nix
/
System
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix incorrect merging logic

This commit is contained in:
nathan mccarty 2022-07-02 02:44:43 -04:00
parent 05935584cb
commit d30315a050
Signed by: thatonelutenist
GPG Key ID: D70DA3DD4D1E9F96
15 changed files with 490 additions and 415 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@ -7,7 +7,7 @@ keys:
- &shadowchild age10zd0y2zpty2z39sh2qe66yuu9jd6hrcd3ag2wqtjp8tc579nmphsymhdla
- &matrix age1pm647k04hhwm2dmqh07hnzflkurfevefcyf8xlhmc83a07n77e3sltyt0d
creation_rules:
- path_regex: .*
- path_regex: secrets/all/.*
key_groups:
- age:
- *nathan
@ -16,3 +16,8 @@ creation_rules:
- *perception
- *shadowchild
- *matrix
- path_regex: secrets/levitation
key_groups:
- age:
- *nathan
- *levitation

11
flake.nix
View File

@ -80,7 +80,6 @@
# Setup sops
# Add default secrets
sops = {
defaultSopsFile = ./secrets/nathan.yaml;
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
};
nixpkgs.config.allowUnfree = true;
@ -131,6 +130,7 @@
config = {
isDesktop = true;
nix.autoUpdate = false;
harden = false;
};
};
# Configure networking
@ -149,14 +149,7 @@
# FIXME borg backup module
# Setup home manager
home-manager.users.nathan = { config, lib, pkgs, ... }: {
# Module configuration
nathan = {
config = {
isDesktop = true;
};
};
};
home-manager.users.nathan = import ./home-manager/machines/levitation.nix;
})
];
};

41
home-manager/machines/levitation.nix Normal file
View File

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
{
nathan = {
config = {
isDesktop = true;
};
};
# Sway outputs
wayland.windowManager.sway.config = {
output = {
DP-1 = {
pos = "0 140";
scale = "1";
subpixel = "rgb";
};
DP-3 = {
pos = "2560 0";
scale = "1.25";
subpixel = "rgb";
};
HDMI-A-1 = {
pos = "5632 140";
scale = "1";
subpixel = "rgb";
};
};
startup = [
# GLPaper
{ command = "glpaper DP-1 ${../../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper DP-3 ${../../custom-files/sway/selen.frag} --fork"; }
{ command = "glpaper HDMI-A-1 ${../../custom-files/sway/selen.frag} --fork"; }
];
};
# Mako output configuration
programs.mako = {
# Lock mako notifs to main display
output = "DP-3";
};
}

405
home-manager/programs/core.nix
View File

@ -1,215 +1,218 @@
{ config, lib, pkgs, ... }:
let
nathan = config.nathan;
in
with lib;
{
config = {
#########################
## SSH Configuration
#########################
programs.ssh = mkIf nathan.programs.util.ssh {
# SSH configuration
enable = true;
# extra config to set the ciphers
extraConfig = ''
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
'';
# enable session reuse
controlMaster = "auto";
controlPersist = "10m";
# Configure known hosts
matchBlocks = {
"levitation" = {
forwardAgent = true;
user = "nathan";
hostname = "100.95.223.6";
config = mkMerge [
(mkIf config.nathan.programs.util.git.enable {
#########################
## Git configuration
#########################
programs.git = {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "Nathan McCarty";
userEmail = "nathan@mccarty.io";
signing = {
key = "B7A40A5D78C08885";
signByDefault = config.nathan.programs.util.git.gpgSign;
};
"perception" = {
forwardAgent = true;
user = "nathan";
hostname = "100.67.146.101";
};
"oracles" = {
forwardAgent = true;
user = "nathan";
hostname = "100.66.15.34";
};
"tounge" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.98.121";
};
"shadowchild" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.217.149";
};
"matrix.community.rs" = {
forwardAgent = true;
user = "nathan";
hostname = "100.113.74.107";
};
"de1955" = {
user = "de1955";
hostname = "de1955.rsync.net";
ignores = [
"**/*~"
"*~"
"*_archive"
"/auto/"
"auto-save-list"
".cask/"
".dir-locals.el"
"dist/"
"**/.DS_Store"
"*.elc"
"/elpa/"
"/.emacs.desktop"
"/.emacs.desktop.lock"
"/eshell/history"
"/eshell/lastdir"
"flycheck_*.el"
"*_flymake.*"
"/network-security.data"
".org-id-locations"
".persp"
".projectile"
"*.rel"
"/server/"
"tramp"
"\\#*\\#"
];
delta.enable = true;
lfs.enable = true;
extraConfig = {
init = {
defaultBranch = "trunk";
};
log = {
showSignature = true;
abbrevCommit = true;
follow = true;
decorate = false;
};
rerere = {
enable = true;
autoupdate = true;
};
merge = {
ff = "only";
conflictstyle = "diff3";
};
push = {
default = "simple";
followTags = true;
};
pull = {
rebase = true;
};
status = {
showUntrackedFiles = "all";
};
transfer = {
fsckobjects = true;
};
color = {
ui = "auto";
};
diff = {
mnemonicPrefix = true;
renames = true;
wordRegex = ".";
submodule = "log";
};
credential = {
helper = "cache";
};
# Disable annoying safe directory nonsense
safe = {
directory = "*";
};
};
};
};
#########################
## Fish Configuration
#########################
programs.fish = mkIf nathan.programs.util.fish {
enable = true;
# Setup our aliases
shellAliases = {
ls = "exa --icons";
la = "exa --icons -a";
lg = "exa --icons --git";
cat = "bat";
dig = "dog";
df = "duf";
};
# Custom configuration
interactiveShellInit = ''
# Setup any-nix-shell
any-nix-shell fish --info-right | source
# Load logger function
source ~/.config/fish/functions/cmdlogger.fish
'';
functions = {
# Setup command logging to ~/.logs
cmdlogger = {
onEvent = "fish_preexec";
body = ''
mkdir -p ~/.logs
echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log
'';
})
(mkIf config.nathan.programs.util.ssh {
#########################
## SSH Configuration
#########################
programs.ssh = {
# SSH configuration
enable = true;
# extra config to set the ciphers
extraConfig = ''
Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
'';
# enable session reuse
controlMaster = "auto";
controlPersist = "10m";
# Configure known hosts
matchBlocks = {
"levitation" = {
forwardAgent = true;
user = "nathan";
hostname = "100.95.223.6";
};
"perception" = {
forwardAgent = true;
user = "nathan";
hostname = "100.67.146.101";
};
"oracles" = {
forwardAgent = true;
user = "nathan";
hostname = "100.66.15.34";
};
"tounge" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.98.121";
};
"shadowchild" = {
forwardAgent = true;
user = "nathan";
hostname = "172.23.217.149";
};
"matrix.community.rs" = {
forwardAgent = true;
user = "nathan";
hostname = "100.113.74.107";
};
"de1955" = {
user = "de1955";
hostname = "de1955.rsync.net";
};
};
};
};
programs.starship = mkIf nathan.programs.util.fish {
enable = true;
settings = {
directory = {
truncation_length = 3;
fish_style_pwd_dir_length = 1;
})
(mkIf config.nathan.programs.util.fish {
#########################
## Fish Configuration
#########################
programs.fish = {
enable = true;
# Setup our aliases
shellAliases = {
ls = "exa --icons";
la = "exa --icons -a";
lg = "exa --icons --git";
cat = "bat";
dig = "dog";
df = "duf";
};
git_commit = {
commit_hash_length = 6;
only_detached = false;
};
package = {
symbol = "";
};
time = {
disabled = false;
format = "[$time]($style)";
time_format = "%I:l%M %p";
# Custom configuration
interactiveShellInit = ''
# Setup any-nix-shell
any-nix-shell fish --info-right | source
# Load logger function
source ~/.config/fish/functions/cmdlogger.fish
'';
functions = {
# Setup command logging to ~/.logs
cmdlogger = {
onEvent = "fish_preexec";
body = ''
mkdir -p ~/.logs
echo (date -u +"%Y-%m-%dT%H:%M:%SZ")" "(echo %self)" "(pwd)": "$argv >> ~/.logs/(hostname)-(date "+%Y-%m-%d").log
'';
};
};
};
};
#########################
## Git configuration
#########################
programs.git = mkIf nathan.programs.util.git.enable {
enable = true;
package = pkgs.gitAndTools.gitFull;
userName = "Nathan McCarty";
userEmail = "nathan@mccarty.io";
signing = {
key = "B7A40A5D78C08885";
signByDefault = nathan.programs.util.git.gpgSign;
programs.starship = {
enable = true;
settings = {
directory = {
truncation_length = 3;
fish_style_pwd_dir_length = 1;
};
git_commit = {
commit_hash_length = 6;
only_detached = false;
};
package = {
symbol = "";
};
time = {
disabled = false;
format = "[$time]($style)";
time_format = "%I:%M %p";
};
};
};
ignores = [
"**/*~"
"*~"
"*_archive"
"/auto/"
"auto-save-list"
".cask/"
".dir-locals.el"
"dist/"
"**/.DS_Store"
"*.elc"
"/elpa/"
"/.emacs.desktop"
"/.emacs.desktop.lock"
"/eshell/history"
"/eshell/lastdir"
"flycheck_*.el"
"*_flymake.*"
"/network-security.data"
".org-id-locations"
".persp"
".projectile"
"*.rel"
"/server/"
"tramp"
"\\#*\\#"
})
(mkIf config.nathan.programs.util.json {
#########################
## JSON Utilities
#########################
programs.jq = {
enable = true;
};
home.packages = with pkgs; [
jc
fx
];
delta.enable = true;
lfs.enable = true;
extraConfig = {
init = {
defaultBranch = "trunk";
};
log = {
showSignature = true;
abbrevCommit = true;
follow = true;
decorate = false;
};
rerere = {
enable = true;
autoupdate = true;
};
merge = {
ff = "only";
conflictstyle = "diff3";
};
push = {
default = "simple";
followTags = true;
};
pull = {
rebase = true;
};
status = {
showUntrackedFiles = "all";
};
transfer = {
fsckobjects = true;
};
color = {
ui = "auto";
};
diff = {
mnemonicPrefix = true;
renames = true;
wordRegex = ".";
submodule = "log";
};
credential = {
helper = "cache";
};
# Disable annoying safe directory nonsense
safe = {
directory = "*";
};
};
};
} // mkIf nathan.programs.util.json {
#########################
## JSON Utilities
#########################
programs.jq = mkIf nathan.programs.util.json {
enable = true;
};
home.packages = with pkgs; [
jc
fx
];
};
})
];
}

15
home-manager/programs/devel.nix
View File

@ -6,7 +6,7 @@ let
in
with lib; with nLib; {
config =
config = mkMerge [
# Core development utilites
(mkIf devel.core {
home.packages = with pkgs;
@ -44,7 +44,7 @@ with lib; with nLib; {
};
})
# Rust development
// (mkIf devel.rust {
(mkIf devel.rust {
home.packages = with pkgs; [
# Rustup for having the compiler around
rustup
@ -68,7 +68,7 @@ with lib; with nLib; {
];
})
# JVM Development
// (mkIf devel.jvm {
(mkIf devel.jvm {
home.packages = with unstable; [
inputs.java.packages."${pkgs.system}".semeru-stable
gradle
@ -79,14 +79,14 @@ with lib; with nLib; {
];
})
# Python Development
// (mkIf devel.python {
(mkIf devel.python {
home.packages = with pkgs; [
python3Full
nodePackages.pyright
];
})
# JavaScript/TypeScript Development
// (mkIf devel.js {
(mkIf devel.js {
home.packages = with unstable; [
nodejs
yarn
@ -95,12 +95,13 @@ with lib; with nLib; {
];
})
# Raku Development
// (mkIf devel.raku {
(mkIf devel.raku {
home.packages = with pkgs; [
rakudo
zef
];
});
})
];
}

3
modules/default.nix
View File

@ -9,6 +9,7 @@ in
./desktop.nix
./swaywm.nix
./hardware.nix
./virtualization.nix
./programs/games.nix
./programs/gpg.nix
./programs/utils.nix
@ -81,7 +82,7 @@ in
harden = mkEnableOptionT "Apply system hardening";
# Enable audio subsystem
# On by default if the system is a desktop
audio = mkDefaultOption "audio" config.nathan.conifg.isDesktop;
audio = mkDefaultOption "audio" config.nathan.config.isDesktop;
# Basic grub configuration
# Off by default
setupGrub = mkEnableOption "Setup grub";

147
modules/desktop.nix
View File

@ -4,77 +4,82 @@ let
in
with lib; {
# Generic desktop configuration
config = mkIf nc.isDesktop
{
# Ergodox
environment.systemPackages = with pkgs; [
wally-cli
config = mkMerge [
(mkIf nc.isDesktop
{
# Ergodox
environment.systemPackages = with pkgs; [
wally-cli
];
hardware.keyboard.zsa.enable = true;
# Configure grub if configured
})
(mkIf nc.setupGrub {
## Boot, drivers, and host name
# Use grub
boot.loader = {
grub = {
enable = true;
version = 2;
efiSupport = true;
# Go efi only
devices = [ "nodev" ];
# Use os-prober
useOSProber = true;
};
efi = {
efiSysMountPoint = "/boot/";
canTouchEfiVariables = false;
};
};
# Configure audio
})
(mkIf nc.audio {
# Disable normal audio subsystem explicitly
sound.enable = false;
# Turn on rtkit, so that audio processes can be upgraded to real time
security.rtkit.enable = true;
# Turn on pipewire
services.pipewire = {
enable = true;
# Turn on all the emulation layers
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
jack.enable = true;
};
# Turn on bluetooth services
services.blueman.enable = true;
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
# Add pulse audio packages, but do not enable them
environment.systemPackages = with pkgs;[
pulseaudio
pavucontrol
noisetorch
];
hardware.keyboard.zsa.enable = true;
# Configure grub if configured
} // mkIf nc.setupGrub {
## Boot, drivers, and host name
# Use grub
boot.loader = {
grub = {
enable = true;
version = 2;
efiSupport = true;
# Go efi only
devices = [ "nodev" ];
# Use os-prober
useOSProber = true;
# Add noisetorch for microphone noise canceling
programs.noisetorch = {
enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6
};
efi = {
efiSysMountPoint = "/boot/";
canTouchEfiVariables = false;
};
};
# Configure audio
} // mkIf nc.audio {
# Disable normal audio subsystem explicitly
sound.enable = false;
# Turn on rtkit, so that audio processes can be upgraded to real time
security.rtkit.enable = true;
# Turn on pipewire
services.pipewire = {
enable = true;
# Turn on all the emulation layers
alsa = {
enable = true;
support32Bit = true;
};
pulse.enable = true;
jack.enable = true;
};
# Turn on bluetooth services
services.blueman.enable = true;
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
};
# Add pulse audio packages, but do not enable them
environment.systemPackages = with pkgs;[
pulseaudio
pavucontrol
noisetorch
];
# Add noisetorch for microphone noise canceling
programs.noisetorch = {
enable = true; # TODO: https://github.com/noisetorch/NoiseTorch/releases/tag/0.11.6
};
# Configure fonts
} // mkIf nc.fonts {
fonts.fonts = with pkgs; [
## Monospace Fonts
# FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs
(nerdfonts.override { fonts = [ "FiraCode" ]; })
fira-code-symbols
fira
# Proportional
roboto
liberation_ttf
noto-fonts
];
};
# Configure fonts
})
(mkIf nc.fonts {
fonts.fonts = with pkgs; [
## Monospace Fonts
# FiraCode with nerd-fonts patch, as well as fira-code symbols for emacs
(nerdfonts.override { fonts = [ "FiraCode" ]; })
fira-code-symbols
fira
# Proportional
roboto
liberation_ttf
noto-fonts
];
})
];
}

70
modules/linux/base.nix
View File

@ -1,34 +1,46 @@
{ config, lib, pkgs, inputs, ... }@attrs:
with lib;
{
config = mkIf pkgs.stdenv.isLinux
({
zramSwap = mkIf config.nathan.servics.zramSwap
{
enable = true;
algorithm = "lz4";
memoryPercent = 25;
config = mkMerge [
(mkIf pkgs.stdenv.isLinux
{
zramSwap = mkIf config.nathan.services.zramSwap
{
enable = true;
algorithm = "lz4";
memoryPercent = 25;
};
nix = mkIf config.nathan.config.nix.autoGC {
autoOptimiseStore = true;
};
nix = mkIf config.nathan.config.nix.autoGC {
autoOptimiseStore = true;
};
} // mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
// mkIf (config.nathan.config.installUser && pkgs.stdenv.isLinux)
{
# System must be for us :v
networking.domain = "mccarty.io";
}
// mkIf
(config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux)
{
# Auto update daily at 2 am
system.autoUpgrade = {
enable = true;
allowReboot = true;
# Update from the flake
flake = "github:nathans-flakes/system";
# Attempt to update daily at 2AM
dates = "2:00";
};
};
})
(mkIf config.nathan.config.harden (import "${inputs.nixpkgs}/nixos/modules/profiles/hardened.nix" attrs))
(mkIf ((! config.nathan.config.harden) && config.nathan.config.isDesktop) {
# Use the zen kernel with muqss turned on
boot.kernelPackages =
let
linuxZenWMuQSS = pkgs.linuxPackagesFor (pkgs.linuxPackages_zen.kernel.override {
structuredExtraConfig = with lib.kernel; {
SCHED_MUQSS = yes;
};
ignoreConfigErrors = true;
}
);
in
linuxZenWMuQSS;
})
(mkIf
(config.nathan.config.nix.autoUpdate && pkgs.stdenv.isLinux)
{
# Auto update daily at 2 am
system.autoUpgrade = {
enable = true;
allowReboot = true;
# Update from the flake
flake = "github:nathans-flakes/system";
# Attempt to update daily at 2AM
dates = "2:00";
};
})
];
}

124
modules/programs/utils.nix
View File

@ -4,66 +4,70 @@ let
in
with lib;
{
config = mkIf nathan.programs.utils.core
{
config = mkMerge [
(mkIf nathan.programs.utils.core
{
environment.systemPackages = with pkgs; [
# Basic command line utilities
wget
tmux
nano
unzip
any-nix-shell
htop
# Rust rewrites of common shell utilities
starship
exa
bat
fd
sd
du-dust
ripgrep
ripgrep-all
hyperfine
bottom
dogdns
duf
# User friendly cut
choose
# Man but terse
tealdeer
# For nslookup
dnsutils
# Mosh for better high-latency ssh
mosh
# PV for viewing pipes
pv
];
})
(mkIf nathan.programs.utils.productivity {
environment.systemPackages = with pkgs; [
# Basic command line utilities
wget
tmux
nano
unzip
any-nix-shell
htop
# Rust rewrites of common shell utilities
starship
exa
bat
fd
sd
du-dust
ripgrep
ripgrep-all
hyperfine
bottom
dogdns
duf
# User friendly cut
choose
# Man but terse
tealdeer
# For nslookup
dnsutils
# Mosh for better high-latency ssh
mosh
# PV for viewing pipes
pv
# Feh image viewer
feh
tokei
# Spell check
hunspell
hunspellDicts.en-us
# CLI Markdown renderer
glow
# Command line file manager
broot
# Much better curl
httpie
# CLI spreadsheets
visidata
# Cheatsheet manager
cheat
# Ping with a graph
gping
# Pandoc for documentation
pandoc
];
} // mkIf nathan.programs.utils.productivity {
environment.systemPackages = with pkgs; [
# Feh image viewer
feh
tokei
# Spell check
hunspell
hunspellDicts.en-us
# CLI Markdown renderer
glow
# Command line file manager
broot
# Much better curl
httpie
# CLI spreadsheets
visidata
# Cheatsheet manager
cheat
# Ping with a graph
gping
# Pandoc for documentation
pandoc
];
} // mkIf nathan.programs.utils.binfmt {
boot.binfmt.emulatedSystems = [
"aarch64-linux"
];
};
})
(mkIf nathan.programs.utils.binfmt {
boot.binfmt.emulatedSystems = [
"aarch64-linux"
];
})
];
}

1
modules/services/tailscale.nix
View File

@ -16,6 +16,7 @@ with lib;
# Setup sops
sops.secrets."tailscale-auth" = {
sopsFile = ../../secrets/all/tailscale.yaml;
format = "yaml";
};

2
modules/swaywm.nix
View File

@ -8,7 +8,7 @@ with lib;
# Turn on GDM for login
services.xserver = {
enable = true;
autorun = true;
autorun = false;
displayManager = {
gdm = {
enable = true;

47
modules/user.nix
View File

@ -8,28 +8,31 @@ with lib; {
# If we install the user and the system is hardended, then disable mutable users
mutableUsers = !(nc.installUser && nc.harden);
# Configure our user, if enabled
users."${nc.user}" = mkIf nc.installUser
{
# Darwin is special
home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan";
description = "Nathan McCarty";
shell = pkgs.fish;
# Linux specific configuration next
} // mkIf (nc.installUser && pkgs.stdenv.isLinux) {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ];
hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
openssh.authorizedKeys.keys = [
# yubikey ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"
# Macbook pro key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local"
# Phone key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH"
# Tablet key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH"
];
};
users."${nc.user}" = mkMerge [
(mkIf nc.installUser
{
# Darwin is special
home = if pkgs.stdenv.isDarwin then "/Users/nathan" else "/home/nathan";
description = "Nathan McCarty";
shell = pkgs.fish;
# Linux specific configuration next
})
(mkIf (nc.installUser && pkgs.stdenv.isLinux) {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "audio" "docker" "libvirtd" "uinput" "adbusers" "plugdev" ];
hashedPassword = "$6$ShBAPGwzKZuB7eEv$cbb3erUqtVGFo/Vux9UwT2NkbVG9VGCxJxPiZFYL0DIc3t4GpYxjkM0M7fFnh.6V8MoSKLM/TvOtzdWbYwI58.";
openssh.authorizedKeys.keys = [
# yubikey ssh key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"
# Macbook pro key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGBfkO7kq37RQMT8UE8zQt/vP4Ub7kizLw6niToJwAIe nathan@Nathans-MacBook-Pro.local"
# Phone key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7KmG/eFm3hgTx7GBB5jNrV/yryg5C6xcgCxFQhn+o JuiceSSH"
# Tablet key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd+LlxJnluU0xvIMRIz74iypKfcSpQ5/7y2SB4c6SFY JuiceSSH"
];
})
];
};
# If we install the user, enable sudo
security.sudo.enable = mkDefault nc.installUser;

32
modules/virtualization.nix
View File

@ -4,22 +4,27 @@ let
in
with lib;
{
config = mkIf nc.virtualization.qemu {
# Enable the kernel modules
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
# Enable libvirt
virtualisation.libvirtd.enable = true;
# Install virt-manager
environment.systemPackages = with pkgs; [
virtmanager
] // mkIf nc.virtualization.docker {
config = mkMerge [
(mkIf nc.virtualization.qemu
{
# Enable the kernel modules
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
# Enable libvirt
virtualisation.libvirtd.enable = true;
# Install virt-manager
environment.systemPackages = with pkgs; [
virtmanager
];
})
(mkIf nc.virtualization.docker {
# Enable docker
virtualisation.docker = {
enable = true;
# Automatically prune to keep things lean
autoPrune.enable = true;
};
} // mkIf nc.virtualization.lxc {
})
(mkIf nc.virtualization.lxc {
virtualisation.lxd = {
enable = true;
recommendedSysctlSettings = true;
@ -27,7 +32,8 @@ with lib;
users.users.${nc.user} = mkIf nc.installUser {
extraGroups = [ "lxd" ];
};
} // mkIf nc.virtualization.nixos {
})
(mkIf nc.virtualization.nixos {
# Setup networking for nixos containers
networking = {
nat = {
@ -35,6 +41,6 @@ with lib;
internalInterfaces = [ "ve-+" ];
};
};
};
};
})
];
}

0
secrets/backblaze.yaml → secrets/all/backblaze.yaml
View File

0
secrets/nathan.yaml → secrets/all/tailscale.yaml
View File