fabianhauser/dotfiles
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge branch 'notebook-fabian'

Browse source
This commit is contained in:
Fabian Hauser 2021-05-14 00:31:39 +02:00
commit ec9db1ae0a
47 changed files with 1867 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
defaults/user-configuration/default.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, pkgs, lib, ... }: {
imports = [ <home-manager/nixos> ];
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
};
}

6
defaults/user-configuration/fhauser/applications/alacritty.nix Normal file
View file

@ -0,0 +1,6 @@
{ pkgs, ... }: {
home-manager.users.fhauser.programs.alacritty = {
enable = true;
settings."background_opacity" = 0.95;
};
}

7
defaults/user-configuration/fhauser/applications/android-studio.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
#home-manager.users.fhauser = {
# home.packages = with pkgs; [ androidStudioPackages.beta ];
# pam.sessionVariables.STUDIO_JDK = "${pkgs.jdk14}/lib/openjdk";
#}; # TODO: This was extracted into a shell.nix
}

77
defaults/user-configuration/fhauser/applications/default.nix Normal file
View file

@ -0,0 +1,77 @@
{ config, pkgs, lib, ... }:
{
imports = [
./firefox.nix
./gpg.nix
./ssh.nix
./scripts.nix
./webapps.nix
./vim.nix
./git.nix
./waybar.nix
./psql.nix
./android-studio.nix
./mako.nix
./redshift.nix
./alacritty.nix
./shell.nix
./swaylock.nix
./kanshi.nix
];
home-manager.users.fhauser.home.packages = with pkgs;
[ # Networking
unison
transmission # GUI Tools, maybe extract...
] ++ [ # Desktop Environment Applications
google-chrome
chromium
#midori # TODO: Currently unused
#qutebrowser # TODO: Currently unused
gnome3.evolution # TODO: Suport for plugins with 21.05
#evolution-ews
synergy
#quicksynergy # Currently unused
nextcloud-client
owncloud-client
] ++ [ # office # TODO: Migrate to office.nix
# TODO: Build fails!
libreoffice-fresh # TODO: Dictionaries, nixos/nixpkgs#14430
# pdfgrep
# pdftk
# calibre
tectonic
# texstudio
# pandoc
# system-config-printer
# cups-pk-helper
# cups-bjnp
# gutenprint
# gutenprintBin
# hplipWithPlugin
simple-scan
gnome3.gnome-online-accounts
gnome3.gnome-control-center
] ++ [ # Communication
signal-desktop
tdesktop
discord
mattermost-desktop
# pidgin pidgin-otr pidgin-with-plugins #TODO: Pidgin needed?
#TODO: ekiga?
skype
slack
teams
jitsi-meet-electron
teamviewer
rdesktop
vmware-horizon-client
] ++ [ # Development
vscodium
gitlab-runner
docker-compose
vagrant
virt-manager
];
}

9
defaults/user-configuration/fhauser/applications/firefox.nix Normal file
View file

@ -0,0 +1,9 @@
{ pkgs, ... }: {
home-manager.users.fhauser = {
programs.firefox = {
enable = true;
package = pkgs.firefox-wayland;
};
home.sessionVariables.MOZ_ENABLE_WAYLAND = "true";
};
}

88
defaults/user-configuration/fhauser/applications/git.nix Normal file
View file

@ -0,0 +1,88 @@
{ pkgs, ... }: {
home-manager.users.fhauser.programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
aliases = {
s = "status --short --branch";
a = "add --patch";
c = "commit --message";
l =
"log --color --graph --pretty=format:'%Cred%h%Creset - %C(bold)%s%Creset%C(yellow)%d%Creset %C(green)%an%Creset %C(cyan)%cr%Creset (S: %G?)' --abbrev-commit";
d = "diff";
fup = "commit --fixup";
fuprebase = "rebase --interactive --autosquash";
ignore = "update-index --skip-worktree";
unignore = "update-index --no-skip-worktree";
ignored = ''!git ls-files -v | grep "^S"'';
};
#delta = {
# enable = true;
# options = {
# side-by-side = "true";
# line-numbers = "true";
# line-numbers-minus-style = "#444444";
# line-numbers-zero-style = "#444444";
# line-numbers-plus-style = "#444444";
# line-numbers-left-format = "{nm:>4}┊";
# line-numbers-right-format = "{np:>4}│";
# line-numbers-left-style = "blue";
# line-numbers-right-style = "blue";
# };
#};
extraConfig = {
core = {
packedGitWindowSize = "16m";
packedGitLimit = "64m";
};
pack = {
windowMemory = "64m";
packSizeLimit = "64m";
thread = "1";
deltaCacheSize = "1m";
};
color = {
branch = "auto";
diff = "auto";
status = "auto";
};
push.default = "simple";
pull.rebase = "true";
branch.autosetuprebase = "always";
};
includes = let
mkDefaultConfig = (dir: {
condition = "gitdir:${dir}";
contents = {
user = {
signingkey = "0x8A52A140BEBF7D2C";
email = "fabian@fh2.ch";
name = "Fabian Hauser";
};
};
});
workConfig = {
contents = {
commit.gpgsign = true;
tag.gpgsign = true;
user = {
signingkey = "0xE0CDD70E5D286D64";
email = "fabian.hauser@threema.ch";
};
url."git@work.github.com".insteadOf = "git@github.com";
};
};
in [
(mkDefaultConfig "~/private/")
(mkDefaultConfig "/etc/nixos/")
(mkDefaultConfig "~/.password-store/")
(mkDefaultConfig "~/shares/cloud.qo.is/")
((mkDefaultConfig "~/work/") // workConfig)
((mkDefaultConfig "~/shares/cloud.threema.ch/") // workConfig)
];
ignores = [ "*~" "*.swp" ".direnv/" ];
lfs.enable = true;
};
}

37
defaults/user-configuration/fhauser/applications/gpg.nix Normal file
View file

@ -0,0 +1,37 @@
{ pkgs, ... }: {
#TODO: ENV variabls for agent
home-manager.users.fhauser.home.sessionVariables.SSH_AUTH_SOCK =
"/run/user/1000/gnupg/S.gpg-agent.ssh";
home-manager.users.fhauser.programs.gpg = {
enable = true;
settings = {
"use-agent" = true;
"trust-model" = "tofu";
"no-emit-version" = true;
"no-comments" = true;
"sig-notation" = "issuer-fpr@notations.openpgp.fifthhorseman.net=%g";
"keyserver" = "hkp://pool.sks-keyservers.net";
"keyserver-options" = "auto-key-retrieve no-honor-keyserver-url";
"personal-cipher-preferences" = "AES256 AES192 AES CAST5";
"cert-digest-algo" = "SHA512";
"personal-digest-preferences" = "SHA512 SHA384 SHA256 SHA224";
"default-preference-list" =
"SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
"display-charset" = "utf-8";
"fixed-list-mode" = true;
"with-fingerprint" = true;
"keyid-format" = "0xlong";
"verify-options" = "show-uid-validity";
"list-options" = "show-uid-validity";
};
};
home-manager.users.fhauser.services.gpg-agent = {
enable = true;
enableScDaemon = true;
enableSshSupport = true;
sshKeys = [
"99DFB0F28CF9420A2D6383139E86814A1568C81B" # 0x8193A5D218B553DD / fabian.hauser@threema.ch
"638143D3F6421377E9D4C7F1D2EDC5AA0A860351" # 0x3E957C9C8CB5D6B2 / fabian.hauser@qo.is
];
};
}

47
defaults/user-configuration/fhauser/applications/kanshi.nix Normal file
View file

@ -0,0 +1,47 @@
{ pkgs, lib, config, ... }: {
home-manager.users.fhauser.services.kanshi = {
enable = true;
profiles = let
backgroundPicturePath = "~/pictures/backgrounds";
backgroundCommand = ''
#swaymsg "output * bg `find ${backgroundPicturePath} -type f | shuf -n 1` fill"
'';
mkScreen = (screen: {
criteria = screen;
status = "enable";
scale = 1.0;
});
in rec {
#mobile.exec = backgroundCommand;
mobile.outputs = [
(mkScreen "Unknown 0x08CE 0x00000000" // {
position = "0,0";
scale = 2.0;
})
];
home-dock.outputs = mobile.outputs ++ [
(mkScreen "Dell Inc. DELL P2720DC 22JPK53" // {
position = "1920,0";
scale = 1.0;
status = "enable";
})
];
office-dock.outputs = mobile.outputs ++ [
(mkScreen "Dell Inc. DELL P2720DC BRKPK53" // { position = "1920,0"; })
(mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { position = "4480,0"; })
];
home-pc.outputs = [
(mkScreen "Dell Inc. DELL P2720DC 22JPK53" // { position = "0,0"; })
(mkScreen "Unknown HP Z27 CN482201RP" // {
position = "2560,0";
scale = 1.5;
})
];
home-pc-row.outputs = home-pc.outputs ++ [
(mkScreen "Ancor Communications Inc ASUS VS247 B3LMTF180900" // {
position = "5120,0";
})
];
};
};
}

14
defaults/user-configuration/fhauser/applications/mako.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, ... }: {
home-manager.users.fhauser.programs.mako = {
enable = true;
backgroundColor = "#CCCCCCCC"; # TODO: Make layout colors in a central place
borderSize = 0;
#borderColor = "#4C7899FF";
defaultTimeout = 1500;
#ignoreTimeout = true;
#textColor = "#FFFFFFFF";
#width = 300;
#height = 100;
#font = "monospace 10";
}; # TODO
}

21
defaults/user-configuration/fhauser/applications/psql.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, ... }: {
home-manager.users.fhauser.home.file.".psqlrc".text = ''
\set QUIET 1
\pset linestyle unicode
\pset border 2
\set null [null]
\set COMP_KEYWORD_CASE upper
\set ON_ERROR_ROLLBACK interactive
\set PROMPT1 '%[%033[1m%]%M/%/%R%[%033[0m%]%# '
\set PROMPT2 ''''
\set VERBOSITY verbose
\timing
\x auto
\unset QUIET
\conninfo
'';
}

13
defaults/user-configuration/fhauser/applications/redshift.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }: {
home-manager.users.fhauser.services.redshift = {
enable = true;
package = pkgs.redshift-wlr;
brightness.night = "0.9";
temperature.day = 6300;
temperature.night = 5500;
latitude = "47.2";
longitude = "8.8";
tray = true;
};
}

65
defaults/user-configuration/fhauser/applications/scripts.nix Normal file
View file

@ -0,0 +1,65 @@
{ pkgs, config, ... }:
let
passbemenu = pkgs.writeScriptBin "passbemenu" ''
#!${pkgs.stdenv.shell}
shopt -s nullglob globstar
typeit=0
if [[ $1 == "--type" ]]; then
typeit=1
shift
fi
export BEMENU_BACKEND=wayland
prefix=''${PASSWORD_STORE_DIR-~/.password-store}
password_files=( "$prefix"/**/*.gpg )
password_files=( "''${password_files[@]#"$prefix"/}" )
password_files=( "''${password_files[@]%.gpg}" )
password=$(printf '%s\n' "''${password_files[@]}" | \
${pkgs.bemenu}/bin/bemenu --list 20 --ignorecase --prompt 'Pass: ' "$@")
[[ -n $password ]] || exit
${pkgs.pass-wayland}/bin/pass show -c "$password" 2>/dev/null
'';
threema-vpn = pkgs.writeScriptBin "threema-vpn" ''
#!${pkgs.stdenv.shell}
set -eo pipefail
SERVICE=openvpn-threema
SERVICE_EXEC="${config.systemd.services.openvpn-threema.serviceConfig.ExecStart}"
exec sudo ${pkgs.openvpn}/sbin/openvpn''${SERVICE_EXEC#@* openvpn}
'';
threema-env = pkgs.writeScriptBin "threema-env" ''
#!/usr/bin/env bash
set -eo pipefail
# Nix shell might fail on some PWDs, so go to home
cd $HOME
ENV_NAME="$1"
ENV_FILE="$HOME/shares/cloud.threema.ch/envs/''${ENV_NAME}.nix"
COMMAND="$2"
if [ -z "$ENV_NAME" ]; then
echo "Error: No env name provided" >&2
exit 2
fi
if [ ! -f "$ENV_FILE" ]; then
echo "Error: Env file does not exist" >&2
exit 3
fi
echo "Starting '$COMMAND' in env '$ENV_FILE'"
${pkgs.nix}/bin/nix-shell ''${ENV_FILE} --run "$COMMAND"
'';
in {
home-manager.users.fhauser.home.packages =
[ passbemenu threema-vpn threema-env ];
}

59
defaults/user-configuration/fhauser/applications/shell.nix Normal file
View file

@ -0,0 +1,59 @@
{ pkgs, ... }: {
home-manager.users.fhauser.programs = {
bash = {
enable = true;
historyIgnore = [ "ls" "cd" "exit" "j" ];
shellAliases = {
# Sane defaults
l = "ls -lah";
cp = "cp --reflink=auto";
pwgen = "pwgen -c -n -s -N 30";
bc = "bc --mathlib";
cal = "cal -m";
curl = "curl -L";
# Git helpers
git-fetch-pr =
"git config --add remote.origin.fetch '+refs/pull/*/head:refs/remotes/origin/pr/*'";
git-config-fetchall = ''
git config --add remote.origin.fetch "+refs/pull/*/head:refs/remotes/origin/pr/*"'';
git-enable-signing =
"git config commit.gpgsign true && git config tag.gpgsign true";
# Common Typos
gits = "git s";
};
initExtra = ''
function o(){
xdg-open "$*" >/dev/null 2>&1 &
}
'';
shellOptions = [ "autocd" "checkjobs" "dotglob" "globstar" "histappend" ];
sessionVariables = {
#TODO: Some of these should be migrated to the according application.
GPG_TTY = "$(tty)";
PGDATABASE = "postgres";
};
};
autojump = {
enable = true;
enableBashIntegration = true;
};
powerline-go = {
enable = true;
settings = {
hostname-only-if-ssh = true;
numeric-exit-codes = true;
colorize-hostname = true;
cwd-max-depth = 4;
modules = "ssh,host,root,cwd,perms,dotenv,venv,node,git,jobs";
};
};
direnv = {
enable = true;
enableBashIntegration = true;
enableNixDirenvIntegration = true;
};
};
}

26
defaults/user-configuration/fhauser/applications/ssh.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, lib, ... }: {
home-manager.users.fhauser.programs.ssh = let
forceIdentityThreema = {
identityFile = toString (pkgs.writeText "fabian.hauser@threema.ch.pub" ''
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7h492sXT7zdamf+nbOt+y6jiqxicOnm6+wiuEG1EvZ openpgp:0x18B553DD
'');
identitiesOnly = true;
};
forceIdentityPrivate = {
identityFile = toString (pkgs.writeText "fabian.hauser@qo.is.pub" ''
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000610954665
'');
identitiesOnly = true;
};
in {
enable = true;
matchBlocks = {
"work.github.com" = forceIdentityThreema // {
hostname = "github.com";
user = "git";
};
"github.com" = forceIdentityPrivate // { user = "git"; };
};
#TODO: Authorized keys implementation, see https://github.com/nix-community/home-manager/pull/9
};
}

33
defaults/user-configuration/fhauser/applications/swaylock.nix Normal file
View file

@ -0,0 +1,33 @@
{ pkgs, ... }: {
home-manager.users.fhauser.systemd.user.services.swayidle = let
lock =
"${pkgs.swaylock}/bin/swaylock --hide-keyboard-layout --ignore-empty-password --daemonize --show-failed-attempts --color=000000";
logTimeCmd = "${pkgs.coreutils}/bin/date --rfc-3339=seconds >> ~/locklog";
idleCmd = (action:
''${pkgs.sway}/bin/swaymsg "output * dpms ${action}" && ${logTimeCmd}'');
timeout-screens-off = 600;
timeout-lock = 630;
timeout-suspend = 1800;
in {
Unit = {
Description = "Idle Manager for Wayland";
Documentation = [ "man:swayidle(1)" ];
PartOf = [ "graphical-session.target" ];
};
Service = {
Environment = "PATH=${pkgs.bash}/bin";
ExecStart = ''
${pkgs.swayidle}/bin/swayidle -w -d \
timeout ${toString timeout-lock} '${lock}' \
timeout ${toString timeout-screens-off} '${idleCmd "off"}' \
resume '${idleCmd "on"}' \
timeout ${
toString timeout-suspend
} '${pkgs.systemd}/bin/systemctl suspend' \
lock '${lock}' \
before-sleep '${lock}';
''; # TODO: Make this configurable and add home-manager module. (Requires sway with systemd-target support)
};
Install = { WantedBy = [ "sway-session.target" ]; };
};
}

54
defaults/user-configuration/fhauser/applications/vim.nix Normal file
View file

@ -0,0 +1,54 @@
{ pkgs, ... }: {
home-manager.users.fhauser.programs.vim = {
enable = true;
extraConfig = ''
colorscheme elflord
set autoindent
set ruler
set pastetoggle=<F2>
set splitbelow
set splitright
set tabstop=2
set softtabstop=2
set listchars="eol:¬,tab:>·,trail:~,extends:>,precedes:<,space:"
set grepprg=ack\ -k
set statusline+=%{SyntasticStatuslineFlag()}
set statusline+=%*
let g:syntastic_always_populate_loc_list = 1
let g:syntastic_auto_loc_list = 1
let g:syntastic_check_on_open = 1
let g:syntastic_check_on_wq = 0
let g:syntastic_mode_map = { 'mode': 'passive', 'active_filetypes': [],'passive_filetypes': [] }
"nnoremap <C-w>E :SyntasticCheck<CR> :SyntasticToggleMode<CR>
" Rust
"let g:rustfmt_autosave = 1
let g:racer_cmd="~/.cargo/bin/racer"
"let g:racer_experimental_completer = 1
au FileType rust nmap gd <Plug>(rust-def)
au FileType rust nmap gs <Plug>(rust-def-split)
au FileType rust nmap gx <Plug>(rust-def-vertical)
au FileType rust nmap <leader>gd <Plug>(rust-doc)
" Typescript
au BufRead,BufNewFile *.ts setfiletype typescript
" Options
filetype plugin indent on
syntax on
'';
plugins = with pkgs.vimPlugins; [ vim-sensible vim-airline ];
settings = {
background = "dark";
ignorecase = true;
mouse = "n";
hidden = true;
expandtab = true;
};
};
}

382
defaults/user-configuration/fhauser/applications/waybar.nix Normal file
View file

@ -0,0 +1,382 @@
{ pkgs, lib, config, ... }: {
home-manager.users.fhauser = {
xsession.preferStatusNotifierItems = true;
wayland.windowManager.sway.config.bars = [ ];
programs.waybar = {
enable = true;
settings = [{
position = "top";
#height =
modules-left = [ "sway/mode" "sway/workspaces" ];
modules-center = [ "sway/window" ];
modules-right = [
"backlight"
"idle_inhibitor"
"bluetooth"
"cpu"
"temperature"
"memory"
"disk"
"network"
"pulseaudio"
#"custom/keyboard-layout"
"battery"
"tray"
"clock"
];
modules = {
backlight.format = " {percent}%";
disk.format = " {percentage_used}%";
clock.format = "{:%Y-%2m-%2d%H:%M}";
"sway/workspaces" = {
disable-scroll-wraparound = true;
enable-bar-scroll = true;
numeric-first = true;
};
battery = {
interval = 10;
states = {
warning = 15;
critical = 10;
};
format = " {capacity}% {time}"; # Icon: bolt
format-discharging = "{icon} {capacity}% {time}";
format-time = "{H}:{M}";
format-icons = [
"" # Icon: battery-full
"" # Icon: battery-three-quarters
"" # Icon: battery-half
"" # Icon: battery-quarter
"" # Icon: battery-empty
];
tooltip = "true";
};
cpu = {
interval = "5";
format = " {usage}% ({load})"; # Icon: microchip
states = {
warning = "70";
critical = "90";
};
};
#"custom/keyboard-layout" = {
# exec = pkgs.writeShellScript "keyboard-layout" "swaymsg -t get_inputs | grep -m1 'xkb_active_layout_name' | cut -d '\"' -f4";
# # Interval set only as a fallback, as the value is updated by signal
# interval = "30";
# format = " {}"; # Icon: keyboard
# # Signal sent by Sway key binding (~/.config/sway/key-bindings)
# signal = "1"; # SIGHUP
# tooltip = "false";
#};
memory = {
interval = "5";
format = " {}%"; # Icon: microchip
states = {
warning = "70";
critical = "90";
};
};
network = {
interval = "5";
format-wifi = " {essid} ({signalStrength}%)"; # Icon: wifi
format-ethernet = "🔗 {ifname}: {ipaddr}/{cidr}"; # Icon: ethernet
format-disconnected = "🔗";
tooltip-format = "{ifname}: {ipaddr}";
};
"sway/mode" = {
format =
''<span style="italic"> {}</span>''; # Icon: expand-arrows-alt
tooltip = "false";
};
"sway/window" = {
format = "{}";
max-length = "120";
};
"sway/workspaces" = {
all-outputs = false;
disable-scroll = true;
format = "{icon}";
format-icons = {
"10" = " 10";
"11" = " 11";
"12" = " 12";
"13" = " 13";
};
};
pulseaudio = {
scroll-step = 3;
format = "{icon} {volume}%";
format-bluetooth = "{icon} {volume}%";
format-muted = "🔇";
format-icons = {
headphones = "";
handsfree = "";
headset = "";
phone = "";
portable = "";
car = "";
default = [ "" "" "" ];
};
on-click = "pavucontrol";
};
temperature = {
critical-threshold = 80;
interval = 5;
format = "{icon} {temperatureC}°C";
format-icons = [
"" # Icon: temperature-empty
"" # Icon: temperature-quarter
"" # Icon: temperature-half
"" # Icon: temperature-three-quarters
"" # Icon: temperature-full
];
tooltip = "true";
hwmon-path = "/sys/class/hwmon/hwmon2/temp1_input";
};
idle_inhibitor = {
format = "{icon}";
format-icons = {
activated = "";
deactivated = "";
};
};
tray = {
icon-size = "21";
spacing = "10";
};
};
}];
systemd.enable = true;
style = ''
/* =============================================================================
*
* Waybar configuration
*
* Configuration reference: https://github.com/Alexays/Waybar/wiki/Configuration
*
* =========================================================================== */
/* -----------------------------------------------------------------------------
* Keyframes
* -------------------------------------------------------------------------- */
@keyframes blink-warning {
70% {
color: white;
}
to {
color: white;
background-color: orange;
}
}
@keyframes blink-critical {
70% {
color: white;
}
to {
color: white;
background-color: red;
}
}
/* -----------------------------------------------------------------------------
* Base styles
* -------------------------------------------------------------------------- */
/* Reset all styles */
* {
border: none;
border-radius: 0;
min-height: 0;
margin: 0;
padding: 0;
}
/* The whole bar */
#waybar {
background: #323232;
color: white;
/*font-family: Cantarell, Noto Sans, sans-serif;*/
font-size: 13px;
}
/* Each module */
#battery,
#clock,
#cpu,
#custom-keyboard-layout,
#memory,
#mode,
#network,
#pulseaudio,
#temperature,
#backlight,
#idle_inhibitor,
#tray {
margin-left: 5px;
margin-right: 5px;
padding-left: 5px;
padding-right: 5px;
/*border-right: solid 1px black;*/
}
#backlight {
margin-right: 0;
padding-right: 0;
}
#idle_inhibiter {
margin-left: 0;
padding-left: 0;
}
/* -----------------------------------------------------------------------------
* Module styles
* -------------------------------------------------------------------------- */
#battery {
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
#battery.warning {
color: orange;
}
#battery.critical {
color: red;
}
#battery.warning.discharging {
animation-name: blink-warning;
animation-duration: 4s;
}
#battery.critical.discharging {
animation-name: blink-critical;
animation-duration: 3s;
}
#clock {
font-weight: bold;
}
#cpu {
/* No styles */
}
#cpu.warning {
color: orange;
}
#cpu.critical {
color: red;
}
#memory {
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
#memory.warning {
color: orange;
}
#memory.critical {
color: red;
animation-name: blink-critical;
animation-duration: 2s;
}
#mode {
background: #64727D;
border-top: 2px solid white;
/* To compensate for the top border and still have vertical centering */
padding-bottom: 2px;
}
#network {
/* No styles */
}
#network.disconnected {
color: orange;
}
#pulseaudio {
/* No styles */
}
#pulseaudio.muted {
/* No styles */
}
#custom-spotify {
color: rgb(102, 220, 105);
}
#temperature {
/* No styles */
}
#temperature.critical {
color: red;
}
#tray {
/* No styles */
}
#window {
font-weight: bold;
}
#workspaces button {
border-top: 2px solid transparent;
/* To compensate for the top border and still have vertical centering */
padding-bottom: 2px;
padding-left: 10px;
padding-right: 10px;
color: #888888;
}
#workspaces button.focused {
border-color: #4c7899;
color: white;
background-color: #285577;
}
#workspaces button.urgent {
border-color: #c9545d;
color: #c9545d;
}
'';
};
systemd.user.services.waybar.Unit = {
Requisite = lib.mkForce [ ];
After = lib.mkForce [ ];
};
};
}

26
defaults/user-configuration/fhauser/applications/webapps.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, ... }:
let
web-app = name: url:
pkgs.writeScriptBin name ''
#!${pkgs.stdenv.shell}
exec ${pkgs.chromium}/bin/chromium --user-data-dir=$HOME/.config/chromium-app-${name} --app="${url}"
'';
whatsapp = web-app "whatsapp" "https://web.whatsapp.com/";
threema = web-app "threema" "https://web-beta.threema.ch/";
threema-work = web-app "threema-work" "https://web-beta.threema.ch/";
threema-red = web-app "threema-red" "https://web-work-staging.threema.ch/";
threema-tickets = web-app "threema-tickets" "https://ticket.threema.ch/scp/";
netflix = web-app "netflix" "https://netflix.com/";
disneyplus = web-app "disneyplus" "https://disneyplus.com/";
in {
home-manager.users.fhauser.home.packages = [
whatsapp
netflix
disneyplus
threema
threema-work
threema-red
threema-tickets
];
}

12
defaults/user-configuration/fhauser/default.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, pkgs, lib, ... }: {
imports = [
./sway.nix
./multimedia.nix
./security.nix
./applications
./work
./i3.nix
./mimetypes.nix
];
home-manager.users.fhauser.home.stateVersion = config.system.stateVersion;
}

18
defaults/user-configuration/fhauser/i3.nix Normal file
View file

@ -0,0 +1,18 @@
{ pkgs, lib, config, ... }: {
home-manager.users.fhauser = let
adhereTheSwayTarget = {
Install.WantedBy = lib.mkForce [ "sway-session.target" ];
Unit.PartOf = lib.mkForce [ "sway-session.target" ];
};
in rec {
programs.i3status = {
enable = true;
enableDefault = true;
};
xsession.windowManager.i3 = {
enable = true;
};
};
}

58
defaults/user-configuration/fhauser/mimetypes.nix Normal file
View file

@ -0,0 +1,58 @@
{ pkgs, lib, config, ... }: {
home-manager.users.fhauser.xdg.mimeApps = rec {
enable = true;
associations.added = defaultApplications;
defaultApplications = let
browser = [ "firefox.desktop" ];
email = [ "org.gnome.Evolution.desktop" ];
doc-editor = [ "writer.desktop" ];
sheet-editor = [ "calc.desktop" ];
presentation-editor = [ "impress.desktop" ];
pdf = [ "org.gnome.Evince.desktop" ];
image = [ "org.gnome.eog.desktop" ];
image-vector = [ "org.inkscape.Inkscape.desktop" ];
ebooks = [ "calibre-ebook-viewer.desktop" ];
code-general = [ "codium.desktop" ];
video = [ "vlc.desktop" ];
in {
"text/html" = browser;
"x-scheme-handler/http" = browser;
"x-scheme-handler/https" = browser;
"x-scheme-handler/chrome" = browser;
"application/xhtml+xml" = browser;
"application/x-extension-htm" = browser;
"application/x-extension-html" = browser;
"application/x-extension-shtml" = browser;
"application/x-extension-xhtml" = browser;
"application/x-extension-xht" = browser;
"x-scheme-handler/mailto" = email;
"x-scheme-handler/msteams" = [ "teams.desktop" ];
"application/vnd.openxmlformats-officedocument.wordprocessingml.document" =
doc-editor;
"application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" =
sheet-editor;
"application/vnd.openxmlformats-officedocument.presentationml.presentation" =
presentation-editor;
"application/vnd.oasis.opendocument.presentation" = presentation-editor;
"application/pdf" = pdf;
"application/x-extension-pdf" = pdf;
"application/epub+zip" = ebooks;
"text/plain" = code-general;
"application/json" = code-general;
"text/markdown" = code-general;
"image/png" = image;
"image/jpg" = image;
"image/jpeg" = image;
"image/x-tga" = image;
"image/tiff" = image;
"image/x-canon-cr2" = image;
"image/svg+xml" = image-vector;
"video/mp4" = video;
};
};
}

50
defaults/user-configuration/fhauser/multimedia.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, pkgs, lib, ... }:
{
home-manager.users.fhauser.home.packages = with pkgs;
[ vlc v4l-utils calibre blender openshot-qt playerctl youtube-dl ]
++ [ # Audio
audacity
enblend-enfuse
ffmpeg
mplayer
sox # TODO: mencoder?
vorbis-tools
vorbisgain
opusTools
flac
lame
id3lib
id3v2 # TODO: icedax?
pasystray
pavucontrol
spotify
] ++ [ # Imaging
gimp
hugin
lensfun
luminanceHDR
darktable
gphoto2
# ImageMagick-perl perl-File-Type perl-Term-ProgressBar #TODO: Support libraries for scripts
inkscape
ghostscript
stellarium
#unity3d
] ++ [ # Codecs for Audio and Video
vobcopy
libdv
libdvbpsi # TODO: librtmp?
xvidcore
x264
gst_all_1.gstreamer
gst_all_1.gst-vaapi
gst_all_1.gst-rtsp-server
gst_all_1.gst-libav
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-bad
gst_all_1.gst-plugins-good
gst_all_1.gst-plugins-ugly
];
}

5
defaults/user-configuration/fhauser/security.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, pkgs, lib, ... }:
{
services.pcscd.enable = true;
}

174
defaults/user-configuration/fhauser/sway.nix Normal file
View file

@ -0,0 +1,174 @@
{ pkgs, lib, config, ... }: {
# environment.systemPackages = with pkgs; [ polkit_gnome ]; #TODO: Needed?
programs.sway.enable = true;
services.gnome3.gnome-remote-desktop.enable = true;
environment.systemPackages = with pkgs; [ pipewire_0_2 ];
systemd.user.services.pipewire.environment.XDG_CURRENT_DESKTOP = "sway";
systemd.user.services.xdg-desktop-portal-wlr.environment.XDG_CURRENT_DESKTOP =
"sway";
# systemd.user.services.xdg-desktop-portal-wlr.script = "${pkgs.xdg-desktop-portal-wlr}/libexec/xdg-desktop-portal-wlr";
# systemd.user.services.xdg-desktop-portal-wlr.scriptArgs = "--output=DP-1"; # TODO: Extract this *****
home-manager.users.fhauser = let
adhereTheSwayTarget = {
Install.WantedBy = lib.mkForce [ "sway-session.target" ];
Unit.PartOf = lib.mkForce [ "sway-session.target" ];
};
bemenuLauncher = pkgs.writeScriptBin "bemenuLauncher" ''
#!${pkgs.stdenv.shell}
active_screen=$(swaymsg -r -t get_outputs | \
${pkgs.jq}/bin/jq '. [] | select (.focused == true) | .name | split ("-") | last')
${pkgs.dmenu}/bin/dmenu_path | \
${pkgs.bemenu}/bin/bemenu -m $active_screen --list 20 --ignorecase --prompt 'Start: ' | \
xargs swaymsg exec --
'';
homeManagerConfig = config.home-manager.users.fhauser;
in rec {
home.packages = with pkgs; [
sway-contrib.grimshot
wl-clipboard
libappindicator
gnome3.defaultIconTheme
gnome2.gnome-icon-theme
hicolor-icon-theme # TODO: Move these requirements?
];
xsession.preferStatusNotifierItems = true;
wayland.windowManager.sway = {
enable = true;
systemdIntegration = true;
xwayland = true;
wrapperFeatures = { gtk = true; };
extraSessionCommands = ''
#export XDG_CURRENT_DESKTOP=Unity
export XDG_CURRENT_DESKTOP=sway
export XDG_SESSION_TYPE="wayland"
export _JAVA_AWT_WM_NONREPARENTING=1
export SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh # TODO: Migrate
export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
# TODO: QTpie
export WLR_DRM_NO_MODIFIERS=1;
'';
config = {
input = {
"type:keyboard" = {
xkb_layout = "ch,de";
xkb_options = "eurosign:e";
};
"*" = { xkb_numlock = "enable"; };
};
terminal = "${pkgs.alacritty}/bin/alacritty";
menu = "${bemenuLauncher}/bin/bemenuLauncher";
gaps.inner = 8;
modifier = "Mod4";
window.border = 0;
#colors.focused.border = "#323232";
#TODO: Workspace Programm assignment: Not working properly
assigns = {
"10" = [{ app_id = "^firefox$"; }];
"11" = [{ app_id = "^(claws-mail|thunderbird|evolution)$"; }];
"12" = [{
class = "^Chromium-browser$";
instance = "^web.threema.ch";
}];
"13" = [{ class = "^Spotify$"; }];
};
keybindings = let mod = wayland.windowManager.sway.config.modifier;
in lib.mkOptionDefault {
"${mod}+p" = "exec passbemenu";
"${mod}+x" = "move workspace to output right";
"${mod}+y" = "move workspace to output left";
"${mod}+section" = "workspace 0";
"${mod}+0" = "workspace 10";
"${mod}+apostrophe" = "workspace 11";
"${mod}+dead_circumflex" = "workspace 12";
"${mod}+dead_diaeresis" = "workspace 13";
"${mod}+dollar" = "workspace 14";
"${mod}+Shift+section" = "move container to workspace 0";
"${mod}+Shift+0" = "move container to workspace 10";
"${mod}+Shift+apostrophe" = "move container to workspace 11";
"${mod}+Shift+dead_circumflex" = "move container to workspace 12";
"${mod}+Shift+dead_diaeresis" = "move container to workspace 13";
"${mod}+Shift+dollar" = "move container to workspace 14";
"Ctrl+mod1+l" = "exec ${pkgs.systemd}/bin/loginctl lock-session";
"Ctrl+mod1+Shift+L" = "exec ${pkgs.systemd}/bin/systemctl suspend";
# pulse audio volume control
XF86AudioLowerVolume =
"exec pactl set-sink-volume '@DEFAULT_SINK@' '-3%'";
XF86AudioRaiseVolume =
"exec pactl set-sink-volume '@DEFAULT_SINK@' '+3%'";
XF86AudioMute = "exec pactl set-sink-mute '@DEFAULT_SINK@' 'toggle'";
XF86AudioMicMute =
"exec pactl set-source-mute '@DEFAULT_SOURCE@' 'toggle'";
# Spotify control
XF86AudioPause = "exec playerctl play-pause";
XF86AudioPlay = "exec playerctl play-pause";
XF86AudioNext = "exec playerctl next";
XF86AudioPrev = "exec playerctl previous";
# screen brightness
XF86MonBrightnessUp = "exec light -A 10";
XF86MonBrightnessDown = "exec light -U 5";
# screenshot
Print = "exec ${pkgs.sway-contrib.grimshot}/bin/grimshot copy area";
};
};
extraConfig = ''
# Disable the laptop screen when the lid is closed.
bindswitch --reload lid:on output eDP-1 disable
bindswitch --reload lid:off output eDP-1 enable
'';
};
# TODO: Move these services elsewhere
services.network-manager-applet.enable = true;
services.nextcloud-client.enable = true;
services.owncloud-client.enable = true;
services.pasystray.enable = true;
systemd.user.services.network-manager-applet = adhereTheSwayTarget;
systemd.user.services.nextcloud-client = adhereTheSwayTarget // {
# For trayicon to work:
Unit.After = [ "waybar.service" ];
Service = {
ExecStart =
lib.mkForce "${pkgs.nextcloud-client}/bin/nextcloud --background";
ExecStartPre = "${pkgs.coreutils}/bin/sleep 3";
Environment = lib.mkForce
"PATH=${homeManagerConfig.home.profileDirectory}/bin XDG_CURRENT_DESKTOP=Unity";
};
};
systemd.user.services.owncloud-client = adhereTheSwayTarget // {
# For trayicon to work:
Unit.After = [ "waybar.service" ];
Service = {
ExecStartPre = "${pkgs.coreutils}/bin/sleep 3";
Environment = lib.mkForce
"PATH=${homeManagerConfig.home.profileDirectory}/bin XDG_CURRENT_DESKTOP=Unity";
};
};
systemd.user.services.pasystray = adhereTheSwayTarget;
gtk = {
iconTheme = {
# package = pkgs.gnome-icon-theme;
# name = "gnome";
package = pkgs.hicolor_icon_theme;
name = "hicolor";
};
gtk3.extraConfig.gtk-menu-images = true;
};
dconf.settings = { "org/gnome/desktop/interface".menus-have-icons = true; };
};
}

4
defaults/user-configuration/fhauser/work/android-studio.nix Normal file
View file

@ -0,0 +1,4 @@
{ pkgs, ... }: {
programs.adb.enable = true;
users.users.fhauser.extraGroups = [ "adbusers" ];
}

6
defaults/user-configuration/fhauser/work/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ config, pkgs, lib, ... }:
{
imports = [ ./android-studio.nix ./openvpn.nix ];
}

73
defaults/user-configuration/fhauser/work/openvpn.nix Normal file
View file

@ -0,0 +1,73 @@
{ pkgs, lib, ... }: {
services.openvpn.servers.threema = let
cafile = pkgs.writeTextFile {
name = "threema-vpn-ca.crt";
text = ''
-----BEGIN CERTIFICATE-----
MIIDMjCCAhqgAwIBAgIJANmI9BYPseTxMA0GCSqGSIb3DQEBCwUAMBUxEzARBgNV
BAMMCk9wZW5WUE4gQ0EwHhcNMTkwNTE1MTQzOTM0WhcNMjkwNTEyMTQzOTM0WjAV
MRMwEQYDVQQDDApPcGVuVlBOIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA7NaiObgz2L5wmGIgOWUe1n6Q1g6Y5CYsrMQI8yhIDqKSx0fTL9eT2hvn
zThnltxKJRVTn0qGPf/7QF6WzjIXfKSJH5Cb+OKgYmqfRI2TW+ncqyJCaa3Fl9lI
VgU4knro6Cp9dhNhrNmRoRFvZ/17noB4+WPds7EgRObDi2ERuwAbONgz56J2Rea6
RHVL6HMFY7v8Zp8B/MnzSba/OSJC7RXCuCs6qNOgJOoHnp5PnsB3V40mszy4h/0Q
jVbBdZ3K4rEjNiawhCOetXhgHSaVGH4MP5oWrAN4UiI+IIfz6Ywz5mc7F6yBZa/e
aCG+r2bMUIepVPE25AUfuZ6O8+0+iwIDAQABo4GEMIGBMB0GA1UdDgQWBBQDHenu
05GGgcztJ1FCUWQlbYxGLjBFBgNVHSMEPjA8gBQDHenu05GGgcztJ1FCUWQlbYxG
LqEZpBcwFTETMBEGA1UEAwwKT3BlblZQTiBDQYIJANmI9BYPseTxMAwGA1UdEwQF
MAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQDTQtMeER20/3r/
Zn+IRpIEJh/ITxEE6kKCKo59wwVEFA0Ba+7d+BslFTCPhADM2p0AzPt5OSEo0A2N
nWGL3hhBPcnrBTFUma58gGz++v5Oy8GpfaCoXjCqfANjAbApY0JCCSWb1BJWkhXt
vDMlVXv6UzfF4HCeEQCof4QcW8ca4csrOceW76S7Cc3Or4iyTXKQrZ5PKy081CfV
sTLgGMQX4kZT9MBg13wDj0WkdJaWxQ2C73/me/YypcctN7t1wy7pUx33rEE1xh/o
9fsKcFs0qqYKRUY8AnghhuimBrkHoqUcdrG/6WO7+hbipxIDStm4Qbnptde3fhJT
rGUhGexA
-----END CERTIFICATE-----
'';
};
in {
autoStart = false;
config = ''
remote vpn.threema.ch 38417 tcp-client
nobind
dev tun
persist-tun
persist-key
pull
auth-user-pass
tls-client
ca ${cafile}
remote-cert-tls server
route 10.83.0.0 255.255.0.0 default default
route 10.90.0.0 255.255.0.0 default default
#route 5.148.175.192 255.255.255.224 default default
#route 5.148.189.192 255.255.255.224 default default
route 192.168.11.0 255.255.255.0 default default
route 192.168.13.0 255.255.255.0 default default
route 136.243.104.147 255.255.255.255 default default
route 193.70.13.37 255.255.255.255 default default
route 95.211.228.137 255.255.255.255 default default
route 5.148.189.112 255.255.255.240 default default
route 185.88.236.64 255.255.255.192 default default
route 212.103.68.0 255.255.255.192 default default
route 185.88.236.98 255.255.255.255 net_gateway default
route 5.148.189.116 255.255.255.255 net_gateway default
dhcp-option DNS 185.88.236.100
dhcp-option DNS 212.103.68.20
reneg-bytes 0
auth-nocache
tls-cipher DEFAULT
cipher AES-128-CBC
#data-ciphers AES-128-CBC # TODO: Enable with openvpn 2.5
reneg-sec 0
remap-usr1 SIGTERM
'';
updateResolvConf = true;
};
systemd.services.openvpn-threema.serviceConfig.Restart = lib.mkForce "no";
}

20
hardware/amd-board.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"xhci_pci"
"ahci"
"virtio-pci"
"igb"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
hardware.cpu.amd.updateMicrocode = true;
nix.maxJobs = lib.mkDefault 24;
}

33
hardware/thinkpad-p14s.nix Normal file
View file

@ -0,0 +1,33 @@
{ config, lib, pkgs, modulesPath, ... }: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
<nixos-hardware/lenovo/thinkpad/t14>
<nixos-hardware/common/cpu/intel>
<nixos-hardware/common/pc/ssd>
<nixos-hardware/common/pc/laptop>
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.kernelModules = [ "kvm-intel" ];
# Ignore Alcor smartcard (gpg is not very smart)
# See https://ludovicrousseau.blogspot.com/2015/12/remove-andor-customize-pcsc-reader-names.html
systemd.services.pcscd.environment.PCSCLITE_FILTER_IGNORE_READER_NAMES =
"Alcor";
hardware.video.hidpi.enable = true;
# CPU Configuration
hardware.cpu.intel.updateMicrocode = true;
services.throttled.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}

25
hardware/thinkpad-t470s.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, modulesPath, ... }: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
<nixos-hardware/lenovo/thinkpad/t470s>
<nixos-hardware/common/pc/ssd>
<nixos-hardware/common/pc/laptop>
];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
# Ignore Alcor smartcard (gpg is not very smart)
# See https://ludovicrousseau.blogspot.com/2015/12/remove-andor-customize-pcsc-reader-names.html
#systemd.services.pcscd.environment.PCSCLITE_FILTER_IGNORE_READER_NAMES =
# "Alcor";
hardware.video.hidpi.enable = true;
# CPU Configuration
hardware.cpu.intel.updateMicrocode = true;
services.throttled.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}

42
host/federispitz/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ config, pkgs, ... }: {
imports = [
./filesystems.nix
./networking.nix
#./printing.nix
#./backup.nix #TODO: Extract applications from desktop role
../../hardware/thinkpad-t470s.nix
../../defaults/base
../../defaults/cifs-auth-fix
../../defaults/desktop
#../../defaults/games
../../defaults/user-configuration
../../defaults/user-configuration/fhauser
#../../defaults/printing
];
#TODO: Clean up next section
services.xserver.dpi = 180;
virtualisation = { # TODO: This should probably be somewhere else.
docker = {
enable = true;
enableOnBoot = false;
};
libvirtd.enable = true;
};
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# This value determines the NixOS release from which the default
# settings for stateful data, like fi:le locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}

30
host/federispitz/filesystems.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, pkgs, lib, ... }: {
boot.initrd.luks.devices = {
"root".device = "/dev/disk/by-uuid/660b61d1-971d-4acc-9577-68a491eaf63b";
"swap".device = "/dev/disk/by-uuid/350eebba-6641-46a0-be1d-a7197157b704";
};
fileSystems = {
"/" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "subvol=nixos" ];
};
"/home" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "subvol=home" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/F2EF-1BBF";
fsType = "vfat";
};
};
swapDevices = [{ device = "/dev/mapper/swap"; }];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

26
host/federispitz/networking.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, ... }:
{
networking = {
networkmanager.enable = true;
useDHCP = false;
#wireless.enable = true; # Enables wireless support via wpa_supplicant.
hostName = "federispitz";
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
#networking.wireguard.enable = true;
#networking.wireguard.interfaces = let
# meta = import ../../meta;
# vnetworks = meta.network.virtual;
# vnetworkName = "mgmt";
#in {
# "wg-${vnetworkName}" =
# pkgs.lib.qois.wireguard.makeInterface config.networking.hostName
# vnetworkName vnetworks.${vnetworkName};
#};
}

16
host/federispitz/printing.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, pkgs, ... }:
{
hardware.printers.ensureDefaultPrinter = "hsr-mfp-8261";
hardware.printers.ensurePrinters = [{
name = "hsr-mfp-8261";
deviceUri = "smb://hsr.ch/printsrv-d.hsr.ch/d8261-a4mfp";
location = "HSR 8.261";
model = "HP/hp-color_laserjet_mfp_m577-ps.ppd.gz";
ppdOptions = {
Duplex = "DuplexNoTumble";
PageSize = "A4";
auth-info-required = "username,password";
};
}];
}

30
host/hummelberg-old/default.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, pkgs, ... }: {
imports = [
./filesystems.nix
./networking.nix
./printing.nix
#./backup.nix #TODO: Extract applications from desktop role
../../hardware/dell-precision-3530.nix
../../defaults/base
../../defaults/cifs-auth-fix
../../defaults/desktop
../../defaults/development-tools
../../defaults/games
../../defaults/printing
];
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.03"; # Did you read the comment?
}

64
host/hummelberg-old/filesystems.nix Normal file
View file

@ -0,0 +1,64 @@
{ config, pkgs, lib, ... }:
let
networkShares = let
hsr_options = [
"defaults"
"noauto"
#"iocharset=utf8"
"soft"
"user=fhauser"
"domain=hsr.ch"
"uid=1000"
"gid=1000"
];
hsr_share = share_name:
{ domain ? "hsr.ch/root", path ? share_name, extra_options ? [ ] }:
lib.nameValuePair "/mnt/hsr/${share_name}" {
device = "//${domain}/${path}";
fsType = "cifs";
options = hsr_options ++ extra_options;
noCheck = true;
};
in lib.mapAttrs' hsr_share {
"skripte".path = "alg/skripte";
"scratch".path = "alg/scratch";
"fhauser".domain = "c101.hsr.ch";
#"fabian.hauser".domain = "svm-c113.ost.ch"; # User!
"afe" = { };
"auw" = { };
"ebooks" = {
path = "alg/ebooks";
extra_options = [ "ro" ];
};
};
in {
boot.initrd.luks.devices = {
"root".device = "/dev/disk/by-uuid/28d2914f-c053-40a8-ad90-f2743190c772";
"swap".device = "/dev/disk/by-uuid/ed89158d-4460-4012-86d7-f8761127371c";
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35";
fsType = "btrfs";
options = [ "subvol=nixos" ];
};
"/home" = {
device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35";
fsType = "btrfs";
options = [ "subvol=home" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/E86E-3C6C";
fsType = "vfat";
};
} // networkShares;
swapDevices = [{ device = "/dev/mapper/swap"; }];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

26
host/hummelberg-old/networking.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, ... }:
{
networking = {
networkmanager.enable = true;
useDHCP = false;
#wireless.enable = true; # Enables wireless support via wpa_supplicant.
hostName = "hummelberg";
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networking.wireguard.enable = true;
networking.wireguard.interfaces = let
meta = import ../../meta;
vnetworks = meta.network.virtual;
vnetworkName = "mgmt";
in {
"wg-${vnetworkName}" =
pkgs.lib.qois.wireguard.makeInterface config.networking.hostName
vnetworkName vnetworks.${vnetworkName};
};
}

16
host/hummelberg-old/printing.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, pkgs, ... }:
{
hardware.printers.ensureDefaultPrinter = "hsr-mfp-8261";
hardware.printers.ensurePrinters = [{
name = "hsr-mfp-8261";
deviceUri = "smb://hsr.ch/printsrv-d.hsr.ch/d8261-a4mfp";
location = "HSR 8.261";
model = "HP/hp-color_laserjet_mfp_m577-ps.ppd.gz";
ppdOptions = {
Duplex = "DuplexNoTumble";
PageSize = "A4";
auth-info-required = "username,password";
};
}];
}

26
host/hummelberg/default.nix
View file

@ -3,28 +3,40 @@
imports = [ imports = [
./filesystems.nix ./filesystems.nix
./networking.nix ./networking.nix
./printing.nix #./printing.nix
#./backup.nix #TODO: Extract applications from desktop role #./backup.nix #TODO: Extract applications from desktop role
../../hardware/dell-precision-3530.nix ../../hardware/thinkpad-p14s.nix
../../defaults/base ../../defaults/base
../../defaults/cifs-auth-fix ../../defaults/cifs-auth-fix
../../defaults/desktop ../../defaults/desktop
../../defaults/development-tools #../../defaults/games
../../defaults/games ../../defaults/user-configuration
../../defaults/printing ../../defaults/user-configuration/fhauser
#../../defaults/printing
]; ];
#TODO: Clean up next section
services.xserver.dpi = 180;
virtualisation = { # TODO: This should probably be somewhere else.
docker = {
enable = true;
enableOnBoot = false;
};
libvirtd.enable = true;
};
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like fi:le locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.03"; # Did you read the comment? system.stateVersion = "20.09"; # Did you read the comment?
} }

48
host/hummelberg/filesystems.nix
View file

@ -1,59 +1,25 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
let
networkShares = let
hsr_options = [
"defaults"
"noauto"
#"iocharset=utf8"
"soft"
"user=fhauser"
"domain=hsr.ch"
"uid=1000"
"gid=1000"
];
hsr_share = share_name:
{ domain ? "hsr.ch/root", path ? share_name, extra_options ? [ ] }:
lib.nameValuePair "/mnt/hsr/${share_name}" {
device = "//${domain}/${path}";
fsType = "cifs";
options = hsr_options ++ extra_options;
noCheck = true;
};
in lib.mapAttrs' hsr_share {
"skripte".path = "alg/skripte";
"scratch".path = "alg/scratch";
"fhauser".domain = "c101.hsr.ch";
#"fabian.hauser".domain = "svm-c113.ost.ch"; # User!
"afe" = { };
"auw" = { };
"ebooks" = {
path = "alg/ebooks";
extra_options = [ "ro" ];
};
};
in {
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
"root".device = "/dev/disk/by-uuid/28d2914f-c053-40a8-ad90-f2743190c772"; "root".device = "/dev/disk/by-uuid/fae1b81e-894c-47b4-92e5-0a817fd6f66f";
"swap".device = "/dev/disk/by-uuid/ed89158d-4460-4012-86d7-f8761127371c"; "swap".device = "/dev/disk/by-uuid/dc1fe9ff-7eb7-40c3-8fbd-d99398e5e5d6";
}; };
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35"; device = "/dev/mapper/root";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=nixos" ]; options = [ "subvol=nixos" ];
}; };
"/home" = { "/home" = {
device = "/dev/disk/by-uuid/6396b6eb-a7e6-430c-8c97-970404f88b35"; device = "/dev/mapper/root";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=home" ]; options = [ "subvol=home" ];
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-uuid/E86E-3C6C"; device = "/dev/disk/by-uuid/1FB9-3DB0";
fsType = "vfat"; fsType = "vfat";
}; };
} // networkShares; };
swapDevices = [{ device = "/dev/mapper/swap"; }]; swapDevices = [{ device = "/dev/mapper/swap"; }];

20
host/hummelberg/networking.nix
View file

@ -13,14 +13,14 @@
# networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
networking.wireguard.enable = true; #networking.wireguard.enable = true;
networking.wireguard.interfaces = let #networking.wireguard.interfaces = let
meta = import ../../meta; # meta = import ../../meta;
vnetworks = meta.network.virtual; # vnetworks = meta.network.virtual;
vnetworkName = "mgmt"; # vnetworkName = "mgmt";
in { #in {
"wg-${vnetworkName}" = # "wg-${vnetworkName}" =
pkgs.lib.qois.wireguard.makeInterface config.networking.hostName # pkgs.lib.qois.wireguard.makeInterface config.networking.hostName
vnetworkName vnetworks.${vnetworkName}; # vnetworkName vnetworks.${vnetworkName};
}; #};
} }

1
host/lindberg/filesystems.nix
View file

@ -1,5 +1,6 @@
{ config, pkgs, ... }: { { config, pkgs, ... }: {
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
"system".device = "/dev/disk/by-uuid/ba646016-2618-4d9b-acf2-41986ab76f7e"; "system".device = "/dev/disk/by-uuid/ba646016-2618-4d9b-acf2-41986ab76f7e";
"data".device = "/dev/disk/by-uuid/6cfe504d-992f-4b11-be3e-31d00c3e108d"; "data".device = "/dev/disk/by-uuid/6cfe504d-992f-4b11-be3e-31d00c3e108d";

42
host/speer/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ config, pkgs, ... }: {
imports = [
./filesystems.nix
./networking.nix
#./printing.nix
#./backup.nix #TODO: Extract applications from desktop role
../../hardware/amd-board.nix
../../defaults/base
../../defaults/cifs-auth-fix
../../defaults/desktop
../../defaults/games
../../defaults/user-configuration
../../defaults/user-configuration/fhauser
#../../defaults/printing
];
#TODO: Clean up next section
#services.xserver.dpi = 180;
virtualisation = { # TODO: This should probably be somewhere else.
docker = {
enable = true;
enableOnBoot = false;
};
libvirtd.enable = true;
};
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# This value determines the NixOS release from which the default
# settings for stateful data, like fi:le locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}

29
host/speer/filesystems.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, pkgs, lib, ... }: {
boot.initrd.luks.devices.system.device =
"/dev/disk/by-uuid/bf353bb1-43bf-453f-ae7e-0fa9b4d8778c";
boot.initrd.kernelModules = [ "dm-snapshot" ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/661ad230-72da-4326-bb3a-4965006475f8";
fsType = "btrfs";
options = [ "subvol=nixos" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/661ad230-72da-4326-bb3a-4965006475f8";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/A5C5-1372";
fsType = "vfat";
};
swapDevices = [ ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
}

26
host/speer/networking.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, ... }:
{
networking = {
networkmanager.enable = true;
useDHCP = false;
#wireless.enable = true; # Enables wireless support via wpa_supplicant.
hostName = "speer";
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
#networking.wireguard.enable = true;
#networking.wireguard.interfaces = let
# meta = import ../../meta;
# vnetworks = meta.network.virtual;
# vnetworkName = "mgmt";
#in {
# "wg-${vnetworkName}" =
# pkgs.lib.qois.wireguard.makeInterface config.networking.hostName
# vnetworkName vnetworks.${vnetworkName};
#};
}

16
host/speer/printing.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, pkgs, ... }:
{
hardware.printers.ensureDefaultPrinter = "hsr-mfp-8261";
hardware.printers.ensurePrinters = [{
name = "hsr-mfp-8261";
deviceUri = "smb://hsr.ch/printsrv-d.hsr.ch/d8261-a4mfp";
location = "HSR 8.261";
model = "HP/hp-color_laserjet_mfp_m577-ps.ppd.gz";
ppdOptions = {
Duplex = "DuplexNoTumble";
PageSize = "A4";
auth-info-required = "username,password";
};
}];
}

28
meta/users.nix
View file

@ -1,7 +1,8 @@
{ {
groups = { groups = {
fhauser.gid = 1000; fhauser.gid = 1000;
das-g.gid = 1001; #TODO
#das-g.gid = 1001;
empty0.gid = 1003; empty0.gid = 1003;
}; };
@ -19,18 +20,19 @@
]; ];
}; };
das-g = { #TODO
uid = 1001; #das-g = {
isNormalUser = true; # uid = 1001;
description = "Raphael Das Gupta"; # isNormalUser = true;
group = "das-g"; # description = "Raphael Das Gupta";
extraGroups = [ "wheel" ]; # group = "das-g";
hashedPassword = # extraGroups = [ "wheel" ];
"$6$rounds=37000$omA92cfwup$Ri9FXHbeOUIIDKf83D6UNa5NWGac.G9A3voJmrivwkVtaDGVMGLIa5qdgkaDeCKoMkl8YRjJ7smEyrMwTnuRD0"; # hashedPassword =
openssh.authorizedKeys.keys = [ # "$6$rounds=37000$omA92cfwup$Ri9FXHbeOUIIDKf83D6UNa5NWGac.G9A3voJmrivwkVtaDGVMGLIa5qdgkaDeCKoMkl8YRjJ7smEyrMwTnuRD0";
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRWDaUzbDyCNee/K8iCcXtoLrR0fZoGpXAV4f/CjB8kKb42lWKWXc67Juy0RnRVCZQc21ooApuQPJZ08Cawj9Okgz0j3vYdMnDBY1Ox9Ik12hzbpdLDHhOrIj3BOJuAKfFy5OM9Z2ZLwdvjXFk+1RQK1Qadd3PwtGjxLAgp5eBHj8TgUP8DXKGQQElphjfVLua4ufqoTldT1mrmDn/+GDgNY5HUTQb+YZ6AwjcemG+eAdG30Al1JRkOogke83hIXBVNCD9ObPtRv/KiAZv3TV8bgP2mzeeG2aDDb9qz8HXKvBlbN2ouz0cWTA5D5+Ua+wkOggEfhfPKBauF9sbQ8bRuknWm8VnuVXkikzdYZVGKdzvoHRdOfoTCL4JHzpGW6H3jVqdQuGTv5r28y/jxbDY95w6KmxLS+2u8SHVBh6hVAxf5i3P8aIHkOTEN//SyS/fa1uXHSQt0sVya2+4pTsCQfwWjE3TrQg6W6bmguVMjaICze5wWwckap+57jKbK9sPCuLFfYPwOvQ3nfb6wwNBhvNxmD9xGfk8/UzXsoq6OgPvF7GE5UWA04GHCnF4H0tEAQBK0vsjKxqC2lM8nK9msbqkSxadIFYqiG1+DAZyju3uZgkkInev8dh02yNsVJKYoCm60PWaMTLeVsrYZuvNDWXsXm7+nD02wWI0lxnkVw== das-g@x1carbon" # openssh.authorizedKeys.keys = [
]; # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRWDaUzbDyCNee/K8iCcXtoLrR0fZoGpXAV4f/CjB8kKb42lWKWXc67Juy0RnRVCZQc21ooApuQPJZ08Cawj9Okgz0j3vYdMnDBY1Ox9Ik12hzbpdLDHhOrIj3BOJuAKfFy5OM9Z2ZLwdvjXFk+1RQK1Qadd3PwtGjxLAgp5eBHj8TgUP8DXKGQQElphjfVLua4ufqoTldT1mrmDn/+GDgNY5HUTQb+YZ6AwjcemG+eAdG30Al1JRkOogke83hIXBVNCD9ObPtRv/KiAZv3TV8bgP2mzeeG2aDDb9qz8HXKvBlbN2ouz0cWTA5D5+Ua+wkOggEfhfPKBauF9sbQ8bRuknWm8VnuVXkikzdYZVGKdzvoHRdOfoTCL4JHzpGW6H3jVqdQuGTv5r28y/jxbDY95w6KmxLS+2u8SHVBh6hVAxf5i3P8aIHkOTEN//SyS/fa1uXHSQt0sVya2+4pTsCQfwWjE3TrQg6W6bmguVMjaICze5wWwckap+57jKbK9sPCuLFfYPwOvQ3nfb6wwNBhvNxmD9xGfk8/UzXsoq6OgPvF7GE5UWA04GHCnF4H0tEAQBK0vsjKxqC2lM8nK9msbqkSxadIFYqiG1+DAZyju3uZgkkInev8dh02yNsVJKYoCm60PWaMTLeVsrYZuvNDWXsXm7+nD02wWI0lxnkVw== das-g@x1carbon"
}; # ];
#};
rzimmermann = { rzimmermann = {
uid = 1002; uid = 1002;