feat(flake): use flake-parts
This commit is contained in:
parent
611584a0be
commit
e2a0172e2d
14 changed files with 576 additions and 489 deletions
222
flake.lock
222
flake.lock
|
@ -93,9 +93,28 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"devshell": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": "nixpkgs",
|
||||||
|
"systems": "systems"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1695195896,
|
||||||
|
"narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "devshell",
|
||||||
|
"rev": "05d40d17bf3459606316e3e9ec683b784ff28f16",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "devshell",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"disko": {
|
"disko": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695380190,
|
"lastModified": 1695380190,
|
||||||
|
@ -160,6 +179,24 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-parts": {
|
"flake-parts": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1693611461,
|
||||||
|
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "flake-parts",
|
||||||
|
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "flake-parts",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-parts_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs-lib": [
|
"nixpkgs-lib": [
|
||||||
"neovim-nightly-overlay",
|
"neovim-nightly-overlay",
|
||||||
|
@ -180,9 +217,9 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-parts_2": {
|
"flake-parts_3": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs-lib": "nixpkgs-lib_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688466019,
|
"lastModified": 1688466019,
|
||||||
|
@ -197,7 +234,7 @@
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-parts_3": {
|
"flake-parts_4": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs-lib": [
|
"nixpkgs-lib": [
|
||||||
"neovim-nightly-overlay",
|
"neovim-nightly-overlay",
|
||||||
|
@ -222,7 +259,7 @@
|
||||||
},
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems"
|
"systems": "systems_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694529238,
|
"lastModified": 1694529238,
|
||||||
|
@ -240,7 +277,7 @@
|
||||||
},
|
},
|
||||||
"flake-utils_2": {
|
"flake-utils_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_3"
|
"systems": "systems_4"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1685518550,
|
"lastModified": 1685518550,
|
||||||
|
@ -258,7 +295,7 @@
|
||||||
},
|
},
|
||||||
"flake-utils_3": {
|
"flake-utils_3": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_4"
|
"systems": "systems_5"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1685518550,
|
"lastModified": 1685518550,
|
||||||
|
@ -313,9 +350,9 @@
|
||||||
},
|
},
|
||||||
"hercules-ci-agent": {
|
"hercules-ci-agent": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-parts": "flake-parts_3",
|
"flake-parts": "flake-parts_4",
|
||||||
"haskell-flake": "haskell-flake",
|
"haskell-flake": "haskell-flake",
|
||||||
"nixpkgs": "nixpkgs_5"
|
"nixpkgs": "nixpkgs_6"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688568579,
|
"lastModified": 1688568579,
|
||||||
|
@ -332,7 +369,7 @@
|
||||||
},
|
},
|
||||||
"hercules-ci-effects": {
|
"hercules-ci-effects": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-parts": "flake-parts_2",
|
"flake-parts": "flake-parts_3",
|
||||||
"hercules-ci-agent": "hercules-ci-agent",
|
"hercules-ci-agent": "hercules-ci-agent",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"neovim-nightly-overlay",
|
"neovim-nightly-overlay",
|
||||||
|
@ -412,7 +449,7 @@
|
||||||
},
|
},
|
||||||
"hypr-contrib": {
|
"hypr-contrib": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs_2"
|
"nixpkgs": "nixpkgs_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695455081,
|
"lastModified": 1695455081,
|
||||||
|
@ -431,8 +468,8 @@
|
||||||
"hyprland": {
|
"hyprland": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"hyprland-protocols": "hyprland-protocols",
|
"hyprland-protocols": "hyprland-protocols",
|
||||||
"nixpkgs": "nixpkgs_3",
|
"nixpkgs": "nixpkgs_4",
|
||||||
"systems": "systems_2",
|
"systems": "systems_3",
|
||||||
"wlroots": "wlroots",
|
"wlroots": "wlroots",
|
||||||
"xdph": "xdph"
|
"xdph": "xdph"
|
||||||
},
|
},
|
||||||
|
@ -477,7 +514,7 @@
|
||||||
},
|
},
|
||||||
"hyprpaper": {
|
"hyprpaper": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs_4"
|
"nixpkgs": "nixpkgs_5"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694600309,
|
"lastModified": 1694600309,
|
||||||
|
@ -588,10 +625,10 @@
|
||||||
"neovim-nightly-overlay": {
|
"neovim-nightly-overlay": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
"flake-parts": "flake-parts",
|
"flake-parts": "flake-parts_2",
|
||||||
"hercules-ci-effects": "hercules-ci-effects",
|
"hercules-ci-effects": "hercules-ci-effects",
|
||||||
"neovim-flake": "neovim-flake",
|
"neovim-flake": "neovim-flake",
|
||||||
"nixpkgs": "nixpkgs_6"
|
"nixpkgs": "nixpkgs_7"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695513850,
|
"lastModified": 1695513850,
|
||||||
|
@ -671,11 +708,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694948089,
|
"lastModified": 1677383253,
|
||||||
"narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=",
|
"narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db",
|
"rev": "9952d6bc395f5841262b006fbace8dd7e143b634",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -686,6 +723,24 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
|
"locked": {
|
||||||
|
"dir": "lib",
|
||||||
|
"lastModified": 1693471703,
|
||||||
|
"narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"dir": "lib",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-lib_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "lib",
|
"dir": "lib",
|
||||||
"lastModified": 1688049487,
|
"lastModified": 1688049487,
|
||||||
|
@ -735,7 +790,39 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs_10": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1692934111,
|
||||||
|
"narHash": "sha256-9EEE59v/esKNMR5zKbLRV9NoRPYvERw5jHQOnfr47bk=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "1e44a037bbf4fcaba041436e65e87be88f3f495b",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixpkgs-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1694948089,
|
||||||
|
"narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixpkgs-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1658161305,
|
"lastModified": 1658161305,
|
||||||
"narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=",
|
"narHash": "sha256-X/nhnMCa1Wx4YapsspyAs6QYz6T/85FofrI6NpdPDHg=",
|
||||||
|
@ -751,7 +838,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694767346,
|
"lastModified": 1694767346,
|
||||||
"narHash": "sha256-5uH27SiVFUwsTsqC5rs3kS7pBoNhtoy9QfTP9BmknGk=",
|
"narHash": "sha256-5uH27SiVFUwsTsqC5rs3kS7pBoNhtoy9QfTP9BmknGk=",
|
||||||
|
@ -767,7 +854,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1683014792,
|
"lastModified": 1683014792,
|
||||||
"narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=",
|
"narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=",
|
||||||
|
@ -783,7 +870,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_5": {
|
"nixpkgs_6": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688322751,
|
"lastModified": 1688322751,
|
||||||
"narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=",
|
"narHash": "sha256-eW62dC5f33oKZL7VWlomttbUnOTHrAbte9yNUNW8rbk=",
|
||||||
|
@ -799,33 +886,17 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_6": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1695318763,
|
|
||||||
"narHash": "sha256-FHVPDRP2AfvsxAdc+AsgFJevMz5VBmnZglFUMlxBkcY=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "e12483116b3b51a185a33a272bf351e357ba9a99",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixpkgs-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_7": {
|
"nixpkgs_7": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695318763,
|
"lastModified": 1695318763,
|
||||||
"narHash": "sha256-FHVPDRP2AfvsxAdc+AsgFJevMz5VBmnZglFUMlxBkcY=",
|
"narHash": "sha256-FHVPDRP2AfvsxAdc+AsgFJevMz5VBmnZglFUMlxBkcY=",
|
||||||
"owner": "nixos",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "e12483116b3b51a185a33a272bf351e357ba9a99",
|
"rev": "e12483116b3b51a185a33a272bf351e357ba9a99",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "NixOS",
|
||||||
"ref": "nixpkgs-unstable",
|
"ref": "nixpkgs-unstable",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
|
@ -833,15 +904,15 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_8": {
|
"nixpkgs_8": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1689261696,
|
"lastModified": 1695318763,
|
||||||
"narHash": "sha256-LzfUtFs9MQRvIoQ3MfgSuipBVMXslMPH/vZ+nM40LkA=",
|
"narHash": "sha256-FHVPDRP2AfvsxAdc+AsgFJevMz5VBmnZglFUMlxBkcY=",
|
||||||
"owner": "NixOS",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "df1eee2aa65052a18121ed4971081576b25d6b5c",
|
"rev": "e12483116b3b51a185a33a272bf351e357ba9a99",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "nixos",
|
||||||
"ref": "nixpkgs-unstable",
|
"ref": "nixpkgs-unstable",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
|
@ -849,11 +920,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_9": {
|
"nixpkgs_9": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1692934111,
|
"lastModified": 1689261696,
|
||||||
"narHash": "sha256-9EEE59v/esKNMR5zKbLRV9NoRPYvERw5jHQOnfr47bk=",
|
"narHash": "sha256-LzfUtFs9MQRvIoQ3MfgSuipBVMXslMPH/vZ+nM40LkA=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "1e44a037bbf4fcaba041436e65e87be88f3f495b",
|
"rev": "df1eee2aa65052a18121ed4971081576b25d6b5c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -901,7 +972,7 @@
|
||||||
"flake-compat": "flake-compat_3",
|
"flake-compat": "flake-compat_3",
|
||||||
"flake-utils": "flake-utils_3",
|
"flake-utils": "flake-utils_3",
|
||||||
"gitignore": "gitignore",
|
"gitignore": "gitignore",
|
||||||
"nixpkgs": "nixpkgs_8",
|
"nixpkgs": "nixpkgs_9",
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -941,7 +1012,9 @@
|
||||||
"agenix": "agenix",
|
"agenix": "agenix",
|
||||||
"arkenfox-userjs": "arkenfox-userjs",
|
"arkenfox-userjs": "arkenfox-userjs",
|
||||||
"asus-touchpad-numpad-driver": "asus-touchpad-numpad-driver",
|
"asus-touchpad-numpad-driver": "asus-touchpad-numpad-driver",
|
||||||
|
"devshell": "devshell",
|
||||||
"disko": "disko",
|
"disko": "disko",
|
||||||
|
"flake-parts": "flake-parts",
|
||||||
"flake-utils": "flake-utils",
|
"flake-utils": "flake-utils",
|
||||||
"hmts-nvim": "hmts-nvim",
|
"hmts-nvim": "hmts-nvim",
|
||||||
"home-manager": "home-manager_2",
|
"home-manager": "home-manager_2",
|
||||||
|
@ -954,7 +1027,7 @@
|
||||||
"nil": "nil",
|
"nil": "nil",
|
||||||
"nix-lazy-nvim": "nix-lazy-nvim",
|
"nix-lazy-nvim": "nix-lazy-nvim",
|
||||||
"nix-super": "nix-super",
|
"nix-super": "nix-super",
|
||||||
"nixpkgs": "nixpkgs_7",
|
"nixpkgs": "nixpkgs_8",
|
||||||
"nvim-puppeteer": "nvim-puppeteer",
|
"nvim-puppeteer": "nvim-puppeteer",
|
||||||
"nvim-treesitter": "nvim-treesitter",
|
"nvim-treesitter": "nvim-treesitter",
|
||||||
"pre-commit-hooks": "pre-commit-hooks",
|
"pre-commit-hooks": "pre-commit-hooks",
|
||||||
|
@ -1039,21 +1112,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"systems_2": {
|
"systems_2": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1689347949,
|
|
||||||
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default-linux",
|
|
||||||
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default-linux",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"systems_3": {
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681028828,
|
"lastModified": 1681028828,
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
@ -1068,6 +1126,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"systems_3": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1689347949,
|
||||||
|
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default-linux",
|
||||||
|
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default-linux",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"systems_4": {
|
"systems_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681028828,
|
"lastModified": 1681028828,
|
||||||
|
@ -1098,6 +1171,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"systems_6": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"telekasten-nvim": {
|
"telekasten-nvim": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -1133,7 +1221,7 @@
|
||||||
"timers": {
|
"timers": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"naersk": "naersk",
|
"naersk": "naersk",
|
||||||
"nixpkgs": "nixpkgs_9",
|
"nixpkgs": "nixpkgs_10",
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -1152,7 +1240,7 @@
|
||||||
},
|
},
|
||||||
"utils": {
|
"utils": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_5"
|
"systems": "systems_6"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1692799911,
|
"lastModified": 1692799911,
|
||||||
|
|
251
flake.nix
251
flake.nix
|
@ -1,11 +1,6 @@
|
||||||
{
|
{
|
||||||
description = "My awesome system config";
|
description = "My awesome system config";
|
||||||
|
|
||||||
/*
|
|
||||||
╔══════════════════════════════════════════════════════════╗
|
|
||||||
║ Inputs ║
|
|
||||||
╚══════════════════════════════════════════════════════════╝
|
|
||||||
*/
|
|
||||||
inputs = {
|
inputs = {
|
||||||
# Nix
|
# Nix
|
||||||
master.url = "github:nixos/nixpkgs";
|
master.url = "github:nixos/nixpkgs";
|
||||||
|
@ -13,6 +8,8 @@
|
||||||
stable.url = "github:nixos/nixpkgs/nixos-23.05";
|
stable.url = "github:nixos/nixpkgs/nixos-23.05";
|
||||||
|
|
||||||
flake-utils.url = "github:numtide/flake-utils";
|
flake-utils.url = "github:numtide/flake-utils";
|
||||||
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||||
|
devshell.url = "github:numtide/devshell";
|
||||||
|
|
||||||
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
agenix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
agenix.url = "github:ryantm/agenix";
|
agenix.url = "github:ryantm/agenix";
|
||||||
|
@ -20,9 +17,11 @@
|
||||||
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
home-manager.url = "github:nix-community/home-manager";
|
home-manager.url = "github:nix-community/home-manager";
|
||||||
|
|
||||||
nil.inputs.flake-utils.follows = "flake-utils";
|
nil = {
|
||||||
nil.inputs.nixpkgs.follows = "nixpkgs";
|
inputs.flake-utils.follows = "flake-utils";
|
||||||
nil.url = "github:oxalica/nil";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
url = "github:oxalica/nil";
|
||||||
|
};
|
||||||
|
|
||||||
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
|
pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
|
||||||
|
|
||||||
|
@ -77,147 +76,141 @@
|
||||||
timers.url = "git+https://gitea.moritzboeh.me/moritz/timers.git";
|
timers.url = "git+https://gitea.moritzboeh.me/moritz/timers.git";
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
outputs = inputs@{ self, flake-parts, ... }:
|
||||||
╔══════════════════════════════════════════════════════════╗
|
|
||||||
║ Outputs ║
|
|
||||||
╚══════════════════════════════════════════════════════════╝
|
|
||||||
*/
|
|
||||||
outputs = inputs@{ self, nixpkgs, ... }:
|
|
||||||
let
|
let
|
||||||
systems = [ "x86_64-linux" "aarch64-linux" ];
|
defaultOverlays = [
|
||||||
|
|
||||||
forEachSystem = lib.genAttrs systems;
|
|
||||||
|
|
||||||
lib = nixpkgs.lib.extend
|
|
||||||
(self: _: { my = import ./lib { lib = self; }; });
|
|
||||||
|
|
||||||
overlay = import ./overlays {
|
|
||||||
inherit inputs;
|
|
||||||
inherit (self) lib;
|
|
||||||
};
|
|
||||||
|
|
||||||
config.allowUnfree = true;
|
|
||||||
|
|
||||||
overlays = [
|
|
||||||
inputs.hypr-contrib.overlays.default
|
inputs.hypr-contrib.overlays.default
|
||||||
inputs.neovim-nightly-overlay.overlay
|
inputs.neovim-nightly-overlay.overlay
|
||||||
overlay
|
self.overlay
|
||||||
];
|
];
|
||||||
|
finalOverlays =
|
||||||
pkgsFor = system: import nixpkgs {
|
defaultOverlays ++ [
|
||||||
inherit system config;
|
|
||||||
overlays = overlays ++ [
|
|
||||||
(
|
(
|
||||||
_: prev: {
|
_: prev: {
|
||||||
master = import inputs.master {
|
master = import inputs.master {
|
||||||
inherit (prev) system;
|
inherit (prev) system;
|
||||||
inherit overlays config;
|
overlays = defaultOverlays;
|
||||||
};
|
};
|
||||||
stable = import inputs.stable {
|
stable = import inputs.stable {
|
||||||
inherit (prev) system;
|
inherit (prev) system;
|
||||||
inherit overlays config;
|
overlays = defaultOverlays;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
overlay
|
|
||||||
];
|
];
|
||||||
};
|
in
|
||||||
|
flake-parts.lib.mkFlake { inherit inputs; } {
|
||||||
defaultModules = [
|
imports = [
|
||||||
{ nixpkgs = { inherit config; }; }
|
inputs.flake-parts.flakeModules.easyOverlay
|
||||||
./modules
|
inputs.pre-commit-hooks.flakeModule
|
||||||
inputs.home-manager.nixosModule
|
inputs.devshell.flakeModule
|
||||||
{
|
|
||||||
home-manager = {
|
|
||||||
useGlobalPkgs = true;
|
|
||||||
useUserPackages = true;
|
|
||||||
extraSpecialArgs = { inherit inputs self; };
|
|
||||||
sharedModules = [ inputs.nix-lazy-nvim.homeManagerModules.default ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
inputs.agenix.nixosModules.age
|
|
||||||
inputs.disko.nixosModules.default
|
|
||||||
inputs.impermanence.nixosModules.impermanence
|
|
||||||
];
|
];
|
||||||
|
|
||||||
hosts = self.lib.my.mapModules
|
systems = [ "x86_64-linux" ];
|
||||||
(path:
|
perSystem = { config, self', inputs', pkgs, system, ... }: {
|
||||||
let
|
_module.args.pkgs =
|
||||||
system = import "${path}/system.nix";
|
import inputs.nixpkgs {
|
||||||
pkgs = pkgsFor system;
|
inherit system;
|
||||||
in
|
overlays = finalOverlays;
|
||||||
lib.nixosSystem {
|
};
|
||||||
inherit pkgs system lib;
|
|
||||||
specialArgs = {
|
|
||||||
inherit inputs self;
|
|
||||||
};
|
|
||||||
modules = defaultModules ++ [ path ];
|
|
||||||
})
|
|
||||||
./hosts;
|
|
||||||
|
|
||||||
pre-commit-check = system: inputs.pre-commit-hooks.lib."${system}".run {
|
devshells.default = {
|
||||||
src = ./.;
|
devshell.startup.pre-commit-hook.text = config.pre-commit.installationScript;
|
||||||
hooks = {
|
commands = [
|
||||||
nixpkgs-fmt.enable = true;
|
|
||||||
statix.enable = true;
|
|
||||||
shellcheck.enable = true;
|
|
||||||
stylua.enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
with lib; {
|
|
||||||
inherit lib;
|
|
||||||
|
|
||||||
# ╔══════════════════════════════════════════════════════════╗
|
|
||||||
# ║ NixOS Configurations ║
|
|
||||||
# ╚══════════════════════════════════════════════════════════╝
|
|
||||||
|
|
||||||
nixosConfigurations = hosts;
|
|
||||||
|
|
||||||
# ╔══════════════════════════════════════════════════════════╗
|
|
||||||
# ║ Other Outputs ║
|
|
||||||
# ╚══════════════════════════════════════════════════════════╝
|
|
||||||
|
|
||||||
devShells = forEachSystem (system:
|
|
||||||
let
|
|
||||||
pkgs = pkgsFor system;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
default = pkgs.mkShell
|
|
||||||
{
|
{
|
||||||
inherit (pre-commit-check system) shellHook;
|
name = "agenix";
|
||||||
name = "dotfiles";
|
help = "wrapper around agenix";
|
||||||
packages = with pkgs; [
|
command = ''
|
||||||
# Secrets
|
sudo EDITOR="${pkgs.lib.getExe pkgs.vim}" ${pkgs.lib.getExe' inputs'.agenix.packages.default "agenix"} --identity /etc/ssh/ssh_host_ed25519_key "$@"
|
||||||
agenix
|
'';
|
||||||
# cachix
|
}
|
||||||
cachix
|
{
|
||||||
];
|
name = "nixos-build";
|
||||||
};
|
help = "use nom to build system";
|
||||||
});
|
command =
|
||||||
|
''
|
||||||
checks = forEachSystem (system: {
|
nom build --no-link ".#nixosConfigurations.$(hostname).config.system.build.toplevel" $@
|
||||||
pre-commit-check = pre-commit-check system;
|
'';
|
||||||
});
|
}
|
||||||
|
{
|
||||||
legacyPackages = forEachSystem pkgsFor;
|
name = "nixos-switch";
|
||||||
|
help = "wrapper for nixos-rebuild switch";
|
||||||
packages = forEachSystem (system:
|
command = "sudo nixos-rebuild switch --flake . $@";
|
||||||
let
|
}
|
||||||
pkgs = pkgsFor system;
|
{
|
||||||
in
|
name = "nixos-test";
|
||||||
filterAttrs (_: isDerivation)
|
help = "wrapper for nixos-rebuild switch";
|
||||||
(overlay pkgs pkgs)
|
command = "sudo nixos-rebuild test --flake . $@";
|
||||||
);
|
}
|
||||||
|
{
|
||||||
overlays =
|
name = "nixos-boot";
|
||||||
let
|
help = "wrapper for nixos-rebuild switch";
|
||||||
overlayNames = attrNames (overlay null null);
|
command = "sudo nixos-rebuild boot --flake . $@";
|
||||||
mkOverlay = name: final: prev: (overlay final prev).${name};
|
}
|
||||||
in
|
];
|
||||||
(genAttrs overlayNames mkOverlay) // {
|
|
||||||
default = overlay;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
pre-commit = {
|
||||||
|
check.enable = true;
|
||||||
|
settings = {
|
||||||
|
hooks = {
|
||||||
|
nixpkgs-fmt.enable = true;
|
||||||
|
statix.enable = true;
|
||||||
|
shellcheck.enable = true;
|
||||||
|
stylua.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
legacyPackages = pkgs;
|
||||||
|
|
||||||
|
packages =
|
||||||
|
self.lib.filterAttrs (_: self.lib.isDerivation)
|
||||||
|
(self.overlay pkgs pkgs);
|
||||||
|
};
|
||||||
|
|
||||||
|
flake = {
|
||||||
|
lib = inputs.nixpkgs.lib.extend
|
||||||
|
(self: _: { my = import ./lib { lib = self; }; });
|
||||||
|
|
||||||
|
overlay = import ./overlays {
|
||||||
|
inherit inputs;
|
||||||
|
inherit (self) lib;
|
||||||
|
};
|
||||||
|
|
||||||
|
nixosConfigurations = self.lib.my.mapModules
|
||||||
|
(path:
|
||||||
|
self.lib.nixosSystem {
|
||||||
|
inherit (self) lib;
|
||||||
|
specialArgs = {
|
||||||
|
inherit inputs self;
|
||||||
|
};
|
||||||
|
modules =
|
||||||
|
[
|
||||||
|
./modules
|
||||||
|
{
|
||||||
|
nixpkgs = {
|
||||||
|
overlays = finalOverlays;
|
||||||
|
config.allowUnfree = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
inputs.home-manager.nixosModule
|
||||||
|
{
|
||||||
|
home-manager = {
|
||||||
|
useGlobalPkgs = true;
|
||||||
|
useUserPackages = true;
|
||||||
|
extraSpecialArgs = { inherit inputs self; };
|
||||||
|
sharedModules = [ inputs.nix-lazy-nvim.homeManagerModules.default ];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
inputs.agenix.nixosModules.age
|
||||||
|
inputs.disko.nixosModules.default
|
||||||
|
inputs.impermanence.nixosModules.impermanence
|
||||||
|
]
|
||||||
|
++ [ path ];
|
||||||
|
})
|
||||||
|
./hosts;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nixConfig = {
|
nixConfig = {
|
||||||
|
|
|
@ -31,14 +31,27 @@
|
||||||
home-manager.users.moritz.home.packages = with pkgs; [
|
home-manager.users.moritz.home.packages = with pkgs; [
|
||||||
jetbrains.idea-community
|
jetbrains.idea-community
|
||||||
];
|
];
|
||||||
|
hardware = {
|
||||||
|
keyboard.qmk.enable = true;
|
||||||
|
nvidia.modesetting.enable = true;
|
||||||
|
opengl = {
|
||||||
|
enable = true;
|
||||||
|
driSupport32Bit = true;
|
||||||
|
driSupport = true;
|
||||||
|
};
|
||||||
|
|
||||||
hardware.keyboard.qmk.enable = true;
|
# sensors
|
||||||
|
enableAllFirmware = true;
|
||||||
|
|
||||||
# KERNEL
|
bluetooth.enable = true;
|
||||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
};
|
||||||
|
|
||||||
# BOOT
|
|
||||||
boot = {
|
boot = {
|
||||||
|
# KERNEL
|
||||||
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
|
# BOOT
|
||||||
|
|
||||||
supportedFilesystems = [ "btrfs" "ntfs" ];
|
supportedFilesystems = [ "btrfs" "ntfs" ];
|
||||||
loader = {
|
loader = {
|
||||||
grub = {
|
grub = {
|
||||||
|
@ -49,6 +62,8 @@
|
||||||
};
|
};
|
||||||
efi.canTouchEfiVariables = true;
|
efi.canTouchEfiVariables = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
kernelModules = [ "lm92" "drivetemp" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
# NETWORKING
|
# NETWORKING
|
||||||
|
@ -73,33 +88,23 @@
|
||||||
};
|
};
|
||||||
networkmanager.enable = true;
|
networkmanager.enable = true;
|
||||||
};
|
};
|
||||||
hardware.nvidia.modesetting.enable = true;
|
services = {
|
||||||
services.xserver.videoDrivers = [ "nvidia" ];
|
xserver.videoDrivers = [ "nvidia" ];
|
||||||
hardware.opengl = {
|
xserver.xrandrHeads = [
|
||||||
enable = true;
|
{ output = "HDMI-1"; }
|
||||||
driSupport32Bit = true;
|
{
|
||||||
driSupport = true;
|
output = "HDMI-0";
|
||||||
|
primary = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
# Powersaving
|
||||||
|
tlp.enable = true;
|
||||||
};
|
};
|
||||||
services.xserver.xrandrHeads = [
|
|
||||||
{ output = "HDMI-1"; }
|
|
||||||
{
|
|
||||||
output = "HDMI-0";
|
|
||||||
primary = true;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
console.keyMap = "de";
|
console.keyMap = "de";
|
||||||
|
|
||||||
# Powersaving
|
|
||||||
services.tlp.enable = true;
|
|
||||||
powerManagement.enable = true;
|
powerManagement.enable = true;
|
||||||
|
|
||||||
# sensors
|
|
||||||
hardware.enableAllFirmware = true;
|
|
||||||
environment.systemPackages = with pkgs; [ lm_sensors ];
|
environment.systemPackages = with pkgs; [ lm_sensors ];
|
||||||
boot.kernelModules = [ "lm92" "drivetemp" ];
|
|
||||||
|
|
||||||
hardware.bluetooth.enable = true;
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
|
|
|
@ -7,51 +7,56 @@
|
||||||
, ...
|
, ...
|
||||||
}: {
|
}: {
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
boot = {
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
initrd = {
|
||||||
boot.initrd.kernelModules = [ ];
|
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
kernelModules = [ ];
|
||||||
boot.extraModulePackages = [ ];
|
luks.devices."enc".device = "/dev/disk/by-uuid/30025a9f-44cf-4074-8ae2-d4925efd67dd";
|
||||||
|
};
|
||||||
fileSystems."/" = {
|
kernelModules = [ "kvm-amd" ];
|
||||||
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
|
extraModulePackages = [ ];
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=root" "compress=zstd" ];
|
|
||||||
};
|
};
|
||||||
|
fileSystems = {
|
||||||
|
"/" = {
|
||||||
|
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=root" "compress=zstd" ];
|
||||||
|
};
|
||||||
|
|
||||||
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/30025a9f-44cf-4074-8ae2-d4925efd67dd";
|
"/home" = {
|
||||||
|
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=home" "compress=zstd" ];
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/home" = {
|
"/nix" = {
|
||||||
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
|
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=home" "compress=zstd" ];
|
options = [ "subvol=nix" "compress=zstd" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/nix" = {
|
"/var/log" = {
|
||||||
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
|
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=nix" "compress=zstd" ];
|
options = [ "subvol=log" "compress=zstd" ];
|
||||||
};
|
neededForBoot = true;
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/var/log" = {
|
"/boot" = {
|
||||||
device = "/dev/disk/by-uuid/668a49b3-d169-461f-861d-0c3e6a1642d1";
|
device = "/dev/disk/by-uuid/297B-C04C";
|
||||||
fsType = "btrfs";
|
fsType = "vfat";
|
||||||
options = [ "subvol=log" "compress=zstd" ];
|
};
|
||||||
neededForBoot = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
"/media/games" = {
|
||||||
device = "/dev/disk/by-uuid/297B-C04C";
|
device = "/dev/disk/by-uuid/8f92ff36-a685-4a67-a3d4-55136dc5f286";
|
||||||
fsType = "vfat";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/media/games" = {
|
|
||||||
device = "/dev/disk/by-uuid/8f92ff36-a685-4a67-a3d4-55136dc5f286";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [{ device = "/dev/disk/by-uuid/00ad6f74-f23e-4ac0-abfb-89bdfe5ab8ae"; }];
|
swapDevices = [{ device = "/dev/disk/by-uuid/00ad6f74-f23e-4ac0-abfb-89bdfe5ab8ae"; }];
|
||||||
|
|
||||||
hardware.cpu.amd.updateMicrocode =
|
hardware.cpu.amd.updateMicrocode =
|
||||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
"x86_64-linux"
|
|
|
@ -74,54 +74,56 @@
|
||||||
services.tlp.enable = true;
|
services.tlp.enable = true;
|
||||||
powerManagement.enable = true;
|
powerManagement.enable = true;
|
||||||
|
|
||||||
# Hibernare on low battery
|
systemd = {
|
||||||
systemd.timers.hibernate-on-low-battery = {
|
# Hibernare on low battery
|
||||||
wantedBy = [ "multi-user.target" ];
|
timers.hibernate-on-low-battery = {
|
||||||
timerConfig = {
|
wantedBy = [ "multi-user.target" ];
|
||||||
OnUnitActiveSec = "120";
|
timerConfig = {
|
||||||
OnBootSec = "120";
|
OnUnitActiveSec = "120";
|
||||||
|
OnBootSec = "120";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.hibernate-on-low-battery =
|
||||||
|
let
|
||||||
|
batteryLevelSufficient =
|
||||||
|
let
|
||||||
|
batteryPath = "/sys/class/power_supply/BATT";
|
||||||
|
in
|
||||||
|
pkgs.writeShellScriptBin "battery-level-sufficient" ''
|
||||||
|
test "$(cat ${batteryPath}/status)" != Discharging \
|
||||||
|
|| test "$(cat ${batteryPath}/capacity)" -ge 5
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
onFailure = [ "hibernate.target" ];
|
||||||
|
script = "${batteryLevelSufficient}/bin/battery-level-sufficient";
|
||||||
|
};
|
||||||
|
services.asus-touchpad-numpad = {
|
||||||
|
description = "Activate Numpad inside the touchpad with top right corner switch";
|
||||||
|
documentation = [ "https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver" ];
|
||||||
|
path = [ pkgs.i2c-tools ];
|
||||||
|
script = ''
|
||||||
|
cd ${inputs.asus-touchpad-numpad-driver}
|
||||||
|
# In the last argument here you choose your layout.
|
||||||
|
${
|
||||||
|
pkgs.python3.withPackages (ps: [ps.libevdev])
|
||||||
|
}/bin/python asus_touchpad.py m433ia
|
||||||
|
'';
|
||||||
|
# Probably needed because it fails on boot seemingly because the driver
|
||||||
|
# is not ready yet. Alternativly, you can use `sleep 3` or similar in the
|
||||||
|
# `script`.
|
||||||
|
serviceConfig = {
|
||||||
|
RestartSec = "1s";
|
||||||
|
Restart = "on-failure";
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
systemd.services.hibernate-on-low-battery =
|
|
||||||
let
|
|
||||||
batteryLevelSufficient =
|
|
||||||
let
|
|
||||||
batteryPath = "/sys/class/power_supply/BATT";
|
|
||||||
in
|
|
||||||
pkgs.writeShellScriptBin "battery-level-sufficient" ''
|
|
||||||
test "$(cat ${batteryPath}/status)" != Discharging \
|
|
||||||
|| test "$(cat ${batteryPath}/capacity)" -ge 5
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
{
|
|
||||||
serviceConfig.Type = "oneshot";
|
|
||||||
onFailure = [ "hibernate.target" ];
|
|
||||||
script = "${batteryLevelSufficient}/bin/battery-level-sufficient";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Trackpad
|
# Trackpad
|
||||||
# i2c for https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver
|
# i2c for https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver
|
||||||
hardware.i2c.enable = true;
|
hardware.i2c.enable = true;
|
||||||
systemd.services.asus-touchpad-numpad = {
|
|
||||||
description = "Activate Numpad inside the touchpad with top right corner switch";
|
|
||||||
documentation = [ "https://github.com/mohamed-badaoui/asus-touchpad-numpad-driver" ];
|
|
||||||
path = [ pkgs.i2c-tools ];
|
|
||||||
script = ''
|
|
||||||
cd ${inputs.asus-touchpad-numpad-driver}
|
|
||||||
# In the last argument here you choose your layout.
|
|
||||||
${
|
|
||||||
pkgs.python3.withPackages (ps: [ps.libevdev])
|
|
||||||
}/bin/python asus_touchpad.py m433ia
|
|
||||||
'';
|
|
||||||
# Probably needed because it fails on boot seemingly because the driver
|
|
||||||
# is not ready yet. Alternativly, you can use `sleep 3` or similar in the
|
|
||||||
# `script`.
|
|
||||||
serviceConfig = {
|
|
||||||
RestartSec = "1s";
|
|
||||||
Restart = "on-failure";
|
|
||||||
};
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
|
|
|
@ -2,12 +2,16 @@
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{ modulesPath
|
{ modulesPath
|
||||||
|
, lib
|
||||||
, ...
|
, ...
|
||||||
}: {
|
}: {
|
||||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
|
boot = {
|
||||||
|
initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
|
||||||
|
initrd.kernelModules = [ ];
|
||||||
|
kernelModules = [ "kvm-amd" ];
|
||||||
|
extraModulePackages = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "rtsx_pci_sdmmc" ];
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "kvm-amd" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
"x86_64-linux"
|
|
|
@ -21,12 +21,18 @@
|
||||||
services.synology-drive.enable = true;
|
services.synology-drive.enable = true;
|
||||||
programs.hyprland.keyboardLayouts = [ "us" "de" ];
|
programs.hyprland.keyboardLayouts = [ "us" "de" ];
|
||||||
};
|
};
|
||||||
|
boot = {
|
||||||
|
loader = {
|
||||||
|
grub = {
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
boot.loader.grub.enable = true;
|
enable = true;
|
||||||
boot.loader.grub.device = "nodev";
|
device = "nodev";
|
||||||
boot.loader.grub.efiSupport = true;
|
efiSupport = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
};
|
||||||
|
efi.canTouchEfiVariables = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
networking.hostName = "scadspc25"; # Define your hostname.
|
networking.hostName = "scadspc25"; # Define your hostname.
|
||||||
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
||||||
|
@ -53,4 +59,3 @@
|
||||||
system.stateVersion = "23.05"; # Did you read the comment?
|
system.stateVersion = "23.05"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -8,52 +8,55 @@
|
||||||
[
|
[
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
];
|
];
|
||||||
|
boot = {
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
|
initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
extraModulePackages = [ ];
|
||||||
|
};
|
||||||
|
fileSystems = {
|
||||||
|
"/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=root" "compress=zstd" "noatime" ];
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems."/" =
|
"/home" =
|
||||||
{
|
{
|
||||||
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
|
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=root" "compress=zstd" "noatime" ];
|
options = [ "subvol=home" "compress=zstd" "noatime" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/home" =
|
"/nix" =
|
||||||
{
|
{
|
||||||
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
|
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=home" "compress=zstd" "noatime" ];
|
options = [ "subvol=nix" "compress=zstd" "noatime" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/nix" =
|
"/var/log" =
|
||||||
{
|
{
|
||||||
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
|
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=nix" "compress=zstd" "noatime" ];
|
options = [ "subvol=log" "compress=zstd" "noatime" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/var/log" =
|
"/snapshots" =
|
||||||
{
|
{
|
||||||
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
|
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [ "subvol=log" "compress=zstd" "noatime" ];
|
options = [ "subvol=snapshots" "compress=zstd" "noatime" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/snapshots" =
|
"/boot" =
|
||||||
{
|
{
|
||||||
device = "/dev/disk/by-uuid/cfc2d232-f833-4ecf-8098-fe805afd390d";
|
device = "/dev/disk/by-uuid/3B2B-63DB";
|
||||||
fsType = "btrfs";
|
fsType = "vfat";
|
||||||
options = [ "subvol=snapshots" "compress=zstd" "noatime" ];
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{
|
|
||||||
device = "/dev/disk/by-uuid/3B2B-63DB";
|
|
||||||
fsType = "vfat";
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices =
|
swapDevices =
|
||||||
[{ device = "/dev/disk/by-uuid/c08ff6b6-d6e2-4620-95fc-6c20b04c7363"; }];
|
[{ device = "/dev/disk/by-uuid/c08ff6b6-d6e2-4620-95fc-6c20b04c7363"; }];
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
"x86_64-linux"
|
|
|
@ -6,21 +6,6 @@
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
nom-system = pkgs.writeFishApplication {
|
|
||||||
name = "nom-system";
|
|
||||||
runtimeInputs = with pkgs; [ nix-output-monitor ];
|
|
||||||
text = /* fish */ ''
|
|
||||||
nom build --no-link "/home/moritz/.dotfiles#nixosConfigurations.$(hostname).config.system.build.toplevel" $argv
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
nom-system-command = name: command: pkgs.writeFishApplication {
|
|
||||||
inherit name;
|
|
||||||
runtimeInputs = with pkgs; [ nom-system nix ];
|
|
||||||
text = /* fish */ ''
|
|
||||||
nom-system $argv && ${command}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
f = pkgs.writeFishApplication {
|
f = pkgs.writeFishApplication {
|
||||||
name = "f";
|
name = "f";
|
||||||
runtimeInputs = with pkgs; [ fzf bat ];
|
runtimeInputs = with pkgs; [ fzf bat ];
|
||||||
|
@ -158,9 +143,6 @@ in
|
||||||
bottom
|
bottom
|
||||||
|
|
||||||
# nix
|
# nix
|
||||||
(nom-system-command "nixos-boot" "sudo nixos-rebuild boot --flake ~/.dotfiles")
|
|
||||||
(nom-system-command "nixos-switch" "sudo nixos-rebuild switch --flake ~/.dotfiles")
|
|
||||||
(nom-system-command "nixos-test" "sudo nixos-rebuild test --flake ~/.dotfiles")
|
|
||||||
nix-output-monitor
|
nix-output-monitor
|
||||||
nixpkgs-fmt
|
nixpkgs-fmt
|
||||||
which-nix
|
which-nix
|
||||||
|
|
|
@ -53,88 +53,94 @@ in
|
||||||
services.dunst.enable = true;
|
services.dunst.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
# enable home-manager module
|
|
||||||
home-manager.users.moritz = {
|
home-manager.users.moritz = {
|
||||||
|
|
||||||
# import home-manager module
|
# import home-manager module
|
||||||
imports = [ inputs.hyprland.homeManagerModules.default ];
|
imports = [ inputs.hyprland.homeManagerModules.default ];
|
||||||
|
|
||||||
|
# enable home-manager module
|
||||||
wayland.windowManager.hyprland = {
|
wayland.windowManager.hyprland = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = hyprland;
|
package = hyprland;
|
||||||
recommendedEnvironment = true;
|
recommendedEnvironment = true;
|
||||||
extraConfig = import ./_config.nix args;
|
extraConfig = import ./_config.nix args;
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
|
# add waybar as a status bar
|
||||||
# add waybar as a status bar
|
programs.waybar = {
|
||||||
home-manager.users.moritz.programs.waybar = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
# start using systemd service
|
|
||||||
systemd = {
|
|
||||||
enable = true;
|
enable = true;
|
||||||
target = "graphical-session.target";
|
|
||||||
};
|
|
||||||
|
|
||||||
settings = {
|
# start using systemd service
|
||||||
mainBar = {
|
systemd = {
|
||||||
start_hidden = true;
|
enable = true;
|
||||||
layer = "top";
|
target = "graphical-session.target";
|
||||||
position = "top";
|
};
|
||||||
height = 20;
|
|
||||||
modules-left = [ "hyprland/workspaces" ];
|
settings = {
|
||||||
modules-center = [ "hyprland/window" ];
|
mainBar = {
|
||||||
modules-right = [ "hyprland/language" "network" "memory" "cpu" "battery" "clock" ];
|
start_hidden = true;
|
||||||
|
layer = "top";
|
||||||
|
position = "top";
|
||||||
|
height = 20;
|
||||||
|
modules-left = [ "hyprland/workspaces" ];
|
||||||
|
modules-center = [ "hyprland/window" ];
|
||||||
|
modules-right = [ "hyprland/language" "network" "memory" "cpu" "battery" "clock" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
# lock screen after timeout
|
# lock screen after timeout
|
||||||
home-manager.users.moritz.programs.swaylock = {
|
programs.swaylock = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
color = "000000";
|
color = "000000";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.swayidle = {
|
||||||
|
enable = true;
|
||||||
|
events = [
|
||||||
|
{
|
||||||
|
event = "before-sleep";
|
||||||
|
command = "${getExe pkgs.swaylock} -fF";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
event = "lock";
|
||||||
|
command = "${getExe pkgs.swaylock} -fF";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
timeouts =
|
||||||
|
let
|
||||||
|
lockTimeout = 10;
|
||||||
|
in
|
||||||
|
[
|
||||||
|
{
|
||||||
|
timeout = lockTimeout * 60 - 10;
|
||||||
|
command = "${pkgs.libnotify}/bin/notify-send 'Locking screen!'";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
timeout = lockTimeout * 60;
|
||||||
|
command = "${hyprland}/bin/hyprctl dispatch dpms off";
|
||||||
|
resumeCommand = "${hyprland}/bin/hyprctl dispatch dpms on";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
timeout = lockTimeout * 60 + 10;
|
||||||
|
command = "${pkgs.systemd}/bin/loginctl lock-session";
|
||||||
|
}
|
||||||
|
] ++ optional
|
||||||
|
(!cfg.nvidiaSupport) # TODO https://github.com/hyprwm/Hyprland/issues/1728
|
||||||
|
{
|
||||||
|
timeout = 30 * 60;
|
||||||
|
command = "${pkgs.systemd}/bin/systemctl suspend-and-hibernate";
|
||||||
|
};
|
||||||
|
systemdTarget = "hyprland-session.target";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.user.services.nextcloud-client.Service = {
|
||||||
|
RestartSec = "500ms";
|
||||||
|
Restart = "on-failure";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
home-manager.users.moritz.services.swayidle = {
|
|
||||||
enable = true;
|
|
||||||
events = [
|
|
||||||
{
|
|
||||||
event = "before-sleep";
|
|
||||||
command = "${getExe pkgs.swaylock} -fF";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
event = "lock";
|
|
||||||
command = "${getExe pkgs.swaylock} -fF";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
timeouts =
|
|
||||||
let
|
|
||||||
lockTimeout = 10;
|
|
||||||
in
|
|
||||||
[
|
|
||||||
{
|
|
||||||
timeout = lockTimeout * 60 - 10;
|
|
||||||
command = "${pkgs.libnotify}/bin/notify-send 'Locking screen!'";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
timeout = lockTimeout * 60;
|
|
||||||
command = "${hyprland}/bin/hyprctl dispatch dpms off";
|
|
||||||
resumeCommand = "${hyprland}/bin/hyprctl dispatch dpms on";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
timeout = lockTimeout * 60 + 10;
|
|
||||||
command = "${pkgs.systemd}/bin/loginctl lock-session";
|
|
||||||
}
|
|
||||||
] ++ optional
|
|
||||||
(!cfg.nvidiaSupport) # TODO https://github.com/hyprwm/Hyprland/issues/1728
|
|
||||||
{
|
|
||||||
timeout = 30 * 60;
|
|
||||||
command = "${pkgs.systemd}/bin/systemctl suspend-and-hibernate";
|
|
||||||
};
|
|
||||||
systemdTarget = "hyprland-session.target";
|
|
||||||
};
|
|
||||||
|
|
||||||
# adds pam module for swaylock
|
# adds pam module for swaylock
|
||||||
security.pam.services.swaylock = { };
|
security.pam.services.swaylock = { };
|
||||||
|
@ -151,11 +157,6 @@ in
|
||||||
requiredBy = [ "xdg-desktop-portal.service" ];
|
requiredBy = [ "xdg-desktop-portal.service" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users.moritz.systemd.user.services.nextcloud-client.Service = {
|
|
||||||
RestartSec = "500ms";
|
|
||||||
Restart = "on-failure";
|
|
||||||
};
|
|
||||||
|
|
||||||
# add user packages for wayland and hyprland in particular
|
# add user packages for wayland and hyprland in particular
|
||||||
users.users.moritz.packages = with pkgs; [
|
users.users.moritz.packages = with pkgs; [
|
||||||
brightnessctl # control brightness
|
brightnessctl # control brightness
|
||||||
|
|
|
@ -5,62 +5,64 @@
|
||||||
## System security tweaks
|
## System security tweaks
|
||||||
# Prevent replacing the running kernel w/o reboot
|
# Prevent replacing the running kernel w/o reboot
|
||||||
# security.protectKernelImage = lib.mkDefault true; # NOTE disabled for now to enable hibernate
|
# security.protectKernelImage = lib.mkDefault true; # NOTE disabled for now to enable hibernate
|
||||||
|
boot = {
|
||||||
|
|
||||||
# tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy
|
# tmpfs = /tmp is mounted in ram. Doing so makes temp file management speedy
|
||||||
# on ssd systems, and volatile! Because it's wiped on reboot.
|
# on ssd systems, and volatile! Because it's wiped on reboot.
|
||||||
boot.tmp.useTmpfs = lib.mkDefault true;
|
tmp.useTmpfs = lib.mkDefault true;
|
||||||
# If not using tmpfs, which is naturally purged on reboot, we must clean it
|
# If not using tmpfs, which is naturally purged on reboot, we must clean it
|
||||||
# /tmp ourselves. /tmp should be volatile storage!
|
# /tmp ourselves. /tmp should be volatile storage!
|
||||||
boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
|
tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs);
|
||||||
|
|
||||||
# Fix a security hole in place for backwards compatibility. See desc in
|
# Fix a security hole in place for backwards compatibility. See desc in
|
||||||
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
|
# nixpkgs/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix
|
||||||
boot.loader.systemd-boot.editor = false;
|
loader.systemd-boot.editor = false;
|
||||||
|
|
||||||
boot.kernel.sysctl = {
|
kernel.sysctl = {
|
||||||
# The Magic SysRq key is a key combo that allows users connected to the
|
# The Magic SysRq key is a key combo that allows users connected to the
|
||||||
# system console of a Linux kernel to perform some low-level commands.
|
# system console of a Linux kernel to perform some low-level commands.
|
||||||
# Disable it, since we don't need it, and is a potential security concern.
|
# Disable it, since we don't need it, and is a potential security concern.
|
||||||
"kernel.sysrq" = 0;
|
"kernel.sysrq" = 0;
|
||||||
|
|
||||||
## TCP hardening
|
## TCP hardening
|
||||||
# Prevent bogus ICMP errors from filling up logs.
|
# Prevent bogus ICMP errors from filling up logs.
|
||||||
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
|
"net.ipv4.icmp_ignore_bogus_error_responses" = 1;
|
||||||
# Reverse path filtering causes the kernel to do source validation of
|
# Reverse path filtering causes the kernel to do source validation of
|
||||||
# packets received from all interfaces. This can mitigate IP spoofing.
|
# packets received from all interfaces. This can mitigate IP spoofing.
|
||||||
"net.ipv4.conf.default.rp_filter" = 1;
|
"net.ipv4.conf.default.rp_filter" = 1;
|
||||||
"net.ipv4.conf.all.rp_filter" = 1;
|
"net.ipv4.conf.all.rp_filter" = 1;
|
||||||
# Do not accept IP source route packets (we're not a router)
|
# Do not accept IP source route packets (we're not a router)
|
||||||
"net.ipv4.conf.all.accept_source_route" = 0;
|
"net.ipv4.conf.all.accept_source_route" = 0;
|
||||||
"net.ipv6.conf.all.accept_source_route" = 0;
|
"net.ipv6.conf.all.accept_source_route" = 0;
|
||||||
# Don't send ICMP redirects (again, we're on a router)
|
# Don't send ICMP redirects (again, we're on a router)
|
||||||
"net.ipv4.conf.all.send_redirects" = 0;
|
"net.ipv4.conf.all.send_redirects" = 0;
|
||||||
"net.ipv4.conf.default.send_redirects" = 0;
|
"net.ipv4.conf.default.send_redirects" = 0;
|
||||||
# Refuse ICMP redirects (MITM mitigations)
|
# Refuse ICMP redirects (MITM mitigations)
|
||||||
"net.ipv4.conf.all.accept_redirects" = 0;
|
"net.ipv4.conf.all.accept_redirects" = 0;
|
||||||
"net.ipv4.conf.default.accept_redirects" = 0;
|
"net.ipv4.conf.default.accept_redirects" = 0;
|
||||||
"net.ipv4.conf.all.secure_redirects" = 0;
|
"net.ipv4.conf.all.secure_redirects" = 0;
|
||||||
"net.ipv4.conf.default.secure_redirects" = 0;
|
"net.ipv4.conf.default.secure_redirects" = 0;
|
||||||
"net.ipv6.conf.all.accept_redirects" = 0;
|
"net.ipv6.conf.all.accept_redirects" = 0;
|
||||||
"net.ipv6.conf.default.accept_redirects" = 0;
|
"net.ipv6.conf.default.accept_redirects" = 0;
|
||||||
# Protects against SYN flood attacks
|
# Protects against SYN flood attacks
|
||||||
"net.ipv4.tcp_syncookies" = 1;
|
"net.ipv4.tcp_syncookies" = 1;
|
||||||
# Incomplete protection again TIME-WAIT assassination
|
# Incomplete protection again TIME-WAIT assassination
|
||||||
"net.ipv4.tcp_rfc1337" = 1;
|
"net.ipv4.tcp_rfc1337" = 1;
|
||||||
# Log martian packages
|
# Log martian packages
|
||||||
"net.ipv4.conf.all.log_martians" = 1;
|
"net.ipv4.conf.all.log_martians" = 1;
|
||||||
"net.ipv4.conf.default.log_martians" = 1;
|
"net.ipv4.conf.default.log_martians" = 1;
|
||||||
|
|
||||||
## TCP optimization
|
## TCP optimization
|
||||||
# TCP Fast Open is a TCP extension that reduces network latency by packing
|
# TCP Fast Open is a TCP extension that reduces network latency by packing
|
||||||
# data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for
|
# data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for
|
||||||
# both incoming and outgoing connections:
|
# both incoming and outgoing connections:
|
||||||
"net.ipv4.tcp_fastopen" = 3;
|
"net.ipv4.tcp_fastopen" = 3;
|
||||||
# Bufferbloat mitigations + slight improvement in throughput & latency
|
# Bufferbloat mitigations + slight improvement in throughput & latency
|
||||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||||
"net.core.default_qdisc" = "cake";
|
"net.core.default_qdisc" = "cake";
|
||||||
|
};
|
||||||
|
kernelModules = [ "tcp_bbr" ];
|
||||||
};
|
};
|
||||||
boot.kernelModules = [ "tcp_bbr" ];
|
|
||||||
|
|
||||||
# So we don't have to do this later...
|
# So we don't have to do this later...
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
|
|
Loading…
Reference in a new issue