initial commit

config/base.nix

@@ -0,0 +1,45 @@
+# base.nix: basic have-this-everywhere nixos config
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [ 
+    ../hardware-configuration.nix
+    ./users.nix
+  ];
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "de_DE.UTF-8";
+  console.font = "Lat2-Terminus16";
+  console.keyMap = "de";
+
+  time.timeZone = "Europe/Berlin";
+  services.timesyncd.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    pkgs.vim_configurable
+    pkgs.neovim
+    pkgs.zsh
+    pkgs.wget 
+    pkgs.curl 
+    pkgs.rsync 
+    pkgs.git
+    pkgs.git-hub 
+    pkgs.python3
+    pkgs.pciutils
+    pkgs.dmidecode
+    pkgs.cpufrequtils
+    pkgs.binutils
+    pkgs.mc
+    pkgs.git
+    pkgs.htop
+    pkgs.bpytop
+  ];
+
+  networking.firewall = {
+    enable = true;
+    allowPing = true;
+  };
+  services.openssh.enable = true;
+
+}

config/gnome.nix

@@ -0,0 +1,20 @@
+# gnome.nix: install gnome
+ 
+ { config, pkgs, ... }:
+ 
+ {
+ services.xserver.desktopManager.gnome3.enable = true;
+   environment.gnome3.excludePackages = with pkgs.gnome3; [
+     epiphany
+     evolution
+     gnome-maps
+     gnome-music
+     gnome-photos
+     gedit
+     totem
+     gnome-calendar
+     gnome-weather
+     accerciser
+     gnome-software
+   ];
+ }

config/grsec.nix

@@ -0,0 +1,27 @@
+# grsec.nix: NIXOS used HARDEN! NIXOS's DEFENSE ROSE!
+
+{ config, lib, pkgs, ... }:
+
+{
+
+  # if you're an acer c710 (i know i am sometimes) you might also want:
+  # CHROME_PLATFORMS y
+  # CHROMEOS_LAPTOP m
+  # CHROMEOS_PSTORE m
+
+  nixpkgs.config.packageOverrides = pkgs: {
+    linux_grsec_nixos = pkgs.linux_grsec_nixos.override {
+      extraConfig = ''
+            PAX y
+            GRKERNSEC y
+            GRKERNSEC_CONFIG_AUTO y
+            GRKERNSEC_CONFIG_DESKTOP y
+            GRKERNSEC_CONFIG_SECURE y
+            GRKERNSEC_CONFIG_VIRT_EPT y
+      '';
+    };
+  };
+
+  security.grsecurity.enable = true;
+
+}

config/gui.nix

@@ -0,0 +1,82 @@
+# gui.nix: configure x11 stuff common to any wm/de
+
+{ config, pkgs, ... }:
+
+{
+  #imports = [ ./base.nix ];
+
+  networking.wireless.enable = false;
+  networking.networkmanager.enable = true;
+
+  environment.systemPackages = with pkgs; [
+    pkgs.powerline-fonts
+
+    pkgs.gtk3
+    pkgs.gtk_engines
+    pkgs.gnome2.gnome_icon_theme
+    pkgs.shared_mime_info
+    pkgs.arc-theme
+    pkgs.arc-icon-theme
+    pkgs.hicolor_icon_theme
+    pkgs.elementary-xfce-icon-theme
+
+    pkgs.rxvt_unicode
+    pkgs.redshift
+    pkgs.xorg.xbacklight
+    # internet / communication stuff
+    pkgs.pulseaudioFull
+    pkgs.pamixer
+    pkgs.pulsemixer
+    pkgs.google-chrome
+    pkgs.chromium
+    pkgs.firefox
+    #pkgs.flashplayer
+    pkgs.discord
+    pkgs.tdesktop
+    pkgs.thunderbird
+    pkgs.keepassxc
+    pkgs.xorg.xkill
+    pkgs.nextcloud-client
+    pkgs.rxvt_unicode
+    pkgs.networkmanager_openvpn
+    pkgs.networkmanager_vpnc
+    pkgs.networkmanager_strongswan
+    pkgs.networkmanagerapplet
+    pkgs.signal-desktop
+    pkgs.anydesk
+    pkgs.keybase
+    pkgs.keybase-gui
+    pkgs.kbfs
+    #stable.spotify
+    pkgs.pavucontrol
+    pkgs.gnupg
+    pkgs.libsecret
+#    pkgs.gnome3.gnome-keyring
+  ];
+
+  services.xserver = {
+    enable = true;
+    layout = "de";
+    displayManager.lightdm.enable = true;
+  };
+  services.gnome3.gnome-keyring = {
+    enable = true;
+  };
+
+  fonts = {
+    enableFontDir = true;
+    enableGhostscriptFonts = true;
+    fonts = with pkgs; [
+      corefonts
+      roboto
+      inconsolata
+      ubuntu_font_family
+      unifont
+      terminus_font
+      powerline-fonts
+    ];
+  };
+#  security.pam.enableGnomeKeyring = {
+#    enable = true;
+# };
+}

config/i3.nix

@@ -0,0 +1,48 @@
+# i3.nix: use i3 as the desktop manager
+
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    # window manager + basic essentials
+    pkgs.lightdm
+    pkgs.i3
+    pkgs.i3status
+    pkgs.i3status-rust
+    pkgs.i3lock-fancy
+    pkgs.xautolock
+    pkgs.dmenu
+    pkgs.j4-dmenu-desktop
+    pkgs.powerline-fonts
+    pkgs.font-awesome
+    pkgs.font-awesome-ttf
+    pkgs.font-awesome_5
+    pkgs.font-awesome_4
+    pkgs.lxappearance
+
+    pkgs.xfce.exo
+    pkgs.xfce.gvfs
+    pkgs.xfce.thunar
+    pkgs.xfce.thunar_volman
+    pkgs.xfce.thunar-archive-plugin
+    pkgs.xfce.xfce4icontheme
+    pkgs.xfce.terminal
+    # internet / communication stuff
+    pkgs.tdesktop
+    pkgs.rofi
+    pkgs.maim
+    pkgs.pasystray
+    pkgs.feh
+    pkgs.networkmanager_dmenu
+    pkgs.udiskie
+    pkgs.inconsolata
+    pkgs.termite
+  ];
+
+  services.xserver = {
+    windowManager.i3.enable = true;
+  };
+  services.gnome3.at-spi2-core.enable = true;
+  services.dbus.socketActivated = true;
+
+}

config/laptop.nix

@@ -0,0 +1,15 @@
+# laptop.nix: basic laptop config, power management, etc
+
+{ config, pkgs, ... }:
+
+{
+
+  environment.systemPackages = with pkgs; [
+    pkgs.powertop
+    pkgs.acpi
+    pkgs.upower
+  ];
+
+  services.upower.enable = true;
+
+}

config/screenlock.nix

@@ -0,0 +1,36 @@
+{ pkgs, config, ... }:
+
+#with import <stockholm/lib>;
+
+let
+  cfg = config.screenlock;
+
+  out = {
+    options.screenlock = api;
+  };
+
+  api = {
+    enable = mkEnableOption "screenlock";
+    command = mkOption {
+      type = types.str;
+      default = "${pkgs.xlockmore}/bin/i3lock-fancy";
+    };
+  };
+
+  imp = {
+    systemd.services.screenlock = {
+      before = [ "sleep.target" ];
+      wantedBy = [ "sleep.target" ];
+      environment = {
+        DISPLAY = ":${toString config.services.xserver.display}";
+      };
+      serviceConfig = {
+        SyslogIdentifier = "screenlock";
+        ExecStart = cfg.command;
+        Type = "simple";
+        User = "templis";
+      };
+    };
+  };
+
+in out

config/unify.nix

@@ -0,0 +1,10 @@
+ # unify.nix: config for unify network devices
+ 
+ { config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    pkgs.unifi
+  ];
+services.unifi.enable = true;
+}

config/users.nix

@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+{
+  users.extraUsers.templis = {
+    isNormalUser = true;
+    createHome = true;
+    uid = 1000;
+    group = "users";
+    extraGroups = [
+      "wheel" "audio" "video" "netdev" "networkmanager" "systemd-journal"
+    ];
+    shell = "/run/current-system/sw/bin/zsh";
+  };
+
+}