1
Fork 0

Prepare calypso install

This commit is contained in:
prescientmoon 2024-08-26 17:38:47 +02:00
parent 3a4d400fef
commit 454aae8f88
Signed by: prescientmoon
SSH key fingerprint: SHA256:UUF9JT2s8Xfyv76b8ZuVL7XrmimH4o49p4b+iexbVH4
36 changed files with 707 additions and 285 deletions

View file

@ -1,26 +1,33 @@
keys: keys:
- &users: - &users:
- &prescientmoon age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs - &prescientmoon_tethys age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
- &prescientmoon_calypso age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
- &hosts: - &hosts:
- &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs - &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
- &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4 - &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
- &calypso age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
creation_rules: creation_rules:
- path_regex: hosts/nixos/common/secrets.yaml - path_regex: hosts/nixos/common/secrets.yaml
key_groups: key_groups:
- age: - age:
- *prescientmoon - *prescientmoon_tethys
- *prescientmoon_calypso
- *tethys - *tethys
- *lapetus - *lapetus
- *calypso
- path_regex: hosts/nixos/lapetus/secrets.yaml - path_regex: hosts/nixos/lapetus/secrets.yaml
key_groups: key_groups:
- age: - age:
- *prescientmoon - *prescientmoon_tethys
- *prescientmoon_calypso
- *lapetus - *lapetus
- path_regex: home/features/desktop/wakatime/secrets.yaml - path_regex: home/features/desktop/wakatime/secrets.yaml
key_groups: key_groups:
- age: - age:
- *prescientmoon - *prescientmoon_tethys
- *prescientmoon_calypso
- path_regex: home/features/cli/productivity/secrets.yaml - path_regex: home/features/cli/productivity/secrets.yaml
key_groups: key_groups:
- age: - age:
- *prescientmoon - *prescientmoon_tethys
- *prescientmoon_calypso

View file

@ -17,9 +17,9 @@ The current state of this repo is a refactor of my old, messy nixos config, base
This repo's structure is based on the concept of hosts - individual machines configured by me. I'm naming each host based on things in space/mythology (_they are the same picture_). The hosts I have right now are: This repo's structure is based on the concept of hosts - individual machines configured by me. I'm naming each host based on things in space/mythology (_they are the same picture_). The hosts I have right now are:
- [tethys](./hosts/nixos/tethys/) — my personal laptop - [calypso](./hosts/nixos/calypso/) — my personal laptop
- [tethys](./hosts/nixos/tethys/) — my previous personal laptop
- [lapetus](./hosts/nixos/lapetus/) — older laptop running as a server - [lapetus](./hosts/nixos/lapetus/) — older laptop running as a server
- [euporie](./hosts/nixos/euporie/) — barebones host for testing things insdie a VM
- enceladus — my android phone. Although not configured using nix, this name gets referenced in some places - enceladus — my android phone. Although not configured using nix, this name gets referenced in some places
## File structure ## File structure

View file

@ -1,13 +1,24 @@
{ pkgs, ... }: { { pkgs, ... }:
{
stylix.fonts = { stylix.fonts = {
# monospace = { name = "Iosevka"; package = pkgs.iosevka; }; # monospace = { name = "Iosevka"; package = pkgs.iosevka; };
monospace = { name = "Cascadia Code"; package = pkgs.cascadia-code; }; monospace = {
sansSerif = { name = "CMUSansSerif"; package = pkgs.cm_unicode; }; name = "Cascadia Code";
serif = { name = "CMUSerif-Roman"; package = pkgs.cm_unicode; }; package = pkgs.cascadia-code;
};
sansSerif = {
name = "CMUSansSerif";
package = pkgs.cm_unicode;
};
serif = {
name = "CMUSerif-Roman";
package = pkgs.cm_unicode;
};
sizes = { sizes = {
desktop = 13; desktop = 13;
applications = 15; applications = 15;
terminal = 25;
}; };
}; };
} }

View file

@ -491,11 +491,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1720411406, "lastModified": 1723521794,
"narHash": "sha256-Z3tMBbMeYQKz1YYmSnbLglG9lm1l/EU+h3CFPJCli4I=", "narHash": "sha256-mmcakr+6z7/SDg+e2p1TYQorjYvUzWqG2KUIsmikARM=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "a2a2d880d5ec199ee333c9bf929865d65f92a1d4", "rev": "abafaabfa893ac432bae898a8652bc4a83c49d27",
"revCount": 3677, "revCount": 3727,
"type": "git", "type": "git",
"url": "https://gitlab.com/rycee/nur-expressions?dir=pkgs/firefox-addons" "url": "https://gitlab.com/rycee/nur-expressions?dir=pkgs/firefox-addons"
}, },

113
flake.nix
View file

@ -60,7 +60,7 @@
spicetify-nix.inputs.nixpkgs.follows = "nixpkgs"; spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
# }}} # }}}
# {{{ Theming # {{{ Theming
darkmatter-grub-theme.url = gitlab:VandalByte/darkmatter-grub-theme; darkmatter-grub-theme.url = "gitlab:VandalByte/darkmatter-grub-theme";
darkmatter-grub-theme.inputs.nixpkgs.follows = "nixpkgs"; darkmatter-grub-theme.inputs.nixpkgs.follows = "nixpkgs";
stylix.url = "github:danth/stylix/a33d88cf8f75446f166f2ff4f810a389feed2d56"; stylix.url = "github:danth/stylix/a33d88cf8f75446f166f2ff4f810a389feed2d56";
@ -73,7 +73,13 @@
}; };
# }}} # }}}
outputs = { self, nixpkgs, home-manager, ... }@inputs: outputs =
{
self,
nixpkgs,
home-manager,
...
}@inputs:
let let
# {{{ Common helpers # {{{ Common helpers
inherit (self) outputs; inherit (self) outputs;
@ -84,33 +90,37 @@
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system}; upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
}; };
# }}}
in in
# }}}
{ {
# {{{ Packages # {{{ Packages
# Accessible through 'nix build', 'nix shell', etc # Accessible through 'nix build', 'nix shell', etc
packages = forAllSystems packages = forAllSystems (
(system: system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system}; upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
myPkgs = import ./pkgs { inherit pkgs upkgs; }; myPkgs = import ./pkgs { inherit pkgs upkgs; };
in in
myPkgs // { myPkgs
octodns = upkgs.octodns.withProviders // {
(ps: [ myPkgs.octodns-cloudflare ]); octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
} // (import ./dns/pkgs.nix) { inherit pkgs self system; } }
); // (import ./dns/pkgs.nix) { inherit pkgs self system; }
);
# }}} # }}}
# {{{ Bootstrapping and other pinned devshells # {{{ Bootstrapping and other pinned devshells
# Accessible through 'nix develop' # Accessible through 'nix develop'
devShells = forAllSystems devShells = forAllSystems (
(system: system:
let let
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
args = { inherit pkgs; } // specialArgs system; args = {
in inherit pkgs;
import ./devshells args); } // specialArgs system;
in
import ./devshells args
);
# }}} # }}}
# {{{ Overlays and modules # {{{ Overlays and modules
# Custom packages and modifications, exported as overlays # Custom packages and modifications, exported as overlays
@ -126,24 +136,38 @@
# NixOS configuration entrypoint # NixOS configuration entrypoint
# Available through 'nixos-rebuild --flake .#... # Available through 'nixos-rebuild --flake .#...
nixosConfigurations = nixosConfigurations =
let nixos = { system, hostname }: nixpkgs.lib.nixosSystem { let
inherit system; nixos =
specialArgs = specialArgs system; { system, hostname }:
nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = specialArgs system;
modules = [ modules = [
home-manager.nixosModules.home-manager # {{{ Import home manager
{ (
home-manager.users.pilot = import ./home/${hostname}.nix; { lib, ... }:
home-manager.extraSpecialArgs = specialArgs system // { inherit hostname; }; {
home-manager.useUserPackages = true; imports = lib.lists.optional (builtins.pathExists ./home/${hostname}.nix) [
home-manager.nixosModules.home-manager
{
home-manager.users.pilot = import ./home/${hostname}.nix;
home-manager.extraSpecialArgs = specialArgs system // {
inherit hostname;
};
home-manager.useUserPackages = true;
stylix.homeManagerIntegration.followSystem = false; stylix.homeManagerIntegration.followSystem = false;
stylix.homeManagerIntegration.autoImport = false; stylix.homeManagerIntegration.autoImport = false;
} }
];
}
)
# }}}
./hosts/nixos/${hostname} ./hosts/nixos/${hostname}
]; ];
}; };
in in
{ {
tethys = nixos { tethys = nixos {
@ -156,14 +180,15 @@
hostname = "lapetus"; hostname = "lapetus";
}; };
# Disabled because `flake check` complains about filesystems and bootloader calypso = nixos {
# options not being set. This is not an issue in practice, as this config is system = "x86_64-linux";
# supposed to be used inside a VM, but there's not much I can do about it. hostname = "calypso";
# euporie = nixos { };
# system = "x86_64-linux";
# hostname = "euporie";
# };
iso = nixos {
system = "x86_64-linux";
hostname = "iso";
};
}; };
# }}} # }}}
}; };

74
home/calypso.nix Normal file
View file

@ -0,0 +1,74 @@
{ pkgs, ... }:
{
imports = [
./global.nix
./features/desktop/zathura.nix
./features/desktop/spotify.nix
./features/desktop/obsidian.nix
./features/desktop/foot.nix
./features/desktop/firefox
./features/desktop/discord
./features/cli/productivity
./features/cli/pass.nix
./features/cli/zellij.nix
./features/cli/nix-index.nix
./features/cli/catgirl.nix
./features/cli/lazygit.nix
./features/wayland/hyprland
./features/neovim
];
# Arbitrary extra packages
home.packages = with pkgs; [
# {{{ Communication
# signal-desktop # Signal client
element-desktop # Matrix client
# zoom-us # Zoom client 🤮
# }}}
# {{{ Editors for different formats
gimp # Image editing
# lmms # Music software
# kicad # PCB editing
# libreoffice # Free office suite
# }}}
# {{{ Gaming
# wine # Windows compat layer or whatever
# lutris # Game launcher
# }}}
# {{{ Clis
sops # Secret editing
# sherlock # Search for usernames across different websites
# }}}
# {{{ Misc
bitwarden # Password-manager
qbittorrent # Torrent client
# google-chrome # Not my primary browser, but sometimes needed in webdev
# plover.dev # steno engine
overskride # Bluetooth client
# }}}
# {{{ Media playing/recording
mpv # Video player
imv # Image viewer
# peek # GIF recorder
# obs-studio # video recorder
# }}}
];
home.username = "moon";
home.stateVersion = "24.05";
satellite = {
# Symlink some commonly modified dotfiles outside the nix store
dev.enable = true;
monitors = [
{
name = "eDP-1";
width = 1920;
height = 1080;
}
];
};
}

View file

@ -1,11 +0,0 @@
{
imports = [
./global.nix
./features/wayland/hyprland
];
# Set up my custom imperanence wrapper
satellite.persistence = {
enable = true;
};
}

View file

@ -12,11 +12,20 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYkx3eWhxZUpTRVR3R1R4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTk5WWWlsK2ZyTEJEQjFH
Vm9hMTVsbXBnU0tFU093amU3TTNjalhsVHdvCmZURElTY2Q0eTQvR3M1V3AzTVl4 ZW1XWm9uTlZBeXB2ZUFzaDVYUTNlSDh3aWpnClRmbExNQmRXMVVNS3BYODF1d2Ez
VkR2NXRHR2FiTURqNUp5Y3VDWFQ1UjgKLS0tIEVlRWs3YUFaZzdvd1Q5bmFwazJi bVQ3UGZ5TTMrdm5GVjlQMk5sak55Qk0KLS0tIEVLVys2cnJ0Z0EvRmpUV3B2Nk9J
Y2E3bmM1TkZoOEN0anJqYUNSQUN5ZDAKtobUBBKbfaUeiPtKN4/oTNaxY3C2joCK NzVJZmpmODYramRNaHFxL0wzOHduSTgKgq0kqWffjhQnXoiBvsBYCTxHoA6u1jug
8h4FlRLXd+CGnAyjN2p4FliWzLgmOg4HFNmZSmYLpIh4E9yqadNSSg== xb5LuisZElikx3BVKoNV1HpuUwWe83VSK2hJw1lfpQZ/DFByrv5YfA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcFlQYjZ1N0JrSnVoUENB
MXl2Um9PMEhCVHFySU1MWnpqNjcxamZJRjJ3CjlMS1N3TjdxOVl1REZ3M2hSYlhi
VW9qZy9FbnJqKy9ObVc5bGNNRksrT3MKLS0tIDY5aGVZUVpkVUgvSVFHbFcwOWVY
SFVUTlpIaDlZUDhJT3hicWpxRzBia2sK6hu2aJMyHMYRwlEkbcPDtqUlU9VsDCsR
fBXvietF/w/TpfY+G2fCEDcWJAtQ7lLM0tNiiNqbUQwWBWddPVyPBA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-12T23:55:37Z" lastmodified: "2024-02-12T23:55:37Z"
mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str] mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str]

View file

@ -15,4 +15,7 @@
package = pkgs.papirus-icon-theme; package = pkgs.papirus-icon-theme;
name = "Papirus"; name = "Papirus";
}; };
# Bigger text in qt apps
home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4;
} }

View file

@ -8,11 +8,20 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR0RmdFIxNFJpQTdGYXlq YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dDhCMWVSY280NUlsd3Bu
bkZrNktMaFlrOEZtSXh6Y1l6NTN0REN6N2dnCmNMRUk2TXA3RWhtZVlnbTg2aE00 L3QreE1zSGdQWnV3Tm1SQzh2SUF0VDlBcTMwCjNhdE51VzlRdXlRY241VXpaVkFR
eFVwejBTcWRaTUhGWFFIS1RlVkhhQ28KLS0tIEdWWGRWSDZOQW9pQkdCRFFncTM2 MndqZTQxQ0FCQ3pvb3BXcXRrR3BYc2cKLS0tIElLYkVLL2h2NXNabW5CRXVla0pa
cURjWFplY1pyMzY4a0h6cTRLS2I2ZW8KqGtYjCsdriSWdKhC+kGBAMSY9WVDL3tE LzY0ejRvMDVmR21ISkdraHZzTndmRmcKVcQeKFytVs8QlkQpMA1GfLL8ccrbSqD+
oMxyhrgDMtWndZEGv1+J3XLLmatDKmEcJO2k0CXZlCWWj17O4Rm+eA== 7+5YJoDMiHS01Jgbh+4HNFIg/P3S3yIOCRx+ukvWF2/p7GP55Braxg==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBackQ3NzRMZ25RekM5cjNz
dlRXeTUyTVFlSDFRSC9jeFFoYlVKbWJRbEFNCnpKZHViK2F2VWJYTTBlNXpITUo1
SFlUZUR0WTE4cUFZQlE0YzJJdS9TVVEKLS0tIE45Y25Bam5mdUNkTXkwOGkzb09t
ejU0YlVQR3JhaUE2aHBRUFhXaEdTV1EKgsHa/nufIXbLnrkvXNsZJ30dH1L2tMKf
jZufrpkQuPXWYzubUYejgQ0/yHGTDQtT9ptn72isGKKgSJZllCnPiA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-09T13:00:44Z" lastmodified: "2024-05-09T13:00:44Z"
mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str] mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str]

View file

@ -1,4 +1,10 @@
{ inputs, lib, config, outputs, ... }: {
inputs,
lib,
config,
outputs,
...
}:
let let
# {{{ Imports # {{{ Imports
imports = [ imports = [
@ -23,8 +29,8 @@ let
../common ../common
# }}} # }}}
]; ];
# }}}
in in
# }}}
{ {
# Import all modules defined in modules/home-manager # Import all modules defined in modules/home-manager
imports = builtins.attrValues outputs.homeManagerModules ++ imports; imports = builtins.attrValues outputs.homeManagerModules ++ imports;
@ -32,10 +38,9 @@ in
# {{{ Nixpkgs # {{{ Nixpkgs
nixpkgs = { nixpkgs = {
# Add all overlays defined in the overlays directory # Add all overlays defined in the overlays directory
overlays = builtins.attrValues outputs.overlays ++ overlays =
lib.lists.optional builtins.attrValues outputs.overlays
config.satellite.toggles.neovim-nightly.enable ++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
inputs.neovim-nightly-overlay.overlay;
config.allowUnfree = true; config.allowUnfree = true;
@ -55,7 +60,6 @@ in
home = { home = {
username = lib.mkDefault "adrielus"; username = lib.mkDefault "adrielus";
homeDirectory = "/home/${config.home.username}"; homeDirectory = "/home/${config.home.username}";
stateVersion = lib.mkDefault "23.05";
}; };
# }}} # }}}
# {{{ Ad-hoc settings # {{{ Ad-hoc settings

View file

@ -1,3 +1,4 @@
{ {
imports = [ ./global.nix ]; imports = [ ./global.nix ];
home.stateVersion = "23.05";
} }

View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
imports = [ imports = [
./global.nix ./global.nix
@ -20,7 +21,6 @@
# Arbitrary extra packages # Arbitrary extra packages
home.packages = with pkgs; [ home.packages = with pkgs; [
alacritty
# {{{ Communication # {{{ Communication
# signal-desktop # Signal client # signal-desktop # Signal client
element-desktop # Matrix client element-desktop # Matrix client
@ -57,15 +57,18 @@
]; ];
home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4; # Bigger text in qt apps home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4; # Bigger text in qt apps
home.stateVersion = "23.05";
satellite = { satellite = {
# Symlink some commonly modified dotfiles outside the nix store # Symlink some commonly modified dotfiles outside the nix store
dev.enable = true; dev.enable = true;
monitors = [{ monitors = [
name = "eDP-1"; {
width = 1920; name = "eDP-1";
height = 1080; width = 1920;
}]; height = 1080;
}
];
}; };
} }

View file

@ -0,0 +1,56 @@
{ config, ... }:
{
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.05";
# {{{ Imports
imports = [
../common/global
../common/users/pilot.nix
../common/optional/bluetooth.nix
../common/optional/greetd.nix
../common/optional/oci.nix
../common/optional/quietboot.nix
../common/optional/desktop
../common/optional/desktop/steam.nix
../common/optional/wayland/hyprland.nix
../common/optional/services/kanata.nix
../common/optional/services/syncthing.nix
../common/optional/services/restic
./services/snapper.nix
./filesystems
./hardware
];
# }}}
# {{{ Machine ids
networking.hostName = "calypso";
networking.hostId = "";
environment.etc.machine-id.text = "";
# }}}
# {{{ Tailscale internal IP DNS records
satellite.dns.records = [
# {
# at = config.networking.hostName;
# type = "A";
# value = "100.93.136.59";
# }
# {
# at = config.networking.hostName;
# type = "AAAA";
# value = "fd7a:115c:a1e0::e75d:883b";
# }
];
# }}}
# {{{ A few ad-hoc programs
programs.kdeconnect.enable = true;
programs.firejail.enable = true;
# }}}
satellite.pilot.name = "moon";
boot.loader.systemd-boot.enable = true;
}

View file

@ -0,0 +1,40 @@
{ lib, pkgs, ... }:
{
imports = [ (import ./partitions.nix { }) ];
boot.supportedFilesystems = [ "btrfs" ];
services.btrfs.autoScrub.enable = true;
# {{{ Mark a bunch of paths as needed for boot
fileSystems =
lib.attrsets.genAttrs
[
"/"
"/nix"
"/persist/data"
"/persist/state"
"/persist/local/cache"
"/boot"
]
(p: {
neededForBoot = true;
});
# }}}
# {{{ Rollback
boot.initrd.systemd.services.rollback = {
path = [ pkgs.btrfs-progs ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
unitConfig.DefaultDependencies = "no";
wantedBy = [ "initrd.target" ];
after = [ "systemd-cryptsetup@enc.service" ];
before = [ "sysroot.mount" ];
script = ''
btrfs subvolume delete /root
btrfs subvolume snapshot /blank /root
'';
};
# }}}
}

View file

@ -0,0 +1,102 @@
{
disks ? [ "/dev/sda" ],
...
}:
{
disko.devices.disk.main = {
type = "disk";
device = builtins.elemAt disks 0;
content = {
type = "gpt";
partitions = {
# {{{ Boot
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "defaults" ];
};
};
# }}}
# {{{ Luks
luks = {
size = "384G"; # The remaining space is left for windows
content = {
type = "luks";
name = "crypted";
passwordFile = "/hermes/secrets/calypso/disk.key";
settings.allowDiscards = true;
content = {
type = "btrfs";
extraArgs = [ "-f" ];
postCreateHook = ''
# We then take an empty *readonly* snapshot of the root subvolume,
# which we'll eventually rollback to on every boot.
btrfs subvolume snapshot -r /root /blank
'';
subvolumes = {
# {{{ /root
"/root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
# }}}
# {{{ /swap
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "20G";
};
# }}}
# {{{ /root/persist/data
"/root/persist/data" = {
mountpoint = "/persist/data";
mountOptions = [
"compress=zstd"
"noatime"
];
};
# }}}
# {{{ /root/persist/state
"/root/persist/state" = {
mountpoint = "/persist/state";
mountOptions = [
"compress=zstd"
"noatime"
];
};
# }}}
# {{{ /root/local/nix
"/root/local/nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
# }}}
# {{{ /root/local/cache
"/root/local/cache" = {
mountpoint = "/persist/local/cache";
mountOptions = [
"compress=zstd"
"noatime"
];
};
# }}}
};
};
};
};
# }}}
};
};
};
}

View file

@ -0,0 +1,28 @@
{ inputs, ... }:
{
# {{{ Imports
imports = with inputs.nixos-hardware.nixosModules; [
common-cpu-amd
common-gpu-amd
common-pc-laptop
common-pc-ssd
./generated.nix
];
# }}}
# {{{ Misc
hardware.enableAllFirmware = true;
hardware.opengl.enable = true;
hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
# }}}
# {{{ Power management
powerManagement.cpuFreqGovernor = "performance";
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
CPU_SCALING_GOVERNOR_ON_AC = "performance";
};
};
# }}}
}

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBwFNYf8q84oGOwiGCXmJqeBPdglTPcWJB9nnLpmS2RG root@tethys

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASX1E4WYg5dydret3G0fWYJLQn2oRxNZdHWWaJojW1a root@tethys

View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAfRDNDA5B0YlnR0K5wQ0w6pMl0Pi8WIjanKol5SA615VDye3caBdv3UzxdC221ECIa9bZQcaKt/ncIuj/3fE49W8D0+2wL/1Eruy4ximAVAtLgIMzm+hl/dP3KsyTjUajIUbso08S9PUjtJl8PgmiiEPEppMAo++hwKycn5bRoUywE/VoNgPhAB5sgKaFZiQhPu4q0mZWhikGiaJzKPRi84bP4gCL9/h0slSWP3VmhWE7Vyvyjv6OKHdfjXoJA/AjSd3VogmGnzDWUI5lkwJzkHv/ybie9+7y+0o+wBu4+0lJlchBEq0f6dp9fw0MZRt84DYw8/MFDa+SXq5cO5aAwHARpRYeAHkPIRnwJbxTqn6uDlAdWrIxY8SPXIrrBpfnVSoaH8SJN/spsEoILkqrOpncQi5QP1rY8Bi2zaI13WD1kYsh9l4FqmqvCeawEgN0pedudZf2qqHWD93lDTAWxM7k5rPHSSgnnfsgwE35peBpmepJH8ZNFaBqw+aCvIM= root@tethys

View file

@ -0,0 +1,37 @@
{
services.snapper = {
snapshotInterval = "hourly";
cleanupInterval = "1d";
# http://snapper.io/manpages/snapper-configs.html
configs = {
# {{{ Data
data = {
SUBVOLUME = "/root/persist/data";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
BACKGROUND_COMPARISON = "yes";
TIMELINE_LIMIT_HOURLY = "24";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "4";
TIMELINE_LIMIT_MONTHLY = "12";
TIMELINE_LIMIT_YEARLY = "0";
};
# }}}
# {{{ State
state = {
SUBVOLUME = "/root/persist/state";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
BACKGROUND_COMPARISON = "yes";
TIMELINE_LIMIT_HOURLY = "6";
TIMELINE_LIMIT_DAILY = "3";
TIMELINE_LIMIT_WEEKLY = "1";
TIMELINE_LIMIT_MONTHLY = "1";
TIMELINE_LIMIT_YEARLY = "0";
};
# }}}
};
};
}

View file

@ -1,12 +0,0 @@
{ pkgs, inputs, lib, ... }: {
security.sudo = {
enable = true;
extraRules = [{
commands = [{
command = lib.getExe inputs.deploy-rs.packages.${pkgs.system}.default;
options = [ "NOPASSWD" ];
}];
groups = [ "wheel" ];
}];
};
}

View file

@ -1,5 +1,11 @@
# Configuration pieces included on all (nixos) hosts # Configuration pieces included on all (nixos) hosts
{ inputs, lib, config, outputs, ... }: {
inputs,
lib,
config,
outputs,
...
}:
let let
# {{{ Imports # {{{ Imports
imports = [ imports = [
@ -23,8 +29,8 @@ let
../../../../common ../../../../common
# }}} # }}}
]; ];
# }}}
in in
# }}}
{ {
# Import all modules defined in modules/nixos # Import all modules defined in modules/nixos
imports = builtins.attrValues outputs.nixosModules ++ imports; imports = builtins.attrValues outputs.nixosModules ++ imports;
@ -44,13 +50,17 @@ in
# Boot using systemd # Boot using systemd
boot.initrd.systemd.enable = true; boot.initrd.systemd.enable = true;
# }}} # }}}
# {{{ Disable sudo default lecture
security.sudo.extraConfig = ''
Defaults lecture = never
'';
# }}}
nixpkgs = { nixpkgs = {
# Add all overlays defined in the overlays directory # Add all overlays defined in the overlays directory
overlays = builtins.attrValues outputs.overlays ++ overlays =
lib.lists.optional builtins.attrValues outputs.overlays
config.satellite.toggles.neovim-nightly.enable ++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
inputs.neovim-nightly-overlay.overlay;
config.allowUnfree = true; config.allowUnfree = true;
}; };

View file

@ -1,5 +1,10 @@
# This setups a SSH server. # This setups a SSH server.
{ outputs, config, lib, ... }: {
outputs,
config,
lib,
...
}:
let let
# Record containing all the hosts # Record containing all the hosts
hosts = outputs.nixosConfigurations; hosts = outputs.nixosConfigurations;
@ -15,8 +20,8 @@ in
enable = true; enable = true;
settings = { settings = {
PermitRootLogin = "no"; # Forbid root login through SSH. PermitRootLogin = lib.mkDefault "no"; # Forbid root login through SSH.
PasswordAuthentication = false; # Use keys only. PasswordAuthentication = lib.mkDefault false; # Use keys only.
}; };
# Automatically remove stale sockets # Automatically remove stale sockets
@ -26,7 +31,10 @@ in
# Generate ssh key # Generate ssh key
hostKeys = hostKeys =
let mkKey = type: path: extra: { inherit type path; } // extra; let
mkKey =
type: path: extra:
{ inherit type path; } // extra;
in in
[ [
(mkKey "ed25519" "/persist/state/etc/ssh/ssh_host_ed25519_key" { }) (mkKey "ed25519" "/persist/state/etc/ssh/ssh_host_ed25519_key" { })
@ -43,19 +51,22 @@ in
# attrsetof host -> attrsetof { ... } # attrsetof host -> attrsetof { ... }
(builtins.mapAttrs (builtins.mapAttrs
# string -> host -> { ... } # string -> host -> { ... }
(name: _: { (
publicKeyFile = pubKey name; name: _: {
extraHostNames = lib.optional (name == hostname) "localhost"; publicKeyFile = pubKey name;
})) extraHostNames = lib.optional (name == hostname) "localhost";
}
)
)
# attrsetof { ... } -> attrsetof { ... } # attrsetof { ... } -> attrsetof { ... }
(lib.attrsets.filterAttrs (lib.attrsets.filterAttrs
# string -> { ... } -> bool # string -> { ... } -> bool
(_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile)) (_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile)
)
]; ];
}; };
# By default, this will ban failed ssh attempts # By default, this will ban failed ssh attempts
services.fail2ban.enable = true; services.fail2ban.enable = true;

View file

@ -0,0 +1,8 @@
{
imports = [
../pipewire.nix
./xdg-portal.nix
];
stylix.targets.gtk.enable = true;
}

View file

@ -1,14 +1,8 @@
{ {
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
environment.persistence = { environment.persistence = {
"/persist/state".directories = [ "/persist/state".directories = [ "/var/lib/containers/storage" ];
"/var/lib/containers/storage" "/persist/local/cache".directories = [ "/var/lib/containers/cache" ];
];
"/persist/local/cache".directories = [
"/var/lib/containers/cache"
];
}; };
} }

View file

@ -11,29 +11,47 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbzNLcXFBcTlIM3hjZTN0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRVRLdlFuS3I5aXRKRmdF
bTFZUDJnS3lROExSREVkd0FMeHU3RGVWdzJnCkszOVROZlBmZWl2cjFkcTZ1OWZw TjFHY3Yvc2NUUlpYRUR6Y2JHRVgzTkhOZjFNCkhnZjU0R0VIbDJSNVNSb2hZUDd3
eThXSTliNmxHM3o3NzhUOUkvU0YzNzgKLS0tIHBWSmRTTlJBdmlKQy9YWHR0NGds SERkaExNdkRDOXRSWlg5enluY3dXRUUKLS0tIFZBNTJYaHhxbmZhMG56UGFtd25u
ak5kUFRJK3JCcUYvSFY2eGtIOTk3RkkKl3yBZjjBExU9RoZbaKBixfsywqFWFnq4 aVNDS2h1NnFmMERIMzdUanp1MitBTGcKp4s32NVcyeJNI6BDeU1GGz5xjoSW/iH7
n7olhkNMVIC+BcLYno0oIT2oILASMkE3NbH85IHlYZY2qQvFKDbG7w== hUxXrZaRqtiVegq7Ukv7mXCVjAy1x/Flb4dDag4Ym4ReTsyKZpQf/w==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZzNPU0pBVjJPREF2SGhQ
REl2ckdxakwrdHFPU0RPN0J1K0s1TWFsK0NzCjMzeGgyRktTWWpVVkFxQUpFZDBC
bDRuRHZOOU5ueHN6RlY2VUwxQThmNXcKLS0tIEtVU3F3VUZSRGJtU0VBcVh0NXRh
eFA2TWtCYmpGN2paWnRSQlBoZk83MkkKwIDlq6u31cc1toMfBHvA932dJyozUYa0
e45KrBC3gy/5wZWcN7MktBgqd2khufa+KEMQv7c3ldyixKXokuBRhw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs - recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aExaRC9SclVvT1g4WFI0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VC9ia21rTWpPSnJaamM3
N1grVzZWWmpPaGEwRmx3TjUyK0dvL0RNdmhjClY5UmI0eWZOTXZqbGFxT05OSnk1 YzZqMzNJZDA4Q095OTMrR0JGTzczU2RWMVJNCnE0QzNvWWhscnQyWk5WOTV4Vld4
RTAyYStRN0NsRnZlWk03eXIrajdiRjQKLS0tIHlMdzBVNFEzR2FuVFZEWStFY1hh SmJSdVdOMTRWWDFxUzJxc3hWZmxzUTQKLS0tIE9LWEtjc0x5WkpGWTUwMEt2d25K
MnFiSGt3dWZxWnF3M2FkbTJzSTA2VTAKtD40Gp12vB24Wnr8NvY7/ZWr9XVDF9Bl TVJJWktOdW1Ic2E4MWpIbjQrdllkMzgK6M8T6M4rAMGgnWcVao/tp0PWG4NXvTTZ
FUL34R1mpgweNJ1IowFPgQbxsyMTG7iYB4jC50JZNOKJxe9NaeOUlQ== /yNJgLZdBeHQevceLc4madD42IcrX7P2zeb6TM7l0DQVWCy+cBTN8w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4 - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtK0pFcWlheEwzV3N3bVFQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNmRXMFVKWnB3QjN3dDNj
K3EwNXI5MXQyYld6Z3J1aVNHWlQ4UjlxSzIwCktDbG9iMFRVQnJBenhWVFhLa2N1 QmRaRDRGUVJiczUzWE5WdFNReldBdkNOWlVvCmZCKzY4MThrUmNXeGVPTC9LSGtl
SWRMR3JLajJscWFqMy84aGNFcy9UK1UKLS0tIEZoT0d2bVJpV3ByWmV0eENZVjM3 OFJOcGZVbVVjY0RveXR5WXNjU3p6UjgKLS0tIENyUHRpbjRyZjZpdjNlUktuL1g5
WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U QmNJVlIvTlhSRXJldUZhZjdsR0gwaHMKuNZcv3s65MtylIYzgDUd0qss4OEeJr8V
sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ== aI82/McWGJ6Lg0BVmvTUHbYcF09aMEJHeYEZNAzLiJ1a77tlhmY/jw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVVU5Wis5dkJRSE5lRy9U
QjFHb21uc0Z3Zmc4Z2J3NTVaajhmQy9nb2xJCjRqK1htbk82M0dnOWNEV0hHcmFz
RXFrSGE2UjdhTWh6RmwvR1psV05lbnMKLS0tIDRidEFBY0x2cXMrSHJXaXBuaE4r
WXFQQXh2cjlMdzhpa1JUdVVBK3pNbTQK6peUF0mWtmfSuN6KnoYPTEg8sIp/t0R2
ygJEf8cpNiVxN0vsF/4kwyC/V4JE4XllsKrKF4NhVrBq96m1RmKlYg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-29T19:34:39Z" lastmodified: "2024-07-29T19:34:39Z"
mac: ENC[AES256_GCM,data:ruCV2JKgFN6BiTYjOwlhNmjDCh9ZRJ9E+H0x0uVevZnsTEcFlTUh5iNSiw3uJtcKcA4H4kuGPXlolyxuGVGsAhVFD4G3zR84i9TTHmGT4STC2dNebcA9VUXVnfPhEUFAExrPRxbEqvx3o0QPZIfGonPQzl3xhJzOPahYsRJOwTQ=,iv:rSuuhOgzOgE7DosgVEWDT1jenF3m+NqnCSEKjoCBrfE=,tag:7pAV4jKvJYG1vPqEEMqOPg==,type:str] mac: ENC[AES256_GCM,data:ruCV2JKgFN6BiTYjOwlhNmjDCh9ZRJ9E+H0x0uVevZnsTEcFlTUh5iNSiw3uJtcKcA4H4kuGPXlolyxuGVGsAhVFD4G3zR84i9TTHmGT4STC2dNebcA9VUXVnfPhEUFAExrPRxbEqvx3o0QPZIfGonPQzl3xhJzOPahYsRJOwTQ=,iv:rSuuhOgzOgE7DosgVEWDT1jenF3m+NqnCSEKjoCBrfE=,tag:7pAV4jKvJYG1vPqEEMqOPg==,type:str]

View file

@ -1,6 +1,12 @@
{ pkgs, outputs, config, lib, ... }:
{ {
satellite.pilot.name = "adrielus"; pkgs,
outputs,
config,
lib,
...
}:
{
satellite.pilot.name = lib.mkDefault "adrielus";
sops.secrets.pilot_password = { sops.secrets.pilot_password = {
sopsFile = ../secrets.yaml; sopsFile = ../secrets.yaml;
@ -33,12 +39,10 @@
"syncthing" # syncthing! "syncthing" # syncthing!
]; ];
hashedPasswordFile = config.sops.secrets.pilot_password.path; hashedPasswordFile = config.sops.secrets.pilot_password.path;
shell = pkgs.fish; shell = pkgs.fish;
openssh.authorizedKeys.keyFiles = openssh.authorizedKeys.keyFiles = (import ./common.nix).authorizedKeys { inherit outputs lib; };
(import ./common.nix).authorizedKeys { inherit outputs lib; };
}; };
}; };
} }

View file

@ -1,20 +0,0 @@
{ lib, ... }: {
imports = [
../common/global
../common/users/guest.nix
../common/optional/greetd.nix
../common/optional/pipewire.nix
../common/optional/desktop/xdg-portal.nix
../common/optional/wayland/hyprland.nix
];
# Usually included in the hardware-configuration
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
# Set the name of this machine!
networking.hostName = "euporie";
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "22.11";
}

View file

@ -0,0 +1,13 @@
{ modulesPath, pkgs, ... }:
{
imports = [
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
../common/global/services/openssh.nix
../common/global/locale.nix
../common/global/cli/fish.nix
../common/global/nix.nix
];
environment.systemPackages = [ pkgs.neovim ];
}

View file

@ -1,4 +1,9 @@
{ config, ... }: { { config, ... }:
{
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "23.05";
# {{{ Imports
imports = [ imports = [
../common/global ../common/global
../common/users/pilot.nix ../common/users/pilot.nix
@ -38,19 +43,13 @@
./filesystems ./filesystems
./hardware ./hardware
]; ];
# }}}
# Machine ids # {{{ Machine ids
networking.hostName = "lapetus"; networking.hostName = "lapetus";
networking.hostId = "08357db3"; networking.hostId = "08357db3";
environment.etc.machine-id.text = "d9571439c8a34e34b89727b73bad3587"; environment.etc.machine-id.text = "d9571439c8a34e34b89727b73bad3587";
# }}}
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # {{{ Tailscale internal IP DNS records
system.stateVersion = "23.05";
# Bootloader
boot.loader.systemd-boot.enable = true;
# Tailscale internal IP DNS records
satellite.dns.records = [ satellite.dns.records = [
{ {
at = config.networking.hostName; at = config.networking.hostName;
@ -63,4 +62,7 @@
value = "fd7a:115c:a1e0::e75d:883b"; value = "fd7a:115c:a1e0::e75d:883b";
} }
]; ];
# }}}
boot.loader.systemd-boot.enable = true;
} }

View file

@ -18,20 +18,29 @@ sops:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcjFoRm1WNW9jOUJjUC9W YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQzgvU0NQZUFWT0pjZVBZ
NmxhWGRjWlFHd2tRaXJ6WnpaaWlxSFQ0RlZnCllVNTZ0b0MvL0VURDhQRUE1dDdW ZThMRTVMWStMRThFYTF6Nkl2MlBXTWhkNUNZCmpVWW52NHNyTjZkZTN3c1NoajFR
L1NkYzBRRDFLcFpwTTgzRnphLy9GT00KLS0tIFcvU2ZUQ21FZU1NTEFJaHRTVjV3 M2MyZHFDM2czZHdPMUg2MDNPMnNqaVUKLS0tIHhwRThOYnBHY2FUajN0b0pBQ1Fn
eU1YeEZIOTJKa3I4c3ZwbVdPMlBLbmMKCBhopcTXWiAwR8ACyDf+P11SYcPrPSSv dmZtT0xXR3RjVzd1ckNyVGpaRktnSkkKlPSmdYTQ5Qc3PVn9PhxmetF0fO7rWOwM
QRPJ6I8Y1Lc7KTCbkO8zW2hBb6fdbvWBJQtW0rOfCuGQ831OyArr0w== OTt7EF41IWwCwwhyQLpUcaCnO08jddPui1C5qnvjSFb/LZILiWQkFA==
-----END AGE ENCRYPTED FILE-----
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMjdib09GZC9DNGVoNCtK
Z3BnZGNXNzNEb1U3aU1xb1pkaUhPcituSEQwClhiVlMvNlU5OUZhbFE0MnZGTGha
eHpRSHlXaExzNnV0VlNEdnpqQmlDa2MKLS0tIFpPc0ovVnhnZ1IyWGNWTEFYZG81
a1NaNzE4VVFNRlBwUHRWdTFwWjJ5a00KJvIyBz6XGV2+lfawWzHqFOMILTXt0Vlx
OTs0i0tNER2kMucEo3LHIayIM/SB1ncXv+vl0rwHCVfbKdQ0ABhb2Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4 - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGV2VmdmJ2QlVVbUF6MUtt YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTGIzcjYyLyt2QVh1QzJZ
dzZFUGJFS3cyKzlTTHJiWjlqRmJkUm04WXh3CktSdGRIUWxJRU5oVVdkUTFwaEZr L2NKK0ZFaS9kckdKbjNCd0lBckxlNWV2Qm5NCkoyLy8rOXVPOWt0U1BwTHB3ZTNl
M1Y4NnRtclZVTkltOHNjNXAxVW9yaFEKLS0tIGlRYjgwd0FkN0FBU1RSQjRnVWpW NWVzdEQ0TUU4UjgrbzliRU5kZ0FqWjgKLS0tIE9YNkN1OWFLMVhDd1I3T1Y4Qi9O
RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U VGNDUEo4NmxYR0JQR0NPcUZVdFl1MVEKISsE+UOuBXLZ/5qOeWSf9tPw6XOsNrWa
lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ== 09bm8O66Ai0AQGhbn0G3Qf/AlcqF+8eRFYZDmpk0HXryuNZYuj7hBw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-13T14:52:30Z" lastmodified: "2024-06-13T14:52:30Z"
mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str] mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str]

View file

@ -1,15 +1,22 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
# {{{ Jupyterhub/lab env # {{{ Jupyterhub/lab env
appEnv = pkgs.python3.withPackages (p: with p; [ appEnv = pkgs.python3.withPackages (
jupyterhub p: with p; [
jupyterlab jupyterhub
jupyterhub-systemdspawner jupyterlab
jupyter-collaboration jupyterhub-systemdspawner
jupyterlab-git jupyter-collaboration
]); jupyterlab-git
# }}} ]
);
in in
# }}}
{ {
systemd.services.jupyterhub.path = [ systemd.services.jupyterhub.path = [
pkgs.texlive.combined.scheme-full # LaTeX stuff is useful for matplotlib pkgs.texlive.combined.scheme-full # LaTeX stuff is useful for matplotlib
@ -25,8 +32,8 @@ in
# {{{ Spwaner & auth config # {{{ Spwaner & auth config
extraConfig = '' extraConfig = ''
c.Authenticator.allowed_users = {'adrielus', 'javi'} c.Authenticator.allowed_users = {'${config.users.users.pilot.name}', 'javi'}
c.Authenticator.admin_users = {'adrielus'} c.Authenticator.admin_users = {'${config.users.users.pilot.name}'}
c.Spawner.notebook_dir='${config.users.users.pilot.home}/projects/notebooks' c.Spawner.notebook_dir='${config.users.users.pilot.home}/projects/notebooks'
c.SystemdSpawner.mem_limit = '2G' c.SystemdSpawner.mem_limit = '2G'
@ -35,13 +42,18 @@ in
# }}} # }}}
# {{{ Python 3 kernel # {{{ Python 3 kernel
kernels.python3 = kernels.python3 =
let env = (pkgs.python3.withPackages (p: with p; [ let
ipykernel env = (
numpy pkgs.python3.withPackages (
scipy p: with p; [
matplotlib ipykernel
tabulate numpy
])); scipy
matplotlib
tabulate
]
)
);
in in
{ {
displayName = "Numerical mathematics setup"; displayName = "Numerical mathematics setup";

View file

@ -1,4 +1,5 @@
{ config, ... }: { { config, ... }:
{
# {{{ Zfs config # {{{ Zfs config
services.zfs = { services.zfs = {
trim.enable = true; trim.enable = true;
@ -36,12 +37,4 @@
# }}} # }}}
}; };
# }}} # }}}
# {{{ Syncoid
# Automatically sync certain snapshot to rsync.net
services.syncoid = {
enable = true;
commands."zroot/root/persist/data".target = "root@rsync.net:zroot/root/persist/data";
commands."zroot/root/persist/state".target = "root@rsync.net:zroot/root/persist/state";
};
# }}}
} }

View file

@ -1,88 +1,48 @@
{ pkgs, ... }:
{ {
config, # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
lib, system.stateVersion = "22.11";
pkgs,
...
}:
{
# {{{ Imports # {{{ Imports
imports = [ imports = [
../common/global ../common/global
../common/users/pilot.nix ../common/users/pilot.nix
../common/optional/pipewire.nix
../common/optional/bluetooth.nix ../common/optional/bluetooth.nix
../common/optional/greetd.nix ../common/optional/greetd.nix
../common/optional/oci.nix
../common/optional/quietboot.nix ../common/optional/quietboot.nix
../common/optional/desktop
../common/optional/desktop/steam.nix ../common/optional/desktop/steam.nix
../common/optional/desktop/xdg-portal.nix
../common/optional/wayland/hyprland.nix ../common/optional/wayland/hyprland.nix
../common/optional/services/kanata.nix ../common/optional/services/kanata.nix
../common/optional/services/restic ../common/optional/services/restic
./services/syncthing.nix
./hardware ./hardware
./boot.nix ./boot.nix
./services/syncthing.nix
]; ];
# }}} # }}}
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "22.11";
services.mullvad-vpn.enable = true;
# {{{ Machine ids # {{{ Machine ids
networking.hostName = "tethys"; networking.hostName = "tethys";
environment.etc.machine-id.text = "08357db3540c4cd2b76d4bb7f825ec88"; environment.etc.machine-id.text = "08357db3540c4cd2b76d4bb7f825ec88";
# }}} # }}}
# {{{ A few ad-hoc hardware settings
hardware.enableAllFirmware = true;
hardware.opengl.enable = true;
hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
powerManagement.cpuFreqGovernor = "performance";
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
CPU_SCALING_GOVERNOR_ON_AC = "performance";
};
};
# }}}
# {{{ A few ad-hoc programs # {{{ A few ad-hoc programs
programs.kdeconnect.enable = true; programs.kdeconnect.enable = true;
programs.firejail.enable = true; programs.firejail.enable = true;
programs.extra-container.enable = true; services.mullvad-vpn.enable = true;
virtualisation.docker.enable = true;
virtualisation.waydroid.enable = true;
# virtualisation.spiceUSBRedirection.enable = true; # This was required for the vm usb passthrough tomfoolery
# }}}
# {{{ Ad-hoc stylix targets
stylix.targets.gtk.enable = true;
# }}}
# {{{ Some ad-hoc site blocking
networking.extraHosts =
let
blacklisted = [
# "twitter.com"
# "www.reddit.com"
"minesweeper.online"
];
blacklist = lib.concatStringsSep "\n" (lib.forEach blacklisted (host: "127.0.0.1 ${host}"));
in
blacklist;
# }}}
services.mysql = { services.mysql = {
enable = true; enable = true;
package = pkgs.mysql80; package = pkgs.mysql80;
}; };
# }}}
programs.dconf.enable = true; # {{{ Ad-hoc stylix targets
services.gnome.evolution-data-server.enable = true; stylix.targets.gtk.enable = true;
services.gnome.gnome-online-accounts.enable = true; # }}}
# {{{ Tailscale internal IP DNS records
# Tailscale internal IP DNS records
satellite.dns.records = [ satellite.dns.records = [
# { # {
# at = config.networking.hostName; # at = config.networking.hostName;
@ -95,4 +55,5 @@
# value = "fd7a:115c:a1e0::e75d:883b"; # value = "fd7a:115c:a1e0::e75d:883b";
# } # }
]; ];
# }}}
} }

View file

@ -1,5 +1,6 @@
{ inputs, ... }: { inputs, ... }:
{ {
# {{{ Imports
imports = with inputs.nixos-hardware.nixosModules; [ imports = with inputs.nixos-hardware.nixosModules; [
common-cpu-intel common-cpu-intel
# common-gpu-intel # This leads to a "prop ... defined twice" error # common-gpu-intel # This leads to a "prop ... defined twice" error
@ -7,4 +8,21 @@
common-pc-ssd common-pc-ssd
./generated.nix ./generated.nix
]; ];
# }}}
# {{{ Misc
hardware.enableAllFirmware = true;
hardware.opengl.enable = true;
hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
# }}}
# {{{ Power management
powerManagement.cpuFreqGovernor = "performance";
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
CPU_SCALING_GOVERNOR_ON_AC = "performance";
};
};
# }}}
} }