From de6df90c79de50ae587976ba41fee62ab1253739 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Mon, 18 Sep 2023 09:02:00 -0500 Subject: [PATCH 1/5] Firewall --- flake.lock | 66 +++++++++++++++++++++++++++++++----------------- flake.nix | 8 +++++- nixos/common.nix | 11 ++++---- readme.md | 6 +++-- 4 files changed, 60 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 174dea2..c977fc8 100644 --- a/flake.lock +++ b/flake.lock @@ -135,6 +135,21 @@ "type": "github" } }, + "flake-utils_4": { + "locked": { + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "helix": { "inputs": { "crane": "crane", @@ -158,7 +173,9 @@ }, "home-manager": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": [ + "nixpkgs" + ] }, "locked": { "lastModified": 1693208669, @@ -240,22 +257,6 @@ } }, "nixpkgs_4": { - "locked": { - "lastModified": 1693771906, - "narHash": "sha256-32EnPCaVjOiEERZ+o/2Ir7JH9pkfwJZJ27SKHNvt4yk=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "da5adce0ffaff10f6d0fee72a02a5ed9d01b52fc", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-23.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1692794066, "narHash": "sha256-H0aG8r16dj0x/Wz6wQhQxc9V7AsObOiHPaKxQgH6Y08=", @@ -271,7 +272,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1693844670, "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=", @@ -287,7 +288,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1693844670, "narHash": "sha256-t69F2nBB8DNQUWHD809oJZJVE+23XBrth4QZuVd6IE0=", @@ -309,15 +310,16 @@ "disko": "disko", "helix": "helix", "home-manager": "home-manager", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "rtx": "rtx", - "sops-nix": "sops-nix" + "sops-nix": "sops-nix", + "utils": "utils" } }, "rtx": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1693923183, @@ -360,7 +362,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { @@ -406,6 +408,24 @@ "repo": "default", "type": "github" } + }, + "utils": { + "inputs": { + "flake-utils": "flake-utils_4" + }, + "locked": { + "lastModified": 1657226504, + "narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=", + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a", + "type": "github" + }, + "original": { + "owner": "gytis-ivaskevicius", + "repo": "flake-utils-plus", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 9896c08..80d25d0 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,15 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05"; + utils.url = "github:gytis-ivaskevicius/flake-utils-plus"; # nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-channels/nixos-unstable"; api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"; - home-manager.url = "github:nix-community/home-manager/release-23.05"; + home-manager = { + url = "github:nix-community/home-manager/release-23.05"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.utils.follows = "utils"; + }; + disko.url = "github:nix-community/disko/master"; sops-nix.url = "github:Mic92/sops-nix"; helix.url = "github:helix-editor/helix"; diff --git a/nixos/common.nix b/nixos/common.nix index 02e18d1..52af431 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -1,11 +1,12 @@ -{ config, lib, inputs, system, ... }: -let +{ config, lib, inputs, system, ... }: +let overlay = final: prev: { helix = prev.helix // inputs.helix.packages.${system}.helix; rtx = prev.rtx // inputs.rtx.packages.${system}.rtx; }; pkgs = inputs.nixpkgs.legacyPackages.${system}.extend overlay; -in { +in +{ services.journald.extraConfig = "SystemMaxUse=1G"; environment = { @@ -96,8 +97,8 @@ in { PasswordAuthentication = false; }; - # tailscale handles this I think - openFirewall = lib.mkDefault false; + # TODO: tailscale can handle this I think...? + openFirewall = lib.mkDefault true; # listenAddresses = [ # { addr = "0.0.0.0"; port = 22; } diff --git a/readme.md b/readme.md index 42dcbbb..a067f39 100644 --- a/readme.md +++ b/readme.md @@ -75,12 +75,14 @@ sudo nix-shell --packages git --run "nix run \ --arg disks '[ \"/dev/your_disk\" ]'" ``` -And finally install NixOS as specified by this flake: +And finally install NixOS (optionally using my cache) as specified by this flake: ```bash nix-shell --packages git \ --run "sudo nixos-install \ - --flake 'git+https://git.lyte.dev/lytedev/nix#yourNixosConfig'" + --flake 'git+https://git.lyte.dev/lytedev/nix#yourNixosConfig' \ + --option substituters 'https://nix.h.lyte.dev' \ + --option trusted-public-keys 'h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0='" ``` **NOTE**: This takes a while, mostly due to building Helix myself on each box. I From 42333882b2b76e4c0840bc345cd3b883a8ab7303 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Tue, 19 Sep 2023 20:23:53 -0500 Subject: [PATCH 2/5] Add next-ls to helix config and cue to packages --- .gitignore | 2 ++ home/user.nix | 9 ++++++++- nixos/common.nix | 1 + 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..87a3018 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +result +*.qcow2 diff --git a/home/user.nix b/home/user.nix index a94d694..ee45072 100644 --- a/home/user.nix +++ b/home/user.nix @@ -161,10 +161,17 @@ in }; }; + language-server = { + next-ls = { + command = "next-ls"; + args = [ "--stdout" ]; + }; + }; + language = [ { name = "elixir"; - language-servers = [ "elixir-ls" "lexical" ]; + language-servers = [ "elixir-ls" "lexical" "next-ls" ]; auto-format = true; } { diff --git a/nixos/common.nix b/nixos/common.nix index 52af431..41d2b10 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -23,6 +23,7 @@ in bind bottom btrfs-progs + cue curl dog dua From ddb4d992ee6e7c32ca86c337c0a4d1a8c9eef3ed Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Tue, 19 Sep 2023 20:53:27 -0500 Subject: [PATCH 3/5] Some deno language server config for helix --- home/user.nix | 91 +++++++++++++++++++++++++++++++++++---------------- 1 file changed, 63 insertions(+), 28 deletions(-) diff --git a/home/user.nix b/home/user.nix index ee45072..6c0c657 100644 --- a/home/user.nix +++ b/home/user.nix @@ -159,13 +159,17 @@ in command = "lexical"; args = [ "start" ]; }; - }; - language-server = { next-ls = { command = "next-ls"; args = [ "--stdout" ]; }; + + deno = { + command = "deno"; + args = [ "lsp" ]; + config = { enable = true; lint = true; unstable = true; }; + }; }; language = [ @@ -194,20 +198,63 @@ in unit = "\t"; }; } - # TODO: deno: - #[[language]] - #name = "javascript" - #scope = "source.js" - #injection-regex = "^(js|javascript)$" - #file-types = [ "js", "jsx", "mjs" ] - #shebangs = [ "deno", "node" ] - #roots = [ "deno.jsonc", "deno.json", "package.json", "tsconfig.json" ] - #comment-token = "//" - # config = { enable = true, lint = true, unstable = true } - # language-server = { command = "typescript-language-server", args = ["--stdio"], language-id = "javascript" } - #indent = { - #tab-width = 2, unit = "\t" } - #auto-format = true + + { + name = "javascript"; + language-id = "javascript"; + grammar = "javascript"; + scope = "source.js"; + injection-regex = "^(js|javascript)$"; + file-types = [ "js" "mjs" ]; + shebangs = [ "deno" ]; + language-servers = [ "deno" ]; + roots = [ "deno.jsonc" "deno.json" ]; + formatter = { + command = "deno"; + args = [ "fmt" ]; + }; + auto-format = true; + comment-token = "//"; + indent = { + tab-width = 2; + unit = "\t"; + }; + } + + { + name = "typescript"; + language-id = "typescript"; + grammar = "typescript"; + scope = "source.ts"; + injection-regex = "^(ts|typescript)$"; + file-types = [ "ts" ]; + shebangs = [ "deno" ]; + language-servers = [ "deno" ]; + roots = [ "deno.jsonc" "deno.json" ]; + formatter = { + command = "deno"; + args = [ "fmt" ]; + }; + auto-format = true; + comment-token = "//"; + indent = { + tab-width = 2; + unit = "\t"; + }; + } + + { + name = "jsonc"; + language-id = "json"; + grammar = "jsonc"; + scope = "source.jsonc"; + injection-regex = "^(jsonc)$"; + roots = [ "deno.jsonc" "deno.json" ]; + file-types = [ "jsonc" ]; + language-servers = [ "deno" ]; + indent = { tab-width = 2; unit = " "; }; + auto-format = true; + } # [[language]] # name = "jsx" @@ -223,18 +270,6 @@ in # grammar = "javascript" # auto-format = true - # [[language]] - # name = "typescript" - # scope = "source.ts" - # injection-regex = "^(ts|typescript)$" - # file-types = ["ts"] - # shebangs = ["deno", "node"] - # roots = ["deno.jsonc", "deno.json", "package.json", "tsconfig.json"] - # config = { enable = true, lint = true, unstable = true } - # language-server = { command = "deno", args = ["lsp"], language-id = "typescript" } - # indent = { tab-width = 2, unit = " " } - # auto-format = true - # [[language]] # name = "tsx" # scope = "source.tsx" From bd902c737259b324aea34237cfd2da92fb95fc06 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Tue, 19 Sep 2023 20:56:24 -0500 Subject: [PATCH 4/5] Basic pre-commit hook --- nixos.nix | 2 +- nixos/common.nix | 36 ++++++++++++++++++------------------ pre-commit.bash | 5 +++++ 3 files changed, 24 insertions(+), 19 deletions(-) create mode 100755 pre-commit.bash diff --git a/nixos.nix b/nixos.nix index 97c5169..9acd2e5 100644 --- a/nixos.nix +++ b/nixos.nix @@ -31,7 +31,7 @@ in { # TODO: disko-fy rascal and beefcake? - beefcake = nixosSystem "x86-64-linux" [ + beefcake = nixosSystem "x86_64-linux" [ ./nixos/beefcake.nix inputs.api-lyte-dev.nixosModules.x86_64-linux.api-lyte-dev ]; diff --git a/nixos/common.nix b/nixos/common.nix index 41d2b10..0befc30 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -120,24 +120,24 @@ in useXkbConfig = true; earlySetup = true; - # colors = [ - # "111111" - # "f92672" - # "a6e22e" - # "f4bf75" - # "66d9ef" - # "ae81ff" - # "a1efe4" - # "f8f8f2" - # "75715e" - # "f92672" - # "a6e22e" - # "f4bf75" - # "66d9ef" - # "ae81ff" - # "a1efe4" - # "f9f8f5" - # ]; + colors = [ + "111111" + "f92672" + "a6e22e" + "f4bf75" + "66d9ef" + "ae81ff" + "a1efe4" + "f8f8f2" + "75715e" + "f92672" + "a6e22e" + "f4bf75" + "66d9ef" + "ae81ff" + "a1efe4" + "f9f8f5" + ]; }; networking = { diff --git a/pre-commit.bash b/pre-commit.bash new file mode 100755 index 0000000..9ec3cd5 --- /dev/null +++ b/pre-commit.bash @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +set -eux + +nix flake check From e355e51e1b73c5efc41e1fecbecc226cda40e089 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Tue, 19 Sep 2023 20:57:24 -0500 Subject: [PATCH 5/5] Add note to setup pre-commit hooks --- readme.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/readme.md b/readme.md index 2cb7562..73957c1 100644 --- a/readme.md +++ b/readme.md @@ -11,6 +11,12 @@ here is useful inspiration. You don't have even have to clone this crap yourself. How cool is that! +But if you're gonna change stuff you had better setup the pre-commit hook: + +```shell_session +ln -s $PWD/pre-commit.bash .git/hooks/pre-commit +``` + ## NixOS ```shell_session