Nix
/
nix-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Nix:dd35e66698d9294747a0ea229665abb592428b4e
Branches Tags
Nix:master
...
compare: Nix:5dafbc3a24a3f95529505ed9a47579b1c69faa8b
Branches Tags
Nix:master

14 Commits
dd35e66698 ... 5dafbc3a24

Author SHA1 Message Date
madmin 5dafbc3a24 feat(systems,home / core): add firejail & fail2ban configs 2024-08-28 19:36:59 +02:00
madmin 9330e70fec feat(systems/core): automatic module importing 2024-08-27 11:39:15 +02:00
madmin 05debb70d5 feat(jeroboam machine home config): add quicker mapping of optional packages 2024-08-27 11:37:21 +02:00
madmin b92bb6c825 feat(pkgs): buildGoModule geteduroam 2024-08-27 10:45:50 +02:00
madmin 9415a96326 updating inputs 2024-08-27 10:45:09 +02:00
madmin 2a2f801c7a feat(systems/optional):add wireguard config 2024-08-27 10:33:26 +02:00
madmin 2bac451b2a clean(laozi/core, laozi/optional): add nmap to core, transfer du-dust, nerdfetch to optional/system 2024-08-13 20:04:30 +02:00
madmin 044c8acb0a feat(laozi/jeroboam): implement import modularization 2024-08-13 20:01:52 +02:00
madmin f30698675c refactor(home/laozi/jeroboam):add custom Prefix concat function to machineWq 2024-08-11 14:21:28 +02:00
madmin 3c6700b030 feat(lib): add function the concatenates paths with a prefix to a list 2024-08-11 14:14:40 +02:00
madmin 17ef59c359 fix(home/optional):add default to desktop packages 2024-08-09 11:09:20 +02:00
madmin f7754dece3 refactor(systems, home): refactor defaults, packages 2024-08-09 11:08:15 +02:00
madmin 1388363d10 feat(systems/core): locale settings change to de 2024-08-09 11:04:04 +02:00
madmin b86fa030ec feat(systems/optional/services; vars): add vars/networking, add openssh 2024-08-09 10:53:24 +02:00
22 changed files with 689 additions and 120 deletions
Show Stats Expand all files Collapse all files

388
flake.lock
View File

@ -1,5 +1,26 @@
{
"nodes": {
"arkenfox": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"pre-commit": "pre-commit"
},
"locked": {
"lastModified": 1721720317,
"narHash": "sha256-KH0ILX8EGa/A4Bgc6DtsbviG8qaLrzDDV1m1bIXJ+pw=",
"owner": "dwarfmaster",
"repo": "arkenfox-nixos",
"rev": "92c9a287b7b98198c3ba5cdfc90218402e49c4b3",
"type": "github"
},
"original": {
"owner": "dwarfmaster",
"repo": "arkenfox-nixos",
"type": "github"
}
},
"base16": {
"inputs": {
"fromYaml": "fromYaml"
@ -132,18 +153,17 @@
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717408969,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"owner": "numtide",
"repo": "devshell",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"type": "github"
},
"original": {
@ -159,11 +179,11 @@
]
},
"locked": {
"lastModified": 1718242063,
"narHash": "sha256-n3AWItJ4a94GT0cray/eUV7tt3mulQ52L+lWJN9d1E8=",
"lastModified": 1724639687,
"narHash": "sha256-L2h46/z8WExNvtCEdZ8YuMu5TwfAGsKXXgM7pyIShvs=",
"owner": "nix-community",
"repo": "disko",
"rev": "832a9f2c81ff3485404bd63952eadc17bf7ccef2",
"rev": "b09eb605e376c9e95c87c0ef3fcb8008e11c8368",
"type": "github"
},
"original": {
@ -172,18 +192,43 @@
"type": "github"
}
},
"firefox-addons": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1721458684,
"narHash": "sha256-qATZkwG7oWObKqAJUJh1jj5KwTYcPUjLoONhXXXwgAY=",
"owner": "~rycee",
"repo": "nur-expressions",
"rev": "9cb92b3f92598f77aa8b95b54e5d72ad23745d64",
"type": "sourcehut"
},
"original": {
"dir": "pkgs/firefox-addons",
"owner": "~rycee",
"repo": "nur-expressions",
"type": "sourcehut"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
"type": "github"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
@ -203,6 +248,36 @@
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -226,11 +301,11 @@
]
},
"locked": {
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
@ -244,11 +319,47 @@
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1629284811,
"narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": [
"stylix",
"systems"
]
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -275,8 +386,8 @@
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": "gitignore",
"flake-compat": "flake-compat_4",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
@ -287,11 +398,11 @@
]
},
"locked": {
"lastModified": 1717664902,
"narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
"lastModified": 1724440431,
"narHash": "sha256-9etXEOUtzeMgqg1u0wp+EdwG7RpmrAZ2yX516bMj2aE=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
"rev": "c8a54057aae480c56e28ef3e14e4960628ac495b",
"type": "github"
},
"original": {
@ -301,6 +412,28 @@
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"arkenfox",
"pre-commit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
@ -341,11 +474,11 @@
},
"hardware": {
"locked": {
"lastModified": 1718429294,
"narHash": "sha256-uhKuPVN8IZJCWwFhNupTxES7LMo8ot2KC6+VmVWwzyU=",
"lastModified": 1724575805,
"narHash": "sha256-OB/kEL3GAhUZmUfkbPfsPhKs0pRqJKs0EEBiLfyKZw8=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "239c3864fef6292262d23cff58ce81674f309142",
"rev": "9fc19be21f0807d6be092d70bf0b1de0c00ac895",
"type": "github"
},
"original": {
@ -361,11 +494,11 @@
]
},
"locked": {
"lastModified": 1717527182,
"narHash": "sha256-vWSkg6AMok1UUQiSYVdGMOXKD2cDFnajITiSi0Zjd1A=",
"lastModified": 1720042825,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "845a5c4c073f74105022533907703441e0464bc3",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github"
},
"original": {
@ -383,15 +516,16 @@
]
},
"locked": {
"lastModified": 1718243258,
"narHash": "sha256-abBpj2VU8p6qlRzTU8o22q68MmOaZ4v8zZ4UlYl5YRU=",
"lastModified": 1720042825,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "8d5e27b4807d25308dfe369d5a923d87e7dbfda3",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
@ -404,11 +538,11 @@
]
},
"locked": {
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"lastModified": 1724435763,
"narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
"type": "github"
},
"original": {
@ -444,11 +578,11 @@
]
},
"locked": {
"lastModified": 1718345812,
"narHash": "sha256-FJhA+YFsOFrAYe6EaiTEfomNf7jeURaPiG5/+a3DRSc=",
"lastModified": 1724469941,
"narHash": "sha256-+U5152FwmDD9EUOiFi5CFxCK6/yFESyDei9jEIlmUtI=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "ff988d78f2f55641efacdf9a585d2937f7e32a9b",
"rev": "ea319a737939094b48fda9063fa3201ef2479aac",
"type": "github"
},
"original": {
@ -457,20 +591,32 @@
"type": "github"
}
},
"nix-secrets": {
"flake": false,
"locked": {
"lastModified": 1723141979,
"narHash": "sha256-YMvn/xOQFXSl5qcU/cBaD7biIlv7nfVgFTApbgY0tqY=",
"path": "/home/laozi/nix-secrets",
"type": "path"
},
"original": {
"path": "/home/laozi/nix-secrets",
"type": "path"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1720386169,
"narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
"owner": "nixos",
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
"id": "nixpkgs",
"ref": "release-23.05",
"type": "indirect"
}
},
"nixpkgs-lib": {
@ -488,13 +634,29 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1718530797,
"narHash": "sha256-pup6cYwtgvzDpvpSCFh1TEUjw2zkNpk8iolbKnyFmmU=",
"lastModified": 1724479785,
"narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b60ebf54c15553b393d144357375ea956f89e9a9",
"rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be",
"type": "github"
},
"original": {
@ -506,11 +668,43 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1714912032,
"narHash": "sha256-clkcOIkg8G4xuJh+1onLG4HPMpbtzdLv4rHxFzgsH9c=",
"lastModified": 1710765496,
"narHash": "sha256-p7ryWEeQfMwTB6E0wIUd5V2cFTgq+DRRBz2hYGnJZyA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ee4a6e0f566fe5ec79968c57a9c2c3c25f2cf41d",
"rev": "e367f7a1fb93137af22a3908f00b9a35e2d286a7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1723415338,
"narHash": "sha256-K/BVeDLkpswRSBh3APxc2gBNVFEMXGpnkuQz666FiTM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6e8760f7f7121128e2037db44915a4a5450b6e67",
"type": "github"
},
"original": {
@ -523,7 +717,7 @@
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts",
"git-hooks": "git-hooks",
"home-manager": "home-manager_2",
@ -534,11 +728,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1718395224,
"narHash": "sha256-CHb6PztVli8qtAnXTR+VcB+6CANs+TkIz1Ivu8yXsvM=",
"lastModified": 1724502615,
"narHash": "sha256-g206hhNghyxMO9Sdv9fD22MRgWQppws10x+oDHKDVdU=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "a4dec356e736f795f8eec2d6f1580b4769f2fe21",
"rev": "764b89aa14543da7266719757cfcf0cce8c1679f",
"type": "github"
},
"original": {
@ -548,16 +742,41 @@
"type": "github"
}
},
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": "gitignore",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1717664902,
"narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"arkenfox": "arkenfox",
"disko": "disko",
"firefox-addons": "firefox-addons",
"hardware": "hardware",
"home-manager": "home-manager",
"nix-colors": "nix-colors",
"nixpkgs": "nixpkgs",
"nix-secrets": "nix-secrets",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim",
"stylix": "stylix"
"stylix": "stylix",
"wg-namespace-flake": "wg-namespace-flake"
}
},
"stylix": {
@ -569,17 +788,19 @@
"base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_5",
"flake-utils": "flake-utils_3",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_4",
"systems": "systems_2"
},
"locked": {
"lastModified": 1720818679,
"narHash": "sha256-u9PqY7O6TN42SLeb0e6mnYAgQOoQmclaVSHfLKMpmu0=",
"lastModified": 1724702977,
"narHash": "sha256-bP1/BHbEigLjTTmqyy1t8w5EVWHuLuABtOd/BBXVLtA=",
"owner": "danth",
"repo": "stylix",
"rev": "29148118cc33f08b71058e1cda7ca017f5300b51",
"rev": "6c895c6b42ca205017abe72a7263baf36a197972",
"type": "github"
},
"original": {
@ -603,6 +824,21 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -611,11 +847,11 @@
]
},
"locked": {
"lastModified": 1718271476,
"narHash": "sha256-35hUMmFesmchb+u7heKHLG5B6c8fBOcSYo0jj0CHLes=",
"lastModified": 1724338379,
"narHash": "sha256-kKJtaiU5Ou+e/0Qs7SICXF22DLx4V/WhG1P6+k4yeOE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "e75ba0a6bb562d2ce275db28f6a36a2e4fd81391",
"rev": "070f834771efa715f3e74cd8ab93ecc96fabc951",
"type": "github"
},
"original": {
@ -623,6 +859,26 @@
"repo": "treefmt-nix",
"type": "github"
}
},
"wg-namespace-flake": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1668060489,
"narHash": "sha256-8GLPHJV0iMS8d4lEUP+v4p2IqRKGWDJwsP96+mm0fHw=",
"owner": "VTimofeenko",
"repo": "wg-namespace-flake",
"rev": "956d80aae5f7871bdcfa3946c175985c211d8498",
"type": "github"
},
"original": {
"owner": "VTimofeenko",
"repo": "wg-namespace-flake",
"type": "github"
}
}
},
"root": "root",

33
flake.nix
View File

@ -37,6 +37,14 @@
# inputs.nixpkgs.follows = "nixpkgs";
#};
# ------------ Wireguard namespaces for VPN ------------ #
wg-namespace-flake = {
url = "github:VTimofeenko/wg-namespace-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
# ------------------------------ VIM ------------------------------ #
nixvim = {
url = "github:nix-community/nixvim/nixos-24.05";
@ -77,10 +85,25 @@
# Private secrets repo. See ./docs/secretsmgmt.md
# Authenticate via ssh and use shallow clone
#nix-secrets = {
# url = "git+ssh://git@gitlab.com/emergentmind/nix-secrets.git?ref=main&shallow=1";
# flake = false;
#};
nix-secrets = {
#url = "git+ssh://git@git.mattmor.in/Nix/nix-secrets.git?ref=main&shallow=1";
#TODO: Switch to remote git repo up from local
url = "path:/home/laozi/nix-secrets";
flake = false;
};
# A better way to manage arkenfox user.js on nixos
arkenfox = {
url = "github:dwarfmaster/arkenfox-nixos";
inputs.arkenfox.inputs.nixpkgs.follows = "nixpkgs";
};
# declarative addons
firefox-addons = {
url = "sourcehut:~rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs = {
nixpkgs.follows = "nixpkgs";
#FIX? flake-utils.follows = "nixos-wsl/flake-utils";
};
};
};
# ===================================================================== #
@ -96,7 +119,7 @@
inherit (nixpkgs) lib;
configVars = import ./vars { inherit inputs lib; };
configLib = import ./lib { inherit lib; };
specialArgs = { inherit inputs outputs configVars configLib nixpkgs; };
specialArgs = { inherit inputs outputs configVars configLib nixpkgs; };#TODO: consider adding self
in
{
# ============================ CUSTOM ============================= #

6
home/laozi/common/core/default.nix
View File

@ -35,15 +35,15 @@
ncdu# TUI disk usage
btop# resource monitor
pfetch# system info
nerdfetch# fetch using nerdfonts
pciutils# pci bus info + conns. to them
coreutils# basic gnu utils
du-dust# see how disk space is being used
usbutils
ntfs3g # NTFS fs
pm-utils # power management https://pm-utils.freedesktop.org/wiki/
pmutils # power management https://pm-utils.freedesktop.org/wiki/
wireshark
nmap
mosh# mobile shell
# curl

34
home/laozi/common/core/firejail.nix Normal file
View File

@ -0,0 +1,34 @@
{ pkgs, ... }:
{
programs.firejail = {
enable = true;
wrappedBinaries = {
librewolf = {
executable = "${pkgs.librewolf}/bin/librewolf";
profile = "${pkgs.firejail}/etc/firejail/librewolf.profile";
extraArgs = [
# Required for U2F USB stick
"--ignore=private-dev"
# Enforce dark mode
"--env=GTK_THEME=Adwaita:dark"
# Enable system notifications
"--dbus-user.talk=org.freedesktop.Notifications"
];
};
signal-desktop = {
# Enable tray icon otherwise Signal window might be hidden
executable = "${pkgs.signal-desktop}/bin/signal-desktop --use-tray-icon";
profile = "${pkgs.firejail}/etc/firejail/signal-desktop.profile";
extraArgs = [
# Enforce dark mode
"--env=GTK_THEME=Adwaita:dark"
#TODO: Enable Wayland mode
#"--env=NIXOS_OZONE_WL=1"
# Allow tray icon (should be upstreamed into signal-desktop.profile)
"--dbus-user.talk=org.kde.StatusNotifierWatcher"
];
};
};
};
}

10
home/laozi/common/optional/desktop/default.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, lib, pkgs, outputs, configLib, ... }:
{
imports = (configLib.scanPaths ./.)
++ (builtins.attrValues outputs.homeManagerModules);
home.packages = builtins.attrValues {
inherit (pkgs)
# Here go packages without my configs
#!Remember to comment without space after package
};
}

2
home/laozi/common/optional/system/default.nix
View File

@ -6,5 +6,7 @@
inherit (pkgs)
# Here go packages without my configs
#!Remember to comment without space after package
nerdfetch# fetch using nerdfonts
du-dust; # see how disk space is being used
};
}

13
home/laozi/jeroboam.nix
View File

@ -1,4 +1,8 @@
{ inputs, configVars, ... }:
{ inputs, configVars, configLib, ... }:
#map with prefix to refactor
let
optionals = (configLib.mapPathsToPrefix { prefix = common/optional; list = [ /system /internet /comms /utilities /dev/foot.nix /office ];});
in
{
imports = [
# ======================= Hardware Configs ========================= #
@ -6,14 +10,9 @@
# ======================= Required Configs ========================= #
common/core
# ================ Host-specific Optional Configs ================== #
common/optional/utilities
common/optional/dev/foot.nix
common/optional/office
# ============================= Themeing =========================== #
inputs.nix-colors.homeManagerModules.default
];
] ++ optionals;# Host specific optionals
colorScheme = inputs.nix-colors.colorSchemes.atelier-dune;
home = {

8
lib/default.nix
View File

@ -19,6 +19,12 @@
&& (lib.strings.hasSuffix ".nix" path) # include .nix files
)
)
(builtins.readDir path)));
(builtins.readDir path)
)
);
mapPathsToPrefix = { prefix, list }:
# Filter... sth like builtins.filter (path: builtins.pathExists path)
builtins.map (path: prefix + path) list;
}

1
pkgs/default.nix
View File

@ -5,4 +5,5 @@
#################### Packages with external source ####################
# name = pkgs.callPackage ./name { };
geteduroam = pkgs.callPackage ./geteduroam {};
}

51
pkgs/geteduroam/default.nix Normal file
View File

@ -0,0 +1,51 @@
# https://github.com/geteduroam/linux-app/releases/download/nightly/geteduroam-cli-linux-amd64
{
lib,
pkgs,
...
}:
let
pname = "geteduroam";
in
pkgs.buildGoModule rec {
inherit pname;
version = "0.3";
src = pkgs.fetchFromGitHub {
owner = "geteduroam";
repo = "linux-app";
rev = "${version}";
hash = "sha256-Cq0c/zwUym753ccMR1XwuzLkl+BIvng6AoA7eofULPk=";
};
#overrideModAttrs = old: {
# preConfigure = ''
# cd cmd/geteduroam-gui
# '';
#};
subPackages = ["cmd/geteduroam-cli" "cmd/geteduroam-gui"];
vendorHash = "sha256-ZwCJ/yayF31P3fuhk/qu3Wov861HDVGGNlkLwHTQo7Y=";#lib.fakeHash;
#doDist = false;
#ldflags = [
#"-s -w -X github.com/geteduroam/linux-app/cmd.version=${version}"
#"-extldflags '-static -L${pkgs.musl}/lib'"
#];
nativeBuildInputs = with pkgs; [musl libcap go gcc];
CGO_ENABLED = 0;
#installPhase = ''
# make build-gui
#'';
meta = with lib; {
homepage = "https://git.mattmor.in/nix-config";
license = licenses.mit;
description = "GetEduroam";
maintainers = with maintainers; [
madmin
];
};
}

30
systems/common/core/default.nix
View File

@ -1,7 +1,25 @@
{
imports = [
./time_locale.nix
./xorg_plasma.nix
./console.nix
];
{ inputs, outputs, configLib, ... }: {
imports = (configLib.scanPaths ./.)
++ [ inputs.home-manager.nixosModules.home-manager ]
++ (builtins.attrValues outputs.nixosModules);
#TODO:yubikey-> services.yubikey-agent.enable = true;
security.sudo.extraConfig = ''
Defaults timestamp_timeout=120 # only ask for password every 2h
# Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
# Defaults env_keep + =SSH_AUTH_SOCK
'';
home-manager.extraSpecialArgs = { inherit inputs outputs; };
nixpkgs = {
# you can add global overlays here
overlays = builtins.attrValues outputs.overlays;
config = {
allowUnfree = true;
};
};
hardware.enableRedistributableFirmware = true;
}

17
systems/common/core/region_locale.nix
View File

@ -1,17 +0,0 @@
{
time.timeZone = "Europe/Paris";
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_MESSAGES = "de_DE.UTF-8";
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
}

4
systems/common/core/services/default.nix Normal file
View File

@ -0,0 +1,4 @@
{ configLib, ... }:
{
import = (configLib.scanPaths ./.);
}

64
systems/common/core/services/fail2ban.nix Normal file
View File

@ -0,0 +1,64 @@
# http://web.archive.org/web/20240621185719/https://dataswamp.org/~solene/2022-10-02-nixos-fail2ban.html
{
services.fail2ban = {
enable = true;
ignoreIP = [
"192.168.1.0/24"
];
# needed to ban on IPv4 and IPv6 for all ports
extraPackages = [pkgs.ipset];
banaction = "iptables-ipset-proto6-allports";
jails = {
# max 6 failures in 600 seconds
"nginx-spam" = ''
enabled = true
filter = nginx-bruteforce
logpath = /var/log/nginx/access.log
backend = auto
maxretry = 6
findtime = 600
'';
# max 3 failures in 600 seconds
"postfix-bruteforce" = ''
enabled = true
filter = postfix-bruteforce
findtime = 600
maxretry = 3
'';
# max 10 failures in 600 seconds
"molly" = ''
enabled = true
filter = molly
findtime = 600
maxretry = 10
logpath = /var/log/molly-brown/access.log
backend = auto
'';
};
environment.etc = {
"fail2ban/filter.d/molly.conf".text = ''
[Definition]
failregex = <HOST>\s+(31|40|51|53).*$
'';
"fail2ban/filter.d/nginx-bruteforce.conf".text = ''
[Definition]
failregex = ^<HOST>.*GET.*(matrix/server|\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$
'';
"fail2ban/filter.d/postfix-bruteforce.conf".text = ''
[Definition]
failregex = warning: [\w\.\-]+\[<HOST>\]: SASL LOGIN authentication failed.*$
journalmatch = _SYSTEMD_UNIT=postfix.service
'';
};
}

2
systems/common/core/services/firejail.nix Normal file
View File

@ -0,0 +1,2 @@
{ pkgs, ... }:
{ }

12
systems/common/core/time_locale.nix
View File

@ -3,15 +3,15 @@
i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocaleSettings = {
LC_MESSAGES = "fr_FR.UTF-8";
LC_MESSAGES = "de_DE.UTF-8";
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_NUMERIC = "fr_FR.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
LC_TIME = "fr_FR.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
}

62
systems/common/optional/networking/wg.nix Normal file
View File

@ -0,0 +1,62 @@
{
config,
pkgs,
lib,
...
}: {
boot.extraModulePackages = [config.boot.kernelPackages.wireguard];
systemd.network = {
enable = true;
netdevs = {
"10-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
MTUBytes = "1300";
};
# See also man systemd.netdev (also contains info on the permissions of the key files)
wireguardConfig = {
# Don't use a file from the Nix store as these are world readable. Must be readable by the systemd.network user
PrivateKeyFile = "/run/keys/wireguard-privkey";
ListenPort = 9918;
};
wireguardPeers = [
# configuration since nixos-unstable/nixos-24.11
{
PublicKey = "Vhv/4oTMt5YYHFm3PpNC/3po1/kmjo2p8Jnk2O5zAFk=";
AllowedIPs = ["fc00::1/64" "10.100.0.1"];
Endpoint = "138.199.7.251:51820"; # SET TO SERVER IP, port 51820 usually iwth wg
}
# configuration for nixos 24.05
#{
# wireguardPeerConfig = {
# PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0=";
# AllowedIPs = ["fc00::1/64" "10.100.0.1"];
# Endpoint = "{set this to the server ip}:51820";
# };
#}
];
};
};
networks.wg0 = {
# See also man systemd.network
matchConfig.Name = "wg0";
# IP addresses the client interface will have
address = [
"fe80::3/64"
"fc00::3/120"
"10.100.0.2/24"
];
DHCP = "no";
dns = ["fc00::53"];
ntp = ["fc00::123"];
gateway = [
"fc00::1"
"10.100.0.1"
];
networkConfig = {
IPv6AcceptRA = false;
};
};
};
}

42
systems/common/optional/services/openssh.nix Normal file
View File

@ -0,0 +1,42 @@
{ lib, config, configVars, ... }:
let
sshPort = configVars.networking.sshPort;
# Sops needs access to the keys before the persist dirs are even mounted; so
# just persisting the keys won't work, we must point at /persist
hasOptinPersistence = false;
in
{
services.openssh = {
enable = true;
ports = [ sshPort ];
settings = {
# Harden
PasswordAuthentication = false;
PermitRootLogin = "no";
# Automatically remove stale sockets
StreamLocalBindUnlink = "yes";
# Allow forwarding ports to everywhere
GatewayPorts = "clientspecified";
};
hostKeys = [{
path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}];
# Fix LPE vulnerability with sudo use SSH_AUTH_SOCK: https://github.com/NixOS/nixpkgs/issues/31611
authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
};
# yubikey login / sudo
# this potentially causes a security issue that we mitigated above
security.pam = {
sshAgentAuth.enable = true;
services = {
sudo.u2fAuth = true;
};
};
networking.firewall.allowedTCPPorts = [ sshPort ];
}

6
systems/common/users/laozi/default.nix
View File

@ -53,9 +53,9 @@ in
# No matter what environment we are in we want these tools for root, and the user(s)
programs.zsh.enable = true;
programs.git.enable = true;
environment.systemPackages = [
pkgs.just
pkgs.rsync
environment.systemPackages = with pkgs; [
just
rsync
];
};
}

8
systems/jeroboam/default.nix
View File

@ -41,6 +41,8 @@
"systems/common/optional/pipewire.nix" # audio
"systems/common/optional/boot/loud_boot.nix" # for testing, otherwise quiet_boot.nix
#"systems/common/optional/boot/quiet_boot.nix" # with plymouth pretty custom load sequence
"systems/common/optional/btrfs_scrub.nix" # spec
"systems/common/optional/networking/iphone.nix"
# ------------------------ Desktop --------------------------- #
#"systems/common/optional/services/greetd.nix" # display manager
@ -70,6 +72,12 @@
enableIPv6 = false;
};
# I devices
iphone = {
enable = true;
user = "Shenzhen";
};
# ================ HYPRLAND =================== #
environment.sessionVariables = {
# hack to get the cursor to become visible

4
vars/default.nix
View File

@ -1,9 +1,11 @@
{ inputs, lib }:
{
networking = import ./networking.nix { inherit lib; };
username = "laozi";
#domain = inputs.nix-secrets.domain;
#userFullName = inputs.nix-secrets.full-name;
#handle = "madmin";
handle = "madmin";
#userEmail = inputs.nix-secrets.user-email;
#gitEmail = "madmin@noreply.codeberg.org";
#workEmail = inputs.nix-secrets.work-email;

4
vars/networking.nix
View File

@ -1,2 +1,4 @@
{ ... }:
{}
{
sshPort = 22;
}