noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-06 17:50:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:e90c6b17246babf0da7a7925efe1087025008626
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
..
compare: noah:darwin-ssl
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

1 Commits
e90c6b1724 ... darwin-ssl

Author SHA1 Message Date
Noah Masur
fca998e14c add ssl certs for darwin even though it didn't work 2022-09-21 16:25:16 -04:00
491 changed files with 6688 additions and 19453 deletions
Expand all files Collapse all files

166
.github/workflows/arrow-aws.yml vendored
View File

@ -1,166 +0,0 @@
name: Arrow (AWS)
run-name: Arrow (AWS) - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
env:
TERRAFORM_DIRECTORY: hosts/arrow/aws
DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
ZONE_NAME: masu.rs
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
on:
workflow_dispatch:
inputs:
rebuild:
type: boolean
default: false
action:
type: choice
required: true
default: create
options:
- create
- destroy
- nothing
size:
type: choice
required: false
options:
- t3a.small # 2 GB RAM / $10
permissions:
id-token: write
contents: write
jobs:
build-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout Repo Code
uses: actions/checkout@v4
- name: Free Disk Space (Ubuntu)
if: inputs.rebuild && inputs.action != 'destroy'
uses: jlumbroso/free-disk-space@main
with:
tool-cache: true
# Enable access to KVM, required to build an image
- name: Enable KVM group perms
if: inputs.rebuild && inputs.action != 'destroy'
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
# Login to AWS
- name: AWS Assume Role
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::286370965832:role/github_actions_admin
aws-region: us-east-1
# Install Nix
- name: Install Nix
if: inputs.rebuild && inputs.action != 'destroy'
uses: cachix/install-nix-action@v20
# Build the image
- name: Build Image
if: inputs.rebuild && inputs.action != 'destroy'
run: nix build .#arrow-aws
- name: Upload Image to S3
if: inputs.rebuild && inputs.action != 'destroy'
run: |
aws s3 cp \
result/nixos-amazon-image-*.vhd \
s3://${{ secrets.IMAGES_BUCKET }}/arrow.vhd \
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform fmt -no-color -check -diff -recursive
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform init \
-backend-config="bucket=${{ secrets.TERRAFORM_STATE_BUCKET }}" \
-backend-config="key=arrow.tfstate"
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: inputs.action == 'create'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
env:
TF_VAR_ec2_size: ${{ inputs.size }}
TF_VAR_images_bucket: ${{ secrets.IMAGES_BUCKET }}
run: |
terraform apply \
-auto-approve \
-input=false
# Removes infrastructure.
- name: Terraform Destroy
if: inputs.action == 'destroy'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
env:
TF_VAR_ec2_size: ${{ inputs.size }}
TF_VAR_images_bucket: ${{ secrets.IMAGES_BUCKET }}
run: |
terraform destroy \
-auto-approve \
-input=false
- name: Get Host IP
if: inputs.action == 'create'
id: host
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform output -raw host_ip
- name: Wait on SSH
if: inputs.action == 'create'
run: |
for i in $(seq 1 15); do
if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
exit 0
fi
sleep 10
done
- name: Write Identity Keys to Files
if: inputs.action == 'create'
run: |
echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
chmod 0600 deploy_ed25519
echo "${{ env.ARROW_IDENTITY_BASE64 }}" | base64 -d > arrow_ed25519
chmod 0600 arrow_ed25519
- name: Copy Identity File to Host
if: inputs.action == 'create'
run: |
ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
scp -i deploy_ed25519 arrow_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519
- name: Wipe Records
if: ${{ inputs.action == 'destroy' }}
run: |
RECORD_ID=$(curl --request GET \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}" | jq -r '.result[] | select(.name == "n8n2.${{ env.ZONE_NAME }}") | .id')
curl --request DELETE \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records/${RECORD_ID} \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}"

154
.github/workflows/arrow.yml vendored
View File

@ -1,154 +0,0 @@
name: Arrow
run-name: Arrow - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
env:
TERRAFORM_DIRECTORY: hosts/arrow/vultr
DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
CLOUDFLARE_R2_ENDPOINT: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_KEY }}
AWS_DEFAULT_REGION: auto
AWS_ENDPOINT_URL_S3: "https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
TF_VAR_vultr_api_key: ${{ secrets.VULTR_API_KEY }}
ZONE_NAME: masu.rs
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
on:
workflow_dispatch:
inputs:
rebuild:
type: boolean
default: false
action:
type: choice
required: true
default: create
options:
- create
- destroy
- nothing
plan:
type: choice
required: false
options:
- vc2-1c-1gb # 25 GB / $5
- vc2-1c-2gb # 55 GB / $10 (default)
- vc2-2c-2gb # 65 GB / $15
- vc2-2c-4gb # 80 GB / $20
- vc2-4c-8gb # 160 GB / $40
- vc2-6c-16gb # 320 GB / $80
jobs:
build-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout Repo Code
uses: actions/checkout@v4
# Enable access to KVM, required to build an image
- name: Enable KVM group perms
if: inputs.rebuild && inputs.action != 'destroy'
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
# Install Nix
- name: Install Nix
if: inputs.rebuild && inputs.action != 'destroy'
uses: cachix/install-nix-action@v17
# Build the image
- name: Build Image
if: inputs.rebuild && inputs.action != 'destroy'
run: nix build .#arrow
- name: Upload Image to S3
if: inputs.rebuild && inputs.action != 'destroy'
run: |
aws s3 cp \
result/iso/nixos.iso \
s3://noahmasur-arrow-images/arrow.iso \
--endpoint-url "https://${{ env.CLOUDFLARE_R2_ENDPOINT }}"
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform fmt -no-color -check -diff -recursive
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform init
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: inputs.action == 'create'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
env:
TF_VAR_vultr_plan: ${{ inputs.plan }}
run: |
terraform apply \
-auto-approve \
-input=false
# Removes infrastructure.
- name: Terraform Destroy
if: inputs.action == 'destroy'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform destroy \
-auto-approve \
-input=false
- name: Get Host IP
if: inputs.action == 'create'
id: host
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform output -raw host_ip
- name: Wait on SSH
if: inputs.action == 'create'
run: |
for i in $(seq 1 15); do
if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
exit 0
fi
sleep 10
done
- name: Write Identity Keys to Files
if: inputs.action == 'create'
run: |
echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
chmod 0600 deploy_ed25519
echo "${{ env.ARROW_IDENTITY_BASE64 }}" | base64 -d > arrow_ed25519
chmod 0600 arrow_ed25519
- name: Copy Identity File to Host
if: inputs.action == 'create'
run: |
ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
scp -i deploy_ed25519 arrow_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519
- name: Wipe Records
if: ${{ inputs.action == 'destroy' }}
run: |
RECORD_ID=$(curl --request GET \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}" | jq -r '.result[] | select(.name == "n8n2.${{ env.ZONE_NAME }}") | .id')
curl --request DELETE \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records/${RECORD_ID} \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}"

20
.github/workflows/check.yml vendored
View File

@ -1,20 +0,0 @@
name: Check Build
on:
workflow_dispatch: # allows manual triggering
jobs:
check:
name: Check
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v11
- name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v7
- name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v6
- name: Check the Flake
run: nix flake check

71
.github/workflows/update.yml vendored
View File

@ -1,71 +0,0 @@
name: Update Flake
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '33 3 * * 6' # runs weekly on Saturday at 03:33
permissions:
contents: write
pull-requests: write
checks: write
jobs:
lockfile:
name: Lockfile
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v11
with:
nix-package-url: https://releases.nixos.org/nix/nix-2.18.4/nix-2.18.4-x86_64-linux.tar.xz
- name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v7
- name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v6
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v23
id: update
with:
pr-title: "Update flake.lock" # Title of PR to be created
pr-labels: | # Labels to be set on the PR
dependencies
automated
pr-body: |
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
{{ env.GIT_COMMIT_MESSAGE }}
```
- name: Check the Flake
id: check
run: nix flake check
- name: Update Check Status
uses: LouisBrunner/checks-action@v1.6.1
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: Update Flake
conclusion: ${{ job.status }}
output: |
{"summary":"${{ steps.check.outputs.stdout }}"}
- name: Enable Pull Request Automerge
if: success()
run: |
gh pr merge \
--rebase \
--auto \
${{ steps.update.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ github.token }}
- name: Close Pull Request If Failed
if: failure()
run: |
gh pr close \
--comment "Auto-closing pull request" \
--delete-branch \
${{ steps.update.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ github.token }}

5
.gitignore vendored
View File

@ -1,9 +1,6 @@
.DS_Store .DS_Store
*.bak *.bak
*.db *.db
*.qcow2
**/.direnv/** **/.direnv/**
result result
private/** .luarc.json
templates/**/flake.lock
!private/**.age

131
README.md
View File

@ -1,89 +1,82 @@
# System Configurations
This repository contains configuration files for my NixOS, macOS, and WSL This repository contains configuration files for my NixOS, macOS, and WSL
hosts. hosts.
They are organized and managed by [Nix](https://nixos.org), so some of the
configuration may be difficult to translate to a non-Nix system.
## System Features
| Feature | Program | Configuration |
|----------------|-----------------------------------------------------|-----------------------------------------------|
| OS | [NixOS](https://nixos.org) | [Link](./modules/nixos) |
| Display Server | [X11](https://www.x.org/wiki/) | [Link](./modules/nixos/graphical/xorg.nix) |
| Compositor | [Picom](https://github.com/yshui/picom) | [Link](./modules/nixos/graphical/picom.nix) |
| Window Manager | [i3](https://i3wm.org/) | [Link](./modules/nixos/graphical/i3.nix) |
| Panel | [Polybar](https://polybar.github.io/) | [Link](./modules/nixos/graphical/polybar.nix) |
| Font | [Victor Mono](https://rubjo.github.io/victor-mono/) | [Link](./modules/nixos/graphical/fonts.nix) |
| Launcher | [Rofi](https://github.com/davatorium/rofi) | [Link](./modules/nixos/graphical/rofi.nix) |
## User Features
| Feature | Program | Configuration |
|--------------|----------------------------------------------------------------------------------|----------------------------------------------------|
| Dotfiles | [Home-Manager](https://github.com/nix-community/home-manager) | [Link](./modules/common) |
| Terminal | [Kitty](https://sw.kovidgoyal.net/kitty/) | [Link](./modules/common/applications/kitty.nix) |
| Shell | [Fish](https://fishshell.com/) | [Link](./modules/common/shell/fish) |
| Shell Prompt | [Starship](https://starship.rs/) | [Link](./modules/common/shell/starship.nix) |
| Colorscheme | [Gruvbox](https://github.com/morhetz/gruvbox) | [Link](./colorscheme/gruvbox/default.nix) |
| Wallpaper | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix) |
| Text Editor | [Neovim](https://neovim.io/) | [Link](./modules/common/neovim/config) |
| Browser | [Firefox](https://www.mozilla.org/en-US/firefox/new/) | [Link](./modules/common/applications/firefox.nix) |
| E-Mail | [Aerc](https://aerc-mail.org/) | [Link](./modules/common/mail/aerc.nix) |
| File Manager | [Nautilus](https://wiki.gnome.org/action/show/Apps/Files) | [Link](./modules/common/applications/nautilus.nix) |
| PDF Reader | [Zathura](https://pwmt.org/projects/zathura/) | [Link](./modules/common/applications/media.nix) |
| Video Player | [mpv](https://mpv.io/) | [Link](./modules/common/applications/media.nix) |
## macOS Features
| Feature | Program | Configuration |
|----------|---------------------------------------------|--------------------------------------|
| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
# Diagram
![Diagram](https://github.com/nmasur/dotfiles/assets/7386960/4cc22285-cea1-4831-b387-a82241184381)
---
# Unique Configurations
This repo contains a few more elaborate elements of configuration.
- [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
and source-controlled plugins, differing based on installed LSPs, for example.
- [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based
dynamically on enabled services rendered with Nix.
- [Grafana config](./modules/nixos/services/grafana.nix) rendered with Nix.
- Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
agenix.
- Base16 [colorschemes](./colorscheme/) applied to multiple applications,
including Firefox userChrome.
--- ---
# Installation # Installation
Click [here](./docs/installation.md) for detailed installation instructions. ## NixOS - From Live Disk
# Neovim Format drives and build system from any NixOS host, including the live
installer disk:
Try out my Neovim config with nix: **This will erase your drives; use at your own risk!**
```bash ```bash
nix run github:nmasur/dotfiles#neovim lsblk # Choose the disk you want to wipe
nix-shell -p nixFlakes
nix run github:nmasur/dotfiles#installer -- nvme0n1 desktop
``` ```
Or build it as a package: ## NixOS - From Existing System
If you're already running NixOS, you can switch to this configuration with the
following command:
```bash ```bash
nix build github:nmasur/dotfiles#neovim nix-shell -p nixFlakes
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#desktop
``` ```
If you already have a Neovim configuration, you may need to move it out of ## Windows - From NixOS WSL
`~/.config/nvim` or set `XDG_CONFIG_HOME` to another value; otherwise both
configs might conflict with each other. After [installing NixOS on
WSL](https://xeiaso.net/blog/nix-flakes-4-wsl-2022-05-01), you can switch to
the WSL configuration:
```
nix-shell -p nixFlakes
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#wsl
```
## macOS
To get started on a bare macOS installation, first install Nix:
```bash
sh -c "$(curl -L https://nixos.org/nix/install)"
```
Then use Nix to build nix-darwin:
```bash
nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
./result/bin/darwin-installer
```
Then switch to the macOS configuration:
```bash
darwin-rebuild switch --flake github:nmasur/dotfiles#macbook
```
### Dealing with corporate MITM SSL certificates:
```bash
# Get the certificates
openssl s_client -showcerts -verify 5 -connect cache.nixos.org:443 < /dev/null
# Paste them in here
sudo nvim $NIX_SSL_CERT_FILE
```
### Dealing with Neovim issues:
Update Neovim Packer plugins: `:PackerSync`
Update TreeSitter languages: `:TSUpdateSync`
---
# Flake Templates # Flake Templates

9
apps/README.md
View File

@ -1,9 +0,0 @@
# Apps
These are all my miscellaneous utilies and scripts to accompany this project.
They can be run with:
```
nix run github:nmasur/dotfiles#appname
```

31
apps/default.nix
View File

@ -1,31 +0,0 @@
{ pkgs, ... }:
rec {
# Show quick helper
default = import ./help.nix { inherit pkgs; };
# Format primary disk
format-root = import ./format-root.nix { inherit pkgs; };
# Format and install from nothing (deprecated)
installer = import ./installer.nix { inherit pkgs; };
# Display the readme for this repository
readme = import ./readme.nix { inherit pkgs; };
# Rebuild
rebuild = import ./rebuild.nix { inherit pkgs; };
# Load the SSH key for this machine
loadkey = import ./loadkey.nix { inherit pkgs; };
# Encrypt secret for all machines
encrypt-secret = import ./encrypt-secret.nix { inherit pkgs; };
# Re-encrypt secrets for all machines
reencrypt-secrets = import ./reencrypt-secrets.nix { inherit pkgs; };
# Run neovim as an app
neovim = import ./neovim.nix { inherit pkgs; };
nvim = neovim;
}

19
apps/encrypt-secret.nix
View File

@ -1,19 +0,0 @@
{ pkgs, ... }:
{
# nix run github:nmasur/dotfiles#encrypt-secret > private/mysecret.age
type = "app";
program = builtins.toString (
pkgs.writeShellScript "encrypt-secret" ''
printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2
read -p "Secret: " secret
printf "\nEncrypting...\n\n" 1>&2
tmpfile=$(mktemp)
echo "''${secret}" > ''${tmpfile}
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile
rm $tmpfile
''
);
}

9
apps/format-root.nix
View File

@ -1,9 +0,0 @@
{ pkgs, ... }:
{
# This script will partition and format drives; use at your own risk!
type = "app";
program = pkgs.lib.getExe pkgs.nmasur.format-root;
}

24
apps/help.nix
View File

@ -1,24 +0,0 @@
{ pkgs, ... }:
{
type = "app";
program = builtins.toString (
pkgs.writeShellScript "default" ''
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
echo ""
echo ""
${pkgs.gum}/bin/gum format --type=template -- \
' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \
echo ""
echo ""
''
);
}

34
apps/installer.nix
View File

@ -1,13 +1,11 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# Inspired by https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix # Inspired by https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix
# This script will partition and format drives; use at your own risk! # This script will partition and format drives; use at your own risk!
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "installer" ''
pkgs.writeShellScript "installer" ''
set -e set -e
DISK=$1 DISK=$1
@ -15,12 +13,10 @@
PARTITION_PREFIX="" PARTITION_PREFIX=""
if [ -z "$DISK" ] || [ -z "$FLAKE" ]; then if [ -z "$DISK" ] || [ -z "$FLAKE" ]; then
${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \ echo "Missing required parameter."
--foreground "#fb4934" \ echo "Usage: installer -- <disk> <host>"
"Missing required parameter." \ echo "Example: installer -- nvme0n1 desktop"
"Usage: installer -- <disk> <host>" \ echo "Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 desktop"
"Example: installer -- nvme0n1 tempest" \
"Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest"
echo "(exiting)" echo "(exiting)"
exit 1 exit 1
fi fi
@ -29,14 +25,10 @@
PARTITION_PREFIX="p" PARTITION_PREFIX="p"
esac esac
${pkgs.gum}/bin/gum confirm \ parted /dev/''${DISK} -- mklabel gpt
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \ parted /dev/''${DISK} -- mkpart primary 512MiB 100%
--default=false parted /dev/''${DISK} -- mkpart ESP fat32 1MiB 512MiB
parted /dev/''${DISK} -- set 3 esp on
${pkgs.parted}/bin/parted /dev/''${DISK} -- mklabel gpt
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart primary 512MiB 100%
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart ESP fat32 1MiB 512MiB
${pkgs.parted}/bin/parted /dev/''${DISK} -- set 3 esp on
mkfs.ext4 -L nixos /dev/''${DISK}''${PARTITION_PREFIX}1 mkfs.ext4 -L nixos /dev/''${DISK}''${PARTITION_PREFIX}1
mkfs.fat -F 32 -n boot /dev/''${DISK}''${PARTITION_PREFIX}2 mkfs.fat -F 32 -n boot /dev/''${DISK}''${PARTITION_PREFIX}2
@ -44,7 +36,7 @@
mkdir --parents /mnt/boot mkdir --parents /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot mount /dev/disk/by-label/boot /mnt/boot
${pkgs.nixos-install-tools}/bin/nixos-install --flake github:nmasur/dotfiles#''${FLAKE} nixos-install --flake github:nmasur/dotfiles#''${FLAKE}
'' '');
);
} }

12
apps/neovim.nix
View File

@ -1,12 +0,0 @@
{ pkgs, ... }:
{
type = "app";
program = "${
(import ../modules/common/neovim/package {
inherit pkgs;
colors = (import ../colorscheme/nord).dark;
})
}/bin/nvim";
}

12
apps/readme.nix
View File

@ -1,11 +1,9 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "readme" ''
pkgs.writeShellScript "readme" '' ${pkgs.glow}/bin/glow ${builtins.toString ../README.md}
${pkgs.glow}/bin/glow --pager ${builtins.toString ../README.md} '');
''
);
} }

17
apps/rebuild.nix
View File

@ -1,17 +0,0 @@
{ pkgs, ... }:
{
type = "app";
program = builtins.toString (
pkgs.writeShellScript "rebuild" ''
echo ${pkgs.system}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
if [ "$SYSTEM" == "darwin" ]; then
sudo darwin-rebuild switch --flake ${builtins.toString ../.}
else
doas nixos-rebuild switch --flake ${builtins.toString ../.}
fi
''
);
}

5
colorscheme/README.md
View File

@ -1,5 +0,0 @@
# Colorschemes
Color information for different themes is found here. The colors are sourced
and used with [base16](https://github.com/chriskempson/base16) format
consistently across the system.

22
colorscheme/everforest/default.nix
View File

@ -1,22 +0,0 @@
{
name = "everforest"; # dark, hard
author = "Sainnhe Park";
dark = {
base00 = "#2b3339"; # Default Background
base01 = "#323c41"; # Lighter Background
base02 = "#503946"; # Selection Background
base03 = "#868d80"; # Comments, Invisibles, Line Highlighting
base04 = "#d3c6aa"; # Dark Foreground (Used for status bars)
base05 = "#d3c6aa"; # Default Foreground, Caret, Delimiters, Operators
base06 = "#e9e8d2"; # Light Foreground (Not often used)
base07 = "#fff9e8"; # Light Background (Not often used)
base08 = "#7fbbb3"; # Variables, XML Tags, Markup Link Text, ...
base09 = "#d699b6"; # Integers, Boolean, Constants, ...
base0A = "#83c092"; # Classes, Markup Bold, Search Text Background
base0B = "#dbbc7f"; # Strings, Inherited Class, Markup Code, Diff Inserted
base0C = "#e69875"; # Support, Regular Expressions, Escape Characters, ...
base0D = "#a7c080"; # Functions, Methods, Attribute IDs, Headings
base0E = "#e67e80"; # Keywords, Storage, Selector, Markup Italic, Diff Changed
base0F = "#d699b6"; # Deprecated, Opening/Closing Embedded Language Tags, ...
};
}

44
colorscheme/gruvbox-dark/default.nix
View File

@ -1,44 +0,0 @@
# Gruvbox with a darker background for greater contrast
{
name = "gruvbox-dark"; # Dark, Medium
author = "Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox), ElRastaOk (https://www.reddit.com/user/ElRastaOk)";
dark = {
base00 = "#1D2122"; # ---- This is the change from normal gruvbox
base01 = "#3c3836"; # ---
base02 = "#504945"; # --
base03 = "#665c54"; # -
base04 = "#bdae93"; # +
base05 = "#d5c4a1"; # ++
base06 = "#ebdbb2"; # +++
base07 = "#fbf1c7"; # ++++
base08 = "#fb4934"; # red
base09 = "#fe8019"; # orange
base0A = "#fabd2f"; # yellow
base0B = "#b8bb26"; # green
base0C = "#8ec07c"; # aqua/cyan
base0D = "#83a598"; # blue
base0E = "#d3869b"; # purple
base0F = "#d65d0e"; # brown
batTheme = "gruvbox-dark";
};
light = {
base00 = "#fbf1c7"; # ----
base01 = "#ebdbb2"; # ---
base02 = "#d5c4a1"; # --
base03 = "#bdae93"; # -
base04 = "#665c54"; # +
base05 = "#504945"; # ++
base06 = "#3c3836"; # +++
base07 = "#1D2122"; # ++++ Adjusted darker here
base08 = "#9d0006"; # red
base09 = "#af3a03"; # orange
base0A = "#b57614"; # yellow
base0B = "#79740e"; # green
base0C = "#427b58"; # aqua/cyan
base0D = "#076678"; # blue
base0E = "#8f3f71"; # purple
base0F = "#d65d0e"; # brown
batTheme = "gruvbox-light";
};
}

42
colorscheme/gruvbox/default.nix
View File

@ -1,42 +0,0 @@
{
name = "gruvbox"; # Dark, Medium
author = "Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox)";
dark = {
base00 = "#282828"; # ----
base01 = "#3c3836"; # ---
base02 = "#504945"; # --
base03 = "#665c54"; # -
base04 = "#bdae93"; # +
base05 = "#d5c4a1"; # ++
base06 = "#ebdbb2"; # +++
base07 = "#fbf1c7"; # ++++
base08 = "#fb4934"; # red
base09 = "#fe8019"; # orange
base0A = "#fabd2f"; # yellow
base0B = "#b8bb26"; # green
base0C = "#8ec07c"; # aqua/cyan
base0D = "#83a598"; # blue
base0E = "#d3869b"; # purple
base0F = "#d65d0e"; # brown
batTheme = "gruvbox-dark";
};
light = {
base00 = "#fbf1c7"; # ----
base01 = "#ebdbb2"; # ---
base02 = "#d5c4a1"; # --
base03 = "#bdae93"; # -
base04 = "#665c54"; # +
base05 = "#504945"; # ++
base06 = "#3c3836"; # +++
base07 = "#282828"; # ++++
base08 = "#9d0006"; # red
base09 = "#af3a03"; # orange
base0A = "#b57614"; # yellow
base0B = "#79740e"; # green
base0C = "#427b58"; # aqua/cyan
base0D = "#076678"; # blue
base0E = "#8f3f71"; # purple
base0F = "#d65d0e"; # brown
batTheme = "gruvbox-light";
};
}

23
colorscheme/nord/default.nix
View File

@ -1,23 +0,0 @@
{
name = "nord";
author = "arcticicestudio";
dark = {
base00 = "#2E3440";
base01 = "#3B4252";
base02 = "#434C5E";
base03 = "#4C566A";
base04 = "#D8DEE9";
base05 = "#E5E9F0";
base06 = "#ECEFF4";
base07 = "#8FBCBB";
base08 = "#88C0D0";
base09 = "#81A1C1";
base0A = "#5E81AC";
base0B = "#BF616A";
base0C = "#D08770";
base0D = "#EBCB8B";
base0E = "#A3BE8C";
base0F = "#B48EAD";
batTheme = "nord";
};
}

5
disks/README.md
View File

@ -1,5 +0,0 @@
# Disks
These are my [disko](https://github.com/nix-community/disko) configurations,
which allow me to save desired disk formatting layouts as a declarative file so
I don't have to remember how to format my disks later on.

39
disks/root.nix
View File

@ -1,39 +0,0 @@
{ disk, ... }:
{
disk = {
boot = {
type = "disk";
device = disk;
content = {
type = "gpt";
partitions = {
# Boot partition
ESP = rec {
size = "512MiB";
type = "EF00";
label = "boot";
device = "/dev/disk/by-label/${label}";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
extraArgs = [ "-n ${label}" ];
};
};
# Root partition ext4
root = rec {
size = "100%";
label = "nixos";
device = "/dev/disk/by-label/${label}";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
extraArgs = [ "-L ${label}" ];
};
};
};
};
};
};
}

4
docs/README.md
View File

@ -1,4 +0,0 @@
# Documentation
Reference documents for some of the more complicated services and maintenance
tasks.

73
docs/installation.md
View File

@ -1,73 +0,0 @@
[Back to README](../README.md)
---
# Installation
## NixOS - From Live Disk
Format drives and build system from any NixOS host, including the live
installer disk:
**This will erase your drives; use at your own risk!**
```bash
lsblk # Choose the disk you want to wipe
nix-shell -p nixVersions.stable
nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest
```
## NixOS - From Existing System
If you're already running NixOS, you can switch to this configuration with the
following command:
```bash
nix-shell -p nixVersions.stable
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#tempest
```
## Windows - From NixOS WSL
After [installing NixOS on
WSL](https://xeiaso.net/blog/nix-flakes-4-wsl-2022-05-01), you can switch to
the WSL configuration:
```
nix-shell -p nixVersions.stable
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#hydra
```
You should also download the
[FiraCode](https://github.com/ryanoasis/nerd-fonts/releases/download/v2.2.2/FiraCode.zip)
font and install it on Windows. Install [Alacritty](https://alacritty.org/) and
move the `windows/alacritty.yml` file to
`C:\Users\<user>\AppData\Roaming\alacritty`.
## macOS
To get started on a bare macOS installation, first install Nix:
```bash
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
```
Launch a new shell. Then use Nix to switch to the macOS configuration:
```bash
sudo rm /etc/bashrc
sudo rm /etc/nix/nix.conf
export NIX_SSL_CERT_FILE="$HOME/Documents/t2-ca-bundle.pem"
nix \
--extra-experimental-features flakes \
--extra-experimental-features nix-command \
run nix-darwin -- switch \
--flake github:nmasur/dotfiles#lookingglass
```
Once installed, you can continue to update the macOS configuration:
```bash
darwin-rebuild switch --flake ~/dev/personal/dotfiles
```

82
docs/repair-nextcloud.md
View File

@ -1,82 +0,0 @@
# Repairing Nextcloud
You can run the maintenance commands like this:
```
sudo -u nextcloud nextcloud-occ maintenance:mode --on
sudo -u nextcloud nextcloud-occ maintenance:repair
sudo -u nextcloud nextcloud-occ maintenance:mode --off
```
## Rescan Files
```
sudo -u nextcloud nextcloud-occ files:scan --all
```
## Converting from SQLite to MySQL (mariadb)
First: keep Nextcloud set to SQLite as its dbtype, and separately launch MySQL
as a service by copying the configuration found
[here](https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/nextcloud.nix).
No password is necessary, since the user-based auth works with UNIX sockets.
You can connect to the MySQL instance like this:
```
sudo -u nextcloud mysql -S /run/mysqld/mysqld.sock
```
Create a blank database for Nextcloud:
```sql
create database nextcloud;
```
Now setup the [conversion](https://docs.nextcloud.com/server/17/admin_manual/configuration_database/db_conversion.html):
```
sudo -u nextcloud nextcloud-occ db:convert-type mysql nextcloud localhost nextcloud
```
Ignore the password prompt. Proceed with the conversion.
Now `config.php` will be updated but the override config from NixOS will not
be. Now update your NixOS configuration:
- Remove the `mysql` service you created.
- Set `dbtype` to `mysql`.
- Set `database.createLocally` to `true`.
Rebuild your configuration.
Now, make sure to enable [4-byte
support](https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/mysql_4byte_support.html)
in the database.
## Backing Up MySQL Database
Use this mysqldump command:
```
sudo -u nextcloud mysqldump -S /run/mysqld/mysqld.sock --default-character-set=utf8mb4 nextcloud > backup.sql
```
## Converting to Postgres
Same as MySQL, but run this command instead:
```
sudo -u nextcloud nextcloud-occ db:convert-type pgsql nextcloud /run/postgresql/ nextcloud
```
Then set the `dbtype` to `pgsql`.
## Backing Up Postgres Database
Use this pg_dump command:
```
sudo -u nextcloud pg_dump nextcloud > backup.sql
```

23
docs/restore-calibre.md
View File

@ -1,23 +0,0 @@
# Restoring Calibre From Backup
The `metadata.db` holds the library and `app.db` and `gdrive.db` contain the
web/account information.
Place books directories in `/data/books/`.
Place `metadata.db` in `/var/lib/calibre-web-db/`.
Symlink `metadata.db` to the library:
```
sudo ln -s /var/lib/calibre-web-db/metadata.db /data/books/metadata.db
```
Place `app.db` and `gdrive.db` in `/var/lib/calibre-web/`.
Restart Calibre:
```
sudo systemctl restart calibre-web.service
```

45
docs/zfs.md
View File

@ -1,45 +0,0 @@
# ZFS
Swan runs its root on ext4. The ZFS drives are managed imperatively (this
[disko configuration](../disks/zfs.nix) is an unused work-in-progress).
The basic ZFS settings are managed [here](../modules/nixos/hardware/zfs.nix).
## Creating a New Dataset
```
sudo zfs create tank/mydataset
sudo zfs set compression=zstd tank/myzstddataset
sudo zfs set mountpoint=/data/mydataset tank/mydataset
```
## Maintenance
### Get Status
```
sudo zpool status
```
### Replace Disk
```
sudo zdb
sudo zpool status -g # Show by GUID
sudo zpool offline tank <GUID>
sudo zpool status
# Remove old disk, insert new disk
sudo zdb
sudo zpool replace tank <OLD GUID> /dev/disk/by-id/<NEW PATH>
sudo zpool status
```
## Initial Setup
```
sudo zpool create tank raidz1 sda sdb sdc
sudo zpool set ashift=12 tank
sudo zpool set autoexpand=on tank
sudo zpool set compression=on tank
```

520
flake.lock generated
View File

@ -1,20 +1,5 @@
{ {
"nodes": { "nodes": {
"cl-nix-lite": {
"locked": {
"lastModified": 1728174978,
"narHash": "sha256-Grqqg+xuicANB85j0gNEXxi9SBKY7bzGeTuyi95eGcY=",
"owner": "hraban",
"repo": "cl-nix-lite",
"rev": "31cfe6275c341eb3120a99f4b1c8516c49a29d87",
"type": "github"
},
"original": {
"owner": "hraban",
"repo": "cl-nix-lite",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -22,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741229100, "lastModified": 1662478528,
"narHash": "sha256-0HwrTDXp9buEwal/1ymK9uQmzUD5ozIA7CJGqnT/gLs=", "narHash": "sha256-Myjd0HPL5lXri3NXOcJ6gP7IKod2eMweQBKM4uxgEGw=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "adf5c88ba1fe21af5c083b4d655004431f20c5ab", "rev": "3b69bf3cc26ae19de847bfe54d6ab22d7381a90a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -36,51 +21,14 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1740485968,
"narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
"owner": "nix-community",
"repo": "disko",
"rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1730663653, "lastModified": 1650374568,
"narHash": "sha256-kFCUWettiFHDIqxCWWQ9qY8pVh+Lj+XL0Giyy/kdomg=", "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "hraban",
"repo": "flake-compat",
"rev": "e5b16676185cb7548581c852f51ce7f3a49bba5e",
"type": "github"
},
"original": {
"owner": "hraban",
"ref": "fixed-output",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -89,57 +37,13 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": {
"systems": [
"mac-app-util",
"systems"
]
},
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1659877975,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"id": "flake-utils",
"type": "indirect"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -152,14 +56,15 @@
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1741378606, "lastModified": 1663328500,
"narHash": "sha256-ytDmwV93lZ1f6jswJkxEQz5cBlwje/2rH/yUZDADZNs=", "narHash": "sha256-7n+J/exp8ky4dmk02y5a9R7CGmJvHpzrHMzfEkMtSWA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "95711f926676018d279ba09fe7530d03b5d5b3e2", "rev": "5427f3d1f0ea4357cd4af0bffee7248d640c6ffc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -169,146 +74,13 @@
"type": "github" "type": "github"
} }
}, },
"mac-app-util": {
"inputs": {
"cl-nix-lite": "cl-nix-lite",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1739821351,
"narHash": "sha256-QlVtMzAhECs9Esq3txqVW7/vM78ipB5IcI8uyCbTP7A=",
"owner": "hraban",
"repo": "mac-app-util",
"rev": "c00d5b21ca1fdab8acef65e696795f0f15ec1158",
"type": "github"
},
"original": {
"owner": "hraban",
"repo": "mac-app-util",
"type": "github"
}
},
"nextcloud-cookbook": {
"flake": false,
"locked": {
"lastModified": 1726214817,
"narHash": "sha256-Pfa+Xbopg20os+pnGgg+wpEX1MI5fz5JMb0K4a8rBhs=",
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz"
}
},
"nextcloud-external": {
"flake": false,
"locked": {
"lastModified": 1729501365,
"narHash": "sha256-OV6HhFBzmnQBO5btGEnqmKlaUMY7/t2Qm3XebclpBlM=",
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz"
}
},
"nextcloud-news": {
"flake": false,
"locked": {
"lastModified": 1729667622,
"narHash": "sha256-pnvyMZQ+NYMgH0Unfh5S19HdZSjnghgoUDAoi2KIXNI=",
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz"
}
},
"nextcloud-snappymail": {
"flake": false,
"locked": {
"lastModified": 1728502660,
"narHash": "sha256-oCw6Brs85rINBHvz3UJXheyLVqvA3RgPXG03b30Fx7E=",
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz"
}
},
"nix2vim": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1740943170,
"narHash": "sha256-A0F7T/euSMen004cVQN/ZkMpLkgLXDs+mq/merhd+0Y=",
"owner": "gytis-ivaskevicius",
"repo": "nix2vim",
"rev": "a562f32ff2393d0ed198103c65a3035bcdf83d4d",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "nix2vim",
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1740947705,
"narHash": "sha256-Co2kAD2SZalOm+5zoxmzEVZNvZ17TyafuFsD46BwSdY=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "507911df8c35939050ae324caccc7cf4ffb76565",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1741246872, "lastModified": 1663357389,
"narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=", "narHash": "sha256-oYA2nVRSi6yhCBqS5Vz465Hw+3BQOVFEhfbfy//3vTs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "10069ef4cf863633f57238f179a0297de84bd8d3", "rev": "da6a05816e7fa5226c3f61e285ef8d9dfc868f3c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -318,36 +90,28 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1735563628, "lastModified": 1660318005,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", "narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", "rev": "5c211b47aeadcc178c5320afd4e74c7eed5c389f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "id": "nixpkgs",
"ref": "nixos-24.05", "ref": "nixos-22.05",
"repo": "nixpkgs", "type": "indirect"
"type": "github"
} }
}, },
"nur": { "nur": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": { "locked": {
"lastModified": 1741383898, "lastModified": 1663440270,
"narHash": "sha256-hIiLfvj0qZjBLhk5eBhIv8SZJ+bI8d06Hxp480mJ1aI=", "narHash": "sha256-RkBoLyxamsBqRn9lB9RbFSDg7KHiGgHBsrpffEVXWCQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nur", "repo": "nur",
"rev": "54352c3c3110f34e71a2ae9a0210aa6955555760", "rev": "7511d58da488c67887745f40fd4846aa8c876d25",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -359,208 +123,56 @@
"root": { "root": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"disko": "disko",
"home-manager": "home-manager", "home-manager": "home-manager",
"mac-app-util": "mac-app-util",
"nextcloud-cookbook": "nextcloud-cookbook",
"nextcloud-external": "nextcloud-external",
"nextcloud-news": "nextcloud-news",
"nextcloud-snappymail": "nextcloud-snappymail",
"nix2vim": "nix2vim",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable",
"nur": "nur", "nur": "nur",
"tree-sitter-bash": "tree-sitter-bash", "wallpapers": "wallpapers",
"tree-sitter-ini": "tree-sitter-ini", "wsl": "wsl"
"tree-sitter-lua": "tree-sitter-lua",
"tree-sitter-puppet": "tree-sitter-puppet",
"tree-sitter-python": "tree-sitter-python",
"tree-sitter-rasi": "tree-sitter-rasi",
"tree-sitter-vimdoc": "tree-sitter-vimdoc",
"wsl": "wsl",
"zenyd-mpv-scripts": "zenyd-mpv-scripts"
} }
}, },
"systems": { "utils": {
"locked": { "locked": {
"lastModified": 1689347925, "lastModified": 1659877975,
"narHash": "sha256-ozenz5bFe1UUqOn7f60HRmgc01BgTGIKZ4Xl+HbocGQ=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "nix-systems",
"repo": "default-darwin",
"rev": "2235d7e6cc29ae99878133c95e9fe5e157661ffb",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-darwin",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tree-sitter-bash": {
"flake": false,
"locked": {
"lastModified": 1738310128,
"narHash": "sha256-ODWgFpCLLPgzNYXFhfAVvDXPr5bW8/49ezsaS9MOWMk=",
"owner": "tree-sitter",
"repo": "tree-sitter-bash",
"rev": "0c46d792d54c536be5ff7eb18eb95c70fccdb232",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"ref": "master",
"repo": "tree-sitter-bash",
"type": "github"
}
},
"tree-sitter-ini": {
"flake": false,
"locked": {
"lastModified": 1725233451,
"narHash": "sha256-G11Aynq2rnkRwdkhspjYqtBD/h5k4aD+NvuE0QfploU=",
"owner": "justinmk",
"repo": "tree-sitter-ini",
"rev": "962568c9efa71d25720ab42c5d36e222626ef3a6",
"type": "github"
},
"original": {
"owner": "justinmk",
"repo": "tree-sitter-ini",
"type": "github"
}
},
"tree-sitter-lua": {
"flake": false,
"locked": {
"lastModified": 1738303275,
"narHash": "sha256-mE84uI5AKbLvX5CM7NvA59Z8Ux+QFdqVjZf4hi06NAM=",
"owner": "MunifTanjim",
"repo": "tree-sitter-lua",
"rev": "68d29aa745b68ae22cbbdb5dcb68c20232521ff6",
"type": "github"
},
"original": {
"owner": "MunifTanjim",
"ref": "main",
"repo": "tree-sitter-lua",
"type": "github"
}
},
"tree-sitter-puppet": {
"flake": false,
"locked": {
"lastModified": 1734835631,
"narHash": "sha256-bO5g5AdhzpB13yHklpAndUHIX7Rvd7OMjH0Ds2ATA6Q=",
"owner": "amaanq",
"repo": "tree-sitter-puppet",
"rev": "15f192929b7d317f5914de2b4accd37b349182a6",
"type": "github"
},
"original": {
"owner": "amaanq",
"repo": "tree-sitter-puppet",
"type": "github"
}
},
"tree-sitter-python": {
"flake": false,
"locked": {
"lastModified": 1738275152,
"narHash": "sha256-t9etfZcrliF7f9hfiomh2U9P+3ufAm8iSK1y9rOhP7s=",
"owner": "tree-sitter",
"repo": "tree-sitter-python",
"rev": "710796b8b877a970297106e5bbc8e2afa47f86ec",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"ref": "master",
"repo": "tree-sitter-python",
"type": "github"
}
},
"tree-sitter-rasi": {
"flake": false,
"locked": {
"lastModified": 1716296585,
"narHash": "sha256-sPrIVgGGaBaXeqHNxjcdJ/S2FvxyV6rD9UPKU/tpspw=",
"owner": "Fymyte",
"repo": "tree-sitter-rasi",
"rev": "6c9bbcfdf5f0f553d9ebc01750a3aa247a37b8aa",
"type": "github"
},
"original": {
"owner": "Fymyte",
"repo": "tree-sitter-rasi",
"type": "github"
}
},
"tree-sitter-vimdoc": {
"flake": false,
"locked": {
"lastModified": 1729686839,
"narHash": "sha256-Vrl4/cZL+TWlUMEeWZoHCAWhvlefcl3ajGcwyTNKOhI=",
"owner": "neovim",
"repo": "tree-sitter-vimdoc",
"rev": "d2e4b5c172a109966c2ce0378f73df6cede39400",
"type": "github"
},
"original": {
"owner": "neovim",
"repo": "tree-sitter-vimdoc",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "flake-utils",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53", "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "flake-utils",
"type": "github" "type": "github"
} }
}, },
"wallpapers": {
"flake": false,
"locked": {
"lastModified": 1657544922,
"narHash": "sha256-1c1uDz37MhksWC75myv6jao5q2mIzD8X8I+TykXXmWg=",
"owner": "exorcist365",
"repo": "wallpapers",
"rev": "8d2860ac6c05cec0f78d5c9d07510f4ff5da90dc",
"type": "gitlab"
},
"original": {
"owner": "exorcist365",
"repo": "wallpapers",
"type": "gitlab"
}
},
"wsl": { "wsl": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat",
"nixpkgs": [ "flake-utils": "flake-utils",
"nixpkgs" "nixpkgs": "nixpkgs_2"
]
}, },
"locked": { "locked": {
"lastModified": 1741192150, "lastModified": 1661772734,
"narHash": "sha256-wB140alXVla1Rw/kENerUoma2qO1Jy5IYWbmiSqmJu0=", "narHash": "sha256-DkvAaLDg9D6O0i2MzUknaf/U078K4KWAZaJQmNC/tL8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "0e4ccdb8181da2c6193c047b50ffee5f1a3b6dc1", "rev": "c1b0259313f661cf74051c916cf3bb4f061ce11f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -568,22 +180,6 @@
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"type": "github" "type": "github"
} }
},
"zenyd-mpv-scripts": {
"flake": false,
"locked": {
"lastModified": 1707704915,
"narHash": "sha256-9P/8q/OZXfaJMS08acQP4h3/zUA5mKRQee0JmkXcz1w=",
"owner": "zenyd",
"repo": "mpv-scripts",
"rev": "9bdce0050144cb24f92475f7bdd77180e0e4c26b",
"type": "github"
},
"original": {
"owner": "zenyd",
"repo": "mpv-scripts",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

520
flake.nix
View File

@ -1,5 +1,5 @@
{ {
description = "An opinionated flake containing the NixOS, nix-darwin, and home-manager configurations for multiple systems."; description = "My system";
# Other flakes that we want to pull from # Other flakes that we want to pull from
inputs = { inputs = {
@ -7,507 +7,129 @@
# Used for system packages # Used for system packages
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Used for specific stable packages
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
# Used for MacOS system config # Used for MacOS system config
darwin = { darwin = {
url = "github:lnl7/nix-darwin/master"; url = "github:/lnl7/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Used for Windows Subsystem for Linux compatibility # Used for Windows Subsystem for Linux compatibility
wsl = { wsl.url = "github:nix-community/NixOS-WSL";
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
# Used for user packages and dotfiles # Used for user packages
home-manager = { home-manager = {
url = "github:nix-community/home-manager/master"; url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list for their inputs inputs.nixpkgs.follows =
"nixpkgs"; # Use system packages list where available
}; };
# Community packages; used for Firefox extensions # Community packages; used for Firefox extensions
nur = { nur.url = "github:nix-community/nur";
url = "github:nix-community/nur";
inputs.nixpkgs.follows = "nixpkgs";
};
# # Use official Firefox binary for macOS # Wallpapers
# firefox-darwin = { wallpapers = {
# url = "github:bandithedoge/nixpkgs-firefox-darwin"; url = "gitlab:exorcist365/wallpapers";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# Better App install management in macOS
mac-app-util = {
url = "github:hraban/mac-app-util";
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list for their inputs
};
# Manage disk format and partitioning
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
# # Wallpapers
# wallpapers = {
# url = "gitlab:exorcist365/wallpapers";
# flake = false;
# };
# Used to generate NixOS images for other platforms
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
# Convert Nix to Neovim config
nix2vim = {
url = "github:gytis-ivaskevicius/nix2vim";
inputs.nixpkgs.follows = "nixpkgs";
};
# # Neovim plugins
# base16-nvim-src = {
# url = "github:RRethy/base16-nvim";
# flake = false;
# };
# nvim-lspconfig-src = {
# # https://github.com/neovim/nvim-lspconfig/tags
# url = "github:neovim/nvim-lspconfig/v0.1.8";
# flake = false;
# };
# cmp-nvim-lsp-src = {
# url = "github:hrsh7th/cmp-nvim-lsp";
# flake = false;
# };
# baleia-nvim-src = {
# # https://github.com/m00qek/baleia.nvim/tags
# url = "github:m00qek/baleia.nvim";
# flake = false;
# };
# nvim-treesitter-src = {
# # https://github.com/nvim-treesitter/nvim-treesitter/tags
# url = "github:nvim-treesitter/nvim-treesitter/v0.9.2";
# flake = false;
# };
# telescope-nvim-src = {
# # https://github.com/nvim-telescope/telescope.nvim/releases
# url = "github:nvim-telescope/telescope.nvim/0.1.8";
# flake = false;
# };
# telescope-project-nvim-src = {
# url = "github:nvim-telescope/telescope-project.nvim";
# flake = false;
# };
# toggleterm-nvim-src = {
# # https://github.com/akinsho/toggleterm.nvim/tags
# url = "github:akinsho/toggleterm.nvim/v2.12.0";
# flake = false;
# };
# bufferline-nvim-src = {
# # https://github.com/akinsho/bufferline.nvim/releases
# url = "github:akinsho/bufferline.nvim/v4.6.1";
# flake = false;
# };
# nvim-tree-lua-src = {
# url = "github:kyazdani42/nvim-tree.lua";
# flake = false;
# };
# hmts-nvim-src = {
# url = "github:calops/hmts.nvim";
# flake = false;
# };
# fidget-nvim-src = {
# # https://github.com/j-hui/fidget.nvim/tags
# url = "github:j-hui/fidget.nvim/v1.4.5";
# flake = false;
# };
# nvim-lint-src = {
# url = "github:mfussenegger/nvim-lint";
# flake = false;
# };
# tiny-inline-diagnostic-nvim-src = {
# url = "github:rachartier/tiny-inline-diagnostic.nvim";
# flake = false;
# };
# snipe-nvim-src = {
# url = "github:leath-dub/snipe.nvim";
# flake = false;
# };
# Tree-Sitter Grammars
tree-sitter-bash = {
url = "github:tree-sitter/tree-sitter-bash/master";
flake = false;
};
tree-sitter-python = {
url = "github:tree-sitter/tree-sitter-python/master";
flake = false;
};
tree-sitter-lua = {
url = "github:MunifTanjim/tree-sitter-lua/main";
flake = false;
};
tree-sitter-ini = {
url = "github:justinmk/tree-sitter-ini";
flake = false;
};
tree-sitter-puppet = {
url = "github:amaanq/tree-sitter-puppet";
flake = false;
};
tree-sitter-rasi = {
url = "github:Fymyte/tree-sitter-rasi";
flake = false;
};
tree-sitter-vimdoc = {
url = "github:neovim/tree-sitter-vimdoc";
flake = false; flake = false;
}; };
# MPV Scripts
zenyd-mpv-scripts = {
url = "github:zenyd/mpv-scripts";
flake = false;
}; };
# # Git alternative outputs = { self, nixpkgs, darwin, wsl, home-manager, nur, wallpapers }:
# # Fixes: https://github.com/martinvonz/jj/issues/4784
# jujutsu = {
# url = "github:martinvonz/jj";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# Nextcloud Apps
nextcloud-news = {
# https://github.com/nextcloud/news/releases
url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz";
flake = false;
};
nextcloud-external = {
# https://github.com/nextcloud-releases/external/releases
url = "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz";
flake = false;
};
nextcloud-cookbook = {
# https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz";
flake = false;
};
nextcloud-snappymail = {
# https://github.com/the-djmaze/snappymail/releases
# https://snappymail.eu/repository/nextcloud
url = "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz";
# url = "https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.3/snappymail-2.36.3-nextcloud.tar.gz";
flake = false;
};
};
outputs =
{ nixpkgs, ... }@inputs:
let let
# Global configuration for my systems # Global configuration for my systems
globals = globals = rec {
let
baseName = "masu.rs";
in
rec {
user = "noah"; user = "noah";
fullName = "Noah Masur"; fullName = "Noah Masur";
gitName = fullName; gitName = fullName;
gitEmail = "7386960+nmasur@users.noreply.github.com"; gitEmail = "7386960+nmasur@users.noreply.github.com";
mail.server = "noahmasur.com"; mailServer = "noahmasur.com";
mail.imapHost = "imap.purelymail.com";
mail.smtpHost = "smtp.purelymail.com";
dotfilesRepo = "https://github.com/nmasur/dotfiles"; dotfilesRepo = "https://github.com/nmasur/dotfiles";
hostnames = {
audiobooks = "read.${baseName}";
books = "books.${baseName}";
budget = "money.${baseName}";
content = "cloud.${baseName}";
download = "download.${baseName}";
files = "files.${baseName}";
git = "git.${baseName}";
imap = "imap.purelymail.com";
influxdb = "influxdb.${baseName}";
irc = "irc.${baseName}";
mail = "noahmasur.com";
metrics = "metrics.${baseName}";
minecraft = "minecraft.${baseName}";
n8n = "n8n.${baseName}";
notifications = "ntfy.${baseName}";
paperless = "paper.${baseName}";
photos = "photos.${baseName}";
prometheus = "prom.${baseName}";
secrets = "vault.${baseName}";
smtp = "smtp.purelymail.com";
status = "status.${baseName}";
stream = "stream.${baseName}";
transmission = "transmission.${baseName}";
}; };
};
# Common overlays to always use
overlays = [
inputs.nur.overlays.default
inputs.nix2vim.overlay
# inputs.jujutsu.overlays.default # Fix: https://github.com/martinvonz/jj/issues/4784
# (import ./overlays/neovim-plugins.nix inputs)
# (import ./overlays/tree-sitter.nix inputs)
# (import ./overlays/mpv-scripts.nix inputs)
# (import ./overlays/nextcloud-apps.nix inputs)
# (import ./overlays/pkgs.nix)
] ++ (import ./overlays inputs);
# System types to support. # System types to support.
supportedSystems = [ supportedSystems =
"x86_64-linux" [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
"x86_64-darwin"
"aarch64-linux"
"aarch64-darwin"
];
# Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'. # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
forAllSystems = nixpkgs.lib.genAttrs supportedSystems; forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
# { system -> pkgs } in {
pkgsBySystem = forAllSystems (
system:
import nixpkgs {
inherit system overlays;
config.permittedInsecurePackages = [ "litestream-0.3.13" ];
config.allowUnfree = true;
}
);
# stablePkgsBySystem = forAllSystems (system: import nixpkgs { inherit system overlays; });
buildHome = nixosConfigurations = {
{ pkgs, modules }: desktop = import ./hosts/desktop {
inputs.home-manager.lib.homeManagerConfiguration { inherit nixpkgs home-manager nur globals wallpapers;
inherit pkgs; };
modules = modules ++ [ wsl = import ./hosts/wsl { inherit nixpkgs wsl home-manager globals; };
./platforms/home-manager
];
}; };
buildNixos = darwinConfigurations = {
{ pkgs, modules }: macbook = import ./hosts/macbook {
nixpkgs.lib.nixosSystem { inherit nixpkgs darwin home-manager nur globals;
inherit pkgs;
modules = modules ++ [
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
inputs.wsl.nixosModules.wsl
./platforms/nixos
{
home-manager.extraSpecialArgs = {
hostnames = globals.hostnames;
};
}
];
specialArgs = {
hostnames = globals.hostnames;
}; };
}; };
buildDarwin = apps = forAllSystems (system:
{ pkgs, modules }: let pkgs = import nixpkgs { inherit system; };
inputs.darwin.lib.darwinSystem { in rec {
inherit pkgs; default = readme;
modules = modules ++ [
inputs.home-manager.darwinModules.home-manager
inputs.mac-app-util.darwinModules.default
./platforms/nix-darwin
];
};
x86_64-linux-hosts = (import ./hosts-by-platform nixpkgs).x86_64-linux-hosts; # Format and install from nothing
aarch64-linux-hosts = (import ./hosts-by-platform nixpkgs).aarch64-linux-hosts; installer = import ./apps/installer.nix { inherit pkgs; };
aarch64-darwin-hosts = (import ./hosts-by-platform nixpkgs).aarch64-darwin-hosts;
in # Display the readme for this repository
rec { readme = import ./apps/readme.nix { inherit pkgs; };
# The plan });
# Import all the host configurations as modules
# Setup the modules as nixosModules, homeModules, darwinModules
# Create nixosConfigurations using the different pkgs for each system
# What to do with home config?
nixosModules = x86_64-linux-hosts // aarch64-linux-hosts; devShells = forAllSystems (system:
darwinModules = aarch64-darwin-hosts; let pkgs = import nixpkgs { inherit system; };
in {
inherit buildDarwin pkgsBySystem;
# Contains my full system builds, including home-manager
# nixos-rebuild switch --flake .#tempest
nixosConfigurations =
(builtins.mapAttrs (
name: module:
buildNixos {
pkgs = pkgsBySystem.x86_64-linux;
modules = [ module ];
}
) x86_64-linux-hosts)
// (builtins.mapAttrs (
name: module:
buildNixos {
pkgs = pkgsBySystem.aarch64-linux;
modules = [ module ];
}
) aarch64-linux-hosts);
# Contains my full Mac system builds, including home-manager
# darwin-rebuild switch --flake .#lookingglass
darwinConfigurations = builtins.mapAttrs (
name: module:
buildDarwin {
pkgs = pkgsBySystem.aarch64-darwin;
modules = [ module ];
}
) aarch64-darwin-hosts;
# For quickly applying home-manager settings with:
# home-manager switch --flake .#tempest
homeConfigurations = builtins.mapAttrs (
name: module:
buildHome {
pkgs = pkgsBySystem.x86_64-linux;
module = [ module ];
}
) nixosModules;
# Disk formatting, only used once
diskoConfigurations = {
root = import ./disks/root.nix;
};
# packages =
# let
# staff =
# system:
# import ./hosts/staff {
# inherit
# inputs
# globals
# overlays
# system
# ;
# };
# neovim =
# system:
# let
# pkgs = import nixpkgs { inherit system overlays; };
# in
# import ./modules/common/neovim/package {
# inherit pkgs;
# colors = (import ./colorscheme/gruvbox-dark).dark;
# };
# in
# {
# x86_64-linux.staff = staff "x86_64-linux";
# x86_64-linux.arrow = inputs.nixos-generators.nixosGenerate rec {
# system = "x86_64-linux";
# format = "iso";
# modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; };
# };
# x86_64-linux.arrow-aws = inputs.nixos-generators.nixosGenerate rec {
# system = "x86_64-linux";
# format = "amazon";
# modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; } ++ [
# (
# { ... }:
# {
# boot.kernelPackages = inputs.nixpkgs.legacyPackages.x86_64-linux.linuxKernel.packages.linux_6_6;
# amazonImage.sizeMB = 16 * 1024;
# permitRootLogin = "prohibit-password";
# boot.loader.systemd-boot.enable = inputs.nixpkgs.lib.mkForce false;
# boot.loader.efi.canTouchEfiVariables = inputs.nixpkgs.lib.mkForce false;
# services.amazon-ssm-agent.enable = true;
# users.users.ssm-user.extraGroups = [ "wheel" ];
# }
# )
# ];
# };
# # Package Neovim config into standalone package
# x86_64-linux.neovim = neovim "x86_64-linux";
# x86_64-darwin.neovim = neovim "x86_64-darwin";
# aarch64-linux.neovim = neovim "aarch64-linux";
# aarch64-darwin.neovim = neovim "aarch64-darwin";
# };
mypackages = forAllSystems (system: pkgsBySystem.${system}.nmasur);
packages = mypackages;
# # Programs that can be run by calling this flake
# apps = forAllSystems (
# system:
# let
# pkgs = import nixpkgs { inherit system overlays; };
# in
# import ./apps { inherit pkgs; }
# );
# Development environments
devShells = forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
{
# Used to run commands and edit files in this repo # Used to run commands and edit files in this repo
default = pkgs.mkShell { default = pkgs.mkShell {
buildInputs = with pkgs; [ git stylua nixfmt shfmt shellcheck ];
};
# Used for cloud and systems development and administration
devops = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
git git
stylua terraform
nixfmt-rfc-style consul
shfmt vault
shellcheck awscli2
google-cloud-sdk
kubectl
kubernetes-helm
kustomize
fluxcd
]; ];
}; };
}
);
checks = forAllSystems ( });
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
{
neovim =
pkgs.runCommand "neovim-check-health" { buildInputs = [ inputs.self.packages.${system}.neovim ]; }
''
mkdir -p $out
export HOME=$TMPDIR
nvim -c "checkhealth" -c "write $out/health.log" -c "quitall"
# Check for errors inside the health log
if $(grep "ERROR" $out/health.log); then
cat $out/health.log
exit 1
fi
'';
}
);
formatter = forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
pkgs.nixfmt-rfc-style
);
# Templates for starting other projects quickly # Templates for starting other projects quickly
templates = (import ./templates nixpkgs.lib); templates = rec {
default = basic;
basic = {
path = ./templates/basic;
description = "Basic program template";
};
poetry = {
path = ./templates/poetry;
description = "Poetry template";
};
python = {
path = ./templates/python;
description = "Legacy Python template";
};
haskell = {
path = ./templates/haskell;
description = "Haskell template";
};
};
}; };
} }

37
hosts-by-platform/aarch64-darwin/lookingglass/default.nix
View File

@ -1,37 +0,0 @@
# The Looking Glass
# System configuration for my work Macbook
rec {
networking.hostName = "NYCM-NMASUR2";
networking.computerName = "NYCM-NMASUR2";
nmasur.settings = {
username = "Noah.Masur";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
work.enable = true;
extra.enable = true;
gaming.enable = true;
};
home-manager.users."Noah.Masur" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
};
nmasur.profiles = {
common.enable = true;
darwin-base.enable = true;
power-user.enable = true;
work.enable = true;
experimental.enable = true;
};
nmasur.presets.programs.git = {
name = "Noah-Masur_1701";
email = "${nmasur.settings.username}@take2games.com";
};
};
}

22
hosts-by-platform/aarch64-linux/default.nix
View File

@ -1,22 +0,0 @@
# Return a list of all NixOS hosts
{ nixpkgs, ... }:
let
inherit (nixpkgs) lib;
in
lib.pipe (lib.filesystem.listFilesRecursive ./.) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Remove this file
(builtins.filter (name: name != ./default.nix))
# Import each host function
map
(file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
})
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
]

59
hosts-by-platform/aarch64-linux/flame/default.nix
View File

@ -1,59 +0,0 @@
# The Flame
# System configuration for an Oracle free server
# How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
# These days, probably use nixos-anywhere instead.
rec {
networking.hostName = "flame";
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
server.enable = true;
communications.enable = true;
};
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
power-user.enable = true;
};
home.stateVersion = "23.05";
};
system.stateVersion = "23.05";
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
# I forgot to set a clean label for it
fileSystems."/" = {
device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
fsType = "ext4";
};
# This is the boot filesystem for systemd-boot
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D5CA-237A";
fsType = "vfat";
};
# Allows private remote access over the internet
nmasur.presets.services.cloudflared = {
tunnel = {
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
credentialsFile = ../../../private/cloudflared-flame.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
};
};
}

46
hosts-by-platform/default.nix
View File

@ -1,46 +0,0 @@
# Return a list of all hosts
nixpkgs:
let
inherit (nixpkgs) lib;
in
{
# darwin-hosts = import ./darwin;
aarch64-darwin-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./aarch64-darwin) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Import each host function
(map (file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
}))
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
];
aarch64-linux-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./aarch64-linux) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Remove the first file
(builtins.filter (name: name != ./aarch64-linux/default.nix))
# Import each host function
(map (file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
}))
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
];
x86_64-linux-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./x86_64-linux) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix ".nix" name))
# Import each host function
(map (file: {
name = lib.removeSuffix ".nix" (builtins.baseNameOf file);
value = import file;
}))
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
];
}

64
hosts-by-platform/x86_64-linux/staff.nix
View File

@ -1,64 +0,0 @@
# The Staff
# System configuration test
rec {
# Hardware
networking.hostName = "staff";
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
home.enable = true;
gui.enable = true;
};
nmasur.presets.services.cloudflared.enable = false;
nmasur.presets.services.kanata.enable = false;
nmasur.presets.services.openssh.enable = true;
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
linux-gui.enable = true;
power-user.enable = true;
};
nmasur.presets.services.mbsync = {
user = nmasur.settings.username;
server = "noahmasur.com";
};
home.stateVersion = "23.05";
};
system.stateVersion = "23.05";
# Not sure what's necessary but too afraid to remove anything
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# Allows private remote access over the internet
# nmasur.presets.services.cloudflared = {
# tunnel = {
# id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
# credentialsFile = ../../private/cloudflared-tempest.age;
# ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
# };
# };
}

92
hosts-by-platform/x86_64-linux/swan.nix
View File

@ -1,92 +0,0 @@
# The Swan
# System configuration for my home NAS server
rec {
networking.hostName = "swan";
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
# hostnames =
# let
# baseName = "masu.rs";
# in
# {
# audiobooks = "read.${baseName}";
# books = "books.${baseName}";
# content = "cloud.${baseName}";
# download = "download.${baseName}";
# files = "files.${baseName}";
# paperless = "paper.${baseName}";
# photos = "photos.${baseName}";
# prometheus = "prom.${baseName}";
# stream = "stream.${baseName}";
# };
};
nmasur.profiles = {
base.enable = true;
server.enable = true;
home.enable = true;
nas.enable = true;
};
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
};
home.stateVersion = "23.05";
};
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
];
# Required for transcoding
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelParams = [
"radeon.si_support=0"
"amdgpu.si_support=1"
"radeon.cik_support=0"
"amdgpu.cik_support=1"
"amdgpu.dc=1"
];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize efficiency over performance
powerManagement.cpuFreqGovernor = "powersave";
# Allow firmware updates
hardware.cpu.intel.updateMicrocode = true;
# ZFS
# Generated with: head -c 8 /etc/machine-id
networking.hostId = "600279f4"; # Random ID required for ZFS
# Sets root ext4 filesystem instead of declaring it manually
disko = {
enableConfig = true;
devices = (import ../../../disks/root.nix { disk = "/dev/nvme0n1"; });
};
# Allows private remote access over the internet
nmasur.presets.services.cloudflared = {
tunnel = {
id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
credentialsFile = ../../private/cloudflared-swan.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
};
};
}

110
hosts-by-platform/x86_64-linux/tempest.nix
View File

@ -1,110 +0,0 @@
# The Tempest
# System configuration for my desktop
rec {
# Hardware
networking.hostName = "tempest";
nmasur.settings = {
username = "noah";
fullName = "Noah Masur";
};
nmasur.profiles = {
base.enable = true;
home.enable = true;
gui.enable = true;
gaming.enable = true;
};
home-manager.users."noah" = {
nmasur.settings = {
username = nmasur.settings.username;
fullName = nmasur.settings.fullName;
};
nmasur.profiles = {
common.enable = true;
linux-base.enable = true;
linux-gui.enable = true;
linux-gaming.enable = true;
power-user.enable = true;
developer.enable = true;
experimental.enable = true;
};
nmasur.presets.services.mbsync = {
user = nmasur.settings.username;
server = "noahmasur.com";
};
home.stateVersion = "23.05";
};
system.stateVersion = "23.05";
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
# Graphics and VMs
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
services.xserver.videoDrivers = [ "amdgpu" ];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize performance over efficiency
powerManagement.cpuFreqGovernor = "performance";
# Allow firmware updates
hardware.cpu.amd.updateMicrocode = true;
# Helps reduce GPU fan noise under idle loads
hardware.fancontrol.enable = true;
hardware.fancontrol.config = ''
# Configuration file generated by pwmconfig, changes will be lost
INTERVAL=10
DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
DEVNAME=hwmon0=amdgpu
FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
FCFANS= hwmon0/pwm1=hwmon0/fan1_input
MINTEMP=hwmon0/pwm1=50
MAXTEMP=hwmon0/pwm1=70
MINSTART=hwmon0/pwm1=100
MINSTOP=hwmon0/pwm1=10
MINPWM=hwmon0/pwm1=10
MAXPWM=hwmon0/pwm1=240
'';
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# Allows private remote access over the internet
nmasur.presets.services.cloudflared = {
tunnel = {
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
credentialsFile = ../../../private/cloudflared-tempest.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
};
};
# Allows requests to force machine to wake up
# This network interface might change, needs to be set specifically for each machine.
# Or set usePredictableInterfaceNames = false
networking.interfaces.enp5s0.wakeOnLan.enable = true;
}

18
hosts-old/aarch64-darwin/default.nix
View File

@ -1,18 +0,0 @@
# Return a list of all nix-darwin hosts
{ lib, ... }:
lib.pipe (lib.filesystem.listFilesRecursive ./.) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Remove this file
(builtins.filter (name: name != ./default.nix))
# Import each host function
map
(file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
})
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
]

22
hosts-old/aarch64-linux/default.nix
View File

@ -1,22 +0,0 @@
# Return a list of all NixOS hosts
{ nixpkgs, ... }:
let
inherit (nixpkgs) lib;
in
lib.pipe (lib.filesystem.listFilesRecursive ./.) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Remove this file
(builtins.filter (name: name != ./default.nix))
# Import each host function
map
(file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
})
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
]

98
hosts-old/x86_64-linux/arrow/aws/ec2.tf
View File

@ -1,98 +0,0 @@
resource "aws_instance" "instance" {
ami = aws_ami.image.id
iam_instance_profile = aws_iam_instance_profile.instance.name
instance_type = var.ec2_size
vpc_security_group_ids = [aws_security_group.instance.id]
tags = {
Name = "aws-nixos"
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_ec2_instance_state" "instance" {
instance_id = aws_instance.instance.id
state = "running"
}
data "aws_vpc" "vpc" {
default = true
}
resource "aws_security_group" "instance" {
name = "aws-nixos"
description = "Allow SSH and HTTPS"
vpc_id = data.aws_vpc.vpc.id
ingress {
description = "Ping"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
}
# Setup IAM for the instance to use SSM
data "aws_iam_policy_document" "ec2_assume_role" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "instance_profile" {
statement {
actions = [
"s3:ListAllMyBuckets",
]
resources = ["*"]
}
}
resource "aws_iam_role" "instance_profile" {
name = "nixos"
assume_role_policy = data.aws_iam_policy_document.ec2_assume_role.json
inline_policy {
name = "instance-profile"
policy = data.aws_iam_policy_document.instance_profile.json
}
}
resource "aws_iam_role_policy_attachment" "instance_ssm" {
role = aws_iam_role.instance_profile.name
policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}
resource "aws_iam_instance_profile" "instance" {
name = "nixos"
role = aws_iam_role.instance_profile.name
}

95
hosts-old/x86_64-linux/arrow/aws/image.tf
View File

@ -1,95 +0,0 @@
# locals {
# image_file = one(fileset(path.root, "../../../result/nixos-amazon-image-*.vhd"))
# }
#
# # Upload image to S3
# resource "aws_s3_object" "image" {
# bucket = var.images_bucket
# key = basename(local.image_file)
# source = local.image_file
# etag = filemd5(local.image_file)
# }
# Use existing image in S3
data "aws_s3_object" "image" {
bucket = var.images_bucket
key = "arrow.vhd"
}
resource "terraform_data" "image_replacement" {
input = data.aws_s3_object.image.etag
}
# Setup IAM access for the VM Importer
data "aws_iam_policy_document" "vmimport_trust_policy" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["vmie.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "vmimport" {
statement {
actions = [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
]
resources = [
"arn:aws:s3:::${data.aws_s3_object.image.bucket}",
"arn:aws:s3:::${data.aws_s3_object.image.bucket}/*",
]
}
statement {
actions = [
"ec2:ModifySnapshotAttribute",
"ec2:CopySnapshot",
"ec2:RegisterImage",
"ec2:Describe*",
]
resources = ["*"]
}
}
resource "aws_iam_role" "vmimport" {
name = "vmimport"
assume_role_policy = data.aws_iam_policy_document.vmimport_trust_policy.json
inline_policy {
name = "vmimport"
policy = data.aws_iam_policy_document.vmimport.json
}
}
# Import to EBS
resource "aws_ebs_snapshot_import" "image" {
disk_container {
format = "VHD"
user_bucket {
s3_bucket = data.aws_s3_object.image.bucket
s3_key = data.aws_s3_object.image.key
}
}
role_name = aws_iam_role.vmimport.name
lifecycle {
replace_triggered_by = [terraform_data.image_replacement]
}
}
# Convert to AMI
resource "aws_ami" "image" {
description = "Created with NixOS."
name = replace(basename(data.aws_s3_object.image.key), "/\\.vhd$/", "")
virtualization_type = "hvm"
root_device_name = "/dev/xvda"
ena_support = true
ebs_block_device {
device_name = "/dev/xvda"
snapshot_id = aws_ebs_snapshot_import.image.id
volume_size = 17
}
}

13
hosts-old/x86_64-linux/arrow/aws/main.tf
View File

@ -1,13 +0,0 @@
terraform {
backend "s3" {
region = "us-east-1"
dynamodb_table = "terraform-state-lock"
}
required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.42.0"
}
}
}

3
hosts-old/x86_64-linux/arrow/aws/outputs.tf
View File

@ -1,3 +0,0 @@
output "host_ip" {
value = aws_instance.instance.public_ip
}

10
hosts-old/x86_64-linux/arrow/aws/variables.tf
View File

@ -1,10 +0,0 @@
variable "ec2_size" {
type = string
description = "Size of instance to launch"
default = "t3a.small" # 2 GB RAM ($14/mo)
}
variable "images_bucket" {
description = "Name of the bucket in which to store the NixOS VM images."
type = string
}

41
hosts-old/x86_64-linux/arrow/default.nix
View File

@ -1,41 +0,0 @@
# The Arrow
# System configuration for temporary VM
{
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = import ./modules.nix { inherit inputs globals overlays; } ++ [
{
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
virtualisation.vmVariant = {
virtualisation.forwardPorts = [
{
from = "host";
host.port = 2222;
guest.port = 22;
}
];
};
}
];
}

32
hosts-old/x86_64-linux/arrow/modules.nix
View File

@ -1,32 +0,0 @@
{
inputs,
globals,
overlays,
}:
[
globals
inputs.home-manager.nixosModules.home-manager
{
nixpkgs.overlays = overlays;
networking.hostName = "arrow";
physical = false;
server = true;
gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark;
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw deploy"
];
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
cloudflare.enable = true;
services.openssh.enable = true;
services.caddy.enable = true;
services.n8n.enable = true;
# nix-index seems to eat up too much memory for Vultr
home-manager.users.${globals.user}.programs.nix-index.enable = inputs.nixpkgs.lib.mkForce false;
}
../../modules/common
../../modules/nixos
]

78
hosts-old/x86_64-linux/arrow/vultr/main.tf
View File

@ -1,78 +0,0 @@
terraform {
backend "s3" {
bucket = "noahmasur-terraform"
key = "arrow.tfstate"
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
skip_s3_checksum = true
use_path_style = true
/*
ENVIRONMENT VARIABLES
---------------------
AWS_ACCESS_KEY_ID - R2 token
AWS_SECRET_ACCESS_KEY - R2 secret
AWS_ENDPOINT_URL_S3 - R2 location: https://ACCOUNT_ID.r2.cloudflarestorage.com
*/
}
required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.42.0"
}
vultr = {
source = "vultr/vultr"
version = "2.19.0"
}
}
}
variable "vultr_api_key" {
type = string
description = "API key for Vultr management"
sensitive = true
}
# https://api.vultr.com/v2/plans
variable "vultr_plan" {
type = string
description = "Size of instance to launch"
default = "vc2-1c-2gb" # 55 GB SSD ($10/mo)
}
provider "aws" {
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
}
provider "vultr" {
api_key = var.vultr_api_key
}
resource "vultr_iso_private" "image" {
# url = "https://${var.cloudflare_account_id}.r2.cloudflarestorage.com/${data.aws_s3_bucket.images.id}/${aws_s3_object.image.key}"
url = "https://arrow-images.masu.rs/arrow.iso"
}
resource "vultr_instance" "arrow" {
plan = var.vultr_plan
region = "ewr"
iso_id = vultr_iso_private.image.id
label = "arrow"
tags = ["arrow"]
enable_ipv6 = false
disable_public_ipv4 = false
backups = "disabled"
ddos_protection = false
activation_email = false
}
output "host_ip" {
value = vultr_instance.arrow.main_ip
}

22
hosts-old/x86_64-linux/default.nix
View File

@ -1,22 +0,0 @@
# Return a list of all NixOS hosts
{ nixpkgs, ... }:
let
inherit (nixpkgs) lib;
in
lib.pipe (lib.filesystem.listFilesRecursive ./.) [
# Get only files ending in default.nix
(builtins.filter (name: lib.hasSuffix "default.nix" name))
# Remove this file
(builtins.filter (name: name != ./default.nix))
# Import each host function
map
(file: {
name = builtins.baseNameOf (builtins.dirOf file);
value = import file;
})
# Convert to an attrset of hostname -> host function
(builtins.listToAttrs)
]

51
hosts-old/x86_64-linux/hydra/default.nix
View File

@ -1,51 +0,0 @@
# The Hydra
# System configuration for WSL
# See [readme](../README.md) to explain how this file works.
{
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
../../modules/common
../../modules/nixos
../../modules/wsl
globals
inputs.wsl.nixosModules.wsl
inputs.home-manager.nixosModules.home-manager
{
networking.hostName = "hydra";
nixpkgs.overlays = overlays;
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = false;
theme = {
colors = (import ../../colorscheme/gruvbox).dark;
dark = true;
};
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
wsl = {
enable = true;
wslConf.automount.root = "/mnt";
defaultUser = globals.user;
startMenuLaunchers = true;
nativeSystemd = true;
wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN
interop.includePath = false; # Including Windows PATH will slow down Neovim command mode
};
neovim.enable = true;
mail.enable = true;
mail.aerc.enable = true;
mail.himalaya.enable = true;
dotfiles.enable = true;
lua.enable = true;
}
];
}

53
hosts-old/x86_64-linux/staff/default.nix
View File

@ -1,53 +0,0 @@
# The Staff
# ISO configuration for my USB drive
{
inputs,
system,
overlays,
...
}:
inputs.nixos-generators.nixosGenerate {
inherit system;
format = "install-iso";
modules = [
{
nixpkgs.overlays = overlays;
networking.hostName = "staff";
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
];
services.openssh = {
enable = true;
ports = [ 22 ];
allowSFTP = true;
settings = {
GatewayPorts = "no";
X11Forwarding = false;
PasswordAuthentication = false;
PermitRootLogin = "yes";
};
};
environment.systemPackages =
let
pkgs = import inputs.nixpkgs { inherit system overlays; };
in
with pkgs;
[
git
vim
wget
curl
(import ../../modules/common/neovim/package {
inherit pkgs;
colors = (import ../../colorscheme/gruvbox).dark;
})
];
nix.extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
}
];
}

85
hosts/common.nix Normal file
View File

@ -0,0 +1,85 @@
{ config, lib, pkgs, ... }: {
imports =
[ ../modules/shell ../modules/neovim ../modules/repositories/dotfiles.nix ];
options = with lib; {
user = mkOption {
type = types.str;
description = "Primary user of the system";
};
fullName = lib.mkOption {
type = lib.types.str;
description = "Human readable name of the user";
};
userDirs = {
# Required to prevent infinite recursion when referenced by himalaya
download = lib.mkOption {
type = lib.types.str;
description = "XDG directory for downloads";
default =
if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads";
};
};
gui = {
enable = mkEnableOption {
description = "Enable graphics";
default = false;
};
};
colorscheme = mkOption {
type = types.attrs;
description = "Base16 color scheme";
};
homePath = mkOption {
type = types.path;
description = "Path of user's home directory.";
default = builtins.toPath (if pkgs.stdenv.isDarwin then
"/Users/${config.user}"
else
"/home/${config.user}");
};
dotfilesPath = mkOption {
type = types.path;
description = "Path of dotfiles repository.";
default = config.homePath + "/dev/personal/dotfiles";
};
dotfilesRepo = mkOption {
type = types.str;
description = "Link to dotfiles repository.";
};
unfreePackages = mkOption {
type = types.listOf types.str;
description = "List of unfree packages to allow.";
default = [ ];
};
};
config = let stateVersion = "22.11";
in {
# Enable features in Nix commands
nix.extraOptions = "experimental-features = nix-command flakes";
# Basic common system packages for all devices
environment.systemPackages = with pkgs; [ git vim wget curl ];
# Use the system-level nixpkgs instead of Home Manager's
home-manager.useGlobalPkgs = true;
# Install packages to /etc/profiles instead of ~/.nix-profile, useful when
# using multiple profiles for one user
home-manager.useUserPackages = true;
# Allow specified unfree packages (identified elsewhere)
# Retrieves package object based on string name
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) config.unfreePackages;
# Pin a state version to prevent warnings
home-manager.users.${config.user}.home.stateVersion = stateVersion;
home-manager.users.root.home.stateVersion = stateVersion;
};
}

44
hosts/desktop/default.nix Normal file
View File

@ -0,0 +1,44 @@
{ nixpkgs, home-manager, nur, globals, wallpapers, ... }:
# System configuration for my desktop
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
globals
home-manager.nixosModules.home-manager
{
networking.hostName = "desktop";
nixpkgs.overlays = [ nur.overlay ];
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
gaming.steam = true;
gaming.leagueoflegends = true;
gaming.legendary = true;
gui = {
enable = true;
compositor.enable = true;
wallpaper = "${wallpapers}/gruvbox/road.jpg";
gtk.theme = { name = "Adwaita-dark"; };
};
colorscheme = (import ../../modules/colorscheme/gruvbox);
passwordHash =
"$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
}
./hardware-configuration.nix
../common.nix
../../modules/hardware
../../modules/nixos
../../modules/graphical
../../modules/gaming
../../modules/applications
../../modules/mail/himalaya.nix
../../modules/repositories/notes.nix
../../modules/services/keybase.nix
../../modules/services/gnupg.nix
../../modules/services/mullvad.nix
../../modules/programming/nix.nix
../../modules/programming/haskell.nix
];
}

30
hosts/desktop/hardware-configuration.nix Normal file
View File

@ -0,0 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
swapDevices = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

34
hosts/macbook/default.nix Normal file
View File

@ -0,0 +1,34 @@
{ nixpkgs, darwin, home-manager, nur, globals, ... }:
# System configuration for my work MacBook
darwin.lib.darwinSystem {
system = "x86_64-darwin";
specialArgs = { };
modules = [
(globals // {
user = "Noah.Masur";
gitName = "Noah-Masur_1701";
gitEmail = "Noah.Masur@take2games.com";
})
home-manager.darwinModules.home-manager
{
gui.enable = true;
colorscheme = (import ../../modules/colorscheme/gruvbox);
mailUser = globals.user;
nixpkgs.overlays = [ nur.overlay ];
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
}
../common.nix
../../modules/darwin
../../modules/applications/alacritty.nix
../../modules/applications/discord.nix
../../modules/mail/himalaya.nix
../../modules/repositories/notes.nix
../../modules/programming/nix.nix
../../modules/programming/terraform.nix
../../modules/programming/python.nix
../../modules/programming/lua.nix
../../modules/programming/kubernetes.nix
];
}

20
hosts/server/default.nix Normal file
View File

@ -0,0 +1,20 @@
{ nixpkgs, home-manager, globals, ... }:
# System configuration for a generic server
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
globals
home-manager.nixosModules.home-manager
{
networking.hostName = "sheep";
gui.enable = false;
colorscheme = (import ../../modules/colorscheme/gruvbox);
passwordHash =
"$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
}
../common.nix
../../modules/nixos
];
}

37
hosts/wsl/default.nix Normal file
View File

@ -0,0 +1,37 @@
{ nixpkgs, wsl, home-manager, globals, ... }:
# System configuration for WSL
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { };
modules = [
globals
wsl.nixosModules.wsl
home-manager.nixosModules.home-manager
{
networking.hostName = "wsl";
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
gui.enable = false;
colorscheme = (import ../../modules/colorscheme/gruvbox);
passwordHash =
"$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.";
wsl = {
enable = true;
automountPath = "/mnt";
defaultUser = globals.user;
startMenuLaunchers = true;
wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN
interop.includePath =
false; # Including Windows PATH will slow down Neovim command mode
};
}
../common.nix
../../modules/wsl
../../modules/nixos
../../modules/mail/himalaya.nix
../../modules/repositories/notes.nix
../../modules/programming/nix.nix
../../modules/programming/lua.nix
];
}

4
legacy/bin/biggest Executable file
View File

@ -0,0 +1,4 @@
#!/usr/local/bin/nu
ls | sort-by size | reverse | keep 10

3
legacy/bin/biggest-files Executable file
View File

@ -0,0 +1,3 @@
#!/usr/local/bin/nu
ls **/* | where type == File | sort-by size | reverse | keep 10

2
pkgs/tools/misc/docker-cleanup/docker-cleanup.sh → legacy/bin/docker_cleanup
View File

@ -17,7 +17,7 @@ else
fi fi
# Remove all untagged images # Remove all untagged images
if docker images | grep -q "^<none>"; then if [[ $(docker images | grep "^<none>") ]]; then
docker rmi "$(docker images | grep "^<none>" | awk '{print $3}')" docker rmi "$(docker images | grep "^<none>" | awk '{print $3}')"
else else
echo "No untagged docker images." echo "No untagged docker images."

37
legacy/bin/jira-checkout Executable file
View File

@ -0,0 +1,37 @@
#!/bin/sh
# Adapted from: https://seb.jambor.dev/posts/improving-shell-workflows-with-fzf/
# Requires the following variables to be set:
# - ATLASSIAN_EMAIL
# - ATLASSIAN_API_TOKEN
# - JIRA_HOSTNAME
# - JIRA_PROJECT
choose_issue() {
jq_template='"\(.key): \(.fields.summary)"'
query="project=$JIRA_PROJECT AND status not in (\"Done\") AND assignee=currentUser()"
branch_name=$(
curl \
--data-urlencode "jql=$query" \
--get \
--user "$ATLASSIAN_EMAIL:$ATLASSIAN_API_TOKEN" \
--silent \
--compressed \
"https://$JIRA_HOSTNAME/rest/api/2/search" |
jq ".issues[] | $jq_template" |
sed -e 's/"\(.*\)"/\1/' |
fzf \
--preview='jira-details {1}' \
--preview-window=top:wrap |
sed -e 's/: /:/' -e 's/[^a-zA-Z0-9:]/-/g' |
awk -F ":" '{printf "%s/%s", $1, tolower($2)}'
)
echo "$branch_name"
}
issue_branch=$(choose_issue)
if [ -n "$issue_branch" ]; then
echo "git checkout -b \"$issue_branch\""
fi

38
legacy/bin/jira-details Executable file
View File

@ -0,0 +1,38 @@
#!/bin/sh
# Adapted from: https://seb.jambor.dev/posts/improving-shell-workflows-with-fzf/
# Requires the following variables to be set:
# - ATLASSIAN_EMAIL
# - ATLASSIAN_API_TOKEN
# - JIRA_HOSTNAME
# - JIRA_PROJECT (for other script)
issue_details() {
jira_key=$(echo "$1" | cut -d":" -f1)
jq_template='"'\
'# \(.key): \(.fields.summary)\n'\
'\n'\
'*Created*: \(.fields.created)\n'\
'*Status*: \(.fields.status.statusCategory.name)\n'\
'*Reporter*: \(.fields.reporter.displayName)\n'\
'*Priority*: \(.fields.priority.name)\n'\
"*Epic*: https://$JIRA_HOSTNAME/browse/\(.fields.customfield_10014)\n"\
'\n'\
'## Link\n\n'\
"https://$JIRA_HOSTNAME/browse/\(.key)\n"\
'\n'\
'## Description\n\n'\
'\(.fields.description)'\
'"'
curl \
--get \
--user "$ATLASSIAN_EMAIL:$ATLASSIAN_API_TOKEN" \
--silent \
--compressed \
"https://$JIRA_HOSTNAME/rest/api/2/issue/$jira_key" |
jq "$jq_template" |
xargs printf |
bat -l md --color always --style plain
}
issue_details "$1"

14
legacy/bin/kube-dashboard Executable file
View File

@ -0,0 +1,14 @@
#!/bin/sh
kubectl -n kube-system get secret "$(
kubectl -n kube-system get secret |
grep dashboard-admin |
awk '{print $1}'
)" -o json |
jq -j --raw-output '.data.token' |
base64 --decode |
pbcopy
open http://localhost:8001/api/v1/namespaces/default/services/https:kubernetes-dashboard:https/proxy/#!/login
kubectl proxy

3
legacy/bin/newest Executable file
View File

@ -0,0 +1,3 @@
#!/usr/local/bin/nu
ls | sort-by modified | reverse | keep 5

3
legacy/bin/oldest Executable file
View File

@ -0,0 +1,3 @@
#!/usr/local/bin/nu
ls | sort-by modified | keep 5

16
legacy/bin/pod Executable file
View File

@ -0,0 +1,16 @@
#!/usr/bin/env bash
# Credit: https://github.com/junegunn/fzf/blob/master/ADVANCED.md
read -ra tokens < <(
kubectl get pods --all-namespaces |
fzf --info=inline --layout=reverse --header-lines=1 --border \
--prompt "$(kubectl config current-context | sed 's/-context$//')> " \
--header $'Press CTRL-O to open log in editor\n\n' \
--bind ctrl-/:toggle-preview \
--bind "ctrl-o:execute:${EDITOR:-vim} <(kubectl logs --namespace {1} {2}) > /dev/tty" \
--preview-window up,follow \
--preview 'kubectl logs --follow --tail=100000 --namespace {1} {2}' "$@"
)
[ ${#tokens} -gt 1 ] &&
kubectl exec -it --namespace "${tokens[0]}" "${tokens[1]}" -- /bin/sh

3
legacy/bin/symlinks Executable file
View File

@ -0,0 +1,3 @@
#!/usr/local/bin/nu
ls -al | where type == Symlink | select name target

5
legacy/bin/url-decode Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
function urldecode() { : "${*//+/ }"; echo -e "${_//%/\\x}"; }
urldecode "$@"

28
legacy/newsboat/com.noah.newsboat.plist Normal file
View File

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.noah.newsboat</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/newsboat -x reload</string>
</array>
<key>Nice</key>
<integer>1</integer>
<key>StartInterval</key>
<integer>1800</integer>
<key>RunAtLoad</key>
<false/>
<key>StandardErrorPath</key>
<string>/tmp/newsboat.err</string>
<key>StandardOutPath</key>
<string>/tmp/newsboat.out</string>
</dict>
</plist>

40
legacy/newsboat/config Normal file
View File

@ -0,0 +1,40 @@
browser "$BROWSER %u"
prepopulate-query-feeds yes
feed-sort-order lastupdated
reload-only-visible-feeds yes
text-width 72
bind-key j down
bind-key k up
bind-key j next articlelist
bind-key k prev articlelist
bind-key G end
bind-key g home
bind-key d pagedown
bind-key u pageup
bind-key n next-unread
bind-key p prev-unread
bind-key ; macro-prefix
bind-key B bookmark
bind-key f edit-flags
macro v set browser "mpv %u"; open-in-browser; set browser "$BROWSER %u"
macro p set browser "echo %u"; one; set browser "$BROWSER %u"
macro H set browser "clx view $(echo %u | cut -d '=' -f2)"; one; set browser "$BROWSER %u"
macro h set browser "clx view $(echo %u | cut -d '=' -f2)"; two; set browser "$BROWSER %u"
macro w set browser "w3m -o confirm_qq=false %u"; open-in-browser; set browser "$BROWSER %u"
macro r set browser "url-markdown %u | glow -p -w 72 -"; open-in-browser; set browser "$BROWSER %u"
macro d set browser "youtube-dl -o ~/Downloads/%(title)s.%(ext)s %u &"; open-in-browser-noninteractively; set browser "$BROWSER %u"
macro n set-tag News; reload-all
macro a set-tag All
macro e set-tag Reddit; reload-all
macro y set-tag YouTube; reload-all
bookmark-cmd "bookmark"
highlight article "^(Feed|Title|Author|Link|Date):.*" color243 default
highlight article "^(Links):.*" color243 default
highlight article "^(\\[[0-9]+\\]):.*" color243 default
highlight article "^(\\[[0-9]+\\])" color243 default
highlight article "^\\[.*\\]$" color243 default
highlight article "^(Title:).*" color249 default

137
legacy/nix-env.fish Normal file
View File

@ -0,0 +1,137 @@
# Setup Nix
# We need to distinguish between single-user and multi-user installs.
# This is difficult because there's no official way to do this.
# We could look for the presence of /nix/var/nix/daemon-socket/socket but this will fail if the
# daemon hasn't started yet. /nix/var/nix/daemon-socket will exist if the daemon has ever run, but
# I don't think there's any protection against accidentally running `nix-daemon` as a user.
# We also can't just look for /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh because
# older single-user installs used the default profile instead of a per-user profile.
# We can still check for it first, because all multi-user installs should have it, and so if it's
# not present that's a pretty big indicator that this is a single-user install. If it does exist,
# we still need to verify the install type. To that end we'll look for a root owner and sticky bit
# on /nix/store. Multi-user installs set both, single-user installs don't. It's certainly possible
# someone could do a single-user install as root and then manually set the sticky bit but that
# would be extremely unusual.
set -l nix_profile_path /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
set -l single_user_profile_path ~/.nix-profile/etc/profile.d/nix.sh
if test -e $nix_profile_path
# The path exists. Double-check that this is a multi-user install.
# We can't just check for ~/.nix-profile/… because this may be a single-user install running as
# the wrong user.
# stat is not portable. Splitting the output of ls -nd is reliable on most platforms.
set -l owner (string split -n ' ' (command ls -nd /nix/store 2>/dev/null))[3]
if not test -k /nix/store -a $owner -eq 0
# /nix/store is either not owned by root or not sticky. Assume single-user.
set nix_profile_path $single_user_profile_path
end
else
# The path doesn't exist. Assume single-user
set nix_profile_path $single_user_profile_path
end
if test -e $nix_profile_path
# Source the nix setup script
# We're going to run the regular Nix profile under bash and then print out a few variables
for line in (command env -u BASH_ENV bash -c '. "$0"; for name in PATH "${!NIX_@}"; do printf "%s=%s\0" "$name" "${!name}"; done' $nix_profile_path | string split0)
set -xg (string split -m 1 = $line)
end
# Insert Nix's fish share directories into fish's special variables.
# nixpkgs-installed fish tries to set these up already if NIX_PROFILES is defined, which won't
# be the case when sourcing $__fish_data_dir/share/config.fish normally, but might be for a
# recursive invocation. To guard against that, we'll only insert paths that don't already exit.
# Furthermore, for the vendor_conf.d sourcing, we'll use the pre-existing presence of a path in
# $fish_function_path to determine whether we want to source the relevant vendor_conf.d folder.
# To start, let's locally define NIX_PROFILES if it doesn't already exist.
set -al NIX_PROFILES
if test (count $NIX_PROFILES) -eq 0
set -a NIX_PROFILES $HOME/.nix-profile
end
# Replicate the logic from nixpkgs version of $__fish_data_dir/__fish_build_paths.fish.
set -l __nix_profile_paths (string split ' ' -- $NIX_PROFILES)[-1..1]
set -l __extra_completionsdir \
$__nix_profile_paths/etc/fish/completions \
$__nix_profile_paths/share/fish/vendor_completions.d
set -l __extra_functionsdir \
$__nix_profile_paths/etc/fish/functions \
$__nix_profile_paths/share/fish/vendor_functions.d
set -l __extra_confdir \
$__nix_profile_paths/etc/fish/conf.d \
$__nix_profile_paths/share/fish/vendor_conf.d
### Configure fish_function_path ###
# Remove any of our extra paths that may already exist.
# Record the equivalent __extra_confdir path for any function path that exists.
set -l existing_conf_paths
for path in $__extra_functionsdir
if set -l idx (contains --index -- $path $fish_function_path)
set -e fish_function_path[$idx]
set -a existing_conf_paths $__extra_confdir[(contains --index -- $path $__extra_functionsdir)]
end
end
# Insert the paths before $__fish_data_dir.
if set -l idx (contains --index -- $__fish_data_dir/functions $fish_function_path)
# Fish has no way to simply insert into the middle of an array.
set -l new_path $fish_function_path[1..$idx]
set -e new_path[$idx]
set -a new_path $__extra_functionsdir
set fish_function_path $new_path $fish_function_path[$idx..-1]
else
set -a fish_function_path $__extra_functionsdir
end
### Configure fish_complete_path ###
# Remove any of our extra paths that may already exist.
for path in $__extra_completionsdir
if set -l idx (contains --index -- $path $fish_complete_path)
set -e fish_complete_path[$idx]
end
end
# Insert the paths before $__fish_data_dir.
if set -l idx (contains --index -- $__fish_data_dir/completions $fish_complete_path)
set -l new_path $fish_complete_path[1..$idx]
set -e new_path[$idx]
set -a new_path $__extra_completionsdir
set fish_complete_path $new_path $fish_complete_path[$idx..-1]
else
set -a fish_complete_path $__extra_completionsdir
end
### Source conf directories ###
# The built-in directories were already sourced during shell initialization.
# Any __extra_confdir that came from $__fish_data_dir/__fish_build_paths.fish was also sourced.
# As explained above, we're using the presence of pre-existing paths in $fish_function_path as a
# signal that the corresponding conf dir has also already been sourced.
# In order to simulate this, we'll run through the same algorithm as found in
# $__fish_data_dir/config.fish except we'll avoid sourcing the file if it comes from an
# already-sourced location.
# Caveats:
# * Files will be sourced in a different order than we'd ideally do (because we're coming in
# after the fact to source them).
# * If there are existing extra conf paths, files in them may have been sourced that should have
# been suppressed by paths we're inserting in front.
# * Similarly any files in $__fish_data_dir/vendor_conf.d that should have been suppressed won't
# have been.
set -l sourcelist
for file in $__fish_config_dir/conf.d/*.fish $__fish_sysconf_dir/conf.d/*.fish
# We know these paths were sourced already. Just record them.
set -l basename (string replace -r '^.*/' '' -- $file)
contains -- $basename $sourcelist
or set -a sourcelist $basename
end
for root in $__extra_confdir
for file in $root/*.fish
set -l basename (string replace -r '^.*/' '' -- $file)
contains -- $basename $sourcelist
and continue
set -a sourcelist $basename
contains -- $root $existing_conf_paths
and continue # this is a pre-existing path, it will have been sourced already
[ -f $file -a -r $file ]
and source $file
end
end
end

168
legacy/scripts/configure_macos Executable file
View File

@ -0,0 +1,168 @@
#!/bin/sh
echo "Enable full keyboard access for all controls (e.g. enable Tab in modal dialogs)"
defaults write NSGlobalDomain AppleKeyboardUIMode -int 3
echo "Automatically show and hide the dock"
defaults write com.apple.dock autohide -bool true
echo "Automatically show and hide the menu bar"
defaults write NSGlobalDomain _HIHideMenuBar -bool true
echo "Make Dock icons of hidden applications translucent"
defaults write com.apple.dock showhidden -bool true
echo "Use current directory as default search scope in Finder"
defaults write com.apple.finder FXDefaultSearchScope -string "SCcf"
echo "Expand save panel by default"
defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode -bool true
echo "Expand print panel by default"
defaults write NSGlobalDomain PMPrintingExpandedStateForPrint -bool true
echo "Disable the \"Are you sure you want to open this application?\" dialog"
defaults write com.apple.LaunchServices LSQuarantine -bool false
echo "Enable highlight hover effect for the grid view of a stack (Dock)"
defaults write com.apple.dock mouse-over-hilte-stack -bool true
echo "Enable spring loading for all Dock items"
defaults write enable-spring-load-actions-on-all-items -bool true
echo "Disable press-and-hold for keys in favor of key repeat"
defaults write NSGlobalDomain ApplePressAndHoldEnabled -bool false
defaults write -g ApplePressAndHoldEnabled -bool false
echo "Set a blazingly fast keyboard repeat rate"
defaults write NSGlobalDomain KeyRepeat -int 2
echo "Set a shorter Delay until key repeat"
defaults write NSGlobalDomain InitialKeyRepeat -int 12
echo "Disable disk image verification"
defaults write com.apple.frameworks.diskimages skip-verify -bool true
defaults write com.apple.frameworks.diskimages skip-verify-locked -bool true
defaults write com.apple.frameworks.diskimages skip-verify-remote -bool true
echo "Avoid creating .DS_Store files on network volumes"
defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true
echo "Disable the warning when changing a file extension"
defaults write com.apple.finder FXEnableExtensionChangeWarning -bool false
# echo "Enable snap-to-grid for desktop icons"
# /usr/libexec/PlistBuddy -c "Set :DesktopViewSettings:IconViewSettings:arrangeBy grid" ~/Library/Preferences/com.apple.finder.plist
echo "Disable the warning before emptying the Trash"
defaults write com.apple.finder WarnOnEmptyTrash -bool false
echo "Disable tap to click (Trackpad)"
defaults write com.apple.driver.AppleBluetoothMultitouch.trackpad Clicking -bool false
echo "Enable Safaris debug menu"
defaults write com.apple.Safari IncludeInternalDebugMenu -bool true
echo "Make Safaris search banners default to Contains instead of Starts With"
defaults write com.apple.Safari FindOnPageMatchesWordStartsOnly -bool false
echo "Add a context menu item for showing the Web Inspector in web views"
defaults write NSGlobalDomain WebKitDeveloperExtras -bool true
echo "Save to disk (not to iCloud) by default"
defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false
echo "Disable automatic capitalization as its annoying when typing code"
defaults write NSGlobalDomain NSAutomaticCapitalizationEnabled -bool false
echo "Disable smart dashes as theyre annoying when typing code"
defaults write NSGlobalDomain NSAutomaticDashSubstitutionEnabled -bool false
echo "Disable automatic period substitution as its annoying when typing code"
defaults write NSGlobalDomain NSAutomaticPeriodSubstitutionEnabled -bool false
echo "Disable smart quotes as theyre annoying when typing code"
defaults write NSGlobalDomain NSAutomaticQuoteSubstitutionEnabled -bool false
echo "Disable auto-correct"
defaults write NSGlobalDomain NSAutomaticSpellingCorrectionEnabled -bool false
echo "Use scroll gesture with the Ctrl (^) modifier key to zoom"
defaults write com.apple.universalaccess closeViewScrollWheelToggle -bool true
defaults write com.apple.universalaccess HIDScrollZoomModifierMask -int 262144
echo "Follow the keyboard focus while zoomed in"
defaults write com.apple.universalaccess closeViewZoomFollowsFocus -bool true
echo "Require password immediately after sleep or screen saver begins"
defaults write com.apple.screensaver askForPassword -int 1
defaults write com.apple.screensaver askForPasswordDelay -int 0
echo "Save screenshots to downloads"
defaults write com.apple.screencapture location -string "${HOME}/Downloads"
echo "Finder: allow quitting via ⌘ + Q; doing so will also hide desktop icons"
defaults write com.apple.finder QuitMenuItem -bool true
echo "Show the ~/Library folder"
chflags nohidden ~/Library && xattr -d com.apple.FinderInfo ~/Library
# Noah Prefs
echo "Enable dock magnification"
defaults write com.apple.dock magnification -bool true
echo "Set dock size"
defaults write com.apple.dock largesize -int 48
defaults write com.apple.dock tilesize -int 44
echo "Choose and order dock icons"
__dock_item() {
printf '%s%s%s%s%s' \
'<dict><key>tile-data</key><dict><key>file-data</key><dict>' \
'<key>_CFURLString</key><string>' \
"$1" \
'</string><key>_CFURLStringType</key><integer>0</integer>' \
'</dict></dict></dict>'
}
defaults write com.apple.dock persistent-apps -array \
"$(__dock_item /Applications/1Password\ 7.app)" \
"$(__dock_item /Applications/Slack.app)" \
"$(__dock_item /System/Applications/Calendar.app)" \
"$(__dock_item /Applications/Firefox.app)" \
"$(__dock_item /System/Applications/Messages.app)" \
"$(__dock_item /System/Applications/Mail.app)" \
"$(__dock_item /Applications/Mimestream.app)" \
"$(__dock_item /Applications/zoom.us.app)" \
"$(__dock_item /Applications/Obsidian.app)" \
"$(__dock_item /Applications/Alacritty.app)" \
"$(__dock_item /System/Applications/System\ Preferences.app)"
echo "No recent items in dock"
defaults write com.apple.dock show-recents -bool FALSE
echo "Switch to dark mode"
defaults write "Apple Global Domain" "AppleInterfaceStyle" "Dark"
echo "Turn on Scroll Reverser"
open /Applications/Scroll\ Reverser.app
osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/Scroll Reverser.app", hidden:false}'
echo "Allow apps from anywhere"
SPCTL=$(spctl --status)
if ! [ "$SPCTL" = "assessments disabled" ]
then
sudo spctl --master-disable
fi
# ---
echo "Reset Launchpad"
# [ -e ~/Library/Application\ Support/Dock/*.db ] && rm ~/Library/Application\ Support/Dock/*.db
rm ~/Library/Application\ Support/Dock/*.db
echo "Show the ~/Library folder"
chflags nohidden ~/Library
# Clean up
echo "Kill affected applications"
for app in Safari Finder Dock Mail SystemUIServer; do killall "$app" >/dev/null 2>&1; done

5
legacy/scripts/npm Executable file
View File

@ -0,0 +1,5 @@
#!/bin/sh
npm update -g
npm install -g pyright
npm install -g diagnostic-languageserver

48
legacy/scripts/rust Executable file
View File

@ -0,0 +1,48 @@
#!/bin/sh
install_rust() {
if ! (which ~/.cargo/bin/rustup > /dev/null)
then
echo "installing rustup"
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
fi
echo "rustup ✓"
}
update_rust() {
~/.cargo/bin/rustup update > /dev/null 2>&1
rust_version=$(~/.cargo/bin/rustc --version | awk '{print $2}')
echo "latest rust: $rust_version ✓"
}
download_rust_analyzer() {
if ! (which rust-analyzer > /dev/null)
then
echo "downloading rust analyzer"
rust_analyzer_bin=/usr/local/bin/rust-analyzer
curl -s -L https://github.com/rust-analyzer/rust-analyzer/releases/latest/download/rust-analyzer-mac -o $rust_analyzer_bin
chmod +x $rust_analyzer_bin
fi
echo "rust-analyzer ✓"
}
# cargo-edit: quickly add and remove packages
# whatfeatures: see optional features for a package
install_cargos() {
set -- \
'cargo-edit' \
'cargo-whatfeatures'
for program do
cargo install "$program"
done
echo "cargos ✓"
}
install_rust
update_rust
download_rust_analyzer
install_cargos

6
legacy/scripts/setup_cheatsheet Executable file
View File

@ -0,0 +1,6 @@
#!/bin/sh
echo "downloading cheatsheet"
curl https://cht.sh/:cht.sh > ~/.local/bin/cheat
chmod 755 ~/.local/bin/cheat
echo "cheatsheet ✓"

46
legacy/scripts/setup_fish Executable file
View File

@ -0,0 +1,46 @@
#!/usr/bin/env fish
set -U FISH_DIR (readlink ~/.config/fish) # Used for getting to this repo
set -Ux DOTS (dirname $FISH_DIR) # Directory of this config repo
set -U CDPATH . $HOME # Directories available for immediate cd
set -Ux EDITOR nvim # Preferred text editor
set -U PROJ $HOME/dev/work # Projects directory
set -Ux NOTES_PATH "$HOME/dev/personal/notes" # Notes directory
set -Ux MANPAGER "nvim +Man!" # Used for reading man pages
set -Ux DIRENV_LOG_FORMAT "" # Disable direnv output
set -Ux BROWSER "/Applications/Firefox.app/Contents/MacOS/firefox"
# Load abbreviations
abbrs
# Turn off greeting
set -U fish_greeting ""
# Set colors (Base16 Eighties)
set -U fish_color_normal normal
set -U fish_color_command 99cc99
set -U fish_color_quote ffcc66
set -U fish_color_redirection d3d0c8
set -U fish_color_end cc99cc
set -U fish_color_error f2777a
set -U fish_color_selection white --bold --background=brblack
set -U fish_color_search_match bryellow --background=brblack
set -U fish_color_history_current --bold
set -U fish_color_operator 6699cc
set -U fish_color_escape 66cccc
set -U fish_color_cwd green
set -U fish_color_cwd_root red
set -U fish_color_valid_path --underline
set -U fish_color_autosuggestion 747369
set -U fish_color_user brgreen
set -U fish_color_host normal
set -U fish_color_cancel -r
set -U fish_pager_color_completion normal
set -U fish_pager_color_description B3A06D yellow
set -U fish_pager_color_prefix white --bold --underline
set -U fish_pager_color_progress brwhite --background=cyan
set -U fish_color_comment ffcc66
set -U fish_color_param d3d0c8
set -U fish_color_match 6699cc
echo "fish setup ✓"

7
legacy/scripts/setup_ytfzf Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
echo "downloading ytfzf"
mkdir -p ~/.local/bin
curl -sL "https://raw.githubusercontent.com/pystardust/ytfzf/master/ytfzf" >~/.local/bin/ytfzf
chmod 755 ~/.local/bin/ytfzf
echo "ytfzf ✓"

8
legacy/templates/kubernetes/clusterrole.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name:
rules:
- apiGroups: [""]
resources:
verbs: []

12
legacy/templates/kubernetes/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name:
subjects:
- kind: ServiceAccount
name:
namespace: default

8
legacy/templates/kubernetes/configmap.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: ConfigMap
metadata:
name:
namespace: default
annotations:
replicator.v1.mittwald.de/replicate-to: ".*"
data:

33
legacy/templates/kubernetes/deployment.yaml Normal file
View File

@ -0,0 +1,33 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name:
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app:
template:
metadata:
labels:
app:
spec:
serviceAccountName:
containers:
- name:
image:
imagePullPolicy: Always
envFrom:
- configMapRef:
name:
- secretRef:
name:
ports:
- containerPort:
protocol: TCP
resources:
limits:
cpu:
requests:
cpu:

21
legacy/templates/kubernetes/ingress.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: networking.k8s.io/v1beta1 # must be beta until k8s 1.19
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name:
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/security-groups:
alb.ingress.kubernetes.io/tags: Project=
alb.ingress.kubernetes.io/target-type: instance
name:
namespace:
spec:
rules:
- host:
http:
paths:
- backend:
serviceName:
servicePort:

10
legacy/templates/kubernetes/role.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name:
namespace: default
rules:
- apiGroups: [""]
resourceNames:
resources:
verbs:

13
legacy/templates/kubernetes/rolebinding.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name:
namespace: default
roleRef:
kind:
name:
apiGroup: rbac.authorization.k8s.io
subjects:
- kind:
name:
apiGroup: rbac.authorization.k8s.io

8
legacy/templates/kubernetes/secret.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name:
namespace: default
annotations:
replicator.v1.mittwald.de/replicate-to: ".*"
data:

15
legacy/templates/kubernetes/service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
annotations:
alb.ingress.kubernetes.io/healthcheck-path:
name:
namespace: default
spec:
ports:
- port: 443
protocol: TCP
targetPort: 80
selector:
app:
type: NodePort

5
legacy/templates/kubernetes/serviceaccount.yaml Normal file
View File

@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name:
namespace: default

12
legacy/templates/programs/skeleton.py Normal file
View File

@ -0,0 +1,12 @@
#!/usr/bin/env python
"""
Program
"""
def main():
"""Run the program"""
pass
if __name__ == "__main__":
main()

8
legacy/templates/programs/skeleton.sh Normal file
View File

@ -0,0 +1,8 @@
#!/bin/sh
if [ "$1" = "--help" ] || [ "$1" = "-h" ]; then
cat <<EOH
Help text
EOH
exit
fi

21
misc/README.md
View File

@ -1,21 +0,0 @@
# Miscellaneous
These files contain important data sourced by the configuration, or simply
information to store for safekeeping later.
---
Creating hashed password for [password.sha512](./password.sha512):
```
mkpasswd -m sha-512
```
---
Getting key for [public-keys](./public-keys):
```
ssh-keyscan -t ed25519 <hostname>
```

23
misc/libratbag-profile
View File

@ -1,23 +0,0 @@
Profile 1: (active)
Name: n/a
Report Rate: 1000Hz
Resolutions:
0: 400dpi (active) (default)
1: 800dpi
2: 1600dpi
3: 2400dpi
4: 0dpi
Button: 0 is mapped to 'button 1'
Button: 1 is mapped to 'button 2'
Button: 2 is mapped to 'button 3'
Button: 3 is mapped to 'button 4'
Button: 4 is mapped to 'button 5'
Button: 5 is mapped to macro '↕F11'
Button: 6 is mapped to macro '↕VOLUMEDOWN'
Button: 7 is mapped to macro '↕VOLUMEUP'
Button: 8 is mapped to 'unknown'
Button: 9 is mapped to 'wheel-right'
Button: 10 is mapped to 'wheel-left'
LED: 0, depth: monochrome, mode: on, color: 000000
LED: 1, depth: monochrome, mode: on, color: 000000
LED: 2, depth: monochrome, mode: on, color: 000000

1
misc/password.sha512
View File

@ -1 +0,0 @@
$6$PZYiMGmJIIHAepTM$Wx5EqTQ5GApzXx58nvi8azh16pdxrN6Qrv1wunDlzveOgawitWzcIxuj76X9V868fsPi/NOIEO8yVXqwzS9UF.

7
misc/public-keys
View File

@ -1,7 +0,0 @@
# Scan hosts: ssh-keyscan -t ed25519 <hostnames>
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI flame
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9mwXlZnIALt9SnH3FOZvdgHLM5ZqwYUERXBbM7Rwh6 swan
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3yHivgEXr2ecwe58h9bkhwTYivf3GwL8xenQKMeiUb tempest
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmGHIWBZzRx35/yFgnPJSHN2+35WJ30G9c5tDhPsCrl arrow

9
modules/README.md
View File

@ -1,9 +0,0 @@
# Modules
| Module | Purpose |
| --- | --- |
| [common](./common/default.nix) | User programs and OS-agnostic configuration |
| [darwin](./darwin/default.nix) | macOS-specific configuration |
| [nixos](./nixos/default.nix) | NixOS-specific configuration |
| [wsl](./wsl/default.nix) | WSL-specific configuration |

10
modules/applications/1password.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.gui.enable {
unfreePackages = [ "1password" "_1password-gui" ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ _1password-gui ];
};
};
}

90
modules/applications/alacritty.nix Normal file
View File

@ -0,0 +1,90 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.gui.enable {
home-manager.users.${config.user} = {
xsession.windowManager.i3.config.terminal = "alacritty";
programs.rofi.terminal = "${pkgs.alacritty}/bin/alacritty";
programs.alacritty = {
enable = true;
settings = {
window = {
dimensions = {
columns = 85;
lines = 30;
};
padding = {
x = 20;
y = 20;
};
opacity = 1.0;
};
scrolling.history = 10000;
font = { size = 14.0; };
key_bindings = [
# Used for word completion in fish_user_key_bindings
{
key = "L";
mods = "Control|Shift";
chars = "\\x1F";
}
# Used for searching nixpkgs in fish_user_key_bindings
{
key = "N";
mods = "Control|Shift";
chars = "\\x11F";
}
{
key = "K";
mods = "Control";
mode = "~Vi";
action = "ToggleViMode";
}
{
key = "Return";
mode = "Vi";
action = "ToggleViMode";
}
# Used to enable $ keybind in Vi mode
{
key = 5; # Scancode for key4
mods = "Shift";
mode = "Vi|~Search";
action = "Last";
}
];
colors = {
primary = {
background = config.colorscheme.base00;
foreground = config.colorscheme.base05;
};
cursor = {
text = "#1d2021";
cursor = config.colorscheme.base05;
};
normal = {
black = "#1d2021";
red = config.colorscheme.base08;
green = config.colorscheme.base0B;
yellow = config.colorscheme.base0A;
blue = config.colorscheme.base0D;
magenta = config.colorscheme.base0E;
cyan = config.colorscheme.base0C;
white = config.colorscheme.base05;
};
bright = {
black = config.colorscheme.base03;
red = config.colorscheme.base09;
green = config.colorscheme.base01;
yellow = config.colorscheme.base02;
blue = config.colorscheme.base04;
magenta = config.colorscheme.base06;
cyan = config.colorscheme.base0F;
white = config.colorscheme.base07;
};
};
draw_bold_text_with_bright_colors = false;
};
};
};
};
}

10
modules/applications/calibre.nix Normal file
View File

@ -0,0 +1,10 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.gui.enable {
home-manager.users.${config.user} = {
home.packages = with pkgs; [ calibre ];
# home.sessionVariables = { CALIBRE_USE_DARK_PALETTE = 1; };
};
environment.sessionVariables = { CALIBRE_USE_DARK_PALETTE = "1"; };
};
}

15
modules/applications/default.nix Normal file
View File

@ -0,0 +1,15 @@
{ ... }: {
imports = [
./1password.nix
./alacritty.nix
./calibre.nix
./discord.nix
./firefox.nix
./media.nix
./obsidian.nix
./qbittorrent.nix
./nautilus.nix
];
}

19
modules/applications/discord.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.gui.enable {
unfreePackages = [ "discord" ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ discord ];
xdg.configFile."discord/settings.json".text = ''
{
"BACKGROUND_COLOR": "#202225",
"IS_MAXIMIZED": false,
"IS_MINIMIZED": false,
"OPEN_ON_STARTUP": false,
"MINIMIZE_TO_TRAY": false,
"SKIP_HOST_UPDATE": true
}
'';
};
};
}

121
modules/applications/firefox.nix Normal file
View File

@ -0,0 +1,121 @@
{ config, pkgs, lib, ... }:
{
config = lib.mkIf config.gui.enable {
unfreePackages = [ "onepassword-password-manager" "okta-browser-plugin" ];
home-manager.users.${config.user} = {
programs.firefox = {
enable = true;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
vimium
multi-account-containers
facebook-container
temporary-containers
onepassword-password-manager
okta-browser-plugin
sponsorblock
reddit-enhancement-suite
bypass-paywalls-clean
markdownload
darkreader
snowflake
don-t-fuck-with-paste
i-dont-care-about-cookies
];
profiles.Profile0 = {
id = 0;
name = "default";
isDefault = true;
settings = {
"browser.aboutConfig.showWarning" = false;
"browser.warnOnQuit" = false;
"browser.theme.dark-private-windows" = true;
"browser.toolbars.bookmarks.visibility" = "newtab";
"browser.startup.page" = 3; # Restore previous session
"browser.newtabpage.enabled" = false; # Make new tabs blank
"general.autoScroll" = true; # Drag middle-mouse to scroll
"services.sync.prefs.sync.general.autoScroll" =
false; # Prevent disabling autoscroll
"extensions.pocket.enabled" = false;
"toolkit.legacyUserProfileCustomizations.stylesheets" =
true; # Allow userChrome.css
"layout.css.color-mix.enabled" = true;
};
userChrome = ''
:root {
--focus-outline-color: ${config.colorscheme.base04} !important;
--toolbar-color: ${config.colorscheme.base07} !important;
--tab-min-height: 30px !important;
}
/* Background of tab bar */
.toolbar-items {
background-color: ${config.colorscheme.base00} !important;
}
/* Tabs themselves */
.tabbrowser-tab .tab-stack {
border-radius: 5px 5px 0 0;
overflow: hidden;
background-color: ${config.colorscheme.base00};
color: ${config.colorscheme.base06} !important;
}
.tab-content {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 40%, transparent);
border-radius: 5px 5px 0 0;
background-color: ${config.colorscheme.base00};
color: ${config.colorscheme.base06} !important;
}
.tab-content[selected=true] {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent);
background-color: ${config.colorscheme.base01} !important;
color: ${config.colorscheme.base07} !important;
}
/* Below tab bar */
#nav-bar {
background: ${config.colorscheme.base01} !important;
}
/* URL bar in nav bar */
#urlbar[focused=true] {
color: ${config.colorscheme.base07} !important;
background: ${config.colorscheme.base02} !important;
caret-color: ${config.colorscheme.base05} !important;
}
#urlbar:not([focused=true]) {
color: ${config.colorscheme.base04} !important;
background: ${config.colorscheme.base02} !important;
}
#urlbar ::-moz-selection {
color: ${config.colorscheme.base07} !important;
background: ${config.colorscheme.base02} !important;
}
#urlbar-input-container {
border: 1px solid ${config.colorscheme.base01} !important;
}
#urlbar-background {
background: ${config.colorscheme.base01} !important;
}
/* Text in URL bar */
#urlbar-input, #urlbar-scheme, .searchbar-textbox {
color: ${config.colorscheme.base07} !important;
}
'';
userContent = ''
@-moz-document url-prefix(about:blank) {
* {
background-color:${config.colorscheme.base01} !important;
}
}
'';
extraConfig = "";
};
};
};
};
}

11
modules/applications/media.nix Normal file
View File

@ -0,0 +1,11 @@
{ config, pkgs, lib, ... }: {
config = lib.mkIf config.gui.enable {
home-manager.users.${config.user}.home.packages = with pkgs; [
mpv # Video viewer
sxiv # Image viewer
mupdf # PDF viewer
];
};
}

13
modules/applications/nautilus.nix Normal file
View File

@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }: {
# Install Nautilus file manager
config = lib.mkIf config.gui.enable {
home-manager.users.${config.user} = {
home.packages = with pkgs; [
gnome.nautilus
gnome.sushi # Quick preview with spacebar
];
};
};
}

Some files were not shown because too many files have changed in this diff Show More