diff --git a/home/modules/baseline.nix b/home/modules/baseline.nix index fd61864..70f0e83 100644 --- a/home/modules/baseline.nix +++ b/home/modules/baseline.nix @@ -13,6 +13,17 @@ in { config = mkIf cfg.enable { xdg = { enable = true; + mimeApps = { + enable = true; + defaultApplications = {}; + }; + portal = { + # this shouldnt be on baseline, as servers have no GUI + enable = true; + xdgOpenUsePortal = true; + extraPortals = with pkgs; [xdg-desktop-portal-gtk]; #wtf is this + configPackages = with pkgs; [xdg-desktop-portal-gtk]; #wtf is this + }; }; home = { diff --git a/home/modules/default.nix b/home/modules/default.nix index fb90319..31109a9 100644 --- a/home/modules/default.nix +++ b/home/modules/default.nix @@ -8,7 +8,7 @@ ./terminal ./neovim.nix ./baseline.nix - ./gaming.nix + ./gaming ./yubikey.nix ./browsers.nix ./gui diff --git a/home/modules/defaultDesktopPack.nix b/home/modules/defaultDesktopPack.nix index 29fbf7a..436a05e 100644 --- a/home/modules/defaultDesktopPack.nix +++ b/home/modules/defaultDesktopPack.nix @@ -28,6 +28,7 @@ in { vpsfree-client vscodium-fhs zola + zoom-us ]; }; } diff --git a/home/modules/gaming.nix b/home/modules/gaming/default.nix similarity index 64% rename from home/modules/gaming.nix rename to home/modules/gaming/default.nix index 5048854..5be0efd 100644 --- a/home/modules/gaming.nix +++ b/home/modules/gaming/default.nix @@ -12,6 +12,11 @@ in { }; config = mkIf cfg.enable { home.packages = [ + # Steam. todo: move to the steam module later + (pkgs.callPackage ./package.nix {}) + pkgs.protonup + pkgs.winetricks + pkgs.protontricks pkgs.lutris pkgs.openrct2 pkgs.prismlauncher diff --git a/home/modules/gaming/package.nix b/home/modules/gaming/package.nix new file mode 100644 index 0000000..19f241f --- /dev/null +++ b/home/modules/gaming/package.nix @@ -0,0 +1,9 @@ +{ + writeShellScriptBin, + steam-run, + steam, + ... +}: +writeShellScriptBin "steam" '' + exec ${steam-run}/bin/steam-run ${steam}/bin/steam -console +'' diff --git a/home/modules/gui/default.nix b/home/modules/gui/default.nix index bca09e9..54bf1bb 100644 --- a/home/modules/gui/default.nix +++ b/home/modules/gui/default.nix @@ -81,9 +81,8 @@ in { ./fonts.nix ./i3.nix ./polybar.nix - ./startx.nix + ./startx.nix # move to ly once 24.11 comes out :( ./picom.nix - ./theme.nix ]; config = let @@ -114,16 +113,45 @@ in { picom.enable = true; }; - xdg = { + gtk = { enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "application/pdf" = with pkgs; ["qpdfview"]; - "text/uri-list" = with pkgs; ["firefox"]; - "x-scheme-handler/file" = with pkgs; ["kitty"]; - }; + + iconTheme = { + name = "Papirus-Dark"; + package = pkgs.papirus-icon-theme; }; + theme = { + package = pkgs.materia-theme; + name = "Materia-dark"; + }; + + gtk2.extraConfig = '' + gtk-toolbar-style=GTK_TOOLBAR_BOTH_HORIZ + gtk-menu-images=1 + gtk-button-images=1 + ''; + + gtk3.extraConfig = { + gtk-application-prefer-dark-theme = 1; + }; + gtk4.extraConfig = { + gtk-application-prefer-dark-theme = 1; + }; + }; + + #qt = { mentioning qt makes qt applications not work, I should probably check how to fix this + # enable = true; + # style.name = "bb10dark"; + #}; + + home.sessionVariables = { + # Use gtk in jvm apps + _JAVA_OPTIONS = concatStringsSep " " [ + "-Dawt.useSystemAAFontSettings=on" + "-Dswing.aatext=true" + "-Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel" + "-Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel" + ]; }; }; } diff --git a/home/modules/gui/theme.nix b/home/modules/gui/theme.nix deleted file mode 100644 index fa1e098..0000000 --- a/home/modules/gui/theme.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; { - gtk = { - enable = true; - - iconTheme = { - name = "Papirus-Dark"; - package = pkgs.papirus-icon-theme; - }; - theme = { - package = pkgs.materia-theme; - name = "Materia-dark"; - }; - - gtk2.extraConfig = '' - gtk-toolbar-style=GTK_TOOLBAR_BOTH_HORIZ - gtk-menu-images=1 - gtk-button-images=1 - ''; - - gtk3.extraConfig = { - gtk-application-prefer-dark-theme = 1; - }; - gtk4.extraConfig = { - gtk-application-prefer-dark-theme = 1; - }; - }; - - home.sessionVariables = { - # Use gtk in jvm apps - _JAVA_OPTIONS = concatStringsSep " " [ - "-Dawt.useSystemAAFontSettings=on" - "-Dswing.aatext=true" - "-Dswing.defaultlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel" - "-Dswing.crossplatformlaf=com.sun.java.swing.plaf.gtk.GTKLookAndFeel" - ]; - }; -} diff --git a/pkgs/config/unfree.nix b/pkgs/config/unfree.nix index 9f6ff13..5028b08 100644 --- a/pkgs/config/unfree.nix +++ b/pkgs/config/unfree.nix @@ -8,4 +8,5 @@ with lib; "steam-original" "steam-unwrapped" "steam-run" + "zoom" ] diff --git a/sys/modules/default.nix b/sys/modules/default.nix index 27d719e..2f2bccf 100644 --- a/sys/modules/default.nix +++ b/sys/modules/default.nix @@ -13,7 +13,5 @@ ./android.nix ./users.nix ./bluetooth.nix - ./net.nix - ./steam.nix ]; } diff --git a/sys/modules/net.nix b/sys/modules/net.nix deleted file mode 100644 index 7ff7721..0000000 --- a/sys/modules/net.nix +++ /dev/null @@ -1,186 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; { - options.local.sys.nets = with lib.types; - mkOption { - readOnly = true; - - type = attrsOf (submodule ({config, ...}: { - options = let - v4config = config.v4; - v6config = config.v6; - in { - hosts = mkOption { - default = {}; - - type = attrsOf (submodule { - options = { - v4 = mkOption { - default = null; - - type = nullOr (submodule ({config, ...}: { - options = { - suffix = mkOption { - type = str; - }; - - address = mkOption { - type = str; - readOnly = true; - }; - - cidr = mkOption { - type = str; - readOnly = true; - }; - - single = mkOption { - type = str; - readOnly = true; - }; - }; - - config = { - address = - if v4config.bits == 0 - then config.suffix - else if v4config.bits == 32 - then v4config.subnet - else "${v4config.prefix}.${config.suffix}"; - - cidr = "${config.address}/${toString v4config.bits}"; - single = "${config.address}/32"; - }; - })); - }; - - v6 = mkOption { - default = null; - - type = nullOr (submodule ({config, ...}: { - options = { - suffix = mkOption { - type = str; - }; - - address = mkOption { - type = str; - readOnly = true; - }; - - cidr = mkOption { - type = str; - readOnly = true; - }; - - single = mkOption { - type = str; - readOnly = true; - }; - }; - - config = { - address = let - hextets = fragment: length (splitString ":" fragment); - separator = - if doubleColon - then "::" - else ":"; - doubleColon = hextets v6config.prefix + hextets config.suffix < 8; - - joined = - if v6config.bits == 128 - then v6config.prefix - else if v6config.bits == 0 - then config.suffix - else "${v6config.prefix}${separator}${config.suffix}"; - in - joined; - - cidr = "${config.address}/${toString v6config.bits}"; - single = "${config.address}/128"; - }; - })); - }; - }; - }); - }; - - v4 = mkOption { - default = null; - - type = nullOr (submodule ({config, ...}: { - options = { - bits = mkOption { - type = enum [0 8 16 24 32]; - }; - - prefix = mkOption { - type = str; - }; - - subnet = mkOption { - type = str; - readOnly = true; - }; - - cidr = mkOption { - type = str; - readOnly = true; - }; - }; - - config = { - cidr = "${config.subnet}/${toString config.bits}"; - subnet = - if config.bits != 0 - then config.prefix + strings.replicate (4 - config.bits / 8) ".0" - else "0.0.0.0"; - }; - })); - }; - - v6 = mkOption { - default = null; - - type = nullOr (submodule ({config, ...}: { - options = { - bits = mkOption { - type = - addCheck (ints.between 0 128) (b: mod b 4 == 0) - // { - description = "IPv6 subnet bits at nibble boundary"; - }; - }; - - prefix = mkOption { - type = str; - }; - - subnet = mkOption { - type = str; - readOnly = true; - }; - - cidr = mkOption { - type = str; - readOnly = true; - }; - }; - - config = { - cidr = "${config.subnet}/${toString config.bits}"; - subnet = - if config.bits == 128 || length (splitString "::" config.prefix) > 1 - then config.prefix - else "${config.prefix}::"; - }; - })); - }; - }; - })); - }; -} diff --git a/sys/modules/steam.nix b/sys/modules/steam.nix deleted file mode 100644 index a6cd543..0000000 --- a/sys/modules/steam.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.local.sys.steam; -in { - options.local.sys.steam = { - enable = mkEnableOption "steam settings"; - }; - config = mkIf cfg.enable { - programs.steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - localNetworkGameTransfers.openFirewall = true; - }; - - environment = { - systemPackages = with pkgs; - [ - protontricks - protonup - protonup-ng - winetricks - ]; - }; - }; -} diff --git a/sys/platforms/posixlycorrect/default.nix b/sys/platforms/posixlycorrect/default.nix index b4caa87..23409ac 100644 --- a/sys/platforms/posixlycorrect/default.nix +++ b/sys/platforms/posixlycorrect/default.nix @@ -19,7 +19,6 @@ graphics.enable = true; virtualisation.enable = true; androidSupport.enable = true; - steam.enable = true; users = { fabian = { diff --git a/sys/platforms/vps/default.nix b/sys/platforms/vps/default.nix index 9801183..b949d4c 100644 --- a/sys/platforms/vps/default.nix +++ b/sys/platforms/vps/default.nix @@ -13,7 +13,6 @@ with lib; { flakes.impermanence.nixosModule ./hardware-configuration.nix ./srv - ./networkMap.nix ]; local.sys = { @@ -51,67 +50,9 @@ with lib; { }; }; - networking.firewall.allowedUDPPorts = [51820]; #TODO - - systemd = { - extraConfig = '' - DefaultTimeoutStartSec=900s - ''; - - network = let - inherit (config.local.sys) nets; - in { - enable = true; - - netdevs = { - wg-vpn = { - netdevConfig = { - Name = "wg-vpn"; - Kind = "wireguard"; - }; - - wireguardConfig = { - PrivateKeyFile = "/var/trust/wg/vpn/key.priv"; - ListenPort = "51820"; - }; - - wireguardPeers = [ - { - PublicKey = "wwUp3Uu/rSxbp+6J745O+cpnZHGWOJYWfWEsTjRE3yU="; - PresharedKeyFile = "/var/trust/wg/vpn/vps-posixlycorrect.psk"; - AllowedIPs = ["${nets.vpn-posixlycorrect.v6.cidr}"]; - } - { - PublicKey = "YFqg/ED26KygSRSmGzvUXpwnXPqMOI3R3caVfAtHVks="; - PresharedKeyFile = "/var/trust/wg/vpn/vps-pixel8.psk"; - AllowedIPs = ["${nets.vpn-pixel8.v6.cidr}"]; - } - ]; - }; - }; - - networks = { - wg-vpn = { - name = "wg-vpn"; - - networkConfig = { - Address = [ - nets.vpn-vps.hosts.vps.v6.cidr - ]; - }; - - routes = [ - { - Destination = nets.vpn.v6.cidr; - } - { - Source = nets.vpn.v6.cidr; - } - ]; - }; - }; - }; - }; + systemd.extraConfig = '' + DefaultTimeoutStartSec=900s + ''; time.timeZone = "Europe/Amsterdam"; } diff --git a/sys/platforms/vps/networkMap.nix b/sys/platforms/vps/networkMap.nix deleted file mode 100644 index 473815e..0000000 --- a/sys/platforms/vps/networkMap.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - config, - pkgs, - lib, - flakes, - ... -}: -with lib; { - local.sys.nets = { - default = { - v4 = { - bits = 32; - prefix = "37.205.12.34"; - }; - - v6 = { - bits = 64; - prefix = "2a03:3b40:fe:102"; - }; - - hosts = { - vps.v6.suffix = "1"; - vps.v4.suffix = ""; - }; - }; - - vpn = { - v6 = { - bits = 48; - prefix = "2a03:3b40:2b"; - }; - }; - - vpn-vps = { - v6 = { - bits = 64; - prefix = "2a03:3b40:2b:1000"; - }; - - hosts = { - vps.v6.suffix = "1"; - }; - }; - - vpn-posixlycorrect = { - v6 = { - bits = 64; - prefix = "2a03:3b40:2b:1001"; - }; - - hosts = { - posixlycorrect.v6.suffix = "1"; - }; - }; - - vpn-pixel8 = { - v6 = { - bits = 64; - prefix = "2a03:3b40:2b:1002"; - }; - - hosts = { - pixel8.v6.suffix = "1"; - }; - }; - - vpn-t14 = { - v6 = { - bits = 64; - prefix = "2a03:3b40:2b:1003"; - }; - - hosts = { - t14.v6.suffix = "1"; - }; - }; - }; -} diff --git a/sys/platforms/vps/srv/immich.nix b/sys/platforms/vps/srv/immich.nix index 1fb0fc8..9aadc3d 100644 --- a/sys/platforms/vps/srv/immich.nix +++ b/sys/platforms/vps/srv/immich.nix @@ -28,46 +28,6 @@ with lib; { environment = { IMMICH_TELEMETRY_EXCLUDE = "host,api,io,repo,job"; }; - settings = { - machineLearning = { - enabled = false; - }; - job = { - backgroundTask = { - concurrency = 1; - }; - smartSearch = { - concurrency = 1; - }; - metadataExtraction = { - concurrency = 1; - }; - faceDetection = { - concurrency = 1; - }; - search = { - concurrency = 1; - }; - sidecar = { - concurrency = 1; - }; - library = { - concurrency = 1; - }; - migration = { - concurrency = 1; - }; - thumbnailGeneration = { - concurrency = 1; - }; - videoConversion = { - concurrency = 1; - }; - notifications = { - concurrency = 1; - }; - }; - }; }; }; } diff --git a/sys/platforms/vps/srv/net.nix b/sys/platforms/vps/srv/net.nix index fc97444..fdd3dd8 100644 --- a/sys/platforms/vps/srv/net.nix +++ b/sys/platforms/vps/srv/net.nix @@ -3,11 +3,9 @@ pkgs, ... }: -with lib; let - inherit (config.local.sys) nets; -in { +with lib; { networking = { - nftables.enable = false; # learn how to use this later + nftables.enable = true; firewall = { enable = true; allowedTCPPorts = [80 443]; @@ -54,11 +52,7 @@ in { fail2ban = { enable = true; bantime = "10m"; - ignoreIP = [ - nets.default.hosts.vps.v6.cidr - nets.default.hosts.vps.v4.address - nets.vpn.v6.cidr - ]; + ignoreIP = ["37.205.12.34"]; # Never ban the server's own IP bantime-increment = { enable = true; formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)"; diff --git a/sys/platforms/vps/srv/syncthing.nix b/sys/platforms/vps/srv/syncthing.nix index 0d4f9e8..cdcbb41 100644 --- a/sys/platforms/vps/srv/syncthing.nix +++ b/sys/platforms/vps/srv/syncthing.nix @@ -13,7 +13,6 @@ with lib; { openDefaultPorts = true; guiAddress = "127.0.0.1:8384"; settings.options.urAccepted = -1; - dataDir = "/mnt/export2179/syncthing"; relay = { enable = true; pools = [];