diff --git a/daniel.nix b/daniel.nix index b52563f..38d3629 100644 --- a/daniel.nix +++ b/daniel.nix @@ -15,6 +15,55 @@ # TODO: os-specific scripts? macOS versus Linux (arch or nixos? do I need to distinguish at that point?) (pkgs.buildEnv { name = "my-scripts"; paths = [ ./scripts ]; }) + + # fortune # fun sayings + # steam # games + # pulsemixer # audio + # file # identify file types + # kitty # terminal emulator + # unstable.fzf # fuzzy finder + # dmenu # TODO: currently only using this for dmenu_path in `bin/launch` + # ranger # tui for file management + # pass # the standard unix password manager + # vulkan-tools # vkcube for making sure vulkan still works + # rustup + # clang + # pavucontrol # gui pulseaudio manager + # pamixer # tui pulseaudio manager + # strongswan # work vpn + # gnumake + # elixir + # postgresql # database + # htop # almost as good as bottom (btm) + # unzip # needed by a handful of other utilities + # autoconf + # automake # autotools + # weechat # irc + # python39Full # python 3.9 + # jq # awk for json + # xfce.thunar + # xfce.thunar-archive-plugin + # xfce.thunar-volman # gui file manager + # mpd # music player daemon + # ncmpcpp # ncurses music player client + # vlc # video player + # google-chrome # sometimes ya gotta screenshare + + # # TODO: work module? + # google-cloud-sdk # gcloud + # kubectl # kubernetes cli + # awscli # aws cli + # zoom-us # video conferencing + # lastpass-cli + + # # TODO: move this one to just laptop? + # brightnessctl # laptop screen brightness + + # # nix utils + # nox # package querying and installation? + # # yay is to pacman, nox is to nix-env + # niv # dependency pinning? + # lorri # project envrc - like asdf-vm? ]; programs.password-store = { diff --git a/fish/shellInit.fish b/fish/shellInit.fish index 7642c5f..84e43fa 100644 --- a/fish/shellInit.fish +++ b/fish/shellInit.fish @@ -43,13 +43,6 @@ set --export --universal ERL_AFLAGS "-kernel shell_history enabled -kernel shell set --export --universal BROWSER firefox -set --export --universal EDITOR hx -set --export --universal VISUAL hx - -# TODO: helix ($EDITOR) as man/pager -set --export --universal PAGER "less" -set --export --universal MANPAGER "less" - set --export --universal SOPS_AGE_KEY_FILE "$XDG_CONFIG_HOME/sops/age/keys.txt" set --export --universal SKIM_ALT_C_COMMAND "fd --hidden --type directory" diff --git a/modules/daniel.nix b/modules/daniel.nix deleted file mode 100644 index ec78a8e..0000000 --- a/modules/daniel.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, pkgs, ... }: { - users.users.daniel = { - isNormalUser = true; - extraGroups = [ "wheel" "docker" ]; - shell = pkgs.fish; - home = "/home/daniel/.home"; - packages = with pkgs; [ - fortune # fun sayings - steam # games - pulsemixer # audio - file # identify file types - kitty # terminal emulator - unstable.fzf # fuzzy finder - dmenu # TODO: currently only using this for dmenu_path in `bin/launch` - ranger # tui for file management - pass # the standard unix password manager - vulkan-tools # vkcube for making sure vulkan still works - rustup - clang - pavucontrol # gui pulseaudio manager - pamixer # tui pulseaudio manager - strongswan # work vpn - gnumake - elixir - postgresql # database - htop # almost as good as bottom (btm) - unzip # needed by a handful of other utilities - autoconf - automake # autotools - weechat # irc - python39Full # python 3.9 - jq # awk for json - xfce.thunar - xfce.thunar-archive-plugin - xfce.thunar-volman # gui file manager - mpd # music player daemon - ncmpcpp # ncurses music player client - vlc # video player - google-chrome # sometimes ya gotta screenshare - - # TODO: work module? - google-cloud-sdk # gcloud - kubectl # kubernetes cli - awscli # aws cli - zoom-us # video conferencing - lastpass-cli - - # TODO: move this one to just laptop? - brightnessctl # laptop screen brightness - - # nix utils - nox # package querying and installation? - # yay is to pacman, nox is to nix-env - niv # dependency pinning? - lorri # project envrc - like asdf-vm? - ]; - }; -} diff --git a/modules/podman.nix b/modules/podman.nix new file mode 100644 index 0000000..7454962 --- /dev/null +++ b/modules/podman.nix @@ -0,0 +1,23 @@ +{ pkgs, ... }: { + environment = { + systemPackages = with pkgs; [ + podman-compose + ]; + }; + + virtualisation = { + podman = { + enable = true; + + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; + + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + }; + + oci-containers = { + backend = "podman"; + }; + }; +} diff --git a/modules/postgres.nix b/modules/postgres.nix new file mode 100644 index 0000000..84ee893 --- /dev/null +++ b/modules/postgres.nix @@ -0,0 +1,41 @@ +{ pkgs, ... }: { + # this is really just for development usage + services.postgresql = { + enable = true; + ensureDatabases = [ "daniel" ]; + ensureUsers = [ + { + name = "daniel"; + ensurePermissions = { + "DATABASE daniel" = "ALL PRIVILEGES"; + }; + } + ]; + enableTCPIP = true; + + package = pkgs.postgresql_15; + + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + local all postgres peer map=superuser_map + local all daniel peer map=superuser_map + local sameuser all peer map=superuser_map + + # lan ipv4 + host all all 10.0.0.0/24 trust + host all all 127.0.0.1/32 trust + + # tailnet ipv4 + host all all 100.64.0.0/10 trust + ''; + + identMap = '' + # ArbitraryMapName systemUser DBUser + superuser_map root postgres + superuser_map postgres postgres + superuser_map daniel postgres + # Let other names login as themselves + superuser_map /^(.*)$ \1 + ''; + }; +} diff --git a/modules/sway.nix b/modules/sway.nix index 6d43954..708eb47 100644 --- a/modules/sway.nix +++ b/modules/sway.nix @@ -57,5 +57,43 @@ in services.dbus.enable = true; + programs.thunar.enable = true; + + environment.systemPackages = with pkgs; [ + brightnessctl + feh + gimp + grim + inkscape + krita + libinput + libinput-gestures + libnotify + lutris + mako + nil + nixpkgs-fmt + noto-fonts + pamixer + pavucontrol + pgcli + playerctl + pulseaudio + pulsemixer + rclone + restic + slurp + steam + swaybg + swayidle + swaylock + vlc + vulkan-tools + waybar + wine + wl-clipboard + wofi + zathura + ]; # services.xserver.libinput.enable = true; } diff --git a/modules/wifi.nix b/modules/wifi.nix new file mode 100644 index 0000000..3d57dd3 --- /dev/null +++ b/modules/wifi.nix @@ -0,0 +1,8 @@ +{ ... }: { + networking.networkmanager.enable = true; + + # iwd? + # powersave? + # TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded + # from secrets? +} diff --git a/nixos/common.nix b/nixos/common.nix index a7d0f9f..d911b84 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -1,4 +1,58 @@ -{ config, lib, pkgs, ... }: { +{ config, lib, pkgs, inputs, ... }: { + + environment = { + variables = { + EDITOR = "hx"; + VISUAL = "hx"; + PAGER = "less"; + MANPAGER = "less"; + }; + + systemPackages = with pkgs; [ + age + bat + bind + bottom + curl + dog + dua + exa + fd + file + fwupd + git + git-lfs + gnumake + hexyl + htop + iputils + killall + kitty # TODO: I really just need the terminfo on servers, though, right? + less + mosh + nmap + openssl + pciutils + rclone + restic + ripgrep + rsync + sd + sops + tmux + traceroute + unzip + watchexec + wget + xh + zellij + zstd + ] ++ [ + inputs.helix.packages."x86_64-linux".helix + inputs.rtx.packages."x86_64-linux".rtx + ]; + }; + users.users = { daniel = { isNormalUser = true; @@ -27,8 +81,22 @@ openssh = { enable = true; - passwordAuthentication = false; - permitRootLogin = "no"; + + settings = { + PasswordAuthentication = false; + }; + + # tailscale handles this I think + openFirewall = lib.mkDefault false; + + # listenAddresses = [ + # { addr = "0.0.0.0"; port = 22; } + # ]; + }; + + tailscale = { + enable = true; + useRoutingFeatures = lib.mkDefault "client"; }; }; @@ -59,6 +127,13 @@ networking = { useDHCP = lib.mkDefault true; + + firewall = { + enable = lib.mkDefault true; + allowPing = lib.mkDefault true; + allowedTCPPorts = lib.mkDefault [ ]; + allowedUDPPorts = lib.mkDefault [ ]; + }; }; nix = { diff --git a/nixos/thinker.nix b/nixos/thinker.nix index 55d7c51..3aea5af 100644 --- a/nixos/thinker.nix +++ b/nixos/thinker.nix @@ -1,225 +1,33 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running `nixos-help`). - -{ modulesPath, pkgs, lib, inputs, ... }: - -{ +{ modulesPath, lib, ... }: { imports = [ ../modules/intel.net ../modules/desktop-usage.nix + ../modules/podman.nix + ../modules/wifi.nix (modulesPath + "/installer/scan/not-detected.nix") ]; + # TODO: hibernation? I've been using [deep] in /sys/power/mem_sleep alright + # with this machine so it may not be necessary? + # need to measure percentage lost per day, but I think it's around 10%/day + # it looks like I may have had hibernation working -- see ../old/third.nix + + # TODO: fonts? right now, I'm just installing to ~/.local/share/fonts + # hardware boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot.enable = true; boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ]; - services.pcscd.enable = true; # why do I need this? SD card slot? - - # wifi - networking.networkmanager.enable = true; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - # TODO: hibernation? I've been using [deep] in /sys/power/mem_sleep alright - # with this machine so it may not be necessary? - # need to measure percentage lost per day, but I think it's around 10%/day - - # TODO: fonts? right now, I'm just installing to ~/.local/share/fonts - - hardware.bluetooth.enable = true; networking.hostName = "thinker"; - # I own a printer in the year of our Lord 2023 - services.printing.enable = true; - - environment.systemPackages = with pkgs; [ - age - bat - bind - bottom - brightnessctl - clang - curl - delta - dog - dtach - dua - exa - fd - feh - file - fwupd - gcc - gimp - git - git-lfs - grim - inputs.helix.packages."x86_64-linux".helix - inputs.rtx.packages."x86_64-linux".rtx - hexyl - htop - inkscape - inotify-tools - iputils - killall - kitty - krita - libinput - libinput-gestures - libnotify - lutris - gnumake - mako - mosh - nmap - nnn - nil - nixpkgs-fmt - noto-fonts - openssl - pamixer - pavucontrol - pciutils - pgcli - playerctl - podman-compose - pulseaudio - pulsemixer - rclone - restic - ripgrep - rsync - sd - slurp - sops - steam - swaybg - swayidle - swaylock - tmux - traceroute - unzip - vlc - vulkan-tools - watchexec - waybar - wget - wireplumber - wine - wl-clipboard - wofi - xh - zathura - zellij - zstd - ]; - - programs.thunar.enable = true; - - services.tailscale = { - enable = true; - useRoutingFeatures = "client"; - }; - - environment.variables = { - EDITOR = "hx"; - }; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - }; - listenAddresses = [ - { addr = "0.0.0.0"; port = 22; } - ]; - }; - - services.postgresql = { - enable = true; - ensureDatabases = [ "daniel" ]; - ensureUsers = [ - { - name = "daniel"; - ensurePermissions = { - "DATABASE daniel" = "ALL PRIVILEGES"; - }; - } - ]; - enableTCPIP = true; - - package = pkgs.postgresql_15; - - authentication = pkgs.lib.mkOverride 10 '' - #type database DBuser auth-method - local all postgres peer map=superuser_map - local all daniel peer map=superuser_map - local sameuser all peer map=superuser_map - - # lan ipv4 - host all all 10.0.0.0/24 trust - host all all 127.0.0.1/32 trust - - # tailnet ipv4 - host all all 100.64.0.0/10 trust - ''; - - identMap = '' - # ArbitraryMapName systemUser DBUser - superuser_map root postgres - superuser_map postgres postgres - superuser_map daniel postgres - # Let other names login as themselves - superuser_map /^(.*)$ \1 - ''; - }; - - - virtualisation = { - podman = { - enable = true; - - # Create a `docker` alias for podman, to use it as a drop-in replacement - dockerCompat = true; - - # Required for containers under podman-compose to be able to talk to each other. - defaultNetwork.settings.dns_enabled = true; - }; - - oci-containers = { - backend = "podman"; - }; - }; - - networking.firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ ]; - allowedUDPPorts = [ ]; - }; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? + services.pcscd.enable = true; # why do I need this? SD card slot? + hardware.bluetooth.enable = true; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + services.printing.enable = true; # I own a printer in the year of our Lord 2023 + system.stateVersion = "23.05"; }