talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:862829c57c77d105496b4163a434c1110fc14cb6
Branches Tags
talexander:main
talexander:nix
talexander:install_files_mixin
talexander:starship
talexander:pixelbook
..
compare: talexander:20c1c46d1262baea248b06df96b26fe88746e865
Branches Tags
talexander:nix
talexander:install_files_mixin
talexander:main
talexander:starship
talexander:pixelbook

No commits in common. "862829c57c77d105496b4163a434c1110fc14cb6" and "20c1c46d1262baea248b06df96b26fe88746e865" have entirely different histories.
862829c57c ... 20c1c46d12

10 changed files with 22 additions and 207 deletions
Show Stats Expand all files Collapse all files

14
nix/configuration/configuration.nix
View File

@ -9,15 +9,10 @@
./boot.nix
./zfs.nix
./network.nix
./roles/firewall
./roles/graphics
./roles/sound
./roles/sway
./roles/firefox
./roles/emacs
./roles/git
./roles/fonts
./roles/gpg
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
@ -88,9 +83,6 @@
mesa-demos # for glxgears TODO move to better role
vulkan-tools # for vkcube TODO move to better role
xorg.xeyes # to test which windows are using x11 TODO move to better role
ripgrep
strace
tcpdump
];
services.openssh = {
@ -112,6 +104,12 @@
];
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedUDPPorts = [ ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Check what will be lost with `zfs diff zroot/linux/root@blank`
boot.initrd.systemd.enable = lib.mkDefault true;
boot.initrd.systemd.services.zfs-rollback = {

12
nix/configuration/network.nix
View File

@ -5,7 +5,9 @@
networking.dhcpcd.enable = false;
networking.useDHCP = false;
networking.nameservers = [ "194.242.2.2#doh.mullvad.net" "2a07:e340::2#doh.mullvad.net" ];
# networking.nameservers = ["8.8.8.8" "8.8.4.4"];
networking.nameservers = [ "194.242.2.2#doh.mullvad.net" "[2a07:e340::2]#doh.mullvad.net" ];
# networking.nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
services.resolved = {
enable = true;
dnssec = "true";
@ -13,13 +15,6 @@
fallbackDns = [ ];
dnsovertls = "true";
};
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
#
# Test with: drill @127.0.0.53 odo.home.arpa
networking.extraHosts = "127.0.0.1 odo.home.arpa";
networking.wireless.iwd = {
enable = true;
@ -34,6 +29,5 @@
environment.systemPackages = with pkgs; [
iw
iwd
ldns # for drill
];
}

1
nix/configuration/roles/emacs/default.nix
View File

@ -39,7 +39,6 @@ in
plainmacs
emacs29-pgtk
clang # To compile tree-sitter grammars
nixd # nix language server
];
home-manager.users.talexander = { pkgs, ... }: {

16
nix/configuration/roles/emacs/files/emacs/elisp/lang-nix.el
View File

@ -7,15 +7,15 @@
:commands nix-mode
:hook (
(nix-mode . (lambda ()
(eglot-ensure)
(defclass my/eglot-nix (eglot-lsp-server) ()
:documentation
"Own eglot server class.")
;; (eglot-ensure)
;; (defclass my/eglot-nix (eglot-lsp-server) ()
;; :documentation
;; "Own eglot server class.")
(add-to-list 'eglot-server-programs
'(nix-mode . (my/eglot-nix "nixd")))
(add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
))
;; (add-to-list 'eglot-server-programs
;; '(nix-mode . (my/eglot-nix "nixd")))
;; (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
))
)
)

97
nix/configuration/roles/firefox/default.nix
View File

@ -1,97 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [];
programs.firefox = {
enable = true;
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true;}) {});
languagePacks = [ "en-US" ];
preferences = {
# "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
"media.hardware-video-decoding.force-enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"doh-rollout.doorhanger-decision" = "UIDisabled";
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
# Disable ads
"extensions.pocket.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.pinned" = "[]";
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.topsites.contile.enabled" = false;
# Disable cache when devtools are open.
"devtools.cache.disabled" = true;
# Do not track header.
"privacy.donottrackheader.enabled" = true;
# Tell websites not to share or sell my data.
"privacy.globalprivacycontrol.enabled" = true;
# Disable "studies" (slice testing)
"app.shield.optoutstudies.enabled" = false;
# Disable attribution which is used by advertisers to track you.
"dom.private-attribution.submission.enabled" = false;
# Disable battery status, used to track users.
"dom.battery.enabled" = false;
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
#
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
# dom.event.clipboardevents.enabled: false
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
"privacy.firstparty.isolate" = true;
# Do not preload URLs that auto-complete in the address bar.
"browser.urlbar.speculativeConnect.enabled" = false;
# Do not resist fingerprinting because that tells websites to use light mode.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
"privacy.resistFingerprinting" = false; # (default false)
# Instead, enable fingerprinting protection, which allows configuring an override.
"privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" = "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
ExtensionSettings = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
"firefox@teleparty.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
installation_mode = "normal_installed";
};
};
};
};
environment.persistence."/persist" = {
hideMounts = true;
users.talexander = {
directories = [
{ directory = ".mozilla"; user = "talexander"; group = "talexander"; mode = "0700"; }
];
};
};
environment.persistence."/state" = {
hideMounts = true;
users.talexander = {
directories = [
{ directory = ".cache/mozilla"; user = "talexander"; group = "talexander"; mode = "0700"; }
];
};
};
}

15
nix/configuration/roles/firewall/default.nix
View File

@ -1,15 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [];
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
22 # ssh
];
networking.firewall.allowedUDPPorts = [
5353 # mDNS
];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
}

25
nix/configuration/roles/gpg/default.nix
View File

@ -1,25 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [];
# Fetch public keys:
# gpg --locate-keys tom@fizz.buzz
#
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
environment.persistence."/persist" = {
hideMounts = true;
users.talexander = {
directories = [
{ directory = ".gnupg"; user = "talexander"; group = "talexander"; mode = "0700"; } # Local keyring
];
};
};
}

7
nix/configuration/roles/graphics/default.nix
View File

@ -1,7 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [];
hardware.graphics.enable = true;
}

20
nix/configuration/roles/sound/default.nix
View File

@ -1,20 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [];
environment.systemPackages = with pkgs; [
pavucontrol
];
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
}

22
nix/configuration/roles/sway/default.nix
View File

@ -211,8 +211,10 @@ in
environment.systemPackages = with pkgs; [
alacritty
firefox
pcmanfm
];
hardware.graphics.enable = true;
environment.sessionVariables = {
WLR_RENDERER_ALLOW_SOFTWARE = "1";
@ -229,22 +231,8 @@ in
];
};
environment.persistence."/state" = {
hideMounts = true;
users.talexander = {
files = [
".cache/wofi-drun" # Execution history for wofi to sort results
];
};
};
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
}