lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fully modularized the thinker config

Browse source
This commit is contained in:
Daniel Flanagan 2023-09-05 23:11:14 -05:00
parent ad3203eada
commit 61ad5d24c0
9 changed files with 252 additions and 275 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
daniel.nix
View file

@ -15,6 +15,55 @@
# TODO: os-specific scripts? macOS versus Linux (arch or nixos? do I need to distinguish at that point?)
(pkgs.buildEnv { name = "my-scripts"; paths = [ ./scripts ]; })
# fortune # fun sayings
# steam # games
# pulsemixer # audio
# file # identify file types
# kitty # terminal emulator
# unstable.fzf # fuzzy finder
# dmenu # TODO: currently only using this for dmenu_path in `bin/launch`
# ranger # tui for file management
# pass # the standard unix password manager
# vulkan-tools # vkcube for making sure vulkan still works
# rustup
# clang
# pavucontrol # gui pulseaudio manager
# pamixer # tui pulseaudio manager
# strongswan # work vpn
# gnumake
# elixir
# postgresql # database
# htop # almost as good as bottom (btm)
# unzip # needed by a handful of other utilities
# autoconf
# automake # autotools
# weechat # irc
# python39Full # python 3.9
# jq # awk for json
# xfce.thunar
# xfce.thunar-archive-plugin
# xfce.thunar-volman # gui file manager
# mpd # music player daemon
# ncmpcpp # ncurses music player client
# vlc # video player
# google-chrome # sometimes ya gotta screenshare
# # TODO: work module?
# google-cloud-sdk # gcloud
# kubectl # kubernetes cli
# awscli # aws cli
# zoom-us # video conferencing
# lastpass-cli
# # TODO: move this one to just laptop?
# brightnessctl # laptop screen brightness
# # nix utils
# nox # package querying and installation?
# # yay is to pacman, nox is to nix-env
# niv # dependency pinning?
# lorri # project envrc - like asdf-vm?
];
programs.password-store = {

7
fish/shellInit.fish
View file

@ -43,13 +43,6 @@ set --export --universal ERL_AFLAGS "-kernel shell_history enabled -kernel shell
set --export --universal BROWSER firefox
set --export --universal EDITOR hx
set --export --universal VISUAL hx
# TODO: helix ($EDITOR) as man/pager
set --export --universal PAGER "less"
set --export --universal MANPAGER "less"
set --export --universal SOPS_AGE_KEY_FILE "$XDG_CONFIG_HOME/sops/age/keys.txt"
set --export --universal SKIM_ALT_C_COMMAND "fd --hidden --type directory"

58
modules/daniel.nix
View file

@ -1,58 +0,0 @@
{ config, pkgs, ... }: {
users.users.daniel = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" ];
shell = pkgs.fish;
home = "/home/daniel/.home";
packages = with pkgs; [
fortune # fun sayings
steam # games
pulsemixer # audio
file # identify file types
kitty # terminal emulator
unstable.fzf # fuzzy finder
dmenu # TODO: currently only using this for dmenu_path in `bin/launch`
ranger # tui for file management
pass # the standard unix password manager
vulkan-tools # vkcube for making sure vulkan still works
rustup
clang
pavucontrol # gui pulseaudio manager
pamixer # tui pulseaudio manager
strongswan # work vpn
gnumake
elixir
postgresql # database
htop # almost as good as bottom (btm)
unzip # needed by a handful of other utilities
autoconf
automake # autotools
weechat # irc
python39Full # python 3.9
jq # awk for json
xfce.thunar
xfce.thunar-archive-plugin
xfce.thunar-volman # gui file manager
mpd # music player daemon
ncmpcpp # ncurses music player client
vlc # video player
google-chrome # sometimes ya gotta screenshare
# TODO: work module?
google-cloud-sdk # gcloud
kubectl # kubernetes cli
awscli # aws cli
zoom-us # video conferencing
lastpass-cli
# TODO: move this one to just laptop?
brightnessctl # laptop screen brightness
# nix utils
nox # package querying and installation?
# yay is to pacman, nox is to nix-env
niv # dependency pinning?
lorri # project envrc - like asdf-vm?
];
};
}

23
modules/podman.nix Normal file
View file

@ -0,0 +1,23 @@
{ pkgs, ... }: {
environment = {
systemPackages = with pkgs; [
podman-compose
];
};
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = {
backend = "podman";
};
};
}

41
modules/postgres.nix Normal file
View file

@ -0,0 +1,41 @@
{ pkgs, ... }: {
# this is really just for development usage
services.postgresql = {
enable = true;
ensureDatabases = [ "daniel" ];
ensureUsers = [
{
name = "daniel";
ensurePermissions = {
"DATABASE daniel" = "ALL PRIVILEGES";
};
}
];
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all postgres peer map=superuser_map
local all daniel peer map=superuser_map
local sameuser all peer map=superuser_map
# lan ipv4
host all all 10.0.0.0/24 trust
host all all 127.0.0.1/32 trust
# tailnet ipv4
host all all 100.64.0.0/10 trust
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
superuser_map daniel postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
};
}

38
modules/sway.nix
View file

@ -57,5 +57,43 @@ in
services.dbus.enable = true;
programs.thunar.enable = true;
environment.systemPackages = with pkgs; [
brightnessctl
feh
gimp
grim
inkscape
krita
libinput
libinput-gestures
libnotify
lutris
mako
nil
nixpkgs-fmt
noto-fonts
pamixer
pavucontrol
pgcli
playerctl
pulseaudio
pulsemixer
rclone
restic
slurp
steam
swaybg
swayidle
swaylock
vlc
vulkan-tools
waybar
wine
wl-clipboard
wofi
zathura
];
# services.xserver.libinput.enable = true;
}

8
modules/wifi.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }: {
networking.networkmanager.enable = true;
# iwd?
# powersave?
# TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded
# from secrets?
}

81
nixos/common.nix
View file

@ -1,4 +1,58 @@
{ config, lib, pkgs, ... }: {
{ config, lib, pkgs, inputs, ... }: {
environment = {
variables = {
EDITOR = "hx";
VISUAL = "hx";
PAGER = "less";
MANPAGER = "less";
};
systemPackages = with pkgs; [
age
bat
bind
bottom
curl
dog
dua
exa
fd
file
fwupd
git
git-lfs
gnumake
hexyl
htop
iputils
killall
kitty # TODO: I really just need the terminfo on servers, though, right?
less
mosh
nmap
openssl
pciutils
rclone
restic
ripgrep
rsync
sd
sops
tmux
traceroute
unzip
watchexec
wget
xh
zellij
zstd
] ++ [
inputs.helix.packages."x86_64-linux".helix
inputs.rtx.packages."x86_64-linux".rtx
];
};
users.users = {
daniel = {
isNormalUser = true;
@ -27,8 +81,22 @@
openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
settings = {
PasswordAuthentication = false;
};
# tailscale handles this I think
openFirewall = lib.mkDefault false;
# listenAddresses = [
# { addr = "0.0.0.0"; port = 22; }
# ];
};
tailscale = {
enable = true;
useRoutingFeatures = lib.mkDefault "client";
};
};
@ -59,6 +127,13 @@
networking = {
useDHCP = lib.mkDefault true;
firewall = {
enable = lib.mkDefault true;
allowPing = lib.mkDefault true;
allowedTCPPorts = lib.mkDefault [ ];
allowedUDPPorts = lib.mkDefault [ ];
};
};
nix = {

222
nixos/thinker.nix
View file

@ -1,225 +1,33 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ modulesPath, pkgs, lib, inputs, ... }:
{
{ modulesPath, lib, ... }: {
imports =
[
../modules/intel.net
../modules/desktop-usage.nix
../modules/podman.nix
../modules/wifi.nix
(modulesPath + "/installer/scan/not-detected.nix")
];
# TODO: hibernation? I've been using [deep] in /sys/power/mem_sleep alright
# with this machine so it may not be necessary?
# need to measure percentage lost per day, but I think it's around 10%/day
# it looks like I may have had hibernation working -- see ../old/third.nix
# TODO: fonts? right now, I'm just installing to ~/.local/share/fonts
# hardware
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
services.pcscd.enable = true; # why do I need this? SD card slot?
# wifi
networking.networkmanager.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# TODO: hibernation? I've been using [deep] in /sys/power/mem_sleep alright
# with this machine so it may not be necessary?
# need to measure percentage lost per day, but I think it's around 10%/day
# TODO: fonts? right now, I'm just installing to ~/.local/share/fonts
hardware.bluetooth.enable = true;
networking.hostName = "thinker";
# I own a printer in the year of our Lord 2023
services.printing.enable = true;
environment.systemPackages = with pkgs; [
age
bat
bind
bottom
brightnessctl
clang
curl
delta
dog
dtach
dua
exa
fd
feh
file
fwupd
gcc
gimp
git
git-lfs
grim
inputs.helix.packages."x86_64-linux".helix
inputs.rtx.packages."x86_64-linux".rtx
hexyl
htop
inkscape
inotify-tools
iputils
killall
kitty
krita
libinput
libinput-gestures
libnotify
lutris
gnumake
mako
mosh
nmap
nnn
nil
nixpkgs-fmt
noto-fonts
openssl
pamixer
pavucontrol
pciutils
pgcli
playerctl
podman-compose
pulseaudio
pulsemixer
rclone
restic
ripgrep
rsync
sd
slurp
sops
steam
swaybg
swayidle
swaylock
tmux
traceroute
unzip
vlc
vulkan-tools
watchexec
waybar
wget
wireplumber
wine
wl-clipboard
wofi
xh
zathura
zellij
zstd
];
programs.thunar.enable = true;
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
environment.variables = {
EDITOR = "hx";
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
listenAddresses = [
{ addr = "0.0.0.0"; port = 22; }
];
};
services.postgresql = {
enable = true;
ensureDatabases = [ "daniel" ];
ensureUsers = [
{
name = "daniel";
ensurePermissions = {
"DATABASE daniel" = "ALL PRIVILEGES";
};
}
];
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all postgres peer map=superuser_map
local all daniel peer map=superuser_map
local sameuser all peer map=superuser_map
# lan ipv4
host all all 10.0.0.0/24 trust
host all all 127.0.0.1/32 trust
# tailnet ipv4
host all all 100.64.0.0/10 trust
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
superuser_map daniel postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
};
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = {
backend = "podman";
};
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
services.pcscd.enable = true; # why do I need this? SD card slot?
hardware.bluetooth.enable = true;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
services.printing.enable = true; # I own a printer in the year of our Lord 2023
system.stateVersion = "23.05";
}