lytedev/dotfiles
Archived
1
0
Fork 1
Code Issues Pull requests Releases Wiki Activity

Ref

Browse source
This commit is contained in:
Daniel Flanagan 2023-09-05 13:56:21 -05:00
parent 8f8533f73b
commit 6e7a859cab
Signed by: lytedev
GPG key ID: 5B2020A0F9921EF4
45 changed files with 7 additions and 3026 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
host/desktop/sway/config
View file

@ -3,8 +3,8 @@ default_border pixel 1
gaps inner 0
output "Samsung Electric Company SyncMaster H1AK500000" position 0,0
output "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" mode 3840x2160@120Hz position 0,0
output "Dell Inc. DELL U2720Q CWTM623" transform 90 scale 1.5 position 3840,0
output "Dell Inc. DELL U2720Q D3TM623" transform 90 scale 1.5 position -1440,0
output "GIGA-BYTE TECHNOLOGY CO., LTD. AORUS FO48U 23070B000307" mode 3840x2160@120Hz position 1440,0
output "Dell Inc. DELL U2720Q CWTM623" transform 90 scale 1.5 position 5280,0
output "Dell Inc. DELL U2720Q D3TM623" transform 90 scale 1.5 position 0,0
exec firefox

13
os/linux/nix/.sops.yaml
View file

@ -1,13 +0,0 @@
keys:
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub'
- &sshd-at-beefcake age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
creation_rules:
- path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$
key_groups:
- age:
- *daniel
- path_regex: secrets/beefcake/[^/]+\.(ya?ml|json|env|ini)$
key_groups:
- age:
- *daniel
- *sshd-at-beefcake

534
os/linux/nix/daniel.nix
View file

@ -1,534 +0,0 @@
{ pkgs, lib, ... }: {
# TODO: email access?
# accounts.email.accounts = {
# google = {
# address = "wraithx2@gmail.com";
# };
# };
home.username = "daniel";
home.homeDirectory = lib.mkDefault "/home/daniel/.home";
home.stateVersion = "23.05";
home.packages = [
];
programs.password-store = {
enable = true;
package = (pkgs.pass.withExtensions (exts: [ exts.pass-otp ]));
};
programs.zellij = {
# TODO: enable after port config
enable = false;
enableFishIntegration = true;
settings = {
# TODO: port config
};
};
programs.broot = {
enable = true;
enableFishIntegration = true;
settings = {
modal = true;
skin = {
input = "rgb(205, 214, 244) none";
selected_line = "none rgb(88, 91, 112)";
default = "rgb(205, 214, 244) none";
tree = "rgb(108, 112, 134) none";
parent = "rgb(116, 199, 236) none";
file = "none none";
perm__ = "rgb(186, 194, 222) none";
perm_r = "rgb(250, 179, 135) none";
perm_w = "rgb(235, 160, 172) none";
perm_x = "rgb(166, 227, 161) none";
owner = "rgb(148, 226, 213) none";
group = "rgb(137, 220, 235) none";
dates = "rgb(186, 194, 222) none";
directory = "rgb(180, 190, 254) none Bold";
exe = "rgb(166, 227, 161) none";
link = "rgb(249, 226, 175) none";
pruning = "rgb(166, 173, 200) none Italic";
preview_title = "rgb(205, 214, 244) rgb(24, 24, 37)";
preview = "rgb(205, 214, 244) rgb(24, 24, 37)";
preview_line_number = "rgb(108, 112, 134) none";
char_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic";
content_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic";
preview_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic";
count = "rgb(249, 226, 175) none";
sparse = "rgb(243, 139, 168) none";
content_extract = "rgb(243, 139, 168) none Italic";
git_branch = "rgb(250, 179, 135) none";
git_insertions = "rgb(250, 179, 135) none";
git_deletions = "rgb(250, 179, 135) none";
git_status_current = "rgb(250, 179, 135) none";
git_status_modified = "rgb(250, 179, 135) none";
git_status_new = "rgb(250, 179, 135) none Bold";
git_status_ignored = "rgb(250, 179, 135) none";
git_status_conflicted = "rgb(250, 179, 135) none";
git_status_other = "rgb(250, 179, 135) none";
staging_area_title = "rgb(250, 179, 135) none";
flag_label = "rgb(243, 139, 168) none";
flag_value = "rgb(243, 139, 168) none Bold";
status_normal = "none rgb(24, 24, 37)";
status_italic = "rgb(243, 139, 168) rgb(24, 24, 37) Italic";
status_bold = "rgb(235, 160, 172) rgb(24, 24, 37) Bold";
status_ellipsis = "rgb(235, 160, 172) rgb(24, 24, 37) Bold";
status_error = "rgb(205, 214, 244) rgb(243, 139, 168)";
status_job = "rgb(235, 160, 172) rgb(40, 38, 37)";
status_code = "rgb(235, 160, 172) rgb(24, 24, 37) Italic";
mode_command_mark = "rgb(235, 160, 172) rgb(24, 24, 37) Bold";
help_paragraph = "rgb(205, 214, 244) none";
help_headers = "rgb(243, 139, 168) none Bold";
help_bold = "rgb(250, 179, 135) none Bold";
help_italic = "rgb(249, 226, 175) none Italic";
help_code = "rgb(166, 227, 161) rgb(49, 50, 68)";
help_table_border = "rgb(108, 112, 134) none";
hex_null = "rgb(205, 214, 244) none";
hex_ascii_graphic = "rgb(250, 179, 135) none";
hex_ascii_whitespace = "rgb(166, 227, 161) none";
hex_ascii_other = "rgb(148, 226, 213) none";
hex_non_ascii = "rgb(243, 139, 168) none";
file_error = "rgb(251, 73, 52) none";
purpose_normal = "none none";
purpose_italic = "rgb(177, 98, 134) none Italic";
purpose_bold = "rgb(177, 98, 134) none Bold";
purpose_ellipsis = "none none";
scrollbar_track = "rgb(49, 50, 68) none";
scrollbar_thumb = "rgb(88, 91, 112) none";
good_to_bad_0 = "rgb(166, 227, 161) none";
good_to_bad_1 = "rgb(148, 226, 213) none";
good_to_bad_2 = "rgb(137, 220, 235) none";
good_to_bad_3 = "rgb(116, 199, 236) none";
good_to_bad_4 = "rgb(137, 180, 250) none";
good_to_bad_5 = "rgb(180, 190, 254) none";
good_to_bad_6 = "rgb(203, 166, 247) none";
good_to_bad_7 = "rgb(250, 179, 135) none";
good_to_bad_8 = "rgb(235, 160, 172) none";
good_to_bad_9 = "rgb(243, 139, 168) none";
};
verbs = [
{ invocation = "edit"; shortcut = "e"; execution = "$EDITOR +{line} {file}"; }
];
};
};
programs.home-manager.enable = true;
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
programs.fish = {
enable = true;
shellInit = ''
# paths
if not set --query NICE_HOME
set --export --universal NICE_HOME $HOME
# if HOME ends with a dir called .home, assume that NICE_HOME is HOME's parent dir
test (basename $HOME) = .home \
&& set --export --universal NICE_HOME (realpath $HOME/..)
end
set --export --universal XDG_CONFIG_HOME $HOME/.config
set --export --universal XDG_CACHE_HOME $HOME/.cache
set --export --universal XDG_DATA_HOME $HOME/.local/share
set --export --universal XDG_STATE_HOME $HOME/.local/state
set --export --universal XDG_DESKTOP_DIR $HOME/desktop
set --export --universal XDG_PUBLICSHARE_DIR $HOME/public
set --export --universal XDG_TEMPLATES_DIR $HOME/templates
set --export --universal XDG_DOCUMENTS_DIR $NICE_HOME/doc
set --export --universal XDG_DOWNLOAD_DIR $NICE_HOME/dl
set --export --universal XDG_MUSIC_DIR $NICE_HOME/music
set --export --universal XDG_PICTURES_DIR $NICE_HOME/img
set --export --universal XDG_VIDEOS_DIR $NICE_HOME/video
set --export --universal XDG_GAMES_DIR $NICE_HOME/games
set --export --universal DOTFILES_PATH $XDG_CONFIG_HOME/lytedev-dotfiles
set --export --universal ENV_PATH $XDG_CONFIG_HOME/lytedev-env
set --export --universal FISH_PATH $XDG_CONFIG_HOME/fish
set --export --universal NOTES_PATH $NICE_HOME/doc/notes
set --export --universal SCROTS_PATH $NICE_HOME/img/scrots
set --export --universal USER_LOGS_PATH $NICE_HOME/doc/logs
for s in $ENV_PATH/*/config.d.fish
source $s (dirname $s)
end
# vars
set --export --universal LS_COLORS 'ow=01;36;40'
set --export --universal EXA_COLORS '*=0'
set --export --universal ERL_AFLAGS "-kernel shell_history enabled -kernel shell_history_file_bytes 1024000"
set --export --universal BROWSER firefox
set --export --universal EDITOR hx
set --export --universal VISUAL hx
# TODO: helix ($EDITOR) as man/pager
set --export --universal PAGER "less"
set --export --universal MANPAGER "less"
set --export --universal SOPS_AGE_KEY_FILE "$XDG_CONFIG_HOME/sops/age/keys.txt"
set --export --universal SKIM_ALT_C_COMMAND "fd --hidden --type directory"
set --export --universal SKIM_CTRL_T_COMMAND "fd --hidden"
# colors
set -U fish_color_normal normal # default color
set -U fish_color_command white # base command being run (>ls< -la)
set -U fish_color_param white # command's parameters
set -U fish_color_end green # command delimiter/separators (; and &)
set -U fish_color_error red # color of errors
set -U fish_color_escape yellow # color of escape codes (\n, \x2d, etc.)
set -U fish_color_operator blue # expansion operators (~, *)
set -U fish_color_quote yellow
set -U fish_color_redirection blue # redirection operators (|, >, etc.)
set -U fish_color_cancel 333 brblack # sigint at prompt (^C)
set -U fish_color_autosuggestion 666 brblack # as-you-type suggestions
set -U fish_color_match blue # matching parens and the like
set -U fish_color_search_match white\x1e\x2d\x2dbackground\x3d333 # selected pager item
set -U fish_color_selection blue # vi mode visual selection (only fg)
set -U fish_color_valid_path yellow # if an argument is a valid path (only -u?)
set -U fish_color_comment 666 brblack # comments like this one!
set -U fish_pager_color_completion white # main color for pager
set -U fish_pager_color_description magenta # color for meta description
set -U fish_pager_color_prefix blue # the string being completed
set -U fish_pager_color_progress white\x1e\x2d\x2dbackground\x3d333 # status indicator at the bottom
# set -U fish_pager_color_secondary \x2d\x2dbackground\x3d181818 # alternating rows
function has_command --wraps=command --description "Exits non-zero if the given command cannot be found"
command --quiet --search $argv[1]
end
'';
# TODO: rtx?
# TODO: homebrew?
# TODO: asdf?
functions = {
d = ''
# --wraps=cd --description "Quickly jump to NICE_HOME (or given relative or absolute path) and list files."
if count $argv > /dev/null
cd $argv
else
cd $NICE_HOME
end
la
'';
c = ''
if count $argv > /dev/null
cd $NICE_HOME && d $argv
else
d $NICE_HOME
end
'';
g = ''
if count $argv > /dev/null
git $argv
else
git status
end
'';
ltl = ''
set d $argv[1] .
set -l l ""
for f in $d[1]/*
if test -z $l; set l $f; continue; end
if command test $f -nt $l; and test ! -d $f
set l $f
end
end
echo $l
'';
has_command = "command --quiet --search $argv[1]";
};
interactiveShellInit = ''
# prompt
function get_hostname
if test (uname) = Linux || test (uname) = Darwin
has_command hostname && hostname | cut -d. -f1 || cat /etc/hostname
else
# assume bsd
hostname | head -n 1 | cut -d. -f1
end
end
function fish_greeting
_prompt_prefix
printf "%s\n" (date)
end
function preprocess_pwd
test (pwd) = / && echo "/" && return 1
test (pwd) = $NICE_HOME && echo "~" && return 0
pwd \
| cut -c2- \
| gawk '{n=split($0,p,"/");for(i=1;i<=n;i++){if(i==n){printf "/%s",p[i]}else{printf "/%.3s",p[i]}}}'
end
function _maybe_sudo_prefix
if set -q SUDO_USER
set_color -b yellow black
printf " SUDO "
set_color -b normal normal
printf " "
end
end
function _maybe_aws_profile
if set -q AWS_PROFILE && test $AWS_PROFILE = prd
printf " "
set_color -b yellow black
printf " AWS_PROFILE=prd "
set_color -b normal normal
end
end
function _user_and_host
if test $argv[1] -eq 0
set_color -b normal blue
else
set_color -b normal red
end
printf "%s@%s" $USER (get_hostname)
end
function _cur_work_dir
set_color -b normal magenta
printf " %s" (preprocess_pwd)
end
function _last_cmd_duration
set_color -b normal green
set -q CMD_DURATION && printf " %dms" $CMD_DURATION
end
function _maybe_jobs_summary
if jobs -q
set_color -b normal cyan
printf " &%d" (jobs -p | wc -l)
end
end
function _user_prompt
printf "\n"
set_color brblack
if test (id -u) -eq 0
printf '# '
else
printf '$ '
end
set_color -b normal normal
end
function _maybe_git_summary
set_color -b normal yellow
set cur_sha (git rev-parse --short HEAD 2>/dev/null)
if test $status = 0
set num_changes (git status --porcelain | wc -l | string trim)
if test $num_changes = 0
set num_changes ""
else
set num_changes "+$num_changes"
end
printf " %s %s %s" (git branch --show-current) $cur_sha $num_changes
end
end
function _prompt_marker
printf "%b133;A%b" "\x1b\x5d" "\x1b\x5c"
end
function _prompt_continuation_marker
printf "%b133;A;k=s%b" "\x1b\x5d" "\x1b\x5c"
end
function cmd_marker --on-variable _
printf "%b133;C%b" "\x1b\x5d" "\x1b\x5c"
end
function _prompt_prefix
set_color -b normal brblack
printf "# "
end
function fish_prompt
set last_cmd_status $status
_prompt_marker
_prompt_prefix
_maybe_sudo_prefix
_user_and_host $last_cmd_status
_cur_work_dir
_maybe_git_summary
_maybe_aws_profile
_last_cmd_duration
_maybe_jobs_summary
_user_prompt
end
function fish_mode_prompt; end
function fish_right_prompt; end
# key bindings
fish_vi_key_bindings
set --universal fish_cursor_default block
set --universal fish_cursor_insert line
set --universal fish_cursor_block block
fish_vi_cursor
set --universal fish_vi_force_cursor 1
bind --mode insert --sets-mode default jk repaint
bind --mode insert --sets-mode default jK repaint
bind --mode insert --sets-mode default Jk repaint
bind --mode insert --sets-mode default JK repaint
bind --mode insert --sets-mode default jj repaint
bind --mode insert --sets-mode default jJ repaint
bind --mode insert --sets-mode default Jj repaint
bind --mode insert --sets-mode default JJ repaint
bind -M insert \cg skim-cd-widget
bind -M insert \cp up-or-search
bind -M insert \cn down-or-search
bind -M insert \ce end-of-line
bind -M insert \ca beginning-of-line
bind -M insert \cv edit_command_buffer
bind -M default \cv edit_command_buffer
'';
loginShellInit = ''
'';
shellAbbrs = { };
shellAliases = {
l = "br";
ls = "exa --group-directories-first --classify";
la = "exa -la --group-directories-first --classify";
lA = "exa -la --all --group-directories-first --classify";
tree = "exa --tree --level=3";
lt = "exa -l --sort=modified";
lat = "exa -la --sort=modified";
lc = "lt --sort=accessed";
lT = "lt --reverse";
lC = "lc --reverse";
lD = "la --only-dirs";
"cd.." = "d ..";
"cdd" = "d $DOTFILES_PATH";
"cde" = "d $XDG_CONFIG_HOME/lytedev-env";
"cdc" = "d $XDG_CONFIG_HOME";
"cdn" = "d $NOTES_PATH";
"cdl" = "d $XDG_DOWNLOAD_DIR";
"cdg" = "d $XDG_GAMES_DIR";
".." = "d ..";
"..." = "d ../..";
"...." = "d ../../..";
"....." = "d ../../../..";
"......" = "d ../../../../..";
"......." = "d ../../../../../..";
"........" = "d ../../../../../../..";
"........." = "d ../../../../../../../..";
cat = "bat";
dc = "docker compose";
k = "kubectl";
kg = "kubectl get";
v = "$EDITOR";
sv = "sudo $EDITOR";
kssh = "kitty +kitten ssh";
};
};
programs.exa.enable = true;
programs.skim = {
enable = true;
enableFishIntegration = true;
};
programs.nix-index = {
enable = true;
enableFishIntegration = true;
};
home.pointerCursor = {
name = "Catppuccin-Mocha-Sapphire-Cursors";
package = pkgs.catppuccin-cursors.mochaSapphire;
size = 64; # TODO: this doesn't seem to work -- at least in Sway
};
programs.firefox = {
enable = true;
package = (pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.passff-host ]; });
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [
# ublock-origin
# ]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe?
profiles = {
daniel = {
id = 0;
settings = {
"general.smoothScroll" = true;
};
extraConfig = ''
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
// user_pref("full-screen-api.ignore-widgets", true);
user_pref("media.ffmpeg.vaapi.enabled", true);
user_pref("media.rdd-vpx.enabled", true);
'';
userChrome = ''
/* Remove close button */
.titlebar-buttonbox-container{ display:none }
#webrtcIndicator {
display: none;
}
#main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar>.toolbar-items {
opacity: 0;
pointer-events: none;
}
#main-window:not([tabsintitlebar="true"]) #TabsToolbar {
visibility: collapse !important;
}
'';
# userContent = ''
# '';
};
};
};
# wayland.windowManager.sway = {
# enable = true;
# }; # TODO: would be nice to have my sway config declared here instead of symlinked in by dotfiles scripts?
# maybe we can share somehow so things for nix-y systems and non-nix-y systems alike
}

306
os/linux/nix/flake.lock
View file

@ -1,306 +0,0 @@
{
"nodes": {
"api-lyte-dev": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1690574004,
"narHash": "sha256-1bF8WGiYe9AwhVaRN2VcyIPmQsnxRL5BPQC1hAe3K64=",
"ref": "refs/heads/master",
"rev": "02bf4481bc8d057a7ef4ae01467f8bd574ccb1c1",
"revCount": 71,
"type": "git",
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
},
"original": {
"type": "git",
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
}
},
"crane": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"helix",
"flake-utils"
],
"nixpkgs": [
"helix",
"nixpkgs"
],
"rust-overlay": [
"helix",
"rust-overlay"
]
},
"locked": {
"lastModified": 1688772518,
"narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=",
"owner": "ipetkov",
"repo": "crane",
"rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1692199161,
"narHash": "sha256-GqKApvQ1JCf5DzH/Q+P4nwuHb6MaQGaWTu41lYzveF4=",
"owner": "nix-community",
"repo": "disko",
"rev": "4eed2457b053c4bbad7d90d2b3a1d539c2c9009c",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"helix": {
"inputs": {
"crane": "crane",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1692817399,
"narHash": "sha256-gbLru0aup6iI0JnDGMQd1jsb8H6IJUNr/Xln3/ouAZc=",
"owner": "helix-editor",
"repo": "helix",
"rev": "c9694f680f97823ac9b893239a78bf45bfee0403",
"type": "github"
},
"original": {
"owner": "helix-editor",
"repo": "helix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1692099905,
"narHash": "sha256-/pSusGhmIdSdAaywQRFA5dVbfdIzlWQTecM+E46+cJ0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1690026219,
"narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1692492726,
"narHash": "sha256-rld5qm2B4oRkDwcPD+yOSyTrZQdfCR6mzJGGkecjvTs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e63e8bbc46bc4fc22254da1edaf42fc7549c18a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1692794066,
"narHash": "sha256-H0aG8r16dj0x/Wz6wQhQxc9V7AsObOiHPaKxQgH6Y08=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fc944919f743bb22379dddf18dcb72db6cff84aa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"api-lyte-dev": "api-lyte-dev",
"disko": "disko",
"helix": "helix",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"helix",
"flake-utils"
],
"nixpkgs": [
"helix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1690424156,
"narHash": "sha256-Bpml+L280tHTQpwpC5/BJbU4HSvEzMvW8IZ4gAXimhE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "f335a0213504c7e6481c359dc1009be9cf34432c",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1692728678,
"narHash": "sha256-02MjG7Sb9k7eOi86CcC4GNWVOjT6gjmXFSqkRjZ8Xyk=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "1b7b3a32d65dbcd69c217d7735fdf0a6b2184f45",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

145
os/linux/nix/flake.nix
View file

@ -1,145 +0,0 @@
# Welcome to my nix config! I'm just getting started with flakes, so please
# forgive the mess.
# TODO: declarative disks with https://github.com/nix-community/disko
# TODO: home-manager?
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
# TODO: this could be a release tarball? fully recompiling this on every change suuuucks
api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko/master"; # NOTE: lock update!
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
helix = {
url = "github:helix-editor/helix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs: {
diskoConfigurations = {
encryptedUefiBtrfs = import ./machines/thinker-disks.nix;
normalUefiBtrfs = import ./machines/musicbox-disks.nix;
};
homeConfigurations =
let
system = "x86_64-linux";
pkgs = inputs.nixpkgs.legacyPackages.${system};
in
{
daniel = inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [
(import
./daniel.nix
pkgs)
];
};
};
nixosConfigurations = {
beefcake = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules =
[
./machines/beefcake.nix
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
inputs.api-lyte-dev.nixosModules.x86_64-linux.api-lyte-dev
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
musicbox = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules =
[
inputs.disko.nixosModules.disko
./machines/musicbox-disks.nix
{ _module.args.disks = [ "/dev/sda" ]; }
./machines/musicbox.nix
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
thinker = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
inputs.disko.nixosModules.disko
./machines/thinker-disks.nix
{ _module.args.disks = [ "/dev/nvme0n1" ]; }
./machines/thinker.nix
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
};
colmena = {
meta = {
nixpkgs = import inputs.nixpkgs {
system = "x86_64-linux";
};
};
musicbot = inputs.nixpkgs.lib.nixosSystem {
deployment = {
targetHost = "musicbox";
targetPort = 1234;
targetUser = "nixos";
};
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules =
[
inputs.disko.nixosModules.disko
./machines/musicbox-disks.nix
{ _module.args.disks = [ "/dev/sda" ]; }
./machines/musicbox.nix
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
};
};
}

57
os/linux/nix/machines/beefcake-hardware.nix
View file

@ -1,57 +0,0 @@
# Do not modify this file! It was generated by 'nixos-generate-config'
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "megaraid_sas" "usbhid" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/0747dcba-f590-42e6-89c8-6cb2f9114d64";
fsType = "ext4";
options = [
"usrquota"
];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/7E3C-9018";
fsType = "vfat";
};
fileSystems."/storage" =
{
device = "/dev/disk/by-uuid/ea8258d7-54d1-430e-93b3-e15d33231063";
fsType = "btrfs";
options = [
"compress=zstd:5"
"space_cache=v2"
];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
# networking.interfaces.enp68s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp68s0f1.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

606
os/linux/nix/machines/beefcake.nix
View file

@ -1,606 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running 'nixos-help').
{ config, pkgs, inputs, ... }: rec {
nix.settings.experimental-features = [ "nix-command" "flakes" ];
imports = [
./beefcake-hardware.nix
];
services.api-lyte-dev = rec {
enable = true;
port = 5757;
stateDir = "/var/lib/api-lyte-dev";
configFile = sops.secrets."api.lyte.dev".path;
user = "api-lyte-dev";
group = user;
};
systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";
sops = {
defaultSopsFile = ../secrets/beefcake/secrets.yml;
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets = {
# example-key = {
# # see these and other options' documentation here:
# # https://github.com/Mic92/sops-nix#set-secret-permissionowner-and-allow-services-to-access-it
# # set permissions:
# # mode = "0440";
# # owner = config.users.users.nobody.name;
# # group = config.users.users.nobody.group;
# # restart service when a secret changes or is newly initialized
# # restartUnits = [ "home-assistant.service" ];
# # symlink to certain directories
# path = "/var/lib/my-example-key/secrets.yaml";
# # for use as a user password
# # neededForUsers = true;
# };
# subdirectory
# "myservice/my_subdir/my_secret" = { };
"api.lyte.dev" = {
path = "${services.api-lyte-dev.stateDir}/secrets.json";
# TODO: would be cool to assert that it's correctly-formatted JSON?
mode = "0440";
owner = services.api-lyte-dev.user;
group = services.api-lyte-dev.group;
};
plausible-admin-password = { };
plausible-erlang-cookie = { };
plausible-secret-key-base = { };
};
};
# TODO: non-root processes and services that access secrets need to be part of
# the 'keys' group
# systemd.services.some-service = {
# serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];
# };
# or
# users.users.example-user.extraGroups = [ config.users.groups.keys.name ];
# TODO: directory attributes for /storage subdirectories?
# example: user daniel should be able to write to /storage/files.lyte.dev and
# caddy should be able to serve it
# TODO: declarative directory quotas? for storage/$USER and /home/$USER
# TODO: would be nice to get ALL the storage stuff declared in here
# should I be using btrfs subvolumes? can I capture file ownership, perimssions, and ACLs?
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
systemd.tmpfiles.rules = [
"d /var/spool/samba 1777 root root -"
];
networking.hostName = "beefcake";
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
users.groups.daniel.members = [ "daniel" ];
users.groups.nixadmin.members = [ "daniel" ];
users.users.daniel = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
group = "daniel";
extraGroups = [
"nixadmin" # write access to /etc/nixos/ files
"wheel" # sudo access
"caddy" # write access to /storage/files.lyte.dev
"users" # general users group
"jellyfin" # write access to /storage/jellyfin
];
# packages = with pkgs; [];
};
users.users.lytedev = {
# for running my services and applications and stuff
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
group = "lytedev";
extraGroups = [
];
};
users.users.ben = {
isNormalUser = true;
packages = with pkgs; [
vim
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUfLZ+IX85p9355Po2zP1H2tAxiE0rE6IYb8Sf+eF9T ben@benhany.com"
];
};
users.users.alan = {
isNormalUser = true;
packages = with pkgs; [
vim
];
openssh.authorizedKeys.keys = [
""
];
};
users.users.restic = {
# used for other machines to backup to
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
};
users.users.guest = {
isSystemUser = true;
group = "user";
createHome = true;
};
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
environment.variables = {
EDITOR = "hx";
};
# TODO: right now, I use a flake for helix that gets the latest since my config uses newer features
# would be nice to get that declared here
# I think this was done with `nix profile install github:helix-editor/helix --priority 0`?
# search for packages: `nix search $PACKAGE_NAME`
environment.systemPackages = with pkgs; [
inputs.helix.packages."x86_64-linux".helix
zellij
mosh
btrfs-progs
iperf3
pv
linuxquota
traceroute
hexyl
restic
speedtest-cli
fish
restic
nil
nixpkgs-fmt
fd
ripgrep
exa
skim
git
wget
tmux
sqlite
];
services.xserver.layout = "us";
# TODO: make the client declarative? right now I think it's manually git
# clone'd to /root
systemd.services.deno-netlify-ddns-client = {
serviceConfig.Type = "oneshot";
path = with pkgs; [ curl bash ];
environment = {
NETLIFY_DDNS_RC_FILE = "/root/deno-netlify-ddns-client/.env";
};
script = ''
bash /root/deno-netlify-ddns-client/netlify-ddns-client.sh
'';
};
systemd.timers.deno-netlify-ddns-client = {
wantedBy = [ "timers.target" ];
partOf = [ "deno-netlify-ddns-client.service" ];
timerConfig = {
OnBootSec = "10sec";
OnUnitActiveSec = "5min";
Unit = "deno-netlify-ddns-client.service";
};
};
services.smartd.enable = true;
services.caddy = {
enable = true;
adapter = "caddyfile";
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
configFile = pkgs.writeText "Caddyfile" ''
video.lyte.dev {
reverse_proxy :8096
}
bw.lyte.dev {
reverse_proxy :8222
}
api.lyte.dev {
reverse_proxy :5757
}
a.lyte.dev {
reverse_proxy :8899
}
git.lyte.dev {
reverse_proxy :3088
}
files.lyte.dev {
file_server browse {
root /storage/files.lyte.dev
}
}
# proxy everything else to chromebox
:80 {
reverse_proxy 10.0.0.5:80
}
:443 {
reverse_proxy 10.0.0.5:443
}
'';
};
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://bw.lyte.dev";
SIGNUPS_ALLOWED = "false";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
};
};
services.gitea = {
enable = true;
appName = "git.lyte.dev";
stateDir = "/storage/gitea";
settings = {
server = {
ROOT_URL = "https://git.lyte.dev";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3088;
DOMAIN = "git.lyte.dev";
};
service = {
DISABLE_REGISTRATION = true;
};
session = {
COOKIE_SECURE = true;
};
log = {
# TODO: raise the log level
LEVEL = "Debug";
};
ui = {
THEMES = "catppuccin-mocha-sapphire,gitea,arc-green,auto,pitchblack";
DEFAULT_THEME = "catppuccin-mocha-sapphire";
};
};
lfs = {
enable = true;
};
dump = {
enable = true;
};
database = {
# TODO: move to postgres?
type = "sqlite3";
};
};
# TODO: ensure we're not doing the same dumb thing we were doing on the old host and eating storage
services.clickhouse.enable = true;
services.plausible = {
enable = true;
releaseCookiePath = config.sops.secrets.plausible-erlang-cookie.path;
database = {
clickhouse.setup = true;
postgres = {
setup = false;
dbname = "plausible";
};
};
server = {
baseUrl = "http://beefcake.hare-cod.ts.net:8899";
disableRegistration = true;
port = 8899;
secretKeybaseFile = config.sops.secrets.plausible-secret-key-base.path;
};
adminUser = {
activate = false;
email = "daniel@lyte.dev";
passwordFile = config.sops.secrets.plausible-admin-password.path;
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "daniel" "plausible" ];
ensureUsers = [
{
name = "daniel";
ensurePermissions = {
"DATABASE daniel" = "ALL PRIVILEGES";
};
}
{
name = "plausible";
ensurePermissions = {
"DATABASE plausible" = "ALL PRIVILEGES";
};
}
];
dataDir = "/storage/postgres";
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all postgres peer map=superuser_map
local all daniel peer map=superuser_map
local sameuser all peer map=superuser_map
local plausible plausible peer map=superuser_map
# lan ipv4
host all all 10.0.0.0/24 trust
# tailnet ipv4
host all all 100.64.0.0/10 trust
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
superuser_map daniel postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
};
services.postgresqlBackup = {
enable = true;
backupAll = true;
compression = "none"; # hoping for deduplication here?
location = "/storage/postgres-backups";
startAt = "*-*-* 03:00:00";
};
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
services.jellyfin = {
enable = true;
openFirewall = true;
# uses port 8096 by default, configurable from admin UI
};
# NOTE: this server's xeon chips DO NOT seem to support quicksync or graphics in general
# but I can probably throw in a crappy GPU (or a big, cheap ebay GPU for ML
# stuff, too?) and get good transcoding performance
# jellyfin hardware encoding
# hardware.opengl = {
# enable = true;
# extraPackages = with pkgs; [
# intel-media-driver
# vaapiIntel
# vaapiVdpau
# libvdpau-va-gl
# intel-compute-runtime
# ];
# };
# nixpkgs.config.packageOverrides = pkgs: {
# vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
# };
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
listenAddresses = [
{ addr = "0.0.0.0"; port = 64022; }
{ addr = "0.0.0.0"; port = 22; }
];
};
services.samba-wsdd.enable = true;
services.samba = {
enable = true;
openFirewall = true;
securityType = "user";
package = pkgs.sambaFull;
extraConfig = ''
workgroup = WORKGROUP
server string = beefcake
netbios name = beefcake
security = user
#use sendfile = yes
#max protocol = smb2
# note: localhost is the ipv6 localhost ::1
hosts allow = 10. 192.168.0. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
load printers = yes
printing = cups
printcap name = cups
'';
shares = {
libre = {
path = "/storage/libre";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0666";
"directory mask" = "0777";
"force user" = "nobody";
"force group" = "users";
};
public = {
path = "/storage/public";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0664";
"directory mask" = "0775";
"force user" = "nobody";
"force group" = "users";
};
family = {
path = "/storage/family";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0664";
"directory mask" = "0775";
"force user" = "nobody";
"force group" = "family";
};
daniel = {
path = "/storage/daniel";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0640";
"directory mask" = "0750";
"force user" = "daniel";
"force group" = "users";
};
printers = {
comment = "All Printers";
path = "/var/spool/samba";
public = "yes";
browseable = "yes";
# to allow user 'guest account' to print.
"guest ok" = "yes";
writable = "no";
printable = "yes";
"create mode" = 0700;
};
};
};
# paths:
# TODO: move previous backups over and put here
# clickhouse and plausible analytics once they're up and running?
services.restic.backups = rec {
local = {
initialize = true;
passwordFile = "/root/restic-localbackup-password";
paths = [
"/storage/files.lyte.dev"
"/storage/daniel"
"/storage/gitea" # TODO: should maybe use configuration.nix's services.gitea.dump ?
"/var/lib/bitwarden_rs" # does this need any sqlite preprocessing?
# https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
# specifically, https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#sqlite-database-files
"/storage/postgres-backups"
];
exclude = [ ];
repository = "/storage/backups/local";
};
rascal = {
initialize = true;
extraOptions = [
"sftp.command='ssh beefcake@rascal -i /root/.ssh/id_ed25519 -s sftp'"
];
passwordFile = local.passwordFile;
paths = local.paths;
repository = "sftp://beefcake@rascal://storage/backups/beefcake";
timerConfig = {
OnCalendar = "04:45";
};
};
# TODO: add ruby?
benland = {
initialize = true;
extraOptions = [
"sftp.command='ssh daniel@n.benhaney.com -p 10022 -i /root/.ssh/id_ed25519 -s sftp'"
];
passwordFile = local.passwordFile;
paths = local.paths;
repository = "sftp://daniel@n.benhaney.com://storage/backups/beefcake";
timerConfig = {
OnCalendar = "04:45";
};
};
};
# TODO: https://nixos.wiki/wiki/Binary_Cache
networking.firewall.allowedTCPPorts = [
80 # http (caddy)
443 # https (caddy)
# 5357 # ???
22 # ssh
64022 # ssh (for ben?)
];
networking.firewall.allowedUDPPorts = [
# 53 # DNS
# 3702 # ???
64020 # mosh (for ben?)
];
networking.firewall.allowedUDPPortRanges = [
{
# mosh
from = 60000;
to = 60010;
}
];
networking.firewall = {
enable = true;
allowPing = true;
};
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# TODO: should I upgrade this?
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

52
os/linux/nix/machines/musicbox-disks.nix
View file

@ -1,52 +0,0 @@
{ disks ? [ "/dev/vda" ], ... }: {
disko.devices = {
disk = {
# TODO: would be nice to give this a good name?
primary = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
};
};
};
};
};
};
}

246
os/linux/nix/machines/musicbox.nix
View file

@ -1,246 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ pkgs, inputs, ... }:
let
# this is unused because it's referenced by my sway config
dbus-sway-environment = pkgs.writeTextFile {
name = "dbus-sway-environment";
destination = "/bin/dbus-sway-environment";
executable = true;
text = ''
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
systemctl --user stop wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
systemctl --user start wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
'';
};
# this is unused because it's referenced by my sway config
configure-gtk = pkgs.writeTextFile {
name = "configure-gtk";
destination = "/bin/configure-gtk";
executable = true;
text =
let
schema = pkgs.gsettings-desktop-schemas;
datadir = "${schema}/share/gsettings-schemas/${schema.name}";
in
''
export XDG_DATA_DIRS="${datadir}:$XDG_DATA_DIRS
gnome_schema = org.gnome.desktop.interface
gsettings set $gnome_schema gtk-theme 'Catppuccin-Mocha'
'';
};
in
{
# TODO: fonts? right now, I'm just installing to ~/.local/share/fonts
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot.loader.grub.devices = [ "/dev/sda" ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
nixpkgs.config = {
allowUnfree = true;
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
};
hardware.bluetooth.enable = true;
hardware.opengl = {
enable = true;
driSupport32Bit = true;
driSupport = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
};
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
networking.hostName = "musicbox";
networking.networkmanager.enable = true;
security.polkit.enable = true;
security.rtkit.enable = true;
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
services.pipewire = {
enable = true;
wireplumber.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
services.xserver.layout = "us";
services.xserver.xkbOptions = "ctrl:nocaps";
hardware.pulseaudio.support32Bit = true;
users.users.daniel = {
isNormalUser = true;
home = "/home/daniel/.home";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
extraGroups = [ "wheel" "video" ];
packages = [ ];
};
services.dbus.enable = true;
environment.systemPackages = with pkgs; [
age
bat
bind
bottom
brightnessctl
clang
curl
delta
dog
dtach
dua
exa
fd
feh
file
fwupd
gcc
gimp
git
git-lfs
grim
inputs.helix.packages."x86_64-linux".helix
hexyl
htop
inkscape
inotify-tools
iputils
killall
kitty
krita
libinput
libinput-gestures
libnotify
lutris
gnumake
mako
mosh
nmap
nnn
nil
nixpkgs-fmt
noto-fonts
openssl
pamixer
pavucontrol
pciutils
pgcli
playerctl
podman-compose
pulseaudio
pulsemixer
rclone
restic
ripgrep
rsync
sd
slurp
sops
steam
swaybg
swayidle
swaylock
tmux
traceroute
unzip
vlc
vulkan-tools
watchexec
waybar
wget
wireplumber
wine
wl-clipboard
wofi
xh
zathura
zellij
zstd
];
services.pcscd.enable = true;
services.flatpak.enable = true;
services.gnome.gnome-keyring.enable = true;
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "gnome3";
enableSSHSupport = true;
};
programs.thunar.enable = true;
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
environment.variables = {
EDITOR = "hx";
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
listenAddresses = [
{ addr = "0.0.0.0"; port = 22; }
];
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
};
system.stateVersion = "23.05";
}

60
os/linux/nix/machines/thinker-disks.nix
View file

@ -1,60 +0,0 @@
{ disks ? [ "/dev/vda" ], ... }: {
disko.devices = {
disk = {
vdb = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
extraOpenArgs = [ "--allow-discards" ];
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
keyFile = "/tmp/secret.key"; # Interactive
# settings.keyFile = "/tmp/password.key";
# additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
};
};
};
};
};
};
};
}

27
os/linux/nix/machines/thinker-hardware.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

355
os/linux/nix/machines/thinker.nix
View file

@ -1,355 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ pkgs, inputs, ... }:
let
# this is unused because it's referenced by my sway config
dbus-sway-environment = pkgs.writeTextFile {
name = "dbus-sway-environment";
destination = "/bin/dbus-sway-environment";
executable = true;
text = ''
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
systemctl --user stop wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
systemctl --user start wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
'';
};
# this is unused because it's referenced by my sway config
configure-gtk = pkgs.writeTextFile {
name = "configure-gtk";
destination = "/bin/configure-gtk";
executable = true;
text =
let
schema = pkgs.gsettings-desktop-schemas;
datadir = "${schema}/share/gsettings-schemas/${schema.name}";
in
''
export XDG_DATA_DIRS="${datadir}:$XDG_DATA_DIRS
gnome_schema = org.gnome.desktop.interface
gsettings set $gnome_schema gtk-theme 'Catppuccin-Mocha'
'';
};
in
{
imports =
[
# Include the results of the hardware scan.
./thinker-hardware.nix
];
# TODO: hibernation? I've been using [deep] in /sys/power/mem_sleep alright
# with this machine so it may not be necessary?
# need to measure percentage lost per day, but I think it's around 10%/day
# TODO: fonts? right now, I'm just installing to ~/.local/share/fonts
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
nixpkgs.config = {
allowUnfree = true;
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
};
hardware.bluetooth.enable = true;
hardware.opengl = {
enable = true;
driSupport32Bit = true;
driSupport = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
};
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
networking.hostName = "thinker"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true;
security.polkit.enable = true;
security.rtkit.enable = true;
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
services.pipewire = {
enable = true;
wireplumber.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# pulse.support32Bit = true;
jack.enable = true;
};
# Set your time zone.
time.timeZone = "America/Chicago";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
services.xserver.layout = "us";
services.xserver.xkbOptions = "ctrl:nocaps";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.support32Bit = true;
hardware.pulseaudio.support32Bit = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.daniel = {
isNormalUser = true;
home = "/home/daniel/.home";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
extraGroups = [ "wheel" "video" ];
packages = [ ];
};
services.dbus.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
age
bat
bind
bottom
brightnessctl
clang
curl
delta
dog
dtach
dua
exa
fd
feh
file
fwupd
gcc
gimp
git
git-lfs
grim
inputs.helix.packages."x86_64-linux".helix
hexyl
htop
inkscape
inotify-tools
iputils
killall
kitty
krita
libinput
libinput-gestures
libnotify
lutris
gnumake
mako
mosh
nmap
nnn
nil
nixpkgs-fmt
noto-fonts
openssl
pamixer
pavucontrol
pciutils
pgcli
playerctl
podman-compose
pulseaudio
pulsemixer
rclone
restic
ripgrep
rsync
sd
slurp
sops
steam
swaybg
swayidle
swaylock
tmux
traceroute
unzip
vlc
vulkan-tools
watchexec
waybar
wget
wireplumber
wine
wl-clipboard
wofi
xh
zathura
zellij
zstd
];
services.pcscd.enable = true;
services.flatpak.enable = true;
services.gnome.gnome-keyring.enable = true;
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "gnome3";
enableSSHSupport = true;
};
programs.thunar.enable = true;
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
environment.variables = {
EDITOR = "hx";
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
listenAddresses = [
{ addr = "0.0.0.0"; port = 22; }
];
};
services.postgresql = {
enable = true;
ensureDatabases = [ "daniel" ];
ensureUsers = [
{
name = "daniel";
ensurePermissions = {
"DATABASE daniel" = "ALL PRIVILEGES";
};
}
];
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all postgres peer map=superuser_map
local all daniel peer map=superuser_map
local sameuser all peer map=superuser_map
# lan ipv4
host all all 10.0.0.0/24 trust
host all all 127.0.0.1/32 trust
# tailnet ipv4
host all all 100.64.0.0/10 trust
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
superuser_map daniel postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
};
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = {
backend = "podman";
};
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

45
os/linux/nix/machines/third.nix
View file

@ -1,45 +0,0 @@
{ config, pkgs, ... }: {
imports = [
../profiles/laptop.nix
../modules/systemd-boot-efi.nix
../modules/intel.nix
../modules/docker.nix
../modules/network-manager.nix
../modules/bluetooth.nix
../modules/pulseaudio.nix
../modules/de/sway.nix
../modules/de/gnome.nix
../modules/users/daniel.nix
../modules/users/valerie.nix
];
networking = {
hostName = "third.lyte.dev";
firewall.enable = false;
networkmanager.wifi.powersave = true;
};
services.fwupd = {
enable = true;
};
console.useXkbConfig = true;
services.xserver.xkbOptions = "ctrl:nocaps";
# TODO: setup caps-lock as Control/Escape?
# console.font = "TER16x32";
swapDevices = [ { device = "/swapfile"; size = (1024*16); } ];
boot = {
# fallocate -l 16G /swapfile
resumeDevice = "/dev/disk/by-uuid/d1d92974-c0c0-4566-8131-c3dda9b21122";
# sudo filefrag -v /swapfile | head -n 4 | tail -n 1 | \
# tr -s "[:blank:]" | field 5 | tr -d ":"
kernelParams = [ "resume_offset=874496" ];
};
# services.upower = {
# enable = true;
# criticalPowerAction = "Hibernate";
# };
}

37
os/linux/nix/machines/wallwart.nix
View file

@ -1,37 +0,0 @@
{ config, pkgs, ... }: {
imports = [
../profiles/desktop.nix
../modules/systemd-boot-efi.nix
../modules/amd.nix
../modules/amd-gpu.nix
../modules/docker.nix
../modules/network-manager.nix
../modules/bluetooth.nix
../modules/pulseaudio.nix
../modules/de/sway.nix
../modules/users/daniel.nix
../modules/users/valerie.nix
];
networking = {
hostName = "wallwart.lyte.dev";
firewall.enable = false;
};
environment = {
systemPackages = with pkgs; [ ntfs3g ];
};
fileSystems."/storage/ext".options = [ "defaults" "user" "nofail" ];
fileSystems."/storage/butter".options = [ "defaults" "auto" "nofail" ];
fileSystems."/storage/windows" = {
device = "/dev/disk/by-uuid/AE624593624560E7";
fsType = "ntfs";
options = [ "defaults" "auto" "nofail" ];
};
fileSystems."/storage/shared" = {
device = "/dev/disk/by-uuid/26F6144A6B518523";
fsType = "ntfs";
options = [ "defaults" "auto" "nofail" ];
};
}

3
os/linux/nix/modules/amd-gpu.nix
View file

@ -1,3 +0,0 @@
{ config, pkgs, ... }: {
services.xserver.videoDrivers = [ "amdgpu" ];
}

5
os/linux/nix/modules/amd.nix
View file

@ -1,5 +0,0 @@
{ config, pkgs, ... }: {
hardware = {
cpu.amd.updateMicrocode = true;
};
}

3
os/linux/nix/modules/bash.nix
View file

@ -1,3 +0,0 @@
{ config, pkgs, ... }: {
environment.systemPackages = [ pkgs.bash ];
}

3
os/linux/nix/modules/bluetooth.nix
View file

@ -1,3 +0,0 @@
{ config, pkgs, ... }: {
hardware.bluetooth.enable = true;
}

27
os/linux/nix/modules/de/gnome.nix
View file

@ -1,27 +0,0 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in {
imports = [ ./graphics.nix ];
programs = {
};
services = {
pipewire.enable = true;
xserver = {
desktopManager.gnome3.enable = true;
libinput = {
enable = true;
tapping = true;
naturalScrolling = true;
disableWhileTyping = false;
};
};
gnome3 = {
gnome-keyring.enable = true;
sushi.enable = true;
};
};
systemd.packages = with pkgs.gnome3; [ gnome-session gnome-shell];
environment.systemPackages = with pkgs.gnome3; [ adwaita-icon-theme ];
}

21
os/linux/nix/modules/de/graphics.nix
View file

@ -1,21 +0,0 @@
{ config, pkgs, ... }: {
imports = [ ../gdm.nix ];
fonts.fonts = with pkgs; [ iosevka ];
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
environment = {
systemPackages = with pkgs; [
glxinfo
firefox-devedition-bin
pavucontrol
brightnessctl
];
};
qt5 = {
platformTheme = "gtk2";
style = "gtk2";
};
}

62
os/linux/nix/modules/de/sway.nix
View file

@ -1,62 +0,0 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in {
imports = [ ./graphics.nix ];
fonts.fonts = with pkgs; [
noto-fonts-emoji font-awesome
];
programs = {
sway = {
enable = true;
extraPackages = with pkgs; [
unstable.pipewire
swaylock
swayidle
unstable.mako unstable.libnotify
waybar
wl-clipboard
slurp
grim
unstable.font-awesome
unstable.xwayland
unstable.kanshi
unstable.gammastep
];
# TODO: this should come from the user's homedir maybe through dotfiles
# somehow? home-manager?
extraSessionCommands = ''
systemctl --user import-environment
export TERMINAL=kitty
export BROWSER=firefox-devedition
export WLC_REPEAT_DELAY=200
export WLC_REPEAT_RATE=60
export CLUTTER_BACKEND=wayland
# export SDL_VIDEODRIVER=wayland
export MOZ_ENABLE_WAYLAND=1
export XDG_SESSION_TYPE=wayland
export XDG_CURRENT_DESKTOP=sway
'';
};
};
services = {
pipewire.enable = true;
xserver = {
libinput = {
enable = true;
tapping = true;
naturalScrolling = true;
disableWhileTyping = false;
};
};
};
xdg.portal = {
enable = true;
gtkUsePortal = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
unstable.xdg-desktop-portal-wlr
];
};
}

7
os/linux/nix/modules/docker.nix
View file

@ -1,7 +0,0 @@
{ config, pkgs, ... }: {
virtualisation.docker = {
enable = true;
enableOnBoot = false;
};
environment.systemPackages = [ pkgs.docker-compose ];
}

11
os/linux/nix/modules/fish.nix
View file

@ -1,11 +0,0 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in {
programs.fish = {
enable = true;
};
environment.systemPackages = [ unstable.fish ];
}

12
os/linux/nix/modules/gdm.nix
View file

@ -1,12 +0,0 @@
{ config, pkgs, ... }: {
# services.xserver.displayManager.defaultSession
services.xserver = {
enable = true;
displayManager = {
gdm = {
enable = true;
wayland = true;
};
};
};
}

19
os/linux/nix/modules/intel.nix
View file

@ -1,19 +0,0 @@
{ config, pkgs, ... }: {
services.xserver.videoDrivers = [ "intel" ];
nixpkgs.config = {
allowUnfree = true;
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
};
hardware = {
cpu.intel.updateMicrocode = true;
opengl = {
extraPackages = with pkgs; [
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
};
};
}

25
os/linux/nix/modules/lightdm.nix
View file

@ -1,25 +0,0 @@
{ config, pkgs, ... }: {
# services.xserver.displayManager.defaultSession
services.xserver = {
enable = true;
displayManager.lightdm = {
enable = true;
greeter = {
enable = true;
};
greeters.gtk = {
enable = true;
theme = {
package = pkgs.arc-theme;
name = "Arc-Dark";
};
clock-format = "%H:%M:%S";
extraConfig = ''
font-name=IosevkaLyteTerm Nerd Font Complete
'';
};
# background = "";
};
};
environment.systemPackages = with pkgs; [ lightdm lightdm_gtk_greeter ];
}

22
os/linux/nix/modules/neovim.nix
View file

@ -1,22 +0,0 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
aliases = { vim = "nvim"; vi = "nvim"; };
in
{
environment = {
systemPackages = [ unstable.neovim ];
variables = {
EDITOR = "nvim";
PAGER = "nvim";
VISUAL = "nvim";
# we have to escape these doublequotes so that they work when NixOS
# injects them into the shell
MANPAGER = ''env MANWIDTH=\"\" nvim --cmd \"let g:prosession_on_startup=0\" +Man!'';
MANWIDTH = "80";
};
shellAliases = aliases;
};
programs.bash.shellAliases = aliases;
programs.fish.shellAliases = aliases;
}

4
os/linux/nix/modules/network-manager.nix
View file

@ -1,4 +0,0 @@
{ config, pkgs, ... }: {
networking.networkmanager.enable = true;
environment.systemPackages = [ pkgs.networkmanager ];
}

9
os/linux/nix/modules/pulseaudio.nix
View file

@ -1,9 +0,0 @@
{ config, pkgs, ... }: {
hardware.pulseaudio = {
enable = true;
support32Bit = true;
package = pkgs.pulseaudioFull;
};
nixpkgs.config.pulseaudio = true;
sound.enable = true;
}

0
os/linux/nix/modules/ripcord.nix
View file

8
os/linux/nix/modules/systemd-boot-efi.nix
View file

@ -1,8 +0,0 @@
{ config, pkgs, ... }: {
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
}

7
os/linux/nix/modules/tmux.nix
View file

@ -1,7 +0,0 @@
{ config, pkgs, ... }: {
environment.systemPackages = [ pkgs.tmux ];
programs.tmux = {
enable = true;
};
}

61
os/linux/nix/modules/users/daniel.nix
View file

@ -1,61 +0,0 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in {
fonts.fonts = with pkgs; [
# helvetica # needed by zoom
];
users.users.daniel = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" ];
shell = pkgs.fish;
home = "/home/daniel/.home";
packages = with pkgs; [
fortune # fun sayings
steam # games
pulsemixer # audio
file # identify file types
kitty # terminal emulator
unstable.fzf # fuzzy finder
dmenu # TODO: currently only using this for dmenu_path in `bin/launch`
ranger # tui for file management
pass # the standard unix password manager
vulkan-tools # vkcube for making sure vulkan still works
rustup
clang
pavucontrol # gui pulseaudio manager
pamixer # tui pulseaudio manager
strongswan # work vpn
gnumake
elixir
postgresql # database
htop # almost as good as bottom (btm)
unzip # needed by a handful of other utilities
autoconf automake # autotools
weechat # irc
python39Full # python 3.9
jq # awk for json
xfce.thunar xfce.thunar-archive-plugin xfce.thunar-volman # gui file manager
mpd # music player daemon
ncmpcpp # ncurses music player client
vlc # video player
google-chrome # sometimes ya gotta screenshare
# TODO: work module?
google-cloud-sdk # gcloud
kubectl # kubernetes cli
awscli # aws cli
zoom-us # video conferencing
lastpass-cli
# TODO: move this one to just laptop?
brightnessctl # laptop screen brightness
# nix utils
nox # package querying and installation?
# yay is to pacman, nox is to nix-env
niv # dependency pinning?
lorri # project envrc - like asdf-vm?
];
};
}

7
os/linux/nix/modules/users/valerie.nix
View file

@ -1,7 +0,0 @@
{ config, pkgs, ... }: {
users.users.valerie = {
isNormalUser = true;
shell = pkgs.fish;
home = "/home/valerie";
};
}

1
os/linux/nix/pkgs/config.nix
View file

@ -1 +0,0 @@
{ allowUnfree = true; }

4
os/linux/nix/pkgs/home.nix
View file

@ -1,4 +0,0 @@
{ config, pkgs, ... }: {
programs.home-manager.enable = true;
home.stateVersion = "20.03";
}

65
os/linux/nix/profiles/base.nix
View file

@ -1,65 +0,0 @@
{ config, pkgs, ... }: {
imports = [
../modules/fish.nix
../modules/bash.nix
../modules/tmux.nix
../modules/neovim.nix
];
nixpkgs.config.allowUnfree = true;
i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "America/Chicago";
environment = {
systemPackages = with pkgs; [
less
wget curl
rsync
w3m
git
pciutils usbutils binutils
ripgrep sd fd
unzip
killall
];
};
programs = {
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
};
};
console = {
earlySetup = true;
colors = [
"111111"
"f92672"
"a6e22e"
"f4bf75"
"66d9ef"
"ae81ff"
"a1efe4"
"f8f8f2"
"75715e"
"f92672"
"a6e22e"
"f4bf75"
"66d9ef"
"ae81ff"
"a1efe4"
"f9f8f5"
];
};
}

3
os/linux/nix/profiles/desktop.nix
View file

@ -1,3 +0,0 @@
{ config, pkgs, ... }: {
imports = [ ./base.nix ];
}

3
os/linux/nix/profiles/laptop.nix
View file

@ -1,3 +0,0 @@
{ config, pkgs, ... }: {
imports = [ ./base.nix ];
}

27
os/linux/nix/readme.md
View file

@ -1,27 +0,0 @@
# zomg nixos
```bash
$ ssh -t beefcake 'cdd && pwd && g pl && cd os/linux/nix && sudo nixos-rebuild switch --flake .# && echo DONE'
```
Or for pushing:
```bash
# do once to setup
$ ssh -t beefcake 'cdd && git config receive.denyCurrentBranch updateInstead'
# probably regenerate and commit flake.lock from this directory
nix flake lock
# push and rebuild+switch
$ git push beefcake:~/.config/lytedev-dotfiles
$ ssh -t beefcake 'cd ~/.config/lytedev-dotfiles/os/linux/nix && sudo nixos-rebuild switch --flake .# && echo DONE'
```
# Ops stuff
- **TODO**: Look into https://github.com/zhaofengli/colmena
# Other To Dos
- **TODO**: check stuff during receive with a hook?

34
os/linux/nix/secrets/beefcake/example.yaml
View file

@ -1,34 +0,0 @@
example-key: ENC[AES256_GCM,data:LSGltrcgYatbjSQ2Zg==,iv:Yelgg+MOwAM6/TehmWicEy+lOZZWy+jxlC64MgzPs7s=,tag:zP67Db+Sah+nxi/DGpF9Ww==,type:str]
#ENC[AES256_GCM,data:TsYwHzmr1nE3uSS5Z2x+uQ==,iv:uo+VnHC4Zu87XUDUrxy9oaMZp1sbneSFD8ZpaMZ2cI8=,tag:ef8pAgMh2OxhjUYiAfLbwg==,type:comment]
myservice:
my_subdir:
my_secret: ENC[AES256_GCM,data:50qa/rMmv3lRZ4iiZG0Qs8jW1xfCIZvQq6C8O2dSMA==,iv:WUG//kJVKDJxvm6A4TcCNw46/UmXXvSrqXLJUiyuN7M=,tag:4sxiV9/T0r/IrGT0n/2u/w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdHRHclo3amJpU2ptbSts
ZGU4cit6TmZsWWNaUjdyZ1I1eXE4U3FtOEd3CmNGbnpiSlNON0tNTm83K2tuK0xS
eTFONThab1hIdG1jbkJVYTY1b2VsU0kKLS0tIEw3c2JvZ3RJR2RSZWRqa0lqc0VX
VlZHbFVMMjlucVNzeGNNQmNnbmNmTWcK524R2Ca+hX/80dr9ZDyoY10FnykHHpCv
GJyqsdDxCIqat52KPYUgLFggj8yubjBBeB9pAfgwHL2nG0wIVj/Dqg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSHRQd3g2WUtmRGlPQTlj
NkwxeXdRVHN0eC9XbTlGY0x6M2kyMXg1UkZ3Cm5EdXFiMHQyLzNtUjNPRk04UGQx
WkllcktrSUl4N3EwUmpzUDA0c2hSM00KLS0tIFZPS2l5UE9WN25Dczh0dlZneGcz
eWdYc2ZmZWdybHprQTZEc1BLY3ZodTgKPc9oMfrj3hLL0TwMGlhKS5t2nkZAmn8J
2FwSNj8iX9c7Pg7fDnc3QnagVKzZDSW7DlrNliaFf+ZVp78Ibk//xw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-27T18:44:05Z"
mac: ENC[AES256_GCM,data:ZbXvJdb+phJyZD/9HG/yT2bct4/zVPEK6RbFDlf2FnxesIIyFJmSDVUi1AXD91s1q7APIh+nekPJ2+26v9GtA3AO9NXeLKbE7ctrdVq0s3G3/vXsi0SUqt8RnZlLo1lXVNDLSMICfRKRSXVDDC/HTqLOvYe8zXUP4Irt5bTvJI0=,iv:dlZWeasCRMHKKoJ5nsAtYVtTi3Z4iP4LFf6LKDgYyW0=,tag:MIhjux10iPYB9ltJYWp36w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

43
os/linux/nix/secrets/beefcake/secrets.yml
View file

@ -1,43 +0,0 @@
hello: ENC[AES256_GCM,data:zFcid19gJKCNO6uThYyDzQ+KCxsBC/Fjma9AhyddOraK9siZtcpBWyPhnIkq9Q==,iv:1j1sEZcZS5+NUbIRHNE5L41lDMuLGAqWw9QJNOmtxuE=,tag:dDPq3rGesiA7khX/GPMVhQ==,type:str]
example_key: ENC[AES256_GCM,data:EyQzVVXEgm20i62hFA==,iv:Z/gQF3lUcg7Ox66yWgBhi9aJqkN9nwIhcprSbC+fbdI=,tag:enULK/yFVQjNpRk0u4RFAg==,type:str]
#ENC[AES256_GCM,data:S7g4kg1/4oztGaattpyo1Q==,iv:/JYp8w/ONJLIRXfiyhc7us4BZ+eg6UZeMWYHWSYXiGE=,tag:Ec02qXNPU+TsKf55cV/nlA==,type:comment]
example_array:
- ENC[AES256_GCM,data:ava5NqrxDX3u3Tr8vZQ=,iv:Q+c2aZx3buUKNUf8NeMxWsSsXtqk4PLbYM0PzVrgyKs=,tag:kVCv9FMQTkQwvGfH4t3HCg==,type:str]
- ENC[AES256_GCM,data:ZHOtZT1VPqGUmOG2t3g=,iv:NI/xo4/ws3VSR+Bc3D0ClPqqfKyTHTfyvb48xAPEBvs=,tag:2DddoLwa8i5CdVIxbA+HUA==,type:str]
example_number: ENC[AES256_GCM,data:AifVPuuPnEw2lQ==,iv:/L/vG2znNlM35u4ZGM31bweTeuXc0qH136tCVK/xOEs=,tag:h60Zz1zQaDZqEO8+I/vZYg==,type:float]
example_booleans:
- ENC[AES256_GCM,data:GD3U7Q==,iv:ahTK9d6m8lQkjd2sS9Yo6V3EyFWoyEbeQG6Uke4hF40=,tag:rykfnfaLz39V+SJbomu5Zw==,type:bool]
- ENC[AES256_GCM,data:hK/CtTQ=,iv:EFXdBumvMKdaXdd97vUBIMKIaw1rMfUt+/irkRZGc4Y=,tag:JofhZ5SS+jzRe6WJmP34Xg==,type:bool]
plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A==,iv:GU2ccj10TKQ0KW9b9X9AgYnvhS/wMVqYTyxr6Xt50Gk=,tag:ypQ0VtutVD8wgdfm40QZkw==,type:str]
plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str]
plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str]
api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOHpnQlJkTWlUNXlxNzVY
WkF4ci9hTzg3S0tJM2RZMGlIcC9nNlgrdjEwCjRvaDBpb1ZoOWNtNkE1NDVXQVJY
UGZyZ2FpalQyUlpSU056TFRpUXlBNTgKLS0tIFNCSWdiQ25yNDdsdUtlUGZLS0h1
N3Z4NWRvcXN2a2xKMjlRM2lPZEhhekEKtolJt3EAZXlqq6UKV43Z2EJW4hkfZMJ8
06Se+Eim/PS3H1gjRdZ9SV45ghRmLy2OSMKTJxN78HFcJeDpp5CQnA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTittdVRqRTRWSlBpRnpY
NmlIKzdoOFNxSnNoTFpwRVN3UGdJaHhRMldjCmRrRlo5V1luN0dabFBCWDhZaU9V
c05VeUxMQi9oM3czaDFFUEw3aHp4T1EKLS0tIHFqTVlXTnE5ZkoxRk9ESGo3MzAr
b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f
nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-28T21:11:56Z"
mac: ENC[AES256_GCM,data:V/Gdc3LEwlNlfSqUzQFHFmtJQVaQ5wGXZmzoBpwHzhyHQpEkezHBwhq4XTCuXH5XPpjmWvih/dAbOn9EBA6gvPSX1DB0j/JvHvK9b8+BpjlL4xtnYaBql2eQgCWLKqzZMGCnbwONWi+1sjowK1ac4zPnXhEr52EIES31hV8KHKU=,iv:4NzQxve+iKhRcQVxfXbDsQz1sBU+pnm9x/HQnv2TLgc=,tag:zLYKf+tEUsXApNdc1hLjhw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

25
os/linux/nix/secrets/example.yaml
View file

@ -1,25 +0,0 @@
example-key: ENC[AES256_GCM,data:8/LalMfi+YsJaF1P+A==,iv:/Kkul1a1gBiAd447/A/yVzfUJi7rb8nAoBWXiokQZEs=,tag:gN5VnfNFyiKplMpip54YEw==,type:str]
#ENC[AES256_GCM,data:zF3Eji+GV/e/lxQ8IFpu2Q==,iv:wTfGJmuJ08HXstXGofLbUcl3vSKOsSv1Ai0kQM57sF4=,tag:U94wjTY7mTpafjkA4hOh0g==,type:comment]
myservice:
my_subdir:
my_secret: ENC[AES256_GCM,data:0oxmwRaS6wYg,iv:7fn84cOkL9F1yhbGOOJZLgkIphI4ZjA0pdzFFNFDh50=,tag:mwbFqGbLa+H47jOyfiNQBQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3UUdpZU8zMloweWhZbmxI
aFZNL1M3eWNpMjBKMGxRMDYwUnZpd2k0NG1RCnVvcjJsU1dJQTVIcFlmMmFKeEI2
bEJVdldxektybGtLYmprRG9OenFnRjgKLS0tIGtBOWFrWXgvc2l0QThQczlWMkxW
bjM4enBEbUlkYlZFOHIvQW80VktsTDgKZMYE95nKgmU+whtU2xrJnuNlwZqrjpfN
e5LKNQ6lLqIzsmCdAlyPcKVW5hCbtaT/Ac1TvZWq7+cF6SbPa/51Ew==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-27T17:08:21Z"
mac: ENC[AES256_GCM,data:HO9P7Z3edo5FyaTenyKjphxnKcke4dqXiUyBveAPd2KP489Hh+fXrugx7+w47UiYsfgBCgFM/ED9xzRKLV7IMIYFtdtL5LwTizPF9H/VUnvRM420VUy/OMPiuludSSoL3WNpTM0UBQi4l7FSjKGpz5AdzLJE65Px05lPJQ/KGFY=,iv:TNtp3/A5lDanNQ0Ghi1Q1yyQc6glcYyYYeDkeEXNkVw=,tag:L5lmerkR3SarF/NLXYMURQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

2
os/linux/nix/sway/config
View file

@ -1,2 +0,0 @@
exec dbus-sway-environment
exec configure-gtk

21
readme.md
View file

@ -5,28 +5,15 @@ take what you like.
**NOTE**: I'm in the process of migrating/copying some/all things from a wacky
combination of Arch Linux, other Linux distributions, and macOS, to a single
Nix flake for everything. Tread lightly!
Nix flake for everything, including Arch Linux configs via Home Manager. Tread
lightly!
Please refer to https://git.lyte.dev/lytedev/nix
## Links
[🖥️ Upstream][upstream] • [🐙 GitHub Mirror][github]
# Basic Setup
For generic dotfiles setup:
```bash
curl -LO lyte.dev/df.sh && sh -i df.sh
```
Or if using the Nix flake (note that this is hostname-dependent):
<!-- TODO: verify this - or update the above method to simply call the following is nixos or home-manager? -->
```bash
sudo nixos-rebuild --flake 'git+https://git.lyte.dev/lytedev/dotfiles?dir=/os/linux/nix#' switch
```
# Screenshots
Any relevant screenshots may be found here: