schmittlauch/nixconfigs
2
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Compare commits

base: schmittlauch:mainline
Branches Tags
schmittlauch:mainline
schmittlauch:darwin-patch-nodejs_20
schmittlauch:workmac
schmittlauch:amd-pmf-debugging
schmittlauch:modularise-config
schmittlauch:flake-conversion
..
compare: schmittlauch:darwin-patch-nodejs_20
Branches Tags
schmittlauch:mainline
schmittlauch:darwin-patch-nodejs_20
schmittlauch:workmac
schmittlauch:amd-pmf-debugging
schmittlauch:modularise-config
schmittlauch:flake-conversion

No commits in common. "mainline" and "darwin-patch-nodejs_20" have entirely different histories.
mainline ... darwin-pat

21 changed files with 403 additions and 510 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.git-blame-ignore-revs
View file

@ -1 +0,0 @@
ce54be9aac846c7798307d6d6fcee3346c01f601

18
common/default.nix
View file

@ -28,6 +28,7 @@ in
# configure console
console = {
font = "Lat2-Terminus16";
keyMap = "de";
};
@ -67,6 +68,19 @@ in
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
networking.firewall.allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
networking.firewall.allowedUDPPortRanges = [
{
from = 1714;
to = 1764;
}
]; # for KDE connect
# FIXME: kdeconnect module
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -157,7 +171,6 @@ in
kontact = true;
merkuro = true;
};
programs.kdeconnect.enable = true;
# enable wayland for Chromium and Electron
environment.sessionVariables.NIXOS_OZONE_WL = "1";
@ -168,7 +181,7 @@ in
# Flatpak support
services.flatpak.enable = true;
xdg.portal.extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-kde ];
# Define a user account. Don't forget to set a password with `passwd`.
users.users.spiollinux = {
@ -256,5 +269,4 @@ in
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
services.dbus.implementation = "broker";
system.rebuild.enableNg = true;
}

5
common/nitrokey.nix
View file

@ -1,10 +1,7 @@
{ pkgs, lib, ... }:
{
hardware.nitrokey.enable = true;
environment.systemPackages = [
pkgs.pynitrokey
pkgs.nitrokey-app2
];
environment.systemPackages = [ pkgs.pynitrokey ];
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [

4
common/packages.nix
View file

@ -11,8 +11,6 @@
nixpkgs.config.permittedInsecurePackages = [
# (temporarily) permit the usage of libolm
"olm-3.2.16"
# dependency of pynitrokey
"python3.12-ecdsa-0.19.1"
];
# List packages installed in system profile.
@ -42,7 +40,7 @@
exfat
iotop
cifs-utils
dool
dstat
lsof
macchanger
borgbackup

2
common/pulseaudio.nix
View file

@ -1,7 +1,7 @@
{ pkgs, ... }:
{
# Enable sound.
services.pulseaudio = {
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
# decouple pulseaudio application and sink volumes

6
darwin/configuration.nix
View file

@ -4,6 +4,7 @@
imports = [ ../common/nix-settings.nix ];
nix = {
enable = true;
package = pkgs.nixVersions.nix_2_25;
settings = {
trusted-users = [
"os"
@ -17,10 +18,12 @@
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"flyingcircus.io-1:Rr9CwiPv8cdVf3EQu633IOTb6iJKnWbVfCC8x8gVz2o="
];
sandbox = "relaxed";
};
};
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages = [ pkgs.vim ];
@ -35,7 +38,6 @@
# system-wide SSH configuration, used by nix-daemon for remote builders
# show hidden files
system.primaryUser = "os";
system.defaults.NSGlobalDomain.AppleShowAllFiles = true;
# Used for backwards compatibility, please read the changelog before changing.

80
flake.lock generated
View file

@ -102,16 +102,16 @@
]
},
"locked": {
"lastModified": 1758463745,
"narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
"lastModified": 1747020534,
"narHash": "sha256-D/6rkiC6w2p+4SwRiVKrWIeYzun8FBg7NlMKMwQMxO0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
"rev": "b4bbdc6fde16fc2051fcde232f6e288cd22007ca",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
@ -163,27 +163,27 @@
]
},
"locked": {
"lastModified": 1759509947,
"narHash": "sha256-4XifSIHfpJKcCf5bZZRhj8C4aCpjNBaE3kXr02s4rHU=",
"lastModified": 1743127615,
"narHash": "sha256-+sMGqywrSr50BGMLMeY789mSrzjkoxZiu61eWjYS/8o=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "000eadb231812ad6ea6aebd7526974aaf4e79355",
"rev": "fc843893cecc1838a59713ee3e50e9e7edc6207c",
"type": "github"
},
"original": {
"owner": "LnL7",
"ref": "nix-darwin-25.05",
"ref": "nix-darwin-24.11",
"repo": "nix-darwin",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1761933221,
"narHash": "sha256-rNHeoG3ZrA94jczyLSjxCtu67YYPYIlXXr0uhG3wNxM=",
"lastModified": 1747129300,
"narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "7467f155fcba189eb088a7601f44fbef7688669b",
"rev": "e81fd167b33121269149c57806599045fd33eeed",
"type": "github"
},
"original": {
@ -195,11 +195,11 @@
},
"nixos-unstable": {
"locked": {
"lastModified": 1761907660,
"narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=",
"lastModified": 1746904237,
"narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15",
"rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
"type": "github"
},
"original": {
@ -243,27 +243,27 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1761597516,
"narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
"lastModified": 1746957726,
"narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
"rev": "a39ed32a651fdee6842ec930761e31d1f242cb94",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1761907660,
"narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=",
"lastModified": 1746904237,
"narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15",
"rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
"type": "github"
},
"original": {
@ -276,14 +276,15 @@
"nur": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_3",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1762096902,
"narHash": "sha256-79Ly39dSmA5JfuLPZDaZbO0V3jUQyrbpgA+8J6Z+Mug=",
"lastModified": 1747261242,
"narHash": "sha256-6p8kO62jbk+LUrDrLT23XbClNRyosnlfh/KCbE5fwnQ=",
"owner": "nix-community",
"repo": "NUR",
"rev": "69ebb60ec4c48dcd88ee714e5fd9f0a330044a0d",
"rev": "e29c558fa4174da179e2e7f9a41c34466a200fda",
"type": "github"
},
"original": {
@ -329,7 +330,7 @@
"nixos-unstable": "nixos-unstable",
"nixpkgs": "nixpkgs_2",
"nur": "nur",
"treefmt-nix": "treefmt-nix",
"treefmt-nix": "treefmt-nix_2",
"utils": "utils"
}
},
@ -372,15 +373,36 @@
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748243702,
"narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=",
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746216483,
"narHash": "sha256-4h3s1L/kKqt3gMDcVfN8/4v2jqHrgLIe4qok4ApH5x4=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "29ec5026372e0dec56f890e50dbe4f45930320fd",
"type": "github"
},
"original": {

9
flake.nix
View file

@ -2,11 +2,11 @@
description = "NixOS system flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixos-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
@ -19,7 +19,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nix-darwin = {
url = "github:LnL7/nix-darwin/nix-darwin-25.05";
url = "github:LnL7/nix-darwin/nix-darwin-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -53,7 +53,7 @@
(import nixpkgs { inherit system; }).applyPatches {
name = "nixpkgs-patched";
src = nixpkgs;
patches = [ ];
patches = [ ./patches/nixos-nixpkgs-362c2bc76d359b908ad1389ee28c23ee0e862324.patch ];
};
# necessary to make the top-level inputs available to system configuration
@ -166,7 +166,6 @@
# inspired by https://github.com/Mic92/dotfiles/blob/main/home-manager/flake-module.nix
# run like: `nix run .#hm -- <action>`
apps.hm = {
meta.description = "Wrapper around home-manager with automatic profile selection";
type = "app";
program = "${pkgs.writeShellScriptBin "hm" ''
set -x

7
home/common.nix
View file

@ -11,7 +11,6 @@
./modules/packages.nix
./modules/vscodium.nix
./modules/fonts.nix
./modules/captive-browser.nix
];
home.homeDirectory =
if pkgs.stdenv.isDarwin then "/Users/${config.home.username}" else "/home/${config.home.username}";
@ -52,7 +51,9 @@
merge.tool = "vimdiff";
# provide `git mergetool -t nixfmt`
mergetool.nixfmt = {
cmd = "${lib.getExe pkgs.nixfmt-rfc-style} --mergetool \"$BASE\" \"$LOCAL\" \"$REMOTE\" \"$MERGED\"";
cmd = "${
lib.getExe inputs.nixos-unstable.legacyPackages.${system}.nixfmt-rfc-style
} --mergetool \"$BASE\" \"$LOCAL\" \"$REMOTE\" \"$MERGED\"";
trustExitCode = true;
};
core.excludesfile = toString (
@ -104,7 +105,7 @@
enable = true;
syntaxHighlighting.enable = true;
history.ignoreSpace = true;
initContent = ''
initExtra = ''
# Uncomment following line if you want red dots to be displayed while waiting for completion
COMPLETION_WAITING_DOTS="true"
### Fix slowness of pastes with zsh-syntax-highlighting.zsh

65
home/desktop.nix
View file

@ -33,45 +33,46 @@
contacts = import "${inputs.mysecrets}/contacts.nix" { inherit lib; };
in
{
includes = [
{
condition = "gitdir:~/Seafile/Studium/";
contents = {
user.name = contacts.personal.name;
user.email = contacts.uni.email;
};
}
{
condition = "gitdir:~/src/nixpkgs/";
contents = {
user.name = "Trolli Schmittlauch";
user.email = contacts.nixOs.email;
};
}
]
# set default name for several other common locations
++
map
(dir: {
condition = "gitdir:${dir}";
includes =
[
{
condition = "gitdir:~/Seafile/Studium/";
contents = {
user = {
inherit (contacts.schmittlauch) email name;
};
user.name = contacts.personal.name;
user.email = contacts.uni.email;
};
})
[
"~/src/"
"~/bin/"
"~/tmp/"
"~/nixconfigs/"
];
}
{
condition = "gitdir:~/src/nixpkgs/";
contents = {
user.name = "Trolli Schmittlauch";
user.email = contacts.nixOs.email;
};
}
]
# set default name for several other common locations
++
map
(dir: {
condition = "gitdir:${dir}";
contents = {
user = {
inherit (contacts.schmittlauch) email name;
};
};
})
[
"~/src/"
"~/bin/"
"~/tmp/"
"~/nixconfigs/"
];
};
services.gpg-agent = {
enable = true;
#enableSshSupport = true;
pinentry.package = pkgs.pinentry-qt;
pinentryPackage = pkgs.pinentry-qt;
};
programs.ssh = {

93
home/modules/captive-browser.nix
View file

@ -1,93 +0,0 @@
{
pkgs,
lib,
inputs,
config,
system,
...
}:
let
tomlFormat = pkgs.formats.toml { };
cfg = config.programs.captive-browser;
inherit (pkgs.stdenv.hostPlatform) isDarwin;
in
{
options.programs.captive-browser = {
enable = lib.mkEnableOption "Enable custom captive-browser in user PATH";
package = lib.mkPackageOption pkgs "captive-browser" { nullable = true; };
settings = lib.mkOption {
type = lib.types.submodule {
freeformType = tomlFormat.type;
options = {
browser = lib.mkOption {
type = lib.types.str;
description = "command to invoke the browser with";
# browser is the shell (/bin/sh) command executed once the proxy starts.
# When browser exits, the proxy exits. An extra env var PROXY is available.
#
# Here, we use a separate Chrome instance in Incognito mode, so that
# it can run (and be waited for) alongside the default one, and that
# it maintains no state across runs. To configure this browser open a
# normal window in it, settings will be preserved.
default = ''
${cfg.browserCommand} \
--user-data-dir="$HOME/Library/Application Support/Google/Captive" \
--proxy-server="socks5://$PROXY" \
--proxy-bypass-list="<-loopback>" \
--no-first-run \
--new-window \
--incognito \
--no-default-browser-check \
--no-crash-upload \
--disable-extensions \
--disable-sync \
--disable-background-networking \
--disable-client-side-phishing-detection \
--disable-component-update \
--disable-translate \
--disable-web-resources \
--safebrowsing-disable-auto-update \
http://example.com
'';
};
};
};
};
interface = lib.mkOption {
type = lib.types.str;
description = "WLAN interface to use";
};
browserCommand = lib.mkOption {
type = lib.types.str;
default = if isDarwin then "open -n -W -a \"Google Chrome\" --args" else (lib.getExe pkgs.chromium);
};
};
config = lib.mkIf cfg.enable {
home.packages = [ cfg.package ];
programs.captive-browser.settings = builtins.mapAttrs (_: lib.mkOptionDefault) {
# dhcp-dns is the shell (/bin/sh) command executed to obtain the DHCP
# DNS server address. The first match of an IPv4 regex is used.
# IPv4 only, because let's be real, it's a captive portal.
dhcp-dns =
if isDarwin then
"ipconfig getoption ${cfg.interface} domain_name_server"
else
"${lib.getExe pkgs.dhcpcd} -U ${cfg.interface} | grep domain_name_servers";
# socks5-addr is the listen address for the SOCKS5 proxy server.
socks5-addr = "localhost:1666";
};
home.file.".config/captive-browser.toml" = lib.mkIf (isDarwin && !config.xdg.enable) {
source = tomlFormat.generate "captive-browser-config" cfg.settings;
};
xdg.configFile."captive-browser.toml" = lib.mkIf (!(isDarwin && !config.xdg.enable)) {
source = tomlFormat.generate "captive-browser-config" cfg.settings;
};
};
}

3
home/modules/latex.nix
View file

@ -43,6 +43,5 @@ in
koma-script
;
})
]
++ lib.optionals config.schmittlauch.latex.guiTools latexGuiTools;
] ++ lib.optionals config.schmittlauch.latex.guiTools latexGuiTools;
}

31
home/modules/llm.nix
View file

@ -1,31 +0,0 @@
{
pkgs,
lib,
inputs,
config,
system,
...
}:
let
myAider = pkgs.aider-chat;
# FIXME: darwin build failure due to cfn-lint-1.32.1
# myAider = pkgs.aider-chat.withOptional {
# withPlaywright = true;
# withBrowser = true;
# withHelp = true;
# withBedrock = false;
# };
in
{
home.packages = [
myAider
pkgs.claude-code
];
#nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "claude-code" ]; # nixpkgs.config merging is unfortunately broken
# TODO: API token e.g. via sops
# TODO: proper codium and llm enable options
home.sessionVariables = {
AIDER_EDITOR = "codium --wait";
DISABLE_TELEMETRY = 1; # for claude-code
};
}

258
home/modules/packages.nix
View file

@ -12,85 +12,83 @@ let
unstable = inputs.nixos-unstable.legacyPackages.${system};
nur = inputs.nur.legacyPackages.${system};
graphicsApps = [
inkscape
darktable
exiftool
]
++ (with gimp3Plugins; [
#fourier # broken
#lqrPlugin # broken
])
++ lib.optionals pkgs.stdenv.isLinux [
gimp3
hugin
#luminanceHDR # FIXME, build failure
xournalpp
]
++ lib.optionals pkgs.stdenv.isDarwin [
gimp
];
graphicsApps =
[
inkscape
darktable
exiftool
gimp
]
++ (with gimpPlugins; [
fourier
lqrPlugin
])
++ lib.optionals pkgs.stdenv.isLinux [
hugin
luminanceHDR
xournal
];
multimediaApps = [
mpv
yt-dlp
]
++ lib.optionals pkgs.stdenv.isDarwin [ vlc-bin ]
++ lib.optionals pkgs.stdenv.isLinux [
vlc
amarok
clementine
kdePackages.elisa
musescore
tenacity
soundkonverter
#nur.repos.fooker.studio-link
];
multimediaApps =
[
mpv
yt-dlp
]
++ lib.optionals pkgs.stdenv.isLinux [
vlc
amarok
clementine
elisa
musescore
tenacity
soundkonverter
#nur.repos.fooker.studio-link
];
cliApps = [
coreutils
myVim
htop
tmux
httpie
rsync
ponysay
gti
tree
lsof
mosh
openssh
sshfs-fuse
sshuttle
cryfs
thefuck
gnupg
unar
lzop
p7zip
pwgen
pandoc
pdfgrep
# zig dependency breaks occasionally, stay on C version for now
ncdu_1
dos2unix
unzip
fswatch
jq
age
lnav
spacer
cliApps =
[
coreutils
myVim
htop
tmux
httpie
ponysay
gti
tree
lsof
mosh
openssh
sshfs-fuse
sshuttle
cryfs
thefuck
gnupg
unar
lzop
p7zip
pwgen
pandoc
pdfgrep
# zig dependency breaks occasionally, stay on C version for now
ncdu_1
dos2unix
unzip
fswatch
jq
age
lnav
spacer
nix-output-monitor # putting this here as a plain `nix` alternative
]
++ lib.optionals pkgs.stdenv.isLinux [
xclip
smbnetfs # for FUSE smb mounting
psmisc # for killall
torsocks
agrep
reptyr # re-bind running program to other tty
];
nix-output-monitor # putting this here as a plain `nix` alternative
]
++ lib.optionals pkgs.stdenv.isLinux [
xclip
smbnetfs # for FUSE smb mounting
psmisc # for killall
torsocks
agrep
reptyr # re-bind running program to other tty
];
nixHelpers = [
nixpkgs-review
@ -98,32 +96,33 @@ let
nix-top
statix
];
devTools = [
curl
httpie
gcc
shellcheck
mtr
ripgrep
fd
gitui
pre-commit
scriv
devTools =
[
curl
httpie
gcc
shellcheck
mtr
ripgrep
fd
gitui
pre-commit
scriv
# Haskell
ghc
cabal2nix
]
++ lib.optionals pkgs.stdenv.isLinux [
gdb
strace
ltrace
valgrind
zeal
];
# Haskell
ghc
cabal2nix
]
++ lib.optionals pkgs.stdenv.isLinux [
gdb
strace
ltrace
valgrind
zeal
];
pythonTools = with python3Packages; [
python # to shadow old macOS python
python3 # to shadow old macOS python
ipython
uv
pip
@ -143,12 +142,13 @@ let
desktopCommon = [
keepassxc
tigervnc
];
desktopLinux = [
firefox
chromium
kdePackages.falkon
falkon
thunderbird
calibre
dino
@ -164,15 +164,15 @@ let
seafile-client
alacritty
libreoffice-qt6 # still with KDE integration
backintime-common
anki
signal-desktop
(tor-browser-bundle-bin.override {
mediaSupport = true;
pulseaudioSupport = pkgs.stdenv.isLinux;
})
tigervnc
rustdesk-flutter
pdfpc
quaternion
nheko
gpxsee
subsurface
@ -183,7 +183,7 @@ let
#(pkgs.pidgin-with-plugins.override {
# plugins = [ pkgs.pidginotr ];})
logseq
unstable.logseq
# for Hibiscus banking software
jameica
@ -192,31 +192,33 @@ let
chromedriver
];
kdeTools = [
okteta
]
++ (with kdePackages; [
okular
gwenview
yakuake
dolphin
spectacle
kate
kleopatra
qdirstat
ark
kwalletmanager
#ktouch # TODO: unbreak
kcharselect
konversation
krdc
skanlite
akonadiconsole
tokodon # mastodon client
networkmanager-qt
kcrash
breeze-gtk
]);
kdeTools =
[
okteta
plasma5Packages.kdeconnect-kde
]
++ (with kdePackages; [
okular
gwenview
yakuake
dolphin
spectacle
kate
kleopatra
qdirstat
ark
kwalletmanager
#ktouch # TODO: unbreak
kcharselect
konversation
krdc
skanlite
akonadiconsole
tokodon # mastodon client
networkmanager-qt
kcrash
breeze-gtk
]);
in
{
options.schmittlauch.packages = {

211
home/modules/vscodium.nix
View file

@ -11,113 +11,112 @@
enable = true;
package = pkgs.vscodium;
mutableExtensionsDir = true;
profiles.default = {
extensions =
with pkgs.vscode-extensions;
[
ms-python.python
charliermarsh.ruff
vscodevim.vim
yzhang.markdown-all-in-one
tamasfe.even-better-toml
eamodio.gitlens
jnoortheen.nix-ide
mkhl.direnv
editorconfig.editorconfig
]
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
name = "sync-rsync-extended";
publisher = "SanderVerschoor";
version = "1.0.1";
sha256 = "sha256-Jsfa1SrK1H0QwlJPEBdrb0gfGiIYoXdtIP32/4g+ceM=";
}
# TODO: probably available in nixpkgs soonish?
{
name = "mypy-type-checker";
publisher = "ms-python";
version = "2023.3.12681020";
sha256 = "sha256-rhed7CQlvxksVCGc9nPU2oYQWtXcAV5TzuG63e8Y3zM=";
}
{
name = "vscode-pets";
publisher = "tonybaloney";
version = "1.25.1";
sha256 = "sha256-as3e2LzKBSsiGs/UGIZ06XqbLh37irDUaCzslqITEJQ=";
}
];
userSettings =
let
defaultPython = pkgs.python3.withPackages (ps: [
ps.jedi
ps.jedi-language-server
ps.pip
ps.setuptools # for pkg_resources
ps.black
ps.mypy
]);
in
extensions =
with pkgs.vscode-extensions;
[
ms-python.python
vscodevim.vim
yzhang.markdown-all-in-one
bungcip.better-toml
eamodio.gitlens
jnoortheen.nix-ide
mkhl.direnv
editorconfig.editorconfig
]
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
{
"telemetry.enableTelemetry" = false; # might not be needed for Codium
"editor.fontLigatures" = true;
"editor.accessibilitySupport" = false; # prevent asking
"editor.cursorBlinking" = "phase";
"editor.stickyScroll.enabled" = true;
"workbench.editor.highlightModifiedTabs" = true;
"window.autoDetectColorScheme" = true;
"workbench.preferredDarkColorTheme" = "Default Dark Modern";
"workbench.preferredLightColorTheme" = "Default Light Modern";
"[nix]" = {
"editor.insertSpaces" = true;
"editor.tabSize" = 2;
# for now, disable automatic formatting to prevent disruption of existing code bases
"editor.formatOnPaste" = false;
"editor.formatOnSave" = false;
"editor.formatOnType" = false;
};
"nix.formatterPath" = lib.getExe pkgs.nixfmt-rfc-style;
"nix.enableLanguageServer" = true;
"nix.serverPath" = lib.getExe pkgs.nixd;
"nix.serverSettings" = { };
"editor.fontSize" = 13;
"editor.fontWeight" = "normal";
"git.detectSubmodulesLimit" = 30;
"[python]" = {
"breadcrumbs.showClasses" = true;
"breadcrumbs.showFunctions" = true;
"gitlens.codeLens.symbolScopes" = [ "!Module" ];
"editor.defaultFormatter" = "charliermarsh.ruff";
"editor.formatOnSave" = true;
# workaround for jedi-language-server < 0.45.1, semantic tokens are still broken
"editor.semanticHighlighting.enabled" = false;
};
"python.experiments.enabled" = false;
"python.languageServer" = "Jedi"; # don't use proprietary pylance server
"python.defaultInterpreterPath" = lib.getExe defaultPython;
"mypy-type-checker.path" = [ "${pkgs.python3Packages.mypy}/bin/dmypy" ];
"mypy-type-checker.preferDaemon" = true;
"mypy-type-checker.importStrategy" = "fromEnvironment";
"mypy-type-checker.args" = [ "--ignore-missing-imports" ];
"ruff.path" = [ (lib.getExe pkgs.ruff) ];
"gitlens.telemetry.enabled" = false;
"vim.highlightedyank.enable" = true;
"vim.history" = 500;
"vim.neovimUseConfigFile" = true;
"vim.enableNeovim" = true;
"git.suggestSmartCommit" = false;
"editor.rulers" = [ 79 ];
"vim.useSystemClipboard" = true;
"vim.smartRelativeLine" = true;
"diffEditor.ignoreTrimWhitespace" = false;
"files.associations" = {
"*.py" = "python";
};
"editor.renderWhitespace" = "all";
"editor.fontFamily" = "Iosevka Curly Slab, Menlo, Monaco, 'Courier New', monospace";
"vim.neovimPath" = lib.getExe pkgs.myVim;
"sync-rsync.options" = [ ];
"direnv.path.executable" = lib.getExe pkgs.direnv;
name = "Sync-Rsync";
publisher = "vscode-ext";
version = "0.36.0";
sha256 = "sha256-0b/OHLZfXo0NAVAVkzZSqMGDzF0uvPRoiqsZtW1iOdA";
}
# TODO: probably available in nixpkgs soonish?
{
name = "mypy-type-checker";
publisher = "ms-python";
version = "2023.3.12681020";
sha256 = "sha256-rhed7CQlvxksVCGc9nPU2oYQWtXcAV5TzuG63e8Y3zM=";
}
{
name = "black-formatter";
publisher = "ms-python";
version = "2023.5.12771008";
sha256 = "sha256-lJG0RRUUMhQGs2a6oBtoqt+uY1kSJ0+cbmaP07hNh2o=";
}
{
name = "vscode-pets";
publisher = "tonybaloney";
version = "1.25.1";
sha256 = "sha256-as3e2LzKBSsiGs/UGIZ06XqbLh37irDUaCzslqITEJQ=";
}
];
userSettings =
let
defaultPython = pkgs.python3.withPackages (ps: [
ps.jedi
ps.jedi-language-server
ps.pip
ps.setuptools # for pkg_resources
ps.black
ps.mypy
]);
in
{
"editor.fontLigatures" = true;
"editor.accessibilitySupport" = false; # prevent asking
"editor.cursorBlinking" = "phase";
"editor.stickyScroll.enabled" = true;
"workbench.editor.highlightModifiedTabs" = true;
"window.autoDetectColorScheme" = true;
"workbench.preferredDarkColorTheme" = "Default Dark Modern";
"workbench.preferredLightColorTheme" = "Default Light Modern";
"[nix]" = {
"editor.insertSpaces" = true;
"editor.tabSize" = 2;
# for now, disable automatic formatting to prevent disruption of existing code bases
"editor.formatOnPaste" = false;
"editor.formatOnSave" = false;
"editor.formatOnType" = false;
};
};
"nix.formatterPath" = lib.getExe pkgs.nixfmt-rfc-style;
"nix.enableLanguageServer" = true;
"nix.serverPath" = lib.getExe pkgs.nixd;
"nix.serverSettings" = { };
"editor.fontSize" = 13;
"editor.fontWeight" = "normal";
"git.detectSubmodulesLimit" = 30;
"[python]" = {
"breadcrumbs.showClasses" = true;
"breadcrumbs.showFunctions" = true;
"gitlens.codeLens.symbolScopes" = [ "!Module" ];
"editor.defaultFormatter" = "ms-python.black-formatter";
"editor.formatOnSave" = true;
};
"python.languageServer" = "Jedi"; # don't use proprietary pylance server
"python.defaultInterpreterPath" = "${defaultPython}/bin/python";
"black-formatter.path" = [ "${pkgs.python3Packages.black}/bin/black" ];
"black-formatter.importStrategy" = "fromEnvironment";
"mypy-type-checker.path" = [ "${pkgs.python3Packages.mypy}/bin/mypy" ];
"mypy-type-checker.importStrategy" = "fromEnvironment";
"mypy-type-checker.args" = [ "--ignore-missing-imports" ];
"gitlens.telemetry.enabled" = false;
"vim.highlightedyank.enable" = true;
"vim.history" = 500;
"vim.neovimUseConfigFile" = true;
"vim.enableNeovim" = true;
"git.suggestSmartCommit" = false;
"editor.rulers" = [ 79 ];
"vim.useSystemClipboard" = true;
"vim.smartRelativeLine" = true;
"diffEditor.ignoreTrimWhitespace" = false;
"files.associations" = {
"*.py" = "python";
};
"editor.renderWhitespace" = "all";
"editor.fontFamily" = "Iosevka Curly Slab, Menlo, Monaco, 'Courier New', monospace";
"vim.neovimPath" = lib.getExe pkgs.myVim;
"sync-rsync.options" = [ ];
"direnv.path.executable" = lib.getExe pkgs.direnv;
};
};
}

78
home/workmac.nix
View file

@ -12,7 +12,6 @@ let
unstable = inputs.nixos-unstable.legacyPackages.${system};
in
{
imports = [ ./modules/llm.nix ];
schmittlauch.packages = {
graphics = true;
@ -25,7 +24,6 @@ in
home.packages = [
wireshark # on NixOS systems enabled via system config
_1password-cli
rectangle
# also TODO: color schemes nix-darwin
];
@ -36,8 +34,10 @@ in
enable = true;
# defaults in bottom match block "*"
# TODO: common config for desktop as well
serverAliveInterval = 10;
serverAliveCountMax = 2; # 2 strikes and you're out
# multiplexer, e.g. to avoid rate limiting on jumphost usage
serverAliveInterval = 60;
controlMaster = "auto";
controlPersist = "4h";
# ssh host config
matchBlocks = {
@ -45,6 +45,7 @@ in
"*" = {
extraOptions = {
IdentityAgent = "\"~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock\"";
#ControlPath = "/tmp/ssh_mux_%h_%p_%r";
};
};
@ -54,27 +55,9 @@ in
};
"fcio-whq-jump" = lib.hm.dag.entryAfter [ "*" ] {
hostname = "vpn-whq.services.fcio.net";
extraOptions = {
LogLevel = "Verbose";
AddressFamily = "inet";
ControlMaster = "auto";
# not too long, due to the frequent keepalives
ControlPersist = "1h";
};
};
"fcio-rzob-jump" = lib.hm.dag.entryAfter [ "*" ] {
# multiplexer, e.g. to avoid rate limiting on jumphost usage
hostname = "vpn-rzob.services.fcio.net";
extraOptions = {
LogLevel = "Verbose";
AddressFamily = "inet";
ControlMaster = "auto";
# not too long, due to the frequent keepalives
ControlPersist = "1h";
};
extraOptions.LogLevel = "Verbose";
};
"fcio-rzob-jump" = lib.hm.dag.entryAfter [ "*" ] { hostname = "vpn-rzob.services.fcio.net"; };
};
};
@ -83,38 +66,34 @@ in
contacts = import "${inputs.mysecrets}/contacts.nix" { inherit lib; };
in
{
includes = [
{
condition = "gitdir:~/src/schmittlauch/";
includes =
[
{
condition = "gitdir:~/src/schmittlauch/";
contents = {
user = {
inherit (contacts.schmittlauch) name email;
};
};
}
]
# set default name for several other common locations
++ map (dir: {
condition = "gitdir:${dir}";
contents = {
user = {
inherit (contacts.schmittlauch) name email;
inherit (contacts.work) name email;
};
};
}
]
# set default name for several other common locations
++ map (dir: {
condition = "gitdir:${dir}";
contents = {
user = {
inherit (contacts.work) name email;
};
};
}) [ "~/" ];
}) [ "~/" ];
};
# some extra shell scripts
programs.zsh.initContent = lib.mkAfter (
programs.zsh.initExtra = lib.mkAfter (
import ./scripts/reporsync.nix { inherit pkgs lib; }
+ import ./scripts/ssh-loop-fc.nix { inherit pkgs lib; }
);
# separate proxied browser using the DHCP-supplied DNS for accessing captive portals
programs.captive-browser = {
enable = true;
interface = "en0";
};
launchd.agents.hydra_proxy = {
enable = true;
config = {
@ -124,7 +103,7 @@ in
"0"
"-D"
"1080"
"-oServerAliveInterval=30"
"-oServerAliveInterval=60"
"-oControlMaster=no"
"-N"
"vpn-whq.services.fcio.net"
@ -134,12 +113,7 @@ in
ThrottleInterval = 60;
};
};
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"1password-cli"
"claude-code"
]; # nixpkgs.config merging is unfortunately broken
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "1password-cli" ];
home.stateVersion = "22.05";
}

3
hosts/framenix/default.nix
View file

@ -32,9 +32,6 @@ in
"amdgpu.abmlevel=1" # adaptive backlight management
];
# disable WLAN powersave
networking.networkmanager.settings.connection."wifi.powersave" = 2;
boot.initrd.systemd.enable = true;
# at boot by default, limit charging capacity to protect battery.

11
hosts/framenix/storage.nix
View file

@ -39,17 +39,6 @@ in
fsType = "vfat";
options = [ "discard" ];
};
# nix/ lix build directory
# lix:
# > If you plan to use a tmpfs, we **strongly recommend** to set `mode=0755` as a mount option for that `tmpfs`, otherwise you are effectively reverting this mitigation.
"/nix/var/nix/builds" = {
device = "tmpfs";
fsType = "tmpfs";
options = [
"mode=0755"
"size=75%"
];
};
};
services.fstrim.enable = true;

1
hosts/thinknix/hardware-configuration.nix
View file

@ -21,6 +21,7 @@
boot.extraModulePackages = [ ];
nix.settings.max-jobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# modesetting is always better than intel (legacy)
services.xserver.videoDrivers = [ "modesetting" ];

1
nixremotebuildermachines
View file

@ -1 +0,0 @@
ssh-ng://schmittlauch@build01.nix-community.org x86_64-linux /root/.ssh/remote_builder_key 64 1 big-parallel,kvm,nixos-test -

26
patches/nixos-nixpkgs-362c2bc76d359b908ad1389ee28c23ee0e862324.patch Normal file
View file

@ -0,0 +1,26 @@
From 362c2bc76d359b908ad1389ee28c23ee0e862324 Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
Date: Mon, 7 Apr 2025 21:03:09 -0400
Subject: [PATCH] nodejs_20: fix test failure on darwin on latest MacOS 15.4
Signed-off-by: Ihar Hrachyshka <ihar.hrachyshka@gmail.com>
(cherry picked from commit 9674c1f688d12b99fbde26e6068ab62609fef3b1)
---
pkgs/development/web/nodejs/v20.nix | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/pkgs/development/web/nodejs/v20.nix b/pkgs/development/web/nodejs/v20.nix
index b9c9345c441afa..20cceb5b5d1cda 100644
--- a/pkgs/development/web/nodejs/v20.nix
+++ b/pkgs/development/web/nodejs/v20.nix
@@ -50,5 +50,10 @@ buildNodejs {
stripLen = 1;
hash = "sha256-6y3aEqxNC4iTQEv1oewodJrhOHxjp5xZMq1P1QL94Rg=";
})
+ # fix test failure on macos 15.4
+ (fetchpatch2 {
+ url = "https://github.com/nodejs/node/commit/33f6e1ea296cd20366ab94e666b03899a081af94.patch?full_index=1";
+ hash = "sha256-aVBMcQlhQeviUQpMIfC988jjDB2BgYzlMYsq+w16mzU=";
+ })
] ++ gypPatches;
}