dave/nix-config
1
0
Fork 0
mirror of https://github.com/davegallant/nix-config synced 2026-01-12 09:54:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dave:main
Branches Tags
dave:main
..
compare: dave:14e9ba899aca08d1c28f8c13465f4d91ec506507
Branches Tags
dave:main

1 Commits
main ... 14e9ba899a

Author SHA1 Message Date
Dave Gallant
14e9ba899a Add sbx-h6-rgb 2024-03-10 21:12:26 -04:00
30 changed files with 1477 additions and 1652 deletions
Expand all files Collapse all files

3
.envrc Normal file
View File

@@ -0,0 +1,3 @@
if has nix-shell; then
use_nix
fi

6
.github/workflows/cachix.yml vendored
View File

@@ -14,11 +14,11 @@ jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@v26
with: with:
nix_path: nixpkgs=channel:nixos-unstable nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v16 - uses: cachix/cachix-action@v14
with: with:
name: davegallant name: davegallant
authToken: '${{ secrets.CACHIX_API_KEY }}' authToken: '${{ secrets.CACHIX_API_KEY }}'

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
.pre-commit-config.yaml .pre-commit-config.yaml
.vscode .vscode
git-crypt-key
result result

27
Makefile Normal file
View File

@@ -0,0 +1,27 @@
SHELL := bash
.SHELLFLAGS := -eu -o pipefail -c
.DELETE_ON_ERROR:
MAKEFLAGS += --warn-undefined-variables
MAKEFLAGS += --no-builtin-rules
HOSTNAME ?= $(shell hostname)
UNAME_S := $(shell uname -s)
ifeq ($(UNAME_S),Linux)
SWITCH_CMD := nixos-rebuild --use-remote-sudo -I nixos-config="machines/$(HOSTNAME)/configuration.nix" switch --flake '.\#'
endif
ifeq ($(UNAME_S),Darwin)
SWITCH_CMD := exec darwin-rebuild switch --flake .
endif
switch:
$(SWITCH_CMD)
rollback:
nixos-rebuild --use-remote-sudo switch --rollback -I nixos-config="machines/$(HOSTNAME)/configuration.nix"
update:
@./nix-flake-update.sh
fmt:
nixpkgs-fmt .

67
README.md
View File

@@ -1,42 +1,18 @@
# nix-config # nix-config
This repo stores nix configuration to manage my hosts running [NixOS](https://nixos.org/) and macOS. This repo stores nix to manage my machines running [NixOS](https://nixos.org/) and macOS.
The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment. The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment.
```console ## Setup
macchina
a8888b. Host - dave@hephaestus > on macOS: install the latest unstable nix from https://github.com/numtide/nix-unstable-installer (for nix flakes),
d888888b. Machine - Micro-Star International Co., Ltd MS-7C02 1.0 > and nix-darwin: https://github.com/LnL7/nix-darwin
8P"YP"Y88 Kernel - 6.12.61
8|o||o|88 Distro - NixOS 25.11 (Xantusia)
8' .88 DE - KDE
8`._.' Y8. Packages - 1 (cargo), 10998 (nix)
d/ `8b. Shell - fish
dP Y8b. Terminal - alacritty
d8: ::88b. Resolution - 2560x1440, 3840x2160
d8" 'Y88b Uptime - 26m
:8P :888 CPU - AMD Ryzen 7 5700X 8-Core Processor (16)
8a. _a88P CPU Load - 8%
._/"Yaa .| 88P| Memory - 10.7 GB / 32.8 GB
\ YP" `| `.
/ \.___.d| .'
`--..__) `._.'
```
## Prerequisites To run a rebuild:
- [NixOS](nixos.org) (Linux)
- [Determinate Nix](https://determinate.systems/nix-installer) (macOS)
- [just](https://github.com/casey/just)
## Build
To run a build/rebuild:
```sh ```sh
just rebuild make
``` ```
## Update ## Update
@@ -44,7 +20,7 @@ just rebuild
To update nixpkgs defined in [flake.nix](./flake.nix), run: To update nixpkgs defined in [flake.nix](./flake.nix), run:
```sh ```sh
just update make update
``` ```
If there are updates, they should be reflected in [flake.lock](./flake.lock). If there are updates, they should be reflected in [flake.lock](./flake.lock).
@@ -54,32 +30,9 @@ If there are updates, they should be reflected in [flake.lock](./flake.lock).
To rollback to the previous generation: To rollback to the previous generation:
```sh ```sh
just rollback make rollback
``` ```
## Garbage collection ## Pre-commit hooks
To cleanup previous files, run nix garbage collection: Pre-commit hooks are automatically activated when [direnv](https://github.com/direnv/direnv) is installed.
```sh
just clean
```
## Restoring from a live USB
If the bootloader for some reason breaks (i.e. motherboard firmware upgrade), restore it from a live USB by running the following commands:
```console
$ sudo cryptsetup luksOpen /dev/nvme0n1p2 crypted-nixos
Enter passphrase for /dev/nvme0n1p2: ********
$ sudo mount /dev/vg/root /mnt
$ sudo mount /dev/nvme0n1p1 /mnt/boot/efi
$ sudo nixos-enter --root /mnt
$ hostname <hostname>
```
Navigate to the nix-config directory and run:
```sh
just rebuild-boot
```

14
default.nix Normal file
View File

@@ -0,0 +1,14 @@
let
nix-pre-commit-hooks =
import (builtins.fetchTarball
"https://github.com/cachix/pre-commit-hooks.nix/tarball/master");
in
{
pre-commit-check = nix-pre-commit-hooks.run {
src = ./.;
hooks = {
shellcheck.enable = true;
nixpkgs-fmt.enable = true;
};
};
}

467
flake.lock generated
View File

@@ -1,5 +1,28 @@
{ {
"nodes": { "nodes": {
"beautysh": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"poetry2nix": "poetry2nix",
"utils": "utils"
},
"locked": {
"lastModified": 1680308980,
"narHash": "sha256-aUEHV0jk2qIFP3jlsWYWhBbm+w/N9gzH3e4I5DcdB5s=",
"owner": "lovesegfault",
"repo": "beautysh",
"rev": "9845efc3ea3e86cc0d41465d720a47f521b2799c",
"type": "github"
},
"original": {
"owner": "lovesegfault",
"repo": "beautysh",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -7,85 +30,27 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767634391, "lastModified": 1709771483,
"narHash": "sha256-owcSz2ICqTSvhBbhPP+1eWzi88e54rRZtfCNE5E/wwg=", "narHash": "sha256-Hjzu9nCknHLQvhdaRFfCEprH0o15KcaNu1QDr3J88DI=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "08585aacc3d6d6c280a02da195fdbd4b9cf083c2", "rev": "550340062c16d7ef8c2cc20a3d2b97bcd3c6b6f6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "lnl7", "owner": "lnl7",
"ref": "nix-darwin-25.11",
"repo": "nix-darwin", "repo": "nix-darwin",
"type": "github" "type": "github"
} }
}, },
"determinate": {
"inputs": {
"determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin",
"determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux",
"determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux",
"nix": "nix",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1766549083,
"narHash": "sha256-G1Hljg7vIBt8n9cxO382YAZWtZU/mYfQcg3icdNG8RQ=",
"rev": "ba8999fac986e70f52b4cba15047be7bbb7b6346",
"revCount": 318,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.1/019b4e8a-dc22-75db-aef5-a447efbb1a13/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/determinate/%2A"
}
},
"determinate-nixd-aarch64-darwin": {
"flake": false,
"locked": {
"narHash": "sha256-uWDS94cAYprGj+AwuT42nuuDDicRLj1S0JwalZGeBRU=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS"
}
},
"determinate-nixd-aarch64-linux": {
"flake": false,
"locked": {
"narHash": "sha256-uHBcZCh2/Bj5/88TDihupA336tSQDk7s5lVP66IDAX0=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux"
}
},
"determinate-nixd-x86_64-linux": {
"flake": false,
"locked": {
"narHash": "sha256-y+l05H6GNv/1WcrMztDYem8VBWqjc9gNg4WjeQ1PQxo=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1673956053,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -94,58 +59,16 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"determinate",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748821116,
"narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
"rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
"revCount": 377,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1701680307,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -156,14 +79,14 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1685518550,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -172,231 +95,103 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks-nix": { "gitignore": {
"inputs": { "inputs": {
"flake-compat": "flake-compat",
"gitignore": [
"determinate",
"nix"
],
"nixpkgs": [ "nixpkgs": [
"determinate", "nixvim",
"nix", "pre-commit-hooks",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1747372754, "lastModified": 1660459072,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", "owner": "hercules-ci",
"revCount": 1026, "repo": "gitignore.nix",
"type": "tarball", "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" "type": "github"
}, },
"original": { "original": {
"type": "tarball", "owner": "hercules-ci",
"url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" "repo": "gitignore.nix",
"type": "github"
} }
}, },
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1767910483,
"narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1754860581, "lastModified": 1706981411,
"narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"owner": "NuschtOS", "owner": "nix-community",
"repo": "ixx", "repo": "home-manager",
"rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NuschtOS", "owner": "nix-community",
"ref": "v0.1.1", "ref": "release-23.11",
"repo": "ixx", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"nix": { "nixos-hardware": {
"inputs": {
"flake-parts": "flake-parts",
"git-hooks-nix": "git-hooks-nix",
"nixpkgs": "nixpkgs",
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": { "locked": {
"lastModified": 1766546676, "lastModified": 1709410583,
"narHash": "sha256-GsC52VFF9Gi2pgP/haQyPdQoF5Qe2myk1tsPcuJZI28=", "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
"rev": "51dacdd248e8071cd0243a8245c8c42ac1f33307", "owner": "NixOS",
"revCount": 24299, "repo": "nixos-hardware",
"type": "tarball", "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.1/019b4e84-d036-75db-b6c6-6bc2e2035c53/source.tar.gz" "type": "github"
}, },
"original": { "original": {
"type": "tarball", "owner": "NixOS",
"url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" "repo": "nixos-hardware",
"type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1761597516, "lastModified": 1710021367,
"narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", "narHash": "sha256-FuMVdWqXMT38u1lcySYyv93A7B8wU0EGzUr4t4jQu8g=",
"rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
"revCount": 811874,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505"
}
},
"nixpkgs-23-11": {
"locked": {
"lastModified": 1717159533,
"narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "rev": "b94a96839afcc56de3551aa7472b8d9a3e77e05d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "ref": "nixos-23.11",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1767964817,
"narHash": "sha256-w8GpeC0gbKE6ftLbpZx7pgJ1zE9dPkWeOVs36tf481c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d009f91bd474d996c774ea57be5e65935c778577",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-regression": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1643052045, "lastModified": 1685801374,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1767767207, "lastModified": 1710066242,
"narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", "narHash": "sha256-bO7kahLdawW7rBqUTfWgf9mdPYrnOo5DGvWRJa9N8Do=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5912c1772a44e31bf1c63c0390b90501e5026886", "rev": "db339f1706f555794b71aa4eb26a5a240fb6a599",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1766314097,
"narHash": "sha256-laJftWbghBehazn/zxVJ8NdENVgjccsWAdAqKXhErrM=",
"rev": "306ea70f9eb0fb4e040f8540e2deab32ed7e2055",
"revCount": 914780,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.914780%2Brev-306ea70f9eb0fb4e040f8540e2deab32ed7e2055/019b49b8-ed0f-724e-bdaf-5fd90cc1c590/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1767799921,
"narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d351d0653aeb7877273920cd3e823994e7579b0b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1767799921,
"narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d351d0653aeb7877273920cd3e823994e7579b0b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1763934636,
"narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -408,61 +203,88 @@
}, },
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "beautysh": "beautysh",
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nuschtosSearch": "nuschtosSearch", "pre-commit-hooks": "pre-commit-hooks"
"systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1767448089, "lastModified": 1704297403,
"narHash": "sha256-U1fHsZBnFrUil731NHD9Sg5HoiG+eSHau8OFuClhwW0=", "narHash": "sha256-g7+4SiXDGzIlWIfANyH1J5CeEaY+Alah6KOm6IO4nIk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "983751b66f255bbea1adc185364e9e7b73f82358", "rev": "b3ea5256e07ee9105060cffa075028402946bd63",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "nixos-25.11", "ref": "nixos-23.11",
"repo": "nixvim", "repo": "nixvim",
"type": "github" "type": "github"
} }
}, },
"nuschtosSearch": { "poetry2nix": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": [
"ixx": "ixx", "nixvim",
"beautysh",
"utils"
],
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
"beautysh",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1761730856, "lastModified": 1658665240,
"narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=", "narHash": "sha256-/wkx7D7enyBPRjIkK0w7QxLQhzEkb3UxNQnjyc3FTUI=",
"owner": "NuschtOS", "owner": "nix-community",
"repo": "search", "repo": "poetry2nix",
"rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b", "rev": "8b8edc85d24661d5a6d0d71d6a7011f3e699780f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NuschtOS", "owner": "nix-community",
"repo": "search", "repo": "poetry2nix",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1703939133,
"narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github" "type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"determinate": "determinate",
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": "nixpkgs_4", "nixos-hardware": "nixos-hardware",
"nixpkgs-master": "nixpkgs-master", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim", "nixvim": "nixvim"
"vpngate": "vpngate"
} }
}, },
"systems": { "systems": {
@@ -495,37 +317,18 @@
"type": "github" "type": "github"
} }
}, },
"systems_3": { "utils": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1678901627,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "nix-systems", "owner": "numtide",
"repo": "default", "repo": "flake-utils",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-systems", "owner": "numtide",
"repo": "default", "repo": "flake-utils",
"type": "github"
}
},
"vpngate": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1766183672,
"narHash": "sha256-24+gJj4UsxwQmdxSS3Aqo2fl0Ep13sYrTDvcHY24mwA=",
"owner": "davegallant",
"repo": "vpngate",
"rev": "a668484da6b969d29dd2f74d5a4f2323fb48beef",
"type": "github"
},
"original": {
"owner": "davegallant",
"repo": "vpngate",
"type": "github" "type": "github"
} }
} }

152
flake.nix
View File

@@ -2,87 +2,70 @@
description = "nixos and macos configurations"; description = "nixos and macos configurations";
inputs = { inputs = {
determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; home-manager.url = "github:nix-community/home-manager/release-23.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nixos-hardware.url = "github:NixOS/nixos-hardware";
darwin = { darwin = {
url = "github:lnl7/nix-darwin/nix-darwin-25.11"; url = "github:lnl7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager.url = "github:nix-community/home-manager/release-25.11";
nixvim = { nixvim = {
url = "github:nix-community/nixvim/nixos-25.11"; url = "github:nix-community/nixvim/nixos-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
vpngate.url = "github:davegallant/vpngate";
}; };
outputs = outputs =
{ { self
self, , darwin
darwin, , home-manager
determinate, , nixpkgs
home-manager, , nixpkgs-unstable
nixpkgs, , nixos-hardware
nixpkgs-unstable, , ...
nixpkgs-master, } @ inputs: {
vpngate,
...
}@inputs:
let
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in
{
nixosConfigurations = nixosConfigurations =
let let
unstable = import nixpkgs-unstable { unstable = import nixpkgs-unstable {
system = "x86_64-linux"; system = "x86_64-linux";
config.allowUnfree = true; config.allowUnfree = true;
}; config.permittedInsecurePackages = [ ];
master = import nixpkgs-master {
system = "x86_64-linux";
config.allowUnfree = true;
}; };
in in
{ {
hephaestus = nixpkgs.lib.nixosSystem { hephaestus = nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = { inherit unstable; };
inherit unstable; modules =
inherit master; [
inherit vpngate; ./fonts.nix
inherit inputs; ./machines/hephaestus/configuration.nix
}; ./packages.nix
modules = [ ./services/netdata/default.nix
./hosts/hephaestus.nix ./upgrade-diff.nix
./common-packages.nix home-manager.nixosModules.home-manager
home-manager.nixosModules.home-manager
( ({ config
{ ... }: , lib
{ , ...
}: {
config = { config = {
nix = { nix = {
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
sandbox = false; sandbox = false;
substituters = [ "https://davegallant.cachix.org" ]; substituters = [ "https://davegallant.cachix.org" ];
trusted-users = [ trusted-users = [ "root" "dave" ];
"root"
];
trusted-public-keys = [ trusted-public-keys = [
"davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08=" "davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08="
]; ];
}; };
registry = { registry = { nixpkgs.flake = nixpkgs; };
nixpkgs.flake = nixpkgs;
};
gc = { gc = {
automatic = true; automatic = true;
dates = "daily"; dates = "daily";
@@ -90,24 +73,24 @@
}; };
}; };
nixpkgs.overlays = [ (import ./overlays) ]; nixpkgs.overlays = [
(import ./overlays)
];
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users.dave.imports = [ users.dave.imports = [
./home.nix ./home/default.nix
inputs.nixvim.homeModules.nixvim inputs.nixvim.homeManagerModules.nixvim
]; ];
extraSpecialArgs = { extraSpecialArgs = {
inherit unstable; inherit unstable;
inherit master;
}; };
}; };
}; };
} })
) ];
];
}; };
}; };
@@ -118,43 +101,36 @@
config.allowUnfree = true; config.allowUnfree = true;
inherit system; inherit system;
}; };
master = import nixpkgs-master {
config.allowUnfree = true;
inherit system;
};
in in
{ {
zelus = darwin.lib.darwinSystem { zelus = darwin.lib.darwinSystem {
inherit system; inherit system;
specialArgs = { specialArgs = { inherit unstable; };
inherit unstable;
inherit master;
};
modules = [ modules = [
home-manager.darwinModules.home-manager home-manager.darwinModules.home-manager
./hosts/zelus.nix ./machines/zelus/configuration.nix
./common-packages.nix ./packages.nix
( ./upgrade-diff.nix
{ ... }:
{ ({ config, ... }: {
config = { config = {
nixpkgs.overlays = [ (import ./overlays) ]; nixpkgs.overlays = [
home-manager = { (import ./overlays)
useGlobalPkgs = true; ];
useUserPackages = true; home-manager = {
users."dave.gallant".imports = [ useGlobalPkgs = true;
./home.nix useUserPackages = true;
inputs.nixvim.homeModules.nixvim users."dave.gallant".imports = [
]; ./home/default.nix
extraSpecialArgs = { inputs.nixvim.homeManagerModules.nixvim
inherit unstable; ];
inherit master; extraSpecialArgs = {
}; inherit unstable;
}; };
}; };
} };
) })
]; ];
}; };
}; };

23
fonts.nix Normal file
View File

@@ -0,0 +1,23 @@
{ pkgs, ... }: {
fonts.packages = with pkgs; [
dejavu_fonts
fira-code
fira-code-symbols
fira-mono
font-awesome
google-fonts
liberation_ttf
nerdfonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
}

449
home.nix
View File

@@ -1,449 +0,0 @@
{
lib,
pkgs,
unstable,
...
}:
let
inherit (pkgs) stdenv;
in
{
home.stateVersion = "25.11";
home.packages = with pkgs; [ just ];
services = {
gpg-agent = {
enable = stdenv.isLinux;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
};
};
services.lorri.enable = stdenv.isLinux;
fonts.fontconfig.enable = true;
programs = {
home-manager.enable = true;
direnv.enable = true;
diff-so-fancy = {
enable = true;
enableGitIntegration = true;
};
git = {
enable = true;
lfs.enable = true;
settings = {
user.name = "Dave Gallant";
user.signingkey = "5A548984C7377E4D";
commit.gpgsign = true;
tag.gpgsign = true;
alias = {
aa = "add -A .";
br = "branch";
c = "commit";
cm = "commit -m";
ca = "commit --amend";
cane = "commit --amend --no-edit";
cb = "checkout -b";
co = "checkout";
cmp = "! git checkout main && git pl";
d = "diff";
dc = "diff --cached";
dcn = "diff --cached --name-only";
l = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
ms = "merge --squash";
p = "push origin";
pf = "push -f";
pl = "! git pull origin $(git rev-parse --abbrev-ref HEAD)";
st = "status";
wip = "for-each-ref --sort='authordate:iso8601' --format=' %(color:green)%(authordate:relative)%09%(color:white)%(refname:short)' refs/heads";
};
push = {
default = "current";
};
pull = {
rebase = true;
};
};
includes = [ { path = "~/.gitconfig-work"; } ];
};
alacritty = {
enable = stdenv.isLinux;
settings = {
window.padding.x = 10;
window.padding.y = 10;
scrolling.history = 100000;
general.live_config_reload = true;
terminal.shell = {
program = "fish";
};
font = {
size = lib.mkForce 14.0;
};
window = {
opacity = lib.mkForce 0.9;
};
};
};
starship = {
enable = true;
enableFishIntegration = true;
settings = {
add_newline = false;
gcloud = {
format = "";
};
kubernetes = {
disabled = false;
};
};
};
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
bind \cw backward-kill-word
set -x DOCKER_CLI_HINTS false
set -x DOCKER_DEFAULT_PLATFORM linux/amd64
set -x EDITOR vim
set -x NNN_FIFO "$XDG_RUNTIME_DIR/nnn.fifo"
set -x PAGER less
set -x TERM xterm-256color
set -x PATH $PATH \
~/.cargo/bin \
~/.local/bin \
~/.npm-packages/bin \
/opt/homebrew/bin \
~/.krew/bin \
~/bin
# golang
set -x GOPATH ~/go
set -x GOBIN $GOPATH/bin
set -x PATH $PATH $GOBIN
source $HOME/work.fish
# '';
shellInit = ''
atuin init fish | source
helm completion fish | source
kubectl completion fish | source
'';
shellAliases = {
".." = "cd ..";
g = "git";
gc = "git checkout $(git branch | fzf)";
gco = "git checkout $(git branch -r | sed -e 's/^ origin\\///' | fzf)";
gho = "gh repo view --web >/dev/null";
gr = "cd $(git rev-parse --show-toplevel)";
grep = "rg --smart-case";
j = "just";
k = "kubecolor";
kubectl = "kubecolor";
kp = "viddy 'kubectl get pods'";
kcx = "kubectx";
kns = "kubens";
l = "eza -la --git --group-directories-first";
m = "make";
nix-install = "nix-env -iA";
t = "cd-fzf";
tf = "terraform";
tree = "eza --tree";
v = "nvim";
};
};
go = {
enable = true;
};
fzf = {
enable = true;
};
nnn = {
enable = stdenv.isLinux;
package = pkgs.nnn.override ({ withNerdIcons = true; });
bookmarks = {
d = "~/Downloads";
p = "~/src/";
c = "~/.config";
h = "~";
};
extraPackages = with pkgs; [
bat
eza
fzf
imv
mediainfo
ffmpegthumbnailer
];
plugins = {
src = "${pkgs.nnn.src}/plugins";
mappings = {
p = "preview-tui";
o = "fzopen";
};
};
};
nixvim = {
enable = true;
viAlias = true;
vimAlias = true;
keymaps = [
{
key = "<C-n>";
mode = [ "n" ];
action = "<cmd>tabnew<cr>";
options = {
silent = true;
};
}
{
key = "<leader>y";
mode = [ "v" ];
action = ''"+y''; # copy to OS clipboard
}
{
key = "<leader>t";
mode = [ "n" ];
action = "<cmd>NvimTreeFindFileToggle<CR>";
}
{
key = "gD";
mode = [ "n" ];
action = "<cmd>lua vim.lsp.buf.declaration()<CR>";
}
{
key = "gd";
mode = [ "n" ];
action = "<cmd>lua vim.lsp.buf.definition()<CR>";
}
{
key = "gr";
mode = [ "n" ];
action = "<cmd>lua vim.lsp.buf.references()<CR>";
}
{
key = "<leader>ff";
mode = [ "n" ];
action = "<cmd>Telescope find_files<CR>";
}
{
key = "<leader>fg";
mode = [ "n" ];
action = "<cmd>Telescope live_grep<CR>";
}
];
plugins = {
auto-save.enable = true;
cmp-path.enable = true;
cmp-treesitter.enable = true;
commentary.enable = true;
diffview.enable = true;
gitblame.enable = true;
gitsigns.enable = true;
gitlinker.enable = true;
lualine.enable = true;
lsp.enable = true;
lsp.servers = {
bashls.enable = true;
dockerls.enable = true;
gopls.enable = true;
helm_ls.enable = true;
jsonls.enable = true;
nixd.enable = true;
terraformls.enable = true;
yamlls.enable = true;
};
lsp-format = {
enable = true;
settings = {
terraform = { };
nix = { };
go = { };
};
};
cmp.enable = true;
nvim-tree.enable = true;
rainbow-delimiters.enable = true;
treesitter.enable = true;
telescope = {
enable = true;
settings.defaults = {
layout_strategy = "vertical";
layout_config = {
vertical = {
width = 0.9;
};
};
};
package = pkgs.vimPlugins.telescope-fzy-native-nvim;
};
web-devicons.enable = true;
};
opts = {
autoindent = true;
backup = false;
belloff = "all";
completeopt = [
"menuone"
"noselect"
];
cursorline = true;
expandtab = true;
fillchars = {
diff = "";
eob = " ";
vert = "";
};
hlsearch = true;
ignorecase = true;
incsearch = true;
modelines = 5;
mouse = "a";
number = true;
pumblend = 10;
scrolloff = 3;
shell = "bash";
shiftround = false;
shiftwidth = 2;
showbreak = " ";
showcmd = true;
sidescroll = 0;
sidescrolloff = 3;
smartcase = true;
smarttab = true;
spellcapcheck = "";
splitbelow = true;
splitright = true;
swapfile = false;
switchbuf = "usetab";
tabstop = 2;
termguicolors = true;
wildmenu = true;
};
extraConfigLua = ''
-- https://github.com/orgs/community/discussions/108329
vim.cmd([[let g:copilot_filetypes = {'yaml': v:true}]])
vim.cmd([[let g:copilot_filetypes = {'gitcommit': v:true}]])
-- Format JSON
vim.cmd([[command! JsonFormat execute "::%!jq '.'"]])
-- Remember line number
vim.cmd([[au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif]])
-- Replace visual selection
vim.cmd([[vnoremap <C-r> "hy:%s/<C-r>h//g<left><left>]])
-- Indent YAML
vim.cmd([[au FileType yaml setlocal ts=2 sts=2 sw=2 expandtab]])
-- Indent Python
vim.cmd([[au BufNewFile,BufRead *.py set tabstop=4 softtabstop=4 shiftwidth=4 textwidth=79 expandtab autoindent fileformat=unix]])
-- Highlight whitespace
vim.cmd([[highlight ExtraWhitespace ctermbg=red guibg=red]])
vim.cmd([[match ExtraWhitespace /\s\+$/]])
-- folding
vim.api.nvim_exec(
[[
set foldmethod=expr
set foldlevel=20
set nofoldenable
set foldexpr=nvim_treesitter#foldexpr()
]],
true
)
'';
};
zed-editor = {
enable = stdenv.isLinux;
package = unstable.zed-editor;
extensions = [
"ansible"
"color-highlight"
"dockerfile"
"html"
"make"
"material-icon-theme"
"nix"
"toml"
"vue"
];
userSettings = {
icon_theme = "Material Icon Theme";
features = {
edit_prediction_provider = "copilot";
};
vim_mode = true;
vim = {
use_system_clipboard = "on_yank";
};
autosave = "on_focus_change";
format_on_save = "off";
ui_font_size = lib.mkForce 18;
buffer_font_size = lib.mkForce 16;
};
userKeymaps = [
{
context = "Editor && !menu";
bindings = {
"ctrl-shift-c" = "editor::Copy";
"ctrl-shift-x" = "editor::Cut";
"ctrl-shift-v" = "editor::Paste";
"ctrl-z" = "editor::Undo";
};
}
];
};
firefox = {
enable = stdenv.isLinux;
package = pkgs.librewolf;
profiles = {
default = {
id = 0;
isDefault = true;
settings = {
"privacy.resistFingerprinting" = false; # breaks timezone
"dom.push.connection.enabled" = false;
"dom.push.enabled" = false;
"geo.enabled" = false;
"intl.regional_prefs.use_os_locales" = true;
"services.sync.prefs.sync.intl.regional._prefs.use_os_locates" = false;
};
};
};
};
};
}

574
home/default.nix Normal file
View File

@@ -0,0 +1,574 @@
{ lib
, pkgs
, unstable
, ...
}:
let
inherit (pkgs) stdenv;
in
{
home.stateVersion = "23.11";
services = {
gpg-agent = {
enable = stdenv.isLinux;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
};
};
fonts.fontconfig.enable = true;
programs = {
home-manager.enable = true;
direnv.enable = true;
git = {
enable = true;
userName = "Dave Gallant";
lfs.enable = true;
aliases = {
aa = "add -A .";
br = "branch";
c = "commit -S";
ca = "commit -S --amend";
cane = "commit -S --amend --no-edit";
cb = "checkout -b";
co = "checkout";
cmp = "! git checkout main && git pl";
d = "diff";
dc = "diff --cached";
dcn = "diff --cached --name-only";
ds = "! git diff origin | sed -r 's/value: (.*)/value: \"************\"/'";
l = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
ms = "merge --squash";
p = "push origin";
pf = "push -f";
pl = "! git pull origin $(git rev-parse --abbrev-ref HEAD)";
st = "status";
wip = "for-each-ref --sort='authordate:iso8601' --format=' %(color:green)%(authordate:relative)%09%(color:white)%(refname:short)' refs/heads";
};
includes = [{ path = "~/.gitconfig-work"; }];
delta = {
enable = true;
options = {
features = "line-numbers decorations";
whitespace-error-style = "22 reverse";
plus-style = "green bold ul '#198214'";
decorations = {
commit-decoration-style = "bold yellow box ul";
file-style = "bold yellow ul";
file-decoration-style = "none";
};
};
};
extraConfig = {
push = { default = "current"; };
pull = { rebase = true; };
};
};
starship = {
enable = true;
enableZshIntegration = true;
settings = {
add_newline = false;
scan_timeout = 10;
character = { error_symbol = "[](bold red)"; };
gcloud = {
format = "[$symbol($project) ~ $region]($style)";
};
kubernetes = {
disabled = false;
context_aliases = {
".*stg_.*" = "stg";
".*test_.*" = "test";
".*prd_.*" = "prd";
};
};
};
};
zsh = {
enable = true;
enableAutosuggestions = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
history.size = 1000000;
localVariables = {
CASE_SENSITIVE = "true";
DISABLE_UNTRACKED_FILES_DIRTY = "true";
RPROMPT = ""; # override because macOS defaults to filepath
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#838383,underline";
ZSH_DISABLE_COMPFIX = "true";
};
envExtra = ''
export PAGER=less
export EDITOR=vim
export PATH=$PATH:~/.cargo/bin
export PATH=$PATH:~/.local/bin
export PATH=$PATH:~/.npm-packages/bin
export PATH=$PATH:/opt/homebrew/bin
export PATH=$PATH:~/.krew/bin
export PATH=$PATH:~/bin
export GOPATH=~/go
export GOBIN=$GOPATH/bin
export PATH=$PATH:$GOBIN
export WINEPREFIX=~/.wine32
# homebrew for x86
export PATH=$PATH:/usr/local/homebrew/bin
'';
initExtra = ''
setopt noincappendhistory
source $HOME/.zsh-work
if [[ "$OSTYPE" == "darwin"* ]];
then
export PATH="$(brew --prefix)/opt/gnu-tar/libexec/gnubin:$PATH"
alias xdg-open=open
fi
source <(helm completion zsh)
source <(kubectl completion zsh)
eval "$(atuin init zsh)"
# kubecolor
source <(kubectl completion zsh)
alias kubectl=kubecolor
# make completion work with kubecolor
compdef kubecolor=kubectl
pfetch
'';
shellAliases = {
".." = "cd ..";
c = "code";
g = "git";
gc = "git checkout $(git branch | fzf)";
gco = "git checkout $(git branch -r | sed -e 's/^ origin\\///' | fzf)";
gr = "cd $(git rev-parse --show-toplevel)";
gho = "gh repo view --web >/dev/null";
grep = "rg --smart-case";
k = "kubecolor";
kcx = "kubectx";
kns = "kubens";
l = "eza -la --git --group-directories-first";
m = "make";
ps = "procs";
t = "tmux-sessionizer";
tf = "terraform";
tree = "eza --tree";
v = "nvim";
nix-install = "nix-env -iA";
brew-x86 = "arch -x86_64 /usr/local/homebrew/bin/brew";
};
"oh-my-zsh" = {
enable = true;
};
};
alacritty = {
enable = true;
settings = {
window.padding.x = 10;
window.padding.y = 10;
scrolling.history = 100000;
live_config_reload = true;
mouse.hide_when_typing = false;
font =
if stdenv.isLinux
then {
normal.family = "Fira Code";
size = 12;
}
else {
normal.family = "FiraCode Nerd Font";
size = 16;
};
shell = {
program = "zsh";
args = [ "-l" "-c" "tmux" "u" ];
};
colors = {
primary.background = "0x282828";
primary.foreground = "0xebdbb2";
normal = {
black = "0x282828";
red = "0xcc241d";
green = "0x98971a";
yellow = "0xd79921";
blue = "0x458588";
magenta = "0xb16286";
cyan = "0x689d6a";
white = "0xa89984";
};
bright = {
black = "0x928374";
red = "0xfb4934";
green = "0xb8bb26";
yellow = "0xfabd2f";
blue = "0x83a598";
magenta = "0xd3869b";
cyan = "0x8ec07c";
white = "0xebdbb2";
};
key_bindings = [
{
key = "Home";
mods = "Control";
action = "ResetFontSize";
}
{
key = "Plus";
mods = "Control";
action = "IncreaseFontSize";
}
{
key = "Minus";
mods = "Control";
action = "DecreaseFontSize";
}
];
};
};
};
autojump = {
enable = true;
enableZshIntegration = true;
};
go = {
enable = true;
};
tmux = {
enable = true;
clock24 = true;
terminal = "xterm-256color";
customPaneNavigationAndResize = true;
plugins = with pkgs.tmuxPlugins; [
{
plugin = pain-control;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-pain-control'";
}
{
plugin = sensible;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-sensible'";
}
{
plugin = sessionist;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-sessionist'";
}
{
plugin = yank;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-yank'";
}
{
plugin = sensible;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-sensible'";
}
{
plugin = tmux-colors-solarized;
extraConfig = ''
set -g @plugin 'seebi/tmux-colors-solarized'
set -g @colors-solarized 'dark'
'';
}
{
plugin = resurrect;
extraConfig = ''
set -g @plugin 'tmux-plugins/tmux-resurrect'
'';
}
{
plugin = continuum;
extraConfig = ''
set -g @plugin 'tmux-plugins/tmux-continuum'
set -g @continuum-restore 'on'
'';
}
];
extraConfig = ''
set-window-option -g automatic-rename on
set-option -g set-titles on
set -g mouse on
set -g status-left-length 30
set -g status-right-length 150
set -g xterm-keys on
set -g pane-border-status top
set -g set-titles on
set -g display-panes-time 800
set -g display-time 2000
set -q -g utf8 on
set -g monitor-activity on
set -g visual-activity off
set -g status-right '#(gitmux #{pane_current_path})'
'';
};
rofi = {
enable = stdenv.isLinux;
plugins = [ pkgs.rofi-emoji ];
terminal = "${pkgs.alacritty}/bin/alacritty";
font = "Fira Font Mono 24";
theme = "gruvbox-dark";
extraConfig = {
modi = "drun,run";
show-icons = true;
};
};
fzf = {
enable = true;
};
nixvim = {
enable = true;
viAlias = true;
vimAlias = true;
colorschemes.gruvbox.enable = true;
keymaps = [
{
key = "<C-n>";
mode = [ "n" ];
action = "<cmd>tabnew<cr>";
options = {
silent = true;
};
}
# copy to OS clipboard
{
key = "<leader>y";
mode = [ "v" ];
action = "\"+y";
}
{
key = "gD";
mode = [ "n" ];
action = "<cmd>lua vim.lsp.buf.declaration()<CR>";
}
{
key = "gd";
mode = [ "n" ];
action = "<cmd>lua vim.lsp.buf.definition()<CR>";
}
{
key = "gr";
mode = [ "n" ];
action = "<cmd>lua vim.lsp.buf.references()<CR>";
}
];
plugins = {
copilot-vim.enable = true;
cmp-path.enable = true;
cmp-treesitter.enable = true;
commentary.enable = true;
diffview.enable = true;
gitblame.enable = true;
gitsigns.enable = true;
gitlinker.enable = true;
lualine.enable = true;
lsp.enable = true;
lsp.servers = {
#ansiblels.enable = true;
bashls.enable = true;
#dockerls.enable = true;
gopls.enable = true;
#helm-ls.enable = true;
jsonls.enable = true;
pyright.enable = true;
nixd.enable = true;
terraformls.enable = true;
yamlls.enable = true;
};
lsp-format = {
enable = true;
setup = {
terraform = { };
nix = { };
go = { };
};
};
nvim-cmp.enable = true;
nvim-tree.enable = true;
packer = {
enable = true;
plugins = [ ];
};
rainbow-delimiters.enable = true;
treesitter.enable = true;
telescope = {
enable = true;
defaults = {
layout_strategy = "vertical";
layout_config = {
vertical = {
width = 0.9;
};
};
};
package = pkgs.vimPlugins.telescope-fzy-native-nvim;
keymaps = {
"<leader>ff" = {
action = "git_files";
desc = "Telescope Git Files";
};
"<leader>fg" = "live_grep";
};
keymapsSilent = true;
};
};
options = {
autoindent = true;
backup = false;
belloff = "all";
completeopt = [
"menuone"
"noselect"
];
cursorline = true;
expandtab = true;
fillchars = {
diff = "";
eob = " ";
vert = "";
};
hlsearch = true;
ignorecase = true;
incsearch = true;
modelines = 5;
mouse = "a";
number = true;
pumblend = 10;
scrolloff = 3;
shell = "bash";
shiftround = false;
shiftwidth = 2;
showbreak = " ";
showcmd = true;
sidescroll = 0;
sidescrolloff = 3;
smartcase = true;
smarttab = true;
spellcapcheck = "";
splitbelow = true;
splitright = true;
swapfile = false;
switchbuf = "usetab";
tabstop = 2;
termguicolors = true;
wildmenu = true;
};
extraConfigLua = ''
-- Format JSON
vim.cmd([[command! JsonFormat execute "::%!jq '.'"]])
-- Remember line number
vim.cmd([[au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif]])
-- Replace visual selection
vim.cmd([[vnoremap <C-r> "hy:%s/<C-r>h//g<left><left>]])
-- Indent YAML
vim.cmd([[au FileType yaml setlocal ts=2 sts=2 sw=2 expandtab]])
-- Indent Python
vim.cmd([[au BufNewFile,BufRead *.py set tabstop=4 softtabstop=4 shiftwidth=4 textwidth=79 expandtab autoindent fileformat=unix]])
-- Highlight whitespace
vim.cmd([[highlight ExtraWhitespace ctermbg=red guibg=red]])
vim.cmd([[match ExtraWhitespace /\s\+$/]])
-- folding
vim.api.nvim_exec(
[[
set foldmethod=expr
set foldlevel=20
set nofoldenable
set foldexpr=nvim_treesitter#foldexpr()
]],
true
)
'';
};
vscode = {
enable = true;
package = pkgs.vscode;
extensions = with pkgs.vscode-extensions;
[
bbenoist.nix
github.vscode-pull-request-github
golang.go
hashicorp.terraform
ms-dotnettools.csharp
ms-kubernetes-tools.vscode-kubernetes-tools
redhat.vscode-yaml
]
++ lib.optionals stdenv.isLinux [
ms-vsliveshare.vsliveshare
ms-python.python
];
};
firefox = {
enable = stdenv.isLinux;
package = pkgs.firefox-devedition;
profiles = {
default = {
id = 0;
isDefault = true;
settings = {
"privacy.resistFingerprinting" = false; # breaks timezone
"dom.push.connection.enabled" = false;
"dom.push.enabled" = false;
"geo.enabled" = false;
"intl.regional_prefs.use_os_locales" = true;
"services.sync.prefs.sync.intl.regional._prefs.use_os_locates" = false;
};
name = "dev-edition-default";
path = "6b7pm104.dev-edition-default";
};
};
};
};
}

482
hosts/hephaestus.nix
View File

@@ -1,482 +0,0 @@
{
config,
lib,
inputs,
master,
modulesPath,
pkgs,
unstable,
vpngate,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
security.sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = true;
};
boot = {
kernelModules = [
"kvm-amd"
];
kernelPackages = pkgs.linuxPackages;
kernelParams = [
"amd_iommu=on"
];
loader = {
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
grub = {
enable = true;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
};
supportedFilesystems = [
"ntfs"
];
initrd = {
availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
luks.devices."root" = {
allowDiscards = true;
device = "/dev/disk/by-uuid/89a14ac5-7723-4a0a-bb95-fb2fb2e92160";
preLVM = true;
keyFile = "./keyfile0.bin";
};
secrets = {
"keyfile0.bin" = "/etc/secrets/initrd/keyfile0.bin";
};
};
};
environment.systemPackages =
with pkgs;
[
bleachbit
calibre
clamtk
cryptsetup
dbeaver-bin
discord
freefilesync
gimp-with-plugins
google-chrome
hardinfo2
httpie-desktop
heroic
iputils
kdePackages.bluedevil
kdePackages.kcalc
kdePackages.kcharselect
kdePackages.kclock
kdePackages.kcolorchooser
kdePackages.ksystemlog
kdePackages.partitionmanager
kdePackages.sddm-kcm
libation
lutris
mupen64plus
nfs-utils
onlyoffice-desktopeditors
opensnitch-ui
pciutils
pika-backup
pinentry-curses
pinta
protonup-qt
qbittorrent
qemu
traceroute
unrar
unstable.beszel
unstable.ktailctl
unstable.mcpelauncher-ui-qt
unstable.obsidian
unstable.podman
unstable.podman-compose
unstable.podman-desktop
unstable.ryubing
unstable.signal-desktop-bin
unstable.tailscale
unstable.zoom-us
usbutils
virt-manager
vlc
vpngate.packages.x86_64-linux.default
wayland-utils
whois
wine
wl-clipboard
];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/7f4f0948-041c-47e9-ab28-53132026f158";
fsType = "ext4";
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/F1BD-5227";
fsType = "vfat";
};
"/mnt/synology-2b/media" = {
device = "192.168.1.178:/volume1/Media";
fsType = "nfs";
};
"/mnt/truenas/home/backups" = {
device = "192.168.1.132:/mnt/wd4t/data/home/backup/";
fsType = "nfs";
};
};
fonts.packages = with pkgs; [
dejavu_fonts
fira-mono
font-awesome
liberation_ttf
nerd-fonts.droid-sans-mono
nerd-fonts.fira-code
nerd-fonts.symbols-only
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
noto-fonts
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
};
};
networking = {
iproute2.enable = true;
hostName = "hephaestus";
hostId = "0e8aad53";
interfaces."enp34s0" = {
useDHCP = true;
wakeOnLan = {
enable = true;
policy = [ "magic" ];
};
};
firewall = {
allowPing = false;
enable = true;
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
};
};
users.users.beszel = {
isSystemUser = true;
group = "beszel";
description = "Beszel Agent service user";
};
users.groups.beszel = { };
systemd.services = {
NetworkManager-wait-online.enable = false;
beszel-agent = {
description = "Beszel Agent Service";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Environment = [
"PORT=45876"
''KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaNtnkc+3+fJU+bTO6fibID9FHgFjei0sjJNqvcYtG8"''
];
ExecStart = "${lib.getBin unstable.beszel}/bin/beszel-agent";
User = "beszel";
Restart = "always";
RestartSec = 5;
};
};
};
services = {
mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
};
system = {
autoUpgrade.enable = true;
stateVersion = "25.11";
activationScripts = {
diff = {
supportsDryActivation = true;
text = ''
if [[ -e /run/current-system ]]; then
echo -e "\e[36mPackage version diffs:\e[0m"
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
fi
'';
};
};
};
nix = {
extraOptions = "experimental-features = nix-command flakes";
settings.trusted-users = [ "root" "@wheel" ];
};
users.users.dave = {
isNormalUser = true;
extraGroups = [
"wheel"
"libvirtd"
];
shell = pkgs.fish;
};
i18n.defaultLocale = "en_US.UTF-8";
i18n.inputMethod = {
enable = true;
type = "ibus";
ibus.engines = with pkgs.ibus-engines; [ anthy ];
};
time.timeZone = "America/Toronto";
hardware.bluetooth.enable = true;
hardware.graphics = {
enable = true;
enable32Bit = true;
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
documentation.man.generateCaches = false;
programs = {
fish.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
kdeconnect.enable = true;
nix-ld.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;
};
};
services.avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm.enable = true;
displayManager.sddm.wayland.enable = true;
};
services.printing.enable = true;
services.resolved.enable = true;
services.sshd.enable = true;
services.tailscale = {
enable = true;
package = unstable.tailscale;
};
services.clamav.daemon.enable = true;
services.clamav.updater.enable = true;
services.opensnitch = {
enable = true;
rules = {
avahi-ipv4 = {
name = "Allow avahi daemon IPv4";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
operand = "process.path";
sensitive = false;
data = "${lib.getBin pkgs.avahi}/bin/avahi-daemon";
}
{
type = "network";
operand = "dest.network";
data = "224.0.0.0/24";
}
];
};
};
systemd-timesyncd = {
name = "systemd-timesyncd";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
};
};
systemd-resolved = {
name = "systemd-resolved";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
};
};
localhost = {
name = "Allow all localhost";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "regexp";
operand = "dest.ip";
sensitive = false;
data = "^(127\\.0\\.0\\.1|::1)$";
list = [ ];
};
};
nix-update = {
name = "Allow Nix";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.nix}/bin/nix";
}
{
type = "regexp";
operand = "dest.host";
sensitive = false;
data = "^(([a-z0-9|-]+\\.)*github\\.com|([a-z0-9|-]+\\.)*nixos\\.org)$";
}
];
};
};
NetworkManager = {
name = "Allow NetworkManager";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.networkmanager}/bin/NetworkManager";
}
{
type = "simple";
operand = "dest.port";
sensitive = false;
data = "67";
}
{
type = "simple";
operand = "protocol";
sensitive = false;
data = "udp";
}
];
};
};
ssh-github = {
name = "Allow SSH to github";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.openssh}/bin/ssh";
}
{
type = "simple";
operand = "dest.host";
sensitive = false;
data = "github.com";
}
];
};
};
};
};
virtualisation = {
podman.enable = true;
libvirtd = {
enable = true;
qemu.swtpm.enable = true;
};
};
}

130
hosts/zelus.nix
View File

@@ -1,130 +0,0 @@
{ pkgs, ... }:
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
networking = {
hostName = "zelus";
};
nix.enable = false;
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
users.users."dave.gallant".shell = pkgs.fish;
programs.fish.enable = true;
system.primaryUser = "dave.gallant";
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
tilesize = 50;
orientation = "bottom";
persistent-apps = [
"/Applications/iTerm.app"
"/Applications/Google Chrome.app"
"/Applications/LibreWolf.app"
"/Applications/Obsidian.app"
"/Applications/Slack.app"
"/Applications/zoom.us.app"
];
};
NSGlobalDomain.AppleShowAllExtensions = true;
NSGlobalDomain.AppleShowScrollBars = "Always";
NSGlobalDomain.NSUseAnimatedFocusRing = false;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode = true;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode2 = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint2 = true;
NSGlobalDomain.NSDocumentSaveNewDocumentsToCloud = false;
NSGlobalDomain.ApplePressAndHoldEnabled = false;
NSGlobalDomain.InitialKeyRepeat = 25;
NSGlobalDomain.KeyRepeat = 2;
NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
NSGlobalDomain.NSWindowShouldDragOnGesture = true;
NSGlobalDomain.NSAutomaticSpellingCorrectionEnabled = false;
LaunchServices.LSQuarantine = false; # disables "Are you sure?" for new apps
loginwindow.GuestEnabled = false;
finder.FXPreferredViewStyle = "Nlsv";
};
security.pam.services.sudo_local.touchIdAuth = true;
homebrew = {
enable = true;
onActivation = {
cleanup = "zap";
autoUpdate = true;
upgrade = true;
};
global = {
brewfile = true;
};
brews = [
"argocd"
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"k6"
"node"
"oras"
"vault"
];
casks = [
"claude-code"
"discord"
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"freelens"
"iterm2"
"karabiner-elements"
"knockknock"
"librewolf"
"lulu"
"notunes"
"obsidian"
"raycast"
"rectangle"
"signal"
"slack"
"spotify"
"stats"
"steam"
"taskexplorer"
"tailscale-app"
"vlc"
"whisky"
"zed"
];
taps = [
"hashicorp/tap"
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
}

33
justfile
View File

@@ -1,33 +0,0 @@
set export
alias u := update
alias r := rebuild
arch := `uname -s`
cmd := if arch == "Linux" { "nixos-rebuild --sudo" } else { "sudo darwin-rebuild" }
rebuild:
$cmd switch --flake .
rebuild-boot:
$cmd boot --flake . --install-bootloader
rollback:
sudo $cmd switch --rollback --flake .
channel-update:
nix-channel --update
sudo nix-channel --update
update:
@./update-flake.sh
fmt:
nixfmt *.nix
clean:
echo 'Cleaning user...'
nix-collect-garbage -d
echo 'Cleaning root...'
sudo nix-collect-garbage -d

263
machines/hephaestus/configuration.nix Normal file
View File

@@ -0,0 +1,263 @@
{ config
, lib
, modulesPath
, pkgs
, unstable
, ...
}:
let
gnomeExtensions = with pkgs.gnomeExtensions; [
appindicator
bluetooth-quick-connect
blur-my-shell
caffeine
clipboard-indicator
dash-to-dock
grand-theft-focus
notification-banner-reloaded
quick-settings-tweaker
tailscale-status
tray-icons-reloaded
];
in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
extraModulePackages = with config.boot.kernelPackages; [
xpadneo
];
kernelModules = [ "kvm-amd" ];
kernelPackages = pkgs.linuxPackages;
loader = {
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
grub = {
enable = true;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
};
supportedFilesystems = [ "ntfs" ];
initrd = {
availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
luks.devices."root" = {
allowDiscards = true;
device = "/dev/disk/by-uuid/21cd166c-1528-49a4-b31b-0d408d48aa80";
preLVM = true;
keyFile = "./keyfile0.bin";
};
secrets = {
"keyfile0.bin" = "/etc/secrets/initrd/keyfile0.bin";
};
};
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/a6723178-6f18-428e-b541-9ac901861125";
fsType = "ext4";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/e3ab2e1a-bddf-4ae0-b00a-bf954c6c182b";
fsType = "ext4";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/3CFD-D749";
fsType = "vfat";
};
fileSystems."/mnt/synology-2b/media" = {
device = "192.168.1.178:/volume1/Media";
fsType = "nfs";
};
fileSystems."/mnt/synology-2b/backups" = {
device = "192.168.1.178:/volume1/Backups";
fsType = "nfs";
};
swapDevices = [
{ device = "/dev/disk/by-uuid/5d6d0388-2b15-4ff1-9f0f-391818a76090"; }
];
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
permittedInsecurePackages = [
"nix-2.16.2"
];
};
};
networking = {
iproute2.enable = true;
hostName = "hephaestus";
interfaces.enp34s0 = {
useDHCP = true;
};
firewall = {
allowPing = false;
enable = true;
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
};
};
systemd.services = {
NetworkManager-wait-online.enable = false;
};
system = {
autoUpgrade.enable = true;
stateVersion = "23.11";
};
nix = {
extraOptions = "experimental-features = nix-command flakes";
package = pkgs.nixUnstable;
};
users.users.dave = {
isNormalUser = true;
extraGroups = [ "docker" "wheel" "libvirtd" "corectrl" ];
shell = pkgs.zsh;
};
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
time.timeZone = "America/Toronto";
hardware = {
opengl.enable = true;
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
pulseaudio.enable = true;
# Vulkan
opengl.driSupport = true;
opengl.driSupport32Bit = true;
# Steam
opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
pulseaudio.support32Bit = true;
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
};
virtualisation = {
docker.enable = true;
libvirtd.enable = true;
podman.enable = true;
};
programs = {
corectrl.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh.enable = true;
};
services = {
avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
gnome.gnome-keyring.enable = true;
mullvad-vpn.enable = false;
printing.enable = true;
resolved.enable = true;
sshd.enable = true;
tailscale.enable = true;
xserver.videoDrivers = [ "amdgpu" ];
xserver = {
enable = true;
displayManager = {
gdm = {
enable = true;
wayland = false;
};
};
desktopManager = {
gnome = {
enable = true;
};
};
};
};
environment.systemPackages = with pkgs;
[
android-tools
bitwarden
cryptsetup
deja-dup
discord
docker
docker-compose
foliate
ghostscript
gimp-with-plugins
glibcLocales
gnome.gnome-tweaks
iputils
kazam
legendary-gl
lm_sensors
mullvad-vpn
netdata
nfs-utils
pavucontrol
pinentry-curses
podman
psst
qemu
sbx-h6-rgb
strace
tailscale
traceroute
ungoogled-chromium
unstable.burpsuite
unstable.logseq
unstable.obsidian
unstable.ryujinx
unstable.signal-desktop
usbutils
virt-manager
vlc
whois
wine
wine64
wireshark-qt
zoom-us
]
++ gnomeExtensions;
}

114
machines/zelus/configuration.nix Normal file
View File

@@ -0,0 +1,114 @@
{ pkgs, ... }:
let
checkBrew = "command -v brew > /dev/null";
in
{
nixpkgs = {
config = {
allowUnfree = true;
permittedInsecurePackages = [
"nix-2.16.2"
];
};
};
networking = { hostName = "zelus"; };
services.nix-daemon.enable = true;
nix.extraOptions = "experimental-features = nix-command flakes";
nix.package = pkgs.nixVersions.stable;
programs.zsh = {
enable = true;
# https://github.com/nix-community/home-manager/issues/108#issuecomment-340397178
enableCompletion = false;
};
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
environment = {
extraInit = ''
${checkBrew} || >&2 echo "brew is not installed (install it via https://brew.sh)"
'';
variables = { LANG = "en_US.UTF-8"; };
};
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 1.0;
tilesize = 50;
static-only = false;
showhidden = false;
show-recents = false;
show-process-indicators = true;
orientation = "bottom";
mru-spaces = false;
};
NSGlobalDomain = {
"com.apple.sound.beep.feedback" = 0;
"com.apple.sound.beep.volume" = 0.000;
ApplePressAndHoldEnabled = false;
InitialKeyRepeat = 10;
KeyRepeat = 2;
AppleShowAllExtensions = true;
AppleShowScrollBars = "Automatic";
};
};
homebrew = {
enable = true;
onActivation.autoUpdate = false;
onActivation.upgrade = false;
global = {
brewfile = true;
};
brews = [
"coreutils"
"gnu-sed"
"gnu-tar"
"netdata"
"node"
"podman"
"podman-compose"
];
casks = [
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"karabiner-elements"
"logseq"
"lulu"
"notunes"
"obsidian"
"postman"
"raycast"
"rectangle"
"stats"
"warp"
];
taps = [
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
}

12
update-flake.sh → nix-flake-update.sh
View File

@@ -2,20 +2,10 @@
set -euo pipefail set -euo pipefail
if ! git diff-index --quiet HEAD --; then
git stash push -m "Auto-stash via update-flash.sh on $(date)"
fi
git pull git pull
update_msg=$(nix flake update 2>&1 | grep -v 'warning:') update_msg=$(nix flake update 2>&1 | grep -v 'warning:')
just rebuild make
git add . git add .
read -p "Commit and push changes? [yN]? " -r
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
exit 1
fi
git commit -S -m "nix flake update: $(TZ=UTC date '+%Y-%m-%d %H:%M:%S %Z') git commit -S -m "nix flake update: $(TZ=UTC date '+%Y-%m-%d %H:%M:%S %Z')
$update_msg" $update_msg"

17
overlays/cd-fzf/cd-fzf
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
readarray -t directories < ~/.config/cd-fzf
if [[ $# -eq 1 ]]; then
selected=$1
else
selected=$(find "${directories[@]}" -mindepth 1 -maxdepth 1 -type d | fzf --exact)
fi
if [[ -z $selected ]]; then
exit 0
fi
cd "$selected"
$SHELL

19
overlays/cd-fzf/default.nix
View File

@@ -1,19 +0,0 @@
{
stdenv,
lib,
fetchurl,
}:
stdenv.mkDerivation rec {
pname = "cd-fzf";
version = "0.0.1";
executable = ./cd-fzf;
phases = [ "unpackPhase" ]; # Remove all other phases
unpackPhase = ''
mkdir -p $out/bin
cp ${executable} $out/bin/cd-fzf
'';
meta = with lib; {
description = "\n Fuzzy find change directory";
platforms = platforms.unix;
};
}

4
overlays/default.nix
View File

@@ -1,3 +1,5 @@
final: prev: { final: prev: {
cd-fzf = prev.callPackage ./cd-fzf { }; sbx-h6-rgb = prev.callPackage ./sbx-h6-rgb { };
tmux-sessionizer = prev.callPackage ./tmux-sessionizer { };
vpngate = prev.callPackage ./vpngate { };
} }

38
overlays/sbx-h6-rgb/default.nix Normal file
View File

@@ -0,0 +1,38 @@
{ lib
, fetchFromGitHub
, pkgs
, stdenv
,
}:
stdenv.mkDerivation rec {
pname = "sbx-h6-rgb";
version = "95b4ef9788ef94e557a4d1e815079d5ea8a70943";
src = fetchFromGitHub {
owner = "Oscillope";
repo = "sbx-h6-rgb";
rev = version;
sha256 = "sha256-tKKNdzijloBiGBHf5C604824B/BbxBxvCL/ms4orT9M=";
};
buildInputs = with pkgs; [
hidapi
];
buildPhase = ''
make
'';
installPhase = ''
install -D sbx-h6-ctl $out/bin/sbx-h6-ctl
'';
meta = with lib; {
description = "Creative SoundBlasterX RGB LED setter.";
license = licenses.gpl3;
maintainers = with maintainers; [ davegallant ];
platforms = platforms.linux;
};
}

24
overlays/tmux-sessionizer/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{ stdenv
, lib
, fetchurl
,
}:
stdenv.mkDerivation rec {
pname = "tmux-sessionizer";
version = "0.0.0";
executable = ./tmux-sessionizer;
phases = [ "unpackPhase" ]; # Remove all other phases
unpackPhase = ''
mkdir -p $out/bin
cp ${executable} $out/bin/tmux-sessionizer
'';
meta = with lib; {
description = "
Tmux sessionizer adapted from https://sourcegraph.com/github.com/ThePrimeagen/.dotfiles@5cd09f06d6683b91c26822a73b40e3d7fb9af57a/-/blob/bin/.local/bin/tmux-sessionizer";
platforms = platforms.unix;
};
}

31
overlays/tmux-sessionizer/tmux-sessionizer Executable file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/env bash
# Credit to ThePrimeagen for this:
# https://sourcegraph.com/github.com/ThePrimeagen/.dotfiles@5cd09f06d6683b91c26822a73b40e3d7fb9af57a/-/blob/bin/.local/bin/tmux-sessionizer
readarray -t directories < ~/.config/tmux-sessionizer
if [[ $# -eq 1 ]]; then
selected=$1
else
selected=$(find "${directories[@]}" -mindepth 1 -maxdepth 1 -type d | fzf --exact)
fi
if [[ -z $selected ]]; then
exit 0
fi
selected_name=$(basename "$selected" | tr . _)
tmux_running=$(pgrep tmux)
if [[ -z $TMUX ]] && [[ -z $tmux_running ]]; then
tmux new-session -s "$selected_name" -c "$selected"
exit 0
fi
if ! tmux has-session -t "$selected_name" 2> /dev/null; then
tmux new-session -ds "$selected_name" -c "$selected"
fi
tmux switch-client -t "$selected_name"

28
overlays/vpngate/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{ lib
, fetchFromGitHub
, buildGoModule
,
}:
buildGoModule rec {
pname = "vpngate";
version = "v0.1.5";
vendorHash = "sha256-TQLHvoVAMvDtm/9EQUaNVVjQajyMBnJu8NF6Kt0+RJ8=";
src = fetchFromGitHub {
owner = "davegallant";
repo = "vpngate";
rev = version;
sha256 = "sha256-+KZ6/h8JLEisnIja4lstJYVHzEC/8PdHL3czK/mJCAs=";
};
doCheck = false;
meta = with lib; {
homepage = "https://www.vpngate.net";
description = "a client for vpngate.net";
license = licenses.gpl3;
maintainers = with maintainers; [ davegallant ];
platforms = platforms.linux ++ platforms.darwin;
};
}

68
common-packages.nix → packages.nix
View File

@@ -1,8 +1,12 @@
{ { config
pkgs, , lib
unstable, , pkgs
... , unstable
, ...
}: }:
let
inherit (pkgs) stdenv;
in
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# essentials # essentials
@@ -16,47 +20,54 @@
zip zip
# modern cli # modern cli
atuin
bat bat
cd-fzf
doggo doggo
eza eza
fd fd
github-cli
hadolint hadolint
lazygit nodePackages.eslint
macchina oha
ncdu pre-commit
progress progress
ripgrep ripgrep
shellcheck shellcheck
shfmt shfmt
starship
tldr
tmux-sessionizer
unstable.atuin
unstable.github-cli
viddy viddy
yq-go yq-go
# containers # containers
unstable.argocd krew
unstable.k9s kubecolor
unstable.krew kubectl
unstable.kubecolor kubectx
unstable.kubectl minikube
unstable.kubectx stern
unstable.helm-docs
unstable.kubernetes-helm unstable.kubernetes-helm
unstable.stern unstable.k9s
unstable.skaffold
# cloud # cloud
awscli2 aws-vault
google-cloud-sdk unstable.awscli2
terraform unstable.azure-cli
unstable.google-cloud-sdk
unstable.terraform
# lsp # lsp
nodePackages.bash-language-server nodePackages.bash-language-server
nodePackages.eslint nodePackages.pyright
nodePackages.yaml-language-server nodePackages.yaml-language-server
terraform-ls terraform-ls
# monitoring # monitoring
btop htop
procs
# golang # golang
gofumpt gofumpt
@@ -79,17 +90,20 @@
openssl openssl
openvpn openvpn
tcpdump tcpdump
vpngate
# rice
neofetch
pfetch
# nix # nix
nix-tree nix-tree
nixfmt-rfc-style nixpkgs-fmt
nixpkgs-review nixpkgs-review
nvd
# python # python
poetry
python313
virtualenv virtualenv
# media
yt-dlp
]; ];
} }

3
renovate.json
View File

@@ -1,8 +1,5 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"schedule": [
"every weekend"
],
"extends": [ "extends": [
"config:recommended" "config:recommended"
] ]

46
services/netdata/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{ config
, pkgs
, ...
}:
let
netdata = pkgs.netdata;
netdataConf = ./netdata.conf;
netdataDir = "/var/lib/netdata";
in
{
users.extraGroups.netdata.gid = 220008;
users.users.netdata.group = "netdata";
users.extraUsers.netdata = {
description = "Netdata server user";
isSystemUser = true;
name = "netdata";
uid = 200008;
};
systemd.services.netdata = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p ${netdataDir}/config
mkdir -p ${netdataDir}/logs
cp -r ${netdata}/share/netdata/web ${netdataDir}/web
chmod -R 700 ${netdataDir}
chown -R netdata:netdata ${netdataDir}
'';
serviceConfig = {
Type = "forking";
ExecStart = "${netdata}/bin/netdata -c ${netdataConf} -u netdata";
Restart = "on-failure";
};
};
services.nginx.httpConfig = ''
server {
server_name netdata.thume.net;
location / {
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:19999;
}
}
'';
}

21
services/netdata/netdata.conf Normal file
View File

@@ -0,0 +1,21 @@
[global]
run as user = netdata
config directory = /var/lib/netdata/config
web files directory = /var/lib/netdata/web
cache directory = /var/lib/netdata
log directory = /var/lib/netdata/logs
# the default database size - 1 hour
history = 3600
# some defaults to run netdata with least priority
process scheduling policy = idle
OOM score = 1000
[web]
# web files owner = root
web files group = netdata
# by default do not expose the netdata port
bind to = localhost

5
shell.nix Normal file
View File

@@ -0,0 +1,5 @@
(import <nixpkgs> { }).mkShell {
shellHook = ''
${(import ./default.nix).pre-commit-check.shellHook}
'';
}

8
upgrade-diff.nix Normal file
View File

@@ -0,0 +1,8 @@
{ pkgs, ... }: {
system.activationScripts.diff = {
supportsDryActivation = true;
text = ''
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
'';
};
}