2023-07-11 09:12:50 -06:00
|
|
|
{
|
2023-07-13 08:21:51 -06:00
|
|
|
inputs,
|
2023-07-11 09:12:50 -06:00
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
xinlib,
|
|
|
|
...
|
|
|
|
}: let
|
2023-07-27 10:19:05 -06:00
|
|
|
inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp;
|
2023-04-17 10:43:10 -06:00
|
|
|
restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix {
|
|
|
|
inherit pkgs;
|
|
|
|
inherit lib;
|
|
|
|
inherit config;
|
|
|
|
});
|
2023-07-03 08:47:51 -06:00
|
|
|
#myEmacs = pkgs.callPackage ../../configs/emacs.nix { };
|
2023-07-11 09:12:50 -06:00
|
|
|
peerixUser =
|
|
|
|
if builtins.hasAttr "peerix" config.users.users
|
|
|
|
then config.users.users.peerix.name
|
|
|
|
else "root";
|
2023-01-12 08:08:56 -07:00
|
|
|
jobs = [
|
|
|
|
{
|
|
|
|
name = "brain";
|
2023-01-13 07:05:08 -07:00
|
|
|
script = "cd ~/Brain && git sync";
|
2023-01-12 08:08:56 -07:00
|
|
|
startAt = "*:0/2";
|
2023-07-11 09:12:50 -06:00
|
|
|
path = [pkgs.git pkgs.git-sync];
|
2023-01-12 08:08:56 -07:00
|
|
|
}
|
|
|
|
{
|
|
|
|
name = "org";
|
2023-01-13 07:05:08 -07:00
|
|
|
script = "(cd ~/org && git sync)";
|
2023-01-12 08:08:56 -07:00
|
|
|
startAt = "*:0/5";
|
2023-07-11 09:12:50 -06:00
|
|
|
path = [pkgs.git pkgs.git-sync];
|
2023-01-12 08:08:56 -07:00
|
|
|
}
|
|
|
|
{
|
|
|
|
name = "taskobs";
|
2023-01-13 07:05:08 -07:00
|
|
|
script = "taskobs";
|
2023-01-12 08:08:56 -07:00
|
|
|
startAt = "*:0/30";
|
2023-07-11 09:12:50 -06:00
|
|
|
path = [pkgs.taskobs] ++ pkgs.taskobs.buildInputs;
|
2023-01-12 08:08:56 -07:00
|
|
|
}
|
|
|
|
];
|
2022-08-25 12:21:35 -06:00
|
|
|
in {
|
|
|
|
_module.args.isUnstable = true;
|
|
|
|
|
2023-07-05 05:53:26 -06:00
|
|
|
specialisation = {
|
|
|
|
arcan = {
|
|
|
|
configuration = {
|
2023-07-11 09:12:50 -06:00
|
|
|
system.nixos.tags = ["arcan"];
|
2023-07-05 05:53:26 -06:00
|
|
|
kde.enable = false;
|
|
|
|
sshFidoAgent.enable = false;
|
2023-07-11 09:12:50 -06:00
|
|
|
nixManager = {enable = false;};
|
2023-07-05 05:53:26 -06:00
|
|
|
|
2023-07-11 09:12:50 -06:00
|
|
|
programs = {};
|
2023-07-05 05:53:26 -06:00
|
|
|
|
|
|
|
virtualisation.libvirtd.enable = false;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-07-11 09:12:50 -06:00
|
|
|
imports = [./hardware-configuration.nix ../../pkgs ../../configs/neomutt.nix];
|
2022-08-25 12:21:35 -06:00
|
|
|
|
|
|
|
sops.secrets = {
|
|
|
|
fastmail = {
|
|
|
|
sopsFile = config.xin-secrets.europa.qbit;
|
|
|
|
owner = "qbit";
|
|
|
|
group = "wheel";
|
|
|
|
mode = "400";
|
|
|
|
};
|
|
|
|
fastmail_user = {
|
|
|
|
sopsFile = config.xin-secrets.europa.qbit;
|
|
|
|
owner = "qbit";
|
|
|
|
group = "wheel";
|
|
|
|
mode = "400";
|
|
|
|
};
|
|
|
|
nix_review = {
|
|
|
|
sopsFile = config.xin-secrets.europa.qbit;
|
|
|
|
owner = "qbit";
|
|
|
|
group = "wheel";
|
|
|
|
mode = "400";
|
|
|
|
};
|
2022-10-16 08:19:31 -06:00
|
|
|
netrc = {
|
|
|
|
sopsFile = config.xin-secrets.europa.qbit;
|
|
|
|
owner = "qbit";
|
|
|
|
group = "wheel";
|
|
|
|
mode = "400";
|
|
|
|
};
|
2022-08-30 15:56:37 -06:00
|
|
|
peerix_private_key = {
|
|
|
|
sopsFile = config.xin-secrets.europa.peerix;
|
2022-09-01 12:42:47 -06:00
|
|
|
owner = "${peerixUser}";
|
2022-08-30 15:56:37 -06:00
|
|
|
group = "wheel";
|
|
|
|
mode = "400";
|
|
|
|
};
|
2023-01-04 18:42:14 -07:00
|
|
|
restic_password_file = {
|
|
|
|
sopsFile = config.xin-secrets.europa.services;
|
|
|
|
owner = "root";
|
|
|
|
mode = "400";
|
|
|
|
};
|
|
|
|
restic_env_file = {
|
|
|
|
sopsFile = config.xin-secrets.europa.services;
|
|
|
|
owner = "root";
|
|
|
|
mode = "400";
|
|
|
|
};
|
2022-08-25 12:21:35 -06:00
|
|
|
};
|
|
|
|
|
2023-07-16 15:17:03 -06:00
|
|
|
nixpkgs.config = {
|
|
|
|
allowUnfree = true;
|
|
|
|
allowUnsupportedSystem = true;
|
|
|
|
};
|
2022-08-25 12:21:35 -06:00
|
|
|
|
|
|
|
boot = {
|
2023-08-02 11:24:25 -06:00
|
|
|
binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"];
|
2022-11-16 20:25:14 -07:00
|
|
|
initrd.systemd.enable = true;
|
2022-08-25 12:21:35 -06:00
|
|
|
loader = {
|
|
|
|
systemd-boot.enable = true;
|
2022-09-07 10:02:56 -06:00
|
|
|
efi = {
|
|
|
|
canTouchEfiVariables = true;
|
|
|
|
efiSysMountPoint = "/boot/efi";
|
|
|
|
};
|
2022-08-25 12:21:35 -06:00
|
|
|
};
|
2023-07-11 09:12:50 -06:00
|
|
|
kernelParams = ["boot.shell_on_fail" "mem_sleep_default=deep"];
|
2023-02-01 11:58:56 -07:00
|
|
|
kernelPackages = pkgs.linuxPackages_latest;
|
2022-08-25 12:21:35 -06:00
|
|
|
};
|
|
|
|
|
2023-07-05 05:53:26 -06:00
|
|
|
sshFidoAgent.enable = lib.mkDefault true;
|
2022-08-25 12:21:35 -06:00
|
|
|
|
|
|
|
nixManager = {
|
2023-07-05 05:53:26 -06:00
|
|
|
enable = lib.mkDefault true;
|
2022-08-25 12:21:35 -06:00
|
|
|
user = "qbit";
|
|
|
|
};
|
|
|
|
|
2023-07-05 05:53:26 -06:00
|
|
|
kde.enable = lib.mkDefault true;
|
2022-08-25 12:21:35 -06:00
|
|
|
|
2023-07-05 05:53:26 -06:00
|
|
|
virtualisation.libvirtd.enable = lib.mkDefault true;
|
2022-08-25 12:21:35 -06:00
|
|
|
|
|
|
|
networking = {
|
|
|
|
hostName = "europa";
|
|
|
|
hostId = "87703c3e";
|
2023-07-09 07:13:33 -06:00
|
|
|
hosts = {
|
2023-07-11 09:12:50 -06:00
|
|
|
"192.168.122.6" = ["chubs"];
|
2023-07-09 07:13:33 -06:00
|
|
|
};
|
2022-08-25 12:21:35 -06:00
|
|
|
wireless.userControlled.enable = true;
|
|
|
|
networkmanager.enable = true;
|
|
|
|
|
|
|
|
firewall = {
|
|
|
|
enable = true;
|
2023-07-11 09:12:50 -06:00
|
|
|
allowedTCPPorts = [22];
|
2022-08-25 12:21:35 -06:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2022-08-30 15:56:37 -06:00
|
|
|
tsPeerix = {
|
2022-09-01 12:14:46 -06:00
|
|
|
enable = false;
|
2022-08-30 15:56:37 -06:00
|
|
|
privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
|
2023-07-11 09:12:50 -06:00
|
|
|
interfaces = ["wlp170s0" "ztksevmpn3"];
|
2022-08-30 15:56:37 -06:00
|
|
|
};
|
|
|
|
|
2022-12-18 06:15:19 -07:00
|
|
|
programs = {
|
|
|
|
steam.enable = true;
|
|
|
|
_1password.enable = true;
|
|
|
|
_1password-gui = {
|
|
|
|
enable = true;
|
2023-07-11 09:12:50 -06:00
|
|
|
polkitPolicyOwners = ["qbit"];
|
2022-12-18 06:15:19 -07:00
|
|
|
};
|
|
|
|
dconf.enable = true;
|
2022-12-22 10:09:24 -07:00
|
|
|
zsh = {
|
|
|
|
shellInit = ''
|
|
|
|
export OP_PLUGIN_ALIASES_SOURCED=1
|
|
|
|
'';
|
|
|
|
shellAliases = {
|
|
|
|
"gh" = "op plugin run -- gh";
|
2023-07-11 09:12:50 -06:00
|
|
|
"nixpkgs-review" = "env GITHUB_TOKEN=$(op item get nixpkgs-review --field token) nixpkgs-review";
|
|
|
|
"clilol" = "env CLILOL_APIKEY=$(op item get omglol-cli --field credential) clilol";
|
|
|
|
"godeps" = "go list -m -f '{{if not (or .Indirect .Main)}}{{.Path}}{{end}}' all";
|
2022-12-22 10:09:24 -07:00
|
|
|
"mutt" = "neomutt -F /etc/neomuttrc";
|
2022-12-25 06:06:55 -07:00
|
|
|
"neomutt" = "neomutt -F /etc/neomuttrc";
|
2022-12-22 10:09:24 -07:00
|
|
|
};
|
2022-12-18 06:15:19 -07:00
|
|
|
};
|
|
|
|
};
|
2022-09-08 06:31:34 -06:00
|
|
|
|
2023-07-11 09:12:50 -06:00
|
|
|
services.xinCA = {enable = false;};
|
2023-02-10 12:43:59 -07:00
|
|
|
|
2022-08-25 12:21:35 -06:00
|
|
|
services = {
|
2023-01-04 18:42:14 -07:00
|
|
|
restic = {
|
|
|
|
backups = {
|
|
|
|
local = {
|
|
|
|
initialize = true;
|
|
|
|
repository = "/run/media/qbit/backup/${config.networking.hostName}";
|
|
|
|
environmentFile = "${config.sops.secrets.restic_env_file.path}";
|
|
|
|
passwordFile = "${config.sops.secrets.restic_password_file.path}";
|
|
|
|
|
2023-07-11 09:12:50 -06:00
|
|
|
paths = ["/home/qbit" "/var/lib/libvirt"];
|
2023-01-04 18:42:14 -07:00
|
|
|
|
2023-07-11 09:12:50 -06:00
|
|
|
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5"];
|
2023-01-04 18:42:14 -07:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2022-12-27 07:40:02 -07:00
|
|
|
pcscd.enable = true;
|
2022-11-16 21:18:36 -07:00
|
|
|
vnstat.enable = true;
|
2022-09-21 16:35:46 -06:00
|
|
|
clamav.updater.enable = true;
|
2023-07-03 08:47:51 -06:00
|
|
|
#emacs = {
|
|
|
|
# enable = true;
|
|
|
|
# package = myEmacs;
|
|
|
|
# install = true;
|
|
|
|
#};
|
2022-08-25 12:21:35 -06:00
|
|
|
tor = {
|
|
|
|
enable = true;
|
|
|
|
client.enable = true;
|
|
|
|
};
|
|
|
|
fwupd = {
|
|
|
|
enable = true;
|
|
|
|
enableTestRemote = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
udev.extraRules = ''
|
|
|
|
SUBSYSTEM=="usb", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="5bf0", GROUP="users", TAG+="uaccess"
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2023-07-11 09:12:50 -06:00
|
|
|
security.pki.certificates = [
|
|
|
|
''
|
|
|
|
-----BEGIN CERTIFICATE-----
|
|
|
|
MIIDPTCCAiWgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDExdPYnNp
|
|
|
|
ZGlhbiBMb2NhbCBSRVNUIEFQSTAeFw0yMzAyMDcwMTQ3NDVaFw0yNDAyMDcwMTQ3
|
|
|
|
NDVaMCIxIDAeBgNVBAMTF09ic2lkaWFuIExvY2FsIFJFU1QgQVBJMIIBIjANBgkq
|
|
|
|
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRr4708X1QMmQMG3+M7UoefV+9gq+jNR
|
|
|
|
bM5HCOlBuB16LrhRiR/6ROaDnB3OJBP4NToCVY6+tJvWOqJe9FVyzviWzGaFkZGF
|
|
|
|
eBF32QvYLZRbPTIVWADl+KabXm1TXtLos1GpPKnIjU9m+5Jt1ob8i4eTKjjarpSG
|
|
|
|
u4kvKBQiQYxxYXA+miuqxPWD/mkIySvx50EVzrO5X8u/M4MQqPlpMvL6W6AxMXQ+
|
|
|
|
WU5KWUkP3kU/CMB377GjqTfdwRMVqCFhKq0jzFueKrqY0qXnbLoTePFBV2HsPAhv
|
|
|
|
Xup15Yx7G5pLROYkvmxvxzgP6mycB3SOiPDwj9UsFk41+KZV9cm6pQIDAQABo34w
|
|
|
|
fDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC9DA7BgNVHSUENDAyBggrBgEFBQcD
|
|
|
|
AQYIKwYBBQUHAwIGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgwEQYJYIZI
|
|
|
|
AYb4QgEBBAQDAgD3MA8GA1UdEQQIMAaHBH8AAAEwDQYJKoZIhvcNAQELBQADggEB
|
|
|
|
AHfjsIJpQlQcSP1Gy0gcrnBt9PhcA5TAqKlafKXVs0z60gVFDd/8d9PU3QxuTa4m
|
|
|
|
uQGLtFiMSudaoZoGhyEZ4kk5upqjfANppJj4R5UgPmfhp24AUvPjf2bVXczdIbvY
|
|
|
|
MNrXMtOq4+zD8QdZ25aPXT17LDIGx3TSM4HQzpu9YQdVt6fGgqPKFo3U9HGsBCja
|
|
|
|
lXsQ+lw4Hfi50HqLFRmLA50AP5m+EGdgIkVktAm7v8x0H8wHjd2Ysy8oRRAYtf2i
|
|
|
|
tynaHjsc6x3jDd5HiGuShRNHV9r3Q+IG1+SikALFk0nhKfB4DpYTz/fSQsw9hEj5
|
|
|
|
5wYD1VN/zBzPsHUUwCujYOs=
|
|
|
|
-----END CERTIFICATE-----
|
|
|
|
''
|
|
|
|
];
|
2023-02-06 19:03:49 -07:00
|
|
|
|
2023-02-02 05:48:19 -07:00
|
|
|
systemd.user.services =
|
2023-03-03 07:06:30 -07:00
|
|
|
lib.listToAttrs (builtins.map xinlib.jobToUserService jobs);
|
2023-05-07 06:19:49 -06:00
|
|
|
systemd.services."whytailscalewhy" = {
|
|
|
|
description = "Tailscale restart on resume";
|
2023-07-11 09:12:50 -06:00
|
|
|
wantedBy = ["post-resume.target"];
|
|
|
|
after = ["post-resume.target"];
|
2023-05-07 06:19:49 -06:00
|
|
|
script = ''
|
|
|
|
. /etc/profile;
|
|
|
|
${pkgs.systemd}/bin/systemctl restart tailscaled.service
|
|
|
|
'';
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
};
|
2023-01-12 08:08:56 -07:00
|
|
|
|
2023-03-12 09:19:39 -06:00
|
|
|
virtualisation.docker.enable = false;
|
|
|
|
users.users.qbit.extraGroups = [
|
|
|
|
"dialout"
|
|
|
|
"libvirtd"
|
2023-07-20 13:30:17 -06:00
|
|
|
"plugdev"
|
2023-03-12 09:19:39 -06:00
|
|
|
#"docker"
|
|
|
|
];
|
2022-08-25 12:21:35 -06:00
|
|
|
|
2022-12-04 06:22:35 -07:00
|
|
|
environment.sessionVariables = {
|
|
|
|
XDG_BIN_HOME = "\${HOME}/.local/bin";
|
|
|
|
XDG_CACHE_HOME = "\${HOME}/.cache";
|
|
|
|
XDG_CONFIG_HOME = "\${HOME}/.config";
|
|
|
|
XDG_DATA_HOME = "\${HOME}/.local/share";
|
|
|
|
|
2023-07-11 09:12:50 -06:00
|
|
|
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
|
|
|
|
PATH = ["\${XDG_BIN_HOME}"];
|
2022-12-31 09:01:50 -07:00
|
|
|
MUHOME = "\${HOME}/.config/mu";
|
2022-12-04 06:22:35 -07:00
|
|
|
};
|
|
|
|
|
2022-08-25 12:21:35 -06:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
barrier
|
2022-09-06 13:37:44 -06:00
|
|
|
calibre
|
2023-07-12 05:34:34 -06:00
|
|
|
chirp
|
2022-08-25 12:21:35 -06:00
|
|
|
cider
|
2022-10-14 07:31:38 -06:00
|
|
|
clementine
|
2023-07-12 05:34:34 -06:00
|
|
|
direwolf
|
2022-08-25 12:21:35 -06:00
|
|
|
element-desktop
|
2023-05-06 08:41:56 -06:00
|
|
|
elmPackages.elm
|
|
|
|
elmPackages.elm-format
|
|
|
|
elmPackages.elm-language-server
|
|
|
|
elmPackages.elm-live
|
2023-05-11 06:25:14 -06:00
|
|
|
elmPackages.elm-test
|
2023-05-06 08:41:56 -06:00
|
|
|
entr
|
2022-08-25 12:21:35 -06:00
|
|
|
exercism
|
2022-12-22 09:16:52 -07:00
|
|
|
gh
|
2023-05-06 08:41:56 -06:00
|
|
|
git-credential-1password
|
2023-07-12 05:34:34 -06:00
|
|
|
gqrx
|
|
|
|
hackrf
|
2022-08-25 12:21:35 -06:00
|
|
|
isync
|
|
|
|
klavaro
|
2022-10-14 07:32:14 -06:00
|
|
|
minicom
|
2022-08-25 12:21:35 -06:00
|
|
|
mu
|
2022-09-12 07:18:48 -06:00
|
|
|
nheko
|
2022-08-25 12:21:35 -06:00
|
|
|
nix-index
|
2022-09-25 07:13:48 -06:00
|
|
|
nixpkgs-review
|
2022-08-25 12:21:35 -06:00
|
|
|
nix-top
|
2022-08-30 15:57:40 -06:00
|
|
|
nmap
|
2023-04-18 11:04:21 -06:00
|
|
|
nushell
|
2022-09-14 14:21:30 -06:00
|
|
|
obsidian
|
2022-09-21 08:00:54 -06:00
|
|
|
pharo
|
|
|
|
pharo-launcher
|
2023-06-26 10:13:00 -06:00
|
|
|
picocom
|
2022-12-04 06:22:35 -07:00
|
|
|
proton-caller
|
|
|
|
protonup-ng
|
2023-07-06 08:37:04 -06:00
|
|
|
python3Packages.meshtastic
|
2023-07-12 05:34:34 -06:00
|
|
|
qdmr
|
2023-05-06 08:41:56 -06:00
|
|
|
rex
|
2022-08-25 12:21:35 -06:00
|
|
|
rofi
|
2023-07-20 14:02:46 -06:00
|
|
|
rtl-sdr
|
|
|
|
sdrpp
|
2022-08-25 12:21:35 -06:00
|
|
|
signal-desktop
|
2022-10-17 07:26:22 -06:00
|
|
|
taskobs
|
2022-08-30 15:57:40 -06:00
|
|
|
tcpdump
|
2023-01-18 13:00:25 -07:00
|
|
|
tea
|
|
|
|
thunderbird
|
2022-08-25 12:21:35 -06:00
|
|
|
tidal-hifi
|
|
|
|
tigervnc
|
2022-08-30 15:57:40 -06:00
|
|
|
unzip
|
2022-09-11 19:17:13 -06:00
|
|
|
virt-manager
|
2022-08-25 12:21:35 -06:00
|
|
|
yt-dlp
|
2023-05-09 15:04:14 -06:00
|
|
|
#yubioath-flutter
|
2022-08-30 20:53:03 -06:00
|
|
|
zig
|
2022-09-21 13:07:37 -06:00
|
|
|
|
2023-07-11 09:12:50 -06:00
|
|
|
(callPackage ../../pkgs/clilol.nix {})
|
|
|
|
(callPackage ../../pkgs/iamb.nix {})
|
2023-02-08 06:27:19 -07:00
|
|
|
(callPackage ../../pkgs/kobuddy.nix {
|
|
|
|
inherit pkgs;
|
2023-07-11 09:12:50 -06:00
|
|
|
inherit
|
|
|
|
(pkgs.python39Packages)
|
|
|
|
buildPythonPackage
|
|
|
|
fetchPypi
|
|
|
|
setuptools-scm
|
|
|
|
pytz
|
|
|
|
banal
|
|
|
|
sqlalchemy
|
|
|
|
alembic
|
|
|
|
;
|
2023-02-08 06:27:19 -07:00
|
|
|
})
|
2023-07-11 09:12:50 -06:00
|
|
|
(callPackage ../../pkgs/gokrazy.nix {})
|
|
|
|
(callPackage ../../pkgs/zutty.nix {})
|
2023-04-17 10:43:10 -06:00
|
|
|
|
|
|
|
restic
|
2022-08-25 12:21:35 -06:00
|
|
|
];
|
|
|
|
|
2022-09-21 08:00:54 -06:00
|
|
|
# for Pharo
|
|
|
|
security.pam.loginLimits = [
|
|
|
|
{
|
|
|
|
domain = "qbit";
|
|
|
|
type = "hard";
|
|
|
|
item = "rtprio";
|
|
|
|
value = "2";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
domain = "qbit";
|
|
|
|
type = "soft";
|
|
|
|
item = "rtprio";
|
|
|
|
value = "2";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
2022-11-08 14:54:41 -07:00
|
|
|
system.autoUpgrade.allowReboot = false;
|
2023-04-19 07:17:08 -06:00
|
|
|
system.autoUpgrade.enable = false;
|
2022-08-25 12:21:35 -06:00
|
|
|
system.stateVersion = "21.11";
|
|
|
|
}
|