diff --git a/README.md b/README.md index 8fd9750..77ff26c 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,5 @@ # Rouven's NixOS configuration files -![image](https://user-images.githubusercontent.com/72568063/213921069-670965f7-ad51-43ad-a211-63bb45a02648.png) - ## Specs - **Operating System:** [NixOS](https://nixos.org) - **Window Manager:** [River](https://github.com/riverwm/river) diff --git a/flake.lock b/flake.lock index 3c4b843..39f29dd 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1712016346, - "narHash": "sha256-O2nO7pD+krq+4HgkLB4VThRtAucIPfXDs/jJqCGlK1w=", + "lastModified": 1712759992, + "narHash": "sha256-2APpO3ZW4idlgtlb8hB04u/rmIcKA8O7pYqxF66xbNY=", "owner": "nix-community", "repo": "home-manager", - "rev": "4be0464472675212654dedf3e021bd5f1d58b92f", + "rev": "31357486b0ef6f4e161e002b6893eeb4fafc3ca9", "type": "github" }, "original": { @@ -200,17 +200,17 @@ ] }, "locked": { - "lastModified": 1711658384, - "narHash": "sha256-CbIPdqcX4k7DfnRaicJy6IlaszWyDIxiQMAxB6OGGK4=", - "owner": "rouven0", - "repo": "TruckSimulatorBot-images", - "rev": "7f57bdee9a22d4b2bb46ed1eae5aba11dfe34976", - "type": "github" + "lastModified": 1712701678, + "narHash": "sha256-L/sr5Wi+ePvB2huYOxRUWR2D3BnCSAdl0RdbChRTrqs=", + "owner": "~rouven", + "repo": "trucksimulator-images", + "rev": "f8622b0a9f7541dee806113c005b69cd08e5a0bd", + "type": "sourcehut" }, "original": { - "owner": "rouven0", - "repo": "TruckSimulatorBot-images", - "type": "github" + "owner": "~rouven", + "repo": "trucksimulator-images", + "type": "sourcehut" } }, "impermanence": { @@ -281,11 +281,11 @@ ] }, "locked": { - "lastModified": 1711854532, - "narHash": "sha256-JPStavwlT7TfxxiXHk6Q7sbNxtnXAIjXQJMLO0KB6M0=", + "lastModified": 1712459390, + "narHash": "sha256-e12bNDottaGoBgd0AdH/bQvk854xunlWAdZwr/oHO1c=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "2844b5f3ad3b478468151bd101370b9d8ef8a3a7", + "rev": "4676d72d872459e1e3a248d049609f110c570e9a", "type": "github" }, "original": { @@ -296,11 +296,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1711703276, - "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", + "lastModified": 1712608508, + "narHash": "sha256-vMZ5603yU0wxgyQeHJryOI+O61yrX2AHwY6LOFyV1gM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", + "rev": "4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6", "type": "github" }, "original": { @@ -347,17 +347,17 @@ ] }, "locked": { - "lastModified": 1709373109, - "narHash": "sha256-2f0am1RlTxz8UKNwftzNjJLhgShoW2I5SofA7FwC4Nw=", - "owner": "rouven0", + "lastModified": 1712775079, + "narHash": "sha256-1j3haJ7/J1V3Lt4gyGgoDSxfFmf6x7A1zXl/QxZ+kSI=", + "owner": "~rouven", "repo": "pfersel", - "rev": "b4d086d43545f5d1735f863eb3aa1e81ca6272ba", - "type": "github" + "rev": "4ef4893c290c5f83f1497d6e4c0d162759500ae7", + "type": "sourcehut" }, "original": { - "owner": "rouven0", + "owner": "~rouven", "repo": "pfersel", - "type": "github" + "type": "sourcehut" } }, "pre-commit-hooks-nix": { @@ -398,27 +398,27 @@ ] }, "locked": { - "lastModified": 1711961571, - "narHash": "sha256-kYcs9KKTbN0ACPYTmeAF+EIj62kGBiimffHmFgOeQJo=", - "owner": "rouven0", + "lastModified": 1712775102, + "narHash": "sha256-kQF0HpU4Bis+Q1gE+OUJk1T3UJgDwTZc9rCDHRam9h4=", + "owner": "~rouven", "repo": "purge", - "rev": "6ce3c6cedb0f31885fc3775c96fb8cfca403bc93", - "type": "github" + "rev": "2959391aa4a1438b3f27669c6930feec58171eab", + "type": "sourcehut" }, "original": { - "owner": "rouven0", + "owner": "~rouven", "repo": "purge", - "type": "github" + "type": "sourcehut" } }, "river": { "flake": false, "locked": { - "lastModified": 1712003303, - "narHash": "sha256-RP8PxNti9MF4dIgfGCogiyyRW2+FfJu551jEGf2sbl0=", + "lastModified": 1712665127, + "narHash": "sha256-uACc9Cb1tSw3I0fMlEMX74NfU+Tg3It74tb+nc51AZ4=", "ref": "refs/heads/master", - "rev": "8b8ac27c4534f3989aa8c789bd282fa7f31597a8", - "revCount": 1226, + "rev": "14e941bae16b1ca478c32198c131c4297157f888", + "revCount": 1238, "submodules": true, "type": "git", "url": "https://github.com/riverwm/river" @@ -507,17 +507,17 @@ ] }, "locked": { - "lastModified": 1711961583, - "narHash": "sha256-ClezUJ0pH/DMU0u3e3t0qAgm+HQ9v6BmH1y5z8W6TZg=", - "owner": "rouven0", - "repo": "TruckSimulatorBot", - "rev": "eeffe63c4948769034a28cf0cd04885c754eba97", - "type": "github" + "lastModified": 1712701713, + "narHash": "sha256-q++FP8VC5TTQrUa+0l2TQKmafZpDy1L3rzUynFaAn/4=", + "owner": "~rouven", + "repo": "trucksimulator", + "rev": "af43589e9a0ae0f868a4eff3c738201ed1041788", + "type": "sourcehut" }, "original": { - "owner": "rouven0", - "repo": "TruckSimulatorBot", - "type": "github" + "owner": "~rouven", + "repo": "trucksimulator", + "type": "sourcehut" } } }, diff --git a/flake.nix b/flake.nix index 638246f..f605419 100644 --- a/flake.nix +++ b/flake.nix @@ -26,15 +26,15 @@ nix-colors.url = "github:Misterio77/nix-colors"; purge = { - url = "github:rouven0/purge"; + url = "sourcehut:~rouven/purge"; inputs.nixpkgs.follows = "nixpkgs"; }; trucksimulatorbot = { - url = "github:rouven0/TruckSimulatorBot"; + url = "sourcehut:~rouven/trucksimulator"; inputs.nixpkgs.follows = "nixpkgs"; }; pfersel = { - url = "github:rouven0/pfersel"; + url = "sourcehut:~rouven/pfersel"; inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/hosts/falkenstein/modules/dns/default.nix b/hosts/falkenstein/modules/dns/default.nix index c94ca84..b6ac08f 100644 --- a/hosts/falkenstein/modules/dns/default.nix +++ b/hosts/falkenstein/modules/dns/default.nix @@ -6,7 +6,7 @@ let $ORIGIN rfive.de. rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. ( - 2024040103 ; serial + 2024040800 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -35,7 +35,7 @@ let mail AAAA 2a01:4f8:c012:49de::1 @ TXT "v=spf1 mx ~all" - rspamd._domainkey TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" + rspamd._domainkey TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoirUMubro4nlmY6a8JMwK9QB2agAXiJzexDU/7ba6KCggONfoSTfUHlrM/XeM1GG/9oKpngApxDPP97adJuxc8/EELyo4HjTyYD8GBFZhg0AN7V8IPaJ1o5k6dGDk8ZLh41ZCnlAVWkhVSKs5pYtzkrlJIfUSzyuoe8nuFsVe3QIDAQAB" _dmarc TXT "v=DMARC1; p=none; adkim=s; fo=1; rua=mailto:dmarc@rfive.de; ruf=mailto:dmarc@rfive.de" cache CNAME nuc.rfive.de. diff --git a/hosts/falkenstein/modules/networks/default.nix b/hosts/falkenstein/modules/networks/default.nix index 163bf41..2efbd03 100644 --- a/hosts/falkenstein/modules/networks/default.nix +++ b/hosts/falkenstein/modules/networks/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: { age.secrets = { "wireguard/dorm/private" = { @@ -11,6 +11,12 @@ }; }; + environment.systemPackages = with pkgs; [ + mtr + inetutils + dnsutils + wireguard-tools + ]; networking = { hostName = "falkenstein"; nftables.enable = true; @@ -18,6 +24,7 @@ useNetworkd = true; enableIPv6 = true; firewall = { + allowedUDPPorts = [ 51820 ]; extraInputRules = '' ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks" ''; @@ -31,10 +38,6 @@ "2620:fe::fe" "2620:fe::9" ]; - extraConfig = '' - [Resolve] - DNSStubListener=no - ''; }; systemd.network = { enable = true; @@ -86,8 +89,9 @@ matchConfig.Name = "wg0"; networkConfig = { Address = "192.168.43.4/32"; - DNS = "192.168.42.1"; - DNSSEC = true; + DNS = "192.168.43.1"; + Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa"; + DNSSEC = false; BindCarrier = [ "ens3" ]; }; }; diff --git a/hosts/nuc/modules/adguard/default.nix b/hosts/nuc/modules/adguard/default.nix index c1c3af7..b368d88 100644 --- a/hosts/nuc/modules/adguard/default.nix +++ b/hosts/nuc/modules/adguard/default.nix @@ -5,6 +5,9 @@ services.adguardhome = { enable = true; openFirewall = true; - settings.bind_port = 3000; + settings = { + dns.bind_hosts = [ "192.168.42.2" ]; + http.address = "0.0.0.0:3000"; + }; }; } diff --git a/hosts/nuc/modules/networks/default.nix b/hosts/nuc/modules/networks/default.nix index 7a1b8ba..01fc538 100644 --- a/hosts/nuc/modules/networks/default.nix +++ b/hosts/nuc/modules/networks/default.nix @@ -14,17 +14,12 @@ }; services.resolved = { enable = true; - # dnssec = "allow-downgrade"; fallbackDns = [ "9.9.9.9" "149.112.112.112" "2620:fe::fe" "2620:fe::9" ]; - extraConfig = '' - [Resolve] - DNSStubListener=no - ''; }; systemd.network = { enable = true; @@ -38,6 +33,7 @@ DHCP = "yes"; LLDP = true; EmitLLDP = "nearest-bridge"; + DNSSEC = false; }; }; }; diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 1b76984..d817b51 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -90,7 +90,6 @@ documentation = { dev.enable = true; - man.generateCaches = true; }; environment.systemPackages = [ pkgs.man-pages ]; system.stateVersion = "22.11"; diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index e1630e5..c00bec5 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: +{ pkgs, config, lib, ... }: { imports = [ ./uni.nix ]; @@ -26,6 +26,7 @@ curlFull wireguard-tools ]; + services.timesyncd.servers = lib.mkForce [ ]; services.resolved = { fallbackDns = [ "9.9.9.9" @@ -56,11 +57,13 @@ "@DORM_SSID@" = { psk = "@DORM_PSK@"; authProtocols = [ "SAE" ]; + extraConfig = "disabled=1"; }; "@DORM5_SSID@" = { priority = 5; psk = "@DORM_PSK@"; authProtocols = [ "SAE" ]; + extraConfig = "disabled=1"; }; "@PIXEL_SSID@" = { psk = "@PIXEL_PSK@"; @@ -134,7 +137,6 @@ }; - # some wireguard interfaces netdevs."30-wg0" = { netdevConfig = { Kind = "wireguard"; @@ -159,13 +161,12 @@ }; networks."30-wg0" = { matchConfig.Name = "wg0"; - linkConfig.RequiredForOnline = "carrier"; + linkConfig.RequiredForOnline = false; networkConfig = { Address = "192.168.43.3/32"; DNS = "192.168.43.1"; Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa"; DNSSEC = false; - BindCarrier = [ "wlp9s0" ]; }; }; }; diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix index 39b4dce..d38155e 100644 --- a/hosts/thinkpad/modules/virtualisation/default.nix +++ b/hosts/thinkpad/modules/virtualisation/default.nix @@ -2,8 +2,13 @@ { virtualisation = { docker = { - enable = true; - extraOptions = "--iptables=false"; + rootless = { + enable = true; + setSocketVariable = true; + daemon.settings = { + iptables = false; + }; + }; }; libvirtd = { enable = true; @@ -18,7 +23,7 @@ spiceUSBRedirection.enable = true; }; # allow libvirts internal network stuff - networking.firewall.trustedInterfaces = [ "virbr0" "br0" "docker0" ]; + networking.firewall.trustedInterfaces = [ "virbr0" ]; programs.virt-manager.enable = true; environment.systemPackages = with pkgs; [ virt-viewer diff --git a/overlays/default.nix b/overlays/default.nix index 10286f4..32a91de 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -7,6 +7,13 @@ let inherit (prev) python3Packages; in { + + pcmanfm = prev.pcmanfm.overrideAttrs (_: { + # remove deskop preferences shortcut + postInstall = '' + rm $out/share/applications/pcmanfm-desktop-pref.desktop + ''; + }); pww = callPackage ../pkgs/pww { }; ianny = callPackage ../pkgs/ianny { }; @@ -40,6 +47,17 @@ in withHiredis = false; }; + zsh-fzf-tab = prev.zsh-fzf-tab.overrideAttrs (_: rec { + version = "1.1.1"; + src = fetchFromGitHub { + owner = "Aloxaf"; + repo = "fzf-tab"; + rev = "v${version}"; + sha256 = "sha256-0/YOL1/G2SWncbLNaclSYUz7VyfWu+OB8TYJYm4NYkM="; + }; + + }); + gnome-break-timer = callPackage ../pkgs/gnome-break-timer { }; jmri = callPackage ../pkgs/jmri { }; adguardian-term = callPackage ../pkgs/adguardian-term { }; diff --git a/pkgs/ssh3/client.nix b/pkgs/ssh3/client.nix index ccd6b32..3e80d6d 100644 --- a/pkgs/ssh3/client.nix +++ b/pkgs/ssh3/client.nix @@ -1,23 +1,18 @@ { lib, buildGoModule, fetchFromGitHub, playerctl }: buildGoModule rec { pname = "ssh3"; - version = "0.1.4"; + version = "0.1.7"; src = fetchFromGitHub { owner = "francoismichel"; repo = "ssh3"; rev = "v${version}"; - hash = "sha256-0bd2hdvgapTGEGM7gdpVwxelN5BRbmdcgANbRHZ/nRw="; + hash = "sha256-ZtQAJwGvNlJWUoDa6bS3AEdM3zbNMPQGdaIhR+yIonw="; }; - subPackages = [ "cli/client" ]; + subPackages = [ "cmd/ssh3" ]; - - - vendorHash = "sha256-ZtKxAKNyMnZ8v96GUUm4EukdIJD+ITDW9kHOez7nYmg="; - postInstall = '' - mv $out/bin/client $out/bin/ssh3 - ''; + vendorHash = "sha256-VUNvb7m1nnH+mXUsnIKyPKJEVSMXBAaS4ihi5DZeFiI="; meta = with lib; { description = "Faster and rich secure shell using HTTP/3"; diff --git a/pkgs/ssh3/server.nix b/pkgs/ssh3/server.nix index 87cf0b2..342beee 100644 --- a/pkgs/ssh3/server.nix +++ b/pkgs/ssh3/server.nix @@ -1,25 +1,20 @@ { lib, buildGoModule, libxcrypt, fetchFromGitHub, playerctl }: buildGoModule rec { pname = "ssh3-server"; - version = "0.1.4"; + version = "0.1.7"; src = fetchFromGitHub { owner = "francoismichel"; repo = "ssh3"; rev = "v${version}"; - hash = "sha256-0bd2hdvgapTGEGM7gdpVwxelN5BRbmdcgANbRHZ/nRw="; + hash = "sha256-ZtQAJwGvNlJWUoDa6bS3AEdM3zbNMPQGdaIhR+yIonw="; }; - subPackages = [ "cli/server" ]; + subPackages = [ "cmd/ssh3-server" ]; buildInputs = [ libxcrypt ]; - - - vendorHash = "sha256-ZtKxAKNyMnZ8v96GUUm4EukdIJD+ITDW9kHOez7nYmg="; - postInstall = '' - mv $out/bin/server $out/bin/ssh3-server - ''; + vendorHash = "sha256-VUNvb7m1nnH+mXUsnIKyPKJEVSMXBAaS4ihi5DZeFiI="; meta = with lib; { description = "Faster and rich secure shell using HTTP/3"; diff --git a/shared/zsh.nix b/shared/zsh.nix index a406cad..3e6c9e3 100644 --- a/shared/zsh.nix +++ b/shared/zsh.nix @@ -3,7 +3,6 @@ programs.command-not-found.enable = false; programs.nix-index-database.comma.enable = true; environment.systemPackages = with pkgs; [ - # fzf bat eza duf @@ -12,9 +11,7 @@ iperf ]; users.defaultUserShell = pkgs.zsh; - programs.fzf = { - keybindings = true; - }; + programs.fzf.enable = true; programs.zsh = { enable = true; shellAliases = { @@ -52,7 +49,7 @@ function svpn() { - unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | fzf --preview 'systemctl status {}') + unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}') if [ $(systemctl is-active $unit) = "inactive" ]; then systemctl start $unit else @@ -88,10 +85,10 @@ ''; promptInit = '' - if [[ "$(hostname)" == "thinkpad" ]] - then - cat ${../images/cat.sixel} - fi + # if [[ "$(hostname)" == "thinkpad" ]] + # then + # cat ${../images/cat.sixel} + # fi eval "$(${pkgs.mcfly}/bin/mcfly init zsh)" eval "$(${pkgs.zoxide}/bin/zoxide init zsh)" ''; diff --git a/users/rouven/default.nix b/users/rouven/default.nix index 4a1eeef..5b89c9e 100644 --- a/users/rouven/default.nix +++ b/users/rouven/default.nix @@ -5,7 +5,16 @@ users.users.rouven = { description = "Rouven Seifert"; isNormalUser = true; - extraGroups = [ "wheel" "video" "dialout" "libvirtd" "tss" "input" "wireshark" "etherape" "docker" ]; + extraGroups = [ + "wheel" + "video" + "dialout" + "libvirtd" + "tss" + "input" + "wireshark" + "etherape" + ]; initialHashedPassword = "$6$X3XERQv28Nt1UUT5$MjdMBDuXyEwexkuKqmNFweez69q4enY5cjMXSbBxOc6Bq7Fhhp7OqmCm02k3OGjoZFXzPV9ZHuMSGKZOtwYIk1"; }; home-manager.useUserPackages = true; diff --git a/users/rouven/modules/helix/default.nix b/users/rouven/modules/helix/default.nix index 2c1dafa..0c68222 100644 --- a/users/rouven/modules/helix/default.nix +++ b/users/rouven/modules/helix/default.nix @@ -10,7 +10,7 @@ (python3.withPackages (ps: with ps; [ pyls-isort pylsp-mypy - python-lsp-black + # python-lsp-black python-lsp-server # pylsp optional dependencies diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index 9ee8804..19307c7 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -45,6 +45,7 @@ mosh typst typst-preview + hut # programming languages cargo @@ -55,6 +56,7 @@ nodejs_20 gnumake go + pre-commit # fancy tools just diff --git a/users/rouven/modules/ssh/default.nix b/users/rouven/modules/ssh/default.nix index 284d555..94c8371 100644 --- a/users/rouven/modules/ssh/default.nix +++ b/users/rouven/modules/ssh/default.nix @@ -21,6 +21,10 @@ in match = "Host github.com User git"; identityFile = git; }; + "git@git.sr.ht" = { + match = "Host git.sr.ht User git"; + identityFile = git; + }; # iFSR "fsr" = { hostname = "ifsr.de";