From 51f5e7eab92929e7c25e82ee90897252bca62986 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sat, 10 Apr 2021 17:05:55 +0200 Subject: [PATCH] Add current hummelberg-new state --- defaults/user-configuration/default.nix | 10 + .../fhauser/applications/alacritty.nix | 6 + .../fhauser/applications/android-studio.nix | 7 + .../fhauser/applications/default.nix | 76 ++++ .../fhauser/applications/firefox.nix | 9 + .../fhauser/applications/git.nix | 85 ++++ .../fhauser/applications/gpg.nix | 37 ++ .../fhauser/applications/mako.nix | 14 + .../fhauser/applications/psql.nix | 21 + .../fhauser/applications/redshift.nix | 13 + .../fhauser/applications/scripts.nix | 52 +++ .../fhauser/applications/shell.nix | 59 +++ .../fhauser/applications/ssh.nix | 26 ++ .../fhauser/applications/swaylock.nix | 33 ++ .../fhauser/applications/vim.nix | 54 +++ .../fhauser/applications/waybar.nix | 382 ++++++++++++++++++ .../fhauser/applications/webapps.nix | 26 ++ .../user-configuration/fhauser/default.nix | 11 + defaults/user-configuration/fhauser/i3.nix | 18 + .../user-configuration/fhauser/multimedia.nix | 51 +++ .../user-configuration/fhauser/security.nix | 5 + defaults/user-configuration/fhauser/sway.nix | 261 ++++++++++++ .../fhauser/work/android-studio.nix | 4 + .../fhauser/work/default.nix | 6 + .../fhauser/work/openvpn.nix | 73 ++++ hardware/thinkpad-p14s.nix | 33 ++ host/hummelberg-new/default.nix | 42 ++ host/hummelberg-new/filesystems.nix | 30 ++ host/hummelberg-new/networking.nix | 26 ++ host/hummelberg-new/printing.nix | 16 + 30 files changed, 1486 insertions(+) create mode 100644 defaults/user-configuration/default.nix create mode 100644 defaults/user-configuration/fhauser/applications/alacritty.nix create mode 100644 defaults/user-configuration/fhauser/applications/android-studio.nix create mode 100644 defaults/user-configuration/fhauser/applications/default.nix create mode 100644 defaults/user-configuration/fhauser/applications/firefox.nix create mode 100644 defaults/user-configuration/fhauser/applications/git.nix create mode 100644 defaults/user-configuration/fhauser/applications/gpg.nix create mode 100644 defaults/user-configuration/fhauser/applications/mako.nix create mode 100644 defaults/user-configuration/fhauser/applications/psql.nix create mode 100644 defaults/user-configuration/fhauser/applications/redshift.nix create mode 100644 defaults/user-configuration/fhauser/applications/scripts.nix create mode 100644 defaults/user-configuration/fhauser/applications/shell.nix create mode 100644 defaults/user-configuration/fhauser/applications/ssh.nix create mode 100644 defaults/user-configuration/fhauser/applications/swaylock.nix create mode 100644 defaults/user-configuration/fhauser/applications/vim.nix create mode 100644 defaults/user-configuration/fhauser/applications/waybar.nix create mode 100644 defaults/user-configuration/fhauser/applications/webapps.nix create mode 100644 defaults/user-configuration/fhauser/default.nix create mode 100644 defaults/user-configuration/fhauser/i3.nix create mode 100644 defaults/user-configuration/fhauser/multimedia.nix create mode 100644 defaults/user-configuration/fhauser/security.nix create mode 100644 defaults/user-configuration/fhauser/sway.nix create mode 100644 defaults/user-configuration/fhauser/work/android-studio.nix create mode 100644 defaults/user-configuration/fhauser/work/default.nix create mode 100644 defaults/user-configuration/fhauser/work/openvpn.nix create mode 100644 hardware/thinkpad-p14s.nix create mode 100644 host/hummelberg-new/default.nix create mode 100644 host/hummelberg-new/filesystems.nix create mode 100644 host/hummelberg-new/networking.nix create mode 100644 host/hummelberg-new/printing.nix diff --git a/defaults/user-configuration/default.nix b/defaults/user-configuration/default.nix new file mode 100644 index 0000000..eedbfe6 --- /dev/null +++ b/defaults/user-configuration/default.nix @@ -0,0 +1,10 @@ +{ config, pkgs, lib, ... }: { + + imports = [ ]; + + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + }; + +} diff --git a/defaults/user-configuration/fhauser/applications/alacritty.nix b/defaults/user-configuration/fhauser/applications/alacritty.nix new file mode 100644 index 0000000..76b0257 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/alacritty.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.programs.alacritty = { + enable = true; + settings."background_opacity" = 0.95; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/android-studio.nix b/defaults/user-configuration/fhauser/applications/android-studio.nix new file mode 100644 index 0000000..d1d1aa4 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/android-studio.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + #home-manager.users.fhauser = { + # home.packages = with pkgs; [ androidStudioPackages.beta ]; + # pam.sessionVariables.STUDIO_JDK = "${pkgs.jdk14}/lib/openjdk"; + #}; # TODO: This was extracted into a shell.nix +} diff --git a/defaults/user-configuration/fhauser/applications/default.nix b/defaults/user-configuration/fhauser/applications/default.nix new file mode 100644 index 0000000..556263b --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/default.nix @@ -0,0 +1,76 @@ +{ config, pkgs, lib, ... }: + +{ + + imports = [ + ./firefox.nix + ./gpg.nix + ./ssh.nix + ./scripts.nix + ./webapps.nix + ./vim.nix + ./git.nix + ./waybar.nix + ./psql.nix + ./android-studio.nix + ./mako.nix + ./redshift.nix + ./alacritty.nix + ./shell.nix + ./swaylock.nix + ]; + home-manager.users.fhauser.home.packages = with pkgs; + [ # Networking + unison + transmission # GUI Tools, maybe extract... + ] ++ [ # Desktop Environment Applications + google-chrome + chromium + #midori # TODO: Currently unused + #qutebrowser # TODO: Currently unused + gnome3.evolution # TODO: Suport for plugins with 21.05 + #evolution-ews + synergy + #quicksynergy # Currently unused + nextcloud-client + owncloud-client + ] ++ [ # office # TODO: Migrate to office.nix + # TODO: Build fails! + libreoffice-fresh # TODO: Dictionaries, nixos/nixpkgs#14430 + # pdfgrep + # pdftk + # calibre + tectonic + # texstudio + # pandoc + # system-config-printer + # cups-pk-helper + # cups-bjnp + # gutenprint + # gutenprintBin + # hplipWithPlugin + simple-scan + gnome3.gnome-online-accounts + gnome3.gnome-control-center + ] ++ [ # Communication + signal-desktop + tdesktop + discord + mattermost-desktop + # pidgin pidgin-otr pidgin-with-plugins #TODO: Pidgin needed? + #TODO: ekiga? + skype + slack + teams + jitsi-meet-electron + teamviewer + rdesktop + vmware-horizon-client + ] ++ [ # Development + vscodium + gitlab-runner + docker-compose + vagrant + virt-manager + ]; +} diff --git a/defaults/user-configuration/fhauser/applications/firefox.nix b/defaults/user-configuration/fhauser/applications/firefox.nix new file mode 100644 index 0000000..7176c5a --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/firefox.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: { + home-manager.users.fhauser = { + programs.firefox = { + enable = true; + package = pkgs.firefox-wayland; + }; + home.sessionVariables.MOZ_ENABLE_WAYLAND = "true"; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/git.nix b/defaults/user-configuration/fhauser/applications/git.nix new file mode 100644 index 0000000..95b1c74 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/git.nix @@ -0,0 +1,85 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.programs.git = { + enable = true; + package = pkgs.gitAndTools.gitFull; + aliases = { + s = "status --short --branch"; + a = "add --patch"; + c = "commit --message"; + l = + "log --color --graph --pretty=format:'%Cred%h%Creset - %C(bold)%s%Creset%C(yellow)%d%Creset %C(green)%an%Creset %C(cyan)%cr%Creset (S: %G?)' --abbrev-commit"; + d = "diff"; + + fup = "commit --fixup"; + fuprebase = "rebase --interactive --autosquash"; + + ignore = "update-index --skip-worktree"; + unignore = "update-index --no-skip-worktree"; + ignored = ''!git ls-files -v | grep "^S"''; + }; + #delta = { + # enable = true; + # options = { + # side-by-side = "true"; + + # line-numbers = "true"; + # line-numbers-minus-style = "#444444"; + # line-numbers-zero-style = "#444444"; + # line-numbers-plus-style = "#444444"; + # line-numbers-left-format = "{nm:>4}┊"; + # line-numbers-right-format = "{np:>4}│"; + # line-numbers-left-style = "blue"; + # line-numbers-right-style = "blue"; + # }; + #}; + extraConfig = { + core = { + packedGitWindowSize = "16m"; + packedGitLimit = "64m"; + }; + pack = { + windowMemory = "64m"; + packSizeLimit = "64m"; + thread = "1"; + deltaCacheSize = "1m"; + }; + color = { + branch = "auto"; + diff = "auto"; + status = "auto"; + }; + push.default = "simple"; + pull.rebase = "true"; + branch.autosetuprebase = "always"; + }; + includes = let + mkDefaultConfig = (dir: { + condition = "gitdir:${dir}"; + contents = { + user = { + signingkey = "0x8A52A140BEBF7D2C"; + email = "fabian@fh2.ch"; + name = "Fabian Hauser"; + }; + }; + }); + in [ + (mkDefaultConfig "~/private/") + (mkDefaultConfig "/etc/nixos/") + (mkDefaultConfig "~/.password-store") + ((mkDefaultConfig "~/work/") // { + contents = { + commit.gpgsign = true; + tag.gpgsign = true; + user = { + signingkey = "0xE0CDD70E5D286D64"; + email = "fabian.hauser@threema.ch"; + }; + url."git@work.github.com".insteadOf = "git@github.com"; + }; + }) + ]; + ignores = [ "*~" "*.swp" ".direnv/" ]; + lfs.enable = true; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/gpg.nix b/defaults/user-configuration/fhauser/applications/gpg.nix new file mode 100644 index 0000000..e9fcd6f --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/gpg.nix @@ -0,0 +1,37 @@ +{ pkgs, ... }: { + #TODO: ENV variabls for agent + home-manager.users.fhauser.home.sessionVariables.SSH_AUTH_SOCK = + "/run/user/1000/gnupg/S.gpg-agent.ssh"; + home-manager.users.fhauser.programs.gpg = { + enable = true; + settings = { + "use-agent" = true; + "trust-model" = "tofu"; + "no-emit-version" = true; + "no-comments" = true; + "sig-notation" = "issuer-fpr@notations.openpgp.fifthhorseman.net=%g"; + "keyserver" = "hkp://pool.sks-keyservers.net"; + "keyserver-options" = "auto-key-retrieve no-honor-keyserver-url"; + "personal-cipher-preferences" = "AES256 AES192 AES CAST5"; + "cert-digest-algo" = "SHA512"; + "personal-digest-preferences" = "SHA512 SHA384 SHA256 SHA224"; + "default-preference-list" = + "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed"; + "display-charset" = "utf-8"; + "fixed-list-mode" = true; + "with-fingerprint" = true; + "keyid-format" = "0xlong"; + "verify-options" = "show-uid-validity"; + "list-options" = "show-uid-validity"; + }; + }; + home-manager.users.fhauser.services.gpg-agent = { + enable = true; + enableScDaemon = true; + enableSshSupport = true; + sshKeys = [ + "99DFB0F28CF9420A2D6383139E86814A1568C81B" # 0x8193A5D218B553DD / fabian.hauser@threema.ch + "638143D3F6421377E9D4C7F1D2EDC5AA0A860351" # 0x3E957C9C8CB5D6B2 / fabian.hauser@qo.is + ]; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/mako.nix b/defaults/user-configuration/fhauser/applications/mako.nix new file mode 100644 index 0000000..9b10df3 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/mako.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.programs.mako = { + enable = true; + backgroundColor = "#CCCCCCCC"; # TODO: Make layout colors in a central place + borderSize = 0; + #borderColor = "#4C7899FF"; + defaultTimeout = 1500; + #ignoreTimeout = true; + #textColor = "#FFFFFFFF"; + #width = 300; + #height = 100; + #font = "monospace 10"; + }; # TODO +} diff --git a/defaults/user-configuration/fhauser/applications/psql.nix b/defaults/user-configuration/fhauser/applications/psql.nix new file mode 100644 index 0000000..866c32f --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/psql.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.home.file.".psqlrc".text = '' + \set QUIET 1 + + \pset linestyle unicode + \pset border 2 + + \set null [null] + \set COMP_KEYWORD_CASE upper + \set ON_ERROR_ROLLBACK interactive + \set PROMPT1 '%[%033[1m%]%M/%/%R%[%033[0m%]%# ' + \set PROMPT2 '''' + \set VERBOSITY verbose + \timing + \x auto + + \unset QUIET + \conninfo + ''; + +} diff --git a/defaults/user-configuration/fhauser/applications/redshift.nix b/defaults/user-configuration/fhauser/applications/redshift.nix new file mode 100644 index 0000000..fd833f2 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/redshift.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.services.redshift = { + enable = true; + package = pkgs.redshift-wlr; + brightness.night = "0.9"; + temperature.day = 6300; + temperature.night = 5500; + + latitude = "47.2"; + longitude = "8.8"; + tray = true; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/scripts.nix b/defaults/user-configuration/fhauser/applications/scripts.nix new file mode 100644 index 0000000..3e94af9 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/scripts.nix @@ -0,0 +1,52 @@ +{ pkgs, ... }: + +let + passbemenu = pkgs.writeScriptBin "passbemenu" '' + #!${pkgs.stdenv.shell} + shopt -s nullglob globstar + + typeit=0 + if [[ $1 == "--type" ]]; then + typeit=1 + shift + fi + + export BEMENU_BACKEND=wayland + + prefix=''${PASSWORD_STORE_DIR-~/.password-store} + password_files=( "$prefix"/**/*.gpg ) + password_files=( "''${password_files[@]#"$prefix"/}" ) + password_files=( "''${password_files[@]%.gpg}" ) + + password=$(printf '%s\n' "''${password_files[@]}" | \ + ${pkgs.bemenu}/bin/bemenu --list 20 --ignorecase --prompt 'Pass: ' "$@") + + [[ -n $password ]] || exit + + ${pkgs.pass-wayland}/bin/pass show -c "$password" 2>/dev/null + ''; + threema-vpn = pkgs.writeScriptBin "threema-vpn" '' + #!${pkgs.stdenv.shell} + set -eo pipefail + + SERVICE=openvpn-threema.service + + if [[ "$1" == "restart" ]]; then + ACTION=restart + elif [[ "$1" == "start" ]]; then + ACTION=start + elif [[ "$1" == "stop" ]]; then + ACTION=stop + elif [[ "$1" == "status" ]]; then + ACTION=status + elif [[ "$1" == "tail" ]]; then + sudo journalctl -f -u $SERVICE + exit 0 + else + echo "Usage: vpn (start|stop|restart|status|tail)" + exit 254 + fi + + sudo systemctl $ACTION $SERVICE + ''; +in { home-manager.users.fhauser.home.packages = [ passbemenu threema-vpn ]; } diff --git a/defaults/user-configuration/fhauser/applications/shell.nix b/defaults/user-configuration/fhauser/applications/shell.nix new file mode 100644 index 0000000..4664eb4 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/shell.nix @@ -0,0 +1,59 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.programs = { + bash = { + enable = true; + historyIgnore = [ "ls" "cd" "exit" "j" ]; + shellAliases = { + # Sane defaults + l = "ls -lah"; + cp = "cp --reflink=auto"; + pwgen = "pwgen -c -n -s -N 30"; + bc = "bc --mathlib"; + cal = "cal -m"; + curl = "curl -L"; + + # Git helpers + git-fetch-pr = + "git config --add remote.origin.fetch '+refs/pull/*/head:refs/remotes/origin/pr/*'"; + git-config-fetchall = '' + git config --add remote.origin.fetch "+refs/pull/*/head:refs/remotes/origin/pr/*"''; + + git-enable-signing = + "git config commit.gpgsign true && git config tag.gpgsign true"; + # Common Typos + gits = "git s"; + }; + initExtra = '' + function o(){ + xdg-open "$*" >/dev/null 2>&1 & + } + ''; + shellOptions = [ "autocd" "checkjobs" "dotglob" "globstar" "histappend" ]; + sessionVariables = { + #TODO: Some of these should be migrated to the according application. + GPG_TTY = "$(tty)"; + PGDATABASE = "postgres"; + }; + }; + + autojump = { + enable = true; + enableBashIntegration = true; + }; + powerline-go = { + enable = true; + settings = { + hostname-only-if-ssh = true; + numeric-exit-codes = true; + colorize-hostname = true; + cwd-max-depth = 4; + modules = "ssh,host,root,cwd,perms,dotenv,venv,node,git,jobs"; + }; + }; + direnv = { + enable = true; + enableBashIntegration = true; + enableNixDirenvIntegration = true; + }; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/ssh.nix b/defaults/user-configuration/fhauser/applications/ssh.nix new file mode 100644 index 0000000..59b1000 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/ssh.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, ... }: { + home-manager.users.fhauser.programs.ssh = let + forceIdentityThreema = { + identityFile = toString (pkgs.writeText "fabian.hauser@threema.ch.pub" '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7h492sXT7zdamf+nbOt+y6jiqxicOnm6+wiuEG1EvZ openpgp:0x18B553DD + ''); + identitiesOnly = true; + }; + forceIdentityPrivate = { + identityFile = toString (pkgs.writeText "fabian.hauser@qo.is.pub" '' + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000610954665 + ''); + identitiesOnly = true; + }; + in { + enable = true; + matchBlocks = { + "work.github.com" = forceIdentityThreema // { + hostname = "github.com"; + user = "git"; + }; + "github.com" = forceIdentityPrivate // { user = "git"; }; + }; + #TODO: Authorized keys implementation, see https://github.com/nix-community/home-manager/pull/9 + }; +} diff --git a/defaults/user-configuration/fhauser/applications/swaylock.nix b/defaults/user-configuration/fhauser/applications/swaylock.nix new file mode 100644 index 0000000..ede56d6 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/swaylock.nix @@ -0,0 +1,33 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.systemd.user.services.swayidle = let + lock = + "${pkgs.swaylock}/bin/swaylock --hide-keyboard-layout --ignore-empty-password --daemonize --show-failed-attempts --color=000000"; + logTimeCmd = "${pkgs.coreutils}/bin/date --rfc-3339=seconds >> ~/locklog"; + idleCmd = (action: + ''${pkgs.sway}/bin/swaymsg "output * dpms ${action}" && ${logTimeCmd}''); + timeout-screens-off = 600; + timeout-lock = 630; + timeout-suspend = 1800; + in { + Unit = { + Description = "Idle Manager for Wayland"; + Documentation = [ "man:swayidle(1)" ]; + PartOf = [ "graphical-session.target" ]; + }; + Service = { + Environment = "PATH=${pkgs.bash}/bin"; + ExecStart = '' + ${pkgs.swayidle}/bin/swayidle -w -d \ + timeout ${toString timeout-lock} '${lock}' \ + timeout ${toString timeout-screens-off} '${idleCmd "off"}' \ + resume '${idleCmd "on"}' \ + timeout ${ + toString timeout-suspend + } '${pkgs.systemd}/bin/systemctl suspend' \ + lock '${lock}' \ + before-sleep '${lock}'; + ''; # TODO: Make this configurable and add home-manager module. (Requires sway with systemd-target support) + }; + Install = { WantedBy = [ "sway-session.target" ]; }; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/vim.nix b/defaults/user-configuration/fhauser/applications/vim.nix new file mode 100644 index 0000000..7c135e8 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/vim.nix @@ -0,0 +1,54 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.programs.vim = { + enable = true; + extraConfig = '' + colorscheme elflord + set autoindent + set ruler + set pastetoggle= + set splitbelow + set splitright + + set tabstop=2 + set softtabstop=2 + + set listchars="eol:¬,tab:>·,trail:~,extends:>,precedes:<,space:␣" + set grepprg=ack\ -k + + set statusline+=%{SyntasticStatuslineFlag()} + set statusline+=%* + + let g:syntastic_always_populate_loc_list = 1 + let g:syntastic_auto_loc_list = 1 + let g:syntastic_check_on_open = 1 + let g:syntastic_check_on_wq = 0 + let g:syntastic_mode_map = { 'mode': 'passive', 'active_filetypes': [],'passive_filetypes': [] } + "nnoremap E :SyntasticCheck :SyntasticToggleMode + + " Rust + "let g:rustfmt_autosave = 1 + let g:racer_cmd="~/.cargo/bin/racer" + "let g:racer_experimental_completer = 1 + au FileType rust nmap gd (rust-def) + au FileType rust nmap gs (rust-def-split) + au FileType rust nmap gx (rust-def-vertical) + au FileType rust nmap gd (rust-doc) + + " Typescript + au BufRead,BufNewFile *.ts setfiletype typescript + + " Options + filetype plugin indent on + syntax on + ''; + plugins = with pkgs.vimPlugins; [ vim-sensible vim-airline ]; + settings = { + background = "dark"; + ignorecase = true; + mouse = "n"; + hidden = true; + expandtab = true; + }; + + }; +} diff --git a/defaults/user-configuration/fhauser/applications/waybar.nix b/defaults/user-configuration/fhauser/applications/waybar.nix new file mode 100644 index 0000000..2669acf --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/waybar.nix @@ -0,0 +1,382 @@ +{ pkgs, lib, config, ... }: { + home-manager.users.fhauser = { + xsession.preferStatusNotifierItems = true; + wayland.windowManager.sway.config.bars = [ ]; + + programs.waybar = { + enable = true; + settings = [{ + position = "top"; + #height = + modules-left = [ "sway/mode" "sway/workspaces" ]; + modules-center = [ "sway/window" ]; + modules-right = [ + "backlight" + "idle_inhibitor" + "bluetooth" + "cpu" + "temperature" + "memory" + "disk" + "network" + "pulseaudio" + #"custom/keyboard-layout" + "battery" + "tray" + "clock" + ]; + modules = { + backlight.format = " {percent}%"; + disk.format = " {percentage_used}%"; + clock.format = "{:%Y-%2m-%2d %H:%M}"; + "sway/workspaces" = { + disable-scroll-wraparound = true; + enable-bar-scroll = true; + numeric-first = true; + }; + + battery = { + interval = 10; + states = { + warning = 15; + critical = 10; + }; + format = " {capacity}% {time}"; # Icon: bolt + format-discharging = "{icon} {capacity}% {time}"; + format-time = "{H}:{M}"; + format-icons = [ + "" # Icon: battery-full + "" # Icon: battery-three-quarters + "" # Icon: battery-half + "" # Icon: battery-quarter + "" # Icon: battery-empty + ]; + tooltip = "true"; + }; + + cpu = { + interval = "5"; + format = " {usage}% ({load})"; # Icon: microchip + states = { + warning = "70"; + critical = "90"; + }; + }; + + #"custom/keyboard-layout" = { + # exec = pkgs.writeShellScript "keyboard-layout" "swaymsg -t get_inputs | grep -m1 'xkb_active_layout_name' | cut -d '\"' -f4"; + # # Interval set only as a fallback, as the value is updated by signal + # interval = "30"; + # format = " {}"; # Icon: keyboard + # # Signal sent by Sway key binding (~/.config/sway/key-bindings) + # signal = "1"; # SIGHUP + # tooltip = "false"; + #}; + + memory = { + interval = "5"; + format = " {}%"; # Icon: microchip + states = { + warning = "70"; + critical = "90"; + }; + }; + + network = { + interval = "5"; + format-wifi = " {essid} ({signalStrength}%)"; # Icon: wifi + format-ethernet = "🔗 {ifname}: {ipaddr}/{cidr}"; # Icon: ethernet + format-disconnected = "🔗"; + tooltip-format = "{ifname}: {ipaddr}"; + }; + + "sway/mode" = { + format = + '' {}''; # Icon: expand-arrows-alt + tooltip = "false"; + }; + + "sway/window" = { + format = "{}"; + max-length = "120"; + }; + + "sway/workspaces" = { + all-outputs = false; + disable-scroll = true; + format = "{icon}"; + format-icons = { + "10" = " 10"; + "11" = " 11"; + "12" = " 12"; + "13" = " 13"; + }; + }; + + pulseaudio = { + scroll-step = 3; + format = "{icon} {volume}%"; + format-bluetooth = "{icon} {volume}%"; + format-muted = "🔇"; + format-icons = { + headphones = ""; + handsfree = ""; + headset = ""; + phone = ""; + portable = ""; + car = ""; + default = [ "" "" "" ]; + }; + on-click = "pavucontrol"; + }; + + temperature = { + critical-threshold = 80; + interval = 5; + format = "{icon} {temperatureC}°C"; + format-icons = [ + "" # Icon: temperature-empty + "" # Icon: temperature-quarter + "" # Icon: temperature-half + "" # Icon: temperature-three-quarters + "" # Icon: temperature-full + ]; + tooltip = "true"; + hwmon-path = "/sys/class/hwmon/hwmon2/temp1_input"; + }; + + idle_inhibitor = { + format = "{icon}"; + format-icons = { + activated = ""; + deactivated = ""; + }; + }; + + tray = { + icon-size = "21"; + spacing = "10"; + }; + }; + }]; + + systemd.enable = true; + + style = '' + /* ============================================================================= + * + * Waybar configuration + * + * Configuration reference: https://github.com/Alexays/Waybar/wiki/Configuration + * + * =========================================================================== */ + + /* ----------------------------------------------------------------------------- + * Keyframes + * -------------------------------------------------------------------------- */ + + @keyframes blink-warning { + 70% { + color: white; + } + + to { + color: white; + background-color: orange; + } + } + + @keyframes blink-critical { + 70% { + color: white; + } + + to { + color: white; + background-color: red; + } + } + + + /* ----------------------------------------------------------------------------- + * Base styles + * -------------------------------------------------------------------------- */ + + /* Reset all styles */ + * { + border: none; + border-radius: 0; + min-height: 0; + margin: 0; + padding: 0; + } + + /* The whole bar */ + #waybar { + background: #323232; + color: white; + /*font-family: Cantarell, Noto Sans, sans-serif;*/ + font-size: 13px; + } + + /* Each module */ + #battery, + #clock, + #cpu, + #custom-keyboard-layout, + #memory, + #mode, + #network, + #pulseaudio, + #temperature, + #backlight, + #idle_inhibitor, + #tray { + margin-left: 5px; + margin-right: 5px; + padding-left: 5px; + padding-right: 5px; + /*border-right: solid 1px black;*/ + } + + #backlight { + margin-right: 0; + padding-right: 0; + } + + #idle_inhibiter { + margin-left: 0; + padding-left: 0; + } + + + /* ----------------------------------------------------------------------------- + * Module styles + * -------------------------------------------------------------------------- */ + + #battery { + animation-timing-function: linear; + animation-iteration-count: infinite; + animation-direction: alternate; + } + + #battery.warning { + color: orange; + } + + #battery.critical { + color: red; + } + + #battery.warning.discharging { + animation-name: blink-warning; + animation-duration: 4s; + } + + #battery.critical.discharging { + animation-name: blink-critical; + animation-duration: 3s; + } + + #clock { + font-weight: bold; + } + + #cpu { + /* No styles */ + } + + #cpu.warning { + color: orange; + } + + #cpu.critical { + color: red; + } + + #memory { + animation-timing-function: linear; + animation-iteration-count: infinite; + animation-direction: alternate; + } + + #memory.warning { + color: orange; + } + + #memory.critical { + color: red; + animation-name: blink-critical; + animation-duration: 2s; + } + + #mode { + background: #64727D; + border-top: 2px solid white; + /* To compensate for the top border and still have vertical centering */ + padding-bottom: 2px; + } + + #network { + /* No styles */ + } + + #network.disconnected { + color: orange; + } + + #pulseaudio { + /* No styles */ + } + + #pulseaudio.muted { + /* No styles */ + } + + #custom-spotify { + color: rgb(102, 220, 105); + } + + #temperature { + /* No styles */ + } + + #temperature.critical { + color: red; + } + + #tray { + /* No styles */ + } + + #window { + font-weight: bold; + } + + #workspaces button { + border-top: 2px solid transparent; + /* To compensate for the top border and still have vertical centering */ + padding-bottom: 2px; + padding-left: 10px; + padding-right: 10px; + color: #888888; + } + + #workspaces button.focused { + border-color: #4c7899; + color: white; + background-color: #285577; + } + + #workspaces button.urgent { + border-color: #c9545d; + color: #c9545d; + } + ''; + }; + systemd.user.services.waybar.Unit = { + Requisite = lib.mkForce [ ]; + After = lib.mkForce [ ]; + }; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/webapps.nix b/defaults/user-configuration/fhauser/applications/webapps.nix new file mode 100644 index 0000000..be5a2cf --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/webapps.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: + +let + web-app = name: url: + pkgs.writeScriptBin name '' + #!${pkgs.stdenv.shell} + exec ${pkgs.chromium}/bin/chromium --user-data-dir=$HOME/.config/chromium-app-${name} --app="${url}" + ''; + whatsapp = web-app "whatsapp" "https://web.whatsapp.com/"; + threema = web-app "threema" "https://web-beta.threema.ch/"; + threema-work = web-app "threema-work" "https://web-beta.threema.ch/"; + threema-red = web-app "threema-red" "https://web-work-staging.threema.ch/"; + threema-tickets = web-app "threema-tickets" "https://ticket.threema.ch/scp/"; + netflix = web-app "netflix" "https://netflix.com/"; + disneyplus = web-app "disneyplus" "https://disneyplus.com/"; +in { + home-manager.users.fhauser.home.packages = [ + whatsapp + netflix + disneyplus + threema + threema-work + threema-red + threema-tickets + ]; +} diff --git a/defaults/user-configuration/fhauser/default.nix b/defaults/user-configuration/fhauser/default.nix new file mode 100644 index 0000000..c76f103 --- /dev/null +++ b/defaults/user-configuration/fhauser/default.nix @@ -0,0 +1,11 @@ +{ config, pkgs, lib, ... }: { + imports = [ + ./sway.nix + ./multimedia.nix + ./security.nix + ./applications + ./work + ./i3.nix + ]; + home-manager.users.fhauser.home.stateVersion = config.system.stateVersion; +} diff --git a/defaults/user-configuration/fhauser/i3.nix b/defaults/user-configuration/fhauser/i3.nix new file mode 100644 index 0000000..5c9fbf4 --- /dev/null +++ b/defaults/user-configuration/fhauser/i3.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, config, ... }: { + + home-manager.users.fhauser = let + adhereTheSwayTarget = { + Install.WantedBy = lib.mkForce [ "sway-session.target" ]; + Unit.PartOf = lib.mkForce [ "sway-session.target" ]; + }; + in rec { + programs.i3status = { + enable = true; + enableDefault = true; + }; + xsession.windowManager.i3 = { + enable = true; + + }; + }; +} diff --git a/defaults/user-configuration/fhauser/multimedia.nix b/defaults/user-configuration/fhauser/multimedia.nix new file mode 100644 index 0000000..8e14746 --- /dev/null +++ b/defaults/user-configuration/fhauser/multimedia.nix @@ -0,0 +1,51 @@ +{ config, pkgs, lib, ... }: + +{ + home-manager.users.fhauser.home.packages = with pkgs; + [ vlc v4l-utils calibre blender openshot-qt playerctl youtube-dl ] + ++ [ # Audio + audacity + enblend-enfuse + ffmpeg + mplayer + sox # TODO: mencoder? + vorbis-tools + vorbisgain + opusTools + flac + lame + id3lib + id3v2 # TODO: icedax? + pasystray + pavucontrol + spotify + ] ++ [ # Imaging + gimp + hugin + lensfun + luminanceHDR + darktable + geeqie + gphoto2 + # ImageMagick-perl perl-File-Type perl-Term-ProgressBar #TODO: Support libraries for scripts + inkscape + ghostscript + stellarium + #unity3d + ] ++ [ # Codecs for Audio and Video + vobcopy + libdv + libdvbpsi # TODO: librtmp? + xvidcore + x264 + gst_all_1.gstreamer + gst_all_1.gst-vaapi + gst_all_1.gst-rtsp-server + gst_all_1.gst-libav + gst_all_1.gst-plugins-base + gst_all_1.gst-plugins-bad + gst_all_1.gst-plugins-good + gst_all_1.gst-plugins-ugly + ]; + +} diff --git a/defaults/user-configuration/fhauser/security.nix b/defaults/user-configuration/fhauser/security.nix new file mode 100644 index 0000000..151b9ed --- /dev/null +++ b/defaults/user-configuration/fhauser/security.nix @@ -0,0 +1,5 @@ +{ config, pkgs, lib, ... }: + +{ + services.pcscd.enable = true; +} diff --git a/defaults/user-configuration/fhauser/sway.nix b/defaults/user-configuration/fhauser/sway.nix new file mode 100644 index 0000000..9404ec7 --- /dev/null +++ b/defaults/user-configuration/fhauser/sway.nix @@ -0,0 +1,261 @@ +{ pkgs, lib, config, ... }: { + + # environment.systemPackages = with pkgs; [ polkit_gnome ]; #TODO: Needed? + programs.sway.enable = true; + services.gnome3.gnome-remote-desktop.enable = true; + environment.systemPackages = with pkgs; [ pipewire_0_2 ]; + home-manager.users.fhauser = let + adhereTheSwayTarget = { + Install.WantedBy = lib.mkForce [ "sway-session.target" ]; + Unit.PartOf = lib.mkForce [ "sway-session.target" ]; + }; + bemenuLauncher = pkgs.writeScriptBin "bemenuLauncher" '' + #!${pkgs.stdenv.shell} + active_screen=$(swaymsg -r -t get_outputs | \ + ${pkgs.jq}/bin/jq '. [] | select (.focused == true) | .name | split ("-") | last') + ${pkgs.dmenu}/bin/dmenu_path | \ + ${pkgs.bemenu}/bin/bemenu -m $active_screen --list 20 --ignorecase --prompt 'Start: ' | \ + xargs swaymsg exec -- + ''; + in rec { + home.packages = with pkgs; [ + sway-contrib.grimshot + wl-clipboard + libappindicator + gnome3.defaultIconTheme + gnome2.gnome-icon-theme + hicolor-icon-theme # TODO: Move these requirements? + ]; + + xsession.preferStatusNotifierItems = true; + + wayland.windowManager.sway = { + enable = true; + systemdIntegration = true; + xwayland = true; + wrapperFeatures = { gtk = true; }; + extraSessionCommands = '' + export XDG_CURRENT_DESKTOP=Unity + export _JAVA_AWT_WM_NONREPARENTING=1 + export SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh # TODO: Migrate + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + # TODO: QTpie + export WLR_DRM_NO_MODIFIERS=1; + ''; + config = { + input = { + "type:keyboard" = { + xkb_layout = "ch,de"; + xkb_options = "eurosign:e"; + }; + "*" = { xkb_numlock = "enable"; }; + }; + terminal = "${pkgs.alacritty}/bin/alacritty"; + menu = "${bemenuLauncher}/bin/bemenuLauncher"; + gaps.inner = 8; + modifier = "Mod4"; + window.border = 0; + #colors.focused.border = "#323232"; + + #TODO: Workspace Programm assignment: Not working properly + assigns = { + "10" = [{ app_id = "^firefox$"; }]; + "11" = [{ app_id = "^(claws-mail|thunderbird|evolution)$"; }]; + "12" = [{ + class = "^Chromium-browser$"; + instance = "^web.threema.ch"; + }]; + "13" = [{ class = "^Spotify$"; }]; + }; + + keybindings = let mod = wayland.windowManager.sway.config.modifier; + in lib.mkOptionDefault { + "${mod}+p" = "exec passbemenu"; + "${mod}+x" = "move workspace to output right"; + "${mod}+y" = "move workspace to output left"; + + "${mod}+section" = "workspace 0"; + "${mod}+0" = "workspace 10"; + "${mod}+apostrophe" = "workspace 11"; + "${mod}+dead_circumflex" = "workspace 12"; + "${mod}+dead_diaeresis" = "workspace 13"; + "${mod}+dollar" = "workspace 14"; + + "${mod}+Shift+section" = "move container to workspace 0"; + "${mod}+Shift+0" = "move container to workspace 10"; + "${mod}+Shift+apostrophe" = "move container to workspace 11"; + "${mod}+Shift+dead_circumflex" = "move container to workspace 12"; + "${mod}+Shift+dead_diaeresis" = "move container to workspace 13"; + "${mod}+Shift+dollar" = "move container to workspace 14"; + + "Ctrl+mod1+l" = "exec ${pkgs.systemd}/bin/loginctl lock-session"; + "Ctrl+mod1+Shift+L" = "exec ${pkgs.systemd}/bin/systemctl suspend"; + + # pulse audio volume control + XF86AudioLowerVolume = + "exec pactl set-sink-volume '@DEFAULT_SINK@' '-3%'"; + XF86AudioRaiseVolume = + "exec pactl set-sink-volume '@DEFAULT_SINK@' '+3%'"; + XF86AudioMute = "exec pactl set-sink-mute '@DEFAULT_SINK@' 'toggle'"; + XF86AudioMicMute = + "exec pactl set-source-mute '@DEFAULT_SOURCE@' 'toggle'"; + + # Spotify control + XF86AudioPause = "exec playerctl play-pause"; + XF86AudioPlay = "exec playerctl play-pause"; + XF86AudioNext = "exec playerctl next"; + XF86AudioPrev = "exec playerctl previous"; + + # screen brightness + XF86MonBrightnessUp = "exec light -A 10"; + XF86MonBrightnessDown = "exec light -U 5"; + + # screenshot + Print = "exec ${pkgs.sway-contrib.grimshot}/bin/grimshot copy area"; + }; + }; + extraConfig = '' + # Disable the laptop screen when the lid is closed. + bindswitch --reload lid:on output eDP-1 disable + bindswitch --reload lid:off output eDP-1 enable + ''; + }; + + services.kanshi = { + enable = true; + profiles = let + backgroundPicturePath = "~/pictures/backgrounds"; + mkScreen = (screen: { + criteria = screen; + status = "enable"; + scale = 1.0; + }); + in rec { + #mobile.exec = '' + # swaymsg "output * bg `find ${backgroundPicturePath} -type f | shuf -n 1` fill"''; + mobile.outputs = [ + (mkScreen "Unknown 0x08CE 0x00000000" // { + position = "0,0"; + scale = 2.0; + }) + ]; + #home-dock.exec = mobile.exec; + home-dock.outputs = [ + (mkScreen "Unknown 0x08CE 0x00000000" // { + status = "enable"; + scale = 2.0; + position = "0,0"; + }) + (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { + position = "1920,0"; + scale = 1.0; + status = "enable"; + }) + #(mkScreen "Dell Inc. DELL P2720DC 6JRRK53" // { + # position = "2560,0"; + # #position = "4480,0"; + # scale = 1.0; + # status = "enable"; + #}) + ]; + #chur-dock.outputs = [ + # (mkScreen "Unknown 0x08CE 0x00000000" // { + # position = "0,0"; + # scale = 2.0; + # }) + # (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { + # position = "1920,0"; + # }) + #]; + #office-dock.exec = mobile.exec; + office-dock.outputs = [ + (mkScreen "Unknown 0x08CE 0x00000000" // { + position = "0,0"; + scale = 2.0; + }) + (mkScreen "Dell Inc. DELL P2720DC BRKPK53" // { + position = "1920,0"; + }) + (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { + position = "4480,0"; + }) + ]; + }; + }; + # TODO: Move these services elsewhere + services.network-manager-applet.enable = true; + systemd.user.services.network-manager-applet = adhereTheSwayTarget; + services.nextcloud-client.enable = true; + systemd.user.services.nextcloud-client = adhereTheSwayTarget // { + Service.ExecStart = + lib.mkForce "${pkgs.nextcloud-client}/bin/nextcloud --background"; + Unit.After = [ "waybar.service" ]; # For trayicon to work + }; # TODO: Test and upstream + services.owncloud-client.enable = true; + systemd.user.services.owncloud-client = adhereTheSwayTarget // { + Unit.After = [ "waybar.service" ]; # For trayicon to work + }; + services.pasystray.enable = true; + systemd.user.services.pasystray = adhereTheSwayTarget; + + gtk = { + iconTheme = { + # package = pkgs.gnome-icon-theme; + # name = "gnome"; + package = pkgs.hicolor_icon_theme; + name = "hicolor"; + }; + gtk3.extraConfig.gtk-menu-images = true; + }; + + dconf.settings = { "org/gnome/desktop/interface".menus-have-icons = true; }; + + xdg.mimeApps = { + enable = true; + defaultApplications = let + browser = [ "firefox.desktop" ]; + email = [ "org.gnome.Evolution.desktop" ]; + doc-editor = [ "writer.desktop" ]; + sheet-editor = [ "calc.desktop" ]; + presentation-editor = [ "impress.desktop" ]; + pdf = [ "org.gnome.Evince.desktop " ]; + image = [ "geeqie.desktop" ]; + image-vector = [ "org.inkscape.Inkscape.desktop" ]; + ebooks = [ "calibre-ebook-viewer.desktop" ]; + code-general = [ "codium.desktop" ]; + video = [ "vlc.desktop" ]; + in { + "text/html" = browser; + "x-scheme-handler/http" = browser; + "x-scheme-handler/https" = browser; + "x-scheme-handler/mailto" = email; + "x-scheme-handler/msteams" = [ "teams.desktop" ]; + + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + doc-editor; + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + sheet-editor; + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + presentation-editor; + "application/vnd.oasis.opendocument.presentation" = presentation-editor; + "application/pdf" = pdf; + "application/epub+zip" = ebooks; + + "text/plain" = code-general; + "application/json" = code-general; + "text/markdown" = code-general; + + "image/png" = image; + "image/jpg" = image; + "image/jpeg" = image; + "image/x-tga" = image; + "image/tiff" = image; + "image/x-canon-cr2" = image; + "image/svg+xml" = image-vector; + + "video/mp4" = video; + }; + }; + }; +} diff --git a/defaults/user-configuration/fhauser/work/android-studio.nix b/defaults/user-configuration/fhauser/work/android-studio.nix new file mode 100644 index 0000000..472af5f --- /dev/null +++ b/defaults/user-configuration/fhauser/work/android-studio.nix @@ -0,0 +1,4 @@ +{ pkgs, ... }: { + programs.adb.enable = true; + users.users.fhauser.extraGroups = [ "adbusers" ]; +} diff --git a/defaults/user-configuration/fhauser/work/default.nix b/defaults/user-configuration/fhauser/work/default.nix new file mode 100644 index 0000000..96043b9 --- /dev/null +++ b/defaults/user-configuration/fhauser/work/default.nix @@ -0,0 +1,6 @@ +{ config, pkgs, lib, ... }: + +{ + + imports = [ ./android-studio.nix ./openvpn.nix ]; +} diff --git a/defaults/user-configuration/fhauser/work/openvpn.nix b/defaults/user-configuration/fhauser/work/openvpn.nix new file mode 100644 index 0000000..65538c6 --- /dev/null +++ b/defaults/user-configuration/fhauser/work/openvpn.nix @@ -0,0 +1,73 @@ +{ pkgs, lib, ... }: { + services.openvpn.servers.threema = let + cafile = pkgs.writeTextFile { + name = "threema-vpn-ca.crt"; + text = '' + -----BEGIN CERTIFICATE----- + MIIDMjCCAhqgAwIBAgIJANmI9BYPseTxMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV + BAMMCk9wZW5WUE4gQ0EwHhcNMTkwNTE1MTQzOTM0WhcNMjkwNTEyMTQzOTM0WjAV + MRMwEQYDVQQDDApPcGVuVlBOIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEA7NaiObgz2L5wmGIgOWUe1n6Q1g6Y5CYsrMQI8yhIDqKSx0fTL9eT2hvn + zThnltxKJRVTn0qGPf/7QF6WzjIXfKSJH5Cb+OKgYmqfRI2TW+ncqyJCaa3Fl9lI + VgU4knro6Cp9dhNhrNmRoRFvZ/17noB4+WPds7EgRObDi2ERuwAbONgz56J2Rea6 + RHVL6HMFY7v8Zp8B/MnzSba/OSJC7RXCuCs6qNOgJOoHnp5PnsB3V40mszy4h/0Q + jVbBdZ3K4rEjNiawhCOetXhgHSaVGH4MP5oWrAN4UiI+IIfz6Ywz5mc7F6yBZa/e + aCG+r2bMUIepVPE25AUfuZ6O8+0+iwIDAQABo4GEMIGBMB0GA1UdDgQWBBQDHenu + 05GGgcztJ1FCUWQlbYxGLjBFBgNVHSMEPjA8gBQDHenu05GGgcztJ1FCUWQlbYxG + LqEZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANmI9BYPseTxMAwGA1UdEwQF + MAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQDTQtMeER20/3r/ + Zn+IRpIEJh/ITxEE6kKCKo59wwVEFA0Ba+7d+BslFTCPhADM2p0AzPt5OSEo0A2N + nWGL3hhBPcnrBTFUma58gGz++v5Oy8GpfaCoXjCqfANjAbApY0JCCSWb1BJWkhXt + vDMlVXv6UzfF4HCeEQCof4QcW8ca4csrOceW76S7Cc3Or4iyTXKQrZ5PKy081CfV + sTLgGMQX4kZT9MBg13wDj0WkdJaWxQ2C73/me/YypcctN7t1wy7pUx33rEE1xh/o + 9fsKcFs0qqYKRUY8AnghhuimBrkHoqUcdrG/6WO7+hbipxIDStm4Qbnptde3fhJT + rGUhGexA + -----END CERTIFICATE----- + ''; + }; + in { + autoStart = false; + config = '' + remote vpn.threema.ch 38417 tcp-client + + nobind + dev tun + persist-tun + persist-key + pull + auth-user-pass + tls-client + ca ${cafile} + remote-cert-tls server + + route 10.83.0.0 255.255.0.0 default default + route 10.90.0.0 255.255.0.0 default default + #route 5.148.175.192 255.255.255.224 default default + #route 5.148.189.192 255.255.255.224 default default + route 192.168.11.0 255.255.255.0 default default + route 192.168.13.0 255.255.255.0 default default + route 136.243.104.147 255.255.255.255 default default + route 193.70.13.37 255.255.255.255 default default + route 95.211.228.137 255.255.255.255 default default + route 5.148.189.112 255.255.255.240 default default + route 185.88.236.64 255.255.255.192 default default + route 212.103.68.0 255.255.255.192 default default + route 185.88.236.98 255.255.255.255 net_gateway default + route 5.148.189.116 255.255.255.255 net_gateway default + + dhcp-option DNS 185.88.236.100 + dhcp-option DNS 212.103.68.20 + + reneg-bytes 0 + auth-nocache + tls-cipher DEFAULT + cipher AES-128-CBC + #data-ciphers AES-128-CBC # TODO: Enable with openvpn 2.5 + reneg-sec 0 + remap-usr1 SIGTERM + ''; + updateResolvConf = true; + }; + + systemd.services.openvpn-threema.serviceConfig.Restart = lib.mkForce "no"; +} diff --git a/hardware/thinkpad-p14s.nix b/hardware/thinkpad-p14s.nix new file mode 100644 index 0000000..90eda6c --- /dev/null +++ b/hardware/thinkpad-p14s.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, modulesPath, ... }: { + + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + + + + + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "usbhid" + "sd_mod" + "rtsx_pci_sdmmc" + ]; + boot.kernelModules = [ "kvm-intel" ]; + + # Ignore Alcor smartcard (gpg is not very smart) + # See https://ludovicrousseau.blogspot.com/2015/12/remove-andor-customize-pcsc-reader-names.html + systemd.services.pcscd.environment.PCSCLITE_FILTER_IGNORE_READER_NAMES = + "Alcor"; + + hardware.video.hidpi.enable = true; + + # CPU Configuration + hardware.cpu.intel.updateMicrocode = true; + services.throttled.enable = true; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; +} diff --git a/host/hummelberg-new/default.nix b/host/hummelberg-new/default.nix new file mode 100644 index 0000000..fd19914 --- /dev/null +++ b/host/hummelberg-new/default.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: { + + imports = [ + ./filesystems.nix + ./networking.nix + #./printing.nix + #./backup.nix #TODO: Extract applications from desktop role + + ../../hardware/thinkpad-p14s.nix + + ../../defaults/base + ../../defaults/cifs-auth-fix + ../../defaults/desktop + #../../defaults/games + ../../defaults/user-configuration + ../../defaults/user-configuration/fhauser + #../../defaults/printing + ]; + + #TODO: Clean up next section + services.xserver.dpi = 180; + + virtualisation = { # TODO: This should probably be somewhere else. + docker = { + enable = true; + enableOnBoot = false; + }; + libvirtd.enable = true; + }; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # This value determines the NixOS release from which the default + # settings for stateful data, like fi:le locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.09"; # Did you read the comment? + +} diff --git a/host/hummelberg-new/filesystems.nix b/host/hummelberg-new/filesystems.nix new file mode 100644 index 0000000..d07f1c7 --- /dev/null +++ b/host/hummelberg-new/filesystems.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: { + boot.initrd.luks.devices = { + "root".device = "/dev/disk/by-uuid/fae1b81e-894c-47b4-92e5-0a817fd6f66f"; + "swap".device = "/dev/disk/by-uuid/dc1fe9ff-7eb7-40c3-8fbd-d99398e5e5d6"; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = [ "subvol=nixos" ]; + }; + "/home" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/1FB9-3DB0"; + fsType = "vfat"; + }; + }; + + swapDevices = [{ device = "/dev/mapper/swap"; }]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + +} diff --git a/host/hummelberg-new/networking.nix b/host/hummelberg-new/networking.nix new file mode 100644 index 0000000..fb1edb0 --- /dev/null +++ b/host/hummelberg-new/networking.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: + +{ + + networking = { + networkmanager.enable = true; + useDHCP = false; + #wireless.enable = true; # Enables wireless support via wpa_supplicant. + hostName = "hummelberg-new"; + }; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + #networking.wireguard.enable = true; + #networking.wireguard.interfaces = let + # meta = import ../../meta; + # vnetworks = meta.network.virtual; + # vnetworkName = "mgmt"; + #in { + # "wg-${vnetworkName}" = + # pkgs.lib.qois.wireguard.makeInterface config.networking.hostName + # vnetworkName vnetworks.${vnetworkName}; + #}; +} diff --git a/host/hummelberg-new/printing.nix b/host/hummelberg-new/printing.nix new file mode 100644 index 0000000..bb07603 --- /dev/null +++ b/host/hummelberg-new/printing.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + hardware.printers.ensureDefaultPrinter = "hsr-mfp-8261"; + hardware.printers.ensurePrinters = [{ + name = "hsr-mfp-8261"; + deviceUri = "smb://hsr.ch/printsrv-d.hsr.ch/d8261-a4mfp"; + location = "HSR 8.261"; + model = "HP/hp-color_laserjet_mfp_m577-ps.ppd.gz"; + ppdOptions = { + Duplex = "DuplexNoTumble"; + PageSize = "A4"; + auth-info-required = "username,password"; + }; + }]; +}