From 727a70d8432ab906370b6f875d168a1ff50dc3d8 Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Thu, 12 Sep 2024 12:05:22 -0500 Subject: [PATCH] Comment --- flake.nix | 98 ++++++++------- modules/home-manager/sway.nix | 8 +- modules/nixos/default.nix | 227 ++++++++++++++++++++-------------- modules/nixos/gnome.nix | 29 +++-- nixos/bigtower.nix | 6 +- nixos/router.nix | 66 +++++----- overlays/default.nix | 32 +++-- packages/iosevkaLyteTerm.nix | 8 +- 8 files changed, 265 insertions(+), 209 deletions(-) diff --git a/flake.nix b/flake.nix index e96029f..99d4a61 100644 --- a/flake.nix +++ b/flake.nix @@ -97,17 +97,21 @@ }; }; - # moduleArgs = { - # # inherit style; - # inherit helix slippi hyprland hardware disko home-manager; - # inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays; - # }; + /* + moduleArgs = { + # inherit style; + inherit helix slippi hyprland hardware disko home-manager; + inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays; + }; + */ pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"; in { - # kind of a quirk, but package definitions are actually in the "additions" - # overlay I did this to work around some recursion problems - # TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880 + /* + kind of a quirk, but package definitions are actually in the "additions" + overlay I did this to work around some recursion problems + TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880 + */ packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;}); diskoConfigurations = import ./disko {inherit (nixpkgs) lib;}; templates = import ./templates; @@ -221,10 +225,12 @@ in rec { helix = helix.outputs.packages.${prev.system}.helix; final.helix = helix; - # TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage - # source: https://github.com/wez/wezterm/issues/3771 - # not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737 - # I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing + /* + TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage + source: https://github.com/wez/wezterm/issues/3771 + not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737 + I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing + */ wezterm = wezterm-input.outputs.packages.${prev.system}.default; final.wezterm = wezterm; }; @@ -437,33 +443,35 @@ ]; }; - # grablet = nixpkgs.lib.nixosSystem { - # system = "x86_64-linux"; - # modules = with nixosModules; [ - # common + /* + grablet = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = with nixosModules; [ + common - # outputs.diskoConfigurations.standard - # hardware.nixosModules.common-cpu-intel-kaby-lake - # hardware.nixosModules.common-pc-laptopp-ssd - # graphical-workstation - # laptop - # gaming + outputs.diskoConfigurations.standard + hardware.nixosModules.common-cpu-intel-kaby-lake + hardware.nixosModules.common-pc-laptopp-ssd + graphical-workstation + laptop + gaming - # ./nixos/thablet.nix + ./nixos/thablet.nix - # { - # home-manager.users.daniel = { - # imports = with homeManagerModules; [ - # iex - # cargo - # linux-desktop-environment-config - # ]; - # }; + { + home-manager.users.daniel = { + imports = with homeManagerModules; [ + iex + cargo + linux-desktop-environment-config + ]; + }; - # powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - # } - # ]; - # }; + powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; + } + ]; + }; + */ thinker = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; @@ -561,11 +569,13 @@ linux troubleshooting-tools - # NOTE: maybe use this someday, but I think I need more concrete - # networking knowledge before I know how to use it well. Additionally, - # I can use my existing firewall configuration more easily if I manage - # it directly. - # nnf.nixosModules.default + /* + NOTE: maybe use this someday, but I think I need more concrete + networking knowledge before I know how to use it well. Additionally, + I can use my existing firewall configuration more easily if I manage + it directly. + nnf.nixosModules.default + */ ./nixos/router.nix ]; @@ -599,8 +609,10 @@ }; }; - # TODO: nix-on-droid for phone terminal usage? - # TODO: nix-darwin for work? - # TODO: nixos ISO? + /* + TODO: nix-on-droid for phone terminal usage? + TODO: nix-darwin for work? + TODO: nixos ISO? + */ }; } diff --git a/modules/home-manager/sway.nix b/modules/home-manager/sway.nix index cd03949..f6de700 100644 --- a/modules/home-manager/sway.nix +++ b/modules/home-manager/sway.nix @@ -96,9 +96,11 @@ ]; output = { - # "*" = { - # background = "$HOME/.wallpaper fill"; - # }; + /* + "*" = { + background = "$HOME/.wallpaper fill"; + }; + */ }; # TODO: popup_during_fullscreen smart diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 3e1d76d..5fd0453 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -89,39 +89,41 @@ systemPackages = with pkgs; [ brightnessctl feh - # gimp grim - # inkscape - # krita libinput libinput-gestures libnotify mako - # lutris - # nil - # nixpkgs-fmt noto-fonts pamixer - # pavucontrol playerctl pulseaudio pulsemixer - # rclone - # restic slurp - # steam swaybg swayidle swaylock swayosd tofi - # vlc - # vulkan-tools waybar - # weechat - # wine wl-clipboard zathura + /* + gimp + inkscape + krita + lutris + nil + nixpkgs-fmt + pavucontrol + rclone + restic + steam + vlc + vulkan-tools + weechat + wine + */ ]; }; }; @@ -238,9 +240,11 @@ file iputils nettools - # nodePackages.bash-language-server # just pull in as needed? - # shellcheck - # shfmt + /* + nodePackages.bash-language-server # just pull in as needed? + shellcheck + shfmt + */ killall ripgrep rsync @@ -269,9 +273,11 @@ pkgs, ... }: { - # https://nixos.wiki/wiki/Remote_disk_unlocking - # "When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang." - # ^ seems less than ideal + /* + https://nixos.wiki/wiki/Remote_disk_unlocking + "When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang." + ^ seems less than ideal + */ boot.kernelParams = ["ip=dhcp"]; boot.initrd = { # availableKernelModules = ["r8169"]; # ethernet drivers @@ -306,17 +312,21 @@ openFirewall = lib.mkDefault true; - # listenAddresses = [ - # { addr = "0.0.0.0"; port = 22; } - # ]; + /* + listenAddresses = [ + { addr = "0.0.0.0"; port = 22; } + ]; + */ }; }; password-manager = {pkgs, ...}: { - # programs.goldwarden = { - # NOTE: This didn't seem to work for me, but would be awesome! - # enable = true; - # }; + /* + programs.goldwarden = { + ## NOTE: This didn't seem to work for me, but would be awesome! (but I can't remember why?) + enable = true; + }; + */ home-manager.users.daniel = { imports = with homeManagerModules; [ @@ -418,9 +428,11 @@ environment.sessionVariables.NIXOS_OZONE_WL = "1"; programs.neovim = { enable = true; - # plugins = [ - # pkgs.vimPlugins.nvim-treesitter.withAllGrammars - # ]; + /* + plugins = [ + pkgs.vimPlugins.nvim-treesitter.withAllGrammars + ]; + */ }; environment.systemPackages = with pkgs; [ @@ -574,8 +586,10 @@ then { graphics = { enable = true; - # driSupport32Bit = true; - # driSupport = true; + /* + driSupport32Bit = true; + driSupport = true; + */ }; } else { @@ -591,8 +605,10 @@ slides ]; variables = { - # GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark"; - # GTK_USE_PORTAL = "1"; + /* + GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark"; + GTK_USE_PORTAL = "1"; + */ }; }; }; @@ -603,10 +619,12 @@ kde-connect = { programs.kdeconnect.enable = true; - # networking.firewall = { - # allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; - # allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; - # }; + /* + networking.firewall = { + allowedTCPPortRanges = [ { from = 1714; to = 1764; } ]; + allowedUDPPortRanges = [ { from = 1714; to = 1764; } ]; + }; + */ }; fonts = {pkgs, ...}: { @@ -651,21 +669,24 @@ maliit-framework kdePackages.kate - # kdePackages.kdenlive - # kdePackages.merkuro kdePackages.kcalc - # kdePackages.neochat kdePackages.filelight kdePackages.krdc kdePackages.krfb kdePackages.kclock kdePackages.kweather kdePackages.ktorrent - # kdePackages.kdevelop - # kdePackages.kdialog kdePackages.kdeplasma-addons unstable-packages.kdePackages.krdp + + /* + kdePackages.kdenlive + kdePackages.merkuro + kdePackages.neochat + kdePackages.kdevelop + kdePackages.kdialog + */ ]; programs.gnupg.agent.pinentryPackage = pkgs.pinentry-tty; @@ -746,50 +767,56 @@ } ]; }; - # extraConfig.pipewire."92-low-latency" = { - # context.properties = { - # default.clock.rate = 48000; - # default.clock.quantum = 32; - # default.clock.min-quantum = 32; - # default.clock.max-quantum = 32; - # }; - # }; + /* + extraConfig.pipewire."92-low-latency" = { + context.properties = { + default.clock.rate = 48000; + default.clock.quantum = 32; + default.clock.min-quantum = 32; + default.clock.max-quantum = 32; + }; + }; + */ }; # recommended by https://nixos.wiki/wiki/PipeWire security.rtkit.enable = true; - # services.pipewire = { - # enable = true; + /* + services.pipewire = { + enable = true; - # wireplumber.enable = true; - # pulse.enable = true; - # jack.enable = true; + wireplumber.enable = true; + pulse.enable = true; + jack.enable = true; - # alsa = { - # enable = true; - # support32Bit = true; - # }; - # }; + alsa = { + enable = true; + support32Bit = true; + }; + }; - # hardware = { - # pulseaudio = { - # enable = false; - # support32Bit = true; - # }; - # }; + hardware = { + pulseaudio = { + enable = false; + support32Bit = true; + }; + }; - # security = { - # # I forget why I need these exactly... - # polkit.enable = true; + security = { + # I forget why I need these exactly... + polkit.enable = true; - # rtkit.enable = true; - # }; + rtkit.enable = true; + }; + */ }; music-production = {pkgs, ...}: { - # TODO: may want to force nixpkgs-stable for a more-stable music production - # environment? + /* + TODO: may want to force nixpkgs-stable for a more-stable music production + environment? + */ imports = [ { environment.systemPackages = with pkgs; [ @@ -800,11 +827,12 @@ } ]; - # TODO: things to look into for music production: - # - https://linuxmusicians.com/viewtopic.php?t=27016 - # - KXStudio? - # - falktx (https://github.com/DISTRHO/Cardinal) - # - + /* + TODO: things to look into for music production: + - https://linuxmusicians.com/viewtopic.php?t=27016 + - KXStudio? + - falktx (https://github.com/DISTRHO/Cardinal) + */ }; podman = {pkgs, ...}: { @@ -898,9 +926,11 @@ networking.networkmanager.enable = mkDefault true; systemd.services.NetworkManager-wait-online.enable = mkDefault false; - # TODO: networking.networkmanager.wifi.backend = "iwd"; ? - # TODO: powersave? - # TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets? + /* + TODO: networking.networkmanager.wifi.backend = "iwd"; ? + TODO: powersave? + TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets? + */ }; steam = {pkgs, ...}: { @@ -908,12 +938,15 @@ programs.steam = { enable = true; - # extest.enable = true; - # gamescopeSession.enable = true; - # extraPackages = with pkgs; [ - # gamescope - # ]; + /* + extest.enable = true; + gamescopeSession.enable = true; + + extraPackages = with pkgs; [ + gamescope + ]; + */ extraCompatPackages = with pkgs; [ proton-ge-bin @@ -931,8 +964,10 @@ ]; # remote play ports - should be unnecessary due to programs.steam.remotePlay.openFirewall = true; - # networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ]; - # networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ]; + /* + networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ]; + networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ]; + */ }; root = { @@ -1089,12 +1124,14 @@ # module has the incorrect file permissions out of the box environment.etc = { - # "kanidm" = { - # enable = true; - # user = "nobody"; - # group = "users"; - # mode = "0755"; - # }; + /* + "kanidm" = { + enable = true; + user = "nobody"; + group = "users"; + mode = "0755"; + }; + */ "kanidm/unixd" = { user = "kanidm-unixd"; group = "kanidm-unixd"; diff --git a/modules/nixos/gnome.nix b/modules/nixos/gnome.nix index 097863a..79eb1b0 100644 --- a/modules/nixos/gnome.nix +++ b/modules/nixos/gnome.nix @@ -50,36 +50,35 @@ gnome.gnome-power-manager brightnessctl feh - # gimp grim - # inkscape - # krita libinput libinput-gestures libnotify - # lutris - # nil - # nixpkgs-fmt noto-fonts pamixer - # pavucontrol playerctl - # pulseaudio pulsemixer - # rclone - # restic slurp - # steam swaybg swayidle swaylock - # vlc - # vulkan-tools waybar - # weechat - # wine wl-clipboard zathura + /* + gimp + inkscape + krita + pavucontrol + pulseaudio + rclone + restic + steam + vlc + vulkan-tools + weechat + wine + */ ]; }; } diff --git a/nixos/bigtower.nix b/nixos/bigtower.nix index f44610a..d639e51 100644 --- a/nixos/bigtower.nix +++ b/nixos/bigtower.nix @@ -84,9 +84,9 @@ monitor = [ # "DP-2,3840x2160@60,-2160x0,1,transform,3" "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1" - # HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10" - # "desc:LG Display 0x0521,3840x2160@120,0x0,1" - # "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1" + ## HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10" + ## "desc:LG Display 0x0521,3840x2160@120,0x0,1" + ## "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1" "DP-2,3840x2160@60,0x0,1.5,transform,1" ]; input = { diff --git a/nixos/router.nix b/nixos/router.nix index 366e298..d3bd2dd 100644 --- a/nixos/router.nix +++ b/nixos/router.nix @@ -145,22 +145,22 @@ in { checkRuleset = true; ruleset = with inf; '' table inet filter { - # set LANv4 { - # type ipv4_addr - # flags interval - # elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 } - # } - # set LANv6 { - # type ipv6_addr - # flags interval - # elements = { fd00::/8, fe80::/10 } - # } - # TODO: maybe tailnet? + ## set LANv4 { + ## type ipv4_addr + ## flags interval + ## elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 } + ## } + ## set LANv6 { + ## type ipv6_addr + ## flags interval + ## elements = { fd00::/8, fe80::/10 } + ## } + ## TODO: maybe tailnet? - # chain my_input_lan { - # udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply" - # udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies" - # } + ## chain my_input_lan { + ## udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply" + ## udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies" + ## } chain input { type filter hook input priority 0; policy drop; @@ -199,8 +199,8 @@ in { iifname "${lan}" accept comment "Allow local network to access the router" iifname "tailscale0" accept comment "Allow local network to access the router" - # ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges" - # ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges" + ## ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges" + ## ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges" iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan" } @@ -215,13 +215,13 @@ in { accept } - # chain forward { - # type filter hook forward priority filter; policy drop; + ## chain forward { + ## type filter hook forward priority filter; policy drop; - # iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN" - # iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN" - # iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN" - # } + ## iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN" + ## iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN" + ## iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN" + ## } } table ip nat { @@ -263,16 +263,16 @@ in { parent = interfaces.wan.name; ipv4Addresses = [cidr]; }; - # banned = { - # ingressExpression = [ - # "ip saddr @banlist" - # "ip6 saddr @banlist6" - # ]; - # egressExpression = [ - # "ip daddr @banlist" - # "ip6 daddr @banlist6" - # ]; - # }; + ## banned = { + ## ingressExpression = [ + ## "ip saddr @banlist" + ## "ip6 saddr @banlist6" + ## ]; + ## egressExpression = [ + ## "ip daddr @banlist" + ## "ip6 daddr @banlist6" + ## ]; + ## }; }; rules = { diff --git a/overlays/default.nix b/overlays/default.nix index 2d9367d..eaf8f3f 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -5,22 +5,28 @@ pkgs = import nixpkgs {inherit (final) system;}; }; - # This one contains whatever you want to overlay - # You can change versions, add patches, set compilation flags, anything really. - # https://nixos.wiki/wiki/Overlays + /* + This one contains whatever you want to overlay + You can change versions, add patches, set compilation flags, anything really. + https://nixos.wiki/wiki/Overlays + */ modifications = final: prev: { - # final.fprintd = prev.fprintd.overrideAttrs { - # # Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f - # mesonCheckFlags = [ - # # PAM related checks are timing out - # "--no-suite" - # "fprintd:TestPamFprintd" - # ]; - # }; + /* + final.fprintd = prev.fprintd.overrideAttrs { + # Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f + mesonCheckFlags = [ + # PAM related checks are timing out + "--no-suite" + "fprintd:TestPamFprintd" + ]; + }; + */ }; - # When applied, the unstable nixpkgs set (declared in the flake inputs) will - # be accessible through 'pkgs.unstable' + /* + When applied, the unstable nixpkgs set (declared in the flake inputs) will + be accessible through 'pkgs.unstable' + */ unstable-packages = final: _prev: { unstable = import nixpkgs { system = final.system; diff --git a/packages/iosevkaLyteTerm.nix b/packages/iosevkaLyteTerm.nix index e466b8d..a869845 100644 --- a/packages/iosevkaLyteTerm.nix +++ b/packages/iosevkaLyteTerm.nix @@ -34,10 +34,10 @@ in ((iosevka.override { menu = 900 css = 900 - # [[buildPlans.Iosevka${set}.compatibility-ligatures]] - # unicode = 57600 # 0xE100 - # featureTag = 'calt' - # kequence = '<*>' + ## [[buildPlans.Iosevka${set}.compatibility-ligatures]] + ## unicode = 57600 # 0xE100 + ## featureTag = 'calt' + ## kequence = '<*>' [buildPlans.Iosevka${set}.variants] inherits = "ss01"