commit 5ab224ef8feab7dcff79436f43f322accbb27f9e Author: Dmitriy Date: Tue Aug 27 23:41:02 2019 +0400 init commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..00c04db --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +secret.nix \ No newline at end of file diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..90d8820 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "imports/github/rycee/home-manager"] + path = imports/github/rycee/home-manager + url = https://github.com/rycee/home-manager.git diff --git a/README.md b/README.md new file mode 100644 index 0000000..45bb39a --- /dev/null +++ b/README.md @@ -0,0 +1,10 @@ +NixOS Configurations +======================= + +NixOS is an advanced GNU/Linux distribution featuring declarative configuration and atomic upgrades. You can learn more on [nixos.org](https://nixos.org/nixos/about.html). + +In this repository are the configurations of my NixOS machines. + +You can find the configurations from other people in the [nixos.wiki](https://nixos.wiki/wiki/Configuration_Collection). + +Big Thanks for original config: [balsoft](https://github.com/balsoft/nixos-config)! \ No newline at end of file diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..61e2e2b --- /dev/null +++ b/default.nix @@ -0,0 +1,26 @@ +# This is balsoft's configuration file. +# +# https://github.com/balsoft/nixos-config +# +# This is main nixos configuration +# To use this configuration: +# 1. Add your own secret.nix to this folder +# 2. Replace /etc/nixos/configuration.nix with the following: +# import /path/to/this/nixos-config "Vendor-Type" +# 3. Log in to application and services where neccesary + + +device: # This is the device we're on now +{ config, pkgs, lib, ... }: +{ + imports = + [ + /etc/nixos/hardware-configuration.nix + ./imports/github/rycee/home-manager/nixos + ./modules + ]; + + inherit device; + + system.stateVersion = "19.03"; +} diff --git a/imports/github/rycee/home-manager b/imports/github/rycee/home-manager new file mode 160000 index 0000000..13fa617 --- /dev/null +++ b/imports/github/rycee/home-manager @@ -0,0 +1 @@ +Subproject commit 13fa61744c0c8242446a349cc1e9d6279446db35 diff --git a/modules/applications.nix b/modules/applications.nix new file mode 100644 index 0000000..bf26527 --- /dev/null +++ b/modules/applications.nix @@ -0,0 +1,103 @@ +{ pkgs, config, lib, ... }: +with import ../support.nix { inherit lib config; }; { + options.defaultApplications = lib.mkOption { + type = lib.types.attrs; + description = "Preferred applications"; + }; + config = rec { + defaultApplications = { + term = { + cmd = "${pkgs.xst}/bin/st"; + desktop = "xst"; + }; + editor = { + cmd = "${pkgs.codium}/bin/codium"; + desktop = "codium"; + }; + browser = { + cmd = "${pkgs.vivaldi}/bin/vivaldi"; + desktop = "vivaldi"; + }; + # fm = { + # cmd = "${pkgs.dolphin}/bin/dolphin"; + # desktop = "dolphin"; + # }; + monitor = { + cmd = "${pkgs.xfce4-14.xfce4-taskmanager}/bin/xfce4-taskmanager"; + desktop = "taskmanager"; + }; + # monitor = { + # cmd = "${pkgs.ksysguard}/bin/ksysguard"; + # desktop = "ksysguard"; + # }; + torrent = { + cmd = "${pkgs.qbittorrent}/bin/qbittorrent"; + desktop = "qbittorrent"; + }; + archive = { + cmd = "${pkgs.xarchiver}/bin/xarchiver"; + desktop = "xarchiver"; + }; + # archive = { + # cmd = "${pkgs.ark}/bin/ark"; + # desktop = "org.kde.ark"; + # }; + # mail = { + # cmd = "${pkgs.trojita}/bin/trojita"; + # desktop = "trojita"; + # }; + # text_processor = { + # cmd = "${pkgs.abiword}/bin/abiword"; + # desktop = "abiword"; + # }; + # spreadsheet = { + # cmd = "${pkgs.gnumeric}/bin/gnumeric"; + # desktop = "gnumeric"; + # }; + }; + home-manager.users.balsoft.xdg.configFile."mimeapps.list.home".text = + with config.defaultApplications; + let + apps = builtins.mapAttrs (name: value: "${value.desktop}.desktop;") { + "text/html" = browser; + "image/*" = { desktop = "org.kde.gwenview"; }; + "application/x-bittorrent" = torrent; + "application/zip" = archive; + "application/rar" = archive; + "application/7z" = archive; + "application/*tar" = archive; + "application/x-kdenlive" = archive; + "x-scheme-handler/http" = browser; + "x-scheme-handler/https" = browser; + "x-scheme-handler/about" = browser; + "x-scheme-handler/unknown" = browser; + # "x-scheme-handler/mailto" = mail; + # "application/pdf" = { desktop = "org.kde.okular"; }; + # "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + # text_processor; + # "application/msword" = text_processor; + # "application/vnd.oasis.opendocument.text" = text_processor; + # "text/csv" = spreadsheet; + # "application/vnd.oasis.opendocument.spreadsheet" = spreadsheet; + # This actually makes Emacs an editor for everything... XDG is wierd + "text/plain" = editor; + }; + in genIni { + "Default Applications" = apps; + "Added Associations" = apps; + }; + home-manager.users.alukard.xdg.configFile."filetypesrc".text = genIni { + EmbedSettings = { + "embed-application/*" = false; + "embed-text/*" = false; + "embed-text/plain" = false; + }; + }; + home-manager.users.alukard.home.activation.mimeapps = { + before = []; + after = ["linkGeneration"]; + data = + "$DRY_RUN_CMD cp ~/.config/mimeapps.list.home ~/.config/mimeapps.list"; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..d72f570 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,44 @@ +{ ... }: { + imports = [ + # ./applications/packages.nix + # ./applications/kate.nix + # ./applications/emacs + # ./applications/xst.nix + # ./applications/trojita.nix + # ./applications/firefox.nix + # ./applications/okular.nix + # ./applications/weechat.nix + # ./applications/spectral.nix + # ./workspace/i3blocks + # ./workspace/i3 + # ./workspace/zsh.nix + # ./workspace/gtk.nix + # ./workspace/compton.nix + # ./workspace/misc.nix + # ./workspace/dunst.nix + # ./workspace/kde + # ./workspace/synergy.nix + # ./workspace/ssh.nix + # ./workspace/locale.nix + # ./workspace/fonts.nix + # ./workspace/light.nix + # ./workspace/autorandr.nix + # ./workspace/gcalcli.nix + # ./workspace/rclone.nix + # ./workspace/xresources.nix + ./themes.nix + ./applications.nix + ./secrets.nix + ./devices.nix + # ./packages.nix + ./nix.nix + ./users.nix + ./hardware.nix + ./services.nix + ./power.nix + ./xserver.nix + ./network.nix + ./wireguard.nix + ./filesystems.nix + ]; +} diff --git a/modules/devices.nix b/modules/devices.nix new file mode 100644 index 0000000..f939122 --- /dev/null +++ b/modules/devices.nix @@ -0,0 +1,74 @@ +{ pkgs, lib, config, ... }: +with lib; +with types; { + options = { + device = mkOption { type = strMatching "[A-z]*-[A-z]*"; }; + devices = mkOption { type = attrs; }; + deviceSpecific = mkOption { type = attrs; }; + }; + config = { + deviceSpecific = let + device = config.device; + devInfo = config.devices.${config.device}; + in rec { + isLaptop = (!isNull (builtins.match ".*Laptop" device)); + # smallScreen = (device == "Prestigio-Laptop"); + isShared = devInfo.isShared; + cpu = devInfo.cpu.vendor; + isSSD = devInfo.drive.type == "ssd"; + hostName = if !isNull devInfo.hostName then + devInfo.hostName + else + device; + # goodMachine = devInfo.cpu.clock * devInfo.cpu.cores >= 4000 + # && devInfo.drive.size >= 100 && devInfo.ram + # >= 8; # Whether machine is powerful enough for heavy stuff + isHost = (device == "AMD-Workstation"); + }; + + devices = { + AMD-Workstation = { + cpu = { + vendor = "amd"; + clock = 3800; + cores = 6; + }; + drive = { + type = "ssd"; + size = 250; + }; + ram = 16; + isShared = false; + hostName = "ataraxia-pc"; + }; + PackardBell-Laptop = { + cpu = { + vendor = "intel"; + clock = 2500; + cores = 2; + }; + drive = { + type = "hdd"; + size = 500; + }; + ram = 6; + isShared = true; + hostName = null; + }; + NixOS-VM = { + cpu = { + vendor = "amd"; + clock = 3600; + cores = 2; + }; + drive = { + type = "ssd"; + size = 12; + }; + ram = 4; + isShared = false; + hostName = null; + }; + }; + }; +} diff --git a/modules/filesystems.nix b/modules/filesystems.nix new file mode 100644 index 0000000..6352ab0 --- /dev/null +++ b/modules/filesystems.nix @@ -0,0 +1,17 @@ +{ pkgs, lib, config, ... }: { + fileSystems = { + "/" = { + options = [ "subvol=nixos" "discard" "ssd" "noatime" "compress=zstd" ]; + }; + "/shared" = { + fsType = "vboxsf"; + device = "shared"; + options = [ "rw" "nodev" "relatime" "iocharset=utf8" "uid=1000" "gid=100" "dmode=0770" "fmode=0770" "nofail" ]; + }; + }; + + # mount swap + swapDevices = [ + { label = "swap"; } + ]; +} \ No newline at end of file diff --git a/modules/hardware.nix b/modules/hardware.nix new file mode 100644 index 0000000..fd08232 --- /dev/null +++ b/modules/hardware.nix @@ -0,0 +1,36 @@ +{ pkgs, config, lib, ... }: +with rec { + inherit (config) device devices deviceSpecific; +}; +with deviceSpecific; { + + hardware.cpu.${devices.${device}.cpu.vendor}.updateMicrocode = true; # Update microcode + # hardware.enableRedistributableFirmware = true; # For some unfree drivers + + hardware.opengl.enable = true; + hardware.opengl.driSupport = true; + hardware.opengl.driSupport32Bit = true; # For steam + + hardware.bluetooth.enable = isLaptop; + + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + kernelPackages = if config.virtualisation.virtualbox.guest.enable == false then + pkgs.linuxPackages_latest + else + pkgs.linuxPackages; + supportedFilesystems = [ "ntfs" ]; + extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; + }; + + sound.enable = true; + hardware.pulseaudio = { + enable = true; + # package = pkgs.pulseaudioFull; + support32Bit = true; + # systemWide = true; + }; +} diff --git a/modules/network.nix b/modules/network.nix new file mode 100644 index 0000000..bde7241 --- /dev/null +++ b/modules/network.nix @@ -0,0 +1,24 @@ +{ pkgs, lib, config, ... }: { + networking = { + networkmanager.enable = false; + wireless = { + enable = config.device != "AMD-Workstation"; + # driver = "wext"; + networks.Alukard_5GHz = { + pskRaw = "feee27000fb0d7118d498d4d867416d04d1d9a1a7b5dbdbd888060bbde816fe4"; + priority = 1; + }; + networks.Alukard.pskRaw = + "5ef5fe07c1f062e4653fce9fe138cc952c20e284ae1ca50babf9089b5cba3a5a"; + networks.SladkiySon.pskRaw = + "86b1c8c60d3e99145bfe90e0af9bf552540d34606bb0d00b314f5b5960e46496"; + # interfaces = ["wlan0"]; + userControlled.enable = true; + }; + firewall.enable = false; + # usePredictableInterfaceNames = false; + hostName = config.deviceSpecific.hostName; + }; + # systemd.services.dhcpcd.serviceConfig.Type = lib.mkForce + # "simple"; # TODO Make a PR with this change; forking is not acceptable for dhcpcd. +} diff --git a/modules/nix.nix b/modules/nix.nix new file mode 100644 index 0000000..41499c9 --- /dev/null +++ b/modules/nix.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: { + + nixpkgs.config = { + allowUnfree = true; + }; + nix = { + useSandbox = true; + autoOptimiseStore = config.deviceSpecific.isSSD; + optimise.automatic = true; + }; + environment.systemPackages = with pkgs; [ + xfce4-14.xfce4-taskmanager + ]; +} \ No newline at end of file diff --git a/modules/packages.nix b/modules/packages.nix new file mode 100644 index 0000000..6dd804c --- /dev/null +++ b/modules/packages.nix @@ -0,0 +1,103 @@ +{ pkgs, config, lib, ... }: { + nixpkgs.overlays = [ + (self: old: + { + termNote = + self.callPackage ../imports/github/terodom/termNote/termNote.nix { }; + + nixfmt = self.callPackage ../imports/github/serokell/nixfmt { }; + + lambda-launcher = (import ../imports/github/balsoft/lambda-launcher { + pkgs = old; + }).lambda-launcher; + + tdesktop = old.tdesktop.overrideAttrs (oldAttrs: { + patches = [ + ../imports/github/msva/mva-overlay/net-im/telegram-desktop/files/patches/0/conditional/wide-baloons/0001_baloons-follows-text-width-on-adaptive-layout.patch + ] ++ oldAttrs.patches; + }); + + all-hies = import ../imports/github/Infinisil/all-hies { }; + + mtxclient = old.mtxclient.overrideAttrs (_: rec { + name = "${pname}-${version}"; + pname = "mtxclient"; + version = "0.3.0"; + src = ../imports/github/nheko-reborn/mtxclient; + }); + nheko = old.nheko.overrideAttrs (_: rec { + name = "${pname}-${version}"; + pname = "nheko"; + version = "0.7.0"; + src = ../imports/github/nheko-reborn/nheko; + }); + + nerdfonts = old.stdenv.mkDerivation rec { + name = "RobotoMonoNerd"; + src = old.fetchzip { + url = + "https://github.com/ryanoasis/nerd-fonts/releases/download/v2.0.0/RobotoMono.zip"; + sha256 = + "sha256:1i78fn62x0337p2974dn1nga1pbdi7mqg203h81yi9b79pyxv9bh"; + stripRoot = false; + }; + installPhase = "mkdir -p $out/share/fonts; cp $src/* $out/share/fonts"; + }; + + pythonPackages = old.pythonPackages.override { + overrides = (self: super: { + backports_functools_lru_cache = + super.backports_functools_lru_cache.overrideAttrs + (oldAttrs: oldAttrs // { meta.priority = 1000; }); + }); + }; + } // (if config.device == "Prestigio-Laptop" then { + grub2 = old.pkgsi686Linux.grub2; + } else + { })) + ]; + nixpkgs.pkgs = import ../imports/github/nixos/nixpkgs { + config.allowUnfree = true; + config.android_sdk.accept_license = true; + config.firefox.enablePlasmaBrowserIntegration = true; + } // config.nixpkgs.config; + + systemd.services.setup_root = { + serviceConfig.User = "root"; + script = '' + cat << EOF > /root/id_rsa + ${config.secrets.id_rsa} + EOF + chmod 100 /root/id_rsa + ''; + }; + environment.etc.nixpkgs.source = ../imports/github/nixos/nixpkgs; + nix = rec { + nixPath = lib.mkForce [ + "nixpkgs=/etc/nixpkgs" + "nixos-config=/etc/nixos/configuration.nix" + ]; + binaryCaches = [ + "https://cache.nixos.org" + "http://hydra.typeable.io:5000" + "https://nixcache.reflex-frp.org" + "https://all-hies.cachix.org" + "https://balsoft.ru:5000" + ]; + + trustedBinaryCaches = + (builtins.map (x: "http://${x}:5000") (builtins.attrNames config.devices)) + ++ binaryCaches; + + trustedUsers = [ "root" "balsoft" "@wheel" ]; + + optimise.automatic = true; + + binaryCachePublicKeys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "hydra.example.org-1:3cfw8jj8xtoKkQ2mAQxMFcEv2/fQATA/mjoUUIFxSgo=" + "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" + "all-hies.cachix.org-1:JjrzAOEUsD9ZMt8fdFbzo3jNAyEWlPAwdVuHw4RD43k=" + ]; + }; +} diff --git a/modules/power.nix b/modules/power.nix new file mode 100644 index 0000000..ba43661 --- /dev/null +++ b/modules/power.nix @@ -0,0 +1,55 @@ +{ config, pkgs, lib, ... }: + +with rec { + inherit (config) device devices deviceSpecific; +}; +with deviceSpecific; { + services.udev.extraRules = if isLaptop then + '' + ACTION=="add|change", KERNEL=="sd*[!0-9]|sr*", ATTR{queue/scheduler}="bfq" + ACTION=="change", SUBSYSTEM=="power_supply", ATTR{online}=="0", RUN+="${ + pkgs.systemd + }/bin/systemctl start battery" + ACTION=="change", SUBSYSTEM=="power_supply", ATTR{online}=="1", RUN+="${ + pkgs.systemd + }/bin/systemctl start ac" + ACTION=="add|change", SUBSYSTEM=="backlight", MODE:="0777" + '' + (if device == "ASUS-Laptop" then '' + ACTION=="add|change", SUBSYSTEM=="net", KERNEL=="wlan*" RUN+="${ + pkgs.iw + }/bin/iw dev %k set power_save off" + '' else + "") + else + ""; + systemd.services.battery = { + enable = isLaptop; + description = "Executes commands needed on battery power"; + script = '' + ${ + pkgs.linuxPackages_latest.cpupower + }/bin/cpupower frequency-set -g powersave + ${pkgs.hdparm}/bin/hdparm -B 1 /dev/sda + echo "500" > /sys/class/backlight/*/brightness + ''; + }; + systemd.services.ac = { + enable = isLaptop; + description = "Executes commands needed on ac power"; + script = '' + ${ + pkgs.linuxPackages_latest.cpupower + }/bin/cpupower frequency-set -g performance + ${pkgs.hdparm}/bin/hdparm -B 255 /dev/sda + echo "900" > /sys/class/backlight/*/brightness + ''; + }; + systemd.services.leds_setup = { + enable = (device == "ASUS-Laptop"); + description = "Set up leds triggers"; + wantedBy = ["multi-user.target"]; + script = '' + echo "phy0rx" > /sys/class/leds/asus-wireless\:\:airplane/trigger + ''; + }; +} diff --git a/modules/secrets.nix b/modules/secrets.nix new file mode 100644 index 0000000..1de1e3f --- /dev/null +++ b/modules/secrets.nix @@ -0,0 +1,86 @@ +{ pkgs, config, lib, ... }: +with lib; +with types; +let + mkCredOption = service: extra: + mkOption { + description = "Credentials for ${service}"; + type = nullOr (submodule { + options = { + user = mkOption { + type = string; + description = "Username for ${service}"; + }; + password = mkOption { + type = string; + description = "Password for ${service}"; + }; + } // extra; + }); + }; +in rec { + options.secrets = { + wireguard = mkOption { + type = attrs; + description = "Wireguard conf"; + }; + # owm-key = mkOption { + # type = nullOr string; + # description = "OpenWeatherMap key"; + # }; + # irc = mkCredOption "IRC (konversation)" { }; + # slack-term = mkOption { type = string; }; + # gcal = { + # email = mkOption { type = lib.types.string; }; + # client-id = mkOption { type = lib.types.string; }; + # client-secret = mkOption { type = lib.types.string; }; + # refresh-token = mkOption { type = lib.types.string; }; + # }; + # gmail = mkCredOption "gmail (trojita)" { }; + # gpmusic = mkCredOption "Google Play Music (mopidy)" { + # deviceid = mkOption { + # type = string; + # description = "Android device ID"; + # }; + # }; + # openvpn = mkCredOption "openvpn" {}; + # rclone = mkOption { + # type = nullOr string; + # description = "Rclone config"; + # }; + # id_rsa = mkOption { + # type = nullOr string; + # description = "SSH RSA private key"; + # }; + # matrix = rec { + # shared_secret = mkOption { + # type = nullOr string; + # description = "A shared secret for matrix instance"; + # }; + # cert = mkOption { + # type = nullOr string; + # description = "SSL certificate"; + # }; + # priv = mkOption { + # type = nullOr string; + # description = "SSL RSA private key"; + # }; + # mautrix-whatsapp = { + # config = mkOption { + # type = attrs; + # }; + # registration = mkOption { + # type = attrs; + # }; + # }; + # mautrix-telegram = mautrix-whatsapp; + # }; + }; + config = let + secretnix = import ../secret.nix; + secrets = if isNull secretnix then + mapAttrs (n: v: null) options.secrets + else + secretnix; + in { inherit secrets; }; +} diff --git a/modules/services.nix b/modules/services.nix new file mode 100644 index 0000000..43ead61 --- /dev/null +++ b/modules/services.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: { + + # services.acpid.enable = true; + + # services.mopidy = { + # enable = true; + + # extensionPackages = with pkgs; [ mopidy-gmusic ]; + # configuration = (if (!isNull config.secrets.gpmusic) then '' + # [gmusic] + # username = ${config.secrets.gpmusic.user} + # password = ${config.secrets.gpmusic.password} + # deviceid = ${config.secrets.gpmusic.deviceid} + # bitrate = 128 + # '' else + # "") + '' + # [mpd] + # hostname = 0.0.0.0 + # ''; + # }; + services.earlyoom = { + enable = config.devices.${config.device}.ram < 12; + freeMemThreshold = 5; + freeSwapThreshold = 100; + }; + + services.printing = { + enable = true; + drivers = [ pkgs.gutenprint ]; + }; + programs.dconf.enable = true; + + services.accounts-daemon.enable = true; + services.avahi.enable = true; + + systemd.services.systemd-udev-settle.enable = false; + + services.upower.enable = true; + + virtualisation.docker.enable = config.deviceSpecific.isHost; + virtualisation.virtualbox.host = lib.mkIf config.deviceSpecific.isHost { + enable = true; + # enableHardening = false; + enableExtensionPack = true; + }; + +} diff --git a/modules/themes.nix b/modules/themes.nix new file mode 100644 index 0000000..cb61fef --- /dev/null +++ b/modules/themes.nix @@ -0,0 +1,69 @@ +{ config, lib, pkgs, ... }: +with lib; +let + colorType = types.str; + color = (name: + (mkOption { + description = "${name} color of palette"; + type = colorType; + })); + fromBase16 = { base00, base01, base02, base03, base04, base05, base06, base07 + , base08, base09, base0A, base0B, base0C, base0D, base0E, base0F, ... }: + builtins.mapAttrs (_: v: "#" + v) { + bg = base00; + fg = base07; + + gray = base03; + alt = base02; + dark = base01; + + red = base08; + orange = base09; + yellow = base0A; + green = base0B; + cyan = base0C; + blue = base0D; + purple = base0E; + }; + + fromYAML = yaml: + builtins.fromJSON ( + builtins.readFile ( + pkgs.stdenv.mkDerivation { + name = "fromYAML"; + phases = ["buildPhase"]; + buildPhase = ''echo '${yaml}' | ${pkgs.yaml2json}/bin/yaml2json > $out''; + } + ) + ); +in { + options = { + themes = { + colors = mkOption { + description = + "Set of colors from which the themes for various applications will be generated"; + type = with types; + submodule { + options = { + bg = color "background"; + fg = color "foreground"; + gray = color "gray"; + alt = color "alternative"; + dark = color "darker"; + blue = color "blue"; + green = color "green"; + red = color "red"; + orange = color "orange"; + yellow = color "yellow"; + cyan = color "cyan"; + purple = color "purple"; + }; + }; + }; + }; + }; + config = { + themes.colors = fromBase16 (fromYAML (builtins.readFile + ../imports/github/dawikur/base16-gruvbox-scheme/gruvbox-dark-hard.yaml)); + }; +} diff --git a/modules/users.nix b/modules/users.nix new file mode 100644 index 0000000..7f0b729 --- /dev/null +++ b/modules/users.nix @@ -0,0 +1,39 @@ +{ config, pkgs, lib, ... }: { + # users.defaultUser = "alukard"; + + security.apparmor.enable = true; + programs.firejail.enable = true; + users.mutableUsers = false; + users.users.alukard = { + isNormalUser = true; + extraGroups = [ + "sudo" + "wheel" + "networkmanager" + "disk" + "dbus" + "audio" + "docker" + "sound" + "pulse" + # "adbusers" + "input" + # "libvirtd" + "vboxusers" + # "wireshark" + ]; + description = "Дмитрий Холкин"; + uid = 1000; + hashedPassword = "$6$kDBGyd99tto$9LjQwixa7NYB9Kaey002MD94zHob1MmNbVz9kx3yX6Q4AmVgsFMGUyNuHozXprxyuXHIbOlTcf8nd4rK8MWfI/"; + shell = pkgs.zsh; + }; + # security.sudo = { + # enable = true; + # extraConfig = '' + # balsoft ALL = (root) NOPASSWD: /run/current-system/sw/bin/nixos-rebuild switch + # ''; + # }; + # nix.requireSignedBinaryCaches = false; + + home-manager.useUserPackages = true; +} diff --git a/modules/wireguard.nix b/modules/wireguard.nix new file mode 100644 index 0000000..b501bc8 --- /dev/null +++ b/modules/wireguard.nix @@ -0,0 +1,53 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.secrets.wireguard.${config.device}; +in { + # Enable wireguard + networking.wg-quick.interfaces = lib.mkIf cfg.enable { + wg0 = { + address = [ cfg.address ]; + dns = [ "10.192.122.1" ]; + # TODO change to privateKeyFile + privateKey = cfg.privateKey; + peers = [ + { + allowedIPs = [ "0.0.0.0/0" ]; + publicKey = "AgtgtS3InfOv4UQ+2MNAEMKFqZGhYXNOFmfMdKXIpng="; + endpoint = "51.38.98.116:51820"; + } + ]; + }; + }; + # Enable killswitch + networking.nftables = lib.mkIf cfg.enable { + enable = true; + ruleset = '' + flush ruleset + table inet firewall { + chain input { + type filter hook input priority 0; policy drop; + iif "lo" accept + ct state { established, related } accept + ct state invalid drop + ip protocol icmp icmp type echo-request accept + ip daddr 192.168.0.1/24 accept + reject + } + chain forward { + type filter hook forward priority 0; policy drop; + } + chain output { + type filter hook output priority 0; policy drop; + oifname "lo" accept + oifname "wg0" accept + oifname "docker0" accept + oifname "vboxnet0" accept + oifname "vboxnet1" accept + udp dport domain drop + ip daddr 192.168.0.1/24 accept + udp dport 51820 accept + } + } + ''; + }; +} \ No newline at end of file diff --git a/modules/xserver.nix b/modules/xserver.nix new file mode 100644 index 0000000..c0a9492 --- /dev/null +++ b/modules/xserver.nix @@ -0,0 +1,51 @@ +{ pkgs, lib, config, ... }: +let + cpu = config.deviceSpecific.cpu; + isShared = config.deviceSpecific.isShared; + defaultUser = config.user.defaultUser; +in { + services.xserver = { + enable = true; + # enableTCP = true; + + libinput = { + enable = true; + sendEventsMode = "disabled-on-external-mouse"; + middleEmulation = false; + # naturalScrolling = true; + }; + + videoDrivers = if cpu == "amd" then + ["amdgpu"] + else if cpu == "intel" then + ["intel"] + else + [ ]; + + displayManager.lightdm = { + enable = true; + greeter.enable = isShared; + autoLogin.enable = !isShared; + autoLogin.user = "alukard"; + # autoLogin.user = defaultUser; + }; + + # desktopManager.plasma5.enable = true; + desktopManager.default = "none"; + desktopManager.xterm.enable = false; + + windowManager.i3 = { + enable = true; + package = pkgs.i3-gaps; + }; + windowManager.default = "i3"; + + layout = "us,ru"; + xkbOptions = "grp:win_space_toggle"; + }; + + environment.systemPackages = if cpu == "amd" then + [ (pkgs.mesa.override { enableRadv = true; }) ] + else + [ ]; +} diff --git a/support.nix b/support.nix new file mode 100644 index 0000000..7bbb199 --- /dev/null +++ b/support.nix @@ -0,0 +1,50 @@ +{ lib, config, ... }: rec { + genIni = lib.generators.toINI { + mkKeyValue = key: value: + let + mvalue = if builtins.isBool value then + (if value then "true" else "false") + else if (builtins.isString value && key != "include-file") then + value + else + builtins.toString value; + in "${key}=${mvalue}"; + }; + thm = config.themes.colors; + splitHex = hexStr: + map (x: builtins.elemAt x 0) (builtins.filter (a: a != "" && a != [ ]) + (builtins.split "(.{2})" (builtins.substring 1 6 hexStr))); + hex2decDigits = rec { + "0" = 0; + "1" = 1; + "2" = 2; + "3" = 3; + "4" = 4; + "5" = 5; + "6" = 6; + "7" = 7; + "8" = 8; + "9" = 9; + "a" = 10; + "b" = 11; + "c" = 12; + "d" = 13; + "e" = 14; + "f" = 15; + A = a; + B = b; + C = c; + D = d; + E = e; + F = f; + }; + + doubleDigitHexToDec = hex: + 16 * hex2decDigits."${builtins.substring 0 1 hex}" + + hex2decDigits."${builtins.substring 1 2 hex}"; + thmDec = builtins.mapAttrs (name: color: colorHex2Dec color) thm; + colorHex2Dec = color: + builtins.concatStringsSep "," + (map (x: toString (doubleDigitHexToDec x)) (splitHex color)); + +}