Daniel Flanagan 2023-09-05 13:56:21 -05:00
parent 8f8533f73b
commit 6e7a859cab
Signed by: lytedev
GPG Key ID: 5B2020A0F9921EF4
45 changed files with 7 additions and 3026 deletions

View File

@ -3,8 +3,8 @@ default_border pixel 1
gaps inner 0
output "Samsung Electric Company SyncMaster H1AK500000" position 0,0
output "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" mode 3840x2160@120Hz position 0,0
output "Dell Inc. DELL U2720Q CWTM623" transform 90 scale 1.5 position 3840,0
output "Dell Inc. DELL U2720Q D3TM623" transform 90 scale 1.5 position -1440,0
output "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" mode 3840x2160@120Hz position 1440,0
output "Dell Inc. DELL U2720Q CWTM623" transform 90 scale 1.5 position 5280,0
output "Dell Inc. DELL U2720Q D3TM623" transform 90 scale 1.5 position 0,0
exec firefox

View File

@ -1,13 +0,0 @@
keys:
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub'
- &sshd-at-beefcake age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
creation_rules:
- path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$
key_groups:
- age:
- *daniel
- path_regex: secrets/beefcake/[^/]+\.(ya?ml|json|env|ini)$
key_groups:
- age:
- *daniel
- *sshd-at-beefcake

View File

@ -1,534 +0,0 @@
{ pkgs, lib, ... }: {
# TODO: email access?
# accounts.email.accounts = {
# google = {
# address = "wraithx2@gmail.com";
# };
# };
home.username = "daniel";
home.homeDirectory = lib.mkDefault "/home/daniel/.home";
home.stateVersion = "23.05";
home.packages = [
];
programs.password-store = {
enable = true;
package = (pkgs.pass.withExtensions (exts: [ exts.pass-otp ]));
};
programs.zellij = {
# TODO: enable after port config
enable = false;
enableFishIntegration = true;
settings = {
# TODO: port config
};
};
programs.broot = {
enable = true;
enableFishIntegration = true;
settings = {
modal = true;
skin = {
input = "rgb(205, 214, 244) none";
selected_line = "none rgb(88, 91, 112)";
default = "rgb(205, 214, 244) none";
tree = "rgb(108, 112, 134) none";
parent = "rgb(116, 199, 236) none";
file = "none none";
perm__ = "rgb(186, 194, 222) none";
perm_r = "rgb(250, 179, 135) none";
perm_w = "rgb(235, 160, 172) none";
perm_x = "rgb(166, 227, 161) none";
owner = "rgb(148, 226, 213) none";
group = "rgb(137, 220, 235) none";
dates = "rgb(186, 194, 222) none";
directory = "rgb(180, 190, 254) none Bold";
exe = "rgb(166, 227, 161) none";
link = "rgb(249, 226, 175) none";
pruning = "rgb(166, 173, 200) none Italic";
preview_title = "rgb(205, 214, 244) rgb(24, 24, 37)";
preview = "rgb(205, 214, 244) rgb(24, 24, 37)";
preview_line_number = "rgb(108, 112, 134) none";
char_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic";
content_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic";
preview_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic";
count = "rgb(249, 226, 175) none";
sparse = "rgb(243, 139, 168) none";
content_extract = "rgb(243, 139, 168) none Italic";
git_branch = "rgb(250, 179, 135) none";
git_insertions = "rgb(250, 179, 135) none";
git_deletions = "rgb(250, 179, 135) none";
git_status_current = "rgb(250, 179, 135) none";
git_status_modified = "rgb(250, 179, 135) none";
git_status_new = "rgb(250, 179, 135) none Bold";
git_status_ignored = "rgb(250, 179, 135) none";
git_status_conflicted = "rgb(250, 179, 135) none";
git_status_other = "rgb(250, 179, 135) none";
staging_area_title = "rgb(250, 179, 135) none";
flag_label = "rgb(243, 139, 168) none";
flag_value = "rgb(243, 139, 168) none Bold";
status_normal = "none rgb(24, 24, 37)";
status_italic = "rgb(243, 139, 168) rgb(24, 24, 37) Italic";
status_bold = "rgb(235, 160, 172) rgb(24, 24, 37) Bold";
status_ellipsis = "rgb(235, 160, 172) rgb(24, 24, 37) Bold";
status_error = "rgb(205, 214, 244) rgb(243, 139, 168)";
status_job = "rgb(235, 160, 172) rgb(40, 38, 37)";
status_code = "rgb(235, 160, 172) rgb(24, 24, 37) Italic";
mode_command_mark = "rgb(235, 160, 172) rgb(24, 24, 37) Bold";
help_paragraph = "rgb(205, 214, 244) none";
help_headers = "rgb(243, 139, 168) none Bold";
help_bold = "rgb(250, 179, 135) none Bold";
help_italic = "rgb(249, 226, 175) none Italic";
help_code = "rgb(166, 227, 161) rgb(49, 50, 68)";
help_table_border = "rgb(108, 112, 134) none";
hex_null = "rgb(205, 214, 244) none";
hex_ascii_graphic = "rgb(250, 179, 135) none";
hex_ascii_whitespace = "rgb(166, 227, 161) none";
hex_ascii_other = "rgb(148, 226, 213) none";
hex_non_ascii = "rgb(243, 139, 168) none";
file_error = "rgb(251, 73, 52) none";
purpose_normal = "none none";
purpose_italic = "rgb(177, 98, 134) none Italic";
purpose_bold = "rgb(177, 98, 134) none Bold";
purpose_ellipsis = "none none";
scrollbar_track = "rgb(49, 50, 68) none";
scrollbar_thumb = "rgb(88, 91, 112) none";
good_to_bad_0 = "rgb(166, 227, 161) none";
good_to_bad_1 = "rgb(148, 226, 213) none";
good_to_bad_2 = "rgb(137, 220, 235) none";
good_to_bad_3 = "rgb(116, 199, 236) none";
good_to_bad_4 = "rgb(137, 180, 250) none";
good_to_bad_5 = "rgb(180, 190, 254) none";
good_to_bad_6 = "rgb(203, 166, 247) none";
good_to_bad_7 = "rgb(250, 179, 135) none";
good_to_bad_8 = "rgb(235, 160, 172) none";
good_to_bad_9 = "rgb(243, 139, 168) none";
};
verbs = [
{ invocation = "edit"; shortcut = "e"; execution = "$EDITOR +{line} {file}"; }
];
};
};
programs.home-manager.enable = true;
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
programs.fish = {
enable = true;
shellInit = ''
# paths
if not set --query NICE_HOME
set --export --universal NICE_HOME $HOME
# if HOME ends with a dir called .home, assume that NICE_HOME is HOME's parent dir
test (basename $HOME) = .home \
&& set --export --universal NICE_HOME (realpath $HOME/..)
end
set --export --universal XDG_CONFIG_HOME $HOME/.config
set --export --universal XDG_CACHE_HOME $HOME/.cache
set --export --universal XDG_DATA_HOME $HOME/.local/share
set --export --universal XDG_STATE_HOME $HOME/.local/state
set --export --universal XDG_DESKTOP_DIR $HOME/desktop
set --export --universal XDG_PUBLICSHARE_DIR $HOME/public
set --export --universal XDG_TEMPLATES_DIR $HOME/templates
set --export --universal XDG_DOCUMENTS_DIR $NICE_HOME/doc
set --export --universal XDG_DOWNLOAD_DIR $NICE_HOME/dl
set --export --universal XDG_MUSIC_DIR $NICE_HOME/music
set --export --universal XDG_PICTURES_DIR $NICE_HOME/img
set --export --universal XDG_VIDEOS_DIR $NICE_HOME/video
set --export --universal XDG_GAMES_DIR $NICE_HOME/games
set --export --universal DOTFILES_PATH $XDG_CONFIG_HOME/lytedev-dotfiles
set --export --universal ENV_PATH $XDG_CONFIG_HOME/lytedev-env
set --export --universal FISH_PATH $XDG_CONFIG_HOME/fish
set --export --universal NOTES_PATH $NICE_HOME/doc/notes
set --export --universal SCROTS_PATH $NICE_HOME/img/scrots
set --export --universal USER_LOGS_PATH $NICE_HOME/doc/logs
for s in $ENV_PATH/*/config.d.fish
source $s (dirname $s)
end
# vars
set --export --universal LS_COLORS 'ow=01;36;40'
set --export --universal EXA_COLORS '*=0'
set --export --universal ERL_AFLAGS "-kernel shell_history enabled -kernel shell_history_file_bytes 1024000"
set --export --universal BROWSER firefox
set --export --universal EDITOR hx
set --export --universal VISUAL hx
# TODO: helix ($EDITOR) as man/pager
set --export --universal PAGER "less"
set --export --universal MANPAGER "less"
set --export --universal SOPS_AGE_KEY_FILE "$XDG_CONFIG_HOME/sops/age/keys.txt"
set --export --universal SKIM_ALT_C_COMMAND "fd --hidden --type directory"
set --export --universal SKIM_CTRL_T_COMMAND "fd --hidden"
# colors
set -U fish_color_normal normal # default color
set -U fish_color_command white # base command being run (>ls< -la)
set -U fish_color_param white # command's parameters
set -U fish_color_end green # command delimiter/separators (; and &)
set -U fish_color_error red # color of errors
set -U fish_color_escape yellow # color of escape codes (\n, \x2d, etc.)
set -U fish_color_operator blue # expansion operators (~, *)
set -U fish_color_quote yellow
set -U fish_color_redirection blue # redirection operators (|, >, etc.)
set -U fish_color_cancel 333 brblack # sigint at prompt (^C)
set -U fish_color_autosuggestion 666 brblack # as-you-type suggestions
set -U fish_color_match blue # matching parens and the like
set -U fish_color_search_match white\x1e\x2d\x2dbackground\x3d333 # selected pager item
set -U fish_color_selection blue # vi mode visual selection (only fg)
set -U fish_color_valid_path yellow # if an argument is a valid path (only -u?)
set -U fish_color_comment 666 brblack # comments like this one!
set -U fish_pager_color_completion white # main color for pager
set -U fish_pager_color_description magenta # color for meta description
set -U fish_pager_color_prefix blue # the string being completed
set -U fish_pager_color_progress white\x1e\x2d\x2dbackground\x3d333 # status indicator at the bottom
# set -U fish_pager_color_secondary \x2d\x2dbackground\x3d181818 # alternating rows
function has_command --wraps=command --description "Exits non-zero if the given command cannot be found"
command --quiet --search $argv[1]
end
'';
# TODO: rtx?
# TODO: homebrew?
# TODO: asdf?
functions = {
d = ''
# --wraps=cd --description "Quickly jump to NICE_HOME (or given relative or absolute path) and list files."
if count $argv > /dev/null
cd $argv
else
cd $NICE_HOME
end
la
'';
c = ''
if count $argv > /dev/null
cd $NICE_HOME && d $argv
else
d $NICE_HOME
end
'';
g = ''
if count $argv > /dev/null
git $argv
else
git status
end
'';
ltl = ''
set d $argv[1] .
set -l l ""
for f in $d[1]/*
if test -z $l; set l $f; continue; end
if command test $f -nt $l; and test ! -d $f
set l $f
end
end
echo $l
'';
has_command = "command --quiet --search $argv[1]";
};
interactiveShellInit = ''
# prompt
function get_hostname
if test (uname) = Linux || test (uname) = Darwin
has_command hostname && hostname | cut -d. -f1 || cat /etc/hostname
else
# assume bsd
hostname | head -n 1 | cut -d. -f1
end
end
function fish_greeting
_prompt_prefix
printf "%s\n" (date)
end
function preprocess_pwd
test (pwd) = / && echo "/" && return 1
test (pwd) = $NICE_HOME && echo "~" && return 0
pwd \
| cut -c2- \
| gawk '{n=split($0,p,"/");for(i=1;i<=n;i++){if(i==n){printf "/%s",p[i]}else{printf "/%.3s",p[i]}}}'
end
function _maybe_sudo_prefix
if set -q SUDO_USER
set_color -b yellow black
printf " SUDO "
set_color -b normal normal
printf " "
end
end
function _maybe_aws_profile
if set -q AWS_PROFILE && test $AWS_PROFILE = prd
printf " "
set_color -b yellow black
printf " AWS_PROFILE=prd "
set_color -b normal normal
end
end
function _user_and_host
if test $argv[1] -eq 0
set_color -b normal blue
else
set_color -b normal red
end
printf "%s@%s" $USER (get_hostname)
end
function _cur_work_dir
set_color -b normal magenta
printf " %s" (preprocess_pwd)
end
function _last_cmd_duration
set_color -b normal green
set -q CMD_DURATION && printf " %dms" $CMD_DURATION
end
function _maybe_jobs_summary
if jobs -q
set_color -b normal cyan
printf " &%d" (jobs -p | wc -l)
end
end
function _user_prompt
printf "\n"
set_color brblack
if test (id -u) -eq 0
printf '# '
else
printf '$ '
end
set_color -b normal normal
end
function _maybe_git_summary
set_color -b normal yellow
set cur_sha (git rev-parse --short HEAD 2>/dev/null)
if test $status = 0
set num_changes (git status --porcelain | wc -l | string trim)
if test $num_changes = 0
set num_changes ""
else
set num_changes "+$num_changes"
end
printf " %s %s %s" (git branch --show-current) $cur_sha $num_changes
end
end
function _prompt_marker
printf "%b133;A%b" "\x1b\x5d" "\x1b\x5c"
end
function _prompt_continuation_marker
printf "%b133;A;k=s%b" "\x1b\x5d" "\x1b\x5c"
end
function cmd_marker --on-variable _
printf "%b133;C%b" "\x1b\x5d" "\x1b\x5c"
end
function _prompt_prefix
set_color -b normal brblack
printf "# "
end
function fish_prompt
set last_cmd_status $status
_prompt_marker
_prompt_prefix
_maybe_sudo_prefix
_user_and_host $last_cmd_status
_cur_work_dir
_maybe_git_summary
_maybe_aws_profile
_last_cmd_duration
_maybe_jobs_summary
_user_prompt
end
function fish_mode_prompt; end
function fish_right_prompt; end
# key bindings
fish_vi_key_bindings
set --universal fish_cursor_default block
set --universal fish_cursor_insert line
set --universal fish_cursor_block block
fish_vi_cursor
set --universal fish_vi_force_cursor 1
bind --mode insert --sets-mode default jk repaint
bind --mode insert --sets-mode default jK repaint
bind --mode insert --sets-mode default Jk repaint
bind --mode insert --sets-mode default JK repaint
bind --mode insert --sets-mode default jj repaint
bind --mode insert --sets-mode default jJ repaint
bind --mode insert --sets-mode default Jj repaint
bind --mode insert --sets-mode default JJ repaint
bind -M insert \cg skim-cd-widget
bind -M insert \cp up-or-search
bind -M insert \cn down-or-search
bind -M insert \ce end-of-line
bind -M insert \ca beginning-of-line
bind -M insert \cv edit_command_buffer
bind -M default \cv edit_command_buffer
'';
loginShellInit = ''
'';
shellAbbrs = { };
shellAliases = {
l = "br";
ls = "exa --group-directories-first --classify";
la = "exa -la --group-directories-first --classify";
lA = "exa -la --all --group-directories-first --classify";
tree = "exa --tree --level=3";
lt = "exa -l --sort=modified";
lat = "exa -la --sort=modified";
lc = "lt --sort=accessed";
lT = "lt --reverse";
lC = "lc --reverse";
lD = "la --only-dirs";
"cd.." = "d ..";
"cdd" = "d $DOTFILES_PATH";
"cde" = "d $XDG_CONFIG_HOME/lytedev-env";
"cdc" = "d $XDG_CONFIG_HOME";
"cdn" = "d $NOTES_PATH";
"cdl" = "d $XDG_DOWNLOAD_DIR";
"cdg" = "d $XDG_GAMES_DIR";
".." = "d ..";
"..." = "d ../..";
"...." = "d ../../..";
"....." = "d ../../../..";
"......" = "d ../../../../..";
"......." = "d ../../../../../..";
"........" = "d ../../../../../../..";
"........." = "d ../../../../../../../..";
cat = "bat";
dc = "docker compose";
k = "kubectl";
kg = "kubectl get";
v = "$EDITOR";
sv = "sudo $EDITOR";
kssh = "kitty +kitten ssh";
};
};
programs.exa.enable = true;
programs.skim = {
enable = true;
enableFishIntegration = true;
};
programs.nix-index = {
enable = true;
enableFishIntegration = true;
};
home.pointerCursor = {
name = "Catppuccin-Mocha-Sapphire-Cursors";
package = pkgs.catppuccin-cursors.mochaSapphire;
size = 64; # TODO: this doesn't seem to work -- at least in Sway
};
programs.firefox = {
enable = true;
package = (pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.passff-host ]; });
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [
# ublock-origin
# ]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe?
profiles = {
daniel = {
id = 0;
settings = {
"general.smoothScroll" = true;
};
extraConfig = ''
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
// user_pref("full-screen-api.ignore-widgets", true);
user_pref("media.ffmpeg.vaapi.enabled", true);
user_pref("media.rdd-vpx.enabled", true);
'';
userChrome = ''
/* Remove close button */
.titlebar-buttonbox-container{ display:none }
#webrtcIndicator {
display: none;
}
#main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar>.toolbar-items {
opacity: 0;
pointer-events: none;
}
#main-window:not([tabsintitlebar="true"]) #TabsToolbar {
visibility: collapse !important;
}
'';
# userContent = ''
# '';
};
};
};
# wayland.windowManager.sway = {
# enable = true;
# }; # TODO: would be nice to have my sway config declared here instead of symlinked in by dotfiles scripts?
# maybe we can share somehow so things for nix-y systems and non-nix-y systems alike
}

View File

@ -1,306 +0,0 @@
{
"nodes": {
"api-lyte-dev": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1690574004,
"narHash": "sha256-1bF8WGiYe9AwhVaRN2VcyIPmQsnxRL5BPQC1hAe3K64=",
"ref": "refs/heads/master",
"rev": "02bf4481bc8d057a7ef4ae01467f8bd574ccb1c1",
"revCount": 71,
"type": "git",
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
},
"original": {
"type": "git",
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
}
},
"crane": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"helix",
"flake-utils"
],
"nixpkgs": [
"helix",
"nixpkgs"
],
"rust-overlay": [
"helix",
"rust-overlay"
]
},
"locked": {
"lastModified": 1688772518,
"narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=",
"owner": "ipetkov",
"repo": "crane",
"rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1692199161,
"narHash": "sha256-GqKApvQ1JCf5DzH/Q+P4nwuHb6MaQGaWTu41lYzveF4=",
"owner": "nix-community",
"repo": "disko",
"rev": "4eed2457b053c4bbad7d90d2b3a1d539c2c9009c",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"helix": {
"inputs": {
"crane": "crane",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1692817399,
"narHash": "sha256-gbLru0aup6iI0JnDGMQd1jsb8H6IJUNr/Xln3/ouAZc=",
"owner": "helix-editor",
"repo": "helix",
"rev": "c9694f680f97823ac9b893239a78bf45bfee0403",
"type": "github"
},
"original": {
"owner": "helix-editor",
"repo": "helix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1692099905,
"narHash": "sha256-/pSusGhmIdSdAaywQRFA5dVbfdIzlWQTecM+E46+cJ0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1690026219,
"narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1692492726,
"narHash": "sha256-rld5qm2B4oRkDwcPD+yOSyTrZQdfCR6mzJGGkecjvTs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e63e8bbc46bc4fc22254da1edaf42fc7549c18a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1692794066,
"narHash": "sha256-H0aG8r16dj0x/Wz6wQhQxc9V7AsObOiHPaKxQgH6Y08=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fc944919f743bb22379dddf18dcb72db6cff84aa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"api-lyte-dev": "api-lyte-dev",
"disko": "disko",
"helix": "helix",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"helix",
"flake-utils"
],
"nixpkgs": [
"helix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1690424156,
"narHash": "sha256-Bpml+L280tHTQpwpC5/BJbU4HSvEzMvW8IZ4gAXimhE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "f335a0213504c7e6481c359dc1009be9cf34432c",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1692728678,
"narHash": "sha256-02MjG7Sb9k7eOi86CcC4GNWVOjT6gjmXFSqkRjZ8Xyk=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "1b7b3a32d65dbcd69c217d7735fdf0a6b2184f45",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

View File

@ -1,145 +0,0 @@
# Welcome to my nix config! I'm just getting started with flakes, so please
# forgive the mess.
# TODO: declarative disks with https://github.com/nix-community/disko
# TODO: home-manager?
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
# TODO: this could be a release tarball? fully recompiling this on every change suuuucks
api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko/master"; # NOTE: lock update!
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
helix = {
url = "github:helix-editor/helix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs: {
diskoConfigurations = {
encryptedUefiBtrfs = import ./machines/thinker-disks.nix;
normalUefiBtrfs = import ./machines/musicbox-disks.nix;
};
homeConfigurations =
let
system = "x86_64-linux";
pkgs = inputs.nixpkgs.legacyPackages.${system};
in
{
daniel = inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [
(import
./daniel.nix
pkgs)
];
};
};
nixosConfigurations = {
beefcake = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules =
[
./machines/beefcake.nix
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
inputs.api-lyte-dev.nixosModules.x86_64-linux.api-lyte-dev
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
musicbox = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules =
[
inputs.disko.nixosModules.disko
./machines/musicbox-disks.nix
{ _module.args.disks = [ "/dev/sda" ]; }
./machines/musicbox.nix
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
thinker = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
inputs.disko.nixosModules.disko
./machines/thinker-disks.nix
{ _module.args.disks = [ "/dev/nvme0n1" ]; }
./machines/thinker.nix
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
};
colmena = {
meta = {
nixpkgs = import inputs.nixpkgs {
system = "x86_64-linux";
};
};
musicbot = inputs.nixpkgs.lib.nixosSystem {
deployment = {
targetHost = "musicbox";
targetPort = 1234;
targetUser = "nixos";
};
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules =
[
inputs.disko.nixosModules.disko
./machines/musicbox-disks.nix
{ _module.args.disks = [ "/dev/sda" ]; }
./machines/musicbox.nix
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
};
};
}

View File

@ -1,57 +0,0 @@
# Do not modify this file! It was generated by 'nixos-generate-config'
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "megaraid_sas" "usbhid" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/0747dcba-f590-42e6-89c8-6cb2f9114d64";
fsType = "ext4";
options = [
"usrquota"
];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/7E3C-9018";
fsType = "vfat";
};
fileSystems."/storage" =
{
device = "/dev/disk/by-uuid/ea8258d7-54d1-430e-93b3-e15d33231063";
fsType = "btrfs";
options = [
"compress=zstd:5"
"space_cache=v2"
];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
# networking.interfaces.enp68s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp68s0f1.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View File

@ -1,606 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running 'nixos-help').
{ config, pkgs, inputs, ... }: rec {
nix.settings.experimental-features = [ "nix-command" "flakes" ];
imports = [
./beefcake-hardware.nix
];
services.api-lyte-dev = rec {
enable = true;
port = 5757;
stateDir = "/var/lib/api-lyte-dev";
configFile = sops.secrets."api.lyte.dev".path;
user = "api-lyte-dev";
group = user;
};
systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";
sops = {
defaultSopsFile = ../secrets/beefcake/secrets.yml;
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets = {
# example-key = {
# # see these and other options' documentation here:
# # https://github.com/Mic92/sops-nix#set-secret-permissionowner-and-allow-services-to-access-it
# # set permissions:
# # mode = "0440";
# # owner = config.users.users.nobody.name;
# # group = config.users.users.nobody.group;
# # restart service when a secret changes or is newly initialized
# # restartUnits = [ "home-assistant.service" ];
# # symlink to certain directories
# path = "/var/lib/my-example-key/secrets.yaml";
# # for use as a user password
# # neededForUsers = true;
# };
# subdirectory
# "myservice/my_subdir/my_secret" = { };
"api.lyte.dev" = {
path = "${services.api-lyte-dev.stateDir}/secrets.json";
# TODO: would be cool to assert that it's correctly-formatted JSON?
mode = "0440";
owner = services.api-lyte-dev.user;
group = services.api-lyte-dev.group;
};
plausible-admin-password = { };
plausible-erlang-cookie = { };
plausible-secret-key-base = { };
};
};
# TODO: non-root processes and services that access secrets need to be part of
# the 'keys' group
# systemd.services.some-service = {
# serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];
# };
# or
# users.users.example-user.extraGroups = [ config.users.groups.keys.name ];
# TODO: directory attributes for /storage subdirectories?
# example: user daniel should be able to write to /storage/files.lyte.dev and
# caddy should be able to serve it
# TODO: declarative directory quotas? for storage/$USER and /home/$USER
# TODO: would be nice to get ALL the storage stuff declared in here
# should I be using btrfs subvolumes? can I capture file ownership, perimssions, and ACLs?
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
systemd.tmpfiles.rules = [
"d /var/spool/samba 1777 root root -"
];
networking.hostName = "beefcake";
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
users.groups.daniel.members = [ "daniel" ];
users.groups.nixadmin.members = [ "daniel" ];
users.users.daniel = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
group = "daniel";
extraGroups = [
"nixadmin" # write access to /etc/nixos/ files
"wheel" # sudo access
"caddy" # write access to /storage/files.lyte.dev
"users" # general users group
"jellyfin" # write access to /storage/jellyfin
];
# packages = with pkgs; [];
};
users.users.lytedev = {
# for running my services and applications and stuff
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
group = "lytedev";
extraGroups = [
];
};
users.users.ben = {
isNormalUser = true;
packages = with pkgs; [
vim
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUfLZ+IX85p9355Po2zP1H2tAxiE0rE6IYb8Sf+eF9T ben@benhany.com"
];
};
users.users.alan = {
isNormalUser = true;
packages = with pkgs; [
vim
];
openssh.authorizedKeys.keys = [
""
];
};
users.users.restic = {
# used for other machines to backup to
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
};
users.users.guest = {
isSystemUser = true;
group = "user";
createHome = true;
};
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
environment.variables = {
EDITOR = "hx";
};
# TODO: right now, I use a flake for helix that gets the latest since my config uses newer features
# would be nice to get that declared here
# I think this was done with `nix profile install github:helix-editor/helix --priority 0`?
# search for packages: `nix search $PACKAGE_NAME`
environment.systemPackages = with pkgs; [
inputs.helix.packages."x86_64-linux".helix
zellij
mosh
btrfs-progs
iperf3
pv
linuxquota
traceroute
hexyl
restic
speedtest-cli
fish
restic
nil
nixpkgs-fmt
fd
ripgrep
exa
skim
git
wget
tmux
sqlite
];
services.xserver.layout = "us";
# TODO: make the client declarative? right now I think it's manually git
# clone'd to /root
systemd.services.deno-netlify-ddns-client = {
serviceConfig.Type = "oneshot";
path = with pkgs; [ curl bash ];
environment = {
NETLIFY_DDNS_RC_FILE = "/root/deno-netlify-ddns-client/.env";
};
script = ''
bash /root/deno-netlify-ddns-client/netlify-ddns-client.sh
'';
};
systemd.timers.deno-netlify-ddns-client = {
wantedBy = [ "timers.target" ];
partOf = [ "deno-netlify-ddns-client.service" ];
timerConfig = {
OnBootSec = "10sec";
OnUnitActiveSec = "5min";
Unit = "deno-netlify-ddns-client.service";
};
};
services.smartd.enable = true;
services.caddy = {
enable = true;
adapter = "caddyfile";
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
configFile = pkgs.writeText "Caddyfile" ''
video.lyte.dev {
reverse_proxy :8096
}
bw.lyte.dev {
reverse_proxy :8222
}
api.lyte.dev {
reverse_proxy :5757
}
a.lyte.dev {
reverse_proxy :8899
}
git.lyte.dev {
reverse_proxy :3088
}
files.lyte.dev {
file_server browse {
root /storage/files.lyte.dev
}
}
# proxy everything else to chromebox
:80 {
reverse_proxy 10.0.0.5:80
}
:443 {
reverse_proxy 10.0.0.5:443
}
'';
};
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://bw.lyte.dev";
SIGNUPS_ALLOWED = "false";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
};
};
services.gitea = {
enable = true;
appName = "git.lyte.dev";
stateDir = "/storage/gitea";
settings = {
server = {
ROOT_URL = "https://git.lyte.dev";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3088;
DOMAIN = "git.lyte.dev";
};
service = {
DISABLE_REGISTRATION = true;
};
session = {
COOKIE_SECURE = true;
};
log = {
# TODO: raise the log level
LEVEL = "Debug";
};
ui = {
THEMES = "catppuccin-mocha-sapphire,gitea,arc-green,auto,pitchblack";
DEFAULT_THEME = "catppuccin-mocha-sapphire";
};
};
lfs = {
enable = true;
};
dump = {
enable = true;
};
database = {
# TODO: move to postgres?
type = "sqlite3";
};
};
# TODO: ensure we're not doing the same dumb thing we were doing on the old host and eating storage
services.clickhouse.enable = true;
services.plausible = {
enable = true;
releaseCookiePath = config.sops.secrets.plausible-erlang-cookie.path;
database = {
clickhouse.setup = true;
postgres = {
setup = false;
dbname = "plausible";
};
};
server = {
baseUrl = "http://beefcake.hare-cod.ts.net:8899";
disableRegistration = true;
port = 8899;
secretKeybaseFile = config.sops.secrets.plausible-secret-key-base.path;
};
adminUser = {
activate = false;
email = "daniel@lyte.dev";
passwordFile = config.sops.secrets.plausible-admin-password.path;
};
};