diff --git a/common/base.nix b/common/base.nix index 6b5d78c..e5c3e74 100644 --- a/common/base.nix +++ b/common/base.nix @@ -71,36 +71,10 @@ "android-studio-stable" - # TODO - # "cuda-merged" - # "cuda_cuobjdump" - # "cuda_gdb" - # "cuda_nvcc" - # "cuda_nvdisasm" - # "cuda_nvprune" - # "cuda_cccl" - # "cuda_cudart" - # "cuda_cupti" - # "cuda_cuxxfilt" - # "cuda_nvml_dev" - # "cuda_nvrtc" - # "cuda_nvtx" - # "cuda_profiler_api" - # "cuda_sanitizer_api" - # "libcublas" - # "libcufft" - # "libcurand" - # "libcusolver" - # "libnvjitlink" - # "libcusparse" - # "libnpp" - "cnijfilter2" ]; }; - # boot.kernelPackages = pkgs.linuxPackages_6_6; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. programs.mtr.enable = true; diff --git a/common/components/de/greetd.nix b/common/components/de/greetd.nix new file mode 100644 index 0000000..8f813cf --- /dev/null +++ b/common/components/de/greetd.nix @@ -0,0 +1,11 @@ +{pkgs, ...}: { + services.greetd = { + enable = true; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway -r"; + user = "greeter"; + }; + }; + }; +} diff --git a/common/components/de/sway.nix b/common/components/de/sway.nix new file mode 100644 index 0000000..f7870ca --- /dev/null +++ b/common/components/de/sway.nix @@ -0,0 +1,23 @@ +{pkgs, ...}: { + # Enable the gnome-keyring secrets vault. + # Will be exposed through DBus to programs willing to store secrets. + services.gnome.gnome-keyring.enable = true; + + # enable sway window manager + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + }; + + environment.systemPackages = with pkgs; [ + grim # screenshot functionality + slurp # screenshot functionality + wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout + mako # notification system developed by swaywm maintainer + + sway-launcher-desktop + foot + waybar + wayshot + ]; +} diff --git a/common/components/fonts.nix b/common/components/fonts.nix new file mode 100644 index 0000000..abf0518 --- /dev/null +++ b/common/components/fonts.nix @@ -0,0 +1,5 @@ +{pkgs, ...}: { + fonts.packages = with pkgs; [ + (nerdfonts.override {fonts = ["JetBrainsMono"];}) + ]; +} \ No newline at end of file diff --git a/common/components/lanzaboote.nix b/common/components/lanzaboote.nix new file mode 100644 index 0000000..da9178b --- /dev/null +++ b/common/components/lanzaboote.nix @@ -0,0 +1,20 @@ +{pkgs, lib, inputs, ...}: { + imports = [ + inputs.lanzaboote.nixosModules.lanzaboote + ]; + + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + boot.loader.systemd-boot.enable = lib.mkForce false; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + }; + + environment.systemPackages = with pkgs; [ + sbctl + ]; +} diff --git a/common/components/packages-base.nix b/common/components/packages-base.nix index edb0875..eda2310 100644 --- a/common/components/packages-base.nix +++ b/common/components/packages-base.nix @@ -1,12 +1,14 @@ { pkgs, lib, + inputs, ... }: { # Packages installd on every machine environment.systemPackages = with pkgs; [ wget dig + vim nmap btop gitFull @@ -22,5 +24,8 @@ bat dust nix-output-monitor + nix-index + + inputs.agenix.packages.x86_64-linux.default ]; } diff --git a/common/components/packages-full.nix b/common/components/packages-full.nix index 71f450c..3853347 100644 --- a/common/components/packages-full.nix +++ b/common/components/packages-full.nix @@ -17,6 +17,7 @@ ripgrep jq yq + neofetch fastfetch cpufetch tldr diff --git a/common/components/security.nix b/common/components/security.nix index 31cdf4e..1f6907c 100644 --- a/common/components/security.nix +++ b/common/components/security.nix @@ -8,6 +8,4 @@ execWheelOnly = true; extraConfig = "Defaults insults"; }; - - # services.fail2ban.enable = true; } diff --git a/common/full-install.nix b/common/full-install.nix index 0e5bf4d..46c3ce3 100644 --- a/common/full-install.nix +++ b/common/full-install.nix @@ -2,6 +2,7 @@ imports = [ ./components/sound.nix ./components/printing.nix + ./components/fonts.nix ./components/packages-full.nix ]; } diff --git a/hosts/cave/configuration.nix b/hosts/cave/configuration.nix index c04e555..63845df 100644 --- a/hosts/cave/configuration.nix +++ b/hosts/cave/configuration.nix @@ -18,18 +18,16 @@ in { ../../common/locales/fr-keymap.nix # Hardware - #../../common/hardware/intel-cpu.nix # ../../common/hardware/tpm2.nix ../../common/hardware/wireless.nix - # ../../common/hardware/nvidia-gpu.nix - #../../common/hardware/nvidia-gpu-offload.nix ../../common/hardware/ssd.nix ../../common/hardware/btrfs.nix + ../../common/components/lanzaboote.nix # Software components - # ../../common/components/de/sddm.nix + ../../common/components/de/greetd.nix + ../../common/components/de/sway.nix ../../common/components/de/plasma6.nix - # ../../common/components/de/hyprland.nix # Programs ../../common/programs/steam.nix @@ -53,8 +51,7 @@ in { # Personal modules # ../../modules/nixos/tildefriends.nix ./yubikey.nix - - inputs.lanzaboote.nixosModules.lanzaboote + ./rtl-sdr.nix ]; networking = { @@ -63,10 +60,10 @@ in { firewall = { allowedTCPPorts = [ # 8080 # ? - 80 - 443 - 3001 - 8000 + # 80 + # 443 + # 3001 + # 8000 # 8008 # ssb # 12345 # tildefriends # 13378 # audiobookshelf @@ -90,9 +87,6 @@ in { configDir = lib.mkForce "/home/tasia/Sync/configuration"; }; - # Needed to build enry - #boot.binfmt.emulatedSystems = ["aarch64-linux"]; - environment.systemPackages = with pkgs; [ inputs.tildefriends.packages.${system}.default @@ -108,7 +102,7 @@ in { viu logseq nix-tree - android-studio + # android-studio lutris # nheko @@ -119,183 +113,15 @@ in { chirp yubikey-manager - inputs.agenix.packages.x86_64-linux.default - - sdrpp - gqrx - rtl-sdr - grim # screenshot functionality - slurp # screenshot functionality - wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout - mako # notification system developed by swaywm maintainer - - sbctl - - sway-launcher-desktop - foot - waybar - wayshot + signal-desktop ]; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - - services.greetd = { - enable = true; - settings = { - default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway -r"; - user = "greeter"; - }; - }; - }; - - # Enable the gnome-keyring secrets vault. - # Will be exposed through DBus to programs willing to store secrets. - services.gnome.gnome-keyring.enable = true; - - # enable sway window manager - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; - }; - - # services.radicle.enable = true; - # services.radicle.privateKeyFile = /home/tasia/.radicle/keys/radicle; - # services.radicle.publicKey = /home/tasia/.radicle/keys/radicle.pub; - # services.radicle.settings = { - # web.pinned.repositories = [ - # "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" # heartwood - # "rad:z3trNYnLWS11cJWC6BbxDs5niGo82" # rips - # ]; - # }; - - hardware.rtl-sdr.enable = true; - users.users.tasia.extraGroups = ["plugdev"]; - - boot.kernelParams = ["modprobe.blacklist=dvb_usb_rtl28xxu"]; # blacklist this module - - services.udev.packages = [pkgs.rtl-sdr]; - - fonts.packages = with pkgs; [ - (nerdfonts.override {fonts = ["CascadiaCode" "JetBrainsMono"];}) - ]; - - # programs.adb.enable = true; - - # services.nginx.enable = true; - # services.nginx.virtualHosts."test.vulpecula.zone" = { - # # addSSL = true; - # # enableACME = true; - # root = "/www"; - # }; - # security.acme = { - # acceptTerms = true; - # defaults.email = "tasiaiso@proton.me"; - # }; + nixpkgs.config.permittedInsecurePackages = [ + "electron-27.3.11" + ]; services.printing.drivers = [pkgs.cnijfilter2]; - # services.uptime-kuma.enable = true; - nixpkgs.config.permittedInsecurePackages = [ - "olm-3.2.16" - "electron-27.3.11" - ]; - - # services.mattermost = { - # enable = true; - # siteUrl = "https://mattermost.example.com"; # Set this to the URL you will be hosting the site on. - # }; - - # todo: ci runner - - # services.ollama = { - # enable = true; - # # acceleration = "cuda"; - # }; - - # services.gotosocial = { - # enable = true; - # setupPostgresqlDB = true; - # settings = { - # application-name = "My GoToSocial"; - # host = "gotosocial.example.com"; - # protocol = "http"; - # bind-address = "127.0.0.1"; - # port = 8080; - # }; - # }; - - # environment.etc."nextcloud-admin-pass".text = "Devdevdev10!"; - # services.nextcloud = { - # enable = true; - # package = pkgs.nextcloud29; - # hostName = "localhost"; - # config.adminpassFile = "/etc/nextcloud-admin-pass"; - # }; - - # services.rustdesk-server = { - # enable = true; - # openFirewall = true; - # relayIP = "100.91.88.2"; - # }; - - # users.users.lol = { - # isNormalUser = true; - # description = "lol"; - # extraGroups = [ - # "networkmanager" - # # "wheel" - # # "syncthing" - # # "tss" - # # "dialout" - # # "vboxusers" - # # "adbusers" - # ]; - # initialPassword = "password123"; - # }; - - # netwobking - # ipvx dns-search = ""; - # wifi mac-address-blacklist = ""; - # wifisec auth-alg = "open"; - - # services.thymis-controller = { - # enable = true; - # system-binfmt-aarch64-enable = true; # enables emulation of aarch64 binaries, default is true on x86_64, needed for building aarch64 images on x86_64 - # system-binfmt-x86_64-enable = false; # enables emulation of x86_64 binaries, default is false - # repo-path = "/var/lib/thymis/repository"; # directory where the controller will store the repository holding the project - # database-url = "sqlite:////var/lib/thymis/thymis.sqlite"; # URL of the database - # base-url = "https://cave/"; # base URL of the controller, how it will be accessed from the outside - # auth-basic = true; # whether to enable authentication using a basic username/password - # auth-basic-username = "admin"; # username for basic authentication - # auth-basic-password-file = "/var/lib/thymis/auth-basic-password"; # file containing the password for basic authentication - # # content will be automatically generated if it does not exist - # listen-host = "127.0.0.1"; # host on which the controller listens for incoming connections - # listen-port = 33100; # port on which the controller listens for incoming connections - # nginx-vhost-enable = false; # whether to enable the Nginx virtual host - # nginx-vhost-name = "thymis"; # name of the Nginx virtual host - # }; - # # Configure the Nginx virtual host - # services.nginx = { - # enable = true; - # virtualHosts."thymis" = { - # serverName = "cave"; - # enableACME = true; - # forceSSL = true; - # }; - # }; - # security.acme.defaults.email = "tasiaiso@proton.me"; - - security.acme.acceptTerms = true; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion system.stateVersion = "23.11"; } diff --git a/hosts/cave/fuckery.nix b/hosts/cave/fuckery.nix new file mode 100644 index 0000000..aef672b --- /dev/null +++ b/hosts/cave/fuckery.nix @@ -0,0 +1,120 @@ +{pkgs, ...}: { + + # services.mattermost = { + # enable = true; + # siteUrl = "https://mattermost.example.com"; # Set this to the URL you will be hosting the site on. + # }; + + # todo: ci runner + + # services.ollama = { + # enable = true; + # # acceleration = "cuda"; + # }; + + # services.gotosocial = { + # enable = true; + # setupPostgresqlDB = true; + # settings = { + # application-name = "My GoToSocial"; + # host = "gotosocial.example.com"; + # protocol = "http"; + # bind-address = "127.0.0.1"; + # port = 8080; + # }; + # }; + + # environment.etc."nextcloud-admin-pass".text = "Devdevdev10!"; + # services.nextcloud = { + # enable = true; + # package = pkgs.nextcloud29; + # hostName = "localhost"; + # config.adminpassFile = "/etc/nextcloud-admin-pass"; + # }; + + # services.rustdesk-server = { + # enable = true; + # openFirewall = true; + # relayIP = "100.91.88.2"; + # }; + + # users.users.lol = { + # isNormalUser = true; + # description = "lol"; + # extraGroups = [ + # "networkmanager" + # # "wheel" + # # "syncthing" + # # "tss" + # # "dialout" + # # "vboxusers" + # # "adbusers" + # ]; + # initialPassword = "password123"; + # }; + + # netwobking + # ipvx dns-search = ""; + # wifi mac-address-blacklist = ""; + # wifisec auth-alg = "open"; + + # services.thymis-controller = { + # enable = true; + # system-binfmt-aarch64-enable = true; # enables emulation of aarch64 binaries, default is true on x86_64, needed for building aarch64 images on x86_64 + # system-binfmt-x86_64-enable = false; # enables emulation of x86_64 binaries, default is false + # repo-path = "/var/lib/thymis/repository"; # directory where the controller will store the repository holding the project + # database-url = "sqlite:////var/lib/thymis/thymis.sqlite"; # URL of the database + # base-url = "https://cave/"; # base URL of the controller, how it will be accessed from the outside + # auth-basic = true; # whether to enable authentication using a basic username/password + # auth-basic-username = "admin"; # username for basic authentication + # auth-basic-password-file = "/var/lib/thymis/auth-basic-password"; # file containing the password for basic authentication + # # content will be automatically generated if it does not exist + # listen-host = "127.0.0.1"; # host on which the controller listens for incoming connections + # listen-port = 33100; # port on which the controller listens for incoming connections + # nginx-vhost-enable = false; # whether to enable the Nginx virtual host + # nginx-vhost-name = "thymis"; # name of the Nginx virtual host + # }; + # # Configure the Nginx virtual host + # services.nginx = { + # enable = true; + # virtualHosts."thymis" = { + # serverName = "cave"; + # enableACME = true; + # forceSSL = true; + # }; + # }; + # security.acme.defaults.email = "tasiaiso@proton.me"; + + + # services.nginx.enable = true; + # services.nginx.virtualHosts."test.vulpecula.zone" = { + # # addSSL = true; + # # enableACME = true; + # root = "/www"; + # }; + # security.acme = { + # acceptTerms = true; + # defaults.email = "tasiaiso@proton.me"; + # }; + + + security.acme.acceptTerms = true; + # services.uptime-kuma.enable = true; + + # programs.adb.enable = true; + + + # Needed to build enry + #boot.binfmt.emulatedSystems = ["aarch64-linux"]; + + +# services.radicle.enable = true; + # services.radicle.privateKeyFile = /home/tasia/.radicle/keys/radicle; + # services.radicle.publicKey = /home/tasia/.radicle/keys/radicle.pub; + # services.radicle.settings = { + # web.pinned.repositories = [ + # "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" # heartwood + # "rad:z3trNYnLWS11cJWC6BbxDs5niGo82" # rips + # ]; + # }; +} \ No newline at end of file diff --git a/hosts/cave/rtl-sdr.nix b/hosts/cave/rtl-sdr.nix new file mode 100644 index 0000000..a037c5a --- /dev/null +++ b/hosts/cave/rtl-sdr.nix @@ -0,0 +1,15 @@ +{pkgs, ...}: { + hardware.rtl-sdr.enable = true; + users.users.tasia.extraGroups = ["plugdev"]; + + boot.kernelParams = ["modprobe.blacklist=dvb_usb_rtl28xxu"]; # blacklist this module + + services.udev.packages = [pkgs.rtl-sdr]; + +environment.systemPackages = with pkgs; [ + sdrpp + gqrx + rtl-sdr + +]; +} \ No newline at end of file