From dd204c8ba68747e552b2d705dab935f79b76bce2 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sat, 10 Apr 2021 17:04:43 +0200 Subject: [PATCH 01/12] Remove das-g user --- meta/users.nix | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/meta/users.nix b/meta/users.nix index 2ab2e9c..8c7f8aa 100644 --- a/meta/users.nix +++ b/meta/users.nix @@ -1,7 +1,8 @@ { groups = { fhauser.gid = 1000; - das-g.gid = 1001; + #TODO + #das-g.gid = 1001; empty0.gid = 1003; }; @@ -19,18 +20,19 @@ ]; }; - das-g = { - uid = 1001; - isNormalUser = true; - description = "Raphael Das Gupta"; - group = "das-g"; - extraGroups = [ "wheel" ]; - hashedPassword = - "$6$rounds=37000$omA92cfwup$Ri9FXHbeOUIIDKf83D6UNa5NWGac.G9A3voJmrivwkVtaDGVMGLIa5qdgkaDeCKoMkl8YRjJ7smEyrMwTnuRD0"; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRWDaUzbDyCNee/K8iCcXtoLrR0fZoGpXAV4f/CjB8kKb42lWKWXc67Juy0RnRVCZQc21ooApuQPJZ08Cawj9Okgz0j3vYdMnDBY1Ox9Ik12hzbpdLDHhOrIj3BOJuAKfFy5OM9Z2ZLwdvjXFk+1RQK1Qadd3PwtGjxLAgp5eBHj8TgUP8DXKGQQElphjfVLua4ufqoTldT1mrmDn/+GDgNY5HUTQb+YZ6AwjcemG+eAdG30Al1JRkOogke83hIXBVNCD9ObPtRv/KiAZv3TV8bgP2mzeeG2aDDb9qz8HXKvBlbN2ouz0cWTA5D5+Ua+wkOggEfhfPKBauF9sbQ8bRuknWm8VnuVXkikzdYZVGKdzvoHRdOfoTCL4JHzpGW6H3jVqdQuGTv5r28y/jxbDY95w6KmxLS+2u8SHVBh6hVAxf5i3P8aIHkOTEN//SyS/fa1uXHSQt0sVya2+4pTsCQfwWjE3TrQg6W6bmguVMjaICze5wWwckap+57jKbK9sPCuLFfYPwOvQ3nfb6wwNBhvNxmD9xGfk8/UzXsoq6OgPvF7GE5UWA04GHCnF4H0tEAQBK0vsjKxqC2lM8nK9msbqkSxadIFYqiG1+DAZyju3uZgkkInev8dh02yNsVJKYoCm60PWaMTLeVsrYZuvNDWXsXm7+nD02wWI0lxnkVw== das-g@x1carbon" - ]; - }; + #TODO + #das-g = { + # uid = 1001; + # isNormalUser = true; + # description = "Raphael Das Gupta"; + # group = "das-g"; + # extraGroups = [ "wheel" ]; + # hashedPassword = + # "$6$rounds=37000$omA92cfwup$Ri9FXHbeOUIIDKf83D6UNa5NWGac.G9A3voJmrivwkVtaDGVMGLIa5qdgkaDeCKoMkl8YRjJ7smEyrMwTnuRD0"; + # openssh.authorizedKeys.keys = [ + # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRWDaUzbDyCNee/K8iCcXtoLrR0fZoGpXAV4f/CjB8kKb42lWKWXc67Juy0RnRVCZQc21ooApuQPJZ08Cawj9Okgz0j3vYdMnDBY1Ox9Ik12hzbpdLDHhOrIj3BOJuAKfFy5OM9Z2ZLwdvjXFk+1RQK1Qadd3PwtGjxLAgp5eBHj8TgUP8DXKGQQElphjfVLua4ufqoTldT1mrmDn/+GDgNY5HUTQb+YZ6AwjcemG+eAdG30Al1JRkOogke83hIXBVNCD9ObPtRv/KiAZv3TV8bgP2mzeeG2aDDb9qz8HXKvBlbN2ouz0cWTA5D5+Ua+wkOggEfhfPKBauF9sbQ8bRuknWm8VnuVXkikzdYZVGKdzvoHRdOfoTCL4JHzpGW6H3jVqdQuGTv5r28y/jxbDY95w6KmxLS+2u8SHVBh6hVAxf5i3P8aIHkOTEN//SyS/fa1uXHSQt0sVya2+4pTsCQfwWjE3TrQg6W6bmguVMjaICze5wWwckap+57jKbK9sPCuLFfYPwOvQ3nfb6wwNBhvNxmD9xGfk8/UzXsoq6OgPvF7GE5UWA04GHCnF4H0tEAQBK0vsjKxqC2lM8nK9msbqkSxadIFYqiG1+DAZyju3uZgkkInev8dh02yNsVJKYoCm60PWaMTLeVsrYZuvNDWXsXm7+nD02wWI0lxnkVw== das-g@x1carbon" + # ]; + #}; empty0 = { uid = 1003; From 51f5e7eab92929e7c25e82ee90897252bca62986 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sat, 10 Apr 2021 17:05:55 +0200 Subject: [PATCH 02/12] Add current hummelberg-new state --- defaults/user-configuration/default.nix | 10 + .../fhauser/applications/alacritty.nix | 6 + .../fhauser/applications/android-studio.nix | 7 + .../fhauser/applications/default.nix | 76 ++++ .../fhauser/applications/firefox.nix | 9 + .../fhauser/applications/git.nix | 85 ++++ .../fhauser/applications/gpg.nix | 37 ++ .../fhauser/applications/mako.nix | 14 + .../fhauser/applications/psql.nix | 21 + .../fhauser/applications/redshift.nix | 13 + .../fhauser/applications/scripts.nix | 52 +++ .../fhauser/applications/shell.nix | 59 +++ .../fhauser/applications/ssh.nix | 26 ++ .../fhauser/applications/swaylock.nix | 33 ++ .../fhauser/applications/vim.nix | 54 +++ .../fhauser/applications/waybar.nix | 382 ++++++++++++++++++ .../fhauser/applications/webapps.nix | 26 ++ .../user-configuration/fhauser/default.nix | 11 + defaults/user-configuration/fhauser/i3.nix | 18 + .../user-configuration/fhauser/multimedia.nix | 51 +++ .../user-configuration/fhauser/security.nix | 5 + defaults/user-configuration/fhauser/sway.nix | 261 ++++++++++++ .../fhauser/work/android-studio.nix | 4 + .../fhauser/work/default.nix | 6 + .../fhauser/work/openvpn.nix | 73 ++++ hardware/thinkpad-p14s.nix | 33 ++ host/hummelberg-new/default.nix | 42 ++ host/hummelberg-new/filesystems.nix | 30 ++ host/hummelberg-new/networking.nix | 26 ++ host/hummelberg-new/printing.nix | 16 + 30 files changed, 1486 insertions(+) create mode 100644 defaults/user-configuration/default.nix create mode 100644 defaults/user-configuration/fhauser/applications/alacritty.nix create mode 100644 defaults/user-configuration/fhauser/applications/android-studio.nix create mode 100644 defaults/user-configuration/fhauser/applications/default.nix create mode 100644 defaults/user-configuration/fhauser/applications/firefox.nix create mode 100644 defaults/user-configuration/fhauser/applications/git.nix create mode 100644 defaults/user-configuration/fhauser/applications/gpg.nix create mode 100644 defaults/user-configuration/fhauser/applications/mako.nix create mode 100644 defaults/user-configuration/fhauser/applications/psql.nix create mode 100644 defaults/user-configuration/fhauser/applications/redshift.nix create mode 100644 defaults/user-configuration/fhauser/applications/scripts.nix create mode 100644 defaults/user-configuration/fhauser/applications/shell.nix create mode 100644 defaults/user-configuration/fhauser/applications/ssh.nix create mode 100644 defaults/user-configuration/fhauser/applications/swaylock.nix create mode 100644 defaults/user-configuration/fhauser/applications/vim.nix create mode 100644 defaults/user-configuration/fhauser/applications/waybar.nix create mode 100644 defaults/user-configuration/fhauser/applications/webapps.nix create mode 100644 defaults/user-configuration/fhauser/default.nix create mode 100644 defaults/user-configuration/fhauser/i3.nix create mode 100644 defaults/user-configuration/fhauser/multimedia.nix create mode 100644 defaults/user-configuration/fhauser/security.nix create mode 100644 defaults/user-configuration/fhauser/sway.nix create mode 100644 defaults/user-configuration/fhauser/work/android-studio.nix create mode 100644 defaults/user-configuration/fhauser/work/default.nix create mode 100644 defaults/user-configuration/fhauser/work/openvpn.nix create mode 100644 hardware/thinkpad-p14s.nix create mode 100644 host/hummelberg-new/default.nix create mode 100644 host/hummelberg-new/filesystems.nix create mode 100644 host/hummelberg-new/networking.nix create mode 100644 host/hummelberg-new/printing.nix diff --git a/defaults/user-configuration/default.nix b/defaults/user-configuration/default.nix new file mode 100644 index 0000000..eedbfe6 --- /dev/null +++ b/defaults/user-configuration/default.nix @@ -0,0 +1,10 @@ +{ config, pkgs, lib, ... }: { + + imports = [ ]; + + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + }; + +} diff --git a/defaults/user-configuration/fhauser/applications/alacritty.nix b/defaults/user-configuration/fhauser/applications/alacritty.nix new file mode 100644 index 0000000..76b0257 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/alacritty.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.programs.alacritty = { + enable = true; + settings."background_opacity" = 0.95; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/android-studio.nix b/defaults/user-configuration/fhauser/applications/android-studio.nix new file mode 100644 index 0000000..d1d1aa4 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/android-studio.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + #home-manager.users.fhauser = { + # home.packages = with pkgs; [ androidStudioPackages.beta ]; + # pam.sessionVariables.STUDIO_JDK = "${pkgs.jdk14}/lib/openjdk"; + #}; # TODO: This was extracted into a shell.nix +} diff --git a/defaults/user-configuration/fhauser/applications/default.nix b/defaults/user-configuration/fhauser/applications/default.nix new file mode 100644 index 0000000..556263b --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/default.nix @@ -0,0 +1,76 @@ +{ config, pkgs, lib, ... }: + +{ + + imports = [ + ./firefox.nix + ./gpg.nix + ./ssh.nix + ./scripts.nix + ./webapps.nix + ./vim.nix + ./git.nix + ./waybar.nix + ./psql.nix + ./android-studio.nix + ./mako.nix + ./redshift.nix + ./alacritty.nix + ./shell.nix + ./swaylock.nix + ]; + home-manager.users.fhauser.home.packages = with pkgs; + [ # Networking + unison + transmission # GUI Tools, maybe extract... + ] ++ [ # Desktop Environment Applications + google-chrome + chromium + #midori # TODO: Currently unused + #qutebrowser # TODO: Currently unused + gnome3.evolution # TODO: Suport for plugins with 21.05 + #evolution-ews + synergy + #quicksynergy # Currently unused + nextcloud-client + owncloud-client + ] ++ [ # office # TODO: Migrate to office.nix + # TODO: Build fails! + libreoffice-fresh # TODO: Dictionaries, nixos/nixpkgs#14430 + # pdfgrep + # pdftk + # calibre + tectonic + # texstudio + # pandoc + # system-config-printer + # cups-pk-helper + # cups-bjnp + # gutenprint + # gutenprintBin + # hplipWithPlugin + simple-scan + gnome3.gnome-online-accounts + gnome3.gnome-control-center + ] ++ [ # Communication + signal-desktop + tdesktop + discord + mattermost-desktop + # pidgin pidgin-otr pidgin-with-plugins #TODO: Pidgin needed? + #TODO: ekiga? + skype + slack + teams + jitsi-meet-electron + teamviewer + rdesktop + vmware-horizon-client + ] ++ [ # Development + vscodium + gitlab-runner + docker-compose + vagrant + virt-manager + ]; +} diff --git a/defaults/user-configuration/fhauser/applications/firefox.nix b/defaults/user-configuration/fhauser/applications/firefox.nix new file mode 100644 index 0000000..7176c5a --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/firefox.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: { + home-manager.users.fhauser = { + programs.firefox = { + enable = true; + package = pkgs.firefox-wayland; + }; + home.sessionVariables.MOZ_ENABLE_WAYLAND = "true"; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/git.nix b/defaults/user-configuration/fhauser/applications/git.nix new file mode 100644 index 0000000..95b1c74 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/git.nix @@ -0,0 +1,85 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.programs.git = { + enable = true; + package = pkgs.gitAndTools.gitFull; + aliases = { + s = "status --short --branch"; + a = "add --patch"; + c = "commit --message"; + l = + "log --color --graph --pretty=format:'%Cred%h%Creset - %C(bold)%s%Creset%C(yellow)%d%Creset %C(green)%an%Creset %C(cyan)%cr%Creset (S: %G?)' --abbrev-commit"; + d = "diff"; + + fup = "commit --fixup"; + fuprebase = "rebase --interactive --autosquash"; + + ignore = "update-index --skip-worktree"; + unignore = "update-index --no-skip-worktree"; + ignored = ''!git ls-files -v | grep "^S"''; + }; + #delta = { + # enable = true; + # options = { + # side-by-side = "true"; + + # line-numbers = "true"; + # line-numbers-minus-style = "#444444"; + # line-numbers-zero-style = "#444444"; + # line-numbers-plus-style = "#444444"; + # line-numbers-left-format = "{nm:>4}┊"; + # line-numbers-right-format = "{np:>4}│"; + # line-numbers-left-style = "blue"; + # line-numbers-right-style = "blue"; + # }; + #}; + extraConfig = { + core = { + packedGitWindowSize = "16m"; + packedGitLimit = "64m"; + }; + pack = { + windowMemory = "64m"; + packSizeLimit = "64m"; + thread = "1"; + deltaCacheSize = "1m"; + }; + color = { + branch = "auto"; + diff = "auto"; + status = "auto"; + }; + push.default = "simple"; + pull.rebase = "true"; + branch.autosetuprebase = "always"; + }; + includes = let + mkDefaultConfig = (dir: { + condition = "gitdir:${dir}"; + contents = { + user = { + signingkey = "0x8A52A140BEBF7D2C"; + email = "fabian@fh2.ch"; + name = "Fabian Hauser"; + }; + }; + }); + in [ + (mkDefaultConfig "~/private/") + (mkDefaultConfig "/etc/nixos/") + (mkDefaultConfig "~/.password-store") + ((mkDefaultConfig "~/work/") // { + contents = { + commit.gpgsign = true; + tag.gpgsign = true; + user = { + signingkey = "0xE0CDD70E5D286D64"; + email = "fabian.hauser@threema.ch"; + }; + url."git@work.github.com".insteadOf = "git@github.com"; + }; + }) + ]; + ignores = [ "*~" "*.swp" ".direnv/" ]; + lfs.enable = true; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/gpg.nix b/defaults/user-configuration/fhauser/applications/gpg.nix new file mode 100644 index 0000000..e9fcd6f --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/gpg.nix @@ -0,0 +1,37 @@ +{ pkgs, ... }: { + #TODO: ENV variabls for agent + home-manager.users.fhauser.home.sessionVariables.SSH_AUTH_SOCK = + "/run/user/1000/gnupg/S.gpg-agent.ssh"; + home-manager.users.fhauser.programs.gpg = { + enable = true; + settings = { + "use-agent" = true; + "trust-model" = "tofu"; + "no-emit-version" = true; + "no-comments" = true; + "sig-notation" = "issuer-fpr@notations.openpgp.fifthhorseman.net=%g"; + "keyserver" = "hkp://pool.sks-keyservers.net"; + "keyserver-options" = "auto-key-retrieve no-honor-keyserver-url"; + "personal-cipher-preferences" = "AES256 AES192 AES CAST5"; + "cert-digest-algo" = "SHA512"; + "personal-digest-preferences" = "SHA512 SHA384 SHA256 SHA224"; + "default-preference-list" = + "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed"; + "display-charset" = "utf-8"; + "fixed-list-mode" = true; + "with-fingerprint" = true; + "keyid-format" = "0xlong"; + "verify-options" = "show-uid-validity"; + "list-options" = "show-uid-validity"; + }; + }; + home-manager.users.fhauser.services.gpg-agent = { + enable = true; + enableScDaemon = true; + enableSshSupport = true; + sshKeys = [ + "99DFB0F28CF9420A2D6383139E86814A1568C81B" # 0x8193A5D218B553DD / fabian.hauser@threema.ch + "638143D3F6421377E9D4C7F1D2EDC5AA0A860351" # 0x3E957C9C8CB5D6B2 / fabian.hauser@qo.is + ]; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/mako.nix b/defaults/user-configuration/fhauser/applications/mako.nix new file mode 100644 index 0000000..9b10df3 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/mako.nix @@ -0,0 +1,14 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.programs.mako = { + enable = true; + backgroundColor = "#CCCCCCCC"; # TODO: Make layout colors in a central place + borderSize = 0; + #borderColor = "#4C7899FF"; + defaultTimeout = 1500; + #ignoreTimeout = true; + #textColor = "#FFFFFFFF"; + #width = 300; + #height = 100; + #font = "monospace 10"; + }; # TODO +} diff --git a/defaults/user-configuration/fhauser/applications/psql.nix b/defaults/user-configuration/fhauser/applications/psql.nix new file mode 100644 index 0000000..866c32f --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/psql.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.home.file.".psqlrc".text = '' + \set QUIET 1 + + \pset linestyle unicode + \pset border 2 + + \set null [null] + \set COMP_KEYWORD_CASE upper + \set ON_ERROR_ROLLBACK interactive + \set PROMPT1 '%[%033[1m%]%M/%/%R%[%033[0m%]%# ' + \set PROMPT2 '''' + \set VERBOSITY verbose + \timing + \x auto + + \unset QUIET + \conninfo + ''; + +} diff --git a/defaults/user-configuration/fhauser/applications/redshift.nix b/defaults/user-configuration/fhauser/applications/redshift.nix new file mode 100644 index 0000000..fd833f2 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/redshift.nix @@ -0,0 +1,13 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.services.redshift = { + enable = true; + package = pkgs.redshift-wlr; + brightness.night = "0.9"; + temperature.day = 6300; + temperature.night = 5500; + + latitude = "47.2"; + longitude = "8.8"; + tray = true; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/scripts.nix b/defaults/user-configuration/fhauser/applications/scripts.nix new file mode 100644 index 0000000..3e94af9 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/scripts.nix @@ -0,0 +1,52 @@ +{ pkgs, ... }: + +let + passbemenu = pkgs.writeScriptBin "passbemenu" '' + #!${pkgs.stdenv.shell} + shopt -s nullglob globstar + + typeit=0 + if [[ $1 == "--type" ]]; then + typeit=1 + shift + fi + + export BEMENU_BACKEND=wayland + + prefix=''${PASSWORD_STORE_DIR-~/.password-store} + password_files=( "$prefix"/**/*.gpg ) + password_files=( "''${password_files[@]#"$prefix"/}" ) + password_files=( "''${password_files[@]%.gpg}" ) + + password=$(printf '%s\n' "''${password_files[@]}" | \ + ${pkgs.bemenu}/bin/bemenu --list 20 --ignorecase --prompt 'Pass: ' "$@") + + [[ -n $password ]] || exit + + ${pkgs.pass-wayland}/bin/pass show -c "$password" 2>/dev/null + ''; + threema-vpn = pkgs.writeScriptBin "threema-vpn" '' + #!${pkgs.stdenv.shell} + set -eo pipefail + + SERVICE=openvpn-threema.service + + if [[ "$1" == "restart" ]]; then + ACTION=restart + elif [[ "$1" == "start" ]]; then + ACTION=start + elif [[ "$1" == "stop" ]]; then + ACTION=stop + elif [[ "$1" == "status" ]]; then + ACTION=status + elif [[ "$1" == "tail" ]]; then + sudo journalctl -f -u $SERVICE + exit 0 + else + echo "Usage: vpn (start|stop|restart|status|tail)" + exit 254 + fi + + sudo systemctl $ACTION $SERVICE + ''; +in { home-manager.users.fhauser.home.packages = [ passbemenu threema-vpn ]; } diff --git a/defaults/user-configuration/fhauser/applications/shell.nix b/defaults/user-configuration/fhauser/applications/shell.nix new file mode 100644 index 0000000..4664eb4 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/shell.nix @@ -0,0 +1,59 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.programs = { + bash = { + enable = true; + historyIgnore = [ "ls" "cd" "exit" "j" ]; + shellAliases = { + # Sane defaults + l = "ls -lah"; + cp = "cp --reflink=auto"; + pwgen = "pwgen -c -n -s -N 30"; + bc = "bc --mathlib"; + cal = "cal -m"; + curl = "curl -L"; + + # Git helpers + git-fetch-pr = + "git config --add remote.origin.fetch '+refs/pull/*/head:refs/remotes/origin/pr/*'"; + git-config-fetchall = '' + git config --add remote.origin.fetch "+refs/pull/*/head:refs/remotes/origin/pr/*"''; + + git-enable-signing = + "git config commit.gpgsign true && git config tag.gpgsign true"; + # Common Typos + gits = "git s"; + }; + initExtra = '' + function o(){ + xdg-open "$*" >/dev/null 2>&1 & + } + ''; + shellOptions = [ "autocd" "checkjobs" "dotglob" "globstar" "histappend" ]; + sessionVariables = { + #TODO: Some of these should be migrated to the according application. + GPG_TTY = "$(tty)"; + PGDATABASE = "postgres"; + }; + }; + + autojump = { + enable = true; + enableBashIntegration = true; + }; + powerline-go = { + enable = true; + settings = { + hostname-only-if-ssh = true; + numeric-exit-codes = true; + colorize-hostname = true; + cwd-max-depth = 4; + modules = "ssh,host,root,cwd,perms,dotenv,venv,node,git,jobs"; + }; + }; + direnv = { + enable = true; + enableBashIntegration = true; + enableNixDirenvIntegration = true; + }; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/ssh.nix b/defaults/user-configuration/fhauser/applications/ssh.nix new file mode 100644 index 0000000..59b1000 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/ssh.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, ... }: { + home-manager.users.fhauser.programs.ssh = let + forceIdentityThreema = { + identityFile = toString (pkgs.writeText "fabian.hauser@threema.ch.pub" '' + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7h492sXT7zdamf+nbOt+y6jiqxicOnm6+wiuEG1EvZ openpgp:0x18B553DD + ''); + identitiesOnly = true; + }; + forceIdentityPrivate = { + identityFile = toString (pkgs.writeText "fabian.hauser@qo.is.pub" '' + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000610954665 + ''); + identitiesOnly = true; + }; + in { + enable = true; + matchBlocks = { + "work.github.com" = forceIdentityThreema // { + hostname = "github.com"; + user = "git"; + }; + "github.com" = forceIdentityPrivate // { user = "git"; }; + }; + #TODO: Authorized keys implementation, see https://github.com/nix-community/home-manager/pull/9 + }; +} diff --git a/defaults/user-configuration/fhauser/applications/swaylock.nix b/defaults/user-configuration/fhauser/applications/swaylock.nix new file mode 100644 index 0000000..ede56d6 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/swaylock.nix @@ -0,0 +1,33 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.systemd.user.services.swayidle = let + lock = + "${pkgs.swaylock}/bin/swaylock --hide-keyboard-layout --ignore-empty-password --daemonize --show-failed-attempts --color=000000"; + logTimeCmd = "${pkgs.coreutils}/bin/date --rfc-3339=seconds >> ~/locklog"; + idleCmd = (action: + ''${pkgs.sway}/bin/swaymsg "output * dpms ${action}" && ${logTimeCmd}''); + timeout-screens-off = 600; + timeout-lock = 630; + timeout-suspend = 1800; + in { + Unit = { + Description = "Idle Manager for Wayland"; + Documentation = [ "man:swayidle(1)" ]; + PartOf = [ "graphical-session.target" ]; + }; + Service = { + Environment = "PATH=${pkgs.bash}/bin"; + ExecStart = '' + ${pkgs.swayidle}/bin/swayidle -w -d \ + timeout ${toString timeout-lock} '${lock}' \ + timeout ${toString timeout-screens-off} '${idleCmd "off"}' \ + resume '${idleCmd "on"}' \ + timeout ${ + toString timeout-suspend + } '${pkgs.systemd}/bin/systemctl suspend' \ + lock '${lock}' \ + before-sleep '${lock}'; + ''; # TODO: Make this configurable and add home-manager module. (Requires sway with systemd-target support) + }; + Install = { WantedBy = [ "sway-session.target" ]; }; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/vim.nix b/defaults/user-configuration/fhauser/applications/vim.nix new file mode 100644 index 0000000..7c135e8 --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/vim.nix @@ -0,0 +1,54 @@ +{ pkgs, ... }: { + home-manager.users.fhauser.programs.vim = { + enable = true; + extraConfig = '' + colorscheme elflord + set autoindent + set ruler + set pastetoggle= + set splitbelow + set splitright + + set tabstop=2 + set softtabstop=2 + + set listchars="eol:¬,tab:>·,trail:~,extends:>,precedes:<,space:␣" + set grepprg=ack\ -k + + set statusline+=%{SyntasticStatuslineFlag()} + set statusline+=%* + + let g:syntastic_always_populate_loc_list = 1 + let g:syntastic_auto_loc_list = 1 + let g:syntastic_check_on_open = 1 + let g:syntastic_check_on_wq = 0 + let g:syntastic_mode_map = { 'mode': 'passive', 'active_filetypes': [],'passive_filetypes': [] } + "nnoremap E :SyntasticCheck :SyntasticToggleMode + + " Rust + "let g:rustfmt_autosave = 1 + let g:racer_cmd="~/.cargo/bin/racer" + "let g:racer_experimental_completer = 1 + au FileType rust nmap gd (rust-def) + au FileType rust nmap gs (rust-def-split) + au FileType rust nmap gx (rust-def-vertical) + au FileType rust nmap gd (rust-doc) + + " Typescript + au BufRead,BufNewFile *.ts setfiletype typescript + + " Options + filetype plugin indent on + syntax on + ''; + plugins = with pkgs.vimPlugins; [ vim-sensible vim-airline ]; + settings = { + background = "dark"; + ignorecase = true; + mouse = "n"; + hidden = true; + expandtab = true; + }; + + }; +} diff --git a/defaults/user-configuration/fhauser/applications/waybar.nix b/defaults/user-configuration/fhauser/applications/waybar.nix new file mode 100644 index 0000000..2669acf --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/waybar.nix @@ -0,0 +1,382 @@ +{ pkgs, lib, config, ... }: { + home-manager.users.fhauser = { + xsession.preferStatusNotifierItems = true; + wayland.windowManager.sway.config.bars = [ ]; + + programs.waybar = { + enable = true; + settings = [{ + position = "top"; + #height = + modules-left = [ "sway/mode" "sway/workspaces" ]; + modules-center = [ "sway/window" ]; + modules-right = [ + "backlight" + "idle_inhibitor" + "bluetooth" + "cpu" + "temperature" + "memory" + "disk" + "network" + "pulseaudio" + #"custom/keyboard-layout" + "battery" + "tray" + "clock" + ]; + modules = { + backlight.format = " {percent}%"; + disk.format = " {percentage_used}%"; + clock.format = "{:%Y-%2m-%2d %H:%M}"; + "sway/workspaces" = { + disable-scroll-wraparound = true; + enable-bar-scroll = true; + numeric-first = true; + }; + + battery = { + interval = 10; + states = { + warning = 15; + critical = 10; + }; + format = " {capacity}% {time}"; # Icon: bolt + format-discharging = "{icon} {capacity}% {time}"; + format-time = "{H}:{M}"; + format-icons = [ + "" # Icon: battery-full + "" # Icon: battery-three-quarters + "" # Icon: battery-half + "" # Icon: battery-quarter + "" # Icon: battery-empty + ]; + tooltip = "true"; + }; + + cpu = { + interval = "5"; + format = " {usage}% ({load})"; # Icon: microchip + states = { + warning = "70"; + critical = "90"; + }; + }; + + #"custom/keyboard-layout" = { + # exec = pkgs.writeShellScript "keyboard-layout" "swaymsg -t get_inputs | grep -m1 'xkb_active_layout_name' | cut -d '\"' -f4"; + # # Interval set only as a fallback, as the value is updated by signal + # interval = "30"; + # format = " {}"; # Icon: keyboard + # # Signal sent by Sway key binding (~/.config/sway/key-bindings) + # signal = "1"; # SIGHUP + # tooltip = "false"; + #}; + + memory = { + interval = "5"; + format = " {}%"; # Icon: microchip + states = { + warning = "70"; + critical = "90"; + }; + }; + + network = { + interval = "5"; + format-wifi = " {essid} ({signalStrength}%)"; # Icon: wifi + format-ethernet = "🔗 {ifname}: {ipaddr}/{cidr}"; # Icon: ethernet + format-disconnected = "🔗"; + tooltip-format = "{ifname}: {ipaddr}"; + }; + + "sway/mode" = { + format = + '' {}''; # Icon: expand-arrows-alt + tooltip = "false"; + }; + + "sway/window" = { + format = "{}"; + max-length = "120"; + }; + + "sway/workspaces" = { + all-outputs = false; + disable-scroll = true; + format = "{icon}"; + format-icons = { + "10" = " 10"; + "11" = " 11"; + "12" = " 12"; + "13" = " 13"; + }; + }; + + pulseaudio = { + scroll-step = 3; + format = "{icon} {volume}%"; + format-bluetooth = "{icon} {volume}%"; + format-muted = "🔇"; + format-icons = { + headphones = ""; + handsfree = ""; + headset = ""; + phone = ""; + portable = ""; + car = ""; + default = [ "" "" "" ]; + }; + on-click = "pavucontrol"; + }; + + temperature = { + critical-threshold = 80; + interval = 5; + format = "{icon} {temperatureC}°C"; + format-icons = [ + "" # Icon: temperature-empty + "" # Icon: temperature-quarter + "" # Icon: temperature-half + "" # Icon: temperature-three-quarters + "" # Icon: temperature-full + ]; + tooltip = "true"; + hwmon-path = "/sys/class/hwmon/hwmon2/temp1_input"; + }; + + idle_inhibitor = { + format = "{icon}"; + format-icons = { + activated = ""; + deactivated = ""; + }; + }; + + tray = { + icon-size = "21"; + spacing = "10"; + }; + }; + }]; + + systemd.enable = true; + + style = '' + /* ============================================================================= + * + * Waybar configuration + * + * Configuration reference: https://github.com/Alexays/Waybar/wiki/Configuration + * + * =========================================================================== */ + + /* ----------------------------------------------------------------------------- + * Keyframes + * -------------------------------------------------------------------------- */ + + @keyframes blink-warning { + 70% { + color: white; + } + + to { + color: white; + background-color: orange; + } + } + + @keyframes blink-critical { + 70% { + color: white; + } + + to { + color: white; + background-color: red; + } + } + + + /* ----------------------------------------------------------------------------- + * Base styles + * -------------------------------------------------------------------------- */ + + /* Reset all styles */ + * { + border: none; + border-radius: 0; + min-height: 0; + margin: 0; + padding: 0; + } + + /* The whole bar */ + #waybar { + background: #323232; + color: white; + /*font-family: Cantarell, Noto Sans, sans-serif;*/ + font-size: 13px; + } + + /* Each module */ + #battery, + #clock, + #cpu, + #custom-keyboard-layout, + #memory, + #mode, + #network, + #pulseaudio, + #temperature, + #backlight, + #idle_inhibitor, + #tray { + margin-left: 5px; + margin-right: 5px; + padding-left: 5px; + padding-right: 5px; + /*border-right: solid 1px black;*/ + } + + #backlight { + margin-right: 0; + padding-right: 0; + } + + #idle_inhibiter { + margin-left: 0; + padding-left: 0; + } + + + /* ----------------------------------------------------------------------------- + * Module styles + * -------------------------------------------------------------------------- */ + + #battery { + animation-timing-function: linear; + animation-iteration-count: infinite; + animation-direction: alternate; + } + + #battery.warning { + color: orange; + } + + #battery.critical { + color: red; + } + + #battery.warning.discharging { + animation-name: blink-warning; + animation-duration: 4s; + } + + #battery.critical.discharging { + animation-name: blink-critical; + animation-duration: 3s; + } + + #clock { + font-weight: bold; + } + + #cpu { + /* No styles */ + } + + #cpu.warning { + color: orange; + } + + #cpu.critical { + color: red; + } + + #memory { + animation-timing-function: linear; + animation-iteration-count: infinite; + animation-direction: alternate; + } + + #memory.warning { + color: orange; + } + + #memory.critical { + color: red; + animation-name: blink-critical; + animation-duration: 2s; + } + + #mode { + background: #64727D; + border-top: 2px solid white; + /* To compensate for the top border and still have vertical centering */ + padding-bottom: 2px; + } + + #network { + /* No styles */ + } + + #network.disconnected { + color: orange; + } + + #pulseaudio { + /* No styles */ + } + + #pulseaudio.muted { + /* No styles */ + } + + #custom-spotify { + color: rgb(102, 220, 105); + } + + #temperature { + /* No styles */ + } + + #temperature.critical { + color: red; + } + + #tray { + /* No styles */ + } + + #window { + font-weight: bold; + } + + #workspaces button { + border-top: 2px solid transparent; + /* To compensate for the top border and still have vertical centering */ + padding-bottom: 2px; + padding-left: 10px; + padding-right: 10px; + color: #888888; + } + + #workspaces button.focused { + border-color: #4c7899; + color: white; + background-color: #285577; + } + + #workspaces button.urgent { + border-color: #c9545d; + color: #c9545d; + } + ''; + }; + systemd.user.services.waybar.Unit = { + Requisite = lib.mkForce [ ]; + After = lib.mkForce [ ]; + }; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/webapps.nix b/defaults/user-configuration/fhauser/applications/webapps.nix new file mode 100644 index 0000000..be5a2cf --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/webapps.nix @@ -0,0 +1,26 @@ +{ pkgs, ... }: + +let + web-app = name: url: + pkgs.writeScriptBin name '' + #!${pkgs.stdenv.shell} + exec ${pkgs.chromium}/bin/chromium --user-data-dir=$HOME/.config/chromium-app-${name} --app="${url}" + ''; + whatsapp = web-app "whatsapp" "https://web.whatsapp.com/"; + threema = web-app "threema" "https://web-beta.threema.ch/"; + threema-work = web-app "threema-work" "https://web-beta.threema.ch/"; + threema-red = web-app "threema-red" "https://web-work-staging.threema.ch/"; + threema-tickets = web-app "threema-tickets" "https://ticket.threema.ch/scp/"; + netflix = web-app "netflix" "https://netflix.com/"; + disneyplus = web-app "disneyplus" "https://disneyplus.com/"; +in { + home-manager.users.fhauser.home.packages = [ + whatsapp + netflix + disneyplus + threema + threema-work + threema-red + threema-tickets + ]; +} diff --git a/defaults/user-configuration/fhauser/default.nix b/defaults/user-configuration/fhauser/default.nix new file mode 100644 index 0000000..c76f103 --- /dev/null +++ b/defaults/user-configuration/fhauser/default.nix @@ -0,0 +1,11 @@ +{ config, pkgs, lib, ... }: { + imports = [ + ./sway.nix + ./multimedia.nix + ./security.nix + ./applications + ./work + ./i3.nix + ]; + home-manager.users.fhauser.home.stateVersion = config.system.stateVersion; +} diff --git a/defaults/user-configuration/fhauser/i3.nix b/defaults/user-configuration/fhauser/i3.nix new file mode 100644 index 0000000..5c9fbf4 --- /dev/null +++ b/defaults/user-configuration/fhauser/i3.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, config, ... }: { + + home-manager.users.fhauser = let + adhereTheSwayTarget = { + Install.WantedBy = lib.mkForce [ "sway-session.target" ]; + Unit.PartOf = lib.mkForce [ "sway-session.target" ]; + }; + in rec { + programs.i3status = { + enable = true; + enableDefault = true; + }; + xsession.windowManager.i3 = { + enable = true; + + }; + }; +} diff --git a/defaults/user-configuration/fhauser/multimedia.nix b/defaults/user-configuration/fhauser/multimedia.nix new file mode 100644 index 0000000..8e14746 --- /dev/null +++ b/defaults/user-configuration/fhauser/multimedia.nix @@ -0,0 +1,51 @@ +{ config, pkgs, lib, ... }: + +{ + home-manager.users.fhauser.home.packages = with pkgs; + [ vlc v4l-utils calibre blender openshot-qt playerctl youtube-dl ] + ++ [ # Audio + audacity + enblend-enfuse + ffmpeg + mplayer + sox # TODO: mencoder? + vorbis-tools + vorbisgain + opusTools + flac + lame + id3lib + id3v2 # TODO: icedax? + pasystray + pavucontrol + spotify + ] ++ [ # Imaging + gimp + hugin + lensfun + luminanceHDR + darktable + geeqie + gphoto2 + # ImageMagick-perl perl-File-Type perl-Term-ProgressBar #TODO: Support libraries for scripts + inkscape + ghostscript + stellarium + #unity3d + ] ++ [ # Codecs for Audio and Video + vobcopy + libdv + libdvbpsi # TODO: librtmp? + xvidcore + x264 + gst_all_1.gstreamer + gst_all_1.gst-vaapi + gst_all_1.gst-rtsp-server + gst_all_1.gst-libav + gst_all_1.gst-plugins-base + gst_all_1.gst-plugins-bad + gst_all_1.gst-plugins-good + gst_all_1.gst-plugins-ugly + ]; + +} diff --git a/defaults/user-configuration/fhauser/security.nix b/defaults/user-configuration/fhauser/security.nix new file mode 100644 index 0000000..151b9ed --- /dev/null +++ b/defaults/user-configuration/fhauser/security.nix @@ -0,0 +1,5 @@ +{ config, pkgs, lib, ... }: + +{ + services.pcscd.enable = true; +} diff --git a/defaults/user-configuration/fhauser/sway.nix b/defaults/user-configuration/fhauser/sway.nix new file mode 100644 index 0000000..9404ec7 --- /dev/null +++ b/defaults/user-configuration/fhauser/sway.nix @@ -0,0 +1,261 @@ +{ pkgs, lib, config, ... }: { + + # environment.systemPackages = with pkgs; [ polkit_gnome ]; #TODO: Needed? + programs.sway.enable = true; + services.gnome3.gnome-remote-desktop.enable = true; + environment.systemPackages = with pkgs; [ pipewire_0_2 ]; + home-manager.users.fhauser = let + adhereTheSwayTarget = { + Install.WantedBy = lib.mkForce [ "sway-session.target" ]; + Unit.PartOf = lib.mkForce [ "sway-session.target" ]; + }; + bemenuLauncher = pkgs.writeScriptBin "bemenuLauncher" '' + #!${pkgs.stdenv.shell} + active_screen=$(swaymsg -r -t get_outputs | \ + ${pkgs.jq}/bin/jq '. [] | select (.focused == true) | .name | split ("-") | last') + ${pkgs.dmenu}/bin/dmenu_path | \ + ${pkgs.bemenu}/bin/bemenu -m $active_screen --list 20 --ignorecase --prompt 'Start: ' | \ + xargs swaymsg exec -- + ''; + in rec { + home.packages = with pkgs; [ + sway-contrib.grimshot + wl-clipboard + libappindicator + gnome3.defaultIconTheme + gnome2.gnome-icon-theme + hicolor-icon-theme # TODO: Move these requirements? + ]; + + xsession.preferStatusNotifierItems = true; + + wayland.windowManager.sway = { + enable = true; + systemdIntegration = true; + xwayland = true; + wrapperFeatures = { gtk = true; }; + extraSessionCommands = '' + export XDG_CURRENT_DESKTOP=Unity + export _JAVA_AWT_WM_NONREPARENTING=1 + export SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh # TODO: Migrate + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + # TODO: QTpie + export WLR_DRM_NO_MODIFIERS=1; + ''; + config = { + input = { + "type:keyboard" = { + xkb_layout = "ch,de"; + xkb_options = "eurosign:e"; + }; + "*" = { xkb_numlock = "enable"; }; + }; + terminal = "${pkgs.alacritty}/bin/alacritty"; + menu = "${bemenuLauncher}/bin/bemenuLauncher"; + gaps.inner = 8; + modifier = "Mod4"; + window.border = 0; + #colors.focused.border = "#323232"; + + #TODO: Workspace Programm assignment: Not working properly + assigns = { + "10" = [{ app_id = "^firefox$"; }]; + "11" = [{ app_id = "^(claws-mail|thunderbird|evolution)$"; }]; + "12" = [{ + class = "^Chromium-browser$"; + instance = "^web.threema.ch"; + }]; + "13" = [{ class = "^Spotify$"; }]; + }; + + keybindings = let mod = wayland.windowManager.sway.config.modifier; + in lib.mkOptionDefault { + "${mod}+p" = "exec passbemenu"; + "${mod}+x" = "move workspace to output right"; + "${mod}+y" = "move workspace to output left"; + + "${mod}+section" = "workspace 0"; + "${mod}+0" = "workspace 10"; + "${mod}+apostrophe" = "workspace 11"; + "${mod}+dead_circumflex" = "workspace 12"; + "${mod}+dead_diaeresis" = "workspace 13"; + "${mod}+dollar" = "workspace 14"; + + "${mod}+Shift+section" = "move container to workspace 0"; + "${mod}+Shift+0" = "move container to workspace 10"; + "${mod}+Shift+apostrophe" = "move container to workspace 11"; + "${mod}+Shift+dead_circumflex" = "move container to workspace 12"; + "${mod}+Shift+dead_diaeresis" = "move container to workspace 13"; + "${mod}+Shift+dollar" = "move container to workspace 14"; + + "Ctrl+mod1+l" = "exec ${pkgs.systemd}/bin/loginctl lock-session"; + "Ctrl+mod1+Shift+L" = "exec ${pkgs.systemd}/bin/systemctl suspend"; + + # pulse audio volume control + XF86AudioLowerVolume = + "exec pactl set-sink-volume '@DEFAULT_SINK@' '-3%'"; + XF86AudioRaiseVolume = + "exec pactl set-sink-volume '@DEFAULT_SINK@' '+3%'"; + XF86AudioMute = "exec pactl set-sink-mute '@DEFAULT_SINK@' 'toggle'"; + XF86AudioMicMute = + "exec pactl set-source-mute '@DEFAULT_SOURCE@' 'toggle'"; + + # Spotify control + XF86AudioPause = "exec playerctl play-pause"; + XF86AudioPlay = "exec playerctl play-pause"; + XF86AudioNext = "exec playerctl next"; + XF86AudioPrev = "exec playerctl previous"; + + # screen brightness + XF86MonBrightnessUp = "exec light -A 10"; + XF86MonBrightnessDown = "exec light -U 5"; + + # screenshot + Print = "exec ${pkgs.sway-contrib.grimshot}/bin/grimshot copy area"; + }; + }; + extraConfig = '' + # Disable the laptop screen when the lid is closed. + bindswitch --reload lid:on output eDP-1 disable + bindswitch --reload lid:off output eDP-1 enable + ''; + }; + + services.kanshi = { + enable = true; + profiles = let + backgroundPicturePath = "~/pictures/backgrounds"; + mkScreen = (screen: { + criteria = screen; + status = "enable"; + scale = 1.0; + }); + in rec { + #mobile.exec = '' + # swaymsg "output * bg `find ${backgroundPicturePath} -type f | shuf -n 1` fill"''; + mobile.outputs = [ + (mkScreen "Unknown 0x08CE 0x00000000" // { + position = "0,0"; + scale = 2.0; + }) + ]; + #home-dock.exec = mobile.exec; + home-dock.outputs = [ + (mkScreen "Unknown 0x08CE 0x00000000" // { + status = "enable"; + scale = 2.0; + position = "0,0"; + }) + (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { + position = "1920,0"; + scale = 1.0; + status = "enable"; + }) + #(mkScreen "Dell Inc. DELL P2720DC 6JRRK53" // { + # position = "2560,0"; + # #position = "4480,0"; + # scale = 1.0; + # status = "enable"; + #}) + ]; + #chur-dock.outputs = [ + # (mkScreen "Unknown 0x08CE 0x00000000" // { + # position = "0,0"; + # scale = 2.0; + # }) + # (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { + # position = "1920,0"; + # }) + #]; + #office-dock.exec = mobile.exec; + office-dock.outputs = [ + (mkScreen "Unknown 0x08CE 0x00000000" // { + position = "0,0"; + scale = 2.0; + }) + (mkScreen "Dell Inc. DELL P2720DC BRKPK53" // { + position = "1920,0"; + }) + (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { + position = "4480,0"; + }) + ]; + }; + }; + # TODO: Move these services elsewhere + services.network-manager-applet.enable = true; + systemd.user.services.network-manager-applet = adhereTheSwayTarget; + services.nextcloud-client.enable = true; + systemd.user.services.nextcloud-client = adhereTheSwayTarget // { + Service.ExecStart = + lib.mkForce "${pkgs.nextcloud-client}/bin/nextcloud --background"; + Unit.After = [ "waybar.service" ]; # For trayicon to work + }; # TODO: Test and upstream + services.owncloud-client.enable = true; + systemd.user.services.owncloud-client = adhereTheSwayTarget // { + Unit.After = [ "waybar.service" ]; # For trayicon to work + }; + services.pasystray.enable = true; + systemd.user.services.pasystray = adhereTheSwayTarget; + + gtk = { + iconTheme = { + # package = pkgs.gnome-icon-theme; + # name = "gnome"; + package = pkgs.hicolor_icon_theme; + name = "hicolor"; + }; + gtk3.extraConfig.gtk-menu-images = true; + }; + + dconf.settings = { "org/gnome/desktop/interface".menus-have-icons = true; }; + + xdg.mimeApps = { + enable = true; + defaultApplications = let + browser = [ "firefox.desktop" ]; + email = [ "org.gnome.Evolution.desktop" ]; + doc-editor = [ "writer.desktop" ]; + sheet-editor = [ "calc.desktop" ]; + presentation-editor = [ "impress.desktop" ]; + pdf = [ "org.gnome.Evince.desktop " ]; + image = [ "geeqie.desktop" ]; + image-vector = [ "org.inkscape.Inkscape.desktop" ]; + ebooks = [ "calibre-ebook-viewer.desktop" ]; + code-general = [ "codium.desktop" ]; + video = [ "vlc.desktop" ]; + in { + "text/html" = browser; + "x-scheme-handler/http" = browser; + "x-scheme-handler/https" = browser; + "x-scheme-handler/mailto" = email; + "x-scheme-handler/msteams" = [ "teams.desktop" ]; + + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + doc-editor; + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + sheet-editor; + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + presentation-editor; + "application/vnd.oasis.opendocument.presentation" = presentation-editor; + "application/pdf" = pdf; + "application/epub+zip" = ebooks; + + "text/plain" = code-general; + "application/json" = code-general; + "text/markdown" = code-general; + + "image/png" = image; + "image/jpg" = image; + "image/jpeg" = image; + "image/x-tga" = image; + "image/tiff" = image; + "image/x-canon-cr2" = image; + "image/svg+xml" = image-vector; + + "video/mp4" = video; + }; + }; + }; +} diff --git a/defaults/user-configuration/fhauser/work/android-studio.nix b/defaults/user-configuration/fhauser/work/android-studio.nix new file mode 100644 index 0000000..472af5f --- /dev/null +++ b/defaults/user-configuration/fhauser/work/android-studio.nix @@ -0,0 +1,4 @@ +{ pkgs, ... }: { + programs.adb.enable = true; + users.users.fhauser.extraGroups = [ "adbusers" ]; +} diff --git a/defaults/user-configuration/fhauser/work/default.nix b/defaults/user-configuration/fhauser/work/default.nix new file mode 100644 index 0000000..96043b9 --- /dev/null +++ b/defaults/user-configuration/fhauser/work/default.nix @@ -0,0 +1,6 @@ +{ config, pkgs, lib, ... }: + +{ + + imports = [ ./android-studio.nix ./openvpn.nix ]; +} diff --git a/defaults/user-configuration/fhauser/work/openvpn.nix b/defaults/user-configuration/fhauser/work/openvpn.nix new file mode 100644 index 0000000..65538c6 --- /dev/null +++ b/defaults/user-configuration/fhauser/work/openvpn.nix @@ -0,0 +1,73 @@ +{ pkgs, lib, ... }: { + services.openvpn.servers.threema = let + cafile = pkgs.writeTextFile { + name = "threema-vpn-ca.crt"; + text = '' + -----BEGIN CERTIFICATE----- + MIIDMjCCAhqgAwIBAgIJANmI9BYPseTxMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV + BAMMCk9wZW5WUE4gQ0EwHhcNMTkwNTE1MTQzOTM0WhcNMjkwNTEyMTQzOTM0WjAV + MRMwEQYDVQQDDApPcGVuVlBOIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB + CgKCAQEA7NaiObgz2L5wmGIgOWUe1n6Q1g6Y5CYsrMQI8yhIDqKSx0fTL9eT2hvn + zThnltxKJRVTn0qGPf/7QF6WzjIXfKSJH5Cb+OKgYmqfRI2TW+ncqyJCaa3Fl9lI + VgU4knro6Cp9dhNhrNmRoRFvZ/17noB4+WPds7EgRObDi2ERuwAbONgz56J2Rea6 + RHVL6HMFY7v8Zp8B/MnzSba/OSJC7RXCuCs6qNOgJOoHnp5PnsB3V40mszy4h/0Q + jVbBdZ3K4rEjNiawhCOetXhgHSaVGH4MP5oWrAN4UiI+IIfz6Ywz5mc7F6yBZa/e + aCG+r2bMUIepVPE25AUfuZ6O8+0+iwIDAQABo4GEMIGBMB0GA1UdDgQWBBQDHenu + 05GGgcztJ1FCUWQlbYxGLjBFBgNVHSMEPjA8gBQDHenu05GGgcztJ1FCUWQlbYxG + LqEZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANmI9BYPseTxMAwGA1UdEwQF + MAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQDTQtMeER20/3r/ + Zn+IRpIEJh/ITxEE6kKCKo59wwVEFA0Ba+7d+BslFTCPhADM2p0AzPt5OSEo0A2N + nWGL3hhBPcnrBTFUma58gGz++v5Oy8GpfaCoXjCqfANjAbApY0JCCSWb1BJWkhXt + vDMlVXv6UzfF4HCeEQCof4QcW8ca4csrOceW76S7Cc3Or4iyTXKQrZ5PKy081CfV + sTLgGMQX4kZT9MBg13wDj0WkdJaWxQ2C73/me/YypcctN7t1wy7pUx33rEE1xh/o + 9fsKcFs0qqYKRUY8AnghhuimBrkHoqUcdrG/6WO7+hbipxIDStm4Qbnptde3fhJT + rGUhGexA + -----END CERTIFICATE----- + ''; + }; + in { + autoStart = false; + config = '' + remote vpn.threema.ch 38417 tcp-client + + nobind + dev tun + persist-tun + persist-key + pull + auth-user-pass + tls-client + ca ${cafile} + remote-cert-tls server + + route 10.83.0.0 255.255.0.0 default default + route 10.90.0.0 255.255.0.0 default default + #route 5.148.175.192 255.255.255.224 default default + #route 5.148.189.192 255.255.255.224 default default + route 192.168.11.0 255.255.255.0 default default + route 192.168.13.0 255.255.255.0 default default + route 136.243.104.147 255.255.255.255 default default + route 193.70.13.37 255.255.255.255 default default + route 95.211.228.137 255.255.255.255 default default + route 5.148.189.112 255.255.255.240 default default + route 185.88.236.64 255.255.255.192 default default + route 212.103.68.0 255.255.255.192 default default + route 185.88.236.98 255.255.255.255 net_gateway default + route 5.148.189.116 255.255.255.255 net_gateway default + + dhcp-option DNS 185.88.236.100 + dhcp-option DNS 212.103.68.20 + + reneg-bytes 0 + auth-nocache + tls-cipher DEFAULT + cipher AES-128-CBC + #data-ciphers AES-128-CBC # TODO: Enable with openvpn 2.5 + reneg-sec 0 + remap-usr1 SIGTERM + ''; + updateResolvConf = true; + }; + + systemd.services.openvpn-threema.serviceConfig.Restart = lib.mkForce "no"; +} diff --git a/hardware/thinkpad-p14s.nix b/hardware/thinkpad-p14s.nix new file mode 100644 index 0000000..90eda6c --- /dev/null +++ b/hardware/thinkpad-p14s.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, modulesPath, ... }: { + + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + + + + + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "usbhid" + "sd_mod" + "rtsx_pci_sdmmc" + ]; + boot.kernelModules = [ "kvm-intel" ]; + + # Ignore Alcor smartcard (gpg is not very smart) + # See https://ludovicrousseau.blogspot.com/2015/12/remove-andor-customize-pcsc-reader-names.html + systemd.services.pcscd.environment.PCSCLITE_FILTER_IGNORE_READER_NAMES = + "Alcor"; + + hardware.video.hidpi.enable = true; + + # CPU Configuration + hardware.cpu.intel.updateMicrocode = true; + services.throttled.enable = true; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; +} diff --git a/host/hummelberg-new/default.nix b/host/hummelberg-new/default.nix new file mode 100644 index 0000000..fd19914 --- /dev/null +++ b/host/hummelberg-new/default.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: { + + imports = [ + ./filesystems.nix + ./networking.nix + #./printing.nix + #./backup.nix #TODO: Extract applications from desktop role + + ../../hardware/thinkpad-p14s.nix + + ../../defaults/base + ../../defaults/cifs-auth-fix + ../../defaults/desktop + #../../defaults/games + ../../defaults/user-configuration + ../../defaults/user-configuration/fhauser + #../../defaults/printing + ]; + + #TODO: Clean up next section + services.xserver.dpi = 180; + + virtualisation = { # TODO: This should probably be somewhere else. + docker = { + enable = true; + enableOnBoot = false; + }; + libvirtd.enable = true; + }; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # This value determines the NixOS release from which the default + # settings for stateful data, like fi:le locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.09"; # Did you read the comment? + +} diff --git a/host/hummelberg-new/filesystems.nix b/host/hummelberg-new/filesystems.nix new file mode 100644 index 0000000..d07f1c7 --- /dev/null +++ b/host/hummelberg-new/filesystems.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: { + boot.initrd.luks.devices = { + "root".device = "/dev/disk/by-uuid/fae1b81e-894c-47b4-92e5-0a817fd6f66f"; + "swap".device = "/dev/disk/by-uuid/dc1fe9ff-7eb7-40c3-8fbd-d99398e5e5d6"; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = [ "subvol=nixos" ]; + }; + "/home" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/1FB9-3DB0"; + fsType = "vfat"; + }; + }; + + swapDevices = [{ device = "/dev/mapper/swap"; }]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + +} diff --git a/host/hummelberg-new/networking.nix b/host/hummelberg-new/networking.nix new file mode 100644 index 0000000..fb1edb0 --- /dev/null +++ b/host/hummelberg-new/networking.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: + +{ + + networking = { + networkmanager.enable = true; + useDHCP = false; + #wireless.enable = true; # Enables wireless support via wpa_supplicant. + hostName = "hummelberg-new"; + }; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + #networking.wireguard.enable = true; + #networking.wireguard.interfaces = let + # meta = import ../../meta; + # vnetworks = meta.network.virtual; + # vnetworkName = "mgmt"; + #in { + # "wg-${vnetworkName}" = + # pkgs.lib.qois.wireguard.makeInterface config.networking.hostName + # vnetworkName vnetworks.${vnetworkName}; + #}; +} diff --git a/host/hummelberg-new/printing.nix b/host/hummelberg-new/printing.nix new file mode 100644 index 0000000..bb07603 --- /dev/null +++ b/host/hummelberg-new/printing.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + hardware.printers.ensureDefaultPrinter = "hsr-mfp-8261"; + hardware.printers.ensurePrinters = [{ + name = "hsr-mfp-8261"; + deviceUri = "smb://hsr.ch/printsrv-d.hsr.ch/d8261-a4mfp"; + location = "HSR 8.261"; + model = "HP/hp-color_laserjet_mfp_m577-ps.ppd.gz"; + ppdOptions = { + Duplex = "DuplexNoTumble"; + PageSize = "A4"; + auth-info-required = "username,password"; + }; + }]; +} From 19bdd28b420d844ea1b23b7b7f84e04263868c3d Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Sat, 10 Apr 2021 17:06:55 +0200 Subject: [PATCH 03/12] Rename hummelberg-new to hummelberg --- host/hummelberg-new/filesystems.nix | 30 --------- host/hummelberg-new/networking.nix | 26 -------- .../default.nix | 26 ++------ host/hummelberg-old/filesystems.nix | 64 +++++++++++++++++++ host/hummelberg-old/networking.nix | 26 ++++++++ .../printing.nix | 0 host/hummelberg/default.nix | 26 ++++++-- host/hummelberg/filesystems.nix | 48 ++------------ host/hummelberg/networking.nix | 20 +++--- 9 files changed, 133 insertions(+), 133 deletions(-) delete mode 100644 host/hummelberg-new/filesystems.nix delete mode 100644 host/hummelberg-new/networking.nix rename host/{hummelberg-new => hummelberg-old}/default.nix (54%) create mode 100644 host/hummelberg-old/filesystems.nix create mode 100644 host/hummelberg-old/networking.nix rename host/{hummelberg-new => hummelberg-old}/printing.nix (100%) diff --git a/host/hummelberg-new/filesystems.nix b/host/hummelberg-new/filesystems.nix deleted file mode 100644 index d07f1c7..0000000 --- a/host/hummelberg-new/filesystems.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, lib, ... }: { - boot.initrd.luks.devices = { - "root".device = "/dev/disk/by-uuid/fae1b81e-894c-47b4-92e5-0a817fd6f66f"; - "swap".device = "/dev/disk/by-uuid/dc1fe9ff-7eb7-40c3-8fbd-d99398e5e5d6"; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/root"; - fsType = "btrfs"; - options = [ "subvol=nixos" ]; - }; - "/home" = { - device = "/dev/mapper/root"; - fsType = "btrfs"; - options = [ "subvol=home" ]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/1FB9-3DB0"; - fsType = "vfat"; - }; - }; - - swapDevices = [{ device = "/dev/mapper/swap"; }]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - -} diff --git a/host/hummelberg-new/networking.nix b/host/hummelberg-new/networking.nix deleted file mode 100644 index fb1edb0..0000000 --- a/host/hummelberg-new/networking.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, ... }: - -{ - - networking = { - networkmanager.enable = true; - useDHCP = false; - #wireless.enable = true; # Enables wireless support via wpa_supplicant. - hostName = "hummelberg-new"; - }; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - #networking.wireguard.enable = true; - #networking.wireguard.interfaces = let - # meta = import ../../meta; - # vnetworks = meta.network.virtual; - # vnetworkName = "mgmt"; - #in { - # "wg-${vnetworkName}" = - # pkgs.lib.qois.wireguard.makeInterface config.networking.hostName - # vnetworkName vnetworks.${vnetworkName}; - #}; -} diff --git a/host/hummelberg-new/default.nix b/host/hummelberg-old/default.nix similarity index 54% rename from host/hummelberg-new/default.nix rename to host/hummelberg-old/default.nix index fd19914..4b0817b 100644 --- a/host/hummelberg-new/default.nix +++ b/host/hummelberg-old/default.nix @@ -3,40 +3,28 @@ imports = [ ./filesystems.nix ./networking.nix - #./printing.nix + ./printing.nix #./backup.nix #TODO: Extract applications from desktop role - ../../hardware/thinkpad-p14s.nix + ../../hardware/dell-precision-3530.nix ../../defaults/base ../../defaults/cifs-auth-fix ../../defaults/desktop - #../../defaults/games - ../../defaults/user-configuration - ../../defaults/user-configuration/fhauser - #../../defaults/printing + ../../defaults/development-tools + ../../defaults/games + ../../defaults/printing ]; - #TODO: Clean up next section - services.xserver.dpi = 180; - - virtualisation = { # TODO: This should probably be somewhere else. - docker = { - enable = true; - enableOnBoot = false; - }; - libvirtd.enable = true; - }; - # Set your time zone. time.timeZone = "Europe/Amsterdam"; # This value determines the NixOS release from which the default - # settings for stateful data, like fi:le locations and database versions + # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.09"; # Did you read the comment? + system.stateVersion = "20.03"; # Did you read the comment? } diff --git a/host/hummelberg-old/filesystems.nix b/host/hummelberg-old/filesystems.nix new file mode 100644 index 0000000..2a89b97 --- /dev/null +++ b/host/hummelberg-old/filesystems.nix @@ -0,0 +1,64 @@ +{ config, pkgs, lib, ... }: +let + networkShares = let + hsr_options = [ + "defaults" + "noauto" + #"iocharset=utf8" + "soft" + "user=fhauser" + "domain=hsr.ch" + "uid=1000" + "gid=1000" + ]; + hsr_share = share_name: + { domain ? "hsr.ch/root", path ? share_name, extra_options ? [ ] }: + lib.nameValuePair "/mnt/hsr/${share_name}" { + device = "//${domain}/${path}"; + fsType = "cifs"; + options = hsr_options ++ extra_options; + noCheck = true; + }; + in lib.mapAttrs' hsr_share { + "skripte".path = "alg/skripte"; + "scratch".path = "alg/scratch"; + "fhauser".domain = "c101.hsr.ch"; + #"fabian.hauser".domain = "svm-c113.ost.ch"; # User! + "afe" = { }; + "auw" = { }; + "ebooks" = { + path = "alg/ebooks"; + extra_options = [ "ro" ]; + }; + }; + +in { + boot.initrd.luks.devices = { + "root".device = "/dev/disk/by-uuid/28d2914f-c053-40a8-ad90-f2743190c772"; + "swap".device = "/dev/disk/by-uuid/ed89158d-4460-4012-86d7-f8761127371c"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35"; + fsType = "btrfs"; + options = [ "subvol=nixos" ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/E86E-3C6C"; + fsType = "vfat"; + }; + } // networkShares; + + swapDevices = [{ device = "/dev/mapper/swap"; }]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + +} diff --git a/host/hummelberg-old/networking.nix b/host/hummelberg-old/networking.nix new file mode 100644 index 0000000..61cc2fd --- /dev/null +++ b/host/hummelberg-old/networking.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: + +{ + + networking = { + networkmanager.enable = true; + useDHCP = false; + #wireless.enable = true; # Enables wireless support via wpa_supplicant. + hostName = "hummelberg"; + }; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + networking.wireguard.enable = true; + networking.wireguard.interfaces = let + meta = import ../../meta; + vnetworks = meta.network.virtual; + vnetworkName = "mgmt"; + in { + "wg-${vnetworkName}" = + pkgs.lib.qois.wireguard.makeInterface config.networking.hostName + vnetworkName vnetworks.${vnetworkName}; + }; +} diff --git a/host/hummelberg-new/printing.nix b/host/hummelberg-old/printing.nix similarity index 100% rename from host/hummelberg-new/printing.nix rename to host/hummelberg-old/printing.nix diff --git a/host/hummelberg/default.nix b/host/hummelberg/default.nix index 4b0817b..fd19914 100644 --- a/host/hummelberg/default.nix +++ b/host/hummelberg/default.nix @@ -3,28 +3,40 @@ imports = [ ./filesystems.nix ./networking.nix - ./printing.nix + #./printing.nix #./backup.nix #TODO: Extract applications from desktop role - ../../hardware/dell-precision-3530.nix + ../../hardware/thinkpad-p14s.nix ../../defaults/base ../../defaults/cifs-auth-fix ../../defaults/desktop - ../../defaults/development-tools - ../../defaults/games - ../../defaults/printing + #../../defaults/games + ../../defaults/user-configuration + ../../defaults/user-configuration/fhauser + #../../defaults/printing ]; + #TODO: Clean up next section + services.xserver.dpi = 180; + + virtualisation = { # TODO: This should probably be somewhere else. + docker = { + enable = true; + enableOnBoot = false; + }; + libvirtd.enable = true; + }; + # Set your time zone. time.timeZone = "Europe/Amsterdam"; # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions + # settings for stateful data, like fi:le locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "20.03"; # Did you read the comment? + system.stateVersion = "20.09"; # Did you read the comment? } diff --git a/host/hummelberg/filesystems.nix b/host/hummelberg/filesystems.nix index 2a89b97..d07f1c7 100644 --- a/host/hummelberg/filesystems.nix +++ b/host/hummelberg/filesystems.nix @@ -1,59 +1,25 @@ -{ config, pkgs, lib, ... }: -let - networkShares = let - hsr_options = [ - "defaults" - "noauto" - #"iocharset=utf8" - "soft" - "user=fhauser" - "domain=hsr.ch" - "uid=1000" - "gid=1000" - ]; - hsr_share = share_name: - { domain ? "hsr.ch/root", path ? share_name, extra_options ? [ ] }: - lib.nameValuePair "/mnt/hsr/${share_name}" { - device = "//${domain}/${path}"; - fsType = "cifs"; - options = hsr_options ++ extra_options; - noCheck = true; - }; - in lib.mapAttrs' hsr_share { - "skripte".path = "alg/skripte"; - "scratch".path = "alg/scratch"; - "fhauser".domain = "c101.hsr.ch"; - #"fabian.hauser".domain = "svm-c113.ost.ch"; # User! - "afe" = { }; - "auw" = { }; - "ebooks" = { - path = "alg/ebooks"; - extra_options = [ "ro" ]; - }; - }; - -in { +{ config, pkgs, lib, ... }: { boot.initrd.luks.devices = { - "root".device = "/dev/disk/by-uuid/28d2914f-c053-40a8-ad90-f2743190c772"; - "swap".device = "/dev/disk/by-uuid/ed89158d-4460-4012-86d7-f8761127371c"; + "root".device = "/dev/disk/by-uuid/fae1b81e-894c-47b4-92e5-0a817fd6f66f"; + "swap".device = "/dev/disk/by-uuid/dc1fe9ff-7eb7-40c3-8fbd-d99398e5e5d6"; }; fileSystems = { "/" = { - device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35"; + device = "/dev/mapper/root"; fsType = "btrfs"; options = [ "subvol=nixos" ]; }; "/home" = { - device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35"; + device = "/dev/mapper/root"; fsType = "btrfs"; options = [ "subvol=home" ]; }; "/boot" = { - device = "/dev/disk/by-uuid/E86E-3C6C"; + device = "/dev/disk/by-uuid/1FB9-3DB0"; fsType = "vfat"; }; - } // networkShares; + }; swapDevices = [{ device = "/dev/mapper/swap"; }]; diff --git a/host/hummelberg/networking.nix b/host/hummelberg/networking.nix index 61cc2fd..96d5c92 100644 --- a/host/hummelberg/networking.nix +++ b/host/hummelberg/networking.nix @@ -13,14 +13,14 @@ # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - networking.wireguard.enable = true; - networking.wireguard.interfaces = let - meta = import ../../meta; - vnetworks = meta.network.virtual; - vnetworkName = "mgmt"; - in { - "wg-${vnetworkName}" = - pkgs.lib.qois.wireguard.makeInterface config.networking.hostName - vnetworkName vnetworks.${vnetworkName}; - }; + #networking.wireguard.enable = true; + #networking.wireguard.interfaces = let + # meta = import ../../meta; + # vnetworks = meta.network.virtual; + # vnetworkName = "mgmt"; + #in { + # "wg-${vnetworkName}" = + # pkgs.lib.qois.wireguard.makeInterface config.networking.hostName + # vnetworkName vnetworks.${vnetworkName}; + #}; } From 64bcf75ead160b42acf3957225565ebadd6e4eb2 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 19 Apr 2021 15:09:25 +0200 Subject: [PATCH 04/12] Add 'added associations' to mimelist --- defaults/user-configuration/fhauser/sway.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/defaults/user-configuration/fhauser/sway.nix b/defaults/user-configuration/fhauser/sway.nix index 9404ec7..2c05936 100644 --- a/defaults/user-configuration/fhauser/sway.nix +++ b/defaults/user-configuration/fhauser/sway.nix @@ -211,8 +211,9 @@ dconf.settings = { "org/gnome/desktop/interface".menus-have-icons = true; }; - xdg.mimeApps = { + xdg.mimeApps = rec { enable = true; + associations.added = defaultApplications; defaultApplications = let browser = [ "firefox.desktop" ]; email = [ "org.gnome.Evolution.desktop" ]; From c754f862b6c01b1153c69e23ecad95561a501ce9 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 26 Apr 2021 14:28:46 +0200 Subject: [PATCH 05/12] Add federispitz configuration --- hardware/thinkpad-t470s.nix | 31 +++++++++++++++++++++++ host/federispitz/default.nix | 42 ++++++++++++++++++++++++++++++++ host/federispitz/filesystems.nix | 30 +++++++++++++++++++++++ host/federispitz/networking.nix | 26 ++++++++++++++++++++ host/federispitz/printing.nix | 16 ++++++++++++ 5 files changed, 145 insertions(+) create mode 100644 hardware/thinkpad-t470s.nix create mode 100644 host/federispitz/default.nix create mode 100644 host/federispitz/filesystems.nix create mode 100644 host/federispitz/networking.nix create mode 100644 host/federispitz/printing.nix diff --git a/hardware/thinkpad-t470s.nix b/hardware/thinkpad-t470s.nix new file mode 100644 index 0000000..2a30a6a --- /dev/null +++ b/hardware/thinkpad-t470s.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, modulesPath, ... }: { + + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + + + + ]; + + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "usbhid" + "sd_mod" + ]; + boot.kernelModules = [ "kvm-intel" ]; + + # Ignore Alcor smartcard (gpg is not very smart) + # See https://ludovicrousseau.blogspot.com/2015/12/remove-andor-customize-pcsc-reader-names.html + #systemd.services.pcscd.environment.PCSCLITE_FILTER_IGNORE_READER_NAMES = + # "Alcor"; + + hardware.video.hidpi.enable = true; + + # CPU Configuration + hardware.cpu.intel.updateMicrocode = true; + services.throttled.enable = true; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; +} diff --git a/host/federispitz/default.nix b/host/federispitz/default.nix new file mode 100644 index 0000000..68304fa --- /dev/null +++ b/host/federispitz/default.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: { + + imports = [ + ./filesystems.nix + ./networking.nix + #./printing.nix + #./backup.nix #TODO: Extract applications from desktop role + + ../../hardware/thinkpad-t470s.nix + + ../../defaults/base + ../../defaults/cifs-auth-fix + ../../defaults/desktop + #../../defaults/games + ../../defaults/user-configuration + ../../defaults/user-configuration/fhauser + #../../defaults/printing + ]; + + #TODO: Clean up next section + services.xserver.dpi = 180; + + virtualisation = { # TODO: This should probably be somewhere else. + docker = { + enable = true; + enableOnBoot = false; + }; + libvirtd.enable = true; + }; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # This value determines the NixOS release from which the default + # settings for stateful data, like fi:le locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.09"; # Did you read the comment? + +} diff --git a/host/federispitz/filesystems.nix b/host/federispitz/filesystems.nix new file mode 100644 index 0000000..52e1d12 --- /dev/null +++ b/host/federispitz/filesystems.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: { + boot.initrd.luks.devices = { + "root".device = "/dev/disk/by-uuid/660b61d1-971d-4acc-9577-68a491eaf63b"; + "swap".device = "/dev/disk/by-uuid/350eebba-6641-46a0-be1d-a7197157b704"; + }; + + fileSystems = { + "/" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = [ "subvol=nixos" ]; + }; + "/home" = { + device = "/dev/mapper/root"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/F2EF-1BBF"; + fsType = "vfat"; + }; + }; + + swapDevices = [{ device = "/dev/mapper/swap"; }]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + +} diff --git a/host/federispitz/networking.nix b/host/federispitz/networking.nix new file mode 100644 index 0000000..8c4ba74 --- /dev/null +++ b/host/federispitz/networking.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: + +{ + + networking = { + networkmanager.enable = true; + useDHCP = false; + #wireless.enable = true; # Enables wireless support via wpa_supplicant. + hostName = "federispitz"; + }; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + #networking.wireguard.enable = true; + #networking.wireguard.interfaces = let + # meta = import ../../meta; + # vnetworks = meta.network.virtual; + # vnetworkName = "mgmt"; + #in { + # "wg-${vnetworkName}" = + # pkgs.lib.qois.wireguard.makeInterface config.networking.hostName + # vnetworkName vnetworks.${vnetworkName}; + #}; +} diff --git a/host/federispitz/printing.nix b/host/federispitz/printing.nix new file mode 100644 index 0000000..bb07603 --- /dev/null +++ b/host/federispitz/printing.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + hardware.printers.ensureDefaultPrinter = "hsr-mfp-8261"; + hardware.printers.ensurePrinters = [{ + name = "hsr-mfp-8261"; + deviceUri = "smb://hsr.ch/printsrv-d.hsr.ch/d8261-a4mfp"; + location = "HSR 8.261"; + model = "HP/hp-color_laserjet_mfp_m577-ps.ppd.gz"; + ppdOptions = { + Duplex = "DuplexNoTumble"; + PageSize = "A4"; + auth-info-required = "username,password"; + }; + }]; +} From 7ff389b92cfb40b170ea440b05962502ea181a00 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 3 May 2021 14:10:55 +0200 Subject: [PATCH 06/12] Add speer --- defaults/user-configuration/fhauser/sway.nix | 9 +++++ hardware/amd-board.nix | 20 ++++++++++ host/lindberg/filesystems.nix | 1 + host/speer/default.nix | 42 ++++++++++++++++++++ host/speer/filesystems.nix | 28 +++++++++++++ host/speer/networking.nix | 26 ++++++++++++ host/speer/printing.nix | 16 ++++++++ 7 files changed, 142 insertions(+) create mode 100644 hardware/amd-board.nix create mode 100644 host/speer/default.nix create mode 100644 host/speer/filesystems.nix create mode 100644 host/speer/networking.nix create mode 100644 host/speer/printing.nix diff --git a/defaults/user-configuration/fhauser/sway.nix b/defaults/user-configuration/fhauser/sway.nix index 2c05936..23b0315 100644 --- a/defaults/user-configuration/fhauser/sway.nix +++ b/defaults/user-configuration/fhauser/sway.nix @@ -181,6 +181,15 @@ position = "4480,0"; }) ]; + home-pc.outputs = [ + (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { + position = "0,0"; + }) + (mkScreen "Unknown HP Z27 CN482201RP" // { + position = "2560,0"; + scale = 1.5; + }) + ]; }; }; # TODO: Move these services elsewhere diff --git a/hardware/amd-board.nix b/hardware/amd-board.nix new file mode 100644 index 0000000..29d3cf1 --- /dev/null +++ b/hardware/amd-board.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, modulesPath, ... }: { + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; + + boot.initrd.availableKernelModules = [ + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + "xhci_pci" + "ahci" + "virtio-pci" + "igb" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + hardware.cpu.amd.updateMicrocode = true; + nix.maxJobs = lib.mkDefault 24; +} diff --git a/host/lindberg/filesystems.nix b/host/lindberg/filesystems.nix index cfa0323..99aa799 100644 --- a/host/lindberg/filesystems.nix +++ b/host/lindberg/filesystems.nix @@ -1,5 +1,6 @@ { config, pkgs, ... }: { + boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.luks.devices = { "system".device = "/dev/disk/by-uuid/ba646016-2618-4d9b-acf2-41986ab76f7e"; "data".device = "/dev/disk/by-uuid/6cfe504d-992f-4b11-be3e-31d00c3e108d"; diff --git a/host/speer/default.nix b/host/speer/default.nix new file mode 100644 index 0000000..03fb0c2 --- /dev/null +++ b/host/speer/default.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: { + + imports = [ + ./filesystems.nix + ./networking.nix + #./printing.nix + #./backup.nix #TODO: Extract applications from desktop role + + ../../hardware/amd-board.nix + + ../../defaults/base + ../../defaults/cifs-auth-fix + ../../defaults/desktop + ../../defaults/games + ../../defaults/user-configuration + ../../defaults/user-configuration/fhauser + #../../defaults/printing + ]; + + #TODO: Clean up next section + #services.xserver.dpi = 180; + + virtualisation = { # TODO: This should probably be somewhere else. + docker = { + enable = true; + enableOnBoot = false; + }; + libvirtd.enable = true; + }; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # This value determines the NixOS release from which the default + # settings for stateful data, like fi:le locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "20.09"; # Did you read the comment? + +} diff --git a/host/speer/filesystems.nix b/host/speer/filesystems.nix new file mode 100644 index 0000000..1e207a1 --- /dev/null +++ b/host/speer/filesystems.nix @@ -0,0 +1,28 @@ +{ config, pkgs, lib, ... }: { + boot.initrd.luks.devices.system.device = "/dev/disk/by-uuid/bf353bb1-43bf-453f-ae7e-0fa9b4d8778c"; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/661ad230-72da-4326-bb3a-4965006475f8"; + fsType = "btrfs"; + options = [ "subvol=nixos" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/661ad230-72da-4326-bb3a-4965006475f8"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A5C5-1372"; + fsType = "vfat"; + }; + + swapDevices = []; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + +} diff --git a/host/speer/networking.nix b/host/speer/networking.nix new file mode 100644 index 0000000..6e1de0d --- /dev/null +++ b/host/speer/networking.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: + +{ + + networking = { + networkmanager.enable = true; + useDHCP = false; + #wireless.enable = true; # Enables wireless support via wpa_supplicant. + hostName = "speer"; + }; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + #networking.wireguard.enable = true; + #networking.wireguard.interfaces = let + # meta = import ../../meta; + # vnetworks = meta.network.virtual; + # vnetworkName = "mgmt"; + #in { + # "wg-${vnetworkName}" = + # pkgs.lib.qois.wireguard.makeInterface config.networking.hostName + # vnetworkName vnetworks.${vnetworkName}; + #}; +} diff --git a/host/speer/printing.nix b/host/speer/printing.nix new file mode 100644 index 0000000..bb07603 --- /dev/null +++ b/host/speer/printing.nix @@ -0,0 +1,16 @@ +{ config, pkgs, ... }: + +{ + hardware.printers.ensureDefaultPrinter = "hsr-mfp-8261"; + hardware.printers.ensurePrinters = [{ + name = "hsr-mfp-8261"; + deviceUri = "smb://hsr.ch/printsrv-d.hsr.ch/d8261-a4mfp"; + location = "HSR 8.261"; + model = "HP/hp-color_laserjet_mfp_m577-ps.ppd.gz"; + ppdOptions = { + Duplex = "DuplexNoTumble"; + PageSize = "A4"; + auth-info-required = "username,password"; + }; + }]; +} From ab7844214d0d71b4b619f0f57b541d027f9ed85b Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 3 May 2021 15:02:55 +0200 Subject: [PATCH 07/12] Add threema shares to git config --- .../fhauser/applications/git.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/defaults/user-configuration/fhauser/applications/git.nix b/defaults/user-configuration/fhauser/applications/git.nix index 95b1c74..fc4badc 100644 --- a/defaults/user-configuration/fhauser/applications/git.nix +++ b/defaults/user-configuration/fhauser/applications/git.nix @@ -63,11 +63,7 @@ }; }; }); - in [ - (mkDefaultConfig "~/private/") - (mkDefaultConfig "/etc/nixos/") - (mkDefaultConfig "~/.password-store") - ((mkDefaultConfig "~/work/") // { + workConfig = { contents = { commit.gpgsign = true; tag.gpgsign = true; @@ -77,7 +73,14 @@ }; url."git@work.github.com".insteadOf = "git@github.com"; }; - }) + }; + in [ + (mkDefaultConfig "~/private/") + (mkDefaultConfig "/etc/nixos/") + (mkDefaultConfig "~/.password-store/") + (mkDefaultConfig "~/shares/cloud.qo.is/") + ((mkDefaultConfig "~/work/") // workConfig) + ((mkDefaultConfig "~/shares/cloud.threema.ch/") // workConfig) ]; ignores = [ "*~" "*.swp" ".direnv/" ]; lfs.enable = true; From 6ba2871ad13fed0d3c0b7005204f4b03e6f3f59a Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 3 May 2021 15:03:49 +0200 Subject: [PATCH 08/12] Add various mime types --- defaults/user-configuration/fhauser/sway.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/defaults/user-configuration/fhauser/sway.nix b/defaults/user-configuration/fhauser/sway.nix index 23b0315..21fffef 100644 --- a/defaults/user-configuration/fhauser/sway.nix +++ b/defaults/user-configuration/fhauser/sway.nix @@ -230,7 +230,7 @@ sheet-editor = [ "calc.desktop" ]; presentation-editor = [ "impress.desktop" ]; pdf = [ "org.gnome.Evince.desktop " ]; - image = [ "geeqie.desktop" ]; + image = [ "org.gnome.eog.desktop" ]; image-vector = [ "org.inkscape.Inkscape.desktop" ]; ebooks = [ "calibre-ebook-viewer.desktop" ]; code-general = [ "codium.desktop" ]; @@ -239,6 +239,13 @@ "text/html" = browser; "x-scheme-handler/http" = browser; "x-scheme-handler/https" = browser; + "x-scheme-handler/chrome" = browser; + "application/xhtml+xml" = browser; + "application/x-extension-htm" = browser; + "application/x-extension-html" = browser; + "application/x-extension-shtml" = browser; + "application/x-extension-xhtml" = browser; + "application/x-extension-xht" = browser; "x-scheme-handler/mailto" = email; "x-scheme-handler/msteams" = [ "teams.desktop" ]; @@ -250,6 +257,7 @@ presentation-editor; "application/vnd.oasis.opendocument.presentation" = presentation-editor; "application/pdf" = pdf; + "application/x-extension-pdf" = pdf; "application/epub+zip" = ebooks; "text/plain" = code-general; From 07bd394a43f21a96d64741e95b2ba7bbd6679785 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 3 May 2021 15:04:16 +0200 Subject: [PATCH 09/12] Remove geeqie As it does not seem to work with wayland --- defaults/user-configuration/fhauser/multimedia.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/defaults/user-configuration/fhauser/multimedia.nix b/defaults/user-configuration/fhauser/multimedia.nix index 8e14746..e3e2c05 100644 --- a/defaults/user-configuration/fhauser/multimedia.nix +++ b/defaults/user-configuration/fhauser/multimedia.nix @@ -25,7 +25,6 @@ lensfun luminanceHDR darktable - geeqie gphoto2 # ImageMagick-perl perl-File-Type perl-Term-ProgressBar #TODO: Support libraries for scripts inkscape From 8f56cf5a99e70ac7f90f250e594eea5041035297 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 3 May 2021 15:05:10 +0200 Subject: [PATCH 10/12] Apply nixfmt --- defaults/user-configuration/fhauser/sway.nix | 4 +-- hardware/thinkpad-t470s.nix | 10 ++---- host/speer/filesystems.nix | 33 ++++++++++---------- 3 files changed, 20 insertions(+), 27 deletions(-) diff --git a/defaults/user-configuration/fhauser/sway.nix b/defaults/user-configuration/fhauser/sway.nix index 21fffef..e14fe1b 100644 --- a/defaults/user-configuration/fhauser/sway.nix +++ b/defaults/user-configuration/fhauser/sway.nix @@ -182,9 +182,7 @@ }) ]; home-pc.outputs = [ - (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { - position = "0,0"; - }) + (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { position = "0,0"; }) (mkScreen "Unknown HP Z27 CN482201RP" // { position = "2560,0"; scale = 1.5; diff --git a/hardware/thinkpad-t470s.nix b/hardware/thinkpad-t470s.nix index 2a30a6a..585104a 100644 --- a/hardware/thinkpad-t470s.nix +++ b/hardware/thinkpad-t470s.nix @@ -7,14 +7,8 @@ ]; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "nvme" - "usb_storage" - "usbhid" - "sd_mod" - ]; + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; boot.kernelModules = [ "kvm-intel" ]; # Ignore Alcor smartcard (gpg is not very smart) diff --git a/host/speer/filesystems.nix b/host/speer/filesystems.nix index 1e207a1..e7c98c1 100644 --- a/host/speer/filesystems.nix +++ b/host/speer/filesystems.nix @@ -1,25 +1,26 @@ { config, pkgs, lib, ... }: { - boot.initrd.luks.devices.system.device = "/dev/disk/by-uuid/bf353bb1-43bf-453f-ae7e-0fa9b4d8778c"; + boot.initrd.luks.devices.system.device = + "/dev/disk/by-uuid/bf353bb1-43bf-453f-ae7e-0fa9b4d8778c"; boot.initrd.kernelModules = [ "dm-snapshot" ]; - fileSystems."/" = - { device = "/dev/disk/by-uuid/661ad230-72da-4326-bb3a-4965006475f8"; - fsType = "btrfs"; - options = [ "subvol=nixos" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/661ad230-72da-4326-bb3a-4965006475f8"; + fsType = "btrfs"; + options = [ "subvol=nixos" ]; + }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/661ad230-72da-4326-bb3a-4965006475f8"; - fsType = "btrfs"; - options = [ "subvol=home" ]; - }; + fileSystems."/home" = { + device = "/dev/disk/by-uuid/661ad230-72da-4326-bb3a-4965006475f8"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/A5C5-1372"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/A5C5-1372"; + fsType = "vfat"; + }; - swapDevices = []; + swapDevices = [ ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; From 2769751b2e3ab7152afcf6b266b7525334b60a65 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Thu, 6 May 2021 12:27:02 +0200 Subject: [PATCH 11/12] Add threema-env and fix threema-vpn --- .../fhauser/applications/scripts.nix | 46 +++++++++++-------- 1 file changed, 28 insertions(+), 18 deletions(-) diff --git a/defaults/user-configuration/fhauser/applications/scripts.nix b/defaults/user-configuration/fhauser/applications/scripts.nix index 3e94af9..0b4cfe4 100644 --- a/defaults/user-configuration/fhauser/applications/scripts.nix +++ b/defaults/user-configuration/fhauser/applications/scripts.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: let passbemenu = pkgs.writeScriptBin "passbemenu" '' @@ -29,24 +29,34 @@ let #!${pkgs.stdenv.shell} set -eo pipefail - SERVICE=openvpn-threema.service + SERVICE=openvpn-threema + SERVICE_EXEC="${config.systemd.services.openvpn-threema.serviceConfig.ExecStart}" - if [[ "$1" == "restart" ]]; then - ACTION=restart - elif [[ "$1" == "start" ]]; then - ACTION=start - elif [[ "$1" == "stop" ]]; then - ACTION=stop - elif [[ "$1" == "status" ]]; then - ACTION=status - elif [[ "$1" == "tail" ]]; then - sudo journalctl -f -u $SERVICE - exit 0 - else - echo "Usage: vpn (start|stop|restart|status|tail)" - exit 254 + exec sudo ${pkgs.openvpn}/sbin/openvpn''${SERVICE_EXEC#@* openvpn} + + ''; + threema-env = pkgs.writeScriptBin "threema-env" '' + #!/usr/bin/env bash + set -eo pipefail + + # Nix shell might fail on some PWDs, so go to home + cd $HOME + + ENV_NAME="$1" + ENV_FILE="$HOME/shares/cloud.threema.ch/envs/''${ENV_NAME}.nix" + COMMAND="$2" + + if [ -z "$ENV_NAME" ]; then + echo "Error: No env name provided" >&2 + exit 2 fi - sudo systemctl $ACTION $SERVICE + if [ ! -f "$ENV_FILE" ]; then + echo "Error: Env file does not exist" >&2 + exit 3 + fi + + echo "Starting '$COMMAND' in env '$ENV_FILE'" + ${pkgs.nix}/bin/nix-shell ''${ENV_FILE} --run "$COMMAND" ''; -in { home-manager.users.fhauser.home.packages = [ passbemenu threema-vpn ]; } +in { home-manager.users.fhauser.home.packages = [ passbemenu threema-vpn threema-env ]; } From 626acc0c31b99d0d595ab58d880e1c85c55dbe94 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Thu, 13 May 2021 23:00:06 +0200 Subject: [PATCH 12/12] Make screensharing work and fix pdf default app --- .../fhauser/applications/default.nix | 1 + .../fhauser/applications/kanshi.nix | 47 +++++ .../fhauser/applications/scripts.nix | 5 +- .../user-configuration/fhauser/default.nix | 1 + .../user-configuration/fhauser/mimetypes.nix | 58 ++++++ defaults/user-configuration/fhauser/sway.nix | 165 ++++-------------- 6 files changed, 142 insertions(+), 135 deletions(-) create mode 100644 defaults/user-configuration/fhauser/applications/kanshi.nix create mode 100644 defaults/user-configuration/fhauser/mimetypes.nix diff --git a/defaults/user-configuration/fhauser/applications/default.nix b/defaults/user-configuration/fhauser/applications/default.nix index 556263b..a87be1b 100644 --- a/defaults/user-configuration/fhauser/applications/default.nix +++ b/defaults/user-configuration/fhauser/applications/default.nix @@ -18,6 +18,7 @@ ./alacritty.nix ./shell.nix ./swaylock.nix + ./kanshi.nix ]; home-manager.users.fhauser.home.packages = with pkgs; [ # Networking diff --git a/defaults/user-configuration/fhauser/applications/kanshi.nix b/defaults/user-configuration/fhauser/applications/kanshi.nix new file mode 100644 index 0000000..ab0b7ca --- /dev/null +++ b/defaults/user-configuration/fhauser/applications/kanshi.nix @@ -0,0 +1,47 @@ +{ pkgs, lib, config, ... }: { + home-manager.users.fhauser.services.kanshi = { + enable = true; + profiles = let + backgroundPicturePath = "~/pictures/backgrounds"; + backgroundCommand = '' + #swaymsg "output * bg `find ${backgroundPicturePath} -type f | shuf -n 1` fill" + ''; + mkScreen = (screen: { + criteria = screen; + status = "enable"; + scale = 1.0; + }); + in rec { + #mobile.exec = backgroundCommand; + mobile.outputs = [ + (mkScreen "Unknown 0x08CE 0x00000000" // { + position = "0,0"; + scale = 2.0; + }) + ]; + home-dock.outputs = mobile.outputs ++ [ + (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { + position = "1920,0"; + scale = 1.0; + status = "enable"; + }) + ]; + office-dock.outputs = mobile.outputs ++ [ + (mkScreen "Dell Inc. DELL P2720DC BRKPK53" // { position = "1920,0"; }) + (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { position = "4480,0"; }) + ]; + home-pc.outputs = [ + (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { position = "0,0"; }) + (mkScreen "Unknown HP Z27 CN482201RP" // { + position = "2560,0"; + scale = 1.5; + }) + ]; + home-pc-row.outputs = home-pc.outputs ++ [ + (mkScreen "Ancor Communications Inc ASUS VS247 B3LMTF180900" // { + position = "5120,0"; + }) + ]; + }; + }; +} diff --git a/defaults/user-configuration/fhauser/applications/scripts.nix b/defaults/user-configuration/fhauser/applications/scripts.nix index 0b4cfe4..0a8b434 100644 --- a/defaults/user-configuration/fhauser/applications/scripts.nix +++ b/defaults/user-configuration/fhauser/applications/scripts.nix @@ -59,4 +59,7 @@ let echo "Starting '$COMMAND' in env '$ENV_FILE'" ${pkgs.nix}/bin/nix-shell ''${ENV_FILE} --run "$COMMAND" ''; -in { home-manager.users.fhauser.home.packages = [ passbemenu threema-vpn threema-env ]; } +in { + home-manager.users.fhauser.home.packages = + [ passbemenu threema-vpn threema-env ]; +} diff --git a/defaults/user-configuration/fhauser/default.nix b/defaults/user-configuration/fhauser/default.nix index c76f103..2ed1b0d 100644 --- a/defaults/user-configuration/fhauser/default.nix +++ b/defaults/user-configuration/fhauser/default.nix @@ -6,6 +6,7 @@ ./applications ./work ./i3.nix + ./mimetypes.nix ]; home-manager.users.fhauser.home.stateVersion = config.system.stateVersion; } diff --git a/defaults/user-configuration/fhauser/mimetypes.nix b/defaults/user-configuration/fhauser/mimetypes.nix new file mode 100644 index 0000000..913343b --- /dev/null +++ b/defaults/user-configuration/fhauser/mimetypes.nix @@ -0,0 +1,58 @@ +{ pkgs, lib, config, ... }: { + + home-manager.users.fhauser.xdg.mimeApps = rec { + enable = true; + associations.added = defaultApplications; + defaultApplications = let + browser = [ "firefox.desktop" ]; + email = [ "org.gnome.Evolution.desktop" ]; + doc-editor = [ "writer.desktop" ]; + sheet-editor = [ "calc.desktop" ]; + presentation-editor = [ "impress.desktop" ]; + pdf = [ "org.gnome.Evince.desktop" ]; + image = [ "org.gnome.eog.desktop" ]; + image-vector = [ "org.inkscape.Inkscape.desktop" ]; + ebooks = [ "calibre-ebook-viewer.desktop" ]; + code-general = [ "codium.desktop" ]; + video = [ "vlc.desktop" ]; + in { + "text/html" = browser; + "x-scheme-handler/http" = browser; + "x-scheme-handler/https" = browser; + "x-scheme-handler/chrome" = browser; + "application/xhtml+xml" = browser; + "application/x-extension-htm" = browser; + "application/x-extension-html" = browser; + "application/x-extension-shtml" = browser; + "application/x-extension-xhtml" = browser; + "application/x-extension-xht" = browser; + "x-scheme-handler/mailto" = email; + "x-scheme-handler/msteams" = [ "teams.desktop" ]; + + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + doc-editor; + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + sheet-editor; + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + presentation-editor; + "application/vnd.oasis.opendocument.presentation" = presentation-editor; + "application/pdf" = pdf; + "application/x-extension-pdf" = pdf; + "application/epub+zip" = ebooks; + + "text/plain" = code-general; + "application/json" = code-general; + "text/markdown" = code-general; + + "image/png" = image; + "image/jpg" = image; + "image/jpeg" = image; + "image/x-tga" = image; + "image/tiff" = image; + "image/x-canon-cr2" = image; + "image/svg+xml" = image-vector; + + "video/mp4" = video; + }; + }; +} diff --git a/defaults/user-configuration/fhauser/sway.nix b/defaults/user-configuration/fhauser/sway.nix index e14fe1b..f25b8bd 100644 --- a/defaults/user-configuration/fhauser/sway.nix +++ b/defaults/user-configuration/fhauser/sway.nix @@ -4,6 +4,11 @@ programs.sway.enable = true; services.gnome3.gnome-remote-desktop.enable = true; environment.systemPackages = with pkgs; [ pipewire_0_2 ]; + systemd.user.services.pipewire.environment.XDG_CURRENT_DESKTOP = "sway"; + systemd.user.services.xdg-desktop-portal-wlr.environment.XDG_CURRENT_DESKTOP = + "sway"; + # systemd.user.services.xdg-desktop-portal-wlr.script = "${pkgs.xdg-desktop-portal-wlr}/libexec/xdg-desktop-portal-wlr"; + # systemd.user.services.xdg-desktop-portal-wlr.scriptArgs = "--output=DP-1"; # TODO: Extract this ***** home-manager.users.fhauser = let adhereTheSwayTarget = { Install.WantedBy = lib.mkForce [ "sway-session.target" ]; @@ -17,6 +22,7 @@ ${pkgs.bemenu}/bin/bemenu -m $active_screen --list 20 --ignorecase --prompt 'Start: ' | \ xargs swaymsg exec -- ''; + homeManagerConfig = config.home-manager.users.fhauser; in rec { home.packages = with pkgs; [ sway-contrib.grimshot @@ -35,7 +41,9 @@ xwayland = true; wrapperFeatures = { gtk = true; }; extraSessionCommands = '' - export XDG_CURRENT_DESKTOP=Unity + #export XDG_CURRENT_DESKTOP=Unity + export XDG_CURRENT_DESKTOP=sway + export XDG_SESSION_TYPE="wayland" export _JAVA_AWT_WM_NONREPARENTING=1 export SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh # TODO: Migrate export QT_QPA_PLATFORM=wayland @@ -122,88 +130,33 @@ ''; }; - services.kanshi = { - enable = true; - profiles = let - backgroundPicturePath = "~/pictures/backgrounds"; - mkScreen = (screen: { - criteria = screen; - status = "enable"; - scale = 1.0; - }); - in rec { - #mobile.exec = '' - # swaymsg "output * bg `find ${backgroundPicturePath} -type f | shuf -n 1` fill"''; - mobile.outputs = [ - (mkScreen "Unknown 0x08CE 0x00000000" // { - position = "0,0"; - scale = 2.0; - }) - ]; - #home-dock.exec = mobile.exec; - home-dock.outputs = [ - (mkScreen "Unknown 0x08CE 0x00000000" // { - status = "enable"; - scale = 2.0; - position = "0,0"; - }) - (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { - position = "1920,0"; - scale = 1.0; - status = "enable"; - }) - #(mkScreen "Dell Inc. DELL P2720DC 6JRRK53" // { - # position = "2560,0"; - # #position = "4480,0"; - # scale = 1.0; - # status = "enable"; - #}) - ]; - #chur-dock.outputs = [ - # (mkScreen "Unknown 0x08CE 0x00000000" // { - # position = "0,0"; - # scale = 2.0; - # }) - # (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { - # position = "1920,0"; - # }) - #]; - #office-dock.exec = mobile.exec; - office-dock.outputs = [ - (mkScreen "Unknown 0x08CE 0x00000000" // { - position = "0,0"; - scale = 2.0; - }) - (mkScreen "Dell Inc. DELL P2720DC BRKPK53" // { - position = "1920,0"; - }) - (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { - position = "4480,0"; - }) - ]; - home-pc.outputs = [ - (mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { position = "0,0"; }) - (mkScreen "Unknown HP Z27 CN482201RP" // { - position = "2560,0"; - scale = 1.5; - }) - ]; - }; - }; # TODO: Move these services elsewhere services.network-manager-applet.enable = true; - systemd.user.services.network-manager-applet = adhereTheSwayTarget; services.nextcloud-client.enable = true; - systemd.user.services.nextcloud-client = adhereTheSwayTarget // { - Service.ExecStart = - lib.mkForce "${pkgs.nextcloud-client}/bin/nextcloud --background"; - Unit.After = [ "waybar.service" ]; # For trayicon to work - }; # TODO: Test and upstream services.owncloud-client.enable = true; - systemd.user.services.owncloud-client = adhereTheSwayTarget // { - Unit.After = [ "waybar.service" ]; # For trayicon to work - }; services.pasystray.enable = true; + + systemd.user.services.network-manager-applet = adhereTheSwayTarget; + systemd.user.services.nextcloud-client = adhereTheSwayTarget // { + # For trayicon to work: + Unit.After = [ "waybar.service" ]; + Service = { + ExecStart = + lib.mkForce "${pkgs.nextcloud-client}/bin/nextcloud --background"; + ExecStartPre = "${pkgs.coreutils}/bin/sleep 3"; + Environment = lib.mkForce + "PATH=${homeManagerConfig.home.profileDirectory}/bin XDG_CURRENT_DESKTOP=Unity"; + }; + }; + systemd.user.services.owncloud-client = adhereTheSwayTarget // { + # For trayicon to work: + Unit.After = [ "waybar.service" ]; + Service = { + ExecStartPre = "${pkgs.coreutils}/bin/sleep 3"; + Environment = lib.mkForce + "PATH=${homeManagerConfig.home.profileDirectory}/bin XDG_CURRENT_DESKTOP=Unity"; + }; + }; systemd.user.services.pasystray = adhereTheSwayTarget; gtk = { @@ -217,61 +170,5 @@ }; dconf.settings = { "org/gnome/desktop/interface".menus-have-icons = true; }; - - xdg.mimeApps = rec { - enable = true; - associations.added = defaultApplications; - defaultApplications = let - browser = [ "firefox.desktop" ]; - email = [ "org.gnome.Evolution.desktop" ]; - doc-editor = [ "writer.desktop" ]; - sheet-editor = [ "calc.desktop" ]; - presentation-editor = [ "impress.desktop" ]; - pdf = [ "org.gnome.Evince.desktop " ]; - image = [ "org.gnome.eog.desktop" ]; - image-vector = [ "org.inkscape.Inkscape.desktop" ]; - ebooks = [ "calibre-ebook-viewer.desktop" ]; - code-general = [ "codium.desktop" ]; - video = [ "vlc.desktop" ]; - in { - "text/html" = browser; - "x-scheme-handler/http" = browser; - "x-scheme-handler/https" = browser; - "x-scheme-handler/chrome" = browser; - "application/xhtml+xml" = browser; - "application/x-extension-htm" = browser; - "application/x-extension-html" = browser; - "application/x-extension-shtml" = browser; - "application/x-extension-xhtml" = browser; - "application/x-extension-xht" = browser; - "x-scheme-handler/mailto" = email; - "x-scheme-handler/msteams" = [ "teams.desktop" ]; - - "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = - doc-editor; - "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = - sheet-editor; - "application/vnd.openxmlformats-officedocument.presentationml.presentation" = - presentation-editor; - "application/vnd.oasis.opendocument.presentation" = presentation-editor; - "application/pdf" = pdf; - "application/x-extension-pdf" = pdf; - "application/epub+zip" = ebooks; - - "text/plain" = code-general; - "application/json" = code-general; - "text/markdown" = code-general; - - "image/png" = image; - "image/jpg" = image; - "image/jpeg" = image; - "image/x-tga" = image; - "image/tiff" = image; - "image/x-canon-cr2" = image; - "image/svg+xml" = image-vector; - - "video/mp4" = video; - }; - }; }; }