fix: finish hax?
This commit is contained in:
parent
1a4d6ecd2a
commit
b44499c92e
27 changed files with 381 additions and 492 deletions
|
@ -45,7 +45,8 @@ tasks:
|
|||
vars:
|
||||
- host
|
||||
cmds:
|
||||
- echo "This will dry-run your config."
|
||||
- echo "This will dry-run your config and add your untracked git files."
|
||||
- git add .
|
||||
- nixos-rebuild dry-run --flake "{{.ROOT_DIR}}/#{{.host}}" --impure
|
||||
preconditions:
|
||||
- sh: which nix
|
||||
|
@ -61,7 +62,9 @@ tasks:
|
|||
vars:
|
||||
- host
|
||||
cmds:
|
||||
- git add .
|
||||
- nixos-rebuild build --flake "{{.ROOT_DIR}}/#{{.host}}" --impure
|
||||
- nvd diff /run/current-system result
|
||||
preconditions:
|
||||
- sh: which nix
|
||||
msg: "nix not found"
|
||||
|
|
BIN
dns01.qcow2
Normal file
BIN
dns01.qcow2
Normal file
Binary file not shown.
|
@ -6,14 +6,6 @@
|
|||
, pkgs
|
||||
, ...
|
||||
}: {
|
||||
imports = [
|
||||
|
||||
# Common imports
|
||||
../common/optional/gnome.nix
|
||||
../common/optional/editors/vscode
|
||||
../common/optional/firefox.nix
|
||||
|
||||
];
|
||||
|
||||
|
||||
config = {
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
{ inputs
|
||||
, outputs
|
||||
, config
|
||||
, ...
|
||||
}: {
|
||||
# Time
|
||||
networking.timeServers = [ "10.8.10.1" ];
|
||||
services.chrony = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
|
@ -1,41 +0,0 @@
|
|||
# Ref: https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2
|
||||
{ inputs
|
||||
, outputs
|
||||
, pkgs
|
||||
, config
|
||||
, ...
|
||||
}: {
|
||||
# Disable resolvd to ensure it doesnt re-write /etc/resolv.conf
|
||||
config.services.resolved.enable = false;
|
||||
|
||||
# Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt
|
||||
# causing a risk of no dns if service fails.
|
||||
config.networking = {
|
||||
nameservers = [ "10.8.10.1" ]; # TODO make varible IP
|
||||
|
||||
dhcpcd.extraConfig = "nohook resolv.conf";
|
||||
};
|
||||
|
||||
# configure secret for forwarding rules
|
||||
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".sopsFile = ./dnscrypt-proxy2.sops.yaml;
|
||||
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444"; # This is world-readable but theres nothing security related in the file
|
||||
|
||||
# Restart dnscrypt when secret changes
|
||||
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = [ "dnscrypt-proxy2" ];
|
||||
|
||||
config.services.dnscrypt-proxy2 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
require_dnssec = true;
|
||||
forwarding_rules = config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path;
|
||||
listen_addresses = [ "0.0.0.0:53" ];
|
||||
server_names = [ "NextDNS" ];
|
||||
|
||||
static = {
|
||||
"NextDNS" = {
|
||||
stamp = "sdns://AgEAAAAAAAAAAAAOZG5zLm5leHRkbnMuaW8HL2Y2ZmUzNQ";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,139 +0,0 @@
|
|||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}: {
|
||||
# TODO add USER settings.json
|
||||
# Enable vscode & addons
|
||||
environment.systemPackages = with pkgs; [
|
||||
(vscode-with-extensions.override {
|
||||
vscode = vscodium;
|
||||
vscodeExtensions = with vscode-extensions;
|
||||
[
|
||||
bbenoist.nix
|
||||
mkhl.direnv
|
||||
|
||||
]
|
||||
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
|
||||
{
|
||||
name = "prettier-vscode";
|
||||
publisher = "esbenp";
|
||||
version = "10.1.0";
|
||||
sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9";
|
||||
}
|
||||
|
||||
{
|
||||
name = "vscode-docker";
|
||||
publisher = "ms-azuretools";
|
||||
version = "1.28.0";
|
||||
sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0";
|
||||
}
|
||||
|
||||
{
|
||||
name = "gitlens";
|
||||
publisher = "eamodio";
|
||||
version = "14.7.0";
|
||||
sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy";
|
||||
}
|
||||
|
||||
{
|
||||
name = "remote-containers";
|
||||
publisher = "ms-vscode-remote";
|
||||
version = "0.327.0";
|
||||
sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz";
|
||||
}
|
||||
|
||||
{
|
||||
name = "remote-ssh";
|
||||
publisher = "ms-vscode-remote";
|
||||
version = "0.107.1";
|
||||
sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf";
|
||||
}
|
||||
|
||||
{
|
||||
name = "vscode-yaml";
|
||||
publisher = "redhat";
|
||||
version = "1.14.0";
|
||||
sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944";
|
||||
}
|
||||
|
||||
{
|
||||
name = "todo-tree";
|
||||
publisher = "gruntfuggly";
|
||||
version = "0.0.226";
|
||||
sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn";
|
||||
}
|
||||
|
||||
{
|
||||
name = "path-autocomplete";
|
||||
publisher = "ionutvmi";
|
||||
version = "1.25.0";
|
||||
sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb";
|
||||
}
|
||||
|
||||
{
|
||||
name = "even-better-toml";
|
||||
publisher = "tamasfe";
|
||||
version = "0.19.2";
|
||||
sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14";
|
||||
}
|
||||
|
||||
{
|
||||
name = "linter";
|
||||
publisher = "fnando";
|
||||
version = "0.0.19";
|
||||
sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g";
|
||||
}
|
||||
|
||||
{
|
||||
name = "catppuccin-vsc";
|
||||
publisher = "catppuccin";
|
||||
version = "3.11.0";
|
||||
sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d";
|
||||
}
|
||||
|
||||
{
|
||||
name = "catppuccin-vsc-icons";
|
||||
publisher = "catppuccin";
|
||||
version = "1.8.0";
|
||||
sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z";
|
||||
}
|
||||
|
||||
{
|
||||
name = "nix-ide";
|
||||
publisher = "jnoortheen";
|
||||
version = "0.2.2";
|
||||
sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg";
|
||||
}
|
||||
|
||||
{
|
||||
name = "vscode-swissknife";
|
||||
publisher = "luisfontes19";
|
||||
version = "1.8.1";
|
||||
sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c";
|
||||
}
|
||||
|
||||
{
|
||||
name = "pre-commit-helper";
|
||||
publisher = "elagil";
|
||||
version = "0.5.0";
|
||||
sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj";
|
||||
}
|
||||
|
||||
{
|
||||
name = "sops-edit";
|
||||
publisher = "shipitsmarter";
|
||||
version = "1.0.0";
|
||||
sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4";
|
||||
}
|
||||
|
||||
{
|
||||
name = "json5-for-vscode";
|
||||
publisher = "tudoudou";
|
||||
version = "0.0.3";
|
||||
sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w";
|
||||
}
|
||||
];
|
||||
})
|
||||
];
|
||||
}
|
|
@ -1,174 +0,0 @@
|
|||
# Warning, this file is autogenerated by nix4vscode. Don't modify this manually.
|
||||
{ pkgs }:
|
||||
let
|
||||
vscode-utils = pkgs.vscode-utils;
|
||||
in
|
||||
{
|
||||
"ms-python"."python" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "python";
|
||||
publisher = "ms-python";
|
||||
version = "2024.0.0";
|
||||
sha256 = "0sy1z2r6b0m1lkivjyrcf41dbgj9m5zkjy6yncpji1hisjcbgq6n";
|
||||
};
|
||||
|
||||
"ms-python"."vscode-pylance" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "vscode-pylance";
|
||||
publisher = "ms-python";
|
||||
version = "2023.12.1";
|
||||
sha256 = "03fr9zanhdsf3wirv65vb41swvdnxxaz8lviyjdbmzcw9yihf8dv";
|
||||
};
|
||||
|
||||
"esbenp"."prettier-vscode" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "prettier-vscode";
|
||||
publisher = "esbenp";
|
||||
version = "10.1.0";
|
||||
sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9";
|
||||
};
|
||||
|
||||
"ms-azuretools"."vscode-docker" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "vscode-docker";
|
||||
publisher = "ms-azuretools";
|
||||
version = "1.28.0";
|
||||
sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0";
|
||||
};
|
||||
|
||||
"eamodio"."gitlens" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "gitlens";
|
||||
publisher = "eamodio";
|
||||
version = "14.7.0";
|
||||
sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy";
|
||||
};
|
||||
|
||||
"ms-vscode-remote"."remote-containers" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "remote-containers";
|
||||
publisher = "ms-vscode-remote";
|
||||
version = "0.327.0";
|
||||
sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz";
|
||||
};
|
||||
|
||||
"ms-vscode-remote"."remote-ssh" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "remote-ssh";
|
||||
publisher = "ms-vscode-remote";
|
||||
version = "0.107.1";
|
||||
sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf";
|
||||
};
|
||||
|
||||
"redhat"."vscode-yaml" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "vscode-yaml";
|
||||
publisher = "redhat";
|
||||
version = "1.14.0";
|
||||
sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944";
|
||||
};
|
||||
|
||||
"github"."copilot" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "copilot";
|
||||
publisher = "github";
|
||||
version = "1.156.0";
|
||||
sha256 = "16nzwazfbh895kmc2887b17zzbbcjyk8fhiphk5xmy1nm9qxszk0";
|
||||
};
|
||||
|
||||
"golang"."go" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "go";
|
||||
publisher = "golang";
|
||||
version = "0.40.3";
|
||||
sha256 = "15kicpv9xpn7l3w9mbmsjdzjmavh88p3skkim0a9prg9p40bsq0m";
|
||||
};
|
||||
|
||||
"gruntfuggly"."todo-tree" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "todo-tree";
|
||||
publisher = "gruntfuggly";
|
||||
version = "0.0.226";
|
||||
sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn";
|
||||
};
|
||||
|
||||
"ms-kubernetes-tools"."vscode-kubernetes-tools" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "vscode-kubernetes-tools";
|
||||
publisher = "ms-kubernetes-tools";
|
||||
version = "1.3.15";
|
||||
sha256 = "1x6npc90p6b1wx5sd1hd0x0djahmffr6lw9cxh2zg10rbpq48w8i";
|
||||
};
|
||||
|
||||
"hashicorp"."terraform" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "terraform";
|
||||
publisher = "hashicorp";
|
||||
version = "2.29.3";
|
||||
sha256 = "sha256-cYYtBZaWgtT6vS6In+tbpLfp/GdyWodBXyHsxn8ZZrU=";
|
||||
};
|
||||
|
||||
"ionutvmi"."path-autocomplete" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "path-autocomplete";
|
||||
publisher = "ionutvmi";
|
||||
version = "1.25.0";
|
||||
sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb";
|
||||
};
|
||||
|
||||
"tamasfe"."even-better-toml" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "even-better-toml";
|
||||
publisher = "tamasfe";
|
||||
version = "0.19.2";
|
||||
sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14";
|
||||
};
|
||||
|
||||
"redhat"."ansible" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "ansible";
|
||||
publisher = "redhat";
|
||||
version = "2.9.118";
|
||||
sha256 = "0yndj2r0w2zxc5firxgfrykkc5ajy9gsmrfmkz80kfhwk33n9y1p";
|
||||
};
|
||||
|
||||
"fnando"."linter" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "linter";
|
||||
publisher = "fnando";
|
||||
version = "0.0.19";
|
||||
sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g";
|
||||
};
|
||||
|
||||
"catppuccin"."catppuccin-vsc" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "catppuccin-vsc";
|
||||
publisher = "catppuccin";
|
||||
version = "3.11.0";
|
||||
sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d";
|
||||
};
|
||||
|
||||
"catppuccin"."catppuccin-vsc-icons" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "catppuccin-vsc-icons";
|
||||
publisher = "catppuccin";
|
||||
version = "1.8.0";
|
||||
sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z";
|
||||
};
|
||||
|
||||
"jnoortheen"."nix-ide" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "nix-ide";
|
||||
publisher = "jnoortheen";
|
||||
version = "0.2.2";
|
||||
sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg";
|
||||
};
|
||||
|
||||
"luisfontes19"."vscode-swissknife" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "vscode-swissknife";
|
||||
publisher = "luisfontes19";
|
||||
version = "1.8.1";
|
||||
sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c";
|
||||
};
|
||||
|
||||
"elagil"."pre-commit-helper" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "pre-commit-helper";
|
||||
publisher = "elagil";
|
||||
version = "0.5.0";
|
||||
sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj";
|
||||
};
|
||||
|
||||
"shipitsmarter"."sops-edit" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "sops-edit";
|
||||
publisher = "shipitsmarter";
|
||||
version = "1.0.0";
|
||||
sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4";
|
||||
};
|
||||
|
||||
"tudoudou"."json5-for-vscode" = vscode-utils.extensionFromVscodeMarketplace {
|
||||
name = "json5-for-vscode";
|
||||
publisher = "tudoudou";
|
||||
version = "0.0.3";
|
||||
sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w";
|
||||
};
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}: {
|
||||
programs.firefox = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
|
@ -1,68 +0,0 @@
|
|||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
}: {
|
||||
# Ref: https://nixos.wiki/wiki/GNOME
|
||||
|
||||
# GNOME plz
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
displayManager =
|
||||
{
|
||||
gdm.enable = true;
|
||||
defaultSession = "gnome"; # TODO move to config overlay
|
||||
|
||||
autoLogin.enable = true;
|
||||
autoLogin.user = "truxnell"; # TODO move to config overlay
|
||||
};
|
||||
desktopManager = {
|
||||
# GNOME
|
||||
gnome.enable = true;
|
||||
};
|
||||
|
||||
layout = "us"; # `localctl` will give you
|
||||
};
|
||||
|
||||
# TODO remove this when possible
|
||||
# workaround for GNOME autologin
|
||||
# https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
|
||||
systemd.services."getty@tty1".enable = false;
|
||||
systemd.services."autovt@tty1".enable = false;
|
||||
|
||||
# TODO tidy this
|
||||
# port forward for GNOME when using RDP***REMOVED***
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
3389
|
||||
];
|
||||
|
||||
# And dconf
|
||||
programs.dconf.enable = true;
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/issues/114514
|
||||
# dconf write /org/gnome/mutter/experimental-features "['scale-monitor-framebuffer']" TODO hack for GNOME 45
|
||||
|
||||
|
||||
# Exclude default GNOME packages that dont interest me.
|
||||
environment.gnome.excludePackages =
|
||||
(with pkgs; [
|
||||
gnome-photos
|
||||
gnome-tour
|
||||
])
|
||||
++ (with pkgs.gnome; [
|
||||
cheese # webcam tool
|
||||
gnome-music
|
||||
gnome-terminal
|
||||
gedit # text editor
|
||||
epiphany # web browser
|
||||
geary # email reader
|
||||
evince # document viewer
|
||||
gnome-characters
|
||||
totem # video player
|
||||
tali # poker game
|
||||
iagno # go game
|
||||
hitori # sudoku game
|
||||
atomix # puzzle game
|
||||
]);
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
{ inputs
|
||||
, outputs
|
||||
, config
|
||||
, ...
|
||||
}: {
|
||||
# init secret
|
||||
config.sops.secrets."system/mail/maddy/envFile" = {
|
||||
sopsFile = ./maddy.sops.yaml;
|
||||
owner = "maddy";
|
||||
group = "maddy";
|
||||
};
|
||||
|
||||
# Restart dnscrypt when secret changes
|
||||
config.sops.secrets."system/mail/maddy/envFile".restartUnits = [ "maddy" ];
|
||||
|
||||
#
|
||||
config.services.maddy = {
|
||||
enable = true;
|
||||
secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ];
|
||||
config = builtins.readFile ./maddy.conf;
|
||||
};
|
||||
}
|
|
@ -8,10 +8,15 @@
|
|||
}: {
|
||||
imports = [
|
||||
|
||||
../common/optional/dnscrypt-proxy2.nix
|
||||
../common/optional/maddy.nix
|
||||
|
||||
];
|
||||
mySystem.services.cfddns.enable = true;
|
||||
|
||||
mySystem = {
|
||||
services.maddy.enable = true;
|
||||
services.dnscrypt-proxy.enable = true;
|
||||
services.cfDdns.enable = true;
|
||||
};
|
||||
|
||||
networking.hostName = "dns01"; # Define your hostname.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
|
|
|
@ -5,15 +5,7 @@
|
|||
}: {
|
||||
|
||||
# hardware-configuration.nix is missing as I've abstracted out the parts
|
||||
# into various areas like my global/hardware profiles, etc.
|
||||
imports = [
|
||||
|
||||
# Common imports
|
||||
../common/optional/gnome.nix
|
||||
../common/optional/editors/vscode
|
||||
../common/optional/firefox.nix
|
||||
|
||||
];
|
||||
|
||||
config.mySystem = {
|
||||
services.openssh.enable = true;
|
||||
security.wheelNeedsSudoPassword = false;
|
||||
|
|
5
nixos/modules/nixos/browser/default.nix
Normal file
5
nixos/modules/nixos/browser/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
imports = [
|
||||
./firefox.nix
|
||||
];
|
||||
}
|
22
nixos/modules/nixos/browser/firefox.nix
Normal file
22
nixos/modules/nixos/browser/firefox.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{ lib
|
||||
, config
|
||||
, ...
|
||||
}:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.mySystem.browser.firefox;
|
||||
in
|
||||
{
|
||||
options.mySystem.browser.firefox.enable = mkEnableOption "Firefox";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
programs.firefox = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
}
|
6
nixos/modules/nixos/de/default.nix
Normal file
6
nixos/modules/nixos/de/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
imports = [
|
||||
./gnome.nix
|
||||
|
||||
];
|
||||
}
|
81
nixos/modules/nixos/de/gnome.nix
Normal file
81
nixos/modules/nixos/de/gnome.nix
Normal file
|
@ -0,0 +1,81 @@
|
|||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.mySystem.de.gnome;
|
||||
in
|
||||
{
|
||||
options.mySystem.de.gnome.enable = mkEnableOption "GNOME";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
# Ref: https://nixos.wiki/wiki/GNOME
|
||||
|
||||
# GNOME plz
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
displayManager =
|
||||
{
|
||||
gdm.enable = true;
|
||||
defaultSession = "gnome"; # TODO move to config overlay
|
||||
|
||||
autoLogin.enable = true;
|
||||
autoLogin.user = "truxnell"; # TODO move to config overlay
|
||||
};
|
||||
desktopManager = {
|
||||
# GNOME
|
||||
gnome.enable = true;
|
||||
};
|
||||
|
||||
layout = "us"; # `localctl` will give you
|
||||
};
|
||||
|
||||
# TODO remove this when possible
|
||||
# workaround for GNOME autologin
|
||||
# https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
|
||||
systemd.services."getty@tty1".enable = false;
|
||||
systemd.services."autovt@tty1".enable = false;
|
||||
|
||||
# TODO tidy this
|
||||
# port forward for GNOME when using RDP***REMOVED***
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
3389
|
||||
];
|
||||
|
||||
# And dconf
|
||||
programs.dconf.enable = true;
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/issues/114514
|
||||
# dconf write /org/gnome/mutter/experimental-features "['scale-monitor-framebuffer']" TODO hack for GNOME 45
|
||||
|
||||
|
||||
# Exclude default GNOME packages that dont interest me.
|
||||
environment.gnome.excludePackages =
|
||||
(with pkgs; [
|
||||
gnome-photos
|
||||
gnome-tour
|
||||
])
|
||||
++ (with pkgs.gnome; [
|
||||
cheese # webcam tool
|
||||
gnome-music
|
||||
gnome-terminal
|
||||
gedit # text editor
|
||||
epiphany # web browser
|
||||
geary # email reader
|
||||
evince # document viewer
|
||||
gnome-characters
|
||||
totem # video player
|
||||
tali # poker game
|
||||
iagno # go game
|
||||
hitori # sudoku game
|
||||
atomix # puzzle game
|
||||
]);
|
||||
};
|
||||
|
||||
|
||||
}
|
|
@ -3,6 +3,9 @@
|
|||
./system
|
||||
./programs
|
||||
./services
|
||||
./browser
|
||||
./de
|
||||
./editor
|
||||
|
||||
];
|
||||
}
|
||||
|
|
6
nixos/modules/nixos/editor/default.nix
Normal file
6
nixos/modules/nixos/editor/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
imports = [
|
||||
./vscodium.nix
|
||||
|
||||
];
|
||||
}
|
154
nixos/modules/nixos/editor/vscodium.nix
Normal file
154
nixos/modules/nixos/editor/vscodium.nix
Normal file
|
@ -0,0 +1,154 @@
|
|||
{ lib
|
||||
, config
|
||||
, pkgs
|
||||
|
||||
, ...
|
||||
}:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.mySystem.editor.vscodium;
|
||||
in
|
||||
{
|
||||
options.mySystem.editor.vscodium.enable = mkEnableOption "Vscodium";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
# TODO add USER settings.json
|
||||
# Enable vscode & addons
|
||||
environment.systemPackages = with pkgs; [
|
||||
(vscode-with-extensions.override {
|
||||
vscode = vscodium;
|
||||
vscodeExtensions = with vscode-extensions;
|
||||
[
|
||||
bbenoist.nix
|
||||
mkhl.direnv
|
||||
|
||||
]
|
||||
++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
|
||||
{
|
||||
name = "prettier-vscode";
|
||||
publisher = "esbenp";
|
||||
version = "10.1.0";
|
||||
sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9";
|
||||
}
|
||||
|
||||
{
|
||||
name = "vscode-docker";
|
||||
publisher = "ms-azuretools";
|
||||
version = "1.28.0";
|
||||
sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0";
|
||||
}
|
||||
|
||||
{
|
||||
name = "gitlens";
|
||||
publisher = "eamodio";
|
||||
version = "14.7.0";
|
||||
sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy";
|
||||
}
|
||||
|
||||
{
|
||||
name = "remote-containers";
|
||||
publisher = "ms-vscode-remote";
|
||||
version = "0.327.0";
|
||||
sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz";
|
||||
}
|
||||
|
||||
{
|
||||
name = "remote-ssh";
|
||||
publisher = "ms-vscode-remote";
|
||||
version = "0.107.1";
|
||||
sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf";
|
||||
}
|
||||
|
||||
{
|
||||
name = "vscode-yaml";
|
||||
publisher = "redhat";
|
||||
version = "1.14.0";
|
||||
sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944";
|
||||
}
|
||||
|
||||
{
|
||||
name = "todo-tree";
|
||||
publisher = "gruntfuggly";
|
||||
version = "0.0.226";
|
||||
sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn";
|
||||
}
|
||||
|
||||
{
|
||||
name = "path-autocomplete";
|
||||
publisher = "ionutvmi";
|
||||
version = "1.25.0";
|
||||
sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb";
|
||||
}
|
||||
|
||||
{
|
||||
name = "even-better-toml";
|
||||
publisher = "tamasfe";
|
||||
version = "0.19.2";
|
||||
sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14";
|
||||
}
|
||||
|
||||
{
|
||||
name = "linter";
|
||||
publisher = "fnando";
|
||||
version = "0.0.19";
|
||||
sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g";
|
||||
}
|
||||
|
||||
{
|
||||
name = "catppuccin-vsc";
|
||||
publisher = "catppuccin";
|
||||
version = "3.11.0";
|
||||
sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d";
|
||||
}
|
||||
|
||||
{
|
||||
name = "catppuccin-vsc-icons";
|
||||
publisher = "catppuccin";
|
||||
version = "1.8.0";
|
||||
sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z";
|
||||
}
|
||||
|
||||
{
|
||||
name = "nix-ide";
|
||||
publisher = "jnoortheen";
|
||||
version = "0.2.2";
|
||||
sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg";
|
||||
}
|
||||
|
||||
{
|
||||
name = "vscode-swissknife";
|
||||
publisher = "luisfontes19";
|
||||
version = "1.8.1";
|
||||
sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c";
|
||||
}
|
||||
|
||||
{
|
||||
name = "pre-commit-helper";
|
||||
publisher = "elagil";
|
||||
version = "0.5.0";
|
||||
sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj";
|
||||
}
|
||||
|
||||
{
|
||||
name = "sops-edit";
|
||||
publisher = "shipitsmarter";
|
||||
version = "1.0.0";
|
||||
sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4";
|
||||
}
|
||||
|
||||
{
|
||||
name = "json5-for-vscode";
|
||||
publisher = "tudoudou";
|
||||
version = "0.0.3";
|
||||
sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w";
|
||||
}
|
||||
];
|
||||
})
|
||||
];
|
||||
|
||||
};
|
||||
|
||||
|
||||
}
|
|
@ -22,13 +22,13 @@ in
|
|||
|
||||
# TODO add notifications on IP change
|
||||
# init secret
|
||||
config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".sopsFile = ./cloudflare-dyndns.sops.yaml;
|
||||
sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".sopsFile = ./cloudflare-dyndns.sops.yaml;
|
||||
|
||||
# Restart when secret changes
|
||||
config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ];
|
||||
sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ];
|
||||
|
||||
# Cloudflare dynamic dns to keep my DNS records pointed at home
|
||||
config.services.cloudflare-dyndns = {
|
||||
services.cloudflare-dyndns = {
|
||||
enable = true;
|
||||
ipv6 = false;
|
||||
proxied = true;
|
||||
|
|
|
@ -3,5 +3,7 @@
|
|||
./monitoring.nix
|
||||
./reboot-required-check.nix
|
||||
./cloudflare-dyndns
|
||||
./maddy
|
||||
./dnscrypt-proxy2
|
||||
];
|
||||
}
|
||||
|
|
48
nixos/modules/nixos/services/dnscrypt-proxy2/default.nix
Normal file
48
nixos/modules/nixos/services/dnscrypt-proxy2/default.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{ lib
|
||||
, config
|
||||
, ...
|
||||
}:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.mySystem.services.dnscrypt-proxy;
|
||||
in
|
||||
{
|
||||
options.mySystem.services.dnscrypt-proxy.enable = mkEnableOption "Cloudflare ddns";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# Disable resolvd to ensure it doesnt re-write /etc/resolv.conf
|
||||
services.resolved.enable = false;
|
||||
|
||||
# Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt
|
||||
# causing a risk of no dns if service fails.
|
||||
networking = {
|
||||
nameservers = [ "10.8.10.1" ]; # TODO make varible IP
|
||||
|
||||
dhcpcd.extraConfig = "nohook resolv.conf";
|
||||
};
|
||||
|
||||
# configure secret for forwarding rules
|
||||
sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".sopsFile = ./dnscrypt-proxy2.sops.yaml;
|
||||
sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444"; # This is world-readable but theres nothing security related in the file
|
||||
|
||||
# Restart dnscrypt when secret changes
|
||||
sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = [ "dnscrypt-proxy2" ];
|
||||
|
||||
services.dnscrypt-proxy2 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
require_dnssec = true;
|
||||
forwarding_rules = config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path;
|
||||
listen_addresses = [ "0.0.0.0:53" ];
|
||||
server_names = [ "NextDNS" ];
|
||||
|
||||
static = {
|
||||
"NextDNS" = {
|
||||
stamp = "sdns://AgEAAAAAAAAAAAAOZG5zLm5leHRkbnMuaW8HL2Y2ZmUzNQ";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
30
nixos/modules/nixos/services/maddy/default.nix
Normal file
30
nixos/modules/nixos/services/maddy/default.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{ lib
|
||||
, config
|
||||
, ...
|
||||
}:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.mySystem.services.maddy;
|
||||
in
|
||||
{
|
||||
options.mySystem.services.maddy.enable = mkEnableOption "Maddy SMTP Client (Relay)";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
sops.secrets."system/mail/maddy/envFile" = {
|
||||
sopsFile = ./maddy.sops.yaml;
|
||||
owner = "maddy";
|
||||
group = "maddy";
|
||||
};
|
||||
|
||||
sops.secrets."system/mail/maddy/envFile".restartUnits = [ "maddy" ];
|
||||
|
||||
services.maddy = {
|
||||
enable = true;
|
||||
secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ];
|
||||
config = builtins.readFile ./maddy.conf;
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -3,16 +3,20 @@
|
|||
# Covers desktops/laptops, expected to have a GUI and do worloads
|
||||
# Will have home-manager installs
|
||||
|
||||
with lib;
|
||||
with config;
|
||||
{
|
||||
|
||||
config.boot = {
|
||||
mySystem.de.gnome.enable = true;
|
||||
mySystem.editor.vscodium.enable = true;
|
||||
mySystem.browser.firefox.enable = true;
|
||||
|
||||
boot = {
|
||||
|
||||
binfmt.emulatedSystems = [ "aarch64-linux" ]; # Enabled for raspi4 compilation
|
||||
plymouth.enable = true; # hide console with splash screen
|
||||
};
|
||||
|
||||
config.nix.settings = {
|
||||
nix.settings = {
|
||||
# TODO factor out into mySystem
|
||||
# Avoid disk full issues
|
||||
max-free = lib.mkDefault (1000 * 1000 * 1000);
|
||||
|
@ -20,7 +24,7 @@ with lib;
|
|||
};
|
||||
|
||||
# set xserver videodrivers if used
|
||||
config.services.xserver.enable = true;
|
||||
services.xserver.enable = true;
|
||||
|
||||
# Laptop so ill likely use wireles
|
||||
# very likely to be set by GUI packages but lets
|
||||
|
|
Reference in a new issue