183 Commits

Author SHA1 Message Date
ea20d93079 fix: qcow-efi requires specific filesystem label 2025-07-04 22:59:40 -06:00
b323723115 turn on services for flame 2025-07-05 01:02:46 +00:00
89b260d12c fix hash output again for caddy 2025-07-03 23:02:36 -06:00
a0f4380c9f adjust workflow for nixos-anywhere 2025-07-03 23:02:28 -06:00
0a9774f9fa reenable features for flame 2025-07-03 22:34:50 -06:00
c569257f03 don't reboot for nixos-anywhere 2025-07-03 20:42:25 -06:00
d709030211 switch back to /dev/sda for volume path 2025-07-03 20:29:27 -06:00
ecf6bdda45 fix: must specify network type if launch options 2025-07-03 18:38:13 -06:00
5e2fca427d try using consistent volume naming for formatting disk 2025-07-03 18:34:09 -06:00
c5ad3c66ea try fixing serial tty on flame 2025-07-03 18:13:55 -06:00
6b5a01262e fix: nix-darwin deprecations of useractivationscripts 2025-07-02 18:48:23 -06:00
d16ed6a4fc try setting more options from the official oci-common example 2025-07-02 17:56:59 -06:00
6d5b460cb2 update flake lock 2025-07-02 14:57:56 -06:00
a5b628dd30 fix: homeConfigurations need to be flattened 2025-07-02 14:48:21 -06:00
5ed6870bdd allow darwin to build linux packages 2025-07-02 14:20:14 -06:00
26c1c09402 convenience tweaks 2025-07-02 14:19:57 -06:00
dd00ad6c2e try removing all other features from flame 2025-07-02 11:57:46 -06:00
192e08a9d9 try systemd-boot instead of grub for flame 2025-07-02 10:47:19 -06:00
227e6a68af try different disko config without lvm 2025-07-01 22:46:27 -06:00
444ede2074 try using disko to format for nixos-anywhere 2025-07-01 18:19:14 -06:00
c31fe46b61 try disabling some extra flame settings 2025-07-01 16:59:11 -06:00
28d9806720 fix: duplicate filesystems declaration for flame 2025-07-01 16:36:05 -06:00
5dea78926b run as aarch64 for nixos-anywhere deploy 2025-07-01 16:31:15 -06:00
e8571fe6b7 try to build on remote for cross-architecture 2025-07-01 16:09:41 -06:00
a9b3249e20 use actions deploy key for ssh instead of personal key
this will allow us to connect to the machine for nixos-anywhere
2025-07-01 16:02:03 -06:00
73002607ab fix: clean up llm drivel 2025-07-01 00:46:10 -04:00
267134044f temp: always install nix for nixos-anywhere 2025-07-01 00:42:35 -04:00
0621c66981 try giving up and going back to ubuntu vm 2025-07-01 00:40:56 -04:00
18b489592e attempts to add qcow-efi to get oracle to work
and also adding things from the oci build
2025-06-30 16:31:52 -04:00
928be5132a fix: missing data source for domains 2025-06-29 22:05:19 -04:00
11b7587783 fix: typos and llm inaccuracies 2025-06-29 22:02:51 -04:00
2704642b3d fix: os details for source image of oracle 2025-06-29 22:00:30 -04:00
95d86dcdff add terraform tfstate info 2025-06-29 21:57:58 -04:00
e8bc263081 fixes for name of qcow2 image 2025-06-29 21:52:07 -04:00
03d2326724 enable cross-compiling for aarch64 from gui machines 2025-06-29 08:24:27 -04:00
5bc980eea9 temp: disable ren-find to fix build error 2025-06-28 18:41:39 -04:00
a2866927f3 update hash for caddy cloudflare dns plugin 2025-06-28 16:15:04 -04:00
c2100cbc39 fix: typo 2025-06-28 16:02:21 -04:00
1d4b79e8f1 make sure litestream groups are appropriate 2025-06-28 16:00:06 -04:00
3974c6ce5d fix: issue with litestream group 2025-06-28 15:56:14 -04:00
67f6eb3a1c comment out uuids for flame filesystems 2025-06-28 15:45:57 -04:00
e0cd3c9d79 try to cross-compile to aarch64 on gh action x86 2025-06-28 15:42:10 -04:00
e7e94a1dc3 attempt to build and deploy to oracle 2025-06-28 15:31:17 -04:00
20fc80c259 fix: nix flake check and packages formatting 2025-06-21 23:38:37 -04:00
ae09296f36 fix aerc not using editor for composing 2025-06-17 21:28:10 -04:00
44f769f5ed add more gh shortcuts to zellij 2025-06-07 16:38:58 -04:00
6e29c95506 add mpv back to darwin 2025-06-07 16:38:23 -04:00
ac0a8d6c38 fix: remember to mount immich zfs dataset 2025-06-04 01:45:14 +00:00
6f32a0dfa3 fix: paperless upload 403s 2025-06-02 02:56:50 +00:00
9feaca58f3 add audiobooks to local dns 2025-06-02 02:56:40 +00:00
3084c90c13 add helix to power-user 2025-06-02 02:56:31 +00:00
f20d477f67 get around official filebrowser module 2025-06-02 02:56:19 +00:00
c8441fc265 enable daemon mode and sync v2 for atuin 2025-05-14 15:05:05 -04:00
23f46e51e6 zellij to trigger nix rebuild of hm and nixos or darwin 2025-05-14 15:04:49 -04:00
f2e09c9adc zellij function to do a gh run watch 2025-05-13 15:46:13 -04:00
f0add607e6 replace substituteAll function with replaceVars
substituteAll has been deprecated
2025-05-13 15:46:13 -04:00
b38205af93 setup karakeep basics 2025-05-12 03:07:38 +00:00
12c9342748 fix: rofi power menu glyphs cut off
the main issue is that i wasn't using the "mono" version of the nerd
font for hack. the font characters are not reported with the correct
fixed width which causes issues in rendering.
2025-05-10 10:53:54 -04:00
5d539abe21 shortcut for mpv shuffle mode 2025-05-10 10:39:51 -04:00
cea08761bb use alt-l and alt-h in zellij locked mode 2025-05-10 10:39:35 -04:00
eea972492e fix: betterlockscreen won't unlock system 2025-05-10 09:31:29 -04:00
9014ca226e fix: class focus for aerc in xorg 2025-05-10 08:21:36 -04:00
515859d22d add zed to darwin launcher 2025-05-08 16:22:36 -04:00
aa6c91b65c add lazygit as a preset with custom keybinds 2025-05-07 13:47:17 -04:00
d59692c813 fix pipewire and zellij on linux 2025-05-07 08:47:45 -04:00
88266c9f8d use regular firefox package on darwin 2025-05-07 08:17:34 -04:00
a1dfc77790 use enter key to save in helix 2025-05-07 08:17:11 -04:00
b3a7b280b5 package mathesar and run as service 2025-05-05 20:36:27 +00:00
e803e6a02a fix for cloudflare-dyndns using noproxy fix as well 2025-05-05 20:34:24 +00:00
61c4e68fef replace wezterm with ghostty on linux 2025-05-03 20:34:46 -04:00
faac8f3c8b forgot to include nautilus 2025-05-03 20:34:11 -04:00
9b30f91b1d adjust helix to include more comment tokens 2025-05-03 20:33:48 -04:00
5966368620 add ssh subdomain for git server 2025-05-03 22:09:36 +00:00
820f5afe0b fix: cloudflare dyndns noproxy api key issues 2025-05-03 19:37:16 +00:00
bfbacbe93e update lockfile and add pgweb, fixes to cloudflare caddy 2025-05-03 19:25:32 +00:00
54a073b946 switch to self-hosted git for bpc 2025-05-03 14:22:06 +00:00
8eede16bcd fix: staff requires bootloader 2025-04-26 13:02:46 -04:00
11e0992d99 semi-failed packaging of actual budget prometheus exporter 2025-04-23 19:20:45 +00:00
562295edb1 fix: wsl nativesystemd no longer used 2025-04-20 16:57:51 -04:00
a719dc4309 fix: arrow must have filesystems 2025-04-16 14:31:36 -04:00
0aecbd85cd switch actualbudget to native service 2025-04-14 21:46:20 +00:00
28ac5523f8 rename vm-agent to vmagent 2025-04-14 19:10:34 +00:00
645454cb9a fix: actual budget prometheus exporter 2025-04-14 19:10:22 +00:00
b30893d968 fix: secret format for cloudflare dyndns service 2025-04-12 17:08:09 +00:00
0ec67df9a3 try adding actual budget prometheus exporter 2025-04-11 21:46:11 -04:00
7182ca7cd4 make vmagent and sshd default for linux hosts 2025-04-11 21:45:46 -04:00
fbaa6f8894 enable ice menu bar cleanup for darwin 2025-04-11 21:45:20 -04:00
3873ab7296 move syncnotes to nix 2025-04-07 16:35:52 -04:00
7b32216684 aws ssm ssh in profile 2025-04-07 16:35:31 -04:00
2f042713cc helix use esc to collapse selection 2025-04-07 16:35:14 -04:00
011fb57347 fix: helix ignore for specific files 2025-04-07 16:35:00 -04:00
ce308a6347 fix helix manpager 2025-04-07 16:34:31 -04:00
31e93606f4 tabs working in zellij with ghostty 2025-04-07 16:33:50 -04:00
b7317a721b try inheriting configs 2025-04-03 10:34:22 -04:00
3684ce4b39 exclude keybase from zoxide 2025-04-03 10:34:11 -04:00
b8337f1295 fix: don't break zellij when selecting the current dir 2025-04-01 09:51:20 -04:00
b78bc5b3bb add today note vsplit 2025-03-31 15:08:18 -04:00
5869e4a6b4 use flakes to update helix and yazi to fix integration issues 2025-03-31 11:19:52 -04:00
2c55912abf improve notes experience in helix 2025-03-30 21:24:15 -04:00
0be5c026a7 adjust lazygit which is still not perfect 2025-03-30 18:17:37 -04:00
d427ccc577 add lazygit to helix and tweak zellij with locked mode 2025-03-30 18:09:07 -04:00
3852551ebe fix: not locking zellij when switching sessions 2025-03-30 12:55:39 -04:00
9727fd6a56 add lazygit to cli 2025-03-30 12:55:12 -04:00
e233a2e354 update flake to fix zellij issue 2025-03-30 12:35:15 -04:00
5b32f1f211 fix flake issues with organizing by system 2025-03-30 11:00:21 -04:00
eace1ff3cf update actual budget 2025-03-28 02:07:30 +00:00
5397e4e23f Merge branch 'platform'
This is a large refactor to the dotfiles setup.
2025-03-27 13:33:58 -04:00
6933083cda adjust some zellij and helix keybinds 2025-03-27 13:01:53 -04:00
39d9cb7e5a more lsps and fix syntax var colors 2025-03-24 09:53:30 -04:00
b270e1643c update readme and tweak helix config 2025-03-23 18:41:37 -04:00
cdbd94e64e upgrade to nextcloud 31 (without apps) 2025-03-23 20:53:35 +00:00
9e3b003241 fix: enable calibre-web in preset 2025-03-23 20:47:05 +00:00
802544575f fixes for read key 2025-03-23 19:11:27 +00:00
a85180beee fix: enable prometheus stuff 2025-03-23 17:30:59 +00:00
b901b9abd9 zellij tweaks and session switching 2025-03-23 10:10:56 -04:00
870ab6894d fixes for swan 2025-03-23 13:30:57 +00:00
12604f3109 fix flame settings 2025-03-23 00:32:06 +00:00
59e67fb406 build succeed on swan 2025-03-22 23:45:06 +00:00
6a7706ca85 some conveniences for helix 2025-03-21 13:51:28 -04:00
12d0bccb42 integrate helix with fzf shortcuts 2025-03-19 14:16:01 -04:00
cf7966d73d tweaks for ghostty and zellij 2025-03-19 13:51:42 -04:00
fa1482dcfc some basic zellij and helix configs 2025-03-18 21:47:40 -04:00
8e7ccbda59 use ctrl-f to accept autosuggestions 2025-03-17 23:30:59 -04:00
59c5ca4816 zellij and helix config 2025-03-17 23:30:38 -04:00
442249c242 replace wezterm with ghostty on dock 2025-03-17 21:44:13 -04:00
5eb2b003d4 fix helix color for primary selection 2025-03-17 21:40:04 -04:00
ef6070fe6d update hammerspoon notification dismissal for macos 15 2025-03-17 12:04:21 -04:00
38906a802d reorg flake lines and remove unnecessary stanzas 2025-03-17 11:38:50 -04:00
852ecf0b91 tweaks for ghostty, helix, zed 2025-03-17 11:00:19 -04:00
a611b0ab69 move tree-sitter packages out of flake 2025-03-16 21:19:16 -04:00
6802c4de2f fix: notmuch missing from desktop 2025-03-16 20:55:03 -04:00
4dc9590ff8 replace wezterm with ghostty while i figure out issues 2025-03-16 16:22:41 -04:00
e0588878b1 darwin build 2025-03-16 15:12:07 -04:00
98356634cd switch on darwin 2025-03-16 14:00:38 -04:00
1833b4b46c add home-manager to base nixos config 2025-03-14 20:03:24 +00:00
3087b1a39c fix home-manager module in nixos rebuild 2025-03-14 15:47:08 +00:00
a3ad019f4b add generators and clean up directories 2025-03-14 00:13:56 +00:00
bdf163a50a consolidate build functions 2025-03-12 01:51:12 +00:00
bf273925ad still working on consolidating 2025-03-11 02:31:22 +00:00
1eae89b8ab coalescing code for imports 2025-03-10 03:37:48 +00:00
90fd9f54a7 add nix settings for darwin 2025-03-10 02:43:31 +00:00
2b1106ec94 move nix settings from home-manager to nixos 2025-03-10 02:40:01 +00:00
fbb00d9504 fix hosts for x86_64-linux 2025-03-09 22:29:41 +00:00
75d4dbe868 move apps into pkgs and rename hosts 2025-03-09 18:04:01 +00:00
37d1d7724a move encrypted secrets near relevant files 2025-03-09 17:09:33 +00:00
f59ac536a2 fix neovim colors 2025-03-09 16:31:29 +00:00
e90c6b1724 moving around reencrypt secrets 2025-03-09 05:02:20 +00:00
2722a8bf61 fix fish user keybindings 2025-03-09 04:51:47 +00:00
3e8b14d671 tweaks for flame 2025-03-09 04:46:34 +00:00
a3dcca556f add vmvariant as preset 2025-03-08 19:29:13 -05:00
97fdb76328 fixes to zoxide 2025-03-08 19:13:42 -05:00
cd0b7debd4 running vm that mostly works 2025-03-08 18:08:17 -05:00
1b05fa3745 build vm for staff 2025-03-08 12:58:37 -05:00
350c94af3c repo cleanup 2025-03-08 10:26:26 -05:00
9d7c6b3215 remember to enable services 2025-03-08 08:57:01 -05:00
50a1be634c add more presets to power-user 2025-03-08 08:53:56 -05:00
bcf1737858 disable fun stuff in base config 2025-03-08 13:38:40 +00:00
c36ca39a0d get more working on flame 2025-03-08 13:30:47 +00:00
98c561f462 tweaks 2025-03-07 20:55:49 -05:00
1276bcf19e fixes for flame server 2025-03-08 01:31:42 +00:00
dd95c94b6e successful build 2025-03-07 19:59:44 -05:00
8f5b3e86e3 more updates 2025-03-07 18:19:35 -05:00
fc8f460559 small tweaks 2025-03-04 10:21:57 -05:00
05e3996eb3 more changes 2025-03-04 07:50:47 -05:00
eed097f270 fix references 2025-02-25 10:49:57 -05:00
50863e7232 more progress 2025-02-25 04:10:25 +00:00
a4bebe653c more fixes 2025-02-24 22:47:32 -05:00
e7366f9510 fix infinite recursion by namespacing new pkgs 2025-02-24 21:14:38 -05:00
3206b48f28 more fixes to pkgs 2025-02-22 17:39:12 -05:00
7007567207 fix warnings for flame 2025-02-18 17:44:39 -05:00
1d4ad5b0af fix more warnings 2025-02-18 03:57:25 +00:00
2b988b1e9c more small fixes 2025-02-17 14:18:30 -05:00
78076b0de7 more fix references 2025-02-17 14:08:32 -05:00
ebd7b88909 fix references 2025-02-17 14:05:23 -05:00
7de88ba2b6 fixing hosts 2025-02-16 16:33:32 -05:00
1062369a78 more moving around 2025-02-16 16:17:39 -05:00
dc6b6f8328 more moving things around 2025-02-16 15:40:15 -05:00
956fa3184b flake.lock: Update
Flake lock file updates:

• Updated input 'base16-nvim-src':
    'github:RRethy/base16-nvim/6ac181b5733518040a33017dde654059cd771b7c' (2024-05-23)
  → 'github:RRethy/base16-nvim/2fdd4e53286dbb8978699b5e1cd09835362a70f3' (2025-02-10)
• Updated input 'darwin':
    'github:lnl7/nix-darwin/ae406c04577ff9a64087018c79b4fdc02468c87c' (2025-02-05)
  → 'github:lnl7/nix-darwin/678b22642abde2ee77ae2218ab41d802f010e5b0' (2025-02-14)
• Updated input 'disko':
    'github:nix-community/disko/ff3568858c54bd306e9e1f2886f0f781df307dff' (2025-02-05)
  → 'github:nix-community/disko/4edb87a2ac9010da6fea50fc56d67e123fca85f4' (2025-02-15)
• Updated input 'firefox-darwin':
    'github:bandithedoge/nixpkgs-firefox-darwin/debb9b889951b74cee5cbdb45074dd9d289f25d6' (2025-02-08)
  → 'github:bandithedoge/nixpkgs-firefox-darwin/99a56b8763d3f5485c89e1e05ea8133f75821fbd' (2025-02-15)
• Updated input 'home-manager':
    'github:nix-community/home-manager/433799271274c9f2ab520a49527ebfe2992dcfbd' (2025-02-06)
  → 'github:nix-community/home-manager/6d3163aea47fdb1fe19744e91306a2ea4f602292' (2025-02-14)
• Updated input 'jujutsu':
    'github:martinvonz/jj/cc5b34809cefd9d9e8c64bb26f7494be22d43973' (2025-02-07)
  → 'github:martinvonz/jj/3bc111e60efdea774b6d979c0809256218b2549b' (2025-02-15)
• Updated input 'nextcloud-snappymail':
    'https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz?narHash=sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E%3D' (2025-02-08)
  → 'https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz?narHash=sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E%3D' (2025-02-15)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/550e11f27ba790351d390d9eca3b80ad0f0254e7' (2025-02-06)
  → 'github:nixos/nixpkgs/2ff53fe64443980e139eaa286017f53f88336dd0' (2025-02-13)
• Updated input 'nur':
    'github:nix-community/nur/3680f5c26f924c7903e684b93c96b743316a31da' (2025-02-08)
  → 'github:nix-community/nur/e353ac4b999db166ad92074ca66f2394d65aeb1d' (2025-02-15)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/550e11f27ba790351d390d9eca3b80ad0f0254e7' (2025-02-06)
  → 'github:nixos/nixpkgs/2ff53fe64443980e139eaa286017f53f88336dd0' (2025-02-13)
• Updated input 'nvim-tree-lua-src':
    'github:kyazdani42/nvim-tree.lua/70825f23db61ecd900c4cfea169bffe931926a9d' (2025-02-03)
  → 'github:kyazdani42/nvim-tree.lua/80523101f0ae48b7f1990e907b685a3d79776c01' (2025-02-09)
• Updated input 'wsl':
    'github:nix-community/NixOS-WSL/63c3b4ed1712a3a0621002cd59bfdc80875ecbb0' (2025-01-05)
  → 'github:nix-community/NixOS-WSL/0b2b8b31f69f24e9a75b4b18a32c771a48612d5e' (2025-02-14)
2025-02-15 03:48:05 +00:00
b73867ea27 flake.lock: Update
Flake lock file updates:

• Updated input 'darwin':
    'github:lnl7/nix-darwin/49b807fa7c37568d7fbe2aeaafb9255c185412f9' (2025-01-30)
  → 'github:lnl7/nix-darwin/ae406c04577ff9a64087018c79b4fdc02468c87c' (2025-02-05)
• Updated input 'disko':
    'github:nix-community/disko/18d0a984cc2bc82cf61df19523a34ad463aa7f54' (2025-01-29)
  → 'github:nix-community/disko/ff3568858c54bd306e9e1f2886f0f781df307dff' (2025-02-05)
• Updated input 'firefox-darwin':
    'github:bandithedoge/nixpkgs-firefox-darwin/052c3b491b52de033f5bfc93612ecbb58034941f' (2025-02-01)
  → 'github:bandithedoge/nixpkgs-firefox-darwin/debb9b889951b74cee5cbdb45074dd9d289f25d6' (2025-02-08)
• Updated input 'home-manager':
    'github:nix-community/home-manager/801ddd8693481866c2cfb1efd44ddbae778ea572' (2025-02-01)
  → 'github:nix-community/home-manager/433799271274c9f2ab520a49527ebfe2992dcfbd' (2025-02-06)
• Updated input 'jujutsu':
    'github:martinvonz/jj/b35d503bf7c0170d10332f83a7020124f5e5958c' (2025-02-01)
  → 'github:martinvonz/jj/cc5b34809cefd9d9e8c64bb26f7494be22d43973' (2025-02-07)
• Updated input 'nextcloud-snappymail':
    'https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz?narHash=sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E%3D' (2025-02-01)
  → 'https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz?narHash=sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E%3D' (2025-02-08)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/9d3ae807ebd2981d593cddd0080856873139aa40' (2025-01-29)
  → 'github:nixos/nixpkgs/550e11f27ba790351d390d9eca3b80ad0f0254e7' (2025-02-06)
• Updated input 'nur':
    'github:nix-community/nur/95ddad0ff0e67c90314c6ca46324dce5f9a910d2' (2025-01-31)
  → 'github:nix-community/nur/3680f5c26f924c7903e684b93c96b743316a31da' (2025-02-08)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/9d3ae807ebd2981d593cddd0080856873139aa40' (2025-01-29)
  → 'github:nixos/nixpkgs/550e11f27ba790351d390d9eca3b80ad0f0254e7' (2025-02-06)
• Updated input 'nvim-lint-src':
    'github:mfussenegger/nvim-lint/789b7ada1b4f00e08d026dffde410dcfa6a0ba87' (2025-01-21)
  → 'github:mfussenegger/nvim-lint/6e9dd545a1af204c4022a8fcd99727ea41ffdcc8' (2025-02-06)
• Updated input 'nvim-tree-lua-src':
    'github:kyazdani42/nvim-tree.lua/d05881f65f0a653db8d830ccc4d2e07d6a720628' (2025-01-27)
  → 'github:kyazdani42/nvim-tree.lua/70825f23db61ecd900c4cfea169bffe931926a9d' (2025-02-03)
• Updated input 'tiny-inline-diagnostic-nvim-src':
    'github:rachartier/tiny-inline-diagnostic.nvim/aa6a7045b3984be2b6581741dbe9200f1701f7f7' (2025-01-30)
  → 'github:rachartier/tiny-inline-diagnostic.nvim/576351d53c1f6bda70252c3aaa710b01472024aa' (2025-02-05)
2025-02-08 03:45:25 +00:00
37427204de flake.lock: Update
Flake lock file updates:

• Updated input 'darwin':
    'github:lnl7/nix-darwin/65cc1fa8e36ceff067daf6cfb142331f02f524d3' (2025-01-22)
  → 'github:lnl7/nix-darwin/49b807fa7c37568d7fbe2aeaafb9255c185412f9' (2025-01-30)
• Updated input 'disko':
    'github:nix-community/disko/bf0abfde48f469c256f2b0f481c6281ff04a5db2' (2025-01-16)
  → 'github:nix-community/disko/18d0a984cc2bc82cf61df19523a34ad463aa7f54' (2025-01-29)
• Updated input 'firefox-darwin':
    'github:bandithedoge/nixpkgs-firefox-darwin/ef9a452ffc26aed9265e2a5ff04952e960f8f21b' (2025-01-25)
  → 'github:bandithedoge/nixpkgs-firefox-darwin/052c3b491b52de033f5bfc93612ecbb58034941f' (2025-02-01)
• Updated input 'home-manager':
    'github:nix-community/home-manager/daf04c5950b676f47a794300657f1d3d14c1a120' (2025-01-24)
  → 'github:nix-community/home-manager/801ddd8693481866c2cfb1efd44ddbae778ea572' (2025-02-01)
• Updated input 'jujutsu':
    'github:martinvonz/jj/e58713c1355d0536e197a3f99ce5a5c713fe69c3' (2025-01-25)
  → 'github:martinvonz/jj/b35d503bf7c0170d10332f83a7020124f5e5958c' (2025-02-01)
• Updated input 'nextcloud-snappymail':
    'https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz?narHash=sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E%3D' (2025-01-25)
  → 'https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz?narHash=sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E%3D' (2025-02-01)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/0aa475546ed21629c4f5bbf90e38c846a99ec9e9' (2025-01-23)
  → 'github:nixos/nixpkgs/9d3ae807ebd2981d593cddd0080856873139aa40' (2025-01-29)
• Updated input 'nur':
    'github:nix-community/nur/e3bdfbe8b01b6469fd2351ab0cf867d9cfa73da8' (2025-01-25)
  → 'github:nix-community/nur/95ddad0ff0e67c90314c6ca46324dce5f9a910d2' (2025-01-31)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/0aa475546ed21629c4f5bbf90e38c846a99ec9e9' (2025-01-23)
  → 'github:nixos/nixpkgs/9d3ae807ebd2981d593cddd0080856873139aa40' (2025-01-29)
• Updated input 'nvim-tree-lua-src':
    'github:kyazdani42/nvim-tree.lua/fee1da88972f5972a8296813f6c00d7598325ebd' (2025-01-25)
  → 'github:kyazdani42/nvim-tree.lua/d05881f65f0a653db8d830ccc4d2e07d6a720628' (2025-01-27)
• Updated input 'rep':
    'github:robenkleene/rep-grep/10510d47e392cb9d30a861c69f702fd194b3fa88' (2024-02-06)
  → 'github:robenkleene/rep-grep/2a24f95170aa14b5182b2287125664a62f8688ef' (2025-02-01)
• Updated input 'tiny-inline-diagnostic-nvim-src':
    'github:rachartier/tiny-inline-diagnostic.nvim/5c00aec99f558b8f0a2c4445038f74e5f5435c00' (2025-01-23)
  → 'github:rachartier/tiny-inline-diagnostic.nvim/aa6a7045b3984be2b6581741dbe9200f1701f7f7' (2025-01-30)
• Updated input 'tree-sitter-bash':
    'github:tree-sitter/tree-sitter-bash/03f4927065b3c0d71a962be87130aa7e79b35448' (2025-01-24)
  → 'github:tree-sitter/tree-sitter-bash/0c46d792d54c536be5ff7eb18eb95c70fccdb232' (2025-01-31)
• Updated input 'tree-sitter-lua':
    'github:MunifTanjim/tree-sitter-lua/34e60e7f45fc313463c68090d88d742a55d1bd7a' (2024-10-21)
  → 'github:MunifTanjim/tree-sitter-lua/68d29aa745b68ae22cbbdb5dcb68c20232521ff6' (2025-01-31)
• Updated input 'tree-sitter-python':
    'github:tree-sitter/tree-sitter-python/ab2ba8be034368fa009f62f371c068b8728f9db7' (2025-01-23)
  → 'github:tree-sitter/tree-sitter-python/710796b8b877a970297106e5bbc8e2afa47f86ec' (2025-01-30)
2025-02-01 03:47:04 +00:00
6ee5ade2bc add trash from homebrew to path 2025-01-27 10:26:18 -05:00
043cd8ce5c add ldapl script 2025-01-27 10:26:01 -05:00
07a0d5185b flake.lock: Update
Flake lock file updates:

• Updated input 'darwin':
    'github:lnl7/nix-darwin/87131f51f8256952d1a306b5521cedc2dc61aa08' (2025-01-18)
  → 'github:lnl7/nix-darwin/65cc1fa8e36ceff067daf6cfb142331f02f524d3' (2025-01-22)
• Updated input 'firefox-darwin':
    'github:bandithedoge/nixpkgs-firefox-darwin/3224752c71a5245e90cfae360e0dc5de98e2b53c' (2025-01-18)
  → 'github:bandithedoge/nixpkgs-firefox-darwin/ef9a452ffc26aed9265e2a5ff04952e960f8f21b' (2025-01-25)
• Updated input 'home-manager':
    'github:nix-community/home-manager/a0046af169ce7b1da503974e1b22c48ef4d71887' (2025-01-17)
  → 'github:nix-community/home-manager/daf04c5950b676f47a794300657f1d3d14c1a120' (2025-01-24)
• Updated input 'jujutsu':
    'github:martinvonz/jj/83d40d2c425fa2e050bdac8837b19e5beb3bef25' (2025-01-18)
  → 'github:martinvonz/jj/e58713c1355d0536e197a3f99ce5a5c713fe69c3' (2025-01-25)
• Updated input 'jujutsu/rust-overlay':
    'github:oxalica/rust-overlay/04d5f1836721461b256ec452883362c5edc5288e' (2025-01-02)
  → 'github:oxalica/rust-overlay/eb64cbcc8eee0fa87ebded92805280d2ec97415a' (2025-01-24)
• Updated input 'nextcloud-snappymail':
    'https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz?narHash=sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E%3D' (2025-01-18)
  → 'https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz?narHash=sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E%3D' (2025-01-25)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/5df43628fdf08d642be8ba5b3625a6c70731c19c' (2025-01-16)
  → 'github:nixos/nixpkgs/0aa475546ed21629c4f5bbf90e38c846a99ec9e9' (2025-01-23)
• Updated input 'nur':
    'github:nix-community/nur/62cdd681201843553ec740a85ccf2f0a6fca75c6' (2025-01-18)
  → 'github:nix-community/nur/e3bdfbe8b01b6469fd2351ab0cf867d9cfa73da8' (2025-01-25)
• Updated input 'nur/nixpkgs':
    'github:nixos/nixpkgs/5df43628fdf08d642be8ba5b3625a6c70731c19c' (2025-01-16)
  → 'github:nixos/nixpkgs/0aa475546ed21629c4f5bbf90e38c846a99ec9e9' (2025-01-23)
• Updated input 'nvim-lint-src':
    'github:mfussenegger/nvim-lint/dfa45de973c3ce7bd1b9a6d346f896a68ad07e44' (2025-01-06)
  → 'github:mfussenegger/nvim-lint/789b7ada1b4f00e08d026dffde410dcfa6a0ba87' (2025-01-21)
• Updated input 'nvim-tree-lua-src':
    'github:kyazdani42/nvim-tree.lua/fca0b67c0b5a31727fb33addc4d9c100736a2894' (2025-01-17)
  → 'github:kyazdani42/nvim-tree.lua/fee1da88972f5972a8296813f6c00d7598325ebd' (2025-01-25)
• Updated input 'tiny-inline-diagnostic-nvim-src':
    'github:rachartier/tiny-inline-diagnostic.nvim/aaa6f0dd097f8ca2478cad259e61b7cb26ec0eb8' (2025-01-15)
  → 'github:rachartier/tiny-inline-diagnostic.nvim/5c00aec99f558b8f0a2c4445038f74e5f5435c00' (2025-01-23)
• Updated input 'tree-sitter-bash':
    'github:tree-sitter/tree-sitter-bash/49c31006d8307dcb12bc5770f35b6d5b9e2be68e' (2024-11-11)
  → 'github:tree-sitter/tree-sitter-bash/03f4927065b3c0d71a962be87130aa7e79b35448' (2025-01-24)
• Updated input 'tree-sitter-python':
    'github:tree-sitter/tree-sitter-python/409b5d671eb0ea4972eeacaaca24bbec1acf79b1' (2025-01-07)
  → 'github:tree-sitter/tree-sitter-python/ab2ba8be034368fa009f62f371c068b8728f9db7' (2025-01-23)
2025-01-25 03:44:22 +00:00
256 changed files with 5455 additions and 3241 deletions

View File

@ -3,7 +3,7 @@ name: Arrow (AWS)
run-name: Arrow (AWS) - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
env:
TERRAFORM_DIRECTORY: hosts/arrow/aws
TERRAFORM_DIRECTORY: deploy/aws
DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
ZONE_NAME: masu.rs

200
.github/workflows/flame.yml vendored Normal file
View File

@ -0,0 +1,200 @@
name: Flame
run-name: Flame - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
env:
TERRAFORM_DIRECTORY: deploy/oracle
DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
FLAME_IDENTITY_BASE64: ${{ secrets.FLAME_IDENTITY_BASE64 }}
ZONE_NAME: masu.rs
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
OCI_CLI_USER: "ocid1.user.oc1..aaaaaaaa6lro2eoxdajjypjysepvzcavq5yn4qyozjyebxdiaoqziribuqba"
OCI_CLI_TENANCY: "ocid1.tenancy.oc1..aaaaaaaaudwr2ozedhjnrn76ofjgglgug6gexknjisd7gb7tkj3mjdp763da"
OCI_CLI_FINGERPRINT: "dd:d0:da:6d:83:46:8b:b3:d9:45:2b:c7:56:ae:30:94"
OCI_CLI_KEY_CONTENT: "${{ secrets.OCI_PRIVATE_KEY }}"
TF_VAR_oci_private_key: "${{ secrets.OCI_PRIVATE_KEY }}"
OCI_CLI_REGION: "us-ashburn-1"
on:
workflow_dispatch:
inputs:
rebuild:
description: Rebuild Image
type: boolean
default: false
action:
description: Terraform Action
type: choice
required: true
default: create
options:
- create
- destroy
- nothing
permissions:
id-token: write
contents: write
jobs:
build-deploy:
name: Build and Deploy
# runs-on: ubuntu-latest
runs-on: ubuntu-24.04-arm
steps:
- name: Checkout Repo Code
uses: actions/checkout@v4
# - name: Write OCI Key to File
# run: |
# echo "${{ env.OCI_PRIVATE_KEY_BASE64 }}" | base64 -d > OCI_PRIVATE_KEY
# # Enable access to KVM, required to build an image
# - name: Enable KVM group perms
# if: inputs.rebuild && inputs.action != 'destroy'
# run: |
# echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
# sudo udevadm control --reload-rules
# sudo udevadm trigger --name-match=kvm
# sudo apt-get install -y qemu-user-static
# Install Nix
- name: Install Nix
# if: inputs.rebuild && inputs.action != 'destroy'
uses: cachix/install-nix-action@v31.4.1
with:
enable_kvm: true
extra_nix_config: |
system = aarch64-linux
system-features = aarch64-linux arm-linux kvm
# Build the image
- name: Build Image
if: inputs.rebuild && inputs.action != 'destroy'
run: nix build .#flame-qcow --system aarch64-linux
- name: List Images
if: inputs.rebuild && inputs.action != 'destroy'
run: |
ls -lh result/
echo "IMAGE_NAME=$(ls result/nixos.qcow2) >> $GITHUB_ENV
- name: Upload Image to S3
if: inputs.rebuild && inputs.action != 'destroy'
# env:
# AWS_ACCESS_KEY_ID: "<YOUR_OCI_ACCESS_KEY>"
# AWS_SECRET_ACCESS_KEY: "<YOUR_OCI_SECRET_KEY>"
# AWS_DEFAULT_REGION: "us-ashburn-1" # e.g., us-ashburn-1, us-phoenix-1
# AWS_ENDPOINT_URL: "https://masur.compat.objectstorage.us-ashburn-1.oraclecloud.com"
uses: oracle-actions/run-oci-cli-command@v1.3.2
with:
command: |
os object put \
--namespace "idptr5akf9pf" \
--bucket-name "noahmasur-images" \
--name "nixos.qcow2" \
--file "${IMAGE_NAME}" \
--part-size 128 \ # Optional: Specify part size in MiB for multipart uploads, default is 128 MiB
--parallel-upload-count 5 # Optional: Number of parallel uploads, default is 3
# Login to AWS
- name: AWS Assume Role
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::286370965832:role/github_actions_admin
aws-region: us-east-1
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform fmt -no-color -check -diff -recursive
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform init -input=false
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: inputs.action == 'create'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform apply \
-auto-approve \
-input=false
# Removes infrastructure.
- name: Terraform Destroy
if: inputs.action == 'destroy'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform destroy \
-auto-approve \
-input=false
- name: Get Host IP
if: inputs.action == 'create'
id: host
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform output -raw host_ip
- name: Wait on SSH
if: inputs.action == 'create'
run: |
for i in $(seq 1 15); do
if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
exit 0
fi
sleep 10
done
- name: Write Identity Keys to Files
if: inputs.action == 'create'
run: |
echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
chmod 0600 deploy_ed25519
echo "${{ env.FLAME_IDENTITY_BASE64 }}" | base64 -d > flame_ed25519
chmod 0600 flame_ed25519
mkdir -pv "${HOME}/.ssh/"
cp deploy_ed25519 "${HOME}/.ssh/id_ed25519"
- name: Run nixos-anywhere
if: inputs.action == 'create'
run: |
nix run github:nix-community/nixos-anywhere -- --flake github:nmasur/dotfiles#flame --build-on remote --no-reboot --target-host ubuntu@${{ steps.host.outputs.stdout }}
reboot now
- name: Wait on SSH After Reboot
if: inputs.action == 'create'
run: |
for i in $(seq 1 15); do
if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
exit 0
fi
sleep 10
done
- name: Copy Identity File to Host
if: inputs.action == 'create'
run: |
ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
scp -i deploy_ed25519 flame_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519
# - name: Wipe Records
# if: ${{ inputs.action == 'destroy' }}
# run: |
# RECORD_ID=$(curl --request GET \
# --url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records \
# --header 'Content-Type: application/json' \
# --header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}" | jq -r '.result[] | select(.name == "n8n2.${{ env.ZONE_NAME }}") | .id')
# curl --request DELETE \
# --url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records/${RECORD_ID} \
# --header 'Content-Type: application/json' \
# --header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}"

View File

@ -8,38 +8,38 @@ configuration may be difficult to translate to a non-Nix system.
## System Features
| Feature | Program | Configuration |
|----------------|-----------------------------------------------------|-----------------------------------------------|
| OS | [NixOS](https://nixos.org) | [Link](./modules/nixos) |
| Display Server | [X11](https://www.x.org/wiki/) | [Link](./modules/nixos/graphical/xorg.nix) |
| Compositor | [Picom](https://github.com/yshui/picom) | [Link](./modules/nixos/graphical/picom.nix) |
| Window Manager | [i3](https://i3wm.org/) | [Link](./modules/nixos/graphical/i3.nix) |
| Panel | [Polybar](https://polybar.github.io/) | [Link](./modules/nixos/graphical/polybar.nix) |
| Font | [Victor Mono](https://rubjo.github.io/victor-mono/) | [Link](./modules/nixos/graphical/fonts.nix) |
| Launcher | [Rofi](https://github.com/davatorium/rofi) | [Link](./modules/nixos/graphical/rofi.nix) |
| Feature | Program | Configuration |
|----------------|-----------------------------------------------------|-----------------------------------------------------------------------------------|
| OS | [NixOS](https://nixos.org) | [Link](./platforms/nixos) |
| Display Server | [X11](https://www.x.org/wiki/) | [Link](./platforms/nixos/modules/nmasur/profiles/gui.nix) |
| Compositor | [Picom](https://github.com/yshui/picom) | [Link](./platforms/home-manager/modules/nmasur/presets/services/picom.nix) |
| Window Manager | [i3](https://i3wm.org/) | [Link](./platforms/home-manager/modules/nmasur/presets/services/i3.nix) |
| Panel | [Polybar](https://polybar.github.io/) | [Link](./platforms/home-manager/modules/nmasur/presets/services/polybar.nix) |
| Font | [Victor Mono](https://rubjo.github.io/victor-mono/) | [Link](./platforms/home-manager/modules/nmasur/presets/fonts.nix) |
| Launcher | [Rofi](https://github.com/davatorium/rofi) | [Link](./platforms/home-manager/modules/nmasur/presets/programs/rofi/default.nix) |
## User Features
| Feature | Program | Configuration |
|--------------|----------------------------------------------------------------------------------|----------------------------------------------------|
| Dotfiles | [Home-Manager](https://github.com/nix-community/home-manager) | [Link](./modules/common) |
| Terminal | [Kitty](https://sw.kovidgoyal.net/kitty/) | [Link](./modules/common/applications/kitty.nix) |
| Shell | [Fish](https://fishshell.com/) | [Link](./modules/common/shell/fish) |
| Shell Prompt | [Starship](https://starship.rs/) | [Link](./modules/common/shell/starship.nix) |
| Colorscheme | [Gruvbox](https://github.com/morhetz/gruvbox) | [Link](./colorscheme/gruvbox/default.nix) |
| Wallpaper | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix) |
| Text Editor | [Neovim](https://neovim.io/) | [Link](./modules/common/neovim/config) |
| Browser | [Firefox](https://www.mozilla.org/en-US/firefox/new/) | [Link](./modules/common/applications/firefox.nix) |
| E-Mail | [Aerc](https://aerc-mail.org/) | [Link](./modules/common/mail/aerc.nix) |
| File Manager | [Nautilus](https://wiki.gnome.org/action/show/Apps/Files) | [Link](./modules/common/applications/nautilus.nix) |
| PDF Reader | [Zathura](https://pwmt.org/projects/zathura/) | [Link](./modules/common/applications/media.nix) |
| Video Player | [mpv](https://mpv.io/) | [Link](./modules/common/applications/media.nix) |
| Feature | Program | Configuration |
|--------------|----------------------------------------------------------------------------------|-------------------------------------------------------------------------------|
| Dotfiles | [Home-Manager](https://github.com/nix-community/home-manager) | [Link](./platforms/home-manager) |
| Terminal | [Ghostty](https://sw.kovidgoyal.net/kitty/) | [Link](./platforms/home-manager/modules/nmasur/presets/programs/ghostty.nix) |
| Shell | [Fish](https://fishshell.com/) | [Link](./platforms/home-manager/modules/nmasur/presets/programs/fish.nix) |
| Shell Prompt | [Starship](https://starship.rs/) | [Link](./platforms/home-manager/modules/nmasur/presets/programs/starship.nix) |
| Colorscheme | [Gruvbox](https://github.com/morhetz/gruvbox) | [Link](./colorscheme/gruvbox/default.nix) |
| Wallpaper | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/x86_64-linux/tempest/default.nix) |
| Text Editor | [Neovim](https://neovim.io/) | [Link](./pkgs/applications/editors/neovim/nmasur/neovim/package.nix) |
| Browser | [Firefox](https://www.mozilla.org/en-US/firefox/new/) | [Link](./platforms/home-manager/modules/nmasur/presets/programs/firefox.nix) |
| E-Mail | [Aerc](https://aerc-mail.org/) | [Link](./platforms/home-manager/modules/nmasur/presets/programs/aerc.nix) |
| File Manager | [Nautilus](https://wiki.gnome.org/action/show/Apps/Files) | [Link](./platforms/home-manager/modules/nmasur/presets/programs/nautilus.nix) |
| PDF Reader | [Zathura](https://pwmt.org/projects/zathura/) | [Link](./platforms/home-manager/modules/nmasur/presets/programs/zathura.nix) |
| Video Player | [mpv](https://mpv.io/) | [Link](./platforms/home-manager/modules/nmasur/presets/programs/mpv.nix) |
## macOS Features
| Feature | Program | Configuration |
|----------|---------------------------------------------|--------------------------------------|
| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./platforms/home-manager/modules/nmasur/presets/services/hammerspoon/) |
# Diagram
@ -51,15 +51,16 @@ configuration may be difficult to translate to a non-Nix system.
This repo contains a few more elaborate elements of configuration.
- [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
and source-controlled plugins, differing based on installed LSPs, for example.
- [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based
dynamically on enabled services rendered with Nix.
- [Grafana config](./modules/nixos/services/grafana.nix) rendered with Nix.
- Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
agenix.
- Base16 [colorschemes](./colorscheme/) applied to multiple applications,
including Firefox userChrome.
- [Neovim config](./pkgs/applications/editors/neovim/nmasur/neovim/package.nix)
generated with Nix2Vim and source-controlled plugins,
differing based on installed LSPs, for example. - [Caddy
JSON](./platforms/nixos/modules/nmasur/presets/services/caddy.nix) file (routes,
etc.) based dynamically on enabled services rendered with Nix. - [Grafana
config](./platforms/nixos/modules/nmasur/presets/services/grafana/grafana.nix)
rendered with Nix. - Custom [secrets
deployment](./platforms/nixos/modules/secrets.nix) similar to agenix. - Base16
[colorschemes](./colorscheme/) applied to multiple applications, including
Firefox userChrome.
---

View File

@ -1,9 +0,0 @@
# Apps
These are all my miscellaneous utilies and scripts to accompany this project.
They can be run with:
```
nix run github:nmasur/dotfiles#appname
```

View File

@ -1,31 +0,0 @@
{ pkgs, ... }:
rec {
# Show quick helper
default = import ./help.nix { inherit pkgs; };
# Format primary disk
format-root = import ./format-root.nix { inherit pkgs; };
# Format and install from nothing (deprecated)
installer = import ./installer.nix { inherit pkgs; };
# Display the readme for this repository
readme = import ./readme.nix { inherit pkgs; };
# Rebuild
rebuild = import ./rebuild.nix { inherit pkgs; };
# Load the SSH key for this machine
loadkey = import ./loadkey.nix { inherit pkgs; };
# Encrypt secret for all machines
encrypt-secret = import ./encrypt-secret.nix { inherit pkgs; };
# Re-encrypt secrets for all machines
reencrypt-secrets = import ./reencrypt-secrets.nix { inherit pkgs; };
# Run neovim as an app
neovim = import ./neovim.nix { inherit pkgs; };
nvim = neovim;
}

View File

@ -1,19 +0,0 @@
{ pkgs, ... }:
{
# nix run github:nmasur/dotfiles#encrypt-secret > private/mysecret.age
type = "app";
program = builtins.toString (
pkgs.writeShellScript "encrypt-secret" ''
printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2
read -p "Secret: " secret
printf "\nEncrypting...\n\n" 1>&2
tmpfile=$(mktemp)
echo "''${secret}" > ''${tmpfile}
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile
rm $tmpfile
''
);
}

View File

@ -1,9 +0,0 @@
{ pkgs, ... }:
{
# This script will partition and format drives; use at your own risk!
type = "app";
program = pkgs.lib.getExe pkgs.format-root;
}

View File

@ -1,24 +0,0 @@
{ pkgs, ... }:
{
type = "app";
program = builtins.toString (
pkgs.writeShellScript "default" ''
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
echo ""
echo ""
${pkgs.gum}/bin/gum format --type=template -- \
' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \
echo ""
echo ""
''
);
}

View File

@ -1,50 +0,0 @@
{ pkgs, ... }:
{
# Inspired by https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix
# This script will partition and format drives; use at your own risk!
type = "app";
program = builtins.toString (
pkgs.writeShellScript "installer" ''
set -e
DISK=$1
FLAKE=$2
PARTITION_PREFIX=""
if [ -z "$DISK" ] || [ -z "$FLAKE" ]; then
${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
--foreground "#fb4934" \
"Missing required parameter." \
"Usage: installer -- <disk> <host>" \
"Example: installer -- nvme0n1 tempest" \
"Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest"
echo "(exiting)"
exit 1
fi
case "$DISK" in nvme*)
PARTITION_PREFIX="p"
esac
${pkgs.gum}/bin/gum confirm \
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
--default=false
${pkgs.parted}/bin/parted /dev/''${DISK} -- mklabel gpt
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart primary 512MiB 100%
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart ESP fat32 1MiB 512MiB
${pkgs.parted}/bin/parted /dev/''${DISK} -- set 3 esp on
mkfs.ext4 -L nixos /dev/''${DISK}''${PARTITION_PREFIX}1
mkfs.fat -F 32 -n boot /dev/''${DISK}''${PARTITION_PREFIX}2
mount /dev/disk/by-label/nixos /mnt
mkdir --parents /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
${pkgs.nixos-install-tools}/bin/nixos-install --flake github:nmasur/dotfiles#''${FLAKE}
''
);
}

View File

@ -1,9 +0,0 @@
{ pkgs, ... }:
{
# TODO: just replace with packages instead of apps
type = "app";
program = "${pkgs.loadkey}/bin/loadkey";
}

View File

@ -1,12 +0,0 @@
{ pkgs, ... }:
{
type = "app";
program = "${
(import ../modules/common/neovim/package {
inherit pkgs;
colors = (import ../colorscheme/nord).dark;
})
}/bin/nvim";
}

View File

@ -1,11 +0,0 @@
{ pkgs, ... }:
{
type = "app";
program = builtins.toString (
pkgs.writeShellScript "readme" ''
${pkgs.glow}/bin/glow --pager ${builtins.toString ../README.md}
''
);
}

View File

@ -1,17 +0,0 @@
{ pkgs, ... }:
{
type = "app";
program = builtins.toString (
pkgs.writeShellScript "rebuild" ''
echo ${pkgs.system}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
if [ "$SYSTEM" == "darwin" ]; then
sudo darwin-rebuild switch --flake ${builtins.toString ../.}
else
doas nixos-rebuild switch --flake ${builtins.toString ../.}
fi
''
);
}

View File

@ -1,27 +0,0 @@
{ pkgs, ... }:
{
# nix run github:nmasur/dotfiles#reencrypt-secrets ./private
type = "app";
program = builtins.toString (
pkgs.writeShellScript "reencrypt-secrets" ''
if [ $# -eq 0 ]; then
echo "Must provide directory to reencrypt."
exit 1
fi
encrypted=$1
for encryptedfile in ''${1}/*; do
tmpfile=$(mktemp)
echo "Decrypting ''${encryptedfile}..."
${pkgs.age}/bin/age --decrypt \
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
echo "Encrypting ''${encryptedfile}..."
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile > $encryptedfile
rm $tmpfile
done
echo "Finished."
''
);
}

115
deploy/oracle/main.tf Normal file
View File

@ -0,0 +1,115 @@
terraform {
backend "s3" {
bucket = "noahmasur-terraform"
key = "flame.tfstate"
region = "us-east-1"
use_lockfile = true
}
required_version = ">= 1.0.0"
required_providers {
oci = {
source = "oracle/oci"
version = "7.7.0"
}
}
}
provider "oci" {
auth = "APIKey"
tenancy_ocid = var.compartment_ocid
user_ocid = "ocid1.user.oc1..aaaaaaaa6lro2eoxdajjypjysepvzcavq5yn4qyozjyebxdiaoqziribuqba"
private_key = var.oci_private_key
fingerprint = "dd:d0:da:6d:83:46:8b:b3:d9:45:2b:c7:56:ae:30:94"
region = "us-ashburn-1"
}
# Get the latest Ubuntu image OCID
# We'll filter for a recent Ubuntu LTS version (e.g., 22.04 or 24.04) and pick the latest.
# Note: Image OCIDs are region-specific. This data source helps find the correct one.
data "oci_core_images" "ubuntu_image" {
compartment_id = var.compartment_ocid
operating_system = "Canonical Ubuntu"
# Adjust this version if you prefer a different Ubuntu LTS (e.g., "24.04")
operating_system_version = "24.04"
shape = var.instance_shape # Filter by the shape to ensure compatibility
sort_by = "TIMECREATED"
sort_order = "DESC"
}
# resource "oci_core_image" "my_custom_image" {
# compartment_id = var.compartment_ocid
# display_name = "noah-nixos"
# image_source_details {
# source_type = "objectStorageTuple" # Use this if specifying namespace, bucket, and object name
# # source_type = "objectStorageUri" # Use this if you have a pre-authenticated request URL (PAR)
# namespace_name = var.object_storage_namespace
# bucket_name = var.object_storage_bucket_name
# object_name = var.object_storage_object_name
# source_image_type = "QCOW2" # e.g., "QCOW2", "VMDK"
# # These properties help OCI understand how to launch instances from this image
# # Adjust based on your custom image's OS and boot mode
# operating_system = "NixOS" # e.g., "CentOS", "Debian", "Windows"
# operating_system_version = "25.05" # e.g., "7", "11", "2019"
# }
# launch_mode = "PARAVIRTUALIZED" # Or "NATIVE", "EMULATED", "CUSTOM"
# # Optional: for specific launch options if your image requires them
# # launch_options {
# # boot_volume_type = "PARAVIRTUALIZED"
# # firmware = "UEFI_64" # Or "BIOS"
# # network_type = "PARAVIRTUALIZED"
# # }
# # Time out for image import operation. Can take a while for large images.
# timeouts {
# create = "60m" # Default is 20m, often needs to be increased
# }
# }
data "oci_identity_availability_domains" "ads" {
compartment_id = var.compartment_ocid
}
resource "oci_core_instance" "my_compute_instance" {
compartment_id = var.compartment_ocid
availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
shape = var.instance_shape
display_name = var.instance_display_name
source_details {
source_type = "image"
# Use the OCID of the latest Ubuntu image found by the data source
source_id = data.oci_core_images.ubuntu_image.images[0].id
# # Use the OCID of the newly imported custom image
# source_id = oci_core_image.my_custom_image.id
# Specify the boot volume size
boot_volume_size_in_gbs = var.boot_volume_size_in_gbs
boot_volume_vpus_per_gb = 20 # Highest free tier option
}
# launch_options {
# is_consistent_volume_naming_enabled = true # Sets boot device path to /dev/oracleoci/oraclevda
# network_type = "PARAVIRTUALIZED" # I think this is the default?
# }
create_vnic_details {
subnet_id = oci_core_subnet.my_public_subnet.id # Use the created subnet's ID
display_name = "primary_vnic"
assign_public_ip = true
hostname_label = "flame"
}
metadata = {
ssh_authorized_keys = var.ssh_public_key
user_data = base64encode(var.cloud_init_script)
}
# Optional: For flexible shapes (e.g., VM.Standard.E4.Flex), you might need to specify OCPUs and memory
shape_config {
ocpus = 4
memory_in_gbs = 24
}
}

126
deploy/oracle/network.tf Normal file
View File

@ -0,0 +1,126 @@
resource "oci_core_vcn" "my_vpc" {
compartment_id = var.compartment_ocid
display_name = "main"
cidr_block = "10.0.0.0/16"
is_ipv6enabled = false
dns_label = "mainvcn" # Must be unique within your tenancy
}
resource "oci_core_internet_gateway" "my_igw" {
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.my_vpc.id
display_name = "main-igw"
enabled = true
}
resource "oci_core_route_table" "my_public_route_table" {
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.my_vpc.id
display_name = "main-public-rt"
# Default route to the Internet Gateway
route_rules {
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
network_entity_id = oci_core_internet_gateway.my_igw.id
}
}
resource "oci_core_security_list" "my_public_security_list" {
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.my_vpc.id
display_name = "main-public-sl"
# Egress Rules (Allow all outbound traffic)
egress_security_rules {
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
protocol = "all"
}
# Ingress Rules
ingress_security_rules {
# SSH (TCP 22)
protocol = "6" # TCP
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
tcp_options {
min = 22
max = 22
}
}
ingress_security_rules {
# HTTP (TCP 80)
protocol = "6" # TCP
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
tcp_options {
min = 80
max = 80
}
}
ingress_security_rules {
# HTTPS (TCP 443)
protocol = "6" # TCP
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
tcp_options {
min = 443
max = 443
}
}
ingress_security_rules {
# Custom Minecraft
protocol = "6" # TCP
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
tcp_options {
min = 49732
max = 49732
}
}
ingress_security_rules {
# HTTPS (UDP 443) - For QUIC or specific UDP services
protocol = "17" # UDP
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
udp_options {
min = 443
max = 443
}
}
ingress_security_rules {
# ICMP (Ping)
protocol = "1" # ICMP
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
icmp_options {
type = 3 # Destination Unreachable (common for connectivity checks)
code = 4 # Fragmentation needed
}
}
ingress_security_rules {
protocol = "1" # ICMP
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
icmp_options {
type = 8 # Echo Request (ping)
}
}
}
resource "oci_core_subnet" "my_public_subnet" {
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.my_vpc.id
display_name = "main-public-subnet"
cidr_block = "10.0.0.0/24"
prohibit_public_ip_on_vnic = false # Allows instances in this subnet to get public IPs
route_table_id = oci_core_route_table.my_public_route_table.id
security_list_ids = [oci_core_security_list.my_public_security_list.id]
dns_label = "mainsub" # Must be unique within the VCN
}

19
deploy/oracle/outputs.tf Normal file
View File

@ -0,0 +1,19 @@
output "host_ip" {
description = "The public IP address of the launched instance."
value = oci_core_instance.my_compute_instance.public_ip
}
output "instance_id" {
description = "The OCID of the launched instance."
value = oci_core_instance.my_compute_instance.id
}
output "vpc_ocid" {
description = "The OCID of the created VCN."
value = oci_core_vcn.my_vpc.id
}
output "subnet_ocid" {
description = "The OCID of the created public subnet."
value = oci_core_subnet.my_public_subnet.id
}

View File

@ -0,0 +1,63 @@
variable "boot_volume_size_in_gbs" {
description = "The size of the boot volume in GBs."
type = number
default = 150
}
variable "cloud_init_script" {
description = "A cloud-init script to run on instance launch."
type = string
default = <<-EOF
#!/bin/bash
echo "Hello from cloud-init!" > /home/ubuntu/cloud-init-output.txt
EOF
}
variable "compartment_ocid" {
description = "The OCID of the compartment where the instance will be created."
type = string
default = "ocid1.tenancy.oc1..aaaaaaaaudwr2ozedhjnrn76ofjgglgug6gexknjisd7gb7tkj3mjdp763da"
}
variable "instance_display_name" {
description = "A user-friendly name for the instance."
type = string
default = "noah-nixos"
}
variable "instance_shape" {
description = "The shape of the OCI compute instance."
type = string
default = "VM.Standard.A1.Flex" # Example shape. Choose one available in your region/AD.
}
variable "object_storage_namespace" {
description = "Your OCI Object Storage namespace (usually your tenancy name)."
type = string
default = "idptr5akf9pf"
}
variable "object_storage_bucket_name" {
description = "The name of the Object Storage bucket where your custom image is located."
type = string
default = "noahmasur-images"
}
variable "object_storage_object_name" {
description = "The object name (file name) of your custom image in Object Storage."
type = string
default = "nixos.qcow2"
}
variable "oci_private_key" {
type = string
description = "API private key for Oracle Cloud management"
sensitive = true
}
variable "ssh_public_key" {
description = "Your public SSH key content."
type = string
# default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw actions-deploy"
}

View File

@ -1,5 +0,0 @@
# Disks
These are my [disko](https://github.com/nix-community/disko) configurations,
which allow me to save desired disk formatting layouts as a declarative file so
I don't have to remember how to format my disks later on.

652
flake.lock generated
View File

@ -1,54 +1,5 @@
{
"nodes": {
"baleia-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1721805312,
"narHash": "sha256-qA1x5kplP2I8bURO0I4R0gt/zeznu9hQQ+XHptLGuwc=",
"owner": "m00qek",
"repo": "baleia.nvim",
"rev": "1b25eac3ac03659c3d3af75c7455e179e5f197f7",
"type": "github"
},
"original": {
"owner": "m00qek",
"repo": "baleia.nvim",
"type": "github"
}
},
"base16-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1716483968,
"narHash": "sha256-GRF/6AobXHamw8TZ3FjL7SI6ulcpwpcohsIuZeCSh2A=",
"owner": "RRethy",
"repo": "base16-nvim",
"rev": "6ac181b5733518040a33017dde654059cd771b7c",
"type": "github"
},
"original": {
"owner": "RRethy",
"repo": "base16-nvim",
"type": "github"
}
},
"bufferline-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1716555412,
"narHash": "sha256-8PCkY1zrlMrPGnQOb7MjqDXNlkeX46jrT4ScIL+MOwM=",
"owner": "akinsho",
"repo": "bufferline.nvim",
"rev": "99337f63f0a3c3ab9519f3d1da7618ca4f91cffe",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v4.6.1",
"repo": "bufferline.nvim",
"type": "github"
}
},
"cl-nix-lite": {
"locked": {
"lastModified": 1728174978,
@ -64,22 +15,6 @@
"type": "github"
}
},
"cmp-nvim-lsp-src": {
"flake": false,
"locked": {
"lastModified": 1733823748,
"narHash": "sha256-iaihXNCF5bB5MdeoosD/kc3QtpA/QaIDZVLiLIurBSM=",
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"rev": "99290b3ec1322070bcfb9e846450a46f6efa50f0",
"type": "github"
},
"original": {
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -87,11 +22,11 @@
]
},
"locked": {
"lastModified": 1737162735,
"narHash": "sha256-5T+HkouTMGaRm0rh3kgD4Z1O7ONKfgjyoPQH5rSyreU=",
"lastModified": 1751313918,
"narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87131f51f8256952d1a306b5521cedc2dc61aa08",
"rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf",
"type": "github"
},
"original": {
@ -108,11 +43,11 @@
]
},
"locked": {
"lastModified": 1737038063,
"narHash": "sha256-rMEuiK69MDhjz1JgbaeQ9mBDXMJ2/P8vmOYRbFndXsk=",
"lastModified": 1750903843,
"narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=",
"owner": "nix-community",
"repo": "disko",
"rev": "bf0abfde48f469c256f2b0f481c6281ff04a5db2",
"rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae",
"type": "github"
},
"original": {
@ -121,23 +56,6 @@
"type": "github"
}
},
"fidget-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1716093309,
"narHash": "sha256-Gpk/G0ByOAIE8uX4Xr94CvAjJBSJMEOwBuvrhmYYGsg=",
"owner": "j-hui",
"repo": "fidget.nvim",
"rev": "ef99df04a1c53a453602421bc0f756997edc8289",
"type": "github"
},
"original": {
"owner": "j-hui",
"ref": "v1.4.5",
"repo": "fidget.nvim",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -158,11 +76,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
@ -230,19 +148,42 @@
"type": "github"
}
},
"hmts-nvim-src": {
"flake": false,
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1729786258,
"narHash": "sha256-V5dwIJdxBulFVKk1iSlf4H5NRz1UH7uYQeMvwtgkpIs=",
"owner": "calops",
"repo": "hmts.nvim",
"rev": "c7ff4c3ad96cd05664b18fb5bbbe2abbd7682dd2",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "calops",
"repo": "hmts.nvim",
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"helix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1751378814,
"narHash": "sha256-pdYjEgdVYEerzxxmrM0GJAFGZ+J50NRD0rtDZ16SuTM=",
"owner": "helix-editor",
"repo": "helix",
"rev": "6a090471a800b1001bdfd2b6e0b710c1cd439a4e",
"type": "github"
},
"original": {
"owner": "helix-editor",
"repo": "helix",
"type": "github"
}
},
@ -253,11 +194,11 @@
]
},
"locked": {
"lastModified": 1737120639,
"narHash": "sha256-p5e/45V41YD3tMELuiNIoVCa25/w4nhOTm0B9MtdHFI=",
"lastModified": 1751485527,
"narHash": "sha256-E2AtD5UUeU50xco4gmgsCOs7tnBNsVi7+CdCZ4yQUrA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a0046af169ce7b1da503974e1b22c48ef4d71887",
"rev": "25f003f8a9eae31a11938d53cb23e0b4a3c08d3a",
"type": "github"
},
"original": {
@ -278,11 +219,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1732920695,
"narHash": "sha256-1fxvJZUznwrmEtYqpPuWi2tPcL9kj6v7p1J7ZZncAPE=",
"lastModified": 1742156590,
"narHash": "sha256-aTM/2CrNN5utdVEQGsOA+kl4UozgH7VPLBQL5OXtBrg=",
"owner": "hraban",
"repo": "mac-app-util",
"rev": "548672d0cb661ce11d08ee8bde92b87d2a75c872",
"rev": "341ede93f290df7957047682482c298e47291b4d",
"type": "github"
},
"original": {
@ -291,58 +232,6 @@
"type": "github"
}
},
"nextcloud-cookbook": {
"flake": false,
"locked": {
"lastModified": 1726214817,
"narHash": "sha256-Pfa+Xbopg20os+pnGgg+wpEX1MI5fz5JMb0K4a8rBhs=",
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz"
}
},
"nextcloud-external": {
"flake": false,
"locked": {
"lastModified": 1729501349,
"narHash": "sha256-OV6HhFBzmnQBO5btGEnqmKlaUMY7/t2Qm3XebclpBlM=",
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz"
}
},
"nextcloud-news": {
"flake": false,
"locked": {
"lastModified": 1729667621,
"narHash": "sha256-pnvyMZQ+NYMgH0Unfh5S19HdZSjnghgoUDAoi2KIXNI=",
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz"
}
},
"nextcloud-snappymail": {
"flake": false,
"locked": {
"lastModified": 1737171597,
"narHash": "sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E=",
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz"
}
},
"nix2vim": {
"inputs": {
"flake-utils": "flake-utils_2",
@ -351,11 +240,11 @@
]
},
"locked": {
"lastModified": 1732820845,
"narHash": "sha256-YPXk41l4PzKb5rtcxkYhymwjHJG95fxl4iXIzXnftr8=",
"lastModified": 1745846717,
"narHash": "sha256-GjwZEjCrI1/tQYylAQ+hU5JYD2hJI+rZmfICCIniWuE=",
"owner": "gytis-ivaskevicius",
"repo": "nix2vim",
"rev": "e2c511ea553418dd432005875c649b09d56b7e58",
"rev": "0cd899a39b56d665115f72ffc7c37e0f4cf41dbe",
"type": "github"
},
"original": {
@ -387,11 +276,11 @@
]
},
"locked": {
"lastModified": 1737057290,
"narHash": "sha256-3Pe0yKlCc7EOeq1X/aJVDH0CtNL+tIBm49vpepwL1MQ=",
"lastModified": 1747663185,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "d002ce9b6e7eb467cd1c6bb9aef9c35d191b5453",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
"type": "github"
},
"original": {
@ -402,11 +291,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1737062831,
"narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
"lastModified": 1751271578,
"narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
"rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
"type": "github"
},
"original": {
@ -432,6 +321,22 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1728538411,
"narHash": "sha256-f0SBJz1eZ2yOuKUr5CA9BHULGXVSn6miBuUWdTyhUhU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b69de56fac8c2b6f8fd27f2eca01dcda8e0a4221",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts",
@ -441,11 +346,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1737170882,
"narHash": "sha256-Km700i1Eg72bFsU2X2ZgH4qEgx6SrdZFJURJGTSQH2M=",
"lastModified": 1751485261,
"narHash": "sha256-QtPZgSHeBdS6yr2E9SUjqusslh3ztxskn54vIwl3pzU=",
"owner": "nix-community",
"repo": "nur",
"rev": "62cdd681201843553ec740a85ccf2f0a6fca75c6",
"rev": "864d4a94df15802c83c212c2a9fe1d44eb6e78d5",
"type": "github"
},
"original": {
@ -454,127 +359,81 @@
"type": "github"
}
},
"nvim-lint-src": {
"flake": false,
"locked": {
"lastModified": 1736154173,
"narHash": "sha256-OChCLXHAqa129NiGfmwddq0Hj5F9AtC3TmFbnNCZqfo=",
"owner": "mfussenegger",
"repo": "nvim-lint",
"rev": "dfa45de973c3ce7bd1b9a6d346f896a68ad07e44",
"type": "github"
},
"original": {
"owner": "mfussenegger",
"repo": "nvim-lint",
"type": "github"
}
},
"nvim-lspconfig-src": {
"flake": false,
"locked": {
"lastModified": 1716281382,
"narHash": "sha256-foJ7a59N0a3QaBW24PtwbyYDQVlIsFxiatADLO/hQvc=",
"owner": "neovim",
"repo": "nvim-lspconfig",
"rev": "0b8165cf95806bc4bb8f745bb0c92021b2ed4b98",
"type": "github"
},
"original": {
"owner": "neovim",
"ref": "v0.1.8",
"repo": "nvim-lspconfig",
"type": "github"
}
},
"nvim-tree-lua-src": {
"flake": false,
"locked": {
"lastModified": 1737156486,
"narHash": "sha256-b8YOOIYML9aKy4Y7S+iLKIaTfCqrxK1wB/ZaeFRCUmo=",
"owner": "kyazdani42",
"repo": "nvim-tree.lua",
"rev": "fca0b67c0b5a31727fb33addc4d9c100736a2894",
"type": "github"
},
"original": {
"owner": "kyazdani42",
"repo": "nvim-tree.lua",
"type": "github"
}
},
"nvim-treesitter-src": {
"flake": false,
"locked": {
"lastModified": 1705679158,
"narHash": "sha256-zAyiitJIgOCZTB0CmgNt0MHENM70SOHLIoWrVwOJKFg=",
"owner": "nvim-treesitter",
"repo": "nvim-treesitter",
"rev": "f197a15b0d1e8d555263af20add51450e5aaa1f0",
"type": "github"
},
"original": {
"owner": "nvim-treesitter",
"ref": "v0.9.2",
"repo": "nvim-treesitter",
"type": "github"
}
},
"root": {
"inputs": {
"baleia-nvim-src": "baleia-nvim-src",
"base16-nvim-src": "base16-nvim-src",
"bufferline-nvim-src": "bufferline-nvim-src",
"cmp-nvim-lsp-src": "cmp-nvim-lsp-src",
"darwin": "darwin",
"disko": "disko",
"fidget-nvim-src": "fidget-nvim-src",
"hmts-nvim-src": "hmts-nvim-src",
"helix": "helix",
"home-manager": "home-manager",
"mac-app-util": "mac-app-util",
"nextcloud-cookbook": "nextcloud-cookbook",
"nextcloud-external": "nextcloud-external",
"nextcloud-news": "nextcloud-news",
"nextcloud-snappymail": "nextcloud-snappymail",
"nix2vim": "nix2vim",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"nur": "nur",
"nvim-lint-src": "nvim-lint-src",
"nvim-lspconfig-src": "nvim-lspconfig-src",
"nvim-tree-lua-src": "nvim-tree-lua-src",
"nvim-treesitter-src": "nvim-treesitter-src",
"snipe-nvim-src": "snipe-nvim-src",
"telescope-nvim-src": "telescope-nvim-src",
"telescope-project-nvim-src": "telescope-project-nvim-src",
"tiny-inline-diagnostic-nvim-src": "tiny-inline-diagnostic-nvim-src",
"toggleterm-nvim-src": "toggleterm-nvim-src",
"tree-sitter-bash": "tree-sitter-bash",
"tree-sitter-ini": "tree-sitter-ini",
"tree-sitter-lua": "tree-sitter-lua",
"tree-sitter-puppet": "tree-sitter-puppet",
"tree-sitter-python": "tree-sitter-python",
"tree-sitter-rasi": "tree-sitter-rasi",
"tree-sitter-vimdoc": "tree-sitter-vimdoc",
"wallpapers": "wallpapers",
"wsl": "wsl",
"yazi": "yazi",
"zellij-switch": "zellij-switch",
"zenyd-mpv-scripts": "zenyd-mpv-scripts"
}
},
"snipe-nvim-src": {
"flake": false,
"rust-overlay": {
"inputs": {
"nixpkgs": [
"helix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1736108869,
"narHash": "sha256-sJ71eiE0XmMJkhNCkbY82R4eHzBOOKFrPa+nxLc1f8s=",
"owner": "leath-dub",
"repo": "snipe.nvim",
"rev": "0d0a482ac713370196e4fc0025d5aaac5030104d",
"lastModified": 1740623427,
"narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab",
"type": "github"
},
"original": {
"owner": "leath-dub",
"repo": "snipe.nvim",
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"nixpkgs": [
"yazi",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747363019,
"narHash": "sha256-N4dwkRBmpOosa4gfFkFf/LTD8oOcNkAyvZ07JvRDEf0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0e624f2b1972a34be1a9b35290ed18ea4b419b6f",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1736476219,
"narHash": "sha256-+qyv3QqdZCdZ3cSO/cbpEY6tntyYjfe1bB12mdpNFaY=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "de30cc5963da22e9742bbbbb9a3344570ed237b9",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
@ -608,184 +467,33 @@
"type": "github"
}
},
"telescope-nvim-src": {
"flake": false,
"systems_3": {
"locked": {
"lastModified": 1716532947,
"narHash": "sha256-e1ulhc4IIvUgpjKQrSqPY4WpXuez6wlxL6Min9U0o5Q=",
"owner": "nvim-telescope",
"repo": "telescope.nvim",
"rev": "a0bbec21143c7bc5f8bb02e0005fa0b982edc026",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nvim-telescope",
"ref": "0.1.8",
"repo": "telescope.nvim",
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"telescope-project-nvim-src": {
"flake": false,
"systems_4": {
"locked": {
"lastModified": 1733083023,
"narHash": "sha256-qEORRWYKBpK7fn7se8g+5uuVBJNu0T4JHSc0C2QzNDY=",
"owner": "nvim-telescope",
"repo": "telescope-project.nvim",
"rev": "1d7920e799fc5001dffc7bd10909a86e0358eaf4",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nvim-telescope",
"repo": "telescope-project.nvim",
"type": "github"
}
},
"tiny-inline-diagnostic-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1736959343,
"narHash": "sha256-11+Z54shcy5oRevfTOu3dt5DtXhnYaH9zvktH6Lvxjs=",
"owner": "rachartier",
"repo": "tiny-inline-diagnostic.nvim",
"rev": "aaa6f0dd097f8ca2478cad259e61b7cb26ec0eb8",
"type": "github"
},
"original": {
"owner": "rachartier",
"repo": "tiny-inline-diagnostic.nvim",
"type": "github"
}
},
"toggleterm-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1721232722,
"narHash": "sha256-hJ6nBCgSyYF1pY4lX+b8WZd49i5F6BwOmrl7xVSIwRw=",
"owner": "akinsho",
"repo": "toggleterm.nvim",
"rev": "48be57eaba817f038d61bbf64d2c597f578c0827",
"type": "github"
},
"original": {
"owner": "akinsho",
"ref": "v2.12.0",
"repo": "toggleterm.nvim",
"type": "github"
}
},
"tree-sitter-bash": {
"flake": false,
"locked": {
"lastModified": 1731338420,
"narHash": "sha256-JW+30zIyq8Xc7NG9V+YoFqC+57BjZXIbAvWPD2lqvIE=",
"owner": "tree-sitter",
"repo": "tree-sitter-bash",
"rev": "49c31006d8307dcb12bc5770f35b6d5b9e2be68e",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"ref": "master",
"repo": "tree-sitter-bash",
"type": "github"
}
},
"tree-sitter-ini": {
"flake": false,
"locked": {
"lastModified": 1725233451,
"narHash": "sha256-G11Aynq2rnkRwdkhspjYqtBD/h5k4aD+NvuE0QfploU=",
"owner": "justinmk",
"repo": "tree-sitter-ini",
"rev": "962568c9efa71d25720ab42c5d36e222626ef3a6",
"type": "github"
},
"original": {
"owner": "justinmk",
"repo": "tree-sitter-ini",
"type": "github"
}
},
"tree-sitter-lua": {
"flake": false,
"locked": {
"lastModified": 1729494737,
"narHash": "sha256-v+fFcIOv+bu+2IGI/Lh/Xbqd5BzbBjaa51ECd0hG7Ow=",
"owner": "MunifTanjim",
"repo": "tree-sitter-lua",
"rev": "34e60e7f45fc313463c68090d88d742a55d1bd7a",
"type": "github"
},
"original": {
"owner": "MunifTanjim",
"ref": "main",
"repo": "tree-sitter-lua",
"type": "github"
}
},
"tree-sitter-puppet": {
"flake": false,
"locked": {
"lastModified": 1734835631,
"narHash": "sha256-bO5g5AdhzpB13yHklpAndUHIX7Rvd7OMjH0Ds2ATA6Q=",
"owner": "amaanq",
"repo": "tree-sitter-puppet",
"rev": "15f192929b7d317f5914de2b4accd37b349182a6",
"type": "github"
},
"original": {
"owner": "amaanq",
"repo": "tree-sitter-puppet",
"type": "github"
}
},
"tree-sitter-python": {
"flake": false,
"locked": {
"lastModified": 1736288149,
"narHash": "sha256-IIAL2qteFPBCPmDK1N2EdDgpI4CwfMuuVL8t5tYueLU=",
"owner": "tree-sitter",
"repo": "tree-sitter-python",
"rev": "409b5d671eb0ea4972eeacaaca24bbec1acf79b1",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"ref": "master",
"repo": "tree-sitter-python",
"type": "github"
}
},
"tree-sitter-rasi": {
"flake": false,
"locked": {
"lastModified": 1716296585,
"narHash": "sha256-sPrIVgGGaBaXeqHNxjcdJ/S2FvxyV6rD9UPKU/tpspw=",
"owner": "Fymyte",
"repo": "tree-sitter-rasi",
"rev": "6c9bbcfdf5f0f553d9ebc01750a3aa247a37b8aa",
"type": "github"
},
"original": {
"owner": "Fymyte",
"repo": "tree-sitter-rasi",
"type": "github"
}
},
"tree-sitter-vimdoc": {
"flake": false,
"locked": {
"lastModified": 1729686839,
"narHash": "sha256-Vrl4/cZL+TWlUMEeWZoHCAWhvlefcl3ajGcwyTNKOhI=",
"owner": "neovim",
"repo": "tree-sitter-vimdoc",
"rev": "d2e4b5c172a109966c2ce0378f73df6cede39400",
"type": "github"
},
"original": {
"owner": "neovim",
"repo": "tree-sitter-vimdoc",
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
@ -810,22 +518,6 @@
"type": "github"
}
},
"wallpapers": {
"flake": false,
"locked": {
"lastModified": 1657544922,
"narHash": "sha256-1c1uDz37MhksWC75myv6jao5q2mIzD8X8I+TykXXmWg=",
"owner": "exorcist365",
"repo": "wallpapers",
"rev": "8d2860ac6c05cec0f78d5c9d07510f4ff5da90dc",
"type": "gitlab"
},
"original": {
"owner": "exorcist365",
"repo": "wallpapers",
"type": "gitlab"
}
},
"wsl": {
"inputs": {
"flake-compat": "flake-compat_2",
@ -834,11 +526,11 @@
]
},
"locked": {
"lastModified": 1736095716,
"narHash": "sha256-csysw/Szu98QDiA2lhWk9seYOyCebeVEWL89zh1cduM=",
"lastModified": 1749574455,
"narHash": "sha256-fm2/8KPOYvvIAnNVtjDlTt/My00lIbZQ+LMrfQIWVzs=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "63c3b4ed1712a3a0621002cd59bfdc80875ecbb0",
"rev": "917af390377c573932d84b5e31dd9f2c1b5c0f09",
"type": "github"
},
"original": {
@ -847,6 +539,50 @@
"type": "github"
}
},
"yazi": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1751469973,
"narHash": "sha256-5Y1aVAYFmV20kmkhcHEQrDDvHiJVQGyYhD1SBCp639E=",
"owner": "sxyazi",
"repo": "yazi",
"rev": "c7f800ad7ecf76e3431ad1b7005fa24b53726802",
"type": "github"
},
"original": {
"owner": "sxyazi",
"repo": "yazi",
"type": "github"
}
},
"zellij-switch": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay_3",
"systems": "systems_4"
},
"locked": {
"lastModified": 1742588229,
"narHash": "sha256-IPg0pBw0ciF+xl6viq3nK+dvZoDZrfBDui7dkPLz258=",
"owner": "mostafaqanbaryan",
"repo": "zellij-switch",
"rev": "0e3c303c19890ccb03589230ac5a7c4307e573e4",
"type": "github"
},
"original": {
"owner": "mostafaqanbaryan",
"repo": "zellij-switch",
"type": "github"
}
},
"zenyd-mpv-scripts": {
"flake": false,
"locked": {

547
flake.nix
View File

@ -34,12 +34,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
# # Use official Firefox binary for macOS
# firefox-darwin = {
# url = "github:bandithedoge/nixpkgs-firefox-darwin";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# Better App install management in macOS
mac-app-util = {
url = "github:hraban/mac-app-util";
@ -52,12 +46,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
# Wallpapers
wallpapers = {
url = "gitlab:exorcist365/wallpapers";
flake = false;
};
# Used to generate NixOS images for other platforms
nixos-generators = {
url = "github:nix-community/nixos-generators";
@ -70,396 +58,206 @@
inputs.nixpkgs.follows = "nixpkgs";
};
# Neovim plugins
base16-nvim-src = {
url = "github:RRethy/base16-nvim";
flake = false;
};
nvim-lspconfig-src = {
# https://github.com/neovim/nvim-lspconfig/tags
url = "github:neovim/nvim-lspconfig/v0.1.8";
flake = false;
};
cmp-nvim-lsp-src = {
url = "github:hrsh7th/cmp-nvim-lsp";
flake = false;
};
baleia-nvim-src = {
# https://github.com/m00qek/baleia.nvim/tags
url = "github:m00qek/baleia.nvim";
flake = false;
};
nvim-treesitter-src = {
# https://github.com/nvim-treesitter/nvim-treesitter/tags
url = "github:nvim-treesitter/nvim-treesitter/v0.9.2";
flake = false;
};
telescope-nvim-src = {
# https://github.com/nvim-telescope/telescope.nvim/releases
url = "github:nvim-telescope/telescope.nvim/0.1.8";
flake = false;
};
telescope-project-nvim-src = {
url = "github:nvim-telescope/telescope-project.nvim";
flake = false;
};
toggleterm-nvim-src = {
# https://github.com/akinsho/toggleterm.nvim/tags
url = "github:akinsho/toggleterm.nvim/v2.12.0";
flake = false;
};
bufferline-nvim-src = {
# https://github.com/akinsho/bufferline.nvim/releases
url = "github:akinsho/bufferline.nvim/v4.6.1";
flake = false;
};
nvim-tree-lua-src = {
url = "github:kyazdani42/nvim-tree.lua";
flake = false;
};
hmts-nvim-src = {
url = "github:calops/hmts.nvim";
flake = false;
};
fidget-nvim-src = {
# https://github.com/j-hui/fidget.nvim/tags
url = "github:j-hui/fidget.nvim/v1.4.5";
flake = false;
};
nvim-lint-src = {
url = "github:mfussenegger/nvim-lint";
flake = false;
};
tiny-inline-diagnostic-nvim-src = {
url = "github:rachartier/tiny-inline-diagnostic.nvim";
flake = false;
};
snipe-nvim-src = {
url = "github:leath-dub/snipe.nvim";
flake = false;
};
# Tree-Sitter Grammars
tree-sitter-bash = {
url = "github:tree-sitter/tree-sitter-bash/master";
flake = false;
};
tree-sitter-python = {
url = "github:tree-sitter/tree-sitter-python/master";
flake = false;
};
tree-sitter-lua = {
url = "github:MunifTanjim/tree-sitter-lua/main";
flake = false;
};
tree-sitter-ini = {
url = "github:justinmk/tree-sitter-ini";
flake = false;
};
tree-sitter-puppet = {
url = "github:amaanq/tree-sitter-puppet";
flake = false;
};
tree-sitter-rasi = {
url = "github:Fymyte/tree-sitter-rasi";
flake = false;
};
tree-sitter-vimdoc = {
url = "github:neovim/tree-sitter-vimdoc";
flake = false;
};
# MPV Scripts
zenyd-mpv-scripts = {
url = "github:zenyd/mpv-scripts";
flake = false;
};
# # Git alternative
# # Fixes: https://github.com/martinvonz/jj/issues/4784
# jujutsu = {
# url = "github:martinvonz/jj";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# Zellij Switcher
zellij-switch = {
url = "github:mostafaqanbaryan/zellij-switch";
inputs.nixpkgs.follows = "nixpkgs";
};
# Nextcloud Apps
nextcloud-news = {
# https://github.com/nextcloud/news/releases
url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz";
flake = false;
# Text editor
helix = {
url = "github:helix-editor/helix";
inputs.nixpkgs.follows = "nixpkgs";
};
nextcloud-external = {
# https://github.com/nextcloud-releases/external/releases
url = "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz";
flake = false;
};
nextcloud-cookbook = {
# https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz";
flake = false;
};
nextcloud-snappymail = {
# https://github.com/the-djmaze/snappymail/releases
# https://snappymail.eu/repository/nextcloud
url = "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz";
# url = "https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.3/snappymail-2.36.3-nextcloud.tar.gz";
flake = false;
# Terminal file manager
yazi = {
url = "github:sxyazi/yazi";
inputs.nixpkgs.follows = "nixpkgs";
};
# # Nextcloud Apps
# nextcloud-news = {
# # https://github.com/nextcloud/news/releases
# url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz";
# flake = false;
# };
# nextcloud-external = {
# # https://github.com/nextcloud-releases/external/releases
# url = "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz";
# flake = false;
# };
# nextcloud-cookbook = {
# # https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
# url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz";
# flake = false;
# };
# nextcloud-snappymail = {
# # https://github.com/the-djmaze/snappymail/releases
# # https://snappymail.eu/repository/nextcloud
# url = "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz";
# # url = "https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.3/snappymail-2.36.3-nextcloud.tar.gz";
# flake = false;
# };
};
outputs =
{ nixpkgs, ... }@inputs:
let
# Global configuration for my systems
globals =
hostnames =
let
baseName = "masu.rs";
in
rec {
user = "noah";
fullName = "Noah Masur";
gitName = fullName;
gitEmail = "7386960+nmasur@users.noreply.github.com";
mail.server = "noahmasur.com";
mail.imapHost = "imap.purelymail.com";
mail.smtpHost = "smtp.purelymail.com";
dotfilesRepo = "https://github.com/nmasur/dotfiles";
hostnames = {
audiobooks = "read.${baseName}";
budget = "money.${baseName}";
files = "files.${baseName}";
git = "git.${baseName}";
influxdb = "influxdb.${baseName}";
irc = "irc.${baseName}";
metrics = "metrics.${baseName}";
minecraft = "minecraft.${baseName}";
n8n = "n8n.${baseName}";
notifications = "ntfy.${baseName}";
prometheus = "prom.${baseName}";
paperless = "paper.${baseName}";
photos = "photos.${baseName}";
secrets = "vault.${baseName}";
stream = "stream.${baseName}";
content = "cloud.${baseName}";
books = "books.${baseName}";
download = "download.${baseName}";
status = "status.${baseName}";
transmission = "transmission.${baseName}";
};
};
# Common overlays to always use
overlays = [
inputs.nur.overlays.default
inputs.nix2vim.overlay
# inputs.jujutsu.overlays.default # Fix: https://github.com/martinvonz/jj/issues/4784
(import ./overlays/neovim-plugins.nix inputs)
(import ./overlays/tree-sitter.nix inputs)
(import ./overlays/mpv-scripts.nix inputs)
(import ./overlays/nextcloud-apps.nix inputs)
];
# System types to support.
supportedSystems = [
"x86_64-linux"
"x86_64-darwin"
"aarch64-linux"
"aarch64-darwin"
];
# Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
# { system -> pkgs }
pkgsBySystem = forAllSystems (system: import nixpkgs { inherit system overlays; });
# stablePkgsBySystem = forAllSystems (system: import nixpkgs { inherit system overlays; });
buildHome =
{ pkgs, modules }:
inputs.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules = modules ++ [
./platforms/home-manager
];
};
buildNixos =
{ pkgs, modules }:
nixpkgs.lib.nixosSystem {
inherit pkgs;
modules = modules ++ [
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
inputs.wsl.nixosModules.wsl
./platforms/nixos
];
};
buildDarwin =
{ pkgs, modules }:
inputs.darwin.lib.darwinSystem {
inherit pkgs;
modules = modules ++ [
inputs.home-manager.darwinModules.home-manager
inputs.mac-app-util.darwinModules.default
./platforms/nix-darwin
];
{
audiobooks = "read.${baseName}";
bookmarks = "keep.${baseName}";
books = "books.${baseName}";
budget = "money.${baseName}";
content = "cloud.${baseName}";
download = "download.${baseName}";
files = "files.${baseName}";
git = "git.${baseName}";
imap = "imap.purelymail.com";
influxdb = "influxdb.${baseName}";
irc = "irc.${baseName}";
mail = "noahmasur.com";
mathesar = "mathesar.${baseName}";
metrics = "metrics.${baseName}";
minecraft = "minecraft.${baseName}";
n8n = "n8n.${baseName}";
notifications = "ntfy.${baseName}";
paperless = "paper.${baseName}";
photos = "photos.${baseName}";
postgresql = "pg.${baseName}";
prometheus = "prom.${baseName}";
secrets = "vault.${baseName}";
smtp = "smtp.purelymail.com";
status = "status.${baseName}";
stream = "stream.${baseName}";
transmission = "transmission.${baseName}";
};
in
rec {
# The plan
# Import all the host configurations as modules
# Setup the modules as nixosModules, homeModules, darwinModules
# Create nixosConfigurations using the different pkgs for each system
# What to do with home config?
lib = import ./lib inputs;
flattenAttrset = attrs: builtins.foldl' lib.mergeAttrs { } (builtins.attrValues attrs);
nixosModules = import ./hosts/x86_64-linux nixpkgs // import ./hosts/aarch64-linux nixpkgs;
nixosConfigurations = flattenAttrset (
builtins.mapAttrs (
system: hosts:
builtins.mapAttrs (
name: module:
lib.buildNixos {
inherit system module;
specialArgs = { inherit hostnames; };
}
) hosts
) lib.linuxHosts
);
# Contains my full system builds, including home-manager
# nixos-rebuild switch --flake .#tempest
nixosConfigurations =
(builtins.mapAttrs (
name: module:
buildNixos {
pkgs = pkgsBySystem.x86_64-linux;
modules = [ module ];
}
) nixosModules)
// (builtins.mapAttrs (
name: module:
buildNixos {
pkgs = pkgsBySystem.aarch64-linux;
modules = [ module ];
}
) nixosModules);
# builtins.mapAttrs buildNixos {
# pkgs = pkgsBySystem.x86_64-linux;
# modules = import ./hosts/x86_64-linux;
# }
# // builtins.mapAttrs buildNixos {
# pkgs = pkgsBySystem.aarch64-linux;
# modules = import ./hosts/aarch64-linux;
# };
darwinConfigurations = flattenAttrset (
builtins.mapAttrs (
system: hosts:
builtins.mapAttrs (
name: module:
lib.buildDarwin {
inherit system module;
specialArgs = { inherit hostnames; };
}
) hosts
) lib.darwinHosts
);
# Contains my full Mac system builds, including home-manager
# darwin-rebuild switch --flake .#lookingglass
darwinConfigurations = builtins.mapAttrs buildDarwin {
pkgs = pkgsBySystem.aarch64-darwin;
modules = import ./hosts/darwin;
};
homeModules = builtins.mapAttrs (
system: hosts:
builtins.mapAttrs (
name: module: (builtins.head (lib.attrsToList module.home-manager.users)).value
) hosts
) lib.hosts;
# For quickly applying home-manager settings with:
# home-manager switch --flake .#tempest
homeConfigurations = rec {
default = personal;
work = buildHome {
pkgs = pkgsBySystem.aarch64-darwin;
modules = { };
};
personal = buildHome {
};
tempest = nixosConfigurations.tempest.config.home-manager.users.${globals.user}.home;
lookingglass = darwinConfigurations.lookingglass.config.home-manager.users."Noah.Masur".home;
};
homeConfigurations = flattenAttrset (
builtins.mapAttrs (
system: hosts:
builtins.mapAttrs (
name: module:
lib.buildHome {
inherit system module;
specialArgs = { inherit hostnames; };
}
) hosts
) homeModules
);
# Disk formatting, only used once
diskoConfigurations = {
root = import ./disks/root.nix;
root = import ./hosts/x86_64-linux/swan/root.nix;
};
packages =
let
staff =
system:
import ./hosts/staff {
inherit
inputs
globals
overlays
system
;
};
neovim =
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
import ./modules/common/neovim/package {
inherit pkgs;
colors = (import ./colorscheme/gruvbox-dark).dark;
};
in
{
x86_64-linux.staff = staff "x86_64-linux";
x86_64-linux.arrow = inputs.nixos-generators.nixosGenerate rec {
system = "x86_64-linux";
format = "iso";
modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; };
};
x86_64-linux.arrow-aws = inputs.nixos-generators.nixosGenerate rec {
system = "x86_64-linux";
generators = builtins.mapAttrs (
# x86_64-linux = { arrow = ...; swan = ...; }
system: hosts:
(lib.concatMapAttrs (name: module: {
"${name}-aws" = lib.generateImage {
inherit system module;
format = "amazon";
modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; } ++ [
(
{ ... }:
{
boot.kernelPackages = inputs.nixpkgs.legacyPackages.x86_64-linux.linuxKernel.packages.linux_6_6;
amazonImage.sizeMB = 16 * 1024;
permitRootLogin = "prohibit-password";
boot.loader.systemd-boot.enable = inputs.nixpkgs.lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = inputs.nixpkgs.lib.mkForce false;
services.amazon-ssm-agent.enable = true;
users.users.ssm-user.extraGroups = [ "wheel" ];
}
)
];
specialArgs = { inherit hostnames; };
};
"${name}-iso" = lib.generateImage {
inherit system module;
format = "iso";
specialArgs = { inherit hostnames; };
};
"${name}-qcow" = lib.generateImage {
inherit system module;
format = "qcow-efi";
specialArgs = { inherit hostnames; };
# extraModules = [ "${nixpkgs}/nixos/modules/virtualisation/oci-image.nix" ];
};
}) hosts)
) lib.linuxHosts # x86_64-linux = { arrow = ...; swan = ...; }
;
# Package Neovim config into standalone package
x86_64-linux.neovim = neovim "x86_64-linux";
x86_64-darwin.neovim = neovim "x86_64-darwin";
aarch64-linux.neovim = neovim "aarch64-linux";
aarch64-darwin.neovim = neovim "aarch64-darwin";
};
# packages =
# lib.forSystems lib.linuxSystems (
# system: generateImagesForHosts system // lib.pkgsBySystem.${system}.nmasur
# )
# // lib.forSystems lib.darwinSystems (system: lib.pkgsBySystem.${system}.nmasur);
# Programs that can be run by calling this flake
apps = forAllSystems (
packages = lib.forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
import ./apps { inherit pkgs; }
# Share the custom packages that I have placed under the nmasur namespace
lib.pkgsBySystem.${system}.nmasur
//
# Share generated images for each relevant host
(if (lib.hasInfix "linux" system) then generators.${system} else { })
# //
# # Oracle
# {
# flame-oci = nixosConfigurations.flame.config.system.build.OCIImage;
# }
);
# Development environments
devShells = forAllSystems (
devShells = lib.forAllSystems (system: {
default = lib.pkgsBySystem.${system}.nmasur.dotfiles-devshell;
});
checks = lib.forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
{
# Used to run commands and edit files in this repo
default = pkgs.mkShell {
buildInputs = with pkgs; [
git
stylua
nixfmt-rfc-style
shfmt
shellcheck
];
pkgs = import nixpkgs {
inherit system;
overlays = lib.overlays;
};
}
);
checks = forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
{
neovim =
@ -478,37 +276,18 @@
}
);
formatter = forAllSystems (
formatter = lib.forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system overlays; };
pkgs = import nixpkgs {
inherit system;
inherit (lib) overlays;
};
in
pkgs.nixfmt-rfc-style
);
# Templates for starting other projects quickly
templates = rec {
default = basic;
basic = {
path = ./templates/basic;
description = "Basic program template";
};
poetry = {
path = ./templates/poetry;
description = "Poetry template";
};
python = {
path = ./templates/python;
description = "Legacy Python template";
};
haskell = {
path = ./templates/haskell;
description = "Haskell template";
};
rust = {
path = ./templates/rust;
description = "Rust template";
};
};
templates = (import ./templates { inherit lib; });
};
}

View File

@ -1,26 +0,0 @@
# Hosts
These are the individual machines managed by this flake.
| Host | Purpose |
| --- | --- |
| [aws](./aws/default.nix) | AWS AMI |
| [staff](./staff/default.nix) | Live USB stick |
| [flame](./flame/default.nix) | Oracle cloud server |
| [hydra](./hydra/default.nix) | WSL config |
| [lookingglass](./lookingglass/default.nix) | Work MacBook |
| [swan](./swan/default.nix) | Home server |
| [tempest](./tempest/default.nix) | Linux desktop |
## NixOS Workflow
Each hosts file is imported into [nixosConfigurations](../flake.nix) and passed
the arguments from the flake (inputs, globals, overlays). The `nixosSystem`
function in that hosts file will be called by the NixOS module system during a
nixos-rebuild.
Each module in the each host's `modules` list is either a function or an
attrset. The attrsets will simply apply values to options that have been
declared in the config by other modules. Meanwhile, the functions will be
passed various arguments, several of which you will see listed at the top of
each of their files.

View File

@ -1,16 +0,0 @@
# Return a list of all nix-darwin hosts
{ lib, ... }:
lib.pipe (lib.filesystem.listFilesRecursive ./.) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Import each host function
map
(file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
})
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
]

View File

@ -1,60 +1,41 @@
# The Looking Glass
# System configuration for my work Macbook
{
inputs,
globals,
overlays,
...
}:
rec {
networking.hostName = "NYCM-NMASUR2";
networking.computerName = "NYCM-NMASUR2";
inputs.darwin.lib.darwinSystem {
system = "aarch64-darwin";
specialArgs = { };
modules = [
../../modules/common
../../modules/darwin
(
globals
// rec {
user = "Noah.Masur";
gitName = "Noah-Masur_1701";
gitEmail = "${user}@take2games.com";
}
)
inputs.home-manager.darwinModules.home-manager
inputs.mac-app-util.darwinModules.default
{
nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays;
networking.hostName = "NYCM-NMASUR2";
networking.computerName = "NYCM-NMASUR2";
identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
gui.enable = true;
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
dark = true;
};
mail.user = globals.user;
atuin.enable = true;
charm.enable = true;
neovim.enable = true;
mail.enable = true;
mail.aerc.enable = true;
mail.himalaya.enable = false;
kitty.enable = true;
discord.enable = true;
firefox.enable = true;
dotfiles.enable = true;
terraform.enable = true;
python.enable = true;
rust.enable = true;
lua.enable = true;
obsidian.enable = true;
kubernetes.enable = true;
_1password.enable = true;
slack.enable = true;
wezterm.enable = true;
yt-dlp.enable = true;
}
];
nmasur.settings = {
username = "Noah.Masur";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
work.enable = true;
extra.enable = true;
gaming.enable = true;
};
home-manager.users."Noah.Masur" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
host = "lookingglass";
};
nmasur.profiles = {
common.enable = true;
darwin-base.enable = true;
power-user.enable = true;
work.enable = true;
experimental.enable = true;
};
nmasur.presets.programs.git-work.work = {
name = "Noah-Masur_1701";
email = "${nmasur.settings.username}@take2games.com";
};
home.stateVersion = "23.05";
};
system.stateVersion = 5;
}

View File

@ -1,20 +0,0 @@
# Return a list of all NixOS hosts
{ nixpkgs, ... }:
let
inherit (nixpkgs) lib;
in
lib.pipe (lib.filesystem.listFilesRecursive ./.) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Import each host function
map
(file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
})
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
]

View File

@ -0,0 +1,168 @@
# The Flame
# System configuration for an Oracle free server
# How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
# These days, probably use nixos-anywhere instead.
rec {
networking.hostName = "flame";
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
server.enable = true;
communications.enable = true;
};
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
host = networking.hostName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
power-user.enable = true;
};
nmasur.presets.programs.helix.enable = true;
home.stateVersion = "23.05";
};
system.stateVersion = "23.05";
# File systems must be declared in order to boot
# # This is the root filesystem containing NixOS
# # I forgot to set a clean label for it
# fileSystems."/" = {
# device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
# fsType = "ext4";
# };
# # This is the boot filesystem for systemd-boot
# fileSystems."/boot" = {
# device = "/dev/disk/by-uuid/D5CA-237A";
# fsType = "vfat";
# };
# Allows private remote access over the internet
nmasur.presets.services.cloudflared = {
tunnel = {
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
credentialsFile = ./cloudflared-flame.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
};
};
# Taken from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/oci-common.nix
# fileSystems."/" = {
# device = "/dev/disk/by-label/nixos";
# fsType = "ext4";
# autoResize = true;
# };
# fileSystems."/boot" = {
# device = "/dev/disk/by-label/ESP";
# fsType = "vfat";
# };
boot.loader.efi.canTouchEfiVariables = false;
boot.loader.grub = {
device = "nodev";
splashImage = null;
extraConfig = ''
serial --unit=0 --speed=115200 --word=8 --parity=no --stop=1
terminal_input --append serial
terminal_output --append serial
'';
efiInstallAsRemovable = true;
efiSupport = true;
};
boot.loader.systemd-boot.enable = false;
# https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/configuringntpservice.htm#Configuring_the_Oracle_Cloud_Infrastructure_NTP_Service_for_an_Instance
networking.timeServers = [ "169.254.169.254" ];
boot.growPartition = true;
boot.kernelParams = [
"net.ifnames=0"
"nvme.shutdown_timeout=10"
"nvme_core.shutdown_timeout=10"
"libiscsi.debug_libiscsi_eh=1"
"crash_kexec_post_notifiers"
# aarch64-linux
"console=ttyAMA0,115200n8"
# VNC console
"console=tty1"
];
boot.initrd.availableKernelModules = [
"virtio_net"
"virtio_pci"
"virtio_mmio"
"virtio_blk"
"virtio_scsi"
"9p"
"9pnet_virtio"
];
boot.initrd.kernelModules = [
"virtio_balloon"
"virtio_console"
"virtio_rng"
"virtio_gpu"
];
networking.useDHCP = true;
# networking = {
# defaultGateway = "10.0.0.1";
# interfaces.eth0 = {
# ipAddress = throw "set your own";
# prefixLength = 24;
# };
# };
disko.devices = {
disk = {
main = {
type = "disk";
# device = "/dev/oracleoci/oraclevda"; # Consistent volume naming
device = "/dev/sda"; # Consistent volume naming
content = {
type = "gpt";
partitions = {
boot = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
# # Otherwise the instance may not have a working network-online.target,
# # making the fetch-ssh-keys.service fail
# networking.useNetworkd = true;
}

View File

@ -1,6 +1,47 @@
# Return a list of all hosts
nixpkgs:
let
inherit (nixpkgs) lib;
in
{
darwin-hosts = import ./aarch64-darwin;
linux-hosts = import ./x86_64-linux // import ./aarch64-linux;
# darwin-hosts = import ./darwin;
aarch64-darwin-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./aarch64-darwin) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Import each host function
(map (file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
}))
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
];
aarch64-linux-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./aarch64-linux) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Remove the first file
(builtins.filter (name: name != ./aarch64-linux/default.nix))
# Import each host function
(map (file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
}))
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
];
x86_64-linux-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./x86_64-linux) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Import each host function
(map (file: {
# name = lib.removeSuffix ".nix" (builtins.baseNameOf file);
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
}))
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
];
}

View File

@ -1,54 +0,0 @@
# The Flame
# System configuration for an Oracle free server
# How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
# These days, probably use nixos-anywhere instead.
rec {
# Hardware
networking.hostName = "flame";
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
server.enable = true;
communications.enable = true;
};
home-manager.users."noah" = {
nmasur.settings = nmasur.settings;
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
};
};
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
# I forgot to set a clean label for it
fileSystems."/" = {
device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
fsType = "ext4";
};
# This is the boot filesystem for systemd-boot
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D5CA-237A";
fsType = "vfat";
};
# Allows private remote access over the internet
nmasur.presets.services.cloudflared = {
tunnel = {
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
credentialsFile = ../../private/cloudflared-flame.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
};
};
}

View File

@ -0,0 +1 @@
# No x86 Darwin Hosts Currently

View File

@ -1,41 +1,47 @@
# The Arrow
# System configuration for temporary VM
{
inputs,
globals,
overlays,
...
}:
rec {
# Hardware
networking.hostName = "arrow";
inputs.nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
modules = import ./modules.nix { inherit inputs globals overlays; } ++ [
{
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
nmasur.profiles = {
base.enable = true;
server.enable = true;
};
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
host = networking.hostName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
};
home.stateVersion = "23.05";
};
system.stateVersion = "23.05";
# These filesystems are ignored by nixos-generators
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
virtualisation.vmVariant = {
virtualisation.forwardPorts = [
{
from = "host";
host.port = 2222;
guest.port = 22;
}
];
};
}
];
}

View File

@ -1,32 +0,0 @@
{
inputs,
globals,
overlays,
}:
[
globals
inputs.home-manager.nixosModules.home-manager
{
nixpkgs.overlays = overlays;
networking.hostName = "arrow";
physical = false;
server = true;
gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark;
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw deploy"
];
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
cloudflare.enable = true;
services.openssh.enable = true;
services.caddy.enable = true;
services.n8n.enable = true;
# nix-index seems to eat up too much memory for Vultr
home-manager.users.${globals.user}.programs.nix-index.enable = inputs.nixpkgs.lib.mkForce false;
}
../../modules/common
../../modules/nixos
]

View File

@ -1,20 +0,0 @@
# Return a list of all NixOS hosts
{ nixpkgs, ... }:
let
inherit (nixpkgs) lib;
in
lib.pipe (lib.filesystem.listFilesRecursive ./.) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Import each host function
map
(file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
})
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
]

View File

@ -1,51 +1,54 @@
# The Hydra
# System configuration for WSL
# See [readme](../README.md) to explain how this file works.
rec {
# Hardware
networking.hostName = "hydra";
{
inputs,
globals,
overlays,
...
}:
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
../../modules/common
../../modules/nixos
../../modules/wsl
globals
inputs.wsl.nixosModules.wsl
inputs.home-manager.nixosModules.home-manager
{
networking.hostName = "hydra";
nixpkgs.overlays = overlays;
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = false;
theme = {
colors = (import ../../colorscheme/gruvbox).dark;
dark = true;
};
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
wsl = {
enable = true;
wslConf.automount.root = "/mnt";
defaultUser = globals.user;
startMenuLaunchers = true;
nativeSystemd = true;
wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN
interop.includePath = false; # Including Windows PATH will slow down Neovim command mode
};
nmasur.profiles = {
base.enable = true;
wsl.enable = true;
};
neovim.enable = true;
mail.enable = true;
mail.aerc.enable = true;
mail.himalaya.enable = true;
dotfiles.enable = true;
lua.enable = true;
}
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
host = networking.hostName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
power-user.enable = true;
};
home.stateVersion = "23.05";
};
system.stateVersion = "23.05";
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
];
}

View File

@ -1,53 +1,68 @@
# The Staff
# ISO configuration for my USB drive
# System configuration test
{
inputs,
system,
overlays,
...
}:
rec {
# Hardware
networking.hostName = "staff";
inputs.nixos-generators.nixosGenerate {
inherit system;
format = "install-iso";
modules = [
{
nixpkgs.overlays = overlays;
networking.hostName = "staff";
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
];
services.openssh = {
enable = true;
ports = [ 22 ];
allowSFTP = true;
settings = {
GatewayPorts = "no";
X11Forwarding = false;
PasswordAuthentication = false;
PermitRootLogin = "yes";
};
};
environment.systemPackages =
let
pkgs = import inputs.nixpkgs { inherit system overlays; };
in
with pkgs;
[
git
vim
wget
curl
(import ../../modules/common/neovim/package {
inherit pkgs;
colors = (import ../../colorscheme/gruvbox).dark;
})
];
nix.extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
}
];
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
home.enable = true;
gui.enable = true;
};
nmasur.presets.services.cloudflared.enable = false;
nmasur.presets.services.kanata.enable = false;
nmasur.presets.services.openssh.enable = true;
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
host = networking.hostName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
linux-gui.enable = true;
power-user.enable = true;
};
nmasur.presets.services.mbsync = {
user = nmasur.settings.username;
server = "noahmasur.com";
};
home.stateVersion = "23.05";
};
system.stateVersion = "23.05";
# Not sure what's necessary but too afraid to remove anything
# File systems must be declared in order to boot
# Required to have a boot loader to work
boot.loader.systemd-boot.enable = true;
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# Allows private remote access over the internet
# nmasur.presets.services.cloudflared = {
# tunnel = {
# id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
# credentialsFile = ../../private/cloudflared-tempest.age;
# ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
# };
# };
}

View File

@ -1,142 +1,82 @@
# The Swan
# System configuration for my home NAS server
{
inputs,
globals,
overlays,
...
}:
rec {
networking.hostName = "swan";
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
globals
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
../../modules/common
../../modules/nixos
{
nixpkgs.overlays = overlays;
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
# Hardware
server = true;
physical = true;
networking.hostName = "swan";
nmasur.profiles = {
base.enable = true;
server.enable = true;
home.enable = true;
nas.enable = true;
shared-media.enable = true;
};
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
];
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
host = networking.hostName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
power-user.enable = true;
};
home.stateVersion = "23.05";
};
# Required for transcoding
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelParams = [
"radeon.si_support=0"
"amdgpu.si_support=1"
"radeon.cik_support=0"
"amdgpu.cik_support=1"
"amdgpu.dc=1"
];
system.stateVersion = "23.05";
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize efficiency over performance
powerManagement.cpuFreqGovernor = "powersave";
# Allow firmware updates
hardware.cpu.intel.updateMicrocode = true;
# ZFS
zfs.enable = true;
# Generated with: head -c 8 /etc/machine-id
networking.hostId = "600279f4"; # Random ID required for ZFS
# Sets root ext4 filesystem instead of declaring it manually
disko = {
enableConfig = true;
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
};
zramSwap.enable = true;
swapDevices = [
{
device = "/swapfile";
size = 4 * 1024; # 4 GB
}
];
boot.zfs = {
# Automatically load the ZFS pool on boot
extraPools = [ "tank" ];
# Only try to decrypt datasets with keyfiles
requestEncryptionCredentials = [
"tank/archive"
"tank/generic"
"tank/nextcloud"
"tank/generic/git"
];
# If password is requested and fails, continue to boot eventually
passwordTimeout = 300;
};
# Theming
# Server doesn't require GUI
gui.enable = false;
# Still require colors for programs like Neovim, K9S
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
};
# Programs and services
atuin.enable = true;
neovim.enable = true;
cloudflare.enable = true;
dotfiles.enable = true;
arrs.enable = true;
filebrowser.enable = true;
services.audiobookshelf.enable = true;
services.bind.enable = true;
services.caddy.enable = true;
services.immich.enable = true;
services.jellyfin.enable = true;
services.nextcloud.enable = true;
services.calibre-web.enable = true;
services.openssh.enable = true;
services.prometheus.enable = false;
services.vmagent.enable = true;
services.samba.enable = true;
services.paperless.enable = true;
services.postgresql.enable = true;
system.autoUpgrade.enable = false;
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
credentialsFile = ../../private/cloudflared-swan.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
};
# Send regular backups and litestream for DBs to an S3-like bucket
backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup";
accessKeyId = "0026b0e73b2e2c80000000005";
resticBucket = "noahmasur-restic";
};
# Disable passwords, only use SSH key
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
];
}
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
];
# Required for transcoding
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelParams = [
"radeon.si_support=0"
"amdgpu.si_support=1"
"radeon.cik_support=0"
"amdgpu.cik_support=1"
"amdgpu.dc=1"
];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize efficiency over performance
powerManagement.cpuFreqGovernor = "powersave";
# Allow firmware updates
hardware.cpu.intel.updateMicrocode = true;
# ZFS
# Generated with: head -c 8 /etc/machine-id
networking.hostId = "600279f4"; # Random ID required for ZFS
# Sets root ext4 filesystem instead of declaring it manually
disko = {
enableConfig = true;
devices = (import ./root.nix { disk = "/dev/nvme0n1"; });
};
# Allows private remote access over the internet
nmasur.presets.services.cloudflared = {
tunnel = {
id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
credentialsFile = ./cloudflared-swan.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
};
};
}

View File

@ -1,153 +1,110 @@
# The Tempest
# System configuration for my desktop
{
inputs,
globals,
overlays,
...
}:
rec {
# Hardware
networking.hostName = "tempest";
inputs.nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
modules = [
globals
inputs.home-manager.nixosModules.home-manager
../../modules/common
../../modules/nixos
{
nixpkgs.overlays = overlays;
# Hardware
physical = true;
networking.hostName = "tempest";
nmasur.profiles = {
base.enable = true;
home.enable = true;
gui.enable = true;
gaming.enable = true;
};
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
nmasur.presets.services.grub.enable = true;
# Graphics and VMs
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
services.xserver.videoDrivers = [ "amdgpu" ];
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
host = networking.hostName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
linux-gui.enable = true;
linux-gaming.enable = true;
power-user.enable = true;
developer.enable = true;
experimental.enable = true;
};
home.stateVersion = "23.05";
};
# I don't think I need this?
# boot.kernelParams = [
# "video=DP-0:2560x1440@165"
# "video=DP-1:1920x1080@60"
# ];
system.stateVersion = "23.05";
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize performance over efficiency
powerManagement.cpuFreqGovernor = "performance";
# Allow firmware updates
hardware.cpu.amd.updateMicrocode = true;
# Helps reduce GPU fan noise under idle loads
hardware.fancontrol.enable = true;
hardware.fancontrol.config = ''
# Configuration file generated by pwmconfig, changes will be lost
INTERVAL=10
DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
DEVNAME=hwmon0=amdgpu
FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
FCFANS= hwmon0/pwm1=hwmon0/fan1_input
MINTEMP=hwmon0/pwm1=50
MAXTEMP=hwmon0/pwm1=70
MINSTART=hwmon0/pwm1=100
MINSTOP=hwmon0/pwm1=10
MINPWM=hwmon0/pwm1=10
MAXPWM=hwmon0/pwm1=240
'';
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# Secrets must be prepared ahead before deploying
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
# Theming
# Turn on all features related to desktop and graphical applications
gui.enable = true;
# Set the system-wide theme, also used for non-graphical programs
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
dark = true;
};
wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg";
gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
# Programs and services
atuin.enable = true;
charm.enable = true;
neovim.enable = true;
media.enable = true;
dotfiles.enable = true;
firefox.enable = true;
kitty.enable = true;
_1password.enable = true;
discord.enable = true;
nautilus.enable = true;
obsidian.enable = true;
mail.enable = true;
mail.aerc.enable = true;
mail.himalaya.enable = true;
keybase.enable = true;
mullvad.enable = false;
rust.enable = true;
terraform.enable = true;
wezterm.enable = true;
yt-dlp.enable = true;
gaming = {
dwarf-fortress.enable = true;
enable = true;
steam.enable = true;
moonlight.enable = true;
legendary.enable = true;
lutris.enable = true;
ryujinx.enable = true;
};
services.vmagent.enable = true; # Enables Prometheus metrics
services.openssh.enable = true; # Required for Cloudflare tunnel and identity file
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
credentialsFile = ../../private/cloudflared-tempest.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
};
# Allows requests to force machine to wake up
# This network interface might change, needs to be set specifically for each machine.
# Or set usePredictableInterfaceNames = false
networking.interfaces.enp5s0.wakeOnLan.enable = true;
}
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
# Graphics and VMs
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
services.xserver.videoDrivers = [ "amdgpu" ];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize performance over efficiency
powerManagement.cpuFreqGovernor = "performance";
# Allow firmware updates
hardware.cpu.amd.updateMicrocode = true;
# Helps reduce GPU fan noise under idle loads
hardware.fancontrol.enable = true;
hardware.fancontrol.config = ''
# Configuration file generated by pwmconfig, changes will be lost
INTERVAL=10
DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
DEVNAME=hwmon0=amdgpu
FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
FCFANS= hwmon0/pwm1=hwmon0/fan1_input
MINTEMP=hwmon0/pwm1=50
MAXTEMP=hwmon0/pwm1=70
MINSTART=hwmon0/pwm1=100
MINSTOP=hwmon0/pwm1=10
MINPWM=hwmon0/pwm1=10
MAXPWM=hwmon0/pwm1=240
'';
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# Allows private remote access over the internet
nmasur.presets.services.cloudflared = {
tunnel = {
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
credentialsFile = ./cloudflared-tempest.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
};
};
# Allows requests to force machine to wake up
# This network interface might change, needs to be set specifically for each machine.
# Or set usePredictableInterfaceNames = false
networking.interfaces.enp5s0.wakeOnLan.enable = true;
}

234
lib/default.nix Normal file
View File

@ -0,0 +1,234 @@
inputs:
let
lib = inputs.nixpkgs.lib;
in
lib
// rec {
# Returns all files in a directory matching a suffix
filesInDirectoryWithSuffix =
directory: suffix:
lib.pipe (lib.filesystem.listFilesRecursive directory) [
# Get only files ending in .nix
(builtins.filter (name: lib.hasSuffix suffix name))
];
# Returns all files ending in .nix for a directory
nixFiles = directory: filesInDirectoryWithSuffix directory ".nix";
# Returns all files ending in default.nix for a directory
defaultFiles = directory: filesInDirectoryWithSuffix directory "default.nix";
# Imports all files in a directory and passes inputs
importOverlays =
directory:
lib.pipe (nixFiles directory) [
# Import each overlay file
(map (file: (import file) inputs))
];
# Import default files as attrset with keys provided by parent directory
defaultFilesToAttrset =
directory:
lib.pipe (defaultFiles directory) [
# Import each file
(map (file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
}))
# Convert to an attrset of parent dir name -> file
(builtins.listToAttrs)
];
# [ package1/package.nix package2/package.nix package2/hello.sh ]
buildPkgsFromDirectoryAndPkgs =
directory: pkgs:
lib.pipe (filesInDirectoryWithSuffix directory "package.nix") [
# Apply callPackage to create a derivation
# Must use final.callPackage to avoid infinite recursion
# [ package1.drv package2.drv ]
(builtins.map (name: pkgs.callPackage name { }))
# Convert the list to an attrset with keys from pname or name attr
# { package1 = package1.drv, package2 = package2.drv }
(builtins.listToAttrs (
map (v: {
name = v."pname" or v."name";
value = v;
})
))
];
# Common overlays to always use
overlays = [
inputs.nur.overlays.default
inputs.nix2vim.overlay
inputs.zellij-switch.overlays.default
inputs.helix.overlays.default
inputs.yazi.overlays.default
] ++ (importOverlays ../overlays);
# System types to support.
supportedSystems = [
"x86_64-linux"
"x86_64-darwin"
"aarch64-linux"
"aarch64-darwin"
];
# Split system types by operating system
linuxSystems = builtins.filter (lib.hasSuffix "linux") supportedSystems;
darwinSystems = builtins.filter (lib.hasSuffix "darwin") supportedSystems;
# Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
forSystems = systems: lib.genAttrs systems;
forAllSystems = lib.genAttrs supportedSystems;
# { x86_64-linux = { tempest = { settings = ...; }; }; };
hosts = forAllSystems (system: defaultFilesToAttrset ../hosts/${system});
linuxHosts = lib.filterAttrs (name: value: builtins.elem name linuxSystems) hosts;
darwinHosts = lib.filterAttrs (name: value: builtins.elem name darwinSystems) hosts;
# { system -> pkgs }
pkgsBySystem = forAllSystems (
system:
import inputs.nixpkgs {
inherit system overlays;
config.permittedInsecurePackages = [ "litestream-0.3.13" ];
config.allowUnfree = true;
}
);
colorscheme = defaultFilesToAttrset ../colorscheme;
homeModule = {
home-manager = {
# Include home-manager config in NixOS
sharedModules = nixFiles ../platforms/home-manager;
# Use the system-level nixpkgs instead of Home Manager's
useGlobalPkgs = lib.mkDefault true;
# Install packages to /etc/profiles instead of ~/.nix-profile, useful when
# using multiple profiles for one user
useUserPackages = lib.mkDefault true;
};
};
buildHome =
{
system,
module,
specialArgs,
}:
inputs.home-manager.lib.homeManagerConfiguration {
pkgs = pkgsBySystem.${system};
modules = [
{ imports = (nixFiles ../platforms/home-manager); }
module
];
extraSpecialArgs = {
inherit colorscheme;
} // specialArgs;
};
buildNixos =
{
system,
module,
specialArgs,
}:
inputs.nixpkgs.lib.nixosSystem {
inherit specialArgs;
pkgs = pkgsBySystem.${system};
modules = [
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
inputs.wsl.nixosModules.wsl
{ imports = (nixFiles ../platforms/nixos); }
module
{
home-manager = {
extraSpecialArgs = {
inherit colorscheme;
} // specialArgs;
} // homeModule.home-manager;
}
];
};
buildDarwin =
{
system,
module,
specialArgs,
}:
inputs.darwin.lib.darwinSystem {
inherit system specialArgs;
modules = [
inputs.home-manager.darwinModules.home-manager
inputs.mac-app-util.darwinModules.default
{
imports = (nixFiles ../platforms/nix-darwin);
nixpkgs.pkgs = pkgsBySystem.${system};
}
module
{
home-manager = {
extraSpecialArgs = {
inherit colorscheme;
} // specialArgs;
} // homeModule.home-manager;
}
];
};
generatorOptions = {
amazon = {
aws.enable = true;
};
iso = {
nmasur.profiles.wsl.enable = lib.mkForce false;
boot.loader.grub.enable = lib.mkForce false;
};
qcow-efi = {
nmasur.profiles.wsl.enable = lib.mkForce false;
boot.loader.grub.enable = lib.mkForce false;
fileSystems."/boot".device = lib.mkForce "/dev/disk/by-label/ESP";
};
};
generateImage =
{
system,
module,
format,
specialArgs,
}:
inputs.nixos-generators.nixosGenerate {
inherit system format;
pkgs = pkgsBySystem.${system};
modules = [
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
inputs.wsl.nixosModules.wsl
{
imports = (nixFiles ../platforms/nixos) ++ (nixFiles ../platforms/generators);
}
generatorOptions.${format}
module
{
home-manager = {
extraSpecialArgs = {
inherit colorscheme;
} // specialArgs;
} // homeModule.home-manager;
}
];
specialArgs = {
} // specialArgs;
};
}

View File

@ -1,9 +0,0 @@
# Modules
| Module | Purpose |
| --- | --- |
| [common](./common/default.nix) | User programs and OS-agnostic configuration |
| [darwin](./darwin/default.nix) | macOS-specific configuration |
| [nixos](./nixos/default.nix) | NixOS-specific configuration |
| [wsl](./wsl/default.nix) | WSL-specific configuration |

View File

@ -1,167 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./applications
./mail
./neovim
./programming
./repositories
./shell
];
options = {
# user = lib.mkOption {
# type = lib.types.str;
# description = "Primary user of the system";
# };
# fullName = lib.mkOption {
# type = lib.types.str;
# description = "Human readable name of the user";
# };
# userDirs = {
# # Required to prevent infinite recursion when referenced by himalaya
# download = lib.mkOption {
# type = lib.types.str;
# description = "XDG directory for downloads";
# default = if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads";
# };
# };
# identityFile = lib.mkOption {
# type = lib.types.str;
# description = "Path to existing private key file.";
# default = "/etc/ssh/ssh_host_ed25519_key";
# };
# homePath = lib.mkOption {
# type = lib.types.path;
# description = "Path of user's home directory.";
# default = builtins.toPath (
# if pkgs.stdenv.isDarwin then "/Users/${config.user}" else "/home/${config.user}"
# );
# };
# dotfilesPath = lib.mkOption {
# type = lib.types.path;
# description = "Path of dotfiles repository.";
# default = config.homePath + "/dev/personal/dotfiles";
# };
# dotfilesRepo = lib.mkOption {
# type = lib.types.str;
# description = "Link to dotfiles repository HTTPS URL.";
# };
# unfreePackages = lib.mkOption {
# type = lib.types.listOf lib.types.str;
# description = "List of unfree packages to allow.";
# default = [ ];
# };
# insecurePackages = lib.mkOption {
# type = lib.types.listOf lib.types.str;
# description = "List of insecure packages to allow.";
# default = [ ];
# };
# hostnames = {
# audiobooks = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for audiobook server (Audiobookshelf).";
# };
# budget = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for budgeting server (ActualBudget).";
# };
# files = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for files server (Filebrowser).";
# };
# git = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for git server (Gitea).";
# };
# metrics = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for metrics server.";
# };
# minecraft = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for Minecraft server.";
# };
# paperless = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for document server (paperless-ngx).";
# };
# photos = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for photo management (Immich).";
# };
# prometheus = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for Prometheus server.";
# };
# influxdb = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for InfluxDB2 server.";
# };
# secrets = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for passwords and secrets (Vaultwarden).";
# };
# stream = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for video/media library (Jellyfin).";
# };
# content = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for personal content system (Nextcloud).";
# };
# books = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for books library (Calibre-Web).";
# };
# download = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for download services.";
# };
# irc = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for IRC services.";
# };
# n8n = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for n8n automation.";
# };
# notifications = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for push notification services (ntfy).";
# };
# status = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for status page (Uptime-Kuma).";
# };
# transmission = lib.mkOption {
# type = lib.types.str;
# description = "Hostname for peer2peer downloads (Transmission).";
# };
# };
};
config =
let
stateVersion = "23.05";
in
{
# Allow specified unfree packages (identified elsewhere)
# Retrieves package object based on string name
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.unfreePackages;
# Allow specified insecure packages (identified elsewhere)
nixpkgs.config.permittedInsecurePackages = config.insecurePackages;
# Pin a state version to prevent warnings
home-manager.users.${config.user}.home.stateVersion = stateVersion;
home-manager.users.root.home.stateVersion = stateVersion;
};
}

View File

@ -0,0 +1,67 @@
{
config,
pkgs,
lib,
...
}:
{
home-manager.users.${config.user} = lib.mkIf pkgs.stdenv.isDarwin {
home.packages =
let
ldap_scheme = "ldaps";
magic_prefix = "take";
ldap_port = 3269;
jq_parse = pkgs.writeShellScriptBin "ljq" ''
jq --slurp \
--raw-input 'split("\n\n")|map(split("\n")|map(select(.[0:1]!="#" and length>0)) |select(length > 0)|map(capture("^(?<key>[^:]*:?): *(?<value>.*)") |if .key[-1:.key|length] == ":" then .key=.key[0:-1]|.value=(.value|@base64d) else . end)| group_by(.key) | map({key:.[0].key,value:(if .|length > 1 then [.[].value] else .[].value end)}) | from_entries)' | jq -r 'del(.[].thumbnailPhoto)'
'';
ldap_script = pkgs.writeShellScriptBin "ldap" ''
if ! [ "$LDAP_HOST" ]; then
echo "No LDAP_HOST specified!"
exit 1
fi
SEARCH_FILTER="$@"
ldapsearch -LLL \
-B -o ldif-wrap=no \
-E pr=5000/prompt \
-H "${ldap_scheme}://''${LDAP_HOST}:${builtins.toString ldap_port}" \
-D "${pkgs.lib.toUpper magic_prefix}2\\${pkgs.lib.toLower config.user}" \
-w "$(${pkgs._1password-cli}/bin/op item get T2 --fields label=password --reveal)" \
-b "dc=''${LDAP_HOST//./,dc=}" \
-s "sub" -x "(cn=''${SEARCH_FILTER})" \
| ${jq_parse}/bin/ljq
'';
ldapm_script = pkgs.writeShellScriptBin "ldapm" ''
if ! [ "$LDAP_HOST" ]; then
echo "No LDAP_HOST specified!"
exit 1
fi
${ldap_script}/bin/ldap "$@" | jq '[ .[].memberOf] | add'
'';
ldapg_script = pkgs.writeShellScriptBin "ldapg" ''
if ! [ "$LDAP_HOST" ]; then
echo "No LDAP_HOST specified!"
exit 1
fi
${ldap_script}/bin/ldap "$@" | jq '[ .[].member] | add'
'';
ldapl_script = pkgs.writeShellScriptBin "ldapl" ''
if ! [ "$LDAP_HOST" ]; then
echo "No LDAP_HOST specified!"
exit 1
fi
${ldap_script}/bin/ldap "*$@*" | jq -r '.[].name'
'';
in
[
ldap_script
ldapm_script
ldapg_script
ldapl_script
jq_parse
];
};
}

View File

@ -0,0 +1,56 @@
{
config,
pkgs,
lib,
...
}:
{
# Homebrew - Mac-specific packages that aren't in Nix
config = lib.mkIf pkgs.stdenv.isDarwin {
# # Requires Homebrew to be installed
system.activationScripts.preActivation.text = ''
if ! xcode-select --version 2>/dev/null; then
$DRY_RUN_CMD xcode-select --install
fi
if ! /opt/homebrew/bin/brew --version 2>/dev/null; then
$DRY_RUN_CMD /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
fi
'';
# Add homebrew paths to CLI path
home-manager.users.${config.user}.home.sessionPath = [
"/opt/homebrew/bin/"
"/opt/homebrew/opt/trash/bin/"
];
homebrew = {
enable = true;
onActivation = {
autoUpdate = false; # Don't update during rebuild
cleanup = "zap"; # Uninstall all programs not declared
upgrade = true;
};
global = {
brewfile = true; # Run brew bundle from anywhere
lockfiles = false; # Don't save lockfile (since running from anywhere)
};
brews = [
"trash" # Delete files and folders to trash instead of rm
];
casks = [
"1password" # 1Password will not launch from Nix on macOS
# "gitify" # Git notifications in menu bar (downgrade manually from 4.6.1)
"keybase" # GUI on Nix not available for macOS
# "logitech-g-hub" # Mouse and keyboard management
"logitune" # Logitech webcam firmware
"meetingbar" # Show meetings in menu bar
"scroll-reverser" # Different scroll style for mouse vs. trackpad
"notunes" # Don't launch Apple Music with the play button
"steam" # Not packaged for Nixon macOS
"epic-games" # Not packaged for Nix
];
};
};
}

View File

@ -1,2 +0,0 @@
# Disable dunst so that it's not attempting to reach a non-existent dunst service
_final: prev: { betterlockscreen = prev.betterlockscreen.override { withDunst = false; }; }

View File

@ -1,22 +0,0 @@
inputs: _final: prev: {
# Based on:
# https://git.sr.ht/~rycee/nur-expressions/tree/master/item/pkgs/firefox-addons/default.nix#L34
bypass-paywalls-clean =
let
addonId = "magnolia@12.34";
in
prev.stdenv.mkDerivation rec {
pname = "bypass-paywalls-clean";
version = "3.6.6.0";
src = inputs.bypass-paywalls-clean;
preferLocalBuild = true;
allowSubstitutes = true;
buildCommand = ''
dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
mkdir -p "$dst"
install -v -m644 "${src}" "$dst/${addonId}.xpi"
'';
};
}

View File

@ -23,22 +23,22 @@ in
vimPlugins = prev.vimPlugins // {
nvim-lspconfig = withSrc prev.vimPlugins.nvim-lspconfig inputs.nvim-lspconfig-src;
cmp-nvim-lsp = withSrc prev.vimPlugins.cmp-nvim-lsp inputs.cmp-nvim-lsp-src;
nvim-treesitter = withSrc prev.vimPlugins.nvim-treesitter inputs.nvim-treesitter-src;
telescope-nvim = withSrc prev.vimPlugins.telescope-nvim inputs.telescope-nvim-src;
telescope-project-nvim = withSrc prev.vimPlugins.telescope-project-nvim inputs.telescope-project-nvim-src;
toggleterm-nvim = withSrc prev.vimPlugins.toggleterm-nvim inputs.toggleterm-nvim-src;
bufferline-nvim = withSrc prev.vimPlugins.bufferline-nvim inputs.bufferline-nvim-src;
nvim-tree-lua = withSrc prev.vimPlugins.nvim-tree-lua inputs.nvim-tree-lua-src;
fidget-nvim = withSrc prev.vimPlugins.fidget-nvim inputs.fidget-nvim-src;
nvim-lint = withSrc prev.vimPlugins.nvim-lint inputs.nvim-lint-src;
# nvim-lspconfig = withSrc prev.vimPlugins.nvim-lspconfig inputs.nvim-lspconfig-src;
# cmp-nvim-lsp = withSrc prev.vimPlugins.cmp-nvim-lsp inputs.cmp-nvim-lsp-src;
# nvim-treesitter = withSrc prev.vimPlugins.nvim-treesitter inputs.nvim-treesitter-src;
# telescope-nvim = withSrc prev.vimPlugins.telescope-nvim inputs.telescope-nvim-src;
# telescope-project-nvim = withSrc prev.vimPlugins.telescope-project-nvim inputs.telescope-project-nvim-src;
# toggleterm-nvim = withSrc prev.vimPlugins.toggleterm-nvim inputs.toggleterm-nvim-src;
# bufferline-nvim = withSrc prev.vimPlugins.bufferline-nvim inputs.bufferline-nvim-src;
# nvim-tree-lua = withSrc prev.vimPlugins.nvim-tree-lua inputs.nvim-tree-lua-src;
# fidget-nvim = withSrc prev.vimPlugins.fidget-nvim inputs.fidget-nvim-src;
# nvim-lint = withSrc prev.vimPlugins.nvim-lint inputs.nvim-lint-src;
# Packaging plugins entirely with Nix
base16-nvim = plugin "base16-nvim" inputs.base16-nvim-src;
baleia-nvim = plugin "baleia-nvim" inputs.baleia-nvim-src;
hmts-nvim = plugin "hmts-nvim" inputs.hmts-nvim-src;
tiny-inline-diagnostic-nvim = plugin "tiny-inline-diagnostic-nvim" inputs.tiny-inline-diagnostic-nvim-src;
snipe-nvim = plugin "snipe-nvim" inputs.snipe-nvim-src;
# base16-nvim = plugin "base16-nvim" inputs.base16-nvim-src;
# baleia-nvim = plugin "baleia-nvim" inputs.baleia-nvim-src;
# hmts-nvim = plugin "hmts-nvim" inputs.hmts-nvim-src;
# tiny-inline-diagnostic-nvim = plugin "tiny-inline-diagnostic-nvim" inputs.tiny-inline-diagnostic-nvim-src;
# snipe-nvim = plugin "snipe-nvim" inputs.snipe-nvim-src;
};
}

View File

@ -1,24 +1,32 @@
_final: prev:
_inputs: _final: prev:
let
listToAttrsByField =
field: list:
listToAttrsByPnameOrName =
list:
builtins.listToAttrs (
map (v: {
name = v.${field};
name = v."pname" or v."name";
value = v;
}) list
);
lib = prev.lib;
packagesDirectory = lib.filesystem.listFilesRecursive ../pkgs;
packages = lib.pipe packagesDirectory [
# [ package1/package.nix package2/package.nix package2/hello.sh ]
packages = lib.pipe (lib.filesystem.listFilesRecursive ../pkgs) [
# Get only files called package.nix
(builtins.filter (name: lib.hasSuffix "package.nix"))
# [ package1/package.nix package2/package.nix ]
(builtins.filter (name: lib.hasSuffix "package.nix" name))
# Apply callPackage to create a derivation
(builtins.map prev.callPackage)
# Must use final.callPackage to avoid infinite recursion
# [ package1.drv package2.drv ]
(builtins.map (name: prev.callPackage name { }))
# Convert the list to an attrset
(listToAttrsByField "name")
# { package1 = package1.drv, package2 = package2.drv }
listToAttrsByPnameOrName
];
in
packages
{
nmasur = packages;
}

View File

@ -1,43 +0,0 @@
inputs: _final: prev: {
tree-sitter-grammars = prev.tree-sitter-grammars // {
# Fix: bash highlighting doesn't work as of this commit:
# https://github.com/NixOS/nixpkgs/commit/49cce41b7c5f6b88570a482355d9655ca19c1029
tree-sitter-bash = prev.tree-sitter-grammars.tree-sitter-bash.overrideAttrs (old: {
src = inputs.tree-sitter-bash;
});
# Fix: invalid node in position. Broken as of this commit (replaced with newer):
# https://github.com/NixOS/nixpkgs/commit/8ec3627796ecc899e6f47f5bf3c3220856ead9c5
tree-sitter-python = prev.tree-sitter-grammars.tree-sitter-python.overrideAttrs (old: {
src = inputs.tree-sitter-python;
});
# Fix: invalid structure in position.
tree-sitter-lua = prev.tree-sitter-grammars.tree-sitter-lua.overrideAttrs (old: {
src = inputs.tree-sitter-lua;
});
# Add grammars not in nixpks
tree-sitter-ini = prev.tree-sitter.buildGrammar {
language = "ini";
version = "1.0.0";
src = inputs.tree-sitter-ini;
};
tree-sitter-puppet = prev.tree-sitter.buildGrammar {
language = "puppet";
version = "1.0.0";
src = inputs.tree-sitter-puppet;
};
tree-sitter-rasi = prev.tree-sitter.buildGrammar {
language = "rasi";
version = "0.1.1";
src = inputs.tree-sitter-rasi;
};
tree-sitter-vimdoc = prev.tree-sitter.buildGrammar {
language = "vimdoc";
version = "2.1.0";
src = inputs.tree-sitter-vimdoc;
};
};
}

View File

@ -9,11 +9,30 @@
# Sets Neovim colors based on Nix colorscheme
options.colors = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
type = lib.types.nullOr (lib.types.attrsOf lib.types.str);
description = "Attrset of base16 colorscheme key value pairs.";
default = {
# Nord
base00 = "#2E3440";
base01 = "#3B4252";
base02 = "#434C5E";
base03 = "#4C566A";
base04 = "#D8DEE9";
base05 = "#E5E9F0";
base06 = "#ECEFF4";
base07 = "#8FBCBB";
base08 = "#88C0D0";
base09 = "#81A1C1";
base0A = "#5E81AC";
base0B = "#BF616A";
base0C = "#D08770";
base0D = "#EBCB8B";
base0E = "#A3BE8C";
base0F = "#B48EAD";
};
};
config = lib.mkIf config.colors {
config = lib.mkIf (config.colors != null) {
plugins = [ pkgs.vimPlugins.base16-nvim ];
setup.base16-colorscheme = config.colors;

View File

@ -8,9 +8,9 @@
{
# Terraform optional because non-free
options.terraform = lib.mkEnableOption "Whether to enable Terraform LSP";
options.github = lib.mkEnableOption "Whether to enable GitHub features";
options.kubernetes = lib.mkEnableOption "Whether to enable Kubernetes features";
options.enableTerraform = lib.mkEnableOption "Whether to enable Terraform LSP";
options.enableGithub = lib.mkEnableOption "Whether to enable GitHub features";
options.enableKubernetes = lib.mkEnableOption "Whether to enable Kubernetes features";
config = {
plugins = [
@ -54,7 +54,7 @@
use.lspconfig.terraformls.setup = dsl.callWith {
cmd =
if config.terraform then
if config.enableTerraform then
[
"${pkgs.terraform-ls}/bin/terraform-ls"
"serve"
@ -93,7 +93,7 @@
nix = [ "nixfmt" ];
rust = [ "rustfmt" ];
sh = [ "shfmt" ];
terraform = if config.terraform then [ "terraform_fmt" ] else [ ];
terraform = if config.enableTerraform then [ "terraform_fmt" ] else [ ];
hcl = [ "hcl" ];
};
formatters = {
@ -110,7 +110,7 @@
"-ci"
];
};
terraform_fmt.command = if config.terraform then "${pkgs.terraform}/bin/terraform" else "";
terraform_fmt.command = if config.enableTerraform then "${pkgs.terraform}/bin/terraform" else "";
hcl.command = "${pkgs.hclfmt}/bin/hclfmt";
};
};

View File

@ -2,26 +2,24 @@
{
plugins = [
(pkgs.vimPlugins.nvim-treesitter.withPlugins (
_plugins: with pkgs.tree-sitter-grammars; [
tree-sitter-bash
tree-sitter-c
tree-sitter-fish
tree-sitter-hcl
tree-sitter-ini
tree-sitter-json
tree-sitter-lua
tree-sitter-markdown
tree-sitter-markdown-inline
tree-sitter-nix
tree-sitter-puppet
tree-sitter-python
tree-sitter-rasi
tree-sitter-toml
tree-sitter-vimdoc
tree-sitter-yaml
]
))
(pkgs.vimPlugins.nvim-treesitter.withPlugins (_plugins: [
pkgs.nmasur.ini-grammar
pkgs.nmasur.puppet-grammar
pkgs.nmasur.rasi-grammar
pkgs.nmasur.vimdoc-grammar
pkgs.tree-sitter-grammars.tree-sitter-bash
pkgs.tree-sitter-grammars.tree-sitter-c
pkgs.tree-sitter-grammars.tree-sitter-fish
pkgs.tree-sitter-grammars.tree-sitter-hcl
pkgs.tree-sitter-grammars.tree-sitter-json
pkgs.tree-sitter-grammars.tree-sitter-lua
pkgs.tree-sitter-grammars.tree-sitter-markdown
pkgs.tree-sitter-grammars.tree-sitter-markdown-inline
pkgs.tree-sitter-grammars.tree-sitter-nix
pkgs.tree-sitter-grammars.tree-sitter-python
pkgs.tree-sitter-grammars.tree-sitter-toml
pkgs.tree-sitter-grammars.tree-sitter-yaml
]))
pkgs.vimPlugins.vim-matchup # Better % jumping in languages
pkgs.vimPlugins.playground # Tree-sitter experimenting
pkgs.vimPlugins.nginx-vim

View File

@ -18,7 +18,7 @@
lua = ''
${builtins.readFile ./toggleterm.lua}
${if config.github then (builtins.readFile ./github.lua) else ""}
${if config.kubernetes then (builtins.readFile ./kubernetes.lua) else ""}
${if config.enableGithub then (builtins.readFile ./github.lua) else ""}
${if config.enableKubernetes then (builtins.readFile ./kubernetes.lua) else ""}
'';
}

View File

@ -29,9 +29,9 @@
{
pkgs,
colors ? null,
terraform ? false,
github ? false,
kubernetes ? false,
enableTerraform ? false,
enableGithub ? false,
enableKubernetes ? false,
...
}:
@ -41,9 +41,9 @@ pkgs.neovimBuilder {
package = pkgs.neovim-unwrapped;
inherit
colors
terraform
github
kubernetes
enableTerraform
enableGithub
enableKubernetes
;
imports = [
./config/align.nix

View File

@ -2,7 +2,7 @@
{ pkgs, lib, ... }:
pkgs.stdenv.mkDerivation {
pname = "volnoti-unstable";
pname = "volnoti";
version = "2013-09-23";
src = pkgs.fetchFromGitHub {
owner = "davidbrazdil";

View File

@ -0,0 +1,12 @@
{ pkgs, fetchFromGitHub }:
pkgs.tree-sitter.buildGrammar {
language = "ini";
version = "1.3.0";
src = fetchFromGitHub {
owner = "justinmk";
repo = "tree-sitter-ini";
rev = "32b31863f222bf22eb43b07d4e9be8017e36fb31";
sha256 = "sha256-kWCaOIC81GP5EHCqzPZP9EUgYy39CZ6/8TVS6soB6Wo=";
};
}

View File

@ -0,0 +1,12 @@
{ pkgs, fetchFromGitHub }:
pkgs.tree-sitter.buildGrammar {
language = "puppet";
version = "1.3.0";
src = fetchFromGitHub {
owner = "tree-sitter-grammars";
repo = "tree-sitter-puppet";
rev = "15f192929b7d317f5914de2b4accd37b349182a6";
sha256 = "sha256-bO5g5AdhzpB13yHklpAndUHIX7Rvd7OMjH0Ds2ATA6Q=";
};
}

View File

@ -0,0 +1,12 @@
{ pkgs, fetchFromGitHub }:
pkgs.tree-sitter.buildGrammar {
language = "rasi";
version = "0.1.2";
src = fetchFromGitHub {
owner = "Fymyte";
repo = "tree-sitter-rasi";
rev = "6c9bbcfdf5f0f553d9ebc01750a3aa247a37b8aa";
sha256 = "sha256-sPrIVgGGaBaXeqHNxjcdJ/S2FvxyV6rD9UPKU/tpspw=";
};
}

View File

@ -0,0 +1,12 @@
{ pkgs, fetchFromGitHub }:
pkgs.tree-sitter.buildGrammar {
language = "vimdoc";
version = "3.0.0";
src = fetchFromGitHub {
owner = "neovim";
repo = "tree-sitter-vimdoc";
rev = "d2e4b5c172a109966c2ce0378f73df6cede39400";
sha256 = "sha256-Vrl4/cZL+TWlUMEeWZoHCAWhvlefcl3ajGcwyTNKOhI=";
};
}

295
pkgs/mathesar/package.nix Normal file
View File

@ -0,0 +1,295 @@
{
runtimeShell,
python313,
python313Packages,
fetchFromGitHub,
fetchPypi,
fetchurl,
gettext,
unzip,
...
}:
let
django-modern-rpc = python313Packages.buildPythonPackage rec {
pname = "django_modern_rpc";
version = "1.1.0";
src = fetchPypi {
inherit pname version;
hash = "sha256-+LBIfkBxe9lvfZIqPI2lFSshTZBL1NpmCWBAgToyJns=";
};
doCheck = false;
pyproject = true;
build-system = [
python313Packages.setuptools
python313Packages.wheel
python313Packages.poetry-core
];
};
django-property-filter = python313Packages.buildPythonPackage rec {
pname = "django_property_filter";
version = "1.3.0";
src = fetchPypi {
inherit pname version;
hash = "sha256-dpsF4hm0S4lQ6tIRJ0bXgPjWTr1fq1NSCZP0M6L4Efk=";
};
doCheck = false;
pyproject = true;
build-system = [
python313Packages.setuptools
python313Packages.wheel
python313Packages.django
python313Packages.django-filter
];
};
django-fernet-encrypted-fields = python313Packages.buildPythonPackage rec {
pname = "django-fernet-encrypted-fields";
version = "0.3.0";
src = fetchPypi {
inherit pname version;
hash = "sha256-OAMb2vFySm6IXuE3zGaivX3DcmxDjhiep+RHmewLqbM=";
};
doCheck = false;
pyproject = true;
build-system = [
python313Packages.setuptools
python313Packages.wheel
];
propagatedBuildInputs = with python313Packages; [
django
cryptography
];
};
drf-access-policy = python313Packages.buildPythonPackage rec {
pname = "drf-access-policy";
version = "1.5.0";
src = fetchPypi {
inherit pname version;
hash = "sha256-EsahQYIgjUBUSi/W8GXbc7pvYLPRJ6kpJg6A3RkrjL8=";
};
doCheck = false;
pyproject = true;
build-system = [
python313Packages.setuptools
python313Packages.wheel
];
propagatedBuildInputs = with python313Packages; [
pyparsing
djangorestframework
];
};
pythonPkg = python313.override {
self = python313;
packageOverrides = pyfinal: pyprev: {
inherit
django-modern-rpc
django-property-filter
django-fernet-encrypted-fields
drf-access-policy
# psycopg-binary
;
};
};
python = pythonPkg.withPackages (
ps: with ps; [
gunicorn
django
clevercsv
django
dj-database-url
django-filter
django-modern-rpc
django-property-filter
djangorestframework
django-fernet-encrypted-fields
drf-access-policy
frozendict
gunicorn
psycopg
# psycopg-binary
psycopg2-binary
requests
sqlalchemy
whitenoise
]
);
staticAssets = fetchurl {
url = "https://github.com/mathesar-foundation/mathesar/releases/download/0.2.2/static_files.zip";
sha256 = "sha256-1X2zFpCSwilUxhqHlCw/tg8C5zVcVL6CxDa9yh0ylGA=";
};
in
python313Packages.buildPythonApplication rec {
pname = "mathesar";
version = "0.2.2";
src = fetchFromGitHub {
owner = "mathesar-foundation";
repo = "mathesar";
rev = version;
sha256 = "sha256-LHxFJpPV0GJfokSPzfZQO44bBg/+QjXsk04Ry9uhUAs=";
};
format = "other";
nativeBuildInputs = [ unzip ];
propagatedBuildInputs = [
python.pkgs.gunicorn
python.pkgs.django
];
buildInputs = [
gettext
];
dependencies = [
pythonPkg.pkgs.clevercsv
pythonPkg.pkgs.django
pythonPkg.pkgs.dj-database-url
pythonPkg.pkgs.django-filter
pythonPkg.pkgs.django-modern-rpc
pythonPkg.pkgs.django-property-filter
pythonPkg.pkgs.djangorestframework
pythonPkg.pkgs.django-fernet-encrypted-fields
pythonPkg.pkgs.drf-access-policy
pythonPkg.pkgs.frozendict
pythonPkg.pkgs.gunicorn
pythonPkg.pkgs.psycopg
pythonPkg.pkgs.psycopg2-binary
pythonPkg.pkgs.requests
pythonPkg.pkgs.sqlalchemy
pythonPkg.pkgs.whitenoise
];
# Manually unzip the extra zip file into a temporary directory
postUnpack = ''
mkdir -p $TMPDIR/unzipped
unzip ${staticAssets} -d $TMPDIR/unzipped
'';
# Override the default build phase to prevent it from looking for setup.py
# Add any non-Python build commands here if needed (e.g., building frontend assets)
buildPhase = ''
runHook preBuild
echo "Skipping standard Python build phase; application files copied in installPhase."
# If you had frontend assets to build, you'd run the command here, e.g.:
# npm install
# npm run build
runHook postBuild
'';
# This copies the application code into the Nix store output
installPhase = ''
runHook preInstall
# Destination: python's site-packages directory within $out
# This makes 'import mathesar', 'import db', etc. work more easily.
INSTALL_PATH="$out/lib/${python.libPrefix}/site-packages/${pname}"
mkdir -p "$INSTALL_PATH"
echo "Copying application code to $INSTALL_PATH"
# Copy all essential source directories needed at runtime
# Adjust this list based on mathesar's actual structure and runtime needs!
cp -r mathesar "$INSTALL_PATH/"
cp -r db "$INSTALL_PATH/"
cp -r config "$INSTALL_PATH/"
cp -r translations "$INSTALL_PATH/"
cp -r mathesar_ui "$INSTALL_PATH/" # If needed
# Copy the management script
cp manage.py "$INSTALL_PATH/"
# Copy assets from unzipped directory
mkdir -p "$INSTALL_PATH/mathesar/static/mathesar"
cp -r $TMPDIR/unzipped/static_files/* "$INSTALL_PATH/mathesar/static/mathesar"
# Create wrapper scripts in $out/bin for easy execution
mkdir -p $out/bin
# Wrapper for manage.py
# It ensures the app code is in PYTHONPATH and runs manage.py
echo "Creating manage.py wrapper..."
cat <<EOF > $out/bin/mathesar-manage
#!${python.interpreter}
import os
import sys
# Add the installation path to the Python path
sys.path.insert(0, "$INSTALL_PATH")
# Set DJANGO_SETTINGS_MODULE environment variable if required by mathesar
# You might need to adjust 'config.settings.production' to the actual settings file used
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'config.settings.production')
# Change directory to where manage.py is, if necessary for relative paths
# os.chdir("$INSTALL_PATH")
print(f"Running manage.py from: $INSTALL_PATH/manage.py")
print(f"Python path includes: $INSTALL_PATH")
print(f"Executing with args: {sys.argv[1:]}")
# Find manage.py and execute it
manage_py_path = os.path.join("$INSTALL_PATH", "manage.py")
if not os.path.exists(manage_py_path):
print(f"Error: manage.py not found at {manage_py_path}", file=sys.stderr)
sys.exit(1)
# Prepare arguments for execute_from_command_line
# The first argument should be the script name itself
argv = [manage_py_path] + sys.argv[1:]
try:
from django.core.management import execute_from_command_line
execute_from_command_line(argv)
except Exception as e:
print(f"Error executing manage.py: {e}", file=sys.stderr)
# Optionally re-raise or exit with error
import traceback
traceback.print_exc()
sys.exit(1)
EOF
chmod +x $out/bin/mathesar-manage
# Wrapper for install
echo "Creating install wrapper..."
cat <<EOF > $out/bin/mathesar-install
#!${runtimeShell}
# Add the app to the Python Path
export PYTHONPATH="$INSTALL_PATH:\${"PYTHONPATH:-"}"
# Set Django settings module if needed
export DJANGO_SETTINGS_MODULE='config.settings.production'
# Change to the app directory
cd "$INSTALL_PATH"
${python}/bin/python -m mathesar.install
EOF
chmod +x $out/bin/mathesar-install
# Wrapper for gunicorn (example)
# Assumes mathesar uses a standard wsgi entry point, e.g., config/wsgi.py
# Adjust 'config.wsgi:application' if necessary
echo "Creating gunicorn wrapper..."
cat <<EOF > $out/bin/mathesar-gunicorn
#!${runtimeShell}
# Add the app to the Python Path
export PYTHONPATH="$INSTALL_PATH:\${"PYTHONPATH:-"}"
# Set Django settings module if needed
export DJANGO_SETTINGS_MODULE='config.settings.production'
# Change to the app directory if gunicorn needs it
# cd "$INSTALL_PATH"
# Execute gunicorn, passing along any arguments
# Ensure the gunicorn package is in propagatedBuildInputs
exec ${python}/bin/gunicorn config.wsgi:application "\$@"
EOF
chmod +x $out/bin/mathesar-gunicorn
runHook postInstall
'';
}

View File

@ -0,0 +1,21 @@
{ pkgs, ... }:
# Based on:
# https://git.sr.ht/~rycee/nur-expressions/tree/master/item/pkgs/firefox-addons/default.nix#L34
pkgs.stdenv.mkDerivation rec {
pname = "bypass-paywalls-clean";
version = "4.1.1.4";
src = builtins.fetchGit {
url = "https://git.masu.rs/noah/bpc-uploads.git";
ref = "main";
rev = "9166b13355721b047878f259e04c2e9b476b4210";
};
preferLocalBuild = true;
allowSubstitutes = true;
buildCommand = ''
dst="$out/share/mozilla/extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}"
mkdir -p "$dst"
install -v -m644 "${src}/bypass_paywalls_clean-${version}.xpi" "$dst/magnolia@12.34.xpi"
'';
}

View File

@ -0,0 +1,15 @@
{ pkgs, ... }:
pkgs.stdenv.mkDerivation {
pname = "wallpapers";
version = "0.1";
src = pkgs.fetchFromGitLab {
owner = "exorcist365";
repo = "wallpapers";
rev = "8d2860ac6c05cec0f78d5c9d07510f4ff5da90dc";
sha256 = "sha256-1c1uDz37MhksWC75myv6jao5q2mIzD8X8I+TykXXmWg=";
};
installPhase = ''
cp -r $src/ $out/
'';
}

View File

@ -0,0 +1,91 @@
{
lib,
fetchFromGitHub,
nodejs_20,
buildNpmPackage,
nodePackages,
python3,
gcc,
gnumake,
}:
let
in
buildNpmPackage (finalAttrs: rec {
pname = "prometheus-actual-exporter";
version = "1.1.5";
src = fetchFromGitHub {
owner = "sakowicz";
repo = "actual-budget-prometheus-exporter";
tag = version;
hash = "sha256-DAmWr1HngxAjhOJW9OnMfDqpxBcZT+Tpew/w/YYJIYU=";
};
patches = [ ./tsconfig.patch ];
npmDepsHash = "sha256-N8xqRYFelolNGTEhG22M7KJ7B5U/uW7o+/XfLF8rHMg=";
nativeBuildInputs = [
nodejs_20
nodePackages.typescript
python3
nodePackages.node-gyp
gcc
gnumake
];
postPatch = ''
echo "Removing better-sqlite3 install script before npm install"
sed -i '/"install"/d' node_modules/better-sqlite3/package.json || true
sed -i '/"install"/d' package.json || true
'';
preBuild = ''
echo "Disabling prebuilt install script from better-sqlite3"
find node_modules/better-sqlite3 -name package.json -exec sed -i '/"install"/d' {} +
rm -f node_modules/better-sqlite3/build/Release/better_sqlite3.node || true
'';
buildPhase = ''
# export npm_config_build_from_source=true
# export npm_config_unsafe_perm=true
# export BINARY_SITE=none
# export PATH=${nodePackages.node-gyp}/bin:$PATH
# export npm_config_node_gyp=${nodePackages.node-gyp}/bin/node-gyp
# npm rebuild better-sqlite3 --build-from-source --verbose
npm run build
'';
installPhase = ''
mkdir -p $out/{bin,lib}
cp -r . $out/lib/prometheus-actual-exporter
makeWrapper ${lib.getExe nodejs_20} $out/bin/prometheus-actual-exporter \
--add-flags "$out/lib/prometheus-actual-exporter/dist/app.js"
'';
postInstall = ''
echo "Removing prebuilt .node and rebuilding better-sqlite3"
export npm_config_build_from_source=true
export npm_config_unsafe_perm=true
export BINARY_SITE=none
export PATH=${nodePackages.node-gyp}/bin:$PATH
export npm_config_node_gyp=${nodePackages.node-gyp}/bin/node-gyp
sed -i '/"install"/d' node_modules/better-sqlite3/package.json
rm -f node_modules/better-sqlite3/build/Release/better_sqlite3.node || true
npm rebuild better-sqlite3 --build-from-source --verbose
'';
meta = {
description = "Prometheus exporter for Actual Budget";
homepage = "https://github.com/sakowicz/actual-budget-prometheus-exporter";
mainProgram = "prometheus-actual-exporter";
};
})

View File

@ -0,0 +1,12 @@
diff --git a/tsconfig.json b/tsconfig.json
index 5106135..3a340f6 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -8,5 +8,6 @@
"skipLibCheck": true,
"lib": ["es2020"],
"outDir": "./dist"
- }
+ },
+ "include": ["src/**/*", "app.ts"]
}

View File

@ -0,0 +1,18 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "default" ''
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
echo ""
echo ""
${pkgs.gum}/bin/gum format --type=template -- \
' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}'
echo ""
echo ""
''

View File

@ -0,0 +1,12 @@
{ pkgs, ... }:
pkgs.mkShell {
name = "dotfiles-devshell";
buildInputs = with pkgs; [
git
stylua
nixfmt-rfc-style
shfmt
shellcheck
];
}

View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "encrypt-secret" ''
printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2
read -p "Secret: " secret
printf "\nEncrypting...\n\n" 1>&2
tmpfile=$(mktemp)
echo "''${secret}" > ''${tmpfile}
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../../../../misc/public-keys} $tmpfile
rm $tmpfile
''

View File

@ -1,13 +1,13 @@
{ pkgs, ... }:
{ buildGoModule, fetchFromGitHub }:
pkgs.buildGoModule rec {
buildGoModule rec {
pname = "gh-collaborators";
version = "v3.0.0";
src = {
src = fetchFromGitHub {
owner = "katiem0";
repo = "gh-collaborators";
rev = "4af7c8e54ecc499097121909f02ecb42a8a60d24";
sha256 = pkgs.lib.fakeHash;
rev = "bf412dde50605e48af86f291c2ac8714f2c1b228";
sha256 = "sha256-SGmP/8Fvf2rcYkwscMOFG01Y0VJGb/TXrNZtLacurxA=";
};
vendorHash = "sha256-9qmvG2q9t1Zj8yhKFyA99IaJ90R/gRVdQVjdliVKLRE";

View File

@ -0,0 +1,44 @@
{ pkgs, ... }:
# Inspired by https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix
# This script will partition and format drives; use at your own risk!
pkgs.writeShellScriptBin "installer" ''
set -e
DISK=$1
FLAKE=$2
PARTITION_PREFIX=""
if [ -z "$DISK" ] || [ -z "$FLAKE" ]; then
${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
--foreground "#fb4934" \
"Missing required parameter." \
"Usage: installer -- <disk> <host>" \
"Example: installer -- nvme0n1 tempest" \
"Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest"
echo "(exiting)"
exit 1
fi
case "$DISK" in nvme*)
PARTITION_PREFIX="p"
esac
${pkgs.gum}/bin/gum confirm \
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
--default=false
${pkgs.parted}/bin/parted /dev/''${DISK} -- mklabel gpt
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart primary 512MiB 100%
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart ESP fat32 1MiB 512MiB
${pkgs.parted}/bin/parted /dev/''${DISK} -- set 3 esp on
mkfs.ext4 -L nixos /dev/''${DISK}''${PARTITION_PREFIX}1
mkfs.fat -F 32 -n boot /dev/''${DISK}''${PARTITION_PREFIX}2
mount /dev/disk/by-label/nixos /mnt
mkdir --parents /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
${pkgs.nixos-install-tools}/bin/nixos-install --flake github:nmasur/dotfiles#''${FLAKE}
''

View File

@ -7,4 +7,4 @@ pkgs.writers.writeFishBin "ip-check" {
":"
"${lib.makeBinPath [ pkgs.curl ]}"
];
} builtins.readFile ./ip.fish
} (builtins.readFile ./ip.fish)

View File

@ -8,7 +8,7 @@ TEXT_FILE="/tmp/ocr.txt"
IMAGE_FILE="/tmp/ocr.png"
function notify-send() {
/usr/bin/osascript -e "display notification \"$2\" with title \"OCR\""
/usr/bin/osascript -e "display notification \"$2\" with title \"OCR\""
}
PATH="/usr/local/bin/:$PATH"
@ -32,8 +32,8 @@ STATUS=$?
# specify /tmp/ocr.txt as the file path, tesseract would out the text to
# /tmp/ocr.txt.txt
cd /tmp || {
echo "Failed to jump to directory."
exit 1
echo "Failed to jump to directory."
exit 1
}
tesseract "$IMAGE_FILE" "${TEXT_FILE//\.txt/}"
@ -41,8 +41,8 @@ tesseract "$IMAGE_FILE" "${TEXT_FILE//\.txt/}"
# of lines in the file
LINES=$(wc -l <$TEXT_FILE)
if [ "$LINES" -eq 0 ]; then
notify-send "ocr" "no text was detected"
exit 1
notify-send "ocr" "no text was detected"
exit 1
fi
# Copy text to clipboard

View File

@ -1,6 +1,6 @@
{ pkgs, ... }:
{ pkgs, writeShellApplication }:
pkgs.writeShellApplication {
writeShellApplication {
name = "ocr";
runtimeInputs = [ pkgs.tesseract ];
text = builtins.readFile ./ocr.sh;

View File

@ -1,15 +1,19 @@
# Clipboard over SSH
{ pkgs, ... }:
{
buildGoModule,
fetchFromGitHub,
...
}:
pkgs.buildGoModule {
buildGoModule {
pname = "osc";
version = "v0.4.6";
src = {
version = "v0.4.7";
src = fetchFromGitHub {
owner = "theimpostor";
repo = "osc";
rev = "4af7c8e54ecc499097121909f02ecb42a8a60d24";
sha256 = pkgs.lib.fakeHash;
rev = "c8e1e2f42a5d5fb628eaa48e889bde578deb8d33";
sha256 = "sha256-MfEBbYT99tEtlOMmdl3iq2d07KYsN1tu5tDRFW3676g=";
};
vendorHash = "sha256-POtQWIjPObsfa3YZ1dLZgedZFUcc4HeTWjU20AucoKc=";

View File

@ -0,0 +1,5 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "readme" ''
${pkgs.glow}/bin/glow --pager ${builtins.toString ../../../../README.md}
''

View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "rebuild" ''
echo ${pkgs.system}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
if [ "$SYSTEM" == "darwin" ]; then
sudo darwin-rebuild switch --flake ${builtins.toString ../../../../.}
else
doas nixos-rebuild switch --flake ${builtins.toString ../../../../.}
fi
''

View File

@ -0,0 +1,21 @@
{ pkgs, ... }:
# nix run github:nmasur/dotfiles#reencrypt-secrets ./private
pkgs.writeShellScriptBin "reencrypt-secrets" ''
if [ $# -eq 0 ]; then
echo "Must provide directory to reencrypt."
exit 1
fi
encrypted=$1
find "''${1}" -type f -name "*.age" | while IFS= read -r encryptedfile; do
tmpfile=$(mktemp)
echo "Decrypting ''${encryptedfile}..."
${pkgs.age}/bin/age --decrypt \
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
echo "Encrypting ''${encryptedfile}..."
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../../../../misc/public-keys} $tmpfile > $encryptedfile
rm $tmpfile
done
echo "Finished."
''

View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
pkgs.rustPlatform.buildRustPackage {
pname = "ren-find";
version = "0.0.7";
src = pkgs.fetchFromGitHub {
owner = "robenkleene";
repo = "ren-find";
rev = "50c40172e354caffee48932266edd7c7a76a20fd";
sha256 = "sha256-zVIt6Xp+Mvym6gySvHIZJt1QgzKVP/wbTGTubWk6kzI=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-lSeO/GaJPZ8zosOIJRXVIEuPXaBg1GBvKBIuXtu1xZg=";
}

View File

@ -1,12 +0,0 @@
{ pkgs, ... }:
pkgs.rustPlatform.buildRustPackage {
pname = "ren-find";
version = "0.0.7";
src = pkgs.fetchFromGitHub {
owner = "robenkleene";
repo = "ren-find";
rev = "4af7c8e54ecc499097121909f02ecb42a8a60d24";
sha256 = pkgs.lib.fakeHash;
};
cargoHash = "sha256-3bI3j2xvNHp4kyLEq/DZvRJBF2rn6pE4n8oXh67edDI=";
}

View File

@ -0,0 +1,13 @@
{ pkgs, ... }:
pkgs.rustPlatform.buildRustPackage {
pname = "rep-grep";
version = "0.0.7";
src = pkgs.fetchFromGitHub {
owner = "robenkleene";
repo = "rep-grep";
rev = "2a24f95170aa14b5182b2287125664a62f8688ef";
sha256 = "sha256-gBxrbGCy6JEHnmgJmcm8sgtEvCAqra8/gPGsfCEfLqg=";
};
useFetchCargoVendor = true;
cargoHash = "sha256-t4tfQaFq4EV4ZWeU+IestSFiSAIeVQslTZhLbpKVoO4=";
}

View File

@ -1,12 +0,0 @@
{ pkgs, ... }:
pkgs.rustPlatform.buildRustPackage {
pname = "rep-grep";
version = "0.0.7";
src = pkgs.fetchFromGitHub {
owner = "robenkleene";
repo = "rep-grep";
rev = "4af7c8e54ecc499097121909f02ecb42a8a60d24";
sha256 = pkgs.lib.fakeHash;
};
cargoHash = "sha256-GEr3VvQ0VTKHUbW/GFEgwLpQWP2ZhS/4KYjDvfFLgxo=";
}

View File

@ -0,0 +1,32 @@
{
config,
pkgs,
lib,
...
}:
let
cfg = config.aws;
in
{
options.aws.enable = lib.mkEnableOption "AWS EC2";
config = lib.mkIf cfg.enable {
nmasur.presets.services.openssh-aws.enable = lib.mkDefault true;
# Make sure disk size is large enough
# https://github.com/nix-community/nixos-generators/issues/150
virtualisation.diskSize = lib.mkDefault (16 * 1024); # In MB
boot.kernelPackages = lib.mkDefault pkgs.linuxKernel.packages.linux_6_6;
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = lib.mkForce false; # Default, conflicts with tempest
services.amazon-ssm-agent.enable = lib.mkDefault true;
users.users.ssm-user.extraGroups = [ "wheel" ];
services.udisks2.enable = lib.mkForce false; # Off by default already; conflicts with gvfs for nautilus
boot.loader.grub.device = lib.mkForce "/dev/xvda"; # Default, conflicts with tempest
boot.loader.grub.efiSupport = lib.mkForce false; # Default, conflicts with tempest
};
}

View File

@ -1,7 +0,0 @@
{ lib, ... }:
{
imports = lib.pipe (lib.filesystem.listFilesRecursive ./.) [
# Get only files ending in .nix
(builtins.filter (name: lib.hasSuffix ".nix" name))
];
}

View File

@ -16,13 +16,13 @@
config = {
# Allow specified unfree packages (identified elsewhere)
# Retrieves package object based on string name
nixpkgs.config.allowUnfreePredicate =
pkg: builtins.elem (lib.getName pkg) config.allowUnfreePackages;
# Allow specified insecure packages (identified elsewhere)
nixpkgs.config.permittedInsecurePackages = config.allowInsecurePackages;
# # Allow specified unfree packages (identified elsewhere)
# # Retrieves package object based on string name
# nixpkgs.config.allowUnfreePredicate =
# pkg: builtins.elem (lib.getName pkg) config.allowUnfreePackages;
#
# # Allow specified insecure packages (identified elsewhere)
# nixpkgs.config.permittedInsecurePackages = config.allowInsecurePackages;
};

View File

@ -15,7 +15,7 @@ in
config = lib.mkIf cfg.enable {
home.packages = [
pkgs.victor-mono # Used for Vim and Terminal
pkgs.nerd-fonts.victor-mono # Used for Vim and Terminal
pkgs.nerd-fonts.hack # For Polybar, Rofi
];
fonts.fontconfig = {
@ -33,6 +33,7 @@ in
programs.alacritty.settings.font.normal.family = "VictorMono";
programs.kitty.font.name = "VictorMono Nerd Font Mono";
nmasur.presets.programs.wezterm.font = "VictorMono Nerd Font Mono";
programs.ghostty.settings.font-family = "VictorMono Nerd Font Mono";
services.dunst.settings.global.font = "Hack Nerd Font 14";
};
}

View File

@ -25,8 +25,9 @@ in
] ++ (if pkgs.stdenv.isLinux then [ pkgs._1password-gui ] else [ ]);
# Firefox extension
programs.firefox.profiles.default.extensions =
pkgs.nur.repos.rycee.firefox-addons.onepassword-password-manager;
programs.firefox.profiles.default.extensions.packages = [
pkgs.nur.repos.rycee.firefox-addons.onepassword-password-manager
];
};
# # https://1password.community/discussion/135462/firefox-extension-does-not-connect-to-linux-app

View File

@ -183,6 +183,9 @@ in
"audio/*" = "${pkgs.mpv}/bin/mpv -";
"image/*" = "${pkgs.feh}/bin/feh -";
};
compose = {
editor = config.home.sessionVariables.EDITOR;
};
};
};
accounts.email.accounts.home.aerc = {
@ -196,22 +199,31 @@ in
xdg.desktopEntries.aerc = lib.mkIf (pkgs.stdenv.isLinux) {
name = "aerc";
exec = "${config.terminalLaunchCommand} aerc %u";
exec = "${lib.getExe config.nmasur.presets.services.i3.terminal} aerc %u";
};
xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux {
"${config.xsession.windowManager.i3.config.modifier}+Shift+e" = "exec ${
# Don't name the script `aerc` or it will affect grep
builtins.toString (
pkgs.writeShellScript "focus-mail.sh" ''
count=$(ps aux | grep -c aerc)
if [ "$count" -eq 1 ]; then
i3-msg "exec --no-startup-id ${config.terminal} start --class aerc -- aerc"
sleep 0.25
fi
i3-msg "[class=aerc] focus"
''
)
}";
"${config.xsession.windowManager.i3.config.modifier}+Shift+e" =
let
terminal = config.nmasur.presets.services.i3.terminal;
startupCommand =
if terminal == pkgs.wezterm then
"start --class com.noah.aerc -- aerc"
else
"--class=com.noah.aerc --command=aerc";
in
"exec ${
# Don't name the script `aerc` or it will affect grep
builtins.toString (
pkgs.writeShellScript "focus-mail.sh" ''
count=$(ps aux | grep -c aerc)
if [ "$count" -eq 1 ]; then
i3-msg "exec --no-startup-id ${lib.getExe terminal} ${startupCommand}"
sleep 0.25
fi
i3-msg "[class=com.noah.aerc] focus"
''
)
}";
};
programs.fish.shellAbbrs = {

View File

@ -15,6 +15,7 @@ in
config = lib.mkIf cfg.enable {
programs.atuin = {
enable = true;
daemon.enable = true;
flags = [
"--disable-up-arrow"
"--disable-ctrl-r"
@ -33,6 +34,7 @@ in
secrets_filter = true;
enter_accept = false;
keymap_mode = "vim-normal";
records = true; # Sync v2
};
};

View File

@ -0,0 +1,19 @@
{ config, lib, ... }:
let
cfg = config.nmasur.presets.programs.aws-ssh;
in
{
options.nmasur.presets.programs.aws-ssh.enable = lib.mkEnableOption "AWS SSH tools";
config = lib.mkIf cfg.enable {
# Ignore wine directories in searches
home.file.".ssh/aws-ssm-ssh-proxy-command.sh" = {
text = builtins.readFile ./aws-ssm-ssh-proxy-command.sh;
executable = true;
};
};
}

View File

@ -0,0 +1,69 @@
#!/usr/bin/env bash
set -eu
################################################################################
#
# For documentation see https://github.com/qoomon/aws-ssm-ssh-proxy-command
#
################################################################################
getInstanceId() {
local instance_name="$1"
local instance_id=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=${instance_name}" --query "Reservations[].Instances[?State.Name == 'running'].InstanceId" --output text)
echo "${instance_id}"
}
instance_name="$1"
ssh_user="$2"
ssh_port="$3"
ssh_public_key_path="$4"
ec2InstanceIdPattern='^m?i-[0-9a-f]{8,17}$'
if [[ $instance_name =~ $ec2InstanceIdPattern ]]; then
instance_id=$instance_name
else
instance_id=$(getInstanceId "$instance_name")
if [[ -z $instance_id ]]; then
echo "Found no running instances with name \"${instance_name}\"."
exit 1
else
echo "Instance ID for \"${instance_name}\": \"${instance_id}\""
fi
fi
REGION_SEPARATOR='--'
if echo "$instance_id" | grep -q -e "${REGION_SEPARATOR}"; then
export AWS_REGION="${instance_id##*"${REGION_SEPARATOR}"}"
instance_id="${instance_id%%"$REGION_SEPARATOR"*}"
fi
>/dev/stderr echo "Add public key ${ssh_public_key_path} for ${ssh_user} at instance ${instance_id} for 10 seconds"
ssh_public_key="$(cat "${ssh_public_key_path}")"
aws ssm send-command \
--instance-ids "${instance_id}" \
--document-name 'AWS-RunShellScript' \
--comment "Add an SSH public key to authorized_keys for 10 seconds" \
--parameters commands="
\"
set -eu
mkdir -p ~${ssh_user}/.ssh && cd ~${ssh_user}/.ssh
authorized_key='${ssh_public_key} ssm-session'
echo \\\"\${authorized_key}\\\" >> authorized_keys
sleep 10
(grep -v -F \\\"\${authorized_key}\\\" authorized_keys || true) > authorized_keys~
mv authorized_keys~ authorized_keys
\"
"
>/dev/stderr echo "Start ssm session to instance ${instance_id}"
aws ssm start-session \
--target "${instance_id}" \
--document-name 'AWS-StartSSHSession' \
--parameters "portNumber=${ssh_port}"

View File

@ -17,6 +17,9 @@ in
programs.direnv = {
enable = true;
nix-direnv.enable = true;
config = {
global.hide_env_diff = true;
};
};
};
}

View File

@ -16,7 +16,7 @@ in
config = lib.mkIf cfg.enable {
allowUnfreePackages = [ "discord" ];
home.packages = [ pkgs.discord ];
xdg.configFile."discord/settings.json".text = pkgs.formats.json {
xdg.configFile."discord/settings.json".text = builtins.toJSON {
BACKGROUND_COLOR = "#202225";
IS_MAXIMIZED = false;
IS_MINIMIZED = false;

View File

@ -15,12 +15,12 @@ in
config = lib.mkIf cfg.enable {
# Alias sudo to doas for convenience
fish.shellAliases = {
programs.fish.shellAliases = {
sudo = "doas";
};
# Disable overriding our sudo alias with a TERMINFO alias
kitty.settings.shell_integration = "no-sudo";
programs.kitty.settings.shell_integration = "no-sudo";
};
}

View File

@ -12,7 +12,7 @@ in
# Allows me to make sure I can work on my dotfiles locally
options.nmasur.preset.programs.dotfiles = {
options.nmasur.presets.programs.dotfiles = {
enable = lib.mkEnableOption "Clone dotfiles repository";
repo = lib.mkOption {
type = lib.types.str;
@ -36,9 +36,11 @@ in
# Always clone dotfiles repository if it doesn't exist
cloneDotfiles = config.lib.dag.entryAfter [ "writeBoundary" "loadkey" ] ''
if [ ! -d "${cfg.path}" ]; then
run mkdir --parents $VERBOSE_ARG $(dirname "${cfg.path}")
run ${lib.getExe pkgs.git} clone ${cfg.repo} "${cfg.path}"
if [ -f ~/.ssh/id_ed25519 ]; then
if [ ! -d "${cfg.path}" ]; then
run mkdir --parents $VERBOSE_ARG $(dirname "${cfg.path}")
run ${lib.getExe pkgs.git} clone ${cfg.repo} "${cfg.path}"
fi
fi
'';
};

Some files were not shown because too many files have changed in this diff Show More