diff --git a/machines/moritz-desktop/configuration.nix b/machines/moritz-desktop/configuration.nix index 4bb254d..111cd63 100644 --- a/machines/moritz-desktop/configuration.nix +++ b/machines/moritz-desktop/configuration.nix @@ -1,7 +1,7 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{pkgs, ...}: { +{pkgs, inputs, ...}: { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -43,7 +43,7 @@ home-manager.users.moritz.home.packages = with pkgs; [ anki - stable.calibre # NOTE: breaks often in unstable + (inputs.stable.legacyPackages.${pkgs.system}.calibre) # NOTE: breaks often in unstable ]; networking.firewall.allowedTCPPorts = [9090]; diff --git a/machines/moritz-laptop/configuration.nix b/machines/moritz-laptop/configuration.nix index b5d6bfc..2c591b3 100644 --- a/machines/moritz-laptop/configuration.nix +++ b/machines/moritz-laptop/configuration.nix @@ -45,6 +45,7 @@ wl-clipboard ]; + home-manager.users.moritz.services.poweralertd.enable = true; home-manager.users.moritz.services.kanshi.settings = [ { profile.name = "undocked"; diff --git a/modules/moritz/nixpkgs.nix b/modules/moritz/nixpkgs.nix deleted file mode 100644 index 8eed234..0000000 --- a/modules/moritz/nixpkgs.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.my.nixpkgs; - - overlayType = mkOptionType { - name = "nixpkgs-overlay"; - description = "nixpkgs overlay"; - check = lib.isFunction; - merge = lib.mergeOneOption; - }; -in { - options.my.nixpkgs = { - overlays = mkOption { - default = []; - type = types.listOf overlayType; - example = - literalExpression - '' - [ - (self: super: { - openssh = super.openssh.override { - hpnSupport = true; - kerberos = self.libkrb5; - }; - }) - ] - ''; - }; - channels = mkOption { - default = {}; - example = literalExpression '' - { - stable = inputs.nixpkgs-stable; - } - ''; - type = with types; attrsOf package; - }; - overlaysForAllChannels = mkEnableOption "apply overlays for all channels"; - }; - - config.nixpkgs = { - overlays = let - channelOverlays = _: prev: - mapAttrs - ( - _: value: - import value { - inherit (prev) system; - config.allowUnfree = true; - overlays = optional cfg.overlaysForAllChannels cfg.overlays; - } - ) - cfg.channels; - in - cfg.overlays ++ [channelOverlays]; - - config.allowUnfree = true; - }; -} diff --git a/modules/moritz/profiles/IntelOneMono-Regular_freeze.ttf b/modules/moritz/profiles/IntelOneMono-Regular_freeze.ttf deleted file mode 100644 index 3a81df0..0000000 Binary files a/modules/moritz/profiles/IntelOneMono-Regular_freeze.ttf and /dev/null differ diff --git a/modules/moritz/profiles/base.nix b/modules/moritz/profiles/base.nix index b2c9aa5..c504b38 100644 --- a/modules/moritz/profiles/base.nix +++ b/modules/moritz/profiles/base.nix @@ -12,23 +12,6 @@ in { ]; my = { - nixpkgs = { - overlays = [ - ( - _: prev: { - nur = import inputs.nur { - pkgs = prev; - nurpkgs = prev; - }; - } - ) - ]; - channels = { - master = inputs.master; - stable = inputs.stable; - }; - }; - shell = { abbreviations = { us = "systemctl --user"; @@ -73,15 +56,10 @@ in { }; }; }; - specialisation.light-theme.configuration = { - stylix = { - base16Scheme = lib.mkOverride 999 ./day.yaml; - }; - }; stylix = { enable = lib.mkDefault true; - base16Scheme = lib.mkDefault ./night.yaml; - opacity.terminal = 0.9; + base16Scheme = lib.mkDefault ./theme/night.yaml; + opacity.terminal = 0.95; fonts = { serif = { package = pkgs.dejavu_fonts; @@ -92,15 +70,8 @@ in { name = "DejaVu Sans"; }; monospace = { - package = ( - # NOTE: custom intel one mono with frozen programming features - pkgs.runCommand "intone-mono-nerd-font-patched" {} '' - ${pkgs.nerd-font-patcher}/bin/nerd-font-patcher -c ${./IntelOneMono-Regular_freeze.ttf} - mkdir -p $out/share/fonts/truetype/NerdFonts/IntoneMonoFreeze/ - cp -a . $out/share/fonts/truetype/NerdFonts/IntoneMonoFreeze/ - '' - ); - name = "IntoneMonoFreeze Nerd Font"; + package = pkgs.nerd-fonts.fira-code; + name = "FiraCode Nerd Font"; }; emoji = { package = pkgs.noto-fonts-emoji; @@ -164,6 +135,8 @@ in { xdg.userDirs.enable = true; }; + nixpkgs.config.allowUnfree = true; + home-manager = { useGlobalPkgs = true; useUserPackages = true; diff --git a/modules/moritz/profiles/desktop.nix b/modules/moritz/profiles/desktop.nix index e6f5cfa..8e7dd8d 100644 --- a/modules/moritz/profiles/desktop.nix +++ b/modules/moritz/profiles/desktop.nix @@ -74,7 +74,7 @@ in { (inputs.filetags.packages.${pkgs.system}.default) keepassxc pavucontrol - stable.libreoffice # NOTE: breaks often + (inputs.stable.legacyPackages.${pkgs.system}.libreoffice) # NOTE: breaks often signal-desktop vlc ]; diff --git a/modules/moritz/profiles/jujutsu.nix b/modules/moritz/profiles/jujutsu.nix index f03d6a8..0a9f016 100644 --- a/modules/moritz/profiles/jujutsu.nix +++ b/modules/moritz/profiles/jujutsu.nix @@ -19,7 +19,8 @@ in { email = "mail@moritzboeh.me"; name = "Moritz Böhme"; }; - ui.paginate = "never"; + ui.pager.command = ["less" "-FRX"]; + ui.pager.env.LESSCHARSET = "utf-8"; ui.default-command = "log"; signing = { behavior = "drop"; diff --git a/modules/moritz/profiles/day.yaml b/modules/moritz/profiles/theme/day.yaml similarity index 100% rename from modules/moritz/profiles/day.yaml rename to modules/moritz/profiles/theme/day.yaml diff --git a/modules/moritz/profiles/night.yaml b/modules/moritz/profiles/theme/night.yaml similarity index 100% rename from modules/moritz/profiles/night.yaml rename to modules/moritz/profiles/theme/night.yaml diff --git a/modules/moritz/programs/chromium.nix b/modules/moritz/programs/chromium.nix index 5372855..9c05016 100644 --- a/modules/moritz/programs/chromium.nix +++ b/modules/moritz/programs/chromium.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + inputs, ... }: with lib; let @@ -11,7 +12,7 @@ in { enable = mkEnableOption "chromium"; package = mkOption { type = types.package; - default = pkgs.stable.chromium; + default = inputs.stable.legacyPackages.${pkgs.system}.chromium; defaultText = "pkgs.chromium"; description = "Chromium package to install."; }; diff --git a/modules/moritz/programs/firefox.nix b/modules/moritz/programs/firefox.nix index b2dee1c..1494811 100644 --- a/modules/moritz/programs/firefox.nix +++ b/modules/moritz/programs/firefox.nix @@ -65,7 +65,10 @@ in { // Overrides ${cfg.arkenfox.overrides} ''; - extensions.packages = with pkgs.nur.repos.rycee.firefox-addons; [ + extensions.packages = with (import inputs.nur { + pkgs = pkgs; + nurpkgs = pkgs; + }).repos.rycee.firefox-addons; [ darkreader istilldontcareaboutcookies kagi-search diff --git a/modules/moritz/programs/nvim/plugins/lsp.nix b/modules/moritz/programs/nvim/plugins/lsp.nix index 5a62ae1..1f3eb1a 100644 --- a/modules/moritz/programs/nvim/plugins/lsp.nix +++ b/modules/moritz/programs/nvim/plugins/lsp.nix @@ -10,11 +10,11 @@ elixir.setup { nextls = { - enable = true, + enable = vim.fn.exepath("nextls") ~= "", cmd = vim.fn.exepath("nextls"), }, elixirls = { - enable = true, + enable = vim.fn.exepath("elixir-ls") ~= "", cmd = vim.fn.exepath("elixir-ls"), settings = elixirls.settings { dialyzerEnabled = true, diff --git a/modules/moritz/security/default.nix b/modules/moritz/security/default.nix index 8f4642c..13a8587 100644 --- a/modules/moritz/security/default.nix +++ b/modules/moritz/security/default.nix @@ -70,7 +70,7 @@ # SSH services.openssh = { - package = pkgs.master.openssh; # HACK: to fix CVE-2024-6387 + package = pkgs.openssh; settings = { # Disable ssh password login PasswordAuthentication = lib.mkDefault false; diff --git a/vars/per-machine/moritz-laptop/user-password-moritz/user-password-hash/machines/moritz-laptop b/vars/per-machine/moritz-laptop/user-password-moritz/user-password-hash/machines/moritz-laptop new file mode 120000 index 0000000..60d1226 --- /dev/null +++ b/vars/per-machine/moritz-laptop/user-password-moritz/user-password-hash/machines/moritz-laptop @@ -0,0 +1 @@ +../../../../../../sops/machines/moritz-laptop \ No newline at end of file diff --git a/vars/per-machine/moritz-laptop/user-password-moritz/user-password-hash/secret b/vars/per-machine/moritz-laptop/user-password-moritz/user-password-hash/secret new file mode 100644 index 0000000..461ec55 --- /dev/null +++ b/vars/per-machine/moritz-laptop/user-password-moritz/user-password-hash/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:26K8iGyk1w83Ems7o9ctxzpX70I0vb724DgSmJWIp73RG3FS09m/gUA7xIQ8ZZWtWwyA/XK+ZZzda7WyvT7n3fbaTBvftJAagWZMtlr02v7AITKaLQO4oUHeIX/irljZP+eJhMTEFDIBZQ==,iv:J6l0pM4DnHP33CzO+tcU61bwe1ENA3XxY8HxAUWwHf8=,tag:3kI2MZnoywethEzqr8dJ5w==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByQW96a09RVyt4cDBlQ0pR\nSE9YVFRIV0VpMVVuSEdRdzQzOUR3VHNqcGw4Ckx3eTY2cDVQRG90K1VIZDNzSE1B\neWZaSFlMWlF2dWdvVlNYMmVwMEx5cVEKLS0tIFNPeVZhSW95bDlQUzlDYXo1dENj\nd1Bzd2I4dFp6RUlhaHJqajVrTi9aMFUKdErKRtu37x6xCjpXORxaKkZWSTV2pqD2\nkSEzCUIgUPcKb5U/AzZcj9WG8E+y4mea+ZzGpx2w+iSu0yehJdVyVg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1rgyueg2rnfw2er0rzkc6dc97p38fekjujdusfje6xn7g40plpfrshrlsyu", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxUncrV2w1VTFxRW5VMmNZ\nbmtscnZHQXUxZzFOQk1YSzNHTm8vNlVkUTA4ClJrQjdSVVdPZHZuTUk3YXF0eGhu\nZ3QxRGZKd2NmeFdwZkE1RnNyWVRWK0kKLS0tIGFQZFlDZW1Fb3V1ZE9GbXlhMzJP\nNHhlTGZENzZwOVlnRmJwTHBaazNoV2cKX1S0yXxp0RuJzbce9LDdM5se6t0oVPy8\nCeJ0DVGTOG+0hMeAL4tKeYiYHUBxhO4zUVfWBDcAeClt7W908gSptA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-01T18:16:08Z", + "mac": "ENC[AES256_GCM,data:S3N2Oj79iA+gzEIv3f0Z7/q3YHpg2qR72LGnN0SLwP5yFt/x9Azn9kFUWK67cXcCm9d5vZ67IS9l+lTSAvUfqPJjQbyu3XWgu6mzb0gxaRaZ5EBgdxmsGgbMNRoRJsJiFZDQeN1F6hI33rqIVKT7DKBpgO0yANN8zDlkoiy3zuE=,iv:7kXXanDQejDSseBk0YlQR8PMO4W0NhJAPgWXHfPiQ0A=,tag:QYT/W7gZXrn4uFDSqa0C9Q==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-laptop/user-password-moritz/user-password-hash/users/moritz b/vars/per-machine/moritz-laptop/user-password-moritz/user-password-hash/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-laptop/user-password-moritz/user-password-hash/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-laptop/user-password-moritz/user-password/secret b/vars/per-machine/moritz-laptop/user-password-moritz/user-password/secret new file mode 100644 index 0000000..1374d63 --- /dev/null +++ b/vars/per-machine/moritz-laptop/user-password-moritz/user-password/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:2cnno2ocuWquZks=,iv:NCs2Ayd/hBJn+2YPyFLCRBYamtlKfltDDrwCygHFtMw=,tag:J9tRVUcoahtZInbxtUgz5g==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsM2VlM2xDeG5rM3c1dzVK\ndVpwa3Z0QUgwaXBCR3lnQTNrdmFxOEZVeTFFCkdLM2xSa09DREd1ZEk0a0FpMTBH\ncnNWdldNOExNOEJXMGd2bUIwK0xkencKLS0tIE5zbys5U3RzNC9xdjNWR1lwMEw0\nREY4YXAwVkhuN2l6Tm1EK0lia2VGTkEKSHs2i9MDXy8U22Q+KQ4UotrWA+rr4X4K\ntSPMM/5nE3/Vh89xuw1VJyA7hS0rn/Q14/9NfAHFTiMNrg91Zu8PgQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-01T18:16:05Z", + "mac": "ENC[AES256_GCM,data:rsrX/WEIjICr3cJha/qaZ0JNqs2LxSGvsv9ed05aLbK3cQBwktLuCyQaFMTMbvWCOxDRa4xsnF4/KigtQQPiwRW1nQ5H+Kzir+LX6vo0Ftw3WCBLQBb7Jg4KWIZ7VbR11aFDhoYdnaBguJZm6LmnG8fub2OAkKV4UL2xv4izvUg=,iv:RsKjFu8wsZaVgidoaqtKksbpU6MOvIQMP0UtNh75XUg=,tag:AEuB7d20852uOFEOO70miQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-laptop/user-password-moritz/user-password/users/moritz b/vars/per-machine/moritz-laptop/user-password-moritz/user-password/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-laptop/user-password-moritz/user-password/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-laptop/user-password-root/user-password-hash/machines/moritz-laptop b/vars/per-machine/moritz-laptop/user-password-root/user-password-hash/machines/moritz-laptop new file mode 120000 index 0000000..60d1226 --- /dev/null +++ b/vars/per-machine/moritz-laptop/user-password-root/user-password-hash/machines/moritz-laptop @@ -0,0 +1 @@ +../../../../../../sops/machines/moritz-laptop \ No newline at end of file diff --git a/vars/per-machine/moritz-laptop/user-password-root/user-password-hash/secret b/vars/per-machine/moritz-laptop/user-password-root/user-password-hash/secret new file mode 100644 index 0000000..264f38a --- /dev/null +++ b/vars/per-machine/moritz-laptop/user-password-root/user-password-hash/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:2TiDEVPXGeaQHWXDbaS85LcROcvgcHJ+sn5McYXrxn1g2iPc0PbQmPTswnDb4MiNdpywSVNiM47DtLz4f3wFmdZPoS/rnyUfBR1V5YU0wdKdOSjk97Q4xea5pNFP9ZltbNmOSSTfkL3RhQ==,iv:WMDwAemQVRIm+/jiii/2kAQa3NxlJzvCGl1OVpccL1Y=,tag:MXapiPKPWJjnZxa/FqfWng==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSnBRM1NSRXBwL2ZNamh2\nQ25NbktmZlNwSk9uUkFjY25jajZYUktUVm1ZCi85TW9RREhHTHhUZzh4dzlLTjl4\nRVd4dTgxekpjSExyMFhRMDErcEdWbncKLS0tIHdEWS9MNHE4azBYMTdVaW1Jb0ty\nODRrR3BQNWd4Qlc2VDRxNnpLNXY1Nm8KdPqSJ67CKH6LpDTY9KYtcNxqBTgyBCyk\nM7vu+qDuwZODG7qvxqE3c2KnrfDalO+4/DDi2cf0jRNAyXq3HFaHKA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1rgyueg2rnfw2er0rzkc6dc97p38fekjujdusfje6xn7g40plpfrshrlsyu", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1bEVWRzRZWTdlM2xsWktZ\neUFJYStpZDhIMmJoa28wb0ZoUmx6TnFFVXp3Cnpid3FNZVBqZCsveWI0ekFxVDNE\nc1krUnBBcTFGTTdwMklWZm9iRjRNblUKLS0tIDFzeTN1R1p6MERVNzNyZndWaHN6\nUUJLYWkvT3VzR2tpeXlMQkliZmZiSGcKm6hBLbaoN1gNINFZjaSOB0gGynAk2IpZ\nMLRU75FDo12ExjGWapuSwmF38E7K9aL36ADznkqhk535uVOAPv4Jfg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-01T18:17:20Z", + "mac": "ENC[AES256_GCM,data:edjaJwjv2xNeNFa/XdblSaP6+n5/iQp43ARgYfzThZNZ1ZN5hBvMsSFCYie+LUmntn3AJe7n4Gg4OaDivyttBOjWDUZBoCZquXWdVA/hzujfJpdqtAOmGrTNVAPAf2S2pNOvtHwsoZzaDdWrrHbp3PCkMXqIAWc8LbadXGQbc8k=,iv:X0AgKfAJIvy6nDDI5aEpmJg+N12UvFgUND7bPdaT4Ik=,tag:xqe5adLYxVbJk5AtMQbDhg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-laptop/user-password-root/user-password-hash/users/moritz b/vars/per-machine/moritz-laptop/user-password-root/user-password-hash/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-laptop/user-password-root/user-password-hash/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file diff --git a/vars/per-machine/moritz-laptop/user-password-root/user-password/secret b/vars/per-machine/moritz-laptop/user-password-root/user-password/secret new file mode 100644 index 0000000..c0a036e --- /dev/null +++ b/vars/per-machine/moritz-laptop/user-password-root/user-password/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:OkHa8p3LDyijUJRUjw8ST8VvKffdG3Gyxvk2zF1Wtg==,iv:RTjyI5XFMxk/GcfEnvEpZYg5eKesstw2dNI1nbaPds8=,tag:qU5l+G36P4tsK85hVvTiTQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age12jlzcjwwhtgws4ku4nemwknsps3a6um74kdpxfv9pzvgdlhufp8q08c0j7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbWN4QzBtQTV4QzVYcVhu\nU1oxdk55eUdYNDVxQ0hVdkF2OWVkVTlJZFhVCjRibVdyeWJIdDhLUi9yc1RGSnNu\nQ3UzWGFCNWwwNkdFUGp3Y0Uxb2NtbkUKLS0tIEJ2Y29GeU9HZEpXRkRSU0U0aTI5\nLzJDTEp5TmJEbWdjUldXc2piT0xkNWMKMOO+m5vJelGhuxFFOWncneZgtsuQ3NUD\n9ACBCLjjZbUB7AIfK2GfTORFU50dp70kPvUCXl9PHzTGOq9TlMp1qw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-08-01T18:17:18Z", + "mac": "ENC[AES256_GCM,data:ivmyAf63jazxFKJP6FyyRpXwnot/TIGSisFvOiMf1IQNsxXIhRkVtevSX1bWpq9CJUNqVSkICT3rzjYY2Wg0qoG/x1p59OXo20O6N8atEM3lXh9Hx02SWNsYoEmOeyvopGss6jPKJVdzUSESY8/lpzKPF1ejzhnMYc4utgVm4W8=,iv:zCbqTAY5zIez/+ytyETn7QtLBun3i3E1dw4cMNHRUBQ=,tag:enRpiIOdPVMKgBaKigwTww==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/moritz-laptop/user-password-root/user-password/users/moritz b/vars/per-machine/moritz-laptop/user-password-root/user-password/users/moritz new file mode 120000 index 0000000..1b45802 --- /dev/null +++ b/vars/per-machine/moritz-laptop/user-password-root/user-password/users/moritz @@ -0,0 +1 @@ +../../../../../../sops/users/moritz \ No newline at end of file