From eff6860aa2e7307d4e520b2d79e43efcb67806ef Mon Sep 17 00:00:00 2001 From: caem Date: Thu, 4 Apr 2024 01:41:19 +0200 Subject: [PATCH] Replace legacy configuration with the new The old configuration is still available in the legacy branch of this repository. It contains the mostly server oriented configuration while this new configuration is aimed at desktop usage. --- .github/workflows/main.yml | 26 ---- .gitignore | 6 +- README.md | 42 ++----- flake.lock | 200 ++---------------------------- flake.nix | 65 ++-------- machines/hardware/workstation.nix | 91 ++++++++++++++ machines/persist/workstation.nix | 20 +++ machines/workstation.nix | 81 ++++++++++++ packages/akkoma/package.nix | 28 ----- packages/deluge/homeserver.nix | 27 ---- packages/forgejo/dirae.nix | 72 ----------- packages/gitlab/package.nix | 26 ---- packages/mailserver/package.nix | 33 ----- packages/nginx/dirae.nix | 61 --------- packages/nginx/homeserver.nix | 16 --- packages/sshd/package.nix | 18 --- packages/synapse/package.nix | 31 ----- packages/syncthing/homeserver.nix | 18 --- packages/vim/package.nix | 34 ----- packages/wireguard/package.nix | 30 ----- sets/meta/sysadmin.nix | 13 -- systems/common.nix | 20 --- systems/dirae.nix | 55 -------- systems/hardware/dirae.nix | 47 ------- systems/hardware/homeserver.nix | 49 -------- systems/hardware/qemu-vm.nix | 45 ------- systems/homeserver.nix | 59 --------- systems/persist/common.nix | 18 --- systems/persist/dirae.nix | 33 ----- systems/qemu-vm.nix | 18 --- users/hu.nix | 17 +++ users/media.nix | 8 -- users/none.nix | 1 - users/user.nix | 20 --- wm/xmonad.nix | 29 +++++ 35 files changed, 266 insertions(+), 1091 deletions(-) delete mode 100644 .github/workflows/main.yml create mode 100644 machines/hardware/workstation.nix create mode 100644 machines/persist/workstation.nix create mode 100644 machines/workstation.nix delete mode 100644 packages/akkoma/package.nix delete mode 100644 packages/deluge/homeserver.nix delete mode 100644 packages/forgejo/dirae.nix delete mode 100644 packages/gitlab/package.nix delete mode 100644 packages/mailserver/package.nix delete mode 100644 packages/nginx/dirae.nix delete mode 100644 packages/nginx/homeserver.nix delete mode 100644 packages/sshd/package.nix delete mode 100644 packages/synapse/package.nix delete mode 100644 packages/syncthing/homeserver.nix delete mode 100644 packages/vim/package.nix delete mode 100644 packages/wireguard/package.nix delete mode 100644 sets/meta/sysadmin.nix delete mode 100644 systems/common.nix delete mode 100644 systems/dirae.nix delete mode 100644 systems/hardware/dirae.nix delete mode 100644 systems/hardware/homeserver.nix delete mode 100644 systems/hardware/qemu-vm.nix delete mode 100644 systems/homeserver.nix delete mode 100644 systems/persist/common.nix delete mode 100644 systems/persist/dirae.nix delete mode 100644 systems/qemu-vm.nix create mode 100644 users/hu.nix delete mode 100644 users/media.nix delete mode 100644 users/none.nix delete mode 100644 users/user.nix create mode 100644 wm/xmonad.nix diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 36398b5..0000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: "Update flake.lock" - -on: - workflow_dispatch: - schedule: - - cron: "0 8 * * *" - -jobs: - update_lockfile: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v1 - - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@v19 - with: - git-author-name: 'caem' - git-author-email: 'caem@dirae.org' - git-committer-name: 'caem' - git-committer-email: 'caem@dirae.org' - pr-title: "Automated: Update flake.lock" - pr-labels: | - dependencies - automated diff --git a/.gitignore b/.gitignore index cdb74b0..4bd922a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1 @@ -nixos/result -pw -.stfolder -privkey -privpsk +secrets/ diff --git a/README.md b/README.md index ff004ab..a8d0cb0 100644 --- a/README.md +++ b/README.md @@ -2,40 +2,12 @@ Modular multi-purpose NixOS configuration. ## About -Feel free to do whatever with this configuration. -This configuration [erases your darlings](https://grahamc.com/blog/erase-your-darlings/) using ZFS snapshots. -Currently only used for my homeserver, [desktop runs on Gentoo](https://git.dirae.org/caem/dotfiles). +This is the NixOS configuration I daily drive on my desktop. Feel free to use +and modify this configuration to your needs. No attribution required. I hold no +accountabilty for whatever you do with this configuration. ## Layout -``` -/nix/config -├── flake.lock -├── flake.nix ; Master configuration file -├── overlays ; Package overlays -├── packages ; Packages with configurations -│   ├── nginx -│   │   └── homeserver.nix -│   ├── syncthing -│   │   └── homeserver.nix -│   └── vim -│   └── package.nix -├── pw ; Password of your user -├── sets ; Sets of packages -│   └── meta -│   └── sysadmin.nix -├── systems ; System specific configuration -│   ├── common.nix -│   ├── hardware ; Hardware configuration of each system -│   │   ├── homeserver.nix -│   │   └── qemu-vm.nix -│   ├── homeserver.nix -│   ├── persist ; Persistence configuration of each system -│   │   ├── common.nix -│   │   ├── homeserver.nix -│   │   └── qemu-vm.nix -│   └── qemu-vm.nix -└── users ; User specific configuration - ├── media.nix - ├── none.nix - └── user.nix -``` +todo + +## Screenshot +todo diff --git a/flake.lock b/flake.lock index 13374ac..57ddecb 100644 --- a/flake.lock +++ b/flake.lock @@ -1,44 +1,12 @@ { "nodes": { - "blobs": { - "flake": false, - "locked": { - "lastModified": 1604995301, - "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "type": "gitlab" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "impermanence": { "locked": { - "lastModified": 1694622745, - "narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=", + "lastModified": 1708968331, + "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=", "owner": "nix-community", "repo": "impermanence", - "rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e", + "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30", "type": "github" }, "original": { @@ -47,178 +15,24 @@ "type": "github" } }, - "nixops": { - "inputs": { - "nixpkgs": "nixpkgs", - "utils": "utils" - }, - "locked": { - "lastModified": 1677688500, - "narHash": "sha256-yF2tS9Zo8JCIdPjhy19grmJk8wUFMxMu9cPlgfMJuTg=", - "owner": "NixOS", - "repo": "nixops", - "rev": "fc9b55c55da62f949028143b974f67fdc7f40c8b", - "type": "github" - }, - "original": { - "id": "nixops", - "type": "indirect" - } - }, "nixpkgs": { "locked": { - "lastModified": 1672525397, - "narHash": "sha256-WASDnyxHKWVrEe0dIzkpH+jzKlCKAk0husv0f/9pyxg=", + "lastModified": 1712026416, + "narHash": "sha256-N/3VR/9e1NlN49p7kCiATiEY6Tzdo+CbrAG8kqCQKcI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8ba56d7c0d7490680f2d51ba46a141eca7c46afa", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-22_11": { - "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "rev": "080a4a27f206d07724b88da096e27ef63401a504", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", - "type": "indirect" - } - }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1694959747, - "narHash": "sha256-CXQ2MuledDVlVM5dLC4pB41cFlBWxRw4tCBsFrq3cRk=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "970a59bd19eff3752ce552935687100c46e820a5", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_2": { - "locked": { - "lastModified": 1694937365, - "narHash": "sha256-iHZSGrb9gVpZRR4B2ishUN/1LRKWtSHZNO37C8z1SmA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "5d017a8822e0907fb96f7700a319f9fe2434de02", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1670751203, - "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-unstable", "type": "indirect" } }, "root": { "inputs": { "impermanence": "impermanence", - "nixops": "nixops", - "nixpkgs": "nixpkgs_2", - "nixpkgs-unstable": "nixpkgs-unstable", - "simple-mailserver": "simple-mailserver" - } - }, - "simple-mailserver": { - "inputs": { - "blobs": "blobs", - "flake-compat": "flake-compat", - "nixpkgs": "nixpkgs_3", - "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": "nixpkgs-23_05", - "utils": "utils_2" - }, - "locked": { - "lastModified": 1687462267, - "narHash": "sha256-rNSputjn/0HEHHnsKfQ8mQVEPVchcBw7DsbND7Wg8dk=", - "owner": "simple-nixos-mailserver", - "repo": "nixos-mailserver", - "rev": "24128c3052090311688b09a400aa408ba61c6ee5", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "ref": "nixos-23.05", - "repo": "nixos-mailserver", - "type": "gitlab" - } - }, - "utils": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "utils_2": { - "locked": { - "lastModified": 1605370193, - "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5021eac20303a61fafe17224c087f5519baed54d", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" + "nixpkgs": "nixpkgs" } } }, diff --git a/flake.nix b/flake.nix index 5d0eb05..1acd55e 100644 --- a/flake.nix +++ b/flake.nix @@ -1,58 +1,19 @@ { - description = "Modular multi-purpose NixOS configuration."; + description = "Modular NixOS configuration."; - inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; - nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + inputs = { + impermanence.url = "github:nix-community/impermanence"; + }; - # https://nixos.wiki/wiki/Impermanence - impermanence.url = "github:nix-community/impermanence"; - - simple-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-23.05"; - }; - - outputs = { self, nixpkgs, nixpkgs-unstable, nixops, ... }@attrs: let + outputs = { self, nixpkgs, impermanence, ... }: + { + nixosConfigurations.workstation = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; - overlay-unstable = final: prev: { - unstable = import nixpkgs-unstable { - inherit system; - config.allowUnfree = true; - }; - }; - - user = "user"; # Select user from the `./users` directory - in { - # Media homeserver - nixosConfigurations.homeserver = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = attrs; - modules = [ - ({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; }) - ./users/${user}.nix - ./systems/homeserver.nix - ]; - }; - - # dirae.org - nixosConfigurations.dirae = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = attrs; - modules = [ - ({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; }) - ./users/${user}.nix - ./systems/dirae.nix - ]; - }; - - # Debugging VM configuration - nixosConfigurations.qemu-vm = nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = attrs; - modules = [ - ({ config, pkgs, ...}: { nixpkgs.overlays = [ overlay-unstable ]; }) - ./users/${user}.nix - ./systems/qemu-vm.nix - ]; - }; + modules = [ + impermanence.nixosModules.impermanence + ./machines/workstation.nix + ./users/hu.nix + ]; + }; }; } diff --git a/machines/hardware/workstation.nix b/machines/hardware/workstation.nix new file mode 100644 index 0000000..94507a1 --- /dev/null +++ b/machines/hardware/workstation.nix @@ -0,0 +1,91 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + boot.initrd.postDeviceCommands = lib.mkAfter '' + mkdir /btrfs_tmp + mount /dev/nvme0n1p2 /btrfs_tmp + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/8e515c16-703a-43ea-8653-ec0f739ba532"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" "noatime" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/8e515c16-703a-43ea-8653-ec0f739ba532"; + fsType = "btrfs"; + options = [ "subvol=home" "compress=zstd" "noatime" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/8e515c16-703a-43ea-8653-ec0f739ba532"; + fsType = "btrfs"; + options = [ "subvol=nix" "compress=zstd" "noatime" ]; + }; + + fileSystems."/var/log" = + { device = "/dev/disk/by-uuid/8e515c16-703a-43ea-8653-ec0f739ba532"; + fsType = "btrfs"; + options = [ "subvol=log" "compress=zstd" "noatime" ]; + neededForBoot = true; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A925-0013"; + fsType = "vfat"; + }; + + fileSystems."/media/vault" = + { device = "/dev/disk/by-uuid/048d175b-0e3e-4ec7-955b-3d9a45f9f237"; + fsType = "xfs"; + }; + + fileSystems."/media/attic" = + { device = "/dev/disk/by-uuid/ec32ce36-9f53-4f44-ac8f-2c9163f0b3d7"; + fsType = "xfs"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp34s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/persist/workstation.nix b/machines/persist/workstation.nix new file mode 100644 index 0000000..529a2ce --- /dev/null +++ b/machines/persist/workstation.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, impermanence, ... }: + +{ + environment.persistence."/nix/persist" = { + hideMounts = true; + directories = [ + "/var/lib/nixos" + "/var/lib/systemd/coredump" + { + directory = "/var/lib/colord"; + user = "colord"; + group = "colord"; + mode = "u=rwx,g=rx,o="; + } + ]; + files = [ + "/etc/machine-id" + ]; + }; +} diff --git a/machines/workstation.nix b/machines/workstation.nix new file mode 100644 index 0000000..41b283a --- /dev/null +++ b/machines/workstation.nix @@ -0,0 +1,81 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware/workstation.nix + ./persist/workstation.nix + ../wm/xmonad.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.supportedFilesystems = [ "btrfs" "xfs" ]; + + networking = { + hostName = "workstation"; + enableIPv6 = false; + nameservers = [ "1.1.1.1" ]; + defaultGateway = "192.168.2.1"; + interfaces.enp34s0.ipv4.addresses = [{ + address = "192.168.2.68"; + prefixLength = 24; + }]; + }; + + time.timeZone = "Europe/Berlin"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + useXkbConfig = true; + }; + + nixpkgs.config.allowUnfree = true; + services.xserver.videoDrivers = [ "nvidia" ]; + hardware = { + opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + nvidia = { + modesetting.enable = true; + nvidiaSettings = true; + open = false; + package = config.boot.kernelPackages.nvidiaPackages.production; + }; + }; + + programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa = { + enable = true; + support32Bit = true; + }; + pulse.enable = true; + jack.enable = true; + }; + + # Todo: Move these packages out in the correct files. + environment.systemPackages = with pkgs; [ + fastfetch + neovim + firefox + rofi + wget + unzip + git + tree + ]; + + system.stateVersion = "23.11"; +} + diff --git a/packages/akkoma/package.nix b/packages/akkoma/package.nix deleted file mode 100644 index c27be5f..0000000 --- a/packages/akkoma/package.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, ... }: - -{ - services.akkoma = { - enable = true; - - config = { - ":pleroma" = { - ":instance" = { - name = "Dirae"; - description = "This server uses NixOS btw"; - email = "caem@dirae.org"; - registration_open = false; - }; - - "Pleroma.Upload".filters = map (pkgs.formats.elixirConf { }).lib.mkRaw [ - "Pleroma.Upload.Filter.Exiftool" - "Pleroma.Upload.Filter.Dedupe" - "Pleroma.Upload.Filter.AnonymizeFilename" - ]; - }; - - "Pleroma.Web.Endpoint" = { - url.host = "social.dirae.org"; - }; - }; - }; -} diff --git a/packages/deluge/homeserver.nix b/packages/deluge/homeserver.nix deleted file mode 100644 index c1d3f95..0000000 --- a/packages/deluge/homeserver.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ ... }: - -{ - services.deluge = { - enable = true; - user = "media"; - declarative = true; - dataDir = "/mnt/mass/Services/Deluge"; - authFile = "/mnt/mass/Services/Deluge/auth"; - - config = { - download_location = "/mnt/mass/Torrents/incomplete"; - move_completed_path = "/mnt/mass/Torrents"; - move_completed = true; - listen_random_port = false; - outgoing_interface = "wg0"; - listen_interface = "wg0"; - allow_remote = true; - listen_ports = [ 57597 ]; - max_active_seeding = -1; - max_active_downloading = 5; - max_active_limit = -1; - }; - }; - - networking.firewall.allowedTCPPorts = [ 57597 58846 ]; -} diff --git a/packages/forgejo/dirae.nix b/packages/forgejo/dirae.nix deleted file mode 100644 index 804f422..0000000 --- a/packages/forgejo/dirae.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ pkgs, config, lib, ... }: let - # theme = builtins.fetchurl { - # url = ""; - # sha256 = ""; - # }; -in -{ - # systemd.services.gitea.preStart = lib.mkAfter '' - # mkdir -p ${config.services.gitea.stateDir}/custom/public/css - # cp -f ${theme} ${config.services.gitea.stateDir}/custom/public/css/ - # ''; - - services.gitea = { - enable = true; - package = pkgs.forgejo; - - appName = "git.dirae.org"; - settings = { - service = { - DISABLE_REGISTRATION = true; - }; - - server = { - DOMAIN = "git.dirae.org"; - ROOT_URL = "https://git.dirae.org"; - HTTP_PORT = 3001; - }; - - "ui" = { - THEMES = '' - forgejo-auto,forgejo-light,forgejo-dark,auto,gitea,arc-green - ''; - DEFAULT_THEME = "forgejo-dark"; - }; - - "ui.user" = { - REPO_PAGING_NUM = 50; - }; - - "ui.meta" = { - AUTHOR = "dirae.org Forgejo instance"; - DESCRIPTION = "Forgejo instance hosting git repositories for dirae.org"; - KEYWORDS = "go,git,self-hosted,gitea,forgejo,foss,oss,decentrialised,federation"; - }; - - "repository" = { - DEFAULT_BRANCH = "master"; - DISABLE_STARS = true; - ENABLE_PUSH_CREATE_USER = true; - DEFAULT_REPO_UNITS = '' - repo.code,repo.releases,repo.issues,repo.pulls - ''; - PREFERRED_LICENSES="GPL-3.0-or-later,AGPL-3.0-or-later"; - }; - }; - - database = { - type = "postgres"; - passwordFile = "/var/keys/gitea/db"; - }; - }; - - services.postgresql = { - enable = true; - authentication = '' - local gitea all ident map=gitea-users - ''; - identMap = '' - gitea-users gitea gitea - ''; - }; -} diff --git a/packages/gitlab/package.nix b/packages/gitlab/package.nix deleted file mode 100644 index 9b19471..0000000 --- a/packages/gitlab/package.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ ... }: - -{ - services.gitlab = { - enable = true; - host = "gitlab.dirae.org"; - - # Server is running on limited budet :,) - # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html - puma.workers = 0; - puma.threadsMax = 1; - - user = "gitlab"; - group = "gitlab"; - - https = true; - databasePasswordFile = "/var/keys/gitlab/db_password"; - initialRootPasswordFile = "/var/keys/gitlab/root_password"; - secrets = { - dbFile = "/var/keys/gitlab/db"; - secretFile = "/var/keys/gitlab/secret"; - otpFile = "/var/keys/gitlab/otp"; - jwsFile = "/var/keys/gitlab/jws"; - }; - }; -} diff --git a/packages/mailserver/package.nix b/packages/mailserver/package.nix deleted file mode 100644 index 327d609..0000000 --- a/packages/mailserver/package.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ simple-mailserver, ... }: - -{ - imports = [ - simple-mailserver.nixosModule - ]; - - mailserver = { - enable = true; - fqdn = "dirae.org"; - domains = [ "dirae.org" ]; - - loginAccounts = { - "caem@dirae.org" = { - hashedPasswordFile = "/nix/config/packages/mailserver/pw"; - - aliases = [ - "admin@dirae.org" - "postmaser@dirae.org" - "legal@dirae.org" - "contact@dirae.org" - "dmca@dirae.org" - "pt@dirae.org" - "cali@dirae.org" - "abuse@dirae.org" - ]; - }; - }; - - # Managed in configuration for nginx - certificateScheme = "acme"; - }; -} diff --git a/packages/nginx/dirae.nix b/packages/nginx/dirae.nix deleted file mode 100644 index 1938401..0000000 --- a/packages/nginx/dirae.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ ... }: -let - fqdn = "dirae.org"; - serverConfig."m.server" = "dirae.org:443"; - mkWellKnown = data: '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; -in { - security.acme.acceptTerms = true; - security.acme.defaults.email = "caem@dirae.org"; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - virtualHosts = { - "caem.dev" = { - enableACME = true; - forceSSL = true; - locations."/" = { - root = "/var/www/caem"; - }; - }; - - "dirae.org" = { - enableACME = true; - forceSSL = true; - locations."/" = { - root = "/var/www/dirae"; - }; - locations."/.well-known/matrix/server".extraConfig = '' - return 200 '{"m.server": "dirae.org:443"}'; - default_type application/json; - add_header Access-Control-Allow-Origin *; - ''; - locations."/_matrix".proxyPass = "http://127.0.0.1:8008"; - - }; - - "git.dirae.org" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://127.0.0.1:3001"; - }; - - # "gitlab.dirae.org" = { - # enableACME = true; - # forceSSL = true; - # locations."/" = { - # proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; - # }; - # }; - }; - }; -} diff --git a/packages/nginx/homeserver.nix b/packages/nginx/homeserver.nix deleted file mode 100644 index 56b91b0..0000000 --- a/packages/nginx/homeserver.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: - -{ - services.nginx = { - enable = true; - user = "media"; - virtualHosts."192.168.2.69" = { - root = "/mnt/mass/Torrents"; - extraConfig = '' - autoindex on; - ''; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 ]; -} diff --git a/packages/sshd/package.nix b/packages/sshd/package.nix deleted file mode 100644 index 1ca4024..0000000 --- a/packages/sshd/package.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ ... }: - -{ - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - ChallengeResponseAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - users.users."user".openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCnopPaLuQT4+5LzqiBM4JfdRamzArszOrfoDy96KpQL9jeZQhT4E7LE63tySza4auJyTkFcnfGEQQaAlCUYTVvWrvB6l2nG7mVZ5Cr0YvQ1U9AY+1OPE5wCSDUk9zaUm3ldWgUWRA/MyGtzm3kQ+ZtYIOqtvF6Ki5vPRYl+QR0cjThw5Sr/99sTqZwgmbPoAkLXnioSI+oOgV6H8M9XCuvwmlm6YKfBrjTQltj93GpSf24Lf9YaFc51Auao78AfOof/EtGWlcBrvfdjaS/scxSmHO9r/AShV/BEVboG+89i+Qia67cATGIwDLB6HZO1dO5qTSImzcQ/QnFW1E0IGZy3LvKd/FT8QCpHjDtPlsxWwIuTgyLD3c9OZTTA8w619QBKic3KEhuRkhuwOqSPgpvgkK8hS91gr8spL+6U4Bdgo8gZH14kj7ZhiNsIur0Chj/X1uCHGXEHhlV4ky2XAxhGSSr9fy06w4uPsIXGnSufm8jbBAhYDrNzaod2Q/73VE= user@workstation" - ]; - - networking.firewall.allowedTCPPorts = [ 22 ]; -} diff --git a/packages/synapse/package.nix b/packages/synapse/package.nix deleted file mode 100644 index 73ad666..0000000 --- a/packages/synapse/package.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ pkgs, ... }: - -{ - services.postgresql.enable = true; - services.postgresql.initialScript = pkgs.writeText "synapse-init" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - - services.matrix-synapse = { - enable = true; - settings.server_name = "dirae.org"; - - settings.listeners = [ - { - port = 8008; - bind_addresses = [ "127.0.0.1" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [{ - names = [ "client" "federation" ]; - compress = true; - }]; - } - ]; - }; -} diff --git a/packages/syncthing/homeserver.nix b/packages/syncthing/homeserver.nix deleted file mode 100644 index cddef3b..0000000 --- a/packages/syncthing/homeserver.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ ... }: - -{ - imports = [ - ../../users/media.nix - ]; - - services.syncthing = { - enable = true; - user = "media"; - dataDir = "/mnt/mass"; - configDir = "/mnt/mass/Services/Syncthing"; - guiAddress = "0.0.0.0:8384"; - }; - - networking.firewall.allowedTCPPorts = [ 8384 22000 ]; - networking.firewall.allowedUDPPorts = [ 22000 21027 ]; -} diff --git a/packages/vim/package.nix b/packages/vim/package.nix deleted file mode 100644 index 6736793..0000000 --- a/packages/vim/package.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, ... }: - -{ - environment.variables = { EDITOR = "vim"; }; - - environment.systemPackages = with pkgs; [ - ((vim_configurable.override { }).customize{ - name = "vim"; - - vimrcConfig.packages.plugins = with pkgs.vimPlugins; { - start = [ vim-nix ]; - opt = []; - }; - - vimrcConfig.customRC = '' - syntax on - set tabstop=4 - set shiftwidth=4 smarttab - set expandtab - set noswapfile - set incsearch - set noerrorbells - set smartindent - set number - set relativenumber - set nobackup - set scrolloff=8 - set sidescrolloff=8 - set fileencoding='utf-8' - set nohlsearch - ''; - }) - ]; -} diff --git a/packages/wireguard/package.nix b/packages/wireguard/package.nix deleted file mode 100644 index 0845c90..0000000 --- a/packages/wireguard/package.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, ... }: - -{ - networking.wg-quick.interfaces = { - wg0 = { - address = [ "10.174.110.32/32" ]; - dns = [ "10.128.0.1" ]; - mtu = 1320; - privateKeyFile = "/nix/config/packages/wireguard/privkey"; - - # Route local traffic through local network - preUp = '' - ${pkgs.unixtools.route}/bin/route add -net 192.168.2.0 netmask 255.255.255.0 metric 0 dev eno1 - ''; - postDown = '' - ${pkgs.unixtools.route}/bin/route del -net 192.168.2.0 netmask 255.255.255.0 metric 0 dev eno1 - ''; - - peers = [{ - publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; - presharedKeyFile = "/nix/config/packages/wireguard/privpsk"; - allowedIPs = [ "0.0.0.0/0" ]; - endpoint = "nl.vpn.airdns.org:1637"; - persistentKeepalive = 15; - }]; - }; - }; - - networking.firewall.allowedUDPPorts = [ 1637 ]; -} diff --git a/sets/meta/sysadmin.nix b/sets/meta/sysadmin.nix deleted file mode 100644 index ac5c14c..0000000 --- a/sets/meta/sysadmin.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; [ - htop - wget - curl - git - tree - ]; - - services.openssh.enable = true; -} diff --git a/systems/common.nix b/systems/common.nix deleted file mode 100644 index e59b0ee..0000000 --- a/systems/common.nix +++ /dev/null @@ -1,20 +0,0 @@ -# Common configuration for all systems - -{ pkgs, ... }: - -{ - nix = { - settings.auto-optimise-store = true; - - # Clean generations older than a week - gc = { - automatic = false; # Flip this to do it automatically - dates = "weekly"; - options = "--delete-older-than 7d"; - }; - }; - - nixpkgs.config.allowUnfree = true; - - system.stateVersion = "23.05"; -} diff --git a/systems/dirae.nix b/systems/dirae.nix deleted file mode 100644 index cb82f97..0000000 --- a/systems/dirae.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ ... }: - -{ - imports = [ - ./common.nix - ./hardware/dirae.nix -# ./persist/dirae.nix - ../sets/meta/sysadmin.nix - ../packages/vim/package.nix - ../packages/sshd/package.nix - ../packages/mailserver/package.nix - ../packages/nginx/dirae.nix - ../packages/forgejo/dirae.nix - ../packages/synapse/package.nix - ../packages/akkoma/package.nix - ]; - - boot = { - loader = { - grub = { - enable = true; - device = "/dev/vda"; - }; - }; - - kernel = { - sysctl."net.ipv6.conf.eth0.disable_ipv6" = true; - }; - }; - - networking = { - hostName = "dirae"; - enableIPv6 = false; - hostId = "149e5b5c"; - interfaces = { - enp6s18.ipv4.addresses = [{ - address = "91.210.224.148"; - prefixLength = 24; - }]; - }; - nameservers = [ "1.1.1.1" "8.8.8.8" ]; - defaultGateway = "91.210.224.1"; - firewall = { - enable = true; - }; - }; - - time.timeZone = "Europe/Berlin"; - - # To not mess up SSH sessions from weird terminals - environment.sessionVariables = { - TERM = "xterm"; - }; -} - diff --git a/systems/hardware/dirae.nix b/systems/hardware/dirae.nix deleted file mode 100644 index 241b90c..0000000 --- a/systems/hardware/dirae.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ lib, modulesPath, ... }: - -{ - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "uhci_hcd" "ahci" "virtio_pci" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.kernelParams = [ "nohibernate" ]; - boot.extraModulePackages = [ ]; - boot.zfs.devNodes = "/dev/disk/by-path"; - - # Will enable this later when everything is stable -# boot.initrd.postDeviceCommands = lib.mkAfter '' -# zfs rollback -r local/root@blank -# ''; - - fileSystems."/" = { - device = "local/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/B33B-0EBE"; - fsType = "vfat"; - }; - - fileSystems."/nix" = { - device = "local/nix"; - fsType = "zfs"; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/a2a0b9a3-52c9-4eb6-b03b-bcbbae0547a3"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/systems/hardware/homeserver.nix b/systems/hardware/homeserver.nix deleted file mode 100644 index 6083dac..0000000 --- a/systems/hardware/homeserver.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, modulesPath, ... }: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "ums_realtek" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - boot.initrd.postDeviceCommands = lib.mkAfter '' - zfs rollback -r local/root@blank - ''; - - fileSystems."/" = { - device = "local/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/5C0E-1600"; - fsType = "vfat"; - }; - - fileSystems."/nix" = { - device = "local/nix"; - fsType = "zfs"; - }; - - fileSystems."/mnt/mass" = { - device = "/dev/disk/by-uuid/f04baac4-40a9-4115-b09d-83b252ee69ad"; - fsType = "xfs"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/systems/hardware/qemu-vm.nix b/systems/hardware/qemu-vm.nix deleted file mode 100644 index a1ec463..0000000 --- a/systems/hardware/qemu-vm.nix +++ /dev/null @@ -1,45 +0,0 @@ -{lib, modulesPath, ... }: - -{ - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - - boot.initrd.postDeviceCommands = lib.mkAfter '' - zfs rollback -r local/root@blank - ''; - - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - boot.zfs.devNodes = "/dev/disk/by-path"; - - fileSystems."/" = { - device = "local/root"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/1FD8-C4B8"; - fsType = "vfat"; - }; - - fileSystems."/nix" = { - device = "local/nix"; - fsType = "zfs"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/systems/homeserver.nix b/systems/homeserver.nix deleted file mode 100644 index 527c553..0000000 --- a/systems/homeserver.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ ... }: - -{ - imports = [ - ./common.nix - ./hardware/homeserver.nix - ./persist/common.nix - ../sets/meta/sysadmin.nix - ../packages/vim/package.nix - ../packages/nginx/homeserver.nix - ../packages/syncthing/homeserver.nix - ../packages/wireguard/package.nix - ../packages/deluge/homeserver.nix - ]; - - boot = { - loader = { - efi = { - canTouchEfiVariables = true; - }; - grub = { - enable = true; - efiSupport = true; - device = "nodev"; - }; - }; - - kernel = { - sysctl."net.ipv6.conf.eth0.disable_ipv6" = true; - }; - }; - - networking = { - hostName = "homeserver"; - enableIPv6 = false; - hostId = "95f846dc"; - interfaces = { - eno1.ipv4.addresses = [{ - address = "192.168.2.69"; - prefixLength = 24; - }]; - }; - nameservers = [ "1.1.1.1" "8.8.8.8" ]; - defaultGateway = "192.168.2.1"; - firewall = { - enable = true; - allowedTCPPorts = [ 22 ]; - }; - }; - - time.timeZone = "Europe/Berlin"; - - console.keyMap = "uk"; - - # To not mess up SSH sessions from weird terminals - environment.sessionVariables = { - TERM = "xterm"; - }; -} diff --git a/systems/persist/common.nix b/systems/persist/common.nix deleted file mode 100644 index 25700c4..0000000 --- a/systems/persist/common.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ impermanence, ... }: - -{ - imports = [ - impermanence.nixosModules.impermanence - ]; - - environment.persistence."/nix/persist" = { - directories = [ - "/etc/ssh" - "/var/lib" - ]; - - files = [ - "/etc/machine-id" - ]; - }; -} diff --git a/systems/persist/dirae.nix b/systems/persist/dirae.nix deleted file mode 100644 index 87316ea..0000000 --- a/systems/persist/dirae.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ impermanence, ... }: - -{ - imports = [ - impermanence.nixosModules.impermanence - ]; - - environment.persistence."/nix/persist" = { - hideMounts = true; - directories = [ - "/var/spool" - { directory = "/var/dkim"; user = "opendkim"; - group = "opendkim"; mode = "u=rwx,g=rx,o=rx"; } - { directory = "/var/sieve"; user = "virtualMail"; - group = "virtualMail"; mode = "u=rwx,g=rwx,o="; } - { directory = "/var/vmail"; user = "virtualMail"; - group = "virtualMail"; mode = "u=rwx,g=rws,o="; } - "/etc/dovecot" - "/etc/pki" - "/etc/ssh" - { directory = "/var/lib/acme"; user = "acme"; - group = "acme"; mode = "u=rwx,g=rx,o=rx"; } - { directory = "/var/lib/opendkim"; user = "opendkim"; - group = "opendkim"; mode = "u=rwx,g=,o="; } - "/var/lib/postfix" - "/var/log" - ]; - - files = [ - "/etc/machine-id" - ]; - }; -} diff --git a/systems/qemu-vm.nix b/systems/qemu-vm.nix deleted file mode 100644 index ffb8a4b..0000000 --- a/systems/qemu-vm.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ ... }: - -{ - imports = [ - ./hardware/qemu-vm.nix - ../sets/meta/sysadmin.nix - ../packages/vim/package.nix - ./common.nix - ./persist/common.nix - ]; - - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/vda"; - - networking.hostId = "e78229f8"; - - time.timeZone = "Europe/Berlin"; -} diff --git a/users/hu.nix b/users/hu.nix new file mode 100644 index 0000000..505fc26 --- /dev/null +++ b/users/hu.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: + +{ + programs.zsh.enable = true; + environment.variables = { + ZDOTDIR = "${config.users.users.hu.home}/.config/zsh"; + }; + + users.users.hu = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + shell = pkgs.zsh; + hashedPasswordFile = "/nix/config/secrets/hu/pass"; + }; + + # Todo: home-manager configuration +} diff --git a/users/media.nix b/users/media.nix deleted file mode 100644 index 96c0a5b..0000000 --- a/users/media.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: - -{ - users.users.media = { - isNormalUser = true; - description = "media"; - }; -} diff --git a/users/none.nix b/users/none.nix deleted file mode 100644 index a1677ed..0000000 --- a/users/none.nix +++ /dev/null @@ -1 +0,0 @@ -{ } diff --git a/users/user.nix b/users/user.nix deleted file mode 100644 index 3b1137e..0000000 --- a/users/user.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: - -{ - users.users.user = { - isNormalUser = true; - passwordFile = "/nix/config/pw"; # mkpasswd in config dir - description = "user"; - extraGroups = [ - "wheel" - "audio" - "video" - "docker" - "podman" - "networkmanager" - "kvm" - "libvirt" - "plugdev" - ]; - }; -} diff --git a/wm/xmonad.nix b/wm/xmonad.nix new file mode 100644 index 0000000..a37d27e --- /dev/null +++ b/wm/xmonad.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + xmobar + flameshot + rofi + feh + kitty + pavucontrol + picom + ]; + + services.xserver = { + enable = true; + xkb = { + layout = "de"; + options = "eurosign:e"; + }; + + windowManager.xmonad = { + enable = true; + enableContribAndExtras = true; + }; + }; + + # Todo: Get gnome-keyring working properly + services.gnome.gnome-keyring.enable = true; +}