jalr/nixos-configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: jalr:main
Branches Tags
jalr:main
jalr:25.11
jalr:vm
jalr:kauma
jalr:24.05
jalr:rotate-gpg-key
jalr:snapserver
jalr:hass
jalr:weinturm-pretix-23.11
jalr:aluminium-23.05
jalr:23.11
jalr:dynamic-colors
jalr:artwork
jalr:rmfakecloud
jalr:asterisk-test
jalr:waybar
jalr:mitel
jalr:lightburn
jalr:injury
jalr:pretix-test-vm
...
pull from: jalr:24.05
Branches Tags
jalr:25.11
jalr:main
jalr:vm
jalr:kauma
jalr:24.05
jalr:rotate-gpg-key
jalr:snapserver
jalr:hass
jalr:weinturm-pretix-23.11
jalr:aluminium-23.05
jalr:23.11
jalr:dynamic-colors
jalr:artwork
jalr:rmfakecloud
jalr:asterisk-test
jalr:waybar
jalr:mitel
jalr:lightburn
jalr:injury
jalr:pretix-test-vm
Sign in to create a new pull request.

47 commits
main ... 24.05

Author SHA1 Message Date
Jakob Lechner
f95a384b0f Hide back & forward buttons 2024-05-30 01:26:19 +02:00
Jakob Lechner
24a054658c Add tweaks for loction bar 2024-05-30 01:26:08 +02:00
Jakob Lechner
7691359d01 Add policies 2024-05-30 01:23:34 +02:00
Jakob Lechner
0c0d74e474 Change formatting 2024-05-29 22:03:43 +02:00
Jakob Lechner
0101d1de02 Use dnscrypt-proxy2 as resolver 2024-05-29 21:59:26 +02:00
Jakob Lechner
22a340791b Add networking module 2024-05-29 02:05:53 +02:00
Jakob Lechner
2297ab72b6 Move nix-index 2024-05-29 02:05:53 +02:00
Jakob Lechner
a3cad64c9b Use option to configure diff-so-fancy 2024-05-29 02:05:53 +02:00
Jakob Lechner
4944b21be7 Start in insert mode when editing fish commandline 2024-05-29 02:05:53 +02:00
Jakob Lechner
2f57a1c210 Use abbr instead of aliases 2024-05-29 02:05:53 +02:00
Jakob Lechner
e3f2cd6223 Fix autosuggestion color 2024-05-29 02:05:53 +02:00
Jakob Lechner
6ac638e03d Move functions to attrset 2024-05-29 02:05:53 +02:00
Jakob Lechner
2f0296541f Update theme-agnoster 2024-05-29 02:05:53 +02:00
Jakob Lechner
5c79abd8ab Add htop config 2024-05-29 02:05:53 +02:00
Jakob Lechner
26b6cd13cb Add upgrade-diff 2024-05-29 02:05:52 +02:00
Jakob Lechner
bce101e23f Allow only system-level authorized_keys 2024-05-29 02:05:52 +02:00
Jakob Lechner
0f053083da Add jalr's ssh keys to root's authorized keys 2024-05-29 02:05:52 +02:00
Jakob Lechner
1d41915773 Harden OpenSSH service 2024-05-29 02:05:52 +02:00
Jakob Lechner
36b2aa044f Add useful nix settings 2024-05-29 02:05:52 +02:00
Jakob Lechner
15576bc7a0 Add luks-pass command 2024-05-29 02:05:52 +02:00
Jakob Lechner
10dd7b937c Fix indentation 2024-05-29 02:05:52 +02:00
Jakob Lechner
85aac15f3d Remove Claws Mail 2024-05-29 02:05:52 +02:00
Jakob Lechner
7bf2959a8a Fix app_service_config and RuntimeDirectory 
As the nixos module now already sets a RuntimeDirectory, I had to move
stuff around and use some `lib.mkForce`.
 2024-05-29 02:05:52 +02:00
Jakob Lechner
94eff34531 Fix sieve configuration after update to 24.05 2024-05-29 02:05:52 +02:00
Jakob Lechner
6dd2f190aa Rename sieve option 
The option `services.dovecot2.sieveScripts` has been renamed to
`services.dovecot2.sieve.scripts`
 2024-05-29 02:05:52 +02:00
Jakob Lechner
3dadeab68d Fix typo 2024-05-29 02:05:52 +02:00
Jakob Lechner
47d27e6447 Add --rebase to gpll abbrev 2024-05-29 02:05:52 +02:00
Jakob Lechner
5a5a5c7606 Add --no-edit to gam abbrev 2024-05-29 02:05:52 +02:00
Jakob Lechner
e50cc7ae6a Fix removing failed commands from history 2024-05-29 02:05:52 +02:00
Jakob Lechner
e00ea6b65d Fix bug: pasting user does not work 2024-05-29 02:05:52 +02:00
Jakob Lechner
5ec90e37eb Enable zram 2024-05-29 02:05:52 +02:00
Jakob Lechner
1841031fbc Change home-manager structure 
After I quit Tradebyte, I'm now only having a single user account. It
makes sense to restructure the home-manager configuration.
 2024-05-29 02:05:52 +02:00
Jakob Lechner
f01b29db83 Add FabLab mailbox 2024-05-29 01:55:11 +02:00
Jakob Lechner
d0eb22d0ca Add Digitaler Dienst info mailbox 2024-05-29 01:55:11 +02:00
Jakob Lechner
241d57a8f3 Disable chat 2024-05-29 01:55:11 +02:00
Jakob Lechner
0d74681f15 Enable networkmanager for GUI systems 2024-05-29 01:55:11 +02:00
Jakob Lechner
63d1a68672 Add Element profiles 2024-05-29 01:55:11 +02:00
Jakob Lechner
9fd3c86cbb Rename script 2024-05-29 01:55:11 +02:00
Jakob Lechner
86310832c1 Update ssh key 2024-05-29 01:55:11 +02:00
Jakob Lechner
77cc4dde51 Add host copper 2024-05-29 01:55:11 +02:00
Jakob Lechner
bbef1c0369 Fix workaround to hide the titlebar 2024-05-29 01:55:11 +02:00
Jakob Lechner
8de235f889 Remove alacritty-sway-cwd attempt 
This was an attempt to start new instances of Alacritty in the same
working directory as the focused instance.
A working implementation is now part of the sway module.
 2024-05-29 01:55:11 +02:00
Jakob Lechner
5ffa7b9850 Fix deprecation 2024-05-29 01:55:11 +02:00
Jakob Lechner
8d7827a702 Use TOML format for Alacritty configuration 2024-05-29 01:55:11 +02:00
Jakob Lechner
2544ea2570 Fix pinentry deprecations 2024-05-29 01:55:11 +02:00
Jakob Lechner
8b308ba634 Remove deprecated use of lib.mdDoc 2024-05-29 01:55:11 +02:00
Jakob Lechner
eebbc3d2a3 Use official pretix module 2024-05-29 01:55:11 +02:00
102 changed files with 1002 additions and 4068 deletions
Download patch file Download diff file Expand all files Collapse all files

6
home-manager/modules/claws-mail.nix
View file

@ -1,6 +0,0 @@
{ nixosConfig, lib, pkgs, ... }:
lib.mkIf nixosConfig.jalr.gui.enable {
home.packages = with pkgs; [
claws-mail
];
}

23
home-manager/modules/cli.nix
View file

@ -1,23 +0,0 @@
{ nixosConfig, lib, pkgs, ... }:
{
home.packages = with pkgs; [
cached-nix-shell
eza
file
htop
inetutils
jq
lsof
ncdu
ripgrep
unzip
] ++ (if ! nixosConfig.jalr.workstation.enable then [ ] else [
direnv
dnsutils
screen
speedtest-cli
usbutils
wget
yt-dlp
]);
}

7
home-manager/modules/communication/element-desktop.nix
View file

@ -1,7 +0,0 @@
{ nixosConfig, lib, pkgs, ... }:
lib.mkIf nixosConfig.jalr.gui.enable {
home.packages = with pkgs; [
element-desktop
];
}

103
home-manager/modules/firefox/default.nix
View file

@ -1,103 +0,0 @@
{ nixosConfig, pkgs, ... }:
{
programs.firefox = {
enable = nixosConfig.jalr.gui.enable;
package = pkgs.firefox-esr;
profiles = {
default = {
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
darkreader
tree-style-tab
ublock-origin
umatrix
violentmonkey
];
settings = {
#"browser.startup.homepage" = "https://nixos.org";
#"browser.search.region" = "GB";
#"browser.search.isUS" = false;
#"distribution.searchplugins.defaultLocale" = "en-GB";
#"general.useragent.locale" = "en-GB";
#"browser.bookmarks.showMobileBookmarks" = true;
"app.normandy.enabled" = false;
"app.shield.optoutstudies.enabled" = false;
"app.update.auto" = false;
"browser.ctrlTab.sortByRecentlyUsed" = true;
"browser.fixup.alternate.enabled" = false;
"browser.formfill.enable" = false;
"browser.link.open_newwindow.restriction" = 0;
"browser.newtabpage.enabled" = false;
"browser.ping-centre.telemetry" = false;
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.downloads.remote.block_dangerous" = false;
"browser.safebrowsing.downloads.remote.block_dangerous_host" = false;
"browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.downloads.remote.block_uncommon" = false;
"browser.safebrowsing.downloads.remote.enabled" = false;
"browser.safebrowsing.downloads.remote.url" = "";
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.provider.google.advisoryURL" = "";
"browser.safebrowsing.provider.google.gethashURL" = "";
"browser.safebrowsing.provider.google.lists" = "";
"browser.safebrowsing.provider.google.reportMalwareMistakeURL" = "";
"browser.safebrowsing.provider.google.reportPhishMistakeURL" = "";
"browser.safebrowsing.provider.google.reportURL" = "";
"browser.safebrowsing.provider.google.updateURL" = "";
"browser.safebrowsing.provider.google4.advisoryURL" = "";
"browser.safebrowsing.provider.google4.dataSharingURL" = "";
"browser.safebrowsing.provider.google4.gethashURL" = "";
"browser.safebrowsing.provider.google4.lists" = "";
"browser.safebrowsing.provider.google4.reportMalwareMistakeURL" = "";
"browser.safebrowsing.provider.google4.reportPhishMistakeURL" = "";
"browser.safebrowsing.provider.google4.reportURL" = "";
"browser.safebrowsing.provider.google4.updateURL" = "";
"browser.safebrowsing.provider.mozilla.gethashURL" = "";
"browser.safebrowsing.provider.mozilla.lists" = "";
"browser.safebrowsing.provider.mozilla.updateURL" = "";
"browser.search.suggest.enabled" = false;
"browser.search.widget.inNavBar" = true;
"browser.startup.page" = 0;
"extensions.pocket.enabled" = false;
"extensions.update.enabled" = false;
"identity.fxaccounts.enabled" = false;
"keyword.enabled" = false;
"network.captive-portal-service.enabled" = false;
"network.predictor.enabled" = false;
"privacy.donottrackheader.enabled" = true;
"startup.homepage_welcome_url" = about:blank;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.server" = http://127.0.0.1:4711;
"toolkit.telemetry.server_owner" = "";
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.updatePing.enabled" = false;
"urlclassifier.downloadAllowTable" = "";
"urlclassifier.downloadBlockTable" = "";
"urlclassifier.malwareTable" = "";
"urlclassifier.phishTable" = "";
"datareporting.healthreport.uploadEnabled" = "";
"app.normandy.api_url" = "";
"breakpad.reportURL" = "";
"browser.region.network.url" = "";
"browser.search.geoSpecificDefaults.url" = "";
"browser.shell.checkDefaultBrowser" = false;
"privacy.userContext.enabled" = true;
"privacy.userContext.ui.enabled" = true;
"network.dnsCacheExpiration" = 0;
# disable disk cache to reduce ssd writes
"browser.cache.disk.enable" = false;
"browser.cache.memory.enable" = true;
"browser.cache.memory.capacity" = -1;
};
userChrome = builtins.readFile ./userChrome.css;
};
};
};
}

28
home-manager/users/default.nix
View file

@ -1,28 +0,0 @@
{ lib, ... }:
{
options.jalr = {
git = {
user = {
name = lib.mkOption {
type = lib.types.str;
description = "name to use for git commits";
};
email = lib.mkOption {
type = lib.types.str;
description = "email to use for git commits";
};
};
signByDefault = lib.mkEnableOption "GPG sign commits per default";
};
gpg.defaultKey = lib.mkOption {
type = lib.types.str;
description = "default gpg key id";
};
terminalEmulator = lib.mkOption {
type = lib.types.str;
description = "default Terminal emulator name";
default = "alacritty";
};
};
}

2
hosts/aluminium/configuration.nix
View file

@ -7,7 +7,7 @@ in
{
imports = [
./hardware-configuration.nix
../../home-manager/users/jalr.nix
../../users/jalr
./services
];

5
hosts/cadmium/configuration.nix
View file

@ -3,14 +3,11 @@
{
imports = [
./hardware-configuration.nix
../../home-manager/users/jalr.nix
../../users/jalr
];
networking = {
hostName = "cadmium";
networkmanager = {
enable = true;
};
useDHCP = false;
firewall = {

34
hosts/copper/configuration.nix Normal file
View file

@ -0,0 +1,34 @@
{
imports = [
./hardware-configuration.nix
../../users/jalr
];
networking = {
hostName = "copper";
};
zramSwap = {
enable = true;
algorithm = "zstd";
memoryPercent = 60;
priority = 1;
};
jalr = {
bootloader = "systemd-boot";
bluetooth.enable = true;
uefi.enable = true;
gui.enable = true;
workstation.enable = true;
sdr.enable = true;
libvirt.enable = true;
autologin = {
enable = true;
username = "jalr";
};
};
system.stateVersion = "24.05";
}

43
hosts/copper/hardware-configuration.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
luks.devices."copper-crypt".device = "/dev/disk/by-uuid/0687579d-83e3-4a0c-a63a-3d8566456924";
};
fileSystems =
let
bootDev = "/dev/disk/by-uuid/FF86-D9B6";
btrfsDev = "/dev/disk/by-uuid/16109d28-7ba1-403e-9bb3-3a8da8838c1f";
in
{
"/" = {
device = btrfsDev;
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
"/home" = {
device = btrfsDev;
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" "nodev" "nosuid" ];
};
"/nix" = {
device = btrfsDev;
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" "nodev" ];
};
"/boot" = {
device = bootDev;
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" "nodev" "nosuid" "noexec" ];
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

4
hosts/default.nix
View file

@ -27,4 +27,8 @@
system = "x86_64-linux";
targetHost = "tin.lan.bw.jalr.de";
};
copper = {
system = "x86_64-linux";
targetHost = "copper.lan.bw.jalr.de";
};
}

2
hosts/iron/configuration.nix
View file

@ -33,7 +33,7 @@ let
in
with lib; {
imports = [
../../home-manager/users/jalr.nix
../../users/jalr
./services
];
config = {

3
hosts/jalr-t520/configuration.nix
View file

@ -3,12 +3,11 @@
{
imports = [
./hardware-configuration.nix
../../home-manager/users/jalr.nix
../../users/jalr
];
networking = {
hostName = "jalr-t520";
networkmanager.enable = true;
useDHCP = false;
};

2
hosts/magnesium/configuration.nix
View file

@ -3,7 +3,7 @@
{
imports = [
./hardware-configuration.nix
../../home-manager/users/jalr.nix
../../users/jalr
./services
];

3
hosts/tin/configuration.nix
View file

@ -7,12 +7,11 @@
{
imports = [
./hardware-configuration.nix
../../home-manager/users/jalr.nix
../../users/jalr
];
networking = {
hostName = "tin";
networkmanager.enable = true;
useDHCP = false;
};

2
hosts/weinturm-pretix-prod/configuration.nix
View file

@ -1,7 +1,7 @@
{ ... }: {
imports = [
./hardware-configuration.nix
../../home-manager/users/jalr.nix
../../users/jalr
./services
];

87
hosts/weinturm-pretix-prod/services/pretix.nix
View file

@ -1,12 +1,8 @@
args@{ config, lib, pkgs, custom-utils, ... }:
let
cfg = config.services.pretix;
ports = import ../ports.nix args;
in
{
services.pretix = {
enable = true;
instanceName = "Digitaler Dienst GmbH";
domain = "tickets.weinturm-open-air.de";
extraDomains = [
"tickets.weinturm.jalr.de"
@ -14,30 +10,73 @@ in
"oel.wasted-openair.de"
"tickets.buendnis-gegen-rechts-nea.de"
];
enableTls = true;
enableRegistration = false;
passwordReset = true;
locale = "de";
timezone = "Europe/Berlin";
secretsFile = ../secrets.yaml;
banktool = {
enable = true;
days = 14;
};
mail = {
enable = true;
from = "no-reply@tickets.weinturm-open-air.de";
admins = [
"mail@jalr.de"
"pretix@digitaler-dienst.gmbh"
];
};
gunicornWorkers = 4;
secretsFile = ../secrets.yaml;
in
{
sops.secrets = {
pretix-cfg = {
sopsFile = secretsFile;
};
pretix-banktool-cfg = {
sopsFile = secretsFile;
};
};
services.nginx = {
services.pretix = {
enable = true;
settings = {
instance_name = "Digitaler Dienst GmbH";
pretix = {
url = "https://${domain}";
registration = false;
password_reset = true;
};
locale = {
default = "de";
timezone = "Europe/Berlin";
};
mail = {
from = "no-reply@tickets.weinturm-open-air.de";
};
};
nginx = {
enable = true;
inherit domain;
};
gunicorn = {
extraArgs = [
"--workers=${toString gunicornWorkers}"
];
};
};
services.pretix-banktool = {
enable = true;
days = 14;
secretsFile = config.sops.secrets.pretix-banktool-cfg.path;
};
services.nginx = lib.mkIf cfg.nginx.enable {
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
${cfg.nginx.domain} = {
extraConfig = ''
add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains; preload\" always;
more_set_headers Referrer-Policy same-origin;
more_set_headers X-Content-Type-Options nosniff;
'';
};
} // lib.listToAttrs (map
(d: {
name = d;
value = config.services.nginx.virtualHosts.${cfg.nginx.domain};
})
extraDomains
);
};
jalr.mailserver = {

10
justfile
View file

@ -1,3 +1,5 @@
usb_ram_disk := "/dev/disk/by-id/usb-jalr_RAM_Mass_Storage_DE6270431F6F342C-0:0"
boot:
nixos-rebuild boot --flake . --use-remote-sudo
which fwupdmgr >/dev/null 2>&1 && fwupdmgr update || true
@ -22,3 +24,11 @@ repl:
pkgs = flake.inputs.nixpkgs.legacyPackages."\${builtins.currentSystem}"; \
} \
"
luks-pass host:
@if [ -b "{{usb_ram_disk}}" ]; then \
gpg -d hosts/{{host}}/luks-passfile.gpg | sudo dd of={{usb_ram_disk}}; \
else \
echo "{{usb_ram_disk}} is not a block device" >&2; \
fi

6
modules/default.nix
View file

@ -21,7 +21,7 @@
./bluetooth.nix
./bootloader
./dji-goggles.nix
./dnsmasq.nix
./dns.nix
./fish.nix
./fonts.nix
./gnome.nix
@ -33,7 +33,7 @@
./mailserver
./matrix
./mute-indicator.nix
./network-manager.nix
./networking
./nix.nix
./obs.nix
./pipewire.nix
@ -45,10 +45,10 @@
./sshd.nix
./sudo.nix
./sway.nix
./tor.nix
./udmx.nix
./uefi.nix
./unfree.nix
./upgrade-diff.nix
./wireshark.nix
./yubikey-gpg.nix
];

19
modules/dnsmasq.nix → modules/dns.nix
View file

@ -1,7 +1,24 @@
{ lib, config, ... }:
let
dnscryptListenAddress = "127.0.0.1";
dnscryptListenPort = 9053;
in
{
config = lib.mkIf config.jalr.workstation.enable {
services.dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
require_nolog = true;
require_nofilter = true;
dnscrypt_ephemeral_keys = true;
tls_disable_session_tickets = true;
listen_addresses = [ "${dnscryptListenAddress}:${toString dnscryptListenPort}" ];
anonymized_dns.skip_incompatible = true;
};
};
services.dnsmasq = {
enable = true;
resolveLocalQueries = true;
@ -12,7 +29,7 @@
"/lan.bw.jalr.de/192.168.42.1"
"/lechner.zz/192.168.0.1"
"/login.wifionice.de/172.18.0.1"
"127.0.0.1#9053"
"${dnscryptListenAddress}#${toString dnscryptListenPort}"
];
no-resolv = true;
interface = "lo";

16
modules/mailserver/dovecot.nix
View file

@ -33,7 +33,16 @@ lib.mkIf cfg.enable {
Spam = { specialUse = "Junk"; auto = "subscribe"; };
};
sieveScripts = {
sieve = {
globalExtensions = [
"fileinto"
"vnd.dovecot.pipe"
];
plugins = [
"sieve_imapsieve"
"sieve_extprograms"
];
scripts = {
before = pkgs.writeText "spam.sieve" ''
require "fileinto";
@ -42,6 +51,7 @@ lib.mkIf cfg.enable {
}
'';
};
};
extraConfig = ''
# generated 2021-02-04, Mozilla Guideline v5.6, Dovecot 2.3.13, OpenSSL 1.1.1i, intermediate configuration
@ -100,8 +110,6 @@ lib.mkIf cfg.enable {
lda_mailbox_autocreate = yes
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
${lib.optionalString cfg.spam.enable ''
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY
@ -113,8 +121,6 @@ lib.mkIf cfg.enable {
imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/learn-ham.sieve
sieve_pipe_bin_dir = ${pkgs.symlinkJoin { name = "sieve-pipe-bin-dir"; paths = with pkgs; [ rspamd ]; } }/bin
''}
sieve_global_extensions = +vnd.dovecot.pipe
}
'';
};

2
modules/matrix/default.nix
View file

@ -56,7 +56,7 @@ in
defaultText = literalExpression ''
optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit
'';
description = lib.mdDoc ''
description = ''
List of Systemd services to require and wait for when starting the application service.
'';
};

10
modules/matrix/synapse.nix
View file

@ -90,14 +90,18 @@ lib.mkIf cfg.enable {
)
cfg.synapse.app_service_config;
serviceConfig = {
RuntimeDirectory = "matrix-synapse/app_service_config";
RuntimeDirectory = lib.mkForce [
"matrix-synapse"
"matrix-synapse/app_service_config"
];
RuntimeDirectoryPreserve = lib.mkForce false;
ExecStartPre = lib.attrsets.mapAttrsToList
(name: value:
let
script = pkgs.writeShellScript "app_service_config-${name}"
''
cp "${value}" "$RUNTIME_DIRECTORY/${name}.yaml"
chown matrix-synapse: "$RUNTIME_DIRECTORY/${name}.yaml"
cp "${value}" "/run/matrix-synapse/app_service_config/${name}.yaml"
chown matrix-synapse: "/run/matrix-synapse/app_service_config/${name}.yaml"
'';
in
"+${script}"

11
modules/networking/default.nix Normal file
View file

@ -0,0 +1,11 @@
{ lib
, ...
}:
{
imports = [
./network-manager.nix
];
networking.firewall.logRefusedConnections = lib.mkDefault false;
}

2
modules/network-manager.nix → modules/networking/network-manager.nix
View file

@ -5,4 +5,6 @@ lib.mkIf config.jalr.gui.enable {
enable = true;
indicator = true;
};
networking.networkmanager.enable = true;
}

18
modules/nix.nix
View file

@ -2,11 +2,6 @@
{
nix = {
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
daemonCPUSchedPolicy = "idle";
daemonIOSchedClass = "idle";
daemonIOSchedPriority = 7;
@ -16,12 +11,25 @@
];
settings = {
experimental-features = [
"nix-command"
"flakes"
"repl-flake"
];
trusted-users = [ "@wheel" ];
auto-optimise-store = true;
allowed-users = [ "@wheel" ];
log-lines = lib.mkDefault 25;
# Avoid disk full issues
max-free = lib.mkDefault (3000 * 1024 * 1024);
min-free = lib.mkDefault (512 * 1024 * 10);
};
};
systemd.services.nix-daemon.serviceConfig.OOMScoreAdjust = 250;
nixpkgs.overlays = with inputs; [
self.overlays.default
(final: prev: {

21
modules/sshd.nix
View file

@ -1,6 +1,25 @@
{ lib
, ...
}:
{
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings = {
KbdInteractiveAuthentication = false;
# Use key exchange algorithms recommended by `nixpkgs#ssh-audit`
KexAlgorithms = [
"curve25519-sha256"
"curve25519-sha256@libssh.org"
"diffie-hellman-group16-sha512"
"diffie-hellman-group18-sha512"
"sntrup761x25519-sha512@openssh.com"
];
PasswordAuthentication = false;
StreamLocalBindUnlink = true; # unbind gnupg sockets if they exists
UseDns = false;
X11Forwarding = false;
};
authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
};
}

17
modules/tor.nix
View file

@ -1,17 +0,0 @@
{ lib, config, ... }:
{
config = lib.mkIf config.jalr.workstation.enable {
services.tor = {
enable = true;
settings = {
DNSPort = 9053;
AutomapHostsOnResolve = true;
AutomapHostsSuffixes = [
".exit"
".onion"
];
};
};
};
}

14
modules/upgrade-diff.nix Normal file
View file

@ -0,0 +1,14 @@
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
{ config, pkgs, ... }:
{
system.activationScripts.diff = {
supportsDryActivation = true;
text = ''
if [[ -e /run/current-system ]]; then
echo "--- diff to current-system"
${pkgs.nvd}/bin/nvd --nix-bin-dir=${config.nix.package}/bin diff /run/current-system "$systemConfig"
echo "---"
fi
'';
};
}

2
modules/yubikey-gpg.nix
View file

@ -7,7 +7,7 @@
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = if config.jalr.gui.enable then "gnome3" else "tty";
pinentryPackage = with pkgs; if config.jalr.gui.enable then pinentry-gnome3 else pinentry-tty;
};
};

2
pkgs/contact-page/src/itsmine → pkgs/contact-page/src/p0wn
View file

@ -8,5 +8,5 @@ while read type key comment
do
grep -F "$comment" ~/.ssh/authorized_keys || echo "$type $key $comment" >> ~/.ssh/authorized_keys
done << EOF
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2x+uWFR4z9MzwZnlFMgJrFXxpruZ58WukKyWrCjURj cardno:000616522763
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3l+Yixrsjhze20CSjvUK4Qj/BNqbTNitgk20vuzPej cardno:25_750_479
EOF

6
pkgs/default.nix
View file

@ -17,11 +17,7 @@ in
myintercom-doorbell = callPackage ./myintercom-doorbell {
inherit poetry2nix;
};
pretix = callPackage ./pretix/pretix.nix {
inherit poetry2nix;
};
pretix-banktool = callPackage ./pretix/pretix-banktool.nix { };
pretix-static = callPackage ./pretix/pretix-static.nix { };
pretix-banktool = callPackage ./pretix-banktool { };
tabbed-box-maker = callPackage ./tabbed-box-maker { };
vesc-firmware = callPackage ./vesc-tool/firmware.nix { };
vesc-tool = callPackage ./vesc-tool/tool.nix { };

2
pkgs/modules.nix
View file

@ -4,6 +4,6 @@
imports = [
./asterisk-sounds-de/module.nix
./myintercom-doorbell/module.nix
./pretix/module.nix
./pretix-banktool/module.nix
];
}

2
pkgs/pretix/pretix-banktool.nix → pkgs/pretix-banktool/default.nix
View file

@ -11,7 +11,7 @@ python3Packages.buildPythonApplication rec {
};
patches = [
./pretix-banktool-requirements.patch
./requirements.patch
];
buildInputs = with python3Packages; [

60
pkgs/pretix-banktool/module.nix Normal file
View file

@ -0,0 +1,60 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.pretix;
mkTimer = { description, unit, onCalendar }: {
inherit description;
requires = [ "pretix-migrate.service" ];
after = [ "network.target" ];
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = true;
OnCalendar = onCalendar;
Unit = unit;
};
};
in
{
options.services.pretix-banktool = with lib; with lib.types; {
enable = mkEnableOption "Enable tool to query bank account and sync transaction data to pretix server.";
days = mkOption {
type = types.int;
description = "The timeframe of transaction to fetch from the bank in days.";
};
secretsFile = mkOption {
type = types.path;
description = ''
Path of file containing secrets for pretix banktool.
'';
};
};
config = {
systemd.services.pretix-banktool = lib.mkIf cfg.enable {
description = "Tool to query bank account and sync transaction data to pretix server.";
serviceConfig = {
Type = "oneshot";
DynamicUser = true;
CapabilityBoundingSet = null;
PrivateUsers = true;
ProtectHome = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
SystemCallFilter = "@system-service";
LoadCredential = "config:${cfg.secretsFile}";
};
script = "${pkgs.pretix-banktool}/bin/pretix-banktool upload \"$CREDENTIALS_DIRECTORY/config\" --days=${toString cfg.days}";
};
systemd.timers.pretix-banktool = lib.mkIf cfg.enable {
description = "Run tool to query bank account and sync transaction data to pretix server.";
after = [ "network.target" ];
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = true;
OnCalendar = "*-*-* *:00:00";
Unit = "pretix-banktool.service";
};
};
};
}

0
pkgs/pretix/pretix-banktool-requirements.patch → pkgs/pretix-banktool/requirements.patch
View file

1
pkgs/pretix/.envrc
View file

@ -1 +0,0 @@
use nix

318
pkgs/pretix/module.nix
View file

@ -1,318 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.pretix;
name = "pretix";
user = "pretix";
group = "pretix";
bind = {
host = "127.0.0.1";
port = 8000;
};
postgresql = {
database = "pretix";
user = "pretix";
password = "pretix";
};
redisPort = 6379;
urlScheme = if cfg.enableTls then "https" else "http";
url = "${urlScheme}://${cfg.domain}";
toBool = x: if x then "on" else "off";
hstsHeader = if cfg.enableTls then "add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains; preload\" always;" else "";
pythonPackages = pkgs.pretix.passthru.pythonModule.passthru.pkgs;
python = pkgs.pretix.passthru.python;
runCommandArgs = {
# Sets PYTHONPATH in derivation
buildInputs = [
pkgs.pretix
pythonPackages.gunicorn
pythonPackages.celery
];
};
staticRoot = pkgs.pretix-static;
environmentFile = pkgs.runCommand "pretix-environ" runCommandArgs (''
cat > $out <<EOF
DATA_DIR = /var/pretix
DJANGO_SETTINGS_MODULE=pretix_wrapper.settings
PRETIX_CELERY_BACKEND=redis://127.0.0.1:${toString redisPort}/2
PRETIX_CELERY_BROKER=redis://127.0.0.1:${toString redisPort}/1
PRETIX_DATABASE_BACKEND=postgresql
PRETIX_DATABASE_HOST=localhost
PRETIX_DATABASE_NAME=${postgresql.database}
PRETIX_DATABASE_PASSWORD=${postgresql.password}
PRETIX_DATABASE_USER=${postgresql.user}
PRETIX_LOCALE_DEFAULT=${cfg.locale}
PRETIX_LOCALE_TIMEZONE=${cfg.timezone}
PRETIX_PRETIX_INSTANCE_NAME=${cfg.instanceName}
PRETIX_PRETIX_PASSWORD_RESET=${toBool cfg.passwordReset}
PRETIX_PRETIX_REGISTRATION=${toBool cfg.enableRegistration}
PRETIX_PRETIX_URL=${url}
PRETIX_REDIS_LOCATION=redis://127.0.0.1:${toString redisPort}/0
PRETIX_REDIS_SESSIONS=true
PRETIX_STATIC_ROOT=${staticRoot}
'' + (
if cfg.mail.enable then
''
PRETIX_MAIL_FROM=${toString cfg.mail.from}
PRETIX_MAIL_HOST="${cfg.mail.host}"
PRETIX_MAIL_PORT=${toString cfg.mail.port}
'' else ""
) +
''
PYTHONPATH=$PYTHONPATH
EOF
'');
mkTimer = { description, unit, onCalendar }: {
inherit description;
requires = [ "pretix-migrate.service" ];
after = [ "network.target" ];
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = true;
OnCalendar = onCalendar;
Unit = unit;
};
};
in
{
options.services.pretix = with lib; with lib.types; {
enable = mkEnableOption "Enable pretix ticket shop application";
instanceName = mkOption {
type = types.str;
description = "The name of this installation.";
};
domain = mkOption {
type = types.str;
description = "The installations main domain";
example = "pretix.example.net";
};
extraDomains = mkOption {
type = listOf str;
description = "A list of extra domains";
default = [ ];
};
enableTls = mkEnableOption "Whether to use TLS or not";
enableRegistration = mkEnableOption "Enables or disables the registration of new admin users.";
passwordReset = mkEnableOption "Enables or disables password reset.";
locale = mkOption {
type = types.str;
description = "The systems default locale.";
};
timezone = mkOption {
type = types.str;
description = "The systems default timezone as a pytz name.";
};
secretsFile = mkOption {
type = types.path;
description = "Path to the sops secrets file which stores pretix.cfg settings.";
};
gunicornWorkers = mkOption {
type = types.int;
description = "Number of gunicorn workers. Recommended is roughly two times the number of CPU cores available.";
default = 2;
};
mail = {
enable = mkEnableOption "Enables or disables emailing.";
from = mkOption {
type = types.str;
description = "The email address to set as From header in outgoing emails by the system.";
};
host = mkOption {
type = types.str;
description = "The SMTP Host to connect to.";
default = "localhost";
};
port = mkOption {
type = types.port;
description = "The SMTP Port to connect to.";
default = 25;
};
admins = mkOption {
type = listOf str;
description = ''
Comma-separated list of email addresses that should receive a report about every error code 500 thrown by pretix.
'';
default = [ ];
};
};
banktool = {
enable = mkEnableOption "Enable tool to query bank account and sync transaction data to pretix server.";
days = mkOption {
type = types.int;
description = "The timeframe of transaction to fetch from the bank in days.";
};
};
};
config = lib.mkIf cfg.enable {
sops.secrets.pretix-cfg = {
sopsFile = cfg.secretsFile;
};
sops.secrets.pretix-banktool-cfg = {
sopsFile = cfg.secretsFile;
};
users.users."${user}" = {
createHome = true;
description = "Pretix user";
home = "/var/pretix";
isNormalUser = false;
isSystemUser = true;
group = group;
};
users.groups."${group}" = { };
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = lib.listToAttrs (map
(d: {
name = d;
value = {
enableACME = cfg.enableTls;
forceSSL = cfg.enableTls;
kTLS = cfg.enableTls;
locations."/" = {
proxyPass = "http://${bind.host}:${toString bind.port}";
};
extraConfig = ''
${hstsHeader}
'';
};
})
([ cfg.domain ] ++ cfg.extraDomains)
);
};
services.postgresql = {
enable = true;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all ::1/128 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE ROLE ${postgresql.user} WITH LOGIN PASSWORD '${postgresql.password}' CREATEDB;
CREATE DATABASE ${postgresql.database};
GRANT ALL PRIVILEGES ON DATABASE ${postgresql.database} TO ${postgresql.user};
ALTER DATABASE ${postgresql.database} OWNER TO ${postgresql.user};
'';
};
services.redis.servers.pretix = {
enable = true;
port = redisPort;
databases = 3;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.services.pretix-migrate = {
description = "Pretix DB Migrations";
serviceConfig = {
Type = "oneshot";
EnvironmentFile = environmentFile;
User = user;
LoadCredential = "config:${config.sops.secrets.pretix-cfg.path}";
};
script = ''
export PRETIX_CONFIG_FILE="$CREDENTIALS_DIRECTORY/config"
${pkgs.pretix}/bin/pretix migrate
'';
};
systemd.services.pretix-web = {
description = "Pretix Web Service";
serviceConfig = {
Type = "simple";
Restart = "on-failure";
EnvironmentFile = environmentFile;
User = user;
LoadCredential = "config:${config.sops.secrets.pretix-cfg.path}";
ExecStart = pkgs.writeScript "webserver" ''
#!${pkgs.runtimeShell}
set -euo pipefail
export PRETIX_CONFIG_FILE="$CREDENTIALS_DIRECTORY/config"
exec ${pythonPackages.gunicorn}/bin/gunicorn pretix.wsgi --name ${name} \
--workers ${toString cfg.gunicornWorkers} \
--log-level=info \
--bind=${bind.host}:${toString bind.port}
'';
};
wantedBy = [ "multi-user.target" ];
requires = [ "pretix-migrate.service" ];
after = [ "network.target" ];
};
systemd.services.pretix-worker = {
description = "Pretix Celery (Worker) Service";
serviceConfig = {
Type = "simple";
Restart = "on-failure";
EnvironmentFile = environmentFile;
User = user;
LoadCredential = "config:${config.sops.secrets.pretix-cfg.path}";
ExecStart = pkgs.writeScript "worker" ''
#!${pkgs.runtimeShell}
set -euo pipefail
export PRETIX_CONFIG_FILE="$CREDENTIALS_DIRECTORY/config"
exec ${pythonPackages.celery}/bin/celery -A pretix.celery_app worker -l info
'';
};
wantedBy = [ "multi-user.target" ];
requires = [ "pretix-migrate.service" ];
after = [ "network.target" ];
};
systemd.services.pretix-runperiodic = {
description = "Pretix periodic tasks";
serviceConfig = {
Type = "oneshot";
EnvironmentFile = environmentFile;
User = user;
LoadCredential = "config:${config.sops.secrets.pretix-cfg.path}";
};
script = ''
export PRETIX_CONFIG_FILE="$CREDENTIALS_DIRECTORY/config"
${pkgs.pretix}/bin/pretix runperiodic
'';
};
# Once every 5 minutes
systemd.timers.pretix-runperiodic = mkTimer {
description = "Run pretix tasks";
unit = "pretix-runperiodic.service";
onCalendar = "*:0/5";
};
systemd.services.pretix-banktool = lib.mkIf cfg.banktool.enable {
description = "Tool to query bank account and sync transaction data to pretix server.";
serviceConfig = {
Type = "oneshot";
DynamicUser = true;
CapabilityBoundingSet = null;
PrivateUsers = true;
ProtectHome = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
RestrictNamespaces = true;
SystemCallFilter = "@system-service";
LoadCredential = "config:${config.sops.secrets.pretix-banktool-cfg.path}";
};
script = "${pkgs.pretix-banktool}/bin/pretix-banktool upload \"$CREDENTIALS_DIRECTORY/config\" --days=${toString cfg.banktool.days}";
};
systemd.timers.pretix-banktool = lib.mkIf cfg.banktool.enable {
description = "Run tool to query bank account and sync transaction data to pretix server.";
after = [ "network.target" ];
wantedBy = [ "timers.target" ];
timerConfig = {
Persistent = true;
OnCalendar = "*-*-* *:00:00";
Unit = "pretix-banktool.service";
};
};
};
}

3176
pkgs/pretix/poetry.lock generated
View file

File diff suppressed because it is too large Load diff

48
pkgs/pretix/pretix-static.nix
View file

@ -1,48 +0,0 @@
{ stdenvNoCC
, pretix
, buildNpmPackage
, makeWrapper
}:
let
nodeEnv = buildNpmPackage rec {
name = "pretix-nodejs";
src = "${pretix.passthru.pythonModule.pkgs.pretix}/lib/${pretix.python.libPrefix}/site-packages/pretix/static/npm_dir";
npmDepsHash = "sha256-2fHlEEmYzpF3SyvF7+FbwCt+zQVGF0/kslDFnJ+DQGE=";
dontNpmBuild = true;
installPhase = ''
mkdir -p $out
cp -r node_modules $out/
mkdir -p $out/bin
ln -s $out/node_modules/rollup/dist/bin/rollup $out/bin/rollup
'';
postFixup = ''
wrapProgram $out/bin/rollup --prefix NODE_PATH : $out
'';
nativeBuildInputs = [
makeWrapper
];
};
in
stdenvNoCC.mkDerivation {
name = "pretix-static";
src = ./.;
buildPhase = ''
mkdir $out
export PRETIX_STATIC_ROOT=$out
export DJANGO_SETTINGS_MODULE=pretix_wrapper.settings
${pretix}/bin/pretix collectstatic --noinput
mkdir -p $PRETIX_STATIC_ROOT/node_prefix
ln -s ${nodeEnv}/node_modules $PRETIX_STATIC_ROOT/node_prefix/node_modules
echo ${nodeEnv}/bin/rollup
${pretix}/bin/pretix compress
'';
installPhase = ''
runHook preInstall
runHook postInstall
'';
nativeBuildInputs = [
nodeEnv
];
}

60
pkgs/pretix/pretix.nix
View file

@ -1,60 +0,0 @@
{ lib
, poetry2nix
, pkgs
, gettext
, tlds-alpha-by-domain ? ./tlds-alpha-by-domain.txt
}:
let
tlds = pkgs.fetchurl {
url = "https://data.iana.org/TLD/tlds-alpha-by-domain.txt";
sha256 = "0153py77ll759jacq41dp2z2ksr08pdcfic0rwjd6pr84dk89y9v";
};
pkgsRequiringSetuptools = [
"dj-static"
"django-jquery-js"
"paypal-checkout-serversdk"
"python-u2flib-server"
"slimit"
"static3"
];
in
poetry2nix.mkPoetryApplication rec {
projectDir = ./.;
#python = pkgs.python310;
preferWheels = true;
overrides = poetry2nix.defaultPoetryOverrides.extend
(
self: super: lib.attrsets.genAttrs pkgsRequiringSetuptools
(
pythonPackage:
super."${pythonPackage}".overridePythonAttrs (
old: {
buildInputs = (old.buildInputs or [ ]) ++ [ super.setuptools ];
}
)
) // {
tlds = super.tlds.overridePythonAttrs (
old: {
buildInputs = (old.buildInputs or [ ]) ++ [ super.setuptools ];
}
);
pretix = super.pretix.overridePythonAttrs (
old: {
buildInputs = (old.buildInputs or [ ]) ++ [
gettext
];
preFixup = ''
python -m pretix compilemessages
python -m pretix compilejsi18n
'';
}
);
reportlab = super.reportlab.overridePythonAttrs (
old: {
postPatch = "";
}
);
}
);
}

9
pkgs/pretix/pretix_wrapper/__main__.py
View file

@ -1,9 +0,0 @@
import sys
import os
module_name = "pretix"
def main():
os.environ["PYTHONPATH"] = ":".join(sys.path)
os.execv(sys.executable, [sys.executable, "-m", module_name, *sys.argv[1:]])

4
pkgs/pretix/pretix_wrapper/settings.py
View file

@ -1,4 +0,0 @@
import os
from pretix.settings import *
STATIC_ROOT = os.getenv("PRETIX_STATIC_ROOT")

19
pkgs/pretix/pyproject.toml
View file

@ -1,19 +0,0 @@
[tool.poetry]
name = "pretix_wrapper"
version = "1.0.0"
description = ""
authors = ["Jakob Lechner <mail@jalr.de>"]
license = "MIT"
[tool.poetry.dependencies]
python = "^3.10"
pretix = "^2024.3.0"
[tool.poetry.dev-dependencies]
[tool.poetry.scripts]
pretix = "pretix_wrapper.__main__:main"
[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

8
pkgs/pretix/shell.nix
View file

@ -1,8 +0,0 @@
with import <nixpkgs> { };
mkShell {
buildInputs = [
poetry
];
}

2
pkgs/tabbed-box-maker/default.nix
View file

@ -14,7 +14,7 @@ stdenvNoCC.mkDerivation {
sha256 = "8TNNVMSwbvcEwkvMHecHtGLEpiX3F0g0EGsgO1YKBGQ=";
};
dontBild = true;
dontBuild = true;
installPhase = ''
mkdir $out
cp * $out

0
home-manager/README.md → users/README.md
View file

78
home-manager/users/jalr.nix → users/jalr/default.nix
View file

@ -1,21 +1,11 @@
{ config, pkgs, ... }:
{
imports = [
./default.nix
let
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3l+Yixrsjhze20CSjvUK4Qj/BNqbTNitgk20vuzPej cardno:25_750_479"
];
jalr = {
git = {
user = {
name = "Jakob Lechner";
email = "mail@jalr.de";
};
signByDefault = true;
};
gpg.defaultKey = "3044E71E3DEFF49B586CF5809BF4FCCB90854DA9";
};
in
{
users.users.jalr = {
isNormalUser = true;
extraGroups = [
@ -32,16 +22,16 @@
"wireshark"
]; # Enable sudo for the user.
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3l+Yixrsjhze20CSjvUK4Qj/BNqbTNitgk20vuzPej cardno:25_750_479"
];
openssh.authorizedKeys.keys = sshKeys;
};
users.users.root.openssh.authorizedKeys.keys = sshKeys;
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.jalr = { lib, pkgs, ... }: {
imports = [ ../modules ];
imports = [ ./modules ];
config = {
home.stateVersion = config.system.stateVersion;
@ -120,6 +110,56 @@
profiles = [ "default" ];
};
};
"Digitaler Dienst info" = {
userName = "info@digitaler-dienst.gmbh";
address = "info@digitaler-dienst.gmbh";
realName = "Digitaler Dienst";
imap = {
host = "mail.agenturserver.de";
port = 143;
tls = {
enable = true;
useStartTls = true;
};
};
smtp = {
host = "mail.agenturserver.de";
port = 587;
tls = {
enable = true;
useStartTls = true;
};
};
thunderbird = {
enable = true;
profiles = [ "default" ];
};
};
"FabLab NEA" = {
userName = "kontakt@fablab-nea.de";
address = "kontakt@fablab-nea.de";
realName = "FabLab NEA";
imap = {
host = "hha.jalr.de";
port = 143;
tls = {
enable = true;
useStartTls = true;
};
};
smtp = {
host = "hha.jalr.de";
port = 587;
tls = {
enable = true;
useStartTls = true;
};
};
thunderbird = {
enable = true;
profiles = [ "default" ];
};
};
};
};
};

0
home-manager/modules/3d-printing.nix → users/jalr/modules/3d-printing.nix
View file

36
home-manager/modules/alacritty.nix → users/jalr/modules/alacritty.nix
View file

@ -1,20 +1,7 @@
{ lib, pkgs, nixosConfig, ... }:
let
solarized = import ./solarized.nix;
#nixosConfig.jalr.terminalEmulator.command = pkgs.writeShellScriptBin "alacritty-sway-cwd" ''
# this_alacritty_pid="$(swaymsg -t get_tree | ${pkgs.jq} -e 'recurse(.nodes[]?) | select((.focused==true) and (.app_id=="Alacritty")).pid')"
# if [ "$this_alacritty_pid" ]; then
# child_pid="$(pgrep -P "$this_alacritty_pid")"
# cwd="$(readlink /proc/$child_pid/cwd)"
# fi
# if [ -e "$cwd" ]; then
# exec ${pkgs.alacritty} --working-directory "$cwd"
# fi
# exec alacritty
#'';
tomlFormat = pkgs.formats.toml { };
colorschemes = {
# https://github.com/alacritty/alacritty/wiki/Color-schemes#solarized
@ -105,7 +92,7 @@ let
mouse.hide_when_typing = true;
key_bindings = [
keyboard.bindings = [
{
key = "F1";
mods = "Control";
@ -144,18 +131,15 @@ in
enable = nixosConfig.jalr.gui.enable;
};
# The option `home-manager.users.jalr.xdg.configFile.dark.alacritty/alacritty-dark.yml' does not exist
/*
xdg.configFile = builtins.mapAttrs (colorScheme: cfg: {
"alacritty/alacritty-${colorScheme}.yml" = lib.replaceStrings [ "\\\\" ] [ "\\" ] (builtins.toJSON cfg);
}) settings;
*/
xdg.configFile = lib.attrsets.mapAttrs'
(colorScheme: cfg: lib.attrsets.nameValuePair "alacritty/alacritty-${colorScheme}.yml" {
text = lib.replaceStrings [ "\\\\" ] [ "\\" ] (builtins.toJSON cfg);
})
(colorScheme: cfg:
let name = "alacritty-${colorScheme}.toml";
in
lib.attrsets.nameValuePair "alacritty/${name}" {
source = tomlFormat.generate name cfg;
target = "alacritty/${name}";
}
)
settings;
programs.fish.functions = {

0
home-manager/modules/aws.nix → users/jalr/modules/aws.nix
View file

28
users/jalr/modules/cli/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ nixosConfig, lib, pkgs, ... }:
{
imports = [
./htop.nix
];
config = {
home.packages = with pkgs; [
cached-nix-shell
eza
file
inetutils
jq
lsof
ncdu
ripgrep
unzip
] ++ (if ! nixosConfig.jalr.workstation.enable then [ ] else [
direnv
dnsutils
screen
speedtest-cli
usbutils
wget
yt-dlp
]);
};
}

25
users/jalr/modules/cli/htop.nix Normal file
View file

@ -0,0 +1,25 @@
{ nixosConfig
, config
, lib
, ...
}:
{
programs.htop = {
enable = true;
settings = {
color_scheme = 6;
} // (with config.lib.htop; leftMeters ([
(bar "LeftCPUs")
(bar "Memory")
] ++ lib.lists.optional nixosConfig.zramSwap.enable (bar "Zram") ++ [
] ++ lib.lists.optional (!(nixosConfig.swapDevices == [ ])) (bar "Swap") ++ [
(bar "DiskIO")
])) // (with config.lib.htop; rightMeters [
(bar "RightCPUs")
(text "Tasks")
(text "LoadAverage")
(text "NetworkIO")
]);
};
}

0
home-manager/modules/communication/default.nix → users/jalr/modules/communication/default.nix
View file

42
users/jalr/modules/communication/element-desktop.nix Normal file
View file

@ -0,0 +1,42 @@
{ nixosConfig, lib, pkgs, ... }:
let
profiles = {
"digitaler-dienst" = {
description = "Digitaler Dienst";
};
"private" = {
description = "private";
};
};
in
lib.mkIf nixosConfig.jalr.gui.enable {
home.packages = with pkgs; [
element-desktop
];
# Create an empty directory in nix store
# as we want to use Element only with `--profile-dir`
xdg.configFile.Element = {
source = pkgs.runCommand "empty-Element-directory" { } "mkdir $out";
target = "Element";
};
xdg.desktopEntries = lib.attrsets.mapAttrs'
(name: value: lib.attrsets.nameValuePair "element-desktop-${name}"
{
categories = [ "Network" "InstantMessaging" "Chat" ];
exec = toString (pkgs.writeShellScript "element-desktop-${name}" ''
exec element-desktop --profile-dir "$HOME/.config/element-profiles/${name}"
'');
genericName = "Matrix Client";
icon = "element";
mimeType = [ "x-scheme-handler/element" ];
name = "Element ${value.description}";
terminal = false;
type = "Application";
}
)
profiles;
}

0
home-manager/modules/communication/mumble.nix → users/jalr/modules/communication/mumble.nix
View file

0
home-manager/modules/communication/qtox.nix → users/jalr/modules/communication/qtox.nix
View file

0
home-manager/modules/communication/telegram-desktop.nix → users/jalr/modules/communication/telegram-desktop.nix
View file

8
home-manager/modules/default.nix → users/jalr/modules/default.nix
View file

@ -2,11 +2,10 @@
{
imports = [
./${nixosConfig.jalr.terminalEmulator}.nix
./3d-printing.nix
./alacritty.nix
./aws.nix
./claws-mail.nix
./cli.nix
./cli
./communication
./direnv.nix
./dynamic-colors.nix
@ -23,6 +22,7 @@
./mute-indicator.nix
./neo.nix
./neovim.nix
./nix-index.nix
./obs-studio
./openscad.nix
./pass.nix
@ -36,6 +36,4 @@
./tor-browser.nix
./vdirsyncer.nix
];
programs.nix-index.enable = true;
}

0
home-manager/modules/direnv.nix → users/jalr/modules/direnv.nix
View file

6
home-manager/modules/dynamic-colors.nix → users/jalr/modules/dynamic-colors.nix
View file

@ -9,9 +9,9 @@ let
applicationConfig = [
{
dir = "~/.config/alacritty";
light = "alacritty-light.yml";
dark = "alacritty-dark.yml";
target = "alacritty.yml";
light = "alacritty-light.toml";
dark = "alacritty-dark.toml";
target = "alacritty.toml";
}
{
dir = "~/.config/wofi";

364
users/jalr/modules/firefox/default.nix Normal file
View file

@ -0,0 +1,364 @@
{ nixosConfig, pkgs, ... }:
{
programs.firefox = {
enable = nixosConfig.jalr.gui.enable;
package = pkgs.firefox-esr;
policies = {
AllowedDomainsForApps = "";
CaptivePortal = false;
DNSOverHTTPS.Enabled = false;
DisableAppUpdate = true;
DisableFeedbackCommands = true;
DisableFirefoxAccounts = true;
DisableFirefoxScreenshots = true;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
DisplayMenuBar = "never";
EncryptedMediaExtensions = { Enabled = false; Locked = true; };
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
StartDownloadsInTempDirectory = true;
UserMessaging = {
WhatsNew = false;
ExtensionRecommendations = false;
FeatureRecommendations = false;
UrlbarInterventions = false;
SkipOnboarding = true;
MoreFromMozilla = false;
Locked = false;
};
Permissions = {
Camera = {
/*
Allow = ["https://example.org" "https://example.org:1234"];
Block = ["https://example.edu"];
BlockNewRequests = true | false;
Locked = true | false;
*/
};
Microphone = { };
Location = { };
Notifications = { };
Autoplay = { };
};
PopupBlocking = {
/* Allow = ["http://example.org/" "http://example.edu/"]; */
Default = false;
Locked = false;
};
Bookmarks = (
builtins.map
(b: b // {
Folder = "Nix";
Placement = "toolbar";
}) [
{
Title = "NixOS Manual";
URL = "https://nixos.org/manual/nixos/stable/";
}
{
Title = "Nix manual";
URL = "https://nix.dev/manual/nix/2.18/stable";
}
{
Title = "Nixpkgs manual";
URL = "https://nixos.org/manual/nixpkgs/stable/";
}
{
Title = "Noogle";
URL = "https://noogle.dev/";
}
{
Title = "Home Manager Configuration Options";
URL = "https://nix-community.github.io/home-manager/options.xhtml";
}
{
Title = "Home Manager Option Search";
URL = "https://mipmip.github.io/home-manager-option-search/";
}
{
Title = "NixOS Status";
URL = "https://status.nixos.org/";
}
{
Title = "krops";
URL = "https://cgit.krebsco.de/krops/about/";
}
{
Title = "Awesome Nix";
URL = "https://github.com/nix-community/awesome-nix";
}
]
) ++ (
builtins.map
(b: b // {
Folder = "Digitaler Dienst";
Placement = "toolbar";
}) [
{
Title = "GitLab";
URL = "https://gitlab.digitaler-dienst.net/";
}
{
Title = "Moco";
URL = "https://digitaler-dienst.mocoapp.com/activities";
}
{
Title = "Leantime";
URL = "https://todo.digitaler-dienst.gmbh/";
}
{
Title = "Nextcloud";
URL = "https://nx52865.your-storageshare.de/";
}
{
Title = "FreeScout";
URL = "https://tickets.digitaler-dienst.gmbh/";
}
{
Title = "Personio";
URL = "https://laemmermann.personio.de/";
}
]
) ++ [
{
Title = "Fefes Blog";
URL = "https://blog.fefe.de";
Placement = "toolbar";
#Placement = "menu";
#Favicon = "https://example.com/favicon.ico";
}
];
/*
ManagedBookmarks = [
{
toplevel_name = "My managed bookmarks folder";
}
{
url = "example.com";
name = "Example";
}
{
name = "Mozilla links";
children = [
{
url = "https://mozilla.org";
name = "Mozilla.org";
}
{
url = "https://support.mozilla.org/";
name = "SUMO";
}
];
}
];
*/
SearchEngines.Default = "DuckDuckGo";
SearchEngines.Remove = [
"Google"
"Wikipedia (en)"
];
SearchEngines.Add = [
{
Name = "Startpage";
URLTemplate = "https://www.startpage.com/sp/search";
Method = "POST";
PostData = "qadf=none&query={searchTerms}";
IconURL = "https://www.startpage.com/sp/cdn/favicons/mobile/android-icon-192x192.png";
Alias = "sp";
}
{
Name = "DuckDuckGo";
URLTemplate = "https://duckduckgo.com/?q={searchTerms}";
Method = "GET";
IconURL = "https://duckduckgo.com/favicon.ico";
Alias = "ddg";
}
# Wikipedia
{
Name = "Wikipedia en";
URLTemplate = "https://en.wikipedia.org/wiki/Special:Search?search={searchTerms}";
Method = "GET";
IconURL = "https://en.wikipedia.org/static/images/icons/wikipedia.png";
Alias = "wen";
}
{
Name = "Wikipedia de";
URLTemplate = "https://de.wikipedia.org/w/index.php?search={searchTerms}";
Method = "GET";
IconURL = "https://www.wikipedia.de/img/wikipedia.png";
Alias = "wde";
}
{
Name = "Nix Packages";
URLTemplate = "https://search.nixos.org/packages?query={searchTerms}";
Method = "GET";
IconURL = "https://nixos.org/favicon.png";
Alias = "pkg";
}
{
Name = "NixOS Options";
URLTemplate = "https://search.nixos.org/options?query={searchTerms}";
Method = "GET";
IconURL = "https://nixos.org/favicon.png";
Alias = "opt";
}
{
Name = "Docker images";
URLTemplate = "https://hub.docker.com/search/?q={searchTerms}";
Method = "GET";
IconURL = "https://hub.docker.com/favicon.ico";
Alias = "docker";
}
{
Name = "GitHub";
URLTemplate = "https://github.com/search?q={searchTerms}";
Method = "GET";
IconURL = "https://github.githubassets.com/favicons/favicon.svg";
Alias = "gh";
}
# Shopping
{
Name = "Amazon de";
URLTemplate = "https://www.amazon.de/s?k={searchTerms}";
Method = "GET";
IconURL = "https://www.amazon.de/favicon.ico";
Alias = "amde";
}
{
Name = "Ebay de";
URLTemplate = "https://www.ebay.de/sch/i.html?_nkw={searchTerms}";
Method = "GET";
IconURL = "https://pages.ebay.com/favicon.ico";
Alias = "ebde";
}
# Dictionary
{
Name = "dict.cc";
URLTemplate = "https://www.dict.cc/?s={searchTerms}";
Method = "GET";
IconURL = "https://www4.dict.cc/img/favicons/favicon4.png";
Alias = "dcc";
}
{
Name = "Duden";
URLTemplate = "https://www.duden.de/suchen/dudenonline/{searchTerms}";
Method = "GET";
IconURL = "https://www.duden.de/sites/default/res/apple-touch-icon/180x180.png";
Alias = "duden";
}
# Map
{
Name = "OpenStreetMap";
URLTemplate = "https://www.openstreetmap.org/search?query={searchTerms}";
Method = "GET";
IconURL = "https://www.openstreetmap.org/assets/favicon-194x194-79d3fb0152c735866e64b1d7535d504483cd13c2fad0131a6142bd9629d30de2.png";
Alias = "osm";
}
];
};
profiles.default = {
id = 0;
isDefault = true;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
darkreader
tree-style-tab
ublock-origin
umatrix
violentmonkey
];
settings = {
#"browser.startup.homepage" = "https://nixos.org";
#"browser.search.region" = "GB";
#"browser.search.isUS" = false;
#"distribution.searchplugins.defaultLocale" = "en-GB";
#"general.useragent.locale" = "en-GB";
#"browser.bookmarks.showMobileBookmarks" = true;
"app.normandy.enabled" = false;
"app.shield.optoutstudies.enabled" = false;
"app.update.auto" = false;
"browser.bookmarks.addedImportButton" = false;
"browser.ctrlTab.sortByRecentlyUsed" = true;
"browser.fixup.alternate.enabled" = false;
"browser.formfill.enable" = false;
"browser.link.open_newwindow.restriction" = 0;
"browser.newtabpage.enabled" = false;
"browser.ping-centre.telemetry" = false;
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.downloads.remote.block_dangerous" = false;
"browser.safebrowsing.downloads.remote.block_dangerous_host" = false;
"browser.safebrowsing.downloads.remote.block_potentially_unwanted" = false;
"browser.safebrowsing.downloads.remote.block_uncommon" = false;
"browser.safebrowsing.downloads.remote.enabled" = false;
"browser.safebrowsing.downloads.remote.url" = "";
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.provider.google.advisoryURL" = "";
"browser.safebrowsing.provider.google.gethashURL" = "";
"browser.safebrowsing.provider.google.lists" = "";
"browser.safebrowsing.provider.google.reportMalwareMistakeURL" = "";
"browser.safebrowsing.provider.google.reportPhishMistakeURL" = "";
"browser.safebrowsing.provider.google.reportURL" = "";
"browser.safebrowsing.provider.google.updateURL" = "";
"browser.safebrowsing.provider.google4.advisoryURL" = "";
"browser.safebrowsing.provider.google4.dataSharingURL" = "";
"browser.safebrowsing.provider.google4.gethashURL" = "";
"browser.safebrowsing.provider.google4.lists" = "";
"browser.safebrowsing.provider.google4.reportMalwareMistakeURL" = "";
"browser.safebrowsing.provider.google4.reportPhishMistakeURL" = "";
"browser.safebrowsing.provider.google4.reportURL" = "";
"browser.safebrowsing.provider.google4.updateURL" = "";
"browser.safebrowsing.provider.mozilla.gethashURL" = "";
"browser.safebrowsing.provider.mozilla.lists" = "";
"browser.safebrowsing.provider.mozilla.updateURL" = "";
"browser.search.suggest.enabled" = false;
"browser.search.widget.inNavBar" = true;
"browser.startup.page" = 0;
"extensions.pocket.enabled" = false;
"extensions.update.enabled" = false;
"identity.fxaccounts.enabled" = false;
"keyword.enabled" = false;
"network.captive-portal-service.enabled" = false;
"network.predictor.enabled" = false;
"privacy.donottrackheader.enabled" = true;
"startup.homepage_welcome_url" = "about:blank";
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.server" = "http://127.0.0.1:4711";
"toolkit.telemetry.server_owner" = "";
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.updatePing.enabled" = false;
"urlclassifier.downloadAllowTable" = "";
"urlclassifier.downloadBlockTable" = "";
"urlclassifier.malwareTable" = "";
"urlclassifier.phishTable" = "";
"datareporting.healthreport.uploadEnabled" = "";
"app.normandy.api_url" = "";
"breakpad.reportURL" = "";
"browser.region.network.url" = "";
"browser.search.geoSpecificDefaults.url" = "";
"browser.shell.checkDefaultBrowser" = false;
"privacy.userContext.enabled" = true;
"privacy.userContext.ui.enabled" = true;
"network.dnsCacheExpiration" = 0;
# disable disk cache to reduce ssd writes
"browser.cache.disk.enable" = false;
"browser.cache.memory.enable" = true;
"browser.cache.memory.capacity" = -1;
};
userChrome = builtins.readFile ./userChrome.css;
};
};
}

24
home-manager/modules/firefox/userChrome.css → users/jalr/modules/firefox/userChrome.css
View file

@ -218,4 +218,28 @@ url(chrome://browser/content/browser.xhtml) {
}
/*** End of: Megabar Styler One-Offs ***/
/* Hide "Firefox Suggest" in location bar search results */
.urlbarView-row[label="Firefox Suggest"]::before {
display: none !important
}
.urlbarView-row[label] {
margin-block-start: 4px !important;
}
/* Hide search button in location bar */
#identity-box[pageproxystate=invalid] > .identity-box-button,
.searchbar-search-button {
display: none
}
/* Hide search placeholder in location bar */
#urlbar-input::placeholder {
color: transparent;
}
/* Hide back & forward buttons */
toolbarbutton#back-button {
display: none;
}
}

114
home-manager/modules/fish.nix → users/jalr/modules/fish.nix
View file

@ -11,8 +11,8 @@
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "theme-agnoster";
rev = "c142e802983bd1b34b4d91efac2126fc5913126d";
sha256 = "0PLx626BWoBp/L6wgkB4o+53q8PymiEE/rTu2mfzHhg=";
rev = "4c5518c89ebcef393ef154c9f576a52651400d27";
sha256 = "OFESuesnfqhXM0aij+79kdxjp4xgCt28YwTrcwQhFMU=";
fetchSubmodules = true;
};
}
@ -61,82 +61,71 @@
#alias cal='ncal -b -M'
alias myip='dig +short myip.opendns.com @resolver1.opendns.com'
function hm -d 'merge history and delete failed commands'
history --merge
if test -z "$fish_private_mode" && test -e "$__fish_user_data_dir/successful_commands" && test -e "$__fish_user_data_dir/failed_commands"
while read line;
if ! grep -qFx $line "$__fish_user_data_dir/successful_commands"
set hist_command (echo $line | base64 -d)
echo "deleting command: $hist_command"
echo "."
history delete --exact --case-sensitive $hist_command
end
end < "$__fish_user_data_dir/failed_commands"
echo -n > "$__fish_user_data_dir/successful_commands"
echo -n > "$__fish_user_data_dir/failed_commands"
end
end
hm
history --merge >/dev/null 2>&1
# fancy tools
if which eza > /dev/null 2>&1
alias l=eza
alias ll='eza -l --time-style=long-iso --git'
alias la='eza -la --time-style=long-iso --git'
alias tree='eza --tree'
alias llt='eza -s modified -l'
abbr --add l eza
abbr --add ll 'eza -l --time-style=long-iso --git'
abbr --add la 'eza -la --time-style=long-iso --git'
abbr --add tree 'eza --tree'
abbr --add llt 'eza -s modified -l'
else
alias l=ls
alias ll='ls -l'
alias la='ls -la'
alias llt='ls -trl'
abbr --add l ls
abbr --add ll 'ls -l'
abbr --add la 'ls -la'
abbr --add llt 'ls -trl'
end
if which rg > /dev/null 2>&1
alias g=rg
abbr --add g rg
complete -c g -w rg
else if which ag > /dev/null 2>&1
alias g=ag
abbr --add g ag
complete -c g -w ag
else
alias g='grep --color=auto'
abbr --add g 'grep --color=auto'
complete -c g -w grep
end
function jqless -d 'jq -C [args] | less -R'
jq -C $argv | less -R
end
# NixOS direnv
if which direnv > /dev/null
eval (direnv hook fish)
end
function __cut_commandline -d 'cut commandline and paste it later'
bind \ed 'dirh-fzf'
# fix too dark color on solarized theme
set -g fish_color_autosuggestion brgreen
'';
functions = {
jqless = {
body = ''
jq -C $argv | less -R
'';
};
__cut_commandline = {
description = "cut commandline and paste it later";
body = ''
set -g commandline_buffer (commandline)
commandline ""
'';
};
__postexec = {
onEvent = "fish_postexec";
body = ''
if test $status -ne 0; and test -z "$hist_cmd"; and test -z "$fish_private_mode"
#$SHELL -c "
history delete --exact --case-sensitive -- $argv[1]
#" &
end
function __postexec --on-event fish_postexec
if test $status -ne 0
if test -z "$hist_cmd"
if test -z "$fish_private_mode"
echo $argv[1] | base64 >> "$__fish_user_data_dir/failed_commands"
end
end
else
if test -z "$fish_private_mode"
echo $argv[1] | base64 >> "$__fish_user_data_dir/successful_commands"
end
commandline $commandline_buffer
set -e commandline_buffer
end
end
function dirh-nocolor --description "Print the current directory history (the prev and next lists)"
'';
};
dirh-nocolor = {
description = "Print the current directory history (the prev and next lists)";
body = ''
set -l options h/help
argparse -n dirh --max-args=0 $options -- $argv
or return
@ -165,15 +154,16 @@
printf '%s\n' $dirnext_rev[$i]
end
end
end
function dirh-fzf -d 'directory history fuzzy finder'
builtin cd (dirh-nocolor | uniq | fzf)
end
bind \ed 'dirh-fzf'
'';
};
dirh-fzf = {
description = "directory history fuzzy finder";
body = ''
builtin cd (dirh-nocolor | uniq | fzf)
'';
};
};
};
xdg.configFile."fish/completions/mycli.fish".text = ''
complete -e -c mycli

0
home-manager/modules/fpv.nix → users/jalr/modules/fpv.nix
View file

16
home-manager/modules/git.nix → users/jalr/modules/git.nix
View file

@ -4,15 +4,17 @@
programs = {
git = {
enable = true;
userName = nixosConfig.jalr.git.user.name;
userEmail = nixosConfig.jalr.git.user.email;
userName = "Jakob Lechner";
userEmail = "mail@jalr.de";
signing = {
key = nixosConfig.jalr.gpg.defaultKey;
signByDefault = nixosConfig.jalr.git.signByDefault;
key = "3044E71E3DEFF49B586CF5809BF4FCCB90854DA9";
signByDefault = false;
};
diff-so-fancy = {
enable = true;
};
extraConfig = {
init.defaultBranch = "main";
core.pager = "${pkgs.diff-so-fancy}/bin/diff-so-fancy | less --tabs=4 -RFX";
diff.sops.textconv = "${pkgs.sops}/bin/sops -d";
pull.ff = "only";
alias.find-merge = "!sh -c 'commit=$0 && branch=\${1:-HEAD} && (git rev-list $commit..$branch --ancestry-path | cat -n; git rev-list $commit..$branch --first-parent | cat -n) | sort -k2 -s | uniq -f1 -d | sort -n | tail -1 | cut -f2'";
@ -23,7 +25,7 @@
fish = {
shellAbbrs = {
ga = "git add";
gam = "git commit --amend";
gam = "git commit --amend --no-edit";
gap = "git add --patch";
gb = "git branch";
gbd = "git branch --delete";
@ -38,7 +40,7 @@
gf = "git fetch";
ginit = "git init";
gl = "git log";
gpll = "git pull";
gpll = "git pull --rebase";
gpsh = "git push";
grb = "git rebase --autostash";
grbi = "git rebase --autostash --interactive --autosquash refs/remotes/origin/HEAD";

0
home-manager/modules/gnuradio.nix → users/jalr/modules/gnuradio.nix
View file

0
home-manager/modules/graphics/default.nix → users/jalr/modules/graphics/default.nix
View file

0
home-manager/modules/graphics/gimp.nix → users/jalr/modules/graphics/gimp.nix
View file

0
home-manager/modules/graphics/inkscape.nix → users/jalr/modules/graphics/inkscape.nix
View file

0
home-manager/modules/graphics/krita.nix → users/jalr/modules/graphics/krita.nix
View file

2
home-manager/modules/gui.nix → users/jalr/modules/gui.nix
View file

@ -3,11 +3,9 @@ lib.mkIf nixosConfig.jalr.gui.enable {
home.packages = with pkgs; [
evince
exiftool
gcr # required for pinentry-gnome
geeqie
mpv
networkmanagerapplet
pinentry-gnome
streamlink
supersonic-wayland
vlc

0
home-manager/modules/jameica.nix → users/jalr/modules/jameica.nix
View file

0
home-manager/modules/kicad.nix → users/jalr/modules/kicad.nix
View file

0
home-manager/modules/mpv.nix → users/jalr/modules/mpv.nix
View file

0
home-manager/modules/mute-indicator.nix → users/jalr/modules/mute-indicator.nix
View file

0
home-manager/modules/neo.nix → users/jalr/modules/neo.nix
View file

1
home-manager/modules/neovim.nix → users/jalr/modules/neovim.nix
View file

@ -44,6 +44,7 @@
augroup END
autocmd BufRead COMMIT_EDITMSG startinsert
autocmd BufRead /tmp/tmp.*.fish startinsert
let g:deoplete#enable_at_startup = 1

5
users/jalr/modules/nix-index.nix Normal file
View file

@ -0,0 +1,5 @@
{
programs.nix-index = {
enable = true;
};
}

0
home-manager/modules/obs-studio/default.nix → users/jalr/modules/obs-studio/default.nix
View file

0
home-manager/modules/openscad.nix → users/jalr/modules/openscad.nix
View file

10
home-manager/modules/pass.nix → users/jalr/modules/pass.nix
View file

@ -1,11 +1,17 @@
{ nixosConfig, config, pkgs, ... }:
{ nixosConfig, pkgs, ... }:
let
pw = pkgs.writeScriptBin "pw" ''
p="$(${pkgs.pass}/bin/pass show "$1")"
copy_line() {
echo -n "$p" | ${pkgs.gnused}/bin/sed -n "$1"p | ${pkgs.wl-clipboard}/bin/wl-copy -o -f
echo -n "$p" \
| ${pkgs.gnused}/bin/sed -n "$1"p \
| ${pkgs.wl-clipboard}/bin/wl-copy \
--paste-once \
--foreground \
--trim-newline \
--type text/plain
}
echo "username"

0
home-manager/modules/pcmanfm.nix → users/jalr/modules/pcmanfm.nix
View file

0
home-manager/modules/python.nix → users/jalr/modules/python.nix
View file

0
home-manager/modules/remarkable/default.nix → users/jalr/modules/remarkable/default.nix
View file

0
home-manager/modules/remarkable/restream.nix → users/jalr/modules/remarkable/restream.nix
View file

0
home-manager/modules/remarkable/rmview.nix → users/jalr/modules/remarkable/rmview.nix
View file

0
home-manager/modules/solarized.nix → users/jalr/modules/solarized.nix
View file

0
home-manager/modules/sound/audacity.nix → users/jalr/modules/sound/audacity.nix
View file

0
home-manager/modules/sound/default.nix → users/jalr/modules/sound/default.nix
View file

0
home-manager/modules/sound/easyeffects.nix → users/jalr/modules/sound/easyeffects.nix
View file

0
home-manager/modules/sound/pipewire.nix → users/jalr/modules/sound/pipewire.nix
View file

19
home-manager/modules/sway/default.nix → users/jalr/modules/sway/default.nix
View file

@ -3,8 +3,6 @@
let
solarized = import ../solarized.nix;
terminalEmulator =
if nixosConfig.jalr.terminalEmulator == "alacritty"
then
pkgs.writeShellScript "alacritty-sway-cwd" ''
this_alacritty_pid="$(${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq -e 'recurse(.nodes[]?) | select((.focused==true) and (.app_id=="Alacritty")).pid')"
@ -17,8 +15,7 @@ let
fi
exec ${pkgs.alacritty}/bin/alacritty
''
else nixosConfig.jalr.terminalEmulator;
'';
cfg = config.wayland.windowManager.sway.config;
wallpaper = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/swaywm/sway/3b2bc894a5ebbcbbd6707d45a25d171779c2e874/assets/Sway_Wallpaper_Blue_1920x1080.png";
@ -113,16 +110,6 @@ in
output."*".bg = "${wallpaper} fill";
# FIXME
#input = {
# #"type:keyboard" = {
# # xkb_layout = "neo";
# #};
#} // (lib.optionalAttrs (nixosConfig.networking.hostName == "mayushii") {
# "type:touchpad".events = "disabled";
# "2:10:TPPS/2_Elan_TrackPoint".pointer_accel = "-0.15";
#});
keybindings = {
"${cfg.modifier}+Return" = "exec ${cfg.terminal}";
"${cfg.modifier}+Backspace" = "exec ${cfg.terminal}";
@ -297,7 +284,9 @@ in
fonts = {
names = [ "monospace" ];
style = "Regular";
size = 0.0;
# FIXME: this is an ugly workaround until https://github.com/swaywm/sway/issues/7409 is fixed
size = 0.001;
};
};

0
home-manager/modules/sway/gammastep.nix → users/jalr/modules/sway/gammastep.nix
View file

0
home-manager/modules/sway/move-to-output/default.nix → users/jalr/modules/sway/move-to-output/default.nix
View file

0
home-manager/modules/sway/waybar.nix → users/jalr/modules/sway/waybar.nix
View file

0
home-manager/modules/sway/wofi-bluetooth.nix → users/jalr/modules/sway/wofi-bluetooth.nix
View file

0
home-manager/modules/sway/wofi.nix → users/jalr/modules/sway/wofi.nix
View file

0
home-manager/modules/sway/yubikey-touch-detector.nix → users/jalr/modules/sway/yubikey-touch-detector.nix
View file

3
home-manager/modules/thunderbird.nix → users/jalr/modules/thunderbird.nix
View file

@ -3,5 +3,8 @@
programs.thunderbird = {
enable = nixosConfig.jalr.gui.enable;
profiles."default".isDefault = true;
settings = {
"mail.chat.enabled" = false;
};
};
}

0
home-manager/modules/tmux.nix → users/jalr/modules/tmux.nix
View file

Some files were not shown because too many files have changed in this diff Show more