amaury_joly/nix-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: amaury_joly:6c9ba6ea8800e553f14d784d0545ff25ca73e11b
Branches Tags
amaury_joly:master
...
compare: amaury_joly:b4f7205dcefebc58e51c76d563fba1ba143bc0a5
Branches Tags
amaury_joly:master

2 Commits
6c9ba6ea88 ... b4f7205dce

Author SHA1 Message Date
Amaury JOLY
b4f7205dce c'est le bordel un peu 2026-04-10 18:38:21 +02:00
Amaury JOLY
6105c58cda reformat 2026-04-02 14:10:16 +02:00
32 changed files with 470 additions and 480 deletions
Expand all files Collapse all files

7
config.nix
View File

@@ -1,19 +1,18 @@
# Central Configuration
# Define user-specific and system-specific values here
# This file should be imported in flake.nix as specialArgs
{
# User configuration
username = "alice";
userEmail = "amaury.joly";
# System paths
configFlakePath = /etc/nixos;
# Timezone and locale
timezone = "Europe/Paris";
locale = "fr_FR.UTF-8";
# Hostname
hostname = "nixos";
}

56
configuration-vmgaming.nix
View File

@@ -1,38 +1,31 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
imports = [
./hosts/vmgaming/configuration.nix
./hosts/vmgaming
./modules/nixos/base.nix
./modules/nixos/desktop-i3.nix
./modules/nixos/parsec.nix
./modules/common/base.nix
./modules/common/desktop-i3.nix
./modules/common/parsec.nix
./modules/common/users.nix
./modules/laptop/users.nix
./modules/laptop/gaming.nix
];
networking.hostName = "VMGaming";
networking.useDHCP = lib.mkDefault true;
# Proxmox VM: boot in UEFI mode without touching host EFI variables.
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
boot.loader.efi.canTouchEfiVariables = false;
boot.blacklistedKernelModules = ["nouveau"];
boot.blacklistedKernelModules = [ "nouveau" ];
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
# services.spice-vdagentd.enable = true;
# Gaming VM guest optimizations
programs.gamemode.enable = true;
programs.gamescope.enable = true;
security.rtkit.enable = true;
# security.rtkit.enable = true;
services.pipewire = {
enable = true;
@@ -42,26 +35,9 @@
};
services.pulseaudio.enable = false;
hardware.graphics = {
enable = true;
enable32Bit = true;
};
# NVIDIA passthrough guest defaults.
# If you pass through an AMD GPU instead, replace with:
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
modesetting.enable = true;
#powerManagement.enable = false;
open = false;
#nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
services.xserver.deviceSection = ''
Option "AllowEmptyInitialConfiguration"
'';
# services.xserver.deviceSection = ''
# Option "AllowEmptyInitialConfiguration"
# '';
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";

44
configuration.nix
View File

@@ -1,26 +1,28 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
# Hardware configuration
./hosts/laptop/configuration.nix
# NixOS base modules
./modules/nixos/base.nix
./modules/nixos/yubikey.nix
./modules/nixos/desktop-i3.nix
./modules/nixos/net.nix
./modules/nixos/wireless-networks.nix
./modules/nixos/parsec.nix
./modules/common/base.nix
./modules/common/yubikey.nix
./modules/common/desktop-i3.nix
./modules/common/net.nix
./modules/common/parsec.nix
./modules/common/users.nix
./modules/common/obs.nix
# Laptop-specific modules
./modules/laptop/default.nix
./modules/laptop/fingerprint.nix
./modules/laptop/users.nix
./modules/laptop/home-manager.nix
./modules/laptop/bluetooth.nix
./modules/laptop/zwift.nix
# Optional feature modules (with options)
./modules/laptop/gaming.nix
./modules/laptop/virtualization.nix
@@ -35,10 +37,10 @@
# Enable optional features via custom options
custom.gaming.enable = true;
custom.gaming.enableXpadneo = true;
custom.virtualization.docker.enable = true;
custom.virtualization.virtualbox.enable = true;
custom.printing.enable = true;
custom.printing.printers = [
{
@@ -52,12 +54,20 @@
}
];
custom.printing.defaultPrinter = "TOSHIBA_5eme_Luminy";
custom.power.enable = true;
custom.power.cpuGovernor = "powersave";
custom.bluetooth.enable = true;
custom.bluetooth.powerOnBoot = true;
custom.zwift.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
services.pulseaudio.enable = false;
}

72
devshells.nix Normal file
View File

@@ -0,0 +1,72 @@
{pkgs}: let
latexDevExtension = with pkgs.vscode-extensions; [
james-yu.latex-workshop
eamodio.gitlens
jebbs.plantuml
];
extensionJsonFile = pkgs.writeTextFile {
name = "vscode-exentsions-json";
destination = "/share/vscode/extension/extension.json";
text = pkgs.vscode-utils.toExtensionJson latexDevExtension;
};
seededExtension = pkgs.buildEnv {
name = "vscode-tex-seeded-extensions";
paths = latexDevExtension ++ [extensionJsonFile];
};
vscodeIsolated = pkgs.writeShellScriptBin "code" ''
set -euo pipefail
VSCODE_TEX_HOME="''${XDG_CACHE_HOME:-$HOME/.cache}/vscode-tex-shell"
USER_DATA_DIR="$VSCODE_TEX_HOME/user-data"
EXT_DIR="$VSCODE_TEX_HOME/extensions"
mkdir -p "$USER_DATA_DIR" "$EXT_DIR"
for ext in ${seededExtension}/share/vscode/extensions/*; do
name="$(basename "$ext")"
if [ ! -e "$EXT_DIR/$name" ]; then
ln -s "$ext" "$EXT_DIR/$name"
fi
done
exec ${pkgs.vscode}/bin/code \
--user-data-dir "$USER_DATA_DIR" \
--extensions-dir "$EXT_DIR" \
"$@"
'';
in {
default = pkgs.mkShell {
packages = [
vscodeIsolated
# pkgs.latexmk
(pkgs.texliveBasic.withPackages
(
ps: [
ps.beamer
ps.preprint
ps.tikz-ext
ps.latexmk
ps.microtype
ps.mathtools
ps.thmtools
ps.enumitem
ps.csquotes
ps.cleveref
ps.algorithm2e
ps.ifoddpage
ps.relsize
ps.amsfonts
ps.amsmath
ps.geometry
ps.hyperref
ps.lm
ps.xcolor
ps.datetime2
]
))
];
};
}

172
dotconfig/i3/config
View File

@@ -1,130 +1,76 @@
# This file has been auto-generated by i3-config-wizard(1).
# It will not be overwritten, so edit it as you like.
#
# Should you change your keyboard layout some time, delete
# this file and re-run i3-config-wizard(1).
#
# i3 config file (v4)
#
# Please see https://i3wm.org/docs/userguide.html for a complete reference!
# Reference: https://i3wm.org/docs/userguide.html
############################
# Appearance and globals
############################
set $mod Mod4
set $refresh_i3status killall -SIGUSR1 i3status
gaps inner 10
gaps outer 12
default_border pixel 0
default_floating_border pixel 0
set $mod Mod4
# Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below.
font pango:monospace 8
# https://thomashunter.name/i3-configurator/
# class border bground text indicator child_border
client.focused #2F4A36 #2F4A36 #FFFFFF #2F4A36 #2F4A36
client.focused_inactive #52805E #52805E #FFFFFF #484E50 #5F676A
client.unfocused #0A100B #0A100B #888888 #292D2E #222222
client.urgent #2F343A #900000 #FFFFFF #900000 #900000
client.placeholder #000000 #0C0C0C #FFFFFF #000000 #0C0C0C
client.background #FFFFFF
# This font is widely installed, provides lots of unicode glyphs, right-to-left
# text rendering and scalability on retina/hidpi displays (thanks to pango).
#font pango:DejaVu Sans Mono 8
# Start XDG autostart .desktop files using dex. See also
# https://wiki.archlinux.org/index.php/XDG_Autostart
############################
# Startup
############################
exec --no-startup-id dex --autostart --environment i3
# exec_always --no-startup-id /home/alice/.config/i3/autostart.sh
# The combination of xss-lock, nm-applet and pactl is a popular choice, so
# they are included here as an example. Modify as you see fit.
# xss-lock grabs a logind suspend inhibit lock and will use i3lock to lock the
# screen before suspend. Use loginctl lock-session to lock your screen.
exec --no-startup-id xss-lock --transfer-sleep-lock -- i3lock --nofork
# NetworkManager is the most popular way to manage wireless networks on Linux,
# and nm-applet is a desktop environment-independent system tray GUI for it.
# exec --no-startup-id nm-applet
# Use pactl to adjust volume in PulseAudio.
set $refresh_i3status killall -SIGUSR1 i3status
############################
# Audio
############################
bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +10% && $refresh_i3status
bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -10% && $refresh_i3status
bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle && $refresh_i3status
bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle && $refresh_i3status
# Use Mouse+$mod to drag floating windows to their wanted position
############################
# Core behavior
############################
floating_modifier $mod
# start a terminal
# bindsym $mod+Return exec i3-sensible-terminal
# kill focused window
bindsym $mod+Shift+Q kill
# start dmenu (a program launcher)
bindsym $mod+d exec --no-startup-id rofi -show drun -show-icons
# A more modern dmenu replacement is rofi:
# bindcode $mod+40 exec "rofi -modi drun,run -show drun"
# There also is i3-dmenu-desktop which only displays applications shipping a
# .desktop file. It is a wrapper around dmenu, so you need that installed.
# bindcode $mod+40 exec --no-startup-id i3-dmenu-desktop
bindsym $mod+Return exec alacritty
bindsym $mod+Tab exec rofi -show combi -show-icons
# change focus
# bindsym $mod+j focus left
# bindsym $mod+k focus down
# bindsym $mod+l focus up
# bindsym $mod+m focus right
# alternatively, you can use the cursor keys:
# Focus
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# move focused window
# bindsym $mod+Shift+j move left
# bindsym $mod+Shift+k move down
# bindsym $mod+Shift+l move up
# bindsym $mod+Shift+M move right
# alternatively, you can use the cursor keys:
# Move windows
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
# split in horizontal orientation
# Layout
bindsym $mod+h split h
# split in vertical orientation
bindsym $mod+v split v
# enter fullscreen mode for the focused container
bindsym $mod+f fullscreen toggle
# change container layout (stacked, tabbed, toggle split)
bindsym $mod+s layout stacking
bindsym $mod+z layout tabbed
bindsym $mod+e layout toggle split
# toggle tiling / floating
bindsym $mod+Shift+space floating toggle
# change focus between tiling / floating windows
bindsym $mod+space focus mode_toggle
# focus the parent container
bindsym $mod+q focus parent
# focus the child container
#bindsym $mod+d focus child
# Define names for default workspaces for which we configure key bindings later on.
# We use variables to avoid repeating the names in multiple places.
############################
# Workspaces (AZERTY row)
############################
set $ws1 "1"
set $ws2 "2"
set $ws3 "3"
@@ -136,7 +82,6 @@ set $ws8 "8"
set $ws9 "9"
set $ws10 "10"
# switch to workspace
bindsym $mod+ampersand workspace number $ws1
bindsym $mod+eacute workspace number $ws2
bindsym $mod+quotedbl workspace number $ws3
@@ -148,7 +93,6 @@ bindsym $mod+underscore workspace number $ws8
bindsym $mod+ccedilla workspace number $ws9
bindsym $mod+agrave workspace number $ws10
# move focused container to workspace
bindsym $mod+Shift+1 move container to workspace number $ws1
bindsym $mod+Shift+eacute move container to workspace number $ws2
bindsym $mod+Shift+3 move container to workspace number $ws3
@@ -160,33 +104,25 @@ bindsym $mod+Shift+8 move container to workspace number $ws8
bindsym $mod+Shift+ccedilla move container to workspace number $ws9
bindsym $mod+Shift+agrave move container to workspace number $ws10
# reload the configuration file
bindsym $mod+p move workspace to output left
############################
# Session controls
############################
bindsym $mod+Shift+c reload
# restart i3 inplace (preserves your layout/session, can be used to upgrade i3)
bindsym $mod+Shift+r restart
# exit i3 (logs you out of your X session)
bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"
bindsym $mod+Shift+l exec --no-startup-id i3lock -n -c 000000
# resize window (you can also use the mouse for that)
############################
# Resize mode
############################
mode "resize" {
# These bindings trigger as soon as you enter the resize mode
# Pressing left will shrink the windows width.
# Pressing right will grow the windows width.
# Pressing up will shrink the windows height.
# Pressing down will grow the windows height.
# bindsym j resize shrink width 10 px or 10 ppt
# bindsym k resize grow height 10 px or 10 ppt
# bindsym l resize shrink height 10 px or 10 ppt
# bindsym m resize grow width 10 px or 10 ppt
# same bindings, but for the arrow keys
bindsym Left resize shrink width 10 px or 10 ppt
bindsym Down resize grow height 10 px or 10 ppt
bindsym Up resize shrink height 10 px or 10 ppt
bindsym Right resize grow width 10 px or 10 ppt
# back to normal: Enter or Escape or $mod+r
bindsym Return mode "default"
bindsym Escape mode "default"
bindsym $mod+r mode "default"
@@ -194,41 +130,7 @@ mode "resize" {
bindsym $mod+r mode "resize"
# Start i3bar to display a workspace bar (plus the system information i3status
# finds out, if available)
# bar {
# status_command /home/alice/.config/polybar/start.sh
# }
# exec --no-startup-id tint2
# custom
exec_always --no-startup-id /home/alice/.config/i3/autostart.sh
exec_always --no-startup-id /home/alice/.config/polybar/start.sh
exec_always --no-startup-id picom
# exec_always --no-startup-id eww open frame
# exec_alwaysé --no-startup-id betterlockscreen -u /home/alice/.config/betterlockscreen -u /home/alice/wallpaper/ -l dimb
bindsym $mod+Shift+l exec --no-startup-id i3lock -c 000000
bindsym $mod+Return exec alacritty
bindsym $mod+Tab exec rofi -show combi -show-icons
bindsym $mod+p move workspace to output left
# bindsym $mod+m exec autorandr right_h
# bindsym $mod+Shift+m exec autorandr right_v
# bindsym $mod+k exec autorandr left_h
# bindsym $mod+Shift+k exec autorandr left_v
# bindsym $mod+l exec autorandr laptop
# bindsym $mod+o exec autorandr duplicate
## Screenshots
# bindsym Print exec --no-startup-id maim "/home/$USER/Pictures/$(date)"
# bindsym $mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) "/home/$USER/Pictures/$(date)"
# bindsym Shift+Print exec --no-startup-id maim --select "/home/$USER/Pictures/$(date)"
## Clipboard Screenshots
# bindsym Ctrl+Print exec --no-startup-id maim | xclip -selection clipboard -t image/png
# bindsym Ctrl+$mod+Print exec --no-startup-id maim --window $(xdotool getactivewindow) | xclip -selection clipboard -t image/png
############################
# Screenshots
############################
bindsym $mod+Shift+Print exec --no-startup-id maim --select | xclip -selection clipboard -t image/png

40
dotconfig/picom/picom.conf
View File

@@ -1,40 +0,0 @@
# Picom configuration file
# Backend
backend = "glx";
vsync = true;
use-damage = true;
# Shadows
shadow = true;
shadow-radius = 10;
shadow-offset-x = -5;
shadow-offset-y = -5;
shadow-opacity = 0.8;
# Opacity
frame-opacity = 1.0;
# Fading
fading = true;
fade-in-step = 0.03;
fade-out-step = 0.03;
fade-delta = 10;
corner-radius = 20;
# regles par application
rules: ({
match = "class_g = 'Alacritty'";
opacity = 0.8;
}, {
match = "class_g = 'i3-frame'";
corner-radius = 0;
} , {
match = "class_g = 'Polybar'";
corner-radius = 0;
} , {
match = "class_g = 'Eww'";
corner-radius = 0;
}
);

10
dotconfig/polybar/config.ini.model
View File

@@ -69,7 +69,7 @@ offset-y = 40
background = ${color.background}
modules-left = net-wireless
modules-center = fs-system
modules-right = volume
modules-right = defaultaudio volume
radius-top = 0
; =========================
@@ -218,10 +218,16 @@ format-muted = <label-muted>
label-muted = VOL mute
label-muted-foreground = ${color.foreground-dim}
[module/defaultaudio]
type = custom/script
exec = wpctl inspect @DEFAULT_AUDIO_SINK@ 2>/dev/null | awk -F'"' '/^[[:space:]]*device\.api = "bluez5"/ { bt=1 } /^[[:space:]]*media\.name = "/ { name=$2 } END { print (bt && name) ? name : "local" }'
interval = 3
label = %output%
[module/tray]
type = internal/tray
format-margin = 2
tray-spacing = 0
tray-spacing = 2
[module/ping-amaury]
type = custom/script

66
flake.lock generated
View File

@@ -1,28 +1,5 @@
{
"nodes": {
"claude-desktop": {
"inputs": {
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1764098187,
"narHash": "sha256-H6JjWXhKqxZ8QLMoqndZx9e5x0Sv5AiipSmqvIxIbgo=",
"owner": "k3d3",
"repo": "claude-desktop-linux-flake",
"rev": "b2b040cb68231d2118906507d9cc8fd181ca6308",
"type": "github"
},
"original": {
"owner": "k3d3",
"repo": "claude-desktop-linux-flake",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
@@ -32,11 +9,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1773646590,
"narHash": "sha256-qwnecNC3DB0hSu6MvU27xh/Mg9uPbmmg7d1wBOtO7ds=",
"lastModified": 1774857716,
"narHash": "sha256-z05BKQ6F9/6H2/ecIYEXuq54JCUEiOpdYXTQIijB/wM=",
"owner": "nix-community",
"repo": "fenix",
"rev": "350a4df2afc34c1ae115173e0509cec7067a06c9",
"rev": "9ad9c53e902485e006c07ae54a7dd4ad55a8c4d8",
"type": "github"
},
"original": {
@@ -88,11 +65,11 @@
]
},
"locked": {
"lastModified": 1774007980,
"narHash": "sha256-FOnZjElEI8pqqCvB6K/1JRHTE8o4rer8driivTpq2uo=",
"lastModified": 1775622785,
"narHash": "sha256-/yFxO+7oS1SymDfJ2iVO7K5vJKcYfe9XGIJ+quLqz0Q=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9670de2921812bc4e0452f6e3efd8c859696c183",
"rev": "527e47b78fe67213072f706bf933a9705a8c4974",
"type": "github"
},
"original": {
@@ -125,11 +102,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1773821835,
"narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
"lastModified": 1775423009,
"narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
"rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
"type": "github"
},
"original": {
@@ -164,11 +141,11 @@
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1773927313,
"narHash": "sha256-2XjQPMd79Z5hOS67rjCuDyiIW4I7XpBe/7yYRSyhA8k=",
"lastModified": 1775547505,
"narHash": "sha256-DqQN57mJqoFSfgvC/VY+x2nLGN3gpAPZuQ4EqCuiPP0=",
"owner": "FirelightFlagboy",
"repo": "parsec-cloud-nix",
"rev": "b45bbf594b3031583c5b2c9609f6c5ebdc4df903",
"rev": "ccd1531532d2aeaed550d973719ac3272ca3439b",
"type": "github"
},
"original": {
@@ -204,7 +181,6 @@
},
"root": {
"inputs": {
"claude-desktop": "claude-desktop",
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
@@ -216,11 +192,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1773543526,
"narHash": "sha256-CKmkYqUi2pI1uDGDfpK0mkZbRLyjUKCpYDU3eMHtmks=",
"lastModified": 1774787924,
"narHash": "sha256-Cbpmf0+1pqi/zbpub2vkp5lTPx3QdVtDkkagDwQzHHg=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "90c8906e6443e7cee18cece9c2621a8b1c10794c",
"rev": "f1297b21119565c626320c1ffc248965fffb2527",
"type": "github"
},
"original": {
@@ -237,11 +213,11 @@
]
},
"locked": {
"lastModified": 1773889674,
"narHash": "sha256-+ycaiVAk3MEshJTg35cBTUa0MizGiS+bgpYw/f8ohkg=",
"lastModified": 1775619836,
"narHash": "sha256-VcC/+MMMldwQKcST2y/QTndGLusSxjeUvYwFwzZKKko=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "29b6519f3e0780452bca0ac0be4584f04ac16cc5",
"rev": "de5f2d596eb896a5728afcd15f823f59cb9ecfdb",
"type": "github"
},
"original": {
@@ -322,11 +298,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1773655023,
"narHash": "sha256-89jAxVhDIm6nFTBX3eM53NjLm36egOXYJGoPDogN4iE=",
"lastModified": 1775591480,
"narHash": "sha256-kgyMN5eOJwsOxnSszJ9709vKvp7vvSQ/t1AI8mJ11Sk=",
"owner": "netbrain",
"repo": "zwift",
"rev": "a015de248bac88a3eec734b6565a86e10214a486",
"rev": "f425356bdef3b5d0625dec6d860b23dc1efdef17",
"type": "github"
},
"original": {

46
flake.nix
View File

@@ -8,52 +8,50 @@
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
parsec-cloud-nix = {
url = "github:FirelightFlagboy/parsec-cloud-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
claude-desktop = {
url = "github:k3d3/claude-desktop-linux-flake";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
zwift.url = "github:netbrain/zwift";
};
outputs = { self, nixpkgs, sops-nix, home-manager, zwift, flake-utils, parsec-cloud-nix, claude-desktop, ... }:
let
customConfig = import ./config.nix;
in
flake-utils.lib.eachDefaultSystem (system:
let
outputs = {
self,
nixpkgs,
sops-nix,
home-manager,
zwift,
flake-utils,
parsec-cloud-nix,
...
}: let
customConfig = import ./config.nix;
in
flake-utils.lib.eachDefaultSystem (
system: let
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
};
in {
}) //
{
devShells = import ./devshells.nix {inherit pkgs;};
}
)
// {
nixosConfigurations.laptop = nixpkgs.lib.nixosSystem {
modules = [
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
zwift.nixosModules.zwift
./configuration.nix
({ pkgs, lib, ...}:
{
environment.systemPackages = with pkgs; [
claude-desktop.packages.${pkgs.stdenv.hostPlatform.system}.claude-desktop-with-fhs
];
})
];
specialArgs = {
inherit customConfig;
inherit self;
parsec-cloud-nix = parsec-cloud-nix;
claude-desktop = claude-desktop;
};
};
@@ -64,8 +62,8 @@
specialArgs = {
inherit customConfig;
inherit self;
parsec-cloud-nix = parsec-cloud-nix;
claude-desktop = claude-desktop;
};
};
};

47
hosts/laptop/configuration.nix
View File

@@ -1,40 +1,41 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/e9209e4f-94b4-45ef-bed6-9435c96ee864";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/e9209e4f-94b4-45ef-bed6-9435c96ee864";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/E59B-B8FC";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/E59B-B8FC";
fsType = "vfat";
options = ["fmask=0077" "dmask=0077"];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/e8cd6918-bc63-4d24-b8eb-6a1170844a80"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/e8cd6918-bc63-4d24-b8eb-6a1170844a80";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

25
hosts/vmgaming/configuration.nix
View File

@@ -1,17 +1,15 @@
# Do not modify this file directly on every rebuild. It should contain host
# specific hardware/VM configuration for VMGaming (Proxmox guest).
{ config, lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = with config.boot.kernelPackages; [ xone ];
boot.kernelParams = [ "console=ttyS0,115200" ];
config,
lib,
...
}: {
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = with config.boot.kernelPackages; [xone];
boot.kernelParams = ["console=ttyS0,115200"];
services.getty.autologinUser = null;
boot.extraModprobeConfig = ''
@@ -27,13 +25,12 @@
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2919-0F27";
fsType = "vfat";
# options = [ "fmask=0077" "dmask=0077" ];
# options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
swapDevices = [];
networking.useDHCP = lib.mkDefault true;
services.qemuGuest.enable = true;
hardware.xone.enable = true;

7
hosts/vmgaming/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{...}: {
imports = [
./configuration.nix
./proxmox.nix
./nvidia.nix
];
}

14
hosts/vmgaming/nvidia.nix Normal file
View File

@@ -0,0 +1,14 @@
{config, ...}: {
services.xserver.videoDrivers = ["nvidia"];
hardware.graphics = {
enable = true;
};
hardware.nvidia = {
modesetting.enable = true;
open = false;
package = config.boot.kernelPackages.nvidiaPackages.stable;
nvidiaSettings = true;
};
}

16
hosts/vmgaming/proxmox.nix Normal file
View File

@@ -0,0 +1,16 @@
{modulesPath, ...}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
services.qemuGuest.enable = true;
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
devices = ["nodev"];
};
boot.loader.efi.canTouchEfiVariables = false;
}

18
modules/nixos/base.nix → modules/common/base.nix
View File

@@ -2,12 +2,14 @@
# Description: Core NixOS configuration with Nix settings, base packages, fonts,
# localization (FR), Fish shell, and security (GPG)
# Services: gvfs, udisks2, gnupg-agent
{ pkgs, customConfig, ... }:
{
pkgs,
customConfig,
self,
...
}: {
nix.settings = {
experimental-features = [ "nix-command" "flakes" ];
experimental-features = ["nix-command" "flakes"];
substituters = [
"https://cache.nixos.org/"
"https://parsec-cloud.cachix.org"
@@ -17,11 +19,13 @@
];
};
nix.registry.tex.flake = self;
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = builtins.toString customConfig.configFlakePath;
flake = toString customConfig.configFlakePath;
};
nixpkgs.config.allowUnfree = true;
@@ -47,6 +51,8 @@
unzip
scream
nixd
alejandra
];
fonts.packages = with pkgs; [
@@ -65,4 +71,4 @@
# WARNING: DO NOT CHANGE this value after installation!
# See: https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion
system.stateVersion = "24.05";
}
}

71
modules/nixos/desktop-i3.nix → modules/common/desktop-i3.nix
View File

@@ -2,34 +2,77 @@
# Description: Enables X11 with i3 window manager and associated desktop tools
# Services: xserver with i3
# Packages: alacritty (terminal), tint2 (panel), rofi (launcher), i3lock, dunst
{ pkgs, ... }:
let
{pkgs, ...}: let
updatescreen = pkgs.writeShellScript "updatescreens.sh" ''
#!/bin/sh
i3-msg restart
feh --bg-fill --no-xinerama Downloads/fire1.png
'';
in
{
services.xserver.enable = true;
services.xserver.windowManager.i3.enable = true;
services.xserver.autorun = true;
in {
services.xserver = {
enable = true;
windowManager.i3.enable = true;
autorun = true;
};
services.displayManager.defaultSession = "none+i3";
programs.i3lock.enable = true;
programs.xss-lock = {
enable = true;
lockerCommand = "${pkgs.i3lock}/bin/i3lock --nofork -c 000000";
extraOptions = ["--transfer-sleep-lock"];
};
services.logind.settings.Login = {
IdleAction = "suspend";
IdleActionSec = "15min";
HandleLidSwitch = "suspend";
};
services.picom = {
enable = true;
backend = "glx";
vSync = true;
shadow = true;
shadowOpacity = 0.8;
shadowOffsets = [(-5) (-5)];
fade = true;
fadeDelta = 10;
fadeSteps = [0.03 0.03];
opacityRules = [
"80:class_g = 'Alacritty'"
];
settings = {
use-damage = true;
shadow-radius = 10;
frame-opacity = 1.0;
corner-radius = 20;
rounded-corners-exclude = [
"class_g = 'i3-frame'"
"class_g = 'Polybar'"
];
};
};
environment.systemPackages = with pkgs; [
alacritty
tint2
awesome
maim
xclip
dunst
xss-lock
dex
rofi
polybarFull
oh-my-posh
picom
playerctl
zscroll
feh
@@ -95,4 +138,4 @@ in
};
};
};
}
}

49
modules/nixos/net.nix → modules/common/net.nix
View File

@@ -3,33 +3,32 @@
# configuration via wpa_supplicant, and hostname settings
# Services: dnscrypt-proxy (primary + backup), wpa_supplicant
# Security: WiFi credentials stored via sops-nix secrets
{ config, lib, pkgs, customConfig, ... }:
let
{
config,
lib,
pkgs,
customConfig,
...
}: let
backupToml = pkgs.writeText "dnscrypt-proxy-backup.toml" ''
listen_addresses = ["127.0.0.2:53"]
server_names = ["dns0-eu"]
[sources.public-resolvers]
urls = ['https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md']
cache_file = '/var/lib/dnscrypt-proxy-backup/public-resolvers.md'
minisign_key = 'RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3'
refresh_delay = 72
'';
userHome = "/home/${customConfig.username}";
in
{
in {
networking.nftables.enable = true;
networking.firewall = {
enable = true;
allowPing = true;
# allowedTCPPorts = [ ... ]; # keep closed by default
interfaces.docker0 = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [53];
allowedTCPPorts = [53];
};
};
@@ -49,16 +48,22 @@ in
# systemd.services.wpa_supplicant.after = [ "sops-install-secrets.service" ];
# systemd.services.wpa_supplicant.requires = [ "sops-install-secrets.service" ];
# You can also define networks in Nix if you prefer (less secure - names visible):
# networking.wireless.networks = { ... };
networking.interfaces.lo.ipv4.addresses = [
{ address = "127.0.0.1"; prefixLength = 8; }
{ address = "127.0.0.2"; prefixLength = 8; }
{
address = "127.0.0.1";
prefixLength = 8;
}
{
address = "127.0.0.2";
prefixLength = 8;
}
];
networking.nameservers = [ "127.0.0.1" "127.0.0.2" ];
networking.nameservers = ["127.0.0.1" "127.0.0.2"];
# networking.networkmanager.dns = "none";
services.resolved.enable = false;
@@ -66,12 +71,12 @@ in
services.dnscrypt-proxy = {
enable = true;
settings = {
listen_addresses = [ "127.0.0.1:53" "172.17.0.1:53" ];
server_names = [ "amaury" ];
listen_addresses = ["127.0.0.1:53" "172.17.0.1:53"];
server_names = ["amaury"];
bootstrap_resolvers = [];
sources = {};
static = {
"amaury".stamp = "sdns://AgcAAAAAAAAADTgyLjY0LjIzNy4yNDYADWFtYXVyeWpvbHkuZnIUL2Rucy1xdWVyeS9pZC1hbWF1cnk";
"amaury".stamp = "sdns://AgcAAAAAAAAADTgyLjY0LjIzNy4yNDYADWFtYXVyeWpvbHkuZnIUL2Rucy1xdWVyeS9pZC1hbWF1cnk";
};
cache = true;
ignore_system_dns = true;
@@ -81,8 +86,8 @@ in
systemd.services."dnscrypt-proxy-backup" = {
description = "dnscrypt-proxy backup (dns0-eu)";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
ExecStart = "${pkgs.dnscrypt-proxy}/bin/dnscrypt-proxy -config ${backupToml}";
Restart = "on-failure";
@@ -95,4 +100,4 @@ in
systemd.services.dnscrypt-proxy.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
}
}

11
modules/common/obs.nix Normal file
View File

@@ -0,0 +1,11 @@
{pkgs, ...}: {
programs.obs-studio = {
enable = true;
enableVirtualCamera = true;
plugins = with pkgs.obs-studio-plugins; [
obs-pipewire-audio-capture
];
};
}

12
modules/nixos/parsec.nix → modules/common/parsec.nix
View File

@@ -2,10 +2,11 @@
# Description: Installs Parsec Cloud client (v3) with CLI and GUI
# Dependencies: parsec-cloud-nix flake input
# Note: Requires increased Node.js heap size during build (workaround)
{ pkgs, parsec-cloud-nix, ... }:
let
{
pkgs,
parsec-cloud-nix,
...
}: let
pc = parsec-cloud-nix.packages.${pkgs.stdenv.hostPlatform.system};
# WORKAROUND: Parsec build runs out of memory without increased heap size
@@ -19,8 +20,7 @@ let
};
parsecCli = pc.parsec-cloud.v3.cli;
in
{
in {
environment.systemPackages = [
parsecClientPatched
parsecCli

20
modules/laptop/users.nix → modules/common/users.nix
View File

@@ -2,15 +2,16 @@
# Description: Defines the main user 'alice' with groups, permissions, and user packages
# Packages: Browsers (Firefox), Office (LibreOffice), Development (VSCode, Git),
# Media (VLC, Spotify), Communication (Slack, Thunderbird), and more
{ pkgs, customConfig, ... }:
{
pkgs,
customConfig,
...
}: {
users.users."${customConfig.username}" = {
isNormalUser = true;
home = "/home/${customConfig.username}";
# Base groups - docker/vboxusers are added by virtualization.nix if enabled
extraGroups = [ "wheel" "audio" "dialout" "plugdev" ];
extraGroups = ["wheel" "audio" "dialout" "plugdev"];
packages = with pkgs; [
# Browsers & Web
firefox
@@ -43,10 +44,11 @@
pympress
# Gaming & Entertainment
prismlauncher # Minecraft launcher
widelands # Strategy game
wasistlos # Game
moonlight-qt # Game streaming
prismlauncher # Minecraft launcher
# widelands # Strategy game
wasistlos # Game
signal-desktop
moonlight-qt # Game streaming
# System & Cloud
rclone
@@ -57,7 +59,7 @@
age
];
openssh.authorizedKeys.keys = [
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCMzLza+1iFSUgZaPzEwpRNW/CvcsbXh8vJ9RevwFntNZdZIVc/j5OLRy+GOojlZdar070PkKDO+Pmtqu1uQ4XE+onqmsxom5JGyYaSScB3l33CLL2jBT7mBqBOVDuTBj3ACLT8fS1eUolI7erShvIH9VUvrg83bZ2CvgA/DjJLHfVCpvx9EsG0Q00k27LNU7yXga8sjK1YikA+o1bKTWavCGOWkZMFXOVeEDR+arOQ440s6f6eg7C+30V02ijRLA6pWFAkj2/fMaD+44IPMVjOj96vvPUJrlL1N7BDPxBlj1rrB35+pUkpVIN4B0etqnkrJIV+IxtmSpkNHr52Y7nkTu3mOWn1P0DcOdR5OA8JZRbSkbL/QW4GzFWs3eN7CMOMwKQdO+1J/wL4U7qrmKEYwcNaprqlDF0SIPp0+l/VWNMe6uK0r5iZwp355PUSR+Zc5skf74wMsZ1LokUlihdI+E6TNGvmDgjqKx6OrI3dyP/eW7xtR7KvbdoaUjy8AE8= alice@nixos"
];
};

8
modules/nixos/yubikey.nix → modules/common/yubikey.nix
View File

@@ -1,13 +1,11 @@
# Module: YubiKey Authentication
# Description: Enables YubiKey-based PAM auth for login and sudo across systems
{ pkgs, ... }:
{
# TODO
{pkgs, ...}: {
security.pam.services = {
login.u2fAuth = true;
sudo.u2fAuth = true;
};
services.udev.packages = [ pkgs.yubikey-personalization ];
services.udev.packages = [pkgs.yubikey-personalization];
}

11
modules/laptop/bluetooth.nix
View File

@@ -1,13 +1,14 @@
# Module: Bluetooth Configuration
# Description: Enables Bluetooth with dual controller mode and experimental features
# Services: bluetooth, blueman (GUI manager)
{ config, lib, ... }:
{
config,
lib,
...
}: {
options.custom.bluetooth = {
enable = lib.mkEnableOption "Bluetooth support with blueman GUI";
powerOnBoot = lib.mkOption {
type = lib.types.bool;
default = true;
@@ -30,4 +31,4 @@
};
services.blueman.enable = true;
};
}
}

12
modules/laptop/default.nix
View File

@@ -3,16 +3,12 @@
# Services: sops-nix
# Dependencies: sops-nix for secrets management
# Note: Other laptop features (gaming, virtualization, etc.) are in separate modules
{ customConfig, ... }:
let
{customConfig, ...}: let
userHome = "/home/${customConfig.username}";
in
{
in {
sops.validateSopsFiles = false;
sops.age.keyFile = "${userHome}/.config/sops/age/keys.txt";
# WiFi networks configuration - entire network list encrypted
sops.secrets.wifi-networks = {
path = "/run/secrets/wifi-networks.conf";
@@ -33,4 +29,4 @@ in
};
services.xserver.xkb.layout = "fr";
}
}

4
modules/laptop/fingerprint.nix
View File

@@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
services.fprintd.enable = true;
services.fprintd.tod.enable = true;
services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix-550a;

14
modules/laptop/gaming.nix
View File

@@ -1,13 +1,15 @@
# Module: Gaming Support
# Description: Enables Steam and gamepad drivers (xpadneo for Xbox controllers)
# Services: Steam, steam-hardware
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
options.custom.gaming = {
enable = lib.mkEnableOption "gaming support (Steam, gamepad drivers)";
enableXpadneo = lib.mkOption {
type = lib.types.bool;
default = true;
@@ -17,11 +19,11 @@
config = lib.mkIf config.custom.gaming.enable {
hardware.steam-hardware.enable = true;
programs.steam = {
enable = true;
};
boot.extraModulePackages = lib.mkIf config.custom.gaming.enableXpadneo [
pkgs.linuxPackages.xpadneo
];

11
modules/laptop/home-manager.nix
View File

@@ -1,6 +1,8 @@
{ lib, customConfig, ... }:
let
{
lib,
customConfig,
...
}: let
username = customConfig.username;
dotconfigPath = ../../dotconfig;
dotconfigEntries = lib.filterAttrs (name: _: !(lib.hasPrefix "." name)) (builtins.readDir dotconfigPath);
@@ -15,8 +17,7 @@ let
recursive = true;
}
);
in
{
in {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "hm-backup";

9
modules/laptop/power.nix
View File

@@ -1,13 +1,14 @@
# Module: Power Management
# Description: CPU frequency governor and power management settings
# Services: powerManagement
{ config, lib, ... }:
{
config,
lib,
...
}: {
options.custom.power = {
enable = lib.mkEnableOption "power management configuration";
cpuGovernor = lib.mkOption {
type = lib.types.str;
default = "powersave";

16
modules/laptop/printing.nix
View File

@@ -1,19 +1,20 @@
# Module: Printing Configuration
# Description: CUPS printing service with configured printers
# Services: printing (CUPS)
{ config, lib, ... }:
{
config,
lib,
...
}: {
options.custom.printing = {
enable = lib.mkEnableOption "printing support (CUPS)";
printers = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
default = [];
description = "List of printers to configure";
};
defaultPrinter = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
@@ -23,10 +24,11 @@
config = lib.mkIf config.custom.printing.enable {
services.printing.enable = true;
hardware.printers = lib.mkIf (config.custom.printing.printers != []) {
ensurePrinters = config.custom.printing.printers;
ensureDefaultPrinter = lib.mkIf (config.custom.printing.defaultPrinter != null)
ensureDefaultPrinter =
lib.mkIf (config.custom.printing.defaultPrinter != null)
config.custom.printing.defaultPrinter;
};
};

23
modules/laptop/virtualization.nix
View File

@@ -1,21 +1,24 @@
# Module: Virtualization
# Description: Docker and VirtualBox virtualization support
# Services: Docker daemon, VirtualBox
{ config, lib, pkgs, customConfig, ... }:
{
config,
lib,
pkgs,
customConfig,
...
}: {
options.custom.virtualization = {
docker = {
enable = lib.mkEnableOption "Docker container runtime";
dnsServers = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ "172.17.0.1" ];
default = ["172.17.0.1"];
description = "DNS servers for Docker containers (points to dnscrypt-proxy)";
};
};
virtualbox = {
enable = lib.mkEnableOption "VirtualBox virtualization";
};
@@ -30,13 +33,13 @@
dns = config.custom.virtualization.docker.dnsServers;
};
};
users.users."${customConfig.username}".extraGroups = [ "docker" ];
users.users."${customConfig.username}".extraGroups = ["docker"];
})
(lib.mkIf config.custom.virtualization.virtualbox.enable {
virtualisation.virtualbox.host.enable = true;
users.users."${customConfig.username}".extraGroups = [ "vboxusers" ];
users.users."${customConfig.username}".extraGroups = ["vboxusers"];
})
];
}

15
modules/laptop/zwift.nix
View File

@@ -2,10 +2,13 @@
# Description: Configures Zwift cycling simulator via Docker with proper networking
# Services: Zwift Docker container
# Ports: UDP 3022, 3024 / TCP 21587, 21588
{ config, lib, pkgs, customConfig, ... }:
{
config,
lib,
pkgs,
customConfig,
...
}: {
options.custom.zwift = {
enable = lib.mkEnableOption "Zwift cycling simulator";
};
@@ -14,7 +17,7 @@
programs.zwift = {
enable = true;
image = "docker.io/netbrain/zwift";
version = "latest"; # FIXME: Pin to specific version for reproducibility
version = "latest"; # FIXME: Pin to specific version for reproducibility
containerTool = "docker";
zwiftWorkoutDir = "/var/lib/zwift/workouts";
zwiftActivityDir = "/var/lib/zwift/activities";
@@ -28,8 +31,8 @@
};
networking.firewall = {
allowedUDPPorts = [ 3022 3024 ];
allowedTCPPorts = [ 21587 21588 ];
allowedUDPPorts = [3022 3024];
allowedTCPPorts = [21587 21588];
};
};
}

16
modules/nixos/wireless-networks.nix
View File

@@ -1,16 +0,0 @@
# Module: Wireless Networks Configuration (Encrypted)
# Description: WiFi networks configuration fully encrypted with sops-nix
# Security: Network names, SSIDs, and all configuration stored in encrypted secrets
# Files: ~/.config/secrets/wifi-networks.yaml (encrypted with sops)
# Note: The actual networks are loaded at runtime from the encrypted file
{ config, lib, pkgs, ... }:
{
# WiFi networks are loaded from encrypted file at runtime
# The file is in wpa_supplicant.conf format and gets included by wpa_supplicant
# This approach keeps network names and configuration completely private
# Note: If wifi-networks secret doesn't exist yet, this won't cause errors
# You can still use the old method (networking.wireless.networks in Nix) if needed
}

8
secrets/wifi-networks.yaml
View File

@@ -1,4 +1,4 @@
wifi-networks: ENC[AES256_GCM,data:jcHmQ+iXRW4+OeZlvMJsn7oz5Fn18BtflKwVO3eHFwAESGvXI1OZGdrO0KyH+JMftRQKgQsGsdsLtxCWQgvVUpisgsyw7EV2XnMVMARWFnVfRxX7MOIszhzJGOsrfLxWbaJ08kGYIkSoamKjQCfltdXnafHF74lZbWVI6iU2KyiRgUB9jUxo1spfeHBWRFH57fa9bWHELg/5Wn7B0AAvgdc/foArEGfbkCUdBWCrm2iR2guw/zeCkufcQdw4erhBIOSX2F48rHPcAwZKZrruut5VGqDBHpHf4++OTieA8lSd+s9LL6MecziieGL2LGEhQ9v0fdmwlvGFp6ADOJJwpwAiv0ApxLvm7dVEXbz3AN6mEhy4P2YjhiWsafOt2yBL2Dskm332ctXvGI8GR2o1d8kh/Dqf6KK/hFVdkV49HH2jr8tgive6pBAc9mPEvPfRopwOkk1cbeP9OL/WUBIAkWVMJcpSZla0TIWZidamnH46uBSX8PdsL3RKBnsTf/cC3QZnyLAWWS5pSZ3UVb5vfBZEyooDZNFfpRLAKoisGmZYOPQKGljrx0ijDz63kGgvE26OWEbgDiEgTXvLFVd2mf4czNDDo4QVdA26G/xb85ub5mEZNJLv/o24AMWeQcqivxMn4rdwjjBwypuqILjA/8qx+CKH1u9vCmsVCf6Rl+Sp9awzsulcxDS6Irs1Hu4loVDnzLo1JE7x8GU4CdiyQS/8huTvrpvWkB0aQJo0QoPh7mixP7R3fDIMUf+sB4mwl8bC2Km2ZCKl80b1SstsXOldnvK4KdXyo09LSUPJzeWE8r/qEegfTptuwLuuyUx+IPqB4qdd1cRCYSOkzJ6LGRFeqOzzOPjpucvVQeNzz8y5vskBWDgTj8+3XQ==,iv:gSu1E7qVgwEcc/k1WL49pMRHIiNRfKGS70srW1JWfqI=,tag:lW1TTxSiBv7EDTHDSNztig==,type:str]
wifi-networks: ENC[AES256_GCM,data:ttpUrmiypU54BtQb4eSopI5iLt5OFS3v+WPWD9NiyQGbLcV9ABOr4CbGAbUOZqBAZgBJj4Byh6mdx5rNUiSk3pefJyJsXDEttGeFV+acOaw6fmyL8iFWV/lw5fQgzvWlM1rDJLq9WFwVMaNXrL+j8Gpgv/afOQbTa9WiBRh7pEjpAtR6wgRrGrT4Qby9xeoJYIVummilpP9ktAkXVQ7LtvFi2Xow02MFjzq9X9Yy+HjWE4MUDGTMkD1fAOTUq0UBwD2CoFGFceBLEFH7pwJt0PRJEMEtcsolV4nh1KyvHcCkiTR4C/jaC1ZFLbJdsAYf57paqASnRzJDiaR3EwpHlShTvvYSH0sMRZwaxNPJsP7CoYOfojIbVTUoc2bQWz6f4vow5RQRkMlIZ85ZUF46X3HOc3YdaDEFEeLvybgAbhF4X+LwjANc4iEy1SvU/oX/57U+L/urwtPgXIZvX3MDAM4VOotzK6WOUDVokTie24AZuIeSLrEvUJaurqSvzVc+qIvnt6Oigz7l7pNRnJ1auNUnaooAQdM1gwcFg/6sd6JwMgLN/aGd+bNcAohtPb+YlNdPmlZSvZIsTOSbzd1ouBg/CQSdo4GrtREymcaKI9pAQ55NOJqXQuB1LETBflENf2OiKRt555M2z38Zk0nXrhbldI1jMcxvGy/jKweJlpOqvheLIWKyT08P63tQ/UHIO7DxOL4DMlvNZi+pUG9I0XkiBeWi2J4EJwwP8gYAVjw2SxkJIbz1pzYFcLJfJnowbxpBcaHElDYRC87XfTT7LJapCkK6umDQyBjYInYyYyoJBcOaWJFEKpdA00pIsxNAwVY3D2bbqu5wNJ22KgVVAK8kRrkYha12kJt278BokZFKT910ZVZFEtb6uTycztEsvuHnUTbm8ujk19LwgUD9VYkoDb5JA7OMXF/Xo1DmSMbJkma/ghYQyhcsQt8fwXItTTFnnT6PGsj1,iv:J77cp8CzWyvfKTylOksLqlf7/HyqVjiZ8dQmVc10sqc=,tag:eqE7D/l4Pu1IKDovzNz2fw==,type:str]
sops:
age:
- recipient: age1hhyew9sv8lqqfeza92jkxsdudhsgaef66cxalp06ez2cm9k6aqysc7mlf7
@@ -10,7 +10,7 @@ sops:
NENiek9YeUhXNFhuZkZzRnBIYXdGY2cKpfSlzP7uK6VFl71OYfoHBxAwrKfpJSNT
QQUngSh6VBrWeJIxoMkJ7O+xSgwZnWc0fnrB+OpoRqy5YVctSmHERg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-03-21T09:20:19Z"
mac: ENC[AES256_GCM,data:20EScEe1X57+zwxObnNTgnG57acwJGLVjXOlN9rbh1Wq0F5Ve6Z4zmiv9AFz3GBOfE2n1T9Q9GcVV5T8PNreaM8tFATBdCihTebxESq0DPhcinReaMMftH+p/785z5zCCYvBR2QV+vmt24pcOH+h8H6X2LnjL3yo1uYx4PafFDE=,iv:xJ29oD17LqXX8KDStKl0SsTASi/7TrDX8f7pAsapWbI=,tag:S/zXh5d4TLfIH7J33ej4cA==,type:str]
lastmodified: "2026-04-06T08:15:15Z"
mac: ENC[AES256_GCM,data:Y9rEWXkTcDaoBtWhQ6RepnaaPUZujA6oeHhG/YdvhLLo0Nq3Or6F59YXaArwmTcOxjJzUP0eaUphZYuinVZKomMkxeFfm6ms4Tg6VHDzCxpmrwJgvWCjmmy69jrFm75l6D/Q1WeGqijsxuOCitYjgpfIDnfwomx1RPWTWNrs77M=,iv:gBspVAUPd8AexuAqKeMcuMDA9HVTXKkl87wntGUOtz0=,tag:B3yFoxu+Qs84bJQDJ6brKQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.1
version: 3.12.2