From 454aae8f88aea503bd017a79eb5622b9cbbe5cff Mon Sep 17 00:00:00 2001
From: prescientmoon <git@moonythm.dev>
Date: Mon, 26 Aug 2024 17:38:47 +0200
Subject: [PATCH] Prepare calypso install
---
.sops.yaml | 17 ++-
README.md | 4 +-
common/fonts.nix | 19 ++-
flake.lock | 8 +-
flake.nix | 113 +++++++++++-------
home/calypso.nix | 74 ++++++++++++
home/euporie.nix | 11 --
home/features/cli/productivity/secrets.yaml | 19 ++-
home/features/desktop/default.nix | 3 +
home/features/desktop/wakatime/secrets.yaml | 19 ++-
home/global.nix | 24 ++--
home/lapetus.nix | 1 +
home/tethys.nix | 25 ++--
hosts/nixos/calypso/default.nix | 56 +++++++++
hosts/nixos/calypso/filesystems/default.nix | 40 +++++++
.../nixos/calypso/filesystems/partitions.nix | 102 ++++++++++++++++
hosts/nixos/calypso/hardware/default.nix | 28 +++++
hosts/nixos/calypso/keys/id_ed25519.pub | 1 +
.../calypso/keys/ssh_host_ed25519_key.pub | 1 +
hosts/nixos/calypso/keys/ssh_host_rsa_key.pub | 1 +
hosts/nixos/calypso/services/snapper.nix | 37 ++++++
hosts/nixos/common/global/cli/sudo.nix | 12 --
hosts/nixos/common/global/default.nix | 24 ++--
.../nixos/common/global/services/openssh.nix | 33 +++--
.../nixos/common/optional/desktop/default.nix | 8 ++
hosts/nixos/common/optional/oci.nix | 10 +-
hosts/nixos/common/secrets.yaml | 48 +++++---
hosts/nixos/common/users/pilot.nix | 16 ++-
hosts/nixos/euporie/default.nix | 20 ----
hosts/nixos/iso/default.nix | 13 ++
hosts/nixos/lapetus/default.nix | 24 ++--
hosts/nixos/lapetus/secrets.yaml | 29 +++--
hosts/nixos/lapetus/services/jupyter.nix | 48 +++++---
hosts/nixos/lapetus/services/zfs.nix | 15 +--
hosts/nixos/tethys/default.nix | 71 +++--------
hosts/nixos/tethys/hardware/default.nix | 18 +++
36 files changed, 707 insertions(+), 285 deletions(-)
create mode 100644 home/calypso.nix
delete mode 100644 home/euporie.nix
create mode 100644 hosts/nixos/calypso/default.nix
create mode 100644 hosts/nixos/calypso/filesystems/default.nix
create mode 100644 hosts/nixos/calypso/filesystems/partitions.nix
create mode 100644 hosts/nixos/calypso/hardware/default.nix
create mode 100755 hosts/nixos/calypso/keys/id_ed25519.pub
create mode 100755 hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub
create mode 100755 hosts/nixos/calypso/keys/ssh_host_rsa_key.pub
create mode 100644 hosts/nixos/calypso/services/snapper.nix
delete mode 100644 hosts/nixos/common/global/cli/sudo.nix
create mode 100644 hosts/nixos/common/optional/desktop/default.nix
delete mode 100644 hosts/nixos/euporie/default.nix
create mode 100644 hosts/nixos/iso/default.nix
diff --git a/.sops.yaml b/.sops.yaml
index 54d4a42..673f5d3 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,26 +1,33 @@
keys:
- &users:
- - &prescientmoon age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
+ - &prescientmoon_tethys age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
+ - &prescientmoon_calypso age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
- &hosts:
- &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
- &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
+ - &calypso age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
creation_rules:
- path_regex: hosts/nixos/common/secrets.yaml
key_groups:
- age:
- - *prescientmoon
+ - *prescientmoon_tethys
+ - *prescientmoon_calypso
- *tethys
- *lapetus
+ - *calypso
- path_regex: hosts/nixos/lapetus/secrets.yaml
key_groups:
- age:
- - *prescientmoon
+ - *prescientmoon_tethys
+ - *prescientmoon_calypso
- *lapetus
- path_regex: home/features/desktop/wakatime/secrets.yaml
key_groups:
- age:
- - *prescientmoon
+ - *prescientmoon_tethys
+ - *prescientmoon_calypso
- path_regex: home/features/cli/productivity/secrets.yaml
key_groups:
- age:
- - *prescientmoon
+ - *prescientmoon_tethys
+ - *prescientmoon_calypso
diff --git a/README.md b/README.md
index 9b07aff..5bee2b3 100644
--- a/README.md
+++ b/README.md
@@ -17,9 +17,9 @@ The current state of this repo is a refactor of my old, messy nixos config, base
This repo's structure is based on the concept of hosts - individual machines configured by me. I'm naming each host based on things in space/mythology (_they are the same picture_). The hosts I have right now are:
-- [tethys](./hosts/nixos/tethys/) — my personal laptop
+- [calypso](./hosts/nixos/calypso/) — my personal laptop
+- [tethys](./hosts/nixos/tethys/) — my previous personal laptop
- [lapetus](./hosts/nixos/lapetus/) — older laptop running as a server
-- [euporie](./hosts/nixos/euporie/) — barebones host for testing things insdie a VM
- enceladus — my android phone. Although not configured using nix, this name gets referenced in some places
## File structure
diff --git a/common/fonts.nix b/common/fonts.nix
index ced7ab8..c42d5f7 100644
--- a/common/fonts.nix
+++ b/common/fonts.nix
@@ -1,13 +1,24 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
stylix.fonts = {
# monospace = { name = "Iosevka"; package = pkgs.iosevka; };
- monospace = { name = "Cascadia Code"; package = pkgs.cascadia-code; };
- sansSerif = { name = "CMUSansSerif"; package = pkgs.cm_unicode; };
- serif = { name = "CMUSerif-Roman"; package = pkgs.cm_unicode; };
+ monospace = {
+ name = "Cascadia Code";
+ package = pkgs.cascadia-code;
+ };
+ sansSerif = {
+ name = "CMUSansSerif";
+ package = pkgs.cm_unicode;
+ };
+ serif = {
+ name = "CMUSerif-Roman";
+ package = pkgs.cm_unicode;
+ };
sizes = {
desktop = 13;
applications = 15;
+ terminal = 25;
};
};
}
diff --git a/flake.lock b/flake.lock
index f94e3bd..2b813ba 100644
--- a/flake.lock
+++ b/flake.lock
@@ -491,11 +491,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
- "lastModified": 1720411406,
- "narHash": "sha256-Z3tMBbMeYQKz1YYmSnbLglG9lm1l/EU+h3CFPJCli4I=",
+ "lastModified": 1723521794,
+ "narHash": "sha256-mmcakr+6z7/SDg+e2p1TYQorjYvUzWqG2KUIsmikARM=",
"ref": "refs/heads/master",
- "rev": "a2a2d880d5ec199ee333c9bf929865d65f92a1d4",
- "revCount": 3677,
+ "rev": "abafaabfa893ac432bae898a8652bc4a83c49d27",
+ "revCount": 3727,
"type": "git",
"url": "https://gitlab.com/rycee/nur-expressions?dir=pkgs/firefox-addons"
},
diff --git a/flake.nix b/flake.nix
index 4d255b7..c911068 100644
--- a/flake.nix
+++ b/flake.nix
@@ -60,7 +60,7 @@
spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
# }}}
# {{{ Theming
- darkmatter-grub-theme.url = gitlab:VandalByte/darkmatter-grub-theme;
+ darkmatter-grub-theme.url = "gitlab:VandalByte/darkmatter-grub-theme";
darkmatter-grub-theme.inputs.nixpkgs.follows = "nixpkgs";
stylix.url = "github:danth/stylix/a33d88cf8f75446f166f2ff4f810a389feed2d56";
@@ -73,7 +73,13 @@
};
# }}}
- outputs = { self, nixpkgs, home-manager, ... }@inputs:
+ outputs =
+ {
+ self,
+ nixpkgs,
+ home-manager,
+ ...
+ }@inputs:
let
# {{{ Common helpers
inherit (self) outputs;
@@ -84,33 +90,37 @@
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
};
- # }}}
in
+ # }}}
{
# {{{ Packages
# Accessible through 'nix build', 'nix shell', etc
- packages = forAllSystems
- (system:
- let
- pkgs = nixpkgs.legacyPackages.${system};
- upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
- myPkgs = import ./pkgs { inherit pkgs upkgs; };
- in
- myPkgs // {
- octodns = upkgs.octodns.withProviders
- (ps: [ myPkgs.octodns-cloudflare ]);
- } // (import ./dns/pkgs.nix) { inherit pkgs self system; }
- );
+ packages = forAllSystems (
+ system:
+ let
+ pkgs = nixpkgs.legacyPackages.${system};
+ upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
+ myPkgs = import ./pkgs { inherit pkgs upkgs; };
+ in
+ myPkgs
+ // {
+ octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
+ }
+ // (import ./dns/pkgs.nix) { inherit pkgs self system; }
+ );
# }}}
# {{{ Bootstrapping and other pinned devshells
# Accessible through 'nix develop'
- devShells = forAllSystems
- (system:
- let
- pkgs = nixpkgs.legacyPackages.${system};
- args = { inherit pkgs; } // specialArgs system;
- in
- import ./devshells args);
+ devShells = forAllSystems (
+ system:
+ let
+ pkgs = nixpkgs.legacyPackages.${system};
+ args = {
+ inherit pkgs;
+ } // specialArgs system;
+ in
+ import ./devshells args
+ );
# }}}
# {{{ Overlays and modules
# Custom packages and modifications, exported as overlays
@@ -126,24 +136,38 @@
# NixOS configuration entrypoint
# Available through 'nixos-rebuild --flake .#...
nixosConfigurations =
- let nixos = { system, hostname }: nixpkgs.lib.nixosSystem {
- inherit system;
- specialArgs = specialArgs system;
+ let
+ nixos =
+ { system, hostname }:
+ nixpkgs.lib.nixosSystem {
+ inherit system;
+ specialArgs = specialArgs system;
- modules = [
- home-manager.nixosModules.home-manager
- {
- home-manager.users.pilot = import ./home/${hostname}.nix;
- home-manager.extraSpecialArgs = specialArgs system // { inherit hostname; };
- home-manager.useUserPackages = true;
+ modules = [
+ # {{{ Import home manager
+ (
+ { lib, ... }:
+ {
+ imports = lib.lists.optional (builtins.pathExists ./home/${hostname}.nix) [
+ home-manager.nixosModules.home-manager
+ {
+ home-manager.users.pilot = import ./home/${hostname}.nix;
+ home-manager.extraSpecialArgs = specialArgs system // {
+ inherit hostname;
+ };
+ home-manager.useUserPackages = true;
- stylix.homeManagerIntegration.followSystem = false;
- stylix.homeManagerIntegration.autoImport = false;
- }
+ stylix.homeManagerIntegration.followSystem = false;
+ stylix.homeManagerIntegration.autoImport = false;
+ }
+ ];
+ }
+ )
+ # }}}
- ./hosts/nixos/${hostname}
- ];
- };
+ ./hosts/nixos/${hostname}
+ ];
+ };
in
{
tethys = nixos {
@@ -156,14 +180,15 @@
hostname = "lapetus";
};
- # Disabled because `flake check` complains about filesystems and bootloader
- # options not being set. This is not an issue in practice, as this config is
- # supposed to be used inside a VM, but there's not much I can do about it.
- # euporie = nixos {
- # system = "x86_64-linux";
- # hostname = "euporie";
- # };
+ calypso = nixos {
+ system = "x86_64-linux";
+ hostname = "calypso";
+ };
+ iso = nixos {
+ system = "x86_64-linux";
+ hostname = "iso";
+ };
};
# }}}
};
diff --git a/home/calypso.nix b/home/calypso.nix
new file mode 100644
index 0000000..5921247
--- /dev/null
+++ b/home/calypso.nix
@@ -0,0 +1,74 @@
+{ pkgs, ... }:
+{
+ imports = [
+ ./global.nix
+
+ ./features/desktop/zathura.nix
+ ./features/desktop/spotify.nix
+ ./features/desktop/obsidian.nix
+ ./features/desktop/foot.nix
+ ./features/desktop/firefox
+ ./features/desktop/discord
+ ./features/cli/productivity
+ ./features/cli/pass.nix
+ ./features/cli/zellij.nix
+ ./features/cli/nix-index.nix
+ ./features/cli/catgirl.nix
+ ./features/cli/lazygit.nix
+ ./features/wayland/hyprland
+ ./features/neovim
+ ];
+
+ # Arbitrary extra packages
+ home.packages = with pkgs; [
+ # {{{ Communication
+ # signal-desktop # Signal client
+ element-desktop # Matrix client
+ # zoom-us # Zoom client 🤮
+ # }}}
+ # {{{ Editors for different formats
+ gimp # Image editing
+ # lmms # Music software
+ # kicad # PCB editing
+ # libreoffice # Free office suite
+ # }}}
+ # {{{ Gaming
+ # wine # Windows compat layer or whatever
+ # lutris # Game launcher
+ # }}}
+ # {{{ Clis
+ sops # Secret editing
+ # sherlock # Search for usernames across different websites
+ # }}}
+ # {{{ Misc
+ bitwarden # Password-manager
+ qbittorrent # Torrent client
+ # google-chrome # Not my primary browser, but sometimes needed in webdev
+ # plover.dev # steno engine
+
+ overskride # Bluetooth client
+ # }}}
+ # {{{ Media playing/recording
+ mpv # Video player
+ imv # Image viewer
+ # peek # GIF recorder
+ # obs-studio # video recorder
+ # }}}
+ ];
+
+ home.username = "moon";
+ home.stateVersion = "24.05";
+
+ satellite = {
+ # Symlink some commonly modified dotfiles outside the nix store
+ dev.enable = true;
+
+ monitors = [
+ {
+ name = "eDP-1";
+ width = 1920;
+ height = 1080;
+ }
+ ];
+ };
+}
diff --git a/home/euporie.nix b/home/euporie.nix
deleted file mode 100644
index ba4ea0c..0000000
--- a/home/euporie.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- imports = [
- ./global.nix
- ./features/wayland/hyprland
- ];
-
- # Set up my custom imperanence wrapper
- satellite.persistence = {
- enable = true;
- };
-}
diff --git a/home/features/cli/productivity/secrets.yaml b/home/features/cli/productivity/secrets.yaml
index 9f7e466..5845add 100644
--- a/home/features/cli/productivity/secrets.yaml
+++ b/home/features/cli/productivity/secrets.yaml
@@ -12,11 +12,20 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYkx3eWhxZUpTRVR3R1R4
- Vm9hMTVsbXBnU0tFU093amU3TTNjalhsVHdvCmZURElTY2Q0eTQvR3M1V3AzTVl4
- VkR2NXRHR2FiTURqNUp5Y3VDWFQ1UjgKLS0tIEVlRWs3YUFaZzdvd1Q5bmFwazJi
- Y2E3bmM1TkZoOEN0anJqYUNSQUN5ZDAKtobUBBKbfaUeiPtKN4/oTNaxY3C2joCK
- 8h4FlRLXd+CGnAyjN2p4FliWzLgmOg4HFNmZSmYLpIh4E9yqadNSSg==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTk5WWWlsK2ZyTEJEQjFH
+ ZW1XWm9uTlZBeXB2ZUFzaDVYUTNlSDh3aWpnClRmbExNQmRXMVVNS3BYODF1d2Ez
+ bVQ3UGZ5TTMrdm5GVjlQMk5sak55Qk0KLS0tIEVLVys2cnJ0Z0EvRmpUV3B2Nk9J
+ NzVJZmpmODYramRNaHFxL0wzOHduSTgKgq0kqWffjhQnXoiBvsBYCTxHoA6u1jug
+ xb5LuisZElikx3BVKoNV1HpuUwWe83VSK2hJw1lfpQZ/DFByrv5YfA==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcFlQYjZ1N0JrSnVoUENB
+ MXl2Um9PMEhCVHFySU1MWnpqNjcxamZJRjJ3CjlMS1N3TjdxOVl1REZ3M2hSYlhi
+ VW9qZy9FbnJqKy9ObVc5bGNNRksrT3MKLS0tIDY5aGVZUVpkVUgvSVFHbFcwOWVY
+ SFVUTlpIaDlZUDhJT3hicWpxRzBia2sK6hu2aJMyHMYRwlEkbcPDtqUlU9VsDCsR
+ fBXvietF/w/TpfY+G2fCEDcWJAtQ7lLM0tNiiNqbUQwWBWddPVyPBA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-12T23:55:37Z"
mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str]
diff --git a/home/features/desktop/default.nix b/home/features/desktop/default.nix
index 145731d..a231960 100644
--- a/home/features/desktop/default.nix
+++ b/home/features/desktop/default.nix
@@ -15,4 +15,7 @@
package = pkgs.papirus-icon-theme;
name = "Papirus";
};
+
+ # Bigger text in qt apps
+ home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4;
}
diff --git a/home/features/desktop/wakatime/secrets.yaml b/home/features/desktop/wakatime/secrets.yaml
index d95db77..b3c2e8b 100644
--- a/home/features/desktop/wakatime/secrets.yaml
+++ b/home/features/desktop/wakatime/secrets.yaml
@@ -8,11 +8,20 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR0RmdFIxNFJpQTdGYXlq
- bkZrNktMaFlrOEZtSXh6Y1l6NTN0REN6N2dnCmNMRUk2TXA3RWhtZVlnbTg2aE00
- eFVwejBTcWRaTUhGWFFIS1RlVkhhQ28KLS0tIEdWWGRWSDZOQW9pQkdCRFFncTM2
- cURjWFplY1pyMzY4a0h6cTRLS2I2ZW8KqGtYjCsdriSWdKhC+kGBAMSY9WVDL3tE
- oMxyhrgDMtWndZEGv1+J3XLLmatDKmEcJO2k0CXZlCWWj17O4Rm+eA==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dDhCMWVSY280NUlsd3Bu
+ L3QreE1zSGdQWnV3Tm1SQzh2SUF0VDlBcTMwCjNhdE51VzlRdXlRY241VXpaVkFR
+ MndqZTQxQ0FCQ3pvb3BXcXRrR3BYc2cKLS0tIElLYkVLL2h2NXNabW5CRXVla0pa
+ LzY0ejRvMDVmR21ISkdraHZzTndmRmcKVcQeKFytVs8QlkQpMA1GfLL8ccrbSqD+
+ 7+5YJoDMiHS01Jgbh+4HNFIg/P3S3yIOCRx+ukvWF2/p7GP55Braxg==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBackQ3NzRMZ25RekM5cjNz
+ dlRXeTUyTVFlSDFRSC9jeFFoYlVKbWJRbEFNCnpKZHViK2F2VWJYTTBlNXpITUo1
+ SFlUZUR0WTE4cUFZQlE0YzJJdS9TVVEKLS0tIE45Y25Bam5mdUNkTXkwOGkzb09t
+ ejU0YlVQR3JhaUE2aHBRUFhXaEdTV1EKgsHa/nufIXbLnrkvXNsZJ30dH1L2tMKf
+ jZufrpkQuPXWYzubUYejgQ0/yHGTDQtT9ptn72isGKKgSJZllCnPiA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-09T13:00:44Z"
mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str]
diff --git a/home/global.nix b/home/global.nix
index 2f7d135..a362cb7 100644
--- a/home/global.nix
+++ b/home/global.nix
@@ -1,4 +1,10 @@
-{ inputs, lib, config, outputs, ... }:
+{
+ inputs,
+ lib,
+ config,
+ outputs,
+ ...
+}:
let
# {{{ Imports
imports = [
@@ -21,10 +27,10 @@ let
./features/cli
./features/persistence.nix
../common
- # }}}
+ # }}}
];
- # }}}
in
+# }}}
{
# Import all modules defined in modules/home-manager
imports = builtins.attrValues outputs.homeManagerModules ++ imports;
@@ -32,10 +38,9 @@ in
# {{{ Nixpkgs
nixpkgs = {
# Add all overlays defined in the overlays directory
- overlays = builtins.attrValues outputs.overlays ++
- lib.lists.optional
- config.satellite.toggles.neovim-nightly.enable
- inputs.neovim-nightly-overlay.overlay;
+ overlays =
+ builtins.attrValues outputs.overlays
+ ++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
config.allowUnfree = true;
@@ -55,10 +60,9 @@ in
home = {
username = lib.mkDefault "adrielus";
homeDirectory = "/home/${config.home.username}";
- stateVersion = lib.mkDefault "23.05";
};
- # }}}
- # {{{ Ad-hoc settings
+ # }}}
+ # {{{ Ad-hoc settings
# Nicely reload system units when changing configs
systemd.user.startServices = lib.mkForce "sd-switch";
diff --git a/home/lapetus.nix b/home/lapetus.nix
index 0761b6f..9001202 100644
--- a/home/lapetus.nix
+++ b/home/lapetus.nix
@@ -1,3 +1,4 @@
{
imports = [ ./global.nix ];
+ home.stateVersion = "23.05";
}
diff --git a/home/tethys.nix b/home/tethys.nix
index 7f0cd35..10e133b 100644
--- a/home/tethys.nix
+++ b/home/tethys.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
imports = [
./global.nix
@@ -20,19 +21,18 @@
# Arbitrary extra packages
home.packages = with pkgs; [
- alacritty
# {{{ Communication
# signal-desktop # Signal client
element-desktop # Matrix client
# zoom-us # Zoom client 🤮
# }}}
- # {{{ Editors for different formats
+ # {{{ Editors for different formats
gimp # Image editing
# lmms # Music software
# kicad # PCB editing
# libreoffice # Free office suite
# }}}
- # {{{ Gaming
+ # {{{ Gaming
# wine # Windows compat layer or whatever
# lutris # Game launcher
# }}}
@@ -40,14 +40,14 @@
sops # Secret editing
# sherlock # Search for usernames across different websites
# }}}
- # {{{ Misc
+ # {{{ Misc
bitwarden # Password-manager
qbittorrent # Torrent client
# google-chrome # Not my primary browser, but sometimes needed in webdev
# plover.dev # steno engine
overskride # Bluetooth client
- # }}}
+ # }}}
# {{{ Media playing/recording
mpv # Video player
imv # Image viewer
@@ -57,15 +57,18 @@
];
home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4; # Bigger text in qt apps
+ home.stateVersion = "23.05";
satellite = {
# Symlink some commonly modified dotfiles outside the nix store
dev.enable = true;
- monitors = [{
- name = "eDP-1";
- width = 1920;
- height = 1080;
- }];
+ monitors = [
+ {
+ name = "eDP-1";
+ width = 1920;
+ height = 1080;
+ }
+ ];
};
}
diff --git a/hosts/nixos/calypso/default.nix b/hosts/nixos/calypso/default.nix
new file mode 100644
index 0000000..b7bf9f9
--- /dev/null
+++ b/hosts/nixos/calypso/default.nix
@@ -0,0 +1,56 @@
+{ config, ... }:
+{
+ # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+ system.stateVersion = "24.05";
+
+ # {{{ Imports
+ imports = [
+ ../common/global
+ ../common/users/pilot.nix
+
+ ../common/optional/bluetooth.nix
+ ../common/optional/greetd.nix
+ ../common/optional/oci.nix
+ ../common/optional/quietboot.nix
+
+ ../common/optional/desktop
+ ../common/optional/desktop/steam.nix
+ ../common/optional/wayland/hyprland.nix
+
+ ../common/optional/services/kanata.nix
+ ../common/optional/services/syncthing.nix
+ ../common/optional/services/restic
+
+ ./services/snapper.nix
+
+ ./filesystems
+ ./hardware
+ ];
+ # }}}
+ # {{{ Machine ids
+ networking.hostName = "calypso";
+ networking.hostId = "";
+ environment.etc.machine-id.text = "";
+ # }}}
+ # {{{ Tailscale internal IP DNS records
+ satellite.dns.records = [
+ # {
+ # at = config.networking.hostName;
+ # type = "A";
+ # value = "100.93.136.59";
+ # }
+ # {
+ # at = config.networking.hostName;
+ # type = "AAAA";
+ # value = "fd7a:115c:a1e0::e75d:883b";
+ # }
+ ];
+ # }}}
+ # {{{ A few ad-hoc programs
+ programs.kdeconnect.enable = true;
+ programs.firejail.enable = true;
+ # }}}
+
+ satellite.pilot.name = "moon";
+ boot.loader.systemd-boot.enable = true;
+}
diff --git a/hosts/nixos/calypso/filesystems/default.nix b/hosts/nixos/calypso/filesystems/default.nix
new file mode 100644
index 0000000..b2fd442
--- /dev/null
+++ b/hosts/nixos/calypso/filesystems/default.nix
@@ -0,0 +1,40 @@
+{ lib, pkgs, ... }:
+{
+ imports = [ (import ./partitions.nix { }) ];
+
+ boot.supportedFilesystems = [ "btrfs" ];
+ services.btrfs.autoScrub.enable = true;
+
+ # {{{ Mark a bunch of paths as needed for boot
+ fileSystems =
+ lib.attrsets.genAttrs
+ [
+ "/"
+ "/nix"
+ "/persist/data"
+ "/persist/state"
+ "/persist/local/cache"
+ "/boot"
+ ]
+ (p: {
+ neededForBoot = true;
+ });
+ # }}}
+ # {{{ Rollback
+ boot.initrd.systemd.services.rollback = {
+ path = [ pkgs.btrfs-progs ];
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = true;
+ };
+ unitConfig.DefaultDependencies = "no";
+ wantedBy = [ "initrd.target" ];
+ after = [ "systemd-cryptsetup@enc.service" ];
+ before = [ "sysroot.mount" ];
+ script = ''
+ btrfs subvolume delete /root
+ btrfs subvolume snapshot /blank /root
+ '';
+ };
+ # }}}
+}
diff --git a/hosts/nixos/calypso/filesystems/partitions.nix b/hosts/nixos/calypso/filesystems/partitions.nix
new file mode 100644
index 0000000..fdbf35f
--- /dev/null
+++ b/hosts/nixos/calypso/filesystems/partitions.nix
@@ -0,0 +1,102 @@
+{
+ disks ? [ "/dev/sda" ],
+ ...
+}:
+{
+ disko.devices.disk.main = {
+ type = "disk";
+ device = builtins.elemAt disks 0;
+ content = {
+ type = "gpt";
+ partitions = {
+ # {{{ Boot
+ ESP = {
+ size = "512M";
+ type = "EF00";
+ content = {
+ type = "filesystem";
+ format = "vfat";
+ mountpoint = "/boot";
+ mountOptions = [ "defaults" ];
+ };
+ };
+ # }}}
+ # {{{ Luks
+ luks = {
+ size = "384G"; # The remaining space is left for windows
+ content = {
+ type = "luks";
+ name = "crypted";
+ passwordFile = "/hermes/secrets/calypso/disk.key";
+ settings.allowDiscards = true;
+ content = {
+ type = "btrfs";
+ extraArgs = [ "-f" ];
+
+ postCreateHook = ''
+ # We then take an empty *readonly* snapshot of the root subvolume,
+ # which we'll eventually rollback to on every boot.
+ btrfs subvolume snapshot -r /root /blank
+ '';
+
+ subvolumes = {
+ # {{{ /root
+ "/root" = {
+ mountpoint = "/";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+ # }}}
+ # {{{ /swap
+ "/swap" = {
+ mountpoint = "/.swapvol";
+ swap.swapfile.size = "20G";
+ };
+ # }}}
+ # {{{ /root/persist/data
+ "/root/persist/data" = {
+ mountpoint = "/persist/data";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+ # }}}
+ # {{{ /root/persist/state
+ "/root/persist/state" = {
+ mountpoint = "/persist/state";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+ # }}}
+ # {{{ /root/local/nix
+ "/root/local/nix" = {
+ mountpoint = "/nix";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+ # }}}
+ # {{{ /root/local/cache
+ "/root/local/cache" = {
+ mountpoint = "/persist/local/cache";
+ mountOptions = [
+ "compress=zstd"
+ "noatime"
+ ];
+ };
+ # }}}
+ };
+ };
+ };
+ };
+ # }}}
+ };
+ };
+ };
+}
diff --git a/hosts/nixos/calypso/hardware/default.nix b/hosts/nixos/calypso/hardware/default.nix
new file mode 100644
index 0000000..f63a729
--- /dev/null
+++ b/hosts/nixos/calypso/hardware/default.nix
@@ -0,0 +1,28 @@
+{ inputs, ... }:
+{
+ # {{{ Imports
+ imports = with inputs.nixos-hardware.nixosModules; [
+ common-cpu-amd
+ common-gpu-amd
+ common-pc-laptop
+ common-pc-ssd
+ ./generated.nix
+ ];
+ # }}}
+ # {{{ Misc
+ hardware.enableAllFirmware = true;
+ hardware.opengl.enable = true;
+ hardware.opentabletdriver.enable = true;
+ hardware.keyboard.qmk.enable = true;
+ # }}}
+ # {{{ Power management
+ powerManagement.cpuFreqGovernor = "performance";
+ services.tlp = {
+ enable = true;
+ settings = {
+ CPU_SCALING_GOVERNOR_ON_BAT = "performance";
+ CPU_SCALING_GOVERNOR_ON_AC = "performance";
+ };
+ };
+ # }}}
+}
diff --git a/hosts/nixos/calypso/keys/id_ed25519.pub b/hosts/nixos/calypso/keys/id_ed25519.pub
new file mode 100755
index 0000000..e3d2b8b
--- /dev/null
+++ b/hosts/nixos/calypso/keys/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBwFNYf8q84oGOwiGCXmJqeBPdglTPcWJB9nnLpmS2RG root@tethys
diff --git a/hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub b/hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub
new file mode 100755
index 0000000..278e629
--- /dev/null
+++ b/hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASX1E4WYg5dydret3G0fWYJLQn2oRxNZdHWWaJojW1a root@tethys
diff --git a/hosts/nixos/calypso/keys/ssh_host_rsa_key.pub b/hosts/nixos/calypso/keys/ssh_host_rsa_key.pub
new file mode 100755
index 0000000..0ef141f
--- /dev/null
+++ b/hosts/nixos/calypso/keys/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAfRDNDA5B0YlnR0K5wQ0w6pMl0Pi8WIjanKol5SA615VDye3caBdv3UzxdC221ECIa9bZQcaKt/ncIuj/3fE49W8D0+2wL/1Eruy4ximAVAtLgIMzm+hl/dP3KsyTjUajIUbso08S9PUjtJl8PgmiiEPEppMAo++hwKycn5bRoUywE/VoNgPhAB5sgKaFZiQhPu4q0mZWhikGiaJzKPRi84bP4gCL9/h0slSWP3VmhWE7Vyvyjv6OKHdfjXoJA/AjSd3VogmGnzDWUI5lkwJzkHv/ybie9+7y+0o+wBu4+0lJlchBEq0f6dp9fw0MZRt84DYw8/MFDa+SXq5cO5aAwHARpRYeAHkPIRnwJbxTqn6uDlAdWrIxY8SPXIrrBpfnVSoaH8SJN/spsEoILkqrOpncQi5QP1rY8Bi2zaI13WD1kYsh9l4FqmqvCeawEgN0pedudZf2qqHWD93lDTAWxM7k5rPHSSgnnfsgwE35peBpmepJH8ZNFaBqw+aCvIM= root@tethys
diff --git a/hosts/nixos/calypso/services/snapper.nix b/hosts/nixos/calypso/services/snapper.nix
new file mode 100644
index 0000000..8f312cf
--- /dev/null
+++ b/hosts/nixos/calypso/services/snapper.nix
@@ -0,0 +1,37 @@
+{
+ services.snapper = {
+ snapshotInterval = "hourly";
+ cleanupInterval = "1d";
+ # http://snapper.io/manpages/snapper-configs.html
+ configs = {
+ # {{{ Data
+ data = {
+ SUBVOLUME = "/root/persist/data";
+ TIMELINE_CREATE = true;
+ TIMELINE_CLEANUP = true;
+ BACKGROUND_COMPARISON = "yes";
+
+ TIMELINE_LIMIT_HOURLY = "24";
+ TIMELINE_LIMIT_DAILY = "7";
+ TIMELINE_LIMIT_WEEKLY = "4";
+ TIMELINE_LIMIT_MONTHLY = "12";
+ TIMELINE_LIMIT_YEARLY = "0";
+ };
+ # }}}
+ # {{{ State
+ state = {
+ SUBVOLUME = "/root/persist/state";
+ TIMELINE_CREATE = true;
+ TIMELINE_CLEANUP = true;
+ BACKGROUND_COMPARISON = "yes";
+
+ TIMELINE_LIMIT_HOURLY = "6";
+ TIMELINE_LIMIT_DAILY = "3";
+ TIMELINE_LIMIT_WEEKLY = "1";
+ TIMELINE_LIMIT_MONTHLY = "1";
+ TIMELINE_LIMIT_YEARLY = "0";
+ };
+ # }}}
+ };
+ };
+}
diff --git a/hosts/nixos/common/global/cli/sudo.nix b/hosts/nixos/common/global/cli/sudo.nix
deleted file mode 100644
index 47d221e..0000000
--- a/hosts/nixos/common/global/cli/sudo.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ pkgs, inputs, lib, ... }: {
- security.sudo = {
- enable = true;
- extraRules = [{
- commands = [{
- command = lib.getExe inputs.deploy-rs.packages.${pkgs.system}.default;
- options = [ "NOPASSWD" ];
- }];
- groups = [ "wheel" ];
- }];
- };
-}
diff --git a/hosts/nixos/common/global/default.nix b/hosts/nixos/common/global/default.nix
index 5fcd5a7..3f127e7 100644
--- a/hosts/nixos/common/global/default.nix
+++ b/hosts/nixos/common/global/default.nix
@@ -1,9 +1,15 @@
# Configuration pieces included on all (nixos) hosts
-{ inputs, lib, config, outputs, ... }:
+{
+ inputs,
+ lib,
+ config,
+ outputs,
+ ...
+}:
let
# {{{ Imports
imports = [
- # {{{ flake inputs
+ # {{{ flake inputs
inputs.disko.nixosModules.default
inputs.stylix.nixosModules.stylix
inputs.sops-nix.nixosModules.sops
@@ -23,8 +29,8 @@ let
../../../../common
# }}}
];
- # }}}
in
+# }}}
{
# Import all modules defined in modules/nixos
imports = builtins.attrValues outputs.nixosModules ++ imports;
@@ -44,13 +50,17 @@ in
# Boot using systemd
boot.initrd.systemd.enable = true;
# }}}
+ # {{{ Disable sudo default lecture
+ security.sudo.extraConfig = ''
+ Defaults lecture = never
+ '';
+ # }}}
nixpkgs = {
# Add all overlays defined in the overlays directory
- overlays = builtins.attrValues outputs.overlays ++
- lib.lists.optional
- config.satellite.toggles.neovim-nightly.enable
- inputs.neovim-nightly-overlay.overlay;
+ overlays =
+ builtins.attrValues outputs.overlays
+ ++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
config.allowUnfree = true;
};
diff --git a/hosts/nixos/common/global/services/openssh.nix b/hosts/nixos/common/global/services/openssh.nix
index 7458f7c..f9ecbfb 100644
--- a/hosts/nixos/common/global/services/openssh.nix
+++ b/hosts/nixos/common/global/services/openssh.nix
@@ -1,5 +1,10 @@
-# This setups a SSH server.
-{ outputs, config, lib, ... }:
+# This setups a SSH server.
+{
+ outputs,
+ config,
+ lib,
+ ...
+}:
let
# Record containing all the hosts
hosts = outputs.nixosConfigurations;
@@ -15,8 +20,8 @@ in
enable = true;
settings = {
- PermitRootLogin = "no"; # Forbid root login through SSH.
- PasswordAuthentication = false; # Use keys only.
+ PermitRootLogin = lib.mkDefault "no"; # Forbid root login through SSH.
+ PasswordAuthentication = lib.mkDefault false; # Use keys only.
};
# Automatically remove stale sockets
@@ -26,7 +31,10 @@ in
# Generate ssh key
hostKeys =
- let mkKey = type: path: extra: { inherit type path; } // extra;
+ let
+ mkKey =
+ type: path: extra:
+ { inherit type path; } // extra;
in
[
(mkKey "ed25519" "/persist/state/etc/ssh/ssh_host_ed25519_key" { })
@@ -43,19 +51,22 @@ in
# attrsetof host -> attrsetof { ... }
(builtins.mapAttrs
# string -> host -> { ... }
- (name: _: {
- publicKeyFile = pubKey name;
- extraHostNames = lib.optional (name == hostname) "localhost";
- }))
+ (
+ name: _: {
+ publicKeyFile = pubKey name;
+ extraHostNames = lib.optional (name == hostname) "localhost";
+ }
+ )
+ )
# attrsetof { ... } -> attrsetof { ... }
(lib.attrsets.filterAttrs
# string -> { ... } -> bool
- (_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile))
+ (_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile)
+ )
];
};
-
# By default, this will ban failed ssh attempts
services.fail2ban.enable = true;
diff --git a/hosts/nixos/common/optional/desktop/default.nix b/hosts/nixos/common/optional/desktop/default.nix
new file mode 100644
index 0000000..2219c4c
--- /dev/null
+++ b/hosts/nixos/common/optional/desktop/default.nix
@@ -0,0 +1,8 @@
+{
+ imports = [
+ ../pipewire.nix
+ ./xdg-portal.nix
+ ];
+
+ stylix.targets.gtk.enable = true;
+}
diff --git a/hosts/nixos/common/optional/oci.nix b/hosts/nixos/common/optional/oci.nix
index e926dc4..858bd8b 100644
--- a/hosts/nixos/common/optional/oci.nix
+++ b/hosts/nixos/common/optional/oci.nix
@@ -1,14 +1,8 @@
{
virtualisation.oci-containers.backend = "docker";
-
environment.persistence = {
- "/persist/state".directories = [
- "/var/lib/containers/storage"
- ];
-
- "/persist/local/cache".directories = [
- "/var/lib/containers/cache"
- ];
+ "/persist/state".directories = [ "/var/lib/containers/storage" ];
+ "/persist/local/cache".directories = [ "/var/lib/containers/cache" ];
};
}
diff --git a/hosts/nixos/common/secrets.yaml b/hosts/nixos/common/secrets.yaml
index d0070c0..8f3bc52 100644
--- a/hosts/nixos/common/secrets.yaml
+++ b/hosts/nixos/common/secrets.yaml
@@ -11,29 +11,47 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbzNLcXFBcTlIM3hjZTN0
- bTFZUDJnS3lROExSREVkd0FMeHU3RGVWdzJnCkszOVROZlBmZWl2cjFkcTZ1OWZw
- eThXSTliNmxHM3o3NzhUOUkvU0YzNzgKLS0tIHBWSmRTTlJBdmlKQy9YWHR0NGds
- ak5kUFRJK3JCcUYvSFY2eGtIOTk3RkkKl3yBZjjBExU9RoZbaKBixfsywqFWFnq4
- n7olhkNMVIC+BcLYno0oIT2oILASMkE3NbH85IHlYZY2qQvFKDbG7w==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRVRLdlFuS3I5aXRKRmdF
+ TjFHY3Yvc2NUUlpYRUR6Y2JHRVgzTkhOZjFNCkhnZjU0R0VIbDJSNVNSb2hZUDd3
+ SERkaExNdkRDOXRSWlg5enluY3dXRUUKLS0tIFZBNTJYaHhxbmZhMG56UGFtd25u
+ aVNDS2h1NnFmMERIMzdUanp1MitBTGcKp4s32NVcyeJNI6BDeU1GGz5xjoSW/iH7
+ hUxXrZaRqtiVegq7Ukv7mXCVjAy1x/Flb4dDag4Ym4ReTsyKZpQf/w==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZzNPU0pBVjJPREF2SGhQ
+ REl2ckdxakwrdHFPU0RPN0J1K0s1TWFsK0NzCjMzeGgyRktTWWpVVkFxQUpFZDBC
+ bDRuRHZOOU5ueHN6RlY2VUwxQThmNXcKLS0tIEtVU3F3VUZSRGJtU0VBcVh0NXRh
+ eFA2TWtCYmpGN2paWnRSQlBoZk83MkkKwIDlq6u31cc1toMfBHvA932dJyozUYa0
+ e45KrBC3gy/5wZWcN7MktBgqd2khufa+KEMQv7c3ldyixKXokuBRhw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aExaRC9SclVvT1g4WFI0
- N1grVzZWWmpPaGEwRmx3TjUyK0dvL0RNdmhjClY5UmI0eWZOTXZqbGFxT05OSnk1
- RTAyYStRN0NsRnZlWk03eXIrajdiRjQKLS0tIHlMdzBVNFEzR2FuVFZEWStFY1hh
- MnFiSGt3dWZxWnF3M2FkbTJzSTA2VTAKtD40Gp12vB24Wnr8NvY7/ZWr9XVDF9Bl
- FUL34R1mpgweNJ1IowFPgQbxsyMTG7iYB4jC50JZNOKJxe9NaeOUlQ==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VC9ia21rTWpPSnJaamM3
+ YzZqMzNJZDA4Q095OTMrR0JGTzczU2RWMVJNCnE0QzNvWWhscnQyWk5WOTV4Vld4
+ SmJSdVdOMTRWWDFxUzJxc3hWZmxzUTQKLS0tIE9LWEtjc0x5WkpGWTUwMEt2d25K
+ TVJJWktOdW1Ic2E4MWpIbjQrdllkMzgK6M8T6M4rAMGgnWcVao/tp0PWG4NXvTTZ
+ /yNJgLZdBeHQevceLc4madD42IcrX7P2zeb6TM7l0DQVWCy+cBTN8w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtK0pFcWlheEwzV3N3bVFQ
- K3EwNXI5MXQyYld6Z3J1aVNHWlQ4UjlxSzIwCktDbG9iMFRVQnJBenhWVFhLa2N1
- SWRMR3JLajJscWFqMy84aGNFcy9UK1UKLS0tIEZoT0d2bVJpV3ByWmV0eENZVjM3
- WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
- sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNmRXMFVKWnB3QjN3dDNj
+ QmRaRDRGUVJiczUzWE5WdFNReldBdkNOWlVvCmZCKzY4MThrUmNXeGVPTC9LSGtl
+ OFJOcGZVbVVjY0RveXR5WXNjU3p6UjgKLS0tIENyUHRpbjRyZjZpdjNlUktuL1g5
+ QmNJVlIvTlhSRXJldUZhZjdsR0gwaHMKuNZcv3s65MtylIYzgDUd0qss4OEeJr8V
+ aI82/McWGJ6Lg0BVmvTUHbYcF09aMEJHeYEZNAzLiJ1a77tlhmY/jw==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVVU5Wis5dkJRSE5lRy9U
+ QjFHb21uc0Z3Zmc4Z2J3NTVaajhmQy9nb2xJCjRqK1htbk82M0dnOWNEV0hHcmFz
+ RXFrSGE2UjdhTWh6RmwvR1psV05lbnMKLS0tIDRidEFBY0x2cXMrSHJXaXBuaE4r
+ WXFQQXh2cjlMdzhpa1JUdVVBK3pNbTQK6peUF0mWtmfSuN6KnoYPTEg8sIp/t0R2
+ ygJEf8cpNiVxN0vsF/4kwyC/V4JE4XllsKrKF4NhVrBq96m1RmKlYg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-29T19:34:39Z"
mac: ENC[AES256_GCM,data:ruCV2JKgFN6BiTYjOwlhNmjDCh9ZRJ9E+H0x0uVevZnsTEcFlTUh5iNSiw3uJtcKcA4H4kuGPXlolyxuGVGsAhVFD4G3zR84i9TTHmGT4STC2dNebcA9VUXVnfPhEUFAExrPRxbEqvx3o0QPZIfGonPQzl3xhJzOPahYsRJOwTQ=,iv:rSuuhOgzOgE7DosgVEWDT1jenF3m+NqnCSEKjoCBrfE=,tag:7pAV4jKvJYG1vPqEEMqOPg==,type:str]
diff --git a/hosts/nixos/common/users/pilot.nix b/hosts/nixos/common/users/pilot.nix
index 6f057b5..79ab088 100644
--- a/hosts/nixos/common/users/pilot.nix
+++ b/hosts/nixos/common/users/pilot.nix
@@ -1,6 +1,12 @@
-{ pkgs, outputs, config, lib, ... }:
{
- satellite.pilot.name = "adrielus";
+ pkgs,
+ outputs,
+ config,
+ lib,
+ ...
+}:
+{
+ satellite.pilot.name = lib.mkDefault "adrielus";
sops.secrets.pilot_password = {
sopsFile = ../secrets.yaml;
@@ -17,7 +23,7 @@
# This gets referenced in other parts of the config
uid = 1000;
- # Adds me to some default groups, and creates the home dir
+ # Adds me to some default groups, and creates the home dir
isNormalUser = true;
# Picked up by our persistence module
@@ -33,12 +39,10 @@
"syncthing" # syncthing!
];
-
hashedPasswordFile = config.sops.secrets.pilot_password.path;
shell = pkgs.fish;
- openssh.authorizedKeys.keyFiles =
- (import ./common.nix).authorizedKeys { inherit outputs lib; };
+ openssh.authorizedKeys.keyFiles = (import ./common.nix).authorizedKeys { inherit outputs lib; };
};
};
}
diff --git a/hosts/nixos/euporie/default.nix b/hosts/nixos/euporie/default.nix
deleted file mode 100644
index 57e6e4b..0000000
--- a/hosts/nixos/euporie/default.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ lib, ... }: {
- imports = [
- ../common/global
- ../common/users/guest.nix
-
- ../common/optional/greetd.nix
- ../common/optional/pipewire.nix
- ../common/optional/desktop/xdg-portal.nix
- ../common/optional/wayland/hyprland.nix
- ];
-
- # Usually included in the hardware-configuration
- nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
- # Set the name of this machine!
- networking.hostName = "euporie";
-
- # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
- system.stateVersion = "22.11";
-}
diff --git a/hosts/nixos/iso/default.nix b/hosts/nixos/iso/default.nix
new file mode 100644
index 0000000..3d805d7
--- /dev/null
+++ b/hosts/nixos/iso/default.nix
@@ -0,0 +1,13 @@
+{ modulesPath, pkgs, ... }:
+{
+ imports = [
+ "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
+
+ ../common/global/services/openssh.nix
+ ../common/global/locale.nix
+ ../common/global/cli/fish.nix
+ ../common/global/nix.nix
+ ];
+
+ environment.systemPackages = [ pkgs.neovim ];
+}
diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix
index e005019..f645b22 100644
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@@ -1,4 +1,9 @@
-{ config, ... }: {
+{ config, ... }:
+{
+ # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+ system.stateVersion = "23.05";
+
+ # {{{ Imports
imports = [
../common/global
../common/users/pilot.nix
@@ -38,19 +43,13 @@
./filesystems
./hardware
];
-
- # Machine ids
+ # }}}
+ # {{{ Machine ids
networking.hostName = "lapetus";
networking.hostId = "08357db3";
environment.etc.machine-id.text = "d9571439c8a34e34b89727b73bad3587";
-
- # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
- system.stateVersion = "23.05";
-
- # Bootloader
- boot.loader.systemd-boot.enable = true;
-
- # Tailscale internal IP DNS records
+ # }}}
+ # {{{ Tailscale internal IP DNS records
satellite.dns.records = [
{
at = config.networking.hostName;
@@ -63,4 +62,7 @@
value = "fd7a:115c:a1e0::e75d:883b";
}
];
+ # }}}
+
+ boot.loader.systemd-boot.enable = true;
}
diff --git a/hosts/nixos/lapetus/secrets.yaml b/hosts/nixos/lapetus/secrets.yaml
index 0c4a6a4..4d27a7e 100644
--- a/hosts/nixos/lapetus/secrets.yaml
+++ b/hosts/nixos/lapetus/secrets.yaml
@@ -18,20 +18,29 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcjFoRm1WNW9jOUJjUC9W
- NmxhWGRjWlFHd2tRaXJ6WnpaaWlxSFQ0RlZnCllVNTZ0b0MvL0VURDhQRUE1dDdW
- L1NkYzBRRDFLcFpwTTgzRnphLy9GT00KLS0tIFcvU2ZUQ21FZU1NTEFJaHRTVjV3
- eU1YeEZIOTJKa3I4c3ZwbVdPMlBLbmMKCBhopcTXWiAwR8ACyDf+P11SYcPrPSSv
- QRPJ6I8Y1Lc7KTCbkO8zW2hBb6fdbvWBJQtW0rOfCuGQ831OyArr0w==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQzgvU0NQZUFWT0pjZVBZ
+ ZThMRTVMWStMRThFYTF6Nkl2MlBXTWhkNUNZCmpVWW52NHNyTjZkZTN3c1NoajFR
+ M2MyZHFDM2czZHdPMUg2MDNPMnNqaVUKLS0tIHhwRThOYnBHY2FUajN0b0pBQ1Fn
+ dmZtT0xXR3RjVzd1ckNyVGpaRktnSkkKlPSmdYTQ5Qc3PVn9PhxmetF0fO7rWOwM
+ OTt7EF41IWwCwwhyQLpUcaCnO08jddPui1C5qnvjSFb/LZILiWQkFA==
+ -----END AGE ENCRYPTED FILE-----
+ - recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMjdib09GZC9DNGVoNCtK
+ Z3BnZGNXNzNEb1U3aU1xb1pkaUhPcituSEQwClhiVlMvNlU5OUZhbFE0MnZGTGha
+ eHpRSHlXaExzNnV0VlNEdnpqQmlDa2MKLS0tIFpPc0ovVnhnZ1IyWGNWTEFYZG81
+ a1NaNzE4VVFNRlBwUHRWdTFwWjJ5a00KJvIyBz6XGV2+lfawWzHqFOMILTXt0Vlx
+ OTs0i0tNER2kMucEo3LHIayIM/SB1ncXv+vl0rwHCVfbKdQ0ABhb2Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGV2VmdmJ2QlVVbUF6MUtt
- dzZFUGJFS3cyKzlTTHJiWjlqRmJkUm04WXh3CktSdGRIUWxJRU5oVVdkUTFwaEZr
- M1Y4NnRtclZVTkltOHNjNXAxVW9yaFEKLS0tIGlRYjgwd0FkN0FBU1RSQjRnVWpW
- RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
- lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTGIzcjYyLyt2QVh1QzJZ
+ L2NKK0ZFaS9kckdKbjNCd0lBckxlNWV2Qm5NCkoyLy8rOXVPOWt0U1BwTHB3ZTNl
+ NWVzdEQ0TUU4UjgrbzliRU5kZ0FqWjgKLS0tIE9YNkN1OWFLMVhDd1I3T1Y4Qi9O
+ VGNDUEo4NmxYR0JQR0NPcUZVdFl1MVEKISsE+UOuBXLZ/5qOeWSf9tPw6XOsNrWa
+ 09bm8O66Ai0AQGhbn0G3Qf/AlcqF+8eRFYZDmpk0HXryuNZYuj7hBw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-13T14:52:30Z"
mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str]
diff --git a/hosts/nixos/lapetus/services/jupyter.nix b/hosts/nixos/lapetus/services/jupyter.nix
index c774004..ba62bd8 100644
--- a/hosts/nixos/lapetus/services/jupyter.nix
+++ b/hosts/nixos/lapetus/services/jupyter.nix
@@ -1,15 +1,22 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
# {{{ Jupyterhub/lab env
- appEnv = pkgs.python3.withPackages (p: with p; [
- jupyterhub
- jupyterlab
- jupyterhub-systemdspawner
- jupyter-collaboration
- jupyterlab-git
- ]);
- # }}}
+ appEnv = pkgs.python3.withPackages (
+ p: with p; [
+ jupyterhub
+ jupyterlab
+ jupyterhub-systemdspawner
+ jupyter-collaboration
+ jupyterlab-git
+ ]
+ );
in
+# }}}
{
systemd.services.jupyterhub.path = [
pkgs.texlive.combined.scheme-full # LaTeX stuff is useful for matplotlib
@@ -25,8 +32,8 @@ in
# {{{ Spwaner & auth config
extraConfig = ''
- c.Authenticator.allowed_users = {'adrielus', 'javi'}
- c.Authenticator.admin_users = {'adrielus'}
+ c.Authenticator.allowed_users = {'${config.users.users.pilot.name}', 'javi'}
+ c.Authenticator.admin_users = {'${config.users.users.pilot.name}'}
c.Spawner.notebook_dir='${config.users.users.pilot.home}/projects/notebooks'
c.SystemdSpawner.mem_limit = '2G'
@@ -35,13 +42,18 @@ in
# }}}
# {{{ Python 3 kernel
kernels.python3 =
- let env = (pkgs.python3.withPackages (p: with p; [
- ipykernel
- numpy
- scipy
- matplotlib
- tabulate
- ]));
+ let
+ env = (
+ pkgs.python3.withPackages (
+ p: with p; [
+ ipykernel
+ numpy
+ scipy
+ matplotlib
+ tabulate
+ ]
+ )
+ );
in
{
displayName = "Numerical mathematics setup";
diff --git a/hosts/nixos/lapetus/services/zfs.nix b/hosts/nixos/lapetus/services/zfs.nix
index 070b7fd..089b6a2 100644
--- a/hosts/nixos/lapetus/services/zfs.nix
+++ b/hosts/nixos/lapetus/services/zfs.nix
@@ -1,11 +1,12 @@
-{ config, ... }: {
- # {{{ Zfs config
+{ config, ... }:
+{
+ # {{{ Zfs config
services.zfs = {
trim.enable = true;
autoScrub.enable = true;
};
# }}}
- # {{{ Sanoid config
+ # {{{ Sanoid config
# Sanoid allows me to configure snapshot frequency on a per-dataset basis.
services.sanoid = {
enable = true;
@@ -36,12 +37,4 @@
# }}}
};
# }}}
- # {{{ Syncoid
- # Automatically sync certain snapshot to rsync.net
- services.syncoid = {
- enable = true;
- commands."zroot/root/persist/data".target = "root@rsync.net:zroot/root/persist/data";
- commands."zroot/root/persist/state".target = "root@rsync.net:zroot/root/persist/state";
- };
- # }}}
}
diff --git a/hosts/nixos/tethys/default.nix b/hosts/nixos/tethys/default.nix
index 5d08556..236c6d4 100644
--- a/hosts/nixos/tethys/default.nix
+++ b/hosts/nixos/tethys/default.nix
@@ -1,88 +1,48 @@
+{ pkgs, ... }:
{
- config,
- lib,
- pkgs,
- ...
-}:
-{
+ # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
+ system.stateVersion = "22.11";
+
# {{{ Imports
imports = [
../common/global
../common/users/pilot.nix
- ../common/optional/pipewire.nix
../common/optional/bluetooth.nix
../common/optional/greetd.nix
+ ../common/optional/oci.nix
../common/optional/quietboot.nix
+
+ ../common/optional/desktop
../common/optional/desktop/steam.nix
- ../common/optional/desktop/xdg-portal.nix
../common/optional/wayland/hyprland.nix
+
../common/optional/services/kanata.nix
../common/optional/services/restic
+ ./services/syncthing.nix
./hardware
./boot.nix
- ./services/syncthing.nix
];
# }}}
-
- # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
- system.stateVersion = "22.11";
-
- services.mullvad-vpn.enable = true;
-
# {{{ Machine ids
networking.hostName = "tethys";
environment.etc.machine-id.text = "08357db3540c4cd2b76d4bb7f825ec88";
# }}}
- # {{{ A few ad-hoc hardware settings
- hardware.enableAllFirmware = true;
- hardware.opengl.enable = true;
- hardware.opentabletdriver.enable = true;
- hardware.keyboard.qmk.enable = true;
- powerManagement.cpuFreqGovernor = "performance";
- services.tlp = {
- enable = true;
- settings = {
- CPU_SCALING_GOVERNOR_ON_BAT = "performance";
- CPU_SCALING_GOVERNOR_ON_AC = "performance";
- };
- };
- # }}}
# {{{ A few ad-hoc programs
programs.kdeconnect.enable = true;
programs.firejail.enable = true;
- programs.extra-container.enable = true;
- virtualisation.docker.enable = true;
- virtualisation.waydroid.enable = true;
- # virtualisation.spiceUSBRedirection.enable = true; # This was required for the vm usb passthrough tomfoolery
- # }}}
- # {{{ Ad-hoc stylix targets
- stylix.targets.gtk.enable = true;
- # }}}
- # {{{ Some ad-hoc site blocking
- networking.extraHosts =
- let
- blacklisted = [
- # "twitter.com"
- # "www.reddit.com"
- "minesweeper.online"
- ];
- blacklist = lib.concatStringsSep "\n" (lib.forEach blacklisted (host: "127.0.0.1 ${host}"));
- in
- blacklist;
- # }}}
+ services.mullvad-vpn.enable = true;
services.mysql = {
enable = true;
package = pkgs.mysql80;
};
-
- programs.dconf.enable = true;
- services.gnome.evolution-data-server.enable = true;
- services.gnome.gnome-online-accounts.enable = true;
-
- # Tailscale internal IP DNS records
+ # }}}
+ # {{{ Ad-hoc stylix targets
+ stylix.targets.gtk.enable = true;
+ # }}}
+ # {{{ Tailscale internal IP DNS records
satellite.dns.records = [
# {
# at = config.networking.hostName;
@@ -95,4 +55,5 @@
# value = "fd7a:115c:a1e0::e75d:883b";
# }
];
+ # }}}
}
diff --git a/hosts/nixos/tethys/hardware/default.nix b/hosts/nixos/tethys/hardware/default.nix
index 63eff6e..a416f58 100644
--- a/hosts/nixos/tethys/hardware/default.nix
+++ b/hosts/nixos/tethys/hardware/default.nix
@@ -1,5 +1,6 @@
{ inputs, ... }:
{
+ # {{{ Imports
imports = with inputs.nixos-hardware.nixosModules; [
common-cpu-intel
# common-gpu-intel # This leads to a "prop ... defined twice" error
@@ -7,4 +8,21 @@
common-pc-ssd
./generated.nix
];
+ # }}}
+ # {{{ Misc
+ hardware.enableAllFirmware = true;
+ hardware.opengl.enable = true;
+ hardware.opentabletdriver.enable = true;
+ hardware.keyboard.qmk.enable = true;
+ # }}}
+ # {{{ Power management
+ powerManagement.cpuFreqGovernor = "performance";
+ services.tlp = {
+ enable = true;
+ settings = {
+ CPU_SCALING_GOVERNOR_ON_BAT = "performance";
+ CPU_SCALING_GOVERNOR_ON_AC = "performance";
+ };
+ };
+ # }}}
}