chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Finish modularising config

Browse source 
There are still some things I want to change, but at least there aren't two systems now.
This commit is contained in:
Charlotte Van Petegem 2021-06-27 00:11:23 +02:00
parent 9f04c5d815
commit 0df4d5654f
No known key found for this signature in database
GPG key ID: 019E764B7184435A
68 changed files with 860 additions and 1441 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/android.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, ... }:
{
options.chvp.android.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.android.enable {
chvp.zfs.homeLinks = [{ path = ".android"; type = "cache"; }];
programs.adb.enable = true;
users.users.charlotte.extraGroups = [ "adbusers" ];
};
}

17
modules/calibre.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
{
options.chvp.calibre.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.calibre.enable {
chvp.zfs.homeLinks = [
{ path = ".config/calibre"; type = "cache"; }
];
home-manager.users.charlotte = { ... }: {
home.packages = [ pkgs.calibre ];
};
};
}

37
modules/default.nix
View file

@ -3,26 +3,46 @@
{
imports = [
./accentor.nix
./android.nix
./bluetooth.nix
./calibre.nix
./docker.nix
./deluge-client.nix
./deluge-server.nix
./dropbox.nix
./eid.nix
./emacs.nix
./firefox.nix
./git.nix
./global-mailer.nix
./gnupg.nix
./graphical.nix
./hledger.nix
./mail-client.nix
./minecraft.nix
./mumble.nix
./networkmanager.nix
./nextcloud.nix
./nix.nix
./nginx.nix
./obs.nix
./ovh.nix
./pass.nix
./smartd.nix
./sound.nix
./ssh.nix
./sshd.nix
./steam.nix
./sway
./syncthing-client.nix
./syncthing-server.nix
./teeworlds.nix
./terminal.nix
./tetris.nix
./theming.nix
./tmux.nix
./vpn.nix
./ugent
./xdg.nix
./zeroad.nix
./zfs.nix
./zotero.nix
@ -44,11 +64,6 @@
example = "/cache";
};
graphical = lib.mkOption {
default = false;
example = true;
};
hasContainers = lib.mkOption {
default = false;
example = true;
@ -68,11 +83,7 @@
};
};
environment.systemPackages = with pkgs; [
htop
ncdu
ripgrep
];
environment.systemPackages = with pkgs; [ htop moreutils ncdu ripgrep sshfs unzip ];
console = {
colors = [
@ -124,6 +135,8 @@
];
};
services.fwupd.enable = true;
users = {
mutableUsers = false;
defaultUserShell = pkgs.zsh;
@ -132,7 +145,7 @@
isNormalUser = true;
home = "/home/charlotte";
description = "Charlotte Van Petegem";
extraGroups = [ "systemd-journal" ] ++ lib.optionals config.chvp.graphical [ "input" "video" ];
extraGroups = [ "systemd-journal" ];
passwordFile = config.age.secrets."passwords/users/charlotte".path;
};
root.passwordFile = config.age.secrets."passwords/users/root".path;

18
modules/deluge-client.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
{
options.chvp.deluge-client.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.deluge-client.enable {
home-manager.users.charlotte = { pkgs, ... }: {
home.packages = with pkgs; [ deluge ];
};
chvp.zfs.homeLinks = [
{ path = ".config/deluge"; type = "data"; }
];
};
}

66
modules/deluge-server.nix Normal file
View file

@ -0,0 +1,66 @@
{ config, lib, pkgs, ... }:
{
options.chvp.deluge-server = {
enable = lib.mkOption {
default = false;
example = true;
};
count = lib.mkOption {
default = 1;
example = 6;
};
};
config = lib.mkIf config.chvp.deluge-server.enable {
chvp.nginx.hosts = builtins.genList
(n: {
fqdn = "del${toString (n + 1)}.vanpetegem.me";
basicProxy = "http://localhost:${toString (8112 + n)}";
})
config.chvp.deluge-server.count;
networking.firewall = {
allowedTCPPortRanges = [
{ from = 60000; to = 60000 + config.chvp.deluge-server.count - 1; }
{ from = 58846; to = 58846 + config.chvp.deluge-server.count - 1; }
];
};
systemd.services = builtins.foldl' (x: y: x // y) { } (builtins.genList
(n:
let num = toString (n + 1); in
{
"del${num}" = {
after = [ "network.target" ];
description = "Deluge daemon ${num}";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.deluge ];
serviceConfig = {
ExecStart = ''
${pkgs.deluge}/bin/deluged --do-not-daemonize --config /data/var/lib/deluge/del${toString (n + 1)}
'';
Restart = "on-success";
User = "charlotte";
Group = "users";
UMask = "022";
};
};
"del${num}-web" = {
after = [ "network.target" "del${num}.service" ];
requires = [ "del${num}.service" ];
description = "Deluge Web UI for daemon ${num}";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.deluge ];
serviceConfig = {
ExecStart = ''
${pkgs.deluge}/bin/deluge-web --do-not-daemonize --config /data/var/lib/deluge/del${toString (n + 1)} --port ${toString (8112 + n)}
'';
User = "charlotte";
Group = "users";
};
};
})
config.chvp.deluge-server.count);
};
}

44
modules/dropbox.nix Normal file
View file

@ -0,0 +1,44 @@
{ config, lib, pkgs, ... }:
{
options.chvp.dropbox.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.dropbox.enable {
chvp = {
nix.unfreePackages = [ "dropbox" ];
zfs.homeLinks = [
{ path = ".dropbox"; type = "cache"; }
{ path = "Dropbox"; type = "data"; }
];
};
# Avoids a double firefox install, see https://github.com/NixOS/nixpkgs/pull/31772
nixpkgs.overlays = [ (self: super: { firefox-bin = self.firefox; }) ];
home-manager.users.charlotte = { pkgs, ... }: {
systemd.user.services = {
dropbox = {
Unit = {
Description = "Dropbox";
};
Service = {
Environment = "QT_PLUGIN_PATH=\"/run/current-system/sw/${pkgs.qt5.qtbase.qtPluginPrefix}\" QML2_IMPORT_PATH=\"/run/current-system/sw/${pkgs.qt5.qtbase.qtQmlPrefix}\"";
ExecStart = "${pkgs.dropbox.out}/bin/dropbox";
ExecReload = "${pkgs.coreutils.out}/bin/kill -HUP $MAINPID";
KillMode = "control-group";
Restart = "on-failure";
PrivateTmp = true;
ProtectSystem = "full";
Nice = 10;
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
};
};
};
};
}

5
modules/eid.nix
View file

@ -8,6 +8,11 @@
config = lib.mkIf config.chvp.eid.enable {
environment.systemPackages = [ pkgs.eid-mw ];
nixpkgs.overlays = [
(self: super: {
firefox = super.firefox.override { pkcs11Modules = [ self.eid-mw ]; };
})
];
services.pcscd = {
enable = true;
plugins = [ pkgs.ccid ];

19
modules/firefox.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
{
options.chvp.firefox.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.firefox.enable {
chvp.zfs.homeLinks = [
{ path = ".cache/mozilla"; type = "cache"; }
{ path = ".mozilla"; type = "data"; }
];
home-manager.users.charlotte = { ... }: {
home.packages = with pkgs; [ firefox ];
};
};
}

44
modules/gnupg.nix Normal file
View file

@ -0,0 +1,44 @@
{ config, lib, ... }:
{
options.chvp.gnupg = {
enable = lib.mkOption {
default = false;
example = true;
};
pinentryFlavor = lib.mkOption {
type = lib.types.str;
default = "curses";
example = "qt";
description = ''
Pinentry flavor for gnupg.
'';
};
};
config = lib.mkIf config.chvp.gnupg.enable {
chvp.zfs.homeLinks = [
{ path = ".gnupg/crls.d"; type = "data"; }
{ path = ".gnupg/private-keys-v1.d"; type = "data"; }
{ path = ".gnupg/pubring.kbx"; type = "data"; }
{ path = ".gnupg/trustdb.gpg"; type = "data"; }
];
programs.gnupg.agent = {
enable = true;
pinentryFlavor = config.chvp.gnupg.pinentryFlavor;
};
home-manager.users.charlotte = { lib, ... }: {
home.activation.fixPermissionsCommands = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
mkdir -p /home/charlotte/.gnupg
chmod u=rwX,go= /home/charlotte/.gnupg
'';
programs.gpg.enable = true;
services.gpg-agent = {
enable = true;
defaultCacheTtl = 7200;
maxCacheTtl = 99999;
pinentryFlavor = config.chvp.gnupg.pinentryFlavor;
};
};
};
}

50
modules/graphical.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
{
options.chvp.graphical = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.graphical {
users.users.charlotte.extraGroups = [ "input" "video" ];
chvp = {
calibre.enable = lib.mkDefault true;
deluge-client.enable = lib.mkDefault true;
docker.enable = lib.mkDefault true;
eid.enable = lib.mkDefault true;
firefox.enable = lib.mkDefault true;
mail-client.enable = lib.mkDefault true;
gnupg = {
enable = lib.mkDefault true;
pinentryFlavor = lib.mkDefault "qt";
};
hledger.enable = lib.mkDefault true;
networkmanager.enable = lib.mkDefault true;
nix.unfreePackages = [ "google-chrome" ];
pass.enable = lib.mkDefault true;
sound.enable = lib.mkDefault true;
syncthing-client.enable = lib.mkDefault true;
sway.enable = lib.mkDefault true;
terminal.enable = lib.mkDefault true;
theming.enable = lib.mkDefault true;
ugent.enable = lib.mkDefault true;
xdg.enable = lib.mkDefault true;
zotero.enable = lib.mkDefault true;
};
home-manager.users.charlotte = { ... }: {
home.packages = with pkgs; [
google-chrome
libreoffice-fresh
mpv
okular
pandoc
ranger
texlive.combined.scheme-small
ungoogled-chromium
youtube-dl
];
};
};
}

32
modules/hledger.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, lib, pkgs, ... }:
let
hledger-repo = pkgs.fetchFromGitHub {
owner = "chvp";
repo = "hledger";
rev = "feature/gain-reports";
sha256 = "07qsrq71pnkys11q6k2zc20xc9l3yp8dhzp1ar5bnkgcwbm69rcx";
};
in
{
options.chvp.hledger.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.hledger.enable {
nixpkgs.overlays = [
(self: super: {
haskellPackages = super.haskellPackages.override {
overrides = hself: hsuper: rec {
hledger = hsuper.callCabal2nixWithOptions "hledger" hledger-repo "--subpath hledger" { };
hledger-lib = hsuper.callCabal2nixWithOptions "hledger-lib" hledger-repo "--subpath hledger-lib" { };
};
};
})
];
home-manager.users.charlotte = { ... }: {
home.packages = [ pkgs.hledger ];
};
};
}

323
modules/mail-client.nix Normal file
View file

@ -0,0 +1,323 @@
{ config, lib, pkgs, ... }:
let
passwordScript = pkgs.writeShellScript "get_mail_password" ''${pkgs.pass}/bin/pass show "$@" | head -n1 | tr -d "\n"'';
notifyScript = name: pkgs.writeShellScript "notify_${name}_mail" (if config.chvp.graphical then ''
unseen_count=$(${pkgs.mblaze}/bin/mlist -N ~/mail/*/INBOX | wc -l)
if [ "$unseen_count" = "1" ]
then
${pkgs.libnotify}/bin/notify-send -t 5000 'New ${name} mail arrived' "1 unseen mail"
elif [ "$unseen_count" != "0" ]
then
${pkgs.libnotify}/bin/notify-send -t 5000 'New ${name} mail arrived' "$unseen_count unseen mails"
fi
'' else ''true'');
makeAccount = { name, address, host ? "", imapHost ? host, smtpHost ? host, useStartTls ? false, passFile, extraConfig ? { } }: (lib.recursiveUpdate
{
inherit address;
gpg = {
key = "charlotte@vanpetegem.me";
signByDefault = true;
};
imap = {
host = imapHost;
port = 993;
tls.enable = true;
};
imapnotify = {
enable = true;
boxes = [ "INBOX" ];
onNotify = "${pkgs.isync}/bin/mbsync ${name}:INBOX";
onNotifyPost = "${config.chvp.emacs.package}/bin/emacsclient --eval \"(mu4e-update-index)\" && ${notifyScript name}";
};
mbsync = {
enable = true;
create = "both";
expunge = "both";
flatten = ".";
remove = "both";
extraConfig.account.AuthMechs = "LOGIN";
};
msmtp.enable = true;
mu.enable = true;
passwordCommand = "${passwordScript} ${passFile}";
realName = "Charlotte Van Petegem";
signature = {
showSignature = "none";
};
smtp = {
host = smtpHost;
port = if useStartTls then 587 else 465;
tls = {
enable = true;
inherit useStartTls;
};
};
userName = address;
}
extraConfig);
toRecursiveINI = with lib.strings; with lib.attrsets; with lib.generators; with lib.lists; let
repeat = count: char: concatStrings (genList (_: char) count);
mkHeader = depth: name: concatStrings [ (repeat depth "[") (escape [ "[" ] name) (repeat depth "]") ];
simpleAttrs = filterAttrs (n: v: !(isAttrs v));
complexAttrs = filterAttrs (n: v: isAttrs v);
removeEmpty = filter (v: v != "");
toRecursiveINIBase = depth: data: (concatStringsSep "\n" (
mapAttrsToList
(name: values: concatStringsSep "\n" (removeEmpty [
(mkHeader depth name)
(toKeyValue { } (simpleAttrs values))
(toRecursiveINIBase (depth + 1) (complexAttrs values))
]))
data
));
in
toRecursiveINIBase 1;
in
{
options.chvp.mail-client.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.mail-client.enable {
chvp.zfs.homeLinks = [
{ path = "mail"; type = "data"; }
{ path = ".cache/mu"; type = "cache"; }
{ path = ".local/share/contacts"; type = "cache"; }
{ path = ".local/share/calendars"; type = "cache"; }
{ path = ".local/share/vdirsyncer"; type = "cache"; }
];
home-manager.users.charlotte = { ... }: {
accounts.email = {
maildirBasePath = "/data/home/charlotte/mail";
accounts = {
personal = makeAccount {
name = "personal";
address = "charlotte@vanpetegem.me";
host = "mail.vanpetegem.me";
passFile = "mail/Personal";
extraConfig = {
folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; };
primary = true;
};
};
work = makeAccount {
name = "work";
address = "charlotte.vanpetegem@ugent.be";
imapHost = "outlook.office365.com";
smtpHost = "smtp.office365.com";
passFile = "work/UGentNet";
useStartTls = true;
extraConfig = {
folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Deleted Items"; };
mbsync.extraConfig.account.PipelineDepth = "1";
};
};
work-aap-we-fr = makeAccount {
name = "work-aap-we-fr";
address = "aap-we-fr@ugent.be";
imapHost = "owa.ugent.be";
smtpHost = "smtp.ugent.be";
passFile = "work/UGentNet";
useStartTls = true;
extraConfig = {
folders = { drafts = "Concepten"; inbox = "INBOX"; sent = "Verzonden items"; trash = "Verwijderde items"; };
mbsync.extraConfig.account.PipelineDepth = "1";
userName = "UGENT\\\\ecvpeteg/aap-we-fr";
};
};
posteo = makeAccount {
name = "posteo";
address = "chvp@posteo.net";
host = "posteo.de";
passFile = "mail/Posteo";
extraConfig = {
folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; };
};
};
jonggroen = makeAccount {
name = "jonggroen";
address = "charlotte@jonggroen.be";
imapHost = "imap.gmail.com";
smtpHost = "smtp.gmail.com";
passFile = "jonggroen/GoogleAppMail";
useStartTls = true;
extraConfig = {
flavor = "gmail.com";
folders = {
drafts = "[Gmail].Drafts";
inbox = "INBOX";
sent = "INBOX";
trash = "[Gmail].Bin";
};
};
};
postbot = makeAccount {
name = "postbot";
address = "postbot@vanpetegem.me";
host = "mail.vanpetegem.me";
passFile = "mail/Postbot";
extraConfig = {
folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; };
};
};
webmaster = makeAccount {
name = "webmaster";
address = "webmaster@vanpetegem.me";
host = "mail.vanpetegem.me";
passFile = "mail/Webmaster";
extraConfig = {
folders = { drafts = "Drafts"; inbox = "INBOX"; sent = "INBOX"; trash = "Trash"; };
};
};
};
};
home = {
packages = [ pkgs.khal pkgs.khard ];
file.".mailcap".text = ''
text/html; ${pkgs.firefox}/bin/firefox %s ; nametemplate=%s.html; needsterminal
text/html; ${pkgs.w3m}/bin/w3m -dump -o display_link_number=1 -o document_charset=%{charset} %s ; copiousoutput; nametemplate=%s.html
text/calendar; ${pkgs.khal}/bin/khal import %s;
application/pdf; ${pkgs.okular}/bin/okular %s
image/png; ${pkgs.okular}/bin/okular %s
image/jpeg; ${pkgs.okular}/bin/okular %s
'';
};
xdg.configFile = {
"khal/config".text = toRecursiveINI {
calendars = {
calendar = {
path = "~/.local/share/calendars/*";
type = "discover";
};
};
locale = {
timeformat = "%H:%M";
dateformat = "%Y-%m-%d";
longdateformat = "%Y-%m-%d";
datetimeformat = "%Y-%m-%d %H:%M";
longdatetimeformat = "%Y-%m-%d %H:%M";
};
};
"khard/khard.conf".text = toRecursiveINI {
addressbooks = {
contacts = {
path = "~/.local/share/contacts/contacts";
};
};
general = {
debug = "no";
default_action = "list";
editor = "emacs";
merge_editor = "${pkgs.writeShellScript "ediff" ''emacs --eval "(ediff-merge-files \"$1\" \"$2\")"''}";
};
"contact table" = {
display = "formatted_name";
group_by_addressbook = "no";
reverse = "no";
show_nicknames = "no";
show_uids = "yes";
sort = "last_name";
localize_dates = "yes";
preferred_phone_number_type = "pref, cell, home";
preferred_email_address_type = "pref, work, home";
};
vcard = {
private_objects = ",";
preferred_version = "4.0";
search_in_source_files = "no";
skip_unparsable = "no";
};
};
"vdirsyncer/config".text =
let nextcloudConfig = type: {
inherit type;
url = "https://nextcloud.vanpetegem.me/remote.php/dav/";
username = "chvp";
"password.fetch" = [ "command" "${passwordScript}" "social/Nextcloud" ];
}; in
lib.generators.toINI
{ mkKeyValue = lib.generators.mkKeyValueDefault { mkValueString = builtins.toJSON; } "="; }
{
general.status_path = "~/.local/share/vdirsyncer";
"pair nextcloud_contacts" = {
a = "nextcloud_contacts_local";
b = "nextcloud_contacts_remote";
collections = [ "from a" "from b" ];
};
"storage nextcloud_contacts_local" = {
type = "filesystem";
path = "~/.local/share/contacts";
fileext = ".vcf";
};
"storage nextcloud_contacts_remote" = nextcloudConfig "carddav";
"pair nextcloud_calendars" = {
a = "nextcloud_calendars_local";
b = "nextcloud_calendars_remote";
collections = [ "from a" "from b" ];
};
"storage nextcloud_calendars_local" = {
type = "filesystem";
path = "~/.local/share/calendars";
fileext = ".ics";
};
"storage nextcloud_calendars_remote" = nextcloudConfig "caldav";
};
};
programs = {
mbsync.enable = true;
msmtp.enable = true;
mu.enable = true;
};
services = {
imapnotify.enable = true;
};
systemd.user = {
services = {
mbsync = {
Unit = {
Description = "MBSync email fetcher";
After = "network-online.target";
Wants = "network-online.target";
};
Service = {
Type = "oneshot";
ExecStart = [ "${pkgs.isync}/bin/mbsync -a" "${config.chvp.emacs.package}/bin/emacsclient --eval \"(mu4e-update-index)\"" ];
};
};
vdirsyncer = {
Unit = {
Description = "VDirSyncer WebDAV syncer";
After = "network-online.target";
Wants = "network-online.target";
};
Service = {
Type = "oneshot";
ExecStart = "${pkgs.vdirsyncer}/bin/vdirsyncer sync";
};
};
};
timers = {
mbsync = {
Unit = { Description = "MBSync email fetcher"; };
Timer = {
OnCalendar = "*:0/5";
Unit = "mbsync.service";
};
Install = { WantedBy = [ "timers.target" ]; };
};
vdirsyncer = {
Unit = { Description = "VDirSyncer WebDAV syncer"; };
Timer = {
OnCalendar = "*:0/5";
Unit = "vdirsyncer.service";
};
Install = { WantedBy = [ "timers.target" ]; };
};
};
};
};
};
}

19
modules/mumble.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
{
options.chvp.mumble.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.mumble.enable {
chvp.zfs.homeLinks = [
{ path = ".config/Mumble"; type = "data"; }
{ path = ".local/share/Mumble"; type = "data"; }
];
home-manager.users.charlotte = { ... }: {
home.packages = with pkgs; [ mumble ];
};
};
}

23
modules/networkmanager.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, lib, pkgs, ... }:
{
options.chvp.networkmanager.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.networkmanager.enable {
chvp.zfs.systemLinks = [
{ path = "/etc/NetworkManager/system-connections"; type = "data"; }
];
networking.networkmanager = {
enable = true;
wifi.macAddress = "random";
};
users.users.charlotte.extraGroups = [ "networkmanager" ];
home-manager.users.charlotte = { ... }: {
home.packages = with pkgs; [ networkmanagerapplet ];
};
};
}

2
modules/nginx.nix
View file

@ -46,7 +46,7 @@
security.acme = {
certs."vanpetegem.me" = {
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."passwords/services/acme".path;
credentialsFile = config.age.secrets."passwords/services/acme".path;
extraDomainNames = [
"*.vanpetegem.me"
"cvpetegem.be"

27
modules/obs.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, lib, pkgs, ... }:
{
options.chvp.obs.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.obs.enable {
boot.kernelModules = [ "v4l2loopback" ];
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
boot.extraModprobeConfig = ''
options v4l2loopback video_nr=9 card_label="obs"
'';
chvp.zfs.homeLinks = [
{ path = ".config/obs-studio"; type = "data"; }
];
home-manager.users.charlotte = { pkgs, ... }: {
programs.obs-studio = {
enable = true;
plugins = [ pkgs.obs-studio-plugins.wlrobs ];
};
};
};
}

25
modules/pass.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, ... }:
{
options.chvp.pass.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.pass.enable {
nixpkgs.overlays = [
(self: super: {
firefox = super.firefox.override { extraNativeMessagingHosts = [ self.passff-host ]; };
pass = (super.pass.override { pass = super.pass-wayland; }).withExtensions (ext: [ ext.pass-otp ]);
})
];
home-manager.users.charlotte = { ... }: {
programs.password-store = {
enable = true;
settings = { PASSWORD_STORE_DIR = "/home/charlotte/repos/passwords"; };
};
services.password-store-sync.enable = true;
};
};
}

29
modules/sound.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, lib, pkgs, ... }:
{
options.chvp.sound.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.sound.enable {
chvp.zfs.homeLinks = [
{ path = ".config/pipewire"; type = "cache"; }
];
home-manager.users.charlotte = { ... }: {
home.packages = with pkgs; [
pavucontrol
qjackctl
];
};
sound.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
jack.enable = true;
pulse.enable = true;
};
};
}

4
modules/sshd.nix
View file

@ -2,8 +2,8 @@
{
options.chvp.sshd.enable = lib.mkOption {
default = false;
example = true;
default = true;
example = false;
};
config = lib.mkIf config.chvp.sshd.enable {

7
modules/sway/color-picker.nix Normal file
View file

@ -0,0 +1,7 @@
{ pkgs }:
pkgs.writeShellScriptBin "color_picker" ''
color=$(${pkgs.grim}/bin/grim -t png -g "$(${pkgs.slurp}/bin/slurp -p)" - | ${pkgs.imagemagick}/bin/convert png:- -unique-colors txt:- | grep -o '#[A-F0-9]\+')
${pkgs.sway}/bin/swaymsg exec -- "echo -n '$color' | ${pkgs.wl-clipboard}/bin/wl-copy --foreground"
''

177
modules/sway/default.nix Normal file
View file

@ -0,0 +1,177 @@
{ config, lib, pkgs, ... }:
let
launcher = import ./launcher.nix { inherit pkgs; stdenv = pkgs.stdenv; };
color-picker = import ./color-picker.nix { inherit pkgs; };
screenshot = import ./screenshot.nix { inherit pkgs; };
status-configuration = import ./status-configuration.nix { inherit pkgs config; };
in
{
options.chvp.sway.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.sway.enable {
services.dbus.packages = with pkgs; [ gnome3.dconf ];
security.pam.services.swaylock = { };
xdg.portal = {
enable = true;
gtkUsePortal = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk pkgs.xdg-desktop-portal-wlr ];
};
home-manager.users.charlotte = { pkgs, ... }: {
home.packages = with pkgs; [
color-picker
screenshot
wf-recorder
wl-clipboard
];
programs = {
mako = {
enable = true;
font = "Fira Code Normal 9";
};
zsh.loginExtra = ''
if [[ -z "$DISPLAY" ]] && [[ $(tty) = "/dev/tty1" ]]; then
exec sway
fi
'';
};
services.kanshi = {
enable = true;
profiles = {
"home-undocked" = {
outputs = [
{ criteria = "Unknown 0x2036 0x00000000"; position = "0,0"; mode = "2560x1440"; scale = 1.0; }
];
};
"home-docked" = {
outputs = [
{ criteria = "Unknown 0x2036 0x00000000"; position = "0,0"; mode = "2560x1440"; scale = 1.0; }
{ criteria = "Dell Inc. DELL U2718Q FN84K01T095L"; position = "2560,0"; mode = "3840x2160"; scale = 1.0; }
];
};
"work-undocked" = {
outputs = [
{ criteria = "Chimei Innolux Corporation 0x14D3 0x00000000"; position = "0,0"; mode = "1920x1080"; scale = 1.0; }
];
};
"work-docked" = {
outputs = [
{ criteria = "Chimei Innolux Corporation 0x14D3 0x00000000"; position = "0,0"; mode = "1920x1080"; scale = 1.0; }
{ criteria = "Dell Inc. DELL U2718Q FN84K83Q1KHL"; position = "1920,0"; mode = "3840x2160"; scale = 1.0; }
];
};
};
};
wayland.windowManager.sway = {
enable = true;
config = rec {
modifier = "Mod4";
left = "h";
down = "j";
up = "k";
right = "l";
terminal = "${pkgs.kitty}/bin/kitty";
menu = "${terminal} --class launcher -e ${launcher}/bin/launcher";
fonts = { names = [ "Fira Code" ]; size = 9.0; style = "Normal"; };
bars = [
{
colors = {
background = "#ffffff";
statusline = "#000000";
activeWorkspace = { border = "#f2eff3"; background = "#f2eff3"; text = "#000000"; };
focusedWorkspace = { border = "#6aaeff"; background = "#6aaeff"; text = "#000000"; };
inactiveWorkspace = { border = "#ffffff"; background = "#ffffff"; text = "#000000"; };
urgentWorkspace = { border = "#ff8892"; background = "#ff8892"; text = "#000000"; };
};
fonts = { names = [ "Fira Code" ]; size = 9.0; style = "Normal"; };
position = "top";
statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs ${status-configuration}";
extraConfig = ''
status_padding 0
icon_theme Arc
'';
}
];
output = {
"Unknown 0x2036 0x00000000" = { position = "0,0"; mode = "2560x1440"; scale = "1.0"; };
"Dell Inc. DELL U2718Q FN84K01T095L" = { position = "2560,0"; mode = "3840x2160"; scale = "1.0"; };
"Chimei Innolux Corporation 0x14D3 0x00000000" = { position = "0,0"; mode = "1920x1080"; scale = "1.0"; };
"Dell Inc. DELL U2718Q FN84K83Q1KHL" = { position = "1920,0"; mode = "3840x2160"; scale = "1.0"; };
};
startup = [
{
command = "${pkgs.swayidle}/bin/swayidle -w timeout 300 '${pkgs.swaylock}/bin/swaylock -f -c 000000' timeout 150 '${pkgs.sway}/bin/swaymsg \"output * dpms off\"' resume '${pkgs.sway}/bin/swaymsg \"output * dpms on\"' before-sleep '${pkgs.swaylock}/bin/swaylock -f -c 000000'";
}
];
window.commands = [
{ command = "floating enable"; criteria = { app_id = "launcher"; }; }
{ command = "floating enable"; criteria = { title = "Quick Format Citation"; class = "Zotero"; }; }
];
input = {
"type:keyboard" = { xkb_layout = "us"; xkb_variant = "altgr-intl"; xkb_numlock = "enabled"; xkb_options = "compose:caps"; };
"type:touchpad" = { drag = "enabled"; dwt = "enabled"; scroll_method = "two_finger"; tap = "enabled"; };
};
modes = { }; # Unset default "resize" mode
keybindings = lib.mkOptionDefault {
"${modifier}+Shift+q" = "nop Unset default kill";
"${modifier}+r" = "nop Unset default resize mode";
"${modifier}+Shift+c" = "kill";
"${modifier}+Shift+r" = "reload";
"${modifier}+c" = "exec ${pkgs.swaylock}/bin/swaylock -f -c 000000";
"${modifier}+i" = "inhibit_idle open; border normal; mark --add inhibiting_idle";
"${modifier}+Shift+i" = "inhibit_idle none; border pixel; unmark inhibiting_idle";
"Print" = "exec ${screenshot}/bin/screenshot";
"Alt+Print" = "exec ${screenshot}/bin/screenshot -d";
"Shift+Print" = "exec ${screenshot}/bin/screenshot -r";
"Alt+Shift+Print" = "exec ${screenshot}/bin/screenshot -r -d";
"XF86AudioRaiseVolume" = "exec ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioMute" = "exec ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioMicMute" = "exec ${pkgs.pulseaudio}/bin/pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessDown" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
"XF86MonBrightnessUp" = "exec ${pkgs.brightnessctl}/bin/brightnessctl set +5%";
"${modifier}+Alt+Left" = "move workspace to output left";
"${modifier}+Alt+Right" = "move workspace to output right";
};
};
extraConfig = ''
workspace 1 output eDP-1
workspace 2 output DP-3 DP-4 DP-5 HDMI-A-1 eDP-1
workspace 3 output DP-3 DP-4 DP-5 HDMI-A-1 eDP-1
workspace 4 output DP-3 DP-4 DP-5 HDMI-A-1 eDP-1
workspace 5 output DP-3 DP-4 DP-5 HDMI-A-1 eDP-1
workspace 6 output DP-3 DP-4 DP-5 HDMI-A-1 eDP-1
workspace 7 output DP-3 DP-4 DP-5 HDMI-A-1 eDP-1
workspace 8 output DP-3 DP-4 DP-5 HDMI-A-1 eDP-1
workspace 9 output DP-3 DP-4 DP-5 HDMI-A-1 eDP-1
workspace 1
exec ${pkgs.firefox}/bin/firefox
no_focus [title="Microsoft Teams Notification"]
default_border pixel
'';
extraSessionCommands = ''
export XDG_SESSION_TYPE=wayland
export XDG_CURRENT_DESKTOP=sway
export QT_WAYLAND_DISABLE_WINDOWDECORATION=1
export QT_AUTO_SCREEN_SCALE_FACTOR=0
export QT_SCALE_FACTOR=1
export GDK_SCALE=1
export GDK_DPI_SCALE=1
export MOZ_ENABLE_WAYLAND=1
export _JAVA_AWT_WM_NONREPARENTING=1
'';
wrapperFeatures = {
base = true;
gtk = true;
};
xwayland = true;
};
};
};
}

52
modules/sway/launcher.nix Normal file
View file

@ -0,0 +1,52 @@
{ pkgs, stdenv }:
let
gemoji = pkgs.buildRubyGem {
pname = "gemoji";
gemName = "gemoji";
source.sha256 = "1xv38sxql1fmaxi5lzj6v98l2aqhi6bqkhi6kqd0k38vw40l3yqc";
type = "gem";
version = "4.0.0.rc2";
};
emojiList = stdenv.mkDerivation {
name = "emoji_list";
buildInputs = [ pkgs.ruby gemoji ];
unpackPhase = "true";
buildPhase = ''
cat > extract_emoji.rb <<HERE
require 'emoji'
File.open('emoji_list.txt', 'w') do |f|
Emoji.all.each do |e|
f.puts("#{e.raw} #{e.description} #{e.name}#{(" " + e.tags.join(" ")) if e.tags.any?} (#{e.category})")
end
end
HERE
ruby extract_emoji.rb
'';
installPhase = ''
cp emoji_list.txt $out
'';
};
script = pkgs.substituteAll {
src = ./launcher.zsh;
inherit (pkgs)
fzy
jq
kitty
libqalculate
pass
slurp
sway
tmuxinator
zsh
;
inherit emojiList;
wfRecorder = pkgs.wf-recorder;
wlClipboard = pkgs.wl-clipboard;
xdgUserDirs = pkgs.xdg-user-dirs;
};
in
pkgs.runCommandNoCC "launcher" { } ''
mkdir -p $out/bin
cp ${script} $out/bin/launcher
chmod +x $out/bin/launcher
''

124
modules/sway/launcher.zsh Normal file
View file

@ -0,0 +1,124 @@
#!@zsh@/bin/zsh
_sighandler() {
kill -INT "$child" 2>/dev/null
}
calc_options() {
echo "calc "
}
calc() {
if [ -n "$1" ]
then
@libqalculate@/bin/qalc "$1"
sleep 5
else
@libqalculate@/bin/qalc
fi
}
emoji_options() {
cat @emojiList@ | sed "s/^/emoji /"
}
emoji() {
char=$(echo -n "$1" | sed "s/^\([^ ]*\) .*/\1/")
@sway@/bin/swaymsg exec -- "echo -n $char | @wlClipboard@/bin/wl-copy --foreground"
}
pass_options(){
prefix=${PASSWORD_STORE_DIR-~/.password-store}
password_files=( "$prefix"/**/*.gpg )
printf 'password %s\n' ${${password_files%.gpg}#$prefix/}
printf 'username %s\n' ${${password_files%.gpg}#$prefix/}
printf 'otp %s\n' ${${password_files%.gpg}#$prefix/}
}
username() {
swaymsg exec -- "@pass@/bin/pass show '$@' | sed -n 's/^Username: *//p' | tr -d '\n' | @wlClipboard@/bin/wl-copy --foreground"
}
password() {
swaymsg exec -- "@pass@/bin/pass show -c0 '$@'"
}
otp() {
swaymsg exec -- "@pass@/bin/pass otp -c '$@'"
}
record_options() {
@sway@/bin/swaymsg -t get_outputs | @jq@/bin/jq -r '.[]["name"]' | sed "s/^/record /"
echo record select
}
record() {
filename="$(@xdgUserDirs@/bin/xdg-user-dir VIDEOS)/$(date +'screenrecording_%y-%m-%d-%H%M%S.mp4')"
trap _sighandler SIGINT
if [[ "$1" = "select" ]]
then
@wfRecorder@/bin/wf-recorder -g "$(@slurp@/bin/slurp)" -f "$filename" &
else
@wfRecorder@/bin/wf-recorder -o $! -f "$filename" &
fi
child=$!
wait "$child"
# We wait two times, because the first wait exits when the process receives a signal. The process might have finished though, so we ignore errors.
wait "$child" 2>/dev/null
if [ -f "$filename" ]
then
echo "Saved as $filename"
else
echo "Something went wrong while recording"
fi
sleep 5
}
run_options() {
print -rl -- ''${(ko)commands} | sed "s/^/run /"
}
run() {
@sway@/bin/swaymsg exec $1
}
ssh_options() {
cat $HOME/.ssh/config | grep "^Host [a-zA-Z]\+" | sed "s/Host /ssh /"
}
ssh() {
@sway@/bin/swaymsg exec "@kitty@/bin/kitty -e ssh $1"
}
systemctl_options() {
echo systemctl hibernate
echo systemctl poweroff
echo systemctl reboot
echo systemctl suspend
}
tmuxinator_options() {
ls ~/.config/tmuxinator | sed "s/\.yml$//" | sed "s/^/tmuxinator /"
}
tmuxinator() {
@sway@/bin/swaymsg exec "@kitty@/bin/kitty -e @tmuxinator@/bin/tmuxinator start $1"
}
windows_options() {
@sway@/bin/swaymsg -t get_tree | @jq@/bin/jq -r 'recurse(.nodes[]?)|recurse(.floating_nodes[]?)|select(.layout=="none")|select(.app_id!="launcher")|select(.type=="con"),select(.type=="floating_con")|(if .app_id then .app_id else .window_properties.class end)+": "+.name+" ("+(.id|tostring)+")"' | sed "s/^/windows /"
}
windows() {
window=$(echo $@ | sed 's/.* (\([^)]*\))$/\1/')
@sway@/bin/swaymsg \[con_id="$window"\] focus
}
CHOSEN=$(cat <(windows_options) <(tmuxinator_options) <(ssh_options) <(systemctl_options) <(pass_options) <(run_options) <(record_options) <(calc_options) <(emoji_options) | @fzy@/bin/fzy --lines 36 | tail -n1)
if [ -n "$CHOSEN" ]
then
PREFIX=$(echo $CHOSEN | sed "s/^\([^ ]*\) .*/\1/g")
WORD=$(echo $CHOSEN | sed "s/^[^ ]* \(.*\)/\1/g")
$PREFIX $WORD
fi

36
modules/sway/screenshot.nix Normal file
View file

@ -0,0 +1,36 @@
{ pkgs }:
pkgs.writeShellScriptBin "screenshot" ''
while getopts ":rd" opt
do
case "''${opt}" in
r)
remote=true
;;
d)
delay=true
;;
esac
done
dims="$(${pkgs.slurp}/bin/slurp)"
if [[ -n "$delay" ]]
then
sleep 5
fi
if [[ -n "$remote" ]]
then
name=$(${pkgs.utillinux}/bin/uuidgen).png
${pkgs.grim}/bin/grim -t png -g "$dims" - | ${pkgs.openssh}/bin/ssh data "cat > data/public/$name"
path="https://data.vanpetegem.me/public/$name"
else
name=$(date +'screenshot_%Y-%m-%d-%H%M%S.png')
path="$(${pkgs.xdg-user-dirs}/bin/xdg-user-dir PICTURES)/$name"
${pkgs.grim}/bin/grim -g "$dims" "$path"
fi
${pkgs.sway}/bin/swaymsg exec -- "echo -n '$path' | ${pkgs.wl-clipboard}/bin/wl-copy --foreground"
${pkgs.libnotify}/bin/notify-send "Screenshot taken" "$path"
''

94
modules/sway/status-configuration.nix Normal file
View file

@ -0,0 +1,94 @@
{ config, pkgs, ... }:
let
mic-status = pkgs.writeShellScript "mic-status" ''
if [ "$(${pkgs.pulseaudio}/bin/pactl list sources | grep -o 'Mute: yes')" = "Mute: yes" ]
then
echo -e '\uf131'
else
echo -e '\uf130'
fi
'';
mail-status = pkgs.writeShellScript "mail-status" ''
mails=$(${pkgs.mblaze}/bin/mlist -N ~/mail/*/INBOX | wc -l)
if [ "$mails" -gt 0 ]
then
echo "{ \"state\": \"Info\", \"text\": \" 📬 $mails\" }"
else
echo "{ \"state\": \"Idle\", \"text\": \" 📭 $mails\" }"
fi
'';
in
pkgs.writeText "configuration.toml" ''
[theme]
name = "gruvbox-light"
[theme.overrides]
idle_bg="#ffffff"
idle_fg="#000000"
info_bg="#6aaeff"
info_fg="#000000"
good_bg="#5ada88"
good_fg="#000000"
warning_bg="#f5df23"
warning_fg="#000000"
critical_bg="#ff8892"
critical_fg="#000000"
separator=""
[icons]
name = "awesome"
[[block]]
block = "net"
device = "wlp2s0"
format = "{ssid}"
hide_missing = true
hide_inactive = true
[[block]]
block = "net"
device = "wlp0s20f3"
format = "{ssid}"
hide_missing = true
hide_inactive = true
[[block]]
block = "net"
device = "enp0s31f6"
format = "{ip}"
hide_missing = true
hide_inactive = true
[[block]]
block = "net"
device = "enp0s20f0u1u2"
format = "{ip}"
hide_missing = true
hide_inactive = true
[[block]]
block = "battery"
[[block]]
block = "backlight"
[[block]]
block = "sound"
[[block]]
block = "custom"
command = "${mic-status}"
interval = 1
on_click = "${pkgs.pulseaudio}/bin/pactl set-source-mute @DEFAULT_SOURCE@ toggle"
[[block]]
block = "custom"
json = true
command = "${mail-status}"
interval = 1
on_click = "${pkgs.isync}/bin/mbsync -a && ${config.chvp.emacs.package}/bin/emacsclient --eval \"(mu4e-update-index)\""
[[block]]
block = "time"
interval = 1
format = "%a %d/%m %H:%M"
''

18
modules/syncthing-client.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
{
options.chvp.syncthing-client.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.syncthing-client.enable {
chvp.zfs.homeLinks = [
{ path = ".config/syncthing"; type = "data"; }
{ path = "sync"; type = "cache"; }
];
home-manager.users.charlotte = { pkgs, ... }: {
services.syncthing.enable = true;
};
};
}

52
modules/terminal.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, lib, pkgs, ... }:
{
options.chvp.terminal.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.terminal.enable {
home-manager.users.charlotte = { pkgs, ... }: {
programs.kitty = {
enable = true;
settings = {
font_family = "Fira Code";
font_size = 9;
disable_ligatures = "cursor";
background = "#ffffff";
foreground = "#000000";
cursor = "#777777";
url_color = "#0031a9";
# black
color0 = "#282828";
color8 = "#000000";
# red
color1 = "#a60000";
color9 = "#972500";
# green
color2 = "#005e00";
color10 = "#315b00";
# yellow
color3 = "#813e00";
color11 = "#70480f";
# blue
color4 = "#0031a9";
color12 = "#2544bb";
# magenta
color5 = "#721045";
color13 = "#8f0075";
# cyan
color6 = "#00538b";
color14 = "#30517f";
# white
color7 = "#f8f8f8";
color15 = "#ffffff";
enable_audio_bell = false;
visual_bell_duration = "0.25";
remember_window_size = false;
};
};
};
};
}

77
modules/theming.nix Normal file
View file

@ -0,0 +1,77 @@
{ config, lib, pkgs, ... }:
{
options.chvp.theming.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.theming.enable {
fonts = {
fontDir.enable = true;
fontconfig = {
enable = true;
defaultFonts = {
emoji = [ "Noto Color Emoji" ];
monospace = [ "Fira Code" ];
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
};
};
fonts = with pkgs; [
fira-code
fira-code-symbols
font-awesome_4
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
noto-fonts-extra
];
};
home-manager.users.charlotte = { pkgs, ... }: {
home.packages = [ pkgs.vanilla-dmz ];
home.file = {
".icons/default/index.theme".text = ''
[Icon Theme]
Name=Default
Comment=Default Cursor Theme
Inherits=Vanilla-DMZ
'';
};
dconf.settings."org/gnome/desktop/interface" = {
gtk-theme = "Arc";
icon-theme = "Arc";
cursor-theme = "Vanilla-DMZ";
};
gtk = {
enable = true;
font = {
package = pkgs.noto-fonts;
name = "Noto Sans";
size = 10;
};
gtk2.extraConfig = ''
gtk-cursor-theme-name = "Vanilla-DMZ"
gtk-cursor-theme-size = 0
'';
gtk3.extraConfig = {
gtk-cursor-theme-name = "Vanilla-DMZ";
gtk-cursor-theme-size = 0;
};
iconTheme = {
package = pkgs.arc-icon-theme;
name = "Arc";
};
theme = {
package = pkgs.arc-theme;
name = "Arc";
};
};
qt = {
enable = true;
platformTheme = "gtk";
};
};
};
}

20
modules/ugent/citrix.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, ... }:
{
options.chvp.ugent.citrix.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.ugent.citrix.enable {
chvp = {
nix.unfreePackages = [ "citrix-workspace" ];
zfs.homeLinks = [
{ path = ".ICAClient"; type = "data"; }
];
};
home-manager.users.charlotte = { pkgs, ... }: {
home.packages = with pkgs; [ citrix_workspace ];
};
};
}

24
modules/ugent/default.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, ... }:
{
imports = [
./vpn.nix
./citrix.nix
./mounts.nix
./teams.nix
];
options.chvp.ugent.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.ugent.enable {
chvp.ugent = {
citrix.enable = lib.mkDefault true;
vpn.enable = lib.mkDefault true;
mounts.enable = lib.mkDefault true;
teams.enable = lib.mkDefault true;
};
};
}

66
modules/ugent/mounts.nix Normal file
View file

@ -0,0 +1,66 @@
{ config, lib, pkgs, ... }:
let
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in
{
options.chvp.ugent.mounts.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.ugent.mounts.enable {
fileSystems = {
"/mnt/ugent/files" = {
device = "//files.ugent.be/ecvpeteg";
fsType = "cifs";
options = [ "credentials=/run/secrets/passwords/ugent-mount-credentials,${automount_opts},users,vers=3.0,noperm,domain=UGENT,sec=ntlmv2i" ];
noCheck = true;
};
"/mnt/ugent/webhost" = {
device = "//webhost.ugent.be/ecvpeteg";
fsType = "cifs";
options = [ "credentials=/run/secrets/passwords/ugent-mount-credentials,${automount_opts},users,vers=3.0" ];
noCheck = true;
};
};
age.secrets."passwords/ugent-mount-credentials".file = ../../secrets/passwords/ugent-mount-credentials.age;
environment.systemPackages = [ pkgs.keyutils ];
# Remove this once https://github.com/NixOS/nixpkgs/issues/34638 is resolved
# The TL;DR is: the kernel calls out to the hard-coded path of
# /sbin/request-key as part of its CIFS auth process, which of course does
# not exist on NixOS due to the usage of Nix store paths.
system.activationScripts.symlink-requestkey = ''
if [ ! -d /sbin ]; then
mkdir /sbin
fi
ln -sfn /run/current-system/sw/bin/request-key /sbin/request-key
'';
# request-key expects a configuration file under /etc
environment.etc."request-key.conf" = {
text =
let
upcall = "${pkgs.cifs-utils}/bin/cifs.upcall";
keyctl = "${pkgs.keyutils}/bin/keyctl";
in
''
#OP TYPE DESCRIPTION CALLOUT_INFO PROGRAM
# -t is required for DFS share servers...
create cifs.spnego * * ${upcall} -t %k
create dns_resolver * * ${upcall} %k
# Everything below this point is essentially the default configuration,
# modified minimally to work under NixOS. Notably, it provides debug
# logging.
create user debug:* negate ${keyctl} negate %k 30 %S
create user debug:* rejected ${keyctl} reject %k 30 %c %S
create user debug:* expired ${keyctl} reject %k 30 %c %S
create user debug:* revoked ${keyctl} reject %k 30 %c %S
create user debug:loop:* * |${pkgs.coreutils}/bin/cat
create user debug:* * ${pkgs.keyutils}/share/keyutils/request-key-debug.sh %k %d %c %S
negate * * * ${keyctl} negate %k 30 %S
'';
};
};
}

21
modules/ugent/teams.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
{
options.chvp.ugent.teams.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.ugent.teams.enable {
chvp = {
nix.unfreePackages = [ "teams" ];
zfs.homeLinks = [
{ path = ".config/Microsoft"; type = "data"; }
];
};
home-manager.users.charlotte = { pkgs, ... }: {
home.packages = with pkgs; [ teams ];
};
};
}

38
modules/ugent/vpn.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, lib, pkgs, ... }:
{
imports = [
./vpn.secret.nix
];
options = {
chvp.ugent.vpn.enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf config.chvp.ugent.vpn.enable {
systemd.services = {
ugent-global-vpn = {
after = [ "network.target" ];
conflicts = [ "ugent-local-vpn.service" ];
};
ugent-local-vpn = {
after = [ "network.target" ];
conflicts = [ "ugent-global-vpn.service" ];
};
};
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-global-vpn.service") {
return polkit.Result.YES;
}
if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-local-vpn.service") {
return polkit.Result.YES;
}
});
'';
age.secrets."passwords/ugent-vpn".file = ../../secrets/passwords/ugent-vpn.age;
};
}

BIN
modules/ugent/vpn.secret.nix Normal file
View file

Binary file not shown.

38
modules/vpn.nix
View file

@ -1,38 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
./vpn/secret.nix
];
options = {
chvp.vpn.ugent.enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf config.chvp.vpn.ugent.enable {
systemd.services = {
ugent-global-vpn = {
after = [ "network.target" ];
conflicts = [ "ugent-local-vpn.service" ];
};
ugent-local-vpn = {
after = [ "network.target" ];
conflicts = [ "ugent-global-vpn.service" ];
};
};
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-global-vpn.service") {
return polkit.Result.YES;
}
if (action.id == "org.freedesktop.systemd1.manage-units" && action.lookup("unit") == "ugent-local-vpn.service") {
return polkit.Result.YES;
}
});
'';
age.secrets."passwords/ugent-vpn".file = ../secrets/passwords/ugent-vpn.age;
};
}

BIN
modules/vpn/secret.nix
View file

Binary file not shown.

58
modules/xdg.nix Normal file
View file

@ -0,0 +1,58 @@
{ config, lib, pkgs, ... }:
{
options.chvp.xdg.enable = lib.mkOption {
default = false;
example = true;
};
config = lib.mkIf config.chvp.xdg.enable {
chvp.zfs.homeLinks = [
{ path = "desktop"; type = "data"; }
{ path = "documents"; type = "data"; }
{ path = "downloads"; type = "cache"; }
{ path = "music"; type = "data"; }
{ path = "pictures"; type = "cache"; }
{ path = "repos"; type = "cache"; }
{ path = "templates"; type = "data"; }
{ path = "videos"; type = "data"; }
];
home-manager.users.charlotte = { pkgs, ... }: {
home.packages = with pkgs; [ xdg-user-dirs ];
xdg = {
enable = true;
# Some applications overwrite mimeapps.list with an identical file
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
defaultApplications = {
"image/png" = [ "org.kde.okular.desktop" ];
"image/jpg" = [ "org.kde.okular.desktop" ];
"image/jpeg" = [ "org.kde.okular.desktop" ];
"application/pdf" = [ "org.kde.okular.desktop" ];
"text/html" = [ "firefox.desktop" ];
"x-scheme-handler/about" = [ "firefox.desktop" ];
"x-scheme-handler/http" = [ "firefox.desktop" ];
"x-scheme-handler/https" = [ "firefox.desktop" ];
"x-scheme-handler/unknown" = [ "firefox.desktop" ];
"x-scheme-handler/msteams" = [ "teams.desktop" ];
};
};
userDirs = {
enable = true;
desktop = "\$HOME/desktop";
documents = "\$HOME/documents";
download = "\$HOME/downloads";
music = "\$HOME/music";
pictures = "\$HOME/pictures";
publicShare = "\$HOME/desktop";
templates = "\$HOME/templates";
videos = "\$HOME/videos";
};
};
};
};
}