Prepare calypso install
This commit is contained in:
parent
3a4d400fef
commit
454aae8f88
17
.sops.yaml
17
.sops.yaml
|
@ -1,26 +1,33 @@
|
||||||
keys:
|
keys:
|
||||||
- &users:
|
- &users:
|
||||||
- &prescientmoon age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
- &prescientmoon_tethys age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
||||||
|
- &prescientmoon_calypso age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
|
||||||
- &hosts:
|
- &hosts:
|
||||||
- &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
|
- &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
|
||||||
- &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
|
- &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
|
||||||
|
- &calypso age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: hosts/nixos/common/secrets.yaml
|
- path_regex: hosts/nixos/common/secrets.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *prescientmoon
|
- *prescientmoon_tethys
|
||||||
|
- *prescientmoon_calypso
|
||||||
- *tethys
|
- *tethys
|
||||||
- *lapetus
|
- *lapetus
|
||||||
|
- *calypso
|
||||||
- path_regex: hosts/nixos/lapetus/secrets.yaml
|
- path_regex: hosts/nixos/lapetus/secrets.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *prescientmoon
|
- *prescientmoon_tethys
|
||||||
|
- *prescientmoon_calypso
|
||||||
- *lapetus
|
- *lapetus
|
||||||
- path_regex: home/features/desktop/wakatime/secrets.yaml
|
- path_regex: home/features/desktop/wakatime/secrets.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *prescientmoon
|
- *prescientmoon_tethys
|
||||||
|
- *prescientmoon_calypso
|
||||||
- path_regex: home/features/cli/productivity/secrets.yaml
|
- path_regex: home/features/cli/productivity/secrets.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *prescientmoon
|
- *prescientmoon_tethys
|
||||||
|
- *prescientmoon_calypso
|
||||||
|
|
|
@ -17,9 +17,9 @@ The current state of this repo is a refactor of my old, messy nixos config, base
|
||||||
|
|
||||||
This repo's structure is based on the concept of hosts - individual machines configured by me. I'm naming each host based on things in space/mythology (_they are the same picture_). The hosts I have right now are:
|
This repo's structure is based on the concept of hosts - individual machines configured by me. I'm naming each host based on things in space/mythology (_they are the same picture_). The hosts I have right now are:
|
||||||
|
|
||||||
- [tethys](./hosts/nixos/tethys/) — my personal laptop
|
- [calypso](./hosts/nixos/calypso/) — my personal laptop
|
||||||
|
- [tethys](./hosts/nixos/tethys/) — my previous personal laptop
|
||||||
- [lapetus](./hosts/nixos/lapetus/) — older laptop running as a server
|
- [lapetus](./hosts/nixos/lapetus/) — older laptop running as a server
|
||||||
- [euporie](./hosts/nixos/euporie/) — barebones host for testing things insdie a VM
|
|
||||||
- enceladus — my android phone. Although not configured using nix, this name gets referenced in some places
|
- enceladus — my android phone. Although not configured using nix, this name gets referenced in some places
|
||||||
|
|
||||||
## File structure
|
## File structure
|
||||||
|
|
|
@ -1,13 +1,24 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
stylix.fonts = {
|
stylix.fonts = {
|
||||||
# monospace = { name = "Iosevka"; package = pkgs.iosevka; };
|
# monospace = { name = "Iosevka"; package = pkgs.iosevka; };
|
||||||
monospace = { name = "Cascadia Code"; package = pkgs.cascadia-code; };
|
monospace = {
|
||||||
sansSerif = { name = "CMUSansSerif"; package = pkgs.cm_unicode; };
|
name = "Cascadia Code";
|
||||||
serif = { name = "CMUSerif-Roman"; package = pkgs.cm_unicode; };
|
package = pkgs.cascadia-code;
|
||||||
|
};
|
||||||
|
sansSerif = {
|
||||||
|
name = "CMUSansSerif";
|
||||||
|
package = pkgs.cm_unicode;
|
||||||
|
};
|
||||||
|
serif = {
|
||||||
|
name = "CMUSerif-Roman";
|
||||||
|
package = pkgs.cm_unicode;
|
||||||
|
};
|
||||||
|
|
||||||
sizes = {
|
sizes = {
|
||||||
desktop = 13;
|
desktop = 13;
|
||||||
applications = 15;
|
applications = 15;
|
||||||
|
terminal = 25;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -491,11 +491,11 @@
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "pkgs/firefox-addons",
|
"dir": "pkgs/firefox-addons",
|
||||||
"lastModified": 1720411406,
|
"lastModified": 1723521794,
|
||||||
"narHash": "sha256-Z3tMBbMeYQKz1YYmSnbLglG9lm1l/EU+h3CFPJCli4I=",
|
"narHash": "sha256-mmcakr+6z7/SDg+e2p1TYQorjYvUzWqG2KUIsmikARM=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "a2a2d880d5ec199ee333c9bf929865d65f92a1d4",
|
"rev": "abafaabfa893ac432bae898a8652bc4a83c49d27",
|
||||||
"revCount": 3677,
|
"revCount": 3727,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://gitlab.com/rycee/nur-expressions?dir=pkgs/firefox-addons"
|
"url": "https://gitlab.com/rycee/nur-expressions?dir=pkgs/firefox-addons"
|
||||||
},
|
},
|
||||||
|
|
113
flake.nix
113
flake.nix
|
@ -60,7 +60,7 @@
|
||||||
spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
|
spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
# }}}
|
# }}}
|
||||||
# {{{ Theming
|
# {{{ Theming
|
||||||
darkmatter-grub-theme.url = gitlab:VandalByte/darkmatter-grub-theme;
|
darkmatter-grub-theme.url = "gitlab:VandalByte/darkmatter-grub-theme";
|
||||||
darkmatter-grub-theme.inputs.nixpkgs.follows = "nixpkgs";
|
darkmatter-grub-theme.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
stylix.url = "github:danth/stylix/a33d88cf8f75446f166f2ff4f810a389feed2d56";
|
stylix.url = "github:danth/stylix/a33d88cf8f75446f166f2ff4f810a389feed2d56";
|
||||||
|
@ -73,7 +73,13 @@
|
||||||
};
|
};
|
||||||
# }}}
|
# }}}
|
||||||
|
|
||||||
outputs = { self, nixpkgs, home-manager, ... }@inputs:
|
outputs =
|
||||||
|
{
|
||||||
|
self,
|
||||||
|
nixpkgs,
|
||||||
|
home-manager,
|
||||||
|
...
|
||||||
|
}@inputs:
|
||||||
let
|
let
|
||||||
# {{{ Common helpers
|
# {{{ Common helpers
|
||||||
inherit (self) outputs;
|
inherit (self) outputs;
|
||||||
|
@ -84,33 +90,37 @@
|
||||||
|
|
||||||
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
|
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
|
||||||
};
|
};
|
||||||
# }}}
|
|
||||||
in
|
in
|
||||||
|
# }}}
|
||||||
{
|
{
|
||||||
# {{{ Packages
|
# {{{ Packages
|
||||||
# Accessible through 'nix build', 'nix shell', etc
|
# Accessible through 'nix build', 'nix shell', etc
|
||||||
packages = forAllSystems
|
packages = forAllSystems (
|
||||||
(system:
|
system:
|
||||||
let
|
let
|
||||||
pkgs = nixpkgs.legacyPackages.${system};
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
|
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
|
||||||
myPkgs = import ./pkgs { inherit pkgs upkgs; };
|
myPkgs = import ./pkgs { inherit pkgs upkgs; };
|
||||||
in
|
in
|
||||||
myPkgs // {
|
myPkgs
|
||||||
octodns = upkgs.octodns.withProviders
|
// {
|
||||||
(ps: [ myPkgs.octodns-cloudflare ]);
|
octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
|
||||||
} // (import ./dns/pkgs.nix) { inherit pkgs self system; }
|
}
|
||||||
);
|
// (import ./dns/pkgs.nix) { inherit pkgs self system; }
|
||||||
|
);
|
||||||
# }}}
|
# }}}
|
||||||
# {{{ Bootstrapping and other pinned devshells
|
# {{{ Bootstrapping and other pinned devshells
|
||||||
# Accessible through 'nix develop'
|
# Accessible through 'nix develop'
|
||||||
devShells = forAllSystems
|
devShells = forAllSystems (
|
||||||
(system:
|
system:
|
||||||
let
|
let
|
||||||
pkgs = nixpkgs.legacyPackages.${system};
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
args = { inherit pkgs; } // specialArgs system;
|
args = {
|
||||||
in
|
inherit pkgs;
|
||||||
import ./devshells args);
|
} // specialArgs system;
|
||||||
|
in
|
||||||
|
import ./devshells args
|
||||||
|
);
|
||||||
# }}}
|
# }}}
|
||||||
# {{{ Overlays and modules
|
# {{{ Overlays and modules
|
||||||
# Custom packages and modifications, exported as overlays
|
# Custom packages and modifications, exported as overlays
|
||||||
|
@ -126,24 +136,38 @@
|
||||||
# NixOS configuration entrypoint
|
# NixOS configuration entrypoint
|
||||||
# Available through 'nixos-rebuild --flake .#...
|
# Available through 'nixos-rebuild --flake .#...
|
||||||
nixosConfigurations =
|
nixosConfigurations =
|
||||||
let nixos = { system, hostname }: nixpkgs.lib.nixosSystem {
|
let
|
||||||
inherit system;
|
nixos =
|
||||||
specialArgs = specialArgs system;
|
{ system, hostname }:
|
||||||
|
nixpkgs.lib.nixosSystem {
|
||||||
|
inherit system;
|
||||||
|
specialArgs = specialArgs system;
|
||||||
|
|
||||||
modules = [
|
modules = [
|
||||||
home-manager.nixosModules.home-manager
|
# {{{ Import home manager
|
||||||
{
|
(
|
||||||
home-manager.users.pilot = import ./home/${hostname}.nix;
|
{ lib, ... }:
|
||||||
home-manager.extraSpecialArgs = specialArgs system // { inherit hostname; };
|
{
|
||||||
home-manager.useUserPackages = true;
|
imports = lib.lists.optional (builtins.pathExists ./home/${hostname}.nix) [
|
||||||
|
home-manager.nixosModules.home-manager
|
||||||
|
{
|
||||||
|
home-manager.users.pilot = import ./home/${hostname}.nix;
|
||||||
|
home-manager.extraSpecialArgs = specialArgs system // {
|
||||||
|
inherit hostname;
|
||||||
|
};
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
|
|
||||||
stylix.homeManagerIntegration.followSystem = false;
|
stylix.homeManagerIntegration.followSystem = false;
|
||||||
stylix.homeManagerIntegration.autoImport = false;
|
stylix.homeManagerIntegration.autoImport = false;
|
||||||
}
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
)
|
||||||
|
# }}}
|
||||||
|
|
||||||
./hosts/nixos/${hostname}
|
./hosts/nixos/${hostname}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
tethys = nixos {
|
tethys = nixos {
|
||||||
|
@ -156,14 +180,15 @@
|
||||||
hostname = "lapetus";
|
hostname = "lapetus";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Disabled because `flake check` complains about filesystems and bootloader
|
calypso = nixos {
|
||||||
# options not being set. This is not an issue in practice, as this config is
|
system = "x86_64-linux";
|
||||||
# supposed to be used inside a VM, but there's not much I can do about it.
|
hostname = "calypso";
|
||||||
# euporie = nixos {
|
};
|
||||||
# system = "x86_64-linux";
|
|
||||||
# hostname = "euporie";
|
|
||||||
# };
|
|
||||||
|
|
||||||
|
iso = nixos {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
hostname = "iso";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
# }}}
|
# }}}
|
||||||
};
|
};
|
||||||
|
|
74
home/calypso.nix
Normal file
74
home/calypso.nix
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./global.nix
|
||||||
|
|
||||||
|
./features/desktop/zathura.nix
|
||||||
|
./features/desktop/spotify.nix
|
||||||
|
./features/desktop/obsidian.nix
|
||||||
|
./features/desktop/foot.nix
|
||||||
|
./features/desktop/firefox
|
||||||
|
./features/desktop/discord
|
||||||
|
./features/cli/productivity
|
||||||
|
./features/cli/pass.nix
|
||||||
|
./features/cli/zellij.nix
|
||||||
|
./features/cli/nix-index.nix
|
||||||
|
./features/cli/catgirl.nix
|
||||||
|
./features/cli/lazygit.nix
|
||||||
|
./features/wayland/hyprland
|
||||||
|
./features/neovim
|
||||||
|
];
|
||||||
|
|
||||||
|
# Arbitrary extra packages
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
# {{{ Communication
|
||||||
|
# signal-desktop # Signal client
|
||||||
|
element-desktop # Matrix client
|
||||||
|
# zoom-us # Zoom client 🤮
|
||||||
|
# }}}
|
||||||
|
# {{{ Editors for different formats
|
||||||
|
gimp # Image editing
|
||||||
|
# lmms # Music software
|
||||||
|
# kicad # PCB editing
|
||||||
|
# libreoffice # Free office suite
|
||||||
|
# }}}
|
||||||
|
# {{{ Gaming
|
||||||
|
# wine # Windows compat layer or whatever
|
||||||
|
# lutris # Game launcher
|
||||||
|
# }}}
|
||||||
|
# {{{ Clis
|
||||||
|
sops # Secret editing
|
||||||
|
# sherlock # Search for usernames across different websites
|
||||||
|
# }}}
|
||||||
|
# {{{ Misc
|
||||||
|
bitwarden # Password-manager
|
||||||
|
qbittorrent # Torrent client
|
||||||
|
# google-chrome # Not my primary browser, but sometimes needed in webdev
|
||||||
|
# plover.dev # steno engine
|
||||||
|
|
||||||
|
overskride # Bluetooth client
|
||||||
|
# }}}
|
||||||
|
# {{{ Media playing/recording
|
||||||
|
mpv # Video player
|
||||||
|
imv # Image viewer
|
||||||
|
# peek # GIF recorder
|
||||||
|
# obs-studio # video recorder
|
||||||
|
# }}}
|
||||||
|
];
|
||||||
|
|
||||||
|
home.username = "moon";
|
||||||
|
home.stateVersion = "24.05";
|
||||||
|
|
||||||
|
satellite = {
|
||||||
|
# Symlink some commonly modified dotfiles outside the nix store
|
||||||
|
dev.enable = true;
|
||||||
|
|
||||||
|
monitors = [
|
||||||
|
{
|
||||||
|
name = "eDP-1";
|
||||||
|
width = 1920;
|
||||||
|
height = 1080;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,11 +0,0 @@
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./global.nix
|
|
||||||
./features/wayland/hyprland
|
|
||||||
];
|
|
||||||
|
|
||||||
# Set up my custom imperanence wrapper
|
|
||||||
satellite.persistence = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -12,11 +12,20 @@ sops:
|
||||||
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYkx3eWhxZUpTRVR3R1R4
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTk5WWWlsK2ZyTEJEQjFH
|
||||||
Vm9hMTVsbXBnU0tFU093amU3TTNjalhsVHdvCmZURElTY2Q0eTQvR3M1V3AzTVl4
|
ZW1XWm9uTlZBeXB2ZUFzaDVYUTNlSDh3aWpnClRmbExNQmRXMVVNS3BYODF1d2Ez
|
||||||
VkR2NXRHR2FiTURqNUp5Y3VDWFQ1UjgKLS0tIEVlRWs3YUFaZzdvd1Q5bmFwazJi
|
bVQ3UGZ5TTMrdm5GVjlQMk5sak55Qk0KLS0tIEVLVys2cnJ0Z0EvRmpUV3B2Nk9J
|
||||||
Y2E3bmM1TkZoOEN0anJqYUNSQUN5ZDAKtobUBBKbfaUeiPtKN4/oTNaxY3C2joCK
|
NzVJZmpmODYramRNaHFxL0wzOHduSTgKgq0kqWffjhQnXoiBvsBYCTxHoA6u1jug
|
||||||
8h4FlRLXd+CGnAyjN2p4FliWzLgmOg4HFNmZSmYLpIh4E9yqadNSSg==
|
xb5LuisZElikx3BVKoNV1HpuUwWe83VSK2hJw1lfpQZ/DFByrv5YfA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcFlQYjZ1N0JrSnVoUENB
|
||||||
|
MXl2Um9PMEhCVHFySU1MWnpqNjcxamZJRjJ3CjlMS1N3TjdxOVl1REZ3M2hSYlhi
|
||||||
|
VW9qZy9FbnJqKy9ObVc5bGNNRksrT3MKLS0tIDY5aGVZUVpkVUgvSVFHbFcwOWVY
|
||||||
|
SFVUTlpIaDlZUDhJT3hicWpxRzBia2sK6hu2aJMyHMYRwlEkbcPDtqUlU9VsDCsR
|
||||||
|
fBXvietF/w/TpfY+G2fCEDcWJAtQ7lLM0tNiiNqbUQwWBWddPVyPBA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-12T23:55:37Z"
|
lastmodified: "2024-02-12T23:55:37Z"
|
||||||
mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str]
|
mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str]
|
||||||
|
|
|
@ -15,4 +15,7 @@
|
||||||
package = pkgs.papirus-icon-theme;
|
package = pkgs.papirus-icon-theme;
|
||||||
name = "Papirus";
|
name = "Papirus";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Bigger text in qt apps
|
||||||
|
home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4;
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,11 +8,20 @@ sops:
|
||||||
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR0RmdFIxNFJpQTdGYXlq
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dDhCMWVSY280NUlsd3Bu
|
||||||
bkZrNktMaFlrOEZtSXh6Y1l6NTN0REN6N2dnCmNMRUk2TXA3RWhtZVlnbTg2aE00
|
L3QreE1zSGdQWnV3Tm1SQzh2SUF0VDlBcTMwCjNhdE51VzlRdXlRY241VXpaVkFR
|
||||||
eFVwejBTcWRaTUhGWFFIS1RlVkhhQ28KLS0tIEdWWGRWSDZOQW9pQkdCRFFncTM2
|
MndqZTQxQ0FCQ3pvb3BXcXRrR3BYc2cKLS0tIElLYkVLL2h2NXNabW5CRXVla0pa
|
||||||
cURjWFplY1pyMzY4a0h6cTRLS2I2ZW8KqGtYjCsdriSWdKhC+kGBAMSY9WVDL3tE
|
LzY0ejRvMDVmR21ISkdraHZzTndmRmcKVcQeKFytVs8QlkQpMA1GfLL8ccrbSqD+
|
||||||
oMxyhrgDMtWndZEGv1+J3XLLmatDKmEcJO2k0CXZlCWWj17O4Rm+eA==
|
7+5YJoDMiHS01Jgbh+4HNFIg/P3S3yIOCRx+ukvWF2/p7GP55Braxg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBackQ3NzRMZ25RekM5cjNz
|
||||||
|
dlRXeTUyTVFlSDFRSC9jeFFoYlVKbWJRbEFNCnpKZHViK2F2VWJYTTBlNXpITUo1
|
||||||
|
SFlUZUR0WTE4cUFZQlE0YzJJdS9TVVEKLS0tIE45Y25Bam5mdUNkTXkwOGkzb09t
|
||||||
|
ejU0YlVQR3JhaUE2aHBRUFhXaEdTV1EKgsHa/nufIXbLnrkvXNsZJ30dH1L2tMKf
|
||||||
|
jZufrpkQuPXWYzubUYejgQ0/yHGTDQtT9ptn72isGKKgSJZllCnPiA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-05-09T13:00:44Z"
|
lastmodified: "2024-05-09T13:00:44Z"
|
||||||
mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str]
|
mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str]
|
||||||
|
|
|
@ -1,4 +1,10 @@
|
||||||
{ inputs, lib, config, outputs, ... }:
|
{
|
||||||
|
inputs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
outputs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
let
|
let
|
||||||
# {{{ Imports
|
# {{{ Imports
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -23,8 +29,8 @@ let
|
||||||
../common
|
../common
|
||||||
# }}}
|
# }}}
|
||||||
];
|
];
|
||||||
# }}}
|
|
||||||
in
|
in
|
||||||
|
# }}}
|
||||||
{
|
{
|
||||||
# Import all modules defined in modules/home-manager
|
# Import all modules defined in modules/home-manager
|
||||||
imports = builtins.attrValues outputs.homeManagerModules ++ imports;
|
imports = builtins.attrValues outputs.homeManagerModules ++ imports;
|
||||||
|
@ -32,10 +38,9 @@ in
|
||||||
# {{{ Nixpkgs
|
# {{{ Nixpkgs
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
# Add all overlays defined in the overlays directory
|
# Add all overlays defined in the overlays directory
|
||||||
overlays = builtins.attrValues outputs.overlays ++
|
overlays =
|
||||||
lib.lists.optional
|
builtins.attrValues outputs.overlays
|
||||||
config.satellite.toggles.neovim-nightly.enable
|
++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
|
||||||
inputs.neovim-nightly-overlay.overlay;
|
|
||||||
|
|
||||||
config.allowUnfree = true;
|
config.allowUnfree = true;
|
||||||
|
|
||||||
|
@ -55,7 +60,6 @@ in
|
||||||
home = {
|
home = {
|
||||||
username = lib.mkDefault "adrielus";
|
username = lib.mkDefault "adrielus";
|
||||||
homeDirectory = "/home/${config.home.username}";
|
homeDirectory = "/home/${config.home.username}";
|
||||||
stateVersion = lib.mkDefault "23.05";
|
|
||||||
};
|
};
|
||||||
# }}}
|
# }}}
|
||||||
# {{{ Ad-hoc settings
|
# {{{ Ad-hoc settings
|
||||||
|
|
|
@ -1,3 +1,4 @@
|
||||||
{
|
{
|
||||||
imports = [ ./global.nix ];
|
imports = [ ./global.nix ];
|
||||||
|
home.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./global.nix
|
./global.nix
|
||||||
|
|
||||||
|
@ -20,7 +21,6 @@
|
||||||
|
|
||||||
# Arbitrary extra packages
|
# Arbitrary extra packages
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
alacritty
|
|
||||||
# {{{ Communication
|
# {{{ Communication
|
||||||
# signal-desktop # Signal client
|
# signal-desktop # Signal client
|
||||||
element-desktop # Matrix client
|
element-desktop # Matrix client
|
||||||
|
@ -57,15 +57,18 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4; # Bigger text in qt apps
|
home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4; # Bigger text in qt apps
|
||||||
|
home.stateVersion = "23.05";
|
||||||
|
|
||||||
satellite = {
|
satellite = {
|
||||||
# Symlink some commonly modified dotfiles outside the nix store
|
# Symlink some commonly modified dotfiles outside the nix store
|
||||||
dev.enable = true;
|
dev.enable = true;
|
||||||
|
|
||||||
monitors = [{
|
monitors = [
|
||||||
name = "eDP-1";
|
{
|
||||||
width = 1920;
|
name = "eDP-1";
|
||||||
height = 1080;
|
width = 1920;
|
||||||
}];
|
height = 1080;
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
56
hosts/nixos/calypso/default.nix
Normal file
56
hosts/nixos/calypso/default.nix
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
|
||||||
|
# {{{ Imports
|
||||||
|
imports = [
|
||||||
|
../common/global
|
||||||
|
../common/users/pilot.nix
|
||||||
|
|
||||||
|
../common/optional/bluetooth.nix
|
||||||
|
../common/optional/greetd.nix
|
||||||
|
../common/optional/oci.nix
|
||||||
|
../common/optional/quietboot.nix
|
||||||
|
|
||||||
|
../common/optional/desktop
|
||||||
|
../common/optional/desktop/steam.nix
|
||||||
|
../common/optional/wayland/hyprland.nix
|
||||||
|
|
||||||
|
../common/optional/services/kanata.nix
|
||||||
|
../common/optional/services/syncthing.nix
|
||||||
|
../common/optional/services/restic
|
||||||
|
|
||||||
|
./services/snapper.nix
|
||||||
|
|
||||||
|
./filesystems
|
||||||
|
./hardware
|
||||||
|
];
|
||||||
|
# }}}
|
||||||
|
# {{{ Machine ids
|
||||||
|
networking.hostName = "calypso";
|
||||||
|
networking.hostId = "";
|
||||||
|
environment.etc.machine-id.text = "";
|
||||||
|
# }}}
|
||||||
|
# {{{ Tailscale internal IP DNS records
|
||||||
|
satellite.dns.records = [
|
||||||
|
# {
|
||||||
|
# at = config.networking.hostName;
|
||||||
|
# type = "A";
|
||||||
|
# value = "100.93.136.59";
|
||||||
|
# }
|
||||||
|
# {
|
||||||
|
# at = config.networking.hostName;
|
||||||
|
# type = "AAAA";
|
||||||
|
# value = "fd7a:115c:a1e0::e75d:883b";
|
||||||
|
# }
|
||||||
|
];
|
||||||
|
# }}}
|
||||||
|
# {{{ A few ad-hoc programs
|
||||||
|
programs.kdeconnect.enable = true;
|
||||||
|
programs.firejail.enable = true;
|
||||||
|
# }}}
|
||||||
|
|
||||||
|
satellite.pilot.name = "moon";
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
}
|
40
hosts/nixos/calypso/filesystems/default.nix
Normal file
40
hosts/nixos/calypso/filesystems/default.nix
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
{ lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [ (import ./partitions.nix { }) ];
|
||||||
|
|
||||||
|
boot.supportedFilesystems = [ "btrfs" ];
|
||||||
|
services.btrfs.autoScrub.enable = true;
|
||||||
|
|
||||||
|
# {{{ Mark a bunch of paths as needed for boot
|
||||||
|
fileSystems =
|
||||||
|
lib.attrsets.genAttrs
|
||||||
|
[
|
||||||
|
"/"
|
||||||
|
"/nix"
|
||||||
|
"/persist/data"
|
||||||
|
"/persist/state"
|
||||||
|
"/persist/local/cache"
|
||||||
|
"/boot"
|
||||||
|
]
|
||||||
|
(p: {
|
||||||
|
neededForBoot = true;
|
||||||
|
});
|
||||||
|
# }}}
|
||||||
|
# {{{ Rollback
|
||||||
|
boot.initrd.systemd.services.rollback = {
|
||||||
|
path = [ pkgs.btrfs-progs ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
RemainAfterExit = true;
|
||||||
|
};
|
||||||
|
unitConfig.DefaultDependencies = "no";
|
||||||
|
wantedBy = [ "initrd.target" ];
|
||||||
|
after = [ "systemd-cryptsetup@enc.service" ];
|
||||||
|
before = [ "sysroot.mount" ];
|
||||||
|
script = ''
|
||||||
|
btrfs subvolume delete /root
|
||||||
|
btrfs subvolume snapshot /blank /root
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
}
|
102
hosts/nixos/calypso/filesystems/partitions.nix
Normal file
102
hosts/nixos/calypso/filesystems/partitions.nix
Normal file
|
@ -0,0 +1,102 @@
|
||||||
|
{
|
||||||
|
disks ? [ "/dev/sda" ],
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
disko.devices.disk.main = {
|
||||||
|
type = "disk";
|
||||||
|
device = builtins.elemAt disks 0;
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
# {{{ Boot
|
||||||
|
ESP = {
|
||||||
|
size = "512M";
|
||||||
|
type = "EF00";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
mountOptions = [ "defaults" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
# {{{ Luks
|
||||||
|
luks = {
|
||||||
|
size = "384G"; # The remaining space is left for windows
|
||||||
|
content = {
|
||||||
|
type = "luks";
|
||||||
|
name = "crypted";
|
||||||
|
passwordFile = "/hermes/secrets/calypso/disk.key";
|
||||||
|
settings.allowDiscards = true;
|
||||||
|
content = {
|
||||||
|
type = "btrfs";
|
||||||
|
extraArgs = [ "-f" ];
|
||||||
|
|
||||||
|
postCreateHook = ''
|
||||||
|
# We then take an empty *readonly* snapshot of the root subvolume,
|
||||||
|
# which we'll eventually rollback to on every boot.
|
||||||
|
btrfs subvolume snapshot -r /root /blank
|
||||||
|
'';
|
||||||
|
|
||||||
|
subvolumes = {
|
||||||
|
# {{{ /root
|
||||||
|
"/root" = {
|
||||||
|
mountpoint = "/";
|
||||||
|
mountOptions = [
|
||||||
|
"compress=zstd"
|
||||||
|
"noatime"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
# {{{ /swap
|
||||||
|
"/swap" = {
|
||||||
|
mountpoint = "/.swapvol";
|
||||||
|
swap.swapfile.size = "20G";
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
# {{{ /root/persist/data
|
||||||
|
"/root/persist/data" = {
|
||||||
|
mountpoint = "/persist/data";
|
||||||
|
mountOptions = [
|
||||||
|
"compress=zstd"
|
||||||
|
"noatime"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
# {{{ /root/persist/state
|
||||||
|
"/root/persist/state" = {
|
||||||
|
mountpoint = "/persist/state";
|
||||||
|
mountOptions = [
|
||||||
|
"compress=zstd"
|
||||||
|
"noatime"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
# {{{ /root/local/nix
|
||||||
|
"/root/local/nix" = {
|
||||||
|
mountpoint = "/nix";
|
||||||
|
mountOptions = [
|
||||||
|
"compress=zstd"
|
||||||
|
"noatime"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
# {{{ /root/local/cache
|
||||||
|
"/root/local/cache" = {
|
||||||
|
mountpoint = "/persist/local/cache";
|
||||||
|
mountOptions = [
|
||||||
|
"compress=zstd"
|
||||||
|
"noatime"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
28
hosts/nixos/calypso/hardware/default.nix
Normal file
28
hosts/nixos/calypso/hardware/default.nix
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{ inputs, ... }:
|
||||||
|
{
|
||||||
|
# {{{ Imports
|
||||||
|
imports = with inputs.nixos-hardware.nixosModules; [
|
||||||
|
common-cpu-amd
|
||||||
|
common-gpu-amd
|
||||||
|
common-pc-laptop
|
||||||
|
common-pc-ssd
|
||||||
|
./generated.nix
|
||||||
|
];
|
||||||
|
# }}}
|
||||||
|
# {{{ Misc
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
hardware.opengl.enable = true;
|
||||||
|
hardware.opentabletdriver.enable = true;
|
||||||
|
hardware.keyboard.qmk.enable = true;
|
||||||
|
# }}}
|
||||||
|
# {{{ Power management
|
||||||
|
powerManagement.cpuFreqGovernor = "performance";
|
||||||
|
services.tlp = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
|
||||||
|
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
}
|
1
hosts/nixos/calypso/keys/id_ed25519.pub
Executable file
1
hosts/nixos/calypso/keys/id_ed25519.pub
Executable file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBwFNYf8q84oGOwiGCXmJqeBPdglTPcWJB9nnLpmS2RG root@tethys
|
1
hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub
Executable file
1
hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub
Executable file
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASX1E4WYg5dydret3G0fWYJLQn2oRxNZdHWWaJojW1a root@tethys
|
1
hosts/nixos/calypso/keys/ssh_host_rsa_key.pub
Executable file
1
hosts/nixos/calypso/keys/ssh_host_rsa_key.pub
Executable file
|
@ -0,0 +1 @@
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAfRDNDA5B0YlnR0K5wQ0w6pMl0Pi8WIjanKol5SA615VDye3caBdv3UzxdC221ECIa9bZQcaKt/ncIuj/3fE49W8D0+2wL/1Eruy4ximAVAtLgIMzm+hl/dP3KsyTjUajIUbso08S9PUjtJl8PgmiiEPEppMAo++hwKycn5bRoUywE/VoNgPhAB5sgKaFZiQhPu4q0mZWhikGiaJzKPRi84bP4gCL9/h0slSWP3VmhWE7Vyvyjv6OKHdfjXoJA/AjSd3VogmGnzDWUI5lkwJzkHv/ybie9+7y+0o+wBu4+0lJlchBEq0f6dp9fw0MZRt84DYw8/MFDa+SXq5cO5aAwHARpRYeAHkPIRnwJbxTqn6uDlAdWrIxY8SPXIrrBpfnVSoaH8SJN/spsEoILkqrOpncQi5QP1rY8Bi2zaI13WD1kYsh9l4FqmqvCeawEgN0pedudZf2qqHWD93lDTAWxM7k5rPHSSgnnfsgwE35peBpmepJH8ZNFaBqw+aCvIM= root@tethys
|
37
hosts/nixos/calypso/services/snapper.nix
Normal file
37
hosts/nixos/calypso/services/snapper.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
{
|
||||||
|
services.snapper = {
|
||||||
|
snapshotInterval = "hourly";
|
||||||
|
cleanupInterval = "1d";
|
||||||
|
# http://snapper.io/manpages/snapper-configs.html
|
||||||
|
configs = {
|
||||||
|
# {{{ Data
|
||||||
|
data = {
|
||||||
|
SUBVOLUME = "/root/persist/data";
|
||||||
|
TIMELINE_CREATE = true;
|
||||||
|
TIMELINE_CLEANUP = true;
|
||||||
|
BACKGROUND_COMPARISON = "yes";
|
||||||
|
|
||||||
|
TIMELINE_LIMIT_HOURLY = "24";
|
||||||
|
TIMELINE_LIMIT_DAILY = "7";
|
||||||
|
TIMELINE_LIMIT_WEEKLY = "4";
|
||||||
|
TIMELINE_LIMIT_MONTHLY = "12";
|
||||||
|
TIMELINE_LIMIT_YEARLY = "0";
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
# {{{ State
|
||||||
|
state = {
|
||||||
|
SUBVOLUME = "/root/persist/state";
|
||||||
|
TIMELINE_CREATE = true;
|
||||||
|
TIMELINE_CLEANUP = true;
|
||||||
|
BACKGROUND_COMPARISON = "yes";
|
||||||
|
|
||||||
|
TIMELINE_LIMIT_HOURLY = "6";
|
||||||
|
TIMELINE_LIMIT_DAILY = "3";
|
||||||
|
TIMELINE_LIMIT_WEEKLY = "1";
|
||||||
|
TIMELINE_LIMIT_MONTHLY = "1";
|
||||||
|
TIMELINE_LIMIT_YEARLY = "0";
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,12 +0,0 @@
|
||||||
{ pkgs, inputs, lib, ... }: {
|
|
||||||
security.sudo = {
|
|
||||||
enable = true;
|
|
||||||
extraRules = [{
|
|
||||||
commands = [{
|
|
||||||
command = lib.getExe inputs.deploy-rs.packages.${pkgs.system}.default;
|
|
||||||
options = [ "NOPASSWD" ];
|
|
||||||
}];
|
|
||||||
groups = [ "wheel" ];
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,5 +1,11 @@
|
||||||
# Configuration pieces included on all (nixos) hosts
|
# Configuration pieces included on all (nixos) hosts
|
||||||
{ inputs, lib, config, outputs, ... }:
|
{
|
||||||
|
inputs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
outputs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
let
|
let
|
||||||
# {{{ Imports
|
# {{{ Imports
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -23,8 +29,8 @@ let
|
||||||
../../../../common
|
../../../../common
|
||||||
# }}}
|
# }}}
|
||||||
];
|
];
|
||||||
# }}}
|
|
||||||
in
|
in
|
||||||
|
# }}}
|
||||||
{
|
{
|
||||||
# Import all modules defined in modules/nixos
|
# Import all modules defined in modules/nixos
|
||||||
imports = builtins.attrValues outputs.nixosModules ++ imports;
|
imports = builtins.attrValues outputs.nixosModules ++ imports;
|
||||||
|
@ -44,13 +50,17 @@ in
|
||||||
# Boot using systemd
|
# Boot using systemd
|
||||||
boot.initrd.systemd.enable = true;
|
boot.initrd.systemd.enable = true;
|
||||||
# }}}
|
# }}}
|
||||||
|
# {{{ Disable sudo default lecture
|
||||||
|
security.sudo.extraConfig = ''
|
||||||
|
Defaults lecture = never
|
||||||
|
'';
|
||||||
|
# }}}
|
||||||
|
|
||||||
nixpkgs = {
|
nixpkgs = {
|
||||||
# Add all overlays defined in the overlays directory
|
# Add all overlays defined in the overlays directory
|
||||||
overlays = builtins.attrValues outputs.overlays ++
|
overlays =
|
||||||
lib.lists.optional
|
builtins.attrValues outputs.overlays
|
||||||
config.satellite.toggles.neovim-nightly.enable
|
++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
|
||||||
inputs.neovim-nightly-overlay.overlay;
|
|
||||||
|
|
||||||
config.allowUnfree = true;
|
config.allowUnfree = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
# This setups a SSH server.
|
# This setups a SSH server.
|
||||||
{ outputs, config, lib, ... }:
|
{
|
||||||
|
outputs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
let
|
let
|
||||||
# Record containing all the hosts
|
# Record containing all the hosts
|
||||||
hosts = outputs.nixosConfigurations;
|
hosts = outputs.nixosConfigurations;
|
||||||
|
@ -15,8 +20,8 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
PermitRootLogin = "no"; # Forbid root login through SSH.
|
PermitRootLogin = lib.mkDefault "no"; # Forbid root login through SSH.
|
||||||
PasswordAuthentication = false; # Use keys only.
|
PasswordAuthentication = lib.mkDefault false; # Use keys only.
|
||||||
};
|
};
|
||||||
|
|
||||||
# Automatically remove stale sockets
|
# Automatically remove stale sockets
|
||||||
|
@ -26,7 +31,10 @@ in
|
||||||
|
|
||||||
# Generate ssh key
|
# Generate ssh key
|
||||||
hostKeys =
|
hostKeys =
|
||||||
let mkKey = type: path: extra: { inherit type path; } // extra;
|
let
|
||||||
|
mkKey =
|
||||||
|
type: path: extra:
|
||||||
|
{ inherit type path; } // extra;
|
||||||
in
|
in
|
||||||
[
|
[
|
||||||
(mkKey "ed25519" "/persist/state/etc/ssh/ssh_host_ed25519_key" { })
|
(mkKey "ed25519" "/persist/state/etc/ssh/ssh_host_ed25519_key" { })
|
||||||
|
@ -43,19 +51,22 @@ in
|
||||||
# attrsetof host -> attrsetof { ... }
|
# attrsetof host -> attrsetof { ... }
|
||||||
(builtins.mapAttrs
|
(builtins.mapAttrs
|
||||||
# string -> host -> { ... }
|
# string -> host -> { ... }
|
||||||
(name: _: {
|
(
|
||||||
publicKeyFile = pubKey name;
|
name: _: {
|
||||||
extraHostNames = lib.optional (name == hostname) "localhost";
|
publicKeyFile = pubKey name;
|
||||||
}))
|
extraHostNames = lib.optional (name == hostname) "localhost";
|
||||||
|
}
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
# attrsetof { ... } -> attrsetof { ... }
|
# attrsetof { ... } -> attrsetof { ... }
|
||||||
(lib.attrsets.filterAttrs
|
(lib.attrsets.filterAttrs
|
||||||
# string -> { ... } -> bool
|
# string -> { ... } -> bool
|
||||||
(_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile))
|
(_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile)
|
||||||
|
)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
# By default, this will ban failed ssh attempts
|
# By default, this will ban failed ssh attempts
|
||||||
services.fail2ban.enable = true;
|
services.fail2ban.enable = true;
|
||||||
|
|
||||||
|
|
8
hosts/nixos/common/optional/desktop/default.nix
Normal file
8
hosts/nixos/common/optional/desktop/default.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../pipewire.nix
|
||||||
|
./xdg-portal.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
stylix.targets.gtk.enable = true;
|
||||||
|
}
|
|
@ -1,14 +1,8 @@
|
||||||
{
|
{
|
||||||
virtualisation.oci-containers.backend = "docker";
|
virtualisation.oci-containers.backend = "docker";
|
||||||
|
|
||||||
|
|
||||||
environment.persistence = {
|
environment.persistence = {
|
||||||
"/persist/state".directories = [
|
"/persist/state".directories = [ "/var/lib/containers/storage" ];
|
||||||
"/var/lib/containers/storage"
|
"/persist/local/cache".directories = [ "/var/lib/containers/cache" ];
|
||||||
];
|
|
||||||
|
|
||||||
"/persist/local/cache".directories = [
|
|
||||||
"/var/lib/containers/cache"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,29 +11,47 @@ sops:
|
||||||
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbzNLcXFBcTlIM3hjZTN0
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRVRLdlFuS3I5aXRKRmdF
|
||||||
bTFZUDJnS3lROExSREVkd0FMeHU3RGVWdzJnCkszOVROZlBmZWl2cjFkcTZ1OWZw
|
TjFHY3Yvc2NUUlpYRUR6Y2JHRVgzTkhOZjFNCkhnZjU0R0VIbDJSNVNSb2hZUDd3
|
||||||
eThXSTliNmxHM3o3NzhUOUkvU0YzNzgKLS0tIHBWSmRTTlJBdmlKQy9YWHR0NGds
|
SERkaExNdkRDOXRSWlg5enluY3dXRUUKLS0tIFZBNTJYaHhxbmZhMG56UGFtd25u
|
||||||
ak5kUFRJK3JCcUYvSFY2eGtIOTk3RkkKl3yBZjjBExU9RoZbaKBixfsywqFWFnq4
|
aVNDS2h1NnFmMERIMzdUanp1MitBTGcKp4s32NVcyeJNI6BDeU1GGz5xjoSW/iH7
|
||||||
n7olhkNMVIC+BcLYno0oIT2oILASMkE3NbH85IHlYZY2qQvFKDbG7w==
|
hUxXrZaRqtiVegq7Ukv7mXCVjAy1x/Flb4dDag4Ym4ReTsyKZpQf/w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZzNPU0pBVjJPREF2SGhQ
|
||||||
|
REl2ckdxakwrdHFPU0RPN0J1K0s1TWFsK0NzCjMzeGgyRktTWWpVVkFxQUpFZDBC
|
||||||
|
bDRuRHZOOU5ueHN6RlY2VUwxQThmNXcKLS0tIEtVU3F3VUZSRGJtU0VBcVh0NXRh
|
||||||
|
eFA2TWtCYmpGN2paWnRSQlBoZk83MkkKwIDlq6u31cc1toMfBHvA932dJyozUYa0
|
||||||
|
e45KrBC3gy/5wZWcN7MktBgqd2khufa+KEMQv7c3ldyixKXokuBRhw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
|
- recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aExaRC9SclVvT1g4WFI0
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VC9ia21rTWpPSnJaamM3
|
||||||
N1grVzZWWmpPaGEwRmx3TjUyK0dvL0RNdmhjClY5UmI0eWZOTXZqbGFxT05OSnk1
|
YzZqMzNJZDA4Q095OTMrR0JGTzczU2RWMVJNCnE0QzNvWWhscnQyWk5WOTV4Vld4
|
||||||
RTAyYStRN0NsRnZlWk03eXIrajdiRjQKLS0tIHlMdzBVNFEzR2FuVFZEWStFY1hh
|
SmJSdVdOMTRWWDFxUzJxc3hWZmxzUTQKLS0tIE9LWEtjc0x5WkpGWTUwMEt2d25K
|
||||||
MnFiSGt3dWZxWnF3M2FkbTJzSTA2VTAKtD40Gp12vB24Wnr8NvY7/ZWr9XVDF9Bl
|
TVJJWktOdW1Ic2E4MWpIbjQrdllkMzgK6M8T6M4rAMGgnWcVao/tp0PWG4NXvTTZ
|
||||||
FUL34R1mpgweNJ1IowFPgQbxsyMTG7iYB4jC50JZNOKJxe9NaeOUlQ==
|
/yNJgLZdBeHQevceLc4madD42IcrX7P2zeb6TM7l0DQVWCy+cBTN8w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
|
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtK0pFcWlheEwzV3N3bVFQ
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNmRXMFVKWnB3QjN3dDNj
|
||||||
K3EwNXI5MXQyYld6Z3J1aVNHWlQ4UjlxSzIwCktDbG9iMFRVQnJBenhWVFhLa2N1
|
QmRaRDRGUVJiczUzWE5WdFNReldBdkNOWlVvCmZCKzY4MThrUmNXeGVPTC9LSGtl
|
||||||
SWRMR3JLajJscWFqMy84aGNFcy9UK1UKLS0tIEZoT0d2bVJpV3ByWmV0eENZVjM3
|
OFJOcGZVbVVjY0RveXR5WXNjU3p6UjgKLS0tIENyUHRpbjRyZjZpdjNlUktuL1g5
|
||||||
WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
|
QmNJVlIvTlhSRXJldUZhZjdsR0gwaHMKuNZcv3s65MtylIYzgDUd0qss4OEeJr8V
|
||||||
sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
|
aI82/McWGJ6Lg0BVmvTUHbYcF09aMEJHeYEZNAzLiJ1a77tlhmY/jw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVVU5Wis5dkJRSE5lRy9U
|
||||||
|
QjFHb21uc0Z3Zmc4Z2J3NTVaajhmQy9nb2xJCjRqK1htbk82M0dnOWNEV0hHcmFz
|
||||||
|
RXFrSGE2UjdhTWh6RmwvR1psV05lbnMKLS0tIDRidEFBY0x2cXMrSHJXaXBuaE4r
|
||||||
|
WXFQQXh2cjlMdzhpa1JUdVVBK3pNbTQK6peUF0mWtmfSuN6KnoYPTEg8sIp/t0R2
|
||||||
|
ygJEf8cpNiVxN0vsF/4kwyC/V4JE4XllsKrKF4NhVrBq96m1RmKlYg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-07-29T19:34:39Z"
|
lastmodified: "2024-07-29T19:34:39Z"
|
||||||
mac: ENC[AES256_GCM,data:ruCV2JKgFN6BiTYjOwlhNmjDCh9ZRJ9E+H0x0uVevZnsTEcFlTUh5iNSiw3uJtcKcA4H4kuGPXlolyxuGVGsAhVFD4G3zR84i9TTHmGT4STC2dNebcA9VUXVnfPhEUFAExrPRxbEqvx3o0QPZIfGonPQzl3xhJzOPahYsRJOwTQ=,iv:rSuuhOgzOgE7DosgVEWDT1jenF3m+NqnCSEKjoCBrfE=,tag:7pAV4jKvJYG1vPqEEMqOPg==,type:str]
|
mac: ENC[AES256_GCM,data:ruCV2JKgFN6BiTYjOwlhNmjDCh9ZRJ9E+H0x0uVevZnsTEcFlTUh5iNSiw3uJtcKcA4H4kuGPXlolyxuGVGsAhVFD4G3zR84i9TTHmGT4STC2dNebcA9VUXVnfPhEUFAExrPRxbEqvx3o0QPZIfGonPQzl3xhJzOPahYsRJOwTQ=,iv:rSuuhOgzOgE7DosgVEWDT1jenF3m+NqnCSEKjoCBrfE=,tag:7pAV4jKvJYG1vPqEEMqOPg==,type:str]
|
||||||
|
|
|
@ -1,6 +1,12 @@
|
||||||
{ pkgs, outputs, config, lib, ... }:
|
|
||||||
{
|
{
|
||||||
satellite.pilot.name = "adrielus";
|
pkgs,
|
||||||
|
outputs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
satellite.pilot.name = lib.mkDefault "adrielus";
|
||||||
|
|
||||||
sops.secrets.pilot_password = {
|
sops.secrets.pilot_password = {
|
||||||
sopsFile = ../secrets.yaml;
|
sopsFile = ../secrets.yaml;
|
||||||
|
@ -33,12 +39,10 @@
|
||||||
"syncthing" # syncthing!
|
"syncthing" # syncthing!
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
hashedPasswordFile = config.sops.secrets.pilot_password.path;
|
hashedPasswordFile = config.sops.secrets.pilot_password.path;
|
||||||
shell = pkgs.fish;
|
shell = pkgs.fish;
|
||||||
|
|
||||||
openssh.authorizedKeys.keyFiles =
|
openssh.authorizedKeys.keyFiles = (import ./common.nix).authorizedKeys { inherit outputs lib; };
|
||||||
(import ./common.nix).authorizedKeys { inherit outputs lib; };
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
{ lib, ... }: {
|
|
||||||
imports = [
|
|
||||||
../common/global
|
|
||||||
../common/users/guest.nix
|
|
||||||
|
|
||||||
../common/optional/greetd.nix
|
|
||||||
../common/optional/pipewire.nix
|
|
||||||
../common/optional/desktop/xdg-portal.nix
|
|
||||||
../common/optional/wayland/hyprland.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# Usually included in the hardware-configuration
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
|
|
||||||
# Set the name of this machine!
|
|
||||||
networking.hostName = "euporie";
|
|
||||||
|
|
||||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
|
||||||
system.stateVersion = "22.11";
|
|
||||||
}
|
|
13
hosts/nixos/iso/default.nix
Normal file
13
hosts/nixos/iso/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
{ modulesPath, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
|
||||||
|
|
||||||
|
../common/global/services/openssh.nix
|
||||||
|
../common/global/locale.nix
|
||||||
|
../common/global/cli/fish.nix
|
||||||
|
../common/global/nix.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.systemPackages = [ pkgs.neovim ];
|
||||||
|
}
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, ... }: {
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||||
|
system.stateVersion = "23.05";
|
||||||
|
|
||||||
|
# {{{ Imports
|
||||||
imports = [
|
imports = [
|
||||||
../common/global
|
../common/global
|
||||||
../common/users/pilot.nix
|
../common/users/pilot.nix
|
||||||
|
@ -38,19 +43,13 @@
|
||||||
./filesystems
|
./filesystems
|
||||||
./hardware
|
./hardware
|
||||||
];
|
];
|
||||||
|
# }}}
|
||||||
# Machine ids
|
# {{{ Machine ids
|
||||||
networking.hostName = "lapetus";
|
networking.hostName = "lapetus";
|
||||||
networking.hostId = "08357db3";
|
networking.hostId = "08357db3";
|
||||||
environment.etc.machine-id.text = "d9571439c8a34e34b89727b73bad3587";
|
environment.etc.machine-id.text = "d9571439c8a34e34b89727b73bad3587";
|
||||||
|
# }}}
|
||||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
# {{{ Tailscale internal IP DNS records
|
||||||
system.stateVersion = "23.05";
|
|
||||||
|
|
||||||
# Bootloader
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
|
|
||||||
# Tailscale internal IP DNS records
|
|
||||||
satellite.dns.records = [
|
satellite.dns.records = [
|
||||||
{
|
{
|
||||||
at = config.networking.hostName;
|
at = config.networking.hostName;
|
||||||
|
@ -63,4 +62,7 @@
|
||||||
value = "fd7a:115c:a1e0::e75d:883b";
|
value = "fd7a:115c:a1e0::e75d:883b";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
# }}}
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,20 +18,29 @@ sops:
|
||||||
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcjFoRm1WNW9jOUJjUC9W
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQzgvU0NQZUFWT0pjZVBZ
|
||||||
NmxhWGRjWlFHd2tRaXJ6WnpaaWlxSFQ0RlZnCllVNTZ0b0MvL0VURDhQRUE1dDdW
|
ZThMRTVMWStMRThFYTF6Nkl2MlBXTWhkNUNZCmpVWW52NHNyTjZkZTN3c1NoajFR
|
||||||
L1NkYzBRRDFLcFpwTTgzRnphLy9GT00KLS0tIFcvU2ZUQ21FZU1NTEFJaHRTVjV3
|
M2MyZHFDM2czZHdPMUg2MDNPMnNqaVUKLS0tIHhwRThOYnBHY2FUajN0b0pBQ1Fn
|
||||||
eU1YeEZIOTJKa3I4c3ZwbVdPMlBLbmMKCBhopcTXWiAwR8ACyDf+P11SYcPrPSSv
|
dmZtT0xXR3RjVzd1ckNyVGpaRktnSkkKlPSmdYTQ5Qc3PVn9PhxmetF0fO7rWOwM
|
||||||
QRPJ6I8Y1Lc7KTCbkO8zW2hBb6fdbvWBJQtW0rOfCuGQ831OyArr0w==
|
OTt7EF41IWwCwwhyQLpUcaCnO08jddPui1C5qnvjSFb/LZILiWQkFA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMjdib09GZC9DNGVoNCtK
|
||||||
|
Z3BnZGNXNzNEb1U3aU1xb1pkaUhPcituSEQwClhiVlMvNlU5OUZhbFE0MnZGTGha
|
||||||
|
eHpRSHlXaExzNnV0VlNEdnpqQmlDa2MKLS0tIFpPc0ovVnhnZ1IyWGNWTEFYZG81
|
||||||
|
a1NaNzE4VVFNRlBwUHRWdTFwWjJ5a00KJvIyBz6XGV2+lfawWzHqFOMILTXt0Vlx
|
||||||
|
OTs0i0tNER2kMucEo3LHIayIM/SB1ncXv+vl0rwHCVfbKdQ0ABhb2Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
|
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGV2VmdmJ2QlVVbUF6MUtt
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTGIzcjYyLyt2QVh1QzJZ
|
||||||
dzZFUGJFS3cyKzlTTHJiWjlqRmJkUm04WXh3CktSdGRIUWxJRU5oVVdkUTFwaEZr
|
L2NKK0ZFaS9kckdKbjNCd0lBckxlNWV2Qm5NCkoyLy8rOXVPOWt0U1BwTHB3ZTNl
|
||||||
M1Y4NnRtclZVTkltOHNjNXAxVW9yaFEKLS0tIGlRYjgwd0FkN0FBU1RSQjRnVWpW
|
NWVzdEQ0TUU4UjgrbzliRU5kZ0FqWjgKLS0tIE9YNkN1OWFLMVhDd1I3T1Y4Qi9O
|
||||||
RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
|
VGNDUEo4NmxYR0JQR0NPcUZVdFl1MVEKISsE+UOuBXLZ/5qOeWSf9tPw6XOsNrWa
|
||||||
lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
|
09bm8O66Ai0AQGhbn0G3Qf/AlcqF+8eRFYZDmpk0HXryuNZYuj7hBw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-13T14:52:30Z"
|
lastmodified: "2024-06-13T14:52:30Z"
|
||||||
mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str]
|
mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str]
|
||||||
|
|
|
@ -1,15 +1,22 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
let
|
let
|
||||||
# {{{ Jupyterhub/lab env
|
# {{{ Jupyterhub/lab env
|
||||||
appEnv = pkgs.python3.withPackages (p: with p; [
|
appEnv = pkgs.python3.withPackages (
|
||||||
jupyterhub
|
p: with p; [
|
||||||
jupyterlab
|
jupyterhub
|
||||||
jupyterhub-systemdspawner
|
jupyterlab
|
||||||
jupyter-collaboration
|
jupyterhub-systemdspawner
|
||||||
jupyterlab-git
|
jupyter-collaboration
|
||||||
]);
|
jupyterlab-git
|
||||||
# }}}
|
]
|
||||||
|
);
|
||||||
in
|
in
|
||||||
|
# }}}
|
||||||
{
|
{
|
||||||
systemd.services.jupyterhub.path = [
|
systemd.services.jupyterhub.path = [
|
||||||
pkgs.texlive.combined.scheme-full # LaTeX stuff is useful for matplotlib
|
pkgs.texlive.combined.scheme-full # LaTeX stuff is useful for matplotlib
|
||||||
|
@ -25,8 +32,8 @@ in
|
||||||
|
|
||||||
# {{{ Spwaner & auth config
|
# {{{ Spwaner & auth config
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
c.Authenticator.allowed_users = {'adrielus', 'javi'}
|
c.Authenticator.allowed_users = {'${config.users.users.pilot.name}', 'javi'}
|
||||||
c.Authenticator.admin_users = {'adrielus'}
|
c.Authenticator.admin_users = {'${config.users.users.pilot.name}'}
|
||||||
|
|
||||||
c.Spawner.notebook_dir='${config.users.users.pilot.home}/projects/notebooks'
|
c.Spawner.notebook_dir='${config.users.users.pilot.home}/projects/notebooks'
|
||||||
c.SystemdSpawner.mem_limit = '2G'
|
c.SystemdSpawner.mem_limit = '2G'
|
||||||
|
@ -35,13 +42,18 @@ in
|
||||||
# }}}
|
# }}}
|
||||||
# {{{ Python 3 kernel
|
# {{{ Python 3 kernel
|
||||||
kernels.python3 =
|
kernels.python3 =
|
||||||
let env = (pkgs.python3.withPackages (p: with p; [
|
let
|
||||||
ipykernel
|
env = (
|
||||||
numpy
|
pkgs.python3.withPackages (
|
||||||
scipy
|
p: with p; [
|
||||||
matplotlib
|
ipykernel
|
||||||
tabulate
|
numpy
|
||||||
]));
|
scipy
|
||||||
|
matplotlib
|
||||||
|
tabulate
|
||||||
|
]
|
||||||
|
)
|
||||||
|
);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
displayName = "Numerical mathematics setup";
|
displayName = "Numerical mathematics setup";
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{ config, ... }: {
|
{ config, ... }:
|
||||||
|
{
|
||||||
# {{{ Zfs config
|
# {{{ Zfs config
|
||||||
services.zfs = {
|
services.zfs = {
|
||||||
trim.enable = true;
|
trim.enable = true;
|
||||||
|
@ -36,12 +37,4 @@
|
||||||
# }}}
|
# }}}
|
||||||
};
|
};
|
||||||
# }}}
|
# }}}
|
||||||
# {{{ Syncoid
|
|
||||||
# Automatically sync certain snapshot to rsync.net
|
|
||||||
services.syncoid = {
|
|
||||||
enable = true;
|
|
||||||
commands."zroot/root/persist/data".target = "root@rsync.net:zroot/root/persist/data";
|
|
||||||
commands."zroot/root/persist/state".target = "root@rsync.net:zroot/root/persist/state";
|
|
||||||
};
|
|
||||||
# }}}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,88 +1,48 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
config,
|
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||||
lib,
|
system.stateVersion = "22.11";
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
{
|
|
||||||
# {{{ Imports
|
# {{{ Imports
|
||||||
imports = [
|
imports = [
|
||||||
../common/global
|
../common/global
|
||||||
../common/users/pilot.nix
|
../common/users/pilot.nix
|
||||||
|
|
||||||
../common/optional/pipewire.nix
|
|
||||||
../common/optional/bluetooth.nix
|
../common/optional/bluetooth.nix
|
||||||
../common/optional/greetd.nix
|
../common/optional/greetd.nix
|
||||||
|
../common/optional/oci.nix
|
||||||
../common/optional/quietboot.nix
|
../common/optional/quietboot.nix
|
||||||
|
|
||||||
|
../common/optional/desktop
|
||||||
../common/optional/desktop/steam.nix
|
../common/optional/desktop/steam.nix
|
||||||
../common/optional/desktop/xdg-portal.nix
|
|
||||||
../common/optional/wayland/hyprland.nix
|
../common/optional/wayland/hyprland.nix
|
||||||
|
|
||||||
../common/optional/services/kanata.nix
|
../common/optional/services/kanata.nix
|
||||||
../common/optional/services/restic
|
../common/optional/services/restic
|
||||||
|
./services/syncthing.nix
|
||||||
|
|
||||||
./hardware
|
./hardware
|
||||||
./boot.nix
|
./boot.nix
|
||||||
./services/syncthing.nix
|
|
||||||
];
|
];
|
||||||
# }}}
|
# }}}
|
||||||
|
|
||||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
|
||||||
system.stateVersion = "22.11";
|
|
||||||
|
|
||||||
services.mullvad-vpn.enable = true;
|
|
||||||
|
|
||||||
# {{{ Machine ids
|
# {{{ Machine ids
|
||||||
networking.hostName = "tethys";
|
networking.hostName = "tethys";
|
||||||
environment.etc.machine-id.text = "08357db3540c4cd2b76d4bb7f825ec88";
|
environment.etc.machine-id.text = "08357db3540c4cd2b76d4bb7f825ec88";
|
||||||
# }}}
|
# }}}
|
||||||
# {{{ A few ad-hoc hardware settings
|
|
||||||
hardware.enableAllFirmware = true;
|
|
||||||
hardware.opengl.enable = true;
|
|
||||||
hardware.opentabletdriver.enable = true;
|
|
||||||
hardware.keyboard.qmk.enable = true;
|
|
||||||
powerManagement.cpuFreqGovernor = "performance";
|
|
||||||
services.tlp = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
|
|
||||||
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
# }}}
|
|
||||||
# {{{ A few ad-hoc programs
|
# {{{ A few ad-hoc programs
|
||||||
programs.kdeconnect.enable = true;
|
programs.kdeconnect.enable = true;
|
||||||
programs.firejail.enable = true;
|
programs.firejail.enable = true;
|
||||||
programs.extra-container.enable = true;
|
services.mullvad-vpn.enable = true;
|
||||||
virtualisation.docker.enable = true;
|
|
||||||
virtualisation.waydroid.enable = true;
|
|
||||||
# virtualisation.spiceUSBRedirection.enable = true; # This was required for the vm usb passthrough tomfoolery
|
|
||||||
# }}}
|
|
||||||
# {{{ Ad-hoc stylix targets
|
|
||||||
stylix.targets.gtk.enable = true;
|
|
||||||
# }}}
|
|
||||||
# {{{ Some ad-hoc site blocking
|
|
||||||
networking.extraHosts =
|
|
||||||
let
|
|
||||||
blacklisted = [
|
|
||||||
# "twitter.com"
|
|
||||||
# "www.reddit.com"
|
|
||||||
"minesweeper.online"
|
|
||||||
];
|
|
||||||
blacklist = lib.concatStringsSep "\n" (lib.forEach blacklisted (host: "127.0.0.1 ${host}"));
|
|
||||||
in
|
|
||||||
blacklist;
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
services.mysql = {
|
services.mysql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.mysql80;
|
package = pkgs.mysql80;
|
||||||
};
|
};
|
||||||
|
# }}}
|
||||||
programs.dconf.enable = true;
|
# {{{ Ad-hoc stylix targets
|
||||||
services.gnome.evolution-data-server.enable = true;
|
stylix.targets.gtk.enable = true;
|
||||||
services.gnome.gnome-online-accounts.enable = true;
|
# }}}
|
||||||
|
# {{{ Tailscale internal IP DNS records
|
||||||
# Tailscale internal IP DNS records
|
|
||||||
satellite.dns.records = [
|
satellite.dns.records = [
|
||||||
# {
|
# {
|
||||||
# at = config.networking.hostName;
|
# at = config.networking.hostName;
|
||||||
|
@ -95,4 +55,5 @@
|
||||||
# value = "fd7a:115c:a1e0::e75d:883b";
|
# value = "fd7a:115c:a1e0::e75d:883b";
|
||||||
# }
|
# }
|
||||||
];
|
];
|
||||||
|
# }}}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{ inputs, ... }:
|
{ inputs, ... }:
|
||||||
{
|
{
|
||||||
|
# {{{ Imports
|
||||||
imports = with inputs.nixos-hardware.nixosModules; [
|
imports = with inputs.nixos-hardware.nixosModules; [
|
||||||
common-cpu-intel
|
common-cpu-intel
|
||||||
# common-gpu-intel # This leads to a "prop ... defined twice" error
|
# common-gpu-intel # This leads to a "prop ... defined twice" error
|
||||||
|
@ -7,4 +8,21 @@
|
||||||
common-pc-ssd
|
common-pc-ssd
|
||||||
./generated.nix
|
./generated.nix
|
||||||
];
|
];
|
||||||
|
# }}}
|
||||||
|
# {{{ Misc
|
||||||
|
hardware.enableAllFirmware = true;
|
||||||
|
hardware.opengl.enable = true;
|
||||||
|
hardware.opentabletdriver.enable = true;
|
||||||
|
hardware.keyboard.qmk.enable = true;
|
||||||
|
# }}}
|
||||||
|
# {{{ Power management
|
||||||
|
powerManagement.cpuFreqGovernor = "performance";
|
||||||
|
services.tlp = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
|
||||||
|
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# }}}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue