asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:77e24e385a766fc68ed94de7163c8dcfbbaf6ffd
Branches Tags
asmir:master asmir:nftables_transition asmir:gitea_typst asmir:magento2
...
compare: asmir:nftables_transition
Branches Tags
asmir:master asmir:nftables_transition asmir:gitea_typst asmir:magento2

14 Commits
77e24e385a ... nftables_t

Author SHA1 Message Date
Asmir A
a624cbcfd1 magpie/networking: iptables -> nftables 2025-02-10 15:15:44 +01:00
Asmir A
f7246dc661 home/kanshi: add display positions for docked profile 2025-02-05 11:56:19 +01:00
Asmir A
5fc1e89975 home/swayidle: update lock script 2025-02-05 11:55:41 +01:00
Asmir A
071ee11601 flake: update 2025-02-04 16:02:37 +01:00
Asmir A
e4b6972c36 home/zsh: add full /nix/store path to aliases and shell script executables 2025-02-04 15:19:12 +01:00
Asmir A
cc95668f6d home/zsh: export pwd using osc7 2025-02-04 14:31:09 +01:00
Asmir A
9f1d4c2bfe home: add wayland-pipewire-idle-inhibit service 2025-02-04 12:53:49 +01:00
Asmir A
466ab42ee8 common/packages: add aria2 2025-01-26 14:10:24 +01:00
Asmir A
fd7b458be1 flake: update 2025-01-25 14:44:02 +01:00
Asmir A
ac5ab2d85d Revert "nixy: switch to default nixos kernel" 
This reverts commit 350bcfed05.
 2025-01-25 14:43:37 +01:00
Asmir A
650c50889e nixy: remove f2fs from initramfs 2025-01-15 11:55:21 +01:00
Asmir A
9f78cde62f nixy: add global USER variable 2025-01-15 11:41:32 +01:00
Asmir A
1240d5d3a2 nixy/dnscyrpt-proxy2: add full path for public-resolvers.md 2025-01-15 11:35:21 +01:00
Asmir A
9b8aa0c6b2 home_packages: add rizin 2025-01-15 11:33:53 +01:00
8 changed files with 80 additions and 56 deletions
Expand all files Collapse all files

1
common/packages.nix
View File

@@ -9,6 +9,7 @@
with pkgs; with pkgs;
[ [
acpi acpi
aria2
binutils binutils
binwalk binwalk
bluez bluez

26
flake.lock generated
View File

@@ -126,11 +126,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1736200483, "lastModified": 1738574474,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", "narHash": "sha256-rvyfF49e/k6vkrRTV4ILrWd92W+nmBDfRYZgctOyolQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", "rev": "fecfeb86328381268e29e998ddd3ebc70bbd7f7c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -243,11 +243,11 @@
"nixpkgs-24_11": "nixpkgs-24_11" "nixpkgs-24_11": "nixpkgs-24_11"
}, },
"locked": { "locked": {
"lastModified": 1735230346, "lastModified": 1737736848,
"narHash": "sha256-zgR8NTiNDPVNrfaiOlB9yHSmCqFDo7Ks2IavaJ2dZo4=", "narHash": "sha256-VrUfCXBXYV+YmQ2OvVTeML9EnmaPRtH+POrNIcJp6yo=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "dc0569066e79ae96184541da6fa28f35a33fbf7b", "rev": "6b425d13f5a9d73cb63973d3609acacef4d1e261",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -263,11 +263,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736515725, "lastModified": 1738291974,
"narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=", "narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125", "rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -350,11 +350,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1721120316, "lastModified": 1737802495,
"narHash": "sha256-CaAMnU6LKqJrsZmR9k0/2brpULnAekpgG5S0BjtFhaQ=", "narHash": "sha256-Q+bZnH7uQM5T/G+xCGSRU3bTJqD70NeE4vLXLXLCm7k=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "8a7923bd4e5d36b186408d5432568a91ac67b695", "rev": "4962f12867b0b6c4c4d39b98e6016e7f925a802c",
"revCount": 21, "revCount": 23,
"type": "git", "type": "git",
"url": "https://git.project-cloud.net/asmir/zremap" "url": "https://git.project-cloud.net/asmir/zremap"
}, },

1
flake.nix
View File

@@ -155,6 +155,7 @@
} }
]; ];
}; };
magpie = nixpkgs.lib.nixosSystem rec { magpie = nixpkgs.lib.nixosSystem rec {
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [

20
home/home.nix
View File

@@ -254,6 +254,7 @@ in
TMP_FILE=$(${pkgs.coreutils}/bin/mktemp /tmp/.swaylock_ss_XXXXXX.jpg) TMP_FILE=$(${pkgs.coreutils}/bin/mktemp /tmp/.swaylock_ss_XXXXXX.jpg)
${lib.getExe pkgs.grim} -t ppm - | ${pkgs.imagemagick}/bin/convert - -blur 0x12 "$TMP_FILE" ${lib.getExe pkgs.grim} -t ppm - | ${pkgs.imagemagick}/bin/convert - -blur 0x12 "$TMP_FILE"
${lib.getExe pkgs.swaylock} -f -i "$TMP_FILE" ${lib.getExe pkgs.swaylock} -f -i "$TMP_FILE"
${pkgs.coreutils}/bin/shred "$TMP_FILE"
${pkgs.coreutils}/bin/rm "$TMP_FILE" ${pkgs.coreutils}/bin/rm "$TMP_FILE"
''; '';
in in
@@ -298,14 +299,17 @@ in
profile.outputs = [ profile.outputs = [
{ {
criteria = "eDP-1"; criteria = "eDP-1";
position = "3840,0";
} }
{ {
criteria = "Philips Consumer Electronics Company PHL 272S1 UHB2347026536"; criteria = "Philips Consumer Electronics Company PHL 272S1 UHB2347026536";
mode = "1920x1080@74.973Hz"; mode = "1920x1080@74.973Hz";
position = "5760,0";
} }
{ {
criteria = "Philips Consumer Electronics Company PHL 272S1 UHB2347026535"; criteria = "Philips Consumer Electronics Company PHL 272S1 UHB2347026535";
mode = "1920x1080@74.973Hz"; mode = "1920x1080@74.973Hz";
position = "7680,0";
} }
]; ];
} }
@@ -315,19 +319,17 @@ in
systemd.user = { systemd.user = {
services = { services = {
/* wayland-pipewire-idle-inhibit = {
himalaya = { Unit.Description = "inhibit sleep while audio output is active";
Unit.Description = "Himalaya new messages notifier";
Service = { Service = {
ExecStart = "himalaya notify"; ExecStart = "${lib.getExe pkgs.wayland-pipewire-idle-inhibit}";
Restart = "always"; Restart = "always";
RestartSec = 10; RestartSec = 10;
}; };
Install = { Install = {
WantedBy = [ "multi-user.target" ]; WantedBy = [ "graphical-session.target" ];
}; };
}; };
*/
}; };
}; };
} }

1
home/home_packages.nix
View File

@@ -124,6 +124,7 @@ in
python3Packages.west python3Packages.west
remmina remmina
river river
rizin
rtorrent rtorrent
sbcl sbcl
screen screen

20
home/zsh.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, lib, ... }:
{ {
programs.z-lua = { programs.z-lua = {
enableAliases = true; enableAliases = true;
@@ -11,13 +11,13 @@
defaultKeymap = "viins"; defaultKeymap = "viins";
shellAliases = { shellAliases = {
cfind = "cscope -C -R -L1"; cfind = "${pkgs.cscope}/bin/cscope -C -R -L1";
chmod = "chmod -v"; chmod = "chmod -v";
chown = "chown -v"; chown = "chown -v";
cp = "cp -v"; cp = "cp -v";
rm = "rm -v"; rm = "rm -v";
ip = "ip --color=auto"; ip = "ip --color=auto";
f = "''$(pay-respects zsh)"; f = "''$(${lib.getExe pkgs.pay-respects} zsh)";
}; };
history = { history = {
@@ -92,11 +92,23 @@
ls; ls;
} }
function osc7-pwd() {
emulate -L zsh # also sets localoptions for us
setopt extendedglob
local LC_ALL=C
printf '\e]7;file://%s%s\e\' $HOST ''${PWD//(#m)([^@-Za-z&-;_~])/%''${(l:2::0:)''$(([##16]#MATCH))}}
}
function chpwd-osc7-pwd() {
(( ZSH_SUBSHELL )) || osc7-pwd
}
add-zsh-hook -Uz chpwd chpwd-osc7-pwd
eval "$(direnv hook zsh)" eval "$(direnv hook zsh)"
zstyle ':completion:*' matcher-list 'm:{a-z}={A-Za-z}' zstyle ':completion:*' matcher-list 'm:{a-z}={A-Za-z}'
if [[ -n "$PS1" ]] && [[ -z "$TMUX" ]] && [[ -n "$SSH_CONNECTION" ]]; then if [[ -n "$PS1" ]] && [[ -z "$TMUX" ]] && [[ -n "$SSH_CONNECTION" ]]; then
TMUX_EXE="${pkgs.tmux}/bin/tmux" TMUX_EXE="${lib.getExe pkgs.tmux}"
systemd-run --scope --user $TMUX_EXE attach-session -t $USER || systemd-run --scope --user $TMUX_EXE new-session -s $USER systemd-run --scope --user $TMUX_EXE attach-session -t $USER || systemd-run --scope --user $TMUX_EXE new-session -s $USER
fi fi

44
magpie/configuration.nix
View File

@@ -333,24 +333,28 @@
}; };
networking.hostName = "magpie"; networking.hostName = "magpie";
networking.firewall = {
nftables.enable = true;
enable = true;
allowedTCPPorts = [
80
443
587
2049
]; # http, mail, mail, nfs
allowedUDPPorts = [
443
51820
]; # mail, wireguard
allowPing = true;
logRefusedConnections = lib.mkDefault false;
};
networking.firewall.enable = true; networking.nat = {
networking.firewall.allowedTCPPorts = [ enable = true;
80 externalInterface = "enp1s0";
443 internalInterfaces = [ "wg0" ];
587 };
2049
]; # http, mail, mail, nfs
networking.firewall.allowedUDPPorts = [
443
51820
]; # mail, wireguard
networking.firewall.allowPing = true;
networking.firewall.logRefusedConnections = lib.mkDefault false;
networking.nat.enable = true;
networking.nat.externalInterface = "enp1s0";
networking.nat.internalInterfaces = [ "wg0" ];
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.wireless.enable = false; networking.wireless.enable = false;
@@ -363,11 +367,11 @@
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = '' postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE ${pkgs.nftables}/bin/nft add rule ip nat POSTROUTING oifname "eth0" ip saddr 10.100.0.0/24 counter masquerade
''; '';
# This undoes the above command # This undoes the above command, TODO fix command below to be more specific
postShutdown = '' postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE ${pkgs.nftables}/bin/nft flush table ip nat
''; '';
privateKeyFile = config.sops.secrets."wg_privkey".path; privateKeyFile = config.sops.secrets."wg_privkey".path;

23
nixy/configuration.nix
View File

@@ -7,6 +7,9 @@
zremap, zremap,
... ...
}: }:
let
USER = "akill";
in
{ {
imports = [ ]; imports = [ ];
@@ -45,12 +48,12 @@
"borgbase_enc_key" = { "borgbase_enc_key" = {
sopsFile = ./secrets/borgbase_enc_key.yaml; sopsFile = ./secrets/borgbase_enc_key.yaml;
owner = config.users.users.akill.name; owner = config.users.users.${USER}.name;
}; };
"borgbase_ssh_key" = { "borgbase_ssh_key" = {
sopsFile = ./secrets/borgbase_ssh_key.yaml; sopsFile = ./secrets/borgbase_ssh_key.yaml;
owner = config.users.users.akill.name; owner = config.users.users.${USER}.name;
}; };
}; };
}; };
@@ -85,6 +88,7 @@
"psmouse.synaptics_intertouch=0" "psmouse.synaptics_intertouch=0"
"mem_sleep_default=deep" "mem_sleep_default=deep"
]; ];
kernelPackages = pkgs.linuxPackages_latest;
kernel.sysctl = { kernel.sysctl = {
"net.core.default_qdisc" = "fq"; "net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr"; "net.ipv4.tcp_congestion_control" = "bbr";
@@ -97,7 +101,6 @@
}; };
readOnlyNixStore = true; readOnlyNixStore = true;
supportedFilesystems = [ supportedFilesystems = [
"f2fs"
"xfs" "xfs"
]; ];
tmp.useTmpfs = true; tmp.useTmpfs = true;
@@ -110,7 +113,7 @@
doas.enable = true; doas.enable = true;
doas.extraRules = [ doas.extraRules = [
{ {
users = [ "akill" ]; users = [ USER ];
keepEnv = true; keepEnv = true;
persist = true; persist = true;
} }
@@ -437,7 +440,7 @@
{ {
keys = [ 113 ]; keys = [ 113 ];
events = [ "key" ]; events = [ "key" ];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master toggle'"; command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master toggle'";
} }
{ {
@@ -446,7 +449,7 @@
"key" "key"
"rep" "rep"
]; ];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'"; command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%- unmute'";
} }
{ {
@@ -455,7 +458,7 @@
"key" "key"
"rep" "rep"
]; ];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'"; command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%+ unmute'";
} }
{ {
@@ -486,7 +489,7 @@
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
]; ];
cache_file = "public-resolvers.md"; cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
}; };
}; };
@@ -494,7 +497,7 @@
borgbackup.jobs."borgbase" = borgbackup.jobs."borgbase" =
let let
user = config.users.users.akill; user = config.users.users.${USER};
home = user.home; home = user.home;
in in
{ {
@@ -631,7 +634,7 @@
algorithm = "zstd"; algorithm = "zstd";
}; };
users.users.akill = { users.users.${USER} = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = [ extraGroups = [