asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:master
Branches Tags
asmir:master
asmir:nftables_transition
asmir:gitea_typst
asmir:magento2
..
compare: asmir:nftables_transition
Branches Tags
asmir:master
asmir:nftables_transition
asmir:gitea_typst
asmir:magento2

No commits in common. "master" and "nftables_transition" have entirely different histories.
master ... nftables_t

9 changed files with 160 additions and 118 deletions
Show Stats Expand all files Collapse all files

110
flake.lock generated
View File

@ -33,6 +33,22 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -48,6 +64,24 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -55,16 +89,16 @@
]
},
"locked": {
"lastModified": 1747556831,
"narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",
"lastModified": 1736373539,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
@ -92,16 +126,16 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1747953325,
"narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=",
"lastModified": 1738574474,
"narHash": "sha256-rvyfF49e/k6vkrRTV4ILrWd92W+nmBDfRYZgctOyolQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "55d1f923c480dadce40f5231feb472e81b0bab48",
"rev": "fecfeb86328381268e29e998ddd3ebc70bbd7f7c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
@ -128,11 +162,11 @@
]
},
"locked": {
"lastModified": 1748077877,
"narHash": "sha256-sxWrjcRygvs7Fz9gxjSm54ul8+NtU29V+PLAPR6ZfY0=",
"lastModified": 1736528609,
"narHash": "sha256-p0tYmTVnnFghamXEXD4w/lldCi604zIWDV4Ol9ubQ5g=",
"ref": "refs/heads/master",
"rev": "b23265403c87af272c74cda484a840b0f22306f5",
"revCount": 43,
"rev": "8245a48cc75cc74dea1b3ca89cb58f24f8e14f85",
"revCount": 42,
"type": "git",
"url": "https://git.project-cloud.net/asmir/nvim_flake"
},
@ -141,6 +175,28 @@
"url": "https://git.project-cloud.net/asmir/nvim_flake"
}
},
"peerix": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1684706914,
"narHash": "sha256-pBlTtsC28e/5MUTe4NWeNNOc/4Kf6EzGQGppQEQ/ioo=",
"owner": "asmir.abdulahovic",
"repo": "peerix",
"rev": "8fdbbd0039240e05b4f93bbd5b454d5643e8a8d1",
"type": "gitlab"
},
"original": {
"owner": "asmir.abdulahovic",
"repo": "peerix",
"type": "gitlab"
}
},
"project-cloud": {
"inputs": {
"nixpkgs": [
@ -169,6 +225,7 @@
"nix-xilinx": "nix-xilinx",
"nixpkgs": "nixpkgs",
"nvim": "nvim",
"peerix": "peerix",
"project-cloud": "project-cloud",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix",
@ -179,18 +236,18 @@
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-24_11": "nixpkgs-24_11"
},
"locked": {
"lastModified": 1746937334,
"narHash": "sha256-7g2GSePdYbpD1v5BxEVSCJ2Ogf4K5rc9sBB81FervUY=",
"lastModified": 1737736848,
"narHash": "sha256-VrUfCXBXYV+YmQ2OvVTeML9EnmaPRtH+POrNIcJp6yo=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "da66510f688b7eac54e3cac7c75be4b8dd78ce8b",
"rev": "6b425d13f5a9d73cb63973d3609acacef4d1e261",
"type": "gitlab"
},
"original": {
@ -206,11 +263,11 @@
]
},
"locked": {
"lastModified": 1746485181,
"narHash": "sha256-PxrrSFLaC7YuItShxmYbMgSuFFuwxBB+qsl9BZUnRvg=",
"lastModified": 1738291974,
"narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "e93ee1d900ad264d65e9701a5c6f895683433386",
"rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
"type": "github"
},
"original": {
@ -239,6 +296,21 @@
"url": "https://git.project-cloud.net/asmir/swaysw"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"theme_anemone": {
"flake": false,
"locked": {

34
flake.nix
View File

@ -2,13 +2,18 @@
description = "NixOS configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
nix-xilinx = {
url = "gitlab:asmir.abdulahovic/nix-xilinx";
inputs.nixpkgs.follows = "nixpkgs";
};
peerix = {
url = "gitlab:asmir.abdulahovic/peerix";
inputs.nixpkgs.follows = "nixpkgs";
};
zremap = {
url = "git+https://git.project-cloud.net/asmir/zremap";
inputs.nixpkgs.follows = "nixpkgs";
@ -30,7 +35,7 @@
};
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -51,6 +56,7 @@
nixpkgs,
nix-xilinx,
nvim,
peerix,
project-cloud,
simple-nixos-mailserver,
sops-nix,
@ -82,6 +88,18 @@
home-manager.extraSpecialArgs = { inherit inputs system; };
home-manager.backupFileExtension = "home_backup";
}
peerix.nixosModules.peerix
{
services.peerix = {
enable = true;
globalCacheTTL = 10;
package = peerix.packages.x86_64-linux.peerix;
openFirewall = true; # UDP/12304
privateKeyFile = nixy.config.sops.secrets."peerix/private".path;
publicKeyFile = ./nixy/peerix-public;
publicKey = "peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=";
};
}
];
};
@ -104,6 +122,18 @@
home-manager.users.akill = import ./home/home.nix;
home-manager.extraSpecialArgs = { inherit inputs system; };
}
peerix.nixosModules.peerix
{
services.peerix = {
enable = true;
globalCacheTTL = 10;
package = peerix.packages.x86_64-linux.peerix;
openFirewall = true; # UDP/12304
privateKeyFile = mediabox.config.sops.secrets."peerix/private".path;
publicKeyFile = ./mediabox/peerix-public;
publicKey = "peerix-nixy:8THqS0R2zWF/47ai0RFmqJnieYTZ1jaWOD9tnzpvA6s=";
};
}
];
};

36
home/home.nix
View File

@ -86,9 +86,7 @@ in
hwdec = "auto";
vo = "gpu-next";
ao = "pipewire";
osd-bar = "no";
border = "no";
script-opts-set = "";
script-opts-set = "ytdl_hook-ytdl_path=yt-dlp,sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
ytdl-format = "bestvideo[height<=?1080]+bestaudio/best";
};
@ -162,6 +160,7 @@ in
qutebrowser = {
enable = true;
package = qutebrowser_firejail;
keyBindings = {
normal = {
"j" = "scroll-px 0 25";
@ -252,26 +251,13 @@ in
swayidle =
let
locker = pkgs.writeShellScriptBin "swaylock_fancy" ''
ALL_IMGS=""
LOCK_ARGS=""
for OUTPUT in $(${pkgs.sway}/bin/swaymsg -t get_outputs | ${lib.getExe pkgs.jq} -r '.[].name')
do
TMP_FILE=$(${pkgs.coreutils}/bin/mktemp /tmp/.swaylock_ss_XXXXXX.jpg)
${lib.getExe pkgs.grim} -t ppm -o $OUTPUT - | \
${lib.getExe pkgs.ffmpeg} -y -loglevel 0 -i - -vframes 1 -vf "boxblur=10" "$TMP_FILE"
LOCK_ARGS="$LOCK_ARGS --image $OUTPUT:$TMP_FILE"
ALL_IMGS="$ALL_IMGS $TMP_FILE"
done
${lib.getExe pkgs.swaylock} -f $LOCK_ARGS
${pkgs.coreutils}/bin/shred $ALL_IMGS
${pkgs.coreutils}/bin/rm $ALL_IMGS
${lib.getExe pkgs.grim} -t ppm - | ${pkgs.imagemagick}/bin/convert - -blur 0x12 "$TMP_FILE"
${lib.getExe pkgs.swaylock} -f -i "$TMP_FILE"
${pkgs.coreutils}/bin/shred "$TMP_FILE"
${pkgs.coreutils}/bin/rm "$TMP_FILE"
'';
in
/*
refresh_i3status = pkgs.writeShellScriptBin "refresh_i3status" ''
${pkgs.coreutils}/bin/sleep 1 && ${pkgs.procps}/bin/pkill -USR1 i3status-rs
'';
*/
{
enable = true;
events = [
@ -283,12 +269,10 @@ in
event = "lock";
command = "${locker}/bin/swaylock_fancy";
}
/*
{
event = "after-resume";
command = "${refresh_i3status}/bin/refresh_i3status";
command = "${pkgs.procps}/bin/pkill -USR1 i3status-rs";
}
*/
];
timeouts = [
{
@ -315,17 +299,17 @@ in
profile.outputs = [
{
criteria = "eDP-1";
position = "0,0";
position = "3840,0";
}
{
criteria = "Philips Consumer Electronics Company PHL 272S1 UHB2347026536";
mode = "1920x1080@74.973Hz";
position = "1920,0";
position = "5760,0";
}
{
criteria = "Philips Consumer Electronics Company PHL 272S1 UHB2347026535";
mode = "1920x1080@74.973Hz";
position = "3840,0";
position = "7680,0";
}
];
}

16
home/home_packages.nix
View File

@ -15,11 +15,6 @@ let
chromium_stackfield = pkgs.writeShellScriptBin "chromium_stackfield" ''
${lib.getExe pkgs.ungoogled-chromium} --socket=wayland org.chromium.Chromium --app=https://stackfield.com/
'';
nixy_switch = pkgs.writeShellScriptBin "nixy_switch" ''
${pkgs.util-linux}/bin/ionice -c 3 -- \
${pkgs.coreutils}/bin/nice -n 20 -- \
${lib.getExe pkgs.nixos-rebuild} --flake ./#nixy switch
'';
qcad = pkgs.writeShellScriptBin "qcad" ''
QT_QPA_PLATFORM=xcb ${lib.getExe pkgs.qcad} $@
'';
@ -63,10 +58,9 @@ in
cached-nix-shell
caddy
cargo
ungoogled-chromium
cmake
compsize
kdePackages.ark
ungoogled-chromium
# cura
deluge
dfu-util
@ -92,7 +86,7 @@ in
imv
inkscape
jellyfin-media-player
kdePackages.kdenlive
kdenlive
kicad
kodi-wayland
krita
@ -136,6 +130,7 @@ in
screen
seer
sioyek
skypeforlinux
slurp
steam-run
stm32cubemx
@ -148,7 +143,6 @@ in
thunderbird
typst
upx
viber
waybar
wdisplays
weechat
@ -171,13 +165,13 @@ in
chromium_discord
chromium_stackfield
chromium_teams
nixy_switch
qcad
ssh_proxy
wrap_sh
qcad
]
++ [
inputs.swaysw.packages.${system}.swaysw
(pkgs.callPackage ../packages/viber/default.nix { })
(pkgs.callPackage ../packages/bubblewrap/default.nix { })
];
}

32
home/i3status-rust.nix
View File

@ -1,14 +1,4 @@
{ pkgs, ... }:
let
kbd_switch = pkgs.writeShellScriptBin "kbd_switch" ''
declare -A -r KBD_CYCLE_MAP=(
["English (US)"]="de"
["German"]="ba"
)
LAYOUT="$(${pkgs.sway}/bin/swaymsg -t get_inputs -r | ${pkgs.jq}/bin/jq -r 'map(select(.type == "keyboard")).[0].xkb_layout_names.[]')"
swaymsg input "*" xkb_layout ''${KBD_CYCLE_MAP["$LAYOUT"]:-"us"}
'';
in
{ ... }:
{
programs.i3status-rust = {
bars.top = {
@ -22,16 +12,6 @@ in
};
blocks = [
{
block = "keyboard_layout";
driver = "sway";
click = [
{
cmd = "${kbd_switch}/bin/kbd_switch";
button = "left";
}
];
}
{
block = "battery";
interval = 10;
@ -56,30 +36,20 @@ in
{
block = "net";
device = "wlan0";
if_command = "ip link show wlan0";
interval = 2;
}
{
block = "net";
device = "enp5s0";
if_command = "ip link show enp5s0";
interval = 2;
}
{
block = "net";
device = "enp7s0f3u1u1";
if_command = "ip link show enp7s0f3u1u1";
interval = 2;
}
{
block = "net";
device = "enp7s0f4u1u1";
if_command = "ip link show enp7s0f4u1u1";
interval = 2;
}
{
block = "net";
if_command = "ip link show eno1";
device = "eno1";
interval = 2;
}

3
home/sway.nix
View File

@ -17,6 +17,7 @@ let
${lib.getExe pkgs.grim} -g "$GEOM" - | ${pkgs.wl-clipboard}/bin/wl-copy
'';
swaysw = inputs.swaysw.packages.${system}.swaysw;
viber = pkgs.callPackage ../packages/viber/default.nix { };
term = "${pkgs.foot}/bin/footclient";
in
{
@ -145,7 +146,7 @@ in
"Mod4+j" =
"exec ${pkgs.sway}/bin/swaymsg [app_id=com.rtosta.zapzap] scratchpad show || exec ${lib.getExe pkgs.zapzap}";
"Mod4+h" =
"exec ${pkgs.sway}/bin/swaymsg [app_id=com.viber] scratchpad show || exec ${pkgs.viber}/bin/viber";
"exec ${pkgs.sway}/bin/swaymsg [app_id=com.viber] scratchpad show || exec ${viber}/bin/viber";
"Mod4+y" =
''exec ${pkgs.sway}/bin/swaymsg [app_id="pulsemixer"] scratchpad show || exec ${term} -a pulsemixer ${lib.getExe pkgs.pulsemixer}'';
"Mod4+p" = "exec ${lib.getExe pkgs.tessen} -a copy";

2
home/zsh.nix
View File

@ -72,7 +72,7 @@
envExtra = '''';
initContent = ''
initExtra = ''
# binds
bindkey '^K' fzf-file-widget

14
magpie/configuration.nix
View File

@ -333,8 +333,8 @@
};
networking.hostName = "magpie";
networking.nftables.enable = true;
networking.firewall = {
nftables.enable = true;
enable = true;
allowedTCPPorts = [
80
@ -366,13 +366,13 @@
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
#postSetup = ''
# ${pkgs.nftables}/bin/nft add rule ip nat POSTROUTING oifname "eth0" ip saddr 10.100.0.0/24 counter masquerade
#'';
postSetup = ''
${pkgs.nftables}/bin/nft add rule ip nat POSTROUTING oifname "eth0" ip saddr 10.100.0.0/24 counter masquerade
'';
# This undoes the above command, TODO fix command below to be more specific
#postShutdown = ''
# ${pkgs.nftables}/bin/nft flush table ip nat
#'';
postShutdown = ''
${pkgs.nftables}/bin/nft flush table ip nat
'';
privateKeyFile = config.sops.secrets."wg_privkey".path;
peers = [

23
nixy/configuration.nix
View File

@ -16,7 +16,7 @@ in
system.stateVersion = "23.05";
system.autoUpgrade.enable = false;
system.switch = {
enable = true;
enable = false;
enableNg = true;
};
@ -88,7 +88,7 @@ in
"psmouse.synaptics_intertouch=0"
"mem_sleep_default=deep"
];
#kernelPackages = pkgs.linuxPackages_latest;
kernelPackages = pkgs.linuxPackages_latest;
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
@ -236,13 +236,6 @@ in
enable = true;
binfmt = true;
};
nix-ld = {
enable = false;
libraries = with pkgs; [
stdenv.cc.cc.lib
zlib
];
};
zsh.enable = true;
firejail.enable = true;
adb.enable = true;
@ -379,7 +372,6 @@ in
acpid.enable = true;
dbus.enable = true;
dbus.implementation = "broker";
envfs.enable = true;
fstrim.enable = true;
fwupd.enable = true;
ntp.enable = true;
@ -446,9 +438,9 @@ in
enable = true;
bindings = [
{
keys = [ 115 ];
keys = [ 113 ];
events = [ "key" ];
command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master toggle'";
}
{
@ -457,16 +449,16 @@ in
"key"
"rep"
];
command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%- unmute'";
}
{
keys = [ 113 ];
keys = [ 115 ];
events = [
"key"
"rep"
];
command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
command = "/run/current-system/sw/bin/runuser -l ${USER} -c 'amixer -q set Master 5%+ unmute'";
}
{
@ -599,7 +591,6 @@ in
};
virtualisation = {
waydroid.enable = false;
libvirtd = {
enable = true;
allowedBridges = [