Way too massive refactoring

custom-installer/minimal.nix

@@ -1,9 +1,9 @@
-{ pkgs, ... }:
+{ lib, ... }:
 {
   imports = [
     <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
     ./base.nix
   ];
 
-  networking.networkmanager.enable = pkgs.lib.mkForce false;
+  networking.networkmanager.enable = lib.mkForce false;
 }

desktop.nix

@@ -1,168 +0,0 @@
-{ config, pkgs, ... }:
-let
-  Xresources = "${pkgs.writeText "Xresources" ''
-    Xft.dpi:       96
-    Xft.antialias: true
-    Xft.hinting:   true
-    Xft.rgba:      rgb
-    Xft.autohint:  false
-    Xft.hintstyle: hintslight
-    Xft.lcdfilter: lcddefault
-
-    Xcursor.theme: xcursor-breeze
-    Xcursor.size:                     0
-  ''}";
-in
-{
-  assertions = [
-    {
-      assertion = config.users.users ? "vili";
-      message = "User 'vili' needed for desktop!";
-    }
-  ];
-
-  imports = [ ./program-config-files/firefox.nix ];
-
-  environment.systemPackages = with pkgs; [
-    alacritty
-    i3status
-    rofi
-    arandr
-    telegram-desktop
-    signal-desktop
-    discord
-    vlc
-    pavucontrol
-    viewnior
-    xfce.mousepad
-    pcmanfm
-    libreoffice
-    evince
-    brightnessctl
-    networkmanagerapplet
-    flameshot
-    speedcrunch
-    bitwarden
-
-    zotero
-    kile
-    texliveFull
-    imagemagick
-    ghostscript
-    kdePackages.okular
-  ];
-  programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
-  security = {
-    pam = {
-      rssh.enable = true;
-      services = {
-        sudo.rssh = true;
-      };
-    };
-    sudo.execWheelOnly = true;
-  };
-
-  programs.i3lock.enable = true;
-  services = {
-    displayManager = {
-      defaultSession = "none+i3";
-      autoLogin.enable = true;
-      autoLogin.user = "vili";
-    };
-    xserver = {
-      enable = true;
-      displayManager = {
-        lightdm.enable = true;
-        sessionCommands = ''${pkgs.xorg.xrdb}/bin/xrdb -merge < ${Xresources}'';
-      };
-      windowManager.i3 = {
-        enable = true;
-        extraPackages = [ ];
-        configFile = "${
-          (import ./program-config-files/i3.nix {
-            inherit config;
-            inherit pkgs;
-          })
-        }";
-      };
-    };
-
-    printing.enable = true;
-    avahi = {
-      enable = true;
-      nssmdns4 = true;
-      openFirewall = true;
-    };
-
-    pipewire.enable = false;
-    pulseaudio.enable = true;
-  };
-  nixpkgs.config.pulseaudio = true;
-
-  security.polkit.enable = true;
-
-  xdg.mime.defaultApplications = {
-    "application/pdf" = "org.gnome.Evince.desktop";
-    "text/plain" = "org.xfce.mousepad.desktop";
-    "text/x-tex" = "org.kde.kile.desktop";
-    "inode/directory" = "pcmanfm.description";
-  };
-
-  qt = {
-    enable = true;
-    style = "adwaita-dark";
-    platformTheme = "gnome";
-  };
-
-  system.userActivationScripts.mkDesktopSettingsSymlinks.text =
-    let
-      home = "/home/vili/";
-      paths = [
-        rec {
-          dir = "${home}.config/pcmanfm/default/";
-          file = "pcmanfm.conf";
-          full = "${dir}${file}";
-          source = "${./program-config-files/pcmanfm.conf}";
-        }
-        rec {
-          dir = "${home}.config/libfm/";
-          file = "libfm.conf";
-          full = "${dir}${file}";
-          source = "${./program-config-files/libfm.conf}";
-        }
-        rec {
-          dir = "${home}.config/gtk-3.0/";
-          file = "bookmarks";
-          full = "${dir}${file}";
-          source = "${./program-config-files/gtk-bookmarks}";
-        }
-        rec {
-          dir = "${home}";
-          file = ".gtkrc-2.0";
-          full = "${dir}${file}";
-          source = "${./program-config-files/gtkrc-2.0}";
-        }
-        rec {
-          dir = "${home}.config/gtk-3.0/";
-          file = "settings.ini";
-          full = "${dir}${file}";
-          source = "${./program-config-files/gtk-3-4-settings.ini}";
-        }
-        rec {
-          dir = "${home}.config/gtk-4.0/";
-          file = "settings.ini";
-          full = "${dir}${file}";
-          source = "${./program-config-files/gtk-3-4-settings.ini}";
-        }
-      ];
-    in
-    toString (
-      map (path: ''
-        mkdir -p ${path.dir}
-        if test -e ${path.full} -a ! -L ${path.full}; then
-          mv -f ${path.full} ${path.full}.old
-        fi
-        ln -sf ${path.source} ${path.full}
-      '') paths
-    );
-}

machine-confs/cert-store.nix

@@ -3,13 +3,9 @@
   networking.hostName = "cert-store";
 
   imports = [
-    ../base.nix
+    ../shared/base.nix
     ../servers/acme-cert-store.nix
   ];
 
-  #Many installs will need this, and it won't hurt either way
   services.qemuGuest.enable = true;
-
-  #Prevent user from being locked out of the system before switching to proper config
-  users.mutableUsers = pkgs.lib.mkForce true;
 }

machine-confs/exoplasim.nix

@@ -1,6 +1,11 @@
-{ config, pkgs, ... }:
 {
-  imports = [ ../base.nix ];
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
+  imports = [ ../shared/base.nix ];
 
   # Networking conf including WireGuard
   networking = {
@@ -42,7 +47,7 @@
   };
   users.groups.worker.gid = 1001;
 
-  system.autoUpgrade.allowReboot = pkgs.lib.mkForce false;
+  system.autoUpgrade.allowReboot = lib.mkForce false;
 
   programs.rust-motd = {
     enable = true;

machine-confs/forgejo.nix

@@ -3,7 +3,7 @@
   networking.hostName = "forgejo";
 
   imports = [
-    ../base.nix
+    ../shared/base.nix
     ../servers/forgejo.nix
   ];
 

machine-confs/gaming.nix

@@ -3,11 +3,12 @@
   networking.hostName = "gaming";
 
   imports = [
-    ../base.nix
+    ../shared/base.nix
-    ../desktop.nix
+    ../shared/hardware/nvidia.nix
-    ../users/vili.nix
+
+    ../personal-machines/desktop.nix
+
     ../servers/gaming-server.nix
-    ../hardware-specific/nvidia.nix
   ];
 
   users.users.vili.hashedPasswordFile = lib.mkForce null;

machine-confs/generic.nix

@@ -1,12 +1,12 @@
-{ pkgs, ... }:
+{ lib, ... }:
 {
   networking.hostName = "nixos";
 
-  imports = [ ../base.nix ];
+  imports = [ ../shared/base.nix ];
 
   #Many installs will need this, and it won't hurt either way
   services.qemuGuest.enable = true;
 
   #Prevent user from being locked out of the system before switching to proper config
-  users.mutableUsers = pkgs.lib.mkForce true;
+  users.mutableUsers = lib.mkForce true;
 }

machine-confs/helium.nix

@@ -1,28 +1,12 @@
-{ pkgs, config, ... }:
+{ pkgs, lib, ... }:
 {
+  custom.home_wg_suffix = "2";
+  system.autoUpgrade.allowReboot = lib.mkForce false;
+
   networking = {
     hostName = "helium";
 
     wg-quick.interfaces = {
-      wg0 = {
-        autostart = true;
-        address = [ "${config.custom.gua_pref}ff::2/64" ];
-        dns = [
-          "${config.custom.gua_pref}ff::1"
-          "vsinerva.fi"
-        ];
-        privateKeyFile = "/root/wireguard-keys/privatekey-home";
-        listenPort = 51820;
-
-        peers = [
-          {
-            publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
-            presharedKeyFile = "/root/wireguard-keys/psk-home";
-            allowedIPs = [ "::/0" ];
-            endpoint = "wg.vsinerva.fi:51820";
-          }
-        ];
-      };
       wg1 = {
         autostart = false;
         address = [ "10.100.0.7/24" ];
@@ -43,48 +27,11 @@
       };
     };
   };
-  # Dirty hack to fix autostart failing due to DNS lookups
-  systemd.services."wg-quick-wg0".serviceConfig = {
-    Restart = "on-failure";
-    RestartSec = "1s";
-  };
-  services.clatd = {
-    enable = true;
-    settings.clat-v6-addr = "${config.custom.gua_pref}ff::c2";
-  };
-  systemd.services.clatd.wants = [ "wg-quick-wg0.service" ];
-
-  services.openssh.openFirewall = false;
-  services.fail2ban.enable = pkgs.lib.mkForce false;
-
-  imports = [
-    ../base.nix
-    ../users/vili.nix
-    ../desktop.nix
-    ../development.nix
-    ../services/syncthing.nix
-    ../services/redshift.nix
-    ../services/moonlight.nix
-    ../hardware-specific/onlykey.nix
-    ../hardware-specific/keychron-q11.nix
-    ../hardware-specific/trackball.nix
-    ../hardware-specific/amd-laptop.nix
-    ../hardware-specific/usb-automount.nix
-  ];
 
   services.xserver.displayManager.setupCommands = ''
     ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360
   '';
 
-  system.autoUpgrade.allowReboot = pkgs.lib.mkForce false;
-
-  swapDevices = pkgs.lib.mkForce [
-    {
-      device = "/var/lib/swapfile";
-      size = 16 * 1024;
-    }
-  ];
-
   boot = {
     loader.timeout = 3;
     initrd.luks = {
@@ -97,4 +44,29 @@
     resumeDevice = "/dev/mapper/luks-f6e1979b-0dee-4ee9-8170-10490019854b";
     kernelParams = [ "resume_offset=44537856" ];
   };
+
+  imports = [
+    ../shared/base.nix
+
+    ../personal-machines/desktop.nix
+    ../personal-machines/development.nix
+
+    ../personal-machines/hardware/amd-laptop.nix
+    ../personal-machines/hardware/hibernate.nix
+    ../personal-machines/hardware/keychron-q11.nix
+    ../personal-machines/hardware/onlykey.nix
+    ../personal-machines/hardware/trackball.nix
+
+    ../personal-machines/networking/home-wg.nix
+    ../personal-machines/networking/printing.nix
+
+    ../personal-machines/programs/bitwarden.nix
+    ../personal-machines/programs/communication.nix
+    ../personal-machines/programs/firefox.nix
+    ../personal-machines/programs/i3.nix
+    ../personal-machines/programs/moonlight.nix
+    ../personal-machines/programs/redshift.nix
+    ../personal-machines/programs/study.nix
+    ../personal-machines/programs/usb-automount.nix
+  ];
 }

machine-confs/idacloud.nix

@@ -5,7 +5,7 @@
   custom.collabora_domain = "idacollab.sinerva.eu";
 
   imports = [
-    ../base.nix
+    ../shared/base.nix
     ../servers/nextcloud.nix
   ];
 

machine-confs/lithium.nix

@@ -1,78 +1,31 @@
-{ pkgs, config, ... }:
+{ lib, ... }:
 {
-  networking = {
+  networking.hostName = "lithium";
-    hostName = "lithium";
+  custom.home_wg_suffix = "3";
 
-    wg-quick.interfaces = {
+  system.autoUpgrade.allowReboot = lib.mkForce false;
-      wg0 = {
+  # boot.kernelParams = [ "resume_offset=39292928" ];
-        autostart = true;
-        address = [ "${config.custom.gua_pref}ff::3/64" ];
-        dns = [
-          "${config.custom.gua_pref}ff::1"
-          "vsinerva.fi"
-        ];
-        privateKeyFile = "/root/wireguard-keys/privatekey-home";
-        listenPort = 51820;
-
-        peers = [
-          {
-            publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
-            presharedKeyFile = "/root/wireguard-keys/psk-home";
-            allowedIPs = [ "::/0" ];
-            endpoint = "wg.vsinerva.fi:51820";
-          }
-        ];
-      };
-    };
-  };
-  # Dirty hack to fix autostart failing due to DNS lookups
-  systemd.services."wg-quick-wg0".serviceConfig = {
-    Restart = "on-failure";
-    RestartSec = "1s";
-  };
-  services.clatd = {
-    enable = true;
-    settings.clat-v6-addr = "${config.custom.gua_pref}ff::c3";
-  };
-  systemd.services.clatd.wants = [ "wg-quick-wg0.service" ];
-
-  services.openssh.openFirewall = false;
-  services.fail2ban.enable = pkgs.lib.mkForce false;
 
   imports = [
-    ../base.nix
+    ../shared/base.nix
-    ../users/vili.nix
+
-    ../desktop.nix
+    ../personal-machines/desktop.nix
-    ../development.nix
+    ../personal-machines/development.nix
-    ../services/syncthing.nix
+
-    ../services/redshift.nix
+    ../personal-machines/hardware/hibernate.nix
-    ../services/moonlight.nix
+    ../personal-machines/hardware/intel-laptop.nix
-    ../hardware-specific/onlykey.nix
+    ../personal-machines/hardware/onlykey.nix
-    ../hardware-specific/keychron-q11.nix
+
-    ../hardware-specific/trackball.nix
+    ../personal-machines/networking/home-wg.nix
-    ../hardware-specific/usb-automount.nix
+    ../personal-machines/networking/printing.nix
-    ../hardware-specific/intel-laptop.nix
+
+    ../personal-machines/programs/bitwarden.nix
+    ../personal-machines/programs/communication.nix
+    ../personal-machines/programs/firefox.nix
+    ../personal-machines/programs/i3.nix
+    ../personal-machines/programs/moonlight.nix
+    ../personal-machines/programs/redshift.nix
+    ../personal-machines/programs/study.nix
+    ../personal-machines/programs/usb-automount.nix
   ];
-
-  system.autoUpgrade.allowReboot = pkgs.lib.mkForce false;
-
-  swapDevices = pkgs.lib.mkForce [
-    {
-      device = "/var/lib/swapfile";
-      size = 16 * 1024;
-    }
-  ];
-
-  boot = {
-    loader.timeout = 10;
-    initrd.luks = {
-      fido2Support = true;
-      devices."nixos".fido2 = {
-        passwordLess = true;
-        credential = "f29b0760a6ec3b18b0a9958d77d8be8b15ff4fd90d42c3ceaeeb5d24a19c8f81315f52dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec014225afa01";
-      };
-    };
-    resumeDevice = "/dev/mapper/nixos";
-    kernelParams = [ "resume_offset=39292928" ];
-  };
 }

machine-confs/nextcloud.nix

@@ -4,7 +4,7 @@
   custom.nextcloud_domain = "nextcloud.vsinerva.fi";
 
   imports = [
-    ../base.nix
+    ../shared/base.nix
     ../servers/nextcloud.nix
   ];
 

machine-confs/siit-dc.nix

@@ -3,7 +3,7 @@
   networking.hostName = "siit-dc";
 
   imports = [
-    ../base.nix
+    ../shared/base.nix
     ../servers/siit-dc.nix
   ];
 

machine-confs/syncthing.nix

@@ -1,14 +1,15 @@
-{ pkgs, ... }:
+{ lib, ... }:
 {
   networking.hostName = "syncthing";
 
   imports = [
-    ../base.nix
+    ../shared/base.nix
-    ../users/vili.nix
+    ../shared/users/vili.nix
+
     ../servers/syncthing.nix
   ];
 
-  users.users.vili.hashedPasswordFile = pkgs.lib.mkForce null;
+  users.users.vili.hashedPasswordFile = lib.mkForce null;
 
   # HARDWARE SPECIFIC
   services.qemuGuest.enable = true;

machine-confs/vaultwarden.nix

@@ -3,7 +3,7 @@
   networking.hostName = "vaultwarden";
 
   imports = [
-    ../base.nix
+    ../shared/base.nix
     ../servers/vaultwarden.nix
   ];
 

machine-confs/wg-rpi.nix

@@ -8,7 +8,7 @@ let
   ddPassFile = "/root/wg-conf/ddPassFile";
 in
 {
-  imports = [ ../base.nix ];
+  imports = [ ../shared/base.nix ];
 
   environment.systemPackages = with pkgs; [
     wireguard-tools

personal-machines/desktop.nix

@@ -0,0 +1,49 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./symlinked/symlinks.nix
+    ../shared/users/vili
+  ];
+
+  environment.systemPackages = with pkgs; [
+    alacritty
+    vlc
+    flameshot
+    speedcrunch
+  ];
+
+  services = {
+    displayManager = {
+      autoLogin.enable = true;
+      autoLogin.user = "vili";
+    };
+    xserver = {
+      enable = true;
+      displayManager = {
+        lightdm.enable = true;
+        sessionCommands = ''${pkgs.xorg.xrdb}/bin/xrdb -merge < ${
+          (import ./embedded/xresources.nix { inherit pkgs; })
+        }'';
+      };
+    };
+
+    pipewire.enable = false;
+    pulseaudio.enable = true;
+  };
+  nixpkgs.config.pulseaudio = true;
+
+  security.polkit.enable = true;
+
+  xdg.mime.defaultApplications = {
+    "application/pdf" = "org.gnome.Evince.desktop";
+    "text/plain" = "org.xfce.mousepad.desktop";
+    "text/x-tex" = "org.kde.kile.desktop";
+    "inode/directory" = "pcmanfm.description";
+  };
+
+  qt = {
+    enable = true;
+    style = "adwaita-dark";
+    platformTheme = "gnome";
+  };
+}

personal-machines/development.nix

@@ -0,0 +1,44 @@
+{ pkgs, lib, ... }:
+{
+  imports = [ ./programs/embedded/nvim.nix ];
+
+  #################### Git configuration ####################
+  programs.git = {
+    enable = true;
+    lfs.enable = true;
+    config = {
+      user = {
+        email = "vili.m.sinerva@gmail.com";
+        name = "Vili Sinervä";
+        signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
+      };
+      merge = {
+        ff = "true";
+      };
+      pull = {
+        ff = "only";
+      };
+      commit = {
+        verbose = "true";
+      };
+      gpg.format = "ssh";
+      commit.gpgsign = "true";
+    };
+  };
+
+  #################### Packages ####################
+  environment.systemPackages = with pkgs; [
+    nixfmt-rfc-style
+    nixd
+
+    vagrant
+    nmap
+    metasploit
+    armitage
+  ];
+  virtualisation.virtualbox.host.enable = true;
+  virtualisation.virtualbox.host.addNetworkInterface = false;
+  users.extraGroups.vboxusers.members = [ "vili" ];
+
+  fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
+}

personal-machines/hardware/amd-laptop.nix

@@ -1,4 +1,9 @@
-{ config, pkgs, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 {
   environment.systemPackages = with pkgs; [ zenmonitor ];
 
@@ -7,7 +12,7 @@
   boot.initrd.kernelModules = [ "amdgpu" ];
 
   services = {
-    xserver = pkgs.lib.mkIf config.services.xserver.enable {
+    xserver = lib.mkIf config.services.xserver.enable {
       videoDrivers = [
         "amdgpu"
         "modesetting"

personal-machines/hardware/hibernate.nix

@@ -0,0 +1,13 @@
+{ lib, ... }:
+{
+  swapDevices = lib.mkForce [
+    {
+      device = "/var/lib/swapfile";
+      size = 16 * 1024;
+    }
+  ];
+
+  boot = {
+    resumeDevice = lib.mkDefault "/dev/mapper/nixos";
+  };
+}

personal-machines/hardware/onlykey.nix

@@ -1,12 +1,5 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
-  assertions = [
-    {
-      assertion = config.users.users ? "vili";
-      message = "User 'vili' needed for onlykey!";
-    }
-  ];
-
   environment.systemPackages = with pkgs; [
     (onlykey.override (prev: {
       node_webkit = prev.node_webkit.overrideAttrs {
@@ -21,7 +14,5 @@
     onlykey-cli
   ];
 
-  security.pam.u2f.enable = true;
   hardware.onlykey.enable = true;
-  programs.i3lock.u2fSupport = true;
 }

personal-machines/hardware/trackball.nix

@@ -3,7 +3,7 @@
   nixpkgs.overlays = [
     (final: prev: {
       moonlight-qt = prev.moonlight-qt.overrideAttrs (old: {
-        patches = (old.patches or [ ]) ++ [ ../misc/mouse-accel.patch ];
+        patches = (old.patches or [ ]) ++ [ ./moonlight-trackball-accel.patch ];
       });
     })
   ];

personal-machines/networking/home-wg.nix

@@ -0,0 +1,50 @@
+{ config, lib, ... }:
+{
+  options.custom.home_wg_suffix = lib.mkOption {
+    type = with lib.types; nullOr (strMatching "^[0-9a-zA-Z:]+$");
+    default = null;
+    description = "IPv6 GUA Suffix for Home WireGuard config";
+  };
+
+  config = {
+    networking = {
+      wg-quick.interfaces = {
+        wg0 = {
+          autostart = true;
+          address = [ "${config.custom.gua_pref}ff::${config.custom.home_wg_suffix}/64" ];
+          dns = [
+            "${config.custom.gua_pref}ff::1"
+            "vsinerva.fi"
+          ];
+          privateKeyFile = "/persist/secrets/wireguard/priv-home";
+          listenPort = 51820;
+
+          peers = [
+            {
+              publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
+              presharedKeyFile = "/persist/secrets/wireguard/psk-home";
+              allowedIPs = [ "::/0" ];
+              endpoint = "wg.vsinerva.fi:51820";
+            }
+          ];
+        };
+      };
+    };
+
+    services.clatd = {
+      enable = true;
+      settings.clat-v6-addr = "${config.custom.gua_pref}ff::c${config.custom.home_wg_suffix}";
+    };
+
+    systemd.services = {
+      "wg-quick-wg0" = {
+        wants = [ "network-online.target" ];
+        after = [ "network-online.target" ];
+      };
+      clatd = {
+        wants = [ "wg-quick-wg0.service" ];
+        after = [ "wg-quick-wg0.service" ];
+      };
+    };
+  };
+}

personal-machines/networking/printing.nix

@@ -0,0 +1,12 @@
+{ ... }:
+{
+  programs.i3lock.enable = true;
+  services = {
+    printing.enable = true;
+    avahi = {
+      enable = true;
+      nssmdns4 = true;
+      openFirewall = true;
+    };
+  };
+}

personal-machines/programs/bitwarden.nix

@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    bitwarden
+    bitwarden-cli
+  ];
+
+  programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
+  security = {
+    pam = {
+      rssh.enable = true;
+      services = {
+        sudo.rssh = true;
+      };
+    };
+    sudo.execWheelOnly = true;
+  };
+
+  # We need SSH for the sudo, but generally don't want it open on machines with Bitwarden client
+  services.openssh.openFirewall = false;
+}

personal-machines/programs/communication.nix

@@ -0,0 +1,8 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    telegram-desktop
+    signal-desktop
+    discord
+  ];
+}

personal-machines/programs/embedded/alacritty.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+pkgs.writeText "Xresources" ''
+  Xft.dpi:       96
+  Xft.antialias: true
+  Xft.hinting:   true
+  Xft.rgba:      rgb
+  Xft.autohint:  false
+  Xft.hintstyle: hintslight
+  Xft.lcdfilter: lcddefault
+
+  Xcursor.theme: xcursor-breeze
+  Xcursor.size:                     0
+''

personal-machines/programs/embedded/i3-conf.nix

@@ -1,8 +1,7 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 let
   alacritty-conf = "${
     (import ./alacritty.nix {
-      inherit config;
       inherit pkgs;
     })
   }";

personal-machines/programs/embedded/nvim.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ ... }:
 let
   nixvim = import (
     builtins.fetchGit {
@@ -8,47 +8,6 @@ let
   );
 in
 {
-  #################### Git configuration ####################
-  programs.git = {
-    enable = true;
-    lfs.enable = true;
-    config = {
-      user = {
-        email = "vili.m.sinerva@gmail.com";
-        name = "Vili Sinervä";
-        signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
-      };
-      merge = {
-        ff = "true";
-      };
-      pull = {
-        ff = "only";
-      };
-      commit = {
-        verbose = "true";
-      };
-      gpg.format = "ssh";
-      commit.gpgsign = "true";
-    };
-  };
-
-  #################### Packages ####################
-  environment.systemPackages = with pkgs; [
-    nixfmt-rfc-style
-    nixd
-
-    vagrant
-    nmap
-    metasploit
-    armitage
-  ];
-  virtualisation.virtualbox.host.enable = true;
-  virtualisation.virtualbox.host.addNetworkInterface = false;
-  users.extraGroups.vboxusers.members = [ "vili" ];
-
-  fonts.packages = builtins.filter lib.attrsets.isDerivation (builtins.attrValues pkgs.nerd-fonts);
-
-  #################### Neovim configuration ####################
   imports = [ nixvim.nixosModules.nixvim ];
 
   programs.nixvim = {

personal-machines/programs/i3.nix

@@ -0,0 +1,28 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    i3status
+    rofi
+    arandr
+    pavucontrol
+    viewnior
+    xfce.mousepad
+    pcmanfm
+    evince
+    brightnessctl
+    networkmanagerapplet
+  ];
+
+  programs.i3lock.enable = true;
+
+  services = {
+    displayManager = {
+      defaultSession = "none+i3";
+    };
+    xserver.windowManager.i3 = {
+      enable = true;
+      extraPackages = [ ];
+      configFile = "${(import ./embedded/i3.nix { inherit pkgs; })}";
+    };
+  };
+}

personal-machines/programs/moonlight.nix

@@ -0,0 +1,7 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    moonlight-qt
+    parsec-bin
+  ];
+}

personal-machines/programs/redshift.nix

@@ -0,0 +1,20 @@
+{ ... }:
+{
+  services.redshift = {
+    executable = "/bin/redshift-gtk";
+    enable = true;
+    temperature = {
+      night = 2800;
+      day = 6500;
+    };
+    brightness = {
+      night = "0.5";
+      day = "1";
+    };
+  };
+
+  location = {
+    latitude = 60.17;
+    longitude = 24.94;
+  };
+}

personal-machines/programs/study.nix

@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    libreoffice
+    zotero
+    kile
+    texliveFull
+    imagemagick
+    ghostscript
+    kdePackages.okular
+  ];
+}

personal-machines/programs/symlinked/symlinks.nix

@@ -0,0 +1,54 @@
+{ ... }:
+{
+  system.userActivationScripts.mkDesktopSettingsSymlinks.text =
+    let
+      home = "/home/vili/";
+      paths = [
+        rec {
+          dir = "${home}.config/pcmanfm/default/";
+          file = "pcmanfm.conf";
+          full = "${dir}${file}";
+          source = "${./pcmanfm.conf}";
+        }
+        rec {
+          dir = "${home}.config/libfm/";
+          file = "libfm.conf";
+          full = "${dir}${file}";
+          source = "${./libfm.conf}";
+        }
+        rec {
+          dir = "${home}.config/gtk-3.0/";
+          file = "bookmarks";
+          full = "${dir}${file}";
+          source = "${./gtk-bookmarks}";
+        }
+        rec {
+          dir = "${home}";
+          file = ".gtkrc-2.0";
+          full = "${dir}${file}";
+          source = "${./gtkrc-2.0}";
+        }
+        rec {
+          dir = "${home}.config/gtk-3.0/";
+          file = "settings.ini";
+          full = "${dir}${file}";
+          source = "${./gtk-3-4-settings.ini}";
+        }
+        rec {
+          dir = "${home}.config/gtk-4.0/";
+          file = "settings.ini";
+          full = "${dir}${file}";
+          source = "${./gtk-3-4-settings.ini}";
+        }
+      ];
+    in
+    toString (
+      map (path: ''
+        mkdir -p ${path.dir}
+        if test -e ${path.full} -a ! -L ${path.full}; then
+          mv -f ${path.full} ${path.full}.old
+        fi
+        ln -sf ${path.source} ${path.full}
+      '') paths
+    );
+}

servers/syncthing.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, ... }:
 {
   boot.kernel.sysctl."fs.inotify.max_user_watches" = 204800;
 
@@ -20,14 +20,14 @@
         relaysEnabled = false;
       };
 
-      devices = pkgs.lib.mkMerge [
+      devices = lib.mkMerge [
         {
           "syncthing" = {
             id = "J6GNM4Z-2TWASPT-3P3EW4V-KZEQYFF-TXL22QX-4YTZ3WO-WLM7GQ7-NUP66A4";
             addresses = [ "tcp://syncthing.vsinerva.fi:22000" ];
           };
         }
-        (pkgs.lib.mkIf (config.networking.hostName == "syncthing") {
+        (lib.mkIf (config.networking.hostName == "syncthing") {
           "helium" = {
             id = "2MRUBSY-NHXYMAW-SY22RHP-CNNMHKR-DPDKMM4-2XV5F6M-6KSNLQI-DD4EOAM";
             addresses = [ "tcp://helium.vsinerva.fi:22000" ];
@@ -42,9 +42,9 @@
       folders =
         let
           default = {
-            devices = pkgs.lib.mkMerge [
+            devices = lib.mkMerge [
               [ "syncthing" ]
-              (pkgs.lib.mkIf (config.networking.hostName == "syncthing") [
+              (lib.mkIf (config.networking.hostName == "syncthing") [
                 "helium"
                 "lithium"
               ])

shared/base.nix

@@ -83,7 +83,7 @@
       set -s escape-time 0
     '';
 
-    ######################################## SSH and fail2ban configuration #########################
+    ######################################## SSH configuration #########################
     services.openssh = {
       enable = true;
       settings.PasswordAuthentication = false;
@@ -92,21 +92,6 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV vili-bw-ssh-ed25519-main"
     ];
 
-    services.fail2ban = {
-      enable = true;
-      maxretry = 10;
-      bantime = "10m";
-      bantime-increment = {
-        enable = true;
-        maxtime = "1d";
-      };
-      jails = {
-        DEFAULT.settings = {
-          findtime = 3600;
-        };
-      };
-    };
-
     ######################################## Localization ###########################################
     i18n.defaultLocale = "en_US.UTF-8";
 
@@ -126,7 +111,7 @@
       layout = "us,";
       variant = "de_se_fi,";
     };
-    console = pkgs.lib.mkForce {
+    console = lib.mkForce {
       font = "Lat2-Terminus16";
       useXkbConfig = true; # use xkbOptions in tty.
     };
@@ -187,9 +172,9 @@
     users.mutableUsers = false; # Force all user management to happen throught nix-files
 
     boot.loader = {
-      systemd-boot.enable = pkgs.lib.mkDefault true;
+      systemd-boot.enable = lib.mkDefault true;
-      efi.canTouchEfiVariables = pkgs.lib.mkDefault true;
+      efi.canTouchEfiVariables = lib.mkDefault true;
-      timeout = pkgs.lib.mkDefault 0;
+      timeout = lib.mkDefault 0;
     };
   };
 }

shared/impermanence.nix

@@ -0,0 +1,44 @@
+{ ... }:
+let
+  impermanence = builtins.fetchTarball {
+    url = "https://github.com/nix-community/impermanence/archive/master.tar.gz";
+  };
+in
+{
+  imports = [ "${impermanence}/nixos.nix" ];
+
+  environment.persistence."/persist" = {
+    enable = true; # NB: Defaults to true, not needed
+    hideMounts = true;
+    directories = [
+      # "/etc/NetworkManager/system-connections"
+      # {
+      #   directory = "/var/lib/colord";
+      #   user = "colord";
+      #   group = "colord";
+      #   mode = "u=rwx,g=rx,o=";
+      # }
+    ];
+    files = [
+      # "/etc/machine-id"
+      # {
+      #   file = "/var/keys/secret_file";
+      #   parentDirectory = {
+      #     mode = "u=rwx,g=,o=";
+      #   };
+      # }
+    ];
+    users.vili = {
+      # directories = [
+      #   "VirtualBox VMs"
+      #   {
+      #     directory = ".gnupg";
+      #     mode = "0700";
+      #   }
+      # ];
+      # files = [
+      #   ".screenrc"
+      # ];
+    };
+  };
+}

shared/users/vili.nix

@@ -11,7 +11,7 @@
       "audio"
     ];
     openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
-    hashedPasswordFile = "/root/hashed-passwords/vili";
+    hashedPasswordFile = "/persist/secrets/hashed-passwords/vili";
   };
 
   users.groups.vili.gid = 1000;