janis/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: janis:new-config
Branches Tags
janis:main
janis:new-config
..
compare: janis:main
Branches Tags
janis:new-config
janis:main

No commits in common. "new-config" and "main" have entirely different histories.
new-config ... main

69 changed files with 494 additions and 2406 deletions
Show stats Expand all files Collapse all files

8
home/alacritty.nix → config/apps/alacritty.nix
View file

@ -1,6 +1,6 @@
{super-config, ...}:
{...}:
let
theme = import ../data/theme.nix {config = super-config; };
gruvbox-dark = import ../data/gruvbox-dark.nix {};
in {
programs.alacritty = {
@ -15,10 +15,10 @@ in {
# gruvbox dark theme
colors = {
primary = {
inherit (theme) background foreground;
inherit (gruvbox-dark) background foreground;
};
inherit (theme) normal bright;
inherit (gruvbox-dark) normal bright;
};
keyboard = {

11
config/apps/default.nix Normal file
View file

@ -0,0 +1,11 @@
{...}: {
imports = [
./firefox.nix
./sway.nix
./waybar.nix
./alacritty.nix
./zsh.nix
./libinput.nix
./rofi.nix
];
}

19
home/firefox.nix → config/apps/firefox.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: let
{inputs, pkgs, ...}: let
user = import ../data/user.nix {};
in{
programs.firefox = {
@ -38,18 +38,9 @@ in{
"browser.startup.page" = 3; # resume previous session
"browser.startup.homepage" = "about:home";
"browser.toolbars.bookmarks.visibility" = "never";
"sidebar.verticalTabs" = true;
"browser.uiCustomization.horizontalTabstrip" = [
"firefox-view-button"
"tabbrowser-tabs"
"new-tab-button"
];
"browser.uiCustomization.state" = ''
{"placements":{"widget-overflow-fixed-list":[],"unified-extensions-area":["_04188724-64d3-497b-a4fd-7caffe6eab29_-browser-action"],"nav-bar":["sidebar-button","firefox-view-button","alltabs-button","back-button","forward-button","stop-reload-button","urlbar-container","vertical-spacer","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","unified-extensions-button"],"toolbar-menubar":["menubar-items"],"TabsToolbar":[],"vertical-tabs":["tabbrowser-tabs"],"PersonalToolbar":["import-button","personal-bookmarks"]},"seen":["developer-button","screenshot-button","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","ublock0_raymondhill_net-browser-action","_04188724-64d3-497b-a4fd-7caffe6eab29_-browser-action"],"dirtyAreaCache":["nav-bar","TabsToolbar","vertical-tabs","PersonalToolbar","unified-extensions-area","toolbar-menubar"],"currentVersion":23,"newElementCount":0}'';
# hardening
"browser.newtabpage.enabled" = true;
"browser.newtabpage.enabled" = false;
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.newtabpage.activity-stream.telemetry" = false;
"browser.newtabpage.activity-stream.feeds.snippets" = false;
@ -127,9 +118,9 @@ in{
"app.normandy.api_url" = "";
};
# extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
# ublock-origin bitwarden rust-search-extension betterttv
# ];
extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin bitwarden rust-search-extension betterttv
];
};
};
};

13
config/apps/libinput.nix Normal file
View file

@ -0,0 +1,13 @@
{pkgs, config, ...}: {
home.packages = with pkgs; [
libinput
libinput-gestures
];
xdg.configFile."libinput-gestures.conf".text = ''
gesture swipe left 4 swaymsg workspace next
gesture swipe right 4 swaymsg workspace next
gesture swipe down 4 swaylock-wrapper
gesture pinch in 4 rofi -combi-modi window,drun,run,ssh,combi -show combi -show-icons
'';
}

12
home/rofi.nix → config/apps/rofi.nix
View file

@ -1,12 +1,6 @@
{pkgs, config, super-config, ...}: let
{pkgs, config, ...}: let
theme = import ../data/theme.nix { inherit config; };
in {
xdg.dataFile."rofi/themes/spotlight.rasi" = {
source = if super-config.darkMode then
"${pkgs.dotfiles}/.local/share/rofi/themes/spotlight-dark.rasi"
else
"${pkgs.dotfiles}/.local/share/rofi/themes/spotlight.rasi";
};
xdg.dataFile."rofi/themes/launcher.rasi".text = ''
/**
*
@ -229,10 +223,10 @@ configuration {
combi-modi: "window,drun,run,filebrowser";
kb-remove-char-back: "BackSpace,Shift+BackSpace";
kb-mode-previous: "Control+h";
kb-mode-next: "Control+l";
kb-mode-complete: "";
kb-remove-char-back: "BackSpace,Shift+BackSpace";
}
'';
programs.rofi = {
@ -240,6 +234,6 @@ configuration {
package = pkgs.rofi-wayland;
terminal = "{pkgs.alacritty}/bin/alacritty";
theme = "spotlight.rasi";
theme = "launcher.rasi";
};
}

65
home/sway.nix → config/apps/sway.nix
View file

@ -1,69 +1,25 @@
{pkgs, lib, config, super-config, ...}:
{pkgs, lib, config, ...}:
let
base = import ./../options.nix;
mod = "Mod4";
left = "h";
right = "l";
up = "k";
down = "j";
launcher = "${pkgs.rofi}/bin/rofi -config ${config.xdg.configHome}/rofi/launcher.rasi -theme ${config.xdg.dataHome}/rofi/themes/spotlight.rasi -show drun -show-icons";
launcher = "${pkgs.rofi}/bin/rofi -config ${config.xdg.configHome}/rofi/launcher.rasi -theme ${config.xdg.dataHome}/rofi/themes/launcher.rasi -show drun -show-icons";
in {
home.packages = with pkgs; [
brightnessctl
gammastep
wmctrl
alsa-utils
wireplumber
alacritty
waybar
sway
whitesur-cursors
rofi-wayland
];
wayland = {
windowManager = {
sway = {
enable = true;
systemd = {
enable = true;
dbusImplementation = "broker";
};
systemd.enable = true;
config = {
modifier = "${mod}";
fonts = {
names = ["SF Compact Rounded"];
size = 10.0;
};
seat = {
"*" = {
xcursor_theme = "\"WhiteSur-cursors\" 32";
};
};
output = {
"*".scale = "${lib.strings.floatToString super-config.desktop_scale}";
}// super-config.extraOutputConfig;
startup = [
{
always = true;
command = "${pkgs.gammastep}/bin/gammastep -l 54:10 -t 6500k:4500k";
}
# {
# always = true;
# command = "systemctl --user restart libinput-gestures.service";
# }
# {
# always = true;
# command = "systemctl --user start wpaperd.service";
# }
];
gaps = {
inner = 8;
};
@ -103,8 +59,8 @@ in {
"${mod}+Print" = "exec screenshot --area";
"${mod}+Shift+Print" = "exec screenshot --current-window";
"XF86AudioRaiseVolume" = "exec ${alsa-utils}/bin/amixer set Master 5%+";
"XF86AudioLowerVolume" = "exec ${alsa-utils}/bin/amixer set Master 5%-";
"XF86AudioRaiseVolume" = "exec ${wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
"XF86AudioLowerVolume" = "exec ${wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
"XF86AudioMute" = "exec ${wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
"XF86AudioMicMute" = "exec ${wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle";
@ -112,8 +68,8 @@ in {
"XF86AudioNext" = "mpc next";
"XF86AudioPrev" = "mpc prev";
"XF86MonBrightnessUp" = "exec ${brightnessctl}/bin/brightnessctl set +5%";
"XF86MonBrightnessDown" = "exec ${brightnessctl}/bin/brightnessctl set 5%-";
"XF86MonBrightnessUp" = "exec ${brightnessctl}/bin/brightnessctl set +10%";
"XF86MonBrightnessDown" = "exec ${brightnessctl}/bin/brightnessctl set 10%-";
"${mod}+Shift+Return" = "exec ${alacritty}/bin/alacritty";
"${mod}+q" = "kill";
@ -135,7 +91,6 @@ in {
"${mod}+Ctrl+${left}" = "move workspace to output left";
"${mod}+Ctrl+${right}" = "move workspace to output right";
"${mod}+tab" = "workspace back_and_forth";
"${mod}+b" = "splith";
"${mod}+v" = "splitv";
@ -144,7 +99,7 @@ in {
"${mod}+w" = "layout tabbed";
"${mod}+e" = "layout toggle split";
"${mod}+Shift+space" = "floating toggle";
"${mod}+Shift+space" = "layout toggle floating";
"${mod}+space" = "focus mode_toggle";
"${mod}+Shift+f" = "fullscreen";

110
home/waybar.nix → config/apps/waybar.nix
View file

@ -1,4 +1,4 @@
{pkgs, lib, super-config, config, ...}:
{lib, config, ...}:
let
theme = import ../data/theme.nix {inherit config; };
utils = import ../utils.nix {inherit lib; };
@ -8,7 +8,7 @@ in let
module-descs = [
{
name = "custom/left-most";
background = "transparent";
background = theme.background;
}
{
name = "pulseaudio";
@ -25,7 +25,6 @@ in let
on-click = "pavucontrol";
};
background = theme.normal.yellow;
color = theme.extra.white;
}
{
name = "network";
@ -42,7 +41,6 @@ SSID: {essid} {frequency}'';
format-icons = ["󰤯" "󰤟" "󰤢" "󰤥" "󰤨"];
};
background = theme.normal.green;
color = theme.extra.white;
}
{
name = "custom/vpn";
@ -50,19 +48,17 @@ SSID: {essid} {frequency}'';
format = "{}";
excape = true;
interval = 30;
exec = "${pkgs.nordvpn-rofi}/bin/nordvpn-rofi --status-json";
exec = "nordvpn-rofi.sh --status-json";
return-type = "json";
on-click = "rofi -show vpn -modes 'vpn:nordvpn-rofi'";
on-click = "rofi -show vpn -modes 'vpn:nordvpn-rofi.sh'";
};
style = {
connected.color = theme.normal.black;
disconnected.color = theme.normal.yellow;
};
background = theme.extra.teal;
color = theme.extra.white;
}
background = theme.extra.teal;}
]
++ (if (super-config.has_battery) then [{
++ (if (config.has_battery) then [{
name = "battery";
config = {
states = {
@ -78,7 +74,6 @@ SSID: {essid} {frequency}'';
format-icons = ["" "" "" "" ""];
};
background = theme.extra.aqua;
color = theme.extra.white;
}] else [])
++ [
{
@ -87,7 +82,6 @@ SSID: {essid} {frequency}'';
format = "{}% ";
};
background = theme.extra.brown;
color = theme.extra.white;
}
{
name = "memory";
@ -95,7 +89,6 @@ SSID: {essid} {frequency}'';
format = "{}% ";
};
background = theme.extra.darkbrown;
color = theme.extra.white;
}
{
name = "temperature";
@ -106,7 +99,6 @@ SSID: {essid} {frequency}'';
format-icons = ["" "" ""];
};
background = theme.extra.darkerbrown;
color = theme.extra.white;
}
{
name = "clock";
@ -128,14 +120,8 @@ SSID: {essid} {frequency}'';
};
};
background = theme.normal.black;
color = theme.normal.white;
}
{
name = "tray";
config = { spacing = 10; };
background = theme.normal.white;
color = theme.normal.black;
}
{name = "tray"; config = { spacing = 10; }; background = theme.background;}
];
# default style for modules
@ -169,12 +155,14 @@ SSID: {essid} {frequency}'';
# modules interlaced with spacers
# [ModuleDesc] -> [Module]
mkSpacedModules = descs: with builtins;
lib.lists.flatten
(let list = utils.windows 2 descs; len = length list; in lib.lists.imap0
let
len = length descs;
in lib.lists.flatten
(lib.lists.imap0
(n: descs: let
left = elemAt descs 0;
right = elemAt descs 1;
in if n == (len - 1) then [
in if n == len then [
(mkModule left)
(mkSpacer n left right)
(mkModule right)
@ -182,7 +170,7 @@ SSID: {essid} {frequency}'';
(mkModule left)
(mkSpacer n left right)
])
list
(utils.windows 2 descs)
);
# Module -> {"name" = setting}
@ -228,58 +216,7 @@ SSID: {essid} {frequency}'';
position = "top";
};
};
workspace-style = ''
/* Workspaces stuff */
#workspaces button {
color: ${theme.extra.white};
background: ${theme.extra.black};
padding-left: 5pt;
padding-right: 5pt;
border-radius: 5pt;
margin-left: 2pt;
margin-right: 2pt;
margin-bottom: 2pt;
}
/* Inactive (on unfocused output) */
#workspaces button.visible {
color: ${theme.extra.white};
background: ${theme.bright.magenta};
}
/* Active (on focused output) */
#workspaces button.focused {
color: ${theme.extra.black};
background: ${theme.bright.cyan};
}
/* Contains an urgent window */
#workspaces button.urgent {
color: ${theme.bright.red};
background: ${theme.extra.black};
}
/* Style when cursor is on the button */
#workspaces button:hover {
background: ${theme.bright.black};
color: ${theme.extra.white};
}
#window {
margin-right: 10pt;
margin-left: 10pt;
}
'';
in {
imports = [ ../options.nix ];
home.packages = with pkgs; [
waybar
pavucontrol
iwgtk
];
programs.waybar = {
enable = true;
@ -288,24 +225,9 @@ in {
};
style = ''
/* Reset all styles */
* {
border: none;
border-radius: 0;
min-height: 0;
margin: 0;
padding: 0;
box-shadow: none;
text-shadow: none;
}
#waybar {
background: rgba(40, 40, 40, 0.3);
color: #ffffff;
font-family: SF Compact Rounded;
font-size: 11pt;
font-weight: 500;
}
* {border: none; border-radius: 0; min-height: 0; margin: 0; padding: 0; box-shadow: none; text-shadow: none;}
#waybar { background: rgba(40, 40, 40, 0.3); color: #ffffff; font-family: "sans-serif"; font-size: 12pt; font-weight: 500; }
''
+ workspace-style + bar.style;
+ bar.style;
};
}

2
home/zsh.nix → config/apps/zsh.nix
View file

@ -20,7 +20,7 @@ in {
path = "$HOME/.zsh_history";
};
initContent = ''
initExtra = ''
prompt pure
zstyle :prompt:pure:path color cyan
zstyle :prompt:pure:prompt:error color red

0
hosts/laptop/disks.nix → config/btrfs-disko.nix
View file

16
config/configuration.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
# inputs.home-manager.nixosModules.default
./nixos
./users/alice.nix
./variables.nix
./hosts/laptop.nix
];
# to use zsh as a login shell, it has to be enabled globally.
programs.zsh.enable = true;
}

0
data/gruvbox-dark.nix → config/data/gruvbox-dark.nix
View file

0
data/gruvbox-light.nix → config/data/gruvbox-light.nix
View file

3
data/theme.nix → config/data/theme.nix
View file

@ -17,8 +17,5 @@ in
darkbrown = "#85603f";
darkerbrown = "#5e454b";
cream = "#fefcf3";
aqua = "#689d6a";
black = "#282828";
white = "#fcf8e6";
};
}

1
data/user.nix → config/data/user.nix
View file

@ -1,4 +1,3 @@
{...}: {
email = "janis@nirgendwo.xyz";
username = "user";
}

1
data/zsh-aliases.nix → config/data/zsh-aliases.nix
View file

@ -7,7 +7,6 @@
q = "exit";
ssh = "TERM=xterm-256color ssh";
emacs = "emacs -nw"; # Use emacs in terminal mode.
ns = "nix-shell --run \"$(readlink /proc/$$/exe)\"";
# dotfiles
dotfiles = "git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME";

37
config/disks.nix Normal file
View file

@ -0,0 +1,37 @@
{
disko.devices = {
disk = {
root = {
device = "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
label = "boot";
name = "ESP";
type = "EF00";
size = "512M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
label = "root";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

63
config/flake.nix Normal file
View file

@ -0,0 +1,63 @@
{
inputs = {
# This is pointing to an unstable release.
# If you prefer a stable release instead, you can this to the latest number shown here: https://nixos.org/download
# i.e. nixos-24.11
# Use `nix flake update` to update the flake to the latest revision of the chosen release channel.
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; # Use the same nixpkgs as the system
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/nur";
# firefox-addons = {
# url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
# inputs.nixpkgs.follows = "nixpkgs"; # Use the same nixpkgs as the system
# };
};
outputs = inputs @ { self, disko, nixpkgs, home-manager, ... }:
let
system = "x86_64-linux"; # Default system architecture
in {
# NOTE: 'nixos' is the default hostname
nixosConfigurations = {
nixos = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./configuration.nix
home-manager.nixosModules.home-manager
disko.nixosModules.disko
./btrfs-disko.nix
{
home-manager.useGlobalPkgs = true; # Use global packages in home-manager
home-manager.useUserPackages = true; # Use user packages in home-manager
home-manager.extraSpecialArgs = {
inherit inputs;
};
}
];
specialArgs = {
inherit inputs home-manager;
};
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true; # Allow unfree packages globally
overlays = [
inputs.nur.overlays.default
];
};
};
};
};
}

37
config/hardware-configuration.nix Normal file
View file

@ -0,0 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/723e4a6a-97b9-49ff-999f-806b12ea26b6";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/15E6-98FA";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

0
.gitignore → config/hosts/common.nix
View file

3
config/hosts/default.nix Normal file
View file

@ -0,0 +1,3 @@
{...}: {
imports = [];
}

4
config/hosts/laptop.nix Normal file
View file

@ -0,0 +1,4 @@
{config, ...}: {
imports = [ ../variables.nix ];
config.has_battery = true;
}

5
config/hosts/vm.nix Normal file
View file

@ -0,0 +1,5 @@
{...}: {
imports = [ ../variables.nix ];
# config.has_battery = true;
config.vmGuest = true;
}

9
config/nixos/default.nix Normal file
View file

@ -0,0 +1,9 @@
{...}: {
imports = [
./hardware.nix
./system.nix
./plymouth.nix
./fonts.nix
./login.nix
];
}

33
config/nixos/fonts.nix Normal file
View file

@ -0,0 +1,33 @@
{pkgs, ...}: {
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
liberation_ttf
roboto
roboto-mono
twitter-color-emoji
nerd-fonts.fira-code
nerd-fonts.fira-mono
unicode-emoji
fira-sans
font-awesome
fira-mono
fira-code
material-icons
source-sans
source-code-pro
pkgs.nur.repos.redpz.sf-mono
];
fontconfig = {
defaultFonts = {
monospace = ["SF Mono" "Fira Mono" "Noto Mono"];
serif = ["Liberation Serif" "Noto Serif"];
sansSerif = ["Liberation Sans" "Noto Sans" "Roboto"];
emoji = ["Twitter Color Emoji" "Noto Emoji"];
};
};
};
}

19
config/nixos/hardware.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, pkgs, ...}:
with pkgs;
{
hardware = {
graphics = {
enable = true; # Enable graphics support.
extraPackages = [
amdvlk
intel-media-driver
intel-vaapi-driver
];
};
cpu = {
amd = {
updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
};
};
}

16
config/nixos/login.nix Normal file
View file

@ -0,0 +1,16 @@
# This file is part of the NixOS configuration for the login service.
{pkgs, ...}: {
environment.systemPackages = [ pkgs.sddm-chili-theme ];
services = {
displayManager = {
enable = true;
sddm = {
enableHidpi = true;
enable = true;
theme = "chili";
wayland.enable = true;
};
sessionPackages = with pkgs; [sway];
};
};
}

25
config/nixos/plymouth.nix Normal file
View file

@ -0,0 +1,25 @@
{pkgs, ...}: {
boot = {
plymouth = {
enable = true;
theme = "rings";
themePackages = with pkgs; [
(adi1090x-plymouth-themes.override {
selected_themes = [ "rings" ];
})
];
};
consoleLogLevel = 3;
initrd.verbose = false;
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
loader.timeout = 0;
};
}

59
config/nixos/system.nix Normal file
View file

@ -0,0 +1,59 @@
{config, pkgs, ...}:
let
base = import ../options.nix {};
in {
imports = [
../variables.nix
];
system.stateVersion = "${base.stateVersion}";
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_GB.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "uk";
# useXkbConfig = true; # use xkb.options in tty.
};
services.qemuGuest.enable = config.vmGuest;
services.spice-vdagentd.enable = config.vmGuest;
security.rtkit.enable = true; # Enable real-time scheduling for audio applications.
services = {
pipewire = {
enable = true;
pulse.enable = true;
alsa.enable = true;
alsa.support32Bit = true; # Enable 32-bit support if needed.
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = true; # Enable password authentication.
PermitRootLogin = "yes"; # Allow root login (not recommended for production).
};
};
libinput.enable = true;
};
environment.systemPackages = with pkgs; [
vim wget curl git emacs
];
}

6
config/options.nix Normal file
View file

@ -0,0 +1,6 @@
{...}:
let
stateVersion = "25.05";
in {
inherit stateVersion;
}

31
config/users/alice.nix Normal file
View file

@ -0,0 +1,31 @@
inputs @ { pkgs, lib, ...}: let
# NixOS version
# Function to create the home-manager configuration for the account
aliceUserFn = {pkgs, ...}: {
imports = [
../apps
];
home = {
packages = with pkgs; [
htop
]; # Default packages for the owner account.
};
};
in {
imports = [(lib.modules.importApply ./user.nix {
user = {
userName = "alice";
defaultPassword = "password";
shell = pkgs.zsh;
packages = with pkgs; [
tree
vim
wget
curl
git
];
userModule = aliceUserFn;
};
})];
}

46
config/users/user.nix Normal file
View file

@ -0,0 +1,46 @@
# `user` has the following attributes:
# - `userName`: The username for the user account.
# - `defaultPassword`: The default password for the user account.
# - `shell`: The shell for the user account.
# - `packages`: List of packages to install for the user account.
# - `userModule`: A module that provides additional configuration for the user account.
{user}: inputs @ {lib, home-manager, pkgs, ...}:
let
username = user.userName or "alice";
base = import ../options.nix {};
in
let
homeDirectory = "/home/${username}";
in {
users.users.${username} = {
shell = user.shell or pkgs.zsh; # Default shell for the user
home = homeDirectory;
createHome = true;
group = "users"; # Default group
isNormalUser = true;
extraGroups = [ "wheel" ]; # Add to wheel group for sudo access
} // lib.optionalAttrs (lib.hasAttr "defaultPassword" user) {
initialPassword = user.defaultPassword;
};
home-manager.users.${username} = {...}: {
imports = [ ../variables.nix user.userModule ];
# programs.home-manager.enable = true;
home = {
inherit username;
inherit homeDirectory;
inherit (user) packages;
stateVersion = "${base.stateVersion}";
sessionVariables = {
EDITOR = user.editor or "vim";
};
};
};
}

8
utils.nix → config/utils.nix
View file

@ -17,12 +17,4 @@
num-windows;
isEmptySet = set: with builtins; length (attrNames set) == 0;
# convert an rgb colour string from the form "#rrggbb" to "#rrggbbff"
rgbToRgba = rgb: let
hex = builtins.replaceStrings [ "#" ] [ "" ] rgb;
r = builtins.substring 0 2 hex;
g = builtins.substring 2 2 hex;
b = builtins.substring 4 2 hex;
in "#${r}${g}${b}ff";
}

21
config/variables.nix Normal file
View file

@ -0,0 +1,21 @@
{lib, ...}: {
options = {
has_battery = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether the system has a battery.";
};
vmGuest = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable VM guest services.";
};
darkMode = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable dark mode for the system.";
};
};
}

8
configuration.nix
View file

@ -1,8 +0,0 @@
{...}: {
imports = [
# ./hardware-configuration.nix
./user
./system
./programs
];
}

406
flake.lock
View file

@ -1,406 +0,0 @@
{
"nodes": {
"apple-fonts": {
"inputs": {
"nixpkgs": "nixpkgs",
"ny": "ny",
"sf-arabic": "sf-arabic",
"sf-armenian": "sf-armenian",
"sf-compact": "sf-compact",
"sf-georgian": "sf-georgian",
"sf-hebrew": "sf-hebrew",
"sf-mono": "sf-mono",
"sf-pro": "sf-pro"
},
"locked": {
"lastModified": 1752383772,
"narHash": "sha256-I5Y0gUJS85lGEuuKr+tKSRUpJWeKavE+WmiAHRcyBaU=",
"owner": "Lyndeno",
"repo": "apple-fonts.nix",
"rev": "875c694d7f0ec2020d7511264907a1f0e3262931",
"type": "github"
},
"original": {
"owner": "Lyndeno",
"repo": "apple-fonts.nix",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1756733629,
"narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=",
"owner": "nix-community",
"repo": "disko",
"rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"duralumin": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"rust-overlays": "rust-overlays",
"systems": "systems"
},
"locked": {
"lastModified": 1756908377,
"narHash": "sha256-TriFYm3nafLeSBd5RXTD98w0WIF2xi6PlrAfmLlsfr0=",
"ref": "refs/heads/master",
"rev": "a6b7dae4d878f8a36e65f3e2242af961f85b2bb7",
"revCount": 17,
"type": "git",
"url": "https://git.nirgendwo.xyz/janis/duralumin.git"
},
"original": {
"type": "git",
"url": "https://git.nirgendwo.xyz/janis/duralumin.git"
}
},
"emacs-overlay": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1756832996,
"narHash": "sha256-pW+QqeXIIKzo4GkX+WM86t7vai++RHaDE32aMDAIUJs=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "73c17b083cd9383d9dd0c98ca33c5d7cdabfec6c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "emacs-overlay",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1756842514,
"narHash": "sha256-XbtRMewPGJwTNhBC4pnBu3w/xT1XejvB0HfohC2Kga8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "30fc1b532645a21e157b6e33e3f8b4c154f86382",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1740828860,
"narHash": "sha256-cjbHI+zUzK5CPsQZqMhE3npTyYFt9tJ3+ohcfaOF/WM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "303bd8071377433a2d8f76e684ec773d70c5b642",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1751274312,
"narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1756542300,
"narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1756787288,
"narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1744536153,
"narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1756754095,
"narHash": "sha256-9Rsn9XEWINExosFkKEqdp8EI6Mujr1gmQiyrEcts2ls=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7c815e513adbf03c9098b2bd230c1e0525c8a7f9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1756542300,
"narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1756856604,
"narHash": "sha256-7UTJ5JLQos2rWyxOqlNDzCkSRqhN7SAAvtdf8AHci7c=",
"owner": "nix-community",
"repo": "nur",
"rev": "143985f9f846656911cb35fdc3403a68a2363b87",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nur",
"type": "github"
}
},
"ny": {
"flake": false,
"locked": {
"narHash": "sha256-3257NAH4qlan2YHVLpNRy7x8IJqR2pal3OzFo/ykqXs=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/NY.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/NY.dmg"
}
},
"root": {
"inputs": {
"apple-fonts": "apple-fonts",
"disko": "disko",
"duralumin": "duralumin",
"emacs-overlay": "emacs-overlay",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_4",
"nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur"
}
},
"rust-overlays": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1756866691,
"narHash": "sha256-YWJsM0HfdFLcaoP5OeyzjX6MjGnJ0Acm+bg1QN8MKjo=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "fb6dab6f320291a8edd31c1d67f078c6f7384a02",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sf-arabic": {
"flake": false,
"locked": {
"narHash": "sha256-/0gjRimqvZyE60xYxxPdlU+7Q2LJnnvtbmwOP0YmS9U=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Arabic.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Arabic.dmg"
}
},
"sf-armenian": {
"flake": false,
"locked": {
"narHash": "sha256-rRoDkbNMYkzOHZmQm96Zv80TZvRlAeoxkv4pMHP5nUg=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Armenian.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Armenian.dmg"
}
},
"sf-compact": {
"flake": false,
"locked": {
"narHash": "sha256-VMCf2Mhmx/qhLRQxlTAsQWxtonS27kPW+oTYBBRWHMg=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Compact.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Compact.dmg"
}
},
"sf-georgian": {
"flake": false,
"locked": {
"narHash": "sha256-IevVNOC28IiR45YfI3PsZzXLMRxuB5u7UiE53Zn6tRU=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Georgian.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Georgian.dmg"
}
},
"sf-hebrew": {
"flake": false,
"locked": {
"narHash": "sha256-Dw84kYwMpCtKKKqm8cZcQ9TZ7GayU5MO7W0LJw0Rcwk=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Hebrew.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Hebrew.dmg"
}
},
"sf-mono": {
"flake": false,
"locked": {
"narHash": "sha256-ICdHRFdNL7PM/fXJUzS7LgZxZiqcyIuCMHLze4En4vg=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Mono.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Mono.dmg"
}
},
"sf-pro": {
"flake": false,
"locked": {
"narHash": "sha256-RX6X2ltVE88Hp1g9tpSywMT3UfdLpRxgw92KRpiAues=",
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Pro.dmg"
},
"original": {
"type": "file",
"url": "https://devimages-cdn.apple.com/design/resources/download/SF-Pro.dmg"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

83
flake.nix
View file

@ -1,83 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/nur";
emacs-overlay = {
url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
apple-fonts.url = "github:Lyndeno/apple-fonts.nix";
duralumin.url = "git+https://git.nirgendwo.xyz/janis/duralumin.git";
};
outputs = inputs @ { self, disko, nixpkgs, nixpkgs-unstable, home-manager, duralumin, emacs-overlay, ... }:
let
system = "x86_64-linux";
overlay-unstable = final: prev: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true; # Allow unfree packages globally
};
};
in rec {
mkSystem = {host, ...}: nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./configuration.nix
./options.nix
./pkgs
host
home-manager.nixosModules.home-manager
disko.nixosModules.disko
{
home-manager.useGlobalPkgs = true; # Use global packages in home-manager
home-manager.useUserPackages = true; # Use user packages in home-manager
home-manager.extraSpecialArgs = {
inherit inputs;
};
}
];
specialArgs = {
inherit inputs home-manager;
};
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true; # Allow unfree packages globally
overlays = [
inputs.nur.overlays.default
emacs-overlay.overlays.default
overlay-unstable
duralumin.overlays.default
];
};
};
nixosConfigurations = {
vm = mkSystem {
host = ./hosts/vm.nix;
};
laptop = mkSystem {
host = ./hosts/laptop;
};
desktop = mkSystem {
host = ./hosts/desktop;
};
};
};
}

136
home/default.nix
View file

@ -1,136 +0,0 @@
{pkgs, lib, super-config, ...}:
let
user = import ../data/user.nix {};
in {
imports = [
./alacritty.nix
./firefox.nix
./sway.nix
./hyprlock_idle.nix
./wallpapers.nix
./waybar.nix
./udiskie.nix
./mako.nix
./zsh.nix
./rofi.nix
./libinput.nix
./git-ssh.nix
./emacs.nix
./syncthing.nix
./development
];
programs.nh = {
enable = true;
# flake = "/etc/nixos/config#laptop"
};
programs.direnv = {
enable = true;
nix-direnv.enable = true;
enableZshIntegration = true;
};
xdg = {
systemDirs.data = ["${pkgs.nordvpn}/share"];
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
};
gtk = {
enable = true;
theme = {
name = "Breeze-Dark";
package = pkgs.kdePackages.breeze-gtk;
};
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
};
cursorTheme = {
name = "WhiteSur-cursors";
package = pkgs.whitesur-cursors;
size = 24;
};
gtk3.extraConfig = {
gtk-application-prefer-dark-theme = super-config.darkMode == true;
};
gtk4.extraConfig = {
gtk-application-prefer-dark-theme = super-config.darkMode == true;
};
};
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = lib.optionals (super-config.darkMode == true) "prefer-dark";
};
};
fonts.fontconfig.enable = true;
home = {
stateVersion = "25.05";
homeDirectory = "/home/${user.username}";
username = user.username;
shell.enableZshIntegration = true;
sessionVariables = {
SSH_AUTH_SOCK = "/run/user/1000/ssh-agent";
EDITOR = "nvim";
VISUAL = "nvim";
GTK_THEME = "Breeze-Dark";
NIXOS_OZONE_WL = "1";
};
pointerCursor = {
gtk.enable = true;
x11.enable = true;
x11.defaultCursor = "WhiteSur-cursors";
name = "WhiteSur-cursors";
package = pkgs.whitesur-cursors;
size = 32;
};
packages = with pkgs; [
# Add your global packages here
mpv
sxiv
feh
duralumin
duralumin-keygen
ranger
neovim
bottom
git
wget
curl
htop
tree
htop
pavucontrol
ripgrep
killall
x11_ssh_askpass
xdg-utils
vanilla-dmz
(discord.override {withVencord = true;})
spotify
zed-editor-fhs
bitwarden-desktop
bitwarden-cli
# file manager
nemo-with-extensions
screenshot
];
};
}

6
home/development/default.nix
View file

@ -1,6 +0,0 @@
{...}: {
imports = [
./nix.nix
./rust.nix
];
}

5
home/development/nix.nix
View file

@ -1,5 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
nixd
];
}

4
home/development/rust.nix
View file

@ -1,4 +0,0 @@
{pkgs, ...}: {
# home.packages = with pkgs; [
# ];
}

79
home/emacs.nix
View file

@ -1,79 +0,0 @@
# home-manager configuration for Emacs
{lib, pkgs, ...}:
let
emacs-config = builtins.fetchGit {
url = "git@git.nirgendwo.xyz:janis/dot-emacs.git";
ref = "main";
rev = "41f5c3340a0232ea1c0e0bb44b0609b2956c3fe9";
};
emacs = pkgs.emacs-git-pgtk;
in {
# TODO: turn this into a FHS or package so these dependencies don't have to be
# accessible from the global namespace.
home.packages = with pkgs; [
python3
enchant2 # spell checking
enchant2.dev # for building jinx
pkg-config
git
ripgrep # for Emacs' ripgrep integration
libvterm-neovim # vterm support for Emacs
nodejs_24
copilot-node-server
copilot-language-server-fhs
cmake
libtool
gnumake
gcc
texlive.combined.scheme-full
(tree-sitter.withPlugins (grammars: with grammars; [
tree-sitter-bash
tree-sitter-nix
tree-sitter-toml
tree-sitter-elisp
tree-sitter-rust
tree-sitter-cpp
tree-sitter-c
tree-sitter-zig
tree-sitter-elisp
tree-sitter-markdown
# tree-sitter-slang
]))
# spelling
# Note: don't use `hunspellWithDicts` here, because enchant will not be able
# to see the dictionaries unless they are by themselves.
hunspell
# hunspellDicts.en-gb-ise
hunspellDicts.en-gb-large # contains both ise and ize spellings
hunspellDicts.de-de
hunspellDicts.da-dk
# jinx from emacsPackages
emacsPackages.jinx
# LSP support
emacs-lsp-booster
# language servers
pkgs.unstable.rust-analyzer
nixd];
# xdg.configFile = {
# "emacs" = {
# source = emacs-config;
# };
# };
# services.emacs = {
# enable = true;
# package = emacs;
# };
programs.emacs = {
enable = true;
package = emacs;
extraPackages = (epkgs: with epkgs; [
jinx
]);
};
}

76
home/git-ssh.nix
View file

@ -1,76 +0,0 @@
{pkgs, ...}: {
programs.git = {
enable = true;
userName = "janis";
userEmail = "janis@nirgendwo.xyz";
signing = {
format = "ssh";
key = "~/.ssh/duralumin_janis-github";
};
extraConfig = {
init = {
defaultBranch = "main";
};
safe = {
directory = "/etc/nixos/config";
};
commit = {
gpgsign = "true";
};
};
};
programs.ssh = {
enable = true;
matchBlocks = {
"git.nirgendwo.xyz" = {
host = "git.nirgendwo.xyz";
hostname = "git.nirgendwo.xyz";
identityFile = "~/.ssh/id_ed25519_nirgendwo";
addKeysToAgent = "yes";
};
"nirgendwo.xyz" = {
host = "nirgendwo.xyz";
hostname = "nirgendwo.xyz";
identityFile = "~/.ssh/id_ed25519_nirgendwo";
addKeysToAgent = "yes";
};
"nirgendswo.com" = {
host = "nirgendswo.com";
hostname = "nirgendswo.com";
identityFile = "~/.ssh/id_ed25519_nirgendwo";
addKeysToAgent = "yes";
};
"nirgendwo" = {
host = "nirgendwo";
hostname = "nirgendwo.xyz";
user = "root";
identityFile = "~/.ssh/id_ed25519_nirgendwo";
addKeysToAgent = "yes";
};
"github-janis-bhm" = {
host = "github-janis-bhm";
hostname = "github.com";
user = "git";
identityFile = "~/.ssh/duralumin_janis-github";
addKeysToAgent = "yes";
};
"github-janis" = {
host = "github-janis";
hostname = "github.com";
user = "git";
identityFile = "~/.ssh/duralumin_janis-github";
addKeysToAgent = "yes";
};
"noonebtw.github.com" = {
host = "noonebtw.github.com";
hostname = "github.com";
identityFile = "~/.ssh/id_ed25519_git";
addKeysToAgent = "yes";
};
};
};
services.ssh-agent.enable = true;
}

118
home/hyprlock_idle.nix
View file

@ -1,118 +0,0 @@
{pkgs, lib, super-config, ...}: {
services.hyprpolkitagent.enable = true;
programs.hyprlock = {
enable = true;
settings = {
background = {
monitor = "";
path = "~/.local/share/wallpapers/current_lock";
blur_passes = 2;
contrast = 1;
brightness = 0.5;
vibrancy = 0.2;
vibrancy_darkness = 0.2;
};
general = {
no_fade_in = true;
no_fade_out = true;
hide_cursor = false;
grace = 2;
enable_fingerprint = true;
disable_loading_bar = true;
};
input-field = {
monitor = "";
size = "250, 60";
outline_thickness = 2;
dots_size = 0.2;
dots_spacing = 0.35;
dots_center = true;
outer_color = "rgba(0, 0, 0, 0)";
inner_color = "rgba(0, 0, 0, 0.2)";
font_color = "$foreground";
fade_on_empty = false;
rounding = -1;
check_color = "rgb(204, 136, 34)";
placeholder_text = "<i><span foreground=\"##cdd6f4\">Input Password...</span></i>";
hide_input = false;
position = "0, -200";
halign = "center";
valign = "center";
};
label = [
# DATE
{
monitor = "";
text = ''cmd[update:1000] echo "''$(${pkgs.coreutils}/bin/date +"%A, %B %d")"'';
color = "rgba(242, 243, 244, 0.75)";
font_size = 22;
font_family = "JetBrains Mono";
position = "0, 300";
halign = "center";
valign = "center";
}
# TIME
{
monitor = "";
text = ''cmd[update:1000] echo "''$(${pkgs.coreutils}/bin/date +"%-I:%M")"'';
color = "rgba(242, 243, 244, 0.75)";
font_size = 95;
font_family = "JetBrains Mono Extrabold";
position = "0, 200";
halign = "center";
valign = "center";
}
];
};
};
services.hypridle = lib.optionals (super-config.enableHypridle == true) {
enable = true;
settings = let
idle_timeout = "300"; # 5 minutes
screen_timeout = "600"; # 10 minutes
suspend_timeout = "900"; # 10 minutes
lock_cmd = "${pkgs.procps}/bin/pidof hyprlock || ${pkgs.hyprlock}/bin/hyprlock";
suspend_cmd = "systemctl suspend";
in{
general = {
inherit lock_cmd;
before_sleep_cmd = "loginctl lock-session";
};
listener = [
{
timeout = idle_timeout;
on-timeout = "loginctl lock-session";
}
{
timeout = screen_timeout;
on-timeout = "{pkgs.sway}/bin/swaymsg 'output * dpms off'";
on-resume = "{pkgs.sway}/bin/swaymsg 'output * dpms on'";
}
{
timeout = suspend_timeout;
on-timeout = suspend_cmd;
}
];
};
};
home.packages = with pkgs; [
hyprlock
coreutils
] ++ (lib.optionals (super-config.enableHypridle == true) [
hypridle
]);
# xdg.configFile."hypr/hyprlock.conf" = {
# source = "${pkgs.dotfiles}/.config/hypr/hyprlock.conf";
# };
}

19
home/libinput.nix
View file

@ -1,19 +0,0 @@
{pkgs, config, ...}: {
home.packages = with pkgs; [
libinput
libinput-gestures
];
# Ensure libinput-gestures service is enabled
# wayland.windowManager.sway.systemd.extraCommands = [
# "systemctl --user enable libinput-gestures.service"
# "systemctl --user start libinput-gestures.service"
# ];
xdg.configFile."libinput-gestures.conf".text = ''
gesture swipe left 4 ${pkgs.sway}/bin/swaymsg workspace prev
gesture swipe right 4 ${pkgs.sway}/bin/swaymsg workspace next
gesture swipe down 4 ${pkgs.hyprlock}/bin/hyprlock
gesture pinch in 4 ${pkgs.rofi}/bin/rofi -combi-modi window,drun,run,ssh,combi -show combi -show-icons
'';
}

19
home/mako.nix
View file

@ -1,19 +0,0 @@
{pkgs, lib, config, ...}: let
theme = import ../data/theme.nix {inherit config; };
utils = import ../utils.nix { inherit lib; };
in {
services.mako = {
enable = true;
settings = {
default-timeout = 5000;
border-size = 3;
margin = "30";
padding = "5";
border-radius = 10;
background-color = utils.rgbToRgba theme.background;
border-color = utils.rgbToRgba theme.bright.blue;
progress-color = utils.rgbToRgba theme.bright.cyan;
text-color = utils.rgbToRgba theme.foreground;
};
};
}

37
home/syncthing.nix
View file

@ -1,37 +0,0 @@
{pkgs, ...}: {
services.syncthing = {
enable = true;
guiAddress = "0.0.0.0:8384";
settings = {
gui = {
user = "admin";
password = "strongpassword";
};
devices = {
# "laptop" = {
# name = "laptop";
# id = "LAPTOPDEVICEID";
# };
"desktop" = {
name = "desktop";
id = "HQ6L2IU-V7YKP4H-NVKMCAQ-6PZ37SJ-ETTXY7Y-2PBH62A-5AJAGPN-OUT3YQW";
};
"nirgendwo" = {
name = "nirgendwo";
id = "UNHUVZP-7HO7R6J-EKSG2QT-CLCFQ7E-GD7AKA7-TMNZT3E-6M56VPS-AGDE5AA";
};
};
folders = {
"Shared" = {
id = "539nt-oefmc";
path = "~/Shared";
devices = [ "nirgendwo" "desktop" ];
};
};
};
};
}

8
home/udiskie.nix
View file

@ -1,8 +0,0 @@
{...}: {
services.udiskie = {
enable = true;
automount = true;
notify = true;
tray = "auto";
};
}

29
home/wallpapers.nix
View file

@ -1,29 +0,0 @@
# home-manager module which installs wallpapers from dotfiles into .local/share/wallpapers
{pkgs, config, ...}: {
xdg.dataFile."wallpapers" = {
source = "${pkgs.dotfiles}/.local/share/wallpapers";
recursive = true;
};
home.packages = with pkgs; [
wpaperd-patched
];
xdg.dataFile."wallpapers/current" = {
source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.dataHome}/wallpapers/witch1.jpg";
};
xdg.dataFile."wallpapers/current_lock" = {
source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.dataHome}/wallpapers/witch5.jpg";
};
services.wpaperd = {
enable = true;
package = pkgs.wpaperd-patched;
settings = {
default = {
path = "${config.xdg.dataHome}/wallpapers/current";
};
};
};
}

141
hosts/desktop/default.nix
View file

@ -1,141 +0,0 @@
{lib, pkgs, config, modulesPath, ...}: {
imports = [
# ./nvme-raid.nix
../../options.nix
(modulesPath + "/installer/scan/not-detected.nix")
];
darkMode = true;
enableHypridle = true;
has_battery = false;
extraOutputConfig = {
"HDMI-A-3" = {pos = "0 0";};
"HDMI-A-1" = { pos = "1920 0"; };
};
fileSystems = {
"/boot" = {
device = "/dev/disk/by-uuid/EF81-FDEB";
fsType = "vfat";
options = [ "uid=0" "gid=0" "fmask=0077" "dmask=0077" ];
};
"/" = {
device = "/dev/mapper/crypt0";
fsType = "btrfs";
options = [ "subvol=@root" "noatime" "compress=zstd" ];
};
"/mnt/rootfs" = {
device = "/dev/mapper/crypt0";
fsType = "btrfs";
options = [ "noatime" "compress=zstd" ];
};
"/home" = {
device = "/dev/mapper/crypt0";
fsType = "btrfs";
options = [ "subvol=@home" "noatime" "compress=zstd" ];
};
"/var/games" = {
device = "/dev/mapper/crypt0";
fsType = "btrfs";
options = [ "subvol=@games" "noatime" "compress=zstd" ];
};
"/var/code" = {
device = "/dev/mapper/crypt0";
fsType = "btrfs";
options = [ "subvol=@code" "noatime" "compress=zstd" ];
};
"/var/log" = {
device = "/dev/mapper/crypt0";
fsType = "btrfs";
options = [ "subvol=@log" "noatime" "compress=zstd" ];
};
"/persist" = {
device = "/dev/mapper/crypt0";
fsType = "btrfs";
options = [ "subvol=@persist" "noatime" "compress=zstd" ];
};
"/nix" = {
device = "/dev/mapper/crypt0";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" ];
};
"/var/.snapshots" = {
device = "/dev/mapper/crypt0";
fsType = "btrfs";
options = [ "subvol=@snapshots" "noatime" "compress=zstd" ];
};
"/swap" = {
device = "/dev/mapper/crypt0";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
};
swapDevices = [
{
device = "/swap/swapfile";
}
];
boot = {
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
"mem_sleep_default=deep"
"resume_offset=533760"
];
resumeDevice = "/dev/disk/by-uuid/c6442c5b-119b-4eba-82b3-0b9b89aab03f";
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
consoleLogLevel = 3;
initrd = {
systemd.enable = true;
luks = {
devices = {
"crypt0" = {
device = "/dev/disk/by-uuid/7b5d31a2-0cc9-41a4-8ce4-d6b3a4c83f6a";
allowDiscards = true;
};
"crypt1" = {
device = "/dev/disk/by-uuid/bf7f6c09-ee13-4cb6-b56c-defd910b8265";
allowDiscards = true;
};
};
};
verbose = false;
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ];
# kernelModules = ["amdgpu" ];
};
plymouth.enable = true;
# plymouth = {
# enable = true;
# theme = "rings";
# themePackages = with pkgs; [
# (adi1090x-plymouth-themes.override {
# selected_themes = ["rings"];
# }
# )
# ];
# };
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = true;
}

86
hosts/desktop/disks.nix
View file

@ -1,86 +0,0 @@
{
disko.devices = {
disk = {
root = {
type = "disk";
device = "/dev/disk/by-id/ata-Verbatim_Vi550_S3_493535014831840";
content = {
type = "gpt";
partitions = {
ESP = {
label = "boot";
name = "ESP";
type = "EF00";
size = "512M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
label = "luks";
content = {
type = "luks";
name = "cryptroot";
extraOpenArgs = [
"--allow-discards"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
# https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html
settings = {crypttabExtraOpts = ["tpm2-device=auto" "token-timeout=10"];};
content = {
type = "btrfs";
extraArgs = ["-L" "nixos" "-f"];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = ["subvol=@root" "compress=zstd" "noatime"];
};
"@home" = {
mountpoint = "/home";
mountOptions = ["subvol=@home" "compress=zstd" "noatime"];
};
"@games" = {
mountpoint = "/var/games";
mountOptions = ["subvol=@games" "compress=zstd" "noatime"];
};
"@code" = {
mountpoint = "/var/code";
mountOptions = ["subvol=@code" "compress=zstd" "noatime"];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = ["subvol=@nix" "compress=zstd" "noatime"];
};
"@persist" = {
mountpoint = "/persist";
mountOptions = ["subvol=@persist" "compress=zstd" "noatime"];
};
"@log" = {
mountpoint = "/var/log";
mountOptions = ["subvol=@log" "compress=zstd" "noatime"];
};
"@snapshots" = {
};
"@swap" = {
mountpoint = "/swap";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
fileSystems."/persist".neededForBoot = true;
fileSystems."/var/log".neededForBoot = true;
}

108
hosts/desktop/nvme-raid.nix
View file

@ -1,108 +0,0 @@
{
disko.devices = {
disk = {
nvme1 = {
type = "disk";
device = "/dev/nvme1n1";
content = {
type = "gpt";
partitions = {
crypt0 = {
size = "100%";
content = {
type = "luks";
name = "crypt1";
extraOpenArgs = [
"--allow-discards"
];
settings = {crypttabExtraOpts = ["tpm2-device=auto" "token-timeout=10"];};
};
};
};
};
};
nvme0 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "nixboot";
name = "ESP";
type = "EF00";
size = "1G";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
crypt0 = {
size = "100%";
content = {
type = "luks";
name = "crypt0";
extraOpenArgs = [
"--allow-discards"
];
settings = {crypttabExtraOpts = ["tpm2-device=auto" "token-timeout=10"];};
content = {
type = "btrfs";
extraArgs = [
"-L" "nixos" "-f"
"-d single -m raid1"
"/dev/mapper/crypt1"
];
mountpoint = "/mnt/rootfs";
mountOptions = ["compress=zstd" "noatime"];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = ["subvol=@root" "compress=zstd" "noatime"];
};
"@home" = {
mountpoint = "/home";
mountOptions = ["subvol=@home" "compress=zstd" "noatime"];
};
"@games" = {
mountpoint = "/var/games";
mountOptions = ["subvol=@games" "compress=zstd" "noatime"];
};
"@code" = {
mountpoint = "/var/code";
mountOptions = ["subvol=@code" "compress=zstd" "noatime"];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = ["subvol=@nix" "compress=zstd" "noatime"];
};
"@persist" = {
mountpoint = "/persist";
mountOptions = ["subvol=@persist" "compress=zstd" "noatime"];
};
"@log" = {
mountpoint = "/var/log";
mountOptions = ["subvol=@log" "compress=zstd" "noatime"];
};
"@snapshots" = {
mountpoint = "/var/.snapshots";
mountOptions = ["subvol=@snapshots" "compress=zstd" "noatime"];
};
"@swap" = {
mountpoint = "/swap";
swap.swapfile.size = "64G";
};
};
};
};
};
};
};
};
};
};
}

26
hosts/laptop/default.nix
View file

@ -1,26 +0,0 @@
{lib, config, modulesPath, ...}: {
imports = [
./disks.nix
../../options.nix
(modulesPath + "/installer/scan/not-detected.nix")
];
has_battery = true;
useThermald = true;
desktop_scale = 1.3;
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

29
hosts/vm.nix
View file

@ -1,29 +0,0 @@
{config, lib, modulesPath, ...}: {
imports = [
../options.nix
(modulesPath + "/profiles/qemu-guest.nix")
];
vmGuest = true;
boot = {
kernelModules = [ "kvm-intel" ];
initrd.availableKernelModules = [ "virtio_pci" "ahci" "xhci_pci" "sr_mod" "virtio_blk" ];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
fileSystems."/" =
{ device = "/dev/disk/by-uuid/723e4a6a-97b9-49ff-999f-806b12ea26b6";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/15E6-98FA";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
}

57
options.nix
View file

@ -1,57 +0,0 @@
{lib, ...}: {
options = {
has_battery = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Whether the system has a battery.";
};
vmGuest = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable VM guest services.";
};
darkMode = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable dark mode for the system.";
};
enableHypridle = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable hypridle for the system.";
};
desktop_scale = lib.mkOption {
type = lib.types.float;
default = 1.0;
description = "HiDpi scale factor for the window manager";
};
extraOutputConfig = lib.mkOption {
type = lib.types.attrsOf (lib.types.attrsOf lib.types.anything);
default = {};
description = "Additional config for sway outputs";
};
cpufreqConfig = lib.mkOption {
type = lib.types.attrsOf lib.types.anything;
default = {};
description = "Additional config for auto-cpufreq";
};
useThermald = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Use thermald for thermal management";
};
tlpConfig = lib.mkOption {
type = lib.types.attrsOf lib.types.anything;
default = {};
description = "Additional config for TLP";
};
};
}

5
pkgs/default.nix
View file

@ -1,5 +0,0 @@
{...}: {
nixpkgs.overlays = [
(import ./overlay.nix)
];
}

26
pkgs/dotfiles.nix
View file

@ -1,26 +0,0 @@
{lib, stdenv, ...}: stdenv.mkDerivation {
name = "dotfiles";
version = "0.1.0";
src = builtins.fetchGit {
url = "git@git.nirgendwo.xyz:janis/dotfiles.git";
rev = "a5fcc6a741eb21e9a729b4c001ce069c485bccc1";
ref = "main";
};
dontConfigure = true;
dontBuild = true;
installPhase = ''
runHook preInstall
mkdir -p $out
cp -r . $out
runHook postInstall
'';
meta = {
homepage = "https://git.nirgendwo.xyz/janis/dotfiles";
description = "My personal dotfiles";
license = lib.licenses.mit;
platforms = lib.platforms.linux;
};
}

20
pkgs/nordvpn-rofi.nix
View file

@ -1,20 +0,0 @@
{writeShellApplication, dotfiles, bash, jq, rofi, nordvpn, coreutils, ...}:
writeShellApplication {
name = "nordvpn-rofi";
runtimeInputs = [ jq rofi nordvpn coreutils bash ];
# shellcheck errors or warnings that should be ignored:
excludeShellChecks = [
"SC2015" # we use && true || false superfluously, but correctly.
"SC2016" # we use single quotes specifically to avoid variable expansion.
];
# don't set errexit, as this script needs functions to be able to error out
bashOptions = [
"pipefail"
"nounset"
];
text = builtins.readFile "${dotfiles}/.local/bin/nordvpn-rofi.sh";
}

138
pkgs/nordvpn.nix
View file

@ -1,138 +0,0 @@
{
autoPatchelfHook,
buildFHSEnvChroot ? false,
buildFHSUserEnv ? false,
dpkg,
fetchurl,
lib,
stdenv,
sysctl,
iptables,
iproute2,
procps,
cacert,
libxml2,
libidn2,
libnl,
libcap,
libcap_ng,
zlib,
makeWrapper,
wireguard-tools,
}:
let
buildEnv = if builtins.typeOf buildFHSEnvChroot == "set" then buildFHSEnvChroot else buildFHSUserEnv;
pname = "nordvpn";
version = "4.0.0";
janis-bhm = {
name = "Janis B.";
email = "janis@nirgendwo.xyz";
github = "janis-bhm";
};
libxml2_13 = libxml2.overrideAttrs rec {
version = "2.13.8";
src = fetchurl {
url = "mirror://gnome/sources/libxml2/${lib.versions.majorMinor version}/libxml2-${version}.tar.xz";
hash = "sha256-J3KUyzMRmrcbK8gfL0Rem8lDW4k60VuyzSsOhZoO6Eo=";
};
};
nordvpnd = buildEnv {
name = "nordvpnd";
runScript = "nordvpnd";
extraBuildCommands = ''
mkdir -p $out/usr/lib
ln -s ${nordvpn}/lib/nordvpn $out/usr/lib/nordvpn
'';
targetPkgs = pkgs: with pkgs; [
nordvpn
iproute2
iptables
procps
sysctl
makeWrapper
wireguard-tools
zlib
cacert
];
};
nordvpn = stdenv.mkDerivation {
inherit pname version;
src = fetchurl {
url = "https://repo.nordvpn.com/deb/nordvpn/debian/pool/main/n/nordvpn/nordvpn_${version}_amd64.deb";
hash = "sha256-elKREKiFrx2TgJPJl1ARtEebsv4PNG9fMq2mrV9xngs=";
};
buildInputs = [
libxml2_13
libidn2
libnl
libcap
libcap_ng
];
nativeBuildInputs = [
dpkg
autoPatchelfHook
stdenv.cc.cc.lib
libxml2
];
dontConfigure = true;
dontBuild = true;
unpackPhase = ''
runHook preUnpack
dpkg --extract $src .
runHook postUnpack
'';
installPhase = ''
runHook preInstall
mkdir -p $out
mv usr/sbin/nordvpnd usr/bin/nordvpnd
mv usr/* $out/
mv var/ $out/
runHook postInstall
'';
# wrap nordvpnd with iproute2, procps, sysctl, iptables path prefixes
# postInstall = ''
# wrapProgram $out/bin/nordvpnd \
# --prefix PATH : "${lib.makeBinPath [ iproute2 ]}" \
# --prefix PATH : "${lib.makeBinPath [ procps ]}" \
# --prefix PATH : "${lib.makeBinPath [ sysctl ]}" \
# --prefix PATH : "${lib.makeBinPath [ iptables ]}" '';
};
in stdenv.mkDerivation {
inherit pname version;
dontConfigure = true;
dontBuild = true;
dontUnpack = true;
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/share
ln -s ${nordvpn}/bin/nordvpn $out/bin
ln -s ${nordvpnd}/bin/nordvpnd $out/bin
ln -s ${nordvpn}/share/* $out/share
ln -s ${nordvpn}/var $out
runHook postInstall
'';
meta = with lib; {
description = "CLI client for NordVPN";
homepage = "https://www.nordvpn.com";
license = licenses.unfree;
maintainers = with maintainers; [ janis-bhm ];
platforms = [ "x86_64-linux" ];
};
}

138
pkgs/nordvpn2.nix
View file

@ -1,138 +0,0 @@
{ pkgs, lib, gcc, autoPatchelfHook, ... }:
let
patchedPkgs = pkgs.appendOverlays [
(final: prev: {
# Nordvpn uses a patched openvpn in order to perform xor obfuscation
# See https://github.com/NordSecurity/nordvpn-linux/blob/e614303aaaf1a64fde5bb1b4de1a7863b22428c4/ci/openvpn/check_dependencies.sh
openvpn = prev.openvpn.overrideAttrs (old: {
patches = (old.patches or [ ]) ++ [
(prev.fetchpatch {
url =
"https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/02-tunnelblick-openvpn_xorpatch-a.diff";
hash = "sha256-b9NiWETc0g2a7FNwrLaNrWx7gfCql7VTbewFu3QluFk=";
})
(prev.fetchpatch {
url =
"https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/03-tunnelblick-openvpn_xorpatch-b.diff";
hash = "sha256-X/SshB/8ItLFBx6TPhjBwyA97ra0iM2KgsGqGIy2s9I=";
})
(prev.fetchpatch {
url =
"https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/04-tunnelblick-openvpn_xorpatch-c.diff";
hash = "sha256-fw0CxJGIFEydIVRVouTlD1n275eQcbejUdhrU1JAx7g=";
})
(prev.fetchpatch {
url =
"https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/05-tunnelblick-openvpn_xorpatch-d.diff";
hash = "sha256-NLRtoRVz+4hQcElyz4elCAv9l1vp4Yb3/VJef+L/FZo=";
})
(prev.fetchpatch {
url =
"https://github.com/Tunnelblick/Tunnelblick/raw/master/third_party/sources/openvpn/openvpn-${old.version}/patches/06-tunnelblick-openvpn_xorpatch-e.diff";
hash = "sha256-mybdjCIT9b6ukbGWYvbr74fKtcncCtTvS5xSVf92T6Y=";
})
];
});
})
];
nordvpn = pkgs.buildGoModule rec {
pname = "nordvpn";
version = "3.19.0";
#src = ./.;
src = pkgs.fetchFromGitHub {
owner = "NordSecurity";
repo = "nordvpn-linux";
rev = "e614303aaaf1a64fde5bb1b4de1a7863b22428c4";
sha256 = "sha256-uIzG9QIVwax0Cop2VuDzy033efEBudFnGNj7osT/x2g";
};
nativeBuildInputs = with pkgs; [ pkg-config gcc ];
buildInputs = with pkgs; [ libxml2 gcc ];
vendorHash = "sha256-h5G5J/Sw0277pDzVXT6b3BX0KUbtyN8ujITfYp5PmgE";
ldflags = [
"-X main.Version=${version}"
"-X main.Environment=dev"
"-X main.Salt=development"
"-X main.Hash=${src.rev}"
];
buildPhase = ''
runHook preBuild
echo "Building nordvpn CLI..."
export LDFLAGS="${builtins.concatStringsSep " " ldflags}"
go build -ldflags "$LDFLAGS" -o bin/nordvpn ./cmd/cli
echo "Building nordvpn user..."
go build -ldflags "$LDFLAGS" -o bin/norduserd ./cmd/norduser
# Fix missing include in a library preventing compilation
chmod +w vendor/github.com/jbowtie/gokogiri/xpath/
sed -i '6i#include <stdlib.h>' vendor/github.com/jbowtie/gokogiri/xpath/expression.go
echo "Building nordvpn daemon..."
go build -ldflags "$LDFLAGS" -o bin/nordvpnd ./cmd/daemon
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out/lib/nordvpn/
mv bin/norduserd $out/lib/nordvpn/
ln -s ${patchedPkgs.openvpn}/bin/openvpn $out/lib/nordvpn/openvpn
ln -s ${pkgs.wireguard-tools}/bin/wg $out/lib/nordvpn/wg
# Nordvpn needs icons for the system tray
mkdir -p $out/share/icons/hicolor/scalable/apps
nordvpn_asset_prefix="nordvpn-" # hardcoded image prefix
cp assets/icon.svg $out/share/icons/hicolor/scalable/apps/nordvpn.svg # Does not follow convention
for file in assets/*.svg; do
cp "$file" "$out/share/icons/hicolor/scalable/apps/''${nordvpn_asset_prefix}$(basename "$file")"
done
mkdir -p $out/bin
cp bin/* $out/bin
runHook postInstall
'';
meta = with pkgs.lib; {
description = "NordVPN CLI and daemon application for Linux";
homepage = "https://github.com/nordsecurity/nordvpn-linux";
mainProgram = "nordvpn";
license = licenses.gpl3;
platforms = platforms.linux;
};
};
in pkgs.buildFHSEnv {
name = "nordvpnd";
targetPkgs = with pkgs;
pkgs: [
nordvpn
sysctl
iptables
iproute2
procps
cacert
libxml2
libidn2
zlib
wireguard-tools
patchedPkgs.openvpn
e2fsprogs # for chattr
];
extraInstallCommands = ''
mkdir -p $out/bin/
printf "#!${pkgs.bash}/bin/bash\n${nordvpn}/bin/nordvpn \"\$@\"" > $out/bin/nordvpn
chmod +x $out/bin/nordvpn
'';
runScript = ''
${nordvpn}/bin/nordvpnd
'';
}

8
pkgs/overlay.nix
View file

@ -1,8 +0,0 @@
final: prev: {
nordvpn = prev.callPackage ./nordvpn.nix {};
nordvpn-rofi = prev.callPackage ./nordvpn-rofi.nix {};
screenshot = prev.callPackage ./screenshot.nix {};
dotfiles = prev.callPackage ./dotfiles.nix {};
# tree-sitter-slang = prev.callPackage ./tree-sitter-slang.nix {};
wpaperd-patched = prev.callPackage ./wpaperd.nix {};
}

15
pkgs/screenshot.nix
View file

@ -1,15 +0,0 @@
{writeShellApplication, dotfiles, slurp, grim, sway, wl-clipboard, imagemagick, jq, coreutils, ...}: writeShellApplication {
name = "screenshot";
runtimeInputs = [
slurp
grim
wl-clipboard
sway
coreutils
imagemagick
jq
];
text = builtins.readFile "${dotfiles}/.local/bin/screenshot";
}

10
pkgs/tree-sitter-slang.nix
View file

@ -1,10 +0,0 @@
{pkgs, fetchFromGitHub, tree-sitter, ...}: tree-sitter.buildGrammar {
language = "slang";
version = "0.1.0";
src = fetchFromGitHub {
owner = "tree-sitter-grammars";
repo = "tree-sitter-slang";
rev = "5b0adf65710c3a7c265f0451ed6b4789410cbe63";
hash = "sha256-uFU8hdz6APzrc9JUib47cmBd5kSnbSh0CbSqSbEfkoc=";
};
}

40
pkgs/wpaperd.nix
View file

@ -1,40 +0,0 @@
{
lib,
rustPlatform,
fetchFromGitHub,
pkg-config,
libxkbcommon,
wayland,
libGL,
}:
rustPlatform.buildRustPackage {
pname = "wpaperd-patched";
version = "1.2.1";
src = fetchFromGitHub {
owner = "janis-bhm";
repo = "wpaperd";
rev = "main";
hash = "sha256-bqsr4tOA2ZOoz8Y7m9A3O+gUIFsJ6gvP2wjUYExyuGI=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-Vz5x9V+q5OwRR/GdiM/kEEfENSQ+KyN3DKM35NHuzAk=";
nativeBuildInputs = [
pkg-config
];
buildInputs = [
wayland
libGL
libxkbcommon
];
meta = with lib; {
description = "Minimal wallpaper daemon for Wayland";
license = licenses.gpl3Plus;
platforms = platforms.linux;
mainProgram = "wpaperd";
};
}

5
programs/default.nix
View file

@ -1,5 +0,0 @@
{...}: {
imports = [
./nordvpn.nix
];
}

52
programs/nordvpn.nix
View file

@ -1,52 +0,0 @@
{pkgs, ...}: let
# nordvpn = pkgs.callPackage ../pkgs/nordvpn.nix {};
# nordvpn-rofi = pkgs.callPackage ../pkgs/nordvpn-rofi.nix {};
in {
environment.systemPackages = with pkgs; [
nordvpn
nordvpn-rofi
];
users.groups.nordvpn = {};
# service definition
systemd.services.nordvpnd = {
enable = true;
description = "NordVPN Daemon";
wants = [ "nordvpnd.socket" ];
after = [ "network-pre.target" ];
wantedBy = [ "default.target" ];
serviceConfig = {
ExecStart = "${pkgs.nordvpn}/bin/nordvpnd";
NonBlocking = "true";
KillMode = "process";
Restart = "on-failure";
RestartSec = "5";
RuntimeDirectory = "nordvpn";
RuntimeDirectoryMode= "0750";
Group = "nordvpn";
# User = "root"; # uncomment if needed
};
};
# socket definition
systemd.sockets.nordvpnd = {
enable = true;
description = "NordVPN Daemon Socket";
partOf = [ "nordvpnd.service" ];
listenStreams = [ "/run/nordvpn/nordvpnd.sock" ];
socketConfig = {
NoDelay = "true";
SocketGroup = "nordvpn";
SocketMode = "0770";
DirectoryMode = "0750";
};
wantedBy = [ "sockets.target" ];
};
# system.activationScripts."nordvpn-settings".text = ''
# ${pkgs.nordvpn}/bin/nordvpn set dns 9.9.9.9 149.112.112.112 1.1.1.1
# ${pkgs.nordvpn}/bin/nordvpn allowlist add subnet 192.168.0.0/16
# '';
}

32
programs/nordvpn2.nix
View file

@ -1,32 +0,0 @@
{config, lib, pkgs, ...}: {
systemd = {
services.nordvpn = {
description = "NordVPN daemon.";
serviceConfig = {
ExecStart = "${pkgs.nordvpn}/bin/nordvpnd";
ExecStartPre = ''
${pkgs.bash}/bin/bash -c '\
mkdir -m 700 -p /var/lib/nordvpn; \
if [ -z "$(ls -A /var/lib/nordvpn)" ]; then \
cp -r ${pkgs.nordvpn}/var/lib/nordvpn/* /var/lib/nordvpn; \
fi'
'';
NonBlocking = true;
KillMode = "process";
Restart = "on-failure";
RestartSec = 5;
RuntimeDirectory = "nordvpn";
RuntimeDirectoryMode = "0750";
Group = "nordvpn";
};
wantedBy = [ "multi-user.target" ];
#after = [ "network-online.target" ];
#wants = [ "network-online.target" ];
};
services.NetworkManager-wait-online.enable = lib.mkForce false;
};
environment.systemPackages = with pkgs; [
nordvpn
];
}

201
system/default.nix
View file

@ -1,201 +0,0 @@
{inputs, lib, pkgs, config, ...}: {
imports = [
../options.nix
];
environment.systemPackages = with pkgs; [
# Basic utilities
zsh
wget
curl
git
vim
htop
linux-firmware
linuxHeaders
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
system = {
stateVersion = "25.05";
activationScripts = {
rfkill-unblock = {
text = ''
rfkill unblock all
'';
deps = [];
};
};
};
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
# timeout = 0;
};
# kernelModules = [];
# kernelPackages = pkgs.linuxPackages_zen;
};
hardware = {
enableAllFirmware = true;
amdgpu.initrd.enable = true;
graphics = {
enable = true;
enable32Bit = true;
};
};
security = {
polkit.enable = true;
rtkit.enable = true;
sudo.wheelNeedsPassword = false; # Allow sudo without password
};
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
liberation_ttf
roboto
roboto-mono
twitter-color-emoji
nerd-fonts.fira-code
nerd-fonts.fira-mono
unicode-emoji
fira-sans
font-awesome
fira-mono
fira-code
material-icons
source-sans
source-code-pro
pkgs.nur.repos.redpz.sf-mono
inputs.apple-fonts.packages.${pkgs.system}.sf-pro-nerd
inputs.apple-fonts.packages.${pkgs.system}.sf-mono-nerd
inputs.apple-fonts.packages.${pkgs.system}.sf-compact-nerd
inputs.apple-fonts.packages.${pkgs.system}.ny-nerd
];
fontconfig = {
defaultFonts = {
monospace = ["SF Mono" "Fira Mono" "Noto Mono"];
serif = ["Noto Serif"];
sansSerif = ["SF Pro Text" "Noto Sans" "Roboto"];
emoji = ["Twitter Color Emoji" "Noto Emoji"];
};
};
};
networking = {
nameservers = [ "9.9.9.9#dns.quad9.net" "1.1.1.1#one.one.one.one" ];
# networkmanager.wifi.backend = "iwd";
# networkmanager.enable = true;
wireless.iwd = {
enable = true;
settings = {
Settings ={
AutoConnect = true;
};
};
};
firewall = {
enable = true;
# ssh: 22 TCP
# cups: 631 TCP
# syncthing:
# 22000 TCP and/or UDP for sync traffic
# 21027/UDP for discovery
allowedTCPPorts = [ 22 22000 631 ];
allowedUDPPorts = [ 22000 21027 ];
};
};
time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_GB.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "uk";
};
services = {
qemuGuest.enable = config.vmGuest;
spice-vdagentd.enable = config.vmGuest;
dbus.implementation = "broker";
connman = {
enable = true;
wifi.backend = "iwd"; # Use iwd for Wi-Fi management.
extraFlags = [ "--nodnsproxy" ];
};
resolved = {
enable = true;
dnssec = "true";
domains = ["~."];
fallbackDns = [ "9.9.9.9#dns.quad9.net" "149.112.112.112#dns.quad9.net" "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
dnsovertls = "true";
};
thermald.enable = config.useThermald;
tlp = lib.mkIf (config.has_battery) {
enable = true;
settings = {
START_CHARGE_THRESH_BAT0 = 50;
STOP_CHARGE_THRESH_BAT0 = 85;
};
} // config.tlpConfig or {};
auto-cpufreq = lib.mkIf (config.has_battery) {
enable = true;
settings = {
battery = {
governor = "powersave"; # Set the CPU governor to powersave.
energy_performance_preference = "powersave";
turbo = "never";
# enable_thresholds = true;
# start_threshold = 50;
# stop_threshold = 90;
};
charger = {
governor = "performance"; # Set the CPU governor to performance when charging.
turbo = "auto";
};
};
} // config.cpufreqConfig or {};
pipewire = {
enable = true;
pulse.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
};
openssh = {
enable = true;
settings = {
PasswordAuthentication = true; # Enable password authentication.
PermitRootLogin = "yes"; # Allow root login (not recommended for production).
};
};
libinput.enable = true;
};
}

2
upload.sh
View file

@ -30,4 +30,4 @@ echo "IP: $VM_IP"
# done
# Synchronize the NixOS configuration with rsync
sshpass -p "$PASSWORD" rsync -avz new/ "$USER@$VM_IP:/etc/nixos/new"
sshpass -p "$PASSWORD" rsync -avz config/ "$USER@$VM_IP:/etc/nixos/"

45
user/default.nix
View file

@ -1,45 +0,0 @@
{config, pkgs, ...}:
let
user = import ../data/user.nix {};
in {
imports = [
../options.nix
];
users.users.${user.username} = {
shell = pkgs.zsh;
group = "users";
home = "/home/${user.username}";
createHome = true;
isNormalUser = true;
extraGroups = [ "wheel" "input" "nordvpn" "networkmanager" ];
};
programs.zsh.enable = true;
programs.dconf.enable = true;
programs.ssh = {
startAgent = true;
};
services = {
udisks2.enable = true;
# xserver.enable = true;
# xserver.displayManager.sddm.enable = true;
greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd 'dbus-run-session sway'";
user = "greeter";
};
};
};
};
home-manager.users.${user.username} = { ... }: {
imports = [ ../home ];
};
home-manager.extraSpecialArgs = {
super-config = config;
};
}