commit 9a935f8431beb5cdbf2d229f33657b98363e8b30 Author: Chris Kruining Date: Mon Jul 15 16:20:16 2024 +0200 initial commit diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..1caad86 --- /dev/null +++ b/flake.lock @@ -0,0 +1,277 @@ +{ + "nodes": { + "base16": { + "inputs": { + "fromYaml": "fromYaml" + }, + "locked": { + "lastModified": 1708890466, + "narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=", + "owner": "SenchoPens", + "repo": "base16.nix", + "rev": "665b3c6748534eb766c777298721cece9453fdae", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "base16.nix", + "type": "github" + } + }, + "base16-fish": { + "flake": false, + "locked": { + "lastModified": 1622559957, + "narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", + "owner": "tomyun", + "repo": "base16-fish", + "rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", + "type": "github" + }, + "original": { + "owner": "tomyun", + "repo": "base16-fish", + "type": "github" + } + }, + "base16-foot": { + "flake": false, + "locked": { + "lastModified": 1696725948, + "narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=", + "owner": "tinted-theming", + "repo": "base16-foot", + "rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-foot", + "type": "github" + } + }, + "base16-helix": { + "flake": false, + "locked": { + "lastModified": 1696727917, + "narHash": "sha256-FVrbPk+NtMra0jtlC5oxyNchbm8FosmvXIatkRbYy1g=", + "owner": "tinted-theming", + "repo": "base16-helix", + "rev": "dbe1480d99fe80f08df7970e471fac24c05f2ddb", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-helix", + "type": "github" + } + }, + "base16-kitty": { + "flake": false, + "locked": { + "lastModified": 1665001328, + "narHash": "sha256-aRaizTYPpuWEcvoYE9U+YRX+Wsc8+iG0guQJbvxEdJY=", + "owner": "kdrag0n", + "repo": "base16-kitty", + "rev": "06bb401fa9a0ffb84365905ffbb959ae5bf40805", + "type": "github" + }, + "original": { + "owner": "kdrag0n", + "repo": "base16-kitty", + "type": "github" + } + }, + "base16-tmux": { + "flake": false, + "locked": { + "lastModified": 1696725902, + "narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=", + "owner": "tinted-theming", + "repo": "base16-tmux", + "rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-tmux", + "type": "github" + } + }, + "base16-vim": { + "flake": false, + "locked": { + "lastModified": 1663659192, + "narHash": "sha256-uJvaYYDMXvoo0fhBZUhN8WBXeJ87SRgof6GEK2efFT0=", + "owner": "chriskempson", + "repo": "base16-vim", + "rev": "3be3cd82cd31acfcab9a41bad853d9c68d30478d", + "type": "github" + }, + "original": { + "owner": "chriskempson", + "repo": "base16-vim", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "fromYaml": { + "flake": false, + "locked": { + "lastModified": 1689549921, + "narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=", + "owner": "SenchoPens", + "repo": "fromYaml", + "rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84", + "type": "github" + }, + "original": { + "owner": "SenchoPens", + "repo": "fromYaml", + "type": "github" + } + }, + "gnome-shell": { + "flake": false, + "locked": { + "lastModified": 1713702291, + "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=", + "owner": "GNOME", + "repo": "gnome-shell", + "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934", + "type": "github" + }, + "original": { + "owner": "GNOME", + "ref": "46.1", + "repo": "gnome-shell", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714900398, + "narHash": "sha256-H7XYHpjk1G6dkA3AnbYrKtaTFjcCE7ul6nUVlVQxtsA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "fdaaf543bad047639ef0b356ea2e6caec2f1215c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "stylix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1714981474, + "narHash": "sha256-b3/U21CJjCjJKmA9WqUbZGZgCvospO3ArOUTgJugkOY=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "6ebe7be2e67be7b9b54d61ce5704f6fb466c536f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1714763106, + "narHash": "sha256-DrDHo74uTycfpAF+/qxZAMlP/Cpe04BVioJb6fdI0YY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "e9be42459999a253a9f92559b1f5b72e1b44c13d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1714912032, + "narHash": "sha256-clkcOIkg8G4xuJh+1onLG4HPMpbtzdLv4rHxFzgsH9c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ee4a6e0f566fe5ec79968c57a9c2c3c25f2cf41d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "stylix": "stylix" + } + }, + "stylix": { + "inputs": { + "base16": "base16", + "base16-fish": "base16-fish", + "base16-foot": "base16-foot", + "base16-helix": "base16-helix", + "base16-kitty": "base16-kitty", + "base16-tmux": "base16-tmux", + "base16-vim": "base16-vim", + "flake-compat": "flake-compat", + "gnome-shell": "gnome-shell", + "home-manager": "home-manager_2", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1716037261, + "narHash": "sha256-eF0A36GdegKkEiwFArjCysGU/XEYvzj7x5jfkFMtmqM=", + "owner": "danth", + "repo": "stylix", + "rev": "76e7daf5a16d442ac98e844582f7dc1354610886", + "type": "github" + }, + "original": { + "owner": "danth", + "repo": "stylix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..df3a4b2 --- /dev/null +++ b/flake.nix @@ -0,0 +1,28 @@ +{ + description = "Nixos config flake"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + stylix.url = "github:danth/stylix"; + }; + + outputs = { self, nixpkgs, ... }@inputs: { + nixosConfigurations = { + default = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs;}; + modules = [ + ./hosts/default/configuration.nix + inputs.home-manager.nixosModules.default + inputs.stylix.nixosModules.stylix + ]; + }; + + }; + }; +} diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix new file mode 100644 index 0000000..38bcccb --- /dev/null +++ b/hosts/default/configuration.nix @@ -0,0 +1,177 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, inputs, ... }: + +{ + imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ../../modules/programs/security.nix + ../../modules/programs/theme.nix + ../../modules/programs/shell.nix + ../../modules/programs/gaming.nix + ../../modules/programs/harden.nix + ../../modules/programs/communication.nix + ../../modules/programs/office.nix + ../../modules/programs/desktop.nix + inputs.home-manager.nixosModules.default + ]; + + nixpkgs.config = { + allowUnfree = true; + }; + + # Use the GRUB 2 boot loader. +# boot.loader.grub.enable = true; + boot.loader.systemd-boot.enable = true; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + +# fileSystems."/home/chris/games" = { +# device = "/dev/disk/by-label/Games"; +# fsType = "ntfs-3g"; +# options = [ "rw" "uid=chris" ]; +# }; + + fileSystems."/home/chris/new_games" = { + device = "/dev/disk/by-label/games"; + fsType = "ext4"; +# options = [ "rw" "uid=chris" ]; + }; + + fileSystems."/home/chris/data" = { + device = "/dev/disk/by-label/Data"; + fsType = "ntfs-3g"; + options = [ "rw" "uid=chris" ]; + }; + + networking.hostName = "chris-pc"; + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + # Set your time zone. + time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + + # Enable the Plasma 5 Desktop Environment. + services.displayManager = { + sddm = { + enable = true; + wayland.enable = true; + }; + autoLogin = { + enable = true; + user = "chris"; + }; + }; +# services.xserver.desktopManager.plasma5.enable = true; + services.desktopManager.plasma6.enable = true; + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + sound.enable = true; +# hardware.pulseaudio.enable = true; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.chris = { + isNormalUser = true; + extraGroups = [ "wheel" "audio" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; []; + }; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { inherit inputs; }; + backupFileExtension = "backup"; + users = { + chris.imports = [ ../../users/chris.nix ]; +# root.imports = [ ../../users/root.nix ]; + }; + }; + + environment.systemPackages = with pkgs; [ + neovim + wget + chromium + thunderbird + zoxide + bottles + atuin + btop + dust + bat + tldr + eza + nextcloud-client + ]; + + # session variable for chrome/electron wayland + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + + systemd.services.numLockOnTty = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = lib.mkForce (pkgs.writeShellScript "numLockOnTty" '' + for tty in /dev/tty{1..6}; do + ${pkgs.kbd}/bin/setleds -D +num < "$tty"; + done + ''); + }; + }; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? + +} + diff --git a/hosts/default/hardware-configuration.nix b/hosts/default/hardware-configuration.nix new file mode 100644 index 0000000..656bb4c --- /dev/null +++ b/hosts/default/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8c4eaf57-fdb2-4c4c-bcc0-74e85a1c7985"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/C842-316A"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/0ddf001a-5679-482e-b254-04a1b9094794"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/common/qbittorrent.nix b/modules/common/qbittorrent.nix new file mode 100644 index 0000000..52785c3 --- /dev/null +++ b/modules/common/qbittorrent.nix @@ -0,0 +1,123 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.qbittorrent; + UID = 888; + GID = 888; +in +{ + options.services.qbittorrent = { + enable = mkEnableOption (lib.mdDoc "qBittorrent headless"); + + dataDir = mkOption { + type = types.path; + default = "/var/lib/qbittorrent"; + description = lib.mdDoc '' + The directory where qBittorrent stores its data files. + ''; + }; + + user = mkOption { + type = types.str; + default = "qbittorrent"; + description = lib.mdDoc '' + User account under which qBittorrent runs. + ''; + }; + + group = mkOption { + type = types.str; + default = "qbittorrent"; + description = lib.mdDoc '' + Group under which qBittorrent runs. + ''; + }; + + port = mkOption { + type = types.port; + default = 8080; + description = lib.mdDoc '' + qBittorrent web UI port. + ''; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Open services.qBittorrent.port to the outside network. + ''; + }; + + package = mkOption { + type = types.package; + default = pkgs.qbittorrent-nox; + defaultText = literalExpression "pkgs.qbittorrent-nox"; + description = lib.mdDoc '' + The qbittorrent package to use. + ''; + }; + }; + + config = mkIf cfg.enable { + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.port ]; + }; + + systemd.services.qbittorrent = { + # based on the plex.nix service module and + # https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in + description = "qBittorrent-nox service"; + documentation = [ "man:qbittorrent-nox(1)" ]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + + # Run the pre-start script with full permissions (the "!" prefix) so it + # can create the data directory if necessary. + ExecStartPre = let + preStartScript = pkgs.writeScript "qbittorrent-run-prestart" '' + #!${pkgs.bash}/bin/bash + + # Create data directory if it doesn't exist + if ! test -d "$QBT_PROFILE"; then + echo "Creating initial qBittorrent data directory in: $QBT_PROFILE" + install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$QBT_PROFILE" + fi + ''; + in + "!${preStartScript}"; + + #ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; + ExecStart = "${cfg.package}/bin/qbittorrent-nox"; + # To prevent "Quit & shutdown daemon" from working; we want systemd to + # manage it! + #Restart = "on-success"; + #UMask = "0002"; + #LimitNOFILE = cfg.openFilesLimit; + }; + + environment = { + QBT_PROFILE=cfg.dataDir; + QBT_WEBUI_PORT=toString cfg.port; + }; + }; + + users.users = mkIf (cfg.user == "qbittorrent") { + qbittorrent = { + group = cfg.group; + uid = UID; + }; + }; + + users.groups = mkIf (cfg.group == "qbittorrent") { + qbittorrent = { gid = GID; }; + }; + }; +} diff --git a/modules/home-manager/desktop.nix b/modules/home-manager/desktop.nix new file mode 100644 index 0000000..7772bc0 --- /dev/null +++ b/modules/home-manager/desktop.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + services = { + kdeconnect = { + enable = true; + package = pkgs.kdePackages.kdeconnect-kde; + }; + }; +} diff --git a/modules/home-manager/gpg.nix b/modules/home-manager/gpg.nix new file mode 100644 index 0000000..598e71d --- /dev/null +++ b/modules/home-manager/gpg.nix @@ -0,0 +1,17 @@ +{ home, pkgs, ... }: +{ + home.packages = with pkgs; [ + gnupg + ]; + + home.file = { + ".gnupg/gpg-agent.conf".text = '' + default-cache-ttl 34560000 + max-cache-ttl 34560000 + allow-loopback-pinentry + ''; + ".gnupg/gpg.conf".text = '' + pinentry-mode loopback + ''; + }; +} diff --git a/modules/home-manager/terminals/default.nix b/modules/home-manager/terminals/default.nix new file mode 100644 index 0000000..aa08a17 --- /dev/null +++ b/modules/home-manager/terminals/default.nix @@ -0,0 +1,163 @@ +{ pkgs, config, ... }: +{ +# environment.systemPackages = with pkgs; [ +# zsh +# starship +# ]; + +# users.defaultUserShell = pkgs.zsh; + + fonts.fontconfig.enable = true; + + home.packages = [ + (pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; }) + ]; + + home.sessionVariables._ZO_ECHO = "1"; + + programs = { + git = { + enable = true; + extraConfig = { + push = { autoSetupRemote = true; }; + credential.helper = "${ pkgs.git.override { withLibsecret = true; } }/bin/git-credential-libsecret"; + }; + }; + + zsh = { + enable = true; + autosuggestion.enable = true; + enableCompletion = true; + syntaxHighlighting.enable = true; + + shellAliases = { + rebuild = "nixos-rebuild switch --flake /etc/nixos#default"; + }; + + history = { + size = 10000; + path = "${config.xdg.dataHome}/zsh/history"; + }; + + envExtra = '' + export SOME_ZSH_VARIABLE="something" + ''; + + oh-my-zsh = { + enable = true; + plugins = ["git" "docker-compose" "zoxide"]; + }; + + plugins = [ + { + name = "zsh-autosuggestion"; + src = pkgs.fetchFromGitHub { + owner = "zsh-users"; + repo = "zsh-autosuggestions"; + rev = "v0.7.0"; + sha256 = "1g3pij5qn2j7v7jjac2a63lxd97mcsgw6xq6k5p7835q9fjiid98"; + }; + } + { + name = "zsh-completions"; + src = pkgs.fetchFromGitHub { + owner = "zsh-users"; + repo = "zsh-completions"; + rev = "0.34.0"; + sha256 = "0jjgvzj3v31yibjmq50s80s3sqi4d91yin45pvn3fpnihcrinam9"; + }; + } + { + name = "zsh-syntax-highlighting"; + src = pkgs.fetchFromGitHub { + owner = "zsh-users"; + repo = "zsh-syntax-highlighting"; + rev = "0.7.0"; + sha256 = "0s1z3whzwli5452h2yzjzzj27pf1hd45g223yv0v6hgrip9f853r"; + }; + } + ]; + }; + + bat.enable = true; + zoxide.enable = true; + fzf.enable = true; + eza = { + enable = true; + enableZshIntegration = true; + }; + + starship = { + enable = true; + enableZshIntegration = true; + settings = { + add_newline = true; + format = "$username$hostname$nix_shell$git_branch$git_commit$git_state$git_status$directory$jobs$cmd_duration$character"; + + username = { + style_user = "blue bold"; + style_root = "red bold"; + format = "[$user]($style) "; + disabled = false; + show_always = true; + }; + + hostname = { + ssh_only = false; + ssh_symbol = "🌐 "; + format = "on [$hostname](bold red) "; + trim_at = ".local"; + disabled = false; + }; + + nix_shell = { + symbol = " "; + format = "[$symbol$name]($style) "; + style = "bright-purple bold"; + }; + + git_branch = { + only_attached = true; + format = "[$symbol$branch]($style) "; + symbol = "שׂ"; + style = "bright-yellow bold"; + }; + + git_commit = { + only_detached = true; + format = "[ﰖ$hash]($style) "; + style = "bright-yellow bold"; + }; + + git_state = { + style = "bright-purple bold"; + }; + + git_status = { + style = "bright-green bold"; + }; + + directory = { + read_only = " "; + truncation_length = 0; + }; + + cmd_duration = { + format = "[$duration]($style) "; + style = "bright-blue"; + }; + + jobs = { + style = "bright-green bold"; + }; + + character = { + success_symbol = "[\\$](bright-green bold)"; + error_symbol = "[\\$](bright-red bold)"; + }; + }; + }; + + }; +} + diff --git a/modules/programs/communication.nix b/modules/programs/communication.nix new file mode 100644 index 0000000..e7943cd --- /dev/null +++ b/modules/programs/communication.nix @@ -0,0 +1,19 @@ +{ pkgs, config, ... }: +{ + environment.systemPackages = with pkgs; [ + discord + webcord + teamspeak_client + ]; + +# config.xdg.desktopEntries.discord = { +# name = "Discord"; +# genericName = "All-in-one cross-platform voice and text chat for gamers"; +# exec = "Discord --in-process-gpu --use-gl=desktop"; +# icon = "Discord"; +# categories = [ "Network" "InstantMessaging" ]; +# settings = { +# version = "1.4"; +# }; +# }; +} diff --git a/modules/programs/desktop.nix b/modules/programs/desktop.nix new file mode 100644 index 0000000..47769b6 --- /dev/null +++ b/modules/programs/desktop.nix @@ -0,0 +1,6 @@ +{ config, pkgs, options, ... }: +{ + environment.systemPackages = with pkgs; [ + ladybird + ]; +} diff --git a/modules/programs/gaming.nix b/modules/programs/gaming.nix new file mode 100644 index 0000000..2cabaf5 --- /dev/null +++ b/modules/programs/gaming.nix @@ -0,0 +1,51 @@ +{ config, pkgs, ... }: +{ + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + + # Nvidia + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia = { + modesetting.enable = true; + open = true; + nvidiaSettings = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + + powerManagement = { + enable = true; + finegrained = false; + }; + + #prime = { + # sync.enable = true; + + # Integrated + # interBusId = "PCI:0:0:0"; + + # Dedicated + # nvidiaBusId = "PCI:2:0:0"; + #}; + }; + + # Steam + programs.steam = { + enable = true; + gamescopeSession.enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; + + environment.systemPackages = with pkgs; [ + #mangohud + protonup + ]; + + environment.sessionVariables = { + STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/chris/.steam/root/compatibilitytools.d"; + }; + + programs.gamemode.enable = true; +} diff --git a/modules/programs/harden.nix b/modules/programs/harden.nix new file mode 100644 index 0000000..3188581 --- /dev/null +++ b/modules/programs/harden.nix @@ -0,0 +1,10 @@ +{ config, user, sensitive, lib, ... }: { + networking.firewall.enable = true; + +# security.sudo.execWheelOnly = true; +# security.auditd.enable = true; +# security.audit.enable = !config.boot.isContainer; + + # PGP set up. + programs.gnupg.agent.enable = true; +} diff --git a/modules/programs/media.nix b/modules/programs/media.nix new file mode 100644 index 0000000..b621a6c --- /dev/null +++ b/modules/programs/media.nix @@ -0,0 +1,162 @@ +{ config, pkgs, lib, sensitive, ... }: +{ + imports = [ + ../common/qbittorrent.nix + ]; + + environment.systemPackages = with pkgs; [ + podman-tui + jellyfin + jellyseerr + mediainfo + authelia + ]; + + users = { + groups = { + "jellyfin" = {}; + }; + users = { + "sonarr".extraGroups = [ "jellyfin" ]; + "radarr".extraGroups = [ "jellyfin" ]; + }; + }; + + services = { + jellyfin = { + enable = true; + openFirewall = true; + group = "jellyfin"; + }; + + radarr = { + enable = true; + openFirewall = true; + group = "jellyfin"; + }; + + sonarr = { + enable = true; + openFirewall = true; + group = "jellyfin"; + }; + + bazarr = { + enable = true; + openFirewall = true; + group = "jellyfin"; + }; + + lidarr = { + enable = true; + openFirewall = true; + group = "jellyfin"; + }; + + jellyseerr = { + enable = true; + openFirewall = true; + }; + + prowlarr = { + enable = true; + openFirewall = true; + }; + + qbittorrent = { + enable = true; + openFirewall = true; + dataDir = "/var/media/qbittorrent"; + port = 58080; + + user = "qbittorrent"; + group = "jellyfin"; + }; + + sabnzbd = { + enable = true; + openFirewall = true; + configFile = "/var/media/sabnzbd/config.ini"; + + user = "sabnzbd"; + group = "jellyfin"; + }; + +# authelia = { +# enable = true; +# }; + + caddy = { + enable = true; + virtualHosts = { +# "movies.kruining.eu".extraConfig = '' +# reverse_proxy http://127.0.0.1:8989 +# ''; +# "series.kruining.eu".extraConfig = '' +# reverse_proxy http://127.0.0.1:7878 +# ''; + "http://media.kruining.eu".extraConfig = '' + basicauth { + chris $2a$12$JrsmxrEJj2wLMdcFmEHbWeMJF9gWH/fnE/1Zv67cKvBtq4E4xsSEe + } + reverse_proxy http://127.0.0.1:9494 + ''; + "https://media.kruining.eu".extraConfig = '' + basicauth { + chris $2a$12$JrsmxrEJj2wLMdcFmEHbWeMJF9gWH/fnE/1Zv67cKvBtq4E4xsSEe + } + reverse_proxy http://127.0.0.1:9494 + ''; + }; + }; + }; + + virtualisation = { + containers.enable = true; + + podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; + }; + + oci-containers = { + backend = "podman"; + + containers = { + flaresolverr = { + image = "flaresolverr/flaresolverr"; + autoStart = true; + ports = [ "127.0.0.1:8191:8191" ]; + }; + + homarr = { + image = "ghcr.io/ajnart/homarr:latest"; + autoStart = true; + ports = [ "127.0.0.1:7575:7575" ]; + }; + + reiverr = { + image = "ghcr.io/aleksilassila/reiverr:v2.0.0-alpha.5"; + autoStart = true; + ports = [ "127.0.0.1:9494:9494" ]; + volumes = [ "/var/media/reiverr/config:/config" ]; + }; + }; + }; + }; + + # Config file for nabnzbd +# environment.etc."nabnzbd.ini" = { +# mode = "0775" +# text = '' +# host = 127.0.0.1 +# port = 9595 +# ''; +# }; + + # Open firewall for caddy + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + systemd.services.jellyfin.serviceConfig.killSignal = lib.mkForce "SIGKILL"; +} diff --git a/modules/programs/nextcloud.nix b/modules/programs/nextcloud.nix new file mode 100644 index 0000000..2324ccc --- /dev/null +++ b/modules/programs/nextcloud.nix @@ -0,0 +1,27 @@ +{ pkgs, config, ... }: +{ + imports = [ + "${fetchTarball { + url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz"; + sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";}}/nextcloud-extras.nix" + ]; + + environment.etc."nextcloud-admin-pass".text = "KaasIsAwesome!"; + + services.nextcloud = { + enable = true; + https = true; + package = pkgs.nextcloud29; + hostName = "localhost"; + webserver = "caddy"; + config = { + adminpassFile = "/etc/nextcloud-admin-pass"; + dbtype = "sqlite"; + }; + +# extraApps = { +# inherit (config.services.nextcloud.package.packages.apps) contacts calendar; +# }; +# extraAppsEnable = true; + }; +} diff --git a/modules/programs/nvidia.nix b/modules/programs/nvidia.nix new file mode 100644 index 0000000..e69de29 diff --git a/modules/programs/office.nix b/modules/programs/office.nix new file mode 100644 index 0000000..41e37b0 --- /dev/null +++ b/modules/programs/office.nix @@ -0,0 +1,13 @@ +{ pkgs, lib, ... }: +{ + environment.systemPackages = with pkgs; [ + onlyoffice-bin + ]; + + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ "corefonts" ]; + + fonts.packages = with pkgs; [ + corefonts + ]; +} diff --git a/modules/programs/security.nix b/modules/programs/security.nix new file mode 100644 index 0000000..51ee3e7 --- /dev/null +++ b/modules/programs/security.nix @@ -0,0 +1,12 @@ +{ pkgs, security, ... }: +{ + environment.systemPackages = with pkgs; [ + kdePackages.kwallet-pam + bitwarden + ]; + + security.pam.services.kwallet = { + name = "kwallet"; + enableKwallet = true; + }; +} diff --git a/modules/programs/shell.nix b/modules/programs/shell.nix new file mode 100644 index 0000000..111ab4e --- /dev/null +++ b/modules/programs/shell.nix @@ -0,0 +1,38 @@ +{ pkgs, config, ... }: +{ + environment.systemPackages = with pkgs; [ + git + gitkraken + zsh + bat + zoxide + eza + starship + alacritty + zed-editor + corepack_22 + bun + ]; + + users.defaultUserShell = pkgs.zsh; + + fonts = { + fontconfig.enable = true; + packages = with pkgs; [ + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + liberation_ttf + fira-code + fira-code-symbols + mplus-outline-fonts.githubRelease + dina-font + proggyfonts + (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" ]; }) + ]; + }; + + programs.zsh.enable = true; + programs.starship.enable = true; +} + diff --git a/modules/programs/shell/rust.nix b/modules/programs/shell/rust.nix new file mode 100644 index 0000000..a12e7e0 --- /dev/null +++ b/modules/programs/shell/rust.nix @@ -0,0 +1,40 @@ +{ pkgs ? import {} }: +let + overrides = (builtins.fromTOML (builtins.readFile ./rust-toolchain.toml)); + libPath = with pkgs; lib.makeLibraryPath []; + +in +{ + pkgs.mkShell rec { + buildInputs = with pkgs; [ + clang + llvmPackages.bintools + rustup + ]: + + RUSTC_VERSION = overrides.toolchain.channel + LIBCLANG_PATH = pkgs.lib.makeLibraryPath [ pkgs.llvmPackages_latest.libclang.lib ]; + shellHook = '' + export PATH=$PATH:''${CARGO_HOME:-~/.cargo}/bin + export PATH=$PATH:''${RUSTUP_HOME:-~/.rustup}/toolchains/$RUSTC_VERSION-x86_64-unknown-linux-gnu/bin/ + ''; + # Add precompiled library to rustc search path + RUSTFLAGS = (builtins.map (a: ''-L ${a}/lib'') [ + # add libraries here (e.g. pkgs.libvmi) + ]); + LD_LIBRARY_PATH = libPath; + # Add glibc, clang, glib, and other headers to bindgen search path + BINDGEN_EXTRA_CLANG_ARGS = + # Includes normal include path + (builtins.map (a: ''-I"${a}/include"'') [ + # add dev libraries here (e.g. pkgs.libvmi.dev) + pkgs.glibc.dev + ]) + # Includes with special directory paths + ++ [ + ''-I"${pkgs.llvmPackages_latest.libclang.lib}/lib/clang/${pkgs.llvmPackages_latest.libclang.version}/include"'' + ''-I"${pkgs.glib.dev}/include/glib-2.0"'' + ''-I${pkgs.glib.out}/lib/glib-2.0/include/'' + ]; + }; +} diff --git a/modules/programs/theme.nix b/modules/programs/theme.nix new file mode 100644 index 0000000..b12f92b --- /dev/null +++ b/modules/programs/theme.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: +{ + stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/everforest.yaml"; + stylix.image = ./wallpaper.jpg; +} diff --git a/modules/programs/wallpaper.jpg b/modules/programs/wallpaper.jpg new file mode 100644 index 0000000..3f5ee7b Binary files /dev/null and b/modules/programs/wallpaper.jpg differ diff --git a/ssh/server b/ssh/server new file mode 100644 index 0000000..59cc1ce --- /dev/null +++ b/ssh/server @@ -0,0 +1,7 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW +QyNTUxOQAAACC3ZNPLQnZnaEFOhHgOfWZz6blXsxQZSZl1T4ZFJn3gWwAAAJDtFyAB7Rcg +AQAAAAtzc2gtZWQyNTUxOQAAACC3ZNPLQnZnaEFOhHgOfWZz6blXsxQZSZl1T4ZFJn3gWw +AAAEDi4rTcY08810d2512b6IN9/O5618CfabqoG22OyF/HIbdk08tCdmdoQU6EeA59ZnPp +uVezFBlJmXVPhkUmfeBbAAAADXJvb3RAY2hyaXMtcGM= +-----END OPENSSH PRIVATE KEY----- diff --git a/ssh/server.pub b/ssh/server.pub new file mode 100644 index 0000000..82ec806 --- /dev/null +++ b/ssh/server.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdk08tCdmdoQU6EeA59ZnPpuVezFBlJmXVPhkUmfeBb root@chris-pc diff --git a/systems/x86_64-linux/hostname/default.nix b/systems/x86_64-linux/hostname/default.nix new file mode 100644 index 0000000..e69de29 diff --git a/systems/x86_64-linux/hostname/hardware-config.nix b/systems/x86_64-linux/hostname/hardware-config.nix new file mode 100644 index 0000000..e69de29 diff --git a/users/chris.nix b/users/chris.nix new file mode 100644 index 0000000..792bd43 --- /dev/null +++ b/users/chris.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: +{ + home = { + username = "chris"; + homeDirectory = "/home/chris"; + stateVersion = "23.11"; # DO NOT CHANGE + + packages = [ + ]; + + file = { + }; + + sessionVariables = { + EDITOR = "nvim"; + }; + }; + + imports = [ + ../modules/home-manager/gpg.nix + ../modules/home-manager/desktop.nix + ../modules/home-manager/terminals/default.nix + ]; + + programs = { + home-manager.enable = true; + + git = { + enable = true; + userName = "Chris Kruining"; + userEmail = "chris@kruining.eu"; + + ignores = [ "*~" "*.swp" ]; + aliases = { + ci = "commit"; + }; + extraConfig = {}; + }; + + lazygit.enable = true; + }; +} diff --git a/users/root.nix b/users/root.nix new file mode 100644 index 0000000..5818288 --- /dev/null +++ b/users/root.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: +{ + home = { + username = "root"; + homeDirectory = "/home/root"; + stateVersion = "23.11"; # DO NOT CHANGE + + packages = [ + ]; + + file = { + }; + + sessionVariables = { + EDITOR = "nvim"; + }; + }; + + imports = [ + ../modules/home-manager/gpg.nix + ../modules/home-manager/desktop.nix + ../modules/home-manager/terminals/default.nix + ]; + + programs = { + home-manager.enable = true; + + git = { + enable = true; + userName = "Chris Kruining"; + userEmail = "chris@kruining.eu"; + + ignores = [ "*~" "*.swp" ]; + aliases = { + ci = "commit"; + }; + extraConfig = {}; + }; + + lazygit.enable = true; + }; +}