--- /dev/null
+
+ # Containers
+ containers = {
+ im = {
+ ephemeral = true;
+ # privateNetwork = true;
+ localAddress = "10.23.45.2";
+ hostAddress = "10.23.45.1";
+
+ bindMounts."/per".hostPath = "/var/lib/nixos-containers/im";
+ bindMounts."/per".isReadOnly = false;
+
+ extraFlags = [
+ "--property='MemoryMax=60M'"
+ "--property='MemoryHigh=50M'"
+ "--property='CPUQuota=4%'"
+ ];
+
+ config = { config, pkgs, ... }: {
+ imports = [ inputs.impermanence.nixosModules.impermanence ];
+
+ environment.persistence."/per" = {
+ directories = [
+ "/var/log"
+ "/var/lib"
+ { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; }
+ ];
+ files = [];
+ };
+ environment.systemPackages = with pkgs; [ helix python312 deno ];
+
+ users.users.ps = { isNormalUser = true; };
+
+ networking.firewall.allowedTCPPorts = [ 80 8080 ];
+
+ system.stateVersion = "25.05";
+ };
+ };
+ };
+ networking.nat.enable = true;
+ networking.nat.internalInterfaces = ["ve-+"];
+ networking.nat.externalInterface = "eth0";
+ networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
--- /dev/null
+
+ # incus admin init --minimal
+ # incus image list images:
+ # incus launch images:ubuntu/noble <name>
+ # incus exec <name> -- /bin/bash
+ # incus exec <name> -- adduser --shell /bin/bash --ingroup sudo ps
+ # incus exec <name> -- su - ps -c 'tmux new-session -A -s main'
+ virtualisation.incus.enable = true;
+ virtualisation.incus.ui.enable = true;
+ networking.firewall.trustedInterfaces = [ "incusbr0" ];
+
--- /dev/null
+{ config, pkgs, inputs, lib, ... } @ args:
+{
+ networking.nftables.enable = true;
+ networking.hostName = "thinkpad"; # Define your hostname.
+ # Enable networking
+ # networking.networkmanager.enable = true;
+ networking.firewall.allowedTCPPorts = [ 22 1234 5900 6011 6021 6022 8080 53317 7236 7250 ];
+ networking.firewall.allowedUDPPorts = [ 5901 53317 7236 5353 ];
+}
--- /dev/null
+{ config, pkgs, inputs, lib, ... } @ args:
+{
+ # List packages installed in system profile. To search, run:
+ # $ nix search wget
+ environment.systemPackages = with pkgs; [
+ args.inputs.zls.inputs.zig-overlay.packages.${pkgs.system}.master
+ args.inputs.zls.packages.${pkgs.system}.zls
+ args.inputs.ps-flakes.packages.${pkgs.system}.resetmsmice
+ args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zuban
+ vim wget file git kitty i3 gdb
+ mosh
+ cmake
+ entr
+ asciinema asciinema-agg
+ shellify
+ deno
+ typst
+ jdt-language-server
+ google-java-format
+
+ scrcpy
+
+ xsel
+ xcwd
+
+ pinta
+ mupdf
+ ];
+
+ programs.nix-ld.enable = true;
+ programs.direnv.enable = true;
+ programs.direnv.nix-direnv.enable = true;
+
+ services.fwupd.enable = true;
+}
--- /dev/null
+{ config, pkgs, inputs, lib, ... } @ args:
+{
+ services.syncthing = {
+ enable = true;
+ user = "ps";
+ dataDir = "/home/ps/sync";
+ configDir = "/home/ps/.config/syncthing";
+ };
+
+ # Configure console keymap
+ console.keyMap = "de-latin1-nodeadkeys";
+
+ # Enable CUPS to print documents.
+ services.printing.enable = true;
+ services.printing.drivers = [ pkgs.gutenprint ];
+
+ # Enable scanners
+ hardware.sane.enable = true;
+ hardware.sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ];
+ services.avahi.enable = true;
+ services.avahi.nssmdns4 = true;
+ services.avahi.reflector = true;
+ services.udev.packages = [ pkgs.sane-airscan ];
+
+ # Enable the OpenSSH daemon.
+ services.openssh = {
+ enable = true;
+ ports = [ 22 ];
+ # settings = {
+ # PasswordAuthentication = false;
+ # PermitRootLogin = "no";
+ # };
+ # authorizedKeysCommand =
+ # let keys = pkgs.writers.writePython3Bin "keys" {} ''
+ # import sys
+ #
+ # args = sys.argv
+ #
+ # print(args)
+ # '';
+ # in
+ # "${keys}/bin/keys";
+ # authorizedKeysCommandUser = "ps";
+ };
+}
--- /dev/null
+{ config, pkgs, inputs, lib, ... } @ args:
+{
+ boot.tmp.cleanOnBoot = true;
+ nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ nix.settings.download-buffer-size = 500000000;
+ nix.settings.trusted-users = ["root" "ps"];
+ nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ nix.settings.download-buffer-size = 500000000;
+ nix.settings.trusted-users = ["root" "ps"];
+ nixpkgs.config.allowUnfree = true;
+
+ # Set your time zone.
+ time.timeZone = "Europe/Berlin";
+
+ # Select internationalisation properties.
+ i18n.defaultLocale = "de_DE.UTF-8";
+
+ i18n.extraLocaleSettings = {
+ LC_ADDRESS = "de_DE.UTF-8";
+ LC_IDENTIFICATION = "de_DE.UTF-8";
+ LC_MEASUREMENT = "de_DE.UTF-8";
+ LC_MONETARY = "de_DE.UTF-8";
+ LC_NAME = "de_DE.UTF-8";
+ LC_NUMERIC = "de_DE.UTF-8";
+ LC_PAPER = "de_DE.UTF-8";
+ LC_TELEPHONE = "de_DE.UTF-8";
+ LC_TIME = "de_DE.UTF-8";
+ };
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "24.05"; # Did you read the comment?
+}
--- /dev/null
+{ config, pkgs, inputs, lib, ... } @ args:
+let
+ wallpaper = pkgs.fetchurl {
+ url = "https://w.wallhaven.cc/full/ex/wallhaven-exrqrr.jpg";
+ sha256 = "sha256-RYN8KwJPDMfxrcosbpmjON0Y+I58IhB1Ke36LdohsxA=";
+ };
+in
+{
+ # Define a user account. Don't forget to set a password with ‘passwd’.
+ users.groups.ssh = {};
+ users.users = {
+ ps = {
+ isNormalUser = true;
+ description = "Patrick";
+ shell = pkgs.bash;
+ extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" "lp" "incus-admin" ];
+ };
+ chirp = {
+ isSystemUser = true;
+ packages = [
+ pkgs.python3
+ ];
+ group = "ssh";
+ shell = pkgs.bash;
+ initialPassword = "chirp";
+ };
+ };
+
+ security.polkit.enable = true;
+ security.sudo.wheelNeedsPassword = false;
+
+ home-manager = {
+ backupFileExtension = "backup";
+ extraSpecialArgs = {
+ inherit inputs;
+ inherit wallpaper;
+ };
+ users = {
+ "ps" = import ./home-ps.nix;
+ "root" = { home.stateVersion = "24.05"; };
+ };
+ sharedModules = [
+ (import ./home-common.nix)
+ ];
+ };
+}
--- /dev/null
+
+ services.xserver.windowManager.i3.enable = true;
+ services.xserver.xkb = {
+ layout = "de";
+ variant = "nodeadkeys";
+ options = "caps:ctrl_modifier";
+ };
--- /dev/null
+{ config, pkgs, inputs, lib, ... } @ args:
+{
+ wsl.enable = true;
+ wsl.defaultUser = "ps";
+}
{
"nodes": {
- "extra-container": {
- "inputs": {
- "flake-utils": "flake-utils",
- "nixpkgs": [
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1749474221,
- "narHash": "sha256-t31Ynq9jFNlf3lUQ8vvdJKt7xQqo5poWi+3yl2v8avk=",
- "owner": "erikarvstedt",
- "repo": "extra-container",
- "rev": "6a6d1d32fde689c2ea978c1c1a4286e89f4f83c1",
- "type": "github"
- },
- "original": {
- "owner": "erikarvstedt",
- "repo": "extra-container",
- "type": "github"
- }
- },
- "fakwin": {
- "inputs": {
- "flake-parts": "flake-parts",
- "nixpkgs": [
- "nixpkgs"
- ]
- },
- "locked": {
- "lastModified": 1756584983,
- "narHash": "sha256-TObjSQhtqbdrQhYHSQxHL8sopgXrBF449eO+eVNbZgI=",
- "owner": "DMaroo",
- "repo": "fakwin",
- "rev": "0cbbbbf7009d83c3cdd325e20c429b37d89fcef6",
- "type": "github"
- },
- "original": {
- "owner": "DMaroo",
- "repo": "fakwin",
- "type": "github"
- }
- },
"firefox-addons": {
"inputs": {
"nixpkgs": [
"type": "github"
}
},
- "flake-parts": {
- "inputs": {
- "nixpkgs-lib": "nixpkgs-lib"
- },
- "locked": {
- "lastModified": 1754487366,
- "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
- "type": "github"
- },
- "original": {
- "owner": "hercules-ci",
- "repo": "flake-parts",
- "type": "github"
- }
- },
"flake-utils": {
"inputs": {
"systems": "systems"
"inputs": {
"systems": "systems_2"
},
- "locked": {
- "lastModified": 1731533236,
- "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_3": {
- "inputs": {
- "systems": "systems_3"
- },
- "locked": {
- "lastModified": 1731533236,
- "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_4": {
- "inputs": {
- "systems": "systems_4"
- },
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"type": "github"
}
},
- "microvm": {
- "inputs": {
- "flake-utils": "flake-utils_2",
- "nixpkgs": [
- "nixpkgs"
- ],
- "spectrum": "spectrum"
- },
- "locked": {
- "lastModified": 1751732733,
- "narHash": "sha256-MuaFFGHdShvGdHKrd3PUI2om+njixdG/1dGlglRdK8Q=",
- "owner": "astro",
- "repo": "microvm.nix",
- "rev": "9d3d845ccb1a3f81747d027e95b110d4637468d0",
- "type": "github"
- },
- "original": {
- "owner": "astro",
- "repo": "microvm.nix",
- "type": "github"
- }
- },
"nixpkgs": {
"locked": {
"lastModified": 1751943650,
"type": "github"
}
},
- "nixpkgs-lib": {
- "locked": {
- "lastModified": 1753579242,
- "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=",
- "owner": "nix-community",
- "repo": "nixpkgs.lib",
- "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e",
- "type": "github"
- },
- "original": {
- "owner": "nix-community",
- "repo": "nixpkgs.lib",
- "type": "github"
- }
- },
"nixpkgs-unstable": {
"locked": {
"lastModified": 1758427187,
"type": "github"
}
},
- "psch-flakes": {
+ "ps-flakes": {
"inputs": {
- "flake-utils": "flake-utils_3",
+ "flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
- "lastModified": 1751534912,
- "narHash": "sha256-UceGTTox8E1y4QNmsm7nlFXLncIBhPhONTsi6GZfdNA=",
+ "lastModified": 1764420393,
+ "narHash": "sha256-ECCD8UE1Aajl1MuCl267Mjmu9f3wNyNb7Ec9vm/T764=",
"ref": "refs/heads/main",
- "rev": "2f75d496563e6b4053f21bd9a66bc4b06b09360c",
- "revCount": 15,
+ "rev": "732cd6df88ccc11486ca122141aededb6c4d8d61",
+ "revCount": 24,
"type": "git",
- "url": "git://psch.dev/flakes"
+ "url": "git://ps.run/flakes"
},
"original": {
"type": "git",
- "url": "git://psch.dev/flakes"
+ "url": "git://ps.run/flakes"
}
},
"root": {
"inputs": {
- "extra-container": "extra-container",
- "fakwin": "fakwin",
"firefox-addons": "firefox-addons",
"home-manager": "home-manager",
"impermanence": "impermanence",
- "microvm": "microvm",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
- "psch-flakes": "psch-flakes",
+ "ps-flakes": "ps-flakes",
"zls": "zls"
}
},
- "spectrum": {
- "flake": false,
- "locked": {
- "lastModified": 1751265943,
- "narHash": "sha256-XoHSo6GEElzRUOYAEg/jlh5c8TDsyDESFIux3nU/NMc=",
- "ref": "refs/heads/main",
- "rev": "37c8663fab86fdb202fece339ef7ac7177ffc201",
- "revCount": 904,
- "type": "git",
- "url": "https://spectrum-os.org/git/spectrum"
- },
- "original": {
- "type": "git",
- "url": "https://spectrum-os.org/git/spectrum"
- }
- },
"systems": {
"locked": {
"lastModified": 1681028828,
"type": "github"
}
},
- "systems_3": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
- "systems_4": {
- "locked": {
- "lastModified": 1681028828,
- "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
- "owner": "nix-systems",
- "repo": "default",
- "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
- "type": "github"
- },
- "original": {
- "owner": "nix-systems",
- "repo": "default",
- "type": "github"
- }
- },
"zig-overlay": {
"inputs": {
"flake-compat": "flake-compat",
- "flake-utils": "flake-utils_4",
+ "flake-utils": "flake-utils_2",
"nixpkgs": [
"zls",
"nixpkgs"
impermanence.url = "github:nix-community/impermanence";
- extra-container = {
- url = "github:erikarvstedt/extra-container";
- inputs.nixpkgs.follows = "nixpkgs";
- };
-
- psch-flakes = {
- url = "git://psch.dev/flakes";
- inputs.nixpkgs.follows = "nixpkgs";
- };
-
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
url = "github:zigtools/zls";
inputs.nixpkgs.follows = "nixpkgs";
};
-
- fakwin = {
- url = "github:DMaroo/fakwin";
+
+ ps-flakes = {
+ url = "git://ps.run/flakes";
inputs.nixpkgs.follows = "nixpkgs";
};
-
- microvm.url = "github:astro/microvm.nix";
- microvm.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, ... }@inputs: {
nixosConfigurations.default = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs;};
- modules = [ ./configuration.nix ];
+ modules = [
+ ./config-wsl.nix
+ ./config-system.nix
+ ./config-user.nix
+ ./config-networking.nix
+ ./config-packages.nix
+ ./config-services.nix
+ ./config-containers.nix
+ ./config-incus.nix
+
+ inputs.home-manager.nixosModules.default
+ ];
};
};
}
projects / flake_thinkpad / commitdiff