update config
This commit is contained in:
parent
f610209aff
commit
ae92148089
34 changed files with 387 additions and 240 deletions
|
|
@ -21,11 +21,15 @@ in
|
|||
home-manager.users.${config.user} = { pkgs, ... }: {
|
||||
home.packages = with pkgs; [
|
||||
bat
|
||||
bat-extras.batman
|
||||
git
|
||||
lazygit
|
||||
htop
|
||||
btop
|
||||
openssl
|
||||
nixpkgs-fmt
|
||||
nodejs # astronvim ls, formatters, etc
|
||||
ripgrep # text search in nvim
|
||||
nodejs
|
||||
ripgrep
|
||||
jq
|
||||
file
|
||||
wget
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
{ config, pkgs, firefox-addons, ... }:
|
||||
{ inputs, config, pkgs, ... }:
|
||||
|
||||
let
|
||||
firefox-addons = inputs.firefox-addons.packages.${pkgs.system} or {};
|
||||
autoconfigCfg = pkgs.writeText "autoconfig.cfg" ''
|
||||
var {classes:Cc,interfaces:Ci,utils:Cu} = Components;
|
||||
/* set new tab page */
|
||||
|
|
@ -8,7 +9,7 @@ let
|
|||
ChromeUtils.defineESModuleGetters(this, {
|
||||
AboutNewTab: "resource:///modules/AboutNewTab.sys.mjs",
|
||||
});
|
||||
var newTabURL = "https://mainframe.local/mainframe.html";
|
||||
var newTabURL = "https://server.local/index.html";
|
||||
AboutNewTab.newTabURL = newTabURL;
|
||||
} catch(e){Cu.reportError(e);} // report errors in the Browser Console
|
||||
'';
|
||||
|
|
@ -35,7 +36,7 @@ in {
|
|||
package = firefoxWithAutoconfig;
|
||||
profiles.default = {
|
||||
settings = {
|
||||
"browser.startup.homepage" = "https://mainframe.local/mainframe.html";
|
||||
"browser.startup.homepage" = "https://server.local/index.html";
|
||||
"sidebar.verticalTabs" = true;
|
||||
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
|
||||
"browser.contentblocking.category" = { Value = "strict"; Status = "locked"; };
|
||||
|
|
@ -64,6 +65,7 @@ in {
|
|||
noscript
|
||||
ublock-origin
|
||||
sponsorblock
|
||||
clearurls
|
||||
];
|
||||
};
|
||||
policies = {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,10 @@
|
|||
};
|
||||
|
||||
security.pam.services.i3lock.enable = true;
|
||||
networking.networkmanager.enable = true;
|
||||
networking.networkmanager = {
|
||||
enable = true;
|
||||
plugins = [ pkgs.networkmanager-openvpn ];
|
||||
};
|
||||
home-manager.users.${config.user} = { pkgs, config, ... }: {
|
||||
home.packages = with pkgs; [
|
||||
xorg.setxkbmap
|
||||
|
|
@ -81,7 +84,6 @@
|
|||
|
||||
xserver = {
|
||||
enable = true;
|
||||
videoDrivers = [ "amdgpu" ];
|
||||
xkb.layout = "us";
|
||||
|
||||
desktopManager = {
|
||||
|
|
|
|||
|
|
@ -1,21 +1,21 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
options = {
|
||||
user = lib.mkOption {
|
||||
default = "${config.user}";
|
||||
description = "user";
|
||||
};
|
||||
options = {
|
||||
user = lib.mkOption {
|
||||
default = "${config.user}";
|
||||
description = "user";
|
||||
};
|
||||
|
||||
host = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "host";
|
||||
};
|
||||
host = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "host";
|
||||
};
|
||||
|
||||
sops_file = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "SOPS filename";
|
||||
sops_file = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "SOPS filename";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,19 @@
|
|||
{ config, pkgs, ... }: {
|
||||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
options = {
|
||||
rootless_docker = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
description = "rootless docker";
|
||||
default = true;
|
||||
};
|
||||
|
||||
privileged_ports = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
description = "rootless docker allowed privileged ports";
|
||||
default = false;
|
||||
};
|
||||
|
||||
};
|
||||
config = {
|
||||
|
||||
home-manager.users.${config.user} = { pkgs, ... }: {
|
||||
|
|
@ -8,14 +22,25 @@
|
|||
ctop
|
||||
];
|
||||
};
|
||||
|
||||
users.extraUsers.${config.user}.extraGroups = [ "docker" ];
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
rootless = {
|
||||
#enable = false;
|
||||
rootless = lib.mkIf config.rootless_docker {
|
||||
enable = true;
|
||||
setSocketVariable = true;
|
||||
};
|
||||
};
|
||||
|
||||
# https://im.salty.fish/index.php/archives/nixos-docker-rootless-privileged-ports.html
|
||||
security.wrappers = lib.mkIf config.privileged_ports {
|
||||
docker-rootlesskit = {
|
||||
owner = "root";
|
||||
group = "root";
|
||||
capabilities = "cap_net_bind_service+ep";
|
||||
source = "${pkgs.rootlesskit}/bin/rootlesskit";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
|||
12
modules/dev/utils.nix
Normal file
12
modules/dev/utils.nix
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
{ config, pkgs, ... }: {
|
||||
|
||||
config = {
|
||||
|
||||
home-manager.users.${config.user} = { pkgs, ... }: {
|
||||
home.packages = with pkgs; [
|
||||
typescript
|
||||
httpie
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -6,6 +6,7 @@
|
|||
if ((action.id == "org.xfce.thunar" ||
|
||||
action.id == "org.freedesktop.policykit.exec" ||
|
||||
action.id == "org.gnome.gparted" ||
|
||||
action.id == "org.freedesktop.udisks2.encrypted-unlock-system" ||
|
||||
action.id == "org.freedesktop.udisks2.filesystem-mount-system") &&
|
||||
subject.isInGroup("wheel"))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
config = {
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
ports = [ 1876 ];
|
||||
ports = [ 1173 ];
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@
|
|||
extraGroups = [ "wheel" ];
|
||||
};
|
||||
|
||||
networking.hostName = "${config.host}";
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue