lytedev/nix
1
0
Fork 1
Code Issues Pull requests 1 Actions Packages Projects Releases Wiki Activity

Comment
All checks were successful
/ check (push) Successful in 3m45s
Details

Browse source
This commit is contained in:
Daniel Flanagan 2024-09-12 12:05:22 -05:00
parent a7ec834c6a
commit 727a70d843
8 changed files with 265 additions and 209 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

98
flake.nix
View file

@ -97,17 +97,21 @@
};
};
# moduleArgs = {
# # inherit style;
# inherit helix slippi hyprland hardware disko home-manager;
# inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays;
# };
/*
moduleArgs = {
# inherit style;
inherit helix slippi hyprland hardware disko home-manager;
inherit (outputs) nixosModules homeManagerModules diskoConfigurations overlays;
};
*/
pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev";
in {
# kind of a quirk, but package definitions are actually in the "additions"
# overlay I did this to work around some recursion problems
# TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880
/*
kind of a quirk, but package definitions are actually in the "additions"
overlay I did this to work around some recursion problems
TODO: https://discourse.nixos.org/t/infinite-recursion-getting-started-with-overlays/48880
*/
packages = genPkgs (pkgs: {inherit (pkgs) iosevkaLyteTerm iosevkaLyteTermSubset nix-base-container-image;});
diskoConfigurations = import ./disko {inherit (nixpkgs) lib;};
templates = import ./templates;
@ -221,10 +225,12 @@
in rec {
helix = helix.outputs.packages.${prev.system}.helix;
final.helix = helix;
# TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
# source: https://github.com/wez/wezterm/issues/3771
# not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737
# I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing
/*
TODO: would love to use a current wezterm build so I can make use of ssh/mux functionality without breakage
source: https://github.com/wez/wezterm/issues/3771
not-yet-merged (abandoned?): https://github.com/wez/wezterm/pull/4737
I did try using the latest code via the flake, but alas it did not resolve my issues with mux'ing
*/
wezterm = wezterm-input.outputs.packages.${prev.system}.default;
final.wezterm = wezterm;
};
@ -437,33 +443,35 @@
];
};
# grablet = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# modules = with nixosModules; [
# common
/*
grablet = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = with nixosModules; [
common
# outputs.diskoConfigurations.standard
# hardware.nixosModules.common-cpu-intel-kaby-lake
# hardware.nixosModules.common-pc-laptopp-ssd
# graphical-workstation
# laptop
# gaming
outputs.diskoConfigurations.standard
hardware.nixosModules.common-cpu-intel-kaby-lake
hardware.nixosModules.common-pc-laptopp-ssd
graphical-workstation
laptop
gaming
# ./nixos/thablet.nix
./nixos/thablet.nix
# {
# home-manager.users.daniel = {
# imports = with homeManagerModules; [
# iex
# cargo
# linux-desktop-environment-config
# ];
# };
{
home-manager.users.daniel = {
imports = with homeManagerModules; [
iex
cargo
linux-desktop-environment-config
];
};
# powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
# }
# ];
# };
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
}
];
};
*/
thinker = nixpkgs-unstable.lib.nixosSystem {
system = "x86_64-linux";
@ -561,11 +569,13 @@
linux
troubleshooting-tools
# NOTE: maybe use this someday, but I think I need more concrete
# networking knowledge before I know how to use it well. Additionally,
# I can use my existing firewall configuration more easily if I manage
# it directly.
# nnf.nixosModules.default
/*
NOTE: maybe use this someday, but I think I need more concrete
networking knowledge before I know how to use it well. Additionally,
I can use my existing firewall configuration more easily if I manage
it directly.
nnf.nixosModules.default
*/
./nixos/router.nix
];
@ -599,8 +609,10 @@
};
};
# TODO: nix-on-droid for phone terminal usage?
# TODO: nix-darwin for work?
# TODO: nixos ISO?
/*
TODO: nix-on-droid for phone terminal usage?
TODO: nix-darwin for work?
TODO: nixos ISO?
*/
};
}

8
modules/home-manager/sway.nix
View file

@ -96,9 +96,11 @@
];
output = {
# "*" = {
# background = "$HOME/.wallpaper fill";
# };
/*
"*" = {
background = "$HOME/.wallpaper fill";
};
*/
};
# TODO: popup_during_fullscreen smart

227
modules/nixos/default.nix
View file

@ -89,39 +89,41 @@
systemPackages = with pkgs; [
brightnessctl
feh
# gimp
grim
# inkscape
# krita
libinput
libinput-gestures
libnotify
mako
# lutris
# nil
# nixpkgs-fmt
noto-fonts
pamixer
# pavucontrol
playerctl
pulseaudio
pulsemixer
# rclone
# restic
slurp
# steam
swaybg
swayidle
swaylock
swayosd
tofi
# vlc
# vulkan-tools
waybar
# weechat
# wine
wl-clipboard
zathura
/*
gimp
inkscape
krita
lutris
nil
nixpkgs-fmt
pavucontrol
rclone
restic
steam
vlc
vulkan-tools
weechat
wine
*/
];
};
};
@ -238,9 +240,11 @@
file
iputils
nettools
# nodePackages.bash-language-server # just pull in as needed?
# shellcheck
# shfmt
/*
nodePackages.bash-language-server # just pull in as needed?
shellcheck
shfmt
*/
killall
ripgrep
rsync
@ -269,9 +273,11 @@
pkgs,
...
}: {
# https://nixos.wiki/wiki/Remote_disk_unlocking
# "When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
# ^ seems less than ideal
/*
https://nixos.wiki/wiki/Remote_disk_unlocking
"When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
^ seems less than ideal
*/
boot.kernelParams = ["ip=dhcp"];
boot.initrd = {
# availableKernelModules = ["r8169"]; # ethernet drivers
@ -306,17 +312,21 @@
openFirewall = lib.mkDefault true;
# listenAddresses = [
# { addr = "0.0.0.0"; port = 22; }
# ];
/*
listenAddresses = [
{ addr = "0.0.0.0"; port = 22; }
];
*/
};
};
password-manager = {pkgs, ...}: {
# programs.goldwarden = {
# NOTE: This didn't seem to work for me, but would be awesome!
# enable = true;
# };
/*
programs.goldwarden = {
## NOTE: This didn't seem to work for me, but would be awesome! (but I can't remember why?)
enable = true;
};
*/
home-manager.users.daniel = {
imports = with homeManagerModules; [
@ -418,9 +428,11 @@
environment.sessionVariables.NIXOS_OZONE_WL = "1";
programs.neovim = {
enable = true;
# plugins = [
# pkgs.vimPlugins.nvim-treesitter.withAllGrammars
# ];
/*
plugins = [
pkgs.vimPlugins.nvim-treesitter.withAllGrammars
];
*/
};
environment.systemPackages = with pkgs; [
@ -574,8 +586,10 @@
then {
graphics = {
enable = true;
# driSupport32Bit = true;
# driSupport = true;
/*
driSupport32Bit = true;
driSupport = true;
*/
};
}
else {
@ -591,8 +605,10 @@
slides
];
variables = {
# GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
# GTK_USE_PORTAL = "1";
/*
GTK_THEME = "Catppuccin-Mocha-Compact-Sapphire-Dark";
GTK_USE_PORTAL = "1";
*/
};
};
};
@ -603,10 +619,12 @@
kde-connect = {
programs.kdeconnect.enable = true;
# networking.firewall = {
# allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
# allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
# };
/*
networking.firewall = {
allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
};
*/
};
fonts = {pkgs, ...}: {
@ -651,21 +669,24 @@
maliit-framework
kdePackages.kate
# kdePackages.kdenlive
# kdePackages.merkuro
kdePackages.kcalc
# kdePackages.neochat
kdePackages.filelight
kdePackages.krdc
kdePackages.krfb
kdePackages.kclock
kdePackages.kweather
kdePackages.ktorrent
# kdePackages.kdevelop
# kdePackages.kdialog
kdePackages.kdeplasma-addons
unstable-packages.kdePackages.krdp
/*
kdePackages.kdenlive
kdePackages.merkuro
kdePackages.neochat
kdePackages.kdevelop
kdePackages.kdialog
*/
];
programs.gnupg.agent.pinentryPackage = pkgs.pinentry-tty;
@ -746,50 +767,56 @@
}
];
};
# extraConfig.pipewire."92-low-latency" = {
# context.properties = {
# default.clock.rate = 48000;
# default.clock.quantum = 32;
# default.clock.min-quantum = 32;
# default.clock.max-quantum = 32;
# };
# };
/*
extraConfig.pipewire."92-low-latency" = {
context.properties = {
default.clock.rate = 48000;
default.clock.quantum = 32;
default.clock.min-quantum = 32;
default.clock.max-quantum = 32;
};
};
*/
};
# recommended by https://nixos.wiki/wiki/PipeWire
security.rtkit.enable = true;
# services.pipewire = {
# enable = true;
/*
services.pipewire = {
enable = true;
# wireplumber.enable = true;
# pulse.enable = true;
# jack.enable = true;
wireplumber.enable = true;
pulse.enable = true;
jack.enable = true;
# alsa = {
# enable = true;
# support32Bit = true;
# };
# };
alsa = {
enable = true;
support32Bit = true;
};
};
# hardware = {
# pulseaudio = {
# enable = false;
# support32Bit = true;
# };
# };
hardware = {
pulseaudio = {
enable = false;
support32Bit = true;
};
};
# security = {
# # I forget why I need these exactly...
# polkit.enable = true;
security = {
# I forget why I need these exactly...
polkit.enable = true;
# rtkit.enable = true;
# };
rtkit.enable = true;
};
*/
};
music-production = {pkgs, ...}: {
# TODO: may want to force nixpkgs-stable for a more-stable music production
# environment?
/*
TODO: may want to force nixpkgs-stable for a more-stable music production
environment?
*/
imports = [
{
environment.systemPackages = with pkgs; [
@ -800,11 +827,12 @@
}
];
# TODO: things to look into for music production:
# - https://linuxmusicians.com/viewtopic.php?t=27016
# - KXStudio?
# - falktx (https://github.com/DISTRHO/Cardinal)
# -
/*
TODO: things to look into for music production:
- https://linuxmusicians.com/viewtopic.php?t=27016
- KXStudio?
- falktx (https://github.com/DISTRHO/Cardinal)
*/
};
podman = {pkgs, ...}: {
@ -898,9 +926,11 @@
networking.networkmanager.enable = mkDefault true;
systemd.services.NetworkManager-wait-online.enable = mkDefault false;
# TODO: networking.networkmanager.wifi.backend = "iwd"; ?
# TODO: powersave?
# TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets?
/*
TODO: networking.networkmanager.wifi.backend = "iwd"; ?
TODO: powersave?
TODO: can I pre-configure my usual wifi networks with SSIDs and PSKs loaded from secrets?
*/
};
steam = {pkgs, ...}: {
@ -908,12 +938,15 @@
programs.steam = {
enable = true;
# extest.enable = true;
# gamescopeSession.enable = true;
# extraPackages = with pkgs; [
# gamescope
# ];
/*
extest.enable = true;
gamescopeSession.enable = true;
extraPackages = with pkgs; [
gamescope
];
*/
extraCompatPackages = with pkgs; [
proton-ge-bin
@ -931,8 +964,10 @@
];
# remote play ports - should be unnecessary due to programs.steam.remotePlay.openFirewall = true;
# networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
# networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
/*
networking.firewall.allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
networking.firewall.allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
*/
};
root = {
@ -1089,12 +1124,14 @@
# module has the incorrect file permissions out of the box
environment.etc = {
# "kanidm" = {
# enable = true;
# user = "nobody";
# group = "users";
# mode = "0755";
# };
/*
"kanidm" = {
enable = true;
user = "nobody";
group = "users";
mode = "0755";
};
*/
"kanidm/unixd" = {
user = "kanidm-unixd";
group = "kanidm-unixd";

29
modules/nixos/gnome.nix
View file

@ -50,36 +50,35 @@
gnome.gnome-power-manager
brightnessctl
feh
# gimp
grim
# inkscape
# krita
libinput
libinput-gestures
libnotify
# lutris
# nil
# nixpkgs-fmt
noto-fonts
pamixer
# pavucontrol
playerctl
# pulseaudio
pulsemixer
# rclone
# restic
slurp
# steam
swaybg
swayidle
swaylock
# vlc
# vulkan-tools
waybar
# weechat
# wine
wl-clipboard
zathura
/*
gimp
inkscape
krita
pavucontrol
pulseaudio
rclone
restic
steam
vlc
vulkan-tools
weechat
wine
*/
];
};
}

6
nixos/bigtower.nix
View file

@ -84,9 +84,9 @@
monitor = [
# "DP-2,3840x2160@60,-2160x0,1,transform,3"
"DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1"
# HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10"
# "desc:LG Display 0x0521,3840x2160@120,0x0,1"
# "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1"
## HDR breaks screenshare? "DP-3,3840x2160@120,${toString (builtins.ceil (2160 / 1.5))}x0,1,bitdepth,10"
## "desc:LG Display 0x0521,3840x2160@120,0x0,1"
## "desc:Dell Inc. DELL U2720Q D3TM623,3840x2160@60,3840x0,1.5,transform,1"
"DP-2,3840x2160@60,0x0,1.5,transform,1"
];
input = {

66
nixos/router.nix
View file

@ -145,22 +145,22 @@ in {
checkRuleset = true;
ruleset = with inf; ''
table inet filter {
# set LANv4 {
# type ipv4_addr
# flags interval
# elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
# }
# set LANv6 {
# type ipv6_addr
# flags interval
# elements = { fd00::/8, fe80::/10 }
# }
# TODO: maybe tailnet?
## set LANv4 {
## type ipv4_addr
## flags interval
## elements = { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16 }
## }
## set LANv6 {
## type ipv6_addr
## flags interval
## elements = { fd00::/8, fe80::/10 }
## }
## TODO: maybe tailnet?
# chain my_input_lan {
# udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
# udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies"
# }
## chain my_input_lan {
## udp sport 1900 udp dport >= 1024 meta pkttype unicast limit rate 4/second burst 20 packets accept comment "Accept UPnP IGD port mapping reply"
## udp sport netbios-ns udp dport >= 1024 meta pkttype unicast accept comment "Accept Samba Workgroup browsing replies"
## }
chain input {
type filter hook input priority 0; policy drop;
@ -199,8 +199,8 @@ in {
iifname "${lan}" accept comment "Allow local network to access the router"
iifname "tailscale0" accept comment "Allow local network to access the router"
# ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges"
# ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges"
## ip6 saddr @LANv6 jump my_input_lan comment "Connections from private IP address ranges"
## ip saddr @LANv4 jump my_input_lan comment "Connections from private IP address ranges"
iifname "${wan}" counter drop comment "Drop all other unsolicited traffic from wan"
}
@ -215,13 +215,13 @@ in {
accept
}
# chain forward {
# type filter hook forward priority filter; policy drop;
## chain forward {
## type filter hook forward priority filter; policy drop;
# iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
# iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
# iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN"
# }
## iifname { "${lan}" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
## iifname { "tailscale0" } oifname { "${wan}" } accept comment "Allow trusted LAN to WAN"
## iifname { "${wan}" } oifname { "${lan}" } ct state { established, related } accept comment "Allow established back to LAN"
## }
}
table ip nat {
@ -263,16 +263,16 @@ in {
parent = interfaces.wan.name;
ipv4Addresses = [cidr];
};
# banned = {
# ingressExpression = [
# "ip saddr @banlist"
# "ip6 saddr @banlist6"
# ];
# egressExpression = [
# "ip daddr @banlist"
# "ip6 daddr @banlist6"
# ];
# };
## banned = {
## ingressExpression = [
## "ip saddr @banlist"
## "ip6 saddr @banlist6"
## ];
## egressExpression = [
## "ip daddr @banlist"
## "ip6 daddr @banlist6"
## ];
## };
};
rules = {

32
overlays/default.nix
View file

@ -5,22 +5,28 @@
pkgs = import nixpkgs {inherit (final) system;};
};
# This one contains whatever you want to overlay
# You can change versions, add patches, set compilation flags, anything really.
# https://nixos.wiki/wiki/Overlays
/*
This one contains whatever you want to overlay
You can change versions, add patches, set compilation flags, anything really.
https://nixos.wiki/wiki/Overlays
*/
modifications = final: prev: {
# final.fprintd = prev.fprintd.overrideAttrs {
# # Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f
# mesonCheckFlags = [
# # PAM related checks are timing out
# "--no-suite"
# "fprintd:TestPamFprintd"
# ];
# };
/*
final.fprintd = prev.fprintd.overrideAttrs {
# Source: https://github.com/NixOS/nixpkgs/commit/87ca2dc071581aea0e691c730d6844f1beb07c9f
mesonCheckFlags = [
# PAM related checks are timing out
"--no-suite"
"fprintd:TestPamFprintd"
];
};
*/
};
# When applied, the unstable nixpkgs set (declared in the flake inputs) will
# be accessible through 'pkgs.unstable'
/*
When applied, the unstable nixpkgs set (declared in the flake inputs) will
be accessible through 'pkgs.unstable'
*/
unstable-packages = final: _prev: {
unstable = import nixpkgs {
system = final.system;

8
packages/iosevkaLyteTerm.nix
View file

@ -34,10 +34,10 @@ in ((iosevka.override {
menu = 900
css = 900
# [[buildPlans.Iosevka${set}.compatibility-ligatures]]
# unicode = 57600 # 0xE100
# featureTag = 'calt'
# kequence = '<*>'
## [[buildPlans.Iosevka${set}.compatibility-ligatures]]
## unicode = 57600 # 0xE100
## featureTag = 'calt'
## kequence = '<*>'
[buildPlans.Iosevka${set}.variants]
inherits = "ss01"