diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..5e3d86e --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,28 @@ +name: Build & Push +on: + push: + branches: + - main + +jobs: + build: + strategy: + matrix: + host: ["othalan", "algiz"] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v25 # v25 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: DeterminateSystems/magic-nix-cache-action@v2 + - uses: cachix/cachix-action@v14 + with: + name: daylin + authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" + - name: Build + run: nix build '.#nixosConfigurations.${{ matrix.host }}.config.system.build.toplevel' + - name: Push + env: + CACHIX_ACTIVATE_TOKEN: "${{ secrets.CACHIX_ACTIVATE_TOKEN }}" + run: cachix push daylin ./result diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4e333a5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +result* +.task.mk diff --git a/README.md b/README.md new file mode 100644 index 0000000..5d38ab1 --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# daylin's nixcfg + + diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..46bbe8f --- /dev/null +++ b/flake.lock @@ -0,0 +1,605 @@ +{ + "nodes": { + "flake-compat": { + "locked": { + "lastModified": 1688025799, + "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs-wayland", + "nix-eval-jobs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "freetype2": { + "flake": false, + "locked": { + "lastModified": 1675923892, + "narHash": "sha256-dOm8VKYdclTLLkqWMLv7DQI0Qyjit7S4SOCszKEkG3o=", + "owner": "wez", + "repo": "freetype2", + "rev": "de8b92dd7ec634e9e2b25ef534c54a3537555c11", + "type": "github" + }, + "original": { + "owner": "wez", + "repo": "freetype2", + "rev": "de8b92dd7ec634e9e2b25ef534c54a3537555c11", + "type": "github" + } + }, + "harfbuzz": { + "flake": false, + "locked": { + "lastModified": 1677798343, + "narHash": "sha256-Lsd0Vrkrv67CMyV0ZveShfjUvqh/jDhI8rAK9ps+SZQ=", + "owner": "harfbuzz", + "repo": "harfbuzz", + "rev": "60841e26187576bff477c1a09ee2ffe544844abc", + "type": "github" + }, + "original": { + "owner": "harfbuzz", + "repo": "harfbuzz", + "rev": "60841e26187576bff477c1a09ee2ffe544844abc", + "type": "github" + } + }, + "hyprland": { + "inputs": { + "hyprland-protocols": "hyprland-protocols", + "nixpkgs": "nixpkgs", + "systems": "systems", + "wlroots": "wlroots", + "xdph": "xdph" + }, + "locked": { + "lastModified": 1705913207, + "narHash": "sha256-donM5hUaCylML0xwRZtH3SBSTBfdo7Ea3hJ+eiGZ/cI=", + "owner": "hyprwm", + "repo": "Hyprland", + "rev": "02b4a9bdede8ab0336e2e7ac52b39cab36208bb4", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "ref": "main", + "repo": "Hyprland", + "type": "github" + } + }, + "hyprland-contrib": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1705671586, + "narHash": "sha256-JOwVlSgwo2nqQRcArelrx/lK9OUoUxaXUQThQw1q8oA=", + "owner": "hyprwm", + "repo": "contrib", + "rev": "72a67d0f58d0ed44a20341fddb2bdfa33c2a2558", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "contrib", + "type": "github" + } + }, + "hyprland-protocols": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1691753796, + "narHash": "sha256-zOEwiWoXk3j3+EoF3ySUJmberFewWlagvewDRuWYAso=", + "owner": "hyprwm", + "repo": "hyprland-protocols", + "rev": "0c2ce70625cb30aef199cb388f99e19a61a6ce03", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprland-protocols", + "type": "github" + } + }, + "hyprlang": { + "inputs": { + "nixpkgs": [ + "hyprland", + "xdph", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1704287638, + "narHash": "sha256-TuRXJGwtK440AXQNl5eiqmQqY4LZ/9+z/R7xC0ie3iA=", + "owner": "hyprwm", + "repo": "hyprlang", + "rev": "6624f2bb66d4d27975766e81f77174adbe58ec97", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprlang", + "type": "github" + } + }, + "lib-aggregate": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1705838953, + "narHash": "sha256-bu00HScTFCapBq6r1U5QXPO7yDZhzNkGCbGfYKOHRDM=", + "owner": "nix-community", + "repo": "lib-aggregate", + "rev": "aca52761b7d82325fadfec11ea78e01fff8f06e8", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lib-aggregate", + "type": "github" + } + }, + "libpng": { + "flake": false, + "locked": { + "lastModified": 1549245649, + "narHash": "sha256-1+cRp0Ungme/OGfc9kGJbklYIWAFxk8Il1M+NV4KSgw=", + "owner": "glennrp", + "repo": "libpng", + "rev": "8439534daa1d3a5705ba92e653eda9251246dd61", + "type": "github" + }, + "original": { + "owner": "glennrp", + "repo": "libpng", + "rev": "8439534daa1d3a5705ba92e653eda9251246dd61", + "type": "github" + } + }, + "nix-eval-jobs": { + "inputs": { + "flake-parts": "flake-parts", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_4", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1705242886, + "narHash": "sha256-TLj334vRwFtSym3m+NnKcNCnKKPNoTC/TDZL40vmOso=", + "owner": "nix-community", + "repo": "nix-eval-jobs", + "rev": "6b03a93296faf174b97546fd573c8b379f523a8d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-eval-jobs", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "nixpkgs-wayland", + "nix-eval-jobs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1701208414, + "narHash": "sha256-xrQ0FyhwTZK6BwKhahIkUVZhMNk21IEI1nUcWSONtpo=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "93e39cc1a087d65bcf7a132e75a650c44dd2b734", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1705798119, + "narHash": "sha256-WPVKxYMcvGW/2X16pfF1ef05EQ0Ql5XPCxqoCDlQSrY=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "a26fc04e3d43acfa1dc52065a4ce39ca7a2ec91c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-wayland": { + "inputs": { + "flake-compat": "flake-compat", + "lib-aggregate": "lib-aggregate", + "nix-eval-jobs": "nix-eval-jobs", + "nixpkgs": "nixpkgs_5" + }, + "locked": { + "lastModified": 1705947648, + "narHash": "sha256-evBiSypfVvyHSXLfXy621h1gfeQqk5ivnySK5VvvrcA=", + "owner": "nix-community", + "repo": "nixpkgs-wayland", + "rev": "01875294cf54755038d15ed61e3b657fdbede781", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs-wayland", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1703134684, + "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1705856552, + "narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1705883077, + "narHash": "sha256-ByzHHX3KxpU1+V0erFy8jpujTufimh6KaS/Iv3AciHk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5f5210aa20e343b7e35f40c033000db0ef80d7b9", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "hyprland": "hyprland", + "hyprland-contrib": "hyprland-contrib", + "nixpkgs": "nixpkgs_3", + "nixpkgs-wayland": "nixpkgs-wayland", + "wezterm": "wezterm" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "wezterm", + "flake-utils" + ], + "nixpkgs": [ + "wezterm", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705457855, + "narHash": "sha256-5cCHQtP/PEHK1YNTQyZN9v8ehpLTjc723ZSKAP3Tva8=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "a854609265af0e9f48c92e497679edf8fab9e690", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs-wayland", + "nix-eval-jobs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702979157, + "narHash": "sha256-RnFBbLbpqtn4AoJGXKevQMCGhra4h6G2MPcuTSZZQ+g=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "2961375283668d867e64129c22af532de8e77734", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "wezterm": { + "inputs": { + "flake-utils": "flake-utils_2", + "freetype2": "freetype2", + "harfbuzz": "harfbuzz", + "libpng": "libpng", + "nixpkgs": "nixpkgs_6", + "rust-overlay": "rust-overlay", + "zlib": "zlib" + }, + "locked": { + "dir": "nix", + "lastModified": 1705885335, + "narHash": "sha256-fH/fb+Bprm0SUhb0Z4An/3CykI3CUwxjqG0u3g9clnI=", + "owner": "wez", + "repo": "wezterm", + "rev": "76028ca15404c049866692b06411f654d544ce2b", + "type": "github" + }, + "original": { + "dir": "nix", + "owner": "wez", + "repo": "wezterm", + "type": "github" + } + }, + "wlroots": { + "flake": false, + "locked": { + "host": "gitlab.freedesktop.org", + "lastModified": 1703963193, + "narHash": "sha256-ke8drv6PTrdQDruWbajrRJffP9A9PU6FRyjJGNZRTs4=", + "owner": "wlroots", + "repo": "wlroots", + "rev": "f81c3d93cd6f61b20ae784297679283438def8df", + "type": "gitlab" + }, + "original": { + "host": "gitlab.freedesktop.org", + "owner": "wlroots", + "repo": "wlroots", + "rev": "f81c3d93cd6f61b20ae784297679283438def8df", + "type": "gitlab" + } + }, + "xdph": { + "inputs": { + "hyprland-protocols": [ + "hyprland", + "hyprland-protocols" + ], + "hyprlang": "hyprlang", + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1704659450, + "narHash": "sha256-3lyoUVtUWz1LuxbltAtkJSK2IlVXmKhxCRU2/0PYCms=", + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "rev": "6a5de92769d5b7038134044053f90e7458f6a197", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "xdg-desktop-portal-hyprland", + "type": "github" + } + }, + "zlib": { + "flake": false, + "locked": { + "lastModified": 1484501380, + "narHash": "sha256-j5b6aki1ztrzfCqu8y729sPar8GpyQWIrajdzpJC+ww=", + "owner": "madler", + "repo": "zlib", + "rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f", + "type": "github" + }, + "original": { + "owner": "madler", + "repo": "zlib", + "rev": "cacf7f1d4e3d44d871b605da3b647f07d718623f", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..659f5aa --- /dev/null +++ b/flake.nix @@ -0,0 +1,22 @@ +{ + description = "daylinmorgan-nixcfg"; + + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-wayland.url = "github:nix-community/nixpkgs-wayland"; + hyprland.url = "github:hyprwm/Hyprland/main"; + hyprland-contrib.url = "github:hyprwm/contrib"; + wezterm.url = "github:wez/wezterm?dir=nix"; + }; + + outputs = inputs @ { + self, + nixpkgs, + ... + }: let + lib = import ./lib {inherit inputs nixpkgs;}; + in { + nixosModules = builtins.listToAttrs (lib.findModules ./modules); + nixosConfigurations = lib.mapHosts ./hosts; + }; +} diff --git a/hosts/algiz/README.md b/hosts/algiz/README.md new file mode 100644 index 0000000..e15bc4f --- /dev/null +++ b/hosts/algiz/README.md @@ -0,0 +1,21 @@ +sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key" +sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys +sudo -u git chmod 600 /home/git/.ssh/authorized_keys + + +Should Look like this +``` +# SSH pubkey from git user +ssh-rsa + +# other keys from users +command="/usr/local/bin/gitea --config=/data/gitea/conf/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty +``` + + +Nixify this step.... +cat <<"EOF" | sudo tee /usr/local/bin/gitea +#!/bin/sh +ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@" +EOF +sudo chmod +x /usr/local/bin/gitea diff --git a/hosts/algiz/default.nix b/hosts/algiz/default.nix new file mode 100644 index 0000000..010a331 --- /dev/null +++ b/hosts/algiz/default.nix @@ -0,0 +1,48 @@ +{ + inputs, + pkgs, + ... +}: { + imports = with inputs.self.nixosModules; [ + common + docker + + # langs + nim + python + ]; + + environment.systemPackages = with pkgs; [ + rclone + ]; + # https://francis.begyn.be/blog/nixos-restic-backups + # TODO: parameterize to use on algiz AND othalan ... + services.restic.backups.gdrive = { + # directories created by gitea and soft-serve aren't world readable + user = "root"; + rcloneConfigFile = "/home/daylin/.config/rclone/rclone.conf"; + repository = "rclone:g:archives/algiz"; + passwordFile = "/home/daylin/.config/restic/algiz-pass"; + paths = ["/home/daylin/services/git/" "/home/daylin/services/gotosocial/" "home/daylin/services/caddy"]; + }; + + security.sudo.wheelNeedsPassword = false; + + users.extraUsers = { + daylin = { + shell = pkgs.zsh; + isNormalUser = true; + extraGroups = ["wheel" "docker"]; + useDefaultShell = true; + initialPassword = "nix"; + }; + git = { + isNormalUser = true; + }; + }; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; +} diff --git a/hosts/algiz/hardware-configuration.nix b/hosts/algiz/hardware-configuration.nix new file mode 100644 index 0000000..4f25332 --- /dev/null +++ b/hosts/algiz/hardware-configuration.nix @@ -0,0 +1,35 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = []; + + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/eb6cbf1e-e4a7-4312-a1af-4f78ad9cf138"; + fsType = "btrfs"; + }; + + swapDevices = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + virtualisation.hypervGuest.enable = true; +} diff --git a/hosts/algiz/rune b/hosts/algiz/rune new file mode 100644 index 0000000..22be673 --- /dev/null +++ b/hosts/algiz/rune @@ -0,0 +1,16 @@ + + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⢠⣾⣦⡀⠀⠀⠀⣶⣶⠀⠀⠀⢀⣴⣷⡄⠀⠀⠀ + ⠀⠀⠀⠀⠙⢿⣷⣄⠀⠀⣿⣿⠀⠀⣠⣾⡿⠋⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠙⢿⣷⣄⣿⣿⣠⣾⡿⠋⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ diff --git a/hosts/algiz/system.nix b/hosts/algiz/system.nix new file mode 100644 index 0000000..f7a4acb --- /dev/null +++ b/hosts/algiz/system.nix @@ -0,0 +1,47 @@ +{...}: { + users.motd = builtins.readFile ./rune; + + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 2 * 1024; + } + ]; + + services.resolved.enable = true; + + services.fail2ban = { + enable = true; + maxretry = 5; + bantime = "24h"; + }; + + time.timeZone = "America/Chicago"; + + networking.hostName = "algiz"; + # # added to make using `pip install` work in docker build + # networking.nameservers = [ "8.8.8.8"]; + + # allow tcp connections for revsere proxy + networking.firewall = { + enable = true; + allowedTCPPorts = [80 443]; + }; + + services.openssh.enable = true; + services.openssh.settings.PasswordAuthentication = false; + + users.mutableUsers = false; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.11"; # Did you read the comment? +} diff --git a/hosts/mannaz/README.md b/hosts/mannaz/README.md new file mode 100644 index 0000000..e69de29 diff --git a/hosts/mannaz/default.nix b/hosts/mannaz/default.nix new file mode 100644 index 0000000..b372b06 --- /dev/null +++ b/hosts/mannaz/default.nix @@ -0,0 +1,43 @@ +{ + inputs, + lib, + config, + pkgs, + ... +}: { + imports = with inputs.self.nixosModules; [ + ./hardware-configuration.nix + ./system.nix + ./motd.nix + + cli + desktop + dev + gui + nix + nix-ld + nvim + virtualization + ]; + + environment.systemPackages = with pkgs; [ + nix-output-monitor + + (vivaldi.override { + proprietaryCodecs = true; + # enableWidevine = true; + }) + ]; + + users = { + defaultUserShell = pkgs.zsh; + extraUsers = { + daylin = { + isNormalUser = true; + extraGroups = ["wheel" "docker" "networkmanager"]; + useDefaultShell = true; + initialPassword = "nix"; + }; + }; + }; +} diff --git a/hosts/mannaz/hardware-configuration.nix b/hosts/mannaz/hardware-configuration.nix new file mode 100644 index 0000000..74bce9a --- /dev/null +++ b/hosts/mannaz/hardware-configuration.nix @@ -0,0 +1,43 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd" "wl"]; + boot.extraModulePackages = [config.boot.kernelPackages.broadcom_sta]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/47108030-bad4-431a-8fe3-0063accca466"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/3CD0-E384"; + fsType = "vfat"; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/115bc13a-9b09-4790-986c-ab3b434cde69";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp37s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/mannaz/motd.nix b/hosts/mannaz/motd.nix new file mode 100644 index 0000000..80ab32b --- /dev/null +++ b/hosts/mannaz/motd.nix @@ -0,0 +1,19 @@ +{...}: { + users.motd = '' +  + ⠀⠀⢰⣶⣦⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣶⡆⠀⠀ + ⠀⠀⢸⣿⡿⢿⣷⣦⣄⠀⠀⠀⠀⣀⣴⣾⡿⠿⣿⡇⠀⠀ + ⠀⠀⢸⣿⡇⠀⠈⠛⠿⣿⣶⣴⣿⠿⠛⠁⠀⢸⣿⡇⠀⠀ + ⠀⠀⢸⣿⡇⠀⣀⣤⣶⣿⠟⠻⢿⣷⣤⣀⠀⢸⣿⡇⠀⠀ + ⠀⠀⢸⣿⣷⣾⡿⠟⠉⠀⠀⠀⠀⠉⠛⢿⣷⣶⣿⡇⠀⠀ + ⠀⠀⢸⣿⡟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⢹⣿⡇⠀⠀ + ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀ + ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀ + ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀ + ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀ + ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀ + ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⡇⠀⠀ + ⠀⠀⢸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠸⣿⡇⠀⠀ + ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ + ''; +} diff --git a/hosts/mannaz/system.nix b/hosts/mannaz/system.nix new file mode 100644 index 0000000..fec0950 --- /dev/null +++ b/hosts/mannaz/system.nix @@ -0,0 +1,96 @@ +{ + inputs, + lib, + config, + pkgs, + ... +}: { + # Use the systemd-boot EFI boot loader. + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + + # boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_latest; + + # this device doesn't have enough ram :/ + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 24 * 1024; + } + ]; + + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + extraPackages = with pkgs; [ + libGL + ]; + setLdLibraryPath = true; + }; + # Load nvidia driver for Xorg and Wayland + services.xserver.videoDrivers = ["nvidia"]; + + hardware.nvidia = { + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + powerManagement.enable = false; + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + + programs.nix-ld.enable = true; + services.openssh.enable = true; + + networking.hostName = "mannaz"; + # networking.wireless.enable = true; + # networking.networkmanager.enable = true; + + networking.firewall.allowedTCPPorts = [ + 7865 + 7860 + ]; + + time.timeZone = "America/Chicago"; + security.sudo.wheelNeedsPassword = false; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hosts/othalan/default.nix b/hosts/othalan/default.nix new file mode 100644 index 0000000..99c647f --- /dev/null +++ b/hosts/othalan/default.nix @@ -0,0 +1,56 @@ +{ + inputs, + lib, + pkgs, + ... +}: { + imports = with inputs.self.nixosModules; [ + common + desktop + hyprland + + nix-ld + virtualization + + restic + + # langs + misc + nim + node + tex + ]; + services.restic.backups.gdrive = { + user = "daylin"; + repository = "rclone:g:archives/othalan"; + passwordFile = "/home/daylin/.config/restic/othalan-pass"; + paths = ["/home/daylin/stuff/" "/home/daylin/dev/"]; + }; + + environment.systemPackages = with pkgs; [ + zk + rclone + quarto + + expect + openconnect + ]; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + programs.zsh.enable = true; + users.users.daylin = { + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = [ + "wheel" # sudo + "video" # backlight control via light + "audio" + ]; + }; + + +} diff --git a/hosts/othalan/hardware-configuration.nix b/hosts/othalan/hardware-configuration.nix new file mode 100644 index 0000000..e79863d --- /dev/null +++ b/hosts/othalan/hardware-configuration.nix @@ -0,0 +1,43 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/00587bf0-9f7f-4d96-9b8b-cf5024157e2c"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/FF65-E2AC"; + fsType = "vfat"; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/bd64a1ba-f259-4b64-88cd-5585b9345f5a";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/othalan/rune b/hosts/othalan/rune new file mode 100644 index 0000000..d5b1d24 --- /dev/null +++ b/hosts/othalan/rune @@ -0,0 +1,16 @@ + + .+. + .*@@@*. + .+@@- -%@*. + .+@@= -%@*. + .+@%= -%@+. + +@@- :@@* + .*@%- :#@*: + .#@%: :#@#: + :#@#-*@#: + =@@@+ + .*@#-#@#: + .*@%- :#@#: + .*@%- :%@*. + +@%- -%@+ + :- -: diff --git a/hosts/othalan/system.nix b/hosts/othalan/system.nix new file mode 100644 index 0000000..30a737b --- /dev/null +++ b/hosts/othalan/system.nix @@ -0,0 +1,66 @@ +{ + config, + pkgs, + ... +} +: { + networking.networkmanager.enable = true; + programs.light.enable = true; + services.printing.enable = true; + services.fwupd.enable = true; + hardware.bluetooth.enable = true; + hardware.bluetooth.powerOnBoot = true; + + # https://github.com/NixOS/nixos-hardware/blob/c478b3d56969006e015e55aaece4931f3600c1b2/lenovo/thinkpad/x1/9th-gen/default.nix + # https://github.com/NixOS/nixos-hardware/blob/c478b3d56969006e015e55aaece4931f3600c1b2/common/pc/ssd/default.nix + services.fstrim.enable = true; + + # rtkit is optional but recommended + security.rtkit.enable = true; + services.pipewire = { + enable = true; + audio.enable = true; + pulse.enable = true; + alsa.enable = true; + alsa.support32Bit = true; + }; + + environment.systemPackages = with pkgs; [ + pamixer + ]; + + services.getty.greetingLine = + ''<<< Welcome to NixOS ${config.system.nixos.label} (\m) - \l >>>'' + + (builtins.readFile ./rune); + + # catppuccin/tty + boot.kernelParams = [ + "vt.default_red=30,243,166,249,137,245,148,186,88,243,166,249,137,245,148,166" + "vt.default_grn=30,139,227,226,180,194,226,194,91,139,227,226,180,194,226,173" + "vt.default_blu=46,168,161,175,250,231,213,222,112,168,161,175,250,231,213,200" + ]; + + networking.hostName = "othalan"; + time.timeZone = "US/Central"; + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelPackages = pkgs.linuxPackages_latest; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..14fe311 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,45 @@ +{ + inputs, + nixpkgs, + ... +}: let + inherit (builtins) concatLists attrValues mapAttrs elemAt match readDir filter; + inherit (nixpkgs.lib) hasSuffix nixosSystem; + inherit (nixpkgs.lib.filesystem) listFilesRecursive; +in rec { + mkSystem = hostname: + nixosSystem { + system = "x86_64-linux"; + modules = + builtins.filter + (path: hasSuffix ".nix" path) (listFilesRecursive (../. + "/hosts/${hostname}")); + specialArgs = {inherit inputs;}; + }; + + mapHosts = dir: + mapAttrs + (name: _: mkSystem name) + (readDir dir); + + # https://github.com/balsoft/nixos-config/blob/73cc2c3a8bb62a9c3980a16ae70b2e97af6e1abd/flake.nix#L109-L120 + findModules = dir: + concatLists (attrValues (mapAttrs + (name: type: + if type == "regular" + then [ + { + name = elemAt (match "(.*)\\.nix" name) 0; + value = dir + "/${name}"; + } + ] + else if + (readDir (dir + "/${name}")) + ? "default.nix" + then [ + { + inherit name; + value = dir + "/${name}"; + } + ] + else findModules (dir + "/${name}")) (readDir dir))); +} diff --git a/modules/cli.nix b/modules/cli.nix new file mode 100644 index 0000000..b4cfc10 --- /dev/null +++ b/modules/cli.nix @@ -0,0 +1,21 @@ +{ + inputs, + pkgs, + ... +}: { + programs.direnv.enable = true; + environment.systemPackages = with pkgs; [ + chezmoi + zoxide + lsd + fzf + + # utils + fd + bat + delta + ripgrep + + btop + ]; +} diff --git a/modules/dev.nix b/modules/dev.nix new file mode 100644 index 0000000..db17530 --- /dev/null +++ b/modules/dev.nix @@ -0,0 +1,25 @@ +{ + inputs, + pkgs, + ... +}: { + imports = with inputs.self.nixosModules; [ + git + ]; + programs.zsh.enable = true; + environment.systemPackages = with pkgs; [ + tmux + unzip + less + gnumake + gcc + + jq + + wget + curl + htop + + comma + ]; +} diff --git a/modules/docker.nix b/modules/docker.nix new file mode 100644 index 0000000..73f335b --- /dev/null +++ b/modules/docker.nix @@ -0,0 +1,6 @@ +{pkgs, ...}: { + virtualisation.docker.enable = true; + environment.systemPackages = with pkgs; [ + lazydocker + ]; +} diff --git a/modules/editors/nvim.nix b/modules/editors/nvim.nix new file mode 100644 index 0000000..83c56c1 --- /dev/null +++ b/modules/editors/nvim.nix @@ -0,0 +1,13 @@ +{ + input, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + vim + neovim + + nixd + tree-sitter + ]; +} diff --git a/modules/editors/vscode.nix b/modules/editors/vscode.nix new file mode 100644 index 0000000..5d27e2d --- /dev/null +++ b/modules/editors/vscode.nix @@ -0,0 +1,10 @@ +{ + input, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + # vscode + vscode-fhs + ]; +} diff --git a/modules/git.nix b/modules/git.nix new file mode 100644 index 0000000..c683ab0 --- /dev/null +++ b/modules/git.nix @@ -0,0 +1,13 @@ +{ + input, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + git + git-lfs + + gh + lazygit + ]; +} diff --git a/modules/gui.nix b/modules/gui.nix new file mode 100644 index 0000000..f53dca7 --- /dev/null +++ b/modules/gui.nix @@ -0,0 +1,23 @@ +{ + inputs, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + inputs.wezterm.packages.${pkgs.system}.default + alacritty + + inkscape + gimp + + libreoffice-qt + hunspell # spell check for libreoffice + + (vivaldi.override { + commandLineArgs = [ + "--force-dark-mode" + ]; + proprietaryCodecs = true; + }) + ]; +} diff --git a/modules/hyprland.nix b/modules/hyprland.nix new file mode 100644 index 0000000..dd20d9f --- /dev/null +++ b/modules/hyprland.nix @@ -0,0 +1,50 @@ +{ + inputs, + pkgs, + ... +}: { + fonts.fontconfig.enable = true; + fonts.packages = with pkgs; [ + (nerdfonts.override {fonts = ["FiraCode"];}) + ]; + security.pam.services.swaylock = {}; + programs.hyprland.enable = true; + programs.hyprland.package = inputs.hyprland.packages.${pkgs.system}.default; + # Optional, hint electron apps to use wayland: + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + environment.systemPackages = with pkgs; [ + swaylock + brightnessctl + + # notifications + libnotify + dunst + + # screenshots + inputs.hyprland-contrib.packages.${pkgs.system}.grimblast + grim + slurp + + eww-wayland + rofi-wayland + hyprpaper + + catppuccin-cursors.mochaDark + pavucontrol + ]; + nixpkgs.overlays = [ inputs.nixpkgs-wayland.overlay ]; + # wayland extras + nix.settings = { + # add binary caches + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + ]; + substituters = [ + "https://cache.nixos.org" + "https://nixpkgs-wayland.cachix.org" + "https://hyprland.cachix.org" + ]; + }; +} diff --git a/modules/langs/misc.nix b/modules/langs/misc.nix new file mode 100644 index 0000000..03c2e96 --- /dev/null +++ b/modules/langs/misc.nix @@ -0,0 +1,12 @@ +{ + inputs, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + # language supports + nodejs + go + rustup + ]; +} diff --git a/modules/langs/nim.nix b/modules/langs/nim.nix new file mode 100644 index 0000000..7d1b693 --- /dev/null +++ b/modules/langs/nim.nix @@ -0,0 +1,19 @@ +{ + pkgs, + nixpkgs, + ... +}: { + nixpkgs.overlays = [ + # (import ../../overlays/nim {}) + (import ../../overlays/nimlsp {}) + (import ../../overlays/nimble {}) + (import ../../overlays/nim-atlas {}) + ]; + + environment.systemPackages = with pkgs; [ + nim-atlas + nim + nimble + nimlsp + ]; +} diff --git a/modules/langs/node.nix b/modules/langs/node.nix new file mode 100644 index 0000000..30a14fb --- /dev/null +++ b/modules/langs/node.nix @@ -0,0 +1,6 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + nodejs + nodePackages.pnpm + ]; +} diff --git a/modules/langs/python.nix b/modules/langs/python.nix new file mode 100644 index 0000000..148c42f --- /dev/null +++ b/modules/langs/python.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + # https://github.com/Mic92/nix-ld?tab=readme-ov-file#my-pythonnodejsrubyinterpreter-libraries-do-not-find-the-libraries-configured-by-nix-ld + (pkgs.writeShellScriptBin "python" '' + export LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH + exec ${pkgs.python3}/bin/python "$@" + '') + + (pkgs.writeShellScriptBin "python3" '' + export LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH + exec ${pkgs.python3}/bin/python "$@" + '') + + (python3.withPackages (ps: with ps; [pip])) + micromamba + ]; +} diff --git a/modules/langs/tex.nix b/modules/langs/tex.nix new file mode 100644 index 0000000..9559aa5 --- /dev/null +++ b/modules/langs/tex.nix @@ -0,0 +1,9 @@ +{ + inputs, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + texlive.combined.scheme-full + ]; +} diff --git a/modules/lock/default.nix b/modules/lock/default.nix new file mode 100644 index 0000000..5eb3237 --- /dev/null +++ b/modules/lock/default.nix @@ -0,0 +1,34 @@ +{ + input, + pkgs, + ... +}: let + lock = pkgs.writeShellApplication { + name = "lock"; + runtimeInputs = with pkgs; [i3lock-color figlet procps]; + text = builtins.readFile ./lock.sh; + }; +in { + environment.systemPackages = with pkgs; [ + xss-lock + + lock + ]; + + systemd.services.i3lock = { + wantedBy = ["sleep.target"]; + description = "Lock the screen using a custom lock script"; + before = ["suspend.target"]; + serviceConfig = { + User = "daylin"; + Type = "forking"; + Environment = "DISPLAY=:0"; + ExecStart = "${lock}/bin/lock"; + }; + }; + + # services.logind.extraConfig = '' + # IdleAction=suspend + # IdleActionSec=1800 + # ''; +} diff --git a/modules/lock/lock.sh b/modules/lock/lock.sh new file mode 100755 index 0000000..94e88d6 --- /dev/null +++ b/modules/lock/lock.sh @@ -0,0 +1,80 @@ +#!/usr/bin/env bash + +# colors +bg_color=1e1e2ebb +red=f38ba8ff +teal=94e2d5ff +rosewater=f5e0dcff +green=a6e3a1ff +selection=454158ff + +# greeter config +font="MonoLisa Nerd Font:style=Bold" +greeter_msg="LOCKED" + +ff=( + "big" + "small" + "lean" + "epic" + "fender" + "slant" + "lineblocks" + "marquee" + "avatar" + "contrast" + "amcrazor" + "kban" +) + +fig_font=${ff[RANDOM % ${#ff[@]}]} + +make_figlet() { + figlet -f "$fig_font" "$greeter_msg" +} + +font_size=25 +font_to_px=$((font_size * 16 / 12)) +greeter_h=$(($(make_figlet | wc -l) * font_to_px)) +greeter_w=$(($(make_figlet | wc -L) * font_to_px)) + +# centered +greeter_pos="x+w/2-${greeter_w}/4:y+h/2-${greeter_h}/4" +# left-aligned +greeter_pos="x+50:y+h/2-${greeter_h}/4" + +# do the locking + +# suspend message display +pkill -u "$USER" -USR1 dunst +sleep 0.1 + +# lock the screen +i3lock \ + -n \ + --screen 1 \ + --color $bg_color \ + --inside-color ffffff00 \ + --ring-color $green \ + --ringwrong-color $red \ + --ringver-color $teal \ + --insidewrong-color $bg_color \ + --insidever-color $bg_color \ + --line-uses-ring \ + --separator-color $selection \ + --keyhl-color $teal \ + --bshl-color $red \ + --wrong-color $red \ + --ind-pos x+w-5-r:y+h-10-r \ + --ring-width 25 \ + --radius 100 \ + --verif-text "" \ + --greeter-text "$(make_figlet)" \ + --greeter-font "${font}" \ + --greeter-size $font_size \ + --greeter-color $rosewater \ + --greeter-pos "${greeter_pos}" \ + --greeter-align 1 + +# resume message display +pkill -u "$USER" -USR2 dunst diff --git a/modules/nix-ld.nix b/modules/nix-ld.nix new file mode 100644 index 0000000..a63d1e0 --- /dev/null +++ b/modules/nix-ld.nix @@ -0,0 +1,63 @@ +{ + input, + pkgs, + ... +}: { + programs.nix-ld.enable = true; + + # Packages that need at least something in this list: + # Geneious Prime + # https://github.com/Mic92/dotfiles/blob/cb180bdd3805b373e556a93ccb275b7f0f902a3b/nixos/modules/nix-ld.nix#L9C3-L60C5 + programs.nix-ld.libraries = with pkgs; [ + alsa-lib + at-spi2-atk + at-spi2-core + atk + cairo + cups + curl + dbus + expat + fontconfig + freetype + fuse3 + gdk-pixbuf + glib + gtk3 + icu + libGL + libappindicator-gtk3 + libdrm + libglvnd + libnotify + libpulseaudio + libunwind + libusb1 + libuuid + libxkbcommon + mesa + nspr + nss + openssl + pango + pipewire + stdenv.cc.cc + systemd + vulkan-loader + xorg.libX11 + xorg.libXScrnSaver + xorg.libXcomposite + xorg.libXcursor + xorg.libXdamage + xorg.libXext + xorg.libXfixes + xorg.libXi + xorg.libXrandr + xorg.libXrender + xorg.libXtst + xorg.libxcb + xorg.libxkbfile + xorg.libxshmfence + zlib + ]; +} diff --git a/modules/nix.nix b/modules/nix.nix new file mode 100644 index 0000000..92d5a88 --- /dev/null +++ b/modules/nix.nix @@ -0,0 +1,25 @@ +{ + input, + pkgs, + ... +}: { + imports = [ + ./styx + ]; + nixpkgs.config.allowUnfree = true; + nix.package = pkgs.nixUnstable; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + nix.optimise.automatic = true; + nix.gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + environment.systemPackages = with pkgs; [ + nix-output-monitor + alejandra + ]; +} diff --git a/modules/profiles/common.nix b/modules/profiles/common.nix new file mode 100644 index 0000000..036e776 --- /dev/null +++ b/modules/profiles/common.nix @@ -0,0 +1,11 @@ +{inputs, ...}: { + imports = with inputs.self.nixosModules; [ + nix + cli + dev + nvim + + # langs + python + ]; +} diff --git a/modules/profiles/desktop.nix b/modules/profiles/desktop.nix new file mode 100644 index 0000000..b692642 --- /dev/null +++ b/modules/profiles/desktop.nix @@ -0,0 +1,13 @@ +{ + inputs, + config, + lib, + ... +}: { + imports = with inputs.self.nixosModules; [ + common + gui + vscode + # qtile + ]; +} diff --git a/modules/qtile.nix b/modules/qtile.nix new file mode 100644 index 0000000..45168bc --- /dev/null +++ b/modules/qtile.nix @@ -0,0 +1,49 @@ +{ + input, + pkgs, + ... +}: { + imports = [ + ./lock + ]; + + fonts.fontconfig.enable = true; + fonts.packages = with pkgs; [ + (nerdfonts.override {fonts = ["FiraCode"];}) + ]; + + # Enable the X11 windowing system. + services.xserver = { + enable = true; + displayManager.startx.enable = true; + desktopManager.plasma5.enable = true; + windowManager.qtile.enable = true; + }; + + environment.systemPackages = with pkgs; [ + brightnessctl + + picom + # xorg utils + xdotool + xclip + + # xrandr friends + autorandr + arandr + + # notifications + libnotify + dunst + + # qtile & friends + # qtile + eww + feh + rofi + + flameshot + catppuccin-cursors.mochaDark + pavucontrol + ]; +} diff --git a/modules/restic.nix b/modules/restic.nix new file mode 100644 index 0000000..3efaa61 --- /dev/null +++ b/modules/restic.nix @@ -0,0 +1,25 @@ +{...}:{ + services.restic.backups.gdrive = { + extraBackupArgs = [ + "--exclude-file /home/daylin/.config/restic/excludes.txt" + "--exclude-file /home/daylin/.conda/environments.txt" + "--verbose" + "--one-file-system" + "--tag systemd.timer" + ]; + pruneOpts = [ + "--verbose" + "--tag systemd.timer" + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 12" + "--keep-yearly 3" + ]; + timerConfig = { + OnCalendar = "00:05"; + Persistent = true; + RandomizedDelaySec = "5h"; + }; + }; + +} diff --git a/modules/styx/default.nix b/modules/styx/default.nix new file mode 100644 index 0000000..a79d803 --- /dev/null +++ b/modules/styx/default.nix @@ -0,0 +1,5 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + (writeScriptBin "styx" (builtins.readFile ./styx)) + ]; +} diff --git a/modules/styx/styx b/modules/styx/styx new file mode 100755 index 0000000..18d6371 --- /dev/null +++ b/modules/styx/styx @@ -0,0 +1,101 @@ +#!/usr/bin/env bash + +set -e + +# rewrite as python script? + +FLAKE_PATH=$HOME/nixcfg + +DIM="$(tput dim)" +BOLD="$(tput bold)" +RED="$(tput setaf 1)" +GREEN="$(tput setaf 2)" +YELLOW="$(tput setaf 3)" +CYAN="$(tput setaf 4)" +RESET="$(tput sgr0)" +PREFIX="${CYAN}styx${RESET}" + +log() { + printf "%s | %s\n" "$PREFIX" "$*" +} + +error() { + printf "%s | %s | %s\n" "$PREFIX" "${RED}error${RESET}" "$*" +} + +help() { + cat < [-h] + ${DIM}sister moon to nix on pluto + sister software to nix in this repo${RESET} + + pass additional args with -- --key value +${BOLD}commands${RESET}: +EOF + printf "${GREEN}%8s${RESET} | ${YELLOW}%s${RESET}\n" \ + fmt "format *.nix" \ + build "build and monitor with nom" \ + boot "evaluate flake for next boot" \ + switch "perform nixos rebuild" \ + store "run some store cleanup" + exit +} + +fmt() { + alejandra . "$@" +} + +boot() { + sudo nixos-rebuild boot --flake "$FLAKE_PATH" "$@" +} + +switch() { + sudo nixos-rebuild switch --flake "$FLAKE_PATH" "$@" +} + +store() { + nix store optimise "$@" +} + +build() { + nom build "$FLAKE_PATH#nixosConfigurations.$(hostname).config.system.build.toplevel" + case "$1" in + switch | boot | test ) sudo ./result/bin/switch-to-configuration "$1";; + esac +} + +if [[ $# -eq 0 ]]; then + log no command specified see below for help + help +fi + +while [[ $# -gt 0 ]]; do + case $1 in + fmt | boot | switch | store | build) + cmd=$1 + shift + ;; + -h | --help) + help + ;; + --) + # stop parsing and foward the rest of the args + shift + break + ;; + -*,--*) + error "unknown flag: ${BOLD}$1${RESET}" + exit 1 + ;; + *) + error "unknown command: ${BOLD}$1${RESET}" + exit 1 + ;; + esac +done + +if [[ $# -gt 0 ]]; then + echo "forwarding args: ${BOLD}$*${RESET}" +fi + +$cmd "$@" diff --git a/modules/virtualization.nix b/modules/virtualization.nix new file mode 100644 index 0000000..64d6769 --- /dev/null +++ b/modules/virtualization.nix @@ -0,0 +1,8 @@ +{ + input, + pkgs, + ... +}: { + virtualisation.virtualbox.host.enable = true; + users.extraGroups.vboxusers.members = ["daylin"]; +} diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..0577342 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,14 @@ +# import all nix files in the current folder, +# and execute them with args as parameters +# The return value is a list of all execution results, +# which is the list of overlays +args: +# execute and import all overlay files in the current +# directory with the given args +builtins.map +# execute and import the overlay file +(f: (import (./. + "/${f}") args)) +# find all overlay files in the current directory +(builtins.filter + (f: f != "default.nix") + (builtins.attrNames (builtins.readDir ./.))) diff --git a/overlays/hyprland/default.nix b/overlays/hyprland/default.nix new file mode 100644 index 0000000..a3dae5a --- /dev/null +++ b/overlays/hyprland/default.nix @@ -0,0 +1,11 @@ +{...}: (final: prev: { + hyprland = prev.hyprland.overrideAttrs { + src = prev.fetchFromGitHub { + version = "main-20240121"; + owner = "hyprwm"; + repo = "Hyprland"; + rev = "3c964a9fdc220250a85b1c498e5b6fad9390272f"; + hash = "sha256-oIt4bUVXRR7qnBPizcPA7fTiZl4xz9QaSdzLNukjtkw="; + }; + }; +}) diff --git a/overlays/nim-atlas/default.nix b/overlays/nim-atlas/default.nix new file mode 100644 index 0000000..b24b280 --- /dev/null +++ b/overlays/nim-atlas/default.nix @@ -0,0 +1,11 @@ +{...}: (final: prev: { + nim-atlas = prev.nim-atlas.overrideNimAttrs { + version = "unstable"; + src = prev.fetchFromGitHub { + owner = "nim-lang"; + repo = "atlas"; + rev = "cbba9fa77fa837931bf3c58e20c1f8cb15a22919"; + hash = "sha256-TsZ8TriVuKEY9/mV6KR89eFOgYrgTqXmyv/vKu362GU="; + }; + }; +}) diff --git a/overlays/nim/default.nix b/overlays/nim/default.nix new file mode 100644 index 0000000..73ca9a9 --- /dev/null +++ b/overlays/nim/default.nix @@ -0,0 +1,18 @@ +{...}: (final: prev: { + nim-unwrapped-2 = prev.nim-unwrapped-2.overrideAttrs { + patches = + (prev.patches or []) + ++ [ + ./install.patch + ]; + # installPhase = '' + # runHook preInstall + # install -Dt $out/bin bin/* + # ln -sf $out/nim/bin/nim $out/bin/nim + # ln -sf $out/nim/lib $out/lib + # ./install.sh $out + # cp -a dist tools $out/nim/ + # runHook postInstall + # ''; + }; +}) diff --git a/overlays/nim/install.patch b/overlays/nim/install.patch new file mode 100644 index 0000000..e93aa62 --- /dev/null +++ b/overlays/nim/install.patch @@ -0,0 +1,10 @@ +diff --git a/install.sh b/install.sh +@@ -1113,6 +1113,8 @@ + chmod 644 "$nimbleDir/doc/advopt.txt" + cp "doc/nimdoc.css" "$nimbleDir/doc/nimdoc.css" + chmod 644 "$nimbleDir/doc/nimdoc.css" ++ cp "doc/nimdoc.cls" "$nimbleDir/doc/nimdoc.cls" ++ chmod 644 "$nimbleDir/doc/nimdoc.cls" + cp "nim.nimble" "$nimbleDir/nim.nimble" + chmod 644 "$nimbleDir/nim.nimble" + diff --git a/overlays/nimble/default.nix b/overlays/nimble/default.nix new file mode 100644 index 0000000..a7a6391 --- /dev/null +++ b/overlays/nimble/default.nix @@ -0,0 +1,15 @@ +{...}: (final: prev: { + nimble = prev.nimble.overrideNimAttrs { + version = "0.14.2-f74bf2"; + requiredNimVersion = 2; + buildInputs = [prev.pkgs.openssl]; + + src = prev.fetchFromGitHub { + owner = "nim-lang"; + repo = "nimble"; + # more recent commit + rev = "f74bf2bc388f7a0154104b4bcaa093a499d3f0f7"; + hash = "sha256-8b5yKvEl7c7wA/8cpdaN2CSvawQJzuRce6mULj3z/mI="; + }; + }; +}) diff --git a/overlays/nimlsp/default.nix b/overlays/nimlsp/default.nix new file mode 100644 index 0000000..6f761fc --- /dev/null +++ b/overlays/nimlsp/default.nix @@ -0,0 +1,11 @@ +{...}: (final: prev: { + nimlsp = prev.nimlsp.overrideNimAttrs { + requiredNimVersion = 2; + nimFlags = [ + "--threads:on" + "" + "-d:explicitSourcePath=${final.srcOnly final.pkgs.nim-unwrapped-2}" + "-d:tempDir=/tmp" + ]; + }; +}) diff --git a/overlays/wezterm/default.nix b/overlays/wezterm/default.nix new file mode 100644 index 0000000..d257f10 --- /dev/null +++ b/overlays/wezterm/default.nix @@ -0,0 +1,11 @@ +{...}: (final: prev: { + wezterm = prev.wezterm.overrideAttrs { + src = prev.fetchFromGitHub { + version = "main-20240121"; + owner = "wez"; + repo = "wezterm"; + rev = "b0671294d1c9225096909e12875ada25dd19a35e"; + hash = "sha256-oIt4bUVXRR7qnBPizcPA7fTiZl4xz9QaSdzLNukjtkw="; + }; + }; +}) diff --git a/todo.md b/todo.md new file mode 100644 index 0000000..647269d --- /dev/null +++ b/todo.md @@ -0,0 +1,5 @@ +# daylin's nixcfg todo's + + + + diff --git a/utils/rune.sh b/utils/rune.sh new file mode 100755 index 0000000..5470952 --- /dev/null +++ b/utils/rune.sh @@ -0,0 +1,34 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i bash -p ascii-image-converter + +set -e +declare -A IMG_SRC +IMG_SRC=( + [jeran]=https://upload.wikimedia.org/wikipedia/commons/0/01/Runic_letter_jeran.png + [othalan]=https://upload.wikimedia.org/wikipedia/commons/1/16/Runic_letter_othalan.png + [algiz]=https://upload.wikimedia.org/wikipedia/commons/1/14/Runic_letter_algiz.png + [mannaz]=https://upload.wikimedia.org/wikipedia/commons/0/0c/Runic_letter_mannaz.png + [kaunan]=https://upload.wikimedia.org/wikipedia/commons/a/a3/Runic_letter_kauna.png +) + +if [[ $# -eq 0 ]]; then + echo please provide rune name + echo options: + for i in "${!IMG_SRC[@]}"; do + echo $i + done + exit 1 +fi + +rune=$1 +color=${36:-$2} + +# tmp this? +FILENAME="Runic_letter_${rune}.png" + +[[ -f "$FILENAME" ]] || wget -O "$FILENAME" "${IMG_SRC[$rune]}" + +printf "\033[1;%dm\n%s\033[0m\n\n" \ + "$color" \ + "$(ascii-image-converter "$FILENAME" -n -H 15 -b)" \ + >"${rune}.txt"