lytedev/nix
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
Daniel Flanagan 2023-09-04 11:40:30 -05:00
commit 9c211530c8
43 changed files with 3006 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
.sops.yaml Normal file
View file

@ -0,0 +1,13 @@
keys:
- &daniel age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45 # pass age-key | rg '# pub'
- &sshd-at-beefcake age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev # ssh beefcake "nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'"
creation_rules:
- path_regex: secrets/[^/]+\.(ya?ml|json|env|ini)$
key_groups:
- age:
- *daniel
- path_regex: secrets/beefcake/[^/]+\.(ya?ml|json|env|ini)$
key_groups:
- age:
- *daniel
- *sshd-at-beefcake

534
daniel.nix Normal file
View file

@ -0,0 +1,534 @@
{ pkgs, lib, ... }: {
# TODO: email access?
# accounts.email.accounts = {
# google = {
# address = "wraithx2@gmail.com";
# };
# };
home.username = "daniel";
home.homeDirectory = lib.mkDefault "/home/daniel/.home";
home.stateVersion = "23.05";
home.packages = [
];
programs.password-store = {
enable = true;
package = (pkgs.pass.withExtensions (exts: [ exts.pass-otp ]));
};
programs.zellij = {
# TODO: enable after port config
enable = false;
enableFishIntegration = true;
settings = {
# TODO: port config
};
};
programs.broot = {
enable = true;
enableFishIntegration = true;
settings = {
modal = true;
skin = {
input = "rgb(205, 214, 244) none";
selected_line = "none rgb(88, 91, 112)";
default = "rgb(205, 214, 244) none";
tree = "rgb(108, 112, 134) none";
parent = "rgb(116, 199, 236) none";
file = "none none";
perm__ = "rgb(186, 194, 222) none";
perm_r = "rgb(250, 179, 135) none";
perm_w = "rgb(235, 160, 172) none";
perm_x = "rgb(166, 227, 161) none";
owner = "rgb(148, 226, 213) none";
group = "rgb(137, 220, 235) none";
dates = "rgb(186, 194, 222) none";
directory = "rgb(180, 190, 254) none Bold";
exe = "rgb(166, 227, 161) none";
link = "rgb(249, 226, 175) none";
pruning = "rgb(166, 173, 200) none Italic";
preview_title = "rgb(205, 214, 244) rgb(24, 24, 37)";
preview = "rgb(205, 214, 244) rgb(24, 24, 37)";
preview_line_number = "rgb(108, 112, 134) none";
char_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic";
content_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic";
preview_match = "rgb(249, 226, 175) rgb(69, 71, 90) Bold Italic";
count = "rgb(249, 226, 175) none";
sparse = "rgb(243, 139, 168) none";
content_extract = "rgb(243, 139, 168) none Italic";
git_branch = "rgb(250, 179, 135) none";
git_insertions = "rgb(250, 179, 135) none";
git_deletions = "rgb(250, 179, 135) none";
git_status_current = "rgb(250, 179, 135) none";
git_status_modified = "rgb(250, 179, 135) none";
git_status_new = "rgb(250, 179, 135) none Bold";
git_status_ignored = "rgb(250, 179, 135) none";
git_status_conflicted = "rgb(250, 179, 135) none";
git_status_other = "rgb(250, 179, 135) none";
staging_area_title = "rgb(250, 179, 135) none";
flag_label = "rgb(243, 139, 168) none";
flag_value = "rgb(243, 139, 168) none Bold";
status_normal = "none rgb(24, 24, 37)";
status_italic = "rgb(243, 139, 168) rgb(24, 24, 37) Italic";
status_bold = "rgb(235, 160, 172) rgb(24, 24, 37) Bold";
status_ellipsis = "rgb(235, 160, 172) rgb(24, 24, 37) Bold";
status_error = "rgb(205, 214, 244) rgb(243, 139, 168)";
status_job = "rgb(235, 160, 172) rgb(40, 38, 37)";
status_code = "rgb(235, 160, 172) rgb(24, 24, 37) Italic";
mode_command_mark = "rgb(235, 160, 172) rgb(24, 24, 37) Bold";
help_paragraph = "rgb(205, 214, 244) none";
help_headers = "rgb(243, 139, 168) none Bold";
help_bold = "rgb(250, 179, 135) none Bold";
help_italic = "rgb(249, 226, 175) none Italic";
help_code = "rgb(166, 227, 161) rgb(49, 50, 68)";
help_table_border = "rgb(108, 112, 134) none";
hex_null = "rgb(205, 214, 244) none";
hex_ascii_graphic = "rgb(250, 179, 135) none";
hex_ascii_whitespace = "rgb(166, 227, 161) none";
hex_ascii_other = "rgb(148, 226, 213) none";
hex_non_ascii = "rgb(243, 139, 168) none";
file_error = "rgb(251, 73, 52) none";
purpose_normal = "none none";
purpose_italic = "rgb(177, 98, 134) none Italic";
purpose_bold = "rgb(177, 98, 134) none Bold";
purpose_ellipsis = "none none";
scrollbar_track = "rgb(49, 50, 68) none";
scrollbar_thumb = "rgb(88, 91, 112) none";
good_to_bad_0 = "rgb(166, 227, 161) none";
good_to_bad_1 = "rgb(148, 226, 213) none";
good_to_bad_2 = "rgb(137, 220, 235) none";
good_to_bad_3 = "rgb(116, 199, 236) none";
good_to_bad_4 = "rgb(137, 180, 250) none";
good_to_bad_5 = "rgb(180, 190, 254) none";
good_to_bad_6 = "rgb(203, 166, 247) none";
good_to_bad_7 = "rgb(250, 179, 135) none";
good_to_bad_8 = "rgb(235, 160, 172) none";
good_to_bad_9 = "rgb(243, 139, 168) none";
};
verbs = [
{ invocation = "edit"; shortcut = "e"; execution = "$EDITOR +{line} {file}"; }
];
};
};
programs.home-manager.enable = true;
programs.direnv.enable = true;
programs.direnv.nix-direnv.enable = true;
programs.fish = {
enable = true;
shellInit = ''
# paths
if not set --query NICE_HOME
set --export --universal NICE_HOME $HOME
# if HOME ends with a dir called .home, assume that NICE_HOME is HOME's parent dir
test (basename $HOME) = .home \
&& set --export --universal NICE_HOME (realpath $HOME/..)
end
set --export --universal XDG_CONFIG_HOME $HOME/.config
set --export --universal XDG_CACHE_HOME $HOME/.cache
set --export --universal XDG_DATA_HOME $HOME/.local/share
set --export --universal XDG_STATE_HOME $HOME/.local/state
set --export --universal XDG_DESKTOP_DIR $HOME/desktop
set --export --universal XDG_PUBLICSHARE_DIR $HOME/public
set --export --universal XDG_TEMPLATES_DIR $HOME/templates
set --export --universal XDG_DOCUMENTS_DIR $NICE_HOME/doc
set --export --universal XDG_DOWNLOAD_DIR $NICE_HOME/dl
set --export --universal XDG_MUSIC_DIR $NICE_HOME/music
set --export --universal XDG_PICTURES_DIR $NICE_HOME/img
set --export --universal XDG_VIDEOS_DIR $NICE_HOME/video
set --export --universal XDG_GAMES_DIR $NICE_HOME/games
set --export --universal DOTFILES_PATH $XDG_CONFIG_HOME/lytedev-dotfiles
set --export --universal ENV_PATH $XDG_CONFIG_HOME/lytedev-env
set --export --universal FISH_PATH $XDG_CONFIG_HOME/fish
set --export --universal NOTES_PATH $NICE_HOME/doc/notes
set --export --universal SCROTS_PATH $NICE_HOME/img/scrots
set --export --universal USER_LOGS_PATH $NICE_HOME/doc/logs
for s in $ENV_PATH/*/config.d.fish
source $s (dirname $s)
end
# vars
set --export --universal LS_COLORS 'ow=01;36;40'
set --export --universal EXA_COLORS '*=0'
set --export --universal ERL_AFLAGS "-kernel shell_history enabled -kernel shell_history_file_bytes 1024000"
set --export --universal BROWSER firefox
set --export --universal EDITOR hx
set --export --universal VISUAL hx
# TODO: helix ($EDITOR) as man/pager
set --export --universal PAGER "less"
set --export --universal MANPAGER "less"
set --export --universal SOPS_AGE_KEY_FILE "$XDG_CONFIG_HOME/sops/age/keys.txt"
set --export --universal SKIM_ALT_C_COMMAND "fd --hidden --type directory"
set --export --universal SKIM_CTRL_T_COMMAND "fd --hidden"
# colors
set -U fish_color_normal normal # default color
set -U fish_color_command white # base command being run (>ls< -la)
set -U fish_color_param white # command's parameters
set -U fish_color_end green # command delimiter/separators (; and &)
set -U fish_color_error red # color of errors
set -U fish_color_escape yellow # color of escape codes (\n, \x2d, etc.)
set -U fish_color_operator blue # expansion operators (~, *)
set -U fish_color_quote yellow
set -U fish_color_redirection blue # redirection operators (|, >, etc.)
set -U fish_color_cancel 333 brblack # sigint at prompt (^C)
set -U fish_color_autosuggestion 666 brblack # as-you-type suggestions
set -U fish_color_match blue # matching parens and the like
set -U fish_color_search_match white\x1e\x2d\x2dbackground\x3d333 # selected pager item
set -U fish_color_selection blue # vi mode visual selection (only fg)
set -U fish_color_valid_path yellow # if an argument is a valid path (only -u?)
set -U fish_color_comment 666 brblack # comments like this one!
set -U fish_pager_color_completion white # main color for pager
set -U fish_pager_color_description magenta # color for meta description
set -U fish_pager_color_prefix blue # the string being completed
set -U fish_pager_color_progress white\x1e\x2d\x2dbackground\x3d333 # status indicator at the bottom
# set -U fish_pager_color_secondary \x2d\x2dbackground\x3d181818 # alternating rows
function has_command --wraps=command --description "Exits non-zero if the given command cannot be found"
command --quiet --search $argv[1]
end
'';
# TODO: rtx?
# TODO: homebrew?
# TODO: asdf?
functions = {
d = ''
# --wraps=cd --description "Quickly jump to NICE_HOME (or given relative or absolute path) and list files."
if count $argv > /dev/null
cd $argv
else
cd $NICE_HOME
end
la
'';
c = ''
if count $argv > /dev/null
cd $NICE_HOME && d $argv
else
d $NICE_HOME
end
'';
g = ''
if count $argv > /dev/null
git $argv
else
git status
end
'';
ltl = ''
set d $argv[1] .
set -l l ""
for f in $d[1]/*
if test -z $l; set l $f; continue; end
if command test $f -nt $l; and test ! -d $f
set l $f
end
end
echo $l
'';
has_command = "command --quiet --search $argv[1]";
};
interactiveShellInit = ''
# prompt
function get_hostname
if test (uname) = Linux || test (uname) = Darwin
has_command hostname && hostname | cut -d. -f1 || cat /etc/hostname
else
# assume bsd
hostname | head -n 1 | cut -d. -f1
end
end
function fish_greeting
_prompt_prefix
printf "%s\n" (date)
end
function preprocess_pwd
test (pwd) = / && echo "/" && return 1
test (pwd) = $NICE_HOME && echo "~" && return 0
pwd \
| cut -c2- \
| gawk '{n=split($0,p,"/");for(i=1;i<=n;i++){if(i==n){printf "/%s",p[i]}else{printf "/%.3s",p[i]}}}'
end
function _maybe_sudo_prefix
if set -q SUDO_USER
set_color -b yellow black
printf " SUDO "
set_color -b normal normal
printf " "
end
end
function _maybe_aws_profile
if set -q AWS_PROFILE && test $AWS_PROFILE = prd
printf " "
set_color -b yellow black
printf " AWS_PROFILE=prd "
set_color -b normal normal
end
end
function _user_and_host
if test $argv[1] -eq 0
set_color -b normal blue
else
set_color -b normal red
end
printf "%s@%s" $USER (get_hostname)
end
function _cur_work_dir
set_color -b normal magenta
printf " %s" (preprocess_pwd)
end
function _last_cmd_duration
set_color -b normal green
set -q CMD_DURATION && printf " %dms" $CMD_DURATION
end
function _maybe_jobs_summary
if jobs -q
set_color -b normal cyan
printf " &%d" (jobs -p | wc -l)
end
end
function _user_prompt
printf "\n"
set_color brblack
if test (id -u) -eq 0
printf '# '
else
printf '$ '
end
set_color -b normal normal
end
function _maybe_git_summary
set_color -b normal yellow
set cur_sha (git rev-parse --short HEAD 2>/dev/null)
if test $status = 0
set num_changes (git status --porcelain | wc -l | string trim)
if test $num_changes = 0
set num_changes ""
else
set num_changes "+$num_changes"
end
printf " %s %s %s" (git branch --show-current) $cur_sha $num_changes
end
end
function _prompt_marker
printf "%b133;A%b" "\x1b\x5d" "\x1b\x5c"
end
function _prompt_continuation_marker
printf "%b133;A;k=s%b" "\x1b\x5d" "\x1b\x5c"
end
function cmd_marker --on-variable _
printf "%b133;C%b" "\x1b\x5d" "\x1b\x5c"
end
function _prompt_prefix
set_color -b normal brblack
printf "# "
end
function fish_prompt
set last_cmd_status $status
_prompt_marker
_prompt_prefix
_maybe_sudo_prefix
_user_and_host $last_cmd_status
_cur_work_dir
_maybe_git_summary
_maybe_aws_profile
_last_cmd_duration
_maybe_jobs_summary
_user_prompt
end
function fish_mode_prompt; end
function fish_right_prompt; end
# key bindings
fish_vi_key_bindings
set --universal fish_cursor_default block
set --universal fish_cursor_insert line
set --universal fish_cursor_block block
fish_vi_cursor
set --universal fish_vi_force_cursor 1
bind --mode insert --sets-mode default jk repaint
bind --mode insert --sets-mode default jK repaint
bind --mode insert --sets-mode default Jk repaint
bind --mode insert --sets-mode default JK repaint
bind --mode insert --sets-mode default jj repaint
bind --mode insert --sets-mode default jJ repaint
bind --mode insert --sets-mode default Jj repaint
bind --mode insert --sets-mode default JJ repaint
bind -M insert \cg skim-cd-widget
bind -M insert \cp up-or-search
bind -M insert \cn down-or-search
bind -M insert \ce end-of-line
bind -M insert \ca beginning-of-line
bind -M insert \cv edit_command_buffer
bind -M default \cv edit_command_buffer
'';
loginShellInit = ''
'';
shellAbbrs = { };
shellAliases = {
l = "br";
ls = "exa --group-directories-first --classify";
la = "exa -la --group-directories-first --classify";
lA = "exa -la --all --group-directories-first --classify";
tree = "exa --tree --level=3";
lt = "exa -l --sort=modified";
lat = "exa -la --sort=modified";
lc = "lt --sort=accessed";
lT = "lt --reverse";
lC = "lc --reverse";
lD = "la --only-dirs";
"cd.." = "d ..";
"cdd" = "d $DOTFILES_PATH";
"cde" = "d $XDG_CONFIG_HOME/lytedev-env";
"cdc" = "d $XDG_CONFIG_HOME";
"cdn" = "d $NOTES_PATH";
"cdl" = "d $XDG_DOWNLOAD_DIR";
"cdg" = "d $XDG_GAMES_DIR";
".." = "d ..";
"..." = "d ../..";
"...." = "d ../../..";
"....." = "d ../../../..";
"......" = "d ../../../../..";
"......." = "d ../../../../../..";
"........" = "d ../../../../../../..";
"........." = "d ../../../../../../../..";
cat = "bat";
dc = "docker compose";
k = "kubectl";
kg = "kubectl get";
v = "$EDITOR";
sv = "sudo $EDITOR";
kssh = "kitty +kitten ssh";
};
};
programs.exa.enable = true;
programs.skim = {
enable = true;
enableFishIntegration = true;
};
programs.nix-index = {
enable = true;
enableFishIntegration = true;
};
home.pointerCursor = {
name = "Catppuccin-Mocha-Sapphire-Cursors";
package = pkgs.catppuccin-cursors.mochaSapphire;
size = 64; # TODO: this doesn't seem to work -- at least in Sway
};
programs.firefox = {
enable = true;
package = (pkgs.firefox.override { extraNativeMessagingHosts = [ pkgs.passff-host ]; });
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [
# ublock-origin
# ]; # TODO: would be nice to have _all_ my firefox stuff managed here instead of Firefox Sync maybe?
profiles = {
daniel = {
id = 0;
settings = {
"general.smoothScroll" = true;
};
extraConfig = ''
user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true);
// user_pref("full-screen-api.ignore-widgets", true);
user_pref("media.ffmpeg.vaapi.enabled", true);
user_pref("media.rdd-vpx.enabled", true);
'';
userChrome = ''
/* Remove close button */
.titlebar-buttonbox-container{ display:none }
#webrtcIndicator {
display: none;
}
#main-window[tabsintitlebar="true"]:not([extradragspace="true"]) #TabsToolbar>.toolbar-items {
opacity: 0;
pointer-events: none;
}
#main-window:not([tabsintitlebar="true"]) #TabsToolbar {
visibility: collapse !important;
}
'';
# userContent = ''
# '';
};
};
};
# wayland.windowManager.sway = {
# enable = true;
# }; # TODO: would be nice to have my sway config declared here instead of symlinked in by dotfiles scripts?
# maybe we can share somehow so things for nix-y systems and non-nix-y systems alike
}

306
flake.lock Normal file
View file

@ -0,0 +1,306 @@
{
"nodes": {
"api-lyte-dev": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1690574004,
"narHash": "sha256-1bF8WGiYe9AwhVaRN2VcyIPmQsnxRL5BPQC1hAe3K64=",
"ref": "refs/heads/master",
"rev": "02bf4481bc8d057a7ef4ae01467f8bd574ccb1c1",
"revCount": 71,
"type": "git",
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
},
"original": {
"type": "git",
"url": "ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git"
}
},
"crane": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"helix",
"flake-utils"
],
"nixpkgs": [
"helix",
"nixpkgs"
],
"rust-overlay": [
"helix",
"rust-overlay"
]
},
"locked": {
"lastModified": 1688772518,
"narHash": "sha256-ol7gZxwvgLnxNSZwFTDJJ49xVY5teaSvF7lzlo3YQfM=",
"owner": "ipetkov",
"repo": "crane",
"rev": "8b08e96c9af8c6e3a2b69af5a7fa168750fcf88e",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1692199161,
"narHash": "sha256-GqKApvQ1JCf5DzH/Q+P4nwuHb6MaQGaWTu41lYzveF4=",
"owner": "nix-community",
"repo": "disko",
"rev": "4eed2457b053c4bbad7d90d2b3a1d539c2c9009c",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"helix": {
"inputs": {
"crane": "crane",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1692817399,
"narHash": "sha256-gbLru0aup6iI0JnDGMQd1jsb8H6IJUNr/Xln3/ouAZc=",
"owner": "helix-editor",
"repo": "helix",
"rev": "c9694f680f97823ac9b893239a78bf45bfee0403",
"type": "github"
},
"original": {
"owner": "helix-editor",
"repo": "helix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1692099905,
"narHash": "sha256-/pSusGhmIdSdAaywQRFA5dVbfdIzlWQTecM+E46+cJ0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2a6679aa9cc3872c29ba2a57fe1b71b3e3c5649f",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1690026219,
"narHash": "sha256-oOduRk/kzQxOBknZXTLSEYd7tk+GoKvr8wV6Ab+t4AU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f465da166263bc0d4b39dfd4ca28b777c92d4b73",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1692492726,
"narHash": "sha256-rld5qm2B4oRkDwcPD+yOSyTrZQdfCR6mzJGGkecjvTs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e63e8bbc46bc4fc22254da1edaf42fc7549c18a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1692794066,
"narHash": "sha256-H0aG8r16dj0x/Wz6wQhQxc9V7AsObOiHPaKxQgH6Y08=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fc944919f743bb22379dddf18dcb72db6cff84aa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"api-lyte-dev": "api-lyte-dev",
"disko": "disko",
"helix": "helix",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"helix",
"flake-utils"
],
"nixpkgs": [
"helix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1690424156,
"narHash": "sha256-Bpml+L280tHTQpwpC5/BJbU4HSvEzMvW8IZ4gAXimhE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "f335a0213504c7e6481c359dc1009be9cf34432c",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1692728678,
"narHash": "sha256-02MjG7Sb9k7eOi86CcC4GNWVOjT6gjmXFSqkRjZ8Xyk=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "1b7b3a32d65dbcd69c217d7735fdf0a6b2184f45",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

145
flake.nix Normal file
View file

@ -0,0 +1,145 @@
# Welcome to my nix config! I'm just getting started with flakes, so please
# forgive the mess.
# TODO: declarative disks with https://github.com/nix-community/disko
# TODO: home-manager?
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
# TODO: this could be a release tarball? fully recompiling this on every change suuuucks
api-lyte-dev.url = "git+ssh://gitea@git.lyte.dev/lytedev/api.lyte.dev.git";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko/master"; # NOTE: lock update!
# use the version of nixpkgs we specified above rather than the one HM would ordinarily use
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
helix = {
url = "github:helix-editor/helix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs: {
diskoConfigurations = {
encryptedUefiBtrfs = import ./machines/thinker-disks.nix;
normalUefiBtrfs = import ./machines/musicbox-disks.nix;
};
homeConfigurations =
let
system = "x86_64-linux";
pkgs = inputs.nixpkgs.legacyPackages.${system};
in
{
daniel = inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = [
(import
./daniel.nix
pkgs)
];
};
};
nixosConfigurations = {
beefcake = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules =
[
./machines/beefcake.nix
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
inputs.api-lyte-dev.nixosModules.x86_64-linux.api-lyte-dev
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
musicbox = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules =
[
inputs.disko.nixosModules.disko
./machines/musicbox-disks.nix
{ _module.args.disks = [ "/dev/sda" ]; }
./machines/musicbox.nix
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
thinker = inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
inputs.disko.nixosModules.disko
./machines/thinker-disks.nix
{ _module.args.disks = [ "/dev/nvme0n1" ]; }
./machines/thinker.nix
inputs.home-manager.nixosModules.home-manager
inputs.sops-nix.nixosModules.sops
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
};
colmena = {
meta = {
nixpkgs = import inputs.nixpkgs {
system = "x86_64-linux";
};
};
musicbot = inputs.nixpkgs.lib.nixosSystem {
deployment = {
targetHost = "musicbox";
targetPort = 1234;
targetUser = "nixos";
};
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules =
[
inputs.disko.nixosModules.disko
./machines/musicbox-disks.nix
{ _module.args.disks = [ "/dev/sda" ]; }
./machines/musicbox.nix
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.daniel = import ./daniel.nix;
}
];
};
};
};
}

57
machines/beefcake-hardware.nix Normal file
View file

@ -0,0 +1,57 @@
# Do not modify this file! It was generated by 'nixos-generate-config'
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "megaraid_sas" "usbhid" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/0747dcba-f590-42e6-89c8-6cb2f9114d64";
fsType = "ext4";
options = [
"usrquota"
];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/7E3C-9018";
fsType = "vfat";
};
fileSystems."/storage" =
{
device = "/dev/disk/by-uuid/ea8258d7-54d1-430e-93b3-e15d33231063";
fsType = "btrfs";
options = [
"compress=zstd:5"
"space_cache=v2"
];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.eno3.useDHCP = lib.mkDefault true;
# networking.interfaces.eno4.useDHCP = lib.mkDefault true;
# networking.interfaces.enp68s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp68s0f1.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

606
machines/beefcake.nix Normal file
View file

@ -0,0 +1,606 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running 'nixos-help').
{ config, pkgs, inputs, ... }: rec {
nix.settings.experimental-features = [ "nix-command" "flakes" ];
imports = [
./beefcake-hardware.nix
];
services.api-lyte-dev = rec {
enable = true;
port = 5757;
stateDir = "/var/lib/api-lyte-dev";
configFile = sops.secrets."api.lyte.dev".path;
user = "api-lyte-dev";
group = user;
};
systemd.services.api-lyte-dev.environment.LOG_LEVEL = "debug";
sops = {
defaultSopsFile = ../secrets/beefcake/secrets.yml;
age = {
sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
keyFile = "/var/lib/sops-nix/key.txt";
generateKey = true;
};
secrets = {
# example-key = {
# # see these and other options' documentation here:
# # https://github.com/Mic92/sops-nix#set-secret-permissionowner-and-allow-services-to-access-it
# # set permissions:
# # mode = "0440";
# # owner = config.users.users.nobody.name;
# # group = config.users.users.nobody.group;
# # restart service when a secret changes or is newly initialized
# # restartUnits = [ "home-assistant.service" ];
# # symlink to certain directories
# path = "/var/lib/my-example-key/secrets.yaml";
# # for use as a user password
# # neededForUsers = true;
# };
# subdirectory
# "myservice/my_subdir/my_secret" = { };
"api.lyte.dev" = {
path = "${services.api-lyte-dev.stateDir}/secrets.json";
# TODO: would be cool to assert that it's correctly-formatted JSON?
mode = "0440";
owner = services.api-lyte-dev.user;
group = services.api-lyte-dev.group;
};
plausible-admin-password = { };
plausible-erlang-cookie = { };
plausible-secret-key-base = { };
};
};
# TODO: non-root processes and services that access secrets need to be part of
# the 'keys' group
# systemd.services.some-service = {
# serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];
# };
# or
# users.users.example-user.extraGroups = [ config.users.groups.keys.name ];
# TODO: directory attributes for /storage subdirectories?
# example: user daniel should be able to write to /storage/files.lyte.dev and
# caddy should be able to serve it
# TODO: declarative directory quotas? for storage/$USER and /home/$USER
# TODO: would be nice to get ALL the storage stuff declared in here
# should I be using btrfs subvolumes? can I capture file ownership, perimssions, and ACLs?
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
systemd.tmpfiles.rules = [
"d /var/spool/samba 1777 root root -"
];
networking.hostName = "beefcake";
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
users.groups.daniel.members = [ "daniel" ];
users.groups.nixadmin.members = [ "daniel" ];
users.users.daniel = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
group = "daniel";
extraGroups = [
"nixadmin" # write access to /etc/nixos/ files
"wheel" # sudo access
"caddy" # write access to /storage/files.lyte.dev
"users" # general users group
"jellyfin" # write access to /storage/jellyfin
];
# packages = with pkgs; [];
};
users.users.lytedev = {
# for running my services and applications and stuff
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
group = "lytedev";
extraGroups = [
];
};
users.users.ben = {
isNormalUser = true;
packages = with pkgs; [
vim
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUfLZ+IX85p9355Po2zP1H2tAxiE0rE6IYb8Sf+eF9T ben@benhany.com"
];
};
users.users.alan = {
isNormalUser = true;
packages = with pkgs; [
vim
];
openssh.authorizedKeys.keys = [
""
];
};
users.users.restic = {
# used for other machines to backup to
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
};
users.users.guest = {
isSystemUser = true;
group = "user";
createHome = true;
};
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
environment.variables = {
EDITOR = "hx";
};
# TODO: right now, I use a flake for helix that gets the latest since my config uses newer features
# would be nice to get that declared here
# I think this was done with `nix profile install github:helix-editor/helix --priority 0`?
# search for packages: `nix search $PACKAGE_NAME`
environment.systemPackages = with pkgs; [
inputs.helix.packages."x86_64-linux".helix
zellij
mosh
btrfs-progs
iperf3
pv
linuxquota
traceroute
hexyl
restic
speedtest-cli
fish
restic
nil
nixpkgs-fmt
fd
ripgrep
exa
skim
git
wget
tmux
sqlite
];
services.xserver.layout = "us";
# TODO: make the client declarative? right now I think it's manually git
# clone'd to /root
systemd.services.deno-netlify-ddns-client = {
serviceConfig.Type = "oneshot";
path = with pkgs; [ curl bash ];
environment = {
NETLIFY_DDNS_RC_FILE = "/root/deno-netlify-ddns-client/.env";
};
script = ''
bash /root/deno-netlify-ddns-client/netlify-ddns-client.sh
'';
};
systemd.timers.deno-netlify-ddns-client = {
wantedBy = [ "timers.target" ];
partOf = [ "deno-netlify-ddns-client.service" ];
timerConfig = {
OnBootSec = "10sec";
OnUnitActiveSec = "5min";
Unit = "deno-netlify-ddns-client.service";
};
};
services.smartd.enable = true;
services.caddy = {
enable = true;
adapter = "caddyfile";
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
configFile = pkgs.writeText "Caddyfile" ''
video.lyte.dev {
reverse_proxy :8096
}
bw.lyte.dev {
reverse_proxy :8222
}
api.lyte.dev {
reverse_proxy :5757
}
a.lyte.dev {
reverse_proxy :8899
}
git.lyte.dev {
reverse_proxy :3088
}
files.lyte.dev {
file_server browse {
root /storage/files.lyte.dev
}
}
# proxy everything else to chromebox
:80 {
reverse_proxy 10.0.0.5:80
}
:443 {
reverse_proxy 10.0.0.5:443
}
'';
};
services.vaultwarden = {
enable = true;
config = {
DOMAIN = "https://bw.lyte.dev";
SIGNUPS_ALLOWED = "false";
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
};
};
services.gitea = {
enable = true;
appName = "git.lyte.dev";
stateDir = "/storage/gitea";
settings = {
server = {
ROOT_URL = "https://git.lyte.dev";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = 3088;
DOMAIN = "git.lyte.dev";
};
service = {
DISABLE_REGISTRATION = true;
};
session = {
COOKIE_SECURE = true;
};
log = {
# TODO: raise the log level
LEVEL = "Debug";
};
ui = {
THEMES = "catppuccin-mocha-sapphire,gitea,arc-green,auto,pitchblack";
DEFAULT_THEME = "catppuccin-mocha-sapphire";
};
};
lfs = {
enable = true;
};
dump = {
enable = true;
};
database = {
# TODO: move to postgres?
type = "sqlite3";
};
};
# TODO: ensure we're not doing the same dumb thing we were doing on the old host and eating storage
services.clickhouse.enable = true;
services.plausible = {
enable = true;
releaseCookiePath = config.sops.secrets.plausible-erlang-cookie.path;
database = {
clickhouse.setup = true;
postgres = {
setup = false;
dbname = "plausible";
};
};
server = {
baseUrl = "http://beefcake.hare-cod.ts.net:8899";
disableRegistration = true;
port = 8899;
secretKeybaseFile = config.sops.secrets.plausible-secret-key-base.path;
};
adminUser = {
activate = false;
email = "daniel@lyte.dev";
passwordFile = config.sops.secrets.plausible-admin-password.path;
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "daniel" "plausible" ];
ensureUsers = [
{
name = "daniel";
ensurePermissions = {
"DATABASE daniel" = "ALL PRIVILEGES";
};
}
{
name = "plausible";
ensurePermissions = {
"DATABASE plausible" = "ALL PRIVILEGES";
};
}
];
dataDir = "/storage/postgres";
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all postgres peer map=superuser_map
local all daniel peer map=superuser_map
local sameuser all peer map=superuser_map
local plausible plausible peer map=superuser_map
# lan ipv4
host all all 10.0.0.0/24 trust
# tailnet ipv4
host all all 100.64.0.0/10 trust
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
superuser_map daniel postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
};
services.postgresqlBackup = {
enable = true;
backupAll = true;
compression = "none"; # hoping for deduplication here?
location = "/storage/postgres-backups";
startAt = "*-*-* 03:00:00";
};
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
services.jellyfin = {
enable = true;
openFirewall = true;
# uses port 8096 by default, configurable from admin UI
};
# NOTE: this server's xeon chips DO NOT seem to support quicksync or graphics in general
# but I can probably throw in a crappy GPU (or a big, cheap ebay GPU for ML
# stuff, too?) and get good transcoding performance
# jellyfin hardware encoding
# hardware.opengl = {
# enable = true;
# extraPackages = with pkgs; [
# intel-media-driver
# vaapiIntel
# vaapiVdpau
# libvdpau-va-gl
# intel-compute-runtime
# ];
# };
# nixpkgs.config.packageOverrides = pkgs: {
# vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
# };
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
listenAddresses = [
{ addr = "0.0.0.0"; port = 64022; }
{ addr = "0.0.0.0"; port = 22; }
];
};
services.samba-wsdd.enable = true;
services.samba = {
enable = true;
openFirewall = true;
securityType = "user";
package = pkgs.sambaFull;
extraConfig = ''
workgroup = WORKGROUP
server string = beefcake
netbios name = beefcake
security = user
#use sendfile = yes
#max protocol = smb2
# note: localhost is the ipv6 localhost ::1
hosts allow = 10. 192.168.0. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
load printers = yes
printing = cups
printcap name = cups
'';
shares = {
libre = {
path = "/storage/libre";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0666";
"directory mask" = "0777";
"force user" = "nobody";
"force group" = "users";
};
public = {
path = "/storage/public";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0664";
"directory mask" = "0775";
"force user" = "nobody";
"force group" = "users";
};
family = {
path = "/storage/family";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0664";
"directory mask" = "0775";
"force user" = "nobody";
"force group" = "family";
};
daniel = {
path = "/storage/daniel";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0640";
"directory mask" = "0750";
"force user" = "daniel";
"force group" = "users";
};
printers = {
comment = "All Printers";
path = "/var/spool/samba";
public = "yes";
browseable = "yes";
# to allow user 'guest account' to print.
"guest ok" = "yes";
writable = "no";
printable = "yes";
"create mode" = 0700;
};
};
};
# paths:
# TODO: move previous backups over and put here
# clickhouse and plausible analytics once they're up and running?
services.restic.backups = rec {
local = {
initialize = true;
passwordFile = "/root/restic-localbackup-password";
paths = [
"/storage/files.lyte.dev"
"/storage/daniel"
"/storage/gitea" # TODO: should maybe use configuration.nix's services.gitea.dump ?
"/var/lib/bitwarden_rs" # does this need any sqlite preprocessing?
# https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
# specifically, https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#sqlite-database-files
"/storage/postgres-backups"
];
exclude = [ ];
repository = "/storage/backups/local";
};
rascal = {
initialize = true;
extraOptions = [
"sftp.command='ssh beefcake@rascal -i /root/.ssh/id_ed25519 -s sftp'"
];
passwordFile = local.passwordFile;
paths = local.paths;
repository = "sftp://beefcake@rascal://storage/backups/beefcake";
timerConfig = {
OnCalendar = "04:45";
};
};
# TODO: add ruby?
benland = {
initialize = true;
extraOptions = [
"sftp.command='ssh daniel@n.benhaney.com -p 10022 -i /root/.ssh/id_ed25519 -s sftp'"
];
passwordFile = local.passwordFile;
paths = local.paths;
repository = "sftp://daniel@n.benhaney.com://storage/backups/beefcake";
timerConfig = {
OnCalendar = "04:45";
};
};
};
# TODO: https://nixos.wiki/wiki/Binary_Cache
networking.firewall.allowedTCPPorts = [
80 # http (caddy)
443 # https (caddy)
# 5357 # ???
22 # ssh
64022 # ssh (for ben?)
];
networking.firewall.allowedUDPPorts = [
# 53 # DNS
# 3702 # ???
64020 # mosh (for ben?)
];
networking.firewall.allowedUDPPortRanges = [
{
# mosh
from = 60000;
to = 60010;
}
];
networking.firewall = {
enable = true;
allowPing = true;
};
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# TODO: should I upgrade this?
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

52
machines/musicbox-disks.nix Normal file
View file

@ -0,0 +1,52 @@
{ disks ? [ "/dev/vda" ], ... }: {
disko.devices = {
disk = {
# TODO: would be nice to give this a good name?
primary = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
};
};
};
};
};
};
}

246
machines/musicbox.nix Normal file
View file

@ -0,0 +1,246 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ pkgs, inputs, ... }:
let
# this is unused because it's referenced by my sway config
dbus-sway-environment = pkgs.writeTextFile {
name = "dbus-sway-environment";
destination = "/bin/dbus-sway-environment";
executable = true;
text = ''
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
systemctl --user stop wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
systemctl --user start wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
'';
};
# this is unused because it's referenced by my sway config
configure-gtk = pkgs.writeTextFile {
name = "configure-gtk";
destination = "/bin/configure-gtk";
executable = true;
text =
let
schema = pkgs.gsettings-desktop-schemas;
datadir = "${schema}/share/gsettings-schemas/${schema.name}";
in
''
export XDG_DATA_DIRS="${datadir}:$XDG_DATA_DIRS
gnome_schema = org.gnome.desktop.interface
gsettings set $gnome_schema gtk-theme 'Catppuccin-Mocha'
'';
};
in
{
# TODO: fonts? right now, I'm just installing to ~/.local/share/fonts
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot.loader.grub.devices = [ "/dev/sda" ];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
nixpkgs.config = {
allowUnfree = true;
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
};
hardware.bluetooth.enable = true;
hardware.opengl = {
enable = true;
driSupport32Bit = true;
driSupport = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
};
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
networking.hostName = "musicbox";
networking.networkmanager.enable = true;
security.polkit.enable = true;
security.rtkit.enable = true;
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
services.pipewire = {
enable = true;
wireplumber.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
services.xserver.layout = "us";
services.xserver.xkbOptions = "ctrl:nocaps";
hardware.pulseaudio.support32Bit = true;
users.users.daniel = {
isNormalUser = true;
home = "/home/daniel/.home";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
extraGroups = [ "wheel" "video" ];
packages = [ ];
};
services.dbus.enable = true;
environment.systemPackages = with pkgs; [
age
bat
bind
bottom
brightnessctl
clang
curl
delta
dog
dtach
dua
exa
fd
feh
file
fwupd
gcc
gimp
git
git-lfs
grim
inputs.helix.packages."x86_64-linux".helix
hexyl
htop
inkscape
inotify-tools
iputils
killall
kitty
krita
libinput
libinput-gestures
libnotify
lutris
gnumake
mako
mosh
nmap
nnn
nil
nixpkgs-fmt
noto-fonts
openssl
pamixer
pavucontrol
pciutils
pgcli
playerctl
podman-compose
pulseaudio
pulsemixer
rclone
restic
ripgrep
rsync
sd
slurp
sops
steam
swaybg
swayidle
swaylock
tmux
traceroute
unzip
vlc
vulkan-tools
watchexec
waybar
wget
wireplumber
wine
wl-clipboard
wofi
xh
zathura
zellij
zstd
];
services.pcscd.enable = true;
services.flatpak.enable = true;
services.gnome.gnome-keyring.enable = true;
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "gnome3";
enableSSHSupport = true;
};
programs.thunar.enable = true;
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
environment.variables = {
EDITOR = "hx";
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
listenAddresses = [
{ addr = "0.0.0.0"; port = 22; }
];
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
};
system.stateVersion = "23.05";
}

60
machines/thinker-disks.nix Normal file
View file

@ -0,0 +1,60 @@
{ disks ? [ "/dev/vda" ], ... }: {
disko.devices = {
disk = {
vdb = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
ESP = {
label = "EFI";
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
extraOpenArgs = [ "--allow-discards" ];
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
keyFile = "/tmp/secret.key"; # Interactive
# settings.keyFile = "/tmp/password.key";
# additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
};
};
};
};
};
};
};
};
};
}

27
machines/thinker-hardware.nix Normal file
View file

@ -0,0 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

355
machines/thinker.nix Normal file
View file

@ -0,0 +1,355 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ pkgs, inputs, ... }:
let
# this is unused because it's referenced by my sway config
dbus-sway-environment = pkgs.writeTextFile {
name = "dbus-sway-environment";
destination = "/bin/dbus-sway-environment";
executable = true;
text = ''
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
systemctl --user stop wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
systemctl --user start wireplumber xdg-desktop-portal xdg-desktop-portal-wlr
'';
};
# this is unused because it's referenced by my sway config
configure-gtk = pkgs.writeTextFile {
name = "configure-gtk";
destination = "/bin/configure-gtk";
executable = true;
text =
let
schema = pkgs.gsettings-desktop-schemas;
datadir = "${schema}/share/gsettings-schemas/${schema.name}";
in
''
export XDG_DATA_DIRS="${datadir}:$XDG_DATA_DIRS
gnome_schema = org.gnome.desktop.interface
gsettings set $gnome_schema gtk-theme 'Catppuccin-Mocha'
'';
};
in
{
imports =
[
# Include the results of the hardware scan.
./thinker-hardware.nix
];
# TODO: hibernation? I've been using [deep] in /sys/power/mem_sleep alright
# with this machine so it may not be necessary?
# need to measure percentage lost per day, but I think it's around 10%/day
# TODO: fonts? right now, I'm just installing to ~/.local/share/fonts
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
nixpkgs.config = {
allowUnfree = true;
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
};
hardware.bluetooth.enable = true;
hardware.opengl = {
enable = true;
driSupport32Bit = true;
driSupport = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
};
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
networking.hostName = "thinker"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true;
security.polkit.enable = true;
security.rtkit.enable = true;
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
services.pipewire = {
enable = true;
wireplumber.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# pulse.support32Bit = true;
jack.enable = true;
};
# Set your time zone.
time.timeZone = "America/Chicago";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
useXkbConfig = true;
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
services.xserver.layout = "us";
services.xserver.xkbOptions = "ctrl:nocaps";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.support32Bit = true;
hardware.pulseaudio.support32Bit = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.daniel = {
isNormalUser = true;
home = "/home/daniel/.home";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
extraGroups = [ "wheel" "video" ];
packages = [ ];
};
services.dbus.enable = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
age
bat
bind
bottom
brightnessctl
clang
curl
delta
dog
dtach
dua
exa
fd
feh
file
fwupd
gcc
gimp
git
git-lfs
grim
inputs.helix.packages."x86_64-linux".helix
hexyl
htop
inkscape
inotify-tools
iputils
killall
kitty
krita
libinput
libinput-gestures
libnotify
lutris
gnumake
mako
mosh
nmap
nnn
nil
nixpkgs-fmt
noto-fonts
openssl
pamixer
pavucontrol
pciutils
pgcli
playerctl
podman-compose
pulseaudio
pulsemixer
rclone
restic
ripgrep
rsync
sd
slurp
sops
steam
swaybg
swayidle
swaylock
tmux
traceroute
unzip
vlc
vulkan-tools
watchexec
waybar
wget
wireplumber
wine
wl-clipboard
wofi
xh
zathura
zellij
zstd
];
services.pcscd.enable = true;
services.flatpak.enable = true;
services.gnome.gnome-keyring.enable = true;
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "gnome3";
enableSSHSupport = true;
};
programs.thunar.enable = true;
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
environment.variables = {
EDITOR = "hx";
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
listenAddresses = [
{ addr = "0.0.0.0"; port = 22; }
];
};
services.postgresql = {
enable = true;
ensureDatabases = [ "daniel" ];
ensureUsers = [
{
name = "daniel";
ensurePermissions = {
"DATABASE daniel" = "ALL PRIVILEGES";
};
}
];
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser auth-method
local all postgres peer map=superuser_map
local all daniel peer map=superuser_map
local sameuser all peer map=superuser_map
# lan ipv4
host all all 10.0.0.0/24 trust
host all all 127.0.0.1/32 trust
# tailnet ipv4
host all all 100.64.0.0/10 trust
'';
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
superuser_map daniel postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
};
virtualisation = {
podman = {
enable = true;
# Create a `docker` alias for podman, to use it as a drop-in replacement
dockerCompat = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
oci-containers = {
backend = "podman";
};
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [ ];
allowedUDPPorts = [ ];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

45
machines/third.nix Normal file
View file

@ -0,0 +1,45 @@
{ config, pkgs, ... }: {
imports = [
../profiles/laptop.nix
../modules/systemd-boot-efi.nix
../modules/intel.nix
../modules/docker.nix
../modules/network-manager.nix
../modules/bluetooth.nix
../modules/pulseaudio.nix
../modules/de/sway.nix
../modules/de/gnome.nix
../modules/users/daniel.nix
../modules/users/valerie.nix
];
networking = {
hostName = "third.lyte.dev";
firewall.enable = false;
networkmanager.wifi.powersave = true;
};
services.fwupd = {
enable = true;
};
console.useXkbConfig = true;
services.xserver.xkbOptions = "ctrl:nocaps";
# TODO: setup caps-lock as Control/Escape?
# console.font = "TER16x32";
swapDevices = [ { device = "/swapfile"; size = (1024*16); } ];
boot = {
# fallocate -l 16G /swapfile
resumeDevice = "/dev/disk/by-uuid/d1d92974-c0c0-4566-8131-c3dda9b21122";
# sudo filefrag -v /swapfile | head -n 4 | tail -n 1 | \
# tr -s "[:blank:]" | field 5 | tr -d ":"
kernelParams = [ "resume_offset=874496" ];
};
# services.upower = {
# enable = true;
# criticalPowerAction = "Hibernate";
# };
}

37
machines/wallwart.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, pkgs, ... }: {
imports = [
../profiles/desktop.nix
../modules/systemd-boot-efi.nix
../modules/amd.nix
../modules/amd-gpu.nix
../modules/docker.nix
../modules/network-manager.nix
../modules/bluetooth.nix
../modules/pulseaudio.nix
../modules/de/sway.nix
../modules/users/daniel.nix
../modules/users/valerie.nix
];
networking = {
hostName = "wallwart.lyte.dev";
firewall.enable = false;
};
environment = {
systemPackages = with pkgs; [ ntfs3g ];
};
fileSystems."/storage/ext".options = [ "defaults" "user" "nofail" ];
fileSystems."/storage/butter".options = [ "defaults" "auto" "nofail" ];
fileSystems."/storage/windows" = {
device = "/dev/disk/by-uuid/AE624593624560E7";
fsType = "ntfs";
options = [ "defaults" "auto" "nofail" ];
};
fileSystems."/storage/shared" = {
device = "/dev/disk/by-uuid/26F6144A6B518523";
fsType = "ntfs";
options = [ "defaults" "auto" "nofail" ];
};
}

3
modules/amd-gpu.nix Normal file
View file

@ -0,0 +1,3 @@
{ config, pkgs, ... }: {
services.xserver.videoDrivers = [ "amdgpu" ];
}

5
modules/amd.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, pkgs, ... }: {
hardware = {
cpu.amd.updateMicrocode = true;
};
}

3
modules/bash.nix Normal file
View file

@ -0,0 +1,3 @@
{ config, pkgs, ... }: {
environment.systemPackages = [ pkgs.bash ];
}

3
modules/bluetooth.nix Normal file
View file

@ -0,0 +1,3 @@
{ config, pkgs, ... }: {
hardware.bluetooth.enable = true;
}

27
modules/de/gnome.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in {
imports = [ ./graphics.nix ];
programs = {
};
services = {
pipewire.enable = true;
xserver = {
desktopManager.gnome3.enable = true;
libinput = {
enable = true;
tapping = true;
naturalScrolling = true;
disableWhileTyping = false;
};
};
gnome3 = {
gnome-keyring.enable = true;
sushi.enable = true;
};
};
systemd.packages = with pkgs.gnome3; [ gnome-session gnome-shell];
environment.systemPackages = with pkgs.gnome3; [ adwaita-icon-theme ];
}

21
modules/de/graphics.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, pkgs, ... }: {
imports = [ ../gdm.nix ];
fonts.fonts = with pkgs; [ iosevka ];
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
environment = {
systemPackages = with pkgs; [
glxinfo
firefox-devedition-bin
pavucontrol
brightnessctl
];
};
qt5 = {
platformTheme = "gtk2";
style = "gtk2";
};
}

62
modules/de/sway.nix Normal file
View file

@ -0,0 +1,62 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in {
imports = [ ./graphics.nix ];
fonts.fonts = with pkgs; [
noto-fonts-emoji font-awesome
];
programs = {
sway = {
enable = true;
extraPackages = with pkgs; [
unstable.pipewire
swaylock
swayidle
unstable.mako unstable.libnotify
waybar
wl-clipboard
slurp
grim
unstable.font-awesome
unstable.xwayland
unstable.kanshi
unstable.gammastep
];
# TODO: this should come from the user's homedir maybe through dotfiles
# somehow? home-manager?
extraSessionCommands = ''
systemctl --user import-environment
export TERMINAL=kitty
export BROWSER=firefox-devedition
export WLC_REPEAT_DELAY=200
export WLC_REPEAT_RATE=60
export CLUTTER_BACKEND=wayland
# export SDL_VIDEODRIVER=wayland
export MOZ_ENABLE_WAYLAND=1
export XDG_SESSION_TYPE=wayland
export XDG_CURRENT_DESKTOP=sway
'';
};
};
services = {
pipewire.enable = true;
xserver = {
libinput = {
enable = true;
tapping = true;
naturalScrolling = true;
disableWhileTyping = false;
};
};
};
xdg.portal = {
enable = true;
gtkUsePortal = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
unstable.xdg-desktop-portal-wlr
];
};
}

7
modules/docker.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, pkgs, ... }: {
virtualisation.docker = {
enable = true;
enableOnBoot = false;
};
environment.systemPackages = [ pkgs.docker-compose ];
}

11
modules/fish.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in {
programs.fish = {
enable = true;
};
environment.systemPackages = [ unstable.fish ];
}

12
modules/gdm.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, pkgs, ... }: {
# services.xserver.displayManager.defaultSession
services.xserver = {
enable = true;
displayManager = {
gdm = {
enable = true;
wayland = true;
};
};
};
}

19
modules/intel.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, pkgs, ... }: {
services.xserver.videoDrivers = [ "intel" ];
nixpkgs.config = {
allowUnfree = true;
packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
};
hardware = {
cpu.intel.updateMicrocode = true;
opengl = {
extraPackages = with pkgs; [
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
};
};
}

25
modules/lightdm.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, pkgs, ... }: {
# services.xserver.displayManager.defaultSession
services.xserver = {
enable = true;
displayManager.lightdm = {
enable = true;
greeter = {
enable = true;
};
greeters.gtk = {
enable = true;
theme = {
package = pkgs.arc-theme;
name = "Arc-Dark";
};
clock-format = "%H:%M:%S";
extraConfig = ''
font-name=IosevkaLyteTerm Nerd Font Complete
'';
};
# background = "";
};
};
environment.systemPackages = with pkgs; [ lightdm lightdm_gtk_greeter ];
}

22
modules/neovim.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
aliases = { vim = "nvim"; vi = "nvim"; };
in
{
environment = {
systemPackages = [ unstable.neovim ];
variables = {
EDITOR = "nvim";
PAGER = "nvim";
VISUAL = "nvim";
# we have to escape these doublequotes so that they work when NixOS
# injects them into the shell
MANPAGER = ''env MANWIDTH=\"\" nvim --cmd \"let g:prosession_on_startup=0\" +Man!'';
MANWIDTH = "80";
};
shellAliases = aliases;
};
programs.bash.shellAliases = aliases;
programs.fish.shellAliases = aliases;
}

4
modules/network-manager.nix Normal file
View file

@ -0,0 +1,4 @@
{ config, pkgs, ... }: {
networking.networkmanager.enable = true;
environment.systemPackages = [ pkgs.networkmanager ];
}

9
modules/pulseaudio.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, pkgs, ... }: {
hardware.pulseaudio = {
enable = true;
support32Bit = true;
package = pkgs.pulseaudioFull;
};
nixpkgs.config.pulseaudio = true;
sound.enable = true;
}

0
modules/ripcord.nix Normal file
View file

8
modules/systemd-boot-efi.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, pkgs, ... }: {
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
}

7
modules/tmux.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, pkgs, ... }: {
environment.systemPackages = [ pkgs.tmux ];
programs.tmux = {
enable = true;
};
}

61
modules/users/daniel.nix Normal file
View file

@ -0,0 +1,61 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in {
fonts.fonts = with pkgs; [
# helvetica # needed by zoom
];
users.users.daniel = {
isNormalUser = true;
extraGroups = [ "wheel" "docker" ];
shell = pkgs.fish;
home = "/home/daniel/.home";
packages = with pkgs; [
fortune # fun sayings
steam # games
pulsemixer # audio
file # identify file types
kitty # terminal emulator
unstable.fzf # fuzzy finder
dmenu # TODO: currently only using this for dmenu_path in `bin/launch`
ranger # tui for file management
pass # the standard unix password manager
vulkan-tools # vkcube for making sure vulkan still works
rustup
clang
pavucontrol # gui pulseaudio manager
pamixer # tui pulseaudio manager
strongswan # work vpn
gnumake
elixir
postgresql # database
htop # almost as good as bottom (btm)
unzip # needed by a handful of other utilities
autoconf automake # autotools
weechat # irc
python39Full # python 3.9
jq # awk for json
xfce.thunar xfce.thunar-archive-plugin xfce.thunar-volman # gui file manager
mpd # music player daemon
ncmpcpp # ncurses music player client
vlc # video player
google-chrome # sometimes ya gotta screenshare
# TODO: work module?
google-cloud-sdk # gcloud
kubectl # kubernetes cli
awscli # aws cli
zoom-us # video conferencing
lastpass-cli
# TODO: move this one to just laptop?
brightnessctl # laptop screen brightness
# nix utils
nox # package querying and installation?
# yay is to pacman, nox is to nix-env
niv # dependency pinning?
lorri # project envrc - like asdf-vm?
];
};
}

7
modules/users/valerie.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, pkgs, ... }: {
users.users.valerie = {
isNormalUser = true;
shell = pkgs.fish;
home = "/home/valerie";
};
}

1
pkgs/config.nix Normal file
View file

@ -0,0 +1 @@
{ allowUnfree = true; }

4
pkgs/home.nix Normal file
View file

@ -0,0 +1,4 @@
{ config, pkgs, ... }: {
programs.home-manager.enable = true;
home.stateVersion = "20.03";
}

65
profiles/base.nix Normal file
View file

@ -0,0 +1,65 @@
{ config, pkgs, ... }: {
imports = [
../modules/fish.nix
../modules/bash.nix
../modules/tmux.nix
../modules/neovim.nix
];
nixpkgs.config.allowUnfree = true;
i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "America/Chicago";
environment = {
systemPackages = with pkgs; [
less
wget curl
rsync
w3m
git
pciutils usbutils binutils
ripgrep sd fd
unzip
killall
];
};
programs = {
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
openssh = {
enable = true;
passwordAuthentication = false;
permitRootLogin = "no";
};
};
console = {
earlySetup = true;
colors = [
"111111"
"f92672"
"a6e22e"
"f4bf75"
"66d9ef"
"ae81ff"
"a1efe4"
"f8f8f2"
"75715e"
"f92672"
"a6e22e"
"f4bf75"
"66d9ef"
"ae81ff"
"a1efe4"
"f9f8f5"
];
};
}

3
profiles/desktop.nix Normal file
View file

@ -0,0 +1,3 @@
{ config, pkgs, ... }: {
imports = [ ./base.nix ];
}

3
profiles/laptop.nix Normal file
View file

@ -0,0 +1,3 @@
{ config, pkgs, ... }: {
imports = [ ./base.nix ];
}

27
readme.md Normal file
View file

@ -0,0 +1,27 @@
# zomg nixos
```bash
$ ssh -t beefcake 'cdd && pwd && g pl && cd os/linux/nix && sudo nixos-rebuild switch --flake .# && echo DONE'
```
Or for pushing:
```bash
# do once to setup
$ ssh -t beefcake 'cdd && git config receive.denyCurrentBranch updateInstead'
# probably regenerate and commit flake.lock from this directory
nix flake lock
# push and rebuild+switch
$ git push beefcake:~/.config/lytedev-dotfiles
$ ssh -t beefcake 'cd ~/.config/lytedev-dotfiles/os/linux/nix && sudo nixos-rebuild switch --flake .# && echo DONE'
```
# Ops stuff
- **TODO**: Look into https://github.com/zhaofengli/colmena
# Other To Dos
- **TODO**: check stuff during receive with a hook?

34
secrets/beefcake/example.yaml Normal file
View file

@ -0,0 +1,34 @@
example-key: ENC[AES256_GCM,data:LSGltrcgYatbjSQ2Zg==,iv:Yelgg+MOwAM6/TehmWicEy+lOZZWy+jxlC64MgzPs7s=,tag:zP67Db+Sah+nxi/DGpF9Ww==,type:str]
#ENC[AES256_GCM,data:TsYwHzmr1nE3uSS5Z2x+uQ==,iv:uo+VnHC4Zu87XUDUrxy9oaMZp1sbneSFD8ZpaMZ2cI8=,tag:ef8pAgMh2OxhjUYiAfLbwg==,type:comment]
myservice:
my_subdir:
my_secret: ENC[AES256_GCM,data:50qa/rMmv3lRZ4iiZG0Qs8jW1xfCIZvQq6C8O2dSMA==,iv:WUG//kJVKDJxvm6A4TcCNw46/UmXXvSrqXLJUiyuN7M=,tag:4sxiV9/T0r/IrGT0n/2u/w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdHRHclo3amJpU2ptbSts
ZGU4cit6TmZsWWNaUjdyZ1I1eXE4U3FtOEd3CmNGbnpiSlNON0tNTm83K2tuK0xS
eTFONThab1hIdG1jbkJVYTY1b2VsU0kKLS0tIEw3c2JvZ3RJR2RSZWRqa0lqc0VX
VlZHbFVMMjlucVNzeGNNQmNnbmNmTWcK524R2Ca+hX/80dr9ZDyoY10FnykHHpCv
GJyqsdDxCIqat52KPYUgLFggj8yubjBBeB9pAfgwHL2nG0wIVj/Dqg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMSHRQd3g2WUtmRGlPQTlj
NkwxeXdRVHN0eC9XbTlGY0x6M2kyMXg1UkZ3Cm5EdXFiMHQyLzNtUjNPRk04UGQx
WkllcktrSUl4N3EwUmpzUDA0c2hSM00KLS0tIFZPS2l5UE9WN25Dczh0dlZneGcz
eWdYc2ZmZWdybHprQTZEc1BLY3ZodTgKPc9oMfrj3hLL0TwMGlhKS5t2nkZAmn8J
2FwSNj8iX9c7Pg7fDnc3QnagVKzZDSW7DlrNliaFf+ZVp78Ibk//xw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-27T18:44:05Z"
mac: ENC[AES256_GCM,data:ZbXvJdb+phJyZD/9HG/yT2bct4/zVPEK6RbFDlf2FnxesIIyFJmSDVUi1AXD91s1q7APIh+nekPJ2+26v9GtA3AO9NXeLKbE7ctrdVq0s3G3/vXsi0SUqt8RnZlLo1lXVNDLSMICfRKRSXVDDC/HTqLOvYe8zXUP4Irt5bTvJI0=,iv:dlZWeasCRMHKKoJ5nsAtYVtTi3Z4iP4LFf6LKDgYyW0=,tag:MIhjux10iPYB9ltJYWp36w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

43
secrets/beefcake/secrets.yml Normal file
View file

@ -0,0 +1,43 @@
hello: ENC[AES256_GCM,data:zFcid19gJKCNO6uThYyDzQ+KCxsBC/Fjma9AhyddOraK9siZtcpBWyPhnIkq9Q==,iv:1j1sEZcZS5+NUbIRHNE5L41lDMuLGAqWw9QJNOmtxuE=,tag:dDPq3rGesiA7khX/GPMVhQ==,type:str]
example_key: ENC[AES256_GCM,data:EyQzVVXEgm20i62hFA==,iv:Z/gQF3lUcg7Ox66yWgBhi9aJqkN9nwIhcprSbC+fbdI=,tag:enULK/yFVQjNpRk0u4RFAg==,type:str]
#ENC[AES256_GCM,data:S7g4kg1/4oztGaattpyo1Q==,iv:/JYp8w/ONJLIRXfiyhc7us4BZ+eg6UZeMWYHWSYXiGE=,tag:Ec02qXNPU+TsKf55cV/nlA==,type:comment]
example_array:
- ENC[AES256_GCM,data:ava5NqrxDX3u3Tr8vZQ=,iv:Q+c2aZx3buUKNUf8NeMxWsSsXtqk4PLbYM0PzVrgyKs=,tag:kVCv9FMQTkQwvGfH4t3HCg==,type:str]
- ENC[AES256_GCM,data:ZHOtZT1VPqGUmOG2t3g=,iv:NI/xo4/ws3VSR+Bc3D0ClPqqfKyTHTfyvb48xAPEBvs=,tag:2DddoLwa8i5CdVIxbA+HUA==,type:str]
example_number: ENC[AES256_GCM,data:AifVPuuPnEw2lQ==,iv:/L/vG2znNlM35u4ZGM31bweTeuXc0qH136tCVK/xOEs=,tag:h60Zz1zQaDZqEO8+I/vZYg==,type:float]
example_booleans:
- ENC[AES256_GCM,data:GD3U7Q==,iv:ahTK9d6m8lQkjd2sS9Yo6V3EyFWoyEbeQG6Uke4hF40=,tag:rykfnfaLz39V+SJbomu5Zw==,type:bool]
- ENC[AES256_GCM,data:hK/CtTQ=,iv:EFXdBumvMKdaXdd97vUBIMKIaw1rMfUt+/irkRZGc4Y=,tag:JofhZ5SS+jzRe6WJmP34Xg==,type:bool]
plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A==,iv:GU2ccj10TKQ0KW9b9X9AgYnvhS/wMVqYTyxr6Xt50Gk=,tag:ypQ0VtutVD8wgdfm40QZkw==,type:str]
plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str]
plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str]
api.lyte.dev: ENC[AES256_GCM,data:14C5GQ41m/g7qHPzxlYoWjKWDOcm7MEDkuSofiuLfRNc/nji61t1eDbKX3d+SQL1UBchJFoBrWrUxnf0mUERhED1196z8vUq2jKEkcqKCAUS3soECInlb8zcxTcxaTFjYSjp1vUBdAn05AqLsF+hh9Bsm4fMQYjnHEZke9EmPZhuTlUdZa4eLv3+L3xAPHk2QIHQhdsjcTjGAZRMZOgTEcCvtGlb5pQuo11XmR2JzwzOXMC51WFDeOIWMAdO80yQBAdILso7rp1Nts/lwF0Bc9t7bNdHyoVTOA==,iv:jWGqUpXOTb/O972qXOqeX0EMFQLDKwaNHBqlpuGrZOk=,tag:uwB/jlAgESkLZ+vJ/OeV0A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDOHpnQlJkTWlUNXlxNzVY
WkF4ci9hTzg3S0tJM2RZMGlIcC9nNlgrdjEwCjRvaDBpb1ZoOWNtNkE1NDVXQVJY
UGZyZ2FpalQyUlpSU056TFRpUXlBNTgKLS0tIFNCSWdiQ25yNDdsdUtlUGZLS0h1
N3Z4NWRvcXN2a2xKMjlRM2lPZEhhekEKtolJt3EAZXlqq6UKV43Z2EJW4hkfZMJ8
06Se+Eim/PS3H1gjRdZ9SV45ghRmLy2OSMKTJxN78HFcJeDpp5CQnA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k8s590x34ghz7yrjyrgzkd24j252srf0mhfy34halp4frwr065csrlt2ev
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJTittdVRqRTRWSlBpRnpY
NmlIKzdoOFNxSnNoTFpwRVN3UGdJaHhRMldjCmRrRlo5V1luN0dabFBCWDhZaU9V
c05VeUxMQi9oM3czaDFFUEw3aHp4T1EKLS0tIHFqTVlXTnE5ZkoxRk9ESGo3MzAr
b0lTRjVCMU9ELzdvbFBJZ0tHbGtsYkEKLEcXCEikC3T3hfVOYKtWcNSGmfg28y+f
nGC4dQh9EciEbk1ZBbN3i6YSNULDoMSH172KBmRyt1ogr1ZPyCNqtg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-28T21:11:56Z"
mac: ENC[AES256_GCM,data:V/Gdc3LEwlNlfSqUzQFHFmtJQVaQ5wGXZmzoBpwHzhyHQpEkezHBwhq4XTCuXH5XPpjmWvih/dAbOn9EBA6gvPSX1DB0j/JvHvK9b8+BpjlL4xtnYaBql2eQgCWLKqzZMGCnbwONWi+1sjowK1ac4zPnXhEr52EIES31hV8KHKU=,iv:4NzQxve+iKhRcQVxfXbDsQz1sBU+pnm9x/HQnv2TLgc=,tag:zLYKf+tEUsXApNdc1hLjhw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

25
secrets/example.yaml Normal file
View file

@ -0,0 +1,25 @@
example-key: ENC[AES256_GCM,data:8/LalMfi+YsJaF1P+A==,iv:/Kkul1a1gBiAd447/A/yVzfUJi7rb8nAoBWXiokQZEs=,tag:gN5VnfNFyiKplMpip54YEw==,type:str]
#ENC[AES256_GCM,data:zF3Eji+GV/e/lxQ8IFpu2Q==,iv:wTfGJmuJ08HXstXGofLbUcl3vSKOsSv1Ai0kQM57sF4=,tag:U94wjTY7mTpafjkA4hOh0g==,type:comment]
myservice:
my_subdir:
my_secret: ENC[AES256_GCM,data:0oxmwRaS6wYg,iv:7fn84cOkL9F1yhbGOOJZLgkIphI4ZjA0pdzFFNFDh50=,tag:mwbFqGbLa+H47jOyfiNQBQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1stdue5q5teskee057ced6rh9pzzr93xsy66w4sc3zu49rgxl7cjshztt45
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3UUdpZU8zMloweWhZbmxI
aFZNL1M3eWNpMjBKMGxRMDYwUnZpd2k0NG1RCnVvcjJsU1dJQTVIcFlmMmFKeEI2
bEJVdldxektybGtLYmprRG9OenFnRjgKLS0tIGtBOWFrWXgvc2l0QThQczlWMkxW
bjM4enBEbUlkYlZFOHIvQW80VktsTDgKZMYE95nKgmU+whtU2xrJnuNlwZqrjpfN
e5LKNQ6lLqIzsmCdAlyPcKVW5hCbtaT/Ac1TvZWq7+cF6SbPa/51Ew==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-27T17:08:21Z"
mac: ENC[AES256_GCM,data:HO9P7Z3edo5FyaTenyKjphxnKcke4dqXiUyBveAPd2KP489Hh+fXrugx7+w47UiYsfgBCgFM/ED9xzRKLV7IMIYFtdtL5LwTizPF9H/VUnvRM420VUy/OMPiuludSSoL3WNpTM0UBQi4l7FSjKGpz5AdzLJE65Px05lPJQ/KGFY=,iv:TNtp3/A5lDanNQ0Ghi1Q1yyQc6glcYyYYeDkeEXNkVw=,tag:L5lmerkR3SarF/NLXYMURQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

2
sway/config Normal file
View file

@ -0,0 +1,2 @@
exec dbus-sway-environment
exec configure-gtk