wieerwill/nix-home-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change from mono-home-manager to full flake multi-system configuration

Browse Source
This commit is contained in:
wieerwill
2025-11-30 12:28:05 +01:00
parent 5c3a992f34
commit 362f65c384
62 changed files with 4469 additions and 576 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
modules/desktop.nix Normal file
View File

@@ -0,0 +1,41 @@
{ config, pkgs, lib, ... }:
let
systemd = pkgs.systemd;
sway = pkgs.sway;
in {
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable the X11 windowing system.
programs.xwayland.enable = true; # For compatibility with apps needing X
services.xserver.enable = false;
services.libinput.enable = true; # Touchpad, mouse, input devices
programs.light.enable = true; # For backlight control
security.polkit.enable = true;
# Configure keymap
services.xserver.xkb = {
layout = "de";
variant = "";
};
environment.systemPackages = with pkgs; [
swaylock
swayidle
wl-clipboard
brightnessctl
bemenu
xwayland
(writers.writeDashBin "sway-logout" ''
${systemd}/bin/systemctl --user unset-environment WAYLAND_DISPLAY SWAYSOCK
${sway}/bin/swaymsg exit
'')
];
}

21
modules/qbittorrent.nix Normal file
View File

@@ -0,0 +1,21 @@
{ config, pkgs, ... }:
{
services.qbittorrent = {
enable = true;
user = "wieerwill"; # or a dedicated service user
group = "users";
webuiPort = 8080;
torrentingPort = 51413;
profileDir = "/var/lib/qbittorrent";
openFirewall = true;
serverConfig = {
Preferences = {
Connection.PortRangeMin = 51413;
Downloads.SavePath = "/home/wieerwill/torrents";
WebUI.Port = 8080;
};
};
};
}

18
modules/secrets.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
sops
age
];
sops = {
#defaultSopsFile = ./../secrets/secrets.enc.yaml;
age.keyFile = "/home/wieerwill/.config/sops/age/keys.txt";
};
#sops.secrets.git-email = {
# owner = "wieerwill";
# path = "/home/wieerwill/.config/git-email";
#};
}

43
modules/security.nix Normal file
View File

@@ -0,0 +1,43 @@
{ config, pkgs, ... }:
{
services.openssh = {
enable = true;
ports = [ 22 ];
settings = {
AllowUsers = [ "wieerwill" ];
X11Forwarding = false;
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
KbdInteractiveAuthentication = false;
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
80 # HTTP
443 # HTTPS
22000 # Syncthing
9050 # Tor SOCKS
9051 # Tor Control
5353 # Tor DNS (if using virtual DNS)
];
allowedUDPPorts = [ ];
};
services.fail2ban = {
enable = true;
maxretry = 3; # Ban IP after 3 failures
bantime = "24h"; # Ban IPs for one day on the first ban
bantime-increment = {
enable = true; # increment of bantime after each violation
#formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h"; # Do not ban for more than 1 week
overalljails = true; # bantime based on all violations
};
};
}

68
modules/unfree.nix Normal file
View File

@@ -0,0 +1,68 @@
{ config, pkgs, lib, ... }:
{
nixpkgs.config = {
allowUnfree = false;
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
# allow for android sdk
"android-sdk-cmdline-tools"
"android-sdk-emulator"
"android-sdk-build-tools"
"android-sdk-platforms"
"android-sdk-platform-tools"
"android-sdk-tools"
"android-sdk-ndk"
"platform-tools"
"platforms"
"build-tools"
"ndk"
"cmdline-tools"
"android-sdk-system-image-32-google_apis-arm64-v8a-system-image-32-google_apis-x86_64"
"android-sdk-system-image-32-google_apis_playstore-arm64-v8a-system-image-32-google_apis_playstore-x86_64"
"android-sdk-system-image-33-google_apis-arm64-v8a-system-image-33-google_apis-x86_64"
"android-sdk-system-image-33-google_apis_playstore-arm64-v8a-system-image-33-google_apis_playstore-x86_64"
"android-sdk-system-image-34-google_apis-arm64-v8a-system-image-34-google_apis-x86_64"
"android-sdk-system-image-34-google_apis_playstore-arm64-v8a-system-image-34-google_apis_playstore-x86_64"
"android-sdk-system-image-35-google_apis-arm64-v8a-system-image-35-google_apis-x86_64"
"android-sdk-system-image-35-google_apis_playstore-arm64-v8a-system-image-35-google_apis_playstore-x86_64"
"android-sdk-system-image-36-google_apis-arm64-v8a-system-image-36-google_apis-x86_64"
"android-sdk-system-image-36-google_apis_playstore-arm64-v8a-system-image-36-google_apis_playstore-x86_64"
"system-image-32-google_apis-x86_64"
"system-image-32-google_apis-arm64-v8a"
"system-image-32-google_apis_playstore-x86_64"
"system-image-32-google_apis_playstore-arm64-v8a"
"system-image-33-google_apis-x86_64"
"system-image-33-google_apis-arm64-v8a"
"system-image-33-google_apis_playstore-x86_64"
"system-image-33-google_apis_playstore-arm64-v8a"
"system-image-34-google_apis-x86_64"
"system-image-34-google_apis-arm64-v8a"
"system-image-34-google_apis_playstore-x86_64"
"system-image-34-google_apis_playstore-arm64-v8a"
"system-image-35-google_apis-x86_64"
"system-image-35-google_apis-arm64-v8a"
"system-image-35-google_apis_playstore-x86_64"
"system-image-35-google_apis_playstore-arm64-v8a"
"system-image-36-google_apis-x86_64"
"system-image-36-google_apis-arm64-v8a"
"system-image-36-google_apis_playstore-x86_64"
"system-image-36-google_apis_playstore-arm64-v8a"
"emulator"
"tools"
"cmake"
"android-studio-stable"
# other packages
"discord"
"obsidian"
"vscode"
"zoom"
"steam"
"steamdeck-hw-theme"
"steam-jupiter-unwrapped"
];
android_sdk.accept_license = true;
};
}

44
modules/users.nix Normal file
View File

@@ -0,0 +1,44 @@
{ config, pkgs, lib, ... }:
{
users.mutableUsers = false;
# Enable automatic login for the user.
services.getty.autologinUser = "wieerwill";
users.users.wieerwill = {
isNormalUser = true;
description = "wieerwill";
home = "/home/wieerwill";
createHome = true;
extraGroups = [
"wheel" # sudo access
"networkmanager" # network config
"audio" "video" # media and graphics support
"docker" # container management
"libvirtd" # virtualization
"input" # gamepad / touchscreen
"plugdev" # udev/USB access
"git"
];
# leave empty if managed externally (passwd or sops)
initialHashedPassword = "";
#openssh.authorizedKeys.keys = [
# # Replace with your actual SSH pubkey
# "ssh-ed25519 AAAAC3Nz... user@machine"
#];
packages = with pkgs; [
zsh
];
shell = pkgs.zsh;
};
programs.zsh.enable = true;
# Optional system-wide group definition for shared development tools
users.groups.git.gid = 998;
users.groups.plugdev = { };
}

41
modules/wifi.nix Normal file
View File

@@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
# easy way: nmcli dev wifi connect "MySSID" password "your-password"
{
networking.networkmanager = {
enable = true;
connections = {
"MyHomeWiFi" = {
type = "wifi";
interface = "wlan0"; # or leave out for automatic interface
uuid = "123e4567-e89b-12d3-a456-426614174000"; # optional but recommended
id = "HeimwehLan";
autoconnect = true;
wifi = {
ssid = "HeimwehLan";
mode = "infrastructure";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "+++++++";
};
ipv4 = {
method = "auto";
};
ipv6 = {
method = "ignore";
};
};
"MyWorkWiFi" = {
type = "wifi";
id = "MyWorkWiFi";
autoconnect = false;
wifi.ssid = "CorpNet";
wifi-security.psk = "CorpSecret";
ipv4.method = "auto";
};
};
};
}