commit bc5a559f64d64fae91e89742787f896ca21cb6ee · scrumplex.net/flake

+16

flake.lock

··· 357 "url": "https://codeberg.org/Scrumplex/honeylinks.git" 358 } 359 }, 360 "inhibridge": { 361 "inputs": { 362 "flake-parts": [ ··· 799 "git-hooks": "git-hooks", 800 "home-manager": "home-manager", 801 "honeylinks-website": "honeylinks-website", 802 "inhibridge": "inhibridge", 803 "jovian": "jovian", 804 "lanzaboote": "lanzaboote",

··· 357 "url": "https://codeberg.org/Scrumplex/honeylinks.git" 358 } 359 }, 360 + "import-tree": { 361 + "locked": { 362 + "lastModified": 1752730890, 363 + "narHash": "sha256-GES8fapSLGz36MMPRVNkSUWXUTtqvGQNXHjRmRLfJUY=", 364 + "owner": "vic", 365 + "repo": "import-tree", 366 + "rev": "6ebb8cb87987b20264c09296166543fd3761d274", 367 + "type": "github" 368 + }, 369 + "original": { 370 + "owner": "vic", 371 + "repo": "import-tree", 372 + "type": "github" 373 + } 374 + }, 375 "inhibridge": { 376 "inputs": { 377 "flake-parts": [ ··· 814 "git-hooks": "git-hooks", 815 "home-manager": "home-manager", 816 "honeylinks-website": "honeylinks-website", 817 + "import-tree": "import-tree", 818 "inhibridge": "inhibridge", 819 "jovian": "jovian", 820 "lanzaboote": "lanzaboote",

+3

flake.nix

··· 6 url = "github:hercules-ci/flake-parts"; 7 inputs.nixpkgs-lib.follows = "nixpkgs"; 8 }; 9 nixos-hardware.url = "github:NixOS/nixos-hardware"; 10 srvos = { 11 url = "github:nix-community/srvos"; ··· 155 ./parts/checks.nix 156 ./parts/dev.nix 157 ./parts/nixpkgs-dev.nix 158 ]; 159 160 systems = [

··· 6 url = "github:hercules-ci/flake-parts"; 7 inputs.nixpkgs-lib.follows = "nixpkgs"; 8 }; 9 + import-tree.url = "github:vic/import-tree"; 10 nixos-hardware.url = "github:NixOS/nixos-hardware"; 11 srvos = { 12 url = "github:nix-community/srvos"; ··· 156 ./parts/checks.nix 157 ./parts/dev.nix 158 ./parts/nixpkgs-dev.nix 159 + 160 + (inputs.import-tree ./nix) 161 ]; 162 163 systems = [

+6 -1

lib/default.nix

··· 1 - {inputs, ...}: { 2 _module.args.lib' = { 3 mkHost = { 4 hostName, ··· 14 15 specialArgs = { 16 inherit inputs; 17 }; 18 }; 19 };

··· 1 + { 2 + config, 3 + inputs, 4 + ... 5 + }: { 6 _module.args.lib' = { 7 mkHost = { 8 hostName, ··· 18 19 specialArgs = { 20 inherit inputs; 21 + fpConfig = config; 22 }; 23 }; 24 };

misc/lecture.txt nix/modules/0_base/sudo_lecture.txt

+10

nix/modules/0_base/man.nix

···

··· 1 + { 2 + flake.modules.nixos.base = {pkgs, ...}: { 3 + documentation.man = { 4 + enable = true; 5 + man-db.enable = true; 6 + }; 7 + 8 + environment.systemPackages = [pkgs.man-pages]; 9 + }; 10 + }

+41

nix/modules/0_base/nix.nix

···

··· 1 + {inputs, ...}: let 2 + channelPath = "/etc/nix/channels/nixpkgs"; 3 + in { 4 + flake.modules.nixos.base = {...}: { 5 + imports = [ 6 + inputs.nix-index-database.nixosModules.nix-index 7 + ]; 8 + 9 + programs.command-not-found.enable = false; 10 + programs.nix-index-database.comma.enable = true; 11 + 12 + nix = { 13 + daemonCPUSchedPolicy = "idle"; 14 + daemonIOSchedClass = "idle"; 15 + daemonIOSchedPriority = 6; 16 + settings = { 17 + auto-optimise-store = true; 18 + experimental-features = ["nix-command" "flakes" "no-url-literals"]; 19 + substituters = [ 20 + "https://cache.nixos.org" 21 + ]; 22 + trusted-public-keys = [ 23 + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 24 + ]; 25 + trusted-users = ["root"]; 26 + }; 27 + gc = { 28 + automatic = true; 29 + dates = "weekly"; 30 + options = "--delete-older-than 14d"; 31 + persistent = true; 32 + }; 33 + nixPath = [ 34 + "nixpkgs=${channelPath}" 35 + ]; 36 + registry.n.flake = inputs.nixpkgs; 37 + }; 38 + 39 + systemd.tmpfiles.settings."10-nixpkgs".${channelPath}."L+".argument = inputs.nixpkgs.outPath; 40 + }; 41 + }

+13

nix/modules/0_base/sshd.nix

···

··· 1 + { 2 + flake.modules.nixos.base = { 3 + services.openssh = { 4 + enable = true; 5 + settings.PasswordAuthentication = false; 6 + }; 7 + 8 + users.users.root.openssh.authorizedKeys.keys = [ 9 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJV9lYhi0kcwAAjPTMl6sycwCGkjrI0bvTIwpPuXkW2W scrumplex@andromeda" 10 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4jTPHOnfxvBOcVmExcU+j2u9Lsf1OoVG/ols2Met9/ scrumplex@dyson" 11 + ]; 12 + }; 13 + }

+31

nix/modules/0_base/sudo.nix

···

··· 1 + { 2 + flake.modules.nixos.base = { 3 + security.sudo = { 4 + extraRules = [ 5 + { 6 + groups = ["wheel"]; 7 + commands = [ 8 + { 9 + command = "/run/current-system/sw/bin/nixos-rebuild"; 10 + options = ["NOPASSWD"]; 11 + } 12 + { 13 + command = "/run/current-system/sw/bin/networkctl"; 14 + options = ["NOPASSWD"]; 15 + } 16 + { 17 + command = "/run/current-system/sw/bin/systemctl"; 18 + options = ["NOPASSWD"]; 19 + } 20 + ]; 21 + } 22 + ]; 23 + extraConfig = '' 24 + Defaults lecture = always 25 + Defaults lecture_file = ${./sudo_lecture.txt} 26 + Defaults pwfeedback 27 + Defaults passwd_timeout=0 28 + ''; 29 + }; 30 + }; 31 + }

+42

nix/modules/0_base/tools.nix

···

··· 1 + { 2 + flake.modules.nixos.base = {pkgs, ...}: { 3 + programs.mtr.enable = true; 4 + programs.bandwhich.enable = true; 5 + 6 + programs.bat.enable = true; 7 + 8 + environment.systemPackages = with pkgs; [ 9 + htop 10 + 11 + jq 12 + 13 + just 14 + 15 + dig 16 + lsof 17 + nload 18 + tree 19 + 20 + pciutils 21 + psmisc 22 + usbutils 23 + 24 + p7zip 25 + unzip 26 + zip 27 + 28 + vimv-rs 29 + ]; 30 + 31 + environment.etc."htoprc".text = '' 32 + .tree_view_always_by_pid=1 33 + delay=10 34 + fields=0 48 17 18 38 39 40 2 46 47 49 1 35 + left_meter_modes=1 1 1 36 + left_meters=LeftCPUs2 Memory Swap 37 + right_meter_modes=1 2 2 2 38 + right_meters=RightCPUs2 Tasks LoadAverage Uptime 39 + tree_view=1 40 + ''; 41 + }; 42 + }

+5

nix/modules/1_desktop/keyboard.nix

···

··· 1 + { 2 + flake.modules.nixos.desktop = {pkgs, ...}: { 3 + services.udev.packages = with pkgs; [meletrix-udev-rules]; 4 + }; 5 + }

+7

nix/modules/1_desktop/module.nix

···

··· 1 + {config, ...}: { 2 + flake.modules.nixos.desktop = { 3 + imports = [config.flake.modules.nixos.base]; 4 + 5 + home-manager.sharedModules = [config.flake.modules.homeManager.desktop]; 6 + }; 7 + }

+8

nix/modules/1_desktop/pipewire/compressor.nix

···

··· 1 + { 2 + flake.modules.homeManager.desktop = {pkgs, ...}: { 3 + services.pipewire.instances.compressor = { 4 + config = ./compressor.conf; 5 + extraPackages = [pkgs.calf]; 6 + }; 7 + }; 8 + }

+7

nix/modules/1_desktop/pipewire/desktop-source.nix

···

··· 1 + { 2 + flake.modules.homeManager.desktop = { 3 + services.pipewire.instances.desktop-source = { 4 + config = ./desktop-source.conf; 5 + }; 6 + }; 7 + }

+6

nix/modules/1_desktop/pipewire/rtkit.nix

···

··· 1 + {config, ...}: { 2 + flake.modules.nixos.desktop = { 3 + security.rtkit.enable = true; 4 + users.users.${config.flake.meta.username}.extraGroups = ["rtkit"]; 5 + }; 6 + }

+25

nix/modules/1_desktop/pipewire/schiit.nix

···

··· 1 + { 2 + flake.modules.nixos.desktop = {pkgs, ...}: { 3 + services.pipewire.wireplumber.configPackages = [ 4 + (pkgs.writeTextFile { 5 + name = "schiit-wireplumber-rules"; 6 + text = '' 7 + rule = { 8 + matches = { 9 + { 10 + { "node.name", "equals", "alsa_output.usb-Schiit_Audio_Schiit_Modi_3_-00.analog-stereo" }, 11 + }, 12 + }, 13 + apply_properties = { 14 + ["audio.format"] = "S32_LE", 15 + ["audio.rate"] = 96000, 16 + ["api.alsa.period-size"] = 128, 17 + }, 18 + } 19 + table.insert(alsa_monitor.rules,rule) 20 + ''; 21 + destination = "/share/wireplumber/main.lua.d/51-schiit.lua"; 22 + }) 23 + ]; 24 + }; 25 + }

+16

nix/modules/1_desktop/pipewire/service.nix

···

··· 1 + {inputs, ...}: { 2 + flake.modules.nixos.desktop = { 3 + services.pipewire = { 4 + enable = true; 5 + alsa.enable = true; 6 + alsa.support32Bit = true; 7 + pulse.enable = true; 8 + jack.enable = true; 9 + }; 10 + }; 11 + 12 + flake.modules.homeManager.desktop = { 13 + imports = [inputs.scrumpkgs.hmModules.pipewire]; 14 + services.pipewire.enable = true; 15 + }; 16 + }

+42

nix/modules/1_desktop/user.nix

···

··· 1 + { 2 + config, 3 + inputs, 4 + ... 5 + }: { 6 + flake.modules.nixos.desktop = { 7 + imports = [ 8 + inputs.home-manager.nixosModules.home-manager 9 + ]; 10 + 11 + users.users.${config.flake.meta.username} = { 12 + isNormalUser = true; 13 + hashedPassword = "$y$j9T$JbosTEvX3uH6.mFV/Sz071$6vVkITFq4INQFdf51.guqaD68JWp6ZcVNGVfPqqIzL/"; 14 + 15 + extraGroups = [ 16 + "wheel" 17 + "audio" 18 + "video" 19 + "input" 20 + "dialout" 21 + ]; 22 + }; 23 + 24 + nix.settings.trusted-users = [config.flake.meta.username]; 25 + 26 + home-manager = { 27 + useGlobalPkgs = true; 28 + useUserPackages = true; 29 + 30 + users.${config.flake.meta.username} = {osConfig, ...}: { 31 + home = { 32 + username = config.flake.meta.username; 33 + homeDirectory = osConfig.users.users.${config.flake.meta.username}.home; 34 + }; 35 + }; 36 + }; 37 + }; 38 + 39 + flake.modules.homeManager.desktop = {osConfig, ...}: { 40 + home.stateVersion = osConfig.system.stateVersion; 41 + }; 42 + }

+7

nix/modules/2_laptop/module.nix

···

··· 1 + {config, ...}: { 2 + flake.modules.nixos.laptop = { 3 + imports = [config.flake.modules.nixos.desktop]; 4 + 5 + home-manager.sharedModules = [config.flake.modules.homeManager.laptop]; 6 + }; 7 + }

+12

nix/modules/2_laptop/networkmanager.nix

···

··· 1 + { 2 + flake.modules.nixos.laptop = { 3 + networking.networkmanager.enable = true; 4 + 5 + services.avahi.enable = true; 6 + }; 7 + 8 + flake.modules.homeManager.laptop = { 9 + xsession.preferStatusNotifierItems = true; # needed for network-manager-applet 10 + services.network-manager-applet.enable = true; 11 + }; 12 + }

+5

nix/modules/base.nix

···

··· 1 + {inputs, ...}: { 2 + imports = [ 3 + inputs.flake-parts.flakeModules.modules 4 + ]; 5 + }

+7

nix/modules/meta.nix

···

··· 1 + {lib, ...}: { 2 + options.flake.meta = { 3 + username = lib.mkOption { 4 + default = "scrumplex"; 5 + }; 6 + }; 7 + }

-6

nixosConfigurations/common/bat.nix

··· 1 - { 2 - hm = { 3 - catppuccin.bat.enable = true; 4 - programs.bat.enable = true; 5 - }; 6 - }

···

nixosConfigurations/common/desktop/pipewire/compressor.conf nix/modules/1_desktop/pipewire/compressor.conf

-49

nixosConfigurations/common/desktop/pipewire/default.nix

··· 1 - {pkgs, ...}: { 2 - security.rtkit.enable = true; 3 - primaryUser.extraGroups = ["rtkit"]; 4 - 5 - services.pipewire = { 6 - enable = true; 7 - alsa.enable = true; 8 - alsa.support32Bit = true; 9 - pulse.enable = true; 10 - jack.enable = true; 11 - 12 - wireplumber.configPackages = [ 13 - (pkgs.writeTextFile { 14 - name = "schiit-wireplumber-rules"; 15 - text = '' 16 - rule = { 17 - matches = { 18 - { 19 - { "node.name", "equals", "alsa_output.usb-Schiit_Audio_Schiit_Modi_3_-00.analog-stereo" }, 20 - }, 21 - }, 22 - apply_properties = { 23 - ["audio.format"] = "S32_LE", 24 - ["audio.rate"] = 96000, 25 - ["api.alsa.period-size"] = 128, 26 - }, 27 - } 28 - table.insert(alsa_monitor.rules,rule) 29 - ''; 30 - destination = "/share/wireplumber/main.lua.d/51-schiit.lua"; 31 - }) 32 - ]; 33 - }; 34 - 35 - hm.services.pipewire = { 36 - enable = true; 37 - instances = { 38 - compressor = { 39 - config = ./compressor.conf; 40 - extraPackages = [pkgs.calf]; 41 - }; 42 - desktop-source = {config = ./desktop-source.conf;}; 43 - #equalizer = { 44 - # config = ./equalizer.conf; 45 - # extraPackages = [ pkgs.lsp-plugins ]; 46 - #}; 47 - }; 48 - }; 49 - }

···

nixosConfigurations/common/desktop/pipewire/desktop-source.conf nix/modules/1_desktop/pipewire/desktop-source.conf

-86

nixosConfigurations/common/desktop/pipewire/equalizer.conf

··· 1 - context.spa-libs = { 2 - audio.convert.* = audioconvert/libspa-audioconvert 3 - support.* = support/libspa-support 4 - } 5 - 6 - context.modules = [ 7 - { name = libpipewire-module-rtkit 8 - args = { 9 - nice.level = -11 10 - rt.prio = 88 11 - rt.time.soft = 200000 12 - rt.time.hard = 200000 13 - } 14 - flags = [ ifexists nofail ] 15 - } 16 - { name = libpipewire-module-protocol-native } 17 - { name = libpipewire-module-client-node } 18 - { name = libpipewire-module-adapter } 19 - 20 - { name = libpipewire-module-filter-chain 21 - args = { 22 - node.name = "equalizer" 23 - node.description = "Equalized Output" 24 - media.name = "Equalized Output" 25 - filter.graph = { 26 - nodes = [ 27 - { 28 - type = lv2 29 - name = "Parametric Equalizer" 30 - plugin = "http://lsp-plug.in/plugins/lv2/para_equalizer_x16_stereo" 31 - # This is tuned to match Harman AE OE 2018 target for Sennheiser HD 6XX 32 - # Shout out to crinacle's (In-Ear Fidelity) headphone graph comparison tool for the AutoEQ 33 - # Gain values (g_X) are calculated as follows: `expf(0.05 * value * M_LN10)`, or `e^(0.05 * value * ln(10))` 34 - control = { 35 - "ft_0" 1 36 - "ft_1" 1 37 - "ft_2" 1 38 - "ft_3" 1 39 - "ft_4" 1 40 - "ft_5" 1 41 - "ft_6" 1 42 - "ft_7" 1 43 - "ft_8" 1 44 - "f_0" 20.0 45 - "g_0" 2.398832919 # 7.6 dB 46 - "q_0" 0.5 47 - "f_1" 180.0 48 - "g_1" 0.7585775750 # -2.4 dB 49 - "q_1" 1.0 50 - "f_2" 670.0 51 - "g_2" 1.083926914 # 0.7 dB 52 - "q_2" 1.2 53 - "f_3" 1300.0 54 - "g_3" 0.8413951416 # -1.5 dB 55 - "q_3" 1.5 56 - "f_4" 2000.0 57 - "g_4" 1.412537545 # 3.0 dB 58 - "q_4" 2.0 59 - "f_5" 3100.0 60 - "g_5" 0.6918309709 # -3.2 dB 61 - "q_5" 2.0 62 - "f_6" 4000.0 63 - "g_6" 1.188502227 # 1.5 dB 64 - "q_6" 2.0 65 - "f_7" 5600.0 66 - "g_7" 0.6839116473 # -3.3 dB 67 - "q_7" 2.0 68 - "f_8" 7900.0 69 - "g_8" 2.162718524 # 6.7 dB 70 - "q_8" 1.3 71 - } 72 - } 73 - ] 74 - } 75 - capture.props = { 76 - node.passive = true 77 - media.class = Audio/Sink 78 - node.pause-on-idle = false 79 - } 80 - playback.props = { 81 - node.pause-on-idle = false 82 - } 83 - } 84 - } 85 - ] 86 -

···

+12 -46

nixosConfigurations/common/home.nix

··· 4 lib, 5 ... 6 }: let 7 - inherit (builtins) attrValues; 8 inherit (lib.lists) optional; 9 - inherit (lib.modules) mkAliasOptionModule; 10 - 11 - inherit (inputs) catppuccin home-manager scrumpkgs; 12 - 13 - username = "scrumplex"; 14 in { 15 imports = [ 16 - (mkAliasOptionModule ["hm"] ["home-manager" "users" username]) 17 - (mkAliasOptionModule ["primaryUser"] ["users" "users" username]) 18 - 19 - home-manager.nixosModules.home-manager 20 ]; 21 22 - config = { 23 - primaryUser = { 24 - isNormalUser = true; 25 - hashedPassword = "$y$j9T$JbosTEvX3uH6.mFV/Sz071$6vVkITFq4INQFdf51.guqaD68JWp6ZcVNGVfPqqIzL/"; 26 - # TODO: roles! 27 - extraGroups = 28 - ["wheel" "audio" "video" "input" "dialout"] 29 - ++ optional config.networking.networkmanager.enable "networkmanager" 30 - ++ optional config.programs.adb.enable "adbusers" 31 - ++ optional config.virtualisation.libvirtd.enable "libvirtd" 32 - ++ optional config.virtualisation.podman.enable "podman"; 33 - }; 34 - nix.settings.trusted-users = [username]; 35 - 36 - hm = { 37 - home.homeDirectory = config.users.users."${username}".home; 38 - home.username = username; 39 40 - programs.home-manager.enable = true; 41 - systemd.user.startServices = "sd-switch"; 42 - 43 - home.stateVersion = config.system.stateVersion; 44 - }; 45 - 46 - home-manager = { 47 - useGlobalPkgs = true; 48 - useUserPackages = true; 49 - sharedModules = 50 - attrValues scrumpkgs.hmModules 51 - ++ [ 52 - catppuccin.homeModules.catppuccin 53 - ]; 54 - extraSpecialArgs = { 55 - inherit inputs; 56 - }; 57 - }; 58 - }; 59 }

··· 4 lib, 5 ... 6 }: let 7 inherit (lib.lists) optional; 8 in { 9 imports = [ 10 + (lib.mkAliasOptionModule ["hm"] ["home-manager" "users" "scrumplex"]) 11 + (lib.mkAliasOptionModule ["primaryUser"] ["users" "users" "scrumplex"]) 12 ]; 13 14 + home-manager.sharedModules = [ 15 + inputs.catppuccin.homeModules.catppuccin 16 + inputs.scrumpkgs.hmModules.waybar-camera-blank 17 + inputs.scrumpkgs.hmModules.waybar-pa-mute 18 + ]; 19 20 + primaryUser.extraGroups = 21 + optional config.networking.networkmanager.enable "networkmanager" 22 + ++ optional config.programs.adb.enable "adbusers" 23 + ++ optional config.virtualisation.libvirtd.enable "libvirtd" 24 + ++ optional config.virtualisation.podman.enable "podman"; 25 }

-24

nixosConfigurations/common/htop.nix

··· 1 - {config, ...}: { 2 - hm.programs.htop = { 3 - enable = true; 4 - settings = 5 - { 6 - "delay" = 10; 7 - ".tree_view_always_by_pid" = 1; 8 - "tree_view" = 1; 9 - } 10 - // (with config.hm.lib.htop; 11 - leftMeters [ 12 - (bar "LeftCPUs2") 13 - (bar "Memory") 14 - (bar "Swap") 15 - ]) 16 - // (with config.hm.lib.htop; 17 - rightMeters [ 18 - (bar "RightCPUs2") 19 - (text "Tasks") 20 - (text "LoadAverage") 21 - (text "Uptime") 22 - ]); 23 - }; 24 - }

···

-31

nixosConfigurations/common/misc.nix

··· 10 11 system.rebuild.enableNg = true; 12 13 - services.openssh.enable = true; 14 - 15 - security.sudo = { 16 - extraConfig = '' 17 - Defaults lecture = always 18 - Defaults lecture_file = ${../../misc/lecture.txt} 19 - Defaults pwfeedback 20 - Defaults passwd_timeout=0 21 - ''; 22 - }; 23 - 24 - environment.systemPackages = with pkgs; [just]; 25 - 26 programs.adb.enable = true; 27 28 networking.firewall = { ··· 38 ]; 39 }; 40 41 - services.udev.packages = with pkgs; [meletrix-udev-rules]; 42 - 43 services.udisks2.enable = true; 44 - 45 - security.sudo.extraRules = [ 46 - { 47 - groups = ["wheel"]; 48 - commands = [ 49 - { 50 - command = "/run/current-system/sw/bin/nixos-rebuild"; 51 - options = ["NOPASSWD"]; 52 - } 53 - { 54 - command = "/run/current-system/sw/bin/systemctl"; 55 - options = ["NOPASSWD"]; 56 - } 57 - ]; 58 - } 59 - ]; 60 }

··· 10 11 system.rebuild.enableNg = true; 12 13 programs.adb.enable = true; 14 15 networking.firewall = { ··· 25 ]; 26 }; 27 28 services.udisks2.enable = true; 29 }

-8

nixosConfigurations/common/nix-index.nix

··· 1 - {inputs, ...}: { 2 - imports = [ 3 - inputs.nix-index-database.nixosModules.nix-index 4 - ]; 5 - 6 - programs.command-not-found.enable = false; 7 - programs.nix-index-database.comma.enable = true; 8 - }

···

-38

nixosConfigurations/common/nix.nix

··· 1 - {inputs, ...}: let 2 - channelPath = "/etc/nix/channels/nixpkgs"; 3 - in { 4 - nix = { 5 - daemonCPUSchedPolicy = "idle"; 6 - daemonIOSchedClass = "idle"; 7 - daemonIOSchedPriority = 6; 8 - settings = { 9 - auto-optimise-store = true; 10 - experimental-features = ["nix-command" "flakes" "no-url-literals"]; 11 - substituters = [ 12 - "https://cache.nixos.org" 13 - "https://nix-community.cachix.org" 14 - "https://nixpkgs-wayland.cachix.org" 15 - "https://prismlauncher.cachix.org" 16 - ]; 17 - trusted-public-keys = [ 18 - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 19 - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 20 - "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" 21 - "prismlauncher.cachix.org-1:9/n/FGyABA2jLUVfY+DEp4hKds/rwO+SCOtbOkDzd+c=" 22 - ]; 23 - trusted-users = ["root"]; 24 - }; 25 - gc = { 26 - automatic = true; 27 - dates = "weekly"; 28 - options = "--delete-older-than 30d"; 29 - persistent = true; 30 - }; 31 - nixPath = [ 32 - "nixpkgs=${channelPath}" 33 - ]; 34 - registry.n.flake = inputs.nixpkgs; 35 - }; 36 - 37 - systemd.tmpfiles.settings."10-nixpkgs".${channelPath}."L+".argument = inputs.nixpkgs.outPath; 38 - }

···

-12

nixosConfigurations/common/openssh.nix

··· 1 - { 2 - services.openssh = { 3 - enable = true; 4 - settings.PasswordAuthentication = false; 5 - }; 6 - 7 - users.users.root.openssh.authorizedKeys.keys = [ 8 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJV9lYhi0kcwAAjPTMl6sycwCGkjrI0bvTIwpPuXkW2W scrumplex@andromeda" 9 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4jTPHOnfxvBOcVmExcU+j2u9Lsf1OoVG/ols2Met9/ scrumplex@dyson" 10 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGpFTRRx1FBilZA5epIadTK6GvUDNGdD288F3x6rO+z termux@void" 11 - ]; 12 - }

···

-22

nixosConfigurations/common/utils.nix

··· 1 - {pkgs, ...}: { 2 - programs.mtr.enable = true; 3 - programs.bandwhich.enable = true; 4 - 5 - environment.systemPackages = with pkgs; [ 6 - dig 7 - lsof 8 - nload 9 - tree 10 - 11 - pciutils 12 - psmisc 13 - usbutils 14 - 15 - p7zip 16 - unzip 17 - 18 - man-pages 19 - 20 - vimv-rs 21 - ]; 22 - }

···

+3 -1

nixosConfigurations/dyson/configuration.nix

··· 1 { 2 inputs, 3 pkgs, 4 ... ··· 9 ./desktop/niri.nix 10 ./disks.nix 11 ./keyd.nix 12 - ./networkmanager.nix 13 ./swapfile.nix 14 ./wireguard.nix 15 16 inputs.nixos-facter-modules.nixosModules.facter 17 inputs.nixos-hardware.nixosModules.framework-12th-gen-intel

··· 1 { 2 + fpConfig, 3 inputs, 4 pkgs, 5 ... ··· 10 ./desktop/niri.nix 11 ./disks.nix 12 ./keyd.nix 13 ./swapfile.nix 14 ./wireguard.nix 15 + 16 + fpConfig.flake.modules.nixos.laptop 17 18 inputs.nixos-facter-modules.nixosModules.facter 19 inputs.nixos-hardware.nixosModules.framework-12th-gen-intel

-8

nixosConfigurations/dyson/default.nix

··· 3 hostName = "dyson"; 4 modules = [ 5 ../common 6 - ../common/bat.nix 7 ../common/beets.nix 8 ../common/bluetooth.nix 9 ../common/boot ··· 27 ../common/desktop/niri.nix 28 ../common/desktop/obs.nix 29 ../common/desktop/orca-slicer.nix 30 - ../common/desktop/pipewire 31 ../common/desktop/polkit-agent.nix 32 ../common/desktop/portfolio-performance.nix 33 ../common/desktop/poweralertd.nix ··· 45 ../common/git.nix 46 ../common/gpg.nix 47 ../common/home.nix 48 - ../common/htop.nix 49 ../common/libvirtd.nix 50 - ../common/misc.nix 51 ../common/mpd.nix 52 ../common/mpv.nix 53 ../common/neovim.nix 54 - ../common/nix-index.nix 55 - ../common/nix.nix 56 - ../common/openssh.nix 57 ../common/pkgs 58 ../common/podman.nix 59 ../common/printing.nix ··· 65 ../common/ssh.nix 66 ../common/syncthing.nix 67 ../common/tty.nix 68 - ../common/utils.nix 69 ../common/v4l2loopback.nix 70 ../common/wireshark.nix 71

··· 3 hostName = "dyson"; 4 modules = [ 5 ../common 6 ../common/beets.nix 7 ../common/bluetooth.nix 8 ../common/boot ··· 26 ../common/desktop/niri.nix 27 ../common/desktop/obs.nix 28 ../common/desktop/orca-slicer.nix 29 ../common/desktop/polkit-agent.nix 30 ../common/desktop/portfolio-performance.nix 31 ../common/desktop/poweralertd.nix ··· 43 ../common/git.nix 44 ../common/gpg.nix 45 ../common/home.nix 46 ../common/libvirtd.nix 47 ../common/mpd.nix 48 ../common/mpv.nix 49 ../common/neovim.nix 50 ../common/pkgs 51 ../common/podman.nix 52 ../common/printing.nix ··· 58 ../common/ssh.nix 59 ../common/syncthing.nix 60 ../common/tty.nix 61 ../common/v4l2loopback.nix 62 ../common/wireshark.nix 63

-25

nixosConfigurations/dyson/networkmanager.nix

··· 1 - {config, ...}: { 2 - assertions = [ 3 - { 4 - assertion = !config.networking.nftables.enable; 5 - message = "Wireguard isn't configured with networking.nftables.enable enabled"; 6 - } 7 - ]; 8 - 9 - networking.networkmanager.enable = true; 10 - services.avahi.enable = true; 11 - 12 - hm = { 13 - xsession.preferStatusNotifierItems = true; # needed for network-manager-applet 14 - services.network-manager-applet.enable = true; 15 - systemd.user.services."network-manager-applet" = { 16 - Unit.After = ["graphical-session.target"]; 17 - Service.Slice = ["background-graphical.slice"]; 18 - }; 19 - }; 20 - 21 - networking.firewall = { 22 - trustedInterfaces = ["wg-home"]; 23 - checkReversePath = false; 24 - }; 25 - }

···