nix
/
System
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'rewrite'

This commit is contained in:
Nathan McCarty 2022-09-08 15:38:20 -04:00
parent cd72ffc885 ebd97336e9
commit 5152c8a733
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
127 changed files with 4381 additions and 3616 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.sops.yaml
View File

@ -7,7 +7,7 @@ keys:
- &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla
- &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
creation_rules: creation_rules:
- path_regex: .* - path_regex: secrets/all/.*
key_groups: key_groups:
- age: - age:
- *nathan - *nathan
@ -16,3 +16,13 @@ creation_rules:
- *perception - *perception
- *shadowchild - *shadowchild
- *matrix - *matrix
- path_regex: secrets/levitation
key_groups:
- age:
- *nathan
- *levitation
- path_regex: secrets/oracles
key_groups:
- age:
- *nathan
- *oracles

96
applications/communications.nix
View File

@ -1,96 +0,0 @@
# Communications software
{ config, pkgs, unstable, ... }:
{
# Pull in personal overlay
# nixpkgs.overlays = [ (import ../../overlays/personal/overlay.nix) ];
environment.systemPackages = with pkgs;
let
enableWayland = drv: bin: drv.overrideAttrs (
old: {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ];
postFixup = (old.postFixup or "") + ''
wrapProgram $out/bin/${bin} \
--add-flags "--enable-features=UseOzonePlatform" \
--add-flags "--ozone-platform=wayland"
'';
}
);
## Wayland workaround chromium desktop items
# Facebook messenger
fbChromeDesktopItem = pkgs.makeDesktopItem {
name = "messenger-chrome";
desktopName = "Messenger (chrome)";
exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://messenger.com\"";
terminal = false;
};
# Teams
teamsItem = pkgs.makeDesktopItem {
name = "teams-wayland";
desktopName = "Teams (Wayland)";
exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"https://teams.microsoft.com\"";
terminal = false;
};
# Discord
discordWayland = pkgs.callPackage ../packages/discord/default.nix rec {
pname = "discord-electron";
binaryName = "Discord";
desktopName = "Discord (Wayland)";
version = "0.0.18";
src = fetchurl {
url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz";
hash = "sha256-BBc4n6Q3xuBE13JS3gz/6EcwdOWW57NLp2saOlwOgMI=";
};
electron = pkgs.electron_13;
};
## Pass wayland options to existing applications
signalWaylandItem = pkgs.makeDesktopItem {
name = "signal-desktop-wayland";
desktopName = "Signal (Wayland)";
exec = "${unstable.signal-desktop}/bin/signal-desktop --enable-features=UseOzonePlatform -ozone-platform=wayland";
terminal = false;
icon = "signal-desktop";
type = "Application";
};
zulipWayland = pkgs.makeDesktopItem {
name = "zulip-wayland";
desktopName = "Zulip (Wayland)";
exec = "${unstable.zulip}/bin/zulip --enable-features=UseOzonePlatform --ozone-platform=wayland";
terminal = false;
icon = "zulip";
type = "Application";
};
in
[
# Discord
discordWayland
unstable.betterdiscordctl
# Desktop matrix client
(enableWayland element-desktop "element-desktop")
# Desktop signal client
(enableWayland signal-desktop "signal-desktop")
# Desktop telegram client
tdesktop
# Desktop mastodon client
tootle
# zulip
unstable.zulip
zulipWayland
# Zoom (for work, sadly)
unstable.zoom-us
# Teams (also for work)
unstable.teams
# chromium
chromium
# Wayland workaround packages
fbChromeDesktopItem
teamsItem
];
# Work around for discord jank ugh
nixpkgs.config.permittedInsecurePackages = [
"electron-13.6.9"
];
}

10
applications/devel-core-linux.nix
View File

@ -1,10 +0,0 @@
# Linux Specific Core development libraries
{ config, pkgs, unstable, ... }:
{
environment.systemPackages = with pkgs; [
gcc
binutils
clang
unstable.mold
];
}

31
applications/devel-core.nix
View File

@ -1,31 +0,0 @@
# Core development libraries
{ config, pkgs, unstable, ... }:
{
environment.systemPackages = with pkgs; [
# Full version of git
unstable.gitFull
# Git addons
git-secret
unstable.git-lfs
delta
# General development requirements
python3Full
cmake
libtool
gnumake
nixpkgs-fmt
# jq for interacting with JSON
jq
jc
# Viewer for deeply nested JSON
fx
# Direnv for nix-shell niceness
direnv
# Sops for secrets
sops
# Just in case
neovim
# For python
nodePackages.pyright
];
}

10
applications/devel-js.nix
View File

@ -1,10 +0,0 @@
{ config, unstable, pkgs, ... }:
{
environment.systemPackages = with unstable; [
nodejs
yarn
nodePackages.typescript
deno
];
}

12
applications/devel-kotlin.nix
View File

@ -1,12 +0,0 @@
{ config, lib, pkgs, java, unstable, ... }:
{
environment.systemPackages = with unstable; [
java.packages.${system}.semeru-stable
gradle
kotlin
kotlin-native
kotlin-language-server
ktlint
];
}

8
applications/devel-raku.nix
View File

@ -1,8 +0,0 @@
{ config, lib, pkgs, unstable, ... }:
{
environment.systemPackages = with unstable; [
rakudo
zef
];
}

27
applications/devel-rust.nix
View File

@ -1,27 +0,0 @@
# Utilities for developing in rust
{ config, pkgs, unstable, fenix, ... }:
{
environment.systemPackages = with pkgs; [
# Use rustup to get the compiler
rustup
# Install the latest rust analyzer
fenix.packages."${system}".rust-analyzer
# Sccache for faster builds
sccache
# Misc cargo utilites
cargo-binutils # Allow invoking the llvm tools included with the toolchain
cargo-edit # Command line Cargo.toml manipulation
cargo-asm # Dump the generated assembly
cargo-fuzz # front end for fuzz testing rust
cargo-license # Audit the licenses of dependencies
cargo-criterion # Benchmarking front end
cargo-audit # Check dependencies for known CVEs
cargo-bloat # Find out what's taking up space in the executable
cargo-udeps # Find unused dependencies
cargo-expand # Dump expanded macros
unstable.cargo-tarpaulin # Code coverage
cargo-play # Quickly execute code outside of a crate
# For building stuff that uses protocol buffers
protobuf
];
}

56
applications/emacs.nix
View File

@ -1,56 +0,0 @@
{ config, pkgs, doomEmacs, ... }:
{
# Install emacs
environment.systemPackages = with pkgs; [
# For markdown rendering
python39Packages.grip
# For graph generation
graphviz
sqlite
# For latex editing
texlive.combined.scheme-medium
];
# Utilize home-manager
home-manager.users.nathan = {
# Nixify doomEmacs
# TODO:Reenable, currently off because of ghub
imports = [ doomEmacs ];
programs.doom-emacs = {
enable = true;
doomPrivateDir = ../doom.d;
emacsPackagesOverlay = self: super: {
org-protocol-capture-html = self.trivialBuild {
pname = "org-protocol-capture-html";
ename = "org-protocol-capture-html";
version = "0.0.0";
buildInputs = [ self.s ];
src = pkgs.fetchFromGitHub {
owner = "alphapapa";
repo = "org-protocol-capture-html";
rev = "3359ce9a2f3b48df26329adaee0c4710b1024250";
hash = "sha256-ueEHJCS+aHYCnd4Lm3NKgqg+m921nl5XijE9ZnSRQXI=";
};
};
};
emacsPackage = pkgs.emacsPgtkNativeComp;
};
# Configure org protocol handler
home.packages = (with pkgs; [
(makeDesktopItem {
name = "org-protocol";
exec = "emacsclient %u";
comment = "Org protocol";
desktopName = "org-protocol";
type = "Application";
mimeTypes = [ "x-scheme-handler/org-protocol" ];
})
]);
# Startup service
services.emacs = {
enable = pkgs.stdenv.isLinux;
client.enable = true;
defaultEditor = true;
};
};
}

16
applications/image-editing.nix
View File

@ -1,16 +0,0 @@
# Image editing applications
{ config, pkgs, unstable, ... }:
{
environment.systemPackages = with pkgs; [
# RawTherapee for raw editing
unstable.rawtherapee
# Gimp for complex editing
unstable.gimp-with-plugins
# Krita for drawing
unstable.krita
# Pinta for basic image editing
unstable.pinta
# Command line tools for image conversion and handling
imagemagickBig
];
}

163
applications/media.nix
View File

@ -1,163 +0,0 @@
# Media players and other applications
{ config, pkgs, lib, unstable, ... }:
let
mopidyEnv = pkgs.buildEnv {
name = "mopidy-daemon-environment";
paths = with pkgs; [
mopidy-mpd
mopidy-iris
mopidy-scrobbler
mopidy-local
];
pathsToLink = [ "/${pkgs.mopidyPackages.python.sitePackages}" ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
makeWrapper ${pkgs.mopidy}/bin/mopidy $out/bin/mopidy \
--prefix PYTHONPATH : $out/${pkgs.mopidyPackages.python.sitePackages}
'';
};
mopidyConf = pkgs.writeText "mopidy.conf"
''
[core]
#cache_dir = $XDG_CACHE_DIR/mopidy
#config_dir = $XDG_CONFIG_DIR/mopidy
#data_dir = $XDG_DATA_DIR/mopidy
#max_tracklist_length = 10000
#restore_state = false
[logging]
#verbosity = 0
#format = %(levelname)-8s %(asctime)s [%(process)d:%(threadName)s] %(name)s\n %(message)s
#color = true
#config_file =
[audio]
#mixer = software
#mixer_volume =
#output = autoaudiosink
#buffer_time =
[proxy]
#scheme =
#hostname =
#port =
#username =
#password =
[file]
enabled = true
media_dirs =
~/Music
# $XDG_MUSIC_DIR|Music
#excluded_file_extensions =
# .directory
# .html
# .jpeg
# .jpg
# .log
# .nfo
# .pdf
# .png
# .txt
# .zip
#show_dotfiles = false
#follow_symlinks = false
#metadata_timeout = 1000
[local]
media_dir = /home/nathan/Music
[http]
#enabled = true
#hostname = 127.0.0.1
#port = 6680
#zeroconf = Mopidy HTTP server on $hostname
#allowed_origins =
#csrf_protection = true
#default_app = mopidy
[m3u]
#enabled = true
#base_dir = $XDG_MUSIC_DIR
#default_encoding = latin-1
#default_extension = .m3u8
#playlists_dir =
[softwaremixer]
#enabled = true
[stream]
#enabled = true
#protocols =
# http
# https
# mms
# rtmp
# rtmps
# rtsp
#metadata_blacklist =
#timeout = 5000
[mpd]
enabled = true
'';
in
{
environment.systemPackages =
let
## Wrapper around iris
irisDesktopItem = pkgs.makeDesktopItem {
name = "iris";
desktopName = "Iris";
exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland --app=\"http://localhost:6680/iris/\"";
terminal = false;
};
in
with pkgs; [
# Spotify
spotify
# Latest version of vlc
unstable.vlc
# Plex client
plex-media-player
# OBS studio for screen recording
unstable.obs-studio
# Soulseek client
nicotine-plus
# Mopidy + extensions
mopidyEnv
# Iris desktop client
irisDesktopItem
# Picard for sorting
unstable.picard
];
# Start mopidy as a user service, for sanity
systemd.user.services.mopidy = {
description = "Mopidy music server";
wantedBy = [ "graphical-session.target" ];
partOf = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = "${mopidyEnv}/bin/mopidy --config ${lib.concatStringsSep ":" [mopidyConf config.sops.secrets.lastfm-conf.path]}";
};
wants = [ "rclone-music.service" ];
enable = true;
};
# Load up lastfm scrobbling secret
sops.secrets.lastfm-conf = {
owner = "nathan";
format = "binary";
sopsFile = ../secrets/lastfm.conf;
};
# Same for the scanning service
systemd.user.services.mopidy-scan = {
description = "Mopidy files local scanner";
serviceConfig = {
ExecStart = "${mopidyEnv}/bin/mopidy local scan";
Type = "oneshot";
};
wants = [ "rclone-music.service" ];
};
}

20
applications/syncthing.nix
View File

@ -1,20 +0,0 @@
{ config, pkgs, unstable, ... }:
{
# Install synthing and syncthing-tray
environment.systemPackages = with pkgs; [
syncthing
unstable.syncthingtray
];
# Home manager configuration
home-manager.users.nathan = {
# Enable the service for both syncthing and the tray
services.syncthing = {
enable = true;
tray = {
enable = true;
package = unstable.syncthingtray;
command = "syncthingtray --wait";
};
};
};
}

56
applications/utils-core.nix
View File

@ -1,56 +0,0 @@
# Basic, must have, command-line utilities
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
# Basic command line utilities
wget
tmux
nano
unzip
any-nix-shell
htop
# Spell check
hunspell
hunspellDicts.en-us
# Rust rewrites of common shell utilities
starship
exa
bat
fd
sd
du-dust
ripgrep
ripgrep-all
tokei
hyperfine
bottom
dogdns
duf
# CLI Markdown renderer
glow
# Command line file manager
broot
# Much better curl
httpie
# CLI spreadsheets
visidata
# User friendly cut
choose
# Cheatsheet manager
cheat
# Ping with a graph
gping
# Man but terse
tealdeer
# Pandoc for documentation
pandoc
# For nslookup
dnsutils
# Feh image viewer
feh
# Mosh for better high-latency ssh
mosh
# PV for viewing pipes
pv
];
}

22
certificates/protonmail-levitation.pem Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDqzCCApOgAwIBAgIRAJ8hYGGIdDyn13K0d/euZzgwDQYJKoZIhvcNAQELBQAw
VzELMAkGA1UEBhMCQ0gxHzAdBgNVBAoTFlByb3RvbiBUZWNobm9sb2dpZXMgQUcx
EzARBgNVBAsTClByb3Rvbk1haWwxEjAQBgNVBAMTCTEyNy4wLjAuMTAeFw0yMjA2
MjgxMjM0MzRaFw00MjA2MjMxMjM0MzRaMFcxCzAJBgNVBAYTAkNIMR8wHQYDVQQK
ExZQcm90b24gVGVjaG5vbG9naWVzIEFHMRMwEQYDVQQLEwpQcm90b25NYWlsMRIw
EAYDVQQDEwkxMjcuMC4wLjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDL1asnn8Z9Uvk8zT9hfdCG2MuHfSYSNi4/RNqzA0kACfCw8/fKQx+FDJOWuZAH
7ZJA8+xk3W+AS2VTb35+TtwWSyIE/9cc4exTSx52Mv/EdhrSCbIBPGmp6MPiLFCf
5xPD7Df6WbfGuTcfc6sBIUPcN9qZmud2tiHCb6CCvyWpTrLjaSCAx5eRB4mKlqiz
bFaTrEal/DSgrtziMRwawCLMH3Q7/6PQNTpXzOGXhrhy3b9Fi7aLLHztQWr23C9K
RI22TgawYh/rG7xd/tjSm7qJkhsqvFoq/41I4c/PMNTpVuCWYQyBr7pm9CxrvIsA
of6vbMScUT+h3pWl/cz1lNrhAgMBAAGjcjBwMA4GA1UdDwEB/wQEAwICpDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
HQ4EFgQUwqc9Wvucag5zHRnlXw6Ti3kt3aAwDwYDVR0RBAgwBocEfwAAATANBgkq
hkiG9w0BAQsFAAOCAQEAp0YD/BlWvjE7PBMnpR4LOJO/RqxtUgaKMb1DiFCtrBai
n3MHJEVaZsFNk7Golm2ZihmfTFou60JFpt7FtspgQp8XzIA0oXnGqB+6EYFfmC8X
aJK1yrOI1R+nYCY99BGZ8BzyhwXh7ofNQt1+SzP7iBA1HwDy19HVQTRedt3rm61Q
WKudhxo8IIhWSTQ2OLYMSU1PrSdPjS+wUBY8rqrXz6xdHT5yxcwMyTURQJmF6GGl
dCVv5Q89hrvG26rv6ycldLMRbBlaAoNr8JCSbHPpU/KQybSsga0Qui7z0w7mYT4z
NJNXADYysmkqbNuj8pAGTzio64EFqQCDbkWOW7DlSQ==
-----END CERTIFICATE-----

10
common.nix
View File

@ -1,10 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
./ssh.nix
./fish.nix
./git.nix
];
programs.home-manager.enable = true;
}

3
core.nix Normal file
View File

@ -0,0 +1,3 @@
{ config, lib, pkgs, ... }:
{ }

37
darwin-modules/base.nix
View File

@ -1,37 +0,0 @@
{ config, pkgs, ... }:
{
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
environment.systemPackages = with pkgs;
[
openssh
coreutils-full
];
# Use a custom configuration.nix location.
# $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix
# environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
# Create /etc/bashrc that loads the nix-darwin environment.
programs.zsh.enable = true; # default shell on catalina
programs.fish.enable = true;
# Give nix packages higher priority than system packages in fish
programs.fish.shellInit = ''
for p in /run/current-system/sw/bin
if not contains $p $fish_user_paths
set -g fish_user_paths $p $fish_user_paths
end
end
'';
# Make nix managed fonts work on macos
fonts.fontDir.enable = true;
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
}

24
darwin-modules/gpg.nix
View File

@ -1,24 +0,0 @@
# Configure gpg with yubikey support
{ config, pkgs, ... }:
{
# Setup environment for gpg agent
environment.shellInit = ''
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
'';
programs = {
# Enable gpg-agent with ssh support
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
};
# install gnupg and yubikey personalization
environment.systemPackages = with pkgs; [
gnupg
yubikey-personalization
];
}

40
desktop.nix
View File

@ -1,40 +0,0 @@
{ pkgs, lib, unstable, ... }: {
## Boot, drivers, and host name
# Use grub
boot.loader = {
grub = {
enable = true;
version = 2;
efiSupport = true;
# Go efi only
device = "nodev";
# Use os-prober
useOSProber = true;
};
efi = {
efiSysMountPoint = "/boot/";
canTouchEfiVariables = true;
};
};
# Enable AMD gpu drivers early
boot.initrd.kernelModules = [ "amdgpu" ];
# Use the zen kernel with muqss turned on
boot.kernelPackages =
let
linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override {
structuredExtraConfig = with lib.kernel; {
SCHED_MUQSS = yes;
};
ignoreConfigErrors = true;
}
);
in
linuxZenWMuQSS;
## Left over uncategorized packages
environment.systemPackages = with pkgs; [
unstable.firefox-beta-bin
wally-cli
];
# Enable ergodox udev rules
hardware.keyboard.zsa.enable = true;
}

86
doom.d/config.el
View File

@ -22,6 +22,7 @@
;; accept. For example: ;; accept. For example:
;; ;;
(setq doom-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light) (setq doom-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light)
doom-unicode-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light)
doom-variable-pitch-font (font-spec :family "Fira Sans" :size 15)) doom-variable-pitch-font (font-spec :family "Fira Sans" :size 15))
;; ;;
;; If you or Emacs can't find your font, use 'M-x describe-font' to look them ;; If you or Emacs can't find your font, use 'M-x describe-font' to look them
@ -99,25 +100,34 @@
:config :config
(setq mixed-pitch-set-height t)) (setq mixed-pitch-set-height t))
(setq doom-modeline-buffer-file-name-style 'truncate-with-project) (setq doom-modeline-buffer-file-name-style 'truncate-with-project
doom-modeline-mu4e t)
(display-time-mode 1) (display-time-mode 1)
(after! treemacs (after! treemacs
(setq treemacs-width 25)) (setq treemacs-width 25))
(use-package! alert
:config
;; TODO: Make this conditional so we can make the correct choice on macos
(setq alert-default-style 'libnotify))
(after! dired
(setq dired-omit-files "\\`[.]?#\\|\\`[.]?\\'\\|^\\.DS_Store\\'\\|^\\.project\\(?:ile\\)?\\'\\|^\\.\\(?:svn\\|git\\)\\'\\|^\\.ccls-cache\\'\\|\\(?:\\.js\\)?\\.meta\\'\\|\\.\\(?:elc\\|o\\|pyo\\|swp\\|class\\)\\'"))
(setq-default fill-column 100) (setq-default fill-column 100)
(after! avy (after! avy
(define-key! (define-key!
"C-:" 'avy-goto-char "M-g c" 'avy-goto-char
"C-'" 'avy-goto-char-2 "M-g x" 'avy-goto-char-2
"M-g f" 'avy-goto-line "M-g f" 'avy-goto-line
"M-g w" 'avy-goto-word-1 "M-g w" 'avy-goto-word-1
"M-g e" 'avy-goto-word-0) "M-g e" 'avy-goto-word-0)
(cheatsheet-add-group 'Avy (cheatsheet-add-group 'Avy
'(:key "C-:" :description "Goto Char") '(:key "M-g c" :description "Goto Char")
'(:key "C-'" :description "Goto Char (2)") '(:key "M-g x" :description "Goto Char (2)")
'(:key "M-g f" :description "Goto line") '(:key "M-g f" :description "Goto line")
'(:key "M-g w" :description "Goto word") '(:key "M-g w" :description "Goto word")
'(:key "M-g e" :description "Goto word (0)"))) '(:key "M-g e" :description "Goto word (0)")))
@ -141,6 +151,14 @@
(use-package! deadgrep (use-package! deadgrep
:bind ("C-c s r" . deadgrep)) :bind ("C-c s r" . deadgrep))
(after! spell-fu
(add-hook 'spell-fu-mode
(lambda ()
(spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en"))
(spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en-science"))
(spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en-computers"))))
(bind-key "C-." #'+spell/correct))
(setq org-hide-emphasis-markers t (setq org-hide-emphasis-markers t
org-pretty-entities t) org-pretty-entities t)
@ -259,6 +277,8 @@ work if it thinks it needs to."
"* %a :website:\n\n%U %?\n\n%:initial") "* %a :website:\n\n%U %?\n\n%:initial")
org-capture-templates)) org-capture-templates))
(use-package! anki-editor)
(use-package! magit-todos (use-package! magit-todos
:hook (magit-mode . magit-todos-mode)) :hook (magit-mode . magit-todos-mode))
@ -304,7 +324,9 @@ work if it thinks it needs to."
lsp-rust-analyzer-experimental-proc-attr-macros t lsp-rust-analyzer-experimental-proc-attr-macros t
lsp-rust-analyzer-proc-macro-enable t lsp-rust-analyzer-proc-macro-enable t
lsp-rust-analyzer-use-rustc-wrapper-for-build-scripts t lsp-rust-analyzer-use-rustc-wrapper-for-build-scripts t
lsp-rust-analyzer-import-enforce-granularity t)) lsp-rust-analyzer-import-enforce-granularity t
lsp-rust-analyzer-diagnostics-enable-experimental t
lsp-rust-analyzer-display-chaining-hints t))
(use-package! markdown-mode (use-package! markdown-mode
:mode ("README\\.md" . gfm-mode) :mode ("README\\.md" . gfm-mode)
@ -330,3 +352,55 @@ work if it thinks it needs to."
elfeed-enclosure-default-dir (concat org-directory "elfeed/enclosures/") elfeed-enclosure-default-dir (concat org-directory "elfeed/enclosures/")
shr-max-width nil) shr-max-width nil)
(make-directory elfeed-db-directory t)) (make-directory elfeed-db-directory t))
(after! mu4e
(setq sendmail-program (executable-find "msmtp")
send-mail-function #'smtpmail-send-it
message-sendmail-f-is-evil t
message-sendmail-extra-arguments '("--read-envelope-from")
message-send-mail-function #'message-send-mail-with-sendmail))
(after! mu4e
(set-email-account! "mccarty.io"
'((mu4e-sent-folder . "/nathan@mccarty.io/Sent")
(mu4e-drafts-folder . "/nathan@mccarty.io/Drafts")
(mu4e-trash-folder . "/nathan@mccarty.io/Trash")
(mu4e-refile-folder . "/nathan@mccarty.io/Archive")
(smtpmail-smtp-user . "nathan@mccarty.io"))
t))
(after! mu4e
(setq mu4e-bookmarks '())
(add-to-list 'mu4e-bookmarks
'(:name "All Mail"
:key ?a
:query "NOT flag:trashed"))
(add-to-list 'mu4e-bookmarks
'(:name "Unread Notifications - nathan@mccarty.io"
:key ?n
:query "maildir:\"/nathan@mccarty.io/Folders/Notifications*\" AND NOT flag:trashed AND flag:unread"))
(add-to-list 'mu4e-bookmarks
'(:name "Inbox - nathan@mccarty.io"
:key ?m
:query "maildir:\"/nathan@mccarty.io/Inbox\" AND NOT flag:trashed"))
(add-to-list 'mu4e-bookmarks
'(:name "Unread"
:key ?u
:query "flag:unread AND NOT flag:trashed")))
(after! mu4e
(setq mu4e-maildir-shortcuts
'((:maildir "/nathan@mccarty.io/Folders/Notifications/Github" :key ?h)
(:maildir "/nathan@mccarty.io/Folders/Notifications/Gitlab" :key ?l)
(:maildir "/nathan@mccarty.io/Folders/Notifications/SourceHut" :key ?s))))
(after! mu4e
(mu4e-alert-enable-mode-line-display))
(setq +mu4e-backend nil)
(after! mu4e
(setq mu4e-get-mail-command "systemctl start --user mbsync.service"
mu4e-update-interval nil))
(after! mu4e
(setq mu4e-change-filenames-when-moving t))

120
doom.d/config.org
View File

@ -5,7 +5,6 @@
My doom emacs configuration My doom emacs configuration
* Basic Doom stuff * Basic Doom stuff
The provided default ~config.el~ The provided default ~config.el~
#+begin_src emacs-lisp #+begin_src emacs-lisp
@ -33,6 +32,7 @@ The provided default ~config.el~
;; accept. For example: ;; accept. For example:
;; ;;
(setq doom-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light) (setq doom-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light)
doom-unicode-font (font-spec :family "FiraCode Nerd Font" :size 11 :weight 'semi-light)
doom-variable-pitch-font (font-spec :family "Fira Sans" :size 15)) doom-variable-pitch-font (font-spec :family "Fira Sans" :size 15))
;; ;;
;; If you or Emacs can't find your font, use 'M-x describe-font' to look them ;; If you or Emacs can't find your font, use 'M-x describe-font' to look them
@ -122,9 +122,12 @@ This tweak applies to:
Setting ~mixed-pitch-set-height~ is required to get ~mixed-pitch-mode~ to render fonts with the correct size in doom emacs, apparently. Setting ~mixed-pitch-set-height~ is required to get ~mixed-pitch-mode~ to render fonts with the correct size in doom emacs, apparently.
** Modeline configuration ** Modeline configuration
Configure the modeline to truncate with project (so that ~~/Projects/Asuran/replicator/src/lib.rs~ becomes ~replicator/s/lib.rs~) Configure the modeline to:
+ truncate with project (so that ~~/Projects/Asuran/replicator/src/lib.rs~ becomes ~replicator/s/lib.rs~)
+ Show the mu4e alert
#+begin_src emacs-lisp #+begin_src emacs-lisp
(setq doom-modeline-buffer-file-name-style 'truncate-with-project) (setq doom-modeline-buffer-file-name-style 'truncate-with-project
doom-modeline-mu4e t)
#+end_src #+end_src
Display the current time in the modeline Display the current time in the modeline
@ -138,6 +141,20 @@ Configure treemacs, doing the following:
(after! treemacs (after! treemacs
(setq treemacs-width 25)) (setq treemacs-width 25))
#+end_src #+end_src
** Alert
Configure notifications that originate from within emacs
#+begin_src emacs-lisp
(use-package! alert
:config
;; TODO: Make this conditional so we can make the correct choice on macos
(setq alert-default-style 'libnotify))
#+end_src
** Dired
Modify the ~dired-omit-files~ regex to exclude the current working directory (~.~), but not the parent directory(~..~).
#+begin_src emacs-lisp
(after! dired
(setq dired-omit-files "\\`[.]?#\\|\\`[.]?\\'\\|^\\.DS_Store\\'\\|^\\.project\\(?:ile\\)?\\'\\|^\\.\\(?:svn\\|git\\)\\'\\|^\\.ccls-cache\\'\\|\\(?:\\.js\\)?\\.meta\\'\\|\\.\\(?:elc\\|o\\|pyo\\|swp\\|class\\)\\'"))
#+end_src
* Basic Editing * Basic Editing
** Fill Column ** Fill Column
Set the default fill column to 100 Set the default fill column to 100
@ -152,14 +169,14 @@ Set up our key bindings
#+begin_src emacs-lisp #+begin_src emacs-lisp
(after! avy (after! avy
(define-key! (define-key!
"C-:" 'avy-goto-char "M-g c" 'avy-goto-char
"C-'" 'avy-goto-char-2 "M-g x" 'avy-goto-char-2
"M-g f" 'avy-goto-line "M-g f" 'avy-goto-line
"M-g w" 'avy-goto-word-1 "M-g w" 'avy-goto-word-1
"M-g e" 'avy-goto-word-0) "M-g e" 'avy-goto-word-0)
(cheatsheet-add-group 'Avy (cheatsheet-add-group 'Avy
'(:key "C-:" :description "Goto Char") '(:key "M-g c" :description "Goto Char")
'(:key "C-'" :description "Goto Char (2)") '(:key "M-g x" :description "Goto Char (2)")
'(:key "M-g f" :description "Goto line") '(:key "M-g f" :description "Goto line")
'(:key "M-g w" :description "Goto word") '(:key "M-g w" :description "Goto word")
'(:key "M-g e" :description "Goto word (0)"))) '(:key "M-g e" :description "Goto word (0)")))
@ -205,7 +222,17 @@ Ripgrep, but from within emacs
(use-package! deadgrep (use-package! deadgrep
:bind ("C-c s r" . deadgrep)) :bind ("C-c s r" . deadgrep))
#+end_src #+end_src
** Spell Checking
Add in all of our dictionaries
#+begin_src emacs-lisp
(after! spell-fu
(add-hook 'spell-fu-mode
(lambda ()
(spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en"))
(spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en-science"))
(spell-fu-dictionary-add (spell-fu-get-ispell-dictionary "en-computers"))))
(bind-key "C-." #'+spell/correct))
#+end_src
* Org Mode * Org Mode
Improvements to the best mode in emacs Improvements to the best mode in emacs
@ -366,6 +393,11 @@ The default template for org-protocol-capture-html
"* %a :website:\n\n%U %?\n\n%:initial") "* %a :website:\n\n%U %?\n\n%:initial")
org-capture-templates)) org-capture-templates))
#+end_src #+end_src
** anki-editor
Flash cards from within emacs.
#+begin_src emacs-lisp
(use-package! anki-editor)
#+end_src
* General Modes * General Modes
** Magit ** Magit
Further configuration for magit Further configuration for magit
@ -472,7 +504,9 @@ Most of these are defaults, but I like having them explicit for my sanity
lsp-rust-analyzer-experimental-proc-attr-macros t lsp-rust-analyzer-experimental-proc-attr-macros t
lsp-rust-analyzer-proc-macro-enable t lsp-rust-analyzer-proc-macro-enable t
lsp-rust-analyzer-use-rustc-wrapper-for-build-scripts t lsp-rust-analyzer-use-rustc-wrapper-for-build-scripts t
lsp-rust-analyzer-import-enforce-granularity t)) lsp-rust-analyzer-import-enforce-granularity t
lsp-rust-analyzer-diagnostics-enable-experimental t
lsp-rust-analyzer-display-chaining-hints t))
#+end_src #+end_src
* Composition * Composition
Modes for handling plain text and prose Modes for handling plain text and prose
@ -528,3 +562,71 @@ Use ~elfeed~ for RSS. Doom provides most of the configuration, but we'll make a
shr-max-width nil) shr-max-width nil)
(make-directory elfeed-db-directory t)) (make-directory elfeed-db-directory t))
#+end_src #+end_src
** Email
Use ~mu4e~ for email. Most of the bootstrap is provided by doom emacs.
First, tell mu4e to use msmtp
#+begin_src emacs-lisp
(after! mu4e
(setq sendmail-program (executable-find "msmtp")
send-mail-function #'smtpmail-send-it
message-sendmail-f-is-evil t
message-sendmail-extra-arguments '("--read-envelope-from")
message-send-mail-function #'message-send-mail-with-sendmail))
#+end_src
Tell it where our account's stuff is
#+begin_src emacs-lisp
(after! mu4e
(set-email-account! "mccarty.io"
'((mu4e-sent-folder . "/nathan@mccarty.io/Sent")
(mu4e-drafts-folder . "/nathan@mccarty.io/Drafts")
(mu4e-trash-folder . "/nathan@mccarty.io/Trash")
(mu4e-refile-folder . "/nathan@mccarty.io/Archive")
(smtpmail-smtp-user . "nathan@mccarty.io"))
t))
#+end_src
Setup our bookmarks, resetting the list of bookmarks first so we can go completely custom
#+begin_src emacs-lisp
(after! mu4e
(setq mu4e-bookmarks '())
(add-to-list 'mu4e-bookmarks
'(:name "All Mail"
:key ?a
:query "NOT flag:trashed"))
(add-to-list 'mu4e-bookmarks
'(:name "Unread Notifications - nathan@mccarty.io"
:key ?n
:query "maildir:\"/nathan@mccarty.io/Folders/Notifications*\" AND NOT flag:trashed AND flag:unread"))
(add-to-list 'mu4e-bookmarks
'(:name "Inbox - nathan@mccarty.io"
:key ?m
:query "maildir:\"/nathan@mccarty.io/Inbox\" AND NOT flag:trashed"))
(add-to-list 'mu4e-bookmarks
'(:name "Unread"
:key ?u
:query "flag:unread AND NOT flag:trashed")))
#+end_src
Setup the maildirs we want to see, we'll show our notifications
#+begin_src emacs-lisp
(after! mu4e
(setq mu4e-maildir-shortcuts
'((:maildir "/nathan@mccarty.io/Folders/Notifications/Github" :key ?h)
(:maildir "/nathan@mccarty.io/Folders/Notifications/Gitlab" :key ?l)
(:maildir "/nathan@mccarty.io/Folders/Notifications/SourceHut" :key ?s))))
#+end_src
Tell it to enable the modeline display
#+begin_src emacs-lisp
(after! mu4e
(mu4e-alert-enable-mode-line-display))
#+end_src
Tell it not to update the mail itself, we have a systemd unit for that
#+begin_src emacs-lisp
(setq +mu4e-backend nil)
(after! mu4e
(setq mu4e-get-mail-command "systemctl start --user mbsync.service"
mu4e-update-interval nil))
#+end_src
We need to tell mu4e to rename files when they are moved, or else mbsync will break, see [[https://github.com/djcb/mu/issues/613#issuecomment-166714305][issue]] and [[http://tiborsimko.org/mbsync-duplicate-uid.html][blog post]]
#+begin_src emacs-lisp
(after! mu4e
(setq mu4e-change-filenames-when-moving t))
#+end_src

25
doom.d/init.el
View File

@ -15,19 +15,17 @@
;; directory (for easy access to its source code). ;; directory (for easy access to its source code).
(doom! :completion (doom! :completion
company ; the ultimate code completion backend (company +childframe) ; the ultimate code completion backend
(ivy +fuzzy +precient +childframe +icons) (ivy +fuzzy +precient +childframe +icons)
:ui :ui
doom ; what makes DOOM look the way it does doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs doom-dashboard ; a nifty splash screen for Emacs
(emoji +unicode +github) ; 🙂 (emoji +unicode) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW hl-todo ; highlight todo-words
indent-guides ; highlighted indent columns indent-guides ; highlighted indent columns
;;(ligatures +fira) ; ligatures and symbols to make your code pretty again
modeline ; snazzy, Atom-inspired modeline, plus API modeline ; snazzy, Atom-inspired modeline, plus API
nav-flash ; blink cursor line after big motions nav-flash ; blink cursor line after big motions
;; ophints ; highlight the region an operation acts on
(popup +defaults) ; tame sudden yet inevitable temporary windows (popup +defaults) ; tame sudden yet inevitable temporary windows
tabs ; a tab bar for Emacs tabs ; a tab bar for Emacs
(treemacs +lsp) ; a project drawer, like neotree but cooler (treemacs +lsp) ; a project drawer, like neotree but cooler
@ -40,7 +38,7 @@
file-templates ; auto-snippets for empty files file-templates ; auto-snippets for empty files
fold ; (nigh) universal code folding fold ; (nigh) universal code folding
(format +onsave) ; automated prettiness (format +onsave) ; automated prettiness
;; multiple-cursors ; editing in many places at once multiple-cursors ; editing in many places at once
rotate-text ; cycle region at point between text candidates rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to snippets ; my elves. They type so I don't have to
word-wrap ; soft wrapping with language-aware indent word-wrap ; soft wrapping with language-aware indent
@ -57,10 +55,10 @@
:checkers :checkers
(syntax +childframe) ; tasing you for every semicolon you forget (syntax +childframe) ; tasing you for every semicolon you forget
(spell +flyspell +hunspell +everywhere) ; tasing you for misspelling mispelling (spell +aspell +everywhere) ; tasing you for misspelling mispelling
:tools :tools
(debugger +lsp) ; FIXME stepping through code, to help you add bugs (debugger +lsp) ; stepping through code, to help you add bugs
direnv direnv
docker docker
editorconfig ; let someone else argue about tabs vs spaces editorconfig ; let someone else argue about tabs vs spaces
@ -73,6 +71,7 @@
:os :os
(:if IS-MAC macos) ; improve compatibility with macOS (:if IS-MAC macos) ; improve compatibility with macOS
(tty +osc)
:lang :lang
data ; config/data formats data ; config/data formats
@ -90,18 +89,12 @@
(kotlin +lsp) (kotlin +lsp)
(java +lsp +meghanada) (java +lsp +meghanada)
(javascript +lsp) (javascript +lsp)
:email :email
;;(mu4e +org +gmail) (mu4e +org)
;;notmuch
;;(wanderlust +gmail)
:app :app
;;calendar
;; emms
;;everywhere ; *leave* Emacs!? You must be joking
;;irc ; how neckbeards socialize
(rss +org) ; emacs as an RSS reader (rss +org) ; emacs as an RSS reader
;;twitter ; twitter client https://twitter.com/vnought
:config :config
literate literate

2
doom.d/packages.el
View File

@ -62,3 +62,5 @@
(package! grip-mode) (package! grip-mode)
(package! org-protocol-capture-html) (package! org-protocol-capture-html)
(package! org-superstar) (package! org-superstar)
(package! alert)
(package! anki-editor)

115
droid.nix
View File

@ -1,115 +0,0 @@
{ config, lib, pkgs, unstable, fenix, ... }:
{
system.stateVersion = "21.11";
environment.sessionVariables = {
XDG_RUNTIME_DIR = "/data/data/com.termux.nix/files/home/run";
GDK_DPI_SCALE = "2";
GDK_SCALE = "2";
};
# Get home-manager up and running
home-manager.config = ./home-manager/common.nix;
# Have to put packages here, as it does not have environment.systemPackages
environment.packages = with pkgs;
[
###
## utils-core
###
# Basic command line utilities
wget
tmux
nano
unzip
any-nix-shell
htop
# Spell check
hunspell
hunspellDicts.en-us
# Rust rewrites of common shell utilities
starship
exa
bat
fd
sd
du-dust
ripgrep
ripgrep-all
tokei
hyperfine
unstable.bottom
dogdns
duf
# CLI Markdown renderer
glow
# Command line file manager
broot
# Much better curl
unstable.httpie
# CLI spreadsheets
visidata
# User friendly cut
choose
# Cheatsheet manager
cheat
# Ping with a graph
gping
# Man but terse
tealdeer
# Pandoc for documentation
unstable.pandoc
# For nslookup
dnsutils
# Feh image viewer
feh
# Mosh for better high-latency ssh
mosh
###
## devel-core
###
# Full version of git
git
# Git addons
git-secret
git-lfs
delta
# General development requirements
python3Full
cmake
libtool
gnumake
nixpkgs-fmt
# jq for interacting with JSON
jq
jc
# Viewer for deeply nested JSON
fx
# Direnv for nix-shell niceness
direnv
###
## devel-rust
###
# Use rustup to get the compiler
rustup
# Install the latest rust analyzer
fenix.rust-analyzer
# Sccache for faster builds
# sccache
# Misc cargo utilites
cargo-binutils # Allow invoking the llvm tools included with the toolchain
cargo-edit # Command line Cargo.toml manipulation
cargo-asm # Dump the generated assembly
cargo-fuzz # front end for fuzz testing rust
cargo-license # Audit the licenses of dependencies
cargo-criterion # Benchmarking front end
cargo-audit # Check dependencies for known CVEs
cargo-bloat # Find out what's taking up space in the executable
cargo-udeps # Find unused dependencies
cargo-expand # Dump expanded macros
cargo-play # Quickly execute code outside of a crate
# For building stuff that uses protocol buffers
protobuf
];
}

334
flake.lock
View File

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1651916036, "lastModified": 1662478528,
"narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=", "narHash": "sha256-Myjd0HPL5lXri3NXOcJ6gP7IKod2eMweQBKM4uxgEGw=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba", "rev": "3b69bf3cc26ae19de847bfe54d6ab22d7381a90a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -24,11 +24,11 @@
"doom-emacs": { "doom-emacs": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1657023376, "lastModified": 1660901074,
"narHash": "sha256-huKtA8twjW3GkfA6NRvCjWMWUEN58ju4sL89rRQxOes=", "narHash": "sha256-3apl0eQlfBj3y0gDdoPp2M6PXYnhxs0QWOHp8B8A9sc=",
"owner": "doomemacs", "owner": "doomemacs",
"repo": "doomemacs", "repo": "doomemacs",
"rev": "9ec60d9ab9eb5d9b098e2452395156b622cce624", "rev": "c44bc81a05f3758ceaa28921dd9c830b9c571e61",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -41,11 +41,11 @@
"doom-snippets": { "doom-snippets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1655900328, "lastModified": 1659894476,
"narHash": "sha256-fEYwFxW2sdzNK14DrS92OCGy8KDPZKewrHljnE/RlzQ=", "narHash": "sha256-1arRqlTos5uj6N47N4hyzHMMoUBxsxaZ/NK7iN5A+ZY=",
"owner": "doomemacs", "owner": "doomemacs",
"repo": "snippets", "repo": "snippets",
"rev": "6b2bd5a77c536ed414794ecf71d37a60ebd4663e", "rev": "f957f8d195872f19c7ab0a777d592c611e10e9bb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -62,17 +62,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1655120294, "lastModified": 1662496984,
"narHash": "sha256-e0IXVoxH3o1QbLtHxANAg2CHdVE3jZBi5ifhh+6Vpcs=", "narHash": "sha256-SWAuZBAr3soy45+vO2gaRG0XTYO3sQVOMe7aPKqIno0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "29dcfbc1b29ae7281e95367e0f2358b44224a46e", "rev": "82704788ffcbf4d1b417b7ce62b9f1ef7d98f442",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "29dcfbc1b29ae7281e95367e0f2358b44224a46e",
"type": "github" "type": "github"
} }
}, },
@ -178,11 +177,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1657261676, "lastModified": 1662447736,
"narHash": "sha256-3+YzGtO0QKl1+cda2gW3DD/wmCH7N9CLPXESsPhQx4U=", "narHash": "sha256-HMnv/9V5JekVlBCdb4k9CzhW3UHJ1fi41bI5Kwi19EE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "60a53fa494e3646d2b7be218383d703aa8ece505", "rev": "1bdc5042356c21bdf8075dd63f291cf77bb77b92",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -223,13 +222,29 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1656928814, "lastModified": 1659877975,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -240,11 +255,41 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"locked": { "locked": {
"lastModified": 1656928814, "lastModified": 1659877975,
"narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -270,23 +315,64 @@
"type": "github" "type": "github"
} }
}, },
"gamescope": {
"inputs": {
"gamescope-src": "gamescope-src",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-unstable": "nixpkgs-unstable",
"utils": "utils"
},
"locked": {
"lastModified": 1658887125,
"narHash": "sha256-evUl+58qvhEYA/A55hd8Y/bQMwS7i1GuUlVeTHg9IDk=",
"owner": "nathans-flakes",
"repo": "gamescope",
"rev": "019dfcc926a31dd399940befe1ac67c17a442db8",
"type": "github"
},
"original": {
"owner": "nathans-flakes",
"repo": "gamescope",
"type": "github"
}
},
"gamescope-src": {
"flake": false,
"locked": {
"lastModified": 1658761788,
"narHash": "sha256-tyzRnyB4MZ3e30pn/mPxE5E0VOBeKgcnFmhB8iM0IJA=",
"ref": "master",
"rev": "cce6a29a2494eaf8f99e299a39b957fda3fcdb2a",
"revCount": 1140,
"submodules": true,
"type": "git",
"url": "https://github.com/Plagman/gamescope.git"
},
"original": {
"submodules": true,
"type": "git",
"url": "https://github.com/Plagman/gamescope.git"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1657241847, "lastModified": 1656169755,
"narHash": "sha256-/aN3p2LaRNVXf7w92GWgXq9H5f23YRQPOvsm3BrBqzU=", "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8160b3b45b8457d58d2b3af2aeb2eb6f47042e0f", "rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-22.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@ -337,15 +423,15 @@
"libnbtplusplus": { "libnbtplusplus": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1591558203, "lastModified": 1650031308,
"narHash": "sha256-QgvNvaoFflCXEPCCFBCeZvYTpuiwScBG7EosUgFwFNQ=", "narHash": "sha256-TvVOjkUobYJD9itQYueELJX3wmecvEdCbJ0FinW2mL4=",
"owner": "multimc", "owner": "PolyMC",
"repo": "libnbtplusplus", "repo": "libnbtplusplus",
"rev": "dc72a20b7efd304d12af2025223fad07b4b78464", "rev": "2203af7eeb48c45398139b583615134efd8d407f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "multimc", "owner": "PolyMC",
"repo": "libnbtplusplus", "repo": "libnbtplusplus",
"type": "github" "type": "github"
} }
@ -399,11 +485,11 @@
"ws-butler": "ws-butler" "ws-butler": "ws-butler"
}, },
"locked": { "locked": {
"lastModified": 1657319179, "lastModified": 1662238434,
"narHash": "sha256-o7lYM6uY3iyR6NaHMZN+5ajcjNU4D+PEapvoWHMRQXA=", "narHash": "sha256-kizN1H6cJqu7TCt+QQxoWw0f1WdO1hU4myhUiETpHsk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-doom-emacs", "repo": "nix-doom-emacs",
"rev": "b27d21334836521901736d138063d351262f9564", "rev": "7b8c1c53537840f2656cacce267697eca7032727",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -412,6 +498,30 @@
"type": "github" "type": "github"
} }
}, },
"nix-on-droid": {
"inputs": {
"flake-utils": "flake-utils_3",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1658777837,
"narHash": "sha256-12rIm639nXldGgyc1uPbF/oz2jTrpgl8zvqxrIq+Jek=",
"owner": "t184256",
"repo": "nix-on-droid",
"rev": "d49fd3a0c874d34a3c3f33fa73cd7a364a1332e3",
"type": "github"
},
"original": {
"owner": "t184256",
"repo": "nix-on-droid",
"type": "github"
}
},
"nix-straight": { "nix-straight": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -428,13 +538,49 @@
"type": "github" "type": "github"
} }
}, },
"nixlib": {
"locked": {
"lastModified": 1636849918,
"narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1660727616,
"narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "adccd191a0e83039d537e021f19495b7bad546a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1657114324, "lastModified": 1662019588,
"narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=", "narHash": "sha256-oPEjHKGGVbBXqwwL+UjsveJzghWiWV0n9ogo1X6l4cw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d", "rev": "2da64a81275b68fdad38af669afeda43d401e94b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -446,11 +592,11 @@
}, },
"nixpkgs-22_05": { "nixpkgs-22_05": {
"locked": { "locked": {
"lastModified": 1656955776, "lastModified": 1662221733,
"narHash": "sha256-1aMu67m+orlGxVwfiX3RxTEVFoq/RmKa/L5u9zU3UNQ=", "narHash": "sha256-dw1xjYyQ0JidXIpzeQh/gQX+ih1sJO1zBHKs5QSYp8Q=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cc16da2c92041cbe817c40f62aac87c99104e9c2", "rev": "013e8d86d9a3f33074c903c8ffcab0d34087b1ed",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -462,11 +608,27 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1657114324, "lastModified": 1658644204,
"narHash": "sha256-fWuaUNXrHcz/ciHRHlcSO92dvV3EVS0GJQUSBO5JIB4=", "narHash": "sha256-MWyfCH9K3eVTXJUxBi67OQSAh9jJAnvWklM6qm4j8w8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a5c867d9fe9e4380452628e8f171c26b69fa9d3d", "rev": "2f0c3be57c348f4cfd8820f2d189e29a685d9c41",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable_2": {
"locked": {
"lastModified": 1662019588,
"narHash": "sha256-oPEjHKGGVbBXqwwL+UjsveJzghWiWV0n9ogo1X6l4cw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2da64a81275b68fdad38af669afeda43d401e94b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -478,11 +640,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1657123678, "lastModified": 1662099760,
"narHash": "sha256-cowVkScfUPlbBXUp08MeVk/wgm9E1zp1uC+9no2hZYw=", "narHash": "sha256-MdZLCTJPeHi/9fg6R9fiunyDwP3XHJqDd51zWWz9px0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "316b762afdb9e142a803f29c49a88b4a47db80ee", "rev": "67e45078141102f45eff1589a831aeaa3182b41e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -527,11 +689,11 @@
"org": { "org": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1657029612, "lastModified": 1662044935,
"narHash": "sha256-enwqnerhZVpyQbeX0uKdZ4IVmZieq9ZgCbkDWy1HlNQ=", "narHash": "sha256-ZpxKw8L/IpxolkGyQMDut6V4i8I1T5za0QBBrztfcts=",
"owner": "emacs-straight", "owner": "emacs-straight",
"repo": "org-mode", "repo": "org-mode",
"rev": "71359820221ec18d27fab28403d4fd3537ca0491", "rev": "e36c3cc21b8b1471e1f7928a118de693819c3f12",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -543,11 +705,11 @@
"org-contrib": { "org-contrib": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1652646857, "lastModified": 1661026052,
"narHash": "sha256-IWIShWyVnbwXqGLQaDNvJ0KoepxhIrXWTjPyGPEkQ14=", "narHash": "sha256-rE7aioQxeVjo+TVI4DIppKkmf/c7tRNzK6hQJAmUnVE=",
"owner": "emacsmirror", "owner": "emacsmirror",
"repo": "org-contrib", "repo": "org-contrib",
"rev": "c1e0980fd7a57ca2042fd78acfb1dfb5c3bc03fa", "rev": "0740bd3fe69c4b327420185d931dcf0a9900a80e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -597,11 +759,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1657322167, "lastModified": 1662476795,
"narHash": "sha256-Eg4FP4oEqEp3oUlSPhFsTRzUH3GgOsa1DoC75IscRmg=", "narHash": "sha256-fNp1vn7yty48BtyC9q+JpzZSD59gLuXuAFTYeJ5o+Ss=",
"owner": "PolyMC", "owner": "PolyMC",
"repo": "PolyMC", "repo": "PolyMC",
"rev": "f591c876650385423d205d40350a210098c86751", "rev": "e37f70b9f7e35639f49c2f53f8e82e97f5fbffc9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -634,11 +796,11 @@
"revealjs": { "revealjs": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1653993278, "lastModified": 1660499724,
"narHash": "sha256-X43lsjoLBWmttIKj9Jzut0UP0dZlsue3fYbJ3++ojbU=", "narHash": "sha256-BhnEmX+8h0MVol7T4Zr2w53A+AmgzcVirpwHCR/G73U=",
"owner": "hakimel", "owner": "hakimel",
"repo": "reveal.js", "repo": "reveal.js",
"rev": "039972c730690af7a83a5cb832056a7cc8b565d7", "rev": "b23d15c4304a9a1b72f484171fc97682e5ed85a3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -652,15 +814,19 @@
"darwin": "darwin", "darwin": "darwin",
"emacs": "emacs", "emacs": "emacs",
"fenix": "fenix", "fenix": "fenix",
"gamescope": "gamescope",
"home-manager": "home-manager", "home-manager": "home-manager",
"java": "java", "java": "java",
"mozilla": "mozilla", "mozilla": "mozilla",
"nix-doom-emacs": "nix-doom-emacs", "nix-doom-emacs": "nix-doom-emacs",
"nix-on-droid": "nix-on-droid",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable_2",
"polymc": "polymc", "polymc": "polymc",
"quilt-server": "quilt-server", "quilt-server": "quilt-server",
"sops-nix": "sops-nix" "sops-nix": "sops-nix",
"wsl": "wsl"
} }
}, },
"rotate-text": { "rotate-text": {
@ -682,11 +848,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1657151932, "lastModified": 1662377094,
"narHash": "sha256-iql4MrFnUcbA0AY7Eo+jiOwdVo+b1Ts6AFOQMIriiwY=", "narHash": "sha256-0bvOQxEe8nzk/VlhHBrUn/Mz3DlE92Us7JqveVjTe0A=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "c296e777675860164f8e45571efd29c4c08ee7cc", "rev": "6dfd8aebdfa1ee1824446f01daf5bdb229b32f92",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -720,11 +886,11 @@
"nixpkgs-22_05": "nixpkgs-22_05" "nixpkgs-22_05": "nixpkgs-22_05"
}, },
"locked": { "locked": {
"lastModified": 1657127702, "lastModified": 1662390490,
"narHash": "sha256-F88Oebl/7M1gnqTpNguhAHZxZJRtFmbdXL6RIn2K0XQ=", "narHash": "sha256-HnFHRFu0eoB0tLOZRjLgVfHzK+4bQzAmAmHSzOquuyI=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "3ef9ea29356c17341456a0418cf5b5c2d2cdb129", "rev": "044ccfe24b349859cd9efc943e4465cc993ac84e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -736,11 +902,11 @@
"ts-fold": { "ts-fold": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1657091443, "lastModified": 1662006199,
"narHash": "sha256-yr/aW7sYoOxajVb2gTgRrwaDwwg2gtHuP3wdrwjiaxo=", "narHash": "sha256-gDelW/h2LyknTQNkHODvzCJCKelLdLIQoDh/L1lk3KA=",
"owner": "jcs-elpa", "owner": "jcs-elpa",
"repo": "ts-fold", "repo": "ts-fold",
"rev": "dcd5b9fe5c2cb72261ff6c714beb8d0198b8522b", "rev": "28409a0ceede0751ed9d520c6a19d1f5f1211502",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -751,11 +917,11 @@
}, },
"utils": { "utils": {
"locked": { "locked": {
"lastModified": 1653893745, "lastModified": 1656928814,
"narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -809,6 +975,28 @@
"repo": "ws-butler", "repo": "ws-butler",
"type": "github" "type": "github"
} }
},
"wsl": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1661772734,
"narHash": "sha256-DkvAaLDg9D6O0i2MzUknaf/U078K4KWAZaJQmNC/tL8=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "c1b0259313f661cf74051c916cf3bb4f061ce11f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NixOS-WSL",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

377
flake.nix
View File

@ -9,7 +9,7 @@
inputs.nixpgks.follows = "nixpkgs"; inputs.nixpgks.follows = "nixpkgs";
}; };
emacs = { emacs = {
url = "github:nix-community/emacs-overlay/29dcfbc1b29ae7281e95367e0f2358b44224a46e"; url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
mozilla = { mozilla = {
@ -21,7 +21,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager/release-22.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
darwin = { darwin = {
@ -45,6 +45,25 @@
url = "github:forward-progress/quilt-server-nix-container"; url = "github:forward-progress/quilt-server-nix-container";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
wsl = {
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
gamescope = {
url = "github:nathans-flakes/gamescope";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-on-droid = {
url = "github:t184256/nix-on-droid";
inputs = {
nixpkgs.follows = "nixpkgs";
home-manager.follows = "home-manager";
};
};
}; };
outputs = outputs =
@ -61,245 +80,125 @@
, nix-doom-emacs , nix-doom-emacs
, java , java
, quilt-server , quilt-server
}@attrs: , nixos-generators
, wsl
, gamescope
, nix-on-droid
}@inputs:
let let
baseModules = [ makeNixosSystem = { system, hostName, extraModules ? [ ], ourNixpkgs ? nixpkgs }: ourNixpkgs.lib.nixosSystem {
./applications/utils-core.nix
## Setup binary caches and other common nix config
({ pkgs, ... }: {
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# First install cachix, so we can discover new ones
environment.systemPackages = [ pkgs.cachix ];
# Then configure up the nix community cache
nix = {
binaryCaches = [
"https://nix-community.cachix.org"
];
binaryCachePublicKeys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
# Turn on flakes support (from within a flake, lamo)
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
# Setup overlays
nixpkgs.overlays = [ emacs.overlay polymc.overlay ];
})
];
sopsModules = [
sops-nix.nixosModules.sops
## Setup sops
({ pkgs, config, ... }: {
# Add default secrets
sops.defaultSopsFile = ./secrets/nathan.yaml;
# Use system ssh key as an age key
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
})
];
coreModules = baseModules ++ sopsModules ++ [
./modules/common.nix
./modules/ssh.nix
home-manager.nixosModules.home-manager
# Configure system state version for linux
({ pkgs, ... }: {
# System state version for compat
system.stateVersion = "21.11";
})
];
setHomeManagerVersions = ({ pkgs, config, unstable, ... }: {
home-manager.users.nathan.programs = {
starship.package = unstable.starship;
git.package = unstable.gitFull;
fish.package = unstable.fish;
};
});
baseHomeModules = [
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.nathan = import ./home-manager/common.nix;
};
}
setHomeManagerVersions
./home.nix
];
desktopModules = baseHomeModules ++ coreModules ++ [
./modules/audio.nix
./modules/sway.nix
./modules/fonts.nix
./modules/gpg.nix
./modules/logitech.nix
./modules/qemu.nix
./modules/docker.nix
./modules/printing.nix
./modules/zt.nix
./modules/lxc.nix
./modules/tailscale.nix
./modules/protonmail.nix
./applications/communications.nix
./applications/devel-core.nix
./applications/devel-core-linux.nix
./applications/devel-rust.nix
./applications/devel-raku.nix
./applications/devel-kotlin.nix
./applications/devel-js.nix
./applications/emacs.nix
./applications/image-editing.nix
./applications/media.nix
./applications/syncthing.nix
./desktop.nix
];
serverModules = baseHomeModules ++ coreModules ++ [
./home-linux.nix
./modules/zt.nix
./modules/autoupdate.nix
./modules/tailscale.nix
./applications/devel-core.nix
./applications/devel-core-linux.nix
];
mozillaOverlay = import "${mozilla}";
in
{
nixosConfigurations = {
levitation = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
unstable = import nixpkgs-unstable {
config = { allowUnfree = true; };
overlays = [ mozillaOverlay ];
system = "x86_64-linux";
};
doomEmacs = nix-doom-emacs.hmModule;
} // attrs;
modules = [
./hardware/levitation.nix
./machines/levitation.nix
./modules/games.nix
./home-linux.nix
] ++ desktopModules;
};
oracles = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
unstable = import nixpkgs-unstable {
config = { allowUnfree = true; };
overlays = [ ];
system = "x86_64-linux";
};
} // attrs;
modules = [
./hardware/oracles.nix
./machines/oracles.nix
./applications/devel-rust.nix
./modules/docker.nix
./system-specific/oracles/matrix.nix
./system-specific/oracles/gitlab-runner.nix
./system-specific/oracles/gitea.nix
./system-specific/oracles/minecraft.nix
] ++ serverModules;
};
perception = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
unstable = import nixpkgs-unstable {
config = { allowUnfree = true; };
overlays = [ ];
system = "x86_64-linux";
};
} // attrs;
modules = [
./hardware/perception.nix
./machines/perception.nix
./applications/devel-rust.nix
./modules/docker.nix
./system-specific/perception/plex.nix
] ++ serverModules;
};
shadowchild = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
unstable = import nixpkgs-unstable {
config = { allowUnfree = true; };
overlays = [ ];
system = "x86_64-linux";
};
} // attrs;
modules = [
./hardware/shadowchild.nix
./machines/shadowchild.nix
./modules/docker.nix
] ++ serverModules;
};
matrix = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
unstable = import nixpkgs-unstable {
config = { allowUnfree = true; };
overlays = [ ];
system = "x86_64-linux";
};
} // attrs;
modules = [
./hardware/matrix.nix
./machines/matrix.nix
./modules/docker.nix
./system-specific/matrix/matrix.nix
./system-specific/matrix/gitea.nix
] ++ serverModules;
};
x86vm = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
unstable = import nixpkgs-unstable {
config = { allowUnfree = true; };
overlays = [ ];
system = "x86_64-linux";
};
} // attrs;
modules = [ ./home-linux.nix ] ++ desktopModules;
};
};
darwinConfigurations = {
"Nathans-MacBook-Pro" = darwin.lib.darwinSystem {
system = "x86_64-darwin";
specialArgs = {
unstable = import nixpkgs-unstable {
config = { allowUnfree = true; };
overlays = [ ];
system = "x86_64-darwin";
};
doomEmacs = nix-doom-emacs.hmModule;
} // attrs;
modules = baseModules ++ baseHomeModules ++ [
./darwin-modules/base.nix
home-manager.darwinModules.home-manager
./modules/fonts.nix
./darwin-modules/gpg.nix
./applications/devel-core.nix
./applications/devel-rust.nix
./applications/emacs.nix
];
};
};
homeConfigurations.linux =
let
system = "x86_64-linux";
in
home-manager.lib.homeManagerConfiguration {
configuration = import ./home-manager/linux.nix;
inherit system; inherit system;
username = "nathan"; specialArgs = {
homeDirectory = "/home/nathan"; inputs = inputs;
stateVersion = "21.11"; };
modules = [
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
./modules/linux/default.nix
({ pkgs, lib, config, ... }: {
# Configure hostname
networking = {
hostName = hostName;
};
# Setup sops
# Add default secrets
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
};
nixpkgs.config.allowUnfree = true;
nixpkgs.config.allowUnfreePredicate = (pkg: true);
# Home manager configuration
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
extraSpecialArgs = {
inputs = inputs;
nixosConfig = config;
};
sharedModules = [
./home-manager/linux/default.nix
];
};
})
] ++ extraModules;
};
in
rec {
# Real systems
nixosConfigurations = {
levitation = makeNixosSystem {
system = "x86_64-linux";
hostName = "levitation";
extraModules = [
./hardware/levitation.nix
./machines/levitation/configuration.nix
];
};
oracles = makeNixosSystem {
system = "x86_64-linux";
hostName = "oracles";
extraModules = [
./hardware/oracles.nix
./machines/oracles/configuration.nix
];
};
x86vm = makeNixosSystem {
system = "x86_64-linux";
hostName = "x86vm";
extraModules = [
"${nixpkgs}/nixos/modules/profiles/qemu-guest.nix"
"${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix"
./machines/x86vm/configuration.nix
];
};
# WSL sytem
wsl = makeNixosSystem {
system = "x86_64-linux";
hostName = "wsl";
extraModules = [
wsl.nixosModules.wsl
./machines/wsl/configuration.nix
];
};
};
# Android systems
nixOnDroidConfigurations = {
tablet = nix-on-droid.lib.nixOnDroidConfiguration {
config = ./machines/tablet/configuration.nix;
system = "aarch64-linux";
extraModules = [
./modules/nix-on-droid/default.nix
({ pkgs, lib, config, ... }: {
# Home manager configuration
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
extraSpecialArgs = {
inputs = inputs;
nixosConfig = config;
};
sharedModules = [
./home-manager/nix-on-droid/default.nix
];
};
})
];
};
};
packages = {
x86_64-linux = {
# Hyper-V image
hyperv = nixos-generators.nixosGenerate {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
modules = [
./machines/hyperv/configuration.nix
];
format = "hyperv";
};
};
}; };
}; };
} }

8
hardware/levitation.nix
View File

@ -61,6 +61,14 @@
device = "10.0.0.139:/mnt/tank/root/nathan/music"; device = "10.0.0.139:/mnt/tank/root/nathan/music";
fsType = "nfs"; fsType = "nfs";
}; };
fileSystems."/mnt/general" = {
device = "10.0.0.139:/mnt/tank/root/shares/general";
fsType = "nfs";
};
fileSystems."/mnt/archive" = {
device = "10.0.0.139:/mnt/tank/root/shares/archive";
fsType = "nfs";
};
swapDevices = swapDevices =
[{ [{

80
home-linux.nix
View File

@ -1,80 +0,0 @@
{ pkgs, config, unstable, ... }:
{
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
## Linux specific user configuration
users = {
mutableUsers = false;
users.nathan = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ];
hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
openssh.authorizedKeys.keys = [
# yubikey ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"
# Macbook pro key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local"
# Phone key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH"
# Tablet key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH"
];
};
};
# enable sudo
security.sudo.enable = true;
home-manager = {
users.nathan = {
# Alacritty configuration
programs.alacritty = {
enable = true;
settings = {
env = {
TERM = "xterm-256color";
ALACRITTY = "1";
};
font = {
normal.family = "FiraCode Nerd Font";
bold.family = "FiraCode Nerd Font";
italic.family = "FiraCode Nerd Font";
bold_italic.family = "FiraCode Nerd Font";
size = 9.0;
};
colors = {
primary = {
background = "0x103c48";
foreground = "0xadbcbc";
};
normal = {
black = "0x184956";
red = "0xfa5750";
green = "0x75b938";
yellow = "0xdbb32d";
blue = "0x4695f7";
magenta = "0xf275be";
cyan = "0x41c7b9";
white = "0x72898f";
};
bright = {
black = "0x2d5b69";
red = "0xff665c";
green = "0x84c747";
yellow = "0xebc13d";
blue = "0x58a3ff";
magenta = "0xff84cd";
cyan = "0x53d6c7";
white = "0xcad8d9";
};
};
};
};
## Multimedia
# Easyeffects for the eq
services.easyeffects.enable = true;
};
};
}

20
home-manager/bat.nix
View File

@ -1,20 +0,0 @@
{ config, lib, pkgs, ... }:
{
options.nathans-home.bat = with lib; {
enable = mkOption {
type = types.bool;
default = true;
};
};
config = lib.mkIf config.nathans-home.bat.enable {
programs.bat = {
enable = true;
config = {
theme = "zenburn";
style = "header,rule,snip,changes";
};
};
};
}

11
home-manager/common.nix
View File

@ -1,11 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
./ssh.nix
./git.nix
./fish.nix
./bat.nix
];
programs.home-manager.enable = true;
}

284
home-manager/common/programs/core.nix Normal file
View File

@ -0,0 +1,284 @@
{ config, lib, pkgs, ... }:
with lib;
{
config = mkMerge [
(mkIf config.nathan.programs.util.core {
home.packages = with pkgs; [
# Rust rewrites of common shell utilites
exa
bat
fd
sd
du-dust
ripgrep
ripgrep-all
hyperfine
bottom
dogdns
duf
# User friendly cut
choose
# Man but terse
tealdeer
# rsync for _The Cloud_ :tm:
rclone
];
# Configure tmux
programs.tmux = {
enable = true;
aggressiveResize = true;
extraConfig = ''
set -g default-terminal "tmux-256color"
set -ag terminal-overrides ",xterm-256color:RGB"
'';
};
})
(mkIf config.nathan.programs.util.productivity {
home.packages = with pkgs; [
# Feh image viewer
feh
tokei
# Spell check
hunspell
hunspellDicts.en-us
# CLI Markdown renderer
glow
# Command line file manager
broot
# Much better curl
httpie
# CLI spreadsheets
visidata
# Cheatsheet manager
cheat
# Ping with a graph
gping
# Pandoc for documentation
pandoc
# Tmate for pair programming
tmate
];
})
(mkIf config.nathan.programs.util.git.enable {
#########################
## Git configuration
#########################
programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "Nathan McCarty";
userEmail = "nathan@mccarty.io";
signing = {
key = "B7A40A5D78C08885";
signByDefault = config.nathan.programs.util.git.gpgSign;
};
ignores = [
"**/*~"
"*~"
"*_archive"
"/auto/"
"auto-save-list"
".cask/"
".dir-locals.el"
"dist/"
"**/.DS_Store"
"*.elc"
"/elpa/"
"/.emacs.desktop"
"/.emacs.desktop.lock"
"/eshell/history"
"/eshell/lastdir"
"flycheck_*.el"
"*_flymake.*"
"/network-security.data"
".org-id-locations"
".persp"
".projectile"
"*.rel"
"/server/"
"tramp"
"\\#*\\#"
];
delta.enable = true;
lfs.enable = true;
extraConfig = {
init = {
defaultBranch = "trunk";
};
log = {
showSignature = true;
abbrevCommit = true;
follow = true;
decorate = false;
};
rerere = {
enable = true;
autoupdate = true;
};
merge = {
ff = "only";
conflictstyle = "diff3";
};
push = {
default = "simple";
followTags = true;
};
pull = {
rebase = true;
};
status = {
showUntrackedFiles = "all";
};
transfer = {
fsckobjects = true;
};
color = {
ui = "auto";
};
diff = {
mnemonicPrefix = true;
renames = true;
wordRegex = ".";
submodule = "log";
};
credential = {
helper = "cache";
};
# Disable annoying safe directory nonsense
safe = {
directory = "*";
};
};
};
})
(mkIf config.nathan.programs.util.ssh {
#########################
## SSH Configuration
#########################
programs.ssh = {
# SSH configuration
enable = true;
# extra config to set the ciphers
extraConfig = ''
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
'';
# Enable compression
compression = true;
# enable session reuse
controlMaster = "auto";
controlPersist = "10m";
# Configure known hosts
matchBlocks = {
"levitation" = {
forwardAgent = true;
user = "nathan";
hostname = "100.95.223.6";
};
"perception" = {
forwardAgent = true;
user = "nathan";
hostname = "100.67.146.101";
};
"oracles" = {
forwardAgent = true;
user = "nathan";
hostname = "100.66.15.34";
};
"tounge" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.98.121";
};
"shadowchild" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.217.149";
};
"matrix.community.rs" = {
forwardAgent = true;
user = "nathan";
hostname = "100.113.74.107";
};
"de1955" = {
user = "de1955";
hostname = "de1955.rsync.net";
};
};
};
})
(mkIf config.nathan.programs.util.fish {
#########################
## Fish Configuration
#########################
programs.fish = {
enable = true;
# Setup our aliases
shellAliases = {
ls = "exa --icons";
la = "exa --icons -a";
lg = "exa --icons --git";
cat = "bat";
dig = "dog";
df = "duf";
};
# Custom configuration
interactiveShellInit = ''
# Setup any-nix-shell
any-nix-shell fish --info-right | source
# Load logger function
source ~/.config/fish/functions/cmdlogger.fish
'';
functions = {
# Setup command logging to ~/.logs
cmdlogger = {
onEvent = "fish_preexec";
body = ''
mkdir -p ~/.logs
echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log
'';
};
};
};
programs.starship = {
enable = true;
settings = {
directory = {
truncation_length = 3;
fish_style_pwd_dir_length = 1;
};
git_commit = {
commit_hash_length = 6;
only_detached = false;
};
package = {
symbol = "";
};
time = {
disabled = false;
format = "[$time]($style)";
time_format = "%I:%M %p";
};
};
};
programs.bat = {
enable = true;
config = {
theme = "zenburn";
style = "header,rule,snip,changes";
};
};
})
(mkIf config.nathan.programs.util.json {
#########################
## JSON Utilities
#########################
programs.jq = {
enable = true;
};
home.packages = with pkgs; [
jc
fx
];
})
];
}

87
home-manager/common/programs/devel.nix Normal file
View File

@ -0,0 +1,87 @@
{ config, lib, pkgs, inputs, ... }:
let
devel = config.nathan.programs.devel;
unstable = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}";
inherit (import ../../../modules/lib.nix { inherit lib; inherit pkgs; }) nLib;
in
with lib; with nLib; {
config = mkMerge [
# Core development utilites
(mkIf devel.core {
home.packages = with pkgs;
# General packages
[
# Git addons
git-secret
delta
# General development requirements
cmake
libtool
gnumake
nixpkgs-fmt
# sops for secrets management
sops
];
programs = {
direnv = {
enable = true;
};
# Neovim
# (I'm not abonding emacs I just want the tutor)
neovim = {
enable = true;
};
};
})
# Rust development
(mkIf devel.rust {
home.packages = with pkgs; [
# Rustup for having the compiler around
rustup
# Install the latest rust analyzer
inputs.fenix.packages."${pkgs.system}".rust-analyzer
# Misc cargo utilites
cargo-binutils # Allow invoking the llvm tools included with the toolchain
cargo-edit # Command line Cargo.toml manipulation
cargo-asm # Dump the generated assembly
cargo-fuzz # front end for fuzz testing rust
cargo-license # Audit the licenses of dependencies
cargo-criterion # Benchmarking front end
cargo-audit # Check dependencies for known CVEs
cargo-bloat # Find out what's taking up space in the executable
cargo-udeps # Find unused dependencies
cargo-expand # Dump expanded macros
cargo-play # Quickly execute code outside of a crate
# For building stuff that uses protocol buffers
protobuf
# For faster builds
sccache
];
})
# Python Development
(mkIf devel.python {
home.packages = with pkgs; [
python3Full
nodePackages.pyright
];
})
# JavaScript/TypeScript Development
(mkIf devel.js {
home.packages = with pkgs; [
nodejs
yarn
nodePackages.typescript
deno
];
})
# Raku Development
(mkIf devel.raku {
home.packages = with pkgs; [
rakudo
zef
];
})
];
}

81
home-manager/common/programs/emacs.nix Normal file
View File

@ -0,0 +1,81 @@
{ config, lib, pkgs, inputs, ... }:
{
imports = [ inputs.nix-doom-emacs.hmModule ];
config = lib.mkIf config.nathan.programs.emacs.enable {
# Dependencies of my emacs environment
home.packages = with pkgs; [
# For markdown rendering
python39Packages.grip
# For graph generation
graphviz
sqlite
# For latex editing
texlive.combined.scheme-medium
# For notifications
libnotify
# For flash cards
anki
# For spelling
aspell
aspellDicts.en
aspellDicts.en-science
aspellDicts.en-computers
# Desktop file for org-protocol
(makeDesktopItem {
name = "org-protocol";
exec = "emacsclient %u";
comment = "Org protocol";
desktopName = "org-protocol";
type = "Application";
mimeTypes = [ "x-scheme-handler/org-protocol" ];
})
];
# Setup doom emacs
programs.doom-emacs = {
enable = true;
doomPrivateDir = ../../../doom.d;
emacsPackage = config.nathan.programs.emacs.package;
emacsPackagesOverlay = self: super: {
org-protocol-capture-html = self.trivialBuild {
pname = "org-protocol-capture-html";
ename = "org-protocol-capture-html";
version = "0.0.0";
packageRequires = [ self.s ];
src = pkgs.fetchFromGitHub {
owner = "alphapapa";
repo = "org-protocol-capture-html";
rev = "3359ce9a2f3b48df26329adaee0c4710b1024250";
hash = "sha256-ueEHJCS+aHYCnd4Lm3NKgqg+m921nl5XijE9ZnSRQXI=";
};
};
anki-editor = self.trivialBuild {
pname = "anki-editor";
ename = "anki-editor";
version = "0.3.1";
packageRequires = with self; [
dash
request
];
src = pkgs.fetchFromGitHub {
owner = "billop";
repo = "anki-editor";
rev = "c11187a79a980a738af608c98f8de2cdc1d988be";
hash = "sha256-3R9bEu982a9Tq+hXy+ALFF/N2NwK9MsqDELFVGHV09I=";
};
};
};
extraPackages = [ pkgs.mu ];
};
# Set editor
home.sessionVariables = {
EDITOR = "emacsclient";
VISUAL = "emacsclient";
};
systemd.user.sessionVariables = {
EDITOR = "emacsclient";
VISUAL = "emacsclient";
};
};
}

65
home-manager/fish.nix
View File

@ -1,65 +0,0 @@
{ config, pkgs, lib, ... }:
{
options.nathans-home.fish = with lib; {
enable = mkOption {
type = types.bool;
default = true;
};
};
config = lib.mkIf config.nathans-home.fish.enable {
## Shell
# Shell proper
programs.fish = {
enable = true;
# Setup our aliases
shellAliases = {
ls = "exa --icons";
la = "exa --icons -a";
lg = "exa --icons --git";
cat = "bat";
dig = "dog";
df = "duf";
};
# Custom configuration
interactiveShellInit = ''
# Setup any-nix-shell
any-nix-shell fish --info-right | source
# Load logger function
source ~/.config/fish/functions/cmdlogger.fish
'';
functions = {
# Setup command logging to ~/.logs
cmdlogger = {
onEvent = "fish_preexec";
body = ''
mkdir -p ~/.logs
echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log
'';
};
};
};
# Starship, for the prompt
programs.starship = {
enable = true;
settings = {
directory = {
truncation_length = 3;
fish_style_pwd_dir_length = 1;
};
git_commit = {
commit_hash_length = 6;
only_detached = false;
};
package = {
symbol = "";
};
time = {
disabled = false;
format = "[$time]($style)";
time_format = "%I:%M %p";
};
};
};
};
}

90
home-manager/git.nix
View File

@ -1,90 +0,0 @@
{ config, lib, pkgs, ... }:
{
# Git configuration
programs.git = {
enable = true;
userName = "Nathan McCarty";
userEmail = "nathan@mccarty.io";
signing = {
key = "B7A40A5D78C08885";
signByDefault = pkgs.stdenv.isx86_64;
};
ignores = [
"**/*~"
"*~"
"*_archive"
"/auto/"
"auto-save-list"
".cask/"
".dir-locals.el"
"dist/"
"**/.DS_Store"
"*.elc"
"/elpa/"
"/.emacs.desktop"
"/.emacs.desktop.lock"
"/eshell/history"
"/eshell/lastdir"
"flycheck_*.el"
"*_flymake.*"
"/network-security.data"
".org-id-locations"
".persp"
".projectile"
"*.rel"
"/server/"
"tramp"
"\\#*\\#"
];
delta.enable = true;
extraConfig = {
init = {
defaultBranch = "trunk";
};
log = {
showSignature = true;
abbrevCommit = true;
follow = true;
decorate = false;
};
rerere = {
enable = true;
autoupdate = true;
};
merge = {
ff = "only";
conflictstyle = "diff3";
};
push = {
default = "simple";
followTags = true;
};
pull = {
rebase = true;
};
status = {
showUntrackedFiles = "all";
};
transfer = {
fsckobjects = true;
};
color = {
ui = "auto";
};
diff = {
mnemonicPrefix = true;
renames = true;
wordRegex = ".";
submodule = "log";
};
credential = {
helper = "cache";
};
# Disable annoying safe directory nonsense
safe = {
directory = "*";
};
};
};
}

77
home-manager/linux/default.nix Normal file
View File

@ -0,0 +1,77 @@
{ config, lib, pkgs, inputs, ... }:
let
inherit (import ../../modules/lib.nix { inherit lib; inherit pkgs; }) nLib;
in
with lib; with nLib; {
imports = [
../options.nix
./programs/sway.nix
../common/programs/core.nix
./programs/communications.nix
../common/programs/devel.nix
./programs/devel.nix
./programs/emacs.nix
./programs/image-editing.nix
./programs/media.nix
./programs/wine.nix
./services/syncthing.nix
./services/email.nix
];
options = {
nathan = {
# Services, these are platform specific so they go here
services = {
# Synthing, enabled by default on linux desktop
syncthing = mkDefaultOption "Syncthing" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux);
# Email syncing
# Disabled by default since this requires manual setup on the machine
# TODO: Get this working on darwin
email = {
enable = mkEnableOption "Email";
};
};
# Linux specific programs
programs = {
util = {
# Wine support, disabled by default
wine = mkEnableOption "wine";
};
devel = {
jvm = mkDefaultOption "JVM Development Utilites" config.nathan.config.isDesktop;
};
# Swaywm and supoorting application configuration
swaywm = {
enable = mkDefaultOption "swaywm" config.nathan.config.isDesktop;
};
# Communications applications
communications = {
# Enable by default if we are on a linux desktop
enable = mkDefaultOption "Communication applications" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux);
};
# Image editing software, on by default on desktop
image-editing = mkDefaultOption "Image Editing Software" config.nathan.config.isDesktop;
# Media appilcations, on by default on linux desktop
media = {
enable = mkDefaultOption "Media Applications" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux);
mopidyExtraConfig = mkOption {
description = "Extra config files for mopidy";
default = [ ];
};
};
# Firefox, enabled by default on linux desktop
firefox = mkDefaultOption "Firefox" (config.nathan.config.isDesktop && pkgs.stdenv.isLinux);
};
};
};
config = {
home.stateVersion = "22.05";
programs.home-manager.enable = true;
programs.firefox = {
enable = config.nathan.programs.firefox;
package = pkgs.firefox-beta-bin;
};
nathan.programs.emacs.package = lib.mkDefault inputs.emacs.packages."${pkgs.system}".emacsPgtkNativeComp;
};
}

87
home-manager/linux/programs/communications.nix Normal file
View File

@ -0,0 +1,87 @@
{ config, lib, pkgs, inputs, ... }:
{
config = lib.mkIf config.nathan.programs.communications.enable {
home.packages = with pkgs;
let
unstable = import inputs.nixpkgs-unstable { config = { allowUnfree = true; }; inherit system; };
enableWayland = drv: bin: drv.overrideAttrs (
old: {
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.makeWrapper ];
postFixup = (old.postFixup or "") + ''
wrapProgram $out/bin/${bin} \
--add-flags "--enable-features=UseOzonePlatform" \
--add-flags "--ozone-platform=wayland"
'';
}
);
discordWayland = pkgs.callPackage ../../../packages/discord/default.nix rec {
pname = "discord-electron";
binaryName = "Discord";
desktopName = "Discord (Wayland)";
version = "0.0.19";
src = fetchurl {
url = "https://dl.discordapp.net/apps/linux/${version}/discord-${version}.tar.gz";
hash = "sha256-GfSyddbGF8WA6JmHo4tUM27cyHV5kRAyrEiZe1jbA5A=";
};
electron = pkgs.electron_13;
};
zulipWayland = pkgs.makeDesktopItem {
name = "zulip-wayland";
desktopName = "Zulip (Wayland)";
exec = "${unstable.zulip}/bin/zulip --enable-features=UseOzonePlatform --ozone-platform=wayland";
terminal = false;
icon = "zulip";
type = "Application";
};
# Facebook messenger
fbChromeDesktopItem = pkgs.makeDesktopItem {
name = "messenger-chrome";
desktopName = "Messenger (chrome)";
exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland \"--app=https://messenger.com\"";
terminal = false;
};
# Teams
teamsItem = pkgs.makeDesktopItem {
name = "teams-wayland";
desktopName = "Teams (Wayland)";
exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland \"--app=https://teams.microsoft.com\"";
terminal = false;
};
# Cinny
cinnyItem = pkgs.makeDesktopItem {
name = "cinny";
desktopName = "Cinny";
exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland \"--app=https://app.cinny.in\"";
terminal = false;
};
in
[
# Discord
discordWayland
betterdiscordctl
# Desktop matrix client
(enableWayland element-desktop "element-desktop")
# Desktop signal client
(enableWayland signal-desktop "signal-desktop")
# Desktop telegram client
tdesktop
# Desktop mastodon client
tootle
# zulip
unstable.zulip
zulipWayland
# Zoom (for work, sadly)
unstable.zoom-us
# Teams (also for work)
unstable.teams
# Cinny for pretty matrix
cinnyItem
# chromium
(enableWayland chromium "chromium")
# Wayland workaround packages
fbChromeDesktopItem
teamsItem
];
};
}

37
home-manager/linux/programs/devel.nix Normal file
View File

@ -0,0 +1,37 @@
{ config, lib, pkgs, inputs, ... }:
let
devel = config.nathan.programs.devel;
unstable = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}";
inherit (import ../../../modules/lib.nix { inherit lib; inherit pkgs; }) nLib;
in
with lib; with nLib; {
config = mkMerge [
# Core development utilites
(mkIf devel.core {
home.packages = with pkgs;
# Linux specific packages
[
clang
unstable.mold
];
})
# Rust development
(mkIf devel.rust {
home.packages = with pkgs; [
unstable.cargo-tarpaulin # Code coverage
];
})
# JVM Development
(mkIf devel.jvm {
home.packages = with unstable; [
inputs.java.packages."${pkgs.system}".semeru-stable
gradle
kotlin
kotlin-native
kotlin-language-server
ktlint
];
})
];
}

13
home-manager/linux/programs/emacs.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, lib, pkgs, inputs, ... }:
{
imports = [ ../../common/programs/emacs.nix ];
config = lib.mkIf config.nathan.programs.emacs.enable {
# Setup service
services.emacs = {
enable = config.nathan.programs.emacs.service;
client.enable = true;
};
};
}

20
home-manager/linux/programs/image-editing.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, inputs, ... }:
let
unstable = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}";
in
{
config = lib.mkIf config.nathan.programs.image-editing {
home.packages = with pkgs; [
# RawTherapee for raw editing
unstable.rawtherapee
# Gimp for complex editing
unstable.gimp-with-plugins
# Krita for drawing
unstable.krita
# Pinta for basic image editing
unstable.pinta
# Command line tools for image conversion and handling
imagemagickBig
];
};
}

50
home-manager/linux/programs/media.nix Normal file
View File

@ -0,0 +1,50 @@
{ config, lib, pkgs, inputs, ... }:
let
unstable = import inputs.nixpkgs-unstable { config = { allowUnfree = true; }; system = pkgs.system; };
irisDesktopItem = pkgs.makeDesktopItem {
name = "iris";
desktopName = "Iris";
exec = "${pkgs.chromium}/bin/chromium --enable-features=UseOzonePlatform -ozone-platform=wayland \"--app=http://localhost:6680/iris/\"";
terminal = false;
};
in
{
config = lib.mkIf config.nathan.programs.media.enable {
# General Packages
home.packages = with pkgs; [
unstable.spotify
unstable.vlc
unstable.plex-media-player
unstable.obs-studio
nicotine-plus
irisDesktopItem
picard
];
# Mopidy service
# TODO: Add scrobbling
services.mopidy = {
enable = true;
extensionPackages = with pkgs; [
mopidy-mpd
mopidy-iris
mopidy-scrobbler
mopidy-local
];
# extraConfigFiles = config.nathan.programs.media.mopidyExtraConfig;
settings = {
file = {
media_dirs = [
"~/Music"
];
};
local = {
enabled = true;
media_dir = "~/Music";
};
mpd = {
enabled = true;
};
};
};
};
}

600
home-manager/linux/programs/sway.nix Normal file
View File

@ -0,0 +1,600 @@
{ config, lib, pkgs, inputs, ... }:
let
nathan = config.nathan;
in
with lib;
{
config = mkIf nathan.programs.swaywm.enable (
let
swaylock-command = "${pkgs.swaylock-effects}/bin/swaylock --screenshots --grace 30 --indicator --clock --timestr \"%-I:%M:%S %p\" --datestr \"%A %Y-%M-%d\" --effect-blur 20x3";
in
{
home.packages = with pkgs; [
# Locking and display management
wdisplays
swaylock-effects
swayidle
# Clipboard
wl-clipboard
# Notifications
mako
# Terminal
alacritty
# glib for sound stuff
glib
# Glpaper for the background
(glpaper.overrideAttrs (old: {
src = fetchFromSourcehut {
owner = "~scoopta";
repo = "glpaper";
vc = "hg";
rev = "f89e60b7941fb60f1069ed51af9c5bb4917aab35";
hash = "sha256-E7FKjt3NL0aAEibfaq+YS2IVvpjNjInA+Rs8SU63/3M=";
};
}))
# Screenshots
sway-contrib.grimshot
# fuzzel for launcher
fuzzel
];
#########################
## Sway
#########################
wayland.windowManager.sway = {
enable = true;
systemdIntegration = true;
wrapperFeatures = {
base = true;
gtk = true;
};
extraSessionCommands = ''
# Make qt theming work
export QT_QPA_PLATFORMTHEME="qt5ct"
'';
config = {
# Setup gaps
gaps = {
smartGaps = true;
inner = 9;
};
# Window configuration
window = {
# Configure borders
border = 2;
# Application specific configuration
commands = [
{
command = "floating enable";
criteria = {
app_id = "pinentry-qt";
};
}
# Work around for chrome ui bug
{
command = "shortcuts_inhibitor disable";
criteria = {
app_id = "^chrome-.*__-.*$";
};
}
];
};
# Use windows key as modifier
modifier = "Mod4";
# Alacritty as default terminal
terminal = "alacritty";
# Use krunner (from kde) as our launcher
menu = ''
fuzzel -f "Fira Sans" -b "103c48ff" -S "adbcbcff" -s "184956ff" -t "72898fff" -B 5 -r 5 -C "ed8649ff"
'';
# Use waybar, but through systemd
bars = [
# {
# command = "waybar";
# }
];
# Use fira
fonts = {
names = [ "Fira Sans" ];
size = 10.0;
};
# Selenize it
colors = {
focused = {
border = "75b938";
background = "184956";
text = "adbcbc";
indicator = "84c747";
childBorder = "75b938";
};
focusedInactive = {
border = "41c7b9";
background = "#103c48";
text = "adbcbc";
indicator = "53d6c7";
childBorder = "41c7b9";
};
unfocused = {
border = "72898f";
background = "103c48";
text = "72898f";
indicator = "adbcbc";
childBorder = "72898f";
};
urgent = {
border = "f275be";
background = "184956";
text = "fa5750";
indicator = "fa5750";
childBorder = "f275be";
};
};
# Setup keybindings
keybindings =
let
modifer = "Mod4";
in
lib.mkOptionDefault {
"${modifer}+q" = "kill";
"${modifer}+z" = "exec ${swaylock-command}";
## Sreenshot keybinds
# Copy area to clipboard
"${modifer}+x" = "exec ${pkgs.sway-contrib.grimshot}/bin/grimshot copy area";
# Copy window to clipboard
"${modifer}+Ctrl+x" = "exec ${pkgs.sway-contrib.grimshot}/bin/grimshot copy window";
# Clpy entire output to clipboard
"${modifer}+Alt+x" = "exec ${pkgs.sway-contrib.grimshot}/bin/grimshot copy output";
};
# Startup applications
startup = [
# Mako, the notification daemon
{ command = "mako"; }
];
# Turn on numlock by default
input = {
"*" = { xkb_numlock = "enable"; };
};
};
};
#########################
## Mako (notifications)
#########################
programs.mako = {
enable = true;
# Selenized color scheme
borderColor = "#f275be";
backgroundColor = "#184956";
textColor = "#adbcbc";
# Border configuration
borderSize = 3;
# Use Fira Code for font
font = "Fira Sans 10";
# Group by application
groupBy = "app-name";
# Bottom right corner
anchor = "bottom-right";
# Maximum visible notifications
maxVisible = 10;
# Sort by time in descending order (newest first)
sort = "-time";
# Don't time out notifications , I want to have to dismiss them
defaultTimeout = 0;
ignoreTimeout = true;
};
#########################
## Swayidle
#########################
services.swayidle = {
enable = true;
timeouts = [
# Lock the screen after 5 minutes of inactivity
{
timeout = 300;
command = builtins.replaceStrings [ "%" ] [ "%%" ] swaylock-command;
}
# Turn off the displays after 10 minutes of inactivity
{
timeout = 600;
command = "swaymsg \"output * dpms off\"";
resumeCommand = "swaymsg \"output * dpms on\"";
}
];
};
#########################
## Waybar
#########################
programs.waybar = {
enable = true;
package = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}".waybar;
systemd = {
enable = false;
};
settings = {
mainBar = {
layer = "top";
position = "bottom";
height = 27;
modules-left = [ "sway/workspaces" "sway/mode" ];
modules-center = [ "sway/window" ];
modules-right = [ "mpd" "clock" "tray" ];
"sway/workspaces" = {
disable-scroll = true;
};
"sway/window" = {
icon = true;
};
"clock" = {
format = "{:%I:%M%p %Y-%m-%d}";
};
"window" = {
icon = true;
};
"tray" = {
spacing = 5;
};
"mpd" = {
format = "{stateIcon} {consumeIcon}{randomIcon}{repeatIcon}{singleIcon}{artist} - {album} - {title} ({elapsedTime:%M:%S}/{totalTime:%M:%S})";
format-disconnected = "Disconnected ";
format-stopped = "{consumeIcon}{randomIcon}{repeatIcon}{singleIcon}Stopped ";
consume-icons = {
on = "🍴";
};
random-icons = {
on = "🔀";
};
repeat-icons = {
on = "🔁";
};
state-icons = {
paused = "";
playing = "";
};
};
};
};
style = ''
* {
/* `otf-font-awesome` is required to be installed for icons */
font-family: FontAwesome, Fira;
font-size: 14px;
}
window#waybar {
background-color: #103c48;
border: 2px solid #2d5b69;
color: #adbcbc;
transition-property: background-color;
transition-duration: .5s;
}
window#waybar.hidden {
opacity: 0.2;
}
/*
window#waybar.empty {
background-color: transparent;
}
window#waybar.solo {
background-color: #FFFFFF;
}
*/
window#waybar.termite {
background-color: #3F3F3F;
}
window#waybar.chromium {
background-color: #000000;
border: none;
}
#workspaces button {
padding: 0 5px;
background-color: #184956;
color: #72898f;
/* Use box-shadow instead of border so the text isn't offset */
box-shadow: inset 0 -3px transparent;
/* Avoid rounded borders under each workspace name */
border: none;
border-radius: 0;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
#workspaces button:hover {
background: rgba(0, 0, 0, 0.2);
box-shadow: inset 0 -3px #ffffff;
}
#workspaces button.focused {
background-color: #2d5b69;
color: #adbcbc;
/* box-shadow: inset 0 -3px #ffffff; */
}
#workspaces button.urgent {
background-color: #2d5b69;
color: #fa5750;
}
#mode {
background-color: #64727D;
border-bottom: 3px solid #ffffff;
}
#clock,
#battery,
#cpu,
#memory,
#disk,
#temperature,
#backlight,
#network,
#pulseaudio,
#custom-media,
#tray,
#mode,
#idle_inhibitor,
#mpd {
padding: 0 10px;
}
#window,
#workspaces {
margin: 0 4px;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#clock {
border: 2px solid #41c7b9;
background-color: #184956;
color: #41c7b9;
}
#battery {
background-color: #ffffff;
color: #000000;
}
#battery.charging, #battery.plugged {
color: #ffffff;
background-color: #26A65B;
}
@keyframes blink {
to {
background-color: #ffffff;
color: #000000;
}
}
#battery.critical:not(.charging) {
background-color: #f53c3c;
color: #ffffff;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
label:focus {
background-color: #000000;
}
#cpu {
background-color: #2ecc71;
color: #000000;
}
#memory {
background-color: #9b59b6;
}
#disk {
background-color: #964B00;
}
#backlight {
background-color: #90b1b1;
}
#network {
background-color: #2980b9;
}
#network.disconnected {
background-color: #f53c3c;
}
#pulseaudio {
background-color: #f1c40f;
color: #000000;
}
#pulseaudio.muted {
background-color: #90b1b1;
color: #2a5c45;
}
#custom-media {
background-color: #66cc99;
color: #2a5c45;
min-width: 100px;
}
#custom-media.custom-spotify {
background-color: #66cc99;
}
#custom-media.custom-vlc {
background-color: #ffa000;
}
#temperature {
background-color: #f0932b;
}
#temperature.critical {
background-color: #eb4d4b;
}
#tray {
background-color: #4695f7;
border: 2px solid #58a3ff;
}
#tray > .passive {
-gtk-icon-effect: dim;
}
#tray > .needs-attention {
-gtk-icon-effect: highlight;
background-color: #eb4d4b;
}
#idle_inhibitor {
background-color: #2d3436;
}
#idle_inhibitor.activated {
background-color: #ecf0f1;
color: #2d3436;
}
#mpd {
color: #adbcbc;
border: 2px solid #75b938;
background-color: #184956;
}
#mpd.disconnected {
color: #dbb32d;
border: 2px solid #dbb32d;
}
#mpd.stopped {
color: #fa5750;
border: 2px solid #fa5750;
}
#mpd.paused {
color: #f275be;
border: 2px solid #f275be;
}
#language {
background: #00b093;
color: #740864;
padding: 0 5px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state {
background: #97e1ad;
color: #000000;
padding: 0 0px;
margin: 0 5px;
min-width: 16px;
}
#keyboard-state > label {
padding: 0 5px;
}
#keyboard-state > label.locked {
background: rgba(0, 0, 0, 0.2);
}
'';
};
# Override the service to run during graphical-session-pre.target
systemd.user.services.waybar = {
Unit = {
Description =
"Highly customizable Wayland bar for Sway and Wlroots based compositors.";
Documentation = "https://github.com/Alexays/Waybar/wiki";
Before = [ "tray.target" ];
};
Service = {
ExecStart = "${config.programs.waybar.package}/bin/waybar";
ExecReload = "${pkgs.coreutils}/bin/kill -SIGUSR2 $MAINPID";
ExecstartPost = "${pkgs.coreutils}/bin/sleep 1";
Restart = "on-failure";
KillMode = "mixed";
};
Install = { WantedBy = [ "graphical-session-pre.target" ]; };
};
#########################
## Alacritty
#########################
programs.alacritty = {
enable = true;
settings = {
env = {
TERM = "xterm-256color";
ALACRITTY = "1";
};
font = {
normal.family = "FiraCode Nerd Font";
bold.family = "FiraCode Nerd Font";
italic.family = "FiraCode Nerd Font";
bold_italic.family = "FiraCode Nerd Font";
size = 9.0;
};
colors = {
primary = {
background = "0x103c48";
foreground = "0xadbcbc";
};
normal = {
black = "0x184956";
red = "0xfa5750";
green = "0x75b938";
yellow = "0xdbb32d";
blue = "0x4695f7";
magenta = "0xf275be";
cyan = "0x41c7b9";
white = "0x72898f";
};
bright = {
black = "0x2d5b69";
red = "0xff665c";
green = "0x84c747";
yellow = "0xebc13d";
blue = "0x58a3ff";
magenta = "0xff84cd";
cyan = "0x53d6c7";
white = "0xcad8d9";
};
};
};
};
#########################
## EasyEffects
#########################
services.easyeffects.enable = true;
#########################
## Create tray target to fix some things
#########################
systemd.user.targets.tray = {
Unit = {
Description = "Home Manager System Tray";
Requires = [ "graphical-session-pre.target" "waybar.service" ];
After = [ "waybar.service" ];
};
};
}
);
}

10
home-manager/linux/programs/wine.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, lib, pkgs, ... }:
{
config = lib.mkIf config.nathan.programs.util.wine {
home.packages = with pkgs; [
proton-caller
wineWowPackages.waylandFull
];
};
}

99
home-manager/linux/services/email.nix Normal file
View File

@ -0,0 +1,99 @@
{ config, nixosConfig, lib, pkgs, ... }:
with lib; {
config = mkIf config.nathan.services.email.enable {
# Packages used for mbsync + mu + protonmail-bridge
home.packages = with pkgs; [
pass
protonmail-bridge
mu
];
# Configure protonmail as a service
systemd.user.services.protonmail-bridge = {
Unit = {
Description = "Proton Mail Bridge";
After = [ "graphical-session-pre.target" ];
Before = [ "mbsync.service" ];
PartOf = [ "graphical-session.target" ];
};
Service = {
Type = "simple";
ExecStart = ''
${pkgs.protonmail-bridge}/bin/protonmail-bridge --noninteractive
'';
};
};
# Setup accounts
accounts.email = {
maildirBasePath = ".mail";
accounts = {
"nathan@mccarty.io" = {
maildir = {
path = "nathan@mccarty.io";
};
address = "nathan@mccarty.io";
primary = true;
realName = "Nathan McCarty";
userName = "nathan@mccarty.io";
passwordCommand = "${pkgs.pass}/bin/pass protonmail-bridge-password";
aliases = [
"thatonelutenist@protonmail.com"
"nathan@asuran.rs"
"nathan@community.rs"
];
imap = {
host = "127.0.0.1";
port = 1143;
tls = {
useStartTls = true;
certificatesFile = ../../../certificates/protonmail-${nixosConfig.networking.hostName}.pem;
};
};
smtp = {
host = "127.0.0.1";
port = 1025;
tls = {
useStartTls = true;
certificatesFile = ../../../certificates/protonmail-${nixosConfig.networking.hostName}.pem;
};
};
mbsync = {
enable = true;
create = "maildir";
remove = "both";
};
mu.enable = true;
msmtp = {
enable = true;
};
};
};
};
## Enable email applications
# Setup mbsync for incoming emails
# For fun reasons this requires enabling the program and the service
programs.mbsync = {
enable = true;
};
services.mbsync = {
enable = true;
frequency = "*:0/1";
# Index manually with mu if we don't have emacs setup, but if we have the emacs service setup,
# run through emacsclient, as it will have the lock
postExec =
if config.nathan.programs.emacs.service
then
"${../../../scripts/update-mu4e.sh}"
else
"${pkgs.mu}/bin/mu index";
};
# Setup mu for indexing emails
programs.mu = {
enable = true;
};
# Setup msmtp for outbound emails
programs.msmtp = {
enable = true;
};
};
}

15
home-manager/linux/services/syncthing.nix Normal file
View File

@ -0,0 +1,15 @@
{ config, lib, pkgs, inputs, ... }:
let
stray = inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}".syncthingtray;
in
{
config = lib.mkIf config.nathan.services.syncthing {
services.syncthing = {
enable = true;
tray = {
enable = true;
package = stray;
};
};
};
}

20
home-manager/nix-on-droid/default.nix Normal file
View File

@ -0,0 +1,20 @@
{ config, lib, pkgs, inputs, ... }:
let
inherit (import ../../modules/lib.nix { inherit lib; inherit pkgs; }) nLib;
in
with lib; with nLib; {
imports = [
../options.nix
../common/programs/core.nix
../common/programs/devel.nix
../common/programs/emacs.nix
];
options = { };
config = {
home.stateVersion = "22.05";
programs.home-manager.enable = true;
nathan.programs.emacs.package = pkgs.emacs28NativeComp;
};
}

54
home-manager/options.nix Normal file
View File

@ -0,0 +1,54 @@
{ config, lib, pkgs, ... }:
let
inherit (import ../modules/lib.nix { inherit lib; inherit pkgs; }) nLib;
in
with lib; with nLib;
{
options = {
nathan = {
programs = {
util = {
# Core utilites
core = mkEnableOptionT "core";
# Ssh configuration, enabled by default
ssh = mkEnableOptionT "ssh";
# Fish configuration, enabled by default
fish = mkEnableOptionT "fish";
# Git configuration, enabled by default
git = {
enable = mkEnableOptionT "git";
gpgSign = mkDefaultOption "git signatures" config.nathan.config.isDesktop;
};
# Bat configuration, enabled by default
bat = mkEnableOptionT "bat";
# JSON Utilities, enabled by default
json = mkEnableOptionT "json";
# Productivity application
productivity = mkDefaultOption "Productivity applications" config.nathan.config.isDesktop;
};
# Development applications, enabled by default on desktop
devel = {
core = mkDefaultOption "Core Development Utilites" config.nathan.config.isDesktop;
rust = mkDefaultOption "Rust Development Utilites" config.nathan.config.isDesktop;
python = mkDefaultOption "Python Development Utilites" config.nathan.config.isDesktop;
js = mkDefaultOption "JavaScript/TypeScript Development Utilites" config.nathan.config.isDesktop;
raku = mkDefaultOption "Raku Development Utilites" config.nathan.config.isDesktop;
};
# Emacs, enabled by default on desktop
emacs = {
enable = mkDefaultOption "Emacs" config.nathan.config.isDesktop;
service = mkDefaultOption "Emacs Service" config.nathan.config.isDesktop;
package = mkOption {
description = "Emacs package to use";
};
};
};
# General configuration options
config = {
# Is this system a desktop?
# false by default
isDesktop = mkEnableOption "Desktop specific settings";
};
};
};
}

61
home-manager/ssh.nix
View File

@ -1,61 +0,0 @@
{ config, lib, pkgs, ... }:
{
options.nathans-home.ssh = with lib; {
enable = mkOption {
type = types.bool;
default = true;
};
};
config = lib.mkIf config.nathans-home.ssh.enable {
programs.ssh = {
# SSH configuration
enable = true;
# extra config to set the ciphers
extraConfig = ''
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
'';
# enable session reuse
controlMaster = "auto";
controlPersist = "10m";
# Configure known hosts
matchBlocks = {
"levitation" = {
forwardAgent = true;
user = "nathan";
hostname = "100.95.223.6";
};
"perception" = {
forwardAgent = true;
user = "nathan";
hostname = "100.67.146.101";
};
"oracles" = {
forwardAgent = true;
user = "nathan";
hostname = "100.66.15.34";
};
"tounge" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.98.121";
};
"shadowchild" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.217.149";
};
"matrix.community.rs" = {
forwardAgent = true;
user = "nathan";
hostname = "100.113.74.107";
};
"de1955" = {
user = "de1955";
hostname = "de1955.rsync.net";
};
};
};
};
}

24
home.nix
View File

@ -1,24 +0,0 @@
{ pkgs, config, ... }:
{
## Some general settings that were in the user configuration
# Set time zone
time.timeZone = "America/New_York";
## Setup user first
users = {
users.nathan = {
# darwin is special
home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan";
description = "Nathan McCarty";
shell = pkgs.fish;
};
};
home-manager.users.nathan.home.stateVersion = "22.05";
## Misc packages that were in user.nix
# Install general use packages
environment.systemPackages = with pkgs; [
# Install our shell of choice
fish
# Install rclone
rclone
];
}

28
machines/hyperv/configuration.nix Normal file
View File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
{
# Setup system configuration
nathan = {
config = {
isDesktop = true;
setupGrub = true;
nix.autoUpdate = false;
harden = false;
};
};
# Configure networking
networking = {
domain = "mccarty.io";
useDHCP = false;
interfaces.enp6s0.useDHCP = true;
nat.externalInterface = "enp6s0";
# Open ports for soulseek
firewall = {
allowedTCPPorts = [ 61377 ];
allowedUDPPorts = [ 61377 ];
};
};
# Setup home manager
home-manager.users.nathan = import ./home.nix;
}

46
machines/hyperv/home.nix Normal file
View File

@ -0,0 +1,46 @@
{ config, lib, pkgs, ... }:
{
nathan = {
services = {
email = {
enable = true;
};
};
config = {
isDesktop = true;
};
};
# # Sway outputs
# wayland.windowManager.sway.config = {
# output = {
# DP-1 = {
# pos = "0 140";
# scale = "1";
# subpixel = "rgb";
# };
# DP-3 = {
# pos = "2560 0";
# scale = "1.25";
# subpixel = "rgb";
# };
# HDMI-A-1 = {
# pos = "5632 140";
# scale = "1";
# subpixel = "rgb";
# };
# };
# startup = [
# # GLPaper
# { command = "glpaper DP-1 ${../../custom-files/sway/selen.frag} --fork"; }
# { command = "glpaper DP-3 ${../../custom-files/sway/selen.frag} --fork"; }
# { command = "glpaper HDMI-A-1 ${../../custom-files/sway/selen.frag} --fork"; }
# ];
# };
# # Mako output configuration
# programs.mako = {
# # Lock mako notifs to main display
# output = "DP-3";
# };
}

122
machines/levitation.nix
View File

@ -1,122 +0,0 @@
{ pkgs, lib, config, ... }: {
###
## Define the hostname, enable dhcp
###
networking = {
hostName = "levitation";
domain = "mccarty.io";
useDHCP = false;
interfaces.enp6s0.useDHCP = true;
nat.externalInterface = "enp6s0";
};
###
## Enable programs we don't want on every machine
###
programs = {
steam.enable = true;
adb.enable = true;
};
###
## Firewall ports
###
# 61377 - SoulSeek
# Enable firewall and pass some ports
networking.firewall = {
enable = true;
allowedTCPPorts = [ 61377 ];
allowedUDPPorts = [ 61377 ];
};
###
## Machine specific home-manager
###
home-manager.users.nathan = {
# Sway outputs
wayland.windowManager.sway.config = {
output = {
DP-1 = {
pos = "0 140";
scale = "1";
subpixel = "rgb";
};
DP-3 = {
pos = "2560 0";
scale = "1.25";
subpixel = "rgb";
};
HDMI-A-1 = {
pos = "5632 140";
scale = "1";
subpixel = "rgb";
};
};
startup = [
# GLPaper
{ command = "glpaper DP-1 ${../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper DP-3 ${../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper HDMI-A-1 ${../custom-files/sway/selen.frag} --fork"; }
];
};
# Mako output configuration
programs.mako = {
# Lock mako notifs to main display
output = "DP-3";
};
};
###
## Borg Backups
###
# Install borg
environment.systemPackages = with pkgs; [
borgbackup
];
# Setup sops
sops.secrets."borg-sshKey" = {
format = "yaml";
sopsFile = ../secrets/borg.yaml;
};
sops.secrets."borg-levitationPassword" = {
format = "yaml";
sopsFile = ../secrets/borg.yaml;
};
# Setup the job
services.borgbackup.jobs = {
remote_backup = {
paths = [
"/home"
"/var"
"/etc"
];
exclude = [
"*/.cache"
"*/.tmp"
"/home/nathan/Projects/*/target"
"/home/nathan/Work/*/target"
"/home/nathan/.local/share/Steam"
"/home/nathan/Downloads"
"/home/nathan/Music"
"/var/lib/docker"
"/var/log"
"/home/nathan/*/Cache"
];
repo = "de1955@de1955.rsync.net:computers/levitation";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg-levitationPassword".path}";
};
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}";
compression = "auto,zstd";
startAt = "hourly";
prune.keep = {
within = "7d"; # Keep all archives for the past week
daily = 1; # Keep 1 snapshot a day for 2 weeks
weekly = 4; # Keep 1 snapshot a week for 4 weeks
monthly = -1; # Keep unlimited monthly backups
};
};
};
}

94
machines/levitation/configuration.nix Normal file
View File

@ -0,0 +1,94 @@
{ config, lib, pkgs, inputs, ... }:
{
# Sops setup for this machine
sops.secrets = {
"borg-ssh-key" = {
sopsFile = ../../secrets/levitation/borg.yaml;
format = "yaml";
};
"borg-password" = {
sopsFile = ../../secrets/levitation/borg.yaml;
format = "yaml";
};
"windows-bitlocker-key" = {
sopsFile = ../../secrets/levitation/windows.yaml;
format = "yaml";
};
};
# Setup system configuration
nathan = {
programs = {
games = true;
};
services = {
borg = {
enable = true;
extraExcludes = [
"/home/${config.nathan.config.user}/Music"
"/var/lib/docker"
"/var/log"
];
passwordFile = config.sops.secrets."borg-password".path;
sshKey = config.sops.secrets."borg-ssh-key".path;
};
};
config = {
isDesktop = true;
setupGrub = true;
nix.autoUpdate = false;
harden = false;
windows = {
enable = true;
mount = {
device = "/dev/nvme0n1p3";
mountPoint = "/mnt/windows";
keyFile = config.sops.secrets."windows-bitlocker-key".path;
};
};
};
};
# Configure networking
networking = {
domain = "mccarty.io";
useDHCP = false;
interfaces.enp6s0.useDHCP = true;
nat.externalInterface = "enp6s0";
# Open ports for soulseek
firewall = {
allowedTCPPorts = [ 61377 ];
allowedUDPPorts = [ 61377 ];
};
};
# Setup home manager
home-manager.users.nathan = import ./home.nix;
# TPM setup
security = {
tpm2 = {
enable = true;
};
};
boot = {
initrd = {
kernelModules = [ "tpm_crb" ];
systemd = {
enable = true;
};
};
kernelParams = [ "crypt-pv.luks.options=tpm2-device=auto" ];
};
# Install gamescope
environment.systemPackages = [
inputs.gamescope.defaultPackage."x86_64-linux"
];
nixpkgs.config.packageOverrides = pkgs: {
steam = pkgs.steam.override {
extraPkgs = pkgs: [
inputs.gamescope.defaultPackage."x86_64-linux"
];
};
};
}

51
machines/levitation/home.nix Normal file
View File

@ -0,0 +1,51 @@
{ config, lib, pkgs, ... }:
{
nathan = {
services = {
email = {
enable = true;
};
};
config = {
isDesktop = true;
};
programs = {
util = {
wine = true;
};
};
};
# Sway outputs
wayland.windowManager.sway.config = {
output = {
DP-1 = {
pos = "0 140";
scale = "1";
subpixel = "rgb";
};
DP-3 = {
pos = "2560 0";
scale = "1.25";
subpixel = "rgb";
};
HDMI-A-1 = {
pos = "5632 140";
scale = "1";
subpixel = "rgb";
};
};
startup = [
# GLPaper
{ command = "glpaper DP-1 ${../../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper DP-3 ${../../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper HDMI-A-1 ${../../custom-files/sway/selen.frag} --fork"; }
];
};
# Mako output configuration
programs.mako = {
# Lock mako notifs to main display
output = "DP-3";
};
}

102
machines/matrix.nix
View File

@ -1,102 +0,0 @@
{ config, lib, pkgs, ... }:
{
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# Grub configuration for linode
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.loader.grub.forceInstall = true;
boot.loader.timeout = 10;
boot.loader.grub.extraConfig = ''
serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1;
terminal_input serial;
terminal_output serial
'';
boot.kernelParams = [
"console=ttyS0"
];
networking.hostName = "matrix";
networking.domain = "community.rs";
networking.useDHCP = false;
networking.interfaces.enp0s5.useDHCP = true;
networking.enableIPv6 = false;
# Create www-html group
users.groups.www-html.gid = 6848;
# Add shaurya
users.users.shaurya = {
isNormalUser = true;
home = "/home/shaurya";
description = "Shaurya";
extraGroups = [ "www-html" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDA8BwFgWGrX5is2rQV+T0dy4MUWhfpE5EzYxjgLuH1V shauryashubham1234567890@gmail.com"
];
shell = pkgs.nushell;
};
# Add www-html for my self
users.users.nathan = {
extraGroups = [ "www-html" ];
};
###
## Borg Backup
###
# Install borg
environment.systemPackages = with pkgs; [
borgbackup
];
# Setup sops
sops.secrets."borg-sshKey" = {
format = "yaml";
sopsFile = ../secrets/borg.yaml;
};
sops.secrets."borg-matrixPassword" = {
format = "yaml";
sopsFile = ../secrets/borg.yaml;
};
# Setup the job
services.borgbackup.jobs = {
files = {
paths = [
"/home"
"/var"
"/etc"
];
exclude = [
"*/.cache"
"*/.tmp"
"/home/nathan/minecraft/server/backup"
"/var/lib/postgresql"
"/var/lib/redis"
"/var/lib/docker"
"/var/log"
];
repo = "de1955@de1955.rsync.net:computers/matrix";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg-matrixPassword".path}";
};
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}";
compression = "auto,zstd";
startAt = "OnCalendar=00/4:30";
prune.keep = {
within = "7d"; # Keep all archives for the past week
daily = 1; # Keep 1 snapshot a day for 2 weeks
weekly = 4; # Keep 1 snapshot a week for 4 weeks
monthly = -1; # Keep unlimited monthly backups
};
};
};
# Backup postgres
services.postgresqlBackup = {
enable = true;
compression = "none";
backupAll = true;
startAt = "OnCalendar=00/2:00";
};
}

219
machines/oracles.nix
View File

@ -1,219 +0,0 @@
{ config, lib, pkgs, java, quilt-server, ... }:
{
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Configure networking
networking = {
hostName = "oracles";
domain = "mccarty.io";
useDHCP = false;
interfaces.enp1s0f1.ipv4.addresses = [{
address = "104.238.220.96";
prefixLength = 24;
}];
defaultGateway = "104.238.220.1";
nameservers = [ "172.23.98.121" "1.1.1.1" ];
};
# Open ports in firewall
networking.firewall.allowedTCPPorts = [ 22 80 443 25565 ];
networking.firewall.allowedUDPPorts = [ 22 80 443 25565 ];
networking.firewall.enable = true;
# Trust zerotier interface
networking.firewall.trustedInterfaces = [ "zt5u4uutwm" ];
# Add nginx and acme certs
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
security.acme = {
defaults.email = "nathan@mccarty.io";
acceptTerms = true;
};
# Redis
services.redis.servers.main = {
enable = true;
bind = "172.23.108.12";
};
# Add work user
users.users.work = {
isNormalUser = true;
home = "/home/work";
description = "Work";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:FF7F00"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQmfnO7T6LVPKHrc5M0jL8FXDCR3twMwdR4fbLqlY/k 108620588+echo-delta@users.noreply.github.com"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgU6Tqx/+wAjL+nhvOp1QDgJVGevU6owErgVJ+rh6ZbxowSU5wxXEsp92vob4c0r996+XDByDX/N/EmbdR6EIbkv0mr7R/UBnZYp9dTlLQTlMrfu65QFZxl0/Mo4B8wMd81rChaZjavCxIqX4EQGykCmd8D57Gp0PvbkKVzxn6+XJgXb8Zj2x0RWXao+7IuZ2tkKN/8tzmiSgVaYlu+HuxJ8em6PuALm9DDBtImhKJSc99OhGUsEIw/e2TKPcDMrPQd72uN8KvBp83vp3nLXeSWLMKkyZDvTPMh/2S7WE+pWP5lrmPpwfEsCU/n7t2THLmz1Nc2jqJX1s2eeKBWI2KEszpQUzwjdToyINo7HTP3S+TbpbEB8LHdZ1/XFI/WM9mO/vOEfDO7onJz301NKu+337sTpv6WklRoBijLyWVZGvNI2c4bffoTQH10ZA2LbwatwCCwJg3YKbz5VHgcIkzkqOUC2md/BquoCFenOlLf0g6A3dV1k= victorkoenders@Victors-MacBook-Pro.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWM99wchjC0AkxTfBOU/SJhP2YivITafRTEtlUHFK+f victorkoenders@Victors-MacBook-Pro.local"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOeQJTq6EOGghRut9FWcFxzkYeJXXnOKnls3qfTnFdyl"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINE5i3Uv3queOM3VfOCYOU/gnUAU+kZ8GFyn+C5dGcCc"
];
shell = pkgs.fish;
};
# Install java
environment.systemPackages = with pkgs; [
java.packages.${system}.semeru-latest
borgbackup
emacs28NativeComp
];
# Setup sops
sops.secrets."borg-sshKey" = {
format = "yaml";
sopsFile = ../secrets/borg.yaml;
};
sops.secrets."borg-oraclesPassword" = {
format = "yaml";
sopsFile = ../secrets/borg.yaml;
};
sops.secrets."friendpack-backblaze" = {
format = "yaml";
sopsFile = ../secrets/backblaze.yaml;
owner = config.users.users.nathan.name;
group = config.users.users.nathan.group;
};
# Setup minecraft container
containers.minecraft =
let
b2AccountID = "00284106ead1ac40000000002";
b2KeyFile = "${config.sops.secrets."friendpack-backblaze".path}";
b2Bucket = "ForwardProgressServerBackup";
in
{
config = { pkgs, lib, ... }@attrs:
let
# OpenJDK 17
javaPackage = pkgs.jdk;
in
{
imports = [
quilt-server.nixosModules.default
];
###
## Container stuff
###
# Let nix know this is a container
boot.isContainer = true;
# Set system state version
system.stateVersion = "22.05";
# Setup networking
networking.useDHCP = false;
# Allow minecraft out
networking.firewall.allowedTCPPorts = [ 25565 ];
###
## User
###
users = {
mutableUsers = false;
# Enable us to not use a password, this is a container
allowNoPasswordLogin = true;
};
###
## Configure module
###
forward-progress = {
services = {
minecraft = {
enable = true;
minecraft-version = "1.18.2";
quilt-version = "0.17.1-beta.6";
ram = 6144;
properties = {
motd = "Nathan's Private Modded Minecraft";
white-list = true;
enforce-whitelist = true;
};
packwiz-url = "https://pack.forward-progress.net/0.3/pack.toml";
acceptEula = true;
};
backup = {
enable = true;
backblaze = {
enable = true;
accountId = b2AccountID;
keyFile = b2KeyFile;
bucket = b2Bucket;
};
};
};
};
};
autoStart = true;
bindMounts = {
"/var/minecraft" = {
hostPath = "/var/minecraft";
isReadOnly = false;
};
"/run/secrets/friendpack-backblaze" = {
hostPath = "/run/secrets/friendpack-backblaze";
};
};
forwardPorts = [
{
containerPort = 25565;
hostPort = 25565;
protocol = "tcp";
}
{
containerPort = 25565;
hostPort = 25565;
protocol = "udp";
}
];
};
# Setup the backup job
services.borgbackup.jobs = {
files = {
paths = [
"/home"
"/var"
"/etc"
];
exclude = [
"*/.cache"
"*/.tmp"
"/home/nathan/minecraft/server/backup"
"/var/lib/postgresql"
"/var/lib/redis"
"/var/lib/docker"
"/var/log"
"/var/minecraft"
"/var/sharedstore"
];
repo = "de1955@de1955.rsync.net:computers/oracles";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets."borg-oraclesPassword".path}";
};
environment.BORG_RSH = "ssh -i ${config.sops.secrets."borg-sshKey".path}";
compression = "auto,zstd";
startAt = "OnCalendar=00/4:30";
prune.keep = {
within = "7d"; # Keep all archives for the past week
daily = 1; # Keep 1 snapshot a day for 2 weeks
weekly = 4; # Keep 1 snapshot a week for 4 weeks
monthly = -1; # Keep unlimited monthly backups
};
};
};
# Backup postgres
services.postgresqlBackup = {
enable = true;
compression = "none";
backupAll = true;
startAt = "OnCalendar=00/2:00";
};
}

237
machines/oracles/configuration.nix Normal file
View File

@ -0,0 +1,237 @@
{ config, lib, pkgs, inputs, ... }:
{
# Sops setup for this machine
sops.secrets = {
"borg-ssh-key" = {
sopsFile = ../../secrets/oracles/borg.yaml;
format = "yaml";
};
"borg-password" = {
sopsFile = ../../secrets/oracles/borg.yaml;
format = "yaml";
};
"friendpack-backblaze" = {
format = "yaml";
sopsFile = ../../secrets/oracles/backblaze.yaml;
owner = config.users.users.nathan.name;
group = config.users.users.nathan.group;
};
"nix-asuran" = {
format = "yaml";
sopsFile = ../../secrets/oracles/gitlab.yaml;
};
};
# Setup system configuration
nathan = {
programs = {
utils = {
devel = true;
binfmt = true;
};
};
services = {
nginx = {
enable = true;
acme = true;
};
matrix = {
enable = true;
baseDomain = "mccarty.io";
};
borg = {
enable = true;
extraExcludes = [
"*/.cache"
"*/.tmp"
"/home/nathan/minecraft/server/backup"
"/var/lib/postgresql"
"/var/lib/redis"
"/var/lib/docker"
"/var/log"
"/var/minecraft"
"/var/sharedstore"
];
passwordFile = config.sops.secrets."borg-password".path;
sshKey = config.sops.secrets."borg-ssh-key".path;
};
};
config = {
setupGrub = true;
nix = {
autoUpdate = true;
autoGC = true;
};
harden = false;
virtualization = {
docker = true;
};
};
};
# Configure networking
networking = {
domain = "mccarty.io";
useDHCP = false;
interfaces.enp1s0f1.ipv4.addresses = [{
address = "104.238.220.96";
prefixLength = 24;
}];
defaultGateway = "104.238.220.1";
nameservers = [ "1.1.1.1" ];
# Open ports in firewall
firewall = {
allowedTCPPorts = [ 25565 ];
allowedUDPPorts = [ 25565 ];
trustedInterfaces = [ "zt5u4uutwm" ];
};
};
# Setup home manager
home-manager.users.nathan = import ./home.nix;
# Setup minecraft container
containers.minecraft =
let
b2AccountID = "00284106ead1ac40000000002";
b2KeyFile = "${config.sops.secrets."friendpack-backblaze".path}";
b2Bucket = "ForwardProgressServerBackup";
in
{
config = { pkgs, lib, ... }@attrs:
let
# OpenJDK 17
javaPackage = pkgs.jdk;
in
{
imports = [
inputs.quilt-server.nixosModules.default
];
###
## Container stuff
###
# Let nix know this is a container
boot.isContainer = true;
# Set system state version
system.stateVersion = "22.05";
# Setup networking
networking.useDHCP = false;
# Allow minecraft out
networking.firewall.allowedTCPPorts = [ 25565 ];
###
## User
###
users = {
mutableUsers = false;
# Enable us to not use a password, this is a container
allowNoPasswordLogin = true;
};
###
## Configure module
###
forward-progress = {
services = {
minecraft = {
enable = true;
minecraft-version = "1.18.2";
quilt-version = "0.17.1-beta.6";
ram = 6144;
properties = {
motd = "Nathan's Private Modded Minecraft";
white-list = true;
enforce-whitelist = true;
};
packwiz-url = "https://pack.forward-progress.net/0.3/pack.toml";
acceptEula = true;
};
backup = {
enable = true;
backblaze = {
enable = true;
accountId = b2AccountID;
keyFile = b2KeyFile;
bucket = b2Bucket;
};
};
};
};
};
autoStart = true;
bindMounts = {
"/var/minecraft" = {
hostPath = "/var/minecraft";
isReadOnly = false;
};
"/run/secrets/friendpack-backblaze" = {
hostPath = "/run/secrets/friendpack-backblaze";
};
};
forwardPorts = [
{
containerPort = 25565;
hostPort = 25565;
protocol = "tcp";
}
{
containerPort = 25565;
hostPort = 25565;
protocol = "udp";
}
];
};
# Setup vhost for pack website
services.nginx.virtualHosts."pack.forward-progress.net" = {
enableACME = true;
forceSSL = true;
locations."/".root = "/var/www/pack.forward-progress.net";
root = "/var/www/pack.forward-progress.net";
};
# Backup postgres, as used by matrix
services.postgresqlBackup = {
#enable = true;
compression = "none";
backupAll = true;
startAt = "OnCalendar=00/2:00";
};
# Setup the gitlab runners
services.gitlab-runner =
let
nix-shared = with lib; {
dockerImage = "nixpkgs/nix-flakes";
dockerVolumes = [
"/var/sharedstore:/sharedstore"
];
dockerDisableCache = true;
dockerPrivileged = true;
};
in
{
enable = true;
concurrent = 4;
checkInterval = 1;
services = {
# default-asuran = {
# registrationConfigFile = "/var/lib/secret/gitlab-runner/asuran-default";
# dockerImage = "debian:stable";
# dockerVolumes = [
# "/var/run/docker.sock:/var/run/docker.sock"
# ];
# dockerPrivileged = true;
# tagList = [ "linux-own" ];
# };
nix-asuran = nix-shared // {
registrationConfigFile = config.sops.secrets.nix-asuran.path;
tagList = [ "nix" ];
requestConcurrency = 8;
limit = 4;
runUntagged = true;
};
};
};
}

3
machines/oracles/home.nix Normal file
View File

@ -0,0 +1,3 @@
{ config, lib, pkgs, ... }:
{ }

57
machines/perception.nix
View File

@ -1,57 +0,0 @@
{ config, lib, pkgs, ... }:
{
networking = {
hostName = "perception";
domain = "mccarty.io";
useDHCP = false;
interfaces.eno1 = {
useDHCP = false;
ipv4.addresses = [
{
address = "10.0.0.11";
prefixLength = 21;
}
];
};
defaultGateway = "10.0.4.1";
nameservers = [ "10.0.0.10" ];
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Trust ZT interface
networking.firewall.trustedInterfaces = [ "zt5u4uutwm" ];
# add plex nfs mount
fileSystems."/var/plex" = {
device = "10.0.0.139:/mnt/tank/root/data/plex";
fsType = "nfs";
};
fileSystems."/var/scratch" = {
device = "10.0.0.139:/mnt/tank/root/scratch";
fsType = "nfs";
};
# Enable sabnzbd
services.sabnzbd = {
enable = true;
};
# Enable sonarr
services.sonarr = {
enable = true;
};
# Enable radarr
services.radarr = {
enable = true;
};
# Open firewall ports
networking.firewall = {
enable = false;
allowedTCPPorts = [ 8080 8989 9383 7878 ];
allowedUDPPorts = [ 8080 8989 9383 7878 ];
};
}

83
machines/shadowchild.nix
View File

@ -1,83 +0,0 @@
{ config, lib, pkgs, ... }:
{
boot.cleanTmpDir = true;
networking.hostName = "shadowchild";
networking.domain = "mccarty.io";
networking.firewall.allowPing = true;
# Turn on nginx so we can get a lets encrypt cert
security.acme.defaults.email = "nathan@mccarty.io";
security.acme.acceptTerms = true;
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts."turn.community.rs" = {
enableACME = true;
forceSSL = true;
};
};
services.coturn = rec {
enable = true;
no-cli = true;
no-tcp-relay = true;
min-port = 49000;
max-port = 50000;
use-auth-secret = true;
static-auth-secret = "5C1rbLi5pPJhEGTzkVR1";
realm = "turn.community.rs";
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
extraConfig = ''
# for debugging
verbose
# ban private IP ranges
no-multicast-peers
denied-peer-ip=0.0.0.0-0.255.255.255
denied-peer-ip=10.0.0.0-10.255.255.255
denied-peer-ip=100.64.0.0-100.127.255.255
denied-peer-ip=127.0.0.0-127.255.255.255
denied-peer-ip=169.254.0.0-169.254.255.255
denied-peer-ip=192.0.0.0-192.0.0.255
denied-peer-ip=192.0.2.0-192.0.2.255
denied-peer-ip=192.88.99.0-192.88.99.255
denied-peer-ip=192.168.0.0-192.168.255.255
denied-peer-ip=198.18.0.0-198.19.255.255
denied-peer-ip=198.51.100.0-198.51.100.255
denied-peer-ip=203.0.113.0-203.0.113.255
denied-peer-ip=240.0.0.0-255.255.255.255
denied-peer-ip=::1
denied-peer-ip=64:ff9b::-64:ff9b::ffff:ffff
denied-peer-ip=::ffff:0.0.0.0-::ffff:255.255.255.255
denied-peer-ip=100::-100::ffff:ffff:ffff:ffff
denied-peer-ip=2001::-2001:1ff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=2002::-2002:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
denied-peer-ip=fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff
'';
};
# open the firewall
networking.firewall = {
interfaces.enp2s0 =
let
range = with config.services.coturn; [{
from = min-port;
to = max-port;
}];
in
{
allowedUDPPortRanges = range;
allowedUDPPorts = [ 3478 ];
allowedTCPPortRanges = range;
allowedTCPPorts = [ 3478 ];
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 80 443 ];
}

10
machines/tablet/configuration.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, lib, pkgs, ... }:
{
nathan = {
config = {
isDesktop = true;
};
};
home-manager.config = import ./home.nix;
}

9
machines/tablet/home.nix Normal file
View File

@ -0,0 +1,9 @@
{ config, lib, pkgs, ... }:
{
nathan = {
config = {
isDesktop = true;
};
};
}

30
machines/wsl/configuration.nix Normal file
View File

@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:
{
# Setup system configuration
nathan = {
services = {
ssh = false;
tailscale.enable = false;
};
config = {
installUser = false;
nix.autoUpdate = false;
harden = false;
fonts = true;
};
};
# Configure networking
networking = {
domain = "mccarty.io";
};
# Setup home manager
home-manager.users.nathan = import ./home.nix;
# Setup WSL
wsl = {
enable = true;
automountPath = "/mnt";
defaultUser = "nathan";
startMenuLaunchers = true;
};
}

30
machines/wsl/home.nix Normal file
View File

@ -0,0 +1,30 @@
{ config, lib, pkgs, ... }:
{
nathan = {
services = {
email = {
# TODO: enable
enable = false;
};
};
programs = {
util = {
productivity = true;
};
devel = {
core = true;
rust = true;
jvm = true;
python = true;
js = true;
raku = true;
};
emacs = {
enable = true;
# TODO: enable
service = false;
};
};
};
}

19
machines/x86vm/configuration.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
{
nathan = {
programs = {
games = true;
};
config = {
isDesktop = true;
nix.autoUpdate = false;
};
};
home-manager.users.nathan = import ./home.nix;
# Workaround to get sway working in qemu
environment.variables = {
"WLR_RENDERER" = "pixman";
};
}

12
machines/x86vm/home.nix Normal file
View File

@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
{
nathan = {
programs = {
util.git.gpgSign = false;
};
config = {
isDesktop = true;
};
};
}

48
modules/audio.nix
View File

@ -1,48 +0,0 @@
## Setup pipewire, including bluetooth audio
{ config, pkgs, ... }:
let new-noisetorch = pkgs.noisetorch.overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "noisetorch";
repo = "NoiseTorch";
rev = "fe3ace8cc7add2f3bd42dd767c8fc292bc2aeaad";
fetchSubmodules = true;
hash = "sha256-A6cX1ck47/ZIn9cnV/Ow4CxVFfOX5J0K0Q+B70jCFdQ=";
};
version = "0.12.0";
meta.insecure = false;
});
in
{
# Disable normal audio subsystem explicitly
sound.enable = false;
# Turn on rtkit, so that audio processes can be upgraded to real time
security.rtkit.enable = true;
# Turn on pipewire
services.pipewire = {
enable = true;
# Turn on all the emulation layers
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
jack.enable = true;
};
# Turn on bluetooth services
services.blueman.enable = true;
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
# Add pulse audio packages, but do not enable them
environment.systemPackages = [
pkgs.pulseaudio
pkgs.pavucontrol
];
# Add noisetorch for microphone noise canceling
programs.noisetorch = {
enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6
# Use latest noisetorch, its a fast moving target
package = new-noisetorch;
};
}

13
modules/autoupdate.nix
View File

@ -1,13 +0,0 @@
{ config, lib, pkgs, ... }:
{
# Autoupdate the system
system.autoUpgrade = {
enable = true;
allowReboot = true;
# Update from the flake
flake = "github:nathans-flakes/system";
# Attempt to update daily at 2AM
dates = "2:00";
};
}

18
modules/common.nix
View File

@ -1,18 +0,0 @@
{ config, pkgs, ... }:
{
# Turn on compressed memory swap
zramSwap = {
enable = true;
algorithm = "lz4";
memoryPercent = 25;
};
# Automatically optimize and garbage collect the store
nix = {
autoOptimiseStore = true;
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
}

33
modules/common/programs/utils.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
let
nathan = config.nathan;
in
with lib;
{
config = mkMerge [
(mkIf nathan.programs.utils.core
{
environment.systemPackages = with pkgs; [
# Basic command line utilities
wget
tmux
nano
unzip
any-nix-shell
htop
# For nslookup
dnsutils
# Mosh for better high-latency ssh
mosh
# PV for viewing pipes
pv
];
})
(mkIf nathan.programs.utils.devel {
environment.systemPackages = with pkgs; [
gcc
binutils
];
})
];
}

17
modules/docker.nix
View File

@ -1,17 +0,0 @@
{ config, pkgs, ... }:
{
# Enable docker and use unstable version
virtualisation.docker = {
enable = true;
package = pkgs.docker;
# Automatically prune to keep things lean
autoPrune.enable = true;
};
# Setup networking for nixos containers
networking = {
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
};
};
}

14
modules/fonts.nix
View File

@ -1,14 +0,0 @@
{ config, pkgs, ... }:
{
fonts.fonts = with pkgs; [
## Monospace Fonts
# FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs
(nerdfonts.override { fonts = [ "FiraCode" ]; })
fira-code-symbols
fira
# Proportional
roboto
liberation_ttf
noto-fonts
];
}

27
modules/games.nix
View File

@ -1,27 +0,0 @@
{ pkgs, nixpkgs-unstable, ... }: {
environment.systemPackages =
let
# https://github.com/Admicos/minecraft-wayland
glfw-patched = pkgs.glfw-wayland.overrideAttrs (attrs: {
patches = attrs.patches ++ [
../patches/minecraft/0003-Don-t-crash-on-calls-to-focus-or-icon.patch
../patches/minecraft/0004-wayland-fix-broken-opengl-screenshots-on-mutter.patch
];
});
stable-packages = with pkgs; [
# Dwarf fortress
(dwarf-fortress-packages.dwarf-fortress-full.override {
enableFPS = true;
})
# PolyMC minecraft stuff
polymc
glfw-patched
(pkgs.callPackage ../packages/blockbench/default.nix { })
];
unstable-packages = with nixpkgs-unstable.legacyPackages."${pkgs.system}"; [
# Packwiz for maintaing modpacks
packwiz
];
in
stable-packages ++ unstable-packages;
}

36
modules/gpg.nix
View File

@ -1,36 +0,0 @@
# Configure gpg with yubikey support
{ config, pkgs, ... }:
{
# Setup environment for gpg agent
environment.shellInit = ''
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
'';
environment.sessionVariables = {
SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh";
};
programs = {
# Disable ssh-agent, the gpg-agent will fill in
ssh.startAgent = false;
# Enable gpg-agent with ssh support
gnupg.agent = {
enable = true;
enableSSHSupport = true;
enableExtraSocket = true;
};
};
# Enable ykpersonalize to work
services.udev.packages = [ pkgs.yubikey-personalization ];
# Enable smartcard service
services.pcscd.enable = true;
# install gnupg and yubikey personalization
environment.systemPackages = with pkgs; [
gnupg
yubikey-personalization
];
}

25
modules/lib.nix Normal file
View File

@ -0,0 +1,25 @@
{ lib, pkgs }:
{
nLib = {
# mkEnableOption, but defaults to true
mkEnableOptionT = name: lib.mkOption {
default = true;
example = false;
description = "Whether to enable ${name}.";
type = lib.types.bool;
};
# mkEnableOption, but with a default
mkDefaultOption = name: default: lib.mkOption {
default = default;
example = false;
description = "Whether to enable ${name}.";
type = lib.types.bool;
};
# Returns an empty list if the current system is not linux
ifLinux = value: if pkgs.stdenv.isLinux then value else [ ];
# Appends if the predicate is true
appendIf = predicate: input: append:
if predicate then input ++ append else input;
};
}

14
modules/linux/base.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
with lib; {
config = {
nix = mkIf config.nathan.config.nix.autoGC {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
};
};
}

200
modules/linux/default.nix Normal file
View File

@ -0,0 +1,200 @@
{ config, lib, pkgs, ... }:
let
inherit (import ../lib.nix { inherit lib; inherit pkgs; }) nLib;
in
{
imports = [
../options.nix
./base.nix
./user.nix
./desktop.nix
./swaywm.nix
./hardware.nix
./virtualization.nix
./windows.nix
./programs/games.nix
./programs/gpg.nix
./programs/utils.nix
./services/ssh.nix
./services/tailscale.nix
./services/borg.nix
./services/nginx.nix
./services/matrix.nix
./linux/base.nix
];
options = with lib; with nLib; {
nathan = {
# Control enabling of services
# Services are system specific so they go here
services = {
# Use zramSwap, enabled by default
zramSwap = mkDefaultOption "zram memory compression" config.nathan.config.isDesktop;
# Enable ssh and configure firewall
# On by default
ssh = mkEnableOptionT "ssh";
# Enable tailscale, on by default on linux
tailscale = {
enable = mkDefaultOption "tailscale" pkgs.stdenv.isLinux;
};
# Borg backup
# Disabled by default as it requires configuration, but a really good idea to turn on
borg = {
enable = mkEnableOption "borg";
extraExcludes = mkOption {
default = [ ];
description = "List of extra paths to exclude";
};
extraIncludes = mkOption {
default = [ ];
description = "List of extra paths to include";
};
location = mkOption {
default = "de1955@de1955.rsync.net:computers";
description = "Location to backup to";
type = lib.types.str;
};
passwordFile = mkOption {
description = "Path to the password file";
type = lib.types.str;
};
sshKey = mkOption {
description = "Path to the ssh key";
type = lib.types.str;
};
startAt = mkOption {
description = "How often to run backups";
default = "hourly";
};
};
# Nginx
nginx = {
enable = mkEnableOption "nginx";
acme = mkEnableOption "ACME Integration";
};
# Matrix
matrix = {
enable = mkEnableOption "matrix";
baseDomain = mkOption {
description = "Base domain to use for the matrix services";
example = "mccarty.io";
type = lib.types.str;
};
element = mkDefaultOption "element" config.nathan.services.matrix.enable;
enableRegistration = mkEnableOption "synapse registration";
};
};
# Linux (desktop/server, not android) specific programs
programs = {
# Install games
games = mkEnableOption "games";
# Install gpg with yubikey support
# Enabled by default if the system is a desktop
gpg = mkDefaultOption "gpg" config.nathan.config.isDesktop;
utils = {
# Enable multi system emulation
# Enabled by default on desktop
binfmt = mkDefaultOption "binfmt" config.nathan.config.isDesktop;
};
};
# Control enabling of hardware support
hardware = {
# Logitech hardware support
# On by default if the system is a desktop
logitech = mkDefaultOption "logitech" config.nathan.config.isDesktop;
};
# Linux specific configuration
config = {
# Wether or not to install the main user
installUser = mkOption {
default = pkgs.stdenv.isLinux;
example = true;
description = "Whether to install the 'nathan' user";
type = lib.types.bool;
};
# Should we harden this system?
# On by default
harden = mkEnableOptionT "Apply system hardening";
# Enable audio subsystem
# On by default if the system is a desktop
audio = mkDefaultOption "audio" config.nathan.config.isDesktop;
# Basic grub configuration
# Off by default
setupGrub = mkEnableOption "Setup grub";
# Install fonts
# On by default if the system is a desktop
fonts = mkDefaultOption "fonts" config.nathan.config.isDesktop;
# Enable unfree software
# On by default
enableUnfree = mkEnableOptionT "unfree software";
# Nix configuration
nix = {
# Automatic GC and optimization of the nix store
# On by default
autoGC = mkEnableOptionT "Nix store optimization and auto gc";
# Automatic updating of the system
# On by default
autoUpdate = mkEnableOptionT "Nix autoupdating";
};
# Swaywm configuration
# On by default if the system is a desktop
swaywm = {
enable = mkOption {
default = config.nathan.config.isDesktop;
example = true;
description = "Whether to setup swaywm";
type = lib.types.bool;
};
};
# Virtualization configuration
# All on by default if the system is a desktop
virtualization = {
qemu = mkDefaultOption "qemu" config.nathan.config.isDesktop;
docker = mkDefaultOption "docker" config.nathan.config.isDesktop;
lxc = mkDefaultOption "lxc" config.nathan.config.isDesktop;
nixos = mkDefaultOption "nixos containers" config.nathan.config.isDesktop;
};
# Support for interacting with a dual booted windows system
windows = {
enable = mkEnableOption "Windows Integration";
mount = {
enable = mkDefaultOption "Mount a bitlockered windows partition" config.nathan.config.windows.enable;
device = mkOption {
description = "Device to mount";
example = "/dev/sda2";
type = types.str;
};
mountPoint = mkOption {
description = "Location to mount the device to";
example = "/dev/sda2";
type = types.str;
};
keyFile = mkOption {
description = "File containing the recovery key for the partition";
type = types.str;
};
};
};
};
};
};
config = {
# Enable the firewall
networking.firewall.enable = true;
# Enable unfree packages
nixpkgs.config.allowUnfree = config.nathan.config.enableUnfree;
# Work around for discord jank ugh
nixpkgs.config.permittedInsecurePackages = [
"electron-13.6.9"
];
# Set system state version
system.stateVersion = "22.05";
# Enable flakes
# Enable nix flakes
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
};
}

85
modules/linux/desktop.nix Normal file
View File

@ -0,0 +1,85 @@
{ config, lib, pkgs, ... }:
let
nc = config.nathan.config;
in
with lib; {
# Generic desktop configuration
config = mkMerge [
(mkIf nc.isDesktop
{
# Ergodox
environment.systemPackages = with pkgs; [
wally-cli
];
hardware.keyboard.zsa.enable = true;
# Configure grub if configured
})
(mkIf nc.setupGrub {
# Boot, drivers, and host name
# Use grub
boot.loader = {
grub = {
enable = true;
version = 2;
efiSupport = true;
# Go efi only
devices = [ "nodev" ];
# Use os-prober
useOSProber = true;
};
efi = {
efiSysMountPoint = "/boot/";
canTouchEfiVariables = false;
};
};
})
# Configure audio
(mkIf nc.audio {
# Disable normal audio subsystem explicitly
sound.enable = false;
# Turn on rtkit, so that audio processes can be upgraded to real time
security.rtkit.enable = true;
# Turn on pipewire
services.pipewire = {
enable = true;
# Turn on all the emulation layers
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
jack.enable = true;
};
# Turn on bluetooth services
services.blueman.enable = true;
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
# Add pulse audio packages, but do not enable them
environment.systemPackages = with pkgs;[
pulseaudio
pavucontrol
noisetorch
];
# Add noisetorch for microphone noise canceling
programs.noisetorch = {
enable = true;
};
# Configure fonts
})
(mkIf nc.fonts {
fonts.fonts = with pkgs; [
## Monospace Fonts
# FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs
(nerdfonts.override { fonts = [ "FiraCode" ]; })
fira-code-symbols
fira
# Proportional
roboto
liberation_ttf
noto-fonts
];
})
];
}

13
modules/linux/hardware.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, lib, pkgs, ... }:
let
nw = config.nathan.hardware;
in
with lib;
{
config = {
hardware.logitech.wireless = mkIf nw.logitech {
enable = true;
enableGraphical = true;
};
};
}

59
modules/linux/linux/base.nix Normal file
View File

@ -0,0 +1,59 @@
{ config, lib, pkgs, inputs, ... }@attrs:
with lib;
{
config = mkMerge [
(mkIf pkgs.stdenv.isLinux
{
zramSwap = mkIf config.nathan.services.zramSwap
{
enable = true;
algorithm = "lz4";
memoryPercent = 25;
};
nix = mkIf config.nathan.config.nix.autoGC {
autoOptimiseStore = true;
};
})
(mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
(mkIf config.nathan.config.harden {
boot.kernelPackages = pkgs.linuxPackages_5_18_hardened;
security = {
allowSimultaneousMultithreading = true;
unprivilegedUsernsClone = true;
};
})
(mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) {
# Use the zen kernel with muqss turned on
boot.kernelPackages =
let
linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override {
structuredExtraConfig = with lib.kernel; {
SCHED_MUQSS = yes;
};
ignoreConfigErrors = true;
}
);
in
linuxZenWMuQSS;
})
(mkIf
(config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux)
{
# Auto update daily at 2 am
system.autoUpgrade = {
enable = true;
allowReboot = true;
# Update from the flake
flake = "github:nathans-flakes/System/rewrite";
# Attempt to update daily at 2AM
dates = "2:00";
};
})
# Systemd user service cludge
{
systemd.user.extraConfig = ''
DefaultEnvironment="PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${config.nathan.config.user}/bin"
'';
}
];
}

35
modules/linux/programs/games.nix Normal file
View File

@ -0,0 +1,35 @@
{ config, lib, pkgs, inputs, ... }:
let
np = config.nathan.programs;
in
with lib;
{
config = mkIf np.games {
environment.systemPackages =
let
# https://github.com/Admicos/minecraft-wayland
glfw-patched = pkgs.glfw-wayland.overrideAttrs (attrs: {
patches = attrs.patches ++ [
../../../patches/minecraft/0003-Don-t-crash-on-calls-to-focus-or-icon.patch
../../../patches/minecraft/0004-wayland-fix-broken-opengl-screenshots-on-mutter.patch
];
});
stable-packages = with pkgs; [
# Dwarf fortress
(dwarf-fortress-packages.dwarf-fortress-full.override {
enableFPS = true;
})
# PolyMC minecraft stuff
inputs.polymc.packages."${system}".polymc
glfw-patched
];
unstable-packages = with inputs.nixpkgs-unstable.legacyPackages."${pkgs.system}"; [
# Packwiz for maintaing modpacks
packwiz
];
in
stable-packages ++ unstable-packages;
# Install steam
programs.steam.enable = true;
};
}

43
modules/linux/programs/gpg.nix Normal file
View File

@ -0,0 +1,43 @@
{ config, lib, pkgs, ... }:
let
np = config.nathan.programs;
nc = config.nathan.config;
in
with lib;
{
config = mkIf np.gpg {
# Setup environment for gpg agent
environment.shellInit = ''
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
'';
environment.sessionVariables = {
SSH_AUTH_SOCK =
"/run/user/1000/gnupg/S.gpg-agent.ssh";
};
programs = {
# Disable ssh-agent, the gpg-agent will fill in
ssh.startAgent = false;
# Enable gpg-agent with ssh support
gnupg.agent = {
enable = true;
enableSSHSupport = true;
enableExtraSocket = true;
};
};
# Enable ykpersonalize to work
services.udev.packages = [ pkgs.yubikey-personalization ];
# Enable smartcard service
services.pcscd.enable = true;
# install gnupg and yubikey personalization
environment.systemPackages = with pkgs; [
gnupg
yubikey-personalization
];
};
}

15
modules/linux/programs/utils.nix Normal file
View File

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
let
nathan = config.nathan;
in
with lib;
{
imports = [
../../common/programs/utils.nix
];
config = mkMerge [
(mkIf nathan.programs.utils.binfmt {
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
})
];
}

44
modules/linux/services/borg.nix Normal file
View File

@ -0,0 +1,44 @@
{ config, lib, pkgs, ... }:
with lib; {
config = mkIf config.nathan.services.borg.enable {
# Add borg to the system packages
environment.systemPackages = with pkgs; [
borgbackup
];
services.borgbackup.jobs = {
rsyncnet = {
paths = [
"/home"
"/var"
"/etc"
"/root"
] ++ config.nathan.services.borg.extraIncludes;
exclude = [
"*/.cache"
"*/.tmp"
"/home/${config.nathan.config.user}/Projects/*/target"
"/home/${config.nathan.config.user}/Work/*/target"
"/home/${config.nathan.config.user}/.local/share/Steam"
"/home/${config.nathan.config.user}/*/Cache"
"/home/*/Downloads"
"/var/dislocker"
];
repo = "${config.nathan.services.borg.location}/${config.networking.hostName}";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.nathan.services.borg.passwordFile}";
};
environment.BORG_RSH = "ssh -i ${config.nathan.services.borg.sshKey}";
compression = "auto,zstd";
startAt = config.nathan.services.borg.startAt;
prune.keep = {
within = "7d"; # Keep all archives for the past week
daily = 1; # Keep 1 snapshot a day for 2 weeks
weekly = 4; # Keep 1 snapshot a week for 4 weeks
monthly = -1; # Keep unlimited monthly backups
};
};
};
};
}

350
modules/linux/services/matrix.nix Normal file
View File

@ -0,0 +1,350 @@
{ config, lib, pkgs, inputs, ... }:
let
nathan = config.nathan;
in
with lib;
{
config = mkMerge [
(mkIf nathan.services.matrix.enable
{
# Enable nginx
nathan.services.nginx.enable = true;
services = {
# Setup postgres
postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'matrix-synapse';
CREATE DATABASE "synapse" WITH OWNER "synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
# Setup synapse
matrix-synapse = {
enable = true;
settings = {
enable_registration = false;
server_name = nathan.services.matrix.baseDomain;
listeners = [
{
port = 8008;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = false;
}
];
}
];
database.args = {
user = "matrix-synapse";
database = "synapse";
};
};
};
# Configure nginx
nginx.virtualHosts = {
"matrix.${nathan.services.matrix.baseDomain}" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
rewrite ^(.*)$ http://${"element." + nathan.services.matrix.baseDomain}$1 redirect;
'';
# forward all Matrix API calls to the synapse Matrix homeserver
locations."/_matrix" = {
proxyPass = "http://[::1]:8008"; # without a trailing /
};
locations."/_synapse" = {
proxyPass = "http://[::1]:8008"; # without a trailing /
};
};
};
};
}
)
(mkIf nathan.services.matrix.element {
services.nginx.virtualHosts."element.${nathan.services.matrix.baseDomain}" = {
enableACME = true;
forceSSL = true;
root = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.element-web.override {
conf = {
default_server_config."m.homeserver" = {
"base_url" = "https://matrix.${nathan.services.matrix.baseDomain}";
"server_name" = "matrix.${nathan.services.matrix.baseDomain}";
};
showLabsSettings = true;
settingDefaults.custom_themes = [
{
"name" = "Discord Dark";
"is_dark" = true;
"colors" = {
"accent-color" = "#747ff4";
"primary-color" = "#00aff4";
"warning-color" = "#ed4245d9";
"sidebar-color" = "#202225";
"roomlist-background-color" = "#2f3136";
"roomlist-text-color" = "#dcddde";
"roomlist-text-secondary-color" = "#8e9297";
"roomlist-highlights-color" = "#4f545c52";
"roomlist-separator-color" = "#40444b";
"timeline-background-color" = "#36393f";
"timeline-text-color" = "#dcddde";
"timeline-text-secondary-color" = "#b9bbbe";
"timeline-highlights-color" = "#04040512";
"reaction-row-button-selected-bg-color" = "#b9bbbe";
};
}
{
"name" = "Dracula Flat";
"is_dark" = true;
"colors" = {
"accent-color" = "#bd93f9";
"primary-color" = "#bd93f9";
"warning-color" = "#bd93f9";
"sidebar-color" = "#1e1f29";
"roomlist-background-color" = "#1e1f29";
"roomlist-text-color" = "#eeeeee";
"roomlist-text-secondary-color" = "#eeeeee";
"roomlist-highlights-color" = "#00000030";
"roomlist-separator-color" = "#00000000";
"timeline-background-color" = "#1e1f29";
"timeline-text-color" = "#eeeeee";
"timeline-text-secondary-color" = "#dddddd";
"timeline-highlights-color" = "#00000030";
"reaction-row-button-selected-bg-color" = "#b9bbbe";
};
}
{
"name" = "Dracula";
"is_dark" = true;
"colors" = {
"accent-color" = "#bd93f9";
"primary-color" = "#bd93f9";
"warning-color" = "#bd93f9";
"sidebar-color" = "#1e1f29";
"roomlist-background-color" = "#1e1f29";
"roomlist-text-color" = "#eeeeee";
"roomlist-text-secondary-color" = "#eeeeee";
"roomlist-highlights-color" = "#00000030";
"roomlist-separator-color" = "#4d4d4d90";
"timeline-background-color" = "#282A36";
"timeline-text-color" = "#eeeeee";
"timeline-text-secondary-color" = "#dddddd";
"timeline-highlights-color" = "#00000030";
"reaction-row-button-selected-bg-color" = "#b9bbbe";
};
}
{
"name" = "Geeko dark theme";
"is_dark" = true;
"colors" = {
"accent-color" = "#73ba25";
"primary-color" = "#35b9ab";
"warning-color" = "#bf616a";
"sidebar-color" = "#2a2a2a";
"roomlist-background-color" = "#4a4a4a";
"roomlist-text-color" = "#fff";
"roomlist-text-secondary-color" = "#ddd";
"roomlist-highlights-color" = "#2a2a2a";
"roomlist-separator-color" = "#3a3a3a";
"timeline-background-color" = "#3a3a3a";
"timeline-text-color" = "#eee";
"timeline-text-secondary-color" = "#6da741";
"timeline-highlights-color" = "#bf616a";
"reaction-row-button-selected-bg-color" = "#bf616a";
};
}
{
"name" = "Luxury Dark theme";
"is_dark" = true;
"colors" = {
"accent-color" = "#D9BC00";
"primary-color" = "#FFDD00";
"warning-color" = "#FBC403";
"sidebar-color" = "#020F1B";
"roomlist-background-color" = "#011223";
"roomlist-highlights-color" = "#1E354A";
"roomlist-separator-color" = "#05192D";
"roomlist-text-color" = "#FFEC70";
"roomlist-text-secondary-color" = "#FFF3A4";
"timeline-background-color" = "#05192D";
"timeline-highlights-color" = "#011223";
"timeline-text-color" = "#FFF3A4";
"timeline-text-secondary-color" = "#A79000";
"reaction-row-button-selected-bg-color" = "#FFEC70";
};
}
{
"name" = "Nord dark theme";
"is_dark" = true;
"colors" = {
"accent-color" = "#a3be8c";
"primary-color" = "#88c0d0";
"warning-color" = "#bf616a";
"sidebar-color" = "#2e3440";
"roomlist-background-color" = "#3b4252";
"roomlist-text-color" = "#ebcb8b";
"roomlist-text-secondary-color" = "#e5e9f0";
"roomlist-highlights-color" = "#2e3440";
"roomlist-separator-color" = "#434c5e";
"timeline-background-color" = "#434c5e";
"timeline-text-color" = "#eceff4";
"timeline-text-secondary-color" = "#81a1c1";
"timeline-highlights-color" = "#3b4252";
"reaction-row-button-selected-bg-color" = "#bf616a";
};
}
{
"name" = "Nord light theme";
"is_dark" = false;
"colors" = {
"accent-color" = "#a3be8c";
"primary-color" = "#5e81ac";
"warning-color" = "#bf616a";
"sidebar-color" = "#d8dee9";
"roomlist-background-color" = "#e5e9f0";
"roomlist-text-color" = "#d08770";
"roomlist-text-secondary-color" = "#3b4252";
"roomlist-highlights-color" = "#eceff4";
"roomlist-separator-color" = "#eceff4";
"timeline-background-color" = "#eceff4";
"timeline-text-color" = "#2e3440";
"timeline-text-secondary-color" = "#3b4252";
"timeline-highlights-color" = "#e5e9f0";
"reaction-row-button-selected-bg-color" = "#bf616a";
};
}
{
"name" = "Selenized black theme";
"is_dark" = true;
"colors" = {
"accent-color" = "#70b433";
"primary-color" = "#4695f7";
"warning-color" = "#ed4a46";
"sidebar-color" = "#181818";
"roomlist-background-color" = "#252525";
"roomlist-text-color" = "#ffffff";
"roomlist-text-secondary-color" = "#b9b9b9";
"roomlist-highlights-color" = "#3b3b3b";
"roomlist-separator-color" = "#121212";
"timeline-background-color" = "#181818";
"timeline-text-color" = "#FFFFFF";
"timeline-text-secondary-color" = "#777777";
"timeline-highlights-color" = "#252525";
"reaction-row-button-selected-bg-color" = "#4695f7";
};
}
{
"name" = "Selenized dark theme";
"is_dark" = true;
"colors" = {
"accent-color" = "#41c7b9";
"primary-color" = "#4695f7";
"warning-color" = "#fa5750";
"sidebar-color" = "#103c48";
"roomlist-background-color" = "#184956";
"roomlist-text-color" = "#dbb32d";
"roomlist-text-secondary-color" = "#FFFFFF";
"roomlist-highlights-color" = "#2d5b69";
"roomlist-separator-color" = "#2d5b69";
"timeline-background-color" = "#2d5b69";
"timeline-text-color" = "#FFFFFF";
"timeline-text-secondary-color" = "#72898f";
"timeline-highlights-color" = "#184956";
"reaction-row-button-selected-bg-color" = "#4695f7";
};
}
{
"name" = "Selenized light theme";
"is_dark" = false;
"colors" = {
"accent-color" = "#ad8900";
"primary-color" = "#009c8f";
"warning-color" = "#d2212d";
"sidebar-color" = "#d5cdb6";
"roomlist-background-color" = "#ece3cc";
"roomlist-text-color" = "#c25d1e";
"roomlist-text-secondary-color" = "#000000";
"roomlist-highlights-color" = "#fbf3db";
"roomlist-separator-color" = "#fbf3db";
"timeline-background-color" = "#fbf3db";
"timeline-text-color" = "#000000";
"timeline-text-secondary-color" = "#777777";
"timeline-highlights-color" = "#ece3cc";
"reaction-row-button-selected-bg-color" = "#4695f7";
};
}
{
"name" = "Solarized Dark";
"is_dark" = true;
"colors" = {
"accent-color" = "#b58900";
"primary-color" = "#268bd2";
"warning-color" = "#dc322f";
"sidebar-color" = "#002b36";
"roomlist-background-color" = "#073642";
"roomlist-text-color" = "#839496";
"roomlist-text-secondary-color" = "#93a1a1";
"roomlist-highlights-color" = "#586e75";
"timeline-background-color" = "#002b36";
"timeline-text-color" = "#839496";
"timeline-text-secondary-color" = "#586e75";
"timeline-highlights-color" = "#073642";
"reaction-row-button-selected-bg-color" = "#268bd2";
};
}
{
"name" = "ThomCat black theme";
"is_dark" = true;
"colors" = {
"accent-color" = "#cc7b19";
"primary-color" = "#9F8652";
"warning-color" = "#f9c003";
"sidebar-color" = "#000000";
"roomlist-background-color" = "#191919";
"roomlist-text-color" = "#cc7b19";
"roomlist-text-secondary-color" = "#e5e5e5";
"roomlist-highlights-color" = "#323232";
"roomlist-separator-color" = "#4c4c4c";
"timeline-background-color" = "#000000";
"timeline-text-color" = "#e5e5e5";
"timeline-text-secondary-color" = "#b2b2b2";
"timeline-highlights-color" = "#212121";
"reaction-row-button-selected-bg-color" = "#cc7b19";
};
}
];
};
};
};
})
];
}

28
modules/linux/services/nginx.nix Normal file
View File

@ -0,0 +1,28 @@
{ config, lib, pkgs, ... }:
let
nathan = config.nathan;
in
with lib;
{
config = mkMerge [
(mkIf nathan.services.nginx.enable {
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ 80 443 ];
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
})
(mkIf nathan.services.nginx.acme {
security.acme = {
defaults.email = nathan.config.email;
acceptTerms = true;
};
})
];
}

31
modules/linux/services/ssh.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, lib, pkgs, ... }:
let
nathan = config.nathan;
in
with lib;
{
config = mkIf nathan.services.ssh {
networking.firewall = {
allowedTCPPorts = [ 22 ];
allowedUDPPorts = [ 22 ];
};
services.openssh = {
enable = true;
extraConfig = ''
StreamLocalBindUnlink yes
'';
listenAddresses = [
{
addr = "0.0.0.0";
port = 22;
}
];
permitRootLogin = "no";
passwordAuthentication = false;
};
# Enable mosh for connecting from phone or bad internet
programs.mosh.enable = true;
};
}

62
modules/linux/services/tailscale.nix Normal file
View File

@ -0,0 +1,62 @@
{ config, lib, pkgs, ... }:
let
nathan = config.nathan;
in
with lib;
{
config = mkIf nathan.services.tailscale.enable {
environment.systemPackages = with pkgs; [
tailscale
];
# Enable the service
services.tailscale = {
enable = true;
};
# Setup sops
sops.secrets."tailscale-auth" = {
sopsFile = ../../../secrets/all/tailscale.yaml;
format = "yaml";
};
# Oneshot job to authenticate to tailscale
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up -authkey $(cat ${config.sops.secrets."tailscale-auth".path})
'';
};
# Configure firewall for tailscale
networking.firewall = {
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
};
# Also enable zerotierone for now
# TODO: Get completely migrated away from this
services.zerotierone = {
enable = true;
joinNetworks = [ "c7c8172af15d643d" ];
};
};
}

84
modules/linux/swaywm.nix Normal file
View File

@ -0,0 +1,84 @@
{ config, lib, pkgs, inputs, ... }:
let
nc = config.nathan.config;
in
with lib;
{
config = mkIf nc.swaywm.enable {
# Turn on GDM for login
services.xserver = {
enable = true;
autorun = true;
displayManager = {
sddm = {
enable = true;
settings = {
Wayland = {
CompositorCommand = "kwin_wayland --no-lockscreen";
};
};
theme = "sugar-dark";
};
defaultSession = "sway";
};
# Enable plasma for the applications
desktopManager.plasma5.enable = true;
};
# Setup drivers
hardware.opengl = {
# Enable vulkan
driSupport = true;
# Same as above, but enable 32 bit legacy support (for games)
driSupport32Bit = true;
};
# Basic packages that are effectively required for a graphical system
environment.systemPackages = with pkgs; [
# GTK Theming
gtk-engine-murrine
gtk_engines
gsettings-desktop-schemas
lxappearance
kde-gtk-config
(stdenv.mkDerivation rec {
pname = "sddm-sugar-dark-theme";
version = "1.2";
dontBuild = true;
installPhase = ''
mkdir -p $out/share/sddm/themes
cp -aR $src $out/share/sddm/themes/sugar-dark
'';
src = fetchFromGitHub {
owner = "MarianArlt";
repo = "sddm-sugar-dark";
rev = "v${version}";
sha256 = "0gx0am7vq1ywaw2rm1p015x90b75ccqxnb1sz3wy8yjl27v82yhb";
};
})
];
# Enable QT themeing
programs.qt5ct.enable = true;
# Enable and configure sway itself
programs.sway = {
enable = true;
# Enable the wrapper for gtk applications
wrapperFeatures.gtk = true;
};
environment.sessionVariables = {
MOZ_ENABLE_WAYLAND = "1";
};
# Enable the xdg-portal
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
gtkUsePortal = true;
};
};
};
}

52
modules/linux/user.nix Normal file
View File

@ -0,0 +1,52 @@
{ config, lib, pkgs, ... }:
let
nc = config.nathan.config;
in
with lib; {
config = {
users = {
# If we install the user and the system is hardended, then disable mutable users
mutableUsers = !(nc.installUser && nc.harden);
# Configure our user, if enabled
users."${nc.user}" = mkMerge [
(mkIf nc.installUser
{
# Darwin is special
home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan";
description = "Nathan McCarty";
shell = pkgs.fish;
# Linux specific configuration next
})
(mkIf (nc.installUser && pkgs.stdenv.isLinux) {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ];
hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
openssh.authorizedKeys.keys = [
# yubikey ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"
# Macbook pro key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local"
# Phone key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH"
# Tablet key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost"
];
})
];
};
# If we install the user, enable sudo
security.sudo.enable = mkDefault nc.installUser;
# If we isntall the user, make them trusted
nix.settings.trusted-users =
if nc.installUser then [
"nathan"
] else [ ];
# If we setup the user, install the shell as well
environment.systemPackages =
if nc.installUser then [
pkgs.fish
] else [ ];
# Configure the timezone
time.timeZone = "America/New_York";
};
}

48
modules/linux/virtualization.nix Normal file
View File

@ -0,0 +1,48 @@
{ config, lib, pkgs, ... }:
let
nc = config.nathan.config;
in
with lib;
{
config = mkMerge [
(mkIf nc.virtualization.qemu
{
# Enable the kernel modules
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
# Enable libvirt
virtualisation.libvirtd.enable = true;
# Install virt-manager
environment.systemPackages = with pkgs; [
virtmanager
];
})
(mkIf nc.virtualization.docker {
# Enable docker
virtualisation.docker = {
enable = true;
# Automatically prune to keep things lean
autoPrune.enable = true;
};
# Make sure our containers can reach the network
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
})
(mkIf nc.virtualization.lxc {
virtualisation.lxd = {
enable = true;
recommendedSysctlSettings = true;
};
users.users.${nc.user} = mkIf nc.installUser {
extraGroups = [ "lxd" ];
};
})
(mkIf nc.virtualization.nixos {
# Setup networking for nixos containers
networking = {
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
};
};
})
];
}

31
modules/linux/windows.nix Normal file
View File

@ -0,0 +1,31 @@
{ config, lib, pkgs, ... }:
with lib;{
config = mkIf config.nathan.config.windows.enable {
# Enable ntfs support
boot.supportedFilesystems = [ "ntfs" ];
# Install dislocker for mounting bitlocker encrypted partitions
environment.systemPackages = with pkgs; [
dislocker
];
systemd.services.mount-windows =
let
mount = config.nathan.config.windows.mount;
in
mkIf mount.enable {
description = "Mount ${mount.device} to ${mount.mountPoint}";
wantedBy = [ "multi-user.target" ];
path = with pkgs; [
bash
dislocker
];
serviceConfig = {
Type = "forking";
ExecStart =
"${../../scripts/windows/mount.sh} ${mount.device} ${mount.mountPoint} ${mount.keyFile}";
ExecStop = "${../../scripts/windows/unmount.sh} ${mount.device} ${mount.mountPoint}";
};
};
};
}

7
modules/logitech.nix
View File

@ -1,7 +0,0 @@
{ config, pkgs, ... }:
{
hardware.logitech.wireless = {
enable = true;
enableGraphical = true;
};
}

11
modules/lxc.nix
View File

@ -1,11 +0,0 @@
{ config, lib, pkgs, ... }:
{
virtualisation.lxd = {
enable = true;
recommendedSysctlSettings = true;
};
users.users.nathan = {
extraGroups = [ "lxd" ];
};
}

32
modules/nix-on-droid/default.nix Normal file
View File

@ -0,0 +1,32 @@
{ config, lib, pkgs, ... }:
let
inherit (import ../lib.nix { inherit lib; inherit pkgs; }) nLib;
in
{
imports = [
../options.nix
./programs/util.nix
];
options = with lib; with nLib; { };
config = {
environment.packages = with pkgs; [
nettools
];
# Set system state version
system.stateVersion = "22.05";
# Enable flakes
# Enable nix flakes
nix.package = pkgs.nixFlakes;
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
# Set login shell
user.shell = "${pkgs.fish}/bin/fish";
nathan.config.user = "nix-on-droid";
};
}

38
modules/nix-on-droid/programs/util.nix Normal file
View File

@ -0,0 +1,38 @@
{ config, lib, pkgs, ... }:
let
nathan = config.nathan;
in
with lib;
{
config = mkMerge [
(mkIf nathan.programs.utils.core
{
environment.packages = with pkgs; [
# Basic command line utilities
wget
tmux
nano
unzip
any-nix-shell
htop
which
# For being able to update the flake
gitFull
# For nslookup
dnsutils
# Mosh for better high-latency ssh
mosh
# PV for viewing pipes
pv
# Openssh
openssh
];
})
(mkIf nathan.programs.utils.devel {
environment.packages = with pkgs; [
gcc
binutils
];
})
];
}

42
modules/options.nix Normal file
View File

@ -0,0 +1,42 @@
{ config, lib, pkgs, ... }:
let
inherit (import ./lib.nix { inherit lib; inherit pkgs; }) nLib;
in
{
options = with lib; with nLib; {
nathan = {
# Programs, many of these will be generic
programs = {
# Utility modules
utils = {
# Core utililtes I want on every system
# Enabled by default
core = mkEnableOptionT "utils-core";
# Development utilities that can't be installed through home manager due to collisions
devel = mkDefaultOption "devel" config.nathan.config.isDesktop;
};
};
# General system configuration
config = {
# Name of the user to install
user = mkOption {
default = "nathan";
example = "nathan";
description = "Username to use for common configuration";
type = lib.types.str;
};
# Name of the user to install
email = mkOption {
default = "nathan@mccarty.io";
example = "nathan@mccarty.io";
description = "Email to use for common configuration";
type = lib.types.str;
};
# Is this system a desktop?
# Off by default
isDesktop = mkEnableOption "Desktop specific settings";
};
};
};
}

23
modules/printing.nix
View File

@ -1,23 +0,0 @@
{ config, pkgs, ... }:
{
services.printing = {
enable = true;
drivers = with pkgs; [
canon-cups-ufr2
carps-cups
cnijfilter2
];
};
# Enable avahi for printer discovery
services.avahi = {
enable = true;
nssmdns = true;
};
environment.systemPackages = with pkgs; [
canon-cups-ufr2
cups
cups-filters
];
}

11
modules/protonmail.nix
View File

@ -1,11 +0,0 @@
{ config, lib, pkgs, ... }:
{
# Install protonmail-bridge and pass
environment.systemPackages = with pkgs; [
protonmail-bridge
pass
offlineimap
mu
];
}

12
modules/qemu.nix
View File

@ -1,12 +0,0 @@
# Setup quem/libvirt
{ config, pkgs, ... }:
{
# Enable the kernel modules
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
# Enable libvirt
virtualisation.libvirtd.enable = true;
# Install virt-manager
environment.systemPackages = with pkgs; [
virtmanager
];
}

Some files were not shown because too many files have changed in this diff Show More