Compare commits

...

13 commits

18 changed files with 128 additions and 102 deletions

View file

@ -1,7 +1,5 @@
# Rouven's NixOS configuration files # Rouven's NixOS configuration files
![image](https://user-images.githubusercontent.com/72568063/213921069-670965f7-ad51-43ad-a211-63bb45a02648.png)
## Specs ## Specs
- **Operating System:** [NixOS](https://nixos.org) - **Operating System:** [NixOS](https://nixos.org)
- **Window Manager:** [River](https://github.com/riverwm/river) - **Window Manager:** [River](https://github.com/riverwm/river)

View file

@ -180,11 +180,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1712016346, "lastModified": 1712759992,
"narHash": "sha256-O2nO7pD+krq+4HgkLB4VThRtAucIPfXDs/jJqCGlK1w=", "narHash": "sha256-2APpO3ZW4idlgtlb8hB04u/rmIcKA8O7pYqxF66xbNY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "4be0464472675212654dedf3e021bd5f1d58b92f", "rev": "31357486b0ef6f4e161e002b6893eeb4fafc3ca9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -200,17 +200,17 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711658384, "lastModified": 1712701678,
"narHash": "sha256-CbIPdqcX4k7DfnRaicJy6IlaszWyDIxiQMAxB6OGGK4=", "narHash": "sha256-L/sr5Wi+ePvB2huYOxRUWR2D3BnCSAdl0RdbChRTrqs=",
"owner": "rouven0", "owner": "~rouven",
"repo": "TruckSimulatorBot-images", "repo": "trucksimulator-images",
"rev": "7f57bdee9a22d4b2bb46ed1eae5aba11dfe34976", "rev": "f8622b0a9f7541dee806113c005b69cd08e5a0bd",
"type": "github" "type": "sourcehut"
}, },
"original": { "original": {
"owner": "rouven0", "owner": "~rouven",
"repo": "TruckSimulatorBot-images", "repo": "trucksimulator-images",
"type": "github" "type": "sourcehut"
} }
}, },
"impermanence": { "impermanence": {
@ -281,11 +281,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711854532, "lastModified": 1712459390,
"narHash": "sha256-JPStavwlT7TfxxiXHk6Q7sbNxtnXAIjXQJMLO0KB6M0=", "narHash": "sha256-e12bNDottaGoBgd0AdH/bQvk854xunlWAdZwr/oHO1c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "2844b5f3ad3b478468151bd101370b9d8ef8a3a7", "rev": "4676d72d872459e1e3a248d049609f110c570e9a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -296,11 +296,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1711703276, "lastModified": 1712608508,
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", "narHash": "sha256-vMZ5603yU0wxgyQeHJryOI+O61yrX2AHwY6LOFyV1gM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", "rev": "4cba8b53da471aea2ab2b0c1f30a81e7c451f4b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -347,17 +347,17 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709373109, "lastModified": 1712775079,
"narHash": "sha256-2f0am1RlTxz8UKNwftzNjJLhgShoW2I5SofA7FwC4Nw=", "narHash": "sha256-1j3haJ7/J1V3Lt4gyGgoDSxfFmf6x7A1zXl/QxZ+kSI=",
"owner": "rouven0", "owner": "~rouven",
"repo": "pfersel", "repo": "pfersel",
"rev": "b4d086d43545f5d1735f863eb3aa1e81ca6272ba", "rev": "4ef4893c290c5f83f1497d6e4c0d162759500ae7",
"type": "github" "type": "sourcehut"
}, },
"original": { "original": {
"owner": "rouven0", "owner": "~rouven",
"repo": "pfersel", "repo": "pfersel",
"type": "github" "type": "sourcehut"
} }
}, },
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
@ -398,27 +398,27 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711961571, "lastModified": 1712775102,
"narHash": "sha256-kYcs9KKTbN0ACPYTmeAF+EIj62kGBiimffHmFgOeQJo=", "narHash": "sha256-kQF0HpU4Bis+Q1gE+OUJk1T3UJgDwTZc9rCDHRam9h4=",
"owner": "rouven0", "owner": "~rouven",
"repo": "purge", "repo": "purge",
"rev": "6ce3c6cedb0f31885fc3775c96fb8cfca403bc93", "rev": "2959391aa4a1438b3f27669c6930feec58171eab",
"type": "github" "type": "sourcehut"
}, },
"original": { "original": {
"owner": "rouven0", "owner": "~rouven",
"repo": "purge", "repo": "purge",
"type": "github" "type": "sourcehut"
} }
}, },
"river": { "river": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1712003303, "lastModified": 1712665127,
"narHash": "sha256-RP8PxNti9MF4dIgfGCogiyyRW2+FfJu551jEGf2sbl0=", "narHash": "sha256-uACc9Cb1tSw3I0fMlEMX74NfU+Tg3It74tb+nc51AZ4=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "8b8ac27c4534f3989aa8c789bd282fa7f31597a8", "rev": "14e941bae16b1ca478c32198c131c4297157f888",
"revCount": 1226, "revCount": 1238,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/riverwm/river" "url": "https://github.com/riverwm/river"
@ -507,17 +507,17 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711961583, "lastModified": 1712701713,
"narHash": "sha256-ClezUJ0pH/DMU0u3e3t0qAgm+HQ9v6BmH1y5z8W6TZg=", "narHash": "sha256-q++FP8VC5TTQrUa+0l2TQKmafZpDy1L3rzUynFaAn/4=",
"owner": "rouven0", "owner": "~rouven",
"repo": "TruckSimulatorBot", "repo": "trucksimulator",
"rev": "eeffe63c4948769034a28cf0cd04885c754eba97", "rev": "af43589e9a0ae0f868a4eff3c738201ed1041788",
"type": "github" "type": "sourcehut"
}, },
"original": { "original": {
"owner": "rouven0", "owner": "~rouven",
"repo": "TruckSimulatorBot", "repo": "trucksimulator",
"type": "github" "type": "sourcehut"
} }
} }
}, },

View file

@ -26,15 +26,15 @@
nix-colors.url = "github:Misterio77/nix-colors"; nix-colors.url = "github:Misterio77/nix-colors";
purge = { purge = {
url = "github:rouven0/purge"; url = "sourcehut:~rouven/purge";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
trucksimulatorbot = { trucksimulatorbot = {
url = "github:rouven0/TruckSimulatorBot"; url = "sourcehut:~rouven/trucksimulator";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
pfersel = { pfersel = {
url = "github:rouven0/pfersel"; url = "sourcehut:~rouven/pfersel";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };

View file

@ -6,7 +6,7 @@ let
$ORIGIN rfive.de. $ORIGIN rfive.de.
rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. ( rfive.de. 86400 IN SOA ns.rfive.de. hostmaster.rfive.de. (
2024040103 ; serial 2024040800 ; serial
10800 ; refresh 10800 ; refresh
3600 ; retry 3600 ; retry
604800 ; expire 604800 ; expire

View file

@ -1,4 +1,4 @@
{ config, ... }: { config, pkgs, ... }:
{ {
age.secrets = { age.secrets = {
"wireguard/dorm/private" = { "wireguard/dorm/private" = {
@ -11,6 +11,12 @@
}; };
}; };
environment.systemPackages = with pkgs; [
mtr
inetutils
dnsutils
wireguard-tools
];
networking = { networking = {
hostName = "falkenstein"; hostName = "falkenstein";
nftables.enable = true; nftables.enable = true;
@ -18,6 +24,7 @@
useNetworkd = true; useNetworkd = true;
enableIPv6 = true; enableIPv6 = true;
firewall = { firewall = {
allowedUDPPorts = [ 51820 ];
extraInputRules = '' extraInputRules = ''
ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks" ip saddr 192.168.0.0/16 tcp dport 19531 accept comment "Allow journald gateway access from local networks"
''; '';
@ -31,10 +38,6 @@
"2620:fe::fe" "2620:fe::fe"
"2620:fe::9" "2620:fe::9"
]; ];
extraConfig = ''
[Resolve]
DNSStubListener=no
'';
}; };
systemd.network = { systemd.network = {
enable = true; enable = true;
@ -86,8 +89,9 @@
matchConfig.Name = "wg0"; matchConfig.Name = "wg0";
networkConfig = { networkConfig = {
Address = "192.168.43.4/32"; Address = "192.168.43.4/32";
DNS = "192.168.42.1"; DNS = "192.168.43.1";
DNSSEC = true; Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa";
DNSSEC = false;
BindCarrier = [ "ens3" ]; BindCarrier = [ "ens3" ];
}; };
}; };

View file

@ -5,6 +5,9 @@
services.adguardhome = { services.adguardhome = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
settings.bind_port = 3000; settings = {
dns.bind_hosts = [ "192.168.42.2" ];
http.address = "0.0.0.0:3000";
};
}; };
} }

View file

@ -14,17 +14,12 @@
}; };
services.resolved = { services.resolved = {
enable = true; enable = true;
# dnssec = "allow-downgrade";
fallbackDns = [ fallbackDns = [
"9.9.9.9" "9.9.9.9"
"149.112.112.112" "149.112.112.112"
"2620:fe::fe" "2620:fe::fe"
"2620:fe::9" "2620:fe::9"
]; ];
extraConfig = ''
[Resolve]
DNSStubListener=no
'';
}; };
systemd.network = { systemd.network = {
enable = true; enable = true;
@ -38,6 +33,7 @@
DHCP = "yes"; DHCP = "yes";
LLDP = true; LLDP = true;
EmitLLDP = "nearest-bridge"; EmitLLDP = "nearest-bridge";
DNSSEC = false;
}; };
}; };
}; };

View file

@ -90,7 +90,6 @@
documentation = { documentation = {
dev.enable = true; dev.enable = true;
man.generateCaches = true;
}; };
environment.systemPackages = [ pkgs.man-pages ]; environment.systemPackages = [ pkgs.man-pages ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";

View file

@ -1,4 +1,4 @@
{ pkgs, config, ... }: { pkgs, config, lib, ... }:
{ {
imports = [ ./uni.nix ]; imports = [ ./uni.nix ];
@ -26,6 +26,7 @@
curlFull curlFull
wireguard-tools wireguard-tools
]; ];
services.timesyncd.servers = lib.mkForce [ ];
services.resolved = { services.resolved = {
fallbackDns = [ fallbackDns = [
"9.9.9.9" "9.9.9.9"
@ -56,11 +57,13 @@
"@DORM_SSID@" = { "@DORM_SSID@" = {
psk = "@DORM_PSK@"; psk = "@DORM_PSK@";
authProtocols = [ "SAE" ]; authProtocols = [ "SAE" ];
extraConfig = "disabled=1";
}; };
"@DORM5_SSID@" = { "@DORM5_SSID@" = {
priority = 5; priority = 5;
psk = "@DORM_PSK@"; psk = "@DORM_PSK@";
authProtocols = [ "SAE" ]; authProtocols = [ "SAE" ];
extraConfig = "disabled=1";
}; };
"@PIXEL_SSID@" = { "@PIXEL_SSID@" = {
psk = "@PIXEL_PSK@"; psk = "@PIXEL_PSK@";
@ -134,7 +137,6 @@
}; };
# some wireguard interfaces
netdevs."30-wg0" = { netdevs."30-wg0" = {
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
@ -159,13 +161,12 @@
}; };
networks."30-wg0" = { networks."30-wg0" = {
matchConfig.Name = "wg0"; matchConfig.Name = "wg0";
linkConfig.RequiredForOnline = "carrier"; linkConfig.RequiredForOnline = false;
networkConfig = { networkConfig = {
Address = "192.168.43.3/32"; Address = "192.168.43.3/32";
DNS = "192.168.43.1"; DNS = "192.168.43.1";
Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa"; Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa";
DNSSEC = false; DNSSEC = false;
BindCarrier = [ "wlp9s0" ];
}; };
}; };
}; };

View file

@ -2,8 +2,13 @@
{ {
virtualisation = { virtualisation = {
docker = { docker = {
rootless = {
enable = true; enable = true;
extraOptions = "--iptables=false"; setSocketVariable = true;
daemon.settings = {
iptables = false;
};
};
}; };
libvirtd = { libvirtd = {
enable = true; enable = true;
@ -18,7 +23,7 @@
spiceUSBRedirection.enable = true; spiceUSBRedirection.enable = true;
}; };
# allow libvirts internal network stuff # allow libvirts internal network stuff
networking.firewall.trustedInterfaces = [ "virbr0" "br0" "docker0" ]; networking.firewall.trustedInterfaces = [ "virbr0" ];
programs.virt-manager.enable = true; programs.virt-manager.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
virt-viewer virt-viewer

View file

@ -7,6 +7,13 @@ let
inherit (prev) python3Packages; inherit (prev) python3Packages;
in in
{ {
pcmanfm = prev.pcmanfm.overrideAttrs (_: {
# remove deskop preferences shortcut
postInstall = ''
rm $out/share/applications/pcmanfm-desktop-pref.desktop
'';
});
pww = callPackage ../pkgs/pww { }; pww = callPackage ../pkgs/pww { };
ianny = callPackage ../pkgs/ianny { }; ianny = callPackage ../pkgs/ianny { };
@ -40,6 +47,17 @@ in
withHiredis = false; withHiredis = false;
}; };
zsh-fzf-tab = prev.zsh-fzf-tab.overrideAttrs (_: rec {
version = "1.1.1";
src = fetchFromGitHub {
owner = "Aloxaf";
repo = "fzf-tab";
rev = "v${version}";
sha256 = "sha256-0/YOL1/G2SWncbLNaclSYUz7VyfWu+OB8TYJYm4NYkM=";
};
});
gnome-break-timer = callPackage ../pkgs/gnome-break-timer { }; gnome-break-timer = callPackage ../pkgs/gnome-break-timer { };
jmri = callPackage ../pkgs/jmri { }; jmri = callPackage ../pkgs/jmri { };
adguardian-term = callPackage ../pkgs/adguardian-term { }; adguardian-term = callPackage ../pkgs/adguardian-term { };

View file

@ -1,23 +1,18 @@
{ lib, buildGoModule, fetchFromGitHub, playerctl }: { lib, buildGoModule, fetchFromGitHub, playerctl }:
buildGoModule rec { buildGoModule rec {
pname = "ssh3"; pname = "ssh3";
version = "0.1.4"; version = "0.1.7";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "francoismichel"; owner = "francoismichel";
repo = "ssh3"; repo = "ssh3";
rev = "v${version}"; rev = "v${version}";
hash = "sha256-0bd2hdvgapTGEGM7gdpVwxelN5BRbmdcgANbRHZ/nRw="; hash = "sha256-ZtQAJwGvNlJWUoDa6bS3AEdM3zbNMPQGdaIhR+yIonw=";
}; };
subPackages = [ "cli/client" ]; subPackages = [ "cmd/ssh3" ];
vendorHash = "sha256-VUNvb7m1nnH+mXUsnIKyPKJEVSMXBAaS4ihi5DZeFiI=";
vendorHash = "sha256-ZtKxAKNyMnZ8v96GUUm4EukdIJD+ITDW9kHOez7nYmg=";
postInstall = ''
mv $out/bin/client $out/bin/ssh3
'';
meta = with lib; { meta = with lib; {
description = "Faster and rich secure shell using HTTP/3"; description = "Faster and rich secure shell using HTTP/3";

View file

@ -1,25 +1,20 @@
{ lib, buildGoModule, libxcrypt, fetchFromGitHub, playerctl }: { lib, buildGoModule, libxcrypt, fetchFromGitHub, playerctl }:
buildGoModule rec { buildGoModule rec {
pname = "ssh3-server"; pname = "ssh3-server";
version = "0.1.4"; version = "0.1.7";
src = fetchFromGitHub { src = fetchFromGitHub {
owner = "francoismichel"; owner = "francoismichel";
repo = "ssh3"; repo = "ssh3";
rev = "v${version}"; rev = "v${version}";
hash = "sha256-0bd2hdvgapTGEGM7gdpVwxelN5BRbmdcgANbRHZ/nRw="; hash = "sha256-ZtQAJwGvNlJWUoDa6bS3AEdM3zbNMPQGdaIhR+yIonw=";
}; };
subPackages = [ "cli/server" ]; subPackages = [ "cmd/ssh3-server" ];
buildInputs = [ libxcrypt ]; buildInputs = [ libxcrypt ];
vendorHash = "sha256-VUNvb7m1nnH+mXUsnIKyPKJEVSMXBAaS4ihi5DZeFiI=";
vendorHash = "sha256-ZtKxAKNyMnZ8v96GUUm4EukdIJD+ITDW9kHOez7nYmg=";
postInstall = ''
mv $out/bin/server $out/bin/ssh3-server
'';
meta = with lib; { meta = with lib; {
description = "Faster and rich secure shell using HTTP/3"; description = "Faster and rich secure shell using HTTP/3";

View file

@ -3,7 +3,6 @@
programs.command-not-found.enable = false; programs.command-not-found.enable = false;
programs.nix-index-database.comma.enable = true; programs.nix-index-database.comma.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# fzf
bat bat
eza eza
duf duf
@ -12,9 +11,7 @@
iperf iperf
]; ];
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
programs.fzf = { programs.fzf.enable = true;
keybindings = true;
};
programs.zsh = { programs.zsh = {
enable = true; enable = true;
shellAliases = { shellAliases = {
@ -52,7 +49,7 @@
function svpn() { function svpn() {
unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | fzf --preview 'systemctl status {}') unit=$(systemctl list-unit-files | grep "openconnect\|wg-quick\|wireguard\|openvpn\|openfortivpn" | cut -d "." -f1 | ${pkgs.fzf}/bin/fzf --preview 'systemctl status {}')
if [ $(systemctl is-active $unit) = "inactive" ]; then if [ $(systemctl is-active $unit) = "inactive" ]; then
systemctl start $unit systemctl start $unit
else else
@ -88,10 +85,10 @@
''; '';
promptInit = promptInit =
'' ''
if [[ "$(hostname)" == "thinkpad" ]] # if [[ "$(hostname)" == "thinkpad" ]]
then # then
cat ${../images/cat.sixel} # cat ${../images/cat.sixel}
fi # fi
eval "$(${pkgs.mcfly}/bin/mcfly init zsh)" eval "$(${pkgs.mcfly}/bin/mcfly init zsh)"
eval "$(${pkgs.zoxide}/bin/zoxide init zsh)" eval "$(${pkgs.zoxide}/bin/zoxide init zsh)"
''; '';

View file

@ -5,7 +5,16 @@
users.users.rouven = { users.users.rouven = {
description = "Rouven Seifert"; description = "Rouven Seifert";
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "video" "dialout" "libvirtd" "tss" "input" "wireshark" "etherape" "docker" ]; extraGroups = [
"wheel"
"video"
"dialout"
"libvirtd"
"tss"
"input"
"wireshark"
"etherape"
];
initialHashedPassword = "$6$X3XERQv28Nt1UUT5$MjdMBDuXyEwexkuKqmNFweez69q4enY5cjMXSbBxOc6Bq7Fhhp7OqmCm02k3OGjoZFXzPV9ZHuMSGKZOtwYIk1"; initialHashedPassword = "$6$X3XERQv28Nt1UUT5$MjdMBDuXyEwexkuKqmNFweez69q4enY5cjMXSbBxOc6Bq7Fhhp7OqmCm02k3OGjoZFXzPV9ZHuMSGKZOtwYIk1";
}; };
home-manager.useUserPackages = true; home-manager.useUserPackages = true;

View file

@ -10,7 +10,7 @@
(python3.withPackages (ps: with ps; [ (python3.withPackages (ps: with ps; [
pyls-isort pyls-isort
pylsp-mypy pylsp-mypy
python-lsp-black # python-lsp-black
python-lsp-server python-lsp-server
# pylsp optional dependencies # pylsp optional dependencies

View file

@ -45,6 +45,7 @@
mosh mosh
typst typst
typst-preview typst-preview
hut
# programming languages # programming languages
cargo cargo
@ -55,6 +56,7 @@
nodejs_20 nodejs_20
gnumake gnumake
go go
pre-commit
# fancy tools # fancy tools
just just

View file

@ -21,6 +21,10 @@ in
match = "Host github.com User git"; match = "Host github.com User git";
identityFile = git; identityFile = git;
}; };
"git@git.sr.ht" = {
match = "Host git.sr.ht User git";
identityFile = git;
};
# iFSR # iFSR
"fsr" = { "fsr" = {
hostname = "ifsr.de"; hostname = "ifsr.de";