foglar/nixos-config
foglar/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: foglar:f4f09133b08b22770e1aa3243eb2ae61fa43b8fa
Branches Tags
foglar:master
...
compare: foglar:34d77cf53b05537f159598724423123192e13670
Branches Tags
foglar:master

3 Commits
f4f09133b0 ... 34d77cf53b

Author SHA1 Message Date
foglar
34d77cf53b Yubikey and Oh-my-posh improvements 2024-12-26 21:56:44 +01:00
foglar
4a9ab4e816 cleanup in rofi and waybar 2024-12-26 21:04:30 +01:00
foglar
bccde7514a Yubikey update 2024-12-26 21:03:34 +01:00
15 changed files with 100 additions and 63 deletions
Show Stats Expand all files Collapse all files

30
README.md
View File

@ -2,32 +2,48 @@
- my personal nix dotfiles in the **flake**
## Build and deploy
- simple build command for system
```bash
git clone https://git.foglar.tech/foglar/dotfiles.git $HOME/dotfiles
sudo nixos-rebuild switch --flake ~/dotfiles#laptop
git clone https://git.foglar.tech/foglar/dotfiles.git $HOME/.dotfiles
sudo nixos-rebuild switch --flake ~/.dotfiles#kogami
```
- generate a vm of the flake with this command
```bash
nix run github:nix-community/nixos-generators -- -c ./flake.nix --flake '#leanix' -f vm --disk-size 20480
nix run github:nix-community/nixos-generators -- -c ./flake.nix --flake '#ginoza' -f vm --disk-size 20480
```
- deploy configuration on the new system
```bash
# Copy my repository
git clone https://git.foglar.tech/foglar/dotfiles.git $HOME/dotfiles --depth 1
git clone https://git.foglar.tech/foglar/dotfiles.git $HOME/.dotfiles --depth 1
# Generate your own hardware configurations for system
sudo nixos-generate-config --dir ~/dotfiles/zenith
sudo nixos-generate-config --dir ~/.dotfiles/kogami
# or
sudo nixos-generate-config --dir ~/dotfiles/leanix
sudo nixos-generate-config --dir ~/.dotfiles/ginoza
# Rebuild your system from the flake
sudo nixos-rebuild switch --flake ~/dotfiles#zenith
sudo nixos-rebuild switch --flake ~/.dotfiles#kogami
```
## Features
### Secure Operations
- file for sops is in **~/.config/sops/ags/keys.txt**
### Yubikey
- setup your yubikey to work with current user
```bash
nix-shell -p yubico-pam -p yubikey-manager
ykman otp chalresp --touch --generate 2
ykpamcfg -2 -v
```

4
config/clipboard.rasi
View File

@ -42,7 +42,7 @@ wallbox {
expand: false;
orientation: horizontal;
background-color: transparent;
background-image: url("~/dotfiles/config/backgrounds/aurora_borealis.png", width);
background-image: url("~/.dotfiles/config/backgrounds/aurora_borealis.png", width);
children: [ "wallframe" , "inputbar" ];
}
wallframe {
@ -51,7 +51,7 @@ wallframe {
padding: 0em;
expand: false;
background-color: @main-bg;
background-image: url("~/dotfiles/config/backgrounds/aurora_borealis.png", width);
background-image: url("~/.dotfiles/config/backgrounds/aurora_borealis.png", width);
}

2
config/hyprlock.conf
View File

@ -10,7 +10,7 @@ general {
background {
monitor =
path = /home/foglar/dotfiles/config/backgrounds/aurora_borealis.png
path = /home/shinya/.dotfiles/config/backgrounds/aurora_borealis.png
color = rgba(25, 20, 20, 1.0)
# all these options are taken from hyprland, see https://wiki.hyprland.org/Configuring/Variables/#blur for explanations

4
flake.nix
View File

@ -54,11 +54,11 @@
...
} @ inputs: let
userSettings = {
username = "foglar"; # konsta or shinya (else defaulting to shinya or none)
username = "shinya"; # konsta or shinya (else defaulting to shinya or none)
hostname = "kogami"; # kogami or ginoza
shell = "zsh"; # bash, zsh, none
terminal = "kitty"; # kitty, alacritty
terminal = "kitty"; # kitty, alacritty, gnome-terminal
browser = "librewolf"; # firefox, librewolf, qutebrowser
editor = "neovim"; # neovim, vscode

2
kogami/home.nix
View File

@ -11,7 +11,7 @@
# Desktop management
desktop.hyprland.enable = true;
desktop.kde.enable = true;
desktop.kde.enable = false;
desktop.gnome.enable = false;
# Shell management

2
nixos/home/apps/applications.nix
View File

@ -12,7 +12,7 @@
config = lib.mkIf config.app_list.applications.enable {
home.packages =
(with pkgs; [
#librewolf
librewolf
qutebrowser
ferdium

4
nixos/home/desktop/hyprland/rofi.nix
View File

@ -58,7 +58,7 @@
orientation = mkLiteral "vertical";
children = ["inputbar" "listbox"];
background-color = mkLiteral "transparent";
background-image = mkLiteral "url(\"~/dotfiles/config/backgrounds/aurora_borealis.png\", height)";
background-image = mkLiteral "url(\"~/.dotfiles/config/backgrounds/aurora_borealis.png\", height)";
};
# Input bar settings
@ -68,7 +68,7 @@
padding = mkLiteral "5em";
children = ["entry"];
background-color = mkLiteral "transparent";
background-image = mkLiteral "url(\"~/dotfiles/config/backgrounds/aurora_borealis.png\", width)";
background-image = mkLiteral "url(\"~/.dotfiles/config/backgrounds/aurora_borealis.png\", width)";
};
# Entry field settings

20
nixos/home/desktop/hyprland/waybar.nix
View File

@ -191,10 +191,10 @@
format = "{icon} {volume}";
rotate = 0;
format-muted = "";
on-click = "pavucontrol -t 3";
on-click-middle = "swayosd-client --output-volume mute-toggle";
on-scroll-up = "swayosd-client --output-volume 5";
on-scroll-down = "swayosd-client --output-volume -5";
on-click = "${pkgs.pavucontrol}/bin/pavucontrol -t 3";
on-click-middle = "${pkgs.swayosd}/bin/swayosd-client --output-volume mute-toggle";
on-scroll-up = "${pkgs.swayosd}/bin/swayosd-client --output-volume 5";
on-scroll-down = "${pkgs.swayosd}/bin/swayosd-client --output-volume -5";
tooltip-format = "{icon} {desc} // {volume}%";
scroll-step = 5;
format-icons = {
@ -213,10 +213,10 @@
rotate = 0;
format-source = "";
format-source-muted = "";
on-click = "pavucontrol -t 4";
on-click-middle = "swayosd-client --input-volume mute-toggle";
on-scroll-up = "swayosd-client --input-volume 5";
on-scroll-down = "swayosd-client --input-volume -5";
on-click = "${pkgs.pavucontrol}/bin/pavucontrol -t 4";
on-click-middle = "${pkgs.swayosd}/bin/swayosd-client --input-volume mute-toggle";
on-scroll-up = "${pkgs.swayosd}/bin/swayosd-client --input-volume 5";
on-scroll-down = "${pkgs.swayosd}/bin/swayosd-client --input-volume -5";
tooltip-format = "{format_source} {source_desc} // {source_volume}%";
scroll-step = 5;
};
@ -236,8 +236,8 @@
format = " {}";
rotate = 0;
exec = "echo ; echo logout";
on-click = "wlogout -b 2";
on-click-right = "wlogout -b 2";
on-click = "${pkgs.wlogout}/bin/wlogout -b 2";
on-click-right = "${pkgs.wlogout}/bin/wlogout -b 2";
interval = 86400; # once every day
tooltip = true;
};

1
nixos/home/packages/applications/firefox.nix
View File

@ -13,6 +13,7 @@
config = lib.mkIf config.program.firefox.enable {
programs.firefox = {
enable = true;
package = pkgs.firefox;
profiles.default = {
search.engines = {

5
nixos/home/packages/programming/code.nix
View File

@ -80,6 +80,9 @@
# Remote
ms-vscode-remote.remote-ssh
ms-vscode-remote.remote-ssh-edit
pkief.material-product-icons
pkief.material-icon-theme
];
};
})
@ -206,8 +209,6 @@
zhuangtongfa.material-theme
oderwat.indent-rainbow
enkia.tokyo-night
pkief.material-product-icons
pkief.material-icon-theme
];
})

13
nixos/home/packages/tools/oh-my-posh.nix
View File

@ -2,6 +2,7 @@
lib,
config,
pkgs,
userSettings,
...
}: {
options = {
@ -21,8 +22,14 @@
config = lib.mkIf config.sh.oh-my-posh.enable {
programs.oh-my-posh = {
enable = true;
enableBashIntegration = if config.sh.bash.enable == true then true else false;
enableZshIntegration = if config.sh.zsh.enable == true then true else false;
enableBashIntegration =
if config.sh.bash.enable == true
then true
else false;
enableZshIntegration =
if config.sh.zsh.enable == true
then true
else false;
settings = {
"$schema" = "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json";
"blocks" = [
@ -83,7 +90,7 @@
"style" = "full";
};
"style" = "plain";
"template" = "<{{ if .Root }}lightBlue{{ else }}green{{ end }}>-[</>{{if eq .Folder \"foglar\"}}~{{else}}{{ .Folder }}{{end}}<{{ if .Root }}lightBlue{{ else }}green{{ end }}>]</>";
"template" = "<{{ if .Root }}lightBlue{{ else }}green{{ end }}>-[</>{{if eq .Folder \"${userSettings.username}\"}}~{{else}}{{ .Folder }}{{end}}<{{ if .Root }}lightBlue{{ else }}green{{ end }}>]</>";
}
{
"type" = "git";

5
nixos/system/packages/sops/secrets/secrets.yaml
View File

@ -2,6 +2,7 @@ kogami:
password-hash: ENC[AES256_GCM,data:HXuzumA7zAzBUcOBszeslYVDLA7r3W7gINn2FvMCTEHkc+y3zWftK4CVnk+TuRcgP9/htUphs2BmusogFAdmRQ3HmQU8WGQN0A==,iv:n2063dWbEmFKEvXbY2uk+C6lwF7WzA8jalKOFHPVICc=,tag:wb5bq4Dk3a9UnzYFBInHEA==,type:str]
ginoza:
password-hash: ENC[AES256_GCM,data:xqE0y3Z7+kasYFQLn4Wuo+/c9L8BEakf2HKgN5BsttC2iDuzYSvXrP8K6pe5Skdi5Aq0MVz9LixJFM3PBgLORL1C6k0iDSardw==,iv:bKL40h0rGNmnnkA7EieKAD5KyENXOiTNsTVH1V0B7HU=,tag:c1MsRuiOK/j2b0iKOyO8FQ==,type:str]
yubikey_id: ENC[AES256_GCM,data:ZyamX5gxoW4=,iv:4tW7muk6AaJf9VmXmFd6Ut63U27fFD8QgYSBx3RgOfw=,tag:IFlSiOffMyc33Rw1gxwCPA==,type:int]
sops:
kms: []
gcp_kms: []
@ -17,8 +18,8 @@ sops:
T0cxV21SN0hJaFg3R3hpTjIxa3lJNVEKdIrR5XDHxpCojk2A1pxc4dYtSJRrObbY
JS/nDgu74LugEchiOhuIJ7nh3MS5XBOmmt2GTHrqxZEZFoIykjIGug==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-26T14:50:21Z"
mac: ENC[AES256_GCM,data:db57wvxR3NK0OgI9qAzpjOg2dvcb5H7kY1GvyZmfyUoQpapwTuci36sEwFHDPSUXynzobmhiv49kAEsYm0xhvOhTW1tPReVKi4pKh4EFYl0qOeMs0/cM0pwDCyVkjTQh3qlRR+PFB2oSxDdi7rZFfz26P1iFlEHhvsYug/v16Rs=,iv:m40T1K279d5/7u2jtytwS5UMv6V7RDFpNXQxFEAOauU=,tag:+UQ61SLtcVUIixsT0JnXYA==,type:str]
lastmodified: "2024-12-26T19:06:52Z"
mac: ENC[AES256_GCM,data:1n5O72DFe6dgvEfE6ZOAP1JR4TFZQAWeDYU/NLtisjoVliREcVmaZEM3vxDnrLueLFdNZ0jxu9fEjG0cnwUDkJNIeFyj8mhzY3bIC5LiSVriKPLGiJW3fMBsK6btJTa8OJ7xJsFIKgXpVHAgOit9ZBT24VnLZ9zFgWk84whR1eE=,iv:RaKCWl5zfKsD0502WVRv8Vx2+jGz3J7yhRkSzb/RFPM=,tag:JT2sKaoK7SCKCk1nWrHZMQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

1
nixos/system/packages/sops/sops.nix
View File

@ -19,5 +19,6 @@
};
users.users.${userSettings.username}.hashedPasswordFile = "${config.sops.secrets."${userSettings.hostname}/password-hash".path}";
security.pam.yubico.id = ["${config.sops.secrets.yubikey_id}".value];
};
}

55
nixos/system/packages/yubikey.nix
View File

@ -6,7 +6,7 @@
}: {
options = {
program.yubikey = {
enable = lib.mkEnableOption "Enable YubiKey support";
enable = lib.mkEnableOption "Enable YubiKey authentication";
};
};
@ -17,30 +17,39 @@
pam_u2f
];
# Only have to be connected to the notebook
#security.pam.services = {
# login.u2fAuth = true;
# sudo.u2fAuth = true;
#};
security.pam.yubico = {
enable = true;
debug = false;
mode = "challenge-response";
control = "sufficient";
#! id = [ "1234567890" ];
#! YubiKey ID is stored in SOPS
#! and is set in the module configuration
#! file ./sops/sops.nix
};
services.pcscd = {
enable = true;
};
#services.udev.packages = [pkgs.yubikey-personalization];
#
#services.yubikey-agent.enable = true;
#
#security.pam = {
# sshAgentAuth.enable = true;
# u2f = {
# enable = true;
# settings = {
# cue = false;
# authfile = "${config.home.homeDirectory}/.config/yubikeys/u2f_keys";
# # debug = true;
# };
# };
# services = {
# login.u2fAuth = true;
# sudo = {
# u2fAuth = true;
# sshAgentAuth = true;
# };
# };
#};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.udev.extraRules = ''
ACTION=="remove",\
ENV{ID_BUS}=="usb",\
ENV{ID_MODEL_ID}=="0407",\
ENV{ID_VENDOR_ID}=="1050",\
ENV{ID_VENDOR}=="Yubico",\
RUN+="${pkgs.systemd}/bin/loginctl lock-sessions"
'';
};
}

1
nixos/system/settings/user.nix
View File

@ -4,6 +4,7 @@
isNormalUser = true;
description = "${userSettings.username}";
extraGroups = ["wheel"];
#! hashedPasswordFile = "password-hash";
#! User Hashed password is stored in SOPS
#! and is set in the module configuration
#! file ../packages/sops/sops.nix