From e58df8303794edfee3b15041d76b7ea6f452ddea Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Wed, 6 Sep 2023 00:57:08 -0500 Subject: [PATCH] Whee --- flake.lock | 27 ----- nixos/beefcake.nix | 132 +++++-------------------- nixos/common.nix | 15 ++- nixos/musicbox.nix | 1 - readme.md | 1 + scripts/bin/dotfiles-clone-and-setup | 8 -- scripts/bin/dotfiles-init | 56 ----------- scripts/bin/dotfiles-link-environments | 39 -------- scripts/bin/dotfiles-make-env | 30 ------ scripts/bin/dotfiles-setup | 78 --------------- scripts/bin/dotfiles-setup-for-root | 31 ------ 11 files changed, 40 insertions(+), 378 deletions(-) delete mode 100644 scripts/bin/dotfiles-clone-and-setup delete mode 100755 scripts/bin/dotfiles-init delete mode 100755 scripts/bin/dotfiles-link-environments delete mode 100755 scripts/bin/dotfiles-make-env delete mode 100755 scripts/bin/dotfiles-setup delete mode 100755 scripts/bin/dotfiles-setup-for-root diff --git a/flake.lock b/flake.lock index 927eff1..be97be4 100644 --- a/flake.lock +++ b/flake.lock @@ -23,15 +23,12 @@ "inputs": { "flake-compat": "flake-compat", "flake-utils": [ - "helix", "flake-utils" ], "nixpkgs": [ - "helix", "nixpkgs" ], "rust-overlay": [ - "helix", "rust-overlay" ] }, @@ -135,27 +132,6 @@ "type": "github" } }, - "helix": { - "inputs": { - "crane": "crane", - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_3", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1692817399, - "narHash": "sha256-gbLru0aup6iI0JnDGMQd1jsb8H6IJUNr/Xln3/ouAZc=", - "owner": "helix-editor", - "repo": "helix", - "rev": "c9694f680f97823ac9b893239a78bf45bfee0403", - "type": "github" - }, - "original": { - "owner": "helix-editor", - "repo": "helix", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": "nixpkgs_4" @@ -307,7 +283,6 @@ "inputs": { "api-lyte-dev": "api-lyte-dev", "disko": "disko", - "helix": "helix", "home-manager": "home-manager", "nixpkgs": "nixpkgs_5", "rtx": "rtx", @@ -336,11 +311,9 @@ "rust-overlay": { "inputs": { "flake-utils": [ - "helix", "flake-utils" ], "nixpkgs": [ - "helix", "nixpkgs" ] }, diff --git a/nixos/beefcake.nix b/nixos/beefcake.nix index 6821555..1fc88e9 100644 --- a/nixos/beefcake.nix +++ b/nixos/beefcake.nix @@ -2,13 +2,14 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running 'nixos-help'). -{ modulesPath, config, lib, pkgs, inputs, ... }: rec { - nix.settings.experimental-features = [ "nix-command" "flakes" ]; +{ modulesPath, config, pkgs, ... }: rec { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ../modules/intel.nix + ]; boot.initrd.availableKernelModules = [ "ehci_pci" "megaraid_sas" "usbhid" "uas" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; fileSystems."/" = { @@ -35,16 +36,10 @@ ]; }; - swapDevices = [ ]; - - networking.useDHCP = lib.mkDefault true; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + services.nix-serve = { + enable = true; + secretKeyFile = "/var/cache-priv-key.pem"; + }; services.api-lyte-dev = rec { enable = true; @@ -128,23 +123,10 @@ networking.hostName = "beefcake"; - time.timeZone = "America/Chicago"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - users.groups.daniel.members = [ "daniel" ]; users.groups.nixadmin.members = [ "daniel" ]; users.users.daniel = { - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" - ]; - group = "daniel"; extraGroups = [ "nixadmin" # write access to /etc/nixos/ files "wheel" # sudo access @@ -152,27 +134,18 @@ "users" # general users group "jellyfin" # write access to /storage/jellyfin ]; - # packages = with pkgs; []; }; - users.users.root.openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys; - users.users.lytedev = { # for running my services and applications and stuff isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" - ]; + openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys; group = "lytedev"; - extraGroups = [ - ]; }; users.users.ben = { isNormalUser = true; - packages = with pkgs; [ - vim - ]; + packages = [ pkgs.vim ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUfLZ+IX85p9355Po2zP1H2tAxiE0rE6IYb8Sf+eF9T ben@benhany.com" ]; @@ -180,9 +153,7 @@ users.users.alan = { isNormalUser = true; - packages = with pkgs; [ - vim - ]; + packages = [ pkgs.vim ]; openssh.authorizedKeys.keys = [ "" ]; @@ -193,55 +164,17 @@ isNormalUser = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" - ]; + ] ++ config.users.users.daniel.openssh.authorizedKeys.keys; }; users.users.guest = { + # used for anonymous samba access isSystemUser = true; - group = "user"; + group = "users"; createHome = true; }; - programs.fish.enable = true; - users.defaultUserShell = pkgs.fish; - - environment.variables = { - EDITOR = "hx"; - }; - - # TODO: right now, I use a flake for helix that gets the latest since my config uses newer features - # would be nice to get that declared here - # I think this was done with `nix profile install github:helix-editor/helix --priority 0`? - - # search for packages: `nix search $PACKAGE_NAME` - environment.systemPackages = with pkgs; [ - inputs.helix.packages."x86_64-linux".helix - zellij - mosh - btrfs-progs - iperf3 - pv - linuxquota - traceroute - hexyl - restic - speedtest-cli - fish - restic - nil - nixpkgs-fmt - fd - ripgrep - exa - skim - git - wget - tmux - sqlite - ]; - - services.xserver.layout = "us"; + environment.systemPackages = [ pkgs.linuxquota ]; # TODO: make the client declarative? right now I think it's manually git # clone'd to /root @@ -265,7 +198,6 @@ }; }; - services.smartd.enable = true; services.caddy = { enable = true; adapter = "caddyfile"; @@ -276,19 +208,19 @@ } bw.lyte.dev { - reverse_proxy :8222 + reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT} } api.lyte.dev { - reverse_proxy :5757 + reverse_proxy :${toString config.services.api-lyte-dev.port} } a.lyte.dev { - reverse_proxy :8899 + reverse_proxy :${toString config.services.plausible.server.port} } git.lyte.dev { - reverse_proxy :3088 + reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT} } files.lyte.dev { @@ -296,6 +228,10 @@ root /storage/files.lyte.dev } } + + nix.h.lyte.dev { + reverse_proxy :${toString config.services.nix-serve.port} + } # proxy everything else to chromebox :80 { @@ -437,7 +373,6 @@ }; services.tailscale = { - enable = true; useRoutingFeatures = "server"; }; @@ -467,10 +402,6 @@ # }; services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - }; listenAddresses = [ { addr = "0.0.0.0"; port = 64022; } { addr = "0.0.0.0"; port = 22; } @@ -604,8 +535,6 @@ }; }; - # TODO: https://nixos.wiki/wiki/Binary_Cache - networking.firewall.allowedTCPPorts = [ 80 # http (caddy) 443 # https (caddy) @@ -631,16 +560,5 @@ allowPing = true; }; - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; - - # TODO: should I upgrade this? - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It's perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.05"; # Did you read the comment? + system.stateVersion = "22.05"; } diff --git a/nixos/common.nix b/nixos/common.nix index da92b7b..dc09d54 100644 --- a/nixos/common.nix +++ b/nixos/common.nix @@ -13,6 +13,7 @@ bat bind bottom + btrfs-progs curl dog dua @@ -32,6 +33,7 @@ nmap openssl pciutils + pv rclone restic ripgrep @@ -39,6 +41,7 @@ sd sops smartmontools + sqlite unzip watchexec wget @@ -58,7 +61,8 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" ]; - extraGroups = [ "wheel" "video" ]; + group = "daniel"; + extraGroups = [ "users" "wheel" "video" ]; packages = [ ]; }; @@ -140,6 +144,15 @@ nix = { settings = { experimental-features = lib.mkDefault [ "nix-command" "flakes" ]; + substituters = [ + "https://nix.h.lyte.dev" + "https://nix-community.cachix.org" + "https://cache.nixos.org/" + ]; + trusted-public-keys = [ + "h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; }; }; diff --git a/nixos/musicbox.nix b/nixos/musicbox.nix index 0fe7644..e15f343 100644 --- a/nixos/musicbox.nix +++ b/nixos/musicbox.nix @@ -145,7 +145,6 @@ in git git-lfs grim - inputs.helix.packages."x86_64-linux".helix hexyl htop inkscape diff --git a/readme.md b/readme.md index 30f215e..c92f0bf 100644 --- a/readme.md +++ b/readme.md @@ -93,4 +93,5 @@ live media? # Other To Dos - Local Nix substitute/cache setup? +- Port configuration (lytedev/dotfiles) to home manager where applicable? - Pre-commit checks with `nix flake check`? diff --git a/scripts/bin/dotfiles-clone-and-setup b/scripts/bin/dotfiles-clone-and-setup deleted file mode 100644 index 5d90580..0000000 --- a/scripts/bin/dotfiles-clone-and-setup +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash - -command -v git >/dev/null 2>&1 || { echo "git not installed"; exit 1; } -command -v fish >/dev/null 2>&1 || { echo "fish not installed"; exit 2; } - -mkdir -p "$HOME/.config" -git clone https://git.lyte.dev/lytedev/dotfiles.git "$HOME/.config/lytedev-dotfiles" -exec "$HOME/.config/lytedev-dotfiles/common/bin/dotfiles-setup" diff --git a/scripts/bin/dotfiles-init b/scripts/bin/dotfiles-init deleted file mode 100755 index 3fe9240..0000000 --- a/scripts/bin/dotfiles-init +++ /dev/null @@ -1,56 +0,0 @@ -#!/usr/bin/env bash - -export dfp -export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}" -export ENV_PATH="$XDG_CONFIG_HOME/lytedev-env" -export CURDIR - -mkdir -p "$ENV_PATH" -mkdir -p "$XDG_CONFIG_HOME" -dfp="$(realpath "$(dirname "$0")"/../..)" - -# may not be running from inside the dotfiles repo, may have been curl'd down solo, so we need to check -if [[ ! -d "$dfp/.git" ]]; then - echo "Not running from inside the dotfiles git repo, so we need to download it first!" - # each os needs instructions to install git, then we can clone the repo and proceed - if ! command -v git; then - if head /etc/os-release --lines 1 | grep 'Arch Linux' > /dev/null 2>&1; then - if [[ "$EUID" -ne 0 ]]; then - if ! command -v sudo; then - echo "Error: No sudo command available to try and install 'git'" - exit 1 - else - sudo pacman -Sy --needed git - fi - else - pacman -Sy --needed git - fi - fi - fi - dfp="$XDG_CONFIG_HOME/lytedev-dotfiles" - git clone https://git.lyte.dev/lytedev/dotfiles.git "$dfp" -fi - -# auto-link any OS-specific environments -if head /etc/os-release --lines 1 | grep 'NixOS$' > /dev/null 2>&1; then - ln -s "$dfp/os/linux/nix" "$ENV_PATH/os-linux-nix" > /dev/null 2>&1 -elif head /etc/os-release --lines 1 | grep 'Arch Linux' > /dev/null 2>&1; then - ln -s "$dfp/os/linux/arch" "$ENV_PATH/os-linux-arch" > /dev/null 2>&1 -fi - -# perform any pre-requisite setup (includes OS-specific setup scripts since we -# just included those) -for s in "$ENV_PATH"/*; do - f="$s/dotfiles-init.d.sh" - if [ -f "$f" ]; then - echo "dotfiles-init: Running $f..." - CURDIR="$s" "$f" - fi -done - -# perform final dotfiles setup -echo "dotfiles-init: Running setup..." -"$dfp/common/bin/dotfiles-setup" - -# TODO: setup personal files? (ssh keys, gpg keys, password stores, notes) -# these are probably best handled in a dotfiles-init.d.sh script in a particular layer diff --git a/scripts/bin/dotfiles-link-environments b/scripts/bin/dotfiles-link-environments deleted file mode 100755 index 3fe54d9..0000000 --- a/scripts/bin/dotfiles-link-environments +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env fish - -has_command sk || begin - echo "sk not installed (skim fuzzy finder)" - exit 1 -end - -mkdir -p $ENV_PATH - -function filter_existing_directory - while read -l line - test -d $DOTFILES_PATH/$line && echo $line - end -end - -function reject_empty_lines - while read -l line - test $line = "" || echo $line - end -end - -function link - while read -l line - set safe_fn (string replace -a / - $line) - echo "Linking $ENV_PATH/$safe_fn to $DOTFILES_PATH/$line" - rm -f $ENV_PATH/$safe_fn - ln -s $DOTFILES_PATH/$line $ENV_PATH/$safe_fn - end -end - -cat $DOTFILES_PATH/common/envs | - filter_existing_directory | - sk --multi \ - --prompt "Select applicable environments (multi-select w/ TAB): " \ - --preview-window="up:50%:noborder" \ - --preview="ls -la --color=always $DOTFILES_PATH/{}" | - string trim | - reject_empty_lines | - link diff --git a/scripts/bin/dotfiles-make-env b/scripts/bin/dotfiles-make-env deleted file mode 100755 index ca07e0a..0000000 --- a/scripts/bin/dotfiles-make-env +++ /dev/null @@ -1,30 +0,0 @@ -#!/usr/bin/env bash - -echo "Not implemented yet!"; exit 1 - -edfp="$ENV_PATH/$1" -mkdir -p "$edfp/" -mkdir -p "$edfp/.hidden/bash.d/" -mkdir -p "$edfp/bin/" -mkdir -p "$edfp/x/" -mkdir -p "$edfp/sway/waybar" -mkdir -p "$edfp/sway/config.d" -mkdir -p "$HOME/.bin/" - -touches=( - "$edfp/bash" - "$edfp/x/init" - "$edfp/x/profile" - "$edfp/x/resources" - "$edfp/vim" - "$edfp/bspwm" - "$edfp/polybar" - "$edfp/app-launcher" - "$edfp/workdock" -) - -for t in "${touches[@]}"; do - touch "$t" -done - -chmod 700 -R "$edfp" diff --git a/scripts/bin/dotfiles-setup b/scripts/bin/dotfiles-setup deleted file mode 100755 index 5accd42..0000000 --- a/scripts/bin/dotfiles-setup +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/env fish - -# This script's purpose is to setup the dotfiles configuration for an existing -# and provisioned machine. For provisioning, see `./dotfiles-init`. - -set dfp (realpath (dirname (status -f))/../..) -set lock_file $HOME/.using-lytedev-dotfiles.lock - -if not test -f $lock_file - echo "This will delete existing files. Make sure you know what you're doing." - echo 'Are you sure you want to continue? [y/N]' - read response - set response (string lower $response) - if string match $response y - echo "agreed" > "$lock_file" - else - exit 1 - end -end - -set -q XDG_CONFIG_HOME || set XDG_CONFIG_HOME $HOME/.config -set h $HOME; set c $XDG_CONFIG_HOME -if test -d $c/lytedev-env - echo "Warning: no environment-specific configuration detected!" -end - -function l -a dot -a target -d "Symlink a dotfile configuration file or directory" - if test -L $target || test -f $target || test -d $target - command rm -rf "$target" - end - # check if the directory that will contain the link exists - set -l d (dirname $target) - test -d $d || mkdir -p $d - ln -s (pwd)/$dot $target - echo Linked $dot to $target -end - -pushd $dfp -test -d ~/.tmux/pluginx/tpm || \ - git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm -l common/zellij $c/zellij -l common/tmux/conf $h/.tmux.conf -l common/bat $c/bat -l common/bash/rc $h/.bashrc -l common/wezterm $c/wezterm -l common/kitty $c/kitty -l common/weechat $h/.weechat -l common/scim/rc $h/.scimrc -l common/scim/lua $h/.scim/lua -l common/nnn $c/nnn -l common/kak $c/kak -l common/helix $c/helix -l common/gitui $c/gitui -l common/gpg/agent.conf $h/.gnupg/gpg-agent.conf -chmod og-rwx ~/.gnupg -l common/htop/rc $c/htop/htoprc -l common/kitty $c/kitty -l common/alacritty $c/alacritty -l common/pgcli $c/pgcli -l common/mutt/rc $h/.muttrc -l common/git/config $h/.gitconfig -l common/elixir/iex.exs $h/.iex.exs -l common/blender/userpref.blend $c/blender/2.93/config/userpref.blend -l common/lemonade/config.toml $c/lemonade.toml -l common/tig/rc $h/.tigrc -popd - -for s in $c/lytedev-env/*/dotfiles-setup.d.fish - source $s $dfp $h $c -end - -set -q ENV_PATH || set ENV_PATH $XDG_CONFIG_HOME/lytedev-env -set -q DOTFILES_PATH || set DOTFILES_PATH $XDG_CONFIG_HOME/lytedev-dotfiles -command rm -f $ENV_PATH/empty -ln -s $DOTFILES_PATH/common/empty-env $ENV_PATH/empty - -echo "Dotfiles Installed! Don't forget to setup environments and change the user's shell as needed!" -exec fish diff --git a/scripts/bin/dotfiles-setup-for-root b/scripts/bin/dotfiles-setup-for-root deleted file mode 100755 index 3d63b5c..0000000 --- a/scripts/bin/dotfiles-setup-for-root +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env bash - -if [[ $UID -ne 0 ]]; then - echo "Re-running with 'sudo -E'..." - sudo -E "$0" "$@" - exit -fi - -dfp=$(cd "$(dirname "${BASH_SOURCE[0]}" )/../../" && pwd) -source "${dfp}/env/common/setup_helpers.bash" - -cp "$dfp/apps/de/sway/dm-entry" "/usr/share/wayland-sessions/lsway.desktop" - -links=( - # display manager files - "apps/de/sway/init" "/usr/bin/sway-lytedev" - - # udev rules - # TODO: how does this work in nix? - "apps/udev-rules/gcadapter" "/etc/udev/rules.d/51-gcadapter.rules" - - # tmpfiles - # TODO: does this even do anything anymore? - "apps/tmpfiles/disable-lid-wakeup" "/etc/tmpfiles.d/disable-lid-wakeup.conf" - - # lightdm - "apps/de/gnome/gdm-tap-to-click" "/etc/dconf/db/gdm.d/06-tap-to-click" -) - -_dotfiles_setup_run_setup "$HOME/.using-lytedev-etcfiles.lock" "${links[@]}" -