Prepare calypso install
This commit is contained in:
parent
3a4d400fef
commit
454aae8f88
17
.sops.yaml
17
.sops.yaml
|
@ -1,26 +1,33 @@
|
|||
keys:
|
||||
- &users:
|
||||
- &prescientmoon age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
||||
- &prescientmoon_tethys age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
||||
- &prescientmoon_calypso age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
|
||||
- &hosts:
|
||||
- &tethys age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
|
||||
- &lapetus age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
|
||||
- &calypso age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
|
||||
creation_rules:
|
||||
- path_regex: hosts/nixos/common/secrets.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *prescientmoon
|
||||
- *prescientmoon_tethys
|
||||
- *prescientmoon_calypso
|
||||
- *tethys
|
||||
- *lapetus
|
||||
- *calypso
|
||||
- path_regex: hosts/nixos/lapetus/secrets.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *prescientmoon
|
||||
- *prescientmoon_tethys
|
||||
- *prescientmoon_calypso
|
||||
- *lapetus
|
||||
- path_regex: home/features/desktop/wakatime/secrets.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *prescientmoon
|
||||
- *prescientmoon_tethys
|
||||
- *prescientmoon_calypso
|
||||
- path_regex: home/features/cli/productivity/secrets.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *prescientmoon
|
||||
- *prescientmoon_tethys
|
||||
- *prescientmoon_calypso
|
||||
|
|
|
@ -17,9 +17,9 @@ The current state of this repo is a refactor of my old, messy nixos config, base
|
|||
|
||||
This repo's structure is based on the concept of hosts - individual machines configured by me. I'm naming each host based on things in space/mythology (_they are the same picture_). The hosts I have right now are:
|
||||
|
||||
- [tethys](./hosts/nixos/tethys/) — my personal laptop
|
||||
- [calypso](./hosts/nixos/calypso/) — my personal laptop
|
||||
- [tethys](./hosts/nixos/tethys/) — my previous personal laptop
|
||||
- [lapetus](./hosts/nixos/lapetus/) — older laptop running as a server
|
||||
- [euporie](./hosts/nixos/euporie/) — barebones host for testing things insdie a VM
|
||||
- enceladus — my android phone. Although not configured using nix, this name gets referenced in some places
|
||||
|
||||
## File structure
|
||||
|
|
|
@ -1,13 +1,24 @@
|
|||
{ pkgs, ... }: {
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
stylix.fonts = {
|
||||
# monospace = { name = "Iosevka"; package = pkgs.iosevka; };
|
||||
monospace = { name = "Cascadia Code"; package = pkgs.cascadia-code; };
|
||||
sansSerif = { name = "CMUSansSerif"; package = pkgs.cm_unicode; };
|
||||
serif = { name = "CMUSerif-Roman"; package = pkgs.cm_unicode; };
|
||||
monospace = {
|
||||
name = "Cascadia Code";
|
||||
package = pkgs.cascadia-code;
|
||||
};
|
||||
sansSerif = {
|
||||
name = "CMUSansSerif";
|
||||
package = pkgs.cm_unicode;
|
||||
};
|
||||
serif = {
|
||||
name = "CMUSerif-Roman";
|
||||
package = pkgs.cm_unicode;
|
||||
};
|
||||
|
||||
sizes = {
|
||||
desktop = 13;
|
||||
applications = 15;
|
||||
terminal = 25;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -491,11 +491,11 @@
|
|||
},
|
||||
"locked": {
|
||||
"dir": "pkgs/firefox-addons",
|
||||
"lastModified": 1720411406,
|
||||
"narHash": "sha256-Z3tMBbMeYQKz1YYmSnbLglG9lm1l/EU+h3CFPJCli4I=",
|
||||
"lastModified": 1723521794,
|
||||
"narHash": "sha256-mmcakr+6z7/SDg+e2p1TYQorjYvUzWqG2KUIsmikARM=",
|
||||
"ref": "refs/heads/master",
|
||||
"rev": "a2a2d880d5ec199ee333c9bf929865d65f92a1d4",
|
||||
"revCount": 3677,
|
||||
"rev": "abafaabfa893ac432bae898a8652bc4a83c49d27",
|
||||
"revCount": 3727,
|
||||
"type": "git",
|
||||
"url": "https://gitlab.com/rycee/nur-expressions?dir=pkgs/firefox-addons"
|
||||
},
|
||||
|
|
113
flake.nix
113
flake.nix
|
@ -60,7 +60,7 @@
|
|||
spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
# }}}
|
||||
# {{{ Theming
|
||||
darkmatter-grub-theme.url = gitlab:VandalByte/darkmatter-grub-theme;
|
||||
darkmatter-grub-theme.url = "gitlab:VandalByte/darkmatter-grub-theme";
|
||||
darkmatter-grub-theme.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
stylix.url = "github:danth/stylix/a33d88cf8f75446f166f2ff4f810a389feed2d56";
|
||||
|
@ -73,7 +73,13 @@
|
|||
};
|
||||
# }}}
|
||||
|
||||
outputs = { self, nixpkgs, home-manager, ... }@inputs:
|
||||
outputs =
|
||||
{
|
||||
self,
|
||||
nixpkgs,
|
||||
home-manager,
|
||||
...
|
||||
}@inputs:
|
||||
let
|
||||
# {{{ Common helpers
|
||||
inherit (self) outputs;
|
||||
|
@ -84,33 +90,37 @@
|
|||
|
||||
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
|
||||
};
|
||||
# }}}
|
||||
in
|
||||
# }}}
|
||||
{
|
||||
# {{{ Packages
|
||||
# Accessible through 'nix build', 'nix shell', etc
|
||||
packages = forAllSystems
|
||||
(system:
|
||||
let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
|
||||
myPkgs = import ./pkgs { inherit pkgs upkgs; };
|
||||
in
|
||||
myPkgs // {
|
||||
octodns = upkgs.octodns.withProviders
|
||||
(ps: [ myPkgs.octodns-cloudflare ]);
|
||||
} // (import ./dns/pkgs.nix) { inherit pkgs self system; }
|
||||
);
|
||||
packages = forAllSystems (
|
||||
system:
|
||||
let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
upkgs = inputs.nixpkgs-unstable.legacyPackages.${system};
|
||||
myPkgs = import ./pkgs { inherit pkgs upkgs; };
|
||||
in
|
||||
myPkgs
|
||||
// {
|
||||
octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
|
||||
}
|
||||
// (import ./dns/pkgs.nix) { inherit pkgs self system; }
|
||||
);
|
||||
# }}}
|
||||
# {{{ Bootstrapping and other pinned devshells
|
||||
# Accessible through 'nix develop'
|
||||
devShells = forAllSystems
|
||||
(system:
|
||||
let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
args = { inherit pkgs; } // specialArgs system;
|
||||
in
|
||||
import ./devshells args);
|
||||
devShells = forAllSystems (
|
||||
system:
|
||||
let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
args = {
|
||||
inherit pkgs;
|
||||
} // specialArgs system;
|
||||
in
|
||||
import ./devshells args
|
||||
);
|
||||
# }}}
|
||||
# {{{ Overlays and modules
|
||||
# Custom packages and modifications, exported as overlays
|
||||
|
@ -126,24 +136,38 @@
|
|||
# NixOS configuration entrypoint
|
||||
# Available through 'nixos-rebuild --flake .#...
|
||||
nixosConfigurations =
|
||||
let nixos = { system, hostname }: nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = specialArgs system;
|
||||
let
|
||||
nixos =
|
||||
{ system, hostname }:
|
||||
nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = specialArgs system;
|
||||
|
||||
modules = [
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.users.pilot = import ./home/${hostname}.nix;
|
||||
home-manager.extraSpecialArgs = specialArgs system // { inherit hostname; };
|
||||
home-manager.useUserPackages = true;
|
||||
modules = [
|
||||
# {{{ Import home manager
|
||||
(
|
||||
{ lib, ... }:
|
||||
{
|
||||
imports = lib.lists.optional (builtins.pathExists ./home/${hostname}.nix) [
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.users.pilot = import ./home/${hostname}.nix;
|
||||
home-manager.extraSpecialArgs = specialArgs system // {
|
||||
inherit hostname;
|
||||
};
|
||||
home-manager.useUserPackages = true;
|
||||
|
||||
stylix.homeManagerIntegration.followSystem = false;
|
||||
stylix.homeManagerIntegration.autoImport = false;
|
||||
}
|
||||
stylix.homeManagerIntegration.followSystem = false;
|
||||
stylix.homeManagerIntegration.autoImport = false;
|
||||
}
|
||||
];
|
||||
}
|
||||
)
|
||||
# }}}
|
||||
|
||||
./hosts/nixos/${hostname}
|
||||
];
|
||||
};
|
||||
./hosts/nixos/${hostname}
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
tethys = nixos {
|
||||
|
@ -156,14 +180,15 @@
|
|||
hostname = "lapetus";
|
||||
};
|
||||
|
||||
# Disabled because `flake check` complains about filesystems and bootloader
|
||||
# options not being set. This is not an issue in practice, as this config is
|
||||
# supposed to be used inside a VM, but there's not much I can do about it.
|
||||
# euporie = nixos {
|
||||
# system = "x86_64-linux";
|
||||
# hostname = "euporie";
|
||||
# };
|
||||
calypso = nixos {
|
||||
system = "x86_64-linux";
|
||||
hostname = "calypso";
|
||||
};
|
||||
|
||||
iso = nixos {
|
||||
system = "x86_64-linux";
|
||||
hostname = "iso";
|
||||
};
|
||||
};
|
||||
# }}}
|
||||
};
|
||||
|
|
74
home/calypso.nix
Normal file
74
home/calypso.nix
Normal file
|
@ -0,0 +1,74 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./global.nix
|
||||
|
||||
./features/desktop/zathura.nix
|
||||
./features/desktop/spotify.nix
|
||||
./features/desktop/obsidian.nix
|
||||
./features/desktop/foot.nix
|
||||
./features/desktop/firefox
|
||||
./features/desktop/discord
|
||||
./features/cli/productivity
|
||||
./features/cli/pass.nix
|
||||
./features/cli/zellij.nix
|
||||
./features/cli/nix-index.nix
|
||||
./features/cli/catgirl.nix
|
||||
./features/cli/lazygit.nix
|
||||
./features/wayland/hyprland
|
||||
./features/neovim
|
||||
];
|
||||
|
||||
# Arbitrary extra packages
|
||||
home.packages = with pkgs; [
|
||||
# {{{ Communication
|
||||
# signal-desktop # Signal client
|
||||
element-desktop # Matrix client
|
||||
# zoom-us # Zoom client 🤮
|
||||
# }}}
|
||||
# {{{ Editors for different formats
|
||||
gimp # Image editing
|
||||
# lmms # Music software
|
||||
# kicad # PCB editing
|
||||
# libreoffice # Free office suite
|
||||
# }}}
|
||||
# {{{ Gaming
|
||||
# wine # Windows compat layer or whatever
|
||||
# lutris # Game launcher
|
||||
# }}}
|
||||
# {{{ Clis
|
||||
sops # Secret editing
|
||||
# sherlock # Search for usernames across different websites
|
||||
# }}}
|
||||
# {{{ Misc
|
||||
bitwarden # Password-manager
|
||||
qbittorrent # Torrent client
|
||||
# google-chrome # Not my primary browser, but sometimes needed in webdev
|
||||
# plover.dev # steno engine
|
||||
|
||||
overskride # Bluetooth client
|
||||
# }}}
|
||||
# {{{ Media playing/recording
|
||||
mpv # Video player
|
||||
imv # Image viewer
|
||||
# peek # GIF recorder
|
||||
# obs-studio # video recorder
|
||||
# }}}
|
||||
];
|
||||
|
||||
home.username = "moon";
|
||||
home.stateVersion = "24.05";
|
||||
|
||||
satellite = {
|
||||
# Symlink some commonly modified dotfiles outside the nix store
|
||||
dev.enable = true;
|
||||
|
||||
monitors = [
|
||||
{
|
||||
name = "eDP-1";
|
||||
width = 1920;
|
||||
height = 1080;
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
{
|
||||
imports = [
|
||||
./global.nix
|
||||
./features/wayland/hyprland
|
||||
];
|
||||
|
||||
# Set up my custom imperanence wrapper
|
||||
satellite.persistence = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
|
@ -12,11 +12,20 @@ sops:
|
|||
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwYkx3eWhxZUpTRVR3R1R4
|
||||
Vm9hMTVsbXBnU0tFU093amU3TTNjalhsVHdvCmZURElTY2Q0eTQvR3M1V3AzTVl4
|
||||
VkR2NXRHR2FiTURqNUp5Y3VDWFQ1UjgKLS0tIEVlRWs3YUFaZzdvd1Q5bmFwazJi
|
||||
Y2E3bmM1TkZoOEN0anJqYUNSQUN5ZDAKtobUBBKbfaUeiPtKN4/oTNaxY3C2joCK
|
||||
8h4FlRLXd+CGnAyjN2p4FliWzLgmOg4HFNmZSmYLpIh4E9yqadNSSg==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTk5WWWlsK2ZyTEJEQjFH
|
||||
ZW1XWm9uTlZBeXB2ZUFzaDVYUTNlSDh3aWpnClRmbExNQmRXMVVNS3BYODF1d2Ez
|
||||
bVQ3UGZ5TTMrdm5GVjlQMk5sak55Qk0KLS0tIEVLVys2cnJ0Z0EvRmpUV3B2Nk9J
|
||||
NzVJZmpmODYramRNaHFxL0wzOHduSTgKgq0kqWffjhQnXoiBvsBYCTxHoA6u1jug
|
||||
xb5LuisZElikx3BVKoNV1HpuUwWe83VSK2hJw1lfpQZ/DFByrv5YfA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcFlQYjZ1N0JrSnVoUENB
|
||||
MXl2Um9PMEhCVHFySU1MWnpqNjcxamZJRjJ3CjlMS1N3TjdxOVl1REZ3M2hSYlhi
|
||||
VW9qZy9FbnJqKy9ObVc5bGNNRksrT3MKLS0tIDY5aGVZUVpkVUgvSVFHbFcwOWVY
|
||||
SFVUTlpIaDlZUDhJT3hicWpxRzBia2sK6hu2aJMyHMYRwlEkbcPDtqUlU9VsDCsR
|
||||
fBXvietF/w/TpfY+G2fCEDcWJAtQ7lLM0tNiiNqbUQwWBWddPVyPBA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-12T23:55:37Z"
|
||||
mac: ENC[AES256_GCM,data:RvJMumDJ2S8JgHwRLG/jhyj1a/ekBmjbzFFk7+6hrDg1/Zi8UzzATLEsEBUhX0X4vlqHBUxv4r61SQEroCl5GXBst+Wtac/zxMGIKm5PDH92HccjJhi4aftGP22PHlYCEOis7+D/Vw7W8ovRCFpEYVxxslxibCIo9RuUf8vDE94=,iv:kavw38JSPem1eChO+ntLwLFt6bAJT1rd8s00nmHNzGY=,tag:QuncWa50NvpLqMZGS0F9ug==,type:str]
|
||||
|
|
|
@ -15,4 +15,7 @@
|
|||
package = pkgs.papirus-icon-theme;
|
||||
name = "Papirus";
|
||||
};
|
||||
|
||||
# Bigger text in qt apps
|
||||
home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4;
|
||||
}
|
||||
|
|
|
@ -8,11 +8,20 @@ sops:
|
|||
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDR0RmdFIxNFJpQTdGYXlq
|
||||
bkZrNktMaFlrOEZtSXh6Y1l6NTN0REN6N2dnCmNMRUk2TXA3RWhtZVlnbTg2aE00
|
||||
eFVwejBTcWRaTUhGWFFIS1RlVkhhQ28KLS0tIEdWWGRWSDZOQW9pQkdCRFFncTM2
|
||||
cURjWFplY1pyMzY4a0h6cTRLS2I2ZW8KqGtYjCsdriSWdKhC+kGBAMSY9WVDL3tE
|
||||
oMxyhrgDMtWndZEGv1+J3XLLmatDKmEcJO2k0CXZlCWWj17O4Rm+eA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dDhCMWVSY280NUlsd3Bu
|
||||
L3QreE1zSGdQWnV3Tm1SQzh2SUF0VDlBcTMwCjNhdE51VzlRdXlRY241VXpaVkFR
|
||||
MndqZTQxQ0FCQ3pvb3BXcXRrR3BYc2cKLS0tIElLYkVLL2h2NXNabW5CRXVla0pa
|
||||
LzY0ejRvMDVmR21ISkdraHZzTndmRmcKVcQeKFytVs8QlkQpMA1GfLL8ccrbSqD+
|
||||
7+5YJoDMiHS01Jgbh+4HNFIg/P3S3yIOCRx+ukvWF2/p7GP55Braxg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBackQ3NzRMZ25RekM5cjNz
|
||||
dlRXeTUyTVFlSDFRSC9jeFFoYlVKbWJRbEFNCnpKZHViK2F2VWJYTTBlNXpITUo1
|
||||
SFlUZUR0WTE4cUFZQlE0YzJJdS9TVVEKLS0tIE45Y25Bam5mdUNkTXkwOGkzb09t
|
||||
ejU0YlVQR3JhaUE2aHBRUFhXaEdTV1EKgsHa/nufIXbLnrkvXNsZJ30dH1L2tMKf
|
||||
jZufrpkQuPXWYzubUYejgQ0/yHGTDQtT9ptn72isGKKgSJZllCnPiA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-05-09T13:00:44Z"
|
||||
mac: ENC[AES256_GCM,data:pvcHe28Vnv/Trq84YwQjDKNiITdX5HbdRaLtoq0gzVGzuN9VL5GtufQN+rtZY3RLFDdEt6qeJe4ichVSK88S0VUEsc5CtsvR1QR59aZ20dsiELI6a9qyOLlCJCP80J9XWCe3Gr93v7AoelKdpPFo2BcRL7TNbkYxJC9t0JienSY=,iv:PtIH5IeCA7SmgekT8hs9p0kXtg4xrivhOz3HWG9UpTA=,tag:1B+POnrhCXFP/WsrfOnn3w==,type:str]
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{ inputs, lib, config, outputs, ... }:
|
||||
{
|
||||
inputs,
|
||||
lib,
|
||||
config,
|
||||
outputs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
# {{{ Imports
|
||||
imports = [
|
||||
|
@ -23,8 +29,8 @@ let
|
|||
../common
|
||||
# }}}
|
||||
];
|
||||
# }}}
|
||||
in
|
||||
# }}}
|
||||
{
|
||||
# Import all modules defined in modules/home-manager
|
||||
imports = builtins.attrValues outputs.homeManagerModules ++ imports;
|
||||
|
@ -32,10 +38,9 @@ in
|
|||
# {{{ Nixpkgs
|
||||
nixpkgs = {
|
||||
# Add all overlays defined in the overlays directory
|
||||
overlays = builtins.attrValues outputs.overlays ++
|
||||
lib.lists.optional
|
||||
config.satellite.toggles.neovim-nightly.enable
|
||||
inputs.neovim-nightly-overlay.overlay;
|
||||
overlays =
|
||||
builtins.attrValues outputs.overlays
|
||||
++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
|
||||
|
||||
config.allowUnfree = true;
|
||||
|
||||
|
@ -55,7 +60,6 @@ in
|
|||
home = {
|
||||
username = lib.mkDefault "adrielus";
|
||||
homeDirectory = "/home/${config.home.username}";
|
||||
stateVersion = lib.mkDefault "23.05";
|
||||
};
|
||||
# }}}
|
||||
# {{{ Ad-hoc settings
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
{
|
||||
imports = [ ./global.nix ];
|
||||
home.stateVersion = "23.05";
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ pkgs, ... }: {
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./global.nix
|
||||
|
||||
|
@ -20,7 +21,6 @@
|
|||
|
||||
# Arbitrary extra packages
|
||||
home.packages = with pkgs; [
|
||||
alacritty
|
||||
# {{{ Communication
|
||||
# signal-desktop # Signal client
|
||||
element-desktop # Matrix client
|
||||
|
@ -57,15 +57,18 @@
|
|||
];
|
||||
|
||||
home.sessionVariables.QT_SCREEN_SCALE_FACTORS = 1.4; # Bigger text in qt apps
|
||||
home.stateVersion = "23.05";
|
||||
|
||||
satellite = {
|
||||
# Symlink some commonly modified dotfiles outside the nix store
|
||||
dev.enable = true;
|
||||
|
||||
monitors = [{
|
||||
name = "eDP-1";
|
||||
width = 1920;
|
||||
height = 1080;
|
||||
}];
|
||||
monitors = [
|
||||
{
|
||||
name = "eDP-1";
|
||||
width = 1920;
|
||||
height = 1080;
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
56
hosts/nixos/calypso/default.nix
Normal file
56
hosts/nixos/calypso/default.nix
Normal file
|
@ -0,0 +1,56 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
# {{{ Imports
|
||||
imports = [
|
||||
../common/global
|
||||
../common/users/pilot.nix
|
||||
|
||||
../common/optional/bluetooth.nix
|
||||
../common/optional/greetd.nix
|
||||
../common/optional/oci.nix
|
||||
../common/optional/quietboot.nix
|
||||
|
||||
../common/optional/desktop
|
||||
../common/optional/desktop/steam.nix
|
||||
../common/optional/wayland/hyprland.nix
|
||||
|
||||
../common/optional/services/kanata.nix
|
||||
../common/optional/services/syncthing.nix
|
||||
../common/optional/services/restic
|
||||
|
||||
./services/snapper.nix
|
||||
|
||||
./filesystems
|
||||
./hardware
|
||||
];
|
||||
# }}}
|
||||
# {{{ Machine ids
|
||||
networking.hostName = "calypso";
|
||||
networking.hostId = "";
|
||||
environment.etc.machine-id.text = "";
|
||||
# }}}
|
||||
# {{{ Tailscale internal IP DNS records
|
||||
satellite.dns.records = [
|
||||
# {
|
||||
# at = config.networking.hostName;
|
||||
# type = "A";
|
||||
# value = "100.93.136.59";
|
||||
# }
|
||||
# {
|
||||
# at = config.networking.hostName;
|
||||
# type = "AAAA";
|
||||
# value = "fd7a:115c:a1e0::e75d:883b";
|
||||
# }
|
||||
];
|
||||
# }}}
|
||||
# {{{ A few ad-hoc programs
|
||||
programs.kdeconnect.enable = true;
|
||||
programs.firejail.enable = true;
|
||||
# }}}
|
||||
|
||||
satellite.pilot.name = "moon";
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
}
|
40
hosts/nixos/calypso/filesystems/default.nix
Normal file
40
hosts/nixos/calypso/filesystems/default.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{ lib, pkgs, ... }:
|
||||
{
|
||||
imports = [ (import ./partitions.nix { }) ];
|
||||
|
||||
boot.supportedFilesystems = [ "btrfs" ];
|
||||
services.btrfs.autoScrub.enable = true;
|
||||
|
||||
# {{{ Mark a bunch of paths as needed for boot
|
||||
fileSystems =
|
||||
lib.attrsets.genAttrs
|
||||
[
|
||||
"/"
|
||||
"/nix"
|
||||
"/persist/data"
|
||||
"/persist/state"
|
||||
"/persist/local/cache"
|
||||
"/boot"
|
||||
]
|
||||
(p: {
|
||||
neededForBoot = true;
|
||||
});
|
||||
# }}}
|
||||
# {{{ Rollback
|
||||
boot.initrd.systemd.services.rollback = {
|
||||
path = [ pkgs.btrfs-progs ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
unitConfig.DefaultDependencies = "no";
|
||||
wantedBy = [ "initrd.target" ];
|
||||
after = [ "systemd-cryptsetup@enc.service" ];
|
||||
before = [ "sysroot.mount" ];
|
||||
script = ''
|
||||
btrfs subvolume delete /root
|
||||
btrfs subvolume snapshot /blank /root
|
||||
'';
|
||||
};
|
||||
# }}}
|
||||
}
|
102
hosts/nixos/calypso/filesystems/partitions.nix
Normal file
102
hosts/nixos/calypso/filesystems/partitions.nix
Normal file
|
@ -0,0 +1,102 @@
|
|||
{
|
||||
disks ? [ "/dev/sda" ],
|
||||
...
|
||||
}:
|
||||
{
|
||||
disko.devices.disk.main = {
|
||||
type = "disk";
|
||||
device = builtins.elemAt disks 0;
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
# {{{ Boot
|
||||
ESP = {
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
mountOptions = [ "defaults" ];
|
||||
};
|
||||
};
|
||||
# }}}
|
||||
# {{{ Luks
|
||||
luks = {
|
||||
size = "384G"; # The remaining space is left for windows
|
||||
content = {
|
||||
type = "luks";
|
||||
name = "crypted";
|
||||
passwordFile = "/hermes/secrets/calypso/disk.key";
|
||||
settings.allowDiscards = true;
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ];
|
||||
|
||||
postCreateHook = ''
|
||||
# We then take an empty *readonly* snapshot of the root subvolume,
|
||||
# which we'll eventually rollback to on every boot.
|
||||
btrfs subvolume snapshot -r /root /blank
|
||||
'';
|
||||
|
||||
subvolumes = {
|
||||
# {{{ /root
|
||||
"/root" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [
|
||||
"compress=zstd"
|
||||
"noatime"
|
||||
];
|
||||
};
|
||||
# }}}
|
||||
# {{{ /swap
|
||||
"/swap" = {
|
||||
mountpoint = "/.swapvol";
|
||||
swap.swapfile.size = "20G";
|
||||
};
|
||||
# }}}
|
||||
# {{{ /root/persist/data
|
||||
"/root/persist/data" = {
|
||||
mountpoint = "/persist/data";
|
||||
mountOptions = [
|
||||
"compress=zstd"
|
||||
"noatime"
|
||||
];
|
||||
};
|
||||
# }}}
|
||||
# {{{ /root/persist/state
|
||||
"/root/persist/state" = {
|
||||
mountpoint = "/persist/state";
|
||||
mountOptions = [
|
||||
"compress=zstd"
|
||||
"noatime"
|
||||
];
|
||||
};
|
||||
# }}}
|
||||
# {{{ /root/local/nix
|
||||
"/root/local/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [
|
||||
"compress=zstd"
|
||||
"noatime"
|
||||
];
|
||||
};
|
||||
# }}}
|
||||
# {{{ /root/local/cache
|
||||
"/root/local/cache" = {
|
||||
mountpoint = "/persist/local/cache";
|
||||
mountOptions = [
|
||||
"compress=zstd"
|
||||
"noatime"
|
||||
];
|
||||
};
|
||||
# }}}
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
# }}}
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
28
hosts/nixos/calypso/hardware/default.nix
Normal file
28
hosts/nixos/calypso/hardware/default.nix
Normal file
|
@ -0,0 +1,28 @@
|
|||
{ inputs, ... }:
|
||||
{
|
||||
# {{{ Imports
|
||||
imports = with inputs.nixos-hardware.nixosModules; [
|
||||
common-cpu-amd
|
||||
common-gpu-amd
|
||||
common-pc-laptop
|
||||
common-pc-ssd
|
||||
./generated.nix
|
||||
];
|
||||
# }}}
|
||||
# {{{ Misc
|
||||
hardware.enableAllFirmware = true;
|
||||
hardware.opengl.enable = true;
|
||||
hardware.opentabletdriver.enable = true;
|
||||
hardware.keyboard.qmk.enable = true;
|
||||
# }}}
|
||||
# {{{ Power management
|
||||
powerManagement.cpuFreqGovernor = "performance";
|
||||
services.tlp = {
|
||||
enable = true;
|
||||
settings = {
|
||||
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
|
||||
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
||||
};
|
||||
};
|
||||
# }}}
|
||||
}
|
1
hosts/nixos/calypso/keys/id_ed25519.pub
Executable file
1
hosts/nixos/calypso/keys/id_ed25519.pub
Executable file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBwFNYf8q84oGOwiGCXmJqeBPdglTPcWJB9nnLpmS2RG root@tethys
|
1
hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub
Executable file
1
hosts/nixos/calypso/keys/ssh_host_ed25519_key.pub
Executable file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASX1E4WYg5dydret3G0fWYJLQn2oRxNZdHWWaJojW1a root@tethys
|
1
hosts/nixos/calypso/keys/ssh_host_rsa_key.pub
Executable file
1
hosts/nixos/calypso/keys/ssh_host_rsa_key.pub
Executable file
|
@ -0,0 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAfRDNDA5B0YlnR0K5wQ0w6pMl0Pi8WIjanKol5SA615VDye3caBdv3UzxdC221ECIa9bZQcaKt/ncIuj/3fE49W8D0+2wL/1Eruy4ximAVAtLgIMzm+hl/dP3KsyTjUajIUbso08S9PUjtJl8PgmiiEPEppMAo++hwKycn5bRoUywE/VoNgPhAB5sgKaFZiQhPu4q0mZWhikGiaJzKPRi84bP4gCL9/h0slSWP3VmhWE7Vyvyjv6OKHdfjXoJA/AjSd3VogmGnzDWUI5lkwJzkHv/ybie9+7y+0o+wBu4+0lJlchBEq0f6dp9fw0MZRt84DYw8/MFDa+SXq5cO5aAwHARpRYeAHkPIRnwJbxTqn6uDlAdWrIxY8SPXIrrBpfnVSoaH8SJN/spsEoILkqrOpncQi5QP1rY8Bi2zaI13WD1kYsh9l4FqmqvCeawEgN0pedudZf2qqHWD93lDTAWxM7k5rPHSSgnnfsgwE35peBpmepJH8ZNFaBqw+aCvIM= root@tethys
|
37
hosts/nixos/calypso/services/snapper.nix
Normal file
37
hosts/nixos/calypso/services/snapper.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
{
|
||||
services.snapper = {
|
||||
snapshotInterval = "hourly";
|
||||
cleanupInterval = "1d";
|
||||
# http://snapper.io/manpages/snapper-configs.html
|
||||
configs = {
|
||||
# {{{ Data
|
||||
data = {
|
||||
SUBVOLUME = "/root/persist/data";
|
||||
TIMELINE_CREATE = true;
|
||||
TIMELINE_CLEANUP = true;
|
||||
BACKGROUND_COMPARISON = "yes";
|
||||
|
||||
TIMELINE_LIMIT_HOURLY = "24";
|
||||
TIMELINE_LIMIT_DAILY = "7";
|
||||
TIMELINE_LIMIT_WEEKLY = "4";
|
||||
TIMELINE_LIMIT_MONTHLY = "12";
|
||||
TIMELINE_LIMIT_YEARLY = "0";
|
||||
};
|
||||
# }}}
|
||||
# {{{ State
|
||||
state = {
|
||||
SUBVOLUME = "/root/persist/state";
|
||||
TIMELINE_CREATE = true;
|
||||
TIMELINE_CLEANUP = true;
|
||||
BACKGROUND_COMPARISON = "yes";
|
||||
|
||||
TIMELINE_LIMIT_HOURLY = "6";
|
||||
TIMELINE_LIMIT_DAILY = "3";
|
||||
TIMELINE_LIMIT_WEEKLY = "1";
|
||||
TIMELINE_LIMIT_MONTHLY = "1";
|
||||
TIMELINE_LIMIT_YEARLY = "0";
|
||||
};
|
||||
# }}}
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,12 +0,0 @@
|
|||
{ pkgs, inputs, lib, ... }: {
|
||||
security.sudo = {
|
||||
enable = true;
|
||||
extraRules = [{
|
||||
commands = [{
|
||||
command = lib.getExe inputs.deploy-rs.packages.${pkgs.system}.default;
|
||||
options = [ "NOPASSWD" ];
|
||||
}];
|
||||
groups = [ "wheel" ];
|
||||
}];
|
||||
};
|
||||
}
|
|
@ -1,5 +1,11 @@
|
|||
# Configuration pieces included on all (nixos) hosts
|
||||
{ inputs, lib, config, outputs, ... }:
|
||||
{
|
||||
inputs,
|
||||
lib,
|
||||
config,
|
||||
outputs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
# {{{ Imports
|
||||
imports = [
|
||||
|
@ -23,8 +29,8 @@ let
|
|||
../../../../common
|
||||
# }}}
|
||||
];
|
||||
# }}}
|
||||
in
|
||||
# }}}
|
||||
{
|
||||
# Import all modules defined in modules/nixos
|
||||
imports = builtins.attrValues outputs.nixosModules ++ imports;
|
||||
|
@ -44,13 +50,17 @@ in
|
|||
# Boot using systemd
|
||||
boot.initrd.systemd.enable = true;
|
||||
# }}}
|
||||
# {{{ Disable sudo default lecture
|
||||
security.sudo.extraConfig = ''
|
||||
Defaults lecture = never
|
||||
'';
|
||||
# }}}
|
||||
|
||||
nixpkgs = {
|
||||
# Add all overlays defined in the overlays directory
|
||||
overlays = builtins.attrValues outputs.overlays ++
|
||||
lib.lists.optional
|
||||
config.satellite.toggles.neovim-nightly.enable
|
||||
inputs.neovim-nightly-overlay.overlay;
|
||||
overlays =
|
||||
builtins.attrValues outputs.overlays
|
||||
++ lib.lists.optional config.satellite.toggles.neovim-nightly.enable inputs.neovim-nightly-overlay.overlay;
|
||||
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
# This setups a SSH server.
|
||||
{ outputs, config, lib, ... }:
|
||||
{
|
||||
outputs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
# Record containing all the hosts
|
||||
hosts = outputs.nixosConfigurations;
|
||||
|
@ -15,8 +20,8 @@ in
|
|||
enable = true;
|
||||
|
||||
settings = {
|
||||
PermitRootLogin = "no"; # Forbid root login through SSH.
|
||||
PasswordAuthentication = false; # Use keys only.
|
||||
PermitRootLogin = lib.mkDefault "no"; # Forbid root login through SSH.
|
||||
PasswordAuthentication = lib.mkDefault false; # Use keys only.
|
||||
};
|
||||
|
||||
# Automatically remove stale sockets
|
||||
|
@ -26,7 +31,10 @@ in
|
|||
|
||||
# Generate ssh key
|
||||
hostKeys =
|
||||
let mkKey = type: path: extra: { inherit type path; } // extra;
|
||||
let
|
||||
mkKey =
|
||||
type: path: extra:
|
||||
{ inherit type path; } // extra;
|
||||
in
|
||||
[
|
||||
(mkKey "ed25519" "/persist/state/etc/ssh/ssh_host_ed25519_key" { })
|
||||
|
@ -43,19 +51,22 @@ in
|
|||
# attrsetof host -> attrsetof { ... }
|
||||
(builtins.mapAttrs
|
||||
# string -> host -> { ... }
|
||||
(name: _: {
|
||||
publicKeyFile = pubKey name;
|
||||
extraHostNames = lib.optional (name == hostname) "localhost";
|
||||
}))
|
||||
(
|
||||
name: _: {
|
||||
publicKeyFile = pubKey name;
|
||||
extraHostNames = lib.optional (name == hostname) "localhost";
|
||||
}
|
||||
)
|
||||
)
|
||||
|
||||
# attrsetof { ... } -> attrsetof { ... }
|
||||
(lib.attrsets.filterAttrs
|
||||
# string -> { ... } -> bool
|
||||
(_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile))
|
||||
(_: { publicKeyFile, ... }: builtins.pathExists publicKeyFile)
|
||||
)
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
# By default, this will ban failed ssh attempts
|
||||
services.fail2ban.enable = true;
|
||||
|
||||
|
|
8
hosts/nixos/common/optional/desktop/default.nix
Normal file
8
hosts/nixos/common/optional/desktop/default.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
imports = [
|
||||
../pipewire.nix
|
||||
./xdg-portal.nix
|
||||
];
|
||||
|
||||
stylix.targets.gtk.enable = true;
|
||||
}
|
|
@ -1,14 +1,8 @@
|
|||
{
|
||||
virtualisation.oci-containers.backend = "docker";
|
||||
|
||||
|
||||
environment.persistence = {
|
||||
"/persist/state".directories = [
|
||||
"/var/lib/containers/storage"
|
||||
];
|
||||
|
||||
"/persist/local/cache".directories = [
|
||||
"/var/lib/containers/cache"
|
||||
];
|
||||
"/persist/state".directories = [ "/var/lib/containers/storage" ];
|
||||
"/persist/local/cache".directories = [ "/var/lib/containers/cache" ];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,29 +11,47 @@ sops:
|
|||
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbzNLcXFBcTlIM3hjZTN0
|
||||
bTFZUDJnS3lROExSREVkd0FMeHU3RGVWdzJnCkszOVROZlBmZWl2cjFkcTZ1OWZw
|
||||
eThXSTliNmxHM3o3NzhUOUkvU0YzNzgKLS0tIHBWSmRTTlJBdmlKQy9YWHR0NGds
|
||||
ak5kUFRJK3JCcUYvSFY2eGtIOTk3RkkKl3yBZjjBExU9RoZbaKBixfsywqFWFnq4
|
||||
n7olhkNMVIC+BcLYno0oIT2oILASMkE3NbH85IHlYZY2qQvFKDbG7w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRVRLdlFuS3I5aXRKRmdF
|
||||
TjFHY3Yvc2NUUlpYRUR6Y2JHRVgzTkhOZjFNCkhnZjU0R0VIbDJSNVNSb2hZUDd3
|
||||
SERkaExNdkRDOXRSWlg5enluY3dXRUUKLS0tIFZBNTJYaHhxbmZhMG56UGFtd25u
|
||||
aVNDS2h1NnFmMERIMzdUanp1MitBTGcKp4s32NVcyeJNI6BDeU1GGz5xjoSW/iH7
|
||||
hUxXrZaRqtiVegq7Ukv7mXCVjAy1x/Flb4dDag4Ym4ReTsyKZpQf/w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEZzNPU0pBVjJPREF2SGhQ
|
||||
REl2ckdxakwrdHFPU0RPN0J1K0s1TWFsK0NzCjMzeGgyRktTWWpVVkFxQUpFZDBC
|
||||
bDRuRHZOOU5ueHN6RlY2VUwxQThmNXcKLS0tIEtVU3F3VUZSRGJtU0VBcVh0NXRh
|
||||
eFA2TWtCYmpGN2paWnRSQlBoZk83MkkKwIDlq6u31cc1toMfBHvA932dJyozUYa0
|
||||
e45KrBC3gy/5wZWcN7MktBgqd2khufa+KEMQv7c3ldyixKXokuBRhw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1avsekqqyr62urdwtpfpt0ledzm49wy0rq7wcg3rnsprdx22er5usp0jxgs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aExaRC9SclVvT1g4WFI0
|
||||
N1grVzZWWmpPaGEwRmx3TjUyK0dvL0RNdmhjClY5UmI0eWZOTXZqbGFxT05OSnk1
|
||||
RTAyYStRN0NsRnZlWk03eXIrajdiRjQKLS0tIHlMdzBVNFEzR2FuVFZEWStFY1hh
|
||||
MnFiSGt3dWZxWnF3M2FkbTJzSTA2VTAKtD40Gp12vB24Wnr8NvY7/ZWr9XVDF9Bl
|
||||
FUL34R1mpgweNJ1IowFPgQbxsyMTG7iYB4jC50JZNOKJxe9NaeOUlQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VC9ia21rTWpPSnJaamM3
|
||||
YzZqMzNJZDA4Q095OTMrR0JGTzczU2RWMVJNCnE0QzNvWWhscnQyWk5WOTV4Vld4
|
||||
SmJSdVdOMTRWWDFxUzJxc3hWZmxzUTQKLS0tIE9LWEtjc0x5WkpGWTUwMEt2d25K
|
||||
TVJJWktOdW1Ic2E4MWpIbjQrdllkMzgK6M8T6M4rAMGgnWcVao/tp0PWG4NXvTTZ
|
||||
/yNJgLZdBeHQevceLc4madD42IcrX7P2zeb6TM7l0DQVWCy+cBTN8w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtK0pFcWlheEwzV3N3bVFQ
|
||||
K3EwNXI5MXQyYld6Z3J1aVNHWlQ4UjlxSzIwCktDbG9iMFRVQnJBenhWVFhLa2N1
|
||||
SWRMR3JLajJscWFqMy84aGNFcy9UK1UKLS0tIEZoT0d2bVJpV3ByWmV0eENZVjM3
|
||||
WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
|
||||
sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGNmRXMFVKWnB3QjN3dDNj
|
||||
QmRaRDRGUVJiczUzWE5WdFNReldBdkNOWlVvCmZCKzY4MThrUmNXeGVPTC9LSGtl
|
||||
OFJOcGZVbVVjY0RveXR5WXNjU3p6UjgKLS0tIENyUHRpbjRyZjZpdjNlUktuL1g5
|
||||
QmNJVlIvTlhSRXJldUZhZjdsR0gwaHMKuNZcv3s65MtylIYzgDUd0qss4OEeJr8V
|
||||
aI82/McWGJ6Lg0BVmvTUHbYcF09aMEJHeYEZNAzLiJ1a77tlhmY/jw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18gengezksnt0wtc3sv28ypmx546quzeg88kw5s8sywxyje5rmqyqh9daxe
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlVVU5Wis5dkJRSE5lRy9U
|
||||
QjFHb21uc0Z3Zmc4Z2J3NTVaajhmQy9nb2xJCjRqK1htbk82M0dnOWNEV0hHcmFz
|
||||
RXFrSGE2UjdhTWh6RmwvR1psV05lbnMKLS0tIDRidEFBY0x2cXMrSHJXaXBuaE4r
|
||||
WXFQQXh2cjlMdzhpa1JUdVVBK3pNbTQK6peUF0mWtmfSuN6KnoYPTEg8sIp/t0R2
|
||||
ygJEf8cpNiVxN0vsF/4kwyC/V4JE4XllsKrKF4NhVrBq96m1RmKlYg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-07-29T19:34:39Z"
|
||||
mac: ENC[AES256_GCM,data:ruCV2JKgFN6BiTYjOwlhNmjDCh9ZRJ9E+H0x0uVevZnsTEcFlTUh5iNSiw3uJtcKcA4H4kuGPXlolyxuGVGsAhVFD4G3zR84i9TTHmGT4STC2dNebcA9VUXVnfPhEUFAExrPRxbEqvx3o0QPZIfGonPQzl3xhJzOPahYsRJOwTQ=,iv:rSuuhOgzOgE7DosgVEWDT1jenF3m+NqnCSEKjoCBrfE=,tag:7pAV4jKvJYG1vPqEEMqOPg==,type:str]
|
||||
|
|
|
@ -1,6 +1,12 @@
|
|||
{ pkgs, outputs, config, lib, ... }:
|
||||
{
|
||||
satellite.pilot.name = "adrielus";
|
||||
pkgs,
|
||||
outputs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
satellite.pilot.name = lib.mkDefault "adrielus";
|
||||
|
||||
sops.secrets.pilot_password = {
|
||||
sopsFile = ../secrets.yaml;
|
||||
|
@ -33,12 +39,10 @@
|
|||
"syncthing" # syncthing!
|
||||
];
|
||||
|
||||
|
||||
hashedPasswordFile = config.sops.secrets.pilot_password.path;
|
||||
shell = pkgs.fish;
|
||||
|
||||
openssh.authorizedKeys.keyFiles =
|
||||
(import ./common.nix).authorizedKeys { inherit outputs lib; };
|
||||
openssh.authorizedKeys.keyFiles = (import ./common.nix).authorizedKeys { inherit outputs lib; };
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,20 +0,0 @@
|
|||
{ lib, ... }: {
|
||||
imports = [
|
||||
../common/global
|
||||
../common/users/guest.nix
|
||||
|
||||
../common/optional/greetd.nix
|
||||
../common/optional/pipewire.nix
|
||||
../common/optional/desktop/xdg-portal.nix
|
||||
../common/optional/wayland/hyprland.nix
|
||||
];
|
||||
|
||||
# Usually included in the hardware-configuration
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
|
||||
# Set the name of this machine!
|
||||
networking.hostName = "euporie";
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "22.11";
|
||||
}
|
13
hosts/nixos/iso/default.nix
Normal file
13
hosts/nixos/iso/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{ modulesPath, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
"${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
|
||||
|
||||
../common/global/services/openssh.nix
|
||||
../common/global/locale.nix
|
||||
../common/global/cli/fish.nix
|
||||
../common/global/nix.nix
|
||||
];
|
||||
|
||||
environment.systemPackages = [ pkgs.neovim ];
|
||||
}
|
|
@ -1,4 +1,9 @@
|
|||
{ config, ... }: {
|
||||
{ config, ... }:
|
||||
{
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
# {{{ Imports
|
||||
imports = [
|
||||
../common/global
|
||||
../common/users/pilot.nix
|
||||
|
@ -38,19 +43,13 @@
|
|||
./filesystems
|
||||
./hardware
|
||||
];
|
||||
|
||||
# Machine ids
|
||||
# }}}
|
||||
# {{{ Machine ids
|
||||
networking.hostName = "lapetus";
|
||||
networking.hostId = "08357db3";
|
||||
environment.etc.machine-id.text = "d9571439c8a34e34b89727b73bad3587";
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "23.05";
|
||||
|
||||
# Bootloader
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
||||
# Tailscale internal IP DNS records
|
||||
# }}}
|
||||
# {{{ Tailscale internal IP DNS records
|
||||
satellite.dns.records = [
|
||||
{
|
||||
at = config.networking.hostName;
|
||||
|
@ -63,4 +62,7 @@
|
|||
value = "fd7a:115c:a1e0::e75d:883b";
|
||||
}
|
||||
];
|
||||
# }}}
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
}
|
||||
|
|
|
@ -18,20 +18,29 @@ sops:
|
|||
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYcjFoRm1WNW9jOUJjUC9W
|
||||
NmxhWGRjWlFHd2tRaXJ6WnpaaWlxSFQ0RlZnCllVNTZ0b0MvL0VURDhQRUE1dDdW
|
||||
L1NkYzBRRDFLcFpwTTgzRnphLy9GT00KLS0tIFcvU2ZUQ21FZU1NTEFJaHRTVjV3
|
||||
eU1YeEZIOTJKa3I4c3ZwbVdPMlBLbmMKCBhopcTXWiAwR8ACyDf+P11SYcPrPSSv
|
||||
QRPJ6I8Y1Lc7KTCbkO8zW2hBb6fdbvWBJQtW0rOfCuGQ831OyArr0w==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQzgvU0NQZUFWT0pjZVBZ
|
||||
ZThMRTVMWStMRThFYTF6Nkl2MlBXTWhkNUNZCmpVWW52NHNyTjZkZTN3c1NoajFR
|
||||
M2MyZHFDM2czZHdPMUg2MDNPMnNqaVUKLS0tIHhwRThOYnBHY2FUajN0b0pBQ1Fn
|
||||
dmZtT0xXR3RjVzd1ckNyVGpaRktnSkkKlPSmdYTQ5Qc3PVn9PhxmetF0fO7rWOwM
|
||||
OTt7EF41IWwCwwhyQLpUcaCnO08jddPui1C5qnvjSFb/LZILiWQkFA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age13c346xw9kzsvra04ck8h8pa47mwdp8nh3aess4pwhyvdsufyhf0qt65ja8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMjdib09GZC9DNGVoNCtK
|
||||
Z3BnZGNXNzNEb1U3aU1xb1pkaUhPcituSEQwClhiVlMvNlU5OUZhbFE0MnZGTGha
|
||||
eHpRSHlXaExzNnV0VlNEdnpqQmlDa2MKLS0tIFpPc0ovVnhnZ1IyWGNWTEFYZG81
|
||||
a1NaNzE4VVFNRlBwUHRWdTFwWjJ5a00KJvIyBz6XGV2+lfawWzHqFOMILTXt0Vlx
|
||||
OTs0i0tNER2kMucEo3LHIayIM/SB1ncXv+vl0rwHCVfbKdQ0ABhb2Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGV2VmdmJ2QlVVbUF6MUtt
|
||||
dzZFUGJFS3cyKzlTTHJiWjlqRmJkUm04WXh3CktSdGRIUWxJRU5oVVdkUTFwaEZr
|
||||
M1Y4NnRtclZVTkltOHNjNXAxVW9yaFEKLS0tIGlRYjgwd0FkN0FBU1RSQjRnVWpW
|
||||
RHZ6alYrUU5BZ2xlMkdGR1dWRG5aeGMKJdsdtVZ6Mk9Vo3a+tS+rzAgaF2wpH+8U
|
||||
lWhA+c0Kbe8EJT8hm7Vr8PqBmElz4V9AnXSCTp7D+Cu4pfWsHopLUQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZTGIzcjYyLyt2QVh1QzJZ
|
||||
L2NKK0ZFaS9kckdKbjNCd0lBckxlNWV2Qm5NCkoyLy8rOXVPOWt0U1BwTHB3ZTNl
|
||||
NWVzdEQ0TUU4UjgrbzliRU5kZ0FqWjgKLS0tIE9YNkN1OWFLMVhDd1I3T1Y4Qi9O
|
||||
VGNDUEo4NmxYR0JQR0NPcUZVdFl1MVEKISsE+UOuBXLZ/5qOeWSf9tPw6XOsNrWa
|
||||
09bm8O66Ai0AQGhbn0G3Qf/AlcqF+8eRFYZDmpk0HXryuNZYuj7hBw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-13T14:52:30Z"
|
||||
mac: ENC[AES256_GCM,data:EXVbpc8P8SzTSYw0TWwJBEWYZRpGOAXm4wFS0JbzeiNaWEybZk6Y07Vr5tyaEWucpu52VxLrVwoZn8YSdF9JPAHtTQYYY35MccBkB01+GVXpVDQfxCG9UNYO24qExNboQIs5QRWmtaX7zTbut+ETcOFKHlkqR9g95PZQhsNZx4c=,iv:1Bu9g4/V2ixRvJJBijlkdNO9pdoR+qwDGTeUgr24dsg=,tag:gyF34lCSbF0It4KPmtQYJA==,type:str]
|
||||
|
|
|
@ -1,15 +1,22 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
# {{{ Jupyterhub/lab env
|
||||
appEnv = pkgs.python3.withPackages (p: with p; [
|
||||
jupyterhub
|
||||
jupyterlab
|
||||
jupyterhub-systemdspawner
|
||||
jupyter-collaboration
|
||||
jupyterlab-git
|
||||
]);
|
||||
# }}}
|
||||
appEnv = pkgs.python3.withPackages (
|
||||
p: with p; [
|
||||
jupyterhub
|
||||
jupyterlab
|
||||
jupyterhub-systemdspawner
|
||||
jupyter-collaboration
|
||||
jupyterlab-git
|
||||
]
|
||||
);
|
||||
in
|
||||
# }}}
|
||||
{
|
||||
systemd.services.jupyterhub.path = [
|
||||
pkgs.texlive.combined.scheme-full # LaTeX stuff is useful for matplotlib
|
||||
|
@ -25,8 +32,8 @@ in
|
|||
|
||||
# {{{ Spwaner & auth config
|
||||
extraConfig = ''
|
||||
c.Authenticator.allowed_users = {'adrielus', 'javi'}
|
||||
c.Authenticator.admin_users = {'adrielus'}
|
||||
c.Authenticator.allowed_users = {'${config.users.users.pilot.name}', 'javi'}
|
||||
c.Authenticator.admin_users = {'${config.users.users.pilot.name}'}
|
||||
|
||||
c.Spawner.notebook_dir='${config.users.users.pilot.home}/projects/notebooks'
|
||||
c.SystemdSpawner.mem_limit = '2G'
|
||||
|
@ -35,13 +42,18 @@ in
|
|||
# }}}
|
||||
# {{{ Python 3 kernel
|
||||
kernels.python3 =
|
||||
let env = (pkgs.python3.withPackages (p: with p; [
|
||||
ipykernel
|
||||
numpy
|
||||
scipy
|
||||
matplotlib
|
||||
tabulate
|
||||
]));
|
||||
let
|
||||
env = (
|
||||
pkgs.python3.withPackages (
|
||||
p: with p; [
|
||||
ipykernel
|
||||
numpy
|
||||
scipy
|
||||
matplotlib
|
||||
tabulate
|
||||
]
|
||||
)
|
||||
);
|
||||
in
|
||||
{
|
||||
displayName = "Numerical mathematics setup";
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
{ config, ... }: {
|
||||
{ config, ... }:
|
||||
{
|
||||
# {{{ Zfs config
|
||||
services.zfs = {
|
||||
trim.enable = true;
|
||||
|
@ -36,12 +37,4 @@
|
|||
# }}}
|
||||
};
|
||||
# }}}
|
||||
# {{{ Syncoid
|
||||
# Automatically sync certain snapshot to rsync.net
|
||||
services.syncoid = {
|
||||
enable = true;
|
||||
commands."zroot/root/persist/data".target = "root@rsync.net:zroot/root/persist/data";
|
||||
commands."zroot/root/persist/state".target = "root@rsync.net:zroot/root/persist/state";
|
||||
};
|
||||
# }}}
|
||||
}
|
||||
|
|
|
@ -1,88 +1,48 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
{
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
# {{{ Imports
|
||||
imports = [
|
||||
../common/global
|
||||
../common/users/pilot.nix
|
||||
|
||||
../common/optional/pipewire.nix
|
||||
../common/optional/bluetooth.nix
|
||||
../common/optional/greetd.nix
|
||||
../common/optional/oci.nix
|
||||
../common/optional/quietboot.nix
|
||||
|
||||
../common/optional/desktop
|
||||
../common/optional/desktop/steam.nix
|
||||
../common/optional/desktop/xdg-portal.nix
|
||||
../common/optional/wayland/hyprland.nix
|
||||
|
||||
../common/optional/services/kanata.nix
|
||||
../common/optional/services/restic
|
||||
./services/syncthing.nix
|
||||
|
||||
./hardware
|
||||
./boot.nix
|
||||
./services/syncthing.nix
|
||||
];
|
||||
# }}}
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
services.mullvad-vpn.enable = true;
|
||||
|
||||
# {{{ Machine ids
|
||||
networking.hostName = "tethys";
|
||||
environment.etc.machine-id.text = "08357db3540c4cd2b76d4bb7f825ec88";
|
||||
# }}}
|
||||
# {{{ A few ad-hoc hardware settings
|
||||
hardware.enableAllFirmware = true;
|
||||
hardware.opengl.enable = true;
|
||||
hardware.opentabletdriver.enable = true;
|
||||
hardware.keyboard.qmk.enable = true;
|
||||
powerManagement.cpuFreqGovernor = "performance";
|
||||
services.tlp = {
|
||||
enable = true;
|
||||
settings = {
|
||||
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
|
||||
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
||||
};
|
||||
};
|
||||
# }}}
|
||||
# {{{ A few ad-hoc programs
|
||||
programs.kdeconnect.enable = true;
|
||||
programs.firejail.enable = true;
|
||||
programs.extra-container.enable = true;
|
||||
virtualisation.docker.enable = true;
|
||||
virtualisation.waydroid.enable = true;
|
||||
# virtualisation.spiceUSBRedirection.enable = true; # This was required for the vm usb passthrough tomfoolery
|
||||
# }}}
|
||||
# {{{ Ad-hoc stylix targets
|
||||
stylix.targets.gtk.enable = true;
|
||||
# }}}
|
||||
# {{{ Some ad-hoc site blocking
|
||||
networking.extraHosts =
|
||||
let
|
||||
blacklisted = [
|
||||
# "twitter.com"
|
||||
# "www.reddit.com"
|
||||
"minesweeper.online"
|
||||
];
|
||||
blacklist = lib.concatStringsSep "\n" (lib.forEach blacklisted (host: "127.0.0.1 ${host}"));
|
||||
in
|
||||
blacklist;
|
||||
# }}}
|
||||
services.mullvad-vpn.enable = true;
|
||||
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mysql80;
|
||||
};
|
||||
|
||||
programs.dconf.enable = true;
|
||||
services.gnome.evolution-data-server.enable = true;
|
||||
services.gnome.gnome-online-accounts.enable = true;
|
||||
|
||||
# Tailscale internal IP DNS records
|
||||
# }}}
|
||||
# {{{ Ad-hoc stylix targets
|
||||
stylix.targets.gtk.enable = true;
|
||||
# }}}
|
||||
# {{{ Tailscale internal IP DNS records
|
||||
satellite.dns.records = [
|
||||
# {
|
||||
# at = config.networking.hostName;
|
||||
|
@ -95,4 +55,5 @@
|
|||
# value = "fd7a:115c:a1e0::e75d:883b";
|
||||
# }
|
||||
];
|
||||
# }}}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{ inputs, ... }:
|
||||
{
|
||||
# {{{ Imports
|
||||
imports = with inputs.nixos-hardware.nixosModules; [
|
||||
common-cpu-intel
|
||||
# common-gpu-intel # This leads to a "prop ... defined twice" error
|
||||
|
@ -7,4 +8,21 @@
|
|||
common-pc-ssd
|
||||
./generated.nix
|
||||
];
|
||||
# }}}
|
||||
# {{{ Misc
|
||||
hardware.enableAllFirmware = true;
|
||||
hardware.opengl.enable = true;
|
||||
hardware.opentabletdriver.enable = true;
|
||||
hardware.keyboard.qmk.enable = true;
|
||||
# }}}
|
||||
# {{{ Power management
|
||||
powerManagement.cpuFreqGovernor = "performance";
|
||||
services.tlp = {
|
||||
enable = true;
|
||||
settings = {
|
||||
CPU_SCALING_GOVERNOR_ON_BAT = "performance";
|
||||
CPU_SCALING_GOVERNOR_ON_AC = "performance";
|
||||
};
|
||||
};
|
||||
# }}}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue