wieerwill/nix-home-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change from mono-home-manager to full flake multi-system configuration

Browse Source
This commit is contained in:
wieerwill
2025-11-30 12:28:05 +01:00
parent 5c3a992f34
commit 362f65c384
62 changed files with 4469 additions and 576 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
home/_home.nix Normal file
View File

@@ -0,0 +1,49 @@
{ config, pkgs, lib, ... }:
{
imports = [
./_options.nix
./androidstudio.nix
./backup.nix
./chromium.nix
./design.nix
./embedded.nix
./fonts.nix
./git.nix
./javascript.nix
./keepass.nix
./llm.nix
./logseq.nix
./mail.nix
./obsidian.nix
./redshift.nix
./secrets.nix
./security.nix
./social.nix
./sway.nix
./syncthing.nix
./terminal.nix
./tor.nix
./vim.nix
./vpn-pia.nix
./vscode.nix
#./zen-browser.nix
];
home.username = "wieerwill";
home.homeDirectory = "/home/wieerwill";
home.stateVersion = "25.05";
home.sessionVariables = {
SOPS_CONFIG = "${config.home.homeDirectory}/nixConfig/secrets/.sops.yaml";
};
home.packages = with pkgs; [
unzip
sops
age
];
home.sessionVariables = {
PATH = "$PNPM_HOME:${config.home.homeDirectory}/Android/Sdk/cmdline-tools/latest/bin:${config.home.homeDirectory}/Android/Sdk/platform-tools";
};
}

35
home/_options.nix Normal file
View File

@@ -0,0 +1,35 @@
{ lib, ... }:
with lib;
{
options = {
homeModules = {
androidstudio.enable = mkEnableOption "Enable Android Studio setup";
backup.enable = mkEnableOption "Enable Borg backup";
chromium.enable = mkEnableOption "Enable Chromium browser";
design.enable = mkEnableOption "Enable graphics tools";
embedded.enable = mkEnableOption "Enable embedded development setup";
fonts.enable = mkEnableOption "Enable fonts management";
git.enable = mkEnableOption "Enable git";
javascript.enable = mkEnableOption "Enable JS/TS dev environment";
keepass.enable = mkEnableOption "Enable KeePassXC";
llm.enable = mkEnableOption "Enable local LLM setup (Ollama etc.)";
logseq.enable = mkEnableOption "Enable Logseq";
mail.enable = mkEnableOption "Enable mail clients";
obsidian.enable = mkEnableOption "Enable Obsidian markdown setup";
redshift.enable = mkEnableOption "Enable Redshift";
secrets.enable = mkEnableOption "Enable SOPS Secrets";
security.enable = mkEnableOption "Enable home security settings";
social.enable = mkEnableOption "Enable social apps";
sway.enable = mkEnableOption "Enable sway desktop";
syncthing.enable = mkEnableOption "Enable Syncthing";
terminal.enable = mkEnableOption "Enable terminal config";
tor.enable = mkEnableOption "Enable TOR and Onionshare";
vim.enable = mkEnableOption "Enable vim config";
vpnpia.enable = mkEnableOption "Enable Private Internet Access VPN";
vscode.enable = mkEnableOption "Enable VSCode";
zenbrowser.enable = mkEnableOption "Enable Zen browser";
};
};
}

33
home/androidstudio.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, lib, ... }:
let
androidSdkRoot = "${config.home.homeDirectory}/Android/Sdk";
cfg = config.homeModules.androidstudio;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
android-studio
# Tools for Android SDK management
android-tools
jdk11 # or jdk17 if needed by Android Studio
gradle
];
# Set up environment variables for Android development
home.sessionVariables = {
ANDROID_SDK_ROOT = androidSdkRoot;
ANDROID_HOME = androidSdkRoot;
ANDROID_AVD_HOME = "${config.home.homeDirectory}/.android/avd";
JAVA_HOME = "${pkgs.jdk11}/lib/openjdk"; # Or jdk17 if preferred
# in _home.nix PATH = lib.mkAfter "${androidSdkRoot}/cmdline-tools/latest/bin:${androidSdkRoot}/platform-tools";
};
# Create needed folders and install SDK components on first run (optional)
home.activation.setupAndroidSdk = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
mkdir -p "${androidSdkRoot}"
if ! [ -x "${androidSdkRoot}/cmdline-tools/latest/bin/sdkmanager" ]; then
echo " Installing Android SDK Command-line Tools..."
cp -r ${pkgs.androidsdk}/cmdline-tools "${androidSdkRoot}/cmdline-tools"
fi
'';
}

68
home/backup.nix Normal file
View File

@@ -0,0 +1,68 @@
{ config, pkgs, lib, ... }:
let
hostname = config.networking.hostName or (builtins.getEnv "HOSTNAME");
backupTarget = "/mnt/backup/borg"; # Adjust this path to your remote or local backup repo
backupRepo = "${backupTarget}/${hostname}";
backupPaths = {
"t440p" = [ "Documents" "Projects" ];
"steamdeck" = [ ".config" ];
"xaorus" = [ "Pictures" "Videos" ];
};
folders = builtins.map (dir: "${config.home.homeDirectory}/${dir}") (backupPaths.${hostname} or []);
cfg = config.homeModules.backup;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [ borgbackup ];
systemd.user.services.borg-backup = {
Unit = {
Description = "Borg Backup for ${hostname}";
Wants = [ "network-online.target" ];
After = [ "network-online.target" ];
};
Service = {
Type = "oneshot";
ExecStart = ''
${pkgs.borgbackup}/bin/borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz20 \
${backupRepo}::"{now:%Y-%m-%d_%H-%M}" \
${builtins.concatStringsSep " \\\n " folders} \
--exclude ${config.home.homeDirectory}/.cache \
--exclude ${config.home.homeDirectory}/Downloads \
--exclude ${config.home.homeDirectory}/node_modules \
--exclude '*/.git' \
--exclude '*/venv' \
--exclude '*/target'
'';
ExecStopPost = ''
${pkgs.borgbackup}/bin/borg prune -v --list ${backupRepo} \
--keep-daily=7 \
--keep-weekly=4 \
--keep-monthly=3
'';
};
Install = {
WantedBy = [ "default.target" ];
};
};
# Optional: allow the backup location to be automounted
xdg.userDirs.extraConfig = {
XDG_BACKUP_DIR = "${backupTarget}";
};
# Optional: set environment variable to simplify CLI usage
home.sessionVariables = {
BORG_REPO = backupRepo;
BORG_PASSPHRASE = ""; # or use environment.d or a secrets mechanism
};
}

40
home/chromium.nix Normal file
View File

@@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.chromium;
in
lib.mkIf cfg.enable {
programs.chromium = {
enable = true;
package = pkgs.brave; # use brave as package
# List of Chromium dictionaries to install
dictionaries = [
pkgs.hunspellDictsChromium.en_US
pkgs.hunspellDictsChromium.de_DE
];
extensions = [
# Add Chrome extension IDs here to auto-install them
# Example:
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin
];
# Enable hardware acceleration (VAAPI, WebGL, etc.)
# enableWideVine = true;
commandLineArgs = [
"--enable-features=UseOzonePlatform"
"--ozone-platform=wayland"
"--restore-last-sesstion" # on startup restore
"--safebrowsing-enable-enhanced-protection"
];
};
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/http" = "chromium-browser.desktop";
"x-scheme-handler/https" = "chromium-browser.desktop";
"text/html" = "chromium-browser.desktop";
};
}

69
home/design.nix Normal file
View File

@@ -0,0 +1,69 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.design;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
inkscape
openscad
gimp
darktable
];
# Optional desktop entries and MIME associations
xdg.mimeApps.defaultApplications = {
"image/png" = "org.gimp.GIMP.desktop";
"image/svg+xml" = "org.inkscape.Inkscape.desktop";
"application/x-gimp" = "org.gimp.GIMP.desktop";
"application/x-openraster" = "org.gimp.GIMP.desktop";
"image/x-xcf" = "org.gimp.GIMP.desktop";
"image/x-raw" = "org.darktable.Darktable.desktop";
"application/x-openscad" = "openscad.desktop";
};
xdg.desktopEntries = {
gimp = {
name = "GIMP";
genericName = "Image Editor";
exec = "gimp %F";
terminal = false;
icon = "gimp";
type = "Application";
categories = [ "Graphics" "2DGraphics" "RasterGraphics" ];
};
inkscape = {
name = "Inkscape";
genericName = "Vector Graphics Editor";
exec = "inkscape %F";
terminal = false;
icon = "inkscape";
type = "Application";
categories = [ "Graphics" "VectorGraphics" ];
};
openscad = {
name = "OpenSCAD";
genericName = "3D CAD Modeler";
exec = "openscad %F";
terminal = false;
icon = "openscad";
type = "Application";
categories = [ "Graphics" "3DGraphics" "Engineering" ];
};
darktable = {
name = "Darktable";
genericName = "Photography Workflow Software";
exec = "darktable %F";
terminal = false;
icon = "darktable";
type = "Application";
categories = [ "Graphics" "Photography" "RAW" ];
};
};
# Optional tweaks or plugins setup can go here if needed in the future
}

200
home/email.nix Normal file
View File

@@ -0,0 +1,200 @@
{ pkgs, ... }:
{
accounts.email.accounts = {
gmx = {
primary = true;
address = "robert.jeutter@gmx.de";
userName = "robert.jeutter@gmx.de";
smtp = {
host = "mail.gmx.net";
};
realName = "Robert Jeutter";
imap.host = "imap.gmx.net";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
signature = {
text = ''
Mit besten Grüßen
Robert Jeutter
https://wieerwill.dev
'';
showSignature = "append";
};
passwordCommand = "mail-password";
};
web = {
#primary = true;
address = "robert.jeutter@web.de";
userName = "robert.jeutter@web.de";
smtp = {
host = "smtp.web.de";
};
realName = "Robert Jeutter";
imap.host = "imap.web.de";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
signature = {
text = ''
Mit besten Grüßen
Robert Jeutter
https://wieerwill.dev
'';
showSignature = "append";
};
passwordCommand = "mail-password";
};
web2 = {
#primary = true;
address = "fuer.hilfe@web.de";
userName = "fuer.hilfe@web.de";
smtp = {
host = "smtp.web.de";
};
realName = "Fuer Hilfe";
imap.host = "imap.web.de";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
#signature = {
# text = ''
# Mit besten Grüßen
# Robert Jeutter
# https://wieerwill.dev
# '';
# showSignature = "append";
#};
passwordCommand = "mail-password";
};
gmail = {
#primary = true;
address = "apfelsaftrr@gmail.com";
userName = "apfelsaftrr@gmail.com";
smtp = {
host = "smtp.gmail.com";
};
realName = "Apfel RR Saft";
imap.host = "imap.gmail.com";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
#signature = {
# text = ''
# Mit besten Grüßen
# Robert Jeutter
# https://wieerwill.dev
# '';
# showSignature = "append";
#};
passwordCommand = "mail-password";
};
flyhering = {
#primary = true;
address = "flyhering@web.de";
userName = "flyhering@web.de";
smtp = {
host = "smtp.web.de";
};
realName = "flyhering";
imap.host = "imap.web.de";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
#signature = {
# text = ''
# Mit besten Grüßen
# Robert Jeutter
# https://wieerwill.dev
# '';
# showSignature = "append";
#};
passwordCommand = "mail-password";
};
rolex = {
#primary = true;
address = "rolex.sorela@web.de";
userName = "rolex.sorela@web.de";
smtp = {
host = "smtp.web.de";
};
realName = "Apfel RR Saft";
imap.host = "imap.web.de";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
#signature = {
# text = ''
# Mit besten Grüßen
# Robert Jeutter
# https://wieerwill.dev
# '';
# showSignature = "append";
#};
passwordCommand = "mail-password";
};
wieerwill = {
#primary = true;
address = "mail@wieerwill.dev";
userName = "mail@wieerwill.dev";
smtp = {
host = "mail.wieerwill.dev";
};
realName = "WieErWill";
imap.host = "mail.wieerwill.dev";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
signature = {
text = ''
Mit besten Grüßen
WieErWill
https://wieerwill.dev
'';
showSignature = "append";
};
passwordCommand = "mail-password";
};
valwiArt = {
#primary = true;
address = "mail@valwi.art";
userName = "mail@valwi.art";
smtp = {
host = "mail.wieerwill.dev";
};
realName = "Valwi.Art";
imap.host = "mail.wieerwill.dev";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
signature = {
text = ''
Mit besten Grüßen
Valwi.Art
https://valwi.art
'';
showSignature = "append";
};
passwordCommand = "mail-password";
};
}
}

83
home/embedded.nix Normal file
View File

@@ -0,0 +1,83 @@
# You should run espup-init once per user to install toolchains.
#
# For STM32/RP2040, youll likely configure chip names in flash-stm.
#
# Add .cargo/config.toml for probe-rs targets like:
# [target.riscv32imac-unknown-none-elf]
# runner = "probe-rs run"
#
# Set up arduino-cli using:
# arduino-cli config init
# arduino-cli core update-index
# arduino-cli core install arduino:avr
#
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.embedded;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
# General embedded tools
rustup
binutils
cargo-binutils
llvmPackages.bintools
openocd
dfu-util
minicom
picocom
lldb
gcc
gdb
# qemu # quick emulator
# gnumake
# pkg-config
# ARM toolchains
gcc-arm-embedded
# Espressif ESP32
espup
espflash
#espmonitor
ldproxy
cargo-espflash
# ST-Link / J-Link / Debug probes
probe-rs
#jlink
# Arduino
arduino-cli
];
# Optional system envs for toolchains or common paths
home.sessionVariables = {
ESPUP_INSTALL_PATH = "${config.home.homeDirectory}/.espressif";
RUSTUP_HOME = "${config.home.homeDirectory}/.rustup";
CARGO_HOME = "${config.home.homeDirectory}/.cargo";
};
# Udev rules for embedded devices (ESP, STLink, J-Link, Arduino)
# These must be placed on a NixOS system-wide level; for non-NixOS we print a helper
home.activation.printUdevHint = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
echo "📎 Embedded development: Make sure you have correct udev rules installed for USB devices."
echo "Examples:"
echo " - https://github.com/espressif/esp-idf/blob/master/tools/udev/60-esper-devices.rules"
echo " - https://probe.rs/docs/getting-started/installation/#udev-rules"
echo " - https://www.arduino.cc/en/guide/linux"
echo " - For STLink and J-Link adapters: udev rules are required for non-root flashing."
'';
# Optional: shell aliases to speed up common flows
programs.zsh.shellAliases = {
espup-init = "espup install";
flash-esp = "cargo espflash";
monitor-esp = "espmonitor";
flash-stm = "cargo flash --chip";
embed = "cargo embed";
};
}

1417
home/firefox.nix Normal file
View File

File diff suppressed because it is too large Load Diff

32
home/fonts.nix Normal file
View File

@@ -0,0 +1,32 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.fonts;
in
lib.mkIf cfg.enable {
fonts = {
fontconfig = {
enable = true;
defaultFonts = {
emoji = ["emojione"];
monospace = ["0xproto"];
sansSerif = ["open-dyslexic"];
serif = ["open-dyslexic"];
};
};
};
home.packages = with pkgs; [
emojione
nerd-fonts._0xproto
nerd-fonts.droid-sans-mono
nerd-fonts.hack
nerd-fonts.noto
nerd-fonts.open-dyslexic
nerd-fonts.symbols-only
nerd-fonts.ubuntu
nerd-fonts.jetbrains-mono
];
}

39
home/git.nix Normal file
View File

@@ -0,0 +1,39 @@
{ config, pkgs, lib, ... }:
#let
# gitEmailPath = "${config.xdg.configHome}/git-email";
#in
let
cfg = config.homeModules.git;
in
lib.mkIf cfg.enable {
programs.git = {
enable = true;
userName = "wieerwill";
userEmail = "wieerwill@protonmail.com"; #lib.mkIf (builtins.pathExists gitEmailPath) (
# lib.strings.removeSuffix "\n" (builtins.readFile gitEmailPath)
#);
lfs.enable = true;
aliases = { };
#signing = {
# key = "ssh-ed25519 ...";
# signByDefault = true;
#};
extraConfig = {
#gpg = {
# format = "ssh";
#};
init.defaultBranch = "main";
push.autoSetupRemote = true;
credential.helper = "libsecret";
#credential.helper = "${
# pkgs.git.override { withLibsecret = true; }
# }/bin/git-credential-libsecret";
};
};
}

114
home/gnome.nix Normal file
View File

@@ -0,0 +1,114 @@
{ config, pkgs, lib, ... }:
{
gnome = { pkgs, ... }: {
config = {
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
]) ++ (with pkgs.gnome; [
cheese # webcam tool
gnome-music
epiphany # web browser
geary # email reader
gnome-characters
gnome-contacts
gnome-initial-setup
]);
programs.dconf.enable = true;
environment.systemPackages = with pkgs; [
gnome.gnome-tweaks
]
};
};
gtk = {
enable = true;
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
};
theme = {
name = "palenight";
package = pkgs.palenight-theme;
};
cursorTheme = {
name = "Numix-Cursor";
package = pkgs.numix-cursor-theme;
};
gtk3.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
gtk4.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
};
home.sessionVariables.GTK_THEME = "palenight";
# Use `dconf watch /` to track stateful changes you are doing, then set them here.
dconf.settings = {
# ...
"org/gnome/shell" = {
favorite-apps = [
"firefox.desktop"
"code.desktop"
"org.gnome.Terminal.desktop"
"spotify.desktop"
"virt-manager.desktop"
"org.gnome.Nautilus.desktop"
];
disable-user-extensions = false;
# `gnome-extensions list` for a list
enabled-extensions = [
"user-theme@gnome-shell-extensions.gcampax.github.com"
"trayIconsReloaded@selfmade.pl"
"Vitals@CoreCoding.com"
"dash-to-panel@jderose9.github.com"
"sound-output-device-chooser@kgshank.net"
"space-bar@luchrioh"
];
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
enable-hot-corners = false;
};
"org/gnome/desktop/wm/preferences" = {
workspace-names = [ "Main" ];
};
"org/gnome/desktop/background" = {
picture-uri = "file:///run/current-system/sw/share/backgrounds/gnome/vnc-l.png";
picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/gnome/vnc-d.png";
};
"org/gnome/desktop/screensaver" = {
picture-uri = "file:///run/current-system/sw/share/backgrounds/gnome/vnc-d.png";
primary-color = "#3465a4";
secondary-color = "#000000";
};
};
home.packages = with pkgs; [
# ...
gnomeExtensions.user-themes
gnomeExtensions.tray-icons-reloaded
gnomeExtensions.vitals
gnomeExtensions.dash-to-panel
gnomeExtensions.sound-output-device-chooser
gnomeExtensions.space-bar
];
}

70
home/javascript.nix Normal file
View File

@@ -0,0 +1,70 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.javascript;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
nodejs_20 # default fallback Node.js
yarn # optional global package manager
pnpm
typescript
nodePackages.eslint
nodePackages.prettier
#nodePackages.npm-check-updates
#nodePackages.astro
#nodePackages."@angular/cli"
#nodePackages.create-react-app
#nodePackages."@next/bundle-analyzer"
#nodePackages.vite
];
programs.zsh = {
shellAliases = {
nrun = "npx";
nstart = "npm run start";
dev = "pnpm dev || npm run dev || yarn dev";
build = "pnpm build || npm run build || yarn build";
};
initContent = ''
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
'';
};
# nvm installed manually; Nixpkgs does not manage dynamic Node versions well
home.file.".nvm/nvm.sh".source = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/nvm.sh";
sha256 = "sha256-EPSUbf93oq1jyzCRAZLRqkK15Y3EsA92Qpxq6mw8N1c=";
};
home.sessionVariables = {
NODE_ENV = "development";
NVM_DIR = "${config.home.homeDirectory}/.nvm";
PNPM_HOME = "${config.home.homeDirectory}/.local/share/pnpm";
# in _home.nix PATH = lib.mkBefore "$PNPM_HOME";
};
# Auto-completions and formatting helpers
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
programs.vscode = {
enable = true;
profiles.default.extensions = with pkgs.vscode-extensions; [
esbenp.prettier-vscode
dbaeumer.vscode-eslint
astro-build.astro-vscode
angular.ng-template
];
profiles.default.userSettings = {
"editor.formatOnSave" = true;
"typescript.tsdk" = "node_modules/typescript/lib";
"eslint.validate" = [ "javascript" "typescript" "javascriptreact" "typescriptreact" ];
"prettier.requireConfig" = true;
};
};
}

65
home/keepass.nix Normal file
View File

@@ -0,0 +1,65 @@
{ config, pkgs, lib, ... }:
let
dbPath = "${config.home.homeDirectory}/Documents/Passwords/main.kdbx"; # adjust as needed
cfg = config.homeModules.keepass;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
keepassxc
];
# Optional: Desktop entry tweaks or custom XDG
xdg.mimeApps.defaultApplications = {
"application/x-kdbx" = "org.keepassxc.KeePassXC.desktop";
};
xdg.desktopEntries.keepassxc = {
name = "KeePassXC";
genericName = "Password Manager";
exec = "keepassxc %f";
terminal = false;
categories = [ "Utility" "Security" ];
mimeType = [ "application/x-kdbx" ];
};
# Autostart with KeePassXC and preload DB
systemd.user.services.keepassxc = {
Unit = {
Description = "KeePassXC Password Manager";
After = [ "graphical-session.target" ];
};
Service = {
ExecStart = "${pkgs.keepassxc}/bin/keepassxc ${dbPath}";
Restart = "on-abort";
};
Install.WantedBy = [ "default.target" ];
};
# Optional system tray icon via environment variable
home.sessionVariables = {
KEEPASSXC_SHOW_SYSTEM_TRAY_ICON = "1";
};
# Browser integration: ensure it's available and optionally install native messaging host
programs.browserpass.enable = true;
# Optional: configure secrets sync path (e.g. synced with Syncthing)
home.file.".config/keepassxc/config.ini".text = ''
[General]
LastDatabases=${dbPath}
MinimizeToTray=true
StartMinimized=false
AutoOpenDatabasesOnStartup=true
AutoSaveOnExit=true
AutoLockDatabaseIdleMinutes=10
AutoTypePrependMenu=true
[Security]
ClearClipboardAfterSeconds=10
LockDatabaseAfterIdle=true
LockDatabaseOnScreenSaver=true
LockDatabaseOnSessionLock=true
'';
}

67
home/llm.nix Normal file
View File

@@ -0,0 +1,67 @@
{ config, pkgs, lib, ... }:
let
ollamaModelDir = "/mnt/models/ollama"; # ✅ change to your external disk or large partition
modelsToInstall = [
"llama3"
"mistral"
"codellama"
"gemma"
];
cfg = config.homeModules.llm;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
ollama
opencode
];
# Set up environment variables
home.sessionVariables = {
OLLAMA_MODELS = ollamaModelDir;
OLLAMA_HOST = "127.0.0.1:11434";
};
# Systemd user service for ollama daemon
systemd.user.services.ollama = {
Unit = {
Description = "Ollama LLM Inference Daemon";
After = [ "network.target" ];
};
Service = {
ExecStart = "${pkgs.ollama}/bin/ollama serve";
Environment = [
"OLLAMA_MODELS=${ollamaModelDir}"
"OLLAMA_HOST=127.0.0.1:11434"
];
Restart = "on-failure";
};
Install = {
WantedBy = [ "default.target" ];
};
};
# Setup ollama models via activation script
home.activation.installOllamaModels = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
export OLLAMA_MODELS=${ollamaModelDir}
export OLLAMA_HOST=127.0.0.1:11434
mkdir -p ${ollamaModelDir}
echo " Checking and pulling ollama models..."
for model in ${builtins.toString modelsToInstall}; do
if ! ${pkgs.ollama}/bin/ollama list | grep -q "$model"; then
${pkgs.ollama}/bin/ollama pull "$model"
fi
done
'';
# Optional aliases for quick usage
programs.zsh.shellAliases = {
llm = "opencode";
ollama-ui = "xdg-open http://localhost:11434";
};
}

51
home/logseq.nix Normal file
View File

@@ -0,0 +1,51 @@
{ config, pkgs, lib, ... }:
let
notesDir = "${config.home.homeDirectory}/Logseq";
cfg = config.homeModules.logseq;
in
lib.mkIf cfg.enable {
home.packages = [
pkgs.logseq
];
# Ensure notes directory exists
home.file."Logseq/.keep".text = "";
# Shell alias
programs.zsh.shellAliases = {
logseq = "logseq ${notesDir}";
};
# Create desktop entry for convenience
xdg.desktopEntries.logseq = {
name = "Logseq";
genericName = "Markdown Knowledge Base";
comment = "Open source outliner with local Markdown storage.";
exec = "logseq";
icon = "logseq";
type = "Application";
categories = [ "Office" "NoteTaking" "Utility" ];
};
home.file.".config/logseq/config.edn".text = ''{
:preferred-theme :light
:page-width 0.7
:custom-css-path ""
}'';
# Create default notes directory
home.activation.createLogseqDir = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
mkdir -p "${notesDir}"
'';
# Theme & plugins setup (manual step for user)
home.activation.logseqThemeNote = lib.hm.dag.entryAfter ["writeBoundary"] ''
echo "🎨 You can customize Logseq by placing themes and plugins in:"
echo " ${notesDir}/logseq"
echo ""
echo "💡 Example community themes and plugins:"
echo " https://github.com/logseq/awesome-logseq"
'';
}

72
home/mail.nix Normal file
View File

@@ -0,0 +1,72 @@
{ config, pkgs, lib, ... }:
let
bridgeAppImage = pkgs.appimageTools.wrapType2 {
pname = "protonmail-bridge";
version = "3.8.0-beta.1";
src = pkgs.fetchurl {
url = "https://proton.me/download/bridge/protonmail-bridge-3.8.0-beta.1-linux.AppImage";
sha256 = "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=";
};
};
wrapperScript = pkgs.writeShellScriptBin "thunderbird" ''
if ! pgrep -x "protonmail-bridge" > /dev/null; then
systemctl --user start protonmail-bridge.service
sleep 2 # Wait briefly to ensure bridge is ready
fi
exec ${pkgs.thunderbird}/bin/thunderbird "$@"
'';
cfg = config.homeModules.mail;
in
lib.mkIf cfg.enable {
home.packages = [
bridgeAppImage
wrapperScript
];
# Start ProtonMail Bridge as systemd service
systemd.user.services.protonmail-bridge = {
Unit = {
Description = "ProtonMail Bridge (headless)";
After = [ "network.target" ];
};
Service = {
ExecStart = "${bridgeAppImage}/bin/protonmail-bridge --no-window";
Restart = "on-failure";
Environment = "PATH=${lib.makeBinPath [ pkgs.glibc pkgs.coreutils pkgs.bash ]}";
};
Install.WantedBy = [ "default.target" ];
};
# Preconfigure Thunderbird profile (adjust email as needed)
home.file.".thunderbird/profiles.ini".text = ''
[Install4F96D1932C2A4F9B]
Default=default
Locked=1
[Profile0]
Name=default
IsRelative=1
Path=default
Default=1
'';
home.file.".thunderbird/default/prefs.js".text = ''
user_pref("mail.identity.id1.fullName", "Your Name");
user_pref("mail.identity.id1.useremail", "your-email@protonmail.com");
user_pref("mail.identity.id1.smtpServer", "smtp1");
user_pref("mail.identity.id1.archive_folder", "imap://your-email@protonmail.com/Archives");
user_pref("mail.account.account1.server", "imap1");
user_pref("mail.account.account1.identities", "id1");
user_pref("mail.server.imap1.hostname", "127.0.0.1");
user_pref("mail.server.imap1.port", 1143);
user_pref("mail.server.imap1.type", "imap");
user_pref("mail.server.imap1.userName", "your-email@protonmail.com");
user_pref("mail.smtpserver.smtp1.hostname", "127.0.0.1");
user_pref("mail.smtpserver.smtp1.port", 1025);
user_pref("mail.smtpserver.smtp1.authMethod", 3);
user_pref("mail.smtpserver.smtp1.username", "your-email@protonmail.com");
'';
}

60
home/obsidian.nix Normal file
View File

@@ -0,0 +1,60 @@
{ config, pkgs, lib, ... }:
let
vaultName = "main";
notesDir = "${config.home.homeDirectory}/Obsidian";
vaultDir = "${notesDir}/${vaultName}";
plugins = [
"calendar"
"advanced-tables"
"dataview"
"markdown-formatting-assistant"
];
pluginDir = "${vaultDir}/.obsidian/plugins";
setupPlugins = pkgs.writeShellScriptBin "setup-obsidian-plugins" ''
set -e
mkdir -p "${pluginDir}"
cd "${pluginDir}"
${lib.concatMapStringsSep "\n" (plugin:
''
if [ ! -d "${plugin}" ]; then
echo "Installing plugin: ${plugin}"
git clone --depth=1 https://github.com/obsidianmd/obsidian-releases/tree/master/community-plugins/${plugin} ${plugin} || true
fi
''
) plugins}
'';
cfg = config.homeModules.obsidian;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
obsidian
setupPlugins
];
# Ensure Notes and vault directory exist
home.file."Obsidian/.keep".text = "";
# Shell alias
programs.zsh.shellAliases = {
obsidian = "obsidian ${vaultDir}";
};
# Obsidian desktop entry
xdg.desktopEntries.obsidian = {
name = "Obsidian";
genericName = "Markdown Notes";
comment = "A powerful knowledge base with Markdown and local storage.";
exec = "obsidian ${vaultDir}";
icon = "obsidian";
type = "Application";
categories = [ "Office" "TextEditor" "Utility" ];
};
# Reminder to run plugin setup
home.activation.obsidianPluginSetup = lib.hm.dag.entryAfter ["writeBoundary"] ''
echo "💡 Run 'setup-obsidian-plugins' to install default plugins into ${pluginDir}"
'';
}

42
home/programs.nix Normal file
View File

@@ -0,0 +1,42 @@
{ config, pkgs, lib, ... }:
{
# The home.packages option allows you to install
# Nix packages into your environment.
home.packages = with pkgs; [
thunderbird
vimiv-qt
zip
unzip
signal-desktop
vlc
keepassxc
logseq
okular
borgbackup
discord
pulsemixer
brightnessctl
gammastep # color temperature
swaybg
xwayland
grim # screenshot functionality
slurp # screenshot functionality
wl-clipboard # copy/paste from stdin / stdout
mako # notification system developed by swaywm maintainer
# secret management
age
sops
];
programs.nvm = {
enable = true;
};
programs.direnv.enable = true;
}

22
home/redshift.nix Normal file
View File

@@ -0,0 +1,22 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.redshift;
in
lib.mkIf cfg.enable {
services.redshift = {
enable = true;
settings.redshift = {
brightness-day = "1";
brightness-night = "1";
};
temperature = {
day = 5500;
night = 3000;
};
latitude = "48.864716";
longitude = "2.349014";
};
}

20
home/secrets.nix Normal file
View File

@@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
{
#imports = [
# sops-nix.homeManagerModules.sops
#];
home.packages = with pkgs; [ sops age ];
#sops = {
# enable = true;
# defaultSopsFile = ../secrets/secrets.enc.yaml;
# age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
# secrets.test = {
# sopsFile = ../secrets/secrets.enc.yaml;
# path = "%r/test.txt"; # will resolve to $XDG_RUNTIME_DIR/test.txt
# };
#};
}

26
home/security.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.security;
in
lib.mkIf cfg.enable {
programs.gpg = {
enable = true;
mutableKeys = true; # allow changes in keys or trust
mutableTrust = true;
#publicKeys = [
# {
# source = ""; #./path/to/key.a;
# trust = "ultimate";
# }
#];
};
programs.ssh = {
enable = true;
addKeysToAgent = "yes"; # let home manager manage ssh keys
};
}

60
home/social.nix Normal file
View File

@@ -0,0 +1,60 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.social;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
# WhatsApp (via webapp in browser or Electron wrapper)
whatsapp-for-linux
# Telegram Desktop client
telegram-desktop
# Signal
signal-desktop
# Discord
discord
# Zoom (unfree)
zoom-us
# Mastodon (via browser or desktop client)
#tootle # or choose “sengi” or “mastodon” Electron client if preferred
# Matrix client
element-desktop
];
# Optional: associate default browser-based apps
xdg.mimeApps = {
enable = true;
defaultApplications = {
"x-scheme-handler/https" = [ "firefox.desktop" ];
"x-scheme-handler/http" = [ "firefox.desktop" ];
};
};
# Optional: start messaging apps on login
systemd.user.services = {
signal-desktop = {
Unit.Description = "Signal Desktop";
Service = {
ExecStart = "${pkgs.signal-desktop}/bin/signal-desktop";
Restart = "on-failure";
};
Install.WantedBy = [ "default.target" ];
};
telegram-desktop = {
Unit.Description = "Telegram Desktop";
Service = {
ExecStart = "${pkgs.telegram-desktop}/bin/telegram-desktop";
Restart = "on-failure";
};
Install.WantedBy = [ "default.target" ];
};
};
}

142
home/sway.nix Normal file
View File

@@ -0,0 +1,142 @@
{ config, pkgs, lib, ... }:
let
display1 = "card0-eDP-1";
workspace1 = "1:Web";
workspace2 = "2:App";
workspace3 = "3:Chat";
workspace4 = "4:Read";
workspace5 = "5:Code";
workspace6 = "6:Password";
workspace7 = "7:Shell";
workspace8 = "8:Media";
cfg = config.homeModules.sway;
in
lib.mkIf cfg.enable {
wayland.windowManager.sway = {
enable = true;
wrapperFeatures.gtk = true;
config = rec {
modifier = "Mod4"; # Windows key
terminal = "alacritty";
menu = "bemenu-run";
startup = [
{ command = "swaymsg workspace ${workspace5}; exec nvim"; }
{ command = "keepassxc"; }
{ command = "logseq"; }
{ command = "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP XDG_SESSION_TYPE NIXOS_OZONE_WL XCURSOR_THEME XCURSOR_SIZE PATH"; }
{ command = "systemctl --user start sway-session.target"; }
{ command = "swaymsg workspace ${workspace7}; exec ${terminal}"; }
];
input = {
"type:keyboard" = {
xkb_layout = "de";
repeat_delay = "600";
repeat_rate = "25";
};
"type:pointer" = {
natural_scroll = "false";
left_handed = "false";
middle_emulation = "true";
};
"*" = {
xkb_layout = "de";
};
};
output = {
"${display1}" = {
res = "1920x1080";
pos = "0 0";
scale = "1";
};
"*" = {
scale = "1";
};
};
keybindings = {
# Launch terminal and menu
"${modifier}+Return" = "exec ${terminal}";
"${modifier}+d" = "exec ${menu}";
# Kill focused window
"${modifier}+Shift+q" = "kill";
# Reload and exit sway
"${modifier}+Shift+c" = "reload";
"${modifier}+Shift+e" = "exec 'swaynag -t warning -m \"Exit Sway?\" -b \"Yes\" \"swaymsg exit\"'";
# Lock screen manually
"${modifier}+l" = "exec swaylock";
# Screenshot tools
"Print" = "exec grimshot save area";
"${modifier}+Shift+s" = "exec grimshot save window";
"${modifier}+s" = "exec grimshot save screen";
# Workspace switching
"${modifier}+1" = "workspace ${workspace1}";
"${modifier}+2" = "workspace ${workspace2}";
"${modifier}+3" = "workspace ${workspace3}";
"${modifier}+4" = "workspace ${workspace4}";
"${modifier}+5" = "workspace ${workspace5}";
"${modifier}+6" = "workspace ${workspace6}";
"${modifier}+7" = "workspace ${workspace7}";
"${modifier}+8" = "workspace ${workspace8}";
# Move focused container to a workspace
"${modifier}+Shift+1" = "move container to workspace ${workspace1}";
"${modifier}+Shift+2" = "move container to workspace ${workspace2}";
"${modifier}+Shift+3" = "move container to workspace ${workspace3}";
"${modifier}+Shift+4" = "move container to workspace ${workspace4}";
"${modifier}+Shift+5" = "move container to workspace ${workspace5}";
"${modifier}+Shift+6" = "move container to workspace ${workspace6}";
"${modifier}+Shift+7" = "move container to workspace ${workspace7}";
"${modifier}+Shift+8" = "move container to workspace ${workspace8}";
};
workspaceOutputAssign = [
{
workspace = workspace1;
output = display1;
}
];
assigns = {
"${workspace1}" = [ { app_id = "firefox"; } ];
"${workspace3}" = [ { class = "Signal"; } ];
"${workspace5}" = [ { class = "nvim"; } ];
"${workspace6}" = [ { app_id = "org.keepassxc.KeePassXC"; } ];
"${workspace7}" = [ { app_id = "Alacritty"; } ];
};
};
};
services.swayidle = {
enable = true;
timeouts = [
{
timeout = 300;
command = lib.getExe config.programs.swaylock.package;
}
];
};
programs.swaylock = {
enable = true;
settings = {
font = "JetBrainsMono Nerd Font";
screenshots = true;
clock = true;
show-failed-attempts = true;
indicator-idle-visible = true;
};
};
}

101
home/syncthing.nix Normal file
View File

@@ -0,0 +1,101 @@
{ config, pkgs, lib, ... }:
let
syncthingFolderBase = "${config.home.homeDirectory}/"; # default sync dir
cfg = config.homeModules.syncthing;
in
lib.mkIf cfg.enable {
services.syncthing = {
enable = true;
tray = {
enable = true;
package = pkgs.syncthingtray; # optional: GUI tray indicator
};
guiAddress = "127.0.0.1:8384";
settings = {
# get id with: syncthing --device-id
devices = {
t440p = {
id = "DEVICE-ID-T440P"; # replace with actual Syncthing device ID
name = "ThinkPad T440p";
};
steamdeck = {
id = "DEVICE-ID-STEAMDECK"; # replace with actual device ID
name = "SteamDeck";
};
xaorus = {
id = "4XQWZB6-OTRCS2M-QOZ4HYK-KEKBARC-X7ELITX-HF4RZA2-X7NFK74-VBI4BAU";
name = "Xaorus";
introducer = true;
};
};
folders = {
"logseq" = {
enable = true;
path = "${syncthingFolderBase}/logseq";
devices = [ "t440p" "steamdeck" "xaorus" ];
label = "LogSeq";
fsWatcherEnabled = true;
rescanInterval = 60;
ignorePerms = true;
ignore = [
"*.swp"
".cache"
];
versioning = {
type = "trashcan";
params.cleanoutDays = "1000";
};
};
"projects" = {
path = "${syncthingFolderBase}/projects";
devices = [ "t440p" "xaorus" ];
label = "Projects";
ignorePerms = true;
versioning = null;
ignore = [
".stversions"
".git"
"node_modules"
"target"
"*.lock"
"dist"
"out"
".DS_Store"
"thumbs.db"
];
};
# PublicMemes
#"screenshots" = {
# path = "${syncthingFolderBase}/screenshots";
# devices = [ "steamdeck" ];
# label = "Screenshots";
#};
};
options = {
urAccepted = -1; # telemetry disabled
listenAddresses = [
"tcp://0.0.0.0:22000"
"quic://0.0.0.0:22000"
];
globalAnnounceEnabled = false;
localAnnounceEnabled = true;
relaysEnabled = true;
natEnabled = true;
startBrowser = false;
autoAcceptFolders = false;
maxFolderConcurrency = 3;
minHomeDiskFree = {
unit = "%";
value = 3;
};
};
};
};
}

146
home/terminal.nix Normal file
View File

@@ -0,0 +1,146 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.terminal;
in
lib.mkIf cfg.enable {
# ─── Terminal Emulator ────────────────────────────────────────────────
programs.alacritty = {
enable = true;
settings = {
font = {
normal = {
family = "JetBrainsMono Nerd Font";
style = "Regular";
};
size = 12;
};
colors.primary = {
foreground = "#d8d8d8";
background = "#181818";
dim_foreground = "#828482";
};
# Optional: shell integration
shell = {
program = "${pkgs.zsh}/bin/zsh";
args = [ "-l" ];
};
window.opacity = 1;
};
};
# ─── Zsh Shell ────────────────────────────────────────────────────────
programs.zsh = {
enable = true;
enableCompletion = true;
autosuggestion = {
enable = true;
strategy = [ "history" ];
};
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "cursor" ];
patterns = {
"rm -rf *" = "fg=white,bold,bg=red";
};
};
enableVteIntegration = true;
autocd = true;
history = {
save = 10000;
share = true;
ignoreDups = true;
ignoreAllDups = true;
expireDuplicatesFirst = true;
ignorePatterns = [ "rm *" "pkill *" ];
};
shellAliases = {
ll = "ls -lh";
la = "ls -a";
".." = "cd ..";
update = "sudo nixos-rebuild switch";
gc = "sudo nix-collect-garbage -d";
edit = "sudo -e";
nixlog = "journalctl -xe -u nixos-rebuild";
};
sessionVariables = {
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=8";
EDITOR = "nvim";
PAGER = "less";
};
oh-my-zsh = {
enable = true;
theme = "dst"; # Or "jonathan", "robbyrussell", etc.
plugins = [
"git"
"sudo"
"z"
"vi-mode"
"alias-finder"
"docker"
"colored-man-pages"
"history"
"direnv"
"node"
"zsh-autosuggestions"
"zsh-syntax-highlighting"
"docker"
"rust"
];
};
};
# ─── Modern System Monitors ───────────────────────────────────────────
programs.btop = {
enable = true;
settings = {
color_theme = "tokyo-night";
truecolor = true;
rounded_corners = true;
};
};
programs.htop.enable = true;
# ─── Extras ───────────────────────────────────────────────────────────
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
programs.zoxide = {
enable = true; # Better cd
enableZshIntegration = true;
};
programs.fzf = {
enable = true;
enableZshIntegration = true;
};
programs.starship = {
enable = true;
enableZshIntegration = true;
};
programs.eza = {
enable = true;
enableZshIntegration = true;
};
home.packages = with pkgs; [
ripgrep
fd
bat
git
jq
unzip
gnupg
neofetch
lsd
delta
bottom
];
}

40
home/tor.nix Normal file
View File

@@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.tor;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
tor-browser-bundle-bin
onionshare
qbittorrent
torsocks
qbittorrent
];
systemd.user.services.tor-browser = {
Unit = {
Description = "Launch Tor Browser";
};
Service = {
ExecStart = "${pkgs.tor-browser-bundle-bin}/bin/tor-browser";
Restart = "always";
};
Install = {
WantedBy = [ "default.target" ];
};
};
# Optionally allow torsocks usage system-wide
#environment.variables = {
# This allows tools to use torsocks if invoked manually
# You may prefer wrapping apps instead
# TOR_SOCKS_PORT = "9050";
#};
# Optional CLI wrapper for routing traffic through Tor
home.shellAliases = {
torify = "torsocks";
};
}

63
home/vim.nix Normal file
View File

@@ -0,0 +1,63 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.vim;
in
lib.mkIf cfg.enable {
programs.neovim = {
enable = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
defaultEditor = true;
extraConfig = ''
lua << EOF
require('lspconfig').rust_analyzer.setup{}
EOF
'';
plugins = let
nvim-treesitter-with-plugins = pkgs.vimPlugins.nvim-treesitter.withPlugins (treesitter-plugins:
with treesitter-plugins; [
astro
bash
c
css
cpp
dockerfile
git_config
git_rebase
gitattributes
gitcommit
gitignore
html
http
javascript
json
latex
markdown
nix
python
rust
sql
sway
typescript
vim
zig
]);
in
with pkgs.vimPlugins; [
vim-colors-solarized
vim-nix
nvim-lspconfig
nvim-treesitter-with-plugins
rust-tools-nvim
nvim-cmp
cmp-nvim-lsp
nvim-treesitter.withAllGrammars
];
};
}

53
home/vpn-pia.nix Normal file
View File

@@ -0,0 +1,53 @@
{ config, pkgs, lib, ... }:
let
# Optional: create a runtime directory for pia-manager to store configs
piaDir = "${config.home.homeDirectory}/.config/pia";
cfg = config.homeModules.vpnpia;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
openvpn
#pia-manager
wireguard-tools
jq
systemd
];
home.file.".config/pia/config.json".text = builtins.toJSON {
token = "REPLACE_WITH_YOUR_PIA_TOKEN";
region = "DE Frankfurt"; # Adjust to your preferred location
protocol = "wireguard"; # or "openvpn_udp"/"openvpn_tcp"
dns = true;
port_forward = false;
};
systemd.user.services.pia-vpn = {
Unit = {
Description = "Private Internet Access VPN";
After = [ "network.target" ];
};
Service = {
Type = "simple";
#ExecStart = "${pkgs.pia-manager}/bin/pia-manager up --config ${piaDir}/config.json";
#ExecStop = "${pkgs.pia-manager}/bin/pia-manager down";
Restart = "on-failure";
};
Install = {
WantedBy = [ "default.target" ];
};
};
# Enable service on login
systemd.user.startServices = true;
# Optional: add a shell alias for manual control
programs.zsh.shellAliases = {
vpn-up = "systemctl --user start pia-vpn";
vpn-down = "systemctl --user stop pia-vpn";
vpn-status = "systemctl --user status pia-vpn";
};
}

91
home/vscode.nix Normal file
View File

@@ -0,0 +1,91 @@
{ config, pkgs, lib, ... }:
{
### VSCode Server ###
imports = [
"${fetchTarball {
url = "https://github.com/msteen/nixos-vscode-server/tarball/master";
sha256 = "1rdn70jrg5mxmkkrpy2xk8lydmlc707sk0zb35426v1yxxka10by";
}}/modules/vscode-server/home.nix"
];
config = lib.mkIf config.homeModules.vscode.enable {
services.vscode-server.enable = true;
# Optional: extra settings
# services.vscode-server.enableFHS = true;
# services.vscode-server.nodejsPackage = pkgs.nodejs_20;
### VSCode Editor ###
programs.vscode = {
enable = true;
profiles.default = {
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
userSettings = {
"editor.formatOnSave" = true;
"editor.inlineSuggest.enabled" = true;
"editor.minimap.enabled" = false;
"editor.minimap.autohide" = true;
"editor.minimap.renderCharacters" = false;
"explorer.autoReveal" = false;
"explorer.excludeGitIgnore" = true;
"extensions.autoUpdate" = false;
"git.autofetch" = true;
"git.suggestSmartCommit" = false;
"git.confirmSync" = false;
"security.workspace.trust.enabled" = false;
"security.workspace.trust.untrustedFiles" = "open";
"workbench.colorTheme" = "SynthWave '84";
"workbench.iconTheme" = "material-icon-theme";
"workbench.startupEditor" = "none";
"workbench.tree.indent" = 16;
"rust-analyzer.lens.implementations.enable" = false;
"chat.agent.enabled" = false;
"[typescript]" = {
"editor.defaultFormatter" = "esbenp.prettier-vscode";
};
"[vue]" = {
"editor.defaultFormatter" = "Vue.volar";
};
"[mdx]" = {
"editor.defaultFormatter" = "unifiedjs.vscode-mdx";
};
"[astro]" = {
"editor.defaultFormatter" = "astro-build.astro-vscode";
};
"[nix]" = {
"editor.defaultFormatter" = "jnoortheen.nix-ide";
};
};
extensions = with pkgs.vscode-extensions; [
# Nix
bbenoist.nix
# Rust
rust-lang.rust-analyzer
tamasfe.even-better-toml
# JS/TS
dbaeumer.vscode-eslint
esbenp.prettier-vscode
astro-build.astro-vscode
# Misc
yzhang.markdown-all-in-one
foxundermoon.shell-format
# Git
waderyan.gitblame
#mhutchie.git-graph
donjayamanne.githistory
codezombiech.gitignore
];
};
};
};
}

67
home/zen-browser.nix Normal file
View File

@@ -0,0 +1,67 @@
{ config, pkgs, lib, zen-browser, ... }:
let
cfg = config.homeModules.zenbrowser;
in
lib.mkIf cfg.enable {
imports = [
# You can choose one of the following:
# inputs.zen-browser.homeModules.beta
# inputs.zen-browser.homeModules.twilight
zen-browser.homeModules.twilight-official
];
programs.zen-browser = {
enable = true;
policies = {
AutofillAddressEnabled = true;
AutofillCreditCardEnabled = false;
DisableAppUpdate = true;
DisableFeedbackCommands = true;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DontCheckDefaultBrowser = true;
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
};
nativeMessagingHosts = [
pkgs.firefoxpwa
];
};
xdg.mimeApps = let
value = inputs.zen-browser.packages.${pkgs.system}.twilight.meta.desktopFileName;
associations = builtins.listToAttrs (map (name: {
inherit name value;
}) [
"application/x-extension-shtml"
"application/x-extension-xhtml"
"application/x-extension-html"
"application/x-extension-xht"
"application/x-extension-htm"
"x-scheme-handler/unknown"
"x-scheme-handler/mailto"
"x-scheme-handler/chrome"
"x-scheme-handler/about"
"x-scheme-handler/https"
"x-scheme-handler/http"
"application/xhtml+xml"
"application/json"
"text/plain"
"text/html"
]);
in {
associations.added = associations;
defaultApplications = associations;
};
}