init

2022-05-25 19:27:42 +02:00 · 2022-05-25 19:27:42 +02:00 · a953246971
commit a953246971
17 changed files with 795 additions and 0 deletions
--- a/modules/basic-tools.nix
+++ b/modules/basic-tools.nix
@ -0,0 +1,97 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    bat
+    exa
+    fd
+    file
+    fzf
+    gitFull
+    gnupg
+    htop
+    irssi
+    killall
+    mercurial
+    neovim
+    ripgrep
+    tealdeer
+    tokei
+    traceroute
+    tree
+    liquidprompt
+    (aspellWithDicts (ps: with ps; [ en en-science en-computers ru de ]))
+    exfatprogs
+    nmap
+    bind
+    nnn
+    man-pages
+    neomutt
+    cachix
+  ];
+
+  nix = {
+    package = pkgs.nixUnstable;
+    autoOptimiseStore = true;
+    extraOptions = ''
+      experimental-features = nix-command flakes
+    '';
+  };
+
+
+  programs.tmux = {
+    enable = true;
+    keyMode = "vi";
+    escapeTime = 0;
+    historyLimit = 50000;
+    aggressiveResize = true;
+    terminal = "tmux-256color";
+  };
+
+  # set appropriate environ variables
+  environment.variables = {
+    EDITOR = "nvim";
+    PAGER = "less -F";
+  };
+
+  environment.shellAliases = {
+    vim = "nvim";
+    vi = "nvim";
+    vf = "$EDITOR $(fzf)";
+    vff = "$EDITOR $(ls|fzf)";
+    ls = "exa";
+    ll = "exa -l";
+    l = "exa -al";
+    ssh="TERM=xterm-256color ssh";
+    mutt="neomutt";
+  };
+
+  users.defaultUserShell = pkgs.zsh;
+  programs.zsh = {
+    enable = true;
+    enableCompletion = true;
+    syntaxHighlighting.enable = true;
+    interactiveShellInit = ''
+      bindkey -e
+    '';
+    promptInit = ''
+      source /run/current-system/sw/share/zsh/plugins/liquidprompt/liquidprompt
+if [[ -n "$IN_NIX_SHELL" ]]; then
+	prompt_tag "(nix-shell)"
+fi
+    '';
+  };
+
+  environment.etc.liquidpromptrc = {
+    text = ''
+      LP_ENABLE_SSH_COLORS=1
+      LP_ENABLE_TITLE=1
+      LP_ENABLE_SCREEN_TITLE=1
+    '';
+  };
+  programs.msmtp = {
+    enable = true;
+  };
+  programs.iftop.enable = true;
+  programs.mosh.enable = true;
+}
--- a/modules/binary-caches.nix
+++ b/modules/binary-caches.nix
@ -0,0 +1,36 @@
+{ pkgs, lib, ... }: {
+  nix = {
+    registry.microvm = {
+      from = {
+        type = "indirect";
+        id = "microvm";
+      };
+      to = {
+        type = "github";
+        owner = "astro";
+        repo = "microvm.nix";
+      };
+    };
+    settings = {
+      trusted-users = [
+        "grue"
+        "@wheel"
+      ];
+      substituters = [
+        "https://microvm.cachix.org"
+        "https://nix-serve.hq.c3d2.de"
+        "https://dump-dvb.cachix.org"
+      ];
+      trusted-substituters = [
+        "https://microvm.cachix.org"
+        "https://nix-serve.hq.c3d2.de"
+        "https://dump-dvb.cachix.org"
+      ];
+      trusted-public-keys = [
+        "microvm.cachix.org-1:oXnBc6hRE3eX5rSYdRyMYXnfzcCxC7yKPTbZXALsqys="
+        "nix-serve.hq.c3d2.de:KZRGGnwOYzys6pxgM8jlur36RmkJQ/y8y62e52fj1ps="
+        "dump-dvb.cachix.org-1:+Dq7gqpQG4YlLA2X3xJsG1v3BrlUGGpVtUKWk0dTyUU="
+      ];
+    };
+  };
+}
--- a/modules/chromium.nix
+++ b/modules/chromium.nix
@ -0,0 +1,34 @@
+{config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    # (ungoogled-chromium.override { enableVaapi = true; })
+    chromium
+  ];
+
+  nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland  --force-dark-mode --enable-features=WebUIDarkMode";
+
+  programs.chromium = {
+    enable = true;
+    extensions = [
+      "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" # privacy badger
+      "ekhagklcjbdpajgpjgmbionohlpdbjgc" # zotero connector
+      "nngceckbapebfimnlniiiahkandclblb" # bitwarden
+      "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
+    ];
+    extraOpts = {
+      "BrowserSignin" = 0;
+      "SyncDisabled" = true;
+      "PasswordManagerEnabled" = false;
+      "TranslateEnabled" = false;
+      "AutofillAddressEnabled" = false;
+      "AutofillCreditCardEnabled" = false;
+      "AutoplayAllowed" = false;
+      "DefaultNotificationSetting" = 2;
+      "BackgroundModeEnabled" = false;
+      "DefaultSearchProviderEnabled" = true;
+      "DefaultSearchProviderSearchURL" = "https://duckduckgo.com/?q={searchTerms}";
+      "SearchSuggestEnable" = false;
+    };
+  };
+}
--- a/modules/emacs.nix
+++ b/modules/emacs.nix
@ -0,0 +1,21 @@
+{ lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    # language servers
+    clang-tools
+    clang
+
+    sqlite
+    graphviz
+  ];
+
+  services.emacs = {
+    install = true;
+    enable = false;
+    # pure gtk, native compiled emacs with vterm and pdf-tools
+    package = with pkgs; ((emacsPackagesFor emacs).emacsWithPackages (epkgs: [ epkgs.vterm ]));
+    defaultEditor = false;
+  };
+
+}
--- a/modules/gnupg.nix
+++ b/modules/gnupg.nix
@ -0,0 +1,18 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    gnupg
+    opensc
+
+    yubioath-desktop
+  ];
+
+  # smartcard support
+  services.pcscd.enable = false;
+  hardware.gpgSmartcards.enable = true;
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+}
--- a/modules/graphical.nix
+++ b/modules/graphical.nix
@ -0,0 +1,130 @@
+# General Desktop-related config
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./basic-tools.nix
+    ./gnupg.nix
+  ];
+
+  environment.systemPackages = with pkgs; [
+    firefox-wayland
+    dino
+    alacritty
+    kitty
+    xclip
+    flameshot
+    wl-clipboard
+    brightnessctl
+    pulseaudio-ctl
+    feh
+    mpv
+    zathura
+    pulsemixer
+    screen-message
+    cmus
+    gtk-engine-murrine
+    gtk_engines
+    gsettings-desktop-schemas
+    pamixer
+    qbittorrent
+  ];
+
+  services.acpid.enable = true;
+  programs.light.enable = true;
+
+  #on the desktop, we need nice fonts ^^
+  fonts.fonts = with pkgs; [
+    dejavu_fonts
+    julia-mono
+    uw-ttyp0
+    gohufont
+    monoid
+    spleen
+    terminus_font
+    iosevka
+    creep
+    corefonts
+    dina-font
+    fira
+    fira-code
+    fira-code-symbols
+    fira-mono
+    hack-font
+    liberation_ttf
+    noto-fonts
+    noto-fonts-cjk
+    noto-fonts-emoji
+    noto-fonts-extra
+    proggyfonts
+    symbola
+    open-sans
+    twemoji-color-font
+    twitter-color-emoji
+  ];
+
+  fonts.enableDefaultFonts = true;
+  fonts.fontconfig = {
+    enable = true;
+    allowBitmaps = true;
+    useEmbeddedBitmaps = true;
+    defaultFonts.emoji = [
+      "Twitter Color Emoji"
+      "Noto Color Emoji"
+    ];
+  };
+
+  # Enable sound.
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+  };
+
+  hardware.bluetooth = {
+    enable = true;
+    package = pkgs.bluezFull;
+  };
+
+  services.blueman.enable = true;
+
+  services.xserver.enable = false;
+  programs.xwayland.enable = true;
+  programs.sway = {
+    enable = true;
+    wrapperFeatures.gtk = true;
+    extraPackages = with pkgs; [
+      swaylock
+      swayidle
+      wl-clipboard
+      mako
+      alacritty
+      wofi
+      waybar
+      gnome3.adwaita-icon-theme
+      i3status-rust
+    ];
+  };
+  environment.sessionVariables = { GTK_THEME = "Adwaita:dark"; };
+  environment.loginShellInit = ''
+    if [ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty1" ]; then
+      exec sway
+    fi
+  '';
+  xdg.portal.wlr.enable = true;
+
+  nix = {
+    binaryCaches = [
+      "https://dump-dvb.cachix.org"
+    ];
+    binaryCachePublicKeys = [
+      "dump-dvb.cachix.org-1:+Dq7gqpQG4YlLA2X3xJsG1v3BrlUGGpVtUKWk0dTyUU="
+    ];
+  };
+  programs.zsh.vteIntegration = true;
+  programs.bash.vteIntegration = true;
+  services.upower.enable = true;
+
+}
--- a/modules/hw-accel-intel.nix
+++ b/modules/hw-accel-intel.nix
@ -0,0 +1,21 @@
+# overrides to enable [sometimes] wonky intel acceleration
+{ config, pkgs, ... }:
+
+{
+  nixpkgs.config.packageOverrides = pkgs: {
+    vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
+  };
+
+  hardware.opengl = {
+    enable = true;
+    extraPackages = with pkgs; [
+      vaapiVdpau
+      vaapiIntel
+      libvdpau-va-gl
+      intel-media-driver
+    ];
+  };
+
+  boot.initrd.kernelModules = [ "i915" ];
+
+}
--- a/modules/kernel-latest.nix
+++ b/modules/kernel-latest.nix
@ -0,0 +1,5 @@
+{ config, pkgs, ... }:
+
+{
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+}
--- a/modules/radio.nix
+++ b/modules/radio.nix
@ -0,0 +1,19 @@
+{ lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    gnuradio
+    gqrx
+    cubicsdr
+
+    libusb
+    rtl-sdr
+    hackrf
+    soapyhackrf
+  ];
+
+  hardware = {
+    rtl-sdr.enable = true;
+    hackrf.enable = true;
+  };
+}
--- a/modules/science.nix
+++ b/modules/science.nix
@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    # (rWrapper.override{ packages = with rPackages; [
+    #                       ggplot2
+    #                       swirl
+    #                       languageserver
+    #                       dplyr
+    #                       data_table
+    #                     ]; })
+    #(rstudioWrapper.override{ packages = with rPackages; [ ggplot2 ]; })
+    texlive.combined.scheme-full
+    gnuplot
+    graphicsmagick
+    zotero
+    python3Full
+  ];
+}
--- a/modules/tlp.nix
+++ b/modules/tlp.nix
@ -0,0 +1,10 @@
+{ config, pkgs, ... }:
+
+{
+  powerManagement.cpuFreqGovernor = null;
+  services.power-profiles-daemon.enable = false;
+  services.tlp.enable = true;
+  services.tlp.extraConfig = ''
+USB_BLACKLIST="1d50:604b 1d50:6089 1d50:cc15 1fc9:000c"
+'';
+}
--- a/modules/virtualization.nix
+++ b/modules/virtualization.nix
@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    virtmanager
+  ];
+
+  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+
+  # virtualization
+  boot.kernelModules = [ "kvm-intel" ];
+  virtualisation = {
+    libvirtd = {
+      enable = true;
+      qemu.runAsRoot = false;
+      qemu.package = pkgs.qemu_full;
+    };
+    podman = {
+      enable = true;
+      dockerCompat = true;
+    };
+  };
+}
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@ -0,0 +1,43 @@
+{ config, ... }:
+
+{
+  networking.wg-quick.interfaces = {
+    wg-zw = {
+      privateKeyFile="/root/zw-wg-key";
+      address = ["172.20.76.226" ];
+      dns = [ "172.20.73.8" ];
+      peers = [
+        {
+          publicKey = "PG2VD0EB+Oi+U5/uVMUdO5MFzn59fAck6hz8GUyLMRo=";
+          endpoint = "81.201.149.152:1337";
+          allowedIPs = [ "172.20.72.0/21" "172.22.99.0/24" ];
+        }
+      ];
+    };
+    wg-dvb = {
+      privateKeyFile = "/root/wg-dvb";
+      address = [ "10.13.37.3/32" ];
+
+      peers = [
+        {
+          publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";
+          allowedIPs = [ "10.13.37.0/24" ];
+          endpoint = "academicstrokes.com:51820";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+
+    mlwd-nl = {
+      privateKeyFile = "/root/mlvd";
+      address = [ "10.65.79.164/32" "fc00:bbbb:bbbb:bb01::2:4fa3/128" ];
+      dns = [ "193.138.218.74" ];
+
+      peers = [ {
+        publicKey = "StMPmol1+QQQQCJyAkm7t+l/QYTKe5CzXUhw0I6VX14=";
+        allowedIPs = [ "0.0.0.0/0" "::0/0" ];
+        endpoint = "92.60.40.194:51820";
+      }];
+    };
+  };
+}