From efd564b11c1a005913b4812082d8434bb27e34b2 Mon Sep 17 00:00:00 2001 From: s-prechtl Date: Wed, 23 Jul 2025 01:28:18 +0200 Subject: [PATCH] feat: first helix conf --- hosts/goingmerry/configuration.nix | 2 +- hosts/goingmerry/home.nix | 25 +++++------ hosts/hitsugibune/matrix.nix | 69 ++++++++++++++++-------------- modules/home-manager/helix.nix | 12 ++++++ 4 files changed, 64 insertions(+), 44 deletions(-) create mode 100644 modules/home-manager/helix.nix diff --git a/hosts/goingmerry/configuration.nix b/hosts/goingmerry/configuration.nix index 5b28a8c..f199907 100644 --- a/hosts/goingmerry/configuration.nix +++ b/hosts/goingmerry/configuration.nix @@ -323,7 +323,7 @@ { publicKey = "GEX4m+MaTgiFJIusY8lAWkKji5WjzKmyMsSbCmBmHSQ="; presharedKeyFile = "/home/sprechtl/.wg-keys/psk"; - allowedIPs = [ "10.0.0.0/24" ]; + allowedIPs = ["10.0.0.0/24"]; endpoint = "sprechtl.me:51820"; persistentKeepalive = 25; } diff --git a/hosts/goingmerry/home.nix b/hosts/goingmerry/home.nix index 0e4c69b..63885a4 100644 --- a/hosts/goingmerry/home.nix +++ b/hosts/goingmerry/home.nix @@ -4,21 +4,22 @@ ... }: { imports = [ - inputs.zen-browser.homeModules.twilight - ../../modules/home-manager/hyprland.nix - ../../modules/home-manager/pass.nix + ../../modules/home-manager/alacritty.nix + ../../modules/home-manager/blueman.nix ../../modules/home-manager/btop.nix ../../modules/home-manager/dunst.nix - ../../modules/home-manager/blueman.nix - ../../modules/home-manager/git.nix - ../../modules/home-manager/wofi.nix - ../../modules/home-manager/rofi.nix - ../../modules/home-manager/waybar.nix - ../../modules/home-manager/alacritty.nix - ../../modules/home-manager/nextcloud.nix - ../../modules/home-manager/zsh.nix - ../../modules/home-manager/tmux.nix ../../modules/home-manager/fastfetch.nix + ../../modules/home-manager/git.nix + ../../modules/home-manager/helix.nix + ../../modules/home-manager/hyprland.nix + ../../modules/home-manager/nextcloud.nix + ../../modules/home-manager/pass.nix + ../../modules/home-manager/rofi.nix + ../../modules/home-manager/tmux.nix + ../../modules/home-manager/waybar.nix + ../../modules/home-manager/wofi.nix + ../../modules/home-manager/zsh.nix + inputs.zen-browser.homeModules.twilight ]; home.username = "sprechtl"; home.homeDirectory = "/home/sprechtl"; diff --git a/hosts/hitsugibune/matrix.nix b/hosts/hitsugibune/matrix.nix index 969b70a..1cf4482 100644 --- a/hosts/hitsugibune/matrix.nix +++ b/hosts/hitsugibune/matrix.nix @@ -1,5 +1,9 @@ -{ pkgs, lib, config, ... }: -let +{ + pkgs, + lib, + config, + ... +}: let fqdn = "matrix.sprechtl.me"; baseUrl = "https://${fqdn}"; clientConfig."m.homeserver".base_url = baseUrl; @@ -9,7 +13,7 @@ let add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; - turn = config.services.coturn; + turn = config.services.coturn; in { age.secrets.matrix = { file = ../../secrets/matrix.age; @@ -40,32 +44,32 @@ in { # Coturn Ports networking.firewall = { interfaces.enp0s31f6 = let - range = with config.services.coturn; lib.singleton { - from = min-port; - to = max-port; - }; - in - { + range = with config.services.coturn; + lib.singleton { + from = min-port; + to = max-port; + }; + in { allowedUDPPortRanges = range; - allowedUDPPorts = [ 3478 5349 ]; - allowedTCPPortRanges = [ ]; - allowedTCPPorts = [ 3478 5349 ]; + allowedUDPPorts = [3478 5349]; + allowedTCPPortRanges = []; + allowedTCPPorts = [3478 5349]; }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [80 443]; # Make certificate readable - users.users.nginx.extraGroups = [ "turnserver" ]; + users.users.nginx.extraGroups = ["turnserver"]; services.nginx.virtualHosts.${turn.realm} = { - addSSL = true; - enableACME = false; # we’ll do ACME ourselves - forceSSL = false; - sslCertificate = "${config.security.acme.certs.${turn.realm}.directory}/full.pem"; - sslCertificateKey = "${config.security.acme.certs.${turn.realm}.directory}/key.pem"; - locations."/.well-known/acme-challenge/" = { - root = "/var/lib/acme/acme-challenges"; + addSSL = true; + enableACME = false; # we’ll do ACME ourselves + forceSSL = false; + sslCertificate = "${config.security.acme.certs.${turn.realm}.directory}/full.pem"; + sslCertificateKey = "${config.security.acme.certs.${turn.realm}.directory}/key.pem"; + locations."/.well-known/acme-challenge/" = { + root = "/var/lib/acme/acme-challenges"; + }; }; -}; security.acme.certs.${turn.realm} = { email = "stefan@tague.at"; @@ -76,7 +80,7 @@ in { services.postgresql.enable = true; - services.coturn = rec { + services.coturn = rec { enable = true; no-cli = true; no-tcp-relay = true; @@ -174,26 +178,29 @@ in { settings.enable_registration = false; enableRegistrationScript = true; settings.listeners = [ - { port = 8008; - bind_addresses = [ "::1" ]; + { + port = 8008; + bind_addresses = ["::1"]; type = "http"; tls = false; x_forwarded = true; - resources = [ { - names = [ "client" "federation" ]; - compress = true; - } ]; + resources = [ + { + names = ["client" "federation"]; + compress = true; + } + ]; } ]; - extraConfigFiles = [ config.age.secrets.matrix.path ]; + extraConfigFiles = [config.age.secrets.matrix.path]; settings.turn_uris = ["turn:${turn.realm}:3478?transport=udp" "turn:${turn.realm}:3478?transport=tcp"]; settings.turn_user_lifetime = "1h"; }; # WARN: Remove once mautrix is updated nixpkgs.config.permittedInsecurePackages = [ - "olm-3.2.16" + "olm-3.2.16" ]; services.mautrix-signal = { diff --git a/modules/home-manager/helix.nix b/modules/home-manager/helix.nix new file mode 100644 index 0000000..7a771c1 --- /dev/null +++ b/modules/home-manager/helix.nix @@ -0,0 +1,12 @@ +{...}: { + programs.helix = { + enable = true; + settings = { + theme = "gruvbox"; + editor = { + line-number = "relative"; + lsp.display-messages = true; + }; + }; + }; +}