diff options
| -rw-r--r-- | dev.nix (renamed from parts/dev.nix) | 3 | ||||
| -rw-r--r-- | flake.nix | 15 | ||||
| -rw-r--r-- | modules/darwin/base.nix | 17 | ||||
| -rw-r--r-- | modules/darwin/default.nix | 6 | ||||
| -rw-r--r-- | modules/darwin/desktop.nix | 30 | ||||
| -rw-r--r-- | modules/default.nix | 6 | ||||
| -rw-r--r-- | modules/nixos/base.nix | 103 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 12 | ||||
| -rw-r--r-- | modules/nixos/desktop/budgie/default.nix | 44 | ||||
| -rw-r--r-- | modules/nixos/desktop/default.nix | 56 | ||||
| -rw-r--r-- | modules/nixos/desktop/gnome/default.nix | 29 | ||||
| -rw-r--r-- | modules/nixos/desktop/plasma/default.nix | 17 | ||||
| -rw-r--r-- | modules/nixos/features/tailscale.nix (renamed from parts/modules/nixos/features/tailscale.nix) | 20 | ||||
| -rw-r--r-- | modules/nixos/features/virtualisation.nix (renamed from parts/modules/nixos/features/virtualisation.nix) | 0 | ||||
| -rw-r--r-- | modules/nixos/hardware/default.nix | 8 | ||||
| -rw-r--r-- | modules/nixos/hardware/nvidia.nix (renamed from parts/modules/nixos/hardware/nvidia.nix) | 2 | ||||
| -rw-r--r-- | modules/nixos/hardware/ssd.nix (renamed from parts/modules/nixos/hardware/ssd.nix) | 1 | ||||
| -rw-r--r-- | modules/nixos/server/acme.nix | 14 | ||||
| -rw-r--r-- | modules/nixos/server/default.nix | 39 | ||||
| -rw-r--r-- | modules/nixos/server/secrets.nix | 12 | ||||
| -rw-r--r-- | modules/nixos/services/cloudflared.nix (renamed from parts/modules/nixos/server/services/cloudflared.nix) | 3 | ||||
| -rw-r--r-- | modules/nixos/services/default.nix (renamed from parts/modules/nixos/server/services/default.nix) | 2 | ||||
| -rw-r--r-- | modules/nixos/services/hercules.nix (renamed from parts/modules/nixos/server/services/hercules.nix) | 50 | ||||
| -rw-r--r-- | modules/nixos/services/promtail.nix (renamed from parts/modules/nixos/server/services/promtail.nix) | 0 | ||||
| -rw-r--r-- | modules/shared/default.nix | 8 | ||||
| -rw-r--r-- | modules/shared/nix.nix | 33 | ||||
| -rw-r--r-- | overlays/btop.nix (renamed from parts/overlays/btop.nix) | 0 | ||||
| -rw-r--r-- | overlays/default.nix (renamed from parts/overlays/default.nix) | 0 | ||||
| -rw-r--r-- | overlays/discord.nix (renamed from parts/overlays/discord.nix) | 0 | ||||
| -rw-r--r-- | overlays/fish.nix (renamed from parts/overlays/fish.nix) | 0 | ||||
| -rw-r--r-- | parts/default.nix | 17 | ||||
| -rw-r--r-- | parts/lib/configs.nix | 44 | ||||
| -rw-r--r-- | parts/lib/default.nix | 8 | ||||
| -rw-r--r-- | parts/lib/utils/nginx.nix | 22 | ||||
| -rw-r--r-- | parts/modules/darwin/base/default.nix | 32 | ||||
| -rw-r--r-- | parts/modules/darwin/base/nix.nix | 18 | ||||
| -rw-r--r-- | parts/modules/darwin/base/packages.nix | 12 | ||||
| -rw-r--r-- | parts/modules/darwin/default.nix | 6 | ||||
| -rw-r--r-- | parts/modules/darwin/desktop/default.nix | 27 | ||||
| -rw-r--r-- | parts/modules/darwin/desktop/homebrew.nix | 36 | ||||
| -rw-r--r-- | parts/modules/default.nix | 6 | ||||
| -rw-r--r-- | parts/modules/nixos/base/default.nix | 34 | ||||
| -rw-r--r-- | parts/modules/nixos/base/documentation.nix | 21 | ||||
| -rw-r--r-- | parts/modules/nixos/base/locale.nix | 18 | ||||
| -rw-r--r-- | parts/modules/nixos/base/network.nix | 26 | ||||
| -rw-r--r-- | parts/modules/nixos/base/nix.nix | 24 | ||||
| -rw-r--r-- | parts/modules/nixos/base/packages.nix | 15 | ||||
| -rw-r--r-- | parts/modules/nixos/base/root.nix | 26 | ||||
| -rw-r--r-- | parts/modules/nixos/base/security.nix | 27 | ||||
| -rw-r--r-- | parts/modules/nixos/base/systemd.nix | 7 | ||||
| -rw-r--r-- | parts/modules/nixos/base/upgrade-diff.nix | 12 | ||||
| -rw-r--r-- | parts/modules/nixos/default.nix | 7 | ||||
| -rw-r--r-- | parts/modules/nixos/desktop/audio.nix | 23 | ||||
| -rw-r--r-- | parts/modules/nixos/desktop/budgie/default.nix | 58 | ||||
| -rw-r--r-- | parts/modules/nixos/desktop/default.nix | 41 | ||||
| -rw-r--r-- | parts/modules/nixos/desktop/fonts.nix | 37 | ||||
| -rw-r--r-- | parts/modules/nixos/desktop/gnome/default.nix | 38 | ||||
| -rw-r--r-- | parts/modules/nixos/desktop/plasma/default.nix | 31 | ||||
| -rw-r--r-- | parts/modules/nixos/hardware/default.nix | 19 | ||||
| -rw-r--r-- | parts/modules/nixos/server/acme.nix | 26 | ||||
| -rw-r--r-- | parts/modules/nixos/server/default.nix | 47 | ||||
| -rw-r--r-- | parts/modules/nixos/server/secrets.nix | 25 | ||||
| -rw-r--r-- | parts/modules/shared/base/default.nix | 8 | ||||
| -rw-r--r-- | parts/modules/shared/base/documentation.nix | 14 | ||||
| -rw-r--r-- | parts/modules/shared/base/locale.nix | 14 | ||||
| -rw-r--r-- | parts/modules/shared/base/nix.nix | 42 | ||||
| -rw-r--r-- | parts/modules/shared/base/packages.nix | 21 | ||||
| -rw-r--r-- | parts/modules/shared/default.nix | 5 | ||||
| -rw-r--r-- | parts/systems/default.nix | 47 | ||||
| -rw-r--r-- | parts/systems/profiles.nix | 102 | ||||
| -rw-r--r-- | parts/users/default.nix | 22 | ||||
| -rw-r--r-- | parts/users/seth/darwin.nix | 8 | ||||
| -rw-r--r-- | parts/users/seth/desktop/default.nix | 43 | ||||
| -rw-r--r-- | parts/users/seth/home.nix | 20 | ||||
| -rw-r--r-- | parts/users/seth/programs/chromium.nix | 27 | ||||
| -rw-r--r-- | parts/users/seth/programs/default.nix | 52 | ||||
| -rw-r--r-- | parts/users/seth/programs/firefox/default.nix | 50 | ||||
| -rw-r--r-- | parts/users/seth/programs/git.nix | 51 | ||||
| -rw-r--r-- | parts/users/seth/programs/gpg.nix | 29 | ||||
| -rw-r--r-- | parts/users/seth/programs/mangohud.nix | 29 | ||||
| -rw-r--r-- | parts/users/seth/programs/neovim/.luarc.json | 3 | ||||
| -rw-r--r-- | parts/users/seth/programs/neovim/default.nix | 18 | ||||
| -rw-r--r-- | parts/users/seth/programs/ssh.nix | 50 | ||||
| -rw-r--r-- | parts/users/seth/programs/vim.nix | 43 | ||||
| -rw-r--r-- | parts/users/seth/shell/default.nix | 64 | ||||
| -rw-r--r-- | secrets/secrets.nix (renamed from parts/secrets/secrets.nix) | 0 | ||||
| -rw-r--r-- | secrets/shared/rootPassword.age (renamed from parts/secrets/shared/rootPassword.age) | 0 | ||||
| -rw-r--r-- | secrets/shared/sethPassword.age (renamed from parts/secrets/shared/sethPassword.age) | 0 | ||||
| -rw-r--r-- | secrets/systems/atlas/binaryCache.age (renamed from parts/secrets/systems/atlas/binaryCache.age) | 0 | ||||
| -rw-r--r-- | secrets/systems/atlas/cloudflareApiKey.age (renamed from parts/secrets/systems/atlas/cloudflareApiKey.age) | 0 | ||||
| -rw-r--r-- | secrets/systems/atlas/cloudflaredCreds.age (renamed from parts/secrets/systems/atlas/cloudflaredCreds.age) | 0 | ||||
| -rw-r--r-- | secrets/systems/atlas/clusterToken.age (renamed from parts/secrets/systems/atlas/clusterToken.age) | 0 | ||||
| -rw-r--r-- | secrets/systems/atlas/miniflux.age (renamed from parts/secrets/systems/atlas/miniflux.age) | 0 | ||||
| -rw-r--r-- | secrets/systems/atlas/rootPassword.age (renamed from parts/secrets/systems/atlas/rootPassword.age) | 0 | ||||
| -rw-r--r-- | secrets/systems/atlas/secretsJson.age (renamed from parts/secrets/systems/atlas/secretsJson.age) | 0 | ||||
| -rw-r--r-- | secrets/systems/atlas/tailscaleAuthKey.age (renamed from parts/secrets/systems/atlas/tailscaleAuthKey.age) | 0 | ||||
| -rw-r--r-- | secrets/systems/atlas/userPassword.age (renamed from parts/secrets/systems/atlas/userPassword.age) | 0 | ||||
| -rw-r--r-- | systems/atlas/default.nix (renamed from parts/systems/atlas/default.nix) | 3 | ||||
| -rw-r--r-- | systems/atlas/hardware-configuration.nix (renamed from parts/systems/atlas/hardware-configuration.nix) | 0 | ||||
| -rw-r--r-- | systems/atlas/miniflux.nix (renamed from parts/systems/atlas/miniflux.nix) | 8 | ||||
| -rw-r--r-- | systems/atlas/nginx.nix (renamed from parts/systems/atlas/nginx.nix) | 26 | ||||
| -rw-r--r-- | systems/caroline/default.nix (renamed from parts/systems/caroline/default.nix) | 7 | ||||
| -rw-r--r-- | systems/common.nix | 78 | ||||
| -rw-r--r-- | systems/default.nix | 73 | ||||
| -rw-r--r-- | systems/glados-wsl/default.nix (renamed from parts/systems/glados-wsl/default.nix) | 18 | ||||
| -rw-r--r-- | systems/glados/boot.nix (renamed from parts/systems/glados/boot.nix) | 0 | ||||
| -rw-r--r-- | systems/glados/default.nix (renamed from parts/systems/glados/default.nix) | 14 | ||||
| -rw-r--r-- | systems/glados/hardware-configuration.nix (renamed from parts/systems/glados/hardware-configuration.nix) | 0 | ||||
| -rw-r--r-- | systems/turret/default.nix (renamed from parts/systems/turret/default.nix) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/config/dhcp (renamed from parts/systems/turret/files/etc/config/dhcp) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/config/dropbear (renamed from parts/systems/turret/files/etc/config/dropbear) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/config/firewall (renamed from parts/systems/turret/files/etc/config/firewall) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/config/https-dns-proxy (renamed from parts/systems/turret/files/etc/config/https-dns-proxy) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/config/luci (renamed from parts/systems/turret/files/etc/config/luci) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/config/network (renamed from parts/systems/turret/files/etc/config/network) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/config/rpcd (renamed from parts/systems/turret/files/etc/config/rpcd) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/config/system (renamed from parts/systems/turret/files/etc/config/system) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/config/ucitrack (renamed from parts/systems/turret/files/etc/config/ucitrack) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/config/uhttpd (renamed from parts/systems/turret/files/etc/config/uhttpd) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/config/wireless (renamed from parts/systems/turret/files/etc/config/wireless) | 0 | ||||
| -rw-r--r-- | systems/turret/files/etc/dropbear/authorized_keys (renamed from parts/systems/turret/files/etc/dropbear/authorized_keys) | 0 | ||||
| -rw-r--r-- | users/default.nix | 36 | ||||
| -rw-r--r-- | users/seth/default.nix (renamed from parts/users/seth/default.nix) | 2 | ||||
| -rw-r--r-- | users/seth/desktop/budgie/default.nix (renamed from parts/users/seth/desktop/budgie/default.nix) | 10 | ||||
| -rw-r--r-- | users/seth/desktop/default.nix | 30 | ||||
| -rw-r--r-- | users/seth/desktop/gnome/default.nix (renamed from parts/users/seth/desktop/gnome/default.nix) | 7 | ||||
| -rw-r--r-- | users/seth/desktop/plasma/default.nix (renamed from parts/users/seth/desktop/plasma/default.nix) | 11 | ||||
| -rw-r--r-- | users/seth/home.nix | 17 | ||||
| -rw-r--r-- | users/seth/programs/bat.nix | 6 | ||||
| -rw-r--r-- | users/seth/programs/chromium.nix | 16 | ||||
| -rw-r--r-- | users/seth/programs/default.nix | 44 | ||||
| -rw-r--r-- | users/seth/programs/eza.nix | 7 | ||||
| -rw-r--r-- | users/seth/programs/firefox/arkenfox.nix (renamed from parts/users/seth/programs/firefox/arkenfox.nix) | 22 | ||||
| -rw-r--r-- | users/seth/programs/firefox/default.nix | 42 | ||||
| -rw-r--r-- | users/seth/programs/git.nix | 40 | ||||
| -rw-r--r-- | users/seth/programs/gpg.nix | 22 | ||||
| -rw-r--r-- | users/seth/programs/mangohud.nix | 16 | ||||
| -rw-r--r-- | users/seth/programs/ssh.nix | 42 | ||||
| -rw-r--r-- | users/seth/programs/starship/default.nix | 22 | ||||
| -rw-r--r-- | users/seth/programs/starship/starship.toml (renamed from parts/users/seth/shell/starship.toml) | 0 | ||||
| -rw-r--r-- | users/seth/programs/vim.nix | 30 | ||||
| -rw-r--r-- | users/seth/shell/bash.nix (renamed from parts/users/seth/shell/bash.nix) | 0 | ||||
| -rw-r--r-- | users/seth/shell/default.nix | 26 | ||||
| -rw-r--r-- | users/seth/shell/fish.nix (renamed from parts/users/seth/shell/fish.nix) | 0 | ||||
| -rw-r--r-- | users/seth/shell/zsh.nix (renamed from parts/users/seth/shell/zsh.nix) | 0 | ||||
| -rw-r--r-- | users/seth/system.nix (renamed from parts/users/seth/system.nix) | 23 |
146 files changed, 1115 insertions, 1665 deletions
@@ -20,7 +20,6 @@ deadnix.enable = true; nil.enable = true; statix.enable = true; - stylua.enable = true; }; }; @@ -33,8 +32,8 @@ alejandra deadnix just + nil statix - stylua ] ++ lib.optional stdenv.isLinux inputs'.agenix.packages.agenix; }; @@ -136,6 +136,19 @@ outputs = {parts, ...} @ inputs: parts.lib.mkFlake {inherit inputs;} { - imports = [./parts]; + imports = [ + ./modules + ./overlays + ./systems + ./users + ./dev.nix + ]; + + systems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" + ]; }; } diff --git a/modules/darwin/base.nix b/modules/darwin/base.nix new file mode 100644 index 0000000..b01bd12 --- /dev/null +++ b/modules/darwin/base.nix @@ -0,0 +1,17 @@ +{inputs, ...}: let + channelPath = i: "${inputs.${i}.outPath}"; + mapInputs = fn: map fn (builtins.filter (n: n != "self") (builtins.attrNames inputs)); +in { + imports = [../shared]; + + nix.nixPath = + mapInputs (i: "${i}=${channelPath i}"); + + programs = { + bash.enable = true; + vim.enable = true; + zsh.enable = true; + }; + + services.nix-daemon.enable = true; +} diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix new file mode 100644 index 0000000..a685fab --- /dev/null +++ b/modules/darwin/default.nix @@ -0,0 +1,6 @@ +{ + flake.darwinModules = { + default = ./base.nix; + desktop = ./desktop.nix; + }; +} diff --git a/modules/darwin/desktop.nix b/modules/darwin/desktop.nix new file mode 100644 index 0000000..23664f9 --- /dev/null +++ b/modules/darwin/desktop.nix @@ -0,0 +1,30 @@ +{ + lib, + pkgs, + ... +}: { + fonts.fonts = with pkgs; + lib.mkDefault [ + (nerdfonts.override {fonts = ["FiraCode"];}) + ]; + + homebrew = { + enable = lib.mkDefault true; + caskArgs.require_sha = true; + onActivation = lib.mkDefault { + autoUpdate = true; + cleanup = "zap"; + upgrade = true; + }; + + caskArgs = { + no_quarantine = true; + }; + + casks = [ + "chromium" + ]; + }; + + programs.gnupg.agent.enable = lib.mkDefault true; +} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..c5f7ce9 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./nixos + ./darwin + ]; +} diff --git a/modules/nixos/base.nix b/modules/nixos/base.nix new file mode 100644 index 0000000..ca696dd --- /dev/null +++ b/modules/nixos/base.nix @@ -0,0 +1,103 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: let + inherit (lib) mkDefault; + channelPath = i: "/etc/nix/channels/${i}"; + + mapInputs = fn: map fn (builtins.filter (n: n != "self") (builtins.attrNames inputs)); + + # yes this is a bad way to detect which option should be used (or exists) + # but i'm lazy. please do not copy this + passwordFile = + if lib.versionAtLeast config.system.stateVersion "23.11" + then "hashedPasswordFile" + else "passwordFile"; +in { + imports = [ + ../shared + ]; + + environment.systemPackages = with pkgs; [man-pages man-pages-posix]; + + documentation.man = { + generateCaches = mkDefault true; + man-db.enable = mkDefault true; + }; + + i18n = { + supportedLocales = [ + "en_US.UTF-8/UTF-8" + ]; + + defaultLocale = "en_US.UTF-8"; + }; + + networking.networkmanager = { + enable = mkDefault true; + dns = mkDefault "systemd-resolved"; + }; + + nix = { + nixPath = mapInputs (i: "${i}=${channelPath i}"); + gc.dates = mkDefault "weekly"; + settings.trusted-users = ["root" "@wheel"]; + }; + + programs = { + git.enable = mkDefault true; + vim.defaultEditor = mkDefault true; + }; + + security = { + apparmor.enable = mkDefault true; + audit.enable = mkDefault true; + auditd.enable = mkDefault true; + polkit.enable = mkDefault true; + rtkit.enable = mkDefault true; + sudo.execWheelOnly = true; + }; + + services = { + dbus.apparmor = mkDefault "enabled"; + + resolved = { + enable = mkDefault true; + dnssec = mkDefault "allow-downgrade"; + extraConfig = mkDefault '' + [Resolve] + DNS=1.1.1.1 1.0.0.1 + DNSOverTLS=yes + ''; + }; + + journald.extraConfig = '' + MaxRetentionSec=1w + ''; + }; + + system.activationScripts."upgrade-diff" = { + supportsDryActivation = true; + text = '' + ${pkgs.nvd}/bin/nvd --nix-bin-dir=${config.nix.package}/bin diff /run/current-system "$systemConfig" + ''; + }; + + systemd.tmpfiles.rules = + mapInputs (i: "L+ ${channelPath i} - - - - ${inputs.${i}.outPath}"); + + users = { + defaultUserShell = pkgs.bash; + mutableUsers = false; + + users.root = { + home = mkDefault "/root"; + uid = mkDefault config.ids.uids.root; + group = mkDefault "root"; + "${passwordFile}" = mkDefault config.age.secrets.rootPassword.path; + }; + }; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..f43e8ae --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,12 @@ +{ + flake.nixosModules = { + default = ./base.nix; + desktop = ./desktop; + gnome = ./desktop/gnome; + plasma = ./desktop/plasma; + budgie = ./desktop/budgie; + server = ./server; + services = ./services; + hardware = ./hardware; + }; +} diff --git a/modules/nixos/desktop/budgie/default.nix b/modules/nixos/desktop/budgie/default.nix new file mode 100644 index 0000000..d29649b --- /dev/null +++ b/modules/nixos/desktop/budgie/default.nix @@ -0,0 +1,44 @@ +{pkgs, ...}: { + services.xserver = { + displayManager.lightdm.greeters.slick = { + theme = { + name = "Materia-dark"; + package = pkgs.materia-theme; + }; + iconTheme = { + name = "Papirus-Dark"; + package = pkgs.papirus-icon-theme; + }; + cursorTheme = { + name = "Breeze-gtk"; + package = pkgs.libsForQt5.breeze-gtk; + }; + }; + + desktopManager.budgie = { + enable = true; + extraGSettingsOverrides = '' + [org.gnome.desktop.interface:Budgie] + gtk-theme="Materia-dark" + icon-theme="Papirus-Dark" + cursor-theme="Breeze-gtk" + font-name="Noto Sans 10" + document-font-name="Noto Sans 10" + monospace-font-name="Fira Code 10" + enable-hot-corners=true + ''; + }; + }; + + environment.budgie.excludePackages = with pkgs; [ + qogir-theme + qogir-icon-theme + ]; + + environment.systemPackages = with pkgs; [ + alacritty + breeze-gtk + materia-theme + papirus-icon-theme + ]; +} diff --git a/modules/nixos/desktop/default.nix b/modules/nixos/desktop/default.nix new file mode 100644 index 0000000..a40d94e --- /dev/null +++ b/modules/nixos/desktop/default.nix @@ -0,0 +1,56 @@ +{ + lib, + pkgs, + ... +}: { + environment = { + noXlibs = lib.mkForce false; + systemPackages = with pkgs; [wl-clipboard xclip]; + }; + + fonts = { + enableDefaultPackages = lib.mkDefault true; + + packages = lib.mkDefault (with pkgs; [ + corefonts + fira-code + (nerdfonts.override {fonts = ["FiraCode"];}) + noto-fonts + noto-fonts-extra + noto-fonts-emoji + noto-fonts-cjk-sans + ]); + + fontconfig = { + enable = lib.mkDefault true; + defaultFonts = lib.mkDefault { + serif = ["Noto Serif"]; + sansSerif = ["Noto Sans"]; + emoji = ["Noto Color Emoji"]; + monospace = ["Fira Code"]; + }; + }; + }; + + hardware.pulseaudio.enable = false; + + programs = { + dconf.enable = lib.mkDefault true; + firefox.enable = lib.mkDefault true; + xwayland.enable = lib.mkDefault true; + }; + + services = { + pipewire = lib.mkDefault { + enable = true; + wireplumber.enable = true; + alsa.enable = true; + jack.enable = true; + pulse.enable = true; + }; + + xserver.enable = lib.mkDefault true; + }; + + xdg.portal.enable = lib.mkDefault true; +} diff --git a/modules/nixos/desktop/gnome/default.nix b/modules/nixos/desktop/gnome/default.nix new file mode 100644 index 0000000..7e2c07e --- /dev/null +++ b/modules/nixos/desktop/gnome/default.nix @@ -0,0 +1,29 @@ +{ + pkgs, + lib, + ... +}: { + environment = { + gnome.excludePackages = with pkgs; [ + gnome-tour + ]; + + sessionVariables = { + NIXOS_OZONE_WL = "1"; + }; + + systemPackages = with pkgs; [ + adw-gtk3 + blackbox-terminal + ]; + }; + + services.xserver = { + displayManager.gdm = { + enable = true; + wayland = lib.mkForce true; + }; + + desktopManager.gnome.enable = true; + }; +} diff --git a/modules/nixos/desktop/plasma/default.nix b/modules/nixos/desktop/plasma/default.nix new file mode 100644 index 0000000..d580e3f --- /dev/null +++ b/modules/nixos/desktop/plasma/default.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + environment = { + plasma5.excludePackages = with pkgs.libsForQt5; [ + khelpcenter + plasma-browser-integration + print-manager + ]; + }; + + services.xserver = { + displayManager.sddm.enable = true; + desktopManager.plasma5 = { + enable = true; + useQtScaling = true; + }; + }; +} diff --git a/parts/modules/nixos/features/tailscale.nix b/modules/nixos/features/tailscale.nix index 5a00110..cbbe2e5 100644 --- a/parts/modules/nixos/features/tailscale.nix +++ b/modules/nixos/features/tailscale.nix @@ -2,11 +2,12 @@ config, lib, pkgs, - self, ... }: let cfg = config.features.tailscale; inherit (lib) mkDefault mkEnableOption mkIf optionalAttrs; + + baseDir = ../../../secrets/systems/${config.networking.hostName}; in { options.features.tailscale = { enable = mkEnableOption "enable support for tailscale"; @@ -14,12 +15,9 @@ in { }; config = mkIf cfg.enable { - age.secrets = let - baseDir = "${self}/parts/secrets/systems/${config.networking.hostName}"; - in - mkIf cfg.ssh.enable { - tailscaleAuthKey.file = "${baseDir}/tailscaleAuthKey.age"; - }; + age.secrets = mkIf cfg.ssh.enable { + tailscaleAuthKey.file = "${baseDir}/tailscaleAuthKey.age"; + }; networking.firewall = { @@ -45,20 +43,18 @@ in { serviceConfig.Type = "oneshot"; - script = let - inherit (pkgs) tailscale jq; - in '' + script = '' # wait for tailscaled to settle sleep 2 # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + status="$(${lib.getExe pkgs.tailscale} status -json | ${lib.getExe pkgs.jq}/bin/jq -r .BackendState)" if [ $status = "Running" ]; then # if so, then do nothing exit 0 fi # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up --ssh \ + ${lib.getExe pkgs.tailscale}/bin/tailscale up --ssh \ --auth-key "file:${config.age.secrets.tailscaleAuthKey.path}" ''; }; diff --git a/parts/modules/nixos/features/virtualisation.nix b/modules/nixos/features/virtualisation.nix index 206a98e..206a98e 100644 --- a/parts/modules/nixos/features/virtualisation.nix +++ b/modules/nixos/features/virtualisation.nix diff --git a/modules/nixos/hardware/default.nix b/modules/nixos/hardware/default.nix new file mode 100644 index 0000000..b939953 --- /dev/null +++ b/modules/nixos/hardware/default.nix @@ -0,0 +1,8 @@ +{lib, ...}: { + imports = [ + ./ssd.nix + ./nvidia.nix + ]; + + hardware.enableAllFirmware = lib.mkDefault true; +} diff --git a/parts/modules/nixos/hardware/nvidia.nix b/modules/nixos/hardware/nvidia.nix index dd371f2..1b42fef 100644 --- a/parts/modules/nixos/hardware/nvidia.nix +++ b/modules/nixos/hardware/nvidia.nix @@ -16,8 +16,6 @@ in { }; hardware = { - enable = true; - nvidia = { package = config.boot.kernelPackages.nvidiaPackages.stable; modesetting.enable = true; diff --git a/parts/modules/nixos/hardware/ssd.nix b/modules/nixos/hardware/ssd.nix index 2995d93..7279a12 100644 --- a/parts/modules/nixos/hardware/ssd.nix +++ b/modules/nixos/hardware/ssd.nix @@ -9,7 +9,6 @@ in { options.hardware.ssd.enable = mkEnableOption "ssd settings"; config = mkIf cfg.enable { - hardware.enable = true; services.fstrim.enable = true; }; } diff --git a/modules/nixos/server/acme.nix b/modules/nixos/server/acme.nix new file mode 100644 index 0000000..48746c2 --- /dev/null +++ b/modules/nixos/server/acme.nix @@ -0,0 +1,14 @@ +{config, ...}: { + age.secrets = { + cloudflareApiKey.file = ../../../secrets/systems/${config.networking.hostName}/cloudflareApiKey.age; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = "[email protected]"; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.cloudflareApiKey.path; + }; + }; +} diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix new file mode 100644 index 0000000..1f759ec --- /dev/null +++ b/modules/nixos/server/default.nix @@ -0,0 +1,39 @@ +{ + config, + lib, + pkgs, + inputs, + ... +}: { + imports = [ + ./acme.nix + ./secrets.nix + ]; + + _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}; + + documentation = { + enable = false; + + man = { + enable = false; + man-db.enable = false; + }; + + nixos.enable = false; + dev.enable = false; + }; + + environment.defaultPackages = lib.mkForce []; + + nix = { + gc = { + dates = "*-*-1,5,9,13,17,21,25,29 00:00:00"; + options = "-d --delete-older-than 2d"; + }; + + settings.allowed-users = [config.networking.hostName]; + }; + + security.pam.enableSSHAgentAuth = true; +} diff --git a/modules/nixos/server/secrets.nix b/modules/nixos/server/secrets.nix new file mode 100644 index 0000000..e435690 --- /dev/null +++ b/modules/nixos/server/secrets.nix @@ -0,0 +1,12 @@ +{config, ...}: { + age = let + baseDir = ../../../secrets/systems/${config.networking.hostName}; + in { + identityPaths = ["/etc/age/key"]; + + secrets = { + rootPassword.file = "${baseDir}/rootPassword.age"; + userPassword.file = "${baseDir}/userPassword.age"; + }; + }; +} diff --git a/parts/modules/nixos/server/services/cloudflared.nix b/modules/nixos/services/cloudflared.nix index 2bf7907..a144266 100644 --- a/parts/modules/nixos/server/services/cloudflared.nix +++ b/modules/nixos/services/cloudflared.nix @@ -1,7 +1,6 @@ { config, lib, - self, ... }: let cfg = config.server.services.cloudflared; @@ -13,7 +12,7 @@ in { config = mkIf cfg.enable { age.secrets.cloudflaredCreds = { - file = "${self}/parts/secrets/systems/${config.networking.hostName}/cloudflaredCreds.age"; + file = ../../../secrets/systems/${config.networking.hostName}/cloudflaredCreds.age; mode = "400"; owner = "cloudflared"; group = "cloudflared"; diff --git a/parts/modules/nixos/server/services/default.nix b/modules/nixos/services/default.nix index 23f2542..3423b79 100644 --- a/parts/modules/nixos/server/services/default.nix +++ b/modules/nixos/services/default.nix @@ -1,4 +1,4 @@ -_: { +{ imports = [ ./cloudflared.nix ./hercules.nix diff --git a/parts/modules/nixos/server/services/hercules.nix b/modules/nixos/services/hercules.nix index b11a133..fc3c92d 100644 --- a/parts/modules/nixos/server/services/hercules.nix +++ b/modules/nixos/services/hercules.nix @@ -1,12 +1,18 @@ { config, lib, - self, unstable, ... }: let cfg = config.server.services.hercules-ci; inherit (lib) mkEnableOption mkIf; + + baseDir = ../../../secrets/systems/${config.networking.hostName}; + hercArgs = { + mode = "400"; + owner = "hercules-ci-agent"; + group = "hercules-ci-agent"; + }; in { options.server.services.hercules-ci = { enable = mkEnableOption "enable hercules-ci"; @@ -14,33 +20,25 @@ in { }; config = mkIf cfg.enable { - age.secrets = let - baseDir = "${self}/parts/secrets/systems/${config.networking.hostName}"; - hercArgs = { - mode = "400"; - owner = "hercules-ci-agent"; - group = "hercules-ci-agent"; - }; - in - mkIf cfg.secrets.enable { - binaryCache = - { - file = "${baseDir}/binaryCache.age"; - } - // hercArgs; + age.secrets = mkIf cfg.secrets.enable { + binaryCache = + { + file = "${baseDir}/binaryCache.age"; + } + // hercArgs; - clusterToken = - { - file = "${baseDir}/clusterToken.age"; - } - // hercArgs; + clusterToken = + { + file = "${baseDir}/clusterToken.age"; + } + // hercArgs; - secretsJson = - { - file = "${baseDir}/secretsJson.age"; - } - // hercArgs; - }; + secretsJson = + { + file = "${baseDir}/secretsJson.age"; + } + // hercArgs; + }; services = { hercules-ci-agent = { diff --git a/parts/modules/nixos/server/services/promtail.nix b/modules/nixos/services/promtail.nix index 63faf15..63faf15 100644 --- a/parts/modules/nixos/server/services/promtail.nix +++ b/modules/nixos/services/promtail.nix diff --git a/modules/shared/default.nix b/modules/shared/default.nix new file mode 100644 index 0000000..f251bb2 --- /dev/null +++ b/modules/shared/default.nix @@ -0,0 +1,8 @@ +{lib, ...}: { + imports = [./nix.nix]; + + documentation.man.enable = lib.mkDefault true; + time.timeZone = lib.mkDefault "America/New_York"; + + programs.gnupg.agent.enable = lib.mkDefault true; +} diff --git a/modules/shared/nix.nix b/modules/shared/nix.nix new file mode 100644 index 0000000..2c0aedd --- /dev/null +++ b/modules/shared/nix.nix @@ -0,0 +1,33 @@ +{ + lib, + pkgs, + inputs, + ... +}: { + nix = { + registry = + { + n.flake = lib.mkDefault inputs.nixpkgs; + } + // (builtins.mapAttrs (_: flake: {inherit flake;}) + (lib.filterAttrs (n: _: n != "nixpkgs") inputs)); + + settings = { + auto-optimise-store = pkgs.stdenv.isLinux; + experimental-features = lib.mkDefault ["nix-command" "flakes" "auto-allocate-uids" "repl-flake"]; + + trusted-substituters = lib.mkDefault ["https://cache.garnix.io"]; + trusted-public-keys = lib.mkDefault ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; + }; + + gc = { + automatic = lib.mkDefault true; + options = lib.mkDefault "--delete-older-than 7d"; + }; + }; + + nixpkgs = { + overlays = with inputs; [nur.overlay getchoo.overlays.default self.overlays.default]; + config.allowUnfree = lib.mkDefault true; + }; +} diff --git a/parts/overlays/btop.nix b/overlays/btop.nix index b2a5b24..b2a5b24 100644 --- a/parts/overlays/btop.nix +++ b/overlays/btop.nix diff --git a/parts/overlays/default.nix b/overlays/default.nix index 66869c4..66869c4 100644 --- a/parts/overlays/default.nix +++ b/overlays/default.nix diff --git a/parts/overlays/discord.nix b/overlays/discord.nix index dfb0cae..dfb0cae 100644 --- a/parts/overlays/discord.nix +++ b/overlays/discord.nix diff --git a/parts/overlays/fish.nix b/overlays/fish.nix index 4e7fffc..4e7fffc 100644 --- a/parts/overlays/fish.nix +++ b/overlays/fish.nix diff --git a/parts/default.nix b/parts/default.nix deleted file mode 100644 index ac7bc08..0000000 --- a/parts/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - imports = [ - ./lib - ./modules - ./overlays - ./systems - ./users - ./dev.nix - ]; - - systems = [ - "x86_64-linux" - "aarch64-linux" - "x86_64-darwin" - "aarch64-darwin" - ]; -} diff --git a/parts/lib/configs.nix b/parts/lib/configs.nix deleted file mode 100644 index 5392d9b..0000000 --- a/parts/lib/configs.nix +++ /dev/null @@ -1,44 +0,0 @@ -{inputs, ...}: let - inherit (builtins) mapAttrs; - inherit (inputs) nixpkgs hm; - - mkSystemCfg = name: { - profile, - modules ? profile.modules, - system ? profile.system, - specialArgs ? profile.specialArgs, - }: - profile.builder { - inherit specialArgs system; - modules = - [../systems/${name}] - ++ ( - if modules == profile.modules - then modules - else modules ++ profile.modules - ); - }; - - mkHMCfg = name: { - pkgs ? nixpkgs.legacyPackages."x86_64-linux", - extraSpecialArgs ? {inherit inputs;}, - modules ? [], - }: - hm.lib.homeManagerConfiguration { - inherit extraSpecialArgs pkgs; - - modules = - [ - ../users/${name}/home.nix - - { - _module.args.osConfig = {}; - programs.home-manager.enable = true; - } - ] - ++ modules; - }; -in { - mapSystems = mapAttrs mkSystemCfg; - mapHMUsers = mapAttrs mkHMCfg; -} diff --git a/parts/lib/default.nix b/parts/lib/default.nix deleted file mode 100644 index c499eec..0000000 --- a/parts/lib/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -args: { - flake.lib = { - configs = import ./configs.nix args; - utils = { - nginx = import ./utils/nginx.nix args; - }; - }; -} diff --git a/parts/lib/utils/nginx.nix b/parts/lib/utils/nginx.nix deleted file mode 100644 index 57be4fb..0000000 --- a/parts/lib/utils/nginx.nix +++ /dev/null @@ -1,22 +0,0 @@ -{lib, ...}: let - inherit (builtins) mapAttrs; - inherit (lib) recursiveUpdate; -in { - mkProxy = endpoint: port: { - "${endpoint}" = { - proxyPass = "http://localhost:${toString port}"; - proxyWebsockets = true; - }; - }; - - mkVHosts = let - commonSettings = { - enableACME = true; - # workaround for https://github.com/NixOS/nixpkgs/issues/210807 - acmeRoot = null; - - addSSL = true; - }; - in - mapAttrs (_: recursiveUpdate commonSettings); -} diff --git a/parts/modules/darwin/base/default.nix b/parts/modules/darwin/base/default.nix deleted file mode 100644 index 42c0335..0000000 --- a/parts/modules/darwin/base/default.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.base.enable = mkEnableOption "base darwin module"; - - imports = [ - ../../shared - ./nix.nix - ./packages.nix - ]; - - config = mkIf cfg.enable { - base = { - defaultPackages.enable = mkDefault true; - defaultLocale.enable = mkDefault true; - documentation.enable = mkDefault true; - nix-settings.enable = mkDefault true; - }; - - programs = { - bash.enable = true; - zsh.enable = true; - }; - - services.nix-daemon.enable = true; - }; -} diff --git a/parts/modules/darwin/base/nix.nix b/parts/modules/darwin/base/nix.nix deleted file mode 100644 index c853650..0000000 --- a/parts/modules/darwin/base/nix.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: let - inherit (builtins) attrNames map; - inherit (lib) mkIf; - cfg = config.base.nix-settings; - - channelPath = i: "${inputs.${i}.outPath}"; - - mapInputs = fn: map fn (attrNames inputs); -in { - config = mkIf cfg.enable { - nix.nixPath = mapInputs (i: "${i}=${channelPath i}"); - }; -} diff --git a/parts/modules/darwin/base/packages.nix b/parts/modules/darwin/base/packages.nix deleted file mode 100644 index 97fb77c..0000000 --- a/parts/modules/darwin/base/packages.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.defaultPackages; - inherit (lib) mkIf; -in { - config = mkIf cfg.enable { - programs.vim.enable = true; - }; -} diff --git a/parts/modules/darwin/default.nix b/parts/modules/darwin/default.nix deleted file mode 100644 index ed9c7e1..0000000 --- a/parts/modules/darwin/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: { - imports = [ - ./base - ./desktop - ]; -} diff --git a/parts/modules/darwin/desktop/default.nix b/parts/modules/darwin/desktop/default.nix deleted file mode 100644 index 1f71642..0000000 --- a/parts/modules/darwin/desktop/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.desktop; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.desktop = { - enable = mkEnableOption "enable desktop darwin support"; - gpg.enable = mkEnableOption "enable gpg"; - }; - - imports = [ - ./homebrew.nix - ]; - - config = mkIf cfg.enable { - fonts.fonts = with pkgs; - mkDefault [ - (nerdfonts.override {fonts = ["FiraCode"];}) - ]; - - programs.gnupg.agent.enable = cfg.gpg.enable; - }; -} diff --git a/parts/modules/darwin/desktop/homebrew.nix b/parts/modules/darwin/desktop/homebrew.nix deleted file mode 100644 index a5f705e..0000000 --- a/parts/modules/darwin/desktop/homebrew.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.desktop.homebrew; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.desktop.homebrew.enable = mkEnableOption "enable homebrew support"; - - config = mkIf cfg.enable { - homebrew = { - enable = mkDefault true; - caskArgs.require_sha = true; - onActivation = mkDefault { - autoUpdate = true; - cleanup = "uninstall"; - upgrade = true; - }; - - casks = let - # thanks @nekowinston :p - skipSha = name: { - inherit name; - args = {require_sha = false;}; - }; - noQuarantine = name: { - inherit name; - args = {no_quarantine = true;}; - }; - in [ - (lib.recursiveUpdate (noQuarantine "chromium") (skipSha "chromium")) - ]; - }; - }; -} diff --git a/parts/modules/default.nix b/parts/modules/default.nix deleted file mode 100644 index 4b3dddb..0000000 --- a/parts/modules/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - flake = { - nixosModules.default = import ../modules/nixos; - darwinModules.default = import ../modules/darwin; - }; -} diff --git a/parts/modules/nixos/base/default.nix b/parts/modules/nixos/base/default.nix deleted file mode 100644 index ed0fb23..0000000 --- a/parts/modules/nixos/base/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.base.enable = mkEnableOption "base nixos module"; - - imports = [ - ../../shared - ./documentation.nix - ./locale.nix - ./network.nix - ./nix.nix - ./packages.nix - ./root.nix - ./security.nix - ./systemd.nix - ./upgrade-diff.nix - ]; - - config = mkIf cfg.enable { - base = { - defaultPackages.enable = mkDefault true; - defaultLocale.enable = mkDefault true; - defaultRoot.enable = mkDefault true; - documentation.enable = mkDefault true; - networking.enable = mkDefault true; - nix-settings.enable = mkDefault true; - }; - }; -} diff --git a/parts/modules/nixos/base/documentation.nix b/parts/modules/nixos/base/documentation.nix deleted file mode 100644 index 68a194f..0000000 --- a/parts/modules/nixos/base/documentation.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.base.documentation; - inherit (lib) mkIf; -in { - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [man-pages man-pages-posix]; - documentation = { - man = { - generateCaches = true; - man-db.enable = true; - }; - - dev.enable = true; - }; - }; -} diff --git a/parts/modules/nixos/base/locale.nix b/parts/modules/nixos/base/locale.nix deleted file mode 100644 index 7259ef2..0000000 --- a/parts/modules/nixos/base/locale.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.defaultLocale; - inherit (lib) mkIf; -in { - config = mkIf cfg.enable { - i18n = { - supportedLocales = [ - "en_US.UTF-8/UTF-8" - ]; - - defaultLocale = "en_US.UTF-8"; - }; - }; -} diff --git a/parts/modules/nixos/base/network.nix b/parts/modules/nixos/base/network.nix deleted file mode 100644 index 5bc90d1..0000000 --- a/parts/modules/nixos/base/network.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.networking; - inherit (lib) mkEnableOption mkIf; -in { - options.base.networking.enable = mkEnableOption "networking"; - - config = mkIf cfg.enable { - networking.networkmanager = { - enable = true; - dns = "systemd-resolved"; - }; - services.resolved = { - enable = lib.mkDefault true; - dnssec = "allow-downgrade"; - extraConfig = '' - [Resolve] - DNS=1.1.1.1 1.0.0.1 - DNSOverTLS=yes - ''; - }; - }; -} diff --git a/parts/modules/nixos/base/nix.nix b/parts/modules/nixos/base/nix.nix deleted file mode 100644 index 3dcac11..0000000 --- a/parts/modules/nixos/base/nix.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ - config, - lib, - inputs, - ... -}: let - inherit (builtins) attrNames map; - inherit (lib) mkDefault mkIf; - cfg = config.base.nix-settings; - - channelPath = i: "/etc/nix/channels/${i}"; - - mapInputs = fn: map fn (attrNames inputs); -in { - config = mkIf cfg.enable { - nix = { - nixPath = mapInputs (i: "${i}=${channelPath i}"); - gc.dates = mkDefault "weekly"; - }; - - systemd.tmpfiles.rules = - mapInputs (i: "L+ ${channelPath i} - - - - ${inputs.${i}.outPath}"); - }; -} diff --git a/parts/modules/nixos/base/packages.nix b/parts/modules/nixos/base/packages.nix deleted file mode 100644 index 7390a40..0000000 --- a/parts/modules/nixos/base/packages.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.defaultPackages; - inherit (lib) mkIf; -in { - config = mkIf cfg.enable { - programs = { - git.enable = true; - vim.defaultEditor = true; - }; - }; -} diff --git a/parts/modules/nixos/base/root.nix b/parts/modules/nixos/base/root.nix deleted file mode 100644 index ecc5203..0000000 --- a/parts/modules/nixos/base/root.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.defaultRoot; - inherit (lib) mkDefault mkEnableOption mkIf; - - # yes this is a bad way to detect which option should be used (or exists) - # but i'm lazy. please do not copy this - passwordFile = - if lib.versionAtLeast config.system.stateVersion "23.11" - then "hashedPasswordFile" - else "passwordFile"; -in { - options.base.defaultRoot.enable = mkEnableOption "default root user"; - - config = mkIf cfg.enable { - users.users.root = { - home = mkDefault "/root"; - uid = mkDefault config.ids.uids.root; - group = mkDefault "root"; - "${passwordFile}" = mkDefault config.age.secrets.rootPassword.path; - }; - }; -} diff --git a/parts/modules/nixos/base/security.nix b/parts/modules/nixos/base/security.nix deleted file mode 100644 index e13d1c7..0000000 --- a/parts/modules/nixos/base/security.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - pkgs, - ... -}: let - inherit (lib) mkDefault; -in { - security = { - apparmor.enable = mkDefault true; - audit.enable = mkDefault true; - auditd.enable = mkDefault true; - polkit.enable = mkDefault true; - rtkit.enable = mkDefault true; - sudo.execWheelOnly = true; - }; - - services.dbus.apparmor = mkDefault "enabled"; - - users = { - defaultUserShell = pkgs.bash; - mutableUsers = false; - }; - - nix.settings = { - trusted-users = ["root" "@wheel"]; - }; -} diff --git a/parts/modules/nixos/base/systemd.nix b/parts/modules/nixos/base/systemd.nix deleted file mode 100644 index 2888c0b..0000000 --- a/parts/modules/nixos/base/systemd.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - services = { - journald.extraConfig = '' - MaxRetentionSec=1w - ''; - }; -} diff --git a/parts/modules/nixos/base/upgrade-diff.nix b/parts/modules/nixos/base/upgrade-diff.nix deleted file mode 100644 index 68be9af..0000000 --- a/parts/modules/nixos/base/upgrade-diff.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - config, - pkgs, - ... -}: { - system.activationScripts."upgrade-diff" = { - supportsDryActivation = true; - text = '' - ${pkgs.nvd}/bin/nvd --nix-bin-dir=${config.nix.package}/bin diff /run/current-system "$systemConfig" - ''; - }; -} diff --git a/parts/modules/nixos/default.nix b/parts/modules/nixos/default.nix deleted file mode 100644 index 3ae2f08..0000000 --- a/parts/modules/nixos/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - imports = [ - ./base - ./desktop - ./hardware - ]; -} diff --git a/parts/modules/nixos/desktop/audio.nix b/parts/modules/nixos/desktop/audio.nix deleted file mode 100644 index c601563..0000000 --- a/parts/modules/nixos/desktop/audio.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.desktop.audio; - inherit (lib) mkEnableOption mkIf; -in { - options.desktop.audio.enable = mkEnableOption "audio support"; - - config = mkIf cfg.enable { - services = { - pipewire = { - enable = true; - wireplumber.enable = true; - alsa.enable = true; - jack.enable = true; - pulse.enable = true; - }; - }; - hardware.pulseaudio.enable = false; - }; -} diff --git a/parts/modules/nixos/desktop/budgie/default.nix b/parts/modules/nixos/desktop/budgie/default.nix deleted file mode 100644 index 4605eb1..0000000 --- a/parts/modules/nixos/desktop/budgie/default.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.desktop.budgie; - inherit (lib) mkEnableOption mkIf; -in { - options.desktop.budgie.enable = mkEnableOption "enable budgie"; - - config = mkIf cfg.enable { - desktop.enable = true; - - services.xserver = { - displayManager.lightdm.greeters.slick = { - theme = { - name = "Materia-dark"; - package = pkgs.materia-theme; - }; - iconTheme = { - name = "Papirus-Dark"; - package = pkgs.papirus-icon-theme; - }; - cursorTheme = { - name = "Breeze-gtk"; - package = pkgs.libsForQt5.breeze-gtk; - }; - }; - - desktopManager.budgie = { - enable = true; - extraGSettingsOverrides = '' - [org.gnome.desktop.interface:Budgie] - gtk-theme="Materia-dark" - icon-theme="Papirus-Dark" - cursor-theme="Breeze-gtk" - font-name="Noto Sans 10" - document-font-name="Noto Sans 10" - monospace-font-name="Fira Code 10" - enable-hot-corners=true - ''; - }; - }; - - environment.budgie.excludePackages = with pkgs; [ - qogir-theme - qogir-icon-theme - ]; - - environment.systemPackages = with pkgs; [ - alacritty - breeze-gtk - materia-theme - papirus-icon-theme - ]; - }; -} diff --git a/parts/modules/nixos/desktop/default.nix b/parts/modules/nixos/desktop/default.nix deleted file mode 100644 index f0ab74c..0000000 --- a/parts/modules/nixos/desktop/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.desktop; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - imports = [ - ./audio.nix - ./budgie - ./fonts.nix - ./gnome - ./plasma - ]; - - options.desktop.enable = mkEnableOption "desktop module"; - - config = mkIf cfg.enable { - base.enable = true; - desktop = { - audio.enable = mkDefault true; - fonts.enable = mkDefault true; - }; - - environment = { - noXlibs = lib.mkForce false; - systemPackages = with pkgs; [wl-clipboard xclip]; - }; - - programs = { - dconf.enable = true; - firefox.enable = true; - xwayland.enable = true; - }; - - services.xserver.enable = true; - xdg.portal.enable = true; - }; -} diff --git a/parts/modules/nixos/desktop/fonts.nix b/parts/modules/nixos/desktop/fonts.nix deleted file mode 100644 index feedf07..0000000 --- a/parts/modules/nixos/desktop/fonts.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.desktop.fonts; - inherit (lib) mkEnableOption mkIf; -in { - options.desktop.fonts.enable = mkEnableOption "enable default fonts"; - - config = mkIf cfg.enable { - fonts = { - enableDefaultPackages = true; - - packages = with pkgs; [ - corefonts - fira-code - (nerdfonts.override {fonts = ["FiraCode"];}) - noto-fonts - noto-fonts-extra - noto-fonts-emoji - noto-fonts-cjk-sans - ]; - - fontconfig = { - enable = true; - defaultFonts = { - serif = ["Noto Serif"]; - sansSerif = ["Noto Sans"]; - emoji = ["Noto Color Emoji"]; - monospace = ["Fira Code"]; - }; - }; - }; - }; -} diff --git a/parts/modules/nixos/desktop/gnome/default.nix b/parts/modules/nixos/desktop/gnome/default.nix deleted file mode 100644 index bfe3d20..0000000 --- a/parts/modules/nixos/desktop/gnome/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - cfg = config.desktop.gnome; - inherit (lib) mkEnableOption mkIf; -in { - options.desktop.gnome.enable = mkEnableOption "enable gnome"; - - config = mkIf cfg.enable { - desktop.enable = true; - - environment = { - gnome.excludePackages = with pkgs; [ - gnome-tour - ]; - - sessionVariables = { - NIXOS_OZONE_WL = "1"; - }; - - systemPackages = with pkgs; [ - adw-gtk3 - blackbox-terminal - ]; - }; - - services.xserver = { - displayManager.gdm = { - enable = true; - wayland = lib.mkForce true; - }; - desktopManager.gnome.enable = true; - }; - }; -} diff --git a/parts/modules/nixos/desktop/plasma/default.nix b/parts/modules/nixos/desktop/plasma/default.nix deleted file mode 100644 index 2034802..0000000 --- a/parts/modules/nixos/desktop/plasma/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.desktop.plasma; - inherit (lib) mkEnableOption mkIf; -in { - options.desktop.plasma.enable = mkEnableOption "enable plasma"; - - config = mkIf cfg.enable { - desktop.enable = true; - - environment = { - plasma5.excludePackages = with pkgs.libsForQt5; [ - khelpcenter - plasma-browser-integration - print-manager - ]; - }; - - services.xserver = { - displayManager.sddm.enable = true; - desktopManager.plasma5 = { - enable = true; - useQtScaling = true; - }; - }; - }; -} diff --git a/parts/modules/nixos/hardware/default.nix b/parts/modules/nixos/hardware/default.nix deleted file mode 100644 index 1217b5a..0000000 --- a/parts/modules/nixos/hardware/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.hardware; - inherit (lib) mkEnableOption mkIf; -in { - options.hardware.enable = mkEnableOption "hardware module"; - - imports = [ - ./ssd.nix - ./nvidia.nix - ]; - - config = mkIf cfg.enable { - hardware.enableAllFirmware = true; - }; -} diff --git a/parts/modules/nixos/server/acme.nix b/parts/modules/nixos/server/acme.nix deleted file mode 100644 index 69e02ac..0000000 --- a/parts/modules/nixos/server/acme.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - self, - ... -}: let - cfg = config.server.acme; - inherit (lib) mkEnableOption mkIf; -in { - options.server.acme = { - enable = mkEnableOption "acme"; - }; - - config = mkIf cfg.enable { - age.secrets.cloudflareApiKey.file = "${self}/parts/secrets/systems/${config.networking.hostName}/cloudflareApiKey.age"; - - security.acme = { - acceptTerms = true; - defaults = { - email = "[email protected]"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflareApiKey.path; - }; - }; - }; -} diff --git a/parts/modules/nixos/server/default.nix b/parts/modules/nixos/server/default.nix deleted file mode 100644 index acab4fc..0000000 --- a/parts/modules/nixos/server/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - lib, - pkgs, - inputs, - ... -}: let - cfg = config.server; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.server.enable = mkEnableOption "enable server configuration"; - - imports = [ - ./acme.nix - ./secrets.nix - ./services - ]; - - config = mkIf cfg.enable { - _module.args.unstable = inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}; - - base = { - enable = true; - documentation.enable = false; - defaultPackages.enable = false; - networking.enable = false; - }; - - nix = { - gc = { - dates = "*-*-1,5,9,13,17,21,25,29 00:00:00"; - options = "-d --delete-older-than 2d"; - }; - - settings.allowed-users = [config.networking.hostName]; - }; - - programs = { - git.enable = mkDefault true; - vim.defaultEditor = mkDefault true; - }; - - security = { - pam.enableSSHAgentAuth = mkDefault true; - }; - }; -} diff --git a/parts/modules/nixos/server/secrets.nix b/parts/modules/nixos/server/secrets.nix deleted file mode 100644 index 2dc6083..0000000 --- a/parts/modules/nixos/server/secrets.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - lib, - self, - ... -}: let - cfg = config.server.secrets; - inherit (lib) mkEnableOption mkIf; -in { - options.server.secrets = { - enable = mkEnableOption "enable secret management"; - }; - - config.age = let - baseDir = "${self}/parts/secrets/systems/${config.networking.hostName}"; - in - mkIf cfg.enable { - identityPaths = ["/etc/age/key"]; - - secrets = { - rootPassword.file = "${baseDir}/rootPassword.age"; - userPassword.file = "${baseDir}/userPassword.age"; - }; - }; -} diff --git a/parts/modules/shared/base/default.nix b/parts/modules/shared/base/default.nix deleted file mode 100644 index e18de58..0000000 --- a/parts/modules/shared/base/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: { - imports = [ - ./documentation.nix - ./locale.nix - ./nix.nix - ./packages.nix - ]; -} diff --git a/parts/modules/shared/base/documentation.nix b/parts/modules/shared/base/documentation.nix deleted file mode 100644 index ecc5813..0000000 --- a/parts/modules/shared/base/documentation.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.documentation; - inherit (lib) mkEnableOption mkIf; -in { - options.base.documentation.enable = mkEnableOption "base module documentation"; - - config = mkIf cfg.enable { - documentation.man.enable = true; - }; -} diff --git a/parts/modules/shared/base/locale.nix b/parts/modules/shared/base/locale.nix deleted file mode 100644 index ecae786..0000000 --- a/parts/modules/shared/base/locale.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.base.defaultLocale; - inherit (lib) mkEnableOption mkIf; -in { - options.base.defaultLocale.enable = mkEnableOption "default locale"; - - config = mkIf cfg.enable { - time.timeZone = "America/New_York"; - }; -} diff --git a/parts/modules/shared/base/nix.nix b/parts/modules/shared/base/nix.nix deleted file mode 100644 index 2c95933..0000000 --- a/parts/modules/shared/base/nix.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: let - cfg = config.base.nix-settings; - inherit (lib) mkDefault mkEnableOption mkIf; - inherit (pkgs.stdenv) isLinux; -in { - options.base.nix-settings.enable = mkEnableOption "base nix settings"; - - config = mkIf cfg.enable { - nix = { - registry = - { - n.flake = mkDefault inputs.nixpkgs; - } - // (builtins.mapAttrs (_: flake: {inherit flake;}) - (inputs.nixpkgs.lib.filterAttrs (n: _: n != "nixpkgs") inputs)); - - settings = { - auto-optimise-store = isLinux; - experimental-features = ["nix-command" "flakes" "auto-allocate-uids" "repl-flake"]; - - trusted-substituters = ["https://cache.garnix.io"]; - trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; - }; - - gc = { - automatic = mkDefault true; - options = mkDefault "--delete-older-than 7d"; - }; - }; - - nixpkgs = { - overlays = with inputs; [nur.overlay getchoo.overlays.default self.overlays.default]; - config.allowUnfree = true; - }; - }; -} diff --git a/parts/modules/shared/base/packages.nix b/parts/modules/shared/base/packages.nix deleted file mode 100644 index 38cd6e7..0000000 --- a/parts/modules/shared/base/packages.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.base.defaultPackages; - inherit (lib) mkEnableOption mkIf; -in { - options.base.defaultPackages.enable = mkEnableOption "base module default packages"; - - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - python311 - ]; - - programs = { - gnupg.agent.enable = true; - }; - }; -} diff --git a/parts/modules/shared/default.nix b/parts/modules/shared/default.nix deleted file mode 100644 index 0199860..0000000 --- a/parts/modules/shared/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -_: { - imports = [ - ./base - ]; -} diff --git a/parts/systems/default.nix b/parts/systems/default.nix deleted file mode 100644 index e9ef9ba..0000000 --- a/parts/systems/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - inputs, - self, - withSystem, - ... -}: { - flake = let - inherit (self.lib.configs) mapSystems; - profiles = import ./profiles.nix {inherit self inputs;}; - in { - darwinConfigurations = mapSystems { - caroline = { - system = "x86_64-darwin"; - profile = profiles.personal-darwin; - }; - }; - - nixosConfigurations = mapSystems { - glados = { - modules = with inputs; [ - lanzaboote.nixosModules.lanzaboote - ]; - profile = profiles.personal; - }; - - glados-wsl = { - modules = [inputs.nixos-wsl.nixosModules.wsl]; - profile = profiles.personal; - }; - - atlas = { - modules = [inputs.guzzle_api.nixosModules.default]; - system = "aarch64-linux"; - profile = profiles.server; - }; - }; - - openwrtConfigurations.turret = withSystem "x86_64-linux" ({pkgs, ...}: - pkgs.callPackage ./turret { - inherit (inputs) openwrt-imagebuilder; - }); - }; - - perSystem = {system, ...}: { - apps = (inputs.nixinate.nixinate.${system} self).nixinate; - }; -} diff --git a/parts/systems/profiles.nix b/parts/systems/profiles.nix deleted file mode 100644 index eada9ac..0000000 --- a/parts/systems/profiles.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ - inputs, - self, - ... -}: let - specialArgs = {inherit inputs self;}; -in { - personal = { - system = "x86_64-linux"; - builder = inputs.nixpkgs.lib.nixosSystem; - inherit specialArgs; - - modules = with inputs; [ - agenix.nixosModules.default - catppuccin.nixosModules.catppuccin - hm.nixosModules.home-manager - nur.nixosModules.nur - self.nixosModules.default - - ../users/seth/system.nix - - { - age = { - identityPaths = ["/etc/age/key"]; - secrets = let - baseDir = "${self}/parts/secrets/shared"; - in { - rootPassword.file = "${baseDir}/rootPassword.age"; - sethPassword.file = "${baseDir}/sethPassword.age"; - }; - }; - - base.enable = true; - system.stateVersion = "23.11"; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = specialArgs; - }; - } - ]; - }; - - personal-darwin = { - builder = inputs.darwin.lib.darwinSystem; - inherit specialArgs; - modules = with inputs; [ - hm.darwinModules.home-manager - self.darwinModules.default - - ../users/seth/system.nix - - { - base.enable = true; - desktop.enable = true; - system.stateVersion = 4; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = specialArgs; - - users.seth = { - imports = [ - ../users/seth/darwin.nix - ]; - - getchoo.desktop.enable = false; - }; - }; - } - ]; - }; - - server = { - builder = inputs.nixpkgs-stable.lib.nixosSystem; - inherit specialArgs; - - modules = with inputs; [ - agenix.nixosModules.default - ../modules/nixos/base - ../modules/nixos/server - ../modules/nixos/features/tailscale.nix - - { - features.tailscale = { - enable = true; - ssh.enable = true; - }; - - server = { - enable = true; - secrets.enable = true; - }; - - nix.registry.n.flake = nixpkgs-stable; - system.stateVersion = "23.05"; - } - ]; - }; -} diff --git a/parts/users/default.nix b/parts/users/default.nix deleted file mode 100644 index a639abe..0000000 --- a/parts/users/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - lib, - config, - inputs, - self, - ... -}: let - inherit (self.lib.configs) mapHMUsers; - inherit (inputs) nixpkgs; - - pkgsFor = lib.genAttrs config.systems ( - system: - import nixpkgs { - system = "x86_64-linux"; - overlays = with inputs; [nur.overlay getchoo.overlays.default]; - } - ); -in { - flake.homeConfigurations = mapHMUsers { - seth.pkgs = pkgsFor."x86_64-linux"; - }; -} diff --git a/parts/users/seth/darwin.nix b/parts/users/seth/darwin.nix deleted file mode 100644 index 74e6489..0000000 --- a/parts/users/seth/darwin.nix +++ /dev/null @@ -1,8 +0,0 @@ -{pkgs, ...}: { - home.packages = with pkgs; [ - discord - iterm2 - #prismlauncher - #spotify - ]; -} diff --git a/parts/users/seth/desktop/default.nix b/parts/users/seth/desktop/default.nix deleted file mode 100644 index bdcef3d..0000000 --- a/parts/users/seth/desktop/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - config, - lib, - pkgs, - osConfig, - ... -}: let - cfg = config.getchoo.desktop; - desktops = ["budgie" "gnome" "plasma"]; - inherit (lib) mkEnableOption mkIf; -in { - imports = [ - ./budgie - ./gnome - ./plasma - ]; - - options.getchoo.desktop = - { - enable = mkEnableOption "desktop configuration" // {default = osConfig.desktop.enable or false;}; - } - // lib.genAttrs desktops (desktop: { - enable = - mkEnableOption desktop - // {default = osConfig.desktop.${desktop}.enable or false;}; - }); - - config = mkIf cfg.enable { - home.packages = with pkgs; [ - discord - element-desktop - spotify - steam - prismlauncher - ]; - - getchoo.programs = { - chromium.enable = true; - firefox.enable = true; - mangohud.enable = true; - }; - }; -} diff --git a/parts/users/seth/home.nix b/parts/users/seth/home.nix deleted file mode 100644 index a3d9cce..0000000 --- a/parts/users/seth/home.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - lib, - pkgs, - ... -}: { - imports = [./.]; - - home = let - username = "seth"; - inherit (pkgs.stdenv) isLinux isDarwin; - optionalLinuxDarwin = lib.optionalString (isLinux || isDarwin); - in { - inherit username; - homeDirectory = optionalLinuxDarwin ( - if isLinux - then "/home/${username}" - else "/Users/${username}" - ); - }; -} diff --git a/parts/users/seth/programs/chromium.nix b/parts/users/seth/programs/chromium.nix deleted file mode 100644 index e313235..0000000 --- a/parts/users/seth/programs/chromium.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.getchoo.programs.chromium; - inherit (lib) mkEnableOption mkIf; -in { - options.getchoo.programs.chromium.enable = mkEnableOption "chromium" // {default = config.getchoo.desktop.enable;}; - - config = mkIf cfg.enable { - programs.chromium = { - enable = true; - # hw accel support - commandLineArgs = [ - "--ignore-gpu-blocklist" - "--enable-gpu-rasterization" - "--enable-gpu-compositing" - #"--enable-native-gpu-memory-buffers" - "--enable-zero-copy" - "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,CanvasOopRasterization,RawDraw,WebRTCPipeWireCapturer,Vulkan,WaylandWindowDecorations,WebUIDarkMode" - "--enable-features=WebRTCPipeWireCapturer,WaylandWindowDecorations,WebUIDarkMode" - "--force-dark-mode" - ]; - }; - }; -} diff --git a/parts/users/seth/programs/default.nix b/parts/users/seth/programs/default.nix deleted file mode 100644 index 03dfa1b..0000000 --- a/parts/users/seth/programs/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.getchoo.programs.defaultPrograms; - inherit (lib) mkDefault mkEnableOption mkIf; -in { - options.getchoo.programs.defaultPrograms.enable = mkEnableOption "default programs" // {default = true;}; - - imports = [ - ./chromium.nix - ./firefox - ./git.nix - ./gpg.nix - ./mangohud.nix - ./neovim - ./ssh.nix - ./vim.nix - ]; - - config = mkIf cfg.enable { - home.packages = with pkgs; [ - fd - nix-your-shell - nurl - rclone - restic - ]; - - catppuccin.flavour = mkDefault "mocha"; - - programs = { - btop = { - enable = mkDefault true; - catppuccin.enable = mkDefault true; - }; - - direnv = { - enable = mkDefault true; - nix-direnv.enable = mkDefault true; - }; - - ripgrep.enable = mkDefault true; - - nix-index-database.comma.enable = mkDefault true; - }; - - xdg.enable = mkDefault true; - }; -} diff --git a/parts/users/seth/programs/firefox/default.nix b/parts/users/seth/programs/firefox/default.nix deleted file mode 100644 index 82ba80d..0000000 --- a/parts/users/seth/programs/firefox/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.getchoo.programs.firefox; - inherit (lib) mkEnableOption mkIf; -in { - options.getchoo.programs.firefox.enable = mkEnableOption "firefox" // {default = config.getchoo.desktop.enable;}; - - imports = [ - ./arkenfox.nix - ]; - - config = mkIf cfg.enable { - home.sessionVariables = { - MOZ_ENABLE_WAYLAND = "1"; - }; - - programs.firefox = { - enable = true; - profiles.arkenfox = { - extensions = with pkgs.nur.repos.rycee.firefox-addons; [ - bitwarden - floccus - private-relay - ublock-origin - ]; - - isDefault = true; - - settings = { - # disable firefox accounts & pocket - "extensions.pocket.enabled" = false; - "identity.fxaccounts.enabled" = false; - - "gfx.webrender.all" = true; - "fission.autostart" = true; - - # hw accel - "media.ffmpeg.vaapi.enabled" = true; - - # widevine drm - "media.gmp-widevinecdm.enabled" = true; - }; - }; - }; - }; -} diff --git a/parts/users/seth/programs/git.nix b/parts/users/seth/programs/git.nix deleted file mode 100644 index ec92f8d..0000000 --- a/parts/users/seth/programs/git.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.getchoo.programs.git; - inherit (lib) mkEnableOption mkIf; -in { - options.getchoo.programs.git.enable = mkEnableOption "git" // {default = true;}; - - config = mkIf cfg.enable { - programs = { - gh = { - enable = true; - settings = { - git_protocol = "https"; - editor = "nvim"; - prompt = "enabled"; - }; - - gitCredentialHelper = { - enable = true; - hosts = ["https://github.com" "https://github.example.com"]; - }; - }; - - git = { - enable = true; - - delta = { - enable = true; - options = { - syntax-theme = "catppuccin"; - }; - }; - - extraConfig = { - init = {defaultBranch = "main";}; - }; - - signing = { - key = "D31BD0D494BBEE86"; - signByDefault = true; - }; - - userEmail = "[email protected]"; - userName = "seth"; - }; - }; - }; -} diff --git a/parts/users/seth/programs/gpg.nix b/parts/users/seth/programs/gpg.nix deleted file mode 100644 index f4f1a33..0000000 --- a/parts/users/seth/programs/gpg.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - config, - lib, - pkgs, - osConfig, - ... -}: let - cfg = config.getchoo.programs.gpg; - inherit (lib) mkEnableOption mkIf; -in { - options.getchoo.programs.gpg.enable = mkEnableOption "gpg" // {default = true;}; - - config = mkIf cfg.enable { - programs.gpg.enable = true; - - services.gpg-agent = lib.mkIf pkgs.stdenv.isLinux { - enable = true; - - enableBashIntegration = config.programs.bash.enable; - enableFishIntegration = config.programs.fish.enable; - enableZshIntegration = config.programs.zsh.enable; - - pinentryFlavor = - if osConfig ? programs - then osConfig.programs.gnupg.agent.pinentryFlavor or "curses" - else "curses"; - }; - }; -} diff --git a/parts/users/seth/programs/mangohud.nix b/parts/users/seth/programs/mangohud.nix deleted file mode 100644 index 1ab8bb0..0000000 --- a/parts/users/seth/programs/mangohud.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.getchoo.programs.mangohud; - inherit (lib) mkEnableOption mkIf; -in { - options.getchoo.programs.mangohud.enable = - mkEnableOption "mangohud" - // {default = config.getchoo.desktop.enable;}; - - config = mkIf cfg.enable { - programs.mangohud = { - enable = true; - settings = { - legacy_layout = false; - cpu_stats = true; - cpu_temp = true; - gpu_stats = true; - gpu_temp = true; - fps = true; - frametime = true; - media_player = true; - media_player_name = "spotify"; - }; - }; - }; -} diff --git a/parts/users/seth/programs/neovim/.luarc.json b/parts/users/seth/programs/neovim/.luarc.json deleted file mode 100644 index 23b9ee2..0000000 --- a/parts/users/seth/programs/neovim/.luarc.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "workspace.checkThirdParty": false -}
\ No newline at end of file diff --git a/parts/users/seth/programs/neovim/default.nix b/parts/users/seth/programs/neovim/default.nix deleted file mode 100644 index f02935a..0000000 --- a/parts/users/seth/programs/neovim/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config, - lib, - pkgs, - inputs, - ... -}: let - cfg = config.getchoo.programs.neovim; - inherit (lib) mkEnableOption mkIf; -in { - options.getchoo.programs.neovim.enable = mkEnableOption "neovim" // {default = true;}; - - config = mkIf cfg.enable { - home.packages = [ - inputs.getchvim.packages.${pkgs.stdenv.hostPlatform.system}.default - ]; - }; -} diff --git a/parts/users/seth/programs/ssh.nix b/parts/users/seth/programs/ssh.nix deleted file mode 100644 index 080a60e..0000000 --- a/parts/users/seth/programs/ssh.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.getchoo.programs.ssh; - inherit (lib) mkEnableOption mkIf; -in { - options.getchoo.programs.ssh.enable = mkEnableOption "ssh" // {default = true;}; - - config = mkIf cfg.enable { - programs.ssh = { - enable = true; - package = pkgs.openssh; - - matchBlocks = let - sshDir = "${config.home.homeDirectory}/.ssh"; - in { - # git forges - "codeberg.org" = { - identityFile = "${sshDir}/codeberg"; - user = "git"; - }; - - # linux packaging - "aur.archlinux.org" = { - identityFile = "${sshDir}/aur"; - user = "aur"; - }; - - "pagure.io" = { - identityFile = "${sshDir}/copr"; - user = "git"; - }; - - # router - "192.168.1.1" = { - identityFile = "${sshDir}/openwrt"; - user = "root"; - }; - - # servers - "atlas".user = "atlas"; - }; - }; - - services.ssh-agent.enable = pkgs.stdenv.isLinux; - }; -} diff --git a/parts/users/seth/programs/vim.nix b/parts/users/seth/programs/vim.nix deleted file mode 100644 index 0f81cfb..0000000 --- a/parts/users/seth/programs/vim.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.getchoo.programs.vim; - inherit (lib) mkEnableOption mkIf; -in { - options.getchoo.programs.vim.enable = mkEnableOption "vim" // {default = true;}; - - config = mkIf cfg.enable { - programs.vim = { - enable = true; - packageConfigurable = pkgs.vim; - settings = { - expandtab = false; - shiftwidth = 2; - tabstop = 2; - }; - extraConfig = '' - " https://wiki.archlinux.org/title/XDG_Base_Directory - set runtimepath^=$XDG_CONFIG_HOME/vim - set runtimepath+=$XDG_DATA_HOME/vim - set runtimepath+=$XDG_CONFIG_HOME/vim/after - - set packpath^=$XDG_DATA_HOME/vim,$XDG_CONFIG_HOME/vim - set packpath+=$XDG_CONFIG_HOME/vim/after,$XDG_DATA_HOME/vim/after - set packpath^=$XDG_DATA_HOME/vim,$XDG_CONFIG_HOME/vim - set packpath+=$XDG_CONFIG_HOME/vim/after,$XDG_DATA_HOME/vim/after - - let g:netrw_home = $XDG_DATA_HOME."/vim" - call mkdir($XDG_DATA_HOME."/vim/spell", 'p') - - set backupdir=$XDG_STATE_HOME/vim/backup | call mkdir(&backupdir, 'p') - set directory=$XDG_STATE_HOME/vim/swap | call mkdir(&directory, 'p') - set undodir=$XDG_STATE_HOME/vim/undo | call mkdir(&undodir, 'p') - set viewdir=$XDG_STATE_HOME/vim/view | call mkdir(&viewdir, 'p') - set viminfofile=$XDG_STATE_HOME/vim/viminfo - ''; - }; - }; -} diff --git a/parts/users/seth/shell/default.nix b/parts/users/seth/shell/default.nix deleted file mode 100644 index 0b09bf6..0000000 --- a/parts/users/seth/shell/default.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - config, - pkgs, - ... -}: { - imports = [ - ./bash.nix - ./fish.nix - ]; - - programs = { - bat = { - enable = true; - catppuccin.enable = true; - }; - - eza = { - enable = true; - enableAliases = true; - icons = true; - }; - - starship = { - enable = true; - enableBashIntegration = false; - enableZshIntegration = false; - settings = - { - format = "$all"; - palette = "catppuccin_mocha"; - command_timeout = 250; - } - // fromTOML (builtins.readFile ./starship.toml) - // fromTOML (builtins.readFile - (pkgs.fetchFromGitHub { - owner = "catppuccin"; - repo = "starship"; - rev = "5629d2356f62a9f2f8efad3ff37476c19969bd4f"; - hash = "sha256-nsRuxQFKbQkyEI4TXgvAjcroVdG+heKX5Pauq/4Ota0="; - } - + "/palettes/mocha.toml")); - }; - }; - - home = { - sessionVariables = let - inherit (config.xdg) configHome dataHome stateHome; - in { - EDITOR = "nvim"; - VISUAL = "$EDITOR"; - GPG_TTY = "$(tty)"; - CARGO_HOME = "${dataHome}/cargo"; - RUSTUP_HOME = "${dataHome}/rustup"; - LESSHISTFILE = "${stateHome}/less/history"; - NPM_CONFIG_USERCONFIG = "${configHome}/npm/npmrc"; - }; - - shellAliases = { - diff = "diff --color=auto"; - g = "git"; - gs = "g status"; - }; - }; -} diff --git a/parts/secrets/secrets.nix b/secrets/secrets.nix index 7ebc07a..7ebc07a 100644 --- a/parts/secrets/secrets.nix +++ b/secrets/secrets.nix diff --git a/parts/secrets/shared/rootPassword.age b/secrets/shared/rootPassword.age index 3770a2d..3770a2d 100644 --- a/parts/secrets/shared/rootPassword.age +++ b/secrets/shared/rootPassword.age diff --git a/parts/secrets/shared/sethPassword.age b/secrets/shared/sethPassword.age index 4015d60..4015d60 100644 --- a/parts/secrets/shared/sethPassword.age +++ b/secrets/shared/sethPassword.age diff --git a/parts/secrets/systems/atlas/binaryCache.age b/secrets/systems/atlas/binaryCache.age index 4a5a4b8..4a5a4b8 100644 --- a/parts/secrets/systems/atlas/binaryCache.age +++ b/secrets/systems/atlas/binaryCache.age diff --git a/parts/secrets/systems/atlas/cloudflareApiKey.age b/secrets/systems/atlas/cloudflareApiKey.age index e26a8a1..e26a8a1 100644 --- a/parts/secrets/systems/atlas/cloudflareApiKey.age +++ b/secrets/systems/atlas/cloudflareApiKey.age diff --git a/parts/secrets/systems/atlas/cloudflaredCreds.age b/secrets/systems/atlas/cloudflaredCreds.age index 800dd96..800dd96 100644 --- a/parts/secrets/systems/atlas/cloudflaredCreds.age +++ b/secrets/systems/atlas/cloudflaredCreds.age diff --git a/parts/secrets/systems/atlas/clusterToken.age b/secrets/systems/atlas/clusterToken.age index 5ca3074..5ca3074 100644 --- a/parts/secrets/systems/atlas/clusterToken.age +++ b/secrets/systems/atlas/clusterToken.age diff --git a/parts/secrets/systems/atlas/miniflux.age b/secrets/systems/atlas/miniflux.age index 0be7920..0be7920 100644 --- a/parts/secrets/systems/atlas/miniflux.age +++ b/secrets/systems/atlas/miniflux.age diff --git a/parts/secrets/systems/atlas/rootPassword.age b/secrets/systems/atlas/rootPassword.age index 9609bfa..9609bfa 100644 --- a/parts/secrets/systems/atlas/rootPassword.age +++ b/secrets/systems/atlas/rootPassword.age diff --git a/parts/secrets/systems/atlas/secretsJson.age b/secrets/systems/atlas/secretsJson.age index c5fdf34..c5fdf34 100644 --- a/parts/secrets/systems/atlas/secretsJson.age +++ b/secrets/systems/atlas/secretsJson.age diff --git a/parts/secrets/systems/atlas/tailscaleAuthKey.age b/secrets/systems/atlas/tailscaleAuthKey.age index 45758a1..45758a1 100644 --- a/parts/secrets/systems/atlas/tailscaleAuthKey.age +++ b/secrets/systems/atlas/tailscaleAuthKey.age diff --git a/parts/secrets/systems/atlas/userPassword.age b/secrets/systems/atlas/userPassword.age index 3e658ba..3e658ba 100644 --- a/parts/secrets/systems/atlas/userPassword.age +++ b/secrets/systems/atlas/userPassword.age diff --git a/parts/systems/atlas/default.nix b/systems/atlas/default.nix index 24cb139..00bfab4 100644 --- a/parts/systems/atlas/default.nix +++ b/systems/atlas/default.nix @@ -26,6 +26,7 @@ networking = { domain = "mydadleft.me"; hostName = "atlas"; + networkmanager.enable = false; }; services = { @@ -38,6 +39,8 @@ addSSL = true; }; }; + + resolved.enable = false; }; users.users.atlas = { diff --git a/parts/systems/atlas/hardware-configuration.nix b/systems/atlas/hardware-configuration.nix index 00c6cd8..00c6cd8 100644 --- a/parts/systems/atlas/hardware-configuration.nix +++ b/systems/atlas/hardware-configuration.nix diff --git a/parts/systems/atlas/miniflux.nix b/systems/atlas/miniflux.nix index 5ed5d40..df1c761 100644 --- a/parts/systems/atlas/miniflux.nix +++ b/systems/atlas/miniflux.nix @@ -1,11 +1,7 @@ -{ - config, - self, - ... -}: { +{config, ...}: { config = { age.secrets = { - miniflux.file = "${self}/parts/secrets/systems/${config.networking.hostName}/miniflux.age"; + miniflux.file = ../../secrets/systems/${config.networking.hostName}/miniflux.age; }; services.miniflux = { diff --git a/parts/systems/atlas/nginx.nix b/systems/atlas/nginx.nix index cdf483d..6cdd793 100644 --- a/parts/systems/atlas/nginx.nix +++ b/systems/atlas/nginx.nix @@ -1,16 +1,30 @@ { config, - self, + lib, ... }: let inherit (config.networking) domain; - inherit (self.lib.utils.nginx) mkVHosts mkProxy; -in { - server = { - acme.enable = true; - services.cloudflared.enable = true; + + mkProxy = endpoint: port: { + "${endpoint}" = { + proxyPass = "http://localhost:${toString port}"; + proxyWebsockets = true; + }; }; + mkVHosts = let + commonSettings = { + enableACME = true; + # workaround for https://github.com/NixOS/nixpkgs/issues/210807 + acmeRoot = null; + + addSSL = true; + }; + in + lib.mapAttrs (_: lib.recursiveUpdate commonSettings); +in { + server.services.cloudflared.enable = true; + services.nginx = { enable = true; diff --git a/parts/systems/caroline/default.nix b/systems/caroline/default.nix index 3ec2dd2..ae09dca 100644 --- a/parts/systems/caroline/default.nix +++ b/systems/caroline/default.nix @@ -1,9 +1,4 @@ -_: { - desktop = { - homebrew.enable = true; - gpg.enable = true; - }; - +{ homebrew.casks = ["altserver"]; networking = rec { diff --git a/systems/common.nix b/systems/common.nix new file mode 100644 index 0000000..8bd29cb --- /dev/null +++ b/systems/common.nix @@ -0,0 +1,78 @@ +{ + inputs, + self, +}: let + hmSetup = { + imports = [ + ../users/seth/system.nix + ]; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = {inherit inputs self;}; + }; + }; +in { + nixos = + (with inputs; [ + agenix.nixosModules.default + catppuccin.nixosModules.catppuccin + hm.nixosModules.home-manager + nur.nixosModules.nur + ]) + ++ [ + self.nixosModules.default + self.nixosModules.hardware + + hmSetup + + { + age = { + identityPaths = ["/etc/age/key"]; + secrets = let + baseDir = ../secrets/shared; + in { + rootPassword.file = "${baseDir}/rootPassword.age"; + sethPassword.file = "${baseDir}/sethPassword.age"; + }; + }; + + system.stateVersion = "23.11"; + } + ]; + + darwin = [ + inputs.hm.darwinModules.home-manager + self.darwinModules.default + self.darwinModules.desktop + + hmSetup + + { + home-manager.users.seth = { + desktop.enable = true; + }; + + system.stateVersion = 4; + } + ]; + + server = [ + inputs.agenix.nixosModules.default + self.nixosModules.default + self.nixosModules.server + self.nixosModules.services + ../modules/nixos/features/tailscale.nix + + { + features.tailscale = { + enable = true; + ssh.enable = true; + }; + + nix.registry.n.flake = inputs.nixpkgs-stable; + system.stateVersion = "23.05"; + } + ]; +} diff --git a/systems/default.nix b/systems/default.nix new file mode 100644 index 0000000..6807a71 --- /dev/null +++ b/systems/default.nix @@ -0,0 +1,73 @@ +{ + lib, + inputs, + self, + withSystem, + ... +}: let + /* + basic nixosSystem/darwinSystem wrapper; can override + the exact builder by supplying an argument + */ + mapSystems = builder: + lib.mapAttrs (name: args: + (args.builder or builder) ( + (lib.filterAttrs (n: _: n != "builder") args) # use builder but don't include it in output + // { + modules = args.modules ++ [./${name}]; + specialArgs = {inherit inputs self;}; + } + )); + + mapDarwin = mapSystems inputs.darwin.lib.darwinSystem; + mapNixOS = mapSystems inputs.nixpkgs.lib.nixosSystem; + inherit (import ./common.nix {inherit inputs self;}) darwin nixos server; +in { + flake = { + darwinConfigurations = mapDarwin { + caroline = { + system = "x86_64-darwin"; + modules = darwin; + }; + }; + + nixosConfigurations = mapNixOS { + glados = { + system = "x86_64-linux"; + modules = + [ + inputs.lanzaboote.nixosModules.lanzaboote + ] + ++ nixos; + }; + + glados-wsl = { + system = "x86_64-linux"; + modules = + [ + inputs.nixos-wsl.nixosModules.wsl + ] + ++ nixos; + }; + + atlas = { + builder = inputs.nixpkgs-stable.lib.nixosSystem; + system = "aarch64-linux"; + modules = + [ + inputs.guzzle_api.nixosModules.default + ] + ++ server; + }; + }; + + openwrtConfigurations.turret = withSystem "x86_64-linux" ({pkgs, ...}: + pkgs.callPackage ./turret { + inherit (inputs) openwrt-imagebuilder; + }); + }; + + perSystem = {system, ...}: { + apps = (inputs.nixinate.nixinate.${system} self).nixinate; + }; +} diff --git a/parts/systems/glados-wsl/default.nix b/systems/glados-wsl/default.nix index 98b57ed..910e65d 100644 --- a/parts/systems/glados-wsl/default.nix +++ b/systems/glados-wsl/default.nix @@ -1,4 +1,5 @@ { + lib, modulesPath, pkgs, ... @@ -8,11 +9,13 @@ ../../modules/nixos/features/tailscale.nix ]; - environment.systemPackages = with pkgs; [ - wslu - ]; + environment = { + noXlibs = lib.mkForce false; + systemPackages = with pkgs; [ + wslu + ]; + }; - base.networking.enable = false; features.tailscale.enable = true; wsl = { @@ -29,11 +32,16 @@ services.dbus.apparmor = "disabled"; - networking.hostName = "glados-wsl"; + networking = { + hostName = "glados-wsl"; + networkmanager.enable = false; + }; security = { apparmor.enable = false; audit.enable = false; auditd.enable = false; }; + + services.resolved.enable = false; } diff --git a/parts/systems/glados/boot.nix b/systems/glados/boot.nix index 4a9af4e..4a9af4e 100644 --- a/parts/systems/glados/boot.nix +++ b/systems/glados/boot.nix diff --git a/parts/systems/glados/default.nix b/systems/glados/default.nix index de2c1d5..e5a275a 100644 --- a/parts/systems/glados/default.nix +++ b/systems/glados/default.nix @@ -1,9 +1,15 @@ -{lib, ...}: { +{ + lib, + self, + ... +}: { imports = [ ./boot.nix ./hardware-configuration.nix ../../modules/nixos/features/tailscale.nix ../../modules/nixos/features/virtualisation.nix + self.nixosModules.desktop + self.nixosModules.gnome ]; boot = { @@ -16,8 +22,6 @@ }; }; - desktop.gnome.enable = true; - features = { tailscale.enable = true; virtualisation.enable = true; @@ -28,6 +32,10 @@ ssd.enable = true; }; + home-manager.users.seth = { + desktop.enable = true; + }; + networking.hostName = "glados"; security.tpm2 = { diff --git a/parts/systems/glados/hardware-configuration.nix b/systems/glados/hardware-configuration.nix index a7ff9e9..a7ff9e9 100644 --- a/parts/systems/glados/hardware-configuration.nix +++ b/systems/glados/hardware-configuration.nix diff --git a/parts/systems/turret/default.nix b/systems/turret/default.nix index faac3d2..faac3d2 100644 --- a/parts/systems/turret/default.nix +++ b/systems/turret/default.nix diff --git a/parts/systems/turret/files/etc/config/dhcp b/systems/turret/files/etc/config/dhcp index 4a471cf..4a471cf 100644 --- a/parts/systems/turret/files/etc/config/dhcp +++ b/systems/turret/files/etc/config/dhcp diff --git a/parts/systems/turret/files/etc/config/dropbear b/systems/turret/files/etc/config/dropbear index 2139ba0..2139ba0 100644 --- a/parts/systems/turret/files/etc/config/dropbear +++ b/systems/turret/files/etc/config/dropbear diff --git a/parts/systems/turret/files/etc/config/firewall b/systems/turret/files/etc/config/firewall index b9a4647..b9a4647 100644 --- a/parts/systems/turret/files/etc/config/firewall +++ b/systems/turret/files/etc/config/firewall diff --git a/parts/systems/turret/files/etc/config/https-dns-proxy b/systems/turret/files/etc/config/https-dns-proxy index e5623ad..e5623ad 100644 --- a/parts/systems/turret/files/etc/config/https-dns-proxy +++ b/systems/turret/files/etc/config/https-dns-proxy diff --git a/parts/systems/turret/files/etc/config/luci b/systems/turret/files/etc/config/luci index 8eb8a9b..8eb8a9b 100644 --- a/parts/systems/turret/files/etc/config/luci +++ b/systems/turret/files/etc/config/luci diff --git a/parts/systems/turret/files/etc/config/network b/systems/turret/files/etc/config/network index c71cf98..c71cf98 100644 --- a/parts/systems/turret/files/etc/config/network +++ b/systems/turret/files/etc/config/network diff --git a/parts/systems/turret/files/etc/config/rpcd b/systems/turret/files/etc/config/rpcd index 176c643..176c643 100644 --- a/parts/systems/turret/files/etc/config/rpcd +++ b/systems/turret/files/etc/config/rpcd diff --git a/parts/systems/turret/files/etc/config/system b/systems/turret/files/etc/config/system index ee3415f..ee3415f 100644 --- a/parts/systems/turret/files/etc/config/system +++ b/systems/turret/files/etc/config/system diff --git a/parts/systems/turret/files/etc/config/ucitrack b/systems/turret/files/etc/config/ucitrack index bb4cdbc..bb4cdbc 100644 --- a/parts/systems/turret/files/etc/config/ucitrack +++ b/systems/turret/files/etc/config/ucitrack diff --git a/parts/systems/turret/files/etc/config/uhttpd b/systems/turret/files/etc/config/uhttpd index cb2ff71..cb2ff71 100644 --- a/parts/systems/turret/files/etc/config/uhttpd +++ b/systems/turret/files/etc/config/uhttpd diff --git a/parts/systems/turret/files/etc/config/wireless b/systems/turret/files/etc/config/wireless index c8bb9d7..c8bb9d7 100644 --- a/parts/systems/turret/files/etc/config/wireless +++ b/systems/turret/files/etc/config/wireless diff --git a/parts/systems/turret/files/etc/dropbear/authorized_keys b/systems/turret/files/etc/dropbear/authorized_keys index 495c605..495c605 100644 --- a/parts/systems/turret/files/etc/dropbear/authorized_keys +++ b/systems/turret/files/etc/dropbear/authorized_keys diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 0000000..9209724 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,36 @@ +{ + lib, + inputs, + self, + ... +}: let + inherit (inputs.hm.lib) homeManagerConfiguration; + + /* + basic homeManagerConfiguration wrapper. defaults to x86_64-linux + and gives basic, nice defaults + */ + mapUsers = lib.mapAttrs ( + name: args: + homeManagerConfiguration (args + // { + modules = + [ + ./${name}/home.nix + + { + _module.args.osConfig = {}; + programs.home-manager.enable = true; + } + ] + ++ (args.modules or []); + + extraSpecialArgs = {inherit inputs self;}; + pkgs = args.pkgs or inputs.nixpkgs.legacyPackages."x86_64-linux"; + }) + ); +in { + flake.homeConfigurations = mapUsers { + seth = {}; + }; +} diff --git a/parts/users/seth/default.nix b/users/seth/default.nix index 123e20f..f5a1be2 100644 --- a/parts/users/seth/default.nix +++ b/users/seth/default.nix @@ -1,8 +1,8 @@ {inputs, ...}: { imports = with inputs; [ - ./desktop ./programs ./shell + arkenfox.hmModules.arkenfox catppuccin.homeManagerModules.catppuccin nix-index-database.hmModules.nix-index diff --git a/parts/users/seth/desktop/budgie/default.nix b/users/seth/desktop/budgie/default.nix index 7eced2b..2544edf 100644 --- a/parts/users/seth/desktop/budgie/default.nix +++ b/users/seth/desktop/budgie/default.nix @@ -1,20 +1,20 @@ { - config, lib, pkgs, + osConfig, ... }: let - cfg = config.getchoo.desktop.budgie; - inherit (lib) mkIf; + cfg = osConfig.services.xserver.desktopManager.budgie or {enable = false;}; + fromYaml = file: let json = with pkgs; runCommand "converted.json" {} '' ${yj}/bin/yj < ${file} > $out ''; in - with builtins; fromJSON (readFile json); + builtins.fromJSON (builtins.readFile json); in { - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { programs.alacritty = { enable = true; settings = let diff --git a/users/seth/desktop/default.nix b/users/seth/desktop/default.nix new file mode 100644 index 0000000..6815ab2 --- /dev/null +++ b/users/seth/desktop/default.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + pkgs, + ... +}: { + options.desktop.enable = lib.mkEnableOption "desktop"; + + imports = [ + ./budgie + ./gnome + ./plasma + ]; + + config = lib.mkIf config.desktop.enable { + home.packages = with pkgs; + [ + discord + element-desktop + spotify + prismlauncher + ] + ++ lib.optionals stdenv.isDarwin [ + iterm2 + ] + ++ lib.optionals stdenv.isLinux [ + steam + ]; + }; +} diff --git a/parts/users/seth/desktop/gnome/default.nix b/users/seth/desktop/gnome/default.nix index 82a4708..8e5ef4c 100644 --- a/parts/users/seth/desktop/gnome/default.nix +++ b/users/seth/desktop/gnome/default.nix @@ -1,13 +1,12 @@ { - config, lib, pkgs, + osConfig, ... }: let - cfg = config.getchoo.desktop.gnome; - inherit (lib) mkIf; + cfg = osConfig.services.xserver.desktopManager.gnome or {enable = false;}; in { - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { home.packages = with pkgs; [ adw-gtk3 diff --git a/parts/users/seth/desktop/plasma/default.nix b/users/seth/desktop/plasma/default.nix index 4f59528..453ea65 100644 --- a/parts/users/seth/desktop/plasma/default.nix +++ b/users/seth/desktop/plasma/default.nix @@ -2,12 +2,13 @@ config, lib, pkgs, + osConfig, ... }: let - cfg = config.getchoo.desktop.plasma; - inherit (lib) mkIf; + cfg = osConfig.services.xserver.desktopManager.plasma5 or {enable = false;}; + themeDir = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}"; in { - config = mkIf cfg.enable { + config = lib.mkIf cfg.enable { home.packages = with pkgs; [ catppuccin-cursors (catppuccin-kde.override @@ -27,9 +28,7 @@ in { ]; xdg = { - configFile = let - themeDir = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}"; - in { + configFile = { "gtk-4.0/gtk.css".source = "${themeDir}/gtk-4.0/gtk.css"; "gtk-4.0/gtk-dark.css".source = "${themeDir}/gtk-4.0/gtk-dark.css"; }; diff --git a/users/seth/home.nix b/users/seth/home.nix new file mode 100644 index 0000000..5dfc062 --- /dev/null +++ b/users/seth/home.nix @@ -0,0 +1,17 @@ +{ + pkgs, + inputs, + ... +}: { + imports = [./.]; + + home = rec { + username = "seth"; + homeDirectory = + if pkgs.stdenv.isDarwin + then "/Users/${username}" + else "/home/${username}"; + }; + + nixpkgs.overlays = with inputs; [nur.overlay getchoo.overlays.default]; +} diff --git a/users/seth/programs/bat.nix b/users/seth/programs/bat.nix new file mode 100644 index 0000000..e772849 --- /dev/null +++ b/users/seth/programs/bat.nix @@ -0,0 +1,6 @@ +{ + programs.bat = { + enable = true; + catppuccin.enable = true; + }; +} diff --git a/users/seth/programs/chromium.nix b/users/seth/programs/chromium.nix new file mode 100644 index 0000000..37ca0da --- /dev/null +++ b/users/seth/programs/chromium.nix @@ -0,0 +1,16 @@ +{config, ...}: { + programs.chromium = { + inherit (config.desktop) enable; + # hw accel support + commandLineArgs = [ + "--ignore-gpu-blocklist" + "--enable-gpu-rasterization" + "--enable-gpu-compositing" + #"--enable-native-gpu-memory-buffers" + "--enable-zero-copy" + "--enable-features=VaapiVideoDecoder,VaapiVideoEncoder,CanvasOopRasterization,RawDraw,WebRTCPipeWireCapturer,Vulkan,WaylandWindowDecorations,WebUIDarkMode" + "--enable-features=WebRTCPipeWireCapturer,WaylandWindowDecorations,WebUIDarkMode" + "--force-dark-mode" + ]; + }; +} diff --git a/users/seth/programs/default.nix b/users/seth/programs/default.nix new file mode 100644 index 0000000..f60db17 --- /dev/null +++ b/users/seth/programs/default.nix @@ -0,0 +1,44 @@ +{ + pkgs, + inputs, + ... +}: { + imports = [ + ./bat.nix + ./eza.nix + ./git.nix + ./gpg.nix + ./ssh.nix + ./starship + ./vim.nix + ]; + + home.packages = with pkgs; [ + fd + nix-your-shell + nurl + rclone + restic + inputs.getchvim.packages.${pkgs.stdenv.hostPlatform.system}.default + ]; + + catppuccin.flavour = "mocha"; + + programs = { + btop = { + enable = true; + catppuccin.enable = true; + }; + + direnv = { + enable = true; + nix-direnv.enable = true; + }; + + ripgrep.enable = true; + + nix-index-database.comma.enable = true; + }; + + xdg.enable = true; +} diff --git a/users/seth/programs/eza.nix b/users/seth/programs/eza.nix new file mode 100644 index 0000000..0b63d54 --- /dev/null +++ b/users/seth/programs/eza.nix @@ -0,0 +1,7 @@ +{ + programs.eza = { + enable = true; + enableAliases = true; + icons = true; + }; +} diff --git a/parts/users/seth/programs/firefox/arkenfox.nix b/users/seth/programs/firefox/arkenfox.nix index fbe9a5c..e3005a6 100644 --- a/parts/users/seth/programs/firefox/arkenfox.nix +++ b/users/seth/programs/firefox/arkenfox.nix @@ -1,24 +1,14 @@ -{ - config, - lib, - ... -}: let - cfg = config.getchoo.programs.firefox; - inherit (lib) genAttrs mkEnableOption mkIf recursiveUpdate; - - enableSections = sections: genAttrs sections (_: {enable = true;}); -in { - options.getchoo.programs.firefox.arkenfoxConfig.enable = - mkEnableOption "default arkenfox config" // {default = true;}; - - config.programs.firefox = mkIf (cfg.enable && cfg.arkenfoxConfig.enable) { +{lib, ...}: { + programs.firefox = { arkenfox = { enable = true; version = "118.0"; }; - profiles.arkenfox.arkenfox = - recursiveUpdate { + profiles.arkenfox.arkenfox = let + enableSections = sections: lib.genAttrs sections (_: {enable = true;}); + in + lib.recursiveUpdate { enable = true; # enable safe browsing diff --git a/users/seth/programs/firefox/default.nix b/users/seth/programs/firefox/default.nix new file mode 100644 index 0000000..cb27bf7 --- /dev/null +++ b/users/seth/programs/firefox/default.nix @@ -0,0 +1,42 @@ +{ + config, + pkgs, + ... +}: { + imports = [ + ./arkenfox.nix + ]; + + home.sessionVariables = { + MOZ_ENABLE_WAYLAND = "1"; + }; + + programs.firefox = { + inherit (config.desktop) enable; + profiles.arkenfox = { + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + bitwarden + floccus + private-relay + ublock-origin + ]; + + isDefault = true; + + settings = { + # disable firefox accounts & pocket + "extensions.pocket.enabled" = false; + "identity.fxaccounts.enabled" = false; + + "gfx.webrender.all" = true; + "fission.autostart" = true; + + # hw accel + "media.ffmpeg.vaapi.enabled" = true; + + # widevine drm + "media.gmp-widevinecdm.enabled" = true; + }; + }; + }; +} diff --git a/users/seth/programs/git.nix b/users/seth/programs/git.nix new file mode 100644 index 0000000..34e8202 --- /dev/null +++ b/users/seth/programs/git.nix @@ -0,0 +1,40 @@ +{ + programs = { + gh = { + enable = true; + settings = { + git_protocol = "https"; + editor = "nvim"; + prompt = "enabled"; + }; + + gitCredentialHelper = { + enable = true; + hosts = ["https://github.com" "https://github.example.com"]; + }; + }; + + git = { + enable = true; + + delta = { + enable = true; + options = { + syntax-theme = "Catppuccin-mocha"; + }; + }; + + extraConfig = { + init = {defaultBranch = "main";}; + }; + + signing = { + key = "D31BD0D494BBEE86"; + signByDefault = true; + }; + + userEmail = "[email protected]"; + userName = "seth"; + }; + }; +} diff --git a/users/seth/programs/gpg.nix b/users/seth/programs/gpg.nix new file mode 100644 index 0000000..3fba0d3 --- /dev/null +++ b/users/seth/programs/gpg.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + osConfig, + ... +}: { + programs.gpg.enable = true; + + services.gpg-agent = lib.mkIf pkgs.stdenv.isLinux { + enable = true; + + enableBashIntegration = config.programs.bash.enable; + enableFishIntegration = config.programs.fish.enable; + enableZshIntegration = config.programs.zsh.enable; + + pinentryFlavor = + if osConfig ? programs + then osConfig.programs.gnupg.agent.pinentryFlavor or "curses" + else "curses"; + }; +} diff --git a/users/seth/programs/mangohud.nix b/users/seth/programs/mangohud.nix new file mode 100644 index 0000000..fcdad87 --- /dev/null +++ b/users/seth/programs/mangohud.nix @@ -0,0 +1,16 @@ +{config, ...}: { + programs.mangohud = { + inherit (config.desktop) enable; + settings = { + legacy_layout = false; + cpu_stats = true; + cpu_temp = true; + gpu_stats = true; + gpu_temp = true; + fps = true; + frametime = true; + media_player = true; + media_player_name = "spotify"; + }; + }; +} diff --git a/users/seth/programs/ssh.nix b/users/seth/programs/ssh.nix new file mode 100644 index 0000000..627453e --- /dev/null +++ b/users/seth/programs/ssh.nix @@ -0,0 +1,42 @@ +{ + config, + pkgs, + ... +}: { + programs.ssh = { + enable = true; + package = pkgs.openssh; + + matchBlocks = let + sshDir = "${config.home.homeDirectory}/.ssh"; + in { + # git forges + "codeberg.org" = { + identityFile = "${sshDir}/codeberg"; + user = "git"; + }; + + # linux packaging + "aur.archlinux.org" = { + identityFile = "${sshDir}/aur"; + user = "aur"; + }; + + "pagure.io" = { + identityFile = "${sshDir}/copr"; + user = "git"; + }; + + # router + "192.168.1.1" = { + identityFile = "${sshDir}/openwrt"; + user = "root"; + }; + + # servers + "atlas".user = "atlas"; + }; + }; + + services.ssh-agent.enable = pkgs.stdenv.isLinux; +} diff --git a/users/seth/programs/starship/default.nix b/users/seth/programs/starship/default.nix new file mode 100644 index 0000000..76f528e --- /dev/null +++ b/users/seth/programs/starship/default.nix @@ -0,0 +1,22 @@ +{pkgs, ...}: { + programs.starship = { + enable = true; + enableBashIntegration = false; + enableZshIntegration = false; + settings = + { + format = "$all"; + palette = "catppuccin_mocha"; + command_timeout = 250; + } + // fromTOML (builtins.readFile ./starship.toml) + // fromTOML (builtins.readFile + (pkgs.fetchFromGitHub { + owner = "catppuccin"; + repo = "starship"; + rev = "5629d2356f62a9f2f8efad3ff37476c19969bd4f"; + hash = "sha256-nsRuxQFKbQkyEI4TXgvAjcroVdG+heKX5Pauq/4Ota0="; + } + + "/palettes/mocha.toml")); + }; +} diff --git a/parts/users/seth/shell/starship.toml b/users/seth/programs/starship/starship.toml index 94a2922..94a2922 100644 --- a/parts/users/seth/shell/starship.toml +++ b/users/seth/programs/starship/starship.toml diff --git a/users/seth/programs/vim.nix b/users/seth/programs/vim.nix new file mode 100644 index 0000000..409e225 --- /dev/null +++ b/users/seth/programs/vim.nix @@ -0,0 +1,30 @@ +{ + programs.vim = { + enable = true; + settings = { + expandtab = false; + shiftwidth = 2; + tabstop = 2; + }; + extraConfig = '' + " https://wiki.archlinux.org/title/XDG_Base_Directory + set runtimepath^=$XDG_CONFIG_HOME/vim + set runtimepath+=$XDG_DATA_HOME/vim + set runtimepath+=$XDG_CONFIG_HOME/vim/after + + set packpath^=$XDG_DATA_HOME/vim,$XDG_CONFIG_HOME/vim + set packpath+=$XDG_CONFIG_HOME/vim/after,$XDG_DATA_HOME/vim/after + set packpath^=$XDG_DATA_HOME/vim,$XDG_CONFIG_HOME/vim + set packpath+=$XDG_CONFIG_HOME/vim/after,$XDG_DATA_HOME/vim/after + + let g:netrw_home = $XDG_DATA_HOME."/vim" + call mkdir($XDG_DATA_HOME."/vim/spell", 'p') + + set backupdir=$XDG_STATE_HOME/vim/backup | call mkdir(&backupdir, 'p') + set directory=$XDG_STATE_HOME/vim/swap | call mkdir(&directory, 'p') + set undodir=$XDG_STATE_HOME/vim/undo | call mkdir(&undodir, 'p') + set viewdir=$XDG_STATE_HOME/vim/view | call mkdir(&viewdir, 'p') + set viminfofile=$XDG_STATE_HOME/vim/viminfo + ''; + }; +} diff --git a/parts/users/seth/shell/bash.nix b/users/seth/shell/bash.nix index f9a1afa..f9a1afa 100644 --- a/parts/users/seth/shell/bash.nix +++ b/users/seth/shell/bash.nix diff --git a/users/seth/shell/default.nix b/users/seth/shell/default.nix new file mode 100644 index 0000000..6ca9e3e --- /dev/null +++ b/users/seth/shell/default.nix @@ -0,0 +1,26 @@ +{config, ...}: { + imports = [ + ./bash.nix + ./fish.nix + ]; + + home = { + sessionVariables = let + inherit (config.xdg) configHome dataHome stateHome; + in { + EDITOR = "nvim"; + VISUAL = "$EDITOR"; + GPG_TTY = "$(tty)"; + CARGO_HOME = "${dataHome}/cargo"; + RUSTUP_HOME = "${dataHome}/rustup"; + LESSHISTFILE = "${stateHome}/less/history"; + NPM_CONFIG_USERCONFIG = "${configHome}/npm/npmrc"; + }; + + shellAliases = { + diff = "diff --color=auto"; + g = "git"; + gs = "g status"; + }; + }; +} diff --git a/parts/users/seth/shell/fish.nix b/users/seth/shell/fish.nix index fc241d0..fc241d0 100644 --- a/parts/users/seth/shell/fish.nix +++ b/users/seth/shell/fish.nix diff --git a/parts/users/seth/shell/zsh.nix b/users/seth/shell/zsh.nix index 23d5813..23d5813 100644 --- a/parts/users/seth/shell/zsh.nix +++ b/users/seth/shell/zsh.nix diff --git a/parts/users/seth/system.nix b/users/seth/system.nix index f3957c7..6d9d213 100644 --- a/parts/users/seth/system.nix +++ b/users/seth/system.nix @@ -4,27 +4,34 @@ pkgs, ... }: { - users.users.seth = let - inherit (pkgs.stdenv.hostPlatform) isLinux isDarwin; - in - lib.recursiveUpdate + users.users.seth = { shell = pkgs.fish; home = - if isDarwin + if pkgs.stdenv.isDarwin then "/Users/seth" else "/home/seth"; } - (lib.optionalAttrs isLinux { + // lib.optionalAttrs pkgs.stdenv.isLinux { extraGroups = ["wheel"]; isNormalUser = true; hashedPasswordFile = config.age.secrets.sethPassword.path; - }); + }; programs.fish.enable = true; home-manager.users.seth = { - imports = [./.]; + imports = + [ + ./. + ./desktop + ] + ++ lib.optionals pkgs.stdenv.isLinux [ + ./programs/chromium.nix + ./programs/firefox + ./programs/mangohud.nix + ]; + nixpkgs.overlays = config.nixpkgs.overlays; }; } |