diff --git a/common/default.nix b/common/default.nix index fc54ad9..2be6122 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,20 +1,22 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let inputs = config.inputInjection.flake-inputs; unstable = inputs.nixos-unstable; - in { - imports = - [ - ./packages.nix - ./nitrokey.nix - ]; + imports = [ + ./packages.nix + ./nitrokey.nix + ]; services.davfs2.enable = true; - # exfat support #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; @@ -38,11 +40,10 @@ in # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.bash.enableCompletion = true; - programs.wireshark = - { - enable = true; - package = pkgs.wireshark; - }; + programs.wireshark = { + enable = true; + package = pkgs.wireshark; + }; programs.adb.enable = true; @@ -59,79 +60,88 @@ in # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; - networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; - networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect + networking.firewall.allowedTCPPortRanges = [ + { + from = 1714; + to = 1764; + } + ]; + networking.firewall.allowedUDPPortRanges = [ + { + from = 1714; + to = 1764; + } + ]; # for KDE connect # FIXME: kdeconnect module # Or disable the firewall altogether. # networking.firewall.enable = false; - networking.networkmanager = { + networking.networkmanager = { enable = true; # FIXME: move into own file, use SOPS for secrets ensureProfiles.profiles = { - "37C3" = { - connection = { - id = "37C3"; - type = "wifi"; - interface-name = "wlan0"; - }; - wifi = { - mode = "infrastructure"; - ssid = "37C3"; - }; - wifi-security = { - auth-alg = "open"; - key-mgmt = "wpa-eap"; - }; - "802-1x" = { - anonymous-identity = "37C3"; - eap = "ttls;"; - identity = "37C3"; - password = "37C3"; - phase2-auth = "pap"; - altsubject-matches = "DNS:radius.c3noc.net"; - ca-cert = "${builtins.fetchurl { - url = "https://letsencrypt.org/certs/isrgrootx1.pem"; - sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92"; - }}"; - }; - ipv4 = { - method = "auto"; - }; - ipv6 = { - addr-gen-mode = "default"; - method = "auto"; + "37C3" = { + connection = { + id = "37C3"; + type = "wifi"; + interface-name = "wlan0"; + }; + wifi = { + mode = "infrastructure"; + ssid = "37C3"; + }; + wifi-security = { + auth-alg = "open"; + key-mgmt = "wpa-eap"; + }; + "802-1x" = { + anonymous-identity = "37C3"; + eap = "ttls;"; + identity = "37C3"; + password = "37C3"; + phase2-auth = "pap"; + altsubject-matches = "DNS:radius.c3noc.net"; + ca-cert = "${builtins.fetchurl { + url = "https://letsencrypt.org/certs/isrgrootx1.pem"; + sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92"; + }}"; + }; + ipv4 = { + method = "auto"; + }; + ipv6 = { + addr-gen-mode = "default"; + method = "auto"; + }; }; }; }; -}; services.avahi.enable = true; # Enable CUPS to print documents. - services.printing = - { - enable = true; - drivers = [ pkgs.hplip ]; - }; + services.printing = { + enable = true; + drivers = [ pkgs.hplip ]; + }; # scanners - hardware.sane = - { - enable = true; - extraBackends = [ pkgs.hplip ]; - }; + hardware.sane = { + enable = true; + extraBackends = [ pkgs.hplip ]; + }; # Enable sound. hardware.pulseaudio = { enable = true; # decouple pulseaudio application and sink volumes - daemon.config = { flat-volumes = "no"; }; + daemon.config = { + flat-volumes = "no"; + }; # C3D2 hq music zeroconf.discovery.enable = true; zeroconf.publish.enable = true; }; - # Bluetooth hardware.bluetooth = { enable = true; @@ -141,7 +151,6 @@ in package = pkgs.pulseaudioFull; }; - # FIXME: at some point, hide GUI and sound (desktop vs. server) behind an option # Enable the X11 windowing system. services.xserver.enable = true; @@ -160,8 +169,8 @@ in # dconf required for several Gnome applications programs.dconf.enable = true; - - programs.firefox.enable = true; # enables support for automatically setting additionsl nativeMessagingHosts + + programs.firefox.enable = true; # enables support for automatically setting additionsl nativeMessagingHosts # Flatpak support services.flatpak.enable = true; @@ -171,7 +180,18 @@ in users.users.spiollinux = { isNormalUser = true; uid = 1000; - extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" "input" "adbusers" ]; + extraGroups = [ + "vboxusers" + "wheel" + "networkmanager" + "scanner" + "lp" + "wireshark" + "dialout" + "cdrom" + "input" + "adbusers" + ]; shell = pkgs.zsh; }; @@ -184,11 +204,10 @@ in nixpkgs.config.whitelistedLicenses = [ pkgs.lib.licenses.virtualbox-puel ]; users.extraGroups.vboxusers.members = [ "spiollinux" ]; - programs.zsh = - { - enable = true; - autosuggestions.enable = true; - }; + programs.zsh = { + enable = true; + autosuggestions.enable = true; + }; # profile sync daemon services.psd.enable = true; @@ -208,13 +227,17 @@ in nixpkgs.flake = inputs.nixpkgs; }; nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; - # keep build-time deps around for offline-rebuilding + # keep build-time deps around for offline-rebuilding settings = { # keep around all inputs necessary for offline-rebuilding the system keep-outputs = true; keep-derivations = true; trusted-users = [ "spiollinux" ]; - experimental-features = [ "nix-command" "flakes" "repl-flake" ]; + experimental-features = [ + "nix-command" + "flakes" + "repl-flake" + ]; # use all cores for building cores = 0; }; @@ -254,6 +277,4 @@ in # stop NetworkManager from managing virtual interfaces networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; - - } diff --git a/common/nitrokey.nix b/common/nitrokey.nix index dc6ed75..40457d1 100644 --- a/common/nitrokey.nix +++ b/common/nitrokey.nix @@ -1,11 +1,13 @@ -{ pkgs, lib, ...}: +{ pkgs, lib, ... }: { -hardware.nitrokey.enable = true; -environment.systemPackages = [ pkgs.pynitrokey ]; -nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "nrfutil" - "pc-ble-driver-py" - "pc-ble-driver" - "pypemicro" -]; + hardware.nitrokey.enable = true; + environment.systemPackages = [ pkgs.pynitrokey ]; + nixpkgs.config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "nrfutil" + "pc-ble-driver-py" + "pc-ble-driver" + "pypemicro" + ]; } diff --git a/common/packages.nix b/common/packages.nix index d507b42..e1316c4 100644 --- a/common/packages.nix +++ b/common/packages.nix @@ -1,89 +1,98 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: -{ +{ # take overlays from flake nixpkgs.overlays = lib.attrValues config.inputInjection.flake-inputs.self.overlays; # List packages installed in system profile. - environment.systemPackages = with pkgs; [ - wget - vim - vimPlugins.vim-nix - vimPlugins.pathogen - tmux - htop - zsh - btrfs-progs - git - python3 - man-pages - dnsutils - netcat-openbsd - ntfs3g - file - multipath-tools - strace - ltrace - valgrind - testdisk - rsync - pv - exfat - iotop - cifs-utils - dstat - lsof - macchanger - borgbackup + environment.systemPackages = + with pkgs; + [ + wget + vim + vimPlugins.vim-nix + vimPlugins.pathogen + tmux + htop + zsh + btrfs-progs + git + python3 + man-pages + dnsutils + netcat-openbsd + ntfs3g + file + multipath-tools + strace + ltrace + valgrind + testdisk + rsync + pv + exfat + iotop + cifs-utils + dstat + lsof + macchanger + borgbackup - # for debugging WLAN failures: - ethtool - trace-cmd - - # NetworkManager stuff - networkmanager-openconnect - networkmanager-vpnc - networkmanager-openvpn - plasma5Packages.kdeGear.akonadi-mime # for KOrganizer + # for debugging WLAN failures: + ethtool + trace-cmd + + # NetworkManager stuff + networkmanager-openconnect + networkmanager-vpnc + networkmanager-openvpn + plasma5Packages.kdeGear.akonadi-mime # for KOrganizer ] - ++ (with plasma5Packages; with kdeGear; [ - #akonadi - #akonadi-calendar - #akonadi-contacts - #akonadi-import-wizard - #akonadi-mime - #akonadi-notes - #akonadi-search - #akonadiconsole - #akregator - #kaddressbook - #kalarm - #kalarmcal - #kcalutils - #kcontacts - #kdav - #kdepim-addons + ++ ( + with plasma5Packages; + with kdeGear; + [ + #akonadi + #akonadi-calendar + #akonadi-contacts + #akonadi-import-wizard + #akonadi-mime + #akonadi-notes + #akonadi-search + #akonadiconsole + #akregator + #kaddressbook + #kalarm + #kalarmcal + #kcalutils + #kcontacts + #kdav + #kdepim-addons - #kdepim-runtime - #kidentitymanagement - #kldap - #kmail - #kmailtransport - #kmbox - #kmime - #kontact - #kontactinterface - #korganizer - #kpimtextedit - #libkdepim - #libksieve - #mailcommon - #messagelib - #pimcommon - #pim-sieve-editor + #kdepim-runtime + #kidentitymanagement + #kldap + #kmail + #kmailtransport + #kmbox + #kmime + #kontact + #kontactinterface + #korganizer + #kpimtextedit + #libkdepim + #libksieve + #mailcommon + #messagelib + #pimcommon + #pim-sieve-editor - # for some Flatpak packkages - accountsservice - ]); + # for some Flatpak packkages + accountsservice + ] + ); } - - diff --git a/flake.nix b/flake.nix index 3f1d182..4d0d2ce 100644 --- a/flake.nix +++ b/flake.nix @@ -19,94 +19,118 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nur.url = "github:nix-community/NUR"; + nur.url = "github:nix-community/NUR"; # TODO: possible make this a flake as well mysecrets = { flake = false; url = "git+ssh://gitea@git.orlives.de:2342/schmittlauch/home-manager_secrets.git"; }; - }; - outputs = - { self, nixpkgs, nur, lanzaboote, utils, home-manager, treefmt-nix, ... }@inputs: - let - # FIXME: allow different systems - systems = utils.lib.system; - # necessary to make the top-level inputs available to system configuration - # inspired by https://jade.fyi/blog/flakes-arent-real/ - inputInjection = {pkgs, lib, ...}: { - options.inputInjection = lib.mkOption { - type = with lib.types; attrsOf unspecified; - default = {}; - }; - config.inputInjection = { - flake-inputs = inputs; - }; - }; - defaultModules = system: [ - inputInjection - ]; - mkSystem = system: extraModules: - nixpkgs.lib.nixosSystem rec { - modules = (defaultModules system) ++ extraModules; - inherit system; - specialArgs = {inherit system;}; - }; - mkHomeManager = confName: user: system: # unfortunately, home-manager configs are still system-specific - # FIXME: this is thus still linux-x86_64 specific - home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.${system}; - modules = [ - { - imports = [ - nur.hmModules.nur - # TODO: $name can be utilised to conditionally load other config files - ./home/home.nix - ]; - # extends the home config - home.username = user; - home.homeDirectory = "/home/${user}"; - } - ]; - # Optionally use extraSpecialArgs - # to pass through arguments to home.nix - extraSpecialArgs = { - inherit inputs system; - }; - }; - treefmtConf = {pkgs, ...}:{ - projectRootFile = "flake.nix"; - programs.nixfmt-rfc-style.enable = true; - }; - in - { - overlays.default = import ./packages; - nixosConfigurations = { - thinknix = mkSystem systems.x86_64-linux [ ./hosts/thinknix inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t440s lanzaboote.nixosModules.lanzaboote ]; - framenix = mkSystem systems.x86_64-linux [ ./hosts/framenix inputs.nixos-hardware.nixosModules.framework-13-7040-amd lanzaboote.nixosModules.lanzaboote ]; - }; - homeConfigurations.spiollinux = mkHomeManager "spiollinux" "spiollinux" systems.x86_64-linux; - } // utils.lib.eachDefaultSystem(system: + outputs = + { + self, + nixpkgs, + nur, + lanzaboote, + utils, + home-manager, + treefmt-nix, + ... + }@inputs: let - nixpkgs = import inputs.nixpkgs { - inherit system; - overlays = nixpkgs.lib.attrValues self.overlays; + # FIXME: allow different systems + systems = utils.lib.system; + # necessary to make the top-level inputs available to system configuration + # inspired by https://jade.fyi/blog/flakes-arent-real/ + inputInjection = + { pkgs, lib, ... }: + { + options.inputInjection = lib.mkOption { + type = with lib.types; attrsOf unspecified; + default = { }; + }; + config.inputInjection = { + flake-inputs = inputs; + }; + }; + defaultModules = system: [ inputInjection ]; + mkSystem = + system: extraModules: + nixpkgs.lib.nixosSystem rec { + modules = (defaultModules system) ++ extraModules; + inherit system; + specialArgs = { + inherit system; + }; + }; + mkHomeManager = + confName: user: system: # unfortunately, home-manager configs are still system-specific + # FIXME: this is thus still linux-x86_64 specific + home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.${system}; + modules = [ + { + imports = [ + nur.hmModules.nur + # TODO: $name can be utilised to conditionally load other config files + ./home/home.nix + ]; + # extends the home config + home.username = user; + home.homeDirectory = "/home/${user}"; + } + ]; + # Optionally use extraSpecialArgs + # to pass through arguments to home.nix + extraSpecialArgs = { + inherit inputs system; + }; + }; + treefmtConf = + { pkgs, ... }: + { + projectRootFile = "flake.nix"; + programs.nixfmt-rfc-style.enable = true; + }; + in + { + overlays.default = import ./packages; + nixosConfigurations = { + thinknix = mkSystem systems.x86_64-linux [ + ./hosts/thinknix + inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t440s + lanzaboote.nixosModules.lanzaboote + ]; + framenix = mkSystem systems.x86_64-linux [ + ./hosts/framenix + inputs.nixos-hardware.nixosModules.framework-13-7040-amd + lanzaboote.nixosModules.lanzaboote + ]; }; - nixpkgs_unstable = import inputs.nixos-unstable { - inherit system; - overlays = nixpkgs.lib.attrValues self.overlays; - }; - pkgs = inputs.nixpkgs.legacyPackages.${system}; - pkgs_unstable = inputs.nixos-unstable.legacyPackages.${system}; - treefmtEval = treefmt-nix.lib.evalModule pkgs_unstable treefmtConf; - in { - devShells.default = pkgs.mkShell { - buildInputs = []; - }; - formatter = treefmtEval.config.build.wrapper; - checks.formatting = treefmtEval.config.build.check self; - # expose nixpkgs with overlay; TODO: figure out role of config - #legacyPackages = nixpkgs; - }); + homeConfigurations.spiollinux = mkHomeManager "spiollinux" "spiollinux" systems.x86_64-linux; + } + // utils.lib.eachDefaultSystem ( + system: + let + nixpkgs = import inputs.nixpkgs { + inherit system; + overlays = nixpkgs.lib.attrValues self.overlays; + }; + nixpkgs_unstable = import inputs.nixos-unstable { + inherit system; + overlays = nixpkgs.lib.attrValues self.overlays; + }; + pkgs = inputs.nixpkgs.legacyPackages.${system}; + pkgs_unstable = inputs.nixos-unstable.legacyPackages.${system}; + treefmtEval = treefmt-nix.lib.evalModule pkgs_unstable treefmtConf; + in + { + devShells.default = pkgs.mkShell { buildInputs = [ ]; }; + formatter = treefmtEval.config.build.wrapper; + checks.formatting = treefmtEval.config.build.check self; + # expose nixpkgs with overlay; TODO: figure out role of config + #legacyPackages = nixpkgs; + } + ); } diff --git a/home/home.nix b/home/home.nix index 61231dd..fe6cdc2 100644 --- a/home/home.nix +++ b/home/home.nix @@ -1,4 +1,10 @@ -{ pkgs, inputs, config, system, ... }: +{ + pkgs, + inputs, + config, + system, + ... +}: with pkgs; let @@ -45,7 +51,6 @@ let logseq - # for Hibiscus banking software jameica #ToDo: which of these drivers is actually used? @@ -53,21 +58,20 @@ let chromedriver ]; - graphicsApps = [ - inkscape - darktable - hugin - luminanceHDR - exiftool - gimp - xournal - ] - ++ ( - with gimpPlugins; [ + graphicsApps = + [ + inkscape + darktable + hugin + luminanceHDR + exiftool + gimp + xournal + ] + ++ (with gimpPlugins; [ fourier lqrPlugin - ] - ); + ]); multimediaApps = [ mpv @@ -127,39 +131,40 @@ let nix-output-monitor ]; - kdeTools = with plasma5Packages; with kdeGear; [ - okular - gwenview - yakuake - kmail - kontact - korganizer - akonadi-mime #for KOrganizer - kaddressbook - kdeconnect - dolphin - spectacle - kate - kleopatra - qdirstat - ark - kwalletmanager - ktouch - kcharselect - konversation - okteta - krdc - skanlite - akonadiconsole - tokodon # mastodon client - ] - ++ ( - with kdeFrameworks; [ + kdeTools = + with plasma5Packages; + with kdeGear; + [ + okular + gwenview + yakuake + kmail + kontact + korganizer + akonadi-mime # for KOrganizer + kaddressbook + kdeconnect + dolphin + spectacle + kate + kleopatra + qdirstat + ark + kwalletmanager + ktouch + kcharselect + konversation + okteta + krdc + skanlite + akonadiconsole + tokodon # mastodon client + ] + ++ (with kdeFrameworks; [ networkmanager-qt kcrash breeze-gtk - ] - ); + ]); devTools = [ curl @@ -182,39 +187,36 @@ let cabal2nix ]; - latexApps = [ texmaker kile biber # customize texlive installation - ( - texlive.combine { - inherit (texlive) - scheme-medium + (texlive.combine { + inherit (texlive) + scheme-medium - xetex - luatex - unicode-math - fontspec - collection-binextra - collection-fontsrecommended - collection-latex - collection-latexextra - collection-latexrecommended - collection-langgerman - moderncv - fontawesome5 - academicons - acronym - ccicons - fontawesome - biblatex - logreq - koma-script - ; - } - ) + xetex + luatex + unicode-math + fontspec + collection-binextra + collection-fontsrecommended + collection-latex + collection-latexextra + collection-latexrecommended + collection-langgerman + moderncv + fontawesome5 + academicons + acronym + ccicons + fontawesome + biblatex + logreq + koma-script + ; + }) ]; pythonApps = with python3Packages; [ @@ -228,7 +230,6 @@ let mypy ]; - fonts = [ comic-neue source-sans-pro @@ -237,9 +238,7 @@ let ubuntu_font_family twemoji-color-font open-sans - (iosevka-bin.override { - variant = "curly-slab"; - }) + (iosevka-bin.override { variant = "curly-slab"; }) config.nur.repos.schmittlauch.vollkorn # TODO: humor-sans ]; @@ -248,15 +247,14 @@ let superTuxKart #hedgewars ]; - in { nixpkgs.overlays = (import ./overlays.nix); nixpkgs.config = { clementine.spotify = false; - vim = - { gui = "gtk3"; + vim = { + gui = "gtk3"; python = true; multibyteSupport = true; }; @@ -273,18 +271,16 @@ in ++ kdeTools ++ fonts ++ nixHelpers - ++ games - ; + ++ games; programs.home-manager.enable = true; home.stateVersion = "22.11"; - programs.direnv = - { - enable = true; - nix-direnv.enable = true; - enableZshIntegration = true; - }; + programs.direnv = { + enable = true; + nix-direnv.enable = true; + enableZshIntegration = true; + }; # programs.vim = # { enable = true; @@ -292,34 +288,32 @@ in programs.bat.enable = true; - services.gpg-agent = - { - enable = true; - #enableSshSupport = true; - pinentryFlavor = "qt"; - }; + services.gpg-agent = { + enable = true; + #enableSshSupport = true; + pinentryFlavor = "qt"; + }; - programs.ssh = - { - enable = true; - # ssh host config - matchBlocks = - import "${inputs.mysecrets}/ssh_hosts.nix"; - }; + programs.ssh = { + enable = true; + # ssh host config + matchBlocks = import "${inputs.mysecrets}/ssh_hosts.nix"; + }; programs.tmux = { enable = true; keyMode = "vi"; extraConfig = # for direnv not messing up the environment - ''set-option -g update-environment "DIRENV_DIFF DIRENV_DIR DIRENV_WATCHES" - set-environment -gu DIRENV_DIFF - set-environment -gu DIRENV_DIR - set-environment -gu DIRENV_WATCHES - set-environment -gu DIRENV_LAYOUT - - bind-key -T copy-mode-vi 'v' send -X begin-selection - bind-key -T copy-mode-vi 'y' send -X copy-selection-and-cancel''; + '' + set-option -g update-environment "DIRENV_DIFF DIRENV_DIR DIRENV_WATCHES" + set-environment -gu DIRENV_DIFF + set-environment -gu DIRENV_DIR + set-environment -gu DIRENV_WATCHES + set-environment -gu DIRENV_LAYOUT + + bind-key -T copy-mode-vi 'v' send -X begin-selection + bind-key -T copy-mode-vi 'y' send -X copy-selection-and-cancel''; terminal = "screen-256color"; }; @@ -334,120 +328,135 @@ in fonts.fontconfig.enable = true; programs.git = - let contacts = import "${inputs.mysecrets}/contacts.nix"; + let + contacts = import "${inputs.mysecrets}/contacts.nix"; in { enable = true; - includes = [ - { - condition = "gitdir:~/Seafile/Studium/"; - contents = { - user.name = contacts.realName; - user.email = contacts.uniMail; - }; - } - { - condition = "gitdir:~/src/nixpkgs/"; - contents = { - user.name = "Trolli Schmittlauch"; - user.email = contacts.nixosMail; - }; - } - ] - # set default name for several other common locations - ++ map - (dir: { - condition = "gitdir:${dir}"; - contents = { - user.name = "Trolli Schmittlauch"; - user.email = contacts.mainMail; - }; - }) [ "~/src/" "~/bin/" "~/tmp/" "~/nixconfigs/" ]; + includes = + [ + { + condition = "gitdir:~/Seafile/Studium/"; + contents = { + user.name = contacts.realName; + user.email = contacts.uniMail; + }; + } + { + condition = "gitdir:~/src/nixpkgs/"; + contents = { + user.name = "Trolli Schmittlauch"; + user.email = contacts.nixosMail; + }; + } + ] + # set default name for several other common locations + ++ + map + (dir: { + condition = "gitdir:${dir}"; + contents = { + user.name = "Trolli Schmittlauch"; + user.email = contacts.mainMail; + }; + }) + [ + "~/src/" + "~/bin/" + "~/tmp/" + "~/nixconfigs/" + ]; extraConfig = { credential.helper = "cache"; push.default = "simple"; init.defaultBranch = "mainline"; diff.tool = "vimdiff"; merge.tool = "vimdiff"; - core.excludesfile = toString (pkgs.writeText ".gitignore_global" '' - # Direnv stuff - .direnv - .envrc - # Editor files # - ################ - *~ - *.swp - *.swo - ''); + core.excludesfile = toString ( + pkgs.writeText ".gitignore_global" '' + # Direnv stuff + .direnv + .envrc + # Editor files # + ################ + *~ + *.swp + *.swo + '' + ); core.whitespace = "-blank-at-eol,blank-at-eof,space-before-tab"; }; lfs.enable = true; }; - # shell config - programs.zsh = { + # shell config + programs.zsh = { + enable = true; + syntaxHighlighting.enable = true; + history.ignoreSpace = true; + initExtra = '' + # Uncomment following line if you want red dots to be displayed while waiting for completion + COMPLETION_WAITING_DOTS="true" + ### Fix slowness of pastes with zsh-syntax-highlighting.zsh + pasteinit() { + OLD_SELF_INSERT=''${''${(s.:.)widgets[self-insert]}[2,3]} + zle -N self-insert url-quote-magic # I wonder if you'd need `.url-quote-magic`? + } + + pastefinish() { + zle -N self-insert $OLD_SELF_INSERT + } + zstyle :bracketed-paste-magic paste-init pasteinit + zstyle :bracketed-paste-magic paste-finish pastefinish + + # automatic rehash of path completion + zstyle ':completion:*' rehash true + + eval "$(${pkgs.thefuck}/bin/thefuck --alias)" + + ## helper functions + nixify() { + if [ ! -e ./.envrc ]; then + echo "eval \"$(lorri direnv)\"" > .envrc + direnv allow + fi + if [ ! -e shell.nix ]; then + cat > shell.nix <<'EOF' + with import {}; + mkShell { + buildInputs = [ + bashInteractive + ]; + } + EOF + ${"EDITOR:-vim"} default.nix + fi + } + + binpath() { + realpath $(${pkgs.which}/bin/which $1) + } + ''; + + oh-my-zsh = { enable = true; - syntaxHighlighting.enable = true; - history.ignoreSpace = true; - initExtra = '' - # Uncomment following line if you want red dots to be displayed while waiting for completion - COMPLETION_WAITING_DOTS="true" - ### Fix slowness of pastes with zsh-syntax-highlighting.zsh - pasteinit() { - OLD_SELF_INSERT=''${''${(s.:.)widgets[self-insert]}[2,3]} - zle -N self-insert url-quote-magic # I wonder if you'd need `.url-quote-magic`? - } - - pastefinish() { - zle -N self-insert $OLD_SELF_INSERT - } - zstyle :bracketed-paste-magic paste-init pasteinit - zstyle :bracketed-paste-magic paste-finish pastefinish - - # automatic rehash of path completion - zstyle ':completion:*' rehash true - - eval "$(${pkgs.thefuck}/bin/thefuck --alias)" - - ## helper functions - nixify() { - if [ ! -e ./.envrc ]; then - echo "eval \"$(lorri direnv)\"" > .envrc - direnv allow - fi - if [ ! -e shell.nix ]; then - cat > shell.nix <<'EOF' - with import {}; - mkShell { - buildInputs = [ - bashInteractive - ]; - } - EOF - ${EDITOR:-vim} default.nix - fi - } - - binpath() { - realpath $(${pkgs.which}/bin/which $1) - } - ''; - - - oh-my-zsh = { - enable = true; - theme = "bira"; - plugins = [ "git" "python" "systemd" "gpg-agent"]; - }; - }; - home.shellAliases = { - ip = "ip --color"; - ipb = "ip --color --brief"; - ll = "ls -l"; - wavesynth = "nix-shell -p sox --run 'play -n synth brownnoise synth pinknoise mix synth 0 0 0 15 40 80 trapezium amod 0.2 20'"; - vim = "nvim"; - }; - home.sessionVariables = { - EDITOR = "nvim"; + theme = "bira"; + plugins = [ + "git" + "python" + "systemd" + "gpg-agent" + ]; }; + }; + home.shellAliases = { + ip = "ip --color"; + ipb = "ip --color --brief"; + ll = "ls -l"; + wavesynth = "nix-shell -p sox --run 'play -n synth brownnoise synth pinknoise mix synth 0 0 0 15 40 80 trapezium amod 0.2 20'"; + vim = "nvim"; + }; + home.sessionVariables = { + EDITOR = "nvim"; + }; } diff --git a/home/overlays.nix b/home/overlays.nix index f2ae044..5a9b213 100644 --- a/home/overlays.nix +++ b/home/overlays.nix @@ -1,9 +1,9 @@ - [ - ( - self: super: - rec { - myVim = with super; neovim.override { configure = { + (self: super: rec { + myVim = + with super; + neovim.override { + configure = { packages.myVimPackage = with pkgs.vimPlugins; { # loaded on start start = [ @@ -25,8 +25,7 @@ ]; }; customRC = builtins.readFile ./vimrc; - };}; - } - ) - + }; + }; + }) ] diff --git a/hosts/framenix/default.nix b/hosts/framenix/default.nix index 3c47240..666a581 100644 --- a/hosts/framenix/default.nix +++ b/hosts/framenix/default.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, system, ...}: +{ + config, + lib, + pkgs, + system, + ... +}: let unstable = config.inputInjection.flake-inputs.nixos-unstable.legacyPackages.${system}; in @@ -22,7 +28,7 @@ in # try newer kernels boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelParams = [ + boot.kernelParams = [ # temporary workaround for white flickering graphics artefacts "amdgpu.sg_display=0" # powersave @@ -65,4 +71,3 @@ in pkgs.framework-tool ]; } - diff --git a/hosts/framenix/hardware-configuration.nix b/hosts/framenix/hardware-configuration.nix index a731402..b9295b2 100644 --- a/hosts/framenix/hardware-configuration.nix +++ b/hosts/framenix/hardware-configuration.nix @@ -1,18 +1,27 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + pkgs, + modulesPath, + ... +}: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction diff --git a/hosts/framenix/storage.nix b/hosts/framenix/storage.nix index 3efa655..b4d5793 100644 --- a/hosts/framenix/storage.nix +++ b/hosts/framenix/storage.nix @@ -1,17 +1,25 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let - fsOptions = [ "noatime" "ssd" "compress=zstd" ]; + fsOptions = [ + "noatime" + "ssd" + "compress=zstd" + ]; in { boot.initrd.luks = { devices = # allow discards on all devices - builtins.mapAttrs (name: val: val // {allowDiscards = true;}) - { + builtins.mapAttrs (name: val: val // { allowDiscards = true; }) { "system".device = "/dev/disk/by-uuid/1838cdc5-9b0b-4c46-9f23-9465549eeb92"; - "cryptswap".device = "/dev/disk/by-uuid/ded7d649-ab3a-42ee-ae4a-f8c4ba029e9c"; + "cryptswap".device = "/dev/disk/by-uuid/ded7d649-ab3a-42ee-ae4a-f8c4ba029e9c"; }; - reusePassphrases = true; + reusePassphrases = true; }; fileSystems = { @@ -37,7 +45,10 @@ in services.fstrim.enable = true; services.btrfs.autoScrub = { enable = true; - fileSystems = [ "/" "/home" ]; + fileSystems = [ + "/" + "/home" + ]; }; boot.tmp.useTmpfs = true; diff --git a/hosts/framenix/swap.nix b/hosts/framenix/swap.nix index 262809c..ce2347e 100644 --- a/hosts/framenix/swap.nix +++ b/hosts/framenix/swap.nix @@ -1,7 +1,5 @@ { - swapDevices = - [ { device = "/dev/disk/by-uuid/24c47f3d-0d3e-4575-92a2-174b5a6b6086"; } - ]; + swapDevices = [ { device = "/dev/disk/by-uuid/24c47f3d-0d3e-4575-92a2-174b5a6b6086"; } ]; zramSwap = { enable = true; diff --git a/hosts/thinknix/default.nix b/hosts/thinknix/default.nix index ff1a2ff..a7344b4 100644 --- a/hosts/thinknix/default.nix +++ b/hosts/thinknix/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ...}: +{ + config, + lib, + pkgs, + ... +}: { imports = [ ../../common @@ -10,7 +15,6 @@ ./secureboot.nix ]; - hardware.trackpoint = { enable = true; sensitivity = 180; @@ -19,7 +23,6 @@ networking.hostName = "thinknix"; - # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you diff --git a/hosts/thinknix/hardware-configuration.nix b/hosts/thinknix/hardware-configuration.nix index 18c7846..e60ac46 100644 --- a/hosts/thinknix/hardware-configuration.nix +++ b/hosts/thinknix/hardware-configuration.nix @@ -1,20 +1,28 @@ -{ config, lib, pkgs, modulesPath, ... }: - +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ehci_pci" + "ahci" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = []; + boot.extraModulePackages = [ ]; nix.settings.max-jobs = lib.mkDefault 4; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; # modesetting is always better than intel (legacy) services.xserver.videoDrivers = [ "modesetting" ]; - } diff --git a/hosts/thinknix/secureboot.nix b/hosts/thinknix/secureboot.nix index 41eb516..657838e 100644 --- a/hosts/thinknix/secureboot.nix +++ b/hosts/thinknix/secureboot.nix @@ -1,11 +1,14 @@ -{ config, lib, pkgs, ...}: -{ +{ + config, + lib, + pkgs, + ... +}: +{ boot.loader.efi.canTouchEfiVariables = true; # UEFI secure boot - environment.systemPackages = [ - pkgs.sbctl - ]; + environment.systemPackages = [ pkgs.sbctl ]; # Lanzaboote currently replaces the systemd-boot module. # This setting is usually set to true in configuration.nix # generated at installation time. So we force it to false @@ -16,5 +19,4 @@ enable = true; pkiBundle = "/etc/secureboot"; }; - } diff --git a/hosts/thinknix/storage.nix b/hosts/thinknix/storage.nix index 55b9a0a..169cca6 100644 --- a/hosts/thinknix/storage.nix +++ b/hosts/thinknix/storage.nix @@ -1,19 +1,28 @@ -{ config, lib, pkgs, ...}: +{ + config, + lib, + pkgs, + ... +}: let - fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ]; + fsOptions = [ + "noatime" + "ssd" + "space_cache" + "compress=zstd" + ]; in { # encrypted partitions boot.initrd.luks = { devices = # allow discards on all devices - builtins.mapAttrs (name: val: val // {allowDiscards = true;}) - { + builtins.mapAttrs (name: val: val // { allowDiscards = true; }) { "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef"; "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa"; "ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1"; }; - reusePassphrases = true; + reusePassphrases = true; }; fileSystems = { @@ -57,16 +66,20 @@ in services.fstrim.enable = true; services.btrfs.autoScrub = { enable = true; - fileSystems = [ "/" "/home" ]; + fileSystems = [ + "/" + "/home" + ]; }; - boot.tmp.useTmpfs = true; fileSystems."/tmp".fsType = "tmpfs"; - services.smartd = - { - enable = true; - devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }]; - }; + services.smartd = { + enable = true; + devices = [ + { device = "/dev/sda"; } + { device = "/dev/sdb"; } + ]; + }; } diff --git a/hosts/thinknix/swap.nix b/hosts/thinknix/swap.nix index 5aeb2bc..d600057 100644 --- a/hosts/thinknix/swap.nix +++ b/hosts/thinknix/swap.nix @@ -1,7 +1,5 @@ { - swapDevices = [ - { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; } - ]; + swapDevices = [ { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; } ]; zramSwap = { enable = true; diff --git a/nixos/Hash2PubTestbed.nix b/nixos/Hash2PubTestbed.nix index 1efbfe6..99c4cac 100644 --- a/nixos/Hash2PubTestbed.nix +++ b/nixos/Hash2PubTestbed.nix @@ -1,10 +1,15 @@ -{ config, pkgs, experimentUid ? 1000, ... }: +{ + config, + pkgs, + experimentUid ? 1000, + ... +}: let projectDir = "/home/spiollinux/Seafile/Studium/Semester11/INF-PM-FP-ANW"; projectPath = builtins.toPath projectDir; projectMount = "/mnt/project"; - shell = (import (projectDir + "/Hash2Pub/default.nix") {}).shell; + shell = (import (projectDir + "/Hash2Pub/default.nix") { }).shell; simulationSetupScript = pkgs.writeShellScriptBin "simulationSetup" '' # make cabal-install work offline mkdir $HOME/.cabal @@ -12,25 +17,30 @@ let # run simulation script within the shell ${pkgs.nix}/bin/nix-shell ${shell.drvPath} --command "cd ${projectMount} && bash ./build/simulationrunner.sh 2>&1" - ''; - instanceData = builtins.fromJSON (builtins.readFile "${projectDir}/simulationData/inputs/generated/instances_sample.json"); - + ''; + instanceData = builtins.fromJSON ( + builtins.readFile "${projectDir}/simulationData/inputs/generated/instances_sample.json" + ); in { privateNetwork = true; ephemeral = true; bindMounts = { - "${projectMount}" = { hostPath = projectDir; isReadOnly = false; }; + "${projectMount}" = { + hostPath = projectDir; + isReadOnly = false; + }; }; config = { networking = { firewall.enable = false; - interfaces.lo.ipv6.addresses = - builtins.map (inst: {address = inst.ip; prefixLength = 0;}) instanceData; - extraHosts = - pkgs.lib.concatMapStringsSep "\n" (inst: "${inst.ip} ${inst.hostname}") instanceData; + interfaces.lo.ipv6.addresses = builtins.map (inst: { + address = inst.ip; + prefixLength = 0; + }) instanceData; + extraHosts = pkgs.lib.concatMapStringsSep "\n" (inst: "${inst.ip} ${inst.hostname}") instanceData; }; # avoid permission problems with project builds users.users.experimentor = { @@ -39,12 +49,14 @@ in }; # adjust open file limits - security.pam.loginLimits = [{ - domain = "*" - ; type = "-" - ; item = "nofile" - ; value = "50000" - ;}]; + security.pam.loginLimits = [ + { + domain = "*"; + type = "-"; + item = "nofile"; + value = "50000"; + } + ]; environment.systemPackages = [ pkgs.netcat @@ -55,7 +67,7 @@ in pkgs.iftop (pkgs.writeShellScriptBin "doSimulation" '' su experimentor -c "${simulationSetupScript}/bin/simulationSetup" - '') + '') pkgs.tcpdump ]; }; diff --git a/packages/default.nix b/packages/default.nix index 557002f..3a8553f 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -8,5 +8,4 @@ final: prev: { }) ]; }); - }