lots of stuff, and not a whole lot at the same time

2025-01-28 21:46:25 +01:00 · 2025-01-28 21:46:25 +01:00 · a146468407
parent dccd2d7078
commit a146468407
12 changed files with 214 additions and 215 deletions
--- a/common/base.nix
+++ b/common/base.nix
@ -71,36 +71,10 @@

        "android-studio-stable"

-        # TODO
-        # "cuda-merged"
-        # "cuda_cuobjdump"
-        # "cuda_gdb"
-        # "cuda_nvcc"
-        # "cuda_nvdisasm"
-        # "cuda_nvprune"
-        # "cuda_cccl"
-        # "cuda_cudart"
-        # "cuda_cupti"
-        # "cuda_cuxxfilt"
-        # "cuda_nvml_dev"
-        # "cuda_nvrtc"
-        # "cuda_nvtx"
-        # "cuda_profiler_api"
-        # "cuda_sanitizer_api"
-        # "libcublas"
-        # "libcufft"
-        # "libcurand"
-        # "libcusolver"
-        # "libnvjitlink"
-        # "libcusparse"
-        # "libnpp"
-
        "cnijfilter2"
      ];
  };

-  # boot.kernelPackages = pkgs.linuxPackages_6_6;
-
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  programs.mtr.enable = true;
--- a/common/components/de/greetd.nix
+++ b/common/components/de/greetd.nix
@ -0,0 +1,11 @@
+{pkgs, ...}: {
+  services.greetd = {
+    enable = true;
+    settings = {
+      default_session = {
+        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway -r";
+        user = "greeter";
+      };
+    };
+  };
+}
--- a/common/components/de/sway.nix
+++ b/common/components/de/sway.nix
@ -0,0 +1,23 @@
+{pkgs, ...}: {
+  # Enable the gnome-keyring secrets vault.
+  # Will be exposed through DBus to programs willing to store secrets.
+  services.gnome.gnome-keyring.enable = true;
+
+  # enable sway window manager
+  programs.sway = {
+    enable = true;
+    wrapperFeatures.gtk = true;
+  };
+
+  environment.systemPackages = with pkgs; [
+    grim # screenshot functionality
+    slurp # screenshot functionality
+    wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
+    mako # notification system developed by swaywm maintainer
+
+    sway-launcher-desktop
+    foot
+    waybar
+    wayshot
+  ];
+}
--- a/common/components/fonts.nix
+++ b/common/components/fonts.nix
@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  fonts.packages = with pkgs; [
+    (nerdfonts.override {fonts = ["JetBrainsMono"];})
+  ];
+}
--- a/common/components/lanzaboote.nix
+++ b/common/components/lanzaboote.nix
@ -0,0 +1,20 @@
+{pkgs, lib, inputs, ...}: {
+  imports = [
+    inputs.lanzaboote.nixosModules.lanzaboote
+  ];
+
+  # Lanzaboote currently replaces the systemd-boot module.
+  # This setting is usually set to true in configuration.nix
+  # generated at installation time. So we force it to false
+  # for now.
+  boot.loader.systemd-boot.enable = lib.mkForce false;
+
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/etc/secureboot";
+  };
+
+  environment.systemPackages = with pkgs; [
+    sbctl
+  ];
+}
--- a/common/components/packages-base.nix
+++ b/common/components/packages-base.nix
@ -1,12 +1,14 @@
 {
  pkgs,
  lib,
+  inputs,
  ...
 }: {
  # Packages installd on every machine
  environment.systemPackages = with pkgs; [
    wget
    dig
+    vim
    nmap
    btop
    gitFull
@ -22,5 +24,8 @@
    bat
    dust
    nix-output-monitor
+    nix-index
+
+    inputs.agenix.packages.x86_64-linux.default
  ];
 }
--- a/common/components/packages-full.nix
+++ b/common/components/packages-full.nix
@ -17,6 +17,7 @@
    ripgrep
    jq
    yq
+    neofetch
    fastfetch
    cpufetch
    tldr
--- a/common/components/security.nix
+++ b/common/components/security.nix
@ -8,6 +8,4 @@
    execWheelOnly = true;
    extraConfig = "Defaults insults";
  };
-
-  # services.fail2ban.enable = true;
 }
--- a/common/full-install.nix
+++ b/common/full-install.nix
@ -2,6 +2,7 @@
  imports = [
    ./components/sound.nix
    ./components/printing.nix
+    ./components/fonts.nix
    ./components/packages-full.nix
  ];
 }
--- a/hosts/cave/configuration.nix
+++ b/hosts/cave/configuration.nix
@ -18,18 +18,16 @@ in {
    ../../common/locales/fr-keymap.nix

    # Hardware
-    #../../common/hardware/intel-cpu.nix
    # ../../common/hardware/tpm2.nix
    ../../common/hardware/wireless.nix
-    # ../../common/hardware/nvidia-gpu.nix
-    #../../common/hardware/nvidia-gpu-offload.nix
    ../../common/hardware/ssd.nix
    ../../common/hardware/btrfs.nix
+    ../../common/components/lanzaboote.nix

    # Software components
-    # ../../common/components/de/sddm.nix
+    ../../common/components/de/greetd.nix
+    ../../common/components/de/sway.nix
    ../../common/components/de/plasma6.nix
-    # ../../common/components/de/hyprland.nix

    # Programs
    ../../common/programs/steam.nix
@ -53,8 +51,7 @@ in {
    # Personal modules
    # ../../modules/nixos/tildefriends.nix
    ./yubikey.nix
-
-    inputs.lanzaboote.nixosModules.lanzaboote
+    ./rtl-sdr.nix
  ];

  networking = {
@ -63,10 +60,10 @@ in {
    firewall = {
      allowedTCPPorts = [
        # 8080 # ?
-        80
-        443
-        3001
-        8000
+        # 80
+        # 443
+        # 3001
+        # 8000
        # 8008 # ssb
        # 12345 # tildefriends
        # 13378 # audiobookshelf
@ -90,9 +87,6 @@ in {
    configDir = lib.mkForce "/home/tasia/Sync/configuration";
  };

-  # Needed to build enry
-  #boot.binfmt.emulatedSystems = ["aarch64-linux"];
-
  environment.systemPackages = with pkgs; [
    inputs.tildefriends.packages.${system}.default

@ -108,7 +102,7 @@ in {
    viu
    logseq
    nix-tree
-    android-studio
+    # android-studio
    lutris

    # nheko
@ -119,183 +113,15 @@ in {
    chirp
    yubikey-manager

-    inputs.agenix.packages.x86_64-linux.default
-
-    sdrpp
-    gqrx
-    rtl-sdr
-    grim # screenshot functionality
-    slurp # screenshot functionality
-    wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
-    mako # notification system developed by swaywm maintainer
-
-    sbctl
-
-    sway-launcher-desktop
-    foot
-    waybar
-    wayshot
+    signal-desktop
  ];

-  # Lanzaboote currently replaces the systemd-boot module.
-  # This setting is usually set to true in configuration.nix
-  # generated at installation time. So we force it to false
-  # for now.
-  boot.loader.systemd-boot.enable = lib.mkForce false;
-
-  boot.lanzaboote = {
-    enable = true;
-    pkiBundle = "/etc/secureboot";
-  };
-
-  services.greetd = {
-    enable = true;
-    settings = {
-      default_session = {
-        command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway -r";
-        user = "greeter";
-      };
-    };
-  };
-
-  # Enable the gnome-keyring secrets vault.
-  # Will be exposed through DBus to programs willing to store secrets.
-  services.gnome.gnome-keyring.enable = true;
-
-  # enable sway window manager
-  programs.sway = {
-    enable = true;
-    wrapperFeatures.gtk = true;
-  };
-
-  # services.radicle.enable = true;
-  # services.radicle.privateKeyFile = /home/tasia/.radicle/keys/radicle;
-  # services.radicle.publicKey = /home/tasia/.radicle/keys/radicle.pub;
-  # services.radicle.settings = {
-  #   web.pinned.repositories = [
-  #     "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" # heartwood
-  #     "rad:z3trNYnLWS11cJWC6BbxDs5niGo82" # rips
-  #   ];
-  # };
-
-  hardware.rtl-sdr.enable = true;
-  users.users.tasia.extraGroups = ["plugdev"];
-
-  boot.kernelParams = ["modprobe.blacklist=dvb_usb_rtl28xxu"]; # blacklist this module
-
-  services.udev.packages = [pkgs.rtl-sdr];
-
-  fonts.packages = with pkgs; [
-    (nerdfonts.override {fonts = ["CascadiaCode" "JetBrainsMono"];})
-  ];
-
-  # programs.adb.enable = true;
-
-  # services.nginx.enable = true;
-  # services.nginx.virtualHosts."test.vulpecula.zone" = {
-  #   # addSSL = true;
-  #   # enableACME = true;
-  #   root = "/www";
-  # };
-  # security.acme = {
-  #   acceptTerms = true;
-  #   defaults.email = "tasiaiso@proton.me";
-  # };
-
-  services.printing.drivers = [pkgs.cnijfilter2];
-
-  # services.uptime-kuma.enable = true;
  nixpkgs.config.permittedInsecurePackages = [
-    "olm-3.2.16"
                "electron-27.3.11"
              ];

-  # services.mattermost = {
-  #   enable = true;
-  #   siteUrl = "https://mattermost.example.com"; # Set this to the URL you will be hosting the site on.
-  # };
+  services.printing.drivers = [pkgs.cnijfilter2];

-  # todo: ci runner
-
-  # services.ollama = {
-  #   enable = true;
-  #   # acceleration = "cuda";
-  # };
-
-  # services.gotosocial = {
-  #   enable = true;
-  #   setupPostgresqlDB = true;
-  #   settings = {
-  #     application-name = "My GoToSocial";
-  #     host = "gotosocial.example.com";
-  #     protocol = "http";
-  #     bind-address = "127.0.0.1";
-  #     port = 8080;
-  #   };
-  # };
-
-  # environment.etc."nextcloud-admin-pass".text = "Devdevdev10!";
-  # services.nextcloud = {
-  #   enable = true;
-  #   package = pkgs.nextcloud29;
-  #   hostName = "localhost";
-  #   config.adminpassFile = "/etc/nextcloud-admin-pass";
-  # };
-
-  #  services.rustdesk-server = {
-  #    enable = true;
-  #    openFirewall = true;
-  # relayIP = "100.91.88.2";
-  # };
-
-  # users.users.lol = {
-  #   isNormalUser = true;
-  #   description = "lol";
-  #   extraGroups = [
-  #     "networkmanager"
-  #     # "wheel"
-  #     # "syncthing"
-  #     # "tss"
-  #     # "dialout"
-  #     # "vboxusers"
-  #     # "adbusers"
-  #   ];
-  #   initialPassword = "password123";
-  # };
-
-  # netwobking
-  # ipvx dns-search = "";
-  # wifi mac-address-blacklist = "";
-  # wifisec auth-alg = "open";
-
-  # services.thymis-controller = {
-  #   enable = true;
-  #   system-binfmt-aarch64-enable = true; # enables emulation of aarch64 binaries, default is true on x86_64, needed for building aarch64 images on x86_64
-  #   system-binfmt-x86_64-enable = false; # enables emulation of x86_64 binaries, default is false
-  #   repo-path = "/var/lib/thymis/repository"; # directory where the controller will store the repository holding the project
-  #   database-url = "sqlite:////var/lib/thymis/thymis.sqlite"; # URL of the database
-  #   base-url = "https://cave/"; # base URL of the controller, how it will be accessed from the outside
-  #   auth-basic = true; # whether to enable authentication using a basic username/password
-  #   auth-basic-username = "admin"; # username for basic authentication
-  #   auth-basic-password-file = "/var/lib/thymis/auth-basic-password"; # file containing the password for basic authentication
-  #   # content will be automatically generated if it does not exist
-  #   listen-host = "127.0.0.1"; # host on which the controller listens for incoming connections
-  #   listen-port = 33100; # port on which the controller listens for incoming connections
-  #   nginx-vhost-enable = false; # whether to enable the Nginx virtual host
-  #   nginx-vhost-name = "thymis"; # name of the Nginx virtual host
-  # };
-  # # Configure the Nginx virtual host
-  # services.nginx = {
-  #   enable = true;
-  #   virtualHosts."thymis" = {
-  #     serverName = "cave";
-  #     enableACME = true;
-  #     forceSSL = true;
-  #   };
-  # };
-  # security.acme.defaults.email = "tasiaiso@proton.me";
-
-  security.acme.acceptTerms = true;
  # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
  system.stateVersion = "23.11";
 }
--- a/hosts/cave/fuckery.nix
+++ b/hosts/cave/fuckery.nix
@ -0,0 +1,120 @@
+{pkgs, ...}: {
+
+  # services.mattermost = {
+  #   enable = true;
+  #   siteUrl = "https://mattermost.example.com"; # Set this to the URL you will be hosting the site on.
+  # };
+
+  # todo: ci runner
+
+  # services.ollama = {
+  #   enable = true;
+  #   # acceleration = "cuda";
+  # };
+
+  # services.gotosocial = {
+  #   enable = true;
+  #   setupPostgresqlDB = true;
+  #   settings = {
+  #     application-name = "My GoToSocial";
+  #     host = "gotosocial.example.com";
+  #     protocol = "http";
+  #     bind-address = "127.0.0.1";
+  #     port = 8080;
+  #   };
+  # };
+
+  # environment.etc."nextcloud-admin-pass".text = "Devdevdev10!";
+  # services.nextcloud = {
+  #   enable = true;
+  #   package = pkgs.nextcloud29;
+  #   hostName = "localhost";
+  #   config.adminpassFile = "/etc/nextcloud-admin-pass";
+  # };
+
+  #  services.rustdesk-server = {
+  #    enable = true;
+  #    openFirewall = true;
+  # relayIP = "100.91.88.2";
+  # };
+
+  # users.users.lol = {
+  #   isNormalUser = true;
+  #   description = "lol";
+  #   extraGroups = [
+  #     "networkmanager"
+  #     # "wheel"
+  #     # "syncthing"
+  #     # "tss"
+  #     # "dialout"
+  #     # "vboxusers"
+  #     # "adbusers"
+  #   ];
+  #   initialPassword = "password123";
+  # };
+
+  # netwobking
+  # ipvx dns-search = "";
+  # wifi mac-address-blacklist = "";
+  # wifisec auth-alg = "open";
+
+  # services.thymis-controller = {
+  #   enable = true;
+  #   system-binfmt-aarch64-enable = true; # enables emulation of aarch64 binaries, default is true on x86_64, needed for building aarch64 images on x86_64
+  #   system-binfmt-x86_64-enable = false; # enables emulation of x86_64 binaries, default is false
+  #   repo-path = "/var/lib/thymis/repository"; # directory where the controller will store the repository holding the project
+  #   database-url = "sqlite:////var/lib/thymis/thymis.sqlite"; # URL of the database
+  #   base-url = "https://cave/"; # base URL of the controller, how it will be accessed from the outside
+  #   auth-basic = true; # whether to enable authentication using a basic username/password
+  #   auth-basic-username = "admin"; # username for basic authentication
+  #   auth-basic-password-file = "/var/lib/thymis/auth-basic-password"; # file containing the password for basic authentication
+  #   # content will be automatically generated if it does not exist
+  #   listen-host = "127.0.0.1"; # host on which the controller listens for incoming connections
+  #   listen-port = 33100; # port on which the controller listens for incoming connections
+  #   nginx-vhost-enable = false; # whether to enable the Nginx virtual host
+  #   nginx-vhost-name = "thymis"; # name of the Nginx virtual host
+  # };
+  # # Configure the Nginx virtual host
+  # services.nginx = {
+  #   enable = true;
+  #   virtualHosts."thymis" = {
+  #     serverName = "cave";
+  #     enableACME = true;
+  #     forceSSL = true;
+  #   };
+  # };
+  # security.acme.defaults.email = "tasiaiso@proton.me";
+
+
+  # services.nginx.enable = true;
+  # services.nginx.virtualHosts."test.vulpecula.zone" = {
+  #   # addSSL = true;
+  #   # enableACME = true;
+  #   root = "/www";
+  # };
+  # security.acme = {
+  #   acceptTerms = true;
+  #   defaults.email = "tasiaiso@proton.me";
+  # };
+
+
+  security.acme.acceptTerms = true;
+  # services.uptime-kuma.enable = true;
+
+  # programs.adb.enable = true;
+
+
+  # Needed to build enry
+  #boot.binfmt.emulatedSystems = ["aarch64-linux"];
+
+
+# services.radicle.enable = true;
+  # services.radicle.privateKeyFile = /home/tasia/.radicle/keys/radicle;
+  # services.radicle.publicKey = /home/tasia/.radicle/keys/radicle.pub;
+  # services.radicle.settings = {
+  #   web.pinned.repositories = [
+  #     "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" # heartwood
+  #     "rad:z3trNYnLWS11cJWC6BbxDs5niGo82" # rips
+  #   ];
+  # };
+}
--- a/hosts/cave/rtl-sdr.nix
+++ b/hosts/cave/rtl-sdr.nix
@ -0,0 +1,15 @@
+{pkgs, ...}: {
+  hardware.rtl-sdr.enable = true;
+  users.users.tasia.extraGroups = ["plugdev"];
+
+  boot.kernelParams = ["modprobe.blacklist=dvb_usb_rtl28xxu"]; # blacklist this module
+
+  services.udev.packages = [pkgs.rtl-sdr];
+
+environment.systemPackages = with pkgs; [
+  sdrpp
+    gqrx
+    rtl-sdr
+
+];
+}