nix
/
System
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix incorrect merging logic

This commit is contained in:
nathan mccarty 2022-07-02 02:44:43 -04:00
parent 05935584cb
commit d30315a050
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
15 changed files with 490 additions and 415 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@ -7,7 +7,7 @@ keys:
- &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla - &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla
- &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d - &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
creation_rules: creation_rules:
- path_regex: .* - path_regex: secrets/all/.*
key_groups: key_groups:
- age: - age:
- *nathan - *nathan
@ -16,3 +16,8 @@ creation_rules:
- *perception - *perception
- *shadowchild - *shadowchild
- *matrix - *matrix
- path_regex: secrets/levitation
key_groups:
- age:
- *nathan
- *levitation

11
flake.nix
View File

@ -80,7 +80,6 @@
# Setup sops # Setup sops
# Add default secrets # Add default secrets
sops = { sops = {
defaultSopsFile = ./secrets/nathan.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
}; };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -131,6 +130,7 @@
config = { config = {
isDesktop = true; isDesktop = true;
nix.autoUpdate = false; nix.autoUpdate = false;
harden = false;
}; };
}; };
# Configure networking # Configure networking
@ -149,14 +149,7 @@
# FIXME borg backup module # FIXME borg backup module
# Setup home manager # Setup home manager
home-manager.users.nathan = { config, lib, pkgs, ... }: { home-manager.users.nathan = import ./home-manager/machines/levitation.nix;
# Module configuration
nathan = {
config = {
isDesktop = true;
};
};
};
}) })
]; ];
}; };

41
home-manager/machines/levitation.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
{
nathan = {
config = {
isDesktop = true;
};
};
# Sway outputs
wayland.windowManager.sway.config = {
output = {
DP-1 = {
pos = "0 140";
scale = "1";
subpixel = "rgb";
};
DP-3 = {
pos = "2560 0";
scale = "1.25";
subpixel = "rgb";
};
HDMI-A-1 = {
pos = "5632 140";
scale = "1";
subpixel = "rgb";
};
};
startup = [
# GLPaper
{ command = "glpaper DP-1 ${../../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper DP-3 ${../../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper HDMI-A-1 ${../../custom-files/sway/selen.frag} --fork"; }
];
};
# Mako output configuration
programs.mako = {
# Lock mako notifs to main display
output = "DP-3";
};
}

405
home-manager/programs/core.nix
View File

@ -1,215 +1,218 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
nathan = config.nathan;
in
with lib; with lib;
{ {
config = { config = mkMerge [
######################### (mkIf config.nathan.programs.util.git.enable {
## SSH Configuration #########################
######################### ## Git configuration
programs.ssh = mkIf nathan.programs.util.ssh { #########################
# SSH configuration programs.git = {
enable = true; enable = true;
# extra config to set the ciphers package = pkgs.gitAndTools.gitFull;
extraConfig = '' userName = "Nathan McCarty";
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr userEmail = "nathan@mccarty.io";
''; signing = {
# enable session reuse key = "B7A40A5D78C08885";
controlMaster = "auto"; signByDefault = config.nathan.programs.util.git.gpgSign;
controlPersist = "10m";
# Configure known hosts
matchBlocks = {
"levitation" = {
forwardAgent = true;
user = "nathan";
hostname = "100.95.223.6";
}; };
"perception" = { ignores = [
forwardAgent = true; "**/*~"
user = "nathan"; "*~"
hostname = "100.67.146.101"; "*_archive"
}; "/auto/"
"oracles" = { "auto-save-list"
forwardAgent = true; ".cask/"
user = "nathan"; ".dir-locals.el"
hostname = "100.66.15.34"; "dist/"
}; "**/.DS_Store"
"tounge" = { "*.elc"
forwardAgent = true; "/elpa/"
user = "nathan"; "/.emacs.desktop"
hostname = "172.23.98.121"; "/.emacs.desktop.lock"
}; "/eshell/history"
"shadowchild" = { "/eshell/lastdir"
forwardAgent = true; "flycheck_*.el"
user = "nathan"; "*_flymake.*"
hostname = "172.23.217.149"; "/network-security.data"
}; ".org-id-locations"
"matrix.community.rs" = { ".persp"
forwardAgent = true; ".projectile"
user = "nathan"; "*.rel"
hostname = "100.113.74.107"; "/server/"
}; "tramp"
"de1955" = { "\\#*\\#"
user = "de1955"; ];
hostname = "de1955.rsync.net"; delta.enable = true;
lfs.enable = true;
extraConfig = {
init = {
defaultBranch = "trunk";
};
log = {
showSignature = true;
abbrevCommit = true;
follow = true;
decorate = false;
};
rerere = {
enable = true;
autoupdate = true;
};
merge = {
ff = "only";
conflictstyle = "diff3";
};
push = {
default = "simple";
followTags = true;
};
pull = {
rebase = true;
};
status = {
showUntrackedFiles = "all";
};
transfer = {
fsckobjects = true;
};
color = {
ui = "auto";
};
diff = {
mnemonicPrefix = true;
renames = true;
wordRegex = ".";
submodule = "log";
};
credential = {
helper = "cache";
};
# Disable annoying safe directory nonsense
safe = {
directory = "*";
};
}; };
}; };
}; })
######################### (mkIf config.nathan.programs.util.ssh {
## Fish Configuration #########################
######################### ## SSH Configuration
programs.fish = mkIf nathan.programs.util.fish { #########################
enable = true; programs.ssh = {
# Setup our aliases # SSH configuration
shellAliases = { enable = true;
ls = "exa --icons"; # extra config to set the ciphers
la = "exa --icons -a"; extraConfig = ''
lg = "exa --icons --git"; Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
cat = "bat"; '';
dig = "dog"; # enable session reuse
df = "duf"; controlMaster = "auto";
}; controlPersist = "10m";
# Custom configuration # Configure known hosts
interactiveShellInit = '' matchBlocks = {
# Setup any-nix-shell "levitation" = {
any-nix-shell fish --info-right | source forwardAgent = true;
# Load logger function user = "nathan";
source ~/.config/fish/functions/cmdlogger.fish hostname = "100.95.223.6";
''; };
functions = { "perception" = {
# Setup command logging to ~/.logs forwardAgent = true;
cmdlogger = { user = "nathan";
onEvent = "fish_preexec"; hostname = "100.67.146.101";
body = '' };
mkdir -p ~/.logs "oracles" = {
echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log forwardAgent = true;
''; user = "nathan";
hostname = "100.66.15.34";
};
"tounge" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.98.121";
};
"shadowchild" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.217.149";
};
"matrix.community.rs" = {
forwardAgent = true;
user = "nathan";
hostname = "100.113.74.107";
};
"de1955" = {
user = "de1955";
hostname = "de1955.rsync.net";
};
}; };
}; };
}; })
programs.starship = mkIf nathan.programs.util.fish { (mkIf config.nathan.programs.util.fish {
enable = true; #########################
settings = { ## Fish Configuration
directory = { #########################
truncation_length = 3; programs.fish = {
fish_style_pwd_dir_length = 1; enable = true;
# Setup our aliases
shellAliases = {
ls = "exa --icons";
la = "exa --icons -a";
lg = "exa --icons --git";
cat = "bat";
dig = "dog";
df = "duf";
}; };
git_commit = { # Custom configuration
commit_hash_length = 6; interactiveShellInit = ''
only_detached = false; # Setup any-nix-shell
}; any-nix-shell fish --info-right | source
package = { # Load logger function
symbol = ""; source ~/.config/fish/functions/cmdlogger.fish
}; '';
time = { functions = {
disabled = false; # Setup command logging to ~/.logs
format = "[$time]($style)"; cmdlogger = {
time_format = "%I:l%M %p"; onEvent = "fish_preexec";
body = ''
mkdir -p ~/.logs
echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log
'';
};
}; };
}; };
}; programs.starship = {
enable = true;
######################### settings = {
## Git configuration directory = {
######################### truncation_length = 3;
programs.git = mkIf nathan.programs.util.git.enable { fish_style_pwd_dir_length = 1;
enable = true; };
package = pkgs.gitAndTools.gitFull; git_commit = {
userName = "Nathan McCarty"; commit_hash_length = 6;
userEmail = "nathan@mccarty.io"; only_detached = false;
signing = { };
key = "B7A40A5D78C08885"; package = {
signByDefault = nathan.programs.util.git.gpgSign; symbol = "";
};
time = {
disabled = false;
format = "[$time]($style)";
time_format = "%I:%M %p";
};
};
}; };
ignores = [ })
"**/*~" (mkIf config.nathan.programs.util.json {
"*~" #########################
"*_archive" ## JSON Utilities
"/auto/" #########################
"auto-save-list" programs.jq = {
".cask/" enable = true;
".dir-locals.el" };
"dist/" home.packages = with pkgs; [
"**/.DS_Store" jc
"*.elc" fx
"/elpa/"
"/.emacs.desktop"
"/.emacs.desktop.lock"
"/eshell/history"
"/eshell/lastdir"
"flycheck_*.el"
"*_flymake.*"
"/network-security.data"
".org-id-locations"
".persp"
".projectile"
"*.rel"
"/server/"
"tramp"
"\\#*\\#"
]; ];
delta.enable = true; })
lfs.enable = true; ];
extraConfig = {
init = {
defaultBranch = "trunk";
};
log = {
showSignature = true;
abbrevCommit = true;
follow = true;
decorate = false;
};
rerere = {
enable = true;
autoupdate = true;
};
merge = {
ff = "only";
conflictstyle = "diff3";
};
push = {
default = "simple";
followTags = true;
};
pull = {
rebase = true;
};
status = {
showUntrackedFiles = "all";
};
transfer = {
fsckobjects = true;
};
color = {
ui = "auto";
};
diff = {
mnemonicPrefix = true;
renames = true;
wordRegex = ".";
submodule = "log";
};
credential = {
helper = "cache";
};
# Disable annoying safe directory nonsense
safe = {
directory = "*";
};
};
};
} // mkIf nathan.programs.util.json {
#########################
## JSON Utilities
#########################
programs.jq = mkIf nathan.programs.util.json {
enable = true;
};
home.packages = with pkgs; [
jc
fx
];
};
} }

15
home-manager/programs/devel.nix
View File

@ -6,7 +6,7 @@ let
in in
with lib; with nLib; { with lib; with nLib; {
config = config = mkMerge [
# Core development utilites # Core development utilites
(mkIf devel.core { (mkIf devel.core {
home.packages = with pkgs; home.packages = with pkgs;
@ -44,7 +44,7 @@ with lib; with nLib; {
}; };
}) })
# Rust development # Rust development
// (mkIf devel.rust { (mkIf devel.rust {
home.packages = with pkgs; [ home.packages = with pkgs; [
# Rustup for having the compiler around # Rustup for having the compiler around
rustup rustup
@ -68,7 +68,7 @@ with lib; with nLib; {
]; ];
}) })
# JVM Development # JVM Development
// (mkIf devel.jvm { (mkIf devel.jvm {
home.packages = with unstable; [ home.packages = with unstable; [
inputs.java.packages."${pkgs.system}".semeru-stable inputs.java.packages."${pkgs.system}".semeru-stable
gradle gradle
@ -79,14 +79,14 @@ with lib; with nLib; {
]; ];
}) })
# Python Development # Python Development
// (mkIf devel.python { (mkIf devel.python {
home.packages = with pkgs; [ home.packages = with pkgs; [
python3Full python3Full
nodePackages.pyright nodePackages.pyright
]; ];
}) })
# JavaScript/TypeScript Development # JavaScript/TypeScript Development
// (mkIf devel.js { (mkIf devel.js {
home.packages = with unstable; [ home.packages = with unstable; [
nodejs nodejs
yarn yarn
@ -95,12 +95,13 @@ with lib; with nLib; {
]; ];
}) })
# Raku Development # Raku Development
// (mkIf devel.raku { (mkIf devel.raku {
home.packages = with pkgs; [ home.packages = with pkgs; [
rakudo rakudo
zef zef
]; ];
}); })
];
} }

3
modules/default.nix
View File

@ -9,6 +9,7 @@ in
./desktop.nix ./desktop.nix
./swaywm.nix ./swaywm.nix
./hardware.nix ./hardware.nix
./virtualization.nix
./programs/games.nix ./programs/games.nix
./programs/gpg.nix ./programs/gpg.nix
./programs/utils.nix ./programs/utils.nix
@ -81,7 +82,7 @@ in
harden = mkEnableOptionT "Apply system hardening"; harden = mkEnableOptionT "Apply system hardening";
# Enable audio subsystem # Enable audio subsystem
# On by default if the system is a desktop # On by default if the system is a desktop
audio = mkDefaultOption "audio" config.nathan.conifg.isDesktop; audio = mkDefaultOption "audio" config.nathan.config.isDesktop;
# Basic grub configuration # Basic grub configuration
# Off by default # Off by default
setupGrub = mkEnableOption "Setup grub"; setupGrub = mkEnableOption "Setup grub";

147
modules/desktop.nix
View File

@ -4,77 +4,82 @@ let
in in
with lib; { with lib; {
# Generic desktop configuration # Generic desktop configuration
config = mkIf nc.isDesktop config = mkMerge [
{ (mkIf nc.isDesktop
# Ergodox {
environment.systemPackages = with pkgs; [ # Ergodox
wally-cli environment.systemPackages = with pkgs; [
wally-cli
];
hardware.keyboard.zsa.enable = true;
# Configure grub if configured
})
(mkIf nc.setupGrub {
## Boot, drivers, and host name
# Use grub
boot.loader = {
grub = {
enable = true;
version = 2;
efiSupport = true;
# Go efi only
devices = [ "nodev" ];
# Use os-prober
useOSProber = true;
};
efi = {
efiSysMountPoint = "/boot/";
canTouchEfiVariables = false;
};
};
# Configure audio
})
(mkIf nc.audio {
# Disable normal audio subsystem explicitly
sound.enable = false;
# Turn on rtkit, so that audio processes can be upgraded to real time
security.rtkit.enable = true;
# Turn on pipewire
services.pipewire = {
enable = true;
# Turn on all the emulation layers
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
jack.enable = true;
};
# Turn on bluetooth services
services.blueman.enable = true;
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
# Add pulse audio packages, but do not enable them
environment.systemPackages = with pkgs;[
pulseaudio
pavucontrol
noisetorch
]; ];
hardware.keyboard.zsa.enable = true; # Add noisetorch for microphone noise canceling
# Configure grub if configured programs.noisetorch = {
} // mkIf nc.setupGrub { enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6
## Boot, drivers, and host name
# Use grub
boot.loader = {
grub = {
enable = true;
version = 2;
efiSupport = true;
# Go efi only
devices = [ "nodev" ];
# Use os-prober
useOSProber = true;
}; };
efi = { # Configure fonts
efiSysMountPoint = "/boot/"; })
canTouchEfiVariables = false; (mkIf nc.fonts {
}; fonts.fonts = with pkgs; [
}; ## Monospace Fonts
# Configure audio # FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs
} // mkIf nc.audio { (nerdfonts.override { fonts = [ "FiraCode" ]; })
# Disable normal audio subsystem explicitly fira-code-symbols
sound.enable = false; fira
# Turn on rtkit, so that audio processes can be upgraded to real time # Proportional
security.rtkit.enable = true; roboto
# Turn on pipewire liberation_ttf
services.pipewire = { noto-fonts
enable = true; ];
# Turn on all the emulation layers })
alsa = { ];
enable = true;
support32Bit = true;
};
pulse.enable = true;
jack.enable = true;
};
# Turn on bluetooth services
services.blueman.enable = true;
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
# Add pulse audio packages, but do not enable them
environment.systemPackages = with pkgs;[
pulseaudio
pavucontrol
noisetorch
];
# Add noisetorch for microphone noise canceling
programs.noisetorch = {
enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6
};
# Configure fonts
} // mkIf nc.fonts {
fonts.fonts = with pkgs; [
## Monospace Fonts
# FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs
(nerdfonts.override { fonts = [ "FiraCode" ]; })
fira-code-symbols
fira
# Proportional
roboto
liberation_ttf
noto-fonts
];
};
} }

70
modules/linux/base.nix
View File

@ -1,34 +1,46 @@
{ config, lib, pkgs, inputs, ... }@attrs: { config, lib, pkgs, inputs, ... }@attrs:
with lib; with lib;
{ {
config = mkIf pkgs.stdenv.isLinux config = mkMerge [
({ (mkIf pkgs.stdenv.isLinux
zramSwap = mkIf config.nathan.servics.zramSwap {
{ zramSwap = mkIf config.nathan.services.zramSwap
enable = true; {
algorithm = "lz4"; enable = true;
memoryPercent = 25; algorithm = "lz4";
memoryPercent = 25;
};
nix = mkIf config.nathan.config.nix.autoGC {
autoOptimiseStore = true;
}; };
nix = mkIf config.nathan.config.nix.autoGC { })
autoOptimiseStore = true; (mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
}; (mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) {
} // mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs)) # Use the zen kernel with muqss turned on
// mkIf (config.nathan.config.installUser && pkgs.stdenv.isLinux) boot.kernelPackages =
{ let
# System must be for us :v linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override {
networking.domain = "mccarty.io"; structuredExtraConfig = with lib.kernel; {
} SCHED_MUQSS = yes;
// mkIf };
(config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux) ignoreConfigErrors = true;
{ }
# Auto update daily at 2 am );
system.autoUpgrade = { in
enable = true; linuxZenWMuQSS;
allowReboot = true; })
# Update from the flake (mkIf
flake = "github:nathans-flakes/system"; (config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux)
# Attempt to update daily at 2AM {
dates = "2:00"; # Auto update daily at 2 am
}; system.autoUpgrade = {
}; enable = true;
allowReboot = true;
# Update from the flake
flake = "github:nathans-flakes/system";
# Attempt to update daily at 2AM
dates = "2:00";
};
})
];
} }

124
modules/programs/utils.nix
View File

@ -4,66 +4,70 @@ let
in in
with lib; with lib;
{ {
config = mkIf nathan.programs.utils.core config = mkMerge [
{ (mkIf nathan.programs.utils.core
{
environment.systemPackages = with pkgs; [
# Basic command line utilities
wget
tmux
nano
unzip
any-nix-shell
htop
# Rust rewrites of common shell utilities
starship
exa
bat
fd
sd
du-dust
ripgrep
ripgrep-all
hyperfine
bottom
dogdns
duf
# User friendly cut
choose
# Man but terse
tealdeer
# For nslookup
dnsutils
# Mosh for better high-latency ssh
mosh
# PV for viewing pipes
pv
];
})
(mkIf nathan.programs.utils.productivity {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Basic command line utilities # Feh image viewer
wget feh
tmux tokei
nano # Spell check
unzip hunspell
any-nix-shell hunspellDicts.en-us
htop # CLI Markdown renderer
# Rust rewrites of common shell utilities glow
starship # Command line file manager
exa broot
bat # Much better curl
fd httpie
sd # CLI spreadsheets
du-dust visidata
ripgrep # Cheatsheet manager
ripgrep-all cheat
hyperfine # Ping with a graph
bottom gping
dogdns # Pandoc for documentation
duf pandoc
# User friendly cut
choose
# Man but terse
tealdeer
# For nslookup
dnsutils
# Mosh for better high-latency ssh
mosh
# PV for viewing pipes
pv
]; ];
} // mkIf nathan.programs.utils.productivity { })
environment.systemPackages = with pkgs; [ (mkIf nathan.programs.utils.binfmt {
# Feh image viewer boot.binfmt.emulatedSystems = [
feh "aarch64-linux"
tokei ];
# Spell check })
hunspell ];
hunspellDicts.en-us
# CLI Markdown renderer
glow
# Command line file manager
broot
# Much better curl
httpie
# CLI spreadsheets
visidata
# Cheatsheet manager
cheat
# Ping with a graph
gping
# Pandoc for documentation
pandoc
];
} // mkIf nathan.programs.utils.binfmt {
boot.binfmt.emulatedSystems = [
"aarch64-linux"
];
};
} }

1
modules/services/tailscale.nix
View File

@ -16,6 +16,7 @@ with lib;
# Setup sops # Setup sops
sops.secrets."tailscale-auth" = { sops.secrets."tailscale-auth" = {
sopsFile = ../../secrets/all/tailscale.yaml;
format = "yaml"; format = "yaml";
}; };

2
modules/swaywm.nix
View File

@ -8,7 +8,7 @@ with lib;
# Turn on GDM for login # Turn on GDM for login
services.xserver = { services.xserver = {
enable = true; enable = true;
autorun = true; autorun = false;
displayManager = { displayManager = {
gdm = { gdm = {
enable = true; enable = true;

47
modules/user.nix
View File

@ -8,28 +8,31 @@ with lib; {
# If we install the user and the system is hardended, then disable mutable users # If we install the user and the system is hardended, then disable mutable users
mutableUsers = !(nc.installUser && nc.harden); mutableUsers = !(nc.installUser && nc.harden);
# Configure our user, if enabled # Configure our user, if enabled
users."${nc.user}" = mkIf nc.installUser users."${nc.user}" = mkMerge [
{ (mkIf nc.installUser
# Darwin is special {
home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan"; # Darwin is special
description = "Nathan McCarty"; home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan";
shell = pkgs.fish; description = "Nathan McCarty";
# Linux specific configuration next shell = pkgs.fish;
} // mkIf (nc.installUser && pkgs.stdenv.isLinux) { # Linux specific configuration next
isNormalUser = true; })
extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ]; (mkIf (nc.installUser && pkgs.stdenv.isLinux) {
hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58."; isNormalUser = true;
openssh.authorizedKeys.keys = [ extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ];
# yubikey ssh key hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515" openssh.authorizedKeys.keys = [
# Macbook pro key # yubikey ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"
# Phone key # Macbook pro key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local"
# Tablet key # Phone key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH"
]; # Tablet key
}; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH"
];
})
];
}; };
# If we install the user, enable sudo # If we install the user, enable sudo
security.sudo.enable = mkDefault nc.installUser; security.sudo.enable = mkDefault nc.installUser;

32
modules/virtualization.nix
View File

@ -4,22 +4,27 @@ let
in in
with lib; with lib;
{ {
config = mkIf nc.virtualization.qemu { config = mkMerge [
# Enable the kernel modules (mkIf nc.virtualization.qemu
boot.kernelModules = [ "kvm-amd" "kvm-intel" ]; {
# Enable libvirt # Enable the kernel modules
virtualisation.libvirtd.enable = true; boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
# Install virt-manager # Enable libvirt
environment.systemPackages = with pkgs; [ virtualisation.libvirtd.enable = true;
virtmanager # Install virt-manager
] // mkIf nc.virtualization.docker { environment.systemPackages = with pkgs; [
virtmanager
];
})
(mkIf nc.virtualization.docker {
# Enable docker # Enable docker
virtualisation.docker = { virtualisation.docker = {
enable = true; enable = true;
# Automatically prune to keep things lean # Automatically prune to keep things lean
autoPrune.enable = true; autoPrune.enable = true;
}; };
} // mkIf nc.virtualization.lxc { })
(mkIf nc.virtualization.lxc {
virtualisation.lxd = { virtualisation.lxd = {
enable = true; enable = true;
recommendedSysctlSettings = true; recommendedSysctlSettings = true;
@ -27,7 +32,8 @@ with lib;
users.users.${nc.user} = mkIf nc.installUser { users.users.${nc.user} = mkIf nc.installUser {
extraGroups = [ "lxd" ]; extraGroups = [ "lxd" ];
}; };
} // mkIf nc.virtualization.nixos { })
(mkIf nc.virtualization.nixos {
# Setup networking for nixos containers # Setup networking for nixos containers
networking = { networking = {
nat = { nat = {
@ -35,6 +41,6 @@ with lib;
internalInterfaces = [ "ve-+" ]; internalInterfaces = [ "ve-+" ];
}; };
}; };
}; })
}; ];
} }

0
secrets/backblaze.yaml → secrets/all/backblaze.yaml
View File

0
secrets/nathan.yaml → secrets/all/tailscale.yaml
View File