about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--flake.lock48
-rw-r--r--flake.nix28
-rw-r--r--home.nix54
-rwxr-xr-xmachines/base.nix6
-rw-r--r--machines/srv3/configuration.nix37
-rw-r--r--machines/x220-gnome/configuration.nix74
-rw-r--r--machines/x220-gnome/gnome.nix68
-rw-r--r--machines/x220-gnome/hardware-configuration.nix51
-rw-r--r--machines/x220-gnome/pass.nix18
-rw-r--r--machines/x220-gnome/pn.nix18
10 files changed, 337 insertions, 65 deletions
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..92d7bc9
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,48 @@
+{
+  "nodes": {
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1723399884,
+        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1719426051,
+        "narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "home-manager": "home-manager",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..6f92c24
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,28 @@
+{
+	description = "Nixos config flake";
+
+	inputs = {
+		nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+
+		home-manager = {
+			url = "github:nix-community/home-manager";
+			inputs.nixpkgs.follows = "nixpkgs";
+		};
+	};
+
+	outputs = { self, nixpkgs, ... }@inputs: {
+		nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
+			specialArgs = {inherit inputs;};
+			modules = [
+				./machines/x220-gnome/configuration.nix
+					inputs.home-manager.nixosModules.default
+					{
+						home-manager.useGlobalPkgs = true;
+						home-manager.useUserPackages = true;
+						home-manager.users.pn = import ./home.nix;
+					}
+
+			];
+		};
+	};
+}
diff --git a/home.nix b/home.nix
index 8dc1a36..1ab3a6b 100644
--- a/home.nix
+++ b/home.nix
@@ -17,12 +17,12 @@ let
     ];
 in
 {
-  dconf.enable = false;
+  #dconf.enable = false;
 
-  programs.obs-studio = {
-    enable = true;
-    plugins = with pkgs; [ obs-wlrobs obs-v4l2sink ];
-  };
+  #programs.obs-studio = {
+    #enable = true;
+    #plugins = with pkgs; [ obs-wlrobs obs-v4l2sink ];
+  #};
 
   # Home Manager needs a bit of information about you and the
   # paths it should manage.
@@ -32,39 +32,39 @@ in
   imports = [
     # Platform specific config
     # ./programs/zsh
-    ./programs/newsboat
+    #./programs/newsboat
     ./programs/git.nix
-    ./programs/mpv.nix
-    ./programs/sent
+    #./programs/mpv.nix
+    #./programs/sent
     # ./programs/qutebrowser.nix
   ] ++ platformSetup;
 
   home.packages = with pkgs; [
     # wywozik
     # Basic
-    slop
-    xlibs.xdpyinfo
-    amfora
-    translate-shell
-    nix-index
-    fzf
+    #slop
+    #xlibs.xdpyinfo
+    #amfora
+    #translate-shell
+    #nix-index
+    #fzf
 
     # Handy tools
-    skanlite
-    imagemagick
+    #skanlite
+    #imagemagick
 
 
     # Misc
-    weechat
-    todoist
-    browserpass
-    #minecraft
-    spotify-tui
-    spotifyd
-    # gimp
-    pandoc
-    texlive.combined.scheme-medium
-    zathura
+    #weechat
+    #todoist
+    #browserpass
+    ##minecraft
+    #spotify-tui
+    #spotifyd
+    ## gimp
+    #pandoc
+    #texlive.combined.scheme-medium
+    #zathura
   ];
 
   # This value determines the Home Manager release that your
@@ -75,5 +75,5 @@ in
   # You can update Home Manager without changing this value. See
   # the Home Manager release notes for a list of state version
   # changes in each release.
-  home.stateVersion = "20.09";
+  home.stateVersion = "24.05";
 }
diff --git a/machines/base.nix b/machines/base.nix
index 035ee59..f89738c 100755
--- a/machines/base.nix
+++ b/machines/base.nix
@@ -4,10 +4,10 @@
 {
 
   imports = [
-    ../modules/nur.nix
-    ../users/pn.nix
+     ../modules/nur.nix
+  #  ../users/pn.nix
     ../modules/doas.nix
-    ../modules/internet.nix
+  #  ../modules/internet.nix
   ];
 
   boot.cleanTmpDir = true;
diff --git a/machines/srv3/configuration.nix b/machines/srv3/configuration.nix
index 09ae394..73c20db 100644
--- a/machines/srv3/configuration.nix
+++ b/machines/srv3/configuration.nix
@@ -77,7 +77,7 @@ in
   services.sshguard = {
     enable = true;
     whitelist = [
-      "192.168.0.0/18"
+      "192.168.1.0/24"
     ];
   };
 
@@ -120,16 +120,6 @@ in
       forceSSL = true;
       root = "${www}/pics.niedzwiedzinski.cyou";
     };
-    "rss.srv3.niedzwiedzinski.cyou" = {
-      enableACME = true;
-      forceSSL = true;
-      extraConfig = ''
-        modsecurity_rules '
-          SecRuleEngine On
-          SecRule ARGS:u "@rx life[-_]*hack(s)?" "id:1234,deny,status:403"
-        ';
-      '';
-    };
     "tmp.niedzwiedzinski.cyou" = {
       enableACME = true;
       addSSL = true;
@@ -167,32 +157,9 @@ in
   security.acme.defaults.email = "pniedzwiedzinski19@gmail.com";
   security.acme.acceptTerms = true;
 
-  networking.firewall.allowedTCPPorts = [ 53 80 443 config.services.molly-brown.settings.Port ];
+  networking.firewall.allowedTCPPorts = [ 53 80 443 ];
   networking.firewall.allowedUDPPorts = [ 53 ];
 
-  services.molly-brown = {
-    hostName = "niedzwiedzinski.cyou";
-    enable = true;
-    certPath = "/var/lib/acme/niedzwiedzinski.cyou/cert.pem";
-    keyPath = "/var/lib/acme/niedzwiedzinski.cyou/key.pem";
-    docBase = "${www}/niedzwiedzinski.cyou";
-  };
-
-  systemd = {
-    services.molly-brown.serviceConfig.SupplementaryGroups = [ config.security.acme.certs."niedzwiedzinski.cyou".group ];
-  };
-
-  services.rss-bridge = {
-    enable = true;
-    virtualHost = "rss.srv3.niedzwiedzinski.cyou";
-    whitelist = [
-      "Instagram"
-      "Soundcloud"
-      "Facebook"
-    ];
-  };
-
-
   virtualisation.docker.enable = true;
 
   users = {
diff --git a/machines/x220-gnome/configuration.nix b/machines/x220-gnome/configuration.nix
new file mode 100644
index 0000000..ea23c3e
--- /dev/null
+++ b/machines/x220-gnome/configuration.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, ... }:
+
+{
+	imports =
+		[ # Include the results of the hardware scan.
+		../base.nix
+		./gnome.nix
+		./pass.nix
+		./hardware-configuration.nix
+		./pn.nix
+		];
+
+# Enable networking
+	networking.networkmanager.enable = true;
+
+# Set your time zone.
+	time.timeZone = "Europe/Warsaw";
+
+# Select internationalisation properties.
+	i18n.defaultLocale = "en_US.UTF-8";
+
+	i18n.extraLocaleSettings = {
+		LC_ALL = "en_US.UTF-8";
+		LC_ADDRESS = "en_US.UTF-8";
+		LC_IDENTIFICATION = "en_US.UTF-8";
+		LC_MEASUREMENT = "en_US.UTF-8";
+		LC_MONETARY = "en_US.UTF-8";
+		LC_NAME = "en_US.UTF-8";
+		LC_NUMERIC = "en_US.UTF-8";
+		LC_PAPER = "en_US.UTF-8";
+		LC_TELEPHONE = "en_US.UTF-8";
+		LC_TIME = "en_US.UTF-8";
+	};
+
+	programs.vim.defaultEditor = true;
+	programs.nano.enable = false;
+	programs.git.enable = true;
+
+# Allow unfree packages
+	nixpkgs.config.allowUnfree = true;
+	nix.settings.experimental-features = [ "flakes" "nix-command" ];
+
+# List packages installed in system profile. To search, run:
+# $ nix search wget
+	environment.systemPackages = with pkgs; [
+#  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+#  wget
+	];
+
+# Some programs need SUID wrappers, can be configured further or are
+# started in user sessions.
+# programs.mtr.enable = true;
+# programs.gnupg.agent = {
+#   enable = true;
+#   enableSSHSupport = true;
+# };
+
+
+# Open ports in the firewall.
+# networking.firewall.allowedTCPPorts = [ ... ];
+# networking.firewall.allowedUDPPorts = [ ... ];
+# Or disable the firewall altogether.
+# networking.firewall.enable = false;
+
+
+# This value determines the NixOS release from which the default
+# settings for stateful data, like file locations and database versions
+# on your system were taken. It‘s perfectly fine and recommended to leave
+# this value at the release version of the first install of this system.
+# Before changing this value read the documentation for this option
+# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+	system.stateVersion = "24.05"; # Did you read the comment?
+
+}
diff --git a/machines/x220-gnome/gnome.nix b/machines/x220-gnome/gnome.nix
new file mode 100644
index 0000000..e0d5f7c
--- /dev/null
+++ b/machines/x220-gnome/gnome.nix
@@ -0,0 +1,68 @@
+{ pkgs, ... }:
+{
+# Enable the X11 windowing system.
+	services.xserver.enable = true;
+
+# Enable the GNOME Desktop Environment.
+	services.xserver.displayManager.gdm.enable = true;
+	services.xserver.desktopManager.gnome.enable = true;
+	services.xserver.desktopManager.xterm.enable = false;
+	services.xserver.excludePackages = [ pkgs.xterm ];
+
+	environment.gnome.excludePackages = with pkgs.gnome; [
+		pkgs.epiphany
+		baobab totem yelp file-roller seahorse gnome-clocks pkgs.gnome-connections
+			pkgs.gnome-tour
+	];
+
+	services.xserver.desktopManager.gnome.extraGSettingsOverrides = ''
+		[org.gnome.shell]
+		favorite-apps = [ "brave-browser.desktop", "org.gnome.Geary.desktop", "org.gnome.Nautilus.desktop" ]
+
+		[org.gnome.desktop.wm.keybindings]
+		close = ["<Super>q"]
+
+		[org.gnome.settings-daemon.plugins.media-keys]
+		custom-keybindings = ["org/gnome/settings-daemon/plugins/media-keys/custom0/"]
+
+		[org.gnome.settings-daemon.plugins.media-keys.custom0]
+		binding = ["<Super><Enter>"]
+		command = ["kgx"]
+		name = ["GNOME Console"]
+	'';
+
+# Configure keymap in X11
+	services.xserver = {
+		layout = "pl";
+		xkbVariant = "";
+	};
+
+# Configure console keymap
+	console.keyMap = "pl2";
+
+# Enable CUPS to print documents.
+	services.printing.enable = true;
+
+# Enable sound with pipewire.
+	hardware.pulseaudio.enable = false;
+	security.rtkit.enable = true;
+	services.pipewire = {
+		enable = true;
+		alsa.enable = true;
+		alsa.support32Bit = true;
+		pulse.enable = true;
+# If you want to use JACK applications, uncomment this
+#jack.enable = true;
+
+# use the example session manager (no others are packaged yet so this is enabled by default,
+# no need to redefine it in your config for now)
+#media-session.enable = true;
+	};
+
+	environment.systemPackages = with pkgs; [
+		libnotify
+		brave
+	];
+
+	documentation.nixos.enable = false;
+}
diff --git a/machines/x220-gnome/hardware-configuration.nix b/machines/x220-gnome/hardware-configuration.nix
new file mode 100644
index 0000000..7db32ec
--- /dev/null
+++ b/machines/x220-gnome/hardware-configuration.nix
@@ -0,0 +1,51 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.luks.devices."luks-9f3a316a-7177-4122-a4f5-03fbd375d6e1".device = "/dev/disk/by-uuid/9f3a316a-7177-4122-a4f5-03fbd375d6e1";
+  networking.hostName = "nixos"; # Define your hostname.
+ 
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/01db2679-e134-4870-b503-a0e616432175";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."luks-8a50e0b7-d2a7-4b0c-b092-9194536cae41".device = "/dev/disk/by-uuid/8a50e0b7-d2a7-4b0c-b092-9194536cae41";
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/D259-64AC";
+      fsType = "vfat";
+      options = [ "fmask=0022" "dmask=0022" ];
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/a7366f52-418f-47a7-bb29-fbd394d559ee"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wwp0s29u1u4i6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/machines/x220-gnome/pass.nix b/machines/x220-gnome/pass.nix
new file mode 100644
index 0000000..c781746
--- /dev/null
+++ b/machines/x220-gnome/pass.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+	environment.systemPackages = with pkgs; [
+		pkgs.pass-wayland
+	];
+	
+	programs.browserpass.enable = true;
+
+	programs.gnupg.agent = {
+		enable = true;
+		pinentryPackage = pkgs.pinentry-gnome3;
+		enableSSHSupport = true;
+	};
+
+	environment.variables = {
+		PASSWORD_STORE_DIR = "$HOME/.local/share/password-store";
+	};
+}
diff --git a/machines/x220-gnome/pn.nix b/machines/x220-gnome/pn.nix
new file mode 100644
index 0000000..add63cd
--- /dev/null
+++ b/machines/x220-gnome/pn.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+
+
+
+
+	users.users.pn = {
+		isNormalUser = true;
+		description = "Patryk Niedzwiedzinski";
+		extraGroups = [ "networkmanager" "wheel" ];
+		packages = with pkgs; [
+			gnomeExtensions.gsconnect
+		];
+	};
+	
+
+
+}