nix
/
System
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix incorrect merging logic

This commit is contained in:
nathan mccarty 2022-07-02 02:44:43 -04:00
parent 05935584cb
commit d30315a050
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
15 changed files with 490 additions and 415 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@ -7,7 +7,7 @@ keys:
- &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla
- &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
creation_rules: creation_rules:
- path_regex: .* - path_regex: secrets/all/.*
key_groups: key_groups:
- age: - age:
- *nathan - *nathan
@ -16,3 +16,8 @@ creation_rules:
- *perception - *perception
- *shadowchild - *shadowchild
- *matrix - *matrix
- path_regex: secrets/levitation
key_groups:
- age:
- *nathan
- *levitation

11
flake.nix
View File

@ -80,7 +80,6 @@
# Setup sops # Setup sops
# Add default secrets # Add default secrets
sops = { sops = {
defaultSopsFile = ./secrets/nathan.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}; };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -131,6 +130,7 @@
config = { config = {
isDesktop = true; isDesktop = true;
nix.autoUpdate = false; nix.autoUpdate = false;
harden = false;
}; };
}; };
# Configure networking # Configure networking
@ -149,14 +149,7 @@
# FIXME borg backup module # FIXME borg backup module
# Setup home manager # Setup home manager
home-manager.users.nathan = { config, lib, pkgs, ... }: { home-manager.users.nathan = import ./home-manager/machines/levitation.nix;
# Module configuration
nathan = {
config = {
isDesktop = true;
};
};
};
}) })
]; ];
}; };

41
home-manager/machines/levitation.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
{
nathan = {
config = {
isDesktop = true;
};
};
# Sway outputs
wayland.windowManager.sway.config = {
output = {
DP-1 = {
pos = "0 140";
scale = "1";
subpixel = "rgb";
};
DP-3 = {
pos = "2560 0";
scale = "1.25";
subpixel = "rgb";
};
HDMI-A-1 = {
pos = "5632 140";
scale = "1";
subpixel = "rgb";
};
};
startup = [
# GLPaper
{ command = "glpaper DP-1 ${../../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper DP-3 ${../../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper HDMI-A-1 ${../../custom-files/sway/selen.frag} --fork"; }
];
};
# Mako output configuration
programs.mako = {
# Lock mako notifs to main display
output = "DP-3";
};
}

231
home-manager/programs/core.nix
View File

@ -1,126 +1,19 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
nathan = config.nathan;
in
with lib; with lib;
{ {
config = { config = mkMerge [
######################### (mkIf config.nathan.programs.util.git.enable {
## SSH Configuration
#########################
programs.ssh = mkIf nathan.programs.util.ssh {
# SSH configuration
enable = true;
# extra config to set the ciphers
extraConfig = ''
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
'';
# enable session reuse
controlMaster = "auto";
controlPersist = "10m";
# Configure known hosts
matchBlocks = {
"levitation" = {
forwardAgent = true;
user = "nathan";
hostname = "100.95.223.6";
};
"perception" = {
forwardAgent = true;
user = "nathan";
hostname = "100.67.146.101";
};
"oracles" = {
forwardAgent = true;
user = "nathan";
hostname = "100.66.15.34";
};
"tounge" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.98.121";
};
"shadowchild" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.217.149";
};
"matrix.community.rs" = {
forwardAgent = true;
user = "nathan";
hostname = "100.113.74.107";
};
"de1955" = {
user = "de1955";
hostname = "de1955.rsync.net";
};
};
};
#########################
## Fish Configuration
#########################
programs.fish = mkIf nathan.programs.util.fish {
enable = true;
# Setup our aliases
shellAliases = {
ls = "exa --icons";
la = "exa --icons -a";
lg = "exa --icons --git";
cat = "bat";
dig = "dog";
df = "duf";
};
# Custom configuration
interactiveShellInit = ''
# Setup any-nix-shell
any-nix-shell fish --info-right | source
# Load logger function
source ~/.config/fish/functions/cmdlogger.fish
'';
functions = {
# Setup command logging to ~/.logs
cmdlogger = {
onEvent = "fish_preexec";
body = ''
mkdir -p ~/.logs
echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log
'';
};
};
};
programs.starship = mkIf nathan.programs.util.fish {
enable = true;
settings = {
directory = {
truncation_length = 3;
fish_style_pwd_dir_length = 1;
};
git_commit = {
commit_hash_length = 6;
only_detached = false;
};
package = {
symbol = "";
};
time = {
disabled = false;
format = "[$time]($style)";
time_format = "%I:l%M %p";
};
};
};
######################### #########################
## Git configuration ## Git configuration
######################### #########################
programs.git = mkIf nathan.programs.util.git.enable { programs.git = {
enable = true; enable = true;
package = pkgs.gitAndTools.gitFull; package = pkgs.gitAndTools.gitFull;
userName = "Nathan McCarty"; userName = "Nathan McCarty";
userEmail = "nathan@mccarty.io"; userEmail = "nathan@mccarty.io";
signing = { signing = {
key = "B7A40A5D78C08885"; key = "B7A40A5D78C08885";
signByDefault = nathan.programs.util.git.gpgSign; signByDefault = config.nathan.programs.util.git.gpgSign;
}; };
ignores = [ ignores = [
"**/*~" "**/*~"
@ -200,16 +93,126 @@ with lib;
}; };
}; };
}; };
} // mkIf nathan.programs.util.json { })
(mkIf config.nathan.programs.util.ssh {
#########################
## SSH Configuration
#########################
programs.ssh = {
# SSH configuration
enable = true;
# extra config to set the ciphers
extraConfig = ''
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
'';
# enable session reuse
controlMaster = "auto";
controlPersist = "10m";
# Configure known hosts
matchBlocks = {
"levitation" = {
forwardAgent = true;
user = "nathan";
hostname = "100.95.223.6";
};
"perception" = {
forwardAgent = true;
user = "nathan";
hostname = "100.67.146.101";
};
"oracles" = {
forwardAgent = true;
user = "nathan";
hostname = "100.66.15.34";
};
"tounge" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.98.121";
};
"shadowchild" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.217.149";
};
"matrix.community.rs" = {
forwardAgent = true;
user = "nathan";
hostname = "100.113.74.107";
};
"de1955" = {
user = "de1955";
hostname = "de1955.rsync.net";
};
};
};
})
(mkIf config.nathan.programs.util.fish {
#########################
## Fish Configuration
#########################
programs.fish = {
enable = true;
# Setup our aliases
shellAliases = {
ls = "exa --icons";
la = "exa --icons -a";
lg = "exa --icons --git";
cat = "bat";
dig = "dog";
df = "duf";
};
# Custom configuration
interactiveShellInit = ''
# Setup any-nix-shell
any-nix-shell fish --info-right | source
# Load logger function
source ~/.config/fish/functions/cmdlogger.fish
'';
functions = {
# Setup command logging to ~/.logs
cmdlogger = {
onEvent = "fish_preexec";
body = ''
mkdir -p ~/.logs
echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log
'';
};
};
};
programs.starship = {
enable = true;
settings = {
directory = {
truncation_length = 3;
fish_style_pwd_dir_length = 1;
};
git_commit = {
commit_hash_length = 6;
only_detached = false;
};
package = {
symbol = "";
};
time = {
disabled = false;
format = "[$time]($style)";
time_format = "%I:%M %p";
};
};
};
})
(mkIf config.nathan.programs.util.json {
######################### #########################
## JSON Utilities ## JSON Utilities
######################### #########################
programs.jq = mkIf nathan.programs.util.json { programs.jq = {
enable = true; enable = true;
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
jc jc
fx fx
]; ];
}; })
];
} }

15
home-manager/programs/devel.nix
View File

@ -6,7 +6,7 @@ let
in in
with lib; with nLib; { with lib; with nLib; {
config = config = mkMerge [
# Core development utilites # Core development utilites
(mkIf devel.core { (mkIf devel.core {
home.packages = with pkgs; home.packages = with pkgs;
@ -44,7 +44,7 @@ with lib; with nLib; {
}; };
}) })
# Rust development # Rust development
// (mkIf devel.rust { (mkIf devel.rust {
home.packages = with pkgs; [ home.packages = with pkgs; [
# Rustup for having the compiler around # Rustup for having the compiler around
rustup rustup
@ -68,7 +68,7 @@ with lib; with nLib; {
]; ];
}) })
# JVM Development # JVM Development
// (mkIf devel.jvm { (mkIf devel.jvm {
home.packages = with unstable; [ home.packages = with unstable; [
inputs.java.packages."${pkgs.system}".semeru-stable inputs.java.packages."${pkgs.system}".semeru-stable
gradle gradle
@ -79,14 +79,14 @@ with lib; with nLib; {
]; ];
}) })
# Python Development # Python Development
// (mkIf devel.python { (mkIf devel.python {
home.packages = with pkgs; [ home.packages = with pkgs; [
python3Full python3Full
nodePackages.pyright nodePackages.pyright
]; ];
}) })
# JavaScript/TypeScript Development # JavaScript/TypeScript Development
// (mkIf devel.js { (mkIf devel.js {
home.packages = with unstable; [ home.packages = with unstable; [
nodejs nodejs
yarn yarn
@ -95,12 +95,13 @@ with lib; with nLib; {
]; ];
}) })
# Raku Development # Raku Development
// (mkIf devel.raku { (mkIf devel.raku {
home.packages = with pkgs; [ home.packages = with pkgs; [
rakudo rakudo
zef zef
]; ];
}); })
];
} }

3
modules/default.nix
View File

@ -9,6 +9,7 @@ in
./desktop.nix ./desktop.nix
./swaywm.nix ./swaywm.nix
./hardware.nix ./hardware.nix
./virtualization.nix
./programs/games.nix ./programs/games.nix
./programs/gpg.nix ./programs/gpg.nix
./programs/utils.nix ./programs/utils.nix
@ -81,7 +82,7 @@ in
harden = mkEnableOptionT "Apply system hardening"; harden = mkEnableOptionT "Apply system hardening";
# Enable audio subsystem # Enable audio subsystem
# On by default if the system is a desktop # On by default if the system is a desktop
audio = mkDefaultOption "audio" config.nathan.conifg.isDesktop; audio = mkDefaultOption "audio" config.nathan.config.isDesktop;
# Basic grub configuration # Basic grub configuration
# Off by default # Off by default
setupGrub = mkEnableOption "Setup grub"; setupGrub = mkEnableOption "Setup grub";

15
modules/desktop.nix
View File

@ -4,7 +4,8 @@ let
in in
with lib; { with lib; {
# Generic desktop configuration # Generic desktop configuration
config = mkIf nc.isDesktop config = mkMerge [
(mkIf nc.isDesktop
{ {
# Ergodox # Ergodox
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -12,7 +13,8 @@ with lib; {
]; ];
hardware.keyboard.zsa.enable = true; hardware.keyboard.zsa.enable = true;
# Configure grub if configured # Configure grub if configured
} // mkIf nc.setupGrub { })
(mkIf nc.setupGrub {
## Boot, drivers, and host name ## Boot, drivers, and host name
# Use grub # Use grub
boot.loader = { boot.loader = {
@ -31,7 +33,8 @@ with lib; {
}; };
}; };
# Configure audio # Configure audio
} // mkIf nc.audio { })
(mkIf nc.audio {
# Disable normal audio subsystem explicitly # Disable normal audio subsystem explicitly
sound.enable = false; sound.enable = false;
# Turn on rtkit, so that audio processes can be upgraded to real time # Turn on rtkit, so that audio processes can be upgraded to real time
@ -64,7 +67,8 @@ with lib; {
enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6 enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6
}; };
# Configure fonts # Configure fonts
} // mkIf nc.fonts { })
(mkIf nc.fonts {
fonts.fonts = with pkgs; [ fonts.fonts = with pkgs; [
## Monospace Fonts ## Monospace Fonts
# FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs # FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs
@ -76,5 +80,6 @@ with lib; {
liberation_ttf liberation_ttf
noto-fonts noto-fonts
]; ];
}; })
];
} }

32
modules/linux/base.nix
View File

@ -1,9 +1,10 @@
{ config, lib, pkgs, inputs, ... }@attrs: { config, lib, pkgs, inputs, ... }@attrs:
with lib; with lib;
{ {
config = mkIf pkgs.stdenv.isLinux config = mkMerge [
({ (mkIf pkgs.stdenv.isLinux
zramSwap = mkIf config.nathan.servics.zramSwap {
zramSwap = mkIf config.nathan.services.zramSwap
{ {
enable = true; enable = true;
algorithm = "lz4"; algorithm = "lz4";
@ -12,13 +13,23 @@ with lib;
nix = mkIf config.nathan.config.nix.autoGC { nix = mkIf config.nathan.config.nix.autoGC {
autoOptimiseStore = true; autoOptimiseStore = true;
}; };
} // mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs)) })
// mkIf (config.nathan.config.installUser && pkgs.stdenv.isLinux) (mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
{ (mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) {
# System must be for us :v # Use the zen kernel with muqss turned on
networking.domain = "mccarty.io"; boot.kernelPackages =
let
linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override {
structuredExtraConfig = with lib.kernel; {
SCHED_MUQSS = yes;
};
ignoreConfigErrors = true;
} }
// mkIf );
in
linuxZenWMuQSS;
})
(mkIf
(config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux) (config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux)
{ {
# Auto update daily at 2 am # Auto update daily at 2 am
@ -30,5 +41,6 @@ with lib;
# Attempt to update daily at 2AM # Attempt to update daily at 2AM
dates = "2:00"; dates = "2:00";
}; };
}; })
];
} }

12
modules/programs/utils.nix
View File

@ -4,7 +4,8 @@ let
in in
with lib; with lib;
{ {
config = mkIf nathan.programs.utils.core config = mkMerge [
(mkIf nathan.programs.utils.core
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Basic command line utilities # Basic command line utilities
@ -38,7 +39,8 @@ with lib;
# PV for viewing pipes # PV for viewing pipes
pv pv
]; ];
} // mkIf nathan.programs.utils.productivity { })
(mkIf nathan.programs.utils.productivity {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Feh image viewer # Feh image viewer
feh feh
@ -61,9 +63,11 @@ with lib;
# Pandoc for documentation # Pandoc for documentation
pandoc pandoc
]; ];
} // mkIf nathan.programs.utils.binfmt { })
(mkIf nathan.programs.utils.binfmt {
boot.binfmt.emulatedSystems = [ boot.binfmt.emulatedSystems = [
"aarch64-linux" "aarch64-linux"
]; ];
}; })
];
} }

1
modules/services/tailscale.nix
View File

@ -16,6 +16,7 @@ with lib;
# Setup sops # Setup sops
sops.secrets."tailscale-auth" = { sops.secrets."tailscale-auth" = {
sopsFile = ../../secrets/all/tailscale.yaml;
format = "yaml"; format = "yaml";
}; };

2
modules/swaywm.nix
View File

@ -8,7 +8,7 @@ with lib;
# Turn on GDM for login # Turn on GDM for login
services.xserver = { services.xserver = {
enable = true; enable = true;
autorun = true; autorun = false;
displayManager = { displayManager = {
gdm = { gdm = {
enable = true; enable = true;

9
modules/user.nix
View File

@ -8,14 +8,16 @@ with lib; {
# If we install the user and the system is hardended, then disable mutable users # If we install the user and the system is hardended, then disable mutable users
mutableUsers = !(nc.installUser && nc.harden); mutableUsers = !(nc.installUser && nc.harden);
# Configure our user, if enabled # Configure our user, if enabled
users."${nc.user}" = mkIf nc.installUser users."${nc.user}" = mkMerge [
(mkIf nc.installUser
{ {
# Darwin is special # Darwin is special
home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan"; home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan";
description = "Nathan McCarty"; description = "Nathan McCarty";
shell = pkgs.fish; shell = pkgs.fish;
# Linux specific configuration next # Linux specific configuration next
} // mkIf (nc.installUser && pkgs.stdenv.isLinux) { })
(mkIf (nc.installUser && pkgs.stdenv.isLinux) {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ]; extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ];
hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
@ -29,7 +31,8 @@ with lib; {
# Tablet key # Tablet key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH"
]; ];
}; })
];
}; };
# If we install the user, enable sudo # If we install the user, enable sudo
security.sudo.enable = mkDefault nc.installUser; security.sudo.enable = mkDefault nc.installUser;

18
modules/virtualization.nix
View File

@ -4,7 +4,9 @@ let
in in
with lib; with lib;
{ {
config = mkIf nc.virtualization.qemu { config = mkMerge [
(mkIf nc.virtualization.qemu
{
# Enable the kernel modules # Enable the kernel modules
boot.kernelModules = [ "kvm-amd" "kvm-intel" ]; boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
# Enable libvirt # Enable libvirt
@ -12,14 +14,17 @@ with lib;
# Install virt-manager # Install virt-manager
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
virtmanager virtmanager
] // mkIf nc.virtualization.docker { ];
})
(mkIf nc.virtualization.docker {
# Enable docker # Enable docker
virtualisation.docker = { virtualisation.docker = {
enable = true; enable = true;
# Automatically prune to keep things lean # Automatically prune to keep things lean
autoPrune.enable = true; autoPrune.enable = true;
}; };
} // mkIf nc.virtualization.lxc { })
(mkIf nc.virtualization.lxc {
virtualisation.lxd = { virtualisation.lxd = {
enable = true; enable = true;
recommendedSysctlSettings = true; recommendedSysctlSettings = true;
@ -27,7 +32,8 @@ with lib;
users.users.${nc.user} = mkIf nc.installUser { users.users.${nc.user} = mkIf nc.installUser {
extraGroups = [ "lxd" ]; extraGroups = [ "lxd" ];
}; };
} // mkIf nc.virtualization.nixos { })
(mkIf nc.virtualization.nixos {
# Setup networking for nixos containers # Setup networking for nixos containers
networking = { networking = {
nat = { nat = {
@ -35,6 +41,6 @@ with lib;
internalInterfaces = [ "ve-+" ]; internalInterfaces = [ "ve-+" ];
}; };
}; };
}; })
}; ];
} }

0
secrets/backblaze.yaml → secrets/all/backblaze.yaml
View File

0
secrets/nathan.yaml → secrets/all/tailscale.yaml
View File