Compare commits

..

No commits in common. "master" and "overseer" have entirely different histories.

101 changed files with 829 additions and 3064 deletions

0
.gitignore vendored
View File

View File

@ -1,27 +1,5 @@
{ {
"nodes": { "nodes": {
"arion": {
"inputs": {
"flake-parts": "flake-parts",
"haskell-flake": "haskell-flake",
"hercules-ci-effects": "hercules-ci-effects",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1720147808,
"narHash": "sha256-hlWEQGUbIwYb+vnd8egzlW/P++yKu3HjV/rOdOPVank=",
"owner": "hercules-ci",
"repo": "arion",
"rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "arion",
"rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
"type": "github"
}
},
"base16-schemes": { "base16-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -40,17 +18,18 @@
}, },
"devshell": { "devshell": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1728330715, "lastModified": 1717408969,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", "rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -80,31 +59,6 @@
"type": "github" "type": "github"
} }
}, },
"extra-container": {
"inputs": {
"flake-utils": [
"nix-bitcoin",
"flake-utils"
],
"nixpkgs": [
"nix-bitcoin",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722175938,
"narHash": "sha256-HKyB4HD+NdX3T233bY31hm76v3/tdQBNeLLvopKbZeY=",
"owner": "erikarvstedt",
"repo": "extra-container",
"rev": "37e7207ac9f857eedb58b208b9dc91cd6b24e651",
"type": "github"
},
"original": {
"owner": "erikarvstedt",
"repo": "extra-container",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -136,48 +90,6 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"arion",
"hercules-ci-effects",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixvim", "nixvim",
@ -185,11 +97,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1727826117, "lastModified": 1717285511,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -203,11 +115,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1726560853, "lastModified": 1701680307,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -230,11 +142,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729104314, "lastModified": 1718879355,
"narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", "narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", "rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -265,44 +177,6 @@
"type": "github" "type": "github"
} }
}, },
"haskell-flake": {
"locked": {
"lastModified": 1675296942,
"narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
"owner": "srid",
"repo": "haskell-flake",
"rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
"type": "github"
},
"original": {
"owner": "srid",
"ref": "0.1.0",
"repo": "haskell-flake",
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719226092,
"narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -310,11 +184,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1718530513,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -332,11 +206,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1726989464, "lastModified": 1718530513,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -348,11 +222,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1730403150, "lastModified": 1719091691,
"narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=", "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f", "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -361,30 +235,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-bitcoin": {
"inputs": {
"extra-container": "extra-container",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-unstable": "nixpkgs-unstable"
},
"locked": {
"lastModified": 1727247704,
"narHash": "sha256-Jl1CYXNIdJ4Ac0MK15e8+vflFOgPxZZNw24CKfLC6QY=",
"owner": "fort-nix",
"repo": "nix-bitcoin",
"rev": "a0d36d59248ac54f1b42a668326346a77640c7f5",
"type": "github"
},
"original": {
"owner": "fort-nix",
"ref": "nixos-24.05",
"repo": "nix-bitcoin",
"type": "github"
}
},
"nix-colors": { "nix-colors": {
"inputs": { "inputs": {
"base16-schemes": "base16-schemes", "base16-schemes": "base16-schemes",
@ -412,11 +262,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729826725, "lastModified": 1719128254,
"narHash": "sha256-w3WNlYxqWYsuzm/jgFPyhncduoDNjot28aC8j39TW0U=", "narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "7840909b00fbd5a183008a6eb251ea307fe4a76e", "rev": "50581970f37f06a4719001735828519925ef8310",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -426,12 +276,13 @@
} }
}, },
"nix-secrets": { "nix-secrets": {
"flake": false,
"locked": { "locked": {
"lastModified": 1730130467, "lastModified": 1719345965,
"narHash": "sha256-mcyG1iu8hNmkDjgDEdFQyCZ3bBxBHFKd4nxT8NreMmY=", "narHash": "sha256-ZxnKEatJu/wVxLy0M7UnCVvemU3P5vVvVoueAR289fk=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c82ff6f7e995503acabb9cf2478e5b4e401968ce", "rev": "24db3bffa6b914d0389ff801c054dd48535872a4",
"revCount": 188, "revCount": 121,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },
@ -442,16 +293,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1720031269, "lastModified": 1719145550,
"narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", "narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", "rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -473,43 +324,27 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1729973466, "lastModified": 1719099622,
"narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=", "narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cd3e8833d70618c4eea8df06f95b364b016d4950", "rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "release-24.05", "ref": "release-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1726871744, "lastModified": 1719254875,
"narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=", "narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable_2": {
"locked": {
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -519,27 +354,11 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1730481737,
"narHash": "sha256-HaUCfqLIFX/4wiSKkKKSTwUNmZd1EMy+lGB+faadQXU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f18ab3b08f56abc54bcc2ef9bbca627d45926fee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"devshell": "devshell", "devshell": "devshell",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
@ -549,11 +368,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1729945968, "lastModified": 1719340721,
"narHash": "sha256-4u+nbBSMuXWGCtXxUPPEflRm54+y/HLIbhIep9do8Ew=", "narHash": "sha256-SfjI1Ir3Zs7w5lXXsmJ/MhB3V1Z1gHl9K2dFaEiy/GM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "c05ac01070425ed0797b1ff678dc690c333cea74", "rev": "1fdbf40c177fc2edfcd3c63fadf4a6f596edc6af",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -565,11 +384,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1730472538, "lastModified": 1719344711,
"narHash": "sha256-3m4OVGKsbPzMlnS0gVptIZBRlxgqQz+WhfwT+rT823Y=", "narHash": "sha256-k389PPp1HG9xk3yXn4Q/eAY/K+qm/+kbHLq9hfo+m14=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "52c21ec8fde46366b1a5555e18d854ee18012ac8", "rev": "85596df878b1b71a54e1de3835ac6135c1bb8744",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -580,15 +399,13 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"arion": "arion",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"nix-bitcoin": "nix-bitcoin",
"nix-colors": "nix-colors", "nix-colors": "nix-colors",
"nix-secrets": "nix-secrets", "nix-secrets": "nix-secrets",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable_2", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "nixvim": "nixvim",
"nur": "nur", "nur": "nur",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
@ -602,11 +419,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1729999681, "lastModified": 1719268571,
"narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=", "narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
"owner": "mic92", "owner": "mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56", "rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -638,11 +455,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729613947, "lastModified": 1718522839,
"narHash": "sha256-XGOvuIPW1XRfPgHtGYXd5MAmJzZtOuwlfKDgxX5KT3s=", "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "aac86347fb5063960eccb19493e0cadcdb4205ca", "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81",
"type": "github" "type": "github"
}, },
"original": { "original": {

166
flake.nix
View File

@ -3,7 +3,7 @@
inputs = { inputs = {
# Nixpkgs # Nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/release-24.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# NUR # NUR
@ -21,17 +21,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Arion for docker
arion = {
url = "github:hercules-ci/arion/236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318";
};
# nix-bitcoin
nix-bitcoin = {
url = "github:fort-nix/nix-bitcoin/nixos-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
# Nix colors # Nix colors
nix-colors.url = "github:misterio77/nix-colors"; nix-colors.url = "github:misterio77/nix-colors";
@ -53,84 +42,89 @@
nix-secrets = { nix-secrets = {
url = "git+ssh://git@git.bitlab21.com/sam/nix-secrets.git"; url = "git+ssh://git@git.bitlab21.com/sam/nix-secrets.git";
inputs = {}; flake = false;
}; };
}; };
outputs = { outputs =
self, { self
nixpkgs, , nixpkgs
home-manager, , home-manager
... , ...
} @ inputs: let } @ inputs:
inherit (self) outputs; let
systems = [ inherit (self) outputs;
"x86_64-linux" systems = [
]; "x86_64-linux"
forAllSystems = nixpkgs.lib.genAttrs systems; ];
inherit (nixpkgs) lib; forAllSystems = nixpkgs.lib.genAttrs systems;
configVars = import ./vars {inherit inputs lib;}; specialArgs = { inherit inputs outputs; };
specialArgs = { in
inherit {
inputs packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
outputs formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
configVars overlays = import ./overlays { inherit inputs; };
; nixosModules = import ./modules/nixos;
}; homeManagerModules = import ./modules/home-manager;
in {
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
overlays = import ./overlays {inherit inputs;};
nixosModules = import ./modules/nixos;
homeManagerModules = import ./modules/home-manager;
# System level configs # System level configs
nixosConfigurations = { nixosConfigurations = {
bootstrap = nixpkgs.lib.nixosSystem { nixdev = nixpkgs.lib.nixosSystem {
inherit specialArgs; inherit specialArgs;
modules = [ modules = [
./hosts/bootstrap ./hosts/nixdev
]; home-manager.nixosModules.home-manager
}; {
sparky = nixpkgs.lib.nixosSystem { home-manager.extraSpecialArgs = specialArgs;
inherit specialArgs; }
modules = [ ];
./hosts/sparky };
home-manager.nixosModules.home-manager fileserver = nixpkgs.lib.nixosSystem {
{ inherit specialArgs;
home-manager.extraSpecialArgs = specialArgs; modules = [
} ./hosts/fileserver
]; home-manager.nixosModules.home-manager
}; {
semita = nixpkgs.lib.nixosSystem { home-manager.extraSpecialArgs = specialArgs;
inherit specialArgs; }
modules = [ ];
./hosts/semita };
home-manager.nixosModules.home-manager bootstrap = nixpkgs.lib.nixosSystem {
{ inherit specialArgs;
home-manager.extraSpecialArgs = specialArgs; modules = [
} ./hosts/bootstrap
]; ];
}; };
merlin = nixpkgs.lib.nixosSystem { sparky = nixpkgs.lib.nixosSystem {
inherit specialArgs; inherit specialArgs;
modules = [ modules = [
./hosts/nebula ./hosts/sparky
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.extraSpecialArgs = specialArgs; home-manager.extraSpecialArgs = specialArgs;
} }
]; ];
}; };
citadel = nixpkgs.lib.nixosSystem { semita = nixpkgs.lib.nixosSystem {
inherit specialArgs; inherit specialArgs;
modules = [ modules = [
./hosts/citadel ./hosts/semita
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.extraSpecialArgs = specialArgs; home-manager.extraSpecialArgs = specialArgs;
} }
]; ];
};
nebula = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nebula
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
}; };
}; };
};
} }

View File

@ -1,84 +0,0 @@
{config, pkgs, ...}: {
imports = [
# Import users
./users/sam
./common/core
# Import optional
./common/optional/git.nix
./common/optional/sops.nix
./common/optional/syncthing.nix
./common/optional/desktop/dwm
./common/optional/desktop/common/themes/standard-dark.nix
./common/optional/notes.nix
./common/optional/yazi.nix
];
home.packages = [
pkgs.qgis
];
colorScheme = {
slug = "serene";
name = "Serene";
author = "Bitlab21";
palette = {
base00 = "#1F1F28";
base01 = "#16161D";
base02 = "#223249";
base03 = "#363646";
base04 = "#727169";
base05 = "#DCD7BA";
base06 = "#C8C093";
base07 = "#717C7C";
base08 = "#C34043";
base09 = "#FFA066";
base0A = "#C0A36E";
base0B = "#76946A";
base0C = "#6A9589";
base0D = "#7E9CD8";
base0E = "#957FB8";
base0F = "#D27E99";
};
};
home.file.".Xresources" = {
recursive = true;
text = ''
! st
st.alpha: 0.8
St.font: monospace:pixelsize=31:antialias=true:autohint=true;
St.font2: NotoColorEmoji:pixelsize=24:antialias=true:autohint=true;
! dwm
dwm.borderpx: 6
dwm.font: monospace:size=14
dwm.col_base00: #${config.colorScheme.colors.base00}
dwm.col_base03: #${config.colorScheme.colors.base03}
dwm.col_base04: #${config.colorScheme.colors.base04}
dwm.col_base05: #${config.colorScheme.colors.base05}
dwm.col_base08: #${config.colorScheme.colors.base08}
dwm.col_base0B: #${config.colorScheme.colors.base0B}
! dmenu
dmenu.font: monospace:size=14
dmenu.font2: NotoColorEmoji:pixelsize=44:antialias=true:autohint=true
dmenu.topbar: 1
dmenu.normfgcolor: #${config.colorScheme.colors.base05}
dmenu.normbgcolor: #${config.colorScheme.colors.base03}
dmenu.selfgcolor: #${config.colorScheme.colors.base00}
dmenu.selbgcolor: #${config.colorScheme.colors.base0B}
Nsxiv.window.background: #${config.colorScheme.colors.base03}
Nsxiv.window.foreground: #${config.colorScheme.colors.base05}
Nsxiv.mark.foreground: #${config.colorScheme.colors.base08}
Nsxiv.bar.background: #${config.colorScheme.colors.base00}
Nsxiv.bar.foreground: #${config.colorScheme.colors.base05}
Nsxiv.bar.font: monospace:size=12
'';
};
}

View File

@ -1,9 +1,10 @@
{ pkgs, inputs, outputs, lib, ... }: { pkgs, inputs, outputs, ... }:
{ {
imports = [ imports = [
inputs.nix-colors.homeManagerModules.default inputs.nix-colors.homeManagerModules.default
./zsh.nix ./zsh.nix
./nixvim ./nixvim
./fonts.nix
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
@ -18,17 +19,14 @@
ripgrep ripgrep
fzf fzf
eza eza
bat
killall
pciutils pciutils
tree tree
jq jq
coreutils coreutils
btop btop
htop htop
postgresql_16 postgresql
libqalculate libqalculate
tmux
; ;
}; };
home.stateVersion = "24.05"; home.stateVersion = "24.05";

View File

@ -0,0 +1,15 @@
{ pkgs, ... }:
{
fonts.fontconfig.enable = true;
home.packages = with pkgs; [
nerdfonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
hack-font
liberation_ttf
libertine
font-awesome
];
}

View File

@ -1,8 +1,5 @@
{ inputs, pkgs, ... }:
{ {
inputs,
pkgs,
...
}: {
imports = [ imports = [
inputs.nixvim.homeManagerModules.nixvim inputs.nixvim.homeManagerModules.nixvim
./plugins ./plugins
@ -14,22 +11,12 @@
# Install home packages needed for nixvim # Install home packages needed for nixvim
home.packages = [ home.packages = [
pkgs.nixpkgs-fmt pkgs.nixpkgs-fmt
pkgs.black
pkgs.yamllint
pkgs.yamlfmt
pkgs.prettierd pkgs.prettierd
pkgs.sqlfmt pkgs.sqlfmt
pkgs.nodePackages_latest.sql-formatter
pkgs.alejandra
pkgs.shellcheck
pkgs.shellharden
pkgs.shfmt
pkgs.stylua
pkgs.glow
]; ];
programs.nixvim = { programs.nixvim = {
enable = true; enable = true;
package = pkgs.neovim-unwrapped;
enableMan = true; # install man pages for nixvim options enableMan = true; # install man pages for nixvim options
clipboard.register = "unnamedplus"; # use system clipboard instead of internal registers clipboard.register = "unnamedplus"; # use system clipboard instead of internal registers
globals.mapleader = " "; globals.mapleader = " ";
@ -55,11 +42,7 @@
let wiki_0.index = 'home' let wiki_0.index = 'home'
let wiki_0.syntax = 'markdown' let wiki_0.syntax = 'markdown'
let wiki_0.ext = '.md' let wiki_0.ext = '.md'
" ==== dbui
let g:db_ui_hide_schemas = ['pg_catalog', 'pg_toast_temp.*', 'pg_toast']
let g:db_ui_use_nerd_fonts = 1
let g:db_ui_execute_on_save = 0
''; '';
}; };
} }

View File

@ -1,31 +1,33 @@
{ {
programs.nixvim.keymaps = [ programs.nixvim.keymaps = [
# Switching buffers # Switching buffers
{ {
mode = ["n"]; mode = [ "n" ];
action = "<C-w>h"; action = "<C-W>h";
key = "<S-h>"; key = "<S-h>";
options = {silent = true;}; options = {
silent = true;
};
} }
{ {
mode = ["n"]; mode = [ "n" ];
action = "<C-w>j"; action = "<C-W>j";
key = "<S-j>"; key = "<S-j>";
options = { options = {
silent = true; silent = true;
}; };
} }
{ {
mode = ["n"]; mode = [ "n" ];
action = "<C-w>k"; action = "<C-W>k";
key = "<S-k>"; key = "<S-k>";
options = { options = {
silent = true; silent = true;
}; };
} }
{ {
mode = ["n"]; mode = [ "n" ];
action = "<C-w>l"; action = "<C-W>l";
key = "<S-l>"; key = "<S-l>";
options = { options = {
silent = true; silent = true;
@ -34,7 +36,7 @@ programs.nixvim.keymaps = [
# Toggle nvim-tree # Toggle nvim-tree
{ {
mode = ["n"]; mode = [ "n" ];
action = "<cmd>NvimTreeFindFileToggle<CR>"; action = "<cmd>NvimTreeFindFileToggle<CR>";
key = "tt"; key = "tt";
options = { options = {
@ -44,71 +46,40 @@ programs.nixvim.keymaps = [
# Clear search highlighting # Clear search highlighting
{ {
mode = ["n"]; mode = [ "n" ];
key = "<space><space>"; key = "<space><space>";
action = "<cmd>nohlsearch<CR>"; action = "<cmd>nohlsearch<CR>";
options = {noremap = true;}; options = { noremap = true; };
} }
# paste over selected text without yanking it # Telescope Plugin
{ {
mode = ["v"]; # find files
key = "p"; mode = [ "n" ];
action = "\"_dP"; key = "<Leader>ff";
options = {noremap = true;}; action = "<cmd>Telescope find_files<CR>";
} options = { noremap = true; };
# resize window
{
mode = ["n"];
key = "<Right>";
action = ":vertical resize +1<CR>";
options = {noremap = true;};
} }
{ {
mode = ["n"]; # live grep
key = "<Left>"; mode = [ "n" ];
action = ":vertical resize -1<CR>"; key = "<Leader>fg";
options = {noremap = true;}; action = "<cmd>Telescope live_grep<CR>";
options = { noremap = true; };
} }
{ {
mode = ["n"]; # buffers
key = "<Down>"; mode = [ "n" ];
action = ":resize -1<CR>"; key = "<Leader>fb";
options = {noremap = true;}; action = "<cmd>Telescope buffers<CR>";
options = { noremap = true; };
} }
{ {
mode = ["n"]; # help tags
key = "<Up>"; mode = [ "n" ];
action = ": resize +1<CR>"; key = "<Leader>fh";
options = {noremap = true;}; action = "<cmd>Telescope help_tags<CR>";
} options = { noremap = true; };
# indent line in or out
{
mode = ["v"];
key = "<";
action = "<gv";
options = {noremap = true;};
}
{
mode = ["v"];
key = ">";
action = ">gv";
options = {noremap = true;};
}
# move selected line up or down
{
mode = ["v"];
key = "J";
action = ":m '>+1<CR>gv=gv";
options = {noremap = true;};
}
{
mode = ["v"];
key = "K";
action = ":m '<-2<CR>gv=gv";
options = {noremap = true;};
} }
]; ];
} }

View File

@ -31,7 +31,5 @@
ignorecase = true; ignorecase = true;
smartcase = true; smartcase = true;
backspace = "indent,eol,start"; # allow backspace in insert mode backspace = "indent,eol,start"; # allow backspace in insert mode
spell = true;
spelllang = "en_gb";
}; };
} }

View File

@ -0,0 +1,10 @@
{
programs.nixvim.plugins = {
alpha = {
enable = true;
iconsEnabled = true;
theme = "dashboard";
};
};
}

View File

@ -3,7 +3,6 @@
cmp-emoji = { enable = true; }; cmp-emoji = { enable = true; };
cmp = { cmp = {
enable = true; enable = true;
cmdline = {};
settings = { settings = {
autoEnableSources = true; autoEnableSources = true;
experimental = { ghost_text = true; }; experimental = { ghost_text = true; };
@ -12,7 +11,7 @@
fetchingTimeout = 200; fetchingTimeout = 200;
maxViewEntries = 30; maxViewEntries = 30;
}; };
snippet = { expand = "function(args) require('luasnip').lsp_expand(args.body) end"; }; snippet = { expand = "luasnip"; };
formatting = { formatting = {
fields = [ "kind" "abbr" "menu" ]; fields = [ "kind" "abbr" "menu" ];
format = '' format = ''
@ -44,10 +43,14 @@
}; };
mapping = { mapping = {
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; "<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping.select_prev_item()"; "<C-j>" = "cmp.mapping.select_next_item()";
"<C-k>" = "cmp.mapping.select_prev_item()";
"<C-e>" = "cmp.mapping.abort()";
"<C-b>" = "cmp.mapping.scroll_docs(-4)"; "<C-b>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)"; "<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<CR>" = "cmp.mapping.confirm({ select = true })"; "<CR>" = "cmp.mapping.confirm({ select = true })";
"<S-CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Replace, select = true })";
}; };
}; };
}; };
@ -55,7 +58,7 @@
cmp-buffer = { enable = true; }; cmp-buffer = { enable = true; };
cmp-path = { enable = true; }; # file system paths cmp-path = { enable = true; }; # file system paths
cmp_luasnip = { enable = true; }; # snippets cmp_luasnip = { enable = true; }; # snippets
cmp-cmdline = { enable = true; }; # autocomplete for cmdline cmp-cmdline = { enable = false; }; # autocomplete for cmdline
}; };
programs.nixvim.extraConfigLua = '' programs.nixvim.extraConfigLua = ''
luasnip = require("luasnip") luasnip = require("luasnip")
@ -91,15 +94,22 @@
-- Use buffer source for `/` (if you enabled `native_menu`, this won't work anymore). -- Use buffer source for `/` (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline({'/', "?" }, { cmp.setup.cmdline({'/', "?" }, {
mapping = cmp.mapping.preset.cmdline(),
sources = { sources = {
{ name = 'buffer' } { name = 'buffer' }
} }
}) })
-- Set configuration for specific filetype.
cmp.setup.filetype('gitcommit', {
sources = cmp.config.sources({
{ name = 'cmp_git' }, -- You can specify the `cmp_git` source if you were installed it.
}, {
{ name = 'buffer' },
})
})
-- Use cmdline & path source for ':' (if you enabled `native_menu`, this won't work anymore). -- Use cmdline & path source for ':' (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline(':', { cmp.setup.cmdline(':', {
mapping = cmp.mapping.preset.cmdline(),
sources = cmp.config.sources({ sources = cmp.config.sources({
{ name = 'path' } { name = 'path' }
}, { }, {

View File

@ -1,5 +0,0 @@
{
programs.nixvim.plugins.comment = {
enable = true;
};
}

View File

@ -1,53 +1,21 @@
{ {
programs.nixvim.plugins.conform-nvim = { programs.nixvim.plugins.conform-nvim = {
enable = true; enable = true;
formatOnSave = {
lspFallback = true;
timeoutMs = 500;
};
notifyOnError = true; notifyOnError = true;
logLevel = "debug";
formattersByFt = { formattersByFt = {
html = ["prettierd"]; html = [["prettierd" "prettier"]];
css = ["prettierd"]; css = [["prettierd" "prettier"]];
javascript = ["prettierd"]; javascript = [["prettierd" "prettier"]];
python = ["black"]; python = ["black"];
lua = ["stylua"]; lua = ["stylua"];
nix = ["alejandra"]; nix = ["alejandra"];
markdown = ["prettierd"]; markdown = [["prettierd" "prettier"]];
yaml = ["yamlfmt"]; yaml = ["yamllint" "yamlfmt"];
sql = ["sqlfmt"]; sql = ["sqlfmt"];
#sql = ["sql-formatter"];
bash = [
"shellcheck"
"shellharden"
"shfmt"
];
}; };
# formatters = {
# sql-formatter = {
# command = "sql-formatter";
# args = "--config ~/.config/sql-formatter/config.json";
# };
# };
}; };
home.file.".config/sql-formatter/config.json".text = ''
{
"language": "postgresql",
"tabWidth": 2,
"linesBetweenQueries": 1,
"expressionWidth": 88,
"newlineBeforeSemicolon": true
}
'';
programs.nixvim.keymaps = [
# format document with Conform
{
mode = ["n"];
key = "<leader>cf";
action = "<CMD>Format<CR>";
options = {
silent = true;
desc = "Conform auto-format document";
};
}
];
} }

View File

@ -1,11 +1,5 @@
{ pkgs, ... }:
{ {
pkgs,
config,
...
}: let
user = config.home.username;
in {
imports = [ imports = [
./cmp.nix ./cmp.nix
./colorizer.nix ./colorizer.nix
@ -19,10 +13,7 @@ in {
./surround.nix ./surround.nix
./telescope.nix ./telescope.nix
./treesitter.nix ./treesitter.nix
./fold.nix ./alpha.nix
./todo-comments.nix
./oil.nix
./comment.nix
]; ];
# Load Plugins that aren't provided as modules by nixvim # Load Plugins that aren't provided as modules by nixvim
@ -36,15 +27,26 @@ in {
(pkgs.vimUtils.buildVimPlugin (pkgs.vimUtils.buildVimPlugin
{ {
name = "glow.nvim"; name = "precognition.nvim";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "ellisonleao"; owner = "tris203";
repo = "glow.nvim"; repo = "precognition.nvim";
rev = "238070a"; rev = "v1.0.0";
sha256 = "sha256-GsNcASzVvY0066kak2nvUY5luzanoBclqcUOsODww8g="; sha256 = "sha256-AqWYV/59ugKyOWALOCdycWVm0bZ7qb981xnuw/mAVzM=";
}; };
}) })
# (pkgs.vimUtils.buildVimPlugin
# {
# name = "hardtime";
# src = pkgs.fetchFromGitHub {
# owner = "m4xshen";
# repo = "hardtime.nvim ";
# rev = "9a4e24f";
# #sha256 = "sha256-abe9ZGmL7U9rC+LxC3LO5/bOn8lHke1FCKO0V3TZGs0=";
# };
# })
#
(pkgs.vimUtils.buildVimPlugin (pkgs.vimUtils.buildVimPlugin
{ {
name = "buffer_manager.nvim"; name = "buffer_manager.nvim";
@ -56,36 +58,19 @@ in {
}; };
}) })
(pkgs.vimUtils.buildVimPlugin
{
name = "vimwiki-sync";
src = pkgs.fetchFromGitHub {
owner = "michal-h21";
repo = "vimwiki-sync";
rev = "99eeab3";
sha256 = "sha256-cz0dSFphIbQAI4AOqwIUpDBTuj/3xlOkhSlIVMdgsqM=";
};
})
# Keep vim-devicons as last entry # Keep vim-devicons as last entry
pkgs.vimPlugins.vim-devicons pkgs.vimPlugins.vim-devicons
]; ];
programs.nixvim.extraConfigLua = '' programs.nixvim.extraConfigLua = ''
-- function to read api key from secrets file
local function read_api_key(file_path)
local file = io.open(file_path, "r")
if file then
local api_key = file:read("*all")
file:close()
return api_key
else
error("Failed to open file: " .. file_path)
end
end
-- buffer_manager.nvim -- buffer_manager.nvim
local opts = {noremap = true} local opts = {noremap = true}
require("precognition").setup(
{
}
)
require("buffer_manager").setup( require("buffer_manager").setup(
{ {
line_keys = "1234567890", line_keys = "1234567890",
@ -109,24 +94,14 @@ in {
} }
) )
require('glow').setup({
border = "shadow",
style = "dark",
pager = false,
width = 80,
height = 100,
width_ratio = 0.7,
height_ratio = 0.7,
})
-- Custom color for modified buffers -- Custom color for modified buffers
vim.api.nvim_set_hl(0, "BufferManagerModified", { fg = "#988100" }) vim.api.nvim_set_hl(0, "BufferManagerModified", { fg = "#988100" })
local bmui = require("buffer_manager.ui") local bmui = require("buffer_manager.ui")
vim.keymap.set('n', '<leader>b', bmui.toggle_quick_menu, opts) vim.keymap.set('n', '<leader>b', bmui.toggle_quick_menu, opts)
vim.keymap.set('n', '<leader>n', bmui.nav_next, opts) vim.keymap.set('n', '<leader>n', bmui.nav_next, opts)
vim.keymap.set('n', '<leader>p', bmui.nav_prev, opts) vim.keymap.set('n', '<leader>p', bmui.nav_prev, opts)
local keys="1234567890" local keys="1234567890"
for i = 1, #keys do for i = 1, #keys do
local key = keys:sub(i,i) local key = keys:sub(i,i)
@ -135,28 +110,7 @@ in {
opts opts
) )
end end
-- Setup vimwiki
vim.g.vimwiki_list = {
{
syntax = "markdown",
ext = ".md",
path = "/home/${user}/.local/share/notes",
},
}
-- Format function for conform.nvim
vim.api.nvim_create_user_command("Format", function(args)
local range = nil
if args.count ~= -1 then
local end_line = vim.api.nvim_buf_get_lines(0, args.line2 - 1, args.line2, true)[1]
range = {
start = { args.line1, 0 },
["end"] = { args.line2, end_line:len() },
}
end
require("conform").format({ async = true, lsp_format = "fallback", range = range })
end, { range = true })
''; '';
} }

View File

@ -1,31 +0,0 @@
{
programs.nixvim.plugins.nvim-ufo = {
enable = true;
};
programs.nixvim.extraConfigLua = ''
-- default fold options
vim.o.foldcolumn = '1'
vim.o.foldlevel = 99
vim.o.foldlevelstart = 99
vim.o.foldenable = true
-- nvim_ufo options
vim.keymap.set('n', 'zR', require('ufo').openAllFolds, { desc = "Open all folds" })
vim.keymap.set('n', 'zM', require('ufo').closeAllFolds, { desc = "Close all folds" })
vim.keymap.set('n', 'zK', function()
local winid = require("ufo").peekFoldedLinesUnderCursor()
if not winid then
vim.lsp.buf.hover()
end
end , { desc = "Peed fold" })
require("ufo").setup({
provider_selector = function(bufnr, filetype, buftype)
return { 'lsp', 'indent' }
end
})
'';
}

View File

@ -3,7 +3,6 @@
enable = true; enable = true;
keymaps = { keymaps = {
toggleQuickMenu = "<leader>h"; toggleQuickMenu = "<leader>h";
addFile = "<leader>a";
}; };
}; };
} }

View File

@ -1,74 +1,51 @@
{ osConfig , ... }:
let
hostname = osConfig.networking.hostName;
in
{ {
programs.nixvim.plugins = { programs.nixvim.plugins.lsp = {
lsp = { enable = true;
enable = true; servers = {
servers = { lua-ls = { enable = true; };
lua-ls = {enable = true;}; nixd = { enable = true; };
nixd = { bashls = { enable = true; };
enable = true; pyright = { enable = true; };
cmd = ["nixd"]; html = { enable = true; };
settings = { yamlls = { enable = true; };
nixpkgs.expr = "import <nixpkgs> { }"; marksman = { enable = true; };
options = { #sqls = {enable = true;};
nixos.expr = "(builtins.getFlake \"/etc/nixos\").nixosConfigurations.${hostname}.options"; };
# TODO get home-manager options working when hm imported as submodule keymaps = {
# home_manager.expr = "(builtins.getFlake \"github:nix-community/home-manager\").homeConfigurations.${hostname}.options"; lspBuf = {
}; gd = {
}; action = "definition";
desc = "Goto Definition";
}; };
bashls = {enable = true;}; gr = {
pyright = {enable = true;}; action = "references";
html = {enable = true;}; desc = "Goto References";
marksman = {enable = true;}; };
ccls = {enable = true;}; gD = {
cssls = {enable = true;}; action = "declaration";
r-language-server = {enable = true;}; desc = "Goto Declaration";
tsserver = {enable = true;}; };
}; gI = {
keymaps = { action = "implementation";
lspBuf = { desc = "Goto Implementation";
gd = { };
action = "definition"; gT = {
desc = "Goto Definition"; action = "type_definition";
}; desc = "Type Definition";
gr = { };
action = "references"; K = {
desc = "Goto References"; action = "hover";
}; desc = "Hover";
gD = { };
action = "declaration"; "<leader>cw" = {
desc = "Goto Declaration"; action = "workspace_symbol";
}; desc = "Workspace Symbol";
gI = { };
action = "implementation"; "<leader>cr" = {
desc = "Goto Implementation"; action = "rename";
}; desc = "Rename";
gT = {
action = "type_definition";
desc = "Type Definition";
};
gK = {
action = "hover";
desc = "Hover";
};
"<leader>cw" = {
action = "workspace_symbol";
desc = "Workspace Symbol";
};
"<leader>cr" = {
action = "rename";
desc = "Rename";
};
}; };
}; };
}; };
# TODO: enable otter.nvim when merged into nixvim stable
# otter = {
# enable = true;
# };
}; };
} }

View File

@ -1,9 +0,0 @@
{
programs.nixvim.plugins.oil = {
enable = true;
settings = {
columns = ["icon"];
view_options.show_hidden = true;
};
};
}

View File

@ -3,48 +3,4 @@
enable = true; enable = true;
extensions.fzy-native.enable = true; extensions.fzy-native.enable = true;
}; };
programs.nixvim.keymaps = [
{
# find files
mode = ["n"];
key = "<Leader>ff";
action = "<cmd>Telescope find_files<CR>";
options = {noremap = true;};
}
{
# live grep
mode = ["n"];
key = "<Leader>fg";
action = "<cmd>Telescope live_grep<CR>";
options = {noremap = true;};
}
{
# grep string under cursor
mode = ["n"];
key = "<Leader>fs";
action = "<cmd>Telescope grep_string<CR>";
options = {noremap = true;};
}
{
# buffers
mode = ["n"];
key = "<Leader>fb";
action = "<cmd>Telescope buffers<CR>";
options = {noremap = true;};
}
{
# help tags
mode = ["n"];
key = "<Leader>fh";
action = "<cmd>Telescope help_tags<CR>";
options = {noremap = true;};
}
{
# show recently opened files
mode = ["n"];
key = "<Leader>fo";
action = "<cmd>Telescope oldfiles<CR>";
options = {noremap = true;};
}
];
} }

View File

@ -1,19 +0,0 @@
{
programs = {
nixvim = {
plugins.todo-comments = {
enable = true;
};
keymaps = [
{
mode = [ "n" ];
action = "<cmd>TodoTelescope<cr>";
key = "<leader>ft";
options = {
silent = true;
};
}
];
};
};
}

View File

@ -8,10 +8,6 @@
shellAliases = { shellAliases = {
ll = "ls -l"; ll = "ls -l";
src = "cd ~/.local/share/src";
no = "cd /etc/nixos";
cat = "bat --decorations=never";
ls = "eza";
}; };
history.size = 10000; history.size = 10000;
history.path = "${config.xdg.dataHome}/zsh/history"; history.path = "${config.xdg.dataHome}/zsh/history";

View File

@ -1,4 +1,4 @@
{pkgs, ...}: { { pkgs, ... }: {
imports = [ imports = [
./firefox.nix ./firefox.nix
./alacritty.nix ./alacritty.nix
@ -14,21 +14,5 @@
pkgs.xfce.thunar pkgs.xfce.thunar
pkgs.kcolorchooser pkgs.kcolorchooser
pkgs.zotero pkgs.zotero
pkgs.transmission
pkgs.mpv
pkgs.gnome.simple-scan
pkgs.pandoc
pkgs.texlive.combined.scheme-small
pkgs.libreoffice-fresh
pkgs.hunspell
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en_US
pkgs.set_wm_class
pkgs.xorg.xkill
pkgs.krita
pkgs.R
pkgs.gimp
pkgs.gajim
]; ];
} }

View File

@ -1,53 +1,38 @@
{ { pkgs, config, ... }:
pkgs, let
config,
configVars,
...
}: let
user = config.home.username; user = config.home.username;
jellyfinIp = configVars.networking.addresses.jellyfin.ip; in
jellyfinPort = configVars.networking.addresses.jellyfin.port; {
bitcoinNodeIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
in {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
profiles.${user} = { profiles.${user} = {
search = { search = {
force = true; force = true;
default = "Searx"; default = "Searx";
order = ["Searx" "DuckDuckGo"]; order = [ "Searx" "DuckDuckGo" ];
engines = { engines = {
"Nix Packages" = { "Nix Packages" = {
urls = [ urls = [{
{ template = "https://search.nixos.org/packages";
template = "https://search.nixos.org/packages"; params = [
params = [ { name = "type"; value = "packages"; }
{ { name = "query"; value = "{searchTerms}"; }
name = "type"; ];
value = "packages"; }];
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@np"]; definedAliases = [ "@np" ];
}; };
"NixOS Wiki" = { "NixOS Wiki" = {
urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}]; urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }];
iconUpdateURL = "https://nixos.wiki/favicon.png"; iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@nw"]; definedAliases = [ "@nw" ];
}; };
"Searx" = { "Searx" = {
urls = [{template = "http://10.0.10.35:8855/?q={searchTerms}";}]; urls = [{ template = "http://10.0.10.35:8855/?q={searchTerms}"; }];
iconUpdateURL = "https://docs.searxng.org/_static/searxng-wordmark.svg"; iconUpdateURL = "https://docs.searxng.org/_static/searxng-wordmark.svg";
updateInterval = 24 * 60 * 60 * 1000; # every day updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = ["@searx"]; definedAliases = [ "@searx" ];
}; };
"Bing".metaData.hidden = true; "Bing".metaData.hidden = true;
"Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias "Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias
@ -56,22 +41,16 @@ in {
bookmarks = [ bookmarks = [
{ {
name = "toolbar"; name = "wikipedia";
toolbar = true; tags = [ "wiki" ];
bookmarks = [ keyword = "wiki";
{ url = "https://en.wikipedia.org/wiki/Special:Search?search=%s&go=Go";
name = "Jellyfin"; }
url = "http://${jellyfinIp}:${jellyfinPort}"; {
} name = "bitlab21";
{ tags = [ "bitcoin" ];
name = "Mempool"; keyword = "bitcoin";
url = "http://${bitcoinNodeIp}:${toString mempoolPort}"; url = "https://bitlab21.com";
}
{
name = "Nixos Package Search";
url = "https://search.nixos.org/packages";
}
];
} }
]; ];
@ -96,6 +75,7 @@ in {
privacy-badger privacy-badger
zotero-connector zotero-connector
]; ];
}; };
}; };
} }

View File

@ -1,19 +1,6 @@
{ pkgs, ... }: { ... }: {
{
home.packages = with pkgs; [
nerdfonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
hack-font
liberation_ttf
libertine
font-awesome
];
fonts = { fonts = {
fontconfig = { fontconfig = {
enable = true;
defaultFonts = { defaultFonts = {
serif = [ "NotoSans Nerd Font" ]; serif = [ "NotoSans Nerd Font" ];
sansSerif = [ "Linux Biolinum O" ]; sansSerif = [ "Linux Biolinum O" ];

View File

@ -1,13 +0,0 @@
{
pkgs,
...
}: {
programs.kodi = {
enable = true;
package = pkgs.kodi.withPackages (kodiPkgs:
with kodiPkgs; [
netflix
jellycon
]);
};
}

View File

@ -1,48 +1,21 @@
{pkgs, ...}: { { pkgs, ... }:
{
# Prevent error when enabling gtk https://github.com/nix-community/home-manager/issues/3113 # Prevent error when enabling gtk https://github.com/nix-community/home-manager/issues/3113
# error: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name ca.desrt.dconf was not provided by any .service files # error: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name ca.desrt.dconf was not provided by any .service files
home.packages = [ home.packages = [ pkgs.dconf ];
pkgs.dconf gtk.enable = true;
];
# Get details about theme package home.file = {
#cd $(nix build nixpkgs#kanagawa-gtk-theme --print-out-paths --no-link) && nix run nixpkgs#eza -- --tree --level 4 ".icons/bibata".source = "${pkgs.bibata-cursors}/share/icons/Bibata-Modern-Classic";
gtk = {
enable = true;
theme = {
name = "Kanagawa-B";
package = pkgs.kanagawa-gtk-theme;
};
iconTheme = {
package = pkgs.gnome.adwaita-icon-theme;
name = "Adwaita";
};
gtk3.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
gtk4.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
}; };
#gtk.theme.package = pkgs.kanagawa-gtk-theme; # Get details about theme package
#cd $(nix build nixpkgs#kanagawa-gtk-theme --print-out-paths --no-link) && nix run nixpkgs#eza -- --tree --level 4
gtk.theme.package = pkgs.kanagawa-gtk-theme;
gtk.theme.name = "Kanagawa-B";
# gtk.cursorTheme = { gtk.iconTheme.package = pkgs.kanagawa-icon-theme;
# name = "Vimix-Cursors"; gtk.iconTheme.name = "Kanagawa";
# package = pkgs.vimix-cursor-theme;
# };
# gtk.theme.name = "Kanagawa-B";
# gtk.iconTheme.package = pkgs.kanagawa-icon-theme;
# gtk.iconTheme.name = "Kanagawa";
qt.enable = true; qt.enable = true;
qt.platformTheme.name = "gtk"; qt.platformTheme.name = "gtk";

View File

@ -11,9 +11,4 @@
pkgs.feh pkgs.feh
]; ];
programs.chromium = {
enable = true;
package = pkgs.brave;
};
} }

View File

@ -7,8 +7,8 @@
./xinitrc.nix ./xinitrc.nix
./sxhkdrc.nix ./sxhkdrc.nix
./picom.nix ./picom.nix
./xresources.nix
./dunst.nix ./dunst.nix
./music_player.nix
# Status bar scripts # Status bar scripts
./scripts/sb-cpu-pct.nix ./scripts/sb-cpu-pct.nix
@ -16,11 +16,9 @@
./scripts/sb-volume.nix ./scripts/sb-volume.nix
./scripts/sb-network-status.nix ./scripts/sb-network-status.nix
./scripts/sb-updates.nix ./scripts/sb-updates.nix
./scripts/sb-battery.nix
# Notification scripts # Notification scripts
./scripts/dunstify-volume-notification.nix ./scripts/dunstify-volume-notification.nix
./scripts/dunstify-battery-notification.nix
# Helper scripts # Helper scripts
./scripts/emoji-picker.nix ./scripts/emoji-picker.nix
@ -29,10 +27,6 @@
./scripts/get-focused-monitor.nix ./scripts/get-focused-monitor.nix
./scripts/git-commit-ai.nix ./scripts/git-commit-ai.nix
./scripts/aichat-wrapper.nix ./scripts/aichat-wrapper.nix
./scripts/dmenu-wifi.nix
./scripts/battery-status.nix
./scripts/dmenu-set-wm-class.nix
./scripts/key-remaps.nix
]; ];
home.packages = [ home.packages = [

View File

@ -30,6 +30,7 @@
#format = ''%I %s %p\n%b''; #format = ''%I %s %p\n%b'';
format = ''<b>%s:</b>\n%b\n\n%a ''; format = ''<b>%s:</b>\n%b\n\n%a '';
#TODO dynamic fonts
font = "monospace"; font = "monospace";
# Options are "left", "center", and "right". # Options are "left", "center", and "right".
@ -171,7 +172,7 @@
urgency_critical = { urgency_critical = {
background = "#${config.colorScheme.colors.base08}"; background = "#${config.colorScheme.colors.base08}";
foreground = "#${config.colorScheme.colors.base05}"; foreground = "#${config.colorScheme.colors.base05}";
frame_color = "#${config.colorScheme.colors.base05}"; frame_color = "#${config.colorScheme.colors.base00}";
timeout = 0; timeout = 0;
}; };
}; };

View File

@ -1,65 +0,0 @@
{ pkgs, config, ... }:
{
home.file."mus/music_data".source = config.lib.file.mkOutOfStoreSymlink /media/media/music/music_data;
home.packages = [
pkgs.ffmpeg
pkgs.nsxiv
pkgs.kunst
pkgs.mpc-cli
pkgs.jq
pkgs.imagemagick
];
services.mpd = {
enable = true;
package = pkgs.mpd;
extraConfig = ''
music_directory "~/mus/music_data"
playlist_directory "~/.local/share/mpd/playlists"
log_file "~/.local/share/mpd/log"
db_file "~/.local/share/mpd/database"
pid_file "~/.local/share/mpd/pid"
state_file "~/.local/share/mpd/state"
sticker_file "~/.local/share/mpd/sticker.sql"
auto_update "yes"
audio_output {
type "pipewire"
name "PipeWire Sound Server"
}
audio_output {
type "fifo"
name "Visualizer feed"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
'';
musicDirectory = "~/mus/music_data";
};
programs.ncmpcpp = {
enable = true;
package = (pkgs.ncmpcpp.override { visualizerSupport = true; });
mpdMusicDir = "~/mus/music_data";
settings = {
mpd_host = "127.0.0.1";
mpd_port = "6600";
visualizer_data_source = "/tmp/mpd.fifo";
visualizer_output_name = "Visualizer Feed";
visualizer_in_stereo = "yes";
visualizer_type = "spectrum";
visualizer_fps = "60";
visualizer_autoscale = "no";
visualizer_look = "";
visualizer_color = "169, 170, 169, 135, 134, 133, 129, 128, 127, 126, 125, 124";
visualizer_spectrum_smooth_look = "yes";
visualizer_spectrum_dft_size = "3";
};
};
}

View File

@ -1,54 +0,0 @@
{ pkgs, ... }:
{
home.packages = [
(pkgs.writeShellScriptBin "battery-status" ''
# Get the current power consumption of the laptop battery
power=$(cat /sys/class/power_supply/BAT0/power_now)
power_watts=$(${pkgs.bc}/bin/bc <<< "scale=3; $power / 1000000")
# Get the current battery charge capacity
energy=$(cat /sys/class/power_supply/BAT0/energy_now)
# Get the current battery status (charging or discharging)
battery_status=$(cat /sys/class/power_supply/BAT0/status)
# Calculate the time remaining until the battery is empty or full
if [ "$battery_status" == "Charging" ]; then
# Calculate the time remaining until the battery is full
hours=$(${pkgs.bc}/bin/bc <<< "scale=2; $power / $energy")
hours_int=$(${pkgs.bc}/bin/bc <<< "scale=0; $hours / 1")
minutes=$(${pkgs.bc}/bin/bc <<< "scale=0; 60 * ($hours - $hours_int)/1")
if [ "$hours_int" -gt "0" ]; then
# Show hours and minutes if time remaining is greater than or equal to 1 hour
echo "Full in: $hours_int hours $minutes minutes"
else
# Show minutes if time remaining is less than 1 hour
echo "Full in: $minutes minutes"
fi
elif [ "$battery_status" == "Discharging" ]; then
# Calculate the time remaining until the battery is empty
hours=$(${pkgs.bc}/bin/bc <<< "scale=2; $energy / $power")
hours_int=$(${pkgs.bc}/bin/bc <<< "scale=0; $hours / 1")
minutes=$(${pkgs.bc}/bin/bc <<< "scale=0; 60 * ($hours - $hours_int)/1")
if [ "$hours_int" -gt "0" ]; then
# Show hours and minutes if time remaining is greater than or equal to 1 hour
echo "Empty in: $hours_int hours $minutes minutes"
else
# Show minutes if time remaining is less than 1 hour
echo "Empty in: $minutes minutes"
fi
elif [ "$battery_status" == "Full" ]; then
echo "Battery full"
elif [ "$battery_status" == "Not charging" ]; then
echo "Battery full - not charging"
fi
echo "Power consumption: $power_watts W"
'')
];
}

View File

@ -14,7 +14,7 @@
*image*) *image*)
echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)" echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)"
filename=$(${xclip}/bin/xclip -selection clipboard -t image/png -o | ${openssl}/bin/openssl sha1 | cut -b 49-) filename=$(${xclip}/bin/xclip -selection clipboard -t image/png -o | ${openssl}/bin/openssl sha1 | cut -b 49-)
file_exists=$(ls $image_location | grep $filename | sed "s/\..*//") file_exists=$(/bin/ls $image_location | grep $filename | sed "s/\..*//")
[[ $filename != "$file_exists" ]] && [[ $filename != "$file_exists" ]] &&
xclip -selection clipboard -t image/png -o > "$image_location/$filename.png" && xclip -selection clipboard -t image/png -o > "$image_location/$filename.png" &&
notify-send -t 5000 "Image Copied" "$image_location/$filename.png" notify-send -t 5000 "Image Copied" "$image_location/$filename.png"
@ -22,7 +22,7 @@
*UTF8_STRING*) *UTF8_STRING*)
echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)" echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)"
filename=$(${xclip}/bin/xclip -selection clipboard -t UTF8_STRING -o | ${openssl}/bin/openssl sha1 | cut -b 49-) filename=$(${xclip}/bin/xclip -selection clipboard -t UTF8_STRING -o | ${openssl}/bin/openssl sha1 | cut -b 49-)
file_exists=$(ls "$text_location" | grep "$filename" | sed "s/\..*//") file_exists=$(/bin/ls "$text_location" | grep "$filename" | sed "s/\..*//")
echo "$filename" "$file_exists" echo "$filename" "$file_exists"
[[ "$filename" != "$file_exists" ]] && [[ "$filename" != "$file_exists" ]] &&
xclip -selection clipboard -t UTF8_STRING -o > "$text_location/$filename" xclip -selection clipboard -t UTF8_STRING -o > "$text_location/$filename"

View File

@ -1,13 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "dmenu-set-wm-class" ''
${libnotify}/bin/notify-send "Set Window Class" "Select window..."
winid=$(${xorg.xwininfo}/bin/xwininfo | grep "Window id:" | grep -o "0x[0-9a-fA-F]*")
class=$(${xorg.xprop}/bin/xprop -id "$winid" WM_CLASS | grep -o "\".*\"$")
new_class=$( echo "" | ${dmenu}/bin/dmenu -p "Selected: $class. Set class name of window:")
[ -z "$new_class" ] && ${libnotify}/bin/notify-send "Set Window Class" "Nothing set, exiting" && exit
${set_wm_class}/bin/set_wm_class "$winid" "$new_class"
'')
];
}

View File

@ -1,51 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "dmenu-wifi" ''
nmcli dev wifi rescan
ssid_list=$(nmcli -f in-use,bssid,ssid,mode,chan,freq,rate,signal,bars,security dev wifi)
available_connections=$(echo "$ssid_list" | sed '/--.*Infra/d')
connection=$( echo "$available_connections" | dmenu -l 20)
bssid=$(echo "$connection" | sed 's/^.\s*//;s/\s\s.*$//')
ssid=$(echo "$connection" | sed 's/^.\s*[0-9;A-Z;:]*\s\s//;s/\s*Infra\s*[0-9].*$//')
[[ "$connection" = "" ]] && notify-send -t 5000 "Wifi Connect" "Cancelled" && exit 0
[[ $( echo "$connection" | grep "IN-USE" -o) = "IN-USE" ]] && notify-send -t 5000 "Wifi Connect" "Please select valid network" && exit 0
[[ -n "$(echo "$connection" | grep '\*')" ]] && notify-send -t 5000 "Wifi Connect" "Already Connected to: $(echo "$ssid")" && exit 0
notify-send -t 5000 "Network Manager" "Attempting to connect to $ssid..."
nmcli connection modify "$ssid" 802-11-wireless.bssid "$bssid"
nmcli device wifi connect "$bssid"
return_code=$?
if [ $return_code == 4 ];
then
notify-send -t 5000 "Wifi Connect" "Please enter password for '$ssid'..."
prompt="Enter Password for '$ssid'"
pwd=$(echo "" | dmenu -p "$prompt")
nmcli device wifi connect "$bssid" password "$pwd"
return_code=$?
fi
case "$return_code" in
0) notify-send -t 5000 "Wifi Connect" "Successfully connected to: $ssid!"
pkill -RTMIN+12 dwmblocks
exit 0
;;
3) notify-send -t 5000 "Wifi Connect" "Connection to $ssid failed. Timeout expired?"
pkill -RTMIN+12 dwmblocks
exit 1
;;
4)
notify-send -t 5000 "Wifi Connect" "Connection to $ssid failed. Possibly wrong password?"
nmcli connection delete id "$ssid"
pkill -RTMIN+12 dwmblocks
exit 1
;;
*) notify-send -t 5000 "Wifi Connect" "Connection to $ssid failed. Error code $?"
echo "Failed. Exiting"
pkill -RTMIN+12 dwmblocks
exit 1
esac
'')
];
}

View File

@ -1,9 +0,0 @@
{ pkgs, ... }:
{
home.packages = [
(pkgs.writeShellScriptBin "dunstify-battery-notification" ''
msgTag="battery-notify"
${pkgs.dunst}/bin/dunstify -a "batteryNotify" -u critical -i battery-notify -h string:x-dunst-stack-tag:$msgTag "Battery Status" "$(battery-status)" -t 5000
'')
];
}

View File

@ -1,11 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
(writeShellScriptBin "key-remaps" ''
${xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
${xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
${xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
${xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
${xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
'')
];
}

View File

@ -1,37 +0,0 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "sb-battery" ''
BAT=/sys/class/power_supply/BAT0/capacity
# Exit script if no battery detected
[ ! -f "$BAT" ] && exit
STATUS=$(cat /sys/class/power_supply/BAT0/uevent | grep "POWER_SUPPLY_STATUS" | sed "s/^.*=//")
capacity=$(cat "$BAT")
if [ "$STATUS" == "Charging" ] || [ "$STATUS" == "Not charging" ]; then
echo "[󰂄 $capacity%] "
else
case $capacity in
100) echo "[󰁹 $capacity%] ";;
9[0-9]) echo "[󰂂 $capacity%] ";;
8[0-9]) echo "[󰂁 $capacity%] ";;
7[0-9]) echo "[󰂀 $capacity%] ";;
6[0-9]) echo "[󰁿 $capacity%] ";;
5[0-9]) echo "[󰁾 $capacity%] ";;
4[0-9]) echo "[󰁽 $capacity%] ";;
3[0-9]) echo "[󰁼 $capacity%] ";;
2[0-9]) echo "[󰁻 $capacity%] ";;
1[0-9]) echo "[󰁺 $capacity%] ";;
[6-9]) echo "[󰁺 $capacity%] ";;
[0-5]) echo "[󰂃 $capacity%] ";;
esac
fi
if [[ $capacity -le 20 && $STATUS != "Charging" ]]; then
dunstify-battery-notification
fi
'')
];
}

View File

@ -41,7 +41,7 @@
if [ -z "$IP_ADDRESS" ]; if [ -z "$IP_ADDRESS" ];
then then
printf "[$network_symbol] " printf "$network_symbol"
else else
printf "[$network_symbol|$IP_ADDRESS] " printf "[$network_symbol|$IP_ADDRESS] "
fi fi

View File

@ -2,12 +2,12 @@
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
(writeShellScriptBin "sb-updates" '' (writeShellScriptBin "sb-updates" ''
# Gets number of flake inputs that are ready for update # Gets number of flake inputs that are ready for update
# Checks every 60 minutes # Checks every 60 minutes
# inputs=$(cd /etc/nixos && inputs=$(cd /etc/nixos &&
# nix flake update --output-lock-file <(cat flake.nix) 2> /tmp/update && nix flake update --output-lock-file <(cat flake.nix) 2> /tmp/update &&
# cat /tmp/update | grep -c Update) cat /tmp/update | grep -c Update)
# printf "[ $inputs] " printf "[ $inputs] "
'') '')
]; ];
} }

View File

@ -1,5 +1,5 @@
{ {
# TODO: add emoji and dmenu-dict scripts # TODO add emoji and dmenu-dict scripts
home.file.".config/sxhkd/sxhkdrc" = { home.file.".config/sxhkd/sxhkdrc" = {
recursive = true; recursive = true;
text = '' text = ''
@ -15,20 +15,29 @@
XF86AudioMicMute XF86AudioMicMute
pamixer --default-source --toggle-mute && dunstify-volume-notification && pkill -RTMIN+10 dwmblocks && exit 1 pamixer --default-source --toggle-mute && dunstify-volume-notification && pkill -RTMIN+10 dwmblocks && exit 1
XF86MonBrightnessUp
light -A 5 && dunstify-brightness-notification
XF86MonBrightnessDown
light -U 5 && dunstify-brightness-notification
XF86Messenger XF86Messenger
dunstify-battery-notification dunstify-battery-notification
control + Home
bookmark-add
control + Insert
bookmark-insert
control + F8 control + F8
clipboard-image-recall /tmp/clipboard/images/ clipboard-image-recall /tmp/clipboard/images/
Print Print
env QT_AUTO_SCREEN_SCALE_FACTOR=1.5 QT_SCREEN_SCALE_FACTORS="" flameshot gui flameshot gui
control + F7 control + F7
emoji-picker emoji-picker
control + F4
dmenu-set-wm-class
''; '';
}; };
} }

View File

@ -1,14 +1,21 @@
{...}: { { config, ... }:
# TODO: configure x11 to look in .config/x11 let
monitor = "${toString (builtins.map (m: "xrandr --output ${ m.name } --mode ${ toString( m.width )}x${ toString( m.height )} --pos ${ toString( m.x)}x${ toString( m.y)}" ) config.monitors)}";
in
{
# TODO configure x11 to look in .config/x11
home.file.".xinitrc" = { home.file.".xinitrc" = {
recursive = true; recursive = true;
text = '' text = ''
picom -b --config ~/.config/picom/picom.conf picom -b --config ~/.config/picom/picom.conf
xrdb -merge ~/.Xresources xrdb ~/.Xresources
autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd key-remaps" ${monitor}
autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd"
for program in $autostart; do for program in $autostart; do
pidof -sx "$program" || "$program" & pidof -sx "$program" || "$program" &
done >/dev/null 2>&1 done >/dev/null 2>&1
@ -18,10 +25,10 @@
eval $(dbus-launch --exit-with-session --sh-syntax) eval $(dbus-launch --exit-with-session --sh-syntax)
fi fi
systemctl --user import-environment DISPLAY XAUTHORITY systemctl --user import-environment DISPLAY XAUTHORITY
if command -v dbus-update-activation-environment >/dev/null 2>&1; then if command -v dbus-update-activation-environment >/dev/null 2>&1; then
dbus-update-activation-environment DISPLAY XAUTHORITY dbus-update-activation-environment DISPLAY XAUTHORITY
fi fi
export XSESSION_PID="$$" export XSESSION_PID="$$"
exec dwm exec dwm

View File

@ -0,0 +1,44 @@
{ config, ... }:
{
home.file.".Xresources" = {
recursive = true;
text = ''
! scale
Xft.dpi: 144
! st
st.alpha: 0.8
St.font: monospace:pixelsize=21:antialias=true:autohint=true;
St.font2: NotoColorEmoji:pixelsize=19:antialias=true:autohint=true;
! dwm
dwm.borderpx: 3
dwm.font: monospace:size=12
dwm.col_base00: #${config.colorScheme.colors.base00}
dwm.col_base03: #${config.colorScheme.colors.base03}
dwm.col_base04: #${config.colorScheme.colors.base04}
dwm.col_base05: #${config.colorScheme.colors.base05}
dwm.col_base08: #${config.colorScheme.colors.base08}
dwm.col_base0B: #${config.colorScheme.colors.base0B}
! dmenu
dmenu.font: monospace:size=12
dmenu.font2: NotoColorEmoji:pixelsize=22:antialias=true:autohint=true
dmenu.topbar: 1
dmenu.normfgcolor: #${config.colorScheme.colors.base05}
dmenu.normbgcolor: #${config.colorScheme.colors.base03}
dmenu.selfgcolor: #${config.colorScheme.colors.base00}
dmenu.selbgcolor: #${config.colorScheme.colors.base0B}
Nsxiv.window.background: #${config.colorScheme.colors.base03}
Nsxiv.window.foreground: #${config.colorScheme.colors.base05}
Nsxiv.mark.foreground: #${config.colorScheme.colors.base08}
Nsxiv.bar.background: #${config.colorScheme.colors.base00}
Nsxiv.bar.foreground: #${config.colorScheme.colors.base05}
Nsxiv.bar.font: monospace:size=12
'';
};
}

View File

@ -1,13 +1,10 @@
{ pkgs, configVars, ... }: { pkgs, ... }:
let
email = configVars.email.user;
in
{ {
programs.git = { programs.git = {
enable = true; enable = true;
package = pkgs.gitAndTools.gitFull; package = pkgs.gitAndTools.gitFull;
userName = "Sam"; userName = "Sam";
userEmail = "${email}"; userEmail = "samual.shop@proton.me";
aliases = { }; aliases = { };
extraConfig = { extraConfig = {
pull.rebase = false; pull.rebase = false;

View File

@ -1,18 +0,0 @@
{ pkgs, config, lib, ... }:
let
user = config.home.username;
in
{
home.activation.get-notes = lib.hm.dag.entryAfter [ "installPackages" ] ''
notes_dir=/home/${user}/.local/share/notes
remote=git@git.bitlab21.com:sam/notes
if [ -d "$notes_dir" ];
then
cd "$notes_dir"
[ ! -d .git ] && PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH" git clone "$remote" "$notes_dir"
else
mkdir -p "$notes_dir" && PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH" git clone "$remote" "$notes_dir"
fi
exit 0
'';
}

View File

@ -1,53 +0,0 @@
{
config,
pkgs,
...
}: let
in {
systemd.user.services.transmission-daemon = {
Unit = {
Description = "Transmission Bittorrent Daemon";
Wants = "network-online.target";
After = "network-online.target";
Documentation = "man:transmission-daemon(1)";
};
Install = {
WantedBy = ["multi-user.target"];
};
Service = {
User = "transmission";
Type = "notify";
ExecStart = "${pkgs.transmission}/bin/transmission-daemon -f --log-level=error";
ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID";
CapabilityBoundingSet = "";
DevicePolicy = "closed";
KeyringMode = "private";
LockPersonality = "true";
NoNewPrivileges = "true";
MemoryDenyWriteExecute = "true";
PrivateTmp = "true";
PrivateDevices = "true";
ProtectClock = "true";
ProtectKernelLogs = "true";
ProtectControlGroups = "true";
ProtectKernelModules = "true";
ProtectSystem = "true";
ProtectHostname = "true";
ProtectKernelTunables = "true";
ProtectProc = "invisible";
RestrictNamespaces = "true";
RestrictSUIDSGID = "true";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
RestrictRealtime = "true";
SystemCallFilter = "@system - service";
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
};
};
# home.file.".config/transmission-daemon/settings.json" = {
# recursive = true;
# text = ''
#
# '';
# };
}

View File

@ -1,120 +0,0 @@
{ pkgs, ... }:
{
programs.yazi = {
enable = true;
package = pkgs.yazi;
enableBashIntegration = true;
enableZshIntegration = true;
settings = {
log = {
enabled = true;
};
manager = {
show_hidden = false;
sort_by = "modified";
sort_dir_first = true;
sort_reverse = true;
};
};
theme = {
manager = {
marker_copied = { fg = "#98bb6c"; bg = "#98bb6c"; };
marker_cut = { fg = "#e46876"; bg = "#e46876"; };
marker_marked = { fg = "#957fb8"; bg = "#957fb8"; };
marker_selected = { fg = "#ffa066"; bg = "#ffa066"; };
cwd = { fg = "#e6c384"; };
hovered = { reversed = true; };
preview_hovered = { reversed = true; };
tab_active = { reversed = true; };
tab_inactive = { };
tab_width = 1;
count_copied = { fg = "#1f1f28"; bg = "#98bb6c"; };
count_cut = { fg = "#1f1f28"; bg = "#e46876"; };
count_selected = { fg = "#1f1f28"; bg = "#e6c384"; };
border_symbol = "";
border_style = { fg = "#dcd7ba"; };
};
status = {
separator_open = "";
separator_close = "";
separator_style = { fg = "reset"; bg = "#363646"; };
mode_normal = { fg = "#1f1f28"; bg = "#85a6ea"; bold = true; };
mode_select = { fg = "#1f1f28"; bg = "#957fb8"; bold = true; };
mode_unset = { fg = "#1f1f28"; bg = "#e6c384"; bold = true; };
progress_label = { fg = "#85a6ea"; bg = "#363646"; bold = true; };
progress_normal = { fg = "#363646"; bg = "#1f1f28"; };
progress_error = { fg = "#363646"; bg = "#1f1f28"; };
permissions_t = { fg = "#98bb6c"; };
permissions_r = { fg = "#e6c384"; };
permissions_w = { fg = "#e82424"; };
permissions_x = { fg = "#7aa89f"; };
permissions_s = { fg = "#938aa9"; };
};
select = {
border = { fg = "#7fb4ca"; };
active = { fg = "#938aa9"; bold = true; };
inactive = { };
};
input = {
border = { fg = "#7fb4ca"; };
title = { };
value = { };
selected = { reversed = true; };
};
completion = {
border = { fg = "#7fb4ca"; };
active = { reversed = true; };
inactive = { };
};
tasks = {
border = { fg = "#7fb4ca"; };
title = { };
hovered = { fg = "#938aa9"; };
};
which = {
cols = 2;
separator = " - ";
separator_style = { fg = "#727169"; };
mask = { bg = "#16161d"; };
rest = { fg = "#727169"; };
cand = { fg = "#85a6ea"; };
desc = { fg = "#565666"; };
};
help = {
on = { fg = "#7aa89f"; };
run = { fg = "#938aa9"; };
desc = { };
hovered = { reversed = true; bold = true; };
footer = { fg = "#090618"; bg = "#dcd7ba"; };
};
notify = {
title_info = { fg = "#98bb6c"; };
title_warn = { fg = "#e6c384"; };
title_error = { fg = "#e82424"; };
};
filetype = {
rules = [
{ mime = "image/*"; fg = "#e6c384"; }
{ mime = "{audio,video}/*"; fg = "#957fb8"; }
{ mime = "application/{,g}zip"; fg = "#e46876"; }
{ mime = "application/x-{tar,bzip*,7z-compressed,xz,rar}"; fg = "#e46876"; }
{ mime = "application/{pdf,doc,rtf,vnd.*}"; fg = "#6a9589"; }
{ name = "*"; is = "orphan"; fg = "#e46876"; }
{ name = "*"; is = "exec"; fg = "#957fb8"; }
{ name = "*/"; fg = "#85a6ea"; }
];
};
};
};
}

14
home/fileserver.nix Normal file
View File

@ -0,0 +1,14 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
}

13
home/nebula.nix Normal file
View File

@ -0,0 +1,13 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
# Import optional
./common/optional/git.nix
];
}

29
home/nixdev.nix Normal file
View File

@ -0,0 +1,29 @@
{ ...
}: {
imports = [
# Import users
./users/sam
./common/core
./common/optional/desktop/hyprland
./common/optional/desktop/waybar.nix
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
# ------
# | DP-1
# ------
monitors = [
{
name = "Virtual-1";
width = 2048;
height = 1152;
x = 0;
workspace = "1";
primary = true;
}
];
}

View File

@ -1,7 +1,4 @@
{ { ...
pkgs,
config,
...
}: { }: {
imports = [ imports = [
# Import users # Import users
@ -15,13 +12,28 @@
./common/optional/syncthing.nix ./common/optional/syncthing.nix
./common/optional/desktop/dwm ./common/optional/desktop/dwm
./common/optional/desktop/common/themes/standard-dark.nix ./common/optional/desktop/common/themes/standard-dark.nix
./common/optional/notes.nix
./common/optional/yazi.nix
./common/optional/transmission.nix
];
home.packages = [ ];
pkgs.qgis # ------
# | DP-1
# ------
monitors = [
{
name = "DP-1";
width = 2560;
height = 1440;
x = 0;
y = 0;
workspace = "1";
primary = true;
}
{
name = "DP-2";
width = 2560;
height = 1440;
x = 2560;
y = 0;
}
]; ];
colorScheme = { colorScheme = {
@ -48,37 +60,4 @@
}; };
}; };
xresources.extraConfig = ''
! st
st.alpha: 0.8
St.font: monospace:pixelsize=21:antialias=true:autohint=true;
St.font2: NotoColorEmoji:pixelsize=19:antialias=true:autohint=true;
! dwm
dwm.borderpx: 3
dwm.font: monospace:size=12
dwm.col_base00: #${config.colorScheme.colors.base00}
dwm.col_base03: #${config.colorScheme.colors.base03}
dwm.col_base04: #${config.colorScheme.colors.base04}
dwm.col_base05: #${config.colorScheme.colors.base05}
dwm.col_base08: #${config.colorScheme.colors.base08}
dwm.col_base0B: #${config.colorScheme.colors.base0B}
! dmenu
dmenu.font: monospace:size=12
dmenu.font2: NotoColorEmoji:pixelsize=22:antialias=true:autohint=true
dmenu.topbar: 1
dmenu.normfgcolor: #${config.colorScheme.colors.base05}
dmenu.normbgcolor: #${config.colorScheme.colors.base03}
dmenu.selfgcolor: #${config.colorScheme.colors.base00}
dmenu.selbgcolor: #${config.colorScheme.colors.base0B}
Nsxiv.window.background: #${config.colorScheme.colors.base03}
Nsxiv.window.foreground: #${config.colorScheme.colors.base05}
Nsxiv.mark.foreground: #${config.colorScheme.colors.base08}
Nsxiv.bar.background: #${config.colorScheme.colors.base00}
Nsxiv.bar.foreground: #${config.colorScheme.colors.base05}
Nsxiv.bar.font: monospace:size=12
'';
} }

View File

@ -11,7 +11,6 @@
./common/optional/git.nix ./common/optional/git.nix
./common/optional/syncthing.nix ./common/optional/syncthing.nix
./common/optional/desktop/cinnamon ./common/optional/desktop/cinnamon
./common/optional/desktop/common/kodi.nix
]; ];

View File

@ -1,22 +1,25 @@
{outputs, ...}: { { outputs, ... }:
{
home.username = "sam"; home.username = "sam";
home.homeDirectory = "/home/sam"; home.homeDirectory = "/home/sam";
imports = imports = [
[ ] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
]
++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
programs.ssh = { programs.ssh = {
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"git.bitlab21.com" = { "git.bitlab21.com" = {
identitiesOnly = true; identitiesOnly = true;
identityFile = ["~/.ssh/id_ed25519"]; identityFile = [ "~/.ssh/id_ed25519" ];
}; };
}; };
}; };
home.sessionPath = [
];
xdg.userDirs = { xdg.userDirs = {
enable = true; enable = true;
createDirectories = true; createDirectories = true;
@ -36,6 +39,6 @@
READER = "zathura"; READER = "zathura";
IMAGE_VIEWER = "nsxiv"; IMAGE_VIEWER = "nsxiv";
IMAGE_EDITOR = "drawing"; IMAGE_EDITOR = "drawing";
PATH = "$PATH:$HOME/.scripts";
}; };
} }

View File

@ -1,206 +0,0 @@
{
inputs,
lib,
pkgs,
config,
configVars,
...
}: let
# Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/nvme0n1"; # depends on target hardware
encrypted = true; # currrently only applies to btrfs
btrfsMountDevice =
if encrypted
then "/dev/mapper/crypted"
else "/dev/root_vg/root";
user = "sam";
impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
imports = [
# Create users for this host
../common/users/${user}
# Disk configuration
inputs.disko.nixosModules.disko
(import ../common/disks {
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Impermanence
(import ../common/disks/btrfs/impermanence.nix {
btrfsMountDevice = btrfsMountDevice;
lib = lib;
})
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/persistence.nix
../common/optional/pipewire.nix
../common/optional/openssh.nix
../common/optional/dwm.nix
../common/optional/nfs-mounts/media.nix
../common/optional/nfs-mounts/homeshare.nix
../common/optional/nfs-mounts/photos.nix
../common/optional/printing.nix
../common/optional/backlight.nix
../common/optional/xmodmap-arrow-remaps.nix
../common/optional/nix-ld.nix
../common/optional/gaming.nix
];
boot = {
blacklistedKernelModules = ["snd_hda_intel" "snd_soc_skl"];
kernelModules = ["iwlwifi"];
initrd.kernelModules = ["thinkpad-acpi" "acpi-call"];
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
extraModulePackages = [
config.boot.kernelPackages.acpi_call
];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = 3;
};
};
swapDevices = [
{
device = "/.swapvol/swapfile";
size = 32 * 1024;
}
];
services = {
libinput.touchpad.accelSpeed = "0.5";
xserver = {
xkb.options = "caps:swapescape";
dpi = 196;
upscaleDefaultCursor = true;
# FIXME this doesnt work for some reason
# displayManager.sessionCommands = pkgs.writeShellScriptBin "key-remaps" ''
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
# '';
};
};
# fix cpu throttling on Lenovo Thinkpad
# see: https://github.com/erpalma/throttled
services.throttled.enable = true;
environment.variables = {
GDK_SCALE = "2.2";
GDK_DPI_SCALE = "0.8";
_JAVA_OPTIONS = "-Dsun.java2d.uiScale=2.2";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
XCURSOR_SIZE = "64";
};
environment.systemPackages = [
pkgs.linuxKernel.packages.linux_zen.cpupower
pkgs.lm_sensors
];
# services.tlp = {
# enable = true;
# settings = {
# CPU_SCALING_GOVERNOR_ON_AC = "ondemand";
# CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
#
# START_CHARGE_THRESH_BAT0 = 50;
# STOP_CHARGE_THRESH_BAT0 = 95;
# };
# };
hardware = {
bluetooth = {
enable = true;
powerOnBoot = true;
};
enableRedistributableFirmware = true;
firmware = [
pkgs.sof-firmware
];
};
# nvidia
hardware.opengl = {
enable = true;
};
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia = {
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
nvidiaPersistenced = true;
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = true;
open = false;
nvidiaSettings = true;
# FIXME issue with stable nvidia driver and latest linux kernel
# use mkDriver to specify newer nvidia driver that is compatible
# see: https://github.com/NixOS/nixpkgs/issues/341844#issuecomment-2351075413
# and https://discourse.nixos.org/t/builder-for-nvidia-x11-550-78-6-10-drv-failed-with-exit-code-2/49360/32
package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "555.58.02";
sha256_64bit = "sha256-xctt4TPRlOJ6r5S54h5W6PT6/3Zy2R4ASNFPu8TSHKM=";
sha256_aarch64 = "sha256-wb20isMrRg8PeQBU96lWJzBMkjfySAUaqt4EgZnhyF8=";
openSha256 = "sha256-8hyRiGB+m2hL3c9MDA/Pon+Xl6E788MZ50WrrAGUVuY=";
settingsSha256 = "sha256-ZpuVZybW6CFN/gz9rx+UJvQ715FZnAOYfHn5jt5Z2C8=";
persistencedSha256 = "sha256-a1D7ZZmcKFWfPjjH1REqPM5j/YLWKnbkP9qfRyIyxAw=";
};
};
# https://bbs.archlinux.org/viewtopic.php?id=297276 for NVreg_EnableGpuFirmware fix
# https://discourse.nixos.org/t/how-to-use-nvidia-prime-offload-to-run-the-x-server-on-the-integrated-board/9091/15
# for udev rules to disable dGPU when not in use
boot.extraModprobeConfig = ''
options nvidia NVreg_EnableGpuFirmware=0
'';
services.udev.extraRules = ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{remove}="1"
# Remove NVIDIA USB Type-C UCSI devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{remove}="1"
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{remove}="1"
# Enable runtime PM for NVIDIA VGA/3D controller devices on driver bind
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="auto"
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="auto"
# Disable runtime PM for NVIDIA VGA/3D controller devices on driver unbind
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="on"
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="on"
'';
networking = {
hostName = "citadel";
networkmanager.enable = true;
enableIPv6 = false;
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
};
services.libinput.enable = true;
}

View File

@ -4,7 +4,6 @@ let
in in
{ {
imports = [ imports = [
inputs.impermanence.nixosModules.impermanence
./sops.nix ./sops.nix
./locale.nix ./locale.nix
]; ];
@ -37,12 +36,6 @@ in
}; };
}; };
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
environment.systemPackages = [ environment.systemPackages = [
pkgs.rsync pkgs.rsync
pkgs.curl pkgs.curl

View File

@ -1,13 +1,13 @@
{ { pkgs, lib, inputs, config, ... }:
lib,
inputs, let
config,
...
}: let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
hasOptinPersistence = config.environment.persistence ? "/persist"; hasOptinPersistence = config.environment.persistence ? "/persist";
in { hostname = config.networking.hostName;
in
{
imports = [ imports = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
]; ];
@ -17,7 +17,7 @@ in {
validateSopsFiles = false; validateSopsFiles = false;
age = { age = {
sshKeyPaths = ["${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key"]; sshKeyPaths = [ "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key" ];
}; };
secrets = { secrets = {
"passwords/root".neededForUsers = true; "passwords/root".neededForUsers = true;

View File

@ -1,7 +1,4 @@
{ {device ? throw "Must define a devices, e.g. /dev/sda"}:
device ? throw "Must define a device, e.g. /dev/sda",
fsModule ? "Must specify submodule"
}:
{ {
disko.devices = { disko.devices = {
disk = { disk = {
@ -29,7 +26,7 @@ fsModule ? "Must specify submodule"
type = "luks"; type = "luks";
name = "crypted"; name = "crypted";
passwordFile = "/tmp/luks_secret.key"; # Interactive passwordFile = "/tmp/luks_secret.key"; # Interactive
content = (import "${fsModule}"); content = (import ./btrfs-persist.nix);
}; };
}; };
}; };

View File

@ -1,7 +1,4 @@
{ {device ? throw "Must define a device, e.g. /dev/sda"}:
device ? throw "Must define a device, e.g. /dev/sda",
fsModule ? "Must specify submodule"
}:
{ {
disko.devices = { disko.devices = {
disk.main = { disk.main = {
@ -39,7 +36,7 @@ fsModule ? "Must specify submodule"
lvs = { lvs = {
root = { root = {
size = "100%FREE"; size = "100%FREE";
content = (import "${fsModule}"); content = (import ./btrfs-persist.nix);
}; };
}; };
}; };

View File

@ -1,21 +0,0 @@
{
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountOptions = [ "subvol=nix" "noatime" ];
mountpoint = "/nix";
};
"/swap" = {
mountOptions = [ "noatime" ];
mountpoint = "/.swapvol";
swap.swapfile.size = "8192M";
};
};
}

View File

@ -1,11 +1,11 @@
{ device, fsType, encrypted, impermanence, ... }: { device, fsType, encrypted, ... }:
let let
fsModule = if impermanence then ./${fsType}/persist.nix else ./${fsType}/standard.nix; # basic and perists configs. basic fs = ext4, persist fs = btrfs either encrypted or under lvm
basic = import ./${fsType}/basic.nix { inherit device; }; basic = import ./gpt-bios-compact.nix { inherit device; };
lvm = import ./lvm.nix { inherit device; fsModule = fsModule; }; btrfs-persist-lvm = import ./btrfs-lvm.nix { inherit device; };
luks = import ./luks.nix { inherit device; fsModule = fsModule; }; btrfs-persist-luks = import ./btrfs-luks.nix { inherit device; };
in in
if fsType == "ext4" then basic if fsType == "ext4" then basic
else if fsType == "btrfs" && encrypted then luks else if fsType == "btrfs" && encrypted then btrfs-persist-luks
else if fsType == "btrfs" then lvm else if fsType == "btrfs" then btrfs-persist-lvm
else null else null # or some default value

View File

@ -1,3 +0,0 @@
#!/usr/bin/env bash
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko ./zspeed.nix

View File

@ -1,70 +0,0 @@
{
disko.devices = {
disk = {
x = {
type = "disk";
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zspeed";
};
};
};
};
};
y = {
type = "disk";
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zspeed";
};
};
};
};
};
};
zpool = {
zspeed = {
type = "zpool";
mode = "mirror";
rootFsOptions = {
"compression" = "zstd-4";
"com.sun:auto-snapshot" = "false";
"xattr" = "sa";
"atime" = "off";
};
options = {
"ashift" = "13";
};
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zspeed@blank$' || zfs snapshot zspeed@blank";
datasets = {
postgres = {
type = "zfs_volume";
size = "10G -s";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/postgres";
};
options = {
"com.sun:auto-snapshot:daily" = "true";
"volblocksize" = "8k";
};
};
};
};
};
};
}

View File

@ -1,7 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.brightnessctl
];
services.illum.enable = true;
}

View File

@ -1,26 +0,0 @@
{
pkgs,
inputs,
...
}: {
imports = [inputs.arion.nixosModules.arion];
environment.systemPackages = [
pkgs.arion
pkgs.docker-client
];
virtualisation = {
podman = {
enable = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/containers"
];
};
}

View File

@ -3,8 +3,8 @@
services = { services = {
libinput.enable = true; libinput.enable = true;
xserver = { xserver = {
autoRepeatDelay = 300; autoRepeatDelay = 250;
autoRepeatInterval = 15; autoRepeatInterval = 30;
enable = true; enable = true;
xkb.layout = "gb"; xkb.layout = "gb";
displayManager.startx.enable = true; displayManager.startx.enable = true;
@ -12,12 +12,13 @@
windowManager.dwm = { windowManager.dwm = {
enable = true; enable = true;
package = pkgs.dwm.overrideAttrs { package = pkgs.dwm.overrideAttrs {
# src = /home/sam/.local/share/src/dwm; src = pkgs.fetchFromGitea {
src = pkgs.fetchgit { domain = "git.bitlab21.com";
url = "https://git.bitlab21.com/sam/dwm"; owner = "sam";
rev = "3e0601b29d879e589703239e064f0baaabb3474b"; repo = "dwm";
sha256 = "sha256-7Hq0vo6YnXKhEUdKjvaAeKodq2l8wwJRzCYJfdHDNMQ="; rev = "e34d0ecdd98e52164c135b560a5583aa11be89b7";
}; sha256 = "sha256-er1zi2xYK7AB6oR7JmfkfehesKTw9P4bcgjafj2lIIU=";
};
}; };
}; };
}; };

View File

@ -9,6 +9,7 @@
# Steam # Steam
mangohud mangohud
gamemode gamemode
gamescope
# WINE # WINE
wine wine
@ -40,9 +41,11 @@
programs.steam = { programs.steam = {
enable = true; enable = true;
gamescopeSession.enable = true;
}; };
programs.gamemode.enable = true; programs.gamemode.enable = true;
programs.gamescope.enable = true;
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override { steam = pkgs.steam.override {

View File

@ -1,9 +0,0 @@
{
fileSystems."/media/homeshare" = {
device = "10.0.10.30:/mnt/homeshare";
fsType = "nfs";
options = [ "noatime" "_netdev" ];
};
}

View File

@ -1,7 +0,0 @@
{
fileSystems."/media/media" = {
device = "10.0.10.30:/mnt/media";
fsType = "nfs";
options = ["noatime" "_netdev"];
};
}

View File

@ -1,9 +0,0 @@
{
fileSystems."/media/photos" = {
device = "10.0.10.30:/mnt/photos";
fsType = "nfs";
options = [ "noatime" "_netdev" "ro" ];
};
}

View File

@ -1,21 +0,0 @@
{ lib, pkgs, ... }:
{
# Using non-Nix Python Packages with Binaries on NixOS https://github.com/mcdonc/.nixconfig/blob/e7885ad18b7980f221e59a21c91b8eb02795b541/videos/pydev/script.rst
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib # numpy
libgcc # sqlalchemy
expat # pyosmium
# that's where the shared libs go, you can find which one you need using
# nix-locate --top-level libstdc++.so.6 (replace this with your lib)
# ^ this requires `nix-index` pkg
];
environment.variables = {
NIX_LD_LIBRARY_PATH="/run/current-system/sw/share/nix-ld/lib";
NIX_LD="/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH=lib.mkForce "$NIX_LD_LIBRARY_PATH";
};
}

View File

@ -1,274 +0,0 @@
{
lib,
pkgs,
configVars,
inputs,
config,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "bd-worker";
containerIp = configVars.networking.addresses.bd-worker.ip;
mongodbIp = configVars.networking.addresses.mongodb.ip;
mongodbPort = toString configVars.networking.addresses.mongodb.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
postgresIp = configVars.networking.addresses.postgres.ip;
postgresPort = toString configVars.networking.addresses.postgres.port;
bitcoindIp = configVars.networking.addresses.bitcoin-node.ip;
bitcoindPort = toString configVars.networking.addresses.bitcoin-node.services.bitcoind.port;
#secrets
sshKeyFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."ssh_keys/baseddata-models-access/id_ed25519".path;
notifybotUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/username".path;
notifybotPwd = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/password".path;
recipientUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/mrsu/username".path;
mongoclientAuth = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/auth".path;
mongoclientUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/username".path;
mongoclientPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
postgresUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_username".path;
postgresPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_password".path;
bitcoindRPCUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/username".path;
bitcoindRPCPassword= lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
baseddataEnv = "dev";
in {
sops.secrets = {
"ssh_keys/baseddata-models-access/id_ed25519" = {};
"comms/xmpp/notifybot/username" = {};
"comms/xmpp/notifybot/password" = {};
"comms/xmpp/mrsu/username" = {};
"software/mongodb/baseddata/auth" = {};
"software/mongodb/baseddata/username" = {};
"software/mongodb/baseddata/password" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/bitcoind/username" = {};
"software/bitcoind/bitcoin-rpcpassword-public" = {};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/root/.ssh/id_ed25519" = {
hostPath = "${sshKeyFile}";
isReadOnly = true;
};
"/run/secrets/notifybotUsername" = {
hostPath = "${notifybotUsername}";
isReadOnly = true;
};
"/run/secrets/notifybotPassword" = {
hostPath = "${notifybotPwd}";
isReadOnly = true;
};
"/run/secrets/recipientUsername" = {
hostPath = "${recipientUsername}";
isReadOnly = true;
};
"/run/secrets/mongoclientAuth" = {
hostPath = "${mongoclientAuth}";
isReadOnly = true;
};
"/run/secrets/mongoclientUser" = {
hostPath = "${mongoclientUser}";
isReadOnly = true;
};
"/run/secrets/mongoclientPassword" = {
hostPath = "${mongoclientPassword}";
isReadOnly = true;
};
"/run/secrets/postgresPassword" = {
hostPath = "${postgresPassword}";
isReadOnly = true;
};
"/run/secrets/postgresUser" = {
hostPath = "${postgresUser}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCPassword" = {
hostPath = "${bitcoindRPCPassword}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCUsername" = {
hostPath = "${bitcoindRPCUsername}";
isReadOnly = true;
};
"/media/baseddata-data" = {
hostPath = "/media/main-ssd/baseddata-data";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
4200
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = [
pkgs.vim
pkgs.git
pkgs.python311
pkgs.poetry
pkgs.aria2
pkgs.osmctools
pkgs.osmium-tool
];
environment.variables = {
BASEDDATA_ENVIRONMENT = "dev";
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
};
systemd.services.baseddata-deploy-service = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
description = "Initiates deployment of application and builds python environment using Poetry";
environment = {
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
ExecStart = pkgs.writeShellScript "baseddata-deploy-service" ''
GITCMD="${pkgs.openssh}/bin/ssh -i /root/.ssh/id_ed25519"
if [ ! -d "/srv/baseddata-models" ]; then
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git clone --branch $BASEDDATA_ENVIRONMENT git@git.bitlab21.com:sam/baseddata-models.git /srv/baseddata-models
else
cd /srv/baseddata-models
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git stash --include-untracked
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git pull
fi
cd /srv/baseddata-models
mkdir .venv
${pkgs.poetry}/bin/poetry install
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-prefect-server = {
wantedBy = ["multi-user.target"];
after = ["baseddata-deploy-service.target"];
description = "Initates the Prefect server";
environment = {
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
WorkingDirectory = "/srv/baseddata-models";
ExecStart = pkgs.writeShellScript "baseddata-prefect-server" ''
# run prefect server
.venv/bin/prefect server start --host 0.0.0.0
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-serve-flows = {
wantedBy = ["multi-user.target"];
after = ["baseddata-prefect-server.target"];
description = "Serves the Prefect flows";
environment = {
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
Environment = "PATH=/run/current-system/sw/bin/";
WorkingDirectory = "/srv/baseddata-models";
ExecStartPre = "${pkgs.coreutils}/bin/timeout 120 ${pkgs.bash}/bin/bash -c 'until ${pkgs.netcat-openbsd}/bin/nc -z ${containerIp} 4200; do sleep 3; done'";
ExecStart = pkgs.writeShellScript "baseddata-serve-flows" ''
# set prefect environment variables
.venv/bin/prefect variable set "xmpp_jid" $(cat /run/secrets/notifybotUsername) --overwrite
.venv/bin/prefect variable set "xmpp_password" $(cat /run/secrets/notifybotPassword) --overwrite
.venv/bin/prefect variable set "xmpp_recipient" $(cat /run/secrets/recipientUsername) --overwrite
.venv/bin/prefect variable set "mongoclient_auth" $(cat /run/secrets/mongoclientAuth) --overwrite
.venv/bin/prefect variable set "mongoclient_host" "${mongodbIp}:${mongodbPort}" --overwrite
.venv/bin/prefect variable set "mongoclient_user" $(cat /run/secrets/mongoclientUser) --overwrite
.venv/bin/prefect variable set "mongoclient_pwd" $(cat /run/secrets/mongoclientPassword) --overwrite
.venv/bin/prefect variable set "postgres_host" ${postgresIp} --overwrite
.venv/bin/prefect variable set "postgres_port" ${postgresPort} --overwrite
.venv/bin/prefect variable set "postgres_user" $(cat /run/secrets/postgresUser) --overwrite
.venv/bin/prefect variable set "postgres_pwd" $(cat /run/secrets/postgresPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_password" $(cat /run/secrets/bitcoindRPCPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_username" $(cat /run/secrets/bitcoindRPCUsername) --overwrite
.venv/bin/prefect variable set "bitcoind_ip" ${bitcoindIp} --overwrite
.venv/bin/prefect variable set "bitcoind_port" ${bitcoindPort} --overwrite
.venv/bin/prefect variable set "osm_dir" "/media/baseddata-data/osm" --overwrite
.venv/bin/prefect variable set "wdpa_dir" "/media/baseddata-data/wdpa" --overwrite
.venv/bin/prefect variable set "mongo_db_name" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_dbname" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_schema" "models_final" --overwrite
.venv/bin/prefect variable set "unique_key" "row_uuid" --overwrite
# serve flows
.venv/bin/python automation/flows/serve-flows.py
'';
Restart = "on-failure";
};
};
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib
libgcc
];
programs.ssh.knownHosts = {
"git.bitlab21.com" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNd2BGf64heYjWT9yt0fVmngepiHRIMsL7au/MRteg";
};
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -1,87 +0,0 @@
{
lib,
pkgs,
configVars,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "jellyfin";
containerIp = configVars.networking.addresses.jellyfin.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/var/lib/jellyfin" = {
hostPath = "/media/main-ssd/jellyfin";
isReadOnly = false;
};
"/var/lib/jellyfin/data/media" = {
hostPath = "/media/media";
isReadOnly = true;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
8096
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
services.jellyfin = {
enable = true;
openFirewall = true;
user="jellyfin";
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -1,98 +0,0 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
mongodbPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "mongodb";
containerIp = configVars.networking.addresses.mongodb.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
sops.secrets = {
"software/postgres/postgres/password" = {
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
# "/var/db/mongodb" = {
# hostPath = "/media/main-ssd/mongodb";
# isReadOnly = false;
# };
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
27017
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = with pkgs; [
mongosh
];
# allow unfree packages
nixpkgs.config.allowUnfreePredicate = let
whitelist = map lib.getName [
pkgs.mongodb
];
in
pkg: builtins.elem (lib.getName pkg) whitelist;
services.mongodb = {
enable = true;
# enableAuth = true;
# initialRootPassword = mongodbPasswordPath;
bind_ip = "0.0.0.0";
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -1,173 +0,0 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
bitcoin-rpcpassword-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-privileged".path;
bitcoin-rpcpassword-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
bitcoin-HMAC-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-privileged".path;
bitcoin-HMAC-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-public".path;
containerName = "bitcoin-node";
containerIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
in {
sops.secrets = {
"software/bitcoind/bitcoin-rpcpassword-privileged" = {};
"software/bitcoind/bitcoin-rpcpassword-public" = {};
"software/bitcoind/bitcoin-HMAC-privileged" = {};
"software/bitcoind/bitcoin-HMAC-public" = {};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-privileged" = {
hostPath = "${bitcoin-rpcpassword-privileged}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public" = {
hostPath = "${bitcoin-rpcpassword-public}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-HMAC-privileged" = {
hostPath = "${bitcoin-HMAC-privileged}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-HMAC-public" = {
hostPath = "${bitcoin-HMAC-public}";
isReadOnly = false;
};
"/var/lib/bitcoind" = {
hostPath = "/media/main-ssd/nix-bitcoin/bitcoind";
isReadOnly = false;
};
"/var/lib/electrs" = {
hostPath = "/media/main-ssd/nix-bitcoin/electrs";
isReadOnly = false;
};
"/var/lib/mysql" = {
hostPath = "/media/main-ssd/nix-bitcoin/mysql";
isReadOnly = false;
};
"/var/lib/tor" = {
hostPath = "/media/main-ssd/nix-bitcoin/tor";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
imports = [
inputs.nix-bitcoin.nixosModules.default
];
environment.systemPackages = with pkgs; [
vim
lsof
jq
];
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [ { "address" = "${containerIp}"; "prefixLength" = 24; } ];
firewall = {
enable = true;
allowedTCPPorts = [
80
443
22
config.containers.bitcoin-node.config.services.bitcoind.rpc.port
config.containers.bitcoin-node.config.services.mempool.frontend.port
config.containers.bitcoin-node.config.services.electrs.port
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
# node services here
nix-bitcoin.generateSecrets = true;
services = {
tor = {
enable = true;
client.enable = true;
};
bitcoind = {
tor.proxy = true;
tor.enforce = true;
enable = true;
dataDir = "/var/lib/bitcoind";
dbCache = 5000;
txindex = true;
rpc = {
address = "0.0.0.0";
threads = 6;
allowip = allowip;
users = let
name = "bitcoin";
in {
privileged.name = name;
public.name = name;
};
};
extraConfig = ''
onlynet=onion
bind=127.0.0.1
'';
};
electrs = {
tor.enforce = true;
enable = true;
dataDir = "/var/lib/electrs";
address = "0.0.0.0";
};
mempool = {
enable = true;
electrumServer = "electrs";
frontend = {
port = mempoolPort;
address = "0.0.0.0";
};
};
};
nix-bitcoin.onionServices = {
bitcoind.enable = true;
electrs.enable = true;
mempool-frontend.enable = true;
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -1,120 +0,0 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
postgresPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/postgres/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "postgres";
containerIp = configVars.networking.addresses.postgres.ip;
subnetIp = configVars.networking.addresses.subnet.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
sops.secrets = {
"software/postgres/postgres/password" = {
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/var/lib/postgresql" = {
hostPath = "/media/main-ssd/postgresql";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
5432
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = with pkgs; [
lsof
];
services.postgresql = {
enable = true;
enableJIT = true;
package = pkgs.postgresql_16;
extraPlugins = with pkgs.postgresql_16.pkgs; [ postgis ];
enableTCPIP = true;
settings = {
max_worker_processes = "12";
max_parallel_workers = "8";
max_parallel_workers_per_gather = "4";
max_connections = "100";
autovacuum_work_mem = "2GB";
shared_buffers = "32GB";
work_mem = "0.32GB";
maintenance_work_mem = "64MB";
};
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser origin-address auth-method
local all postgres peer
host all all ${subnetIp}/24 scram-sha-256
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
'';
};
systemd.services.postgresql.postStart = ''
$PSQL -tA <<'EOF'
DO $$
DECLARE password TEXT;
BEGIN
password := trim(both from replace(pg_read_file('${postgresPasswordPath}'), E'\n', '''));
EXECUTE format('ALTER ROLE postgres WITH PASSWORD '''%s''';', password);
END $$;
EOF
'';
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -4,7 +4,6 @@
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/etc/nixos" "/etc/nixos"
"/srv"
"/var/log" "/var/log"
"/var/lib/nixos" "/var/lib/nixos"
"/var/lib/systemd/coredump" "/var/lib/systemd/coredump"

View File

@ -1,42 +0,0 @@
{
pkgs,
configVars,
...
}: let
serverIp = configVars.networking.addresses.merlin.ip;
in {
services = {
udev.packages = [pkgs.sane-airscan];
printing = {
enable = true;
drivers = [pkgs.gutenprint pkgs.hplip];
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
hardware = {
sane = {
enable = true;
extraBackends = [pkgs.sane-airscan];
netConf = "${serverIp}";
};
printers = {
ensurePrinters = [
{
name = "HP_ENVY_6000";
description = "Network printer hosted on bob";
location = "bob";
deviceUri = "ipp://bob/printers/HP_ENVY_6000_series";
model = "everywhere";
ppdOptions = {
PageSize = "A4";
};
}
];
};
};
}

View File

@ -1,12 +0,0 @@
{pkgs, ...}: let
customLayout = pkgs.writeText "xkb-layout" ''
keycode 64 = Mode_switch
keycode 43 = h H Left H
keycode 44 = j J Down J
keycode 45 = k K Up K
keycode 46 = l L Right L
'';
in {
# Remap Alt_L +[hjkl] to left down up right
services.xserver.displayManager.sessionCommands = "sleep 5 && ${pkgs.xorg.xmodmap}/bin/xmodmap ${customLayout}";
}

View File

@ -1,6 +1,5 @@
{ pkgs, inputs, config, lib, ... }: { pkgs, inputs, config, lib, ... }:
let let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
username = "admin"; username = "admin";
pubKeys = lib.filesystem.listFilesRecursive (../keys); pubKeys = lib.filesystem.listFilesRecursive (../keys);
hostname = config.networking.hostName; hostname = config.networking.hostName;
@ -8,7 +7,7 @@ let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
in in
{ {
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
@ -16,14 +15,7 @@ in
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = [ extraGroups = ["wheel"];
"wheel"
] ++ ifTheyExist [
"docker"
"lxc"
"git"
"podman"
];
packages = with pkgs; [ packages = with pkgs; [
]; ];
@ -38,12 +30,17 @@ in
path = "/home/${username}/.ssh/id_ed25519"; path = "/home/${username}/.ssh/id_ed25519";
mode = "0600"; mode = "0600";
owner = "${username}"; owner = "${username}";
}; };
"ssh_keys/${username}/id_ed25519.pub" = { "ssh_keys/${username}/id_ed25519.pub" = {
path = "/home/${username}/.ssh/id_ed25519.pub"; path = "/home/${username}/.ssh/id_ed25519.pub";
mode = "0644"; mode = "0644";
owner = "${username}"; owner = "${username}";
}; };
"ssh_keys/deploy_key/id_ed25519" = {
path = "/home/${username}/.ssh/deploy_key-ssh-ed25519";
mode = "0644";
owner = "${username}";
};
}; };
programs.zsh.enable = true; programs.zsh.enable = true;

View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgPtDNQEN97mnrq/v9RPMUaSjLpIaF/ga/L41xETB9h0y5jdpPUMbZ6uTV6vW8Vm1YW2tzEs2l1lxb9yTrsK8hdVfz8/vWvDSbsUIJn3gOQSOTNQ+nNFFYlKqNhypK+3Mn8BD7EeJaLNK8Ahr/87PS0c/B5YN+TcntsEZpsXF7U2CCqMh559JXp1byie7DuwTYUdvjdDtCidYNphGoEljuzID+lJFBYsaa5SQFlmrr7HcQfaE/MwyxyPRryRnlO7E9k12BrL56UONYycyTf4dyK9MnhhO0wAkIoHyd46/sAdgvNrloY4I+WLjUOqKY6vys8kxG7xNcmN5XfeDJXrPMhW5N0Kz2dc/Yu8SOG8weCiz7uuDjcxYz9eK5cxKgg37A+drbgddoHTi7GCM5Q6wN2Jlig0++6Xo2CGOUKpNOmGBRGAjlIByXYWu1KFRBVclXZES/g38274gRihVk3WCbtLEUafS7wsl8ruMmecU7rhDL7fITd2hWvBkONpA7RxLlMTBfMAEXuq4hOystGZeZj7KusPG4purJDtT+3rCcl5LZ8cn4G5fvINTbXeix5pOz/TdSGNTSJW7ML2W0W6Q+2kVO0l2N/+6IA/rPa4j+AwTODBxWkWVHEBRncJ5hIh5iFz+dSnmllkwOi41tbDFmdGuDeyQ0dsq4wXrBzXGfxw== samual.shop@protonmail.com :: laptop

View File

@ -1,28 +1,24 @@
{ { pkgs, inputs, config, lib, ... }:
pkgs, let
inputs,
config,
lib,
...
}: let
username = "media"; username = "media";
pubKeys = lib.filesystem.listFilesRecursive ../keys; pubKeys = lib.filesystem.listFilesRecursive (../keys);
hostname = config.networking.hostName; hostname = config.networking.hostName;
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${username}".path; sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${username}".path;
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
in {
in
{
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; # default shell shell = pkgs.zsh; # default shell
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = [ extraGroups =
"scanner" [
"lp" "wheel"
"wheel" ];
];
packages = with pkgs; [ packages = with pkgs; [
flatpak flatpak
@ -69,14 +65,16 @@ in {
# The containing ssh folders are created as root and if this is the first ~/.ssh/ entry when writing keys, # The containing ssh folders are created as root and if this is the first ~/.ssh/ entry when writing keys,
# the ownership is busted and home-manager can't target because it can't write into .ssh... # the ownership is busted and home-manager can't target because it can't write into .ssh...
# FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed # FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed
system.activationScripts.sopsSetSshOwnwership = let system.activationScripts.sopsSetSshOwnwership =
sshFolder = "/home/${username}/.ssh"; let
user = config.users.users.${username}.name; sshFolder = "/home/${username}/.ssh";
group = config.users.users.${username}.group; user = config.users.users.${username}.name;
in '' group = config.users.users.${username}.group;
mkdir -p ${sshFolder} || true in
chown -R ${user}:${group} /home/${username}/.ssh ''
''; mkdir -p ${sshFolder} || true
chown -R ${user}:${group} /home/${username}/.ssh
'';
services.flatpak.enable = true; services.flatpak.enable = true;
@ -84,7 +82,7 @@ in {
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
home-manager = { home-manager = {
extraSpecialArgs = {inherit inputs;}; extraSpecialArgs = { inherit inputs; };
users = { users = {
${username} = import ../../../../home/${hostname}.nix; ${username} = import ../../../../home/${hostname}.nix;
}; };

View File

@ -1,19 +1,13 @@
{ { pkgs, inputs, config, lib, ... }:
pkgs, let
inputs,
config,
lib,
configVars,
...
}: let
hostname = config.networking.hostName; hostname = config.networking.hostName;
pubKeys = lib.filesystem.listFilesRecursive ../keys; pubKeys = lib.filesystem.listFilesRecursive (../keys);
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path; sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
baseddataPostgresIp = configVars.networking.addresses.postgres.ip;
username = "sam"; username = "sam";
in { in
{
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; # default shell shell = pkgs.zsh; # default shell
@ -22,14 +16,10 @@ in {
extraGroups = [ extraGroups = [
"wheel" "wheel"
"networkmanager"
"scanner"
"lp"
"docker"
"podman"
]; ];
}; };
services.tailscale.enable = true;
sops.secrets = { sops.secrets = {
"passwords/${username}" = { "passwords/${username}" = {
sopsFile = "${secretsFile}"; sopsFile = "${secretsFile}";
@ -48,26 +38,18 @@ in {
"github-access-token" = { "github-access-token" = {
mode = "0655"; mode = "0655";
}; };
"software/postgres/baseddata_models/password" = {}; "software/postgres/btc_models/password" = { };
"software/postgres/baseddata_models/ip" = {}; "software/postgres/btc_models/ip" = { };
"software/postgres/baseddata_models/username" = {}; "software/postgres/btc_models/username" = { };
"software/postgres/osm/password" = {}; "software/zotero/username" = { };
"software/postgres/osm/ip" = {}; "software/zotero/password" = { };
"software/postgres/osm/username" = {}; "software/zotero/guid" = { };
"software/postgres/bitcoin/password" = {};
"software/postgres/bitcoin/ip" = {};
"software/postgres/bitcoin/username" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/zotero/username" = {};
"software/zotero/password" = {};
"software/zotero/guid" = {};
}; };
# Setup software specific templates for user # Setup software specific templates for user
# Should be part of home-manager - waiting for templates functionality # Should be part of home-manager - waiting for templates functionality
# See here https://github.com/Mic92/sops-nix/issues/423 and here https://github.com/Mic92/sops-nix/issues/498 # See here https://github.com/Mic92/sops-nix/issues/423 and here https://github.com/Mic92/sops-nix/issues/498
# TODO: migrate db_ui connection to home-manager when issue 423 and 498 are resolved in github:Mic92/sops-nix # TODO migrate db_ui connection to home-manager when issue 423 and 498 are resolved in github:Mic92/sops-nix
sops.templates."dbui_connections.json" = { sops.templates."dbui_connections.json" = {
path = "/home/${username}/.local/share/db_ui/connections.json"; path = "/home/${username}/.local/share/db_ui/connections.json";
owner = "${username}"; owner = "${username}";
@ -75,24 +57,12 @@ in {
content = '' content = ''
[ [
{ {
"url": "postgresql://${config.sops.placeholder."software/postgres/baseddata_models/username"}:${config.sops.placeholder."software/postgres/baseddata_models/password"}@${config.sops.placeholder."software/postgres/baseddata_models/ip"}/btc_models", "url": "postgresql://${config.sops.placeholder."software/postgres/btc_models/username"}:${config.sops.placeholder."software/postgres/btc_models/password"}@${config.sops.placeholder."software/postgres/btc_models/ip"}/btc_models",
"name": "baseddata_models" "name": "btc_models"
}, },
{ {
"url": "postgresql://${config.sops.placeholder."software/postgres/baseddata_models/username"}:${config.sops.placeholder."software/postgres/baseddata_models/password"}@${config.sops.placeholder."software/postgres/baseddata_models/ip"}/dev_baseddata_models", "url": "postgresql://${config.sops.placeholder."software/postgres/btc_models/username"}:${config.sops.placeholder."software/postgres/btc_models/password"}@${config.sops.placeholder."software/postgres/btc_models/ip"}/dev_btc_models",
"name": "dev_baseddata_models" "name": "dev_btc_models"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/osm/username"}:${config.sops.placeholder."software/postgres/osm/password"}@${config.sops.placeholder."software/postgres/osm/ip"}/osm",
"name": "osm"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/bitcoin/username"}:${config.sops.placeholder."software/postgres/bitcoin/password"}@${config.sops.placeholder."software/postgres/bitcoin/ip"}/bitcoin",
"name": "bitcoin"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/baseddata/user_username"}:${config.sops.placeholder."software/postgres/baseddata/user_password"}@${baseddataPostgresIp}/baseddata",
"name": "baseddata"
} }
] ]
''; '';
@ -103,28 +73,28 @@ in {
owner = "${username}"; owner = "${username}";
mode = "0600"; mode = "0600";
content = '' content = ''
baseddata: bitcoin:
target: dev target: dev
outputs: outputs:
dev: dev:
dbname: dev_baseddata dbname: dev_btc_models
host: ${baseddataPostgresIp} host: ${config.sops.placeholder."software/postgres/btc_models/ip"}
pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}' pass: '${config.sops.placeholder."software/postgres/btc_models/password"}'
port: 5432 port: 5432
schema: models schema: models
threads: 6 threads: 6
type: postgres type: postgres
user: ${config.sops.placeholder."software/postgres/baseddata/user_username"} user: ${config.sops.placeholder."software/postgres/btc_models/username"}
prod: prod:
dbname: baseddata dbname: btc_models
host: ${baseddataPostgresIp} host: ${config.sops.placeholder."software/postgres/btc_models/ip"}
pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}' pass: '${config.sops.placeholder."software/postgres/btc_models/password"}'
port: 5432 port: 5432
schema: models schema: models
threads: 6 threads: 6
type: postgres type: postgres
user: ${config.sops.placeholder."software/postgres/baseddata/user_username"} user: ${config.sops.placeholder."software/postgres/btc_models/username"}
''; '';
}; };
@ -137,14 +107,16 @@ in {
# The containing folders are created as root and if this is the first entry when writing files, # The containing folders are created as root and if this is the first entry when writing files,
# the ownership is busted and home-manager can't target because it can't write to these dirs... # the ownership is busted and home-manager can't target because it can't write to these dirs...
# FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed # FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed
system.activationScripts.sopsSetOwnwership = let system.activationScripts.sopsSetOwnwership =
sshFolder = "/home/${username}/.ssh"; let
user = config.users.users.${username}.name; sshFolder = "/home/${username}/.ssh";
group = config.users.users.${username}.group; user = config.users.users.${username}.name;
in '' group = config.users.users.${username}.group;
mkdir -p ${sshFolder} || true in
chown -R ${user}:${group} /home/${username}/.ssh ''
''; mkdir -p ${sshFolder} || true
chown -R ${user}:${group} /home/${username}/.ssh
'';
environment.persistence."/persist" = { environment.persistence."/persist" = {
directories = [ directories = [
@ -155,9 +127,13 @@ in {
programs.zsh.enable = true; programs.zsh.enable = true;
home-manager = { home-manager = {
extraSpecialArgs = {inherit inputs;}; extraSpecialArgs = { inherit inputs; };
users = { users = {
${username} = import ../../../../home/${hostname}.nix; ${username} = import ../../../../home/${hostname}.nix;
}; };
}; };
environment.systemPackages = [
#inputs.sqlfmt.packages.x86_64-linux.sqlfmt
];
} }

View File

@ -0,0 +1,50 @@
{ inputs, config, lib, pkgs, outputs, configLib, ... }:
{
imports =
[
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/openssh
../common/optional/fileserver-nfs-mount.nix
# Create users for this host
../common/users/admin
];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
networking = {
hostName = "fileserver";
networkmanager.enable = true;
enableIPv6 = false;
hosts = { "192.168.122.223" = [ "fileserver" ]; };
};
time.timeZone = "Europe/London";
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
}

View File

@ -8,11 +8,18 @@
[ (modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9bed98b2-5ee2-4408-a9b1-6d40e9b68135";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction

View File

@ -1,10 +1,10 @@
{ inputs, ... }: { inputs, config, lib, pkgs, outputs, ... }:
let let
# Disko setup # Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005"; dev = "/dev/sda"; # depends on target hardware
encrypted = false; # currrently only applies to btrfs encrypted = false; # currrently only applies to btrfs
impermanence = false; btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
user = "admin"; user = "admin";
in in
{ {
@ -13,9 +13,9 @@ in
# Create users for this host # Create users for this host
../common/users/${user} ../common/users/${user}
# Root disk configuration # Disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; }) (import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; })
# Import core options # Import core options
./hardware-configuration.nix ./hardware-configuration.nix
@ -23,29 +23,21 @@ in
# Import optional options # Import optional options
../common/optional/openssh.nix ../common/optional/openssh.nix
../common/optional/docker
../common/optional/docker/postgres.nix
]; ];
boot = { boot.loader.grub.enable = true;
loader = { boot.loader.grub.device = "/dev/sda";
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = 3;
};
};
networking = { networking = {
hostName = "merlin"; hostName = "nebula";
networkmanager.enable = true; networkmanager.enable = true;
enableIPv6 = false; enableIPv6 = false;
}; };
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false; boot.zfs.forceImportRoot = false;
networking.hostId = "18aec5d7"; networking.hostId = "18aec5d7"
boot.zfs.extraPools = [ "zspeed" ];
services.libinput.enable = true; services.libinput.enable = true;
} }

34
hosts/nixdev/default.nix Normal file
View File

@ -0,0 +1,34 @@
{ inputs, config, lib, pkgs, outputs,... }:
let
dev = "/dev/vda";
in
{
imports =
[
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/pipewire.nix
../common/optional/hyprland.nix
../common/optional/displayManager/sddm.nix
../common/optional/openssh.nix
# Create users for this host
../common/users/sam
];
boot.loader.grub.enable = true;
boot.loader.grub.device = "${dev}";
networking = {
hostName = "nixdev";
networkmanager.enable = true;
enableIPv6 = false;
};
services.libinput.enable = true;
}

View File

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f9abe09a-de68-4913-b6c5-ad55b473a961";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/fe24d2ba-2fbc-4ef5-8139-a26f4fc3f3e3"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View File

@ -1,72 +1,40 @@
{ { inputs, config, lib, pkgs, outputs, ... }:
inputs, let
lib,
pkgs,
configVars,
...
}: let
# Disko setup # Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/nvme0n1"; # depends on target hardware dev = "/dev/nvme0n1"; # depends on target hardware
encrypted = true; # currrently only applies to btrfs encrypted = true; # currrently only applies to btrfs
btrfsMountDevice = btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
if encrypted
then "/dev/mapper/crypted"
else "/dev/root_vg/root";
user = "sam"; user = "sam";
impermanence = true; in
pieholeIp = configVars.networking.addresses.piehole.ip; {
gatewayIp = configVars.networking.addresses.gateway.ip; imports =
semitaIp = configVars.networking.addresses.semita.ip; [
# Create users for this host
../common/users/${user}
in { # Disk configuration
imports = [ inputs.disko.nixosModules.disko
# Create users for this host (import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; })
../common/users/${user}
# Disk configuration # Impermanence
inputs.disko.nixosModules.disko inputs.impermanence.nixosModules.impermanence
(import ../common/disks { (import ../common/disks/btrfs-impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Impermanence # Import core options
(import ../common/disks/btrfs/impermanence.nix { ./hardware-configuration.nix
btrfsMountDevice = btrfsMountDevice; ../common/core
lib = lib;
})
# Import core options # Import optional options
./hardware-configuration.nix ../common/optional/persistence.nix
../common/core ../common/optional/pipewire.nix
../common/optional/openssh.nix
../common/optional/dwm.nix
# Import optional options ];
../common/optional/persistence.nix
../common/optional/pipewire.nix
../common/optional/openssh.nix
../common/optional/dwm.nix
../common/optional/nfs-mounts/media.nix
../common/optional/nfs-mounts/homeshare.nix
../common/optional/printing.nix
../common/optional/docker
../common/optional/nixos-containers/nix-bitcoin.nix
../common/optional/nixos-containers/postgres.nix
../common/optional/nixos-containers/jellyfin.nix
../common/optional/nixos-containers/baseddata-worker.nix
../common/optional/nixos-containers/mongodb.nix
../common/optional/nix-ld.nix
];
fileSystems."/media/main-ssd" = {
device = "/dev/disk/by-uuid/ba884006-e813-4b67-9fe6-62aea08b3b59";
fsType = "ext4";
};
boot = { boot = {
blacklistedKernelModules = ["snd_hda_intel" "snd_soc_skl"]; blacklistedKernelModules = [ "snd_hda_intel" "snd_soc_skl" ];
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest; kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
@ -75,67 +43,14 @@ in {
}; };
}; };
services = {
xserver = {
dpi = 144;
upscaleDefaultCursor = true;
};
};
environment.variables = {
GDK_SCALE = "2";
GDK_DPI_SCALE = "0.6";
_JAVA_OPTIONS = "-Dsun.java2d.uiScale=1.8";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
XCURSOR_SIZE = "32";
};
hardware.firmware = [ hardware.firmware = [
pkgs.sof-firmware pkgs.sof-firmware
]; ];
# Add hardware support for intel gpus as specified here: https://nixos.wiki/wiki/Jellyfin
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
swapDevices = [ {
device = "/.swapvol/swapfile";
size = 32*1024;
} ];
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime
# only available on unstable
unstable.vpl-gpu-rt
intel-media-sdk
];
};
networking = { networking = {
hostName = "semita"; hostName = "semita";
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"]; networkmanager.enable = true;
defaultGateway = "${gatewayIp}"; enableIPv6 = false;
useDHCP = false;
bridges = {
br0 = {
interfaces = ["eth0"];
};
};
interfaces.br0 = {
ipv4.addresses = [
{
"address" = "${semitaIp}";
"prefixLength" = 24;
}
];
};
}; };
services.libinput.enable = true; services.libinput.enable = true;

View File

@ -1,52 +1,35 @@
{ { inputs, config, lib, pkgs, outputs, ... }:
inputs, let
config,
lib,
configVars,
...
}: let
# Disko setup # Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/sda"; # depends on target hardware dev = "/dev/sda"; # depends on target hardware
encrypted = false; # currrently only applies to btrfs encrypted = false; # currrently only applies to btrfs
btrfsMountDevice = btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root";
if encrypted in
then "/dev/mapper/crypted" {
else "/dev/root_vg/root"; imports =
impermanence = true; [
pieholeIp = configVars.networking.addresses.piehole.ip; # Create users for this host
gatewayIp = configVars.networking.addresses.gateway.ip; ../common/users/media
in {
imports = [
# Create users for this host
../common/users/media
# Disk configuration # Disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks { (import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; })
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Impermanence # Impermanence
(import ../common/disks/btrfs/impermanence.nix { inputs.impermanence.nixosModules.impermanence
btrfsMountDevice = btrfsMountDevice; (import ../common/disks/btrfs-impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; })
lib = lib;
})
# Import core options # Import core options
./hardware-configuration.nix ./hardware-configuration.nix
../common/core ../common/core
# Import optional options # Import optional options
../common/optional/openssh.nix ../common/optional/openssh.nix
../common/optional/persistence.nix ../common/optional/persistence.nix
../common/optional/nfs-mounts/media.nix ../common/optional/gaming.nix
../common/optional/gaming.nix
../common/optional/printing.nix ];
];
boot = { boot = {
loader = { loader = {
@ -55,13 +38,12 @@ in {
timeout = 3; timeout = 3;
}; };
}; };
boot.kernelParams = ["i915.enable_psr=0"]; boot.kernelParams = [ "i915.enable_psr=0" ];
networking = { networking = {
hostName = "sparky"; hostName = "sparky";
networkmanager.enable = true; networkmanager.enable = true;
enableIPv6 = false; enableIPv6 = false;
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
}; };
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
@ -77,7 +59,7 @@ in {
services.xserver = { services.xserver = {
enable = true; enable = true;
videoDrivers = ["nvidia"]; videoDrivers = [ "nvidia" ];
displayManager.lightdm.enable = true; displayManager.lightdm.enable = true;
exportConfiguration = true; exportConfiguration = true;
deviceSection = '' deviceSection = ''

View File

@ -1,4 +1,4 @@
SOPS_FILE := "~/.local/share/src/nix-secrets/secrets.yaml" SOPS_FILE := "../nix-secrets/secrets.yaml"
# default recipe to display help information # default recipe to display help information
default: default:
@ -14,11 +14,6 @@ rebuild-system:
git add *.nix git add *.nix
sudo nixos-rebuild switch --option eval-cache false --flake .#$(hostname) sudo nixos-rebuild switch --option eval-cache false --flake .#$(hostname)
# test full system rebuild from flake (stages changes and automatically detects host)
rebuild-system-test:
git add *.nix
sudo nixos-rebuild test --option eval-cache false --flake .#$(hostname)
# updates all flake inputs for system # updates all flake inputs for system
update-flake: update-flake:
nix flake update nix flake update
@ -28,11 +23,10 @@ update-flake:
edit-sops: edit-sops:
echo "Editing {{SOPS_FILE}}" echo "Editing {{SOPS_FILE}}"
nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}" nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}"
cd $(dirname {{SOPS_FILE}}) && git add . && git commit -m "autocommit" && git push
# update keys in secrets.yaml and push to remote # update keys in secrets.yaml and push to remote
update-sops-secrets: update-sops-secrets:
cd ~/.local/share/src/nix-secrets && (\ cd ../nix-secrets && (\
nix-shell -p sops --run "sops updatekeys -y secrets.yaml" && \ nix-shell -p sops --run "sops updatekeys -y secrets.yaml" && \
git add -u && (git commit -m "updated secrets" || true) && git push \ git add -u && (git commit -m "updated secrets" || true) && git push \
) )

View File

@ -1,10 +1,8 @@
pkgs: { pkgs: {
sddm-theme = pkgs.callPackage ./sddm-theme {}; sddm-theme = pkgs.callPackage ./sddm-theme { };
st = pkgs.callPackage ./st {}; st = pkgs.callPackage ./st { };
dwmblocks = pkgs.callPackage ./dwmblocks {}; dwmblocks = pkgs.callPackage ./dwmblocks { };
dmenu = pkgs.callPackage ./dmenu {}; dmenu = pkgs.callPackage ./dmenu { };
nsxiv = pkgs.callPackage ./nsxiv {}; nsxiv = pkgs.callPackage ./nsxiv { };
sqlfmt = pkgs.callPackage ./sqlfmt {}; sqlfmt = pkgs.callPackage ./sqlfmt { };
kunst = pkgs.callPackage ./kunst {};
set_wm_class = pkgs.callPackage ./set_wm_class {};
} }

View File

@ -1,22 +0,0 @@
{ pkgs ? import <nixpkgs> { }
, fetchFromGitea ? pkgs.fetchFromGitea
}:
pkgs.stdenv.mkDerivation {
pname = "kunst";
name = "kunst";
src = fetchFromGitea {
domain = "git.bitlab21.com";
owner = "sam";
repo = "kunst";
rev = "efff362ab9ea14cae2bb6c5d246601011e345732";
sha256 = "sha256-AeAYh2z2Ty9rYfgm+EhYB99OI87aWqLURDbfT0N3wUg=";
};
installPhase = ''
mkdir -p $out/bin
mv kunst $out/bin
chmod 755 $out/bin/kunst
'';
}

View File

@ -1,35 +0,0 @@
{ pkgs ? import <nixpkgs> { }
, fetchFromGitea ? pkgs.fetchFromGitea
, pkg-config ? pkgs.pkg-config
, libX11 ? pkgs.xorg.libX11
}:
pkgs.stdenv.mkDerivation {
pname = "set_wm_class";
name = "set_wm_class";
src = fetchFromGitea {
domain = "git.bitlab21.com";
owner = "sam";
repo = "set_wm_class";
rev = "b39fb4b360";
sha256 = "sha256-5z2YQof4jbfa1dQll5GLt2OL54UhDKZ4Dzzte7vT0zM=";
};
nativeBuildInputs = [
pkg-config
];
buildInputs = [
libX11
];
buildPhase = ''
make
'';
installPhase = ''
mkdir -p $out/bin
mv set_wm_class $out/bin
'';
}

View File

@ -2,17 +2,14 @@
, fetchurl ? pkgs.fetchurl , fetchurl ? pkgs.fetchurl
, buildPythonPackage ? pkgs.python311Packages.buildPythonPackage , buildPythonPackage ? pkgs.python311Packages.buildPythonPackage
}: }:
let
version = "0.21.4"; # this needs to be fetched from github to get the latest
in
buildPythonPackage { buildPythonPackage {
pname = "shandy-sqlfmt"; pname = "shandy-sqlfmt";
version = "0.21.3";
format = "wheel"; format = "wheel";
version = version;
src = fetchurl { src = fetchurl {
url = "https://github.com/tconbeer/sqlfmt/releases/download/v${version}/shandy_sqlfmt-${version}-py3-none-any.whl"; url = "https://github.com/tconbeer/sqlfmt/releases/download/v0.21.3/shandy_sqlfmt-0.21.3-py3-none-any.whl";
sha256 = "sha256-mS8afZtQxN/blaVgG2cBD/wnRZGxAwQWPJqtTji1IJk="; sha256 = "sha256-gb/gLAcGD7F/0LL6WllfX1CW4Tug//jNDA0v9O5tedA=";
}; };
doCheck = false; doCheck = false;

View File

@ -12,8 +12,8 @@ pkgs.stdenv.mkDerivation {
domain = "git.bitlab21.com"; domain = "git.bitlab21.com";
owner = "sam"; owner = "sam";
repo = "st"; repo = "st";
rev = "0e926487c85227aad9eed6667b91e149018014b8"; rev = "31e0ba8cb2086fb12741afc5fc3dfd938ca1f59b";
sha256 = "sha256-aUquoUotLKJDxOISIcx0RUybNvBrytc7+EF7PE1MRJU="; sha256 = "sha256-dbkXFbNr/lJveMeR7qXo7jGgF5+79S9vqKsLM7XM250=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

View File

@ -17,8 +17,6 @@ read -p "Enter hostname of target: " hostname
read -p "Enter IP of target: " ip read -p "Enter IP of target: " ip
read -p "Enter config to install on target: " config read -p "Enter config to install on target: " config
read -p "Enter username (if none, use 'root'): " username read -p "Enter username (if none, use 'root'): " username
read -p "Using impermanence? (yes|no): " impermanence
[ "$impermanence" = "yes" ] && persist="/persist"
# Delete key in known hosts if exists # Delete key in known hosts if exists
sed -i "/$ip/d" ~/.ssh/known_hosts sed -i "/$ip/d" ~/.ssh/known_hosts
@ -38,23 +36,23 @@ cleanup() {
trap cleanup EXIT trap cleanup EXIT
# Create the directory for target host keys # Create the directory for target host keys
install -d -m755 "$temp$persist/etc/ssh" install -d -m755 "$temp/persist/etc/ssh"
# Create ssh keys # Create ssh keys
echo "Creating '$hostname' ssh keys" echo "Creating '$hostname' ssh keys"
ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N "" ssh-keygen -t ed25519 -f "$temp/persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
# Extract luks key from secrets # Extract luks key from secrets
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ~/.local/share/src/nix-secrets/secrets.yaml") luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml")
echo "$luks_secret" > /tmp/luks_secret.key echo "$luks_secret" > /tmp/luks_secret.key
# Generate age key from target host and user public ssh key # Generate age key from target host and user public ssh key
echo "Generating age key from target host and user ssh key" echo "Generating age key from target host and user ssh key"
HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp$persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age") HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp/persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age")
echo -e "Host age key:\n$HOST_AGE_KEY\n" echo -e "Host age key:\n$HOST_AGE_KEY\n"
# Update .sops.yaml with new age key: # Update .sops.yaml with new age key:
SOPS_FILE="$HOME/.local/share/src/nix-secrets/.sops.yaml" SOPS_FILE="../nix-secrets/.sops.yaml"
sed -i "{ sed -i "{
# Remove any * and & entries for this host # Remove any * and & entries for this host
/[*&]$hostname/ d; /[*&]$hostname/ d;
@ -63,14 +61,13 @@ sed -i "{
/age:/{n; p; s/\(.*- \*\).*/\1$hostname/}; /age:/{n; p; s/\(.*- \*\).*/\1$hostname/};
# Inject a new hosts: entry # Inject a new hosts: entry
/&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/} /&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/}
}" "$SOPS_FILE" }" $SOPS_FILE
# Commit and push changes to sops file # Commit and push changes to sops file
just update-sops-secrets && just update-flake-secrets && just update-flake just update-sops-secrets && just update-flake-secrets && just update-flake
# Copy current nix config over to target # Copy current nix config over to target
echo "copying current nix config to host" cp -prv . "$temp/persist/etc/nixos"
cp -pr . "$temp$persist/etc/nixos"
# Install Nixos to target # Install Nixos to target
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519" SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"

View File

@ -1,8 +0,0 @@
{ pkgs ? import <nixpkgs> { } }:
pkgs.mkShell
{
nativeBuildInputs = with pkgs; [
update-nix-fetchgit
];
}

Some files were not shown because too many files have changed in this diff Show More