aaaaaaaaaaaaaaaaaaaaaaaaaaa...

This commit is contained in:
Janis 2025-07-23 23:17:53 +02:00
parent 311c38ed31
commit 52f85edbd2
64 changed files with 660 additions and 1487 deletions

View file

@ -1,35 +0,0 @@
{...}:
let
gruvbox-dark = import ../data/gruvbox-dark.nix {};
in {
programs.alacritty = {
enable = true;
settings = {
font.normal.family = "monospace";
window = {
dynamic_title = true;
title = "Alacritty";
};
# gruvbox dark theme
colors = {
primary = {
inherit (gruvbox-dark) background foreground;
};
inherit (gruvbox-dark) normal bright;
};
keyboard = {
bindings = [
{
key = "Return";
mods = "Shift|Control";
action = "SpawnNewInstance";
}
];
};
};
};
}

View file

@ -1,11 +0,0 @@
{...}: {
imports = [
./firefox.nix
./sway.nix
./waybar.nix
./alacritty.nix
./zsh.nix
./libinput.nix
./rofi.nix
];
}

View file

@ -1,127 +0,0 @@
{inputs, pkgs, ...}: let
user = import ../data/user.nix {};
in{
programs.firefox = {
enable = true;
policies = {
CaptivePortal = false;
DisablePocket = true;
DisableTelemetry = true;
DisableFirefoxStudies = true;
FirefoxHome = {
Pocket = false;
Snippets = false;
};
};
profiles = {
default = {
isDefault = true;
search = {
default = "ddg";
force = true;
privateDefault = "ddg";
};
settings = {
# disable warning when editing about:config
"browser.aboutConfig.showWarning" = false;
# webgpu
"dom.webgpu.enabled" = true;
"gfx.webrender.all" = true;
"signon.rememberSignons" = false;
# mozilla syncserver
"identity.sync.tokenserver.uri" = "https://nirgendswo.com:8001/1.0/sync/1.5";
"services.sync.username" = user.email;
"browser.startup.page" = 3; # resume previous session
"browser.startup.homepage" = "about:home";
"browser.toolbars.bookmarks.visibility" = "never";
# hardening
"browser.newtabpage.enabled" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
"browser.newtabpage.activity-stream.feeds.snippets" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.feeds.discoverystreamfeed" = false;
"browser.newtabpage.activity-stream.default.sites" = "";
"browser.newtab.preload" = false;
"geo.provider.network.url" = "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%";
"geo.provider.ms-windows-location" = false;
"geo.provider.use_corelocation" = false;
"geo.provider.use_gpsd" = false;
"geo.provider.use_geoclue" = false;
"browser.region.network.url" = "";
"browser.region.update.enabled" = false;
"intl.accept_languages" = "en-US,en-GB,en";
"javascript.use_us_language_locale" = true;
"app.update.auto" = false;
"extensions.discover.enabled" = false;
"extensions.htmlaboutaddons.recommendations.enabled" = false;
"extenisons.getAddons.showPane" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.policy.dataSubmissionEnabled" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.server" = "data:,";
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.updatePing.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.coverage.opt-out" = true;
"toolkit.coverage.opt-out" = true;
"beacon.enabled" = false;
"app.shield.optoutstudies.enabled" = false;
"captivedetect.canonicalURL" = "";
"network.captive-portal-service.enabled" = false;
"network.connectivity-service.enabled" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.safebrowsing.blockedURIs.enabled" = false;
"browser.safebrowsing.provider.google4.gethashURL" = "";
"browser.safebrowsing.provider.google4.updateURL" = "";
"browser.safebrowsing.provider.google4.dataSharingURL" = "";
"browser.safebrowsing.provider.google.gethashURL" = "";
"browser.safebrowsing.provider.google.updateURL" = "";
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.downloads.remote.enabled" = false;
"browser.safebrowsing.downloads.remote.url" = "";
"browser.safebrowsing.allowOverride" = false;
"network.prefetch-next" = false;
"network.dns.disablePrefetch" = true;
"network.predictor.enabled" = false;
"browser.fixup.alternate.enabled" = false;
"browser.urlbar.trimURLs" = false;
"browser.contentblocking.category" = "strict";
"privacy.partition.serviceWorkers" = true;
"privacy.partition.always_partition_third_party_non_cookie_storage" = true;
"privacy.partition.always_partition_third_party_non_cookie_storage.exempt_sessionstorage" = true;
"privacy.resistFingerprinting" = true;
"privacy.resistFingerprinting.block_mozAddonManager" = true;
"app.normandy.enabled" = false;
"app.normandy.api_url" = "";
};
extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin bitwarden rust-search-extension betterttv
];
};
};
};
}

View file

@ -1,13 +0,0 @@
{pkgs, config, ...}: {
home.packages = with pkgs; [
libinput
libinput-gestures
];
xdg.configFile."libinput-gestures.conf".text = ''
gesture swipe left 4 swaymsg workspace next
gesture swipe right 4 swaymsg workspace next
gesture swipe down 4 swaylock-wrapper
gesture pinch in 4 rofi -combi-modi window,drun,run,ssh,combi -show combi -show-icons
'';
}

View file

@ -1,141 +0,0 @@
{pkgs, lib, config, ...}:
let
base = import ./../options.nix;
mod = "Mod4";
left = "h";
right = "l";
up = "k";
down = "j";
launcher = "${pkgs.rofi}/bin/rofi -config ${config.xdg.configHome}/rofi/launcher.rasi -theme ${config.xdg.dataHome}/rofi/themes/launcher.rasi -show drun -show-icons";
in {
wayland = {
windowManager = {
sway = {
enable = true;
systemd.enable = true;
config = {
modifier = "${mod}";
gaps = {
inner = 8;
};
bars = [{
command = "${pkgs.waybar}/bin/waybar";
}];
window = {
border = 3;
titlebar = false;
};
input = {
"type:pointer" = {
pointer_accel = "-1";
};
"type:keyboard" = {
xkb_layout = "gb,dk";
xkb_options =
"caps:escape,grp:menu_toggle,grp:rctrl_toggle";
repeat_delay = "250";
repeat_rate = "25";
};
"type:touchpad" = {
natural_scroll = "enabled";
tap = "enabled";
tap_button_map = "lrm";
pointer_accel = "0";
};
};
keybindings = with pkgs; {
"Print" = "exec screenshot";
"${mod}+Print" = "exec screenshot --area";
"${mod}+Shift+Print" = "exec screenshot --current-window";
"XF86AudioRaiseVolume" = "exec ${wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
"XF86AudioLowerVolume" = "exec ${wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
"XF86AudioMute" = "exec ${wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
"XF86AudioMicMute" = "exec ${wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle";
"XF86AudioPlay" = "mpc toggle";
"XF86AudioNext" = "mpc next";
"XF86AudioPrev" = "mpc prev";
"XF86MonBrightnessUp" = "exec ${brightnessctl}/bin/brightnessctl set +10%";
"XF86MonBrightnessDown" = "exec ${brightnessctl}/bin/brightnessctl set 10%-";
"${mod}+Shift+Return" = "exec ${alacritty}/bin/alacritty";
"${mod}+q" = "kill";
"${mod}+p" = "exec ${launcher}";
"${mod}+Shift+e" = "exec ${pkgs.emacs}/bin/emacsclient -c -a ''";
"${mod}+Shift+b" = "exec ${pkgs.firefox}/bin/firefox";
"${mod}+Shift+c" = "reload";
"${mod}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg exit";
"${mod}+${left}" = "focus left";
"${mod}+${right}" = "focus right";
"${mod}+${up}" = "focus up";
"${mod}+${down}" = "focus down";
"${mod}+Shift+${left}" = "move left";
"${mod}+Shift+${right}" = "move right";
"${mod}+Shift+${up}" = "move up";
"${mod}+Shift+${down}" = "move down";
"${mod}+Ctrl+${left}" = "move workspace to output left";
"${mod}+Ctrl+${right}" = "move workspace to output right";
"${mod}+b" = "splith";
"${mod}+v" = "splitv";
"${mod}+s" = "layout stacking";
"${mod}+w" = "layout tabbed";
"${mod}+e" = "layout toggle split";
"${mod}+Shift+space" = "layout toggle floating";
"${mod}+space" = "focus mode_toggle";
"${mod}+Shift+f" = "fullscreen";
} // lib.attrsets.mergeAttrsList (map
(n: let workspace = toString n; in {
"${mod}+${workspace}" = "workspace ${workspace}";
"${mod}+Shift+${workspace}" = "move container to workspace ${workspace}";
})
[1 2 3 4 5 6 7 8 9 0]
);
colors = {
focused = {
background = "#A7C080";
text = "#272E33";
indicator = "#A7C080";
border = "#A7C080";
childBorder = "#A7C080";
};
unfocused = {
background = "#9DA9A0";
text = "#272E33";
indicator = "#9DA9A0";
border = "#9DA9A0";
childBorder = "#9DA9A0";
};
urgent = {
background = "#E67E80";
text = "#272E33";
indicator = "#E67E80";
border = "#E67E80";
childBorder = "#E67E80";
};
};
};
};
};
};
}

View file

@ -1,233 +0,0 @@
{lib, config, ...}:
let
theme = import ../data/theme.nix {inherit config; };
utils = import ../utils.nix {inherit lib; };
in let
self = rec {
# ModuleDesc has the shape {name, config?, background?, color?, style?}
module-descs = [
{
name = "custom/left-most";
background = theme.background;
}
{
name = "pulseaudio";
config = {
format = "{volume}% {icon} {format_source}";
format-bluetooth = "{volume}% {icon} {format_source}";
format-muted = "{format_source}";
format-source = "{volume}% ";
format-source-muted = "";
format-icons = {
headphones = "";
default = ["" "" ""];
};
on-click = "pavucontrol";
};
background = theme.normal.yellow;
}
{
name = "network";
config = {
format-wifi = "{essid} {signalStrength}% {icon}";
format-ethernet = "{ipaddr} 󰈀";
format-disconnected = "Disconnected 󰤮";
tooltip-format = ''Interface: {ifname}
IP: {ipaddr}
Speed: {bandwidthUpBytes} / {bandwidthDownBytes}
Signal: {signalStrength}%
SSID: {essid} {frequency}'';
on-click = "iwgtk";
format-icons = ["󰤯" "󰤟" "󰤢" "󰤥" "󰤨"];
};
background = theme.normal.green;
}
{
name = "custom/vpn";
config = {
format = "{}";
excape = true;
interval = 30;
exec = "nordvpn-rofi.sh --status-json";
return-type = "json";
on-click = "rofi -show vpn -modes 'vpn:nordvpn-rofi.sh'";
};
style = {
connected.color = theme.normal.black;
disconnected.color = theme.normal.yellow;
};
background = theme.extra.teal;}
]
++ (if (config.has_battery) then [{
name = "battery";
config = {
states = {
critical = 15;
warning = 25;
good = 80;
full = 90;
};
interval = 30;
format = "{capacity}% {icon}";
format-charging = "{capacity}% ";
format-plugged = "{capacity}% ";
format-icons = ["" "" "" "" ""];
};
background = theme.extra.aqua;
}] else [])
++ [
{
name = "cpu";
config = {
format = "{}% ";
};
background = theme.extra.brown;
}
{
name = "memory";
config = {
format = "{}% ";
};
background = theme.extra.darkbrown;
}
{
name = "temperature";
config = {
critical-threshold = 80;
hwmon-path = "/sys/class/hwmon/hwmon5/temp1_input";
format = "{temperatureC}°C {icon}";
format-icons = ["" "" ""];
};
background = theme.extra.darkerbrown;
}
{
name = "clock";
config = {
format = "{:%H:%M} 󰥔";
tooltip-format = "<tt><small>{calendar}</small></tt>";
calendar = {
mode = "month";
weeks-pos = "left";
on-scroll = 1;
format = {
months = "<span color=\"${theme.normal.yellow}\"><b>{}</b></span>";
days = "<span color=\"${theme.normal.white}\"><b>{}</b></span>";
weekdays = "<span color=\"${theme.bright.black}\"><b>{}</b></span>";
today = "<span color=\"${theme.normal.red}\"><b>{}</b></span>";
};
on-scroll-up = "shift_up";
on-scroll-down = "shift_down";
};
};
background = theme.normal.black;
}
{name = "tray"; config = { spacing = 10; }; background = theme.background;}
];
# default style for modules
default-style = "padding-left: 8pt; padding-right: 8pt;";
# ModuleDesc -> Module
mkModule = desc: let
background = desc.background or theme.background;
color = desc.color or theme.foreground;
config = desc.config or {};
# style = module.style or "";
style = default-style;
style-name = builtins.replaceStrings ["/"] ["-"] desc.name;
in {
inherit (desc) name;
setting = {
} // config;
style = "#${style-name} {" + default-style + ''background: ${background};color: ${color};'' + "}\n";
};
mkSpacer = idx: left: right: {
name = "custom/arrow${toString idx}";
setting = {
format = "";
tooltip = false;
};
style = "#custom-arrow${toString idx} {font-size: 14pt;background: ${left.background};color: ${right.background};}\n";
};
# modules interlaced with spacers
# [ModuleDesc] -> [Module]
mkSpacedModules = descs: with builtins;
let
len = length descs;
in lib.lists.flatten
(lib.lists.imap0
(n: descs: let
left = elemAt descs 0;
right = elemAt descs 1;
in if n == len then [
(mkModule left)
(mkSpacer n left right)
(mkModule right)
] else [
(mkModule left)
(mkSpacer n left right)
])
(utils.windows 2 descs)
);
# Module -> {"name" = setting}
mkModuleConfig = {name, setting, ...}: lib.attrsets.optionalAttrs (!utils.isEmptySet setting) {
"${name}" = setting;
};
# builds bar configuration with left, center, and right modules
# right modules get spacers in between them.
# {left: [ModuleDesc], center: [ModuleDesc], right: [ModuleDesc], config: {}} -> {config, style}
mkBar = {left, center, right, config, ...}:
let
# Create modules from the descriptions
right' = mkSpacedModules right;
left' = map (module: mkModule module) left;
center' = map (module: mkModule module) center;
in let
# Create lists of module names for the config
modules-left = map (module: module.name) left';
modules-center = map (module: module.name) center';
modules-right = map (module: module.name) right';
# Combine all modules into a single list
modules = lib.lists.flatten [left' center' right'];
in {
config = lib.attrsets.mergeAttrsList (lib.lists.flatten [
{
inherit modules-left modules-center modules-right;
}
config
(map mkModuleConfig modules)
]);
style = lib.strings.concatStringsSep "\n" (map (module: module.style) modules);
};
};
bar = self.mkBar {
left = [ {name = "sway/workspaces";} {name = "sway/mode";} ];
center = [ {name = "sway/window";} ];
right = self.module-descs;
config = {
height = 25;
spacing = 0;
position = "top";
};
};
in {
programs.waybar = {
enable = true;
settings = {
mainBar = bar.config;
};
style = ''
* {border: none; border-radius: 0; min-height: 0; margin: 0; padding: 0; box-shadow: none; text-shadow: none;}
#waybar { background: rgba(40, 40, 40, 0.3); color: #ffffff; font-family: "sans-serif"; font-size: 12pt; font-weight: 500; }
''
+ bar.style;
};
}

View file

@ -1,78 +0,0 @@
{
disko.devices = {
disk = {
root = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "boot";
name = "ESP";
type = "EF00";
size = "512M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
label = "luks";
content = {
type = "luks";
name = "cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
# https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
settings = {crypttabExtraOpts = ["tpm2-device=auto" "token-timeout=10"];};
content = {
type = "btrfs";
extraArgs = ["-L" "nixos" "-f"];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = ["subvol=@root" "compress=zstd" "noatime"];
};
"@home" = {
mountpoint = "/home";
mountOptions = ["subvol=@home" "compress=zstd" "noatime"];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = ["subvol=@nix" "compress=zstd" "noatime"];
};
"@persist" = {
mountpoint = "/persist";
mountOptions = ["subvol=@persist" "compress=zstd" "noatime"];
};
"@log" = {
mountpoint = "/var/log";
mountOptions = ["subvol=@log" "compress=zstd" "noatime"];
};
"@snapshots" = {
};
"@swap" = {
mountpoint = "/swap";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
fileSystems."/persist".neededForBoot = true;
fileSystems."/var/log".neededForBoot = true;
}

View file

@ -1,16 +0,0 @@
{ lib, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
# inputs.home-manager.nixosModules.default
./nixos
./users/alice.nix
./variables.nix
./hosts/laptop.nix
];
# to use zsh as a login shell, it has to be enabled globally.
programs.zsh.enable = true;
}

View file

@ -1,21 +0,0 @@
{config, ...}:
let
theme = if config.darkMode then import ./gruvbox-dark.nix {}
else import ./gruvbox-light.nix {};
in
{
inherit (theme) background foreground normal bright;
extra = {
red = "#bd574e";
orange = "#eb8242";
yellow = "#ede06b";
green = "#9bb67c";
teal = "#87a7b3";
purple = "#ad6989";
brown = "#ad8b73";
darkbrown = "#85603f";
darkerbrown = "#5e454b";
cream = "#fefcf3";
};
}

View file

@ -1,3 +0,0 @@
{...}: {
email = "janis@nirgendwo.xyz";
}

View file

@ -1,37 +0,0 @@
{
disko.devices = {
disk = {
root = {
device = "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
label = "boot";
name = "ESP";
type = "EF00";
size = "512M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
label = "root";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

View file

@ -1,63 +0,0 @@
{
inputs = {
# This is pointing to an unstable release.
# If you prefer a stable release instead, you can this to the latest number shown here: https://nixos.org/download
# i.e. nixos-24.11
# Use `nix flake update` to update the flake to the latest revision of the chosen release channel.
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; # Use the same nixpkgs as the system
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/nur";
# firefox-addons = {
# url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
# inputs.nixpkgs.follows = "nixpkgs"; # Use the same nixpkgs as the system
# };
};
outputs = inputs @ { self, disko, nixpkgs, home-manager, ... }:
let
system = "x86_64-linux"; # Default system architecture
in {
# NOTE: 'nixos' is the default hostname
nixosConfigurations = {
nixos = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./configuration.nix
home-manager.nixosModules.home-manager
disko.nixosModules.disko
./btrfs-disko.nix
{
home-manager.useGlobalPkgs = true; # Use global packages in home-manager
home-manager.useUserPackages = true; # Use user packages in home-manager
home-manager.extraSpecialArgs = {
inherit inputs;
};
}
];
specialArgs = {
inherit inputs home-manager;
};
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true; # Allow unfree packages globally
overlays = [
inputs.nur.overlays.default
];
};
};
};
};
}

View file

@ -1,37 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/723e4a6a-97b9-49ff-999f-806b12ea26b6";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/15E6-98FA";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View file

@ -1,3 +0,0 @@
{...}: {
imports = [];
}

View file

@ -1,4 +0,0 @@
{config, ...}: {
imports = [ ../variables.nix ];
config.has_battery = true;
}

View file

@ -1,5 +0,0 @@
{...}: {
imports = [ ../variables.nix ];
# config.has_battery = true;
config.vmGuest = true;
}

View file

@ -1,9 +0,0 @@
{...}: {
imports = [
./hardware.nix
./system.nix
./plymouth.nix
./fonts.nix
./login.nix
];
}

View file

@ -1,33 +0,0 @@
{pkgs, ...}: {
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
liberation_ttf
roboto
roboto-mono
twitter-color-emoji
nerd-fonts.fira-code
nerd-fonts.fira-mono
unicode-emoji
fira-sans
font-awesome
fira-mono
fira-code
material-icons
source-sans
source-code-pro
pkgs.nur.repos.redpz.sf-mono
];
fontconfig = {
defaultFonts = {
monospace = ["SF Mono" "Fira Mono" "Noto Mono"];
serif = ["Liberation Serif" "Noto Serif"];
sansSerif = ["Liberation Sans" "Noto Sans" "Roboto"];
emoji = ["Twitter Color Emoji" "Noto Emoji"];
};
};
};
}

View file

@ -1,19 +0,0 @@
{ config, pkgs, ...}:
with pkgs;
{
hardware = {
graphics = {
enable = true; # Enable graphics support.
extraPackages = [
amdvlk
intel-media-driver
intel-vaapi-driver
];
};
cpu = {
amd = {
updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
};
};
}

View file

@ -1,16 +0,0 @@
# This file is part of the NixOS configuration for the login service.
{pkgs, ...}: {
environment.systemPackages = [ pkgs.sddm-chili-theme ];
services = {
displayManager = {
enable = true;
sddm = {
enableHidpi = true;
enable = true;
theme = "chili";
wayland.enable = true;
};
sessionPackages = with pkgs; [sway];
};
};
}

View file

@ -1,25 +0,0 @@
{pkgs, ...}: {
boot = {
plymouth = {
enable = true;
theme = "rings";
themePackages = with pkgs; [
(adi1090x-plymouth-themes.override {
selected_themes = [ "rings" ];
})
];
};
consoleLogLevel = 3;
initrd.verbose = false;
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
loader.timeout = 0;
};
}

View file

@ -1,59 +0,0 @@
{config, pkgs, ...}:
let
base = import ../options.nix {};
in {
imports = [
../variables.nix
];
system.stateVersion = "${base.stateVersion}";
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_GB.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "uk";
# useXkbConfig = true; # use xkb.options in tty.
};
services.qemuGuest.enable = config.vmGuest;
services.spice-vdagentd.enable = config.vmGuest;
security.rtkit.enable = true; # Enable real-time scheduling for audio applications.
services = {
pipewire = {
enable = true;
pulse.enable = true;
alsa.enable = true;
alsa.support32Bit = true; # Enable 32-bit support if needed.
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = true; # Enable password authentication.
PermitRootLogin = "yes"; # Allow root login (not recommended for production).
};
};
libinput.enable = true;
};
environment.systemPackages = with pkgs; [
vim wget curl git emacs
];
}

View file

@ -1,6 +0,0 @@
{...}:
let
stateVersion = "25.05";
in {
inherit stateVersion;
}

View file

@ -1,31 +0,0 @@
inputs @ { pkgs, lib, ...}: let
# NixOS version
# Function to create the home-manager configuration for the account
aliceUserFn = {pkgs, ...}: {
imports = [
../apps
];
home = {
packages = with pkgs; [
htop
]; # Default packages for the owner account.
};
};
in {
imports = [(lib.modules.importApply ./user.nix {
user = {
userName = "alice";
defaultPassword = "password";
shell = pkgs.zsh;
packages = with pkgs; [
tree
vim
wget
curl
git
];
userModule = aliceUserFn;
};
})];
}

View file

@ -1,46 +0,0 @@
# `user` has the following attributes:
# - `userName`: The username for the user account.
# - `defaultPassword`: The default password for the user account.
# - `shell`: The shell for the user account.
# - `packages`: List of packages to install for the user account.
# - `userModule`: A module that provides additional configuration for the user account.
{user}: inputs @ {lib, home-manager, pkgs, ...}:
let
username = user.userName or "alice";
base = import ../options.nix {};
in
let
homeDirectory = "/home/${username}";
in {
users.users.${username} = {
shell = user.shell or pkgs.zsh; # Default shell for the user
home = homeDirectory;
createHome = true;
group = "users"; # Default group
isNormalUser = true;
extraGroups = [ "wheel" ]; # Add to wheel group for sudo access
} // lib.optionalAttrs (lib.hasAttr "defaultPassword" user) {
initialPassword = user.defaultPassword;
};
home-manager.users.${username} = {...}: {
imports = [ ../variables.nix user.userModule ];
# programs.home-manager.enable = true;
home = {
inherit username;
inherit homeDirectory;
inherit (user) packages;
stateVersion = "${base.stateVersion}";
sessionVariables = {
EDITOR = user.editor or "vim";
};
};
};
}

View file

@ -1,21 +0,0 @@
{lib, ...}: {
options = {
has_battery = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether the system has a battery.";
};
vmGuest = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable VM guest services.";
};
darkMode = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable dark mode for the system.";
};
};
}

View file

@ -3,5 +3,6 @@
# ./hardware-configuration.nix
./user
./system
./programs
];
}

View file

@ -17,5 +17,6 @@ in
darkbrown = "#85603f";
darkerbrown = "#5e454b";
cream = "#fefcf3";
aqua = "#689d6a";
};
}

View file

@ -7,6 +7,7 @@
q = "exit";
ssh = "TERM=xterm-256color ssh";
emacs = "emacs -nw"; # Use emacs in terminal mode.
ns = "nix-shell --run \"$(readlink /proc/$$/exe)\"";
# dotfiles
dotfiles = "git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME";

View file

@ -21,6 +21,8 @@
modules = [
./configuration.nix
./options.nix
./pkgs
host
home-manager.nixosModules.home-manager
disko.nixosModules.disko
@ -41,6 +43,7 @@
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true; # Allow unfree packages globally
overlays = [
inputs.nur.overlays.default
];

View file

@ -9,6 +9,7 @@ in {
./waybar.nix
./zsh.nix
./rofi.nix
./libinput.nix
];
fonts.fontconfig.enable = true;
@ -32,6 +33,9 @@ in {
tree
htop
pavucontrol
ripgrep
# nur.repos.LuisChDev.nordvpn
];
};
}

View file

@ -11,9 +11,9 @@
];
xdg.configFile."libinput-gestures.conf".text = ''
gesture swipe left 4 swaymsg workspace next
gesture swipe right 4 swaymsg workspace next
gesture swipe left 4 ${pkgs.sway}/bin/swaymsg workspace prev
gesture swipe right 4 ${pkgs.sway}/bin/swaymsg workspace next
gesture swipe down 4 swaylock-wrapper
gesture pinch in 4 rofi -combi-modi window,drun,run,ssh,combi -show combi -show-icons
gesture pinch in 4 ${pkgs.rofi}/bin/rofi -combi-modi window,drun,run,ssh,combi -show combi -show-icons
'';
}

View file

@ -1,4 +1,4 @@
{pkgs, lib, config, ...}:
{pkgs, lib, config, super-config, inputs, ...}:
let
mod = "Mod4";
left = "h";
@ -11,6 +11,7 @@ let
in {
home.packages = with pkgs; [
brightnessctl
gammastep
wmctrl
wireplumber
alacritty
@ -29,6 +30,21 @@ in {
config = {
modifier = "${mod}";
output = {
"*".scale = "${lib.strings.floatToString super-config.desktop_scale}";
};
startup = [
{
always = true;
command = "${pkgs.gammastep}/bin/gammastep -l 54:10 -t 6500k:4500k";
}
{
always = true;
command = "systemctl --user restart libinput-gestures.service";
}
];
gaps = {
inner = 8;
};
@ -100,6 +116,7 @@ in {
"${mod}+Ctrl+${left}" = "move workspace to output left";
"${mod}+Ctrl+${right}" = "move workspace to output right";
"${mod}+tab" = "workspace back_and_forth";
"${mod}+b" = "splith";
"${mod}+v" = "splitv";

View file

@ -1,4 +1,4 @@
{pkgs, lib, config, ...}:
{pkgs, lib, super-config, config, ...}:
let
theme = import ../data/theme.nix {inherit config; };
utils = import ../utils.nix {inherit lib; };
@ -42,23 +42,24 @@ SSID: {essid} {frequency}'';
};
background = theme.normal.green;
}
{
name = "custom/vpn";
config = {
format = "{}";
excape = true;
interval = 30;
exec = "nordvpn-rofi.sh --status-json";
return-type = "json";
on-click = "rofi -show vpn -modes 'vpn:nordvpn-rofi.sh'";
};
style = {
connected.color = theme.normal.black;
disconnected.color = theme.normal.yellow;
};
background = theme.extra.teal;}
# {
# name = "custom/vpn";
# config = {
# format = "{}";
# excape = true;
# interval = 30;
# exec = "${pkgs.nordvpn-rofi}/bin/nordvpn-rofi --status-json";
# return-type = "json";
# on-click = "rofi -show vpn -modes 'vpn:nordvpn-rofi'";
# };
# style = {
# connected.color = theme.normal.black;
# disconnected.color = theme.normal.yellow;
# };
# background = theme.extra.teal;
# }
]
++ (if (config.has_battery) then [{
++ (if (super-config.has_battery) then [{
name = "battery";
config = {
states = {

View file

@ -20,7 +20,7 @@ in {
path = "$HOME/.zsh_history";
};
initExtra = ''
initContent = ''
prompt pure
zstyle :prompt:pure:path color cyan
zstyle :prompt:pure:prompt:error color red

25
hosts/laptop/default.nix Normal file
View file

@ -0,0 +1,25 @@
{lib, config, modulesPath, ...}: {
imports = [
./disks.nix
../../options.nix
(modulesPath + "/installer/scan/not-detected.nix")
];
has_battery = true;
desktop_scale = 1.3;
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -1,26 +0,0 @@
{...}: {
background = "#282828";
foreground = "#ebdbb2";
normal = {
black = "#282828";
red = "#cc241d";
green = "#98971a";
yellow = "#d79921";
blue = "#458588";
magenta = "#b16286";
cyan = "#689d6a";
white = "#a89984";
};
bright = {
black = "#928374";
red = "#fb4934";
green = "#b8bb26";
yellow = "#fabd2f";
blue = "#83a598";
magenta = "#d3869b";
cyan = "#8ec07c";
white = "#ebdbb2";
};
}

View file

@ -1,26 +0,0 @@
{...}: {
background = "#fbf1c7";
foreground = "#3c3836";
normal = {
black = "#fbf1c7";
red = "#cc241d";
green = "#98971a";
yellow = "#d79921";
blue = "#458588";
magenta = "#b16286";
cyan = "#689d6a";
white = "#7c6f64";
};
bright = {
black = "#928374";
red = "#9d0006";
green = "#79740e";
yellow = "#b57614";
blue = "#076678";
magenta = "#8f3f71";
cyan = "#427b58";
white = "#3c3836";
};
}

View file

@ -1,13 +0,0 @@
{...}: {
ll = "ls -l";
la = "ls -la";
git-tree = "git log --graph --oneline --all";
c = "clear";
cl = "clear; ls --color=auto";
q = "exit";
ssh = "TERM=xterm-256color ssh";
emacs = "emacs -nw"; # Use emacs in terminal mode.
# dotfiles
dotfiles = "git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME";
}

View file

@ -1,239 +0,0 @@
{pkgs, config, ...}: let
theme = import ../data/theme.nix { inherit config; };
in {
xdg.dataFile."rofi/themes/launcher.rasi".text = ''
/**
*
* Author : Aditya Shakya (adi1090x)
* Github : @adi1090x
*
* Rofi Theme File
* Rofi Version: 1.7.3
**/
/*****----- Configuration -----*****/
configuration {
modi: "drun,run,filebrowser,window";
show-icons: false;
display-drun: "";
display-run: "";
display-filebrowser: "";
display-window: "";
drun-display-format: "{name}";
window-format: "{w} · {c} · {t}";
}
/*****----- Global Properties -----*****/
* {
font: "JetBrains Mono Nerd Font 10";
background: #101010;
background-alt: #252525;
foreground: #FFFFFF;
selected: #505050;
active: #909090;
urgent: #707070;
}
/*****----- Main Window -----*****/
window {
/* properties for window widget */
transparency: "real";
location: center;
anchor: center;
fullscreen: false;
width: 400px;
x-offset: 0px;
y-offset: 0px;
/* properties for all widgets */
enabled: true;
border-radius: 20px;
cursor: "default";
background-color: @background;
}
/*****----- Main Box -----*****/
mainbox {
enabled: true;
spacing: 0px;
background-color: transparent;
orientation: vertical;
children: [ "inputbar", "listbox" ];
}
listbox {
spacing: 20px;
padding: 20px;
background-color: transparent;
orientation: vertical;
children: [ "message", "listview", "mode-switcher" ];
}
/*****----- Inputbar -----*****/
inputbar {
enabled: true;
spacing: 10px;
padding: 100px 40px;
background-color: transparent;
background-image: url("~/.config/rofi/images/g.png", width);
text-color: @foreground;
orientation: horizontal;
children: [ "textbox-prompt-colon", "entry" ];
}
textbox-prompt-colon {
enabled: true;
expand: false;
str: "";
padding: 12px 15px;
border-radius: 100%;
background-color: @background-alt;
text-color: inherit;
}
entry {
enabled: true;
expand: true;
padding: 12px 16px;
border-radius: 100%;
background-color: @background-alt;
text-color: inherit;
cursor: text;
placeholder: "Search";
placeholder-color: inherit;
}
/*****----- Mode Switcher -----*****/
mode-switcher{
enabled: true;
spacing: 10px;
background-color: transparent;
text-color: @foreground;
}
button {
padding: 12px;
border-radius: 100%;
background-color: @background-alt;
text-color: inherit;
cursor: pointer;
}
button selected {
background-color: @selected;
text-color: @foreground;
}
/*****----- Listview -----*****/
listview {
enabled: true;
columns: 1;
lines: 5;
cycle: true;
dynamic: true;
scrollbar: false;
layout: vertical;
reverse: false;
fixed-height: true;
fixed-columns: true;
spacing: 10px;
background-color: transparent;
text-color: @foreground;
cursor: "default";
}
/*****----- Elements -----*****/
element {
enabled: true;
spacing: 10px;
padding: 12px;
border-radius: 100%;
background-color: transparent;
text-color: @foreground;
cursor: pointer;
}
element normal.normal {
background-color: inherit;
text-color: inherit;
}
element normal.urgent {
background-color: @urgent;
text-color: @foreground;
}
element normal.active {
background-color: @active;
text-color: @foreground;
}
element selected.normal {
background-color: @selected;
text-color: @foreground;
}
element selected.urgent {
background-color: @urgent;
text-color: @foreground;
}
element selected.active {
background-color: @urgent;
text-color: @foreground;
}
element-icon {
background-color: transparent;
text-color: inherit;
size: 32px;
cursor: inherit;
}
element-text {
background-color: transparent;
text-color: inherit;
cursor: inherit;
vertical-align: 0.5;
horizontal-align: 0.0;
}
/*****----- Message -----*****/
message {
background-color: transparent;
}
textbox {
padding: 12px;
border-radius: 100%;
background-color: @background-alt;
text-color: @foreground;
vertical-align: 0.5;
horizontal-align: 0.0;
}
error-message {
padding: 15px;
border-radius: 0px;
background-color: @background;
text-color: @foreground;
}
'';
xdg.configFile."rofi/launcher.rasi".text = ''
configuration {
modi: "drun,run,ssh,filebrowser,window";
terminal: "${pkgs.alacritty}/bin/alacritty";
show-icons: true;
display-drun: "";
display-run: "";
display-ssh: "";
drun-display-format: "{name}";
run-display-format: "{name}";
ssh-display-format: "{name}";
combi-display-format: "{mode} {name}";
combi-modi: "window,drun,run,filebrowser";
kb-mode-previous: "Control+h";
kb-mode-next: "Control+l";
kb-mode-complete: "";
kb-remove-char-back: "BackSpace,Shift+BackSpace";
}
'';
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
terminal = "{pkgs.alacritty}/bin/alacritty";
theme = "launcher.rasi";
};
}

View file

@ -1,39 +0,0 @@
{pkgs, ...}:
let
aliases = import ../data/zsh-aliases.nix {};
in {
home.packages = with pkgs; [ pure-prompt ];
programs.zsh = {
enable = true;
enableCompletion = true;
shellAliases = aliases;
history = {
size = 10000000;
save = 10000000;
findNoDups = true;
saveNoDups = true;
ignoreDups = true;
share = true;
extended = true;
append = true;
path = "$HOME/.zsh_history";
};
initExtra = ''
prompt pure
zstyle :prompt:pure:path color cyan
zstyle :prompt:pure:prompt:error color red
zstyle :prompt:pure:prompt:success color green
bindkey -v
autoload -Uz edit-command-line
zle -N edit-command-line
bindkey '^X^E' edit-command-line
'';
};
programs.fzf = {
enable = true;
enableZshIntegration = true;
};
}

View file

@ -1,6 +0,0 @@
{modulesPath, ...}: {
imports = [
./disks.nix
(modulesPath + "/installer/scan/not-detected.nix")
];
}

View file

@ -1,20 +0,0 @@
{lib, ...}: rec {
min = a: b: if a < b then a else b;
max = a: b: if a > b then a else b;
# build list of `len` lists of `n` elements of `xs`
windows = with builtins; n: xs: let
len = length xs;
n' = min n len;
# when len = n, there is still one window
num-windows = max 0 (len - n' + 1);
in
genList
# for i in 0..len
(i: genList
# for j in 0..n -> xs[i + j]
(j: elemAt xs (i + j))
n')
num-windows;
isEmptySet = set: with builtins; length (attrNames set) == 0;
}

View file

@ -17,5 +17,11 @@
default = false;
description = "Enable dark mode for the system.";
};
desktop_scale = lib.mkOption {
type = lib.types.float;
default = 1.0;
description = "HiDpi scale factor for the window manager";
};
};
}

5
pkgs/default.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
nixpkgs.overlays = [
(import ./overlay.nix)
];
}

181
pkgs/nordvpn-rofi.nix Normal file
View file

@ -0,0 +1,181 @@
{lib, makeWrapper, stdenv, writeShellScriptBin, jq, rofi, nordvpn, ...}: let
nordvpn-rofi = writeShellScriptBin "nordvpn-rofi" ''
#! /bin/env bash
is_vpn_active() {
nordvpn status | grep -e "Status: Disconnected"
}
prettify() {
echo "$1"|sed 's/_/ /g'
}
main="$@"
is_active=$(is_vpn_active)
list_countries() {
nordvpn countries | tr -d '\r,-' | tr -s "[:blank:]" "\n" | sed '/^\s*$/d' | sort
}
list_cities() {
nordvpn cities "$1" | tr -d '\r,-' | tr -s "[:blank:]" "\n" | sed '/^\s*$/d' | sort
}
list_countries_with_cities() {
IFS=$'\n'
local countries
countries=( $(list_countries) )
local with_cities
for c in "''${countries[@]}"
do
with_cities+=($c)
with_cities+=($(list_cities $c))
done
echo $with_cities
}
print_country() {
echo -en "$(prettify $1)\0info\x1f$1\n"
}
# $1 -> city, $2 -> country
print_city() {
echo -en "$(prettify $1)\0meta\x1f$2\x1finfo\x1f$1\n"
}
print_countries() {
local countries
IFS=$'\n'
countries=( $(list_countries) )
for cunt in "''${countries[@]}"
do
print_country $cunt
done
}
print_all() {
local countries
IFS=$'\n'
countries=( $(list_countries) )
for c in "''${countries[@]}"
do
print_country $c
local cities=( $(list_cities $c) )
for b in "''${cities[@]}"
do
print_city $b $c
done
done
}
init() {
echo -en "\0prompt\x1fNordVPN\n"
echo -en "Show Cities\0info\x1fCITIES\n"
echo -en "Disconnect\0info\x1fDISCONNECT\n"
print_countries
}
selected() {
local countries
IFS=$'\n'
countries=( $(list_countries) )
case $ROFI_INFO in
"CITIES")
echo -en "\0prompt\x1fNordVPN\n"
print_all
;;
"DISCONNECT")
coproc( nordvpn disconnect > /dev/null 2>&1 || notify-send "NordVPN" "Failed to disconnect vpn." )
;;
*)
echo -en "\0prompt\x1fConnecting to $@..\n"
coproc ( if nordvpn connect $ROFI_INFO > /dev/null 2>&1; then notify-send "NordVPN" "Connected to <b>$ROFI_INFO</b>"; else notify-send "NordVPN" "<span foreground='red'>Failed to connect to <b>$ROFI_INFO</b></span>"; fi; pkill -SIGRTMIN+8 waybar )
exit 0
;;
esac
}
input=$@
case $input in
"--connected")
$( nordvpn status | sed -rne "s/Status: ([a-z,A-Z]*)/\1/p" | grep -qe "Connected" )
exit $?
;;
"--status")
if $( nordvpn status | sed -rne "s/Status: ([a-z,A-Z]*)/\1/p" | grep -qe "Connected" );
then
echo "$( nordvpn status | sed -nr -e 's/Country: ([a-z,A-Z]*)/\1/p' -e 's/City: ([a-z,A-Z]*)/\1/p' | paste - - -d / )"
else
echo "Disconnected"
fi
exit 0
;;
"--status-json")
vpn_status=$(nordvpn status | sed -Ee 's/.*(Status:.*)/\1/' | sed -n '/Status.*/,$p')
tooltip=$(echo "$vpn_status" | sed -Ee \
's/Transfer: (.*) received, (.*) sent/Transer: \1 \2 /' | \
sed -Ee 's/(.*): (.*)/<b>\1:<\/b> \2/')
(echo "$vpn_status" | sed -rne "s/Status: ([a-z,A-Z]*)/\1/p" | grep -qe "Connected")
if [[ $? == 0 ]];
then
text="$( echo "$vpn_status" | \
sed -nr -e 's/Country: ([a-z,A-Z]*)/\1/p' -e 's/City: ([a-z,A-Z]*)/\1/p' | \
paste - - -d / )"
class="connected"
jq -c -j -n --arg text "$text" --arg tooltip "$tooltip" \
--arg class "$class" '{$text, $tooltip, $class}'
else
text="Disconnected"
class="disconnected"
jq -c -j -n --arg text "$text" --arg tooltip "$tooltip" \
--arg class "$class" '{$text, $tooltip, $class}'
fi
exit 0
;;
esac
case $ROFI_RETV in
0) init ;;
1) selected $input ;;
esac
'';
in stdenv.mkDerivation {
pname = "nordvpn-rofi";
version = "1.0";
buildInputs = [ jq rofi nordvpn ];
nativeBuildInputs = [ makeWrapper ];
src = "${nordvpn-rofi}";
installPhase = ''
mkdir -p $out/bin
cp ${nordvpn-rofi}/bin/nordvpn-rofi $out/bin/nordvpn-rofi
chmod +x $out/bin/nordvpn-rofi
wrapProgram $out/bin/nordvpn-rofi \
--prefix PATH : ${jq}/bin \
--prefix PATH : ${rofi}/bin \
--prefix PATH : ${nordvpn}/bin
'';
meta = {
description = "A utility script for NordVPN and Rofi";
license = lib.licenses.mit;
platforms = lib.platforms.linux;
};
}

138
pkgs/nordvpn.nix Normal file
View file

@ -0,0 +1,138 @@
{
autoPatchelfHook,
buildFHSEnvChroot ? false,
buildFHSUserEnv ? false,
dpkg,
fetchurl,
lib,
stdenv,
sysctl,
iptables,
iproute2,
procps,
cacert,
libxml2,
libidn2,
libnl,
libcap,
libcap_ng,
zlib,
makeWrapper,
wireguard-tools,
}:
let
buildEnv = if builtins.typeOf buildFHSEnvChroot == "set" then buildFHSEnvChroot else buildFHSUserEnv;
pname = "nordvpn";
version = "4.0.0";
janis-bhm = {
name = "Janis B.";
email = "janis@nirgendwo.xyz";
github = "janis-bhm";
};
libxml2_13 = libxml2.overrideAttrs rec {
version = "2.13.8";
src = fetchurl {
url = "mirror://gnome/sources/libxml2/${lib.versions.majorMinor version}/libxml2-${version}.tar.xz";
hash = "sha256-J3KUyzMRmrcbK8gfL0Rem8lDW4k60VuyzSsOhZoO6Eo=";
};
};
nordvpnd = buildEnv {
name = "nordvpnd";
runScript = "nordvpnd";
extraBuildCommands = ''
mkdir -p $out/usr/lib
ln -s ${nordvpn}/lib/nordvpn $out/usr/lib/nordvpn
'';
targetPkgs = pkgs: with pkgs; [
nordvpn
iproute2
iptables
procps
sysctl
makeWrapper
wireguard-tools
zlib
cacert
];
};
nordvpn = stdenv.mkDerivation {
inherit pname version;
src = fetchurl {
url = "https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/n/nordvpn/nordvpn_${version}_amd64.deb";
hash = "sha256-elKREKiFrx2TgJPJl1ARtEebsv4PNG9fMq2mrV9xngs=";
};
buildInputs = [
libxml2_13
libidn2
libnl
libcap
libcap_ng
];
nativeBuildInputs = [
dpkg
autoPatchelfHook
stdenv.cc.cc.lib
libxml2
];
dontConfigure = true;
dontBuild = true;
unpackPhase = ''
runHook preUnpack
dpkg --extract $src .
runHook postUnpack
'';
installPhase = ''
runHook preInstall
mkdir -p $out
mv usr/sbin/nordvpnd usr/bin/nordvpnd
mv usr/* $out/
mv var/ $out/
runHook postInstall
'';
# wrap nordvpnd with iproute2, procps, sysctl, iptables path prefixes
# postInstall = ''
# wrapProgram $out/bin/nordvpnd \
# --prefix PATH : "${lib.makeBinPath [ iproute2 ]}" \
# --prefix PATH : "${lib.makeBinPath [ procps ]}" \
# --prefix PATH : "${lib.makeBinPath [ sysctl ]}" \
# --prefix PATH : "${lib.makeBinPath [ iptables ]}" '';
};
in stdenv.mkDerivation {
inherit pname version;
dontConfigure = true;
dontBuild = true;
dontUnpack = true;
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/share
ln -s ${nordvpn}/bin/nordvpn $out/bin
ln -s ${nordvpnd}/bin/nordvpnd $out/bin
ln -s ${nordvpn}/share* $out/share
ln -s ${nordvpn}/var $out
runHook postInstall
'';
meta = with lib; {
description = "CLI client for NordVPN";
homepage = "https://www.nordvpn.com";
license = licenses.unfree;
maintainers = with maintainers; [ janis-bhm ];
platforms = [ "x86_64-linux" ];
};
}

138
pkgs/nordvpn2.nix Normal file
View file

@ -0,0 +1,138 @@
{ pkgs, lib, gcc, autoPatchelfHook, ... }:
let
patchedPkgs = pkgs.appendOverlays [
(final: prev: {
# Nordvpn uses a patched openvpn in order to perform xor obfuscation
# See https://github.com/NordSecurity/nordvpn-linux/blob/e614303aaaf1a64fde5bb1b4de1a7863b22428c4/ci/openvpn/check_dependencies.sh
openvpn = prev.openvpn.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ [
(prev.fetchpatch {
url =
"https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/02-tunnelblick-openvpn_xorpatch-a.diff";
hash = "sha256-b9NiWETc0g2a7FNwrLaNrWx7gfCql7VTbewFu3QluFk=";
})
(prev.fetchpatch {
url =
"https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/03-tunnelblick-openvpn_xorpatch-b.diff";
hash = "sha256-X/SshB/8ItLFBx6TPhjBwyA97ra0iM2KgsGqGIy2s9I=";
})
(prev.fetchpatch {
url =
"https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/04-tunnelblick-openvpn_xorpatch-c.diff";
hash = "sha256-fw0CxJGIFEydIVRVouTlD1n275eQcbejUdhrU1JAx7g=";
})
(prev.fetchpatch {
url =
"https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/05-tunnelblick-openvpn_xorpatch-d.diff";
hash = "sha256-NLRtoRVz+4hQcElyz4elCAv9l1vp4Yb3/VJef+L/FZo=";
})
(prev.fetchpatch {
url =
"https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/06-tunnelblick-openvpn_xorpatch-e.diff";
hash = "sha256-mybdjCIT9b6ukbGWYvbr74fKtcncCtTvS5xSVf92T6Y=";
})
];
});
})
];
nordvpn = pkgs.buildGoModule rec {
pname = "nordvpn";
version = "3.19.0";
#src = ./.;
src = pkgs.fetchFromGitHub {
owner = "NordSecurity";
repo = "nordvpn-linux";
rev = "e614303aaaf1a64fde5bb1b4de1a7863b22428c4";
sha256 = "sha256-uIzG9QIVwax0Cop2VuDzy033efEBudFnGNj7osT/x2g";
};
nativeBuildInputs = with pkgs; [ pkg-config gcc ];
buildInputs = with pkgs; [ libxml2 gcc ];
vendorHash = "sha256-h5G5J/Sw0277pDzVXT6b3BX0KUbtyN8ujITfYp5PmgE";
ldflags = [
"-X main.Version=${version}"
"-X main.Environment=dev"
"-X main.Salt=development"
"-X main.Hash=${src.rev}"
];
buildPhase = ''
runHook preBuild
echo "Building nordvpn CLI..."
export LDFLAGS="${builtins.concatStringsSep " " ldflags}"
go build -ldflags "$LDFLAGS" -o bin/nordvpn ./cmd/cli
echo "Building nordvpn user..."
go build -ldflags "$LDFLAGS" -o bin/norduserd ./cmd/norduser
# Fix missing include in a library preventing compilation
chmod +w vendor/github.com/jbowtie/gokogiri/xpath/
sed -i '6i#include <stdlib.h>' vendor/github.com/jbowtie/gokogiri/xpath/expression.go
echo "Building nordvpn daemon..."
go build -ldflags "$LDFLAGS" -o bin/nordvpnd ./cmd/daemon
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/lib/nordvpn/
mv bin/norduserd $out/lib/nordvpn/
ln -s ${patchedPkgs.openvpn}/bin/openvpn $out/lib/nordvpn/openvpn
ln -s ${pkgs.wireguard-tools}/bin/wg $out/lib/nordvpn/wg
# Nordvpn needs icons for the system tray
mkdir -p $out/share/icons/hicolor/scalable/apps
nordvpn_asset_prefix="nordvpn-" # hardcoded image prefix
cp assets/icon.svg $out/share/icons/hicolor/scalable/apps/nordvpn.svg # Does not follow convention
for file in assets/*.svg; do
cp "$file" "$out/share/icons/hicolor/scalable/apps/''${nordvpn_asset_prefix}$(basename "$file")"
done
mkdir -p $out/bin
cp bin/* $out/bin
runHook postInstall
'';
meta = with pkgs.lib; {
description = "NordVPN CLI and daemon application for Linux";
homepage = "https://github.com/nordsecurity/nordvpn-linux";
mainProgram = "nordvpn";
license = licenses.gpl3;
platforms = platforms.linux;
};
};
in pkgs.buildFHSEnv {
name = "nordvpnd";
targetPkgs = with pkgs;
pkgs: [
nordvpn
sysctl
iptables
iproute2
procps
cacert
libxml2
libidn2
zlib
wireguard-tools
patchedPkgs.openvpn
e2fsprogs # for chattr
];
extraInstallCommands = ''
mkdir -p $out/bin/
printf "#!${pkgs.bash}/bin/bash\n${nordvpn}/bin/nordvpn \"\$@\"" > $out/bin/nordvpn
chmod +x $out/bin/nordvpn
'';
runScript = ''
${nordvpn}/bin/nordvpnd
'';
}

4
pkgs/overlay.nix Normal file
View file

@ -0,0 +1,4 @@
final: prev: {
nordvpn = prev.callPackage ./nordvpn.nix {};
nordvpn-rofi = prev.callPackage ./nordvpn-rofi.nix {};
}

5
programs/default.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
imports = [
./nordvpn.nix
];
}

52
programs/nordvpn.nix Normal file
View file

@ -0,0 +1,52 @@
{pkgs, ...}: let
# nordvpn = pkgs.callPackage ../pkgs/nordvpn.nix {};
# nordvpn-rofi = pkgs.callPackage ../pkgs/nordvpn-rofi.nix {};
in {
environment.systemPackages = with pkgs; [
nordvpn
nordvpn-rofi
];
users.groups.nordvpn = {};
# service definition
systemd.services.nordvpnd = {
enable = true;
description = "NordVPN Daemon";
wants = [ "nordvpnd.socket" ];
after = [ "network-pre.target" ];
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${pkgs.nordvpn}/bin/nordvpnd";
NonBlocking = "true";
KillMode = "process";
Restart = "on-failure";
RestartSec = "5";
RuntimeDirectory = "nordvpn";
RuntimeDirectoryMode= "0750";
Group = "nordvpn";
# User = "root"; # uncomment if needed
};
};
# socket definition
systemd.sockets.nordvpnd = {
enable = true;
description = "NordVPN Daemon Socket";
partOf = [ "nordvpnd.service" ];
listenStreams = [ "/run/nordvpn/nordvpnd.sock" ];
socketConfig = {
NoDelay = "true";
SocketGroup = "nordvpn";
SocketMode = "0770";
DirectoryMode = "0750";
};
wantedBy = [ "sockets.target" ];
};
# system.activationScripts."nordvpn-settings".text = ''
# ${pkgs.nordvpn}/bin/nordvpn set dns 9.9.9.9 149.112.112.112 1.1.1.1
# ${pkgs.nordvpn}/bin/nordvpn allowlist add subnet 192.168.0.0/16
# '';
}

32
programs/nordvpn2.nix Normal file
View file

@ -0,0 +1,32 @@
{config, lib, pkgs, ...}: {
systemd = {
services.nordvpn = {
description = "NordVPN daemon.";
serviceConfig = {
ExecStart = "${pkgs.nordvpn}/bin/nordvpnd";
ExecStartPre = ''
${pkgs.bash}/bin/bash -c '\
mkdir -m 700 -p /var/lib/nordvpn; \
if [ -z "$(ls -A /var/lib/nordvpn)" ]; then \
cp -r ${pkgs.nordvpn}/var/lib/nordvpn/* /var/lib/nordvpn; \
fi'
'';
NonBlocking = true;
KillMode = "process";
Restart = "on-failure";
RestartSec = 5;
RuntimeDirectory = "nordvpn";
RuntimeDirectoryMode = "0750";
Group = "nordvpn";
};
wantedBy = [ "multi-user.target" ];
#after = [ "network-online.target" ];
#wants = [ "network-online.target" ];
};
services.NetworkManager-wait-online.enable = lib.mkForce false;
};
environment.systemPackages = with pkgs; [
nordvpn
];
}

View file

@ -79,7 +79,9 @@
};
networking = {
nameservers = ["1.1.1.1" "9.9.9.9"];
nameservers = [ "9.9.9.9#dns.quad9.net" "1.1.1.1#one.one.one.one" ];
# networkmanager.wifi.backend = "iwd";
# networkmanager.enable = true;
wireless.iwd = {
enable = true;
@ -89,6 +91,7 @@
};
};
};
firewall.enable = false;
};
time.timeZone = "Europe/Amsterdam";
@ -106,6 +109,15 @@
connman = {
enable = true;
wifi.backend = "iwd"; # Use iwd for Wi-Fi management.
extraFlags = [ "--nodnsproxy" ];
};
resolved = {
enable = true;
dnssec = "true";
domains = ["~."];
fallbackDns = [ "9.9.9.9#dns.quad9.net" "149.112.112.112#dns.quad9.net" "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
dnsovertls = "true";
};
thermald.enable = true;

View file

@ -1,16 +1,20 @@
{pkgs, ...}:
{config, pkgs, ...}:
let
user = import ../data/user.nix {};
in {
imports = [
../options.nix
];
users.users.${user.username} = {
shell = pkgs.zsh;
group = "users";
home = "/home/${user.username}";
createHome = true;
isNormalUser = true;
extraGroups = [ "wheel" "input" ];
extraGroups = [ "wheel" "input" "nordvpn" "networkmanager" ];
};
programs.zsh.enable = true;
services = {
@ -23,9 +27,13 @@ in {
};
};
};
};
home-manager.users.${user.username} = { ... }: {
imports = [ ../home ];
};
home-manager.extraSpecialArgs = {
super-config = config;
};
}