init commit - working on easyroam

.gitattributes

@@ -0,0 +1 @@
+secrets/** filter=git-crypt diff=git-crypt

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "nixEnvSelector.nixFile": "${workspaceFolder}/configuration.nix"
+}

configuration.nix

@@ -0,0 +1,193 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page, on
+# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
+
+{ config, lib, pkgs, allowed, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  # boot.loader.systemd-boot.enable = false;
+  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.grub = {
+    enable = true;
+#    device = "/dev/nvme0n1p1";
+    device = "nodev";
+    # useOSProber = true;
+    efiSupport = true;
+  };
+  
+
+  networking.hostName = "NxXPS"; # Define your hostname.
+  # Pick only one of the below networking options.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    keyMap = "de";
+#    useXkbConfig = true; # use xkb.options in tty.
+  };
+
+  # Enable the X11 windowing system.
+  services.xserver.enable = true;
+
+
+  
+
+  # Configure keymap in X11
+  services.xserver.xkb.layout = "de";
+  services.xserver.xkb.options = "eurosign:e,caps:escape";
+
+  # Enable CUPS to print documents.
+  services.printing.enable = true;
+
+  # Enable sound.
+  #sound.enable = true;
+  #hardware.pulseaudio.enable = true;
+
+  # rtkit is optional but recommended
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    jack.enable = true;
+  };
+
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.xserver.libinput.enable = true;
+  hardware.uinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.defaultUserShell = pkgs.fish;
+
+  users.users.nx2 = {
+    isNormalUser = true;
+    extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" ];
+    useDefaultShell = true;
+    packages = with pkgs; []; # all in home.nix
+  };
+
+  nixpkgs.config = {
+    allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages;
+    permittedInsecurePackages = [
+      "electron-25.9.0"
+    ];
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    ntfs3g
+    fish
+    starship
+    git
+    git-crypt
+    wget
+    curl
+    killall
+    nano
+    micro
+    yazi
+    bat
+    du-dust
+    htop
+    eza
+    zoxide
+    neofetch
+    direnv
+    openssl
+  ];
+
+  environment.sessionVariables = rec {
+    XDG_CACHE_HOME  = "$HOME/.cache"; 
+    GTK_THEME = "Adwaita-Dark";
+  };
+  environment.variables = rec {
+    XDG_CACHE_HOME  = "$HOME/.cache"; 
+    GTK_THEME = "Adwaita-Dark";
+  };
+
+
+  fonts.packages = with pkgs; [
+    noto-fonts
+    noto-fonts-cjk
+    noto-fonts-emoji
+    atkinson-hyperlegible
+    (nerdfonts.override { fonts = [ "CascadiaCode" ]; })
+
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+  programs.fish = {
+    enable = true;
+  };
+  programs.hyprland = {
+    enable = true;
+    xwayland.enable = true; 
+  };
+
+
+
+
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "23.11"; # Did you read the comment?
+
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+}
+

flake.lock

@@ -0,0 +1,48 @@
+{
+  "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1706981411,
+        "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-23.11",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1709569716,
+        "narHash": "sha256-iOR44RU4jQ+YPGrn+uQeYAp7Xo7Z/+gT+wXJoGxxLTY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "617579a787259b9a6419492eaac670a5f7663917",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-23.11",
+        "type": "indirect"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,47 @@
+{
+  description = "A Flake lol";
+ 
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-23.11";
+    home-manager.url = "github:nix-community/home-manager/release-23.11";
+    home-manager.inputs.nixpkgs.follows = "nixpkgs";
+  };
+  
+  outputs = { self, nixpkgs, home-manager, ... }:
+  let
+    system = "x86_64-linux";
+    pkgs = nixpkgs.legacyPackages.${system};
+    user = "nx2";
+    allowed = {
+      unfree-packages = [
+        "spotify"
+        "obsidian"
+        "zoom-us"
+      ];
+      inecure-packages = [
+        "electron-25.9.0"
+      ];
+    };
+    secrets = import ./secrets/passwords-and-certificates.nix
+  in 
+  {
+    nixosConfigurations = {
+      NxXPS = nixpkgs.lib.nixosSystem {
+        inherit system;
+        modules = [
+          ./configuration.nix 
+        ];
+        specialArgs = {inherit user allowed secrets;};
+      };
+    };
+
+    homeConfigurations = {
+      nx2 = home-manager.lib.homeManagerConfiguration {
+        inherit pkgs;
+        modules = [ ./home.nix ];
+        extraSpecialArgs = {inherit user allowed secrets;};
+      };
+    };
+
+  };
+}

hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/9770465e-6b0e-40ec-944a-953fe71cf47a";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/0A97-7A2D";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

home.nix

@@ -0,0 +1,370 @@
+{ config, pkgs, lib, allowed, ... }:
+
+{
+  imports = [
+     # Make vscode settings writable
+    (import (builtins.fetchurl {
+      url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/mutability.nix";
+      sha256 = "4b5ca670c1ac865927e98ac5bf5c131eca46cc20abf0bd0612db955bfc979de8";
+    }) { inherit config lib; })
+
+    (import (builtins.fetchurl {
+      url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/vscode.nix";
+      sha256 = "fed877fa1eefd94bc4806641cea87138df78a47af89c7818ac5e76ebacbd025f";
+    }) { inherit config lib pkgs; })
+  ];
+
+  home.username = "nx2";
+  home.homeDirectory = "/home/nx2";
+
+  home.stateVersion = "23.11";
+
+  nixpkgs.config = {
+    allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages;
+    permittedInsecurePackages = allowed.inecure-packages;
+  };
+
+  security.pki.certificates = nxPwCa.easyroamCa;
+
+  home.packages = with pkgs; [
+    firefox chromium
+    vscodium gimp inkscape
+    kitty
+    zathura remmina
+    vesktop thunderbird element-desktop # zoom-us
+    obsidian
+    spotify spicetify-cli
+    obs-studio bitwarden
+    hyprland-protocols waybar swww hyprland-autoname-workspaces rofi wlogout imv mpv
+    pavucontrol fontpreview gtk2fontsel
+    lynx tldr fzf
+    libinput-gestures dotool wev gnome.nautilus gnome.gnome-themes-extra gnome.adwaita-icon-theme gnome.gnome-tweaks gtk3 gtk4 lxappearance
+    element sssnake pipes
+
+
+
+    # # You can also create simple shell scripts directly inside your
+    # # configuration. For example, this adds a command 'my-hello' to your
+    # # environment:
+    (pkgs.writeShellScriptBin "nx_connect_to_pnx" ''
+      cd /home/nx2/PNX/vpn
+      sudo openvpn /home/nx2/PNX/vpn/firewall_phoenix_1_local_RW_Phoenix.ovpn
+    '')
+  ];
+
+
+  xdg.mimeApps = {
+    enable =  true;
+    defaultApplications = {
+      "default-web-browser" = [ "firefox.desktop" ];
+      "text/html" = [ "firefox.desktop" ];
+      "x-scheme-handler/http" = [ "firefox.desktop" ];
+      "x-scheme-handler/https" = [ "firefox.desktop" ];
+      "x-scheme-handler/about" = [ "firefox.desktop" ];
+      "x-scheme-handler/unknown" = [ "firefox.desktop" ];
+      "image/png" = "imv.desktop";
+      "image/gif" = "feh.desktop";
+    };
+  };
+
+
+
+  # systemd.user.services = {
+  #   ydotoold = {
+  #     Unit = {
+  #       Description = "An auto-input utility for wayland";
+  #       Documentation = [ "man:ydotool(1)" "man:ydotoold(8)" ];
+  #     };
+    
+  #     Service = {
+  #       ExecStart = "/run/current-system/sw/bin/ydotoold --socket-path /tmp/ydotool_socket ";
+  #     };
+
+  #     Install = {
+  #       WantedBy = ["default.target"];
+  #     };
+  #   };
+  # };
+
+
+  # Home Manager is pretty good at managing dotfiles. The primary way to manage
+  # plain files is through 'home.file'.
+  home.file = {
+
+    # ".config/libinput/gestures".text = ''
+      # # Swipe threshold (0-100)
+      # swipe_threshold 0
+
+      # # Gestures
+      # gesture swipe left 3 ydotool key 276:1 276:0
+      # gesture swipe right 3 ydotool key 275:1 275:0
+    # '' 
+    ".config/libinput/gestures".text = ''
+      # Swipe threshold (0-100)
+      swipe_threshold 0
+
+      # Gestures
+      gesture swipe left 3 echo key k:276 | dotool
+      gesture swipe right 3 echo key k:275 | dotool
+    '';
+
+    ".config/hyprland-autoname-workspaces/config.toml".text = ''
+      version = "1.1.13"
+
+      [class]
+      Signal = "󱅵"
+      DEFAULT = "{class}"
+      libreoffice-writer = ""
+      pavucontrol = "󰕾"
+      "epicgameslauncher.exe" = "󰯷"
+      "riotclientux.exe" = "󰰌"
+      "[Cc]ode" = "󰨞"
+      VirtualBox = ""
+      KiCad = ""
+      Gimp = ""
+      code-oss = "󰨞"
+      VSCodium = "󰨞"
+      Alacritty = ""
+      kitty = ""
+      vesktop = "󰙯"
+      "cyberpunk2077.exe" = "󰾲"
+      "Tor Browser" = "󰾔"
+      "[Tt]hunderbird" = ""
+      Element = "󰘨"
+      blueman-manager = "󰂯"
+      obsidian = "󰠮"
+      libreoffice-calc = ""
+      zoom = "󰬡"
+      mpv = ""
+      chatterino = ""
+      "com.obsproject.Studio" = ""
+      "leagueclientux.exe" = "󰰌"
+      "[sS]potify" = ""
+      "org.remmina.Remmina" = "󰢹"
+      steam = "󰓓"
+      "galaxyclient.exe" = "󰮡"
+      "[Ff]irefox" = "󰈹"
+      pcbnew = ""
+      ".*.exe" = ""
+      Chromium = ""
+      virt-manager = ""
+      Bitwarden = ""
+      "[tT]hunar" = ""
+      zathura = "󰈦"
+      discord = "󰙯"
+      "VirtualBox Manager" = ""
+      "org.inkscape.Inkscape" = "󰕙"
+      "VirtualBox Machine" = ""
+      lutris = "󰊗"
+      "[gG]imp-.*" = ""
+
+      [class_active]
+      "(?i)ExampleOneTerm" = "icon"
+
+      [initial_class]
+
+      [initial_class_active]
+
+      [workspaces_name]
+      10 = "ten"
+      4 = "four"
+      8 = "eight"
+      9 = "nine"
+      6 = "six"
+      1 = "one"
+      3 = "three"
+      2 = "two"
+      0 = "zero"
+      7 = "seven"
+      5 = "five"
+
+      [title_in_class]
+      [title_in_class_active]
+      [title_in_initial_class]
+      [title_in_initial_class_active]
+      [initial_title_in_class]
+      [initial_title_in_class_active]
+      [initial_title_in_initial_class]
+      [initial_title_in_initial_class_active]
+
+      [exclude]
+      "(?i)fcitx" = ".*"
+      aProgram = "^$"
+      "ueberzug.*" = ""
+      "" = "^$"
+      "[Ss]team" = "^(Friends List.*)?$"
+      "explorer.exe" = ".*"
+      "(?i)TestApp" = ""
+
+      [format]
+      dedup = false
+      dedup_inactive_fullscreen = false
+      delim = " "
+      workspace = "{id}: {clients}"
+      workspace_empty = "{id}"
+      client = "{icon}"
+      client_fullscreen = "{icon}"
+      client_active = "{icon}"
+      client_dup = "{icon}{counter_sup}"
+      client_dup_active = "*{icon}*{delim}{icon}{counter_unfocused_sup}"
+      client_dup_fullscreen = "[{icon}]{delim}{icon}{counter_unfocused_sup}"
+    '';
+  };
+
+  # Home Manager can also manage your environment variables through
+  # 'home.sessionVariables'. If you don't want to manage your shell through Home
+  # Manager then you have to manually source 'hm-session-vars.sh' located at
+  # either
+  #
+  #  ~/.nix-profile/etc/profile.d/hm-session-vars.sh
+  #
+  # or
+  #
+  #  /etc/profiles/per-user/nx2/etc/profile.d/hm-session-vars.sh
+  #
+  # home.sessionVariables = {
+  systemd.user.sessionVariables = {
+    EDITOR = "micro";
+    BROWSER = "firefox";
+    # YDOTOOL_SOCKET = "/tmp/ydotool_socket";
+  };
+
+
+
+
+
+
+  #https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/applications/editors/vscode/extensions/default.nix#L1539
+  programs.vscode = {
+    enable = true;
+    package = pkgs.vscodium;
+    extensions = with pkgs.vscode-extensions; [
+      jnoortheen.nix-ide
+      viktorqvarfordt.vscode-pitch-black-theme
+      ms-python.python
+      ms-python.black-formatter
+      redhat.vscode-yaml
+      redhat.vscode-xml
+      ms-python.python
+      mhutchie.git-graph
+      github.vscode-pull-request-github
+      esbenp.prettier-vscode
+      gencer.html-slim-scss-css-class-completion
+      donjayamanne.githistory
+      mads-hartmann.bash-ide-vscode
+
+      #jeanp413.open-remote-ssh
+      # ms-vscode-remote.remote-ssh
+    # ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
+      # {
+        # name = "remote-ssh-edit";
+        # publisher = "ms-vscode-remote";
+        # version = "0.47.2";
+        # sha256 = "1hp6gjh4xp2m1xlm1jsdzxw9d8frkiidhph6nvl24d0h8z34w49g";
+      # }
+    ];
+    userSettings = {
+      workbench.colorTheme = "Just Black";
+      editor.fontFamily = "'CaskaydiaCove Nerd Font', 'monospace', monospace";
+    };
+    enableUpdateCheck = false;
+    enableExtensionUpdateCheck = false;
+    keybindings = [
+      {
+        key = "ctrl+d";
+        command = "editor.action.deleteLines";
+        when = "textInputFocus";
+      }
+      {
+        key = "ctrl+shift+d";
+        command = "editor.action.duplicateSelection";
+        when = "textInputFocus";
+      }
+      { # unset so that ctrl d is not set twice
+        key = "";
+        command = "editor.action.addSelectionToNextFindMatch";
+        when = "editorFocus";
+      }
+      { # unset so that ctrl shift d is not set twice
+        key = "";
+        command = "workbench.view.debug";
+      }
+    ];
+  };
+
+
+  gtk = {
+    enable = true;
+    theme = {
+      name = "Adwaita-Dark";
+      package = pkgs.gnome.gnome-themes-extra;
+    };
+    gtk3.extraConfig = {
+      Settings = ''
+        gtk-application-prefer-dark-theme=1
+      '';
+    };
+
+    gtk4.extraConfig = {
+      Settings = ''
+        gtk-application-prefer-dark-theme=1
+      '';
+    };
+  };
+
+  home.sessionVariables.GTK_THEME = "Adwaita-Dark";
+
+  xdg.configFile = {
+    "gtk-4.0/assets".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/assets";
+    "gtk-4.0/gtk.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk.css";
+    "gtk-4.0/gtk-dark.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk-dark.css";
+  };
+
+  dconf = {
+    enable = true;
+    settings = {
+      "org/gnome/desktop/interface" = {
+        color-scheme = "prefer-dark";
+        gtk-theme = "Adwaita-Dark";
+      };
+    };
+  };
+
+  # Wayland, X, etc. support for session vars 
+  # systemd.user.sessionVariables = home.sessionVariables;
+
+  qt = {
+    platformTheme = "gtk";
+  };
+
+
+
+  home.file.".ssh/config".text = ''
+    HOST nxace
+        HostName nx2.site
+        User nx2
+        Port 50022
+
+    HOST nxacel
+        HostName 192.168.178.32
+        User nx2
+        Port 50022
+
+    HOST nxrpi
+        HostName nx2.site
+        User pi
+        Port 50023
+
+    HOST nxrpil
+        HostName 192.168.178.31
+        User pi
+        Port 50023
+  '';
+
+
+
+
+
+  # Let Home Manager install and manage itself.
+  programs.home-manager.enable = true;
+}