derped/nixos
1
0
Fork 0
Code Releases Activity

Format project using nixfmt rfc candidate.

Browse source
This commit is contained in:
Kevin Baensch 2024-11-20 20:32:38 +01:00
parent 1f63817684
commit a9f7fe416f
Signed by: derped
GPG key ID: C0F1D326C7626543
91 changed files with 1347 additions and 1000 deletions
Download patch file Download diff file Expand all files Collapse all files

7
config/etc.nix
View file

@ -4,11 +4,12 @@
pkgs,
...
}:
with lib; {
with lib;
{
environment.etc = mkIf (elem "etcfiles" config.machine.conffiles) {
"rofi.rasi".source = import ./etc/rofi.rasi.nix {inherit pkgs;};
"rofi.rasi".source = import ./etc/rofi.rasi.nix { inherit pkgs; };
"i3/py3status".source = ./etc/i3/py3status;
"sway/config".source = mkDefault (import ./etc/sway/config.nix {inherit pkgs;});
"sway/config".source = mkDefault (import ./etc/sway/config.nix { inherit pkgs; });
"mpv/input.conf".source = ./etc/mpv/input.conf;
"mpv/mpv.conf".source = ./etc/mpv/mpv.conf;
"youtube-dl.conf".source = ./etc/youtube-dl.conf;

3
config/etc/i3/config.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: (pkgs.writeText "config" ''
{ pkgs, ... }:
(pkgs.writeText "config" ''
# i3 config file (v4)
#
# Please see http://i3wm.org/docs/userguide.html for a complete reference!

52
config/etc/rofi.rasi.nix
View file

@ -1,26 +1,30 @@
{pkgs}: let
tabMode = pkgs.writeScript "tab-finder.sh" (with pkgs; /* bash */ ''
#!/usr/bin/env bash
if [ -z ''${1} ]; then
${brotab}/bin/bt list;
else
TARGET_TAB=$(sed "s/\t.*$//g" <<< ''${1});
# activate window as focused to it is easy to switch to
${brotab}/bin/bt activate --focused ''${TARGET_TAB} > /dev/null 2>&1;
if [ -n ''${SWAYSOCK} ] && which swaymsg; then
swaymsg "[urgent=latest] focus" > /dev/null 2>&1;
{ pkgs }:
let
tabMode = pkgs.writeScript "tab-finder.sh" (
with pkgs; # bash
''
#!/usr/bin/env bash
if [ -z ''${1} ]; then
${brotab}/bin/bt list;
else
TARGET_TAB=$(sed "s/\t.*$//g" <<< ''${1});
# activate window as focused to it is easy to switch to
${brotab}/bin/bt activate --focused ''${TARGET_TAB} > /dev/null 2>&1;
if [ -n ''${SWAYSOCK} ] && which swaymsg; then
swaymsg "[urgent=latest] focus" > /dev/null 2>&1;
fi
fi
fi
exit 0;
'');
exit 0;
''
);
in
pkgs.writeText "rofi.rasi" ''
configuration {
modi: "combi,window,drun,ssh,tabFinder:${tabMode}";
font: "hack 10";
combi-modi: "window,drun,ssh,tabFinder";
icon-theme: "Papirus";
show-icons: true;
}
@theme "DarkBlue"
''
pkgs.writeText "rofi.rasi" ''
configuration {
modi: "combi,window,drun,ssh,tabFinder:${tabMode}";
font: "hack 10";
combi-modi: "window,drun,ssh,tabFinder";
icon-theme: "Papirus";
show-icons: true;
}
@theme "DarkBlue"
''

60
config/etc/sway/config.nix
View file

@ -1,36 +1,38 @@
{pkgs}:
{ pkgs }:
let
# TODO/FIX: pkgs.sway-unwrapped is not the same sway derivation as the one running the desktop
grim-wrapper = pkgs.writeShellScript "grim-wrapper" /* bash */ ''
OUTPUT_DIR="$(${pkgs.xdg-user-dirs}/bin/xdg-user-dir PICTURES)"
DATE="$(${pkgs.coreutils}/bin/date +'%Y-%m-%d;%H:%M:%S;')";
WINDOW_LIST="$(${pkgs.sway-unwrapped}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq -r '.. | select(.pid? and .visible?) | "\(.rect.x+.window_rect.x),\(.rect.y+.window_rect.y) \(.window_rect.width)x\(.window_rect.height) \(.app_id):\(.name)"' | ${pkgs.coreutils}/bin/tr -d '"/;\\')";
grim-wrapper =
pkgs.writeShellScript "grim-wrapper" # bash
''
OUTPUT_DIR="$(${pkgs.xdg-user-dirs}/bin/xdg-user-dir PICTURES)"
DATE="$(${pkgs.coreutils}/bin/date +'%Y-%m-%d;%H:%M:%S;')";
WINDOW_LIST="$(${pkgs.sway-unwrapped}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq -r '.. | select(.pid? and .visible?) | "\(.rect.x+.window_rect.x),\(.rect.y+.window_rect.y) \(.window_rect.width)x\(.window_rect.height) \(.app_id):\(.name)"' | ${pkgs.coreutils}/bin/tr -d '"/;\\')";
case "''${1}" in
selection)
# split slurp selection result into jseon selectable screen area (for grim) and output name
SELECTION_FORMAT='{ "area": "%x,%y %wx%h", "name": "%wx%h;%o;%l" }';
SELECTION="$(${pkgs.slurp}/bin/slurp -d -f "''${SELECTION_FORMAT}" <<< ''${WINDOW_LIST})";
SELECTION_AREA="$(${pkgs.jq}/bin/jq -r '.area' <<< "''${SELECTION}")";
SELECTION_NAME="$(${pkgs.jq}/bin/jq -r '.name' <<< "''${SELECTION}"| ${pkgs.coreutils}/bin/tr ' ' '_')";
OUTNAME="''${OUTPUT_DIR}/''${DATE}''${SELECTION_NAME}.png";
${pkgs.grim}/bin/grim -g "''${SELECTION_AREA}" "''${OUTNAME}";
;;
clip)
SELECTION="$(${pkgs.slurp}/bin/slurp -d <<< ''${WINDOW_LIST})";
${pkgs.grim}/bin/grim - | ${pkgs.wl-clipboard}/bin/wl-copy;
;;
*)
DISPLAY="$(${pkgs.sway-unwrapped}/bin/swaymsg -t get_outputs | ${pkgs.jq}/bin/jq -r '.[] | select(.focused) | .name')";
DISPLAY_RES="$(${pkgs.sway-unwrapped}/bin/swaymsg -t get_outputs | jq -r '.[] | select(.focused) | .current_mode | "\(.width)x\(.height)"')";
OUTNAME="''${OUTPUT_DIR}/''${DATE}''${DISPLAY_RES};''${DISPLAY};.png"
${pkgs.grim}/bin/grim -o "''${DISPLAY}" "''${OUTNAME}";
;;
esac;
'';
in pkgs.writeText "config"
''
case "''${1}" in
selection)
# split slurp selection result into jseon selectable screen area (for grim) and output name
SELECTION_FORMAT='{ "area": "%x,%y %wx%h", "name": "%wx%h;%o;%l" }';
SELECTION="$(${pkgs.slurp}/bin/slurp -d -f "''${SELECTION_FORMAT}" <<< ''${WINDOW_LIST})";
SELECTION_AREA="$(${pkgs.jq}/bin/jq -r '.area' <<< "''${SELECTION}")";
SELECTION_NAME="$(${pkgs.jq}/bin/jq -r '.name' <<< "''${SELECTION}"| ${pkgs.coreutils}/bin/tr ' ' '_')";
OUTNAME="''${OUTPUT_DIR}/''${DATE}''${SELECTION_NAME}.png";
${pkgs.grim}/bin/grim -g "''${SELECTION_AREA}" "''${OUTNAME}";
;;
clip)
SELECTION="$(${pkgs.slurp}/bin/slurp -d <<< ''${WINDOW_LIST})";
${pkgs.grim}/bin/grim - | ${pkgs.wl-clipboard}/bin/wl-copy;
;;
*)
DISPLAY="$(${pkgs.sway-unwrapped}/bin/swaymsg -t get_outputs | ${pkgs.jq}/bin/jq -r '.[] | select(.focused) | .name')";
DISPLAY_RES="$(${pkgs.sway-unwrapped}/bin/swaymsg -t get_outputs | jq -r '.[] | select(.focused) | .current_mode | "\(.width)x\(.height)"')";
OUTNAME="''${OUTPUT_DIR}/''${DATE}''${DISPLAY_RES};''${DISPLAY};.png"
${pkgs.grim}/bin/grim -o "''${DISPLAY}" "''${OUTNAME}";
;;
esac;
'';
in
pkgs.writeText "config" ''
include /etc/sway/config.d/*
# Read `man 5 sway` for a complete reference.

32
config/fonts.nix
View file

@ -5,20 +5,20 @@
...
}:
with lib;
mkIf (elem "fonts" config.machine.conffiles) {
fonts = {
fontDir.enable = true;
enableGhostscriptFonts = true;
fontconfig = {
enable = true;
includeUserConf = false;
};
packages = with pkgs; [
(nerdfonts.override {
fonts = [
"JetBrainsMono"
];
})
];
mkIf (elem "fonts" config.machine.conffiles) {
fonts = {
fontDir.enable = true;
enableGhostscriptFonts = true;
fontconfig = {
enable = true;
includeUserConf = false;
};
}
packages = with pkgs; [
(nerdfonts.override {
fonts = [
"JetBrainsMono"
];
})
];
};
}

11
config/locale.nix
View file

@ -3,17 +3,22 @@
lib,
pkgs,
...
}: {
}:
{
console.keyMap = "de";
i18n = {
defaultLocale = "en_US.UTF-8";
supportedLocales = ["all"];
supportedLocales = [ "all" ];
inputMethod = {
enable = (lib.elem "desktop" config.machine.services);
type = "fcitx5";
fcitx5 = {
waylandFrontend = true;
addons = with pkgs; [fcitx5-chinese-addons fcitx5-mozc fcitx5-table-extra];
addons = with pkgs; [
fcitx5-chinese-addons
fcitx5-mozc
fcitx5-table-extra
];
};
};
};

81
config/networking.nix
View file

@ -3,9 +3,11 @@
lib,
...
}:
with lib; let
with lib;
let
inherit (config.machine) networkD;
in {
in
{
networking = {
inherit (config.machine) hostName;
useNetworkd = networkD.enable;
@ -16,44 +18,49 @@ in {
# https://github.com/NixOS/nixpkgs/issues/10001#issuecomment-905532069
systemd.network = mkIf networkD.enable {
enable = true;
networks = let
networkConfig = {
DHCP = "yes";
DNSSEC = "yes";
DNSOverTLS = "yes";
DNS = ["1.1.1.1" "1.0.0.1"];
};
in {
"40-wired" = {
enable = true;
name = "en*";
dhcpV4Config.RouteMetric = 2048;
inherit networkConfig;
};
"40-wireless" = {
enable = true;
name = "wl*";
dhcpV4Config.RouteMetric = 1024;
inherit networkConfig;
};
"50-vlan" = {
enable = true;
matchConfig = {
Name = "br0";
};
networks =
let
networkConfig = {
DNS = "10.0.0.1";
Address = "10.0.0.100/16";
# DHCPServer = true;
# IPMasquerade = true;
DHCP = "yes";
DNSSEC = "yes";
DNSOverTLS = "yes";
DNS = [
"1.1.1.1"
"1.0.0.1"
];
};
in
{
"40-wired" = {
enable = true;
name = "en*";
dhcpV4Config.RouteMetric = 2048;
inherit networkConfig;
};
"40-wireless" = {
enable = true;
name = "wl*";
dhcpV4Config.RouteMetric = 1024;
inherit networkConfig;
};
"50-vlan" = {
enable = true;
matchConfig = {
Name = "br0";
};
networkConfig = {
DNS = "10.0.0.1";
Address = "10.0.0.100/16";
# DHCPServer = true;
# IPMasquerade = true;
};
# dhcpServerConfig = {
# ServerAddress = "172.16.9.1/12";
# PoolOffset = 100;
# EmitDNS = false;
# };
};
# dhcpServerConfig = {
# ServerAddress = "172.16.9.1/12";
# PoolOffset = 100;
# EmitDNS = false;
# };
};
};
};
# Wait for any interface to become available, not for all
systemd.services."systemd-networkd-wait-online" = {

24
config/nix.nix
View file

@ -6,10 +6,12 @@
config,
lib,
...
}: let
}:
let
cfg = config.machine;
emptyGlobalRegistry = pkgs.writeText "registry.json" ''{ "flakes": [], "version": 2 }'';
in {
in
{
nix = {
package = pkgs.nix;
registry = {
@ -22,19 +24,15 @@ in {
cores = 1;
sandbox = true;
auto-optimise-store = true;
trusted-substituters =
[
"https://cache.nixos.org"
]
++ cfg.binaryCaches;
trusted-substituters = [
"https://cache.nixos.org"
] ++ cfg.binaryCaches;
# TODO: integrate into sops
# trusted-public-keys = [ (lib.fileContents "${cfg.secretPath}/hydra_cache.pub") ];
substituters =
[
"https://cache.nixos.org"
]
++ cfg.binaryCaches;
allowed-users = ["root"] ++ (map (n: n.name) cfg.administrators);
substituters = [
"https://cache.nixos.org"
] ++ cfg.binaryCaches;
allowed-users = [ "root" ] ++ (map (n: n.name) cfg.administrators);
};
extraOptions = ''
build-timeout = 86400 # 24 hours

12
config/security.nix
View file

@ -4,9 +4,9 @@
...
}:
with lib;
mkIf (elem "security" config.machine.conffiles) {
security = {
audit.enable = true;
auditd.enable = true;
};
}
mkIf (elem "security" config.machine.conffiles) {
security = {
audit.enable = true;
auditd.enable = true;
};
}

82
config/users.nix
View file

@ -5,39 +5,52 @@
pkgs,
...
}:
with lib; let
with lib;
let
withDocker = config.virtualisation.docker.enable;
withPodman = config.virtualisation.podman.enable;
administrators = user: {
inherit (user) name;
value = let
cfg = config.services;
passPath = config.sops.secrets."users/${user.name}/password".path;
in {
isNormalUser = true;
inherit (user) name;
uid = user.id;
subUidRanges = optional withPodman {
startUid = 100000;
count = 65536;
value =
let
cfg = config.services;
passPath = config.sops.secrets."users/${user.name}/password".path;
in
{
isNormalUser = true;
inherit (user) name;
uid = user.id;
subUidRanges = optional withPodman {
startUid = 100000;
count = 65536;
};
subGidRanges = optional withPodman {
startGid = 100000;
count = 65536;
};
home = builtins.toPath "/home/${user.name}";
createHome = true;
description = "Administrative user ${user.name}.";
group = user.name;
extraGroups =
[
"audio"
"wheel"
"network"
]
++ (optionals (lib.elem "desktop" config.machine.services) [
"input"
"video"
])
++ (optionals cfg.printing.enable [
"cups"
"lp"
])
++ (optional (withDocker && !withPodman) "docker")
++ (optional withPodman "podman");
shell = "${pkgs.zsh}/bin/zsh";
hashedPasswordFile = passPath;
};
subGidRanges = optional withPodman {
startGid = 100000;
count = 65536;
};
home = builtins.toPath "/home/${user.name}";
createHome = true;
description = "Administrative user ${user.name}.";
group = user.name;
extraGroups =
["audio" "wheel" "network"]
++ (optionals (lib.elem "desktop" config.machine.services) ["input" "video"])
++ (optionals cfg.printing.enable ["cups" "lp"])
++ (optional (withDocker && !withPodman) "docker")
++ (optional withPodman "podman");
shell = "${pkgs.zsh}/bin/zsh";
hashedPasswordFile = passPath;
};
};
mkusergroup = user: {
@ -45,15 +58,14 @@ with lib; let
value = {
inherit (user) name;
gid = user.id;
members = [user.name];
members = [ user.name ];
};
};
in {
sops.secrets =
fn.sopsHelper
(user: "users/${user.name}/password")
config.machine.administrators
{neededForUsers = true;};
in
{
sops.secrets = fn.sopsHelper (user: "users/${user.name}/password") config.machine.administrators {
neededForUsers = true;
};
users = {
mutableUsers = false;
users = listToAttrs (map administrators config.machine.administrators);

71
config/zsh.nix
View file

@ -4,35 +4,44 @@
...
}:
with lib;
mkIf (elem "zsh" config.machine.conffiles) {
programs.zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
shellAliases = {
cat = ''bat --paging=never --theme="Solarized (dark)"'';
less = ''bat --paging=always --style=changes --color=always --theme="Solarized (dark)"'';
ls = "eza";
l = "eza -abgHhl@ --git --color=always --group-directories-first";
tree = "exa --tree --color=always";
ustrip = "sed -e '/\.service\|\.timer\|\.target\|\.socket\|\.slice\|\.scope\|\.path\|\.mount\|\.device)/!d' -e 's/loaded.*$//g' -e 's/^ \|^ //g'";
lsunits = "systemctl list-units | ustrip";
};
shellInit = ''
function ll() { eza -abgHhl@ --git --color=always --group-directories-first $@ | bat --paging=always --style=changes --color=always --theme="Solarized (dark)" }
function lln() { eza -abgHhl@ --git --color=always --group-directories-first $@ | bat --paging=always --style=changes --color=always --theme="Solarized (dark)" -n }
function lszip() { unzip -l $@ 2>&1 | sed -e "1,3d" -e "s/^.*:.. *//g" | head --lines=-2 }
function rwhich() { realpath $(which $@) }
function cdf() { cd $(rwhich $@ | sed "s/$@$//") }
function sfu() { lsunits | rg -i $@ }
function map() { for f in "$\{@:2\}"; do; eval $1 \"$f\"; done }
'';
ohMyZsh = {
enable = true;
plugins = ["cabal" "docker" "gitfast" "python" "pip" "sudo" "systemd" "man"];
theme = "gentoo";
};
mkIf (elem "zsh" config.machine.conffiles) {
programs.zsh = {
enable = true;
autosuggestions.enable = true;
syntaxHighlighting.enable = true;
shellAliases = {
cat = ''bat --paging=never --theme="Solarized (dark)"'';
less = ''bat --paging=always --style=changes --color=always --theme="Solarized (dark)"'';
ls = "eza";
l = "eza -abgHhl@ --git --color=always --group-directories-first";
tree = "exa --tree --color=always";
ustrip = "sed -e '/\.service\|\.timer\|\.target\|\.socket\|\.slice\|\.scope\|\.path\|\.mount\|\.device)/!d' -e 's/loaded.*$//g' -e 's/^ \|^ //g'";
lsunits = "systemctl list-units | ustrip";
};
}
shellInit = ''
function ll() { eza -abgHhl@ --git --color=always --group-directories-first $@ | bat --paging=always --style=changes --color=always --theme="Solarized (dark)" }
function lln() { eza -abgHhl@ --git --color=always --group-directories-first $@ | bat --paging=always --style=changes --color=always --theme="Solarized (dark)" -n }
function lszip() { unzip -l $@ 2>&1 | sed -e "1,3d" -e "s/^.*:.. *//g" | head --lines=-2 }
function rwhich() { realpath $(which $@) }
function cdf() { cd $(rwhich $@ | sed "s/$@$//") }
function sfu() { lsunits | rg -i $@ }
function map() { for f in "$\{@:2\}"; do; eval $1 \"$f\"; done }
'';
ohMyZsh = {
enable = true;
plugins = [
"cabal"
"docker"
"gitfast"
"python"
"pip"
"sudo"
"systemd"
"man"
];
theme = "gentoo";
};
};
}