moritz
/
dotfiles
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/nixos' into nixos

stylix
Moritz Böhme 2023-10-20 13:43:01 +02:00
parent 0c04788cd4 9ab5495843
commit 41369784d2
43 changed files with 1291 additions and 1066 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.nixd.json Normal file
View File

@ -0,0 +1,9 @@
{
"options": {
"enable": true,
"target": {
"args": [],
"installable": ".#nixosConfigurations.nixos-desktop.options"
}
}
}

619
flake.lock
View File

File diff suppressed because it is too large Load Diff

343
flake.nix
View File

@ -1,60 +1,58 @@
{
description = "My awesome system config";
/*
Inputs
*/
inputs = {
# Nix
master.url = "github:nixos/nixpkgs";
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
stable.url = "github:nixos/nixpkgs/nixos-23.05";
flake-utils.url = "github:numtide/flake-utils";
agenix.inputs.nixpkgs.follows = "nixpkgs";
agenix.url = "github:ryantm/agenix";
devshell.url = "github:numtide/devshell";
disko.url = "github:nix-community/disko";
flake-parts.url = "github:hercules-ci/flake-parts";
flake-utils.url = "github:numtide/flake-utils";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager";
nil.inputs.flake-utils.follows = "flake-utils";
nil.inputs.nixpkgs.follows = "nixpkgs";
nil.url = "github:oxalica/nil";
impermanence.url = "github:nix-community/impermanence";
master.url = "github:nixos/nixpkgs";
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
stable.url = "github:nixos/nixpkgs/nixos-23.05";
nur.url = "github:nix-community/NUR";
nix-index-database.url = "github:Mic92/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
nix-super.url = "github:privatevoid-net/nix-super";
# Programs
nix-super.inputs.nixpkgs.follows = "stable";
rofi-wayland.url = "github:lbonn/rofi/wayland";
nix-super.url = "github:privatevoid-net/nix-super/518ce777422c6ade8988a3dd1bebb407a08f3851"; # NOTE: because nix 1.18 is borked
rofi-wayland.flake = false;
rofi-wayland.url = "github:lbonn/rofi/wayland";
timers.url = "git+https://gitea.moritzboeh.me/moritz/timers.git";
# Neovim
neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay";
smartcolumn-nvim.flake = false;
smartcolumn-nvim.url = "github:m4xshen/smartcolumn.nvim";
telekasten-nvim.flake = false;
telekasten-nvim.url = "github:renerocksai/telekasten.nvim";
telescope-nvim.flake = false;
telescope-nvim.url = "github:nvim-telescope/telescope.nvim";
nvim-treesitter.flake = false;
nvim-treesitter.url = "github:nvim-treesitter/nvim-treesitter/v0.9.1"; # NOTE: to fix weird latest issues
hmts-nvim.flake = false;
hmts-nvim.url = "github:calops/hmts.nvim";
actions-preview-nvim.flake = false;
actions-preview-nvim.url = "github:aznhe21/actions-preview.nvim";
codeium-nvim.url = "github:jcdickinson/codeium.nvim";
codeium-nvim.inputs.nixpkgs.follows = "nixpkgs";
codeium-nvim = {
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
url = "github:jcdickinson/codeium.nvim";
};
hmts-nvim.flake = false;
hmts-nvim.url = "github:calops/hmts.nvim";
neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay";
nix-lazy-nvim.url = "git+https://git.moritzboeh.me/moritz/NixLazy.nvim";
nvim-lspconfig.flake = false;
nvim-lspconfig.url = "github:neovim/nvim-lspconfig";
nvim-puppeteer.flake = false;
nvim-puppeteer.url = "github:chrisgrieser/nvim-puppeteer";
nvim-treesitter.flake = false;
nvim-treesitter.url = "github:nvim-treesitter/nvim-treesitter/v0.9.1"; # NOTE: to fix weird latest issues
smartcolumn-nvim.flake = false;
smartcolumn-nvim.url = "github:m4xshen/smartcolumn.nvim";
telekasten-nvim.flake = false;
telekasten-nvim.url = "github:renerocksai/telekasten.nvim";
telescope-nvim.flake = false;
telescope-nvim.url = "github:nvim-telescope/telescope.nvim";
none-ls-nvim.flake = false;
none-ls-nvim.url = "github:nvimtools/none-ls.nvim";
# Hyprland
hypr-contrib.url = "github:hyprwm/contrib";
@ -68,147 +66,158 @@
# Firefox user.js
arkenfox-userjs.url = "github:arkenfox/user.js";
arkenfox-userjs.flake = false;
timers.url = "git+https://gitea.moritzboeh.me/moritz/timers.git";
};
/*
Outputs
*/
outputs = inputs@{ self, nixpkgs, ... }:
outputs = inputs@{ self, flake-parts, ... }:
let
systems = [ "x86_64-linux" "aarch64-linux" ];
forEachSystem = lib.genAttrs systems;
lib = nixpkgs.lib.extend
(self: _: { my = import ./lib { lib = self; }; });
overlay = import ./overlays {
inherit inputs;
inherit (self) lib;
};
config.allowUnfree = true;
overlays = [
defaultOverlays = [
inputs.hypr-contrib.overlays.default
inputs.neovim-nightly-overlay.overlay
overlay
self.overlays.default
];
pkgsFor = system: import nixpkgs {
inherit system config;
overlays = overlays ++ [
(
_: prev: {
master = import inputs.master {
inherit (prev) system;
inherit overlays config;
};
stable = import inputs.stable {
inherit (prev) system;
inherit overlays config;
};
finalOverlays = defaultOverlays ++ [
(
_: prev: {
master = import inputs.master {
inherit (prev) system;
overlays = defaultOverlays;
};
stable = import inputs.stable {
inherit (prev) system;
overlays = defaultOverlays;
};
nur = import inputs.nur {
pkgs = prev;
nurpkgs = prev;
};
}
)
];
in
flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
inputs.pre-commit-hooks.flakeModule
inputs.devshell.flakeModule
];
systems = [ "x86_64-linux" ];
perSystem = { config, self', inputs', pkgs, system, ... }: {
_module.args.pkgs =
import inputs.nixpkgs {
inherit system;
overlays = finalOverlays;
};
devshells.default = {
devshell.startup.pre-commit-hook.text = config.pre-commit.installationScript;
commands = [
{
name = "agenix";
help = "wrapper around agenix";
command = ''
sudo EDITOR="${pkgs.lib.getExe pkgs.vim}" ${pkgs.lib.getExe' inputs'.agenix.packages.default "agenix"} --identity /etc/ssh/ssh_host_ed25519_key "$@"
'';
}
)
overlay
];
{
name = "nixos-build";
help = "use nom to build system";
command =
''
nom build --no-link ".#nixosConfigurations.$(hostname).config.system.build.toplevel" $@
'';
}
{
name = "nixos-switch";
help = "wrapper for nixos-rebuild switch";
command = "sudo nixos-rebuild switch --flake . $@";
}
{
name = "nixos-test";
help = "wrapper for nixos-rebuild switch";
command = "sudo nixos-rebuild test --flake . $@";
}
{
name = "nixos-boot";
help = "wrapper for nixos-rebuild switch";
command = "sudo nixos-rebuild boot --flake . $@";
}
];
};
pre-commit = {
check.enable = true;
settings = {
hooks = {
nixpkgs-fmt.enable = true;
statix.enable = true;
shellcheck.enable = true;
stylua.enable = true;
};
};
};
legacyPackages = pkgs;
packages =
self.lib.filterAttrs (_: self.lib.isDerivation)
(self.overlays.default pkgs pkgs);
};
defaultModules = [
{ nixpkgs = { inherit config; }; }
./modules
inputs.home-manager.nixosModule
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit inputs self; };
};
}
inputs.agenix.nixosModules.age
];
flake = {
lib = inputs.nixpkgs.lib.extend
(self: _: { my = import ./lib { lib = self; }; });
hosts = self.lib.my.mapModules
(path:
let
system = import "${path}/system.nix";
pkgs = pkgsFor system;
in
lib.nixosSystem {
inherit pkgs system lib;
overlays.default = import ./overlays {
inherit inputs;
inherit (self) lib;
};
nixosConfigurations = self.lib.my.mapModules
(path: self.lib.nixosSystem {
inherit (self) lib;
specialArgs = {
inherit inputs self;
};
modules = defaultModules ++ [ path ];
})
./hosts;
pre-commit-check = system: inputs.pre-commit-hooks.lib."${system}".run {
src = ./.;
hooks = {
nixpkgs-fmt.enable = true;
statix.enable = true;
shellcheck.enable = true;
stylua.enable = true;
};
};
in
with lib; {
inherit lib;
# ╔══════════════════════════════════════════════════════════╗
# ║ NixOS Configurations ║
# ╚══════════════════════════════════════════════════════════╝
nixosConfigurations = hosts;
# ╔══════════════════════════════════════════════════════════╗
# ║ Other Outputs ║
# ╚══════════════════════════════════════════════════════════╝
devShells = forEachSystem (system:
let
pkgs = pkgsFor system;
in
{
default = pkgs.mkShell
{
inherit (pre-commit-check system) shellHook;
name = "dotfiles";
packages = with pkgs; [
# Secrets
agenix
# cachix
cachix
modules =
[
./modules
{
nixpkgs = {
overlays = finalOverlays;
config.allowUnfree = true;
};
}
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = { inherit inputs self; };
sharedModules = [ inputs.nix-lazy-nvim.homeManagerModules.default ];
};
}
inputs.agenix.nixosModules.age
inputs.disko.nixosModules.default
inputs.home-manager.nixosModule
inputs.impermanence.nixosModules.impermanence
inputs.nix-index-database.nixosModules.nix-index
path
];
};
});
checks = forEachSystem (system: {
pre-commit-check = pre-commit-check system;
});
legacyPackages = forEachSystem pkgsFor;
packages = forEachSystem (system:
let
pkgs = pkgsFor system;
in
filterAttrs (_: isDerivation)
(overlay pkgs pkgs)
);
overlays =
let
overlayNames = attrNames (overlay null null);
mkOverlay = name: final: prev: (overlay final prev).${name};
in
(genAttrs overlayNames mkOverlay) // {
default = overlay;
};
})
./hosts;
};
};
nixConfig = {
extra-substituters = [
"https://hyprland.cachix.org"
"https://nix-community.cachix.org"
"https://pre-commit-hooks.cachix.org"
];
extra-trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc="
];
};
}

66
hosts/nixos-desktop/default.nix
View File

@ -17,23 +17,41 @@
gaming.enable = true;
personal.enable = true;
};
programs.hyprland.nvidiaSupport = true;
programs.hyprland.keyboardLayouts = [ "us" "de" ];
programs.hyprland = {
nvidiaSupport = true;
monitors = [ "HDMI-A-1,3840x2160,auto,1.2" ",preferred,auto,1" ];
extraConfig = "exec=hyprctl keyword monitor HDMI-A-1,3840x2160@120,auto,1.2";
keyboardLayouts = [ "us" "de" ];
};
services.mullvad.enable = true;
services.wallpaper.enable = true;
programs.ledger.enable = true;
};
home-manager.users.moritz.home.packages = with pkgs; [
jetbrains.idea-community
];
hardware = {
keyboard.qmk.enable = true;
nvidia.modesetting.enable = true;
opengl = {
enable = true;
driSupport32Bit = true;
driSupport = true;
};
hardware.keyboard.qmk.enable = true;
# sensors
enableAllFirmware = true;
# KERNEL
boot.kernelPackages = pkgs.linuxPackages_latest;
bluetooth.enable = true;
};
# BOOT
boot = {
# KERNEL
kernelPackages = pkgs.linuxPackages_latest;
# BOOT
supportedFilesystems = [ "btrfs" "ntfs" ];
loader = {
grub = {
@ -44,6 +62,8 @@
};
efi.canTouchEfiVariables = true;
};
kernelModules = [ "lm92" "drivetemp" ];
};
# NETWORKING
@ -68,33 +88,23 @@
};
networkmanager.enable = true;
};
hardware.nvidia.modesetting.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl = {
enable = true;
driSupport32Bit = true;
driSupport = true;
services = {
xserver.videoDrivers = [ "nvidia" ];
xserver.xrandrHeads = [
{ output = "HDMI-1"; }
{
output = "HDMI-0";
primary = true;
}
];
# Powersaving
tlp.enable = true;
};
services.xserver.xrandrHeads = [
{ output = "HDMI-1"; }
{
output = "HDMI-0";
primary = true;
}
];
console.keyMap = "de";
# Powersaving
services.tlp.enable = true;
powerManagement.enable = true;
# sensors
hardware.enableAllFirmware = true;
environment.systemPackages = with pkgs; [ lm_sensors ];
boot.kernelModules = [ "lm92" "drivetemp" ];
hardware.bluetooth.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

75
hosts/nixos-desktop/hardware-configuration.nix
View File

@ -7,51 +7,56 @@
, ...
}: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ ];
luks.devices."enc".device = "/dev/disk/by-uuid/30025a9f-44cf-4074-8ae2-d4925efd67dd";
};
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/30025a9f-44cf-4074-8ae2-d4925efd67dd";
"/home" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
"/nix" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" ];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" ];
};
"/var/log" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" ];
neededForBoot = true;
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" ];
neededForBoot = true;
};
"/boot" = {
device = "/dev/disk/by-uuid/297B-C04C";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/297B-C04C";
fsType = "vfat";
};
fileSystems."/media/games" = {
device = "/dev/disk/by-uuid/8f92ff36-a685-4a67-a3d4-55136dc5f286";
fsType = "ext4";
"/media/games" = {
device = "/dev/disk/by-uuid/8f92ff36-a685-4a67-a3d4-55136dc5f286";
fsType = "ext4";
};
};
swapDevices = [{ device = "/dev/disk/by-uuid/00ad6f74-f23e-4ac0-abfb-89bdfe5ab8ae"; }];
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

1
hosts/nixos-desktop/system.nix
View File

@ -1 +0,0 @@
"x86_64-linux"

117
hosts/nixos-laptop/default.nix
View File

@ -3,37 +3,46 @@
# and in the NixOS manual (accessible by running nixos-help).
{ pkgs
, inputs
, lib
, ...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./disko.nix
./impermanence.nix
];
my = {
virtualisation.libvirtd.enable = true;
yubikey.luksSupport.enable = false;
profiles = {
desktop.enable = true;
personal.enable = true;
webis.enable = true;
# webis.enable = true;
};
};
environment.systemPackages = [
(
pkgs.writeShellApplication {
name = "zfs-diff";
runtimeInputs = with pkgs; [ zfs coreutils parallel tree ];
text = ''
zfs diff -F zroot/encrypted/root@blank | awk '$2 == "F" && system("test -e /persist/"$3) != 0 { print $3 }' 2>/dev/null | tree --fromfile . "$@"
'';
}
)
];
home-manager.users.moritz.home.packages = with pkgs; [
jetbrains.idea-ultimate
# jetbrains.idea-ultimate
];
# BOOT
boot = {
supportedFilesystems = [ "btrfs" ];
loader = {
grub = {
enable = true;
device = "nodev";
efiSupport = true;
};
efi.canTouchEfiVariables = true;
};
supportedFilesystems = [ "zfs" ];
loader.systemd-boot.enable = true;
};
# SERVICES
@ -65,54 +74,56 @@
services.tlp.enable = true;
powerManagement.enable = true;
# Hibernare on low battery
systemd.timers.hibernate-on-low-battery = {
wantedBy = [ "multi-user.target" ];
timerConfig = {
OnUnitActiveSec = "120";
OnBootSec = "120";
systemd = {
# Hibernare on low battery
timers.hibernate-on-low-battery = {
wantedBy = [ "multi-user.target" ];
timerConfig = {
OnUnitActiveSec = "120";
OnBootSec = "120";
};
};
services.hibernate-on-low-battery =
let
batteryLevelSufficient =
let
batteryPath = "/sys/class/power_supply/BATT";
in
pkgs.writeShellScriptBin "battery-level-sufficient" ''
test "$(cat ${batteryPath}/status)" != Discharging \
|| test "$(cat ${batteryPath}/capacity)" -ge 5
'';
in
{
serviceConfig.Type = "oneshot";
onFailure = [ "hibernate.target" ];
script = "${batteryLevelSufficient}/bin/battery-level-sufficient";
};
services.asus-touchpad-numpad = {
description = "Activate Numpad inside the touchpad with top right corner switch";
documentation = [ "https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver" ];
path = [ pkgs.i2c-tools ];
script = ''
cd ${inputs.asus-touchpad-numpad-driver}
# In the last argument here you choose your layout.
${
pkgs.python3.withPackages (ps: [ps.libevdev])
}/bin/python asus_touchpad.py m433ia
'';
# Probably needed because it fails on boot seemingly because the driver
# is not ready yet. Alternativly, you can use `sleep 3` or similar in the
# `script`.
serviceConfig = {
RestartSec = "1s";
Restart = "on-failure";
};
wantedBy = [ "multi-user.target" ];
};
};
systemd.services.hibernate-on-low-battery =
let
batteryLevelSufficient =
let
batteryPath = "/sys/class/power_supply/BATT";
in
pkgs.writeShellScriptBin "battery-level-sufficient" ''
test "$(cat ${batteryPath}/status)" != Discharging \
|| test "$(cat ${batteryPath}/capacity)" -ge 5
'';
in
{
serviceConfig.Type = "oneshot";
onFailure = [ "hibernate.target" ];
script = "${batteryLevelSufficient}/bin/battery-level-sufficient";
};
# Trackpad
# i2c for https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver
hardware.i2c.enable = true;
systemd.services.asus-touchpad-numpad = {
description = "Activate Numpad inside the touchpad with top right corner switch";
documentation = [ "https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver" ];
path = [ pkgs.i2c-tools ];
script = ''
cd ${inputs.asus-touchpad-numpad-driver}
# In the last argument here you choose your layout.
${
pkgs.python3.withPackages (ps: [ps.libevdev])
}/bin/python asus_touchpad.py m433ia
'';
# Probably needed because it fails on boot seemingly because the driver
# is not ready yet. Alternativly, you can use `sleep 3` or similar in the
# `script`.
serviceConfig = {
RestartSec = "1s";
Restart = "on-failure";
};
wantedBy = [ "multi-user.target" ];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

94
hosts/nixos-laptop/disko.nix Normal file
View File

@ -0,0 +1,94 @@
{ lib, ... }:
{
# needed for zfs pool
networking.hostId = "9c85d185";
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "64M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
rootFsOptions = {
compression = "zstd";
"com.sun:auto-snapshot" = "false";
};
mountpoint = null;
datasets = {
encrypted = {
type = "zfs_fs";
options = {
mountpoint = "none";
encryption = "aes-256-gcm";
keyformat = "passphrase";
};
# use this to read the key during boot
postCreateHook = ''
zfs set keylocation="prompt" "zroot/$name";
'';
};
"encrypted/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs snapshot zroot/encrypted/root@blank";
};
"encrypted/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
};
"encrypted/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
options."com.sun:auto-snapshot" = "true";
};
};
};
};
};
# rollback to blank
boot.initrd.postDeviceCommands = lib.mkAfter ''
zfs rollback -r zroot/encrypted/root@blank
'';
fileSystems."/persist".neededForBoot = true;
# HACK: to fix issue of agenix running before impermanence
age.identityPaths = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key"
"/persist/etc/ssh/ssh_host_ed25519_key"
"/persist/etc/ssh/ssh_host_rsa_key"
];
services.zfs = {
autoScrub.enable = true;
trim.enable = true;
autoSnapshot.enable = true;
};
}

51
hosts/nixos-laptop/hardware-configuration.nix
View File

@ -2,53 +2,16 @@
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ modulesPath
, lib
, ...
}: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
boot = {
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/078b81ba-238e-471d-9951-b743588532b8";
fileSystems."/log" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" ];
neededForBoot = true;
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/938D-F813";
fsType = "vfat";
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=persist" "compress=zstd" ];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/4a91d3eb-1633-42d9-8304-c10e49a61154";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
swapDevices = [{ device = "/dev/disk/by-uuid/29ebf65f-e6ca-4625-9f72-a9321152be1b"; }];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

72
hosts/nixos-laptop/impermanence.nix Normal file
View File

@ -0,0 +1,72 @@
{ config, ... }:
{
age.secrets = {
root-password.file = ../../secrets/root-password.age;
moritz-password.file = ../../secrets/moritz-password.age;
};
users.users = {
root.hashedPasswordFile = config.age.secrets.root-password.path;
moritz.hashedPasswordFile = config.age.secrets.moritz-password.path;
};
users.mutableUsers = false;
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/etc/NetworkManager/system-connections"
"/var/db/dhcpcd/"
"/var/lib/NetworkManager/"
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/log"
];
files = [
"/etc/machine-id"
"/etc/nix/id_rsa"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
users.moritz = {
directories = [
".SynologyDrive/data"
".SynologyDrive/log"
".cache/keepassxc"
".cache/nvim/luac"
".config/Nextcloud"
".config/keepassxc"
".local/share/direnv"
".local/share/nvim"
".local/share/zoxide"
".local/state/nvim"
".config/kdeconnect"
".mozilla"
"Documents"
"Downloads"
"Music"
"Pictures"
"Videos"
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".local/share/keyrings"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
];
files = [
".local/share/fish/fish_history"
".local/share/nix/trusted-settings.json"
".parallel/will-cite"
];
};
users.root = {
home = "/root";
directories = [
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
];
files = [
".local/share/nix/trusted-settings.json"
];
};
};
}

1
hosts/nixos-laptop/system.nix
View File

@ -1 +0,0 @@
"x86_64-linux"

17
hosts/scadspc25/default.nix
View File

@ -21,12 +21,18 @@
services.synology-drive.enable = true;
programs.hyprland.keyboardLayouts = [ "us" "de" ];
};
boot = {
loader = {
grub = {
# Use the systemd-boot EFI boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.device = "nodev";
boot.loader.grub.efiSupport = true;
boot.loader.efi.canTouchEfiVariables = true;
# Use the systemd-boot EFI boot loader.
enable = true;
device = "nodev";
efiSupport = true;
};
efi.canTouchEfiVariables = true;
};
};
networking.hostName = "scadspc25"; # Define your hostname.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
@ -53,4 +59,3 @@
system.stateVersion = "23.05"; # Did you read the comment?
}

83
hosts/scadspc25/hardware-configuration.nix
View File

@ -8,52 +8,55 @@
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" =
{
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" "noatime" ];
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" "noatime" ];
};
"/home" =
{
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" "noatime" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" "noatime" ];
};
"/nix" =
{
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
"/var/log" =
{
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" "noatime" ];
};
fileSystems."/var/log" =
{
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" "noatime" ];
};
"/snapshots" =
{
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs";
options = [ "subvol=snapshots" "compress=zstd" "noatime" ];
};
fileSystems."/snapshots" =
{
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
fsType = "btrfs";
options = [ "subvol=snapshots" "compress=zstd" "noatime" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/3B2B-63DB";
fsType = "vfat";
};
"/boot" =
{
device = "/dev/disk/by-uuid/3B2B-63DB";
fsType = "vfat";
};
};
swapDevices =
[{ device = "/dev/disk/by-uuid/c08ff6b6-d6e2-4620-95fc-6c20b04c7363"; }];

1
hosts/scadspc25/system.nix
View File

@ -1 +0,0 @@
"x86_64-linux"

65
modules/profiles/base.nix
View File

@ -6,21 +6,6 @@
with lib;
let
nom-system = pkgs.writeFishApplication {
name = "nom-system";
runtimeInputs = with pkgs; [ nix-output-monitor ];
text = /* fish */ ''
nom build --no-link "/home/moritz/.dotfiles#nixosConfigurations.$(hostname).config.system.build.toplevel" $argv
'';
};
nom-system-command = name: command: pkgs.writeFishApplication {
inherit name;
runtimeInputs = with pkgs; [ nom-system nix ];
text = /* fish */ ''
nom-system $argv && ${command}
'';
};
f = pkgs.writeFishApplication {
name = "f";
runtimeInputs = with pkgs; [ fzf bat ];
@ -46,7 +31,7 @@ let
recurse (readlink $path)
end
end
for arg in $argv
recurse (which $arg)
end
@ -84,6 +69,9 @@ let
};
in
{
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoAqa2m7hIzZ2LS96Z+RCIlRvhBM/j7h27tMBCwMT+a" # Moritz
];
users.users.moritz = {
isNormalUser = true;
home = "/home/moritz";
@ -105,17 +93,17 @@ in
abbreviations = {
us = "systemctl --user";
rs = "sudo systemctl";
uj = "journalctl --user";
rj = "sudo journalctl";
};
aliases = {
ls = "exa -lh --icons --git";
ls = "${getExe pkgs.eza} -lh --icons --git";
cat = "bat";
rm = "rm -i";
mv = "mv -i";
cd = "__zoxide_z";
nixos-update = "pushd ~/.dotfiles && nix flake update && popd";
latexwatch = ''find -type f -name "*.tex" | entr -c latexmk -pdf -silent'';
};
variables = { EDITOR = "vim"; };
};
@ -135,6 +123,8 @@ in
"|" = "split-window -h";
"C-l" = "send-keys C-l";
"R" = "source-file $XDG_CONFIG_HOME/tmux/tmux.conf \\; display-message 'Reloaded tmux.conf'";
"f" = "new-window ts";
"a" = "new-window ta";
};
copy-mode-vi = {
"v" = "send -X begin-selection";
@ -151,53 +141,40 @@ in
# archives
ouch
# file management
trash-cli
# monitoring
htop
bottom
# nix
(nom-system-command "nixos-boot" "sudo nixos-rebuild boot --flake ~/.dotfiles")
(nom-system-command "nixos-switch" "sudo nixos-rebuild switch --flake ~/.dotfiles")
(nom-system-command "nixos-test" "sudo nixos-rebuild test --flake ~/.dotfiles")
manix
nix-index
nix-output-monitor
nixpkgs-fmt
statix
which-nix
# other
# utils
bat
cht-sh
du-dust
duf
entr
exa
f
fd
gi
gparted
neofetch
reptyr
parallel
ripgrep
up
vim
viu
wget
];
fonts.packages = with pkgs; [
(nerdfonts.override {
fonts = [ "FiraCode" ];
})
];
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
(nerdfonts.override {
fonts = [ "FiraCode" ];
})
];
};
programs = {
mtr.enable = true;
command-not-found.enable = true;
starship.enable = true;
command-not-found.enable = false;
};
services = {

4
modules/profiles/desktop.nix
View File

@ -84,11 +84,7 @@ in
};
environment.systemPackages = with pkgs; [
anki
calibre
fd
keepassxc
nixpkgs-review
pavucontrol
stable.libreoffice # NOTE breaks often
stable.signal-desktop # NOTE breaks often

19
modules/profiles/personal.nix
View File

@ -69,24 +69,5 @@ in
};
};
};
nix.buildMachines = [{
hostName = "builder";
systems = [ "aarch64-linux" "x86_64-linux" ];
protocol = "ssh-ng";
maxJobs = 1;
speedFactor = 1;
supportedFeatures = [ "nixos-test" "benchmark" "kvm" ];
mandatoryFeatures = [ ];
}];
nix.distributedBuilds = true;
# optional, useful when the builder has a faster internet connection than yours
nix.extraOptions = ''
builders-use-substitutes = true
'';
age.secrets."ssh-builder" = {
file = ../../secrets/ssh-builder.age;
owner = "0";
path = "/root/.ssh/config";
};
};
}

27
modules/programs/firefox.nix
View File

@ -1,6 +1,7 @@
{ config
, lib
, inputs
, pkgs
, ...
}:
@ -33,13 +34,27 @@ in
config = mkIf cfg.enable {
home-manager.users.moritz.programs.firefox = {
enable = true;
profiles."default".extraConfig = mkIf cfg.arkenfox.enable ''
// Arkenfox user.js
${arkenfox}
profiles."default" = {
extraConfig = mkIf cfg.arkenfox.enable ''
// Arkenfox user.js
${arkenfox}
// Overrides
${cfg.arkenfox.overrides}
'';
// Overrides
${cfg.arkenfox.overrides}
'';
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
darkreader
firefox-color
istilldontcareaboutcookies
kagi-search
keepassxc-browser
languagetool
multi-account-containers
ublock-origin
wikiwand-wikipedia-modernized
vimium
];
};
};
};
}

50
modules/programs/fish.nix
View File

@ -46,14 +46,46 @@ in
# visual mode, but due to fish_cursor_default, is redundant here
set fish_cursor_visual block
# Complex abbreviations
function last_history_item
echo $history[1]
end
abbr -a !! --position anywhere --function last_history_item
function sed_history_item
echo $history[1] | perl -p -e (string trim -l --chars=! $argv)
end
abbr -a sed_history --position command --regex '^!s/.+/.*/g?' --function sed_history_item
function multicd
echo cd (string repeat -n (math (string length -- $argv[1]) - 1) ../)
end
abbr --add dotdot --regex '^\.\.+$' --function multicd
abbr -a P --position anywhere --set-cursor "% | $PAGER"
function editor_edit
echo $EDITOR $argv
end
abbr -a editor_edit_files --position command --regex ".+\.(txt|md|org)" --function editor_edit
function editor
echo $EDITOR
end
abbr -a e --function editor
# Completions
complete -c c -kfa '(zoxide query -l | sed "s|$HOME|~|")'
${optionalString config.virtualisation.podman.dockerCompat /* fish */ "complete -c docker -w podman"}
complete -c nom -fn "not __fish_seen_subcommand_from build shell develop" -a "build shell develop"
complete -c nom -fn "__fish_seen_subcommand_from build" -w "nix build"
complete -c nom -fn "__fish_seen_subcommand_from shell" -w "nix shell"
complete -c nom -fn "__fish_seen_subcommand_from develop" -w "nix develop"
complete -c timers \
-n "__fish_seen_subcommand_from toggle" \
-fa '(timers --json l | ${getExe pkgs.jq} -r .[][].name)'
complete -c timers \
-n "__fish_seen_subcommand_from remove" \
-fa '(timers --json l | ${getExe pkgs.jq} -r .[][].name)'
@ -64,6 +96,22 @@ in
functions = {
fish_greeting = "";
cheat = "cht.sh $argv | bat -p";
sourceenv = ''
set -f envfile "$argv"
if not test -f "$envfile"
echo "Unable to load $envfile"
return 1
end
printf "exported"
while read line
if not string match -qr '^#|^$' "$line"
set item (string split -m 1 '=' $line)
printf " $item[1]"
set -gx "$item[1]" "$item[2]"
end
end < "$envfile"
printf "\n"
'';
};
};
};

15
modules/programs/hyprland/_config.nix
View File

@ -17,7 +17,7 @@ in
#
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor=,preferred,auto,1
${concatLines (map (x: "monitor=${x}") cfg.monitors)}
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
@ -110,6 +110,13 @@ in
workspace_swipe = on
}
misc {
vrr = 1
mouse_move_enables_dpms = true
key_press_enables_dpms = true
force_default_wallpaper = 0
}
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# Firefox Sharing Indicator
${mkRules ["float" "move 49% 40" "noborder" "nofullscreenrequest"] ["title:^(.*Sharing Indicator.*)$"]}
@ -207,5 +214,9 @@ in
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow
exec-once=${getExe config.my.programs.wallpaper.package} -r
# Toggle waybar
bindr = $mainMod, SUPER_L, exec, pkill -USR1 waybar
# Extra Config
${cfg.extraConfig}
''

83
modules/programs/hyprland/default.nix
View File

@ -31,6 +31,15 @@ in
description = "list of keyboard layouts";
default = [ "de" "us" ];
};
monitors = mkOption {
type = types.listOf types.str;
description = "monitor settings";
default = [ ",preferred,auto,1" ];
};
extraConfig = mkOption {
type = types.str;
default = "";
};
};
config = mkIf cfg.enable {
@ -42,46 +51,47 @@ in
};
wallpapers.enable = true;
services.dunst.enable = true;
services.wallpaper.enable = true;
};
# enable home-manager module
home-manager.users.moritz = {
# import home-manager module
imports = [ inputs.hyprland.homeManagerModules.default ];
# enable home-manager module
wayland.windowManager.hyprland = {
enable = true;
package = hyprland;
recommendedEnvironment = true;
extraConfig = import ./_config.nix args;
};
};
# add waybar as a status bar
home-manager.users.moritz.programs.waybar = {
enable = true;
# start using systemd service
systemd = {
# add waybar as a status bar
programs.waybar = {
enable = true;
target = "graphical-session.target";
};
settings = {
mainBar = {
layer = "top";
position = "top";
height = 20;
modules-left = [ "hyprland/workspaces" ];
modules-center = [ "hyprland/window" ];
modules-right = [ "hyprland/language" "network" "memory" "cpu" "battery" "clock" ];
# start using systemd service
systemd = {
enable = true;
target = "graphical-session.target";
};
settings = {
mainBar = {
start_hidden = true;
layer = "top";
position = "top";
height = 20;
modules-left = [ "hyprland/workspaces" ];
modules-center = [ "hyprland/window" ];
modules-right = [ "hyprland/language" "network" "memory" "cpu" "battery" "clock" ];
};
};
};
};
# lock screen after timeout
home-manager.users.moritz = {
# lock screen after timeout
programs.swaylock = {
enable = true;
settings = {
color = "000000";
};
};
services.swayidle = {
enable = true;
events = [
@ -118,30 +128,23 @@ in
timeout = 30 * 60;
command = "${pkgs.systemd}/bin/systemctl suspend-and-hibernate";
};
systemdTarget = "hyprland-session.target";
systemdTarget = "graphical-session.target";
};
systemd.user.services.nextcloud-client.Service = {
RestartSec = "500ms";
Restart = "on-failure";
};
};
# adds pam module for swaylock
security.pam.services.swaylock = { };
# only consider graphical-session.target started when hyprland-sesstion.target is reached
systemd.user.targets.hyprland-session = {
partOf = [ "graphical-session.target" ];
wantedBy = [ "graphical-session.target" ];
before = [ "graphical-session.target" ];
};
systemd.user.services.xdg-desktop-portal-hyprland = {
after = [ "hyrpland-session.target" ];
after = [ "hyprland-session.target" ];
requiredBy = [ "xdg-desktop-portal.service" ];
};
home-manager.users.moritz.systemd.user.services.nextcloud-client.Service = {
RestartSec = "500ms";
Restart = "on-failure";
};
# add user packages for wayland and hyprland in particular
users.users.moritz.packages = with pkgs; [
brightnessctl # control brightness

8
modules/programs/nix.nix
View File

@ -57,17 +57,9 @@ in
settings = {
substituters = [
"https://cache.nixos.org/"
"https://jupyterwith.cachix.org"
"https://nix-community.cachix.org"
"https://pre-commit-hooks.cachix.org"
"https://hyprland.cachix.org"
];
trusted-public-keys = [
"jupyterwith.cachix.org-1:/kDy2B6YEhXGJuNguG1qyqIodMyO4w8KwWH4/vAc7CI="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
];
trusted-users = [ "root" "@wheel" ];

256
modules/programs/nvim/default.nix
View File

@ -3,242 +3,11 @@
with lib;
let
cfg = config.my.programs.nvim;
toLua = value: with builtins;
if value == null then "nil" else
if isBool value then boolToString value else
if isInt value || isFloat value then toString value else
if isString value then string value else
if isAttrs value then attrs value else
if isList value then list value else
abort "should never happen (value = ${value})";
string = str: ''"${toString str}"'';
attrs = set:
let
toKeyword = name: value: "${name} = ${toLua value}";
keywords = concatStringsSep ", " (mapAttrsToList toKeyword set);
in
"{ " + keywords + " }";
listContent = values: concatStringsSep ", " (map toLua values);
list = values: "{ " + listContent values + " }";
luaList = values: "{" + (concatStringsSep ", " values) + "}";
keybinding = { key, cmd, func, mode, desc }:
let
cmdString =
if cmd != null then toLua cmd else
if func != null then func else
abort "Either cmd or function must be set";
descString = optionalString (desc != null) "desc = ${toLua desc},";
in
''{ ${toLua key}, ${cmdString}, mode = ${toLua mode}, ${descString} }'';
lazySpecFromPlugin =
{ cmd
, conf
, dependencies
, enabled
, event
, ft
, init
, keys
, lazy
, opts
, plugin
, priority
}:
luaList
([
"dir = ${string plugin}"
"name = ${toLua (getName plugin)}"
]
++ (optional (opts != null) "opts = ${toLua opts}")
++ (optional (lazy != null) "lazy = ${toLua lazy}")
++ (optional (!enabled) "enabled = ${toLua enabled}")
++ (optional (dependencies != [ ]) "dependencies = ${luaList (map lazySpecFromPlugin dependencies)}")
++ (optional (init != null) "init = function(plugin)\n${init}\nend")
++ (optional (conf != null) "config = function(plugin, opts)\n${conf}\nend")
++ (optional (keys != [ ]) "keys = ${luaList (map keybinding keys)}")
++ (optional (event != [ ]) "event = ${toLua event}")
++ (optional (cmd != [ ]) "cmd = ${toLua cmd}")
++ (optional (ft != [ ]) "ft = ${toLua ft}")
++ (optional (priority != null) "priority = ${toLua priority}")
);
lazySpecs = luaList (map lazySpecFromPlugin cfg.plugins);
lazy = /* lua */ ''
require("lazy").setup(${lazySpecs})
'';
initLua =
let
text = lib.concatLines [ (builtins.readFile ./options.lua) lazy ];
in
pkgs.runCommand "init.lua" { inherit text; } ''
touch $out
echo -n "$text" > $out
${getExe pkgs.stylua} $out
'';
in
{
imports = lib.my.listModulesRec ./plugins;
options.my.programs.nvim = {
enable = mkEnableOption "nvim";
plugins = mkOption {
default = [ ];
description = ''
List of plugins with config.
'';
type = with types; listOf (
let
sub = submodule {
options = {
conf = mkOption {
type = nullOr str;
default = null;
description = ''
Lua function to be executed when the plugin is loaded.
'';
};
opts = mkOption {
type =
let
valueType = nullOr
(oneOf [
str
bool
int
float
(listOf valueType)
(attrsOf valueType)
]) // {
description = "Lua value";
};
in
nullOr (attrsOf valueType);
default = null;
description = ''
Lua table to be passed to te plugin config function.
'';
};
dependencies = mkOption {
type = listOf sub;
default = [ ];
description = ''
List of plugins this plugin depends on.
'';
};
init = mkOption {
type = nullOr str;
default = null;
description = ''
Lua code to be executed when the plugin is initialized.
'';
};
event = mkOption {
type = listOf str;
default = [ ];
description = ''
Event to load the plugin on.
'';
};
lazy = mkOption {
type = nullOr bool;
default = null;
description = ''
Whether to load the plugin lazily.
'';
};
plugin = mkOption {
type = package;
description = ''
The plugin package.
'';
};
enabled = mkOption {
type = bool;
default = true;
description = ''
Whether to enable the plugin.
'';
};
cmd = mkOption {
type = listOf str;
default = [ ];
description = ''
Command to load the plugin.
'';
};
ft = mkOption {
type = listOf str;
default = [ ];
description = ''
Filetype to load the plugin on.
'';
};
priority = mkOption {
type = nullOr int;
default = null;
description = ''
Priority to load the plugin.
'';
};
keys = mkOption {
default = [ ];
description = ''
List of keybindings.
'';
type = listOf (submodule {
options = {
key = mkOption {
type = str;
description = ''
Key to bind.
'';
};
cmd = mkOption {
type = nullOr str;
default = null;
description = ''
Command to execute.
'';
};
func = mkOption {
type = nullOr str;
default = null;
description = ''
Function to execute.
'';
};
mode = mkOption {
type = listOf str;
default = [ "n" ];
description = ''
Mode to bind the key in.
'';
};
desc = mkOption {
type = nullOr str;
default = null;
description = ''
Description of the keybinding.
'';
};
};
});
};
};
};
in
sub
);
};
};
options.my.programs.nvim.enable = mkEnableOption "nvim";
config = mkIf cfg.enable {
home-manager.users.moritz = {
@ -250,8 +19,6 @@ in
)
];
xdg.configFile."nvim/init.lua".source = initLua;
programs.neovim = {
enable = true;
package = pkgs.neovim-nightly;
@ -259,24 +26,21 @@ in
vimdiffAlias = true;
withNodeJs = true;
withPython3 = true;
extraPython3Packages = ps:
let
plugins = map (getAttr "plugin") cfg.plugins;
depAttrName = "python3Dependencies";
filtered = filter (hasAttr depAttrName) plugins;
funcs = map (getAttr depAttrName) filtered;
in
foldl (list: f: list ++ (f ps)) [ ] funcs;
extraPackages = with pkgs;
[
alejandra
black
checkmake
deadnix
dotenv-linter
fish
isort
jq
nil
nixd
nixpkgs-fmt
nodePackages.bash-language-server
nodePackages.jsonlint
ruff-lsp
rustfmt
shellcheck
shfmt
@ -287,10 +51,10 @@ in
typst
typst-lsp
yamlfmt
yamllint
];
plugins = [
pkgs.vimPlugins.lazy-nvim
];
extraLuaConfig = readFile ./options.lua;
lazy.enable = true;
};
};
};

6
modules/programs/nvim/options.lua
View File

@ -1,12 +1,6 @@
vim.g.mapleader = " "
vim.g.maplocalleader = ","
-- FIX to create spell dir if not existent
local spelldir = vim.fn.stdpath("config") .. "/spell"
if not vim.loop.fs_stat(spelldir) then
vim.fn.mkdir(spelldir, "p")
end
vim.opt.autoindent = true
vim.opt.backupdir = { vim.fn.stdpath("state") .. "/backup/" } -- don't store backup in files dir
vim.opt.clipboard = "unnamedplus" -- sync with system clipboard

10
modules/programs/nvim/plugins/coding.nix
View File

@ -1,8 +1,8 @@
{ pkgs, ... }:
{ pkgs, lib, ... }:
with builtins;
{
config.my.programs.nvim.plugins = with pkgs.vimPlugins; [
config.home-manager.users.moritz.programs.neovim.lazy.plugins = with pkgs.vimPlugins; [
{
plugin = formatter-nvim;
cmd = [ "Format" "Fmt" ];
@ -104,7 +104,6 @@ with builtins;
event = [ "BufRead" "BufNewFile" ];
conf = readFile ./lua/nvim-lspconfig.lua;
dependencies = [
{ plugin = lsp_signature-nvim; }
{
plugin = null-ls-nvim;
conf = readFile ./lua/null-ls-nvim.lua;
@ -192,7 +191,6 @@ with builtins;
];
dependencies = [
{ plugin = plenary-nvim; }
{ plugin = which-key-nvim; }
{ plugin = telescope-fzf-native-nvim; }
];
}
@ -301,5 +299,9 @@ with builtins;
];
opts = { };
}
{
plugin = nvim-puppeteer;
lazy = false; # NOTE: plugin lazy-loads itself.
}
];
}

6
modules/programs/nvim/plugins/lua/null-ls-nvim.lua
View File

@ -8,9 +8,15 @@ null_ls.setup({
-- Completion
null_ls.builtins.completion.spell,
-- Diagnostics
null_ls.builtins.diagnostics.checkmake,
null_ls.builtins.diagnostics.deadnix,
null_ls.builtins.diagnostics.dotenv_linter,
null_ls.builtins.diagnostics.fish,
null_ls.builtins.diagnostics.jsonlint,
null_ls.builtins.diagnostics.shellcheck,
null_ls.builtins.diagnostics.statix,
null_ls.builtins.diagnostics.trail_space,
null_ls.builtins.diagnostics.yamllint,
},
})

14
modules/programs/nvim/plugins/lua/nvim-cmp.lua
View File

@ -2,6 +2,14 @@ local cmp = require("cmp")
local luasnip = require("luasnip")
require("luasnip.loaders.from_vscode").lazy_load()
local has_words_before = function()
if vim.api.nvim_buf_get_option(0, "buftype") == "prompt" then
return false
end
local line, col = unpack(vim.api.nvim_win_get_cursor(0))
return col ~= 0 and vim.api.nvim_buf_get_text(0, line - 1, 0, line - 1, col, {})[1]:match("^%s*$") == nil
end
cmp.setup({
formatting = {
format = require("lspkind").cmp_format({
@ -26,8 +34,8 @@ cmp.setup({
["<C-e>"] = cmp.mapping.abort(),
["<CR>"] = cmp.mapping.confirm({ select = true }),
["<Tab>"] = cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_next_item()
if cmp.visible() and has_words_before() then
cmp.select_next_item({ behavior = cmp.SelectBehavior.Select })
elseif luasnip.expand_or_jumpable() then
luasnip.expand_or_jump()
else
@ -49,7 +57,7 @@ cmp.setup({
{ name = "buffer", priority = 1 },
{ name = "luasnip", priority = 2 },
{ name = "codeium", priority = 3 },
{ name = "nvim_lsp", priority = 4 },
{ name = "nvim_lsp", priority = 3 },
},
})

2
modules/programs/nvim/plugins/lua/nvim-lspconfig.lua
View File

@ -134,7 +134,7 @@ end
local servers = {
"bashls",
"nil_ls",
"nixd",
"pylsp",
"ruff_lsp",
"typst_lsp",

2
modules/programs/nvim/plugins/treesitter.nix
View File

@ -2,7 +2,7 @@
with builtins;
{
config.my.programs.nvim.plugins = with pkgs.vimPlugins; [
config.home-manager.users.moritz.programs.neovim.lazy.plugins = with pkgs.vimPlugins; [
{
plugin = nvim-treesitter;
event = [ "BufReadPost" "BufNewFile" ];

2
modules/programs/nvim/plugins/ui.nix
View File

@ -2,7 +2,7 @@
with builtins;
{
config.my.programs.nvim.plugins = with pkgs.vimPlugins; [
config.home-manager.users.moritz.programs.neovim.lazy.plugins = with pkgs.vimPlugins; [
{
plugin = which-key-nvim;
lazy = false;

6
modules/programs/tmux/default.nix
View File

@ -19,14 +19,14 @@ let
tmux-sessionizer = pkgs.writeFishApplication {
name = "ts";
runtimeInputs = with pkgs; [ tmux findutils coreutils procps fd fzf1 tmux-switch ];
runtimeInputs = with pkgs; [ tmux findutils coreutils procps fd tmux-switch gawk ];
text = readFile ./tmux-sessionizer/script.fish;
completions = readFile ./tmux-sessionizer/completions.fish;
};
tmux-attach = pkgs.writeFishApplication {
name = "ta";
runtimeInputs = with pkgs; [ tmux fzf1 tmux-switch ];
runtimeInputs = with pkgs; [ tmux tmux-switch ];
text = readFile ./tmux-attach/script.fish;
completions = readFile ./tmux-attach/completions.fish;
};
@ -97,7 +97,7 @@ in
if ! fish_is_root_user && test "$TERM_PROGRAM" != 'vscode' && ${insideVariableMissing}
if test -z $tmux_autostarted
set -x tmux_autostarted true
ts
tmux new -A -s home
end
end
'';

2
modules/programs/tmux/tmux-attach/script.fish
View File

@ -1,4 +1,4 @@
set selected (tmux list-sessions -F '#{session_name}' 2>/dev/null | fzf1 $argv)
set selected (tmux list-sessions -F '#{session_name}' 2>/dev/null | fzf --query "$argv")
if not test -n "$selected"
exit 1
end

9
modules/programs/tmux/tmux-sessionizer/script.fish Normal file → Executable file
View File

@ -1,4 +1,11 @@
set selected (fd -HIg '.git' ~/ --min-depth 1 --max-depth 5 --type d --prune --exec dirname {} | fzf1 $argv)
#!/usr/bin/env fish
set pipe (mktemp --dry-run)
mkfifo $pipe
fd -HIg '.git' ~/ --min-depth 1 --max-depth 5 --type d --prune --exec-batch dirname {} | tee $pipe >/dev/null &
fd . ~/ --min-depth 1 --max-depth 3 --type d --exec-batch realpath {} | tee $pipe >/dev/null &
set selected (cat $pipe | awk '!seen[$0]++' | fzf --query "$argv")
rm -f "$pipe"
set selected_name (basename $selected 2>/dev/null | string replace "." "_")

11
modules/programs/wallpaper/wallpaper.sh
View File

@ -2,6 +2,7 @@
WALLPAPERS_PATH="$HOME/.config/wallpapers"
WALLPAPERS=$(find "$WALLPAPERS_PATH" -type f,l)
DEBUG=0
function help() {
echo "Usage:"
@ -22,7 +23,11 @@ function setWallpaperX {
}
function setWallpaperWayland {
swaybg --mode fill -i "$1" 2>/dev/null &
if [[ $DEBUG -eq 1 ]]; then
swaybg --mode fill -i "$1" &
else
swaybg --mode fill -i "$1" 2>/dev/null &
fi
}
function setWallpaper() {
@ -53,6 +58,10 @@ while [[ $# -gt 0 ]]; do
shift # past argument
shift # past value
;;
-v | --verbose)
DEBUG=1
shift # past argument
;;
*)
POSITIONAL+=("$1") # save it in an array for later
shift # past argument

102
modules/security/default.nix
View File

@ -5,62 +5,64 @@
## System security tweaks
# Prevent replacing the running kernel w/o reboot
# security.protectKernelImage = lib.mkDefault true; # NOTE disabled for now to enable hibernate
boot = {
# tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy
# on ssd systems, and volatile! Because it's wiped on reboot.
boot.tmp.useTmpfs = lib.mkDefault true;
# If not using tmpfs, which is naturally purged on reboot, we must clean it
# /tmp ourselves. /tmp should be volatile storage!
boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
# tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy
# on ssd systems, and volatile! Because it's wiped on reboot.
tmp.useTmpfs = lib.mkDefault true;
# If not using tmpfs, which is naturally purged on reboot, we must clean it
# /tmp ourselves. /tmp should be volatile storage!
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
# Fix a security hole in place for backwards compatibility. See desc in
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
boot.loader.systemd-boot.editor = false;
# Fix a security hole in place for backwards compatibility. See desc in
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
loader.systemd-boot.editor = false;
boot.kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
kernel.sysctl = {
# The Magic SysRq key is a key combo that allows users connected to the
# system console of a Linux kernel to perform some low-level commands.
# Disable it, since we don't need it, and is a potential security concern.
"kernel.sysrq" = 0;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets (we're not a router)
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects (again, we're on a router)
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
# Log martian packages
"net.ipv4.conf.all.log_martians" = 1;
"net.ipv4.conf.default.log_martians" = 1;
## TCP hardening
# Prevent bogus ICMP errors from filling up logs.
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
# Reverse path filtering causes the kernel to do source validation of
# packets received from all interfaces. This can mitigate IP spoofing.
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.conf.all.rp_filter" = 1;
# Do not accept IP source route packets (we're not a router)
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
# Don't send ICMP redirects (again, we're on a router)
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.conf.default.send_redirects" = 0;
# Refuse ICMP redirects (MITM mitigations)
"net.ipv4.conf.all.accept_redirects" = 0;
"net.ipv4.conf.default.accept_redirects" = 0;
"net.ipv4.conf.all.secure_redirects" = 0;
"net.ipv4.conf.default.secure_redirects" = 0;
"net.ipv6.conf.all.accept_redirects" = 0;
"net.ipv6.conf.default.accept_redirects" = 0;
# Protects against SYN flood attacks
"net.ipv4.tcp_syncookies" = 1;
# Incomplete protection again TIME-WAIT assassination
"net.ipv4.tcp_rfc1337" = 1;
# Log martian packages
"net.ipv4.conf.all.log_martians" = 1;
"net.ipv4.conf.default.log_martians" = 1;
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
## TCP optimization
# TCP Fast Open is a TCP extension that reduces network latency by packing
# data in the senders initial TCP SYN. Setting 3 = enable TCP Fast Open for
# both incoming and outgoing connections:
"net.ipv4.tcp_fastopen" = 3;
# Bufferbloat mitigations + slight improvement in throughput & latency
"net.ipv4.tcp_congestion_control" = "bbr";
"net.core.default_qdisc" = "cake";
};
kernelModules = [ "tcp_bbr" ];
};
boot.kernelModules = [ "tcp_bbr" ];
# So we don't have to do this later...
security.acme.acceptTerms = true;

26
modules/services/wallpaper.nix Normal file
View File

@ -0,0 +1,26 @@
{ lib, config, ... }:
with lib;
let
cfg = config.my.services.wallpaper;
in
{
options.my.services.wallpaper = {
enable = mkEnableOption "wallpaper changer";
frequency = mkOption {
type = types.str;
default = "30m";
};
};
config = mkIf cfg.enable {
systemd.user.services.wallpaper = {
script = "${getExe config.my.programs.wallpaper.package} -r -v";
wantedBy = [ "graphical-session.target" ];
serviceConfig = {
Restart = "always";
RuntimeMaxSec = cfg.frequency;
ExitType = "cgroup";
};
};
};
}

16
overlays/fixes.nix Normal file
View File

@ -0,0 +1,16 @@
{ lib, ... }:
final: prev: {
# python-poetry/poetry#5929
poetry = final.symlinkJoin {
name = "poetry";
paths = [ prev.poetry ];
postBuild =
let
regex = "s/'([a-z]*[[:blank:]][a-z]*)''/\1'/g";
in
''
${lib.getExe final.gnused} -i -E "${regex}" "$out/share/fish/vendor_completions.d/poetry.fish"
'';
};
}

18
overlays/packages.nix
View File

@ -4,7 +4,6 @@ final: prev:
{
agenix = inputs.agenix.packages.${prev.system}.default;
hyprpaper = inputs.hyprpaper.packages.${prev.system}.default;
nil = inputs.nil.packages.${prev.system}.default;
nix-super = inputs.nix-super.packages.${prev.system}.default;
rofi-wayland = prev.rofi-wayland.overrideAttrs (_: {
src = inputs.rofi-wayland;
@ -13,18 +12,9 @@ final: prev:
timers = inputs.timers.packages.${prev.system}.default;
hyprland = inputs.hyprland.packages.${prev.system}.default;
fzf1 = final.writeShellApplication {
name = "fzf1";
runtimeInputs = with final; [ coreutils fzf fd ];
text = ''
#!/usr/bin/env bash
selected=$(fzf --query="$*" -1 < /dev/stdin)
if [[ -z $selected ]]; then
exit 0
fi
echo "$selected"
'';
xorg = prev.xorg // {
lndir = prev.xorg.lndir.overrideAttrs (_: {
meta.mainProgram = "lndir";
});
};
}

25
overlays/vimPlugins.nix
View File

@ -6,25 +6,25 @@ with lib.my;
vimPlugins = prev.vimPlugins // {
inherit (inputs.codeium-nvim.packages.${prev.system}.vimPlugins) codeium-nvim;
smartcolumn-nvim = prev.vimUtils.buildVimPluginFrom2Nix {
smartcolumn-nvim = prev.vimUtils.buildVimPlugin {
pname = "smartcolumn-nvim";
version = mkVersionInput inputs.smartcolumn-nvim;
src = inputs.smartcolumn-nvim;
};
telekasten-nvim = prev.vimUtils.buildVimPluginFrom2Nix {
telekasten-nvim = prev.vimUtils.buildVimPlugin {
pname = "telekasten-nvim";
version = mkVersionInput inputs.telekasten-nvim;
src = inputs.telekasten-nvim;
};
hmts-nvim = prev.vimUtils.buildVimPluginFrom2Nix {
hmts-nvim = prev.vimUtils.buildVimPlugin {
pname = "hmts-nvim";
version = mkVersionInput inputs.hmts-nvim;
src = inputs.hmts-nvim;
};
actions-preview-nvim = prev.vimUtils.buildVimPluginFrom2Nix {
actions-preview-nvim = prev.vimUtils.buildVimPlugin {
pname = "actions-preview-nvim";
version = mkVersionInput inputs.actions-preview-nvim;
src = inputs.actions-preview-nvim;
@ -39,5 +39,22 @@ with lib.my;
version = mkVersionInput inputs.nvim-treesitter;
src = inputs.nvim-treesitter;
});
# HACK: to fix error in nixpkgs version of nvim-lspconfig
nvim-lspconfig = prev.vimPlugins.nvim-lspconfig.overrideAttrs (_: {
version = mkVersionInput inputs.nvim-lspconfig;
src = inputs.nvim-lspconfig;
});
nvim-puppeteer = prev.vimUtils.buildVimPlugin {
pname = "nvim-puppeteer";
version = mkVersionInput inputs.nvim-puppeteer;
src = inputs.nvim-puppeteer;
};
null-ls-nvim = prev.vimPlugins.null-ls-nvim.overrideAttrs (a: {
version = mkVersionInput inputs.none-ls-nvim;
src = inputs.none-ls-nvim;
});
};
}

11
secrets/moritz-password.age Normal file
View File

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 wG6LYg LK0u1kmnMlRkk3s1nqpHREr0pbtQwc+Or9XFGSk5Syo
HLc3gWskZTeWfMPgR+EBn3R3ycn+7rWKgheZuP4o9Tg
-> ssh-ed25519 ZYd7Zg w8wh8buUNQcPdihFgWVyZfCg74x01YTSbnj8Sw5dhBQ
i8/rwKnUn2QIuTpLayg1+SzUnHbpOu7CdhAnO3u3/VU
-> ssh-ed25519 CjuqfA FPR6pGls0nRXB7lFUagHCcY39iuoSBab+T40aMuD8hQ
pyrcWA0Knw0iZf8CpfvmP5hsJf0Gba9LBKSQO1yGfbQ
-> CQVJ}-grease pf }&%
7Q
--- Mn5qor9GWHRU52zTv+kCqQljCZYsG1tO6ekZSH/p1yc
ÖÉôJžåODša¸õ0Cµ¼c´ <72>X *ú…F\uãÄAÎFOƒ<4F> ÔsKùt<»ù(œ5¢JÛMTD¶<S-iÇ1ã7Ó9™<39>ä[Çhqr>ÕÌv²Rãõµ?Mþe

BIN
secrets/root-password.age Normal file
View File

Binary file not shown.

3
secrets/secrets.nix
View File

@ -18,10 +18,11 @@ in
{
"github.age".publicKeys = all;
"ssh-home.age".publicKeys = personal;
"ssh-builder.age".publicKeys = personal;
"uni-vpn.age".publicKeys = personal;
"wireguard-preshared-key.age".publicKeys = personal;
"wireguard-private-key.age".publicKeys = personal;
"webis.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ];
"webis-ssh.age".publicKeys = hosts-personal ++ [ scadspc25 moritz ];
"root-password.age".publicKeys = hosts-personal ++ [ moritz ];
"moritz-password.age".publicKeys = hosts-personal ++ [ moritz ];
}

10
secrets/ssh-builder.age
View File

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 wG6LYg 5umyOPP+KaUaQckEZYnh+nyX2RIMDp/KtJraFuATQBM
qsS9JiY0qxR7IMwpH2x1VWF5A5/wrAkbeOzuMcf1fS0
-> ssh-ed25519 ZYd7Zg L9EJulnOPk7fEcmrWU8mVRbEN80dHCji1n4bnwGJigk
KTnk+Ku96gJ7Tj2egXyqX6UIuytHTuMFM1ygDXoIDxg
-> XQ.ai[-grease a ) r]>2~U
7CDc3c+1EZaEB15RE8JMzmdbr2WmQeP2ivIh4qgYTnKImHxJaJEhgScd0EzyEXVP
NZxuP+0
--- CE/X6hjRUWT1ya1ySIjFBnLdmPkVbL4ugDwYv9XGYoo
Úô½çµß‰¦¥×3Ïÿ8ìež:Im…èúÔF?U¨~Ù83ÍÉÜóÝðµôìNC<4E>zAÅãõúû°õM]0¥²fšð´ku˜¯†<C2AF>FL§lš<åÀSXCÅÛhEh<45> Î¥GKF<15>È<+çÒoŒ_<C592>ÝÐIP´ùça<vJ<>SxzŸÇyà£_\ÿ<>8p‰¥æ0v