commit 8df205457a2a7531f83569c313c0e86d4d525a9b Author: Nina Chlóe Kassandra Reiß Date: Mon Apr 20 04:21:11 2026 +0200 Establish baseline diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2bf2909 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.log +result diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/applications/matrix.nix b/applications/matrix.nix new file mode 100644 index 0000000..a89df3c --- /dev/null +++ b/applications/matrix.nix @@ -0,0 +1,9 @@ +{ config, pkgs, lib, ... }: +let + profile = import ./profile.nix; +in +{ + home.packages = with pkgs; [ + fluffychat + ]; +} diff --git a/desktop-environment/application-browser.nix b/desktop-environment/application-browser.nix new file mode 100644 index 0000000..6441a49 --- /dev/null +++ b/desktop-environment/application-browser.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + # New system packages + ]; +} diff --git a/desktop-environment/browser.nix b/desktop-environment/browser.nix new file mode 100644 index 0000000..94f17e8 --- /dev/null +++ b/desktop-environment/browser.nix @@ -0,0 +1,113 @@ +{ config, pkgs, ... }: +{ + home.packages = with pkgs; [ + # New system packages + ]; + + programs.firefox = { + enable = true; + policies = { + AppAutoUpdate = false; + AllowFileSelectionDialogs = true; + AutofillAddressEnabled = true; + AutofillCreditCardEnabled = false; + CaptivePortal = true; + DisableFirefoxAccounts = true; + DisableSecurityBypass = { + InvalidCertificate = false; + SafeBrowsing = false; + }; + DisableSetDesktopBackground = true; + DisableTelemetry = true; + ExtensionUpdate = true; + FirefoxHome = { + Search = true; + TopSites = true; + SponsoredTopSites = false; + Highlights = true; + Pocket = false; + Stories = false; + SponsoredPocket = false; + SponsoredStories = false; + Snippets = true; + Locked = true; + }; + PictureInPicture = { + Enabled = true; + Locked = false; + }; + ExtensionSettings = { + "nextcloud-passwords@nextcloud.com" = { + installation_mode = "force_installed"; + install_url = "https://addons.mozilla.org/firefox/downloads/latest/nextcloud-passwords/latest.xpi"; + }; + + "instapaper@instapaper.com" = { + installation_mode = "force_installed"; + install_url = "https://addons.mozilla.org/firefox/downloads/latest/instapaper-official/latest.xpi"; + }; + + "weh@mozilla.org" = { + installation_mode = "force_installed"; + install_url = "https://addons.mozilla.org/firefox/downloads/latest/video-downloadhelper/latest.xpi"; + }; + }; + Preferences = { + # Tracking Protection + "browser.contentblocking.category" = "strict"; + "privacy.trackingprotection.enabled" = true; + "privacy.trackingprotection.socialtracking.enabled" = true; + + # Cookies + "network.cookie.cookieBehavior" = 1; # block third-party cookies + + # Fingerprinting Protection + "privacy.resistFingerprinting" = true; + "privacy.resistFingerprinting.block_mozAddonManager" = true; + + # WebRTC IP Leak verhindern + "media.peerconnection.enabled" = false; + + # Telemetrie vollständig deaktivieren + "toolkit.telemetry.enabled" = false; + "toolkit.telemetry.unified" = false; + "toolkit.telemetry.archive.enabled" = false; + "datareporting.healthreport.uploadEnabled" = false; + "app.shield.optoutstudies.enabled" = false; + + # SafeBrowsing (lokal behalten, aber keine unnötige Kommunikation) + "browser.safebrowsing.downloads.remote.enabled" = false; + + # HTTPS-Only Mode + "dom.security.https_only_mode" = true; + + # DNS over HTTPS Fallback deaktivieren + "network.trr.mode" = 3; + "network.trr.uri" = "https://dns.quad9.net/dns-query"; + + # Referrer reduzieren + "network.http.referer.XOriginPolicy" = 2; + + # Clipboard API nur bei User Interaction + "dom.events.asyncClipboard.readText" = false; + + # WebGL einschränken + "webgl.disabled" = true; + }; + SearchEngines = { + Default = "Ecosia"; + + Add = [ + { + Name = "Ecosia"; + URLTemplate = "https://www.ecosia.org/search?q={searchTerms}"; + Method = "GET"; + } + ]; + + Remove = [ "Google" "Bing" "Amazon.com" "eBay" ]; + }; + + }; + }; + } diff --git a/desktop-environment/config.nix b/desktop-environment/config.nix new file mode 100644 index 0000000..bbc6172 --- /dev/null +++ b/desktop-environment/config.nix @@ -0,0 +1,42 @@ +{ pkgs, ... }: +let + profile = import ../profile.nix; +in +{ + + imports = [ + ./browser.nix + #./planner.nix + ./window-manager.nix + ../applications/matrix.nix + ]; + + home.packages = with pkgs; [ + kitty + pamixer + nemo-with-extensions + ]; + + #services.dbus.enable = true; + #programs.dconf.enable = true; + + services.greetd = { + enable = true; + settings = { + default_session = { + command = "Hyprland"; + user = profile.username; + }; + }; + }; + + xdg.portal = { + enable = true; + extraPortals = [ pkgs.xdg-desktop-portal-hyprland ]; + }; + + systemd.targets.sleep.enable = false; + systemd.targets.suspend.enable = false; + systemd.targets.hibernate.enable = false; + systemd.targets.hybrid-sleep.enable = false; +} diff --git a/desktop-environment/file-browser.nix b/desktop-environment/file-browser.nix new file mode 100644 index 0000000..6441a49 --- /dev/null +++ b/desktop-environment/file-browser.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + # New system packages + ]; +} diff --git a/desktop-environment/planner.nix b/desktop-environment/planner.nix new file mode 100644 index 0000000..4246ac0 --- /dev/null +++ b/desktop-environment/planner.nix @@ -0,0 +1,48 @@ +{ config, pkgs, lib, ... }: +let + tbProfile = pkgs.stdenv.mkDerivation { + name = "thunderbird-profile"; + src = ./thunderbird-profile; + + installPhase = '' + mkdir -p $out + cp -r . $out/ + ''; + }; +in +{ + home.packages = with pkgs; [ + # New system packages + ]; + + programs.thunderbird = { + enable = true; + package = pkgs.thunderbird; + + policies = { + DisableTelemetry = true; + DisableAppUpdate = true; + + Preferences = { + "mail.provider.enabled" = false; + "mail.openpgp.allow_external_gnupg" = true; + "calendar.timezone.local" = "Europe/Berlin"; + }; + + Certificates = { + ImportEnterpriseRoots = true; + }; + + PasswordManagerEnabled = true; + Cookies = { + "Default" = false; + "AcceptThirdParty" = "never"; + "Locked" = true; + }; + + DefaultDownloadDirectory = "/tmp"; + DisableBuiltinPDFViewer = true; + DisablePasswordReveal = true; + }; + }; +} diff --git a/desktop-environment/status-bar.nix b/desktop-environment/status-bar.nix new file mode 100644 index 0000000..6441a49 --- /dev/null +++ b/desktop-environment/status-bar.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + # New system packages + ]; +} diff --git a/desktop-environment/terminal-emulator.nix b/desktop-environment/terminal-emulator.nix new file mode 100644 index 0000000..6441a49 --- /dev/null +++ b/desktop-environment/terminal-emulator.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + # New system packages + ]; +} diff --git a/desktop-environment/window-manager.nix b/desktop-environment/window-manager.nix new file mode 100644 index 0000000..b16a04e --- /dev/null +++ b/desktop-environment/window-manager.nix @@ -0,0 +1,9 @@ +{ pkgs, lib, ... }: +let + profile = import ../profile.nix; +in +{ + imports = [ + #./window-manager/${profile.interface}.nix + ]; +} diff --git a/desktop-environment/window-manager/hyprland.nix b/desktop-environment/window-manager/hyprland.nix new file mode 100644 index 0000000..1847966 --- /dev/null +++ b/desktop-environment/window-manager/hyprland.nix @@ -0,0 +1,59 @@ +{ pkgs, lib, ... }: +let + dotfiles_hypr = pkgs.fetchgit { + url = "https://git.nichkara.eu/dotfiles/hypr"; + rev = "83da92f0d64620c6503b8b2d9fa27bd79816e025"; + sha256 = "sha256-kEKJiH0oK0PuciJZ6ucinTKX5eMWxPPZXYNS1+HIcRA="; + }; + + dotfiles_waybar = pkgs.fetchgit { + url = "https://git.nichkara.eu/dotfiles/waybar"; + rev = "cd3d5d8a97f9fbc1cc8a69fc9e570dfcf669dce7"; + sha256 = "sha256-FTpGumhxY6ChUXqnykO+aSJiFD4A80W0eqx7hXS9Iwc="; + }; + + profile = import ../../profile.nix; +in +{ + + home.packages = with pkgs; [ + wofi + grim + swaynotificationcenter + swaylock + hyprpaper + lxsession + hyprshot + wayvnc + pamixer + pavucontrol + brightnessctl + python313Packages.requests + networkmanagerapplet + ]; + + #fonts.packages = with pkgs; [ + # nerd-fonts.space-mono + # ]; + + programs.hyprland = { + enable = true; + withUWSM = true; + xwayland.enable = true; + }; + + programs.waybar = { + enable = true; + }; + + home.file.".config/hypr" = { + source = dotfiles_hypr; + recursive = true; + }; + + home.file.".config/waybar" = { + source = dotfiles_waybar; + recursive = true; + }; + +} diff --git a/desktop-environment/workspace-manager.nix b/desktop-environment/workspace-manager.nix new file mode 100644 index 0000000..6441a49 --- /dev/null +++ b/desktop-environment/workspace-manager.nix @@ -0,0 +1,6 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ + # New system packages + ]; +} diff --git a/home.nix b/home.nix new file mode 100644 index 0000000..072c475 --- /dev/null +++ b/home.nix @@ -0,0 +1,49 @@ +{ config, pkgs, ... }: + +let + profile = import ./profile.nix; + home-directory = "/home/${profile.username}"; + ssh-filename = "${home-directory}/.ssh/id_ed25519"; +in +{ + # Home Manager needs a bit of information about you and the paths it should + # manage. + home.username = "nichkara"; + home.homeDirectory = "/home/nichkara"; + + # Configuration options around here + home.stateVersion = "25.11"; + + imports = [ + #./desktop-environment/config.nix + ./terminal-environment/config.nix + ./system-environment/config.nix + ]; + + # The home.packages option allows you to install Nix packages into your + # environment. + home.packages = with pkgs; [ + ]; + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + # # Building this configuration will create a copy of 'dotfiles/screenrc' in + # # the Nix store. Activating the configuration will then make '~/.screenrc' a + # # symlink to the Nix store copy. + # ".screenrc".source = dotfiles/screenrc; + + # # You can also set the file content immediately. + # ".gradle/gradle.properties".text = '' + # org.gradle.console=verbose + # org.gradle.daemon.idletimeout=3600000 + # ''; + }; + + home.sessionVariables = { + # EDITOR = "emacs"; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +} diff --git a/profile.nix b/profile.nix new file mode 100644 index 0000000..e4807fc --- /dev/null +++ b/profile.nix @@ -0,0 +1,12 @@ +{ + username = "nichkara"; + hostname = "kathleen"; + hashed-password = "$y$j9T$51IqmPE8iKV9NmF89vaK40$TJFaBOiMgcxYRWxyj3M5q47QWAIzMbwDhSoqLM3EPk4"; + interface = "hyprland"; + modules = { + base = true; + office = false; + development = true; + science = true; + }; +} diff --git a/profile.nix.template b/profile.nix.template new file mode 100644 index 0000000..8fd7646 --- /dev/null +++ b/profile.nix.template @@ -0,0 +1,12 @@ +{ + username = "nichkara"; + hostname = "amelia"; + hashed-password = "$y$j9T$W72kGNL9hSTiN7CjnUpqH1$uyE1OzYN4kvbhhylX7pwRmLYYYmouRPVGIDZKwx8YW8"; + interface = "hyprland"; + modules = { + base = true; + office = false; + development = false; + science = false; + }; +} diff --git a/system-environment/config.nix b/system-environment/config.nix new file mode 100644 index 0000000..9fd992a --- /dev/null +++ b/system-environment/config.nix @@ -0,0 +1,42 @@ +{ pkgs, lib, ... }: +let + profile = import ../profile.nix; +in +{ + + imports = [ + #./file-system.nix + ./media.nix + #./security/keyring.nix + ]; + + home.packages = with pkgs; [ + gnumake + python3 + ] + ++ lib.optionals profile.modules.development [ + cmake + cmakeCurses + + # C/C++/Fortran tools + gcc + clang + + # Common C based dependencies + eigen + + # Ada/+Spark & Rust tools + alire + gnat15 + gnat15Packages.gprbuild + gnat15Packages.gpr2 + gnat15Packages.gnatprove + gnat15Packages.gnatcoll-core + gnat15Packages.gnatcoll-readline + gnat15Packages.gnatcoll-python3 + gnat15Packages.gnatcoll-gmp + rustc + cargo + ]; + +} diff --git a/system-environment/file-system.nix b/system-environment/file-system.nix new file mode 100644 index 0000000..c2688b0 --- /dev/null +++ b/system-environment/file-system.nix @@ -0,0 +1,19 @@ +{ pkgs, ... }: +{ + + services.udisks2.enable = true; + services.gvfs.enable = true; + + home.packages = with pkgs; [ + nextcloud-client + unzip + deja-dup + gnutar + xz + gzip + gz-utils + file + fileinfo + ]; + +} diff --git a/system-environment/media.nix b/system-environment/media.nix new file mode 100644 index 0000000..3547c7a --- /dev/null +++ b/system-environment/media.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: +{ + + home.packages = with pkgs; [ + calibre + kdePackages.okular + vlc + totem + w3m + epr + ]; +} diff --git a/system-environment/security/keyring.nix b/system-environment/security/keyring.nix new file mode 100644 index 0000000..75d178d --- /dev/null +++ b/system-environment/security/keyring.nix @@ -0,0 +1,15 @@ +{ pkgs, lib, ... }: +let + profile = import ../profile.nix; +in +{ + + imports = [ ]; + + home.packages = with pkgs; [ + seahorse + ]; + + services.gnome.gnome-keyring.enable = true; + security.pam.services.login.enableGnomeKeyring = true; +} diff --git a/terminal-environment/config.nix b/terminal-environment/config.nix new file mode 100644 index 0000000..ad308ff --- /dev/null +++ b/terminal-environment/config.nix @@ -0,0 +1,80 @@ +{ config, pkgs, ... }: +let + profile = import ../profile.nix; +in +{ + + imports = [ + ./editor.nix + ./tex-environment.nix + ]; + + home.packages = with pkgs; [ + astyle + hyfetch + fzf-zsh + distrobox + ]; + + programs.tmux = { + enable = true; + clock24 = true; + extraConfig = '' + + ''; + }; + + programs.direnv.enable = true; + programs.direnv.nix-direnv.enable = true; + + programs.zsh = { + enable = true; + enableCompletion = true; + autocd = true; + + autosuggestion = { + enable = true; + }; + + syntaxHighlighting = { + enable = true; + }; + + history = { + size = 4096; + ignoreSpace = true; + ignorePatterns = [ ]; + saveNoDups = true; + ignoreAllDups = true; + }; + + oh-my-zsh = { + enable = true; + theme = "sonicradish"; + plugins = [ + "git" + "z" + "dotenv" + "battery" + "emoji" + "emoji-clock" + "fzf" + "kitty" + "themes" + "tmux" + "vi-mode" + ]; + }; + + setOptions = [ + "HIST_IGNORE_ALL_DUPS" + ]; + + shellAliases = { + ll = "ls -lh"; + nix-check = "nixos-rebuild build"; + nix-update = "sudo nixos-rebuild switch"; + sirc = "ssh -t nichkara.eu tmux new-session -A -s weechat weechat"; + }; + }; +} diff --git a/terminal-environment/editor.nix b/terminal-environment/editor.nix new file mode 100644 index 0000000..a7a294e --- /dev/null +++ b/terminal-environment/editor.nix @@ -0,0 +1,25 @@ +{ config, pkgs, ... }: +let + profile = import ../profile.nix; +in +{ + + home.packages = with pkgs; [ + vim + fzf + ripgrep + ripgrep-all + ctags + lua54Packages.luarocks-nix + ]; + + programs.neovim = { + enable = true; + defaultEditor = true; + withPython3 = true; + withRuby = true; + withNodeJs = true; + viAlias = true; + vimAlias = true; + }; +} diff --git a/terminal-environment/genv/default.nix b/terminal-environment/genv/default.nix new file mode 100644 index 0000000..0b7b0d4 --- /dev/null +++ b/terminal-environment/genv/default.nix @@ -0,0 +1,67 @@ +{ pkgs, lib, ... }: + +let + genv = pkgs.writeShellScriptBin "genv" '' + #!/usr/bin/env bash + set -e + + DISTRO="$1" + PRESET="$2" + + if [ -z "$DISTRO" ] || [ -z "$PRESET" ]; then + echo "Usage: genv " + exit 1 + fi + + PROJECT=$(basename "$PWD") + BOX="genv-$PROJECT" + + # distro mapping + case "$DISTRO" in + ubuntu) IMAGE="docker.io/library/ubuntu:24.04" ;; + arch) IMAGE="docker.io/library/archlinux:latest" ;; + alpine) IMAGE="docker.io/library/alpine:latest" ;; + *) IMAGE="$DISTRO" ;; + esac + + echo "[genv] image: $IMAGE" + + # container nur erstellen wenn nötig + if ! distrobox list | grep -q "$BOX"; then + distrobox create --name "$BOX" --image "$IMAGE" + fi + + mkdir -p .genv + + # preset kopieren + cp ${./presets}/$PRESET.sh .genv/setup.sh + chmod +x .genv/setup.sh + + # envrc generieren + cat > .envrc </dev/null 2>&1 || true + +# setup einmalig +if [ ! -f .genv/.init ]; then + echo "[genv] setup läuft" + distrobox enter "$GENV_BOX" -- bash .genv/setup.sh + touch .genv/.init +fi + +# tmux workflow +if [ -z "$TMUX" ]; then + tmux new-session -A -s "$GENV_BOX" \ + \; new-window -n editor "nvim" \ + \; new-window -n dev "distrobox enter $GENV_BOX" +fi +EOF + + echo "[genv] fertig → direnv allow" + ''; +in +{ + home.packages = [ genv ]; +} diff --git a/terminal-environment/genv/presets/c.sh b/terminal-environment/genv/presets/c.sh new file mode 100644 index 0000000..9d8fcb1 --- /dev/null +++ b/terminal-environment/genv/presets/c.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash +set -e + +if command -v apt >/dev/null; then + sudo apt update + sudo apt install -y build-essential cmake +elif command -v pacman >/dev/null; then + sudo pacman -Sy --noconfirm base-devel cmake +elif command -v apk >/dev/null; then + sudo apk add build-base cmake +fi diff --git a/terminal-environment/genv/presets/data-science.sh b/terminal-environment/genv/presets/data-science.sh new file mode 100644 index 0000000..574b4dd --- /dev/null +++ b/terminal-environment/genv/presets/data-science.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash +set -e + +if command -v apt >/dev/null; then + sudo apt update + sudo apt install -y python3 +elif command -v pacman >/dev/null; then + sudo pacman -Sy --noconfirm base-devel python3 +elif command -v apk >/dev/null; then + sudo apk add build-base python3 +fi diff --git a/terminal-environment/tex-environment.nix b/terminal-environment/tex-environment.nix new file mode 100644 index 0000000..c423ef7 --- /dev/null +++ b/terminal-environment/tex-environment.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: +let + profile = import ../profile.nix; +in +{ + + home.packages = with pkgs; [ + texliveMedium + ]; + +}