wieerwill/nix-home-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change from mono-home-manager to full flake multi-system configuration

Browse Source
This commit is contained in:
wieerwill
2025-11-30 12:28:05 +01:00
parent 5c3a992f34
commit 362f65c384
62 changed files with 4469 additions and 576 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
secrets/secrets.yaml
secrets/keys.txt

68
README.md Normal file
View File

@@ -0,0 +1,68 @@
# nixConfig
This is a modular, flake-based Nix configuration repository for managing all personal machines and environments in one place. It supports:
- Full system configuration for NixOS laptop.
- Home Manager user environments on all machines (NixOS, Ubuntu, WSL, servers).
- Reusable modules for programs and services.
- Declarative configuration and reproducible builds.
## Repository Structure
```shell
nixConfig/
├── flake.nix # Flake entry point with all system and user configs
├── flake.lock # Input versions for reproducibility
├── hosts/ # Per-host system-level configs
│ ├── t440p # NixOS system config for laptop
│ │ ├── configuration.nix # NixOS system config
│ │ └── hardware-configuration.nix # Hardware config generated by NixOS
│ ├── steamdeck # NixOS system running on Valve Steamdeck
│ ├── xaorus # home-manager on Ubuntu
│ └── vps04_08 # services running on Ubuntu VPS
├── home/ # Home Manager configs (user environments)
│ └── home.nix # Shared user config for 'wieerwill'
├── modules/ # Shared program/service modules
│ └── ...
```
## Usage
### Rebuild the system
use the systems name at the end. Example:
```bash
sudo nixos-rebuild switch --flake ~/nixConfig#t440p
```
### Rebuild Home Manager only (e.g. on non-NixOS systems)
```bash
home-manager switch --flake ~/nixConfig#<username>@<hostname>
```
### Update flake inputs
```bash
nix flake update
```
or use the scripts in `/scripts`. The script is build for on-system execution and will clean up afterwards:
```bash
chmod +x ./scripts/nix-maintain.sh
./scripts/nix-maintain.sh
```
## Setup
* `/etc/nixos` is a symlink to `~/nixConfig` so NixOS can find configuration files (`sudo ln -s /home/$USER/nixConfig /etc/nixos`).
* Uses matching Home Manager and Nixpkgs versions (`release-25.05`) to avoid compatibility warnings.
* Home Manager is integrated via NixOS modules for system-wide user config.
## Modules
The `home/` and `modules/` directory will contain reusable modules such as:
* `neovim.nix` editor configuration
* `firefox.nix` browser preferences
* `git.nix` shared Git settings
* `traefik.nix` server services
These modules will be selectively included in each host config or enabled conditionally.
## Secrets & Private Data
Do **not** store secrets or passwords in this repository!
SOPS with age is provided in the configuration as secure method for secrets management.

180
firefox.nix
View File

@@ -1,180 +0,0 @@
{ config, pkgs, lib, ... }:
{
programs.firefox = {
enable = true;
policies = {
DisablePocket = true;
DisplayBookmarksToolbar = true;
DisableFirefoxStudies = true;
DisableTelemetry = true;
PasswordManagerEnabled = false;
FirefoxHome = {
Search = true;
Pocket = false;
Snippets = false;
TopSites = false;
Highlights = false;
SponsoredPocket = false;
SponsoredTopSites = false;
};
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
ExtensionSettings = {
"jid1-MnnxcxisBPnSXQ@jetpack" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/privacy-badger17/latest.xpi";
installation_mode = "force_installed";
};
"firefox@ghostery.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ghostery/latest.xpi";
installation_mode = "force_installed";
};
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
"{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi";
installation_mode = "force_installed";
};
};
};
profiles = {
Personal = {
id = 0;
search = {
force = true;
engines = {
"Nix Packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "query";
value = "{searchTerms}";
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ];
}
];
};
"Nix Options" = {
urls = [
{
template = "https://search.nixos.org/options";
params = [
{
name = "query";
value = "{searchTerms}";
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@no" ];
}
];
};
};
};
bookmarks = [
{
name = "Toolbar";
toolbar = true;
bookmarks = [
{
name = "Development";
bookmarks = [
{
name = "Web";
bookmarks = [
{
name = "TypeScript docs";
url = "https://www.typescriptlang.org/docs/";
}
];
}
{
name = "Typst";
bookmarks = [
{
name = "Typst docs";
url = "https://typst.app/docs/";
}
];
}
{
name = "Nix";
bookmarks = [
{
name = "Nix(OS) manual (stable)";
url = "https://nixos.org/manual/nixos/stable/";
}
{
name = "Home manager options";
url = "https://nix-community.github.io/home-manager/options.xhtml";
}
{
name = "Noogle";
url = "https://noogle.dev/";
}
{
name = "Nixpkgs";
url = "https://github.com/nixos/nixpkgs";
}
];
}
{
name = "GitHub";
url = "https://github.com/";
}
];
}
{
name = "Radio";
bookmarks = [
{
name = "Meshtastic client";
url = "https://client.meshtastic.org/";
}
{
name = "Meshmap";
url = "https://meshmap.net";
}
];
}
];
}
{
name = "Entertainment";
bookmarks = [
{
name = "YouTube";
url = "https://youtube.com/";
}
];
}
];
};
};
};
home = {
sessionVariables.BROWSER = "firefox";
#persistence."/persist/home/wieerwill" = {
# directories = [
# ".mozilla/firefox"
# ];
#};
};
}

94
flake.lock generated Normal file
View File

@@ -0,0 +1,94 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1758463745,
"narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1763334038,
"narHash": "sha256-LBVOyaH6NFzQ3X/c6vfMZ9k4SV2ofhpxeL9YnhHNJQQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4c8cdd5b1a630e8f72c9dd9bf582b1afb3127d2c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix",
"zen-browser": "zen-browser"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1763509310,
"narHash": "sha256-s2WzTAD3vJtPACBCZXezNUMTG/wC6SFsU9DxazB9wDI=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3ee33c0ed7c5aa61b4e10484d2ebdbdc98afb03e",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1764166920,
"narHash": "sha256-AEpt8JdKA4RVobRjaR7S2QP3bmUz8dhuWasB7mr9Ylo=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "6f5d615393a5e923ea2883ef28e274031d1b1e1e",
"type": "github"
},
"original": {
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

85
flake.nix Normal file
View File

@@ -0,0 +1,85 @@
{
description = "Multi-machine NixOS and Home Manager config";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
home-manager.url = "github:nix-community/home-manager/release-25.05";
sops-nix.url = "github:Mic92/sops-nix";
zen-browser = {
url = "github:0xc000022070/zen-browser-flake";
inputs = {
# IMPORTANT: we're using "libgbm" and is only available in unstable so ensure
# to have it up-to-date or simply don't specify the nixpkgs input
nixpkgs.follows = "nixpkgs";
home-manager.follows = "home-manager";
};
};
home-manager.inputs.nixpkgs.follows = "nixpkgs";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs@ { self, nixpkgs, home-manager, sops-nix, ... }: {
nixosConfigurations = {
t440p = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/t440p/configuration.nix
home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.wieerwill = import ./hosts/t440p/home.nix {
inherit inputs;
};
}
];
};
steamdeck = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/steamdeck/configuration.nix
home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.wieerwill = import ./hosts/steamdeck/home.nix {
inherit inputs;
};
}
];
};
};
homeConfigurations = {
xaorus = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs {
system = "x86_64-linux";
};
modules = [
./hosts/xaorus/home.nix
sops-nix.homeManagerModules.sops
];
extraSpecialArgs = { inherit inputs; };
};
vps04_08 = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs {
system = "x86_64-linux";
};
modules = [
./hosts/vps04_08/home.nix
sops-nix.homeManagerModules.sops
];
extraSpecialArgs = { inherit inputs; };
};
};
};
}

36
home.nix
View File

@@ -1,36 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
./firefox.nix
./fonts.nix
./git.nix
./programs.nix
./security.nix
./sway.nix
./terminal.nix
./vim.nix
./vscode.nix
];
# Home Manager needs a bit of information about you
# and the paths it should manage.
home = {
username = "wieerwill";
homeDirectory = "/home/wieerwill";
enableNixpkgsReleaseCheck = false;
stateVersion = "24.05"; # read DOCs before changing.
file = {
# ".screenrc".source = dotfiles/screenrc;
};
sessionVariables = {
# EDITOR = "emacs";
};
};
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
}

49
home/_home.nix Normal file
View File

@@ -0,0 +1,49 @@
{ config, pkgs, lib, ... }:
{
imports = [
./_options.nix
./androidstudio.nix
./backup.nix
./chromium.nix
./design.nix
./embedded.nix
./fonts.nix
./git.nix
./javascript.nix
./keepass.nix
./llm.nix
./logseq.nix
./mail.nix
./obsidian.nix
./redshift.nix
./secrets.nix
./security.nix
./social.nix
./sway.nix
./syncthing.nix
./terminal.nix
./tor.nix
./vim.nix
./vpn-pia.nix
./vscode.nix
#./zen-browser.nix
];
home.username = "wieerwill";
home.homeDirectory = "/home/wieerwill";
home.stateVersion = "25.05";
home.sessionVariables = {
SOPS_CONFIG = "${config.home.homeDirectory}/nixConfig/secrets/.sops.yaml";
};
home.packages = with pkgs; [
unzip
sops
age
];
home.sessionVariables = {
PATH = "$PNPM_HOME:${config.home.homeDirectory}/Android/Sdk/cmdline-tools/latest/bin:${config.home.homeDirectory}/Android/Sdk/platform-tools";
};
}

35
home/_options.nix Normal file
View File

@@ -0,0 +1,35 @@
{ lib, ... }:
with lib;
{
options = {
homeModules = {
androidstudio.enable = mkEnableOption "Enable Android Studio setup";
backup.enable = mkEnableOption "Enable Borg backup";
chromium.enable = mkEnableOption "Enable Chromium browser";
design.enable = mkEnableOption "Enable graphics tools";
embedded.enable = mkEnableOption "Enable embedded development setup";
fonts.enable = mkEnableOption "Enable fonts management";
git.enable = mkEnableOption "Enable git";
javascript.enable = mkEnableOption "Enable JS/TS dev environment";
keepass.enable = mkEnableOption "Enable KeePassXC";
llm.enable = mkEnableOption "Enable local LLM setup (Ollama etc.)";
logseq.enable = mkEnableOption "Enable Logseq";
mail.enable = mkEnableOption "Enable mail clients";
obsidian.enable = mkEnableOption "Enable Obsidian markdown setup";
redshift.enable = mkEnableOption "Enable Redshift";
secrets.enable = mkEnableOption "Enable SOPS Secrets";
security.enable = mkEnableOption "Enable home security settings";
social.enable = mkEnableOption "Enable social apps";
sway.enable = mkEnableOption "Enable sway desktop";
syncthing.enable = mkEnableOption "Enable Syncthing";
terminal.enable = mkEnableOption "Enable terminal config";
tor.enable = mkEnableOption "Enable TOR and Onionshare";
vim.enable = mkEnableOption "Enable vim config";
vpnpia.enable = mkEnableOption "Enable Private Internet Access VPN";
vscode.enable = mkEnableOption "Enable VSCode";
zenbrowser.enable = mkEnableOption "Enable Zen browser";
};
};
}

33
home/androidstudio.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, lib, ... }:
let
androidSdkRoot = "${config.home.homeDirectory}/Android/Sdk";
cfg = config.homeModules.androidstudio;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
android-studio
# Tools for Android SDK management
android-tools
jdk11 # or jdk17 if needed by Android Studio
gradle
];
# Set up environment variables for Android development
home.sessionVariables = {
ANDROID_SDK_ROOT = androidSdkRoot;
ANDROID_HOME = androidSdkRoot;
ANDROID_AVD_HOME = "${config.home.homeDirectory}/.android/avd";
JAVA_HOME = "${pkgs.jdk11}/lib/openjdk"; # Or jdk17 if preferred
# in _home.nix PATH = lib.mkAfter "${androidSdkRoot}/cmdline-tools/latest/bin:${androidSdkRoot}/platform-tools";
};
# Create needed folders and install SDK components on first run (optional)
home.activation.setupAndroidSdk = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
mkdir -p "${androidSdkRoot}"
if ! [ -x "${androidSdkRoot}/cmdline-tools/latest/bin/sdkmanager" ]; then
echo " Installing Android SDK Command-line Tools..."
cp -r ${pkgs.androidsdk}/cmdline-tools "${androidSdkRoot}/cmdline-tools"
fi
'';
}

68
home/backup.nix Normal file
View File

@@ -0,0 +1,68 @@
{ config, pkgs, lib, ... }:
let
hostname = config.networking.hostName or (builtins.getEnv "HOSTNAME");
backupTarget = "/mnt/backup/borg"; # Adjust this path to your remote or local backup repo
backupRepo = "${backupTarget}/${hostname}";
backupPaths = {
"t440p" = [ "Documents" "Projects" ];
"steamdeck" = [ ".config" ];
"xaorus" = [ "Pictures" "Videos" ];
};
folders = builtins.map (dir: "${config.home.homeDirectory}/${dir}") (backupPaths.${hostname} or []);
cfg = config.homeModules.backup;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [ borgbackup ];
systemd.user.services.borg-backup = {
Unit = {
Description = "Borg Backup for ${hostname}";
Wants = [ "network-online.target" ];
After = [ "network-online.target" ];
};
Service = {
Type = "oneshot";
ExecStart = ''
${pkgs.borgbackup}/bin/borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz20 \
${backupRepo}::"{now:%Y-%m-%d_%H-%M}" \
${builtins.concatStringsSep " \\\n " folders} \
--exclude ${config.home.homeDirectory}/.cache \
--exclude ${config.home.homeDirectory}/Downloads \
--exclude ${config.home.homeDirectory}/node_modules \
--exclude '*/.git' \
--exclude '*/venv' \
--exclude '*/target'
'';
ExecStopPost = ''
${pkgs.borgbackup}/bin/borg prune -v --list ${backupRepo} \
--keep-daily=7 \
--keep-weekly=4 \
--keep-monthly=3
'';
};
Install = {
WantedBy = [ "default.target" ];
};
};
# Optional: allow the backup location to be automounted
xdg.userDirs.extraConfig = {
XDG_BACKUP_DIR = "${backupTarget}";
};
# Optional: set environment variable to simplify CLI usage
home.sessionVariables = {
BORG_REPO = backupRepo;
BORG_PASSPHRASE = ""; # or use environment.d or a secrets mechanism
};
}

40
home/chromium.nix Normal file
View File

@@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.chromium;
in
lib.mkIf cfg.enable {
programs.chromium = {
enable = true;
package = pkgs.brave; # use brave as package
# List of Chromium dictionaries to install
dictionaries = [
pkgs.hunspellDictsChromium.en_US
pkgs.hunspellDictsChromium.de_DE
];
extensions = [
# Add Chrome extension IDs here to auto-install them
# Example:
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin
];
# Enable hardware acceleration (VAAPI, WebGL, etc.)
# enableWideVine = true;
commandLineArgs = [
"--enable-features=UseOzonePlatform"
"--ozone-platform=wayland"
"--restore-last-sesstion" # on startup restore
"--safebrowsing-enable-enhanced-protection"
];
};
xdg.mimeApps.defaultApplications = {
"x-scheme-handler/http" = "chromium-browser.desktop";
"x-scheme-handler/https" = "chromium-browser.desktop";
"text/html" = "chromium-browser.desktop";
};
}

69
home/design.nix Normal file
View File

@@ -0,0 +1,69 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.design;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
inkscape
openscad
gimp
darktable
];
# Optional desktop entries and MIME associations
xdg.mimeApps.defaultApplications = {
"image/png" = "org.gimp.GIMP.desktop";
"image/svg+xml" = "org.inkscape.Inkscape.desktop";
"application/x-gimp" = "org.gimp.GIMP.desktop";
"application/x-openraster" = "org.gimp.GIMP.desktop";
"image/x-xcf" = "org.gimp.GIMP.desktop";
"image/x-raw" = "org.darktable.Darktable.desktop";
"application/x-openscad" = "openscad.desktop";
};
xdg.desktopEntries = {
gimp = {
name = "GIMP";
genericName = "Image Editor";
exec = "gimp %F";
terminal = false;
icon = "gimp";
type = "Application";
categories = [ "Graphics" "2DGraphics" "RasterGraphics" ];
};
inkscape = {
name = "Inkscape";
genericName = "Vector Graphics Editor";
exec = "inkscape %F";
terminal = false;
icon = "inkscape";
type = "Application";
categories = [ "Graphics" "VectorGraphics" ];
};
openscad = {
name = "OpenSCAD";
genericName = "3D CAD Modeler";
exec = "openscad %F";
terminal = false;
icon = "openscad";
type = "Application";
categories = [ "Graphics" "3DGraphics" "Engineering" ];
};
darktable = {
name = "Darktable";
genericName = "Photography Workflow Software";
exec = "darktable %F";
terminal = false;
icon = "darktable";
type = "Application";
categories = [ "Graphics" "Photography" "RAW" ];
};
};
# Optional tweaks or plugins setup can go here if needed in the future
}

200
home/email.nix Normal file
View File

@@ -0,0 +1,200 @@
{ pkgs, ... }:
{
accounts.email.accounts = {
gmx = {
primary = true;
address = "robert.jeutter@gmx.de";
userName = "robert.jeutter@gmx.de";
smtp = {
host = "mail.gmx.net";
};
realName = "Robert Jeutter";
imap.host = "imap.gmx.net";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
signature = {
text = ''
Mit besten Grüßen
Robert Jeutter
https://wieerwill.dev
'';
showSignature = "append";
};
passwordCommand = "mail-password";
};
web = {
#primary = true;
address = "robert.jeutter@web.de";
userName = "robert.jeutter@web.de";
smtp = {
host = "smtp.web.de";
};
realName = "Robert Jeutter";
imap.host = "imap.web.de";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
signature = {
text = ''
Mit besten Grüßen
Robert Jeutter
https://wieerwill.dev
'';
showSignature = "append";
};
passwordCommand = "mail-password";
};
web2 = {
#primary = true;
address = "fuer.hilfe@web.de";
userName = "fuer.hilfe@web.de";
smtp = {
host = "smtp.web.de";
};
realName = "Fuer Hilfe";
imap.host = "imap.web.de";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
#signature = {
# text = ''
# Mit besten Grüßen
# Robert Jeutter
# https://wieerwill.dev
# '';
# showSignature = "append";
#};
passwordCommand = "mail-password";
};
gmail = {
#primary = true;
address = "apfelsaftrr@gmail.com";
userName = "apfelsaftrr@gmail.com";
smtp = {
host = "smtp.gmail.com";
};
realName = "Apfel RR Saft";
imap.host = "imap.gmail.com";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
#signature = {
# text = ''
# Mit besten Grüßen
# Robert Jeutter
# https://wieerwill.dev
# '';
# showSignature = "append";
#};
passwordCommand = "mail-password";
};
flyhering = {
#primary = true;
address = "flyhering@web.de";
userName = "flyhering@web.de";
smtp = {
host = "smtp.web.de";
};
realName = "flyhering";
imap.host = "imap.web.de";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
#signature = {
# text = ''
# Mit besten Grüßen
# Robert Jeutter
# https://wieerwill.dev
# '';
# showSignature = "append";
#};
passwordCommand = "mail-password";
};
rolex = {
#primary = true;
address = "rolex.sorela@web.de";
userName = "rolex.sorela@web.de";
smtp = {
host = "smtp.web.de";
};
realName = "Apfel RR Saft";
imap.host = "imap.web.de";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
#signature = {
# text = ''
# Mit besten Grüßen
# Robert Jeutter
# https://wieerwill.dev
# '';
# showSignature = "append";
#};
passwordCommand = "mail-password";
};
wieerwill = {
#primary = true;
address = "mail@wieerwill.dev";
userName = "mail@wieerwill.dev";
smtp = {
host = "mail.wieerwill.dev";
};
realName = "WieErWill";
imap.host = "mail.wieerwill.dev";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
signature = {
text = ''
Mit besten Grüßen
WieErWill
https://wieerwill.dev
'';
showSignature = "append";
};
passwordCommand = "mail-password";
};
valwiArt = {
#primary = true;
address = "mail@valwi.art";
userName = "mail@valwi.art";
smtp = {
host = "mail.wieerwill.dev";
};
realName = "Valwi.Art";
imap.host = "mail.wieerwill.dev";
#gpg = {
# key = "F9119EC8FCC56192B5CF53A0BF4F64254BD8C8B5";
# signByDefault = true;
#};
signature = {
text = ''
Mit besten Grüßen
Valwi.Art
https://valwi.art
'';
showSignature = "append";
};
passwordCommand = "mail-password";
};
}
}

83
home/embedded.nix Normal file
View File

@@ -0,0 +1,83 @@
# You should run espup-init once per user to install toolchains.
#
# For STM32/RP2040, youll likely configure chip names in flash-stm.
#
# Add .cargo/config.toml for probe-rs targets like:
# [target.riscv32imac-unknown-none-elf]
# runner = "probe-rs run"
#
# Set up arduino-cli using:
# arduino-cli config init
# arduino-cli core update-index
# arduino-cli core install arduino:avr
#
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.embedded;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
# General embedded tools
rustup
binutils
cargo-binutils
llvmPackages.bintools
openocd
dfu-util
minicom
picocom
lldb
gcc
gdb
# qemu # quick emulator
# gnumake
# pkg-config
# ARM toolchains
gcc-arm-embedded
# Espressif ESP32
espup
espflash
#espmonitor
ldproxy
cargo-espflash
# ST-Link / J-Link / Debug probes
probe-rs
#jlink
# Arduino
arduino-cli
];
# Optional system envs for toolchains or common paths
home.sessionVariables = {
ESPUP_INSTALL_PATH = "${config.home.homeDirectory}/.espressif";
RUSTUP_HOME = "${config.home.homeDirectory}/.rustup";
CARGO_HOME = "${config.home.homeDirectory}/.cargo";
};
# Udev rules for embedded devices (ESP, STLink, J-Link, Arduino)
# These must be placed on a NixOS system-wide level; for non-NixOS we print a helper
home.activation.printUdevHint = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
echo "📎 Embedded development: Make sure you have correct udev rules installed for USB devices."
echo "Examples:"
echo " - https://github.com/espressif/esp-idf/blob/master/tools/udev/60-esper-devices.rules"
echo " - https://probe.rs/docs/getting-started/installation/#udev-rules"
echo " - https://www.arduino.cc/en/guide/linux"
echo " - For STLink and J-Link adapters: udev rules are required for non-root flashing."
'';
# Optional: shell aliases to speed up common flows
programs.zsh.shellAliases = {
espup-init = "espup install";
flash-esp = "cargo espflash";
monitor-esp = "espmonitor";
flash-stm = "cargo flash --chip";
embed = "cargo embed";
};
}

1417
home/firefox.nix Normal file
View File

File diff suppressed because it is too large Load Diff

10
fonts.nix → home/fonts.nix
View File

@@ -1,6 +1,10 @@
{ config, pkgs, lib, ... }:
{
let
cfg = config.homeModules.fonts;
in
lib.mkIf cfg.enable {
fonts = {
fontconfig = {
enable = true;
@@ -16,15 +20,13 @@
home.packages = with pkgs; [
emojione
nerd-fonts._0xproto
#nerd-fonts.anonymice
#nerd-fonts.atkynson-mono
#nerd-fonts.code-new-roman
nerd-fonts.droid-sans-mono
nerd-fonts.hack
nerd-fonts.noto
nerd-fonts.open-dyslexic
nerd-fonts.symbols-only
nerd-fonts.ubuntu
nerd-fonts.jetbrains-mono
];
}

18
git.nix → home/git.nix
View File

@@ -1,10 +1,22 @@
{ config, pkgs, lib, ... }:
{
#let
# gitEmailPath = "${config.xdg.configHome}/git-email";
#in
let
cfg = config.homeModules.git;
in
lib.mkIf cfg.enable {
programs.git = {
enable = true;
userName = "wie" + "erwill";
userEmail = "robert"+ ".jeutter@" + "gmx.de";
userName = "wieerwill";
userEmail = "wieerwill@protonmail.com"; #lib.mkIf (builtins.pathExists gitEmailPath) (
# lib.strings.removeSuffix "\n" (builtins.readFile gitEmailPath)
#);
lfs.enable = true;
aliases = { };
#signing = {

114
home/gnome.nix Normal file
View File

@@ -0,0 +1,114 @@
{ config, pkgs, lib, ... }:
{
gnome = { pkgs, ... }: {
config = {
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
]) ++ (with pkgs.gnome; [
cheese # webcam tool
gnome-music
epiphany # web browser
geary # email reader
gnome-characters
gnome-contacts
gnome-initial-setup
]);
programs.dconf.enable = true;
environment.systemPackages = with pkgs; [
gnome.gnome-tweaks
]
};
};
gtk = {
enable = true;
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
};
theme = {
name = "palenight";
package = pkgs.palenight-theme;
};
cursorTheme = {
name = "Numix-Cursor";
package = pkgs.numix-cursor-theme;
};
gtk3.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
gtk4.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
};
home.sessionVariables.GTK_THEME = "palenight";
# Use `dconf watch /` to track stateful changes you are doing, then set them here.
dconf.settings = {
# ...
"org/gnome/shell" = {
favorite-apps = [
"firefox.desktop"
"code.desktop"
"org.gnome.Terminal.desktop"
"spotify.desktop"
"virt-manager.desktop"
"org.gnome.Nautilus.desktop"
];
disable-user-extensions = false;
# `gnome-extensions list` for a list
enabled-extensions = [
"user-theme@gnome-shell-extensions.gcampax.github.com"
"trayIconsReloaded@selfmade.pl"
"Vitals@CoreCoding.com"
"dash-to-panel@jderose9.github.com"
"sound-output-device-chooser@kgshank.net"
"space-bar@luchrioh"
];
};
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
enable-hot-corners = false;
};
"org/gnome/desktop/wm/preferences" = {
workspace-names = [ "Main" ];
};
"org/gnome/desktop/background" = {
picture-uri = "file:///run/current-system/sw/share/backgrounds/gnome/vnc-l.png";
picture-uri-dark = "file:///run/current-system/sw/share/backgrounds/gnome/vnc-d.png";
};
"org/gnome/desktop/screensaver" = {
picture-uri = "file:///run/current-system/sw/share/backgrounds/gnome/vnc-d.png";
primary-color = "#3465a4";
secondary-color = "#000000";
};
};
home.packages = with pkgs; [
# ...
gnomeExtensions.user-themes
gnomeExtensions.tray-icons-reloaded
gnomeExtensions.vitals
gnomeExtensions.dash-to-panel
gnomeExtensions.sound-output-device-chooser
gnomeExtensions.space-bar
];
}

70
home/javascript.nix Normal file
View File

@@ -0,0 +1,70 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.javascript;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
nodejs_20 # default fallback Node.js
yarn # optional global package manager
pnpm
typescript
nodePackages.eslint
nodePackages.prettier
#nodePackages.npm-check-updates
#nodePackages.astro
#nodePackages."@angular/cli"
#nodePackages.create-react-app
#nodePackages."@next/bundle-analyzer"
#nodePackages.vite
];
programs.zsh = {
shellAliases = {
nrun = "npx";
nstart = "npm run start";
dev = "pnpm dev || npm run dev || yarn dev";
build = "pnpm build || npm run build || yarn build";
};
initContent = ''
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
'';
};
# nvm installed manually; Nixpkgs does not manage dynamic Node versions well
home.file.".nvm/nvm.sh".source = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/nvm.sh";
sha256 = "sha256-EPSUbf93oq1jyzCRAZLRqkK15Y3EsA92Qpxq6mw8N1c=";
};
home.sessionVariables = {
NODE_ENV = "development";
NVM_DIR = "${config.home.homeDirectory}/.nvm";
PNPM_HOME = "${config.home.homeDirectory}/.local/share/pnpm";
# in _home.nix PATH = lib.mkBefore "$PNPM_HOME";
};
# Auto-completions and formatting helpers
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
programs.vscode = {
enable = true;
profiles.default.extensions = with pkgs.vscode-extensions; [
esbenp.prettier-vscode
dbaeumer.vscode-eslint
astro-build.astro-vscode
angular.ng-template
];
profiles.default.userSettings = {
"editor.formatOnSave" = true;
"typescript.tsdk" = "node_modules/typescript/lib";
"eslint.validate" = [ "javascript" "typescript" "javascriptreact" "typescriptreact" ];
"prettier.requireConfig" = true;
};
};
}

65
home/keepass.nix Normal file
View File

@@ -0,0 +1,65 @@
{ config, pkgs, lib, ... }:
let
dbPath = "${config.home.homeDirectory}/Documents/Passwords/main.kdbx"; # adjust as needed
cfg = config.homeModules.keepass;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
keepassxc
];
# Optional: Desktop entry tweaks or custom XDG
xdg.mimeApps.defaultApplications = {
"application/x-kdbx" = "org.keepassxc.KeePassXC.desktop";
};
xdg.desktopEntries.keepassxc = {
name = "KeePassXC";
genericName = "Password Manager";
exec = "keepassxc %f";
terminal = false;
categories = [ "Utility" "Security" ];
mimeType = [ "application/x-kdbx" ];
};
# Autostart with KeePassXC and preload DB
systemd.user.services.keepassxc = {
Unit = {
Description = "KeePassXC Password Manager";
After = [ "graphical-session.target" ];
};
Service = {
ExecStart = "${pkgs.keepassxc}/bin/keepassxc ${dbPath}";
Restart = "on-abort";
};
Install.WantedBy = [ "default.target" ];
};
# Optional system tray icon via environment variable
home.sessionVariables = {
KEEPASSXC_SHOW_SYSTEM_TRAY_ICON = "1";
};
# Browser integration: ensure it's available and optionally install native messaging host
programs.browserpass.enable = true;
# Optional: configure secrets sync path (e.g. synced with Syncthing)
home.file.".config/keepassxc/config.ini".text = ''
[General]
LastDatabases=${dbPath}
MinimizeToTray=true
StartMinimized=false
AutoOpenDatabasesOnStartup=true
AutoSaveOnExit=true
AutoLockDatabaseIdleMinutes=10
AutoTypePrependMenu=true
[Security]
ClearClipboardAfterSeconds=10
LockDatabaseAfterIdle=true
LockDatabaseOnScreenSaver=true
LockDatabaseOnSessionLock=true
'';
}

67
home/llm.nix Normal file
View File

@@ -0,0 +1,67 @@
{ config, pkgs, lib, ... }:
let
ollamaModelDir = "/mnt/models/ollama"; # ✅ change to your external disk or large partition
modelsToInstall = [
"llama3"
"mistral"
"codellama"
"gemma"
];
cfg = config.homeModules.llm;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
ollama
opencode
];
# Set up environment variables
home.sessionVariables = {
OLLAMA_MODELS = ollamaModelDir;
OLLAMA_HOST = "127.0.0.1:11434";
};
# Systemd user service for ollama daemon
systemd.user.services.ollama = {
Unit = {
Description = "Ollama LLM Inference Daemon";
After = [ "network.target" ];
};
Service = {
ExecStart = "${pkgs.ollama}/bin/ollama serve";
Environment = [
"OLLAMA_MODELS=${ollamaModelDir}"
"OLLAMA_HOST=127.0.0.1:11434"
];
Restart = "on-failure";
};
Install = {
WantedBy = [ "default.target" ];
};
};
# Setup ollama models via activation script
home.activation.installOllamaModels = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
export OLLAMA_MODELS=${ollamaModelDir}
export OLLAMA_HOST=127.0.0.1:11434
mkdir -p ${ollamaModelDir}
echo " Checking and pulling ollama models..."
for model in ${builtins.toString modelsToInstall}; do
if ! ${pkgs.ollama}/bin/ollama list | grep -q "$model"; then
${pkgs.ollama}/bin/ollama pull "$model"
fi
done
'';
# Optional aliases for quick usage
programs.zsh.shellAliases = {
llm = "opencode";
ollama-ui = "xdg-open http://localhost:11434";
};
}

51
home/logseq.nix Normal file
View File

@@ -0,0 +1,51 @@
{ config, pkgs, lib, ... }:
let
notesDir = "${config.home.homeDirectory}/Logseq";
cfg = config.homeModules.logseq;
in
lib.mkIf cfg.enable {
home.packages = [
pkgs.logseq
];
# Ensure notes directory exists
home.file."Logseq/.keep".text = "";
# Shell alias
programs.zsh.shellAliases = {
logseq = "logseq ${notesDir}";
};
# Create desktop entry for convenience
xdg.desktopEntries.logseq = {
name = "Logseq";
genericName = "Markdown Knowledge Base";
comment = "Open source outliner with local Markdown storage.";
exec = "logseq";
icon = "logseq";
type = "Application";
categories = [ "Office" "NoteTaking" "Utility" ];
};
home.file.".config/logseq/config.edn".text = ''{
:preferred-theme :light
:page-width 0.7
:custom-css-path ""
}'';
# Create default notes directory
home.activation.createLogseqDir = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
mkdir -p "${notesDir}"
'';
# Theme & plugins setup (manual step for user)
home.activation.logseqThemeNote = lib.hm.dag.entryAfter ["writeBoundary"] ''
echo "🎨 You can customize Logseq by placing themes and plugins in:"
echo " ${notesDir}/logseq"
echo ""
echo "💡 Example community themes and plugins:"
echo " https://github.com/logseq/awesome-logseq"
'';
}

72
home/mail.nix Normal file
View File

@@ -0,0 +1,72 @@
{ config, pkgs, lib, ... }:
let
bridgeAppImage = pkgs.appimageTools.wrapType2 {
pname = "protonmail-bridge";
version = "3.8.0-beta.1";
src = pkgs.fetchurl {
url = "https://proton.me/download/bridge/protonmail-bridge-3.8.0-beta.1-linux.AppImage";
sha256 = "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=";
};
};
wrapperScript = pkgs.writeShellScriptBin "thunderbird" ''
if ! pgrep -x "protonmail-bridge" > /dev/null; then
systemctl --user start protonmail-bridge.service
sleep 2 # Wait briefly to ensure bridge is ready
fi
exec ${pkgs.thunderbird}/bin/thunderbird "$@"
'';
cfg = config.homeModules.mail;
in
lib.mkIf cfg.enable {
home.packages = [
bridgeAppImage
wrapperScript
];
# Start ProtonMail Bridge as systemd service
systemd.user.services.protonmail-bridge = {
Unit = {
Description = "ProtonMail Bridge (headless)";
After = [ "network.target" ];
};
Service = {
ExecStart = "${bridgeAppImage}/bin/protonmail-bridge --no-window";
Restart = "on-failure";
Environment = "PATH=${lib.makeBinPath [ pkgs.glibc pkgs.coreutils pkgs.bash ]}";
};
Install.WantedBy = [ "default.target" ];
};
# Preconfigure Thunderbird profile (adjust email as needed)
home.file.".thunderbird/profiles.ini".text = ''
[Install4F96D1932C2A4F9B]
Default=default
Locked=1
[Profile0]
Name=default
IsRelative=1
Path=default
Default=1
'';
home.file.".thunderbird/default/prefs.js".text = ''
user_pref("mail.identity.id1.fullName", "Your Name");
user_pref("mail.identity.id1.useremail", "your-email@protonmail.com");
user_pref("mail.identity.id1.smtpServer", "smtp1");
user_pref("mail.identity.id1.archive_folder", "imap://your-email@protonmail.com/Archives");
user_pref("mail.account.account1.server", "imap1");
user_pref("mail.account.account1.identities", "id1");
user_pref("mail.server.imap1.hostname", "127.0.0.1");
user_pref("mail.server.imap1.port", 1143);
user_pref("mail.server.imap1.type", "imap");
user_pref("mail.server.imap1.userName", "your-email@protonmail.com");
user_pref("mail.smtpserver.smtp1.hostname", "127.0.0.1");
user_pref("mail.smtpserver.smtp1.port", 1025);
user_pref("mail.smtpserver.smtp1.authMethod", 3);
user_pref("mail.smtpserver.smtp1.username", "your-email@protonmail.com");
'';
}

60
home/obsidian.nix Normal file
View File

@@ -0,0 +1,60 @@
{ config, pkgs, lib, ... }:
let
vaultName = "main";
notesDir = "${config.home.homeDirectory}/Obsidian";
vaultDir = "${notesDir}/${vaultName}";
plugins = [
"calendar"
"advanced-tables"
"dataview"
"markdown-formatting-assistant"
];
pluginDir = "${vaultDir}/.obsidian/plugins";
setupPlugins = pkgs.writeShellScriptBin "setup-obsidian-plugins" ''
set -e
mkdir -p "${pluginDir}"
cd "${pluginDir}"
${lib.concatMapStringsSep "\n" (plugin:
''
if [ ! -d "${plugin}" ]; then
echo "Installing plugin: ${plugin}"
git clone --depth=1 https://github.com/obsidianmd/obsidian-releases/tree/master/community-plugins/${plugin} ${plugin} || true
fi
''
) plugins}
'';
cfg = config.homeModules.obsidian;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
obsidian
setupPlugins
];
# Ensure Notes and vault directory exist
home.file."Obsidian/.keep".text = "";
# Shell alias
programs.zsh.shellAliases = {
obsidian = "obsidian ${vaultDir}";
};
# Obsidian desktop entry
xdg.desktopEntries.obsidian = {
name = "Obsidian";
genericName = "Markdown Notes";
comment = "A powerful knowledge base with Markdown and local storage.";
exec = "obsidian ${vaultDir}";
icon = "obsidian";
type = "Application";
categories = [ "Office" "TextEditor" "Utility" ];
};
# Reminder to run plugin setup
home.activation.obsidianPluginSetup = lib.hm.dag.entryAfter ["writeBoundary"] ''
echo "💡 Run 'setup-obsidian-plugins' to install default plugins into ${pluginDir}"
'';
}

13
programs.nix → home/programs.nix
View File

@@ -4,25 +4,19 @@
# The home.packages option allows you to install
# Nix packages into your environment.
home.packages = with pkgs; [
# List of programs
thunderbird
# utility
#ranger
vimiv-qt
zip
unzip
signal-desktop
#vscodium
vlc
keepassxc
logseq
okular
#firefox
borgbackup
discord
# utility
pulsemixer
brightnessctl
gammastep # color temperature
@@ -37,11 +31,12 @@
age
sops
# steam deck touch compability in non-steam games
#caribou
#evtest # for input key testing
];
programs.nvm = {
enable = true;
};
programs.direnv.enable = true;
}

22
home/redshift.nix Normal file
View File

@@ -0,0 +1,22 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.redshift;
in
lib.mkIf cfg.enable {
services.redshift = {
enable = true;
settings.redshift = {
brightness-day = "1";
brightness-night = "1";
};
temperature = {
day = 5500;
night = 3000;
};
latitude = "48.864716";
longitude = "2.349014";
};
}

20
home/secrets.nix Normal file
View File

@@ -0,0 +1,20 @@
{ config, lib, pkgs, ... }:
{
#imports = [
# sops-nix.homeManagerModules.sops
#];
home.packages = with pkgs; [ sops age ];
#sops = {
# enable = true;
# defaultSopsFile = ../secrets/secrets.enc.yaml;
# age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
# secrets.test = {
# sopsFile = ../secrets/secrets.enc.yaml;
# path = "%r/test.txt"; # will resolve to $XDG_RUNTIME_DIR/test.txt
# };
#};
}

26
home/security.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.security;
in
lib.mkIf cfg.enable {
programs.gpg = {
enable = true;
mutableKeys = true; # allow changes in keys or trust
mutableTrust = true;
#publicKeys = [
# {
# source = ""; #./path/to/key.a;
# trust = "ultimate";
# }
#];
};
programs.ssh = {
enable = true;
addKeysToAgent = "yes"; # let home manager manage ssh keys
};
}

60
home/social.nix Normal file
View File

@@ -0,0 +1,60 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.social;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
# WhatsApp (via webapp in browser or Electron wrapper)
whatsapp-for-linux
# Telegram Desktop client
telegram-desktop
# Signal
signal-desktop
# Discord
discord
# Zoom (unfree)
zoom-us
# Mastodon (via browser or desktop client)
#tootle # or choose “sengi” or “mastodon” Electron client if preferred
# Matrix client
element-desktop
];
# Optional: associate default browser-based apps
xdg.mimeApps = {
enable = true;
defaultApplications = {
"x-scheme-handler/https" = [ "firefox.desktop" ];
"x-scheme-handler/http" = [ "firefox.desktop" ];
};
};
# Optional: start messaging apps on login
systemd.user.services = {
signal-desktop = {
Unit.Description = "Signal Desktop";
Service = {
ExecStart = "${pkgs.signal-desktop}/bin/signal-desktop";
Restart = "on-failure";
};
Install.WantedBy = [ "default.target" ];
};
telegram-desktop = {
Unit.Description = "Telegram Desktop";
Service = {
ExecStart = "${pkgs.telegram-desktop}/bin/telegram-desktop";
Restart = "on-failure";
};
Install.WantedBy = [ "default.target" ];
};
};
}

142
home/sway.nix Normal file
View File

@@ -0,0 +1,142 @@
{ config, pkgs, lib, ... }:
let
display1 = "card0-eDP-1";
workspace1 = "1:Web";
workspace2 = "2:App";
workspace3 = "3:Chat";
workspace4 = "4:Read";
workspace5 = "5:Code";
workspace6 = "6:Password";
workspace7 = "7:Shell";
workspace8 = "8:Media";
cfg = config.homeModules.sway;
in
lib.mkIf cfg.enable {
wayland.windowManager.sway = {
enable = true;
wrapperFeatures.gtk = true;
config = rec {
modifier = "Mod4"; # Windows key
terminal = "alacritty";
menu = "bemenu-run";
startup = [
{ command = "swaymsg workspace ${workspace5}; exec nvim"; }
{ command = "keepassxc"; }
{ command = "logseq"; }
{ command = "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP XDG_SESSION_TYPE NIXOS_OZONE_WL XCURSOR_THEME XCURSOR_SIZE PATH"; }
{ command = "systemctl --user start sway-session.target"; }
{ command = "swaymsg workspace ${workspace7}; exec ${terminal}"; }
];
input = {
"type:keyboard" = {
xkb_layout = "de";
repeat_delay = "600";
repeat_rate = "25";
};
"type:pointer" = {
natural_scroll = "false";
left_handed = "false";
middle_emulation = "true";
};
"*" = {
xkb_layout = "de";
};
};
output = {
"${display1}" = {
res = "1920x1080";
pos = "0 0";
scale = "1";
};
"*" = {
scale = "1";
};
};
keybindings = {
# Launch terminal and menu
"${modifier}+Return" = "exec ${terminal}";
"${modifier}+d" = "exec ${menu}";
# Kill focused window
"${modifier}+Shift+q" = "kill";
# Reload and exit sway
"${modifier}+Shift+c" = "reload";
"${modifier}+Shift+e" = "exec 'swaynag -t warning -m \"Exit Sway?\" -b \"Yes\" \"swaymsg exit\"'";
# Lock screen manually
"${modifier}+l" = "exec swaylock";
# Screenshot tools
"Print" = "exec grimshot save area";
"${modifier}+Shift+s" = "exec grimshot save window";
"${modifier}+s" = "exec grimshot save screen";
# Workspace switching
"${modifier}+1" = "workspace ${workspace1}";
"${modifier}+2" = "workspace ${workspace2}";
"${modifier}+3" = "workspace ${workspace3}";
"${modifier}+4" = "workspace ${workspace4}";
"${modifier}+5" = "workspace ${workspace5}";
"${modifier}+6" = "workspace ${workspace6}";
"${modifier}+7" = "workspace ${workspace7}";
"${modifier}+8" = "workspace ${workspace8}";
# Move focused container to a workspace
"${modifier}+Shift+1" = "move container to workspace ${workspace1}";
"${modifier}+Shift+2" = "move container to workspace ${workspace2}";
"${modifier}+Shift+3" = "move container to workspace ${workspace3}";
"${modifier}+Shift+4" = "move container to workspace ${workspace4}";
"${modifier}+Shift+5" = "move container to workspace ${workspace5}";
"${modifier}+Shift+6" = "move container to workspace ${workspace6}";
"${modifier}+Shift+7" = "move container to workspace ${workspace7}";
"${modifier}+Shift+8" = "move container to workspace ${workspace8}";
};
workspaceOutputAssign = [
{
workspace = workspace1;
output = display1;
}
];
assigns = {
"${workspace1}" = [ { app_id = "firefox"; } ];
"${workspace3}" = [ { class = "Signal"; } ];
"${workspace5}" = [ { class = "nvim"; } ];
"${workspace6}" = [ { app_id = "org.keepassxc.KeePassXC"; } ];
"${workspace7}" = [ { app_id = "Alacritty"; } ];
};
};
};
services.swayidle = {
enable = true;
timeouts = [
{
timeout = 300;
command = lib.getExe config.programs.swaylock.package;
}
];
};
programs.swaylock = {
enable = true;
settings = {
font = "JetBrainsMono Nerd Font";
screenshots = true;
clock = true;
show-failed-attempts = true;
indicator-idle-visible = true;
};
};
}

101
home/syncthing.nix Normal file
View File

@@ -0,0 +1,101 @@
{ config, pkgs, lib, ... }:
let
syncthingFolderBase = "${config.home.homeDirectory}/"; # default sync dir
cfg = config.homeModules.syncthing;
in
lib.mkIf cfg.enable {
services.syncthing = {
enable = true;
tray = {
enable = true;
package = pkgs.syncthingtray; # optional: GUI tray indicator
};
guiAddress = "127.0.0.1:8384";
settings = {
# get id with: syncthing --device-id
devices = {
t440p = {
id = "DEVICE-ID-T440P"; # replace with actual Syncthing device ID
name = "ThinkPad T440p";
};
steamdeck = {
id = "DEVICE-ID-STEAMDECK"; # replace with actual device ID
name = "SteamDeck";
};
xaorus = {
id = "4XQWZB6-OTRCS2M-QOZ4HYK-KEKBARC-X7ELITX-HF4RZA2-X7NFK74-VBI4BAU";
name = "Xaorus";
introducer = true;
};
};
folders = {
"logseq" = {
enable = true;
path = "${syncthingFolderBase}/logseq";
devices = [ "t440p" "steamdeck" "xaorus" ];
label = "LogSeq";
fsWatcherEnabled = true;
rescanInterval = 60;
ignorePerms = true;
ignore = [
"*.swp"
".cache"
];
versioning = {
type = "trashcan";
params.cleanoutDays = "1000";
};
};
"projects" = {
path = "${syncthingFolderBase}/projects";
devices = [ "t440p" "xaorus" ];
label = "Projects";
ignorePerms = true;
versioning = null;
ignore = [
".stversions"
".git"
"node_modules"
"target"
"*.lock"
"dist"
"out"
".DS_Store"
"thumbs.db"
];
};
# PublicMemes
#"screenshots" = {
# path = "${syncthingFolderBase}/screenshots";
# devices = [ "steamdeck" ];
# label = "Screenshots";
#};
};
options = {
urAccepted = -1; # telemetry disabled
listenAddresses = [
"tcp://0.0.0.0:22000"
"quic://0.0.0.0:22000"
];
globalAnnounceEnabled = false;
localAnnounceEnabled = true;
relaysEnabled = true;
natEnabled = true;
startBrowser = false;
autoAcceptFolders = false;
maxFolderConcurrency = 3;
minHomeDiskFree = {
unit = "%";
value = 3;
};
};
};
};
}

146
home/terminal.nix Normal file
View File

@@ -0,0 +1,146 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.terminal;
in
lib.mkIf cfg.enable {
# ─── Terminal Emulator ────────────────────────────────────────────────
programs.alacritty = {
enable = true;
settings = {
font = {
normal = {
family = "JetBrainsMono Nerd Font";
style = "Regular";
};
size = 12;
};
colors.primary = {
foreground = "#d8d8d8";
background = "#181818";
dim_foreground = "#828482";
};
# Optional: shell integration
shell = {
program = "${pkgs.zsh}/bin/zsh";
args = [ "-l" ];
};
window.opacity = 1;
};
};
# ─── Zsh Shell ────────────────────────────────────────────────────────
programs.zsh = {
enable = true;
enableCompletion = true;
autosuggestion = {
enable = true;
strategy = [ "history" ];
};
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "cursor" ];
patterns = {
"rm -rf *" = "fg=white,bold,bg=red";
};
};
enableVteIntegration = true;
autocd = true;
history = {
save = 10000;
share = true;
ignoreDups = true;
ignoreAllDups = true;
expireDuplicatesFirst = true;
ignorePatterns = [ "rm *" "pkill *" ];
};
shellAliases = {
ll = "ls -lh";
la = "ls -a";
".." = "cd ..";
update = "sudo nixos-rebuild switch";
gc = "sudo nix-collect-garbage -d";
edit = "sudo -e";
nixlog = "journalctl -xe -u nixos-rebuild";
};
sessionVariables = {
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=8";
EDITOR = "nvim";
PAGER = "less";
};
oh-my-zsh = {
enable = true;
theme = "dst"; # Or "jonathan", "robbyrussell", etc.
plugins = [
"git"
"sudo"
"z"
"vi-mode"
"alias-finder"
"docker"
"colored-man-pages"
"history"
"direnv"
"node"
"zsh-autosuggestions"
"zsh-syntax-highlighting"
"docker"
"rust"
];
};
};
# ─── Modern System Monitors ───────────────────────────────────────────
programs.btop = {
enable = true;
settings = {
color_theme = "tokyo-night";
truecolor = true;
rounded_corners = true;
};
};
programs.htop.enable = true;
# ─── Extras ───────────────────────────────────────────────────────────
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
programs.zoxide = {
enable = true; # Better cd
enableZshIntegration = true;
};
programs.fzf = {
enable = true;
enableZshIntegration = true;
};
programs.starship = {
enable = true;
enableZshIntegration = true;
};
programs.eza = {
enable = true;
enableZshIntegration = true;
};
home.packages = with pkgs; [
ripgrep
fd
bat
git
jq
unzip
gnupg
neofetch
lsd
delta
bottom
];
}

40
home/tor.nix Normal file
View File

@@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
let
cfg = config.homeModules.tor;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
tor-browser-bundle-bin
onionshare
qbittorrent
torsocks
qbittorrent
];
systemd.user.services.tor-browser = {
Unit = {
Description = "Launch Tor Browser";
};
Service = {
ExecStart = "${pkgs.tor-browser-bundle-bin}/bin/tor-browser";
Restart = "always";
};
Install = {
WantedBy = [ "default.target" ];
};
};
# Optionally allow torsocks usage system-wide
#environment.variables = {
# This allows tools to use torsocks if invoked manually
# You may prefer wrapping apps instead
# TOR_SOCKS_PORT = "9050";
#};
# Optional CLI wrapper for routing traffic through Tor
home.shellAliases = {
torify = "torsocks";
};
}

19
vim.nix → home/vim.nix
View File

@@ -1,5 +1,10 @@
{ config, pkgs, lib, ... }:
{
let
cfg = config.homeModules.vim;
in
lib.mkIf cfg.enable {
programs.neovim = {
enable = true;
@@ -8,7 +13,9 @@
vimdiffAlias = true;
defaultEditor = true;
extraConfig = ''
set number relativenumber
lua << EOF
require('lspconfig').rust_analyzer.setup{}
EOF
'';
plugins = let
@@ -42,14 +49,14 @@
]);
in
with pkgs.vimPlugins; [
# vim-nerdtree??
#vim-rainbrow
vim-colors-solarized
# vim-lightline
# syntastic
vim-nix
nvim-lspconfig
nvim-treesitter-with-plugins
rust-tools-nvim
nvim-cmp
cmp-nvim-lsp
nvim-treesitter.withAllGrammars
];
};

53
home/vpn-pia.nix Normal file
View File

@@ -0,0 +1,53 @@
{ config, pkgs, lib, ... }:
let
# Optional: create a runtime directory for pia-manager to store configs
piaDir = "${config.home.homeDirectory}/.config/pia";
cfg = config.homeModules.vpnpia;
in
lib.mkIf cfg.enable {
home.packages = with pkgs; [
openvpn
#pia-manager
wireguard-tools
jq
systemd
];
home.file.".config/pia/config.json".text = builtins.toJSON {
token = "REPLACE_WITH_YOUR_PIA_TOKEN";
region = "DE Frankfurt"; # Adjust to your preferred location
protocol = "wireguard"; # or "openvpn_udp"/"openvpn_tcp"
dns = true;
port_forward = false;
};
systemd.user.services.pia-vpn = {
Unit = {
Description = "Private Internet Access VPN";
After = [ "network.target" ];
};
Service = {
Type = "simple";
#ExecStart = "${pkgs.pia-manager}/bin/pia-manager up --config ${piaDir}/config.json";
#ExecStop = "${pkgs.pia-manager}/bin/pia-manager down";
Restart = "on-failure";
};
Install = {
WantedBy = [ "default.target" ];
};
};
# Enable service on login
systemd.user.startServices = true;
# Optional: add a shell alias for manual control
programs.zsh.shellAliases = {
vpn-up = "systemctl --user start pia-vpn";
vpn-down = "systemctl --user stop pia-vpn";
vpn-status = "systemctl --user status pia-vpn";
};
}

45
vscode.nix → home/vscode.nix
View File

@@ -1,9 +1,25 @@
{ config, pkgs, lib, ... }:
{
{
### VSCode Server ###
imports = [
"${fetchTarball {
url = "https://github.com/msteen/nixos-vscode-server/tarball/master";
sha256 = "1rdn70jrg5mxmkkrpy2xk8lydmlc707sk0zb35426v1yxxka10by";
}}/modules/vscode-server/home.nix"
];
config = lib.mkIf config.homeModules.vscode.enable {
services.vscode-server.enable = true;
# Optional: extra settings
# services.vscode-server.enableFHS = true;
# services.vscode-server.nodejsPackage = pkgs.nodejs_20;
### VSCode Editor ###
programs.vscode = {
enable = true;
profiles.default = {
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
@@ -26,6 +42,7 @@
"workbench.startupEditor" = "none";
"workbench.tree.indent" = 16;
"rust-analyzer.lens.implementations.enable" = false;
"chat.agent.enabled" = false;
"[typescript]" = {
"editor.defaultFormatter" = "esbenp.prettier-vscode";
@@ -47,46 +64,28 @@
extensions = with pkgs.vscode-extensions; [
# Nix
bbenoist.nix
jnoortheen.nix-ide
#kamadorueda.alejandra
# Rust
rust-lang.rust-analyzer
tamasfe.even-better-toml
## ? probe-rs.probe-rs-debugger
# Swellaby.vscode-rust-test-adapter
# Python
ms-python.python
ms-python.debugpy
# JS/TS
# codeandstuff.package-json-upgrade
dbaeumer.vscode-eslint
esbenp.prettier-vscode
# Vue.volar
astro-build.astro-vscode
# Misc
yzhang.markdown-all-in-one
unifiedjs.vscode-mdx
# James-Yu.latex-workshop
fill-labs.dependi
alefragnani.project-manager
foxundermoon.shell-format
usernamehw.errorlens
# Git
waderyan.gitblame
mhutchie.git-graph
#mhutchie.git-graph
donjayamanne.githistory
# felipecaputo.git-project-manager
codezombiech.gitignore
# Theme
# RobbOwen.synthwave-vscode
# PKief.material-icon-theme
];
};
};
};
}

67
home/zen-browser.nix Normal file
View File

@@ -0,0 +1,67 @@
{ config, pkgs, lib, zen-browser, ... }:
let
cfg = config.homeModules.zenbrowser;
in
lib.mkIf cfg.enable {
imports = [
# You can choose one of the following:
# inputs.zen-browser.homeModules.beta
# inputs.zen-browser.homeModules.twilight
zen-browser.homeModules.twilight-official
];
programs.zen-browser = {
enable = true;
policies = {
AutofillAddressEnabled = true;
AutofillCreditCardEnabled = false;
DisableAppUpdate = true;
DisableFeedbackCommands = true;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
DontCheckDefaultBrowser = true;
NoDefaultBookmarks = true;
OfferToSaveLogins = false;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
};
nativeMessagingHosts = [
pkgs.firefoxpwa
];
};
xdg.mimeApps = let
value = inputs.zen-browser.packages.${pkgs.system}.twilight.meta.desktopFileName;
associations = builtins.listToAttrs (map (name: {
inherit name value;
}) [
"application/x-extension-shtml"
"application/x-extension-xhtml"
"application/x-extension-html"
"application/x-extension-xht"
"application/x-extension-htm"
"x-scheme-handler/unknown"
"x-scheme-handler/mailto"
"x-scheme-handler/chrome"
"x-scheme-handler/about"
"x-scheme-handler/https"
"x-scheme-handler/http"
"application/xhtml+xml"
"application/json"
"text/plain"
"text/html"
]);
in {
associations.added = associations;
defaultApplications = associations;
};
}

110
hosts/steamdeck/configuration.nix Normal file
View File

@@ -0,0 +1,110 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
./../../modules/desktop.nix
./../../modules/secrets.nix
./../../modules/security.nix
./../../modules/unfree.nix
./../../modules/users.nix
#./../../modules/wifi.nix
(
#let revision = "e74e57a37de55ecfdc62f49fe5a7463b2a52499a"; in
let revision = "98a61cf0708885abddebc6938ca7282928981d5e"; in
builtins.fetchTarball {
url = "https://github.com/Jovian-Experiments/Jovian-NixOS/archive/${revision}.tar.gz";
sha256 = "sha256:0f1c3ilr9rm6jrs3nfhvf8ni0jccfy1810s6a94iywa9416w1k7c";
} + "/modules"
)
];
networking.hostName = "decky";
networking.networkmanager.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices."luks-1c04b05d-0ddf-429a-95c3-1f5fdb570207".device = "/dev/disk/by-uuid/1c04b05d-0ddf-429a-95c3-1f5fdb570207";
# Set time zone and internationalisation
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "de_DE.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Configure console keymap
console.keyMap = "de";
# List packages installed in system profile.
# To search, run: $ nix search wget
environment.systemPackages = with pkgs; [
wget
curl
git
vim
];
jovian = {
devices.steamdeck = {
enable = true;
autoUpdate = false;
enableGyroDsuService = true;
};
steam = {
enable = true;
autoStart = true;
user = "wieerwill";
desktopSession = "sway";
updater.splash = "jovian";
};
decky-loader = {
enable = false;
#extraPackages = [pkgs.curl pkgs.unzip];
#user = "wieerwill";
};
};
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Experimental = true;
};
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.05"; # Did you read the comment?
}

40
hosts/steamdeck/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/ceb735f5-6728-4fb6-9d25-3bbf7d198b49";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/E8E8-9A4B";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/d1808b85-6f98-40f3-a06a-62836aee3809"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0f3u1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

36
hosts/steamdeck/home.nix Normal file
View File

@@ -0,0 +1,36 @@
{ inputs, ... }: {
imports = [ ../../home/_home.nix ];
homeModules = {
#androidstudio.enable = true;
#backup.enable = true;
chromium.enable = true;
#design.enable = true;
embedded.enable = true;
fonts.enable = true;
git.enable = true;
#javascript.enable = true;
keepass.enable = true;
#llm.enable = true;
logseq.enable = true;
#mail.enable = true;
#obsidian.enable = true;
redshift.enable = true;
secrets.enable = true;
security.enable = true;
#social.enable = true;
sway.enable = true;
syncthing.enable = true;
terminal.enable = true;
#tor.enable = true;
vim.enable = true;
#vpnpia.enable = true;
vscode.enable = false;
#zenbrowser.enable = true;
};
_module.args = {
#sops-nix = inputs.sops-nix;
zen-browser = inputs.zen-browser;
};
}

0
sway.nix → hosts/steamdeck/old_sway.nix
View File

60
hosts/t440p/configuration.nix Normal file
View File

@@ -0,0 +1,60 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
imports = [ # Include the results of the hardware scan and modules
./hardware-configuration.nix
./../../modules/desktop.nix
./../../modules/secrets.nix
./../../modules/security.nix
./../../modules/unfree.nix
./../../modules/users.nix
#./../../modules/wifi.nix
];
networking.hostName = "t440p";
networking.networkmanager.enable = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.luks.devices."luks-1c04b05d-0ddf-429a-95c3-1f5fdb570207".device = "/dev/disk/by-uuid/1c04b05d-0ddf-429a-95c3-1f5fdb570207";
# Set time zone and internationalisation
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "de_DE.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
console.keyMap = "de";
# List packages installed in system profile.
# To search, run: $ nix search wget
environment.systemPackages = with pkgs; [
wget
curl
git
vim
tree
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.05"; # Did you read the comment?
}

43
hosts/t440p/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,43 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/48e4d114-d841-4506-862b-eb4ba2101767";
fsType = "ext4";
};
boot.initrd.luks.devices."luks-153f407e-269d-4a10-9544-4d2946a49824".device = "/dev/disk/by-uuid/153f407e-269d-4a10-9544-4d2946a49824";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1747-74BD";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/64dcaac6-e355-4ca7-aa0c-40b1184baf18"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

36
hosts/t440p/home.nix Normal file
View File

@@ -0,0 +1,36 @@
{ inputs, ... }: {
imports = [ ../../home/_home.nix ];
homeModules = {
#androidstudio.enable = true;
#backup.enable = true;
chromium.enable = true;
#design.enable = true;
embedded.enable = true;
fonts.enable = true;
git.enable = true;
#javascript.enable = true;
keepass.enable = true;
#llm.enable = true;
logseq.enable = true;
#mail.enable = true;
#obsidian.enable = true;
redshift.enable = true;
secrets.enable = true;
security.enable = true;
#social.enable = true;
sway.enable = true;
syncthing.enable = true;
terminal.enable = true;
#tor.enable = true;
vim.enable = true;
#vpnpia.enable = true;
vscode.enable = false;
#zenbrowser.enable = true;
};
_module.args = {
#sops-nix = inputs.sops-nix;
zen-browser = inputs.zen-browser;
};
}

21
hosts/t440p/sway-hardware.nix Normal file
View File

@@ -0,0 +1,21 @@
{ config, pkgs, lib, ... }:
{
wayland.windowManager.sway.config = {
output = {
"eDP-1" = {
pos = "0 0";
scale = "1";
};
};
input = {
"type:keyboard" = {
xkb_layout = "de";
};
"*" = {
xkb_layout = "de";
};
};
};
}

85
hosts/vps04_08/home.nix Normal file
View File

@@ -0,0 +1,85 @@
{ config, pkgs, ... }:
{
imports = [ ../../home/_home.nix ];
home.username = "wieerwill";
home.homeDirectory = "/home/wieerwill";
programs.home-manager.enable = true;
home.stateVersion = "25.05";
# Basic packages
home.packages = with pkgs; [
neovim
git
curl
gnupg
bash-completion
sops
];
# Harden SSH known_hosts, prevent password auth
programs.ssh = {
enable = true;
extraConfig = ''
PasswordAuthentication no
PermitRootLogin no
'';
};
# Optional: Docker CLI tools (remote management only!)
home.file.".docker/config.json".text = builtins.toJSON {
detachKeys = "ctrl-e,e";
};
# Automatic updates
systemd.user.services."autoupdate-nix" = {
Unit = {
Description = "Regular nix flake update";
};
Service = {
ExecStart = "${pkgs.nix}/bin/nix flake update --commit-lock-file";
};
Install.WantedBy = [ "default.target" ];
};
# Hardened Bash profile
programs.bash = {
enable = true;
enableCompletion = true;
initExtra = ''
set -o errexit
set -o nounset
set -o pipefail
'';
};
homeModules = {
#androidstudio.enable = true;
#backup.enable = true;
#chromium.enable = true;
#design.enable = true;
#embedded.enable = true;
fonts.enable = true;
#git.enable = true;
#javascript.enable = true;
#keepass.enable = true;
#llm.enable = true;
#logseq.enable = true;
#mail.enable = true;
#obsidian.enable = true;
#redshift.enable = true;
secrets.enable = true;
#security.enable = true;
#social.enable = true;
#sway.enable = true;
#syncthing.enable = true;
terminal.enable = true;
#tor.enable = true;
#vim.enable = true;
#vpnpia.enable = true;
#vscode.enable = false;
#zenbrowser.enable = true;
};
}

70
hosts/xaorus/home.nix Normal file
View File

@@ -0,0 +1,70 @@
{ config, pkgs, ... }:
{
imports = [ ../../home/_home.nix ];
home.username = "wieerwill";
home.homeDirectory = "/home/wieerwill";
#home-manager.users.wieerwill.networking.hostName = "xaorus";
home.stateVersion = "25.05";
programs.home-manager.enable = true;
# create soft links from source to target
home.file = {
"nixConig".source = "/home/wieerwill/Dokumente/GitHub/NixHomeManager";
"logseq".source = "/home/wieerwill/Dokumente/logseq";
"projects".source = "/home/wieerwill/Dokumente/projects";
"vereine".source = "/home/wieerwill/Dokumente/vereine";
#"Downloads".source = "/home/wieerwill/Dokumente/Downloads";
};
#programs.gnome-terminal.enable = true;
# Optional: apps for GNOME desktop
home.packages = with pkgs; [
#gnome.gnome-tweaks
#gnome.dconf-editor
];
# XDG integration
#xdg.enable = true;
# Fonts and GTK themes
#fonts.fontconfig.enable = true;
#gtk = {
# enable = true;
# theme.name = "Adwaita-dark";
# iconTheme.name = "Papirus";
# cursorTheme.name = "Adwaita";
#};
homeModules = {
#androidstudio.enable = true;
#backup.enable = true;
#chromium.enable = true;
#design.enable = true;
#embedded.enable = true;
fonts.enable = true;
#git.enable = true;
#javascript.enable = true;
#keepass.enable = true;
#llm.enable = true;
#logseq.enable = true;
#mail.enable = true;
#obsidian.enable = true;
#redshift.enable = true;
secrets.enable = true;
#security.enable = true;
#social.enable = true;
#sway.enable = true;
syncthing.enable = true;
#terminal.enable = true;
#tor.enable = true;
#vim.enable = true;
#vpnpia.enable = true;
#vscode.enable = false;
#zenbrowser.enable = true;
};
}

41
modules/desktop.nix Normal file
View File

@@ -0,0 +1,41 @@
{ config, pkgs, lib, ... }:
let
systemd = pkgs.systemd;
sway = pkgs.sway;
in {
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable the X11 windowing system.
programs.xwayland.enable = true; # For compatibility with apps needing X
services.xserver.enable = false;
services.libinput.enable = true; # Touchpad, mouse, input devices
programs.light.enable = true; # For backlight control
security.polkit.enable = true;
# Configure keymap
services.xserver.xkb = {
layout = "de";
variant = "";
};
environment.systemPackages = with pkgs; [
swaylock
swayidle
wl-clipboard
brightnessctl
bemenu
xwayland
(writers.writeDashBin "sway-logout" ''
${systemd}/bin/systemctl --user unset-environment WAYLAND_DISPLAY SWAYSOCK
${sway}/bin/swaymsg exit
'')
];
}

21
modules/qbittorrent.nix Normal file
View File

@@ -0,0 +1,21 @@
{ config, pkgs, ... }:
{
services.qbittorrent = {
enable = true;
user = "wieerwill"; # or a dedicated service user
group = "users";
webuiPort = 8080;
torrentingPort = 51413;
profileDir = "/var/lib/qbittorrent";
openFirewall = true;
serverConfig = {
Preferences = {
Connection.PortRangeMin = 51413;
Downloads.SavePath = "/home/wieerwill/torrents";
WebUI.Port = 8080;
};
};
};
}

18
modules/secrets.nix Normal file
View File

@@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
sops
age
];
sops = {
#defaultSopsFile = ./../secrets/secrets.enc.yaml;
age.keyFile = "/home/wieerwill/.config/sops/age/keys.txt";
};
#sops.secrets.git-email = {
# owner = "wieerwill";
# path = "/home/wieerwill/.config/git-email";
#};
}

43
modules/security.nix Normal file
View File

@@ -0,0 +1,43 @@
{ config, pkgs, ... }:
{
services.openssh = {
enable = true;
ports = [ 22 ];
settings = {
AllowUsers = [ "wieerwill" ];
X11Forwarding = false;
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
KbdInteractiveAuthentication = false;
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
80 # HTTP
443 # HTTPS
22000 # Syncthing
9050 # Tor SOCKS
9051 # Tor Control
5353 # Tor DNS (if using virtual DNS)
];
allowedUDPPorts = [ ];
};
services.fail2ban = {
enable = true;
maxretry = 3; # Ban IP after 3 failures
bantime = "24h"; # Ban IPs for one day on the first ban
bantime-increment = {
enable = true; # increment of bantime after each violation
#formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h"; # Do not ban for more than 1 week
overalljails = true; # bantime based on all violations
};
};
}

68
modules/unfree.nix Normal file
View File

@@ -0,0 +1,68 @@
{ config, pkgs, lib, ... }:
{
nixpkgs.config = {
allowUnfree = false;
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
# allow for android sdk
"android-sdk-cmdline-tools"
"android-sdk-emulator"
"android-sdk-build-tools"
"android-sdk-platforms"
"android-sdk-platform-tools"
"android-sdk-tools"
"android-sdk-ndk"
"platform-tools"
"platforms"
"build-tools"
"ndk"
"cmdline-tools"
"android-sdk-system-image-32-google_apis-arm64-v8a-system-image-32-google_apis-x86_64"
"android-sdk-system-image-32-google_apis_playstore-arm64-v8a-system-image-32-google_apis_playstore-x86_64"
"android-sdk-system-image-33-google_apis-arm64-v8a-system-image-33-google_apis-x86_64"
"android-sdk-system-image-33-google_apis_playstore-arm64-v8a-system-image-33-google_apis_playstore-x86_64"
"android-sdk-system-image-34-google_apis-arm64-v8a-system-image-34-google_apis-x86_64"
"android-sdk-system-image-34-google_apis_playstore-arm64-v8a-system-image-34-google_apis_playstore-x86_64"
"android-sdk-system-image-35-google_apis-arm64-v8a-system-image-35-google_apis-x86_64"
"android-sdk-system-image-35-google_apis_playstore-arm64-v8a-system-image-35-google_apis_playstore-x86_64"
"android-sdk-system-image-36-google_apis-arm64-v8a-system-image-36-google_apis-x86_64"
"android-sdk-system-image-36-google_apis_playstore-arm64-v8a-system-image-36-google_apis_playstore-x86_64"
"system-image-32-google_apis-x86_64"
"system-image-32-google_apis-arm64-v8a"
"system-image-32-google_apis_playstore-x86_64"
"system-image-32-google_apis_playstore-arm64-v8a"
"system-image-33-google_apis-x86_64"
"system-image-33-google_apis-arm64-v8a"
"system-image-33-google_apis_playstore-x86_64"
"system-image-33-google_apis_playstore-arm64-v8a"
"system-image-34-google_apis-x86_64"
"system-image-34-google_apis-arm64-v8a"
"system-image-34-google_apis_playstore-x86_64"
"system-image-34-google_apis_playstore-arm64-v8a"
"system-image-35-google_apis-x86_64"
"system-image-35-google_apis-arm64-v8a"
"system-image-35-google_apis_playstore-x86_64"
"system-image-35-google_apis_playstore-arm64-v8a"
"system-image-36-google_apis-x86_64"
"system-image-36-google_apis-arm64-v8a"
"system-image-36-google_apis_playstore-x86_64"
"system-image-36-google_apis_playstore-arm64-v8a"
"emulator"
"tools"
"cmake"
"android-studio-stable"
# other packages
"discord"
"obsidian"
"vscode"
"zoom"
"steam"
"steamdeck-hw-theme"
"steam-jupiter-unwrapped"
];
android_sdk.accept_license = true;
};
}

44
modules/users.nix Normal file
View File

@@ -0,0 +1,44 @@
{ config, pkgs, lib, ... }:
{
users.mutableUsers = false;
# Enable automatic login for the user.
services.getty.autologinUser = "wieerwill";
users.users.wieerwill = {
isNormalUser = true;
description = "wieerwill";
home = "/home/wieerwill";
createHome = true;
extraGroups = [
"wheel" # sudo access
"networkmanager" # network config
"audio" "video" # media and graphics support
"docker" # container management
"libvirtd" # virtualization
"input" # gamepad / touchscreen
"plugdev" # udev/USB access
"git"
];
# leave empty if managed externally (passwd or sops)
initialHashedPassword = "";
#openssh.authorizedKeys.keys = [
# # Replace with your actual SSH pubkey
# "ssh-ed25519 AAAAC3Nz... user@machine"
#];
packages = with pkgs; [
zsh
];
shell = pkgs.zsh;
};
programs.zsh.enable = true;
# Optional system-wide group definition for shared development tools
users.groups.git.gid = 998;
users.groups.plugdev = { };
}

41
modules/wifi.nix Normal file
View File

@@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
# easy way: nmcli dev wifi connect "MySSID" password "your-password"
{
networking.networkmanager = {
enable = true;
connections = {
"MyHomeWiFi" = {
type = "wifi";
interface = "wlan0"; # or leave out for automatic interface
uuid = "123e4567-e89b-12d3-a456-426614174000"; # optional but recommended
id = "HeimwehLan";
autoconnect = true;
wifi = {
ssid = "HeimwehLan";
mode = "infrastructure";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "+++++++";
};
ipv4 = {
method = "auto";
};
ipv6 = {
method = "ignore";
};
};
"MyWorkWiFi" = {
type = "wifi";
id = "MyWorkWiFi";
autoconnect = false;
wifi.ssid = "CorpNet";
wifi-security.psk = "CorpSecret";
ipv4.method = "auto";
};
};
};
}

120
scripts/check-home-manager.sh Executable file
View File

@@ -0,0 +1,120 @@
#!/usr/bin/env bash
set -euo pipefail
echo "🔍 Checking if Nix is installed..."
if ! command -v nix &> /dev/null; then
echo "❌ Nix is not installed. Install it from https://nixos.org/download.html"
exit 1
fi
echo "✅ Nix is installed."
echo "🔍 Checking for conflicting Home Manager installations..."
HM_DIR="$HOME/.config/home-manager"
HM_BIN="$HOME/.nix-profile/bin/home-manager"
if [ -e "$HM_DIR/home.nix" ]; then
echo "⚠️ Found existing Home Manager config at: $HM_DIR"
echo " This may conflict with your flake-based setup. Consider backing it up or removing it."
fi
if [ -x "$HM_BIN" ]; then
echo "⚠️ Found existing Home Manager binary in nix-profile: $HM_BIN"
echo " Ensure it's not managing your home separately from your flake config."
fi
echo "📦 Gathering APT-installed packages..."
apt list --manual-installed 2>/dev/null | awk -F/ '{print tolower($1)}' | sort > /tmp/apt-installed.txt
echo "📦 Gathering Home Manager packages from flake..."
if ! nix --extra-experimental-features "nix-command flakes" eval \
".#homeConfigurations.$(hostname).config.home.packages" \
--json > /tmp/hm-pkgs.json 2>/dev/null; then
echo "❌ Failed to evaluate Home Manager flake packages. Is the attribute name $(hostname) correct?"
exit 1
fi
jq -r '.[]' /tmp/hm-pkgs.json | sed -E 's|.*/||' | sed -E 's|^[a-z0-9]{32}-||' | sed -E 's|-[0-9][^-]*$||' | sort -u > /tmp/home-manager-packages.txt
echo "apt count: $(wc -l < /tmp/apt-installed.txt)"
echo "hm count: $(wc -l < /tmp/home-manager-packages.txt)"
echo "🔁 Comparing package lists..."
comm -12 /tmp/apt-installed.txt /tmp/home-manager-packages.txt > /tmp/duplicate-packages.txt
echo "🔎 Looking for fuzzy matches..."
if [ -s /tmp/apt-installed.txt ] && [ -s /tmp/home-manager-packages.txt ]; then
grep -Fxf /tmp/apt-installed.txt /tmp/home-manager-packages.txt > /tmp/exact-matches.txt || touch /tmp/exact-matches.txt
else
touch /tmp/exact-matches.txt
fi
echo "Additional fuzzy checking (slow but useful)"
if [ -s /tmp/home-manager-packages.txt ] && [ -s /tmp/apt-installed.txt ]; then
grep -Fif /tmp/home-manager-packages.txt /tmp/apt-installed.txt > /tmp/fuzzy-matches.txt || touch /tmp/fuzzy-matches.txt
else
touch /tmp/fuzzy-matches.txt
fi
echo
if [ -s /tmp/duplicate-packages.txt ] || [ -s /tmp/exact-matches.txt ] || [ -s /tmp/fuzzy-matches.txt ]; then
echo "⚠️ Possible duplicate packages installed via APT and Home Manager:"
cat /tmp/duplicate-packages.txt /tmp/exact-matches.txt /tmp/fuzzy-matches.txt | sort -u
echo
echo "📝 You can manually remove these APT packages to avoid duplication and save space."
echo
else
echo "✅ No conflicting packages found between APT and Home Manager."
fi
# Clean up
rm /tmp/apt-installed.txt
rm /tmp/home-manager-packages.txt
rm /tmp/duplicate-packages.txt
rm /tmp/exact-matches.txt
rm /tmp/fuzzy-matches.txt
# check username and home dir
EXPECTED_USERNAME="wieerwill"
EXPECTED_HOME="/home/$EXPECTED_USERNAME"
CURRENT_USERNAME=$(whoami)
CURRENT_HOME="$HOME"
echo
echo "🔍 Current username: $CURRENT_USERNAME"
echo "📁 Current home directory: $CURRENT_HOME"
echo "🔄 Target username: $EXPECTED_USERNAME"
echo "📁 Target home directory: $EXPECTED_HOME"
echo ""
if [[ "$CURRENT_USERNAME" == "$EXPECTED_USERNAME" && "$CURRENT_HOME" == "$EXPECTED_HOME" ]]; then
echo "✅ Your username and home directory already match the Nix configuration."
else
echo "⚠️ Your system username or home directory do not match your Nix config."
echo
echo "To safely rename your user, follow these steps from a different admin user (e.g. tempadmin):"
echo
echo "$ sudo usermod -l $EXPECTED_USERNAME $CURRENT_USERNAME"
echo "$ sudo groupmod -n $EXPECTED_USERNAME $CURRENT_USERNAME"
echo "$ sudo mv /home/$CURRENT_USERNAME /home/$EXPECTED_USERNAME"
echo "$ sudo usermod -d /home/$EXPECTED_USERNAME -m $EXPECTED_USERNAME"
echo "$ sudo chown -R $EXPECTED_USERNAME:$EXPECTED_USERNAME /home/$EXPECTED_USERNAME"
echo
echo "Optional: Rename any hardcoded paths or config. Search with:"
echo "$ grep -r '$CURRENT_USERNAME' /home/$EXPECTED_USERNAME/.config"
echo ""
echo "🚨 Don't run these while logged in as $CURRENT_USERNAME!"
echo "🛠️ Create a temporary admin user first if needed:"
echo "$ sudo adduser tempadmin"
echo "$ sudo usermod -aG sudo tempadmin"
echo
echo "After renaming, log in as $EXPECTED_USERNAME and run this check script again."
exit 0
fi
echo
read -r -p "🚀 Do you want to apply the Home Manager configuration for $(hostname) now? [y/N] " confirm
if [[ "$confirm" =~ ^[Yy]$ ]]; then
echo "🔧 Applying Home Manager configuration..."
nix run --extra-experimental-features "nix-command flakes" --impure \
.#homeConfigurations.$(hostname).activationPackage
else
echo "❌ Skipping Home Manager activation."
fi

56
scripts/nix-check.sh Executable file
View File

@@ -0,0 +1,56 @@
#!/usr/bin/env bash
set -euo pipefail
# Set required experimental features
export NIX_CONFIG="experimental-features = nix-command flakes"
FLAKE_PATH="."
# List systems and type: nixos or home-manager
# Format: [hostname]=type:user
declare -A SYSTEMS=(
[t440p]="nixos:wieerwill"
[steamdeck]="nixos:wieerwill"
[xaorus]="home:wieerwill"
[vps04_08]="home:wieerwill"
)
echo "🔍 Checking Nix flake at: $FLAKE_PATH"
echo
# Check flake syntax and structure
echo "🧪 Running: nix flake check"
if nix flake check "$FLAKE_PATH" --show-trace; then
echo "✅ Flake syntax and outputs look good!"
else
echo "❌ Flake check failed!"
exit 1
fi
echo
# Check each system based on type
for HOST in "${!SYSTEMS[@]}"; do
IFS=":" read -r TYPE USER <<< "${SYSTEMS[$HOST]}"
echo "🔎 Checking $TYPE system: $USER@$HOST"
if [[ "$TYPE" == "nixos" ]]; then
ATTR="nixosConfigurations.${HOST}.config.system.build.toplevel"
elif [[ "$TYPE" == "home" ]]; then
ATTR="homeConfigurations.${HOST}.activationPackage"
else
echo "❌ Unknown system type for $HOST. Skipping..."
continue
fi
if OUTPUT=$(nix eval "$FLAKE_PATH"#"$ATTR" 2>&1); then
echo "$HOST: $TYPE configuration is valid."
else
echo "$HOST: $TYPE configuration check failed!"
echo "🔍 Error output:"
echo "$OUTPUT"
fi
echo
done

15
scripts/nix-maintain.sh Executable file
View File

@@ -0,0 +1,15 @@
#!/usr/bin/env bash
set -e
HOST=$(hostname)
FLAKE_PATH="${HOME}/nixConfig"
echo "🔁 Rebuilding system for host: $HOST"
sudo nixos-rebuild switch --flake "$FLAKE_PATH#$HOST"
echo "🧹 Collecting garbage..."
sudo nix-collect-garbage -d
nix store gc
echo "✅ System rebuilt and cleaned."

3
secrets/.sops.yaml Normal file
View File

@@ -0,0 +1,3 @@
creation_rules:
- age:
- age1wjvdck3ec0ac49xcckqazv2hswgut90t6nlwu72fs6hm7fzr7ejqz73pe8

18
secrets/secrets.enc.yaml Normal file
View File

@@ -0,0 +1,18 @@
git:
email: ENC[AES256_GCM,data:8x8TWD8pSyIXn4WvhqmvJbu/q5+EWe5Y,iv:BQBfuwqV004khGh9aTB4fkxHfuJ1ts+gRpKGe2+0Mw4=,tag:AY0DN+d6PivpZoeFFwElJA==,type:str]
username: ENC[AES256_GCM,data:iZeo9T70G3lY,iv:K8mseg1oXyZ+PiB3WDUdRUaQEa92IM64Mm9ev9TerhQ=,tag:DjLtiVgnsTj5CpXQvSQ+Gw==,type:str]
sops:
age:
- recipient: age1wjvdck3ec0ac49xcckqazv2hswgut90t6nlwu72fs6hm7fzr7ejqz73pe8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGOHlmWkRXY0pVOWkwd0FK
QU5xakViMEMwbk9HV1doaFAvTDIvMXZBVWdZCkZhZGRoYnp3bHp3ZThVU3ZpMG5O
V1FmY2hmZWltRnM2MDQxK01TOXVkVnMKLS0tIEg5ZHdFblljWjAvRVRFYURHUnVG
Rkt3UWxTR280QUtlWWRwaXIzb3NBTmsKuGd7nv8f+PcEfk0GDlIn/6EKLtGm26XS
8yemHsU1V0L/U1X7QWQacr5TU/8902ZdNqCc8RGpP4owmWjyDmEHKg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-21T14:33:12Z"
mac: ENC[AES256_GCM,data:JBcTefJk8ShmpOkammTtp4Awbid/2lqVZGI3uFRd5KWl46hgxoQRaZ9BoQswfhs3+kVAG5mwojt2/E2DTm8E5CuKmNq+YGTem1lPV51J0Yvyc5FKlVEsVxLWEiSQ/MTL5SjvgYZvTGl2VDwvyEsmSKBx/47G5uuzWiq7Jcfk9gI=,iv:KbJF5djS9CvyXZ9nDvf+Hjqg4crl6LBfG9s/0vE9SZE=,tag:6cQ015Gl6n7F7XB1cOzniQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

50
security.nix
View File

@@ -1,50 +0,0 @@
{ config, pkgs, lib, ... }:
{
#networking.firewall = {
# enable = true;
# allowedTCPPorts = [ 22 ];
#};
#services.fail2ban = {
# enable = true;
# maxretry = 3; # Ban IP after 3 failures
# bantime = "24h"; # Ban IPs for one day on the first ban
# bantime-increment = {
# enable = true; # increment of bantime after each violation
# formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
# multipliers = "1 2 4 8 16 32 64";
# maxtime = "168h"; # Do not ban for more than 1 week
# overalljails = true; # bantime based on all violations
# };
#};
programs.gpg = {
enable = true;
mutableKeys = true; # allow changes in keys or trust
mutableTrust = true;
#publicKeys = [
# {
# source = ""; #./path/to/key.a;
# trust = "ultimate";
# }
#];
};
programs.ssh = {
enable = true;
addKeysToAgent = "yes"; # let home manager manage ssh keys
};
#services.openssh = {
# enable = true;
# ##Ports = [ 5432 ];
# settings = {
# PasswordAuthentication = false;
# KbdInteractiveAuthentication = false;
# PermitRootLogin = "no";
# #AllowUsers = [ "wieerwill" ]
# };
#};
}

180
sway_inputs.txt
View File

@@ -1,180 +0,0 @@
[
{
"identifier": "1133:45943:Pebble_K380s",
"name": "Pebble K380s",
"type": "keyboard",
"repeat_delay": 600,
"repeat_rate": 25,
"xkb_layout_names": [
"German"
],
"xkb_active_layout_index": 0,
"xkb_active_layout_name": "German",
"libinput": {
"send_events": "enabled"
},
"vendor": 1133,
"product": 45943
},
{
"identifier": "1:1:AT_Translated_Set_2_keyboard",
"name": "AT Translated Set 2 keyboard",
"type": "keyboard",
"repeat_delay": 600,
"repeat_rate": 25,
"xkb_layout_names": [
"German"
],
"xkb_active_layout_index": 0,
"xkb_active_layout_name": "German",
"libinput": {
"send_events": "enabled"
},
"vendor": 1,
"product": 1
},
{
"identifier": "10248:4117:FTS3528:00_2808:1015_UNKNOWN",
"name": "FTS3528:00 2808:1015 UNKNOWN",
"type": "tablet_tool",
"libinput": {
"send_events": "enabled",
"accel_speed": 0.0,
"accel_profile": "none",
"left_handed": "disabled"
},
"vendor": 10248,
"product": 4117
},
{
"identifier": "10248:4117:FTS3528:00_2808:1015",
"name": "FTS3528:00 2808:1015",
"type": "touch",
"libinput": {
"send_events": "disabled",
"calibration_matrix": [
1.0,
0.0,
0.0,
0.0,
1.0,
0.0
]
},
"vendor": 10248,
"product": 4117
},
{
"identifier": "0:0:sof-nau8821-max_Headset_Jack",
"name": "sof-nau8821-max Headset Jack",
"type": "keyboard",
"repeat_delay": 600,
"repeat_rate": 25,
"xkb_layout_names": [
"German"
],
"xkb_active_layout_index": 0,
"xkb_active_layout_name": "German",
"libinput": {
"send_events": "enabled"
},
"vendor": 0,
"product": 0
},
{
"identifier": "10462:4613:Valve_Software_Steam_Controller",
"name": "Valve Software Steam Controller",
"type": "keyboard",
"repeat_delay": 600,
"repeat_rate": 25,
"xkb_layout_names": [
"German"
],
"xkb_active_layout_index": 0,
"xkb_active_layout_name": "German",
"libinput": {
"send_events": "enabled"
},
"vendor": 10462,
"product": 4613
},
{
"identifier": "10462:4613:Valve_Software_Steam_Controller",
"name": "Valve Software Steam Controller",
"type": "pointer",
"scroll_factor": 1.0,
"libinput": {
"send_events": "enabled",
"accel_speed": 0.0,
"accel_profile": "adaptive",
"natural_scroll": "disabled",
"left_handed": "disabled",
"scroll_method": "none",
"scroll_button": 273,
"scroll_button_lock": "disabled"
},
"vendor": 10462,
"product": 4613
},
{
"identifier": "0:5:Lid_Switch",
"name": "Lid Switch",
"type": "switch",
"libinput": {
"send_events": "enabled"
},
"vendor": 0,
"product": 5
},
{
"identifier": "0:1:Power_Button",
"name": "Power Button",
"type": "keyboard",
"repeat_delay": 600,
"repeat_rate": 25,
"xkb_layout_names": [
"German"
],
"xkb_active_layout_index": 0,
"xkb_active_layout_name": "German",
"libinput": {
"send_events": "enabled"
},
"vendor": 0,
"product": 1
},
{
"identifier": "0:6:Video_Bus",
"name": "Video Bus",
"type": "keyboard",
"repeat_delay": 600,
"repeat_rate": 25,
"xkb_layout_names": [
"German"
],
"xkb_active_layout_index": 0,
"xkb_active_layout_name": "German",
"libinput": {
"send_events": "enabled"
},
"vendor": 0,
"product": 6
},
{
"identifier": "0:1:Power_Button",
"name": "Power Button",
"type": "keyboard",
"repeat_delay": 600,
"repeat_rate": 25,
"xkb_layout_names": [
"German"
],
"xkb_active_layout_index": 0,
"xkb_active_layout_name": "German",
"libinput": {
"send_events": "enabled"
},
"vendor": 0,
"product": 1
}
]

84
terminal.nix
View File

@@ -1,84 +0,0 @@
{ config, pkgs, lib, ... }:
{
programs.alacritty = {
enable = true;
settings = {
font.normal = { family = "hack"; style = "Regular"; };
size = "12";
colors.primary = {
foreground = "#d8d8d8"; # RRGGBB
background = "#181818";
dim_foreground = "#828482";
};
#shell = { program = "/bin/zsh", args = ["-l"] };
};
};
programs.zsh = {
enable = true;
enableCompletion = true;
autosuggestion.enable = true;
#autosuggestion.highlight = null; # Custom styles for autosuggestion highlighting
syntaxHighlighting = {
enable = true;
highlighters = [ "main" "brackets" "cursor" ];
patterns = { "rm -rf *" = "fg=white,bold,bg=red"; };
};
enableVteIntegration = true; # let the terminal track the current working directory
autocd = null; # Automatically enter into a directory if typed directly into shell.
sessionVariables = { # Environment variables that will be set for zsh session
isZSH = true;
};
oh-my-zsh = {
# enable = true;
# plugins = [
# "alias-finder" # learn alias easier
# "colorize"
# "cp"
# "direnv"
# "git"
# "git-extras"
# "git-lfs"
# "history"
# "rust"
# "ssh"
# "sudo"
# "vscode"
# "z"
# ];
# theme = "jonathan"; # "amuse"; #"robbyrussell";
};
shellAliases = {
ll = "ls -l";
edit = "sudo -e";
".." = "cd ..";
update = "sudo nixos-rebuild switch";
};
history = {
ignoreAllDups = true;
expireDuplicatesFirst = true;
ignorePatterns = ["rm *" "pkill *"];
save = 10000; # number of history lines
};
#setOptions = [
# "HIST_IGNORE_ALL_DUPS"
#];
};
programs.btop = {
enable = true;
settings = {
color_theme = "tokyo-night"; # "Default";
truecolor = true;
};
};
programs.htop = {
enable = true;
};
}