dave/nix-config
1
0
Fork 0
mirror of https://github.com/davegallant/nix-config synced 2026-03-08 00:28:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dave:main
Branches Tags
dave:main
..
compare: dave:114d75da7fbdfb6f69a429379671b940bda8095c
Branches Tags
dave:main

1 Commits
main ... 114d75da7f

Author SHA1 Message Date
Dave Gallant
114d75da7f Add more mac defaults 2025-04-12 22:47:45 -04:00
21 changed files with 1436 additions and 721 deletions
Expand all files Collapse all files

5
.envrc Normal file
View File

@@ -0,0 +1,5 @@
if has lorri; then
eval "$(lorri direnv)"
else
use nix
fi

6
.github/workflows/cachix.yml vendored
View File

@@ -14,10 +14,12 @@ jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v16 - uses: cachix/cachix-action@v16
with: with:
name: davegallant name: davegallant
authToken: '${{ secrets.CACHIX_API_KEY }}' authToken: '${{ secrets.CACHIX_API_KEY }}'
- run: nix build .#nixosConfigurations.hephaestus.config.system.build.toplevel --json | jq -r '.[].outputs | to_entries[].value' | cachix push davegallant - run: nix-build | cachix push davegallant

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
.pre-commit-config.yaml .pre-commit-config.yaml
.vscode .vscode
git-crypt-key
result result

44
README.md
View File

@@ -1,33 +1,12 @@
# nix-config # nix-config
This repo stores nix configuration to manage my hosts running [NixOS](https://nixos.org/) and macOS. This repo stores nix configuration to manage my machines running [NixOS](https://nixos.org/) and macOS.
The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment. The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment.
```console
macchina
a8888b. Host - dave@hephaestus
d888888b. Machine - Micro-Star International Co., Ltd MS-7C02 1.0
8P"YP"Y88 Kernel - 6.12.61
8|o||o|88 Distro - NixOS 25.11 (Xantusia)
8' .88 DE - KDE
8`._.' Y8. Packages - 1 (cargo), 10998 (nix)
d/ `8b. Shell - fish
dP Y8b. Terminal - alacritty
d8: ::88b. Resolution - 2560x1440, 3840x2160
d8" 'Y88b Uptime - 26m
:8P :888 CPU - AMD Ryzen 7 5700X 8-Core Processor (16)
8a. _a88P CPU Load - 8%
._/"Yaa .| 88P| Memory - 10.7 GB / 32.8 GB
\ YP" `| `.
/ \.___.d| .'
`--..__) `._.'
```
## Prerequisites ## Prerequisites
- [NixOS](nixos.org) (Linux) - [Determine Nix](https://determinate.systems/nix-installer)
- [just](https://github.com/casey/just) - [just](https://github.com/casey/just)
## Build ## Build
@@ -64,21 +43,6 @@ To cleanup previous files, run nix garbage collection:
just clean just clean
``` ```
## Restoring from a live USB ## Pre-commit hooks
If the bootloader for some reason breaks (i.e. motherboard firmware upgrade), restore it from a live USB by running the following commands: Pre-commit hooks are automatically activated when [direnv](https://github.com/direnv/direnv) is installed.
```console
$ sudo cryptsetup luksOpen /dev/nvme0n1p2 crypted-nixos
Enter passphrase for /dev/nvme0n1p2: ********
$ sudo mount /dev/vg/root /mnt
$ sudo mount /dev/nvme0n1p1 /mnt/boot/efi
$ sudo nixos-enter --root /mnt
$ hostname <hostname>
```
Navigate to the nix-config directory and run:
```sh
just rebuild-boot
```

13
default.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nix-pre-commit-hooks = import (
builtins.fetchTarball "https://github.com/cachix/git-hooks.nix/tarball/master"
);
in
{
pre-commit-check = nix-pre-commit-hooks.run {
src = ./.;
hooks = {
shellcheck.enable = true;
};
};
}

930
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

156
flake.nix
View File

@@ -2,106 +2,73 @@
description = "nixos and macos configurations"; description = "nixos and macos configurations";
inputs = { inputs = {
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; fh.url = "https://flakehub.com/f/DeterminateSystems/fh/*";
nixpkgs-unstable.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1";
nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*";
darwin = { darwin = {
url = "github:lnl7/nix-darwin/nix-darwin-25.11"; url = "github:lnl7/nix-darwin/nix-darwin-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager.url = "github:nix-community/home-manager/release-25.11"; home-manager.url = "https://flakehub.com/f/nix-community/home-manager/*";
nixvim = { nixvim = {
url = "github:nix-community/nixvim/nixos-25.11"; url = "github:nix-community/nixvim/nixos-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
stylix.url = "github:danth/stylix/release-24.11";
vpngate.url = "github:davegallant/vpngate"; vpngate.url = "github:davegallant/vpngate";
weathr.url = "github:Veirt/weathr";
}; };
outputs = outputs =
{ {
darwin, darwin,
fh,
determinate,
home-manager, home-manager,
nixpkgs, nixpkgs,
nixpkgs-unstable, nixpkgs-unstable,
stylix,
vpngate, vpngate,
weathr,
... ...
}@inputs: }@inputs:
let
mkUnstable =
system:
import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
mkSharedModules =
{
username,
system,
hmModule,
extraModules ? [ ],
}:
let
unstable = mkUnstable system;
in
[
./packages.nix
hmModule
(
{ ... }:
{
config = {
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [ (import ./overlays) ];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.${username}.imports = [
./home.nix
inputs.nixvim.homeModules.nixvim
weathr.homeModules.weathr
];
extraSpecialArgs = { inherit unstable; };
};
};
}
)
]
++ extraModules;
in
{ {
nixosConfigurations = nixosConfigurations =
let let
unstable = import nixpkgs-unstable {
system = "x86_64-linux"; system = "x86_64-linux";
unstable = mkUnstable system; config.allowUnfree = true;
};
in in
{ {
hephaestus = nixpkgs.lib.nixosSystem { hephaestus = nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
inherit inherit fh;
unstable inherit unstable;
vpngate inherit vpngate;
inputs
;
}; };
modules = mkSharedModules { modules = [
username = "dave"; ./fonts.nix
inherit system; ./machines/hephaestus/configuration.nix
hmModule = home-manager.nixosModules.home-manager; ./packages.nix
extraModules = [ ./services/netdata/default.nix
./hosts/hephaestus.nix ./upgrade-diff.nix
determinate.nixosModules.default
home-manager.nixosModules.home-manager
stylix.nixosModules.stylix
( (
{ ... }: { ... }:
{ {
config.nix = { config = {
nix = {
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
sandbox = false;
substituters = [ "https://davegallant.cachix.org" ]; substituters = [ "https://davegallant.cachix.org" ];
trusted-users = [ "root" ]; trusted-users = [
trusted-public-keys = [ "root"
"davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08=" "dave"
]; ];
trusted-public-keys = [ "davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08=" ];
}; };
registry = { registry = {
nixpkgs.flake = nixpkgs; nixpkgs.flake = nixpkgs;
@@ -112,33 +79,70 @@
options = "--delete-older-than 14d"; options = "--delete-older-than 14d";
}; };
}; };
nixpkgs.overlays = [ (import ./overlays) ];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.dave.imports = [
./home/default.nix
inputs.nixvim.homeManagerModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
};
};
};
} }
) )
]; ];
}; };
}; };
};
darwinConfigurations = darwinConfigurations =
let let
system = "aarch64-darwin"; system = "aarch64-darwin";
unstable = mkUnstable system; unstable = import nixpkgs-unstable {
config.allowUnfree = true;
inherit system;
};
in in
{ {
zelus = darwin.lib.darwinSystem { zelus = darwin.lib.darwinSystem {
inherit system; inherit system;
specialArgs = { specialArgs = {
inherit unstable inputs; inherit unstable;
}; };
modules = mkSharedModules {
username = "dave.gallant"; modules = [
inherit system; home-manager.darwinModules.home-manager
hmModule = home-manager.darwinModules.home-manager; stylix.darwinModules.stylix
extraModules = [ ./machines/zelus/configuration.nix
./hosts/zelus.nix ./packages.nix
./upgrade-diff.nix
(
{ ... }:
{
config = {
nixpkgs.overlays = [ (import ./overlays) ];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users."dave.gallant".imports = [
./home/default.nix
inputs.nixvim.homeManagerModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
};
};
};
}
)
]; ];
}; };
}; };
}; };
};
} }

24
fonts.nix Normal file
View File

@@ -0,0 +1,24 @@
{ pkgs, ... }:
{
fonts.packages = with pkgs; [
dejavu_fonts
fira-code
fira-code-symbols
fira-mono
font-awesome
google-fonts
liberation_ttf
nerdfonts
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
}

290
home.nix → home/default.nix
View File

@@ -8,10 +8,33 @@ let
inherit (pkgs) stdenv; inherit (pkgs) stdenv;
in in
{ {
home.stateVersion = "25.11"; home.stateVersion = "24.11";
home.packages = with pkgs; [ just ]; home.packages = with pkgs; [ just ];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
targets = {
alacritty.enable = true;
vscode.enable = false; # overrides synced settings
};
opacity.terminal = 1.0;
fonts.sizes = if stdenv.isLinux then { terminal = 20; } else { terminal = 16; };
fonts.monospace = {
name = "FiraCode Nerd Font Mono";
package = "${pkgs.fira-mono}";
};
fonts.sansSerif = {
name = "FiraCode Nerd Font";
package = "${pkgs.fira-code}";
};
};
services = { services = {
gpg-agent = { gpg-agent = {
enable = stdenv.isLinux; enable = stdenv.isLinux;
@@ -21,6 +44,8 @@ in
}; };
}; };
services.lorri.enable = stdenv.isLinux;
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
programs = { programs = {
@@ -28,43 +53,40 @@ in
direnv.enable = true; direnv.enable = true;
diff-so-fancy = {
enable = true;
enableGitIntegration = true;
};
git = { git = {
enable = true; enable = true;
userName = "Dave Gallant";
diff-so-fancy.enable = true;
lfs.enable = true; lfs.enable = true;
settings = { aliases = {
user.name = "Dave Gallant";
user.signingkey = "5A548984C7377E4D";
commit.gpgsign = true;
tag.gpgsign = true;
alias = {
aa = "add -A ."; aa = "add -A .";
br = "branch"; br = "branch";
c = "commit"; c = "commit -S";
cm = "commit -m"; ca = "commit -S --amend";
ca = "commit --amend"; cane = "commit -S --amend --no-edit";
cane = "commit --amend --no-edit";
cb = "checkout -b"; cb = "checkout -b";
cmp = "! git checkout main && git pl";
co = "checkout"; co = "checkout";
cmp = "! git checkout main && git pl";
d = "diff"; d = "diff";
dc = "diff --cached"; dc = "diff --cached";
dcn = "diff --cached --name-only"; dcn = "diff --cached --name-only";
ds = "! git diff origin | sed -r 's/value: (.*)/value: \"************\"/'";
l = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"; l = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
ms = "merge --squash"; ms = "merge --squash";
p = "push origin"; p = "push origin";
pf = "push -f"; pf = "push -f";
pl = "! git pull origin $(git rev-parse --abbrev-ref HEAD)"; pl = "! git pull origin $(git rev-parse --abbrev-ref HEAD)";
pom = "pull origin main";
st = "status"; st = "status";
wip = "for-each-ref --sort='authordate:iso8601' --format=' %(color:green)%(authordate:relative)%09%(color:white)%(refname:short)' refs/heads"; wip = "for-each-ref --sort='authordate:iso8601' --format=' %(color:green)%(authordate:relative)%09%(color:white)%(refname:short)' refs/heads";
}; };
includes = [ { path = "~/.gitconfig-work"; } ];
extraConfig = {
push = { push = {
default = "current"; default = "current";
}; };
@@ -72,35 +94,15 @@ in
rebase = true; rebase = true;
}; };
}; };
includes = [ { path = "~/.gitconfig-work"; } ];
};
alacritty = {
enable = stdenv.isLinux;
settings = {
window.padding.x = 10;
window.padding.y = 10;
scrolling.history = 100000;
general.live_config_reload = true;
terminal.shell = {
program = "fish";
};
font = {
size = lib.mkForce 14.0;
};
window = {
opacity = lib.mkForce 0.9;
};
};
}; };
starship = { starship = {
enable = true; enable = true;
enableFishIntegration = true; enableZshIntegration = true;
settings = { settings = {
add_newline = false; add_newline = false;
scan_timeout = 10;
gcloud = { gcloud = {
format = ""; format = "";
}; };
@@ -110,46 +112,63 @@ in
}; };
}; };
fish = { zsh = {
enable = true; enable = true;
autosuggestion.enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
history.size = 1000000;
interactiveShellInit = '' localVariables = {
set fish_greeting CASE_SENSITIVE = "true";
DISABLE_UNTRACKED_FILES_DIRTY = "true";
RPROMPT = ""; # override because macOS defaults to filepath
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#838383,underline";
ZSH_DISABLE_COMPFIX = "true";
};
bind \cw backward-kill-word envExtra = ''
export PAGER=less
export EDITOR=vim
export DOCKER_CLI_HINTS=false
export TERM=xterm-256color
set -x DOCKER_CLI_HINTS false export PATH=$PATH:~/.cargo/bin
set -x DOCKER_DEFAULT_PLATFORM linux/amd64 export PATH=$PATH:~/.local/bin
set -x EDITOR vim export PATH=$PATH:~/.npm-packages/bin
set -x NNN_FIFO "$XDG_RUNTIME_DIR/nnn.fifo" export PATH=$PATH:/opt/homebrew/bin
set -x PAGER less export PATH=$PATH:~/.krew/bin
${lib.optionalString pkgs.stdenv.isLinux "set -x SSH_AUTH_SOCK /home/dave/.bitwarden-ssh-agent.sock"} export PATH=$PATH:~/bin
set -x TERM xterm-256color export GOPATH=~/go
export GOBIN=$GOPATH/bin
set -x PATH $PATH \ export PATH=$PATH:$GOBIN
~/.cargo/bin \
~/.local/bin \
~/.npm-packages/bin \
/opt/homebrew/bin \
~/.krew/bin \
~/bin
# golang
set -x GOPATH ~/go
set -x GOBIN $GOPATH/bin
set -x PATH $PATH $GOBIN
source $HOME/work.fish
''; '';
shellInit = '' initExtra = ''
atuin init fish | source setopt noincappendhistory
helm completion fish | source
kubectl completion fish | source source $HOME/.zsh-work
if [[ "$OSTYPE" == "darwin"* ]];
then
export PATH="$(brew --prefix)/opt/gnu-tar/libexec/gnubin:$PATH"
alias xdg-open=open
fi
source <(helm completion zsh)
source <(kubectl completion zsh)
eval "$(atuin init zsh)"
# kubecolor
source <(kubectl completion zsh)
alias kubectl=kubecolor
# make completion work with kubecolor
compdef kubecolor=kubectl
''; '';
shellAliases = { shellAliases = {
".." = "cd .."; ".." = "cd ..";
c = "code";
g = "git"; g = "git";
gc = "git checkout $(git branch | fzf)"; gc = "git checkout $(git branch | fzf)";
gco = "git checkout $(git branch -r | sed -e 's/^ origin\\///' | fzf)"; gco = "git checkout $(git branch -r | sed -e 's/^ origin\\///' | fzf)";
@@ -158,58 +177,32 @@ in
grep = "rg --smart-case"; grep = "rg --smart-case";
j = "just"; j = "just";
k = "kubecolor"; k = "kubecolor";
kubectl = "kubecolor";
kp = "viddy 'kubectl get pods'"; kp = "viddy 'kubectl get pods'";
kcx = "kubectx"; kcx = "kubectx";
kns = "kubens"; kns = "kubens";
l = "eza -la --git --group-directories-first"; l = "eza -la --git --group-directories-first";
m = "make"; m = "make";
nix-install = "nix-env -iA"; nix-install = "nix-env -iA";
t = "cd $(cd-fzf)"; ps = "procs";
t = "cd-fzf";
tf = "terraform"; tf = "terraform";
tree = "eza --tree"; tree = "eza --tree";
v = "nvim"; v = "nvim";
} };
// lib.optionalAttrs stdenv.isLinux {
zed = "env WAYLAND_DISPLAY='' zeditor"; # BUG: zed captures shift+v and g space on wayland "oh-my-zsh" = {
enable = true;
}; };
}; };
go = { go = {
enable = true; enable = true;
package = unstable.go;
}; };
fzf = { fzf = {
enable = true; enable = true;
}; };
nnn = {
enable = stdenv.isLinux;
package = pkgs.nnn.override ({ withNerdIcons = true; });
bookmarks = {
d = "~/Downloads";
p = "~/src/";
c = "~/.config";
h = "~";
};
extraPackages = with pkgs; [
bat
eza
fzf
imv
mediainfo
ffmpegthumbnailer
];
plugins = {
src = "${pkgs.nnn.src}/plugins";
mappings = {
p = "preview-tui";
o = "fzopen";
};
};
};
nixvim = { nixvim = {
enable = true; enable = true;
viAlias = true; viAlias = true;
@@ -265,19 +258,6 @@ in
cmp-path.enable = true; cmp-path.enable = true;
cmp-treesitter.enable = true; cmp-treesitter.enable = true;
commentary.enable = true; commentary.enable = true;
codecompanion = {
enable = true;
settings = {
interactions = {
chat = {
adapter = "copilot";
};
inline = {
adapter = "copilot";
};
};
};
};
diffview.enable = true; diffview.enable = true;
gitblame.enable = true; gitblame.enable = true;
gitsigns.enable = true; gitsigns.enable = true;
@@ -285,6 +265,7 @@ in
lualine.enable = true; lualine.enable = true;
lsp.enable = true; lsp.enable = true;
lsp.servers = { lsp.servers = {
ansiblels.enable = true;
bashls.enable = true; bashls.enable = true;
dockerls.enable = true; dockerls.enable = true;
gopls.enable = true; gopls.enable = true;
@@ -304,6 +285,10 @@ in
}; };
cmp.enable = true; cmp.enable = true;
nvim-tree.enable = true; nvim-tree.enable = true;
packer = {
enable = true;
plugins = [ ];
};
rainbow-delimiters.enable = true; rainbow-delimiters.enable = true;
treesitter.enable = true; treesitter.enable = true;
telescope = { telescope = {
@@ -401,70 +386,27 @@ in
''; '';
}; };
mangohud = { vscode = {
enable = stdenv.isLinux;
settings = {
font_size = 16;
position = "top-right";
toggle_hud = "Shift_R+F1";
};
};
weathr = {
enable = true; enable = true;
settings = { package = pkgs.vscode;
hide_hud = true; extensions =
}; with pkgs.vscode-extensions;
}; [
bbenoist.nix
zed-editor = { github.vscode-pull-request-github
enable = stdenv.isLinux; golang.go
package = unstable.zed-editor; hashicorp.terraform
extensions = [ ms-dotnettools.csharp
"ansible" ms-kubernetes-tools.vscode-kubernetes-tools
"dockerfile" redhat.vscode-yaml
"html" ]
"make" ++ lib.optionals stdenv.isLinux [ ms-python.python ];
"material-icon-theme"
"nix"
"toml"
"vue"
];
userSettings = {
icon_theme = "Material Icon Theme";
vim_mode = true;
vim = {
use_system_clipboard = "on_yank";
};
autosave = "on_focus_change";
format_on_save = "off";
ui_font_size = 18;
buffer_font_size = 16;
};
userKeymaps = [
{
context = "Editor && !menu";
bindings = {
"ctrl-shift-c" = "editor::Copy";
"ctrl-shift-x" = "editor::Cut";
"ctrl-shift-v" = "editor::Paste";
"ctrl-z" = "editor::Undo";
};
}
{
context = "vim_mode == normal";
bindings = {
"g space" = "editor::OpenExcerpts";
"shift-v" = "vim::ToggleVisualLine";
};
}
];
}; };
firefox = { firefox = {
enable = stdenv.isLinux; enable = stdenv.isLinux;
package = pkgs.librewolf; package = unstable.librewolf;
profiles = { profiles = {
default = { default = {

11
justfile
View File

@@ -5,16 +5,13 @@ alias r := rebuild
arch := `uname -s` arch := `uname -s`
cmd := if arch == "Linux" { "nixos-rebuild --sudo" } else { "sudo darwin-rebuild" } cmd := if arch == "Linux" { "sudo nixos-rebuild --use-remote-sudo" } else { "darwin-rebuild" }
rebuild: rebuild:
$cmd switch --flake . $cmd switch --flake . -I nixos-config="machines/$(hostname)/configuration.nix"
rebuild-boot:
$cmd boot --flake . --install-bootloader
rollback: rollback:
sudo $cmd switch --rollback --flake . $cmd switch --rollback --flake .
channel-update: channel-update:
nix-channel --update nix-channel --update
@@ -24,7 +21,7 @@ update:
@./update-flake.sh @./update-flake.sh
fmt: fmt:
fd -e nix -x nixfmt nixfmt *.nix
clean: clean:
echo 'Cleaning user...' echo 'Cleaning user...'

235
hosts/hephaestus.nix → machines/hephaestus/configuration.nix
View File

@@ -1,29 +1,36 @@
{ {
config, config,
fh,
lib, lib,
modulesPath, modulesPath,
pkgs, pkgs,
unstable, unstable,
vpngate,
... ...
}: }:
let
gnomeExtensions = with pkgs.gnomeExtensions; [
caffeine
];
in
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
security.sudo-rs = { stylix = {
enable = true; enable = true;
execWheelOnly = true; base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
wheelNeedsPassword = true; image = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/davegallant/nix-config/refs/heads/main/nixos-wallpaper.png";
sha256 = "Ztqn9+CHslr6wZdnOTeo/YNi/ICerpcFLyMArsZ/PIY=";
};
polarity = "dark";
fonts.sizes.desktop = 24;
}; };
boot = { boot = {
kernelModules = [ kernelModules = [ "kvm-amd" ];
"kvm-amd" kernelPackages = pkgs.linuxPackages_latest;
];
kernelPackages = pkgs.linuxPackages;
kernelParams = [
"amd_iommu=on"
];
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
@@ -51,7 +58,7 @@
]; ];
luks.devices."root" = { luks.devices."root" = {
allowDiscards = true; allowDiscards = true;
device = "/dev/disk/by-uuid/89a14ac5-7723-4a0a-bb95-fb2fb2e92160"; device = "/dev/disk/by-uuid/21cd166c-1528-49a4-b31b-0d408d48aa80";
preLVM = true; preLVM = true;
keyFile = "./keyfile0.bin"; keyFile = "./keyfile0.bin";
}; };
@@ -61,13 +68,63 @@
}; };
}; };
environment.systemPackages =
with pkgs;
[
albert
android-studio
android-tools
bleachbit
calibre
chromium
cryptsetup
discord
docker-compose
fh.packages.x86_64-linux.default
freefilesync
gimp-with-plugins
gnome-tweaks
httpie-desktop
iputils
libation
mission-center
netdata
nfs-utils
onlyoffice-desktopeditors
opensnitch-ui
pavucontrol
pika-backup
pinentry-curses
protonvpn-gui
qemu
ryujinx
traceroute
unityhub
unstable.ghostty
unstable.obsidian
unstable.signal-desktop
unstable.tailscale
unstable.zoom-us
usbutils
virt-manager
vlc
vpngate.packages.x86_64-linux.default
whois
wine
]
++ gnomeExtensions;
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/7f4f0948-041c-47e9-ab28-53132026f158"; device = "/dev/disk/by-uuid/a6723178-6f18-428e-b541-9ac901861125";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-uuid/e3ab2e1a-bddf-4ae0-b00a-bf954c6c182b";
fsType = "ext4"; fsType = "ext4";
}; };
"/boot/efi" = { "/boot/efi" = {
device = "/dev/disk/by-uuid/F1BD-5227"; device = "/dev/disk/by-uuid/3CFD-D749";
fsType = "vfat"; fsType = "vfat";
}; };
"/mnt/synology-2b/media" = { "/mnt/synology-2b/media" = {
@@ -75,34 +132,17 @@
fsType = "nfs"; fsType = "nfs";
}; };
"/mnt/truenas/home/backups" = { "/mnt/truenas/home/backups" = {
device = "192.168.1.132:/mnt/wd4t/data/home/backup/"; device = "192.168.1.32:/mnt/wd4t/data/home/backup/";
fsType = "nfs"; fsType = "nfs";
}; };
}; };
fonts.packages = with pkgs; [ nixpkgs = {
dejavu_fonts hostPlatform = "x86_64-linux";
fira-mono config = {
font-awesome allowUnfree = true;
liberation_ttf };
nerd-fonts.droid-sans-mono
nerd-fonts.fira-code
nerd-fonts.symbols-only
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
}; };
nixpkgs.hostPlatform = "x86_64-linux";
networking = { networking = {
iproute2.enable = true; iproute2.enable = true;
@@ -123,85 +163,28 @@
}; };
}; };
users.users.beszel = {
isSystemUser = true;
group = "beszel";
description = "Beszel Agent service user";
};
users.groups.beszel = { };
systemd.services = { systemd.services = {
NetworkManager-wait-online.enable = false; NetworkManager-wait-online.enable = false;
beszel-agent = {
description = "Beszel Agent Service";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Environment = [
"PORT=45876"
''KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaNtnkc+3+fJU+bTO6fibID9FHgFjei0sjJNqvcYtG8"''
];
ExecStart = "${lib.getBin unstable.beszel}/bin/beszel-agent";
User = "beszel";
Restart = "always";
RestartSec = 5;
};
};
};
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
services.ollama = {
package = pkgs.ollama;
enable = true;
acceleration = "rocm";
host = "0.0.0.0";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.2";
};
loadModels = [
"qwen2.5-coder:7b"
];
}; };
system = { system = {
autoUpgrade.enable = true; autoUpgrade.enable = true;
stateVersion = "25.11"; stateVersion = "24.11";
activationScripts = {
diff = {
supportsDryActivation = true;
text = ''
if [[ -e /run/current-system ]]; then
echo -e "\e[36mPackage version diffs:\e[0m"
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
fi
'';
};
};
}; };
nix = { nix = {
extraOptions = "experimental-features = nix-command flakes"; extraOptions = "experimental-features = nix-command flakes";
settings.trusted-users = [
"root"
"@wheel"
];
}; };
users.users.dave = { users.users.dave = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
"docker" "docker"
"libvirtd"
"wheel" "wheel"
"libvirtd"
"corectrl"
]; ];
shell = pkgs.fish; shell = pkgs.zsh;
}; };
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@@ -214,8 +197,6 @@
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
hardware.bluetooth.enable = true;
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
@@ -223,24 +204,19 @@
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
documentation.man.generateCaches = false;
programs = { programs = {
fish.enable = true;
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
}; };
kdeconnect.enable = true;
nix-ld.enable = true; nix-ld.enable = true;
steam = { steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
}; };
zsh.enable = true;
}; };
services.flatpak.enable = true;
services.avahi = { services.avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
@@ -254,14 +230,9 @@
}; };
}; };
security.rtkit.enable = true; services.flatpak.enable = true;
services.pipewire.enable = true;
services = { services.gnome.gnome-keyring.enable = true;
desktopManager.plasma6.enable = true;
displayManager.sddm.enable = true;
displayManager.sddm.wayland.enable = true;
};
services.printing.enable = true; services.printing.enable = true;
@@ -274,8 +245,43 @@
package = unstable.tailscale; package = unstable.tailscale;
}; };
services.clamav.daemon.enable = true; services.xserver = {
services.clamav.updater.enable = true; enable = true;
displayManager = {
gdm = {
enable = true;
wayland = true;
};
};
desktopManager.gnome.enable = true;
videoDrivers = [ "amdgpu" ];
};
services.ollama = {
package = unstable.ollama;
enable = true;
acceleration = "rocm";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.2";
};
loadModels = [
"deepseek-r1:8b"
"dolphin3:8b"
];
};
services.open-webui = {
enable = true;
package = unstable.open-webui;
host = "0.0.0.0";
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434/api";
OLLAMA_BASE_URL = "http://127.0.0.1:11434";
};
};
services.opensnitch = { services.opensnitch = {
enable = true; enable = true;
@@ -423,6 +429,7 @@
virtualisation = { virtualisation = {
docker.enable = true; docker.enable = true;
podman.enable = true;
libvirtd = { libvirtd = {
enable = true; enable = true;
qemu.swtpm.enable = true; qemu.swtpm.enable = true;

53
hosts/zelus.nix → machines/zelus/configuration.nix
View File

@@ -1,19 +1,26 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
nixpkgs = {
config = {
allowUnfree = true;
};
};
networking = { networking = {
hostName = "zelus"; hostName = "zelus";
}; };
nix.enable = false; nix.enable = false;
programs.zsh = {
enable = true;
# https://github.com/nix-community/home-manager/issues/108#issuecomment-340397178
enableCompletion = false;
};
system.stateVersion = 4; system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant"; users.users."dave.gallant".home = "/Users/dave.gallant";
users.users."dave.gallant".shell = pkgs.fish;
programs.fish.enable = true;
system.primaryUser = "dave.gallant";
system.defaults = { system.defaults = {
@@ -30,11 +37,13 @@
tilesize = 50; tilesize = 50;
orientation = "bottom"; orientation = "bottom";
persistent-apps = [ persistent-apps = [
"/Applications/iTerm.app" "/Applications/Ghostty.app"
"/Applications/Google Chrome.app" "/Applications/Google Chrome.app"
"/Applications/LibreWolf.app" "/Applications/LibreWolf.app"
"/Applications/Obsidian.app" "/Applications/Logseq.app"
"/Applications/Slack.app" "/Applications/Slack.app"
"/Applications/Spotify.app"
"/Applications/Visual Studio Code.app"
"/Applications/zoom.us.app" "/Applications/zoom.us.app"
]; ];
}; };
@@ -58,7 +67,7 @@
finder.FXPreferredViewStyle = "Nlsv"; finder.FXPreferredViewStyle = "Nlsv";
}; };
security.pam.services.sudo_local.touchIdAuth = true; security.pam.enableSudoTouchIdAuth = true;
homebrew = { homebrew = {
enable = true; enable = true;
@@ -72,16 +81,14 @@
}; };
brews = [ brews = [
"argocd"
"azure-cli" "azure-cli"
"coreutils" "coreutils"
"gnu-sed" "gnu-sed"
"gnu-tar" "gnu-tar"
"k6" "netdata"
"node" "node"
"oras" "oras"
"peon-ping" "k6"
"vault"
]; ];
casks = [ casks = [
@@ -90,14 +97,17 @@
"font-fira-code-nerd-font" "font-fira-code-nerd-font"
"font-hack-nerd-font" "font-hack-nerd-font"
"fork" "fork"
"headlamp" "ghostty"
"iterm2" "iterm2"
"karabiner-elements" "karabiner-elements"
"knockknock" "knockknock"
"librewolf" "librewolf"
"logseq"
"lulu" "lulu"
"mitmproxy"
"notunes" "notunes"
"obsidian" "ollama"
"postman"
"raycast" "raycast"
"rectangle" "rectangle"
"signal" "signal"
@@ -106,16 +116,21 @@
"stats" "stats"
"steam" "steam"
"taskexplorer" "taskexplorer"
"tailscale-app" "tailscale"
"vlc" "vlc"
"whisky"
"zed"
]; ];
taps = [ taps = [
"hashicorp/tap" "homebrew/bundle"
"PeonPing/tap" "homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
]; ];
}; };
stylix = {
# enable = true;
image = "/Library/tokyo-night.jpg";
};
} }

BIN
nixos-wallpaper.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 297 KiB

3
overlays/cd-fzf/cd-fzf
View File

@@ -13,4 +13,5 @@ if [[ -z $selected ]]; then
exit 0 exit 0
fi fi
echo "$selected" cd "$selected"
$SHELL

22
overlays/cd-fzf/default.nix
View File

@@ -1,13 +1,19 @@
{ stdenv, lib }: {
stdenv.mkDerivation { stdenv,
lib,
fetchurl,
}:
stdenv.mkDerivation rec {
pname = "cd-fzf"; pname = "cd-fzf";
version = "0.0.1"; version = "0.0.1";
src = ./.; executable = ./cd-fzf;
installPhase = '' phases = [ "unpackPhase" ]; # Remove all other phases
install -Dm755 cd-fzf $out/bin/cd-fzf unpackPhase = ''
mkdir -p $out/bin
cp ${executable} $out/bin/cd-fzf
''; '';
meta = { meta = with lib; {
description = "Fuzzy find change directory"; description = "\n Fuzzy find change directory";
platforms = lib.platforms.unix; platforms = platforms.unix;
}; };
} }

138
packages.nix
View File

@@ -1,52 +1,57 @@
{ {
pkgs, config,
lib, lib,
pkgs,
unstable, unstable,
vpngate,
... ...
}: }:
let let
inherit (pkgs) stdenv; inherit (pkgs) stdenv;
in in
{ {
environment.systemPackages = environment.systemPackages = with pkgs; [
with pkgs;
[
# essentials # essentials
curl curl
gnumake gnumake
gnupg gnupg
jq jq
unzip unzip
xclip
xdg-utils
zip zip
# modern cli # modern cli
atuin
bat bat
cd-fzf cd-fzf
doggo doggo
eza eza
fd fd
github-cli
hadolint hadolint
lazygit nodePackages.eslint
macchina oha
ncdu pre-commit
progress progress
ripgrep ripgrep
shellcheck shellcheck
shfmt shfmt
tldr
atuin
github-cli
viddy viddy
yq-go yq-go
# containers # containers
unstable.k9s krew
unstable.krew kubecolor
unstable.kubecolor kubectl
unstable.kubectl kubectx
unstable.kubectx minikube
unstable.kubernetes-helm stern
unstable.stern dive
helm-docs
k9s
kubernetes-helm
# cloud # cloud
awscli2 awscli2
@@ -55,12 +60,12 @@ in
# lsp # lsp
nodePackages.bash-language-server nodePackages.bash-language-server
nodePackages.eslint
nodePackages.yaml-language-server nodePackages.yaml-language-server
terraform-ls terraform-ls
# monitoring # monitoring
btop htop
procs
# golang # golang
gofumpt gofumpt
@@ -70,21 +75,10 @@ in
# rust # rust
rustup rustup
# nix # js
nix-tree nodejs
nixfmt-rfc-style nodePackages.prettier
nixpkgs-review nodePackages.yarn
nvd
# python
virtualenv
# media
yt-dlp
]
++ lib.optionals stdenv.isLinux [
xclip
xdg-utils
# networking # networking
arp-scan arp-scan
@@ -95,74 +89,20 @@ in
openvpn openvpn
tcpdump tcpdump
# desktop apps # rice
bitwarden-desktop fastfetch
dbeaver-bin
discord
feishin
freefilesync
gimp-with-plugins
google-chrome
httpie-desktop
onlyoffice-desktopeditors
pika-backup
pinta
qbittorrent
unstable.obsidian
unstable.podman-desktop
unstable.signal-desktop-bin
unstable.zoom-us
# gaming # nix
heroic nix-tree
ludusavi nixfmt-rfc-style
mupen64plus nixpkgs-review
protonup-qt
unstable.ryubing
unstable.lutris
wine
# kde # python
kdePackages.bluedevil poetry
kdePackages.kcalc python313
kdePackages.kcharselect virtualenv
kdePackages.kclock
kdePackages.kcolorchooser
kdePackages.ksystemlog
kdePackages.partitionmanager
kdePackages.sddm-kcm
# media # media
calibre yt-dlp
libation
unstable.spotify
vlc
# networking
iputils
traceroute
unstable.ktailctl
unstable.tailscale
vpngate.packages.x86_64-linux.default
whois
# security
bleachbit
clamtk
cryptsetup
opensnitch-ui
pinentry-curses
# system utilities
hardinfo2
nfs-utils
pciutils
qemu
unrar
unstable.beszel
usbutils
virt-manager
wayland-utils
wl-clipboard
]; ];
} }

43
services/netdata/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{ config, pkgs, ... }:
let
netdata = pkgs.netdata;
netdataConf = ./netdata.conf;
netdataDir = "/var/lib/netdata";
in
{
users.extraGroups.netdata.gid = 220008;
users.users.netdata.group = "netdata";
users.extraUsers.netdata = {
description = "Netdata server user";
isSystemUser = true;
name = "netdata";
uid = 200008;
};
systemd.services.netdata = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p ${netdataDir}/config
mkdir -p ${netdataDir}/logs
cp -r ${netdata}/share/netdata/web ${netdataDir}/web
chmod -R 700 ${netdataDir}
chown -R netdata:netdata ${netdataDir}
'';
serviceConfig = {
Type = "forking";
ExecStart = "${netdata}/bin/netdata -c ${netdataConf} -u netdata";
Restart = "on-failure";
};
};
services.nginx.httpConfig = ''
server {
server_name netdata.thume.net;
location / {
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:19999;
}
}
'';
}

21
services/netdata/netdata.conf Normal file
View File

@@ -0,0 +1,21 @@
[global]
run as user = netdata
config directory = /var/lib/netdata/config
web files directory = /var/lib/netdata/web
cache directory = /var/lib/netdata
log directory = /var/lib/netdata/logs
# the default database size - 1 hour
history = 3600
# some defaults to run netdata with least priority
process scheduling policy = idle
OOM score = 1000
[web]
# web files owner = root
web files group = netdata
# by default do not expose the netdata port
bind to = localhost

13
shell.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-24.11";
pkgs = import nixpkgs {
config = { };
overlays = [ ];
};
in
pkgs.mkShell {
shellHook = ''
${(import ./default.nix).pre-commit-check.shellHook}
'';
}

4
update-flake.sh
View File

@@ -2,10 +2,6 @@
set -euo pipefail set -euo pipefail
if ! git diff-index --quiet HEAD --; then
git stash push -m "Auto-stash via update-flake.sh on $(date)"
fi
git pull git pull
update_msg=$(nix flake update 2>&1 | grep -v 'warning:') update_msg=$(nix flake update 2>&1 | grep -v 'warning:')
just rebuild just rebuild

9
upgrade-diff.nix Normal file
View File

@@ -0,0 +1,9 @@
{ pkgs, ... }:
{
system.activationScripts.diff = {
supportsDryActivation = true;
text = ''
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
'';
};
}