diff --git a/README.md b/README.md index 77ff26c..86521b5 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,10 @@ -# Rouven's NixOS configuration files +# This Project moved to Sourcehut +https://git.sr.ht/~rouven/nixos-config + +------------- +## Rouven's NixOS configuration files + +![image](https://user-images.githubusercontent.com/72568063/213921069-670965f7-ad51-43ad-a211-63bb45a02648.png) ## Specs - **Operating System:** [NixOS](https://nixos.org) diff --git a/flake.lock b/flake.lock index 39f29dd..3c4b843 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1712759992, - "narHash": "sha256-2APpO3ZW4idlgtlb8hB04u/rmIcKA8O7pYqxF66xbNY=", + "lastModified": 1712016346, + "narHash": "sha256-O2nO7pD+krq+4HgkLB4VThRtAucIPfXDs/jJqCGlK1w=", "owner": "nix-community", "repo": "home-manager", - "rev": "31357486b0ef6f4e161e002b6893eeb4fafc3ca9", + "rev": "4be0464472675212654dedf3e021bd5f1d58b92f", "type": "github" }, "original": { @@ -200,17 +200,17 @@ ] }, "locked": { - "lastModified": 1712701678, - "narHash": "sha256-L/sr5Wi+ePvB2huYOxRUWR2D3BnCSAdl0RdbChRTrqs=", - "owner": "~rouven", - "repo": "trucksimulator-images", - "rev": "f8622b0a9f7541dee806113c005b69cd08e5a0bd", - "type": "sourcehut" + "lastModified": 1711658384, + "narHash": "sha256-CbIPdqcX4k7DfnRaicJy6IlaszWyDIxiQMAxB6OGGK4=", + "owner": "rouven0", + "repo": "TruckSimulatorBot-images", + "rev": "7f57bdee9a22d4b2bb46ed1eae5aba11dfe34976", + "type": "github" }, "original": { - "owner": "~rouven", - "repo": "trucksimulator-images", - "type": "sourcehut" + "owner": "rouven0", + "repo": "TruckSimulatorBot-images", + "type": "github" } }, "impermanence": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1712459390, - "narHash": "sha256-e12bNDottaGoBgd0AdH/bQvk854xunlWAdZwr/oHO1c=", + "lastModified": 1711854532, + "narHash": "sha256-JPStavwlT7TfxxiXHk6Q7sbNxtnXAIjXQJMLO0KB6M0=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "4676d72d872459e1e3a248d049609f110c570e9a", + "rev": "2844b5f3ad3b478468151bd101370b9d8ef8a3a7", "type": "github" }, "original": { @@ -296,11 +296,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1712608508, - "narHash": "sha256-vMZ5603yU0wxgyQeHJryOI+O61yrX2AHwY6LOFyV1gM=", + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "type": "github" }, "original": { @@ -347,17 +347,17 @@ ] }, "locked": { - "lastModified": 1712775079, - "narHash": "sha256-1j3haJ7/J1V3Lt4gyGgoDSxfFmf6x7A1zXl/QxZ+kSI=", - "owner": "~rouven", + "lastModified": 1709373109, + "narHash": "sha256-2f0am1RlTxz8UKNwftzNjJLhgShoW2I5SofA7FwC4Nw=", + "owner": "rouven0", "repo": "pfersel", - "rev": "4ef4893c290c5f83f1497d6e4c0d162759500ae7", - "type": "sourcehut" + "rev": "b4d086d43545f5d1735f863eb3aa1e81ca6272ba", + "type": "github" }, "original": { - "owner": "~rouven", + "owner": "rouven0", "repo": "pfersel", - "type": "sourcehut" + "type": "github" } }, "pre-commit-hooks-nix": { @@ -398,27 +398,27 @@ ] }, "locked": { - "lastModified": 1712775102, - "narHash": "sha256-kQF0HpU4Bis+Q1gE+OUJk1T3UJgDwTZc9rCDHRam9h4=", - "owner": "~rouven", + "lastModified": 1711961571, + "narHash": "sha256-kYcs9KKTbN0ACPYTmeAF+EIj62kGBiimffHmFgOeQJo=", + "owner": "rouven0", "repo": "purge", - "rev": "2959391aa4a1438b3f27669c6930feec58171eab", - "type": "sourcehut" + "rev": "6ce3c6cedb0f31885fc3775c96fb8cfca403bc93", + "type": "github" }, "original": { - "owner": "~rouven", + "owner": "rouven0", "repo": "purge", - "type": "sourcehut" + "type": "github" } }, "river": { "flake": false, "locked": { - "lastModified": 1712665127, - "narHash": "sha256-uACc9Cb1tSw3I0fMlEMX74NfU+Tg3It74tb+nc51AZ4=", + "lastModified": 1712003303, + "narHash": "sha256-RP8PxNti9MF4dIgfGCogiyyRW2+FfJu551jEGf2sbl0=", "ref": "refs/heads/master", - "rev": "14e941bae16b1ca478c32198c131c4297157f888", - "revCount": 1238, + "rev": "8b8ac27c4534f3989aa8c789bd282fa7f31597a8", + "revCount": 1226, "submodules": true, "type": "git", "url": "https://github.com/riverwm/river" @@ -507,17 +507,17 @@ ] }, "locked": { - "lastModified": 1712701713, - "narHash": "sha256-q++FP8VC5TTQrUa+0l2TQKmafZpDy1L3rzUynFaAn/4=", - "owner": "~rouven", - "repo": "trucksimulator", - "rev": "af43589e9a0ae0f868a4eff3c738201ed1041788", - "type": "sourcehut" + "lastModified": 1711961583, + "narHash": "sha256-ClezUJ0pH/DMU0u3e3t0qAgm+HQ9v6BmH1y5z8W6TZg=", + "owner": "rouven0", + "repo": "TruckSimulatorBot", + "rev": "eeffe63c4948769034a28cf0cd04885c754eba97", + "type": "github" }, "original": { - "owner": "~rouven", - "repo": "trucksimulator", - "type": "sourcehut" + "owner": "rouven0", + "repo": "TruckSimulatorBot", + "type": "github" } } }, diff --git a/flake.nix b/flake.nix index f605419..638246f 100644 --- a/flake.nix +++ b/flake.nix @@ -26,15 +26,15 @@ nix-colors.url = "github:Misterio77/nix-colors"; purge = { - url = "sourcehut:~rouven/purge"; + url = "github:rouven0/purge"; inputs.nixpkgs.follows = "nixpkgs"; }; trucksimulatorbot = { - url = "sourcehut:~rouven/trucksimulator"; + url = "github:rouven0/TruckSimulatorBot"; inputs.nixpkgs.follows = "nixpkgs"; }; pfersel = { - url = "sourcehut:~rouven/pfersel"; + url = "github:rouven0/pfersel"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix index b6ac08f..c94ca84 100644 --- a/hosts/falkenstein/modules/dns/default.nix +++ b/hosts/falkenstein/modules/dns/default.nix @@ -6,7 +6,7 @@ let $ORIGIN rfive.de. rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. ( - 2024040800 ; serial + 2024040103 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -35,7 +35,7 @@ let mail AAAA 2a01:4f8:c012:49de::1 @ TXT "v=spf1 mx ~all" - rspamd._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" + rspamd._domainkey TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" _dmarc TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" cache CNAME nuc.rfive.de. diff --git a/hosts/falkenstein/modules/networks/default.nix b/hosts/falkenstein/modules/networks/default.nix index 2efbd03..163bf41 100644 --- a/hosts/falkenstein/modules/networks/default.nix +++ b/hosts/falkenstein/modules/networks/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: { age.secrets = { "wireguard/dorm/private" = { @@ -11,12 +11,6 @@ }; }; - environment.systemPackages = with pkgs; [ - mtr - inetutils - dnsutils - wireguard-tools - ]; networking = { hostName = "falkenstein"; nftables.enable = true; @@ -24,7 +18,6 @@ useNetworkd = true; enableIPv6 = true; firewall = { - allowedUDPPorts = [ 51820 ]; extraInputRules = '' ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks" ''; @@ -38,6 +31,10 @@ "2620:fe::fe" "2620:fe::9" ]; + extraConfig = '' + [Resolve] + DNSStubListener=no + ''; }; systemd.network = { enable = true; @@ -89,9 +86,8 @@ matchConfig.Name = "wg0"; networkConfig = { Address = "192.168.43.4/32"; - DNS = "192.168.43.1"; - Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa"; - DNSSEC = false; + DNS = "192.168.42.1"; + DNSSEC = true; BindCarrier = [ "ens3" ]; }; }; diff --git a/hosts/nuc/modules/adguard/default.nix b/hosts/nuc/modules/adguard/default.nix index b368d88..c1c3af7 100644 --- a/hosts/nuc/modules/adguard/default.nix +++ b/hosts/nuc/modules/adguard/default.nix @@ -5,9 +5,6 @@ services.adguardhome = { enable = true; openFirewall = true; - settings = { - dns.bind_hosts = [ "192.168.42.2" ]; - http.address = "0.0.0.0:3000"; - }; + settings.bind_port = 3000; }; } diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix index 01fc538..7a1b8ba 100644 --- a/hosts/nuc/modules/networks/default.nix +++ b/hosts/nuc/modules/networks/default.nix @@ -14,12 +14,17 @@ }; services.resolved = { enable = true; + # dnssec = "allow-downgrade"; fallbackDns = [ "9.9.9.9" "149.112.112.112" "2620:fe::fe" "2620:fe::9" ]; + extraConfig = '' + [Resolve] + DNSStubListener=no + ''; }; systemd.network = { enable = true; @@ -33,7 +38,6 @@ DHCP = "yes"; LLDP = true; EmitLLDP = "nearest-bridge"; - DNSSEC = false; }; }; }; diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index d817b51..1b76984 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -90,6 +90,7 @@ documentation = { dev.enable = true; + man.generateCaches = true; }; environment.systemPackages = [ pkgs.man-pages ]; system.stateVersion = "22.11"; diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index c00bec5..e1630e5 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: +{ pkgs, config, ... }: { imports = [ ./uni.nix ]; @@ -26,7 +26,6 @@ curlFull wireguard-tools ]; - services.timesyncd.servers = lib.mkForce [ ]; services.resolved = { fallbackDns = [ "9.9.9.9" @@ -57,13 +56,11 @@ "@DORM_SSID@" = { psk = "@DORM_PSK@"; authProtocols = [ "SAE" ]; - extraConfig = "disabled=1"; }; "@DORM5_SSID@" = { priority = 5; psk = "@DORM_PSK@"; authProtocols = [ "SAE" ]; - extraConfig = "disabled=1"; }; "@PIXEL_SSID@" = { psk = "@PIXEL_PSK@"; @@ -137,6 +134,7 @@ }; + # some wireguard interfaces netdevs."30-wg0" = { netdevConfig = { Kind = "wireguard"; @@ -161,12 +159,13 @@ }; networks."30-wg0" = { matchConfig.Name = "wg0"; - linkConfig.RequiredForOnline = false; + linkConfig.RequiredForOnline = "carrier"; networkConfig = { Address = "192.168.43.3/32"; DNS = "192.168.43.1"; Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa"; DNSSEC = false; + BindCarrier = [ "wlp9s0" ]; }; }; }; diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix index d38155e..39b4dce 100644 --- a/hosts/thinkpad/modules/virtualisation/default.nix +++ b/hosts/thinkpad/modules/virtualisation/default.nix @@ -2,13 +2,8 @@ { virtualisation = { docker = { - rootless = { - enable = true; - setSocketVariable = true; - daemon.settings = { - iptables = false; - }; - }; + enable = true; + extraOptions = "--iptables=false"; }; libvirtd = { enable = true; @@ -23,7 +18,7 @@ spiceUSBRedirection.enable = true; }; # allow libvirts internal network stuff - networking.firewall.trustedInterfaces = [ "virbr0" ]; + networking.firewall.trustedInterfaces = [ "virbr0" "br0" "docker0" ]; programs.virt-manager.enable = true; environment.systemPackages = with pkgs; [ virt-viewer diff --git a/overlays/default.nix b/overlays/default.nix index 32a91de..10286f4 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -7,13 +7,6 @@ let inherit (prev) python3Packages; in { - - pcmanfm = prev.pcmanfm.overrideAttrs (_: { - # remove deskop preferences shortcut - postInstall = '' - rm $out/share/applications/pcmanfm-desktop-pref.desktop - ''; - }); pww = callPackage ../pkgs/pww { }; ianny = callPackage ../pkgs/ianny { }; @@ -47,17 +40,6 @@ in withHiredis = false; }; - zsh-fzf-tab = prev.zsh-fzf-tab.overrideAttrs (_: rec { - version = "1.1.1"; - src = fetchFromGitHub { - owner = "Aloxaf"; - repo = "fzf-tab"; - rev = "v${version}"; - sha256 = "sha256-0/YOL1/G2SWncbLNaclSYUz7VyfWu+OB8TYJYm4NYkM="; - }; - - }); - gnome-break-timer = callPackage ../pkgs/gnome-break-timer { }; jmri = callPackage ../pkgs/jmri { }; adguardian-term = callPackage ../pkgs/adguardian-term { }; diff --git a/pkgs/ssh3/client.nix b/pkgs/ssh3/client.nix index 3e80d6d..ccd6b32 100644 --- a/pkgs/ssh3/client.nix +++ b/pkgs/ssh3/client.nix @@ -1,18 +1,23 @@ { lib, buildGoModule, fetchFromGitHub, playerctl }: buildGoModule rec { pname = "ssh3"; - version = "0.1.7"; + version = "0.1.4"; src = fetchFromGitHub { owner = "francoismichel"; repo = "ssh3"; rev = "v${version}"; - hash = "sha256-ZtQAJwGvNlJWUoDa6bS3AEdM3zbNMPQGdaIhR+yIonw="; + hash = "sha256-0bd2hdvgapTGEGM7gdpVwxelN5BRbmdcgANbRHZ/nRw="; }; - subPackages = [ "cmd/ssh3" ]; + subPackages = [ "cli/client" ]; - vendorHash = "sha256-VUNvb7m1nnH+mXUsnIKyPKJEVSMXBAaS4ihi5DZeFiI="; + + + vendorHash = "sha256-ZtKxAKNyMnZ8v96GUUm4EukdIJD+ITDW9kHOez7nYmg="; + postInstall = '' + mv $out/bin/client $out/bin/ssh3 + ''; meta = with lib; { description = "Faster and rich secure shell using HTTP/3"; diff --git a/pkgs/ssh3/server.nix b/pkgs/ssh3/server.nix index 342beee..87cf0b2 100644 --- a/pkgs/ssh3/server.nix +++ b/pkgs/ssh3/server.nix @@ -1,20 +1,25 @@ { lib, buildGoModule, libxcrypt, fetchFromGitHub, playerctl }: buildGoModule rec { pname = "ssh3-server"; - version = "0.1.7"; + version = "0.1.4"; src = fetchFromGitHub { owner = "francoismichel"; repo = "ssh3"; rev = "v${version}"; - hash = "sha256-ZtQAJwGvNlJWUoDa6bS3AEdM3zbNMPQGdaIhR+yIonw="; + hash = "sha256-0bd2hdvgapTGEGM7gdpVwxelN5BRbmdcgANbRHZ/nRw="; }; - subPackages = [ "cmd/ssh3-server" ]; + subPackages = [ "cli/server" ]; buildInputs = [ libxcrypt ]; - vendorHash = "sha256-VUNvb7m1nnH+mXUsnIKyPKJEVSMXBAaS4ihi5DZeFiI="; + + + vendorHash = "sha256-ZtKxAKNyMnZ8v96GUUm4EukdIJD+ITDW9kHOez7nYmg="; + postInstall = '' + mv $out/bin/server $out/bin/ssh3-server + ''; meta = with lib; { description = "Faster and rich secure shell using HTTP/3"; diff --git a/shared/zsh.nix b/shared/zsh.nix index 3e6c9e3..a406cad 100644 --- a/shared/zsh.nix +++ b/shared/zsh.nix @@ -3,6 +3,7 @@ programs.command-not-found.enable = false; programs.nix-index-database.comma.enable = true; environment.systemPackages = with pkgs; [ + # fzf bat eza duf @@ -11,7 +12,9 @@ iperf ]; users.defaultUserShell = pkgs.zsh; - programs.fzf.enable = true; + programs.fzf = { + keybindings = true; + }; programs.zsh = { enable = true; shellAliases = { @@ -49,7 +52,7 @@ function svpn() { - unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}') + unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | fzf --preview 'systemctl status {}') if [ $(systemctl is-active $unit) = "inactive" ]; then systemctl start $unit else @@ -85,10 +88,10 @@ ''; promptInit = '' - # if [[ "$(hostname)" == "thinkpad" ]] - # then - # cat ${../images/cat.sixel} - # fi + if [[ "$(hostname)" == "thinkpad" ]] + then + cat ${../images/cat.sixel} + fi eval "$(${pkgs.mcfly}/bin/mcfly init zsh)" eval "$(${pkgs.zoxide}/bin/zoxide init zsh)" ''; diff --git a/users/rouven/default.nix b/users/rouven/default.nix index 5b89c9e..4a1eeef 100644 --- a/users/rouven/default.nix +++ b/users/rouven/default.nix @@ -5,16 +5,7 @@ users.users.rouven = { description = "Rouven Seifert"; isNormalUser = true; - extraGroups = [ - "wheel" - "video" - "dialout" - "libvirtd" - "tss" - "input" - "wireshark" - "etherape" - ]; + extraGroups = [ "wheel" "video" "dialout" "libvirtd" "tss" "input" "wireshark" "etherape" "docker" ]; initialHashedPassword = "$6$X3XERQv28Nt1UUT5$MjdMBDuXyEwexkuKqmNFweez69q4enY5cjMXSbBxOc6Bq7Fhhp7OqmCm02k3OGjoZFXzPV9ZHuMSGKZOtwYIk1"; }; home-manager.useUserPackages = true; diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix index 0c68222..2c1dafa 100644 --- a/users/rouven/modules/helix/default.nix +++ b/users/rouven/modules/helix/default.nix @@ -10,7 +10,7 @@ (python3.withPackages (ps: with ps; [ pyls-isort pylsp-mypy - # python-lsp-black + python-lsp-black python-lsp-server # pylsp optional dependencies diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 19307c7..9ee8804 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -45,7 +45,6 @@ mosh typst typst-preview - hut # programming languages cargo @@ -56,7 +55,6 @@ nodejs_20 gnumake go - pre-commit # fancy tools just diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix index 94c8371..284d555 100644 --- a/users/rouven/modules/ssh/default.nix +++ b/users/rouven/modules/ssh/default.nix @@ -21,10 +21,6 @@ in match = "Host github.com User git"; identityFile = git; }; - "git@git.sr.ht" = { - match = "Host git.sr.ht User git"; - identityFile = git; - }; # iFSR "fsr" = { hostname = "ifsr.de";