jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

baremetal install, cleaned up code

Browse Source
This commit is contained in:
Danilo Reyes 2023-04-30 15:23:40 -06:00
parent 194ebe7d01
commit 92a2b959d7
9 changed files with 729 additions and 1337 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
README.org
View File

@ -1,88 +0,0 @@
#+title:CaptainJawZ's system configuration
This is my personal system configuration, a project powered by the amazing
self-documenting capabilities of Emacs and NixOS. The goal of this project is
to create a declarative repository. Which when cloned into a live CD, will
replicate my ideal system into a fresh NixOS installation, preconfigured to my
every preference out of the box.
You may be wondering what that system looks like, so here is an overview:
- Modern looking system
- Vanilla Gnome with some quality-of-life extensions.
- A bunch of (preferably GTK/Libadwaita) applications to simplify common
tasks.
- Terminal friendly environment
- Feature-rich terminal applications for automation.
- Fish Shell functions to simplify menial tasks.
- Declaratively setting up paths in a centralize manner to avoid having to
check all of my scripts, functions, dotfiles, if I ever modify the location
of a directory.
- Developer ready environment both for learning and developing.
- Home media center
- Easy deployment of Docker containers for home media center.
- LAN-network settings
- Reverse proxies for accessing my servers outside my home-network
- Minimal gaming
- Windows 10 virtual-machine environment
- Self-organizing database of files
- Resources
https://gitlab.com/dwt1/dotfiles
- Secrets
https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes
https://www.richdevelops.dev/blog/keeping-secrets-out-of-git
https://github.com/ryantm/agenix
https://github.com/Mic92/sops-nix
https://xeiaso.net/blog/nixos-encrypted-secrets-2021-01-20 <--- best one
https://www.reddit.com/r/NixOS/comments/j6nqbe/declarative_secrets/
- Babel
https://www.youtube.com/watch?v=kkqVTDbfYp4&t=1032s
https://orgmode.org/worg/org-contrib/babel/intro.html
https://orgmode.org/manual/Environment-of-a-Code-Block.html
https://org-babel.readthedocs.io/en/latest/eval/
#+name: square
#+begin_src python :results value :header :var x = 0 :var y = 0
return x * y
#+end_src
#+call: square(x=2, y=7)
#+RESULTS:
: 14
#+name: gnome
#+begin_src python :results value
list = [["blender", "gimp", "krita"],["curtail"]]
return list
#+end_src
#+call: gnome()
#+RESULTS:
| blender | gimp | krita |
| curtail | | |
#+name: addthree
#+begin_src python :results value
return <<square(x=2, y=3)>> + 3
#+end_src
#+call: addthree()
#+RESULTS:
#+name: list
- blender
- krita
- gimp
#+begin_src python :results output :var list=list
for item in list:
print(item)
#+end_src
#+RESULTS:
: ['blender']
: ['krita']
: ['gimp']

882
configuration.nix
View File

@ -1,521 +1,451 @@
{ config, pkgs, ... }:
{ # Remember to close this bracket at the end of the document
{ config, pkgs, ...
}: { # Remember to close this bracket at the end of the document
imports = [
./hardware-configuration.nix
<home-manager/nixos>
];
imports = [ ./hardware-configuration.nix <home-manager/nixos> ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "workstation";
networking.hostName = "workstation";
# networking.wireless.enable = true;
networking.networkmanager.enable = true;
# networking.wireless.enable = true;
networking.networkmanager.enable = true;
time.timeZone = "America/Mexico_City";
time.timeZone = "America/Mexico_City";
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = { LC_MONETARY = "es_MX.UTF-8"; };
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};
i18n.defaultLocale = "en_CA.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
};
services = {
xserver = {
enable = true;
videoDrivers = [ "nvidia" ];
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
layout = "us";
libinput.enable = true; # Wacom required?
};
};
services.xserver.enable = true;
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
gnome-text-editor
gnome-connections
baobab
]) ++ (with pkgs.gnome; [
totem
gedit
gnome-music
epiphany
gnome-characters
yelp
simple-scan
gnome-font-viewer
]);
services.xserver.layout = "us";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
hardware.pulseaudio.enable = false;
sound.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
gnome-text-editor
gnome-connections
baobab
])
++ (with pkgs.gnome; [
totem
gedit
gnome-music
epiphany
gnome-characters
yelp
simple-scan
gnome-font-viewer
]);
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
hardware.bluetooth.enable = true;
# security.sudo.enable = false;
# security.doas.enable = true;
# security.doas.extraRules = [{
# users = [ "jawz" ];
# keepEnv = true;
# #persist = true;
# noPass = true;
# }];
hardware.pulseaudio.enable = false;
sound.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
users.users.jawz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker" ];
initialPassword = "password";
shell = pkgs.fish;
packages = with pkgs; [ ];
};
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
nixpkgs.config = { allowUnfree = true; };
# security.sudo.enable = false;
# security.doas.enable = true;
# security.doas.extraRules = [{
# users = [ "jawz" ];
# keepEnv = true;
# #persist = true;
# noPass = true;
# }];
fonts.fontconfig.enable = true;
users.users.jawz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ];
initialPassword = "password";
shell = pkgs.fish;
packages = with pkgs; [ ];
};
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
nixpkgs.config = { allowUnfree = true; };
fonts.fontconfig.enable = true;
# services.xserver.libinput.enable = true;
home-manager.useUserPackages = true;
home-manager.useGlobalPkgs = true;
home-manager.users.jawz = { config, pkgs, ... }:{
imports = [ ./dotfiles/dconf.nix ];
home-manager.users.jawz = { config, pkgs, ... }: {
# imports = [ ./dotfiles/dconf.nix ];
home.stateVersion = "22.11";
home.packages = with pkgs; [
blanket # background noise
blender # cgi animation and sculpting
celluloid # video player
cozy # audiobooks player
czkawka # duplicate finder
discord # chat
dropbox # cloud sync
# foliate # ebook reader
# gnome-podcasts # podcast player
# gnome-recipes # migrate these to mealie and delete
godot # game development
google-chrome # web browser
handbrake # video converter, may be unnecessary
# krita # art to your heart desire!
# libreoffice-fresh # office, but based
# lutris # game/emulator manager
megasync # cloud sync
mpdevil # ugly icon, but pretty mpd client nwn
# pika-backup # backups
pitivi # video editor
tilix # terminal
# Art
blender # cgi animation and sculpting
godot # game development
krita # art to your heart desire!
drawpile # arty party with friends!!
mypaint # not the best art program
mypaint-brushes # but it's got some
mypaint-brushes1 # nice damn brushes
ffmpegthumbnailer # create video thumbnails for nautilus, in absence of totem
mpdas # scrobble mpd songs to last.fm
# Gaming
lutris # game/emulator manager
grapejuice # roblox manager
minecraft # minecraft official launcher
parsec-bin # remote gaming with friends
gdu # disk-space utility, somewhat useful
gocryptfs # encrypted filesystem! shhh!!!
exa # like ls but with colors
trash-cli # oop! didn't meant to delete that
ffmpeg_5 # coolest video converter!
# Productivity
libreoffice-fresh # office, but based
calibre # ugly af eBook library manager
foliate # gtk eBook reader
gnome.simple-scan # document scanner
gnome-feeds # feed reader, maybe will replace with nextcloud
tagger # tag music files
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
ripgrep # modern grep
# Misc
sequeler # friendly SQL client
blanket # background noise
czkawka # duplicate finder
# pika-backup # backups
tilix # terminal
gnome-obfuscate # censor private information
metadata-cleaner # remove any metadata and geolocation from files
# gnome-recipes # migrate these to mealie and delete
# SH
bashdb # autocomplete
shellcheck # linting
nodePackages.bash-language-server # LSP support
# Multimedia
celluloid # video player
cozy # audiobooks player
gnome-podcasts # podcast player
handbrake # video converter, may be unnecessary
curtail # image compressor
pitivi # video editor
# identity # compare images or videos
mousai # poor man shazam
# bottles # wine prefix manager
obs-studio # screen recorder & streamer
shortwave # listen to world radio
# NIX
nixfmt # linting
# Web
discord # chat
google-chrome # web browser with spyware included
firefox # web browser that allows to disable spyware
librewolf # no spyware web browser
tor-browser-bundle-bin # dark web, so dark!
# hugo # website engine
nicotine-plus # remember Ares?
warp # never used, but supposedly cool for sharing files
# PYTHON.
python # base language
gdu # disk-space utility, somewhat useful
gocryptfs # encrypted filesystem! shhh!!!
exa # like ls but with colors
trash-cli # oop! didn't meant to delete that
ffmpeg_5 # coolest video converter!
yt-dlp # downloads videos from most video websites
neofetch # use once for brag, never again
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
tldr # man for retards
ffmpegthumbnailer # create video thumbnails for nautilus, in absence of totem
mediainfo # technical info about videos, needed by some of my scripts
tree-sitter # code parsing, required by Doom emacs
xdg-ninja # help declutter $HOME
torrenttools # create torrent files from the terminal!
# HASKELL
# cabal-install # haskell interface
# required by doom emacs, but still are rather useful.
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
ripgrep # modern grep
languagetool # proofreader for English. check if works without the service
# JS
# jq # linting
# Node-js
# nodePackages.pnpm
# development environment
nix-direnv # nix implementation of direnv
exercism # learn to code
# SH
bats # testing system, required by Exercism
bashdb # autocomplete
shellcheck # linting
shfmt # a shell parser and formatter
nodePackages.bash-language-server # LSP support
# NIX
nixfmt # linting
gnomeExtensions.appindicator
gnomeExtensions.gsconnect
gnome.gnome-tweaks
# PYTHON.
python3 # base language
python310Packages.pipx
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CA
# C# & Rust
omnisharp-roslyn
# Fonts
(nerdfonts.override {
fonts = [ "Agave" "CascadiaCode" "SourceCodePro" "Ubuntu" ];
})
# (papirus-icon-theme.override {
# color = "grey";
# })
];
# HASKELL
# cabal-install # haskell interface
# JS
# jq # linting
# Node-js
# nodePackages.pnpm
gnome.gnome-tweaks
gnomeExtensions.appindicator
gnomeExtensions.gsconnect
hunspell
hunspellDicts.it_IT
hunspellDicts.es_MX
hunspellDicts.en_CA
# Themes
adwaita-qt
# Fonts
(nerdfonts.override {
fonts = [
"Agave"
"CascadiaCode"
"SourceCodePro"
"Ubuntu"
"FiraCode"
"Iosevka"
];
})
# (papirus-icon-theme.override {
# color = "grey";
# })
];
programs.starship.enable = true;
programs.fish = {
enable = true;
# useBabelfish = true; This setting doens't work from inside home-manager
shellAliases = {
ls =
"exa --icons --group-directories-first --no-permissions --no-user --no-time";
edit = "emacsclient -t";
comic = "download -u jawz -i (cat $lc | fzf --multi --exact -i)";
gallery = "download -u jawz -i (cat $lw | fzf --multi --exact -i)";
open_gallery =
"open (find /mnt/disk2/scrapping/JawZ/gallery-dl -type d | fzf)";
unique_extensions =
"find . -type f | string match -r '([^./]+)$' | sort -u";
cp = "cp -i";
mv = "mv -i";
mkdir = "mkdir -p";
rm = "trash";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
};
shellAbbrs = {
dl = "download -u jawz -i";
ex = "ls";
e = "edit";
c = "cat";
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xeu";
};
interactiveShellInit = ''
set fish_greeting "pika pika chu!!!! also remember fisher!"
# Lists
set -l list_root ${config.home.homeDirectory}/.config/jawz/lists/jawz
set lw $list_root/watch.txt
set li $list_root/instant.txt
set lc $list_root/comic.txt
set GPG_TTY (tty)
# Set EMACS/VI mode
function fish_user_key_bindings
# fish_default_key_bindings
fish_vi_key_bindings
end
'';
functions = {
nixos-magic = ''
set -l nix_file "$HOME/Development/NixOS/configuration.nix"
echo $nix_file
nixfmt $nix_file
sudo nixos-rebuild switch -I nixos-config=$nix_file
'';
};
};
programs.bat = {
enable = true;
config = {
# map-syntax = [ "*.jenkinsfile:Groovy" "*.props:Java Properties" ];
pager = "less -FR";
theme = "base16";
};
};
programs.git = {
enable = true;
userName = "Danilo Reyes";
userEmail = "CaptainJawZ@outlook.com";
};
programs.gpg = {
enable = true;
homedir = "${config.xdg.dataHome}/gnupg";
};
programs.htop = {
enable = true;
package = pkgs.htop-vim;
};
xdg.configFile."htop/htoprc".source = ./dotfiles/htop/htoprc;
xdg = { enable = true; };
xdg.userDirs = {
enable = true;
# createDirectories = true;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
# publicShare = "${config.home.homeDirectory}/.local/hd/Public";
templates = "${config.home.homeDirectory}/.local/share/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
xdg.configFile = {
"wgetrc".source = ./dotfiles/wget/wgetrc;
"configstore/update-notifier-npm-check.json".source =
./dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ./dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ./dotfiles/gallery-dl/config.json;
};
# services.mpd-discord-rpc.enable = true;
# services.mpdris2 = {
# enable = true;
# multimediaKeys = true;
# mpd.host = "localhost";
# };
programs.starship.enable = true;
programs.fish = {
enable = true;
# useBabelfish = true; This setting doens't work from inside home-manager
shellAliases = {
ls = "exa --icons --group-directories-first --no-permissions --no-user --no-time";
edit = "emacsclient -t";
comic = "download -u jawz -i (cat $lc | fzf --multi --exact -i)";
gallery = "download -u jawz -i (cat $lw | fzf --multi --exact -i)";
open_gallery = "open (find ${config.xdg.userDirs.download}/To\ Organize/gdl-organizing/ -type d | fzf)";
unique_extensions = "find . -type f | string match -r '([^.\/]+)\$' | sort -u";
cp = "cp -i";
mv = "mv -i";
mkdir = "mkdir -p";
rm = "trash";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
};
shellAbbrs = {
dl = "download -u jawz -i";
e = "edit";
c = "cat";
f = "fzf --multi --exact -i";
sc = "systemctl --user";
jc = "journalctl --user -xeu";
environment.systemPackages = with pkgs; [ wget docker-compose ];
environment.sessionVariables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_STATE_HOME = "\${HOME}/.local/state";
SCRIPTS = "\${HOME}/Development/Scripts";
# DEV PATH
CABAL_CONFIG = "\${XDG_CONFIG_HOME}/cabal/config";
CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs";
GOPATH = "\${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
# OPTIONS
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "\${XDG_CONFIG_HOME}/wgetrc";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=\${XDG_CONFIG_HOME}/java";
# NVIDIA
CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
# GBM_BACKEND = "nvidia-drm";
# "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
# FISH
fisher_path = "\${XDG_CONFIG_HOME}/fish/fisher";
# Themes
# GTK_THEME = "Adwaita:light";
# QT_QPA_PLATFORMTHEME = "adwaita-dark";
# QT_STYLE_OVERRIDE = "adwaita";
# CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${XDG_BIN_HOME}"
"\${XDG_CONFIG_HOME}/emacs/bin"
# "\${XDG_DATA_HOME}/npm/bin"
# "\${PNPM_HOME}"
# "\${SCRIPTS}"
];
};
interactiveShellInit = ''
set fish_greeting "pika pika chu!!!! also remember fisher!"
# Lists
set -l list_root ${config.home.homeDirectory}/Dropboxxx/jawz
set lw $list_root/watch.txt
set li $list_root/instant.txt
set lc $list_root/comic.txt
set GPG_TTY (tty)
# Set EMACS/VI mode
function fish_user_key_bindings
# fish_default_key_bindings
fish_vi_key_bindings
end
'';
functions = {
nix_magic = ''
nixfmt ~/MEGAsync/nixos/configuration.nix
sudo rsync -r ~/MEGAsync/nixos/ /etc/nixos/
sudo nixos-rebuild switch
'';
virtualisation.docker = {
enable = true;
storageDriver = "btrfs";
enableNvidia = true;
};
};
programs.bat = {
enable = true;
config = {
# map-syntax = [ "*.jenkinsfile:Groovy" "*.props:Java Properties" ];
pager = "less -FR";
theme = "base16"; };
};
programs.beets = {
enable = true;
settings = {
directory = "${config.xdg.userDirs.music}";
library = "${config.xdg.dataHome}/beets/musiclibrary.db";
plugins = "embedart fetchart lyrics discogs spotify deezer edit lastgenre mbsync replaygain scrub mpdupdate duplicates info fish ftintitle fuzzy";
ignore_hidden = true;
threaded = true;
duplicate = {
album = false;
delete = false;
programs = {
mtr.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
ftintitle = {
auto = true;
drop = true;
format = "feat. {0}";
};
fetchart = {
maxwidth = 1000;
quality = 70;
enforce_ratio = true;
lastfm_key = "aeae592346534482202bd94bc14a80c4";
fanarttv_key = "f12b0931d2f971a5b5215c3f451bafb7";
sources = "*";
cover_format = "JPEG";
};
embedart = {
auto = true;
maxwidth = 1000;
quality = 70;
remove_art_file = false;
ifempty = true;
};
lyrics = {
auto = true;
sources = "*";
};
replaygain = {
auto = true;
overwrite = true;
peak = "true";
backend = "ffmpeg";
};
lastgenre = {
auto = true;
canonical = true;
force = true;
source = "album";
count = 1;
title_case = true;
};
mpd = {
host = "localhost";
port = 6600;
};
ui = {
color = true;
};
"import" = {
move = true;
write = true;
genres = true;
log = "${config.xdg.dataHome}/beets/beetslog.txt";
};
replace = {
"[\\\\/]" = ""; # \ /
"^\\." = ""; # dotfiles
"[\\x00-\\x1f]" = ""; # NULL to US
"\\x00" = ""; # NULL
"[<>:\"\\?\\*\\|]" = ""; # <>:"?*|
"\\.$" = ""; # dot at the end
"\\s+$" = ""; # ends with whitespace
"^\\s+" = ""; # starts with whitespace
"^-" = ""; # starts with -
};
paths = {
default = "$albumartist/$album/$track $title";
singleton = "Singletons/$artist - $title";
comp = "$album/$track $title";
"albumtype:soundtrack" = "Soundtracks/$album/$track $title";
};
convert = {
auto = true;
embed = true;
delete_originals = true;
extension = "opus";
# command = "ffmpeg -i $source -y -vn -acodec libopus -ab 256k $dest";
geary = { enable = true; };
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
};
};
programs.git = {
enable = true;
userName = "Danilo Reyes";
userEmail = "CaptainJawZ@outlook.com";
};
services = {
printing.enable = true;
emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs;
};
fstrim.enable = true;
btrfs.autoScrub = {
enable = true;
fileSystems = [ "/" "/mnt/disk1" "/mnt/disk2" ];
};
openssh = {
enable = true;
ports = [ 25152 ];
};
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
};
programs.gpg = {
enable = true;
homedir = "${config.xdg.dataHome}/gnupg";
};
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
programs.htop = {
enable = true;
package = pkgs.htop-vim;
};
xdg.configFile."htop/htoprc".source = ./dotfiles/htop/htoprc;
system.copySystemConfiguration = true;
xdg = {
enable = true;
};
xdg.userDirs = {
enable = true;
# createDirectories = true;
desktop = "${config.home.homeDirectory}";
documents = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
publicShare = "${config.home.homeDirectory}/.local/hd/Public";
templates = "${config.home.homeDirectory}/.local/share/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
xdg.configFile = {
"wgetrc".source = ./dotfiles/wget/wgetrc;
"configstore/update-notifier-npm-check.json".source = ./dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ./dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ./dotfiles/gallery-dl/config.json;
# "gopass/config.yml".source = ./dotfiles/gopass/config.yml;
"mpdasrc".source = ./dotfiles/mpdas/mpdasrc;
};
services.mpd = {
enable = true;
musicDirectory = "${config.xdg.userDirs.music}";
network.listenAddress = "any";
# network.startWhenNeeded = true;
extraConfig = ''
restore_paused "yes"
auto_update "yes"
follow_outside_symlinks "yes"
follow_inside_symlinks "yes"
# zeroconf_enabled "yes"
# zeroconf_name "Music Player @ %h"
input {
plugin "curl"
# proxy "proxy.isp.com:8080"
# proxy_user "user"
# proxy_password "password"
}
audio_output {
type "pipewire"
name "PipeWire Sound Server"
}
audio_output {
type "fifo"
name "my_fifo"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
replaygain "auto"
replaygain_limit "yes"
volume_normalization "yes"
'';
};
services.mpd-discord-rpc.enable = true;
services.mpdris2 = {
enable = true;
multimediaKeys = true;
mpd.host = "localhost";
};
};
environment.systemPackages = with pkgs; [
wget
git
];
environment.sessionVariables = rec {
# PATH
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
SCRIPTS = "/home/jawz/Development/Scripts";
# DEV PATH
CABAL_CONFIG = "\${XDG_CONFIG_HOME}/cabal/config";
CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
CARGO_HOME = "\${XDG_DATA_HOME}/cargo";
GEM_HOME = "\${XDG_DATA_HOME}/ruby/gems";
GEM_PATH = "\${XDG_DATA_HOME}/ruby/gems";
GEM_SPEC_CACHE = "\${XDG_DATA_HOME}/ruby/specs";
GOPATH = "\${XDG_DATA_HOME}/go";
NPM_CONFIG_USERCONFIG = "\${XDG_CONFIG_HOME}/npm/npmrc";
PNPM_HOME = "\${XDG_DATA_HOME}/pnpm";
# OPTIONS
LESSHISTFILE = "-";
GHCUP_USE_XDG_DIRS = "true";
RIPGREP_CONFIG_PATH = "\${XDG_CONFIG_HOME}/ripgrep/ripgreprc";
ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "\${XDG_CONFIG_HOME}/wgetrc";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=/home/jawz/.config/java";
# NVIDIA
CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
# GBM_BACKEND = "nvidia-drm";
# "__GLX_VENDOR_LIBRARY_NAME" = "nvidia";
# FISH
fisher_path = "\${XDG_CONFIG_HOME}/fish/fisher";
# Themes
# GTK_THEME = "Adwaita:light";
# QT_QPA_PLATFORMTHEME = "adwaita-dark";
# QT_STYLE_OVERRIDE = "adwaita";
# CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${XDG_BIN_HOME}"
"\${XDG_CONFIG_HOME}/emacs/bin"
# "\${XDG_DATA_HOME}/npm/bin"
# "\${XDG_DATA_HOME}/pnpm"
"\${SCRIPTS}"
];
};
programs.mtr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
# services.caddy = {
# enable = true;
# email = "CaptainJawZ@outlook.com";
# configFile = ./dotfiles/Caddyfile;
# # config = ''
# # torrent.danilo-reyes.com {
# # reverse_proxy localhost:9091
# # }
# # '';
# };
services.emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs28NativeComp;
};
services.fstrim.enable = true;
services.btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
# "/torrents"
# "/home/jawz/.local/hd" # Maybe change mount point?
];
};
services.openssh = {
enable = true;
ports = [ 25152 ];
};
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
system.copySystemConfiguration = true;
system.stateVersion = "22.05";
system.stateVersion = "22.11";
}

514
configuration.org
View File

@ -3,24 +3,22 @@
#+PROPERTY: header-args :tangle configuration.nix
#+auto_tangle: t
* TODO
- [ ] Clean up configuration file
- [ ] Check music [0/5]
- [ ] Last.fm
- [ ] Libre.fm (optional)
- [ ] Beet plugins work
- [ ] Beet web server works
- [ ] Move music around
- [ ] System configurations [0/6]
* TODO [2/10]
- [X] Clean up configuration file
- [X] Merge current config
- [ ] System configurations [0/7]
- [ ] fail2ban
- [ ] Bluetooth multiple devices + pass-through
- [ ] Automatic updates
- [ ] SSH settings
- [ ] Automatic garbage collection
- [ ] Firewall ports
- [ ] Topgrade (perhaps unnecessary)
- [ ] SystemD services [0/3]
- [ ] FStrim
- [ ] BTRFS scrub
- [-] SystemD services [2/5]
- [ ] docker-compose
- [ ] snapraid
- [X] FStrim
- [X] BTRFS scrub
- [ ] Personal scripts [0/3]
- [ ] download
- [ ] Instagram
@ -44,18 +42,13 @@
- [ ] .local/share [0/2]
- [ ] beets
- [ ] mpd
- [ ] Migrate apps [0/4]
- [ ] paru
- [-] Migrate apps [1/4]
- [X] paru
- [ ] pipx
- [ ] pip IMPORTANT for beet
- [ ] appimages
- [ ] Figure out how to get rid of xterm
- [ ] Compile missing apps [0/4]
- [ ] Identity
https://gitlab.gnome.org/YaLTeR/identity
Only challenge may be gstreamer, but probably not an issue. May be the easier one to package.
- [ ] Bats
https://github.com/bats-core/bats-core
- [ ] Compile missing apps [0/3]
- [ ] wine-discord-ipc-bridge
https://github.com/fufexan/nix-gaming
- [ ] make binaries of my own scripts
@ -89,13 +82,6 @@ imports = [
];
#+end_src
* BOOT
I am comfortable with the defaults which NixOS recommends for UEFI systems.
#+begin_src nix
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
#+end_src
* SYSTEM CONFIGURATION
** NETWORKING
@ -127,7 +113,12 @@ way it is an unnecessary setting as my keyboards are the default en_US, only
locale set to Canadian out because I prefer how it displays the date.
#+begin_src nix
i18n.defaultLocale = "en_CA.UTF-8";
i18n = {
defaultLocale = "en_CA.UTF-8";
extraLocaleSettings = {
LC_MONETARY = "es_MX.UTF-8";
};
};
console = {
font = "Lat2-Terminus16";
keyMap = "us";
@ -135,33 +126,27 @@ console = {
};
#+end_src
* DISPLAY MANAGER
* GNOME
At the time of writing this file, I require of X11, as the NVIDIA support for
Wayland isn't perfect yet. At the time being, the ability to switch through GDM
from Wayland to XORG, it's pretty handy, but in the future these settings will
require an update.
#+begin_src nix
services.xserver.enable = true;
#+end_src
As previously mentioned, the settings for useXkbConfig prompt issues.
#+begin_src nix
services.xserver.layout = "us";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
#+end_src
* GNOME
Sets up GNOME as the default desktop environment, while excluding some
undesirable packages from installing.
#+begin_src nix
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
services = {
xserver = {
enable = true;
videoDrivers = [ "nvidia" ];
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
layout = "us";
libinput.enable = true; # Wacom required?
};
};
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
@ -181,14 +166,7 @@ environment.gnome.excludePackages = (with pkgs; [
]);
#+end_src
* HARDWARE
** BLUETOOTH
#+begin_src nix
hardware.bluetooth.enable = true;
#+end_src
** SOUND
* SOUND
In order to avoid issues with PipeWire, the wiki recommends to disable /sound.enable/
This is a basic PipeWire configuration, in the future stuff like Bluetooth or
latency will require expanding these settings.
@ -209,7 +187,7 @@ services.pipewire = {
Recently, I've gotten frustrated with OpenDoas, as such I've decided to
temporarily enable Sudo, but in the future, I plan to revert that decision.
** SUDO
Disabled password for commodity, but this is obviously not recommended.
#+begin_src nix
security.sudo = {
enable = true;
@ -241,7 +219,7 @@ Being part of the "wheel" group, means that the user has root privileges.
#+begin_src nix
users.users.jawz = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" ];
extraGroups = [ "wheel" "networkmanager" "docker" ];
initialPassword = "password";
shell = pkgs.fish;
packages = with pkgs; [ ];
@ -267,14 +245,6 @@ setting.
fonts.fontconfig.enable = true;
#+end_src
** WACOM
This setting could be a requirement for my tablet to properly work. Even
though, my tablet is Huion, the Linux Wacom drivers cover most of the settings.
#+begin_src nix
# services.xserver.libinput.enable = true;
#+end_src
* HOME-MANAGER
** HOME-MANAGER SETTINGS
These make it so packages install to '/etc' rather than the user home directory,
@ -292,41 +262,69 @@ necessary.
#+begin_src nix
home-manager.users.jawz = { config, pkgs, ... }:{
imports = [ ./dotfiles/dconf.nix ];
# imports = [ ./dotfiles/dconf.nix ];
home.stateVersion = "22.11";
home.packages = with pkgs; [
#+end_src
*** GUI PACKAGES
#+begin_src nix
blanket # background noise
# Art
blender # cgi animation and sculpting
godot # game development
krita # art to your heart desire!
drawpile # arty party with friends!!
mypaint # not the best art program
mypaint-brushes # but it's got some
mypaint-brushes1 # nice damn brushes
# Gaming
lutris # game/emulator manager
grapejuice # roblox manager
minecraft # minecraft official launcher
parsec-bin # remote gaming with friends
# Productivity
libreoffice-fresh # office, but based
calibre # ugly af eBook library manager
foliate # gtk eBook reader
gnome.simple-scan # document scanner
gnome-feeds # feed reader, maybe will replace with nextcloud
tagger # tag music files
# Misc
sequeler # friendly SQL client
blanket # background noise
czkawka # duplicate finder
# pika-backup # backups
tilix # terminal
gnome-obfuscate # censor private information
metadata-cleaner # remove any metadata and geolocation from files
# gnome-recipes # migrate these to mealie and delete
# Multimedia
celluloid # video player
cozy # audiobooks player
czkawka # duplicate finder
discord # chat
dropbox # cloud sync
# foliate # ebook reader
# gnome-podcasts # podcast player
# gnome-recipes # migrate these to mealie and delete
godot # game development
google-chrome # web browser
gnome-podcasts # podcast player
handbrake # video converter, may be unnecessary
# krita # art to your heart desire!
# libreoffice-fresh # office, but based
# lutris # game/emulator manager
megasync # cloud sync
mpdevil # ugly icon, but pretty mpd client nwn
# pika-backup # backups
curtail # image compressor
pitivi # video editor
tilix # terminal
#+end_src
# identity # compare images or videos
mousai # poor man shazam
# bottles # wine prefix manager
obs-studio # screen recorder & streamer
shortwave # listen to world radio
*** MISC PACKAGES
#+begin_src nix
ffmpegthumbnailer # create video thumbnails for nautilus, in absence of totem
mpdas # scrobble mpd songs to last.fm
# Web
discord # chat
google-chrome # web browser with spyware included
firefox # web browser that allows to disable spyware
librewolf # no spyware web browser
tor-browser-bundle-bin # dark web, so dark!
# hugo # website engine
nicotine-plus # remember Ares?
warp # never used, but supposedly cool for sharing files
#+end_src
*** COMMAND-LINE PACKAGES
@ -337,26 +335,46 @@ gocryptfs # encrypted filesystem! shhh!!!
exa # like ls but with colors
trash-cli # oop! didn't meant to delete that
ffmpeg_5 # coolest video converter!
yt-dlp # downloads videos from most video websites
neofetch # use once for brag, never again
rmlint # probably my favourite app, amazing dupe finder that integrates well with BTRFS
tldr # man for retards
ffmpegthumbnailer # create video thumbnails for nautilus, in absence of totem
mediainfo # technical info about videos, needed by some of my scripts
tree-sitter # code parsing, required by Doom emacs
xdg-ninja # help declutter $HOME
torrenttools # create torrent files from the terminal!
#+end_src
*** DEVELOPMENT PACKAGES
**** DOOM EMACS
#+begin_src nix
# required by doom emacs, but still are rather useful.
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
ripgrep # modern grep
languagetool # proofreader for English. check if works without the service
# development environment
nix-direnv # nix implementation of direnv
exercism # learn to code
# SH
bats # testing system, required by Exercism
bashdb # autocomplete
shellcheck # linting
shfmt # a shell parser and formatter
nodePackages.bash-language-server # LSP support
# NIX
nixfmt # linting
# PYTHON.
python # base language
python3 # base language
python310Packages.pipx
# C# & Rust
omnisharp-roslyn
# HASKELL
# cabal-install # haskell interface
@ -367,17 +385,13 @@ python # base language
# nodePackages.pnpm
#+end_src
**** EXERCISM
#+begin_src nix
#+end_src
*** GNOME EXTENSIONS
#+begin_src nix
gnome.gnome-tweaks
gnomeExtensions.appindicator
gnomeExtensions.gsconnect
gnome.gnome-tweaks
#+end_src
*** HUNSPELL
@ -394,10 +408,14 @@ hunspellDicts.en_CA
Also, this finishes the packages array, put new modules above.
#+begin_src nix
# Themes
adwaita-qt
# Fonts
(nerdfonts.override {
fonts = [ "Agave" "CascadiaCode" "SourceCodePro" "Ubuntu" ];
fonts = [ "Agave" "CascadiaCode" "SourceCodePro" "Ubuntu" "FiraCode" "Iosevka" ];
})
# (papirus-icon-theme.override {
# color = "grey";
# })
@ -417,7 +435,7 @@ programs.fish = {
edit = "emacsclient -t";
comic = "download -u jawz -i (cat $lc | fzf --multi --exact -i)";
gallery = "download -u jawz -i (cat $lw | fzf --multi --exact -i)";
open_gallery = "open (find ${config.xdg.userDirs.download}/To\ Organize/gdl-organizing/ -type d | fzf)";
open_gallery = "open (find /mnt/disk2/scrapping/JawZ/gallery-dl -type d | fzf)";
unique_extensions = "find . -type f | string match -r '([^.\/]+)\$' | sort -u";
cp = "cp -i";
mv = "mv -i";
@ -431,6 +449,7 @@ programs.fish = {
};
shellAbbrs = {
dl = "download -u jawz -i";
ex = "ls";
e = "edit";
c = "cat";
f = "fzf --multi --exact -i";
@ -440,12 +459,11 @@ programs.fish = {
interactiveShellInit = ''
#+end_src
#+begin_src fish
set fish_greeting "pika pika chu!!!! also remember fisher!"
# Lists
set -l list_root ${config.home.homeDirectory}/Dropboxxx/jawz
set -l list_root ${config.home.homeDirectory}/.config/jawz/lists/jawz
set lw $list_root/watch.txt
set li $list_root/instant.txt
set lc $list_root/comic.txt
@ -468,17 +486,16 @@ end
#+begin_src nix
functions = {
nix_magic = ''
nixos-magic = ''
#+end_src
#+begin_src fish
nixfmt ~/MEGAsync/nixos/configuration.nix
sudo rsync -r ~/MEGAsync/nixos/ /etc/nixos/
sudo nixos-rebuild switch
set -l nix_file "$HOME/Development/NixOS/configuration.nix"
echo $nix_file
nixfmt $nix_file
sudo nixos-rebuild switch -I nixos-config=$nix_file
#+end_src
#+begin_src nix
'';
};
@ -497,101 +514,6 @@ programs.bat = {
};
#+end_src
*** BEETS
#+begin_src nix
programs.beets = {
enable = true;
settings = {
directory = "${config.xdg.userDirs.music}";
library = "${config.xdg.dataHome}/beets/musiclibrary.db";
plugins = "embedart fetchart lyrics discogs spotify deezer edit lastgenre mbsync replaygain scrub mpdupdate duplicates info fish ftintitle fuzzy";
ignore_hidden = true;
threaded = true;
duplicate = {
album = false;
delete = false;
};
ftintitle = {
auto = true;
drop = true;
format = "feat. {0}";
};
fetchart = {
maxwidth = 1000;
quality = 70;
enforce_ratio = true;
lastfm_key = "aeae592346534482202bd94bc14a80c4";
fanarttv_key = "f12b0931d2f971a5b5215c3f451bafb7";
sources = "*";
cover_format = "JPEG";
};
embedart = {
auto = true;
maxwidth = 1000;
quality = 70;
remove_art_file = false;
ifempty = true;
};
lyrics = {
auto = true;
sources = "*";
};
replaygain = {
auto = true;
overwrite = true;
peak = "true";
backend = "ffmpeg";
};
lastgenre = {
auto = true;
canonical = true;
force = true;
source = "album";
count = 1;
title_case = true;
};
mpd = {
host = "localhost";
port = 6600;
};
ui = {
color = true;
};
"import" = {
move = true;
write = true;
genres = true;
log = "${config.xdg.dataHome}/beets/beetslog.txt";
};
replace = {
"[\\\\/]" = ""; # \ /
"^\\." = ""; # dotfiles
"[\\x00-\\x1f]" = ""; # NULL to US
"\\x00" = ""; # NULL
"[<>:\"\\?\\*\\|]" = ""; # <>:"?*|
"\\.$" = ""; # dot at the end
"\\s+$" = ""; # ends with whitespace
"^\\s+" = ""; # starts with whitespace
"^-" = ""; # starts with -
};
paths = {
default = "$albumartist/$album/$track $title";
singleton = "Singletons/$artist - $title";
comp = "$album/$track $title";
"albumtype:soundtrack" = "Soundtracks/$album/$track $title";
};
convert = {
auto = true;
embed = true;
delete_originals = true;
extension = "opus";
# command = "ffmpeg -i $source -y -vn -acodec libopus -ab 256k $dest";
};
};
};
#+end_src
*** GIT
#+begin_src nix
@ -635,7 +557,7 @@ xdg.userDirs = {
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Music";
pictures = "${config.home.homeDirectory}/Pictures";
publicShare = "${config.home.homeDirectory}/.local/hd/Public";
# publicShare = "${config.home.homeDirectory}/.local/hd/Public";
templates = "${config.home.homeDirectory}/.local/share/Templates";
videos = "${config.home.homeDirectory}/Videos";
};
@ -649,68 +571,19 @@ xdg.configFile = {
"configstore/update-notifier-npm-check.json".source = ./dotfiles/npm/update-notifier-npm-check.json;
"npm/npmrc".source = ./dotfiles/npm/npmrc;
"gallery-dl/config.json".source = ./dotfiles/gallery-dl/config.json;
# "gopass/config.yml".source = ./dotfiles/gopass/config.yml;
"mpdasrc".source = ./dotfiles/mpdas/mpdasrc;
};
#+end_src
** USER-SERVICES
*** MPD
#+begin_src nix
services.mpd = {
enable = true;
musicDirectory = "${config.xdg.userDirs.music}";
network.listenAddress = "any";
# network.startWhenNeeded = true;
extraConfig = ''
#+end_src
#+begin_src conf
restore_paused "yes"
auto_update "yes"
follow_outside_symlinks "yes"
follow_inside_symlinks "yes"
# zeroconf_enabled "yes"
# zeroconf_name "Music Player @ %h"
input {
plugin "curl"
# proxy "proxy.isp.com:8080"
# proxy_user "user"
# proxy_password "password"
}
audio_output {
type "pipewire"
name "PipeWire Sound Server"
}
audio_output {
type "fifo"
name "my_fifo"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
replaygain "auto"
replaygain_limit "yes"
volume_normalization "yes"
#+end_src
#+begin_src nix
'';
};
#+end_src
*** MPD EXTENSIONS
#+begin_src nix
services.mpd-discord-rpc.enable = true;
services.mpdris2 = {
enable = true;
multimediaKeys = true;
mpd.host = "localhost";
};
# services.mpd-discord-rpc.enable = true;
# services.mpdris2 = {
# enable = true;
# multimediaKeys = true;
# mpd.host = "localhost";
# };
#+end_src
** CLOSING HOME-MANAGER
@ -726,7 +599,7 @@ may be challenging.
#+begin_src nix
environment.systemPackages = with pkgs; [
wget
git
docker-compose
];
#+end_src
@ -739,7 +612,10 @@ environment.sessionVariables = rec {
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
SCRIPTS = "/home/jawz/Development/Scripts";
XDG_STATE_HOME = "\${HOME}/.local/state";
SCRIPTS = "\${HOME}/Development/Scripts";
# DEV PATH
CABAL_CONFIG = "\${XDG_CONFIG_HOME}/cabal/config";
CABAL_DIR = "\${XDG_CACHE_HOME}/cabal";
@ -757,7 +633,7 @@ environment.sessionVariables = rec {
ELECTRUMDIR = "\${XDG_DATA_HOME}/electrum";
VISUAL = "emacsclient -ca emacs";
WGETRC = "\${XDG_CONFIG_HOME}/wgetrc";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=/home/jawz/.config/java";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=\${XDG_CONFIG_HOME}/java";
# NVIDIA
CUDA_CACHE_PATH = "\${XDG_CACHE_HOME}/nv";
# GBM_BACKEND = "nvidia-drm";
@ -769,89 +645,73 @@ environment.sessionVariables = rec {
# QT_QPA_PLATFORMTHEME = "adwaita-dark";
# QT_STYLE_OVERRIDE = "adwaita";
# CALIBRE_USE_SYSTEM_THEME = "1";
PATH = [
"\${XDG_BIN_HOME}"
"\${XDG_CONFIG_HOME}/emacs/bin"
# "\${XDG_DATA_HOME}/npm/bin"
# "\${XDG_DATA_HOME}/pnpm"
"\${SCRIPTS}"
# "\${PNPM_HOME}"
# "\${SCRIPTS}"
];
};
#+end_src
* WRAPPERS
* DOCKER
Virtualization settings for Docker. NixOS offers an option to declaratively run
docker-compose images using [[https://nixos.wiki/wiki/Docker][Arion]]. Could be an interesting thing to try out.
#+begin_src nix
virtualisation.docker = {
enable = true;
storageDriver = "btrfs";
enableNvidia = true;
};
#+end_src
* PROGRAMS & SERVICES
Some programs need SUID wrappers.
** NETWORK DIAGNOSTICS TOOL
I don't know what it does, but it's recommended.
#+begin_src nix
programs.mtr.enable = true;
#+end_src
** GNUPG
#+begin_src nix
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
programs = {
mtr.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
geary = {
enable = true;
};
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
};
#+end_src
* SYSTEM-SERVICES
** CADDY
#+begin_src nix
# services.caddy = {
# enable = true;
# email = "CaptainJawZ@outlook.com";
# configFile = ./dotfiles/Caddyfile;
# # config = ''
# # torrent.danilo-reyes.com {
# # reverse_proxy localhost:9091
# # }
# # '';
# };
#+end_src
** EMACS
#+begin_src nix
services.emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs28NativeComp;
services = {
printing.enable = true;
emacs = {
enable = true;
defaultEditor = true;
package = pkgs.emacs;
};
fstrim.enable = true;
btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
"/mnt/disk1"
"/mnt/disk2"
];
};
openssh = {
enable = true;
ports = [ 25152 ];
};
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
};
#+end_src
** HARD-DRIVE MAINTENANCE
#+begin_src nix
services.fstrim.enable = true;
services.btrfs.autoScrub = {
enable = true;
fileSystems = [
"/"
# "/torrents"
# "/home/jawz/.local/hd" # Maybe change mount point?
];
};
#+end_src
** OPENSSH
#+begin_src nix
services.openssh = {
enable = true;
ports = [ 25152 ];
};
#+end_src
** UDEV
#+begin_src nix
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
#+end_src
* FIREWALL
Open ports in the firewall.
=TIP= list what app a port belongs to in a table.
@ -881,7 +741,7 @@ of the first install of this system.
Before changing this value read the documentation for this option.
#+begin_src nix
system.stateVersion = "22.05";
system.stateVersion = "22.11";
#+end_src
** CLOSING :D

147
dotfiles/Caddyfile
View File

@ -1,147 +0,0 @@
sonarr.danilo-reyes.com {
reverse_proxy localhost:8989
}
code.danilo-reyes.com {
reverse_proxy localhost:5538
}
radarr.danilo-reyes.com {
reverse_proxy localhost:7878
}
bazarr.danilo-reyes.com {
reverse_proxy localhost:6767
}
prowlarr.danilo-reyes.com {
reverse_proxy localhost:9696
}
flix.danilo-reyes.com {
reverse_proxy localhost:8096
}
library.danilo-reyes.com {
reverse_proxy localhost:5000
}
shiori.danilo-reyes.com {
reverse_proxy localhost:7680
}
start.danilo-reyes.com {
reverse_proxy localhost:5005
}
torrent.danilo-reyes.com {
reverse_proxy localhost:9091
}
kitchen.danilo-reyes.com {
reverse_proxy localhost:9925
}
vault.danilo-reyes.com {
log {
level INFO
output file /home/jawz/Development/Docker/vaultwarden/caddy.log {
roll_size 10MB
roll_keep 10
}
}
tls captainjawz@outlook.com
# comment if giving issues with firefox
encode gzip
@insecureadmin {
not remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
path /admin*
}
redir @insecureadmin /
reverse_proxy /notifications/hub localhost:3012
reverse_proxy localhost:7780 {
header_up X-Real-IP {remote_host}
}
}
searx.danilo-reyes.com {
log {
output discard
}
tls captainjawz@outlook.com
@api {
path /config
path /healthz
path /stats/errors
path /stats/checker
}
@static {
path /static/*
}
@notstatic {
not path /static/*
}
@imageproxy {
path /image_proxy
}
@notimageproxy {
not path /image_proxy
}
header {
# Enable HTTP Strict Transport Security (HSTS) to force clients to always connect via HTTPS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Enable cross-site filter (XSS) and tell browser to block detected attacks
X-XSS-Protection "1; mode=block"
# Prevent some browsers from MIME-sniffing a response away from the declared Content-Type
X-Content-Type-Options "nosniff"
# Disable some features
Permissions-Policy "accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()"
# Disable some features (legacy)
Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none';focus-without-user-activation 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
# Referer
Referrer-Policy "no-referrer"
# X-Robots-Tag
X-Robots-Tag "noindex, noarchive, nofollow"
# Remove Server header
-Server
}
header @api {
Access-Control-Allow-Methods "GET, OPTIONS"
Access-Control-Allow-Origin "*"
}
# Cache
header @static {
# Cache
Cache-Control "public, max-age=31536000"
defer
}
header @notstatic {
# No Cache
Cache-Control "no-cache, no-store"
Pragma "no-cache"
}
# CSP (see http://content-security-policy.com/ )
header @imageproxy {
Content-Security-Policy "default-src 'none'; img-src 'self' data:"
}
header @notimageproxy {
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
}
# SearXNG
handle {
encode zstd gzip
reverse_proxy localhost:8080 {
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-Proto {http.request.scheme}
}
}
}

26
dotfiles/gallery-dl/config.json
View File

@ -1,6 +1,6 @@
{
"extractor": {
"cookies": ["chrome", "Default", "gnomekeyring"],
"cookies": ["firefox", "yw8fhvh4.default-release", "gnomekeyring"],
"user-agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36",
"retries": 10,
"sleep-request": 0,
@ -20,8 +20,13 @@
"access-token": "72157720849409732-e83af94a8ca145aa",
"access-token-secret": "0c7e86529694756a"
},
"wikifeet": {
"page-reverse": true,
"directory": ["{category}", "{celebrity}"]
},
"instagram": {
"sleep-request": 5,
"sleep-request": "15-45",
"sleep": "2-10",
"directory": ["{username}"],
"parent-directory": true,
"highlights": {
@ -60,7 +65,7 @@
"deviantart": {
"client-id": "20016",
"client-secret": "52e1f9b0cb26e673da36f69e2ddd0e9a",
"refresh-token": "4f9817b7c42671003e10dd5a5a48473855779359",
"refresh-token": "760c08e027c422e376c2be5656f0bcaa28438b46",
"directory": ["{username}"],
"include": "gallery,scraps",
"flat": true,
@ -78,10 +83,15 @@
"(Patreon) {creator[vanity]}",
"({date:%Y%m%d}) {title} ({id})"
],
"filename": "{filename}.{extension}"
"filename": "{filename}.{num}.{extension}",
"browser": "firefox"
},
"blogger": {
"directory": ["{blog[name]}", "{post[author]}"],
"directory": [
"{blog[name]}",
"{post[author]}",
"{post[title]} - [{post[id]}]"
],
"filename": "{filename} - {num}.{extension}"
},
"artstation": {
@ -94,7 +104,7 @@
"reddit": {
"user-agent": "Python:gallery-dl:v1.0 (by /u/captainjawz)",
"client-id": "T7nZ6WZ3_onJWBhLP8r08g",
"refresh-token": "184157546842-lQ_NOSVjzJ6udAsvple9mftkOcs0rg",
"refresh-token": "184157546842-bkMXgGYWzkwGSgXTeC8mMmaDZouhUQ",
"directory": ["{author}"],
"parent-directory": true
},
@ -107,6 +117,9 @@
"paheal": {
"directory": ["Husbands", "{search_tags}"]
},
"rule34": {
"directory": ["Husbands", "{search_tags}"]
},
"e621": {
"directory": ["Husbands", "{search_tags}"]
},
@ -180,6 +193,7 @@
"ytdl": {
"logging": true,
"format": "bestvideo+bestaudio/best",
"module": "yt_dlp",
"forward-cookies": true
},
"http": {

4
dotfiles/mpdas/mpdasrc
View File

@ -1,4 +0,0 @@
username = Dornisaurio
password = PUOghI][pd<nIfjNl|!P3+>Ux|1W>druS)Alxh]b{!B0QM~,u@SKRi>p?xb)3qEy
host = localhost
port = 6600

153
hardware-configuration.nix
View File

@ -1,55 +1,134 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, lib, pkgs, modulesPath, ... }: {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
plymouth = { enable = true; };
loader = {
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
grub = {
enable = true;
version = 2;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
};
initrd.luks.devices = {
root = {
device = "/dev/disk/by-uuid/2dc90b31-2a37-46a9-92e5-a648cd74a860";
preLVM = true;
};
root2 = {
device = "/dev/disk/by-uuid/b0414af9-bca9-44d0-9fe3-a6e4f0b1c28c";
preLVM = true;
};
disk1 = {
device = "/dev/disk/by-uuid/a9b0f346-7e38-40a6-baf6-3ad80cafc842";
preLVM = true;
};
disk2 = {
device = "/dev/disk/by-uuid/0ed12b83-4c56-4ba8-b4ea-75a9e927d771";
preLVM = true;
};
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
initrd = {
availableKernelModules =
[ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ ];
};
};
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
fileSystems."/" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = [
"subvol=nix"
"ssd"
"compress=zstd:3"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
];
};
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/home" = {
device = "/dev/mapper/root";
fsType = "btrfs";
options = [
"subvol=home"
"ssd"
"compress=zstd:3"
"x-systemd.device-timeout=0"
"space_cache=v2"
"commit=120"
"datacow"
];
};
fileSystems."/mnt/disk1" = {
device = "/dev/mapper/disk1";
fsType = "btrfs";
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/3061620b-35eb-4b5f-b4e8-0e208404a749";
fsType = "btrfs";
options = [ "subvol=@" "compress=zstd:3" "ssd" "space_cache=v2" "commit=120" ];
};
fileSystems."/mnt/disk2" = {
device = "/dev/mapper/disk2";
fsType = "btrfs";
options = [ "compress=zstd:3" "space_cache=v2" "commit=120" "datacow" ];
};
fileSystems."/mnt/parity" = {
device = "/dev/disk/by-uuid/643b727a-555d-425c-943c-62f5b93631c9";
fsType = "xfs";
options = [ "defaults" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/3061620b-35eb-4b5f-b4e8-0e208404a749";
fsType = "btrfs";
options = [ "subvol=@home" "compress=zstd:3" "ssd" "space_cache=v2" "commit=120" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/eb5b3650-f709-46a1-8d63-7f05ffd5e6d4";
fsType = "ext4";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/3061620b-35eb-4b5f-b4e8-0e208404a749";
fsType = "btrfs";
options = [ "subvol=@nix" "compress=zstd:3" "ssd" "space_cache=v2" "commit=120" "noatime" ];
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/78B5-4717";
fsType = "vfat";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/FF77-8AB3";
fsType = "vfat";
};
fileSystems."/swap" =
{ device = "/dev/disk/by-uuid/3061620b-35eb-4b5f-b4e8-0e208404a749";
fsType = "btrfs";
options = [ "subvol=@swap" "noatime" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
swapDevices =
[{ device = "/dev/disk/by-uuid/7b9f7369-d24d-4b54-95a6-853626eb45a7"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware = {
cpu.intel.updateMicrocode = lib.mkDefault true;
bluetooth.enable = true;
# huion driver
opentabletdriver = {
enable = true;
daemon.enable = true;
};
# nvidia driver
nvidia.modesetting.enable = true;
opengl = {
enable = true;
driSupport32Bit = true;
};
};
# hardware.cpu.intel.updateMicrocode =
# lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

90
pacman list
View File

@ -1,90 +0,0 @@
# adw-gtk3
# adwaita-qt5
bash-language-server
caddy
curtail
# dnsmasq
# docker
# docker-compose
fail2ban
firewalld
fontdownloader
furtherance
gallery-dl-git
gnome-kra-ora-thumbnailer-git
graphviz
grilo-plugins
gtkhash-nautilus-git
haskell-language-server
hoogle
hunspell-en_ca
hunspell-es_mx
hunspell-it
identity-git
intel-ucode
languagetool
lazydocker
man-db
man-pages
menulibre
mousai
mpc
mpd
mpdas
mpdevil
mpdris2
mypaint
nautilus-megasync
ncmpcpp
neofetch
noise-suppression-for-voice
noto-fonts-cjk
npm
nss-mdns
nvidia
nvidia-container-toolkit
opendoas
orca
pacman-contrib
papirus-folders-git
papirus-libreoffice-theme
paru
patch
pika-backup
pipewire-v4l2
pkgconf
pokemon-colorscripts-git
protonvpn
pureref
python-nautilus
python-pipx
qemu-desktop
reflector
ripgrep
rmlint
rygel
samba
seahorse
seahorse-nautilus
shellcheck
starship
steam
sushi
syncplay
syncthing
texlive-latexextra
texlive-science
tilix
timeshift
topgrade
transmission-gtk
trash-cli
vino
virt-manager
warp
webp-pixbuf-loader
wine
wl-clipboard
xclip
xdg-user-dirs-gtk
zram-generator

162
pacman list new
View File

@ -1,162 +0,0 @@
adw-gtk3
adwaita-qt5
bash-bats # exercism
bash-language-server
beets # check plugins
bluez-utils-compat
celluloid
curtail # build
discord
discount
dnsmasq
docker
docker-compose
dropbox
easyeffects
emacs
eog
exa
exercism
fail2ban
fd
ffmpegthumbnailer
file-roller
firefox
firewalld
fish
flex
foliate
fontdownloader
furtherance
fzf
gallery-dl-git
gdm
gdu
geary
gifsicle
gnome-backgrounds
gnome-browser-connector
gnome-calculator
gnome-calendar
gnome-clocks
gnome-kra-ora-thumbnailer-git
gnome-logs
gnome-maps
gnome-podcasts
gnome-recipes
gnome-remote-desktop
gnome-shell-extension-gsconnect
gnome-system-monitor
gnome-tweaks
gnome-user-share
gnome-weather
gocryptfs
godot
google-chrome
graphviz
grilo-plugins
gst-plugin-pipewire
gtkhash-nautilus-git
gvfs-afc
gvfs-google
gvfs-gphoto2
gvfs-mtp
gvfs-nfs
gvfs-smb
handbrake
hoogle
htop
huiontablet
hunspell-en_ca
hunspell-es_mx
hunspell-it
identity
intel-ucode
krita
languagetool
lazydocker
libreoffice-fresh
linux-firmware
linux-headers
lutris
make
malcontent
man-db
man-pages
menulibre
mousai
mpc
mpd
mpdas
mpdevil
mpdris2
mypaint
nautilus-megasync
ncmpcpp
neofetch
nerd-fonts-cascadia-code
nerd-fonts-source-code-pro
nerd-fonts-ubuntu-mono
nixfmt
noise-suppression-for-voice
noto-fonts-cjk
noto-fonts-emoji
npm
nss-mdns
nvidia
nvidia-container-toolkit
orca
pacman-contrib
papirus-folders-git
papirus-libreoffice-theme
paru
patch
pika-backup
pipewire-v4l2
pitivi
pkgconf
pokemon-colorscripts-git
pokeshell-git
profile-sync-daemon
protonvpn
pureref
python-discogs-client
python-httpx
python-nautilus
python-pip
python-pipx
python-pylast
qemu-desktop
reflector
ripgrep
rmlint
rygel
samba
seahorse
seahorse-nautilus
shfmt
sshfs
starship
steam
sudo
sushi
syncplay
syncthing
texlive-latexextra
texlive-science
tilix
tldr
topgrade
transmission-gtk
trash-cli
vino
virt-manager
warp
webp-pixbuf-loader
wine
wl-clipboard
xclip
xdg-ninja-git
xdg-user-dirs-gtk
yt-dlp
zram-generator