From 24aac9708b7018caf9e1702ec1a9263b8c4a3e4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vili=20Sinerv=C3=A4?= Date: Thu, 29 May 2025 15:39:42 +0300 Subject: [PATCH] Way too massive refactoring --- custom-installer/minimal.nix | 4 +- desktop.nix | 168 ------------------ machine-confs/cert-store.nix | 6 +- machine-confs/exoplasim.nix | 11 +- machine-confs/forgejo.nix | 2 +- machine-confs/gaming.nix | 9 +- machine-confs/generic.nix | 6 +- machine-confs/helium.nix | 86 +++------ machine-confs/idacloud.nix | 2 +- machine-confs/lithium.nix | 97 +++------- machine-confs/nextcloud.nix | 2 +- machine-confs/siit-dc.nix | 2 +- machine-confs/syncthing.nix | 9 +- machine-confs/vaultwarden.nix | 2 +- machine-confs/wg-rpi.nix | 2 +- personal-machines/desktop.nix | 49 +++++ personal-machines/development.nix | 44 +++++ .../hardware}/amd-laptop.nix | 9 +- personal-machines/hardware/hibernate.nix | 13 ++ .../hardware}/intel-laptop.nix | 0 .../hardware}/keychron-q11.nix | 0 .../hardware/moonlight-trackball-accel.patch | 0 .../hardware}/onlykey.nix | 11 +- .../hardware}/trackball.nix | 2 +- personal-machines/networking/home-wg.nix | 50 ++++++ personal-machines/networking/printing.nix | 12 ++ personal-machines/programs/bitwarden.nix | 21 +++ personal-machines/programs/communication.nix | 8 + .../programs/embedded/alacritty.nix | 13 ++ .../programs/embedded/i3-conf.nix | 3 +- .../programs/embedded/nvim.nix | 43 +---- .../programs/embedded/xresources.nix | 0 .../programs}/firefox.nix | 0 personal-machines/programs/i3.nix | 28 +++ personal-machines/programs/moonlight.nix | 7 + personal-machines/programs/redshift.nix | 20 +++ personal-machines/programs/study.nix | 12 ++ .../programs/symlinked}/gtk-3-4-settings.ini | 0 .../programs/symlinked}/gtk-bookmarks | 0 .../programs/symlinked}/gtkrc-2.0 | 0 .../programs/symlinked}/libfm.conf | 0 .../programs/symlinked}/pcmanfm.conf | 0 .../programs/symlinked/symlinks.nix | 54 ++++++ .../programs}/usb-automount.nix | 0 servers/syncthing.nix | 10 +- base.nix => shared/base.nix | 25 +-- .../hardware}/nvidia.nix | 0 shared/impermanence.nix | 44 +++++ {users => shared/users}/vili.nix | 2 +- 49 files changed, 481 insertions(+), 407 deletions(-) delete mode 100644 desktop.nix create mode 100644 personal-machines/desktop.nix create mode 100644 personal-machines/development.nix rename {hardware-specific => personal-machines/hardware}/amd-laptop.nix (92%) create mode 100644 personal-machines/hardware/hibernate.nix rename {hardware-specific => personal-machines/hardware}/intel-laptop.nix (100%) rename {hardware-specific => personal-machines/hardware}/keychron-q11.nix (100%) rename misc/mouse-accel.patch => personal-machines/hardware/moonlight-trackball-accel.patch (100%) rename {hardware-specific => personal-machines/hardware}/onlykey.nix (64%) rename {hardware-specific => personal-machines/hardware}/trackball.nix (92%) create mode 100644 personal-machines/networking/home-wg.nix create mode 100644 personal-machines/networking/printing.nix create mode 100644 personal-machines/programs/bitwarden.nix create mode 100644 personal-machines/programs/communication.nix create mode 100644 personal-machines/programs/embedded/alacritty.nix rename program-config-files/i3.nix => personal-machines/programs/embedded/i3-conf.nix (99%) rename development.nix => personal-machines/programs/embedded/nvim.nix (84%) rename program-config-files/alacritty.nix => personal-machines/programs/embedded/xresources.nix (100%) rename {program-config-files => personal-machines/programs}/firefox.nix (100%) create mode 100644 personal-machines/programs/i3.nix create mode 100644 personal-machines/programs/moonlight.nix create mode 100644 personal-machines/programs/redshift.nix create mode 100644 personal-machines/programs/study.nix rename {program-config-files => personal-machines/programs/symlinked}/gtk-3-4-settings.ini (100%) rename {program-config-files => personal-machines/programs/symlinked}/gtk-bookmarks (100%) rename {program-config-files => personal-machines/programs/symlinked}/gtkrc-2.0 (100%) rename {program-config-files => personal-machines/programs/symlinked}/libfm.conf (100%) rename {program-config-files => personal-machines/programs/symlinked}/pcmanfm.conf (100%) create mode 100644 personal-machines/programs/symlinked/symlinks.nix rename {hardware-specific => personal-machines/programs}/usb-automount.nix (100%) rename base.nix => shared/base.nix (90%) rename {hardware-specific => shared/hardware}/nvidia.nix (100%) create mode 100644 shared/impermanence.nix rename {users => shared/users}/vili.nix (83%) diff --git a/custom-installer/minimal.nix b/custom-installer/minimal.nix index dd984e1..30f4160 100644 --- a/custom-installer/minimal.nix +++ b/custom-installer/minimal.nix @@ -1,9 +1,9 @@ -{ pkgs, ... }: +{ lib, ... }: { imports = [ ./base.nix ]; - networking.networkmanager.enable = pkgs.lib.mkForce false; + networking.networkmanager.enable = lib.mkForce false; } diff --git a/desktop.nix b/desktop.nix deleted file mode 100644 index 4c400e3..0000000 --- a/desktop.nix +++ /dev/null @@ -1,168 +0,0 @@ -{ config, pkgs, ... }: -let - Xresources = "${pkgs.writeText "Xresources" '' - Xft.dpi: 96 - Xft.antialias: true - Xft.hinting: true - Xft.rgba: rgb - Xft.autohint: false - Xft.hintstyle: hintslight - Xft.lcdfilter: lcddefault - - Xcursor.theme: xcursor-breeze - Xcursor.size: 0 - ''}"; -in -{ - assertions = [ - { - assertion = config.users.users ? "vili"; - message = "User 'vili' needed for desktop!"; - } - ]; - - imports = [ ./program-config-files/firefox.nix ]; - - environment.systemPackages = with pkgs; [ - alacritty - i3status - rofi - arandr - telegram-desktop - signal-desktop - discord - vlc - pavucontrol - viewnior - xfce.mousepad - pcmanfm - libreoffice - evince - brightnessctl - networkmanagerapplet - flameshot - speedcrunch - bitwarden - - zotero - kile - texliveFull - imagemagick - ghostscript - kdePackages.okular - ]; - programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock"; - security = { - pam = { - rssh.enable = true; - services = { - sudo.rssh = true; - }; - }; - sudo.execWheelOnly = true; - }; - - programs.i3lock.enable = true; - services = { - displayManager = { - defaultSession = "none+i3"; - autoLogin.enable = true; - autoLogin.user = "vili"; - }; - xserver = { - enable = true; - displayManager = { - lightdm.enable = true; - sessionCommands = ''${pkgs.xorg.xrdb}/bin/xrdb -merge < ${Xresources}''; - }; - windowManager.i3 = { - enable = true; - extraPackages = [ ]; - configFile = "${ - (import ./program-config-files/i3.nix { - inherit config; - inherit pkgs; - }) - }"; - }; - }; - - printing.enable = true; - avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - }; - - pipewire.enable = false; - pulseaudio.enable = true; - }; - nixpkgs.config.pulseaudio = true; - - security.polkit.enable = true; - - xdg.mime.defaultApplications = { - "application/pdf" = "org.gnome.Evince.desktop"; - "text/plain" = "org.xfce.mousepad.desktop"; - "text/x-tex" = "org.kde.kile.desktop"; - "inode/directory" = "pcmanfm.description"; - }; - - qt = { - enable = true; - style = "adwaita-dark"; - platformTheme = "gnome"; - }; - - system.userActivationScripts.mkDesktopSettingsSymlinks.text = - let - home = "/home/vili/"; - paths = [ - rec { - dir = "${home}.config/pcmanfm/default/"; - file = "pcmanfm.conf"; - full = "${dir}${file}"; - source = "${./program-config-files/pcmanfm.conf}"; - } - rec { - dir = "${home}.config/libfm/"; - file = "libfm.conf"; - full = "${dir}${file}"; - source = "${./program-config-files/libfm.conf}"; - } - rec { - dir = "${home}.config/gtk-3.0/"; - file = "bookmarks"; - full = "${dir}${file}"; - source = "${./program-config-files/gtk-bookmarks}"; - } - rec { - dir = "${home}"; - file = ".gtkrc-2.0"; - full = "${dir}${file}"; - source = "${./program-config-files/gtkrc-2.0}"; - } - rec { - dir = "${home}.config/gtk-3.0/"; - file = "settings.ini"; - full = "${dir}${file}"; - source = "${./program-config-files/gtk-3-4-settings.ini}"; - } - rec { - dir = "${home}.config/gtk-4.0/"; - file = "settings.ini"; - full = "${dir}${file}"; - source = "${./program-config-files/gtk-3-4-settings.ini}"; - } - ]; - in - toString ( - map (path: '' - mkdir -p ${path.dir} - if test -e ${path.full} -a ! -L ${path.full}; then - mv -f ${path.full} ${path.full}.old - fi - ln -sf ${path.source} ${path.full} - '') paths - ); -} diff --git a/machine-confs/cert-store.nix b/machine-confs/cert-store.nix index 2c83775..ab00e96 100644 --- a/machine-confs/cert-store.nix +++ b/machine-confs/cert-store.nix @@ -3,13 +3,9 @@ networking.hostName = "cert-store"; imports = [ - ../base.nix + ../shared/base.nix ../servers/acme-cert-store.nix ]; - #Many installs will need this, and it won't hurt either way services.qemuGuest.enable = true; - - #Prevent user from being locked out of the system before switching to proper config - users.mutableUsers = pkgs.lib.mkForce true; } diff --git a/machine-confs/exoplasim.nix b/machine-confs/exoplasim.nix index 2fe83cb..ca9bf4f 100644 --- a/machine-confs/exoplasim.nix +++ b/machine-confs/exoplasim.nix @@ -1,6 +1,11 @@ -{ config, pkgs, ... }: { - imports = [ ../base.nix ]; + config, + pkgs, + lib, + ... +}: +{ + imports = [ ../shared/base.nix ]; # Networking conf including WireGuard networking = { @@ -42,7 +47,7 @@ }; users.groups.worker.gid = 1001; - system.autoUpgrade.allowReboot = pkgs.lib.mkForce false; + system.autoUpgrade.allowReboot = lib.mkForce false; programs.rust-motd = { enable = true; diff --git a/machine-confs/forgejo.nix b/machine-confs/forgejo.nix index e7ad024..96013bc 100644 --- a/machine-confs/forgejo.nix +++ b/machine-confs/forgejo.nix @@ -3,7 +3,7 @@ networking.hostName = "forgejo"; imports = [ - ../base.nix + ../shared/base.nix ../servers/forgejo.nix ]; diff --git a/machine-confs/gaming.nix b/machine-confs/gaming.nix index eda7ba5..2062ddc 100644 --- a/machine-confs/gaming.nix +++ b/machine-confs/gaming.nix @@ -3,11 +3,12 @@ networking.hostName = "gaming"; imports = [ - ../base.nix - ../desktop.nix - ../users/vili.nix + ../shared/base.nix + ../shared/hardware/nvidia.nix + + ../personal-machines/desktop.nix + ../servers/gaming-server.nix - ../hardware-specific/nvidia.nix ]; users.users.vili.hashedPasswordFile = lib.mkForce null; diff --git a/machine-confs/generic.nix b/machine-confs/generic.nix index 32e9ec8..13f5b80 100644 --- a/machine-confs/generic.nix +++ b/machine-confs/generic.nix @@ -1,12 +1,12 @@ -{ pkgs, ... }: +{ lib, ... }: { networking.hostName = "nixos"; - imports = [ ../base.nix ]; + imports = [ ../shared/base.nix ]; #Many installs will need this, and it won't hurt either way services.qemuGuest.enable = true; #Prevent user from being locked out of the system before switching to proper config - users.mutableUsers = pkgs.lib.mkForce true; + users.mutableUsers = lib.mkForce true; } diff --git a/machine-confs/helium.nix b/machine-confs/helium.nix index 470a029..f8ab959 100644 --- a/machine-confs/helium.nix +++ b/machine-confs/helium.nix @@ -1,28 +1,12 @@ -{ pkgs, config, ... }: +{ pkgs, lib, ... }: { + custom.home_wg_suffix = "2"; + system.autoUpgrade.allowReboot = lib.mkForce false; + networking = { hostName = "helium"; wg-quick.interfaces = { - wg0 = { - autostart = true; - address = [ "${config.custom.gua_pref}ff::2/64" ]; - dns = [ - "${config.custom.gua_pref}ff::1" - "vsinerva.fi" - ]; - privateKeyFile = "/root/wireguard-keys/privatekey-home"; - listenPort = 51820; - - peers = [ - { - publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34="; - presharedKeyFile = "/root/wireguard-keys/psk-home"; - allowedIPs = [ "::/0" ]; - endpoint = "wg.vsinerva.fi:51820"; - } - ]; - }; wg1 = { autostart = false; address = [ "10.100.0.7/24" ]; @@ -43,48 +27,11 @@ }; }; }; - # Dirty hack to fix autostart failing due to DNS lookups - systemd.services."wg-quick-wg0".serviceConfig = { - Restart = "on-failure"; - RestartSec = "1s"; - }; - services.clatd = { - enable = true; - settings.clat-v6-addr = "${config.custom.gua_pref}ff::c2"; - }; - systemd.services.clatd.wants = [ "wg-quick-wg0.service" ]; - - services.openssh.openFirewall = false; - services.fail2ban.enable = pkgs.lib.mkForce false; - - imports = [ - ../base.nix - ../users/vili.nix - ../desktop.nix - ../development.nix - ../services/syncthing.nix - ../services/redshift.nix - ../services/moonlight.nix - ../hardware-specific/onlykey.nix - ../hardware-specific/keychron-q11.nix - ../hardware-specific/trackball.nix - ../hardware-specific/amd-laptop.nix - ../hardware-specific/usb-automount.nix - ]; services.xserver.displayManager.setupCommands = '' ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360 ''; - system.autoUpgrade.allowReboot = pkgs.lib.mkForce false; - - swapDevices = pkgs.lib.mkForce [ - { - device = "/var/lib/swapfile"; - size = 16 * 1024; - } - ]; - boot = { loader.timeout = 3; initrd.luks = { @@ -97,4 +44,29 @@ resumeDevice = "/dev/mapper/luks-f6e1979b-0dee-4ee9-8170-10490019854b"; kernelParams = [ "resume_offset=44537856" ]; }; + + imports = [ + ../shared/base.nix + + ../personal-machines/desktop.nix + ../personal-machines/development.nix + + ../personal-machines/hardware/amd-laptop.nix + ../personal-machines/hardware/hibernate.nix + ../personal-machines/hardware/keychron-q11.nix + ../personal-machines/hardware/onlykey.nix + ../personal-machines/hardware/trackball.nix + + ../personal-machines/networking/home-wg.nix + ../personal-machines/networking/printing.nix + + ../personal-machines/programs/bitwarden.nix + ../personal-machines/programs/communication.nix + ../personal-machines/programs/firefox.nix + ../personal-machines/programs/i3.nix + ../personal-machines/programs/moonlight.nix + ../personal-machines/programs/redshift.nix + ../personal-machines/programs/study.nix + ../personal-machines/programs/usb-automount.nix + ]; } diff --git a/machine-confs/idacloud.nix b/machine-confs/idacloud.nix index fc4d305..4583c26 100644 --- a/machine-confs/idacloud.nix +++ b/machine-confs/idacloud.nix @@ -5,7 +5,7 @@ custom.collabora_domain = "idacollab.sinerva.eu"; imports = [ - ../base.nix + ../shared/base.nix ../servers/nextcloud.nix ]; diff --git a/machine-confs/lithium.nix b/machine-confs/lithium.nix index 1061d7d..dbc2617 100644 --- a/machine-confs/lithium.nix +++ b/machine-confs/lithium.nix @@ -1,78 +1,31 @@ -{ pkgs, config, ... }: +{ lib, ... }: { - networking = { - hostName = "lithium"; + networking.hostName = "lithium"; + custom.home_wg_suffix = "3"; - wg-quick.interfaces = { - wg0 = { - autostart = true; - address = [ "${config.custom.gua_pref}ff::3/64" ]; - dns = [ - "${config.custom.gua_pref}ff::1" - "vsinerva.fi" - ]; - privateKeyFile = "/root/wireguard-keys/privatekey-home"; - listenPort = 51820; - - peers = [ - { - publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34="; - presharedKeyFile = "/root/wireguard-keys/psk-home"; - allowedIPs = [ "::/0" ]; - endpoint = "wg.vsinerva.fi:51820"; - } - ]; - }; - }; - }; - # Dirty hack to fix autostart failing due to DNS lookups - systemd.services."wg-quick-wg0".serviceConfig = { - Restart = "on-failure"; - RestartSec = "1s"; - }; - services.clatd = { - enable = true; - settings.clat-v6-addr = "${config.custom.gua_pref}ff::c3"; - }; - systemd.services.clatd.wants = [ "wg-quick-wg0.service" ]; - - services.openssh.openFirewall = false; - services.fail2ban.enable = pkgs.lib.mkForce false; + system.autoUpgrade.allowReboot = lib.mkForce false; + # boot.kernelParams = [ "resume_offset=39292928" ]; imports = [ - ../base.nix - ../users/vili.nix - ../desktop.nix - ../development.nix - ../services/syncthing.nix - ../services/redshift.nix - ../services/moonlight.nix - ../hardware-specific/onlykey.nix - ../hardware-specific/keychron-q11.nix - ../hardware-specific/trackball.nix - ../hardware-specific/usb-automount.nix - ../hardware-specific/intel-laptop.nix + ../shared/base.nix + + ../personal-machines/desktop.nix + ../personal-machines/development.nix + + ../personal-machines/hardware/hibernate.nix + ../personal-machines/hardware/intel-laptop.nix + ../personal-machines/hardware/onlykey.nix + + ../personal-machines/networking/home-wg.nix + ../personal-machines/networking/printing.nix + + ../personal-machines/programs/bitwarden.nix + ../personal-machines/programs/communication.nix + ../personal-machines/programs/firefox.nix + ../personal-machines/programs/i3.nix + ../personal-machines/programs/moonlight.nix + ../personal-machines/programs/redshift.nix + ../personal-machines/programs/study.nix + ../personal-machines/programs/usb-automount.nix ]; - - system.autoUpgrade.allowReboot = pkgs.lib.mkForce false; - - swapDevices = pkgs.lib.mkForce [ - { - device = "/var/lib/swapfile"; - size = 16 * 1024; - } - ]; - - boot = { - loader.timeout = 10; - initrd.luks = { - fido2Support = true; - devices."nixos".fido2 = { - passwordLess = true; - credential = "f29b0760a6ec3b18b0a9958d77d8be8b15ff4fd90d42c3ceaeeb5d24a19c8f81315f52dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec014225afa01"; - }; - }; - resumeDevice = "/dev/mapper/nixos"; - kernelParams = [ "resume_offset=39292928" ]; - }; } diff --git a/machine-confs/nextcloud.nix b/machine-confs/nextcloud.nix index 17afba1..fd95659 100644 --- a/machine-confs/nextcloud.nix +++ b/machine-confs/nextcloud.nix @@ -4,7 +4,7 @@ custom.nextcloud_domain = "nextcloud.vsinerva.fi"; imports = [ - ../base.nix + ../shared/base.nix ../servers/nextcloud.nix ]; diff --git a/machine-confs/siit-dc.nix b/machine-confs/siit-dc.nix index 051899c..7829155 100644 --- a/machine-confs/siit-dc.nix +++ b/machine-confs/siit-dc.nix @@ -3,7 +3,7 @@ networking.hostName = "siit-dc"; imports = [ - ../base.nix + ../shared/base.nix ../servers/siit-dc.nix ]; diff --git a/machine-confs/syncthing.nix b/machine-confs/syncthing.nix index 9fbba5d..5830269 100644 --- a/machine-confs/syncthing.nix +++ b/machine-confs/syncthing.nix @@ -1,14 +1,15 @@ -{ pkgs, ... }: +{ lib, ... }: { networking.hostName = "syncthing"; imports = [ - ../base.nix - ../users/vili.nix + ../shared/base.nix + ../shared/users/vili.nix + ../servers/syncthing.nix ]; - users.users.vili.hashedPasswordFile = pkgs.lib.mkForce null; + users.users.vili.hashedPasswordFile = lib.mkForce null; # HARDWARE SPECIFIC services.qemuGuest.enable = true; diff --git a/machine-confs/vaultwarden.nix b/machine-confs/vaultwarden.nix index 8219a87..4bc39c3 100644 --- a/machine-confs/vaultwarden.nix +++ b/machine-confs/vaultwarden.nix @@ -3,7 +3,7 @@ networking.hostName = "vaultwarden"; imports = [ - ../base.nix + ../shared/base.nix ../servers/vaultwarden.nix ]; diff --git a/machine-confs/wg-rpi.nix b/machine-confs/wg-rpi.nix index 0ef3e8d..c456a75 100644 --- a/machine-confs/wg-rpi.nix +++ b/machine-confs/wg-rpi.nix @@ -8,7 +8,7 @@ let ddPassFile = "/root/wg-conf/ddPassFile"; in { - imports = [ ../base.nix ]; + imports = [ ../shared/base.nix ]; environment.systemPackages = with pkgs; [ wireguard-tools diff --git a/personal-machines/desktop.nix b/personal-machines/desktop.nix new file mode 100644 index 0000000..c3fa830 --- /dev/null +++ b/personal-machines/desktop.nix @@ -0,0 +1,49 @@ +{ pkgs, ... }: +{ + imports = [ + ./symlinked/symlinks.nix + ../shared/users/vili + ]; + + environment.systemPackages = with pkgs; [ + alacritty + vlc + flameshot + speedcrunch + ]; + + services = { + displayManager = { + autoLogin.enable = true; + autoLogin.user = "vili"; + }; + xserver = { + enable = true; + displayManager = { + lightdm.enable = true; + sessionCommands = ''${pkgs.xorg.xrdb}/bin/xrdb -merge < ${ + (import ./embedded/xresources.nix { inherit pkgs; }) + }''; + }; + }; + + pipewire.enable = false; + pulseaudio.enable = true; + }; + nixpkgs.config.pulseaudio = true; + + security.polkit.enable = true; + + xdg.mime.defaultApplications = { + "application/pdf" = "org.gnome.Evince.desktop"; + "text/plain" = "org.xfce.mousepad.desktop"; + "text/x-tex" = "org.kde.kile.desktop"; + "inode/directory" = "pcmanfm.description"; + }; + + qt = { + enable = true; + style = "adwaita-dark"; + platformTheme = "gnome"; + }; +} diff --git a/personal-machines/development.nix b/personal-machines/development.nix new file mode 100644 index 0000000..b18ef62 --- /dev/null +++ b/personal-machines/development.nix @@ -0,0 +1,44 @@ +{ pkgs, lib, ... }: +{ + imports = [ ./programs/embedded/nvim.nix ]; + + #################### Git configuration #################### + programs.git = { + enable = true; + lfs.enable = true; + config = { + user = { + email = "vili.m.sinerva@gmail.com"; + name = "Vili Sinervä"; + signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV"; + }; + merge = { + ff = "true"; + }; + pull = { + ff = "only"; + }; + commit = { + verbose = "true"; + }; + gpg.format = "ssh"; + commit.gpgsign = "true"; + }; + }; + + #################### Packages #################### + environment.systemPackages = with pkgs; [ + nixfmt-rfc-style + nixd + + vagrant + nmap + metasploit + armitage + ]; + virtualisation.virtualbox.host.enable = true; + virtualisation.virtualbox.host.addNetworkInterface = false; + users.extraGroups.vboxusers.members = [ "vili" ]; + + fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts); +} diff --git a/hardware-specific/amd-laptop.nix b/personal-machines/hardware/amd-laptop.nix similarity index 92% rename from hardware-specific/amd-laptop.nix rename to personal-machines/hardware/amd-laptop.nix index ab51886..8adf517 100644 --- a/hardware-specific/amd-laptop.nix +++ b/personal-machines/hardware/amd-laptop.nix @@ -1,4 +1,9 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + lib, + ... +}: { environment.systemPackages = with pkgs; [ zenmonitor ]; @@ -7,7 +12,7 @@ boot.initrd.kernelModules = [ "amdgpu" ]; services = { - xserver = pkgs.lib.mkIf config.services.xserver.enable { + xserver = lib.mkIf config.services.xserver.enable { videoDrivers = [ "amdgpu" "modesetting" diff --git a/personal-machines/hardware/hibernate.nix b/personal-machines/hardware/hibernate.nix new file mode 100644 index 0000000..45375f3 --- /dev/null +++ b/personal-machines/hardware/hibernate.nix @@ -0,0 +1,13 @@ +{ lib, ... }: +{ + swapDevices = lib.mkForce [ + { + device = "/var/lib/swapfile"; + size = 16 * 1024; + } + ]; + + boot = { + resumeDevice = lib.mkDefault "/dev/mapper/nixos"; + }; +} diff --git a/hardware-specific/intel-laptop.nix b/personal-machines/hardware/intel-laptop.nix similarity index 100% rename from hardware-specific/intel-laptop.nix rename to personal-machines/hardware/intel-laptop.nix diff --git a/hardware-specific/keychron-q11.nix b/personal-machines/hardware/keychron-q11.nix similarity index 100% rename from hardware-specific/keychron-q11.nix rename to personal-machines/hardware/keychron-q11.nix diff --git a/misc/mouse-accel.patch b/personal-machines/hardware/moonlight-trackball-accel.patch similarity index 100% rename from misc/mouse-accel.patch rename to personal-machines/hardware/moonlight-trackball-accel.patch diff --git a/hardware-specific/onlykey.nix b/personal-machines/hardware/onlykey.nix similarity index 64% rename from hardware-specific/onlykey.nix rename to personal-machines/hardware/onlykey.nix index 1a7d389..4aa184d 100644 --- a/hardware-specific/onlykey.nix +++ b/personal-machines/hardware/onlykey.nix @@ -1,12 +1,5 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { - assertions = [ - { - assertion = config.users.users ? "vili"; - message = "User 'vili' needed for onlykey!"; - } - ]; - environment.systemPackages = with pkgs; [ (onlykey.override (prev: { node_webkit = prev.node_webkit.overrideAttrs { @@ -21,7 +14,5 @@ onlykey-cli ]; - security.pam.u2f.enable = true; hardware.onlykey.enable = true; - programs.i3lock.u2fSupport = true; } diff --git a/hardware-specific/trackball.nix b/personal-machines/hardware/trackball.nix similarity index 92% rename from hardware-specific/trackball.nix rename to personal-machines/hardware/trackball.nix index 80ea205..3035958 100644 --- a/hardware-specific/trackball.nix +++ b/personal-machines/hardware/trackball.nix @@ -3,7 +3,7 @@ nixpkgs.overlays = [ (final: prev: { moonlight-qt = prev.moonlight-qt.overrideAttrs (old: { - patches = (old.patches or [ ]) ++ [ ../misc/mouse-accel.patch ]; + patches = (old.patches or [ ]) ++ [ ./moonlight-trackball-accel.patch ]; }); }) ]; diff --git a/personal-machines/networking/home-wg.nix b/personal-machines/networking/home-wg.nix new file mode 100644 index 0000000..bc6f44d --- /dev/null +++ b/personal-machines/networking/home-wg.nix @@ -0,0 +1,50 @@ +{ config, lib, ... }: +{ + options.custom.home_wg_suffix = lib.mkOption { + type = with lib.types; nullOr (strMatching "^[0-9a-zA-Z:]+$"); + default = null; + description = "IPv6 GUA Suffix for Home WireGuard config"; + }; + + config = { + networking = { + wg-quick.interfaces = { + wg0 = { + autostart = true; + address = [ "${config.custom.gua_pref}ff::${config.custom.home_wg_suffix}/64" ]; + dns = [ + "${config.custom.gua_pref}ff::1" + "vsinerva.fi" + ]; + privateKeyFile = "/persist/secrets/wireguard/priv-home"; + listenPort = 51820; + + peers = [ + { + publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34="; + presharedKeyFile = "/persist/secrets/wireguard/psk-home"; + allowedIPs = [ "::/0" ]; + endpoint = "wg.vsinerva.fi:51820"; + } + ]; + }; + }; + }; + + services.clatd = { + enable = true; + settings.clat-v6-addr = "${config.custom.gua_pref}ff::c${config.custom.home_wg_suffix}"; + }; + + systemd.services = { + "wg-quick-wg0" = { + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + }; + clatd = { + wants = [ "wg-quick-wg0.service" ]; + after = [ "wg-quick-wg0.service" ]; + }; + }; + }; +} diff --git a/personal-machines/networking/printing.nix b/personal-machines/networking/printing.nix new file mode 100644 index 0000000..a3bb01b --- /dev/null +++ b/personal-machines/networking/printing.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + programs.i3lock.enable = true; + services = { + printing.enable = true; + avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + }; +} diff --git a/personal-machines/programs/bitwarden.nix b/personal-machines/programs/bitwarden.nix new file mode 100644 index 0000000..1a9e90d --- /dev/null +++ b/personal-machines/programs/bitwarden.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + bitwarden + bitwarden-cli + ]; + + programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock"; + security = { + pam = { + rssh.enable = true; + services = { + sudo.rssh = true; + }; + }; + sudo.execWheelOnly = true; + }; + + # We need SSH for the sudo, but generally don't want it open on machines with Bitwarden client + services.openssh.openFirewall = false; +} diff --git a/personal-machines/programs/communication.nix b/personal-machines/programs/communication.nix new file mode 100644 index 0000000..f092628 --- /dev/null +++ b/personal-machines/programs/communication.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + telegram-desktop + signal-desktop + discord + ]; +} diff --git a/personal-machines/programs/embedded/alacritty.nix b/personal-machines/programs/embedded/alacritty.nix new file mode 100644 index 0000000..7b734c9 --- /dev/null +++ b/personal-machines/programs/embedded/alacritty.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: +pkgs.writeText "Xresources" '' + Xft.dpi: 96 + Xft.antialias: true + Xft.hinting: true + Xft.rgba: rgb + Xft.autohint: false + Xft.hintstyle: hintslight + Xft.lcdfilter: lcddefault + + Xcursor.theme: xcursor-breeze + Xcursor.size: 0 +'' diff --git a/program-config-files/i3.nix b/personal-machines/programs/embedded/i3-conf.nix similarity index 99% rename from program-config-files/i3.nix rename to personal-machines/programs/embedded/i3-conf.nix index 12dede5..08ac961 100644 --- a/program-config-files/i3.nix +++ b/personal-machines/programs/embedded/i3-conf.nix @@ -1,8 +1,7 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: let alacritty-conf = "${ (import ./alacritty.nix { - inherit config; inherit pkgs; }) }"; diff --git a/development.nix b/personal-machines/programs/embedded/nvim.nix similarity index 84% rename from development.nix rename to personal-machines/programs/embedded/nvim.nix index c0f7be8..7d329fc 100644 --- a/development.nix +++ b/personal-machines/programs/embedded/nvim.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ ... }: let nixvim = import ( builtins.fetchGit { @@ -8,47 +8,6 @@ let ); in { - #################### Git configuration #################### - programs.git = { - enable = true; - lfs.enable = true; - config = { - user = { - email = "vili.m.sinerva@gmail.com"; - name = "Vili Sinervä"; - signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV"; - }; - merge = { - ff = "true"; - }; - pull = { - ff = "only"; - }; - commit = { - verbose = "true"; - }; - gpg.format = "ssh"; - commit.gpgsign = "true"; - }; - }; - - #################### Packages #################### - environment.systemPackages = with pkgs; [ - nixfmt-rfc-style - nixd - - vagrant - nmap - metasploit - armitage - ]; - virtualisation.virtualbox.host.enable = true; - virtualisation.virtualbox.host.addNetworkInterface = false; - users.extraGroups.vboxusers.members = [ "vili" ]; - - fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts); - - #################### Neovim configuration #################### imports = [ nixvim.nixosModules.nixvim ]; programs.nixvim = { diff --git a/program-config-files/alacritty.nix b/personal-machines/programs/embedded/xresources.nix similarity index 100% rename from program-config-files/alacritty.nix rename to personal-machines/programs/embedded/xresources.nix diff --git a/program-config-files/firefox.nix b/personal-machines/programs/firefox.nix similarity index 100% rename from program-config-files/firefox.nix rename to personal-machines/programs/firefox.nix diff --git a/personal-machines/programs/i3.nix b/personal-machines/programs/i3.nix new file mode 100644 index 0000000..a6f3d69 --- /dev/null +++ b/personal-machines/programs/i3.nix @@ -0,0 +1,28 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + i3status + rofi + arandr + pavucontrol + viewnior + xfce.mousepad + pcmanfm + evince + brightnessctl + networkmanagerapplet + ]; + + programs.i3lock.enable = true; + + services = { + displayManager = { + defaultSession = "none+i3"; + }; + xserver.windowManager.i3 = { + enable = true; + extraPackages = [ ]; + configFile = "${(import ./embedded/i3.nix { inherit pkgs; })}"; + }; + }; +} diff --git a/personal-machines/programs/moonlight.nix b/personal-machines/programs/moonlight.nix new file mode 100644 index 0000000..fc240c2 --- /dev/null +++ b/personal-machines/programs/moonlight.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + moonlight-qt + parsec-bin + ]; +} diff --git a/personal-machines/programs/redshift.nix b/personal-machines/programs/redshift.nix new file mode 100644 index 0000000..e0bb66d --- /dev/null +++ b/personal-machines/programs/redshift.nix @@ -0,0 +1,20 @@ +{ ... }: +{ + services.redshift = { + executable = "/bin/redshift-gtk"; + enable = true; + temperature = { + night = 2800; + day = 6500; + }; + brightness = { + night = "0.5"; + day = "1"; + }; + }; + + location = { + latitude = 60.17; + longitude = 24.94; + }; +} diff --git a/personal-machines/programs/study.nix b/personal-machines/programs/study.nix new file mode 100644 index 0000000..e77f59f --- /dev/null +++ b/personal-machines/programs/study.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + libreoffice + zotero + kile + texliveFull + imagemagick + ghostscript + kdePackages.okular + ]; +} diff --git a/program-config-files/gtk-3-4-settings.ini b/personal-machines/programs/symlinked/gtk-3-4-settings.ini similarity index 100% rename from program-config-files/gtk-3-4-settings.ini rename to personal-machines/programs/symlinked/gtk-3-4-settings.ini diff --git a/program-config-files/gtk-bookmarks b/personal-machines/programs/symlinked/gtk-bookmarks similarity index 100% rename from program-config-files/gtk-bookmarks rename to personal-machines/programs/symlinked/gtk-bookmarks diff --git a/program-config-files/gtkrc-2.0 b/personal-machines/programs/symlinked/gtkrc-2.0 similarity index 100% rename from program-config-files/gtkrc-2.0 rename to personal-machines/programs/symlinked/gtkrc-2.0 diff --git a/program-config-files/libfm.conf b/personal-machines/programs/symlinked/libfm.conf similarity index 100% rename from program-config-files/libfm.conf rename to personal-machines/programs/symlinked/libfm.conf diff --git a/program-config-files/pcmanfm.conf b/personal-machines/programs/symlinked/pcmanfm.conf similarity index 100% rename from program-config-files/pcmanfm.conf rename to personal-machines/programs/symlinked/pcmanfm.conf diff --git a/personal-machines/programs/symlinked/symlinks.nix b/personal-machines/programs/symlinked/symlinks.nix new file mode 100644 index 0000000..b723402 --- /dev/null +++ b/personal-machines/programs/symlinked/symlinks.nix @@ -0,0 +1,54 @@ +{ ... }: +{ + system.userActivationScripts.mkDesktopSettingsSymlinks.text = + let + home = "/home/vili/"; + paths = [ + rec { + dir = "${home}.config/pcmanfm/default/"; + file = "pcmanfm.conf"; + full = "${dir}${file}"; + source = "${./pcmanfm.conf}"; + } + rec { + dir = "${home}.config/libfm/"; + file = "libfm.conf"; + full = "${dir}${file}"; + source = "${./libfm.conf}"; + } + rec { + dir = "${home}.config/gtk-3.0/"; + file = "bookmarks"; + full = "${dir}${file}"; + source = "${./gtk-bookmarks}"; + } + rec { + dir = "${home}"; + file = ".gtkrc-2.0"; + full = "${dir}${file}"; + source = "${./gtkrc-2.0}"; + } + rec { + dir = "${home}.config/gtk-3.0/"; + file = "settings.ini"; + full = "${dir}${file}"; + source = "${./gtk-3-4-settings.ini}"; + } + rec { + dir = "${home}.config/gtk-4.0/"; + file = "settings.ini"; + full = "${dir}${file}"; + source = "${./gtk-3-4-settings.ini}"; + } + ]; + in + toString ( + map (path: '' + mkdir -p ${path.dir} + if test -e ${path.full} -a ! -L ${path.full}; then + mv -f ${path.full} ${path.full}.old + fi + ln -sf ${path.source} ${path.full} + '') paths + ); +} diff --git a/hardware-specific/usb-automount.nix b/personal-machines/programs/usb-automount.nix similarity index 100% rename from hardware-specific/usb-automount.nix rename to personal-machines/programs/usb-automount.nix diff --git a/servers/syncthing.nix b/servers/syncthing.nix index fd1cd8e..c9acaf3 100644 --- a/servers/syncthing.nix +++ b/servers/syncthing.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, ... }: { boot.kernel.sysctl."fs.inotify.max_user_watches" = 204800; @@ -20,14 +20,14 @@ relaysEnabled = false; }; - devices = pkgs.lib.mkMerge [ + devices = lib.mkMerge [ { "syncthing" = { id = "J6GNM4Z-2TWASPT-3P3EW4V-KZEQYFF-TXL22QX-4YTZ3WO-WLM7GQ7-NUP66A4"; addresses = [ "tcp://syncthing.vsinerva.fi:22000" ]; }; } - (pkgs.lib.mkIf (config.networking.hostName == "syncthing") { + (lib.mkIf (config.networking.hostName == "syncthing") { "helium" = { id = "2MRUBSY-NHXYMAW-SY22RHP-CNNMHKR-DPDKMM4-2XV5F6M-6KSNLQI-DD4EOAM"; addresses = [ "tcp://helium.vsinerva.fi:22000" ]; @@ -42,9 +42,9 @@ folders = let default = { - devices = pkgs.lib.mkMerge [ + devices = lib.mkMerge [ [ "syncthing" ] - (pkgs.lib.mkIf (config.networking.hostName == "syncthing") [ + (lib.mkIf (config.networking.hostName == "syncthing") [ "helium" "lithium" ]) diff --git a/base.nix b/shared/base.nix similarity index 90% rename from base.nix rename to shared/base.nix index ed3c760..d3f4bf1 100644 --- a/base.nix +++ b/shared/base.nix @@ -83,7 +83,7 @@ set -s escape-time 0 ''; - ######################################## SSH and fail2ban configuration ######################### + ######################################## SSH configuration ######################### services.openssh = { enable = true; settings.PasswordAuthentication = false; @@ -92,21 +92,6 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV vili-bw-ssh-ed25519-main" ]; - services.fail2ban = { - enable = true; - maxretry = 10; - bantime = "10m"; - bantime-increment = { - enable = true; - maxtime = "1d"; - }; - jails = { - DEFAULT.settings = { - findtime = 3600; - }; - }; - }; - ######################################## Localization ########################################### i18n.defaultLocale = "en_US.UTF-8"; @@ -126,7 +111,7 @@ layout = "us,"; variant = "de_se_fi,"; }; - console = pkgs.lib.mkForce { + console = lib.mkForce { font = "Lat2-Terminus16"; useXkbConfig = true; # use xkbOptions in tty. }; @@ -187,9 +172,9 @@ users.mutableUsers = false; # Force all user management to happen throught nix-files boot.loader = { - systemd-boot.enable = pkgs.lib.mkDefault true; - efi.canTouchEfiVariables = pkgs.lib.mkDefault true; - timeout = pkgs.lib.mkDefault 0; + systemd-boot.enable = lib.mkDefault true; + efi.canTouchEfiVariables = lib.mkDefault true; + timeout = lib.mkDefault 0; }; }; } diff --git a/hardware-specific/nvidia.nix b/shared/hardware/nvidia.nix similarity index 100% rename from hardware-specific/nvidia.nix rename to shared/hardware/nvidia.nix diff --git a/shared/impermanence.nix b/shared/impermanence.nix new file mode 100644 index 0000000..f19b201 --- /dev/null +++ b/shared/impermanence.nix @@ -0,0 +1,44 @@ +{ ... }: +let + impermanence = builtins.fetchTarball { + url = "https://github.com/nix-community/impermanence/archive/master.tar.gz"; + }; +in +{ + imports = [ "${impermanence}/nixos.nix" ]; + + environment.persistence."/persist" = { + enable = true; # NB: Defaults to true, not needed + hideMounts = true; + directories = [ + # "/etc/NetworkManager/system-connections" + # { + # directory = "/var/lib/colord"; + # user = "colord"; + # group = "colord"; + # mode = "u=rwx,g=rx,o="; + # } + ]; + files = [ + # "/etc/machine-id" + # { + # file = "/var/keys/secret_file"; + # parentDirectory = { + # mode = "u=rwx,g=,o="; + # }; + # } + ]; + users.vili = { + # directories = [ + # "VirtualBox VMs" + # { + # directory = ".gnupg"; + # mode = "0700"; + # } + # ]; + # files = [ + # ".screenrc" + # ]; + }; + }; +} diff --git a/users/vili.nix b/shared/users/vili.nix similarity index 83% rename from users/vili.nix rename to shared/users/vili.nix index e336e89..f1a12ff 100644 --- a/users/vili.nix +++ b/shared/users/vili.nix @@ -11,7 +11,7 @@ "audio" ]; openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; - hashedPasswordFile = "/root/hashed-passwords/vili"; + hashedPasswordFile = "/persist/secrets/hashed-passwords/vili"; }; users.groups.vili.gid = 1000;