dave/nix-config
1
0
Fork 0
mirror of https://github.com/davegallant/nix-config synced 2026-01-12 05:44:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: dave:main
Branches Tags
dave:main
..
compare: dave:f84fd5f8b6500fb8cb182e5cb18898b610a9e2dc
Branches Tags
dave:main

1 Commits
main ... f84fd5f8b6

Author SHA1 Message Date
Dave Gallant
f84fd5f8b6 Add missing vi and vim aliases 2024-02-19 22:09:33 -05:00
39 changed files with 1684 additions and 1793 deletions
Expand all files Collapse all files

3
.envrc Normal file
View File

@@ -0,0 +1,3 @@
if has nix-shell; then
use_nix
fi

6
.github/workflows/cachix.yml vendored
View File

@@ -14,11 +14,11 @@ jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: cachix/install-nix-action@v31
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v25
with:
nix_path: nixpkgs=channel:nixos-unstable
- uses: cachix/cachix-action@v16
- uses: cachix/cachix-action@v14
with:
name: davegallant
authToken: '${{ secrets.CACHIX_API_KEY }}'

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
.pre-commit-config.yaml
.vscode
git-crypt-key
result

31
Makefile Normal file
View File

@@ -0,0 +1,31 @@
SHELL := bash
.SHELLFLAGS := -eu -o pipefail -c
.DELETE_ON_ERROR:
MAKEFLAGS += --warn-undefined-variables
MAKEFLAGS += --no-builtin-rules
HOSTNAME ?= $(shell hostname)
UNAME_S := $(shell uname -s)
ifeq ($(UNAME_S),Linux)
SWITCH_CMD := nixos-rebuild --use-remote-sudo -I nixos-config="modules/machines/$(HOSTNAME)/configuration.nix" switch --flake '.\#'
endif
ifeq ($(UNAME_S),Darwin)
SWITCH_CMD := exec darwin-rebuild switch --flake .
endif
switch:
$(SWITCH_CMD)
rollback:
nixos-rebuild --use-remote-sudo switch --rollback -I nixos-config="modules/machines/$(HOSTNAME)/configuration.nix"
update:
nix flake update
make
git add .
git commit -S -m "nix flake update: $$(TZ=UTC date '+%Y-%m-%d %H:%M:%S %Z')"
git push
fmt:
alejandra .

67
README.md
View File

@@ -1,42 +1,18 @@
# nix-config
This repo stores nix configuration to manage my hosts running [NixOS](https://nixos.org/) and macOS.
This repo stores nix to manage my machines running [NixOS](https://nixos.org/) and macOS.
The configuration is very specific to my own machines and setup, but it may be a useful reference for anyone else learning or experimenting with nix, whether it be on a personal workstation or a server environment.
```console
macchina
## Setup
a8888b. Host - dave@hephaestus
d888888b. Machine - Micro-Star International Co., Ltd MS-7C02 1.0
8P"YP"Y88 Kernel - 6.12.61
8|o||o|88 Distro - NixOS 25.11 (Xantusia)
8' .88 DE - KDE
8`._.' Y8. Packages - 1 (cargo), 10998 (nix)
d/ `8b. Shell - fish
dP Y8b. Terminal - alacritty
d8: ::88b. Resolution - 2560x1440, 3840x2160
d8" 'Y88b Uptime - 26m
:8P :888 CPU - AMD Ryzen 7 5700X 8-Core Processor (16)
8a. _a88P CPU Load - 8%
._/"Yaa .| 88P| Memory - 10.7 GB / 32.8 GB
\ YP" `| `.
/ \.___.d| .'
`--..__) `._.'
```
> on macOS: install the latest unstable nix from https://github.com/numtide/nix-unstable-installer (for nix flakes),
> and nix-darwin: https://github.com/LnL7/nix-darwin
## Prerequisites
- [NixOS](nixos.org) (Linux)
- [Determinate Nix](https://determinate.systems/nix-installer) (macOS)
- [just](https://github.com/casey/just)
## Build
To run a build/rebuild:
To run a rebuild:
```sh
just rebuild
make
```
## Update
@@ -44,7 +20,7 @@ just rebuild
To update nixpkgs defined in [flake.nix](./flake.nix), run:
```sh
just update
make update
```
If there are updates, they should be reflected in [flake.lock](./flake.lock).
@@ -54,32 +30,9 @@ If there are updates, they should be reflected in [flake.lock](./flake.lock).
To rollback to the previous generation:
```sh
just rollback
make rollback
```
## Garbage collection
## Pre-commit hooks
To cleanup previous files, run nix garbage collection:
```sh
just clean
```
## Restoring from a live USB
If the bootloader for some reason breaks (i.e. motherboard firmware upgrade), restore it from a live USB by running the following commands:
```console
$ sudo cryptsetup luksOpen /dev/nvme0n1p2 crypted-nixos
Enter passphrase for /dev/nvme0n1p2: ********
$ sudo mount /dev/vg/root /mnt
$ sudo mount /dev/nvme0n1p1 /mnt/boot/efi
$ sudo nixos-enter --root /mnt
$ hostname <hostname>
```
Navigate to the nix-config directory and run:
```sh
just rebuild-boot
```
Pre-commit hooks are automatically activated when [direnv](https://github.com/direnv/direnv) is installed.

95
common-packages.nix
View File

@@ -1,95 +0,0 @@
{
pkgs,
unstable,
...
}:
{
environment.systemPackages = with pkgs; [
# essentials
curl
gnumake
gnupg
jq
unzip
xclip
xdg-utils
zip
# modern cli
atuin
bat
cd-fzf
doggo
eza
fd
github-cli
hadolint
lazygit
macchina
ncdu
progress
ripgrep
shellcheck
shfmt
viddy
yq-go
# containers
unstable.argocd
unstable.k9s
unstable.krew
unstable.kubecolor
unstable.kubectl
unstable.kubectx
unstable.kubernetes-helm
unstable.stern
# cloud
awscli2
google-cloud-sdk
terraform
# lsp
nodePackages.bash-language-server
nodePackages.eslint
nodePackages.yaml-language-server
terraform-ls
# monitoring
btop
# golang
gofumpt
golangci-lint
gopls
# rust
rustup
# js
nodejs
nodePackages.prettier
nodePackages.yarn
# networking
arp-scan
dnsutils
iperf
nmap
openssl
openvpn
tcpdump
# nix
nix-tree
nixfmt-rfc-style
nixpkgs-review
nvd
# python
virtualenv
# media
yt-dlp
];
}

13
default.nix Normal file
View File

@@ -0,0 +1,13 @@
let
nix-pre-commit-hooks =
import (builtins.fetchTarball
"https://github.com/cachix/pre-commit-hooks.nix/tarball/master");
in {
pre-commit-check = nix-pre-commit-hooks.run {
src = ./.;
hooks = {
shellcheck.enable = true;
alejandra.enable = true;
};
};
}

497
flake.lock generated
View File

@@ -1,5 +1,28 @@
{
"nodes": {
"beautysh": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"poetry2nix": "poetry2nix",
"utils": "utils"
},
"locked": {
"lastModified": 1680308980,
"narHash": "sha256-aUEHV0jk2qIFP3jlsWYWhBbm+w/N9gzH3e4I5DcdB5s=",
"owner": "lovesegfault",
"repo": "beautysh",
"rev": "9845efc3ea3e86cc0d41465d720a47f521b2799c",
"type": "github"
},
"original": {
"owner": "lovesegfault",
"repo": "beautysh",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@@ -7,85 +30,27 @@
]
},
"locked": {
"lastModified": 1767634391,
"narHash": "sha256-owcSz2ICqTSvhBbhPP+1eWzi88e54rRZtfCNE5E/wwg=",
"lastModified": 1708231718,
"narHash": "sha256-IZdieFWvhBkxoOFMDejqLUYqD94WN6k0YSpw0DFy+4g=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "08585aacc3d6d6c280a02da195fdbd4b9cf083c2",
"rev": "0e6857fa1d632637488666c08e7b02c08e3178f8",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "nix-darwin-25.11",
"repo": "nix-darwin",
"type": "github"
}
},
"determinate": {
"inputs": {
"determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin",
"determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux",
"determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux",
"nix": "nix",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1766549083,
"narHash": "sha256-G1Hljg7vIBt8n9cxO382YAZWtZU/mYfQcg3icdNG8RQ=",
"rev": "ba8999fac986e70f52b4cba15047be7bbb7b6346",
"revCount": 318,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.1/019b4e8a-dc22-75db-aef5-a447efbb1a13/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/determinate/%2A"
}
},
"determinate-nixd-aarch64-darwin": {
"flake": false,
"locked": {
"narHash": "sha256-uWDS94cAYprGj+AwuT42nuuDDicRLj1S0JwalZGeBRU=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS"
}
},
"determinate-nixd-aarch64-linux": {
"flake": false,
"locked": {
"narHash": "sha256-uHBcZCh2/Bj5/88TDihupA336tSQDk7s5lVP66IDAX0=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux"
}
},
"determinate-nixd-x86_64-linux": {
"flake": false,
"locked": {
"narHash": "sha256-y+l05H6GNv/1WcrMztDYem8VBWqjc9gNg4WjeQ1PQxo=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@@ -94,58 +59,16 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"determinate",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748821116,
"narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
"rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
"revCount": 377,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765835352,
"narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "a34fae9c08a15ad73f295041fec82323541400a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@@ -156,14 +79,14 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
@@ -172,231 +95,120 @@
"type": "github"
}
},
"git-hooks-nix": {
"gitignore": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": [
"determinate",
"nix"
],
"nixpkgs": [
"determinate",
"nix",
"nixvim",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747372754,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
"revCount": 1026,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz"
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941"
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1767910483,
"narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"ixx": {
"inputs": {
"flake-utils": [
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": {
"lastModified": 1754860581,
"narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
"owner": "NuschtOS",
"repo": "ixx",
"rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
"lastModified": 1706981411,
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"ref": "v0.1.1",
"repo": "ixx",
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"nix": {
"nix-ld": {
"inputs": {
"flake-parts": "flake-parts",
"git-hooks-nix": "git-hooks-nix",
"nixpkgs": "nixpkgs",
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-regression": "nixpkgs-regression"
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1766546676,
"narHash": "sha256-GsC52VFF9Gi2pgP/haQyPdQoF5Qe2myk1tsPcuJZI28=",
"rev": "51dacdd248e8071cd0243a8245c8c42ac1f33307",
"revCount": 24299,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.1/019b4e84-d036-75db-b6c6-6bc2e2035c53/source.tar.gz"
"lastModified": 1701153607,
"narHash": "sha256-h+odOVyiGmEERMECoFOj5P7FPiMR8IPRzroFA4sKivg=",
"owner": "Mic92",
"repo": "nix-ld",
"rev": "bf5aa84a713c31d95b4307e442e966d6c7fd7ae7",
"type": "github"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A"
"owner": "Mic92",
"repo": "nix-ld",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1708091350,
"narHash": "sha256-o28BJYi68qqvHipT7V2jkWxDiMS1LF9nxUsou+eFUPQ=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "106d3fec43bcea19cb2e061ca02531d54b542ce3",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1761597516,
"narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
"rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
"revCount": 811874,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505"
}
},
"nixpkgs-23-11": {
"locked": {
"lastModified": 1717159533,
"narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
"lastModified": 1686752049,
"narHash": "sha256-GtSbXZ6ia/o+f/I5O/5ee8HGmKuwQWZhtyd2u5y5TOk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"rev": "eafbb465a91939b9a47bc05fcef0f948903755c1",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
}
},
"nixpkgs-master": {
"locked": {
"lastModified": 1767964817,
"narHash": "sha256-w8GpeC0gbKE6ftLbpZx7pgJ1zE9dPkWeOVs36tf481c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d009f91bd474d996c774ea57be5e65935c778577",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-regression": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1767767207,
"narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
"lastModified": 1708341091,
"narHash": "sha256-3R7doGV1AoB5VKFifEd5elj8t4cld6VpJRpn9NaYr1Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5912c1772a44e31bf1c63c0390b90501e5026886",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1766314097,
"narHash": "sha256-laJftWbghBehazn/zxVJ8NdENVgjccsWAdAqKXhErrM=",
"rev": "306ea70f9eb0fb4e040f8540e2deab32ed7e2055",
"revCount": 914780,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.914780%2Brev-306ea70f9eb0fb4e040f8540e2deab32ed7e2055/019b49b8-ed0f-724e-bdaf-5fd90cc1c590/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1767799921,
"narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d351d0653aeb7877273920cd3e823994e7579b0b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1767799921,
"narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d351d0653aeb7877273920cd3e823994e7579b0b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1763934636,
"narHash": "sha256-9glbI7f1uU+yzQCq5LwLgdZqx6svOhZWkd4JRY265fc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ee09932cedcef15aaf476f9343d1dea2cb77e261",
"rev": "86ef6bd96b6279e1a4a53236d341f5df1ede3803",
"type": "github"
},
"original": {
@@ -406,63 +218,107 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1708294118,
"narHash": "sha256-evZzmLW7qoHXf76VCepvun1esZDxHfVRFUJtumD7L2M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e0da498ad77ac8909a980f07eff060862417ccf7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts_2",
"beautysh": "beautysh",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_2"
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1767448089,
"narHash": "sha256-U1fHsZBnFrUil731NHD9Sg5HoiG+eSHau8OFuClhwW0=",
"lastModified": 1704297403,
"narHash": "sha256-g7+4SiXDGzIlWIfANyH1J5CeEaY+Alah6KOm6IO4nIk=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "983751b66f255bbea1adc185364e9e7b73f82358",
"rev": "b3ea5256e07ee9105060cffa075028402946bd63",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "nixos-25.11",
"ref": "nixos-23.11",
"repo": "nixvim",
"type": "github"
}
},
"nuschtosSearch": {
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils",
"ixx": "ixx",
"flake-utils": [
"nixvim",
"beautysh",
"utils"
],
"nixpkgs": [
"nixvim",
"beautysh",
"nixpkgs"
]
},
"locked": {
"lastModified": 1761730856,
"narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=",
"owner": "NuschtOS",
"repo": "search",
"rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b",
"lastModified": 1658665240,
"narHash": "sha256-/wkx7D7enyBPRjIkK0w7QxLQhzEkb3UxNQnjyc3FTUI=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "8b8edc85d24661d5a6d0d71d6a7011f3e699780f",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1703939133,
"narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"darwin": "darwin",
"determinate": "determinate",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_4",
"nixpkgs-master": "nixpkgs-master",
"nix-ld": "nix-ld",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim",
"vpngate": "vpngate"
"nixvim": "nixvim"
}
},
"systems": {
@@ -495,37 +351,18 @@
"type": "github"
}
},
"systems_3": {
"utils": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"vpngate": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1766183672,
"narHash": "sha256-24+gJj4UsxwQmdxSS3Aqo2fl0Ep13sYrTDvcHY24mwA=",
"owner": "davegallant",
"repo": "vpngate",
"rev": "a668484da6b969d29dd2f74d5a4f2323fb48beef",
"type": "github"
},
"original": {
"owner": "davegallant",
"repo": "vpngate",
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}

163
flake.nix
View File

@@ -2,161 +2,26 @@
description = "nixos and macos configurations";
inputs = {
determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:NixOS/nixpkgs/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
home-manager.url = "github:nix-community/home-manager/release-23.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nix-ld.url = "github:Mic92/nix-ld";
nixos-hardware.url = "github:NixOS/nixos-hardware";
darwin = {
url = "github:lnl7/nix-darwin/nix-darwin-25.11";
url = "github:lnl7/nix-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager.url = "github:nix-community/home-manager/release-25.11";
nixvim = {
url = "github:nix-community/nixvim/nixos-25.11";
url = "github:nix-community/nixvim/nixos-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
vpngate.url = "github:davegallant/vpngate";
};
outputs =
{
self,
darwin,
determinate,
home-manager,
nixpkgs,
nixpkgs-unstable,
nixpkgs-master,
vpngate,
...
}@inputs:
let
supportedSystems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in
{
nixosConfigurations =
let
unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config.allowUnfree = true;
};
master = import nixpkgs-master {
system = "x86_64-linux";
config.allowUnfree = true;
};
in
{
hephaestus = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit unstable;
inherit master;
inherit vpngate;
inherit inputs;
};
modules = [
./hosts/hephaestus.nix
./common-packages.nix
home-manager.nixosModules.home-manager
(
{ ... }:
{
config = {
nix = {
settings = {
auto-optimise-store = true;
sandbox = false;
substituters = [ "https://davegallant.cachix.org" ];
trusted-users = [
"root"
];
trusted-public-keys = [
"davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08="
];
};
registry = {
nixpkgs.flake = nixpkgs;
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 14d";
};
};
nixpkgs.overlays = [ (import ./overlays) ];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.dave.imports = [
./home.nix
inputs.nixvim.homeModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
inherit master;
};
};
};
}
)
];
};
};
darwinConfigurations =
let
system = "aarch64-darwin";
unstable = import nixpkgs-unstable {
config.allowUnfree = true;
inherit system;
};
master = import nixpkgs-master {
config.allowUnfree = true;
inherit system;
};
in
{
zelus = darwin.lib.darwinSystem {
inherit system;
specialArgs = {
inherit unstable;
inherit master;
};
modules = [
home-manager.darwinModules.home-manager
./hosts/zelus.nix
./common-packages.nix
(
{ ... }:
{
config = {
nixpkgs.overlays = [ (import ./overlays) ];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users."dave.gallant".imports = [
./home.nix
inputs.nixvim.homeModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
inherit master;
};
};
};
}
)
];
};
};
};
outputs = {...} @ args: import ./outputs.nix args;
}

449
home.nix
View File

@@ -1,449 +0,0 @@
{
lib,
pkgs,
unstable,
...
}:
let
inherit (pkgs) stdenv;
in
{
home.stateVersion = "25.11";
home.packages = with pkgs; [ just ];
services = {
gpg-agent = {
enable = stdenv.isLinux;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
};
};
services.lorri.enable = stdenv.isLinux;
fonts.fontconfig.enable = true;
programs = {
home-manager.enable = true;
direnv.enable = true;
diff-so-fancy = {
enable = true;
enableGitIntegration = true;
};
git = {
enable = true;
lfs.enable = true;
settings = {
user.name = "Dave Gallant";
user.signingkey = "5A548984C7377E4D";
commit.gpgsign = true;
tag.gpgsign = true;
alias = {
aa = "add -A .";
br = "branch";
c = "commit";
cm = "commit -m";
ca = "commit --amend";
cane = "commit --amend --no-edit";
cb = "checkout -b";
co = "checkout";
cmp = "! git checkout main && git pl";
d = "diff";
dc = "diff --cached";
dcn = "diff --cached --name-only";
l = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
ms = "merge --squash";
p = "push origin";
pf = "push -f";
pl = "! git pull origin $(git rev-parse --abbrev-ref HEAD)";
st = "status";
wip = "for-each-ref --sort='authordate:iso8601' --format=' %(color:green)%(authordate:relative)%09%(color:white)%(refname:short)' refs/heads";
};
push = {
default = "current";
};
pull = {
rebase = true;
};
};
includes = [ { path = "~/.gitconfig-work"; } ];
};
alacritty = {
enable = stdenv.isLinux;
settings = {
window.padding.x = 10;
window.padding.y = 10;
scrolling.history = 100000;
general.live_config_reload = true;
terminal.shell = {
program = "fish";
};
font = {
size = lib.mkForce 14.0;
};
window = {
opacity = lib.mkForce 0.9;
};
};
};
starship = {
enable = true;
enableFishIntegration = true;
settings = {
add_newline = false;
gcloud = {
format = "";
};
kubernetes = {
disabled = false;
};
};
};
fish = {
enable = true;
interactiveShellInit = ''
set fish_greeting
bind \cw backward-kill-word
set -x DOCKER_CLI_HINTS false
set -x DOCKER_DEFAULT_PLATFORM linux/amd64
set -x EDITOR vim
set -x NNN_FIFO "$XDG_RUNTIME_DIR/nnn.fifo"
set -x PAGER less
set -x TERM xterm-256color
set -x PATH $PATH \
~/.cargo/bin \
~/.local/bin \
~/.npm-packages/bin \
/opt/homebrew/bin \
~/.krew/bin \
~/bin
# golang
set -x GOPATH ~/go
set -x GOBIN $GOPATH/bin
set -x PATH $PATH $GOBIN
source $HOME/work.fish
# '';
shellInit = ''
atuin init fish | source
helm completion fish | source
kubectl completion fish | source
'';
shellAliases = {
".." = "cd ..";
g = "git";
gc = "git checkout $(git branch | fzf)";
gco = "git checkout $(git branch -r | sed -e 's/^ origin\\///' | fzf)";
gho = "gh repo view --web >/dev/null";
gr = "cd $(git rev-parse --show-toplevel)";
grep = "rg --smart-case";
j = "just";
k = "kubecolor";
kubectl = "kubecolor";
kp = "viddy 'kubectl get pods'";
kcx = "kubectx";
kns = "kubens";
l = "eza -la --git --group-directories-first";
m = "make";
nix-install = "nix-env -iA";
t = "cd-fzf";
tf = "terraform";
tree = "eza --tree";
v = "nvim";
};
};
go = {
enable = true;
};
fzf = {
enable = true;
};
nnn = {
enable = stdenv.isLinux;
package = pkgs.nnn.override ({ withNerdIcons = true; });
bookmarks = {
d = "~/Downloads";
p = "~/src/";
c = "~/.config";
h = "~";
};
extraPackages = with pkgs; [
bat
eza
fzf
imv
mediainfo
ffmpegthumbnailer
];
plugins = {
src = "${pkgs.nnn.src}/plugins";
mappings = {
p = "preview-tui";
o = "fzopen";
};
};
};
nixvim = {
enable = true;
viAlias = true;
vimAlias = true;
keymaps = [
{
key = "<C-n>";
mode = [ "n" ];
action = "<cmd>tabnew<cr>";
options = {
silent = true;
};
}
{
key = "<leader>y";
mode = [ "v" ];
action = ''"+y''; # copy to OS clipboard
}
{
key = "<leader>t";
mode = [ "n" ];
action = "<cmd>NvimTreeFindFileToggle<CR>";
}
{
key = "gD";
mode = [ "n" ];
action = "<cmd>lua vim.lsp.buf.declaration()<CR>";
}
{
key = "gd";
mode = [ "n" ];
action = "<cmd>lua vim.lsp.buf.definition()<CR>";
}
{
key = "gr";
mode = [ "n" ];
action = "<cmd>lua vim.lsp.buf.references()<CR>";
}
{
key = "<leader>ff";
mode = [ "n" ];
action = "<cmd>Telescope find_files<CR>";
}
{
key = "<leader>fg";
mode = [ "n" ];
action = "<cmd>Telescope live_grep<CR>";
}
];
plugins = {
auto-save.enable = true;
cmp-path.enable = true;
cmp-treesitter.enable = true;
commentary.enable = true;
diffview.enable = true;
gitblame.enable = true;
gitsigns.enable = true;
gitlinker.enable = true;
lualine.enable = true;
lsp.enable = true;
lsp.servers = {
bashls.enable = true;
dockerls.enable = true;
gopls.enable = true;
helm_ls.enable = true;
jsonls.enable = true;
nixd.enable = true;
terraformls.enable = true;
yamlls.enable = true;
};
lsp-format = {
enable = true;
settings = {
terraform = { };
nix = { };
go = { };
};
};
cmp.enable = true;
nvim-tree.enable = true;
rainbow-delimiters.enable = true;
treesitter.enable = true;
telescope = {
enable = true;
settings.defaults = {
layout_strategy = "vertical";
layout_config = {
vertical = {
width = 0.9;
};
};
};
package = pkgs.vimPlugins.telescope-fzy-native-nvim;
};
web-devicons.enable = true;
};
opts = {
autoindent = true;
backup = false;
belloff = "all";
completeopt = [
"menuone"
"noselect"
];
cursorline = true;
expandtab = true;
fillchars = {
diff = "";
eob = " ";
vert = "";
};
hlsearch = true;
ignorecase = true;
incsearch = true;
modelines = 5;
mouse = "a";
number = true;
pumblend = 10;
scrolloff = 3;
shell = "bash";
shiftround = false;
shiftwidth = 2;
showbreak = " ";
showcmd = true;
sidescroll = 0;
sidescrolloff = 3;
smartcase = true;
smarttab = true;
spellcapcheck = "";
splitbelow = true;
splitright = true;
swapfile = false;
switchbuf = "usetab";
tabstop = 2;
termguicolors = true;
wildmenu = true;
};
extraConfigLua = ''
-- https://github.com/orgs/community/discussions/108329
vim.cmd([[let g:copilot_filetypes = {'yaml': v:true}]])
vim.cmd([[let g:copilot_filetypes = {'gitcommit': v:true}]])
-- Format JSON
vim.cmd([[command! JsonFormat execute "::%!jq '.'"]])
-- Remember line number
vim.cmd([[au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif]])
-- Replace visual selection
vim.cmd([[vnoremap <C-r> "hy:%s/<C-r>h//g<left><left>]])
-- Indent YAML
vim.cmd([[au FileType yaml setlocal ts=2 sts=2 sw=2 expandtab]])
-- Indent Python
vim.cmd([[au BufNewFile,BufRead *.py set tabstop=4 softtabstop=4 shiftwidth=4 textwidth=79 expandtab autoindent fileformat=unix]])
-- Highlight whitespace
vim.cmd([[highlight ExtraWhitespace ctermbg=red guibg=red]])
vim.cmd([[match ExtraWhitespace /\s\+$/]])
-- folding
vim.api.nvim_exec(
[[
set foldmethod=expr
set foldlevel=20
set nofoldenable
set foldexpr=nvim_treesitter#foldexpr()
]],
true
)
'';
};
zed-editor = {
enable = stdenv.isLinux;
package = unstable.zed-editor;
extensions = [
"ansible"
"color-highlight"
"dockerfile"
"html"
"make"
"material-icon-theme"
"nix"
"toml"
"vue"
];
userSettings = {
icon_theme = "Material Icon Theme";
features = {
edit_prediction_provider = "copilot";
};
vim_mode = true;
vim = {
use_system_clipboard = "on_yank";
};
autosave = "on_focus_change";
format_on_save = "off";
ui_font_size = lib.mkForce 18;
buffer_font_size = lib.mkForce 16;
};
userKeymaps = [
{
context = "Editor && !menu";
bindings = {
"ctrl-shift-c" = "editor::Copy";
"ctrl-shift-x" = "editor::Cut";
"ctrl-shift-v" = "editor::Paste";
"ctrl-z" = "editor::Undo";
};
}
];
};
firefox = {
enable = stdenv.isLinux;
package = pkgs.librewolf;
profiles = {
default = {
id = 0;
isDefault = true;
settings = {
"privacy.resistFingerprinting" = false; # breaks timezone
"dom.push.connection.enabled" = false;
"dom.push.enabled" = false;
"geo.enabled" = false;
"intl.regional_prefs.use_os_locales" = true;
"services.sync.prefs.sync.intl.regional._prefs.use_os_locates" = false;
};
};
};
};
};
}

569
home/default.nix Normal file
View File

@@ -0,0 +1,569 @@
{
lib,
pkgs,
unstable,
...
}: let
inherit (pkgs) stdenv;
in {
home.stateVersion = "23.11";
services = {
gpg-agent = {
enable = stdenv.isLinux;
defaultCacheTtl = 3600;
defaultCacheTtlSsh = 3600;
enableSshSupport = true;
};
};
fonts.fontconfig.enable = true;
programs = {
home-manager.enable = true;
direnv.enable = true;
git = {
enable = true;
userName = "Dave Gallant";
lfs.enable = true;
aliases = {
aa = "add -A .";
br = "branch";
c = "commit -S";
ca = "commit -S --amend";
cane = "commit -S --amend --no-edit";
cb = "checkout -b";
co = "checkout";
cmp = "! git checkout main && git pl";
d = "diff";
dc = "diff --cached";
dcn = "diff --cached --name-only";
ds = "! git diff origin | sed -r 's/value: (.*)/value: \"************\"/'";
l = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit";
ms = "merge --squash";
p = "push origin";
pf = "push -f";
pl = "! git pull origin $(git rev-parse --abbrev-ref HEAD)";
st = "status";
wip = "for-each-ref --sort='authordate:iso8601' --format=' %(color:green)%(authordate:relative)%09%(color:white)%(refname:short)' refs/heads";
};
includes = [{path = "~/.gitconfig-work";}];
delta = {
enable = true;
options = {
features = "line-numbers decorations";
whitespace-error-style = "22 reverse";
plus-style = "green bold ul '#198214'";
decorations = {
commit-decoration-style = "bold yellow box ul";
file-style = "bold yellow ul";
file-decoration-style = "none";
};
};
};
extraConfig = {
push = {default = "current";};
pull = {rebase = true;};
};
};
starship = {
enable = true;
enableZshIntegration = true;
settings = {
add_newline = false;
scan_timeout = 10;
character = {error_symbol = "[](bold red)";};
gcloud = {
format = "[$symbol($project) ~ $region]($style)";
};
kubernetes = {
disabled = false;
context_aliases = {
".*stg_.*" = "stg";
".*test_.*" = "test";
".*prd_.*" = "prd";
};
};
};
};
zsh = {
enable = true;
enableAutosuggestions = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
history.size = 1000000;
localVariables = {
CASE_SENSITIVE = "true";
DISABLE_UNTRACKED_FILES_DIRTY = "true";
RPROMPT = ""; # override because macOS defaults to filepath
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=#838383,underline";
ZSH_DISABLE_COMPFIX = "true";
};
envExtra = ''
export PAGER=less
export EDITOR=vim
export PATH=$PATH:~/.cargo/bin
export PATH=$PATH:~/.local/bin
export PATH=$PATH:~/.npm-packages/bin
export PATH=$PATH:/opt/homebrew/bin
export PATH=$PATH:~/.krew/bin
export PATH=$PATH:~/bin
export GOPATH=~/go
export GOBIN=$GOPATH/bin
export PATH=$PATH:$GOBIN
export WINEPREFIX=~/.wine32
# homebrew for x86
export PATH=$PATH:/usr/local/homebrew/bin
'';
initExtra = ''
setopt noincappendhistory
source $HOME/.zsh-work
if [[ "$OSTYPE" == "darwin"* ]];
then
export PATH = "$(brew --prefix)/opt/gnu-tar/libexec/gnubin:$PATH"
export
PATH="$(brew --prefix)/opt/gnu-sed/libexec/gnubin:$PATH"
alias xdg-open=open
fi
# helm
source <(helm completion zsh)
# kubectl
source <(kubectl completion zsh)
# kubecolor
source <(kubectl completion zsh)
alias kubectl=kubecolor
# make completion work with kubecolor
compdef kubecolor=kubectl
pfetch
'';
shellAliases = {
".." = "cd ..";
c = "code";
g = "git";
gc = "git checkout $(git branch | fzf)";
gco = "git checkout $(git branch -r | sed -e 's/^ origin\\///' | fzf)";
gr = "cd $(git rev-parse --show-toplevel)";
gho = "gh repo view --web >/dev/null";
grep = "rg --smart-case";
k = "kubecolor";
kcx = "kubectx";
kns = "kubens";
l = "eza -la --git --group-directories-first";
m = "make";
ps = "procs";
t = "tmux-sessionizer";
tf = "terraform";
tree = "eza --tree";
v = "nvim";
nix-install = "nix-env -iA";
brew-x86 = "arch -x86_64 /usr/local/homebrew/bin/brew";
};
"oh-my-zsh" = {
enable = true;
plugins = [
"gitfast"
"last-working-dir"
"tmux"
];
};
};
alacritty = {
enable = true;
settings = {
window.padding.x = 10;
window.padding.y = 10;
scrolling.history = 100000;
live_config_reload = true;
mouse.hide_when_typing = false;
font =
if stdenv.isLinux
then {
normal.family = "Fira Code";
size = 12;
}
else {
normal.family = "FiraCode Nerd Font";
size = 16;
};
shell = {
program = "zsh";
args = ["-l" "-c" "tmux" "u"];
};
colors = {
primary.background = "0x282828";
primary.foreground = "0xebdbb2";
normal = {
black = "0x282828";
red = "0xcc241d";
green = "0x98971a";
yellow = "0xd79921";
blue = "0x458588";
magenta = "0xb16286";
cyan = "0x689d6a";
white = "0xa89984";
};
bright = {
black = "0x928374";
red = "0xfb4934";
green = "0xb8bb26";
yellow = "0xfabd2f";
blue = "0x83a598";
magenta = "0xd3869b";
cyan = "0x8ec07c";
white = "0xebdbb2";
};
key_bindings = [
{
key = "Home";
mods = "Control";
action = "ResetFontSize";
}
{
key = "Plus";
mods = "Control";
action = "IncreaseFontSize";
}
{
key = "Minus";
mods = "Control";
action = "DecreaseFontSize";
}
];
};
};
};
autojump = {
enable = true;
enableZshIntegration = true;
};
go = {
enable = true;
};
tmux = {
enable = true;
clock24 = true;
terminal = "xterm-256color";
customPaneNavigationAndResize = true;
plugins = with pkgs.tmuxPlugins; [
{
plugin = pain-control;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-pain-control'";
}
{
plugin = sensible;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-sensible'";
}
{
plugin = sessionist;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-sessionist'";
}
{
plugin = yank;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-yank'";
}
{
plugin = sensible;
extraConfig = "set -g @plugin 'tmux-plugins/tmux-sensible'";
}
{
plugin = tmux-colors-solarized;
extraConfig = ''
set -g @plugin 'seebi/tmux-colors-solarized'
set -g @colors-solarized 'dark'
'';
}
{
plugin = resurrect;
extraConfig = ''
set -g @plugin 'tmux-plugins/tmux-resurrect'
'';
}
{
plugin = continuum;
extraConfig = ''
set -g @plugin 'tmux-plugins/tmux-continuum'
set -g @continuum-restore 'on'
'';
}
];
extraConfig = ''
set-window-option -g automatic-rename on
set-option -g set-titles on
set -g mouse on
set -g status-left-length 30
set -g status-right-length 150
set -g xterm-keys on
set -g pane-border-status top
set -g set-titles on
set -g display-panes-time 800
set -g display-time 2000
set -q -g utf8 on
set -g monitor-activity on
set -g visual-activity off
set -g status-right '#(gitmux #{pane_current_path})'
'';
};
rofi = {
enable = stdenv.isLinux;
plugins = [pkgs.rofi-emoji];
terminal = "${pkgs.alacritty}/bin/alacritty";
font = "Fira Font Mono 24";
theme = "gruvbox-dark";
extraConfig = {
modi = "drun,run";
show-icons = true;
};
};
fzf = {
enable = true;
enableZshIntegration = true;
};
nixvim = {
enable = true;
viAlias = true;
vimAlias = true;
colorschemes.gruvbox.enable = true;
keymaps = [
{
key = "<C-n>";
mode = ["n"];
action = "<cmd>tabnew<cr>";
options = {
silent = true;
};
}
# copy to OS clipboard
{
key = "<leader>y";
mode = ["v"];
action = "\"+y";
}
{
key = "gD";
mode = ["n"];
action = "<cmd>lua vim.lsp.buf.declaration()<CR>";
}
{
key = "gd";
mode = ["n"];
action = "<cmd>lua vim.lsp.buf.definition()<CR>";
}
{
key = "gr";
mode = ["n"];
action = "<cmd>lua vim.lsp.buf.references()<CR>";
}
];
plugins = {
copilot-vim.enable = true;
cmp-path.enable = true;
cmp-treesitter.enable = true;
commentary.enable = true;
diffview.enable = true;
gitblame.enable = true;
gitsigns.enable = true;
lualine.enable = true;
lsp.enable = true;
lsp.servers = {
#ansiblels.enable = true;
bashls.enable = true;
#dockerls.enable = true;
gopls.enable = true;
#helm-ls.enable = true;
jsonls.enable = true;
pyright.enable = true;
nixd.enable = true;
terraformls.enable = true;
yamlls.enable = true;
};
nvim-cmp.enable = true;
rainbow-delimiters.enable = true;
treesitter.enable = true;
telescope = {
enable = true;
defaults = {
layout_strategy = "vertical";
layout_config = {
vertical = {
width = 0.9;
};
};
};
package = pkgs.vimPlugins.telescope-fzy-native-nvim;
keymaps = {
"<leader>ff" = {
action = "git_files";
desc = "Telescope Git Files";
};
"<leader>fg" = "live_grep";
};
keymapsSilent = true;
};
};
options = {
autoindent = true;
backup = false;
belloff = "all";
completeopt = [
"menuone"
"noselect"
];
cursorline = true;
expandtab = true;
fillchars = {
diff = "";
eob = " ";
vert = "";
};
hlsearch = true;
ignorecase = true;
incsearch = true;
modelines = 5;
mouse = "a";
number = true;
pumblend = 10;
scrolloff = 3;
shell = "bash";
shiftround = false;
shiftwidth = 2;
showbreak = " ";
showcmd = true;
sidescroll = 0;
sidescrolloff = 3;
smartcase = true;
smarttab = true;
spellcapcheck = "";
splitbelow = true;
splitright = true;
swapfile = false;
switchbuf = "usetab";
tabstop = 2;
termguicolors = true;
wildmenu = true;
};
extraConfigLua = ''
-- Format JSON
vim.cmd([[command! JsonFormat execute "::%!jq '.'"]])
-- Remember line number
vim.cmd([[au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif]])
-- Replace visual selection
vim.cmd([[vnoremap <C-r> "hy:%s/<C-r>h//g<left><left>]])
-- Indent YAML
vim.cmd([[au FileType yaml setlocal ts=2 sts=2 sw=2 expandtab]])
-- Indent Python
vim.cmd([[au BufNewFile,BufRead *.py set tabstop=4 softtabstop=4 shiftwidth=4 textwidth=79 expandtab autoindent fileformat=unix]])
-- Highlight whitespace
vim.cmd([[highlight ExtraWhitespace ctermbg=red guibg=red]])
vim.cmd([[match ExtraWhitespace /\s\+$/]])
-- folding
vim.api.nvim_exec(
[[
set foldmethod=expr
set foldlevel=20
set nofoldenable
set foldexpr=nvim_treesitter#foldexpr()
]],
true
)
'';
};
vscode = {
enable = true;
package = pkgs.vscode;
extensions = with pkgs.vscode-extensions;
[
bbenoist.nix
github.vscode-pull-request-github
golang.go
hashicorp.terraform
ms-dotnettools.csharp
ms-kubernetes-tools.vscode-kubernetes-tools
redhat.vscode-yaml
]
++ lib.optionals stdenv.isLinux [
ms-vsliveshare.vsliveshare
ms-python.python
];
};
firefox = {
enable = stdenv.isLinux;
package = unstable.firefox-devedition;
profiles = {
default = {
id = 0;
isDefault = true;
settings = {
"privacy.resistFingerprinting" = false; # breaks timezone
"dom.push.connection.enabled" = false;
"dom.push.enabled" = false;
"geo.enabled" = false;
"intl.regional_prefs.use_os_locales" = true;
"services.sync.prefs.sync.intl.regional._prefs.use_os_locates" = false;
};
name = "dev-edition-default";
path = "6b7pm104.dev-edition-default";
};
};
};
};
}

482
hosts/hephaestus.nix
View File

@@ -1,482 +0,0 @@
{
config,
lib,
inputs,
master,
modulesPath,
pkgs,
unstable,
vpngate,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
security.sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = true;
};
boot = {
kernelModules = [
"kvm-amd"
];
kernelPackages = pkgs.linuxPackages;
kernelParams = [
"amd_iommu=on"
];
loader = {
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot/efi";
grub = {
enable = true;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
};
supportedFilesystems = [
"ntfs"
];
initrd = {
availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
luks.devices."root" = {
allowDiscards = true;
device = "/dev/disk/by-uuid/89a14ac5-7723-4a0a-bb95-fb2fb2e92160";
preLVM = true;
keyFile = "./keyfile0.bin";
};
secrets = {
"keyfile0.bin" = "/etc/secrets/initrd/keyfile0.bin";
};
};
};
environment.systemPackages =
with pkgs;
[
bleachbit
calibre
clamtk
cryptsetup
dbeaver-bin
discord
freefilesync
gimp-with-plugins
google-chrome
hardinfo2
httpie-desktop
heroic
iputils
kdePackages.bluedevil
kdePackages.kcalc
kdePackages.kcharselect
kdePackages.kclock
kdePackages.kcolorchooser
kdePackages.ksystemlog
kdePackages.partitionmanager
kdePackages.sddm-kcm
libation
lutris
mupen64plus
nfs-utils
onlyoffice-desktopeditors
opensnitch-ui
pciutils
pika-backup
pinentry-curses
pinta
protonup-qt
qbittorrent
qemu
traceroute
unrar
unstable.beszel
unstable.ktailctl
unstable.mcpelauncher-ui-qt
unstable.obsidian
unstable.podman
unstable.podman-compose
unstable.podman-desktop
unstable.ryubing
unstable.signal-desktop-bin
unstable.tailscale
unstable.zoom-us
usbutils
virt-manager
vlc
vpngate.packages.x86_64-linux.default
wayland-utils
whois
wine
wl-clipboard
];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/7f4f0948-041c-47e9-ab28-53132026f158";
fsType = "ext4";
};
"/boot/efi" = {
device = "/dev/disk/by-uuid/F1BD-5227";
fsType = "vfat";
};
"/mnt/synology-2b/media" = {
device = "192.168.1.178:/volume1/Media";
fsType = "nfs";
};
"/mnt/truenas/home/backups" = {
device = "192.168.1.132:/mnt/wd4t/data/home/backup/";
fsType = "nfs";
};
};
fonts.packages = with pkgs; [
dejavu_fonts
fira-mono
font-awesome
liberation_ttf
nerd-fonts.droid-sans-mono
nerd-fonts.fira-code
nerd-fonts.symbols-only
nerd-fonts.ubuntu
nerd-fonts.ubuntu-mono
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
noto-fonts
];
fonts.fontconfig.defaultFonts = {
sansSerif = [ "Noto Sans" ];
serif = [ "Noto Serif" ];
monospace = [ "Noto Sans Mono" ];
emoji = [ "Noto Color Emoji" ];
};
nixpkgs = {
hostPlatform = "x86_64-linux";
config = {
allowUnfree = true;
};
};
networking = {
iproute2.enable = true;
hostName = "hephaestus";
hostId = "0e8aad53";
interfaces."enp34s0" = {
useDHCP = true;
wakeOnLan = {
enable = true;
policy = [ "magic" ];
};
};
firewall = {
allowPing = false;
enable = true;
checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ];
};
};
users.users.beszel = {
isSystemUser = true;
group = "beszel";
description = "Beszel Agent service user";
};
users.groups.beszel = { };
systemd.services = {
NetworkManager-wait-online.enable = false;
beszel-agent = {
description = "Beszel Agent Service";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Environment = [
"PORT=45876"
''KEY="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaNtnkc+3+fJU+bTO6fibID9FHgFjei0sjJNqvcYtG8"''
];
ExecStart = "${lib.getBin unstable.beszel}/bin/beszel-agent";
User = "beszel";
Restart = "always";
RestartSec = 5;
};
};
};
services = {
mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
};
system = {
autoUpgrade.enable = true;
stateVersion = "25.11";
activationScripts = {
diff = {
supportsDryActivation = true;
text = ''
if [[ -e /run/current-system ]]; then
echo -e "\e[36mPackage version diffs:\e[0m"
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
fi
'';
};
};
};
nix = {
extraOptions = "experimental-features = nix-command flakes";
settings.trusted-users = [ "root" "@wheel" ];
};
users.users.dave = {
isNormalUser = true;
extraGroups = [
"wheel"
"libvirtd"
];
shell = pkgs.fish;
};
i18n.defaultLocale = "en_US.UTF-8";
i18n.inputMethod = {
enable = true;
type = "ibus";
ibus.engines = with pkgs.ibus-engines; [ anthy ];
};
time.timeZone = "America/Toronto";
hardware.bluetooth.enable = true;
hardware.graphics = {
enable = true;
enable32Bit = true;
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
documentation.man.generateCaches = false;
programs = {
fish.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
kdeconnect.enable = true;
nix-ld.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;
};
};
services.avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm.enable = true;
displayManager.sddm.wayland.enable = true;
};
services.printing.enable = true;
services.resolved.enable = true;
services.sshd.enable = true;
services.tailscale = {
enable = true;
package = unstable.tailscale;
};
services.clamav.daemon.enable = true;
services.clamav.updater.enable = true;
services.opensnitch = {
enable = true;
rules = {
avahi-ipv4 = {
name = "Allow avahi daemon IPv4";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
operand = "process.path";
sensitive = false;
data = "${lib.getBin pkgs.avahi}/bin/avahi-daemon";
}
{
type = "network";
operand = "dest.network";
data = "224.0.0.0/24";
}
];
};
};
systemd-timesyncd = {
name = "systemd-timesyncd";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-timesyncd";
};
};
systemd-resolved = {
name = "systemd-resolved";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.systemd}/lib/systemd/systemd-resolved";
};
};
localhost = {
name = "Allow all localhost";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "regexp";
operand = "dest.ip";
sensitive = false;
data = "^(127\\.0\\.0\\.1|::1)$";
list = [ ];
};
};
nix-update = {
name = "Allow Nix";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.nix}/bin/nix";
}
{
type = "regexp";
operand = "dest.host";
sensitive = false;
data = "^(([a-z0-9|-]+\\.)*github\\.com|([a-z0-9|-]+\\.)*nixos\\.org)$";
}
];
};
};
NetworkManager = {
name = "Allow NetworkManager";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.networkmanager}/bin/NetworkManager";
}
{
type = "simple";
operand = "dest.port";
sensitive = false;
data = "67";
}
{
type = "simple";
operand = "protocol";
sensitive = false;
data = "udp";
}
];
};
};
ssh-github = {
name = "Allow SSH to github";
enabled = true;
action = "allow";
duration = "always";
operator = {
type = "list";
operand = "list";
list = [
{
type = "simple";
sensitive = false;
operand = "process.path";
data = "${lib.getBin pkgs.openssh}/bin/ssh";
}
{
type = "simple";
operand = "dest.host";
sensitive = false;
data = "github.com";
}
];
};
};
};
};
virtualisation = {
podman.enable = true;
libvirtd = {
enable = true;
qemu.swtpm.enable = true;
};
};
}

130
hosts/zelus.nix
View File

@@ -1,130 +0,0 @@
{ pkgs, ... }:
{
nixpkgs = {
config = {
allowUnfree = true;
};
};
networking = {
hostName = "zelus";
};
nix.enable = false;
system.stateVersion = 4;
users.users."dave.gallant".home = "/Users/dave.gallant";
users.users."dave.gallant".shell = pkgs.fish;
programs.fish.enable = true;
system.primaryUser = "dave.gallant";
system.defaults = {
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = true;
};
dock = {
autohide = true;
tilesize = 50;
orientation = "bottom";
persistent-apps = [
"/Applications/iTerm.app"
"/Applications/Google Chrome.app"
"/Applications/LibreWolf.app"
"/Applications/Obsidian.app"
"/Applications/Slack.app"
"/Applications/zoom.us.app"
];
};
NSGlobalDomain.AppleShowAllExtensions = true;
NSGlobalDomain.AppleShowScrollBars = "Always";
NSGlobalDomain.NSUseAnimatedFocusRing = false;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode = true;
NSGlobalDomain.NSNavPanelExpandedStateForSaveMode2 = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint = true;
NSGlobalDomain.PMPrintingExpandedStateForPrint2 = true;
NSGlobalDomain.NSDocumentSaveNewDocumentsToCloud = false;
NSGlobalDomain.ApplePressAndHoldEnabled = false;
NSGlobalDomain.InitialKeyRepeat = 25;
NSGlobalDomain.KeyRepeat = 2;
NSGlobalDomain."com.apple.mouse.tapBehavior" = 1;
NSGlobalDomain.NSWindowShouldDragOnGesture = true;
NSGlobalDomain.NSAutomaticSpellingCorrectionEnabled = false;
LaunchServices.LSQuarantine = false; # disables "Are you sure?" for new apps
loginwindow.GuestEnabled = false;
finder.FXPreferredViewStyle = "Nlsv";
};
security.pam.services.sudo_local.touchIdAuth = true;
homebrew = {
enable = true;
onActivation = {
cleanup = "zap";
autoUpdate = true;
upgrade = true;
};
global = {
brewfile = true;
};
brews = [
"argocd"
"azure-cli"
"coreutils"
"gnu-sed"
"gnu-tar"
"k6"
"node"
"oras"
"vault"
];
casks = [
"claude-code"
"discord"
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"fork"
"freelens"
"iterm2"
"karabiner-elements"
"knockknock"
"librewolf"
"lulu"
"notunes"
"obsidian"
"raycast"
"rectangle"
"signal"
"slack"
"spotify"
"stats"
"steam"
"taskexplorer"
"tailscale-app"
"vlc"
"whisky"
"zed"
];
taps = [
"hashicorp/tap"
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
}

33
justfile
View File

@@ -1,33 +0,0 @@
set export
alias u := update
alias r := rebuild
arch := `uname -s`
cmd := if arch == "Linux" { "nixos-rebuild --sudo" } else { "sudo darwin-rebuild" }
rebuild:
$cmd switch --flake .
rebuild-boot:
$cmd boot --flake . --install-bootloader
rollback:
sudo $cmd switch --rollback --flake .
channel-update:
nix-channel --update
sudo nix-channel --update
update:
@./update-flake.sh
fmt:
nixfmt *.nix
clean:
echo 'Cleaning user...'
nix-collect-garbage -d
echo 'Cleaning root...'
sudo nix-collect-garbage -d

3
modules/common/darwin.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
nix.extraOptions = "experimental-features = nix-command flakes";
}

22
modules/common/fonts.nix Normal file
View File

@@ -0,0 +1,22 @@
{pkgs, ...}: {
fonts.packages = with pkgs; [
dejavu_fonts
fira-code
fira-code-symbols
fira-mono
font-awesome
google-fonts
liberation_ttf
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
noto-fonts-extra
];
fonts.fontconfig.defaultFonts = {
sansSerif = ["Noto Sans"];
serif = ["Noto Serif"];
monospace = ["Noto Sans Mono"];
emoji = ["Noto Color Emoji"];
};
}

101
modules/common/linux.nix Normal file
View File

@@ -0,0 +1,101 @@
{pkgs, ...}: {
boot.kernelPackages = pkgs.linuxPackages;
boot.supportedFilesystems = ["ntfs"];
system = {
autoUpgrade.enable = true;
stateVersion = "23.11";
};
nix = {
extraOptions = "experimental-features = nix-command flakes";
package = pkgs.nixUnstable;
};
users.users.dave = {
isNormalUser = true;
extraGroups = ["docker" "wheel" "libvirtd" "corectrl"];
shell = pkgs.zsh;
};
i18n.defaultLocale = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
time.timeZone = "America/Toronto";
hardware.pulseaudio.enable = true;
# Enable Vulkan
hardware.opengl.driSupport = true;
hardware.opengl.driSupport32Bit = true;
# Enable Steam
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [libva];
hardware.pulseaudio.support32Bit = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
virtualisation = {
docker.enable = true;
libvirtd.enable = true;
podman.enable = true;
};
programs = {
corectrl.enable = true;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh.enable = true;
};
services = {
avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
gnome.gnome-keyring.enable = true;
mullvad-vpn.enable = false;
printing.enable = true;
resolved.enable = true;
xserver = {
enable = true;
displayManager = {
gdm = {
enable = true;
wayland = false;
};
};
desktopManager = {
gnome = {
enable = true;
};
};
};
};
networking = {
iproute2.enable = true;
firewall = {
allowPing = false;
enable = true;
checkReversePath = "loose";
trustedInterfaces = ["tailscale0"];
};
};
}

58
modules/darwin/brew.nix Normal file
View File

@@ -0,0 +1,58 @@
{
config,
lib,
pkgs,
...
}: let
checkBrew = "command -v brew > /dev/null";
in {
environment = {
extraInit = ''
${checkBrew} || >&2 echo "brew is not installed (install it via https://brew.sh)"
'';
};
homebrew = {
enable = true;
onActivation.autoUpdate = false;
onActivation.upgrade = false;
global = {
brewfile = true;
};
brews = [
"coreutils"
"gnu-sed"
"gnu-tar"
"helm"
"netdata"
"node"
"podman"
"podman-compose"
];
casks = [
"dbeaver-community"
"font-fira-code-nerd-font"
"font-hack-nerd-font"
"karabiner-elements"
"logseq"
"lulu"
"notunes"
"obsidian"
"podman-desktop"
"postman"
"raycast"
"rectangle"
"stats"
"warp"
];
taps = [
"homebrew/bundle"
"homebrew/cask-fonts"
"homebrew/cask-versions"
"homebrew/services"
];
};
}

7
modules/darwin/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{pkgs, ...}: {
users.users."dave.gallant".home = "/Users/dave.gallant";
imports = [
./brew.nix
./preferences.nix
];
}

57
modules/darwin/preferences.nix Normal file
View File

@@ -0,0 +1,57 @@
{
config,
pkgs,
...
}: {
system.defaults = {
loginwindow = {
GuestEnabled = false;
SHOWFULLNAME = false;
};
finder = {
AppleShowAllExtensions = true;
FXEnableExtensionChangeWarning = true;
_FXShowPosixPathInTitle = true;
};
trackpad = {
ActuationStrength = 0;
Clicking = true;
FirstClickThreshold = 1;
SecondClickThreshold = 1;
TrackpadRightClick = false;
};
# firewall
alf = {
# 0 = disabled 1 = enabled 2 = blocks all connections except for essential services
globalstate = 1;
loggingenabled = 0;
stealthenabled = 1;
};
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 1.0;
tilesize = 50;
static-only = false;
showhidden = false;
show-recents = false;
show-process-indicators = true;
orientation = "bottom";
mru-spaces = false;
};
NSGlobalDomain = {
"com.apple.sound.beep.feedback" = 0;
"com.apple.sound.beep.volume" = 0.000;
ApplePressAndHoldEnabled = false;
InitialKeyRepeat = 10;
KeyRepeat = 2;
AppleShowAllExtensions = true;
AppleShowScrollBars = "Automatic";
};
};
}

31
modules/machines/hephaestus/configuration.nix Normal file
View File

@@ -0,0 +1,31 @@
{
config,
pkgs,
...
}: {
imports = [./hardware.nix];
hardware.opengl.enable = true;
nixpkgs.config.allowUnfree = true;
networking = {
hostName = "hephaestus";
interfaces.enp34s0 = {
useDHCP = true;
};
firewall = {
allowedUDPPorts = [
41641 # tailscale
];
};
};
systemd.services.NetworkManager-wait-online.enable = false;
services = {
sshd.enable = true;
tailscale.enable = true;
xserver.videoDrivers = ["amdgpu"];
};
}

78
modules/machines/hephaestus/hardware.nix Normal file
View File

@@ -0,0 +1,78 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
nixpkgs.hostPlatform = "x86_64-linux";
boot.initrd.availableKernelModules = [
"ahci"
"nvme"
"sd_mod"
"usb_storage"
"usbhid"
"xhci_pci"
];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = with config.boot.kernelPackages; [
xpadneo
];
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
device = "nodev";
efiSupport = true;
enableCryptodisk = true;
};
boot.initrd = {
luks.devices."root" = {
allowDiscards = true;
device = "/dev/disk/by-uuid/21cd166c-1528-49a4-b31b-0d408d48aa80";
preLVM = true;
keyFile = "./keyfile0.bin";
};
secrets = {
"keyfile0.bin" = "/etc/secrets/initrd/keyfile0.bin";
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
fileSystems."/" = {
device = "/dev/disk/by-uuid/a6723178-6f18-428e-b541-9ac901861125";
fsType = "ext4";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/e3ab2e1a-bddf-4ae0-b00a-bf954c6c182b";
fsType = "ext4";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/3CFD-D749";
fsType = "vfat";
};
fileSystems."/mnt/synology-2b/media" = {
device = "192.168.1.178:/volume1/Media";
fsType = "nfs";
};
fileSystems."/mnt/synology-2b/backups" = {
device = "192.168.1.178:/volume1/Backups";
fsType = "nfs";
};
swapDevices = [
{device = "/dev/disk/by-uuid/5d6d0388-2b15-4ff1-9f0f-391818a76090";}
];
}

19
modules/machines/zelus/configuration.nix Normal file
View File

@@ -0,0 +1,19 @@
{pkgs, ...}: {
nixpkgs.config.allowUnfree = true;
environment = {variables = {LANG = "en_US.UTF-8";};};
networking = {hostName = "zelus";};
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
nix.package = pkgs.nixVersions.stable;
programs.zsh = {
enable = true;
# https://github.com/nix-community/home-manager/issues/108#issuecomment-340397178
enableCompletion = false;
};
system.stateVersion = 4;
}

4
modules/overlays/default.nix Normal file
View File

@@ -0,0 +1,4 @@
final: prev: {
tmux-sessionizer = prev.callPackage ./tmux-sessionizer {};
vpngate = prev.callPackage ./vpngate {};
}

24
modules/overlays/tmux-sessionizer/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{
stdenv,
lib,
fetchurl,
}:
stdenv.mkDerivation rec {
pname = "tmux-sessionizer";
version = "0.0.0";
executable = ./tmux-sessionizer;
phases = ["unpackPhase"]; # Remove all other phases
unpackPhase = ''
mkdir -p $out/bin
cp ${executable} $out/bin/tmux-sessionizer
'';
meta = with lib; {
description = "
Tmux sessionizer adapted from https://sourcegraph.com/github.com/ThePrimeagen/.dotfiles@5cd09f06d6683b91c26822a73b40e3d7fb9af57a/-/blob/bin/.local/bin/tmux-sessionizer";
platforms = platforms.unix;
};
}

31
modules/overlays/tmux-sessionizer/tmux-sessionizer Executable file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/env bash
# Credit to ThePrimeagen for this:
# https://sourcegraph.com/github.com/ThePrimeagen/.dotfiles@5cd09f06d6683b91c26822a73b40e3d7fb9af57a/-/blob/bin/.local/bin/tmux-sessionizer
readarray -t directories < ~/.config/tmux-sessionizer
if [[ $# -eq 1 ]]; then
selected=$1
else
selected=$(find "${directories[@]}" -mindepth 1 -maxdepth 1 -type d | fzf --exact)
fi
if [[ -z $selected ]]; then
exit 0
fi
selected_name=$(basename "$selected" | tr . _)
tmux_running=$(pgrep tmux)
if [[ -z $TMUX ]] && [[ -z $tmux_running ]]; then
tmux new-session -s "$selected_name" -c "$selected"
exit 0
fi
if ! tmux has-session -t "$selected_name" 2> /dev/null; then
tmux new-session -ds "$selected_name" -c "$selected"
fi
tmux switch-client -t "$selected_name"

28
modules/overlays/vpngate/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{
lib,
fetchFromGitHub,
buildGoModule,
}:
buildGoModule rec {
pname = "vpngate";
version = "v0.1.5";
vendorHash = "sha256-TQLHvoVAMvDtm/9EQUaNVVjQajyMBnJu8NF6Kt0+RJ8=";
src = fetchFromGitHub {
owner = "davegallant";
repo = "vpngate";
rev = version;
sha256 = "sha256-+KZ6/h8JLEisnIja4lstJYVHzEC/8PdHL3czK/mJCAs=";
};
doCheck = false;
meta = with lib; {
homepage = "https://www.vpngate.net";
description = "a client for vpngate.net";
license = licenses.gpl3;
maintainers = with maintainers; [davegallant];
platforms = platforms.linux ++ platforms.darwin;
};
}

129
modules/packages/common.nix Normal file
View File

@@ -0,0 +1,129 @@
{
config,
lib,
pkgs,
unstable,
...
}: let
inherit (pkgs) stdenv;
in {
environment.systemPackages = with pkgs; let
common = [
# essentials
curl
gcc
gnumake
gnupg
imagemagick
jq
unzip
viddy
wget
xclip
xdg-utils
zip
# modern cli
bat
eza
fd
unstable.github-cli
progress
hadolint
nodePackages.eslint
oha
pre-commit
ripgrep
yq-go
shellcheck
shfmt
starship
tldr
tmux-sessionizer
# containers
krew
kubecolor
kubectl
kubectx
minikube
stern
unstable.helm-docs
unstable.k9s
unstable.skaffold
# cloud
unstable.awscli2
unstable.azure-cli
unstable.google-cloud-sdk
# LSP
nodePackages.bash-language-server
nodePackages.pyright
nodePackages.yaml-language-server
sumneko-lua-language-server
terraform-ls
# monitoring
ctop
glances
grafana-loki
htop
procs
# lua
lua53Packages.luacheck
stylua
# golang
gofumpt
golangci-lint
gopls
# rust
rustup
# js
nodejs
nodePackages.prettier
nodePackages.yarn
# networking
arp-scan
dnsutils
iperf
nmap
openssl
openvpn
sshfs # mac requires https://osxfuse.github.io/
vpngate
# rice
neofetch
pfetch
# nix
alejandra
cachix
nix-diff
nix-tree
nixfmt
nixpkgs-fmt
nixpkgs-review
rnix-lsp
# python
poetry
python310
python310Packages.black
python310Packages.ipython
python310Packages.pip
python310Packages.poetry-core
python310Packages.setuptools
python310Packages.virtualenv
];
in
common;
programs.gnupg.agent.enable = true;
}

72
modules/packages/linux.nix Normal file
View File

@@ -0,0 +1,72 @@
{
config,
lib,
pkgs,
unstable,
...
}: let
inherit (pkgs) stdenv;
in {
environment.systemPackages = with pkgs; let
linux = [
android-tools
bitwarden
chromium
cryptsetup
deja-dup
discord
docker
docker-compose
foliate
ghostscript
gimp-with-plugins
glibcLocales
gnome.gnome-tweaks
gnomeExtensions.appindicator
gnomeExtensions.bluetooth-quick-connect
gnomeExtensions.blur-my-shell
gnomeExtensions.caffeine
gnomeExtensions.clipboard-indicator
gnomeExtensions.dash-to-dock
gnomeExtensions.grand-theft-focus
gnomeExtensions.notification-banner-reloaded
gnomeExtensions.quick-settings-tweaker
gnomeExtensions.tailscale-status
gnomeExtensions.tray-icons-reloaded
iputils
kazam
legendary-gl
lm_sensors
mullvad-vpn
netdata
nfs-utils
obs-studio
pavucontrol
pinentry-curses
podman
podman-compose
psst
qemu
rustup
ryujinx
signal-desktop
strace
tailscale
traceroute
unstable.obsidian
unstable.logseq
unstable.yuzu
unstable.zoom-us
usbutils
virt-manager
vlc
whois
wine
wine64
wireshark-qt
];
in
linux;
programs.gnupg.agent.enable = true;
}

45
modules/services/netdata/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
pkgs,
...
}: let
netdata = pkgs.netdata;
netdataConf = ./netdata.conf;
netdataDir = "/var/lib/netdata";
in {
users.extraGroups.netdata.gid = 220008;
users.users.netdata.group = "netdata";
users.extraUsers.netdata = {
description = "Netdata server user";
isSystemUser = true;
name = "netdata";
uid = 200008;
};
systemd.services.netdata = {
wantedBy = ["multi-user.target"];
after = ["network.target"];
preStart = ''
mkdir -p ${netdataDir}/config
mkdir -p ${netdataDir}/logs
cp -r ${netdata}/share/netdata/web ${netdataDir}/web
chmod -R 700 ${netdataDir}
chown -R netdata:netdata ${netdataDir}
'';
serviceConfig = {
Type = "forking";
ExecStart = "${netdata}/bin/netdata -c ${netdataConf} -u netdata";
Restart = "on-failure";
};
};
services.nginx.httpConfig = ''
server {
server_name netdata.thume.net;
location / {
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://127.0.0.1:19999;
}
}
'';
}

21
modules/services/netdata/netdata.conf Normal file
View File

@@ -0,0 +1,21 @@
[global]
run as user = netdata
config directory = /var/lib/netdata/config
web files directory = /var/lib/netdata/web
cache directory = /var/lib/netdata
log directory = /var/lib/netdata/logs
# the default database size - 1 hour
history = 3600
# some defaults to run netdata with least priority
process scheduling policy = idle
OOM score = 1000
[web]
# web files owner = root
web files group = netdata
# by default do not expose the netdata port
bind to = localhost

8
modules/upgrade-diff.nix Normal file
View File

@@ -0,0 +1,8 @@
{pkgs, ...}: {
system.activationScripts.diff = {
supportsDryActivation = true;
text = ''
${pkgs.nvd}/bin/nvd --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
'';
};
}

130
outputs.nix Normal file
View File

@@ -0,0 +1,130 @@
{
self,
darwin,
home-manager,
nixpkgs,
nixpkgs-unstable,
nixos-hardware,
nix-ld,
...
} @ inputs: {
nixosConfigurations = let
modulesDir = ./modules;
unstable = import nixpkgs-unstable {
system = "x86_64-linux";
config.allowUnfree = true;
config.permittedInsecurePackages = [
"electron-25.9.0" # caused by obsidian
];
};
defaultModules = [
home-manager.nixosModules.home-manager
./modules/common/fonts.nix
./modules/packages/common.nix
./modules/upgrade-diff.nix
({
config,
lib,
lib',
...
}: {
config = {
_module.args = {
lib' = lib // import ./lib {inherit config lib;};
};
nix = {
settings = {
auto-optimise-store = true;
sandbox = false;
substituters = ["https://davegallant.cachix.org"];
trusted-users = ["root" "dave"];
trusted-public-keys = [
"davegallant.cachix.org-1:SsUMqL4+tF2R3/G6X903E9laLlY1rES2QKFfePegF08="
];
};
registry = {nixpkgs.flake = nixpkgs;};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 14d";
};
};
nixpkgs.overlays = [
(import ./modules/overlays)
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.dave.imports = [
./home/default.nix
inputs.nixvim.homeManagerModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
};
};
};
})
];
desktopLinuxModules = [
./modules/common/linux.nix
./modules/packages/linux.nix
./modules/services/netdata/default.nix
];
in {
hephaestus = nixpkgs.lib.nixosSystem {
specialArgs = {inherit unstable;};
modules =
[
./modules/machines/hephaestus/configuration.nix
./modules/machines/hephaestus/hardware.nix
]
++ defaultModules
++ desktopLinuxModules;
};
};
darwinConfigurations = let
system = "aarch64-darwin";
unstable = import nixpkgs-unstable {
inherit system;
};
in {
zelus = darwin.lib.darwinSystem {
inherit system;
specialArgs = {inherit unstable;};
modules = [
home-manager.darwinModules.home-manager
./modules/common/darwin.nix
./modules/packages/common.nix
./modules/machines/zelus/configuration.nix
./modules/darwin/default.nix
./modules/upgrade-diff.nix
({config, ...}: {
config = {
nixpkgs.overlays = [
(import ./modules/overlays)
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users."dave.gallant".imports = [
./home/default.nix
inputs.nixvim.homeManagerModules.nixvim
];
extraSpecialArgs = {
inherit unstable;
};
};
};
})
];
};
};
}

17
overlays/cd-fzf/cd-fzf
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
readarray -t directories < ~/.config/cd-fzf
if [[ $# -eq 1 ]]; then
selected=$1
else
selected=$(find "${directories[@]}" -mindepth 1 -maxdepth 1 -type d | fzf --exact)
fi
if [[ -z $selected ]]; then
exit 0
fi
cd "$selected"
$SHELL

19
overlays/cd-fzf/default.nix
View File

@@ -1,19 +0,0 @@
{
stdenv,
lib,
fetchurl,
}:
stdenv.mkDerivation rec {
pname = "cd-fzf";
version = "0.0.1";
executable = ./cd-fzf;
phases = [ "unpackPhase" ]; # Remove all other phases
unpackPhase = ''
mkdir -p $out/bin
cp ${executable} $out/bin/cd-fzf
'';
meta = with lib; {
description = "\n Fuzzy find change directory";
platforms = platforms.unix;
};
}

3
overlays/default.nix
View File

@@ -1,3 +0,0 @@
final: prev: {
cd-fzf = prev.callPackage ./cd-fzf { };
}

3
renovate.json
View File

@@ -1,8 +1,5 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"schedule": [
"every weekend"
],
"extends": [
"config:recommended"
]

5
shell.nix Normal file
View File

@@ -0,0 +1,5 @@
(import <nixpkgs> {}).mkShell {
shellHook = ''
${(import ./default.nix).pre-commit-check.shellHook}
'';
}

23
update-flake.sh
View File

@@ -1,23 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
if ! git diff-index --quiet HEAD --; then
git stash push -m "Auto-stash via update-flash.sh on $(date)"
fi
git pull
update_msg=$(nix flake update 2>&1 | grep -v 'warning:')
just rebuild
git add .
read -p "Commit and push changes? [yN]? " -r
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
exit 1
fi
git commit -S -m "nix flake update: $(TZ=UTC date '+%Y-%m-%d %H:%M:%S %Z')
$update_msg"
echo "$update_msg"
git push