dave/nix-config
1
0
Fork 0
mirror of https://github.com/davegallant/nix-config synced 2026-01-14 07:34:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dave:main
Branches Tags
dave:main
..
compare: dave:eee3f2e9a3e2d05108354d52b4fa9bc6cd6a4a83
Branches Tags
dave:main

1 Commits
main ... eee3f2e9a3

Author SHA1 Message Date
Dave Gallant
eee3f2e9a3 Cleanup hephaestus 2025-04-06 12:52:42 -04:00
22 changed files with 1215 additions and 676 deletions
Expand all files Collapse all files

5
.envrc Normal file
View File

@@ -0,0 +1,5 @@
if has lorri; then
eval "$(lorri direnv)"
else
use nix
fi

2
.github/workflows/cachix.yml vendored
View File

@@ -14,7 +14,7 @@ jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v6 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@v31
with: with:
nix_path: nixpkgs=channel:nixos-unstable nix_path: nixpkgs=channel:nixos-unstable

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
.pre-commit-config.yaml .pre-commit-config.yaml
.vscode .vscode
git-crypt-key
result result

53
README.md
View File

@@ -1,39 +1,17 @@
# nix-config # nix-config
This repo stores nix configuration to manage my hosts running [NixOS](https://nixos.org/) and macOS. This repo stores nix to manage my machines running [NixOS](https://nixos.org/) and macOS.
The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment. The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment.
```console ## Setup
macchina
a8888b. Host - dave@hephaestus > on macOS: install the latest unstable nix from https://github.com/numtide/nix-unstable-installer (for nix flakes),
d888888b. Machine - Micro-Star International Co., Ltd MS-7C02 1.0 > and nix-darwin: https://github.com/LnL7/nix-darwin
8P"YP"Y88 Kernel - 6.12.61
8|o||o|88 Distro - NixOS 25.11 (Xantusia)
8' .88 DE - KDE
8`._.' Y8. Packages - 1 (cargo), 10998 (nix)
d/ `8b. Shell - fish
dP Y8b. Terminal - alacritty
d8: ::88b. Resolution - 2560x1440, 3840x2160
d8" 'Y88b Uptime - 26m
:8P :888 CPU - AMD Ryzen 7 5700X 8-Core Processor (16)
8a. _a88P CPU Load - 8%
._/"Yaa .| 88P| Memory - 10.7 GB / 32.8 GB
\ YP" `| `.
/ \.___.d| .'
`--..__) `._.'
```
## Prerequisites Recipes are stored in a justfile. [just](https://github.com/casey/just) is required.
- [NixOS](nixos.org) (Linux) To run a rebuild:
- [Determinate Nix](https://determinate.systems/nix-installer) (macOS)
- [just](https://github.com/casey/just)
## Build
To run a build/rebuild:
```sh ```sh
just rebuild just rebuild
@@ -65,21 +43,6 @@ To cleanup previous files, run nix garbage collection:
just clean just clean
``` ```
## Restoring from a live USB ## Pre-commit hooks
If the bootloader for some reason breaks (i.e. motherboard firmware upgrade), restore it from a live USB by running the following commands: Pre-commit hooks are automatically activated when [direnv](https://github.com/direnv/direnv) is installed.
```console
$ sudo cryptsetup luksOpen /dev/nvme0n1p2 crypted-nixos
Enter passphrase for /dev/nvme0n1p2: ********
$ sudo mount /dev/vg/root /mnt
$ sudo mount /dev/nvme0n1p1 /mnt/boot/efi
$ sudo nixos-enter --root /mnt
$ hostname <hostname>
```
Navigate to the nix-config directory and run:
```sh
just rebuild-boot
```

13
default.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nix-pre-commit-hooks = import (
builtins.fetchTarball "https://github.com/cachix/git-hooks.nix/tarball/master"
);
in
{
pre-commit-check = nix-pre-commit-hooks.run {
src = ./.;
hooks = {
shellcheck.enable = true;
};
};
}

785
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

74
flake.nix
View File

@@ -3,43 +3,33 @@
inputs = { inputs = {
determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*"; determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; fh.url = "https://flakehub.com/f/DeterminateSystems/fh/*";
nixpkgs-master.url = "github:NixOS/nixpkgs/master"; nixpkgs-unstable.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*";
darwin = { darwin = {
url = "github:lnl7/nix-darwin/nix-darwin-25.11"; url = "github:lnl7/nix-darwin/nix-darwin-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager.url = "github:nix-community/home-manager/release-25.11"; home-manager.url = "https://flakehub.com/f/nix-community/home-manager/*";
nixvim = { nixvim = {
url = "github:nix-community/nixvim/nixos-25.11"; url = "github:nix-community/nixvim/nixos-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
vpngate.url = "github:davegallant/vpngate"; # stylix.url = "https://flakehub.com/f/danth/stylix/*";
stylix.url = "github:danth/stylix/release-24.11";
}; };
outputs = outputs =
{ {
self,
darwin, darwin,
fh,
determinate, determinate,
home-manager, home-manager,
nixpkgs, nixpkgs,
nixpkgs-unstable, nixpkgs-unstable,
nixpkgs-master, stylix,
vpngate,
... ...
}@inputs: }@inputs:
let
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in
{ {
nixosConfigurations = nixosConfigurations =
let let
@@ -47,23 +37,22 @@
system = "x86_64-linux"; system = "x86_64-linux";
config.allowUnfree = true; config.allowUnfree = true;
}; };
master = import nixpkgs-master {
system = "x86_64-linux";
config.allowUnfree = true;
};
in in
{ {
hephaestus = nixpkgs.lib.nixosSystem { hephaestus = nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
inherit fh;
inherit unstable; inherit unstable;
inherit master;
inherit vpngate;
inherit inputs;
}; };
modules = [ modules = [
./hosts/hephaestus.nix ./fonts.nix
./common-packages.nix ./machines/hephaestus/configuration.nix
./packages.nix
./services/netdata/default.nix
./upgrade-diff.nix
determinate.nixosModules.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
stylix.nixosModules.stylix
( (
{ ... }: { ... }:
{ {
@@ -75,10 +64,9 @@
substituters = [ "https://davegallant.cachix.org" ]; substituters = [ "https://davegallant.cachix.org" ];
trusted-users = [ trusted-users = [
"root" "root"
"dave"
]; ];
trusted-public-keys = [ trusted-public-keys = [ "davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08=" ];
"davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08="
];
}; };
registry = { registry = {
nixpkgs.flake = nixpkgs; nixpkgs.flake = nixpkgs;
@@ -96,12 +84,11 @@
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users.dave.imports = [ users.dave.imports = [
./home.nix ./home/default.nix
inputs.nixvim.homeModules.nixvim inputs.nixvim.homeManagerModules.nixvim
]; ];
extraSpecialArgs = { extraSpecialArgs = {
inherit unstable; inherit unstable;
inherit master;
}; };
}; };
}; };
@@ -118,23 +105,21 @@
config.allowUnfree = true; config.allowUnfree = true;
inherit system; inherit system;
}; };
master = import nixpkgs-master {
config.allowUnfree = true;
inherit system;
};
in in
{ {
zelus = darwin.lib.darwinSystem { zelus = darwin.lib.darwinSystem {
inherit system; inherit system;
specialArgs = { specialArgs = {
inherit unstable; inherit unstable;
inherit master;
}; };
modules = [ modules = [
home-manager.darwinModules.home-manager home-manager.darwinModules.home-manager
./hosts/zelus.nix stylix.darwinModules.stylix
./common-packages.nix ./machines/zelus/configuration.nix
./packages.nix
./upgrade-diff.nix
( (
{ ... }: { ... }:
{ {
@@ -144,12 +129,11 @@
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
users."dave.gallant".imports = [ users."dave.gallant".imports = [
./home.nix ./home/default.nix
inputs.nixvim.homeModules.nixvim inputs.nixvim.homeManagerModules.nixvim
]; ];
extraSpecialArgs = { extraSpecialArgs = {
inherit unstable; inherit unstable;
inherit master;
}; };
}; };
}; };

24
fonts.nix Normal file
View File

@@ -0,0 +1,24 @@
{ pkgs, ... }:
{
fonts.packages = with pkgs; [
dejavu_fonts
fira-code
fira-code-symbols
fira-mono
font-awesome
google-fonts
liberation_ttf
nerdfonts
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
}

287
home.nix → home/default.nix
View File

@@ -8,10 +8,33 @@ let
inherit (pkgs) stdenv; inherit (pkgs) stdenv;
in in
{ {
home.stateVersion = "25.11"; home.stateVersion = "24.11";
home.packages = with pkgs; [ just ]; home.packages = with pkgs; [ just ];
stylix = {
enable = true;
base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
targets = {
alacritty.enable = true;
vscode.enable = false; # overrides synced settings
};
opacity.terminal = 1.0;
fonts.sizes = if stdenv.isLinux then { terminal = 20; } else { terminal = 16; };
fonts.monospace = {
name = "FiraCode Nerd Font Mono";
package = "${pkgs.fira-mono}";
};
fonts.sansSerif = {
name = "FiraCode Nerd Font";
package = "${pkgs.fira-code}";
};
};
services = { services = {
gpg-agent = { gpg-agent = {
enable = stdenv.isLinux; enable = stdenv.isLinux;
@@ -30,42 +53,53 @@ in
direnv.enable = true; direnv.enable = true;
diff-so-fancy = {
enable = true;
enableGitIntegration = true;
};
git = { git = {
enable = true; enable = true;
userName = "Dave Gallant";
lfs.enable = true; lfs.enable = true;
settings = { aliases = {
user.name = "Dave Gallant"; aa = "add -A .";
user.signingkey = "5A548984C7377E4D"; br = "branch";
commit.gpgsign = true; c = "commit -S";
tag.gpgsign = true; ca = "commit -S --amend";
alias = { cane = "commit -S --amend --no-edit";
aa = "add -A ."; cb = "checkout -b";
br = "branch"; co = "checkout";
c = "commit"; cmp = "! git checkout main && git pl";
cm = "commit -m"; d = "diff";
ca = "commit --amend"; dc = "diff --cached";
cane = "commit --amend --no-edit"; dcn = "diff --cached --name-only";
cb = "checkout -b"; ds = "! git diff origin | sed -r 's/value: (.*)/value: \"************\"/'";
co = "checkout"; l = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
cmp = "! git checkout main && git pl"; ms = "merge --squash";
d = "diff"; p = "push origin";
dc = "diff --cached"; pf = "push -f";
dcn = "diff --cached --name-only"; pl = "! git pull origin $(git rev-parse --abbrev-ref HEAD)";
l = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"; st = "status";
ms = "merge --squash"; wip = "for-each-ref --sort='authordate:iso8601' --format=' %(color:green)%(authordate:relative)%09%(color:white)%(refname:short)' refs/heads";
p = "push origin"; };
pf = "push -f";
pl = "! git pull origin $(git rev-parse --abbrev-ref HEAD)"; includes = [ { path = "~/.gitconfig-work"; } ];
st = "status";
wip = "for-each-ref --sort='authordate:iso8601' --format=' %(color:green)%(authordate:relative)%09%(color:white)%(refname:short)' refs/heads"; delta = {
enable = true;
options = {
features = "line-numbers decorations";
whitespace-error-style = "22 reverse";
plus-style = "green bold ul '#198214'";
decorations = {
commit-decoration-style = "bold yellow box ul";
file-style = "bold yellow ul";
file-decoration-style = "none";
};
}; };
};
extraConfig = {
push = { push = {
default = "current"; default = "current";
}; };
@@ -73,35 +107,15 @@ in
rebase = true; rebase = true;
}; };
}; };
includes = [ { path = "~/.gitconfig-work"; } ];
};
alacritty = {
enable = stdenv.isLinux;
settings = {
window.padding.x = 10;
window.padding.y = 10;
scrolling.history = 100000;
general.live_config_reload = true;
terminal.shell = {
program = "fish";
};
font = {
size = lib.mkForce 14.0;
};
window = {
opacity = lib.mkForce 0.9;
};
};
}; };
starship = { starship = {
enable = true; enable = true;
enableFishIntegration = true; enableZshIntegration = true;
settings = { settings = {
add_newline = false; add_newline = false;
scan_timeout = 10;
gcloud = { gcloud = {
format = ""; format = "";
}; };
@@ -111,45 +125,63 @@ in
}; };
}; };
fish = { zsh = {
enable = true; enable = true;
autosuggestion.enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
history.size = 1000000;
interactiveShellInit = '' localVariables = {
set fish_greeting CASE_SENSITIVE = "true";
DISABLE_UNTRACKED_FILES_DIRTY = "true";
RPROMPT = ""; # override because macOS defaults to filepath
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#838383,underline";
ZSH_DISABLE_COMPFIX = "true";
};
bind \cw backward-kill-word envExtra = ''
export PAGER=less
export EDITOR=vim
export DOCKER_CLI_HINTS=false
export TERM=xterm-256color
set -x DOCKER_CLI_HINTS false export PATH=$PATH:~/.cargo/bin
set -x DOCKER_DEFAULT_PLATFORM linux/amd64 export PATH=$PATH:~/.local/bin
set -x EDITOR vim export PATH=$PATH:~/.npm-packages/bin
set -x NNN_FIFO "$XDG_RUNTIME_DIR/nnn.fifo" export PATH=$PATH:/opt/homebrew/bin
set -x PAGER less export PATH=$PATH:~/.krew/bin
set -x TERM xterm-256color export PATH=$PATH:~/bin
export GOPATH=~/go
export GOBIN=$GOPATH/bin
export PATH=$PATH:$GOBIN
'';
set -x PATH $PATH \ initExtra = ''
~/.cargo/bin \ setopt noincappendhistory
~/.local/bin \
~/.npm-packages/bin \
/opt/homebrew/bin \
~/.krew/bin \
~/bin
# golang source $HOME/.zsh-work
set -x GOPATH ~/go
set -x GOBIN $GOPATH/bin
set -x PATH $PATH $GOBIN
source $HOME/work.fish if [[ "$OSTYPE" == "darwin"* ]];
# ''; then
export PATH="$(brew --prefix)/opt/gnu-tar/libexec/gnubin:$PATH"
alias xdg-open=open
fi
shellInit = '' source <(helm completion zsh)
atuin init fish | source source <(kubectl completion zsh)
helm completion fish | source eval "$(atuin init zsh)"
kubectl completion fish | source
# kubecolor
source <(kubectl completion zsh)
alias kubectl=kubecolor
# make completion work with kubecolor
compdef kubecolor=kubectl
''; '';
shellAliases = { shellAliases = {
".." = "cd .."; ".." = "cd ..";
c = "code";
g = "git"; g = "git";
gc = "git checkout $(git branch | fzf)"; gc = "git checkout $(git branch | fzf)";
gco = "git checkout $(git branch -r | sed -e 's/^ origin\\///' | fzf)"; gco = "git checkout $(git branch -r | sed -e 's/^ origin\\///' | fzf)";
@@ -158,18 +190,22 @@ in
grep = "rg --smart-case"; grep = "rg --smart-case";
j = "just"; j = "just";
k = "kubecolor"; k = "kubecolor";
kubectl = "kubecolor";
kp = "viddy 'kubectl get pods'"; kp = "viddy 'kubectl get pods'";
kcx = "kubectx"; kcx = "kubectx";
kns = "kubens"; kns = "kubens";
l = "eza -la --git --group-directories-first"; l = "eza -la --git --group-directories-first";
m = "make"; m = "make";
nix-install = "nix-env -iA"; nix-install = "nix-env -iA";
ps = "procs";
t = "cd-fzf"; t = "cd-fzf";
tf = "terraform"; tf = "terraform";
tree = "eza --tree"; tree = "eza --tree";
v = "nvim"; v = "nvim";
}; };
"oh-my-zsh" = {
enable = true;
};
}; };
go = { go = {
@@ -180,32 +216,6 @@ in
enable = true; enable = true;
}; };
nnn = {
enable = stdenv.isLinux;
package = pkgs.nnn.override ({ withNerdIcons = true; });
bookmarks = {
d = "~/Downloads";
p = "~/src/";
c = "~/.config";
h = "~";
};
extraPackages = with pkgs; [
bat
eza
fzf
imv
mediainfo
ffmpegthumbnailer
];
plugins = {
src = "${pkgs.nnn.src}/plugins";
mappings = {
p = "preview-tui";
o = "fzopen";
};
};
};
nixvim = { nixvim = {
enable = true; enable = true;
viAlias = true; viAlias = true;
@@ -268,6 +278,7 @@ in
lualine.enable = true; lualine.enable = true;
lsp.enable = true; lsp.enable = true;
lsp.servers = { lsp.servers = {
ansiblels.enable = true;
bashls.enable = true; bashls.enable = true;
dockerls.enable = true; dockerls.enable = true;
gopls.enable = true; gopls.enable = true;
@@ -287,6 +298,10 @@ in
}; };
cmp.enable = true; cmp.enable = true;
nvim-tree.enable = true; nvim-tree.enable = true;
packer = {
enable = true;
plugins = [ ];
};
rainbow-delimiters.enable = true; rainbow-delimiters.enable = true;
treesitter.enable = true; treesitter.enable = true;
telescope = { telescope = {
@@ -384,51 +399,27 @@ in
''; '';
}; };
zed-editor = { vscode = {
enable = stdenv.isLinux; enable = true;
package = unstable.zed-editor; package = pkgs.vscode;
extensions = [ extensions =
"ansible" with pkgs.vscode-extensions;
"color-highlight" [
"dockerfile" bbenoist.nix
"html" github.vscode-pull-request-github
"make" golang.go
"material-icon-theme" hashicorp.terraform
"nix" ms-dotnettools.csharp
"toml" ms-kubernetes-tools.vscode-kubernetes-tools
"vue" redhat.vscode-yaml
]; ]
userSettings = { ++ lib.optionals stdenv.isLinux [ ms-python.python ];
icon_theme = "Material Icon Theme";
features = {
edit_prediction_provider = "copilot";
};
vim_mode = true;
vim = {
use_system_clipboard = "on_yank";
};
autosave = "on_focus_change";
format_on_save = "off";
ui_font_size = lib.mkForce 18;
buffer_font_size = lib.mkForce 16;
};
userKeymaps = [
{
context = "Editor && !menu";
bindings = {
"ctrl-shift-c" = "editor::Copy";
"ctrl-shift-x" = "editor::Cut";
"ctrl-shift-v" = "editor::Paste";
"ctrl-z" = "editor::Undo";
};
}
];
}; };
firefox = { firefox = {
enable = stdenv.isLinux; enable = stdenv.isLinux;
package = pkgs.librewolf; package = unstable.librewolf;
profiles = { profiles = {
default = { default = {

130
hosts/zelus.nix
View File

@@ -1,130 +0,0 @@
{ pkgs, ... }:
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
networking = {
hostName = "zelus";
};
nix.enable = false;
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
users.users."dave.gallant".shell = pkgs.fish;
programs.fish.enable = true;
system.primaryUser = "dave.gallant";
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
tilesize = 50;
orientation = "bottom";
persistent-apps = [
"/Applications/iTerm.app"
"/Applications/Google Chrome.app"
"/Applications/LibreWolf.app"
"/Applications/Obsidian.app"
"/Applications/Slack.app"
"/Applications/zoom.us.app"
];
};
NSGlobalDomain.AppleShowAllExtensions = true;
NSGlobalDomain.AppleShowScrollBars = "Always";
NSGlobalDomain.NSUseAnimatedFocusRing = false;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode = true;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode2 = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint2 = true;
NSGlobalDomain.NSDocumentSaveNewDocumentsToCloud = false;
NSGlobalDomain.ApplePressAndHoldEnabled = false;
NSGlobalDomain.InitialKeyRepeat = 25;
NSGlobalDomain.KeyRepeat = 2;
NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
NSGlobalDomain.NSWindowShouldDragOnGesture = true;
NSGlobalDomain.NSAutomaticSpellingCorrectionEnabled = false;
LaunchServices.LSQuarantine = false; # disables "Are you sure?" for new apps
loginwindow.GuestEnabled = false;
finder.FXPreferredViewStyle = "Nlsv";
};
security.pam.services.sudo_local.touchIdAuth = true;
homebrew = {
enable = true;
onActivation = {
cleanup = "zap";
autoUpdate = true;
upgrade = true;
};
global = {
brewfile = true;
};
brews = [
"argocd"
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"k6"
"node"
"oras"
"vault"
];
casks = [
"claude-code"
"discord"
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"freelens"
"iterm2"
"karabiner-elements"
"knockknock"
"librewolf"
"lulu"
"notunes"
"obsidian"
"raycast"
"rectangle"
"signal"
"slack"
"spotify"
"stats"
"steam"
"taskexplorer"
"tailscale-app"
"vlc"
"whisky"
"zed"
];
taps = [
"hashicorp/tap"
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
}

13
justfile
View File

@@ -5,26 +5,23 @@ alias r := rebuild
arch := `uname -s` arch := `uname -s`
cmd := if arch == "Linux" { "nixos-rebuild --sudo" } else { "sudo darwin-rebuild" } cmd := if arch == "Linux" { "nixos-rebuild --use-remote-sudo" } else { "darwin-rebuild" }
rebuild: rebuild:
$cmd switch --flake . sudo $cmd switch --flake . -I nixos-config="machines/$(hostname)/configuration.nix"
rebuild-boot:
$cmd boot --flake . --install-bootloader
rollback: rollback:
sudo $cmd switch --rollback --flake . $cmd switch --rollback --flake .
channel-update: channel-update:
nix-channel --update nix-channel --update
sudo nix-channel --update sudo nix-channel --update
update: update:
@./update-flake.sh @./nix-flake-update.sh
fmt: fmt:
nixfmt *.nix nixfmt .
clean: clean:
echo 'Cleaning user...' echo 'Cleaning user...'

220
hosts/hephaestus.nix → machines/hephaestus/configuration.nix
View File

@@ -1,33 +1,35 @@
{ {
config, config,
fh,
lib, lib,
inputs,
master,
modulesPath, modulesPath,
pkgs, pkgs,
unstable, unstable,
vpngate,
... ...
}: }:
let
gnomeExtensions = with pkgs.gnomeExtensions; [
caffeine
];
in
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
security.sudo-rs = { stylix = {
enable = true; enable = true;
execWheelOnly = true; base16Scheme = "${pkgs.base16-schemes}/share/themes/tokyo-night-dark.yaml";
wheelNeedsPassword = true; image = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/davegallant/nix-config/refs/heads/main/nixos-wallpaper.png";
sha256 = "Ztqn9+CHslr6wZdnOTeo/YNi/ICerpcFLyMArsZ/PIY=";
};
polarity = "dark";
fonts.sizes.desktop = 24;
}; };
boot = { boot = {
kernelModules = [ kernelModules = [ "kvm-amd" ];
"kvm-amd" kernelPackages = pkgs.linuxPackages_latest;
];
kernelPackages = pkgs.linuxPackages;
kernelParams = [
"amd_iommu=on"
];
loader = { loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
@@ -55,7 +57,7 @@
]; ];
luks.devices."root" = { luks.devices."root" = {
allowDiscards = true; allowDiscards = true;
device = "/dev/disk/by-uuid/89a14ac5-7723-4a0a-bb95-fb2fb2e92160"; device = "/dev/disk/by-uuid/21cd166c-1528-49a4-b31b-0d408d48aa80";
preLVM = true; preLVM = true;
keyFile = "./keyfile0.bin"; keyFile = "./keyfile0.bin";
}; };
@@ -68,71 +70,59 @@
environment.systemPackages = environment.systemPackages =
with pkgs; with pkgs;
[ [
albert
android-studio
android-tools
bleachbit bleachbit
calibre calibre
clamtk chromium
cryptsetup cryptsetup
dbeaver-bin
discord discord
docker-compose
fh.packages.x86_64-linux.default
freefilesync freefilesync
gimp-with-plugins gimp-with-plugins
google-chrome gnome-tweaks
hardinfo2
httpie-desktop httpie-desktop
heroic
iputils iputils
kdePackages.bluedevil
kdePackages.kcalc
kdePackages.kcharselect
kdePackages.kclock
kdePackages.kcolorchooser
kdePackages.ksystemlog
kdePackages.partitionmanager
kdePackages.sddm-kcm
libation libation
lutris mission-center
mupen64plus netdata
nfs-utils nfs-utils
onlyoffice-desktopeditors onlyoffice-desktopeditors
opensnitch-ui opensnitch-ui
pciutils pavucontrol
pika-backup pika-backup
pinentry-curses pinentry-curses
pinta protonvpn-gui
protonup-qt
qbittorrent
qemu qemu
ryujinx
traceroute traceroute
unrar unityhub
unstable.beszel unstable.ghostty
unstable.ktailctl
unstable.mcpelauncher-ui-qt
unstable.obsidian unstable.obsidian
unstable.podman unstable.signal-desktop
unstable.podman-compose
unstable.podman-desktop
unstable.ryubing
unstable.signal-desktop-bin
unstable.tailscale unstable.tailscale
unstable.zoom-us unstable.zoom-us
usbutils usbutils
virt-manager virt-manager
vlc vlc
vpngate.packages.x86_64-linux.default
wayland-utils
whois whois
wine wine
wl-clipboard ]
]; ++ gnomeExtensions;
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/7f4f0948-041c-47e9-ab28-53132026f158"; device = "/dev/disk/by-uuid/a6723178-6f18-428e-b541-9ac901861125";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-uuid/e3ab2e1a-bddf-4ae0-b00a-bf954c6c182b";
fsType = "ext4"; fsType = "ext4";
}; };
"/boot/efi" = { "/boot/efi" = {
device = "/dev/disk/by-uuid/F1BD-5227"; device = "/dev/disk/by-uuid/3CFD-D749";
fsType = "vfat"; fsType = "vfat";
}; };
"/mnt/synology-2b/media" = { "/mnt/synology-2b/media" = {
@@ -140,34 +130,11 @@
fsType = "nfs"; fsType = "nfs";
}; };
"/mnt/truenas/home/backups" = { "/mnt/truenas/home/backups" = {
device = "192.168.1.132:/mnt/wd4t/data/home/backup/"; device = "192.168.1.32:/mnt/wd4t/data/home/backup/";
fsType = "nfs"; fsType = "nfs";
}; };
}; };
fonts.packages = with pkgs; [
dejavu_fonts
fira-mono
font-awesome
liberation_ttf
nerd-fonts.droid-sans-mono
nerd-fonts.fira-code
nerd-fonts.symbols-only
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
noto-fonts
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
nixpkgs = { nixpkgs = {
hostPlatform = "x86_64-linux"; hostPlatform = "x86_64-linux";
config = { config = {
@@ -194,70 +161,28 @@
}; };
}; };
users.users.beszel = {
isSystemUser = true;
group = "beszel";
description = "Beszel Agent service user";
};
users.groups.beszel = { };
systemd.services = { systemd.services = {
NetworkManager-wait-online.enable = false; NetworkManager-wait-online.enable = false;
beszel-agent = {
description = "Beszel Agent Service";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Environment = [
"PORT=45876"
''KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaNtnkc+3+fJU+bTO6fibID9FHgFjei0sjJNqvcYtG8"''
];
ExecStart = "${lib.getBin unstable.beszel}/bin/beszel-agent";
User = "beszel";
Restart = "always";
RestartSec = 5;
};
};
};
services = {
mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
}; };
system = { system = {
autoUpgrade.enable = true; autoUpgrade.enable = true;
stateVersion = "25.11"; stateVersion = "24.11";
activationScripts = {
diff = {
supportsDryActivation = true;
text = ''
if [[ -e /run/current-system ]]; then
echo -e "\e[36mPackage version diffs:\e[0m"
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
fi
'';
};
};
}; };
nix = { nix = {
extraOptions = "experimental-features = nix-command flakes"; extraOptions = "experimental-features = nix-command flakes";
settings.trusted-users = [ "root" "@wheel" ];
}; };
users.users.dave = { users.users.dave = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
"docker"
"wheel" "wheel"
"libvirtd" "libvirtd"
"corectrl"
]; ];
shell = pkgs.fish; shell = pkgs.zsh;
}; };
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@@ -270,8 +195,6 @@
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
hardware.bluetooth.enable = true;
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
@@ -279,20 +202,17 @@
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
documentation.man.generateCaches = false;
programs = { programs = {
fish.enable = true;
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
}; };
kdeconnect.enable = true;
nix-ld.enable = true; nix-ld.enable = true;
steam = { steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
}; };
zsh.enable = true;
}; };
services.avahi = { services.avahi = {
@@ -308,11 +228,9 @@
}; };
}; };
services = { services.flatpak.enable = true;
desktopManager.plasma6.enable = true;
displayManager.sddm.enable = true; services.gnome.gnome-keyring.enable = true;
displayManager.sddm.wayland.enable = true;
};
services.printing.enable = true; services.printing.enable = true;
@@ -325,8 +243,43 @@
package = unstable.tailscale; package = unstable.tailscale;
}; };
services.clamav.daemon.enable = true; services.xserver = {
services.clamav.updater.enable = true; enable = true;
displayManager = {
gdm = {
enable = true;
wayland = true;
};
};
desktopManager.gnome.enable = true;
videoDrivers = [ "amdgpu" ];
};
services.ollama = {
package = unstable.ollama;
enable = true;
acceleration = "rocm";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.2";
};
loadModels = [
"deepseek-r1:8b"
"dolphin3:8b"
];
};
services.open-webui = {
enable = true;
package = unstable.open-webui;
host = "0.0.0.0";
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434/api";
OLLAMA_BASE_URL = "http://127.0.0.1:11434";
};
};
services.opensnitch = { services.opensnitch = {
enable = true; enable = true;
@@ -473,6 +426,7 @@
}; };
virtualisation = { virtualisation = {
docker.enable = true;
podman.enable = true; podman.enable = true;
libvirtd = { libvirtd = {
enable = true; enable = true;

119
machines/zelus/configuration.nix Normal file
View File

@@ -0,0 +1,119 @@
{ pkgs, ... }:
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
networking = {
hostName = "zelus";
};
services.nix-daemon.enable = true;
nix.extraOptions = "experimental-features = nix-command flakes";
nix.package = pkgs.nixVersions.stable;
programs.zsh = {
enable = true;
# https://github.com/nix-community/home-manager/issues/108#issuecomment-340397178
enableCompletion = false;
};
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
environment = {
variables = {
LANG = "en_US.UTF-8";
};
};
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 1.0;
tilesize = 50;
static-only = false;
showhidden = false;
show-recents = false;
show-process-indicators = true;
orientation = "bottom";
mru-spaces = false;
};
NSGlobalDomain = {
"com.apple.sound.beep.feedback" = 0;
"com.apple.sound.beep.volume" = 0.0;
ApplePressAndHoldEnabled = false;
InitialKeyRepeat = 10;
KeyRepeat = 2;
AppleShowAllExtensions = true;
AppleShowScrollBars = "Automatic";
};
};
homebrew = {
enable = true;
onActivation.autoUpdate = false;
onActivation.upgrade = false;
global = {
brewfile = true;
};
brews = [
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"netdata"
"node"
"podman"
"podman-compose"
];
casks = [
"karabiner-elements"
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"iterm2"
"knockknock"
"librewolf"
"logseq"
"lulu"
"mitmproxy"
"notunes"
"postman"
"raycast"
"rectangle"
"stats"
"taskexplorer"
];
taps = [
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
stylix = {
# enable = true;
image = "/Library/tokyo-night.jpg";
};
}

4
update-flake.sh → nix-flake-update.sh
View File

@@ -2,10 +2,6 @@
set -euo pipefail set -euo pipefail
if ! git diff-index --quiet HEAD --; then
git stash push -m "Auto-stash via update-flash.sh on $(date)"
fi
git pull git pull
update_msg=$(nix flake update 2>&1 | grep -v 'warning:') update_msg=$(nix flake update 2>&1 | grep -v 'warning:')
just rebuild just rebuild

BIN
nixos-wallpaper.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 297 KiB

1
overlays/default.nix
View File

@@ -1,3 +1,4 @@
final: prev: { final: prev: {
cd-fzf = prev.callPackage ./cd-fzf { }; cd-fzf = prev.callPackage ./cd-fzf { };
vpngate = prev.callPackage ./vpngate { };
} }

28
overlays/vpngate/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{
lib,
fetchFromGitHub,
buildGoModule,
}:
buildGoModule rec {
pname = "vpngate";
version = "v0.3.0";
vendorHash = "sha256-4JeVXLoiXdZoQM76cHOt5i31ZZGTId0rt8RkMH62/EM=";
src = fetchFromGitHub {
owner = "davegallant";
repo = "vpngate";
rev = version;
sha256 = "sha256-P3eQvdUfjpq4a0Q2Hxby4zZ2uTSPjG1oXHxt8cW6fTQ=";
};
doCheck = false;
meta = with lib; {
homepage = "https://www.vpngate.net";
description = "a client for vpngate.net";
license = licenses.gpl3;
maintainers = with maintainers; [ davegallant ];
platforms = platforms.linux ++ platforms.darwin;
};
}

46
common-packages.nix → packages.nix
View File

@@ -1,8 +1,13 @@
{ {
config,
lib,
pkgs, pkgs,
unstable, unstable,
... ...
}: }:
let
inherit (pkgs) stdenv;
in
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# essentials # essentials
@@ -16,33 +21,37 @@
zip zip
# modern cli # modern cli
atuin
bat bat
cd-fzf cd-fzf
doggo doggo
eza eza
fd fd
github-cli
hadolint hadolint
lazygit nodePackages.eslint
macchina oha
ncdu pre-commit
progress progress
ripgrep ripgrep
shellcheck shellcheck
shfmt shfmt
tldr
atuin
github-cli
viddy viddy
yq-go yq-go
# containers # containers
unstable.argocd krew
unstable.k9s kubecolor
unstable.krew kubectl
unstable.kubecolor kubectx
unstable.kubectl minikube
unstable.kubectx stern
unstable.kubernetes-helm dive
unstable.stern helm-docs
k9s
kubernetes-helm
# cloud # cloud
awscli2 awscli2
@@ -51,12 +60,12 @@
# lsp # lsp
nodePackages.bash-language-server nodePackages.bash-language-server
nodePackages.eslint
nodePackages.yaml-language-server nodePackages.yaml-language-server
terraform-ls terraform-ls
# monitoring # monitoring
btop htop
procs
# golang # golang
gofumpt gofumpt
@@ -79,14 +88,19 @@
openssl openssl
openvpn openvpn
tcpdump tcpdump
vpngate
# rice
fastfetch
# nix # nix
nix-tree nix-tree
nixfmt-rfc-style nixfmt-rfc-style
nixpkgs-review nixpkgs-review
nvd
# python # python
poetry
python313
virtualenv virtualenv
# media # media

43
services/netdata/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{ config, pkgs, ... }:
let
netdata = pkgs.netdata;
netdataConf = ./netdata.conf;
netdataDir = "/var/lib/netdata";
in
{
users.extraGroups.netdata.gid = 220008;
users.users.netdata.group = "netdata";
users.extraUsers.netdata = {
description = "Netdata server user";
isSystemUser = true;
name = "netdata";
uid = 200008;
};
systemd.services.netdata = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
preStart = ''
mkdir -p ${netdataDir}/config
mkdir -p ${netdataDir}/logs
cp -r ${netdata}/share/netdata/web ${netdataDir}/web
chmod -R 700 ${netdataDir}
chown -R netdata:netdata ${netdataDir}
'';
serviceConfig = {
Type = "forking";
ExecStart = "${netdata}/bin/netdata -c ${netdataConf} -u netdata";
Restart = "on-failure";
};
};
services.nginx.httpConfig = ''
server {
server_name netdata.thume.net;
location / {
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:19999;
}
}
'';
}

21
services/netdata/netdata.conf Normal file
View File

@@ -0,0 +1,21 @@
[global]
run as user = netdata
config directory = /var/lib/netdata/config
web files directory = /var/lib/netdata/web
cache directory = /var/lib/netdata
log directory = /var/lib/netdata/logs
# the default database size - 1 hour
history = 3600
# some defaults to run netdata with least priority
process scheduling policy = idle
OOM score = 1000
[web]
# web files owner = root
web files group = netdata
# by default do not expose the netdata port
bind to = localhost

13
shell.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-24.11";
pkgs = import nixpkgs {
config = { };
overlays = [ ];
};
in
pkgs.mkShell {
shellHook = ''
${(import ./default.nix).pre-commit-check.shellHook}
'';
}

9
upgrade-diff.nix Normal file
View File

@@ -0,0 +1,9 @@
{ pkgs, ... }:
{
system.activationScripts.diff = {
supportsDryActivation = true;
text = ''
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
'';
};
}