move old nixos-config over here
This commit is contained in:
parent
346d80ae7e
commit
54baace7c1
35 changed files with 850 additions and 44 deletions
30
README.md
30
README.md
|
@ -1,3 +1,31 @@
|
|||
# Home Manager
|
||||
# NixOS Config
|
||||
|
||||
IT in a box!
|
||||
|
||||
## Bootstrapping from a fresh NixOS installation
|
||||
|
||||
1. Install NixOS
|
||||
2. Clone this repo:
|
||||
|
||||
```
|
||||
nix-shell -p git --command 'git clone https://git.shelman.io/shelmangroup/nixos-config.git'
|
||||
```
|
||||
|
||||
3. Ensure host configuration exists at `./nixos-config/hosts/${HOSTNAME}` and contains at minimum the hardware configuration. The NixOS installer will write this out to `/etc/nixos/hardware-configuration.nix`.
|
||||
4. Apply configuration:
|
||||
```
|
||||
sudo nixos-rebuild boot --flake ./nixos-config#${HOSTNAME}
|
||||
```
|
||||
|
||||
## Use
|
||||
|
||||
1. Clone this repo somewhere convenient, like `~/src/shelman/nixos-config`
|
||||
2. Apply configuration: `just switch`
|
||||
|
||||
## Update
|
||||
|
||||
Update nixpkgs and switch: `just update`
|
||||
|
||||
# Home Manager
|
||||
|
||||
`just home-switch`
|
||||
|
|
42
common/base.nix
Normal file
42
common/base.nix
Normal file
|
@ -0,0 +1,42 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
boot = {
|
||||
loader.systemd-boot.enable = true;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
kernelPackages = pkgs.linuxPackages_zen;
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/Stockholm";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
btrfs-progs
|
||||
btrfs-snap
|
||||
git
|
||||
glibcLocales
|
||||
qemu_kvm
|
||||
qemu-utils
|
||||
vim
|
||||
zstd
|
||||
];
|
||||
|
||||
# Use fish, but not in /etc/passwd . See https://nixos.wiki/wiki/Fish#Setting_fish_as_your_shell
|
||||
programs.bash = {
|
||||
interactiveShellInit = ''
|
||||
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
|
||||
then
|
||||
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
|
||||
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
|
||||
fi
|
||||
'';
|
||||
shellInit = ''
|
||||
export NIX_LD=$(nix eval --impure --raw --expr 'let pkgs = import <nixpkgs> {}; NIX_LD = pkgs.lib.fileContents "${pkgs.stdenv.cc}/nix-support/dynamic-linker"; in NIX_LD')
|
||||
'';
|
||||
};
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
# networking.firewall.enable = false;
|
||||
}
|
|
@ -1,21 +1,11 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./atuin.nix
|
||||
./broot.nix
|
||||
./devel.nix
|
||||
./fish.nix
|
||||
./gnome.nix
|
||||
./k8s.nix
|
||||
./base.nix
|
||||
./desktop.nix
|
||||
./hardening.nix
|
||||
./laptop.nix
|
||||
./nix.nix
|
||||
./nvim.nix
|
||||
./scripts.nix
|
||||
./ssh.nix
|
||||
./utils.nix
|
||||
./vcs.nix
|
||||
./web.nix
|
||||
./wezterm.nix
|
||||
./plymouth.nix
|
||||
./podman.nix
|
||||
];
|
||||
|
||||
options.shelman.desktop.enable = lib.mkEnableOption "Desktop environment";
|
||||
}
|
||||
|
|
107
common/desktop.nix
Normal file
107
common/desktop.nix
Normal file
|
@ -0,0 +1,107 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (lib) mkIf mkEnableOption;
|
||||
cfg = config.shelman.podman;
|
||||
in
|
||||
{
|
||||
options.shelman.desktop.enable = mkEnableOption "Desktop environment and common applications";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [ gnome-ssh-askpass4 ];
|
||||
|
||||
# Excluding some GNOME applications from the default install
|
||||
environment.gnome.excludePackages =
|
||||
(with pkgs; [
|
||||
gnome-connections
|
||||
gnome-photos
|
||||
gnome-tour
|
||||
snapshot
|
||||
])
|
||||
++ (with pkgs.gnome; [
|
||||
atomix # puzzle game
|
||||
baobab # disk usage analyzer
|
||||
cheese # webcam tool
|
||||
epiphany # web browser
|
||||
geary # email reader
|
||||
gnome-clocks
|
||||
gnome-contacts
|
||||
gnome-disk-utility
|
||||
gnome-logs
|
||||
gnome-music
|
||||
gnome-terminal
|
||||
hitori # sudoku game
|
||||
iagno # go game
|
||||
simple-scan
|
||||
tali # poker game
|
||||
yelp # help viewer
|
||||
]);
|
||||
|
||||
fonts = {
|
||||
fontDir.enable = true;
|
||||
fontconfig = {
|
||||
allowBitmaps = false;
|
||||
antialias = true;
|
||||
defaultFonts = {
|
||||
serif = [ "Liberation Serif" ];
|
||||
sansSerif = [ "Inter" ];
|
||||
monospace = [ "BerkeleyMono Nerd Font" ];
|
||||
};
|
||||
hinting.enable = true;
|
||||
hinting.style = "slight";
|
||||
subpixel.rgba = "rgb";
|
||||
};
|
||||
packages = with pkgs; [
|
||||
inter
|
||||
jetbrains-mono
|
||||
liberation_ttf
|
||||
monaspace
|
||||
(pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
|
||||
noto-fonts
|
||||
noto-fonts-cjk
|
||||
noto-fonts-color-emoji
|
||||
roboto
|
||||
ubuntu_font_family
|
||||
];
|
||||
};
|
||||
|
||||
programs.ssh.askPassword = "${pkgs.gnome-ssh-askpass4}/bin/gnome-ssh-askpass4";
|
||||
programs.ssh.startAgent = true;
|
||||
|
||||
programs.steam = {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true;
|
||||
dedicatedServer.openFirewall = true;
|
||||
localNetworkGameTransfers.openFirewall = true;
|
||||
};
|
||||
|
||||
services.gnome.gnome-keyring.enable = true;
|
||||
|
||||
services.printing.enable = true;
|
||||
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
displayManager.defaultSession = "gnome";
|
||||
displayManager.gdm.enable = true;
|
||||
displayManager.gdm.autoSuspend = false;
|
||||
desktopManager.gnome.enable = true;
|
||||
xkb.layout = "se";
|
||||
xkb.variant = "us";
|
||||
};
|
||||
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
43
common/hardening.nix
Normal file
43
common/hardening.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
nix.settings.allowed-users = [
|
||||
"@wheel"
|
||||
"root"
|
||||
];
|
||||
|
||||
boot.specialFileSystems = lib.mkIf (
|
||||
!config.security.rtkit.enable && !config.security.polkit.enable
|
||||
) { "/proc".options = [ "hidepid=2" ]; };
|
||||
|
||||
boot.kernel.sysctl."kernel.dmesg_restrict" = 1;
|
||||
|
||||
environment.systemPackages = [ pkgs.doas-sudo-shim ];
|
||||
|
||||
security = {
|
||||
doas = {
|
||||
enable = true;
|
||||
extraRules = [
|
||||
{
|
||||
groups = [ "wheel" ];
|
||||
keepEnv = true;
|
||||
persist = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
sudo.enable = false;
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
# prevents mutable /home/$user/.ssh/authorized_keys from being loaded to ensure that all user keys are config managed
|
||||
# authorizedKeysFiles = lib.mkForce [ "/etc/ssh/authorized_keys.d/%u" ];
|
||||
};
|
||||
|
||||
users.users.root.hashedPassword = "!";
|
||||
}
|
20
common/laptop.nix
Normal file
20
common/laptop.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (lib) mkIf mkEnableOption;
|
||||
cfg = config.shelman.podman;
|
||||
in
|
||||
{
|
||||
options.shelman.laptop.enable = mkEnableOption "Laptop tools and configuration";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [ gnomeExtensions.battery-health-charging ];
|
||||
|
||||
services.fprintd.enable = true;
|
||||
};
|
||||
}
|
|
@ -1,15 +1,47 @@
|
|||
{ outputs, ... }:
|
||||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
nix =
|
||||
let
|
||||
flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
|
||||
in
|
||||
{
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
experimental-features = "nix-command flakes";
|
||||
flake-registry = "";
|
||||
# Workaround for https://github.com/NixOS/nix/issues/9574
|
||||
nix-path = config.nix.nixPath;
|
||||
substituters = [ "https://cache.nixos.org/" ];
|
||||
trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
|
||||
};
|
||||
channel.enable = false;
|
||||
registry = lib.mapAttrs (_: flake: { inherit flake; }) flakeInputs;
|
||||
nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
|
||||
};
|
||||
|
||||
nixpkgs = {
|
||||
config.allowUnfree = true;
|
||||
overlays = [
|
||||
outputs.overlays.additions
|
||||
outputs.overlays.modifications
|
||||
outputs.overlays.unstable-packages
|
||||
];
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
|
||||
programs.home-manager.enable = true;
|
||||
programs.nh = {
|
||||
enable = true;
|
||||
clean.enable = true;
|
||||
clean.extraArgs = "--keep-since 14d --keep 5";
|
||||
};
|
||||
programs.nix-ld.enable = true;
|
||||
|
||||
systemd.user.startServices = "sd-switch";
|
||||
environment.systemPackages = with pkgs; [ nvd ];
|
||||
}
|
||||
|
|
45
common/plymouth.nix
Normal file
45
common/plymouth.nix
Normal file
|
@ -0,0 +1,45 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (lib) mkIf mkEnableOption;
|
||||
cfg = config.shelman.plymouth;
|
||||
in
|
||||
{
|
||||
options.shelman.plymouth.enable = mkEnableOption "Fancy boot splash";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
boot = {
|
||||
consoleLogLevel = 0;
|
||||
initrd.verbose = false;
|
||||
|
||||
# Hide the OS choice for bootloaders.
|
||||
# It's still possible to open the bootloader list by pressing any key
|
||||
# It will just not appear on screen unless a key is pressed
|
||||
loader.timeout = 0;
|
||||
|
||||
kernelParams = [
|
||||
"quiet"
|
||||
"splash"
|
||||
"boot.shell_on_fail"
|
||||
"loglevel=3"
|
||||
"rd.systemd.show_status=false"
|
||||
"rd.udev.log_level=3"
|
||||
"udev.log_priority=3"
|
||||
];
|
||||
|
||||
plymouth = {
|
||||
enable = true;
|
||||
theme = "spinner_alt";
|
||||
themePackages = with pkgs; [
|
||||
(adi1090x-plymouth-themes.override { selected_themes = [ "spinner_alt" ]; })
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
}
|
48
common/podman.nix
Normal file
48
common/podman.nix
Normal file
|
@ -0,0 +1,48 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (lib) mkIf mkEnableOption;
|
||||
cfg = config.shelman.podman;
|
||||
in
|
||||
{
|
||||
options.shelman.podman.enable = mkEnableOption "Podman";
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.extraInit = ''
|
||||
if [ -z "$DOCKER_HOST" -a -n "$XDG_RUNTIME_DIR" ]; then
|
||||
export DOCKER_HOST="unix://$XDG_RUNTIME_DIR/podman/podman.sock"
|
||||
fi
|
||||
'';
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
docker-compose
|
||||
podman-compose
|
||||
];
|
||||
|
||||
virtualisation = {
|
||||
containers = {
|
||||
enable = true;
|
||||
storage.settings = {
|
||||
storage = {
|
||||
driver = "overlay";
|
||||
runroot = "/run/containers/storage";
|
||||
graphroot = "/var/lib/containers/storage";
|
||||
rootless_storage_path = "/tmp/containers-$USER";
|
||||
options.overlay.mountopt = "nodev,metacopy=on";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
oci-containers.backend = "podman";
|
||||
podman = {
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
93
flake.lock
93
flake.lock
|
@ -1,5 +1,55 @@
|
|||
{
|
||||
"nodes": {
|
||||
"colmena": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"stable": "stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711386353,
|
||||
"narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=",
|
||||
"path": "/nix/store/in94zdj4ls6p21r3q4zzvmbd61g9ap3b-source",
|
||||
"rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
"id": "colmena",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1650374568,
|
||||
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -7,11 +57,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1722462338,
|
||||
"narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=",
|
||||
"lastModified": 1722203588,
|
||||
"narHash": "sha256-91V5FMSQ4z9bkhTCf0f86Zjw0bh367daSf0mzCIW0vU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "6e090576c4824b16e8759ebca3958c5b09659ee8",
|
||||
"rev": "792757f643cedc13f02098d8ed506d82e19ec1da",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -24,11 +74,27 @@
|
|||
"locked": {
|
||||
"lastModified": 1722421184,
|
||||
"narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=",
|
||||
"owner": "nixos",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1722062969,
|
||||
"narHash": "sha256-QOS0ykELUmPbrrUGmegAUlpmUFznDQeR4q7rFhl8eQg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b73c2221a46c13557b1b3be9c2070cc42cf01eb3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
|
@ -38,8 +104,25 @@
|
|||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"colmena": "colmena",
|
||||
"home-manager": "home-manager",
|
||||
"nixpkgs": "nixpkgs"
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
}
|
||||
},
|
||||
"stable": {
|
||||
"locked": {
|
||||
"lastModified": 1696039360,
|
||||
"narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "32dcb45f66c0487e92db8303a798ebc548cadedc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
27
flake.nix
27
flake.nix
|
@ -12,6 +12,7 @@
|
|||
{
|
||||
self,
|
||||
nixpkgs,
|
||||
colmena,
|
||||
home-manager,
|
||||
...
|
||||
}@inputs:
|
||||
|
@ -21,18 +22,27 @@
|
|||
mkHome =
|
||||
modules:
|
||||
home-manager.lib.homeManagerConfiguration {
|
||||
modules = [ ./common ] ++ modules;
|
||||
modules = [ ./home/common ] ++ modules;
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
extraSpecialArgs = {
|
||||
inherit inputs outputs;
|
||||
};
|
||||
};
|
||||
|
||||
mkHost =
|
||||
modules:
|
||||
nixpkgs.lib.nixosSystem {
|
||||
specialArgs = {
|
||||
inherit inputs outputs;
|
||||
};
|
||||
system = "x86_64-linux";
|
||||
modules = [ ./common ] ++ modules;
|
||||
};
|
||||
|
||||
supportedSystems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
|
||||
forEachSystem =
|
||||
f:
|
||||
builtins.listToAttrs (
|
||||
|
@ -58,14 +68,19 @@
|
|||
devShells = forEachSystem' (
|
||||
{ system, pkgs, ... }:
|
||||
{
|
||||
default = pkgs.mkShell { packages = [ pkgs.just ]; };
|
||||
default = pkgs.mkShell { packages = [ pkgs.colmena ]; };
|
||||
}
|
||||
);
|
||||
|
||||
homeConfigurations = {
|
||||
"dln@dinky" = mkHome [ ./users/dln/dinky.nix ];
|
||||
"dln@nemo" = mkHome [ ./users/dln/nemo.nix ];
|
||||
"lsjostro@nemo" = mkHome [ ./users/lsjostro/nemo.nix ];
|
||||
"dln@dinky" = mkHome [ ./home/dln/dinky.nix ];
|
||||
"dln@nemo" = mkHome [ ./home/dln/nemo.nix ];
|
||||
"lsjostro@nemo" = mkHome [ ./home/lsjostro/nemo.nix ];
|
||||
};
|
||||
|
||||
nixosConfigurations = {
|
||||
dinky = mkHost [ ./hosts/dinky ];
|
||||
nemo = mkHost [ ./hosts/nemo ];
|
||||
};
|
||||
|
||||
};
|
||||
|
|
21
home/common/default.nix
Normal file
21
home/common/default.nix
Normal file
|
@ -0,0 +1,21 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./atuin.nix
|
||||
./broot.nix
|
||||
./devel.nix
|
||||
./fish.nix
|
||||
./gnome.nix
|
||||
./k8s.nix
|
||||
./nix.nix
|
||||
./nvim.nix
|
||||
./scripts.nix
|
||||
./ssh.nix
|
||||
./utils.nix
|
||||
./vcs.nix
|
||||
./web.nix
|
||||
./wezterm.nix
|
||||
];
|
||||
|
||||
options.shelman.desktop.enable = lib.mkEnableOption "Desktop environment";
|
||||
}
|
|
@ -93,7 +93,7 @@
|
|||
|
||||
rg.body = ''
|
||||
if status is-interactive
|
||||
command rg --json $argv | delta
|
||||
command rg -p $argv | bat
|
||||
else
|
||||
command rg $argv
|
||||
end
|
||||
|
@ -101,11 +101,11 @@
|
|||
};
|
||||
|
||||
interactiveShellInit = lib.concatStringsSep "\n" [
|
||||
(builtins.readFile ../files/config/fish/config.fish)
|
||||
(builtins.readFile ../files/config/fish/semantic-prompt.fish)
|
||||
(builtins.readFile ../files/config/fish/go-task.fish)
|
||||
(builtins.readFile ../files/config/fish/jj.fish)
|
||||
(builtins.readFile ../files/config/fish/vcs.fish)
|
||||
(builtins.readFile ../../files/config/fish/config.fish)
|
||||
(builtins.readFile ../../files/config/fish/semantic-prompt.fish)
|
||||
(builtins.readFile ../../files/config/fish/go-task.fish)
|
||||
(builtins.readFile ../../files/config/fish/jj.fish)
|
||||
(builtins.readFile ../../files/config/fish/vcs.fish)
|
||||
];
|
||||
|
||||
shellAbbrs = {
|
15
home/common/nix.nix
Normal file
15
home/common/nix.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ outputs, ... }:
|
||||
{
|
||||
nixpkgs = {
|
||||
config.allowUnfree = true;
|
||||
overlays = [
|
||||
outputs.overlays.additions
|
||||
outputs.overlays.modifications
|
||||
outputs.overlays.unstable-packages
|
||||
];
|
||||
};
|
||||
|
||||
programs.home-manager.enable = true;
|
||||
|
||||
systemd.user.startServices = "sd-switch";
|
||||
}
|
|
@ -13,7 +13,7 @@
|
|||
xdg.configFile = {
|
||||
"nvim" = {
|
||||
recursive = true;
|
||||
source = ./../files/config/nvim;
|
||||
source = ./../../files/config/nvim;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -8,7 +8,7 @@
|
|||
home.file = {
|
||||
".local/bin" = {
|
||||
recursive = true;
|
||||
source = ./../files/scripts;
|
||||
source = ./../../files/scripts;
|
||||
};
|
||||
|
||||
};
|
|
@ -4,7 +4,7 @@
|
|||
|
||||
programs.wezterm = {
|
||||
enable = true;
|
||||
extraConfig = builtins.readFile ./../files/config/wezterm/wezterm.lua;
|
||||
extraConfig = builtins.readFile ./../../files/config/wezterm/wezterm.lua;
|
||||
};
|
||||
|
||||
};
|
113
hosts/dinky/default.nix
Normal file
113
hosts/dinky/default.nix
Normal file
|
@ -0,0 +1,113 @@
|
|||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot = {
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"thunderbolt"
|
||||
"nvme"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
];
|
||||
kernelModules = [ ];
|
||||
luks.devices."enc".device = "/dev/disk/by-uuid/e7c7a230-b321-4e6d-869c-6c2d858455d2";
|
||||
systemd.enable = true;
|
||||
};
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
kernelParams = [ "mitigations=off" ];
|
||||
extraModulePackages = [ ];
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/81e5205d-fe1e-458f-82e1-d60ab03c0a1d";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"noatime"
|
||||
"nodiratime"
|
||||
];
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/D6C0-1A05";
|
||||
fsType = "vfat";
|
||||
options = [
|
||||
"fmask=0022"
|
||||
"dmask=0022"
|
||||
];
|
||||
};
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
vpl-gpu-rt
|
||||
intel-media-driver
|
||||
vaapiVdpau
|
||||
libvdpau-va-gl
|
||||
];
|
||||
};
|
||||
|
||||
hardware.nitrokey.enable = true;
|
||||
|
||||
swapDevices = [ { device = "/dev/disk/by-uuid/c9cc5270-87b0-4ed4-9891-7df924b0f55a"; } ];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
android-tools
|
||||
android-udev-rules
|
||||
mullvad-vpn
|
||||
];
|
||||
|
||||
services.printing.enable = true;
|
||||
services.printing.drivers = [ pkgs.brlaser ];
|
||||
|
||||
programs.adb.enable = true;
|
||||
|
||||
networking = {
|
||||
hostName = "dinky";
|
||||
useDHCP = lib.mkDefault true;
|
||||
};
|
||||
|
||||
services.mullvad-vpn.enable = true;
|
||||
|
||||
users.users.dln = {
|
||||
isNormalUser = true;
|
||||
description = "Daniel Lundin";
|
||||
extraGroups = [
|
||||
"adbusers"
|
||||
"lp"
|
||||
"nitrokey"
|
||||
"wheel"
|
||||
];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILwakA+EeuR23vRhjvjMkzK+FtWIhpnbs7z1pfnBehCUAAAABHNzaDo= dln@dinky"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln@nemo"
|
||||
];
|
||||
};
|
||||
|
||||
shelman = {
|
||||
desktop.enable = true;
|
||||
laptop.enable = true;
|
||||
plymouth.enable = true;
|
||||
podman.enable = true;
|
||||
};
|
||||
|
||||
services.xserver.displayManager.autoLogin.enable = true;
|
||||
services.xserver.displayManager.autoLogin.user = "dln";
|
||||
systemd.services."getty@tty1".enable = false;
|
||||
systemd.services."autovt@tty1".enable = false;
|
||||
|
||||
system.stateVersion = "24.05"; # Did you read the comment?
|
||||
}
|
192
hosts/nemo/default.nix
Normal file
192
hosts/nemo/default.nix
Normal file
|
@ -0,0 +1,192 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||
|
||||
boot = {
|
||||
extraModulePackages = with config.boot.kernelPackages; [ nct6687d ];
|
||||
initrd.availableKernelModules = [
|
||||
"xhci_pci"
|
||||
"ahci"
|
||||
"nct6687"
|
||||
"nvme"
|
||||
"firewire_ohci"
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"sd_mod"
|
||||
];
|
||||
initrd.kernelModules = [ "nct6687" ];
|
||||
kernelModules = [
|
||||
"nct6687"
|
||||
"kvm-intel"
|
||||
];
|
||||
extraModprobeConfig = ''
|
||||
options nct6687 force=1
|
||||
'';
|
||||
kernelParams = [ "mitigations=off" ];
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/b9514f88-1c83-4596-999f-7e3640db6a86";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"subvol=@"
|
||||
"noatime"
|
||||
"nodiratime"
|
||||
];
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "/dev/disk/by-uuid/b9514f88-1c83-4596-999f-7e3640db6a86";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
"subvol=@home"
|
||||
"noatime"
|
||||
"nodiratime"
|
||||
];
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/2670-0FCA";
|
||||
fsType = "vfat";
|
||||
options = [
|
||||
"fmask=0022"
|
||||
"dmask=0022"
|
||||
];
|
||||
};
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.graphics = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
vpl-gpu-rt
|
||||
intel-media-driver
|
||||
vaapiVdpau
|
||||
libvdpau-va-gl
|
||||
];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
|
||||
networking = {
|
||||
hostName = "nemo"; # Define your hostname.
|
||||
nameservers = [
|
||||
"10.1.100.11"
|
||||
"10.1.100.12"
|
||||
"10.1.100.13"
|
||||
];
|
||||
networkmanager.enable = false;
|
||||
useDHCP = false;
|
||||
wireless.iwd = {
|
||||
enable = true;
|
||||
settings = {
|
||||
DriverQuirks.PowerSaveDisable = "*";
|
||||
Network = {
|
||||
EnableIPv6 = false;
|
||||
NameResolvingService = "systemd";
|
||||
};
|
||||
Scan.DisablePeriodicScan = true;
|
||||
Settings = {
|
||||
AutoConnect = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
22000 # Syncthing
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [
|
||||
22000 # Synchthing
|
||||
21027
|
||||
];
|
||||
|
||||
systemd.network.enable = true;
|
||||
systemd.network.networks."10-wifi" = {
|
||||
matchConfig.Name = "wlan0";
|
||||
address = [ "10.1.100.20/24" ];
|
||||
gateway = [ "10.1.100.1" ];
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
|
||||
security = {
|
||||
pam.services.doas =
|
||||
{ config, ... }:
|
||||
{
|
||||
rules.auth.rssh = {
|
||||
order = config.rules.auth.ssh_agent_auth.order - 1;
|
||||
control = "sufficient";
|
||||
modulePath = "${pkgs.pam_rssh}/lib/libpam_rssh.so";
|
||||
settings.authorized_keys_command = pkgs.writeShellScript "get-authorized-keys" ''
|
||||
cat "/etc/ssh/authorized_keys.d/$1"
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.resolved = {
|
||||
enable = true;
|
||||
domains = [ "~." ];
|
||||
fallbackDns = [ "9.9.9.9" ];
|
||||
};
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PasswordAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
StreamLocalBindUnlink = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.sunshine = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
settings = { };
|
||||
};
|
||||
|
||||
shelman = {
|
||||
desktop.enable = true;
|
||||
plymouth.enable = true;
|
||||
podman.enable = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
ffado
|
||||
lm_sensors
|
||||
openconnect
|
||||
pam_rssh
|
||||
];
|
||||
|
||||
programs.coolercontrol.enable = true;
|
||||
|
||||
users.users.dln = {
|
||||
isNormalUser = true;
|
||||
description = "Daniel Lundin";
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIHMAEZx02kbHrEygyPQYStiXlrIe6EIqBCv7anIkL0pAAAABHNzaDo= dln@dinky"
|
||||
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln@nemo"
|
||||
];
|
||||
};
|
||||
|
||||
users.users.lsjostro = {
|
||||
isNormalUser = true;
|
||||
description = "Lars Sjöström";
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJ10mLOpInoqDaySyrxbzvcOrJfLw48Y6eWHa9501lw+hEEBXya3ib7nlvpCqEQJ8aPU5fVRqpkOW5zSimCiRbwAAAAEc3NoOg=="
|
||||
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLpoKvsZDIQQLfgzJhe1jAQubBNxjydkj8UfdUPaSXqgfB02OypMOC1m5ZuJYcQIxox0I+4Z8xstFhYP6s8zKZwAAAAEc3NoOg=="
|
||||
];
|
||||
};
|
||||
|
||||
system.stateVersion = "24.05"; # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
}
|
18
justfile
18
justfile
|
@ -4,14 +4,26 @@ set shell := ["/usr/bin/env", "bash", "-euo", "pipefail", "-c"]
|
|||
default:
|
||||
@just --list
|
||||
|
||||
boot:
|
||||
nh os boot .
|
||||
|
||||
build:
|
||||
nh os build .
|
||||
|
||||
switch:
|
||||
nh os switch .
|
||||
|
||||
update:
|
||||
nh os switch --update --ask .
|
||||
|
||||
clean:
|
||||
nh clean all
|
||||
|
||||
build:
|
||||
home-build:
|
||||
nh home build .
|
||||
|
||||
switch:
|
||||
home-switch:
|
||||
nh home switch .
|
||||
|
||||
update:
|
||||
home-update:
|
||||
nh home switch --update --ask .
|
||||
|
|
Loading…
Reference in a new issue