Compare commits
No commits in common. "9243536c5f0151fc202c465b3a91bd778f585513" and "e1788dbd24e0ba9133ef888d009637661070c6ef" have entirely different histories.
9243536c5f
...
e1788dbd24
|
@ -1,16 +1,23 @@
|
|||
- name: Default
|
||||
hosts: all
|
||||
roles:
|
||||
- role: facts
|
||||
tags: facts
|
||||
- role: access
|
||||
tags: access
|
||||
when: root_access
|
||||
- role: system
|
||||
tags: system
|
||||
when: root_access
|
||||
- role: ecryptfs_automount
|
||||
tags: ecryptfs_automount
|
||||
when: encrypt_home_stacked_fs
|
||||
- role: dotfiles
|
||||
tags: dotfiles
|
||||
- role: vim
|
||||
tags: vim
|
||||
- role: gnupg
|
||||
tags: gnupg
|
||||
- role: mnussbaum.base16-builder-ansible # Required for desktop_environment
|
||||
tags:
|
||||
- color
|
||||
|
|
|
@ -19,6 +19,12 @@
|
|||
tags: dotfiles_repo
|
||||
# TODO Put actual dotfiles in a subdirectory of the repo, so we don't have to put everything in config
|
||||
|
||||
- name: Register as Ansible collection
|
||||
file:
|
||||
state: link
|
||||
src: "{{ ansible_user_dir }}/.dotfiles/config/automatrop"
|
||||
path: "{{ ansible_user_dir }}/.ansible/collections/ansible_collections/geoffreyfrogeye/automatrop"
|
||||
|
||||
- name: Install python dependencies for scripts
|
||||
pip:
|
||||
requirements: "{{ ansible_user_dir }}/.dotfiles/config/scripts/requirements.txt"
|
||||
|
|
17
config/automatrop/roles/ecryptfs_automount/README.md
Normal file
17
config/automatrop/roles/ecryptfs_automount/README.md
Normal file
|
@ -0,0 +1,17 @@
|
|||
# ecryptfs_automount
|
||||
|
||||
Configure pam to allow auto-mounting of encrypted home directories with eCryptfs.
|
||||
|
||||
## Usage
|
||||
|
||||
You still need to run the following for an user directory to be encrypted:
|
||||
|
||||
```bash
|
||||
modprobe ecryptfs
|
||||
ecryptfs-migrate-home -u username
|
||||
```
|
||||
|
||||
## Source
|
||||
|
||||
https://wiki.archlinux.org/title/ECryptfs#Auto-mounting
|
||||
|
34
config/automatrop/roles/ecryptfs_automount/tasks/main.yml
Normal file
34
config/automatrop/roles/ecryptfs_automount/tasks/main.yml
Normal file
|
@ -0,0 +1,34 @@
|
|||
- name: Setup pam_encryptfs auth
|
||||
blockinfile:
|
||||
path: /etc/pam.d/system-auth
|
||||
block: |
|
||||
auth [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet
|
||||
auth required pam_ecryptfs.so unwrap
|
||||
insertafter: '^(auth\s+required\s+pam_unix.so|auth\s+\[default=die\]\s+pam_faillock.so\s+authfail)$'
|
||||
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT AUTH"
|
||||
become: yes
|
||||
notify:
|
||||
- etc changed
|
||||
|
||||
- name: Setup pam_encryptfs password
|
||||
blockinfile:
|
||||
path: /etc/pam.d/system-auth
|
||||
block: |
|
||||
password optional pam_ecryptfs.so unwrap
|
||||
insertbefore: '^(password\s+required\s+pam_unix.so|-password\s+\[success=1\s+default=ignore\]\s+pam_systemd_home.so)$'
|
||||
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT PASSWORD"
|
||||
become: yes
|
||||
notify:
|
||||
- etc changed
|
||||
|
||||
- name: Setup pam_encryptfs session
|
||||
blockinfile:
|
||||
path: /etc/pam.d/system-auth
|
||||
block: |
|
||||
session [success=1 default=ignore] pam_succeed_if.so service = systemd-user quiet
|
||||
session optional pam_ecryptfs.so unwrap
|
||||
insertafter: '^session\s+required\s+pam_unix.so$'
|
||||
marker: "# {mark} AUTOMATROP ECRYPTFS_AUTOMOUNT SESSION"
|
||||
become: yes
|
||||
notify:
|
||||
- etc changed
|
20
config/automatrop/roles/facts/tasks/main.yml
Normal file
20
config/automatrop/roles/facts/tasks/main.yml
Normal file
|
@ -0,0 +1,20 @@
|
|||
- name: Set facts
|
||||
set_fact:
|
||||
arch_based: "{{ ansible_distribution == 'Archlinux' }}"
|
||||
arch: "{{ ansible_lsb.id == 'Arch' }}"
|
||||
manjaro: "{{ ansible_lsb.id == 'Manjaro' or ansible_lsb.id == 'Manjaro-ARM' }}"
|
||||
termux: "{{ ansible_distribution == 'OtherLinux' and ansible_python.executable == '/data/data/com.termux/files/usr/bin/python' }}"
|
||||
debian: "{{ ansible_distribution == 'Debian' }}"
|
||||
ubuntu: "{{ ansible_distribution == 'Ubuntu' }}"
|
||||
junest: "{{ ansible_distribution == 'Archlinux' and ansible_is_chroot }}" # TODO Check if /etc/junest exists
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: Set composed facts
|
||||
set_fact:
|
||||
debian_based: "{{ debian or ubuntu }}"
|
||||
can_chown: "{{ not junest }}"
|
||||
has_systemd: "{{ not junest }}"
|
||||
tags:
|
||||
- always
|
||||
# TODO Make this a real Ansible fact maybe?
|
51
config/automatrop/roles/gnupg/tasks/main.yml
Normal file
51
config/automatrop/roles/gnupg/tasks/main.yml
Normal file
|
@ -0,0 +1,51 @@
|
|||
- name: Create GnuPG directory
|
||||
file:
|
||||
path: "{{ gnupghome }}"
|
||||
state: directory
|
||||
mode: "u=rwx"
|
||||
|
||||
- name: Create GnuPG configuration files
|
||||
file:
|
||||
path: "{{ gnupghome }}/{{ item }}"
|
||||
state: file
|
||||
mode: "u=rw,g=r,o=r"
|
||||
loop:
|
||||
- gpg-agent.conf
|
||||
- gpg.conf
|
||||
|
||||
- name: Configure GnuPG
|
||||
lineinfile:
|
||||
path: "{{ gnupghome }}/gpg.conf"
|
||||
regex: "^#?\\s*{{ item.key }}\\s"
|
||||
line: "{{ item.key }}{% if item.value is defined %} {{ item.value }}{% endif %}"
|
||||
loop:
|
||||
# Remove fluff
|
||||
- key: no-greeting
|
||||
- key: no-emit-version
|
||||
- key: no-comments
|
||||
# Output format that I prefer
|
||||
- key: keyid-format
|
||||
value: 0xlong
|
||||
# Show fingerprints
|
||||
- key: with-fingerprint
|
||||
# Make sure to show if key is invalid
|
||||
# (should be default on most platform,
|
||||
# but just to be sure)
|
||||
- key: list-options
|
||||
value: show-uid-validity
|
||||
- key: verify-options
|
||||
value: show-uid-validity
|
||||
# Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
|
||||
- key: personal-digest-preferences
|
||||
value: SHA512
|
||||
- key: cert-digest-algo
|
||||
value: SHA512
|
||||
- key: default-preference-list
|
||||
value: SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
|
||||
- key: personal-cipher-preferences
|
||||
value: TWOFISH CAMELLIA256 AES 3DES
|
||||
|
||||
- name: Install Geoffrey Frogeye's key
|
||||
gpg_key:
|
||||
fpr: 4FBA930D314A03215E2CDB0A8312C8CAC1BAC289
|
||||
trust: 5
|
1
config/automatrop/roles/gnupg/vars/main.yml
Normal file
1
config/automatrop/roles/gnupg/vars/main.yml
Normal file
|
@ -0,0 +1 @@
|
|||
gnupghome: "{{ ansible_user_dir }}/.config/gnupg"
|
23
config/automatrop/roles/software/handlers/main.yml
Normal file
23
config/automatrop/roles/software/handlers/main.yml
Normal file
|
@ -0,0 +1,23 @@
|
|||
- name: Create and install meta package for Arch Linux
|
||||
block:
|
||||
- name: Generate meta package PKGBUILD
|
||||
template:
|
||||
src: PKGBUILD.j2
|
||||
dest: "{{ ansible_user_dir }}/.cache/automatrop/PKGBUILD"
|
||||
listen: "software changed"
|
||||
|
||||
- name: Install meta package
|
||||
aur:
|
||||
name: "automatrop-packages-{{ inventory_hostname_short }}"
|
||||
local_pkgbuild: "{{ ansible_user_dir }}/.cache/automatrop"
|
||||
use: makepkg
|
||||
state: latest
|
||||
listen: "software changed"
|
||||
when: root_access
|
||||
when: arch_based
|
||||
|
||||
- name: update pacman cache
|
||||
pacman:
|
||||
update_cache: yes
|
||||
become: yes
|
||||
when: arch_based
|
14
config/automatrop/roles/software/templates/PKGBUILD.j2
Normal file
14
config/automatrop/roles/software/templates/PKGBUILD.j2
Normal file
|
@ -0,0 +1,14 @@
|
|||
# Maintainer: Geoffrey Frogeye
|
||||
|
||||
pkgname=automatrop-packages-{{ inventory_hostname_short }}
|
||||
pkgver={{ ansible_date_time.iso8601_basic_short }}
|
||||
pkgrel=1
|
||||
pkgdesc='Metapackage for packages wanted by Geoffrey via automatrop for {{ inventory_hostname }}'
|
||||
url='https://git.frogeye.fr/geoffrey/dotfiles/src/branch/master/config/automatrop'
|
||||
arch=('any')
|
||||
license=('GPL')
|
||||
depends=(
|
||||
{% for package in packages %}
|
||||
'{{ package }}'
|
||||
{% endfor %}
|
||||
)
|
11
config/automatrop/roles/system/files/openvpn-client.service
Normal file
11
config/automatrop/roles/system/files/openvpn-client.service
Normal file
|
@ -0,0 +1,11 @@
|
|||
[Service]
|
||||
ExecStart=
|
||||
ExecStart=/usr/bin/openvpn --suppress-timestamps --nobind --config %i.conf --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf
|
||||
# The part before --script-security 2 might need upgrading from
|
||||
# /usr/lib/systemd/system/openvpn-client@.service if it was upgraded
|
||||
Restart=on-failure
|
||||
User=
|
||||
AmbiantCapabilities=
|
||||
# It's not pretty, but other script only work with systemd or call resolvconf with -p,
|
||||
# which doesn't work without a local DNS resolver
|
||||
# TODO Local DNS resolver sounds nice anyway
|
|
@ -1,3 +1,17 @@
|
|||
- name: Create a etckeeper commit
|
||||
command: "etckeeper commit 'automatrop {{ ansible_date_time.iso8601 }}'"
|
||||
listen: "etc changed"
|
||||
become: yes
|
||||
register: etckeeper_commit
|
||||
failed_when: "etckeeper_commit.rc != 0 and 'nothing to commit' not in etckeeper_commit.stdout"
|
||||
changed_when: "'nothing to commit' not in etckeeper_commit.stdout"
|
||||
|
||||
- name: Restart chrony
|
||||
systemd:
|
||||
name: chronyd
|
||||
state: restarted
|
||||
listen: chrony reconfigured
|
||||
become: yes
|
||||
|
||||
- name: Reload systemd daemon
|
||||
systemd:
|
||||
|
@ -9,3 +23,8 @@
|
|||
debug:
|
||||
msg: "The Panfrost display driver configuration was changed, but needs a reboot to be applied."
|
||||
listen: panfrost config changed
|
||||
|
||||
- name: Reload systemd-logind
|
||||
command: systemctl kill -s HUP systemd-logind
|
||||
become: yes
|
||||
listen: systemd-logind config changed
|
||||
|
|
|
@ -1,3 +1,7 @@
|
|||
# TODO For other distributions
|
||||
|
||||
# Package are installed with --asdeps because they are needed
|
||||
|
||||
# Xorg configuration
|
||||
|
||||
- name: Check if there is Intel backlight
|
||||
|
@ -21,6 +25,7 @@
|
|||
dest: "{{ item }}/20-intel_backlight.conf"
|
||||
become: yes
|
||||
when: display_server == 'x11' and intel_backlight.stat.exists
|
||||
notify: etc changed
|
||||
loop: "{{ xorg_common_config_dirs }}"
|
||||
|
||||
- name: Configure Xorg joystick behaviour
|
||||
|
@ -29,6 +34,7 @@
|
|||
dest: "{{ item }}/50-joystick.conf"
|
||||
become: yes
|
||||
when: display_server == 'x11'
|
||||
notify: etc changed
|
||||
loop: "{{ xorg_common_config_dirs }}"
|
||||
|
||||
- name: List modules we're using
|
||||
|
@ -57,6 +63,7 @@
|
|||
dest: /etc/systemd/system/getty@.service.d/override.conf
|
||||
become: yes
|
||||
notify:
|
||||
- etc changed
|
||||
- systemd changed
|
||||
when: auto_numlock
|
||||
|
||||
|
@ -66,5 +73,56 @@
|
|||
state: absent
|
||||
become: yes
|
||||
notify:
|
||||
- etc changed
|
||||
- systemd changed
|
||||
when: not auto_numlock
|
||||
|
||||
### STOPPED HERE ###
|
||||
|
||||
- name: Empty motd
|
||||
copy:
|
||||
content: ""
|
||||
dest: /etc/motd
|
||||
mode: "u=rw,g=r,o=r"
|
||||
become: yes
|
||||
notify:
|
||||
- etc changed
|
||||
|
||||
# VPN configuration
|
||||
|
||||
- name: Prepare directory for openvpn-client service override
|
||||
file:
|
||||
path: /etc/systemd/system/openvpn-client@.service.d
|
||||
state: directory
|
||||
mode: "u=rwx,g=rx,o=rx"
|
||||
become: yes
|
||||
|
||||
- name: Make openvpn use hooks for resolvconf
|
||||
copy:
|
||||
src: openvpn-client.service
|
||||
dest: /etc/systemd/system/openvpn-client@.service.d/override.conf
|
||||
become: yes
|
||||
notify:
|
||||
- etc changed
|
||||
- systemd changed
|
||||
|
||||
- name: Disable power button
|
||||
lineinfile:
|
||||
path: /etc/systemd/logind.conf
|
||||
line: 'HandlePowerKey=ignore'
|
||||
regexp: '^#? *HandlePowerKey='
|
||||
insertafter: '^\[Login\]$'
|
||||
become: yes
|
||||
notify: systemd-logind config changed
|
||||
# Reason: I sometimes press it accidentally
|
||||
# (hoping to start it when it's already started,
|
||||
# or really accidentally on the Pinebook).
|
||||
# Suspend would be nice, but it doesn't have the locker then
|
||||
|
||||
# TODO Hibernation, if that's relevant
|
||||
# $ sudo blkid | grep 'TYPE="swap"'
|
||||
# $ sudoedit /etc/default/grub
|
||||
# Add resume=UUID=<UUID-of-swap-partition> to GRUB_CMDLINE_LINUX_DEFAULT
|
||||
# $ sudo grub-mkconfig -o /boot/grub/grub.cfg
|
||||
|
||||
# TODO udevil
|
||||
|
|
|
@ -2,4 +2,4 @@
|
|||
export NIXPKGS_ALLOW_UNFREE=1
|
||||
nix-build '<nixpkgs/nixos>' -A vm \
|
||||
-I nixpkgs=channel:nixos-23.05 \
|
||||
-I nixos-config=./testvm.nix
|
||||
-I nixos-config=./configuration.nix
|
||||
|
|
13
config/nix/configuration.nix
Normal file
13
config/nix/configuration.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<nixos-hardware/dell/g3/3779>
|
||||
# <nixos-hardware/pine64/pinebook-pro>
|
||||
./modules/common.nix
|
||||
./modules/desktop.nix
|
||||
./modules/battery.nix
|
||||
./modules/wireless.nix
|
||||
./modules/extra.nix
|
||||
./modules/dev.nix
|
||||
];
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
<nixos-hardware/dell/g3/3779>
|
||||
./os/loader.nix
|
||||
];
|
||||
|
||||
networking.hostName = "curacao.geoffrey.frogeye.fr";
|
||||
}
|
|
@ -1,130 +0,0 @@
|
|||
{ pkgs, config, ... }:
|
||||
{
|
||||
home.stateVersion = "23.05";
|
||||
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
zsh = {
|
||||
enable = true;
|
||||
enableAutosuggestions = true;
|
||||
enableCompletion = true;
|
||||
enableSyntaxHighlighting = true;
|
||||
# syntaxHighlighting.enable = true; # 23.11 syntax
|
||||
};
|
||||
neovim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
vimAlias = true;
|
||||
viAlias = true;
|
||||
};
|
||||
gpg = {
|
||||
enable = true;
|
||||
homedir = "${config.xdg.dataHome}/gnupg";
|
||||
settings = {
|
||||
# Remove fluff
|
||||
no-greeting = true;
|
||||
no-emit-version = true;
|
||||
no-comments = true;
|
||||
# Output format that I prefer
|
||||
keyid-format = "0xlong";
|
||||
# Show fingerprints
|
||||
with-fingerprint = true;
|
||||
# Make sure to show if key is invalid
|
||||
# (should be default on most platform,
|
||||
# but just to be sure)
|
||||
list-options = "show-uid-validity";
|
||||
verify-options = "show-uid-validity";
|
||||
# Stronger algorithm (https://wiki.archlinux.org/title/GnuPG#Different_algorithm)
|
||||
personal-digest-preferences = "SHA512";
|
||||
cert-digest-algo = "SHA512";
|
||||
default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
|
||||
personal-cipher-preferences = "TWOFISH CAMELLIA256 AES 3DES";
|
||||
};
|
||||
publicKeys = [{
|
||||
source = builtins.fetchurl {
|
||||
url = "https://keys.openpgp.org/vks/v1/by-fingerprint/4FBA930D314A03215E2CDB0A8312C8CAC1BAC289";
|
||||
sha256 = "sha256:10y9xqcy1vyk2p8baay14p3vwdnlwynk0fvfbika65hz2z8yw2cm";
|
||||
};
|
||||
trust = "ultimate";
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [
|
||||
# dotfiles dependencies
|
||||
coreutils
|
||||
bash
|
||||
gnugrep
|
||||
gnused
|
||||
gnutar
|
||||
openssl
|
||||
git
|
||||
wget
|
||||
curl
|
||||
python3Packages.pip
|
||||
ansible # TODO Reevaluate
|
||||
|
||||
# shell
|
||||
zsh-completions
|
||||
nix-zsh-completions
|
||||
zsh-history-substring-search
|
||||
antigen # TODO Reevaluate
|
||||
powerline-go
|
||||
|
||||
# terminal essentials
|
||||
moreutils
|
||||
man
|
||||
visidata
|
||||
nodePackages.insect
|
||||
translate-shell
|
||||
unzip
|
||||
unrar
|
||||
p7zip
|
||||
|
||||
# remote
|
||||
openssh
|
||||
rsync
|
||||
borgbackup
|
||||
|
||||
# cleanup
|
||||
jdupes
|
||||
duperemove
|
||||
optipng
|
||||
libjpeg
|
||||
# FIXME reflac not available (but also a dumb shell script)
|
||||
|
||||
# local monitoring
|
||||
htop
|
||||
iotop
|
||||
iftop
|
||||
lsof
|
||||
strace
|
||||
pv
|
||||
progress
|
||||
speedtest-cli
|
||||
|
||||
# multimedia toolbox
|
||||
ffmpeg
|
||||
sox
|
||||
imagemagick
|
||||
|
||||
# password
|
||||
pass
|
||||
pwgen
|
||||
|
||||
# Mail
|
||||
isync
|
||||
msmtp
|
||||
notmuch
|
||||
neomutt
|
||||
lynx
|
||||
|
||||
# Organisation
|
||||
vdirsyncer
|
||||
khard
|
||||
khal
|
||||
todoman
|
||||
syncthing
|
||||
|
||||
];
|
||||
}
|
|
@ -1,82 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
xsession.windowManager.i3 = {
|
||||
enable = true;
|
||||
config = {
|
||||
terminal = "alacritty";
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
# Browser
|
||||
qutebrowser.enable = true;
|
||||
|
||||
# Terminal
|
||||
alacritty.enable = true;
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [
|
||||
# remote
|
||||
tigervnc
|
||||
|
||||
# music
|
||||
mpd
|
||||
mpc-cli
|
||||
ashuffle
|
||||
vimpc
|
||||
|
||||
# multimedia common
|
||||
gimp
|
||||
inkscape
|
||||
mpv
|
||||
mpvScripts.thumbnail
|
||||
libreoffice
|
||||
|
||||
# data management
|
||||
freefilesync
|
||||
|
||||
# browsers
|
||||
firefox
|
||||
|
||||
# fonts
|
||||
dejavu_fonts
|
||||
twemoji-color-font
|
||||
xfce.thunar
|
||||
gnome.gedit
|
||||
feh
|
||||
zathura
|
||||
zbar
|
||||
zathura
|
||||
meld
|
||||
python3Packages.magic
|
||||
yubikey-touch-detector
|
||||
|
||||
# x11-exclusive
|
||||
libgnomekbd # to show keyboard layout
|
||||
dunst
|
||||
i3lock
|
||||
numlockx
|
||||
rofi
|
||||
rofimoji
|
||||
rxvt-unicode
|
||||
# TODO urxvt-resize-font-git
|
||||
scrot
|
||||
simplescreenrecorder
|
||||
trayer
|
||||
unclutter
|
||||
xautolock
|
||||
xclip
|
||||
lemonbar-xft
|
||||
autorandr
|
||||
keynav
|
||||
sct
|
||||
xorg.xinit
|
||||
xorg.xbacklight
|
||||
|
||||
|
||||
# organisation
|
||||
rofi-pass # TODO Try autopass.cr
|
||||
thunderbird
|
||||
];
|
||||
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./common.nix
|
||||
./desktop.nix
|
||||
./dev.nix
|
||||
./extra.nix
|
||||
./style.nix
|
||||
];
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
{ pkgs, config, ... }:
|
||||
let
|
||||
stylix = builtins.fetchGit {
|
||||
url = "https://github.com/danth/stylix.git";
|
||||
ref = "release-23.05";
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [ (import stylix).homeManagerModules.stylix ];
|
||||
|
||||
stylix = {
|
||||
base16Scheme = "${pkgs.base16-schemes}/share/themes/solarized-dark.yaml";
|
||||
image = builtins.fetchurl {
|
||||
url = "https://get.wallhere.com/photo/sunlight-abstract-minimalism-green-simple-circle-light-leaf-wave-material-line-wing-computer-wallpaper-font-close-up-macro-photography-124350.png";
|
||||
sha256 = "sha256:1zfq3f3v34i45mi72pkfqphm8kbhczsg260xjfl6dbydy91d7y93";
|
||||
};
|
||||
# FIXME This doesn't work
|
||||
};
|
||||
|
||||
# Fix https://nix-community.github.io/home-manager/index.html#_why_do_i_get_an_error_message_about_literal_ca_desrt_dconf_literal_or_literal_dconf_service_literal
|
||||
home.packages = [ pkgs.dconf ];
|
||||
}
|
161
config/nix/modules/common.nix
Normal file
161
config/nix/modules/common.nix
Normal file
|
@ -0,0 +1,161 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostName = "nixos";
|
||||
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
# TODO qwerty-fr for console
|
||||
|
||||
# Enable CUPS to print documents
|
||||
services.printing.enable = true;
|
||||
|
||||
# Enable passwordless sudo
|
||||
security.sudo.extraRules = [{
|
||||
groups = [ "wheel" ];
|
||||
commands = [{
|
||||
command = "ALL";
|
||||
options = [ "NOPASSWD" ];
|
||||
}];
|
||||
}];
|
||||
|
||||
# Users
|
||||
users.users.geoffrey = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||
packages = with pkgs; [
|
||||
# dotfiles dependencies
|
||||
coreutils
|
||||
bash
|
||||
gnugrep
|
||||
gnused
|
||||
gnutar
|
||||
openssl
|
||||
git
|
||||
wget
|
||||
curl
|
||||
python3Packages.pip
|
||||
ansible # TODO Reevaluate
|
||||
|
||||
# shell
|
||||
zsh-completions
|
||||
nix-zsh-completions
|
||||
zsh-history-substring-search
|
||||
antigen # TODO Reevaluate
|
||||
powerline-go
|
||||
|
||||
# terminal essentials
|
||||
moreutils
|
||||
man
|
||||
visidata
|
||||
nodePackages.insect
|
||||
translate-shell
|
||||
unzip
|
||||
unrar
|
||||
p7zip
|
||||
|
||||
# remote
|
||||
openssh
|
||||
rsync
|
||||
borgbackup
|
||||
|
||||
# cleanup
|
||||
jdupes
|
||||
duperemove
|
||||
optipng
|
||||
libjpeg
|
||||
# FIXME reflac not available (but also a dumb shell script)
|
||||
|
||||
# local monitoring
|
||||
htop
|
||||
iotop
|
||||
iftop
|
||||
lsof
|
||||
strace
|
||||
pv
|
||||
progress
|
||||
speedtest-cli
|
||||
|
||||
# multimedia toolbox
|
||||
ffmpeg
|
||||
sox
|
||||
imagemagick
|
||||
|
||||
# password
|
||||
pass
|
||||
pwgen
|
||||
|
||||
# Mail
|
||||
isync
|
||||
msmtp
|
||||
notmuch
|
||||
neomutt
|
||||
lynx
|
||||
|
||||
# Organisation
|
||||
vdirsyncer
|
||||
khard
|
||||
khal
|
||||
todoman
|
||||
syncthing
|
||||
|
||||
];
|
||||
initialPassword = "cartable"; # DEBUG
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE41gxrO8oZ5n3saapSwZDViOQphm6RzqgsBUyA88pU geoffrey@frogeye.fr"
|
||||
];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
kexec-tools
|
||||
openvpn
|
||||
update-resolv-conf # TODO Is it what I think it is?
|
||||
];
|
||||
|
||||
# Enable compilation cache
|
||||
programs = {
|
||||
ccache.enable = true;
|
||||
# TODO Not enough, see https://nixos.wiki/wiki/CCache.
|
||||
# Might want to see if it's worth using on NixOS
|
||||
gnupg.agent.enable = true;
|
||||
|
||||
# TODO Below should be user config
|
||||
|
||||
zsh = {
|
||||
enable = true;
|
||||
autosuggestions.enable = true;
|
||||
enableCompletion = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
};
|
||||
neovim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
vimAlias = true;
|
||||
viAlias = true;
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
# Enable the OpenSSH daemon
|
||||
openssh.enable = true;
|
||||
getty.autologinUser = "geoffrey"; # DEBUG
|
||||
|
||||
# Time sychronisation
|
||||
chrony = {
|
||||
enable = true;
|
||||
servers = map (n: "${toString n}.europe.pool.ntp.org") (lib.lists.range 0 3);
|
||||
extraConfig = "rtcsync";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# TEST
|
||||
system.copySystemConfiguration = true;
|
||||
|
||||
# Use defaults from
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
}
|
106
config/nix/modules/desktop.nix
Normal file
106
config/nix/modules/desktop.nix
Normal file
|
@ -0,0 +1,106 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
# Enable the X11 windowing system
|
||||
services.xserver.enable = true;
|
||||
|
||||
services.xserver = {
|
||||
extraLayouts.qwerty-fr = {
|
||||
description = "QWERTY-fr";
|
||||
languages = [ "fr" ];
|
||||
symbolsFile = "${pkgs.stdenv.mkDerivation {
|
||||
name = "qwerty-fr-keypad";
|
||||
src = builtins.fetchGit {
|
||||
url = "https://github.com/qwerty-fr/qwerty-fr.git";
|
||||
rev = "3a4d13089e8ef016aa20baf6b2bf3ea53de674b8";
|
||||
};
|
||||
patches = [ ./qwerty-fr-keypad.diff ];
|
||||
# TODO This doesn't seem to be applied... it's the whole point of the derivation :(
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
mkdir -p $out/linux
|
||||
cp $src/linux/us_qwerty-fr $out/linux
|
||||
runHook postInstall
|
||||
'';
|
||||
}}/linux/us_qwerty-fr";
|
||||
};
|
||||
layout = "qwerty-fr";
|
||||
# TODO home.keyboard = null; in home-manager... or something
|
||||
|
||||
};
|
||||
|
||||
# Enable sound
|
||||
sound.enable = true;
|
||||
hardware.pulseaudio.enable = true;
|
||||
|
||||
services.xserver.displayManager.startx.enable = true;
|
||||
services.xserver.windowManager.i3.enable = true;
|
||||
|
||||
users.users.geoffrey. packages = with pkgs; [
|
||||
# remote
|
||||
tigervnc
|
||||
|
||||
# music
|
||||
mpd
|
||||
mpc-cli
|
||||
ashuffle
|
||||
vimpc
|
||||
|
||||
# multimedia common
|
||||
gimp
|
||||
inkscape
|
||||
mpv
|
||||
mpvScripts.thumbnail
|
||||
libreoffice
|
||||
|
||||
# data management
|
||||
freefilesync
|
||||
|
||||
# browsers
|
||||
firefox
|
||||
qutebrowser
|
||||
|
||||
# fonts
|
||||
dejavu_fonts
|
||||
twemoji-color-font
|
||||
xfce.thunar
|
||||
gnome.gedit
|
||||
feh
|
||||
zathura
|
||||
zbar
|
||||
zathura
|
||||
meld
|
||||
python3Packages.magic
|
||||
yubikey-touch-detector
|
||||
|
||||
# x11-exclusive
|
||||
libgnomekbd # to show keyboard layout
|
||||
dunst
|
||||
i3lock
|
||||
numlockx
|
||||
rofi
|
||||
rofimoji
|
||||
rxvt-unicode
|
||||
# TODO urxvt-resize-font-git
|
||||
scrot
|
||||
simplescreenrecorder
|
||||
trayer
|
||||
unclutter
|
||||
xautolock
|
||||
xclip
|
||||
lemonbar-xft
|
||||
autorandr
|
||||
keynav
|
||||
sct
|
||||
xorg.xinit
|
||||
xorg.xbacklight
|
||||
|
||||
alacritty
|
||||
|
||||
# organisation
|
||||
rofi-pass # TODO Try autopass.cr
|
||||
thunderbird
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [ pavucontrol ];
|
||||
|
||||
}
|
|
@ -2,7 +2,7 @@
|
|||
{
|
||||
# TODO Separate in diffrent packages once the structure is finalized...
|
||||
# or connvert into per-directory requirements
|
||||
home.packages = with pkgs; [
|
||||
users.users.geoffrey. packages = with pkgs; [
|
||||
# Ansible
|
||||
ansible
|
||||
ansible-lint
|
|
@ -1,6 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
home.packages = with pkgs; [
|
||||
users.users.geoffrey. packages = with pkgs; [
|
||||
# android tools
|
||||
android-tools
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
# downloading
|
||||
yt-dlp
|
||||
megatools
|
||||
# transmission TODO Collision if both transmissions are active?
|
||||
transmission
|
||||
transmission-qt
|
||||
|
||||
# wine
|
||||
|
@ -41,4 +41,8 @@
|
|||
# TODO factorio
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# android tools
|
||||
android-udev-rules
|
||||
];
|
||||
}
|
|
@ -1,72 +0,0 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
# TODO qwerty-fr for console
|
||||
|
||||
# Enable CUPS to print documents
|
||||
services.printing.enable = true;
|
||||
|
||||
# Enable passwordless sudo
|
||||
security.sudo.extraRules = [{
|
||||
groups = [ "wheel" ];
|
||||
commands = [{
|
||||
command = "ALL";
|
||||
options = [ "NOPASSWD" ];
|
||||
}];
|
||||
}];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
wget
|
||||
kexec-tools
|
||||
openvpn
|
||||
update-resolv-conf # TODO Is it what I think it is?
|
||||
|
||||
# android tools
|
||||
android-udev-rules
|
||||
];
|
||||
|
||||
programs = {
|
||||
# Enable compilation cache
|
||||
ccache.enable = true;
|
||||
# TODO Not enough, see https://nixos.wiki/wiki/CCache.
|
||||
# Might want to see if it's worth using on NixOS
|
||||
gnupg.agent.enable = true;
|
||||
|
||||
# Let users mount disks
|
||||
udevil.enable = true;
|
||||
};
|
||||
|
||||
services = {
|
||||
# Enable the OpenSSH daemon
|
||||
openssh.enable = true;
|
||||
|
||||
# Time sychronisation
|
||||
chrony = {
|
||||
enable = true;
|
||||
servers = map (n: "${toString n}.europe.pool.ntp.org") (lib.lists.range 0 3);
|
||||
extraConfig = "rtcsync";
|
||||
};
|
||||
|
||||
# Prevent power button from shutting down the computer.
|
||||
# On Pinebook it's too easy to hit,
|
||||
# on others I sometimes turn it off when unsuspending.
|
||||
logind.extraConfig = "HandlePowerKey=ignore";
|
||||
|
||||
};
|
||||
|
||||
# FIXME services.openvpn.servers.<name>.updateResolvConf=true
|
||||
# For profiles in the extensions
|
||||
|
||||
# TODO Hibernation?
|
||||
|
||||
# TEST
|
||||
system.copySystemConfiguration = true;
|
||||
|
||||
# Use defaults from
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
# Enable the X11 windowing system
|
||||
services.xserver.enable = true;
|
||||
|
||||
services.xserver = {
|
||||
windowManager.i3.enable = true;
|
||||
desktopManager.gnome.enable = true;
|
||||
displayManager.defaultSession = "none+i3";
|
||||
|
||||
# Keyboard layout
|
||||
extraLayouts.qwerty-fr = {
|
||||
description = "QWERTY-fr";
|
||||
languages = [ "fr" ];
|
||||
symbolsFile = "${pkgs.stdenv.mkDerivation {
|
||||
name = "qwerty-fr-keypad";
|
||||
src = builtins.fetchGit {
|
||||
url = "https://github.com/qwerty-fr/qwerty-fr.git";
|
||||
rev = "3a4d13089e8ef016aa20baf6b2bf3ea53de674b8";
|
||||
};
|
||||
patches = [ ./qwerty-fr-keypad.diff ];
|
||||
# TODO This doesn't seem to be applied... it's the whole point of the derivation :(
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
mkdir -p $out/linux
|
||||
cp $src/linux/us_qwerty-fr $out/linux
|
||||
runHook postInstall
|
||||
'';
|
||||
}}/linux/us_qwerty-fr";
|
||||
};
|
||||
layout = "qwerty-fr";
|
||||
};
|
||||
|
||||
# Enable sound
|
||||
sound.enable = true;
|
||||
hardware.pulseaudio.enable = true;
|
||||
environment.systemPackages = with pkgs; [ pavucontrol ];
|
||||
}
|
|
@ -1,35 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
<home-manager/nixos>
|
||||
];
|
||||
|
||||
users.users.geoffrey = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||
shell = pkgs.zsh;
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPE41gxrO8oZ5n3saapSwZDViOQphm6RzqgsBUyA88pU geoffrey@frogeye.fr"
|
||||
];
|
||||
};
|
||||
|
||||
# Won't allow to set the shell otherwise,
|
||||
# even though home-manager sets it
|
||||
programs.zsh.enable = true;
|
||||
|
||||
home-manager = {
|
||||
users.geoffrey = { pkgs, ... }: {
|
||||
imports = [
|
||||
../hm/loader.nix
|
||||
];
|
||||
};
|
||||
# Makes VMs able to re-run
|
||||
useUserPackages = true;
|
||||
# Adds consistency
|
||||
useGlobalPkgs = true;
|
||||
};
|
||||
|
||||
# FIXME Make sure I'm the only user & everything is encrypted
|
||||
services.xserver.displayManager.autoLogin.user = "geoffrey";
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./battery.nix
|
||||
./geoffrey.nix
|
||||
./common.nix
|
||||
./desktop.nix
|
||||
./wireless.nix
|
||||
];
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
<nixos-hardware/pine64/pinebook-pro>
|
||||
./os/loader.nix
|
||||
];
|
||||
|
||||
networking.hostName = "pindakaas.geoffrey.frogeye.fr";
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./curacao.nix
|
||||
];
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./os/loader.nix
|
||||
];
|
||||
|
||||
networking.hostName = "nixos";
|
||||
}
|
|
@ -29,6 +29,7 @@ direnv CARGOHOME "$HOME/.cache/cargo" # There are config in there that we can ve
|
|||
export CCACHE_CONFIGPATH="$HOME/.config/ccache.conf"
|
||||
direnv CCACHE_DIR "$HOME/.cache/ccache" # The config file alone seems to be not enough
|
||||
direnv DASHT_DOCSETS_DIR "$HOME/.cache/dash_docsets"
|
||||
direnv GNUPGHOME "$HOME/.config/gnupg"
|
||||
direnv GOPATH "$HOME/.cache/go"
|
||||
direnv GRADLE_USER_HOME "$HOME/.cache/gradle"
|
||||
export INPUTRC="$HOME/.config/inputrc"
|
||||
|
|
Loading…
Reference in a new issue