VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Format every file

Browse source
This commit is contained in:
Vili Sinervä 2024-06-02 16:18:19 +03:00
parent 4787fea598
commit cbe88024dd
No known key found for this signature in database
GPG key ID: DF8FEAF54EFAC996
13 changed files with 1034 additions and 932 deletions
Download patch file Download diff file Expand all files Collapse all files

217
base.nix
View file

@ -1,133 +1,132 @@
#Basic system config
{ config, pkgs, ... }:
{
#################### Packages ####################
environment.systemPackages = with pkgs; [
rxvt-unicode-emoji
tmux
git
unison
nano
p7zip
tree
];
#################### Packages ####################
environment.systemPackages = with pkgs; [
rxvt-unicode-emoji
tmux
git
nano
p7zip
tree
];
#################### ZSH configuration ####################
users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ];
programs.zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
ohMyZsh = {
#################### ZSH configuration ####################
users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ];
programs.zsh = {
enable = true;
plugins = [ "history-substring-search" "tmux" ];
theme = "af-magic";
};
interactiveShellInit =
''
ZSH_TMUX_AUTOSTART=false
ZSH_TMUX_AUTOQUIT=false
ZSH_TMUX_CONFIG=/etc/tmux.conf
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
ohMyZsh = {
enable = true;
plugins = [
"history-substring-search"
"tmux"
];
theme = "af-magic";
};
interactiveShellInit = ''
ZSH_TMUX_AUTOSTART=false
ZSH_TMUX_AUTOQUIT=false
ZSH_TMUX_CONFIG=/etc/tmux.conf
'';
promptInit =
''
if [ -n "$IN_NIX_SHELL" ]; then
setopt PROMPT_SUBST
RPROMPT+='[nix]'
fi
promptInit = ''
if [ -n "$IN_NIX_SHELL" ]; then
setopt PROMPT_SUBST
RPROMPT+='[nix]'
fi
'';
};
#################### tmux configuration ####################
programs.tmux.enable = true;
programs.tmux.extraConfig = ''
unbind C-b
set -g prefix M-w
bind M-w send-prefix
#################### tmux configuration ####################
programs.tmux.enable = true;
programs.tmux.extraConfig =
''
unbind C-b
set -g prefix M-w
bind M-w send-prefix
bind s split-window -v
bind v split-window -h
bind s split-window -v
bind v split-window -h
# Smart pane switching with awareness of Vim splits.
# bind -n C-i run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-i) || tmux select-pane -L"
# bind -n C-n run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-n) || tmux select-pane -D"
# bind -n C-e run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-e) || tmux select-pane -U"
# bind -n C-o run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-o) || tmux select-pane -R"
bind -n C-h run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-h) || tmux select-pane -L"
bind -n C-j run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-j) || tmux select-pane -D"
bind -n C-k run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-k) || tmux select-pane -U"
bind -n C-l run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-l) || tmux select-pane -R"
# Smart pane switching with awareness of Vim splits.
# bind -n C-i run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-i) || tmux select-pane -L"
# bind -n C-n run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-n) || tmux select-pane -D"
# bind -n C-e run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-e) || tmux select-pane -U"
# bind -n C-o run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-o) || tmux select-pane -R"
bind -n C-h run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-h) || tmux select-pane -L"
bind -n C-j run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-j) || tmux select-pane -D"
bind -n C-k run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-k) || tmux select-pane -U"
bind -n C-l run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-l) || tmux select-pane -R"
bind -n C-Left select-pane -L
bind -n C-Right select-pane -R
bind -n C-Up select-pane -U
bind -n C-Down select-pane -D
bind -n C-Left select-pane -L
bind -n C-Right select-pane -R
bind -n C-Up select-pane -U
bind -n C-Down select-pane -D
# resize panes more easily
# bind -r i resize-pane -L 10
# bind -r n resize-pane -D 10
# bind -r e resize-pane -U 10
# bind -r o resize-pane -R 10
bind -r h resize-pane -L 10
bind -r j resize-pane -D 10
bind -r k resize-pane -U 10
bind -r l resize-pane -R 10
# resize panes more easily
# bind -r i resize-pane -L 10
# bind -r n resize-pane -D 10
# bind -r e resize-pane -U 10
# bind -r o resize-pane -R 10
bind -r h resize-pane -L 10
bind -r j resize-pane -D 10
bind -r k resize-pane -U 10
bind -r l resize-pane -R 10
bind M-c attach -c "#{pane_current_path}"
bind M-c attach -c "#{pane_current_path}"
set -s escape-time 0
# unbind -n tab
set -s escape-time 0
# unbind -n tab
'';
#################### SSH configuration ####################
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium" ];
#################### SSH configuration ####################
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium"
];
#################### BASE ####################
nixpkgs.config.allowUnfree = true;
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
#################### BASE ####################
nixpkgs.config.allowUnfree = true;
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
users.mutableUsers = false; # Force all user management to happen throught nix-files
users.mutableUsers = false; # Force all user management to happen throught nix-files
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
services.xserver.xkb = {
layout = "us,";
variant = "de_se_fi,";
};
console = pkgs.lib.mkForce {
font = "Lat2-Terminus16";
useXkbConfig = true; # use xkbOptions in tty.
};
time.timeZone = "Europe/Helsinki";
#################### Housekeeping ####################
system.autoUpgrade = {
enable = true;
dates = "04:00";
randomizedDelaySec = "30min";
};
nix = {
settings = {
auto-optimise-store = true;
tarball-ttl = 0;
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
services.xserver.xkb = {
layout = "us,";
variant = "de_se_fi,";
};
gc = {
automatic = true;
options = "--delete-older-than 7d";
dates = "05:00";
console = pkgs.lib.mkForce {
font = "Lat2-Terminus16";
useXkbConfig = true; # use xkbOptions in tty.
};
time.timeZone = "Europe/Helsinki";
#################### Housekeeping ####################
system.autoUpgrade = {
enable = true;
dates = "04:00";
randomizedDelaySec = "30min";
};
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
}
nix = {
settings = {
auto-optimise-store = true;
tarball-ttl = 0;
};
gc = {
automatic = true;
options = "--delete-older-than 7d";
dates = "05:00";
randomizedDelaySec = "30min";
};
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
}

30
configuration.nix
View file

@ -9,21 +9,21 @@ let
ref = "main";
};
in
{
# Verification will be available soon, so keeping this here as a reminder
# publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium";
# nix.settings.experimental-features = "verified-fetches";
{
# Verification will be available soon, so keeping this here as a reminder
# publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium";
# nix.settings.experimental-features = "verified-fetches";
imports = [
./hardware-configuration.nix
"${repo}/machine-confs/${host}.nix"
];
imports = [
./hardware-configuration.nix
"${repo}/machine-confs/${host}.nix"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = stateVersion; # Did you read the comment?
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = stateVersion; # Did you read the comment?
}

1033
desktop.nix
View file

File diff suppressed because it is too large Load diff

302
development.nix
View file

@ -1,165 +1,153 @@
#Development setup
{ config, pkgs, ... }:
{
#################### Git configuration ####################
programs.git = {
enable = true;
lfs.enable = true;
config = {
user = {
email = "vili.m.sinerva@gmail.com";
name = "Vili Sinervä";
signingkey = "/home/vili/.ssh/id_ed25519.pub";
#################### Git configuration ####################
programs.git = {
enable = true;
lfs.enable = true;
config = {
user = {
email = "vili.m.sinerva@gmail.com";
name = "Vili Sinervä";
signingkey = "/home/vili/.ssh/id_ed25519.pub";
};
merge = {
ff = "true";
};
pull = {
ff = "only";
};
gpg.format = "ssh";
commit.gpgsign = "true";
};
merge = {
ff = "true";
};
pull = {
ff = "only";
};
gpg.format = "ssh";
commit.gpgsign = "true";
};
};
#################### Packages ####################
environment.systemPackages = with pkgs; [
cmake
gnumake
gcc
gdb
nodejs-slim
clang clang-tools clang-analyzer
docker-compose docker
python311
python311Packages.pip
pypy3
rustup
];
#################### Packages ####################
environment.systemPackages = with pkgs; [
cmake
gnumake
gcc
gdb
nodejs-slim
clang
clang-tools
clang-analyzer
docker-compose
docker
python311
python311Packages.pip
pypy3
rustup
nixfmt-rfc-style
];
#################### Neovim configuration ####################
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
configure = {
packages.myVimPackage = with pkgs.vimPlugins; {
start = [ nerdtree nerdtree-git-plugin
vim-gitgutter vim-fugitive vim-tmux-navigator
coc-nvim coc-pairs
coc-clangd coc-cmake
coc-docker
coc-json
coc-ltex
coc-markdownlint
coc-sh
coc-toml
coc-yaml
coc-pyright
coc-tsserver
coc-rust-analyzer
vim-nix
];
#################### Neovim configuration ####################
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
configure = {
packages.myVimPackage = with pkgs.vimPlugins; {
start = [
nerdtree
nerdtree-git-plugin
vim-gitgutter
vim-fugitive
vim-tmux-navigator
coc-nvim
coc-pairs
coc-clangd
coc-cmake
coc-docker
coc-json
coc-ltex
coc-markdownlint
coc-sh
coc-toml
coc-yaml
coc-pyright
coc-tsserver
coc-rust-analyzer
];
};
customRC =
let
coc-config = "${pkgs.writeTextDir "coc-settings.json" ''
{
"workspace.ignoredFolders": [
"$HOME",
"$HOME/.cargo/**",
"$HOME/.rustup/**"
],
rust-analyzer.inlayHints.bindingModeHints.enable: true,
rust-analyzer.inlayHints.closureReturnTypeHints.enable: "always",
rust-analyzer.inlayHints.discriminantHints.enable: "always",
rust-analyzer.inlayHints.expressionAdjustmentHints.enable: "always",
rust-analyzer.inlayHints.expressionAdjustmentHints.hideOutsideUnsafe: true,
rust-analyzer.inlayHints.lifetimeElisionHints.enable: "always",
rust-analyzer.inlayHints.lifetimeElisionHints.useParameterNames: true
}
''}";
in
''
syntax on
set foldmethod=syntax
set number
" set relativenumber
set colorcolumn=100
set signcolumn=yes
let NERDTreeShowLineNumbers=1
set background=dark
set showcmd
set scrolloff=16
filetype plugin indent on
set autoindent
set shiftwidth=3
set tabstop=3
" Some servers have issues with backup files, see #649
set nobackup
set nowritebackup
" Having longer updatetime (default is 4000 ms = 4s) leads to noticeable
" delays and poor user experience
set updatetime=300
" Make <CR> to accept selected completion item or notify coc.nvim to format
" <C-g>u breaks current undo, please make your own choice.
inoremap <silent><expr> <CR> coc#pum#visible() ? coc#pum#confirm()
\: "\<C-g>u\<CR>\<c-r>=coc#on_enter()\<CR>"
" Navigate suggestion list with tab and shift-tab
inoremap <expr> <Tab> coc#pum#visible() ? coc#pum#next(1) : "\<Tab>"
inoremap <expr> <S-Tab> coc#pum#visible() ? coc#pum#prev(1) : "\<S-Tab>"
" If another buffer tries to replace NERDTree, put it in the other window, and bring back NERDTree.
autocmd BufEnter * if winnr() == winnr('h') && bufname('#') =~ 'NERD_tree_\d\+' && bufname('%') !~ 'NERD_tree_\d\+' && winnr('$') > 1 |
\ let buf=bufnr() | buffer# | execute "normal! \<C-W>w" | execute 'buffer'.buf | endif
" Start NERDTree. If a file is specified, move the cursor to its window.
autocmd StdinReadPre * let s:std_in=1
autocmd VimEnter * NERDTree | if argc() > 0 || exists('s:std_in') | wincmd p | endif
let g:coc_filetype_map = {'tex': 'latex'}
let g:coc_config_home = "${coc-config}"
let g:tmux_navigator_no_mappings = 1
noremap <silent> <C-h> :<C-U>TmuxNavigateLeft<cr>
noremap <silent> <C-j> :<C-U>TmuxNavigateDown<cr>
noremap <silent> <C-k> :<C-U>TmuxNavigateUp<cr>
noremap <silent> <C-l> :<C-U>TmuxNavigateRight<cr>
augroup nixcmd
autocmd!
autocmd BufWritePre *.nix %!nixfmt
augroup END
'';
};
};
customRC =
let
coc-config = "${pkgs.writeTextDir "coc-settings.json"
''
{
"workspace.ignoredFolders": [
"$HOME",
"$HOME/.cargo/**",
"$HOME/.rustup/**"
],
rust-analyzer.inlayHints.bindingModeHints.enable: true,
rust-analyzer.inlayHints.closureReturnTypeHints.enable: "always",
rust-analyzer.inlayHints.discriminantHints.enable: "always",
rust-analyzer.inlayHints.expressionAdjustmentHints.enable: "always",
rust-analyzer.inlayHints.expressionAdjustmentHints.hideOutsideUnsafe: true,
rust-analyzer.inlayHints.lifetimeElisionHints.enable: "always",
rust-analyzer.inlayHints.lifetimeElisionHints.useParameterNames: true
}
''}";
in
''
syntax on
set foldmethod=syntax
set number
" set relativenumber
set colorcolumn=100
set signcolumn=yes
let NERDTreeShowLineNumbers=1
set background=dark
set showcmd
set scrolloff=16
filetype plugin indent on
set autoindent
set shiftwidth=3
set tabstop=3
" Some servers have issues with backup files, see #649
set nobackup
set nowritebackup
" Having longer updatetime (default is 4000 ms = 4s) leads to noticeable
" delays and poor user experience
set updatetime=300
" Make <CR> to accept selected completion item or notify coc.nvim to format
" <C-g>u breaks current undo, please make your own choice.
inoremap <silent><expr> <CR> coc#pum#visible() ? coc#pum#confirm()
\: "\<C-g>u\<CR>\<c-r>=coc#on_enter()\<CR>"
" Navigate suggestion list with tab and shift-tab
inoremap <expr> <Tab> coc#pum#visible() ? coc#pum#next(1) : "\<Tab>"
inoremap <expr> <S-Tab> coc#pum#visible() ? coc#pum#prev(1) : "\<S-Tab>"
" If another buffer tries to replace NERDTree, put it in the other window, and bring back NERDTree.
autocmd BufEnter * if winnr() == winnr('h') && bufname('#') =~ 'NERD_tree_\d\+' && bufname('%') !~ 'NERD_tree_\d\+' && winnr('$') > 1 |
\ let buf=bufnr() | buffer# | execute "normal! \<C-W>w" | execute 'buffer'.buf | endif
" Start NERDTree. If a file is specified, move the cursor to its window.
autocmd StdinReadPre * let s:std_in=1
autocmd VimEnter * NERDTree | if argc() > 0 || exists('s:std_in') | wincmd p | endif
let g:coc_filetype_map = {'tex': 'latex'}
let g:coc_config_home = "${coc-config}"
let g:tmux_navigator_no_mappings = 1
" noremap <silent> <C-i> :<C-U>TmuxNavigateLeft<cr>
" noremap <silent> <C-n> :<C-U>TmuxNavigateDown<cr>
" noremap <silent> <C-e> :<C-U>TmuxNavigateUp<cr>
" noremap <silent> <C-o> :<C-U>TmuxNavigateRight<cr>
noremap <silent> <C-h> :<C-U>TmuxNavigateLeft<cr>
noremap <silent> <C-j> :<C-U>TmuxNavigateDown<cr>
noremap <silent> <C-k> :<C-U>TmuxNavigateUp<cr>
noremap <silent> <C-l> :<C-U>TmuxNavigateRight<cr>
" Noremap i h
" Noremap <S-i> <S-h>
" Noremap n j
" Noremap <S-n> <S-j>
" Noremap e k
" Noremap <S-e> <S-k>
" Noremap o l
" Noremap <S-o> <S-l>
" Noremap h i
" Noremap <S-h> <S-i>
" Noremap l o
" Noremap <S-l> <S-o>
" Noremap j e
" Noremap <S-j> <S-e>
" Nnoremap k n
" Nnoremap <S-k> <S-n>
" Let NERDTreeMapOpenExpl='\e'
'';
};
};
}
}

225
machine-confs/helium.nix
View file

@ -1,13 +1,24 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
networking = {
hostName = "helium";
firewall.allowedUDPPorts = [ 51820 51821 ];
firewall.allowedUDPPorts = [
51820
51821
];
wg-quick.interfaces = {
wg0 = {
autostart = false;
address = [ "172.16.0.2/24" ];
dns = [ "192.168.0.1" "vsinerva.fi" ];
dns = [
"192.168.0.1"
"vsinerva.fi"
];
privateKeyFile = "/root/wireguard-keys/privatekey-home";
listenPort = 51820;
@ -29,7 +40,10 @@
peers = [
{
publicKey = "XSYHg0utIR1j7kRsWFwuWNo4RPD47KP53cVa6qDPtRE=";
allowedIPs = [ "0.0.0.0/0" "192.168.0.0/24" ];
allowedIPs = [
"0.0.0.0/0"
"192.168.0.0/24"
];
endpoint = "netflix.vsinerva.fi:51821";
}
];
@ -52,92 +66,147 @@
];
disabledModules = [ "services/hardware/libinput.nix" ];
nixpkgs.overlays =
[
(final: prev:
{
nixpkgs.overlays = [
(final: prev: {
moonlight-qt = prev.moonlight-qt.overrideAttrs (old: {
patches = (old.patches or []) ++ [ ../misc/mouse-accel.patch ];
patches = (old.patches or [ ]) ++ [ ../misc/mouse-accel.patch ];
});
})
];
environment.systemPackages = with pkgs; [
zenmonitor moonlight-qt parsec-bin via
zenmonitor
moonlight-qt
parsec-bin
via
];
# HARDWARE SPECIFIC
boot.initrd.kernelModules = [ "amdgpu" ];
hardware = {
opengl.extraPackages = with pkgs; [
rocmPackages.clr.icd
];
logitech.wireless = {
enable = true;
enableGraphical = true;
};
};
services = {
xserver = {
videoDrivers = [ "amdgpu" "modesetting" ];
deviceSection = ''
Option "DRI" "2"
Option "TearFree" "true"
'';
displayManager.setupCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360
'';
};
libinput.mouse = {
accelProfile = "custom";
accelPointsMotion = [ 0.00000 0.02000 0.04000 0.06000 0.08000 0.10000 0.12000 0.14000 0.16000 0.18000 0.20000 0.25250 0.31000 0.37250 0.44000 0.51250 0.59000 0.67250 0.76000 0.85250 0.95000 1.15500 1.37000 1.59500 1.83000 2.07500 2.33000 2.59500 2.87000 3.15500 3.45000 3.75500 4.07000 4.39500 4.73000 5.07500 5.43000 5.79500 6.17000 6.55500 6.95000 7.35500 7.77000 8.19500 8.63000 9.07500 9.53000 9.99500 10.47000 10.95500 11.45000 11.95000 ];
accelStepMotion = 0.05;
};
redshift = {
executable = "/bin/redshift-gtk";
enable = true;
temperature = {
night = 2800;
day = 6500;
};
brightness = {
night = "0.5";
day = "1";
# HARDWARE SPECIFIC
boot.initrd.kernelModules = [ "amdgpu" ];
hardware = {
opengl.extraPackages = with pkgs; [ rocmPackages.clr.icd ];
logitech.wireless = {
enable = true;
enableGraphical = true;
};
};
devmon.enable = true;
gvfs.enable = true;
udisks2.enable = true;
};
location = {
latitude = 60.17;
longitude = 24.94;
};
services = {
xserver = {
videoDrivers = [
"amdgpu"
"modesetting"
];
deviceSection = ''
Option "DRI" "2"
Option "TearFree" "true"
'';
# Swap + hibernate
swapDevices = [
{
device = "/var/lib/swapfile";
size = 16*1024;
}
];
boot.resumeDevice = "/dev/mapper/luks-f6e1979b-0dee-4ee9-8170-10490019854b";
boot.kernelParams = [ "resume_offset=44537856" ];
services.logind = {
lidSwitch = "hibernate";
};
displayManager.setupCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360
'';
};
# Keychron Q11
services.udev.extraRules = ''
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="01e0", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
'';
libinput.mouse = {
accelProfile = "custom";
accelPointsMotion = [
0.0
2.0e-2
4.0e-2
6.0e-2
8.0e-2
0.1
0.12
0.14
0.16
0.18
0.2
0.2525
0.31
0.3725
0.44
0.5125
0.59
0.6725
0.76
0.8525
0.95
1.155
1.37
1.595
1.83
2.075
2.33
2.595
2.87
3.155
3.45
3.755
4.07
4.395
4.73
5.075
5.43
5.795
6.17
6.555
6.95
7.355
7.77
8.195
8.63
9.075
9.53
9.995
10.47
10.955
11.45
11.95
];
accelStepMotion = 5.0e-2;
};
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
redshift = {
executable = "/bin/redshift-gtk";
enable = true;
temperature = {
night = 2800;
day = 6500;
};
brightness = {
night = "0.5";
day = "1";
};
};
devmon.enable = true;
gvfs.enable = true;
udisks2.enable = true;
};
location = {
latitude = 60.17;
longitude = 24.94;
};
# Swap + hibernate
swapDevices = [
{
device = "/var/lib/swapfile";
size = 16 * 1024;
}
];
boot.resumeDevice = "/dev/mapper/luks-f6e1979b-0dee-4ee9-8170-10490019854b";
boot.kernelParams = [ "resume_offset=44537856" ];
services.logind = {
lidSwitch = "hibernate";
};
# Keychron Q11
services.udev.extraRules = ''
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="01e0", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
'';
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

10
machine-confs/nextcloud.nix
View file

@ -7,11 +7,11 @@
../nextcloud.nix
];
# HARDWARE SPECIFIC
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
services.qemuGuest.enable = true;
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

9
machine-confs/nixos-cpu.nix
View file

@ -9,11 +9,10 @@
../syncthing.nix
];
# HARDWARE SPECIFIC
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
services.qemuGuest.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

10
machine-confs/vaultwarden.nix
View file

@ -7,11 +7,11 @@
../vaultwarden.nix
];
# HARDWARE SPECIFIC
# HARDWARE SPECIFIC
services.qemuGuest.enable = true;
services.qemuGuest.enable = true;
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

51
machine-confs/wg-rpi.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
SSID = "ENTER_SSID";
SSIDpassword = "ENTER_PASSWORD";
@ -6,12 +11,15 @@ let
wg_interface = "end0";
hostname = "netflix-huijaus";
ddPassFile = "/root/wg-conf/ddPassFile";
in {
imports = [
../base.nix
];
in
{
imports = [ ../base.nix ];
environment.systemPackages = with pkgs; [ git wireguard-tools qrencode ];
environment.systemPackages = with pkgs; [
git
wireguard-tools
qrencode
];
# enable NAT
networking.nat.enable = true;
@ -33,15 +41,14 @@ in {
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE
'';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE
'';
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
@ -50,27 +57,33 @@ in {
privateKeyFile = "/root/wg-conf/private";
peers = [
{ # Vili Android
{
# Vili Android
publicKey = "niKpC3+Pi4HrYITlzROzqRcxzfzRw1rjpxeJVOr/WAw=";
allowedIPs = [ "10.100.0.2/32" ];
}
{ # Miika Puhelin
{
# Miika Puhelin
publicKey = "mcOs94W9jqn3SGgc8uWbnmUv0tja/P6tAvaCg3WYKlY=";
allowedIPs = [ "10.100.0.3/32" ];
}
{ # Miika Kone
{
# Miika Kone
publicKey = "7m7wnwNlmxZfUNvUOYNh4mTNbOsig7z2K/svUhDHFDY=";
allowedIPs = [ "10.100.0.4/32" ];
}
{ # Silja Puhelin
{
# Silja Puhelin
publicKey = "f6wWd6KD63xwnKkre/ZgZxPJv9GfAXK9Zx/EQEq8cik=";
allowedIPs = [ "10.100.0.5/32" ];
}
{ # Silja Kone
{
# Silja Kone
publicKey = "t9cmHc6/+0njdzsTFnnhEGKfhCa2VXFrTH9hF1jOCXw=";
allowedIPs = [ "10.100.0.6/32" ];
}
{ # Vili helium
{
# Vili helium
publicKey = "iGO375NT9EK5LH+E9vjPRRJp+UM4rZ2d1RMVR3f5R0c=";
allowedIPs = [ "10.100.0.7/32" ];
}
@ -86,11 +99,15 @@ in {
username = "VSinerva";
passwordFile = ddPassFile;
};
#################### EVERYTHING BELOW THIS SHOULD NOT NEED TO CHANGE ####################
#################### EVERYTHING BELOW THIS SHOULD NOT NEED TO CHANGE ####################
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
initrd.availableKernelModules = [
"xhci_pci"
"usbhid"
"usb_storage"
];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;

29
nextcloud.nix
View file

@ -1,7 +1,10 @@
# Nextcloud instance
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [ 443 ];
services.nextcloud = {
@ -19,17 +22,17 @@
};
};
services.nginx.virtualHosts =
{
${config.services.nextcloud.hostName} = {
forceSSL = true;
kTLS = true;
sslCertificate = "/var/lib/nextcloud/nextcloud_fullchain.pem";
sslCertificateKey = "/var/lib/nextcloud/nextcloud_privkey.pem";
locations = {
"/".proxyWebsockets = true;
"~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)" = {};
};
services.nginx.virtualHosts = {
${config.services.nextcloud.hostName} = {
forceSSL = true;
kTLS = true;
sslCertificate = "/var/lib/nextcloud/nextcloud_fullchain.pem";
sslCertificateKey = "/var/lib/nextcloud/nextcloud_privkey.pem";
locations = {
"/".proxyWebsockets = true;
"~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)" =
{ };
};
};
}
};
}

35
syncthing.nix
View file

@ -25,7 +25,10 @@
folders =
let
default = {
devices = [ "helium" "nixos-cpu" ];
devices = [
"helium"
"nixos-cpu"
];
versioning = {
type = "trashcan";
params.cleanoutDays = "30";
@ -34,7 +37,13 @@
};
in
{
"~/Documents" = default // { devices = [ "helium" "nixos-cpu" "phone" ]; } ;
"~/Documents" = default // {
devices = [
"helium"
"nixos-cpu"
"phone"
];
};
"~/Downloads" = default;
"~/Music" = default;
"~/Pictures" = default;
@ -44,16 +53,16 @@
"~/Zotero" = default;
};
options = {
urAccepted = -1;
localAnnounceEnabled = false;
globalAnnounceEnabled = false;
natEnabled = false;
relaysEnabled = false;
};
options = {
urAccepted = -1;
localAnnounceEnabled = false;
globalAnnounceEnabled = false;
natEnabled = false;
relaysEnabled = false;
};
#TCP/UDP 22000 for transfers and UDP 21027 for discovery
openDefaultPorts = true;
};
}
#TCP/UDP 22000 for transfers and UDP 21027 for discovery
openDefaultPorts = true;
};
}

5
vaultwarden.nix
View file

@ -1,7 +1,10 @@
# Nextcloud instance
{ config, pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [ 443 ];
services = {

10
vili.nix
View file

@ -6,8 +6,14 @@
home = "/home/vili";
description = "Vili Sinervä";
uid = 1000;
extraGroups = [ "wheel" "networkmanager" "audio" ];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium" ];
extraGroups = [
"wheel"
"networkmanager"
"audio"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium"
];
hashedPasswordFile = "/home/vili/.hashedPasswordFile";
};