From fd47f8be1e2ebfa011d811b0f02a02c67773997e Mon Sep 17 00:00:00 2001 From: Lgmrszd Date: Mon, 30 Oct 2023 19:20:54 +0300 Subject: [PATCH] bump --- configuration.nix | 56 ++++++++++++++++++++++++++++++++++++------- flake.lock | 39 +++++++++++++++++++++--------- flake.nix | 13 +++++++++- home.nix | 57 ++++++++++++++++++++++++++++++++++++-------- scripts/rebuild.nix | 58 +++++++++++++++++++++++++++++++++++++++++++++ secrets/default.nix | 1 + 6 files changed, 193 insertions(+), 31 deletions(-) create mode 100644 scripts/rebuild.nix diff --git a/configuration.nix b/configuration.nix index 8ac2543..8be627f 100644 --- a/configuration.nix +++ b/configuration.nix @@ -20,7 +20,12 @@ enable = true; device = "nodev"; efiSupport = true; - theme = "/home/lgm/minegrub/minegrub-theme/minegrub/"; + theme = "${pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "grub"; + rev = "803c5df0e83aba61668777bb96d90ab8f6847106"; + hash = "sha256-/bSolCta8GCZ4lP0u5NVqYQ9Y3ZooYCNdTwORNvR7M0="; + }}/src/catppuccin-macchiato-grub-theme/"; efiInstallAsRemovable = false; # useOSProber = true; extraEntries = @@ -64,13 +69,25 @@ boot.kernel.sysctl."kernel.sysrq" = 244; + boot.plymouth = { + enable = true; + themePackages = [ (pkgs.catppuccin-plymouth.override { variant = "macchiato"; }) ]; + theme = "catppuccin-macchiato"; + }; + + boot.initrd.systemd.enable = true; + # ==[SECURITY]== # LUKS options + # boot.initrd.luks.fido2Support = true; boot.initrd.luks.devices = with secrets.drive-ids.luks; { crypted = { inherit device; inherit header; preLVM = true; + crypttabExtraOpts = [ "fido2-device=auto" "token-timeout=10s" ]; + # fido2.credential = ""; + # fido2.passwordLess = true; }; }; @@ -131,9 +148,10 @@ programs.gamemode.enable = true; # VirtualBox - virtualisation.virtualbox.host.enable = true; - virtualisation.virtualbox.host.enableExtensionPack = true; - users.extraGroups.vboxusers.members = [ "lgm" ]; + virtualisation.docker.enable = true; + virtualisation.virtualbox.host.enable = true; + virtualisation.virtualbox.host.enableExtensionPack = true; + users.extraGroups.vboxusers.members = [ "lgm" ]; networking.hostName = "lgm-nixos"; # Define your hostname. # Pick only one of the below networking options. @@ -175,9 +193,22 @@ # Enable the Plasma 5 Desktop Environment. services.xserver.displayManager.sddm.enable = true; + + # Didn't like, the theme is a bit buggy + # services.xserver.displayManager.sddm.theme = "${pkgs.fetchFromGitHub { + # owner = "catppuccin"; + # repo = "sddm"; + # rev = "7fc67d1027cdb7f4d833c5d23a8c34a0029b0661"; + # hash = "sha256-SjYwyUvvx/ageqVH5MmYmHNRKNvvnF3DYMJ/f2/L+Go="; + # }}/src/catppuccin-latte/"; + services.xserver.desktopManager.plasma5.enable = true; services.xserver.displayManager.defaultSession = "plasmawayland"; + # programs.command-not-found.enable = false; + # programs.nix-index.enable = true; + + # fish programs.fish = { enable = true; @@ -228,13 +259,14 @@ users.users.lgm = { isNormalUser = true; description = "lgm"; - extraGroups = [ "networkmanager" "wheel" "adbusers"]; + extraGroups = [ "networkmanager" "wheel" "adbusers" "docker"]; shell = pkgs.fish; }; nixpkgs.config.allowUnfree = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; + # nix.nixPath = [] # OnlyKey hardware.onlykey.enable = true; @@ -248,12 +280,15 @@ curl python3 # more stuff + gnome-network-displays + miraclecast parted exfatprogs gparted tmux - graalvm17-ce + # graalvm17-ce jetbrains.jdk + distrobox (let base = pkgs.appimageTools.defaultFhsEnvArgs; in pkgs.buildFHSUserEnv (base // { @@ -277,17 +312,20 @@ # programs.mtr.enable = true; programs.gnupg.agent = { enable = true; - enableSSHSupport = true; + # enableSSHSupport = true; }; + programs.ssh.startAgent = true; # List services that you want to enable: + # services.peroxide.enable = true; # Enable the OpenSSH daemon. # services.openssh.enable = true; # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; + networking.firewall.trustedInterfaces = [ "p2p-wl+" ]; + networking.firewall.allowedTCPPorts = [ 5900 5905 7236 7250 ]; + networking.firewall.allowedUDPPorts = [ 5900 5905 7236 5353 ]; # Or disable the firewall altogether. # networking.firewall.enable = false; diff --git a/flake.lock b/flake.lock index 82ef6d8..ee9a485 100644 --- a/flake.lock +++ b/flake.lock @@ -7,27 +7,27 @@ ] }, "locked": { - "lastModified": 1693208669, - "narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=", + "lastModified": 1698250431, + "narHash": "sha256-qs2gTeH4wpnWPO6Oi6sOhp2IhG0i0DzcnrJxIY3/CP8=", "owner": "nix-community", "repo": "home-manager", - "rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c", + "rev": "09587fbbc6a669f7725613e044c2577dc5d43ab5", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-23.05", + "ref": "master", "repo": "home-manager", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1693377291, - "narHash": "sha256-vYGY9bnqEeIncNarDZYhm6KdLKgXMS+HA2mTRaWEc80=", + "lastModified": 1698134075, + "narHash": "sha256-foCD+nuKzfh49bIoiCBur4+Fx1nozo+4C/6k8BYk4sg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e7f38be3775bab9659575f192ece011c033655f0", + "rev": "8efd5d1e283604f75a808a20e6cde0ef313d07d4", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1693341273, - "narHash": "sha256-wrsPjsIx2767909MPGhSIOmkpGELM9eufqLQOPxmZQg=", + "lastModified": 1698288402, + "narHash": "sha256-jIIjApPdm+4yt8PglX8pUOexAdEiAax/DXW3S/Mb21E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2ab91c8d65c00fd22a441c69bbf1bc9b420d5ea1", + "rev": "60b9db998f71ea49e1a9c41824d09aa274be1344", "type": "github" }, "original": { @@ -53,11 +53,28 @@ "type": "github" } }, + "nixpkgs-vesktop": { + "locked": { + "lastModified": 1698418864, + "narHash": "sha256-LAWBE8au4ajSPPksF9rr3ddYCMctzx1FA75r2TCGbXc=", + "owner": "pluiedev", + "repo": "nixpkgs", + "rev": "a659490545d4825fe27a1d32ec83f30258673731", + "type": "github" + }, + "original": { + "owner": "pluiedev", + "ref": "patch-1", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "home-manager": "home-manager", "nixpkgs": "nixpkgs", - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs-vesktop": "nixpkgs-vesktop" } } }, diff --git a/flake.nix b/flake.nix index fcabbfe..2bf5697 100644 --- a/flake.nix +++ b/flake.nix @@ -8,10 +8,16 @@ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-23.05"; + # nix-index-database.url = "github:nix-community/nix-index-database"; + # nix-index-database.inputs.nixpkgs.follows = "nixpkgs"; + # nur = { + # url = "github:nix-community/NUR"; + # }; + nixpkgs-vesktop.url = "github:pluiedev/nixpkgs/patch-1"; # nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; # home-manager, used for managing user configuration home-manager = { - url = "github:nix-community/home-manager/release-23.05"; + url = "github:nix-community/home-manager/master"; # The `follows` keyword in inputs is used for inheritance. # Here, `inputs.nixpkgs` of home-manager is kept consistent with # the `inputs.nixpkgs` of the current flake, @@ -23,6 +29,8 @@ outputs = inputs@{ nixpkgs, nixpkgs-stable, + # nix-index-database, + # nur, home-manager, ... }: { @@ -36,7 +44,9 @@ secrets = import ./secrets {}; }; modules = [ + # nur.nixosModules.nur ./configuration.nix + # nix-index-database.nixosModules.nix-index ./mounts.nix # make home-manager as a module of nixos @@ -50,6 +60,7 @@ home-manager.extraSpecialArgs = with specialArgs; { inherit pkgs-stable; + inherit secrets; }; } ]; diff --git a/home.nix b/home.nix index 13b4fad..e4d0076 100644 --- a/home.nix +++ b/home.nix @@ -1,4 +1,4 @@ -{ config, pkgs, pkgs-stable, ... }: +{ config, osConfig, secrets, pkgs, pkgs-stable, ... }: { home.username = "lgm"; @@ -8,9 +8,38 @@ # Packages that should be installed to the user profile. home.packages = with pkgs; [ - wineWowPackages.waylandFull + # my scripts + ((import ./scripts/rebuild.nix) {inherit pkgs;}) + wineWowPackages.waylandFull + openconnect + ani-cli + # file editing + onlyoffice-bin + # theming + libsForQt5.qtstyleplugin-kvantum + # osConfig.nur.repos.baduhai.koi + (catppuccin-gtk.override { + variant = "latte"; + accents = [ "yellow" ]; + }) + (catppuccin-kde.override { + flavour = [ "macchiato" "latte" ]; + accents = [ "yellow" ]; + }) + (catppuccin-kvantum.override { + variant = "Latte"; + accent = "Yellow"; + }) + (catppuccin-kvantum.override { + variant = "Macchiato"; + accent = "Yellow"; + }) + + # web firefox + protonvpn-gui + protonvpn-cli # security keepassxc onlykey @@ -40,6 +69,8 @@ # games prismlauncher xonotic + superTux + superTuxKart lutris # dev jetbrains.idea-community @@ -54,6 +85,7 @@ # p7zip # utils + git-crypt appimage-run kate ncdu @@ -63,7 +95,7 @@ ripgrep # recursively searches directories for a regex pattern jq # A lightweight and flexible command-line JSON processor - exa # A modern replacement for ‘ls’ + eza # networking tools dnsutils # `dig` + `nslookup` @@ -75,7 +107,6 @@ # etc vlc qbittorrent - libsForQt5.qtstyleplugin-kvantum # misc cowsay # file @@ -112,6 +143,18 @@ monero-gui ]; + # Email stuff + + programs.thunderbird = { + enable = true; + package = pkgs.thunderbird; + profiles = secrets.email-stuff.thunderbirdProfiles; + }; + + accounts.email.accounts = secrets.email-stuff.emailAccounts; + + # --------- + services.nextcloud-client = { enable = true; }; @@ -132,12 +175,6 @@ }; }; - programs.thunderbird = { - enable = true; - package = pkgs.thunderbird; - profiles.lgmrszd.isDefault = true; - }; - programs.pazi = { enable = true; enableFishIntegration = true; diff --git a/scripts/rebuild.nix b/scripts/rebuild.nix new file mode 100644 index 0000000..9e73195 --- /dev/null +++ b/scripts/rebuild.nix @@ -0,0 +1,58 @@ +{ pkgs }: + +pkgs.writeShellScriptBin "my-rebuild" '' +BOOT=/boot +ATTEMPTS=5 +is_mounted(){ + ${pkgs.util-linux}/bin/findmnt --mountpoint $BOOT + return $? +} + +mount_boot(){ + echo "mounting $BOOT..." + mount $BOOT 2> /dev/null + return $? +} + +umount_boot(){ + echo "umounting $BOOT..." + umount $BOOT + return $? +} + +try_mount(){ + attempt=0 + + while [[ attempt -ne 5 ]] + do + mount_boot + res1=$? + is_mounted + res2=$? + if [[ $res1 -eq 0 && $res2 -eq 0 ]]; then + echo "Mounted $BOOT!" + return 0 + fi + echo "Failed to mount $BOOT, waiting..." + attempt=$(($attempt+1)) + sleep 2 + done + return 1 +} + +if [[ $EUID -ne 0 ]]; then + echo "Must be a superuser!" + exit 1 +fi + +try_mount +if [[ $? -ne 0 ]]; then + echo "Failed to mount $BOOT!" + exit 1 +fi +echo "Rebuilding..." +nixos-rebuild $@ +sleep 2 +echo "Done rebuild!" +umount_boot +'' \ No newline at end of file diff --git a/secrets/default.nix b/secrets/default.nix index 6134f20..597df1a 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -1,4 +1,5 @@ { ... }: { drive-ids = import ./drive-ids.nix; + email-stuff = import ./email-stuff.nix; } \ No newline at end of file