diff --git a/systems/x86_64-linux/yerukall/default.nix b/systems/x86_64-linux/yerukall/default.nix deleted file mode 100644 index 4224982..0000000 --- a/systems/x86_64-linux/yerukall/default.nix +++ /dev/null @@ -1,385 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, lib, inputs,... }: -let - lock-false = { - Value = false; - Status = "locked"; - }; - lock-true = { - Value = true; - Status = "locked"; - }; - lock-empty-string = { - Value = ""; - Status = "locked"; - }; -in { - imports = - [ - ./hardware.nix - inputs.sops-nix.nixosModules.sops -# inputs.home-manager.nixosModules.home-manager - ]; - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - # Configure Secret Management - sops.defaultSopsFile = ./secrets/secrets.yaml; - sops.defaultSopsFormat = "yaml"; - sops.age.keyFile = "/home/kb-work/.config/sops/age/keys.txt"; - sops.secrets.example-key = {}; - sops.secrets."myservice/my_subdir/my_secret" = {}; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "yerukall"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "de_DE.UTF-8"; - LC_IDENTIFICATION = "de_DE.UTF-8"; - LC_MEASUREMENT = "de_DE.UTF-8"; - LC_MONETARY = "de_DE.UTF-8"; - LC_NAME = "de_DE.UTF-8"; - LC_NUMERIC = "de_DE.UTF-8"; - LC_PAPER = "de_DE.UTF-8"; - LC_TELEPHONE = "de_DE.UTF-8"; - LC_TIME = "de_DE.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the KDE Plasma Desktop Environment. - services.displayManager.sddm.enable = true; - services.desktopManager.plasma6.enable = true; - - # Configure keymap - services.xserver.xkb = { - variant = "caps:swapescape"; - layout = "de,us,dv2"; - extraLayouts.dv2 = { - description = "German Dvorak Type 2"; - languages = [ "de" ]; - symbolsFile = ./symbols/dv2; - }; - }; - - # Configure console keymap - console.keyMap = "de"; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # Enable Bluetooth Support - hardware.bluetooth.enable = true; -# services.blueman.enable = true; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.kb-work = { - isNormalUser = true; - description = "kb-work"; - extraGroups = [ "vboxusers" "networkmanager" "wheel" "docker" ]; - packages = with pkgs; [ - kate - thunderbird - keepassxc - globalprotect-openconnect - vscodium - logseq - ungoogled-chromium - zed-editor # Editor - languagetool - syncthing - pysolfc - blender - prusa-slicer - kcalc - veracrypt - zoom-us - virtualbox - protonvpn-gui - tidal-hifi - gimp - libreoffice - sops # Secret Management - ]; - - }; - - services.syncthing = { - enable = true; - user = "kb-work"; - dataDir = "/home/kb-work"; - configDir = "/home/kb-work/.config/syncthing"; - }; - - services.languagetool = { - enable = true; - allowOrigin = "*"; - }; - - services.pcscd.enable = true; - programs.gnupg.agent = { -# enable = true; - pinentryPackage = pkgs.lib.mkForce pkgs.pinentry-qt; - }; - - programs.virt-manager.enable = true; - - programs.firefox = { - enable = true; - nativeMessagingHosts.packages = [ pkgs.firefoxpwa ]; - policies = { - # --------- Privacy --------- - DisableTelemetry = true; - DisableFirefoxStudies = true; - DisablePocket = true; - DisableFirefoxAccounts = true; - AutofillAddressEnabled = false; - AutofillCreditCardEnabled = false; - OfferToSaveLogins = false; - FirefoxHome.TopSites = false; - FirefoxHome.SponsoredTopSites = false; - Preferences = { - "browser.newtabpage.pinned" = lock-empty-string; - "browser.topsites.contile.enabled" = lock-false; - }; - # -------- Opiniated -------- - DontCheckDefaultBrowser = true; - DisableProfileImport = true; - SearchBar = "unified"; - SearchEngines.Add = [ # Only Available in ESR Releases https://mozilla.github.io/policy-templates/#searchengines--add - { - Name = "Brave"; - URLTemplate = "https://search.brave.com/search?q={SearchTerms}"; - Alias = "br"; - } - ]; - ExtensionSettings = { # See https://mozilla.github.io/policy-templates/#extensionsettings - "extension@tabliss.io" = { - install_url = "https://addons.mozilla.org/firefox/downloads/file/3940751/tabliss-2.6.0.xpi"; - installation_mode = "normal_installed"; - }; - "gdpr@cavi.au.dk" = { - install_url = "https://addons.mozilla.org/firefox/downloads/file/4246350/consent_o_matic-1.0.13.xpi"; - installation_mode = "normal_installed"; - }; - "uBlock0@raymondhill.net" = { - install_url = "https://addons.mozilla.org/firefox/downloads/file/4261710/ublock_origin-1.57.2.xpi"; - installation_mode = "normal_installed"; - }; - "keepassxc-browser@keepassxc.org" = { - install_url = "https://addons.mozilla.org/firefox/downloads/file/4257616/keepassxc_browser-1.9.0.3.xpi"; - installation_mode = "normal_installed"; - }; - "offline-qr-code@rugk.github.io" = { - install_url = "https://addons.mozilla.org/firefox/downloads/file/3870992/offline_qr_code_generator-1.8.xpi"; - installation_mode = "normal_installed"; - }; - "addon@darkreader.org" = { - install_url = "https://addons.mozilla.org/firefox/downloads/file/4262984/darkreader-4.9.83.xpi"; - installation_mode = "normal_installed"; - }; - "firefoxpwa@filips.si" = { - install_url = "https://addons.mozilla.org/firefox/downloads/file/4252822/pwas_for_firefox-2.11.1.xpi"; - installation_mode = "normal_installed"; - }; - }; - Bookmarks = [ - { - Title = "Syncthing"; - URL = "localhost:8384"; - Placement = "toolbar"; - } - ]; - }; - -# profiles.default = { -# id = 0; -# name = "default"; -# isDefault = true; -# path = "/home/spiegelma/.mozilla/firefox/m9zcjjpu.default"; -# }; - -# profiles.work = { -# id = 1; -# name = "work"; -# isDefault = false; -# search = { -# force = true; -# default = "Brave"; -# order = [ "Brave" "StartPage" "DuchDuckGo" "Google" "Bing"]; -# engines = { -# "Brave" = { -# urls = [{ template = "https://search.brave.com/search?q={searchTerms}"; }]; -# iconUpdateURL = "https://cdn.search.brave.com/serp/v2/_app/immutable/assets/brave-search-icon.CsIFM2aN.svg"; -# updateInterval = 24 * 60 * 60 * 1000; # every day -# }; -# "StartPage" = { -# urls = [{ template = "https://www.startpage.com/sp/search?query={searchTerms}"; }]; -# iconUpdateURL = "https://www.startpage.com/sp/cdn/favicons/favicon-16x16-gradient.png"; -# updateInterval = 24 * 60 * 60 * 1000; # every day -# }; -# }; -# }; -# bookmarks = [ -# { -# name = "work"; -# toolbar = true; -# bookmarks = [ -# { -# name = "ohmportal"; -# url = "https://my.ohmportal.de/"; -# } -# ]; -# } -# { -# name = "nixos"; -# toolbar = true; -# bookmarks = [ -# { -# name = "nix Packages"; -# url = "https://search.nixos.org/packages?channel=unstable"; -# } -# { -# name = "nix Options"; -# url = "https://search.nixos.org/options?channel=unstable"; -# } -# { -# name = "home Options"; -# url = "https://nix-community.github.io/home-manager/options.xhtml"; -# } -# ]; -# } -# ]; -# }; - }; - - programs.chromium = { - enable = true; - extensions = [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin - ]; - defaultSearchProviderEnabled = true; - defaultSearchProviderSearchURL = "https://search.brave.com/search?q={searchTerms}"; - }; - - # Configure Nix - nixpkgs.config.allowUnfree = true; - nixpkgs.config.permittedInsecurePackages = [ - "electron-28.3.3" - "electron-27.3.11" - ]; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget - git - grim # screenshot functionality - slurp # screenshot functionality - wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout - mako # notification system developed by swaywm maintainer - btop - starship - openconnect - firefoxpwa - gnupg - pinentry-qt - cifs-utils # Needed to access SMB Shares - docker-compose - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # enable sway window manager - programs.sway = { - enable = true; - wrapperFeatures.gtk = true; - }; - - # start SSH Agent - programs.ssh.startAgent = true; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - services.globalprotect = { - enable = true; - settings = { - "vpn.ohmportal.de" = { - openconnect-args = "--protocol gp --disable-ipv6 --mtu=1284 --force-dpd=30 "; - }; - }; - csdWrapper = "${pkgs.openconnect}/libexec/openconnect/hipreport.sh"; - }; - - virtualisation.docker.enable = true; -# virtualisation.virtualbox.host = { -# enable = true; -# enableKvm = true; -# enableHardening = false; # Incompatible with KVM -# addNetworkInterface = false; # Incompatible with KVM -# }; - virtualisation.libvirtd.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.11"; # Did you read the comment? -} diff --git a/systems/x86_64-linux/yerukall/hardware.nix b/systems/x86_64-linux/yerukall/hardware.nix deleted file mode 100644 index f0a7836..0000000 --- a/systems/x86_64-linux/yerukall/hardware.nix +++ /dev/null @@ -1,40 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/8f65b0c3-cf18-422b-866b-93cd3cea092f"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."luks-5a889af2-299e-41c7-a838-9a86617cba43".device = "/dev/disk/by-uuid/5a889af2-299e-41c7-a838-9a86617cba43"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/90DC-567F"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/systems/x86_64-linux/yerukall/secrets/secrets.yaml b/systems/x86_64-linux/yerukall/secrets/secrets.yaml deleted file mode 100644 index 51d591a..0000000 --- a/systems/x86_64-linux/yerukall/secrets/secrets.yaml +++ /dev/null @@ -1,39 +0,0 @@ -#ENC[AES256_GCM,data:Y/4T3/21rAYxhZZpSm1ViwpAuce0j09yIoyQJrywm58g4LNPVoc=,iv:p67M9lRr4P/ZkR+y2Qag8fOQrz6g4hRV+RQttzcpqyA=,tag:UvLX6HBB7R8mmYf2p40qVg==,type:comment] -example-key: ENC[AES256_GCM,data:QNGwQqL+MF5FouF1sw==,iv:v8Wife1Szo2/hckzjnvgEWeO4W7Z3o5T3b6qDBa9ybc=,tag:udthCeK2XO32a7KStPEacQ==,type:str] -#ENC[AES256_GCM,data:THHKylFfOJAphDzozezoC8MMq9rAgZNQkzjRS8loFs/M9CeWKretPnzHB0ICyIMoV5EZyZ2A0Aw=,iv:zksZsPPUmPRvjKnbJ1hIz5kNF59yLi1AD8qpjnpowj0=,tag:6wN9qZv/Joh0KszXuRO/HA==,type:comment] -#ENC[AES256_GCM,data:lnNvxw+ZJ/Oxx49IQJ9v4WOb+9nHVnlDw4dUg2eLVh0SC3FmY0OcIYQbkMi04QJAUeGS90Pk+PEge+DBk36kpeRIjWGnN2Oj,iv:5WA7Fv4h0WFs3bIxxY+Jd5iWGq93NErxshSELYAmKcQ=,tag:pK49KZ0LzOXHnaqEDejkVQ==,type:comment] -myservice: - my_subdir: - my_secret: ENC[AES256_GCM,data:djPluXw5DIaX,iv:8ETxthGUW9aHp497FYcFOya0clZI0GDmf8BUyf65Dz0=,tag:62zulMRBSE1cHezfOAPcCA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1lyv48cuxvnwp4ykugw57zjl728pn2tvss6486n9avgvw6uqj3ydqddkrmu - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZFJJUXVNVHJ2eGFUUEUr - T09TNUs1TXhJcForZlpLMTQxSFZiVktwOG13Cm1XbkRvYWs4TWxobi9zamRyc0U5 - RFJsaFhlYzM0WUN1a2dBM24yUVAyUGMKLS0tIC92dGF6UlExWG1sd2JGREtPb2R3 - V21VMmZwSE9RcnRIWW5qVUVjUytDNk0Kfsx4yHMU37LnShUQuTSqB05RZNc1e+tB - I/sCep5KH02W4IBUONXVKbHE5Fp3nl0RVMBE+oQQojOCdEERebBplA== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-06T14:49:25Z" - mac: ENC[AES256_GCM,data:741EU6IW91+D6O22q/fC2QGC7PU/qxSkdML4KBbYohS2tOx9dl7miyooNnSw2nEjE4yd4qxU+OU8ZNxST/dlnOaGa5otYfwByq0FQ7PLa4pSzVSTMvDBHf55JHOL9zbWuWoiPu2WEa+sQ6bU7Rte/4EtXhJBvHhgys0hc0kHIyQ=,iv:QNpw1v8m+AUqdhYq1LdJSUSDeVN9PM/qyEqibyVxCa4=,tag:tysIywxYhCv51eVBQE3NaQ==,type:str] - pgp: - - created_at: "2024-09-06T15:25:51Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hF4Dg0be+qgFJlcSAQdAtgr7NQCBh2lFuJVelU3zgaV9bvwKzEA9VPYOq1/53lkw - AJXNN1tW/RIMLJYlotfmd4vKd7JXJL7yVNgxFNfepFnDxcc58aFkefYFLSR3Owe7 - 1GgBCQIQkCcQDT/8Pkd9hM7D6ZNDi8tl1sGukChIZ0De7nQ3jun2LwFPtYYVw97J - iSeMyas8Z+BkkL0eYyzdRPlYBnzDNwGLteRMkjWCHeNESaeUjP06Bz+v7rMFn9DS - 7O8SqYeKKm4YkA== - =/tp5 - -----END PGP MESSAGE----- - fp: CEFAA4772EBDE0F5CFD1D1B3ED7E4FF32820BDE8 - unencrypted_suffix: _unencrypted - version: 3.9.0 diff --git a/systems/x86_64-linux/yerukall/symbols/dv2 b/systems/x86_64-linux/yerukall/symbols/dv2 deleted file mode 100644 index 7bf9d76..0000000 --- a/systems/x86_64-linux/yerukall/symbols/dv2 +++ /dev/null @@ -1,80 +0,0 @@ -// German Dvorak keymap by Thorsten Staerk (www.staerk.de/thorsten) -// Have acute and grave as dead keys, tilde and circumflex alive as they are needed -// in many programming languages. -// to use this keymap, use a 105-key-keyboard and the command setxkbmap -model pc105 -layout dvorak -variant de -// source: http://www-lehre.informatik.uni-osnabrueck.de/~rfreund/dvorak.php -// Some modifications by Simon Spruenker (simon.spruenker.de) e. g.: -// Can also be used on 104-key-keyboard without loosing adiaeresis. -partial alphanumeric_keys -xkb_symbols "dvorak" { - include "us(dvorak)" - - name[Group1]="Germany - Dvorak"; - - key { [ asciicircum, degree ] }; - - key { [ 1, exclam, onesuperior ] }; - key { [ 2, quotedbl, twosuperior ] }; - key { [ 3, section, threesuperior ] }; - key { [ 4, dollar, bar ] }; - key { [ 5, percent, bar ] }; - key { [ 6, ampersand, brokenbar ] }; - key { [ 7, slash, braceleft ] }; - key { [ 8, parenleft, bracketleft ] }; - key { [ 9, parenright, bracketright ] }; - key { [ 0, equal, braceright ] }; - key { [ plus, asterisk, asciitilde ] }; - key { [ less, greater, dead_grave ] }; - - key { [ udiaeresis, Udiaeresis, braceleft ] }; - key { [ comma, semicolon, bracketleft ] }; - key { [ period, colon, bracketright ] }; - key { [ p, P, braceright ] }; - key { [ c, C, copyright, Cacute ] }; - key { [ t, T, trademark ] }; - key { [ z, Z, zabovedot, Zabovedot ] }; - key { [ question, ssharp ] }; - key { [ slash, backslash, dead_acute ] }; - - key { [ a, A, at, aogonek ] }; - key { [ o, O, oacute, Oacute ] }; - key { [ e, E, EuroSign, eogonek ] }; - key { [ i, I, bar ] }; - key { [ u, U ] }; - key { [ h, H ] }; - key { [ d, D ] }; - key { [ r, R, registered ] }; - key { [ n, N, nacute, Nacute ] }; - key { [ s, S, sacute, Sacute] }; - key { [ l, L, lstroke, Lstroke ] }; - - key { [ odiaeresis, Odiaeresis, adiaeresis, Adiaeresis ] }; - key { [ q, Q, at ] }; - key { [ m, M, mu ] }; - key { [ numbersign, apostrophe ] }; - - key { [ minus, underscore, hyphen, diaeresis] }; - - key { [ adiaeresis, Adiaeresis, bar ] }; - - include "level3(ralt_switch)" -}; - -partial alphanumeric_keys -xkb_symbols "Sundeadkeys" { - - // For naming consistency - - include "de(basic)" - -}; - -partial alphanumeric_keys -xkb_symbols "sundeadkeys" { - - // For naming consistency - - include "de(Sundeadkeys)" - - name[Group1]="Germany - Sun dead keys"; -};