VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Format every file

Browse source
This commit is contained in:
Vili Sinervä 2024-06-02 16:18:19 +03:00
parent 4787fea598
commit cbe88024dd
No known key found for this signature in database
GPG key ID: DF8FEAF54EFAC996
13 changed files with 1034 additions and 932 deletions
Download patch file Download diff file Expand all files Collapse all files

21
base.nix
View file

@ -6,7 +6,6 @@ environment.systemPackages = with pkgs; [
rxvt-unicode-emoji rxvt-unicode-emoji
tmux tmux
git git
unison
nano nano
p7zip p7zip
tree tree
@ -21,17 +20,18 @@ programs.zsh = {
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
ohMyZsh = { ohMyZsh = {
enable = true; enable = true;
plugins = [ "history-substring-search" "tmux" ]; plugins = [
"history-substring-search"
"tmux"
];
theme = "af-magic"; theme = "af-magic";
}; };
interactiveShellInit = interactiveShellInit = ''
''
ZSH_TMUX_AUTOSTART=false ZSH_TMUX_AUTOSTART=false
ZSH_TMUX_AUTOQUIT=false ZSH_TMUX_AUTOQUIT=false
ZSH_TMUX_CONFIG=/etc/tmux.conf ZSH_TMUX_CONFIG=/etc/tmux.conf
''; '';
promptInit = promptInit = ''
''
if [ -n "$IN_NIX_SHELL" ]; then if [ -n "$IN_NIX_SHELL" ]; then
setopt PROMPT_SUBST setopt PROMPT_SUBST
RPROMPT+='[nix]' RPROMPT+='[nix]'
@ -39,11 +39,9 @@ programs.zsh = {
''; '';
}; };
#################### tmux configuration #################### #################### tmux configuration ####################
programs.tmux.enable = true; programs.tmux.enable = true;
programs.tmux.extraConfig = programs.tmux.extraConfig = ''
''
unbind C-b unbind C-b
set -g prefix M-w set -g prefix M-w
bind M-w send-prefix bind M-w send-prefix
@ -85,7 +83,9 @@ programs.tmux.extraConfig =
#################### SSH configuration #################### #################### SSH configuration ####################
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PasswordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium" ]; users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium"
];
#################### BASE #################### #################### BASE ####################
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -105,7 +105,6 @@ console = pkgs.lib.mkForce {
}; };
time.timeZone = "Europe/Helsinki"; time.timeZone = "Europe/Helsinki";
#################### Housekeeping #################### #################### Housekeeping ####################
system.autoUpgrade = { system.autoUpgrade = {
enable = true; enable = true;

27
desktop.nix
View file

@ -1,8 +1,7 @@
#Config for graphical desktop #Config for graphical desktop
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
i3status-conf = "${pkgs.writeText "i3status-conf" i3status-conf = "${pkgs.writeText "i3status-conf" ''
''
# i3status configuration file. # i3status configuration file.
# see "man i3status" for documentation. # see "man i3status" for documentation.
@ -83,8 +82,7 @@ let
hide_if_equals_localtime = true hide_if_equals_localtime = true
} }
''}"; ''}";
i3-conf = "${pkgs.writeText "i3config" i3-conf = "${pkgs.writeText "i3config" ''
''
# Set mod key (Mod1=<Alt>, Mod4=<Super>) # Set mod key (Mod1=<Alt>, Mod4=<Super>)
set $mod Mod4 set $mod Mod4
@ -473,13 +471,24 @@ Xresources = "${pkgs.writeText "Xresources" ''
in in
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
i3status rofi arandr btop i3status
rofi
arandr
btop
firefox firefox
telegram-desktop telegram-desktop
signal-desktop discord signal-desktop
tidal-hifi vlc pavucontrol viewnior discord
xfce.mousepad pcmanfm libreoffice evince tidal-hifi
brightnessctl networkmanagerapplet vlc
pavucontrol
viewnior
xfce.mousepad
pcmanfm
libreoffice
evince
brightnessctl
networkmanagerapplet
zotero zotero
flameshot flameshot
speedcrunch speedcrunch

54
development.nix
View file

@ -29,12 +29,16 @@ environment.systemPackages = with pkgs; [
gcc gcc
gdb gdb
nodejs-slim nodejs-slim
clang clang-tools clang-analyzer clang
docker-compose docker clang-tools
clang-analyzer
docker-compose
docker
python311 python311
python311Packages.pip python311Packages.pip
pypy3 pypy3
rustup rustup
nixfmt-rfc-style
]; ];
#################### Neovim configuration #################### #################### Neovim configuration ####################
@ -45,10 +49,16 @@ programs.neovim = {
vimAlias = true; vimAlias = true;
configure = { configure = {
packages.myVimPackage = with pkgs.vimPlugins; { packages.myVimPackage = with pkgs.vimPlugins; {
start = [ nerdtree nerdtree-git-plugin start = [
vim-gitgutter vim-fugitive vim-tmux-navigator nerdtree
coc-nvim coc-pairs nerdtree-git-plugin
coc-clangd coc-cmake vim-gitgutter
vim-fugitive
vim-tmux-navigator
coc-nvim
coc-pairs
coc-clangd
coc-cmake
coc-docker coc-docker
coc-json coc-json
coc-ltex coc-ltex
@ -59,13 +69,11 @@ programs.neovim = {
coc-pyright coc-pyright
coc-tsserver coc-tsserver
coc-rust-analyzer coc-rust-analyzer
vim-nix
]; ];
}; };
customRC = customRC =
let let
coc-config = "${pkgs.writeTextDir "coc-settings.json" coc-config = "${pkgs.writeTextDir "coc-settings.json" ''
''
{ {
"workspace.ignoredFolders": [ "workspace.ignoredFolders": [
"$HOME", "$HOME",
@ -81,7 +89,6 @@ programs.neovim = {
rust-analyzer.inlayHints.lifetimeElisionHints.useParameterNames: true rust-analyzer.inlayHints.lifetimeElisionHints.useParameterNames: true
} }
''}"; ''}";
in in
'' ''
syntax on syntax on
@ -103,7 +110,6 @@ programs.neovim = {
set shiftwidth=3 set shiftwidth=3
set tabstop=3 set tabstop=3
" Some servers have issues with backup files, see #649 " Some servers have issues with backup files, see #649
set nobackup set nobackup
set nowritebackup set nowritebackup
@ -132,33 +138,15 @@ programs.neovim = {
let g:coc_config_home = "${coc-config}" let g:coc_config_home = "${coc-config}"
let g:tmux_navigator_no_mappings = 1 let g:tmux_navigator_no_mappings = 1
" noremap <silent> <C-i> :<C-U>TmuxNavigateLeft<cr>
" noremap <silent> <C-n> :<C-U>TmuxNavigateDown<cr>
" noremap <silent> <C-e> :<C-U>TmuxNavigateUp<cr>
" noremap <silent> <C-o> :<C-U>TmuxNavigateRight<cr>
noremap <silent> <C-h> :<C-U>TmuxNavigateLeft<cr> noremap <silent> <C-h> :<C-U>TmuxNavigateLeft<cr>
noremap <silent> <C-j> :<C-U>TmuxNavigateDown<cr> noremap <silent> <C-j> :<C-U>TmuxNavigateDown<cr>
noremap <silent> <C-k> :<C-U>TmuxNavigateUp<cr> noremap <silent> <C-k> :<C-U>TmuxNavigateUp<cr>
noremap <silent> <C-l> :<C-U>TmuxNavigateRight<cr> noremap <silent> <C-l> :<C-U>TmuxNavigateRight<cr>
augroup nixcmd
" Noremap i h autocmd!
" Noremap <S-i> <S-h> autocmd BufWritePre *.nix %!nixfmt
" Noremap n j augroup END
" Noremap <S-n> <S-j>
" Noremap e k
" Noremap <S-e> <S-k>
" Noremap o l
" Noremap <S-o> <S-l>
" Noremap h i
" Noremap <S-h> <S-i>
" Noremap l o
" Noremap <S-l> <S-o>
" Noremap j e
" Noremap <S-j> <S-e>
" Nnoremap k n
" Nnoremap <S-k> <S-n>
" Let NERDTreeMapOpenExpl='\e'
''; '';
}; };
}; };

99
machine-confs/helium.nix
View file

@ -1,13 +1,24 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
networking = { networking = {
hostName = "helium"; hostName = "helium";
firewall.allowedUDPPorts = [ 51820 51821 ]; firewall.allowedUDPPorts = [
51820
51821
];
wg-quick.interfaces = { wg-quick.interfaces = {
wg0 = { wg0 = {
autostart = false; autostart = false;
address = [ "172.16.0.2/24" ]; address = [ "172.16.0.2/24" ];
dns = [ "192.168.0.1" "vsinerva.fi" ]; dns = [
"192.168.0.1"
"vsinerva.fi"
];
privateKeyFile = "/root/wireguard-keys/privatekey-home"; privateKeyFile = "/root/wireguard-keys/privatekey-home";
listenPort = 51820; listenPort = 51820;
@ -29,7 +40,10 @@
peers = [ peers = [
{ {
publicKey = "XSYHg0utIR1j7kRsWFwuWNo4RPD47KP53cVa6qDPtRE="; publicKey = "XSYHg0utIR1j7kRsWFwuWNo4RPD47KP53cVa6qDPtRE=";
allowedIPs = [ "0.0.0.0/0" "192.168.0.0/24" ]; allowedIPs = [
"0.0.0.0/0"
"192.168.0.0/24"
];
endpoint = "netflix.vsinerva.fi:51821"; endpoint = "netflix.vsinerva.fi:51821";
} }
]; ];
@ -52,10 +66,8 @@
]; ];
disabledModules = [ "services/hardware/libinput.nix" ]; disabledModules = [ "services/hardware/libinput.nix" ];
nixpkgs.overlays = nixpkgs.overlays = [
[ (final: prev: {
(final: prev:
{
moonlight-qt = prev.moonlight-qt.overrideAttrs (old: { moonlight-qt = prev.moonlight-qt.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ [ ../misc/mouse-accel.patch ]; patches = (old.patches or [ ]) ++ [ ../misc/mouse-accel.patch ];
}); });
@ -63,15 +75,16 @@
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
zenmonitor moonlight-qt parsec-bin via zenmonitor
moonlight-qt
parsec-bin
via
]; ];
# HARDWARE SPECIFIC # HARDWARE SPECIFIC
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
hardware = { hardware = {
opengl.extraPackages = with pkgs; [ opengl.extraPackages = with pkgs; [ rocmPackages.clr.icd ];
rocmPackages.clr.icd
];
logitech.wireless = { logitech.wireless = {
enable = true; enable = true;
enableGraphical = true; enableGraphical = true;
@ -80,7 +93,10 @@ hardware = {
services = { services = {
xserver = { xserver = {
videoDrivers = [ "amdgpu" "modesetting" ]; videoDrivers = [
"amdgpu"
"modesetting"
];
deviceSection = '' deviceSection = ''
Option "DRI" "2" Option "DRI" "2"
Option "TearFree" "true" Option "TearFree" "true"
@ -93,8 +109,61 @@ services = {
libinput.mouse = { libinput.mouse = {
accelProfile = "custom"; accelProfile = "custom";
accelPointsMotion = [ 0.00000 0.02000 0.04000 0.06000 0.08000 0.10000 0.12000 0.14000 0.16000 0.18000 0.20000 0.25250 0.31000 0.37250 0.44000 0.51250 0.59000 0.67250 0.76000 0.85250 0.95000 1.15500 1.37000 1.59500 1.83000 2.07500 2.33000 2.59500 2.87000 3.15500 3.45000 3.75500 4.07000 4.39500 4.73000 5.07500 5.43000 5.79500 6.17000 6.55500 6.95000 7.35500 7.77000 8.19500 8.63000 9.07500 9.53000 9.99500 10.47000 10.95500 11.45000 11.95000 ]; accelPointsMotion = [
accelStepMotion = 0.05; 0.0
2.0e-2
4.0e-2
6.0e-2
8.0e-2
0.1
0.12
0.14
0.16
0.18
0.2
0.2525
0.31
0.3725
0.44
0.5125
0.59
0.6725
0.76
0.8525
0.95
1.155
1.37
1.595
1.83
2.075
2.33
2.595
2.87
3.155
3.45
3.755
4.07
4.395
4.73
5.075
5.43
5.795
6.17
6.555
6.95
7.355
7.77
8.195
8.63
9.075
9.53
9.995
10.47
10.955
11.45
11.95
];
accelStepMotion = 5.0e-2;
}; };
redshift = { redshift = {

1
machine-confs/nixos-cpu.nix
View file

@ -15,5 +15,4 @@ services.qemuGuest.enable = true;
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
} }

45
machine-confs/wg-rpi.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
SSID = "ENTER_SSID"; SSID = "ENTER_SSID";
SSIDpassword = "ENTER_PASSWORD"; SSIDpassword = "ENTER_PASSWORD";
@ -6,12 +11,15 @@ let
wg_interface = "end0"; wg_interface = "end0";
hostname = "netflix-huijaus"; hostname = "netflix-huijaus";
ddPassFile = "/root/wg-conf/ddPassFile"; ddPassFile = "/root/wg-conf/ddPassFile";
in { in
imports = [ {
../base.nix imports = [ ../base.nix ];
];
environment.systemPackages = with pkgs; [ git wireguard-tools qrencode ]; environment.systemPackages = with pkgs; [
git
wireguard-tools
qrencode
];
# enable NAT # enable NAT
networking.nat.enable = true; networking.nat.enable = true;
@ -41,7 +49,6 @@ in {
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE
''; '';
# Path to the private key file. # Path to the private key file.
# #
# Note: The private key can also be included inline via the privateKey option, # Note: The private key can also be included inline via the privateKey option,
@ -50,27 +57,33 @@ in {
privateKeyFile = "/root/wg-conf/private"; privateKeyFile = "/root/wg-conf/private";
peers = [ peers = [
{ # Vili Android {
# Vili Android
publicKey = "niKpC3+Pi4HrYITlzROzqRcxzfzRw1rjpxeJVOr/WAw="; publicKey = "niKpC3+Pi4HrYITlzROzqRcxzfzRw1rjpxeJVOr/WAw=";
allowedIPs = [ "10.100.0.2/32" ]; allowedIPs = [ "10.100.0.2/32" ];
} }
{ # Miika Puhelin {
# Miika Puhelin
publicKey = "mcOs94W9jqn3SGgc8uWbnmUv0tja/P6tAvaCg3WYKlY="; publicKey = "mcOs94W9jqn3SGgc8uWbnmUv0tja/P6tAvaCg3WYKlY=";
allowedIPs = [ "10.100.0.3/32" ]; allowedIPs = [ "10.100.0.3/32" ];
} }
{ # Miika Kone {
# Miika Kone
publicKey = "7m7wnwNlmxZfUNvUOYNh4mTNbOsig7z2K/svUhDHFDY="; publicKey = "7m7wnwNlmxZfUNvUOYNh4mTNbOsig7z2K/svUhDHFDY=";
allowedIPs = [ "10.100.0.4/32" ]; allowedIPs = [ "10.100.0.4/32" ];
} }
{ # Silja Puhelin {
# Silja Puhelin
publicKey = "f6wWd6KD63xwnKkre/ZgZxPJv9GfAXK9Zx/EQEq8cik="; publicKey = "f6wWd6KD63xwnKkre/ZgZxPJv9GfAXK9Zx/EQEq8cik=";
allowedIPs = [ "10.100.0.5/32" ]; allowedIPs = [ "10.100.0.5/32" ];
} }
{ # Silja Kone {
# Silja Kone
publicKey = "t9cmHc6/+0njdzsTFnnhEGKfhCa2VXFrTH9hF1jOCXw="; publicKey = "t9cmHc6/+0njdzsTFnnhEGKfhCa2VXFrTH9hF1jOCXw=";
allowedIPs = [ "10.100.0.6/32" ]; allowedIPs = [ "10.100.0.6/32" ];
} }
{ # Vili helium {
# Vili helium
publicKey = "iGO375NT9EK5LH+E9vjPRRJp+UM4rZ2d1RMVR3f5R0c="; publicKey = "iGO375NT9EK5LH+E9vjPRRJp+UM4rZ2d1RMVR3f5R0c=";
allowedIPs = [ "10.100.0.7/32" ]; allowedIPs = [ "10.100.0.7/32" ];
} }
@ -90,7 +103,11 @@ in {
boot = { boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; initrd.availableKernelModules = [
"xhci_pci"
"usbhid"
"usb_storage"
];
loader = { loader = {
grub.enable = false; grub.enable = false;
generic-extlinux-compatible.enable = true; generic-extlinux-compatible.enable = true;

11
nextcloud.nix
View file

@ -1,7 +1,10 @@
# Nextcloud instance # Nextcloud instance
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [ 443 ]; networking.firewall.allowedUDPPorts = [ 443 ];
services.nextcloud = { services.nextcloud = {
@ -19,8 +22,7 @@
}; };
}; };
services.nginx.virtualHosts = services.nginx.virtualHosts = {
{
${config.services.nextcloud.hostName} = { ${config.services.nextcloud.hostName} = {
forceSSL = true; forceSSL = true;
kTLS = true; kTLS = true;
@ -28,7 +30,8 @@
sslCertificateKey = "/var/lib/nextcloud/nextcloud_privkey.pem"; sslCertificateKey = "/var/lib/nextcloud/nextcloud_privkey.pem";
locations = { locations = {
"/".proxyWebsockets = true; "/".proxyWebsockets = true;
"~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)" = {}; "~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)" =
{ };
}; };
}; };
}; };

13
syncthing.nix
View file

@ -25,7 +25,10 @@
folders = folders =
let let
default = { default = {
devices = [ "helium" "nixos-cpu" ]; devices = [
"helium"
"nixos-cpu"
];
versioning = { versioning = {
type = "trashcan"; type = "trashcan";
params.cleanoutDays = "30"; params.cleanoutDays = "30";
@ -34,7 +37,13 @@
}; };
in in
{ {
"~/Documents" = default // { devices = [ "helium" "nixos-cpu" "phone" ]; } ; "~/Documents" = default // {
devices = [
"helium"
"nixos-cpu"
"phone"
];
};
"~/Downloads" = default; "~/Downloads" = default;
"~/Music" = default; "~/Music" = default;
"~/Pictures" = default; "~/Pictures" = default;

5
vaultwarden.nix
View file

@ -1,7 +1,10 @@
# Nextcloud instance # Nextcloud instance
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [ 443 ]; networking.firewall.allowedUDPPorts = [ 443 ];
services = { services = {

10
vili.nix
View file

@ -6,8 +6,14 @@
home = "/home/vili"; home = "/home/vili";
description = "Vili Sinervä"; description = "Vili Sinervä";
uid = 1000; uid = 1000;
extraGroups = [ "wheel" "networkmanager" "audio" ]; extraGroups = [
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium" ]; "wheel"
"networkmanager"
"audio"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium"
];
hashedPasswordFile = "/home/vili/.hashedPasswordFile"; hashedPasswordFile = "/home/vili/.hashedPasswordFile";
}; };