nix
/
System
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix incorrect merging logic

This commit is contained in:
nathan mccarty 2022-07-02 02:44:43 -04:00
parent 05935584cb
commit d30315a050
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
15 changed files with 490 additions and 415 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@ -7,7 +7,7 @@ keys:
- &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla
- &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
creation_rules:
- path_regex: .*
- path_regex: secrets/all/.*
key_groups:
- age:
- *nathan
@ -16,3 +16,8 @@ creation_rules:
- *perception
- *shadowchild
- *matrix
- path_regex: secrets/levitation
key_groups:
- age:
- *nathan
- *levitation

11
flake.nix
View File

@ -80,7 +80,6 @@
# Setup sops
# Add default secrets
sops = {
defaultSopsFile = ./secrets/nathan.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
};
nixpkgs.config.allowUnfree = true;
@ -131,6 +130,7 @@
config = {
isDesktop = true;
nix.autoUpdate = false;
harden = false;
};
};
# Configure networking
@ -149,14 +149,7 @@
# FIXME borg backup module
# Setup home manager
home-manager.users.nathan = { config, lib, pkgs, ... }: {
# Module configuration
nathan = {
config = {
isDesktop = true;
};
};
};
home-manager.users.nathan = import ./home-manager/machines/levitation.nix;
})
];
};

41
home-manager/machines/levitation.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
{
nathan = {
config = {
isDesktop = true;
};
};
# Sway outputs
wayland.windowManager.sway.config = {
output = {
DP-1 = {
pos = "0 140";
scale = "1";
subpixel = "rgb";
};
DP-3 = {
pos = "2560 0";
scale = "1.25";
subpixel = "rgb";
};
HDMI-A-1 = {
pos = "5632 140";
scale = "1";
subpixel = "rgb";
};
};
startup = [
# GLPaper
{ command = "glpaper DP-1 ${../../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper DP-3 ${../../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper HDMI-A-1 ${../../custom-files/sway/selen.frag} --fork"; }
];
};
# Mako output configuration
programs.mako = {
# Lock mako notifs to main display
output = "DP-3";
};
}

231
home-manager/programs/core.nix
View File

@ -1,126 +1,19 @@
{ config, lib, pkgs, ... }:
let
nathan = config.nathan;
in
with lib;
{
config = {
#########################
## SSH Configuration
#########################
programs.ssh = mkIf nathan.programs.util.ssh {
# SSH configuration
enable = true;
# extra config to set the ciphers
extraConfig = ''
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
'';
# enable session reuse
controlMaster = "auto";
controlPersist = "10m";
# Configure known hosts
matchBlocks = {
"levitation" = {
forwardAgent = true;
user = "nathan";
hostname = "100.95.223.6";
};
"perception" = {
forwardAgent = true;
user = "nathan";
hostname = "100.67.146.101";
};
"oracles" = {
forwardAgent = true;
user = "nathan";
hostname = "100.66.15.34";
};
"tounge" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.98.121";
};
"shadowchild" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.217.149";
};
"matrix.community.rs" = {
forwardAgent = true;
user = "nathan";
hostname = "100.113.74.107";
};
"de1955" = {
user = "de1955";
hostname = "de1955.rsync.net";
};
};
};
#########################
## Fish Configuration
#########################
programs.fish = mkIf nathan.programs.util.fish {
enable = true;
# Setup our aliases
shellAliases = {
ls = "exa --icons";
la = "exa --icons -a";
lg = "exa --icons --git";
cat = "bat";
dig = "dog";
df = "duf";
};
# Custom configuration
interactiveShellInit = ''
# Setup any-nix-shell
any-nix-shell fish --info-right | source
# Load logger function
source ~/.config/fish/functions/cmdlogger.fish
'';
functions = {
# Setup command logging to ~/.logs
cmdlogger = {
onEvent = "fish_preexec";
body = ''
mkdir -p ~/.logs
echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log
'';
};
};
};
programs.starship = mkIf nathan.programs.util.fish {
enable = true;
settings = {
directory = {
truncation_length = 3;
fish_style_pwd_dir_length = 1;
};
git_commit = {
commit_hash_length = 6;
only_detached = false;
};
package = {
symbol = "";
};
time = {
disabled = false;
format = "[$time]($style)";
time_format = "%I:l%M %p";
};
};
};
config = mkMerge [
(mkIf config.nathan.programs.util.git.enable {
#########################
## Git configuration
#########################
programs.git = mkIf nathan.programs.util.git.enable {
programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "Nathan McCarty";
userEmail = "nathan@mccarty.io";
signing = {
key = "B7A40A5D78C08885";
signByDefault = nathan.programs.util.git.gpgSign;
signByDefault = config.nathan.programs.util.git.gpgSign;
};
ignores = [
"**/*~"
@ -200,16 +93,126 @@ with lib;
};
};
};
} // mkIf nathan.programs.util.json {
})
(mkIf config.nathan.programs.util.ssh {
#########################
## SSH Configuration
#########################
programs.ssh = {
# SSH configuration
enable = true;
# extra config to set the ciphers
extraConfig = ''
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
'';
# enable session reuse
controlMaster = "auto";
controlPersist = "10m";
# Configure known hosts
matchBlocks = {
"levitation" = {
forwardAgent = true;
user = "nathan";
hostname = "100.95.223.6";
};
"perception" = {
forwardAgent = true;
user = "nathan";
hostname = "100.67.146.101";
};
"oracles" = {
forwardAgent = true;
user = "nathan";
hostname = "100.66.15.34";
};
"tounge" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.98.121";
};
"shadowchild" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.217.149";
};
"matrix.community.rs" = {
forwardAgent = true;
user = "nathan";
hostname = "100.113.74.107";
};
"de1955" = {
user = "de1955";
hostname = "de1955.rsync.net";
};
};
};
})
(mkIf config.nathan.programs.util.fish {
#########################
## Fish Configuration
#########################
programs.fish = {
enable = true;
# Setup our aliases
shellAliases = {
ls = "exa --icons";
la = "exa --icons -a";
lg = "exa --icons --git";
cat = "bat";
dig = "dog";
df = "duf";
};
# Custom configuration
interactiveShellInit = ''
# Setup any-nix-shell
any-nix-shell fish --info-right | source
# Load logger function
source ~/.config/fish/functions/cmdlogger.fish
'';
functions = {
# Setup command logging to ~/.logs
cmdlogger = {
onEvent = "fish_preexec";
body = ''
mkdir -p ~/.logs
echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log
'';
};
};
};
programs.starship = {
enable = true;
settings = {
directory = {
truncation_length = 3;
fish_style_pwd_dir_length = 1;
};
git_commit = {
commit_hash_length = 6;
only_detached = false;
};
package = {
symbol = "";
};
time = {
disabled = false;
format = "[$time]($style)";
time_format = "%I:%M %p";
};
};
};
})
(mkIf config.nathan.programs.util.json {
#########################
## JSON Utilities
#########################
programs.jq = mkIf nathan.programs.util.json {
programs.jq = {
enable = true;
};
home.packages = with pkgs; [
jc
fx
];
};
})
];
}

15
home-manager/programs/devel.nix
View File

@ -6,7 +6,7 @@ let
in
with lib; with nLib; {
config =
config = mkMerge [
# Core development utilites
(mkIf devel.core {
home.packages = with pkgs;
@ -44,7 +44,7 @@ with lib; with nLib; {
};
})
# Rust development
// (mkIf devel.rust {
(mkIf devel.rust {
home.packages = with pkgs; [
# Rustup for having the compiler around
rustup
@ -68,7 +68,7 @@ with lib; with nLib; {
];
})
# JVM Development
// (mkIf devel.jvm {
(mkIf devel.jvm {
home.packages = with unstable; [
inputs.java.packages."${pkgs.system}".semeru-stable
gradle
@ -79,14 +79,14 @@ with lib; with nLib; {
];
})
# Python Development
// (mkIf devel.python {
(mkIf devel.python {
home.packages = with pkgs; [
python3Full
nodePackages.pyright
];
})
# JavaScript/TypeScript Development
// (mkIf devel.js {
(mkIf devel.js {
home.packages = with unstable; [
nodejs
yarn
@ -95,12 +95,13 @@ with lib; with nLib; {
];
})
# Raku Development
// (mkIf devel.raku {
(mkIf devel.raku {
home.packages = with pkgs; [
rakudo
zef
];
});
})
];
}

3
modules/default.nix
View File

@ -9,6 +9,7 @@ in
./desktop.nix
./swaywm.nix
./hardware.nix
./virtualization.nix
./programs/games.nix
./programs/gpg.nix
./programs/utils.nix
@ -81,7 +82,7 @@ in
harden = mkEnableOptionT "Apply system hardening";
# Enable audio subsystem
# On by default if the system is a desktop
audio = mkDefaultOption "audio" config.nathan.conifg.isDesktop;
audio = mkDefaultOption "audio" config.nathan.config.isDesktop;
# Basic grub configuration
# Off by default
setupGrub = mkEnableOption "Setup grub";

15
modules/desktop.nix
View File

@ -4,7 +4,8 @@ let
in
with lib; {
# Generic desktop configuration
config = mkIf nc.isDesktop
config = mkMerge [
(mkIf nc.isDesktop
{
# Ergodox
environment.systemPackages = with pkgs; [
@ -12,7 +13,8 @@ with lib; {
];
hardware.keyboard.zsa.enable = true;
# Configure grub if configured
} // mkIf nc.setupGrub {
})
(mkIf nc.setupGrub {
## Boot, drivers, and host name
# Use grub
boot.loader = {
@ -31,7 +33,8 @@ with lib; {
};
};
# Configure audio
} // mkIf nc.audio {
})
(mkIf nc.audio {
# Disable normal audio subsystem explicitly
sound.enable = false;
# Turn on rtkit, so that audio processes can be upgraded to real time
@ -64,7 +67,8 @@ with lib; {
enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6
};
# Configure fonts
} // mkIf nc.fonts {
})
(mkIf nc.fonts {
fonts.fonts = with pkgs; [
## Monospace Fonts
# FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs
@ -76,5 +80,6 @@ with lib; {
liberation_ttf
noto-fonts
];
};
})
];
}

32
modules/linux/base.nix
View File

@ -1,9 +1,10 @@
{ config, lib, pkgs, inputs, ... }@attrs:
with lib;
{
config = mkIf pkgs.stdenv.isLinux
({
zramSwap = mkIf config.nathan.servics.zramSwap
config = mkMerge [
(mkIf pkgs.stdenv.isLinux
{
zramSwap = mkIf config.nathan.services.zramSwap
{
enable = true;
algorithm = "lz4";
@ -12,13 +13,23 @@ with lib;
nix = mkIf config.nathan.config.nix.autoGC {
autoOptimiseStore = true;
};
} // mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
// mkIf (config.nathan.config.installUser && pkgs.stdenv.isLinux)
{
# System must be for us :v
networking.domain = "mccarty.io";
})
(mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
(mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) {
# Use the zen kernel with muqss turned on
boot.kernelPackages =
let
linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override {
structuredExtraConfig = with lib.kernel; {
SCHED_MUQSS = yes;
};
ignoreConfigErrors = true;
}
// mkIf
);
in
linuxZenWMuQSS;
})
(mkIf
(config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux)
{
# Auto update daily at 2 am
@ -30,5 +41,6 @@ with lib;
# Attempt to update daily at 2AM
dates = "2:00";
};
};
})
];
}

12
modules/programs/utils.nix
View File

@ -4,7 +4,8 @@ let
in
with lib;
{
config = mkIf nathan.programs.utils.core
config = mkMerge [
(mkIf nathan.programs.utils.core
{
environment.systemPackages = with pkgs; [
# Basic command line utilities
@ -38,7 +39,8 @@ with lib;
# PV for viewing pipes
pv
];
} // mkIf nathan.programs.utils.productivity {
})
(mkIf nathan.programs.utils.productivity {
environment.systemPackages = with pkgs; [
# Feh image viewer
feh
@ -61,9 +63,11 @@ with lib;
# Pandoc for documentation
pandoc
];
} // mkIf nathan.programs.utils.binfmt {
})
(mkIf nathan.programs.utils.binfmt {
boot.binfmt.emulatedSystems = [
"aarch64-linux"
];
};
})
];
}

1
modules/services/tailscale.nix
View File

@ -16,6 +16,7 @@ with lib;
# Setup sops
sops.secrets."tailscale-auth" = {
sopsFile = ../../secrets/all/tailscale.yaml;
format = "yaml";
};

2
modules/swaywm.nix
View File

@ -8,7 +8,7 @@ with lib;
# Turn on GDM for login
services.xserver = {
enable = true;
autorun = true;
autorun = false;
displayManager = {
gdm = {
enable = true;

9
modules/user.nix
View File

@ -8,14 +8,16 @@ with lib; {
# If we install the user and the system is hardended, then disable mutable users
mutableUsers = !(nc.installUser && nc.harden);
# Configure our user, if enabled
users."${nc.user}" = mkIf nc.installUser
users."${nc.user}" = mkMerge [
(mkIf nc.installUser
{
# Darwin is special
home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan";
description = "Nathan McCarty";
shell = pkgs.fish;
# Linux specific configuration next
} // mkIf (nc.installUser && pkgs.stdenv.isLinux) {
})
(mkIf (nc.installUser && pkgs.stdenv.isLinux) {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ];
hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
@ -29,7 +31,8 @@ with lib; {
# Tablet key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH"
];
};
})
];
};
# If we install the user, enable sudo
security.sudo.enable = mkDefault nc.installUser;

18
modules/virtualization.nix
View File

@ -4,7 +4,9 @@ let
in
with lib;
{
config = mkIf nc.virtualization.qemu {
config = mkMerge [
(mkIf nc.virtualization.qemu
{
# Enable the kernel modules
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
# Enable libvirt
@ -12,14 +14,17 @@ with lib;
# Install virt-manager
environment.systemPackages = with pkgs; [
virtmanager
] // mkIf nc.virtualization.docker {
];
})
(mkIf nc.virtualization.docker {
# Enable docker
virtualisation.docker = {
enable = true;
# Automatically prune to keep things lean
autoPrune.enable = true;
};
} // mkIf nc.virtualization.lxc {
})
(mkIf nc.virtualization.lxc {
virtualisation.lxd = {
enable = true;
recommendedSysctlSettings = true;
@ -27,7 +32,8 @@ with lib;
users.users.${nc.user} = mkIf nc.installUser {
extraGroups = [ "lxd" ];
};
} // mkIf nc.virtualization.nixos {
})
(mkIf nc.virtualization.nixos {
# Setup networking for nixos containers
networking = {
nat = {
@ -35,6 +41,6 @@ with lib;
internalInterfaces = [ "ve-+" ];
};
};
};
};
})
];
}

0
secrets/backblaze.yaml → secrets/all/backblaze.yaml
View File

0
secrets/nathan.yaml → secrets/all/tailscale.yaml
View File