noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-06 21:20:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:a15c05491ea0b1eea57d8a7a18a195679b1eea3f
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
..
compare: noah:keyd-2.4.3
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

2 Commits
a15c05491e ... keyd-2.4.3

Author SHA1 Message Date
Noah Masur
1c9bd21ced set keyd overload tap timeout 
helps prevent escape key from being sent if not tapped
 2023-10-07 08:58:34 -04:00
Noah Masur
14d2cbfdfb attempt to upgrade to keyd 2.4.3 pr 2023-10-07 07:52:47 -04:00
154 changed files with 1158 additions and 2498 deletions
Expand all files Collapse all files

134
.github/workflows/arrow.yml vendored
View File

@ -1,134 +0,0 @@
name: Arrow
env:
TERRAFORM_DIRECTORY: hosts/arrow
DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
CLOUDFLARE_R2_ENDPOINT: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_KEY }}
AWS_DEFAULT_REGION: auto
AWS_ENDPOINT_URL_S3: "https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
TF_VAR_vultr_api_key: ${{ secrets.VULTR_API_KEY }}
on:
workflow_dispatch:
inputs:
rebuild:
type: boolean
default: false
action:
type: choice
required: true
default: create
options:
- create
- destroy
jobs:
build-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout Repo Code
uses: actions/checkout@v4
# Enable access to KVM, required to build an image
- name: Enable KVM group perms
if: inputs.rebuild && inputs.action != 'destroy'
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
# Install Nix
- name: Install Nix
if: inputs.rebuild && inputs.action != 'destroy'
uses: cachix/install-nix-action@v17
# Build the image
- name: Build Image
if: inputs.rebuild && inputs.action != 'destroy'
run: nix build .#image.arrow
- name: Upload Image to S3
if: inputs.rebuild && inputs.action != 'destroy'
run: |
aws s3 cp \
result/iso/nixos.iso \
s3://noahmasur-arrow-images/arrow.iso \
--endpoint-url "https://${{ env.CLOUDFLARE_R2_ENDPOINT }}"
# # Copy the image to S3
# - name: Upload Image to Cache
# env:
# NIX_CACHE_PRIVATE_KEY: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
# run: |
# echo "$NIX_CACHE_PRIVATE_KEY" > cache.key
# nix store sign --key-file cache.key $(readlink result)
# nix copy --to s3://t2-aws-nixos-test $(readlink result)
# rm cache.key
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform fmt -no-color -check -diff -recursive
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform init
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: inputs.action == 'create'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform apply \
-auto-approve \
-input=false
# Removes infrastructure.
- name: Terraform Destroy
if: inputs.action == 'destroy'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform destroy \
-auto-approve \
-input=false
- name: Get Host IP
if: inputs.action == 'create'
id: host
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform output -raw host_ip
- name: Wait on SSH
if: inputs.action == 'create'
run: |
for i in $(seq 1 15); do
if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
exit 0
fi
sleep 10
done
- name: Write Identity Keys to Files
if: inputs.action == 'create'
run: |
echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
chmod 0600 deploy_ed25519
echo "${{ env.ARROW_IDENTITY_BASE64 }}" | base64 -d > arrow_ed25519
chmod 0600 arrow_ed25519
- name: Copy Identity File to Host
if: inputs.action == 'create'
run: |
ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
scp -i deploy_ed25519 arrow_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519

17
.github/workflows/update.yml vendored
View File

@ -8,7 +8,6 @@ on:
permissions:
contents: write
pull-requests: write
checks: write
jobs:
lockfile:
@ -31,24 +30,8 @@ jobs:
pr-labels: | # Labels to be set on the PR
dependencies
automated
pr-body: |
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
{{ env.GIT_COMMIT_MESSAGE }}
```
- name: Check the Flake
id: check
run: nix flake check
- name: Update Check Status
uses: LouisBrunner/checks-action@v1.6.1
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: Update Flake
conclusion: ${{ job.status }}
output: |
{"summary":"${{ steps.check.outputs.stdout }}"}
- name: Enable Pull Request Automerge
if: success()
run: |

1
.gitignore vendored
View File

@ -1,7 +1,6 @@
.DS_Store
*.bak
*.db
*.qcow2
**/.direnv/**
result
private/**

26
README.md
View File

@ -25,7 +25,7 @@ configuration may be difficult to translate to a non-Nix system.
| Dotfiles | [Home-Manager](https://github.com/nix-community/home-manager) | [Link](./modules/common) |
| Terminal | [Kitty](https://sw.kovidgoyal.net/kitty/) | [Link](./modules/common/applications/kitty.nix) |
| Shell | [Fish](https://fishshell.com/) | [Link](./modules/common/shell/fish) |
| Shell Prompt | [Starship](https://starship.rs/) | [Link](./modules/common/shell/starship.nix) |
| Shell Prompt | [Starship](https://starship.rs/) | [Link](./modules/common/shell/starhip.nix) |
| Colorscheme | [Gruvbox](https://github.com/morhetz/gruvbox) | [Link](./colorscheme/gruvbox/default.nix) |
| Wallpaper | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix) |
| Text Editor | [Neovim](https://neovim.io/) | [Link](./modules/common/neovim/config) |
@ -41,30 +41,6 @@ configuration may be difficult to translate to a non-Nix system.
| --- | --- | --- |
| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
# Diagram
![Diagram](https://github.com/nmasur/dotfiles/assets/7386960/ed3e7202-09c4-4a9c-9b14-0272c01647f6)
- [flake.nix](./flake.nix)
- [hosts](./hosts/)
- [modules](./modules/)
---
# Unique Configurations
This repo contains a few more elaborate elements of configuration.
- [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
and source-controlled plugins, differing based on installed LSPs, for example.
- [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based
dynamically on enabled services rendered with Nix.
- [Grafana config](./modules/nixos/services/grafana.nix) rendered with Nix.
- Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
agenix.
- Base16 [colorschemes](./colorscheme/) applied to multiple applications,
including Firefox userChrome.
---
# Installation

1
apps/loadkey.nix
View File

@ -5,7 +5,6 @@
program = builtins.toString (pkgs.writeShellScript "loadkey" ''
printf "\nEnter the seed phrase for your SSH key...\n"
printf "\nThen press ^D when complete.\n\n"
mkdir -p ~/.ssh/
${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519
printf "\n\nContinuing activation.\n\n"
'');

36
disks/root.nix
View File

@ -4,34 +4,38 @@
type = "disk";
device = disk;
content = {
type = "gpt";
partitions = {
type = "table";
format = "gpt";
partitions = [
# Boot partition
ESP = rec {
size = "512MiB";
type = "EF00";
label = "boot";
device = "/dev/disk/by-label/${label}";
{
name = "ESP";
start = "0";
end = "512MiB";
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
extraArgs = [ "-n ${label}" ];
};
extraArgs = [ "-n boot" ];
};
}
# Root partition ext4
root = rec {
size = "100%";
label = "nixos";
device = "/dev/disk/by-label/${label}";
{
name = "root";
start = "512MiB";
end = "100%";
part-type = "primary";
bootable = true;
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
extraArgs = [ "-L ${label}" ];
};
};
extraArgs = [ "-L nixos" ];
};
}
];
};
};
};

17
docs/installation.md
View File

@ -49,24 +49,19 @@ move the `windows/alacritty.yml` file to
To get started on a bare macOS installation, first install Nix:
```bash
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
sh -c "$(curl -L https://nixos.org/nix/install)"
```
Launch a new shell. Then use Nix to switch to the macOS configuration:
Then use Nix to build nix-darwin:
```bash
sudo rm /etc/bashrc
sudo rm /etc/nix/nix.conf
nix \
--extra-experimental-features flakes \
--extra-experimental-features nix-command \
run nix-darwin -- switch \
--flake github:nmasur/dotfiles#lookingglass
nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
./result/bin/darwin-installer
```
Once installed, you can continue to update the macOS configuration:
Then switch to the macOS configuration:
```bash
darwin-rebuild switch --flake ~/dev/personal/dotfiles
darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
```

17
docs/repair-nextcloud.md
View File

@ -63,20 +63,3 @@ Use this mysqldump command:
sudo -u nextcloud mysqldump -S /run/mysqld/mysqld.sock --default-character-set=utf8mb4 nextcloud > backup.sql
```
## Converting to Postgres
Same as MySQL, but run this command instead:
```
sudo -u nextcloud nextcloud-occ db:convert-type pgsql nextcloud /run/postgresql/ nextcloud
```
Then set the `dbtype` to `pgsql`.
## Backing Up Postgres Database
Use this pg_dump command:
```
sudo -u nextcloud pg_dump nextcloud > backup.sql
```

594
flake.lock generated
View File

@ -1,87 +1,6 @@
{
"nodes": {
"baleia-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1704551058,
"narHash": "sha256-0NmiGzMFvL1awYOVtiaSd+O4sAR524x68xwWLgArlqs=",
"owner": "m00qek",
"repo": "baleia.nvim",
"rev": "6d9cbdaca3a428bc7296f838fdfce3ad01ee7495",
"type": "github"
},
"original": {
"owner": "m00qek",
"repo": "baleia.nvim",
"type": "github"
}
},
"base16-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1708139024,
"narHash": "sha256-l0BO2boIy6mwK8ISWS3D68f8egqHYwsGSAnzjbB5aOE=",
"owner": "RRethy",
"repo": "base16-nvim",
"rev": "b3e9ec6a82c05b562cd71f40fe8964438a9ba64a",
"type": "github"
},
"original": {
"owner": "RRethy",
"repo": "base16-nvim",
"type": "github"
}
},
"bufferline-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1706180994,
"narHash": "sha256-/iGzUDJaodkUyWpwim8UtwaRuarfu/Nk6wxVApk+QxY=",
"owner": "akinsho",
"repo": "bufferline.nvim",
"rev": "d6cb9b7cac52887bcac65f8698e67479553c0748",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v4.5.0",
"repo": "bufferline.nvim",
"type": "github"
}
},
"bypass-paywalls-clean": {
"flake": false,
"locked": {
"lastModified": 1709556839,
"narHash": "sha256-LbsaYISpsjCI8DXPu2toBI3uMK+Xau1sWuzA2xsQ6Pg=",
"owner": "magnolia1234",
"repo": "bpc-uploads",
"rev": "0ca7c6a857e4e6c3e508228168e8de70e21cee3a",
"type": "gitlab"
},
"original": {
"owner": "magnolia1234",
"repo": "bpc-uploads",
"type": "gitlab"
}
},
"cmp-nvim-lsp-src": {
"flake": false,
"locked": {
"lastModified": 1702205473,
"narHash": "sha256-/0sh9vJBD9pUuD7q3tNSQ1YLvxFMNykdg5eG+LjZAA8=",
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"rev": "5af77f54de1b16c34b23cba810150689a3a90312",
"type": "github"
},
"original": {
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"type": "github"
}
},
"comment-nvim-src": {
"Comment-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1681214440,
@ -98,6 +17,72 @@
"type": "github"
}
},
"age": {
"flake": false,
"locked": {
"lastModified": 1672087018,
"narHash": "sha256-LRxxJQLQkzoCNYGS/XBixVmYXoZ1mPHKvFicPGXYLcw=",
"owner": "FiloSottile",
"repo": "age",
"rev": "c6dcfa1efcaa27879762a934d5bea0d1b83a894c",
"type": "github"
},
"original": {
"owner": "FiloSottile",
"ref": "v1.1.1",
"repo": "age",
"type": "github"
}
},
"baleia-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1681806450,
"narHash": "sha256-jxRlIzWbnSj89032msc5w+2TVt7zVyzlxdXxiH1dQqY=",
"owner": "m00qek",
"repo": "baleia.nvim",
"rev": "00bb4af31c8c3865b735d40ebefa6c3f07b2dd16",
"type": "github"
},
"original": {
"owner": "m00qek",
"repo": "baleia.nvim",
"type": "github"
}
},
"bufferline-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1687763763,
"narHash": "sha256-wbOeylzjjScQXkrDbBU2HtrOZrp2YUK+wQ2aOkgxmRQ=",
"owner": "akinsho",
"repo": "bufferline.nvim",
"rev": "bf2f6b7edd0abf6b0732f5e5c0a8f30e51611c75",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v4.2.0",
"repo": "bufferline.nvim",
"type": "github"
}
},
"cmp-nvim-lsp-src": {
"flake": false,
"locked": {
"lastModified": 1687494203,
"narHash": "sha256-mU0soCz79erJXMMqD/FyrJZ0mu2n6fE0deymPzQlxts=",
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"rev": "44b16d11215dce86f253ce0c30949813c0a90765",
"type": "github"
},
"original": {
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -105,11 +90,11 @@
]
},
"locked": {
"lastModified": 1709771483,
"narHash": "sha256-Hjzu9nCknHLQvhdaRFfCEprH0o15KcaNu1QDr3J88DI=",
"lastModified": 1696043447,
"narHash": "sha256-VbJ1dY5pVH2fX1bS+cT2+4+BYEk4lMHRP0+udu9G6tk=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "550340062c16d7ef8c2cc20a3d2b97bcd3c6b6f6",
"rev": "792c2e01347cb1b2e7ec84a1ef73453ca86537d8",
"type": "github"
},
"original": {
@ -126,11 +111,11 @@
]
},
"locked": {
"lastModified": 1709967935,
"narHash": "sha256-ZLLdGWs9njivxZsfSzfQN05g6WIyIe24bPb61y7FVqo=",
"lastModified": 1695864092,
"narHash": "sha256-Hu1SkFPqO7ND95AOzBkZE2jGXSYhfZ965C03O72Kbu8=",
"owner": "nix-community",
"repo": "disko",
"rev": "72818e54ec29427f8d9f9cfa6fc859d01ca6dc66",
"rev": "19b62324663b6b9859caf7f335d232cf4f1f6a32",
"type": "github"
},
"original": {
@ -139,23 +124,6 @@
"type": "github"
}
},
"fidget-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1704696337,
"narHash": "sha256-uAX/RGfOmsUIUaDepNwUpK8MBaTMBJ4rLZ69y0MwpNE=",
"owner": "j-hui",
"repo": "fidget.nvim",
"rev": "3a93300c076109d86c7ce35ec67a8034ae6ba9db",
"type": "github"
},
"original": {
"owner": "j-hui",
"ref": "v1.2.0",
"repo": "fidget.nvim",
"type": "github"
}
},
"firefox-darwin": {
"inputs": {
"nixpkgs": [
@ -163,11 +131,11 @@
]
},
"locked": {
"lastModified": 1710031437,
"narHash": "sha256-XauWQSnMUwJOHgW/ByZP1kOrJyNSJxV4aNoBlo8lnoc=",
"lastModified": 1696034364,
"narHash": "sha256-7giewUYqKhhfhKRxe2EPHCpSM0oMLuByW4RTRZl6Jfc=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"rev": "e9883b75736b2d33787c9326d27d719a644b1c35",
"rev": "b1e4d451a15c34d45bfefb05137a20469399a2df",
"type": "github"
},
"original": {
@ -179,11 +147,11 @@
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -197,11 +165,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"type": "github"
},
"original": {
@ -215,11 +183,29 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
@ -231,11 +217,11 @@
"hmts-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1706900289,
"narHash": "sha256-kw3YJ21nhs/x9Jp7kvnL+9FuiSgLB1hO/ON3QeeZx9g=",
"lastModified": 1693226725,
"narHash": "sha256-jUuztOqNBltC3axa7s3CPJz9Cmukfwkf846+Z/gAxCU=",
"owner": "calops",
"repo": "hmts.nvim",
"rev": "ba1239972a1f56b94252d4f85a43e777ac419662",
"rev": "14fd941d7ec2bb98314a1aacaa2573d97f1629ab",
"type": "github"
},
"original": {
@ -251,11 +237,11 @@
]
},
"locked": {
"lastModified": 1709988192,
"narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=",
"lastModified": 1696063111,
"narHash": "sha256-F2IJEbyH3xG0eqyAYn9JoV+niqNz+xb4HICYNkkviNI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030",
"rev": "ae896c810f501bf0c3a2fd7fc2de094dd0addf01",
"type": "github"
},
"original": {
@ -265,87 +251,78 @@
"type": "github"
}
},
"kitty-scrollback-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1710038457,
"narHash": "sha256-/6uDN3wE6uO4yxj7tNtLXjaMse2DCQsehpTnoEyBA/U=",
"owner": "mikesmithgh",
"repo": "kitty-scrollback.nvim",
"rev": "c3014974e4cd498a534ff814761ef794ebb85d01",
"type": "github"
},
"original": {
"owner": "mikesmithgh",
"repo": "kitty-scrollback.nvim",
"type": "github"
}
},
"nextcloud-cookbook": {
"flake": false,
"locked": {
"lastModified": 1702545935,
"narHash": "sha256-19LN1nYJJ0RMWj6DrYPvHzocTyhMfYdpdhBFch3fpHE=",
"narHash": "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=",
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz"
"url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz"
"url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
}
},
"nextcloud-external": {
"flake": false,
"locked": {
"lastModified": 1699624334,
"narHash": "sha256-RCL2RP5twRDLxI/KfAX6QLYQOzqZmSWsfrC5ZQIwTD4=",
"narHash": "sha256-X7eC8T8wSZGVwCQp6U/WxjMC7aIj39osgHotaUoRNSQ=",
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz"
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.2.1/external-v5.2.1.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz"
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.2.1/external-v5.2.1.tar.gz"
}
},
"nextcloud-news": {
"flake": false,
"locked": {
"lastModified": 1703426420,
"narHash": "sha256-AENBJH/bEob5JQvw4WEi864mdLYJ5Mqe78HJH6ceCpI=",
"narHash": "sha256-cfJkKRNSz15L4E3w1tnEb+t4MrVwVzb8lb6vCOA4cK4=",
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz"
"url": "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz"
"url": "https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz"
}
},
"nextcloud-snappymail": {
"flake": false,
"nil": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1710042081,
"narHash": "sha256-UeZXoZFEPJj7zEVNTXJ3IYNt/wI7VFq3Pjh1ubMHCBo=",
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz"
"lastModified": 1691372739,
"narHash": "sha256-fZ8KfBMcIFO/R7xaWtB85SFeuUjb9SCH8fxYBnY8068=",
"owner": "oxalica",
"repo": "nil",
"rev": "97abe7d3d48721d4e0fcc1876eea83bb4247825b",
"type": "github"
},
"original": {
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz"
"owner": "oxalica",
"ref": "2023-08-09",
"repo": "nil",
"type": "github"
}
},
"nix2vim": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1707832982,
"narHash": "sha256-Jsrj8HJyo+PmjrHIDhq4gjZCE0eYCVmmTrx24cG8eOQ=",
"lastModified": 1685980282,
"narHash": "sha256-uQyVaoqkiocA8bXKMfrgizuKmz0hUzHye5owFoUd2AQ=",
"owner": "gytis-ivaskevicius",
"repo": "nix2vim",
"rev": "2fb1328cf058fc967b02f9a5330a99253b4c247e",
"rev": "3836a348503ae27340c7f83f0bc7bcb907f3781d",
"type": "github"
},
"original": {
@ -356,11 +333,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1709426687,
"narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=",
"lastModified": 1693701915,
"narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c",
"rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25",
"type": "github"
},
"original": {
@ -377,11 +354,11 @@
]
},
"locked": {
"lastModified": 1709887845,
"narHash": "sha256-803UIoB8+vGkm/VK/g55aBAAOf/ncTGvxXyjTF4ydm0=",
"lastModified": 1696058303,
"narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "bef32a05496d9480b02be586fa7827748b9e597b",
"rev": "150f38bd1e09e20987feacb1b0d5991357532fb5",
"type": "github"
},
"original": {
@ -392,11 +369,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1709703039,
"narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
"lastModified": 1695830400,
"narHash": "sha256-gToZXQVr0G/1WriO83olnqrLSHF2Jb8BPcmCt497ro0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
"rev": "8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2",
"type": "github"
},
"original": {
@ -406,50 +383,82 @@
"type": "github"
}
},
"nur": {
"nixpkgs-keyd": {
"locked": {
"lastModified": 1710037658,
"narHash": "sha256-6i7th4IX+2E1KX7FEJ4XgYtvQAooLa6YRsUIVRDu0PU=",
"owner": "nix-community",
"repo": "nur",
"rev": "ff870a7e359c3f34fc1144c6c35f76003d6c17e7",
"lastModified": 1690363189,
"narHash": "sha256-Zs0VkngOtQz7nIEO7Wi8AwGB4TBSex2KZAw784aOm2M=",
"owner": "JohnAZoidberg",
"repo": "nixpkgs",
"rev": "6591d332f93422e388ef6337f6b362b4ff8d0724",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nur",
"owner": "JohnAZoidberg",
"ref": "keyd-2.4.3",
"repo": "nixpkgs",
"type": "github"
}
},
"nvim-lint-src": {
"flake": false,
"nixpkgs_2": {
"locked": {
"lastModified": 1709238483,
"narHash": "sha256-fYaiUFNaaSPejKBecKB7ifp/soREWYIh3avemU5qJJE=",
"owner": "mfussenegger",
"repo": "nvim-lint",
"rev": "e824adb9bc01647f71e55457353a68f0f37f9931",
"lastModified": 1695825837,
"narHash": "sha256-4Ne11kNRnQsmSJCRSSNkFRSnHC4Y5gPDBIQGjjPfJiU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5cfafa12d57374f48bcc36fda3274ada276cf69e",
"type": "github"
},
"original": {
"owner": "mfussenegger",
"repo": "nvim-lint",
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"null-ls-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1691810493,
"narHash": "sha256-cWA0rzkOp/ekVKaFee7iea1lhnqKtWUIU+fW5M950wI=",
"owner": "jose-elias-alvarez",
"repo": "null-ls.nvim",
"rev": "0010ea927ab7c09ef0ce9bf28c2b573fc302f5a7",
"type": "github"
},
"original": {
"owner": "jose-elias-alvarez",
"repo": "null-ls.nvim",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1696080597,
"narHash": "sha256-fhf7+NT/xMwPZ/sRT30lnI04AHgf7tLPU4ClMux1nWA=",
"owner": "nix-community",
"repo": "nur",
"rev": "8783c360abc69f58d46a2929534ddd91eb41f3c6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nur",
"type": "github"
}
},
"nvim-lspconfig-src": {
"flake": false,
"locked": {
"lastModified": 1701687137,
"narHash": "sha256-qFjFofA2LoD4yRfx4KGfSCpR3mDkpFaagcm+TVNPqco=",
"lastModified": 1675639052,
"narHash": "sha256-B8IgpypxzCACZ5VcqM6KiWyClaN+KrmemtkwMznmj5Y=",
"owner": "neovim",
"repo": "nvim-lspconfig",
"rev": "cf3dd4a290084a868fac0e2e876039321d57111c",
"rev": "255e07ce2a05627d482d2de77308bba51b90470c",
"type": "github"
},
"original": {
"owner": "neovim",
"ref": "v0.1.7",
"ref": "v0.1.6",
"repo": "nvim-lspconfig",
"type": "github"
}
@ -457,11 +466,11 @@
"nvim-tree-lua-src": {
"flake": false,
"locked": {
"lastModified": 1709951243,
"narHash": "sha256-1lWdTSZt/J4geoQKLkZLQ5Yh992XpZ4cFHw4AGEJFPY=",
"lastModified": 1695716495,
"narHash": "sha256-Fkchn7UuIHPmVFFrx1kzsE2lviJrAFAe9tHu73HnS/w=",
"owner": "kyazdani42",
"repo": "nvim-tree.lua",
"rev": "041dbd18f440207ad161503a384e7c82d575db66",
"rev": "934469b9b6df369e198fb3016969e56393b0dc07",
"type": "github"
},
"original": {
@ -473,11 +482,11 @@
"nvim-treesitter-src": {
"flake": false,
"locked": {
"lastModified": 1709968077,
"narHash": "sha256-5cHJMqbiBAbkis9exMAH5Y2ALynaSVmQT8NQTR4VztM=",
"lastModified": 1696061053,
"narHash": "sha256-KR+VMYTVM2qsLPx412gySAKiGObhs+awbDJhWX72/wY=",
"owner": "nvim-treesitter",
"repo": "nvim-treesitter",
"rev": "7ff51f53b0efb6228df2e8539b51bb2e737b77f3",
"rev": "dd4e2dbc002dfce109d621e8bdcd9d89438b0a32",
"type": "github"
},
"original": {
@ -490,78 +499,41 @@
"proton-ge": {
"flake": false,
"locked": {
"lastModified": 1710987994,
"narHash": "sha256-NqBzKonCYH+hNpVZzDhrVf+r2i6EwLG/IFBXjE2mC7s=",
"narHash": "sha256-75A0VCVdYkiMQ1duE9r2+DLBJzV02vUozoVLeo/TIWQ=",
"type": "tarball",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-2/GE-Proton9-2.tar.gz"
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-2/GE-Proton9-2.tar.gz"
}
},
"ren": {
"flake": false,
"locked": {
"lastModified": 1704996573,
"narHash": "sha256-zVIt6Xp+Mvym6gySvHIZJt1QgzKVP/wbTGTubWk6kzI=",
"owner": "robenkleene",
"repo": "ren-find",
"rev": "50c40172e354caffee48932266edd7c7a76a20fd",
"type": "github"
},
"original": {
"owner": "robenkleene",
"repo": "ren-find",
"type": "github"
}
},
"rep": {
"flake": false,
"locked": {
"lastModified": 1707216692,
"narHash": "sha256-/dH+mNtNHaYFndVhoqmz4Sc3HeemoQt1HGD98mb9Qhw=",
"owner": "robenkleene",
"repo": "rep-grep",
"rev": "10510d47e392cb9d30a861c69f702fd194b3fa88",
"type": "github"
},
"original": {
"owner": "robenkleene",
"repo": "rep-grep",
"type": "github"
"url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz"
}
},
"root": {
"inputs": {
"Comment-nvim-src": "Comment-nvim-src",
"age": "age",
"baleia-nvim-src": "baleia-nvim-src",
"base16-nvim-src": "base16-nvim-src",
"bufferline-nvim-src": "bufferline-nvim-src",
"bypass-paywalls-clean": "bypass-paywalls-clean",
"cmp-nvim-lsp-src": "cmp-nvim-lsp-src",
"comment-nvim-src": "comment-nvim-src",
"darwin": "darwin",
"disko": "disko",
"fidget-nvim-src": "fidget-nvim-src",
"firefox-darwin": "firefox-darwin",
"hmts-nvim-src": "hmts-nvim-src",
"home-manager": "home-manager",
"kitty-scrollback-nvim-src": "kitty-scrollback-nvim-src",
"nextcloud-cookbook": "nextcloud-cookbook",
"nextcloud-external": "nextcloud-external",
"nextcloud-news": "nextcloud-news",
"nextcloud-snappymail": "nextcloud-snappymail",
"nil": "nil",
"nix2vim": "nix2vim",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs",
"nixpkgs-keyd": "nixpkgs-keyd",
"null-ls-nvim-src": "null-ls-nvim-src",
"nur": "nur",
"nvim-lint-src": "nvim-lint-src",
"nvim-lspconfig-src": "nvim-lspconfig-src",
"nvim-tree-lua-src": "nvim-tree-lua-src",
"nvim-treesitter-src": "nvim-treesitter-src",
"proton-ge": "proton-ge",
"ren": "ren",
"rep": "rep",
"telescope-nvim-src": "telescope-nvim-src",
"telescope-project-nvim-src": "telescope-project-nvim-src",
"toggleterm-nvim-src": "toggleterm-nvim-src",
@ -571,12 +543,37 @@
"tree-sitter-puppet": "tree-sitter-puppet",
"tree-sitter-python": "tree-sitter-python",
"tree-sitter-rasi": "tree-sitter-rasi",
"tree-sitter-vimdoc": "tree-sitter-vimdoc",
"vscode-terraform-snippets": "vscode-terraform-snippets",
"wallpapers": "wallpapers",
"wsl": "wsl",
"zenyd-mpv-scripts": "zenyd-mpv-scripts"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"nil",
"flake-utils"
],
"nixpkgs": [
"nil",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688783586,
"narHash": "sha256-HHaM2hk2azslv1kH8zmQxXo2e7i5cKgzNIuK4yftzB0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "7a29283cc242c2486fc67f60b431ef708046d176",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -607,19 +604,34 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"telescope-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1701167040,
"narHash": "sha256-H5RpyWMluE+Yxg7xFX43AZTVW+Yg70DF3FmEGXBUSNg=",
"lastModified": 1686302912,
"narHash": "sha256-fV3LLRwAPykVGc4ImOnUSP+WTrPp9Ad9OTfBJ6wqTMk=",
"owner": "nvim-telescope",
"repo": "telescope.nvim",
"rev": "d90956833d7c27e73c621a61f20b29fdb7122709",
"rev": "776b509f80dd49d8205b9b0d94485568236d1192",
"type": "github"
},
"original": {
"owner": "nvim-telescope",
"ref": "0.1.5",
"ref": "0.1.2",
"repo": "telescope.nvim",
"type": "github"
}
@ -627,11 +639,11 @@
"telescope-project-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1701464478,
"narHash": "sha256-touMCltcnqkrQYV1NtNeWLQeFVGt+WM3aIWIdKilA7w=",
"lastModified": 1682606566,
"narHash": "sha256-H6lrPjpOUVleKHB0ziI+6dthg9ymitHhEWtcgYJTrKo=",
"owner": "nvim-telescope",
"repo": "telescope-project.nvim",
"rev": "1aaf16580a614601a7f7077d9639aeb457dc5559",
"rev": "7c64b181dd4e72deddcf6f319e3bf1e95b2a2f30",
"type": "github"
},
"original": {
@ -643,16 +655,16 @@
"toggleterm-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1701858874,
"narHash": "sha256-vJApw7XY2wOX9InfWcah+hkNxBfS1+kQUWr4ITxRmgA=",
"lastModified": 1685434104,
"narHash": "sha256-oiCnBrvft6XxiQtQH8E4F842xhh348SaTpHzaeb+iDY=",
"owner": "akinsho",
"repo": "toggleterm.nvim",
"rev": "cbd041d91b90cd3c02df03fe6133208888f8e008",
"rev": "95204ece0f2a54c89c4395295432f9aeedca7b5f",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v2.9.0",
"ref": "v2.7.0",
"repo": "toggleterm.nvim",
"type": "github"
}
@ -660,11 +672,11 @@
"tree-sitter-bash": {
"flake": false,
"locked": {
"lastModified": 1707951703,
"narHash": "sha256-SU5wBy81aANd7oUZvYR14Vd53Ml/cBSwDtO6uG34CaE=",
"lastModified": 1695263734,
"narHash": "sha256-dJUJGrpBWBLjcqiqxCnJ/MENwa2+uxAmQD71aYloxsw=",
"owner": "tree-sitter",
"repo": "tree-sitter-bash",
"rev": "975bc70ad95dbbf2733872bc2e0a059c055db983",
"rev": "fd4e40dab883d6456da4d847de8321aee9c80805",
"type": "github"
},
"original": {
@ -677,11 +689,11 @@
"tree-sitter-ini": {
"flake": false,
"locked": {
"lastModified": 1699877527,
"narHash": "sha256-dYPeVTNWO4apY5dsjsKViavU7YtLeGTp6BzEemXhsEU=",
"lastModified": 1690815608,
"narHash": "sha256-IIpKzpA4q1jpYVZ75VZaxWHaqNt8TA427eMOui2s71M=",
"owner": "justinmk",
"repo": "tree-sitter-ini",
"rev": "bcb84a2d4bcd6f55b911c42deade75c8f90cb0c5",
"rev": "7f11a02fb8891482068e0fe419965d7bade81a68",
"type": "github"
},
"original": {
@ -693,11 +705,11 @@
"tree-sitter-lua": {
"flake": false,
"locked": {
"lastModified": 1708499929,
"narHash": "sha256-kzyn6XF4/PN8civ/0UV+ancCMkh7DF2B7WUYxix6aaM=",
"lastModified": 1694072484,
"narHash": "sha256-5t5w8KqbefInNbA12/jpNzmky/uOUhsLjKdEqpl1GEc=",
"owner": "MunifTanjim",
"repo": "tree-sitter-lua",
"rev": "04c9579dcb917255b2e5f8199df4ae7f587d472f",
"rev": "9668709211b2e683f27f414454a8b51bf0a6bda1",
"type": "github"
},
"original": {
@ -710,11 +722,11 @@
"tree-sitter-puppet": {
"flake": false,
"locked": {
"lastModified": 1709480423,
"narHash": "sha256-Lwfiby7amjTIOz8QRoC4RdZyFPfFikmQ2sqta4akyH8=",
"lastModified": 1690231696,
"narHash": "sha256-YEjjy9WLwITERYqoeSVrRYnwVBIAwdc4o0lvAK9wizw=",
"owner": "amaanq",
"repo": "tree-sitter-puppet",
"rev": "5849f9694197a6e822872945b415429c285fdd54",
"rev": "9ce9a5f7d64528572aaa8d59459ba869e634086b",
"type": "github"
},
"original": {
@ -726,11 +738,11 @@
"tree-sitter-python": {
"flake": false,
"locked": {
"lastModified": 1709753184,
"narHash": "sha256-SqPd9O1OqBEOA+WPLfP3J2vuHWt53G5gI/9FWKQx2/Y=",
"lastModified": 1695282953,
"narHash": "sha256-gRhD3M1DkmwYQDDnyRq6QMTWUJUY0vbetGnN+pBTd84=",
"owner": "tree-sitter",
"repo": "tree-sitter-python",
"rev": "03e88c170cb23142559a406b6e7621c4af3128f5",
"rev": "a901729099257aac932d79c60adb5e8a53fa7e6c",
"type": "github"
},
"original": {
@ -743,11 +755,11 @@
"tree-sitter-rasi": {
"flake": false,
"locked": {
"lastModified": 1707776004,
"narHash": "sha256-7zhQ5wGm0FFyuTiBVN2KgvUTw8G6fwUGR8HKJ69kR+c=",
"lastModified": 1678701563,
"narHash": "sha256-2nYZoLcrxxxiOJEySwHUm93lzMg8mU+V7LIP63ntFdA=",
"owner": "Fymyte",
"repo": "tree-sitter-rasi",
"rev": "43196d934a9a6ab3c7093a8683efd0111bb03db1",
"rev": "371dac6bcce0df5566c1cfebde69d90ecbeefd2d",
"type": "github"
},
"original": {
@ -756,19 +768,19 @@
"type": "github"
}
},
"tree-sitter-vimdoc": {
"vscode-terraform-snippets": {
"flake": false,
"locked": {
"lastModified": 1709370081,
"narHash": "sha256-v+hSI/6ocC2KxH8ogCexNcxxhcZsl7OvV9197zBCKr4=",
"owner": "neovim",
"repo": "tree-sitter-vimdoc",
"rev": "016ad75faa854e4e13bc40c517015183b795eed9",
"lastModified": 1614849738,
"narHash": "sha256-v392tyzXV+zyBNt5OCB2NBCK7JcByrTa5Ne/nFtSCJI=",
"owner": "run-at-scale",
"repo": "vscode-terraform-doc-snippets",
"rev": "6ab3e44b566e660f38922cf908e6e547eaa5d4b4",
"type": "github"
},
"original": {
"owner": "neovim",
"repo": "tree-sitter-vimdoc",
"owner": "run-at-scale",
"repo": "vscode-terraform-doc-snippets",
"type": "github"
}
},
@ -791,17 +803,15 @@
"wsl": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1709980437,
"narHash": "sha256-rp1MwfRaZl7TPM4E5i1HxQGJCCfMcIa7dOzTX3SW7ro=",
"lastModified": 1696053802,
"narHash": "sha256-8TTbJbtGDz1MstExrVQe56eXZpovvZv6G6L6q/4NOKg=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "e0b9e6c8ff35c7a28cb6baa02d85a9737a2ee4e9",
"rev": "cadde47d123d1a534c272b04a7582f1d11474c48",
"type": "github"
},
"original": {
@ -813,11 +823,11 @@
"zenyd-mpv-scripts": {
"flake": false,
"locked": {
"lastModified": 1707704915,
"narHash": "sha256-9P/8q/OZXfaJMS08acQP4h3/zUA5mKRQee0JmkXcz1w=",
"lastModified": 1650625438,
"narHash": "sha256-OBCuzCtgfSwj0i/rBNranuu4LRc47jObwQIJgQQoerg=",
"owner": "zenyd",
"repo": "mpv-scripts",
"rev": "9bdce0050144cb24f92475f7bdd77180e0e4c26b",
"rev": "19ea069abcb794d1bf8fac2f59b50d71ab992130",
"type": "github"
},
"original": {

120
flake.nix
View File

@ -7,17 +7,18 @@
# Used for system packages
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Update to keyd 2.4.3 not yet in nixpkgs-unstable
# https://github.com/NixOS/nixpkgs/pull/245327
nixpkgs-keyd.url = "github:JohnAZoidberg/nixpkgs/keyd-2.4.3";
# Used for MacOS system config
darwin = {
url = "github:lnl7/nix-darwin/master";
url = "github:/lnl7/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs";
};
# Used for Windows Subsystem for Linux compatibility
wsl = {
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
wsl.url = "github:nix-community/NixOS-WSL";
# Used for user packages and dotfiles
home-manager = {
@ -59,27 +60,31 @@
inputs.nixpkgs.follows = "nixpkgs";
};
# Neovim plugins
base16-nvim-src = {
url = "github:RRethy/base16-nvim";
flake = false;
# Nix language server
nil = {
url = "github:oxalica/nil/2023-08-09";
inputs.nixpkgs.follows = "nixpkgs";
};
# Neovim plugins
nvim-lspconfig-src = {
# https://github.com/neovim/nvim-lspconfig/tags
url = "github:neovim/nvim-lspconfig/v0.1.7";
url = "github:neovim/nvim-lspconfig/v0.1.6";
flake = false;
};
cmp-nvim-lsp-src = {
url = "github:hrsh7th/cmp-nvim-lsp";
flake = false;
};
null-ls-nvim-src = {
url = "github:jose-elias-alvarez/null-ls.nvim";
flake = false;
};
baleia-nvim-src = {
# https://github.com/m00qek/baleia.nvim/tags
url = "github:m00qek/baleia.nvim";
flake = false;
};
comment-nvim-src = {
# https://github.com/numToStr/Comment.nvim/releases
Comment-nvim-src = {
url = "github:numToStr/Comment.nvim/v0.8.0";
flake = false;
};
@ -89,8 +94,7 @@
flake = false;
};
telescope-nvim-src = {
# https://github.com/nvim-telescope/telescope.nvim/releases
url = "github:nvim-telescope/telescope.nvim/0.1.5";
url = "github:nvim-telescope/telescope.nvim/0.1.2";
flake = false;
};
telescope-project-nvim-src = {
@ -98,36 +102,25 @@
flake = false;
};
toggleterm-nvim-src = {
# https://github.com/akinsho/toggleterm.nvim/tags
url = "github:akinsho/toggleterm.nvim/v2.9.0";
url = "github:akinsho/toggleterm.nvim/v2.7.0";
flake = false;
};
bufferline-nvim-src = {
# https://github.com/akinsho/bufferline.nvim/releases
url = "github:akinsho/bufferline.nvim/v4.5.0";
url = "github:akinsho/bufferline.nvim/v4.2.0";
flake = false;
};
nvim-tree-lua-src = {
url = "github:kyazdani42/nvim-tree.lua";
flake = false;
};
vscode-terraform-snippets = {
url = "github:run-at-scale/vscode-terraform-doc-snippets";
flake = false;
};
hmts-nvim-src = {
url = "github:calops/hmts.nvim";
flake = false;
};
fidget-nvim-src = {
# https://github.com/j-hui/fidget.nvim/tags
url = "github:j-hui/fidget.nvim/v1.2.0";
flake = false;
};
kitty-scrollback-nvim-src = {
url = "github:mikesmithgh/kitty-scrollback.nvim";
flake = false;
};
nvim-lint-src = {
url = "github:mfussenegger/nvim-lint";
flake = false;
};
# Tree-Sitter Grammars
tree-sitter-bash = {
@ -154,10 +147,6 @@
url = "github:Fymyte/tree-sitter-rasi";
flake = false;
};
tree-sitter-vimdoc = {
url = "github:neovim/tree-sitter-vimdoc";
flake = false;
};
# MPV Scripts
zenyd-mpv-scripts = {
@ -165,13 +154,9 @@
flake = false;
};
# Ren and rep - CLI find and replace
rep = {
url = "github:robenkleene/rep-grep";
flake = false;
};
ren = {
url = "github:robenkleene/ren-find";
# Age encryption (pin because of failed builds)
age = {
url = "github:FiloSottile/age/v1.1.1";
flake = false;
};
@ -180,14 +165,7 @@
proton-ge = {
# https://github.com/GloriousEggroll/proton-ge-custom/releases
url =
"https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton9-2/GE-Proton9-2.tar.gz";
flake = false;
};
# Firefox addon from outside the extension store
bypass-paywalls-clean = {
# https://gitlab.com/magnolia1234/bpc-uploads/-/commits/master/?ref_type=HEADS
url = "gitlab:magnolia1234/bpc-uploads";
"https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz";
flake = false;
};
@ -195,25 +173,19 @@
nextcloud-news = {
# https://github.com/nextcloud/news/releases
url =
"https://github.com/nextcloud/news/releases/download/25.0.0-alpha3/news.tar.gz";
"https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz";
flake = false;
};
nextcloud-external = {
# https://github.com/nextcloud-releases/external/releases
url =
"https://github.com/nextcloud-releases/external/releases/download/v5.3.1/external-v5.3.1.tar.gz";
"https://github.com/nextcloud-releases/external/releases/download/v5.2.1/external-v5.2.1.tar.gz";
flake = false;
};
nextcloud-cookbook = {
# https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
# https://github.com/nextcloud/cookbook/releases
url =
"https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.0/cookbook-0.11.0.tar.gz";
flake = false;
};
nextcloud-snappymail = {
# https://github.com/the-djmaze/snappymail/releases
url =
"https://snappymail.eu/repository/nextcloud/snappymail-2.32.0-nextcloud.tar.gz";
"https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
flake = false;
};
@ -236,17 +208,13 @@
dotfilesRepo = "https://github.com/nmasur/dotfiles";
hostnames = {
git = "git.${baseName}";
influxdb = "influxdb.${baseName}";
irc = "irc.${baseName}";
metrics = "metrics.${baseName}";
prometheus = "prom.${baseName}";
paperless = "paper.${baseName}";
secrets = "vault.${baseName}";
stream = "stream.${baseName}";
content = "cloud.${baseName}";
books = "books.${baseName}";
download = "download.${baseName}";
transmission = "transmission.${baseName}";
};
};
@ -262,10 +230,9 @@
(import ./overlays/mpv-scripts.nix inputs)
(import ./overlays/nextcloud-apps.nix inputs)
(import ./overlays/betterlockscreen.nix)
(import ./overlays/age.nix inputs)
(import ./overlays/proton-ge.nix inputs)
(import ./overlays/gh-collaborators.nix)
(import ./overlays/bypass-paywalls-clean.nix inputs)
(import ./overlays/ren-rep.nix inputs)
(import ./overlays/keyd.nix inputs)
];
# System types to support.
@ -280,7 +247,6 @@
# Contains my full system builds, including home-manager
# nixos-rebuild switch --flake .#tempest
nixosConfigurations = {
arrow = import ./hosts/arrow { inherit inputs globals overlays; };
tempest = import ./hosts/tempest { inherit inputs globals overlays; };
hydra = import ./hosts/hydra { inherit inputs globals overlays; };
flame = import ./hosts/flame { inherit inputs globals overlays; };
@ -307,8 +273,6 @@
diskoConfigurations = { root = import ./disks/root.nix; };
packages = let
arrow = system:
import ./hosts/arrow { inherit inputs globals overlays system; };
aws = system:
import ./hosts/aws { inherit inputs globals overlays system; };
staff = system:
@ -320,18 +284,8 @@
colors = (import ./colorscheme/gruvbox-dark).dark;
};
in {
x86_64-linux.arrow = arrow "x86_64-linux";
x86_64-linux.aws = aws "x86_64-linux";
x86_64-linux.staff = staff "x86_64-linux";
x86_64-linux.image = {
arrow = inputs.nixos-generators.nixosGenerate {
system = "x86_64-linux";
format = "iso";
modules = import ./hosts/arrow/modules.nix {
inherit inputs globals overlays;
};
};
};
# Package Neovim config into standalone package
x86_64-linux.neovim = neovim "x86_64-linux";
@ -394,10 +348,6 @@
path = ./templates/haskell;
description = "Haskell template";
};
rust = {
path = ./templates/rust;
description = "Rust template";
};
};
};

12
hosts/README.md
View File

@ -12,15 +12,3 @@ These are the individual machines managed by this flake.
| [swan](./swan/default.nix) | Home server |
| [tempest](./tempest/default.nix) | Linux desktop |
## NixOS Workflow
Each hosts file is imported into [nixosConfigurations](../flake.nix) and passed
the arguments from the flake (inputs, globals, overlays). The `nixosSystem`
function in that hosts file will be called by the NixOS module system during a
nixos-rebuild.
Each module in the each host's `modules` list is either a function or an
attrset. The attrsets will simply apply values to options that have been
declared in the config by other modules. Meanwhile, the functions will be
passed various arguments, several of which you will see listed at the top of
each of their files.

8
hosts/arrow/default.nix
View File

@ -1,8 +0,0 @@
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = import ./modules.nix { inherit inputs globals overlays; };
}

92
hosts/arrow/main.tf
View File

@ -1,92 +0,0 @@
terraform {
backend "s3" {
bucket = "noahmasur-terraform"
key = "arrow.tfstate"
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
skip_s3_checksum = true
use_path_style = true
/*
ENVIRONMENT VARIABLES
---------------------
AWS_ACCESS_KEY_ID - R2 token
AWS_SECRET_ACCESS_KEY - R2 secret
AWS_ENDPOINT_URL_S3 - R2 location: https://ACCOUNT_ID.r2.cloudflarestorage.com
*/
}
required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.42.0"
}
vultr = {
source = "vultr/vultr"
version = "2.19.0"
}
}
}
# locals {
# image_file = one(fileset(path.root, "result/iso/nixos.iso"))
# }
# variable "cloudflare_r2_endpoint" {
# type = string
# description = "Domain for the Cloudflare R2 endpoint"
# }
variable "vultr_api_key" {
type = string
description = "API key for Vultr management"
sensitive = true
}
provider "aws" {
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
}
provider "vultr" {
api_key = var.vultr_api_key
}
# data "aws_s3_bucket" "images" {
# bucket = "noahmasur-arrow-images"
# }
#
# resource "aws_s3_object" "image" {
# bucket = data.aws_s3_bucket.images.id
# key = "arrow.iso"
# source = local.image_file
# etag = filemd5(local.image_file)
# acl = "public-read"
# }
resource "vultr_iso_private" "image" {
# url = "https://${var.cloudflare_account_id}.r2.cloudflarestorage.com/${data.aws_s3_bucket.images.id}/${aws_s3_object.image.key}"
url = "https://arrow.images.masu.rs/arrow.iso"
}
resource "vultr_instance" "arrow" {
plan = "vc2-1c-2gb"
region = "ewr"
iso_id = vultr_iso_private.image.id
label = "arrow"
tags = ["arrow"]
enable_ipv6 = false
disable_public_ipv4 = false
backups = "disabled"
ddos_protection = false
activation_email = false
}
output "host_ip" {
value = vultr_instance.arrow.main_ip
}

38
hosts/arrow/modules.nix
View File

@ -1,38 +0,0 @@
{ inputs, globals, overlays }:
[
globals
inputs.home-manager.nixosModules.home-manager
{
nixpkgs.overlays = overlays;
networking.hostName = "arrow";
physical = false;
server = true;
gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark;
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw deploy"
];
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
cloudflare.enable = true;
services.openssh.enable = true;
services.caddy.enable = true;
services.transmission.enable = true;
# nix-index seems to each up too much memory for Vultr
home-manager.users.${globals.user}.programs.nix-index.enable =
inputs.nixpkgs.lib.mkForce false;
virtualisation.vmVariant = {
virtualisation.forwardPorts = [{
from = "host";
host.port = 2222;
guest.port = 22;
}];
};
}
../../modules/common
../../modules/nixos
]

5
hosts/aws/default.nix
View File

@ -12,9 +12,8 @@ inputs.nixos-generators.nixosGenerate {
gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark;
passwordHash = null;
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# AWS settings require this
permitRootLogin = "prohibit-password";
}

10
hosts/flame/default.nix
View File

@ -1,8 +1,6 @@
# The Flame
# System configuration for an Oracle free server
# See [readme](../README.md) to explain how this file works.
# How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
# These days, probably use nixos-anywhere instead.
@ -52,17 +50,14 @@ inputs.nixpkgs.lib.nixosSystem {
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Programs and services
atuin.enable = true;
cloudflare.enable = true; # Proxy traffic with Cloudflare
dotfiles.enable = true; # Clone dotfiles
neovim.enable = true;
giteaRunner.enable = true;
services.caddy.enable = true;
services.grafana.enable = true;
services.thelounge.enable = true;
services.openssh.enable = true;
services.victoriametrics.enable = true;
services.influxdb2.enable = true;
services.gitea.enable = true;
services.vaultwarden.enable = true;
services.minecraft-server.enable = true; # Setup Minecraft server
@ -84,9 +79,8 @@ inputs.nixpkgs.lib.nixosSystem {
};
# Disable passwords, only use SSH key
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# # Wireguard config for Transmission
# wireguard.enable = true;

2
hosts/hydra/default.nix
View File

@ -1,8 +1,6 @@
# The Hydra
# System configuration for WSL
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {

5
hosts/lookingglass/default.nix
View File

@ -4,7 +4,7 @@
{ inputs, globals, overlays, ... }:
inputs.darwin.lib.darwinSystem {
system = "aarch64-darwin";
system = "x86_64-darwin";
specialArgs = { };
modules = [
../../modules/common
@ -25,7 +25,6 @@ inputs.darwin.lib.darwinSystem {
dark = true;
};
mail.user = globals.user;
atuin.enable = true;
charm.enable = true;
neovim.enable = true;
mail.enable = true;
@ -38,9 +37,7 @@ inputs.darwin.lib.darwinSystem {
nixlang.enable = true;
terraform.enable = true;
python.enable = true;
rust.enable = true;
lua.enable = true;
obsidian.enable = true;
kubernetes.enable = true;
_1password.enable = true;
slack.enable = true;

19
hosts/swan/default.nix
View File

@ -1,8 +1,6 @@
# The Swan
# System configuration for my home NAS server
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {
@ -56,15 +54,8 @@ inputs.nixpkgs.lib.nixosSystem {
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
};
boot.zfs = {
# Automatically load the ZFS pool on boot
extraPools = [ "tank" ];
# Only try to decrypt datasets with keyfiles
requestEncryptionCredentials =
[ "tank/archive" "tank/generic" "tank/nextcloud" ];
# If password is requested and fails, continue to boot eventually
passwordTimeout = 300;
};
boot.zfs.extraPools = [ "tank" ];
# Theming
@ -75,7 +66,6 @@ inputs.nixpkgs.lib.nixosSystem {
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Programs and services
atuin.enable = true;
neovim.enable = true;
cloudflare.enable = true;
dotfiles.enable = true;
@ -89,8 +79,6 @@ inputs.nixpkgs.lib.nixosSystem {
services.prometheus.enable = false;
services.vmagent.enable = true;
services.samba.enable = true;
services.paperless.enable = true;
services.postgresql.enable = true;
# Allows private remote access over the internet
cloudflareTunnel = {
@ -109,9 +97,8 @@ inputs.nixpkgs.lib.nixosSystem {
};
# Disable passwords, only use SSH key
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
}
];
}

5
hosts/tempest/default.nix
View File

@ -1,8 +1,6 @@
# The Tempest
# System configuration for my desktop
# See [readme](../README.md) to explain how this file works.
{ inputs, globals, overlays, ... }:
inputs.nixpkgs.lib.nixosSystem {
@ -85,7 +83,6 @@ inputs.nixpkgs.lib.nixosSystem {
gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
# Programs and services
atuin.enable = true;
charm.enable = true;
neovim.enable = true;
media.enable = true;
@ -102,8 +99,6 @@ inputs.nixpkgs.lib.nixosSystem {
keybase.enable = true;
mullvad.enable = false;
nixlang.enable = true;
rust.enable = true;
terraform.enable = true;
yt-dlp.enable = true;
gaming = {
dwarf-fortress.enable = true;

1
misc/public-keys
View File

@ -4,4 +4,3 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI flame
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9mwXlZnIALt9SnH3FOZvdgHLM5ZqwYUERXBbM7Rwh6 swan
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3yHivgEXr2ecwe58h9bkhwTYivf3GwL8xenQKMeiUb tempest
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmGHIWBZzRx35/yFgnPJSHN2+35WJ30G9c5tDhPsCrl arrow

18
modules/common/applications/1password.nix
View File

@ -9,22 +9,12 @@
};
};
config = lib.mkIf (config.gui.enable && config._1password.enable) {
unfreePackages = [ "1password" "_1password-gui" "1password-cli" ];
config = lib.mkIf
(config.gui.enable && config._1password.enable && pkgs.stdenv.isLinux) {
unfreePackages = [ "1password" "_1password-gui" ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ _1password-gui _1password ];
home.packages = with pkgs; [ _1password-gui ];
};
# https://1password.community/discussion/135462/firefox-extension-does-not-connect-to-linux-app
# On Mac, does not apply: https://1password.community/discussion/142794/app-and-browser-integration
# However, the button doesn't work either:
# https://1password.community/discussion/140735/extending-support-for-trusted-web-browsers
environment.etc."1password/custom_allowed_browsers".text = ''
${
config.home-manager.users.${config.user}.programs.firefox.package
}/Applications/Firefox.app/Contents/MacOS/firefox
firefox
'';
};
}

2
modules/common/applications/discord.nix
View File

@ -11,8 +11,8 @@
config = lib.mkIf (config.gui.enable && config.discord.enable) {
unfreePackages = [ "discord" ];
environment.systemPackages = [ pkgs.discord ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ discord ];
xdg.configFile."discord/settings.json".text = ''
{
"BACKGROUND_COLOR": "#202225",

32
modules/common/applications/firefox.nix
View File

@ -16,6 +16,7 @@
unfreePackages = [
(lib.mkIf config._1password.enable "onepassword-password-manager")
"okta-browser-plugin"
"wappalyzer"
];
home-manager.users.${config.user} = {
@ -28,22 +29,22 @@
id = 0;
name = "default";
isDefault = true;
# https://nur.nix-community.org/repos/rycee/
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
(lib.mkIf config._1password.enable onepassword-password-manager)
pkgs.bypass-paywalls-clean
darkreader
don-t-fuck-with-paste
facebook-container
markdownload
ublock-origin
vimium
multi-account-containers
facebook-container
(lib.mkIf config._1password.enable onepassword-password-manager)
okta-browser-plugin
sponsorblock
reddit-enhancement-suite
return-youtube-dislikes
sponsorblock
ublock-origin
ublacklist
vimium
markdownload
darkreader
snowflake
don-t-fuck-with-paste
i-dont-care-about-cookies
wappalyzer
];
settings = {
"app.update.auto" = false;
@ -73,8 +74,6 @@
"media.ffmpeg.vaapi.enabled" =
true; # Enable hardware video acceleration
"cookiebanners.ui.desktop.enabled" = true; # Reject cookie popups
"devtools.command-button-screenshot.enabled" =
true; # Scrolling screenshot of entire page
"svg.context-properties.content.enabled" = true; # Sidebery styling
};
userChrome = ''
@ -116,7 +115,7 @@
background-color: ${config.theme.colors.base00};
color: ${config.theme.colors.base06} !important;
}
.tab-content[selected] {
.tab-content[selected=true] {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent);
background-color: ${config.theme.colors.base01} !important;
color: ${config.theme.colors.base07} !important;
@ -163,11 +162,6 @@
};
xdg.mimeApps = {
associations.added = { "text.html" = [ "firefox.desktop" ]; };
defaultApplications = { "text.html" = [ "firefox.desktop" ]; };
};
xsession.windowManager.i3.config.keybindings =
lib.mkIf pkgs.stdenv.isLinux {
"${

15
modules/common/applications/kitty.nix
View File

@ -45,20 +45,9 @@
# Easy fullscreen toggle (for macOS)
"super+f" = "toggle_fullscreen";
# Kitty scrollback nvim
"kitty_mod+h" = "kitty_scrollback_nvim";
"kitty_mod+g" =
"kitty_scrollback_nvim --config ksb_builtin_last_cmd_output";
};
settings = {
# Required for kitty-scrollback.nvim
allow_remote_control = "socket-only";
listen_on = "unix:/tmp/kitty";
action_alias =
"kitty_scrollback_nvim kitten ${pkgs.vimPlugins.kitty-scrollback-nvim}/python/kitty_scrollback_nvim.py";
# Colors (adapted from: https://github.com/kdrag0n/base16-kitty/blob/master/templates/default-256.mustache)
background = config.theme.colors.base00;
foreground = config.theme.colors.base05;
@ -103,8 +92,8 @@
color21 = config.theme.colors.base06;
# Scrollback
scrollback_lines = 10000;
scrollback_pager_history_size = 300; # MB
scrolling_lines = 10000;
scrollback_pager_history_size = 10; # MB
# Window
window_padding_width = 6;

2
modules/common/applications/media.nix
View File

@ -40,7 +40,6 @@
associations.added = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/jpeg" = [ "nsxiv.desktop" ];
"image/png" = [ "nsxiv.desktop" ];
"image/*" = [ "nsxiv.desktop" ];
};
associations.removed = {
@ -49,7 +48,6 @@
defaultApplications = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/jpeg" = [ "nsxiv.desktop" ];
"image/png" = [ "nsxiv.desktop" ];
"image/*" = [ "nsxiv.desktop" ];
};
};

5
modules/common/applications/obsidian.nix
View File

@ -15,9 +15,8 @@
home.packages = with pkgs; [ obsidian ];
};
# Broken on 2023-12-11
# https://forum.obsidian.md/t/electron-25-is-now-eol-please-upgrade-to-a-newer-version/72878/8
nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
# Broken on 2023-04-16
nixpkgs.config.permittedInsecurePackages = [ "electron-21.4.0" ];
};

48
modules/common/default.nix
View File

@ -75,18 +75,10 @@
type = lib.types.str;
description = "Hostname for metrics server.";
};
paperless = lib.mkOption {
type = lib.types.str;
description = "Hostname for document server (paperless-ngx).";
};
prometheus = lib.mkOption {
type = lib.types.str;
description = "Hostname for Prometheus server.";
};
influxdb = lib.mkOption {
type = lib.types.str;
description = "Hostname for InfluxDB2 server.";
};
secrets = lib.mkOption {
type = lib.types.str;
description = "Hostname for passwords and secrets (Vaultwarden).";
@ -107,20 +99,44 @@
type = lib.types.str;
description = "Hostname for download services.";
};
irc = lib.mkOption {
type = lib.types.str;
description = "Hostname for IRC services.";
};
transmission = lib.mkOption {
type = lib.types.str;
description = "Hostname for peer2peer downloads (Transmission).";
};
};
};
config = let stateVersion = "23.05";
in {
nix = {
# Enable features in Nix commands
extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
settings = {
# Add community Cachix to binary cache
# Don't use with macOS because blocked by corporate firewall
builders-use-substitutes = true;
substituters = lib.mkIf (!pkgs.stdenv.isDarwin)
[ "https://nix-community.cachix.org" ];
trusted-public-keys = lib.mkIf (!pkgs.stdenv.isDarwin) [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
# Scans and hard links identical files in the store
# Not working with macOS: https://github.com/NixOS/nix/issues/7273
auto-optimise-store = lib.mkIf (!pkgs.stdenv.isDarwin) true;
};
};
# Basic common system packages for all devices
environment.systemPackages = with pkgs; [ git vim wget curl ];

2
modules/common/mail/aerc.nix
View File

@ -68,7 +68,7 @@
"!" = ":term<space>";
"|" = ":pipe<space>";
"/" = ":search<space>-a<space>";
"/" = ":search<space>";
"\\" = ":filter <space>";
n = ":next-result<Enter>";
N = ":prev-result<Enter>";

2
modules/common/mail/himalaya.nix
View File

@ -9,6 +9,8 @@
programs.himalaya = { enable = true; };
accounts.email.accounts.home.himalaya = {
enable = true;
backend = "imap";
sender = "smtp";
settings = {
downloads-dir = config.userDirs.download;
smtp-insecure = true;

2
modules/common/neovim/config/colors.nix
View File

@ -8,7 +8,7 @@
};
config = {
plugins = [ pkgs.vimPlugins.base16-nvim ];
plugins = [ pkgs.vimPlugins.nvim-base16 ];
setup.base16-colorscheme = config.colors;
# Telescope isn't working, shut off for now

17
modules/common/neovim/config/completion.nix
View File

@ -9,6 +9,7 @@
pkgs.vimPlugins.luasnip
pkgs.vimPlugins.cmp_luasnip
pkgs.vimPlugins.cmp-rg
pkgs.vimPlugins.friendly-snippets
];
use.cmp.setup = dsl.callWith {
@ -23,6 +24,13 @@
end
'';
# Enable Luasnip snippet completion
snippet.expand = dsl.rawLua ''
function(args)
require("luasnip").lsp_expand(args.body)
end
'';
# Basic completion keybinds
mapping = {
"['<C-n>']" = dsl.rawLua
@ -62,6 +70,7 @@
sources = [
{ name = "nvim_lua"; } # Fills in common Neovim lua functions
{ name = "nvim_lsp"; } # LSP results
{ name = "luasnip"; } # Snippets
{ name = "path"; } # Shell completion from current PATH
{
name = "buffer"; # Grep for text from the current text buffer
@ -110,6 +119,7 @@
}
vim_item.kind = string.format("%s", kind_icons[vim_item.kind])
vim_item.menu = ({
luasnip = "[Snippet]",
buffer = "[Buffer]",
path = "[Path]",
rg = "[Grep]",
@ -129,6 +139,13 @@
};
lua = ''
-- Load snippets
-- Check status: :lua require("luasnip").log.open()
require("luasnip.loaders.from_vscode").lazy_load()
require("luasnip.loaders.from_vscode").lazy_load({ paths = { "${
builtins.toString pkgs.vscode-terraform-snippets
}" } })
-- Use buffer source for `/`
require('cmp').setup.cmdline("/", {
sources = {

14
modules/common/neovim/config/github.lua
View File

@ -1,14 +0,0 @@
-- Keymap to open file in GitHub web
vim.keymap.set("n", "<Leader>gr", ":!gh browse %<CR><CR>", { silent = true })
-- Pop a terminal to watch the current run
local gitwatch =
require("toggleterm.terminal").Terminal:new({ cmd = "fish --interactive --init-command 'gh run watch'" })
-- Set a toggle for this terminal
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
-- Keymap to toggle the run
vim.keymap.set("n", "<Leader>gw", GITWATCH_TOGGLE)

6
modules/common/neovim/config/kubernetes.lua
View File

@ -1,6 +0,0 @@
local k9s = require("toggleterm.terminal").Terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

132
modules/common/neovim/config/lsp.nix
View File

@ -1,112 +1,76 @@
{ pkgs, lib, config, dsl, ... }: {
{ pkgs, dsl, ... }: {
# Terraform optional because non-free
options.terraform = lib.mkEnableOption "Whether to enable Terraform LSP";
options.github = lib.mkEnableOption "Whether to enable GitHub features";
options.kubernetes =
lib.mkEnableOption "Whether to enable Kubernetes features";
config = {
plugins = [
pkgs.vimPlugins.nvim-lspconfig
pkgs.vimPlugins.conform-nvim
pkgs.vimPlugins.fidget-nvim
pkgs.vimPlugins.nvim-lint
pkgs.vimPlugins.lsp-colors-nvim
pkgs.vimPlugins.null-ls-nvim
];
setup.fidget = { };
use.lspconfig.lua_ls.setup = dsl.callWith {
settings = { Lua = { diagnostics = { globals = [ "vim" "hs" ]; }; }; };
capabilities =
dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
cmd = [ "${pkgs.lua-language-server}/bin/lua-language-server" ];
};
use.lspconfig.nil_ls.setup = dsl.callWith {
cmd = [ "${pkgs.nil}/bin/nil" ];
capabilities =
dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
};
use.lspconfig.pyright.setup = dsl.callWith {
cmd = [ "${pkgs.pyright}/bin/pyright-langserver" "--stdio" ];
};
use.lspconfig.terraformls.setup = dsl.callWith {
cmd = if config.terraform then [
"${pkgs.terraform-ls}/bin/terraform-ls"
"serve"
] else
[ "echo" ];
};
use.lspconfig.terraformls.setup =
dsl.callWith { cmd = [ "${pkgs.terraform-ls}/bin/terraform-ls" "serve" ]; };
use.lspconfig.rust_analyzer.setup = dsl.callWith {
cmd = [ "${pkgs.rust-analyzer}/bin/rust-analyzer" ];
settings = {
"['rust-analyzer']" = {
check = { command = "clippy"; };
files = { excludeDirs = [ ".direnv" ]; };
};
};
};
setup.conform = {
format_on_save = {
# These options will be passed to conform.format()
timeout_ms = 1500;
lsp_fallback = true;
};
formatters_by_ft = {
lua = [ "stylua" ];
python = [ "black" ];
fish = [ "fish_indent" ];
nix = [ "nixfmt" ];
rust = [ "rustfmt" ];
sh = [ "shfmt" ];
terraform = if config.terraform then [ "terraform_fmt" ] else [ ];
hcl = if config.terraform then [ "terraform_fmt" ] else [ ];
};
formatters = {
lua.command = "${pkgs.stylua}/bin/stylua";
black.command = "${pkgs.black}/bin/black";
fish_indent.command = "${pkgs.fish}/bin/fish_indent";
nixfmt.command = "${pkgs.nixfmt}/bin/nixfmt";
rustfmt = {
command = "${pkgs.rustfmt}/bin/rustfmt";
prepend_args = [ "--edition" "2021" ];
};
shfmt = {
command = "${pkgs.shfmt}/bin/shfmt";
prepend_args = [ "-i" "4" "-ci" ];
};
terraform_fmt.command =
if config.terraform then "${pkgs.terraform}/bin/terraform" else "";
};
};
use.lint = {
linters_by_ft = dsl.toTable {
python = [ "ruff" ];
sh = [ "shellcheck" ];
};
};
vim.api.nvim_create_autocmd = dsl.callWith [
(dsl.toTable [ "BufEnter" "BufWritePost" ])
(dsl.rawLua "{ callback = function() require('lint').try_lint() end }")
];
vim.api.nvim_create_augroup = dsl.callWith [ "LspFormatting" { } ];
lua = ''
${builtins.readFile ./lsp.lua}
local ruff = require('lint').linters.ruff; ruff.cmd = "${pkgs.ruff}/bin/ruff"
local shellcheck = require('lint').linters.shellcheck; shellcheck.cmd = "${pkgs.shellcheck}/bin/shellcheck"
-- Prevent infinite log size (change this when debugging)
vim.lsp.set_log_level("off")
require("null-ls").setup({
sources = {
require("null-ls").builtins.formatting.stylua.with({ command = "${pkgs.stylua}/bin/stylua" }),
require("null-ls").builtins.formatting.black.with({ command = "${pkgs.black}/bin/black" }),
require("null-ls").builtins.diagnostics.ruff.with({ command = "${pkgs.ruff}/bin/ruff" }),
require("null-ls").builtins.formatting.fish_indent.with({ command = "${pkgs.fish}/bin/fish_indent" }),
require("null-ls").builtins.formatting.nixfmt.with({ command = "${pkgs.nixfmt}/bin/nixfmt" }),
require("null-ls").builtins.formatting.rustfmt.with({ command = "${pkgs.rustfmt}/bin/rustfmt" }),
require("null-ls").builtins.diagnostics.shellcheck.with({ command = "${pkgs.shellcheck}/bin/shellcheck" }),
require("null-ls").builtins.formatting.shfmt.with({
command = "${pkgs.shfmt}/bin/shfmt",
extra_args = { "-i", "4", "-ci" },
}),
require("null-ls").builtins.formatting.terraform_fmt.with({
command = "${pkgs.terraform}/bin/terraform",
extra_filetypes = { "hcl" },
}),
},
on_attach = function(client, bufnr)
if client.supports_method("textDocument/formatting") then
-- Auto-format on save
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = function()
vim.lsp.buf.format({ bufnr = bufnr })
end,
})
-- Use internal formatting for bindings like gq.
vim.api.nvim_create_autocmd("LspAttach", {
callback = function(args)
vim.bo[args.buf].formatexpr = nil
end,
})
end
end,
})
'';
};
}

8
modules/common/neovim/config/misc.nix
View File

@ -8,15 +8,13 @@
pkgs.vimPlugins.glow-nvim # Markdown preview popup
pkgs.vimPlugins.nvim-colorizer-lua # Hex color previews
pkgs.vimPlugins.which-key-nvim # Keybind helper
pkgs.vimPlugins.kitty-scrollback-nvim # Scrollback pager for kitty
];
# Initialize some plugins
setup.Comment = { };
setup.colorizer = { user_default_options = { names = false; }; };
setup.colorizer = { };
setup.glow = { };
setup.which-key = { };
setup.kitty-scrollback = { };
vim.o = {
termguicolors = true; # Set to truecolor
@ -71,6 +69,10 @@
" Remember last position when reopening file
au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
" LaTeX options
au FileType tex inoremap ;bf \textbf{}<Esc>i
au BufWritePost *.tex silent! execute "!pdflatex -output-directory=%:p:h % >/dev/null 2>&1" | redraw!
" Flash highlight when yanking
au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 }
'';

8
modules/common/neovim/config/syntax.nix
View File

@ -4,7 +4,6 @@
(pkgs.vimPlugins.nvim-treesitter.withPlugins (_plugins:
with pkgs.tree-sitter-grammars; [
tree-sitter-bash
tree-sitter-c
tree-sitter-fish
tree-sitter-hcl
tree-sitter-ini
@ -17,16 +16,15 @@
tree-sitter-python
tree-sitter-rasi
tree-sitter-toml
tree-sitter-vimdoc
tree-sitter-yaml
]))
pkgs.vimPlugins.vim-matchup # Better % jumping in languages
pkgs.vimPlugins.playground # Tree-sitter experimenting
pkgs.vimPlugins.nginx-vim
pkgs.vimPlugins.vim-helm
pkgs.vimPlugins.baleia-nvim # Clean ANSI from kitty scrollback
# pkgs.vimPlugins.hmts-nvim # Tree-sitter injections for home-manager
(pkgs.vimUtils.buildVimPlugin {
pkgs.baleia-nvim # Clean ANSI from kitty scrollback
# pkgs.hmts-nvim # Tree-sitter injections for home-manager
(pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "nmasur";
version = "0.1";
src = ../plugin;

12
modules/common/neovim/config/toggleterm.lua
View File

@ -26,5 +26,17 @@ function NIXPKGS_TOGGLE()
nixpkgs:toggle()
end
local gitwatch = terminal:new({ cmd = "fish --interactive --init-command 'gh run watch'" })
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
local k9s = terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>t", TERM_TOGGLE)
vim.keymap.set("n", "<Leader>P", NIXPKGS_TOGGLE)
vim.keymap.set("n", "<Leader>gw", GITWATCH_TOGGLE)
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

8
modules/common/neovim/config/toggleterm.nix
View File

@ -1,4 +1,4 @@
{ pkgs, dsl, config, ... }: {
{ pkgs, dsl, ... }: {
# Toggleterm provides a floating terminal inside the editor for quick access
@ -10,10 +10,6 @@
direction = "float";
};
lua = ''
${builtins.readFile ./toggleterm.lua}
${if config.github then (builtins.readFile ./github.lua) else ""}
${if config.kubernetes then (builtins.readFile ./kubernetes.lua) else ""}
'';
lua = builtins.readFile ./toggleterm.lua;
}

1
modules/common/neovim/config/tree.nix
View File

@ -63,6 +63,7 @@
'';
view = { # Set look and feel
width = 30;
hide_root_folder = false;
side = "left";
number = false;
relativenumber = false;

7
modules/common/neovim/default.nix
View File

@ -5,9 +5,6 @@ let
neovim = import ./package {
inherit pkgs;
colors = config.theme.colors;
terraform = config.terraform.enable;
github = true;
kubernetes = config.kubernetes.enable;
};
in {
@ -45,8 +42,8 @@ in {
# Requires removing some of the ANSI escape codes that are sent to the
# scrollback using sed and baleia, as well as removing several
# unnecessary features.
programs.kitty.settings.scrollback_pager =
"${neovim}/bin/nvim --headless +'KittyScrollbackGenerateKittens' +'set nonumber' +'set norelativenumber' +'%print' +'quit!' 2>&1";
programs.kitty.settings.scrollback_pager = ''
$SHELL -c 'sed -r "s/[[:cntrl:]]\]133;[AC]..//g" | ${neovim}/bin/nvim -c "setlocal nonumber norelativenumber nolist laststatus=0" -c "lua baleia = require(\"baleia\").setup({}); baleia.once(0)" -c "map <silent> q :qa!<CR>" -c "autocmd VimEnter * normal G"' '';
# Create a desktop option for launching Neovim from a file manager
# (Requires launching the terminal and then executing Neovim)

1
modules/common/neovim/lua/keybinds.lua
View File

@ -39,6 +39,7 @@ key("n", "<Leader>fs", ":write<CR>")
key("n", "<Leader>fd", ":lcd %:p:h<CR>", { silent = true })
key("n", "<Leader>fu", ":lcd ..<CR>", { silent = true })
key("n", "<Leader><Tab>", ":b#<CR>", { silent = true })
key("n", "<Leader>gr", ":!gh browse %<CR><CR>", { silent = true })
key("n", "<Leader>tt", [[<Cmd>exe 'edit $NOTES_PATH/journal/'.strftime("%Y-%m-%d_%a").'.md'<CR>]])
key("n", "<Leader>jj", ":!journal<CR>:e<CR>")

4
modules/common/neovim/package/default.nix
View File

@ -26,13 +26,13 @@
# ] ++ extraConfig;
# }
{ pkgs, colors, terraform ? false, github ? false, kubernetes ? false, ... }:
{ pkgs, colors, ... }:
# Comes from nix2vim overlay:
# https://github.com/gytis-ivaskevicius/nix2vim/blob/master/lib/neovim-builder.nix
pkgs.neovimBuilder {
package = pkgs.neovim-unwrapped;
inherit colors terraform github kubernetes;
inherit colors;
imports = [
../config/align.nix
../config/bufferline.nix

1
modules/common/programming/default.nix
View File

@ -6,7 +6,6 @@
./lua.nix
./nix.nix
./python.nix
./rust.nix
./terraform.nix
];

36
modules/common/programming/kubernetes.nix
View File

@ -24,29 +24,18 @@
# Terminal Kubernetes UI
programs.k9s = {
enable = true;
settings = {
k9s = {
ui = {
enableMouse = true;
headless = true;
logoless = true;
crumbsless = false;
skin = "main";
};
};
};
skins = {
main = {
# settings = { k9s = { headless = true; }; };
skin = {
k9s = {
body = {
fgColor = config.theme.colors.base06;
bgColor = "default";
bgColor = config.theme.colors.base00;
logoColor = config.theme.colors.base02; # *blue ?
};
# Search bar
prompt = {
fgColor = config.theme.colors.base06;
bgColor = "default";
bgColor = config.theme.colors.base00;
suggestColor = config.theme.colors.base03;
};
# Header left side
@ -56,7 +45,7 @@
};
dialog = {
fgColor = config.theme.colors.base06;
bgColor = "default";
bgColor = config.theme.colors.base00;
buttonFgColor = config.theme.colors.base06;
buttonBgColor = config.theme.colors.base0E;
buttonFocusFgColor = config.theme.colors.base07;
@ -90,7 +79,7 @@
};
title = {
fgColor = config.theme.colors.base06;
bgColor = "default";
bgColor = config.theme.colors.base00;
highlightColor = config.theme.colors.base09; # *orange
counterColor = config.theme.colors.base0D; # *blue
filterColor = config.theme.colors.base0E; # *magenta
@ -98,7 +87,7 @@
};
views = {
charts = {
bgColor = "default";
bgColor = config.theme.colors.base00;
defaultDialColors =
[ config.theme.colors.base0D config.theme.colors.base08 ];
# - *blue
@ -111,7 +100,7 @@
table = {
# List of resources
fgColor = config.theme.colors.base06;
bgColor = "default";
bgColor = config.theme.colors.base00;
# Row selection
cursorFgColor = config.theme.colors.base07;
@ -120,13 +109,13 @@
# Header row
header = {
fgColor = config.theme.colors.base0D;
bgColor = "default";
bgColor = config.theme.colors.base00;
sorterColor = config.theme.colors.base0A; # *selection
};
};
xray = {
fgColor = config.theme.colors.base06;
bgColor = "default";
bgColor = config.theme.colors.base00;
cursorColor = config.theme.colors.base06;
graphicColor = config.theme.colors.base0D;
showIcons = false;
@ -138,11 +127,10 @@
};
logs = {
fgColor = config.theme.colors.base06;
bgColor = "default";
bgColor = config.theme.colors.base00;
indicator = {
fgColor = config.theme.colors.base06;
bgColor = "default";
};
bgColor = config.theme.colors.base00;
};
};
};

17
modules/common/programming/rust.nix
View File

@ -1,17 +0,0 @@
{ config, pkgs, lib, ... }: {
options.rust.enable = lib.mkEnableOption "Rust programming language.";
config = lib.mkIf config.rust.enable {
home-manager.users.${config.user} = {
programs.fish.shellAbbrs = { ca = "cargo"; };
home.packages = with pkgs; [ cargo rustc clippy gcc ];
};
};
}

1
modules/common/programming/terraform.nix
View File

@ -3,7 +3,6 @@
options.terraform.enable = lib.mkEnableOption "Terraform tools.";
config = lib.mkIf config.terraform.enable {
unfreePackages = [ "terraform" ];
home-manager.users.${config.user} = {
programs.fish.shellAbbrs = {

39
modules/common/shell/atuin.nix
View File

@ -1,39 +0,0 @@
{ config, lib, ... }: {
# Shell history sync
options.atuin.enable = lib.mkEnableOption "Atuin";
config = {
home-manager.users.${config.user} = lib.mkIf config.atuin.enable {
programs.atuin = {
enable = true;
flags = [ "--disable-up-arrow" "--disable-ctrl-r" ];
settings = {
auto_sync = true;
update_check = false;
sync_address = "https://api.atuin.sh";
search_mode = "fuzzy";
filter_mode = "host"; # global, host, session, directory
search_mode_shell_up_key_binding = "fuzzy";
filter_mode_shell_up_key_binding = "session";
style = "compact"; # or auto,full
show_help = true;
history_filter = [ ];
secrets_filter = true;
enter_accept = false;
keymap_mode = "vim-normal";
};
};
};
# Give root user the same setup
home-manager.users.root.programs.atuin =
config.home-manager.users.${config.user}.programs.atuin;
};
}

4
modules/common/shell/bash/scripts/ocr.sh
View File

@ -31,10 +31,6 @@ STATUS=$?
# because tesseract adds .txt to the given file path anyways. So if we were to
# specify /tmp/ocr.txt as the file path, tesseract would out the text to
# /tmp/ocr.txt.txt
cd /tmp || {
echo "Failed to jump to directory."
exit 1
}
tesseract "$IMAGE_FILE" "${TEXT_FILE//\.txt/}"
# Check if the text was detected by checking number

2
modules/common/shell/default.nix
View File

@ -1,6 +1,5 @@
{ ... }: {
imports = [
./atuin.nix
./bash
./charm.nix
./direnv.nix
@ -12,6 +11,5 @@
./nixpkgs.nix
./starship.nix
./utilities.nix
./work.nix
];
}

16
modules/common/shell/direnv.nix
View File

@ -7,22 +7,6 @@
config = { whitelist = { prefix = [ config.dotfilesPath ]; }; };
};
# programs.direnv.direnvrcExtra = ''
# layout_postgres() {
# export PGDATA="$(direnv_layout_dir)/postgres"
# export PGHOST="$PGDATA"
#
# if [[ ! -d "PGDATA" ]]; then
# initdb
# cat >> "$PGDATA/postgres.conf" <<- EOF
# listen_addresses = '''
# unix_socket_directories = '$PGHOST'
# EOF
# echo "CREATE DATABASE $USER;" | postgres --single -E postgres
# fi
# }
# '';
# Prevent garbage collection
nix.extraOptions = ''
keep-outputs = true

3
modules/common/shell/fish/default.nix
View File

@ -123,6 +123,9 @@
dr = "docker run --rm -it";
db = "docker build . -t";
# Rust
ca = "cargo";
};
shellInit = "";
};

2
modules/common/shell/fish/functions/fish_user_key_bindings.fish
View File

@ -18,5 +18,3 @@ bind -M insert \cn 'commandline -r "nix shell nixpkgs#"'
bind -M default \cn 'commandline -r "nix shell nixpkgs#"'
bind -M insert \x11F nix-fzf
bind -M default \x11F nix-fzf
bind -M insert \ch '_atuin_search --filter-mode global'
bind -M default \ch '_atuin_search --filter-mode global'

7
modules/common/shell/fzf.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: {
{ config, ... }: {
# FZF is a fuzzy-finder for the terminal
@ -16,9 +16,10 @@
--search-path $HOME/dev \
--type directory \
--exact-depth 2 \
| ${pkgs.proximity-sort}/bin/proximity-sort $PWD \
| sed 's/\\/$//' \
| fzf --tiebreak=index \
| fzf \
--delimiter '/' \
--with-nth 6.. \
)
and cd $projdir
and commandline -f execute

29
modules/common/shell/git.nix
View File

@ -28,43 +28,15 @@ in {
userName = config.gitName;
userEmail = config.gitEmail;
extraConfig = {
core.pager =
"${pkgs.git}/share/git/contrib/diff-highlight/diff-highlight | less -F";
interactive.difffilter =
"${pkgs.git}/share/git/contrib/diff-highlight/diff-highlight";
pager = { branch = "false"; };
safe = { directory = config.dotfilesPath; };
pull = { ff = "only"; };
push = { autoSetupRemote = "true"; };
init = { defaultBranch = "master"; };
rebase = { autosquash = "true"; };
gpg = {
format = "ssh";
ssh.allowedSignersFile = "~/.config/git/allowed-signers";
};
commit.gpgsign = true;
tag.gpgsign = true;
};
ignores = [ ".direnv/**" "result" ];
includes = [{
path = "~/.config/git/personal";
condition = "gitdir:~/dev/personal/";
}];
};
# Personal git config
# TODO: fix with variables
xdg.configFile."git/personal".text = ''
[user]
name = "${config.fullName}"
email = "7386960+nmasur@users.noreply.github.com"
signingkey = ~/.ssh/id_ed25519
'';
xdg.configFile."git/allowed-signers".text = ''
7386960+nmasur@users.noreply.github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s
'';
programs.fish.shellAbbrs = {
g = "git";
gs = "git status";
@ -86,7 +58,6 @@ in {
git switch (git symbolic-ref refs/remotes/origin/HEAD | cut -d"/" -f4)'';
gcob = "git switch -c";
gb = "git branch";
gpd = "git push origin -d";
gbd = "git branch -d";
gbD = "git branch -D";
gr = "git reset";

6
modules/common/shell/github.nix
View File

@ -7,7 +7,6 @@
enable = true;
gitCredentialHelper.enable = true;
settings.git_protocol = "https";
extensions = [ pkgs.gh-collaborators ];
};
programs.fish =
@ -15,7 +14,7 @@
shellAbbrs = {
ghr = "gh repo view -w";
gha =
"gh run list | head -1 | awk '{ print \\$\\(NF-2\\) }' | xargs gh run view";
"gh run list | head -1 | awk '{ print $(NF-2) }' | xargs gh run view";
grw = "gh run watch";
grf = "gh run view --log-failed";
grl = "gh run view --log";
@ -48,7 +47,7 @@
esac
selected=$(gh repo list "$organization" \
--limit 100 \
--limit 50 \
--no-archived \
--json=name,description,isPrivate,updatedAt,primaryLanguage \
| jq -r '.[] | .name + "," + if .description == "" then "-" else .description |= gsub(","; " ") | .description end + "," + .updatedAt + "," + .primaryLanguage.name' \
@ -57,7 +56,6 @@
| fzf \
--header-lines=1 \
--layout=reverse \
--height=100% \
--bind "ctrl-o:execute:gh repo view -w ''${organization}/{1}" \
--bind "shift-up:preview-half-page-up" \
--bind "shift-down:preview-half-page-down" \

1
modules/common/shell/jujutsu.nix
View File

@ -4,6 +4,7 @@
home-manager.users.${config.user}.programs.jujutsu = {
enable = true;
enableFishIntegration = true;
# https://github.com/martinvonz/jj/blob/main/docs/config.md
settings = {

48
modules/common/shell/nixpkgs.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
home-manager.users.${config.user} = {
programs.fish = {
@ -60,24 +60,6 @@
enableFishIntegration = true;
};
# Create nix-index if doesn't exist
home.activation.createNixIndex =
let cacheDir = "${config.homePath}/.cache/nix-index";
in lib.mkIf
config.home-manager.users.${config.user}.programs.nix-index.enable
(config.home-manager.users.${config.user}.lib.dag.entryAfter
[ "writeBoundary" ] ''
if [ ! -d ${cacheDir} ]; then
$DRY_RUN_CMD ${pkgs.nix-index}/bin/nix-index -f ${pkgs.path}
fi
'');
# Set automatic generation cleanup for home-manager
nix.gc = {
automatic = config.nix.gc.automatic;
options = config.nix.gc.options;
};
};
nix = {
@ -94,34 +76,6 @@
# For security, only allow specific users
settings.allowed-users = [ "@wheel" config.user ];
# Enable features in Nix commands
extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
gc = {
automatic = true;
options = "--delete-older-than 10d";
};
settings = {
# Add community Cachix to binary cache
# Don't use with macOS because blocked by corporate firewall
builders-use-substitutes = true;
substituters =
lib.mkIf (!pkgs.stdenv.isDarwin) [ "https://nix-community.cachix.org" ];
trusted-public-keys = lib.mkIf (!pkgs.stdenv.isDarwin) [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
# Scans and hard links identical files in the store
# Not working with macOS: https://github.com/NixOS/nix/issues/7273
auto-optimise-store = lib.mkIf (!pkgs.stdenv.isDarwin) true;
};
};
}

9
modules/common/shell/utilities.nix
View File

@ -20,21 +20,15 @@ in {
home.packages = with pkgs; [
age # Encryption
bc # Calculator
delta # Fancy diffs
difftastic # Other fancy diffs
dig # DNS lookup
fd # find
htop # Show system processes
killall # Force quit
inetutils # Includes telnet, whois
jless # JSON viewer
jo # JSON output
jq # JSON manipulation
lf # File viewer
qrencode # Generate qr codes
rsync # Copy folders
ren # Rename files
# rep # Replace text in files
ripgrep # grep
sd # sed
tealdeer # Cheatsheets
@ -50,11 +44,10 @@ in {
home.file = {
".rgignore".text = ignorePatterns;
".fdignore".text = ignorePatterns;
".digrc".text = "+noall +answer"; # Cleaner dig commands
};
xdg.configFile."fd/ignore".text = ignorePatterns;
programs.bat = {
enable = true; # cat replacement
config = {

46
modules/common/shell/work.nix
View File

@ -1,46 +0,0 @@
{ config, pkgs, lib, ... }:
{
home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin {
home.packages = let
ldap_scheme = "ldaps";
magic_number = "2";
magic_end_seq = "corp";
magic_prefix = "take";
ldap_host =
"${magic_prefix}${magic_number}.t${magic_number}.${magic_end_seq}";
ldap_port = 636;
ldap_dc_1 = "${magic_prefix}${magic_number}";
ldap_dc_2 = "t${magic_number}";
ldap_dc_3 = magic_end_seq;
ldap_script = pkgs.writeShellScriptBin "ldap" ''
# if ! [ "$LDAP_HOST" ]; then
# echo "No LDAP_HOST specified!"
# exit 1
# fi
SEARCH_FILTER="$@"
ldapsearch -LLL \
-B -o ldif-wrap=no \
-H "${ldap_scheme}://${ldap_host}:${builtins.toString ldap_port}" \
-D "${pkgs.lib.toUpper magic_prefix}${magic_number}\\${
pkgs.lib.toLower config.user
}" \
-w "$(${pkgs._1password}/bin/op item get T${magic_number} --fields label=password)" \
-b "DC=${ldap_dc_1},DC=${ldap_dc_2},DC=${ldap_dc_3}" \
-s "sub" -x "(cn=$SEARCH_FILTER)" \
| jq --slurp \
--raw-input 'split("\n\n")|map(split("\n")|map(select(.[0:1]!="#" and length>0)) |select(length > 0)|map(capture("^(?<key>[^:]*:?): *(?<value>.*)") |if .key[-1:.key|length] == ":" then .key=.key[0:-1]|.value=(.value|@base64d) else . end)| group_by(.key) | map({key:.[0].key,value:(if .|length > 1 then [.[].value] else .[].value end)}) | from_entries)' | jq -r 'del(.[].thumbnailPhoto)'
'';
ldapm_script = pkgs.writeShellScriptBin "ldapm" ''
${ldap_script}/bin/ldap "$@" | jq '[ .[].memberOf] | add'
'';
ldapg_script = pkgs.writeShellScriptBin "ldapg" ''
${ldap_script}/bin/ldap "$@" | jq '[ .[].member] | add'
'';
in [ ldap_script ldapm_script ldapg_script ];
};
}

5
modules/darwin/hammerspoon.nix
View File

@ -16,7 +16,6 @@
firefox = "${pkgs.firefox-bin}/Applications/Firefox.app";
discord = "${pkgs.discord}/Applications/Discord.app";
kitty = "${pkgs.kitty}/Applications/kitty.app";
obsidian = "${pkgs.obsidian}/Applications/Obsidian.app";
slack = "${pkgs.slack}/Applications/Slack.app";
};
xdg.configFile."hammerspoon/Spoons/MoveWindow.spoon".source =
@ -25,9 +24,9 @@
home.activation.reloadHammerspoon =
config.home-manager.users.${config.user}.lib.dag.entryAfter
[ "writeBoundary" ] ''
$DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.reload()"
$DRY_RUN_CMD /usr/local/bin/hs -c "hs.reload()"
$DRY_RUN_CMD sleep 1
$DRY_RUN_CMD /Applications/Hammerspoon.app/Contents/Frameworks/hs/hs -c "hs.console.clearConsole()"
$DRY_RUN_CMD /usr/local/bin/hs -c "hs.console.clearConsole()"
'';
};

53
modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua
View File

@ -8,8 +8,24 @@ obj.name = "Launcher"
obj.version = "0.1"
obj.license = "MIT - https://opensource.org/licenses/MIT"
local screen = hs.screen.primaryScreen()
local width = hs.screen.mainScreen():fullFrame().w
local switcherWidth = 500
obj.canvas = hs.canvas.new({
x = width / 2 - switcherWidth / 2,
y = 1,
h = 3,
w = switcherWidth,
})
-- Draw switcher
obj.canvas[#obj.canvas + 1] = {
action = "build",
type = "rectangle",
}
obj.canvas[#obj.canvas + 1] = {
type = "rectangle",
fillColor = { alpha = 1, red = 0.8, green = 0.6, blue = 0.3 },
action = "fill",
}
function obj:init()
-- Begin launcher mode
@ -23,29 +39,13 @@ function obj:init()
-- Behaviors on enter
function self.launcher:entered()
-- hs.alert("Entered mode")
obj.canvas = hs.canvas.new({
x = (screen:fullFrame().x + screen:fullFrame().w) / 2 - switcherWidth / 2,
y = 1,
h = 3,
w = switcherWidth,
})
-- Draw switcher
obj.canvas[#obj.canvas + 1] = {
action = "build",
type = "rectangle",
}
obj.canvas[#obj.canvas + 1] = {
type = "rectangle",
fillColor = { alpha = 1, red = 0.8, green = 0.6, blue = 0.3 },
action = "fill",
}
obj.canvas:show()
end
-- Behaviors on exit
function self.launcher:exited()
-- hs.alert("Exited mode")
obj.canvas:delete(0.2)
obj.canvas:hide()
end
-- Use escape to exit launcher mode
@ -54,19 +54,14 @@ function obj:init()
end)
-- Launcher shortcuts
self.launcher:bind("ctrl", "space", function() end)
self.launcher:bind("ctrl", "space", function()
end)
self.launcher:bind("", "return", function()
self:switch("@kitty@")
end)
self.launcher:bind("", "C", function()
self:switch("Calendar.app")
end)
self.launcher:bind("shift", "D", function()
hs.execute("launchctl remove com.paloaltonetworks.gp.pangps")
hs.execute("launchctl remove com.paloaltonetworks.gp.pangpa")
hs.alert.show("Disconnected from GlobalProtect", nil, nil, 4)
self.launcher:exit()
end)
self.launcher:bind("", "E", function()
self:switch("Mail.app")
end)
@ -80,17 +75,11 @@ function obj:init()
self:switch("Messages.app")
end)
self.launcher:bind("", "O", function()
self:switch("@obsidian@")
self:switch("Obsidian.app")
end)
self.launcher:bind("", "P", function()
self:switch("System Preferences.app")
end)
self.launcher:bind("shift", "P", function()
hs.execute("launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangps.plist")
hs.execute("launchctl load /Library/LaunchAgents/com.paloaltonetworks.gp.pangpa.plist")
hs.alert.show("Reconnecting to GlobalProtect", nil, nil, 4)
self.launcher:exit()
end)
self.launcher:bind("", "R", function()
hs.console.clearConsole()
hs.reload()

4
modules/darwin/hammerspoon/Spoons/MoveWindow.spoon/init.lua
View File

@ -9,7 +9,7 @@ obj.version = "0.1"
obj.license = "MIT - https://opensource.org/licenses/MIT"
function obj:init()
hs.window.animationDuration = 0.1
hs.window.animationDuration = 0
dofile(hs.spoons.resourcePath("worklayout.lua"))()
-- bind hotkey
hs.hotkey.bind({ "alt", "ctrl", "cmd" }, "n", function()
@ -56,7 +56,7 @@ function obj:init()
local frame = win:frame()
-- maximize if possible
local max = win:screen():fullFrame()
frame.x = (max.x * 2 + max.w) / 2
frame.x = max.w / 2
frame.y = max.y
frame.w = max.w / 2
frame.h = max.h

1
modules/darwin/hammerspoon/Spoons/MoveWindow.spoon/worklayout.lua
View File

@ -51,7 +51,6 @@ local function worklayout()
local laptop = {
{ "Firefox", nil, LAPTOP_MONITOR, u(0, 0, 1, 1), nil, nil, visible = true },
{ "Obsidian", nil, LAPTOP_MONITOR, u(0, 0, 1, 1), nil, nil, visible = true },
{ "Calendar", nil, LAPTOP_MONITOR, u(0, 0, 1, 1), nil, nil, visible = true },
}
local layout = concat(left, right, laptop)
hs.layout.apply(layout)

2
modules/darwin/hammerspoon/init.lua
View File

@ -1,5 +1,5 @@
hs.ipc.cliInstall() -- Install Hammerspoon CLI program
hs.loadSpoon("ControlEscape"):start() -- Load Hammerspoon bits from https://github.com/jasonrudolph/ControlEscape.spoon
hs.loadSpoon("Launcher"):init()
hs.loadSpoon("DismissAlerts"):init()
hs.loadSpoon("MoveWindow"):init()
hs.ipc.cliInstall() -- Install Hammerspoon CLI program

24
modules/darwin/homebrew.nix
View File

@ -8,15 +8,11 @@
if ! xcode-select --version 2>/dev/null; then
$DRY_RUN_CMD xcode-select --install
fi
if ! /opt/homebrew/bin/brew --version 2>/dev/null; then
if ! /usr/local/bin/brew --version 2>/dev/null; then
$DRY_RUN_CMD /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
fi
'';
# Add homebrew paths to CLI path
home-manager.users.${config.user}.home.sessionPath =
[ "/opt/homebrew/bin/" ];
homebrew = {
enable = true;
onActivation = {
@ -28,19 +24,25 @@
brewfile = true; # Run brew bundle from anywhere
lockfiles = false; # Don't save lockfile (since running from anywhere)
};
taps = [
"homebrew/cask" # Required for casks
"homebrew/cask-drivers" # Used for Logitech G-Hub
];
brews = [
"trash" # Delete files and folders to trash instead of rm
"openjdk" # Required by Apache Directory Studio
];
casks = [
"1password" # 1Password will not launch from Nix on macOS
# "gitify" # Git notifications in menu bar (downgrade manually from 4.6.1)
"1password" # 1Password packaging on Nix is broken for macOS
"apache-directory-studio" # Packaging on Nix is not available for macOS
"gitify" # Git notifications in menu bar
"keybase" # GUI on Nix not available for macOS
# "logitech-g-hub" # Mouse and keyboard management
"logitune" # Logitech webcam firmware
"logitech-g-hub" # Mouse and keyboard management
"meetingbar" # Show meetings in menu bar
"obsidian" # Obsidian packaging on Nix is not available for macOS
"scroll-reverser" # Different scroll style for mouse vs. trackpad
# "steam" # Not packaged for Nix
# "epic-games" # Not packaged for Nix
"steam" # Not packaged for Nix
"epic-games" # Not packaged for Nix
];
};

1
modules/darwin/kitty.nix
View File

@ -3,6 +3,7 @@
# MacOS-specific settings for Kitty
home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin {
programs.kitty = {
darwinLaunchOptions = [ "--start-as=fullscreen" ];
font.size = lib.mkForce 20;
settings = {
shell = "/run/current-system/sw/bin/fish";

2
modules/darwin/networking.nix
View File

@ -2,7 +2,7 @@
config = lib.mkIf pkgs.stdenv.isDarwin {
networking = {
computerName = config.networking.hostName;
computerName = "${config.fullName}'\\''s Mac";
# Adjust if necessary
# hostName = "";
};

125
modules/darwin/system.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: {
{ pkgs, lib, ... }: {
config = lib.mkIf pkgs.stdenv.isDarwin {
@ -34,8 +34,8 @@
# Enable full keyboard access for all controls (e.g. enable Tab in modal dialogs)
AppleKeyboardUIMode = 3;
# Only hide menu bar in fullscreen
_HIHideMenuBar = false;
# Automatically show and hide the menu bar
_HIHideMenuBar = true;
# Expand save panel by default
NSNavPanelExpandedStateForSaveMode = true;
@ -88,21 +88,6 @@
orientation = "bottom";
show-recents = false;
tilesize = 44;
persistent-apps = [
"/Applications/1Password.app"
"${pkgs.slack}/Applications/Slack.app"
"/System/Applications/Calendar.app"
"${pkgs.firefox-bin}/Applications/Firefox.app"
"/System/Applications/Messages.app"
"/System/Applications/Mail.app"
"/Applications/zoom.us.app"
"${pkgs.discord}/Applications/Discord.app"
"${pkgs.obsidian}/Applications/Obsidian.app"
"${pkgs.kitty}/Applications/kitty.app"
"/System/Applications/System Settings.app"
];
};
finder = {
@ -127,67 +112,41 @@
# Disable trackpad tap to click
trackpad.Clicking = false;
# universalaccess = {
# # Zoom in with Control + Scroll Wheel
# closeViewScrollWheelToggle = true;
# closeViewZoomFollowsFocus = true;
# };
# Where to save screenshots
screencapture.location = "~/Downloads";
CustomUserPreferences = {
# Disable disk image verification
"com.apple.frameworks.diskimages" = {
skip-verify = true;
skip-verify-locked = true;
skip-verify-remote = true;
};
# Avoid creating .DS_Store files on network or USB volumes
"com.apple.desktopservices" = {
DSDontWriteNetworkStores = true;
DSDontWriteUSBStores = true;
};
"com.apple.dock" = {
magnification = true;
largesize = 48;
};
# Require password immediately after screen saver begins
"com.apple.screensaver" = {
askForPassword = 1;
askForPasswordDelay = 0;
};
"com.apple.finder" = {
# Disable the warning before emptying the Trash
WarnOnEmptyTrash = false;
# Finder search in current folder by default
FXDefaultSearchScope = "SCcf";
# Default Finder window set to column view
FXPreferredViewStyle = "clmv";
};
"leits.MeetingBar" = {
eventTimeFormat = ''"show"'';
eventTitleFormat = ''"none"'';
eventTitleIconFormat = ''"iconCalendar"'';
slackBrowser =
''{"deletable":true,"arguments":"","name":"Slack","path":""}'';
zoomBrowser =
''{"deletable":true,"arguments":"","name":"Zoom","path":""}'';
KeyboardShortcuts_joinEventShortcut =
''{"carbonModifiers":6400,"carbonKeyCode":38}'';
timeFormat = ''"12-hour"'';
};
};
CustomSystemPreferences = {
};
};
# Settings that don't have an option in nix-darwin
activationScripts.postActivation.text = ''
echo "Disable disk image verification"
defaults write com.apple.frameworks.diskimages skip-verify -bool true
defaults write com.apple.frameworks.diskimages skip-verify-locked -bool true
defaults write com.apple.frameworks.diskimages skip-verify-remote -bool true
echo "Avoid creating .DS_Store files on network volumes"
defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true
echo "Disable the warning before emptying the Trash"
defaults write com.apple.finder WarnOnEmptyTrash -bool false
echo "Require password immediately after sleep or screen saver begins"
defaults write com.apple.screensaver askForPassword -int 1
defaults write com.apple.screensaver askForPasswordDelay -int 0
echo "Allow apps from anywhere"
SPCTL=$(spctl --status)
if ! [ "$SPCTL" = "assessments disabled" ]; then
sudo spctl --master-disable
fi
'';
# User-level settings
@ -195,9 +154,35 @@
echo "Show the ~/Library folder"
chflags nohidden ~/Library
echo "Reduce Menu Bar padding"
defaults write -globalDomain NSStatusItemSelectionPadding -int 6
defaults write -globalDomain NSStatusItemSpacing -int 6
echo "Enable dock magnification"
defaults write com.apple.dock magnification -bool true
echo "Set dock magnification size"
defaults write com.apple.dock largesize -int 48
echo "Define dock icon function"
__dock_item() {
printf "%s%s%s%s%s" \
"<dict><key>tile-data</key><dict><key>file-data</key><dict>" \
"<key>_CFURLString</key><string>" \
"$1" \
"</string><key>_CFURLStringType</key><integer>0</integer>" \
"</dict></dict></dict>"
}
echo "Choose and order dock icons"
defaults write com.apple.dock persistent-apps -array \
"$(__dock_item /Applications/1Password.app)" \
"$(__dock_item ${pkgs.slack}/Applications/Slack.app)" \
"$(__dock_item /System/Applications/Calendar.app)" \
"$(__dock_item ${pkgs.firefox-bin}/Applications/Firefox.app)" \
"$(__dock_item /System/Applications/Messages.app)" \
"$(__dock_item /System/Applications/Mail.app)" \
"$(__dock_item /Applications/zoom.us.app)" \
"$(__dock_item ${pkgs.discord}/Applications/Discord.app)" \
"$(__dock_item /Applications/Obsidian.app)" \
"$(__dock_item ${pkgs.kitty}/Applications/kitty.app)" \
"$(__dock_item /System/Applications/System\ Settings.app)"
'';
};

14
modules/darwin/user.nix
View File

@ -9,18 +9,12 @@
};
home-manager.users.${config.user} = {
# Default shell setting doesn't work
home.sessionVariables = { SHELL = "${pkgs.fish}/bin/fish"; };
# Used for aerc
xdg.enable = true;
home-manager.users.${config.user} = {
home.sessionVariables = {
XDG_CONFIG_HOME = "${config.homePath}/.config";
};
};
# Fix for: 'Error: HOME is set to "/var/root" but we expect "/var/empty"'
home-manager.users.root.home.homeDirectory = lib.mkForce "/var/root";
};

10
modules/darwin/utilities.nix
View File

@ -2,24 +2,20 @@
{
unfreePackages = [ "consul" "vault-bin" ];
home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin {
home.packages = with pkgs; [
visidata # CSV inspector
# visidata # CSV inspector
dos2unix # Convert Windows text files
inetutils # Includes telnet
youtube-dl # Convert web videos
pandoc # Convert text documents
mpd # TUI slideshows
mpv # Video player
gnupg # Encryption
awscli2
ssm-session-manager-plugin
awslogs
google-cloud-sdk
vault-bin
ansible
vault
consul
noti # Create notifications programmatically
ipcalc # Make IP network calculations

11
modules/nixos/applications/nautilus.nix
View File

@ -36,12 +36,23 @@
# Set Nautilus as default for opening directories
xdg.mimeApps = {
associations.added."inode/directory" = [ "org.gnome.Nautilus.desktop" ];
# associations.removed = {
# "inode/directory" = [ "kitty-open.desktop" ];
# };
defaultApplications."inode/directory" =
lib.mkBefore [ "org.gnome.Nautilus.desktop" ];
};
};
# # Set default for opening directories
# xdg.mime = {
# addedAssociations."inode/directory" = [ "org.gnome.Nautilus.desktop" ];
# removedAssociations = { "inode/directory" = [ "kitty-open.desktop" ]; };
# defaultApplications."inode/directory" =
# lib.mkForce [ "org.gnome.Nautilus.desktop" ];
# };
# Delete Trash files older than 1 week
systemd.user.services.empty-trash = {
description = "Empty Trash on a regular basis";

13
modules/nixos/gaming/steam.nix
View File

@ -9,14 +9,6 @@
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
package = pkgs.steam.override {
# Adapted in part from: https://github.com/Shawn8901/nix-configuration/blob/1c48be94238a9f463cf0bbd1e1842a4454286514/modules/nixos/steam-compat-tools/default.nix
# Based on: https://github.com/NixOS/nixpkgs/issues/73323
extraEnv = {
STEAM_EXTRA_COMPAT_TOOLS_PATHS =
lib.makeBinPath [ pkgs.proton-ge-custom ];
};
};
};
environment.systemPackages = with pkgs; [
@ -30,6 +22,11 @@
];
# Adapted in part from: https://github.com/Shawn8901/nix-configuration/blob/1c48be94238a9f463cf0bbd1e1842a4454286514/modules/nixos/steam-compat-tools/default.nix
# Based on: https://github.com/NixOS/nixpkgs/issues/73323
environment.sessionVariables.STEAM_EXTRA_COMPAT_TOOLS_PATHS =
lib.makeBinPath [ pkgs.proton-ge-custom ];
# Seems like NetworkManager can help speed up Steam launch
# https://www.reddit.com/r/archlinux/comments/qguhco/steam_startup_time_arch_1451_seconds_fedora_34/hi8opet/
networking.networkmanager.enable = true;

10
modules/nixos/graphical/i3.nix
View File

@ -95,15 +95,13 @@ in {
# Adjust screen brightness
"Shift+F12" =
# Disable dynamic sleep
# https://github.com/rockowitz/ddcutil/issues/323
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 + 30";
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
"Shift+F11" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 - 30";
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
"XF86MonBrightnessUp" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 + 30";
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
"XF86MonBrightnessDown" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 - 30";
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
# Media player controls
"XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";

13
modules/nixos/graphical/polybar.nix
View File

@ -36,7 +36,7 @@
module-margin = 1;
modules-left = "i3";
modules-center = "xwindow";
modules-right = "mailcount network pulseaudio date keyboard power";
modules-right = "mailcount network pulseaudio date power";
cursor-click = "pointer";
cursor-scroll = "ns-resize";
enable-ipc = true;
@ -141,7 +141,7 @@
format-volume = "<ramp-volume> <label-volume>";
# format-volume-background = colors.background;
# label-volume-background = colors.background;
format-volume-foreground = config.theme.colors.base04;
format-volume-foreground = config.theme.colors.base0B;
label-volume = "%percentage%%";
label-muted = "󰝟 ---";
label-muted-foreground = config.theme.colors.base03;
@ -197,20 +197,13 @@
date = "%d %b %l:%M %p";
date-alt = "%Y-%m-%d %H:%M:%S";
label = "%date%";
label-foreground = config.theme.colors.base06;
label-foreground = config.theme.colors.base0A;
# format-background = colors.background;
};
"module/keyboard" = {
type = "custom/text";
content = "󰌌";
click-left = "doas systemctl restart keyd";
content-foreground = config.theme.colors.base04;
};
"module/power" = {
type = "custom/text";
content = " ";
click-left = config.powerCommand;
click-right = "polybar-msg cmd restart";
content-foreground = config.theme.colors.base04;
};
"settings" = {

7
modules/nixos/graphical/rofi/brightness.nix
View File

@ -28,18 +28,17 @@ in {
-sep ';' \
-selected-row 1)
case "$chosen" in
"$dimmer")
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 25; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 25
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 25; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 25
;;
"$medium")
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 75; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 75
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 75; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 75
;;
"$brighter")
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 100; ${pkgs.ddcutil}/bin/ddcutil --disable-dynamic-sleep --display 2 setvcp 10 100
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 100; ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 100
;;
*) exit 1 ;;

12
modules/nixos/graphical/rofi/power.nix
View File

@ -31,17 +31,15 @@ in {
-sep ';' \
-selected-row 2)
confirm () {
${builtins.readFile ./rofi-prompt.sh}
}
case "$chosen" in
"$power_off")
confirm 'Shutdown?' && doas shutdown now
${
builtins.toString ./rofi-prompt.sh
} 'Shutdown?' && doas shutdown now
;;
"$reboot")
confirm 'Reboot?' && doas reboot
${builtins.toString ./rofi-prompt.sh} 'Reboot?' && doas reboot
;;
"$lock")
@ -53,7 +51,7 @@ in {
;;
"$log_out")
confirm 'Logout?' && i3-msg exit
${builtins.toString ./rofi-prompt.sh} 'Logout?' && i3-msg exit
;;
*) exit 1 ;;

4
modules/nixos/graphical/rofi/rofi-prompt.sh
View File

@ -42,6 +42,6 @@ chosen=$(printf '%s;%s\n' "$yes" "$no" |
-selected-row 1)
case "$chosen" in
"$yes") return 0 ;;
*) return 1 ;;
"$yes") exit 0 ;;
*) exit 1 ;;
esac

2
modules/nixos/hardware/boot.nix
View File

@ -27,7 +27,7 @@
if keystatus --shift ; then
set timeout=-1
else
set timeout=3
set timeout=0
fi
'';
};

19
modules/nixos/hardware/iso.nix
View File

@ -1,19 +0,0 @@
{ config, lib, modulesPath, ... }:
{
# options.iso.enable = lib.mkEnableOption "Enable creating as an ISO.";
#
# imports = [ "${toString modulesPath}/installer/cd-dvd/iso-image.nix" ];
# config = lib.mkIf config.iso.enable {
#
# # EFI booting
# isoImage.makeEfiBootable = true;
#
# # USB booting
# isoImage.makeUsbBootable = true;
#
# };
}

15
modules/nixos/hardware/keyboard.nix
View File

@ -1,10 +1,10 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, ... }: {
config = lib.mkIf config.physical {
config = {
services.xserver = {
xkb.layout = "us";
layout = "us";
# Keyboard responsiveness
autoRepeatDelay = 250;
@ -18,7 +18,14 @@
keyboards = {
default = {
ids = [ "*" ];
settings = { main = { capslock = "overload(control, esc)"; }; };
settings = {
main = { capslock = "overload(control, esc)"; };
# Fix: ctrl-click sends escape afterwards
# Suppresses escape if held for more than 500ms
# https://github.com/rvaiya/keyd/issues/424
global = { overload_tap_timeout = 500; };
};
};
};
};

2
modules/nixos/hardware/networking.nix
View File

@ -12,7 +12,7 @@
domainName = "local";
ipv6 = false; # Should work either way
# Resolve local hostnames using Avahi DNS
nssmdns4 = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;

19
modules/nixos/services/arr.nix
View File

@ -2,7 +2,6 @@
let
# This config specifies ports for Prometheus to scrape information
arrConfig = {
radarr = {
exportarrPort = "9707";
@ -42,8 +41,6 @@ in {
sabnzbd = {
enable = true;
group = "media";
# The config file must be editable within the application
# It contains server configs and credentials
configFile = "/data/downloads/sabnzbd/sabnzbd.ini";
};
sonarr = {
@ -56,23 +53,16 @@ in {
};
};
# Create a media group to be shared between services
users.groups.media = { };
# Give the human user access to the media group
users.users.${config.user}.extraGroups = [ "media" ];
# Allows media group to read/write the sabnzbd directory
users.users.sabnzbd.homeMode = "0770";
unfreePackages = [ "unrar" ]; # Required as a dependency for sabnzbd
unfreePackages = [ "unrar" ]; # Required for sabnzbd
# Requires updating the base_url config value in each service
# If you try to rewrite the URL, the service won't redirect properly
caddy.routes = [
{
# Group means that routes with the same name are mutually exclusive,
# so they are split between the appropriate services.
group = "download";
match = [{
host = [ config.hostnames.download ];
@ -80,7 +70,6 @@ in {
}];
handle = [{
handler = "reverse_proxy";
# We're able to reference the url and port of the service dynamically
upstreams = [{ dial = arrConfig.sonarr.url; }];
}];
}
@ -103,7 +92,6 @@ in {
}];
handle = [{
handler = "reverse_proxy";
# Prowlarr doesn't offer a dynamic config, so we have to hardcode it
upstreams = [{ dial = "localhost:9696"; }];
}];
}
@ -116,7 +104,6 @@ in {
handle = [{
handler = "reverse_proxy";
upstreams = [{
# Bazarr only dynamically sets the port, not the host
dial = "localhost:${
builtins.toString config.services.bazarr.listenPort
}";
@ -158,12 +145,10 @@ in {
Type = "simple";
DynamicUser = true;
ExecStart = let
# Sabnzbd doesn't accept the URI path, unlike the others
url = if name != "sabnzbd" then
"http://${attrs.url}/${name}"
else
"http://${attrs.url}";
# Exportarr is trained to pull from the arr services
in ''
${pkgs.exportarr}/bin/exportarr ${name} \
--url ${url} \
@ -212,7 +197,7 @@ in {
prefix = "API_KEY=";
};
# Prometheus scrape targets (expose Exportarr to Prometheus)
# Prometheus scrape targets
prometheus.scrapeTargets = map (key:
"127.0.0.1:${
lib.attrsets.getAttrFromPath [ key "exportarrPort" ] arrConfig

3
modules/nixos/services/backups.nix
View File

@ -1,6 +1,3 @@
# This is my setup for backing up SQlite databases and other systems to S3 or
# S3-equivalent services (like Backblaze B2).
{ config, lib, ... }: {
options = {

16
modules/nixos/services/bind.nix
View File

@ -1,10 +1,3 @@
# Bind is a DNS service. This allows me to resolve public domains locally so
# when I'm at home, I don't have to travel over the Internet to reach my
# server.
# To set this on all home machines, I point my router's DNS resolver to the
# local IP address of the machine running this service (swan).
{ config, pkgs, lib, ... }:
let
@ -23,19 +16,11 @@ in {
config = lib.mkIf config.services.bind.enable {
# Normally I block all requests not coming from Cloudflare, so I have to also
# allow my local network.
caddy.cidrAllowlist = [ "192.168.0.0/16" ];
services.bind = {
# Allow requests coming from these IPs. This way I don't somehow get
# spammed with DNS requests coming from the Internet.
cacheNetworks = [ "127.0.0.0/24" "192.168.0.0/16" ];
# When making normal DNS requests, forward them to Cloudflare to resolve.
forwarders = [ "1.1.1.1" "1.0.0.1" ];
ipv4Only = true;
# Use rpz zone as an override
@ -62,7 +47,6 @@ in {
};
# We must allow DNS traffic to hit our machine as well
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];

28
modules/nixos/services/caddy.nix
View File

@ -1,14 +1,3 @@
# Caddy is a reverse proxy, like Nginx or Traefik. This creates an ingress
# point from my local network or the public (via Cloudflare). Instead of a
# Caddyfile, I'm using the more expressive JSON config file format. This means
# I can source routes from other areas in my config and build the JSON file
# using the result of the expression.
# Caddy helpfully provides automatic ACME cert generation and management, but
# it requires a form of validation. We are using a custom build of Caddy
# (compiled with an overlay) to insert a plugin for managing DNS validation
# with Cloudflare's DNS API.
{ config, pkgs, lib, ... }: {
options = {
@ -53,17 +42,12 @@
configFile = pkgs.writeText "Caddyfile" (builtins.toJSON {
apps.http.servers.main = {
listen = [ ":443" ];
# These routes are pulled from the rest of this repo
routes = config.caddy.routes;
errors.routes = config.caddy.blocks;
logs = { }; # Uncommenting collects access logs
logs = { }; # Uncomment to collect access logs
};
apps.http.servers.metrics = { }; # Enables Prometheus metrics
apps.tls.automation.policies = config.caddy.tlsPolicies;
# Setup logging to file
logging.logs.main = {
encoder = { format = "console"; };
writer = {
@ -74,23 +58,13 @@
};
level = "INFO";
};
});
};
# Allows Caddy to serve lower ports (443, 80)
systemd.services.caddy.serviceConfig.AmbientCapabilities =
"CAP_NET_BIND_SERVICE";
# Required for web traffic to reach this machine
networking.firewall.allowedTCPPorts = [ 80 443 ];
# HTTP/3 QUIC uses UDP (not sure if being used)
networking.firewall.allowedUDPPorts = [ 443 ];
# Caddy exposes Prometheus metrics with the admin API
# https://caddyserver.com/docs/api
prometheus.scrapeTargets = [ "127.0.0.1:2019" ];
};

9
modules/nixos/services/calibre.nix
View File

@ -1,9 +1,3 @@
# Calibre-web is an E-Book library and management tool.
# - Exposed to the public via Caddy.
# - Hostname defined with config.hostnames.books
# - File directory backed up to S3 on a cron schedule.
{ config, pkgs, lib, ... }:
let
@ -32,7 +26,6 @@ in {
};
};
# Allow web traffic to Caddy
caddy.routes = [{
match = [{ host = [ config.hostnames.books ]; }];
handle = [{
@ -42,8 +35,6 @@ in {
builtins.toString config.services.calibre-web.listen.port
}";
}];
# This is required when calibre-web is behind a reverse proxy
# https://github.com/janeczku/calibre-web/issues/19
headers.request.add."X-Script-Name" = [ "/calibre-web" ];
}];
}];

16
modules/nixos/services/cloudflare-tunnel.nix
View File

@ -1,12 +1,3 @@
# Cloudflare Tunnel is a service for accessing the network even behind a
# firewall, through outbound-only requests. It works by installing an agent on
# our machines that exposes services through Cloudflare Access (Zero Trust),
# similar to something like Tailscale.
# In this case, we're using Cloudflare Tunnel to enable SSH access over a web
# browser even when outside of my network. This is probably not the safest
# choice but I feel comfortable enough with it anyway.
{ config, lib, ... }:
# First time setup:
@ -49,28 +40,23 @@
tunnels = {
"${config.cloudflareTunnel.id}" = {
credentialsFile = config.secrets.cloudflared.dest;
# Catch-all if no match (should never happen anyway)
default = "http_status:404";
# Match from ingress of any valid server name to SSH access
ingress = { "*.masu.rs" = "ssh://localhost:22"; };
};
};
};
# Grant Cloudflare access to SSH into this server
environment.etc = {
"ssh/ca.pub".text = ''
${config.cloudflareTunnel.ca}
'';
# Must match the username portion of the email address in Cloudflare
# Access
# Must match the username of the email address in Cloudflare Access
"ssh/authorized_principals".text = ''
${config.user}
'';
};
# Adjust SSH config to allow access from Cloudflare's certificate
services.openssh.extraConfig = ''
PubkeyAuthentication yes
TrustedUserCAKeys /etc/ssh/ca.pub

45
modules/nixos/services/cloudflare.nix
View File

@ -1,13 +1,5 @@
# This module is necessary for hosts that are serving through Cloudflare.
# Cloudflare is a CDN service that is used to serve the domain names and
# caching for my websites and services. Since Cloudflare acts as our proxy, we
# must allow access over the Internet from Cloudflare's IP ranges.
# We also want to validate our HTTPS certificates from Caddy. We'll use Caddy's
# DNS validation plugin to connect to Cloudflare and automatically create
# validation DNS records for our generated certificates.
{ config, pkgs, lib, ... }:
let
@ -60,53 +52,28 @@ in {
dns = {
provider = {
name = "cloudflare";
api_token = "{env.CLOUDFLARE_API_TOKEN}";
api_token = "{env.CF_API_TOKEN}";
};
resolvers = [ "1.1.1.1" ];
};
};
}];
}];
# Allow Caddy to read Cloudflare API key for DNS validation
systemd.services.caddy.serviceConfig.EnvironmentFile =
config.secrets.cloudflare-api.dest;
config.secrets.cloudflareApi.dest;
systemd.services.caddy.serviceConfig.AmbientCapabilities =
"CAP_NET_BIND_SERVICE";
# API key must have access to modify Cloudflare DNS records
secrets.cloudflare-api = {
secrets.cloudflareApi = {
source = ../../../private/cloudflare-api.age;
dest = "${config.secretsDirectory}/cloudflare-api";
owner = "caddy";
group = "caddy";
};
systemd.services.cloudflare-api-secret.postStop = ''
/run/current-system/sw/bin/systemctl restart caddy.service
/run/current-system/sw/bin/systemctl restart cloudflare-dyndns.service
'';
# Wait for secret to exist
systemd.services.caddy = {
after = [ "cloudflare-api-secret.service" ];
requires = [ "cloudflare-api-secret.service" ];
};
# Allows Nextcloud to trust Cloudflare IPs
services.nextcloud.settings.trusted_proxies = cloudflareIpRanges;
# Allows Transmission to trust Cloudflare IPs
services.transmission.settings.rpc-whitelist =
builtins.concatStringsSep "," ([ "127.0.0.1" ] ++ cloudflareIpRanges);
services.cloudflare-dyndns = {
enable = true;
proxied = true;
apiTokenFile = config.secrets.cloudflare-api.dest;
};
# Wait for secret to exist
systemd.services.cloudflare-dyndns = {
after = [ "cloudflare-api-secret.service" ];
requires = [ "cloudflare-api-secret.service" ];
};
services.nextcloud.config.trustedProxies = cloudflareIpRanges;
};
}

8
modules/nixos/services/default.nix
View File

@ -1,6 +1,3 @@
# This file imports all the other files in this directory for use as modules in
# my config.
{ ... }: {
imports = [
@ -11,22 +8,17 @@
./calibre.nix
./cloudflare-tunnel.nix
./cloudflare.nix
./identity.nix
./irc.nix
./gitea-runner.nix
./gitea.nix
./gnupg.nix
./grafana.nix
./honeypot.nix
./influxdb2.nix
./jellyfin.nix
./keybase.nix
./mullvad.nix
./n8n.nix
./netdata.nix
./nextcloud.nix
./paperless.nix
./postgresql.nix
./prometheus.nix
./samba.nix
./secrets.nix

6
modules/nixos/services/gitea-runner.nix
View File

@ -1,9 +1,3 @@
# Gitea Actions is a CI/CD service for the Gitea source code server, meaning it
# allows us to run code operations (such as testing or deploys) when our git
# repositories are updated. Any machine can act as a Gitea Action Runner, so
# the Runners don't necessarily need to be running Gitea. All we need is an API
# key for Gitea to connect to it and register ourselves as a Runner.
{ config, pkgs, lib, ... }:
{

21
modules/nixos/services/gitea.nix
View File

@ -11,21 +11,11 @@ in {
actions.ENABLED = true;
metrics.ENABLED = true;
repository = {
# Pushing to a repo that doesn't exist automatically creates one as
# private.
DEFAULT_PUSH_CREATE_PRIVATE = true;
# Allow git over HTTP.
DISABLE_HTTP_GIT = false;
# Allow requests hitting the specified hostname.
ACCESS_CONTROL_ALLOW_ORIGIN = config.hostnames.git;
# Automatically create viable users/orgs on push.
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
# Default when creating new repos.
DEFAULT_BRANCH = "main";
};
server = {
@ -35,15 +25,11 @@ in {
SSH_PORT = 22;
START_SSH_SERVER = false; # Use sshd instead
DISABLE_SSH = false;
# SSH_LISTEN_HOST = "0.0.0.0";
# SSH_LISTEN_PORT = 122;
};
# Don't allow public users to register accounts.
service.DISABLE_REGISTRATION = true;
# Force using HTTPS for all session access.
session.COOKIE_SECURE = true;
# Hide users' emails.
ui.SHOW_USER_EMAIL = false;
};
extraConfig = null;
@ -53,7 +39,6 @@ in {
users.users.${config.user}.extraGroups = [ "gitea" ];
caddy.routes = [
# Prevent public access to Prometheus metrics.
{
match = [{
host = [ config.hostnames.git ];
@ -64,7 +49,6 @@ in {
status_code = "403";
}];
}
# Allow access to primary server.
{
match = [{ host = [ config.hostnames.git ]; }];
handle = [{
@ -79,7 +63,6 @@ in {
}
];
# Scrape the metrics endpoint for Prometheus.
prometheus.scrapeTargets = [
"127.0.0.1:${
builtins.toString config.services.gitea.settings.server.HTTP_PORT

2
modules/nixos/services/gnupg.nix
View File

@ -1,5 +1,3 @@
# GPG is an encryption tool. This isn't really in use for me at the moment.
{ config, pkgs, lib, ... }: {
options.gpg.enable = lib.mkEnableOption "GnuPG encryption.";

2
modules/nixos/services/grafana.nix
View File

@ -7,7 +7,6 @@ in {
config = lib.mkIf config.services.grafana.enable {
# Allow Grafana to connect to email service
secrets.mailpass-grafana = {
source = ../../../private/mailpass-grafana.age;
dest = "${config.secretsDirectory}/mailpass-grafana";
@ -50,7 +49,6 @@ in {
dashboards.settings.providers = [{
name = "test";
type = "file";
allowUiUpdates = true;
options.path = "${
(pkgs.writeTextDir "dashboards/dashboard.json" (builtins.toJSON {
annotations = {

5
modules/nixos/services/honeypot.nix
View File

@ -1,10 +1,7 @@
# This is a tool for blocking IPs of anyone who attempts to scan all of my
# ports.
{ config, lib, pkgs, ... }:
# Currently has some issues that don't make this viable.
{ config, lib, pkgs, ... }:
# Taken from:
# https://dataswamp.org/~solene/2022-09-29-iblock-implemented-in-nixos.html

19
modules/nixos/services/identity.nix
View File

@ -1,19 +0,0 @@
{ config, ... }: {
# Wait for secret to be placed on the machine
systemd.services.wait-for-identity = {
description = "Wait until identity file exists on the machine";
wantedBy = [ "multi-user.target" ];
serviceConfig = { Type = "oneshot"; };
script = ''
for i in $(seq 1 10); do
if [ -f ${config.identityFile} ]; then
echo "Identity file found."
exit 0
fi
sleep 6
done
'';
};
}

61
modules/nixos/services/influxdb2.nix
View File

@ -1,61 +0,0 @@
# InfluxDB is a timeseries database similar to Prometheus. While
# VictoriaMetrics can also act as an InfluxDB, this version of it allows for
# infinite retention separate from our other metrics, which can be nice for
# recording health information, for example.
{ config, lib, ... }: {
config = {
services.influxdb2 = {
provision = {
enable = true;
initialSetup = {
bucket = "default";
organization = "main";
passwordFile = config.secrets.influxdb2Password.dest;
retention = 0; # Keep data forever
tokenFile = config.secrets.influxdb2Token.dest;
username = "admin";
};
};
settings = { };
};
# Create credentials file for InfluxDB admin
secrets.influxdb2Password = lib.mkIf config.services.influxdb2.enable {
source = ../../../private/influxdb2-password.age;
dest = "${config.secretsDirectory}/influxdb2-password";
owner = "influxdb2";
group = "influxdb2";
permissions = "0440";
};
systemd.services.influxdb2Password-secret =
lib.mkIf config.services.influxdb2.enable {
requiredBy = [ "influxdb2.service" ];
before = [ "influxdb2.service" ];
};
secrets.influxdb2Token = lib.mkIf config.services.influxdb2.enable {
source = ../../../private/influxdb2-token.age;
dest = "${config.secretsDirectory}/influxdb2-token";
owner = "influxdb2";
group = "influxdb2";
permissions = "0440";
};
systemd.services.influxdb2Token-secret =
lib.mkIf config.services.influxdb2.enable {
requiredBy = [ "influxdb2.service" ];
before = [ "influxdb2.service" ];
};
caddy.routes = lib.mkIf config.services.influxdb2.enable [{
match = [{ host = [ config.hostnames.influxdb ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8086"; }];
}];
}];
};
}

32
modules/nixos/services/irc.nix
View File

@ -1,32 +0,0 @@
{ config, ... }: {
config = {
services.thelounge = {
public = false;
port = 9000;
extraConfig = {
reverseProxy = true;
maxHistory = 10000;
};
};
# Adding new users:
# nix shell nixpkgs#thelounge
# sudo su - thelounge -s /bin/sh -c "thelounge add myuser"
# Allow web traffic to Caddy
caddy.routes = [{
match = [{ host = [ config.hostnames.irc ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{
dial =
"localhost:${builtins.toString config.services.thelounge.port}";
}];
}];
}];
};
}

8
modules/nixos/services/jellyfin.nix
View File

@ -1,6 +1,3 @@
# Jellyfin is a self-hosted video streaming service. This means I can play my
# server's videos from a webpage, mobile app, or TV client.
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.services.jellyfin.enable {
@ -9,7 +6,6 @@
users.users.jellyfin = { isSystemUser = true; };
caddy.routes = [
# Prevent public access to Prometheus metrics.
{
match = [{
host = [ config.hostnames.stream ];
@ -20,7 +16,6 @@
status_code = "403";
}];
}
# Allow access to normal route.
{
match = [{ host = [ config.hostnames.stream ]; }];
handle = [{
@ -52,9 +47,6 @@
users.users.jellyfin.extraGroups =
[ "render" "video" ]; # Access to /dev/dri
# Fix issue where Jellyfin-created directories don't allow access for media group
systemd.services.jellyfin.serviceConfig.UMask = lib.mkForce "0007";
# Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
prometheus.scrapeTargets = [ "127.0.0.1:8096" ];

18
modules/nixos/services/keybase.nix
View File

@ -1,23 +1,23 @@
# Keybase is an encrypted communications tool with a synchronized encrypted
# filestore that can be mounted onto a machine's filesystem.
{ config, pkgs, lib, ... }: {
options.keybase.enable = lib.mkEnableOption "Keybase.";
config = lib.mkIf config.keybase.enable {
home-manager.users.${config.user} = lib.mkIf config.keybase.enable {
services.keybase.enable = true;
services.kbfs = {
enable = true;
mountPoint = "keybase";
# enableRedirector = true;
mountPoint = "/run/user/1000/keybase/kbfs";
};
security.wrappers.keybase-redirector = {
setuid = true;
owner = "root";
group = "root";
source = "${pkgs.kbfs}/bin/redirector";
};
# https://github.com/nix-community/home-manager/issues/4722
systemd.user.services.kbfs.Service.PrivateTmp = lib.mkForce false;
home-manager.users.${config.user} = {
home.packages = [ (lib.mkIf config.gui.enable pkgs.keybase-gui) ];
home.file = let
ignorePatterns = ''

Some files were not shown because too many files have changed in this diff Show More