Comment

2024-09-12 12:05:22 -05:00 · 2024-09-12 12:05:22 -05:00 · 727a70d843
parent a7ec834c6a
commit 727a70d843
8 changed files with 265 additions and 209 deletions
--- a/flake.nix
+++ b/flake.nix
@ -97,17 +97,21 @@
      };
    };
-    # moduleArgs = {
+    /*
-    #   # inherit style;
+    moduleArgs = {
-    #   inherit helix slippi hyprland hardware disko home-manager;
+      # inherit style;
-    #   inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays;
+      inherit helix slippi hyprland hardware disko home-manager;
-    # };
+      inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays;
    };
    */
    pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev";
  in {
-    # kind of a quirk, but package definitions are actually in the "additions"
+    /*
-    # overlay I did this to work around some recursion problems
+    kind of a quirk, but package definitions are actually in the "additions"
-    # TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880
+    overlay I did this to work around some recursion problems
    TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880
    */
    packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;});
    diskoConfigurations = import ./disko {inherit (nixpkgs) lib;};
    templates = import ./templates;
@ -221,10 +225,12 @@
      in rec {
        helix = helix.outputs.packages.${prev.system}.helix;
        final.helix = helix;
-        # TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
+        /*
-        # source: https://github.com/wez/wezterm/issues/3771
+        TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
-        # not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737
+        source: https://github.com/wez/wezterm/issues/3771
-        # I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing
+        not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737
        I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing
        */
        wezterm = wezterm-input.outputs.packages.${prev.system}.default;
        final.wezterm = wezterm;
      };
@ -437,33 +443,35 @@
        ];
      };
-      # grablet = nixpkgs.lib.nixosSystem {
+      /*
-      #   system = "x86_64-linux";
+      grablet = nixpkgs.lib.nixosSystem {
-      #   modules = with nixosModules; [
+        system = "x86_64-linux";
-      #     common
+        modules = with nixosModules; [
          common
-      #     outputs.diskoConfigurations.standard
+          outputs.diskoConfigurations.standard
-      #     hardware.nixosModules.common-cpu-intel-kaby-lake
+          hardware.nixosModules.common-cpu-intel-kaby-lake
-      #     hardware.nixosModules.common-pc-laptopp-ssd
+          hardware.nixosModules.common-pc-laptopp-ssd
-      #     graphical-workstation
+          graphical-workstation
-      #     laptop
+          laptop
-      #     gaming
+          gaming
-      #     ./nixos/thablet.nix
+          ./nixos/thablet.nix
-      #     {
+          {
-      #       home-manager.users.daniel = {
+            home-manager.users.daniel = {
-      #         imports = with homeManagerModules; [
+              imports = with homeManagerModules; [
-      #           iex
+                iex
-      #           cargo
+                cargo
-      #           linux-desktop-environment-config
+                linux-desktop-environment-config
-      #         ];
+              ];
-      #       };
+            };
-      #       powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
+            powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
-      #     }
+          }
-      #   ];
+        ];
-      # };
+      };
      */
      thinker = nixpkgs-unstable.lib.nixosSystem {
        system = "x86_64-linux";
@ -561,11 +569,13 @@
          linux
          troubleshooting-tools
-          # NOTE: maybe use this someday, but I think I need more concrete
+          /*
-          # networking knowledge before I know how to use it well. Additionally,
+          NOTE: maybe use this someday, but I think I need more concrete
-          # I can use my existing firewall configuration more easily if I manage
+          networking knowledge before I know how to use it well. Additionally,
-          # it directly.
+          I can use my existing firewall configuration more easily if I manage
-          # nnf.nixosModules.default
+          it directly.
          nnf.nixosModules.default
          */
          ./nixos/router.nix
        ];
@ -599,8 +609,10 @@
        };
    };
-    # TODO: nix-on-droid for phone terminal usage?
+    /*
-    # TODO: nix-darwin for work?
+    TODO: nix-on-droid for phone terminal usage?
-    # TODO: nixos ISO?
+    TODO: nix-darwin for work?
    TODO: nixos ISO?
    */
  };
 }
--- a/modules/home-manager/sway.nix
+++ b/modules/home-manager/sway.nix
@ -96,9 +96,11 @@
      ];
      output = {
-        # "*" = {
+        /*
-        #   background = "$HOME/.wallpaper fill";
+        "*" = {
-        # };
+          background = "$HOME/.wallpaper fill";
        };
        */
      };
      # TODO: popup_during_fullscreen smart
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -89,39 +89,41 @@
      systemPackages = with pkgs; [
        brightnessctl
        feh
        # gimp
        grim
        # inkscape
        # krita
        libinput
        libinput-gestures
        libnotify
        mako
        # lutris
        # nil
        # nixpkgs-fmt
        noto-fonts
        pamixer
        # pavucontrol
        playerctl
        pulseaudio
        pulsemixer
        # rclone
        # restic
        slurp
        # steam
        swaybg
        swayidle
        swaylock
        swayosd
        tofi
        # vlc
        # vulkan-tools
        waybar
        # weechat
        # wine
        wl-clipboard
        zathura
        /*
        gimp
        inkscape
        krita
        lutris
        nil
        nixpkgs-fmt
        pavucontrol
        rclone
        restic
        steam
        vlc
        vulkan-tools
        weechat
        wine
        */
      ];
    };
  };
@ -238,9 +240,11 @@
      file
      iputils
      nettools
-      # nodePackages.bash-language-server # just pull in as needed?
+      /*
-      # shellcheck
+      nodePackages.bash-language-server # just pull in as needed?
-      # shfmt
+      shellcheck
      shfmt
      */
      killall
      ripgrep
      rsync
@ -269,9 +273,11 @@
    pkgs,
    ...
  }: {
-    # https://nixos.wiki/wiki/Remote_disk_unlocking
+    /*
-    # "When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
+    https://nixos.wiki/wiki/Remote_disk_unlocking
-    # ^ seems less than ideal
+    "When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
    ^ seems less than ideal
    */
    boot.kernelParams = ["ip=dhcp"];
    boot.initrd = {
      # availableKernelModules = ["r8169"]; # ethernet drivers
@ -306,17 +312,21 @@
      openFirewall = lib.mkDefault true;
-      # listenAddresses = [
+      /*
-      #   { addr = "0.0.0.0"; port = 22; }
+      listenAddresses = [
-      # ];
+        { addr = "0.0.0.0"; port = 22; }
      ];
      */
    };
  };
  password-manager = {pkgs, ...}: {
-    # programs.goldwarden = {
+    /*
-    # NOTE: This didn't seem to work for me, but would be awesome!
+    programs.goldwarden = {
-    #   enable = true;
+      ## NOTE: This didn't seem to work for me, but would be awesome! (but I can't remember why?)
-    # };
+      enable = true;
    };
    */
    home-manager.users.daniel = {
      imports = with homeManagerModules; [
@ -418,9 +428,11 @@
    environment.sessionVariables.NIXOS_OZONE_WL = "1";
    programs.neovim = {
      enable = true;
-      # plugins = [
+      /*
-      #   pkgs.vimPlugins.nvim-treesitter.withAllGrammars
+      plugins = [
-      # ];
+        pkgs.vimPlugins.nvim-treesitter.withAllGrammars
      ];
      */
    };
    environment.systemPackages = with pkgs; [
@ -574,8 +586,10 @@
      then {
        graphics = {
          enable = true;
-          # driSupport32Bit = true;
+          /*
-          # driSupport = true;
+          driSupport32Bit = true;
          driSupport = true;
          */
        };
      }
      else {
@ -591,8 +605,10 @@
        slides
      ];
      variables = {
-        # GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
+        /*
-        # GTK_USE_PORTAL = "1";
+        GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
        GTK_USE_PORTAL = "1";
        */
      };
    };
  };
@ -603,10 +619,12 @@
  kde-connect = {
    programs.kdeconnect.enable = true;
-    # networking.firewall = {
+    /*
-    # allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
+    networking.firewall = {
-    # allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
+    allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
-    # };
+    allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
    };
    */
  };
  fonts = {pkgs, ...}: {
@ -651,21 +669,24 @@
      maliit-framework
      kdePackages.kate
      # kdePackages.kdenlive
      # kdePackages.merkuro
      kdePackages.kcalc
      # kdePackages.neochat
      kdePackages.filelight
      kdePackages.krdc
      kdePackages.krfb
      kdePackages.kclock
      kdePackages.kweather
      kdePackages.ktorrent
      # kdePackages.kdevelop
      # kdePackages.kdialog
      kdePackages.kdeplasma-addons
      unstable-packages.kdePackages.krdp
      /*
      kdePackages.kdenlive
      kdePackages.merkuro
      kdePackages.neochat
      kdePackages.kdevelop
      kdePackages.kdialog
      */
    ];
    programs.gnupg.agent.pinentryPackage = pkgs.pinentry-tty;
@ -746,50 +767,56 @@
          }
        ];
      };
-      # extraConfig.pipewire."92-low-latency" = {
+      /*
-      # context.properties = {
+      extraConfig.pipewire."92-low-latency" = {
-      # default.clock.rate = 48000;
+      context.properties = {
-      # default.clock.quantum = 32;
+      default.clock.rate = 48000;
-      # default.clock.min-quantum = 32;
+      default.clock.quantum = 32;
-      # default.clock.max-quantum = 32;
+      default.clock.min-quantum = 32;
-      # };
+      default.clock.max-quantum = 32;
-      # };
+      };
      };
      */
    };
    # recommended by https://nixos.wiki/wiki/PipeWire
    security.rtkit.enable = true;
-    # services.pipewire = {
+    /*
-    #   enable = true;
+    services.pipewire = {
      enable = true;
-    #   wireplumber.enable = true;
+      wireplumber.enable = true;
-    #   pulse.enable = true;
+      pulse.enable = true;
-    #   jack.enable = true;
+      jack.enable = true;
-    #   alsa = {
+      alsa = {
-    #     enable = true;
+        enable = true;
-    #     support32Bit = true;
+        support32Bit = true;
-    #   };
+      };
-    # };
+    };
-    # hardware = {
+    hardware = {
-    #   pulseaudio = {
+      pulseaudio = {
-    #     enable = false;
+        enable = false;
-    #     support32Bit = true;
+        support32Bit = true;
-    #   };
+      };
-    # };
+    };
-    # security = {
+    security = {
-    #   # I forget why I need these exactly...
+      # I forget why I need these exactly...
-    #   polkit.enable = true;
+      polkit.enable = true;
-    #   rtkit.enable = true;
+      rtkit.enable = true;
-    # };
+    };
    */
  };
  music-production = {pkgs, ...}: {
-    # TODO: may want to force nixpkgs-stable for a more-stable music production
+    /*
-    # environment?
+    TODO: may want to force nixpkgs-stable for a more-stable music production
    environment?
    */
    imports = [
      {
        environment.systemPackages = with pkgs; [
@ -800,11 +827,12 @@
      }
    ];
-    # TODO: things to look into for music production:
+    /*
-    # - https://linuxmusicians.com/viewtopic.php?t=27016
+    TODO: things to look into for music production:
-    # - KXStudio?
+    - https://linuxmusicians.com/viewtopic.php?t=27016
-    # - falktx (https://github.com/DISTRHO/Cardinal)
+    - KXStudio?
-    # -
+    - falktx (https://github.com/DISTRHO/Cardinal)
    */
  };
  podman = {pkgs, ...}: {
@ -898,9 +926,11 @@
    networking.networkmanager.enable = mkDefault true;
    systemd.services.NetworkManager-wait-online.enable = mkDefault false;
-    # TODO: networking.networkmanager.wifi.backend = "iwd"; ?
+    /*
-    # TODO: powersave?
+    TODO: networking.networkmanager.wifi.backend = "iwd"; ?
-    # TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets?
+    TODO: powersave?
    TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets?
    */
  };
  steam = {pkgs, ...}: {
@ -908,12 +938,15 @@
    programs.steam = {
      enable = true;
      # extest.enable = true;
      # gamescopeSession.enable = true;
-      # extraPackages = with pkgs; [
+      /*
-      # gamescope
+      extest.enable = true;
-      # ];
+      gamescopeSession.enable = true;
      extraPackages = with pkgs; [
      gamescope
      ];
      */
      extraCompatPackages = with pkgs; [
        proton-ge-bin
@ -931,8 +964,10 @@
    ];
    # remote play ports - should be unnecessary due to programs.steam.remotePlay.openFirewall = true;
-    # networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
+    /*
-    # networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
+    networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
    networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
    */
  };
  root = {
@ -1089,12 +1124,14 @@
    # module has the incorrect file permissions out of the box
    environment.etc = {
-      # "kanidm" = {
+      /*
-      # enable = true;
+      "kanidm" = {
-      #   user = "nobody";
+      enable = true;
-      #   group = "users";
+        user = "nobody";
-      #   mode = "0755";
+        group = "users";
-      # };
+        mode = "0755";
      };
      */
      "kanidm/unixd" = {
        user = "kanidm-unixd";
        group = "kanidm-unixd";
--- a/modules/nixos/gnome.nix
+++ b/modules/nixos/gnome.nix
@ -50,36 +50,35 @@
      gnome.gnome-power-manager
      brightnessctl
      feh
      # gimp
      grim
      # inkscape
      # krita
      libinput
      libinput-gestures
      libnotify
      # lutris
      # nil
      # nixpkgs-fmt
      noto-fonts
      pamixer
      # pavucontrol
      playerctl
      # pulseaudio
      pulsemixer
      # rclone
      # restic
      slurp
      # steam
      swaybg
      swayidle
      swaylock
      # vlc
      # vulkan-tools
      waybar
      # weechat
      # wine
      wl-clipboard
      zathura
      /*
      gimp
      inkscape
      krita
      pavucontrol
      pulseaudio
      rclone
      restic
      steam
      vlc
      vulkan-tools
      weechat
      wine
      */
    ];
  };
 }
--- a/nixos/bigtower.nix
+++ b/nixos/bigtower.nix
@ -84,9 +84,9 @@
        monitor = [
          # "DP-2,3840x2160@60,-2160x0,1,transform,3"
          "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1"
-          # HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10"
+          ## HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10"
-          # "desc:LG Display 0x0521,3840x2160@120,0x0,1"
+          ## "desc:LG Display 0x0521,3840x2160@120,0x0,1"
-          # "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1"
+          ## "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1"
          "DP-2,3840x2160@60,0x0,1.5,transform,1"
        ];
        input = {
--- a/nixos/router.nix
+++ b/nixos/router.nix
@ -145,22 +145,22 @@ in {
      checkRuleset = true;
      ruleset = with inf; ''
        table inet filter {
-        	# set LANv4 {
+        	## set LANv4 {
-        	# 	type ipv4_addr
+        	## 	type ipv4_addr
-        	# 	flags interval
+        	## 	flags interval
-        	# 	elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
+        	## 	elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
-        	# }
+        	## }
-        	# set LANv6 {
+        	## set LANv6 {
-        	# 	type ipv6_addr
+        	## 	type ipv6_addr
-        	# 	flags interval
+        	## 	flags interval
-        	# 	elements = { fd00::/8, fe80::/10 }
+        	## 	elements = { fd00::/8, fe80::/10 }
-        	# }
+        	## }
-          # TODO: maybe tailnet?
+          ## TODO: maybe tailnet?
-        	# chain my_input_lan {
+        	## chain my_input_lan {
-        	# 	udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
+        	## 	udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
-        	# 	udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies"
+        	## 	udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies"
-        	# }
+        	## }
          chain input {
            type filter hook input priority 0; policy drop;
@ -199,8 +199,8 @@ in {
            iifname "${lan}" accept comment "Allow local network to access the router"
            iifname "tailscale0" accept comment "Allow local network to access the router"
-        		# ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges"
+        		## ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges"
-        		# ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges"
+        		## ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges"
            iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan"
          }
@ -215,13 +215,13 @@ in {
            accept
          }
-          # chain forward {
+          ## chain forward {
-          #   type filter hook forward priority filter; policy drop;
+          ##   type filter hook forward priority filter; policy drop;
-          #   iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
+          ##   iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
-          #   iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
+          ##   iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
-          #   iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN"
+          ##   iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN"
-          # }
+          ## }
        }
        table ip nat {
@ -263,16 +263,16 @@ in {
          parent = interfaces.wan.name;
          ipv4Addresses = [cidr];
        };
-        # banned = {
+        ## banned = {
-        #   ingressExpression = [
+        ##   ingressExpression = [
-        #     "ip saddr @banlist"
+        ##     "ip saddr @banlist"
-        #     "ip6 saddr @banlist6"
+        ##     "ip6 saddr @banlist6"
-        #   ];
+        ##   ];
-        #   egressExpression = [
+        ##   egressExpression = [
-        #     "ip daddr @banlist"
+        ##     "ip daddr @banlist"
-        #     "ip6 daddr @banlist6"
+        ##     "ip6 daddr @banlist6"
-        #   ];
+        ##   ];
-        # };
+        ## };
      };
      rules = {
--- a/overlays/default.nix
+++ b/overlays/default.nix
@ -5,22 +5,28 @@
      pkgs = import nixpkgs {inherit (final) system;};
    };
-  # This one contains whatever you want to overlay
+  /*
-  # You can change versions, add patches, set compilation flags, anything really.
+  This one contains whatever you want to overlay
-  # https://nixos.wiki/wiki/Overlays
+  You can change versions, add patches, set compilation flags, anything really.
  https://nixos.wiki/wiki/Overlays
  */
  modifications = final: prev: {
-    # final.fprintd = prev.fprintd.overrideAttrs {
+    /*
-    #   # Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f
+    final.fprintd = prev.fprintd.overrideAttrs {
-    #   mesonCheckFlags = [
+      # Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f
-    #     # PAM related checks are timing out
+      mesonCheckFlags = [
-    #     "--no-suite"
+        # PAM related checks are timing out
-    #     "fprintd:TestPamFprintd"
+        "--no-suite"
-    #   ];
+        "fprintd:TestPamFprintd"
-    # };
+      ];
    };
    */
  };
-  # When applied, the unstable nixpkgs set (declared in the flake inputs) will
+  /*
-  # be accessible through 'pkgs.unstable'
+  When applied, the unstable nixpkgs set (declared in the flake inputs) will
  be accessible through 'pkgs.unstable'
  */
  unstable-packages = final: _prev: {
    unstable = import nixpkgs {
      system = final.system;
--- a/packages/iosevkaLyteTerm.nix
+++ b/packages/iosevkaLyteTerm.nix
@ -34,10 +34,10 @@ in ((iosevka.override {
      menu  = 900
      css   = 900
-      # [[buildPlans.Iosevka${set}.compatibility-ligatures]]
+      ## [[buildPlans.Iosevka${set}.compatibility-ligatures]]
-      # unicode = 57600 # 0xE100
+      ## unicode = 57600 # 0xE100
-      # featureTag = 'calt'
+      ## featureTag = 'calt'
-      # kequence = '<*>'
+      ## kequence = '<*>'
      [buildPlans.Iosevka${set}.variants]
      inherits = "ss01"