noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-06 22:30:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:324956c09158d044f7bc81cfc5fddf7a4f798773
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
..
compare: noah:darwin-ssl
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

1 Commits
324956c091 ... darwin-ssl

Author SHA1 Message Date
Noah Masur
fca998e14c add ssl certs for darwin even though it didn't work 2022-09-21 16:25:16 -04:00
376 changed files with 4320 additions and 12632 deletions
Expand all files Collapse all files

20
.github/workflows/check.yml vendored
View File

@ -1,20 +0,0 @@
name: Check Build
on:
workflow_dispatch: # allows manual triggering
jobs:
check:
name: Check
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
- name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v5
- name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Check the Flake
run: nix flake check

63
.github/workflows/update.yml vendored
View File

@ -1,63 +0,0 @@
name: Update Flake
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '33 3 * * 0' # runs weekly on Sunday at 03:33
permissions:
contents: write
pull-requests: write
checks: write
jobs:
lockfile:
name: Lockfile
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
- name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v5
- name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v19
id: update
with:
pr-title: "Update flake.lock" # Title of PR to be created
pr-labels: | # Labels to be set on the PR
dependencies
automated
- name: Check the Flake
id: check
run: nix flake check
- name: Update Check Status
uses: LouisBrunner/checks-action@v1.6.1
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: Update Flake
conclusion: ${{ job.status }}
output: |
{"summary":"${{ steps.check.outputs.stdout }}"}
- name: Enable Pull Request Automerge
if: success()
run: |
gh pr merge \
--rebase \
--auto \
${{ steps.update.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ github.token }}
- name: Close Pull Request If Failed
if: failure()
run: |
gh pr close \
--comment "Auto-closing pull request" \
--delete-branch \
${{ steps.update.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ github.token }}

4
.gitignore vendored
View File

@ -3,6 +3,4 @@
*.db
**/.direnv/**
result
private/**
templates/**/flake.lock
!private/**.age
.luarc.json

135
README.md
View File

@ -1,93 +1,82 @@
# System Configurations
This repository contains configuration files for my NixOS, macOS, and WSL
hosts.
They are organized and managed by [Nix](https://nixos.org), so some of the
configuration may be difficult to translate to a non-Nix system.
## System Features
| Feature | Program | Configuration |
| --- | --- | --- |
| OS | [NixOS](https://nixos.org) | [Link](./modules/nixos) |
| Display Server | [X11](https://www.x.org/wiki/) | [Link](./modules/nixos/graphical/xorg.nix) |
| Compositor | [Picom](https://github.com/yshui/picom) | [Link](./modules/nixos/graphical/picom.nix) |
| Window Manager | [i3](https://i3wm.org/) | [Link](./modules/nixos/graphical/i3.nix) |
| Panel | [Polybar](https://polybar.github.io/) | [Link](./modules/nixos/graphical/polybar.nix) |
| Font | [Victor Mono](https://rubjo.github.io/victor-mono/) | [Link](./modules/nixos/graphical/fonts.nix) |
| Launcher | [Rofi](https://github.com/davatorium/rofi) | [Link](./modules/nixos/graphical/rofi.nix) |
## User Features
| Feature | Program | Configuration |
| --- | --- | --- |
| Dotfiles | [Home-Manager](https://github.com/nix-community/home-manager) | [Link](./modules/common) |
| Terminal | [Kitty](https://sw.kovidgoyal.net/kitty/) | [Link](./modules/common/applications/kitty.nix) |
| Shell | [Fish](https://fishshell.com/) | [Link](./modules/common/shell/fish) |
| Shell Prompt | [Starship](https://starship.rs/) | [Link](./modules/common/shell/starhip.nix) |
| Colorscheme | [Gruvbox](https://github.com/morhetz/gruvbox) | [Link](./colorscheme/gruvbox/default.nix) |
| Wallpaper | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix) |
| Text Editor | [Neovim](https://neovim.io/) | [Link](./modules/common/neovim/config) |
| Browser | [Firefox](https://www.mozilla.org/en-US/firefox/new/) | [Link](./modules/common/applications/firefox.nix) |
| E-Mail | [Aerc](https://aerc-mail.org/) | [Link](./modules/common/mail/aerc.nix) |
| File Manager | [Nautilus](https://wiki.gnome.org/action/show/Apps/Files) | [Link](./modules/common/applications/nautilus.nix) |
| PDF Reader | [Zathura](https://pwmt.org/projects/zathura/) | [Link](./modules/common/applications/media.nix) |
| Video Player | [mpv](https://mpv.io/) | [Link](./modules/common/applications/media.nix) |
## macOS Features
| Feature | Program | Configuration |
| --- | --- | --- |
| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
# Diagram
![Diagram](https://github.com/nmasur/dotfiles/assets/7386960/ed3e7202-09c4-4a9c-9b14-0272c01647f6)
- [flake.nix](./flake.nix)
- [hosts](./hosts/)
- [modules](./modules/)
---
# Unique Configurations
This repo contains a few more elaborate elements of configuration.
- [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
and source-controlled plugins, differing based on installed LSPs, for example.
- [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based
dynamically on enabled services rendered with Nix.
- [Grafana config](./modules/nixos/services/grafana.nix) rendered with Nix.
- Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
agenix.
- Base16 [colorschemes](./colorscheme/) applied to multiple applications,
including Firefox userChrome.
---
# Installation
Click [here](./docs/installation.md) for detailed installation instructions.
## NixOS - From Live Disk
# Neovim
Format drives and build system from any NixOS host, including the live
installer disk:
Try out my Neovim config with nix:
**This will erase your drives; use at your own risk!**
```bash
nix run github:nmasur/dotfiles#neovim
lsblk # Choose the disk you want to wipe
nix-shell -p nixFlakes
nix run github:nmasur/dotfiles#installer -- nvme0n1 desktop
```
Or build it as a package:
## NixOS - From Existing System
If you're already running NixOS, you can switch to this configuration with the
following command:
```bash
nix build github:nmasur/dotfiles#neovim
nix-shell -p nixFlakes
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#desktop
```
If you already have a Neovim configuration, you may need to move it out of
`~/.config/nvim` or set `XDG_CONFIG_HOME` to another value; otherwise both
configs might conflict with each other.
## Windows - From NixOS WSL
After [installing NixOS on
WSL](https://xeiaso.net/blog/nix-flakes-4-wsl-2022-05-01), you can switch to
the WSL configuration:
```
nix-shell -p nixFlakes
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#wsl
```
## macOS
To get started on a bare macOS installation, first install Nix:
```bash
sh -c "$(curl -L https://nixos.org/nix/install)"
```
Then use Nix to build nix-darwin:
```bash
nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
./result/bin/darwin-installer
```
Then switch to the macOS configuration:
```bash
darwin-rebuild switch --flake github:nmasur/dotfiles#macbook
```
### Dealing with corporate MITM SSL certificates:
```bash
# Get the certificates
openssl s_client -showcerts -verify 5 -connect cache.nixos.org:443 < /dev/null
# Paste them in here
sudo nvim $NIX_SSL_CERT_FILE
```
### Dealing with Neovim issues:
Update Neovim Packer plugins: `:PackerSync`
Update TreeSitter languages: `:TSUpdateSync`
---
# Flake Templates

9
apps/README.md
View File

@ -1,9 +0,0 @@
# Apps
These are all my miscellaneous utilies and scripts to accompany this project.
They can be run with:
```
nix run github:nmasur/dotfiles#appname
```

34
apps/default.nix
View File

@ -1,34 +0,0 @@
{ pkgs, ... }: rec {
# Show quick helper
default = import ./help.nix { inherit pkgs; };
# Format primary disk
format-root = import ./format-root.nix { inherit pkgs; };
# Format and install from nothing (deprecated)
installer = import ./installer.nix { inherit pkgs; };
# Display the readme for this repository
readme = import ./readme.nix { inherit pkgs; };
# Rebuild
rebuild = import ./rebuild.nix { inherit pkgs; };
# Load the SSH key for this machine
loadkey = import ./loadkey.nix { inherit pkgs; };
# Encrypt secret for all machines
encrypt-secret = import ./encrypt-secret.nix { inherit pkgs; };
# Re-encrypt secrets for all machines
reencrypt-secrets = import ./reencrypt-secrets.nix { inherit pkgs; };
# Connect machine metrics to Netdata Cloud
netdata = import ./netdata-cloud.nix { inherit pkgs; };
# Run neovim as an app
neovim = import ./neovim.nix { inherit pkgs; };
nvim = neovim;
}

19
apps/encrypt-secret.nix
View File

@ -1,19 +0,0 @@
{ pkgs, ... }: {
# nix run github:nmasur/dotfiles#encrypt-secret > private/mysecret.age
type = "app";
program = builtins.toString (pkgs.writeShellScript "encrypt-secret" ''
printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2
read -p "Secret: " secret
printf "\nEncrypting...\n\n" 1>&2
tmpfile=$(mktemp)
echo "''${secret}" > ''${tmpfile}
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
builtins.toString ../misc/public-keys
} $tmpfile
rm $tmpfile
'');
}

39
apps/format-root.nix
View File

@ -1,39 +0,0 @@
{ pkgs, ... }: {
# This script will partition and format drives; use at your own risk!
type = "app";
program = builtins.toString (pkgs.writeShellScript "format-root" ''
set -e
DISK=$1
if [ -z "''${DISK}" ]; then
${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
--foreground "#fb4934" \
"Missing required parameter." \
"Usage: format-root -- <disk>" \
"Flake example: nix run github:nmasur/dotfiles#format-root -- nvme0n1"
echo "(exiting)"
exit 1
fi
${pkgs.disko-packaged}/bin/disko \
--mode create \
--dry-run \
--flake "path:$(pwd)#root" \
--arg disk \""/dev/''${DISK}"\"
${pkgs.gum}/bin/gum confirm \
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
--default=false
${pkgs.disko-packaged}/bin/disko \
--mode create \
--flake "path:$(pwd)#root" \
--arg disk "/dev/''${DISK}"
'');
}

23
apps/help.nix
View File

@ -1,23 +0,0 @@
{ pkgs, ... }: {
type = "app";
program = builtins.toString (pkgs.writeShellScript "default" ''
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
echo ""
echo ""
${pkgs.gum}/bin/gum format --type=template -- \
' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \
' {{ Color "15" "57" " netdata " }} {{ Italic "Connect a machine to Netdata cloud." }}'
echo ""
echo ""
'');
}

24
apps/installer.nix
View File

@ -13,12 +13,10 @@
PARTITION_PREFIX=""
if [ -z "$DISK" ] || [ -z "$FLAKE" ]; then
${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
--foreground "#fb4934" \
"Missing required parameter." \
"Usage: installer -- <disk> <host>" \
"Example: installer -- nvme0n1 tempest" \
"Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest"
echo "Missing required parameter."
echo "Usage: installer -- <disk> <host>"
echo "Example: installer -- nvme0n1 desktop"
echo "Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 desktop"
echo "(exiting)"
exit 1
fi
@ -27,14 +25,10 @@
PARTITION_PREFIX="p"
esac
${pkgs.gum}/bin/gum confirm \
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
--default=false
${pkgs.parted}/bin/parted /dev/''${DISK} -- mklabel gpt
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart primary 512MiB 100%
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart ESP fat32 1MiB 512MiB
${pkgs.parted}/bin/parted /dev/''${DISK} -- set 3 esp on
parted /dev/''${DISK} -- mklabel gpt
parted /dev/''${DISK} -- mkpart primary 512MiB 100%
parted /dev/''${DISK} -- mkpart ESP fat32 1MiB 512MiB
parted /dev/''${DISK} -- set 3 esp on
mkfs.ext4 -L nixos /dev/''${DISK}''${PARTITION_PREFIX}1
mkfs.fat -F 32 -n boot /dev/''${DISK}''${PARTITION_PREFIX}2
@ -42,7 +36,7 @@
mkdir --parents /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
${pkgs.nixos-install-tools}/bin/nixos-install --flake github:nmasur/dotfiles#''${FLAKE}
nixos-install --flake github:nmasur/dotfiles#''${FLAKE}
'');
}

13
apps/loadkey.nix
View File

@ -1,13 +0,0 @@
{ pkgs, ... }: {
type = "app";
program = builtins.toString (pkgs.writeShellScript "loadkey" ''
printf "\nEnter the seed phrase for your SSH key...\n"
printf "\nThen press ^D when complete.\n\n"
mkdir -p ~/.ssh/
${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519
printf "\n\nContinuing activation.\n\n"
'');
}

12
apps/neovim.nix
View File

@ -1,12 +0,0 @@
{ pkgs, ... }: {
type = "app";
program = "${
(import ../modules/common/neovim/package {
inherit pkgs;
colors = (import ../colorscheme/nord).dark;
})
}/bin/nvim";
}

19
apps/netdata-cloud.nix
View File

@ -1,19 +0,0 @@
{ pkgs, ... }: {
type = "app";
program = builtins.toString (pkgs.writeShellScript "netdata-cloud" ''
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
mkdir --parents --mode 0750 /var/lib/netdata/cloud.d
printf "\nEnter the claim token for netdata cloud...\n\n"
read -p "Token: " token
echo "''${token}" > /var/lib/netdata/cloud.d/token
chown -R netdata:netdata /var/lib/netdata
${pkgs.netdata}/bin/netdata-claim.sh -id=$(uuidgen)
printf "\n\nNow restart netdata service.\n\n"
'');
}

2
apps/readme.nix
View File

@ -3,7 +3,7 @@
type = "app";
program = builtins.toString (pkgs.writeShellScript "readme" ''
${pkgs.glow}/bin/glow --pager ${builtins.toString ../README.md}
${pkgs.glow}/bin/glow ${builtins.toString ../README.md}
'');
}

15
apps/rebuild.nix
View File

@ -1,15 +0,0 @@
{ pkgs, ... }: {
type = "app";
program = builtins.toString (pkgs.writeShellScript "rebuild" ''
echo ${pkgs.system}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
if [ "$SYSTEM" == "darwin" ]; then
sudo darwin-rebuild switch --flake ${builtins.toString ../.}
else
doas nixos-rebuild switch --flake ${builtins.toString ../.}
fi
'');
}

27
apps/reencrypt-secrets.nix
View File

@ -1,27 +0,0 @@
{ pkgs, ... }: {
# nix run github:nmasur/dotfiles#reencrypt-secrets ./private
type = "app";
program = builtins.toString (pkgs.writeShellScript "reencrypt-secrets" ''
if [ $# -eq 0 ]; then
echo "Must provide directory to reencrypt."
exit 1
fi
encrypted=$1
for encryptedfile in ''${1}/*; do
tmpfile=$(mktemp)
echo "Decrypting ''${encryptedfile}..."
${pkgs.age}/bin/age --decrypt \
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
echo "Encrypting ''${encryptedfile}..."
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
builtins.toString ../misc/public-keys
} $tmpfile > $encryptedfile
rm $tmpfile
done
echo "Finished."
'');
}

5
colorscheme/README.md
View File

@ -1,5 +0,0 @@
# Colorschemes
Color information for different themes is found here. The colors are sourced
and used with [base16](https://github.com/chriskempson/base16) format
consistently across the system.

24
colorscheme/everforest/default.nix
View File

@ -1,24 +0,0 @@
{
name = "everforest"; # dark, hard
author = "Sainnhe Park";
dark = {
base00 = "#2b3339"; # Default Background
base01 = "#323c41"; # Lighter Background
base02 = "#503946"; # Selection Background
base03 = "#868d80"; # Comments, Invisibles, Line Highlighting
base04 = "#d3c6aa"; # Dark Foreground (Used for status bars)
base05 = "#d3c6aa"; # Default Foreground, Caret, Delimiters, Operators
base06 = "#e9e8d2"; # Light Foreground (Not often used)
base07 = "#fff9e8"; # Light Background (Not often used)
base08 = "#7fbbb3"; # Variables, XML Tags, Markup Link Text, ...
base09 = "#d699b6"; # Integers, Boolean, Constants, ...
base0A = "#83c092"; # Classes, Markup Bold, Search Text Background
base0B = "#dbbc7f"; # Strings, Inherited Class, Markup Code, Diff Inserted
base0C = "#e69875"; # Support, Regular Expressions, Escape Characters, ...
base0D = "#a7c080"; # Functions, Methods, Attribute IDs, Headings
base0E =
"#e67e80"; # Keywords, Storage, Selector, Markup Italic, Diff Changed
base0F =
"#d699b6"; # Deprecated, Opening/Closing Embedded Language Tags, ...
};
}

45
colorscheme/gruvbox-dark/default.nix
View File

@ -1,45 +0,0 @@
# Gruvbox with a darker background for greater contrast
{
name = "gruvbox-dark"; # Dark, Medium
author =
"Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox), ElRastaOk (https://www.reddit.com/user/ElRastaOk)";
dark = {
base00 = "#1D2122"; # ---- This is the change from normal gruvbox
base01 = "#3c3836"; # ---
base02 = "#504945"; # --
base03 = "#665c54"; # -
base04 = "#bdae93"; # +
base05 = "#d5c4a1"; # ++
base06 = "#ebdbb2"; # +++
base07 = "#fbf1c7"; # ++++
base08 = "#fb4934"; # red
base09 = "#fe8019"; # orange
base0A = "#fabd2f"; # yellow
base0B = "#b8bb26"; # green
base0C = "#8ec07c"; # aqua/cyan
base0D = "#83a598"; # blue
base0E = "#d3869b"; # purple
base0F = "#d65d0e"; # brown
batTheme = "gruvbox-dark";
};
light = {
base00 = "#fbf1c7"; # ----
base01 = "#ebdbb2"; # ---
base02 = "#d5c4a1"; # --
base03 = "#bdae93"; # -
base04 = "#665c54"; # +
base05 = "#504945"; # ++
base06 = "#3c3836"; # +++
base07 = "#1D2122"; # ++++ Adjusted darker here
base08 = "#9d0006"; # red
base09 = "#af3a03"; # orange
base0A = "#b57614"; # yellow
base0B = "#79740e"; # green
base0C = "#427b58"; # aqua/cyan
base0D = "#076678"; # blue
base0E = "#8f3f71"; # purple
base0F = "#d65d0e"; # brown
batTheme = "gruvbox-light";
};
}

43
colorscheme/gruvbox/default.nix
View File

@ -1,43 +0,0 @@
{
name = "gruvbox"; # Dark, Medium
author =
"Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox)";
dark = {
base00 = "#282828"; # ----
base01 = "#3c3836"; # ---
base02 = "#504945"; # --
base03 = "#665c54"; # -
base04 = "#bdae93"; # +
base05 = "#d5c4a1"; # ++
base06 = "#ebdbb2"; # +++
base07 = "#fbf1c7"; # ++++
base08 = "#fb4934"; # red
base09 = "#fe8019"; # orange
base0A = "#fabd2f"; # yellow
base0B = "#b8bb26"; # green
base0C = "#8ec07c"; # aqua/cyan
base0D = "#83a598"; # blue
base0E = "#d3869b"; # purple
base0F = "#d65d0e"; # brown
batTheme = "gruvbox-dark";
};
light = {
base00 = "#fbf1c7"; # ----
base01 = "#ebdbb2"; # ---
base02 = "#d5c4a1"; # --
base03 = "#bdae93"; # -
base04 = "#665c54"; # +
base05 = "#504945"; # ++
base06 = "#3c3836"; # +++
base07 = "#282828"; # ++++
base08 = "#9d0006"; # red
base09 = "#af3a03"; # orange
base0A = "#b57614"; # yellow
base0B = "#79740e"; # green
base0C = "#427b58"; # aqua/cyan
base0D = "#076678"; # blue
base0E = "#8f3f71"; # purple
base0F = "#d65d0e"; # brown
batTheme = "gruvbox-light";
};
}

23
colorscheme/nord/default.nix
View File

@ -1,23 +0,0 @@
{
name = "nord";
author = "arcticicestudio";
dark = {
base00 = "#2E3440";
base01 = "#3B4252";
base02 = "#434C5E";
base03 = "#4C566A";
base04 = "#D8DEE9";
base05 = "#E5E9F0";
base06 = "#ECEFF4";
base07 = "#8FBCBB";
base08 = "#88C0D0";
base09 = "#81A1C1";
base0A = "#5E81AC";
base0B = "#BF616A";
base0C = "#D08770";
base0D = "#EBCB8B";
base0E = "#A3BE8C";
base0F = "#B48EAD";
batTheme = "nord";
};
}

5
disks/README.md
View File

@ -1,5 +0,0 @@
# Disks
These are my [disko](https://github.com/nix-community/disko) configurations,
which allow me to save desired disk formatting layouts as a declarative file so
I don't have to remember how to format my disks later on.

42
disks/root.nix
View File

@ -1,42 +0,0 @@
{ disk, ... }: {
disk = {
boot = {
type = "disk";
device = disk;
content = {
type = "table";
format = "gpt";
partitions = [
# Boot partition
{
name = "ESP";
start = "0";
end = "512MiB";
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
extraArgs = [ "-n boot" ];
};
}
# Root partition ext4
{
name = "root";
start = "512MiB";
end = "100%";
part-type = "primary";
bootable = true;
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
extraArgs = [ "-L nixos" ];
};
}
];
};
};
};
}

95
disks/zfs.nix
View File

@ -1,95 +0,0 @@
{ pool, disks, ... }: {
disk = lib.genAttrs disks (disk: {
"${disk}" = {
type = "disk";
device = "/dev/${disk}";
content = {
type = "table";
format = "gpt";
partitions = [{
type = "partition";
name = "zfs";
start = "128MiB";
end = "100%";
content = {
type = "zfs";
pool = pool;
};
}];
};
};
});
zpool = {
"${pool}" = {
type = "zpool";
mode = "raidz1";
rootFsOptions = {
compression = "on"; # lz4 by default
"com.sun:auto-snapshot" = "false";
ashift = "12";
};
# mountpoint = "/";
datasets = {
root = {
zfs_type = "filesystem";
mountpoint = null;
options."com.sun:auto-snapshot" = "false";
};
# "media/movies" = {
# zfs_type = "filesystem";
# mountpoint = "/media/movies";
# options.recordsize = "1M";
# };
# "media/tv" = {
# zfs_type = "filesystem";
# mountpoint = "/media/tv";
# options.recordsize = "1M";
# };
# "media/books" = {
# zfs_type = "filesystem";
# mountpoint = "/media/books";
# };
# archive = {
# zfs_type = "filesystem";
# mountpoint = "/archive";
# options.compression = "zstd";
# options."com.sun:auto-snapshot" = "true";
# };
# zfs_unmounted_fs = {
# zfs_type = "filesystem";
# options.mountpoint = "none";
# };
# zfs_legacy_fs = {
# zfs_type = "filesystem";
# options.mountpoint = "legacy";
# mountpoint = "/zfs_legacy_fs";
# };
# zfs_testvolume = {
# zfs_type = "volume";
# size = "10M";
# content = {
# type = "filesystem";
# format = "ext4";
# mountpoint = "/ext4onzfs";
# };
# };
# encrypted = {
# zfs_type = "filesystem";
# size = "20M";
# options = {
# mountpoint = "none";
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
# };
# };
# "encrypted/test" = {
# zfs_type = "filesystem";
# size = "2M";
# mountpoint = "/zfs_crypted";
# };
};
};
};
}

4
docs/README.md
View File

@ -1,4 +0,0 @@
# Documentation
Reference documents for some of the more complicated services and maintenance
tasks.

72
docs/installation.md
View File

@ -1,72 +0,0 @@
[Back to README](../README.md)
---
# Installation
## NixOS - From Live Disk
Format drives and build system from any NixOS host, including the live
installer disk:
**This will erase your drives; use at your own risk!**
```bash
lsblk # Choose the disk you want to wipe
nix-shell -p nixVersions.stable
nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest
```
## NixOS - From Existing System
If you're already running NixOS, you can switch to this configuration with the
following command:
```bash
nix-shell -p nixVersions.stable
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#tempest
```
## Windows - From NixOS WSL
After [installing NixOS on
WSL](https://xeiaso.net/blog/nix-flakes-4-wsl-2022-05-01), you can switch to
the WSL configuration:
```
nix-shell -p nixVersions.stable
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#hydra
```
You should also download the
[FiraCode](https://github.com/ryanoasis/nerd-fonts/releases/download/v2.2.2/FiraCode.zip)
font and install it on Windows. Install [Alacritty](https://alacritty.org/) and
move the `windows/alacritty.yml` file to
`C:\Users\<user>\AppData\Roaming\alacritty`.
## macOS
To get started on a bare macOS installation, first install Nix:
```bash
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
```
Launch a new shell. Then use Nix to switch to the macOS configuration:
```bash
sudo rm /etc/bashrc
sudo rm /etc/nix/nix.conf
nix \
--extra-experimental-features flakes \
--extra-experimental-features nix-command \
run nix-darwin -- switch \
--flake github:nmasur/dotfiles#lookingglass
```
Once installed, you can continue to update the macOS configuration:
```bash
darwin-rebuild switch --flake ~/dev/personal/dotfiles
```

65
docs/repair-nextcloud.md
View File

@ -1,65 +0,0 @@
# Repairing Nextcloud
You can run the maintenance commands like this:
```
sudo -u nextcloud nextcloud-occ maintenance:mode --on
sudo -u nextcloud nextcloud-occ maintenance:repair
sudo -u nextcloud nextcloud-occ maintenance:mode --off
```
## Rescan Files
```
sudo -u nextcloud nextcloud-occ files:scan --all
```
## Converting from SQLite to MySQL (mariadb)
First: keep Nextcloud set to SQLite as its dbtype, and separately launch MySQL
as a service by copying the configuration found
[here](https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/nextcloud.nix).
No password is necessary, since the user-based auth works with UNIX sockets.
You can connect to the MySQL instance like this:
```
sudo -u nextcloud mysql -S /run/mysqld/mysqld.sock
```
Create a blank database for Nextcloud:
```sql
create database nextcloud;
```
Now setup the [conversion](https://docs.nextcloud.com/server/17/admin_manual/configuration_database/db_conversion.html):
```
sudo -u nextcloud nextcloud-occ db:convert-type mysql nextcloud localhost nextcloud
```
Ignore the password prompt. Proceed with the conversion.
Now `config.php` will be updated but the override config from NixOS will not
be. Now update your NixOS configuration:
- Remove the `mysql` service you created.
- Set `dbtype` to `mysql`.
- Set `database.createLocally` to `true`.
Rebuild your configuration.
Now, make sure to enable [4-byte
support](https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/mysql_4byte_support.html)
in the database.
## Backing Up MySQL Database
Use this mysqldump command:
```
sudo -u nextcloud mysqldump -S /run/mysqld/mysqld.sock --default-character-set=utf8mb4 nextcloud > backup.sql
```

23
docs/restore-calibre.md
View File

@ -1,23 +0,0 @@
# Restoring Calibre From Backup
The `metadata.db` holds the library and `app.db` and `gdrive.db` contain the
web/account information.
Place books directories in `/data/books/`.
Place `metadata.db` in `/var/lib/calibre-web-db/`.
Symlink `metadata.db` to the library:
```
sudo ln -s /var/lib/calibre-web-db/metadata.db /data/books/metadata.db
```
Place `app.db` and `gdrive.db` in `/var/lib/calibre-web/`.
Restart Calibre:
```
sudo systemctl restart calibre-web.service
```

45
docs/zfs.md
View File

@ -1,45 +0,0 @@
# ZFS
Swan runs its root on ext4. The ZFS drives are managed imperatively (this
[disko configuration](../disks/zfs.nix) is an unused work-in-progress).
The basic ZFS settings are managed [here](../modules/nixos/hardware/zfs.nix).
## Creating a New Dataset
```
sudo zfs create tank/mydataset
sudo zfs set compression=zstd tank/myzstddataset
sudo zfs set mountpoint=/data/mydataset tank/mydataset
```
## Maintenance
### Get Status
```
sudo zpool status
```
### Replace Disk
```
sudo zdb
sudo zpool status -g # Show by GUID
sudo zpool offline tank <GUID>
sudo zpool status
# Remove old disk, insert new disk
sudo zdb
sudo zpool replace tank <OLD GUID> /dev/disk/by-id/<NEW PATH>
sudo zpool status
```
## Initial Setup
```
sudo zpool create tank raidz1 sda sdb sdc
sudo zpool set ashift=12 tank
sudo zpool set autoexpand=on tank
sudo zpool set compression=on tank
```

746
flake.lock generated
View File

@ -1,104 +1,5 @@
{
"nodes": {
"Comment-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1681214440,
"narHash": "sha256-48hy+hiaDJLlgWqC7IeZI3dT+VwWkRo4atQbyPxu/ys=",
"owner": "numToStr",
"repo": "Comment.nvim",
"rev": "e51f2b142d88bb666dcaa77d93a07f4b419aca70",
"type": "github"
},
"original": {
"owner": "numToStr",
"ref": "v0.8.0",
"repo": "Comment.nvim",
"type": "github"
}
},
"age": {
"flake": false,
"locked": {
"lastModified": 1672087018,
"narHash": "sha256-LRxxJQLQkzoCNYGS/XBixVmYXoZ1mPHKvFicPGXYLcw=",
"owner": "FiloSottile",
"repo": "age",
"rev": "c6dcfa1efcaa27879762a934d5bea0d1b83a894c",
"type": "github"
},
"original": {
"owner": "FiloSottile",
"ref": "v1.1.1",
"repo": "age",
"type": "github"
}
},
"baleia-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1704551058,
"narHash": "sha256-0NmiGzMFvL1awYOVtiaSd+O4sAR524x68xwWLgArlqs=",
"owner": "m00qek",
"repo": "baleia.nvim",
"rev": "6d9cbdaca3a428bc7296f838fdfce3ad01ee7495",
"type": "github"
},
"original": {
"owner": "m00qek",
"repo": "baleia.nvim",
"type": "github"
}
},
"bufferline-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1695205521,
"narHash": "sha256-MQMpXMgUpZA0E9TunzjXeOQxDWSCTogXbvi9VJnv4Kw=",
"owner": "akinsho",
"repo": "bufferline.nvim",
"rev": "6ecd37e0fa8b156099daedd2191130e083fb1490",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v4.4.0",
"repo": "bufferline.nvim",
"type": "github"
}
},
"bypass-paywalls-clean": {
"flake": false,
"locked": {
"lastModified": 1705573187,
"narHash": "sha256-eDjesK2DON3pG9faUSTNPG1xWieV8LG75Rf+crGk3Lk=",
"owner": "magnolia1234",
"repo": "bpc-uploads",
"rev": "55af5ff1f6a7f8ea7fc57253029c07de8f481c62",
"type": "gitlab"
},
"original": {
"owner": "magnolia1234",
"repo": "bpc-uploads",
"type": "gitlab"
}
},
"cmp-nvim-lsp-src": {
"flake": false,
"locked": {
"lastModified": 1702205473,
"narHash": "sha256-/0sh9vJBD9pUuD7q3tNSQ1YLvxFMNykdg5eG+LjZAA8=",
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"rev": "5af77f54de1b16c34b23cba810150689a3a90312",
"type": "github"
},
"original": {
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -106,11 +7,11 @@
]
},
"locked": {
"lastModified": 1705796049,
"narHash": "sha256-zkqbujNu3ixEar79QJTpJeOG5MYse1uJdcjl9f96uBg=",
"lastModified": 1662478528,
"narHash": "sha256-Myjd0HPL5lXri3NXOcJ6gP7IKod2eMweQBKM4uxgEGw=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "3ac7acd32db4f7111015e8d5349ff6067df01bf6",
"rev": "3b69bf3cc26ae19de847bfe54d6ab22d7381a90a",
"type": "github"
},
"original": {
@ -120,71 +21,14 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705540973,
"narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=",
"owner": "nix-community",
"repo": "disko",
"rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"fidget-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1702031048,
"narHash": "sha256-wbjQuOFd/2339TIrUA97PYsV8N3PZsS+xbyMsyZmki8=",
"owner": "j-hui",
"repo": "fidget.nvim",
"rev": "300018af4abd00610a345e382ca1f4b7ba420f77",
"type": "github"
},
"original": {
"owner": "j-hui",
"ref": "v1.1.0",
"repo": "fidget.nvim",
"type": "github"
}
},
"firefox-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705798126,
"narHash": "sha256-h+alhyRhMYDZmGk7pYDRdOF71Aa7NWG7Q5wcF6Ycf3I=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"rev": "51cc53fd6e6a1625a00565f110edc09f9ea7cfd9",
"type": "github"
},
"original": {
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
@ -194,15 +38,12 @@
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
@ -211,70 +52,19 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"hmts-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1693226725,
"narHash": "sha256-jUuztOqNBltC3axa7s3CPJz9Cmukfwkf846+Z/gAxCU=",
"owner": "calops",
"repo": "hmts.nvim",
"rev": "14fd941d7ec2bb98314a1aacaa2573d97f1629ab",
"type": "github"
},
"original": {
"owner": "calops",
"repo": "hmts.nvim",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
],
"utils": "utils"
},
"locked": {
"lastModified": 1705794055,
"narHash": "sha256-mv/KrxEAZNhpPJcDqdQ709If9p2DTEYIDPo2r9xchlg=",
"lastModified": 1663328500,
"narHash": "sha256-7n+J/exp8ky4dmk02y5a9R7CGmJvHpzrHMzfEkMtSWA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9b378afae72cb07471e19aefc30e8e05ef2d7a61",
"rev": "5427f3d1f0ea4357cd4af0bffee7248d640c6ffc",
"type": "github"
},
"original": {
@ -284,145 +74,13 @@
"type": "github"
}
},
"nextcloud-cookbook": {
"flake": false,
"locked": {
"lastModified": 1702545935,
"narHash": "sha256-19LN1nYJJ0RMWj6DrYPvHzocTyhMfYdpdhBFch3fpHE=",
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz"
}
},
"nextcloud-external": {
"flake": false,
"locked": {
"lastModified": 1699624334,
"narHash": "sha256-RCL2RP5twRDLxI/KfAX6QLYQOzqZmSWsfrC5ZQIwTD4=",
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz"
}
},
"nextcloud-news": {
"flake": false,
"locked": {
"lastModified": 1703426420,
"narHash": "sha256-AENBJH/bEob5JQvw4WEi864mdLYJ5Mqe78HJH6ceCpI=",
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz"
}
},
"nextcloud-snappymail": {
"flake": false,
"locked": {
"lastModified": 1705808478,
"narHash": "sha256-UeZXoZFEPJj7zEVNTXJ3IYNt/wI7VFq3Pjh1ubMHCBo=",
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz"
}
},
"nil": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1691372739,
"narHash": "sha256-fZ8KfBMcIFO/R7xaWtB85SFeuUjb9SCH8fxYBnY8068=",
"owner": "oxalica",
"repo": "nil",
"rev": "97abe7d3d48721d4e0fcc1876eea83bb4247825b",
"type": "github"
},
"original": {
"owner": "oxalica",
"ref": "2023-08-09",
"repo": "nil",
"type": "github"
}
},
"nix2vim": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1685980282,
"narHash": "sha256-uQyVaoqkiocA8bXKMfrgizuKmz0hUzHye5owFoUd2AQ=",
"owner": "gytis-ivaskevicius",
"repo": "nix2vim",
"rev": "3836a348503ae27340c7f83f0bc7bcb907f3781d",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "nix2vim",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1693701915,
"narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705400161,
"narHash": "sha256-0MFaNIwwpVWB1N9m7cfHAM2pSVtYESQ7tlHxnDTOhM4=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "521fb4cdd8a2e1a00d1adf0fea7135d1faf04234",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1705677747,
"narHash": "sha256-eyM3okYtMgYDgmYukoUzrmuoY4xl4FUujnsv/P6I/zI=",
"lastModified": 1663357389,
"narHash": "sha256-oYA2nVRSi6yhCBqS5Vz465Hw+3BQOVFEhfbfy//3vTs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bbe7d8f876fbbe7c959c90ba2ae2852220573261",
"rev": "da6a05816e7fa5226c3f61e285ef8d9dfc868f3c",
"type": "github"
},
"original": {
@ -432,29 +90,28 @@
"type": "github"
}
},
"null-ls-nvim-src": {
"flake": false,
"nixpkgs_2": {
"locked": {
"lastModified": 1691810493,
"narHash": "sha256-cWA0rzkOp/ekVKaFee7iea1lhnqKtWUIU+fW5M950wI=",
"owner": "jose-elias-alvarez",
"repo": "null-ls.nvim",
"rev": "0010ea927ab7c09ef0ce9bf28c2b573fc302f5a7",
"lastModified": 1660318005,
"narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5c211b47aeadcc178c5320afd4e74c7eed5c389f",
"type": "github"
},
"original": {
"owner": "jose-elias-alvarez",
"repo": "null-ls.nvim",
"type": "github"
"id": "nixpkgs",
"ref": "nixos-22.05",
"type": "indirect"
}
},
"nur": {
"locked": {
"lastModified": 1705801736,
"narHash": "sha256-t+merRH3MW8ASSIf968SIJJxiRnhomFGapP/X4usTyc=",
"lastModified": 1663440270,
"narHash": "sha256-RkBoLyxamsBqRn9lB9RbFSDg7KHiGgHBsrpffEVXWCQ=",
"owner": "nix-community",
"repo": "nur",
"rev": "ff6497ef576a1d88ef7ecb7e40e3a7cd9a410b2b",
"rev": "7511d58da488c67887745f40fd4846aa8c876d25",
"type": "github"
},
"original": {
@ -463,327 +120,28 @@
"type": "github"
}
},
"nvim-lspconfig-src": {
"flake": false,
"locked": {
"lastModified": 1675639052,
"narHash": "sha256-B8IgpypxzCACZ5VcqM6KiWyClaN+KrmemtkwMznmj5Y=",
"owner": "neovim",
"repo": "nvim-lspconfig",
"rev": "255e07ce2a05627d482d2de77308bba51b90470c",
"type": "github"
},
"original": {
"owner": "neovim",
"ref": "v0.1.6",
"repo": "nvim-lspconfig",
"type": "github"
}
},
"nvim-tree-lua-src": {
"flake": false,
"locked": {
"lastModified": 1705793548,
"narHash": "sha256-/q/tfkHKnC2lYXhN0VLUXjaWzFt+c2n+8+aAP08CmI4=",
"owner": "kyazdani42",
"repo": "nvim-tree.lua",
"rev": "74525ac04760bf0d9fec2bf51474d2b05f36048e",
"type": "github"
},
"original": {
"owner": "kyazdani42",
"repo": "nvim-tree.lua",
"type": "github"
}
},
"nvim-treesitter-src": {
"flake": false,
"locked": {
"lastModified": 1705769570,
"narHash": "sha256-KosjU476A7zzbhxSu7MEXvVfSZZrTwTO6GD5FJOnm0c=",
"owner": "nvim-treesitter",
"repo": "nvim-treesitter",
"rev": "5cc562748729b6dc9563ea5a3d676ff102ab38b1",
"type": "github"
},
"original": {
"owner": "nvim-treesitter",
"ref": "master",
"repo": "nvim-treesitter",
"type": "github"
}
},
"proton-ge": {
"flake": false,
"locked": {
"lastModified": 1700610476,
"narHash": "sha256-IoClZ6hl2lsz9OGfFgnz7vEAGlSY2+1K2lDEEsJQOfU=",
"type": "tarball",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-25/GE-Proton8-25.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-25/GE-Proton8-25.tar.gz"
}
},
"root": {
"inputs": {
"Comment-nvim-src": "Comment-nvim-src",
"age": "age",
"baleia-nvim-src": "baleia-nvim-src",
"bufferline-nvim-src": "bufferline-nvim-src",
"bypass-paywalls-clean": "bypass-paywalls-clean",
"cmp-nvim-lsp-src": "cmp-nvim-lsp-src",
"darwin": "darwin",
"disko": "disko",
"fidget-nvim-src": "fidget-nvim-src",
"firefox-darwin": "firefox-darwin",
"hmts-nvim-src": "hmts-nvim-src",
"home-manager": "home-manager",
"nextcloud-cookbook": "nextcloud-cookbook",
"nextcloud-external": "nextcloud-external",
"nextcloud-news": "nextcloud-news",
"nextcloud-snappymail": "nextcloud-snappymail",
"nil": "nil",
"nix2vim": "nix2vim",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs",
"null-ls-nvim-src": "null-ls-nvim-src",
"nur": "nur",
"nvim-lspconfig-src": "nvim-lspconfig-src",
"nvim-tree-lua-src": "nvim-tree-lua-src",
"nvim-treesitter-src": "nvim-treesitter-src",
"proton-ge": "proton-ge",
"telescope-nvim-src": "telescope-nvim-src",
"telescope-project-nvim-src": "telescope-project-nvim-src",
"toggleterm-nvim-src": "toggleterm-nvim-src",
"tree-sitter-bash": "tree-sitter-bash",
"tree-sitter-ini": "tree-sitter-ini",
"tree-sitter-lua": "tree-sitter-lua",
"tree-sitter-puppet": "tree-sitter-puppet",
"tree-sitter-python": "tree-sitter-python",
"tree-sitter-rasi": "tree-sitter-rasi",
"wallpapers": "wallpapers",
"wsl": "wsl",
"zenyd-mpv-scripts": "zenyd-mpv-scripts"
"wsl": "wsl"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"nil",
"flake-utils"
],
"nixpkgs": [
"nil",
"nixpkgs"
]
},
"utils": {
"locked": {
"lastModified": 1688783586,
"narHash": "sha256-HHaM2hk2azslv1kH8zmQxXo2e7i5cKgzNIuK4yftzB0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "7a29283cc242c2486fc67f60b431ef708046d176",
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"telescope-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1697004956,
"narHash": "sha256-7SqYFnfCjotOBhuX6Wx1IOhgMKoxaoI1a4SKz1d5RVM=",
"owner": "nvim-telescope",
"repo": "telescope.nvim",
"rev": "7011eaae0ac1afe036e30c95cf80200b8dc3f21a",
"type": "github"
},
"original": {
"owner": "nvim-telescope",
"ref": "0.1.4",
"repo": "telescope.nvim",
"type": "github"
}
},
"telescope-project-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1701464478,
"narHash": "sha256-touMCltcnqkrQYV1NtNeWLQeFVGt+WM3aIWIdKilA7w=",
"owner": "nvim-telescope",
"repo": "telescope-project.nvim",
"rev": "1aaf16580a614601a7f7077d9639aeb457dc5559",
"type": "github"
},
"original": {
"owner": "nvim-telescope",
"repo": "telescope-project.nvim",
"type": "github"
}
},
"toggleterm-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1695636777,
"narHash": "sha256-o8xzoo7OuYrPnKlfrupQ24Ja9hZy1qQVnvwO0FO+4zM=",
"owner": "akinsho",
"repo": "toggleterm.nvim",
"rev": "faee9d60428afc7857e0927fdc18daa6c409fa64",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v2.8.0",
"repo": "toggleterm.nvim",
"type": "github"
}
},
"tree-sitter-bash": {
"flake": false,
"locked": {
"lastModified": 1705686017,
"narHash": "sha256-+Mpks0FyQLl26TX63J6WhaAl/QDUR1k9wSUY5SFwL+w=",
"owner": "tree-sitter",
"repo": "tree-sitter-bash",
"rev": "f7239f638d3dc16762563a9027faeee518ce1bd9",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"ref": "master",
"repo": "tree-sitter-bash",
"type": "github"
}
},
"tree-sitter-ini": {
"flake": false,
"locked": {
"lastModified": 1699877527,
"narHash": "sha256-dYPeVTNWO4apY5dsjsKViavU7YtLeGTp6BzEemXhsEU=",
"owner": "justinmk",
"repo": "tree-sitter-ini",
"rev": "bcb84a2d4bcd6f55b911c42deade75c8f90cb0c5",
"type": "github"
},
"original": {
"owner": "justinmk",
"repo": "tree-sitter-ini",
"type": "github"
}
},
"tree-sitter-lua": {
"flake": false,
"locked": {
"lastModified": 1694072484,
"narHash": "sha256-5t5w8KqbefInNbA12/jpNzmky/uOUhsLjKdEqpl1GEc=",
"owner": "MunifTanjim",
"repo": "tree-sitter-lua",
"rev": "9668709211b2e683f27f414454a8b51bf0a6bda1",
"type": "github"
},
"original": {
"owner": "MunifTanjim",
"ref": "main",
"repo": "tree-sitter-lua",
"type": "github"
}
},
"tree-sitter-puppet": {
"flake": false,
"locked": {
"lastModified": 1690231696,
"narHash": "sha256-YEjjy9WLwITERYqoeSVrRYnwVBIAwdc4o0lvAK9wizw=",
"owner": "amaanq",
"repo": "tree-sitter-puppet",
"rev": "9ce9a5f7d64528572aaa8d59459ba869e634086b",
"type": "github"
},
"original": {
"owner": "amaanq",
"repo": "tree-sitter-puppet",
"type": "github"
}
},
"tree-sitter-python": {
"flake": false,
"locked": {
"lastModified": 1700218345,
"narHash": "sha256-hXNxa895SyNOG7PH2vAIkWbcMjZDjWYDsCafBZuvnT0=",
"owner": "tree-sitter",
"repo": "tree-sitter-python",
"rev": "4bfdd9033a2225cc95032ce77066b7aeca9e2efc",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"ref": "master",
"repo": "tree-sitter-python",
"type": "github"
}
},
"tree-sitter-rasi": {
"flake": false,
"locked": {
"lastModified": 1678701563,
"narHash": "sha256-2nYZoLcrxxxiOJEySwHUm93lzMg8mU+V7LIP63ntFdA=",
"owner": "Fymyte",
"repo": "tree-sitter-rasi",
"rev": "371dac6bcce0df5566c1cfebde69d90ecbeefd2d",
"type": "github"
},
"original": {
"owner": "Fymyte",
"repo": "tree-sitter-rasi",
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
@ -806,17 +164,15 @@
"wsl": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1705359964,
"narHash": "sha256-ys1MDjIH6z5UP7gAciRfUAlf2FJV0t3yFib965N/S+I=",
"lastModified": 1661772734,
"narHash": "sha256-DkvAaLDg9D6O0i2MzUknaf/U078K4KWAZaJQmNC/tL8=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "bb3eeeb96ce059ae29309138874ccf58e796f4b1",
"rev": "c1b0259313f661cf74051c916cf3bb4f061ce11f",
"type": "github"
},
"original": {
@ -824,22 +180,6 @@
"repo": "NixOS-WSL",
"type": "github"
}
},
"zenyd-mpv-scripts": {
"flake": false,
"locked": {
"lastModified": 1705694835,
"narHash": "sha256-t5BV8+azCvGZG0hfx5nft013sZugrge3AC4VbUcRNOg=",
"owner": "zenyd",
"repo": "mpv-scripts",
"rev": "3ad7502fe2d6575b395db5568afdf830872c85d0",
"type": "github"
},
"original": {
"owner": "zenyd",
"repo": "mpv-scripts",
"type": "github"
}
}
},
"root": "root",

321
flake.nix
View File

@ -9,250 +9,45 @@
# Used for MacOS system config
darwin = {
url = "github:lnl7/nix-darwin/master";
url = "github:/lnl7/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs";
};
# Used for Windows Subsystem for Linux compatibility
wsl = {
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
wsl.url = "github:nix-community/NixOS-WSL";
# Used for user packages and dotfiles
# Used for user packages
home-manager = {
url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows =
"nixpkgs"; # Use system packages list for their inputs
"nixpkgs"; # Use system packages list where available
};
# Community packages; used for Firefox extensions
nur.url = "github:nix-community/nur";
# Use official Firefox binary for macOS
firefox-darwin = {
url = "github:bandithedoge/nixpkgs-firefox-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
# Manage disk format and partitioning
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
# Wallpapers
wallpapers = {
url = "gitlab:exorcist365/wallpapers";
flake = false;
};
# Used to generate NixOS images for other platforms
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
# Convert Nix to Neovim config
nix2vim = {
url = "github:gytis-ivaskevicius/nix2vim";
inputs.nixpkgs.follows = "nixpkgs";
};
# Nix language server
nil = {
url = "github:oxalica/nil/2023-08-09";
inputs.nixpkgs.follows = "nixpkgs";
};
# Neovim plugins
nvim-lspconfig-src = {
# https://github.com/neovim/nvim-lspconfig/tags
url = "github:neovim/nvim-lspconfig/v0.1.6";
flake = false;
};
cmp-nvim-lsp-src = {
url = "github:hrsh7th/cmp-nvim-lsp";
flake = false;
};
null-ls-nvim-src = {
url = "github:jose-elias-alvarez/null-ls.nvim";
flake = false;
};
baleia-nvim-src = {
# https://github.com/m00qek/baleia.nvim/tags
url = "github:m00qek/baleia.nvim";
flake = false;
};
Comment-nvim-src = {
url = "github:numToStr/Comment.nvim/v0.8.0";
flake = false;
};
nvim-treesitter-src = {
# https://github.com/nvim-treesitter/nvim-treesitter/tags
url = "github:nvim-treesitter/nvim-treesitter/master";
flake = false;
};
telescope-nvim-src = {
url = "github:nvim-telescope/telescope.nvim/0.1.4";
flake = false;
};
telescope-project-nvim-src = {
url = "github:nvim-telescope/telescope-project.nvim";
flake = false;
};
toggleterm-nvim-src = {
url = "github:akinsho/toggleterm.nvim/v2.8.0";
flake = false;
};
bufferline-nvim-src = {
url = "github:akinsho/bufferline.nvim/v4.4.0";
flake = false;
};
nvim-tree-lua-src = {
url = "github:kyazdani42/nvim-tree.lua";
flake = false;
};
hmts-nvim-src = {
url = "github:calops/hmts.nvim";
flake = false;
};
fidget-nvim-src = {
# https://github.com/j-hui/fidget.nvim/tags
url = "github:j-hui/fidget.nvim/v1.1.0";
flake = false;
};
# Tree-Sitter Grammars
tree-sitter-bash = {
url = "github:tree-sitter/tree-sitter-bash/master";
flake = false;
};
tree-sitter-python = {
url = "github:tree-sitter/tree-sitter-python/master";
flake = false;
};
tree-sitter-lua = {
url = "github:MunifTanjim/tree-sitter-lua/main";
flake = false;
};
tree-sitter-ini = {
url = "github:justinmk/tree-sitter-ini";
flake = false;
};
tree-sitter-puppet = {
url = "github:amaanq/tree-sitter-puppet";
flake = false;
};
tree-sitter-rasi = {
url = "github:Fymyte/tree-sitter-rasi";
flake = false;
};
# MPV Scripts
zenyd-mpv-scripts = {
url = "github:zenyd/mpv-scripts";
flake = false;
};
# Age encryption (pin because of failed builds)
age = {
url = "github:FiloSottile/age/v1.1.1";
flake = false;
};
# GE version of Proton for game compatibility
# Alternatively, could consider using https://github.com/fufexan/nix-gaming
proton-ge = {
# https://github.com/GloriousEggroll/proton-ge-custom/releases
url =
"https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-25/GE-Proton8-25.tar.gz";
flake = false;
};
# Firefox addon from outside the extension store
bypass-paywalls-clean = {
# https://gitlab.com/magnolia1234/bpc-uploads/-/commits/master/?ref_type=HEADS
url = "gitlab:magnolia1234/bpc-uploads";
flake = false;
};
# Nextcloud Apps
nextcloud-news = {
# https://github.com/nextcloud/news/releases
url =
"https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz";
flake = false;
};
nextcloud-external = {
# https://github.com/nextcloud-releases/external/releases
url =
"https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz";
flake = false;
};
nextcloud-cookbook = {
# https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
url =
"https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz";
flake = false;
};
nextcloud-snappymail = {
# https://github.com/the-djmaze/snappymail/releases
url =
"https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz";
flake = false;
};
};
outputs = { nixpkgs, ... }@inputs:
outputs = { self, nixpkgs, darwin, wsl, home-manager, nur, wallpapers }:
let
# Global configuration for my systems
globals = let baseName = "masu.rs";
in rec {
globals = rec {
user = "noah";
fullName = "Noah Masur";
gitName = fullName;
gitEmail = "7386960+nmasur@users.noreply.github.com";
mail.server = "noahmasur.com";
mail.imapHost = "imap.purelymail.com";
mail.smtpHost = "smtp.purelymail.com";
mailServer = "noahmasur.com";
dotfilesRepo = "https://github.com/nmasur/dotfiles";
hostnames = {
git = "git.${baseName}";
influxdb = "influxdb.${baseName}";
metrics = "metrics.${baseName}";
prometheus = "prom.${baseName}";
paperless = "paper.${baseName}";
secrets = "vault.${baseName}";
stream = "stream.${baseName}";
content = "cloud.${baseName}";
books = "books.${baseName}";
download = "download.${baseName}";
};
};
# Common overlays to always use
overlays = [
inputs.nur.overlay
inputs.nix2vim.overlay
(import ./overlays/neovim-plugins.nix inputs)
(import ./overlays/calibre-web.nix)
(import ./overlays/disko.nix inputs)
(import ./overlays/tree-sitter.nix inputs)
(import ./overlays/caddy.nix inputs)
(import ./overlays/mpv-scripts.nix inputs)
(import ./overlays/nextcloud-apps.nix inputs)
(import ./overlays/betterlockscreen.nix)
(import ./overlays/age.nix inputs)
(import ./overlays/proton-ge.nix inputs)
(import ./overlays/gh-collaborators.nix)
(import ./overlays/bypass-paywalls-clean.nix inputs)
(import ./overlays/terraform.nix)
];
# System types to support.
supportedSystems =
[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
@ -260,66 +55,36 @@
# Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in rec {
in {
# Contains my full system builds, including home-manager
# nixos-rebuild switch --flake .#tempest
nixosConfigurations = {
tempest = import ./hosts/tempest { inherit inputs globals overlays; };
hydra = import ./hosts/hydra { inherit inputs globals overlays; };
flame = import ./hosts/flame { inherit inputs globals overlays; };
swan = import ./hosts/swan { inherit inputs globals overlays; };
desktop = import ./hosts/desktop {
inherit nixpkgs home-manager nur globals wallpapers;
};
wsl = import ./hosts/wsl { inherit nixpkgs wsl home-manager globals; };
};
# Contains my full Mac system builds, including home-manager
# darwin-rebuild switch --flake .#lookingglass
darwinConfigurations = {
lookingglass =
import ./hosts/lookingglass { inherit inputs globals overlays; };
macbook = import ./hosts/macbook {
inherit nixpkgs darwin home-manager nur globals;
};
};
# For quickly applying home-manager settings with:
# home-manager switch --flake .#tempest
homeConfigurations = {
tempest =
nixosConfigurations.tempest.config.home-manager.users.${globals.user}.home;
lookingglass =
darwinConfigurations.lookingglass.config.home-manager.users."Noah.Masur".home;
};
# Disk formatting, only used once
diskoConfigurations = { root = import ./disks/root.nix; };
packages = let
aws = system:
import ./hosts/aws { inherit inputs globals overlays system; };
staff = system:
import ./hosts/staff { inherit inputs globals overlays system; };
neovim = system:
let pkgs = import nixpkgs { inherit system overlays; };
in import ./modules/common/neovim/package {
inherit pkgs;
colors = (import ./colorscheme/gruvbox-dark).dark;
};
in {
x86_64-linux.aws = aws "x86_64-linux";
x86_64-linux.staff = staff "x86_64-linux";
# Package Neovim config into standalone package
x86_64-linux.neovim = neovim "x86_64-linux";
x86_64-darwin.neovim = neovim "x86_64-darwin";
aarch64-linux.neovim = neovim "aarch64-linux";
aarch64-darwin.neovim = neovim "aarch64-darwin";
};
# Programs that can be run by calling this flake
apps = forAllSystems (system:
let pkgs = import nixpkgs { inherit system overlays; };
in import ./apps { inherit pkgs; });
let pkgs = import nixpkgs { inherit system; };
in rec {
default = readme;
# Format and install from nothing
installer = import ./apps/installer.nix { inherit pkgs; };
# Display the readme for this repository
readme = import ./apps/readme.nix { inherit pkgs; };
});
# Development environments
devShells = forAllSystems (system:
let pkgs = import nixpkgs { inherit system overlays; };
let pkgs = import nixpkgs { inherit system; };
in {
# Used to run commands and edit files in this repo
@ -327,24 +92,22 @@
buildInputs = with pkgs; [ git stylua nixfmt shfmt shellcheck ];
};
});
# Used for cloud and systems development and administration
devops = pkgs.mkShell {
buildInputs = with pkgs; [
git
terraform
consul
vault
awscli2
google-cloud-sdk
kubectl
kubernetes-helm
kustomize
fluxcd
];
};
checks = forAllSystems (system:
let pkgs = import nixpkgs { inherit system overlays; };
in {
neovim = pkgs.runCommand "neovim-check-health" {
buildInputs = [ inputs.self.packages.${system}.neovim ];
} ''
mkdir -p $out
export HOME=$TMPDIR
nvim -c "checkhealth" -c "write $out/health.log" -c "quitall"
# Check for errors inside the health log
if $(grep "ERROR" $out/health.log); then
cat $out/health.log
exit 1
fi
'';
});
# Templates for starting other projects quickly

26
hosts/README.md
View File

@ -1,26 +0,0 @@
# Hosts
These are the individual machines managed by this flake.
| Host | Purpose |
| --- | --- |
| [aws](./aws/default.nix) | AWS AMI |
| [staff](./staff/default.nix) | Live USB stick |
| [flame](./flame/default.nix) | Oracle cloud server |
| [hydra](./hydra/default.nix) | WSL config |
| [lookingglass](./lookingglass/default.nix) | Work MacBook |
| [swan](./swan/default.nix) | Home server |
| [tempest](./tempest/default.nix) | Linux desktop |
## NixOS Workflow
Each hosts file is imported into [nixosConfigurations](../flake.nix) and passed
the arguments from the flake (inputs, globals, overlays). The `nixosSystem`
function in that hosts file will be called by the NixOS module system during a
nixos-rebuild.
Each module in the each host's `modules` list is either a function or an
attrset. The attrsets will simply apply values to options that have been
declared in the config by other modules. Meanwhile, the functions will be
passed various arguments, several of which you will see listed at the top of
each of their files.

27
hosts/aws/default.nix
View File

@ -1,27 +0,0 @@
{ inputs, system, globals, overlays, ... }:
inputs.nixos-generators.nixosGenerate {
inherit system;
format = "amazon";
modules = [
globals
inputs.home-manager.nixosModules.home-manager
{
nixpkgs.overlays = overlays;
networking.hostName = "sheep";
gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark;
passwordHash = null;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# AWS settings require this
permitRootLogin = "prohibit-password";
}
../../modules/common
../../modules/nixos
../../modules/nixos/services/sshd.nix
] ++ [
# Required to fix diskSize errors during build
({ ... }: { amazonImage.sizeMB = 16 * 1024; })
];
}

80
hosts/aws/main.tf
View File

@ -1,80 +0,0 @@
locals {
image_file = one(fileset(path.root, "result/nixos-amazon-image-*.vhd"))
}
# Upload to S3
resource "aws_s3_object" "image" {
bucket = "your_bucket_name"
key = basename(local.image_file)
source = local.image_file
etag = filemd5(local.image_file)
}
# Setup IAM access for the VM Importer
data "aws_iam_policy_document" "vmimport_trust_policy" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["vmie.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "vmimport" {
statement {
actions = [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
]
resources = [
"arn:aws:s3:::${aws_s3_object.image.bucket}",
"arn:aws:s3:::${aws_s3_object.image.bucket}/*",
]
}
statement {
actions = [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*",
]
resources = ["*"]
}
}
resource "aws_iam_role" "vmimport" {
name = "vmimport"
assume_role_policy = data.aws_iam_policy_document.vmimport_trust_policy.json
inline_policy {
name = "vmimport"
policy = data.aws_iam_policy_document.vmimport.json
}
}
# Import to EBS
resource "aws_ebs_snapshot_import" "image" {
disk_container {
format = "VHD"
user_bucket {
s3_bucket = aws_s3_object.image.bucket
s3_key = aws_s3_object.image.key
}
}
role_name = aws_iam_role.vmimport.name
}
# Convert to AMI
resource "aws_ami" "image" {
description = "Created with NixOS."
name = replace(basename(local.image_file), "/\\.vhd$/", "")
virtualization_type = "hvm"
ebs_block_device {
device_name = "/dev/xvda"
snapshot_id = aws_ebs_snapshot_import.image.id
volume_size = 8
}
}

280
hosts/aws/workflow.yml
View File

@ -1,280 +0,0 @@
name: 'Terraform'
env:
AWS_ACCOUNT_NUMBER: ''
AWS_PLAN_ROLE_NAME: github_actions_plan
AWS_APPLY_ROLE_NAME: github_actions_admin
# Always required. Used for authenticating to AWS, but can also act as your
# default region if you don't want to specify in the provider configuration.
AWS_REGION: us-east-1
# You must change these to fit your project.
TF_VAR_project: change-me
TF_VAR_label: change-me
TF_VAR_owner: Your Name Here
# If storing Terraform in a subdirectory, specify it here.
TERRAFORM_DIRECTORY: .
# Pinned versions of tools to use.
# Check for new releases:
# - https://github.com/hashicorp/terraform/releases
# - https://github.com/fugue/regula/releases
# - https://github.com/terraform-linters/tflint/releases
TERRAFORM_VERSION: 1.2.6
REGULA_VERSION: 2.9.0
TFLINT_VERSION: 0.39.1
# Terraform configuration options
TERRAFORM_PARALLELISM: 10
# These variables are passed to Terraform based on GitHub information.
TF_VAR_repo: ${{ github.repository }}
# This workflow is triggered in the following ways.
on:
# Any push or merge to these branches.
push:
branches:
- dev
- prod
# Any pull request targeting these branches (plan only).
pull_request:
branches:
- dev
- prod
# Any manual trigger on these branches.
workflow_dispatch:
branches:
- dev
- prod
# -------------------------------------------------------------------
# The rest of this workflow can operate without adjustments. Edit the
# below content at your own risk!
# -------------------------------------------------------------------
# Used to connect to AWS IAM
permissions:
id-token: write
contents: read
pull-requests: write
# Only run one workflow at a time for each Terraform state. This prevents
# lockfile conflicts, especially during PR vs push.
concurrency: terraform-${{ github.base_ref || github.ref }}
jobs:
terraform:
name: 'Terraform'
# Change this if you need to run your deployment on-prem.
runs-on: ubuntu-latest
steps:
# Downloads the current repo code to the runner.
- name: Checkout Repo Code
uses: actions/checkout@v3
# Enable access to KVM, required to build an image
- name: Enable KVM group perms
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
# Login to AWS
- name: AWS Assume Role
uses: aws-actions/configure-aws-credentials@v1.6.1
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
# Install Nix
- name: Install Nix
uses: cachix/install-nix-action@v17
with:
extra_nix_config: |
substituters = s3://insert-cache-bucket https://cache.nixos.org/
trusted-public-keys = insert-cache-bucket:M6PsZjHXcLvbQyPUBLICKEYGVoNwI84g1FBQzouRU= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
# Build the image
- name: Build Image
run: nix build .#aws
# Copy the image to S3
- name: Upload Image to Cache
env:
NIX_CACHE_PRIVATE_KEY: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
run: |
echo "$NIX_CACHE_PRIVATE_KEY" > cache.key
nix store sign --key-file cache.key $(readlink result)
nix copy --to s3://t2-aws-nixos-test $(readlink result)
rm cache.key
# Exports all GitHub Secrets as environment variables prefixed by
# "TF_VAR_", which exposes them to Terraform. The name of each GitHub
# Secret must match its Terraform variable name exactly.
- name: Export Secrets to Terraform Variables
env:
ALL_SECRETS: ${{ toJson(secrets) }}
run: |
echo "$ALL_SECRETS" \
| jq "to_entries | .[] | \"TF_VAR_\" + ( .key | ascii_downcase ) + \"=\" + .value" \
| tr -d \" >> $GITHUB_ENV
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
run: |
terraform fmt -no-color -check -diff -recursive
# Downloads a Terraform code lint test.
- uses: terraform-linters/setup-tflint@v1
name: Setup TFLint
with:
tflint_version: v${{ env.TFLINT_VERSION }}
# Sets up linting with this codebase.
- name: Init TFLint
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: tflint --init
# Lints the current code.
- name: Run TFLint
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
tflint -f compact
find ./modules/* -type d -maxdepth 0 | xargs -I __ tflint -f compact --disable-rule=terraform_required_providers --disable-rule=terraform_required_version __
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform init \
-backend-config="role_arn=${{ env.AWS_STATE_ROLE_ARN }}" \
-backend-config="region=us-east-1" \
-backend-config="workspace_key_prefix=accounts/${{ env.AWS_ACCOUNT_NUMBER }}/${{ github.repository }}" \
-backend-config="key=state.tfstate" \
-backend-config="dynamodb_table=global-tf-state-lock"
# Set the Terraform Workspace to the current branch name.
- name: Set Terraform Workspace
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
shell: bash
run: |
export WORKSPACE=${{ github.base_ref || github.ref_name }}
terraform workspace select ${WORKSPACE} || terraform workspace new $WORKSPACE
echo "TF_WORKSPACE=$(echo ${WORKSPACE} | sed 's/\//_/g')" >> $GITHUB_ENV
# Checks differences between current code and infrastructure state.
- name: Terraform Plan
id: plan
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform plan \
-input=false \
-no-color \
-out=tfplan \
-parallelism=${TERRAFORM_PARALLELISM} \
-var-file=variables-${TF_WORKSPACE}.tfvars
# Gets the results of the plan for pull requests.
- name: Terraform Show Plan
id: show
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform show -no-color tfplan
# Adds the results of the plan to the pull request.
- name: Comment Plan
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
STDOUT: "```terraform\n${{ steps.show.outputs.stdout }}```"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
})
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
})
// 2. Prepare format of the comment
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
<details><summary>Validation Output</summary>
\`\`\`\n
${{ steps.validate.outputs.stdout }}
\`\`\`
</details>
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
// 3. If we have a comment, update it, otherwise create a new one
if (botComment) {
github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body: output
})
} else {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
}
# Downloads Regula and checks whether the plan meets compliance requirements.
- name: Regula Compliance Check
shell: bash
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
REGULA_URL="https://github.com/fugue/regula/releases/download/v${REGULA_VERSION}/regula_${REGULA_VERSION}_Linux_x86_64.tar.gz"
curl -sL "$REGULA_URL" -o regula.tar.gz
tar xzf regula.tar.gz
terraform show -json tfplan | ./regula run
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform apply \
-auto-approve \
-input=false \
-parallelism=${TERRAFORM_PARALLELISM} \
tfplan

85
hosts/common.nix Normal file
View File

@ -0,0 +1,85 @@
{ config, lib, pkgs, ... }: {
imports =
[ ../modules/shell ../modules/neovim ../modules/repositories/dotfiles.nix ];
options = with lib; {
user = mkOption {
type = types.str;
description = "Primary user of the system";
};
fullName = lib.mkOption {
type = lib.types.str;
description = "Human readable name of the user";
};
userDirs = {
# Required to prevent infinite recursion when referenced by himalaya
download = lib.mkOption {
type = lib.types.str;
description = "XDG directory for downloads";
default =
if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads";
};
};
gui = {
enable = mkEnableOption {
description = "Enable graphics";
default = false;
};
};
colorscheme = mkOption {
type = types.attrs;
description = "Base16 color scheme";
};
homePath = mkOption {
type = types.path;
description = "Path of user's home directory.";
default = builtins.toPath (if pkgs.stdenv.isDarwin then
"/Users/${config.user}"
else
"/home/${config.user}");
};
dotfilesPath = mkOption {
type = types.path;
description = "Path of dotfiles repository.";
default = config.homePath + "/dev/personal/dotfiles";
};
dotfilesRepo = mkOption {
type = types.str;
description = "Link to dotfiles repository.";
};
unfreePackages = mkOption {
type = types.listOf types.str;
description = "List of unfree packages to allow.";
default = [ ];
};
};
config = let stateVersion = "22.11";
in {
# Enable features in Nix commands
nix.extraOptions = "experimental-features = nix-command flakes";
# Basic common system packages for all devices
environment.systemPackages = with pkgs; [ git vim wget curl ];
# Use the system-level nixpkgs instead of Home Manager's
home-manager.useGlobalPkgs = true;
# Install packages to /etc/profiles instead of ~/.nix-profile, useful when
# using multiple profiles for one user
home-manager.useUserPackages = true;
# Allow specified unfree packages (identified elsewhere)
# Retrieves package object based on string name
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) config.unfreePackages;
# Pin a state version to prevent warnings
home-manager.users.${config.user}.home.stateVersion = stateVersion;
home-manager.users.root.home.stateVersion = stateVersion;
};
}

44
hosts/desktop/default.nix Normal file
View File

@ -0,0 +1,44 @@
{ nixpkgs, home-manager, nur, globals, wallpapers, ... }:
# System configuration for my desktop
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
globals
home-manager.nixosModules.home-manager
{
networking.hostName = "desktop";
nixpkgs.overlays = [ nur.overlay ];
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
gaming.steam = true;
gaming.leagueoflegends = true;
gaming.legendary = true;
gui = {
enable = true;
compositor.enable = true;
wallpaper = "${wallpapers}/gruvbox/road.jpg";
gtk.theme = { name = "Adwaita-dark"; };
};
colorscheme = (import ../../modules/colorscheme/gruvbox);
passwordHash =
"$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
}
./hardware-configuration.nix
../common.nix
../../modules/hardware
../../modules/nixos
../../modules/graphical
../../modules/gaming
../../modules/applications
../../modules/mail/himalaya.nix
../../modules/repositories/notes.nix
../../modules/services/keybase.nix
../../modules/services/gnupg.nix
../../modules/services/mullvad.nix
../../modules/programming/nix.nix
../../modules/programming/haskell.nix
];
}

30
hosts/desktop/hardware-configuration.nix Normal file
View File

@ -0,0 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
swapDevices = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

120
hosts/flame/default.nix
View File

@ -1,120 +0,0 @@
# The Flame
# System configuration for an Oracle free server
# See [readme](../README.md) to explain how this file works.
# How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
# These days, probably use nixos-anywhere instead.
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = { };
modules = [
globals
inputs.home-manager.nixosModules.home-manager
../../modules/common
../../modules/nixos
{
nixpkgs.overlays = overlays;
# Hardware
server = true;
networking.hostName = "flame";
# Not sure what's necessary but too afraid to remove anything
imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
# I forgot to set a clean label for it
fileSystems."/" = {
device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
fsType = "ext4";
};
# This is the boot filesystem for systemd-boot
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D5CA-237A";
fsType = "vfat";
};
# Theming
# Server doesn't require GUI
gui.enable = false;
# Still require colors for programs like Neovim, K9S
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Programs and services
atuin.enable = true;
cloudflare.enable = true; # Proxy traffic with Cloudflare
dotfiles.enable = true; # Clone dotfiles
neovim.enable = true;
giteaRunner.enable = true;
services.caddy.enable = true;
services.grafana.enable = true;
services.openssh.enable = true;
services.victoriametrics.enable = true;
services.influxdb2.enable = true;
services.gitea.enable = true;
services.vaultwarden.enable = true;
services.minecraft-server.enable = true; # Setup Minecraft server
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
credentialsFile = ../../private/cloudflared-flame.age;
ca =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
};
# Nextcloud backup config
backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup";
accessKeyId = "0026b0e73b2e2c80000000005";
};
# Disable passwords, only use SSH key
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# # Wireguard config for Transmission
# wireguard.enable = true;
# networking.wireguard.interfaces.wg0 = {
#
# # The local IPs for this machine within the Wireguard network
# # Any inbound traffic bound for these IPs should be kept on localhost
# ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
#
# peers = [{
#
# # Identity of Wireguard target peer (VPN)
# publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
#
# # The public internet address of the target peer
# endpoint = "86.106.143.132:51820";
#
# # Which outgoing IP ranges should be sent through Wireguard
# allowedIPs = [ "0.0.0.0/0" "::0/0" ];
#
# # Send heartbeat signal within the network
# persistentKeepalive = 25;
#
# }];
#
# };
# # VPN port forwarding
# services.transmission.settings.peer-port = 57599;
}
];
}

48
hosts/hydra/default.nix
View File

@ -1,48 +0,0 @@
# The Hydra
# System configuration for WSL
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
../../modules/common
../../modules/nixos
../../modules/wsl
globals
inputs.wsl.nixosModules.wsl
inputs.home-manager.nixosModules.home-manager
{
networking.hostName = "hydra";
nixpkgs.overlays = overlays;
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = false;
theme = {
colors = (import ../../colorscheme/gruvbox).dark;
dark = true;
};
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
wsl = {
enable = true;
wslConf.automount.root = "/mnt";
defaultUser = globals.user;
startMenuLaunchers = true;
nativeSystemd = true;
wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN
interop.includePath =
false; # Including Windows PATH will slow down Neovim command mode
};
neovim.enable = true;
mail.enable = true;
mail.aerc.enable = true;
mail.himalaya.enable = true;
dotfiles.enable = true;
nixlang.enable = true;
lua.enable = true;
}
];
}

49
hosts/lookingglass/default.nix
View File

@ -1,49 +0,0 @@
# The Looking Glass
# System configuration for my work Macbook
{ inputs, globals, overlays, ... }:
inputs.darwin.lib.darwinSystem {
system = "aarch64-darwin";
specialArgs = { };
modules = [
../../modules/common
../../modules/darwin
(globals // rec {
user = "Noah.Masur";
gitName = "Noah-Masur_1701";
gitEmail = "${user}@take2games.com";
})
inputs.home-manager.darwinModules.home-manager
{
nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays;
networking.hostName = "lookingglass";
identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
gui.enable = true;
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
dark = true;
};
mail.user = globals.user;
atuin.enable = true;
charm.enable = true;
neovim.enable = true;
mail.enable = true;
mail.aerc.enable = true;
mail.himalaya.enable = false;
kitty.enable = true;
discord.enable = true;
firefox.enable = true;
dotfiles.enable = true;
nixlang.enable = true;
terraform.enable = true;
python.enable = true;
rust.enable = true;
lua.enable = true;
obsidian.enable = true;
kubernetes.enable = true;
_1password.enable = true;
slack.enable = true;
}
];
}

34
hosts/macbook/default.nix Normal file
View File

@ -0,0 +1,34 @@
{ nixpkgs, darwin, home-manager, nur, globals, ... }:
# System configuration for my work MacBook
darwin.lib.darwinSystem {
system = "x86_64-darwin";
specialArgs = { };
modules = [
(globals // {
user = "Noah.Masur";
gitName = "Noah-Masur_1701";
gitEmail = "Noah.Masur@take2games.com";
})
home-manager.darwinModules.home-manager
{
gui.enable = true;
colorscheme = (import ../../modules/colorscheme/gruvbox);
mailUser = globals.user;
nixpkgs.overlays = [ nur.overlay ];
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
}
../common.nix
../../modules/darwin
../../modules/applications/alacritty.nix
../../modules/applications/discord.nix
../../modules/mail/himalaya.nix
../../modules/repositories/notes.nix
../../modules/programming/nix.nix
../../modules/programming/terraform.nix
../../modules/programming/python.nix
../../modules/programming/lua.nix
../../modules/programming/kubernetes.nix
];
}

20
hosts/server/default.nix Normal file
View File

@ -0,0 +1,20 @@
{ nixpkgs, home-manager, globals, ... }:
# System configuration for a generic server
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
globals
home-manager.nixosModules.home-manager
{
networking.hostName = "sheep";
gui.enable = false;
colorscheme = (import ../../modules/colorscheme/gruvbox);
passwordHash =
"$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
}
../common.nix
../../modules/nixos
];
}

43
hosts/staff/default.nix
View File

@ -1,43 +0,0 @@
# The Staff
# ISO configuration for my USB drive
{ inputs, system, overlays, ... }:
inputs.nixos-generators.nixosGenerate {
inherit system;
format = "install-iso";
modules = [{
nixpkgs.overlays = overlays;
networking.hostName = "staff";
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
];
services.openssh = {
enable = true;
ports = [ 22 ];
allowSFTP = true;
settings = {
GatewayPorts = "no";
X11Forwarding = false;
PasswordAuthentication = false;
PermitRootLogin = "yes";
};
};
environment.systemPackages =
let pkgs = import inputs.nixpkgs { inherit system overlays; };
in with pkgs; [
git
vim
wget
curl
(import ../../modules/common/neovim/package {
inherit pkgs;
colors = (import ../../colorscheme/gruvbox).dark;
})
];
nix.extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
}];
}

109
hosts/swan/default.nix
View File

@ -1,109 +0,0 @@
# The Swan
# System configuration for my home NAS server
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
globals
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
../../modules/common
../../modules/nixos
{
nixpkgs.overlays = overlays;
# Hardware
server = true;
physical = true;
networking.hostName = "swan";
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
# Required for transcoding
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelParams = [
"radeon.si_support=0"
"amdgpu.si_support=1"
"radeon.cik_support=0"
"amdgpu.cik_support=1"
"amdgpu.dc=1"
];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize efficiency over performance
powerManagement.cpuFreqGovernor = "powersave";
# Allow firmware updates
hardware.cpu.intel.updateMicrocode = true;
# ZFS
zfs.enable = true;
# Generated with: head -c 8 /etc/machine-id
networking.hostId = "600279f4"; # Random ID required for ZFS
# Sets root ext4 filesystem instead of declaring it manually
disko = {
enableConfig = true;
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
};
# Automatically load the ZFS pool on boot
boot.zfs.extraPools = [ "tank" ];
# Theming
# Server doesn't require GUI
gui.enable = false;
# Still require colors for programs like Neovim, K9S
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Programs and services
atuin.enable = true;
neovim.enable = true;
cloudflare.enable = true;
dotfiles.enable = true;
arrs.enable = true;
services.bind.enable = true;
services.caddy.enable = true;
services.jellyfin.enable = true;
services.nextcloud.enable = true;
services.calibre-web.enable = true;
services.openssh.enable = true;
services.prometheus.enable = false;
services.vmagent.enable = true;
services.samba.enable = true;
services.paperless.enable = true;
services.postgresql.enable = true;
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
credentialsFile = ../../private/cloudflared-swan.age;
ca =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
};
# Send regular backups and litestream for DBs to an S3-like bucket
backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup";
accessKeyId = "0026b0e73b2e2c80000000005";
};
# Disable passwords, only use SSH key
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
}
];
}

136
hosts/tempest/default.nix
View File

@ -1,136 +0,0 @@
# The Tempest
# System configuration for my desktop
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
globals
inputs.home-manager.nixosModules.home-manager
../../modules/common
../../modules/nixos
{
nixpkgs.overlays = overlays;
# Hardware
physical = true;
networking.hostName = "tempest";
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
# Graphics and VMs
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
services.xserver.videoDrivers = [ "amdgpu" ];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize performance over efficiency
powerManagement.cpuFreqGovernor = "performance";
# Allow firmware updates
hardware.cpu.amd.updateMicrocode = true;
# Helps reduce GPU fan noise under idle loads
hardware.fancontrol.enable = true;
hardware.fancontrol.config = ''
# Configuration file generated by pwmconfig, changes will be lost
INTERVAL=10
DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
DEVNAME=hwmon0=amdgpu
FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
FCFANS= hwmon0/pwm1=hwmon0/fan1_input
MINTEMP=hwmon0/pwm1=50
MAXTEMP=hwmon0/pwm1=70
MINSTART=hwmon0/pwm1=100
MINSTOP=hwmon0/pwm1=10
MINPWM=hwmon0/pwm1=10
MAXPWM=hwmon0/pwm1=240
'';
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# Secrets must be prepared ahead before deploying
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
# Theming
# Turn on all features related to desktop and graphical applications
gui.enable = true;
# Set the system-wide theme, also used for non-graphical programs
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
dark = true;
};
wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg";
gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
# Programs and services
atuin.enable = true;
charm.enable = true;
neovim.enable = true;
media.enable = true;
dotfiles.enable = true;
firefox.enable = true;
kitty.enable = true;
_1password.enable = true;
discord.enable = true;
nautilus.enable = true;
obsidian.enable = true;
mail.enable = true;
mail.aerc.enable = true;
mail.himalaya.enable = true;
keybase.enable = true;
mullvad.enable = false;
nixlang.enable = true;
rust.enable = true;
yt-dlp.enable = true;
gaming = {
dwarf-fortress.enable = true;
enable = true;
steam.enable = true;
legendary.enable = true;
lutris.enable = true;
leagueoflegends.enable = true;
ryujinx.enable = true;
};
services.vmagent.enable = true; # Enables Prometheus metrics
services.openssh.enable =
true; # Required for Cloudflare tunnel and identity file
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
credentialsFile = ../../private/cloudflared-tempest.age;
ca =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
};
# Allows requests to force machine to wake up
# This network interface might change, needs to be set specifically for each machine.
# Or set usePredictableInterfaceNames = false
networking.interfaces.enp5s0.wakeOnLan.enable = true;
}
];
}

37
hosts/wsl/default.nix Normal file
View File

@ -0,0 +1,37 @@
{ nixpkgs, wsl, home-manager, globals, ... }:
# System configuration for WSL
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
globals
wsl.nixosModules.wsl
home-manager.nixosModules.home-manager
{
networking.hostName = "wsl";
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
gui.enable = false;
colorscheme = (import ../../modules/colorscheme/gruvbox);
passwordHash =
"$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
wsl = {
enable = true;
automountPath = "/mnt";
defaultUser = globals.user;
startMenuLaunchers = true;
wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN
interop.includePath =
false; # Including Windows PATH will slow down Neovim command mode
};
}
../common.nix
../../modules/wsl
../../modules/nixos
../../modules/mail/himalaya.nix
../../modules/repositories/notes.nix
../../modules/programming/nix.nix
../../modules/programming/lua.nix
];
}

4
legacy/bin/biggest Executable file
View File

@ -0,0 +1,4 @@
#!/usr/local/bin/nu
ls | sort-by size | reverse | keep 10

3
legacy/bin/biggest-files Executable file
View File

@ -0,0 +1,3 @@
#!/usr/local/bin/nu
ls **/* | where type == File | sort-by size | reverse | keep 10

2
modules/common/shell/bash/scripts/docker-cleanup.sh → legacy/bin/docker_cleanup
View File

@ -17,7 +17,7 @@ else
fi
# Remove all untagged images
if docker images | grep -q "^<none>"; then
if [[ $(docker images | grep "^<none>") ]]; then
docker rmi "$(docker images | grep "^<none>" | awk '{print $3}')"
else
echo "No untagged docker images."

37
legacy/bin/jira-checkout Executable file
View File

@ -0,0 +1,37 @@
#!/bin/sh
# Adapted from: https://seb.jambor.dev/posts/improving-shell-workflows-with-fzf/
# Requires the following variables to be set:
# - ATLASSIAN_EMAIL
# - ATLASSIAN_API_TOKEN
# - JIRA_HOSTNAME
# - JIRA_PROJECT
choose_issue() {
jq_template='"\(.key): \(.fields.summary)"'
query="project=$JIRA_PROJECT AND status not in (\"Done\") AND assignee=currentUser()"
branch_name=$(
curl \
--data-urlencode "jql=$query" \
--get \
--user "$ATLASSIAN_EMAIL:$ATLASSIAN_API_TOKEN" \
--silent \
--compressed \
"https://$JIRA_HOSTNAME/rest/api/2/search" |
jq ".issues[] | $jq_template" |
sed -e 's/"\(.*\)"/\1/' |
fzf \
--preview='jira-details {1}' \
--preview-window=top:wrap |
sed -e 's/: /:/' -e 's/[^a-zA-Z0-9:]/-/g' |
awk -F ":" '{printf "%s/%s", $1, tolower($2)}'
)
echo "$branch_name"
}
issue_branch=$(choose_issue)
if [ -n "$issue_branch" ]; then
echo "git checkout -b \"$issue_branch\""
fi

38
legacy/bin/jira-details Executable file
View File

@ -0,0 +1,38 @@
#!/bin/sh
# Adapted from: https://seb.jambor.dev/posts/improving-shell-workflows-with-fzf/
# Requires the following variables to be set:
# - ATLASSIAN_EMAIL
# - ATLASSIAN_API_TOKEN
# - JIRA_HOSTNAME
# - JIRA_PROJECT (for other script)
issue_details() {
jira_key=$(echo "$1" | cut -d":" -f1)
jq_template='"'\
'# \(.key): \(.fields.summary)\n'\
'\n'\
'*Created*: \(.fields.created)\n'\
'*Status*: \(.fields.status.statusCategory.name)\n'\
'*Reporter*: \(.fields.reporter.displayName)\n'\
'*Priority*: \(.fields.priority.name)\n'\
"*Epic*: https://$JIRA_HOSTNAME/browse/\(.fields.customfield_10014)\n"\
'\n'\
'## Link\n\n'\
"https://$JIRA_HOSTNAME/browse/\(.key)\n"\
'\n'\
'## Description\n\n'\
'\(.fields.description)'\
'"'
curl \
--get \
--user "$ATLASSIAN_EMAIL:$ATLASSIAN_API_TOKEN" \
--silent \
--compressed \
"https://$JIRA_HOSTNAME/rest/api/2/issue/$jira_key" |
jq "$jq_template" |
xargs printf |
bat -l md --color always --style plain
}
issue_details "$1"

14
legacy/bin/kube-dashboard Executable file
View File

@ -0,0 +1,14 @@
#!/bin/sh
kubectl -n kube-system get secret "$(
kubectl -n kube-system get secret |
grep dashboard-admin |
awk '{print $1}'
)" -o json |
jq -j --raw-output '.data.token' |
base64 --decode |
pbcopy
open http://localhost:8001/api/v1/namespaces/default/services/https:kubernetes-dashboard:https/proxy/#!/login
kubectl proxy

3
legacy/bin/newest Executable file
View File

@ -0,0 +1,3 @@
#!/usr/local/bin/nu
ls | sort-by modified | reverse | keep 5

3
legacy/bin/oldest Executable file
View File

@ -0,0 +1,3 @@
#!/usr/local/bin/nu
ls | sort-by modified | keep 5

16
legacy/bin/pod Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
# Credit: https://github.com/junegunn/fzf/blob/master/ADVANCED.md
read -ra tokens < <(
kubectl get pods --all-namespaces |
fzf --info=inline --layout=reverse --header-lines=1 --border \
--prompt "$(kubectl config current-context | sed 's/-context$//')> " \
--header $'Press CTRL-O to open log in editor\n\n' \
--bind ctrl-/:toggle-preview \
--bind "ctrl-o:execute:${EDITOR:-vim} <(kubectl logs --namespace {1} {2}) > /dev/tty" \
--preview-window up,follow \
--preview 'kubectl logs --follow --tail=100000 --namespace {1} {2}' "$@"
)
[ ${#tokens} -gt 1 ] &&
kubectl exec -it --namespace "${tokens[0]}" "${tokens[1]}" -- /bin/sh

3
legacy/bin/symlinks Executable file
View File

@ -0,0 +1,3 @@
#!/usr/local/bin/nu
ls -al | where type == Symlink | select name target

5
legacy/bin/url-decode Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
function urldecode() { : "${*//+/ }"; echo -e "${_//%/\\x}"; }
urldecode "$@"

28
legacy/newsboat/com.noah.newsboat.plist Normal file
View File

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.noah.newsboat</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/newsboat -x reload</string>
</array>
<key>Nice</key>
<integer>1</integer>
<key>StartInterval</key>
<integer>1800</integer>
<key>RunAtLoad</key>
<false/>
<key>StandardErrorPath</key>
<string>/tmp/newsboat.err</string>
<key>StandardOutPath</key>
<string>/tmp/newsboat.out</string>
</dict>
</plist>

40
legacy/newsboat/config Normal file
View File

@ -0,0 +1,40 @@
browser "$BROWSER %u"
prepopulate-query-feeds yes
feed-sort-order lastupdated
reload-only-visible-feeds yes
text-width 72
bind-key j down
bind-key k up
bind-key j next articlelist
bind-key k prev articlelist
bind-key G end
bind-key g home
bind-key d pagedown
bind-key u pageup
bind-key n next-unread
bind-key p prev-unread
bind-key ; macro-prefix
bind-key B bookmark
bind-key f edit-flags
macro v set browser "mpv %u"; open-in-browser; set browser "$BROWSER %u"
macro p set browser "echo %u"; one; set browser "$BROWSER %u"
macro H set browser "clx view $(echo %u | cut -d '=' -f2)"; one; set browser "$BROWSER %u"
macro h set browser "clx view $(echo %u | cut -d '=' -f2)"; two; set browser "$BROWSER %u"
macro w set browser "w3m -o confirm_qq=false %u"; open-in-browser; set browser "$BROWSER %u"
macro r set browser "url-markdown %u | glow -p -w 72 -"; open-in-browser; set browser "$BROWSER %u"
macro d set browser "youtube-dl -o ~/Downloads/%(title)s.%(ext)s %u &"; open-in-browser-noninteractively; set browser "$BROWSER %u"
macro n set-tag News; reload-all
macro a set-tag All
macro e set-tag Reddit; reload-all
macro y set-tag YouTube; reload-all
bookmark-cmd "bookmark"
highlight article "^(Feed|Title|Author|Link|Date):.*" color243 default
highlight article "^(Links):.*" color243 default
highlight article "^(\\[[0-9]+\\]):.*" color243 default
highlight article "^(\\[[0-9]+\\])" color243 default
highlight article "^\\[.*\\]$" color243 default
highlight article "^(Title:).*" color249 default

137
legacy/nix-env.fish Normal file
View File

@ -0,0 +1,137 @@
# Setup Nix
# We need to distinguish between single-user and multi-user installs.
# This is difficult because there's no official way to do this.
# We could look for the presence of /nix/var/nix/daemon-socket/socket but this will fail if the
# daemon hasn't started yet. /nix/var/nix/daemon-socket will exist if the daemon has ever run, but
# I don't think there's any protection against accidentally running `nix-daemon` as a user.
# We also can't just look for /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh because
# older single-user installs used the default profile instead of a per-user profile.
# We can still check for it first, because all multi-user installs should have it, and so if it's
# not present that's a pretty big indicator that this is a single-user install. If it does exist,
# we still need to verify the install type. To that end we'll look for a root owner and sticky bit
# on /nix/store. Multi-user installs set both, single-user installs don't. It's certainly possible
# someone could do a single-user install as root and then manually set the sticky bit but that
# would be extremely unusual.
set -l nix_profile_path /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
set -l single_user_profile_path ~/.nix-profile/etc/profile.d/nix.sh
if test -e $nix_profile_path
# The path exists. Double-check that this is a multi-user install.
# We can't just check for ~/.nix-profile/… because this may be a single-user install running as
# the wrong user.
# stat is not portable. Splitting the output of ls -nd is reliable on most platforms.
set -l owner (string split -n ' ' (command ls -nd /nix/store 2>/dev/null))[3]
if not test -k /nix/store -a $owner -eq 0
# /nix/store is either not owned by root or not sticky. Assume single-user.
set nix_profile_path $single_user_profile_path
end
else
# The path doesn't exist. Assume single-user
set nix_profile_path $single_user_profile_path
end
if test -e $nix_profile_path
# Source the nix setup script
# We're going to run the regular Nix profile under bash and then print out a few variables
for line in (command env -u BASH_ENV bash -c '. "$0"; for name in PATH "${!NIX_@}"; do printf "%s=%s\0" "$name" "${!name}"; done' $nix_profile_path | string split0)
set -xg (string split -m 1 = $line)
end
# Insert Nix's fish share directories into fish's special variables.
# nixpkgs-installed fish tries to set these up already if NIX_PROFILES is defined, which won't
# be the case when sourcing $__fish_data_dir/share/config.fish normally, but might be for a
# recursive invocation. To guard against that, we'll only insert paths that don't already exit.
# Furthermore, for the vendor_conf.d sourcing, we'll use the pre-existing presence of a path in
# $fish_function_path to determine whether we want to source the relevant vendor_conf.d folder.
# To start, let's locally define NIX_PROFILES if it doesn't already exist.
set -al NIX_PROFILES
if test (count $NIX_PROFILES) -eq 0
set -a NIX_PROFILES $HOME/.nix-profile
end
# Replicate the logic from nixpkgs version of $__fish_data_dir/__fish_build_paths.fish.
set -l __nix_profile_paths (string split ' ' -- $NIX_PROFILES)[-1..1]
set -l __extra_completionsdir \
$__nix_profile_paths/etc/fish/completions \
$__nix_profile_paths/share/fish/vendor_completions.d
set -l __extra_functionsdir \
$__nix_profile_paths/etc/fish/functions \
$__nix_profile_paths/share/fish/vendor_functions.d
set -l __extra_confdir \
$__nix_profile_paths/etc/fish/conf.d \
$__nix_profile_paths/share/fish/vendor_conf.d
### Configure fish_function_path ###
# Remove any of our extra paths that may already exist.
# Record the equivalent __extra_confdir path for any function path that exists.
set -l existing_conf_paths
for path in $__extra_functionsdir
if set -l idx (contains --index -- $path $fish_function_path)
set -e fish_function_path[$idx]
set -a existing_conf_paths $__extra_confdir[(contains --index -- $path $__extra_functionsdir)]
end
end
# Insert the paths before $__fish_data_dir.
if set -l idx (contains --index -- $__fish_data_dir/functions $fish_function_path)
# Fish has no way to simply insert into the middle of an array.
set -l new_path $fish_function_path[1..$idx]
set -e new_path[$idx]
set -a new_path $__extra_functionsdir
set fish_function_path $new_path $fish_function_path[$idx..-1]
else
set -a fish_function_path $__extra_functionsdir
end
### Configure fish_complete_path ###
# Remove any of our extra paths that may already exist.
for path in $__extra_completionsdir
if set -l idx (contains --index -- $path $fish_complete_path)
set -e fish_complete_path[$idx]
end
end
# Insert the paths before $__fish_data_dir.
if set -l idx (contains --index -- $__fish_data_dir/completions $fish_complete_path)
set -l new_path $fish_complete_path[1..$idx]
set -e new_path[$idx]
set -a new_path $__extra_completionsdir
set fish_complete_path $new_path $fish_complete_path[$idx..-1]
else
set -a fish_complete_path $__extra_completionsdir
end
### Source conf directories ###
# The built-in directories were already sourced during shell initialization.
# Any __extra_confdir that came from $__fish_data_dir/__fish_build_paths.fish was also sourced.
# As explained above, we're using the presence of pre-existing paths in $fish_function_path as a
# signal that the corresponding conf dir has also already been sourced.
# In order to simulate this, we'll run through the same algorithm as found in
# $__fish_data_dir/config.fish except we'll avoid sourcing the file if it comes from an
# already-sourced location.
# Caveats:
# * Files will be sourced in a different order than we'd ideally do (because we're coming in
# after the fact to source them).
# * If there are existing extra conf paths, files in them may have been sourced that should have
# been suppressed by paths we're inserting in front.
# * Similarly any files in $__fish_data_dir/vendor_conf.d that should have been suppressed won't
# have been.
set -l sourcelist
for file in $__fish_config_dir/conf.d/*.fish $__fish_sysconf_dir/conf.d/*.fish
# We know these paths were sourced already. Just record them.
set -l basename (string replace -r '^.*/' '' -- $file)
contains -- $basename $sourcelist
or set -a sourcelist $basename
end
for root in $__extra_confdir
for file in $root/*.fish
set -l basename (string replace -r '^.*/' '' -- $file)
contains -- $basename $sourcelist
and continue
set -a sourcelist $basename
contains -- $root $existing_conf_paths
and continue # this is a pre-existing path, it will have been sourced already
[ -f $file -a -r $file ]
and source $file
end
end
end

168
legacy/scripts/configure_macos Executable file
View File

@ -0,0 +1,168 @@
#!/bin/sh
echo "Enable full keyboard access for all controls (e.g. enable Tab in modal dialogs)"
defaults write NSGlobalDomain AppleKeyboardUIMode -int 3
echo "Automatically show and hide the dock"
defaults write com.apple.dock autohide -bool true
echo "Automatically show and hide the menu bar"
defaults write NSGlobalDomain _HIHideMenuBar -bool true
echo "Make Dock icons of hidden applications translucent"
defaults write com.apple.dock showhidden -bool true
echo "Use current directory as default search scope in Finder"
defaults write com.apple.finder FXDefaultSearchScope -string "SCcf"
echo "Expand save panel by default"
defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode -bool true
echo "Expand print panel by default"
defaults write NSGlobalDomain PMPrintingExpandedStateForPrint -bool true
echo "Disable the \"Are you sure you want to open this application?\" dialog"
defaults write com.apple.LaunchServices LSQuarantine -bool false
echo "Enable highlight hover effect for the grid view of a stack (Dock)"
defaults write com.apple.dock mouse-over-hilte-stack -bool true
echo "Enable spring loading for all Dock items"
defaults write enable-spring-load-actions-on-all-items -bool true
echo "Disable press-and-hold for keys in favor of key repeat"
defaults write NSGlobalDomain ApplePressAndHoldEnabled -bool false
defaults write -g ApplePressAndHoldEnabled -bool false
echo "Set a blazingly fast keyboard repeat rate"
defaults write NSGlobalDomain KeyRepeat -int 2
echo "Set a shorter Delay until key repeat"
defaults write NSGlobalDomain InitialKeyRepeat -int 12
echo "Disable disk image verification"
defaults write com.apple.frameworks.diskimages skip-verify -bool true
defaults write com.apple.frameworks.diskimages skip-verify-locked -bool true
defaults write com.apple.frameworks.diskimages skip-verify-remote -bool true
echo "Avoid creating .DS_Store files on network volumes"
defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true
echo "Disable the warning when changing a file extension"
defaults write com.apple.finder FXEnableExtensionChangeWarning -bool false
# echo "Enable snap-to-grid for desktop icons"
# /usr/libexec/PlistBuddy -c "Set :DesktopViewSettings:IconViewSettings:arrangeBy grid" ~/Library/Preferences/com.apple.finder.plist
echo "Disable the warning before emptying the Trash"
defaults write com.apple.finder WarnOnEmptyTrash -bool false
echo "Disable tap to click (Trackpad)"
defaults write com.apple.driver.AppleBluetoothMultitouch.trackpad Clicking -bool false
echo "Enable Safaris debug menu"
defaults write com.apple.Safari IncludeInternalDebugMenu -bool true
echo "Make Safaris search banners default to Contains instead of Starts With"
defaults write com.apple.Safari FindOnPageMatchesWordStartsOnly -bool false
echo "Add a context menu item for showing the Web Inspector in web views"
defaults write NSGlobalDomain WebKitDeveloperExtras -bool true
echo "Save to disk (not to iCloud) by default"
defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false
echo "Disable automatic capitalization as its annoying when typing code"
defaults write NSGlobalDomain NSAutomaticCapitalizationEnabled -bool false
echo "Disable smart dashes as theyre annoying when typing code"
defaults write NSGlobalDomain NSAutomaticDashSubstitutionEnabled -bool false
echo "Disable automatic period substitution as its annoying when typing code"
defaults write NSGlobalDomain NSAutomaticPeriodSubstitutionEnabled -bool false
echo "Disable smart quotes as theyre annoying when typing code"
defaults write NSGlobalDomain NSAutomaticQuoteSubstitutionEnabled -bool false
echo "Disable auto-correct"
defaults write NSGlobalDomain NSAutomaticSpellingCorrectionEnabled -bool false
echo "Use scroll gesture with the Ctrl (^) modifier key to zoom"
defaults write com.apple.universalaccess closeViewScrollWheelToggle -bool true
defaults write com.apple.universalaccess HIDScrollZoomModifierMask -int 262144
echo "Follow the keyboard focus while zoomed in"
defaults write com.apple.universalaccess closeViewZoomFollowsFocus -bool true
echo "Require password immediately after sleep or screen saver begins"
defaults write com.apple.screensaver askForPassword -int 1
defaults write com.apple.screensaver askForPasswordDelay -int 0
echo "Save screenshots to downloads"
defaults write com.apple.screencapture location -string "${HOME}/Downloads"
echo "Finder: allow quitting via ⌘ + Q; doing so will also hide desktop icons"
defaults write com.apple.finder QuitMenuItem -bool true
echo "Show the ~/Library folder"
chflags nohidden ~/Library && xattr -d com.apple.FinderInfo ~/Library
# Noah Prefs
echo "Enable dock magnification"
defaults write com.apple.dock magnification -bool true
echo "Set dock size"
defaults write com.apple.dock largesize -int 48
defaults write com.apple.dock tilesize -int 44
echo "Choose and order dock icons"
__dock_item() {
printf '%s%s%s%s%s' \
'<dict><key>tile-data</key><dict><key>file-data</key><dict>' \
'<key>_CFURLString</key><string>' \
"$1" \
'</string><key>_CFURLStringType</key><integer>0</integer>' \
'</dict></dict></dict>'
}
defaults write com.apple.dock persistent-apps -array \
"$(__dock_item /Applications/1Password\ 7.app)" \
"$(__dock_item /Applications/Slack.app)" \
"$(__dock_item /System/Applications/Calendar.app)" \
"$(__dock_item /Applications/Firefox.app)" \
"$(__dock_item /System/Applications/Messages.app)" \
"$(__dock_item /System/Applications/Mail.app)" \
"$(__dock_item /Applications/Mimestream.app)" \
"$(__dock_item /Applications/zoom.us.app)" \
"$(__dock_item /Applications/Obsidian.app)" \
"$(__dock_item /Applications/Alacritty.app)" \
"$(__dock_item /System/Applications/System\ Preferences.app)"
echo "No recent items in dock"
defaults write com.apple.dock show-recents -bool FALSE
echo "Switch to dark mode"
defaults write "Apple Global Domain" "AppleInterfaceStyle" "Dark"
echo "Turn on Scroll Reverser"
open /Applications/Scroll\ Reverser.app
osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/Scroll Reverser.app", hidden:false}'
echo "Allow apps from anywhere"
SPCTL=$(spctl --status)
if ! [ "$SPCTL" = "assessments disabled" ]
then
sudo spctl --master-disable
fi
# ---
echo "Reset Launchpad"
# [ -e ~/Library/Application\ Support/Dock/*.db ] && rm ~/Library/Application\ Support/Dock/*.db
rm ~/Library/Application\ Support/Dock/*.db
echo "Show the ~/Library folder"
chflags nohidden ~/Library
# Clean up
echo "Kill affected applications"
for app in Safari Finder Dock Mail SystemUIServer; do killall "$app" >/dev/null 2>&1; done

5
legacy/scripts/npm Executable file
View File

@ -0,0 +1,5 @@
#!/bin/sh
npm update -g
npm install -g pyright
npm install -g diagnostic-languageserver

48
legacy/scripts/rust Executable file
View File

@ -0,0 +1,48 @@
#!/bin/sh
install_rust() {
if ! (which ~/.cargo/bin/rustup > /dev/null)
then
echo "installing rustup"
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
fi
echo "rustup ✓"
}
update_rust() {
~/.cargo/bin/rustup update > /dev/null 2>&1
rust_version=$(~/.cargo/bin/rustc --version | awk '{print $2}')
echo "latest rust: $rust_version ✓"
}
download_rust_analyzer() {
if ! (which rust-analyzer > /dev/null)
then
echo "downloading rust analyzer"
rust_analyzer_bin=/usr/local/bin/rust-analyzer
curl -s -L https://github.com/rust-analyzer/rust-analyzer/releases/latest/download/rust-analyzer-mac -o $rust_analyzer_bin
chmod +x $rust_analyzer_bin
fi
echo "rust-analyzer ✓"
}
# cargo-edit: quickly add and remove packages
# whatfeatures: see optional features for a package
install_cargos() {
set -- \
'cargo-edit' \
'cargo-whatfeatures'
for program do
cargo install "$program"
done
echo "cargos ✓"
}
install_rust
update_rust
download_rust_analyzer
install_cargos

6
legacy/scripts/setup_cheatsheet Executable file
View File

@ -0,0 +1,6 @@
#!/bin/sh
echo "downloading cheatsheet"
curl https://cht.sh/:cht.sh > ~/.local/bin/cheat
chmod 755 ~/.local/bin/cheat
echo "cheatsheet ✓"

46
legacy/scripts/setup_fish Executable file
View File

@ -0,0 +1,46 @@
#!/usr/bin/env fish
set -U FISH_DIR (readlink ~/.config/fish) # Used for getting to this repo
set -Ux DOTS (dirname $FISH_DIR) # Directory of this config repo
set -U CDPATH . $HOME # Directories available for immediate cd
set -Ux EDITOR nvim # Preferred text editor
set -U PROJ $HOME/dev/work # Projects directory
set -Ux NOTES_PATH "$HOME/dev/personal/notes" # Notes directory
set -Ux MANPAGER "nvim +Man!" # Used for reading man pages
set -Ux DIRENV_LOG_FORMAT "" # Disable direnv output
set -Ux BROWSER "/Applications/Firefox.app/Contents/MacOS/firefox"
# Load abbreviations
abbrs
# Turn off greeting
set -U fish_greeting ""
# Set colors (Base16 Eighties)
set -U fish_color_normal normal
set -U fish_color_command 99cc99
set -U fish_color_quote ffcc66
set -U fish_color_redirection d3d0c8
set -U fish_color_end cc99cc
set -U fish_color_error f2777a
set -U fish_color_selection white --bold --background=brblack
set -U fish_color_search_match bryellow --background=brblack
set -U fish_color_history_current --bold
set -U fish_color_operator 6699cc
set -U fish_color_escape 66cccc
set -U fish_color_cwd green
set -U fish_color_cwd_root red
set -U fish_color_valid_path --underline
set -U fish_color_autosuggestion 747369
set -U fish_color_user brgreen
set -U fish_color_host normal
set -U fish_color_cancel -r
set -U fish_pager_color_completion normal
set -U fish_pager_color_description B3A06D yellow
set -U fish_pager_color_prefix white --bold --underline
set -U fish_pager_color_progress brwhite --background=cyan
set -U fish_color_comment ffcc66
set -U fish_color_param d3d0c8
set -U fish_color_match 6699cc
echo "fish setup ✓"

7
legacy/scripts/setup_ytfzf Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
echo "downloading ytfzf"
mkdir -p ~/.local/bin
curl -sL "https://raw.githubusercontent.com/pystardust/ytfzf/master/ytfzf" >~/.local/bin/ytfzf
chmod 755 ~/.local/bin/ytfzf
echo "ytfzf ✓"

8
legacy/templates/kubernetes/clusterrole.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name:
rules:
- apiGroups: [""]
resources:
verbs: []

12
legacy/templates/kubernetes/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name:
subjects:
- kind: ServiceAccount
name:
namespace: default

8
legacy/templates/kubernetes/configmap.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name:
namespace: default
annotations:
replicator.v1.mittwald.de/replicate-to: ".*"
data:

33
legacy/templates/kubernetes/deployment.yaml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name:
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app:
template:
metadata:
labels:
app:
spec:
serviceAccountName:
containers:
- name:
image:
imagePullPolicy: Always
envFrom:
- configMapRef:
name:
- secretRef:
name:
ports:
- containerPort:
protocol: TCP
resources:
limits:
cpu:
requests:
cpu:

21
legacy/templates/kubernetes/ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: networking.k8s.io/v1beta1 # must be beta until k8s 1.19
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name:
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/security-groups:
alb.ingress.kubernetes.io/tags: Project=
alb.ingress.kubernetes.io/target-type: instance
name:
namespace:
spec:
rules:
- host:
http:
paths:
- backend:
serviceName:
servicePort:

10
legacy/templates/kubernetes/role.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name:
namespace: default
rules:
- apiGroups: [""]
resourceNames:
resources:
verbs:

13
legacy/templates/kubernetes/rolebinding.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name:
namespace: default
roleRef:
kind:
name:
apiGroup: rbac.authorization.k8s.io
subjects:
- kind:
name:
apiGroup: rbac.authorization.k8s.io

8
legacy/templates/kubernetes/secret.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name:
namespace: default
annotations:
replicator.v1.mittwald.de/replicate-to: ".*"
data:

15
legacy/templates/kubernetes/service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
annotations:
alb.ingress.kubernetes.io/healthcheck-path:
name:
namespace: default
spec:
ports:
- port: 443
protocol: TCP
targetPort: 80
selector:
app:
type: NodePort

5
legacy/templates/kubernetes/serviceaccount.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name:
namespace: default

12
legacy/templates/programs/skeleton.py Normal file
View File

@ -0,0 +1,12 @@
#!/usr/bin/env python
"""
Program
"""
def main():
"""Run the program"""
pass
if __name__ == "__main__":
main()

8
legacy/templates/programs/skeleton.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
if [ "$1" = "--help" ] || [ "$1" = "-h" ]; then
cat <<EOH
Help text
EOH
exit
fi

21
misc/README.md
View File

@ -1,21 +0,0 @@
# Miscellaneous
These files contain important data sourced by the configuration, or simply
information to store for safekeeping later.
---
Creating hashed password for [password.sha512](./password.sha512):
```
mkpasswd -m sha-512
```
---
Getting key for [public-keys](./public-keys):
```
ssh-keyscan -t ed25519 <hostname>
```

23
misc/libratbag-profile
View File

@ -1,23 +0,0 @@
Profile 1: (active)
Name: n/a
Report Rate: 1000Hz
Resolutions:
0: 400dpi (active) (default)
1: 800dpi
2: 1600dpi
3: 2400dpi
4: 0dpi
Button: 0 is mapped to 'button 1'
Button: 1 is mapped to 'button 2'
Button: 2 is mapped to 'button 3'
Button: 3 is mapped to 'button 4'
Button: 4 is mapped to 'button 5'
Button: 5 is mapped to macro '↕F11'
Button: 6 is mapped to macro '↕VOLUMEDOWN'
Button: 7 is mapped to macro '↕VOLUMEUP'
Button: 8 is mapped to 'unknown'
Button: 9 is mapped to 'wheel-right'
Button: 10 is mapped to 'wheel-left'
LED: 0, depth: monochrome, mode: on, color: 000000
LED: 1, depth: monochrome, mode: on, color: 000000
LED: 2, depth: monochrome, mode: on, color: 000000

1
misc/password.sha512
View File

@ -1 +0,0 @@
$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.

6
misc/public-keys
View File

@ -1,6 +0,0 @@
# Scan hosts: ssh-keyscan -t ed25519 <hostnames>
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI flame
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9mwXlZnIALt9SnH3FOZvdgHLM5ZqwYUERXBbM7Rwh6 swan
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3yHivgEXr2ecwe58h9bkhwTYivf3GwL8xenQKMeiUb tempest

9
modules/README.md
View File

@ -1,9 +0,0 @@
# Modules
| Module | Purpose |
| --- | --- |
| [common](./common/default.nix) | User programs and OS-agnostic configuration |
| [darwin](./darwin/default.nix) | macOS-specific configuration |
| [nixos](./nixos/default.nix) | NixOS-specific configuration |
| [wsl](./wsl/default.nix) | WSL-specific configuration |

10
modules/applications/1password.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.gui.enable {
unfreePackages = [ "1password" "_1password-gui" ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ _1password-gui ];
};
};
}

55
modules/common/applications/alacritty.nix → modules/applications/alacritty.nix
View File

@ -1,15 +1,6 @@
{ config, pkgs, lib, ... }: {
options = {
alacritty = {
enable = lib.mkEnableOption {
description = "Enable Alacritty.";
default = false;
};
};
};
config = lib.mkIf (config.gui.enable && config.alacritty.enable) {
config = lib.mkIf config.gui.enable {
home-manager.users.${config.user} = {
xsession.windowManager.i3.config.terminal = "alacritty";
programs.rofi.terminal = "${pkgs.alacritty}/bin/alacritty";
@ -32,8 +23,8 @@
key_bindings = [
# Used for word completion in fish_user_key_bindings
{
key = "Return";
mods = "Shift";
key = "L";
mods = "Control|Shift";
chars = "\\x1F";
}
# Used for searching nixpkgs in fish_user_key_bindings
@ -43,8 +34,8 @@
chars = "\\x11F";
}
{
key = "H";
mods = "Control|Shift";
key = "K";
mods = "Control";
mode = "~Vi";
action = "ToggleViMode";
}
@ -63,32 +54,32 @@
];
colors = {
primary = {
background = config.theme.colors.base00;
foreground = config.theme.colors.base05;
background = config.colorscheme.base00;
foreground = config.colorscheme.base05;
};
cursor = {
text = "#1d2021";
cursor = config.theme.colors.base05;
cursor = config.colorscheme.base05;
};
normal = {
black = "#1d2021";
red = config.theme.colors.base08;
green = config.theme.colors.base0B;
yellow = config.theme.colors.base0A;
blue = config.theme.colors.base0D;
magenta = config.theme.colors.base0E;
cyan = config.theme.colors.base0C;
white = config.theme.colors.base05;
red = config.colorscheme.base08;
green = config.colorscheme.base0B;
yellow = config.colorscheme.base0A;
blue = config.colorscheme.base0D;
magenta = config.colorscheme.base0E;
cyan = config.colorscheme.base0C;
white = config.colorscheme.base05;
};
bright = {
black = config.theme.colors.base03;
red = config.theme.colors.base09;
green = config.theme.colors.base01;
yellow = config.theme.colors.base02;
blue = config.theme.colors.base04;
magenta = config.theme.colors.base06;
cyan = config.theme.colors.base0F;
white = config.theme.colors.base07;
black = config.colorscheme.base03;
red = config.colorscheme.base09;
green = config.colorscheme.base01;
yellow = config.colorscheme.base02;
blue = config.colorscheme.base04;
magenta = config.colorscheme.base06;
cyan = config.colorscheme.base0F;
white = config.colorscheme.base07;
};
};
draw_bold_text_with_bright_colors = false;

13
modules/nixos/applications/calibre.nix → modules/applications/calibre.nix
View File

@ -1,21 +1,10 @@
{ config, pkgs, lib, ... }: {
options = {
calibre = {
enable = lib.mkEnableOption {
description = "Enable Calibre.";
default = false;
};
};
};
config = lib.mkIf (config.gui.enable && config.calibre.enable) {
config = lib.mkIf config.gui.enable {
home-manager.users.${config.user} = {
home.packages = with pkgs; [ calibre ];
# home.sessionVariables = { CALIBRE_USE_DARK_PALETTE = 1; };
};
# Forces Calibre to use dark mode
environment.sessionVariables = { CALIBRE_USE_DARK_PALETTE = "1"; };
};
}

5
modules/common/applications/default.nix → modules/applications/default.nix
View File

@ -3,14 +3,13 @@
imports = [
./1password.nix
./alacritty.nix
./calibre.nix
./discord.nix
./firefox.nix
./kitty.nix
./media.nix
./obsidian.nix
./qbittorrent.nix
./slack.nix
./yt-dlp.nix
./nautilus.nix
];
}

11
modules/common/applications/discord.nix → modules/applications/discord.nix
View File

@ -1,15 +1,6 @@
{ config, pkgs, lib, ... }: {
options = {
discord = {
enable = lib.mkEnableOption {
description = "Enable Discord.";
default = false;
};
};
};
config = lib.mkIf (config.gui.enable && config.discord.enable) {
config = lib.mkIf config.gui.enable {
unfreePackages = [ "discord" ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ discord ];

121
modules/applications/firefox.nix Normal file
View File

@ -0,0 +1,121 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.gui.enable {
unfreePackages = [ "onepassword-password-manager" "okta-browser-plugin" ];
home-manager.users.${config.user} = {
programs.firefox = {
enable = true;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
vimium
multi-account-containers
facebook-container
temporary-containers
onepassword-password-manager
okta-browser-plugin
sponsorblock
reddit-enhancement-suite
bypass-paywalls-clean
markdownload
darkreader
snowflake
don-t-fuck-with-paste
i-dont-care-about-cookies
];
profiles.Profile0 = {
id = 0;
name = "default";
isDefault = true;
settings = {
"browser.aboutConfig.showWarning" = false;
"browser.warnOnQuit" = false;
"browser.theme.dark-private-windows" = true;
"browser.toolbars.bookmarks.visibility" = "newtab";
"browser.startup.page" = 3; # Restore previous session
"browser.newtabpage.enabled" = false; # Make new tabs blank
"general.autoScroll" = true; # Drag middle-mouse to scroll
"services.sync.prefs.sync.general.autoScroll" =
false; # Prevent disabling autoscroll
"extensions.pocket.enabled" = false;
"toolkit.legacyUserProfileCustomizations.stylesheets" =
true; # Allow userChrome.css
"layout.css.color-mix.enabled" = true;
};
userChrome = ''
:root {
--focus-outline-color: ${config.colorscheme.base04} !important;
--toolbar-color: ${config.colorscheme.base07} !important;
--tab-min-height: 30px !important;
}
/* Background of tab bar */
.toolbar-items {
background-color: ${config.colorscheme.base00} !important;
}
/* Tabs themselves */
.tabbrowser-tab .tab-stack {
border-radius: 5px 5px 0 0;
overflow: hidden;
background-color: ${config.colorscheme.base00};
color: ${config.colorscheme.base06} !important;
}
.tab-content {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 40%, transparent);
border-radius: 5px 5px 0 0;
background-color: ${config.colorscheme.base00};
color: ${config.colorscheme.base06} !important;
}
.tab-content[selected=true] {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent);
background-color: ${config.colorscheme.base01} !important;
color: ${config.colorscheme.base07} !important;
}
/* Below tab bar */
#nav-bar {
background: ${config.colorscheme.base01} !important;
}
/* URL bar in nav bar */
#urlbar[focused=true] {
color: ${config.colorscheme.base07} !important;
background: ${config.colorscheme.base02} !important;
caret-color: ${config.colorscheme.base05} !important;
}
#urlbar:not([focused=true]) {
color: ${config.colorscheme.base04} !important;
background: ${config.colorscheme.base02} !important;
}
#urlbar ::-moz-selection {
color: ${config.colorscheme.base07} !important;
background: ${config.colorscheme.base02} !important;
}
#urlbar-input-container {
border: 1px solid ${config.colorscheme.base01} !important;
}
#urlbar-background {
background: ${config.colorscheme.base01} !important;
}
/* Text in URL bar */
#urlbar-input, #urlbar-scheme, .searchbar-textbox {
color: ${config.colorscheme.base07} !important;
}
'';
userContent = ''
@-moz-document url-prefix(about:blank) {
* {
background-color:${config.colorscheme.base01} !important;
}
}
'';
extraConfig = "";
};
};
};
};
}

11
modules/applications/media.nix Normal file
View File

@ -0,0 +1,11 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.gui.enable {
home-manager.users.${config.user}.home.packages = with pkgs; [
mpv # Video viewer
sxiv # Image viewer
mupdf # PDF viewer
];
};
}

13
modules/applications/nautilus.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }: {
# Install Nautilus file manager
config = lib.mkIf config.gui.enable {
home-manager.users.${config.user} = {
home.packages = with pkgs; [
gnome.nautilus
gnome.sushi # Quick preview with spacebar
];
};
};
}

10
modules/applications/obsidian.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.gui.enable {
unfreePackages = [ "obsidian" ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ obsidian ];
};
};
}

12
modules/applications/qbittorrent.nix Normal file
View File

@ -0,0 +1,12 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.gui.enable {
home-manager.users.${config.user} = {
home.packages = with pkgs; [ qbittorrent ];
};
};
}

20
modules/colorscheme/everforest/default.nix Normal file
View File

@ -0,0 +1,20 @@
{
name = "everforest"; # dark, hard
author = "Sainnhe Park";
base00 = "#2b3339"; # Default Background
base01 = "#323c41"; # Lighter Background
base02 = "#503946"; # Selection Background
base03 = "#868d80"; # Comments, Invisibles, Line Highlighting
base04 = "#d3c6aa"; # Dark Foreground (Used for status bars)
base05 = "#d3c6aa"; # Default Foreground, Caret, Delimiters, Operators
base06 = "#e9e8d2"; # Light Foreground (Not often used)
base07 = "#fff9e8"; # Light Background (Not often used)
base08 = "#7fbbb3"; # Variables, XML Tags, Markup Link Text, ...
base09 = "#d699b6"; # Integers, Boolean, Constants, ...
base0A = "#83c092"; # Classes, Markup Bold, Search Text Background
base0B = "#dbbc7f"; # Strings, Inherited Class, Markup Code, Diff Inserted
base0C = "#e69875"; # Support, Regular Expressions, Escape Characters, ...
base0D = "#a7c080"; # Functions, Methods, Attribute IDs, Headings
base0E = "#e67e80"; # Keywords, Storage, Selector, Markup Italic, Diff Changed
base0F = "#d699b6"; # Deprecated, Opening/Closing Embedded Language Tags, ...
}

22
modules/colorscheme/gruvbox/default.nix Normal file
View File

@ -0,0 +1,22 @@
{
name = "gruvbox"; # Dark, Medium
author =
"Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox)";
base00 = "#282828"; # ----
base01 = "#3c3836"; # ---
base02 = "#504945"; # --
base03 = "#665c54"; # -
base04 = "#bdae93"; # +
base05 = "#d5c4a1"; # ++
base06 = "#ebdbb2"; # +++
base07 = "#fbf1c7"; # ++++
base08 = "#fb4934"; # red
base09 = "#fe8019"; # orange
base0A = "#fabd2f"; # yellow
base0B = "#b8bb26"; # green
base0C = "#8ec07c"; # aqua/cyan
base0D = "#83a598"; # blue
base0E = "#d3869b"; # purple
base0F = "#d65d0e"; # brown
neovimConfig = ./neovim.lua;
}

13
modules/colorscheme/gruvbox/neovim.lua Normal file
View File

@ -0,0 +1,13 @@
local M = {}
M.packer = function(use)
use({
"lifepillar/vim-gruvbox8",
config = function()
vim.g.gruvbox_italicize_strings = 0
vim.cmd("colorscheme gruvbox8")
end,
})
end
return M

21
modules/colorscheme/nord/default.nix Normal file
View File

@ -0,0 +1,21 @@
{
name = "nord";
author = "arcticicestudio";
base00 = "#2E3440";
base01 = "#3B4252";
base02 = "#434C5E";
base03 = "#4C566A";
base04 = "#D8DEE9";
base05 = "#E5E9F0";
base06 = "#ECEFF4";
base07 = "#8FBCBB";
base08 = "#88C0D0";
base09 = "#81A1C1";
base0A = "#5E81AC";
base0B = "#BF616A";
base0C = "#D08770";
base0D = "#EBCB8B";
base0E = "#A3BE8C";
base0F = "#B48EAD";
neovimConfig = ./neovim.lua;
}

13
modules/colorscheme/nord/neovim.lua Normal file
View File

@ -0,0 +1,13 @@
local M = {}
M.packer = function(use)
use({
"shaunsingh/nord.nvim",
config = function()
vim.g.nord_italic = true
vim.cmd("colorscheme nord")
end,
})
end
return M

26
modules/common/applications/1password.nix
View File

@ -1,26 +0,0 @@
{ config, pkgs, lib, ... }: {
options = {
_1password = {
enable = lib.mkEnableOption {
description = "Enable 1Password.";
default = false;
};
};
};
config = lib.mkIf (config.gui.enable && config._1password.enable) {
unfreePackages = [ "1password" "_1password-gui" "1password-cli" ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ _1password-gui ];
};
# https://1password.community/discussion/135462/firefox-extension-does-not-connect-to-linux-app
# Doesn't seem to fix the issue on macOS anyway
environment.etc."1password/custom_allowed_browsers".text = ''
${config.home-manager.users.${config.user}.programs.firefox.package}
firefox
'';
};
}

Some files were not shown because too many files have changed in this diff Show More