kibbeh: configure

Author: kmein

.github/workflows/niveum.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        system: [makanek,manakish,kabsa,zaatar,ful,fatteh]
+        system: [makanek,manakish,kabsa,zaatar,ful,fatteh,kibbeh]
     steps:
     - uses: actions/checkout@v3
     - name: Install QEMU (ARM)

configs/admin-essentials.nix

@@ -52,6 +52,22 @@ in {
       pkgs.psmisc # for killall, pstree
     ];
 
+
+    security.wrappers = {
+      pmount = {
+        setuid = true;
+        owner = "root";
+        group = "root";
+        source = "${pkgs.pmount}/bin/pmount";
+      };
+      pumount = {
+        setuid = true;
+        owner = "root";
+        group = "root";
+        source = "${pkgs.pmount}/bin/pumount";
+      };
+    };
+
   environment.shellAliases = let
     take = pkgs.writers.writeDash "take" ''
       mkdir "$1" && cd "$1"

configs/bluetooth.nix

@@ -7,10 +7,4 @@
   };
 
   environment.systemPackages = [ pkgs.bluetuith ];
-
-  # services.blueman.enable = true;
-
-  # environment.systemPackages = [pkgs.blueman];
-
-  # home-manager.users.me = {services.blueman-applet.enable = true;};
 }

configs/default.nix

@@ -126,22 +126,6 @@ in {
         };
       };
     }
-    {
-      security.wrappers = {
-        pmount = {
-          setuid = true;
-          owner = "root";
-          group = "root";
-          source = "${pkgs.pmount}/bin/pmount";
-        };
-        pumount = {
-          setuid = true;
-          owner = "root";
-          group = "root";
-          source = "${pkgs.pmount}/bin/pumount";
-        };
-      };
-    }
     {programs.command-not-found.enable = true;}
     {
       programs.gnupg = {
@@ -255,6 +239,11 @@ in {
     ./watson.nix
     ./wallpaper.nix
     ./zsh.nix
+    {
+      home-manager.users.me.home.file.".zshrc".text = ''
+        # nothing to see here
+      '';
+    }
     ./tor.nix
     ./stw-berlin.nix
     ./mastodon-bot.nix

configs/zsh.nix

@@ -2,11 +2,10 @@
   config,
   pkgs,
   ...
-}: {
-  home-manager.users.me.home.file.".zshrc".text = ''
-    # nothing to see here
-  '';
-
+}: let
+  promptColours.success = "cyan";
+  promptColours.failure = "red";
+in {
   environment.systemPackages = [pkgs.atuin];
   environment.variables.ATUIN_CONFIG_DIR = toString (pkgs.writeTextDir "/config.toml" ''
     auto_sync = true
@@ -58,7 +57,7 @@
 
       fpath=(${zsh-completions}/src $fpath)
     '';
-    promptInit = with config.niveum; ''
+    promptInit = ''
       autoload -Uz vcs_info
       zstyle ':vcs_info:*' enable git
       zstyle ':vcs_info:*' check-for-changes true

flake.nix

@@ -111,6 +111,7 @@
               tabula = "root@tabula";
               kabsa = "root@kabsa";
               fatteh = "root@fatteh";
+              kibbeh = "root@kibbeh";
             };
           in
             lib.attrsets.nameValuePair "deploy-${hostname}" {

secrets

@@ -20,8 +20,6 @@ in {
     promptColours.success = "cyan";
   };
 
-  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/dracula.yaml";
-
   nix.settings = {
     cores = 1;
     max-jobs = 2;

systems/kabsa/configuration.nix

@@ -1,36 +1,53 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
+{ config, pkgs, niveumPackages, ... }:
 
 {
-  imports =
-    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-    ];
+  imports = [
+    ./hardware-configuration.nix
+    ../../configs/spacetime.nix
+    ../../configs/admin-essentials.nix
+    ../../configs/keyboard.nix
+    ../../configs/sound.nix
+    ../../configs/printing.nix
+    ../../configs/nix.nix
+    ../../configs/flix.nix
+    ../../configs/fonts.nix
+    ../../configs/retiolum.nix
+    ../../configs/sshd.nix
+    ../../configs/sudo.nix
+    ../../configs/zsh.nix
+    ../../configs/tor.nix
+  ];
+
+  age.secrets = {
+    retiolum-rsa = {
+      file = ../../secrets/kibbeh-retiolum-privateKey-rsa.age;
+      mode = "400";
+      owner = "tinc-retiolum";
+      group = "tinc-retiolum";
+    };
+    retiolum-ed25519 = {
+      file = ../../secrets/kibbeh-retiolum-privateKey-ed25519.age;
+      mode = "400";
+      owner = "tinc-retiolum";
+      group = "tinc-retiolum";
+    };
+  };
+
+  services.gnome.gnome-keyring.enable = true;
+  security.pam.services.lightdm.enableGnomeKeyring = true;
 
-  # Bootloader.
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  boot.initrd.luks.devices."luks-b3988d35-72a9-4e7c-992d-f500bb388554".device = "/dev/disk/by-uuid/b3988d35-72a9-4e7c-992d-f500bb388554";
-  networking.hostName = "nixos"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  services.openssh.enable = true;
 
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+  boot.initrd.luks.devices."luks-b3988d35-72a9-4e7c-992d-f500bb388554".device =
+    "/dev/disk/by-uuid/b3988d35-72a9-4e7c-992d-f500bb388554";
 
-  # Enable networking
+  networking.hostName = "kibbeh";
   networking.networkmanager.enable = true;
 
-  # Set your time zone.
-  time.timeZone = "Europe/Berlin";
-
-  # Select internationalisation properties.
   i18n.defaultLocale = "en_US.UTF-8";
-
   i18n.extraLocaleSettings = {
     LC_ADDRESS = "de_DE.UTF-8";
     LC_IDENTIFICATION = "de_DE.UTF-8";
@@ -43,95 +60,47 @@
     LC_TIME = "de_DE.UTF-8";
   };
 
-  # Enable the X11 windowing system.
   services.xserver.enable = true;
-
-  # Enable the Pantheon Desktop Environment.
   services.xserver.displayManager.lightdm.enable = true;
   services.xserver.desktopManager.pantheon.enable = true;
+  # services.displayManager.autoLogin.enable = true;
+  # services.displayManager.autoLogin.user = config.users.users.me.name;
 
-  # Configure keymap in X11
-  services.xserver = {
-    layout = "de";
-    xkbVariant = "T3";
-  };
-
-  # Configure console keymap
-  console.keyMap = "de";
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-
-  # Enable sound with pipewire.
-  sound.enable = true;
-  hardware.pulseaudio.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    #jack.enable = true;
-
-    # use the example session manager (no others are packaged yet so this is enabled by default,
-    # no need to redefine it in your config for now)
-    #media-session.enable = true;
+  age.secrets = {
+    di-fm-key.file = ../../secrets/di-fm-key.age;
   };
 
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.kfm = {
+  users.users.me = {
+    name = "kfm";
     isNormalUser = true;
-    description = "Kierán Meinhardt";
-    extraGroups = [ "networkmanager" "wheel" ];
+    description = "किरण";
+    extraGroups = [ "networkmanager" ];
+    password = "hackme";
     packages = with pkgs; [
+      # packages TODO
       firefox
-    #  thunderbird
+      thunderbird
+      alacritty
+      tor-browser-bundle-bin
+      zathura
+      okular
+      anki-bin
+      libreoffice
+      xournalpp
+      jellyfin-media-player
+      niveumPackages.mpv-tv
+      (niveumPackages.mpv-radio.override { di-fm-key-file = config.age.secrets.di-fm-key.path; })
+      niveumPackages.meteo
+      spotify
     ];
   };
 
-  # Enable automatic login for the user.
-  services.xserver.displayManager.autoLogin.enable = true;
-  services.xserver.displayManager.autoLogin.user = "kfm";
-
-  # Allow unfree packages
-  nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
   environment.systemPackages = with pkgs; [
-  #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-  #  wget
+    htop
+    git
+    vim
+    (niveumPackages.vim.override { colorscheme = "base16-gruvbox-dark-medium"; })
   ];
 
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
-
+  system.stateVersion = "23.11";
 }