steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: steveej:f59930c49edcc293d348eeb15a88d6014155c0e2
Branches Tags
steveej:master
steveej:WIP-router0-nfmnk-tunnels
steveej:wip
steveej:wip-bpir3
steveej:pr_htz0
steveej:evolution_decsync
steveej:t14_relabel
steveej:t14_new_drive
steveej:srv0_drivechange
steveej:staging-steveej
steveej:pa600-unused
steveej:pr/odroidh2p-0
...
compare: steveej:1153240aac1482d7afaed92011ec4d8cd4662848
Branches Tags
steveej:master
steveej:WIP-router0-nfmnk-tunnels
steveej:wip
steveej:wip-bpir3
steveej:pr_htz0
steveej:evolution_decsync
steveej:t14_relabel
steveej:t14_new_drive
steveej:srv0_drivechange
steveej:staging-steveej
steveej:pa600-unused
steveej:pr/odroidh2p-0

9 commits
f59930c49e ... 1153240aac

Author SHA1 Message Date
Stefan Junker
1153240aac feat(elias-e525): bump to 25.05 2025-06-04 22:13:48 +02:00
Stefan Junker
f6f7e911d4 nix/os/devices/steveej-x13s: bump versions 2025-05-28 22:12:21 +02:00
Stefan Junker
65cbb9b381 webserver: pw protect some files 2025-05-28 21:18:03 +02:00
Stefan Junker
08817d93bc toplevel,steveej-x13s,sj-srv1: bump to nixos 25.05 2025-05-28 21:17:22 +02:00
Stefan Junker
a1df9205d5 chore: nix fmt 2025-05-28 17:06:11 +02:00
Stefan Junker
a9be5375ca nix/os/devices/sj-srv1: bump versions 2025-05-24 14:52:10 +02:00
Stefan Junker
303a459e28 nix/os/devices/steveej-x13s: bump versions 2025-05-24 14:19:14 +02:00
Stefan Junker
3f9a52b2f3 nix/os/devices/steveej-x13s: bump versions 2025-05-20 15:13:05 +02:00
Stefan Junker
aa0ebf07bb nix/os/devices/steveej-x13s: bump versions 2025-05-19 10:54:28 +02:00
33 changed files with 282 additions and 413 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Justfile
View file

@ -230,8 +230,8 @@ switch-gpg-card key-id="6EEFA706CB17E89B":
# Connect the new device and then run this script to make it known to gnupg.
#
set -xe
if [[ -n "{{key-id}}" ]]; then
KEY_ID="{{key-id}}"
if [[ -n "{{ key-id }}" ]]; then
KEY_ID="{{ key-id }}"
else
KEY_ID=$(gpg --card-status | rg sec | rg -o '[0-9A-Z]{16}')
fi

239
flake.lock generated
View file

@ -28,11 +28,11 @@
"stable": "stable"
},
"locked": {
"lastModified": 1731527002,
"narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=",
"lastModified": 1746816769,
"narHash": "sha256-ymQzXrfHVT8/RJiGbfrNjEeuzXQan46lUJdxEhgivdM=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "e3ad42138015fcdf2524518dd564a13145c72ea1",
"rev": "df694ee23be7ed7b2d8b42c245a640f0724eb06c",
"type": "github"
},
"original": {
@ -56,27 +56,6 @@
"type": "github"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -184,20 +163,6 @@
"type": "github"
}
},
"flake-compat_4": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
@ -267,11 +232,11 @@
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github"
},
"original": {
@ -318,7 +283,7 @@
},
"flake-utils_10": {
"inputs": {
"systems": "systems_5"
"systems": "systems_6"
},
"locked": {
"lastModified": 1710146030,
@ -478,79 +443,6 @@
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"nixvim",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1732021966,
"narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "3308484d1a443fc5bc92012435d79e80458fe43c",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nixvim",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733175814,
"narHash": "sha256-zFOtOaqjzZfPMsm1mwu98syv3y+jziAq5DfWygaMtLg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "bf23fe41082aa0289c209169302afd3397092f22",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
@ -565,16 +457,16 @@
]
},
"locked": {
"lastModified": 1729958008,
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
"lastModified": 1737371634,
"narHash": "sha256-fTVAWzT1UMm1lT+YxHuVPtH+DATrhYfea3B0MxG/cGw=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
"rev": "a1176e2a10ce745ff8f63e4af124ece8fe0b1648",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.0.6",
"ref": "v0.0.7",
"repo": "ixx",
"type": "github"
}
@ -614,27 +506,6 @@
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733105089,
"narHash": "sha256-Qs3YmoLYUJ8g4RkFj2rMrzrP91e4ShAioC9s+vG6ENM=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "c6b65d946097baf3915dd51373251de98199280d",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts_3",
@ -974,6 +845,22 @@
"type": "github"
}
},
"nixpkgs-2505": {
"locked": {
"lastModified": 1747953325,
"narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "55d1f923c480dadce40f5231feb472e81b0bab48",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-gimp": {
"locked": {
"lastModified": 1735507908,
@ -1136,24 +1023,19 @@
},
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_4",
"git-hooks": "git-hooks",
"home-manager": "home-manager",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"treefmt-nix": "treefmt-nix_3"
"systems": "systems_5"
},
"locked": {
"lastModified": 1733355056,
"narHash": "sha256-EOldkOLdgUVIa8ZJiHkqjD6yaW+AZiZwd94aBqfZERY=",
"lastModified": 1748175278,
"narHash": "sha256-nXrZ25veLlj1WwVblFO28oHSOabjORGn8YLQ/9OtuSA=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "277dbeb607210f6a6db656ac7eee9eef3143070c",
"rev": "f54941e333ea2afd0b03ba09f5cb90bb1c6f8130",
"type": "github"
},
"original": {
@ -1168,7 +1050,7 @@
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_4"
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
"lastModified": 1737225765,
@ -1194,11 +1076,11 @@
]
},
"locked": {
"lastModified": 1733006402,
"narHash": "sha256-BC1CecAQISV5Q4LZK72Gx0+faemOwaChiD9rMVfDPoA=",
"lastModified": 1745046075,
"narHash": "sha256-8v4y6k16Ra/fiecb4DxhsoOGtzLKgKlS+9/XJ9z0T2I=",
"owner": "NuschtOS",
"repo": "search",
"rev": "16307548b7a1247291c84ae6a12c0aacb07dfba2",
"rev": "066afe8643274470f4a294442aadd988356a478f",
"type": "github"
},
"original": {
@ -1276,10 +1158,11 @@
"nixago": "nixago",
"nixos-anywhere": "nixos-anywhere",
"nixpkgs": [
"nixpkgs-2411"
"nixpkgs-2505"
],
"nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-2411": "nixpkgs-2411",
"nixpkgs-2505": "nixpkgs-2505",
"nixpkgs-gimp": "nixpkgs-gimp",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixpkgs-vscodium": "nixpkgs-vscodium",
@ -1295,7 +1178,7 @@
"rperf": "rperf",
"sops-nix": "sops-nix",
"srvos": "srvos",
"treefmt-nix": "treefmt-nix_5",
"treefmt-nix": "treefmt-nix_4",
"yofi": "yofi"
}
},
@ -1392,16 +1275,16 @@
},
"stable": {
"locked": {
"lastModified": 1730883749,
"narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
"lastModified": 1746557022,
"narHash": "sha256-QkNoyEf6TbaTW5UZYX0OkwIJ/ZMeKSSoOMnSDPQuol0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
"rev": "1d3aeb5a193b9ff13f63f4d9cc169fb88129f860",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
@ -1481,6 +1364,21 @@
"type": "github"
}
},
"systems_6": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -1525,27 +1423,6 @@
}
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1732894027,
"narHash": "sha256-2qbdorpq0TXHBWbVXaTqKoikN4bqAtAplTwGuII+oAc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "6209c381904cab55796c5d7350e89681d3b2a8ef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_4": {
"inputs": {
"nixpkgs": [
"nur",
@ -1566,7 +1443,7 @@
"type": "github"
}
},
"treefmt-nix_5": {
"treefmt-nix_4": {
"inputs": {
"nixpkgs": [
"nixpkgs"

116
flake.nix
View file

@ -11,8 +11,9 @@
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
radicalePkgs.follows = "nixpkgs-2211";
nixpkgs-2411.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-2505.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.follows = "nixpkgs-2411";
nixpkgs.follows = "nixpkgs-2505";
flake-parts.url = "github:hercules-ci/flake-parts";
get-flake.url = "github:ursi/get-flake";
@ -132,7 +133,7 @@
flake-parts.lib.mkFlake { inherit inputs; } (
{ withSystem, ... }:
{
flake.colmena =
flake.colmenaHive = inputs.colmena.lib.makeHive (
lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur)
{ meta.nixpkgs = import inputs.nixpkgs.outPath { system = builtins.elemAt systems 0; }; }
# FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import
@ -152,7 +153,7 @@
"steveej-t14"
"steveej-x13s"
"steveej-x13s-rmvbl"
# "elias-e525"
"elias-e525"
# "justyna-p300"
# "srv0-dmz0"
@ -162,19 +163,50 @@
"sj-srv1"
]
);
)
);
flake.lib = {
inherit withSystem;
prsFn =
{
lib,
prs,
skim,
rustPlatform,
makeWrapper,
}:
prs.overrideAttrs (attrs: rec {
pname = "prs";
src = self.inputs.prs;
version = self.inputs.prs.shortRev;
nativeBuildInputs = attrs.nativeBuildInputs ++ [
makeWrapper
];
cargoDeps = rustPlatform.fetchCargoVendor {
inherit src;
hash = "sha256-6kCqrwcHFy7cEl2JM+CzTWDM9abepumzdcJLq1ChzUk=";
};
postFixup = ''
wrapProgram $out/bin/prs \
--prefix PATH : ${lib.makeBinPath [ skim ]}
'';
});
};
# this makes nixos-anywhere work
flake.nixosConfigurations =
let
colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes;
colmenaHiveNodes = self.outputs.colmenaHive.nodes;
router0-dmz0 = (inputs.get-flake (self + "/nix/os/devices/router0-dmz0")).nixosConfigurations;
in
colmenaHive
colmenaHiveNodes
// {
router0-dmz0 = router0-dmz0.native;
@ -211,72 +243,6 @@
craneLib = craneLibFn inputs'.fenix.packages.stable.toolchain;
_prsPackage =
{
lib,
rustPlatform,
installShellFiles,
pkg-config,
python3,
glib,
gpgme,
gtk3,
stdenv,
cargoHash ? "sha256-T57RqIzurpYLHyeFhvqxmC+DoB6zUf+iTu1YkMmwtp8=",
src,
version,
makeWrapper,
skim,
}:
rustPlatform.buildRustPackage rec {
pname = "prs";
inherit src version cargoHash;
nativeBuildInputs = [
gpgme
installShellFiles
pkg-config
python3
makeWrapper
];
cargoBuildFlags = [
"--no-default-features"
"--features=alias,backend-gpgme,clipboard,notify,select-fzf-bin,select-skim-bin,tomb,totp"
];
buildInputs = [
glib
gpgme
gtk3
];
postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
for shell in bash fish zsh; do
installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout)
done
'';
postFixup = ''
wrapProgram $out/bin/prs \
--prefix PATH : ${lib.makeBinPath [ skim ]}
'';
meta = with lib; {
description = "Secure, fast & convenient password manager CLI using GPG and git to sync";
homepage = "https://gitlab.com/timvisee/prs";
changelog = "https://gitlab.com/timvisee/prs/-/blob/v${version}/CHANGELOG.md";
license = with licenses; [
lgpl3Only # lib
gpl3Only # everything else
];
maintainers = with maintainers; [ dotlambda ];
mainProgram = "prs";
};
};
local-xwayland = pkgs.writeShellScriptBin "local-xwayland" ''
set -x
${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \
@ -293,12 +259,6 @@
inherit (inputs'.colmena.packages) colmena;
prs = pkgs.callPackage _prsPackage {
src = inputs.prs;
version = inputs.prs.shortRev;
cargoHash = "sha256-oXuAKOHIfwUvcS0qXDTe68DN+MUNS4TAKV986vxdeh8=";
};
nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6;
ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" ''

2
nix/devShells.nix
View file

@ -84,6 +84,8 @@
screen
inputs'.nixpkgs-unstable.legacyPackages.kanidm
(flameshot.override { enableWlrSupport = true; })
];
# Set Environment Variables

2
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -131,7 +131,7 @@ in
# FIXME: depends on insecure openssl 1.1.1t
# kotatogram-desktop
pkgsUnstable.tdesktop
pkgsUnstable.signal-desktop-source
pkgsUnstable.signal-desktop
# Virtualization
virt-manager

6
nix/home-manager/configuration/graphical-gnome3.nix
View file

@ -1,8 +1,8 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
gnome.gnome-tweaks
gnome.gnome-keyring
gnome.seahorse
gnome-tweaks
gnome-keyring
seahorse
];
}

6
nix/home-manager/configuration/graphical-removable.nix
View file

@ -24,7 +24,7 @@
# Process/System Administration
htop
gnome.gnome-tweaks
gnome-tweaks
xorg.xhost
dmidecode
evtest
@ -39,8 +39,8 @@
lzop
# Password Management
gnome.gnome-keyring
gnome.seahorse
gnome-keyring
seahorse
# Remote Control Tools
remmina

2
nix/home-manager/profiles/gnome-desktop.nix
View file

@ -16,7 +16,7 @@
# Hidden=true
# '';
services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
services.gpg-agent.pinentry.package = pkgs.pinentry-gnome3;
dconf.settings =
let

12
nix/home-manager/profiles/sway-desktop.nix
View file

@ -39,7 +39,7 @@ in
enable = true;
};
services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
services.gpg-agent.pinentry.package = pkgs.pinentry-gnome3;
home.packages = [
pkgs.swayidle
@ -161,7 +161,8 @@ in
# TODO: i've been hitting this one accidentally way too often. find a better place.
# "${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit";
"${modifier}+q" = "kill";
"${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9";
"${modifier}+Shift+q" =
"exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9";
"${modifier}+x" = "exec ${swapOutputWorkspaces}";
@ -212,6 +213,13 @@ in
# this maps to focus_on_window_activation
focus.newWindow = "urgent";
window.commands = [
{
command = "border pixel 0, floating enable, fullscreen disable, move absolute position 0 0";
criteria.app_id= "flameshot";
}
];
};
};

40
nix/home-manager/programs/firefox.nix
View file

@ -40,14 +40,20 @@ let
search = {
force = true;
default = "DuckDuckGo";
privateDefault = "DuckDuckGo";
default = "ddg";
privateDefault = "ddg";
order = [
"ddg"
"ecosia"
"google"
];
};
mkProfile =
override:
lib.recursiveUpdate {
extensions = ryceeAddons ++ customAddons;
extensions.packages = ryceeAddons ++ customAddons;
inherit search;
settings = {
@ -173,6 +179,7 @@ let
# enable pipewire (and libcamera) sources
"media.webrtc.camera.allow-pipewire" = true;
};
userChrome =
@ -320,7 +327,7 @@ in
};
programs.firefox = {
enable = true;
package = pkgs.firefox-esr;
package = pkgs.firefox;
profiles = mkProfiles {
"personal" = mkProfile {
@ -376,8 +383,33 @@ in
id = 12;
color = colors.pink;
};
"tech-research" = mkProfile {
id = 13;
color = colors.purple;
};
};
# policies = {
# # search via policy. the other one doesn't always work because of schema version mismatch
# SearchEngines = {
# Default = "Qwant";
# PreventInstalls = true;
# Add = [
# {
# Method = "GET";
# Alias = "qwant";
# Description = "Description";
# # PostData= "name=value&q={searchTerms}";
# Name = "Qwant";
# SuggestURLTemplate = "https://api.qwant.com/api/suggest/?q={searchTerms}";
# URLTemplate = "https://www.qwant.com/?q={searchTerms}";
# }
# ];
# };
# };
};
# create one desktop entry for each profile

9
nix/home-manager/programs/gpg-agent.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, osConfig, ... }:
{
lib,
pkgs,
osConfig,
...
}:
{
home.packages = [ pkgs.gcr ];
@ -8,7 +13,7 @@
enableScDaemon = !osConfig.services.pcscd.enable;
enableSshSupport = true;
grabKeyboardAndMouse = true;
pinentryPackage = lib.mkDefault pkgs.pinentry-gtk2;
pinentry.package = lib.mkDefault pkgs.pinentry-gtk2;
extraConfig = ''
no-allow-external-cache
'';

2
nix/home-manager/programs/neovim.nix
View file

@ -68,6 +68,8 @@
# This plugin trims trailing whitespace and lines.
trim.enable = true;
web-devicons.enable = true;
};
# plugins = with pkgs;

7
nix/home-manager/programs/pass.nix
View file

@ -5,12 +5,13 @@
# home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
# programs.browserpass.enable = true;
home.packages = with pkgs; [
gnupg
home.packages = [
pkgs.gnupg
# broken on wayland
# rofi-pass
repoFlake.packages.${pkgs.system}.prs
(pkgs.callPackage repoFlake.lib.prsFn {
})
];
}

2
nix/home-manager/programs/vscode/default.nix
View file

@ -12,7 +12,7 @@ in
programs.vscode = {
enable = true;
package = pkgsVscodium.vscodium;
extensions =
profiles.default.extensions =
with pkgsVscodium.vscode-extensions;
[
eamodio.gitlens

4
nix/home-manager/programs/zsh.nix
View file

@ -48,8 +48,8 @@ in
# will be called again by oh-my-zsh
enableCompletion = false;
enableAutosuggestions = true;
initExtra =
autosuggestion.enable = true;
initContent =
let
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
in

5
nix/os/containers/mailserver.nix
View file

@ -66,7 +66,6 @@
services.dovecot2 = {
enable = true;
modules = [ pkgs.dovecot_pigeonhole ];
protocols = [ "sieve" ];
enableImap = true;
@ -98,6 +97,10 @@
'';
};
environment.systemPackages = [
pkgs.dovecot_pigeonhole
];
environment.etc."dovecot/users".source = config.sops.secrets.email_dovecot_steveej.path;
systemd.services.steveej-getmail-stefanjunker = {

1
nix/os/containers/syncthing.nix
View file

@ -70,7 +70,6 @@
};
};
# TODO: find out if smbpasswd file is still used and set it here. or find an alternative
# sops.secrets.smbpasswd = {
# };

7
nix/os/containers/webserver.nix
View file

@ -66,7 +66,11 @@ in
extraConfig = ''
redir /hedgedoc* https://hedgedoc.${domain}
file_server /*/* {
basic_auth /justyna/202505_prt_teil1* {
prt $2a$14$y7tZYZxTlJ2JFsBtRM.D8Ok0oHhWt53mGXk.xJMLXc/JF.bTtOWaq
}
file_server /* {
browse
root /var/www/stefanjunker.de/htdocs/caddy
pass_thru
@ -406,7 +410,6 @@ in
domain = "kanidm.${domain}";
origin = "https://kanidm.${domain}";
bindaddress = "127.0.0.1:8444";
# don't expose ldap

4
nix/os/devices/elias-e525/default.nix
View file

@ -16,8 +16,8 @@ in
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; };
${nodeName} = {
deployment.targetHost = "elias-e525.lan";
deployment.replaceUnknownProfiles = false;
deployment.targetHost = "elias-e525";
deployment.replaceUnknownProfiles = true;
# deployment.allowLocalDeployment = true;
imports = [

23
nix/os/devices/elias-e525/flake.lock generated
View file

@ -7,32 +7,32 @@
]
},
"locked": {
"lastModified": 1703113038,
"narHash": "sha256-oxkyzjpD+mNT7arzU/zHrkNHLuY9tKwmnD2MNaZiSDw=",
"lastModified": 1748665073,
"narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0c2353d5d930c3d93724df6858aef064a31b3c00",
"rev": "282e1e029cb6ab4811114fc85110613d72771dea",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1703068421,
"narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=",
"lastModified": 1749024892,
"narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f",
"rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
@ -40,7 +40,10 @@
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
"nixpkgs": [
"nixpkgs-stable"
],
"nixpkgs-stable": "nixpkgs-stable"
}
}
},

5
nix/os/devices/elias-e525/flake.nix
View file

@ -1,8 +1,9 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
inputs.nixpkgs.follows = "nixpkgs-stable";
inputs.nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
inputs.home-manager = {
url = "github:nix-community/home-manager/release-23.11";
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};

14
nix/os/devices/elias-e525/system.nix
View file

@ -14,21 +14,23 @@
services.fprintd.enable = true;
security.pam.services = {
login.fprintAuth = true;
# conflicts with nixpkgs' gdm.nix
# login.fprintAuth = true;
sudo.fprintAuth = true;
};
services = {
xserver = {
layout = lib.mkForce "de";
xkbVariant = lib.mkForce "";
xkbOptions = lib.mkForce "";
displayManager.autoLogin.enable = lib.mkForce false;
xkb.layout = lib.mkForce "de";
xkb.variant = lib.mkForce "";
xkb.options = lib.mkForce "";
displayManager.gdm.enable = lib.mkForce true;
displayManager.lightdm.enable = lib.mkForce false;
desktopManager.gnome.enable = true;
};
displayManager.autoLogin.enable = lib.mkForce false;
# dbus.packages = [ pkgs.gnome3.dconf ];
# udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
};
@ -37,7 +39,7 @@
services.xserver.videoDrivers = [ "modesetting" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
# boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
nix.gc = {
automatic = true;

4
nix/os/devices/elias-e525/user.nix
View file

@ -19,12 +19,12 @@ in
users.extraUsers.elias = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
passwordFile = config.sops.secrets.sharedUsers-elias.path;
hashedPasswordFile = config.sops.secrets.sharedUsers-elias.path;
};
users.extraUsers.justyna = mkUser {
uid = 1002;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
passwordFile = config.sops.secrets.sharedUsers-justyna.path;
hashedPasswordFile = config.sops.secrets.sharedUsers-justyna.path;
};
}

1
nix/os/devices/sj-srv1/default.nix
View file

@ -17,6 +17,7 @@ in
${nodeName} = {
deployment.targetHost = "${nodeName}.dmz.internal";
# deployment.targetHost = "www.stefanjunker.de";
deployment.replaceUnknownProfiles = false;
imports = [

28
nix/os/devices/sj-srv1/flake.lock generated
View file

@ -7,32 +7,32 @@
]
},
"locked": {
"lastModified": 1747020534,
"narHash": "sha256-D/6rkiC6w2p+4SwRiVKrWIeYzun8FBg7NlMKMwQMxO0=",
"lastModified": 1747556831,
"narHash": "sha256-Qb84nbYFFk0DzFeqVoHltS2RodAYY5/HZQKE8WnBDsc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b4bbdc6fde16fc2051fcde232f6e288cd22007ca",
"rev": "d0bbd221482c2713cccb80220f3c9d16a6e20a33",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1746957726,
"narHash": "sha256-k9ut1LSfHCr0AW82ttEQzXVCqmyWVA5+SHJkS5ID/Jo=",
"lastModified": 1747953325,
"narHash": "sha256-y2ZtlIlNTuVJUZCqzZAhIw5rrKP4DOSklev6c8PyCkQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a39ed32a651fdee6842ec930761e31d1f242cb94",
"rev": "55d1f923c480dadce40f5231feb472e81b0bab48",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
@ -55,11 +55,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1747142919,
"narHash": "sha256-84jJ5uDXws7EYch+4fxmfoCCTWRWZCXCCVM0Dh65ZH8=",
"lastModified": 1748090750,
"narHash": "sha256-q98rD+6llf/9ABNZc0lbSgGVjqMvkx4QL8LTs1jt+FY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "60bdd7db9e890967224c2244be45beecd7d6e448",
"rev": "a9e3bbb8995849e5daa0cf5e03a09c1df63bf933",
"type": "github"
},
"original": {
@ -71,11 +71,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1747114929,
"narHash": "sha256-GnQGiZiOnGfxM9oVhgqOJk0Qv1aZ11p5Aloac2tdoKY=",
"lastModified": 1748074755,
"narHash": "sha256-b3SC3Q3cXr4tdCN3WVTFqMP8I9OwaXXcj1aVoSVaygw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fab95ba4b9523f310644e6e6087c0014535c8e02",
"rev": "c3ee76c437067f1ae09d6e530df46a3f80977992",
"type": "github"
},
"original": {

4
nix/os/devices/sj-srv1/flake.nix
View file

@ -1,12 +1,12 @@
{
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
inputs.nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
inputs.nixpkgs-master.url = "github:nixos/nixpkgs/master";
inputs.nixpkgs-kanidm.url = "github:steveej-forks/nixpkgs/kanidm";
inputs.home-manager = {
url = "github:nix-community/home-manager/release-24.11";
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};

5
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -87,7 +87,7 @@
{
networking.nat = {
enable = true;
internalInterfaces = ["ve-+"];
internalInterfaces = [ "ve-+" ];
# externalInterface = "enu1u1u2";
# Lazy IPv6 connectivity for the container
# enableIPv6 = true;
@ -283,5 +283,6 @@
nix.settings.sandbox = lib.mkForce "relaxed";
systemd.user.services.wireplumber.environment.LIBCAMERA_IPA_PROXY_PATH = "${pkgs.libcamera}/libexec/libcamera";
systemd.user.services.wireplumber.environment.LIBCAMERA_IPA_PROXY_PATH =
"${pkgs.libcamera}/libexec/libcamera";
}

81
nix/os/devices/steveej-x13s/flake.lock generated
View file

@ -3,11 +3,11 @@
"ath11k-firmware": {
"flake": false,
"locked": {
"lastModified": 1741293326,
"narHash": "sha256-Ew0d2h1pHqJB8SC0pEYezU5lMknvlcYazVVYCtjW3OY=",
"lastModified": 1746643896,
"narHash": "sha256-QXZHcbMNX0f2RQBrCCYRS3dLU1q/02J3HjnWuv8Oaaw=",
"ref": "refs/heads/main",
"rev": "bc6359cb7ad38b7bc4de6580b7a3c70851c0cafb",
"revCount": 173,
"rev": "1e7cd757828d414f71da82f480696540473bd475",
"revCount": 174,
"type": "git",
"url": "https://git.codelinaro.org/clo/ath-firmware/ath11k-firmware.git"
},
@ -38,11 +38,11 @@
]
},
"locked": {
"lastModified": 1745812220,
"narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=",
"lastModified": 1748225455,
"narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=",
"owner": "nix-community",
"repo": "disko",
"rev": "d0c543d740fad42fe2c035b43c9d41127e073c78",
"rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba",
"type": "github"
},
"original": {
@ -215,15 +215,15 @@
]
},
"locked": {
"lastModified": 1737233786,
"narHash": "sha256-WO6owkCecetn7bbu/ofy8aftO3rPCHUeq5GlVLsfS4M=",
"owner": "steveej-forks",
"lastModified": 1748455938,
"narHash": "sha256-mQ/iNzPra2WtDQ+x2r5IadcWNr0m3uHvLMzJkXKAG/8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "40ecdf4fc8bb698b8cbdb2ddb0ed5b1868e43c1a",
"rev": "02077149e2921014511dac2729ae6dadb4ec50e2",
"type": "github"
},
"original": {
"owner": "steveej-forks",
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
@ -232,16 +232,16 @@
"linux-jhovold": {
"flake": false,
"locked": {
"lastModified": 1745847827,
"narHash": "sha256-ewM7Rpd6On6ys3OkcWOtR7TNWSRZRLZpRP7L9syhn6s=",
"lastModified": 1748260494,
"narHash": "sha256-0KTN63q+86g++BVQPOm7MHAVQvj+t3aJFsPwE+wDk2U=",
"owner": "jhovold",
"repo": "linux",
"rev": "1786db28b335abb5a0fa1e8a27e9950a73f64acf",
"rev": "ababc24306a694b74995cffc4e9c51aa84b9af8a",
"type": "github"
},
"original": {
"owner": "jhovold",
"ref": "wip/sc8280xp-6.15-rc4",
"ref": "wip/sc8280xp-6.15",
"repo": "linux",
"type": "github"
}
@ -257,11 +257,11 @@
]
},
"locked": {
"lastModified": 1745920427,
"narHash": "sha256-E5uUuKv7Mn0/EfmffRQZpSeATcSzJFVeYVF6Cn7KbJc=",
"lastModified": 1747734538,
"narHash": "sha256-bFKEPbwffDSvoG6KBDH87ebbnFq1IyqAfLyg2zlwlIY=",
"owner": "threefoldtech",
"repo": "mycelium",
"rev": "1eec5651bf5f194b7f7875ec2483582ccebf1cc1",
"rev": "71cb99dc65f47d4baced0288df1d299bf960505e",
"type": "github"
},
"original": {
@ -317,11 +317,11 @@
"x13s-bt-linux-firmware": "x13s-bt-linux-firmware"
},
"locked": {
"lastModified": 1745914252,
"narHash": "sha256-u8hbsI+oW+cO+omdGeY6Q+Z/NvVZaHIZS70f1mq1gac=",
"lastModified": 1748459535,
"narHash": "sha256-U7n47n4oIhKKiCVzGBOz0vdoihmjLBJFPvdp+gFapmU=",
"ref": "bump",
"rev": "8bd7972c74b12b45aee190ce2ddd6960a0771af6",
"revCount": 147,
"rev": "903961b6ad426a1092d3b05501b8f17bcde3c0ab",
"revCount": 151,
"type": "git",
"url": "https://forgejo.www.stefanjunker.de/steveej/nixos-x13s.git"
},
@ -345,11 +345,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1746055187,
"narHash": "sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0=",
"lastModified": 1748037224,
"narHash": "sha256-92vihpZr6dwEMV6g98M5kHZIttrWahb9iRPBm1atcPk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3e362ce63e16b9572d8c2297c04f7c19ab6725a5",
"rev": "f09dede81861f3a83f7f06641ead34f02f37597f",
"type": "github"
},
"original": {
@ -361,11 +361,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1745930157,
"narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=",
"lastModified": 1748370509,
"narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae",
"rev": "4faa5f5321320e49a78ae7848582f684d64783e9",
"type": "github"
},
"original": {
@ -389,28 +389,7 @@
"nixpkgs-unstable"
],
"nixpkgs-stable": "nixpkgs-stable",
"nixpkgs-unstable": "nixpkgs-unstable",
"signal-desktop": "signal-desktop"
}
},
"signal-desktop": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1745037528,
"narHash": "sha256-twzHVBNEX6daUCFwtjn3X7WaJnwRqHeAxX0MB7kosHo=",
"owner": "youwen5",
"repo": "signal-desktop-flake",
"rev": "1b41af6489574da6ba1e0186235c87acbf57163f",
"type": "github"
},
"original": {
"owner": "youwen5",
"repo": "signal-desktop-flake",
"type": "github"
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"systems": {

15
nix/os/devices/steveej-x13s/flake.nix
View file

@ -10,8 +10,8 @@
disko.inputs.nixpkgs.follows = "nixpkgs";
home-manager = {
url = "github:steveej-forks/home-manager/master";
# url = "github:nix-community/home-manager/master";
# url = "github:steveej-forks/home-manager/master";
url = "github:nix-community/home-manager/master";
# url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -49,11 +49,6 @@
url = "github:erikarvstedt/extra-container";
inputs.nixpkgs.follows = "nixpkgs";
};
signal-desktop = {
url = "github:youwen5/signal-desktop-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
@ -100,10 +95,8 @@
inherit mkNixosConfiguration;
};
overlays.default =
_final: _previous:
{
};
overlays.default = _final: _previous: {
};
nixosConfigurations = {
native = mkNixosConfiguration { system = nativeSystem; };

37
nix/os/profiles/graphical-gnome-xorg.nix
View file

@ -1,9 +1,9 @@
{ pkgs, lib, ... }:
{
services.libinput.enable = true;
services.libinput.touchpad.naturalScrolling = true;
services.xserver = {
enable = true;
libinput.enable = true;
libinput.touchpad.naturalScrolling = true;
videoDrivers = [
"qxl"
@ -15,9 +15,9 @@
"vmware"
"modesetting"
];
layout = "us";
xkbVariant = "altgr-intl";
xkbOptions = "nodeadkeys";
xkb.layout = "us";
xkb.variant = "altgr-intl";
xkb.options = "nodeadkeys";
desktopManager = {
# FIXME: gnome should be moved to user session
@ -41,14 +41,13 @@
# TODO: fully delegate graphical session to home-manager config
services.gnome = {
gnome-online-miners.enable = lib.mkForce false;
games.enable = false;
gnome-remote-desktop.enable = false;
gnome-user-share.enable = false;
rygel.enable = false;
sushi.enable = false;
tracker.enable = false;
tracker-miners.enable = false;
tinysparql.enable = false;
localsearch.enable = false;
gnome-browser-connector.enable = false;
gnome-initial-setup.enable = false;
@ -72,9 +71,8 @@
orca
gnome-photos
gnome-tour
])
++ (with pkgs.gnome; [
cheese # webcam tool
snapshot # webcam tool
gnome-music
gnome-terminal
gedit # text editor
@ -83,23 +81,24 @@
evince # document viewer
gnome-characters
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
hardware.pulseaudio = {
services.pipewire = {
audio.enable = true;
enable = true;
package = pkgs.pulseaudioFull;
support32Bit = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
wireplumber.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
services.dbus.packages = with pkgs; [ dconf ];
# More Services
environment.systemPackages = [
pkgs.gnome.adwaita-icon-theme
pkgs.adwaita-icon-theme
pkgs.gnomeExtensions.appindicator
];
}

4
nix/os/profiles/graphical/system.nix
View file

@ -19,7 +19,7 @@
# hardware related services
services.pcscd.enable = true;
hardware.opengl.enable = true;
hardware.graphics.enable = true;
services.udev.packages = [
pkgs.libu2f-host
@ -53,8 +53,6 @@
services.printing = {
enable = true;
drivers = with pkgs; [
mfcl3770cdwlpr
mfcl3770cdwcupswrapper
];
};
}

2
nix/os/snippets/nix-settings.nix
View file

@ -36,5 +36,5 @@ in
inherit (nodeFlake.inputs.nixpkgs) narHash;
};
nix.package = pkgsUnstable.nixVersions.latest;
nix.package = pkgs.nixVersions.latest;
}

2
nix/os/snippets/sway-desktop.nix
View file

@ -16,7 +16,7 @@ in
Option "OffTime" "0"
'';
hardware.opengl.enable = true;
hardware.graphics.enable = true;
services.gvfs = {
enable = true;