steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

feat(firefox): only set all profiles for steveej; nix fmt

Browse source
This commit is contained in:
steveej 2025-06-05 16:51:51 +02:00
parent aa1aa835d4
commit 1083d0e717
36 changed files with 709 additions and 1201 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nix/home-manager/programs/firefox.nix
View file

@ -329,7 +329,9 @@ in
enable = true; enable = true;
package = pkgs.firefox; package = pkgs.firefox;
profiles = mkProfiles { profiles =
lib.filterAttrs (_: v: config.home.username == "steveej" || (v.isDefault or false))
(mkProfiles {
"personal" = mkProfile { "personal" = mkProfile {
id = 0; id = 0;
isDefault = true; isDefault = true;
@ -387,7 +389,7 @@ in
id = 13; id = 13;
color = colors.purple; color = colors.purple;
}; };
}; });
# policies = { # policies = {
# # search via policy. the other one doesn't always work because of schema version mismatch # # search via policy. the other one doesn't always work because of schema version mismatch

20
nix/os/devices/elias-e525/user.nix
View file

@ -1,8 +1,10 @@
{ config, pkgs, ... }: { config, lib, ... }:
let let
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser; inherit (import ../../lib/default.nix { inherit lib config; }) mkUser deepMergeAttrsets;
in in
deepMergeAttrsets [
{ {
sops.secrets.sharedUsers-elias = { sops.secrets.sharedUsers-elias = {
sopsFile = ../../../../secrets/shared-users.yaml; sopsFile = ../../../../secrets/shared-users.yaml;
@ -15,16 +17,20 @@ in
neededForUsers = true; neededForUsers = true;
format = "yaml"; format = "yaml";
}; };
}
users.extraUsers.elias = mkUser { (mkUser {
username = "elias";
uid = 1001; uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh; openssh.authorizedKeys.keys = keys.users.steveej.openssh;
hashedPasswordFile = config.sops.secrets.sharedUsers-elias.path; hashedPasswordFile = config.sops.secrets.sharedUsers-elias.path;
}; })
users.extraUsers.justyna = mkUser { (mkUser {
username = "justyna";
uid = 1002; uid = 1002;
openssh.authorizedKeys.keys = keys.users.steveej.openssh; openssh.authorizedKeys.keys = keys.users.steveej.openssh;
hashedPasswordFile = config.sops.secrets.sharedUsers-justyna.path; hashedPasswordFile = config.sops.secrets.sharedUsers-justyna.path;
}; })
}
]

12
nix/os/devices/justyna-p300/boot.nix
View file

@ -1,12 +0,0 @@
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.loader.grub.efiSupport = lib.mkForce false;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
# boot.initrd.availableKernelModules = stage1Modules;
boot.extraModprobeConfig = "";
}

14
nix/os/devices/justyna-p300/configuration.nix
View file

@ -1,14 +0,0 @@
{ ... }:
{
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix
../../profiles/graphical-gnome-xorg.nix
./system.nix
./hw.nix
./pkg.nix
./user.nix
./boot.nix
];
}

29
nix/os/devices/justyna-p300/default.nix
View file

@ -1,29 +0,0 @@
{
nodeName,
repoFlake,
nodeFlake,
...
}:
let
system = "x86_64-linux";
in
{
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake;
packages' = repoFlake.packages.${system};
};
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
${nodeName} = {
deployment.targetHost = nodeName;
deployment.replaceUnknownProfiles = false;
# deployment.allowLocalDeployment = true;
imports = [
nodeFlake.inputs.home-manager.nixosModules.home-manager
./configuration.nix
];
};
}

70
nix/os/devices/justyna-p300/flake.lock generated
View file

@ -1,70 +0,0 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1689977778,
"narHash": "sha256-lvz4hZO/EP6xLJQIrEdHdYWi/Uz49HCAownL5HZUy1M=",
"owner": "nix-community",
"repo": "disko",
"rev": "7b186e0f812a7c54a1fa86b8f7c0f01afecc69c2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1687871164,
"narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1689885880,
"narHash": "sha256-2ikAcvHKkKh8J/eUrwMA+wy1poscC+oL1RkN1V3RmT8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fa793b06f56896b7d1909e4b69977c7bf842b2f0",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

13
nix/os/devices/justyna-p300/flake.nix
View file

@ -1,13 +0,0 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
inputs.home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
inputs.disko.url = "github:nix-community/disko";
inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
outputs = _: { };
}

42
nix/os/devices/justyna-p300/hw.nix
View file

@ -1,42 +0,0 @@
{ nodeFlake, ... }:
{
imports = [ nodeFlake.inputs.disko.nixosModules.disko ];
disko.devices.disk.sda = {
device = "/dev/sda";
type = "disk";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "boot";
start = "0";
end = "1M";
part-type = "primary";
flags = [ "bios_grub" ];
}
{
name = "root";
start = "1M";
end = "100%";
part-type = "primary";
bootable = true;
content = {
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
subvolumes = {
# Subvolume name is different from mountpoint
"/rootfs" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = [ "noatime" ];
};
};
};
}
];
};
};
}

72
nix/os/devices/justyna-p300/pkg.nix
View file

@ -1,72 +0,0 @@
{
pkgs,
lib,
packages',
...
}:
let
homeEnv = keyboard: {
imports = [
../../../home-manager/profiles/common.nix
../../../home-manager/configuration/graphical-gnome3.nix
../../../home-manager/programs/firefox.nix
../../../home-manager/programs/libreoffice.nix
../../../home-manager/programs/neovim.nix
];
home.keyboard = keyboard;
home.packages = with pkgs; [
dia
rustdesk
];
};
in
{
services.gnome = builtins.mapAttrs (_attr: value: lib.mkForce value) {
gnome-remote-desktop.enable = true;
};
services.printing.drivers = lib.mkForce (
with packages';
[
dcpj4110dwDriver
dcpj4110dwCupswrapper
]
);
services.printing.extraConf = ''
LogLevel debug
'';
home-manager.users.steveej = homeEnv {
layout = "en";
options = [ "nodeadkey" ];
variant = "altgr-intl";
};
home-manager.users.elias = homeEnv {
layout = "de";
options = [ ];
variant = "";
};
home-manager.users.justyna =
lib.attrsets.recursiveUpdate
(homeEnv {
layout = "de";
options = [ ];
variant = "";
})
{
services.syncthing.enable = true;
services.syncthing.tray = true;
home.packages = with pkgs; [ session-desktop ];
};
system.stateVersion = "21.11";
}

48
nix/os/devices/justyna-p300/system.nix
View file

@ -1,48 +0,0 @@
{ pkgs, lib, ... }:
let
passwords = import ../../../variables/passwords.crypt.nix;
in
{
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
# iperf3
5201
];
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
services.fprintd.enable = true;
security.pam.services = {
login.fprintAuth = true;
sudo.fprintAuth = true;
};
time.timeZone = lib.mkForce passwords.timeZone.justyna;
services = {
xserver = {
layout = lib.mkForce "de";
xkbVariant = lib.mkForce "";
xkbOptions = lib.mkForce "";
displayManager.autoLogin.enable = true;
displayManager.autoLogin.user = lib.mkForce "justyna";
displayManager.gdm.enable = lib.mkForce true;
displayManager.lightdm.enable = lib.mkForce false;
desktopManager.gnome.enable = true;
};
# dbus.packages = [ pkgs.gnome3.dconf ];
# udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
};
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = [ "modesetting" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
nix.gc = {
automatic = true;
};
}

30
nix/os/devices/justyna-p300/user.nix
View file

@ -1,30 +0,0 @@
{ config, pkgs, ... }:
let
keys = import ../../../variables/keys.nix;
inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser;
in
{
sops.secrets.sharedUsers-elias = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
format = "yaml";
};
sops.secrets.sharedUsers-justyna = {
sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true;
format = "yaml";
};
users.extraUsers.elias = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
passwordFile = config.sops.secrets.sharedUsers-elias.path;
};
users.extraUsers.justyna = mkUser {
uid = 1002;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
passwordFile = config.sops.secrets.sharedUsers-justyna.path;
};
}

5
nix/os/devices/steveej-pa600/boot.nix
View file

@ -1,5 +0,0 @@
{ lib, ... }:
{
boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
}

13
nix/os/devices/steveej-pa600/configuration.nix
View file

@ -1,13 +0,0 @@
{ ... }:
{
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix
../../modules/opinionatedDisk.nix
./system.nix
./hw.nix
./pkg.nix
./user.nix
];
}

23
nix/os/devices/steveej-pa600/hw.nix
View file

@ -1,23 +0,0 @@
_:
let
stage1Modules = [
"aesni_intel"
"kvm-intel"
"aes_x86_64"
"xhci_pci"
"hxci_hcd"
];
in
{
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
encrypted = true;
diskId = "ata-TOSHIBA_MK1652GSX_Y8B9CL6XT";
};
# boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
boot.extraModprobeConfig = "";
}

11
nix/os/devices/steveej-pa600/pkg.nix
View file

@ -1,11 +0,0 @@
{ pkgs, ... }:
{
nixpkgs.config.packageOverrides =
pkgs: with pkgs; {
inherit ((import ../../../default.nix { versionsPath = ./versions.nix; })) nixPath;
};
home-manager.users.steveej = import ../../../home-manager/configuration/graphical-fullblown.nix {
inherit pkgs;
};
system.stateVersion = "20.09";
}

43
nix/os/devices/steveej-pa600/system.nix
View file

@ -1,43 +0,0 @@
{ pkgs, lib, ... }:
{
# TASK: new device
networking.hostName = "steveej-pa600"; # Define your hostname.
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
# iperf3
5201
];
networking.firewall.logRefusedConnections = false;
networking.usePredictableInterfaceNames = false;
services.printing = {
enable = true;
drivers = with pkgs; [
hplip
mfcl3770cdw.driver
mfcl3770cdw.cupswrapper
];
};
services.fprintd.enable = true;
security.pam.services = {
login.fprintAuth = true;
sudo.fprintAuth = true;
};
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = [ "modesetting" ];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"
Option "SuspendTime" "0"
Option "OffTime" "0"
'';
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
hardware.ledger.enable = true;
}

11
nix/os/devices/steveej-pa600/user.nix
View file

@ -1,11 +0,0 @@
{ pkgs, ... }:
let
keys = import ../../../variables/keys.nix;
inherit (import ../../lib/default.nix { inherit (pkgs) lib; }) mkUser;
in
{
users.extraUsers.steveej2 = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
};
}

29
nix/os/devices/steveej-pa600/versions.nix
View file

@ -1,29 +0,0 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = "e065200fc90175a8f6e50e76ef10a48786126e1c";
};
in
{
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = "2f47650c2f28d87f86ab807b8a339c684d91ec56";
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = "cb7c39605051c7b268f8e0c5c47818a06b5d88c5";
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-20.09";
rev = "22f6736e628958f05222ddaadd7df7818fe8f59d";
};
}

37
nix/os/devices/steveej-pa600/versions.tmpl.nix
View file

@ -1,37 +0,0 @@
let
nixpkgs = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-20.09";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
in
{
inherit nixpkgs;
nixos = nixpkgs // {
suffix = "/nixos";
};
"channels-nixos-stable" = nixpkgs;
"channels-nixos-unstable" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "nixos-unstable";
rev = ''
<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '
' -%>'';
};
"nixpkgs-master" = {
url = "https://github.com/NixOS/nixpkgs/";
ref = "master";
rev = ''
<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '
' -%>'';
};
"home-manager-module" = {
url = "https://github.com/nix-community/home-manager";
ref = "release-20.09";
rev = ''
<% git ls-remote https://github.com/nix-community/home-manager.git release-20.09 | awk '{ print $1 }' | tr -d '
' -%>'';
};
}

15
nix/os/lib/default.nix
View file

@ -1,11 +1,16 @@
{ lib, config }: { lib, config }:
let let
keys = import ../../variables/keys.nix; keys = import ../../variables/keys.nix;
deepMergeAttrsets =
listOfAttrsets: lib.foldl' (acc: cur: lib.recursiveUpdate acc cur) { } listOfAttrsets;
in in
{ {
inherit deepMergeAttrsets;
mkUser = mkUser =
args: args@{ username, ... }:
lib.mkMerge [ {
users.users.${username} = deepMergeAttrsets [
{ {
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
@ -36,9 +41,13 @@ in
# config.sops.secrets.sharedSshKeys-steveej.path # config.sops.secrets.sharedSshKeys-steveej.path
# ]; # ];
} }
args
(builtins.removeAttrs args [ "username" ])
]; ];
home-manager.users.${username}.home.username = username;
};
disk = rec { disk = rec {
# TODO: verify the GPT PARTLABEL cap at 36 chars # TODO: verify the GPT PARTLABEL cap at 36 chars
shortenGptPartlabel = partlabel: (builtins.substring 0 36 partlabel); shortenGptPartlabel = partlabel: (builtins.substring 0 36 partlabel);

36
nix/os/profiles/common/user.nix
View file

@ -1,6 +1,5 @@
{ {
config, config,
pkgs,
lib, lib,
... ...
}: }:
@ -8,8 +7,7 @@ let
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
inherit inherit
(import ../../lib/default.nix { (import ../../lib/default.nix {
inherit (pkgs) lib; inherit lib config;
inherit config;
}) })
mkUser mkUser
; ;
@ -37,13 +35,13 @@ in
# TODO: test if this works # TODO: test if this works
installPassword = lib.mkOption { installPassword = lib.mkOption {
default = ""; default = null;
type = types.str; type = types.nullOr types.str;
}; };
}; };
config = lib.mkIf cfg.enable ( config = lib.mkIf cfg.enable (
lib.mkMerge [ lib.mkMerge [
(lib.mkIf (cfg.installPassword == "") { (lib.mkIf (cfg.installPassword == null) {
sops.secrets.sharedUsers-root = { sops.secrets.sharedUsers-root = {
sopsFile = ../../../../secrets/shared-users.yaml; sopsFile = ../../../../secrets/shared-users.yaml;
neededForUsers = true; neededForUsers = true;
@ -64,7 +62,7 @@ in
}) })
{ {
users.mutableUsers = cfg.installPassword != ""; users.mutableUsers = cfg.installPassword != null;
users.users.root = lib.mkMerge [ users.users.root = lib.mkMerge [
{ openssh.authorizedKeys.keys = keys.users.steveej.openssh; } { openssh.authorizedKeys.keys = keys.users.steveej.openssh; }
@ -74,20 +72,18 @@ in
(lib.mkIf (cfg.installPassword == "") { hashedPasswordFile = cfg.rootPasswordFile; }) (lib.mkIf (cfg.installPassword == "") { hashedPasswordFile = cfg.rootPasswordFile; })
]; ];
users.users.steveej = lib.mkIf cfg.enableNonRoot (
mkUser (
lib.mkMerge [
{ uid = 1000; }
(lib.mkIf (cfg.installPassword != "") { password = cfg.installPassword; })
(lib.mkIf (cfg.installPassword == "") {
hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path;
})
]
)
);
} }
(lib.mkIf cfg.enableNonRoot (mkUser {
username = "steveej";
uid = 1000;
password = cfg.installPassword;
hashedPasswordFile = lib.mkIf (
cfg.installPassword == null
) config.sops.secrets.sharedUsers-steveej.path;
}))
] ]
); );
} }

6
nix/os/profiles/graphical-gnome-xorg.nix
View file

@ -66,8 +66,8 @@
programs.seahorse.enable = true; programs.seahorse.enable = true;
programs.dconf.enable = true; programs.dconf.enable = true;
environment.gnome.excludePackages = environment.gnome.excludePackages = with pkgs;
(with pkgs; [ [
orca orca
gnome-photos gnome-photos
gnome-tour gnome-tour
@ -81,7 +81,7 @@
evince # document viewer evince # document viewer
gnome-characters gnome-characters
totem # video player totem # video player
]); ];
services.pipewire = { services.pipewire = {
audio.enable = true; audio.enable = true;

3
nix/os/snippets/nix-settings.nix
View file

@ -4,9 +4,6 @@
lib, lib,
... ...
}: }:
let
pkgsUnstable = import nodeFlake.inputs.nixpkgs-unstable { inherit (pkgs) system config; };
in
{ {
nix.daemonCPUSchedPolicy = "idle"; nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle"; nix.daemonIOSchedClass = "idle";