Initial commit

restic-rest-server
Simon Bruder 2020-08-22 17:44:39 +02:00
commit a05102e91c
No known key found for this signature in database
GPG Key ID: 6F03E0000CC5B62F
37 changed files with 887 additions and 0 deletions

1
.envrc Normal file
View File

@ -0,0 +1 @@
use nix

4
.gitattributes vendored Normal file
View File

@ -0,0 +1,4 @@
*.png filter=lfs diff=lfs merge=lfs -text
*.jpg filter=lfs diff=lfs merge=lfs -text
**/secrets/** filter=git-crypt diff=git-crypt

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
/result
/*.qcow2

19
LICENSE Normal file
View File

@ -0,0 +1,19 @@
Copyright 2020 Simon Bruder
Permission is hereby granted, free of charge, to any person obtaining a copy of
this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

96
README.md Normal file
View File

@ -0,0 +1,96 @@
# NixOS configuration
## How to install
This guide describes how to install this configuration (or any NixOS
configuration) with GPT and legacy (BIOS) boot.
Create the partition table (enter the indented lines in the repl).
sudo parted /dev/sdX
mktable GPT
mkpart primary 1MiB 2MiB
mkpart primary 2MiB 500MiB
mkpart primary 500MiB 100%
set 1 bios_grub on
disk_toggle pmbr_boot
quit
Format encrypted partition and open it
sudo cryptsetup luksFormat /dev/sdX3
sudo cryptsetup luksOpen /dev/sdX3 HOSTNAME-pv
Create LVM (replace `8G` with desired swap size)
sudo pvcreate /dev/mapper/HOSTNAME-pv
sudo vgcreate HOSTNAME-vg /dev/mapper/HOSTNAME-pv
sudo lvcreate -L 8G -n swap HOSTNAME-vg
sudo lvcreate -l '100%FREE' -n root HOSTNAME-vg
**Hint**: If you have to reboot to the installation system later because
something went wrong and you need access to the LVM (but dont know LVM), do
the following after opening the luks partition: `sudo vgchange -ay`
Create filesystems
sudo mkfs.ext2 /dev/sdX2
sudo mkfs.ext4 -L root /dev/HOSTNAME-vg/root
sudo mkswap -L swap /dev/HOSTNAME-vg/swap
Mount the file systems and activate swap
sudo mount /dev/HOSTNAME-vg/root /mnt
sudo mkdir /mnt/boot
sudo mount /dev/sdX2 /mnt/boot
sudo swapon /dev/HOSTNAME-vg/swap
Create the configuration (see [below](#how-to-add-new-device)) and copy this
repository to your new home directory (e.g. `/mnt/home/simon/nixos`).
Add a symlink as the global configuration
sudo mkdir -p /mnt/etc/nixos/
sudo ln -s /mnt/home/simon/nixos/machines/nunotaba/configuration.nix /mnt/etc/nixos/configuration.nix
Generate hardware configuration and link it to the installation system
(required because of absolute paths)
sudo nixos-generate-config --root /mnt/
sudo ln -s /mnt/etc/nixos/hardware-configuration.nix /etc/nixos/hardware-configuration.nix
Install NixOS and reboot (if you do not have another machine, omit
`--no-root-passwd`)
sudo nixos-install --no-root-passwd
sudo reboot
**Hint**: If you need to reboot to the installation system because something
didnt work, first open the luks partition like in the setup script, run `sudo
vgchange -ay` to scan for LVM VGs and then mount the other filesystems like in
the script.
SSH into the machine (or login locally if you set a root password), fix the
`configuration.nix` symlink, set a user password and clone the dotfiles
ssh root@machine
rm /etc/nixos/configuration.nix
ln -s /home/simon/nixos/machines/nunotaba/configuration.nix /etc/nixos/configuration.nix
passwd simon
^D
ssh simon@machine
# press “q” to get rid of zsh-newuser-install
git clone https://github.com/andsens/homeshick.git $HOME/.homesick/repos/homeshick
source $HOME/.homesick/repos/homeshick/homeshick.sh
homeshick clone https://git.sbruder.de/simon/dotfiles
## How to add new device
* Copy the config from the device that is similar to the new one
* Import profiles/modules you want
* Change settings in `configuration.nix`
* Change secrets
## License
[MIT License](LICENSE)

View File

@ -0,0 +1,21 @@
# nunotaba
## Hardware
ThinkPad T440 with mods to make it acceptable:
* Touchpad is changed for the T450s, which has physical mouse buttons (I
fucked up during the installation and the touchpad part does not work, so it
does not need to be disabled in software).
* Screen has a resolution of 1920×1080 and has an IPS panel
It is used standalone or in on a docking station that connects it to an
external mouse, keyboard and monitor (Dell U2410).
## Purpose
It is my daily driver so it does everything (except server stuff obviously).
## Name
Shinobu Nunotaba is a student/scientist from *A Certain Scientific Railgun*

View File

@ -0,0 +1,28 @@
{ config, pkgs, ... }:
{
imports =
[
/etc/nixos/hardware-configuration.nix
../../modules/restic.nix
../../profiles/base.nix
../../profiles/dev.nix
../../profiles/gui.nix
../../users/simon/base.nix
];
boot.loader.grub.device = "/dev/disk/by-id/ata-ST500LM021-1KJ152_W623YDGB";
boot.initrd.luks.devices = {
root = {
name = "root";
device = "/dev/disk/by-uuid/4ecfca75-4dbb-4ba3-b1cd-7adf744c9446";
preLVM = true;
allowDiscards = true;
};
};
networking.hostName = "nunotaba";
networking.wireguard.interfaces.wg-home.ips = [ "10.80.0.4/24" ];
}

60
modules/base.nix Normal file
View File

@ -0,0 +1,60 @@
{ config, lib, pkgs, ... }:
{
# Essential system tools
environment.systemPackages = with pkgs; [
git
git-crypt # used to store secrets in configuration
git-lfs # not so essential, but required to clone config
htop
(unstable.neovim.override { vimAlias = true; }) # FIXME unstable is for python-msgpack 1.0; use stable once python-msgpack 1.0 is in stable
tmux
];
# Clean temporary files on boot
boot.cleanTmpDir = true;
# Disable firewall
networking.firewall.enable = lib.mkDefault false;
# Set zsh as default shell
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
# Sane swapping
boot.kernel.sysctl."vm.swapiness" = 10;
# Store logs persistently
services.journald.extraConfig = "Storage = persistent";
# Hard drive monitoring
services.smartd.enable = true;
# Network monitoring
services.vnstat.enable = true;
# Authentication/Encryption agents
programs.gnupg.agent.enable = true;
programs.ssh.startAgent = true;
# NixOS version
system.stateVersion = "20.03";
nixpkgs.config = {
# Explicitly allow unfree packages (rule of thumb: assets ok, code not ok)
allowUnfreePredicate = (
pkg: builtins.elem (lib.getName pkg) [
"corefonts"
"vista-fonts"
]
);
# Add unstable channel
packageOverrides = pkgs: {
unstable = import (builtins.fetchTarball "https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz") {
config = config.nixpkgs.config;
};
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
};
}

104
modules/cli-tools.nix Normal file
View File

@ -0,0 +1,104 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
# top like tools
bmon # network monitor
gotop # fancy top
iotop # top for io
mtr # interactive traceroute
# batch processing/automation
jq # sed for json
parallel # parallel batch processing
yq # sed for yaml
# unix tools on steroids
curlie # better httpie (easier curl)
exa # better ls
fd # better find
ripgrep # better grep
# file tools
dos2unix # convert CRLF (dos) or CR (classic mac) line endings to LF (unix)
fdupes # find duplicate files
file # file type
hexyl # user friendly hex file viewer
hyperfine # cli benchmarking
megatools # cli for mega.nz
minio-client # client for s3 compatible storage systems
mktorrent # bittorrent seed file generator
rclone # rsync for cloud storage
rename # sed for filenames
restic # backup tool
rsync # incremental file transfer
tokei # fast cloc
xdelta # binary diff
# file format tools
p7zip # 7z cli
pdftk # pdf multitool
sqlite # cli for sqlite databses
upx # executable packer
# network tools
dnsutils # dig
gatling # high performance web serve
iperf
iperf2 # bandwidth measurement tool
sshfs # mount remote host
vnstat # client for vnstatd
whois # whois client
# system tools
libva-utils # vainfo
ncdu # interactive du
reptyr # move process to current terminal
smartmontools # hard drive monitoring
# clients
drone-cli # client for drone ci
hcloud # cli for Hetzner Cloud
libnotify # notify-send
# function eye candy
fzf # fuzzy finder
pv # monitor progress in pipe
starship # zsh prompt
# end user programs
apacheHttpd # for htpasswd
libqalculate # flexible calculator for humans
scrcpy # stream/control android phones over adb
taskwarrior # todo list manager
# passwords
pass-wayland #passExtensions.pass-otp # password manager (FIXME: otp collides with main)
pwgen
pwgen-secure # password generator
unstable.xkcdpass # memorable password generator
# misc
toilet # free figlet
python38Packages.ipython # better python repl (useful for one-liners)
# vim
neovim-remote # controlling another neovim process
universal-ctags # ctags
# direnv
direnv # per-directory environment
nix-direnv # per-directory environment for nix
# git
gitAndTools.git-annex
gitAndTools.git-annex-remote-rclone # git for non source files
gitAndTools.pre-commit # pre-commit hook for git
];
programs.adb.enable = true;
environment.pathsToLink = [
"/share/nix-direnv"
];
}

View File

@ -0,0 +1,8 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
(mumble.override { pulseSupport = true; }) # VoIP group chat
claws-mail # email client that looks ugly but just works
];
}

13
modules/creative.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
blender # 3d animation
darktable # photo development
gimp
gimpPlugins.gmic # bitmap editor
krita # drawing
openscad # parametric/procedural 3d modelling
unstable.inkscape # vector graphics editor
];
}

5
modules/cups.nix Normal file
View File

@ -0,0 +1,5 @@
{ ... }:
{
services.printing.enable = true;
}

7
modules/dev/default.nix Normal file
View File

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
imports = [
./rust.nix
];
}

7
modules/dev/rust.nix Normal file
View File

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
rustup
];
}

33
modules/docker.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
docker-compose
docker-ls
];
virtualisation.docker = {
enable = true;
logDriver = "journald";
extraOptions = builtins.concatStringsSep " " [
"--ipv6"
"--fixed-cidr-v6=fd00:d0ce:d0ce:d0ce::/64"
];
};
docker-containers.ipv6nat = {
image = "robbertkl/ipv6nat";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock:ro"
];
extraDockerOptions = [
"--network=host"
"--cap-drop=ALL"
"--cap-add=NET_ADMIN"
"--cap-add=NET_RAW"
"--cap-add=SYS_MODULE"
];
};
environment.etc."modules-load.d/ipv6nat.conf".text = "ip6_tables\n";
}

24
modules/fonts.nix Normal file
View File

@ -0,0 +1,24 @@
{ pkgs, ... }:
{
fonts = {
fonts = with pkgs; [
corefonts # good ol microsoft fonts
google-fonts # google font collection (free)
(unstable.nerdfonts.override { fonts = [ "Iosevka" ]; })
#roboto # standalone roboto has awful kerning
unstable.source-han-sans
unstable.source-han-serif # CJK fonts
vistafonts # newer microsoft fonts
];
enableDefaultFonts = true;
enableFontDir = true;
fontconfig.defaultFonts = {
monospace = [ "Iosevka Nerd Font" "Source Han Sans" ];
sansSerif = [ "Roboto" "Source Han Sans" ];
serif = [ "Georgia" "Source Han Serif" ];
};
};
}

10
modules/grub.nix Normal file
View File

@ -0,0 +1,10 @@
{ lib, ... }:
{
boot.loader.grub.enable = lib.mkDefault true;
boot.loader.grub.version = 2;
boot.loader.grub.gfxmodeBios = "1920x1080,1024x768,auto";
boot.loader.grub.gfxpayloadBios = "keep";
boot.loader.grub.memtest86.enable = true;
boot.loader.timeout = 2;
}

13
modules/gui-tools.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
anki # flashcard SRS
unstable.antimicroX # gamepad to keyboard/mouse mapping
filezilla # ftp client
gparted # gui for parted
xfce.thunar # graphical file manager
qalculate-gtk # flexible calculator
wxhexeditor # hex editor
];
}

13
modules/locales.nix Normal file
View File

@ -0,0 +1,13 @@
{ ... }:
{
i18n.defaultLocale = "en_GB.UTF-8";
console.keyMap = "de";
time.timeZone = "Europe/Berlin";
location = {
latitude = 49.52;
longitude = 10.17;
};
}

42
modules/media.nix Normal file
View File

@ -0,0 +1,42 @@
{ pkgs, gui ? false, ... }:
{
environment.systemPackages = with pkgs; [
# Audio
abcde # cd ripper
shntool # split audio with cue
sidplayfp # SID chiptune player
sox # “Swiss Army knife of audio manipulation”
# Audio + Video
mediainfo # show information about media files
youtube-dl # universal video downloader
# Images
exiftool # manipulate EXIF meta data
jpegoptim # lossless jpeg optimiser
libwebp # tools for webp image format
optipng # lossless png optimiser
pngcrush
pngquant # lossy png optimisers
# Literature
mupdf # document (pdf) viewer and tools
] ++ (
if gui then [
# Audio
picard # musicbrainz tagger
# Audio + Video
mkvtoolnix # matroska (de-)muxing
mpv # media player
# Literature
calibre # ebook library
zathura # plugin based document viewer
] else [
# Packages only installed when gui is disabled
mkvtoolnix-cli # matroska (de-)muxing
]
);
}

54
modules/mpd.nix Normal file
View File

@ -0,0 +1,54 @@
{ pkgs, ... }:
let
mpdConf = pkgs.writeText "mpd.conf" ''
music_directory "~/Music"
playlist_directory "~/.mpd/playlists"
db_file "~/.mpd/tag_cache"
state_file "~/.mpd/state"
sticker_file "~/.mpd/sticker.sql"
bind_to_address "127.0.0.1"
zeroconf_enabled "no"
restore_paused "yes"
replaygain "track"
auto_update "yes"
audio_output {
type "pulse"
name "pulse"
}
audio_output {
type "fifo"
name "fifo"
path "~/.mpd/fifo"
format "44100:16:2"
}
'';
in
{
imports = [
./pulseaudio.nix
];
systemd.user.services.mpd = {
after = [ "network.target" "sound.target" ];
description = "Music Player Daemon";
wantedBy = [ "default.target" ];
partOf = [ "default.target" ];
serviceConfig = {
ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdConf}";
Type = "notify";
ExecStartPre = ''${pkgs.bash}/bin/bash -c "${pkgs.coreutils}/bin/mkdir -p ~/Music ~/.mpd/playlists"'';
};
};
environment.systemPackages = with pkgs; [
mpc_cli
(pkgs.ncmpcpp.override { visualizerSupport = true; taglibSupport = false; })
];
}

View File

@ -0,0 +1,7 @@
{ ... }:
{
networking.networkmanager = {
enable = true;
};
}

19
modules/office.nix Normal file
View File

@ -0,0 +1,19 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
aspellDicts.de
hunspellDicts.de-de # dictionary
gscan2pdf # scanning tool
jameica # application framework (used for hibiscus online banking)
khal # calendar
khard # address book
libreoffice # office suite
pdfsam-basic # pdf multitool
vdirsyncerStable # dav sync client
xournalpp # notebook
xsane # scanning tool
];
hardware.sane.enable = true;
}

View File

@ -0,0 +1,17 @@
{ config, ... }:
let
vpnNetRanges = config.networking.wireguard.interfaces.wg-home.ips;
vpnNetRange = builtins.elemAt vpnNetRanges 0;
vpnAddress = builtins.elemAt (builtins.split "/" vpnNetRange) 0;
in
{
imports = [
../wireguard/home.nix
];
services.prometheus.exporters.node = {
enable = true;
listenAddress = vpnAddress;
};
}

3
modules/pubkeys.nix Normal file
View File

@ -0,0 +1,3 @@
{
"simon@kipf" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCs0igb6TTxPkKEQ96pk/NEqqWvQH/miJEBAEe1bzHlo5n5ThnGYvVPadfHIwq1ix0IdAfyWoG8duaKVDJAUAFBtegRO7vRBYBYR04V8DE8n66MgDbbLDuu7Kbm4JWMUNg43KwJDzZtSvEKjyh5/u/TT59D1F+toxMfet++jNG03mFa6ANhMTjghbkFHj3eyuiXA/SxZLorhkCFW6Tri3u5FFLGpjaom1dZ5PAcic0+ZOECpgEwTj8FpOzmldjsu8gFxdPYGrqfA1dOxL3OQ6/rB0LfHjwrN9i3DrZzG+RfJxZbgO4/RLQz2sHYM6S6d1MtCcXThozCXSbmpdNdwdPp";
}

18
modules/pulseaudio.nix Normal file
View File

@ -0,0 +1,18 @@
{ pkgs, ... }:
{
sound.enable = true;
hardware.pulseaudio.enable = true;
hardware.pulseaudio.package = pkgs.pulseaudioFull;
hardware.pulseaudio.daemon.config = {
"default-sample-format" = "s16le";
"default-sample-rate" = "48000";
"alternate-sample-rate" = "44100";
"resample-method" = "soxr-hq";
"flat-volumes" = "no";
};
environment.systemPackages = with pkgs; [
pavucontrol
];
}

66
modules/restic.nix Normal file
View File

@ -0,0 +1,66 @@
{ pkgs, config, lib, ... }:
let
excludes = [
# General
"/home/*/Downloads/"
"/home/*/.cache/"
"/home/*/**/cache/"
"/home/*/.claws-mail/imapcache"
"/home/*/.local/share/Trash"
"/home/*/.local/share/nvim/"
# Rust
"/home/*/**/target/debug/"
"/home/*/**/target/doc/"
"/home/*/**/target/release/"
"/home/*/**/target/rls/"
"/home/*/**/target/tarpaulin/"
"/home/*/**/target/wasm32-unknown-unknown/"
"/home/*/.rustup/toolchains/"
"/home/*/.cargo"
# Python
"/home/*/.local/share/pyppeteer"
"/home/*/.local/share/virtualenvs/"
"/home/*/.platformio/"
# Node
"/home/*/**/.local-chromium"
# Project related
"/home/*/Music"
"/home/*/mount"
"/home/*/projects/vapoursynth/data/"
"/home/*/projects/vapoursynth/out/"
"/home/*/projects/vapoursynth/src/"
# Docker
"/var/lib/docker/"
];
excludesFile = pkgs.writeText "exludes.txt" (builtins.concatStringsSep "\n" excludes);
maybePath = path: (lib.optional (builtins.pathExists path) (toString path));
in
{
services.restic.backups."${config.networking.hostName}-system" = {
passwordFile = toString (../machines/. + "/${config.networking.hostName}" + /secrets/restic_password);
s3CredentialsFile = toString ../secrets/s3_credentials;
repository = "s3:https://s3.eu-central-1.wasabisys.com/sbruder-restic";
paths = lib.mkDefault (
[]
++ maybePath /data
++ maybePath /home
++ maybePath /srv
++ maybePath /var
);
initialize = true;
extraBackupArgs = [
"--exclude-caches"
"--exclude-file=${excludesFile}"
];
timerConfig = {
OnCalendar = "20:00";
RandomizedDelaySec = "2h";
};
};
}

16
modules/ssh.nix Normal file
View File

@ -0,0 +1,16 @@
{ ... }:
let
pubkeys = import ./pubkeys.nix;
in
{
services.openssh = {
enable = true;
permitRootLogin = "yes";
passwordAuthentication = false;
};
users.users.root.openssh.authorizedKeys.keys = [
pubkeys."simon@kipf"
];
}

43
modules/sway.nix Normal file
View File

@ -0,0 +1,43 @@
{ config, pkgs, ... }:
{
programs.sway = {
enable = true;
extraPackages = with pkgs; [
swaylock # lockscreen
swayidle # autolock
xwayland # for legacy apps
(waybar.override { pulseSupport = true; }) # better status bar
mako # notification daemon
#kanshi # autorandr
alacritty # temrinal
unstable.dmenu-wayland # launcher
brightnessctl # control screen brightness
#redshift-wlr # natural color temperature
unstable.sway-contrib.grimshot # screenshots
];
extraSessionCommands = ''
export CLUTTER_BACKEND=wayland
export GDK_BACKEND=wayland
export MOZ_ENABLE_WAYLAND=1
export QT_QPA_PLATFORM=wayland-egl
export QT_WAYLAND_DISABLE_WINDOWDECORATION=1
export SDL_VIDEODRIVER=wayland
export _JAVA_AWT_WM_NONREPARENTING=1
'';
};
services.redshift = {
enable = true;
package = pkgs.redshift-wlr;
extraOptions = [ "-m" "wayland" ];
temperature = {
day = 6500;
night = 3500;
};
};
systemd.user.targets.graphical-session.wantedBy = [ "multi-user.target" ];
services.logind.lidSwitchDocked = config.services.logind.lidSwitch;
}

10
modules/web.nix Normal file
View File

@ -0,0 +1,10 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
firefox-wayland
passff-host # host app for pass firefox extension
# Buidling chromium from source on a potato laptop is not fun
#(ungoogled-chromium.override { useOzone = true; })
];
}

View File

@ -0,0 +1,28 @@
# Module for setting up the shared part of my home wireguard network.
# Every machine using this still has to set the `ips` for the `wg-home`
# interface and place the private key in their secrets directory as
# `wg-home_private_key`
#
# Example:
#
# networking.wireguard.interfaces.wg-home.ips = [ "10.80.0.4/24" ];
{ config, ... }:
{
networking.wireguard = {
enable = true;
interfaces = {
wg-home = {
privateKeyFile = toString (../../machines/. + "/${config.networking.hostName}" + /secrets/wg-home_private_key);
peers = [
{
allowedIPs = [ "10.80.0.0/24" ];
publicKey = "UyZRAVTIc/RMs/J+591wrA8lHU0e8dwDJJwcpRb3xQA=";
endpoint = "87.140.16.73:51820"; # IPv6 is tunneled so legacy is preferred
persistentKeepalive = 25;
}
];
};
};
};
}

2
pre-commit-hook Executable file
View File

@ -0,0 +1,2 @@
#!/usr/bin/env bash
nixpkgs-fmt --check .

14
profiles/base.nix Normal file
View File

@ -0,0 +1,14 @@
{ ... }:
{
imports =
[
../modules/base.nix
../modules/cli-tools.nix
../modules/docker.nix
../modules/grub.nix
../modules/locales.nix
../modules/prometheus/node_exporter.nix
../modules/ssh.nix
];
}

8
profiles/dev.nix Normal file
View File

@ -0,0 +1,8 @@
{ ... }:
{
imports =
[
../modules/dev
];
}

19
profiles/gui.nix Normal file
View File

@ -0,0 +1,19 @@
{ pkgs, ... }:
{
imports =
[
../modules/communication.nix
../modules/creative.nix
../modules/cups.nix
../modules/fonts.nix
../modules/gui-tools.nix
(import ../modules/media.nix { inherit pkgs; gui = true; })
../modules/mpd.nix
../modules/network-manager.nix
../modules/office.nix
../modules/pulseaudio.nix
../modules/sway.nix
../modules/web.nix
];
}

10
shell.nix Normal file
View File

@ -0,0 +1,10 @@
{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
nativeBuildInputs = with pkgs; [
nixpkgs-fmt
];
buildPhase = ''
ln -f -s ../../pre-commit-hook .git/hooks/pre-commit
'';
}

43
users/simon/base.nix Normal file
View File

@ -0,0 +1,43 @@
{ pkgs, ... }:
let
pubkeys = import ../../modules/pubkeys.nix;
in
{
imports = [
(import "${builtins.fetchTarball https://github.com/rycee/home-manager/archive/master.tar.gz}/nixos") # FIXME: pin to release
];
users.users.simon = {
isNormalUser = true;
extraGroups = [
"adbusers"
"dialout"
"docker"
"lp"
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
pubkeys."simon@kipf"
];
};
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
home-manager.users.simon = { pkgs, ... }: {
gtk = {
enable = true;
font.name = "sans-serif 10";
theme = {
package = pkgs.gnome-themes-extra;
name = "Adwaita";
};
iconTheme = {
package = pkgs.gnome3.adwaita-icon-theme;
name = "Adwaita";
};
};
};
}