VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Format every file

Browse source
This commit is contained in:
Vili Sinervä 2024-06-02 16:18:19 +03:00
parent 4787fea598
commit cbe88024dd
No known key found for this signature in database
GPG key ID: DF8FEAF54EFAC996
13 changed files with 1034 additions and 932 deletions
Download patch file Download diff file Expand all files Collapse all files

217
base.nix
View file

@ -1,133 +1,132 @@
#Basic system config #Basic system config
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
#################### Packages #################### #################### Packages ####################
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
rxvt-unicode-emoji rxvt-unicode-emoji
tmux tmux
git git
unison nano
nano p7zip
p7zip tree
tree ];
];
#################### ZSH configuration #################### #################### ZSH configuration ####################
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ]; environment.shells = with pkgs; [ zsh ];
programs.zsh = { programs.zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
ohMyZsh = {
enable = true; enable = true;
plugins = [ "history-substring-search" "tmux" ]; autosuggestions.enable = true;
theme = "af-magic"; syntaxHighlighting.enable = true;
}; ohMyZsh = {
interactiveShellInit = enable = true;
'' plugins = [
ZSH_TMUX_AUTOSTART=false "history-substring-search"
ZSH_TMUX_AUTOQUIT=false "tmux"
ZSH_TMUX_CONFIG=/etc/tmux.conf ];
theme = "af-magic";
};
interactiveShellInit = ''
ZSH_TMUX_AUTOSTART=false
ZSH_TMUX_AUTOQUIT=false
ZSH_TMUX_CONFIG=/etc/tmux.conf
''; '';
promptInit = promptInit = ''
'' if [ -n "$IN_NIX_SHELL" ]; then
if [ -n "$IN_NIX_SHELL" ]; then setopt PROMPT_SUBST
setopt PROMPT_SUBST RPROMPT+='[nix]'
RPROMPT+='[nix]' fi
fi
''; '';
}; };
#################### tmux configuration ####################
programs.tmux.enable = true;
programs.tmux.extraConfig = ''
unbind C-b
set -g prefix M-w
bind M-w send-prefix
#################### tmux configuration #################### bind s split-window -v
programs.tmux.enable = true; bind v split-window -h
programs.tmux.extraConfig =
''
unbind C-b
set -g prefix M-w
bind M-w send-prefix
bind s split-window -v # Smart pane switching with awareness of Vim splits.
bind v split-window -h # bind -n C-i run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-i) || tmux select-pane -L"
# bind -n C-n run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-n) || tmux select-pane -D"
# bind -n C-e run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-e) || tmux select-pane -U"
# bind -n C-o run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-o) || tmux select-pane -R"
bind -n C-h run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-h) || tmux select-pane -L"
bind -n C-j run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-j) || tmux select-pane -D"
bind -n C-k run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-k) || tmux select-pane -U"
bind -n C-l run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-l) || tmux select-pane -R"
# Smart pane switching with awareness of Vim splits. bind -n C-Left select-pane -L
# bind -n C-i run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-i) || tmux select-pane -L" bind -n C-Right select-pane -R
# bind -n C-n run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-n) || tmux select-pane -D" bind -n C-Up select-pane -U
# bind -n C-e run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-e) || tmux select-pane -U" bind -n C-Down select-pane -D
# bind -n C-o run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-o) || tmux select-pane -R"
bind -n C-h run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-h) || tmux select-pane -L"
bind -n C-j run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-j) || tmux select-pane -D"
bind -n C-k run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-k) || tmux select-pane -U"
bind -n C-l run "(tmux display-message -p '#{pane_current_command}' | grep -iq vim && tmux send-keys C-l) || tmux select-pane -R"
bind -n C-Left select-pane -L # resize panes more easily
bind -n C-Right select-pane -R # bind -r i resize-pane -L 10
bind -n C-Up select-pane -U # bind -r n resize-pane -D 10
bind -n C-Down select-pane -D # bind -r e resize-pane -U 10
# bind -r o resize-pane -R 10
bind -r h resize-pane -L 10
bind -r j resize-pane -D 10
bind -r k resize-pane -U 10
bind -r l resize-pane -R 10
# resize panes more easily bind M-c attach -c "#{pane_current_path}"
# bind -r i resize-pane -L 10
# bind -r n resize-pane -D 10
# bind -r e resize-pane -U 10
# bind -r o resize-pane -R 10
bind -r h resize-pane -L 10
bind -r j resize-pane -D 10
bind -r k resize-pane -U 10
bind -r l resize-pane -R 10
bind M-c attach -c "#{pane_current_path}" set -s escape-time 0
# unbind -n tab
set -s escape-time 0
# unbind -n tab
''; '';
#################### SSH configuration #################### #################### SSH configuration ####################
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PasswordAuthentication = false;
users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium" ]; users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium"
];
#################### BASE #################### #################### BASE ####################
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
users.mutableUsers = false; # Force all user management to happen throught nix-files users.mutableUsers = false; # Force all user management to happen throught nix-files
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
services.xserver.xkb = { services.xserver.xkb = {
layout = "us,"; layout = "us,";
variant = "de_se_fi,"; variant = "de_se_fi,";
};
console = pkgs.lib.mkForce {
font = "Lat2-Terminus16";
useXkbConfig = true; # use xkbOptions in tty.
};
time.timeZone = "Europe/Helsinki";
#################### Housekeeping ####################
system.autoUpgrade = {
enable = true;
dates = "04:00";
randomizedDelaySec = "30min";
};
nix = {
settings = {
auto-optimise-store = true;
tarball-ttl = 0;
}; };
gc = { console = pkgs.lib.mkForce {
automatic = true; font = "Lat2-Terminus16";
options = "--delete-older-than 7d"; useXkbConfig = true; # use xkbOptions in tty.
dates = "05:00"; };
time.timeZone = "Europe/Helsinki";
#################### Housekeeping ####################
system.autoUpgrade = {
enable = true;
dates = "04:00";
randomizedDelaySec = "30min"; randomizedDelaySec = "30min";
}; };
};
# Copy the NixOS configuration file and link it from the resulting system nix = {
# (/run/current-system/configuration.nix). This is useful in case you settings = {
# accidentally delete configuration.nix. auto-optimise-store = true;
system.copySystemConfiguration = true; tarball-ttl = 0;
} };
gc = {
automatic = true;
options = "--delete-older-than 7d";
dates = "05:00";
randomizedDelaySec = "30min";
};
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
}

30
configuration.nix
View file

@ -9,21 +9,21 @@ let
ref = "main"; ref = "main";
}; };
in in
{ {
# Verification will be available soon, so keeping this here as a reminder # Verification will be available soon, so keeping this here as a reminder
# publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium"; # publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium";
# nix.settings.experimental-features = "verified-fetches"; # nix.settings.experimental-features = "verified-fetches";
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
"${repo}/machine-confs/${host}.nix" "${repo}/machine-confs/${host}.nix"
]; ];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = stateVersion; # Did you read the comment? system.stateVersion = stateVersion; # Did you read the comment?
} }

1033
desktop.nix
View file

File diff suppressed because it is too large Load diff

302
development.nix
View file

@ -1,165 +1,153 @@
#Development setup #Development setup
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
#################### Git configuration #################### #################### Git configuration ####################
programs.git = { programs.git = {
enable = true; enable = true;
lfs.enable = true; lfs.enable = true;
config = { config = {
user = { user = {
email = "vili.m.sinerva@gmail.com"; email = "vili.m.sinerva@gmail.com";
name = "Vili Sinervä"; name = "Vili Sinervä";
signingkey = "/home/vili/.ssh/id_ed25519.pub"; signingkey = "/home/vili/.ssh/id_ed25519.pub";
};
merge = {
ff = "true";
};
pull = {
ff = "only";
};
gpg.format = "ssh";
commit.gpgsign = "true";
}; };
merge = {
ff = "true";
};
pull = {
ff = "only";
};
gpg.format = "ssh";
commit.gpgsign = "true";
}; };
};
#################### Packages #################### #################### Packages ####################
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cmake cmake
gnumake gnumake
gcc gcc
gdb gdb
nodejs-slim nodejs-slim
clang clang-tools clang-analyzer clang
docker-compose docker clang-tools
python311 clang-analyzer
python311Packages.pip docker-compose
pypy3 docker
rustup python311
]; python311Packages.pip
pypy3
rustup
nixfmt-rfc-style
];
#################### Neovim configuration #################### #################### Neovim configuration ####################
programs.neovim = { programs.neovim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
viAlias = true; viAlias = true;
vimAlias = true; vimAlias = true;
configure = { configure = {
packages.myVimPackage = with pkgs.vimPlugins; { packages.myVimPackage = with pkgs.vimPlugins; {
start = [ nerdtree nerdtree-git-plugin start = [
vim-gitgutter vim-fugitive vim-tmux-navigator nerdtree
coc-nvim coc-pairs nerdtree-git-plugin
coc-clangd coc-cmake vim-gitgutter
coc-docker vim-fugitive
coc-json vim-tmux-navigator
coc-ltex coc-nvim
coc-markdownlint coc-pairs
coc-sh coc-clangd
coc-toml coc-cmake
coc-yaml coc-docker
coc-pyright coc-json
coc-tsserver coc-ltex
coc-rust-analyzer coc-markdownlint
vim-nix coc-sh
]; coc-toml
coc-yaml
coc-pyright
coc-tsserver
coc-rust-analyzer
];
};
customRC =
let
coc-config = "${pkgs.writeTextDir "coc-settings.json" ''
{
"workspace.ignoredFolders": [
"$HOME",
"$HOME/.cargo/**",
"$HOME/.rustup/**"
],
rust-analyzer.inlayHints.bindingModeHints.enable: true,
rust-analyzer.inlayHints.closureReturnTypeHints.enable: "always",
rust-analyzer.inlayHints.discriminantHints.enable: "always",
rust-analyzer.inlayHints.expressionAdjustmentHints.enable: "always",
rust-analyzer.inlayHints.expressionAdjustmentHints.hideOutsideUnsafe: true,
rust-analyzer.inlayHints.lifetimeElisionHints.enable: "always",
rust-analyzer.inlayHints.lifetimeElisionHints.useParameterNames: true
}
''}";
in
''
syntax on
set foldmethod=syntax
set number
" set relativenumber
set colorcolumn=100
set signcolumn=yes
let NERDTreeShowLineNumbers=1
set background=dark
set showcmd
set scrolloff=16
filetype plugin indent on
set autoindent
set shiftwidth=3
set tabstop=3
" Some servers have issues with backup files, see #649
set nobackup
set nowritebackup
" Having longer updatetime (default is 4000 ms = 4s) leads to noticeable
" delays and poor user experience
set updatetime=300
" Make <CR> to accept selected completion item or notify coc.nvim to format
" <C-g>u breaks current undo, please make your own choice.
inoremap <silent><expr> <CR> coc#pum#visible() ? coc#pum#confirm()
\: "\<C-g>u\<CR>\<c-r>=coc#on_enter()\<CR>"
" Navigate suggestion list with tab and shift-tab
inoremap <expr> <Tab> coc#pum#visible() ? coc#pum#next(1) : "\<Tab>"
inoremap <expr> <S-Tab> coc#pum#visible() ? coc#pum#prev(1) : "\<S-Tab>"
" If another buffer tries to replace NERDTree, put it in the other window, and bring back NERDTree.
autocmd BufEnter * if winnr() == winnr('h') && bufname('#') =~ 'NERD_tree_\d\+' && bufname('%') !~ 'NERD_tree_\d\+' && winnr('$') > 1 |
\ let buf=bufnr() | buffer# | execute "normal! \<C-W>w" | execute 'buffer'.buf | endif
" Start NERDTree. If a file is specified, move the cursor to its window.
autocmd StdinReadPre * let s:std_in=1
autocmd VimEnter * NERDTree | if argc() > 0 || exists('s:std_in') | wincmd p | endif
let g:coc_filetype_map = {'tex': 'latex'}
let g:coc_config_home = "${coc-config}"
let g:tmux_navigator_no_mappings = 1
noremap <silent> <C-h> :<C-U>TmuxNavigateLeft<cr>
noremap <silent> <C-j> :<C-U>TmuxNavigateDown<cr>
noremap <silent> <C-k> :<C-U>TmuxNavigateUp<cr>
noremap <silent> <C-l> :<C-U>TmuxNavigateRight<cr>
augroup nixcmd
autocmd!
autocmd BufWritePre *.nix %!nixfmt
augroup END
'';
};
}; };
customRC = }
let
coc-config = "${pkgs.writeTextDir "coc-settings.json"
''
{
"workspace.ignoredFolders": [
"$HOME",
"$HOME/.cargo/**",
"$HOME/.rustup/**"
],
rust-analyzer.inlayHints.bindingModeHints.enable: true,
rust-analyzer.inlayHints.closureReturnTypeHints.enable: "always",
rust-analyzer.inlayHints.discriminantHints.enable: "always",
rust-analyzer.inlayHints.expressionAdjustmentHints.enable: "always",
rust-analyzer.inlayHints.expressionAdjustmentHints.hideOutsideUnsafe: true,
rust-analyzer.inlayHints.lifetimeElisionHints.enable: "always",
rust-analyzer.inlayHints.lifetimeElisionHints.useParameterNames: true
}
''}";
in
''
syntax on
set foldmethod=syntax
set number
" set relativenumber
set colorcolumn=100
set signcolumn=yes
let NERDTreeShowLineNumbers=1
set background=dark
set showcmd
set scrolloff=16
filetype plugin indent on
set autoindent
set shiftwidth=3
set tabstop=3
" Some servers have issues with backup files, see #649
set nobackup
set nowritebackup
" Having longer updatetime (default is 4000 ms = 4s) leads to noticeable
" delays and poor user experience
set updatetime=300
" Make <CR> to accept selected completion item or notify coc.nvim to format
" <C-g>u breaks current undo, please make your own choice.
inoremap <silent><expr> <CR> coc#pum#visible() ? coc#pum#confirm()
\: "\<C-g>u\<CR>\<c-r>=coc#on_enter()\<CR>"
" Navigate suggestion list with tab and shift-tab
inoremap <expr> <Tab> coc#pum#visible() ? coc#pum#next(1) : "\<Tab>"
inoremap <expr> <S-Tab> coc#pum#visible() ? coc#pum#prev(1) : "\<S-Tab>"
" If another buffer tries to replace NERDTree, put it in the other window, and bring back NERDTree.
autocmd BufEnter * if winnr() == winnr('h') && bufname('#') =~ 'NERD_tree_\d\+' && bufname('%') !~ 'NERD_tree_\d\+' && winnr('$') > 1 |
\ let buf=bufnr() | buffer# | execute "normal! \<C-W>w" | execute 'buffer'.buf | endif
" Start NERDTree. If a file is specified, move the cursor to its window.
autocmd StdinReadPre * let s:std_in=1
autocmd VimEnter * NERDTree | if argc() > 0 || exists('s:std_in') | wincmd p | endif
let g:coc_filetype_map = {'tex': 'latex'}
let g:coc_config_home = "${coc-config}"
let g:tmux_navigator_no_mappings = 1
" noremap <silent> <C-i> :<C-U>TmuxNavigateLeft<cr>
" noremap <silent> <C-n> :<C-U>TmuxNavigateDown<cr>
" noremap <silent> <C-e> :<C-U>TmuxNavigateUp<cr>
" noremap <silent> <C-o> :<C-U>TmuxNavigateRight<cr>
noremap <silent> <C-h> :<C-U>TmuxNavigateLeft<cr>
noremap <silent> <C-j> :<C-U>TmuxNavigateDown<cr>
noremap <silent> <C-k> :<C-U>TmuxNavigateUp<cr>
noremap <silent> <C-l> :<C-U>TmuxNavigateRight<cr>
" Noremap i h
" Noremap <S-i> <S-h>
" Noremap n j
" Noremap <S-n> <S-j>
" Noremap e k
" Noremap <S-e> <S-k>
" Noremap o l
" Noremap <S-o> <S-l>
" Noremap h i
" Noremap <S-h> <S-i>
" Noremap l o
" Noremap <S-l> <S-o>
" Noremap j e
" Noremap <S-j> <S-e>
" Nnoremap k n
" Nnoremap <S-k> <S-n>
" Let NERDTreeMapOpenExpl='\e'
'';
};
};
}

225
machine-confs/helium.nix
View file

@ -1,13 +1,24 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
networking = { networking = {
hostName = "helium"; hostName = "helium";
firewall.allowedUDPPorts = [ 51820 51821 ]; firewall.allowedUDPPorts = [
51820
51821
];
wg-quick.interfaces = { wg-quick.interfaces = {
wg0 = { wg0 = {
autostart = false; autostart = false;
address = [ "172.16.0.2/24" ]; address = [ "172.16.0.2/24" ];
dns = [ "192.168.0.1" "vsinerva.fi" ]; dns = [
"192.168.0.1"
"vsinerva.fi"
];
privateKeyFile = "/root/wireguard-keys/privatekey-home"; privateKeyFile = "/root/wireguard-keys/privatekey-home";
listenPort = 51820; listenPort = 51820;
@ -29,7 +40,10 @@
peers = [ peers = [
{ {
publicKey = "XSYHg0utIR1j7kRsWFwuWNo4RPD47KP53cVa6qDPtRE="; publicKey = "XSYHg0utIR1j7kRsWFwuWNo4RPD47KP53cVa6qDPtRE=";
allowedIPs = [ "0.0.0.0/0" "192.168.0.0/24" ]; allowedIPs = [
"0.0.0.0/0"
"192.168.0.0/24"
];
endpoint = "netflix.vsinerva.fi:51821"; endpoint = "netflix.vsinerva.fi:51821";
} }
]; ];
@ -52,92 +66,147 @@
]; ];
disabledModules = [ "services/hardware/libinput.nix" ]; disabledModules = [ "services/hardware/libinput.nix" ];
nixpkgs.overlays = nixpkgs.overlays = [
[ (final: prev: {
(final: prev:
{
moonlight-qt = prev.moonlight-qt.overrideAttrs (old: { moonlight-qt = prev.moonlight-qt.overrideAttrs (old: {
patches = (old.patches or []) ++ [ ../misc/mouse-accel.patch ]; patches = (old.patches or [ ]) ++ [ ../misc/mouse-accel.patch ];
}); });
}) })
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
zenmonitor moonlight-qt parsec-bin via zenmonitor
moonlight-qt
parsec-bin
via
]; ];
# HARDWARE SPECIFIC # HARDWARE SPECIFIC
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
hardware = { hardware = {
opengl.extraPackages = with pkgs; [ opengl.extraPackages = with pkgs; [ rocmPackages.clr.icd ];
rocmPackages.clr.icd logitech.wireless = {
]; enable = true;
logitech.wireless = { enableGraphical = true;
enable = true;
enableGraphical = true;
};
};
services = {
xserver = {
videoDrivers = [ "amdgpu" "modesetting" ];
deviceSection = ''
Option "DRI" "2"
Option "TearFree" "true"
'';
displayManager.setupCommands = ''
${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360
'';
};
libinput.mouse = {
accelProfile = "custom";
accelPointsMotion = [ 0.00000 0.02000 0.04000 0.06000 0.08000 0.10000 0.12000 0.14000 0.16000 0.18000 0.20000 0.25250 0.31000 0.37250 0.44000 0.51250 0.59000 0.67250 0.76000 0.85250 0.95000 1.15500 1.37000 1.59500 1.83000 2.07500 2.33000 2.59500 2.87000 3.15500 3.45000 3.75500 4.07000 4.39500 4.73000 5.07500 5.43000 5.79500 6.17000 6.55500 6.95000 7.35500 7.77000 8.19500 8.63000 9.07500 9.53000 9.99500 10.47000 10.95500 11.45000 11.95000 ];
accelStepMotion = 0.05;
};
redshift = {
executable = "/bin/redshift-gtk";
enable = true;
temperature = {
night = 2800;
day = 6500;
};
brightness = {
night = "0.5";
day = "1";
}; };
}; };
devmon.enable = true; services = {
gvfs.enable = true; xserver = {
udisks2.enable = true; videoDrivers = [
}; "amdgpu"
location = { "modesetting"
latitude = 60.17; ];
longitude = 24.94; deviceSection = ''
}; Option "DRI" "2"
Option "TearFree" "true"
'';
# Swap + hibernate displayManager.setupCommands = ''
swapDevices = [ ${pkgs.xorg.xrandr}/bin/xrandr --output DisplayPort-0 --auto --pos 0x0 --primary --output eDP --auto --pos 3840x360
{ '';
device = "/var/lib/swapfile"; };
size = 16*1024;
}
];
boot.resumeDevice = "/dev/mapper/luks-f6e1979b-0dee-4ee9-8170-10490019854b";
boot.kernelParams = [ "resume_offset=44537856" ];
services.logind = {
lidSwitch = "hibernate";
};
# Keychron Q11 libinput.mouse = {
services.udev.extraRules = '' accelProfile = "custom";
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="01e0", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" accelPointsMotion = [
''; 0.0
2.0e-2
4.0e-2
6.0e-2
8.0e-2
0.1
0.12
0.14
0.16
0.18
0.2
0.2525
0.31
0.3725
0.44
0.5125
0.59
0.6725
0.76
0.8525
0.95
1.155
1.37
1.595
1.83
2.075
2.33
2.595
2.87
3.155
3.45
3.755
4.07
4.395
4.73
5.075
5.43
5.795
6.17
6.555
6.95
7.355
7.77
8.195
8.63
9.075
9.53
9.995
10.47
10.955
11.45
11.95
];
accelStepMotion = 5.0e-2;
};
# Bootloader. redshift = {
boot.loader.systemd-boot.enable = true; executable = "/bin/redshift-gtk";
boot.loader.efi.canTouchEfiVariables = true; enable = true;
temperature = {
night = 2800;
day = 6500;
};
brightness = {
night = "0.5";
day = "1";
};
};
devmon.enable = true;
gvfs.enable = true;
udisks2.enable = true;
};
location = {
latitude = 60.17;
longitude = 24.94;
};
# Swap + hibernate
swapDevices = [
{
device = "/var/lib/swapfile";
size = 16 * 1024;
}
];
boot.resumeDevice = "/dev/mapper/luks-f6e1979b-0dee-4ee9-8170-10490019854b";
boot.kernelParams = [ "resume_offset=44537856" ];
services.logind = {
lidSwitch = "hibernate";
};
# Keychron Q11
services.udev.extraRules = ''
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="01e0", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
'';
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
} }

10
machine-confs/nextcloud.nix
View file

@ -7,11 +7,11 @@
../nextcloud.nix ../nextcloud.nix
]; ];
# HARDWARE SPECIFIC # HARDWARE SPECIFIC
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
# Bootloader. # Bootloader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
} }

9
machine-confs/nixos-cpu.nix
View file

@ -9,11 +9,10 @@
../syncthing.nix ../syncthing.nix
]; ];
# HARDWARE SPECIFIC # HARDWARE SPECIFIC
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
} }

10
machine-confs/vaultwarden.nix
View file

@ -7,11 +7,11 @@
../vaultwarden.nix ../vaultwarden.nix
]; ];
# HARDWARE SPECIFIC # HARDWARE SPECIFIC
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
# Bootloader. # Bootloader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
} }

51
machine-confs/wg-rpi.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
SSID = "ENTER_SSID"; SSID = "ENTER_SSID";
SSIDpassword = "ENTER_PASSWORD"; SSIDpassword = "ENTER_PASSWORD";
@ -6,12 +11,15 @@ let
wg_interface = "end0"; wg_interface = "end0";
hostname = "netflix-huijaus"; hostname = "netflix-huijaus";
ddPassFile = "/root/wg-conf/ddPassFile"; ddPassFile = "/root/wg-conf/ddPassFile";
in { in
imports = [ {
../base.nix imports = [ ../base.nix ];
];
environment.systemPackages = with pkgs; [ git wireguard-tools qrencode ]; environment.systemPackages = with pkgs; [
git
wireguard-tools
qrencode
];
# enable NAT # enable NAT
networking.nat.enable = true; networking.nat.enable = true;
@ -33,15 +41,14 @@ in {
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = '' postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE
''; '';
# This undoes the above command # This undoes the above command
postShutdown = '' postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${wg_interface} -j MASQUERADE
''; '';
# Path to the private key file. # Path to the private key file.
# #
# Note: The private key can also be included inline via the privateKey option, # Note: The private key can also be included inline via the privateKey option,
@ -50,27 +57,33 @@ in {
privateKeyFile = "/root/wg-conf/private"; privateKeyFile = "/root/wg-conf/private";
peers = [ peers = [
{ # Vili Android {
# Vili Android
publicKey = "niKpC3+Pi4HrYITlzROzqRcxzfzRw1rjpxeJVOr/WAw="; publicKey = "niKpC3+Pi4HrYITlzROzqRcxzfzRw1rjpxeJVOr/WAw=";
allowedIPs = [ "10.100.0.2/32" ]; allowedIPs = [ "10.100.0.2/32" ];
} }
{ # Miika Puhelin {
# Miika Puhelin
publicKey = "mcOs94W9jqn3SGgc8uWbnmUv0tja/P6tAvaCg3WYKlY="; publicKey = "mcOs94W9jqn3SGgc8uWbnmUv0tja/P6tAvaCg3WYKlY=";
allowedIPs = [ "10.100.0.3/32" ]; allowedIPs = [ "10.100.0.3/32" ];
} }
{ # Miika Kone {
# Miika Kone
publicKey = "7m7wnwNlmxZfUNvUOYNh4mTNbOsig7z2K/svUhDHFDY="; publicKey = "7m7wnwNlmxZfUNvUOYNh4mTNbOsig7z2K/svUhDHFDY=";
allowedIPs = [ "10.100.0.4/32" ]; allowedIPs = [ "10.100.0.4/32" ];
} }
{ # Silja Puhelin {
# Silja Puhelin
publicKey = "f6wWd6KD63xwnKkre/ZgZxPJv9GfAXK9Zx/EQEq8cik="; publicKey = "f6wWd6KD63xwnKkre/ZgZxPJv9GfAXK9Zx/EQEq8cik=";
allowedIPs = [ "10.100.0.5/32" ]; allowedIPs = [ "10.100.0.5/32" ];
} }
{ # Silja Kone {
# Silja Kone
publicKey = "t9cmHc6/+0njdzsTFnnhEGKfhCa2VXFrTH9hF1jOCXw="; publicKey = "t9cmHc6/+0njdzsTFnnhEGKfhCa2VXFrTH9hF1jOCXw=";
allowedIPs = [ "10.100.0.6/32" ]; allowedIPs = [ "10.100.0.6/32" ];
} }
{ # Vili helium {
# Vili helium
publicKey = "iGO375NT9EK5LH+E9vjPRRJp+UM4rZ2d1RMVR3f5R0c="; publicKey = "iGO375NT9EK5LH+E9vjPRRJp+UM4rZ2d1RMVR3f5R0c=";
allowedIPs = [ "10.100.0.7/32" ]; allowedIPs = [ "10.100.0.7/32" ];
} }
@ -86,11 +99,15 @@ in {
username = "VSinerva"; username = "VSinerva";
passwordFile = ddPassFile; passwordFile = ddPassFile;
}; };
#################### EVERYTHING BELOW THIS SHOULD NOT NEED TO CHANGE #################### #################### EVERYTHING BELOW THIS SHOULD NOT NEED TO CHANGE ####################
boot = { boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_rpi4; kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; initrd.availableKernelModules = [
"xhci_pci"
"usbhid"
"usb_storage"
];
loader = { loader = {
grub.enable = false; grub.enable = false;
generic-extlinux-compatible.enable = true; generic-extlinux-compatible.enable = true;

29
nextcloud.nix
View file

@ -1,7 +1,10 @@
# Nextcloud instance # Nextcloud instance
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [ 443 ]; networking.firewall.allowedUDPPorts = [ 443 ];
services.nextcloud = { services.nextcloud = {
@ -19,17 +22,17 @@
}; };
}; };
services.nginx.virtualHosts = services.nginx.virtualHosts = {
{ ${config.services.nextcloud.hostName} = {
${config.services.nextcloud.hostName} = { forceSSL = true;
forceSSL = true; kTLS = true;
kTLS = true; sslCertificate = "/var/lib/nextcloud/nextcloud_fullchain.pem";
sslCertificate = "/var/lib/nextcloud/nextcloud_fullchain.pem"; sslCertificateKey = "/var/lib/nextcloud/nextcloud_privkey.pem";
sslCertificateKey = "/var/lib/nextcloud/nextcloud_privkey.pem"; locations = {
locations = { "/".proxyWebsockets = true;
"/".proxyWebsockets = true; "~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)" =
"~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/)" = {}; { };
};
}; };
}; };
} };
}

35
syncthing.nix
View file

@ -25,7 +25,10 @@
folders = folders =
let let
default = { default = {
devices = [ "helium" "nixos-cpu" ]; devices = [
"helium"
"nixos-cpu"
];
versioning = { versioning = {
type = "trashcan"; type = "trashcan";
params.cleanoutDays = "30"; params.cleanoutDays = "30";
@ -34,7 +37,13 @@
}; };
in in
{ {
"~/Documents" = default // { devices = [ "helium" "nixos-cpu" "phone" ]; } ; "~/Documents" = default // {
devices = [
"helium"
"nixos-cpu"
"phone"
];
};
"~/Downloads" = default; "~/Downloads" = default;
"~/Music" = default; "~/Music" = default;
"~/Pictures" = default; "~/Pictures" = default;
@ -44,16 +53,16 @@
"~/Zotero" = default; "~/Zotero" = default;
}; };
options = { options = {
urAccepted = -1; urAccepted = -1;
localAnnounceEnabled = false; localAnnounceEnabled = false;
globalAnnounceEnabled = false; globalAnnounceEnabled = false;
natEnabled = false; natEnabled = false;
relaysEnabled = false; relaysEnabled = false;
};
}; };
#TCP/UDP 22000 for transfers and UDP 21027 for discovery
openDefaultPorts = true;
}; };
}
#TCP/UDP 22000 for transfers and UDP 21027 for discovery
openDefaultPorts = true;
};
}

5
vaultwarden.nix
View file

@ -1,7 +1,10 @@
# Nextcloud instance # Nextcloud instance
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [ 443 ]; networking.firewall.allowedUDPPorts = [ 443 ];
services = { services = {

10
vili.nix
View file

@ -6,8 +6,14 @@
home = "/home/vili"; home = "/home/vili";
description = "Vili Sinervä"; description = "Vili Sinervä";
uid = 1000; uid = 1000;
extraGroups = [ "wheel" "networkmanager" "audio" ]; extraGroups = [
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium" ]; "wheel"
"networkmanager"
"audio"
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbGREoK1uVny1s8FK3KZ74Wmaf0VtifhqPyK69C/Gez vili@helium"
];
hashedPasswordFile = "/home/vili/.hashedPasswordFile"; hashedPasswordFile = "/home/vili/.hashedPasswordFile";
}; };