dave/nix-config
1
0
Fork 0
mirror of https://github.com/davegallant/nix-config synced 2026-03-08 08:38:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dave:main
Branches Tags
dave:main
..
compare: dave:eee3f2e9a3e2d05108354d52b4fa9bc6cd6a4a83
Branches Tags
dave:main

1 Commits
main ... eee3f2e9a3

Author SHA1 Message Date
Dave Gallant
eee3f2e9a3 Cleanup hephaestus 2025-04-06 12:52:42 -04:00
24 changed files with 1501 additions and 833 deletions
Expand all files Collapse all files

5
.envrc Normal file
View File

@@ -0,0 +1,5 @@
if has lorri; then
eval "$(lorri direnv)"
else
use nix
fi

6
.github/workflows/cachix.yml vendored
View File

@@ -14,10 +14,12 @@ jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v16 - uses: cachix/cachix-action@v16
with: with:
name: davegallant name: davegallant
authToken: '${{ secrets.CACHIX_API_KEY }}' authToken: '${{ secrets.CACHIX_API_KEY }}'
- run: nix build .#nixosConfigurations.hephaestus.config.system.build.toplevel --json | jq -r '.[].outputs | to_entries[].value' | cachix push davegallant - run: nix-build | cachix push davegallant

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
.pre-commit-config.yaml .pre-commit-config.yaml
.vscode .vscode
git-crypt-key
result result

52
README.md
View File

@@ -1,38 +1,17 @@
# nix-config # nix-config
This repo stores nix configuration to manage my hosts running [NixOS](https://nixos.org/) and macOS. This repo stores nix to manage my machines running [NixOS](https://nixos.org/) and macOS.
The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment. The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment.
```console ## Setup
macchina
a8888b. Host - dave@hephaestus > on macOS: install the latest unstable nix from https://github.com/numtide/nix-unstable-installer (for nix flakes),
d888888b. Machine - Micro-Star International Co., Ltd MS-7C02 1.0 > and nix-darwin: https://github.com/LnL7/nix-darwin
8P"YP"Y88 Kernel - 6.12.61
8|o||o|88 Distro - NixOS 25.11 (Xantusia)
8' .88 DE - KDE
8`._.' Y8. Packages - 1 (cargo), 10998 (nix)
d/ `8b. Shell - fish
dP Y8b. Terminal - alacritty
d8: ::88b. Resolution - 2560x1440, 3840x2160
d8" 'Y88b Uptime - 26m
:8P :888 CPU - AMD Ryzen 7 5700X 8-Core Processor (16)
8a. _a88P CPU Load - 8%
._/"Yaa .| 88P| Memory - 10.7 GB / 32.8 GB
\ YP" `| `.
/ \.___.d| .'
`--..__) `._.'
```
## Prerequisites Recipes are stored in a justfile. [just](https://github.com/casey/just) is required.
- [NixOS](nixos.org) (Linux) To run a rebuild:
- [just](https://github.com/casey/just)
## Build
To run a build/rebuild:
```sh ```sh
just rebuild just rebuild
@@ -64,21 +43,6 @@ To cleanup previous files, run nix garbage collection:
just clean just clean
``` ```
## Restoring from a live USB ## Pre-commit hooks
If the bootloader for some reason breaks (i.e. motherboard firmware upgrade), restore it from a live USB by running the following commands: Pre-commit hooks are automatically activated when [direnv](https://github.com/direnv/direnv) is installed.
```console
$ sudo cryptsetup luksOpen /dev/nvme0n1p2 crypted-nixos
Enter passphrase for /dev/nvme0n1p2: ********
$ sudo mount /dev/vg/root /mnt
$ sudo mount /dev/nvme0n1p1 /mnt/boot/efi
$ sudo nixos-enter --root /mnt
$ hostname <hostname>
```
Navigate to the nix-config directory and run:
```sh
just rebuild-boot
```

13
default.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nix-pre-commit-hooks = import (
builtins.fetchTarball "https://github.com/cachix/git-hooks.nix/tarball/master"
);
in
{
pre-commit-check = nix-pre-commit-hooks.run {
src = ./.;
hooks = {
shellcheck.enable = true;
};
};
}

869
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

174
flake.nix
View File

@@ -2,106 +2,71 @@
description = "nixos and macos configurations"; description = "nixos and macos configurations";
inputs = { inputs = {
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; fh.url = "https://flakehub.com/f/DeterminateSystems/fh/*";
nixpkgs-unstable.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1";
nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*";
darwin = { darwin = {
url = "github:lnl7/nix-darwin/nix-darwin-25.11"; url = "github:lnl7/nix-darwin/nix-darwin-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager.url = "github:nix-community/home-manager/release-25.11"; home-manager.url = "https://flakehub.com/f/nix-community/home-manager/*";
nixvim = { nixvim = {
url = "github:nix-community/nixvim/nixos-25.11"; url = "github:nix-community/nixvim/nixos-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
vpngate.url = "github:davegallant/vpngate"; # stylix.url = "https://flakehub.com/f/danth/stylix/*";
weathr.url = "github:Veirt/weathr"; stylix.url = "github:danth/stylix/release-24.11";
}; };
outputs = outputs =
{ {
darwin, darwin,
fh,
determinate,
home-manager, home-manager,
nixpkgs, nixpkgs,
nixpkgs-unstable, nixpkgs-unstable,
vpngate, stylix,
weathr,
... ...
}@inputs: }@inputs:
let
mkUnstable =
system:
import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
mkSharedModules =
{
username,
system,
hmModule,
extraModules ? [ ],
}:
let
unstable = mkUnstable system;
in
[
./packages.nix
hmModule
(
{ ... }:
{
config = {
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [ (import ./overlays) ];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.${username}.imports = [
./home.nix
inputs.nixvim.homeModules.nixvim
weathr.homeModules.weathr
];
extraSpecialArgs = { inherit unstable; };
};
};
}
)
]
++ extraModules;
in
{ {
nixosConfigurations = nixosConfigurations =
let let
system = "x86_64-linux"; unstable = import nixpkgs-unstable {
unstable = mkUnstable system; system = "x86_64-linux";
config.allowUnfree = true;
};
in in
{ {
hephaestus = nixpkgs.lib.nixosSystem { hephaestus = nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
inherit inherit fh;
unstable inherit unstable;
vpngate
inputs
;
}; };
modules = mkSharedModules { modules = [
username = "dave"; ./fonts.nix
inherit system; ./machines/hephaestus/configuration.nix
hmModule = home-manager.nixosModules.home-manager; ./packages.nix
extraModules = [ ./services/netdata/default.nix
./hosts/hephaestus.nix ./upgrade-diff.nix
( determinate.nixosModules.default
{ ... }: home-manager.nixosModules.home-manager
{ stylix.nixosModules.stylix
config.nix = { (
{ ... }:
{
config = {
nix = {
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
sandbox = false;
substituters = [ "https://davegallant.cachix.org" ]; substituters = [ "https://davegallant.cachix.org" ];
trusted-users = [ "root" ]; trusted-users = [
trusted-public-keys = [ "root"
"davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08=" "dave"
]; ];
trusted-public-keys = [ "davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08=" ];
}; };
registry = { registry = {
nixpkgs.flake = nixpkgs; nixpkgs.flake = nixpkgs;
@@ -112,32 +77,69 @@
options = "--delete-older-than 14d"; options = "--delete-older-than 14d";
}; };
}; };
}
) nixpkgs.overlays = [ (import ./overlays) ];
];
}; home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.dave.imports = [
./home/default.nix
inputs.nixvim.homeManagerModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
};
};
};
}
)
];
}; };
}; };
darwinConfigurations = darwinConfigurations =
let let
system = "aarch64-darwin"; system = "aarch64-darwin";
unstable = mkUnstable system; unstable = import nixpkgs-unstable {
config.allowUnfree = true;
inherit system;
};
in in
{ {
zelus = darwin.lib.darwinSystem { zelus = darwin.lib.darwinSystem {
inherit system; inherit system;
specialArgs = { specialArgs = {
inherit unstable inputs; inherit unstable;
};
modules = mkSharedModules {
username = "dave.gallant";
inherit system;
hmModule = home-manager.darwinModules.home-manager;
extraModules = [
./hosts/zelus.nix
];
}; };
modules = [
home-manager.darwinModules.home-manager
stylix.darwinModules.stylix
./machines/zelus/configuration.nix
./packages.nix
./upgrade-diff.nix
(
{ ... }:
{
config = {
nixpkgs.overlays = [ (import ./overlays) ];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users."dave.gallant".imports = [
./home/default.nix
inputs.nixvim.homeManagerModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
};
};
};
}
)
];
}; };
}; };
}; };

24
fonts.nix Normal file
View File

@@ -0,0 +1,24 @@
{ pkgs, ... }:
{
fonts.packages = with pkgs; [
dejavu_fonts
fira-code
fira-code-symbols
fira-mono
font-awesome
google-fonts
liberation_ttf
nerdfonts
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
}

331
home.nix → home/default.nix
View File

@@ -8,10 +8,33 @@ let
inherit (pkgs) stdenv; inherit (pkgs) stdenv;
in in
{ {
home.stateVersion = "25.11"; home.stateVersion = "24.11";
home.packages = with pkgs; [ just ]; home.packages = with pkgs; [ just ];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
targets = {
alacritty.enable = true;
vscode.enable = false; # overrides synced settings
};
opacity.terminal = 1.0;
fonts.sizes = if stdenv.isLinux then { terminal = 20; } else { terminal = 16; };
fonts.monospace = {
name = "FiraCode Nerd Font Mono";
package = "${pkgs.fira-mono}";
};
fonts.sansSerif = {
name = "FiraCode Nerd Font";
package = "${pkgs.fira-code}";
};
};
services = { services = {
gpg-agent = { gpg-agent = {
enable = stdenv.isLinux; enable = stdenv.isLinux;
@@ -21,6 +44,8 @@ in
}; };
}; };
services.lorri.enable = stdenv.isLinux;
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
programs = { programs = {
@@ -28,43 +53,53 @@ in
direnv.enable = true; direnv.enable = true;
diff-so-fancy = {
enable = true;
enableGitIntegration = true;
};
git = { git = {
enable = true; enable = true;
userName = "Dave Gallant";
lfs.enable = true; lfs.enable = true;
settings = { aliases = {
user.name = "Dave Gallant"; aa = "add -A .";
user.signingkey = "5A548984C7377E4D"; br = "branch";
commit.gpgsign = true; c = "commit -S";
tag.gpgsign = true; ca = "commit -S --amend";
alias = { cane = "commit -S --amend --no-edit";
aa = "add -A ."; cb = "checkout -b";
br = "branch"; co = "checkout";
c = "commit"; cmp = "! git checkout main && git pl";
cm = "commit -m"; d = "diff";
ca = "commit --amend"; dc = "diff --cached";
cane = "commit --amend --no-edit"; dcn = "diff --cached --name-only";
cb = "checkout -b"; ds = "! git diff origin | sed -r 's/value: (.*)/value: \"************\"/'";
cmp = "! git checkout main && git pl"; l = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
co = "checkout"; ms = "merge --squash";
d = "diff"; p = "push origin";
dc = "diff --cached"; pf = "push -f";
dcn = "diff --cached --name-only"; pl = "! git pull origin $(git rev-parse --abbrev-ref HEAD)";
l = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"; st = "status";
ms = "merge --squash"; wip = "for-each-ref --sort='authordate:iso8601' --format=' %(color:green)%(authordate:relative)%09%(color:white)%(refname:short)' refs/heads";
p = "push origin"; };
pf = "push -f";
pl = "! git pull origin $(git rev-parse --abbrev-ref HEAD)"; includes = [ { path = "~/.gitconfig-work"; } ];
pom = "pull origin main";
st = "status"; delta = {
wip = "for-each-ref --sort='authordate:iso8601' --format=' %(color:green)%(authordate:relative)%09%(color:white)%(refname:short)' refs/heads"; enable = true;
options = {
features = "line-numbers decorations";
whitespace-error-style = "22 reverse";
plus-style = "green bold ul '#198214'";
decorations = {
commit-decoration-style = "bold yellow box ul";
file-style = "bold yellow ul";
file-decoration-style = "none";
};
}; };
};
extraConfig = {
push = { push = {
default = "current"; default = "current";
}; };
@@ -72,35 +107,15 @@ in
rebase = true; rebase = true;
}; };
}; };
includes = [ { path = "~/.gitconfig-work"; } ];
};
alacritty = {
enable = stdenv.isLinux;
settings = {
window.padding.x = 10;
window.padding.y = 10;
scrolling.history = 100000;
general.live_config_reload = true;
terminal.shell = {
program = "fish";
};
font = {
size = lib.mkForce 14.0;
};
window = {
opacity = lib.mkForce 0.9;
};
};
}; };
starship = { starship = {
enable = true; enable = true;
enableFishIntegration = true; enableZshIntegration = true;
settings = { settings = {
add_newline = false; add_newline = false;
scan_timeout = 10;
gcloud = { gcloud = {
format = ""; format = "";
}; };
@@ -110,46 +125,63 @@ in
}; };
}; };
fish = { zsh = {
enable = true; enable = true;
autosuggestion.enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
history.size = 1000000;
interactiveShellInit = '' localVariables = {
set fish_greeting CASE_SENSITIVE = "true";
DISABLE_UNTRACKED_FILES_DIRTY = "true";
RPROMPT = ""; # override because macOS defaults to filepath
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#838383,underline";
ZSH_DISABLE_COMPFIX = "true";
};
bind \cw backward-kill-word envExtra = ''
export PAGER=less
export EDITOR=vim
export DOCKER_CLI_HINTS=false
export TERM=xterm-256color
set -x DOCKER_CLI_HINTS false export PATH=$PATH:~/.cargo/bin
set -x DOCKER_DEFAULT_PLATFORM linux/amd64 export PATH=$PATH:~/.local/bin
set -x EDITOR vim export PATH=$PATH:~/.npm-packages/bin
set -x NNN_FIFO "$XDG_RUNTIME_DIR/nnn.fifo" export PATH=$PATH:/opt/homebrew/bin
set -x PAGER less export PATH=$PATH:~/.krew/bin
${lib.optionalString pkgs.stdenv.isLinux "set -x SSH_AUTH_SOCK /home/dave/.bitwarden-ssh-agent.sock"} export PATH=$PATH:~/bin
set -x TERM xterm-256color export GOPATH=~/go
export GOBIN=$GOPATH/bin
set -x PATH $PATH \ export PATH=$PATH:$GOBIN
~/.cargo/bin \
~/.local/bin \
~/.npm-packages/bin \
/opt/homebrew/bin \
~/.krew/bin \
~/bin
# golang
set -x GOPATH ~/go
set -x GOBIN $GOPATH/bin
set -x PATH $PATH $GOBIN
source $HOME/work.fish
''; '';
shellInit = '' initExtra = ''
atuin init fish | source setopt noincappendhistory
helm completion fish | source
kubectl completion fish | source source $HOME/.zsh-work
if [[ "$OSTYPE" == "darwin"* ]];
then
export PATH="$(brew --prefix)/opt/gnu-tar/libexec/gnubin:$PATH"
alias xdg-open=open
fi
source <(helm completion zsh)
source <(kubectl completion zsh)
eval "$(atuin init zsh)"
# kubecolor
source <(kubectl completion zsh)
alias kubectl=kubecolor
# make completion work with kubecolor
compdef kubecolor=kubectl
''; '';
shellAliases = { shellAliases = {
".." = "cd .."; ".." = "cd ..";
c = "code";
g = "git"; g = "git";
gc = "git checkout $(git branch | fzf)"; gc = "git checkout $(git branch | fzf)";
gco = "git checkout $(git branch -r | sed -e 's/^ origin\\///' | fzf)"; gco = "git checkout $(git branch -r | sed -e 's/^ origin\\///' | fzf)";
@@ -158,58 +190,32 @@ in
grep = "rg --smart-case"; grep = "rg --smart-case";
j = "just"; j = "just";
k = "kubecolor"; k = "kubecolor";
kubectl = "kubecolor";
kp = "viddy 'kubectl get pods'"; kp = "viddy 'kubectl get pods'";
kcx = "kubectx"; kcx = "kubectx";
kns = "kubens"; kns = "kubens";
l = "eza -la --git --group-directories-first"; l = "eza -la --git --group-directories-first";
m = "make"; m = "make";
nix-install = "nix-env -iA"; nix-install = "nix-env -iA";
t = "cd $(cd-fzf)"; ps = "procs";
t = "cd-fzf";
tf = "terraform"; tf = "terraform";
tree = "eza --tree"; tree = "eza --tree";
v = "nvim"; v = "nvim";
} };
// lib.optionalAttrs stdenv.isLinux {
zed = "env WAYLAND_DISPLAY='' zeditor"; # BUG: zed captures shift+v and g space on wayland "oh-my-zsh" = {
enable = true;
}; };
}; };
go = { go = {
enable = true; enable = true;
package = unstable.go;
}; };
fzf = { fzf = {
enable = true; enable = true;
}; };
nnn = {
enable = stdenv.isLinux;
package = pkgs.nnn.override ({ withNerdIcons = true; });
bookmarks = {
d = "~/Downloads";
p = "~/src/";
c = "~/.config";
h = "~";
};
extraPackages = with pkgs; [
bat
eza
fzf
imv
mediainfo
ffmpegthumbnailer
];
plugins = {
src = "${pkgs.nnn.src}/plugins";
mappings = {
p = "preview-tui";
o = "fzopen";
};
};
};
nixvim = { nixvim = {
enable = true; enable = true;
viAlias = true; viAlias = true;
@@ -265,19 +271,6 @@ in
cmp-path.enable = true; cmp-path.enable = true;
cmp-treesitter.enable = true; cmp-treesitter.enable = true;
commentary.enable = true; commentary.enable = true;
codecompanion = {
enable = true;
settings = {
interactions = {
chat = {
adapter = "copilot";
};
inline = {
adapter = "copilot";
};
};
};
};
diffview.enable = true; diffview.enable = true;
gitblame.enable = true; gitblame.enable = true;
gitsigns.enable = true; gitsigns.enable = true;
@@ -285,6 +278,7 @@ in
lualine.enable = true; lualine.enable = true;
lsp.enable = true; lsp.enable = true;
lsp.servers = { lsp.servers = {
ansiblels.enable = true;
bashls.enable = true; bashls.enable = true;
dockerls.enable = true; dockerls.enable = true;
gopls.enable = true; gopls.enable = true;
@@ -304,6 +298,10 @@ in
}; };
cmp.enable = true; cmp.enable = true;
nvim-tree.enable = true; nvim-tree.enable = true;
packer = {
enable = true;
plugins = [ ];
};
rainbow-delimiters.enable = true; rainbow-delimiters.enable = true;
treesitter.enable = true; treesitter.enable = true;
telescope = { telescope = {
@@ -401,70 +399,27 @@ in
''; '';
}; };
mangohud = { vscode = {
enable = stdenv.isLinux;
settings = {
font_size = 16;
position = "top-right";
toggle_hud = "Shift_R+F1";
};
};
weathr = {
enable = true; enable = true;
settings = { package = pkgs.vscode;
hide_hud = true; extensions =
}; with pkgs.vscode-extensions;
}; [
bbenoist.nix
zed-editor = { github.vscode-pull-request-github
enable = stdenv.isLinux; golang.go
package = unstable.zed-editor; hashicorp.terraform
extensions = [ ms-dotnettools.csharp
"ansible" ms-kubernetes-tools.vscode-kubernetes-tools
"dockerfile" redhat.vscode-yaml
"html" ]
"make" ++ lib.optionals stdenv.isLinux [ ms-python.python ];
"material-icon-theme"
"nix"
"toml"
"vue"
];
userSettings = {
icon_theme = "Material Icon Theme";
vim_mode = true;
vim = {
use_system_clipboard = "on_yank";
};
autosave = "on_focus_change";
format_on_save = "off";
ui_font_size = 18;
buffer_font_size = 16;
};
userKeymaps = [
{
context = "Editor && !menu";
bindings = {
"ctrl-shift-c" = "editor::Copy";
"ctrl-shift-x" = "editor::Cut";
"ctrl-shift-v" = "editor::Paste";
"ctrl-z" = "editor::Undo";
};
}
{
context = "vim_mode == normal";
bindings = {
"g space" = "editor::OpenExcerpts";
"shift-v" = "vim::ToggleVisualLine";
};
}
];
}; };
firefox = { firefox = {
enable = stdenv.isLinux; enable = stdenv.isLinux;
package = pkgs.librewolf; package = unstable.librewolf;
profiles = { profiles = {
default = { default = {

121
hosts/zelus.nix
View File

@@ -1,121 +0,0 @@
{ pkgs, ... }:
{
networking = {
hostName = "zelus";
};
nix.enable = false;
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
users.users."dave.gallant".shell = pkgs.fish;
programs.fish.enable = true;
system.primaryUser = "dave.gallant";
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
tilesize = 50;
orientation = "bottom";
persistent-apps = [
"/Applications/iTerm.app"
"/Applications/Google Chrome.app"
"/Applications/LibreWolf.app"
"/Applications/Obsidian.app"
"/Applications/Slack.app"
"/Applications/zoom.us.app"
];
};
NSGlobalDomain.AppleShowAllExtensions = true;
NSGlobalDomain.AppleShowScrollBars = "Always";
NSGlobalDomain.NSUseAnimatedFocusRing = false;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode = true;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode2 = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint2 = true;
NSGlobalDomain.NSDocumentSaveNewDocumentsToCloud = false;
NSGlobalDomain.ApplePressAndHoldEnabled = false;
NSGlobalDomain.InitialKeyRepeat = 25;
NSGlobalDomain.KeyRepeat = 2;
NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
NSGlobalDomain.NSWindowShouldDragOnGesture = true;
NSGlobalDomain.NSAutomaticSpellingCorrectionEnabled = false;
LaunchServices.LSQuarantine = false; # disables "Are you sure?" for new apps
loginwindow.GuestEnabled = false;
finder.FXPreferredViewStyle = "Nlsv";
};
security.pam.services.sudo_local.touchIdAuth = true;
homebrew = {
enable = true;
onActivation = {
cleanup = "zap";
autoUpdate = true;
upgrade = true;
};
global = {
brewfile = true;
};
brews = [
"argocd"
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"k6"
"node"
"oras"
"peon-ping"
"vault"
];
casks = [
"discord"
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"headlamp"
"iterm2"
"karabiner-elements"
"knockknock"
"librewolf"
"lulu"
"notunes"
"obsidian"
"raycast"
"rectangle"
"signal"
"slack"
"spotify"
"stats"
"steam"
"taskexplorer"
"tailscale-app"
"vlc"
"whisky"
"zed"
];
taps = [
"hashicorp/tap"
"PeonPing/tap"
];
};
}

13
justfile
View File

@@ -5,26 +5,23 @@ alias r := rebuild
arch := `uname -s` arch := `uname -s`
cmd := if arch == "Linux" { "nixos-rebuild --sudo" } else { "sudo darwin-rebuild" } cmd := if arch == "Linux" { "nixos-rebuild --use-remote-sudo" } else { "darwin-rebuild" }
rebuild: rebuild:
$cmd switch --flake . sudo $cmd switch --flake . -I nixos-config="machines/$(hostname)/configuration.nix"
rebuild-boot:
$cmd boot --flake . --install-bootloader
rollback: rollback:
sudo $cmd switch --rollback --flake . $cmd switch --rollback --flake .
channel-update: channel-update:
nix-channel --update nix-channel --update
sudo nix-channel --update sudo nix-channel --update
update: update:
@./update-flake.sh @./nix-flake-update.sh
fmt: fmt:
fd -e nix -x nixfmt nixfmt .
clean: clean:
echo 'Cleaning user...' echo 'Cleaning user...'

233
hosts/hephaestus.nix → machines/hephaestus/configuration.nix
View File

@@ -1,29 +1,35 @@
{ {
config, config,
fh,
lib, lib,
modulesPath, modulesPath,
pkgs, pkgs,
unstable, unstable,
... ...
}: }:
let
gnomeExtensions = with pkgs.gnomeExtensions; [
caffeine
];
in
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
security.sudo-rs = { stylix = {
enable = true; enable = true;
execWheelOnly = true; base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
wheelNeedsPassword = true; image = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/davegallant/nix-config/refs/heads/main/nixos-wallpaper.png";
sha256 = "Ztqn9+CHslr6wZdnOTeo/YNi/ICerpcFLyMArsZ/PIY=";
};
polarity = "dark";
fonts.sizes.desktop = 24;
}; };
boot = { boot = {
kernelModules = [ kernelModules = [ "kvm-amd" ];
"kvm-amd" kernelPackages = pkgs.linuxPackages_latest;
];
kernelPackages = pkgs.linuxPackages;
kernelParams = [
"amd_iommu=on"
];
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
@@ -51,7 +57,7 @@
]; ];
luks.devices."root" = { luks.devices."root" = {
allowDiscards = true; allowDiscards = true;
device = "/dev/disk/by-uuid/89a14ac5-7723-4a0a-bb95-fb2fb2e92160"; device = "/dev/disk/by-uuid/21cd166c-1528-49a4-b31b-0d408d48aa80";
preLVM = true; preLVM = true;
keyFile = "./keyfile0.bin"; keyFile = "./keyfile0.bin";
}; };
@@ -61,13 +67,62 @@
}; };
}; };
environment.systemPackages =
with pkgs;
[
albert
android-studio
android-tools
bleachbit
calibre
chromium
cryptsetup
discord
docker-compose
fh.packages.x86_64-linux.default
freefilesync
gimp-with-plugins
gnome-tweaks
httpie-desktop
iputils
libation
mission-center
netdata
nfs-utils
onlyoffice-desktopeditors
opensnitch-ui
pavucontrol
pika-backup
pinentry-curses
protonvpn-gui
qemu
ryujinx
traceroute
unityhub
unstable.ghostty
unstable.obsidian
unstable.signal-desktop
unstable.tailscale
unstable.zoom-us
usbutils
virt-manager
vlc
whois
wine
]
++ gnomeExtensions;
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/7f4f0948-041c-47e9-ab28-53132026f158"; device = "/dev/disk/by-uuid/a6723178-6f18-428e-b541-9ac901861125";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-uuid/e3ab2e1a-bddf-4ae0-b00a-bf954c6c182b";
fsType = "ext4"; fsType = "ext4";
}; };
"/boot/efi" = { "/boot/efi" = {
device = "/dev/disk/by-uuid/F1BD-5227"; device = "/dev/disk/by-uuid/3CFD-D749";
fsType = "vfat"; fsType = "vfat";
}; };
"/mnt/synology-2b/media" = { "/mnt/synology-2b/media" = {
@@ -75,35 +130,18 @@
fsType = "nfs"; fsType = "nfs";
}; };
"/mnt/truenas/home/backups" = { "/mnt/truenas/home/backups" = {
device = "192.168.1.132:/mnt/wd4t/data/home/backup/"; device = "192.168.1.32:/mnt/wd4t/data/home/backup/";
fsType = "nfs"; fsType = "nfs";
}; };
}; };
fonts.packages = with pkgs; [ nixpkgs = {
dejavu_fonts hostPlatform = "x86_64-linux";
fira-mono config = {
font-awesome allowUnfree = true;
liberation_ttf };
nerd-fonts.droid-sans-mono
nerd-fonts.fira-code
nerd-fonts.symbols-only
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
}; };
nixpkgs.hostPlatform = "x86_64-linux";
networking = { networking = {
iproute2.enable = true; iproute2.enable = true;
hostName = "hephaestus"; hostName = "hephaestus";
@@ -123,85 +161,28 @@
}; };
}; };
users.users.beszel = {
isSystemUser = true;
group = "beszel";
description = "Beszel Agent service user";
};
users.groups.beszel = { };
systemd.services = { systemd.services = {
NetworkManager-wait-online.enable = false; NetworkManager-wait-online.enable = false;
beszel-agent = {
description = "Beszel Agent Service";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Environment = [
"PORT=45876"
''KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaNtnkc+3+fJU+bTO6fibID9FHgFjei0sjJNqvcYtG8"''
];
ExecStart = "${lib.getBin unstable.beszel}/bin/beszel-agent";
User = "beszel";
Restart = "always";
RestartSec = 5;
};
};
};
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
services.ollama = {
package = pkgs.ollama;
enable = true;
acceleration = "rocm";
host = "0.0.0.0";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.2";
};
loadModels = [
"qwen2.5-coder:7b"
];
}; };
system = { system = {
autoUpgrade.enable = true; autoUpgrade.enable = true;
stateVersion = "25.11"; stateVersion = "24.11";
activationScripts = {
diff = {
supportsDryActivation = true;
text = ''
if [[ -e /run/current-system ]]; then
echo -e "\e[36mPackage version diffs:\e[0m"
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
fi
'';
};
};
}; };
nix = { nix = {
extraOptions = "experimental-features = nix-command flakes"; extraOptions = "experimental-features = nix-command flakes";
settings.trusted-users = [
"root"
"@wheel"
];
}; };
users.users.dave = { users.users.dave = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
"docker" "docker"
"libvirtd"
"wheel" "wheel"
"libvirtd"
"corectrl"
]; ];
shell = pkgs.fish; shell = pkgs.zsh;
}; };
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@@ -214,8 +195,6 @@
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
hardware.bluetooth.enable = true;
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
@@ -223,24 +202,19 @@
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
documentation.man.generateCaches = false;
programs = { programs = {
fish.enable = true;
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
}; };
kdeconnect.enable = true;
nix-ld.enable = true; nix-ld.enable = true;
steam = { steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
}; };
zsh.enable = true;
}; };
services.flatpak.enable = true;
services.avahi = { services.avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
@@ -254,14 +228,9 @@
}; };
}; };
security.rtkit.enable = true; services.flatpak.enable = true;
services.pipewire.enable = true;
services = { services.gnome.gnome-keyring.enable = true;
desktopManager.plasma6.enable = true;
displayManager.sddm.enable = true;
displayManager.sddm.wayland.enable = true;
};
services.printing.enable = true; services.printing.enable = true;
@@ -274,8 +243,43 @@
package = unstable.tailscale; package = unstable.tailscale;
}; };
services.clamav.daemon.enable = true; services.xserver = {
services.clamav.updater.enable = true; enable = true;
displayManager = {
gdm = {
enable = true;
wayland = true;
};
};
desktopManager.gnome.enable = true;
videoDrivers = [ "amdgpu" ];
};
services.ollama = {
package = unstable.ollama;
enable = true;
acceleration = "rocm";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.2";
};
loadModels = [
"deepseek-r1:8b"
"dolphin3:8b"
];
};
services.open-webui = {
enable = true;
package = unstable.open-webui;
host = "0.0.0.0";
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434/api";
OLLAMA_BASE_URL = "http://127.0.0.1:11434";
};
};
services.opensnitch = { services.opensnitch = {
enable = true; enable = true;
@@ -423,6 +427,7 @@
virtualisation = { virtualisation = {
docker.enable = true; docker.enable = true;
podman.enable = true;
libvirtd = { libvirtd = {
enable = true; enable = true;
qemu.swtpm.enable = true; qemu.swtpm.enable = true;

119
machines/zelus/configuration.nix Normal file
View File

@@ -0,0 +1,119 @@
{ pkgs, ... }:
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
networking = {
hostName = "zelus";
};
services.nix-daemon.enable = true;
nix.extraOptions = "experimental-features = nix-command flakes";
nix.package = pkgs.nixVersions.stable;
programs.zsh = {
enable = true;
# https://github.com/nix-community/home-manager/issues/108#issuecomment-340397178
enableCompletion = false;
};
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
environment = {
variables = {
LANG = "en_US.UTF-8";
};
};
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 1.0;
tilesize = 50;
static-only = false;
showhidden = false;
show-recents = false;
show-process-indicators = true;
orientation = "bottom";
mru-spaces = false;
};
NSGlobalDomain = {
"com.apple.sound.beep.feedback" = 0;
"com.apple.sound.beep.volume" = 0.0;
ApplePressAndHoldEnabled = false;
InitialKeyRepeat = 10;
KeyRepeat = 2;
AppleShowAllExtensions = true;
AppleShowScrollBars = "Automatic";
};
};
homebrew = {
enable = true;
onActivation.autoUpdate = false;
onActivation.upgrade = false;
global = {
brewfile = true;
};
brews = [
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"netdata"
"node"
"podman"
"podman-compose"
];
casks = [
"karabiner-elements"
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"iterm2"
"knockknock"
"librewolf"
"logseq"
"lulu"
"mitmproxy"
"notunes"
"postman"
"raycast"
"rectangle"
"stats"
"taskexplorer"
];
taps = [
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
stylix = {
# enable = true;
image = "/Library/tokyo-night.jpg";
};
}

4
update-flake.sh → nix-flake-update.sh
View File

@@ -2,10 +2,6 @@
set -euo pipefail set -euo pipefail
if ! git diff-index --quiet HEAD --; then
git stash push -m "Auto-stash via update-flake.sh on $(date)"
fi
git pull git pull
update_msg=$(nix flake update 2>&1 | grep -v 'warning:') update_msg=$(nix flake update 2>&1 | grep -v 'warning:')
just rebuild just rebuild

BIN
nixos-wallpaper.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 297 KiB

3
overlays/cd-fzf/cd-fzf
View File

@@ -13,4 +13,5 @@ if [[ -z $selected ]]; then
exit 0 exit 0
fi fi
echo "$selected" cd "$selected"
$SHELL

22
overlays/cd-fzf/default.nix
View File

@@ -1,13 +1,19 @@
{ stdenv, lib }: {
stdenv.mkDerivation { stdenv,
lib,
fetchurl,
}:
stdenv.mkDerivation rec {
pname = "cd-fzf"; pname = "cd-fzf";
version = "0.0.1"; version = "0.0.1";
src = ./.; executable = ./cd-fzf;
installPhase = '' phases = [ "unpackPhase" ]; # Remove all other phases
install -Dm755 cd-fzf $out/bin/cd-fzf unpackPhase = ''
mkdir -p $out/bin
cp ${executable} $out/bin/cd-fzf
''; '';
meta = { meta = with lib; {
description = "Fuzzy find change directory"; description = "\n Fuzzy find change directory";
platforms = lib.platforms.unix; platforms = platforms.unix;
}; };
} }

1
overlays/default.nix
View File

@@ -1,3 +1,4 @@
final: prev: { final: prev: {
cd-fzf = prev.callPackage ./cd-fzf { }; cd-fzf = prev.callPackage ./cd-fzf { };
vpngate = prev.callPackage ./vpngate { };
} }

28
overlays/vpngate/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{
lib,
fetchFromGitHub,
buildGoModule,
}:
buildGoModule rec {
pname = "vpngate";
version = "v0.3.0";
vendorHash = "sha256-4JeVXLoiXdZoQM76cHOt5i31ZZGTId0rt8RkMH62/EM=";
src = fetchFromGitHub {
owner = "davegallant";
repo = "vpngate";
rev = version;
sha256 = "sha256-P3eQvdUfjpq4a0Q2Hxby4zZ2uTSPjG1oXHxt8cW6fTQ=";
};
doCheck = false;
meta = with lib; {
homepage = "https://www.vpngate.net";
description = "a client for vpngate.net";
license = licenses.gpl3;
maintainers = with maintainers; [ davegallant ];
platforms = platforms.linux ++ platforms.darwin;
};
}

229
packages.nix
View File

@@ -1,168 +1,109 @@
{ {
pkgs, config,
lib, lib,
pkgs,
unstable, unstable,
vpngate,
... ...
}: }:
let let
inherit (pkgs) stdenv; inherit (pkgs) stdenv;
in in
{ {
environment.systemPackages = environment.systemPackages = with pkgs; [
with pkgs; # essentials
[ curl
# essentials gnumake
curl gnupg
gnumake jq
gnupg unzip
jq xclip
unzip xdg-utils
zip zip
# modern cli # modern cli
atuin bat
bat cd-fzf
cd-fzf doggo
doggo eza
eza fd
fd hadolint
github-cli nodePackages.eslint
hadolint oha
lazygit pre-commit
macchina progress
ncdu ripgrep
progress shellcheck
ripgrep shfmt
shellcheck tldr
shfmt atuin
viddy
yq-go
# containers github-cli
unstable.k9s viddy
unstable.krew yq-go
unstable.kubecolor
unstable.kubectl
unstable.kubectx
unstable.kubernetes-helm
unstable.stern
# cloud # containers
awscli2 krew
google-cloud-sdk kubecolor
terraform kubectl
kubectx
minikube
stern
dive
helm-docs
k9s
kubernetes-helm
# lsp # cloud
nodePackages.bash-language-server awscli2
nodePackages.eslint google-cloud-sdk
nodePackages.yaml-language-server terraform
terraform-ls
# monitoring # lsp
btop nodePackages.bash-language-server
nodePackages.yaml-language-server
terraform-ls
# golang # monitoring
gofumpt htop
golangci-lint procs
gopls
# rust # golang
rustup gofumpt
golangci-lint
gopls
# nix # rust
nix-tree rustup
nixfmt-rfc-style
nixpkgs-review
nvd
# python # js
virtualenv nodejs
nodePackages.prettier
nodePackages.yarn
# media # networking
yt-dlp arp-scan
] dnsutils
++ lib.optionals stdenv.isLinux [ iperf
xclip nmap
xdg-utils openssl
openvpn
tcpdump
vpngate
# networking # rice
arp-scan fastfetch
dnsutils
iperf
nmap
openssl
openvpn
tcpdump
# desktop apps # nix
bitwarden-desktop nix-tree
dbeaver-bin nixfmt-rfc-style
discord nixpkgs-review
feishin
freefilesync
gimp-with-plugins
google-chrome
httpie-desktop
onlyoffice-desktopeditors
pika-backup
pinta
qbittorrent
unstable.obsidian
unstable.podman-desktop
unstable.signal-desktop-bin
unstable.zoom-us
# gaming # python
heroic poetry
ludusavi python313
mupen64plus virtualenv
protonup-qt
unstable.ryubing
unstable.lutris
wine
# kde # media
kdePackages.bluedevil yt-dlp
kdePackages.kcalc ];
kdePackages.kcharselect
kdePackages.kclock
kdePackages.kcolorchooser
kdePackages.ksystemlog
kdePackages.partitionmanager
kdePackages.sddm-kcm
# media
calibre
libation
unstable.spotify
vlc
# networking
iputils
traceroute
unstable.ktailctl
unstable.tailscale
vpngate.packages.x86_64-linux.default
whois
# security
bleachbit
clamtk
cryptsetup
opensnitch-ui
pinentry-curses
# system utilities
hardinfo2
nfs-utils
pciutils
qemu
unrar
unstable.beszel
usbutils
virt-manager
wayland-utils
wl-clipboard
];
} }

43
services/netdata/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{ config, pkgs, ... }:
let
netdata = pkgs.netdata;
netdataConf = ./netdata.conf;
netdataDir = "/var/lib/netdata";
in
{
users.extraGroups.netdata.gid = 220008;
users.users.netdata.group = "netdata";
users.extraUsers.netdata = {
description = "Netdata server user";
isSystemUser = true;
name = "netdata";
uid = 200008;
};
systemd.services.netdata = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p ${netdataDir}/config
mkdir -p ${netdataDir}/logs
cp -r ${netdata}/share/netdata/web ${netdataDir}/web
chmod -R 700 ${netdataDir}
chown -R netdata:netdata ${netdataDir}
'';
serviceConfig = {
Type = "forking";
ExecStart = "${netdata}/bin/netdata -c ${netdataConf} -u netdata";
Restart = "on-failure";
};
};
services.nginx.httpConfig = ''
server {
server_name netdata.thume.net;
location / {
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:19999;
}
}
'';
}

21
services/netdata/netdata.conf Normal file
View File

@@ -0,0 +1,21 @@
[global]
run as user = netdata
config directory = /var/lib/netdata/config
web files directory = /var/lib/netdata/web
cache directory = /var/lib/netdata
log directory = /var/lib/netdata/logs
# the default database size - 1 hour
history = 3600
# some defaults to run netdata with least priority
process scheduling policy = idle
OOM score = 1000
[web]
# web files owner = root
web files group = netdata
# by default do not expose the netdata port
bind to = localhost

13
shell.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-24.11";
pkgs = import nixpkgs {
config = { };
overlays = [ ];
};
in
pkgs.mkShell {
shellHook = ''
${(import ./default.nix).pre-commit-check.shellHook}
'';
}

9
upgrade-diff.nix Normal file
View File

@@ -0,0 +1,9 @@
{ pkgs, ... }:
{
system.activationScripts.diff = {
supportsDryActivation = true;
text = ''
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
'';
};
}