change dotfile handling; nvim: clangd lsp

dotfiles

@@ -1 +1 @@
-Subproject commit 0ef5669a6560b19dce05cfb1c10382aa59b313f0
+Subproject commit 9dc9eeb64946668460dcabb1916bdd5f655e2cbe

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1712386041,
-        "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
+        "lastModified": 1715381426,
+        "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
+        "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
         "type": "github"
       },
       "original": {
@@ -21,13 +21,28 @@
         "type": "github"
       }
     },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1716034089,
+        "narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1713013257,
-        "narHash": "sha256-ZEfGB3YCBVggvk0BQIqVY7J8XF/9jxQ68fCca6nib+8=",
+        "lastModified": 1715948915,
+        "narHash": "sha256-dxMrggEogQuJQr6f02VAFtsSNtjEPkgxczeiyW7WOQc=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "90055d5e616bd943795d38808c94dbf0dd35abe8",
+        "rev": "bacb8503d3a51d9e9b52e52a1ba45e2c380ad07d",
         "type": "github"
       },
       "original": {
@@ -40,6 +55,7 @@
     "root": {
       "inputs": {
         "home-manager": "home-manager",
+        "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs"
       }
     }

flake.nix

@@ -3,13 +3,14 @@
 
   inputs = {
     nixpkgs.url = github:nixos/nixpkgs/nixos-23.11;
+    nixos-hardware.url = github:NixOS/nixos-hardware;
     home-manager = {
       url = "github:nix-community/home-manager/release-23.11";
       inputs.nixpkgs.follows = "nixpkgs";
     };
   };
 
-  outputs = { self, nixpkgs, home-manager }: 
+  outputs = { self, nixpkgs, home-manager, nixos-hardware }: 
   let
     system = "x86_64-linux";
     pkgs = import nixpkgs {
@@ -72,6 +73,27 @@
           }
         ];
       };
+
+      pinix = lib.nixosSystem {
+        system = "aarch64-linux";
+        pkgs = import nixpkgs {
+          system = "aarch64-linux";
+          config.allowUnfree = true;
+        };
+        modules = [ 
+          ./hosts/pinix/configuration.nix 
+          nixos-hardware.nixosModules.raspberry-pi-4
+          home-manager.nixosModules.home-manager {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.dm = {
+              imports = [ 
+                  ./hosts/home-common.nix 
+              ];
+            };
+          }
+        ];
+      };
     };
   };
 }

hosts/common.nix

@@ -1,10 +1,6 @@
 { config, pkgs, ... }:
 
 {
-    # Bootloader.
-    boot.loader.systemd-boot.enable = true;
-    boot.loader.efi.canTouchEfiVariables = true;
-
     time.timeZone = "Europe/Berlin";
     i18n.defaultLocale = "en_US.UTF-8";
     i18n.extraLocaleSettings = {
@@ -38,7 +34,7 @@
         ];
     };
 
-    networking.networkmanager.enable = true;
+    networking.wireguard.enable = true;
 
     programs.neovim = {
         enable = true;

hosts/dmeiburg/configuration.nix

@@ -5,6 +5,9 @@
 { config, pkgs, ... }:
 
 {
+    # Bootloader.
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
     imports =
         [ # Include the results of the hardware scan.
         ./hardware-configuration.nix
@@ -14,6 +17,30 @@
     networking.hostName = "dmeiburg"; # Define your hostname.
     networking.firewall.trustedInterfaces = [ "docker0" ];
     networking.firewall.allowedTCPPorts = [ 22 80 443 ];
+    networking.firewall.allowedUDPPorts = [ 51820 ];
+    networking.nat.enable = true;
+    networking.nat.externalInterface = "enp3s0";
+    networking.nat.internalInterfaces = [ "wg0" ];
+
+    networking.wireguard.interfaces = {
+        wg0 = {
+            ips = [ "10.100.0.1/24" ];
+            listenPort = 51820;
+
+            privateKeyFile = "/home/dm/.wireguard/dmeiburg";
+
+            peers = [
+            { # p14s 
+                publicKey = "BTIuA08t8lwPZa418EJ7vcni3MxC8ihhadem6uicnAA=";
+                allowedIPs = [ "10.100.0.2/32" ];
+            }
+            { # pinix
+                publicKey = "Zhnl8OJXjCk4zmuTg6xFnWPyf3Asnkhk/yW09s6yJCc=";
+                allowedIPs = [ "10.100.0.3/32" ];
+            }
+            ];
+        };
+    };
 
     environment.systemPackages = with pkgs; [
         gnupg
@@ -30,5 +57,4 @@
     };
 
     system.stateVersion = "23.11"; # Did you read the comment?
-
 }

hosts/home-workstations.nix

@@ -1,8 +1,7 @@
-{ pkgs, ...}:
-
-{
-    home.packages = with pkgs; [ 
+{ config, pkgs, ...}: 
+{ home.packages = with pkgs; [ 
     calc 
+    clang-tools
     conda 
     dig 
     ffmpeg 
@@ -22,6 +21,7 @@
     megatools
     mpv
     networkmanagerapplet
+    nodejs # copilot requirement
     obsidian
     openconnect
     owncloud-client
@@ -31,6 +31,7 @@
     polkit_gnome
     pulseaudio
     pynitrokey
+    rpi-imager
     sshfs
     swaybg
     thunderbird
@@ -43,27 +44,38 @@
     xdg-utils
     zathura
     ];
+
+
 home.file = {
-        ".config/" = {
-            source = ../dotfiles/.config;
-            recursive = true;
+    ".config/nvim" = {
+       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/nvim";
     };
+    ".config/kitty" = {
+       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/kitty";
+    };
+    ".config/waybar" = {
+       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/waybar";
+    };
+    ".config/git" = {
+       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/git";
+    };
+    ".config/kanshi" = {
+       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/kanshi";
+    };
+    ".config/fish" = {
+       source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.config/fish";
     };
-    home.file = {
     ".xkb/" = {
-            source = ../dotfiles/.xkb;
-            recursive = true;
+        source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.xkb";
     };
-    };
-    home.file = {
     ".profile" = {
-            source = ../dotfiles/.profile;
-            recursive = true;
+        source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.profile";
     };
-    };
-    home.file = {
     ".tmux.conf" = {
-            source = ../dotfiles/.tmux.conf;
+        source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/nixos-flake/dotfiles/.tmux.conf";
+    };
+    ".config/sway" = {
+        source = ../dotfiles/.config/sway;
         recursive = true;
     };
 };

hosts/p14s/configuration.nix

@@ -1,6 +1,10 @@
 { config, pkgs, ... }:
 
 {
+    # Bootloader.
+    boot.loader.systemd-boot.enable = true;
+    boot.loader.efi.canTouchEfiVariables = true;
+
     imports =
         [ # Include the results of the hardware scan.
             ./hardware-configuration.nix
@@ -14,6 +18,30 @@
     programs.light.enable = true;
     services.tlp.enable = true;
 
+    networking.firewall = {
+    allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
+  };
+  # Enable WireGuard
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.100.0.3/24" ];
+      listenPort = 51820; 
+      privateKeyFile = "/home/dm/.wireguard/p14s";
+
+      peers = [
+        { # dmeiburg
+          publicKey = "jc61U+bmIT8lNxirhjrxpB+rELLUoPhLmUKvUpo/OjY=";
+
+          allowedIPs = [ "10.100.0.0/24"];
+
+          endpoint = "152.53.0.23:51820"; 
+
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+
     system.stateVersion = "23.05"; # Did you read the comment?
 
 }

hosts/pinix/configuration.nix

@@ -0,0 +1,69 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+    ../common.nix
+    ./hardware-configuration.nix
+    ];
+
+  hardware = {
+      raspberry-pi."4".apply-overlays-dtmerge.enable = true;
+      deviceTree = {
+          enable = true;
+          filter = "*rpi-4-*.dtb";
+          overlays = [
+            {
+              name = "w1-gpio";
+              dtboFile = ./w1-gpio.dtbo;
+            }
+          ];
+      };
+  };
+  boot.kernelModules = [ "pwm_bcm2835" "w1-gpio" ];
+#hardware = {
+#    raspberry-pi."4".apply-overlays-dtmerge.enable = true;
+#    deviceTree = {
+#      enable = true;
+#      filter = "*rpi-4-*.dtb";
+#    };
+#  };
+  # Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
+  boot.loader.grub.enable = false;
+  # Enables the generation of /boot/extlinux/extlinux.conf
+  boot.loader.generic-extlinux-compatible.enable = true;
+  networking.hostName = "pinix"; 
+  networking.firewall = {
+    allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
+  };
+
+  networking.networkmanager.enable = true;
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.100.0.3/24" ];
+      listenPort = 51820; 
+      privateKeyFile = "/home/dm/.wireguard/pinix";
+
+      peers = [
+        { # dmeiburg
+          publicKey = "jc61U+bmIT8lNxirhjrxpB+rELLUoPhLmUKvUpo/OjY=";
+
+          allowedIPs = [ "10.100.0.0/24"];
+
+          endpoint = "152.53.0.23:51820"; 
+
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+
+    environment.systemPackages = with pkgs; [
+        libraspberrypi
+        raspberrypi-eeprom
+    ];
+  system.stateVersion = "24.05"; # Did you read the comment?
+
+}
+

hosts/pinix/hardware-configuration.nix

@@ -0,0 +1,32 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.end0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}

hosts/workstation.nix

@@ -38,6 +38,7 @@
     };
 
     security.pam.services.swaylock = {};
+    networking.networkmanager.enable = true;
 
     # enable nitrokeys
     services.udev.packages = [ pkgs.nitrokey-udev-rules ];