nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

changes saved (doesnt built)

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-07-20 21:23:47 +02:00
parent 70b3d92fb1
commit dffd47fa94
11 changed files with 113 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
configuration.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, pkgs-unstable, inputs, ... }: { pkgs, pkgs-unstable, lib, inputs, allowed, nvidia, ... }:
{ {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
@@ -12,12 +12,12 @@
./system-modules/gc.nix ./system-modules/gc.nix
./system-modules/dm.nix ./system-modules/dm.nix
./system-modules/networking.nix ./system-modules/networking.nix
./system-modules/virtualisation.nix # ./system-modules/virtualisation.nix
./system-modules/sshd.nix ./system-modules/sshd.nix
./system-modules/gpg.nix ./system-modules/gpg.nix
./system-modules/sops.nix ./system-modules/sops.nix
./system-modules/syncthing.nix ./system-modules/syncthing.nix
# ./system-modules/hsmw.nix # old ./system-modules/hsmw.nix # old
./system-modules/docker.nix ./system-modules/docker.nix
./system-modules/health_reminder.nix ./system-modules/health_reminder.nix
./system-modules/ydotool.nix ./system-modules/ydotool.nix
@@ -60,13 +60,20 @@
hardware.bluetooth.powerOnBoot = true; # hardware.bluetooth.powerOnBoot = true; #
services.blueman.enable = true; services.blueman.enable = true;
nixpkgs.config.allowUnfree = true; # nixpkgs.config.allowUnfree = true;
# nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages; nixpkgs.config = {
# allowUnfree = true;
# allowUnfreePredicate = (pkg: true);
allowUnfreePredicate = let
string-list = allowed.unfree-packages ++ (if nvidia.enable == true then nvidia.unfree else []);
in pkg: builtins.elem (lib.getName pkg) string-list;
cudaSupport = nvidia.enable;
enableParallelBuildingByDefault = true;
};
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; ([
git git
lazygit # home-manager module is bugged lazygit # home-manager module is bugged
git-crypt git-crypt
@@ -84,8 +91,8 @@
blueman blueman
dmidecode dmidecode
file file
] ++ (with pkgs-unstable; [ # ]) ++ (with pkgs-unstable; [
sendme # # sendme
]); ]);
environment.variables = { environment.variables = {
@@ -104,7 +111,6 @@
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
programs.bash.shellInit = '' programs.bash.shellInit = ''
source $HOME/.nix-profile/etc/profile.d/hm-session-vars.sh source $HOME/.nix-profile/etc/profile.d/hm-session-vars.sh
''; '';

80
flake.nix
View File

@@ -2,7 +2,7 @@
description = "Multisystem NixOS Flake of Lennart J. Kurzweg"; description = "Multisystem NixOS Flake of Lennart J. Kurzweg";
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-24.05"; nixpkgs.url = "nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-24.05"; url = "github:nix-community/home-manager/release-24.05";
@@ -28,10 +28,6 @@
}; };
hyprswitch.url = "github:h3rmt/hyprswitch/release"; hyprswitch.url = "github:h3rmt/hyprswitch/release";
# nixvim = {
# url = "github:nix-community/nixvim/nixos-23.11";
# inputs.nixpkgs.follows = "nixpkgs";
# };
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.3.0"; url = "github:nix-community/lanzaboote/v0.3.0";
# inputs.nixpkgs.follows = "nixpkgs-unstable"; # inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -50,8 +46,19 @@
outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, ... }@inputs: outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, ... }@inputs:
let let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system}; pkgs-config = {
pkgs-unstable = nixpkgs-unstable.legacyPackages.${system}; allowUnfree = true;
# cudaSupport = nvidia.enable;
# enableParallelBuildingByDefault = true;
};
pkgs = import nixpkgs {
system = system;
config = pkgs-config;
};
pkgs-unstable = import nixpkgs-unstable {
system = system;
config = pkgs-config;
};
user = "nx2"; user = "nx2";
@@ -60,46 +67,43 @@
prime = true; prime = true;
# unfree = if enable then [ # unfree = if enable then [
unfree = [ unfree = [
"nvidia-x11" "cuda_cccl"
"nvidia-settings" "cuda_cudart"
"nvidia-persistenced" "cuda_cuobjdump"
"cuda_cupti"
"cuda_cuxxfilt"
"cuda_gdb"
"cuda-merged"
"cuda_nvcc"
"cuda_nvdisasm"
"cuda_nvml_dev"
"cuda_nvprune"
"cuda_nvrtc"
"cuda_nvtx"
"cuda_profiler_api"
"cuda_sanitizer_api"
"cudatoolkit" "cudatoolkit"
"cudatoolkit-11.8.0" "libcublas"
"cudatoolkit-12.2.2" "libcufft"
"libcurand"
"libcusolver"
"libcusparse"
"libnpp"
"libnvjitlink"
"nviaia-x11"
"nvidia-persistenced"
"nvidia-settings"
"nvidia-x11"
]; ];
# ] else []; # ] else [];
}; };
allowed = { allowed = {
unfree-packages = [ unfree-packages = [
"cudatoolkit"
"cuda-merged"
"cuda_cuobjdump"
"cuda_gdb"
"cuda_nvcc"
"cuda_nvdisasm"
"cuda_nvprune"
"cuda_cccl"
"cuda_cudart"
"cuda_cupti"
"cuda_cuxxfilt"
"cuda_nvml_dev"
"cuda_nvrtc"
"cuda_nvtx"
"cuda_profiler_api"
"cuda_sanitizer_api"
"libcublas"
"libcufft"
"libcurand"
"libcusolver"
"libnvjitlink"
"libcusparse"
"libnpp"
"discord" "discord"
"spotify"
"obsidian" "obsidian"
"zoom-us" "spotify"
"zoom" "zoom"
"zoom-us"
] ++ nvidia.unfree; ] ++ nvidia.unfree;
inecure-packages = [ inecure-packages = [

BIN
git-crypt/mutt/client-secret-oauth2-lkgoogle.json
View File

Binary file not shown.

BIN
git-crypt/secrets.nix
View File

Binary file not shown.

13
home-modules/email.nix
View File

@@ -102,9 +102,9 @@ lib.mkIf (host != "NxACE")
}; };
}; };
hsmw = { hsmw = with secrets.email.hsmw; {
address = secrets.email.hsmw.mail; address = "${un}@hs-mittweida.de";
userName = secrets.email.hsmw.mail; userName = "${un}@hs-mittweida.de";
realName = "Lennart J. Kurzweg"; realName = "Lennart J. Kurzweg";
imap = { imap = {
port = 993; port = 993;
@@ -117,8 +117,8 @@ lib.mkIf (host != "NxACE")
}; };
signature = { signature = {
text = '' text = ''
MatNr: ${secrets.email.hsmw.mnr} MatNr: ${mnr}
SemGr: ${secrets.email.hsmw.semgr} SemGr: ${semgr}
About Me: https://nx2.site/about-me About Me: https://nx2.site/about-me
Contact: https://nx2.site/contact Contact: https://nx2.site/contact
GPG: https://nx2.site/gpg GPG: https://nx2.site/gpg
@@ -128,6 +128,9 @@ lib.mkIf (host != "NxACE")
thunderbird = { thunderbird = {
enable = true; enable = true;
profiles = [ "default" ]; profiles = [ "default" ];
settings = id: {
"mail.server.server_${id}.fcc_folder" = "imap://${un}%40hs-mittweida.de@xc.hs-mittweida.de/Sent";
};
}; };
}; };
}; };

2
home-modules/helix.nix
View File

@@ -99,7 +99,7 @@
"constant" = accent.bright; "constant" = accent.bright;
"constant.character.escape" = special.bright; "constant.character.escape" = special.bright;
"constant.numeric" = foreground; "constant.numeric" = foreground;
"constructor" = blue.dark; "constructor" = weird.base;
"debug" = yellow.base; "debug" = yellow.base;
"diagnostic.modifiers" = [ "underlined" ]; "diagnostic.modifiers" = [ "underlined" ];
"diff.delta" = blue.bright; "diff.delta" = blue.bright;

1
home-modules/hyprland-autoname-workspaces.nix
View File

@@ -49,6 +49,7 @@ lib.mkIf (user != "tv")
"leagueclientux.exe" = "󰰌" "leagueclientux.exe" = "󰰌"
zathura = "󰈦" zathura = "󰈦"
code-oss = "󰨞" code-oss = "󰨞"
codium-url-handler = "󰨞"
discord = "󰙯" discord = "󰙯"
vesktop = "󰙯" vesktop = "󰙯"
blueman-manager = "󰂯" blueman-manager = "󰂯"

12
home.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, pkgs-unstable, lib, system, inputs, host, user, rice, allowed, secrets, ... }: { config, pkgs, pkgs-unstable, lib, system, nvidia, host, user, rice, allowed, secrets, ... }:
{ {
imports = [ imports = [
@@ -63,9 +63,14 @@
home.homeDirectory = "/home/${user}"; home.homeDirectory = "/home/${user}";
home.stateVersion = "24.05"; home.stateVersion = "24.05";
nixpkgs.config = { nixpkgs.config = {
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages; allowUnfree = true;
# allowUnfreePredicate = (pkg: true);
# allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages;
permittedInsecurePackages = allowed.inecure-packages; permittedInsecurePackages = allowed.inecure-packages;
# cudaSupport = nvidia.enable;
# enableParallelBuildingByDefault = true;
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
chromium chromium
@@ -78,7 +83,8 @@
swww playerctl swww playerctl
imv mpv mediainfo exiftool ffmpeg imv mpv mediainfo exiftool ffmpeg
pavucontrol fontpreview gtk2fontsel pavucontrol
fontpreview gtk2fontsel
lynx w3m browsh lynx w3m browsh
bat du-dust eza neofetch tldr fzf figlet ripgrep lolcat jq glow bat du-dust eza neofetch tldr fzf figlet ripgrep lolcat jq glow
brightnessctl wev brightnessctl wev

12
sops-secrets.yaml
View File

File diff suppressed because one or more lines are too long

37
system-modules/hsmw.nix
View File

@@ -1,24 +1,31 @@
{ pkgs, lib, host, secrets, ... }: { pkgs, lib, host, secrets, ... }:
lib.mkIf (host != "NxACE") lib.mkIf (host != "NxACE")
{ {
environment.systemPackages = [ environment.systemPackages = with pkgs; [
pkgs.strongswanNM strongswanNM
]; ];
environment.etc = { environment.etc = {
# Easyroam # # Easyroam
"ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem; # "ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
"ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem; # "ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
"ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem; # "ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
"NetworkManager/system-connections/eduroam.nmconnection" = { # "NetworkManager/system-connections/eduroam.nmconnection" = {
text = secrets.easyroamHSMW.nmconfig; # text = secrets.easyroamHSMW.nmconfig;
mode = "0600"; # mode = "0600";
}; # };
"ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.mail} : EAP "${secrets.email.hsmw.password}"''; # "ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.un}@hs-mittweida.de : EAP "megasecret"'';
"ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem; # "ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
"ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem; # "ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
};
sops.secrets = {
"USERTrust/ECC" = { path = "/etc/ipsec.d/USERTrust-ECC.pem"; };
"USERTrust/RSA" = { path = "/etc/ipsec.d/USERTrust-RSA.pem"; };
"hsmw-vpn-secret" = { path = "/etc/ipsec.d/hsmw.secret"; mode = "600"; };
}; };
networking.networkmanager.enableStrongSwan = true; networking.networkmanager.enableStrongSwan = true;
@@ -35,7 +42,7 @@ lib.mkIf (host != "NxACE")
left = "%defaultroute"; left = "%defaultroute";
leftid = "%any"; leftid = "%any";
leftauth = "eap"; leftauth = "eap";
eap_identity = secrets.email.hsmw.mail; eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de";
leftsourceip = "%config"; leftsourceip = "%config";
leftdns = "%config4"; leftdns = "%config4";
leftfirewall = "no"; leftfirewall = "no";
@@ -73,7 +80,7 @@ lib.mkIf (host != "NxACE")
"openssl" "openssl"
"resolve" "resolve"
]; ];
secrets = [ "/etc/ipsec.d/hsmw.secrets" ]; secrets = [ "/etc/ipsec.d/hsmw.secret" ];
ca = { ca = {
hsmw = { hsmw = {
auto = "add"; auto = "add";

5
system-modules/ollama.nix
View File

@@ -1,7 +1,7 @@
{ pkgs, lib, host, nvidia, ... }: { pkgs, pkgs-unstable, lib, host, nvidia, ... }:
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs-unstable; [
ollama ollama
]; ];
@@ -41,6 +41,7 @@
# ''; # '';
# }; # };
services.ollama = { services.ollama = {
# package = pkgs-unstable.ollama;
enable = true; enable = true;
acceleration = lib.mkIf nvidia.enable "cuda"; acceleration = lib.mkIf nvidia.enable "cuda";
listenAddress = if host == "NxACE" then "0.0.0.0:11434" else "127.0.0.1:11434"; listenAddress = if host == "NxACE" then "0.0.0.0:11434" else "127.0.0.1:11434";