From 54327482e3067ca96ca183d35861f400842c7f9d Mon Sep 17 00:00:00 2001 From: Stefan Ellmauthaler <71695780+ellmau@users.noreply.github.com> Date: Fri, 10 Jun 2022 21:32:48 +0200 Subject: [PATCH] Redesign/flake (#4) Redesign flake and update to 22.05 --- .sops.yaml | 17 ++ README.md | 21 +- baseconfiguration.nix | 151 ---------- common/users.nix | 20 ++ .../nix-wallpaper-nineish-dark-gray.png | Bin .../wallpaper/nix-wallpaper-nineish.png | Bin flake.lock | 278 ++++++++++++++---- flake.nix | 140 +++++++-- layer/default.nix | 4 - layer/graphical.nix | 64 ---- layer/server.nix | 10 - lib/default.nix | 6 + lib/files.nix | 14 + lib/users.nix | 19 ++ local-overlay/default.nix | 4 - local-overlay/pkgs/tray-calendar/default.nix | 29 -- .../pkgs/tray-calendar/traycalendar.py | 215 -------------- machine/ellmauthaler/default.nix | 12 - machine/nucturne/default.nix | 58 ---- machine/stel-xps/default.nix | 30 -- machines/metis/default.nix | 55 ++++ .../metis}/hardware-configuration.nix | 0 machines/nucturne/default.nix | 58 ++++ .../nucturne/hardware-configuration.nix | 0 machines/nucturne/software.nix | 28 ++ machines/stel-xps/default.nix | 63 ++++ .../stel-xps/hardware-configuration.nix | 2 +- .../stel-xps/ppds/Ricoh/ricoh-mp-c307.ppd | 0 .../stel-xps/ppds/Ricoh/ricoh-sp-4510dn.ppd | 0 {machine => machines}/stel-xps/printer.nix | 0 machines/stel-xps/software.nix | 29 ++ modules/aspell.nix | 19 ++ modules/base.nix | 62 ++++ modules/communication.nix | 20 ++ {programs => modules}/emacs/default.el | 0 {programs => modules}/emacs/default.nix | 15 +- {programs => modules}/emacs/packages.nix | 0 modules/graphical.nix | 79 +++++ modules/locale.nix | 40 +++ modules/nix-index-db.nix | 57 ++++ modules/nix.nix | 31 ++ modules/obs-studio.nix | 10 + modules/openvpn/config/TUD.ovpn | 60 ++++ modules/openvpn/default.nix | 14 + {programs => modules}/python.nix | 7 +- modules/secrets.nix | 16 + modules/server/default.nix | 27 ++ modules/server/nextcloud.nix | 27 ++ modules/server/nginx.nix | 15 + modules/server/smailserver.nix | 14 + modules/server/sql.nix | 13 + modules/ssh.nix | 16 + modules/stateversion.nix | 4 + modules/steam-run.nix | 15 + modules/texlive.nix | 24 ++ modules/users.nix | 183 ++++++++++++ modules/zsh.nix | 65 ++++ options.nix | 39 --- programs/aspell.nix | 15 - programs/default.nix | 9 - programs/obs-studio.nix | 6 - secrets/default.nix | 4 - secrets/keys/hosts/nucturne.asc | 28 ++ secrets/keys/hosts/stel-xps.asc | 28 ++ secrets/keys/users/stefan_ellmauthaler.asc | 52 ++++ secrets/secrets.yaml | 81 +++++ secrets/server.yaml | 53 ++++ secrets/shell.nix | 15 + services/default.nix | 9 - services/mariadb.nix | 7 - services/nextcloud.nix | 4 - services/nginx.nix | 9 - services/smailserver.nix | 4 - users/default.nix | 25 -- users/ellmau/alacritty.nix | 14 - users/ellmau/autorandr.nix | 222 +++++++------- users/ellmau/default.nix | 158 ++++------ users/ellmau/dunst.nix | 63 ++-- users/ellmau/git.nix | 50 ++-- users/ellmau/go.nix | 4 - users/ellmau/gpg.nix | 20 +- users/ellmau/i3.nix | 12 +- users/ellmau/nextcloud.nix | 8 +- users/ellmau/polybar.nix | 6 +- users/ellmau/zsh.nix | 125 ++++---- 85 files changed, 2043 insertions(+), 1187 deletions(-) create mode 100644 .sops.yaml delete mode 100644 baseconfiguration.nix create mode 100644 common/users.nix rename {users/common => common}/wallpaper/nix-wallpaper-nineish-dark-gray.png (100%) rename {users/common => common}/wallpaper/nix-wallpaper-nineish.png (100%) delete mode 100644 layer/default.nix delete mode 100644 layer/graphical.nix delete mode 100644 layer/server.nix create mode 100644 lib/default.nix create mode 100644 lib/files.nix create mode 100644 lib/users.nix delete mode 100644 local-overlay/default.nix delete mode 100644 local-overlay/pkgs/tray-calendar/default.nix delete mode 100755 local-overlay/pkgs/tray-calendar/traycalendar.py delete mode 100644 machine/ellmauthaler/default.nix delete mode 100644 machine/nucturne/default.nix delete mode 100644 machine/stel-xps/default.nix create mode 100644 machines/metis/default.nix rename {machine/ellmauthaler => machines/metis}/hardware-configuration.nix (100%) create mode 100644 machines/nucturne/default.nix rename {machine => machines}/nucturne/hardware-configuration.nix (100%) create mode 100644 machines/nucturne/software.nix create mode 100644 machines/stel-xps/default.nix rename {machine => machines}/stel-xps/hardware-configuration.nix (95%) rename {machine => machines}/stel-xps/ppds/Ricoh/ricoh-mp-c307.ppd (100%) rename {machine => machines}/stel-xps/ppds/Ricoh/ricoh-sp-4510dn.ppd (100%) rename {machine => machines}/stel-xps/printer.nix (100%) create mode 100644 machines/stel-xps/software.nix create mode 100644 modules/aspell.nix create mode 100644 modules/base.nix create mode 100644 modules/communication.nix rename {programs => modules}/emacs/default.el (100%) rename {programs => modules}/emacs/default.nix (87%) rename {programs => modules}/emacs/packages.nix (100%) create mode 100644 modules/graphical.nix create mode 100644 modules/locale.nix create mode 100644 modules/nix-index-db.nix create mode 100644 modules/nix.nix create mode 100644 modules/obs-studio.nix create mode 100644 modules/openvpn/config/TUD.ovpn create mode 100644 modules/openvpn/default.nix rename {programs => modules}/python.nix (52%) create mode 100644 modules/secrets.nix create mode 100644 modules/server/default.nix create mode 100644 modules/server/nextcloud.nix create mode 100644 modules/server/nginx.nix create mode 100644 modules/server/smailserver.nix create mode 100644 modules/server/sql.nix create mode 100644 modules/ssh.nix create mode 100644 modules/stateversion.nix create mode 100644 modules/steam-run.nix create mode 100644 modules/texlive.nix create mode 100644 modules/users.nix create mode 100644 modules/zsh.nix delete mode 100644 options.nix delete mode 100644 programs/aspell.nix delete mode 100644 programs/default.nix delete mode 100644 programs/obs-studio.nix delete mode 100644 secrets/default.nix create mode 100644 secrets/keys/hosts/nucturne.asc create mode 100644 secrets/keys/hosts/stel-xps.asc create mode 100644 secrets/keys/users/stefan_ellmauthaler.asc create mode 100644 secrets/server.yaml create mode 100644 secrets/shell.nix delete mode 100644 services/default.nix delete mode 100644 services/mariadb.nix delete mode 100644 services/nextcloud.nix delete mode 100644 services/nginx.nix delete mode 100644 services/smailserver.nix delete mode 100644 users/default.nix delete mode 100644 users/ellmau/alacritty.nix delete mode 100644 users/ellmau/go.nix diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..8e3fdbd --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,17 @@ +keys: + - &stefan_ellmauthaler 3B398B086C410264A14FB353B1E6F03030A4AEAA + - &stel-xps e8dfcfbac0c3e65bbdfd62ab534ab685d882e4ca + - &nucturne 9b6a58764eddd81d07180d6dc08e322f7bfd92b1 +creation_rules: + - path_regex: secrets/secrets\.yaml + key_groups: + - pgp: + - *stefan_ellmauthaler + - *stel-xps + - *nucturne + - path_regec: secrets/server\.yaml + key_groups: + - pgp: + - *stefan_ellmauthaler + - *nucturne + diff --git a/README.md b/README.md index 3617ea1..35e72eb 100644 --- a/README.md +++ b/README.md @@ -4,11 +4,18 @@ * setup the filesystem as you see fit * check out repository to `/mnt/etc/nixos` * run `nixos-generate-config --root /mnt` in `/mnt/etc/nixos` -* create `machine//default.nix` and add machine specific configuration to it -* move `hardware-configuration.nix` to `machine//hardware-configuration.nix` -* add your machine to `/mnt/etc/nixos/default.nix` -* stage the machine-folder to the git-repository +* create `machines//default.nix` and configure the machine +* move `hardware-configuration.nix` to `machines//hardware-configuration.nix` +* stage the machine-folder * run - * `nix-shell -p nixFlakes` - * `sudo _NIXOS_REBUILD_REEXEC=1 nixos-install --no-root-passwd --flake .#hostname` - * ~~`nixos-install --no-root-passwd --flake .#hostname`~~ + * `nix-install --no-root-passwd --flake .#hostname --option experimental-features "nix-command flakes"` + +## nix-sops +* generate on your (sshd-enabled) machine a pgp key: + * `nix shell nixpkgs#ssh-to-pgp` + * `sudo ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key > /etc/nixos/secrets/keys/hosts/.asc` +* add the fingerprint of the new key to the `/etc/nixos/.sops.yaml` file +* Rekey the secrets with either + * a master key + * or after a git push on another machine with enough permissions to rekey +* the flakes dev-shell (`nix devshell`) allows to use `sops ` as well as `sops-rekey ` to manage the keys on the system diff --git a/baseconfiguration.nix b/baseconfiguration.nix deleted file mode 100644 index 3188e59..0000000 --- a/baseconfiguration.nix +++ /dev/null @@ -1,151 +0,0 @@ -{ pkgs, extraOverlays, name, flakes, flakeOutputs, ...}: -{ config, pkgs, lib, ...}: -{ - imports = - [ # hardware-configuration result - ((./machine + "/${name}") + /hardware-configuration.nix) - # machine-specific configuration - (./machine + "/${name}") - # additional programs - ./programs - # home-manager entry-point - ./users - # layers - ./layer - # options - ./options.nix - ]; - - - time.timeZone = "Europe/Berlin"; - i18n.defaultLocale = "en_GB.UTF-8"; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - kernelPackages = pkgs.linuxPackages_latest; - }; - - networking = { - useDHCP = false; - hostName = config.variables.hostName; - }; - - nix = { - autoOptimiseStore = true; - # Enable flakes - # Free up to 50GiB whenever there is less than 10GiB left. - extraOptions = '' - experimental-features = nix-command flakes - min-free = ${toString (10* 1024 * 1024 * 1024)} - max-free = ${toString (1024 * 1024 * 1024)} - ''; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - }; - nixpkgs = { - overlays = [ flakes.emacs-overlay.overlay flakeOutputs.overlay ] ++ extraOverlays; - config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "skypeforlinux" - "teams" - "zoom" - ]; - }; - - services = { - dbus = { - enable = true; - packages = with pkgs; [gnome3.dconf]; - }; - }; - - environment = { - shells = [ pkgs.zsh ]; - pathsToLink = [ "/share/zsh/" ]; - systemPackages = with pkgs; [ - emacs-all-the-icons-fonts - wget - git - clang - rnix-lsp - procs - #comma.comma - ]; - sessionVariables = rec { - XDG_CACHE_HOME = "\${HOME}/.cache"; - XDG_CONFIG_HOME = "\${HOME}/.config"; - XDG_BIN_HOME = "\${HOME}/.local/bin"; - XDG_DATA_HOME = "\${HOME}/.local/share"; - - PATH = [ - "\${XDG_BIN_HOME}" - ]; - }; - }; - - programs = { - zsh = { - enable = true; - enableCompletion = true; - enableGlobalCompInit = true; - autosuggestions.enable = true; - syntaxHighlighting = { - enable = true; - highlighters = [ "main" "brackets" "root" "line" ]; - #styles = { cursor = "standout,underline"; }; - }; - setOptions = [ "auto_pushd" "correct" "extendedglob" "nocaseglob" "rcexpandparam" "numericglobsort" "nobeep" "appendhistory" ]; - }; - - mtr.enable = true; - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - dconf.enable = true; - }; - - fonts = { - enableDefaultFonts = true; - fonts = with pkgs; [ - hasklig - # corefonts # not free - liberation_ttf - comic-relief - dejavu_fonts - gyre-fonts - open-sans - noto-fonts - noto-fonts-emoji - noto-fonts-extra - roboto - roboto-mono - (nerdfonts.override { fonts = [ "Hasklig" ]; }) - material-icons - weather-icons - ]; - - fontconfig = { - enable = true; - # defaultFonts = { - # serif = [ "TeX Gyre Heros" ]; - # emoji = [ "Noto Color Emoji" ]; - # sansSerif = [ "TeX Gyre Pagella" ]; - # monospace = [ "Hasklug Nerd Font Mono" ]; - # }; - }; - }; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? -} diff --git a/common/users.nix b/common/users.nix new file mode 100644 index 0000000..de46df6 --- /dev/null +++ b/common/users.nix @@ -0,0 +1,20 @@ +{ config, pkgs, lib, ... }: +with lib; { + config = { + elss = { + users = { + meta = { + ellmau = { + description = "Stefan Ellmauthaler"; + mailAddress = "stefan.ellmauthaler@tu-dresden.de"; + hashedPassword = "$6$JZPnaZYG$KL2c3e1it3j2avioovE1WveN/mpmq/tPsSAvHY1XRhtqKaE7TaSQkqRy69farkIR0Xs0.yTjltvKvv28kZtLO1"; + publicKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII0XgjNGsqo8gbtPTpH8pHCdGQyGNWdKcSAmyhiLBLM3 stefan.ellmauthaler@tu-dresden.de" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCyL/ynqq4pMhALzbLky9b/+Oledo8X21bWOKWUyBUlXp9u35WkU5BnSbHZ79TxuKl+Lw28hXItW/xtyDdVEPAKx6uopA9alMMbRr0ghpkEyc76Pdh3TcXDNj613i2Rwx9nHMJpcuWcl8rKtoorH4z3GzftJoWMQbvmYhy0kctLXsf81Ud9eKOELzftLILDYa7/L9C08x3b/vfK90vK0AdiQU0nZf+XmbPT5wosAjTzFrigSpSaoqdJhEhq9V3dRTPVM6DT7gEVCzgcFDJJKRGx944ivMubtzKffirF/RgDaLkD6WHlV3Ymg1gSpKAswY2QwcnV0mkRofWh8y1/eGckNJ0CJ7vv2GKZUI7AVjUyEZq1GxDMEhLN12SHoOby/hP3BeCTEcZeDqPj28ZlS8e+oF0dTJnwsD6nHPV5xlPdQeyD17QF7HUoNd/wV+SzRGzaVz6AEh2vodSt2t9eaugMK3L/xiOSrguhkyJEI95cJgBOC+i4BF+poOikACzZPIpQ8bx0HKEynDsM4QlNvKmjS6uBQuLaUjaQIHjEt24MiAJdhxHZIsSliMzmRycs9jRMBj4WiSolee6j+YDm7e/l1vSE3mRO23atPOWvIF+1+r1LGFWLQp2j8iQJJ6DyX4+5Nkk0VrM0JCinNWTj+1C4hxvqwzrZ5i5mMYgSTJYx0w== nucturne" + ]; + }; + }; + }; + }; + }; +} diff --git a/users/common/wallpaper/nix-wallpaper-nineish-dark-gray.png b/common/wallpaper/nix-wallpaper-nineish-dark-gray.png similarity index 100% rename from users/common/wallpaper/nix-wallpaper-nineish-dark-gray.png rename to common/wallpaper/nix-wallpaper-nineish-dark-gray.png diff --git a/users/common/wallpaper/nix-wallpaper-nineish.png b/common/wallpaper/nix-wallpaper-nineish.png similarity index 100% rename from users/common/wallpaper/nix-wallpaper-nineish.png rename to common/wallpaper/nix-wallpaper-nineish.png diff --git a/flake.lock b/flake.lock index f900ce4..83689e3 100644 --- a/flake.lock +++ b/flake.lock @@ -16,17 +16,66 @@ "type": "gitlab" } }, + "comma": { + "inputs": { + "flake-compat": "flake-compat", + "naersk": "naersk", + "nixpkgs": [ + "nixpkgs" + ], + "utils": [ + "flake-utils-plus", + "flake-utils" + ] + }, + "locked": { + "lastModified": 1654522640, + "narHash": "sha256-0QTVKFLcEq/2GGt2WG75b/1e7MuGBaoFXROkOWsTxUg=", + "owner": "nix-community", + "repo": "comma", + "rev": "13102d58c26267574982465b5b9b5b0f98ca98cc", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "comma", + "type": "github" + } + }, + "dwarffs": { + "inputs": { + "nix": "nix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1646560263, + "narHash": "sha256-VYJFoEigK0DASnBiYUhQBe0c0O4mlcoGBlYN8qs2TOo=", + "owner": "edolstra", + "repo": "dwarffs", + "rev": "e768ce3239156de05f7ff3210d86a80762730f30", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "dwarffs", + "type": "github" + } + }, "emacs-overlay": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { - "lastModified": 1653304500, - "narHash": "sha256-3x9Afa3L6rq/5YF7xjSZAynoLrz+nXF4tGen0CPp4Wk=", + "lastModified": 1654859398, + "narHash": "sha256-gw2dGEnIzUYZo27yHxY1SQj3LVA9iiCMSdUwouyKDAM=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "cd6fbfa22bfd96967231515843fbdef3bda7966f", + "rev": "651c417e7fd8d8f1ee67560bc0b2f85aba2c9cab", "type": "github" }, "original": { @@ -37,11 +86,59 @@ }, "flake-utils": { "locked": { - "lastModified": 1652776076, - "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { "owner": "numtide", "repo": "flake-utils", - "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils-plus": { + "inputs": { + "flake-utils": "flake-utils_2" + }, + "locked": { + "lastModified": 1652704544, + "narHash": "sha256-UTKE33tYgCmDszaVyWA33a8mtegM5xfH4fH8w4y6TxA=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "f8d6d1f87b6177e3bc674c29f247bdbf897ba274", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", "type": "github" }, "original": { @@ -57,27 +154,84 @@ ] }, "locked": { - "lastModified": 1651519540, - "narHash": "sha256-3k6p8VsTwwRPQjE8rrMh+o2AZACZn/eeYJ7ivdQ/Iro=", + "lastModified": 1654113405, + "narHash": "sha256-VpK+0QaWG2JRgB00lw77N9TjkE3ec0iMYIX1TzGpxa4=", "owner": "nix-community", "repo": "home-manager", - "rev": "d93d56ab8c1c6aa575854a79b9d2f69d491db7d0", + "rev": "ac2287df5a2d6f0a44bbcbd11701dbbf6ec43675", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-21.11", + "ref": "release-22.05", "repo": "home-manager", "type": "github" } }, + "lowdown-src": { + "flake": false, + "locked": { + "lastModified": 1633514407, + "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=", + "owner": "kristapsdz", + "repo": "lowdown", + "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8", + "type": "github" + }, + "original": { + "owner": "kristapsdz", + "repo": "lowdown", + "type": "github" + } + }, + "naersk": { + "inputs": { + "nixpkgs": [ + "comma", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1653413650, + "narHash": "sha256-wojDHjb+eU80MPH+3HQaK0liUy8EgR95rvmCl24i58Y=", + "owner": "nix-community", + "repo": "naersk", + "rev": "69daaceebe12c070cd5ae69ba38f277bbf033695", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "naersk", + "type": "github" + } + }, + "nix": { + "inputs": { + "lowdown-src": "lowdown-src", + "nixpkgs": "nixpkgs", + "nixpkgs-regression": "nixpkgs-regression" + }, + "locked": { + "lastModified": 1646337190, + "narHash": "sha256-7rdubErpmKjNlmjR1GfwAyazJeqUnJUw/Xf1uon/BqQ=", + "owner": "NixOS", + "repo": "nix", + "rev": "b09baf690bb00125805a02e0feae9636b2114599", + "type": "github" + }, + "original": { + "id": "nix", + "type": "indirect" + } + }, "nixos-hardware": { "locked": { - "lastModified": 1653145312, - "narHash": "sha256-affCuB0Boa8CDFykoJVPZfhHLBok7Sq+QEOJvo3Xf+k=", + "lastModified": 1654057797, + "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8b5e1bf2fd62adefff05ae67cd49440be93ea193", + "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af", "type": "github" }, "original": { @@ -89,14 +243,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1652559422, - "narHash": "sha256-jPVTNImBTUIFdtur+d4IVot6eXmsvtOcBm0TzxmhWPk=", - "path": "/nix/store/fn03py5wi8d94hqg6m9wvs4672dqxzls-source", - "rev": "8b3398bc7587ebb79f93dfeea1b8c574d3c6dba1", - "type": "path" + "lastModified": 1632864508, + "narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "82891b5e2c2359d7e58d08849e4c89511ab94234", + "type": "github" }, "original": { "id": "nixpkgs", + "ref": "nixos-21.05-small", "type": "indirect" } }, @@ -132,11 +288,11 @@ }, "nixpkgs-21_11_2": { "locked": { - "lastModified": 1653132211, - "narHash": "sha256-5ugEYisGqixwarfn3BJvuWDnO6gT/AoxlsA6jnG8Fv8=", + "lastModified": 1654346688, + "narHash": "sha256-Y7QtZkfdxTvACCvWmDjpN6qOf4OKkZATufHcJP2VMKM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b5991e4971523a5fcc9413b9003b58e5c15aa7d8", + "rev": "2de556c4cd46a59e8ce2f85ee4dd400983213d45", "type": "github" }, "original": { @@ -146,13 +302,44 @@ "type": "github" } }, - "nixpkgs-unstable": { + "nixpkgs-22_05": { "locked": { - "lastModified": 1653060744, - "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=", + "lastModified": 1654373220, + "narHash": "sha256-3vKFnZz2oYHo4YcelaNOhO4XQ2jiIEXrp1s4w+e773c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dfd82985c273aac6eced03625f454b334daae2e8", + "rev": "d6cb04299ce8964290ae7fdcb87aa50da0500b5c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-22.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-regression": { + "locked": { + "lastModified": 1643052045, + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", + "type": "indirect" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1654682581, + "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e0169d7a9d324afebf5679551407756c77af8930", "type": "github" }, "original": { @@ -164,38 +351,26 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1653087707, - "narHash": "sha256-zfno3snrzZTWQ2B7K53QHrGZwrjnJLTRPalymrSsziU=", + "lastModified": 1654758790, + "narHash": "sha256-bXimktlkjL9s8ldMzMBslxEs80cjZDqrof1g8MbhmQI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cbd40c72b2603ab54e7208f99f9b35fc158bc009", + "rev": "e5556c75ac012ee6e03f39a56c1c51b0f7d658c2", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-21.11", + "ref": "nixos-22.05", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1626852498, - "narHash": "sha256-lOXUJvi0FJUXHTVSiC5qsMRtEUgqM4mGZpMESLuGhmo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "16105403bdd843540cbef9c63fc0f16c1c6eaa70", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", - "type": "indirect" - } - }, "root": { "inputs": { + "comma": "comma", + "dwarffs": "dwarffs", "emacs-overlay": "emacs-overlay", + "flake-utils-plus": "flake-utils-plus", "home-manager": "home-manager", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", @@ -207,7 +382,9 @@ "simple-nixos-mailserver": { "inputs": { "blobs": "blobs", - "nixpkgs": "nixpkgs_3", + "nixpkgs": [ + "nixpkgs" + ], "nixpkgs-21_05": "nixpkgs-21_05", "nixpkgs-21_11": "nixpkgs-21_11", "utils": "utils" @@ -232,14 +409,15 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-21_11": "nixpkgs-21_11_2" + "nixpkgs-21_11": "nixpkgs-21_11_2", + "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1653237221, - "narHash": "sha256-zMgangC+wDXvdAz/aP5jDg/Paw7icNFhQIZsJVACMc0=", + "lastModified": 1654401128, + "narHash": "sha256-uCdQ2fzIPGakHw2TkvOncUvCl7Fo7z/vagpDWYooO7s=", "owner": "Mic92", "repo": "sops-nix", - "rev": "13079f98ddfdc9e06e4b688332626ca954c14264", + "rev": "f075361ecbde21535b38e41dfaa28a28f160855c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 8a7d74b..047498d 100644 --- a/flake.nix +++ b/flake.nix @@ -1,46 +1,142 @@ { - description = "Flake to generate NixOS configurations"; + description = "Flake to define configurations of 'elss' - ellmauthaler stefan's systems"; inputs = { - - nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11"; + + nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + #nix = { + # url = "github:NixOS/nix?ref=latest-release"; + # url = "github:NixOS/nix"; + # inputs.nixpkgs.follows = "nixpkgs"; + #}; + nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; inputs.nixpkgs.follows = "nixpkgs"; }; - # comma = { - # url = "github:nix-community/comma"; - # inputs.nixpkgs.follows = "nixpkgs"; - # }; - home-manager = { - url = "github:nix-community/home-manager/release-21.11"; + url = "github:nix-community/home-manager/release-22.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - - emacs-overlay = { - url = "github:nix-community/emacs-overlay"; + + flake-utils-plus = { + url = "github:gytis-ivaskevicius/flake-utils-plus"; + inputs.nixpkgs.follows = "nixpkgs"; }; - simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11"; + emacs-overlay = { + url = "github:nix-community/emacs-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + simple-nixos-mailserver = { + url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-21.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; sops-nix = { url = "github:Mic92/sops-nix/master"; inputs.nixpkgs.follows = "nixpkgs"; }; + + dwarffs = { + url = "github:edolstra/dwarffs"; + inputs = { + #nix.follows = "nix"; + nixpkgs.follows = "nixpkgs"; + }; + }; + + comma = { + url = "github:nix-community/comma"; + inputs = { + nixpkgs.follows = "nixpkgs"; + utils.follows = "flake-utils-plus/flake-utils"; + }; + }; }; - outputs = {self, ...}@inputs: - let outputs = rec { - overlay = import ./local-overlay; - nixosConfigurations = import self { - flakes = inputs; - flakeOutputs = outputs; - }; - nixosModules = {}; + outputs = { self, nixpkgs, flake-utils-plus, ... }@inputs: + let + extended-lib = nixpkgs.lib.extend + (final: prev: { + elss = (import ./lib { lib = final; }) prev; + }); + inherit (extended-lib.elss) discoverModules moduleNames; + in + flake-utils-plus.lib.mkFlake rec{ + inherit self inputs; + supportedSystems = [ "x86_64-linux" ]; + + lib = extended-lib; + + channelsConfig = { + allowUnfreePredicate = pkg: builtins.elem (extended-lib.getName pkg) [ + "steam" + "steam-original" + "steam-runtime" + "skypeforlinux" + "teams" + "zoom" + ]; + }; + + channels.nixpkgs.overlaysBuilder = channels: [ + (final: prev: { + unstable = channels.nixpkgs-unstable; + }) + (flake-utils-plus.lib.genPkgOverlay inputs.comma "comma") + #inputs.nix.overlay + inputs.emacs-overlay.overlay + ]; + + hostDefaults = { + system = "x86_64-linux"; + channelName = "nixpkgs"; + modules = [ + inputs.home-manager.nixosModules.home-manager + inputs.sops-nix.nixosModules.sops + inputs.dwarffs.nixosModules.dwarffs + inputs.simple-nixos-mailserver.nixosModules.mailserver + ] ++ (map (name: ./modules + "/${name}") (moduleNames ./modules)); + specialArgs = { + nixos-hardware = inputs.nixos-hardware.nixosModules; + inherit inputs; }; - in outputs; + extraArgs = { + homeConfigurations = discoverModules ./users + (name: + import (./users + "/${name}") + ); + }; + }; + + hosts = discoverModules ./machines (name: { + modules = [ (./machines + "/${name}") ]; + specialArgs = { lib = extended-lib; }; + }); + + homeConfigurations = discoverModules ./users + (name: + let + username = extended-lib.removeSuffix ".nix" name; + in + inputs.home-manager.lib.homeManagerConfiguration { + configuration = import (./users + "/${name}"); + inherit username; + system = "x86_64-linux"; + homeDirectory = "/home/${username}"; + stateVersion = "21.05"; + }); + + outputsBuilder = channels: { + devShell = import ./secrets/shell.nix { + pkgs = channels.nixpkgs; + sops-nix = inputs.sops-nix.packages."${channels.nixpkgs.system}"; + }; + }; + }; } diff --git a/layer/default.nix b/layer/default.nix deleted file mode 100644 index cf515ab..0000000 --- a/layer/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, pkgs, lib, ...}: -{ - imports = [ ./graphical.nix ]; -} diff --git a/layer/graphical.nix b/layer/graphical.nix deleted file mode 100644 index 41102f5..0000000 --- a/layer/graphical.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ config, pkgs, lib, ... }: -let - isgraphical = config.variables.graphical; - cursorsize = if config.variables.hostName == "nucturne" then 14 else 16; - xserverDPI = if config.variables.hostName == "stel-xps" then 180 else null; -in -{ - networking.networkmanager.enable = isgraphical; - - services = { - xserver = { - enable = isgraphical; -# dpi = xserverDPI; - displayManager.lightdm = { - enable = isgraphical; - greeters.gtk.cursorTheme.size = cursorsize; - }; - # displayManager.sessionCommands = '' - # ${pkgs.xorg.xrdb}/bin/xrdb -merge <. # -######################################################################## - - -import functools -import glob -import os.path -import re -from collections import defaultdict -from os import getenv - -import gi -gi.require_version('Gtk', '3.0') -from gi.repository import Gtk, Gdk - - -DEFAULT_ORG_DIRECTORY = os.path.join(getenv('HOME'), "org") -ORG_GLOB = '*.org' -ORG_ARCHIVE_SUFFIX = '_archive.org' - - -def org_agenda_files(directory): - org_abs = functools.partial(os.path.join, directory) - agenda_files_path = org_abs('.agenda-files') - try: - with open(agenda_files_path) as agenda_files: - yield from (org_abs(f.rstrip('\n')) for f in agenda_files) - except FileNotFoundError: - for filename in glob.iglob(os.path.join(directory, ORG_GLOB)): - if not filename.endswith(ORG_ARCHIVE_SUFFIX): - yield filename - - -def scan_org_for_events(org_directories): - """Search the org files for the calendar events. - - Scans the passed directories for the .org files and saves the events - found there into a multilevel dict of lists: events[year][month][day] - - The returned dict uses defaultdict so *do not* rely on the - KeyError exception etc.! Check if the element exists with - .get(key) before accessing it! - - """ - - def year_dict(): - return defaultdict(month_dict) - def month_dict(): - return defaultdict(day_dict) - def day_dict(): - return defaultdict(event_list) - def event_list(): - return list() - - events = year_dict() - for org_directory in org_directories: - for filename in org_agenda_files(org_directory): - with open(filename, "r") as filehandle: - last_heading = None - for line in filehandle: - heading_match = re.search(r'^\*+\s+(.*)', line) - if heading_match: - last_heading = heading_match.group(1) - # strip the tags - last_heading = re.sub(r'\s*\S*$', last_heading, '') - match = re.search(r'<(\d{4})-(\d{2})-(\d{2}).*?>', line) - if match: - year, month, day = [ int(field) for field in match.group(1,2,3) ] - month -= 1 # months are indexed from 0 in Gtk.Calendar - events[year][month][day].append(last_heading) - return events - -class CalendarWindow(object): - - def __init__(self, org_directories): - self.window = Gtk.Window() - self.window.set_wmclass("traycalendar", "TrayCalendar") - - self.window.set_resizable(False) - self.window.set_decorated(False) - self.window.set_gravity(Gdk.Gravity.STATIC) - - window_width = 300 - - # Set the window geometry. - geometry = Gdk.Geometry() - geometry.min_width = window_width - geometry.max_width = window_width - geometry.base_width = window_width - self.window.set_geometry_hints( - None, geometry, - Gdk.WindowHints.MIN_SIZE | - Gdk.WindowHints.MAX_SIZE | - Gdk.WindowHints.BASE_SIZE) - - # Create the listview for the calendar events. - list_model = Gtk.ListStore(str) - list_view = Gtk.TreeView(list_model) - list_column = Gtk.TreeViewColumn("Events", Gtk.CellRendererText(), text=0) - list_column.set_fixed_width(window_width) - list_view.append_column(list_column) - - # Create the calendar widget. - calendar = Gtk.Calendar() - self.calendar_events = scan_org_for_events(org_directories) - calendar.connect('month-changed', self.mark_calendar_events) - calendar.connect('day-selected', self.display_event_list, list_model) - self.mark_calendar_events(calendar) - self.display_event_list(calendar, list_model) - - close_button = Gtk.Button("Close") - close_button.connect('clicked', lambda event: self.window.destroy()) - - vbox = Gtk.VBox() - vbox.add(close_button) - vbox.add(calendar) - vbox.add(list_view) - - self.window.add(vbox) - - rootwin = self.window.get_screen().get_root_window() - # get_pointer is deprecated but using Gdk.Device.get_position - # is not viable here: we have no access to the pointing device. - screen, x, y, mask = rootwin.get_pointer() - x -= window_width - # Show the window right beside the cursor. - self.window.move(x,y) - - self.window.show_all() - - def mark_calendar_events(self, calendar): - """Update the days with calendar events list for the selected month.""" - year, month, day = calendar.get_date() - calendar.freeze_notify() - calendar.clear_marks() - for day in self.calendar_events[year][month]: - calendar.mark_day(day) - calendar.thaw_notify() - - def display_event_list(self, calendar, event_list): - """Update the calendar event list for the selected day.""" - year, month, day = calendar.get_date() - event_list.clear() - - # get(day) used instead of [day] because we use defaultdict - # and it would create a new element. - events = self.calendar_events[year][month].get(day) - if events: - for event in events: - event_list.append([event]) - - -def tray_mode(org_directories): - def on_left_click(event): - window = CalendarWindow(org_directories) - def on_right_click(button, time, data): - Gtk.main_quit() - statusicon = Gtk.StatusIcon() - statusicon.set_from_icon_name('x-office-calendar') - statusicon.connect('activate', on_left_click) - statusicon.connect('popup-menu', on_right_click) - Gtk.main() - -def window_mode(org_directories): - window = CalendarWindow(org_directories) - window.window.connect('destroy', Gtk.main_quit) - Gtk.main() - -def main(argv=None): - import argparse - parser = argparse.ArgumentParser() - parser.add_argument( - "--no-tray", - help="Show the calendar windows immediately and quit after it's closed.", - action='store_true', - ) - parser.add_argument( - "--org-directory", "-d", - help="Directories to search for *.org; default: ~/org/.", - action='append', - dest='org_directories', - ) - args = parser.parse_args() - - if not args.org_directories: - args.org_directories = [DEFAULT_ORG_DIRECTORY] - - if args.no_tray: - window_mode(args.org_directories) - else: - tray_mode(args.org_directories) - -if __name__ == "__main__": - from sys import argv - - # workaround for a pygobject bug - import signal - signal.signal(signal.SIGINT, signal.SIG_DFL) - - main(argv) diff --git a/machine/ellmauthaler/default.nix b/machine/ellmauthaler/default.nix deleted file mode 100644 index 9dba42b..0000000 --- a/machine/ellmauthaler/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, pkgs, ...}: -{ - - variables = { - hostName = "ellmauthaler"; - server = true; - }; - - networking = { - domain = "net"; - }; -} diff --git a/machine/nucturne/default.nix b/machine/nucturne/default.nix deleted file mode 100644 index 90c866e..0000000 --- a/machine/nucturne/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, pkgs, ...}: -{ - variables= { - hostName = "nucturne"; - graphical = true; - git.signDefault = true; - }; - - boot.extraModulePackages = [ - config.boot.kernelPackages.v4l2loopback - ]; - - boot.kernelModules = [ - "v4l2loopback" - ]; - #networking.hostName = "nucturne"; # define the hostname - - # users = { - # users.hpprinter = { - # description = "HP printer access to share"; - # shell = pkgs.shadow; - # createHome = false; - # hashedPassword = "$6$qiIL8hOSK1FE7I6H$nAMW86l8O7/oJroOoaqG4WexGRQOOWBV8ooXy3/P7KE8ihQn9x0ScV2/BmvIxeMknGNPQhjD/mjmYn9VcNjAl1"; - # isSystemUser = true; - # group = "hpprinter"; - # }; - # groups.hpprinter = {}; - # }; - - # services.samba = { - # enable = true; - # securityType = "user"; - # extraConfig = '' - # workgroup = WORKGROUP - # server string = nucturne - # netbios name = nucturne - # security = user - # #use sendfile = yes - # #max protocol = smb2 - # hosts allow = 192.168.178.222 localhost - # hosts deny = 0.0.0.0/0 - # guest account = nobody - # map to guest = bad user - # ''; - # shares = { - # scans = { - # path = "/home/ellmau/scratch/scans"; - # browseable = "yes"; - # "read only" = "no"; - # "guest ok" = "no"; - # "create mask" = "0644"; - # "directory mask" = "0755"; - # "force user" = "ellmau"; - # "force group" = "users"; - # }; - # }; - # }; -} diff --git a/machine/stel-xps/default.nix b/machine/stel-xps/default.nix deleted file mode 100644 index 722b378..0000000 --- a/machine/stel-xps/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config, pkgs, ...}: -{ - imports = [ ./printer.nix ]; - - variables = { - hostName = "stel-xps"; - graphical = true; - git = { - key = "0x4998BEEE"; - gpgsm = true; - signDefault = true; - }; - }; - #networking.hostName = "stel-xps"; # define the hostname - - environment.systemPackages = with pkgs; [ - brightnessctl - ]; - - boot.extraModulePackages = [ - config.boot.kernelPackages.v4l2loopback - ]; - - boot.kernelModules = [ - "v4l2loopback" - ]; - - services.autorandr.enable = true; - services.xserver.desktopManager.wallpaper.mode = "fill"; -} diff --git a/machines/metis/default.nix b/machines/metis/default.nix new file mode 100644 index 0000000..733d2ee --- /dev/null +++ b/machines/metis/default.nix @@ -0,0 +1,55 @@ +{ config, pkgs, inputs, nixos-hardware, ...}: +{ + imports = [ + ../../common/users.nix + ./hardware-configuration.nix + ]; + + elss = { + # base system + base.enable = true; + # setup locale and font settings + locale.enable = true; + # setup sshd + sshd.enable = true; + # configure zsh + zsh.enable = true; + # enable X11 with lightdm and i3 + graphical = { + enable = false; + # set dpi if used in mobile applications +# dpi = 180; + }; + + # enable deamon to generate nix-index-db + nix-index-db-update.enable = false; + + # add TUD vpn + openvpn.enable = false; + + # enable sops + sops = { + enable = true; + }; + + # enable server services + server = { + enable = false; + nextcloud.enable = false; + }; + + + # user setup + users = { + enable = true; + admins = [ "ellmau" ]; + users = [ ]; + + meta = { + ellmau.git = { + signDefault = true; + }; + }; + }; + }; +} diff --git a/machine/ellmauthaler/hardware-configuration.nix b/machines/metis/hardware-configuration.nix similarity index 100% rename from machine/ellmauthaler/hardware-configuration.nix rename to machines/metis/hardware-configuration.nix diff --git a/machines/nucturne/default.nix b/machines/nucturne/default.nix new file mode 100644 index 0000000..4794dda --- /dev/null +++ b/machines/nucturne/default.nix @@ -0,0 +1,58 @@ +{ config, pkgs, inputs, nixos-hardware, ...}: +{ + imports = [ + ../../common/users.nix + ./hardware-configuration.nix + ./software.nix + ]; + + + elss = { + # base system + base.enable = true; + # setup locale and font settings + locale.enable = true; + # setup sshd + sshd.enable = true; + # configure zsh + zsh.enable = true; + # enable X11 with lightdm and i3 + graphical = { + enable = true; + # set dpi if used in mobile applications +# dpi = 180; + }; + + # enable deamon to generate nix-index-db + nix-index-db-update.enable = true; + + # add TUD vpn + openvpn.enable = true; + + # enable sops + sops = { + enable = true; + }; + + # user setup + users = { + enable = true; + admins = [ "ellmau" ]; + users = [ ]; + + meta = { + ellmau.git = { + signDefault = true; + }; + }; + }; + }; + + boot.extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + ]; + + boot.kernelModules = [ + "v4l2loopback" + ]; +} diff --git a/machine/nucturne/hardware-configuration.nix b/machines/nucturne/hardware-configuration.nix similarity index 100% rename from machine/nucturne/hardware-configuration.nix rename to machines/nucturne/hardware-configuration.nix diff --git a/machines/nucturne/software.nix b/machines/nucturne/software.nix new file mode 100644 index 0000000..0d382b4 --- /dev/null +++ b/machines/nucturne/software.nix @@ -0,0 +1,28 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + libreoffice-fresh + ]; + + programs = { + java.enable = true; + }; + + services = { + autorandr.enable = false; + }; + + elss = { + programs = { + aspell.enable = true; + # Enable communication programs + communication.enable = true; + emacs.enable = true; + obsstudio.enable = true; + python.enable = true; + }; + + texlive.enable = true; + steam-run.enable = true; + }; +} diff --git a/machines/stel-xps/default.nix b/machines/stel-xps/default.nix new file mode 100644 index 0000000..65c6e76 --- /dev/null +++ b/machines/stel-xps/default.nix @@ -0,0 +1,63 @@ +{ config, pkgs, inputs, nixos-hardware, ...}: +{ + imports = [ + ../../common/users.nix + ./printer.nix + ./hardware-configuration.nix + ./software.nix + nixos-hardware.dell-xps-13-7390 + ]; + + elss = { + # base system + base.enable = true; + # setup locale and font settings + locale.enable = true; + # setup sshd + sshd.enable = true; + # configure zsh + zsh.enable = true; + # enable X11 with lightdm and i3 + graphical = { + enable = true; + # set dpi if used in mobile applications +# dpi = 180; + }; + + # enable deamon to generate nix-index-db + nix-index-db-update.enable = true; + + # add TUD vpn + openvpn.enable = true; + + # enable sops + sops = { + enable = true; + }; + + # user setup + users = { + enable = true; + admins = [ "ellmau" ]; + users = [ ]; + + meta = { + ellmau.git = { + key = "0x4998BEEE"; + gpgsm = true; + signDefault = true; + }; + }; + }; + }; + + boot.extraModulePackages = [ + config.boot.kernelPackages.v4l2loopback + ]; + + boot.kernelModules = [ + "v4l2loopback" + ]; + + services.xserver.desktopManager.wallpaper.mode = "fill"; +} diff --git a/machine/stel-xps/hardware-configuration.nix b/machines/stel-xps/hardware-configuration.nix similarity index 95% rename from machine/stel-xps/hardware-configuration.nix rename to machines/stel-xps/hardware-configuration.nix index f56c48a..7bc3363 100644 --- a/machine/stel-xps/hardware-configuration.nix +++ b/machines/stel-xps/hardware-configuration.nix @@ -21,7 +21,7 @@ boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/9c84f143-023d-4fcb-a49c-ca78ce69e0e0"; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/4824-2CFD"; + { device = "/dev/disk/by-uuid/39E0-047B"; fsType = "vfat"; }; diff --git a/machine/stel-xps/ppds/Ricoh/ricoh-mp-c307.ppd b/machines/stel-xps/ppds/Ricoh/ricoh-mp-c307.ppd similarity index 100% rename from machine/stel-xps/ppds/Ricoh/ricoh-mp-c307.ppd rename to machines/stel-xps/ppds/Ricoh/ricoh-mp-c307.ppd diff --git a/machine/stel-xps/ppds/Ricoh/ricoh-sp-4510dn.ppd b/machines/stel-xps/ppds/Ricoh/ricoh-sp-4510dn.ppd similarity index 100% rename from machine/stel-xps/ppds/Ricoh/ricoh-sp-4510dn.ppd rename to machines/stel-xps/ppds/Ricoh/ricoh-sp-4510dn.ppd diff --git a/machine/stel-xps/printer.nix b/machines/stel-xps/printer.nix similarity index 100% rename from machine/stel-xps/printer.nix rename to machines/stel-xps/printer.nix diff --git a/machines/stel-xps/software.nix b/machines/stel-xps/software.nix new file mode 100644 index 0000000..03ec831 --- /dev/null +++ b/machines/stel-xps/software.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + brightnessctl + libreoffice-fresh + ]; + + programs = { + java.enable = true; + }; + + services = { + autorandr.enable = true; + }; + + elss = { + programs = { + aspell.enable = true; + # Enable communication programs + communication.enable = true; + emacs.enable = true; + obsstudio.enable = true; + python.enable = true; + }; + + texlive.enable = true; + steam-run.enable = true; + }; +} diff --git a/modules/aspell.nix b/modules/aspell.nix new file mode 100644 index 0000000..63d2e05 --- /dev/null +++ b/modules/aspell.nix @@ -0,0 +1,19 @@ +{ config, pkgs, lib, ... }: + +let + aspellConf = '' + data-dir /run/current-system/sw/lib/aspell + dict-dir /run/current-system/sw/lib/aspell + master en_GB-ise + extra-dicts en-computers.rws + add-extra-dicts en_GB-science.rws + ''; +in +{ + options.elss.programs.aspell.enable = lib.mkEnableOption "setup aspell"; + + config = lib.mkIf config.elss.programs.aspell.enable { + environment.systemPackages = [ pkgs.aspell ] + ++ (with pkgs.aspellDicts; [ de en sv en-computers en-science ]); + }; +} diff --git a/modules/base.nix b/modules/base.nix new file mode 100644 index 0000000..bf65a6f --- /dev/null +++ b/modules/base.nix @@ -0,0 +1,62 @@ +{ config, lib, pkgs, ...} : +with lib; { + options.elss.base.enable = mkEnableOption "Set the base configuration for the system"; + config = mkIf config.elss.base.enable { + services = { + dbus = { + enable = true; + packages = with pkgs; [ dconf ]; + }; + }; + + programs = { + mtr.enable = true; + dconf.enable = true; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; + + documentation = { + enable = true; + man.enable = true; + dev.enable = true; + }; + + environment.systemPackages = with pkgs; [ + alacritty.terminfo + bintools + clang + elfutils + emacs-all-the-icons-fonts + gdb + git + htop + neofetch + nix-prefetch-github + nixfmt + nixpkgs-fmt + procs + ripgrep + rnix-lsp + sysstat + tcpdump + unzip + wget + ]; + + elss = { + locale.enable = mkDefault true; + zsh.enable = mkDefault true; + }; + + boot = { + loader = { + systemd-boot.enable = mkDefault true; + efi.canTouchEfiVariables = mkDefault true; + }; + kernelPackages = mkDefault pkgs.linuxPackages_latest; + }; + }; +} diff --git a/modules/communication.nix b/modules/communication.nix new file mode 100644 index 0000000..c8513a8 --- /dev/null +++ b/modules/communication.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: +with lib; { + options.elss.programs.communication.enable = mkEnableOption "enable the basic graphical communication tools"; + + config = + let + cfg = config.elss.programs.communication; + in + mkIf cfg.enable { + elss.graphical.enable = true; + environment.systemPackages = with pkgs; [ + element-desktop + jitsi-meet-electron + signal-desktop + skypeforlinux + teams + zoom-us + ]; + }; +} diff --git a/programs/emacs/default.el b/modules/emacs/default.el similarity index 100% rename from programs/emacs/default.el rename to modules/emacs/default.el diff --git a/programs/emacs/default.nix b/modules/emacs/default.nix similarity index 87% rename from programs/emacs/default.nix rename to modules/emacs/default.nix index 4ba3f94..990a74c 100644 --- a/programs/emacs/default.nix +++ b/modules/emacs/default.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: - +with lib; let defaultEl = ./default.el; environment.systemPackages = [ pkgs.gdb ]; # use gdb for dap-mode @@ -8,7 +8,7 @@ let mkdir -p $out/share/emacs/site-lisp cp ${defaultEl} $out/share/emacs/site-lisp/default.el ''; - emacsPackage = (pkgs.emacsPackagesGen pkgs.emacs).emacsWithPackages + emacsPackage = (pkgs.emacsPackagesFor pkgs.emacs).emacsWithPackages (epkgs: let lpkgs = import ./packages.nix { @@ -92,10 +92,13 @@ let ]))); in { - services.emacs = { - enable = true; - defaultEditor = true; - package = emacsPackage; + options.elss.programs.emacs.enable = mkEnableOption "Setup emacs package and install it"; + config = mkIf config.elss.programs.emacs.enable { + services.emacs = { + enable = true; + defaultEditor = true; + package = emacsPackage; + }; }; #nixpkgs.overlays = [ (self: super: { emacsOrig = super.emacs; }) (import (builtins.fetchTarball { # url = https://github.com/nix-community/emacs-overlay/archive/master.tar.gz; diff --git a/programs/emacs/packages.nix b/modules/emacs/packages.nix similarity index 100% rename from programs/emacs/packages.nix rename to modules/emacs/packages.nix diff --git a/modules/graphical.nix b/modules/graphical.nix new file mode 100644 index 0000000..2d0b1d9 --- /dev/null +++ b/modules/graphical.nix @@ -0,0 +1,79 @@ +{ config, pkgs, lib, ... }: +with lib; { + options.elss.graphical = { + enable = mkEnableOption "configure i3-based graphical layer"; + greeterCursorsize = mkOption { + type = types.int; + default = 16; + description = '' + Size of the cursortheme in the lightdm greeter + ''; + }; + dpi = mkOption { + type = types.nullOr types.int; + default = null; + description = '' + DPI setting for the xserver + ''; + }; + }; + config = + let + cfg = config.elss.graphical; + #cursorsize = if config.variables.hostName == "nucturne" then 14 else 16; + #xserverDPI = if config.variables.hostName == "stel-xps" then 180 else null; + in + mkIf cfg.enable { + elss.users.x11.enable = true; + networking.networkmanager.enable = true; + + services = { + xserver = { + enable = true; + dpi = cfg.dpi; + displayManager.lightdm = { + enable = true; + greeters.gtk.cursorTheme.size = cfg.greeterCursorsize; + }; + windowManager.i3 = { + enable = true; + extraPackages = with pkgs; [ + rofi # launcher + polybarFull # bar + i3lock # lock screen + xss-lock + autorandr + ]; + extraSessionCommands = '' + ${pkgs.autorandr}/bin/autorandr -c + ''; + }; + layout = "us"; + xkbOptions = "eurosign:e"; + }; + gnome.gnome-keyring.enable = true; + + printing.enable = true; + }; + + sound.enable = true; + + hardware = { + pulseaudio.enable = true; + bluetooth.enable = true; + }; + + services.blueman.enable = true; + + environment.systemPackages = with pkgs; [ + firefox + thunderbird + okular + texlive.combined.scheme-full + usbutils + keepassxc + libsecret + arandr + ]; + }; +} diff --git a/modules/locale.nix b/modules/locale.nix new file mode 100644 index 0000000..ac3b009 --- /dev/null +++ b/modules/locale.nix @@ -0,0 +1,40 @@ +{ config, pkgs, lib, ...}: +with lib; { + options.elss.locale.enable = mkEnableOption "setup default locale and font-handling"; + + config = mkIf config.elss.locale.enable { + time.timeZone = "Europe/Berlin"; + i18n.defaultLocale = "en_GB.UTF-8"; + + fonts = { + enableDefaultFonts = true; + fonts = with pkgs; [ + hasklig + # corefonts # not free + liberation_ttf + comic-relief + dejavu_fonts + gyre-fonts + open-sans + noto-fonts + noto-fonts-emoji + noto-fonts-extra + roboto + roboto-mono + (nerdfonts.override { fonts = [ "Hasklig" ]; }) + material-icons + weather-icons + ]; + + fontconfig = { + enable = true; + # defaultFonts = { + # serif = [ "TeX Gyre Heros" ]; + # emoji = [ "Noto Color Emoji" ]; + # sansSerif = [ "TeX Gyre Pagella" ]; + # monospace = [ "Hasklug Nerd Font Mono" ]; + # }; + }; + }; + }; +} diff --git a/modules/nix-index-db.nix b/modules/nix-index-db.nix new file mode 100644 index 0000000..80f23eb --- /dev/null +++ b/modules/nix-index-db.nix @@ -0,0 +1,57 @@ +{ config, pkgs, lib, ... }: + +with lib; { + options.elss.nix-index-db-update.enable = + mkEnableOption "periodically update the nix-index database"; + + config = + let + cfg = config.elss.nix-index-db-update; + nix-index-db-update = pkgs.writeShellScript "nix-index-db-update" '' + set -euo pipefail + + filename="index-x86_64-$(${pkgs.coreutils}/bin/uname | ${pkgs.coreutils}/bin/tr A-Z a-z)" + cd /var/db/nix-index/ + ${pkgs.wget}/bin/wget -q -N https://github.com/Mic92/nix-index-database/releases/latest/download/$filename + ${pkgs.coreutils}/bin/ln -f $filename files + ''; + inherit (lib.elss.withConfig config) mapAllUsers; + in + mkIf cfg.enable { + systemd = { + services.nix-index-db-update = { + description = "Update nix-index database"; + + serviceConfig = { + CPUSchedulingPolicy = "idle"; + IOSchedulingClass = "idle"; + ExecStartPre = [ + "+${pkgs.coreutils}/bin/mkdir -p /var/db/nix-index/" + "+${pkgs.coreutils}/bin/chown nobody:nobody /var/db/nix-index/" + ]; + ExecStart = toString nix-index-db-update; + User = "nobody"; + Group = "nobody"; + }; + }; + + timers.nix-index-db-update = { + description = "nix-index database periodic update"; + + timerConfig = { + Unit = "nix-index-db-update.service"; + OnCalendar = "daily"; + Persistent = true; + }; + + wantedBy = [ "timers.target" ]; + }; + }; + + home-manager.users = mapAllUsers (_: + { config, ... }: { + home.file.".cache/nix-index".source = + config.lib.file.mkOutOfStoreSymlink "/var/db/nix-index/"; + }); + }; +} diff --git a/modules/nix.nix b/modules/nix.nix new file mode 100644 index 0000000..160d549 --- /dev/null +++ b/modules/nix.nix @@ -0,0 +1,31 @@ +{ pkgs, config, ... }: + +{ + config = { + nix = { + useSandbox = true; + package = pkgs.nixFlakes; + generateRegistryFromInputs = true; + generateNixPathFromInputs = true; + linkInputs = true; + + autoOptimiseStore = true; + trustedUsers = [ "root" ] ++ config.elss.users.admins; + + # Enable flakes + # Free up to 50 GiB whenever there is less than 10 GiB left. + extraOptions = '' + experimental-features = nix-command flakes + min-free = ${toString (10 * 1024 * 1024 * 1024)} + max-free = ${toString (50 * 1024 * 1024 * 1024)} + ''; + + # Disable automatic (periodic) GC, since it might interfere with benchmarks + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + }; + }; +} diff --git a/modules/obs-studio.nix b/modules/obs-studio.nix new file mode 100644 index 0000000..028691b --- /dev/null +++ b/modules/obs-studio.nix @@ -0,0 +1,10 @@ +{ config, pkgs, lib, ...}: +with lib; +{ + options.elss.programs.obsstudio.enable = mkEnableOption "install obs-studio"; + config = mkIf config.elss.programs.obsstudio.enable { + environment.systemPackages = with pkgs; [ + obs-studio + ]; + }; +} diff --git a/modules/openvpn/config/TUD.ovpn b/modules/openvpn/config/TUD.ovpn new file mode 100644 index 0000000..9fd1a85 --- /dev/null +++ b/modules/openvpn/config/TUD.ovpn @@ -0,0 +1,60 @@ +tls-client +pull +remote openvpn.zih.tu-dresden.de +port 1194 +dev tun +proto udp +auth-user-pass +nobind +#comp-lzo no +tls-version-min 1.2 + +-----BEGIN CERTIFICATE----- +MIIDJDCCAqqgAwIBAgIIVUfkeTU1KgIwCgYIKoZIzj0EAwQwgcYxCzAJBgNVBAYT +AkRFMQ8wDQYDVQQIEwZTYXhvbnkxEDAOBgNVBAcTB0RyZXNkZW4xKDAmBgNVBAoT +H1RlY2huaXNjaGUgVW5pdmVyc2l0YWV0IERyZXNkZW4xQjBABgNVBAsTOVplbnRy +dW0gZnVlciBJbmZvcm1hdGlvbnNkaWVuc3RlIHVuZCBIb2NobGVpc3R1bmdzcmVj +aG5lbjEmMCQGA1UEAxMdT3BlblZQTiBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcN +MjAwMzEzMTcwMjAwWhcNMjMwMzEzMTcwMjAwWjCBxjELMAkGA1UEBhMCREUxDzAN +BgNVBAgTBlNheG9ueTEQMA4GA1UEBxMHRHJlc2RlbjEoMCYGA1UEChMfVGVjaG5p +c2NoZSBVbml2ZXJzaXRhZXQgRHJlc2RlbjFCMEAGA1UECxM5WmVudHJ1bSBmdWVy +IEluZm9ybWF0aW9uc2RpZW5zdGUgdW5kIEhvY2hsZWlzdHVuZ3NyZWNobmVuMSYw +JAYDVQQDEx1PcGVuVlBOIENlcnRpZmljYXRlIEF1dGhvcml0eTB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABAFyQ2/XGnQpeqQGR9//A3eSUl/dm5ksuPba4yuF+TonfIMS +SkYrW3KbFexK/7M1F2n6xTCk8YxgF0cl/6AqVW80UsdW9FeQSO2jEOY8xl4Ag95B +5KD1ur3kfn/GxRfJe6NjMGEwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU +/IAoHx3yIpN6FV/js71yXvf+POwwHwYDVR0jBBgwFoAU/IAoHx3yIpN6FV/js71y +Xvf+POwwCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMEA2gAMGUCMQDyPDrW8JofQUiG +a1DacXRr3dQUAKIdpgk7VFXU90hRrSTkMBgZNev6rd+TBgk/XeQCMCLq4DQgwTjc +jexcxW/cIHH5bfUy/xykQWjEnlJsPoeA0JaTtBcrrK7h/9dUCUhk+g== +-----END CERTIFICATE----- + + +# +# 2048 bit OpenVPN static key +# +-----BEGIN OpenVPN Static key V1----- +9b32985687664a47084463da740ff2a2 +8976d0f78b2264e7feda8486efe02289 +7ff5abc2f1bfe170eb620e63fb0cba01 +fb65e4f6668fd3a718e1b3d4d94ac2a5 +56a1d53f8f971fb0307034d425758cb3 +1aeb8156b05ceb2fe79eaf56777c3bb5 +0fa26bc1f3a0b21d3a1a8787f133c626 +5776465ab7848443d8b153300853a7c2 +167d72baf41b6372db1b801499ac1aa3 +3506442dfb204bb037e961c938fd9571 +cb62228eb0c482f3db4598f08f8c26fe +1d72031e82f5bd163e961310fe781806 +8e546e4957f6eae73585b245ae3a6273 +fc4375d385cb2c95646af01ec31a23cc +e7fbbd353a27ec216f6e677fed8a4298 +6b0c01f429db0ddb52fd0760788c32d5 +-----END OpenVPN Static key V1----- + +remote-cert-tls server +cipher AES-256-GCM +auth SHA384 +reneg-sec 43200 +verb 3 + diff --git a/modules/openvpn/default.nix b/modules/openvpn/default.nix new file mode 100644 index 0000000..77e47fb --- /dev/null +++ b/modules/openvpn/default.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ...}: +with lib; { + options.elss.openvpn.enable = mkEnableOption "Setup TUD openvpn"; + config = + let + cfg = config.elss.openvpn; + in + mkIf cfg.enable { + services.openvpn.servers.TUD = { + config = "config config/TUD.ovpn"; + autoStart = false; + }; + }; +} diff --git a/programs/python.nix b/modules/python.nix similarity index 52% rename from programs/python.nix rename to modules/python.nix index 67e7dc4..68c9f3c 100644 --- a/programs/python.nix +++ b/modules/python.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with pkgs; +with pkgs; with lib; let my-python-packages = python-packages: with python-packages; [ pandas @@ -9,5 +9,8 @@ let python-with-my-packages = python3.withPackages my-python-packages; in { - environment.systemPackages = [ python-with-my-packages ]; + options.elss.programs.python.enable = mkEnableOption "install python 3"; + config = mkIf config.elss.programs.python.enable { + environment.systemPackages = [ python-with-my-packages ]; + }; } diff --git a/modules/secrets.nix b/modules/secrets.nix new file mode 100644 index 0000000..3985ecb --- /dev/null +++ b/modules/secrets.nix @@ -0,0 +1,16 @@ +{ config, pkgs, lib, ... }: +with lib; { + options.elss.sops.enable = mkEnableOption "Use sops config"; + + config = + let + cfg = config.elss.sops; + in + mkIf cfg.enable { + sops = { + defaultSopsFile = ../secrets/secrets.yaml; + secrets.example_key.format = "yaml"; + + }; + }; +} diff --git a/modules/server/default.nix b/modules/server/default.nix new file mode 100644 index 0000000..0e0f401 --- /dev/null +++ b/modules/server/default.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: +with lib; { + options.elss.server.enable = mkEnableOption "Enable Mail, Web, and DB"; + options.elss.server.nginx.enable = mkEnableOption "Set up nginx"; + options.elss.server.sql.enable = mkEnableOption "Set up sql (mariadb)"; + options.elss.server.nextcloud.enable = mkEnableOption "Set up nextcloud"; + options.elss.server.smailserver.enable = mkEnableOption "Set up simple mail server"; + + imports = [ + ./nginx.nix + ./smailserver.nix + ./sql.nix + ./nextcloud.nix + ]; + + config = + let + cfg = config.elss.server; + in + mkIf cfg.enable { + elss.server = { + nginx.enable = mkDefault true; + sql.enable = mkDefault true; + smailserver.enable = mkDefault false; # TODO fix simple mail server + }; + }; +} diff --git a/modules/server/nextcloud.nix b/modules/server/nextcloud.nix new file mode 100644 index 0000000..1ee69b5 --- /dev/null +++ b/modules/server/nextcloud.nix @@ -0,0 +1,27 @@ +{ config, pkgs, lib, ... }: +with lib;{ + config = + let + cfg = config.elss.server.nextcloud; + in + mkIf cfg.enable { + elss.server.sql.enable = mkDefault; + services.nextcloud = { + enable = true; + hostName = "cloudstore.ellmauthaler.net"; + https = true; + config = { + dbtype = "mysql"; + dbuser = "cloudstore_user"; + dbpassFile = "/run/secrets/cloudstore_user"; + adminuser = "storemin"; + adminpassFile = "/run/secrets/storemin"; + }; + }; + + sops.secrets = { + storemin.sopsFile = ../../secrets/server.yaml; + cloudstore_user.sopsFile = ../../secrets/server.yaml; + }; + }; +} diff --git a/modules/server/nginx.nix b/modules/server/nginx.nix new file mode 100644 index 0000000..0aeb139 --- /dev/null +++ b/modules/server/nginx.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: +with lib;{ + config = + let + cfg = config.elss.server.nginx; + in + mkIf cfg.enable { + services.nginx.enable = true; + services.nginx.virtualHosts."localhost" = { + addSSL = false; + enableACME = false; + root = "/var/www/localhost"; + }; + }; +} diff --git a/modules/server/smailserver.nix b/modules/server/smailserver.nix new file mode 100644 index 0000000..afec6dd --- /dev/null +++ b/modules/server/smailserver.nix @@ -0,0 +1,14 @@ +{ config, pkgs, lib, ... }: +with lib;{ + config = + let + cfg = config.elss.server.smailserver; + in + mkIf cfg.enable { + mailserver = { + enable = true; + fqdn = "mail.ellmauthaler.net"; + domains = [ "ellmauthaler.net" ]; + }; + }; +} diff --git a/modules/server/sql.nix b/modules/server/sql.nix new file mode 100644 index 0000000..4bb992e --- /dev/null +++ b/modules/server/sql.nix @@ -0,0 +1,13 @@ +{ config, pkgs, lib, ... }: +with lib;{ + config = + let + cfg = config.elss.server.sql; + in + mkIf cfg.enable { + services.mysql = { + enable = true; + package = pkgs.mariadb; + }; + }; +} diff --git a/modules/ssh.nix b/modules/ssh.nix new file mode 100644 index 0000000..85899ed --- /dev/null +++ b/modules/ssh.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: +with lib; { + options.elss.sshd.enable = mkEnableOption "Set up sshd"; + + config = + let + cfg = config.elss.sshd; + in + mkIf cfg.enable { + services.openssh = { + enable = true; + passwordAuthentication = false; + permitRootLogin = "no"; + }; + }; +} diff --git a/modules/stateversion.nix b/modules/stateversion.nix new file mode 100644 index 0000000..7c0ffe4 --- /dev/null +++ b/modules/stateversion.nix @@ -0,0 +1,4 @@ +{ config, lib, pkgs, ...}: +{ + system.stateVersion = "21.05"; +} diff --git a/modules/steam-run.nix b/modules/steam-run.nix new file mode 100644 index 0000000..499b0f6 --- /dev/null +++ b/modules/steam-run.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +with lib; { + options.elss.steam-run.enable = mkEnableOption "configure steam-run to support unpatched binaries"; + + config = + let + cfg = config.elss.steam-run; + in + mkIf cfg.enable { + environment.systemPackages = [ + (pkgs.unstable.steam.override { withJava = true; }).run + ]; + }; +} diff --git a/modules/texlive.nix b/modules/texlive.nix new file mode 100644 index 0000000..6a67e59 --- /dev/null +++ b/modules/texlive.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: +with lib; { + options.elss.texlive = { + enable = mkEnableOption "configure texlife on the system"; + + package = mkOption { + type = types.package; + default = pkgs.texlive.combined.scheme-full; + description = '' + This option specifies which texlive package shall be installed + ''; + }; + }; + + config = + let + cfg = config.elss.texlive; + in + mkIf cfg.enable { + environment.systemPackages = [ + cfg.package + ]; + }; +} diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 0000000..e95766d --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,183 @@ +{ config, pkgs, lib, homeConfigurations, ... }: + +with lib; { + options.elss.users = { + enable = mkEnableOption "elss specific user configuration"; + + x11.enable = mkEnableOption "Activate XSession related options in user-configs"; + + users = mkOption { + description = "logins of non-admin users to configure"; + type = types.listOf types.str; + }; + admins = mkOption { + description = "logins of admin users to configure"; + type = types.listOf types.str; + }; + meta = mkOption { + type = types.attrsOf + (types.submodule { + options = { + description = mkOption { + type = types.str; + description = "full name of the user"; + }; + hashedPassword = mkOption + { + type = types.str; + default = null; + description = "hashed password, only required for admins"; + }; + publicKeys = mkOption { + type = types.listOf types.str; + description = "SSH public keys for the user"; + }; + mailAddress = mkOption { + type = types.str; + description = "Email address of the user"; + }; + git = mkOption { + type = types.submodule { + options = { + key = mkOption { + type = types.str; + example = "0xBEEE1234"; + default = "C804A9C1B7AF8256"; + description = "Signkey for git commits"; + }; + gpgsm = mkOption { + type = types.bool; + default = false; + description = "Whether to use gpgsm for commit signatures"; + }; + signDefault = mkOption { + type = types.bool; + default = false; + description = "Whether to force signing commits or not"; + }; + }; + }; + }; + }; + }); + }; + }; + + config = + let + cfg = config.elss.users; + inherit (elss.withConfig config) mapAdmins mapUsers mapAllUsersAndRoot mapAllUsers; + + getMeta = login: + builtins.getAttr login cfg.meta; + mkAdmin = login: + mkMerge [ + (mkUser login) + { + extraGroups = [ "wheel" ]; + inherit (getMeta login) hashedPassword; + } + ]; + mkUser = login: + let meta = getMeta login; + in + { + inherit (meta) description; + isNormalUser = true; + home = "/home/${login}"; + extraGroups = [ ]; + openssh.authorizedKeys.keys = meta.publicKeys; + }; + + mkGitUser = login: + let meta = getMeta login; + in + { + programs.git = { + userEmail = meta.mailAddress; + userName = meta.description; + extraConfig = { + gpg = lib.mkIf meta.git.gpgsm { + format = "x509"; + program = "${pkgs.gnupg}/bin/gpgsm"; + }; + user = { + signingKey = meta.git.key; + }; + commit = { + gpgsign = meta.git.signDefault; + }; + }; + }; + }; + + mkX11User = login: + let meta = getMeta login; + in + mkIf (cfg.x11.enable) + { + xsession = { + numlock.enable = true; + profileExtra = '' + if [ $(hostname) = 'stel-xps' ]; then + brightnessctl s 50% + fi + ''; + }; + home.file.".background-image".source = ../common/wallpaper/nix-wallpaper-nineish-dark-gray.png; + + services = { + blueman-applet.enable = true; + network-manager-applet.enable = true; + dunst.enable = true; + }; + }; + + in + mkIf (cfg.enable) + { + assertions = + let + cfg = config.elss.users; + in + [ + { + assertion = mutuallyExclusive cfg.users cfg.admins; + message = "elss.users.users and elss.users.admins are mutually exclusive"; + } + { + assertion = all (hash: hash != "") + (catAttrs "hashedPassword" (attrVals cfg.admins cfg.meta)); + message = "No admin without password"; + } + { + assertion = length (cfg.admins) > 0; + message = "One admin needed at least"; + } + ]; + + users = { + mutableUsers = false; + users = + mkMerge [ + (mapAdmins mkAdmin) + (mapUsers mkUser) + ]; + }; + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + users = + mkMerge [ + (mapAllUsers mkX11User) + (mapAllUsers mkGitUser) + (mapAllUsersAndRoot (login: + mkMerge [ + { config.home.stateVersion = mkDefault "21.11"; } + (if homeConfigurations ? "${login}" then homeConfigurations."${login}" else { }) + ])) + ]; + }; + + }; +} diff --git a/modules/zsh.nix b/modules/zsh.nix new file mode 100644 index 0000000..97fcc31 --- /dev/null +++ b/modules/zsh.nix @@ -0,0 +1,65 @@ +{ config, pkgs, lib, ... }: +with lib; { + options.elss.zsh.enable = mkEnableOption "Setup systemwide zsh"; + config = + let + inherit (elss.withConfig config) mapAllUsers; + cfg = config.elss.zsh; + in + mkIf cfg.enable { + environment = { + shells = [ pkgs.zsh ]; + pathsToLink = [ "/share/zsh/" ]; + sessionVariables = rec { + XDG_CACHE_HOME = "\${HOME}/.cache"; + XDG_CONFIG_HOME = "\${HOME}/.config"; + XDG_BIN_HOME = "\${HOME}/.local/bin"; + XDG_DATA_HOME = "\${HOME}/.local/share"; + + PATH = [ + "\${XDG_BIN_HOME}" + ]; + }; + }; + programs = { + zsh = { + enable = true; + enableCompletion = true; + enableGlobalCompInit = true; + autosuggestions.enable = true; + syntaxHighlighting = { + enable = true; + highlighters = [ "main" "brackets" "root" "line" ]; + #styles = { cursor = "standout,underline"; }; + }; + setOptions = [ "auto_pushd" "correct" "nocaseglob" "rcexpandparam" "numericglobsort" "nobeep" "appendhistory" ]; + + shellInit = '' + if [[ $TERM == "dumb" ]]; then + INSIDE_EMACS=1 + fi; + ''; + + interactiveShellInit = '' + source ${pkgs.zsh-nix-shell}/share/zsh-nix-shell/nix-shell.plugin.zsh + + zstyle -e ':completion:*:approximate:*' max-errors 'reply=( $(( ($#PREFIX + $#SUFFIX) / 3 )) )' + zstyle ':completion:*:descriptions' format "- %d -" + zstyle ':completion:*:corrections' format "- %d - (errors %e})" + zstyle ':completion:*:default' list-prompt '%S%M matches%s' + zstyle ':completion:*:manuals' separate-sections true + zstyle ':completion:*:manuals.(^1*)' insert-sections true + zstyle ':completion:*' menu select + zstyle ':completion:*' verbose yes + zstyle ':completion:*' squeeze-slashes true + zstyle ':completion:*:*:kill:*' menu yes select + zstyle ':completion:*:kill:*' force-list always + ''; + }; + }; + + users.users = mapAllUsers (_: { shell = pkgs.zsh; } + + ); + }; +} diff --git a/options.nix b/options.nix deleted file mode 100644 index 1534502..0000000 --- a/options.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, pkgs, lib, ...}: -{ - options.variables = with lib; { - hostName = mkOption { - type = types.str; - example = "nucturne"; - description = "Hostname of the system"; - default = "hostnamenotset"; - }; - graphical = mkOption { - type = types.bool; - default = false; - description = "Whether to enable the graphical environment"; - }; - server = mkOption { - type = types.bool; - default = false; - description = "Whether this system is a server"; - }; - git = { - key = mkOption { - type = types.str; - example = "0xBEEE1234"; - default = "C804A9C1B7AF8256"; - description = "Signkey for git commits"; - }; - gpgsm = mkOption { - type = types.bool; - default = false; - description = "Whether to use gpgsm for commit signatures"; - }; - signDefault = mkOption { - type = types.bool; - default = false; - description = "Whether to force signing commits or not"; - }; - }; - }; -} diff --git a/programs/aspell.nix b/programs/aspell.nix deleted file mode 100644 index ed33380..0000000 --- a/programs/aspell.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, ... }: - -let - aspellConf = '' - data-dir /run/current-system/sw/lib/aspell - dict-dir /run/current-system/sw/lib/aspell - master en_GB-ise - extra-dicts en-computers.rws - add-extra-dicts en_GB-science.rws - ''; -in -{ - environment.systemPackages = [ pkgs.aspell ] - ++ (with pkgs.aspellDicts; [ de en sv en-computers en-science ]); -} diff --git a/programs/default.nix b/programs/default.nix deleted file mode 100644 index 496f688..0000000 --- a/programs/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - imports = [ - ./aspell.nix - ./emacs - ./obs-studio.nix - ./python.nix - ]; -} diff --git a/programs/obs-studio.nix b/programs/obs-studio.nix deleted file mode 100644 index 382025c..0000000 --- a/programs/obs-studio.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, pkgs, lib, ...}: -{ - environment.systemPackages = if config.variables.graphical then with pkgs; [ - obs-studio - ] else [ ] ; -} diff --git a/secrets/default.nix b/secrets/default.nix deleted file mode 100644 index fc4d166..0000000 --- a/secrets/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, pkgs, ... }: -{ - sops.defaultSopsFile = ./secrets.yaml; -} diff --git a/secrets/keys/hosts/nucturne.asc b/secrets/keys/hosts/nucturne.asc new file mode 100644 index 0000000..a2dd074 --- /dev/null +++ b/secrets/keys/hosts/nucturne.asc @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsFNBAAAAAABEADQdDDX8sxmtbOcTYmB5ctVP686TA8tdjtXH3jotgMEldkmZBEi +jYIgFxrj55uinUhxjsO+t9kIVCZQMt6Vu6PuZQ309as11RtMM6WowdmBAQaxyxOF +GdWUhbXTsfLGGYgrYrIrDif0U/Cb81U+Oy7uUVkrs6BIeLOsAR7Vap+O8fdC3nNd +bPH0ruE07S5ZxpDyqBjSc4AJFy0o04VE4n9jGH1Gg3/agal/RFAFMX2bO3jsGAdJ +W3k13mfUHoUpDLPDpMCkrv2zwOaT/i9HOoK6pfNI6ia7+bEgEXvC7GvX6CWmnNkx +W9S1XI64x8PRQNJa8WGIMkfa0b+pWRtbMwL5EquguSUjSNV6jdJgB2pZ/BQEwr5U +zJh+rLM9QDO5N8XUMCgG3sRqVUcRcCXRdFsTI501/HIukIH2usJ225j8FEqDMBPA +3sY5FMytbTd6B3/MU8RQRGGtzMTW7QSa2RAVAWo67KNbAidykStB2BEONfTjwLcS +jNiGR0vFSZBso18+BSephmW4Db9bZVMCIMLBKTmvt9KfbdjZR3+gyJLD0PNuIiXH +n7JOpDjGxoWKRLKhw0ThgeM+PhFjrnWt3ZRLwu+7bdrW7I+RVZtYEONvg+PjSNW8 +i+R+9x4plMfLJ80EKynroul5y9etu9GklA6aaWvr2fkjcOkLdH5/1G7wSQARAQAB +zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT +AQgAFgUCAAAAAAkQwI4yL3v9krECGw8CGQEAAC1oEAAjfd65ObN1SRYispR1WuOc +JF2zvUxmZ3fU/L4VH+/cm1t2xMMD+MfDiSLPrcYAgzBu563oQaa6HKEWj6t+Kfw5 +q/aFyt+ry7XP7wlWHM0R8ydbZkfVoJD+JDYLXFkeIK5S+tFbyUJfYIEd8hdKARwL +67C5evvb6VYHuPMP8w/RWCD5tvtgHJoRCdlnza4C5hbmiQxTRtb66oyfKjhsZkji +m3VtaA00y0lJ8rtJD6fsFD0KYcl4voXottn5VvbOhZZw/BsehSr9YfPaQWUUvkxo +VyUQbdSiltSc0VqDaB6v2zceoK3K5EDOhv/TxP9Q3l6oKWl2VGpPZbgcCmuqv00g +sssRh3uVbrdB7LhlhdOZmc40fQKIpfoDF6LuSsgfMUdGO5CS7E7HaKOeUbpY70Zk +hriBXfkpx7j7FHl+EU46N4ZvvQsnCwLyv7xvuAe/i2p15E2tWvHPvCCk1lpRXxSL +caQIImiXfbZGtCHt4jwn+BNZC4buy7t0IIuCZ8Bb4JCEVS1J5aNScQoODbE+RzsZ +ETqRQJxAS3Pu3yQDsm7dsq35qseZQVU6ChigL97yWIgH5SaNdhq+1ExIveKmu/0e +gcOmfadoNlCrT4RPEacG6xkZq69K17FirTWh/3QUOLfn/R3Zv7YXMqsJ2Jg9JuNo +BRtuXqcpUfc3rrMSvGDaSQ== +=ojin +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/secrets/keys/hosts/stel-xps.asc b/secrets/keys/hosts/stel-xps.asc new file mode 100644 index 0000000..76cb9b7 --- /dev/null +++ b/secrets/keys/hosts/stel-xps.asc @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsFNBAAAAAABEAC1eCDHJpjx8tlAVZz3g5/TZVFvCWcHn6WLNof96pwlThTiMitX +jQBAcyXSRBLiNLY1tdQi+Dd+toOESX3Tz2glGYGLhLGRcd77U4Xfock+rxpXr6Kq +X3+z9DQRAP5zp9LBdlDzhPzbUNv+CaQOPfMREGB+U1tQO9BB229VZD0l64yvJe1C +rVIFMXxeExjIE22p4QwYG9XTnvcoGHYonBoqPm9A4cil0IvISOJKVB6dmTKWqso3 +zIFcr431I2ce2EZidVz68AbKvf/3pG5LYM4SaKFjyugxVkKXex5ENfwwg/54843X +ATmufpK36eiYpQu0kmTexaQLqEVEVFDiWS4YyRBJJxD3SX1qDmZVdHt0YGWGwe/l +28f/xVGU30itswbl7iraLWuQxBl3Fngrxera3GDEqIVZwSMocIIv7PgP2aGWhEP3 +EN37wmaXE6wkefJSwFa2vS4+dcbZ8NFKDfFPYfaXg2SeWdHgd6u35NqFxM0lm1FC +RWAD5/6VD3J6oCOMI21p01Hc5a55uaLdGRN+qZzkKNy269swR/ovd4Aq0VAswKd7 +lcA2+XFjokgmZYY68DbJM1/q93hJjd7peyM3ReKHgf4UFDGDmxtc/4K5sdOZSqaP +N18ZUoqQ21wjbXnAZWLMi2ICxIjvHPi9N1GiOAKTsau37B/VlzsjRRzcKQARAQAB +zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT +AQgAFgUCAAAAAAkQU0q2hdiC5MoCGw8CGQEAAO7yEAAiR/ePv5GBXyKYdJW+FezO +DUXAJVpIqZAgJIFrEsh53aNd/dR+kyTZ8uh6UG3pXzlhFCvOBojHVC4Ssb2h4c2X +W20kzRn4vJhDUdXrN+vCnXdBIcM5Thn4AhvvDDTc5Q9x2qishpLHTjcgCvejBltL +kiAqbcV9ILSt/VuBYY+8Oe+8dJwuhzdZwrydy8hn+ktPkQGxeBt4zihOdYTGoTSL +OifOAaLzDye1iDhGOExjb+pvfaxnMS85hQW54UuGIi6tJJV496MFuhWUuQV/mzbH +w2DuQabfpDGZyA5awGTP/SxmL1T4B6iIxQG1vbyyejqMuFjyiVjWXmMiePn/c1Wv +TYyLoFwDaK3PcBl2HcX6GLRRd7w85cQlEHESZc7QhgswrTR0r1SlraPjFJYvdkMr +JVkDWgx7Xe8u+ZApxAB+mtDkDJdvk9nn/hRwn25yXVM+QWELBC4r41k5/pwjrAsM +ovsSawjq1wTBgbUOTHaob91FSHOkvnhpGix5SCzsyraz6VZ0ZJt+ab14IHIPDksn +rsDaW7VqURF7IK777vVnMFrA1UiPbrwJYxJso4cdSCeQLEq/5SghDSbmIB3rXp33 +LSDkfB3ZFfxp6ZJUW7YD2w8DlmG80xzGyWPtI6ZVKaJZGFJwNSJONq9yWQSoKQoX +OjF1D1sm47MlQBJ8zirGKQ== +=Spou +-----END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/secrets/keys/users/stefan_ellmauthaler.asc b/secrets/keys/users/stefan_ellmauthaler.asc new file mode 100644 index 0000000..83e249d --- /dev/null +++ b/secrets/keys/users/stefan_ellmauthaler.asc @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGClB3EBEADX75a/UKReD9GfpCQwuuBG6vO00W2WutEGC+lA+xt+yQfEFSc7 +8A52n9Ypgbn0I/TdCkRl3zSyw/ysR2On0biYb6rsyZG6PVmwq6wSpgPRHh2P0E9r +tg4PLhOkmSTlxT3k3SMvP4lJpRuZBSqRHkxaVMJDVjSlrwifUkSOl0LMewCtGZOG +jV9P8OMFHy/SAE/YVlnjH2IW6yUT5n+suNJ2pf6u/PcdXCpryNPkNLmsoQ0e+ZjG +we3i/7/vJ6wkkg7DZAuCmIjo1Zq1zNRI6ouJpgO58VKO5zrRdnKIkOstcp1smDmt +KngMzzYa7J1ytvNcy3nPoePjI0HwRREDrPZ/vhTFNpdfhLiuP4nhqu/mLVMJScqK +iaX2dLZ8wRTCgpC94pPJ81fXkTtLCTfIn1Tss9sFx37IHNiwd3BZhzFtQrbAMjTz +3vvF74XaVaDFZXGWcgJLBYRRgGSSIZCzOvPyPqENA/ugGvXb3U4YwFEV9H2BR/ei +0r6CLJgr99vD9SOlaF05hqCLAqyXE+o1jCMyOEHCChTf3VS2ZIxacpp5AoTkVOq8 +ZmaoASw8uxt4UD8wNJFtJdgzNxYSRWP6UE4Io7AUwoPQmfk9RxOiMQKDgJ9oj7yc +a5DHWS03xhtW4YL1ZZZm9TRg4jo1WB6jXRGbwT0lAtRnwaeWCqaJqm7uUQARAQAB +tDNTdGVmYW4gRWxsbWF1dGhhbGVyIDxzdGVmYW4uZWxsbWF1dGhhbGVyQGdtYWls +LmNvbT6JAlQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQ7OYsI +bEECZKFPs1Ox5vAwMKSuqgUCYpYJ2gUJA9ITLwAKCRCx5vAwMKSuqsU8EACYntlq +QFfM7bvviC0VJgvAnDGLeuGOh1Ba6SnmMQCHb1uYCQslmUpoYIWz0MntLoRcfdbz +JeyKP2OXvs6jg8EGPPk30g/hvD7392D45pPYNz9xY/sqR9FrYkBzrytvJRZY00qP +yrC+CmSlC9/pnJobbnGVDPAtDbM/1yxoNQhb/L6RIRcPc/efisi8e2O2J2DF/847 +eFEpIf38QlMf4RoWO+xsOT16R4iC4xdffI7xk+gG6pXD6tqI9IY7GPyzUhz/ttrX +GA+gEdfIFH/Ro2JVG2a91V1UV7b/STx+1yWH71Oa8UCSGRFQMdDx62kPfuBzrxg3 +ZMYqaRyyqpZDel0Vt05DCYgqmk7GmsvDLZnjfu1JJ8yreAzbJstvEfg9oLoBq3mD +DjaWLl4QJMmGkwQfmZlIWkLMgvdWuaoMAAr23JKCcNUGH0rnjlJHjnbX2+Q1ASH3 +1U5UPgVavuvHTs08E09aMfjDucd9u/NhzNsokzJZ5UlwY46hcYnU/ZAopKNTHR28 +2d4WBw8P/dsoymsLBqe0rUn9gm1Sm94jJtZwDw2PsJ+QXShJv2zpiGWd7hTBzOCT +bMTxVkASmyfLuLNjJBHzYOtnnqFN6GQoLlJRwlOARCGH+8q/yT9v34TsEeYOeDep +I1CjjraAChCxw53c2TXkp05wJp+zyZaEe80I9LkCDQRgpQdxARAArwHwHId6uhSS +RmdHE0jMnbSXknd62WeX9yy7tI5st8PisxLkUvIhsYEm7820BQtyB5/6Mda3th87 +LSmlzWO5Uvr+dpcUX80ozw0MlxY4Afd2b3uN8hDq1B1yreq3p9WdPlr+tZo/1zK3 +gxosfd/BDKdn+4FHPTpO3oePpYSUnlHhLac8wjn4C6HVvQHRK0rifzaAf3TlVHjk +/rRpJZ713JahiCVu9PR5dxE8zaI3pI63JV0g7aSQUevlbdfOBtwToX+Opz7s46Ep +sj6gzW1YHYgIuRcZ0fXxjhqB3BifKRvjdKfRTWgC/SPWby/DmYJaYdf81FDhGEqt +hqnI3YbO06Apid41xmmHiSoMjUv0i78edBInxEu/jZ7UZ8jmDmqkGqrJEJqAlaG3 +oUM1Xd0csP5gCxN7Ny/u3QloKfC7EAlVNxKub/Yumc4PE7m1zs9bEt4ZH3UomX5o +Ub5D9BOnWuRjBiGewYmGHjQDNPA1NLHUs7eNcFsadNQil+w/n/9mle+qvh/C0irB +bJS/DNDExQmb9IT7SqsMQO2N3M5ZTZrkFoKEJ8mVJ+JFwNpAZG2RXjw9fFU/g4zT +bi35xODgz+WfyP9+gLY33YM44UkDDpVUzlVJ9A8bPbgTKQIuuFqRNHRLq4Nmu2Hn +EXjGDmKsmsDkNOIWrqYTsXXfo7qPbBsAEQEAAYkCPAQYAQgAJhYhBDs5iwhsQQJk +oU+zU7Hm8DAwpK6qBQJgpQdxAhsMBQkB4TOAAAoJELHm8DAwpK6qJgwQAM1btgX0 +EOMN1s2hsoZe7pNZ1itj5HI8lxctcwC9zlBSgS3M5IeCOC/zf0yj5pOHRqN595jI +NjoXNTPFunuvd33tgLGSlPPifb8Dn9n1/oEt+Ys0LuownADEdtX3L9JO5l79JK4S +gQKG5Mx7ZmD3E5WdwmvkzjUzY12p3uC78en11OCm+sp2Fk5OhUBSXXJ/BsXoTD5f +g7XbbuRfhs52x6qIgWSuqbOghYq6VCNmR1j53qZsTUZg2gmKT10cSzI2rlsws2L3 +qIeo2eXKLxlUNuxK4kse007MxyzEqlWTVTwsL8SC06ouZ/W2VMF+xGZJ8O/Br5LD +pmEX+wZXJL6H2lIRa/aMreaQ8S9d9TSXHRIuc5MpmGnd9/KOm4Sdch5IQLiJLfyw +KkB9R1evg0HZqfOt05i6A1IyJQ9OlUXfbRBow6msNDlOmEviNNeJfLMQ/YvyZ+FM +oaSW5hMYZRMSthuIhQogWH+t1Kt76gHK+WVhyD9XZ8NWu18+ZUKMV2Dg4EyzJBkf +sdiWD4kFnotONtUHouRjMr5xFbDWQ/bSoQ+QGUOmxDx6Wl/DsGiQ+6HB4cD3JAxz +w2Ykcg94PlmESgC6SyLT8pDIbd8z42QR5VNRvMRBJnX/FygNGLj0PCol1piRM1zu +KdqlWuZpbVFm5DF/TQWr9PSFUs8QJ3EL/mXR +=Vjox +-----END PGP PUBLIC KEY BLOCK----- diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index e69de29..41a0afd 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -0,0 +1,81 @@ +hello: ENC[AES256_GCM,data:MOALCu8iOAyfGkjK9z4NMDo0f6MmG6x5VkfyZcZvYCKnWFBRQAKPDTWBH5rK1g==,iv:jFU+0lkJ0MUv20a7snZEtIx4MauWJcWGz7QBM3+LjEI=,tag:mM2WRwx58uyfHmzhtT0R2g==,type:str] +example_key: ENC[AES256_GCM,data:lAAqf3unmJ0zsg7nlEM=,iv:y1CfpqMkgOw1amloIxLvMR0Y74G0zO+RlBfXvZZIYAs=,tag:SUnHRfpMttYHRuQn8ABXsg==,type:str] +#ENC[AES256_GCM,data:S8HV5uWQ2U1r+3GxJ1Uw9A==,iv:03NBULMd31qtDl1yDhXLdNaTJxsB5IR6ox4K5Ik8vSI=,tag:5tCKgR8Ue66TnOmR8Ya2zg==,type:comment] +example_array: + - ENC[AES256_GCM,data:wyZTcylOGQqGvJCEAtI=,iv:tYMAa5ohpA2QyXITG/S+HV7ZaOd9hZtiQMRlo2IGk6Y=,tag:BNQsl4gOgGK3U4aPBrQGww==,type:str] + - ENC[AES256_GCM,data:eLXzjr7IOWnrAN90F3s=,iv:6uAIFz/uN/td6XD5b+Pe73kjGIpdDl+fbKWo1TiaAxo=,tag:0Q3Afv+W6ddIS+37aFPugQ==,type:str] +example_number: ENC[AES256_GCM,data:gWSzljU0nOeIGA==,iv:B59DTWMum0nILKdxHSCyQoie5by/HNe+qOwN+gfNci4=,tag:cKb781zfp5QhKrwuWK5kiA==,type:float] +example_booleans: + - ENC[AES256_GCM,data:UnJYcQ==,iv:9Mm4d/Sf9VCeF0fq3LmfO15pjUrmbGYhzU/814jHCno=,tag:oZB1J633JyCSf1XACbxSlA==,type:bool] + - ENC[AES256_GCM,data:u0faKdM=,iv:kBl1oIAwuJji34U+ENq1hkz2b4zYZ/7Zo1f2Tgr1GsI=,tag:Fjtt/u4IJ4j5oDafLFQeDw==,type:bool] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-09T15:36:38Z" + mac: ENC[AES256_GCM,data:fJcGUyG9ur8qrkm0C318GDzAlYnhEy4QeaxBLNCQU9OsS/1eabJ0/wpw0cmUlfQkfu5IzZbPECWhrzxjN5S5ct1d/bNS+xSUtgZfSPXiXk4A9u9FR8BJaukOHvIa8nY15NludGMhsHxZcU1HFPlBuspt+AZv3SUuZXZHNousAvY=,iv:yxHTP/Lu+8rJ2tSZiq/dSTjNFuru8O5fRo+u0ULkP4Q=,tag:EjQGrlKOJX4Z1VuHUVQyhA==,type:str] + pgp: + - created_at: "2022-06-10T08:18:51Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAzhsLR+kpSPjAQ//X3WbmotfJz/EBnQYDxhjVXwdtRridhGX4hVmUkj6iYqc + CjR0eVXTBCe4cXKPMwII/w6NNVv3hGuRs2NkxSAGALlRNYYcVlUZnerlw2PoyrTr + oUpHxwk8V+dC4XYY7NWmdvqVI5BhWgP2xK4qH5uIqG3Nlwg844X/opOWRt4G4jQU + TGsI5i9ea6OCcedcQhg2IeJQ7VdiLiryV9YvonQUwt+/DFOpj+HiKIDd+vDUCAn4 + JRRFXhz+GWRPcMpOLob+IWIVhVJcYtll+7IVQ0gKmKBW3usQLpvMB7sKSRC6iHVW + WYI+GjBy8EzqiYhe4jz6nECExPWM60iD+hCJHVJ/0xyHRr+PjrwypSHu4So8eS7P + zhG3tNT4COPUT15zQJ9cWVKbaDpw12VQzAh/qvmrLqmAHR+cv0SI356G5jS81DtS + DySs+vkodgIf84NhiRzBaJs1k4jHadIgkPER2dthTp3EmZwCoMQAi5tRhGZrdJEF + TXv7q5zRQe55vOoeO6PTr2Yo5WeN19ZIkgUhZKZJ/1yihAzOL27TXB+HKkbRuLXr + 0HgttM44CH2RNa3v6qkT9qlAecmbMYsvXhbHWaQBwl0HidVIZCWKOtGRO/MDgGkr + YOHZ9foQR48dYK1aEdwu76iT7o2tPIpkSq8o1buOaoVSrExDyultmmGWpPmQCUfS + XgEEnyPst7D9Hbs/tqVGqn5LDHvNV+cBJg9DBCCwt8gCfhY1FmwXBVlo9gWUHL4w + Xmc0anP0TMXCGbxYVKPlLSnECPsi5aUv1kc9m5Wz0DYwMn5aAu/4gzz8UFHd1VQ= + =vPbk + -----END PGP MESSAGE----- + fp: 3B398B086C410264A14FB353B1E6F03030A4AEAA + - created_at: "2022-06-10T08:18:51Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1NKtoXYguTKARAArf9QJcBqa98/tcnJ5w9j1SSEnrOQUK1c0qaTcA4Cy66V + KR3reNR31+ZuRKrDY/mMC4Wvv9V3hsg42/mVGdoitxqy51Aq54ZWLtaG4r55Moks + jUancEpDAEiw5b3LE7vvm0p/AR+j1BoVXR+Z9HLCTyjbmgNZZrOB8aOLS/bRU1tl + AAzAYtHM1ilbj6Q3ThrpAWufA/Z4qUBvLkGveaGg3Wu/ddgHcvaUQKqNvISWdTX0 + i6vNmZxUUJ5pxHC751hieINhmB/z6R93iahq8qYd+3MzgipfqTVyEMdgCPbWiSYb + YLyCeEeTzs8TDVmcH7X4w2CWv9ZETS9lZrGZl/d1bgoFfENZPzn5jRjhoRrhhIXd + rR7/vdk9AA4uKwgcNIzISIX7nmPga/bW1/1d42u5v3zgv+WiPj91qH0iOh9WiuMV + htfDJqGrJH09+lptCFXd4sVIKVBxNXI4hHinhrKS41rEtcqacPBy8R2QeBlek8R6 + ZYb1EpaiwxtSJNXOz3uu0w0zxsU011VqBVwaoU86OEeHvfT3B8PmSsiKJT/0CuyS + t0kfMjK9VqKH1D9RFLiTBpoILYA2GUZ7fX45MSXHrnj7I4lbGWruuSjLubn6gS3a + QYEDL9C7tiU/5XVzoLaJAeCTmkcxx0Mm7XhoC6FpT8C5qWe1xfFSH5CU/ab16nTS + WAHOKx8d9+XEpsnluWltXFcVGG8jGtNp1Wh5bndFX3ASlDqoNx4Zca+rNLIs8hGd + HHt53gU+N4zF5mwerI5qt5DUStwU8UWsDS2xNeh7K+T+T0V39A1RN4s= + =uW7i + -----END PGP MESSAGE----- + fp: e8dfcfbac0c3e65bbdfd62ab534ab685d882e4ca + - created_at: "2022-06-10T08:18:51Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA8COMi97/ZKxAQ//TZOtrC5Fx91OVszeT6t/I4SkJ14P7eUH6KztbYPINqW5 + gFFjDPr+4zjp7rc8d+yVyXz87KhQcI+f0wTRasPK2vR9k1D4XrsQQlOIDhfoo2VE + 8OL9Txwi5Kd8VcGDjBMsFBPrtPuZieL6FM5AuSoqqdxfTi33kM9wMBChUaz1adDK + lhCxPhItxQMZkfGiu+1mCLNwN+flOIPh3dL8NmYBNlX8I24dUwO0A9MUo1Sz9bhE + eQiCwhXNFr761k36xb8+nhdNOqe5iTjBn1DhR9QpVki+rCYWL4fUDfeQeprwE5Co + cMwGm3At4Vsix73mZ5e3+QgSsjdlIYoZT0nj2sKawo5Zo0GC4zFoTnGW10ubGLYk + u6aJfZScQU2HCZF+WFSYa9demDmTP7SRonx6rxpxSnTVTXgRDasN65dNbixeif8q + ggRnQHO7MExnlKkP0fFsQXTCgNBd6EFh1yQoLS9oCEgNHsf9B6X+yv68tWzZLulk + OfBOWeeN+CIGXp4Uw0424iWtnHH5Cg0256/nRIzmKeBDETNiNrKy5AwS7rLRwGnV + WsQHGQu269joSG4K7l5NB0Nwl4Ka+pUhIdrbrjDqMVPg5YTvwpuvTquywG9/LiX3 + 5p5bCN74RZf0ZJsuEW0T/xnFPSxNsvWmO1X7+YT5lbA6UVpaa1XnVtyz0rnO9CnS + WAE3/C9Qtiysll8FOHaVLgsXBuRLd/YhwXfA233F+WKZL8uV0dg3qzALUTM3UvML + fNBMqnnyQ8fdQ1wcaak6v60u1vQfPn3lgFRrnxhu4dQzY2LIVGa52+g= + =Gwh/ + -----END PGP MESSAGE----- + fp: 9b6a58764eddd81d07180d6dc08e322f7bfd92b1 + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/secrets/server.yaml b/secrets/server.yaml new file mode 100644 index 0000000..400afd4 --- /dev/null +++ b/secrets/server.yaml @@ -0,0 +1,53 @@ +storemin: ENC[AES256_GCM,data:oCFpGrb+fLkVuHPgUkVi5MFbnCJiJyT4Vac6keNU,iv:5HS/xlS+sHCyRcn8ImpzbRmwpjZicq1U5C3fiuKoclY=,tag:6wbXHzDt9MApTzyIyss+qQ==,type:str] +cloudstore_user: ENC[AES256_GCM,data:Ist58mJGxnvQA8xQ9s4SBC+3cGnQKqAm/g7nbmv5,iv:2DG0iR6trxoDmc2dxAVo0DAauzAaQc4MLmifii4MuXQ=,tag:jkpcZtX7gwr6fG0qd1+Y9w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-06-10T14:46:40Z" + mac: ENC[AES256_GCM,data:8mWlqOJnnipK6MOsaXtI++XGWOLnvgykfuBOqu4KZWRZPMnNjVe6a76RKARt8IcvUNwktb7oazVPBTWrMelJoXPIMLqBq2h9pbh5eZ1BsvSB/m4Y4MAongz2FItw3xVKUi8v58unoqKrtQwRiuURKXVv7AV/dQ03laOuc3c9YeU=,iv:a5H93RHqEL9cCRpqkp9XaNahEYgHvzIh9dCpPMSQoh0=,tag:yY2TodoAsn3GrU7Zc0pDLA==,type:str] + pgp: + - created_at: "2022-06-10T14:41:46Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAzhsLR+kpSPjAQ/7BMI5ycEDKMg4Qeiy8vKZd6pkiiMTZkATCbINqtWsHxKY + PG1u1QL38kXEmQ85oEzc8cYLRtawuhkW3gWaiIdw5zbba+n5z3by8GA2hc4Rk+t8 + a7DEtYwHIC8wKjYtH66oKgG6NYXUKaIHUhDX7TSDxiC+EMtu8NcgXCgzW1wtAJgA + CbEFJHVH/ReLNY2nCcG7S1juRQFDEL3zkSAhqL+M+uOug8Uo2+t2PA0C57zr38fK + BtYbgF0xYR1YoVfGnu0DznGg32gM8htpNSQhv/P8+NufgrPUK+HzNu0be/tK5G3D + u/ecROr7sgQEmhhKxu+0IySmts74NUCf2O77Qw0tQTulZTZQkta4JOE2w8B0/kvJ + d6FOjG/8DmjhWH6mkVQxvBAmUZwNiQKkK8byU1DRhAZJXPD8quWpCpluy844dI5E + maPPnu0TYOofdmKrlmd75wE1HItg5o/ddHUMWM4ZDpjG+4Do3r2FPMxZWIjtUHSV + 7FONQyKmHhhc0Zeyp5fYDJ/2DZXPeLyN+ljXWelH1au4Xy9dCBRVwMaHQTUgtvUe + vnNYmadz/sK869l/nlUvA9l/CxOgrMu4eDne0Fko/I/ng3Ur5gAXncI7pJzL/ysx + ceMpDVUT9BWqNwEFesy6B/VbUi2kBQsOQ9lDIcniKgn2pX3b26dZux92IaTXiyDS + XgG67dqv3yK+qyOD2h7nqudCwFDbYUO96P2u2oRlvXEKFT5h03Ox35UTPy5Q8+Dj + hSrUYmMiAbKMuSg7JgF6mk2BDkAFUhO1cyGwgKFiJMsYEi9mEOgFJDtI3R6dllQ= + =3O8N + -----END PGP MESSAGE----- + fp: 3B398B086C410264A14FB353B1E6F03030A4AEAA + - created_at: "2022-06-10T14:41:46Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA8COMi97/ZKxAQ/5AZOF962SIoWwdSY3xNXam/eNocldbf7vPW9MTLdb9KJQ + hmMb557+BR1df5sMB0306/LG4DKan4L66D9Y0omVKJ2f6RyR1NmwO1QaEpGCFMgo + D4EgYiznlOD5VdH+f+McEaW8GWYX84Br6owYqoh7Ay+i2wgpGzOscs6cwbbq4Z0d + widJ69jz9J5ofeRRAT9hyNnhVGx6o93H0pbCl1ge0jpIbIcNHbWVCXxSV+rINRKS + JRFTqYw5g99qHfSZ4NERk1HJORc7whVUkYHj60wSpPgSBUAHaZAwFI9mLXxRjQJu + VFrnvslZBCpP/OXssJDdXkwD2ccC2NxnZBAOrBtVHdkjK1xuZ26uZRuetl9vA+gV + 7FEUzRt2uKi0dehx2JvkJplGNPyWJdyWIKW4mDF7g+vf+q374nDHpMf3u5HNHbB2 + jMBtgcIG9UABt1CSS9/inJ11P57CowRjNtHzHNYGPehd0QVwsNvIwNG7Xox6WJhu + h64ZFzoGW4yCYp+YBITyYHeVat6GTZz2Val0zBz1VVd0Y3EfDyy5V+54/WsiTpOX + 2hO3C+kBF0PYIhd0RR1hYa4y6piypw5Z2u1O4i7fRT+8WwXvfS/qRIKmQkmsxh65 + +dyd6bLfU30OpD403y4IZ67SNMKw8BUeNAYIdLX5hH0gRAbYXp043n/nqvSGMPzS + WAGwRTz0j4VWFP2X3+B47tBP/PIdsPGCahpKtk/zbufUy2ctDpWvv2mMWeSOEBGl + VIUxbBMWcZG01TrhAf6ZJdGX9E8g5EZd3OF/fetnoHVRwotGlgQ0/YE= + =Zx0K + -----END PGP MESSAGE----- + fp: 9b6a58764eddd81d07180d6dc08e322f7bfd92b1 + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/secrets/shell.nix b/secrets/shell.nix new file mode 100644 index 0000000..5d01992 --- /dev/null +++ b/secrets/shell.nix @@ -0,0 +1,15 @@ +{ pkgs ? import { } +, sops-nix ? pkgs.callPackage { } +, ... +}: + +let + sops-rekey = pkgs.writeShellScriptBin "sops-rekey" '' + ${pkgs.findutils}/bin/find . -wholename '*/secrets/*.yaml' -exec ${pkgs.sops}/bin/sops updatekeys {} \; + ''; +in +pkgs.mkShell { + sopsPGPKeyDirs = [ ./keys/users ./keys/hosts ]; + + nativeBuildInputs = [ sops-nix.sops-import-keys-hook sops-nix.ssh-to-pgp sops-rekey ]; +} diff --git a/services/default.nix b/services/default.nix deleted file mode 100644 index 26cb372..0000000 --- a/services/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, lib, ...}: -{ - imports = [ - ./nginx.nix - ./smailserver.nix - ./mariadb.nix - ./nextcloud.nix - ]; -} diff --git a/services/mariadb.nix b/services/mariadb.nix deleted file mode 100644 index a0b65eb..0000000 --- a/services/mariadb.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ config, pkgs, lib, ...}: -{ - services.mysql = { - enable = true; - package = pkgs.mariadb; - }; -} diff --git a/services/nextcloud.nix b/services/nextcloud.nix deleted file mode 100644 index bc24a02..0000000 --- a/services/nextcloud.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, pkgs, lib, ...}: -{ - mailserver.enable = true; -} diff --git a/services/nginx.nix b/services/nginx.nix deleted file mode 100644 index 9ee46d6..0000000 --- a/services/nginx.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, pkgs, lib, ...}: -{ - services.nginx.enable = true; - services.nginx.virtualHosts."localhost" = { - addSSL = false; - enableACME = false; - root = "/var/www/localhost"; - }; -} diff --git a/services/smailserver.nix b/services/smailserver.nix deleted file mode 100644 index bc24a02..0000000 --- a/services/smailserver.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ config, pkgs, lib, ...}: -{ - mailserver.enable = true; -} diff --git a/users/default.nix b/users/default.nix deleted file mode 100644 index 3f538bb..0000000 --- a/users/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - #imports = [ ]; - imports = [ - ./ellmau - ]; - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - }; - - users = { - mutableUsers = false; - users = { - ellmau = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "audio"]; - description = "Stefan Ellmauthaler"; - shell = pkgs.zsh; - home = "/home/ellmau"; - hashedPassword = "$6$JZPnaZYG$KL2c3e1it3j2avioovE1WveN/mpmq/tPsSAvHY1XRhtqKaE7TaSQkqRy69farkIR0Xs0.yTjltvKvv28kZtLO1"; - }; - }; - }; -} diff --git a/users/ellmau/alacritty.nix b/users/ellmau/alacritty.nix deleted file mode 100644 index 536fd0a..0000000 --- a/users/ellmau/alacritty.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, pkgs, lib, ... }: -{ - config = lib.mkIf config.variables.graphical { - home-manager.users.ellmau.programs.alacritty = { - enable = true; - settings = { - window = { - decorations = "full"; - }; - alt_send_esc = true; - }; - }; - }; -} diff --git a/users/ellmau/autorandr.nix b/users/ellmau/autorandr.nix index effda6d..0a7a80c 100644 --- a/users/ellmau/autorandr.nix +++ b/users/ellmau/autorandr.nix @@ -1,122 +1,120 @@ { config, pkgs, lib, ...}: { - home-manager.users.ellmau = { - programs.autorandr = { - enable = config.variables.graphical; - profiles = { - "home" = { - fingerprint = { - DP-1 = "00ffffffffffff0009d1507945540000221e0104b54627783f5995af4f42af260f5054a56b80d1c0b300a9c08180810081c0010101014dd000a0f0703e8030203500ba892100001a000000ff004e384c30323634373031390a20000000fd00283c87873c010a202020202020000000fc0042656e5120455733323730550a01bc02033af1515d5e5f6061101f222120051404131203012309070783010000e200c06d030c0020003878200060010203e305e001e6060501544c2ca36600a0f0701f8030203500ba892100001a565e00a0a0a029502f203500ba892100001abf650050a0402e6008200808ba892100001c000000000000000000000000000000bf"; - eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; - }; - config = { - eDP-1.enable = false; - DP-1 = { - enable = true; - crtc = 1; - primary = true; - position = "0x0"; - mode = "3840x2160"; - dpi = 96; - }; - }; + programs.autorandr = { + enable = true; + profiles = { + "home" = { + fingerprint = { + DP-1 = "00ffffffffffff0009d1507945540000221e0104b54627783f5995af4f42af260f5054a56b80d1c0b300a9c08180810081c0010101014dd000a0f0703e8030203500ba892100001a000000ff004e384c30323634373031390a20000000fd00283c87873c010a202020202020000000fc0042656e5120455733323730550a01bc02033af1515d5e5f6061101f222120051404131203012309070783010000e200c06d030c0020003878200060010203e305e001e6060501544c2ca36600a0f0701f8030203500ba892100001a565e00a0a0a029502f203500ba892100001abf650050a0402e6008200808ba892100001c000000000000000000000000000000bf"; + eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; }; - "mobile" = { - fingerprint.eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; - config = { - eDP-1 = { - enable = true; - primary = true; - mode = "3840x2160"; - dpi = 192; - }; - }; - }; - "work" = { - fingerprint = { - eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; - DP-2 = "00ffffffffffff0010acb5414c4133452c1e0104b53c22783eee95a3544c99260f5054a54b00e1c0d100d1c0b300a94081808100714f4dd000a0f0703e803020350055502100001a000000ff0031444e593132330a2020202020000000fd00184b1e8c36010a202020202020000000fc0044454c4c205532373230510a2001af020319f14c101f2005140413121103020123097f0783010000a36600a0f0703e803020350055502100001a565e00a0a0a029503020350055502100001a114400a0800025503020360055502100001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d9"; - }; - config = { - eDP-1 = { - enable = true; - crtc = 0; - position = "3840x0"; - mode = "3840x2160"; - #dpi = 288; - dpi = 96; - }; - DP-2 = { - enable = true; - primary = true; - mode = "3840x2160"; - #dpi = 144; - dpi = 96; - position = "0x0"; - }; - }; - }; - "home-nuc" = { - fingerprint = { - DP-2 = "00ffffffffffff0009d1507945540000221e0104b54627783f5995af4f42af260f5054a56b80d1c0b300a9c08180810081c0010101014dd000a0f0703e8030203500ba892100001a000000ff004e384c30323634373031390a20000000fd00283c87873c010a202020202020000000fc0042656e5120455733323730550a01bc02033af1515d5e5f6061101f222120051404131203012309070783010000e200c06d030c0020003878200060010203e305e001e6060501544c2ca36600a0f0701f8030203500ba892100001a565e00a0a0a029502f203500ba892100001abf650050a0402e6008200808ba892100001c000000000000000000000000000000bf"; - }; - config = { - DP-2 = { - enable = true; - crtc = 1; - primary = true; - position = "0x0"; - mode = "3840x2160"; - dpi = 96; - }; - }; - }; - - "e3027" = { - fingerprint = { - e-DP1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; - DP-1 = "00ffffffffffff004ca306a7010101011715010380a05a780ade50a3544c99260f5054a10800814081c0950081809040b300a9400101283c80a070b023403020360040846300001a9e20009051201f304880360040846300001c000000fd0017550f5c11000a202020202020000000fc004550534f4e20504a0a202020200116020328f651901f202205140413030212110706161501230907078301000066030c00100080e200fd023a801871382d40582c450040846300001e011d801871382d40582c450040846300001e662156aa51001e30468f330040846300001e302a40c8608464301850130040846300001e00000000000000000000000000000089"; - }; - config = { - eDP-1 = { - enable = true; - crtc = 0; - position = "0x0"; - mode = "3840x2160"; - }; - DP-1 = { - enable = true; - crtc = 1; - position = "3840x0"; - mode = "1920x1200"; - }; - }; - }; - - "e3027-clone" = { - fingerprint = { - e-DP1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; - DP-1 = "00ffffffffffff004ca306a7010101011715010380a05a780ade50a3544c99260f5054a10800814081c0950081809040b300a9400101283c80a070b023403020360040846300001a9e20009051201f304880360040846300001c000000fd0017550f5c11000a202020202020000000fc004550534f4e20504a0a202020200116020328f651901f202205140413030212110706161501230907078301000066030c00100080e200fd023a801871382d40582c450040846300001e011d801871382d40582c450040846300001e662156aa51001e30468f330040846300001e302a40c8608464301850130040846300001e00000000000000000000000000000089"; - }; - config = { - eDP-1 = { - enable = true; - crtc = 0; - position = "0x0"; - mode = "1920x1200"; - }; - DP-1 = { - enable = true; - crtc = 1; - position = "0x0"; - mode = "1920x1200"; - }; + config = { + eDP-1.enable = false; + DP-1 = { + enable = true; + crtc = 1; + primary = true; + position = "0x0"; + mode = "3840x2160"; + dpi = 96; }; }; }; - hooks.postswitch = { - "polybar" = "systemctl --user restart polybar.service"; + "mobile" = { + fingerprint.eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; + config = { + eDP-1 = { + enable = true; + primary = true; + mode = "3840x2160"; + dpi = 192; + }; + }; }; + "work" = { + fingerprint = { + eDP-1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; + DP-2 = "00ffffffffffff0010acb5414c4133452c1e0104b53c22783eee95a3544c99260f5054a54b00e1c0d100d1c0b300a94081808100714f4dd000a0f0703e803020350055502100001a000000ff0031444e593132330a2020202020000000fd00184b1e8c36010a202020202020000000fc0044454c4c205532373230510a2001af020319f14c101f2005140413121103020123097f0783010000a36600a0f0703e803020350055502100001a565e00a0a0a029503020350055502100001a114400a0800025503020360055502100001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d9"; + }; + config = { + eDP-1 = { + enable = true; + crtc = 0; + position = "3840x0"; + mode = "3840x2160"; + #dpi = 288; + dpi = 96; + }; + DP-2 = { + enable = true; + primary = true; + mode = "3840x2160"; + #dpi = 144; + dpi = 96; + position = "0x0"; + }; + }; + }; + "home-nuc" = { + fingerprint = { + DP-2 = "00ffffffffffff0009d1507945540000221e0104b54627783f5995af4f42af260f5054a56b80d1c0b300a9c08180810081c0010101014dd000a0f0703e8030203500ba892100001a000000ff004e384c30323634373031390a20000000fd00283c87873c010a202020202020000000fc0042656e5120455733323730550a01bc02033af1515d5e5f6061101f222120051404131203012309070783010000e200c06d030c0020003878200060010203e305e001e6060501544c2ca36600a0f0701f8030203500ba892100001a565e00a0a0a029502f203500ba892100001abf650050a0402e6008200808ba892100001c000000000000000000000000000000bf"; + }; + config = { + DP-2 = { + enable = true; + crtc = 1; + primary = true; + position = "0x0"; + mode = "3840x2160"; + dpi = 96; + }; + }; + }; + + "e3027" = { + fingerprint = { + e-DP1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; + DP-1 = "00ffffffffffff004ca306a7010101011715010380a05a780ade50a3544c99260f5054a10800814081c0950081809040b300a9400101283c80a070b023403020360040846300001a9e20009051201f304880360040846300001c000000fd0017550f5c11000a202020202020000000fc004550534f4e20504a0a202020200116020328f651901f202205140413030212110706161501230907078301000066030c00100080e200fd023a801871382d40582c450040846300001e011d801871382d40582c450040846300001e662156aa51001e30468f330040846300001e302a40c8608464301850130040846300001e00000000000000000000000000000089"; + }; + config = { + eDP-1 = { + enable = true; + crtc = 0; + position = "0x0"; + mode = "3840x2160"; + }; + DP-1 = { + enable = true; + crtc = 1; + position = "3840x0"; + mode = "1920x1200"; + }; + }; + }; + + "e3027-clone" = { + fingerprint = { + e-DP1 = "00ffffffffffff0006af2b2800000000001c0104a51d117802ee95a3544c99260f50540000000101010101010101010101010101010152d000a0f0703e803020350025a51000001a000000000000000000000000000000000000000000fe0039304e544880423133335a414e0000000000024103a8011100000b010a20200006"; + DP-1 = "00ffffffffffff004ca306a7010101011715010380a05a780ade50a3544c99260f5054a10800814081c0950081809040b300a9400101283c80a070b023403020360040846300001a9e20009051201f304880360040846300001c000000fd0017550f5c11000a202020202020000000fc004550534f4e20504a0a202020200116020328f651901f202205140413030212110706161501230907078301000066030c00100080e200fd023a801871382d40582c450040846300001e011d801871382d40582c450040846300001e662156aa51001e30468f330040846300001e302a40c8608464301850130040846300001e00000000000000000000000000000089"; + }; + config = { + eDP-1 = { + enable = true; + crtc = 0; + position = "0x0"; + mode = "1920x1200"; + }; + DP-1 = { + enable = true; + crtc = 1; + position = "0x0"; + mode = "1920x1200"; + }; + }; + }; + }; + hooks.postswitch = { + "polybar" = "systemctl --user restart polybar.service"; }; }; } diff --git a/users/ellmau/default.nix b/users/ellmau/default.nix index 32ffd35..283ea08 100644 --- a/users/ellmau/default.nix +++ b/users/ellmau/default.nix @@ -1,18 +1,6 @@ -{ config, pkgs, lib, flakes, ...}: -let - withAliases = hostname: aliases: cfg: - lib.recursiveUpdate - { - host = "${hostname} ${aliases}"; - hostname = "${hostname}"; - extraOptions.hostKeyAlias = "${hostname}"; - } - cfg; -in +{ config, lib, pkgs, ... }: { - imports = [ - ./alacritty.nix ./autorandr.nix ./dunst.nix ./git.nix @@ -21,102 +9,64 @@ in ./nextcloud.nix ./polybar.nix ./zsh.nix - ./go.nix ]; - - home-manager.users.ellmau = { - home.packages = [ - pkgs.htop - pkgs.pavucontrol - - pkgs.ripgrep - - pkgs.jabref - pkgs.libreoffice-fresh - - pkgs.nixfmt - pkgs.nixpkgs-fmt - pkgs.nix-prefetch-github - - pkgs.neofetch - - pkgs.jitsi-meet-electron - pkgs.skypeforlinux - pkgs.teams - pkgs.unstable.zoom-us - pkgs.element-desktop - pkgs.signal-desktop - ]; - - services = { - udiskie = { - enable = true; - automount = true; - notify = true; - tray = "auto"; - }; - blueman-applet.enable = config.variables.graphical; - network-manager-applet.enable = config.variables.graphical ; - gnome-keyring = { - enable = true; - components = [ "pkcs11" "secrets" "ssh" ]; - }; - }; - - xdg = { + services = { + gnome-keyring = { enable = true; + components = [ + "pkcs11" + "secrets" + "ssh" + ]; }; - programs.direnv = { + udiskie = { enable = true; - enableZshIntegration = true; - nix-direnv = { - enable = true; - enableFlakes = true; # TODO(mx): can be removed once updated to 22.05 - }; - }; - - - - xsession = { - numlock.enable = true; - profileExtra = '' - if [ $(hostname) = 'stel-xps' ]; then - brightnessctl s 50% - fi - ''; - }; - - home.file.".background-image".source = ../common/wallpaper/nix-wallpaper-nineish-dark-gray.png; - - programs.home-manager = { - enable = true; - }; - - programs.ssh = { - enable = true; - - forwardAgent = true; - serverAliveInterval = 5; - hashKnownHosts = true; - controlMaster = "auto"; - controlPersist = "60s"; - - # matchBlocks = { - # "iccl-share.inf.tu-dresden.de" = - # withAliases "iccl-share.inf.tu-dresden.de" "iccl-share" { - # proxyJump = "tcs.inf.tu-dresden.de"; - # }; - # "iccl.inf.tu-dresden.de" = withAliases "iccl.inf.tu-dresden.de" "" { - # proxyJump = "tcs.inf.tu-dresden.de"; - # }; - # "wille.inf.tu-dresden.de" = - # withAliases "wille.inf.tu-dresden.de" "wille wi" { - # proxyJump = "tcs.inf.tu-dresden.de"; - # }; - # "tcs.inf.tu-dresden.de" = - # withAliases "tcs.inf.tu-dresden.de" "tcs" { }; - # }; + automount = true; + notify = true; + tray = "auto"; }; }; + + xdg = { + enable = true; + }; + + home.packages = with pkgs; [ + comma + ]; + + programs = { + alacritty = { + enable = true; + settings = { + window = { + decorations = "full"; + }; + alt_send_esc = true; + }; + }; + + direnv = { + enable = true; + nix-direnv.enable = true; + enableZshIntegration = true; + }; + + home-manager = { + enable = true; + }; + + ssh = { + enable = true; + + forwardAgent = true; + serverAliveInterval = 5; + hashKnownHosts = true; + controlMaster = "auto"; + controlPersist = "60s"; + }; + + go.enable = true; + }; } diff --git a/users/ellmau/dunst.nix b/users/ellmau/dunst.nix index 055477d..259b867 100644 --- a/users/ellmau/dunst.nix +++ b/users/ellmau/dunst.nix @@ -1,39 +1,36 @@ { config, pkgs, ...}: { - home-manager.users.ellmau = { - services.dunst = { - enable = config.variables.graphical; - iconTheme = { - package = pkgs.numix-icon-theme; - name = "Numix"; - size = "26"; + services.dunst = { + iconTheme = { + package = pkgs.numix-icon-theme; + name = "Numix"; + size = "26"; + }; + settings = { + global = { + geometry = "800x5-30+50"; + transparency = 10; + frame_color = "#839496"; + font = "Hasklug Nerd Font 10"; + timeout = 5; + follow = "mouse"; + markup = "full"; + icon_position = "left"; + history_length = 32; + dmenu = "${pkgs.rofi}/bin/rofi -dmenu"; + word_wrap = true; }; - settings = { - global = { - geometry = "800x5-30+50"; - transparency = 10; - frame_color = "#839496"; - font = "Hasklug Nerd Font 10"; - timeout = 5; - follow = "mouse"; - markup = "full"; - icon_position = "left"; - history_length = 32; - dmenu = "${pkgs.rofi}/bin/rofi -dmenu"; - word_wrap = true; - }; - urgency_critical = { - foreground = "#fdf6e3"; - background = "#dc322f"; - }; - urgency_normal = { - foreground = "#fdf6e3"; - background = "#859900"; - }; - urgency_low = { - foreground = "#fdf6e3"; - background = "#2aa198"; - }; + urgency_critical = { + foreground = "#fdf6e3"; + background = "#dc322f"; + }; + urgency_normal = { + foreground = "#fdf6e3"; + background = "#859900"; + }; + urgency_low = { + foreground = "#fdf6e3"; + background = "#2aa198"; }; }; }; diff --git a/users/ellmau/git.nix b/users/ellmau/git.nix index 43d5370..91b0ab0 100644 --- a/users/ellmau/git.nix +++ b/users/ellmau/git.nix @@ -1,40 +1,24 @@ { config, pkgs, lib, ...}: { - home-manager.users.ellmau = { - programs= { - git = { - enable = true; - package = pkgs.gitAndTools.gitFull; - userName = "Stefan Ellmauthaler"; - userEmail = "stefan.ellmauthaler@tu-dresden.de"; - extraConfig = { - core = { editor = "emacsclient"; }; - gpg = lib.mkIf config.variables.git.gpgsm { - format = "x509"; - program = "${pkgs.gnupg}/bin/gpgsm"; - }; - #gpg = { - # format = "x509"; - # program = "gpgsm"; - #}; - user = { - signingKey = config.variables.git.key; - signByDefault = config.variables.git.signDefault; - }; - init = { defaultBranch = "main";}; - branch = { autosetuprebase = "always";}; - safe.directory = [ "/etc/nixos" ]; - }; - lfs.enable = true; + programs= { + git = { + enable = true; + package = pkgs.gitAndTools.gitFull; + extraConfig = { + core = { editor = "emacsclient"; }; + init = { defaultBranch = "main";}; + branch = { autosetuprebase = "always";}; + safe.directory = [ "/etc/nixos" ]; }; + lfs.enable = true; + }; - gh = { - enable = true; - settings = { - aliases = {}; - git_protocol = "ssh"; - prompt = "enabled"; - }; + gh = { + enable = true; + settings = { + aliases = {}; + git_protocol = "ssh"; + prompt = "enabled"; }; }; }; diff --git a/users/ellmau/go.nix b/users/ellmau/go.nix deleted file mode 100644 index 01bcec6..0000000 --- a/users/ellmau/go.nix +++ /dev/null @@ -1,4 +0,0 @@ -{config, pkgs, lib, ...}: -{ - home-manager.users.ellmau.programs.go.enable = true; -} diff --git a/users/ellmau/gpg.nix b/users/ellmau/gpg.nix index a453020..81c6c8e 100644 --- a/users/ellmau/gpg.nix +++ b/users/ellmau/gpg.nix @@ -1,18 +1,16 @@ { config, pkgs, lib, ...}: { - home-manager.users.ellmau = { - home.file = { - ".gnupg/gpgsm.conf".text = '' + home.file = { + ".gnupg/gpgsm.conf".text = '' keyserver ldap.pca.dfn.de::::o=DFN-Verein,c=DE disable-crl-checks ''; - ".gnupg/dirmngr_ldapservers.conf".text = "ldap.pca.dfn.de:389:::o=DFN-Verein,c=de,o=DFN-Verein,c=de"; - ".gnupg/trustlist.txt".source = ./conf/gpgsm/trustlist.txt; - ".gnupg/chain.txt".source = ./conf/gpgsm/chain.txt; - }; - - - - programs.gpg.enable = true; + ".gnupg/dirmngr_ldapservers.conf".text = "ldap.pca.dfn.de:389:::o=DFN-Verein,c=de,o=DFN-Verein,c=de"; + ".gnupg/trustlist.txt".source = ./conf/gpgsm/trustlist.txt; + ".gnupg/chain.txt".source = ./conf/gpgsm/chain.txt; }; + + + + programs.gpg.enable = true; } diff --git a/users/ellmau/i3.nix b/users/ellmau/i3.nix index 0fff9e7..db3a25c 100644 --- a/users/ellmau/i3.nix +++ b/users/ellmau/i3.nix @@ -1,13 +1,9 @@ { config, pkgs, lib, ...}: { - config = lib.mkIf config.variables.graphical { - home-manager.users.ellmau = { - xdg = { - configFile."i3" = { - source = conf/i3; - recursive = true; - }; - }; + xdg = { + configFile."i3" = { + source = conf/i3; + recursive = true; }; }; } diff --git a/users/ellmau/nextcloud.nix b/users/ellmau/nextcloud.nix index c788c81..82a7de2 100644 --- a/users/ellmau/nextcloud.nix +++ b/users/ellmau/nextcloud.nix @@ -1,9 +1,7 @@ { pkgs, ... }: { - home-manager.users.ellmau = { - services.nextcloud-client = { - enable = true; - startInBackground = true; - }; + services.nextcloud-client = { + enable = true; + startInBackground = true; }; } diff --git a/users/ellmau/polybar.nix b/users/ellmau/polybar.nix index 39518ac..85fa96b 100644 --- a/users/ellmau/polybar.nix +++ b/users/ellmau/polybar.nix @@ -1,8 +1,7 @@ { config, pkgs, ...}: { - home-manager.users.ellmau = { services.polybar = { - enable = config.variables.graphical; + enable = true; package = pkgs.polybarFull; settings = let @@ -234,7 +233,7 @@ #format-prefix-foreground = foreground_altcol; format-underline = "#0a6cf5"; - label = "%{A1:${pkgs.tray-calendar}/bin/traycalendar --no-tray:}%{A} %date% %time%"; + label = "%{A} %date% %time%"; }; "module/battery" = { type = "internal/battery"; @@ -353,5 +352,4 @@ done; ''; }; - }; } diff --git a/users/ellmau/zsh.nix b/users/ellmau/zsh.nix index 65929b1..5213933 100644 --- a/users/ellmau/zsh.nix +++ b/users/ellmau/zsh.nix @@ -1,13 +1,12 @@ { pkgs, ... }: { - home-manager.users.ellmau = { - programs = { - zsh = { - enable = true; - defaultKeymap = "emacs"; - oh-my-zsh.enable = false; - # remove extra stuff on the right side of the prompt - initExtra = '' + programs = { + zsh = { + enable = true; + defaultKeymap = "emacs"; + oh-my-zsh.enable = false; + # remove extra stuff on the right side of the prompt + initExtra = '' unset RPS1 # Color man pages export LESS_TERMCAP_mb=$'\E[01;32m' @@ -19,64 +18,64 @@ export LESS_TERMCAP_us=$'\E[01;36m' export LESS=-R ''; - shellAliases = { - cp = "cp -i"; - ls = "exa --icons --git"; - ll = "exa --long --icons --binary --group"; - llg = "exa --long --icons --grid --binary --group"; - lal = "ll --all"; - lla = "ll --all"; - emacsc = "emacsclient -n"; - }; - plugins = [ - { - name = "zsh-nix-shell"; - file = "nix-shell.plugin.zsh"; - src = pkgs.fetchFromGitHub { - owner = "chisui"; - repo = "zsh-nix-shell"; - rev = "v0.4.0"; - sha256 = "037wz9fqmx0ngcwl9az55fgkipb745rymznxnssr3rx9irb6apzg"; - }; - } - ]; + shellAliases = { + cp = "cp -i"; + ls = "exa --icons --git"; + ll = "exa --long --icons --binary --group"; + llg = "exa --long --icons --grid --binary --group"; + lal = "ll --all"; + lla = "ll --all"; + emacsc = "emacsclient -n"; }; - - starship = { - enable = true; - enableZshIntegration = true; - settings = { - add_newline = false; - format = "$all"; - username.show_always = false; - git_commit.tag_disabled = false; - hostname.ssh_only = false; - directory.truncate_to_repo = true; - }; - }; - - zoxide = { - enable = true; - enableZshIntegration = true; - }; - - bat = { - enable = true; - config = { theme = "ansi"; }; - }; - - exa = { - enable = true; - enableAliases = false; - }; - - tmux = { - enable = true; - clock24 = true; - keyMode = "emacs"; - shell = "${pkgs.zsh}/bin/zsh"; + plugins = [ + { + name = "zsh-nix-shell"; + file = "nix-shell.plugin.zsh"; + src = pkgs.fetchFromGitHub { + # v0.5.0 + owner = "chisui"; + repo = "zsh-nix-shell"; + rev = "4eb69b044ffab5197dfbf0f5d40e7cdb3d75e222"; + sha256 = "IT3wpfw8zhiNQsrw59lbSWYh0NQ1CUdUtFzRzHlURH0="; + fetchSubmodules = true; + }; + } + ]; + }; + + starship = { + enable = true; + enableZshIntegration = true; + settings = { + add_newline = false; + format = "$all"; + username.show_always = false; + git_commit.tag_disabled = false; + hostname.ssh_only = false; + directory.truncate_to_repo = true; }; }; + zoxide = { + enable = true; + enableZshIntegration = true; + }; + + bat = { + enable = true; + config = { theme = "ansi"; }; + }; + + exa = { + enable = true; + enableAliases = false; + }; + + tmux = { + enable = true; + clock24 = true; + keyMode = "emacs"; + shell = "${pkgs.zsh}/bin/zsh"; + }; }; }