commit be23132d5447395ed3aeb8e7e3f469ea2a47fad1 Author: Vili Sinervä Date: Thu May 23 13:39:48 2024 +0300 Init diff --git a/base.nix b/base.nix new file mode 100644 index 0000000..6db6ba9 --- /dev/null +++ b/base.nix @@ -0,0 +1,128 @@ +#Basic system config +{ config, pkgs, ... }: +{ +#################### Packages #################### + environment.systemPackages = with pkgs; [ + rxvt-unicode-emoji + tmux + git + unison + nano + p7zip + tree + ]; + +#################### ZSH configuration #################### + users.defaultUserShell = pkgs.zsh; + environment.shells = with pkgs; [ zsh ]; + programs.zsh = { + enable = true; + autosuggestions.enable = true; + syntaxHighlighting.enable = true; + ohMyZsh = { + enable = true; + plugins = [ "history-substring-search" "tmux" ]; + theme = "af-magic"; + }; + interactiveShellInit = + '' + ZSH_TMUX_AUTOSTART=false + ZSH_TMUX_AUTOQUIT=false + ZSH_TMUX_CONFIG=/etc/tmux.conf + ''; + promptInit = + '' + if [ -n "$IN_NIX_SHELL" ]; then + setopt PROMPT_SUBST + RPROMPT+='[nix]' + fi + ''; + }; + + +#################### tmux configuration #################### + programs.tmux.enable = true; + programs.tmux.extraConfig = + '' + unbind C-b + set -g prefix M-w + bind M-w send-prefix + + bind s split-window -v + bind v split-window -h + + # Smart pane switching with awareness of Vim splits. + # bind -n C-i run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-i) || tmux select-pane -L" + # bind -n C-n run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-n) || tmux select-pane -D" + # bind -n C-e run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-e) || tmux select-pane -U" + # bind -n C-o run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-o) || tmux select-pane -R" + bind -n C-h run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-h) || tmux select-pane -L" + bind -n C-j run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-j) || tmux select-pane -D" + bind -n C-k run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-k) || tmux select-pane -U" + bind -n C-l run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-l) || tmux select-pane -R" + + bind -n C-Left select-pane -L + bind -n C-Right select-pane -R + bind -n C-Up select-pane -U + bind -n C-Down select-pane -D + + # resize panes more easily + # bind -r i resize-pane -L 10 + # bind -r n resize-pane -D 10 + # bind -r e resize-pane -U 10 + # bind -r o resize-pane -R 10 + bind -r h resize-pane -L 10 + bind -r j resize-pane -D 10 + bind -r k resize-pane -U 10 + bind -r l resize-pane -R 10 + + bind M-c attach -c "#{pane_current_path}" + + set -s escape-time 0 + # unbind -n tab + ''; + +#################### SSH configuration #################### + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = false; + users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium" ]; + +#################### BASE #################### + nixpkgs.config.allowUnfree = true; + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + users.mutableUsers = false; # Force all user management to happen throught nix-files + +# Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + services.xserver.layout = "us,"; + services.xserver.xkbVariant = "de_se_fi,"; + console = pkgs.lib.mkForce { + font = "Lat2-Terminus16"; + useXkbConfig = true; # use xkbOptions in tty. + }; + time.timeZone = "Europe/Helsinki"; + + +#################### Housekeeping #################### + system.autoUpgrade = { + enable = true; + dates = "04:00"; + randomizedDelaySec = "30min"; + }; + + nix = { + settings.auto-optimise-store = true; + gc = { + automatic = true; + options = "--delete-older-than 7d"; + dates = "05:00"; + randomizedDelaySec = "30min"; + }; + }; + +# Copy the NixOS configuration file and link it from the resulting system +# (/run/current-system/configuration.nix). This is useful in case you +# accidentally delete configuration.nix. + system.copySystemConfiguration = true; +} diff --git a/desktop.nix b/desktop.nix new file mode 100644 index 0000000..51b9454 --- /dev/null +++ b/desktop.nix @@ -0,0 +1,555 @@ +#Config for graphical desktop +{ config, pkgs, ... }: +let +i3status-conf = "${pkgs.writeText "i3status-conf" +'' +# i3status configuration file. +# see "man i3status" for documentation. + +# It is important that this file is edited as UTF-8. +# The following line should contain a sharp s: +# ß +# If the above line is not correctly displayed, fix your editor first! + +general { + output_format = "i3bar" + colors = true + interval = 5 + color_good = "#2AA198" + color_bad = "#586E75" + color_degraded = "#DC322F" +} + +order += "battery all" +order += "cpu_usage" +order += "memory" +order += "ethernet _first_" +order += "wireless _first_" +order += "disk /" +order += "tztime local" +order += "tztime helsinki" + +cpu_usage { + format = " CPU %usage " +} + +disk "/" { +# format = " hdd %avail " + format = " ⛁ %avail " +} + +ethernet _first_ { + format_up = " LAN: %ip " + format_down = " No LAN " +} + +wireless _first_ { + format_up = " %quality%essid: %ip " + format_down = "" +} + +battery all { +# format = "%status %percentage %remaining %emptytime" + format = " bat %status %percentage (%remaining left) " + format_down = "" + last_full_capacity = true + integer_battery_capacity = true +# status_chr = "" + status_chr = "⚡" +# status_bat = "bat" +# status_bat = "☉" +# status_bat = "" + status_bat = "" +# status_unk = "?" + status_unk = "" +# status_full = "" + status_full = "☻" + low_threshold = 30 + threshold_type = time +} + +memory { + format = " RAM %used / %total " + threshold_degraded = "10%" +} + +tztime local { + format = " %d.%m. %H:%M " +} + +tztime helsinki { + format = " (HEL %H:%M) " + timezone = "Europe/Helsinki" + hide_if_equals_localtime = true +} +''}"; +i3-conf = "${pkgs.writeText "i3config" +'' +# Set mod key (Mod1=, Mod4=) +set $mod Mod4 + +# Workspace names +# to display names or symbols instead of plain workspace numbers you can use +# something like: set $ws1 1:mail +# set $ws2 2: +set $ws1 1 +set $ws2 2 +set $ws3 3 +set $ws4 4 +set $ws5 5 +set $ws6 6 +set $ws7 7 +set $ws8 8 +set $ws9 9 +set $ws10 10 +set $ws11 11 +set $ws12 12 +set $ws13 13 +set $ws14 14 +set $ws15 15 +set $ws16 16 +set $ws17 17 +set $ws18 18 +set $ws19 19 +set $ws20 20 + +# switch to workspace +bindsym $mod+1 workspace $ws1 +bindsym $mod+2 workspace $ws2 +bindsym $mod+3 workspace $ws3 +bindsym $mod+4 workspace $ws4 +bindsym $mod+5 workspace $ws5 +bindsym $mod+6 workspace $ws6 +bindsym $mod+7 workspace $ws7 +bindsym $mod+8 workspace $ws8 +bindsym $mod+9 workspace $ws9 +bindsym $mod+0 workspace $ws10 +bindsym $mod+Mod1+1 workspace $ws11 +bindsym $mod+Mod1+2 workspace $ws12 +bindsym $mod+Mod1+3 workspace $ws13 +bindsym $mod+Mod1+4 workspace $ws14 +bindsym $mod+Mod1+5 workspace $ws15 +bindsym $mod+Mod1+6 workspace $ws16 +bindsym $mod+Mod1+7 workspace $ws17 +bindsym $mod+Mod1+8 workspace $ws18 +bindsym $mod+Mod1+9 workspace $ws19 +bindsym $mod+Mod1+0 workspace $ws20 + +# Move focused container to workspace +bindsym $mod+Ctrl+1 move container to workspace $ws1 +bindsym $mod+Ctrl+2 move container to workspace $ws2 +bindsym $mod+Ctrl+3 move container to workspace $ws3 +bindsym $mod+Ctrl+4 move container to workspace $ws4 +bindsym $mod+Ctrl+5 move container to workspace $ws5 +bindsym $mod+Ctrl+6 move container to workspace $ws6 +bindsym $mod+Ctrl+7 move container to workspace $ws7 +bindsym $mod+Ctrl+8 move container to workspace $ws8 +bindsym $mod+Ctrl+9 move container to workspace $ws9 +bindsym $mod+Ctrl+0 move container to workspace $ws10 +bindsym $mod+Mod1+Ctrl+1 move container to workspace $ws11 +bindsym $mod+Mod1+Ctrl+2 move container to workspace $ws12 +bindsym $mod+Mod1+Ctrl+3 move container to workspace $ws13 +bindsym $mod+Mod1+Ctrl+4 move container to workspace $ws14 +bindsym $mod+Mod1+Ctrl+5 move container to workspace $ws15 +bindsym $mod+Mod1+Ctrl+6 move container to workspace $ws16 +bindsym $mod+Mod1+Ctrl+7 move container to workspace $ws17 +bindsym $mod+Mod1+Ctrl+8 move container to workspace $ws18 +bindsym $mod+Mod1+Ctrl+9 move container to workspace $ws19 +bindsym $mod+Mod1+Ctrl+0 move container to workspace $ws20 + +# Move to workspace with focused container +bindsym $mod+Shift+1 move container to workspace $ws1; workspace $ws1 +bindsym $mod+Shift+2 move container to workspace $ws2; workspace $ws2 +bindsym $mod+Shift+3 move container to workspace $ws3; workspace $ws3 +bindsym $mod+Shift+4 move container to workspace $ws4; workspace $ws4 +bindsym $mod+Shift+5 move container to workspace $ws5; workspace $ws5 +bindsym $mod+Shift+6 move container to workspace $ws6; workspace $ws6 +bindsym $mod+Shift+7 move container to workspace $ws7; workspace $ws7 +bindsym $mod+Shift+8 move container to workspace $ws8; workspace $ws8 +bindsym $mod+Shift+9 move container to workspace $ws9; workspace $ws9 +bindsym $mod+Shift+0 move container to workspace $ws10; workspace $ws10 +bindsym $mod+Mod1+Shift+1 move container to workspace $ws11; workspace $ws11 +bindsym $mod+Mod1+Shift+2 move container to workspace $ws12; workspace $ws12 +bindsym $mod+Mod1+Shift+3 move container to workspace $ws13; workspace $ws13 +bindsym $mod+Mod1+Shift+4 move container to workspace $ws14; workspace $ws14 +bindsym $mod+Mod1+Shift+5 move container to workspace $ws15; workspace $ws15 +bindsym $mod+Mod1+Shift+6 move container to workspace $ws16; workspace $ws16 +bindsym $mod+Mod1+Shift+7 move container to workspace $ws17; workspace $ws17 +bindsym $mod+Mod1+Shift+8 move container to workspace $ws18; workspace $ws18 +bindsym $mod+Mod1+Shift+9 move container to workspace $ws19; workspace $ws19 +bindsym $mod+Mod1+Shift+0 move container to workspace $ws20; workspace $ws20 + +# Configure border style +default_border pixel 3 +default_floating_border normal + +# Hide borders +hide_edge_borders none + +# Font for window titles. Will also be used by the bar unless a different font +# is used in the bar {} block below. +font xft:URWGothic-Book 14 + +# Use Mouse+$mod to drag floating windows +floating_modifier $mod + +# start a terminal +bindsym $mod+Return exec urxvt + +# kill focused window +bindsym $mod+Shift+q kill + +# start program launcher +bindsym $mod+d exec --no-startup-id "rofi -theme 'Arc-Dark' -show combi -combi-modes 'run,ssh' -modes combi" + +# change focus +# bindsym $mod+i focus left +# bindsym $mod+n focus down +# bindsym $mod+e focus up +# bindsym $mod+o focus right +bindsym $mod+h focus left +bindsym $mod+j focus down +bindsym $mod+k focus up +bindsym $mod+l focus right +# MARK! + +# alternatively, you can use the cursor keys: +bindsym $mod+Left focus left +bindsym $mod+Down focus down +bindsym $mod+Up focus up +bindsym $mod+Right focus right + +# move focused window +# bindsym $mod+Shift+i move left +# bindsym $mod+Shift+n move down +# bindsym $mod+Shift+e move up +# bindsym $mod+Shift+o move right +bindsym $mod+Shift+h move left +bindsym $mod+Shift+j move down +bindsym $mod+Shift+k move up +bindsym $mod+Shift+l move right +# MARK! + +# alternatively, you can use the cursor keys: +bindsym $mod+Shift+Left move left +bindsym $mod+Shift+Down move down +bindsym $mod+Shift+Up move up +bindsym $mod+Shift+Right move right + +# split orientation +# bindsym $mod+h split h;exec notify-send 'tile horizontally' +bindsym $mod+e split h;exec notify-send 'tile horizontally' +# MARK! +bindsym $mod+v split v;exec notify-send 'tile vertically' + +# toggle fullscreen mode for the focused container +bindsym $mod+f fullscreen toggle + +# change container layout (stacked, tabbed, toggle split) +bindsym $mod+s layout stacking +bindsym $mod+w layout tabbed +# bindsym $mod+l layout toggle split +# MARK! + +# toggle tiling / floating +bindsym $mod+Shift+space floating toggle + +# change focus between tiling / floating windows +bindsym $mod+space focus mode_toggle + +# reload the configuration file +bindsym $mod+Shift+c reload + +# restart i3 inplace (preserves your layout/session, can be used to upgrade i3) +bindsym $mod+Shift+r restart + +# Resize window (you can also use the mouse for that) +bindsym $mod+r mode "resize" +mode "resize" { + bindsym h resize shrink width 5 px or 5 ppt + bindsym j resize grow height 5 px or 5 ppt + bindsym k resize shrink height 5 px or 5 ppt + bindsym l resize grow width 5 px or 5 ppt + # bindsym i resize shrink width 5 px or 5 ppt + # bindsym n resize grow height 5 px or 5 ppt + # bindsym e resize shrink height 5 px or 5 ppt + # bindsym o resize grow width 5 px or 5 ppt +# MARK! + +# same bindings, but for the arrow keys + bindsym Left resize shrink width 10 px or 10 ppt + bindsym Down resize grow height 10 px or 10 ppt + bindsym Up resize shrink height 10 px or 10 ppt + bindsym Right resize grow width 10 px or 10 ppt + +# exit resize mode: Enter or Escape + bindsym Return mode "default" + bindsym Escape mode "default" +} + +# Color palette used for the terminal ( ~/.Xresources file ) +# Colors are gathered based on the documentation: +# https://i3wm.org/docs/userguide.html#xresources +# Change the variable name at the place you want to match the color +# of your terminal like this: +# [example] +# If you want your bar to have the same background color as your +# terminal background change the line 362 from: +# background #14191D +# to: +# background $term_background +# Same logic applied to everything else. +set_from_resource $term_background background +set_from_resource $term_foreground foreground +set_from_resource $term_color0 color0 +set_from_resource $term_color1 color1 +set_from_resource $term_color2 color2 +set_from_resource $term_color3 color3 +set_from_resource $term_color4 color4 +set_from_resource $term_color5 color5 +set_from_resource $term_color6 color6 +set_from_resource $term_color7 color7 +set_from_resource $term_color8 color8 +set_from_resource $term_color9 color9 +set_from_resource $term_color10 color10 +set_from_resource $term_color11 color11 +set_from_resource $term_color12 color12 +set_from_resource $term_color13 color13 +set_from_resource $term_color14 color14 +set_from_resource $term_color15 color15 + +# Start i3bar to display a workspace bar (plus the system information i3status if available) +bar { + i3bar_command i3bar + status_command i3status + position bottom + +## please set your primary output first. Example: 'xrandr --output eDP1 --primary' + tray_output primary + + bindsym button4 nop + bindsym button5 nop + strip_workspace_numbers yes + + colors { + background #222D31 + statusline #F9FAF9 + separator #454947 + +# border backgr. text + focused_workspace #F9FAF9 #16a085 #292F34 + active_workspace #595B5B #353836 #FDF6E3 + inactive_workspace #595B5B #222D31 #EEE8D5 + binding_mode #16a085 #2C2C2C #F9FAF9 + urgent_workspace #16a085 #FDF6E3 #E5201D + } +} + +# Theme colors +# class border backgr. text indic. child_border +client.focused #556064 #556064 #80FFF9 #FDF6E3 +client.focused_inactive #2F3D44 #2F3D44 #1ABC9C #454948 +client.unfocused #2F3D44 #2F3D44 #1ABC9C #454948 +client.urgent #CB4B16 #FDF6E3 #1ABC9C #268BD2 +client.placeholder #000000 #0c0c0c #ffffff #000000 + +client.background #2B2C2B + +############################# +### settings for i3-gaps: ### +############################# + +# Set inner/outer gaps +gaps inner 2 +gaps outer 0 + +# Smart gaps (gaps used if only more than one container on the workspace) +smart_gaps on + +# Smart borders (draw borders around container only if it is not the only container on this workspace) +smart_borders on + +# Screen brightness controls +bindcode 232 exec brightnessctl set 5%- +bindcode 233 exec --no-startup-id brightnessctl set 5%+ + +exec --no-startup-id nm-applet --sm-disable +''}"; +Xresources = "${pkgs.writeText "Xresources" '' +Xft.dpi: 96 +Xft.antialias: true +Xft.hinting: true +Xft.rgba: rgb +Xft.autohint: false +Xft.hintstyle: hintslight +Xft.lcdfilter: lcddefault + +XTerm*background: #222D31 +XTerm*foreground: #d8d8d8 +XTerm*pointerColor: #1ABB9B +XTerm*faceName: Fixed +XTerm*faceSize: 11 +XTerm*reverseVideo: on +XTerm*selectToClipboard: true + +*background: #222D31 +*foreground: #d8d8d8 +*fading: 8 +*fadeColor: black +*cursorColor: #1ABB9B +*pointerColorBackground: #2B2C2B +*pointerColorForeground: #16A085 + +!! black dark/light +*color0: #222D31 +*color8: #585858 + +!! red dark/light +*color1: #ab4642 +*color9: #ab4642 + +!! green dark/light +*color2: #7E807E +*color10: #8D8F8D + +!! yellow dark/light +*color3: #f7ca88 +*color11: #f7ca88 + +!! blue dark/light +*color4: #7cafc2 +*color12: #7cafc2 + +!! magenta dark/light +*color5: #ba8baf +*color13: #ba8baf + +!! cyan dark/light +*color6: #1ABB9B +*color14: #1ABB9B + +!! white dark/light +*color7: #d8d8d8 +*color15: #f8f8f8 + +Xcursor.theme: xcursor-breeze +Xcursor.size: 0 + +URxvt.font: 9x15,xft:TerminessTTFNerdFontMono + +! alternative font settings with 'terminus': +! URxvt.font: -xos4-terminus-medium-r-normal--16-160-72-72-c-80-iso10646-1 +! URxvt.bold.font: -xos4-terminus-bold-r-normal--16-160-72-72-c-80-iso10646-1 +!! terminus names see end of file! + +URxvt.depth: 32 +URxvt.background: [100]#0f0f0f +URxvt.foreground: #a0a0a0 +URxvt*scrollBar: false +URxvt*mouseWheelScrollPage: false +URxvt*cursorBlink: true +URxvt*background: black +URxvt*saveLines: 5000 + +! for 'fake' transparency (without Compton) uncomment the following three lines +! URxvt*inheritPixmap: true +! URxvt*transparent: true +! URxvt*shading: 138 + +! Normal copy-paste keybindings without perls +URxvt.iso14755: false +URxvt.keysym.Shift-Control-V: eval:paste_clipboard +URxvt.keysym.Shift-Control-C: eval:selection_to_clipboard +!Xterm escape codes, word by word movement +URxvt.keysym.Control-Left: \033[1;5D +URxvt.keysym.Shift-Control-Left: \033[1;6D +URxvt.keysym.Control-Right: \033[1;5C +URxvt.keysym.Shift-Control-Right: \033[1;6C +URxvt.keysym.Control-Up: \033[1;5A +URxvt.keysym.Shift-Control-Up: \033[1;6A +URxvt.keysym.Control-Down: \033[1;5B +URxvt.keysym.Shift-Control-Down: \033[1;6B +''}"; +in +{ + environment.systemPackages = with pkgs; [ + i3status rofi arandr btop + firefox + telegram-desktop + signal-desktop discord + tidal-hifi vlc pavucontrol viewnior + xfce.mousepad pcmanfm libreoffice evince + brightnessctl networkmanagerapplet + zotero + flameshot + speedcrunch + ]; + + services = { + xserver = { + enable = true; + displayManager = { + defaultSession = "none+i3"; + lightdm.enable = true; + autoLogin.enable = true; + autoLogin.user = "vili"; + sessionCommands = ''${pkgs.xorg.xrdb}/bin/xrdb -merge < ${Xresources}''; + }; + windowManager.i3 = { + enable = true; + configFile = i3-conf; + }; + }; + + printing.enable = true; + avahi = { + enable = true; + nssmdns = true; + openFirewall = true; + }; + }; + + nixpkgs.config.pulseaudio = true; + hardware.pulseaudio.enable = true; + + programs.firefox = { + preferences = { + "media.ffmpeg.vaapi.enabled" = true; + }; + enable = true; + preferencesStatus = "locked"; + policies = { + ExtensionSettings = { + "*".installation_mode = "blocked"; + "{446900e4-71c2-419f-a6a7-df9c091e268b}" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi"; + installation_mode = "force_installed"; + }; + }; + }; + }; + + qt = { + enable = true; + style = "breeze"; + }; + + systemd.services.i3statusSymlink = { + wantedBy = [ "multi-user.target" ]; + description = "Symlink for i3status"; + serviceConfig = { + Type = "oneshot"; + User = "vili"; + ExecStartPre = ''${pkgs.coreutils-full}/bin/mkdir -p /home/vili/.config/i3status''; + ExecStart = ''${pkgs.coreutils-full}/bin/ln -sf ${i3status-conf} /home/vili/.config/i3status/config''; + }; + }; + + xdg.mime.defaultApplications = { + "application/pdf" = "org.gnome.Evince.desktop"; + "text/plain" = "org.xfce.mousepad.desktop"; + "inode/directory" = "pcmanfm.description"; + }; + + security.polkit.enable = true; +} diff --git a/development.nix b/development.nix new file mode 100644 index 0000000..c517268 --- /dev/null +++ b/development.nix @@ -0,0 +1,161 @@ +#Development setup +{ config, pkgs, ... }: +{ +#################### Git configuration #################### + programs.git = { + enable = true; + lfs.enable = true; + config = { + user = { + email = "vili.m.sinerva@gmail.com"; + name = "Vili Sinervä"; + }; + merge = { + ff = "true"; + }; + pull = { + ff = "only"; + }; + }; + }; + +#################### Packages #################### + environment.systemPackages = with pkgs; [ + cmake + gnumake + gcc + gdb + nodejs-slim + clang clang-tools clang-analyzer + docker-compose docker + python311 + python311Packages.pip + pypy3 + rustup + ]; + +#################### Neovim configuration #################### + programs.neovim = { + enable = true; + defaultEditor = true; + viAlias = true; + vimAlias = true; + configure = { + packages.myVimPackage = with pkgs.vimPlugins; { + start = [ nerdtree nerdtree-git-plugin + vim-gitgutter vim-fugitive vim-tmux-navigator + coc-nvim coc-pairs + coc-clangd coc-cmake + coc-docker + coc-json + coc-ltex + coc-markdownlint + coc-sh + coc-toml + coc-yaml + coc-pyright + coc-tsserver + coc-rust-analyzer + ]; + }; + customRC = + let + coc-config = "${pkgs.writeTextDir "coc-settings.json" +'' +{ + "workspace.ignoredFolders": [ + "$HOME", + "$HOME/.cargo/**", + "$HOME/.rustup/**" + ], + rust-analyzer.inlayHints.bindingModeHints.enable: true, + rust-analyzer.inlayHints.closureReturnTypeHints.enable: "always", + rust-analyzer.inlayHints.discriminantHints.enable: "always", + rust-analyzer.inlayHints.expressionAdjustmentHints.enable: "always", + rust-analyzer.inlayHints.expressionAdjustmentHints.hideOutsideUnsafe: true, + rust-analyzer.inlayHints.lifetimeElisionHints.enable: "always", + rust-analyzer.inlayHints.lifetimeElisionHints.useParameterNames: true +} +''}"; + + in + '' + syntax on + set foldmethod=syntax + + set number + " set relativenumber + set colorcolumn=100 + set signcolumn=yes + let NERDTreeShowLineNumbers=1 + + set background=dark + + set showcmd + set scrolloff=16 + + filetype plugin indent on + set autoindent + set shiftwidth=3 + set tabstop=3 + + + " Some servers have issues with backup files, see #649 + set nobackup + set nowritebackup + " Having longer updatetime (default is 4000 ms = 4s) leads to noticeable + " delays and poor user experience + set updatetime=300 + + + " Make to accept selected completion item or notify coc.nvim to format + " u breaks current undo, please make your own choice. + inoremap coc#pum#visible() ? coc#pum#confirm() + \: "\u\\=coc#on_enter()\" + " Navigate suggestion list with tab and shift-tab + inoremap coc#pum#visible() ? coc#pum#next(1) : "\" + inoremap coc#pum#visible() ? coc#pum#prev(1) : "\" + + " If another buffer tries to replace NERDTree, put it in the other window, and bring back NERDTree. + autocmd BufEnter * if winnr() == winnr('h') && bufname('#') =~ 'NERD_tree_\d\+' && bufname('%') !~ 'NERD_tree_\d\+' && winnr('$') > 1 | + \ let buf=bufnr() | buffer# | execute "normal! \w" | execute 'buffer'.buf | endif + + " Start NERDTree. If a file is specified, move the cursor to its window. + autocmd StdinReadPre * let s:std_in=1 + autocmd VimEnter * NERDTree | if argc() > 0 || exists('s:std_in') | wincmd p | endif + + let g:coc_filetype_map = {'tex': 'latex'} + let g:coc_config_home = "${coc-config}" + + let g:tmux_navigator_no_mappings = 1 + " noremap :TmuxNavigateLeft + " noremap :TmuxNavigateDown + " noremap :TmuxNavigateUp + " noremap :TmuxNavigateRight + noremap :TmuxNavigateLeft + noremap :TmuxNavigateDown + noremap :TmuxNavigateUp + noremap :TmuxNavigateRight + + + " Noremap i h + " Noremap + " Noremap n j + " Noremap + " Noremap e k + " Noremap + " Noremap o l + " Noremap + " Noremap h i + " Noremap + " Noremap l o + " Noremap + " Noremap j e + " Noremap + " Nnoremap k n + " Nnoremap + " Let NERDTreeMapOpenExpl='\e' + ''; + }; + }; +} diff --git a/machine-confs/helium.nix b/machine-confs/helium.nix new file mode 100644 index 0000000..b97fdb4 --- /dev/null +++ b/machine-confs/helium.nix @@ -0,0 +1,185 @@ +{ config, pkgs, lib, ... }: +let +unison-conf = "${pkgs.writeText "unison-conf" +'' +root = /home/vili +root = ssh://nixos-cpu.vsinerva.fi//home/vili + +watch = true +repeat = watch +prefer = newer +diff = diff -y -W 79 --suppress-common-lines +copyprog = rsync --inplace --compress +copyprogrest = rsync --partial --inplace --compress sshargs = -C + +path = Desktop +path = Documents +path = Downloads +path = Music +path = Pictures +path = Projects +path = Public +path = School +path = Templates +path = Videos +path = Zotero +''}"; +in +{ + networking = { + hostName = "helium"; + firewall.allowedUDPPorts = [ 51820 51821 ]; + wg-quick.interfaces = { + wg0 = { + autostart = false; + address = [ "172.16.0.2/24" ]; + dns = [ "192.168.0.1" "vsinerva.fi" ]; + privateKeyFile = "/root/wireguard-keys/privatekey-home"; + listenPort = 51820; + + peers = [ + { + publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34="; + allowedIPs = [ "0.0.0.0/0" ]; + endpoint = "wg.vsinerva.fi:51820"; + } + ]; + }; + wg1 = { + autostart = false; + address = [ "10.100.0.7/24" ]; + dns = [ "1.1.1.1" ]; + privateKeyFile = "/root/wireguard-keys/privatekey-netflix"; + listenPort = 51821; + + peers = [ + { + publicKey = "XSYHg0utIR1j7kRsWFwuWNo4RPD47KP53cVa6qDPtRE="; + allowedIPs = [ "0.0.0.0/0" "192.168.0.0/24" ]; + endpoint = "netflix.vsinerva.fi:51821"; + } + ]; + }; + }; + }; + + nix.settings = { + cores = 3; + max-jobs = 4; + }; + + imports = [ + /mnt/nixos-conf/base.nix + /mnt/nixos-conf/vili.nix + /mnt/nixos-conf/desktop.nix + /mnt/nixos-conf/development.nix + /mnt/nixos-conf/machine-confs/libinput.nix + ]; + disabledModules = [ "services/x11/hardware/libinput.nix" ]; + + nixpkgs.overlays = + [ + (final: prev: + { + moonlight-qt = prev.moonlight-qt.overrideAttrs (old: { + patches = (old.patches or []) ++ [ ./mouse-accel.patch ]; + }); + }) + ]; + + environment.systemPackages = with pkgs; [ + zenmonitor moonlight-qt parsec-bin via + ]; + + systemd.services = { + unisonConfSymlink = { + wantedBy = [ "multi-user.target" ]; + description = "Symlink for unison conf"; + serviceConfig = { + Type = "oneshot"; + User = "vili"; + ExecStartPre = ''${pkgs.coreutils-full}/bin/mkdir -p /home/vili/.unison''; + ExecStart = ''${pkgs.coreutils-full}/bin/ln -sf ${unison-conf} /home/vili/.unison/cpu.prf''; + }; + }; + unisonSync = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + description = "unison filesync"; + serviceConfig = { + Type = "exec"; + User = "vili"; + ExecStart = ''${pkgs.unison}/bin/unison -sshcmd ${pkgs.openssh}/bin/ssh cpu''; + }; + }; + }; + + +# HARDWARE SPECIFIC + boot.initrd.kernelModules = [ "amdgpu" ]; + hardware = { + opengl.extraPackages = with pkgs; [ + rocmPackages.clr.icd + ]; + logitech.wireless = { + enable = true; + enableGraphical = true; + }; + }; + + services = { + xserver = { + videoDrivers = [ "amdgpu" "modesetting" ]; + deviceSection = '' + Option "DRI" "2" + Option "TearFree" "true" + ''; + + displayManager.setupCommands = '' + ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360 + ''; + }; + + libinput.mouse = { + accelProfile = "custom"; + accelPointsMotion = [ 0.00000 0.02000 0.04000 0.06000 0.08000 0.10000 0.12000 0.14000 0.16000 0.18000 0.20000 0.25250 0.31000 0.37250 0.44000 0.51250 0.59000 0.67250 0.76000 0.85250 0.95000 1.15500 1.37000 1.59500 1.83000 2.07500 2.33000 2.59500 2.87000 3.15500 3.45000 3.75500 4.07000 4.39500 4.73000 5.07500 5.43000 5.79500 6.17000 6.55500 6.95000 7.35500 7.77000 8.19500 8.63000 9.07500 9.53000 9.99500 10.47000 10.95500 11.45000 11.95000 ]; + accelStepMotion = 0.05; +# accelPointsFallback = [ 0.0 10 ]; +# accelPointsMotion = [ 0.0 20 ]; +# accelPointsScroll = [ 0.0 30 ]; +# accelStepFallback = 0.01; +# accelStepMotion = 0.02; +# accelStepScroll = 0.03; + }; + + redshift = { + executable = "/bin/redshift-gtk"; + enable = true; + temperature = { + night = 2800; + day = 6500; + }; + brightness = { + night = "0.5"; + day = "1"; + }; + }; + + devmon.enable = true; + gvfs.enable = true; + udisks2.enable = true; + }; + location = { + latitude = 60.17; + longitude = 24.94; + }; + +# Keychron Q11 + services.udev.extraRules = '' + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="01e0", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" + ''; + +# Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; +} diff --git a/machine-confs/libinput.nix b/machine-confs/libinput.nix new file mode 100644 index 0000000..d79055c --- /dev/null +++ b/machine-confs/libinput.nix @@ -0,0 +1,370 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let cfg = config.services.libinput; + + xorgBool = v: if v then "on" else "off"; + + mkConfigForDevice = deviceType: { + dev = mkOption { + type = types.nullOr types.str; + default = null; + example = "/dev/input/event0"; + description = '' + Path for ${deviceType} device. Set to `null` to apply to any + auto-detected ${deviceType}. + ''; + }; + + accelProfile = mkOption { + type = types.enum [ "flat" "adaptive" "custom" ]; + default = "adaptive"; + example = "flat"; + description = '' + Sets the pointer acceleration profile to the given profile. + Permitted values are `adaptive`, `flat`, `custom`. + Not all devices support this option or all profiles. + If a profile is unsupported, the default profile for this is used. + `flat`: Pointer motion is accelerated by a constant + (device-specific) factor, depending on the current speed. + `adaptive`: Pointer acceleration depends on the input speed. + This is the default profile for most devices. + `custom`: Allows the user to define a custom acceleration function. + To define custom functions use the accelPoints + and accelStep options. + ''; + }; + + accelSpeed = mkOption { + type = types.nullOr types.str; + default = null; + example = "-0.5"; + description = '' + Cursor acceleration (how fast speed increases from minSpeed to maxSpeed). + This only applies to the flat or adaptive profile. + ''; + }; + + accelPointsFallback = mkOption { + type = types.nullOr (types.listOf types.number); + default = null; + example = [ 0.0 1.0 2.4 2.5 ]; + description = '' + Sets the points of the fallback acceleration function. The value must be a list of + floating point non-negative numbers. This only applies to the custom profile. + ''; + }; + + accelPointsMotion = mkOption { + type = types.nullOr (types.listOf types.number); + default = null; + example = [ 0.0 1.0 2.4 2.5 ]; + description = '' + Sets the points of the (pointer) motion acceleration function. The value must be a + list of floating point non-negative numbers. This only applies to the custom profile. + ''; + }; + + accelPointsScroll = mkOption { + type = types.nullOr (types.listOf types.number); + default = null; + example = [ 0.0 1.0 2.4 2.5 ]; + description = '' + Sets the points of the scroll acceleration function. The value must be a list of + floating point non-negative numbers. This only applies to the custom profile. + ''; + }; + + accelStepFallback = mkOption { + type = types.nullOr types.number; + default = null; + example = 0.1; + description = '' + Sets the step between the points of the fallback acceleration function. When a step of + 0.0 is provided, libinput's Fallback acceleration function is used. This only applies + to the custom profile. + ''; + }; + + accelStepMotion = mkOption { + type = types.nullOr types.number; + default = null; + example = 0.1; + description = '' + Sets the step between the points of the (pointer) motion acceleration function. When a + step of 0.0 is provided, libinput's Fallback acceleration function is used. This only + applies to the custom profile. + ''; + }; + + accelStepScroll = mkOption { + type = types.nullOr types.number; + default = null; + example = 0.1; + description = '' + Sets the step between the points of the scroll acceleration function. When a step of + 0.0 is provided, libinput's Fallback acceleration function is used. This only applies + to the custom profile. + ''; + }; + + buttonMapping = mkOption { + type = types.nullOr types.str; + default = null; + example = "1 6 3 4 5 0 7"; + description = '' + Sets the logical button mapping for this device, see XSetPointerMapping(3). The string must + be a space-separated list of button mappings in the order of the logical buttons on the + device, starting with button 1. The default mapping is "1 2 3 ... 32". A mapping of 0 deac‐ + tivates the button. Multiple buttons can have the same mapping. Invalid mapping strings are + discarded and the default mapping is used for all buttons. Buttons not specified in the + user's mapping use the default mapping. See section BUTTON MAPPING for more details. + ''; + }; + + calibrationMatrix = mkOption { + type = types.nullOr types.str; + default = null; + example = "0.5 0 0 0 0.8 0.1 0 0 1"; + description = '' + A string of 9 space-separated floating point numbers. Sets the calibration matrix to the + 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi). + ''; + }; + + clickMethod = mkOption { + type = types.nullOr (types.enum [ "none" "buttonareas" "clickfinger" ]); + default = null; + example = "buttonareas"; + description = '' + Enables a click method. Permitted values are `none`, + `buttonareas`, `clickfinger`. + Not all devices support all methods, if an option is unsupported, + the default click method for this device is used. + ''; + }; + + leftHanded = mkOption { + type = types.bool; + default = false; + description = "Enables left-handed button orientation, i.e. swapping left and right buttons."; + }; + + middleEmulation = mkOption { + type = types.bool; + default = true; + description = '' + Enables middle button emulation. When enabled, pressing the left and right buttons + simultaneously produces a middle mouse button click. + ''; + }; + + naturalScrolling = mkOption { + type = types.bool; + default = false; + description = "Enables or disables natural scrolling behavior."; + }; + + scrollButton = mkOption { + type = types.nullOr types.int; + default = null; + example = 1; + description = '' + Designates a button as scroll button. If the ScrollMethod is button and the button is logically + held down, x/y axis movement is converted into scroll events. + ''; + }; + + scrollMethod = mkOption { + type = types.enum [ "twofinger" "edge" "button" "none" ]; + default = "twofinger"; + example = "edge"; + description = '' + Specify the scrolling method: `twofinger`, `edge`, + `button`, or `none` + ''; + }; + + horizontalScrolling = mkOption { + type = types.bool; + default = true; + description = '' + Enables or disables horizontal scrolling. When disabled, this driver will discard any + horizontal scroll events from libinput. This does not disable horizontal scroll events + from libinput; it merely discards the horizontal axis from any scroll events. + ''; + }; + + sendEventsMode = mkOption { + type = types.enum [ "disabled" "enabled" "disabled-on-external-mouse" ]; + default = "enabled"; + example = "disabled"; + description = '' + Sets the send events mode to `disabled`, `enabled`, + or `disabled-on-external-mouse` + ''; + }; + + tapping = mkOption { + type = types.bool; + default = true; + description = '' + Enables or disables tap-to-click behavior. + ''; + }; + + tappingButtonMap = mkOption { + type = types.nullOr (types.enum [ "lrm" "lmr" ]); + default = null; + description = '' + Set the button mapping for 1/2/3-finger taps to left/right/middle or left/middle/right, respectively. + ''; + }; + + tappingDragLock = mkOption { + type = types.bool; + default = true; + description = '' + Enables or disables drag lock during tapping behavior. When enabled, a finger up during tap- + and-drag will not immediately release the button. If the finger is set down again within the + timeout, the dragging process continues. + ''; + }; + + transformationMatrix = mkOption { + type = types.nullOr types.str; + default = null; + example = "0.5 0 0 0 0.8 0.1 0 0 1"; + description = '' + A string of 9 space-separated floating point numbers. Sets the transformation matrix to + the 3x3 matrix where the first row is (abc), the second row is (def) and the third row is (ghi). + ''; + }; + + disableWhileTyping = mkOption { + type = types.bool; + default = false; + description = '' + Disable input method while typing. + ''; + }; + + additionalOptions = mkOption { + type = types.lines; + default = ""; + example = + '' + Option "DragLockButtons" "L1 B1 L2 B2" + ''; + description = '' + Additional options for libinput ${deviceType} driver. See + {manpage}`libinput(4)` + for available options."; + ''; + }; + }; + + mkX11ConfigForDevice = deviceType: matchIs: '' + Identifier "libinput ${deviceType} configuration" + MatchDriver "libinput" + MatchIs${matchIs} "${xorgBool true}" + ${optionalString (cfg.${deviceType}.dev != null) ''MatchDevicePath "${cfg.${deviceType}.dev}"''} + Option "AccelProfile" "${cfg.${deviceType}.accelProfile}" + ${optionalString (cfg.${deviceType}.accelSpeed != null) ''Option "AccelSpeed" "${cfg.${deviceType}.accelSpeed}"''} + ${optionalString (cfg.${deviceType}.accelPointsFallback != null) ''Option "AccelPointsFallback" "${toString cfg.${deviceType}.accelPointsFallback}"''} + ${optionalString (cfg.${deviceType}.accelPointsMotion != null) ''Option "AccelPointsMotion" "${toString cfg.${deviceType}.accelPointsMotion}"''} + ${optionalString (cfg.${deviceType}.accelPointsScroll != null) ''Option "AccelPointsScroll" "${toString cfg.${deviceType}.accelPointsScroll}"''} + ${optionalString (cfg.${deviceType}.accelStepFallback != null) ''Option "AccelStepFallback" "${toString cfg.${deviceType}.accelStepFallback}"''} + ${optionalString (cfg.${deviceType}.accelStepMotion != null) ''Option "AccelStepMotion" "${toString cfg.${deviceType}.accelStepMotion}"''} + ${optionalString (cfg.${deviceType}.accelStepScroll != null) ''Option "AccelStepScroll" "${toString cfg.${deviceType}.accelStepScroll}"''} + ${optionalString (cfg.${deviceType}.buttonMapping != null) ''Option "ButtonMapping" "${cfg.${deviceType}.buttonMapping}"''} + ${optionalString (cfg.${deviceType}.calibrationMatrix != null) ''Option "CalibrationMatrix" "${cfg.${deviceType}.calibrationMatrix}"''} + ${optionalString (cfg.${deviceType}.transformationMatrix != null) ''Option "TransformationMatrix" "${cfg.${deviceType}.transformationMatrix}"''} + ${optionalString (cfg.${deviceType}.clickMethod != null) ''Option "ClickMethod" "${cfg.${deviceType}.clickMethod}"''} + Option "LeftHanded" "${xorgBool cfg.${deviceType}.leftHanded}" + Option "MiddleEmulation" "${xorgBool cfg.${deviceType}.middleEmulation}" + Option "NaturalScrolling" "${xorgBool cfg.${deviceType}.naturalScrolling}" + ${optionalString (cfg.${deviceType}.scrollButton != null) ''Option "ScrollButton" "${toString cfg.${deviceType}.scrollButton}"''} + Option "ScrollMethod" "${cfg.${deviceType}.scrollMethod}" + Option "HorizontalScrolling" "${xorgBool cfg.${deviceType}.horizontalScrolling}" + Option "SendEventsMode" "${cfg.${deviceType}.sendEventsMode}" + Option "Tapping" "${xorgBool cfg.${deviceType}.tapping}" + ${optionalString (cfg.${deviceType}.tappingButtonMap != null) ''Option "TappingButtonMap" "${cfg.${deviceType}.tappingButtonMap}"''} + Option "TappingDragLock" "${xorgBool cfg.${deviceType}.tappingDragLock}" + Option "DisableWhileTyping" "${xorgBool cfg.${deviceType}.disableWhileTyping}" + ${cfg.${deviceType}.additionalOptions} + ''; +in { + + imports = + (map (option: mkRenamedOptionModule ([ "services" "xserver" "libinput" option ]) [ "services" "libinput" "touchpad" option ]) [ + "accelProfile" + "accelSpeed" + "buttonMapping" + "calibrationMatrix" + "clickMethod" + "leftHanded" + "middleEmulation" + "naturalScrolling" + "scrollButton" + "scrollMethod" + "horizontalScrolling" + "sendEventsMode" + "tapping" + "tappingButtonMap" + "tappingDragLock" + "transformationMatrix" + "disableWhileTyping" + "additionalOptions" + ]) ++ [ + (mkRenamedOptionModule [ "services" "xserver" "libinput" "enable" ] [ "services" "libinput" "enable" ]) + (mkRenamedOptionModule [ "services" "xserver" "libinput" "mouse" ] [ "services" "libinput" "mouse" ]) + (mkRenamedOptionModule [ "services" "xserver" "libinput" "touchpad" ] [ "services" "libinput" "touchpad" ]) + ]; + + options = { + + services.libinput = { + enable = mkEnableOption "libinput" // { + default = config.services.xserver.enable; + defaultText = lib.literalExpression "config.services.xserver.enable"; + }; + mouse = mkConfigForDevice "mouse"; + touchpad = mkConfigForDevice "touchpad"; + }; + }; + + + config = mkIf cfg.enable { + + services.xserver.modules = [ pkgs.xorg.xf86inputlibinput ]; + + environment.systemPackages = [ pkgs.xorg.xf86inputlibinput ]; + + environment.etc = + let cfgPath = "X11/xorg.conf.d/40-libinput.conf"; + in { + ${cfgPath} = { + source = pkgs.xorg.xf86inputlibinput.out + "/share/" + cfgPath; + }; + }; + + services.udev.packages = [ pkgs.libinput.out ]; + + services.xserver.inputClassSections = [ + (mkX11ConfigForDevice "mouse" "Pointer") + (mkX11ConfigForDevice "touchpad" "Touchpad") + ]; + + assertions = [ + # already present in synaptics.nix + /* { + assertion = !config.services.xserver.synaptics.enable; + message = "Synaptics and libinput are incompatible, you cannot enable both (in services.xserver)."; + } */ + ]; + + }; + +} diff --git a/machine-confs/mouse-accel.patch b/machine-confs/mouse-accel.patch new file mode 100644 index 0000000..fa89fb1 --- /dev/null +++ b/machine-confs/mouse-accel.patch @@ -0,0 +1,13 @@ +diff --git a/app/streaming/input/input.cpp b/app/streaming/input/input.cpp +index fb11938b..5c0eb22e 100644 +--- a/app/streaming/input/input.cpp ++++ b/app/streaming/input/input.cpp +@@ -47,7 +47,7 @@ SdlInputHandler::SdlInputHandler(StreamingPreferences& prefs, int streamWidth, i + // Otherwise, we'll use raw input capture which is straight from the device + // without modification by the OS. + SDL_SetHintWithPriority(SDL_HINT_MOUSE_RELATIVE_MODE_WARP, +- prefs.absoluteMouseMode ? "1" : "0", ++ prefs.absoluteMouseMode ? "1" : "1", + SDL_HINT_OVERRIDE); + + #if !SDL_VERSION_ATLEAST(2, 0, 15) diff --git a/machine-confs/nixos-cpu.nix b/machine-confs/nixos-cpu.nix new file mode 100644 index 0000000..b52b373 --- /dev/null +++ b/machine-confs/nixos-cpu.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: +{ + networking.hostName = "nixos-cpu"; + + imports = [ + /mnt/nixos-conf/base.nix + /mnt/nixos-conf/development.nix + /mnt/nixos-conf/vili.nix + ]; + +# HARDWARE SPECIFIC + + services.qemuGuest.enable = true; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + +} diff --git a/machine-confs/vaultwarden.nix b/machine-confs/vaultwarden.nix new file mode 100644 index 0000000..736cf62 --- /dev/null +++ b/machine-confs/vaultwarden.nix @@ -0,0 +1,17 @@ +{ config, pkgs, ... }: +{ + networking.hostName = "vaultwarden"; + + imports = [ + /mnt/nixos-conf/base.nix + /mnt/nixos-conf/vaultwarden.nix + ]; + +# HARDWARE SPECIFIC + + services.qemuGuest.enable = true; + +# Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; +} diff --git a/machine-confs/wg-rpi-configuration.nix b/machine-confs/wg-rpi-configuration.nix new file mode 100644 index 0000000..43dd8ba --- /dev/null +++ b/machine-confs/wg-rpi-configuration.nix @@ -0,0 +1,149 @@ +{ config, pkgs, lib, ... }: +let + SSID = "ENTER_SSID"; + SSIDpassword = "ENTER_PASSWORD"; + interface = "wlan0"; + wg_interface = "end0"; + hostname = "netflix-huijaus"; + ssh-authorizedKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium"; + ddPassFile = "/root/wg-conf/ddPassFile"; +in { + +environment.systemPackages = with pkgs; [ vim wireguard-tools qrencode ]; + + # enable NAT + networking.nat.enable = true; + networking.nat.externalInterface = wg_interface; + networking.nat.internalInterfaces = [ "wg0" ]; + networking.firewall = { + allowedUDPPorts = [ 51821 ]; + }; + + networking.wireguard.interfaces = { + # "wg0" is the network interface name. You can name the interface arbitrarily. + wg0 = { + # Determines the IP address and subnet of the server's end of the tunnel interface. + ips = [ "10.100.0.1/24" ]; + + # The port that WireGuard listens to. Must be accessible by the client. + listenPort = 51821; + + # This allows the wireguard server to route your traffic to the internet and hence be like a VPN + # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients + postSetup = '' +${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE + ''; + + # This undoes the above command + postShutdown = '' +${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE + ''; + + + # Path to the private key file. + # + # Note: The private key can also be included inline via the privateKey option, + # but this makes the private key world-readable; thus, using privateKeyFile is + # recommended. + privateKeyFile = "/root/wg-conf/private"; + + peers = [ + { # Vili Android + publicKey = "niKpC3+Pi4HrYITlzROzqRcxzfzRw1rjpxeJVOr/WAw="; + allowedIPs = [ "10.100.0.2/32" ]; + } + { # Miika Puhelin + publicKey = "mcOs94W9jqn3SGgc8uWbnmUv0tja/P6tAvaCg3WYKlY="; + allowedIPs = [ "10.100.0.3/32" ]; + } + { # Miika Kone + publicKey = "7m7wnwNlmxZfUNvUOYNh4mTNbOsig7z2K/svUhDHFDY="; + allowedIPs = [ "10.100.0.4/32" ]; + } + { # Silja Puhelin + publicKey = "f6wWd6KD63xwnKkre/ZgZxPJv9GfAXK9Zx/EQEq8cik="; + allowedIPs = [ "10.100.0.5/32" ]; + } + { # Silja Kone + publicKey = "t9cmHc6/+0njdzsTFnnhEGKfhCa2VXFrTH9hF1jOCXw="; + allowedIPs = [ "10.100.0.6/32" ]; + } + { # Vili helium + publicKey = "iGO375NT9EK5LH+E9vjPRRJp+UM4rZ2d1RMVR3f5R0c="; + allowedIPs = [ "10.100.0.7/32" ]; + } + ]; + }; + }; + +services.ddclient = { + enable = true; + domains = [ "netflood.ddnsfree.com" ]; + use = "web, web=checkip.dynu.com/, web-skip='IP Address'"; + server = "api.dynu.com"; + username = "VSinerva"; + passwordFile = ddPassFile; +}; +#################### EVERYTHING BELOW THIS SHOULD NOT NEED TO CHANGE #################### + + boot = { + kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; + initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + options = [ "noatime" ]; + }; + }; + + networking = { + hostName = hostname; + wireless = { + enable = false; + networks."${SSID}".psk = SSIDpassword; + interfaces = [ interface ]; + }; + }; + +#################### SSH configuration #################### + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = false; + users.users.root.openssh.authorizedKeys.keys = [ ssh-authorizedKey ]; + +#################### BASE #################### + users.mutableUsers = false; + users.users.root.hashedPassword = "!"; + + nixpkgs.config.allowUnfree = true; + +# Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + services.xserver.layout = "us,"; + services.xserver.xkbVariant = "de_se_fi,"; + console = pkgs.lib.mkForce { + font = "Lat2-Terminus16"; + useXkbConfig = true; # use xkbOptions in tty. + }; + time.timeZone = "Europe/Helsinki"; + +#################### Housekeeping #################### + system.autoUpgrade.enable = true; + nix.gc.automatic = true; + nix.gc.options = "--delete-older-than 7d"; + nix.gc.dates = "weekly"; + +# Copy the NixOS configuration file and link it from the resulting system +# (/run/current-system/configuration.nix). This is useful in case you +# accidentally delete configuration.nix. + system.copySystemConfiguration = true; + + hardware.enableRedistributableFirmware = true; + system.stateVersion = "23.11"; +} diff --git a/nextcloud.nix b/nextcloud.nix new file mode 100644 index 0000000..c2b1a50 --- /dev/null +++ b/nextcloud.nix @@ -0,0 +1,99 @@ +# Nextcloud instance +{ config, pkgs, ... }: +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedUDPPorts = [ 443 ]; + + services.nextcloud = { + package = pkgs.nextcloud28; + enable = true; + hostName = "nextcloud.vsinerva.fi"; + autoUpdateApps.enable = true; + https = true; + maxUploadSize = "10G"; + config = { + overwriteProtocol = "https"; + adminpassFile = "/var/lib/nextcloud/adminpass"; + }; + }; + + services.nginx.virtualHosts = + { + ${config.services.nextcloud.hostName} = { + forceSSL = true; + kTLS = true; + sslCertificate = "/var/lib/nextcloud/nextcloud_fullchain.pem"; + sslCertificateKey = "/var/lib/nextcloud/nextcloud_privkey.pem"; + locations = { + "/".proxyWebsockets = true; + "~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)" = {}; + }; + }; + }; + + services.nginx.virtualHosts."collabora.vsinerva.fi" = + { + forceSSL = true; + sslCertificate = "/var/lib/nextcloud/collabora_fullchain.pem"; + sslCertificateKey = "/var/lib/nextcloud/collabora_privkey.pem"; + locations = { + # static files + "^~ /loleaflet" = { + proxyPass = "https://localhost:9980"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + # WOPI discovery URL + "^~ /hosting/discovery" = { + proxyPass = "https://localhost:9980"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + + # Capabilities + "^~ /hosting/capabilities" = { + proxyPass = "https://localhost:9980"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + + # download, presentation, image upload and websocket + "~ ^/lool" = { + proxyPass = "https://localhost:9980"; + extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 36000s; + ''; + }; + + # Admin Console websocket + "^~ /lool/adminws" = { + proxyPass = "https://localhost:9980"; + extraConfig = '' + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 36000s; + ''; + }; + }; + }; + + virtualisation.oci-containers = { + backend = "docker"; + containers.collabora = { + image = "collabora/code"; + ports = ["9980:9980"]; + environment = { + domain = "collabora.vsinerva.fi"; + extra_params = "--o:ssl.enable=true --o:ssl.termination=true"; + }; + extraOptions = ["--cap-add" "MKNOD"]; + }; + }; +} diff --git a/nfs-server.nix b/nfs-server.nix new file mode 100644 index 0000000..9b62830 --- /dev/null +++ b/nfs-server.nix @@ -0,0 +1,20 @@ +#Main local NFS server with /home/vili etc. +{ config, pkgs, ... }: +{ + networking.firewall.allowedTCPPorts = [ 111 2049 4000 4001 4002 20048 ]; + networking.firewall.allowedUDPPorts = [ 111 2049 4000 4001 4002 20048 ]; + + services.nfs.server = + { + enable = true; + # fixed rpc.statd port; for (proxmox) firewall + statdPort = 4000; + lockdPort = 4001; + mountdPort = 4002; + extraNfsdConfig = ''''; + createMountPoints = true; + exports = '' + /mnt/srv/nixos-conf 192.168.0.0/23(rw,no_root_squash) 172.16.0.0/24(rw,no_root_squash) 192.168.2.0/23(no_root_squash) 192.168.4.0/22(no_root_squash) 192.168.8.0/23(no_root_squash) + ''; + }; +} diff --git a/vaultwarden.nix b/vaultwarden.nix new file mode 100644 index 0000000..8889241 --- /dev/null +++ b/vaultwarden.nix @@ -0,0 +1,49 @@ +# Nextcloud instance +{ config, pkgs, ... }: +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedUDPPorts = [ 443 ]; + + services = { + vaultwarden = { + enable = true; + environmentFile = "/var/lib/vaultwarden/vaultwarden.env"; + config = { + DOMAIN = "https://vaultwarden.vsinerva.fi"; + LOGIN_RATELIMIT_MAX_BURST = 10; + LOGIN_RATELIMIT_SECONDS = 60; + ADMIN_RATELIMIT_MAX_BURST = 10; + ADMIN_RATELIMIT_SECONDS = 60; + SENDS_ALLOWED = true; + EMERGENCY_ACCESS_ALLOWED = true; + WEB_VAULT_ENABLED = true; + SIGNUPS_ALLOWED = true; + SIGNUPS_VERIFY = true; + SIGNUPS_VERIFY_RESEND_TIME = 3600; + SIGNUPS_VERIFY_RESEND_LIMIT = 5; + SMTP_HOST = "smtp.gmail.com"; + SMTP_FROM = "vmsskv12@gmail.com"; + SMTP_FROM_NAME = "Vaultwarden"; + SMTP_SECURITY = "force_tls"; + SMTP_PRT = 587; + SMTP_USERNAME = "vmsskv12@gmail.com"; + SMTP_AUTH_MECHANISM = "Login"; + }; + }; + + nginx = { + enable = true; + recommendedGzipSettings = true; + + virtualHosts."vaultwarden.vsinerva.fi" = { + forceSSL = true; + kTLS = true; + sslCertificate = "/var/lib/vaultwarden/fullchain.pem"; + sslCertificateKey = "/var/lib/vaultwarden/privkey.pem"; + locations."/" = { + proxyPass = "http://127.0.0.1:8000"; + }; + }; + }; + }; +} diff --git a/vili.nix b/vili.nix new file mode 100644 index 0000000..7884be0 --- /dev/null +++ b/vili.nix @@ -0,0 +1,20 @@ +#Config for main user 'vili' +{ config, pkgs, ... }: +{ + users.users.vili = { + isNormalUser = true; + home = "/home/vili"; + description = "Vili Sinervä"; + uid = 1000; + extraGroups = [ "wheel" "networkmanager" "audio" ]; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium" ]; + hashedPasswordFile = "/home/vili/.hashedPasswordFile"; + }; + + users.groups.vili.gid = 1000; + + programs.ssh = { + startAgent = true; + enableAskPassword = false; + }; +}