nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nx2:813a3fd019265d6dde1ee23738d8c7b9a974564d
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north
..
compare: nx2:north
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north

11 Commits
813a3fd019 ... north

Author SHA1 Message Date
Lennart J. Kurzweg (Nx2)
dffd47fa94 changes saved (doesnt built) 2024-07-20 21:23:47 +02:00
Lennart J. Kurzweg (Nx2)
70b3d92fb1 update_namecheap in python 2024-07-14 02:14:19 +02:00
Lennart J. Kurzweg (Nx2)
93bcb23085 kodi on ice 2024-07-14 02:13:32 +02:00
Lennart J. Kurzweg (Nx2)
bb60da2409 nvidia user conf only on nvidia systems 2024-07-14 02:12:37 +02:00
Lennart J. Kurzweg (Nx2)
6b33a71dd3 Merge branch 'master' of ssh://git.nx2.site:20022/nx2/dotfiles 2024-07-11 15:18:13 +02:00
Lennart J. Kurzweg (Nx2)
63e68509e3 . 2024-07-11 15:17:39 +02:00
Lennart J. Kurzweg (Nx2)
152a42db08 qmk 2024-07-11 15:17:30 +02:00
Lennart J. Kurzweg (Nx2)
71fba2ade8 Vcam 2024-07-11 15:17:20 +02:00
Lennart J. Kurzweg (Nx2)
4ad5da9956 nvidia better 2024-07-11 15:17:06 +02:00
Lennart J. Kurzweg (Nx2)
2fc38d5ee7 weechat 2024-07-11 15:16:19 +02:00
Lennart J. Kurzweg (Nx2)
03d3741aed deprecation fixups 2024-07-07 23:00:19 +02:00
18 changed files with 322 additions and 97 deletions
Expand all files Collapse all files

29
configuration.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, pkgs-unstable, inputs, ... }:
{ pkgs, pkgs-unstable, lib, inputs, allowed, nvidia, ... }:
{
imports = [
inputs.sops-nix.nixosModules.sops
@@ -12,18 +12,19 @@
./system-modules/gc.nix
./system-modules/dm.nix
./system-modules/networking.nix
./system-modules/virtualisation.nix
# ./system-modules/virtualisation.nix
./system-modules/sshd.nix
./system-modules/gpg.nix
./system-modules/sops.nix
./system-modules/syncthing.nix
# ./system-modules/hsmw.nix # old
./system-modules/hsmw.nix # old
./system-modules/docker.nix
./system-modules/health_reminder.nix
./system-modules/ydotool.nix
./system-modules/ollama.nix
./system-modules/nx2site.nix
./system-modules/kodi.nix
./system-modules/qmk.nix
];
@@ -52,20 +53,27 @@
security.rtkit.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
services.xserver.libinput.enable = true;
services.libinput.enable = true;
hardware.uinput.enable = true;
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = true; #
services.blueman.enable = true;
nixpkgs.config.allowUnfree = true;
# nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages;
# nixpkgs.config.allowUnfree = true;
nixpkgs.config = {
# allowUnfree = true;
# allowUnfreePredicate = (pkg: true);
allowUnfreePredicate = let
string-list = allowed.unfree-packages ++ (if nvidia.enable == true then nvidia.unfree else []);
in pkg: builtins.elem (lib.getName pkg) string-list;
cudaSupport = nvidia.enable;
enableParallelBuildingByDefault = true;
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs; ([
git
lazygit # home-manager module is bugged
git-crypt
@@ -83,8 +91,8 @@
blueman
dmidecode
file
] ++ (with pkgs-unstable; [
sendme
# ]) ++ (with pkgs-unstable; [
# # sendme
]);
environment.variables = {
@@ -103,7 +111,6 @@
nix.settings.experimental-features = [ "nix-command" "flakes" ];
programs.bash.shellInit = ''
source $HOME/.nix-profile/etc/profile.d/hm-session-vars.sh
'';

55
flake.nix
View File

@@ -28,10 +28,6 @@
};
hyprswitch.url = "github:h3rmt/hyprswitch/release";
# nixvim = {
# url = "github:nix-community/nixvim/nixos-23.11";
# inputs.nixpkgs.follows = "nixpkgs";
# };
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.3.0";
# inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -50,8 +46,19 @@
outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, ... }@inputs:
let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
pkgs-unstable = nixpkgs-unstable.legacyPackages.${system};
pkgs-config = {
allowUnfree = true;
# cudaSupport = nvidia.enable;
# enableParallelBuildingByDefault = true;
};
pkgs = import nixpkgs {
system = system;
config = pkgs-config;
};
pkgs-unstable = import nixpkgs-unstable {
system = system;
config = pkgs-config;
};
user = "nx2";
@@ -60,23 +67,43 @@
prime = true;
# unfree = if enable then [
unfree = [
"nvidia-x11"
"nvidia-settings"
"nvidia-persistenced"
"cuda_cccl"
"cuda_cudart"
"cuda_cuobjdump"
"cuda_cupti"
"cuda_cuxxfilt"
"cuda_gdb"
"cuda-merged"
"cuda_nvcc"
"cuda_nvdisasm"
"cuda_nvml_dev"
"cuda_nvprune"
"cuda_nvrtc"
"cuda_nvtx"
"cuda_profiler_api"
"cuda_sanitizer_api"
"cudatoolkit"
"cudatoolkit-11.8.0"
"cudatoolkit-12.2.2"
"libcublas"
"libcufft"
"libcurand"
"libcusolver"
"libcusparse"
"libnpp"
"libnvjitlink"
"nviaia-x11"
"nvidia-persistenced"
"nvidia-settings"
"nvidia-x11"
];
# ] else [];
};
allowed = {
unfree-packages = [
"spotify"
"cudatoolkit-12.2.2"
"discord"
"obsidian"
"zoom-us"
"spotify"
"zoom"
"zoom-us"
] ++ nvidia.unfree;
inecure-packages = [

BIN
git-crypt/mutt/client-secret-oauth2-lkgoogle.json
View File

Binary file not shown.

BIN
git-crypt/secrets.nix
View File

Binary file not shown.

13
home-modules/email.nix
View File

@@ -102,9 +102,9 @@ lib.mkIf (host != "NxACE")
};
};
hsmw = {
address = secrets.email.hsmw.mail;
userName = secrets.email.hsmw.mail;
hsmw = with secrets.email.hsmw; {
address = "${un}@hs-mittweida.de";
userName = "${un}@hs-mittweida.de";
realName = "Lennart J. Kurzweg";
imap = {
port = 993;
@@ -117,8 +117,8 @@ lib.mkIf (host != "NxACE")
};
signature = {
text = ''
MatNr: ${secrets.email.hsmw.mnr}
SemGr: ${secrets.email.hsmw.semgr}
MatNr: ${mnr}
SemGr: ${semgr}
About Me: https://nx2.site/about-me
Contact: https://nx2.site/contact
GPG: https://nx2.site/gpg
@@ -128,6 +128,9 @@ lib.mkIf (host != "NxACE")
thunderbird = {
enable = true;
profiles = [ "default" ];
settings = id: {
"mail.server.server_${id}.fcc_folder" = "imap://${un}%40hs-mittweida.de@xc.hs-mittweida.de/Sent";
};
};
};
};

2
home-modules/helix.nix
View File

@@ -99,7 +99,7 @@
"constant" = accent.bright;
"constant.character.escape" = special.bright;
"constant.numeric" = foreground;
"constructor" = blue.dark;
"constructor" = weird.base;
"debug" = yellow.base;
"diagnostic.modifiers" = [ "underlined" ];
"diff.delta" = blue.bright;

1
home-modules/hyprland-autoname-workspaces.nix
View File

@@ -49,6 +49,7 @@ lib.mkIf (user != "tv")
"leagueclientux.exe" = "󰰌"
zathura = "󰈦"
code-oss = "󰨞"
codium-url-handler = "󰨞"
discord = "󰙯"
vesktop = "󰙯"
blueman-manager = "󰂯"

84
home-modules/matrix.nix
View File

@@ -1,7 +1,87 @@
{ pkgs, ... }:
{ pkgs, host, ... }:
{
home.packages = with pkgs; [
# cinny-desktop
weechat
(weechat.override {
configure = { availablePlugins, ... }: {
scripts = with pkgs.weechatScripts; [
weechat-matrix
];
};
})
];
sops.secrets."weechat/passphrase" = { path = "%r/secrets/weechat/passphrase"; };
home.file = {
".config/weechat/sec.conf".text = ''
[crypt]
cipher = aes256
hash_algo = sha256
passphrase_command = "cat $XDG_RUNTIME_DIR/secrets/weechat/passphrase"
salt = on
[data]
__passphrase__ = on
matrix_nx2site_password = "AD1FDBA557C3C2BA41A0BAAD43FBE91E35830A7779A82DE4C3C34204133459512B2008E83A5FDDA9C1209F9DEF833819DF5E9726AEB01162B421864DD3F08F4F9900DADB"
'';
".config/weechat/matrix.conf".text = ''
[network]
autoreconnect_delay_growing = 2
autoreconnect_delay_max = 600
debug_buffer = off
debug_category = all
debug_level = error
fetch_backlog_on_pgup = on
lag_min_show = 500
lag_reconnect = 90
lazy_load_room_users = off
max_backlog_sync_events = 10
max_initial_sync_events = 30
max_nicklist_users = 5000
print_unconfirmed_messages = on
read_markers_conditions = "''${markers_enabled}"
resending_ignores_devices = on
typing_notice_conditions = "''${typing_enabled}"
[look]
bar_item_typing_notice_prefix = "Typing: "
busy_sign = ""
code_block_margin = 2
code_blocks = on
disconnect_sign = ""
encrypted_room_sign = "🔐"
encryption_warning_sign = " "
human_buffer_names = off
markdown_input = on
max_typing_notice_item_length = 50
new_channel_position = none
pygments_style = "native"
quote_wrap = 67
redactions = strikethrough
server_buffer = merge_with_core
[color]
error_message_bg = default
error_message_fg = darkgray
nick_prefixes = "admin=lightgreen;mod=lightgreen;power=yellow"
quote_bg = default
quote_fg = lightgreen
unconfirmed_message_bg = default
unconfirmed_message_fg = darkgray
untagged_code_bg = default
untagged_code_fg = blue
[server]
nx2site.autoconnect = off
nx2site.address = "nx2.site"
nx2site.port = 443
nx2site.proxy = ""
nx2site.ssl_verify = on
nx2site.username = "nx2"
nx2site.password = "''${sec.data.matrix_nx2site_password}"
nx2site.device_name = "Weechat@${host}"
nx2site.autoreconnect_delay = 10
nx2site.sso_helper_listening_port = 0
'';
};
}

35
home-modules/nvidia.nix Normal file
View File

@@ -0,0 +1,35 @@
{ pkgs, lib, nvidia, ... }:
lib.mkIf (nvidia.enable == true)
{
home = {
packages = with pkgs; [
nvtopPackages.full
];
sessionVariables = {
NIXOS_OZONE_WL = "1"; # Hint electron apps to use wayland
WLR_NO_HARDWARE_CURSORS = "1"; # Fix cursor rendering issue on wlr nvidia.
XDG_CURRENT_DESKTOP = "Hyprland";
XDG_SESSION_TYPE = "wayland";
XDG_SESSION_DESKTOP = "Hyprland";
GBM_BACKEND = "nvidia-drm";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
LIBVA_DRIVER_NAME = "nvidia";
__GL_GSYNC_ALLOWED = "1";
__GL_VRR_ALLOWED = "0";
WLR_DRM_NO_ATOMIC = "1";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_QPA_PLATFORM = "wayland";
QT_QPA_PLATFORMTHEME = "qt5ct";
GDK_SCALE = "2";
ELECTRON_OZONE_PLATFORM_HINT = "auto";
NVD_BACKEND = "direct";
};
};
}

14
home.nix
View File

@@ -1,7 +1,9 @@
{ config, pkgs, pkgs-unstable, lib, system, inputs, host, user, rice, allowed, secrets, ... }:
{ config, pkgs, pkgs-unstable, lib, system, nvidia, host, user, rice, allowed, secrets, ... }:
{
imports = [
./home-modules/vscode.nix
./home-modules/nvidia.nix
# ./home-modules/firefox.nix
./home-modules/discord.nix
./home-modules/matrix.nix
@@ -61,9 +63,14 @@
home.homeDirectory = "/home/${user}";
home.stateVersion = "24.05";
nixpkgs.config = {
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages;
allowUnfree = true;
# allowUnfreePredicate = (pkg: true);
# allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages;
permittedInsecurePackages = allowed.inecure-packages;
# cudaSupport = nvidia.enable;
# enableParallelBuildingByDefault = true;
};
home.packages = with pkgs; [
chromium
@@ -76,7 +83,8 @@
swww playerctl
imv mpv mediainfo exiftool ffmpeg
pavucontrol fontpreview gtk2fontsel
pavucontrol
fontpreview gtk2fontsel
lynx w3m browsh
bat du-dust eza neofetch tldr fzf figlet ripgrep lolcat jq glow
brightnessctl wev

16
sops-secrets.yaml
View File

File diff suppressed because one or more lines are too long

2
system-modules/boot.nix
View File

@@ -107,7 +107,7 @@ in
};
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
kernelModules = [ "v4l2loopback" ];
extraModprobeConfig = ''options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1'';
extraModprobeConfig = ''options v4l2loopback devices=1 video_nr=1 card_label="OBS VCam" exclusive_caps=1'';
};
} else { # NxACE
boot = {

37
system-modules/hsmw.nix
View File

@@ -1,24 +1,31 @@
{ pkgs, lib, host, secrets, ... }:
lib.mkIf (host != "NxACE")
{
environment.systemPackages = [
pkgs.strongswanNM
environment.systemPackages = with pkgs; [
strongswanNM
];
environment.etc = {
# Easyroam
"ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
"ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
"ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
"NetworkManager/system-connections/eduroam.nmconnection" = {
text = secrets.easyroamHSMW.nmconfig;
mode = "0600";
};
# # Easyroam
# "ssl/certs/easyroam_client_cert.pem".source = ../secrets/easyroam-hsmw/easyroam_client_cert.pem;
# "ssl/certs/easyroam_root_ca.pem".source = ../secrets/easyroam-hsmw/easyroam_root_ca.pem;
# "ssl/certs/easyroam_client_key.pem".source = ../secrets/easyroam-hsmw/easyroam_client_key.pem;
# "NetworkManager/system-connections/eduroam.nmconnection" = {
# text = secrets.easyroamHSMW.nmconfig;
# mode = "0600";
# };
"ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.mail} : EAP "${secrets.email.hsmw.password}"'';
"ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
"ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
# "ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.un}@hs-mittweida.de : EAP "megasecret"'';
# "ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
# "ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
};
sops.secrets = {
"USERTrust/ECC" = { path = "/etc/ipsec.d/USERTrust-ECC.pem"; };
"USERTrust/RSA" = { path = "/etc/ipsec.d/USERTrust-RSA.pem"; };
"hsmw-vpn-secret" = { path = "/etc/ipsec.d/hsmw.secret"; mode = "600"; };
};
networking.networkmanager.enableStrongSwan = true;
@@ -35,7 +42,7 @@ lib.mkIf (host != "NxACE")
left = "%defaultroute";
leftid = "%any";
leftauth = "eap";
eap_identity = secrets.email.hsmw.mail;
eap_identity = "${secrets.email.hsmw.un}@hs-mittweida.de";
leftsourceip = "%config";
leftdns = "%config4";
leftfirewall = "no";
@@ -73,7 +80,7 @@ lib.mkIf (host != "NxACE")
"openssl"
"resolve"
];
secrets = [ "/etc/ipsec.d/hsmw.secrets" ];
secrets = [ "/etc/ipsec.d/hsmw.secret" ];
ca = {
hsmw = {
auto = "add";

21
system-modules/kodi.nix
View File

@@ -1,12 +1,13 @@
{ pkgs, lib, host, ... }:
lib.mkIf (host == "NxACE")
{
services.xserver.desktopManager.kodi = {
enable = true;
};
services.cage = {
user = "kodi";
program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
enable = true;
};
}
{}
# {
# services.xserver.desktopManager.kodi = {
# enable = true;
# };
# services.cage = {
# user = "kodi";
# program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
# enable = true;
# };
# }

3
system-modules/nvidia.nix
View File

@@ -1,11 +1,8 @@
{ config, pkgs, pkgs-unstable, lib, nvidia, ... }:
let
in
{
config = lib.mkIf nvidia.enable {
environment.systemPackages = with pkgs; [
lshw
nvtop
glxinfo
(pkgs.writeShellScriptBin "nvidia-offload" ''
export __NV_PRIME_RENDER_OFFLOAD=1

86
system-modules/nx2site.nix
View File

@@ -1,6 +1,10 @@
{ pkgs, lib, user, host, ... }:
{ config, pkgs, lib, user, host, ... }:
lib.mkIf (host == "NxACE")
{
sops.secrets = {
"nx2site/namecheap.pw" = { };
};
systemd = {
timers."namecheap-dynamic-dns" = {
wantedBy = [ "timers.target" ];
@@ -12,33 +16,63 @@ lib.mkIf (host == "NxACE")
};
services."namecheap-dynamic-dns" =
let
u = pkgs.writeScriptBin "update_namecheap" ''
my_ip=$(${pkgs.curl}/bin/curl -s https://ipinfo.io/ip)
dns_ip=$(${pkgs.dig}/bin/nslookup nx2.site | grep -E "Address: [0-9]" | cut -c 10-)
fdc="/home/nx2/nx2site/domain/count.txt"
u = let
domain = "nx2.site";
passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path;
log-file-path = "/var/log/update_namecheap.log";
count-file-path = "/var/log/update_namecheap-count.txt";
in
pkgs.writers.writePython3Bin "update_namecheap" {
libraries = with pkgs.python311Packages; [
requests
];
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" ];
} ''
import requests
import argparse
import socket
from datetime import datetime
force_update=false
def get_public_ip(): return requests.get('https://ipinfo.io/ip').text.strip()
while getopts "f" opt; do
case $opt in
f)
force_update=true
;;
\?)
echo "Invalid option: -$OPTARG" >&2
exit 1
;;
esac
done
def get_dns_ip(): return socket.gethostbyname_ex('${domain}')[2][0]
if [ "$force_update" == true ] || [ "$my_ip" != "$dns_ip" ]; then
count=$(<$fdc)
echo [ $count times ] $(date) from $dns_ip to $my_ip >> /home/nx2/nx2site/domain/updates.log
pw=$(cat /home/nx2/nx2site/domain/pw.txt)
${pkgs.curl}/bin/curl -s "https://dynamicdns.park-your-domain.com/update?host=@&domain=nx2.site&password=$pw&ip=$my_ip"
${pkgs.curl}/bin/curl -s "https://dynamicdns.park-your-domain.com/update?host=*&domain=nx2.site&password=$pw&ip=$my_ip"
echo 0 > $fdc
fi
def main(force_update):
my_ip = get_public_ip()
dns_ip = get_dns_ip()
with open("${count-file-path}", "r") as f:
content = f.read()
if content == "": count = 0
else: count = int(content)
count += 1
with open("${count-file-path}", "w") as f:
f.write(str(count))
if not (force_update or my_ip != dns_ip):
print(f"Host IP and DNS response are both {my_ip} --> No Action")
exit(0)
else:
with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip()
# Perform DNS updates
resp_base = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password={pw}&ip={my_ip}")
resp_subd = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=*&domain=${domain}&password={pw}&ip={my_ip}")
# Reset the count file
with open("${count-file-path}", 'w') as f: f.write('0')
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - from {dns_ip} to {my_ip} - {count} times - Response {resp_base.status_code}{' - (forced)' if force_update else ' '}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument('-f', '--force', action='store_true', help='Force update')
args = parser.parse_args()
main(args.force)
'';
in
{
@@ -48,7 +82,7 @@ lib.mkIf (host == "NxACE")
'';
serviceConfig = {
Type = "oneshot";
User = "nx2";
# User = "nx2";
};
};
};

5
system-modules/ollama.nix
View File

@@ -1,7 +1,7 @@
{ pkgs, lib, host, nvidia, ... }:
{ pkgs, pkgs-unstable, lib, host, nvidia, ... }:
{
environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs-unstable; [
ollama
];
@@ -41,6 +41,7 @@
# '';
# };
services.ollama = {
# package = pkgs-unstable.ollama;
enable = true;
acceleration = lib.mkIf nvidia.enable "cuda";
listenAddress = if host == "NxACE" then "0.0.0.0:11434" else "127.0.0.1:11434";

12
system-modules/qmk.nix Normal file
View File

@@ -0,0 +1,12 @@
{ pkgs, ... }:
{
hardware.keyboard.qmk.enable = true;
# home.packages = with pkgs; [
# via
# ];
environment.systemPackages = with pkgs; [
via
];
services.udev.packages = [ pkgs.via ];
}