
};
}

12
personal-machines/programs/study.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
libreoffice
zotero
kile
texliveFull
imagemagick
ghostscript
kdePackages.okular
];
}

0
program-config-files/gtk-3-4-settings.ini → personal-machines/programs/symlinked/gtk-3-4-settings.ini
View file

0
program-config-files/gtk-bookmarks → personal-machines/programs/symlinked/gtk-bookmarks
View file

0
program-config-files/gtkrc-2.0 → personal-machines/programs/symlinked/gtkrc-2.0
View file

0
program-config-files/libfm.conf → personal-machines/programs/symlinked/libfm.conf
View file

0
program-config-files/pcmanfm.conf → personal-machines/programs/symlinked/pcmanfm.conf
View file

54
personal-machines/programs/symlinked/symlinks.nix Normal file
View file

@ -0,0 +1,54 @@
{ ... }:
{
system.userActivationScripts.mkDesktopSettingsSymlinks.text =
let
home = "/home/vili/";
paths = [
rec {
dir = "${home}.config/pcmanfm/default/";
file = "pcmanfm.conf";
full = "${dir}${file}";
source = "${./pcmanfm.conf}";
}
rec {
dir = "${home}.config/libfm/";
file = "libfm.conf";
full = "${dir}${file}";
source = "${./libfm.conf}";
}
rec {
dir = "${home}.config/gtk-3.0/";
file = "bookmarks";
full = "${dir}${file}";
source = "${./gtk-bookmarks}";
}
rec {
dir = "${home}";
file = ".gtkrc-2.0";
full = "${dir}${file}";
source = "${./gtkrc-2.0}";
}
rec {
dir = "${home}.config/gtk-3.0/";
file = "settings.ini";
full = "${dir}${file}";
source = "${./gtk-3-4-settings.ini}";
}
rec {
dir = "${home}.config/gtk-4.0/";
file = "settings.ini";
full = "${dir}${file}";
source = "${./gtk-3-4-settings.ini}";
}
];
in
toString (
map (path: ''
mkdir -p ${path.dir}
if test -e ${path.full} -a ! -L ${path.full}; then
mv -f ${path.full} ${path.full}.old
fi
ln -sf ${path.source} ${path.full}
'') paths
);
}

0
hardware-specific/usb-automount.nix → personal-machines/programs/usb-automount.nix
View file

10
servers/syncthing.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, lib, ... }:
{
boot.kernel.sysctl."fs.inotify.max_user_watches" = 204800;
@ -20,14 +20,14 @@
relaysEnabled = false;
};
devices = pkgs.lib.mkMerge [
devices = lib.mkMerge [
{
"syncthing" = {
id = "J6GNM4Z-2TWASPT-3P3EW4V-KZEQYFF-TXL22QX-4YTZ3WO-WLM7GQ7-NUP66A4";
addresses = [ "tcp://syncthing.vsinerva.fi:22000" ];
};
}
(pkgs.lib.mkIf (config.networking.hostName == "syncthing") {
(lib.mkIf (config.networking.hostName == "syncthing") {
"helium" = {
id = "2MRUBSY-NHXYMAW-SY22RHP-CNNMHKR-DPDKMM4-2XV5F6M-6KSNLQI-DD4EOAM";
addresses = [ "tcp://helium.vsinerva.fi:22000" ];
@ -42,9 +42,9 @@
folders =
let
default = {
devices = pkgs.lib.mkMerge [
devices = lib.mkMerge [
[ "syncthing" ]
(pkgs.lib.mkIf (config.networking.hostName == "syncthing") [
(lib.mkIf (config.networking.hostName == "syncthing") [
"helium"
"lithium"
])

25
base.nix → shared/base.nix
View file

@ -83,7 +83,7 @@
set -s escape-time 0
'';
######################################## SSH and fail2ban configuration #########################
######################################## SSH configuration #########################
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
@ -92,21 +92,6 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV vili-bw-ssh-ed25519-main"
];
services.fail2ban = {
enable = true;
maxretry = 10;
bantime = "10m";
bantime-increment = {
enable = true;
maxtime = "1d";
};
jails = {
DEFAULT.settings = {
findtime = 3600;
};
};
};
######################################## Localization ###########################################
i18n.defaultLocale = "en_US.UTF-8";
@ -126,7 +111,7 @@
layout = "us,";
variant = "de_se_fi,";
};
console = pkgs.lib.mkForce {
console = lib.mkForce {
font = "Lat2-Terminus16";
useXkbConfig = true; # use xkbOptions in tty.
};
@ -187,9 +172,9 @@
users.mutableUsers = false; # Force all user management to happen throught nix-files
boot.loader = {
systemd-boot.enable = pkgs.lib.mkDefault true;
efi.canTouchEfiVariables = pkgs.lib.mkDefault true;
timeout = pkgs.lib.mkDefault 0;
systemd-boot.enable = lib.mkDefault true;
efi.canTouchEfiVariables = lib.mkDefault true;
timeout = lib.mkDefault 0;
};
};
}

0
hardware-specific/nvidia.nix → shared/hardware/nvidia.nix
View file

44
shared/impermanence.nix Normal file
View file

@ -0,0 +1,44 @@
{ ... }:
let
impermanence = builtins.fetchTarball {
url = "https://github.com/nix-community/impermanence/archive/master.tar.gz";
};
in
{
imports = [ "${impermanence}/nixos.nix" ];
environment.persistence."/persist" = {
enable = true; # NB: Defaults to true, not needed
hideMounts = true;
directories = [
# "/etc/NetworkManager/system-connections"
# {
# directory = "/var/lib/colord";
# user = "colord";
# group = "colord";
# mode = "u=rwx,g=rx,o=";
# }
];
files = [
# "/etc/machine-id"
# {
# file = "/var/keys/secret_file";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
];
users.vili = {
# directories = [
# "VirtualBox VMs"
# {
# directory = ".gnupg";
# mode = "0700";
# }
# ];
# files = [
# ".screenrc"
# ];
};
};
}

2
users/vili.nix → shared/users/vili.nix
View file

@ -11,7 +11,7 @@
"audio"
];
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
hashedPasswordFile = "/root/hashed-passwords/vili";
hashedPasswordFile = "/persist/secrets/hashed-passwords/vili";
};
users.groups.vili.gid = 1000;