Compare commits

..

12 commits

168 changed files with 14902 additions and 6018 deletions

4
.git-crypt/.gitattributes vendored Normal file
View file

@ -0,0 +1,4 @@
# Do not edit this file. To specify the files to encrypt, create your own
# .gitattributes file in the directory where your files are.
* !filter !diff
*.gpg binary

2
.gitattributes vendored Normal file
View file

@ -0,0 +1,2 @@
secrets/*.secret filter=git-crypt diff=git-crypt
secrets/wireguard.nix filter=git-crypt diff=git-crypt

View file

@ -1,98 +0,0 @@
name: "Cachix"
on:
push:
paths:
- '**.nix'
- '**.age'
- 'pkgs/**'
- 'flake.nix'
- 'flake.lock'
- '.github/workflows/cachix.yaml'
jobs:
format-check:
name: Format check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v27
- name: Run alejandra
run: nix develop --command alejandra --check .
flake-check:
name: Flake check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v15
with:
name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: "nix-community"
- name: Build package
run: nix flake check
build-pkgs:
name: Nix packages
runs-on: ubuntu-latest
needs: [ flake-check, format-check ]
strategy:
fail-fast: false
matrix:
name:
- grafanaDashboards/nginx
- grafanaDashboards/node-exporter
- kaleidoscope-udev-rules
- sddm-sugar-candy
- spot
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v15
with:
name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: "nix-community"
- name: Build package
run: nix build -L .#"${{ matrix.name }}"
build-configs:
name: NixOS configs
runs-on: ubuntu-latest
needs: [ build-pkgs ]
strategy:
fail-fast: false
matrix:
name:
- boreal
- hades
- talos
- thanatos
steps:
- name: Delete huge unnecessary tools folder
run: rm -rf /opt/hostedtoolcache
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v15
with:
name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: "nix-community"
- name: Build package
run: nix build -L .#nixosConfigurations."${{ matrix.name }}".config.system.build.toplevel

View file

@ -1,17 +0,0 @@
name: "NUR"
on:
push:
branches:
- 'main'
paths:
- 'pkgs/**'
- '.github/workflows/nur-update.yaml'
jobs:
update-nur:
name: "Ping NUR repo hook"
runs-on: ubuntu-latest
steps:
- name: curl nur endpoint
run: |
curl -XPOST https://nur-update.nix-community.org/update?repo=alarsyo

1
.gitignore vendored
View file

@ -1 +0,0 @@
/result

View file

@ -1,25 +1,46 @@
#+title: NixOS configurations #+title: NixOS deployment configuration
Configuration for my computers! You may find here system configurations for * Services
various services I host, as well as my dotfiles for daily programs.
** Packages ** Bitwarden
Various packages of mine can be found in this repo. You can easily use these Password manager, Rust lightweight version.
packages from Nix by [[https://github.com/nix-community/NUR][setting up the Nix User Repository]].
*** Flake ** Borg backup
If you prefer, theses packages are also exposed as a *flake* in this repo: Creating daily backups to borgbase
- To list packages: ** fail2ban
#+begin_src sh Keeping the bad guys away
nix flake show
#+end_src
- To install one of them: ** Gitea
#+begin_src sh Hosting for all my personal projects
nix build github:alarsyo/nixos-config#$PACKAGE
#+end_src ** Jellyfin
Netflix but just for me
** Lohr
*** Setup
Needs manual SSH key and known hosts setup.
** Matrix
My Matrix homeserver at =alarsyo.net=. Also hosting an Element web client at
[[https://chat.alarsyo.net][chat.alarsyo.net]].
** Miniflux
RSS reader
** Monitoring
Grafana and Prometheus are currently used as a glorified =htop=.
** Nextcloud
** Wireguard VPN

View file

@ -1,6 +1,6 @@
{...}: { { ... }:
{
imports = [ imports = [
./gui-programs.nix
./networking.nix ./networking.nix
./nix.nix ./nix.nix
./programs.nix ./programs.nix

View file

@ -1,95 +1,19 @@
{ pkgs, ... }:
{ {
pkgs, environment.systemPackages = with pkgs; [
lib, alacritty
config,
options,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
optional
;
in {
options.my.gui = {
enable = mkEnableOption "System has some kind of screen attached";
isNvidia = mkEnableOption "System a NVIDIA GPU";
};
config = mkIf config.my.gui.enable {
my.displayManager.sddm.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
};
services = {
xserver = {
enable = true;
# NOTE: could use `mkOptionDefault` but this feels more explicit
videoDrivers =
if config.my.gui.isNvidia
then ["nvidia"]
else options.services.xserver.videoDrivers.default;
xkb = {
layout = "fr";
variant = "us";
};
};
libinput = {
enable = true;
touchpad = {
naturalScrolling = true;
};
};
logind.lidSwitch = "ignore";
printing = {
enable = true;
cups-pdf.enable = true;
};
udev.packages = [pkgs.chrysalis];
};
environment.systemPackages = builtins.attrValues {
inherit
(pkgs)
arandr
chrysalis
discord discord
feh feh
ffmpeg firefox
gimp-with-plugins
imagemagick
mpv
obs-studio
pavucontrol pavucontrol
slack
spotify spotify
tdesktop
thunderbird
virt-manager
xcolor
zathura zathura
; ];
inherit (pkgs.libsForQt5) okular;
};
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
programs.nm-applet.enable = true; programs.nm-applet.enable = true;
programs.steam.enable = true;
# this is necessary to set GTK stuff in home manager
# FIXME: better interdependency between this and the home part
programs.dconf.enable = true;
# NOTE: needed for home emacs configuration # NOTE: needed for home emacs configuration
nixpkgs.config.input-fonts.acceptLicense = true; nixpkgs.config.input-fonts.acceptLicense = true;
};
} }

View file

@ -1,11 +1,6 @@
{lib, ...}: let { lib, ... }:
inherit {
(lib) options.my.networking.externalInterface = with lib; mkOption {
mkOption
types
;
in {
options.my.networking.externalInterface = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = "eth0"; example = "eth0";

View file

@ -1,27 +1,26 @@
{pkgs, ...}: { { pkgs, ... }:
{
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nix = { nix = {
package = pkgs.nixStable; package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
gc = { binaryCaches = [
automatic = true;
dates = "weekly";
options = "--delete-older-than 60d";
persistent = true;
};
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-users = ["@wheel"];
substituters = [
"https://alarsyo.cachix.org" "https://alarsyo.cachix.org"
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
]; ];
trusted-public-keys = [ binaryCachePublicKeys = [
"alarsyo.cachix.org-1:A6BmcaJek5+ZDWWv3fPteHhPm6U8liS9CbDbmegPfmk=" "alarsyo.cachix.org-1:A6BmcaJek5+ZDWWv3fPteHhPm6U8liS9CbDbmegPfmk="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
]; ];
gc = {
automatic = true;
dates = "03:15";
options = "--delete-older-than 30d";
}; };
}; };
} }

View file

@ -1,49 +1,40 @@
{pkgs, ...}: { { pkgs, ... }:
{
programs = { programs = {
fish.enable = true; fish.enable = true;
gnupg.agent = {
enable = true;
pinentryFlavor = "curses";
};
less.enable = true; less.enable = true;
mosh.enable = true; mosh.enable = true;
tmux.enable = true; ssh = {
startAgent = true;
# setcap wrapper for network permissions extraConfig = ''
bandwhich.enable = true; AddKeysToAgent yes
}; '';
services.openssh = {
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
StreamLocalBindUnlink = true;
}; };
}; };
environment.systemPackages = builtins.attrValues { environment.systemPackages = with pkgs; [
inherit
(pkgs)
# shell usage # shell usage
bat bat
fd fd
file
ripgrep ripgrep
tree tree
packages.tmux-thumbs
wget wget
pciutils
usbutils
# development
# development
git git
git-crypt git-crypt
git-lfs
gnumake
gnupg gnupg
pinentry-curses
python3 python3
vim vim
# terminal utilities
# terminal utilities
htop htop
unzip stow
zip ];
;
};
} }

View file

@ -1,29 +1,22 @@
{ { config, lib, pkgs, ... }:
config, let
lib,
pkgs,
...
}: let
secrets = config.my.secrets; secrets = config.my.secrets;
in { in
{
users.mutableUsers = false; users.mutableUsers = false;
users.users.root = { users.users.root = {
hashedPasswordFile = config.age.secrets."users/root-hashed-password".path; hashedPassword = secrets.shadow-hashed-password-root;
}; };
users.users.alarsyo = { users.users.alarsyo = {
hashedPasswordFile = config.age.secrets."users/alarsyo-hashed-password".path; hashedPassword = secrets.shadow-hashed-password-alarsyo;
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
"media" "media"
"networkmanager" "networkmanager"
"video" # for `light` permissions
"docker"
"wheel" # Enable sudo for the user. "wheel" # Enable sudo for the user.
"libvirtd"
]; ];
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMbf1C55Hgprm4Y7iNHae2UhZbLa6SNeurDTOyq2tr1G alarsyo@yubikey"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad"
]; ];
}; };

View file

@ -1,14 +1,17 @@
{...}: { { ... }:
{
imports = [ imports = [
# Default configuration # Default configuration
./base ./base
./base/gui-programs.nix
# Module definitions
./modules
# Service definitions # Service definitions
./services ./services
# Configuration secrets
./secrets
# Host-specific config # Host-specific config
./hosts/boreal ./hosts/boreal
]; ];

View file

@ -1,219 +1,65 @@
{ {
"nodes": { "nodes": {
"agenix": { "emacs-overlay": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": { "locked": {
"lastModified": 1716561646, "lastModified": 1618653777,
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", "narHash": "sha256-jSG1i83pmKwAx6QtkVjyCQT+/LvMEMEVeVDZcOFjRTg=",
"owner": "ryantm",
"repo": "agenix",
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1717032306,
"narHash": "sha256-s3Sis+M1qTSVIehHrEKBzHBpqprIFJli5V6WojkJnYE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "emacs-overlay",
"rev": "8ea5bcccc03111bdedaeaae9380dfab61e9deb33", "rev": "905883cd5de24958bfd354c6e335f38f667e7ede",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "master", "ref": "master",
"repo": "disko", "repo": "emacs-overlay",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github" "type": "github"
} }
}, },
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"agenix", "nixpkgs-unstable"
"nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1703113217, "lastModified": 1618789951,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "narHash": "sha256-EoQxcVIiaqjUwwTl1YF3zGnXtzEvOUDL3SBZ8ASELvU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "rev": "6aa6556bcab6dc0f6398b4daa8404d788fd7a6a2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1729298361,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729360442,
"narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=",
"rev": "9098ac95768f7006d7e070b88bae76939f6034e6",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1731797098,
"narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master", "ref": "master",
"repo": "nixos-hardware", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1703013332, "lastModified": 1618149891,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "narHash": "sha256-Sz3DzI1k49Puq+F5KRBsaN3gRXHDzCTG6AwK29Znw0M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "rev": "a7ff7a57c96588fd89370568b72751dd15d24e72",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-20.09",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1618072958,
"narHash": "sha256-QDKj58ECixtb4EJMWV5D5Lb2xdCgab1Opi4zjQWbDOg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a73020b2a150322c9832b50baeb0296ba3b13dd7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -223,109 +69,12 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1729493358,
"narHash": "sha256-Ti+Y9nWt5Fcs3JlarxLPgIOVlbqQo7jobz/qOwOaziM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a5e6a9e979367ee14f65d9c38119c30272f8455f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1716914467,
"narHash": "sha256-KkT6YM/yNQqirtYj/frn6RRakliB8RDvGqVGGaNhdcU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1731797254,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "emacs-overlay": "emacs-overlay",
"disko": "disko", "home-manager": "home-manager",
"flake-utils": "flake-utils", "nixpkgs": "nixpkgs",
"home-manager": "home-manager_2", "nixpkgs-unstable": "nixpkgs-unstable"
"lix-module": "lix-module",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable-small": "nixpkgs-unstable-small"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
} }
} }
}, },

176
flake.nix
View file

@ -5,128 +5,79 @@
type = "github"; type = "github";
owner = "NixOS"; owner = "NixOS";
repo = "nixpkgs"; repo = "nixpkgs";
ref = "nixos-24.05"; ref = "nixos-20.09";
}; };
nixpkgs-unstable-small = { nixpkgs-unstable = {
type = "github"; type = "github";
owner = "NixOS"; owner = "NixOS";
repo = "nixpkgs"; repo = "nixpkgs";
ref = "nixos-unstable-small"; ref = "nixos-unstable";
}; };
agenix = { emacs-overlay = {
type = "github"; type = "github";
owner = "ryantm"; owner = "nix-community";
repo = "agenix"; repo = "emacs-overlay";
ref = "master";
}; };
home-manager = { home-manager = {
type = "github"; type = "github";
owner = "nix-community"; owner = "nix-community";
repo = "home-manager"; repo = "home-manager";
ref = "release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "main";
};
nixos-hardware = {
type = "github";
owner = "NixOS";
repo = "nixos-hardware";
ref = "master"; ref = "master";
}; inputs.nixpkgs.follows = "nixpkgs-unstable";
disko = {
type = "github";
owner = "nix-community";
repo = "disko";
ref = "master";
};
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = { outputs = { self, nixpkgs, nixpkgs-unstable, emacs-overlay, home-manager }: {
self, nixosConfigurations.poseidon = nixpkgs.lib.nixosSystem rec {
nixpkgs,
home-manager,
agenix,
disko,
lix-module,
...
} @ inputs:
{
nixosModules = {
home = {
home-manager.backupFileExtension = "hm-backup";
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alarsyo = import ./home;
home-manager.verbose = true;
};
};
overlays = import ./overlays;
nixosConfigurations = let
system = "x86_64-linux"; system = "x86_64-linux";
shared_overlays =
[
(self: super: {
packages = import ./pkgs {pkgs = super;};
# packages accessible through pkgs.unstable.package
unstable = import inputs.nixpkgs-unstable-small {
inherit system;
config.allowUnfree = true;
};
})
agenix.overlays.default
]
++ builtins.attrValues self.overlays;
sharedModules =
[
agenix.nixosModules.default
home-manager.nixosModules.default
lix-module.nixosModules.default
{
nixpkgs = {
overlays = shared_overlays;
config.permittedInsecurePackages = [];
};
hardware.enableRedistributableFirmware = true;
}
]
++ (nixpkgs.lib.attrValues self.nixosModules);
in {
hades = nixpkgs.lib.nixosSystem rec {
inherit system;
modules = modules =
[ [
./hades.nix ./poseidon.nix
]
++ sharedModules;
};
boreal = nixpkgs.lib.nixosSystem rec { {
inherit system; nixpkgs.overlays =
let
pkgsUnstable = nixpkgs-unstable.legacyPackages.${system};
in
[
# packages accessible through pkgs.unstable.package
(final: prev: {
unstable = pkgsUnstable;
})
(final: prev: {
bitwarden_rs = pkgsUnstable.bitwarden_rs;
bitwarden_rs-vault = pkgsUnstable.bitwarden_rs-vault;
})
];
}
];
};
nixosConfigurations.boreal = nixpkgs-unstable.lib.nixosSystem rec {
system = "x86_64-linux";
modules = modules =
[ [
./boreal.nix ./boreal.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alarsyo = import ./home;
home-manager.verbose = true;
}
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
emacs-overlay.overlay
(self: super: {
packages = import ./packages { pkgs = super; };
})
# uncomment this to build everything from scratch, fun but takes a # uncomment this to build everything from scratch, fun but takes a
# while # while
# #
@ -135,42 +86,7 @@
# }) # })
]; ];
} }
]
++ sharedModules;
};
talos = nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
disko.nixosModules.default
./talos.nix
]
++ sharedModules;
};
thanatos = nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
disko.nixosModules.default
./thanatos.nix
]
++ sharedModules;
};
};
}
// inputs.flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
in {
packages =
inputs.flake-utils.lib.flattenTree
(import ./pkgs {inherit pkgs;});
devShells.default = pkgs.mkShellNoCC {
buildInputs = [
pkgs.alejandra
]; ];
}; };
}); };
} }

View file

@ -1,23 +0,0 @@
{...}: {
imports = [
# Default configuration
./base
# Module definitions
./modules
# Service definitions
./services
# Host-specific config
./hosts/hades
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

View file

@ -1,51 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.alacritty;
alacrittyTheme = config.my.theme.alacrittyTheme;
in {
options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // {default = config.my.home.x.enable;};
config = mkIf cfg.enable {
programs.alacritty = {
enable = true;
settings = {
env = {
WINIT_X11_SCALE_FACTOR = "1.0";
};
window = {
padding = {
x = 8;
y = 8;
};
};
font = {
normal = {
family = "Iosevka Fixed";
style = "Medium";
};
size = 10.0;
};
colors = alacrittyTheme;
};
};
home.packages = [pkgs.iosevka-bin];
# make sure font is discoverable
fonts.fontconfig.enable = true;
};
}

View file

@ -1,28 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.bat;
batTheme = config.my.theme.batTheme;
in {
options.my.home.bat = {
enable = (mkEnableOption "bat code display tool") // {default = true;};
};
config = mkIf cfg.enable {
programs.bat = {
enable = true;
config = {
theme = batTheme.name;
};
};
};
}

View file

@ -1,34 +1,13 @@
{config, ...}: { { ... }:
{
imports = [ imports = [
./alacritty.nix
./bat.nix
./direnv.nix
./emacs.nix ./emacs.nix
./env.nix
./firefox.nix
./fish
./flameshot.nix ./flameshot.nix
./git.nix
./gtk.nix
./laptop.nix
./mail.nix
./rbw.nix
./rofi.nix
./ssh.nix
./themes
./tmux.nix ./tmux.nix
./tridactyl.nix
./x ./x
]; ];
home.username = "alarsyo"; home.stateVersion = "20.09";
home.sessionVariables = let home.username = "alarsyo";
gpgPackage = config.programs.gpg.package;
in {
BROWSER = "firefox";
# FIXME: only set if gpg-agent not in use, otherwise home manager already does that
SSH_AUTH_SOCK = "$(${gpgPackage}/bin/gpgconf --list-dirs agent-ssh-socket)";
XDG_DATA_HOME = "$HOME/.local/share";
};
} }

View file

@ -1,26 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.direnv;
in {
options.my.home.direnv = {
enable = (mkEnableOption "setup direnv usage") // {default = true;};
};
config = mkIf cfg.enable {
programs.direnv = {
enable = true;
nix-direnv = {
enable = true;
};
};
};
}

View file

@ -1,36 +1,17 @@
{ config, lib, pkgs, ... }:
{ {
config, options.my.home.emacs = with lib; {
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
in {
options.my.home.emacs = {
enable = mkEnableOption "Emacs daemon configuration"; enable = mkEnableOption "Emacs daemon configuration";
}; };
config = mkIf config.my.home.emacs.enable { config = lib.mkIf config.my.home.emacs.enable {
home.sessionPath = ["${config.xdg.configHome}/emacs/bin"]; home.packages = with pkgs; [
home.sessionVariables = {
EDITOR = "emacsclient -t";
};
home.packages = builtins.attrValues {
inherit
(pkgs)
sqlite # needed by org-roam sqlite # needed by org-roam
# fonts used by my config # fonts used by my config
input-fonts
emacs-all-the-icons-fonts emacs-all-the-icons-fonts
iosevka-bin ];
;
};
# make sure above fonts are discoverable # make sure above fonts are discoverable
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
@ -38,13 +19,11 @@ in {
enable = true; enable = true;
# generate emacsclient desktop file # generate emacsclient desktop file
client.enable = true; client.enable = true;
socketActivation.enable = true;
}; };
programs.emacs = { programs.emacs = {
enable = true; enable = true;
package = pkgs.emacs29-pgtk; package = pkgs.emacsPgtkGcc;
extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond epkgs.mu4e];
}; };
}; };
} }

View file

@ -1,6 +0,0 @@
{config, ...}: {
home.sessionPath = [
"${config.home.homeDirectory}/.cargo/bin"
"${config.home.homeDirectory}/.local/bin"
];
}

View file

@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.firefox;
in {
options.my.home.firefox = {
enable = (mkEnableOption "firefox config") // {default = config.my.home.x.enable;};
};
config = mkIf cfg.enable {
programs.firefox = {
enable = true;
package = pkgs.firefox.override {
nativeMessagingHosts = [
pkgs.tridactyl-native
];
};
};
};
}

View file

@ -1,39 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.fish;
in {
options.my.home.fish.enable = (mkEnableOption "Fish shell") // {default = true;};
config = mkIf cfg.enable {
home.sessionVariables = {
# automatically prompt to run program in nix-shell if it's not installed
NIX_AUTO_RUN = "1";
NIX_AUTO_RUN_INTERACTIVE = "1";
};
programs.fish = {
enable = true;
shellAliases = {
"bt" = "bluetoothctl";
};
shellAbbrs = {
"bton" = "bluetoothctl power on";
"btoff" = "bluetoothctl power off";
"btcon" = "bluetoothctl connect";
"btdis" = "bluetoothctl disconnect";
"btinfo" = "bluetoothctl info";
};
};
xdg.configFile."fish/functions" = {source = ./. + "/functions";};
};
}

View file

@ -1,23 +0,0 @@
function dock
xrandr \
--output eDP-1 --mode 1920x1080 --pos 0x120 --rotate normal \
--output HDMI-1 --off \
--output DP-1 --off \
--output DP-2 --off \
--output DP-3 --primary --mode 1920x1200 --pos 1920x0 --rotate normal \
--output DP-4 --mode 1920x1200 --pos 3840x0 --rotate normal \
--output DP-4 --off \
--output DP-5 --off
i3-msg -q '[workspace="1"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="2"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="3"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="4"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="5"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="7"]' move workspace to output eDP-1 2>/dev/null
i3-msg -q '[workspace="8"]' move workspace to output DP-4 2>/dev/null
i3-msg -q '[workspace="9"]' move workspace to output DP-4 2>/dev/null
i3-msg -q '[workspace="10"]' move workspace to output DP-4 2>/dev/null
end

View file

@ -1,16 +0,0 @@
function dock2
xrandr \
--output eDP-1 --mode 1920x1080 --pos 2560x0 --rotate normal \
--output DP-1 --primary --mode 2560x1440 --pos 0x0 --rotate normal \
--output HDMI-1 --off \
--output DP-2 --off \
--output HDMI-2 --off
i3-msg -q '[workspace="1"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="2"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="3"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="4"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="9"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="10"]' move workspace to output eDP-1 2>/dev/null
end

View file

@ -1,3 +0,0 @@
function magit
emacsclient --tty --eval '(magit-status)' --suppress-output
end

View file

@ -1,4 +0,0 @@
function nfl
set -l flags "--commit-lock-file"
nix flake update $flags $argv
end

View file

@ -1,10 +0,0 @@
function undock
xrandr \
--output eDP-1 --primary --mode 1920x1080 --pos 0x0 --rotate normal \
--output HDMI-1 --off \
--output DP-1 --off \
--output DP-2 --off \
--output DP-3 --off \
--output DP-4 --off \
--output DP-5 --off
end

View file

@ -1,8 +0,0 @@
function undock2
xrandr \
--output eDP-1 --primary --mode 1920x1080 --rotate normal \
--output DP-1 --off \
--output HDMI-1 --off \
--output DP-2 --off \
--output HDMI-2 --off
end

View file

@ -1,14 +0,0 @@
function wake -d "Wake-on-WiFi shortcut" -a host
if not set -q host[1]
echo "Usage: wake HOSTNAME"
return 1
end
switch $host
case boreal
ssh -t pi@pi.alarsyo.net "bash -ic wakywaky"
case *
echo "Unknown host!"
return 1
end
end

View file

@ -1,21 +1,13 @@
{ { config, lib, ... }:
config, let
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.flameshot; cfg = config.my.home.flameshot;
in { in
options.my.home.flameshot = { {
options.my.home.flameshot = with lib; {
enable = mkEnableOption "flameshot autolaunch"; enable = mkEnableOption "flameshot autolaunch";
}; };
config.services.flameshot = mkIf cfg.enable { config.services.flameshot = lib.mkIf cfg.enable {
enable = true; enable = true;
}; };
} }

View file

@ -1,68 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.git;
in {
options.my.home.git.enable = (mkEnableOption "Git configuration") // {default = true;};
config = mkIf cfg.enable {
programs.git = {
enable = true;
delta = {
enable = true;
options = {
syntax-theme = "Solarized (light)";
};
};
lfs.enable = true;
userEmail = "antoine@alarsyo.net";
userName = "Antoine Martin";
extraConfig = {
commit = {verbose = true;};
core = {editor = "vim";};
init = {defaultBranch = "main";};
pull = {rebase = true;};
rerere = {enabled = true;};
maintenance.prefetch.enabled = false;
};
aliases = {
push-wip = "push -o ci.skip";
push-merge = "push -o merge_request.create -o merge_request.merge_when_pipeline_succeeds -o merge_request.remove_source_branch";
push-mr = "push -o merge_request.create -o merge_request.remove_source_branch";
};
includes = [
{
condition = "gitdir:~/work/lrde/";
contents = {user = {email = "amartin@lrde.epita.fr";};};
}
{
condition = "gitdir:~/work/prologin/";
contents = {user = {email = "antoine.martin@prologin.org";};};
}
{
condition = "gitdir:~/work/epita/";
contents = {user = {email = "antoine4.martin@epita.fr";};};
}
];
ignores = [
"/.direnv/"
"/.envrc"
];
};
};
}

View file

@ -1,36 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.my.home.gtk;
in {
options.my.home.gtk = with lib; {
enable = (mkEnableOption "GTK configuration") // {default = config.my.home.x.enable;};
};
config.gtk = lib.mkIf cfg.enable {
enable = true;
font = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
gtk2 = {
# No garbage polluting my $HOME
configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
};
iconTheme = {
package = pkgs.gnome.gnome-themes-extra;
name = "Adwaita";
};
theme = {
package = pkgs.gnome.gnome-themes-extra;
name = "Adwaita";
};
};
}

View file

@ -1,14 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
;
in {
options.my.home.laptop = {
enable = mkEnableOption "Laptop settings";
};
}

View file

@ -1,189 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mapAttrs
mkEnableOption
mkIf
;
inherit
(builtins)
typeOf
;
myName = "Antoine Martin";
email_perso = "antoine@alarsyo.net";
email_lrde = "amartin@lrde.epita.fr";
email_prologin = "antoine.martin@prologin.org";
cfg = config.my.home.mail;
make_mbsync_channel = patterns:
(
if (typeOf patterns) == "list"
then {
inherit patterns;
}
else {
farPattern = patterns.far;
nearPattern = patterns.near;
}
)
// {
extraConfig = {
Create = "Both";
Expunge = "Both";
Remove = "None";
SyncState = "*";
};
};
make_mbsync_channels = mapAttrs (_: value: make_mbsync_channel value);
gmail_far_near_patterns = {
sent = {
far = "[Gmail]/Sent Mail";
near = "Sent";
};
drafts = {
far = "[Gmail]/Drafts";
near = "Drafts";
};
junk = {
far = "[Gmail]/Spam";
near = "Junk";
};
trash = {
far = "[Gmail]/Trash";
near = "Trash";
};
};
gmail_mbsync_channels = make_mbsync_channels gmail_far_near_patterns;
in {
options.my.home.mail = {
# I *could* read email in a terminal emacs client on a server, but in
# practice I don't think it'll happen very often, so let's enable this only
# when I'm on a machine with a Xorg server.
enable = (mkEnableOption "email configuration") // {default = config.my.home.x.enable;};
};
config = mkIf cfg.enable {
accounts.email = {
maildirBasePath = "${config.home.homeDirectory}/.mail";
accounts = {
alarsyo = {
address = email_perso;
userName = email_perso;
realName = myName;
aliases = [
"alarsyo@alarsyo.net"
"antoine@amartin.email"
];
flavor = "plain"; # default setting
passwordCommand = "${pkgs.rbw}/bin/rbw get webmail.migadu.com ${email_perso}";
primary = true;
mbsync = {
enable = true;
create = "both";
expunge = "both";
groups = {
alarsyo-main.channels = make_mbsync_channels {
main = ["INBOX" "Sent" "Drafts" "Junk" "Trash"];
};
alarsyo-full.channels = make_mbsync_channels {
full = ["*" "!INBOX" "!Sent" "!Drafts" "!Junk" "!Trash"];
};
};
};
msmtp.enable = true;
mu.enable = true;
imap = {
host = "imap.migadu.com";
port = 993;
tls.enable = true;
};
smtp = {
host = "smtp.migadu.com";
port = 465;
tls.enable = true;
};
};
lrde = {
address = email_lrde;
userName = "amartin";
realName = myName;
flavor = "plain"; # default setting
passwordCommand = "${pkgs.rbw}/bin/rbw get lrde.epita.fr amartin";
mbsync = {
enable = true;
create = "both";
expunge = "both";
patterns = ["*" "!Archives*"];
extraConfig.account = {
# otherwise mbsync tries GSSAPI, but I don't have Kerberos setup
# on this machine
AuthMechs = "LOGIN";
};
};
msmtp.enable = true;
mu.enable = true;
imap = {
host = "imap.lrde.epita.fr";
port = 993;
tls.enable = true;
};
smtp = {
host = "smtp.lrde.epita.fr";
port = 465;
tls.enable = true;
};
};
prologin = {
address = email_prologin;
userName = email_prologin;
realName = myName;
aliases = [
"alarsyo@prologin.org"
];
flavor = "plain"; # default setting
passwordCommand = "${pkgs.rbw}/bin/rbw get google.com ${email_prologin}-mailpass";
primary = false;
mbsync = {
enable = true;
create = "both";
expunge = "both";
groups = {
prologin-main.channels =
(make_mbsync_channels {
main = ["INBOX" "membres@"];
})
// gmail_mbsync_channels;
prologin-info.channels = make_mbsync_channels {
info = ["info@" "info@gcc"];
};
};
};
msmtp.enable = true;
mu.enable = true;
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true;
};
smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true;
};
};
};
};
programs.mbsync.enable = true;
programs.msmtp.enable = true;
programs.mu.enable = true;
};
}

View file

@ -1,56 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.mail;
in {
options.my.home.rbw = {
enable = mkEnableOption "rbw configuration";
};
config = mkIf cfg.enable {
programs.rbw = {
enable = true;
settings = {
email = "antoine@alarsyo.net";
base_url = "https://pass.alarsyo.net";
lock_timeout = 60 * 60 * 12;
pinentry = pkgs.pinentry-qt;
};
};
# `rbw-agent` should be launched on first call to `rbw`, so this shouldn't
# be necessary.
#
# However, if for instance `rbw` if first called by the emacs-daemon (when
# accessing an IMAP account password), then restarting the user service
# associated to the emacs daemon also kills the rbw-agent it spawned,
# resetting the lock status and prompting for a passphrase again.
#
# This user service makes sure the rbw-agent is started when the user
# session launches.
systemd.user.services.rbw = {
Unit = {
Description = "rbw agent autostart";
After = "graphical-session.target";
PartOf = "graphical-session.target";
};
Install.WantedBy = ["graphical-session.target"];
Service = {
ExecStart = "${pkgs.rbw}/bin/rbw-agent";
Restart = "on-abort";
Type = "forking";
PIDFile = "%t/rbw/pidfile";
};
};
};
}

View file

@ -1,26 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.rofi;
in {
options.my.home.rofi = {
enable = (mkEnableOption "rofi configuration") // {default = config.my.home.x.enable;};
};
config = mkIf cfg.enable {
programs.rofi = {
enable = true;
terminal = "${pkgs.alacritty}/bin/alacritty";
};
};
}

View file

@ -1,62 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.ssh;
in {
options.my.home.ssh = {
enable = (mkEnableOption "ssh configuration") // {default = true;};
};
config = mkIf cfg.enable {
programs.ssh = {
enable = true;
matchBlocks = let
addGPGAgentForwarding = hostConf:
{
remoteForwards = [
{
# shhhh this is a path but it works
bind.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
}
];
}
// hostConf;
in {
boreal = addGPGAgentForwarding {hostname = "boreal.alarsyo.net";};
hades = addGPGAgentForwarding {hostname = "hades.alarsyo.net";};
thanatos = addGPGAgentForwarding {hostname = "thanatos.alarsyo.net";};
pi = addGPGAgentForwarding {
hostname = "pi.alarsyo.net";
user = "pi";
};
"thanatos.lrde.epita.fr" =
lib.hm.dag.entryBefore ["*.lrde.epita.fr"]
(addGPGAgentForwarding {
user = "alarsyo";
});
"*.lrde.epita.fr" = {
user = "amartin";
};
lrde-proxyjump = {
host = "*.lrde.epita.fr !ssh.lrde.epita.fr";
proxyJump = "ssh.lrde.epita.fr";
};
};
includes = ["prologin_config"];
};
};
}

View file

@ -1,93 +0,0 @@
{lib}: let
inherit
(lib)
mkOption
types
;
mkColorOption = import ./color.nix {inherit lib;};
primaryColorModule = types.submodule {
options = {
background = mkColorOption {};
foreground = mkColorOption {};
};
};
cursorColorModule = types.submodule {
options = {
text = mkColorOption {};
cursor = mkColorOption {};
};
};
rainbowColorModule = types.submodule {
options = {
black = mkColorOption {};
red = mkColorOption {};
green = mkColorOption {};
yellow = mkColorOption {};
blue = mkColorOption {};
magenta = mkColorOption {};
cyan = mkColorOption {};
white = mkColorOption {};
};
};
in
types.submodule {
options = {
primary = mkOption {
type = primaryColorModule;
default = {
foreground = "#c5c8c6";
background = "#1d1f21";
};
};
cursor = mkOption {
type = cursorColorModule;
default = {
text = "#1d1f21";
cursor = "#c5c8c6";
};
};
normal = mkOption {
type = rainbowColorModule;
default = {
black = "#1d1f21";
red = "#cc6666";
green = "#b5bd68";
yellow = "#f0c674";
blue = "#81a2be";
magenta = "#b294bb";
cyan = "#8abeb7";
white = "#c5c8c6";
};
};
bright = mkOption {
type = rainbowColorModule;
default = {
black = "#666666";
red = "#d54e53";
green = "#b9ca4a";
yellow = "#e7c547";
blue = "#7aa6da";
magenta = "#c397d8";
cyan = "#70c0b1";
white = "#eaeaea";
};
};
dim = mkOption {
type = rainbowColorModule;
default = {
black = "#131415";
red = "#864343";
green = "#777c44";
yellow = "#9e824c";
blue = "#556a7d";
magenta = "#75617b";
cyan = "#5b7d78";
white = "#828482";
};
};
};
}

View file

@ -1,15 +0,0 @@
{lib}: let
inherit
(lib)
mkOption
types
;
in
types.submodule {
options = {
name = mkOption {
type = types.str;
default = "";
};
};
}

View file

@ -1,18 +0,0 @@
{lib}: let
inherit
(lib)
mkOption
types
;
mkColorOption = {
default ? "#000000",
description ? "",
}:
mkOption {
inherit description default;
example = "#abcdef";
type = types.strMatching "#[0-9a-f]{6}";
};
in
mkColorOption

View file

@ -1,45 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkOption
types
;
themeType = types.submodule {
options = {
alacrittyTheme = mkOption {
type = import ./alacritty.nix {inherit lib;};
default = {};
};
batTheme = mkOption {
type = import ./bat.nix {inherit lib;};
default = {};
};
i3Theme = mkOption {
type = import ./i3.nix {inherit lib;};
default = {};
};
i3BarTheme = mkOption {
type = import ./i3bar.nix {inherit lib;};
default = {};
};
};
};
in {
options.my.theme = mkOption {
type = themeType;
default = {};
};
options.my.themes = mkOption {
type = types.attrsOf themeType;
};
config.my.themes = {
solarizedLight = import ./solarizedLight;
};
}

View file

@ -1,188 +0,0 @@
{lib}: let
inherit
(lib)
mkOption
types
;
mkColorOption = import ./color.nix {inherit lib;};
barColorSetModule = types.submodule {
options = {
border = mkColorOption {};
background = mkColorOption {};
text = mkColorOption {};
};
};
colorSetModule = types.submodule {
options = {
border = mkColorOption {};
childBorder = mkColorOption {};
background = mkColorOption {};
text = mkColorOption {};
indicator = mkColorOption {};
};
};
in
types.submodule {
options = {
bar = mkOption {
type = types.submodule {
options = {
background = mkColorOption {
default = "#000000";
description = "Background color of the bar.";
};
statusline = mkColorOption {
default = "#ffffff";
description = "Text color to be used for the statusline.";
};
separator = mkColorOption {
default = "#666666";
description = "Text color to be used for the separator.";
};
focusedWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace has focus.
'';
};
activeWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace is active.
'';
};
inactiveWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#333333";
background = "#222222";
text = "#888888";
};
description = ''
Border, background and text color for a workspace button when the workspace does not
have focus and is not active.
'';
};
urgentWorkspace = mkOption {
type = barColorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
description = ''
Border, background and text color for a workspace button when the workspace contains
a window with the urgency hint set.
'';
};
bindingMode = mkOption {
type = barColorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
description = "Border, background and text color for the binding mode indicator";
};
};
};
default = {};
};
background = mkOption {
type = types.str;
default = "#ffffff";
description = ''
Background color of the window. Only applications which do not cover
the whole area expose the color.
'';
};
focused = mkOption {
type = colorSetModule;
default = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
indicator = "#2e9ef4";
childBorder = "#285577";
};
description = "A window which currently has the focus.";
};
focusedInactive = mkOption {
type = colorSetModule;
default = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
indicator = "#484e50";
childBorder = "#5f676a";
};
description = ''
A window which is the focused one of its container,
but it does not have the focus at the moment.
'';
};
unfocused = mkOption {
type = colorSetModule;
default = {
border = "#333333";
background = "#222222";
text = "#888888";
indicator = "#292d2e";
childBorder = "#222222";
};
description = "A window which is not focused.";
};
urgent = mkOption {
type = colorSetModule;
default = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
indicator = "#900000";
childBorder = "#900000";
};
description = "A window which has its urgency hint activated.";
};
placeholder = mkOption {
type = colorSetModule;
default = {
border = "#000000";
background = "#0c0c0c";
text = "#ffffff";
indicator = "#000000";
childBorder = "#0c0c0c";
};
description = ''
Background and text color are used to draw placeholder window
contents (when restoring layouts). Border and indicator are ignored.
'';
};
};
}

View file

@ -1,28 +0,0 @@
{lib}: let
inherit
(lib)
mkOption
types
;
mkColorOption = import ./color.nix {inherit lib;};
in
types.submodule {
options = {
theme = mkOption {
type = types.submodule {
options = {
name = mkOption {
type = types.str;
default = "plain";
};
overrides = mkOption {
type = types.attrsOf types.str;
default = {};
};
};
};
default = {};
};
};
}

View file

@ -1,55 +0,0 @@
let
inherit
(import ./colors.nix)
base0
base00
base01
base02
base03
base1
base2
base3
blue
cyan
green
magenta
orange
red
violet
yellow
;
in {
primary = {
background = base3;
foreground = base00;
};
cursor = {
text = base3;
cursor = base00;
};
normal = {
black = base02;
red = red;
green = green;
yellow = yellow;
blue = blue;
magenta = magenta;
cyan = cyan;
white = base2;
};
bright = {
black = base03;
red = orange;
green = base01;
yellow = base00;
blue = base0;
magenta = violet;
cyan = base1;
white = base3;
};
dim = {};
}

View file

@ -1,3 +0,0 @@
{
name = "Solarized (light)";
}

View file

@ -1,18 +0,0 @@
{
base03 = "#002b36"; # brblack
base02 = "#073642"; # black
base01 = "#586e75"; # brgreen
base00 = "#657b83"; # bryellow
base0 = "#839496"; # brblue
base1 = "#93a1a1"; # brcyan
base2 = "#eee8d5"; # white
base3 = "#fdf6e3"; # brwhite
yellow = "#b58900"; # yellow
orange = "#cb4b16"; # brred
red = "#dc322f"; # red
magenta = "#d33682"; # magenta
violet = "#6c71c4"; # brmagenta
blue = "#268bd2"; # blue
cyan = "#2aa198"; # cyan
green = "#859900"; # green
}

View file

@ -1,6 +0,0 @@
{
alacrittyTheme = import ./alacritty.nix;
batTheme = import ./bat.nix;
i3Theme = import ./i3.nix;
i3BarTheme = import ./i3bar.nix;
}

View file

@ -1,72 +0,0 @@
let
inherit
(import ./colors.nix)
base00
base2
base3
blue
magenta
orange
red
yellow
;
in {
bar = {
background = base3;
statusline = yellow;
separator = red;
focusedWorkspace = {
border = blue;
background = blue;
text = base3; # base2 ?
};
inactiveWorkspace = {
border = base2;
background = base2;
text = base00;
};
activeWorkspace = {
border = blue;
background = base2;
text = yellow;
};
urgentWorkspace = {
border = red;
background = red;
text = base3;
};
};
focused = {
border = blue;
background = blue;
text = base3;
indicator = magenta;
childBorder = blue;
};
focusedInactive = {
border = base2;
background = base2;
text = base00;
indicator = magenta;
childBorder = base2;
};
unfocused = {
border = base2;
background = base2;
text = base00;
indicator = magenta;
childBorder = base2;
};
urgent = {
border = orange;
background = orange;
text = base3;
indicator = magenta;
childBorder = orange;
};
}

View file

@ -1,28 +0,0 @@
let
inherit
(import ./colors.nix)
base00
base2
base3
blue
green
red
yellow
;
in {
theme = {
name = "solarized-light";
overrides = {
idle_bg = base2;
idle_fg = base00;
info_bg = blue;
info_fg = base3;
good_bg = green;
good_fg = base3;
warning_bg = yellow;
warning_fg = base3;
critical_bg = red;
critical_fg = base3;
};
};
}

View file

@ -1,44 +1,15 @@
{ { config, lib, pkgs, ... }:
config, let
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.tmux; cfg = config.my.home.tmux;
in { in
options.my.home.tmux = { {
enable = (mkEnableOption "tmux dotfiles") // {default = true;}; options.my.home.tmux = with lib; {
enable = mkEnableOption "tmux dotfiles";
}; };
config = mkIf cfg.enable { config.programs.tmux = lib.mkIf cfg.enable {
programs.tmux = {
enable = true; enable = true;
baseIndex = 1; baseIndex = 1;
terminal = "screen-256color"; plugins = with pkgs; [ packages.tmux-thumbs ];
clock24 = true;
plugins = let
inherit (pkgs) tmuxPlugins;
in [
{
plugin = tmuxPlugins.cpu;
extraConfig = ''
set -g status-right 'CPU: #{cpu_percentage} | %a %d-%h %H:%M '
'';
}
{
plugin = tmuxPlugins.tmux-colors-solarized;
extraConfig = ''
set -g @colors-solarized 'light'
'';
}
];
};
}; };
} }

View file

@ -1,21 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.tridactyl;
in {
options.my.home.tridactyl = {
enable = (mkEnableOption "tridactyl code display tool") // {default = config.my.home.firefox.enable;};
};
config = mkIf cfg.enable {
xdg.configFile."tridactyl/tridactylrc".source = ./tridactylrc;
};
}

View file

@ -1,43 +0,0 @@
" -*- tridactylrc -*-
" This wipes all existing settings. This means that if a setting in this file is
" removed, then it will return to default. In other words, this file serves as
" as an enforced single point of truth for Tridactyl's configuration.
sanitize tridactyllocal tridactylsync
" Ctrl-F should use the browser's native 'find' functionality.
unbind <C-f>
" Tridactyl has an incomplete find mode
bind / fillcmdline find
bind ? fillcmdline find -?
bind n findnext 1
bind N findnext -1
bind ,<Space> nohlsearch
" case insensitive if lowercase, case sensitive if using some uppercase letters
set findcase smart
set modeindicatormodes {"ignore": "false"}
" New reddit is bad
" autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
" Orange site / Reddit / Lobste.rs specific hints to toggle comments
bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"]
" Use emacs as editor
set editorcmd emacsclient -c
" copy all the things
set yankto both
blacklistadd calendar.google.com
blacklistadd jellyfin.alarsyo.net
blacklistadd localhost
blacklistadd netflix.com
blacklistadd primevideo.com
blacklistadd youtube.com
" prevent teams from crashing
seturl teams.microsoft.com superignore true

View file

@ -1,27 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.x.cursor;
in {
options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // {default = config.my.home.x.enable;};
config = mkIf cfg.enable {
home.pointerCursor = {
package = pkgs.capitaine-cursors;
name = "capitaine-cursors";
# available sizes for capitaine-cursors are:
# 24, 30, 36, 48, 60, 72
size = 30;
x11.enable = true;
};
};
}

View file

@ -1,21 +1,11 @@
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
;
in {
imports = [ imports = [
./cursor.nix
./i3.nix ./i3.nix
./i3bar.nix ./i3bar.nix
]; ];
options.my.home.x = { options.my.home.x = with lib; {
enable = mkEnableOption "X server configuration"; enable = mkEnableOption "X server configuration";
}; };
} }

View file

@ -1,17 +1,6 @@
{ { config, lib, pkgs, ... }:
config, let
lib, isEnabled = config.my.home.x.enable;
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
mkOptionDefault
;
isEnabled = config.my.home.x.i3.enable;
myTerminal = myTerminal =
# FIXME: fix when terminal is setup in home # FIXME: fix when terminal is setup in home
@ -25,192 +14,107 @@
logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot"; logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot";
i3Theme = config.my.theme.i3Theme; # colors
in { colorBg = "#282828";
options.my.home.x.i3 = { colorRed = "#cc241d";
enable = mkEnableOption "i3wm configuration"; colorGreen = "#98971a";
}; colorYellow = "#d79921";
colorBlue = "#458588";
config = mkIf isEnabled { colorPurple = "#b16286";
colorAqua = "#689d68";
colorGray = "#a89984";
colorDarkGray = "#1d2021";
in
{
config = lib.mkIf isEnabled {
my.home = { my.home = {
flameshot.enable = true; flameshot.enable = true;
}; };
home.packages = [pkgs.betterlockscreen pkgs.playerctl];
# used to control music
services.playerctld.enable = true;
xsession.windowManager.i3 = { xsession.windowManager.i3 = {
enable = true; enable = true;
config = { config = {
inherit modifier; inherit modifier;
bars = let bars =
let
barConfigPath = barConfigPath =
config.xdg.configFile."i3status-rust/config-top.toml".target; config.xdg.configFile."i3status-rust/config-top.toml".target;
in [ in
[
{ {
statusCommand = "i3status-rs ~/${barConfigPath}"; statusCommand = "i3status-rs ${barConfigPath}";
position = "top"; position = "top";
fonts = { fonts = [ "DejaVu Sans Mono 9" ];
names = ["DejaVuSansMono" "FontAwesome6Free"];
size = 9.0;
};
colors = i3Theme.bar;
trayOutput = "primary";
# disable mouse scroll wheel in bar
extraConfig = ''
bindsym button4 nop
bindsym button5 nop
'';
}
];
colors = { colors = {
inherit background = colorBg;
(i3Theme) statusline = colorYellow;
focused
focusedInactive focusedWorkspace = {
unfocused border = colorAqua;
urgent background = colorAqua;
; text = colorDarkGray;
}; };
inactiveWorkspace = {
border = colorDarkGray;
background = colorDarkGray;
text = colorYellow;
};
activeWorkspace = {
border = colorAqua;
background = colorDarkGray;
text = colorYellow;
};
urgentWorkspace = {
border = colorRed;
background = colorRed;
text = colorBg;
};
};
}
];
focus = { focus = {
followMouse = true; followMouse = true;
mouseWarping = true; mouseWarping = true;
}; };
workspaceAutoBackAndForth = true; fonts = [
"DejaVu Sans Mono 8"
];
fonts = { keybindings = lib.mkOptionDefault {
names = ["DejaVu Sans Mono"];
size = 8.0;
};
keybindings = mkOptionDefault {
"${modifier}+Shift+e" = ''mode "${logoutMode}"''; "${modifier}+Shift+e" = ''mode "${logoutMode}"'';
"${modifier}+b" = "exec --no-startup-id bluetoothctl power on"; "${modifier}+i" = "exec emacsclient -c";
"${modifier}+i" = "exec emacsclient --create-frame";
"${modifier}+o" = "exec emacsclient --create-frame --eval '(load \"${config.xdg.configHome}/doom/launch-agenda.el\")'";
# Volume handling
"XF86AudioRaiseVolume" = "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioMute" = "exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioMicMute" = "exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle";
# I need play-pause everywhere because somehow, keycode 172 seems to
# be interpreted as pause everytime when sent by my keyboard. Ugh,
# computers.
"XF86AudioPlay" = "exec --no-startup-id playerctl play-pause";
"XF86AudioPause" = "exec --no-startup-id playerctl play-pause";
"XF86AudioPrev" = "exec --no-startup-id playerctl previous";
"XF86AudioNext" = "exec --no-startup-id playerctl next";
"XF86MonBrightnessDown" = "exec --no-startup-id light -U 5";
"XF86MonBrightnessUp" = "exec --no-startup-id light -A 5";
"${modifier}+XF86MonBrightnessDown" = "exec --no-startup-id light -U 0.1";
"${modifier}+XF86MonBrightnessUp" = "exec --no-startup-id light -A 0.1";
"${modifier}+l" = "exec --no-startup-id betterlockscreen --lock";
"${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run";
"${modifier}+Shift+a" = ''exec --no-startup-id autorandr --change'';
}; };
modes = let modes =
makeModeBindings = attrs: let
attrs makeModeBindings = attrs: attrs // {
// {
"Escape" = "mode default"; "Escape" = "mode default";
"Return" = "mode default"; "Return" = "mode default";
}; };
in in
mkOptionDefault { {
"${logoutMode}" = makeModeBindings { ${logoutMode} = makeModeBindings {
"l" = "exec --no-startup-id i3-msg exit, mode default"; "l" = "exec --no-startup-id i3-msg exit, mode default";
"s" = "exec --no-startup-id betterlockscreen --suspend, mode default"; "s" = "exec --no-startup-id systemctl suspend, mode default";
"p" = "exec --no-startup-id systemctl poweroff, mode default"; "p" = "exec --no-startup-id systemctl poweroff, mode default";
"r" = "exec --no-startup-id systemctl reboot, mode default"; "r" = "exec --no-startup-id systemctl reboot, mode default";
}; };
}; };
startup = [
# FIXME: make it conditional on "nvidia" being part of video drivers
{
command = "nvidia-settings -a '[gpu:0]/GPUPowerMizerMode=1'";
notification = false;
}
];
terminal = myTerminal; terminal = myTerminal;
assigns = {
"10" = [
{class = "Slack";}
{class = "discord";}
];
};
# TODO: make it configurable per machine
workspaceOutputAssign = [
{
workspace = "1";
output = ["DP-4" "eDP-1"];
}
{
workspace = "2";
output = ["DP-4" "eDP-1"];
}
{
workspace = "3";
output = ["DP-5" "eDP-1"];
}
{
workspace = "4";
output = ["DP-5" "eDP-1"];
}
{
workspace = "5";
output = ["DP-5" "eDP-1"];
}
{
workspace = "6";
output = ["eDP-1"];
}
{
workspace = "7";
output = ["eDP-1"];
}
{
workspace = "8";
output = ["DP-4" "eDP-1"];
}
{
workspace = "9";
output = ["DP-4" "eDP-1"];
}
{
workspace = "10";
output = ["DP-4" "eDP-1"];
}
];
window.commands = [
{
command = "border pixel 2";
criteria = {class = "Alacritty";};
}
# NOTE: should be done with an assign command, but Spotify doesn't set
# its class until after initialization, so has to be done this way.
#
# See https://i3wm.org/docs/userguide.html#assign_workspace
{
criteria = {class = "Spotify";};
command = "move --no-auto-back-and-forth to workspace 8";
}
];
}; };
}; };
}; };

View file

@ -1,156 +1,20 @@
{ { config, lib, pkgs, ... }:
config, let
lib,
pkgs,
...
}: let
inherit
(lib)
lists
mkIf
mkOption
optional
types
;
isEnabled = config.my.home.x.enable; isEnabled = config.my.home.x.enable;
i3BarTheme = config.my.theme.i3BarTheme; in
cfg = config.my.home.x.i3bar; {
in { config = lib.mkIf isEnabled {
options.my.home.x.i3bar = { home.packages = with pkgs; [
temperature.chip = mkOption { alsaUtils # Used by `sound` block
type = types.str; lm_sensors # Used by `temperature` block
example = "coretemp-isa-*"; ];
default = "";
};
temperature.inputs = mkOption {
type = types.listOf types.str;
example = ["Core 0" "Core 1" "Core 2" "Core 3"];
default = "";
};
networking.throughput_interfaces = mkOption {
type = types.listOf types.str;
example = ["wlp1s0"];
default = [];
};
};
config = mkIf isEnabled {
home.packages = builtins.attrValues {
inherit
(pkgs)
# FIXME: is this useful?
font-awesome
;
};
programs.i3status-rust = { programs.i3status-rust = {
enable = true; enable = true;
bars = { bars = {
top = { top = {
icons = "awesome5"; theme = "gruvbox-light";
settings.theme = {
theme = i3BarTheme.theme.name;
overrides = i3BarTheme.theme.overrides;
};
blocks =
[
{
block = "pomodoro";
notify_cmd = "i3nag";
blocking_cmd = true;
}
{
block = "disk_space";
path = "/";
info_type = "available";
interval = 60;
warning = 20.0;
alert = 10.0;
alert_unit = "GB";
}
{
block = "memory";
format = " $icon $mem_used.eng(prefix:G)/$mem_total.eng(prefix:G) ";
warning_mem = 70.0;
critical_mem = 90.0;
}
{
block = "cpu";
interval = 1;
format = " $icon $barchart ";
}
{
block = "temperature";
interval = 10;
format = " $icon $max ";
chip = cfg.temperature.chip;
inputs = cfg.temperature.inputs;
}
{
block = "custom";
# TODO: get service name programmatically somehow
command = let
systemctl = lib.getExe' pkgs.systemd "systemctl";
in
pkgs.writeShellScript "check-restic.sh" ''
BACKUP_STATUS=Good
if ${systemctl} is-failed --quiet restic-backups-backblaze.service; then
BACKUP_STATUS=Critical
fi
echo "{\"state\": \"$BACKUP_STATUS\", \"text\": \"Backup\"}"
'';
json = true;
interval = 60;
}
]
++ (
lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0)
(map
(interface: {
block = "net";
device = interface;
interval = 1;
missing_format = "";
})
cfg.networking.throughput_interfaces)
)
++ [
{
block = "net";
format = " $icon {$ip|} {SSID: $ssid|}";
theme_overrides = {
idle_bg = {link = "good_bg";};
idle_fg = {link = "good_fg";};
};
}
{
block = "sound";
driver = "pulseaudio";
}
]
++ (
optional config.my.home.laptop.enable
{
block = "battery";
format = " $icon $percentage ($power) ";
}
)
++ [
# {
# block = "notify";
# }
{
block = "time";
interval = 5;
format = " $icon $timestamp.datetime(f:'%a %d/%m %T', l:fr_FR) ";
timezone = "Europe/Paris";
}
];
}; };
}; };
}; };

View file

@ -1,40 +1,27 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{ {
config, imports =
lib, [ # Include the results of the hardware scan.
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./home.nix ./home.nix
./secrets.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages;
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.useTmpfs = true;
boot.supportedFilesystems = {
btrfs = true;
ntfs = true;
};
services.xserver.windowManager.i3.enable = true;
services.btrfs = { services.btrfs = {
autoScrub = { autoScrub = {
enable = true; enable = true;
fileSystems = ["/"]; fileSystems = [ "/" ];
}; };
}; };
@ -44,63 +31,57 @@
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Paris"; time.timeZone = "Europe/Paris";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.interfaces.enp7s0.useDHCP = true;
networking.interfaces.wlp3s0.useDHCP = true;
# List services that you want to enable: # List services that you want to enable:
my.services = { my.services = {
restic-backup = { wireguard = {
enable = true; enable = false;
repo = "b2:boreal-backup"; iface = "wg";
passwordFile = config.age.secrets."restic-backup/boreal-password".path; port = 51820;
environmentFile = config.age.secrets."restic-backup/boreal-credentials".path;
paths = [ net = {
"/home/alarsyo" v4 = {
]; subnet = "10.0.0";
exclude = [ mask = 24;
"/home/alarsyo/Downloads" };
v6 = {
# Rust builds using half my storage capacity subnet = "fd42:42:42";
"/home/alarsyo/**/target" mask = 64;
"/home/alarsyo/work/rust/build" };
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
# C build crap
"*.a"
"*.o"
"*.so"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
}; };
pipewire.enable = true;
tailscale = {
enable = true;
useRoutingFeatures = "both";
}; };
}; };
services = { services = {
openssh = { openssh = {
enable = true; enable = true;
}; permitRootLogin = "no";
}; passwordAuthentication = false;
my.gui = {
enable = true;
isNvidia = true;
}; };
hardware = { xserver = {
bluetooth = {
enable = true; enable = true;
powerOnBoot = false; videoDrivers = [ "nvidia" ];
windowManager.i3.enable = true;
layout = "fr";
xkbVariant = "us";
}; };
nvidia = {
open = true;
modesetting.enable = true;
}; };
sound.enable = true;
hardware.pulseaudio = {
enable = true;
extraModules = [ pkgs.pulseaudio-modules-bt ];
package = pkgs.pulseaudioFull;
};
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
}; };
} }

View file

@ -1,34 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config, imports =
lib, [ (modulesPath + "/installer/scan/not-detected.nix")
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [ ];
boot.kernelModules = ["kvm-amd"]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = []; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3"; { device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3";
fsType = "btrfs"; fsType = "btrfs";
options = ["subvol=nixos" "compress=zstd:1" "noatime"]; options = [ "subvol=nixos" "compress=zstd:1" "noatime" ];
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/17C7-368D"; { device = "/dev/disk/by-uuid/17C7-368D";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = []; swapDevices = [ ];
hardware.cpu.amd.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = true;
} }

View file

@ -1,36 +1,9 @@
{ ... }:
{ {
config,
pkgs,
...
}: {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
home.stateVersion = "20.09";
# Keyboard settings & i3 settings # Keyboard settings & i3 settings
my.home.x.enable = true; my.home.x.enable = true;
my.home.x.i3.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = ["Tccd1"];
my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"];
my.home.emacs.enable = true; my.home.emacs.enable = true;
my.home.tmux.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
home.packages = builtins.attrValues {
inherit
(pkgs)
# some websites only work there :(
chromium
darktable
hugin
enblend-enfuse
# dev
rustup
;
inherit (pkgs.packages) spot;
};
}; };
} }

View file

@ -1,23 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"restic-backup/boreal-credentials" = {};
"restic-backup/boreal-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

View file

@ -1,169 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: let
secrets = config.my.secrets;
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
boot.loader.systemd-boot.enable = false;
boot.loader.grub = {
enable = true;
efiSupport = false;
devices = ["/dev/sda" "/dev/sdb"];
};
boot.tmp.useTmpfs = true;
networking.hostName = "hades"; # Define your hostname.
networking.domain = "alarsyo.net";
# Set your time zone.
time.timeZone = "Europe/Paris";
networking.useDHCP = false;
networking.interfaces.enp35s0.ipv4.addresses = [
{
address = "95.217.121.60";
prefixLength = 26;
}
];
networking.interfaces.enp35s0.ipv6.addresses = [
{
address = "2a01:4f9:4a:3649::2";
prefixLength = 64;
}
];
networking.defaultGateway = "95.217.121.1";
networking.defaultGateway6 = {
address = "fe80::1";
interface = "enp35s0";
};
networking.nameservers = ["1.1.1.1" "1.0.0.1"];
my.networking.externalInterface = "enp35s0";
# List services that you want to enable:
my.services = {
fail2ban.enable = true;
forgejo = {
enable = true;
privatePort = 8082;
};
immich = {
enable = true;
port = 8089;
};
jellyfin = {
enable = true;
};
lohr = {
enable = true;
port = 8083;
};
matrix = {
enable = true;
secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path;
};
mealie = {
enable = true;
port = 8090;
};
microbin = {
enable = true;
privatePort = 8088;
passwordFile = config.age.secrets."microbin/secret-config".path;
};
miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets."miniflux/admin-credentials".path;
privatePort = 8080;
};
navidrome = {
enable = true;
musicFolder.path = "${config.services.nextcloud.home}/data/alarsyo/files/Musique/Songs";
};
nextcloud = {
enable = true;
adminpassFile = config.age.secrets."nextcloud/admin-pass".path;
};
nginx.enable = true;
paperless = {
enable = true;
port = 8085;
passwordFile = config.age.secrets."paperless/admin-password".path;
secretKeyFile = config.age.secrets."paperless/secret-key".path;
};
pleroma = {
enable = true;
port = 8086;
secretConfigFile = config.age.secrets."pleroma/pleroma-config".path;
};
restic-backup = {
enable = true;
repo = "b2:hades-backup-alarsyo";
passwordFile = config.age.secrets."restic-backup/hades-password".path;
environmentFile = config.age.secrets."restic-backup/hades-credentials".path;
paths = ["/home/alarsyo"];
};
scribe = {
enable = true;
port = 8087;
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
};
transmission = {
enable = true;
username = "alarsyo";
};
vaultwarden = {
enable = true;
privatePort = 8081;
websocketPort = 3012;
};
};
services = {
openssh.enable = true;
vnstat.enable = true;
};
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
docker-compose
];
# Takes a long while to build
documentation.nixos.enable = false;
}

View file

@ -1,29 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ahci" "sd_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/2a24010c-14bd-439b-b30b-d0e18db69952";
fsType = "ext4";
};
swapDevices = [];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -1,6 +0,0 @@
{config, ...}: {
home-manager.users.alarsyo = {
home.stateVersion = "22.05";
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
};
}

View file

@ -1,46 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"lohr/shared-secret" = {};
"matrix-synapse/secret-config" = {
owner = "matrix-synapse";
};
"microbin/secret-config" = {};
"miniflux/admin-credentials" = {};
"nextcloud/admin-pass" = {
owner = "nextcloud";
};
"ovh/credentials" = {};
"paperless/admin-password" = {};
"paperless/secret-key" = {};
"pleroma/pleroma-config" = {
owner = "pleroma";
};
"restic-backup/hades-credentials" = {};
"restic-backup/hades-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

146
hosts/poseidon/default.nix Normal file
View file

@ -0,0 +1,146 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.supportedFilesystems = [ "btrfs" ];
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = [ "/" ];
};
};
networking.hostName = "poseidon"; # Define your hostname.
networking.domain = "alarsyo.net";
# Set your time zone.
time.timeZone = "Europe/Paris";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eno1.ipv4.addresses = [
{
address = "163.172.11.110";
prefixLength = 24;
}
];
networking.defaultGateway = {
address = "163.172.11.1";
interface = "eno1";
};
networking.nameservers = [
"62.210.16.6"
"62.210.16.7"
];
my.networking.externalInterface = "eno1";
# List services that you want to enable:
my.services = {
bitwarden_rs = {
enable = true;
privatePort = 8081;
websocketPort = 3012;
};
borg-backup = {
enable = true;
repo = secrets.borg-backup-repo;
};
fail2ban = {
enable = true;
};
gitea = {
enable = true;
privatePort = 8082;
};
jellyfin = {
enable = true;
};
lohr = {
enable = true;
port = 8083;
};
miniflux = {
enable = true;
adminCredentialsFile = "${../../secrets/miniflux-admin-credentials.secret}";
privatePort = 8080;
};
matrix = {
enable = true;
registration_shared_secret = secrets.matrix-registration-shared-secret;
};
monitoring = {
enable = true;
useACME = true;
domain = "monitoring.${config.networking.domain}";
};
nextcloud = {
enable = true;
};
postgresql-backup = {
enable = true;
};
tgv = {
enable = true;
};
transmission = {
enable = true;
username = "alarsyo";
password = secrets.transmission-password;
};
wireguard = {
enable = true;
iface = "wg";
port = 51820;
net = {
v4 = {
subnet = "10.0.0";
mask = 24;
};
v6 = {
subnet = "fd42:42:42";
mask = 64;
};
};
};
};
security.acme.acceptTerms = true;
security.acme.email = "antoine97.martin@gmail.com";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.permitRootLogin = "no";
services.openssh.passwordAuthentication = false;
}

View file

@ -0,0 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989";
fsType = "btrfs";
options = [
"subvol=@nixos"
"compress=zstd"
"noatime"
];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

View file

@ -1,174 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./disko-config.nix
./home.nix
./secrets.nix
];
boot.kernelPackages = pkgs.linuxPackages_6_11;
# Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could
# lead to bad Wi-Fi performance
boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"];
boot.extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
boot.extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot = {
enable = true;
editor = false;
consoleMode = "auto";
};
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.useTmpfs = true;
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = ["/"];
};
};
networking.hostName = "talos"; # Define your hostname.
networking.domain = "alarsyo.net";
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager = {
enable = true;
wifi.powersave = true;
};
# Set your time zone.
time.timeZone = "Europe/Paris";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
programs = {
light.enable = true;
};
services = {
fwupd.enable = true;
openssh.enable = true;
};
virtualisation = {
docker.enable = true;
libvirtd.enable = false;
virtualbox.host = {
enable = false;
};
};
my.services = {
tailscale = {
enable = true;
useRoutingFeatures = "client";
};
pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:talos-backup";
passwordFile = config.age.secrets."restic-backup/talos-password".path;
environmentFile = config.age.secrets."restic-backup/talos-credentials".path;
timerConfig = {
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
};
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/go"
# C build crap
"*.a"
"*.o"
"*.so"
".direnv"
# test vms
"*.qcow2"
"*.vbox"
"*.vdi"
# secrets stay offline
"/home/alarsyo/**/secrets"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
};
my.gui.enable = true;
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
settings.General.Experimental = true;
};
# Configure console keymap
console.keyMap = "us";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
};
# Enable the KDE Plasma Desktop Environment.
services.desktopManager.plasma6.enable = true;
services.power-profiles-daemon.enable = true;
environment.systemPackages = [
pkgs.unstable.zed-editor
pkgs.foot
];
#programs.hyprland.enable = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
}

View file

@ -1,68 +0,0 @@
{
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "600G";
content = {
type = "luks";
name = "crypted";
# disable settings.keyFile if you want to use interactive password entry
passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
#keyFile = "/tmp/secret.key";
};
#additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = ["compress=zstd" "noatime"];
};
"@home" = {
mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime"];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
};
"@persist" = {
mountpoint = "/persist";
mountOptions = ["compress=zstd" "noatime"];
};
"@snapshots" = {};
"@swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "8G";
};
};
};
};
};
};
};
};
};
};
}

View file

@ -1,29 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -1,129 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkOptionDefault
;
in {
home-manager.users.alarsyo = {
home.stateVersion = "23.11";
my.home.laptop.enable = true;
# Keyboard settings & i3 settings
my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = ["Tctl"];
my.home.x.i3bar.networking.throughput_interfaces = ["wlp1s0"];
my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
# TODO: place in global home conf
services.dunst.enable = true;
home.packages = builtins.attrValues {
inherit
(pkgs)
ansel
chromium # some websites only work there :(
zotero
;
inherit
(pkgs.packages)
spot
;
};
wayland.windowManager.sway = {
enable = true;
swaynag.enable = true;
wrapperFeatures.gtk = true;
config = {
modifier = "Mod4";
input = {
"type:keyboard" = {
xkb_layout = "fr";
xkb_variant = "us";
};
"type:touchpad" = {
dwt = "enabled";
tap = "enabled";
middle_emulation = "enabled";
natural_scroll = "enabled";
};
};
output = {
"eDP-1" = {
scale = "1.5";
};
};
fonts = {
names = ["Iosevka Fixed" "FontAwesome6Free"];
size = 9.0;
};
bars = [
{
mode = "dock";
hiddenState = "hide";
position = "top";
workspaceButtons = true;
workspaceNumbers = true;
statusCommand = "${pkgs.i3status}/bin/i3status";
fonts = {
names = ["Iosevka Fixed" "FontAwesome6Free"];
size = 9.0;
};
trayOutput = "primary";
colors = {
background = "#000000";
statusline = "#ffffff";
separator = "#666666";
focusedWorkspace = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
};
activeWorkspace = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
};
inactiveWorkspace = {
border = "#333333";
background = "#222222";
text = "#888888";
};
urgentWorkspace = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
bindingMode = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
};
}
];
keybindings = mkOptionDefault {
"Mod4+i" = "exec emacsclient --create-frame";
};
};
};
programs = {
fuzzel.enable = true;
swaylock.enable = true;
waybar = {
enable = true;
};
};
};
}

View file

@ -1,23 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"restic-backup/talos-credentials" = {};
"restic-backup/talos-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

View file

@ -1,96 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: let
secrets = config.my.secrets;
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./disko-configuration.nix
./home.nix
./secrets.nix
];
boot.loader.grub.enable = true;
boot.tmp.useTmpfs = true;
networking.hostName = "thanatos"; # Define your hostname.
networking.domain = "lrde.epita.fr";
# Set your time zone.
time.timeZone = "Europe/Paris";
# List services that you want to enable:
my.services = {
tailscale = {
enable = true;
useRoutingFeatures = "both";
};
};
services = {
gitlab-runner = {
enable = true;
settings = {
concurrent = 4;
};
services = {
nix = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-nix-runner-env".path;
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])}
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
${pkgs.nix}/bin/nix-channel --update nixpkgs
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
};
default = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path;
dockerImage = "debian:stable";
};
};
};
openssh.enable = true;
};
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
docker-compose
];
}

View file

@ -1,52 +0,0 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/ata-CT250MX500SSD1_2301E69A20C4";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = ["compress=zstd" "noatime"];
};
"/home" = {
mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime"];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "8G";
};
};
};
};
};
};
};
};
};
}

View file

@ -1,29 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -1,7 +0,0 @@
{config, ...}: {
home-manager.users.alarsyo = {
home.stateVersion = "23.11";
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
};
}

View file

@ -1,22 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
"gitlab-runner/thanatos-runner-env" = {};
"gitlab-runner/thanatos-nix-runner-env" = {};
};
};
}

View file

@ -1,7 +0,0 @@
{...}: {
imports = [
./sddm.nix
./secrets
./wakeonwlan.nix
];
}

View file

@ -1,31 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.displayManager.sddm;
in {
options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup";
config = mkIf cfg.enable {
services.displayManager.sddm = {
enable = true;
theme = "catppuccin-latte";
wayland.enable = true;
};
environment.systemPackages = [
(pkgs.catppuccin-sddm.override
{
flavor = "latte";
})
];
};
}

View file

@ -1,7 +0,0 @@
{
config,
lib,
options,
...
}: {
}

View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw E972A3kem7+3ul2Ai8TV8EVkF9upClr46y1pbN+AfDY
qZdZuv+F9c46uxKWYdBKp6AGkTA5IEjcBwDlBHpEbCU
-> ssh-ed25519 pX8y2g WEBknhwaTqfVzaLQRg1tfEY/aGZDFnH0PvXOZ3pC1k8
A23ELihRVsx8jhTcJAy3a1/saKWPc6ojf8HhPHj0niw
-> ssh-ed25519 z6Eu8Q IsN3L8xlk8VwrqUByYiUhthAk06KCn6hcYlZrodk/Vg
lX/SjRJIZEt1/Q6iLKFiUTHB4eH8ig4WJN79mU/AVUw
-> &r29]-grease #}
100ULy2nfLIOODMNPyvq0ATuGdVBAgwcXAs
--- VkOZ7Vy9R4QPqvgAveJae/L4/nuDnQ/bAoN7UEKzxyw
wQ{3ɔ3
m2eÞ?×ò¥. M„<19>:Df)ïˆ;t {zR½ªo ñ²‡òE#c·çáéTE…Ú9¹H67ÊqAÜ_Lb}

View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw naNq55qkAm47KXPJpYFDjVQuxPz2Ffpima5z1WEqRSA
ETC3Hh4gglwYpiJCu/EGOUzjN3BJYk8yJshMeMkgYug
-> ssh-ed25519 6UUuZw Azk9jDbUL/nO20lvzs0s36q/4ZcWSpkUbt1J/PE7A2M
kPKHGLoWHDpFhsRr+CBteWKYsDw0dn/+IKbrh/5qMoE
--- g1akMn28voSQByQR9/ArJ4CsQehcwJ7MfCco+k2fPWo
YMZÓíî:ú{R­^n~ó½±ã¢ÊwPaª§h£8<C2A3>T'hcmªe(<28>ÝXx=7”‡Ë¢[äË4@b=“&ª®æYÅ;‘€Ü[„ª¹ØÁˆß¿kôk>ˆ540ÞGâŒ÷ðÌŸ­±Q<C2B1>Êë·±Ÿw¡

View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw R7jnkS7fFFSouPgvjrCnyfWNHOanOWKVUDp4Fd2xqFU
MdWD5E8dWfDHqFNTDCqOlyMhwpfEtqhlpnx3opft70w
-> ssh-ed25519 pX8y2g /CAWr94ucfxWKLWQPSQD2fl09TuUZELywWoZgHZS0AY
NeDHZc2ooKl2Bp0nAEY9P/Apdramb2TpHWpx0jkceyk
-> bzN-grease F &,%3jl~w &]8&d*N6 5UJ
58BUbsIwRkkUrNoSbgbMo/o1tKttXP2YWIJs9cbfXrT6XcO+Km0g90LPbYCmsqTZ
pr8TINM2Wd8RQw
--- 7K7sEw2zIWhuR3intlPGFipaVhHli+tWHqmyobRjLYo
oÔèÛ„Å[\ñ²û¸©lN/X•ô:<03>±Œu¥N¾Öó ƒ{ ïÁmeÿ0A=,h_¤÷è,œ4S&‰ù<E280B0>9œhÙ1/ÄÍž’¥é÷ypa³öz2Ñ€†íTº,©Réâ€U

View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw md0WbIE3MSWLqqerCD4ljh4U+4fWaOhKZxl9RQt+HDo
8Wj+hn5wwzgA6D1zQEaP1WIfmmK6pXVy2ZX5OQ/N0pU
-> ssh-ed25519 pX8y2g ByOhNTkxCHFkOQAOrID+bZEQzwesbnKluY6G5sSUhlg
AybKPZKzELtvWTT/Kmc+zs7KC4GB9214GUdnWMhGnmo
-> QK!x#/y-grease c|K1% \ug . >WFn:bI
Cgx9qaPIUk1hGKtQYJ6kNk/+bHTJ
--- YwtEWMiVxfvMGE1ngDiy/dALw/Y9YAxduaqlVgPNqdk
ÿ¿zîóÑF(Ã8§?VÁJýæávH(kÔ9o\!£Ê¿ˆÐÓN7é@«àY#ÕÓ19êümùV¢}ŸZðضQWEÇ’þ}v/éƒ<® õ»æh‰­¶T3†vN ®”1

View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw XED7gkKAp1ioBegA7ryqULRF1BORpW74esfIGp9zPE8
ANxnQN+tox9KYdZvNZFZvQxOymckldPQMhFnz6fSIBo
-> ssh-ed25519 pX8y2g 9wgPqL6GoOxad5AAUmDAYj0h/57AEM8VsQKq1pGTtjM
SxD++XJioZLpt6C8Xse5Nmz4wtL0Fb5NKWo5ijKpyv8
--- 3qOJnkY3Uc4fIex9mgz2+w+su5dS7K7Tmtk1hiqkn9M
ÁXª¨àeéˆaLQ H2*ZÅTé¿ ®P;Ý(jCÌ€k‡ viäµû<C2B5>ÿħ¡à†kæ`™ô]mò<6D>ÿBñ ,³±,ü÷?!¶{àŠ%­eÙì(„Su¿-SŸD¢¾“=H#‡„¼Þq=ï<>Uùí;=OÍ <÷R¼ÇÎE±“<+&­èdÂæ<18>>G+_oP¥Þ]ÿê¦RÄßL$Ö³\š°ü0ø¤N!þ"Áã&÷%Nž à<ËÃ,òv°1ÿÊÚj1

View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw Cnh9E+IbDcTnJT0AmN1pFJ9PrT/bWswps3viYITN2yo
DwsFW60Su9sble5QFEjX5QoWVl/lMBsqAPWK+AB9epw
-> ssh-ed25519 pX8y2g fMdWosCSxRpJSA3VGDEyWzeQfTJD5sPnu38MrcJJ1A8
g16EuuS95pIeUuLZfqXR4Mey2GKiXRlxA2KRLD1RVns
-> s*.sKB4H-grease V9A)DG( T<yeD0a<
kaz3Ejq54nizMyMabG2TBzJ/oy8VIUKxQcXgWjM6CZp+8j36y5LtnR7osDZRzs27
Yf+Y52QuZWswmD+tC+VxaQUpdd+3xvv2MH7D5ih2tTXy9/wZFKWTvIsvKBKz7dOQ
--- Y6f3eO8mQAb/gAG4CnbxZa7L+FVBCd3v33tXf01pKLg
«Ø<fÂÇEGuñ‰x#ô;ZÔ/@%:ºì(&&ºXVøø¹Û"ö¾Î‘ñö,y`~n]BÅïî=Š\v8Œø´Ç¸”ŸþcO(7˜ú<CB9C>¡eÍXÝ0éÎ

View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw CoGvifgWo1JvHjx3PKJa3jR3lKrvgvKnTTui1w6UR0I
gcadr6WbTzyrPD3h3oDifFj/pMZKIzUfDXL6e6610Is
-> ssh-ed25519 pX8y2g MBFa4xDU6CaH6amzlGTmFXIcAXLq2xykRd0WkeUEkQo
91jV5LUuhvOVKSg2cz3TMKI2SaZvCTzXL/xyUWbYJAg
-> lkH}'\W;-grease nZ K\MP7 HUsh
vWwsKxuBXKwpTBkYERd7kPo
--- xohFX48WGxRFVYQzdbSl7l2Go90FSUPH5ml6OalKJwQ
ÍsüÈùÁòÆ€ã·Õ<12>¡ŸhÝÝõ¦!è,(ÒQlÁök¶þV×ä¬ÛóË~éýÔÍU !ÂûB0 ~ÃÏA!2Ùnp€`²‹’ÕÍìL&¯±³{†}„3%{[)<18>t…®/nÊjb^{<7B>ƒ1Gû[G0ß ¿×‘ò mo˜Ÿˆ« È:naŸ¨Q®¥\âæômfG¾;ù(Sþ¶ŸÉÎå

View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 YWMQkg B5tQXcUdu751YYA4Y8uRH/DgGDi24AsXEAKkCVfg+Ro
21Gz0MsMCtWzUdVuaWdNwEU9Ts8lOQWCd7Ejf2tkxks
-> ssh-ed25519 k2gHjw NIG04WnNgq5bnSl9KmvFyvpGdFlmOFtXzuYtrsFOKXM
ZYZVyIM0jnhguRmfIpRtFg0StgYTlu/P9bgxBy9dbOg
-> u5-grease
MTgqDb6tqCuvdlXj9c2Y3XX1X7JfrdeKLM0EQ75ZJe+Hrntnpvn4fSlBr8QoOahm
fg
--- VzgNZ3/IBQVeYfOMGjnHPDRKoBDdxHth61pevk5+fLw
ŒÙúDíï° ´&…<QØ+¨úþéJoTÇ;US9.©âu'v¸œ,‘Ä@“úÿQKcëÛzÑ>v¢€ÃN1±tòÚ8w<˜Îò“w­°d<C2B0><64>>sG_øæÆšyø„u,þÅ%@J hñ"†Ev‡ÙX

View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw tz1jNUQvZEVHqehFVapGqTzuRS42q/cMxyMxxKq+LzM
kA2ZKO7MJijITas44VeEKSNl801EmGea9k35OXiZ+BE
-> ssh-ed25519 pX8y2g xjtYR+DLpZ8aWXSGnZwbW1LYgIzcFWirKzCFJ8XcFmk
bDXZMuNZexO3Cj0RmzjGA33Xt6eMV1zTqjkw+hFUB54
-> XL-grease ]SR-r g<"^}r I> PHC
i5h9MKFYUKNt
--- arx3EqdP9sGpt3TmJDAHNaF03UL+hfJTle+FSdlP/6A
}èÆÎÔvÒjAÄû§Ëò<7A>“TGWïv¼B ¼ª0<C2AA><ñá;ZïYªü{ª·ÂŽL<´\è‰Å<E280B0>>…Ì4¿o~€ã,šËèš«^4^yl\Ftgd<>Ä
G±Æ²æ*"”

View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw oSO/cLGLMkjqRIjYewTqtOccb7CLSmODK+B6Kb/L/gk
cGU5gafJCeX/o3qqcNNPGIAXbAwm8sZi59QIDqcmWUA
-> ssh-ed25519 z6Eu8Q FMOXZNxOrbT95XR5R6tul1A+aiCP/QHRsCZraA/SZmw
UXjp7Z93U56hZ9f/OijkzZ1UCRf+VVwD0b1dY04lCVs
-> )-grease
qkTAz5YAzx5TLvSvmiAL1EDt3pYUgwdMMcRKDBdTBrvxeQE
--- EBQNvbSPDyq5SFKU517JyM024/zZx0DqoxMiP9jzlSs
rP+áÕôy¯j‡²f>ï9ÓÈŽÌ·ýwÕtØ6šsˆgƒ½/tØÞàSÍ—ì¡Ø\fZªêª<C3AA>N?v·ŒÚ
µ1÷I휹+uݾU-ëCfÜn1`cò-RCéêP'¿zB)¿ØFŽ` äV<C3A4>ÖBKX

Some files were not shown because too many files have changed in this diff Show more