Grimmauld/grimm-nixos-laptop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

tooling fixes

Browse source
This commit is contained in:
Grimmauld 2024-11-23 17:06:12 +01:00
parent c18468c958
commit 573b43b8e2
Signed by: Grimmauld
GPG key ID: C2946668769F91FB
16 changed files with 193 additions and 123 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
common/gaming.nix
View file

@ -39,7 +39,7 @@ in
}; };
}; };
programs.honkers-railway-launcher.enable = true; # programs.honkers-railway-launcher.enable = true;
services.udev.packages = [ pkgs.wooting-udev-rules ]; services.udev.packages = [ pkgs.wooting-udev-rules ];

21
common/graphics/sway.nix
View file

@ -23,6 +23,7 @@ let
isDerivation isDerivation
concatLines concatLines
optional optional
singleton
mkIf mkIf
; ;
inherit (pkgs) writeShellScriptBin; inherit (pkgs) writeShellScriptBin;
@ -117,12 +118,6 @@ in
} }
''; '';
dbus-sway-environment = pkgs.writeShellScriptBin "dbus-sway-environment" ''
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
systemctl --user stop xdg-desktop-portal xdg-desktop-portal-wlr
systemctl --user start xdg-desktop-portal xdg-desktop-portal-wlr
'';
build_conf = build_conf =
sway_conf: sway_conf:
let let
@ -153,22 +148,21 @@ in
"output ${value.id} mode ${value.mode}" "output ${value.id} mode ${value.mode}"
+ (optionalString (value.pos != null) " position ${value.pos}") + (optionalString (value.pos != null) " position ${value.pos}")
) screens) ) screens)
++ (singleton "include /etc/sway/config.d/*")
); );
conf_path = "sway.conf"; conf_path = "sway.conf";
in in
mkIf (enable && sway.enable) { mkIf (enable && sway.enable) {
environment.etc."${conf_path}".text = sway_conf; environment.etc."sway/config".source = lib.mkForce (pkgs.writeText conf_path sway_conf);
grimmShared.sway.config.execAlways = [ grimmShared.sway.config.execAlways = [
dbus-sway-environment
init_screens_auto init_screens_auto
]; ];
environment.systemPackages = environment.systemPackages =
[ [
waybar_full waybar_full
dbus-sway-environment
init_screens_min_fps init_screens_min_fps
init_screens_max_fps init_screens_max_fps
init_screens_auto init_screens_auto
@ -197,7 +191,10 @@ in
rm -rf /home/*/.cache/rmenu rm -rf /home/*/.cache/rmenu
''; '';
reloadTriggers = [ config.environment.etc."${conf_path}".source ]; reloadTriggers = [
# config.environment.etc."${conf_path}".source
config.environment.etc."sway/config".source
];
}; };
# programs.waybar.enable = true; # programs.waybar.enable = true;
@ -221,10 +218,6 @@ in
wmenu wmenu
waybar-mpris waybar-mpris
]; ];
extraOptions = [
"--config"
"/etc/${conf_path}"
];
extraSessionCommands = '' extraSessionCommands = ''
# source /etc/profile # source /etc/profile
# test -f $HOME/.profile && source $HOME/.profile # test -f $HOME/.profile && source $HOME/.profile

5
common/hardware/laptop.nix
View file

@ -56,8 +56,11 @@ in
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
}; };
systemd.enableCgroupAccounting = true;
# systemd.enableUnifiedCgroupHierarchy = false;
boot = { boot = {
kernelParams = [ "quiet" ]; kernelParams = [ "intel_iommu=on" "nohibernate" ];
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;
initrd.availableKernelModules = [ initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"

9
common/tooling/apparmor/default.nix
View file

@ -16,12 +16,15 @@ in
security.auditd.enable = true; security.auditd.enable = true;
security.apparmor.enable = true; security.apparmor.enable = true;
# security.apparmor.enableCache = true; security.apparmor.enableCache = true;
security.apparmor.includes."tunables/alias.d/programs" = '' security.apparmor.includes."tunables/alias.d/programs" = ''
# alias / -> @{nix_store}/,
alias /bin/spotify -> ${pkgs.spotify}/share/spotify/spotify, alias /bin/spotify -> ${pkgs.spotify}/share/spotify/spotify,
''; '';
# security.apparmor.aa-alias-manager.enable = false;
security.audit.backlogLimit = 512; security.audit.backlogLimit = 512;
security.apparmor_d = { security.apparmor_d = {
@ -43,7 +46,7 @@ in
pkexec = "complain"; pkexec = "complain";
xdg-mime = "complain"; xdg-mime = "complain";
mimetype = "complain"; mimetype = "complain";
sudo = "complain"; # sudo = "complain";
"unix-chkpwd.apparmor.d" = "complain"; "unix-chkpwd.apparmor.d" = "complain";
}; };
}; };
@ -228,7 +231,7 @@ in
}; };
osu-lazer = { osu-lazer = {
state = "enforce"; state = "disable";
# enable = true; # enable = true;
# enforce = true; # enforce = true;
profile = '' profile = ''

2
common/tooling/c.nix
View file

@ -29,6 +29,8 @@ in
clang clang
clang-tools clang-tools
cmake cmake
stdman
valgrind
] ]
++ optionals graphical [ ++ optionals graphical [
libva-utils libva-utils

3
common/tooling/default.nix
View file

@ -23,7 +23,7 @@ in
./lsp.nix ./lsp.nix
./helix.nix ./helix.nix
./git.nix ./git.nix
# ./wine.nix ./wine.nix
./c.nix ./c.nix
./java.nix ./java.nix
./opensnitch ./opensnitch
@ -62,6 +62,7 @@ in
parted parted
expect expect
gptfdisk gptfdisk
qrencode
] ]
++ optionals graphical [ ++ optionals graphical [
wev wev

1
common/tooling/git.nix
View file

@ -21,6 +21,7 @@ in
pkgs.urlencode pkgs.urlencode
pkgs.tea pkgs.tea
pkgs.delta pkgs.delta
pkgs.gh
]; ];
programs.git = { programs.git = {

3
common/tooling/java.nix
View file

@ -20,8 +20,11 @@ in
environment.systemPackages = [ environment.systemPackages = [
pkgs.jdk17 pkgs.jdk17
pkgs.visualvm pkgs.visualvm
pkgs.gradle_7
] ++ optionals graphical [ pkgs.jetbrains.idea-community ]; ] ++ optionals graphical [ pkgs.jetbrains.idea-community ];
environment.sessionVariables.JAVA_HOME = pkgs.jdk17.home;
grimmShared.tooling.lang_servers = [ grimmShared.tooling.lang_servers = [
{ {
lsp = { lsp = {

192
common/tooling/opensnitch/default.nix
View file

@ -5,7 +5,12 @@
... ...
}: }:
let let
inherit (config.grimmShared) enable tooling graphical network; inherit (config.grimmShared)
enable
tooling
graphical
network
;
inherit (lib) inherit (lib)
optional optional
getBin getBin
@ -24,7 +29,12 @@ let
isString isString
; ;
local_network = [ "192.168.0.0/16" "10.0.0.0/8" "172.16.0.0/12" "fc00::/7" ]; local_network = [
"192.168.0.0/16"
"10.0.0.0/8"
"172.16.0.0/12"
"fc00::/7"
];
local_ips = pkgs.writeTextDir "local_ips.list" (concatLines local_network); local_ips = pkgs.writeTextDir "local_ips.list" (concatLines local_network);
created = "1970-01-01T00:00:00.0+00:00"; created = "1970-01-01T00:00:00.0+00:00";
@ -33,7 +43,7 @@ in
config = mkIf (enable && tooling.enable && network) { config = mkIf (enable && tooling.enable && network) {
environment.systemPackages = optional graphical pkgs.opensnitch-ui; environment.systemPackages = optional graphical pkgs.opensnitch-ui;
grimmShared.sway.config.autolaunch = optional graphical pkgs.opensnitch-ui; grimmShared.sway.config.autolaunch = optional graphical pkgs.opensnitch-ui;
services.opensnitch = { services.opensnitch = {
enable = true; enable = true;
settings = { settings = {
@ -43,30 +53,34 @@ in
}; };
rules = { rules = {
firefox = let firefox =
cfg = config.programs.firefox; let
pkg = (cfg.package.override (old: { cfg = config.programs.firefox;
extraPrefsFiles = pkg = (
old.extraPrefsFiles or [ ] cfg.package.override (old: {
++ cfg.autoConfigFiles extraPrefsFiles =
++ [ (pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig) ]; old.extraPrefsFiles or [ ]
nativeMessagingHosts = old.nativeMessagingHosts or [ ] ++ cfg.nativeMessagingHosts.packages; ++ cfg.autoConfigFiles
cfg = (old.cfg or { }) // cfg.wrapperConfig; ++ [ (pkgs.writeText "firefox-autoconfig.js" cfg.autoConfig) ];
})); nativeMessagingHosts = old.nativeMessagingHosts or [ ] ++ cfg.nativeMessagingHosts.packages;
cfg = (old.cfg or { }) // cfg.wrapperConfig;
})
);
in
# pkg = pkgs.firefox-unwrapped; # pkg = pkgs.firefox-unwrapped;
in mkIf (config.programs.firefox.enable) { mkIf (config.programs.firefox.enable) {
name = "firefox"; name = "firefox";
enabled = true; enabled = true;
action = "allow"; action = "allow";
duration = "always"; duration = "always";
inherit created; inherit created;
operator = { operator = {
type ="simple"; type = "simple";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = "${getBin pkg}/lib/firefox/firefox"; data = "${getBin pkg}/lib/firefox/firefox";
};
}; };
};
block-list = { block-list = {
name = "block-list"; name = "block-list";
@ -77,7 +91,7 @@ in
operator = { operator = {
type = "lists"; type = "lists";
operand = "lists.domains"; operand = "lists.domains";
data = pkgs.callPackage ./block_lists.nix {}; data = pkgs.callPackage ./block_lists.nix { };
}; };
}; };
@ -92,7 +106,7 @@ in
operand = "list"; operand = "list";
list = [ list = [
{ {
type ="simple"; type = "simple";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = getExe pkgs.nsncd; data = getExe pkgs.nsncd;
@ -105,7 +119,9 @@ in
{ {
type = "lists"; type = "lists";
operand = "lists.nets"; operand = "lists.nets";
data = pkgs.writeTextDir "cidr_dns.list" (concatLines ((map (ip: "${ip}/32") config.networking.nameservers) ++ local_network)); data = pkgs.writeTextDir "cidr_dns.list" (
concatLines ((map (ip: "${ip}/32") config.networking.nameservers) ++ local_network)
);
} }
{ {
type = "simple"; type = "simple";
@ -124,7 +140,7 @@ in
precedence = true; precedence = true;
inherit created; inherit created;
operator = { operator = {
type ="regexp"; type = "regexp";
sensitive = false; sensitive = false;
operand = "dest.ip"; operand = "dest.ip";
data = "^(127\\.0\\.0\\.1|::1)$"; data = "^(127\\.0\\.0\\.1|::1)$";
@ -139,7 +155,7 @@ in
duration = "always"; duration = "always";
inherit created; inherit created;
operator = { operator = {
type ="simple"; type = "simple";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = "${lib.getBin pkgs.spotify}/share/spotify/.spotify-wrapped"; data = "${lib.getBin pkgs.spotify}/share/spotify/.spotify-wrapped";
@ -154,7 +170,7 @@ in
duration = "always"; duration = "always";
inherit created; inherit created;
operator = { operator = {
type ="regexp"; type = "regexp";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = "/nix/store/[a-z0-9]{32}-osu-lazer-bin-${escapeRegex (getVersion pkgs.osu-lazer-bin)}-extracted/usr/bin/osu!"; data = "/nix/store/[a-z0-9]{32}-osu-lazer-bin-${escapeRegex (getVersion pkgs.osu-lazer-bin)}-extracted/usr/bin/osu!";
@ -178,7 +194,7 @@ in
data = "443|53"; data = "443|53";
} }
{ {
type ="regexp"; type = "regexp";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = "/nix/store/[a-z0-9]{32}-osu-lazer-bin-${escapeRegex (getVersion pkgs.osu-lazer-bin)}-extracted/usr/bin/osu!"; data = "/nix/store/[a-z0-9]{32}-osu-lazer-bin-${escapeRegex (getVersion pkgs.osu-lazer-bin)}-extracted/usr/bin/osu!";
@ -209,7 +225,7 @@ in
data = "443|4070"; data = "443|4070";
} }
{ {
type ="simple"; type = "simple";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = lib.getExe pkgs.ncspot; data = lib.getExe pkgs.ncspot;
@ -218,7 +234,7 @@ in
type = "lists"; type = "lists";
operand = "lists.domains_regexp"; operand = "lists.domains_regexp";
data = ./spotify_hosts; data = ./spotify_hosts;
} }
]; ];
}; };
}; };
@ -240,7 +256,7 @@ in
data = "443|4070"; data = "443|4070";
} }
{ {
type ="simple"; type = "simple";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = "${lib.getBin pkgs.spotify}/share/spotify/.spotify-wrapped"; data = "${lib.getBin pkgs.spotify}/share/spotify/.spotify-wrapped";
@ -249,12 +265,11 @@ in
type = "lists"; type = "lists";
operand = "lists.domains_regexp"; operand = "lists.domains_regexp";
data = ./spotify_hosts; data = ./spotify_hosts;
} }
]; ];
}; };
}; };
spotify_allow_local = mkIf (config.grimmShared.spotify.enable && graphical) { spotify_allow_local = mkIf (config.grimmShared.spotify.enable && graphical) {
name = "spotify-allow-local"; name = "spotify-allow-local";
enabled = true; enabled = true;
@ -267,7 +282,7 @@ in
operand = "list"; operand = "list";
list = [ list = [
{ {
type ="simple"; type = "simple";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = "${lib.getBin pkgs.spotify}/share/spotify/.spotify-wrapped"; data = "${lib.getBin pkgs.spotify}/share/spotify/.spotify-wrapped";
@ -276,7 +291,7 @@ in
type = "lists"; type = "lists";
operand = "lists.nets"; operand = "lists.nets";
data = local_ips; data = local_ips;
} }
]; ];
}; };
}; };
@ -289,7 +304,7 @@ in
duration = "always"; duration = "always";
inherit created; inherit created;
operator = { operator = {
type ="regexp"; type = "regexp";
sensitive = false; sensitive = false;
operand = "process.command"; operand = "process.command";
data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "${pkgs.vesktop}/opt/Vesktop/resources/app.asar"}"; data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "${pkgs.vesktop}/opt/Vesktop/resources/app.asar"}";
@ -308,7 +323,7 @@ in
operand = "list"; operand = "list";
list = [ list = [
{ {
type ="regexp"; type = "regexp";
sensitive = false; sensitive = false;
operand = "process.command"; operand = "process.command";
data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "${pkgs.vesktop}/opt/Vesktop/resources/app.asar"}"; data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "${pkgs.vesktop}/opt/Vesktop/resources/app.asar"}";
@ -317,7 +332,38 @@ in
type = "lists"; type = "lists";
operand = "lists.domains_regexp"; operand = "lists.domains_regexp";
data = ./discord_hosts; data = ./discord_hosts;
} }
];
};
};
vesktop_daemon_allow_udp = mkIf (graphical) {
name = "vesktop-allow-udp";
enabled = true;
action = "allow";
precedence = true;
duration = "always";
# inherit created;
operator = {
type = "list";
operand = "list";
list = [
{
type = "regexp";
sensitive = false;
operand = "process.command";
data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "--utility-sub-type=network.mojom.NetworkService"}.*--user-data-dir=/home/.+/\.config/vesktop.+";
}
{
type = "simple";
operand = "protocol";
data = "udp";
}
{
type = "regexp";
operand = "dest.port";
data = "500[0-9]{2}";
}
]; ];
}; };
}; };
@ -330,14 +376,13 @@ in
duration = "always"; duration = "always";
inherit created; inherit created;
operator = { operator = {
type ="regexp"; type = "regexp";
sensitive = false; sensitive = false;
operand = "process.command"; operand = "process.command";
data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "--utility-sub-type=network.mojom.NetworkService"}.*--user-data-dir=/home/.+/\.config/vesktop.+"; data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "--utility-sub-type=network.mojom.NetworkService"}.*--user-data-dir=/home/.+/\.config/vesktop.+";
}; };
}; };
vesktop_daemon_allow = mkIf (graphical) { vesktop_daemon_allow = mkIf (graphical) {
name = "vesktop-daemon-allow"; name = "vesktop-daemon-allow";
enabled = true; enabled = true;
@ -350,7 +395,7 @@ in
operand = "list"; operand = "list";
list = [ list = [
{ {
type ="regexp"; type = "regexp";
sensitive = false; sensitive = false;
operand = "process.command"; operand = "process.command";
data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "--utility-sub-type=network.mojom.NetworkService"}.*--user-data-dir=/home/.+/\.config/vesktop.+"; data = "/nix/store/[a-z0-9]{32}-electron-unwrapped-${escapeRegex (getVersion pkgs.electron)}/libexec/electron/electron.*${escapeRegex "--utility-sub-type=network.mojom.NetworkService"}.*--user-data-dir=/home/.+/\.config/vesktop.+";
@ -359,13 +404,11 @@ in
type = "lists"; type = "lists";
operand = "lists.domains_regexp"; operand = "lists.domains_regexp";
data = ./discord_hosts; data = ./discord_hosts;
} }
]; ];
}; };
}; };
avahi = mkIf (config.services.avahi.enable) { avahi = mkIf (config.services.avahi.enable) {
name = "avahi"; name = "avahi";
enabled = true; enabled = true;
@ -377,7 +420,7 @@ in
operand = "list"; operand = "list";
list = [ list = [
{ {
type ="simple"; type = "simple";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = getExe' config.services.avahi.package "avahi-daemon"; data = getExe' config.services.avahi.package "avahi-daemon";
@ -403,7 +446,7 @@ in
duration = "always"; duration = "always";
inherit created; inherit created;
operator = { operator = {
type ="regexp"; type = "regexp";
operand = "protocol"; operand = "protocol";
sensitive = false; sensitive = false;
data = "icmp(4|6)?"; data = "icmp(4|6)?";
@ -421,21 +464,21 @@ in
operand = "list"; operand = "list";
list = [ list = [
{ {
type ="simple"; type = "simple";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = getExe' pkgs.networkmanager "networkmanager"; data = getExe' pkgs.networkmanager "networkmanager";
} }
{ {
type ="simple"; type = "simple";
operand = "dest.port"; operand = "dest.port";
data = "547"; data = "547";
} }
# { # {
# type ="simple"; # type ="simple";
# operand = "dest.network"; # operand = "dest.network";
# data = "ff02::1:2"; # data = "ff02::1:2";
# } # }
]; ];
}; };
}; };
@ -451,13 +494,13 @@ in
operand = "list"; operand = "list";
list = [ list = [
{ {
type ="simple"; type = "simple";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = getExe' pkgs.cups-filters "cups-browsed"; data = getExe' pkgs.cups-filters "cups-browsed";
} }
{ {
type ="regexp"; type = "regexp";
operand = "dest.port"; operand = "dest.port";
data = "53|631|80"; data = "53|631|80";
} }
@ -484,18 +527,19 @@ in
type = "simple"; type = "simple";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd"; } data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
}
{ {
type ="regexp"; type = "regexp";
operand = "dest.port"; operand = "dest.port";
data = "123|37|53"; data = "123|37|53";
} }
# { # {
# type = "regexp"; # type = "regexp";
# sensitive = false; # sensitive = false;
# operand = "dest.host"; # operand = "dest.host";
# data = ".*\.nixos\.pool\.ntp\.org"; # data = ".*\.nixos\.pool\.ntp\.org";
# } # }
{ {
type = "simple"; type = "simple";
operand = "user.id"; operand = "user.id";
@ -504,9 +548,9 @@ in
]; ];
}; };
}; };
nextcloud = mkIf (config.grimmShared.cloudSync.enable) { nextcloud = mkIf (config.grimmShared.cloudSync.enable) {
name = "nextcloud"; name = "nextcloud";
enabled = true; enabled = true;
action = "allow"; action = "allow";
duration = "always"; duration = "always";
@ -516,7 +560,7 @@ in
operand = "list"; operand = "list";
list = [ list = [
{ {
type ="simple"; type = "simple";
sensitive = false; sensitive = false;
operand = "process.path"; operand = "process.path";
data = getExe' pkgs.nextcloud-client ".nextcloudcmd-wrapped"; data = getExe' pkgs.nextcloud-client ".nextcloudcmd-wrapped";
@ -525,11 +569,15 @@ in
type = "regexp"; type = "regexp";
sensitive = false; sensitive = false;
operand = "dest.host"; operand = "dest.host";
data = let l = (filter isString (split "\\." config.grimmShared.cloudSync.server)); in (strings.replicate ((length l) - 1) "(") + (concatStringsSep "\\.)?" l); data =
let
l = (filter isString (split "\\." config.grimmShared.cloudSync.server));
in
(strings.replicate ((length l) - 1) "(") + (concatStringsSep "\\.)?" l);
# config.grimmShared.cloudSync.server; # config.grimmShared.cloudSync.server;
} }
{ {
type ="regexp"; type = "regexp";
operand = "dest.port"; operand = "dest.port";
data = "443|53"; data = "443|53";
} }

3
common/tooling/opensnitch/discord_hosts/hosts.list
View file

@ -10,3 +10,6 @@ github.com
githubusercontent.com githubusercontent.com
scdn.co scdn.co
spotify.com spotify.com
discord.media
media.tenor.co
media.tenor.com

5
common/tooling/wine.nix
View file

@ -11,6 +11,7 @@ in
{ {
config = mkIf (enable && tooling.enable) { config = mkIf (enable && tooling.enable) {
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true; programs.virt-manager.enable = true;
virtualisation.spiceUSBRedirection.enable = true; virtualisation.spiceUSBRedirection.enable = true;
@ -20,14 +21,16 @@ in
# uris = ["qemu:///system"]; # uris = ["qemu:///system"];
# }; # };
# }; # };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
winetricks winetricks
wineWow64Packages.stagingFull wineWow64Packages.stagingFull
dotnetCorePackages.dotnet_9.sdk dotnetCorePackages.dotnet_9.sdk
jetbrains.rider # jetbrains.rider
mono4 mono4
# (mono4.overrideAttrs { version="4.6.1"; sha256=""; }) # (mono4.overrideAttrs { version="4.6.1"; sha256=""; })
tesseract4
]; ];
}; };
} }

2
common/xdg/mime.nix
View file

@ -66,7 +66,7 @@ in
freecad freecad
openscad openscad
vlc vlc
blender # blender
thunderbird thunderbird
xdg-terminal-exec xdg-terminal-exec
xdg-utils xdg-utils

2
configuration.nix
View file

@ -18,6 +18,8 @@
nix.package = pkgs.lix; nix.package = pkgs.lix;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
services.flatpak.enable = true;
grimmShared = { grimmShared = {
enable = true; enable = true;
locale = true; locale = true;

49
flake.lock generated
View file

@ -9,11 +9,11 @@
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1730472722, "lastModified": 1731942996,
"narHash": "sha256-/ut+TH7jZwgZEREMOZp/Wx7zXl6hgBJGGxQHU0KO6yY=", "narHash": "sha256-Ohh+GmEenm4Eu1p6+u/4qIw0wbgKm7Vk/yQwRnSmrFE=",
"owner": "LordGrimmauld", "owner": "LordGrimmauld",
"repo": "aa-alias-manager", "repo": "aa-alias-manager",
"rev": "f2ef05f2af456e247d2b37a0b3bf09edbe1788a9", "rev": "e394c4882888f9b9306b3a2dfc59df03ab766473",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -30,11 +30,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1728524457, "lastModified": 1731956781,
"narHash": "sha256-R+GJ3H1PvRUHLm45muY1KEezhfgIl8l7HJ36DySZMu0=", "narHash": "sha256-AAZiAMQ2LBCY375NnbQa8HHFJc3KLyfnlGiFXDdb1pE=",
"owner": "ezKEa", "owner": "ezKEa",
"repo": "aagl-gtk-on-nix", "repo": "aagl-gtk-on-nix",
"rev": "5611dd61df02e0bc5d62bb3f5388821d8854faff", "rev": "862c5b3acd097906cd242eedd9ddcc95ac9382cb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -92,11 +92,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730390431, "lastModified": 1732150710,
"narHash": "sha256-M+rMhDB69Y35IlhmAMN4ErDige+wKPwhb6HDqpF14Rw=", "narHash": "sha256-H6ps/jlPn3kkGtrZeduLtfMnV8htI117/qUgMtUzJBM=",
"owner": "chaotic-cx", "owner": "chaotic-cx",
"repo": "nyx", "repo": "nyx",
"rev": "40388a7427ee32af175c5169ae7587ffd2dec125", "rev": "4621aec08aa50869a305e275c2b8a0c766f3b59b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -241,11 +241,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730016908, "lastModified": 1732025103,
"narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=", "narHash": "sha256-qjEI64RKvDxRyEarY0jTzrZMa8ebezh2DEZmJJrpVdo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e83414058edd339148dc142a8437edb9450574c8", "rev": "a46e702093a5c46e192243edbd977d5749e7f294",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -263,11 +263,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730248099, "lastModified": 1732032028,
"narHash": "sha256-Fl7BSdpLk0uTXF6ol/MR0q1EB4XQ8tn0ftig0pyYh5Y=", "narHash": "sha256-NjyfJQQxs/a2a/KwTmXM44K7XjeJwGsf4YFtebueQzo=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "c11bab124fc55a37cbd854ed28ea121ed609231f", "rev": "65dc04371cf914c9af4f073638821e4787303005",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -366,18 +366,17 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1730200266, "lastModified": 1732297877,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", "narHash": "sha256-OCazAn/xPjPTMo6cyMzJthmfMBuoCjcZ4O+kAkW3ixI=",
"owner": "NixOS", "ref": "refs/heads/apparmor_module",
"repo": "nixpkgs", "rev": "43d89bd05155f93038565672464931594b9b4fcd",
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "revCount": 710089,
"type": "github" "type": "git",
"url": "file:///home/grimmauld/coding/nixpkgs"
}, },
"original": { "original": {
"owner": "NixOS", "type": "git",
"ref": "nixos-unstable", "url": "file:///home/grimmauld/coding/nixpkgs"
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-24_05": { "nixpkgs-24_05": {

10
flake.nix
View file

@ -3,8 +3,8 @@
inputs = { inputs = {
nixpkgs = { nixpkgs = {
url = "github:NixOS/nixpkgs/nixos-unstable"; # url = "github:NixOS/nixpkgs/nixos-unstable";
# url = "git+file:///home/grimmauld/coding/nixpkgs"; url = "git+file:///home/grimmauld/coding/nixpkgs";
}; };
chaotic = { chaotic = {
url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
@ -37,7 +37,11 @@
outputs = inputs @ { self, agenix, nixpkgs, chaotic, aagl-gtk-on-nix, nixos-mailserver, nixos-matrix-modules, aa-alias-manager, ... }: outputs = inputs @ { self, agenix, nixpkgs, chaotic, aagl-gtk-on-nix, nixos-mailserver, nixos-matrix-modules, aa-alias-manager, ... }:
let let
patches = [ patches = [
./aa_mod.patch # ./aa_mod.patch
{
url = "https://github.com/NixOS/nixpkgs/pull/357468.patch";
hash = "sha256-t+/zVO/Jyink9biD61AuDOmVt0GF3biKxR5hCAyl4Fc=";
}
]; ];
customNixosSystem = system: definitions: customNixosSystem = system: definitions:

7
specific/grimm-nixos-ssd/hardware-configuration.nix
View file

@ -115,7 +115,12 @@
}; };
}; };
swapDevices = [ ]; swapDevices = [
#{
# device = "zpool/swap";
# device = "/dev/zvol/zpool/swap";
#}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's