noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-03-14 21:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

move apps into pkgs and rename hosts

Browse Source
This commit is contained in:
Noah Masur 2025-03-09 18:04:01 +00:00
parent 37d1d7724a
commit 75d4dbe868
44 changed files with 188 additions and 592 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
apps/README.md
View File

@ -1,9 +0,0 @@
# Apps
These are all my miscellaneous utilies and scripts to accompany this project.
They can be run with:
```
nix run github:nmasur/dotfiles#appname
```

31
apps/default.nix
View File

@ -1,31 +0,0 @@
{ pkgs, ... }:
rec {
# Show quick helper
default = import ./help.nix { inherit pkgs; };
# Format primary disk
format-root = import ./format-root.nix { inherit pkgs; };
# Format and install from nothing (deprecated)
installer = import ./installer.nix { inherit pkgs; };
# Display the readme for this repository
readme = import ./readme.nix { inherit pkgs; };
# Rebuild
rebuild = import ./rebuild.nix { inherit pkgs; };
# Load the SSH key for this machine
loadkey = import ./loadkey.nix { inherit pkgs; };
# Encrypt secret for all machines
encrypt-secret = import ./encrypt-secret.nix { inherit pkgs; };
# Re-encrypt secrets for all machines
reencrypt-secrets = import ./reencrypt-secrets.nix { inherit pkgs; };
# Run neovim as an app
neovim = import ./neovim.nix { inherit pkgs; };
nvim = neovim;
}

19
apps/encrypt-secret.nix
View File

@ -1,19 +0,0 @@
{ pkgs, ... }:
{
# nix run github:nmasur/dotfiles#encrypt-secret > private/mysecret.age
type = "app";
program = builtins.toString (
pkgs.writeShellScript "encrypt-secret" ''
printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2
read -p "Secret: " secret
printf "\nEncrypting...\n\n" 1>&2
tmpfile=$(mktemp)
echo "''${secret}" > ''${tmpfile}
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile
rm $tmpfile
''
);
}

9
apps/format-root.nix
View File

@ -1,9 +0,0 @@
{ pkgs, ... }:
{
# This script will partition and format drives; use at your own risk!
type = "app";
program = pkgs.lib.getExe pkgs.nmasur.format-root;
}

24
apps/help.nix
View File

@ -1,24 +0,0 @@
{ pkgs, ... }:
{
type = "app";
program = builtins.toString (
pkgs.writeShellScript "default" ''
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
echo ""
echo ""
${pkgs.gum}/bin/gum format --type=template -- \
' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \
echo ""
echo ""
''
);
}

50
apps/installer.nix
View File

@ -1,50 +0,0 @@
{ pkgs, ... }:
{
# Inspired by https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix
# This script will partition and format drives; use at your own risk!
type = "app";
program = builtins.toString (
pkgs.writeShellScript "installer" ''
set -e
DISK=$1
FLAKE=$2
PARTITION_PREFIX=""
if [ -z "$DISK" ] || [ -z "$FLAKE" ]; then
${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
--foreground "#fb4934" \
"Missing required parameter." \
"Usage: installer -- <disk> <host>" \
"Example: installer -- nvme0n1 tempest" \
"Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest"
echo "(exiting)"
exit 1
fi
case "$DISK" in nvme*)
PARTITION_PREFIX="p"
esac
${pkgs.gum}/bin/gum confirm \
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
--default=false
${pkgs.parted}/bin/parted /dev/''${DISK} -- mklabel gpt
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart primary 512MiB 100%
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart ESP fat32 1MiB 512MiB
${pkgs.parted}/bin/parted /dev/''${DISK} -- set 3 esp on
mkfs.ext4 -L nixos /dev/''${DISK}''${PARTITION_PREFIX}1
mkfs.fat -F 32 -n boot /dev/''${DISK}''${PARTITION_PREFIX}2
mount /dev/disk/by-label/nixos /mnt
mkdir --parents /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
${pkgs.nixos-install-tools}/bin/nixos-install --flake github:nmasur/dotfiles#''${FLAKE}
''
);
}

12
apps/neovim.nix
View File

@ -1,12 +0,0 @@
{ pkgs, ... }:
{
type = "app";
program = "${
(import ../modules/common/neovim/package {
inherit pkgs;
colors = (import ../colorscheme/nord).dark;
})
}/bin/nvim";
}

11
apps/readme.nix
View File

@ -1,11 +0,0 @@
{ pkgs, ... }:
{
type = "app";
program = builtins.toString (
pkgs.writeShellScript "readme" ''
${pkgs.glow}/bin/glow --pager ${builtins.toString ../README.md}
''
);
}

17
apps/rebuild.nix
View File

@ -1,17 +0,0 @@
{ pkgs, ... }:
{
type = "app";
program = builtins.toString (
pkgs.writeShellScript "rebuild" ''
echo ${pkgs.system}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
if [ "$SYSTEM" == "darwin" ]; then
sudo darwin-rebuild switch --flake ${builtins.toString ../.}
else
doas nixos-rebuild switch --flake ${builtins.toString ../.}
fi
''
);
}

0
hosts-old/arrow/aws/ec2.tf → deploy/aws/ec2.tf
View File

0
hosts-old/arrow/aws/image.tf → deploy/aws/image.tf
View File

0
hosts-old/arrow/aws/main.tf → deploy/aws/main.tf
View File

0
hosts-old/arrow/aws/outputs.tf → deploy/aws/outputs.tf
View File

0
hosts-old/arrow/aws/variables.tf → deploy/aws/variables.tf
View File

0
hosts-old/arrow/vultr/main.tf → deploy/vultr/main.tf
View File

41
flake.nix
View File

@ -327,9 +327,9 @@
]; ];
}; };
x86_64-linux-hosts = (import ./hosts-by-platform nixpkgs).x86_64-linux-hosts; x86_64-linux-hosts = (import ./hosts nixpkgs).x86_64-linux-hosts;
aarch64-linux-hosts = (import ./hosts-by-platform nixpkgs).aarch64-linux-hosts; aarch64-linux-hosts = (import ./hosts nixpkgs).aarch64-linux-hosts;
aarch64-darwin-hosts = (import ./hosts-by-platform nixpkgs).aarch64-darwin-hosts; aarch64-darwin-hosts = (import ./hosts nixpkgs).aarch64-darwin-hosts;
in in
rec { rec {
@ -443,39 +443,12 @@
# aarch64-darwin.neovim = neovim "aarch64-darwin"; # aarch64-darwin.neovim = neovim "aarch64-darwin";
# }; # };
mypackages = forAllSystems (system: pkgsBySystem.${system}.nmasur); packages = forAllSystems (system: pkgsBySystem.${system}.nmasur);
packages = mypackages;
# # Programs that can be run by calling this flake
# apps = forAllSystems (
# system:
# let
# pkgs = import nixpkgs { inherit system overlays; };
# in
# import ./apps { inherit pkgs; }
# );
# Development environments # Development environments
devShells = forAllSystems ( devShells = forAllSystems (system: {
system: default = pkgsBySystem.${system}.nmasur.dotfiles-devshell;
let });
pkgs = import nixpkgs { inherit system overlays; };
in
{
# Used to run commands and edit files in this repo
default = pkgs.mkShell {
buildInputs = with pkgs; [
git
stylua
nixfmt-rfc-style
shfmt
shellcheck
];
};
}
);
checks = forAllSystems ( checks = forAllSystems (
system: system:

41
hosts-old/arrow/default.nix
View File

@ -1,41 +0,0 @@
# The Arrow
# System configuration for temporary VM
{
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = import ./modules.nix { inherit inputs globals overlays; } ++ [
{
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
virtualisation.vmVariant = {
virtualisation.forwardPorts = [
{
from = "host";
host.port = 2222;
guest.port = 22;
}
];
};
}
];
}

32
hosts-old/arrow/modules.nix
View File

@ -1,32 +0,0 @@
{
inputs,
globals,
overlays,
}:
[
globals
inputs.home-manager.nixosModules.home-manager
{
nixpkgs.overlays = overlays;
networking.hostName = "arrow";
physical = false;
server = true;
gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark;
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw deploy"
];
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
cloudflare.enable = true;
services.openssh.enable = true;
services.caddy.enable = true;
services.n8n.enable = true;
# nix-index seems to eat up too much memory for Vultr
home-manager.users.${globals.user}.programs.nix-index.enable = inputs.nixpkgs.lib.mkForce false;
}
../../modules/common
../../modules/nixos
]

51
hosts-old/hydra/default.nix
View File

@ -1,51 +0,0 @@
# The Hydra
# System configuration for WSL
# See [readme](../README.md) to explain how this file works.
{
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
../../modules/common
../../modules/nixos
../../modules/wsl
globals
inputs.wsl.nixosModules.wsl
inputs.home-manager.nixosModules.home-manager
{
networking.hostName = "hydra";
nixpkgs.overlays = overlays;
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = false;
theme = {
colors = (import ../../colorscheme/gruvbox).dark;
dark = true;
};
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
wsl = {
enable = true;
wslConf.automount.root = "/mnt";
defaultUser = globals.user;
startMenuLaunchers = true;
nativeSystemd = true;
wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN
interop.includePath = false; # Including Windows PATH will slow down Neovim command mode
};
neovim.enable = true;
mail.enable = true;
mail.aerc.enable = true;
mail.himalaya.enable = true;
dotfiles.enable = true;
lua.enable = true;
}
];
}

53
hosts-old/staff/default.nix
View File

@ -1,53 +0,0 @@
# The Staff
# ISO configuration for my USB drive
{
inputs,
system,
overlays,
...
}:
inputs.nixos-generators.nixosGenerate {
inherit system;
format = "install-iso";
modules = [
{
nixpkgs.overlays = overlays;
networking.hostName = "staff";
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
];
services.openssh = {
enable = true;
ports = [ 22 ];
allowSFTP = true;
settings = {
GatewayPorts = "no";
X11Forwarding = false;
PasswordAuthentication = false;
PermitRootLogin = "yes";
};
};
environment.systemPackages =
let
pkgs = import inputs.nixpkgs { inherit system overlays; };
in
with pkgs;
[
git
vim
wget
curl
(import ../../modules/common/neovim/package {
inherit pkgs;
colors = (import ../../colorscheme/gruvbox).dark;
})
];
nix.extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
}
];
}

0
hosts-by-platform/aarch64-darwin/lookingglass/default.nix → hosts/aarch64-darwin/lookingglass/default.nix
View File

0
hosts-by-platform/aarch64-linux/default.nix → hosts/aarch64-linux/default.nix
View File

0
hosts-by-platform/aarch64-linux/flame/cloudflared-flame.age → hosts/aarch64-linux/flame/cloudflared-flame.age
View File

0
hosts-by-platform/aarch64-linux/flame/default.nix → hosts/aarch64-linux/flame/default.nix
View File

0
hosts-by-platform/default.nix → hosts/default.nix
View File

32
hosts/x86_64-linux/arrow/default.nix Normal file
View File

@ -0,0 +1,32 @@
# The Arrow
# System configuration for temporary VM
rec {
# Hardware
networking.hostName = "arrow";
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
server.enable = true;
};
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
};
home.stateVersion = "23.05";
};
system.stateVersion = "23.05";
}

33
hosts/x86_64-linux/hydra/default.nix Normal file
View File

@ -0,0 +1,33 @@
# The Hydra
# System configuration for WSL
rec {
# Hardware
networking.hostName = "hydra";
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
wsl.enable = true;
};
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
power-user.enable = true;
};
home.stateVersion = "23.05";
};
system.stateVersion = "23.05";
}

0
hosts-by-platform/x86_64-linux/staff/default.nix → hosts/x86_64-linux/staff/default.nix
View File

0
hosts-by-platform/x86_64-linux/swan/cloudflared-swan.age → hosts/x86_64-linux/swan/cloudflared-swan.age
View File

15
hosts-by-platform/x86_64-linux/swan/default.nix → hosts/x86_64-linux/swan/default.nix
View File

@ -7,21 +7,6 @@ rec {
nmasur.settings = { nmasur.settings = {
username = "noah"; username = "noah";
fullName = "Noah Masur"; fullName = "Noah Masur";
# hostnames =
# let
# baseName = "masu.rs";
# in
# {
# audiobooks = "read.${baseName}";
# books = "books.${baseName}";
# content = "cloud.${baseName}";
# download = "download.${baseName}";
# files = "files.${baseName}";
# paperless = "paper.${baseName}";
# photos = "photos.${baseName}";
# prometheus = "prom.${baseName}";
# stream = "stream.${baseName}";
# };
}; };
nmasur.profiles = { nmasur.profiles = {

0
hosts-by-platform/x86_64-linux/swan/root.nix → hosts/x86_64-linux/swan/root.nix
View File

0
hosts-by-platform/x86_64-linux/tempest/cloudflared-tempest.age → hosts/x86_64-linux/tempest/cloudflared-tempest.age
View File

0
hosts-by-platform/x86_64-linux/tempest/default.nix → hosts/x86_64-linux/tempest/default.nix
View File

9
modules/README.md
View File

@ -1,9 +0,0 @@
# Modules
| Module | Purpose |
| --- | --- |
| [common](./common/default.nix) | User programs and OS-agnostic configuration |
| [darwin](./darwin/default.nix) | macOS-specific configuration |
| [nixos](./nixos/default.nix) | NixOS-specific configuration |
| [wsl](./wsl/default.nix) | WSL-specific configuration |

167
modules/common/default.nix
View File

@ -1,167 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./applications
./mail
./neovim
./programming
./repositories
./shell
];
options = {
# user = lib.mkOption {
# type = lib.types.str;
# description = "Primary user of the system";
# };
# fullName = lib.mkOption {
# type = lib.types.str;
# description = "Human readable name of the user";
# };
# userDirs = {
# # Required to prevent infinite recursion when referenced by himalaya
# download = lib.mkOption {
# type = lib.types.str;
# description = "XDG directory for downloads";
# default = if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads";
# };
# };
# identityFile = lib.mkOption {
# type = lib.types.str;
# description = "Path to existing private key file.";
# default = "/etc/ssh/ssh_host_ed25519_key";
# };
# homePath = lib.mkOption {
# type = lib.types.path;
# description = "Path of user's home directory.";
# default = builtins.toPath (
# if pkgs.stdenv.isDarwin then "/Users/${config.user}" else "/home/${config.user}"
# );
# };
# dotfilesPath = lib.mkOption {
# type = lib.types.path;
# description = "Path of dotfiles repository.";
# default = config.homePath + "/dev/personal/dotfiles";
# };
# dotfilesRepo = lib.mkOption {
# type = lib.types.str;
# description = "Link to dotfiles repository HTTPS URL.";
# };
# unfreePackages = lib.mkOption {
# type = lib.types.listOf lib.types.str;
# description = "List of unfree packages to allow.";
# default = [ ];
# };
# insecurePackages = lib.mkOption {
# type = lib.types.listOf lib.types.str;
# description = "List of insecure packages to allow.";
# default = [ ];
# };
# hostnames = {
# audiobooks = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for audiobook server (Audiobookshelf).";
# };
# budget = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for budgeting server (ActualBudget).";
# };
# files = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for files server (Filebrowser).";
# };
# git = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for git server (Gitea).";
# };
# metrics = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for metrics server.";
# };
# minecraft = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for Minecraft server.";
# };
# paperless = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for document server (paperless-ngx).";
# };
# photos = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for photo management (Immich).";
# };
# prometheus = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for Prometheus server.";
# };
# influxdb = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for InfluxDB2 server.";
# };
# secrets = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for passwords and secrets (Vaultwarden).";
# };
# stream = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for video/media library (Jellyfin).";
# };
# content = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for personal content system (Nextcloud).";
# };
# books = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for books library (Calibre-Web).";
# };
# download = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for download services.";
# };
# irc = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for IRC services.";
# };
# n8n = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for n8n automation.";
# };
# notifications = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for push notification services (ntfy).";
# };
# status = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for status page (Uptime-Kuma).";
# };
# transmission = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for peer2peer downloads (Transmission).";
# };
# };
};
config =
let
stateVersion = "23.05";
in
{
# Allow specified unfree packages (identified elsewhere)
# Retrieves package object based on string name
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.unfreePackages;
# Allow specified insecure packages (identified elsewhere)
nixpkgs.config.permittedInsecurePackages = config.insecurePackages;
# Pin a state version to prevent warnings
home-manager.users.${config.user}.home.stateVersion = stateVersion;
home-manager.users.root.home.stateVersion = stateVersion;
};
}

2
pkgs/applications/editors/neovim/nmasur/neovim/package.nix
View File

@ -28,7 +28,7 @@
{ {
pkgs, pkgs,
colors ? (import ../../../../../../colorscheme/gruvbox).dark, colors ? (import ../../../../../../colorscheme/nord).dark,
terraform ? false, terraform ? false,
github ? false, github ? false,
kubernetes ? false, kubernetes ? false,

18
pkgs/tools/misc/default/package.nix Normal file
View File

@ -0,0 +1,18 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "default" ''
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
echo ""
echo ""
${pkgs.gum}/bin/gum format --type=template -- \
' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}'
echo ""
echo ""
''

12
pkgs/tools/misc/dotfiles-devshell/package.nix Normal file
View File

@ -0,0 +1,12 @@
{ pkgs, ... }:
pkgs.mkShell {
name = "dotfiles-devshell";
buildInputs = with pkgs; [
git
stylua
nixfmt-rfc-style
shfmt
shellcheck
];
}

11
pkgs/tools/misc/encrypt-secret/package.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "encrypt-secret" ''
printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2
read -p "Secret: " secret
printf "\nEncrypting...\n\n" 1>&2
tmpfile=$(mktemp)
echo "''${secret}" > ''${tmpfile}
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../../../../misc/public-keys} $tmpfile
rm $tmpfile
''

44
pkgs/tools/misc/installer/package.nix Normal file
View File

@ -0,0 +1,44 @@
{ pkgs, ... }:
# Inspired by https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix
# This script will partition and format drives; use at your own risk!
pkgs.writeShellScriptBin "installer" ''
set -e
DISK=$1
FLAKE=$2
PARTITION_PREFIX=""
if [ -z "$DISK" ] || [ -z "$FLAKE" ]; then
${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
--foreground "#fb4934" \
"Missing required parameter." \
"Usage: installer -- <disk> <host>" \
"Example: installer -- nvme0n1 tempest" \
"Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest"
echo "(exiting)"
exit 1
fi
case "$DISK" in nvme*)
PARTITION_PREFIX="p"
esac
${pkgs.gum}/bin/gum confirm \
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
--default=false
${pkgs.parted}/bin/parted /dev/''${DISK} -- mklabel gpt
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart primary 512MiB 100%
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart ESP fat32 1MiB 512MiB
${pkgs.parted}/bin/parted /dev/''${DISK} -- set 3 esp on
mkfs.ext4 -L nixos /dev/''${DISK}''${PARTITION_PREFIX}1
mkfs.fat -F 32 -n boot /dev/''${DISK}''${PARTITION_PREFIX}2
mount /dev/disk/by-label/nixos /mnt
mkdir --parents /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
${pkgs.nixos-install-tools}/bin/nixos-install --flake github:nmasur/dotfiles#''${FLAKE}
''

5
pkgs/tools/misc/readme/package.nix Normal file
View File

@ -0,0 +1,5 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "readme" ''
${pkgs.glow}/bin/glow --pager ${builtins.toString ../../../../README.md}
''

11
pkgs/tools/misc/rebuild/package.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "rebuild" ''
echo ${pkgs.system}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
if [ "$SYSTEM" == "darwin" ]; then
sudo darwin-rebuild switch --flake ${builtins.toString ../../../../.}
else
doas nixos-rebuild switch --flake ${builtins.toString ../../../../.}
fi
''

8
platforms/nixos/modules/nmasur/profiles/base.nix
View File

@ -18,11 +18,6 @@ in
nmasur.presets = { nmasur.presets = {
vm.enable = lib.mkDefault true; vm.enable = lib.mkDefault true;
services = {
# Allow tunneling into the machine
cloudflared.enable = lib.mkDefault true;
openssh.enable = lib.mkDefault true;
};
programs = { programs = {
doas.enable = lib.mkDefault true; doas.enable = lib.mkDefault true;
}; };
@ -30,7 +25,6 @@ in
programs.fish.enable = lib.mkDefault config.home-manager.users.${username}.programs.fish.enable; programs.fish.enable = lib.mkDefault config.home-manager.users.${username}.programs.fish.enable;
# Allows us to declaritively set password # Allows us to declaritively set password
users.mutableUsers = lib.mkDefault false; users.mutableUsers = lib.mkDefault false;
@ -75,5 +69,7 @@ programs.fish.enable = lib.mkDefault config.home-manager.users.${username}.progr
allowUnfreePackages = config.home-manager.users.${username}.allowUnfreePackages; allowUnfreePackages = config.home-manager.users.${username}.allowUnfreePackages;
wsl.enable = lib.mkDefault false;
}; };
} }

11
platforms/nixos/modules/nmasur/profiles/wsl.nix
View File

@ -1,6 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
let let
inherit (config.nmasur.settings) username;
cfg = config.nmasur.profiles.wsl; cfg = config.nmasur.profiles.wsl;
in in
@ -9,6 +10,16 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
wsl = {
enable = true;
wslConf.automount.root = lib.mkDefault "/mnt";
defaultUser = lib.mkDefault username;
startMenuLaunchers = lib.mkDefault true;
nativeSystemd = lib.mkDefault true;
wslConf.network.generateResolvConf = lib.mkDefault true; # Turn off if it breaks VPN
interop.includePath = lib.mkDefault false; # Including Windows PATH will slow down Neovim command mode
};
# # Replace config directory with our repo, since it sources from config on # # Replace config directory with our repo, since it sources from config on
# # every launch # # every launch
# system.activationScripts.configDir.text = '' # system.activationScripts.configDir.text = ''