From: Patrick Date: Sun, 7 Dec 2025 21:43:44 +0000 (+0000) Subject: separate X-Git-Url: https://gitweb.ps.run/flake_thinkpad/commitdiff_plain/7c6631e307cb5e6848200f3b6c3421fae08d8e23 separate --- diff --git a/config-containers.nix b/config-containers.nix new file mode 100644 index 0000000..8141c35 --- /dev/null +++ b/config-containers.nix @@ -0,0 +1,43 @@ + + # Containers + containers = { + im = { + ephemeral = true; + # privateNetwork = true; + localAddress = "10.23.45.2"; + hostAddress = "10.23.45.1"; + + bindMounts."/per".hostPath = "/var/lib/nixos-containers/im"; + bindMounts."/per".isReadOnly = false; + + extraFlags = [ + "--property='MemoryMax=60M'" + "--property='MemoryHigh=50M'" + "--property='CPUQuota=4%'" + ]; + + config = { config, pkgs, ... }: { + imports = [ inputs.impermanence.nixosModules.impermanence ]; + + environment.persistence."/per" = { + directories = [ + "/var/log" + "/var/lib" + { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; } + ]; + files = []; + }; + environment.systemPackages = with pkgs; [ helix python312 deno ]; + + users.users.ps = { isNormalUser = true; }; + + networking.firewall.allowedTCPPorts = [ 80 8080 ]; + + system.stateVersion = "25.05"; + }; + }; + }; + networking.nat.enable = true; + networking.nat.internalInterfaces = ["ve-+"]; + networking.nat.externalInterface = "eth0"; + networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; diff --git a/config-incus.nix b/config-incus.nix new file mode 100644 index 0000000..5e6ebbf --- /dev/null +++ b/config-incus.nix @@ -0,0 +1,11 @@ + + # incus admin init --minimal + # incus image list images: + # incus launch images:ubuntu/noble + # incus exec -- /bin/bash + # incus exec -- adduser --shell /bin/bash --ingroup sudo ps + # incus exec -- su - ps -c 'tmux new-session -A -s main' + virtualisation.incus.enable = true; + virtualisation.incus.ui.enable = true; + networking.firewall.trustedInterfaces = [ "incusbr0" ]; + diff --git a/config-networking.nix b/config-networking.nix new file mode 100644 index 0000000..40ac1f8 --- /dev/null +++ b/config-networking.nix @@ -0,0 +1,9 @@ +{ config, pkgs, inputs, lib, ... } @ args: +{ + networking.nftables.enable = true; + networking.hostName = "thinkpad"; # Define your hostname. + # Enable networking + # networking.networkmanager.enable = true; + networking.firewall.allowedTCPPorts = [ 22 1234 5900 6011 6021 6022 8080 53317 7236 7250 ]; + networking.firewall.allowedUDPPorts = [ 5901 53317 7236 5353 ]; +} diff --git a/config-packages.nix b/config-packages.nix new file mode 100644 index 0000000..3fd2cf8 --- /dev/null +++ b/config-packages.nix @@ -0,0 +1,35 @@ +{ config, pkgs, inputs, lib, ... } @ args: +{ + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + args.inputs.zls.inputs.zig-overlay.packages.${pkgs.system}.master + args.inputs.zls.packages.${pkgs.system}.zls + args.inputs.ps-flakes.packages.${pkgs.system}.resetmsmice + args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zuban + vim wget file git kitty i3 gdb + mosh + cmake + entr + asciinema asciinema-agg + shellify + deno + typst + jdt-language-server + google-java-format + + scrcpy + + xsel + xcwd + + pinta + mupdf + ]; + + programs.nix-ld.enable = true; + programs.direnv.enable = true; + programs.direnv.nix-direnv.enable = true; + + services.fwupd.enable = true; +} diff --git a/config-services.nix b/config-services.nix new file mode 100644 index 0000000..f38823a --- /dev/null +++ b/config-services.nix @@ -0,0 +1,45 @@ +{ config, pkgs, inputs, lib, ... } @ args: +{ + services.syncthing = { + enable = true; + user = "ps"; + dataDir = "/home/ps/sync"; + configDir = "/home/ps/.config/syncthing"; + }; + + # Configure console keymap + console.keyMap = "de-latin1-nodeadkeys"; + + # Enable CUPS to print documents. + services.printing.enable = true; + services.printing.drivers = [ pkgs.gutenprint ]; + + # Enable scanners + hardware.sane.enable = true; + hardware.sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ]; + services.avahi.enable = true; + services.avahi.nssmdns4 = true; + services.avahi.reflector = true; + services.udev.packages = [ pkgs.sane-airscan ]; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + ports = [ 22 ]; + # settings = { + # PasswordAuthentication = false; + # PermitRootLogin = "no"; + # }; + # authorizedKeysCommand = + # let keys = pkgs.writers.writePython3Bin "keys" {} '' + # import sys + # + # args = sys.argv + # + # print(args) + # ''; + # in + # "${keys}/bin/keys"; + # authorizedKeysCommandUser = "ps"; + }; +} diff --git a/config-system.nix b/config-system.nix new file mode 100644 index 0000000..845d98d --- /dev/null +++ b/config-system.nix @@ -0,0 +1,37 @@ +{ config, pkgs, inputs, lib, ... } @ args: +{ + boot.tmp.cleanOnBoot = true; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.download-buffer-size = 500000000; + nix.settings.trusted-users = ["root" "ps"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.download-buffer-size = 500000000; + nix.settings.trusted-users = ["root" "ps"]; + nixpkgs.config.allowUnfree = true; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Select internationalisation properties. + i18n.defaultLocale = "de_DE.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "de_DE.UTF-8"; + LC_IDENTIFICATION = "de_DE.UTF-8"; + LC_MEASUREMENT = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_NUMERIC = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? +} diff --git a/config-user.nix b/config-user.nix new file mode 100644 index 0000000..1b4aea7 --- /dev/null +++ b/config-user.nix @@ -0,0 +1,46 @@ +{ config, pkgs, inputs, lib, ... } @ args: +let + wallpaper = pkgs.fetchurl { + url = "https://w.wallhaven.cc/full/ex/wallhaven-exrqrr.jpg"; + sha256 = "sha256-RYN8KwJPDMfxrcosbpmjON0Y+I58IhB1Ke36LdohsxA="; + }; +in +{ + # Define a user account. Don't forget to set a password with ‘passwd’. + users.groups.ssh = {}; + users.users = { + ps = { + isNormalUser = true; + description = "Patrick"; + shell = pkgs.bash; + extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" "lp" "incus-admin" ]; + }; + chirp = { + isSystemUser = true; + packages = [ + pkgs.python3 + ]; + group = "ssh"; + shell = pkgs.bash; + initialPassword = "chirp"; + }; + }; + + security.polkit.enable = true; + security.sudo.wheelNeedsPassword = false; + + home-manager = { + backupFileExtension = "backup"; + extraSpecialArgs = { + inherit inputs; + inherit wallpaper; + }; + users = { + "ps" = import ./home-ps.nix; + "root" = { home.stateVersion = "24.05"; }; + }; + sharedModules = [ + (import ./home-common.nix) + ]; + }; +} diff --git a/config-wm-wsl.nix b/config-wm-wsl.nix new file mode 100644 index 0000000..9260e07 --- /dev/null +++ b/config-wm-wsl.nix @@ -0,0 +1,7 @@ + + services.xserver.windowManager.i3.enable = true; + services.xserver.xkb = { + layout = "de"; + variant = "nodeadkeys"; + options = "caps:ctrl_modifier"; + }; diff --git a/config-wsl.nix b/config-wsl.nix new file mode 100644 index 0000000..1996703 --- /dev/null +++ b/config-wsl.nix @@ -0,0 +1,5 @@ +{ config, pkgs, inputs, lib, ... } @ args: +{ + wsl.enable = true; + wsl.defaultUser = "ps"; +} diff --git a/flake.lock b/flake.lock index e1cc79c..294a850 100644 --- a/flake.lock +++ b/flake.lock @@ -1,47 +1,5 @@ { "nodes": { - "extra-container": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1749474221, - "narHash": "sha256-t31Ynq9jFNlf3lUQ8vvdJKt7xQqo5poWi+3yl2v8avk=", - "owner": "erikarvstedt", - "repo": "extra-container", - "rev": "6a6d1d32fde689c2ea978c1c1a4286e89f4f83c1", - "type": "github" - }, - "original": { - "owner": "erikarvstedt", - "repo": "extra-container", - "type": "github" - } - }, - "fakwin": { - "inputs": { - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1756584983, - "narHash": "sha256-TObjSQhtqbdrQhYHSQxHL8sopgXrBF449eO+eVNbZgI=", - "owner": "DMaroo", - "repo": "fakwin", - "rev": "0cbbbbf7009d83c3cdd325e20c429b37d89fcef6", - "type": "github" - }, - "original": { - "owner": "DMaroo", - "repo": "fakwin", - "type": "github" - } - }, "firefox-addons": { "inputs": { "nixpkgs": [ @@ -80,24 +38,6 @@ "type": "github" } }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -120,42 +60,6 @@ "inputs": { "systems": "systems_2" }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { - "inputs": { - "systems": "systems_4" - }, "locked": { "lastModified": 1705309234, "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", @@ -227,28 +131,6 @@ "type": "github" } }, - "microvm": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "nixpkgs" - ], - "spectrum": "spectrum" - }, - "locked": { - "lastModified": 1751732733, - "narHash": "sha256-MuaFFGHdShvGdHKrd3PUI2om+njixdG/1dGlglRdK8Q=", - "owner": "astro", - "repo": "microvm.nix", - "rev": "9d3d845ccb1a3f81747d027e95b110d4637468d0", - "type": "github" - }, - "original": { - "owner": "astro", - "repo": "microvm.nix", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1751943650, @@ -265,21 +147,6 @@ "type": "github" } }, - "nixpkgs-lib": { - "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1758427187, @@ -296,57 +163,38 @@ "type": "github" } }, - "psch-flakes": { + "ps-flakes": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1751534912, - "narHash": "sha256-UceGTTox8E1y4QNmsm7nlFXLncIBhPhONTsi6GZfdNA=", + "lastModified": 1764420393, + "narHash": "sha256-ECCD8UE1Aajl1MuCl267Mjmu9f3wNyNb7Ec9vm/T764=", "ref": "refs/heads/main", - "rev": "2f75d496563e6b4053f21bd9a66bc4b06b09360c", - "revCount": 15, + "rev": "732cd6df88ccc11486ca122141aededb6c4d8d61", + "revCount": 24, "type": "git", - "url": "git://psch.dev/flakes" + "url": "git://ps.run/flakes" }, "original": { "type": "git", - "url": "git://psch.dev/flakes" + "url": "git://ps.run/flakes" } }, "root": { "inputs": { - "extra-container": "extra-container", - "fakwin": "fakwin", "firefox-addons": "firefox-addons", "home-manager": "home-manager", "impermanence": "impermanence", - "microvm": "microvm", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", - "psch-flakes": "psch-flakes", + "ps-flakes": "ps-flakes", "zls": "zls" } }, - "spectrum": { - "flake": false, - "locked": { - "lastModified": 1751265943, - "narHash": "sha256-XoHSo6GEElzRUOYAEg/jlh5c8TDsyDESFIux3nU/NMc=", - "ref": "refs/heads/main", - "rev": "37c8663fab86fdb202fece339ef7ac7177ffc201", - "revCount": 904, - "type": "git", - "url": "https://spectrum-os.org/git/spectrum" - }, - "original": { - "type": "git", - "url": "https://spectrum-os.org/git/spectrum" - } - }, "systems": { "locked": { "lastModified": 1681028828, @@ -377,40 +225,10 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_4": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "zig-overlay": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_2", "nixpkgs": [ "zls", "nixpkgs" diff --git a/flake.nix b/flake.nix index f3b1fc1..918689c 100644 --- a/flake.nix +++ b/flake.nix @@ -7,16 +7,6 @@ impermanence.url = "github:nix-community/impermanence"; - extra-container = { - url = "github:erikarvstedt/extra-container"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - psch-flakes = { - url = "git://psch.dev/flakes"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - home-manager = { url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; @@ -31,20 +21,28 @@ url = "github:zigtools/zls"; inputs.nixpkgs.follows = "nixpkgs"; }; - - fakwin = { - url = "github:DMaroo/fakwin"; + + ps-flakes = { + url = "git://ps.run/flakes"; inputs.nixpkgs.follows = "nixpkgs"; }; - - microvm.url = "github:astro/microvm.nix"; - microvm.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { self, nixpkgs, ... }@inputs: { nixosConfigurations.default = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs;}; - modules = [ ./configuration.nix ]; + modules = [ + ./config-wsl.nix + ./config-system.nix + ./config-user.nix + ./config-networking.nix + ./config-packages.nix + ./config-services.nix + ./config-containers.nix + ./config-incus.nix + + inputs.home-manager.nixosModules.default + ]; }; }; }