From 06b48475d8837712ca2913faa43d2a05294cfbc8 Mon Sep 17 00:00:00 2001 From: atagen Date: Fri, 30 Dec 2022 13:49:11 +1100 Subject: [PATCH] this is where we're at now --- flake.nix | 41 +++++++++++++ flakes | 1 + home/home.nix | 92 ++++++++++++++++++++++------- home/homepkgs/simplewaita-gtk.nix | 30 ++++++++++ system/configuration.nix | 97 ++++++++++++++++++++++++++----- system/quiver.nix | 29 ++++++++- system/syspkgs/headscale-ui.nix | 23 ++++++++ 7 files changed, 272 insertions(+), 41 deletions(-) create mode 100644 flake.nix create mode 160000 flakes create mode 100644 home/homepkgs/simplewaita-gtk.nix create mode 100644 system/syspkgs/headscale-ui.nix diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..4ce808c --- /dev/null +++ b/flake.nix @@ -0,0 +1,41 @@ +{ + description = "the fabled ryzen build"; + inputs = { + nixpkgs.url = "nixpkgs/nixos-unstable"; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { nixpkgs, home-manager, ... }@inputs: + let + inherit (nixpkgs) lib; + util = import ./lib { + inherit system pkgs home-manager lib; overlays = (pkgs.overlays); + }; + inherit (util) user; + inherit (util) host; + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; + overlays = [ ]; + }; + + system = "x86_64-linux"; + in + { + homeManagerConfigurations = { + bolt = user.mkHMUser { + + }; + }; + + nixosConfigurations = { + quiver = host.mkHost { + + }; + }; + + }; +} diff --git a/flakes b/flakes new file mode 160000 index 0000000..342a9df --- /dev/null +++ b/flakes @@ -0,0 +1 @@ +Subproject commit 342a9df73f90eb784d70bb7b096cff0e9699d14f diff --git a/home/home.nix b/home/home.nix index 551f90d..74f070f 100755 --- a/home/home.nix +++ b/home/home.nix @@ -19,8 +19,6 @@ home.packages = with pkgs; [ - rustup - kitty thunderbird @@ -29,18 +27,23 @@ btop bat - broot + joshuto ripgrep fd lazygit + fzf latte-dock kdeconnect keepassxc + + direnv mpv + vscodium + syncthing zoxide @@ -58,15 +61,21 @@ (callPackage ./homepkgs/git-credential-keepassxc.nix { }) (callPackage ./homepkgs/culr.nix { }) - # (libsForQt5.callPackage ./homepkgs/bismuth.nix { }) ]; + programs.direnv = { + enable = true; + nix-direnv = { + enable = true; + }; + }; + gtk = { enable = true; theme = { - #package = pkgs.arc-theme; - name = "Simplewaita"; + package = (pkgs.callPackage ./homepkgs/simplewaita-gtk.nix {}); + name = "simplewaita"; }; }; @@ -79,7 +88,7 @@ }; enable = true; extensions = with pkgs.nur.repos.rycee.firefox-addons; [ - vimium + vimium-c darkreader localcdn ublock-origin @@ -89,7 +98,6 @@ keepassxc-browser user-agent-string-switcher # happy-bonobo-disable-webrtc - # arc-dark-theme-we ]; profiles.default = { id = 0; @@ -100,11 +108,6 @@ }; }; - programs.broot = { - enable = true; - modal = true; - }; - services.syncthing = { enable = true; }; @@ -159,6 +162,26 @@ enableZshIntegration = true; }; + programs.fzf = { + enable = true; + enableZshIntegration = true; + colors = { + fg = "#d3dae3"; + "fg+" = "#d3dae3"; + bg = "#060604"; + "bg+" = "#060604"; + preview-fg = "#fdbc4b"; + preview-bg = "#1e2233"; + hl = "#da4453"; + "hl+" = "#ed244e"; + info = "#fdbc4b"; + border = "#656a73"; + prompt = "#c50ed2"; + pointer = "#27ae60"; + header = "#da4453"; + }; + }; + programs.zsh = { enable = true; enableAutosuggestions = true; @@ -185,6 +208,10 @@ ps_culr() ps ww$@ | culr } +alias ...=\"cd ../..\" +alias ....=\"cd ../../..\" +alias .....=\"cd ../../../..\" + alias fresh=\"clear; echo; ~/.nix/header.sh\" alias icat=\"kitty +kitten icat\" alias chmox=\"chmod +x\" @@ -197,6 +224,8 @@ alias gl=\"git pull\" alias gp=\"git push\" alias gd=\"git diff\" alias gcam=\"git commit -am\" +alias gcm=\"git commit -m\" +alias gr=\"git restore\" alias gm=\"git merge\" alias l=\"ls_culr\" alias la=\"la_culr\" @@ -216,16 +245,26 @@ fresh src = pkgs.zsh-vi-mode; file = "share/zsh-vi-mode/zsh-vi-mode.zsh"; } + { + name = "zsh-autopair"; + src = pkgs.zsh-autopair; + file = "share/zsh-autopair/zsh-autopair.zsh"; + } { name = "zsh-completions"; src = pkgs.zsh-completions; file = "share/zsh-completions/zsh-completions.zsh"; } { - name = "zsh-autopair"; - src = pkgs.zsh-autopair; - file = "share/zsh-autopair/zsh-autopair.zsh"; + name = "zsh-command-time"; + src = pkgs.zsh-command-time; + file = "share/zsh-completions/zsh-command-time.zsh"; } + # { + # name = "zsh-you-should-use"; + # src = pkgs.zsh-you-should-use; + # # file = "share/zsh-completions/zsh-you-should-use.zsh"; + # } { name = "zsh-autocomplete"; src = pkgs.zsh-autocomplete; @@ -236,21 +275,26 @@ fresh src = pkgs.zsh-fast-syntax-highlighting; file = "share/zsh-fast-syntax-highlighting/zsh-fast-syntax-highlighting.zsh"; } - { - name = "zsh-history-search-multi-word"; - src = pkgs.zsh-history-search-multi-word; - file = "share/zsh-history-search-multi-word/zsh-history-search-multi-word.zsh"; - } { name = "zsh-nix-shell"; src = pkgs.zsh-nix-shell; file = "share/zsh-nix-shell/zsh-nix-shell.zsh"; } + { + name = "any-nix-shell"; + src = pkgs.any-nix-shell; + file = "share/any-nix-shell/any-nix-shell.zsh"; + } { name = "nix-zsh-completions"; src = pkgs.nix-zsh-completions; file = "share/nix-zsh-completions/nix-zsh-completions.zsh"; } + # { + # name = "zsh-fzf-tab"; + # src = pkgs.zsh-fzf-tab; + # # file = "share/zsh-fzf-tab/zsh-fzf-tab.zsh"; + # } ]; }; @@ -296,8 +340,12 @@ fresh programs.helix.settings = { theme = "bogster"; }; + + home.sessionVariables = { + GTK_THEME = "simplewaita"; + }; - home.stateVersion ="22.11"; + home.stateVersion = "22.11"; programs.home-manager.enable = true; } diff --git a/home/homepkgs/simplewaita-gtk.nix b/home/homepkgs/simplewaita-gtk.nix new file mode 100644 index 0000000..313d89e --- /dev/null +++ b/home/homepkgs/simplewaita-gtk.nix @@ -0,0 +1,30 @@ +{ stdenvNoCC, lib, fetchFromGitea, }: + +stdenvNoCC.mkDerivation rec { + pname = "Simplewaita"; + version = "0.1.0"; + + src = fetchFromGitea { + domain = "git.disroot.org"; + owner = "eudaimon"; + repo = pname; + rev = "16c5f75fd3e03671c3998dcb9a67e3ff6da5a538"; + hash = "sha256-VvPQGsdikfIi3VG5Mh8FcioTVwXaxKxaSf2X+yWJckA="; + }; + + dontPatch = true; + dontConfigure = true; + installPhase = '' + mkdir $out + cp -r ./ $out + ''; + dontBuild = true; + dontFixup = true; + + meta = with lib; { + description = "A mix of Skewaita and Simple. Or, more precisely: Skewaita Simple-ified."; + homepage = "https://git.disroot.org/eudaimon/Simplewaita"; + license = licenses.gpl1Only; + platforms = platforms.linux; + }; +} diff --git a/system/configuration.nix b/system/configuration.nix index e543120..c5c5369 100755 --- a/system/configuration.nix +++ b/system/configuration.nix @@ -9,7 +9,6 @@ #./wollomi.nix # ./adrift.nix ./quiver.nix - ./docker.nix # home manager should exist for users @@ -26,7 +25,9 @@ nix.extraOptions = '' experimental-features = nix-command flakes - ''; + keep-outputs = true + keep-derivations = true + ''; environment.pathsToLink = [ "/share/zsh" ]; boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.configurationLimit = 2; @@ -34,6 +35,9 @@ boot.loader.timeout = 3; boot.kernelPackages = pkgs.linuxPackages_xanmod_latest; + + boot.tmpOnTmpfs = true; + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. @@ -62,10 +66,28 @@ services.xserver.libinput.enable = true; # kde time services.xserver.desktopManager.plasma5.enable = true; - services.xserver.displayManager.sddm.enable = true; + services.xserver.displayManager.sddm = { + enable = true; + theme = "${(pkgs.fetchFromGitHub { + owner = "EricKotato"; + repo = "sddm-slice"; + rev = "763b8f4e01c00c1f8590fc7a103e14f6e8449443"; + sha256 = "sha256-UW53ZdKb3RSrrcZ9GxZsJyjzS/uKR8lkaLLyi+2o27U="; + })}"; + autoNumlock = true; + settings = { + General = { + InputMethod = ""; + }; + }; + }; services.xserver.desktopManager.plasma5.runUsingSystemd = true; - # programs.xwayland.enable = true; programs.dconf.enable = true; + + services.resolved = { + enable = true; + fallbackDns = [ "103.1.206.179" "168.138.8.38" "168.138.12.137" ]; + }; # Enable sound. @@ -79,21 +101,25 @@ }; # gtk compatibility - # qt5.enable = true; - # qt5.platformTheme = "gtk2"; - # qt5.style = "gtk2"; + qt5.enable = true; + qt5.platformTheme = "kde"; + #qt5.style = "gtk2"; programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; services.tailscale.enable = true; + services.mullvad-vpn.enable = true; + environment.systemPackages = with pkgs; [ rnix-lsp tailscale - + mullvad + mullvad-vpn + cachix helix @@ -106,17 +132,56 @@ zsh - libsForQt5.sddm-kcm - - ]; - - networking.firewall = { - # allowedUDPPorts = [ 41641 ]; - trustedInterfaces = [ "tailscale0" ]; - checkReversePath = "loose"; + networking.nftables = { + enable = true; + ruleset = '' + + table inet mullvad-ts { + chain exclude-outgoing { + type route hook output priority 0; policy accept; + ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; + ip daddr 100.100.100.100 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; + } + + chain allow-incoming { + type filter hook input priority -10; policy accept; + iif "tailscale0" ct mark set 0x00000f41 meta mark set 0x6d6f6c65; + } + + chain exclude-dns { + type filter hook output priority -10; policy accept; + ip daddr 100.100.100.100 udp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; + ip daddr 100.100.100.100 tcp dport 53 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; + } + } + + table inet filter { + chain input { + type filter hook input priority 0; policy drop; + ct state invalid counter drop comment "early drop of invalid packets" + ct state {established, related} counter accept comment "accept all connections related to connections made by us" + iifname "tailscale0" accept comment "allow all tailscale packets" + iif lo accept comment "accept loopback" + ip protocol icmp counter accept comment "accept all ICMP types" + ip6 nexthdr icmpv6 counter accept comment "accept all ICMP types" + tcp dport 22 counter accept comment "accept SSH" + counter comment "count dropped packets" + } + + chain forward { + type filter hook forward priority 0; policy drop; + } + + } + ''; }; + networking.firewall.enable = false; + # networking.firewall = { + # trustedInterfaces = [ "tailscale0" ]; + # checkReversePath = "loose"; + # }; system.stateVersion = "22.05"; # Did you read the comment? diff --git a/system/quiver.nix b/system/quiver.nix index 496a689..098d78f 100755 --- a/system/quiver.nix +++ b/system/quiver.nix @@ -16,6 +16,8 @@ boot.supportedFilesystems = [ "ntfs" ]; + security.tpm2.enable = true; + networking.useDHCP = lib.mkDefault true; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; @@ -29,11 +31,28 @@ }; services.xserver.videoDrivers = [ "nvidia" ]; - hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.beta; + hardware.nvidia.modesetting.enable = true; + hardware.nvidia.powerManagement.enable = true; + programs.xwayland.enable = true; + + systemd.services.noRgb = { + wantedBy = [ "multi-user.target" ]; + description = "rgb led turn-off-er"; + serviceConfig = { + Type = "oneshot"; + ExecStart = ''${pkgs.openrgb}/bin/openrgb -c 000000''; + }; + }; + hardware.ckb-next.enable = true; environment.systemPackages = with pkgs; [ + xdg-desktop-portal-kde ckb-next openrgb + wl-clipboard + wl-clipboard-x11 + xclip ]; networking.hostName = "quiver"; # Define your hostname. @@ -63,11 +82,15 @@ options = [ "rw" "uid=1001" "gid=100" ]; }; - swapDevices = [ ]; + swapDevices = [ { + device = "/home/swapfile"; + size = 4096; + } + ]; networking.firewall = { allowedUDPPorts = [ 1900 ]; - allowedTCPPorts = [ 8200 ]; + allowedTCPPorts = [ 8200 2234 ]; }; } diff --git a/system/syspkgs/headscale-ui.nix b/system/syspkgs/headscale-ui.nix new file mode 100644 index 0000000..d1d9891 --- /dev/null +++ b/system/syspkgs/headscale-ui.nix @@ -0,0 +1,23 @@ +{ lib, stdenv, fetchurl, unzip }: + +stdenv.mkDerivation rec { + pname = "headscale-ui"; + version = "2022.12.23.2-beta"; + + src = fetchurl { + url = "https://github.com/gurucomputing/headscale-ui/releases/download/${version}/headscale-ui.zip"; + sha256 = "sha256-QF10la68Rl2t0K53CH63Qiq54ynkySQACdELorZF/cY="; + }; + + nativeBuildInputs = [ unzip ]; + + unpackCmd = "unzip headscale-ui.zip"; + + dontConfigure = true; + dontBuild = true; + installPhase = '' + mkdir $out/ + cp -R . $out + ''; + +} \ No newline at end of file