Compare commits

...

210 Commits

Author SHA1 Message Date
Sam 2ef417b6b1 Update NVIDIA configuration and add cpupower package
- Enable nvidiaPersistenced and add udev rules for NVIDIA devices in citadel/default.nix
- Add boot.extraModprobeConfig for NVreg_DynamicPowerManagement and NVreg_EnableGpuFirmware
- Include the cpupower package in common/core/default.nix
2024-11-13 12:09:17 +00:00
Sam 592309f30a add kodi for sparky 2024-11-12 23:07:22 +00:00
Sam c85215b5b4 add throttled to citadel 2024-11-12 21:18:21 +00:00
Sam d224d55c1a add nvidia and prime to citadel 2024-11-12 19:41:27 +00:00
Sam cdc75090ff Add keymaps and settings for nixvim plugins
- Add Conform auto-format document keymap in conform.nix
- Enable and configure Oil plugin settings in oil.nix
- Update Telescope keymaps definition in telescope.nix
2024-11-12 18:21:15 +00:00
Sam 2d78446105 Refactor Telescope keymaps to dedicated telescope plugin file
- Remove Telescope keymaps from keymaps.nix
- Add Telescope keymaps to telescope.nix
- Include new keymap for grep string under cursor and recently opened files
2024-11-12 17:03:53 +00:00
Sam d058b2cf72 Update nixvim keymaps and harpoon plugin
- Add indentation and line movement keymaps in visual mode
- Add keymap for adding files in harpoon plugin
2024-11-12 16:09:09 +00:00
Sam 86c59bb27b Add Gajim to default packages and new Prefect variable
- Add `pkgs.gajim` to the list of default packages in `default.nix`
- Introduce a new Prefect variable `wdpa_dir` in `baseddata-worker.nix`
- Set the value of `wdpa_dir` to `/media/baseddata-data/wdpa
2024-11-06 16:33:28 +00:00
Sam ac6a9d2c21 merge 2024-11-05 15:21:23 +00:00
Sam a154d2df79 Update default.nix to include R package 2024-11-05 15:20:35 +00:00
Sam a95ac4ef25 Update default.nix and dwm.nix with new packages and revisions
- Add pkgs.gimp to default.nix
- Update dwm.nix with new revision and sha256
2024-11-05 15:19:32 +00:00
Sam de5c1edf1b revert user variables removal 2024-11-04 15:57:32 +00:00
Sam ac5833c8af revert neovim to stable 2024-11-04 15:54:26 +00:00
Sam b9c0b70fc8 rm parrot.nvim 2024-11-04 15:53:53 +00:00
Sam b2f849d80b Update desktop packages and add spell-checking support
- Replace libreoffice with libreoffice-qt
- Add hunspell and hunspell dictionaries for en-gb and en_US
2024-11-04 15:33:41 +00:00
Sam 4d0335d99a Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-11-03 21:27:10 +00:00
Sam ec7f879c6d Add Krita and update DWM source
- Add Krita to the default.nix package list
- Update DWM source URL and revision in dwm.nix
- Modify DWM source SHA256 checksum in dwm.nix
2024-11-03 21:27:07 +00:00
Sam 2c44487796 Add swap devices and update Prefect variables
- Add swap devices configuration to citadel and semita hosts
- Update Prefect variable for OSM directory in baseddata-worker
- Set swap device size to 32*1024 for both citadel and semita hosts
2024-11-03 21:03:12 +00:00
Sam 45ee82da0e Add glow plugin and update prefect variable
- Add 'pkgs.glow' to 'default.nix'
- Add and configure 'glow.nvim' plugin in 'plugins/default.nix'
- Update 'postgres_dbname' variable to 'baseddata' in 'baseddata-worker.nix'
2024-11-02 14:00:30 +00:00
Sam 5d0b1b9be7 Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-11-01 22:17:35 +00:00
Sam 7be587d7b1 Update Postgres configuration and remove system packages
- Update Postgres configuration for dev and prod environments:
  - Change dbname from `dev_baseddata_models` to `dev_baseddata` and `baseddata_models` to `baseddata`
  - Replace host variable with `${baseddataPostgresIp}`
  - Update user and password placeholders to new paths
- Remove `environment.systemPackages` configuration
2024-11-01 22:17:24 +00:00
Sam 7e4f15496f rm flake.lock to gitignore 2024-11-01 17:38:25 +00:00
Sam 9a26bbe7c5 add flake.lock to gitignore 2024-11-01 17:37:34 +00:00
Sam d725852387 add flake.lock to gitignore 2024-11-01 17:37:23 +00:00
Sam 4bee1bffbd flake.lock 2024-11-01 17:33:29 +00:00
Sam 8561f44963 update flake.lock 2024-10-28 17:52:45 +00:00
Sam dde54c9aa7 Add lib to configuration 2024-10-28 17:52:29 +00:00
Sam 16436da1e4 Update nixvim configuration to use unstable Neovim package 2024-10-28 17:51:42 +00:00
Sam 13dad7b532 Update: Add Mistral API key and Parrot.nvim plugin
- Introduce Mistral API key
- Add Parrot.nvim plugin
- Implement a function to read the API key from a secrets file
- Set up Parrot.nvim with Mistral provider and custom hooks for code assistance and git commit generation
2024-10-28 17:46:09 +00:00
Sam a9f321a847 update flake 2024-10-28 13:45:55 +00:00
Sam 7cffeffca9 Add bitcoind configuration and prefect variables
- Add bitcoind IP and port configuration variables
- Update prefect variables for bitcoind ip and port
- Maintain existing configurations for other services
2024-10-25 10:31:52 +01:00
Sam 70a788f588 Add bitcoind RPC credentials and update prefect variables
- Add bitcoind RPC username and password to secrets and environment variables
- Update prefect variables to include bitcoin RPC username and password
- Add new read-only host paths for bitcoind RPC username and password
2024-10-25 10:18:15 +01:00
Sam 4e6f1f6f01 update flake 2024-10-24 15:22:35 +01:00
Sam 8242c29cf7 Refactor flake.nix and add key remaps script
- Refactor `flake.nix` to simplify the `outputs` section and remove redundant configurations
- Update `lsp.nix` to use hostname for NixOS and Home Manager configurations.
- Add `key-remaps.nix` script to `dwm` configuration and update `xinitrc.nix` to include it in autostart.
- Comment out non-functional `displayManager.sessionCommands` in `citadel/default.nix`.
2024-10-24 15:14:34 +01:00
Sam bd3f24056e modify nixvim
- add config for nixd
- fix luasnip call func in cmp
- enable autocomplete in cmp- cmdline
- add cmp-cmdline mapping
2024-10-23 22:34:35 +01:00
Sam 71ac9901dd disable tlp for citadel 2024-10-23 19:06:08 +01:00
Sam b106d1cb6e add nix-ld for citadel and semita 2024-10-19 13:33:51 +01:00
Sam ca9dff8442 modify baseddata-worker variables 2024-10-19 13:27:30 +01:00
Sam 2516f9de21 removed unused hosts 2024-10-14 18:54:48 +01:00
Sam a9fc820d61 brave 2024-10-14 18:46:13 +01:00
Sam c255cdbb2c chromium, kemaps, cli commands 2024-10-14 16:57:01 +01:00
Sam 6f4187b95e new postgres connection dbui 2024-10-14 09:48:33 +01:00
Sam 89141ff555 dwm-taglabels 2024-10-12 16:26:10 +01:00
Sam e6c3917942 small changes and updates 2024-10-12 00:19:40 +01:00
Sam 2793c3cfe0 small modification to postgres container 2024-10-12 00:19:24 +01:00
Sam 2005bc293f rm worker container 2024-10-12 00:19:07 +01:00
Sam d9fce8a1c9 new containers for mongodb and bd-worker 2024-10-12 00:18:37 +01:00
Sam 37768683d7 minor modifications to containers 2024-10-10 01:37:37 +01:00
Sam 3092630c08 add firefox bookmarks 2024-10-10 01:37:18 +01:00
Sam dbd3dd5584 update flake secrets 2024-10-10 01:37:05 +01:00
Sam 92fb9f5519 non-Nix Python Packages with Binaries on NixOS 2024-10-10 01:36:50 +01:00
Sam 00d5c7db47 install libreoffice on desktops 2024-10-10 01:36:08 +01:00
Sam 8eeea08472 add script runner container called worker 2024-10-10 01:35:45 +01:00
Sam 5430e70bd4 add vars networking.addresses from nix-secrets 2024-10-07 14:19:27 +01:00
Sam 62a3630a5c modify jellyfin & nix-bitcoin containers 2024-10-07 09:35:22 +01:00
Sam 51320794e6 intel gpu hardware firmware 2024-10-06 17:26:39 +01:00
Sam bd3924fda3 add podman group to sam 2024-10-06 17:26:20 +01:00
Sam e0093f134b change docker to podman for arion compatibility 2024-10-06 17:25:52 +01:00
Sam f57afcc50c add postgres and jellyfin nixos-containers 2024-10-06 17:25:27 +01:00
Sam 9096d69f9a remove postgres arion 2024-10-06 17:25:02 +01:00
Sam 74a2c3f930 update flake secrets 2024-10-06 17:23:54 +01:00
Sam 2533603b65 update nix-bitcoin and use network bridge for semita 2024-10-05 16:42:16 +01:00
Sam 25dfe2cf37 Update flake 2024-10-05 16:41:56 +01:00
Sam 37901f3937 working implementation of bitcoind 2024-10-04 17:53:32 +01:00
Sam 4c857eded4 set static ip for semita and add /srv to persistance 2024-10-04 09:30:34 +01:00
Sam 2e90b1ae46 set static ip for semita 2024-10-03 14:55:42 +01:00
Sam 0038dbf8ce add transmission-daemon 2024-09-30 09:37:25 +01:00
Sam 612affe2fd change sql formatter back to sqlfmt 2024-09-30 08:49:49 +01:00
Sam 53d2343f04 install docker and compose 2024-09-21 22:19:00 +01:00
Sam afaf3c4697 create xmodmap-arrow config 2024-09-15 10:12:56 +01:00
Sam 16fee36e96 rm xmodmap from xinitrc 2024-09-15 10:02:02 +01:00
Sam e374498aa4 key-remaps to xinitrc and nixvim buffer switch remaps 2024-09-15 09:51:21 +01:00
Sam f7ffba2266 add nvim buffer switch keymap & change dbt models 2024-09-14 20:19:07 +01:00
Sam a8e0ae35da updated postgres 2024-09-09 11:41:10 +01:00
Sam 564d4f6230 update flake and add .scripts to path 2024-08-31 21:29:38 +01:00
Sam 55d96ce54e Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-08-31 10:30:45 +01:00
Sam d86a05d7c3 add qgis, transmission and mpv to home-manager 2024-08-31 10:30:36 +01:00
Sam 5a6dca3b5d nixvim conform add postgres language to sql-formatter 2024-08-31 10:29:45 +01:00
Sam d418d16fa4 nfs homeshare and photos 2024-08-26 21:04:19 +01:00
Sam 9fe49f4d79 added sql-formatter config 2024-08-25 23:27:42 +01:00
Sam 1af24715ff config conform.nvim
- removed sqlfmt and replaced with sql-formatter
2024-08-25 23:22:24 +01:00
Sam 6f5f8867fd configure dbui 2024-08-24 23:32:48 +01:00
Sam c25d56f350 add yazi to home-manager 2024-08-20 13:14:24 +01:00
Sam 3d90deadf9 nixvim spell 2024-08-20 10:19:24 +01:00
Sam f3ad132675 fix issue with clipboard-save 2024-08-15 13:32:04 +01:00
Sam f6b8aeca69 add tmux to home-manager and removed yaml lsp from nixvim 2024-08-03 12:58:38 +01:00
Sam 9f5e92d452 postgres 2024-08-02 22:53:01 +01:00
Sam dd94dea696 Update LSP plugin configuration
- Enable TypeScript server (tsserver)
- Disable SQL server (sqls)
2024-07-29 13:30:35 +01:00
Sam 19f0057503 add comment plugin to nvim 2024-07-27 11:23:14 +01:00
Sam dabff16a37 Add src alias to zshrc 2024-07-27 11:13:19 +01:00
Sam 5fae14f4fc Add nvim language servers for cls and r 2024-07-27 11:12:41 +01:00
Sam c51cb70732 Change dunst border for urgen notifications 2024-07-27 11:12:16 +01:00
Sam c4ac477d6f update sqlfmt 2024-07-21 20:26:56 +01:00
Sam ff300d8542 Updated dwm 2024-07-21 18:23:24 +01:00
Sam e30e731d61 Added shell.nix to nixos config 2024-07-21 18:22:59 +01:00
Sam 07d19c4535 Remaps Alt_l arrow keys using hjkl 2024-07-21 16:23:47 +01:00
Sam 2ec9f2db77 Modify tlp settings 2024-07-21 16:23:35 +01:00
Sam 0e0e2b2ae7 Add back bind_to_address for mpd 2024-07-21 16:21:54 +01:00
Sam b26aceec76 Disabled alpha plugin for nixvim 2024-07-21 14:52:45 +01:00
Sam 06f6aa1ffd MODIFY: updated battery-status script 2024-07-21 14:46:11 +01:00
Sam 3421360317 Import optional/notes for citadel 2024-07-21 14:42:57 +01:00
Sam 154b474868 Moved hm notes to optional 2024-07-21 14:42:22 +01:00
Sam d5f72ee2fd Added dwm scripts for battery-status and notification 2024-07-21 01:03:28 +01:00
Sam 46018fb461 Removed unnecessary sxhkdrc keybindings 2024-07-21 01:02:48 +01:00
Sam 621e97d8f1 Add backlight to citadel 2024-07-20 23:52:08 +01:00
Sam ae64001bc7 Add bluetooth to citadel 2024-07-20 23:51:40 +01:00
Sam 9d287792c6 Add tlp power save service to citadel 2024-07-20 23:51:10 +01:00
Sam c448a8c0cd Add thinkpad modules to citadel 2024-07-20 23:50:33 +01:00
Sam 87f30f8ace Define cursor and use xresources module 2024-07-20 20:23:02 +01:00
Sam a5e41acf63 Use -merge in xrdb 2024-07-20 20:22:41 +01:00
Sam 21bdc107eb Add gtk cursor theme 2024-07-20 20:22:02 +01:00
Sam d56fc29336 MODIFY: Tweak semita scaling 2024-07-20 18:49:27 +01:00
Sam 9788e0d6e2 remove bind_to_address from mpd 2024-07-20 18:18:53 +01:00
Sam bf30739d8b Xserver scaling, input settings 2024-07-20 17:38:49 +01:00
Sam f8f662daf7 Removed unnecessary monitors option in xinitrc 2024-07-20 17:35:31 +01:00
Sam 04782f64f5 Disabled sb-updates script 2024-07-20 17:34:53 +01:00
Sam cf8c449e5e MODIFY: Removed scaling in xresources for citadel and semita 2024-07-20 17:34:37 +01:00
Sam f7e23e39c7 MODIFY: Add deploy_key into sops hosts 2024-07-20 16:14:09 +01:00
Sam 86f27abb2f MODIFY: Firmware configuration for citadel to enable wifi 2024-07-20 16:13:24 +01:00
Sam fa060dba70 Added sam to networkmanager group 2024-07-20 16:12:49 +01:00
Sam f411adbf20 FIX: Renamed sb-battery 2024-07-20 16:12:10 +01:00
Sam 5e0230dcdd Added dmenu-wifi to dwm 2024-07-20 16:11:42 +01:00
Sam 1049ecbd76 Update flake.lock 2024-07-20 16:10:53 +01:00
Sam e3a1143ca5 Add sb-battery to dwm 2024-07-20 14:48:51 +01:00
Sam b991fa4236 Add citadel to flake.nix 2024-07-20 14:48:32 +01:00
Sam 5f672c2665 Fix justfile for new nix-secrets location 2024-07-20 14:48:04 +01:00
Sam 22ce3e08c2 Fix bootstrap script for new nix-secrets location 2024-07-20 14:47:26 +01:00
Sam 5147d02fa9 Update flake.lock secrets 2024-07-20 14:47:08 +01:00
Sam 6fbd5447b8 Update SOPS_FILE path in justfile
- Changed the path of SOPS_FILE in justfile from "../nix-secrets/secrets.yaml" to "~/.local/share/src/nix-secrets/secrets.yaml"
2024-07-20 13:49:01 +01:00
Sam 1743869b07 Add xresources to semita 2024-07-20 12:39:36 +01:00
Sam 0fb3056a4c Add citadel host 2024-07-20 12:38:57 +01:00
Sam 32bf8eca1f Removed xresources from desktop 2024-07-20 12:38:03 +01:00
Sam c9409866b7 enable printing and add network printer 2024-07-19 13:09:20 +01:00
Sam c5da58fc3b Add vimwiki-sync plugin to nixvim 2024-07-19 11:27:05 +01:00
Sam 82b0838f5c Add get-notes in home-manager activation script 2024-07-19 11:26:32 +01:00
Sam 7440a6662f oil.nvim plugin 2024-07-15 21:30:24 +01:00
mrsu 959d734fd1 Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-07-14 21:04:49 +01:00
mrsu 394a24567b removed test hosts fileserver & nixdev 2024-07-14 21:04:36 +01:00
Sam 6472e085c7 add nameservers to semita 2024-07-14 19:51:09 +01:00
Sam 937b53db87 nixvim todo-comments and fixed TODOs in codebase 2024-07-07 18:26:24 +01:00
Sam fb7cf9e280 merge master 2024-07-07 16:48:11 +01:00
Sam efb6128704 deactivate otter.nvim and rm lxd reference 2024-07-07 16:46:39 +01:00
sam 539ac37b8a Merge branch 'master' into docker 2024-07-07 16:25:47 +01:00
Sam 22aa6d3fa4 nvim_ufo fold plugin fix name 2024-07-07 16:24:50 +01:00
sam 8e527473ac Merge branch 'docker' of git.bitlab21.com:sam/nixos into docker 2024-07-07 16:24:00 +01:00
Sam db7bce57e7 Add arion package 2024-07-07 16:23:36 +01:00
Sam 614b9765dd Docker and postgres config 2024-07-07 16:23:36 +01:00
Sam 4b85810128 small fix 2024-07-07 16:23:36 +01:00
Sam a7c8b86b1f Postgres docker configuration 2024-07-07 16:23:36 +01:00
Sam 89ab4e8f9d Modify postgres docker container
- add sops-secrets for admin pwd
- POSTGRES_MULTIPLE_DATABASES as json to specify users and extensions
- initdb docker entrypoint script to create dbs, users and extensions
  from json
2024-07-07 16:23:36 +01:00
Sam 01ad0238a7 Update nix-secrets 2024-07-07 16:23:36 +01:00
Sam 688c2c9bcd Add arion package 2024-07-07 16:23:36 +01:00
Sam b8973040d5 pg init script to configure db on start
- create users & dbs
- setup db permissions
- install extensions
2024-07-07 16:23:36 +01:00
Sam ba9f593bcd pgdata dir and admin_db default database 2024-07-07 16:23:36 +01:00
Sam 3dbe85853e Build postgres using dockerfile
- use dockerfile to install postgis during build
2024-07-07 16:23:36 +01:00
Sam ba19ee9125 Minor fixes 2024-07-07 16:23:36 +01:00
Sam 8173a0dc94 Podman to user groups 2024-07-07 16:23:36 +01:00
Sam 600160bd9a Arion flake input 2024-07-07 16:23:36 +01:00
Sam 5205e606c1 Docker and postgres config 2024-07-07 16:23:36 +01:00
Sam 5b8a1430fe Add postgres btrfs zvol 2024-07-07 16:23:36 +01:00
Sam 8f458590e2 Remove deploy_key from sops 2024-07-07 16:23:36 +01:00
Sam bcea6919fb Update flake secrets 2024-07-07 16:23:36 +01:00
Sam aa8d4ca3ae nvim_ufo fold plugin 2024-07-07 16:23:05 +01:00
Sam 653901f823 Removed precognition config 2024-07-07 15:39:07 +01:00
sam febc33faee Merge branch 'docker' of git.bitlab21.com:sam/nixos into docker 2024-07-07 15:36:51 +01:00
Sam 2f99d05406 small fix 2024-07-07 15:36:34 +01:00
Sam 947ddaca43 Postgres docker configuration 2024-07-07 15:36:34 +01:00
Sam 529fc394ef Modify postgres docker container
- add sops-secrets for admin pwd
- POSTGRES_MULTIPLE_DATABASES as json to specify users and extensions
- initdb docker entrypoint script to create dbs, users and extensions
  from json
2024-07-07 15:36:34 +01:00
Sam 89646a5d6a Update nix-secrets 2024-07-07 15:36:34 +01:00
Sam 804d6bf4d0 Add arion package 2024-07-07 15:36:34 +01:00
Sam 491350bc58 pg init script to configure db on start
- create users & dbs
- setup db permissions
- install extensions
2024-07-07 15:36:34 +01:00
Sam baaaa3e8d6 pgdata dir and admin_db default database 2024-07-07 15:36:34 +01:00
Sam 591a9ce48f Build postgres using dockerfile
- use dockerfile to install postgis during build
2024-07-07 15:36:34 +01:00
Sam 7df7970414 Minor fixes 2024-07-07 15:36:34 +01:00
Sam 052c941e81 Podman to user groups 2024-07-07 15:36:34 +01:00
Sam f7695f4d15 Arion flake input 2024-07-07 15:36:34 +01:00
Sam 52a3b85c8f Docker and postgres config 2024-07-07 15:36:34 +01:00
Sam c9ee7c7e80 Add postgres btrfs zvol 2024-07-07 15:36:34 +01:00
Sam fc2f6f4ca3 Remove deploy_key from sops 2024-07-07 15:36:34 +01:00
Sam 67e3d9dded Update flake secrets 2024-07-07 15:36:34 +01:00
Sam 4fbfbee45b Removed precognition nixvim plugin 2024-07-07 15:35:38 +01:00
Sam b8f85256a7 small fix 2024-07-06 21:17:32 +01:00
Sam 271b5958b8 Postgres docker configuration 2024-07-06 20:53:26 +01:00
Sam 2f0ddf8375 Modify postgres docker container
- add sops-secrets for admin pwd
- POSTGRES_MULTIPLE_DATABASES as json to specify users and extensions
- initdb docker entrypoint script to create dbs, users and extensions
  from json
2024-07-06 16:02:10 +01:00
Sam e419389862 Update nix-secrets 2024-07-06 16:01:40 +01:00
Sam fec1dae750 Add arion package 2024-07-06 16:01:17 +01:00
Sam 3b7a597d8f pg init script to configure db on start
- create users & dbs
- setup db permissions
- install extensions
2024-07-06 10:28:09 +01:00
Sam 1e95ba6c36 pgdata dir and admin_db default database 2024-07-06 10:27:15 +01:00
Sam d29250a2a6 Build postgres using dockerfile
- use dockerfile to install postgis during build
2024-07-06 10:26:08 +01:00
Sam f71ece31f1 Minor fixes 2024-07-05 18:59:10 +01:00
Sam a71ee506d3 Podman to user groups 2024-07-05 18:58:46 +01:00
Sam 7f9c3535ef Arion flake input 2024-07-05 18:58:30 +01:00
Sam 9ace130029 Docker and postgres config 2024-07-05 18:58:03 +01:00
Sam 92d09646fa Add postgres btrfs zvol 2024-07-05 18:57:17 +01:00
Sam 33981eea6d Remove deploy_key from sops 2024-07-05 18:56:41 +01:00
Sam bd719c72fa Update flake secrets 2024-07-05 18:56:18 +01:00
sam 37192edd83 Merge branch 'master' of git.bitlab21.com:sam/nixos 2024-07-05 16:34:11 +01:00
Sam 911d7d6905 ifTheuExist and extra groups to user sam 2024-07-05 16:32:49 +01:00
Sam 74dab0c38d nebula zfs configuration and post-install-setup script 2024-07-05 16:31:58 +01:00
Sam f6290f3215 music_player to dwm 2024-07-04 17:19:33 +01:00
Sam 8c13a24cc8 Added music nfs mount to semita 2024-07-04 17:18:55 +01:00
Sam 60b6064ded Added personal build of kunst as package overlay 2024-07-04 17:18:05 +01:00
Sam 5000138b85 Update flake nixvim 2024-07-04 17:16:58 +01:00
Sam 20bdddf472 Enabled fontconfig (caused issues with symbols in dwm) 2024-07-02 12:21:38 +01:00
Sam bcf6db040e Updated dwm (patched functional gaps) 2024-07-02 12:20:48 +01:00
Sam 63ba2ebaba Update fontconfig settings
- Remove unnecessary import
2024-06-28 20:30:26 +01:00
mrsu e6f0770f97 tidied disks 2024-06-28 20:21:27 +01:00
mrsu 05ee6da5ee removed admin deploykey in home and reverted persistance change 2024-06-28 18:16:15 +01:00
mrsu 739018e98f moved fonts.nix to fontconfig in display 2024-06-28 18:15:36 +01:00
mrsu 906d11b3b0 add enable persistance option 2024-06-28 16:05:12 +01:00
101 changed files with 3061 additions and 829 deletions

0
.gitignore vendored Normal file
View File

View File

@ -1,5 +1,27 @@
{ {
"nodes": { "nodes": {
"arion": {
"inputs": {
"flake-parts": "flake-parts",
"haskell-flake": "haskell-flake",
"hercules-ci-effects": "hercules-ci-effects",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1720147808,
"narHash": "sha256-hlWEQGUbIwYb+vnd8egzlW/P++yKu3HjV/rOdOPVank=",
"owner": "hercules-ci",
"repo": "arion",
"rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "arion",
"rev": "236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318",
"type": "github"
}
},
"base16-schemes": { "base16-schemes": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -18,18 +40,17 @@
}, },
"devshell": { "devshell": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1717408969, "lastModified": 1728330715,
"narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "1ebbe68d57457c8cae98145410b164b5477761f4", "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -59,6 +80,31 @@
"type": "github" "type": "github"
} }
}, },
"extra-container": {
"inputs": {
"flake-utils": [
"nix-bitcoin",
"flake-utils"
],
"nixpkgs": [
"nix-bitcoin",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722175938,
"narHash": "sha256-HKyB4HD+NdX3T233bY31hm76v3/tdQBNeLLvopKbZeY=",
"owner": "erikarvstedt",
"repo": "extra-container",
"rev": "37e7207ac9f857eedb58b208b9dc91cd6b24e651",
"type": "github"
},
"original": {
"owner": "erikarvstedt",
"repo": "extra-container",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -90,6 +136,48 @@
} }
}, },
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"arion",
"hercules-ci-effects",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixvim", "nixvim",
@ -97,11 +185,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717285511, "lastModified": 1727826117,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -115,11 +203,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1726560853,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -142,11 +230,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718879355, "lastModified": 1729104314,
"narHash": "sha256-RTyqP4fBX2MdhNuMP+fnR3lIwbdtXhyj7w7fwtvgspc=", "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "8cd35b9496d21a6c55164d8547d9d5280162b07a", "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -177,6 +265,44 @@
"type": "github" "type": "github"
} }
}, },
"haskell-flake": {
"locked": {
"lastModified": 1675296942,
"narHash": "sha256-u1X1sblozi5qYEcLp1hxcyo8FfDHnRUVX3dJ/tW19jY=",
"owner": "srid",
"repo": "haskell-flake",
"rev": "c2cafce9d57bfca41794dc3b99c593155006c71e",
"type": "github"
},
"original": {
"owner": "srid",
"ref": "0.1.0",
"repo": "haskell-flake",
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719226092,
"narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -184,11 +310,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718530513, "lastModified": 1726989464,
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -206,11 +332,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718530513, "lastModified": 1726989464,
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -222,11 +348,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1719091691, "lastModified": 1730403150,
"narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=", "narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a", "rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -235,6 +361,30 @@
"type": "github" "type": "github"
} }
}, },
"nix-bitcoin": {
"inputs": {
"extra-container": "extra-container",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-unstable": "nixpkgs-unstable"
},
"locked": {
"lastModified": 1727247704,
"narHash": "sha256-Jl1CYXNIdJ4Ac0MK15e8+vflFOgPxZZNw24CKfLC6QY=",
"owner": "fort-nix",
"repo": "nix-bitcoin",
"rev": "a0d36d59248ac54f1b42a668326346a77640c7f5",
"type": "github"
},
"original": {
"owner": "fort-nix",
"ref": "nixos-24.05",
"repo": "nix-bitcoin",
"type": "github"
}
},
"nix-colors": { "nix-colors": {
"inputs": { "inputs": {
"base16-schemes": "base16-schemes", "base16-schemes": "base16-schemes",
@ -262,11 +412,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719128254, "lastModified": 1729826725,
"narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=", "narHash": "sha256-w3WNlYxqWYsuzm/jgFPyhncduoDNjot28aC8j39TW0U=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "50581970f37f06a4719001735828519925ef8310", "rev": "7840909b00fbd5a183008a6eb251ea307fe4a76e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -276,13 +426,12 @@
} }
}, },
"nix-secrets": { "nix-secrets": {
"flake": false,
"locked": { "locked": {
"lastModified": 1719345965, "lastModified": 1730130467,
"narHash": "sha256-ZxnKEatJu/wVxLy0M7UnCVvemU3P5vVvVoueAR289fk=", "narHash": "sha256-mcyG1iu8hNmkDjgDEdFQyCZ3bBxBHFKd4nxT8NreMmY=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "24db3bffa6b914d0389ff801c054dd48535872a4", "rev": "c82ff6f7e995503acabb9cf2478e5b4e401968ce",
"revCount": 121, "revCount": 188,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },
@ -293,16 +442,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1719145550, "lastModified": 1720031269,
"narHash": "sha256-K0i/coxxTEl30tgt4oALaylQfxqbotTSNb1/+g+mKMQ=", "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e4509b3a560c87a8d4cb6f9992b8915abf9e36d8", "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-24.05", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -324,27 +473,43 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1719099622, "lastModified": 1729973466,
"narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=", "narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e8e3b89adbd0be63192f6e645e0a54080004924", "rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "release-23.11", "ref": "release-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1719254875, "lastModified": 1726871744,
"narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=", "narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable_2": {
"locked": {
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60", "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -354,11 +519,27 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1730481737,
"narHash": "sha256-HaUCfqLIFX/4wiSKkKKSTwUNmZd1EMy+lGB+faadQXU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f18ab3b08f56abc54bcc2ef9bbca627d45926fee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"devshell": "devshell", "devshell": "devshell",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts_3",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nix-darwin": "nix-darwin", "nix-darwin": "nix-darwin",
@ -368,11 +549,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1719340721, "lastModified": 1729945968,
"narHash": "sha256-SfjI1Ir3Zs7w5lXXsmJ/MhB3V1Z1gHl9K2dFaEiy/GM=", "narHash": "sha256-4u+nbBSMuXWGCtXxUPPEflRm54+y/HLIbhIep9do8Ew=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "1fdbf40c177fc2edfcd3c63fadf4a6f596edc6af", "rev": "c05ac01070425ed0797b1ff678dc690c333cea74",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -384,11 +565,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1719344711, "lastModified": 1730472538,
"narHash": "sha256-k389PPp1HG9xk3yXn4Q/eAY/K+qm/+kbHLq9hfo+m14=", "narHash": "sha256-3m4OVGKsbPzMlnS0gVptIZBRlxgqQz+WhfwT+rT823Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "85596df878b1b71a54e1de3835ac6135c1bb8744", "rev": "52c21ec8fde46366b1a5555e18d854ee18012ac8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -399,13 +580,15 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"arion": "arion",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"nix-bitcoin": "nix-bitcoin",
"nix-colors": "nix-colors", "nix-colors": "nix-colors",
"nix-secrets": "nix-secrets", "nix-secrets": "nix-secrets",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable_2",
"nixvim": "nixvim", "nixvim": "nixvim",
"nur": "nur", "nur": "nur",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
@ -419,11 +602,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1719268571, "lastModified": 1729999681,
"narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=", "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
"owner": "mic92", "owner": "mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3", "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -455,11 +638,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718522839, "lastModified": 1729613947,
"narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=", "narHash": "sha256-XGOvuIPW1XRfPgHtGYXd5MAmJzZtOuwlfKDgxX5KT3s=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81", "rev": "aac86347fb5063960eccb19493e0cadcdb4205ca",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -3,7 +3,7 @@
inputs = { inputs = {
# Nixpkgs # Nixpkgs
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs.url = "github:nixos/nixpkgs/release-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# NUR # NUR
@ -21,6 +21,17 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Arion for docker
arion = {
url = "github:hercules-ci/arion/236f9dd82d6ef6a2d9987c7a7df3e75f1bc8b318";
};
# nix-bitcoin
nix-bitcoin = {
url = "github:fort-nix/nix-bitcoin/nixos-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
# Nix colors # Nix colors
nix-colors.url = "github:misterio77/nix-colors"; nix-colors.url = "github:misterio77/nix-colors";
@ -42,53 +53,38 @@
nix-secrets = { nix-secrets = {
url = "git+ssh://git@git.bitlab21.com/sam/nix-secrets.git"; url = "git+ssh://git@git.bitlab21.com/sam/nix-secrets.git";
flake = false; inputs = {};
}; };
}; };
outputs = outputs = {
{ self self,
, nixpkgs nixpkgs,
, home-manager home-manager,
, ... ...
} @ inputs: } @ inputs: let
let
inherit (self) outputs; inherit (self) outputs;
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
]; ];
forAllSystems = nixpkgs.lib.genAttrs systems; forAllSystems = nixpkgs.lib.genAttrs systems;
specialArgs = { inherit inputs outputs; }; inherit (nixpkgs) lib;
in configVars = import ./vars {inherit inputs lib;};
{ specialArgs = {
inherit
inputs
outputs
configVars
;
};
in {
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra); overlays = import ./overlays {inherit inputs;};
overlays = import ./overlays { inherit inputs; };
nixosModules = import ./modules/nixos; nixosModules = import ./modules/nixos;
homeManagerModules = import ./modules/home-manager; homeManagerModules = import ./modules/home-manager;
# System level configs # System level configs
nixosConfigurations = { nixosConfigurations = {
nixdev = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/nixdev
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
fileserver = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/fileserver
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
bootstrap = nixpkgs.lib.nixosSystem { bootstrap = nixpkgs.lib.nixosSystem {
inherit specialArgs; inherit specialArgs;
modules = [ modules = [
@ -115,7 +111,7 @@
} }
]; ];
}; };
nebula = nixpkgs.lib.nixosSystem { merlin = nixpkgs.lib.nixosSystem {
inherit specialArgs; inherit specialArgs;
modules = [ modules = [
./hosts/nebula ./hosts/nebula
@ -125,6 +121,16 @@
} }
]; ];
}; };
citadel = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [
./hosts/citadel
home-manager.nixosModules.home-manager
{
home-manager.extraSpecialArgs = specialArgs;
}
];
};
}; };
}; };
} }

84
home/citadel.nix Normal file
View File

@ -0,0 +1,84 @@
{config, pkgs, ...}: {
imports = [
# Import users
./users/sam
./common/core
# Import optional
./common/optional/git.nix
./common/optional/sops.nix
./common/optional/syncthing.nix
./common/optional/desktop/dwm
./common/optional/desktop/common/themes/standard-dark.nix
./common/optional/notes.nix
./common/optional/yazi.nix
];
home.packages = [
pkgs.qgis
];
colorScheme = {
slug = "serene";
name = "Serene";
author = "Bitlab21";
palette = {
base00 = "#1F1F28";
base01 = "#16161D";
base02 = "#223249";
base03 = "#363646";
base04 = "#727169";
base05 = "#DCD7BA";
base06 = "#C8C093";
base07 = "#717C7C";
base08 = "#C34043";
base09 = "#FFA066";
base0A = "#C0A36E";
base0B = "#76946A";
base0C = "#6A9589";
base0D = "#7E9CD8";
base0E = "#957FB8";
base0F = "#D27E99";
};
};
home.file.".Xresources" = {
recursive = true;
text = ''
! st
st.alpha: 0.8
St.font: monospace:pixelsize=31:antialias=true:autohint=true;
St.font2: NotoColorEmoji:pixelsize=24:antialias=true:autohint=true;
! dwm
dwm.borderpx: 6
dwm.font: monospace:size=14
dwm.col_base00: #${config.colorScheme.colors.base00}
dwm.col_base03: #${config.colorScheme.colors.base03}
dwm.col_base04: #${config.colorScheme.colors.base04}
dwm.col_base05: #${config.colorScheme.colors.base05}
dwm.col_base08: #${config.colorScheme.colors.base08}
dwm.col_base0B: #${config.colorScheme.colors.base0B}
! dmenu
dmenu.font: monospace:size=14
dmenu.font2: NotoColorEmoji:pixelsize=44:antialias=true:autohint=true
dmenu.topbar: 1
dmenu.normfgcolor: #${config.colorScheme.colors.base05}
dmenu.normbgcolor: #${config.colorScheme.colors.base03}
dmenu.selfgcolor: #${config.colorScheme.colors.base00}
dmenu.selbgcolor: #${config.colorScheme.colors.base0B}
Nsxiv.window.background: #${config.colorScheme.colors.base03}
Nsxiv.window.foreground: #${config.colorScheme.colors.base05}
Nsxiv.mark.foreground: #${config.colorScheme.colors.base08}
Nsxiv.bar.background: #${config.colorScheme.colors.base00}
Nsxiv.bar.foreground: #${config.colorScheme.colors.base05}
Nsxiv.bar.font: monospace:size=12
'';
};
}

View File

@ -1,10 +1,9 @@
{ pkgs, inputs, outputs, ... }: { pkgs, inputs, outputs, lib, ... }:
{ {
imports = [ imports = [
inputs.nix-colors.homeManagerModules.default inputs.nix-colors.homeManagerModules.default
./zsh.nix ./zsh.nix
./nixvim ./nixvim
./fonts.nix
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
@ -19,14 +18,17 @@
ripgrep ripgrep
fzf fzf
eza eza
bat
killall
pciutils pciutils
tree tree
jq jq
coreutils coreutils
btop btop
htop htop
postgresql postgresql_16
libqalculate libqalculate
tmux
; ;
}; };
home.stateVersion = "24.05"; home.stateVersion = "24.05";

View File

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
fonts.fontconfig.enable = true;
home.packages = with pkgs; [
nerdfonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
hack-font
liberation_ttf
libertine
font-awesome
];
}

View File

@ -1,5 +1,8 @@
{ inputs, pkgs, ... }:
{ {
inputs,
pkgs,
...
}: {
imports = [ imports = [
inputs.nixvim.homeManagerModules.nixvim inputs.nixvim.homeManagerModules.nixvim
./plugins ./plugins
@ -11,12 +14,22 @@
# Install home packages needed for nixvim # Install home packages needed for nixvim
home.packages = [ home.packages = [
pkgs.nixpkgs-fmt pkgs.nixpkgs-fmt
pkgs.black
pkgs.yamllint
pkgs.yamlfmt
pkgs.prettierd pkgs.prettierd
pkgs.sqlfmt pkgs.sqlfmt
pkgs.nodePackages_latest.sql-formatter
pkgs.alejandra
pkgs.shellcheck
pkgs.shellharden
pkgs.shfmt
pkgs.stylua
pkgs.glow
]; ];
programs.nixvim = { programs.nixvim = {
enable = true; enable = true;
package = pkgs.neovim-unwrapped;
enableMan = true; # install man pages for nixvim options enableMan = true; # install man pages for nixvim options
clipboard.register = "unnamedplus"; # use system clipboard instead of internal registers clipboard.register = "unnamedplus"; # use system clipboard instead of internal registers
globals.mapleader = " "; globals.mapleader = " ";
@ -42,7 +55,11 @@
let wiki_0.index = 'home' let wiki_0.index = 'home'
let wiki_0.syntax = 'markdown' let wiki_0.syntax = 'markdown'
let wiki_0.ext = '.md' let wiki_0.ext = '.md'
'';
" ==== dbui
let g:db_ui_hide_schemas = ['pg_catalog', 'pg_toast_temp.*', 'pg_toast']
let g:db_ui_use_nerd_fonts = 1
let g:db_ui_execute_on_save = 0
'';
}; };
} }

View File

@ -1,33 +1,31 @@
{ {
programs.nixvim.keymaps = [ programs.nixvim.keymaps = [
# Switching buffers # Switching buffers
{ {
mode = [ "n" ]; mode = ["n"];
action = "<C-W>h"; action = "<C-w>h";
key = "<S-h>"; key = "<S-h>";
options = { options = {silent = true;};
silent = true;
};
} }
{ {
mode = [ "n" ]; mode = ["n"];
action = "<C-W>j"; action = "<C-w>j";
key = "<S-j>"; key = "<S-j>";
options = { options = {
silent = true; silent = true;
}; };
} }
{ {
mode = [ "n" ]; mode = ["n"];
action = "<C-W>k"; action = "<C-w>k";
key = "<S-k>"; key = "<S-k>";
options = { options = {
silent = true; silent = true;
}; };
} }
{ {
mode = [ "n" ]; mode = ["n"];
action = "<C-W>l"; action = "<C-w>l";
key = "<S-l>"; key = "<S-l>";
options = { options = {
silent = true; silent = true;
@ -36,7 +34,7 @@
# Toggle nvim-tree # Toggle nvim-tree
{ {
mode = [ "n" ]; mode = ["n"];
action = "<cmd>NvimTreeFindFileToggle<CR>"; action = "<cmd>NvimTreeFindFileToggle<CR>";
key = "tt"; key = "tt";
options = { options = {
@ -46,40 +44,71 @@
# Clear search highlighting # Clear search highlighting
{ {
mode = [ "n" ]; mode = ["n"];
key = "<space><space>"; key = "<space><space>";
action = "<cmd>nohlsearch<CR>"; action = "<cmd>nohlsearch<CR>";
options = { noremap = true; }; options = {noremap = true;};
} }
# Telescope Plugin # paste over selected text without yanking it
{ {
# find files mode = ["v"];
mode = [ "n" ]; key = "p";
key = "<Leader>ff"; action = "\"_dP";
action = "<cmd>Telescope find_files<CR>"; options = {noremap = true;};
options = { noremap = true; }; }
# resize window
{
mode = ["n"];
key = "<Right>";
action = ":vertical resize +1<CR>";
options = {noremap = true;};
} }
{ {
# live grep mode = ["n"];
mode = [ "n" ]; key = "<Left>";
key = "<Leader>fg"; action = ":vertical resize -1<CR>";
action = "<cmd>Telescope live_grep<CR>"; options = {noremap = true;};
options = { noremap = true; };
} }
{ {
# buffers mode = ["n"];
mode = [ "n" ]; key = "<Down>";
key = "<Leader>fb"; action = ":resize -1<CR>";
action = "<cmd>Telescope buffers<CR>"; options = {noremap = true;};
options = { noremap = true; };
} }
{ {
# help tags mode = ["n"];
mode = [ "n" ]; key = "<Up>";
key = "<Leader>fh"; action = ": resize +1<CR>";
action = "<cmd>Telescope help_tags<CR>"; options = {noremap = true;};
options = { noremap = true; }; }
# indent line in or out
{
mode = ["v"];
key = "<";
action = "<gv";
options = {noremap = true;};
}
{
mode = ["v"];
key = ">";
action = ">gv";
options = {noremap = true;};
}
# move selected line up or down
{
mode = ["v"];
key = "J";
action = ":m '>+1<CR>gv=gv";
options = {noremap = true;};
}
{
mode = ["v"];
key = "K";
action = ":m '<-2<CR>gv=gv";
options = {noremap = true;};
} }
]; ];
} }

View File

@ -31,5 +31,7 @@
ignorecase = true; ignorecase = true;
smartcase = true; smartcase = true;
backspace = "indent,eol,start"; # allow backspace in insert mode backspace = "indent,eol,start"; # allow backspace in insert mode
spell = true;
spelllang = "en_gb";
}; };
} }

View File

@ -1,10 +0,0 @@
{
programs.nixvim.plugins = {
alpha = {
enable = true;
iconsEnabled = true;
theme = "dashboard";
};
};
}

View File

@ -3,6 +3,7 @@
cmp-emoji = { enable = true; }; cmp-emoji = { enable = true; };
cmp = { cmp = {
enable = true; enable = true;
cmdline = {};
settings = { settings = {
autoEnableSources = true; autoEnableSources = true;
experimental = { ghost_text = true; }; experimental = { ghost_text = true; };
@ -11,7 +12,7 @@
fetchingTimeout = 200; fetchingTimeout = 200;
maxViewEntries = 30; maxViewEntries = 30;
}; };
snippet = { expand = "luasnip"; }; snippet = { expand = "function(args) require('luasnip').lsp_expand(args.body) end"; };
formatting = { formatting = {
fields = [ "kind" "abbr" "menu" ]; fields = [ "kind" "abbr" "menu" ];
format = '' format = ''
@ -43,14 +44,10 @@
}; };
mapping = { mapping = {
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})"; "<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<C-j>" = "cmp.mapping.select_next_item()"; "<S-Tab>" = "cmp.mapping.select_prev_item()";
"<C-k>" = "cmp.mapping.select_prev_item()";
"<C-e>" = "cmp.mapping.abort()";
"<C-b>" = "cmp.mapping.scroll_docs(-4)"; "<C-b>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)"; "<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<CR>" = "cmp.mapping.confirm({ select = true })"; "<CR>" = "cmp.mapping.confirm({ select = true })";
"<S-CR>" = "cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Replace, select = true })";
}; };
}; };
}; };
@ -58,7 +55,7 @@
cmp-buffer = { enable = true; }; cmp-buffer = { enable = true; };
cmp-path = { enable = true; }; # file system paths cmp-path = { enable = true; }; # file system paths
cmp_luasnip = { enable = true; }; # snippets cmp_luasnip = { enable = true; }; # snippets
cmp-cmdline = { enable = false; }; # autocomplete for cmdline cmp-cmdline = { enable = true; }; # autocomplete for cmdline
}; };
programs.nixvim.extraConfigLua = '' programs.nixvim.extraConfigLua = ''
luasnip = require("luasnip") luasnip = require("luasnip")
@ -94,22 +91,15 @@
-- Use buffer source for `/` (if you enabled `native_menu`, this won't work anymore). -- Use buffer source for `/` (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline({'/', "?" }, { cmp.setup.cmdline({'/', "?" }, {
mapping = cmp.mapping.preset.cmdline(),
sources = { sources = {
{ name = 'buffer' } { name = 'buffer' }
} }
}) })
-- Set configuration for specific filetype.
cmp.setup.filetype('gitcommit', {
sources = cmp.config.sources({
{ name = 'cmp_git' }, -- You can specify the `cmp_git` source if you were installed it.
}, {
{ name = 'buffer' },
})
})
-- Use cmdline & path source for ':' (if you enabled `native_menu`, this won't work anymore). -- Use cmdline & path source for ':' (if you enabled `native_menu`, this won't work anymore).
cmp.setup.cmdline(':', { cmp.setup.cmdline(':', {
mapping = cmp.mapping.preset.cmdline(),
sources = cmp.config.sources({ sources = cmp.config.sources({
{ name = 'path' } { name = 'path' }
}, { }, {

View File

@ -0,0 +1,5 @@
{
programs.nixvim.plugins.comment = {
enable = true;
};
}

View File

@ -1,21 +1,53 @@
{ {
programs.nixvim.plugins.conform-nvim = { programs.nixvim.plugins.conform-nvim = {
enable = true; enable = true;
formatOnSave = {
lspFallback = true;
timeoutMs = 500;
};
notifyOnError = true; notifyOnError = true;
logLevel = "debug";
formattersByFt = { formattersByFt = {
html = [["prettierd" "prettier"]]; html = ["prettierd"];
css = [["prettierd" "prettier"]]; css = ["prettierd"];
javascript = [["prettierd" "prettier"]]; javascript = ["prettierd"];
python = ["black"]; python = ["black"];
lua = ["stylua"]; lua = ["stylua"];
nix = ["alejandra"]; nix = ["alejandra"];
markdown = [["prettierd" "prettier"]]; markdown = ["prettierd"];
yaml = ["yamllint" "yamlfmt"]; yaml = ["yamlfmt"];
sql = ["sqlfmt"]; sql = ["sqlfmt"];
#sql = ["sql-formatter"];
bash = [
"shellcheck"
"shellharden"
"shfmt"
];
}; };
# formatters = {
# sql-formatter = {
# command = "sql-formatter";
# args = "--config ~/.config/sql-formatter/config.json";
# };
# };
}; };
home.file.".config/sql-formatter/config.json".text = ''
{
"language": "postgresql",
"tabWidth": 2,
"linesBetweenQueries": 1,
"expressionWidth": 88,
"newlineBeforeSemicolon": true
}
'';
programs.nixvim.keymaps = [
# format document with Conform
{
mode = ["n"];
key = "<leader>cf";
action = "<CMD>Format<CR>";
options = {
silent = true;
desc = "Conform auto-format document";
};
}
];
} }

View File

@ -1,5 +1,11 @@
{ pkgs, ... }:
{ {
pkgs,
config,
...
}: let
user = config.home.username;
in {
imports = [ imports = [
./cmp.nix ./cmp.nix
./colorizer.nix ./colorizer.nix
@ -13,7 +19,10 @@
./surround.nix ./surround.nix
./telescope.nix ./telescope.nix
./treesitter.nix ./treesitter.nix
./alpha.nix ./fold.nix
./todo-comments.nix
./oil.nix
./comment.nix
]; ];
# Load Plugins that aren't provided as modules by nixvim # Load Plugins that aren't provided as modules by nixvim
@ -27,26 +36,15 @@
(pkgs.vimUtils.buildVimPlugin (pkgs.vimUtils.buildVimPlugin
{ {
name = "precognition.nvim"; name = "glow.nvim";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "tris203"; owner = "ellisonleao";
repo = "precognition.nvim"; repo = "glow.nvim";
rev = "v1.0.0"; rev = "238070a";
sha256 = "sha256-AqWYV/59ugKyOWALOCdycWVm0bZ7qb981xnuw/mAVzM="; sha256 = "sha256-GsNcASzVvY0066kak2nvUY5luzanoBclqcUOsODww8g=";
}; };
}) })
# (pkgs.vimUtils.buildVimPlugin
# {
# name = "hardtime";
# src = pkgs.fetchFromGitHub {
# owner = "m4xshen";
# repo = "hardtime.nvim ";
# rev = "9a4e24f";
# #sha256 = "sha256-abe9ZGmL7U9rC+LxC3LO5/bOn8lHke1FCKO0V3TZGs0=";
# };
# })
#
(pkgs.vimUtils.buildVimPlugin (pkgs.vimUtils.buildVimPlugin
{ {
name = "buffer_manager.nvim"; name = "buffer_manager.nvim";
@ -58,19 +56,36 @@
}; };
}) })
(pkgs.vimUtils.buildVimPlugin
{
name = "vimwiki-sync";
src = pkgs.fetchFromGitHub {
owner = "michal-h21";
repo = "vimwiki-sync";
rev = "99eeab3";
sha256 = "sha256-cz0dSFphIbQAI4AOqwIUpDBTuj/3xlOkhSlIVMdgsqM=";
};
})
# Keep vim-devicons as last entry # Keep vim-devicons as last entry
pkgs.vimPlugins.vim-devicons pkgs.vimPlugins.vim-devicons
]; ];
programs.nixvim.extraConfigLua = '' programs.nixvim.extraConfigLua = ''
-- function to read api key from secrets file
local function read_api_key(file_path)
local file = io.open(file_path, "r")
if file then
local api_key = file:read("*all")
file:close()
return api_key
else
error("Failed to open file: " .. file_path)
end
end
-- buffer_manager.nvim -- buffer_manager.nvim
local opts = {noremap = true} local opts = {noremap = true}
require("precognition").setup(
{
}
)
require("buffer_manager").setup( require("buffer_manager").setup(
{ {
line_keys = "1234567890", line_keys = "1234567890",
@ -94,6 +109,16 @@
} }
) )
require('glow').setup({
border = "shadow",
style = "dark",
pager = false,
width = 80,
height = 100,
width_ratio = 0.7,
height_ratio = 0.7,
})
-- Custom color for modified buffers -- Custom color for modified buffers
vim.api.nvim_set_hl(0, "BufferManagerModified", { fg = "#988100" }) vim.api.nvim_set_hl(0, "BufferManagerModified", { fg = "#988100" })
@ -110,7 +135,28 @@
opts opts
) )
end end
-- Setup vimwiki
vim.g.vimwiki_list = {
{
syntax = "markdown",
ext = ".md",
path = "/home/${user}/.local/share/notes",
},
}
-- Format function for conform.nvim
vim.api.nvim_create_user_command("Format", function(args)
local range = nil
if args.count ~= -1 then
local end_line = vim.api.nvim_buf_get_lines(0, args.line2 - 1, args.line2, true)[1]
range = {
start = { args.line1, 0 },
["end"] = { args.line2, end_line:len() },
}
end
require("conform").format({ async = true, lsp_format = "fallback", range = range })
end, { range = true })
''; '';
} }

View File

@ -0,0 +1,31 @@
{
programs.nixvim.plugins.nvim-ufo = {
enable = true;
};
programs.nixvim.extraConfigLua = ''
-- default fold options
vim.o.foldcolumn = '1'
vim.o.foldlevel = 99
vim.o.foldlevelstart = 99
vim.o.foldenable = true
-- nvim_ufo options
vim.keymap.set('n', 'zR', require('ufo').openAllFolds, { desc = "Open all folds" })
vim.keymap.set('n', 'zM', require('ufo').closeAllFolds, { desc = "Close all folds" })
vim.keymap.set('n', 'zK', function()
local winid = require("ufo").peekFoldedLinesUnderCursor()
if not winid then
vim.lsp.buf.hover()
end
end , { desc = "Peed fold" })
require("ufo").setup({
provider_selector = function(bufnr, filetype, buftype)
return { 'lsp', 'indent' }
end
})
'';
}

View File

@ -3,6 +3,7 @@
enable = true; enable = true;
keymaps = { keymaps = {
toggleQuickMenu = "<leader>h"; toggleQuickMenu = "<leader>h";
addFile = "<leader>a";
}; };
}; };
} }

View File

@ -1,15 +1,33 @@
{ osConfig , ... }:
let
hostname = osConfig.networking.hostName;
in
{ {
programs.nixvim.plugins.lsp = { programs.nixvim.plugins = {
lsp = {
enable = true; enable = true;
servers = { servers = {
lua-ls = { enable = true; }; lua-ls = {enable = true;};
nixd = { enable = true; }; nixd = {
bashls = { enable = true; }; enable = true;
pyright = { enable = true; }; cmd = ["nixd"];
html = { enable = true; }; settings = {
yamlls = { enable = true; }; nixpkgs.expr = "import <nixpkgs> { }";
marksman = { enable = true; }; options = {
#sqls = {enable = true;}; nixos.expr = "(builtins.getFlake \"/etc/nixos\").nixosConfigurations.${hostname}.options";
# TODO get home-manager options working when hm imported as submodule
# home_manager.expr = "(builtins.getFlake \"github:nix-community/home-manager\").homeConfigurations.${hostname}.options";
};
};
};
bashls = {enable = true;};
pyright = {enable = true;};
html = {enable = true;};
marksman = {enable = true;};
ccls = {enable = true;};
cssls = {enable = true;};
r-language-server = {enable = true;};
tsserver = {enable = true;};
}; };
keymaps = { keymaps = {
lspBuf = { lspBuf = {
@ -33,7 +51,7 @@
action = "type_definition"; action = "type_definition";
desc = "Type Definition"; desc = "Type Definition";
}; };
K = { gK = {
action = "hover"; action = "hover";
desc = "Hover"; desc = "Hover";
}; };
@ -48,4 +66,9 @@
}; };
}; };
}; };
# TODO: enable otter.nvim when merged into nixvim stable
# otter = {
# enable = true;
# };
};
} }

View File

@ -0,0 +1,9 @@
{
programs.nixvim.plugins.oil = {
enable = true;
settings = {
columns = ["icon"];
view_options.show_hidden = true;
};
};
}

View File

@ -3,4 +3,48 @@
enable = true; enable = true;
extensions.fzy-native.enable = true; extensions.fzy-native.enable = true;
}; };
programs.nixvim.keymaps = [
{
# find files
mode = ["n"];
key = "<Leader>ff";
action = "<cmd>Telescope find_files<CR>";
options = {noremap = true;};
}
{
# live grep
mode = ["n"];
key = "<Leader>fg";
action = "<cmd>Telescope live_grep<CR>";
options = {noremap = true;};
}
{
# grep string under cursor
mode = ["n"];
key = "<Leader>fs";
action = "<cmd>Telescope string_grep<CR>";
options = {noremap = true;};
}
{
# buffers
mode = ["n"];
key = "<Leader>fb";
action = "<cmd>Telescope buffers<CR>";
options = {noremap = true;};
}
{
# help tags
mode = ["n"];
key = "<Leader>fh";
action = "<cmd>Telescope help_tags<CR>";
options = {noremap = true;};
}
{
# show recently opened files
mode = ["n"];
key = "<Leader>fo";
action = "<cmd>Telescope oldfiles<CR>";
options = {noremap = true;};
}
];
} }

View File

@ -0,0 +1,19 @@
{
programs = {
nixvim = {
plugins.todo-comments = {
enable = true;
};
keymaps = [
{
mode = [ "n" ];
action = "<cmd>TodoTelescope<cr>";
key = "<leader>ft";
options = {
silent = true;
};
}
];
};
};
}

View File

@ -8,6 +8,10 @@
shellAliases = { shellAliases = {
ll = "ls -l"; ll = "ls -l";
src = "cd ~/.local/share/src";
no = "cd /etc/nixos";
cat = "bat --decorations=never";
ls = "eza";
}; };
history.size = 10000; history.size = 10000;
history.path = "${config.xdg.dataHome}/zsh/history"; history.path = "${config.xdg.dataHome}/zsh/history";

View File

@ -1,4 +1,4 @@
{ pkgs, ... }: { {pkgs, ...}: {
imports = [ imports = [
./firefox.nix ./firefox.nix
./alacritty.nix ./alacritty.nix
@ -14,5 +14,21 @@
pkgs.xfce.thunar pkgs.xfce.thunar
pkgs.kcolorchooser pkgs.kcolorchooser
pkgs.zotero pkgs.zotero
pkgs.transmission
pkgs.mpv
pkgs.gnome.simple-scan
pkgs.pandoc
pkgs.texlive.combined.scheme-small
pkgs.libreoffice-fresh
pkgs.hunspell
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en-gb-large
pkgs.hunspellDicts.en_US
pkgs.set_wm_class
pkgs.xorg.xkill
pkgs.krita
pkgs.R
pkgs.gimp
pkgs.gajim
]; ];
} }

View File

@ -1,38 +1,53 @@
{ pkgs, config, ... }:
let
user = config.home.username;
in
{ {
pkgs,
config,
configVars,
...
}: let
user = config.home.username;
jellyfinIp = configVars.networking.addresses.jellyfin.ip;
jellyfinPort = configVars.networking.addresses.jellyfin.port;
bitcoinNodeIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
in {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
profiles.${user} = { profiles.${user} = {
search = { search = {
force = true; force = true;
default = "Searx"; default = "Searx";
order = [ "Searx" "DuckDuckGo" ]; order = ["Searx" "DuckDuckGo"];
engines = { engines = {
"Nix Packages" = { "Nix Packages" = {
urls = [{ urls = [
{
template = "https://search.nixos.org/packages"; template = "https://search.nixos.org/packages";
params = [ params = [
{ name = "type"; value = "packages"; } {
{ name = "query"; value = "{searchTerms}"; } name = "type";
value = "packages";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
]; ];
}];
icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ]; definedAliases = ["@np"];
}; };
"NixOS Wiki" = { "NixOS Wiki" = {
urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; urls = [{template = "https://nixos.wiki/index.php?search={searchTerms}";}];
iconUpdateURL = "https://nixos.wiki/favicon.png"; iconUpdateURL = "https://nixos.wiki/favicon.png";
updateInterval = 24 * 60 * 60 * 1000; # every day updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@nw" ]; definedAliases = ["@nw"];
}; };
"Searx" = { "Searx" = {
urls = [{ template = "http://10.0.10.35:8855/?q={searchTerms}"; }]; urls = [{template = "http://10.0.10.35:8855/?q={searchTerms}";}];
iconUpdateURL = "https://docs.searxng.org/_static/searxng-wordmark.svg"; iconUpdateURL = "https://docs.searxng.org/_static/searxng-wordmark.svg";
updateInterval = 24 * 60 * 60 * 1000; # every day updateInterval = 24 * 60 * 60 * 1000; # every day
definedAliases = [ "@searx" ]; definedAliases = ["@searx"];
}; };
"Bing".metaData.hidden = true; "Bing".metaData.hidden = true;
"Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias "Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias
@ -41,16 +56,22 @@ in
bookmarks = [ bookmarks = [
{ {
name = "wikipedia"; name = "toolbar";
tags = [ "wiki" ]; toolbar = true;
keyword = "wiki"; bookmarks = [
url = "https://en.wikipedia.org/wiki/Special:Search?search=%s&go=Go"; {
name = "Jellyfin";
url = "http://${jellyfinIp}:${jellyfinPort}";
} }
{ {
name = "bitlab21"; name = "Mempool";
tags = [ "bitcoin" ]; url = "http://${bitcoinNodeIp}:${toString mempoolPort}";
keyword = "bitcoin"; }
url = "https://bitlab21.com"; {
name = "Nixos Package Search";
url = "https://search.nixos.org/packages";
}
];
} }
]; ];
@ -75,7 +96,6 @@ in
privacy-badger privacy-badger
zotero-connector zotero-connector
]; ];
}; };
}; };
} }

View File

@ -1,6 +1,19 @@
{ ... }: { { pkgs, ... }:
{
home.packages = with pkgs; [
nerdfonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
hack-font
liberation_ttf
libertine
font-awesome
];
fonts = { fonts = {
fontconfig = { fontconfig = {
enable = true;
defaultFonts = { defaultFonts = {
serif = [ "NotoSans Nerd Font" ]; serif = [ "NotoSans Nerd Font" ];
sansSerif = [ "Linux Biolinum O" ]; sansSerif = [ "Linux Biolinum O" ];

View File

@ -0,0 +1,13 @@
{
pkgs,
...
}: {
programs.kodi = {
enable = true;
package = pkgs.kodi.withPackages (kodiPkgs:
with kodiPkgs; [
netflix
jellycon
]);
};
}

View File

@ -1,21 +1,48 @@
{ pkgs, ... }: {pkgs, ...}: {
{
# Prevent error when enabling gtk https://github.com/nix-community/home-manager/issues/3113 # Prevent error when enabling gtk https://github.com/nix-community/home-manager/issues/3113
# error: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name ca.desrt.dconf was not provided by any .service files # error: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: The name ca.desrt.dconf was not provided by any .service files
home.packages = [ pkgs.dconf ]; home.packages = [
gtk.enable = true; pkgs.dconf
];
home.file = {
".icons/bibata".source = "${pkgs.bibata-cursors}/share/icons/Bibata-Modern-Classic";
};
# Get details about theme package # Get details about theme package
#cd $(nix build nixpkgs#kanagawa-gtk-theme --print-out-paths --no-link) && nix run nixpkgs#eza -- --tree --level 4 #cd $(nix build nixpkgs#kanagawa-gtk-theme --print-out-paths --no-link) && nix run nixpkgs#eza -- --tree --level 4
gtk.theme.package = pkgs.kanagawa-gtk-theme;
gtk.theme.name = "Kanagawa-B";
gtk.iconTheme.package = pkgs.kanagawa-icon-theme; gtk = {
gtk.iconTheme.name = "Kanagawa"; enable = true;
theme = {
name = "Kanagawa-B";
package = pkgs.kanagawa-gtk-theme;
};
iconTheme = {
package = pkgs.gnome.adwaita-icon-theme;
name = "Adwaita";
};
gtk3.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
gtk4.extraConfig = {
Settings = ''
gtk-application-prefer-dark-theme=1
'';
};
};
#gtk.theme.package = pkgs.kanagawa-gtk-theme;
# gtk.cursorTheme = {
# name = "Vimix-Cursors";
# package = pkgs.vimix-cursor-theme;
# };
# gtk.theme.name = "Kanagawa-B";
# gtk.iconTheme.package = pkgs.kanagawa-icon-theme;
# gtk.iconTheme.name = "Kanagawa";
qt.enable = true; qt.enable = true;
qt.platformTheme.name = "gtk"; qt.platformTheme.name = "gtk";

View File

@ -11,4 +11,9 @@
pkgs.feh pkgs.feh
]; ];
programs.chromium = {
enable = true;
package = pkgs.brave;
};
} }

View File

@ -7,8 +7,8 @@
./xinitrc.nix ./xinitrc.nix
./sxhkdrc.nix ./sxhkdrc.nix
./picom.nix ./picom.nix
./xresources.nix
./dunst.nix ./dunst.nix
./music_player.nix
# Status bar scripts # Status bar scripts
./scripts/sb-cpu-pct.nix ./scripts/sb-cpu-pct.nix
@ -16,9 +16,11 @@
./scripts/sb-volume.nix ./scripts/sb-volume.nix
./scripts/sb-network-status.nix ./scripts/sb-network-status.nix
./scripts/sb-updates.nix ./scripts/sb-updates.nix
./scripts/sb-battery.nix
# Notification scripts # Notification scripts
./scripts/dunstify-volume-notification.nix ./scripts/dunstify-volume-notification.nix
./scripts/dunstify-battery-notification.nix
# Helper scripts # Helper scripts
./scripts/emoji-picker.nix ./scripts/emoji-picker.nix
@ -27,6 +29,10 @@
./scripts/get-focused-monitor.nix ./scripts/get-focused-monitor.nix
./scripts/git-commit-ai.nix ./scripts/git-commit-ai.nix
./scripts/aichat-wrapper.nix ./scripts/aichat-wrapper.nix
./scripts/dmenu-wifi.nix
./scripts/battery-status.nix
./scripts/dmenu-set-wm-class.nix
./scripts/key-remaps.nix
]; ];
home.packages = [ home.packages = [

View File

@ -30,7 +30,6 @@
#format = ''%I %s %p\n%b''; #format = ''%I %s %p\n%b'';
format = ''<b>%s:</b>\n%b\n\n%a ''; format = ''<b>%s:</b>\n%b\n\n%a '';
#TODO dynamic fonts
font = "monospace"; font = "monospace";
# Options are "left", "center", and "right". # Options are "left", "center", and "right".
@ -172,7 +171,7 @@
urgency_critical = { urgency_critical = {
background = "#${config.colorScheme.colors.base08}"; background = "#${config.colorScheme.colors.base08}";
foreground = "#${config.colorScheme.colors.base05}"; foreground = "#${config.colorScheme.colors.base05}";
frame_color = "#${config.colorScheme.colors.base00}"; frame_color = "#${config.colorScheme.colors.base05}";
timeout = 0; timeout = 0;
}; };
}; };

View File

@ -0,0 +1,65 @@
{ pkgs, config, ... }:
{
home.file."mus/music_data".source = config.lib.file.mkOutOfStoreSymlink /media/media/music/music_data;
home.packages = [
pkgs.ffmpeg
pkgs.nsxiv
pkgs.kunst
pkgs.mpc-cli
pkgs.jq
pkgs.imagemagick
];
services.mpd = {
enable = true;
package = pkgs.mpd;
extraConfig = ''
music_directory "~/mus/music_data"
playlist_directory "~/.local/share/mpd/playlists"
log_file "~/.local/share/mpd/log"
db_file "~/.local/share/mpd/database"
pid_file "~/.local/share/mpd/pid"
state_file "~/.local/share/mpd/state"
sticker_file "~/.local/share/mpd/sticker.sql"
auto_update "yes"
audio_output {
type "pipewire"
name "PipeWire Sound Server"
}
audio_output {
type "fifo"
name "Visualizer feed"
path "/tmp/mpd.fifo"
format "44100:16:2"
}
'';
musicDirectory = "~/mus/music_data";
};
programs.ncmpcpp = {
enable = true;
package = (pkgs.ncmpcpp.override { visualizerSupport = true; });
mpdMusicDir = "~/mus/music_data";
settings = {
mpd_host = "127.0.0.1";
mpd_port = "6600";
visualizer_data_source = "/tmp/mpd.fifo";
visualizer_output_name = "Visualizer Feed";
visualizer_in_stereo = "yes";
visualizer_type = "spectrum";
visualizer_fps = "60";
visualizer_autoscale = "no";
visualizer_look = "";
visualizer_color = "169, 170, 169, 135, 134, 133, 129, 128, 127, 126, 125, 124";
visualizer_spectrum_smooth_look = "yes";
visualizer_spectrum_dft_size = "3";
};
};
}

View File

@ -0,0 +1,54 @@
{ pkgs, ... }:
{
home.packages = [
(pkgs.writeShellScriptBin "battery-status" ''
# Get the current power consumption of the laptop battery
power=$(cat /sys/class/power_supply/BAT0/power_now)
power_watts=$(${pkgs.bc}/bin/bc <<< "scale=3; $power / 1000000")
# Get the current battery charge capacity
energy=$(cat /sys/class/power_supply/BAT0/energy_now)
# Get the current battery status (charging or discharging)
battery_status=$(cat /sys/class/power_supply/BAT0/status)
# Calculate the time remaining until the battery is empty or full
if [ "$battery_status" == "Charging" ]; then
# Calculate the time remaining until the battery is full
hours=$(${pkgs.bc}/bin/bc <<< "scale=2; $power / $energy")
hours_int=$(${pkgs.bc}/bin/bc <<< "scale=0; $hours / 1")
minutes=$(${pkgs.bc}/bin/bc <<< "scale=0; 60 * ($hours - $hours_int)/1")
if [ "$hours_int" -gt "0" ]; then
# Show hours and minutes if time remaining is greater than or equal to 1 hour
echo "Full in: $hours_int hours $minutes minutes"
else
# Show minutes if time remaining is less than 1 hour
echo "Full in: $minutes minutes"
fi
elif [ "$battery_status" == "Discharging" ]; then
# Calculate the time remaining until the battery is empty
hours=$(${pkgs.bc}/bin/bc <<< "scale=2; $energy / $power")
hours_int=$(${pkgs.bc}/bin/bc <<< "scale=0; $hours / 1")
minutes=$(${pkgs.bc}/bin/bc <<< "scale=0; 60 * ($hours - $hours_int)/1")
if [ "$hours_int" -gt "0" ]; then
# Show hours and minutes if time remaining is greater than or equal to 1 hour
echo "Empty in: $hours_int hours $minutes minutes"
else
# Show minutes if time remaining is less than 1 hour
echo "Empty in: $minutes minutes"
fi
elif [ "$battery_status" == "Full" ]; then
echo "Battery full"
elif [ "$battery_status" == "Not charging" ]; then
echo "Battery full - not charging"
fi
echo "Power consumption: $power_watts W"
'')
];
}

View File

@ -14,7 +14,7 @@
*image*) *image*)
echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)" echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)"
filename=$(${xclip}/bin/xclip -selection clipboard -t image/png -o | ${openssl}/bin/openssl sha1 | cut -b 49-) filename=$(${xclip}/bin/xclip -selection clipboard -t image/png -o | ${openssl}/bin/openssl sha1 | cut -b 49-)
file_exists=$(/bin/ls $image_location | grep $filename | sed "s/\..*//") file_exists=$(ls $image_location | grep $filename | sed "s/\..*//")
[[ $filename != "$file_exists" ]] && [[ $filename != "$file_exists" ]] &&
xclip -selection clipboard -t image/png -o > "$image_location/$filename.png" && xclip -selection clipboard -t image/png -o > "$image_location/$filename.png" &&
notify-send -t 5000 "Image Copied" "$image_location/$filename.png" notify-send -t 5000 "Image Copied" "$image_location/$filename.png"
@ -22,7 +22,7 @@
*UTF8_STRING*) *UTF8_STRING*)
echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)" echo "$(${xclip}/bin/xclip -selection clipboard -t TARGETS -o)"
filename=$(${xclip}/bin/xclip -selection clipboard -t UTF8_STRING -o | ${openssl}/bin/openssl sha1 | cut -b 49-) filename=$(${xclip}/bin/xclip -selection clipboard -t UTF8_STRING -o | ${openssl}/bin/openssl sha1 | cut -b 49-)
file_exists=$(/bin/ls "$text_location" | grep "$filename" | sed "s/\..*//") file_exists=$(ls "$text_location" | grep "$filename" | sed "s/\..*//")
echo "$filename" "$file_exists" echo "$filename" "$file_exists"
[[ "$filename" != "$file_exists" ]] && [[ "$filename" != "$file_exists" ]] &&
xclip -selection clipboard -t UTF8_STRING -o > "$text_location/$filename" xclip -selection clipboard -t UTF8_STRING -o > "$text_location/$filename"

View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "dmenu-set-wm-class" ''
${libnotify}/bin/notify-send "Set Window Class" "Select window..."
winid=$(${xorg.xwininfo}/bin/xwininfo | grep "Window id:" | grep -o "0x[0-9a-fA-F]*")
class=$(${xorg.xprop}/bin/xprop -id "$winid" WM_CLASS | grep -o "\".*\"$")
new_class=$( echo "" | ${dmenu}/bin/dmenu -p "Selected: $class. Set class name of window:")
[ -z "$new_class" ] && ${libnotify}/bin/notify-send "Set Window Class" "Nothing set, exiting" && exit
${set_wm_class}/bin/set_wm_class "$winid" "$new_class"
'')
];
}

View File

@ -0,0 +1,51 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "dmenu-wifi" ''
nmcli dev wifi rescan
ssid_list=$(nmcli -f in-use,bssid,ssid,mode,chan,freq,rate,signal,bars,security dev wifi)
available_connections=$(echo "$ssid_list" | sed '/--.*Infra/d')
connection=$( echo "$available_connections" | dmenu -l 20)
bssid=$(echo "$connection" | sed 's/^.\s*//;s/\s\s.*$//')
ssid=$(echo "$connection" | sed 's/^.\s*[0-9;A-Z;:]*\s\s//;s/\s*Infra\s*[0-9].*$//')
[[ "$connection" = "" ]] && notify-send -t 5000 "Wifi Connect" "Cancelled" && exit 0
[[ $( echo "$connection" | grep "IN-USE" -o) = "IN-USE" ]] && notify-send -t 5000 "Wifi Connect" "Please select valid network" && exit 0
[[ -n "$(echo "$connection" | grep '\*')" ]] && notify-send -t 5000 "Wifi Connect" "Already Connected to: $(echo "$ssid")" && exit 0
notify-send -t 5000 "Network Manager" "Attempting to connect to $ssid..."
nmcli connection modify "$ssid" 802-11-wireless.bssid "$bssid"
nmcli device wifi connect "$bssid"
return_code=$?
if [ $return_code == 4 ];
then
notify-send -t 5000 "Wifi Connect" "Please enter password for '$ssid'..."
prompt="Enter Password for '$ssid'"
pwd=$(echo "" | dmenu -p "$prompt")
nmcli device wifi connect "$bssid" password "$pwd"
return_code=$?
fi
case "$return_code" in
0) notify-send -t 5000 "Wifi Connect" "Successfully connected to: $ssid!"
pkill -RTMIN+12 dwmblocks
exit 0
;;
3) notify-send -t 5000 "Wifi Connect" "Connection to $ssid failed. Timeout expired?"
pkill -RTMIN+12 dwmblocks
exit 1
;;
4)
notify-send -t 5000 "Wifi Connect" "Connection to $ssid failed. Possibly wrong password?"
nmcli connection delete id "$ssid"
pkill -RTMIN+12 dwmblocks
exit 1
;;
*) notify-send -t 5000 "Wifi Connect" "Connection to $ssid failed. Error code $?"
echo "Failed. Exiting"
pkill -RTMIN+12 dwmblocks
exit 1
esac
'')
];
}

View File

@ -0,0 +1,9 @@
{ pkgs, ... }:
{
home.packages = [
(pkgs.writeShellScriptBin "dunstify-battery-notification" ''
msgTag="battery-notify"
${pkgs.dunst}/bin/dunstify -a "batteryNotify" -u critical -i battery-notify -h string:x-dunst-stack-tag:$msgTag "Battery Status" "$(battery-status)" -t 5000
'')
];
}

View File

@ -0,0 +1,11 @@
{pkgs, ...}: {
home.packages = with pkgs; [
(writeShellScriptBin "key-remaps" ''
${xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
${xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
${xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
${xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
${xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
'')
];
}

View File

@ -0,0 +1,37 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
(writeShellScriptBin "sb-battery" ''
BAT=/sys/class/power_supply/BAT0/capacity
# Exit script if no battery detected
[ ! -f "$BAT" ] && exit
STATUS=$(cat /sys/class/power_supply/BAT0/uevent | grep "POWER_SUPPLY_STATUS" | sed "s/^.*=//")
capacity=$(cat "$BAT")
if [ "$STATUS" == "Charging" ] || [ "$STATUS" == "Not charging" ]; then
echo "[󰂄 $capacity%] "
else
case $capacity in
100) echo "[󰁹 $capacity%] ";;
9[0-9]) echo "[󰂂 $capacity%] ";;
8[0-9]) echo "[󰂁 $capacity%] ";;
7[0-9]) echo "[󰂀 $capacity%] ";;
6[0-9]) echo "[󰁿 $capacity%] ";;
5[0-9]) echo "[󰁾 $capacity%] ";;
4[0-9]) echo "[󰁽 $capacity%] ";;
3[0-9]) echo "[󰁼 $capacity%] ";;
2[0-9]) echo "[󰁻 $capacity%] ";;
1[0-9]) echo "[󰁺 $capacity%] ";;
[6-9]) echo "[󰁺 $capacity%] ";;
[0-5]) echo "[󰂃 $capacity%] ";;
esac
fi
if [[ $capacity -le 20 && $STATUS != "Charging" ]]; then
dunstify-battery-notification
fi
'')
];
}

View File

@ -41,7 +41,7 @@
if [ -z "$IP_ADDRESS" ]; if [ -z "$IP_ADDRESS" ];
then then
printf "$network_symbol" printf "[$network_symbol] "
else else
printf "[$network_symbol|$IP_ADDRESS] " printf "[$network_symbol|$IP_ADDRESS] "
fi fi

View File

@ -4,10 +4,10 @@
(writeShellScriptBin "sb-updates" '' (writeShellScriptBin "sb-updates" ''
# Gets number of flake inputs that are ready for update # Gets number of flake inputs that are ready for update
# Checks every 60 minutes # Checks every 60 minutes
inputs=$(cd /etc/nixos && # inputs=$(cd /etc/nixos &&
nix flake update --output-lock-file <(cat flake.nix) 2> /tmp/update && # nix flake update --output-lock-file <(cat flake.nix) 2> /tmp/update &&
cat /tmp/update | grep -c Update) # cat /tmp/update | grep -c Update)
printf "[ $inputs] " # printf "[ $inputs] "
'') '')
]; ];
} }

View File

@ -1,5 +1,5 @@
{ {
# TODO add emoji and dmenu-dict scripts # TODO: add emoji and dmenu-dict scripts
home.file.".config/sxhkd/sxhkdrc" = { home.file.".config/sxhkd/sxhkdrc" = {
recursive = true; recursive = true;
text = '' text = ''
@ -15,29 +15,20 @@
XF86AudioMicMute XF86AudioMicMute
pamixer --default-source --toggle-mute && dunstify-volume-notification && pkill -RTMIN+10 dwmblocks && exit 1 pamixer --default-source --toggle-mute && dunstify-volume-notification && pkill -RTMIN+10 dwmblocks && exit 1
XF86MonBrightnessUp
light -A 5 && dunstify-brightness-notification
XF86MonBrightnessDown
light -U 5 && dunstify-brightness-notification
XF86Messenger XF86Messenger
dunstify-battery-notification dunstify-battery-notification
control + Home
bookmark-add
control + Insert
bookmark-insert
control + F8 control + F8
clipboard-image-recall /tmp/clipboard/images/ clipboard-image-recall /tmp/clipboard/images/
Print Print
flameshot gui env QT_AUTO_SCREEN_SCALE_FACTOR=1.5 QT_SCREEN_SCALE_FACTORS="" flameshot gui
control + F7 control + F7
emoji-picker emoji-picker
control + F4
dmenu-set-wm-class
''; '';
}; };
} }

View File

@ -1,20 +1,13 @@
{ config, ... }: {...}: {
let # TODO: configure x11 to look in .config/x11
monitor = "${toString (builtins.map (m: "xrandr --output ${ m.name } --mode ${ toString( m.width )}x${ toString( m.height )} --pos ${ toString( m.x)}x${ toString( m.y)}" ) config.monitors)}";
in
{
# TODO configure x11 to look in .config/x11
home.file.".xinitrc" = { home.file.".xinitrc" = {
recursive = true; recursive = true;
text = '' text = ''
picom -b --config ~/.config/picom/picom.conf picom -b --config ~/.config/picom/picom.conf
xrdb ~/.Xresources xrdb -merge ~/.Xresources
${monitor} autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd key-remaps"
autostart="clipboard-save dwmblocks feh-wallpaper-changer sxhkd"
for program in $autostart; do for program in $autostart; do
pidof -sx "$program" || "$program" & pidof -sx "$program" || "$program" &

View File

@ -1,44 +0,0 @@
{ config, ... }:
{
home.file.".Xresources" = {
recursive = true;
text = ''
! scale
Xft.dpi: 144
! st
st.alpha: 0.8
St.font: monospace:pixelsize=21:antialias=true:autohint=true;
St.font2: NotoColorEmoji:pixelsize=19:antialias=true:autohint=true;
! dwm
dwm.borderpx: 3
dwm.font: monospace:size=12
dwm.col_base00: #${config.colorScheme.colors.base00}
dwm.col_base03: #${config.colorScheme.colors.base03}
dwm.col_base04: #${config.colorScheme.colors.base04}
dwm.col_base05: #${config.colorScheme.colors.base05}
dwm.col_base08: #${config.colorScheme.colors.base08}
dwm.col_base0B: #${config.colorScheme.colors.base0B}
! dmenu
dmenu.font: monospace:size=12
dmenu.font2: NotoColorEmoji:pixelsize=22:antialias=true:autohint=true
dmenu.topbar: 1
dmenu.normfgcolor: #${config.colorScheme.colors.base05}
dmenu.normbgcolor: #${config.colorScheme.colors.base03}
dmenu.selfgcolor: #${config.colorScheme.colors.base00}
dmenu.selbgcolor: #${config.colorScheme.colors.base0B}
Nsxiv.window.background: #${config.colorScheme.colors.base03}
Nsxiv.window.foreground: #${config.colorScheme.colors.base05}
Nsxiv.mark.foreground: #${config.colorScheme.colors.base08}
Nsxiv.bar.background: #${config.colorScheme.colors.base00}
Nsxiv.bar.foreground: #${config.colorScheme.colors.base05}
Nsxiv.bar.font: monospace:size=12
'';
};
}

View File

@ -1,10 +1,13 @@
{ pkgs, ... }: { pkgs, configVars, ... }:
let
email = configVars.email.user;
in
{ {
programs.git = { programs.git = {
enable = true; enable = true;
package = pkgs.gitAndTools.gitFull; package = pkgs.gitAndTools.gitFull;
userName = "Sam"; userName = "Sam";
userEmail = "samual.shop@proton.me"; userEmail = "${email}";
aliases = { }; aliases = { };
extraConfig = { extraConfig = {
pull.rebase = false; pull.rebase = false;

View File

@ -0,0 +1,18 @@
{ pkgs, config, lib, ... }:
let
user = config.home.username;
in
{
home.activation.get-notes = lib.hm.dag.entryAfter [ "installPackages" ] ''
notes_dir=/home/${user}/.local/share/notes
remote=git@git.bitlab21.com:sam/notes
if [ -d "$notes_dir" ];
then
cd "$notes_dir"
[ ! -d .git ] && PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH" git clone "$remote" "$notes_dir"
else
mkdir -p "$notes_dir" && PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH" git clone "$remote" "$notes_dir"
fi
exit 0
'';
}

View File

@ -0,0 +1,53 @@
{
config,
pkgs,
...
}: let
in {
systemd.user.services.transmission-daemon = {
Unit = {
Description = "Transmission Bittorrent Daemon";
Wants = "network-online.target";
After = "network-online.target";
Documentation = "man:transmission-daemon(1)";
};
Install = {
WantedBy = ["multi-user.target"];
};
Service = {
User = "transmission";
Type = "notify";
ExecStart = "${pkgs.transmission}/bin/transmission-daemon -f --log-level=error";
ExecReload = "${pkgs.coreutils}/bin/kill -s HUP $MAINPID";
CapabilityBoundingSet = "";
DevicePolicy = "closed";
KeyringMode = "private";
LockPersonality = "true";
NoNewPrivileges = "true";
MemoryDenyWriteExecute = "true";
PrivateTmp = "true";
PrivateDevices = "true";
ProtectClock = "true";
ProtectKernelLogs = "true";
ProtectControlGroups = "true";
ProtectKernelModules = "true";
ProtectSystem = "true";
ProtectHostname = "true";
ProtectKernelTunables = "true";
ProtectProc = "invisible";
RestrictNamespaces = "true";
RestrictSUIDSGID = "true";
RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6";
RestrictRealtime = "true";
SystemCallFilter = "@system - service";
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
};
};
# home.file.".config/transmission-daemon/settings.json" = {
# recursive = true;
# text = ''
#
# '';
# };
}

View File

@ -0,0 +1,120 @@
{ pkgs, ... }:
{
programs.yazi = {
enable = true;
package = pkgs.yazi;
enableBashIntegration = true;
enableZshIntegration = true;
settings = {
log = {
enabled = true;
};
manager = {
show_hidden = false;
sort_by = "modified";
sort_dir_first = true;
sort_reverse = true;
};
};
theme = {
manager = {
marker_copied = { fg = "#98bb6c"; bg = "#98bb6c"; };
marker_cut = { fg = "#e46876"; bg = "#e46876"; };
marker_marked = { fg = "#957fb8"; bg = "#957fb8"; };
marker_selected = { fg = "#ffa066"; bg = "#ffa066"; };
cwd = { fg = "#e6c384"; };
hovered = { reversed = true; };
preview_hovered = { reversed = true; };
tab_active = { reversed = true; };
tab_inactive = { };
tab_width = 1;
count_copied = { fg = "#1f1f28"; bg = "#98bb6c"; };
count_cut = { fg = "#1f1f28"; bg = "#e46876"; };
count_selected = { fg = "#1f1f28"; bg = "#e6c384"; };
border_symbol = "";
border_style = { fg = "#dcd7ba"; };
};
status = {
separator_open = "";
separator_close = "";
separator_style = { fg = "reset"; bg = "#363646"; };
mode_normal = { fg = "#1f1f28"; bg = "#85a6ea"; bold = true; };
mode_select = { fg = "#1f1f28"; bg = "#957fb8"; bold = true; };
mode_unset = { fg = "#1f1f28"; bg = "#e6c384"; bold = true; };
progress_label = { fg = "#85a6ea"; bg = "#363646"; bold = true; };
progress_normal = { fg = "#363646"; bg = "#1f1f28"; };
progress_error = { fg = "#363646"; bg = "#1f1f28"; };
permissions_t = { fg = "#98bb6c"; };
permissions_r = { fg = "#e6c384"; };
permissions_w = { fg = "#e82424"; };
permissions_x = { fg = "#7aa89f"; };
permissions_s = { fg = "#938aa9"; };
};
select = {
border = { fg = "#7fb4ca"; };
active = { fg = "#938aa9"; bold = true; };
inactive = { };
};
input = {
border = { fg = "#7fb4ca"; };
title = { };
value = { };
selected = { reversed = true; };
};
completion = {
border = { fg = "#7fb4ca"; };
active = { reversed = true; };
inactive = { };
};
tasks = {
border = { fg = "#7fb4ca"; };
title = { };
hovered = { fg = "#938aa9"; };
};
which = {
cols = 2;
separator = " - ";
separator_style = { fg = "#727169"; };
mask = { bg = "#16161d"; };
rest = { fg = "#727169"; };
cand = { fg = "#85a6ea"; };
desc = { fg = "#565666"; };
};
help = {
on = { fg = "#7aa89f"; };
run = { fg = "#938aa9"; };
desc = { };
hovered = { reversed = true; bold = true; };
footer = { fg = "#090618"; bg = "#dcd7ba"; };
};
notify = {
title_info = { fg = "#98bb6c"; };
title_warn = { fg = "#e6c384"; };
title_error = { fg = "#e82424"; };
};
filetype = {
rules = [
{ mime = "image/*"; fg = "#e6c384"; }
{ mime = "{audio,video}/*"; fg = "#957fb8"; }
{ mime = "application/{,g}zip"; fg = "#e46876"; }
{ mime = "application/x-{tar,bzip*,7z-compressed,xz,rar}"; fg = "#e46876"; }
{ mime = "application/{pdf,doc,rtf,vnd.*}"; fg = "#6a9589"; }
{ name = "*"; is = "orphan"; fg = "#e46876"; }
{ name = "*"; is = "exec"; fg = "#957fb8"; }
{ name = "*/"; fg = "#85a6ea"; }
];
};
};
};
}

View File

@ -1,14 +0,0 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
}

View File

@ -1,13 +0,0 @@
{ ...
}: {
imports = [
# Import users
./users/admin
./common/core
# Import optional
./common/optional/git.nix
];
}

View File

@ -1,29 +0,0 @@
{ ...
}: {
imports = [
# Import users
./users/sam
./common/core
./common/optional/desktop/hyprland
./common/optional/desktop/waybar.nix
./common/optional/sops.nix
# Import optional
./common/optional/git.nix
];
# ------
# | DP-1
# ------
monitors = [
{
name = "Virtual-1";
width = 2048;
height = 1152;
x = 0;
workspace = "1";
primary = true;
}
];
}

View File

@ -1,4 +1,7 @@
{ ... {
pkgs,
config,
...
}: { }: {
imports = [ imports = [
# Import users # Import users
@ -12,28 +15,13 @@
./common/optional/syncthing.nix ./common/optional/syncthing.nix
./common/optional/desktop/dwm ./common/optional/desktop/dwm
./common/optional/desktop/common/themes/standard-dark.nix ./common/optional/desktop/common/themes/standard-dark.nix
./common/optional/notes.nix
./common/optional/yazi.nix
./common/optional/transmission.nix
]; ];
# ------
# | DP-1 home.packages = [
# ------ pkgs.qgis
monitors = [
{
name = "DP-1";
width = 2560;
height = 1440;
x = 0;
y = 0;
workspace = "1";
primary = true;
}
{
name = "DP-2";
width = 2560;
height = 1440;
x = 2560;
y = 0;
}
]; ];
colorScheme = { colorScheme = {
@ -60,4 +48,37 @@
}; };
}; };
xresources.extraConfig = ''
! st
st.alpha: 0.8
St.font: monospace:pixelsize=21:antialias=true:autohint=true;
St.font2: NotoColorEmoji:pixelsize=19:antialias=true:autohint=true;
! dwm
dwm.borderpx: 3
dwm.font: monospace:size=12
dwm.col_base00: #${config.colorScheme.colors.base00}
dwm.col_base03: #${config.colorScheme.colors.base03}
dwm.col_base04: #${config.colorScheme.colors.base04}
dwm.col_base05: #${config.colorScheme.colors.base05}
dwm.col_base08: #${config.colorScheme.colors.base08}
dwm.col_base0B: #${config.colorScheme.colors.base0B}
! dmenu
dmenu.font: monospace:size=12
dmenu.font2: NotoColorEmoji:pixelsize=22:antialias=true:autohint=true
dmenu.topbar: 1
dmenu.normfgcolor: #${config.colorScheme.colors.base05}
dmenu.normbgcolor: #${config.colorScheme.colors.base03}
dmenu.selfgcolor: #${config.colorScheme.colors.base00}
dmenu.selbgcolor: #${config.colorScheme.colors.base0B}
Nsxiv.window.background: #${config.colorScheme.colors.base03}
Nsxiv.window.foreground: #${config.colorScheme.colors.base05}
Nsxiv.mark.foreground: #${config.colorScheme.colors.base08}
Nsxiv.bar.background: #${config.colorScheme.colors.base00}
Nsxiv.bar.foreground: #${config.colorScheme.colors.base05}
Nsxiv.bar.font: monospace:size=12
'';
} }

View File

@ -11,6 +11,7 @@
./common/optional/git.nix ./common/optional/git.nix
./common/optional/syncthing.nix ./common/optional/syncthing.nix
./common/optional/desktop/cinnamon ./common/optional/desktop/cinnamon
./common/optional/desktop/common/kodi.nix
]; ];

View File

@ -1,25 +1,22 @@
{ outputs, ... }: {outputs, ...}: {
{
home.username = "sam"; home.username = "sam";
home.homeDirectory = "/home/sam"; home.homeDirectory = "/home/sam";
imports = [ imports =
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules? [
]
++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
programs.ssh = { programs.ssh = {
enable = true; enable = true;
matchBlocks = { matchBlocks = {
"git.bitlab21.com" = { "git.bitlab21.com" = {
identitiesOnly = true; identitiesOnly = true;
identityFile = [ "~/.ssh/id_ed25519" ]; identityFile = ["~/.ssh/id_ed25519"];
}; };
}; };
}; };
home.sessionPath = [
];
xdg.userDirs = { xdg.userDirs = {
enable = true; enable = true;
createDirectories = true; createDirectories = true;
@ -39,6 +36,6 @@
READER = "zathura"; READER = "zathura";
IMAGE_VIEWER = "nsxiv"; IMAGE_VIEWER = "nsxiv";
IMAGE_EDITOR = "drawing"; IMAGE_EDITOR = "drawing";
PATH = "$PATH:$HOME/.scripts";
}; };
} }

202
hosts/citadel/default.nix Normal file
View File

@ -0,0 +1,202 @@
{
inputs,
lib,
pkgs,
config,
configVars,
...
}: let
# Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/nvme0n1"; # depends on target hardware
encrypted = true; # currrently only applies to btrfs
btrfsMountDevice =
if encrypted
then "/dev/mapper/crypted"
else "/dev/root_vg/root";
user = "sam";
impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
imports = [
# Create users for this host
../common/users/${user}
# Disk configuration
inputs.disko.nixosModules.disko
(import ../common/disks {
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Impermanence
(import ../common/disks/btrfs/impermanence.nix {
btrfsMountDevice = btrfsMountDevice;
lib = lib;
})
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/persistence.nix
../common/optional/pipewire.nix
../common/optional/openssh.nix
../common/optional/dwm.nix
../common/optional/nfs-mounts/media.nix
../common/optional/nfs-mounts/homeshare.nix
../common/optional/nfs-mounts/photos.nix
../common/optional/printing.nix
../common/optional/backlight.nix
../common/optional/xmodmap-arrow-remaps.nix
../common/optional/nix-ld.nix
../common/optional/gaming.nix
];
boot = {
blacklistedKernelModules = ["snd_hda_intel" "snd_soc_skl"];
kernelModules = ["iwlwifi"];
initrd.kernelModules = ["thinkpad-acpi" "acpi-call"];
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
extraModulePackages = [
config.boot.kernelPackages.acpi_call
];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = 3;
};
};
swapDevices = [
{
device = "/.swapvol/swapfile";
size = 32 * 1024;
}
];
services = {
libinput.touchpad.accelSpeed = "0.5";
xserver = {
xkb.options = "caps:swapescape";
dpi = 196;
upscaleDefaultCursor = true;
# FIXME this doesnt work for some reason
# displayManager.sessionCommands = pkgs.writeShellScriptBin "key-remaps" ''
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 64 = Mode_switch"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 43 = h H Left H"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 44 = j J Down J"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 45 = k K Up K"
# ${pkgs.xorg.xmodmap}/bin/xmodmap -e "keycode 46 = l L Right L"
# '';
};
};
# fix cpu throttling on Lenovo Thinkpad
# see: https://github.com/erpalma/throttled
services.throttled.enable = true;
environment.variables = {
GDK_SCALE = "2.2";
GDK_DPI_SCALE = "0.8";
_JAVA_OPTIONS = "-Dsun.java2d.uiScale=2.2";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
XCURSOR_SIZE = "64";
};
# services.tlp = {
# enable = true;
# settings = {
# CPU_SCALING_GOVERNOR_ON_AC = "ondemand";
# CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
#
# START_CHARGE_THRESH_BAT0 = 50;
# STOP_CHARGE_THRESH_BAT0 = 95;
# };
# };
hardware = {
bluetooth = {
enable = true;
powerOnBoot = true;
};
enableRedistributableFirmware = true;
firmware = [
pkgs.sof-firmware
];
};
# nvidia
hardware.opengl = {
enable = true;
};
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
nvidiaPersistenced = true;
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
open = false;
nvidiaSettings = true;
# FIXME issue with stable nvidia driver and latest linux kernel
# use mkDriver to specify newer nvidia driver that is compatible
# see: https://github.com/NixOS/nixpkgs/issues/341844#issuecomment-2351075413
# and https://discourse.nixos.org/t/builder-for-nvidia-x11-550-78-6-10-drv-failed-with-exit-code-2/49360/32
package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "555.58.02";
sha256_64bit = "sha256-xctt4TPRlOJ6r5S54h5W6PT6/3Zy2R4ASNFPu8TSHKM=";
sha256_aarch64 = "sha256-wb20isMrRg8PeQBU96lWJzBMkjfySAUaqt4EgZnhyF8=";
openSha256 = "sha256-8hyRiGB+m2hL3c9MDA/Pon+Xl6E788MZ50WrrAGUVuY=";
settingsSha256 = "sha256-ZpuVZybW6CFN/gz9rx+UJvQ715FZnAOYfHn5jt5Z2C8=";
persistencedSha256 = "sha256-a1D7ZZmcKFWfPjjH1REqPM5j/YLWKnbkP9qfRyIyxAw=";
};
};
# https://bbs.archlinux.org/viewtopic.php?id=297276 for NVreg_EnableGpuFirmware fix
# https://discourse.nixos.org/t/how-to-use-nvidia-prime-offload-to-run-the-x-server-on-the-integrated-board/9091/15
# for udev rules to disable dGPU when not in use
boot.extraModprobeConfig = ''
options nvidia NVreg_DynamicPowerManagement=0x02
options nvidia NVreg_EnableGpuFirmware=0
'';
services.udev.extraRules = ''
# Remove NVIDIA USB xHCI Host Controller devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c0330", ATTR{remove}="1"
# Remove NVIDIA USB Type-C UCSI devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x0c8000", ATTR{remove}="1"
# Remove NVIDIA Audio devices, if present
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x040300", ATTR{remove}="1"
# Enable runtime PM for NVIDIA VGA/3D controller devices on driver bind
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="auto"
ACTION=="bind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="auto"
# Disable runtime PM for NVIDIA VGA/3D controller devices on driver unbind
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030000", TEST=="power/control", ATTR{power/control}="on"
ACTION=="unbind", SUBSYSTEM=="pci", ATTR{vendor}=="0x10de", ATTR{class}=="0x030200", TEST=="power/control", ATTR{power/control}="on"
'';
networking = {
hostName = "citadel";
networkmanager.enable = true;
enableIPv6 = false;
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
};
services.libinput.enable = true;
}

View File

@ -4,6 +4,7 @@ let
in in
{ {
imports = [ imports = [
inputs.impermanence.nixosModules.impermanence
./sops.nix ./sops.nix
./locale.nix ./locale.nix
]; ];
@ -36,12 +37,19 @@ in
}; };
}; };
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
environment.systemPackages = [ environment.systemPackages = [
pkgs.rsync pkgs.rsync
pkgs.curl pkgs.curl
pkgs.just pkgs.just
pkgs.git pkgs.git
pkgs.vim pkgs.vim
pkgs.linuxKernel.packages.linux_zen.cpupower
]; ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";

View File

@ -1,13 +1,13 @@
{ pkgs, lib, inputs, config, ... }: {
lib,
let inputs,
config,
...
}: let
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
hasOptinPersistence = config.environment.persistence ? "/persist"; hasOptinPersistence = config.environment.persistence ? "/persist";
hostname = config.networking.hostName; in {
in
{
imports = [ imports = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
]; ];
@ -17,7 +17,7 @@ in
validateSopsFiles = false; validateSopsFiles = false;
age = { age = {
sshKeyPaths = [ "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key" ]; sshKeyPaths = ["${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key"];
}; };
secrets = { secrets = {
"passwords/root".neededForUsers = true; "passwords/root".neededForUsers = true;

View File

@ -0,0 +1,21 @@
{
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountOptions = [ "subvol=nix" "noatime" ];
mountpoint = "/nix";
};
"/swap" = {
mountOptions = [ "noatime" ];
mountpoint = "/.swapvol";
swap.swapfile.size = "8192M";
};
};
}

View File

@ -1,11 +1,11 @@
{ device, fsType, encrypted, ... }: { device, fsType, encrypted, impermanence, ... }:
let let
# basic and perists configs. basic fs = ext4, persist fs = btrfs either encrypted or under lvm fsModule = if impermanence then ./${fsType}/persist.nix else ./${fsType}/standard.nix;
basic = import ./gpt-bios-compact.nix { inherit device; }; basic = import ./${fsType}/basic.nix { inherit device; };
btrfs-persist-lvm = import ./btrfs-lvm.nix { inherit device; }; lvm = import ./lvm.nix { inherit device; fsModule = fsModule; };
btrfs-persist-luks = import ./btrfs-luks.nix { inherit device; }; luks = import ./luks.nix { inherit device; fsModule = fsModule; };
in in
if fsType == "ext4" then basic if fsType == "ext4" then basic
else if fsType == "btrfs" && encrypted then btrfs-persist-luks else if fsType == "btrfs" && encrypted then luks
else if fsType == "btrfs" then btrfs-persist-lvm else if fsType == "btrfs" then lvm
else null # or some default value else null

View File

@ -1,4 +1,7 @@
{device ? throw "Must define a devices, e.g. /dev/sda"}: {
device ? throw "Must define a device, e.g. /dev/sda",
fsModule ? "Must specify submodule"
}:
{ {
disko.devices = { disko.devices = {
disk = { disk = {
@ -26,7 +29,7 @@
type = "luks"; type = "luks";
name = "crypted"; name = "crypted";
passwordFile = "/tmp/luks_secret.key"; # Interactive passwordFile = "/tmp/luks_secret.key"; # Interactive
content = (import ./btrfs-persist.nix); content = (import "${fsModule}");
}; };
}; };
}; };

View File

@ -1,4 +1,7 @@
{device ? throw "Must define a device, e.g. /dev/sda"}: {
device ? throw "Must define a device, e.g. /dev/sda",
fsModule ? "Must specify submodule"
}:
{ {
disko.devices = { disko.devices = {
disk.main = { disk.main = {
@ -36,7 +39,7 @@
lvs = { lvs = {
root = { root = {
size = "100%FREE"; size = "100%FREE";
content = (import ./btrfs-persist.nix); content = (import "${fsModule}");
}; };
}; };
}; };

View File

@ -0,0 +1,3 @@
#!/usr/bin/env bash
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko ./zspeed.nix

View File

@ -0,0 +1,70 @@
{
disko.devices = {
disk = {
x = {
type = "disk";
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi0";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zspeed";
};
};
};
};
};
y = {
type = "disk";
device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi3";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zspeed";
};
};
};
};
};
};
zpool = {
zspeed = {
type = "zpool";
mode = "mirror";
rootFsOptions = {
"compression" = "zstd-4";
"com.sun:auto-snapshot" = "false";
"xattr" = "sa";
"atime" = "off";
};
options = {
"ashift" = "13";
};
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zspeed@blank$' || zfs snapshot zspeed@blank";
datasets = {
postgres = {
type = "zfs_volume";
size = "10G -s";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/postgres";
};
options = {
"com.sun:auto-snapshot:daily" = "true";
"volblocksize" = "8k";
};
};
};
};
};
};
}

View File

@ -0,0 +1,7 @@
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.brightnessctl
];
services.illum.enable = true;
}

View File

@ -0,0 +1,26 @@
{
pkgs,
inputs,
...
}: {
imports = [inputs.arion.nixosModules.arion];
environment.systemPackages = [
pkgs.arion
pkgs.docker-client
];
virtualisation = {
podman = {
enable = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/containers"
];
};
}

View File

@ -3,8 +3,8 @@
services = { services = {
libinput.enable = true; libinput.enable = true;
xserver = { xserver = {
autoRepeatDelay = 250; autoRepeatDelay = 300;
autoRepeatInterval = 30; autoRepeatInterval = 15;
enable = true; enable = true;
xkb.layout = "gb"; xkb.layout = "gb";
displayManager.startx.enable = true; displayManager.startx.enable = true;
@ -12,12 +12,11 @@
windowManager.dwm = { windowManager.dwm = {
enable = true; enable = true;
package = pkgs.dwm.overrideAttrs { package = pkgs.dwm.overrideAttrs {
src = pkgs.fetchFromGitea { # src = /home/sam/.local/share/src/dwm;
domain = "git.bitlab21.com"; src = pkgs.fetchgit {
owner = "sam"; url = "https://git.bitlab21.com/sam/dwm";
repo = "dwm"; rev = "3e0601b29d879e589703239e064f0baaabb3474b";
rev = "e34d0ecdd98e52164c135b560a5583aa11be89b7"; sha256 = "sha256-7Hq0vo6YnXKhEUdKjvaAeKodq2l8wwJRzCYJfdHDNMQ=";
sha256 = "sha256-er1zi2xYK7AB6oR7JmfkfehesKTw9P4bcgjafj2lIIU=";
}; };
}; };
}; };

View File

@ -9,7 +9,6 @@
# Steam # Steam
mangohud mangohud
gamemode gamemode
gamescope
# WINE # WINE
wine wine
@ -41,11 +40,9 @@
programs.steam = { programs.steam = {
enable = true; enable = true;
gamescopeSession.enable = true;
}; };
programs.gamemode.enable = true; programs.gamemode.enable = true;
programs.gamescope.enable = true;
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override { steam = pkgs.steam.override {

View File

@ -0,0 +1,9 @@
{
fileSystems."/media/homeshare" = {
device = "10.0.10.30:/mnt/homeshare";
fsType = "nfs";
options = [ "noatime" "_netdev" ];
};
}

View File

@ -0,0 +1,7 @@
{
fileSystems."/media/media" = {
device = "10.0.10.30:/mnt/media";
fsType = "nfs";
options = ["noatime" "_netdev"];
};
}

View File

@ -0,0 +1,9 @@
{
fileSystems."/media/photos" = {
device = "10.0.10.30:/mnt/photos";
fsType = "nfs";
options = [ "noatime" "_netdev" "ro" ];
};
}

View File

@ -0,0 +1,21 @@
{ lib, pkgs, ... }:
{
# Using non-Nix Python Packages with Binaries on NixOS https://github.com/mcdonc/.nixconfig/blob/e7885ad18b7980f221e59a21c91b8eb02795b541/videos/pydev/script.rst
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib # numpy
libgcc # sqlalchemy
expat # pyosmium
# that's where the shared libs go, you can find which one you need using
# nix-locate --top-level libstdc++.so.6 (replace this with your lib)
# ^ this requires `nix-index` pkg
];
environment.variables = {
NIX_LD_LIBRARY_PATH="/run/current-system/sw/share/nix-ld/lib";
NIX_LD="/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH=lib.mkForce "$NIX_LD_LIBRARY_PATH";
};
}

View File

@ -0,0 +1,274 @@
{
lib,
pkgs,
configVars,
inputs,
config,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "bd-worker";
containerIp = configVars.networking.addresses.bd-worker.ip;
mongodbIp = configVars.networking.addresses.mongodb.ip;
mongodbPort = toString configVars.networking.addresses.mongodb.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
postgresIp = configVars.networking.addresses.postgres.ip;
postgresPort = toString configVars.networking.addresses.postgres.port;
bitcoindIp = configVars.networking.addresses.bitcoin-node.ip;
bitcoindPort = toString configVars.networking.addresses.bitcoin-node.services.bitcoind.port;
#secrets
sshKeyFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."ssh_keys/baseddata-models-access/id_ed25519".path;
notifybotUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/username".path;
notifybotPwd = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/notifybot/password".path;
recipientUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."comms/xmpp/mrsu/username".path;
mongoclientAuth = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/auth".path;
mongoclientUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/username".path;
mongoclientPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
postgresUser = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_username".path;
postgresPassword = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/baseddata/user_password".path;
bitcoindRPCUsername = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/username".path;
bitcoindRPCPassword= lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
baseddataEnv = "dev";
in {
sops.secrets = {
"ssh_keys/baseddata-models-access/id_ed25519" = {};
"comms/xmpp/notifybot/username" = {};
"comms/xmpp/notifybot/password" = {};
"comms/xmpp/mrsu/username" = {};
"software/mongodb/baseddata/auth" = {};
"software/mongodb/baseddata/username" = {};
"software/mongodb/baseddata/password" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/bitcoind/username" = {};
"software/bitcoind/bitcoin-rpcpassword-public" = {};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/root/.ssh/id_ed25519" = {
hostPath = "${sshKeyFile}";
isReadOnly = true;
};
"/run/secrets/notifybotUsername" = {
hostPath = "${notifybotUsername}";
isReadOnly = true;
};
"/run/secrets/notifybotPassword" = {
hostPath = "${notifybotPwd}";
isReadOnly = true;
};
"/run/secrets/recipientUsername" = {
hostPath = "${recipientUsername}";
isReadOnly = true;
};
"/run/secrets/mongoclientAuth" = {
hostPath = "${mongoclientAuth}";
isReadOnly = true;
};
"/run/secrets/mongoclientUser" = {
hostPath = "${mongoclientUser}";
isReadOnly = true;
};
"/run/secrets/mongoclientPassword" = {
hostPath = "${mongoclientPassword}";
isReadOnly = true;
};
"/run/secrets/postgresPassword" = {
hostPath = "${postgresPassword}";
isReadOnly = true;
};
"/run/secrets/postgresUser" = {
hostPath = "${postgresUser}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCPassword" = {
hostPath = "${bitcoindRPCPassword}";
isReadOnly = true;
};
"/run/secrets/bitcoindRPCUsername" = {
hostPath = "${bitcoindRPCUsername}";
isReadOnly = true;
};
"/media/baseddata-data" = {
hostPath = "/media/main-ssd/baseddata-data";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
4200
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = [
pkgs.vim
pkgs.git
pkgs.python311
pkgs.poetry
pkgs.aria2
pkgs.osmctools
pkgs.osmium-tool
];
environment.variables = {
BASEDDATA_ENVIRONMENT = "dev";
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
};
systemd.services.baseddata-deploy-service = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
description = "Initiates deployment of application and builds python environment using Poetry";
environment = {
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
ExecStart = pkgs.writeShellScript "baseddata-deploy-service" ''
GITCMD="${pkgs.openssh}/bin/ssh -i /root/.ssh/id_ed25519"
if [ ! -d "/srv/baseddata-models" ]; then
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git clone --branch $BASEDDATA_ENVIRONMENT git@git.bitlab21.com:sam/baseddata-models.git /srv/baseddata-models
else
cd /srv/baseddata-models
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git stash --include-untracked
GIT_SSH_COMMAND=$GITCMD ${pkgs.git}/bin/git pull
fi
cd /srv/baseddata-models
mkdir .venv
${pkgs.poetry}/bin/poetry install
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-prefect-server = {
wantedBy = ["multi-user.target"];
after = ["baseddata-deploy-service.target"];
description = "Initates the Prefect server";
environment = {
NIX_LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
NIX_LD = "/run/current-system/sw/share/nix-ld/lib/ld.so";
LD_LIBRARY_PATH = "/run/current-system/sw/share/nix-ld/lib";
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
WorkingDirectory = "/srv/baseddata-models";
ExecStart = pkgs.writeShellScript "baseddata-prefect-server" ''
# run prefect server
.venv/bin/prefect server start --host 0.0.0.0
'';
Restart = "on-failure";
};
};
systemd.services.baseddata-serve-flows = {
wantedBy = ["multi-user.target"];
after = ["baseddata-prefect-server.target"];
description = "Serves the Prefect flows";
environment = {
PREFECT_API_URL = "http://${containerIp}:4200/api";
BASEDDATA_ENVIRONMENT = "${baseddataEnv}";
};
serviceConfig = {
Environment = "PATH=/run/current-system/sw/bin/";
WorkingDirectory = "/srv/baseddata-models";
ExecStartPre = "${pkgs.coreutils}/bin/timeout 120 ${pkgs.bash}/bin/bash -c 'until ${pkgs.netcat-openbsd}/bin/nc -z ${containerIp} 4200; do sleep 3; done'";
ExecStart = pkgs.writeShellScript "baseddata-serve-flows" ''
# set prefect environment variables
.venv/bin/prefect variable set "xmpp_jid" $(cat /run/secrets/notifybotUsername) --overwrite
.venv/bin/prefect variable set "xmpp_password" $(cat /run/secrets/notifybotPassword) --overwrite
.venv/bin/prefect variable set "xmpp_recipient" $(cat /run/secrets/recipientUsername) --overwrite
.venv/bin/prefect variable set "mongoclient_auth" $(cat /run/secrets/mongoclientAuth) --overwrite
.venv/bin/prefect variable set "mongoclient_host" "${mongodbIp}:${mongodbPort}" --overwrite
.venv/bin/prefect variable set "mongoclient_user" $(cat /run/secrets/mongoclientUser) --overwrite
.venv/bin/prefect variable set "mongoclient_pwd" $(cat /run/secrets/mongoclientPassword) --overwrite
.venv/bin/prefect variable set "postgres_host" ${postgresIp} --overwrite
.venv/bin/prefect variable set "postgres_port" ${postgresPort} --overwrite
.venv/bin/prefect variable set "postgres_user" $(cat /run/secrets/postgresUser) --overwrite
.venv/bin/prefect variable set "postgres_pwd" $(cat /run/secrets/postgresPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_password" $(cat /run/secrets/bitcoindRPCPassword) --overwrite
.venv/bin/prefect variable set "bitcoin_rpc_username" $(cat /run/secrets/bitcoindRPCUsername) --overwrite
.venv/bin/prefect variable set "bitcoind_ip" ${bitcoindIp} --overwrite
.venv/bin/prefect variable set "bitcoind_port" ${bitcoindPort} --overwrite
.venv/bin/prefect variable set "osm_dir" "/media/baseddata-data/osm" --overwrite
.venv/bin/prefect variable set "wdpa_dir" "/media/baseddata-data/wdpa" --overwrite
.venv/bin/prefect variable set "mongo_db_name" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_dbname" "baseddata" --overwrite
.venv/bin/prefect variable set "postgres_schema" "models_final" --overwrite
.venv/bin/prefect variable set "unique_key" "row_uuid" --overwrite
# serve flows
.venv/bin/python automation/flows/serve-flows.py
'';
Restart = "on-failure";
};
};
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
zlib
libgcc
];
programs.ssh.knownHosts = {
"git.bitlab21.com" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNd2BGf64heYjWT9yt0fVmngepiHRIMsL7au/MRteg";
};
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -0,0 +1,87 @@
{
lib,
pkgs,
configVars,
...
}: let
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "jellyfin";
containerIp = configVars.networking.addresses.jellyfin.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/var/lib/jellyfin" = {
hostPath = "/media/main-ssd/jellyfin";
isReadOnly = false;
};
"/var/lib/jellyfin/data/media" = {
hostPath = "/media/media";
isReadOnly = true;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
8096
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
services.jellyfin = {
enable = true;
openFirewall = true;
user="jellyfin";
};
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -0,0 +1,98 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
mongodbPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/mongodb/baseddata/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "mongodb";
containerIp = configVars.networking.addresses.mongodb.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
sops.secrets = {
"software/postgres/postgres/password" = {
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
# "/var/db/mongodb" = {
# hostPath = "/media/main-ssd/mongodb";
# isReadOnly = false;
# };
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
27017
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = with pkgs; [
mongosh
];
# allow unfree packages
nixpkgs.config.allowUnfreePredicate = let
whitelist = map lib.getName [
pkgs.mongodb
];
in
pkg: builtins.elem (lib.getName pkg) whitelist;
services.mongodb = {
enable = true;
# enableAuth = true;
# initialRootPassword = mongodbPasswordPath;
bind_ip = "0.0.0.0";
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -0,0 +1,173 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
bitcoin-rpcpassword-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-privileged".path;
bitcoin-rpcpassword-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
bitcoin-HMAC-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-privileged".path;
bitcoin-HMAC-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-public".path;
containerName = "bitcoin-node";
containerIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
gatewayIp = configVars.networking.addresses.gateway.ip;
allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
in {
sops.secrets = {
"software/bitcoind/bitcoin-rpcpassword-privileged" = {};
"software/bitcoind/bitcoin-rpcpassword-public" = {};
"software/bitcoind/bitcoin-HMAC-privileged" = {};
"software/bitcoind/bitcoin-HMAC-public" = {};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-privileged" = {
hostPath = "${bitcoin-rpcpassword-privileged}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public" = {
hostPath = "${bitcoin-rpcpassword-public}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-HMAC-privileged" = {
hostPath = "${bitcoin-HMAC-privileged}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-HMAC-public" = {
hostPath = "${bitcoin-HMAC-public}";
isReadOnly = false;
};
"/var/lib/bitcoind" = {
hostPath = "/media/main-ssd/nix-bitcoin/bitcoind";
isReadOnly = false;
};
"/var/lib/electrs" = {
hostPath = "/media/main-ssd/nix-bitcoin/electrs";
isReadOnly = false;
};
"/var/lib/mysql" = {
hostPath = "/media/main-ssd/nix-bitcoin/mysql";
isReadOnly = false;
};
"/var/lib/tor" = {
hostPath = "/media/main-ssd/nix-bitcoin/tor";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
imports = [
inputs.nix-bitcoin.nixosModules.default
];
environment.systemPackages = with pkgs; [
vim
lsof
jq
];
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [ { "address" = "${containerIp}"; "prefixLength" = 24; } ];
firewall = {
enable = true;
allowedTCPPorts = [
80
443
22
config.containers.bitcoin-node.config.services.bitcoind.rpc.port
config.containers.bitcoin-node.config.services.mempool.frontend.port
config.containers.bitcoin-node.config.services.electrs.port
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
# node services here
nix-bitcoin.generateSecrets = true;
services = {
tor = {
enable = true;
client.enable = true;
};
bitcoind = {
tor.proxy = true;
tor.enforce = true;
enable = true;
dataDir = "/var/lib/bitcoind";
dbCache = 5000;
txindex = true;
rpc = {
address = "0.0.0.0";
threads = 6;
allowip = allowip;
users = let
name = "bitcoin";
in {
privileged.name = name;
public.name = name;
};
};
extraConfig = ''
onlynet=onion
bind=127.0.0.1
'';
};
electrs = {
tor.enforce = true;
enable = true;
dataDir = "/var/lib/electrs";
address = "0.0.0.0";
};
mempool = {
enable = true;
electrumServer = "electrs";
frontend = {
port = mempoolPort;
address = "0.0.0.0";
};
};
};
nix-bitcoin.onionServices = {
bitcoind.enable = true;
electrs.enable = true;
mempool-frontend.enable = true;
};
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -0,0 +1,120 @@
{
inputs,
lib,
config,
configVars,
pkgs,
...
}: let
postgresPasswordPath = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/postgres/postgres/password".path;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
containerName = "postgres";
containerIp = configVars.networking.addresses.postgres.ip;
subnetIp = configVars.networking.addresses.subnet.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
sops.secrets = {
"software/postgres/postgres/password" = {
};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
"/var/lib/nixos-containers/${containerName}"
];
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "br0";
containers.${containerName} = {
autoStart = true;
privateNetwork = true;
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/var/lib/postgresql" = {
hostPath = "/media/main-ssd/postgresql";
isReadOnly = false;
};
};
config = {
pkgs,
lib,
...
}: {
networking = {
defaultGateway = "${gatewayIp}";
interfaces.eth0.ipv4.addresses = [
{
"address" = "${containerIp}";
"prefixLength" = 24;
}
];
firewall = {
enable = true;
allowedTCPPorts = [
5432
];
};
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.systemPackages = with pkgs; [
lsof
];
services.postgresql = {
enable = true;
enableJIT = true;
package = pkgs.postgresql_16;
extraPlugins = with pkgs.postgresql_16.pkgs; [ postgis ];
enableTCPIP = true;
settings = {
max_worker_processes = "12";
max_parallel_workers = "8";
max_parallel_workers_per_gather = "4";
max_connections = "100";
autovacuum_work_mem = "2GB";
shared_buffers = "32GB";
work_mem = "0.32GB";
maintenance_work_mem = "64MB";
};
authentication = pkgs.lib.mkOverride 10 ''
#type database DBuser origin-address auth-method
local all postgres peer
host all all ${subnetIp}/24 scram-sha-256
local replication all peer
host replication all 127.0.0.1/32 scram-sha-256
'';
};
systemd.services.postgresql.postStart = ''
$PSQL -tA <<'EOF'
DO $$
DECLARE password TEXT;
BEGIN
password := trim(both from replace(pg_read_file('${postgresPasswordPath}'), E'\n', '''));
EXECUTE format('ALTER ROLE postgres WITH PASSWORD '''%s''';', password);
END $$;
EOF
'';
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
};
system.stateVersion = "24.05";
};
};
}

View File

@ -4,6 +4,7 @@
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/etc/nixos" "/etc/nixos"
"/srv"
"/var/log" "/var/log"
"/var/lib/nixos" "/var/lib/nixos"
"/var/lib/systemd/coredump" "/var/lib/systemd/coredump"

View File

@ -0,0 +1,42 @@
{
pkgs,
configVars,
...
}: let
serverIp = configVars.networking.addresses.merlin.ip;
in {
services = {
udev.packages = [pkgs.sane-airscan];
printing = {
enable = true;
drivers = [pkgs.gutenprint pkgs.hplip];
};
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
};
hardware = {
sane = {
enable = true;
extraBackends = [pkgs.sane-airscan];
netConf = "${serverIp}";
};
printers = {
ensurePrinters = [
{
name = "HP_ENVY_6000";
description = "Network printer hosted on bob";
location = "bob";
deviceUri = "ipp://bob/printers/HP_ENVY_6000_series";
model = "everywhere";
ppdOptions = {
PageSize = "A4";
};
}
];
};
};
}

View File

@ -0,0 +1,12 @@
{pkgs, ...}: let
customLayout = pkgs.writeText "xkb-layout" ''
keycode 64 = Mode_switch
keycode 43 = h H Left H
keycode 44 = j J Down J
keycode 45 = k K Up K
keycode 46 = l L Right L
'';
in {
# Remap Alt_L +[hjkl] to left down up right
services.xserver.displayManager.sessionCommands = "sleep 5 && ${pkgs.xorg.xmodmap}/bin/xmodmap ${customLayout}";
}

View File

@ -1,5 +1,6 @@
{ pkgs, inputs, config, lib, ... }: { pkgs, inputs, config, lib, ... }:
let let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
username = "admin"; username = "admin";
pubKeys = lib.filesystem.listFilesRecursive (../keys); pubKeys = lib.filesystem.listFilesRecursive (../keys);
hostname = config.networking.hostName; hostname = config.networking.hostName;
@ -15,7 +16,14 @@ in
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = ["wheel"]; extraGroups = [
"wheel"
] ++ ifTheyExist [
"docker"
"lxc"
"git"
"podman"
];
packages = with pkgs; [ packages = with pkgs; [
]; ];
@ -36,11 +44,6 @@ in
mode = "0644"; mode = "0644";
owner = "${username}"; owner = "${username}";
}; };
"ssh_keys/deploy_key/id_ed25519" = {
path = "/home/${username}/.ssh/deploy_key-ssh-ed25519";
mode = "0644";
owner = "${username}";
};
}; };
programs.zsh.enable = true; programs.zsh.enable = true;

View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDgPtDNQEN97mnrq/v9RPMUaSjLpIaF/ga/L41xETB9h0y5jdpPUMbZ6uTV6vW8Vm1YW2tzEs2l1lxb9yTrsK8hdVfz8/vWvDSbsUIJn3gOQSOTNQ+nNFFYlKqNhypK+3Mn8BD7EeJaLNK8Ahr/87PS0c/B5YN+TcntsEZpsXF7U2CCqMh559JXp1byie7DuwTYUdvjdDtCidYNphGoEljuzID+lJFBYsaa5SQFlmrr7HcQfaE/MwyxyPRryRnlO7E9k12BrL56UONYycyTf4dyK9MnhhO0wAkIoHyd46/sAdgvNrloY4I+WLjUOqKY6vys8kxG7xNcmN5XfeDJXrPMhW5N0Kz2dc/Yu8SOG8weCiz7uuDjcxYz9eK5cxKgg37A+drbgddoHTi7GCM5Q6wN2Jlig0++6Xo2CGOUKpNOmGBRGAjlIByXYWu1KFRBVclXZES/g38274gRihVk3WCbtLEUafS7wsl8ruMmecU7rhDL7fITd2hWvBkONpA7RxLlMTBfMAEXuq4hOystGZeZj7KusPG4purJDtT+3rCcl5LZ8cn4G5fvINTbXeix5pOz/TdSGNTSJW7ML2W0W6Q+2kVO0l2N/+6IA/rPa4j+AwTODBxWkWVHEBRncJ5hIh5iFz+dSnmllkwOi41tbDFmdGuDeyQ0dsq4wXrBzXGfxw== samual.shop@protonmail.com :: laptop

View File

@ -1,22 +1,26 @@
{ pkgs, inputs, config, lib, ... }: {
let pkgs,
inputs,
config,
lib,
...
}: let
username = "media"; username = "media";
pubKeys = lib.filesystem.listFilesRecursive (../keys); pubKeys = lib.filesystem.listFilesRecursive ../keys;
hostname = config.networking.hostName; hostname = config.networking.hostName;
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${username}".path; sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${username}".path;
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
in {
in
{
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; # default shell shell = pkgs.zsh; # default shell
hashedPasswordFile = sopsHashedPasswordFile; hashedPasswordFile = sopsHashedPasswordFile;
openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key); openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
extraGroups = extraGroups = [
[ "scanner"
"lp"
"wheel" "wheel"
]; ];
@ -65,13 +69,11 @@ in
# The containing ssh folders are created as root and if this is the first ~/.ssh/ entry when writing keys, # The containing ssh folders are created as root and if this is the first ~/.ssh/ entry when writing keys,
# the ownership is busted and home-manager can't target because it can't write into .ssh... # the ownership is busted and home-manager can't target because it can't write into .ssh...
# FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed # FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed
system.activationScripts.sopsSetSshOwnwership = system.activationScripts.sopsSetSshOwnwership = let
let
sshFolder = "/home/${username}/.ssh"; sshFolder = "/home/${username}/.ssh";
user = config.users.users.${username}.name; user = config.users.users.${username}.name;
group = config.users.users.${username}.group; group = config.users.users.${username}.group;
in in ''
''
mkdir -p ${sshFolder} || true mkdir -p ${sshFolder} || true
chown -R ${user}:${group} /home/${username}/.ssh chown -R ${user}:${group} /home/${username}/.ssh
''; '';
@ -82,7 +84,7 @@ in
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
home-manager = { home-manager = {
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = {inherit inputs;};
users = { users = {
${username} = import ../../../../home/${hostname}.nix; ${username} = import ../../../../home/${hostname}.nix;
}; };

View File

@ -1,13 +1,19 @@
{ pkgs, inputs, config, lib, ... }: {
let pkgs,
inputs,
config,
lib,
configVars,
...
}: let
hostname = config.networking.hostName; hostname = config.networking.hostName;
pubKeys = lib.filesystem.listFilesRecursive (../keys); pubKeys = lib.filesystem.listFilesRecursive ../keys;
sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path; sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
baseddataPostgresIp = configVars.networking.addresses.postgres.ip;
username = "sam"; username = "sam";
in in {
{
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; # default shell shell = pkgs.zsh; # default shell
@ -16,10 +22,14 @@ in
extraGroups = [ extraGroups = [
"wheel" "wheel"
"networkmanager"
"scanner"
"lp"
"docker"
"podman"
]; ];
}; };
services.tailscale.enable = true;
sops.secrets = { sops.secrets = {
"passwords/${username}" = { "passwords/${username}" = {
sopsFile = "${secretsFile}"; sopsFile = "${secretsFile}";
@ -38,18 +48,26 @@ in
"github-access-token" = { "github-access-token" = {
mode = "0655"; mode = "0655";
}; };
"software/postgres/btc_models/password" = { }; "software/postgres/baseddata_models/password" = {};
"software/postgres/btc_models/ip" = { }; "software/postgres/baseddata_models/ip" = {};
"software/postgres/btc_models/username" = { }; "software/postgres/baseddata_models/username" = {};
"software/zotero/username" = { }; "software/postgres/osm/password" = {};
"software/zotero/password" = { }; "software/postgres/osm/ip" = {};
"software/zotero/guid" = { }; "software/postgres/osm/username" = {};
"software/postgres/bitcoin/password" = {};
"software/postgres/bitcoin/ip" = {};
"software/postgres/bitcoin/username" = {};
"software/postgres/baseddata/user_password" = {};
"software/postgres/baseddata/user_username" = {};
"software/zotero/username" = {};
"software/zotero/password" = {};
"software/zotero/guid" = {};
}; };
# Setup software specific templates for user # Setup software specific templates for user
# Should be part of home-manager - waiting for templates functionality # Should be part of home-manager - waiting for templates functionality
# See here https://github.com/Mic92/sops-nix/issues/423 and here https://github.com/Mic92/sops-nix/issues/498 # See here https://github.com/Mic92/sops-nix/issues/423 and here https://github.com/Mic92/sops-nix/issues/498
# TODO migrate db_ui connection to home-manager when issue 423 and 498 are resolved in github:Mic92/sops-nix # TODO: migrate db_ui connection to home-manager when issue 423 and 498 are resolved in github:Mic92/sops-nix
sops.templates."dbui_connections.json" = { sops.templates."dbui_connections.json" = {
path = "/home/${username}/.local/share/db_ui/connections.json"; path = "/home/${username}/.local/share/db_ui/connections.json";
owner = "${username}"; owner = "${username}";
@ -57,12 +75,24 @@ in
content = '' content = ''
[ [
{ {
"url": "postgresql://${config.sops.placeholder."software/postgres/btc_models/username"}:${config.sops.placeholder."software/postgres/btc_models/password"}@${config.sops.placeholder."software/postgres/btc_models/ip"}/btc_models", "url": "postgresql://${config.sops.placeholder."software/postgres/baseddata_models/username"}:${config.sops.placeholder."software/postgres/baseddata_models/password"}@${config.sops.placeholder."software/postgres/baseddata_models/ip"}/btc_models",
"name": "btc_models" "name": "baseddata_models"
}, },
{ {
"url": "postgresql://${config.sops.placeholder."software/postgres/btc_models/username"}:${config.sops.placeholder."software/postgres/btc_models/password"}@${config.sops.placeholder."software/postgres/btc_models/ip"}/dev_btc_models", "url": "postgresql://${config.sops.placeholder."software/postgres/baseddata_models/username"}:${config.sops.placeholder."software/postgres/baseddata_models/password"}@${config.sops.placeholder."software/postgres/baseddata_models/ip"}/dev_baseddata_models",
"name": "dev_btc_models" "name": "dev_baseddata_models"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/osm/username"}:${config.sops.placeholder."software/postgres/osm/password"}@${config.sops.placeholder."software/postgres/osm/ip"}/osm",
"name": "osm"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/bitcoin/username"}:${config.sops.placeholder."software/postgres/bitcoin/password"}@${config.sops.placeholder."software/postgres/bitcoin/ip"}/bitcoin",
"name": "bitcoin"
},
{
"url": "postgresql://${config.sops.placeholder."software/postgres/baseddata/user_username"}:${config.sops.placeholder."software/postgres/baseddata/user_password"}@${baseddataPostgresIp}/baseddata",
"name": "baseddata"
} }
] ]
''; '';
@ -73,27 +103,27 @@ in
owner = "${username}"; owner = "${username}";
mode = "0600"; mode = "0600";
content = '' content = ''
bitcoin: baseddata:
target: dev target: dev
outputs: outputs:
dev: dev:
dbname: dev_btc_models dbname: dev_baseddata
host: ${config.sops.placeholder."software/postgres/btc_models/ip"} host: ${baseddataPostgresIp}
pass: '${config.sops.placeholder."software/postgres/btc_models/password"}' pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}'
port: 5432 port: 5432
schema: models schema: models
threads: 6 threads: 6
type: postgres type: postgres
user: ${config.sops.placeholder."software/postgres/btc_models/username"} user: ${config.sops.placeholder."software/postgres/baseddata/user_username"}
prod: prod:
dbname: btc_models dbname: baseddata
host: ${config.sops.placeholder."software/postgres/btc_models/ip"} host: ${baseddataPostgresIp}
pass: '${config.sops.placeholder."software/postgres/btc_models/password"}' pass: '${config.sops.placeholder."software/postgres/baseddata/user_password"}'
port: 5432 port: 5432
schema: models schema: models
threads: 6 threads: 6
type: postgres type: postgres
user: ${config.sops.placeholder."software/postgres/btc_models/username"} user: ${config.sops.placeholder."software/postgres/baseddata/user_username"}
''; '';
}; };
@ -107,13 +137,11 @@ in
# The containing folders are created as root and if this is the first entry when writing files, # The containing folders are created as root and if this is the first entry when writing files,
# the ownership is busted and home-manager can't target because it can't write to these dirs... # the ownership is busted and home-manager can't target because it can't write to these dirs...
# FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed # FIXME: We might not need this depending on how https://github.com/Mic92/sops-nix/issues/381 is fixed
system.activationScripts.sopsSetOwnwership = system.activationScripts.sopsSetOwnwership = let
let
sshFolder = "/home/${username}/.ssh"; sshFolder = "/home/${username}/.ssh";
user = config.users.users.${username}.name; user = config.users.users.${username}.name;
group = config.users.users.${username}.group; group = config.users.users.${username}.group;
in in ''
''
mkdir -p ${sshFolder} || true mkdir -p ${sshFolder} || true
chown -R ${user}:${group} /home/${username}/.ssh chown -R ${user}:${group} /home/${username}/.ssh
''; '';
@ -127,13 +155,9 @@ in
programs.zsh.enable = true; programs.zsh.enable = true;
home-manager = { home-manager = {
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = {inherit inputs;};
users = { users = {
${username} = import ../../../../home/${hostname}.nix; ${username} = import ../../../../home/${hostname}.nix;
}; };
}; };
environment.systemPackages = [
#inputs.sqlfmt.packages.x86_64-linux.sqlfmt
];
} }

View File

@ -1,50 +0,0 @@
{ inputs, config, lib, pkgs, outputs, configLib, ... }:
{
imports =
[
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/openssh
../common/optional/fileserver-nfs-mount.nix
# Create users for this host
../common/users/admin
];
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.unstable-packages
];
config = {
allowUnfree = true;
};
};
nix.settings.experimental-features = [ "nix-command" "flakes" ];
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda";
networking = {
hostName = "fileserver";
networkmanager.enable = true;
enableIPv6 = false;
hosts = { "192.168.122.223" = [ "fileserver" ]; };
};
time.timeZone = "Europe/London";
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
}

View File

@ -1,10 +1,10 @@
{ inputs, config, lib, pkgs, outputs, ... }: { inputs, ... }:
let let
# Disko setup # Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/sda"; # depends on target hardware dev = "/dev/disk/by-id/ata-QEMU_HARDDISK_QM00005";
encrypted = false; # currrently only applies to btrfs encrypted = false; # currrently only applies to btrfs
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root"; impermanence = false;
user = "admin"; user = "admin";
in in
{ {
@ -13,9 +13,9 @@ in
# Create users for this host # Create users for this host
../common/users/${user} ../common/users/${user}
# Disk configuration # Root disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; }) (import ../common/disks { device = dev; impermanence = impermanence; fsType = fsType; encrypted = encrypted; })
# Import core options # Import core options
./hardware-configuration.nix ./hardware-configuration.nix
@ -23,21 +23,29 @@ in
# Import optional options # Import optional options
../common/optional/openssh.nix ../common/optional/openssh.nix
../common/optional/docker
../common/optional/docker/postgres.nix
]; ];
boot.loader.grub.enable = true; boot = {
boot.loader.grub.device = "/dev/sda"; loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = 3;
};
};
networking = { networking = {
hostName = "nebula"; hostName = "merlin";
networkmanager.enable = true; networkmanager.enable = true;
enableIPv6 = false; enableIPv6 = false;
}; };
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false; boot.zfs.forceImportRoot = false;
networking.hostId = "18aec5d7" networking.hostId = "18aec5d7";
boot.zfs.extraPools = [ "zspeed" ];
services.libinput.enable = true; services.libinput.enable = true;
} }

View File

@ -8,18 +8,11 @@
[ (modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/9bed98b2-5ee2-4408-a9b1-6d40e9b68135";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction

View File

@ -1,34 +0,0 @@
{ inputs, config, lib, pkgs, outputs,... }:
let
dev = "/dev/vda";
in
{
imports =
[
# Import core options
./hardware-configuration.nix
../common/core
# Import optional options
../common/optional/pipewire.nix
../common/optional/hyprland.nix
../common/optional/displayManager/sddm.nix
../common/optional/openssh.nix
# Create users for this host
../common/users/sam
];
boot.loader.grub.enable = true;
boot.loader.grub.device = "${dev}";
networking = {
hostName = "nixdev";
networkmanager.enable = true;
enableIPv6 = false;
};
services.libinput.enable = true;
}

View File

@ -1,33 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f9abe09a-de68-4913-b6c5-ad55b473a961";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/fe24d2ba-2fbc-4ef5-8139-a26f4fc3f3e3"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View File

@ -1,25 +1,43 @@
{ inputs, config, lib, pkgs, outputs, ... }: {
let inputs,
lib,
pkgs,
configVars,
...
}: let
# Disko setup # Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/nvme0n1"; # depends on target hardware dev = "/dev/nvme0n1"; # depends on target hardware
encrypted = true; # currrently only applies to btrfs encrypted = true; # currrently only applies to btrfs
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root"; btrfsMountDevice =
if encrypted
then "/dev/mapper/crypted"
else "/dev/root_vg/root";
user = "sam"; user = "sam";
in impermanence = true;
{ pieholeIp = configVars.networking.addresses.piehole.ip;
imports = gatewayIp = configVars.networking.addresses.gateway.ip;
[ semitaIp = configVars.networking.addresses.semita.ip;
in {
imports = [
# Create users for this host # Create users for this host
../common/users/${user} ../common/users/${user}
# Disk configuration # Disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; }) (import ../common/disks {
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Impermanence # Impermanence
inputs.impermanence.nixosModules.impermanence (import ../common/disks/btrfs/impermanence.nix {
(import ../common/disks/btrfs-impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; }) btrfsMountDevice = btrfsMountDevice;
lib = lib;
})
# Import core options # Import core options
./hardware-configuration.nix ./hardware-configuration.nix
@ -30,11 +48,25 @@ in
../common/optional/pipewire.nix ../common/optional/pipewire.nix
../common/optional/openssh.nix ../common/optional/openssh.nix
../common/optional/dwm.nix ../common/optional/dwm.nix
../common/optional/nfs-mounts/media.nix
../common/optional/nfs-mounts/homeshare.nix
../common/optional/printing.nix
../common/optional/docker
../common/optional/nixos-containers/nix-bitcoin.nix
../common/optional/nixos-containers/postgres.nix
../common/optional/nixos-containers/jellyfin.nix
../common/optional/nixos-containers/baseddata-worker.nix
../common/optional/nixos-containers/mongodb.nix
../common/optional/nix-ld.nix
]; ];
fileSystems."/media/main-ssd" = {
device = "/dev/disk/by-uuid/ba884006-e813-4b67-9fe6-62aea08b3b59";
fsType = "ext4";
};
boot = { boot = {
blacklistedKernelModules = [ "snd_hda_intel" "snd_soc_skl" ]; blacklistedKernelModules = ["snd_hda_intel" "snd_soc_skl"];
kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest; kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest;
loader = { loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
@ -43,14 +75,67 @@ in
}; };
}; };
services = {
xserver = {
dpi = 144;
upscaleDefaultCursor = true;
};
};
environment.variables = {
GDK_SCALE = "2";
GDK_DPI_SCALE = "0.6";
_JAVA_OPTIONS = "-Dsun.java2d.uiScale=1.8";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
XCURSOR_SIZE = "32";
};
hardware.firmware = [ hardware.firmware = [
pkgs.sof-firmware pkgs.sof-firmware
]; ];
# Add hardware support for intel gpus as specified here: https://nixos.wiki/wiki/Jellyfin
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
swapDevices = [ {
device = "/.swapvol/swapfile";
size = 32*1024;
} ];
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime
# only available on unstable
unstable.vpl-gpu-rt
intel-media-sdk
];
};
networking = { networking = {
hostName = "semita"; hostName = "semita";
networkmanager.enable = true; nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
enableIPv6 = false; defaultGateway = "${gatewayIp}";
useDHCP = false;
bridges = {
br0 = {
interfaces = ["eth0"];
};
};
interfaces.br0 = {
ipv4.addresses = [
{
"address" = "${semitaIp}";
"prefixLength" = 24;
}
];
};
}; };
services.libinput.enable = true; services.libinput.enable = true;

View File

@ -1,24 +1,40 @@
{ inputs, config, lib, pkgs, outputs, ... }: {
let inputs,
config,
lib,
configVars,
...
}: let
# Disko setup # Disko setup
fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence fsType = "btrfs"; # one of ext4 or btrfs. Use btrfs if using impermanence
dev = "/dev/sda"; # depends on target hardware dev = "/dev/sda"; # depends on target hardware
encrypted = false; # currrently only applies to btrfs encrypted = false; # currrently only applies to btrfs
btrfsMountDevice = if encrypted then "/dev/mapper/crypted" else "/dev/root_vg/root"; btrfsMountDevice =
in if encrypted
{ then "/dev/mapper/crypted"
imports = else "/dev/root_vg/root";
[ impermanence = true;
pieholeIp = configVars.networking.addresses.piehole.ip;
gatewayIp = configVars.networking.addresses.gateway.ip;
in {
imports = [
# Create users for this host # Create users for this host
../common/users/media ../common/users/media
# Disk configuration # Disk configuration
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
(import ../common/disks { device = dev; fsType = fsType; encrypted = encrypted; }) (import ../common/disks {
device = dev;
impermanence = impermanence;
fsType = fsType;
encrypted = encrypted;
})
# Impermanence # Impermanence
inputs.impermanence.nixosModules.impermanence (import ../common/disks/btrfs/impermanence.nix {
(import ../common/disks/btrfs-impermanence.nix { btrfsMountDevice = btrfsMountDevice; lib = lib; }) btrfsMountDevice = btrfsMountDevice;
lib = lib;
})
# Import core options # Import core options
./hardware-configuration.nix ./hardware-configuration.nix
@ -27,8 +43,9 @@ in
# Import optional options # Import optional options
../common/optional/openssh.nix ../common/optional/openssh.nix
../common/optional/persistence.nix ../common/optional/persistence.nix
../common/optional/nfs-mounts/media.nix
../common/optional/gaming.nix ../common/optional/gaming.nix
../common/optional/printing.nix
]; ];
boot = { boot = {
@ -38,12 +55,13 @@ in
timeout = 3; timeout = 3;
}; };
}; };
boot.kernelParams = [ "i915.enable_psr=0" ]; boot.kernelParams = ["i915.enable_psr=0"];
networking = { networking = {
hostName = "sparky"; hostName = "sparky";
networkmanager.enable = true; networkmanager.enable = true;
enableIPv6 = false; enableIPv6 = false;
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];
}; };
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg:
@ -59,7 +77,7 @@ in
services.xserver = { services.xserver = {
enable = true; enable = true;
videoDrivers = [ "nvidia" ]; videoDrivers = ["nvidia"];
displayManager.lightdm.enable = true; displayManager.lightdm.enable = true;
exportConfiguration = true; exportConfiguration = true;
deviceSection = '' deviceSection = ''

View File

@ -1,4 +1,4 @@
SOPS_FILE := "../nix-secrets/secrets.yaml" SOPS_FILE := "~/.local/share/src/nix-secrets/secrets.yaml"
# default recipe to display help information # default recipe to display help information
default: default:
@ -14,6 +14,11 @@ rebuild-system:
git add *.nix git add *.nix
sudo nixos-rebuild switch --option eval-cache false --flake .#$(hostname) sudo nixos-rebuild switch --option eval-cache false --flake .#$(hostname)
# test full system rebuild from flake (stages changes and automatically detects host)
rebuild-system-test:
git add *.nix
sudo nixos-rebuild test --option eval-cache false --flake .#$(hostname)
# updates all flake inputs for system # updates all flake inputs for system
update-flake: update-flake:
nix flake update nix flake update
@ -23,10 +28,11 @@ update-flake:
edit-sops: edit-sops:
echo "Editing {{SOPS_FILE}}" echo "Editing {{SOPS_FILE}}"
nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}" nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops {{SOPS_FILE}}"
cd $(dirname {{SOPS_FILE}}) && git add . && git commit -m "autocommit" && git push
# update keys in secrets.yaml and push to remote # update keys in secrets.yaml and push to remote
update-sops-secrets: update-sops-secrets:
cd ../nix-secrets && (\ cd ~/.local/share/src/nix-secrets && (\
nix-shell -p sops --run "sops updatekeys -y secrets.yaml" && \ nix-shell -p sops --run "sops updatekeys -y secrets.yaml" && \
git add -u && (git commit -m "updated secrets" || true) && git push \ git add -u && (git commit -m "updated secrets" || true) && git push \
) )

View File

@ -1,8 +1,10 @@
pkgs: { pkgs: {
sddm-theme = pkgs.callPackage ./sddm-theme { }; sddm-theme = pkgs.callPackage ./sddm-theme {};
st = pkgs.callPackage ./st { }; st = pkgs.callPackage ./st {};
dwmblocks = pkgs.callPackage ./dwmblocks { }; dwmblocks = pkgs.callPackage ./dwmblocks {};
dmenu = pkgs.callPackage ./dmenu { }; dmenu = pkgs.callPackage ./dmenu {};
nsxiv = pkgs.callPackage ./nsxiv { }; nsxiv = pkgs.callPackage ./nsxiv {};
sqlfmt = pkgs.callPackage ./sqlfmt { }; sqlfmt = pkgs.callPackage ./sqlfmt {};
kunst = pkgs.callPackage ./kunst {};
set_wm_class = pkgs.callPackage ./set_wm_class {};
} }

22
pkgs/kunst/default.nix Normal file
View File

@ -0,0 +1,22 @@
{ pkgs ? import <nixpkgs> { }
, fetchFromGitea ? pkgs.fetchFromGitea
}:
pkgs.stdenv.mkDerivation {
pname = "kunst";
name = "kunst";
src = fetchFromGitea {
domain = "git.bitlab21.com";
owner = "sam";
repo = "kunst";
rev = "efff362ab9ea14cae2bb6c5d246601011e345732";
sha256 = "sha256-AeAYh2z2Ty9rYfgm+EhYB99OI87aWqLURDbfT0N3wUg=";
};
installPhase = ''
mkdir -p $out/bin
mv kunst $out/bin
chmod 755 $out/bin/kunst
'';
}

View File

@ -0,0 +1,35 @@
{ pkgs ? import <nixpkgs> { }
, fetchFromGitea ? pkgs.fetchFromGitea
, pkg-config ? pkgs.pkg-config
, libX11 ? pkgs.xorg.libX11
}:
pkgs.stdenv.mkDerivation {
pname = "set_wm_class";
name = "set_wm_class";
src = fetchFromGitea {
domain = "git.bitlab21.com";
owner = "sam";
repo = "set_wm_class";
rev = "b39fb4b360";
sha256 = "sha256-5z2YQof4jbfa1dQll5GLt2OL54UhDKZ4Dzzte7vT0zM=";
};
nativeBuildInputs = [
pkg-config
];
buildInputs = [
libX11
];
buildPhase = ''
make
'';
installPhase = ''
mkdir -p $out/bin
mv set_wm_class $out/bin
'';
}

View File

@ -2,14 +2,17 @@
, fetchurl ? pkgs.fetchurl , fetchurl ? pkgs.fetchurl
, buildPythonPackage ? pkgs.python311Packages.buildPythonPackage , buildPythonPackage ? pkgs.python311Packages.buildPythonPackage
}: }:
let
version = "0.21.4"; # this needs to be fetched from github to get the latest
in
buildPythonPackage { buildPythonPackage {
pname = "shandy-sqlfmt"; pname = "shandy-sqlfmt";
version = "0.21.3";
format = "wheel"; format = "wheel";
version = version;
src = fetchurl { src = fetchurl {
url = "https://github.com/tconbeer/sqlfmt/releases/download/v0.21.3/shandy_sqlfmt-0.21.3-py3-none-any.whl"; url = "https://github.com/tconbeer/sqlfmt/releases/download/v${version}/shandy_sqlfmt-${version}-py3-none-any.whl";
sha256 = "sha256-gb/gLAcGD7F/0LL6WllfX1CW4Tug//jNDA0v9O5tedA="; sha256 = "sha256-mS8afZtQxN/blaVgG2cBD/wnRZGxAwQWPJqtTji1IJk=";
}; };
doCheck = false; doCheck = false;

View File

@ -12,8 +12,8 @@ pkgs.stdenv.mkDerivation {
domain = "git.bitlab21.com"; domain = "git.bitlab21.com";
owner = "sam"; owner = "sam";
repo = "st"; repo = "st";
rev = "31e0ba8cb2086fb12741afc5fc3dfd938ca1f59b"; rev = "0e926487c85227aad9eed6667b91e149018014b8";
sha256 = "sha256-dbkXFbNr/lJveMeR7qXo7jGgF5+79S9vqKsLM7XM250="; sha256 = "sha256-aUquoUotLKJDxOISIcx0RUybNvBrytc7+EF7PE1MRJU=";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

View File

@ -17,6 +17,8 @@ read -p "Enter hostname of target: " hostname
read -p "Enter IP of target: " ip read -p "Enter IP of target: " ip
read -p "Enter config to install on target: " config read -p "Enter config to install on target: " config
read -p "Enter username (if none, use 'root'): " username read -p "Enter username (if none, use 'root'): " username
read -p "Using impermanence? (yes|no): " impermanence
[ "$impermanence" = "yes" ] && persist="/persist"
# Delete key in known hosts if exists # Delete key in known hosts if exists
sed -i "/$ip/d" ~/.ssh/known_hosts sed -i "/$ip/d" ~/.ssh/known_hosts
@ -36,23 +38,23 @@ cleanup() {
trap cleanup EXIT trap cleanup EXIT
# Create the directory for target host keys # Create the directory for target host keys
install -d -m755 "$temp/persist/etc/ssh" install -d -m755 "$temp$persist/etc/ssh"
# Create ssh keys # Create ssh keys
echo "Creating '$hostname' ssh keys" echo "Creating '$hostname' ssh keys"
ssh-keygen -t ed25519 -f "$temp/persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N "" ssh-keygen -t ed25519 -f "$temp$persist/etc/ssh/ssh_host_ed25519_key" -C root@"$hostname" -N ""
# Extract luks key from secrets # Extract luks key from secrets
luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ../nix-secrets/secrets.yaml") luks_secret=$(nix-shell -p sops --run "SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt sops -d --extract '[""\"luks_passphrase""\"][""\"$hostname""\"]' ~/.local/share/src/nix-secrets/secrets.yaml")
echo "$luks_secret" > /tmp/luks_secret.key echo "$luks_secret" > /tmp/luks_secret.key
# Generate age key from target host and user public ssh key # Generate age key from target host and user public ssh key
echo "Generating age key from target host and user ssh key" echo "Generating age key from target host and user ssh key"
HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp/persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age") HOST_AGE_KEY=$(nix-shell -p ssh-to-age --run "cat $temp$persist/etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age")
echo -e "Host age key:\n$HOST_AGE_KEY\n" echo -e "Host age key:\n$HOST_AGE_KEY\n"
# Update .sops.yaml with new age key: # Update .sops.yaml with new age key:
SOPS_FILE="../nix-secrets/.sops.yaml" SOPS_FILE="$HOME/.local/share/src/nix-secrets/.sops.yaml"
sed -i "{ sed -i "{
# Remove any * and & entries for this host # Remove any * and & entries for this host
/[*&]$hostname/ d; /[*&]$hostname/ d;
@ -61,13 +63,14 @@ sed -i "{
/age:/{n; p; s/\(.*- \*\).*/\1$hostname/}; /age:/{n; p; s/\(.*- \*\).*/\1$hostname/};
# Inject a new hosts: entry # Inject a new hosts: entry
/&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/} /&hosts:/{n; p; s/\(.*- &\).*/\1$hostname $HOST_AGE_KEY/}
}" $SOPS_FILE }" "$SOPS_FILE"
# Commit and push changes to sops file # Commit and push changes to sops file
just update-sops-secrets && just update-flake-secrets && just update-flake just update-sops-secrets && just update-flake-secrets && just update-flake
# Copy current nix config over to target # Copy current nix config over to target
cp -prv . "$temp/persist/etc/nixos" echo "copying current nix config to host"
cp -pr . "$temp$persist/etc/nixos"
# Install Nixos to target # Install Nixos to target
SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519" SHELL=/bin/sh nix run github:nix-community/nixos-anywhere/1.3.0 -- --extra-files "$temp" --disk-encryption-keys /tmp/luks_secret.key /tmp/luks_secret.key --flake .#"$config" root@"$ip" -i "$HOME/.ssh/id_ed25519"

8
shell.nix Normal file
View File

@ -0,0 +1,8 @@
{ pkgs ? import <nixpkgs> { } }:
pkgs.mkShell
{
nativeBuildInputs = with pkgs; [
update-nix-fetchgit
];
}

Some files were not shown because too many files have changed in this diff Show More