From 295f8257e309714b08ebf0ea2b8e46e0972a02fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Tue, 11 Feb 2025 21:04:02 +0100 Subject: [PATCH] kibbeh: configure --- .github/workflows/niveum.yml | 2 +- configs/admin-essentials.nix | 16 +++ configs/bluetooth.nix | 6 -- configs/default.nix | 21 +--- configs/zsh.nix | 11 +-- flake.nix | 1 + secrets | 2 +- systems/kabsa/configuration.nix | 2 - systems/kibbeh/configuration.nix | 165 +++++++++++++------------------ 9 files changed, 96 insertions(+), 130 deletions(-) diff --git a/.github/workflows/niveum.yml b/.github/workflows/niveum.yml index 58d4ae4..d9894cf 100644 --- a/.github/workflows/niveum.yml +++ b/.github/workflows/niveum.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - system: [makanek,manakish,kabsa,zaatar,ful,fatteh] + system: [makanek,manakish,kabsa,zaatar,ful,fatteh,kibbeh] steps: - uses: actions/checkout@v3 - name: Install QEMU (ARM) diff --git a/configs/admin-essentials.nix b/configs/admin-essentials.nix index 0c97c1e..785f33d 100644 --- a/configs/admin-essentials.nix +++ b/configs/admin-essentials.nix @@ -52,6 +52,22 @@ in { pkgs.psmisc # for killall, pstree ]; + + security.wrappers = { + pmount = { + setuid = true; + owner = "root"; + group = "root"; + source = "${pkgs.pmount}/bin/pmount"; + }; + pumount = { + setuid = true; + owner = "root"; + group = "root"; + source = "${pkgs.pmount}/bin/pumount"; + }; + }; + environment.shellAliases = let take = pkgs.writers.writeDash "take" '' mkdir "$1" && cd "$1" diff --git a/configs/bluetooth.nix b/configs/bluetooth.nix index f9b50a1..8d2a18f 100644 --- a/configs/bluetooth.nix +++ b/configs/bluetooth.nix @@ -7,10 +7,4 @@ }; environment.systemPackages = [ pkgs.bluetuith ]; - - # services.blueman.enable = true; - - # environment.systemPackages = [pkgs.blueman]; - - # home-manager.users.me = {services.blueman-applet.enable = true;}; } diff --git a/configs/default.nix b/configs/default.nix index 4f7e3a0..1d9b90b 100644 --- a/configs/default.nix +++ b/configs/default.nix @@ -126,22 +126,6 @@ in { }; }; } - { - security.wrappers = { - pmount = { - setuid = true; - owner = "root"; - group = "root"; - source = "${pkgs.pmount}/bin/pmount"; - }; - pumount = { - setuid = true; - owner = "root"; - group = "root"; - source = "${pkgs.pmount}/bin/pumount"; - }; - }; - } {programs.command-not-found.enable = true;} { programs.gnupg = { @@ -255,6 +239,11 @@ in { ./watson.nix ./wallpaper.nix ./zsh.nix + { + home-manager.users.me.home.file.".zshrc".text = '' + # nothing to see here + ''; + } ./tor.nix ./stw-berlin.nix ./mastodon-bot.nix diff --git a/configs/zsh.nix b/configs/zsh.nix index 8ec7c00..12f9054 100644 --- a/configs/zsh.nix +++ b/configs/zsh.nix @@ -2,11 +2,10 @@ config, pkgs, ... -}: { - home-manager.users.me.home.file.".zshrc".text = '' - # nothing to see here - ''; - +}: let + promptColours.success = "cyan"; + promptColours.failure = "red"; +in { environment.systemPackages = [pkgs.atuin]; environment.variables.ATUIN_CONFIG_DIR = toString (pkgs.writeTextDir "/config.toml" '' auto_sync = true @@ -58,7 +57,7 @@ fpath=(${zsh-completions}/src $fpath) ''; - promptInit = with config.niveum; '' + promptInit = '' autoload -Uz vcs_info zstyle ':vcs_info:*' enable git zstyle ':vcs_info:*' check-for-changes true diff --git a/flake.nix b/flake.nix index b396dff..af19960 100644 --- a/flake.nix +++ b/flake.nix @@ -111,6 +111,7 @@ tabula = "root@tabula"; kabsa = "root@kabsa"; fatteh = "root@fatteh"; + kibbeh = "root@kibbeh"; }; in lib.attrsets.nameValuePair "deploy-${hostname}" { diff --git a/secrets b/secrets index b056302..04f66a7 160000 --- a/secrets +++ b/secrets @@ -1 +1 @@ -Subproject commit b056302b007e62c8cb8611ba0195b3cfea358f46 +Subproject commit 04f66a729699db308ff7c5291d4915a42e0c3fff diff --git a/systems/kabsa/configuration.nix b/systems/kabsa/configuration.nix index 7a899e9..3440878 100644 --- a/systems/kabsa/configuration.nix +++ b/systems/kabsa/configuration.nix @@ -20,8 +20,6 @@ in { promptColours.success = "cyan"; }; - stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/dracula.yaml"; - nix.settings = { cores = 1; max-jobs = 2; diff --git a/systems/kibbeh/configuration.nix b/systems/kibbeh/configuration.nix index ca10526..33ba998 100644 --- a/systems/kibbeh/configuration.nix +++ b/systems/kibbeh/configuration.nix @@ -1,36 +1,53 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: +{ config, pkgs, niveumPackages, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; + imports = [ + ./hardware-configuration.nix + ../../configs/spacetime.nix + ../../configs/admin-essentials.nix + ../../configs/keyboard.nix + ../../configs/sound.nix + ../../configs/printing.nix + ../../configs/nix.nix + ../../configs/flix.nix + ../../configs/fonts.nix + ../../configs/retiolum.nix + ../../configs/sshd.nix + ../../configs/sudo.nix + ../../configs/zsh.nix + ../../configs/tor.nix + ]; + + age.secrets = { + retiolum-rsa = { + file = ../../secrets/kibbeh-retiolum-privateKey-rsa.age; + mode = "400"; + owner = "tinc-retiolum"; + group = "tinc-retiolum"; + }; + retiolum-ed25519 = { + file = ../../secrets/kibbeh-retiolum-privateKey-ed25519.age; + mode = "400"; + owner = "tinc-retiolum"; + group = "tinc-retiolum"; + }; + }; + + services.gnome.gnome-keyring.enable = true; + security.pam.services.lightdm.enableGnomeKeyring = true; - # Bootloader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - boot.initrd.luks.devices."luks-b3988d35-72a9-4e7c-992d-f500bb388554".device = "/dev/disk/by-uuid/b3988d35-72a9-4e7c-992d-f500bb388554"; - networking.hostName = "nixos"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + services.openssh.enable = true; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + boot.initrd.luks.devices."luks-b3988d35-72a9-4e7c-992d-f500bb388554".device = + "/dev/disk/by-uuid/b3988d35-72a9-4e7c-992d-f500bb388554"; - # Enable networking + networking.hostName = "kibbeh"; networking.networkmanager.enable = true; - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - i18n.extraLocaleSettings = { LC_ADDRESS = "de_DE.UTF-8"; LC_IDENTIFICATION = "de_DE.UTF-8"; @@ -43,95 +60,47 @@ LC_TIME = "de_DE.UTF-8"; }; - # Enable the X11 windowing system. services.xserver.enable = true; - - # Enable the Pantheon Desktop Environment. services.xserver.displayManager.lightdm.enable = true; services.xserver.desktopManager.pantheon.enable = true; + # services.displayManager.autoLogin.enable = true; + # services.displayManager.autoLogin.user = config.users.users.me.name; - # Configure keymap in X11 - services.xserver = { - layout = "de"; - xkbVariant = "T3"; + age.secrets = { + di-fm-key.file = ../../secrets/di-fm-key.age; }; - # Configure console keymap - console.keyMap = "de"; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - sound.enable = true; - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.kfm = { + users.users.me = { + name = "kfm"; isNormalUser = true; - description = "Kierán Meinhardt"; - extraGroups = [ "networkmanager" "wheel" ]; + description = "किरण"; + extraGroups = [ "networkmanager" ]; + password = "hackme"; packages = with pkgs; [ + # packages TODO firefox - # thunderbird + thunderbird + alacritty + tor-browser-bundle-bin + zathura + okular + anki-bin + libreoffice + xournalpp + jellyfin-media-player + niveumPackages.mpv-tv + (niveumPackages.mpv-radio.override { di-fm-key-file = config.age.secrets.di-fm-key.path; }) + niveumPackages.meteo + spotify ]; }; - # Enable automatic login for the user. - services.xserver.displayManager.autoLogin.enable = true; - services.xserver.displayManager.autoLogin.user = "kfm"; - - # Allow unfree packages - nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget + htop + git + vim + (niveumPackages.vim.override { colorscheme = "base16-gruvbox-dark-medium"; }) ]; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? - + system.stateVersion = "23.11"; }