This commit is contained in:
Daniel Flanagan 2023-09-06 00:57:08 -05:00
parent 45688ee74b
commit e58df83037
11 changed files with 40 additions and 378 deletions

View file

@ -23,15 +23,12 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": [ "flake-utils": [
"helix",
"flake-utils" "flake-utils"
], ],
"nixpkgs": [ "nixpkgs": [
"helix",
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": [ "rust-overlay": [
"helix",
"rust-overlay" "rust-overlay"
] ]
}, },
@ -135,27 +132,6 @@
"type": "github" "type": "github"
} }
}, },
"helix": {
"inputs": {
"crane": "crane",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1692817399,
"narHash": "sha256-gbLru0aup6iI0JnDGMQd1jsb8H6IJUNr/Xln3/ouAZc=",
"owner": "helix-editor",
"repo": "helix",
"rev": "c9694f680f97823ac9b893239a78bf45bfee0403",
"type": "github"
},
"original": {
"owner": "helix-editor",
"repo": "helix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
@ -307,7 +283,6 @@
"inputs": { "inputs": {
"api-lyte-dev": "api-lyte-dev", "api-lyte-dev": "api-lyte-dev",
"disko": "disko", "disko": "disko",
"helix": "helix",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_5",
"rtx": "rtx", "rtx": "rtx",
@ -336,11 +311,9 @@
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": [ "flake-utils": [
"helix",
"flake-utils" "flake-utils"
], ],
"nixpkgs": [ "nixpkgs": [
"helix",
"nixpkgs" "nixpkgs"
] ]
}, },

View file

@ -2,13 +2,14 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running 'nixos-help'). # and in the NixOS manual (accessible by running 'nixos-help').
{ modulesPath, config, lib, pkgs, inputs, ... }: rec { { modulesPath, config, pkgs, ... }: rec {
nix.settings.experimental-features = [ "nix-command" "flakes" ]; imports = [
(modulesPath + "/installer/scan/not-detected.nix")
../modules/intel.nix
];
boot.initrd.availableKernelModules = [ "ehci_pci" "megaraid_sas" "usbhid" "uas" "sd_mod" ]; boot.initrd.availableKernelModules = [ "ehci_pci" "megaraid_sas" "usbhid" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ {
@ -35,16 +36,10 @@
]; ];
}; };
swapDevices = [ ]; services.nix-serve = {
enable = true;
networking.useDHCP = lib.mkDefault true; secretKeyFile = "/var/cache-priv-key.pem";
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
services.api-lyte-dev = rec { services.api-lyte-dev = rec {
enable = true; enable = true;
@ -128,23 +123,10 @@
networking.hostName = "beefcake"; networking.hostName = "beefcake";
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
users.groups.daniel.members = [ "daniel" ]; users.groups.daniel.members = [ "daniel" ];
users.groups.nixadmin.members = [ "daniel" ]; users.groups.nixadmin.members = [ "daniel" ];
users.users.daniel = { users.users.daniel = {
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
group = "daniel";
extraGroups = [ extraGroups = [
"nixadmin" # write access to /etc/nixos/ files "nixadmin" # write access to /etc/nixos/ files
"wheel" # sudo access "wheel" # sudo access
@ -152,27 +134,18 @@
"users" # general users group "users" # general users group
"jellyfin" # write access to /storage/jellyfin "jellyfin" # write access to /storage/jellyfin
]; ];
# packages = with pkgs; [];
}; };
users.users.root.openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
users.users.lytedev = { users.users.lytedev = {
# for running my services and applications and stuff # for running my services and applications and stuff
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = config.users.users.daniel.openssh.authorizedKeys.keys;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
];
group = "lytedev"; group = "lytedev";
extraGroups = [
];
}; };
users.users.ben = { users.users.ben = {
isNormalUser = true; isNormalUser = true;
packages = with pkgs; [ packages = [ pkgs.vim ];
vim
];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUfLZ+IX85p9355Po2zP1H2tAxiE0rE6IYb8Sf+eF9T ben@benhany.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUfLZ+IX85p9355Po2zP1H2tAxiE0rE6IYb8Sf+eF9T ben@benhany.com"
]; ];
@ -180,9 +153,7 @@
users.users.alan = { users.users.alan = {
isNormalUser = true; isNormalUser = true;
packages = with pkgs; [ packages = [ pkgs.vim ];
vim
];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"" ""
]; ];
@ -193,55 +164,17 @@
isNormalUser = true; isNormalUser = true;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbPqzKB09U+i4Kqu136yOjflLZ/J7pYsNulTAd4x903 root@chromebox.h.lyte.dev"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" ] ++ config.users.users.daniel.openssh.authorizedKeys.keys;
];
}; };
users.users.guest = { users.users.guest = {
# used for anonymous samba access
isSystemUser = true; isSystemUser = true;
group = "user"; group = "users";
createHome = true; createHome = true;
}; };
programs.fish.enable = true; environment.systemPackages = [ pkgs.linuxquota ];
users.defaultUserShell = pkgs.fish;
environment.variables = {
EDITOR = "hx";
};
# TODO: right now, I use a flake for helix that gets the latest since my config uses newer features
# would be nice to get that declared here
# I think this was done with `nix profile install github:helix-editor/helix --priority 0`?
# search for packages: `nix search $PACKAGE_NAME`
environment.systemPackages = with pkgs; [
inputs.helix.packages."x86_64-linux".helix
zellij
mosh
btrfs-progs
iperf3
pv
linuxquota
traceroute
hexyl
restic
speedtest-cli
fish
restic
nil
nixpkgs-fmt
fd
ripgrep
exa
skim
git
wget
tmux
sqlite
];
services.xserver.layout = "us";
# TODO: make the client declarative? right now I think it's manually git # TODO: make the client declarative? right now I think it's manually git
# clone'd to /root # clone'd to /root
@ -265,7 +198,6 @@
}; };
}; };
services.smartd.enable = true;
services.caddy = { services.caddy = {
enable = true; enable = true;
adapter = "caddyfile"; adapter = "caddyfile";
@ -276,19 +208,19 @@
} }
bw.lyte.dev { bw.lyte.dev {
reverse_proxy :8222 reverse_proxy :${toString config.services.vaultwarden.config.ROCKET_PORT}
} }
api.lyte.dev { api.lyte.dev {
reverse_proxy :5757 reverse_proxy :${toString config.services.api-lyte-dev.port}
} }
a.lyte.dev { a.lyte.dev {
reverse_proxy :8899 reverse_proxy :${toString config.services.plausible.server.port}
} }
git.lyte.dev { git.lyte.dev {
reverse_proxy :3088 reverse_proxy :${toString config.services.gitea.settings.server.HTTP_PORT}
} }
files.lyte.dev { files.lyte.dev {
@ -297,6 +229,10 @@
} }
} }
nix.h.lyte.dev {
reverse_proxy :${toString config.services.nix-serve.port}
}
# proxy everything else to chromebox # proxy everything else to chromebox
:80 { :80 {
reverse_proxy 10.0.0.5:80 reverse_proxy 10.0.0.5:80
@ -437,7 +373,6 @@
}; };
services.tailscale = { services.tailscale = {
enable = true;
useRoutingFeatures = "server"; useRoutingFeatures = "server";
}; };
@ -467,10 +402,6 @@
# }; # };
services.openssh = { services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
};
listenAddresses = [ listenAddresses = [
{ addr = "0.0.0.0"; port = 64022; } { addr = "0.0.0.0"; port = 64022; }
{ addr = "0.0.0.0"; port = 22; } { addr = "0.0.0.0"; port = 22; }
@ -604,8 +535,6 @@
}; };
}; };
# TODO: https://nixos.wiki/wiki/Binary_Cache
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 # http (caddy) 80 # http (caddy)
443 # https (caddy) 443 # https (caddy)
@ -631,16 +560,5 @@
allowPing = true; allowPing = true;
}; };
boot.kernel.sysctl."net.ipv4.ip_forward" = 1; system.stateVersion = "22.05";
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
# TODO: should I upgrade this?
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
} }

View file

@ -13,6 +13,7 @@
bat bat
bind bind
bottom bottom
btrfs-progs
curl curl
dog dog
dua dua
@ -32,6 +33,7 @@
nmap nmap
openssl openssl
pciutils pciutils
pv
rclone rclone
restic restic
ripgrep ripgrep
@ -39,6 +41,7 @@
sd sd
sops sops
smartmontools smartmontools
sqlite
unzip unzip
watchexec watchexec
wget wget
@ -58,7 +61,8 @@
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAPLXOjupz3ScYjgrF+ehrbp9OvGAWQLI6fplX6w9Ijb daniel@lyte.dev"
]; ];
extraGroups = [ "wheel" "video" ]; group = "daniel";
extraGroups = [ "users" "wheel" "video" ];
packages = [ ]; packages = [ ];
}; };
@ -140,6 +144,15 @@
nix = { nix = {
settings = { settings = {
experimental-features = lib.mkDefault [ "nix-command" "flakes" ]; experimental-features = lib.mkDefault [ "nix-command" "flakes" ];
substituters = [
"https://nix.h.lyte.dev"
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
trusted-public-keys = [
"h.lyte.dev:HeVWtne31ZG8iMf+c15VY3/Mky/4ufXlfTpT8+4Xbs0="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
}; };
}; };

View file

@ -145,7 +145,6 @@ in
git git
git-lfs git-lfs
grim grim
inputs.helix.packages."x86_64-linux".helix
hexyl hexyl
htop htop
inkscape inkscape

View file

@ -93,4 +93,5 @@ live media?
# Other To Dos # Other To Dos
- Local Nix substitute/cache setup? - Local Nix substitute/cache setup?
- Port configuration (lytedev/dotfiles) to home manager where applicable?
- Pre-commit checks with `nix flake check`? - Pre-commit checks with `nix flake check`?

View file

@ -1,8 +0,0 @@
#!/usr/bin/env bash
command -v git >/dev/null 2>&1 || { echo "git not installed"; exit 1; }
command -v fish >/dev/null 2>&1 || { echo "fish not installed"; exit 2; }
mkdir -p "$HOME/.config"
git clone https://git.lyte.dev/lytedev/dotfiles.git "$HOME/.config/lytedev-dotfiles"
exec "$HOME/.config/lytedev-dotfiles/common/bin/dotfiles-setup"

View file

@ -1,56 +0,0 @@
#!/usr/bin/env bash
export dfp
export XDG_CONFIG_HOME="${XDG_CONFIG_HOME:-$HOME/.config}"
export ENV_PATH="$XDG_CONFIG_HOME/lytedev-env"
export CURDIR
mkdir -p "$ENV_PATH"
mkdir -p "$XDG_CONFIG_HOME"
dfp="$(realpath "$(dirname "$0")"/../..)"
# may not be running from inside the dotfiles repo, may have been curl'd down solo, so we need to check
if [[ ! -d "$dfp/.git" ]]; then
echo "Not running from inside the dotfiles git repo, so we need to download it first!"
# each os needs instructions to install git, then we can clone the repo and proceed
if ! command -v git; then
if head /etc/os-release --lines 1 | grep 'Arch Linux' > /dev/null 2>&1; then
if [[ "$EUID" -ne 0 ]]; then
if ! command -v sudo; then
echo "Error: No sudo command available to try and install 'git'"
exit 1
else
sudo pacman -Sy --needed git
fi
else
pacman -Sy --needed git
fi
fi
fi
dfp="$XDG_CONFIG_HOME/lytedev-dotfiles"
git clone https://git.lyte.dev/lytedev/dotfiles.git "$dfp"
fi
# auto-link any OS-specific environments
if head /etc/os-release --lines 1 | grep 'NixOS$' > /dev/null 2>&1; then
ln -s "$dfp/os/linux/nix" "$ENV_PATH/os-linux-nix" > /dev/null 2>&1
elif head /etc/os-release --lines 1 | grep 'Arch Linux' > /dev/null 2>&1; then
ln -s "$dfp/os/linux/arch" "$ENV_PATH/os-linux-arch" > /dev/null 2>&1
fi
# perform any pre-requisite setup (includes OS-specific setup scripts since we
# just included those)
for s in "$ENV_PATH"/*; do
f="$s/dotfiles-init.d.sh"
if [ -f "$f" ]; then
echo "dotfiles-init: Running $f..."
CURDIR="$s" "$f"
fi
done
# perform final dotfiles setup
echo "dotfiles-init: Running setup..."
"$dfp/common/bin/dotfiles-setup"
# TODO: setup personal files? (ssh keys, gpg keys, password stores, notes)
# these are probably best handled in a dotfiles-init.d.sh script in a particular layer

View file

@ -1,39 +0,0 @@
#!/usr/bin/env fish
has_command sk || begin
echo "sk not installed (skim fuzzy finder)"
exit 1
end
mkdir -p $ENV_PATH
function filter_existing_directory
while read -l line
test -d $DOTFILES_PATH/$line && echo $line
end
end
function reject_empty_lines
while read -l line
test $line = "" || echo $line
end
end
function link
while read -l line
set safe_fn (string replace -a / - $line)
echo "Linking $ENV_PATH/$safe_fn to $DOTFILES_PATH/$line"
rm -f $ENV_PATH/$safe_fn
ln -s $DOTFILES_PATH/$line $ENV_PATH/$safe_fn
end
end
cat $DOTFILES_PATH/common/envs |
filter_existing_directory |
sk --multi \
--prompt "Select applicable environments (multi-select w/ TAB): " \
--preview-window="up:50%:noborder" \
--preview="ls -la --color=always $DOTFILES_PATH/{}" |
string trim |
reject_empty_lines |
link

View file

@ -1,30 +0,0 @@
#!/usr/bin/env bash
echo "Not implemented yet!"; exit 1
edfp="$ENV_PATH/$1"
mkdir -p "$edfp/"
mkdir -p "$edfp/.hidden/bash.d/"
mkdir -p "$edfp/bin/"
mkdir -p "$edfp/x/"
mkdir -p "$edfp/sway/waybar"
mkdir -p "$edfp/sway/config.d"
mkdir -p "$HOME/.bin/"
touches=(
"$edfp/bash"
"$edfp/x/init"
"$edfp/x/profile"
"$edfp/x/resources"
"$edfp/vim"
"$edfp/bspwm"
"$edfp/polybar"
"$edfp/app-launcher"
"$edfp/workdock"
)
for t in "${touches[@]}"; do
touch "$t"
done
chmod 700 -R "$edfp"

View file

@ -1,78 +0,0 @@
#!/usr/bin/env fish
# This script's purpose is to setup the dotfiles configuration for an existing
# and provisioned machine. For provisioning, see `./dotfiles-init`.
set dfp (realpath (dirname (status -f))/../..)
set lock_file $HOME/.using-lytedev-dotfiles.lock
if not test -f $lock_file
echo "This will delete existing files. Make sure you know what you're doing."
echo 'Are you sure you want to continue? [y/N]'
read response
set response (string lower $response)
if string match $response y
echo "agreed" > "$lock_file"
else
exit 1
end
end
set -q XDG_CONFIG_HOME || set XDG_CONFIG_HOME $HOME/.config
set h $HOME; set c $XDG_CONFIG_HOME
if test -d $c/lytedev-env
echo "Warning: no environment-specific configuration detected!"
end
function l -a dot -a target -d "Symlink a dotfile configuration file or directory"
if test -L $target || test -f $target || test -d $target
command rm -rf "$target"
end
# check if the directory that will contain the link exists
set -l d (dirname $target)
test -d $d || mkdir -p $d
ln -s (pwd)/$dot $target
echo Linked $dot to $target
end
pushd $dfp
test -d ~/.tmux/pluginx/tpm || \
git clone https://github.com/tmux-plugins/tpm ~/.tmux/plugins/tpm
l common/zellij $c/zellij
l common/tmux/conf $h/.tmux.conf
l common/bat $c/bat
l common/bash/rc $h/.bashrc
l common/wezterm $c/wezterm
l common/kitty $c/kitty
l common/weechat $h/.weechat
l common/scim/rc $h/.scimrc
l common/scim/lua $h/.scim/lua
l common/nnn $c/nnn
l common/kak $c/kak
l common/helix $c/helix
l common/gitui $c/gitui
l common/gpg/agent.conf $h/.gnupg/gpg-agent.conf
chmod og-rwx ~/.gnupg
l common/htop/rc $c/htop/htoprc
l common/kitty $c/kitty
l common/alacritty $c/alacritty
l common/pgcli $c/pgcli
l common/mutt/rc $h/.muttrc
l common/git/config $h/.gitconfig
l common/elixir/iex.exs $h/.iex.exs
l common/blender/userpref.blend $c/blender/2.93/config/userpref.blend
l common/lemonade/config.toml $c/lemonade.toml
l common/tig/rc $h/.tigrc
popd
for s in $c/lytedev-env/*/dotfiles-setup.d.fish
source $s $dfp $h $c
end
set -q ENV_PATH || set ENV_PATH $XDG_CONFIG_HOME/lytedev-env
set -q DOTFILES_PATH || set DOTFILES_PATH $XDG_CONFIG_HOME/lytedev-dotfiles
command rm -f $ENV_PATH/empty
ln -s $DOTFILES_PATH/common/empty-env $ENV_PATH/empty
echo "Dotfiles Installed! Don't forget to setup environments and change the user's shell as needed!"
exec fish

View file

@ -1,31 +0,0 @@
#!/usr/bin/env bash
if [[ $UID -ne 0 ]]; then
echo "Re-running with 'sudo -E'..."
sudo -E "$0" "$@"
exit
fi
dfp=$(cd "$(dirname "${BASH_SOURCE[0]}" )/../../" && pwd)
source "${dfp}/env/common/setup_helpers.bash"
cp "$dfp/apps/de/sway/dm-entry" "/usr/share/wayland-sessions/lsway.desktop"
links=(
# display manager files
"apps/de/sway/init" "/usr/bin/sway-lytedev"
# udev rules
# TODO: how does this work in nix?
"apps/udev-rules/gcadapter" "/etc/udev/rules.d/51-gcadapter.rules"
# tmpfiles
# TODO: does this even do anything anymore?
"apps/tmpfiles/disable-lid-wakeup" "/etc/tmpfiles.d/disable-lid-wakeup.conf"
# lightdm
"apps/de/gnome/gdm-tap-to-click" "/etc/dconf/db/gdm.d/06-tap-to-click"
)
_dotfiles_setup_run_setup "$HOME/.using-lytedev-etcfiles.lock" "${links[@]}"