noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-06 17:50:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:home-manager-fix
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
..
compare: noah:keyd-2.4.3
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

2 Commits
home-manag ... keyd-2.4.3

Author SHA1 Message Date
Noah Masur
1c9bd21ced set keyd overload tap timeout 
helps prevent escape key from being sent if not tapped
 2023-10-07 08:58:34 -04:00
Noah Masur
14d2cbfdfb attempt to upgrade to keyd 2.4.3 pr 2023-10-07 07:52:47 -04:00
264 changed files with 6281 additions and 10280 deletions
Expand all files Collapse all files

166
.github/workflows/arrow-aws.yml vendored
View File

@ -1,166 +0,0 @@
name: Arrow (AWS)
run-name: Arrow (AWS) - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
env:
TERRAFORM_DIRECTORY: hosts/arrow/aws
DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
ZONE_NAME: masu.rs
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
on:
workflow_dispatch:
inputs:
rebuild:
type: boolean
default: false
action:
type: choice
required: true
default: create
options:
- create
- destroy
- nothing
size:
type: choice
required: false
options:
- t3a.small # 2 GB RAM / $10
permissions:
id-token: write
contents: write
jobs:
build-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout Repo Code
uses: actions/checkout@v4
- name: Free Disk Space (Ubuntu)
if: inputs.rebuild && inputs.action != 'destroy'
uses: jlumbroso/free-disk-space@main
with:
tool-cache: true
# Enable access to KVM, required to build an image
- name: Enable KVM group perms
if: inputs.rebuild && inputs.action != 'destroy'
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
# Login to AWS
- name: AWS Assume Role
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::286370965832:role/github_actions_admin
aws-region: us-east-1
# Install Nix
- name: Install Nix
if: inputs.rebuild && inputs.action != 'destroy'
uses: cachix/install-nix-action@v20
# Build the image
- name: Build Image
if: inputs.rebuild && inputs.action != 'destroy'
run: nix build .#arrow-aws
- name: Upload Image to S3
if: inputs.rebuild && inputs.action != 'destroy'
run: |
aws s3 cp \
result/nixos-amazon-image-*.vhd \
s3://${{ secrets.IMAGES_BUCKET }}/arrow.vhd \
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform fmt -no-color -check -diff -recursive
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform init \
-backend-config="bucket=${{ secrets.TERRAFORM_STATE_BUCKET }}" \
-backend-config="key=arrow.tfstate"
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: inputs.action == 'create'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
env:
TF_VAR_ec2_size: ${{ inputs.size }}
TF_VAR_images_bucket: ${{ secrets.IMAGES_BUCKET }}
run: |
terraform apply \
-auto-approve \
-input=false
# Removes infrastructure.
- name: Terraform Destroy
if: inputs.action == 'destroy'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
env:
TF_VAR_ec2_size: ${{ inputs.size }}
TF_VAR_images_bucket: ${{ secrets.IMAGES_BUCKET }}
run: |
terraform destroy \
-auto-approve \
-input=false
- name: Get Host IP
if: inputs.action == 'create'
id: host
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform output -raw host_ip
- name: Wait on SSH
if: inputs.action == 'create'
run: |
for i in $(seq 1 15); do
if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
exit 0
fi
sleep 10
done
- name: Write Identity Keys to Files
if: inputs.action == 'create'
run: |
echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
chmod 0600 deploy_ed25519
echo "${{ env.ARROW_IDENTITY_BASE64 }}" | base64 -d > arrow_ed25519
chmod 0600 arrow_ed25519
- name: Copy Identity File to Host
if: inputs.action == 'create'
run: |
ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
scp -i deploy_ed25519 arrow_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519
- name: Wipe Records
if: ${{ inputs.action == 'destroy' }}
run: |
RECORD_ID=$(curl --request GET \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}" | jq -r '.result[] | select(.name == "n8n2.${{ env.ZONE_NAME }}") | .id')
curl --request DELETE \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records/${RECORD_ID} \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}"

154
.github/workflows/arrow.yml vendored
View File

@ -1,154 +0,0 @@
name: Arrow
run-name: Arrow - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
env:
TERRAFORM_DIRECTORY: hosts/arrow/vultr
DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
CLOUDFLARE_R2_ENDPOINT: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_KEY }}
AWS_DEFAULT_REGION: auto
AWS_ENDPOINT_URL_S3: "https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
TF_VAR_vultr_api_key: ${{ secrets.VULTR_API_KEY }}
ZONE_NAME: masu.rs
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
on:
workflow_dispatch:
inputs:
rebuild:
type: boolean
default: false
action:
type: choice
required: true
default: create
options:
- create
- destroy
- nothing
plan:
type: choice
required: false
options:
- vc2-1c-1gb # 25 GB / $5
- vc2-1c-2gb # 55 GB / $10 (default)
- vc2-2c-2gb # 65 GB / $15
- vc2-2c-4gb # 80 GB / $20
- vc2-4c-8gb # 160 GB / $40
- vc2-6c-16gb # 320 GB / $80
jobs:
build-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout Repo Code
uses: actions/checkout@v4
# Enable access to KVM, required to build an image
- name: Enable KVM group perms
if: inputs.rebuild && inputs.action != 'destroy'
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
# Install Nix
- name: Install Nix
if: inputs.rebuild && inputs.action != 'destroy'
uses: cachix/install-nix-action@v17
# Build the image
- name: Build Image
if: inputs.rebuild && inputs.action != 'destroy'
run: nix build .#arrow
- name: Upload Image to S3
if: inputs.rebuild && inputs.action != 'destroy'
run: |
aws s3 cp \
result/iso/nixos.iso \
s3://noahmasur-arrow-images/arrow.iso \
--endpoint-url "https://${{ env.CLOUDFLARE_R2_ENDPOINT }}"
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform fmt -no-color -check -diff -recursive
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform init
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: inputs.action == 'create'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
env:
TF_VAR_vultr_plan: ${{ inputs.plan }}
run: |
terraform apply \
-auto-approve \
-input=false
# Removes infrastructure.
- name: Terraform Destroy
if: inputs.action == 'destroy'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform destroy \
-auto-approve \
-input=false
- name: Get Host IP
if: inputs.action == 'create'
id: host
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform output -raw host_ip
- name: Wait on SSH
if: inputs.action == 'create'
run: |
for i in $(seq 1 15); do
if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
exit 0
fi
sleep 10
done
- name: Write Identity Keys to Files
if: inputs.action == 'create'
run: |
echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
chmod 0600 deploy_ed25519
echo "${{ env.ARROW_IDENTITY_BASE64 }}" | base64 -d > arrow_ed25519
chmod 0600 arrow_ed25519
- name: Copy Identity File to Host
if: inputs.action == 'create'
run: |
ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
scp -i deploy_ed25519 arrow_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519
- name: Wipe Records
if: ${{ inputs.action == 'destroy' }}
run: |
RECORD_ID=$(curl --request GET \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}" | jq -r '.result[] | select(.name == "n8n2.${{ env.ZONE_NAME }}") | .id')
curl --request DELETE \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records/${RECORD_ID} \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}"

6
.github/workflows/check.yml vendored
View File

@ -11,10 +11,10 @@ jobs:
- name: Checkout Repository - name: Checkout Repository
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Install Nix - name: Install Nix
uses: DeterminateSystems/nix-installer-action@v11 uses: DeterminateSystems/nix-installer-action@v4
- name: Check Nixpkgs Inputs - name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v7 uses: DeterminateSystems/flake-checker-action@v5
- name: Add Nix Cache - name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v6 uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Check the Flake - name: Check the Flake
run: nix flake check run: nix flake check

29
.github/workflows/update.yml vendored
View File

@ -3,12 +3,11 @@ name: Update Flake
on: on:
workflow_dispatch: # allows manual triggering workflow_dispatch: # allows manual triggering
schedule: schedule:
- cron: '33 3 * * 6' # runs weekly on Saturday at 03:33 - cron: '33 3 * * 0' # runs weekly on Sunday at 03:33
permissions: permissions:
contents: write contents: write
pull-requests: write pull-requests: write
checks: write
jobs: jobs:
lockfile: lockfile:
@ -18,39 +17,21 @@ jobs:
- name: Checkout Repository - name: Checkout Repository
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Install Nix - name: Install Nix
uses: DeterminateSystems/nix-installer-action@v11 uses: DeterminateSystems/nix-installer-action@v4
with:
nix-package-url: https://releases.nixos.org/nix/nix-2.18.4/nix-2.18.4-x86_64-linux.tar.xz
- name: Check Nixpkgs Inputs - name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v7 uses: DeterminateSystems/flake-checker-action@v5
- name: Add Nix Cache - name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v6 uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Update flake.lock - name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v23 uses: DeterminateSystems/update-flake-lock@v19
id: update id: update
with: with:
pr-title: "Update flake.lock" # Title of PR to be created pr-title: "Update flake.lock" # Title of PR to be created
pr-labels: | # Labels to be set on the PR pr-labels: | # Labels to be set on the PR
dependencies dependencies
automated automated
pr-body: |
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
{{ env.GIT_COMMIT_MESSAGE }}
```
- name: Check the Flake - name: Check the Flake
id: check
run: nix flake check run: nix flake check
- name: Update Check Status
uses: LouisBrunner/checks-action@v1.6.1
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: Update Flake
conclusion: ${{ job.status }}
output: |
{"summary":"${{ steps.check.outputs.stdout }}"}
- name: Enable Pull Request Automerge - name: Enable Pull Request Automerge
if: success() if: success()
run: | run: |

1
.gitignore vendored
View File

@ -1,7 +1,6 @@
.DS_Store .DS_Store
*.bak *.bak
*.db *.db
*.qcow2
**/.direnv/** **/.direnv/**
result result
private/** private/**

28
README.md
View File

@ -9,7 +9,7 @@ configuration may be difficult to translate to a non-Nix system.
## System Features ## System Features
| Feature | Program | Configuration | | Feature | Program | Configuration |
|----------------|-----------------------------------------------------|-----------------------------------------------| | --- | --- | --- |
| OS | [NixOS](https://nixos.org) | [Link](./modules/nixos) | | OS | [NixOS](https://nixos.org) | [Link](./modules/nixos) |
| Display Server | [X11](https://www.x.org/wiki/) | [Link](./modules/nixos/graphical/xorg.nix) | | Display Server | [X11](https://www.x.org/wiki/) | [Link](./modules/nixos/graphical/xorg.nix) |
| Compositor | [Picom](https://github.com/yshui/picom) | [Link](./modules/nixos/graphical/picom.nix) | | Compositor | [Picom](https://github.com/yshui/picom) | [Link](./modules/nixos/graphical/picom.nix) |
@ -21,11 +21,11 @@ configuration may be difficult to translate to a non-Nix system.
## User Features ## User Features
| Feature | Program | Configuration | | Feature | Program | Configuration |
|--------------|----------------------------------------------------------------------------------|----------------------------------------------------| | --- | --- | --- |
| Dotfiles | [Home-Manager](https://github.com/nix-community/home-manager) | [Link](./modules/common) | | Dotfiles | [Home-Manager](https://github.com/nix-community/home-manager) | [Link](./modules/common) |
| Terminal | [Kitty](https://sw.kovidgoyal.net/kitty/) | [Link](./modules/common/applications/kitty.nix) | | Terminal | [Kitty](https://sw.kovidgoyal.net/kitty/) | [Link](./modules/common/applications/kitty.nix) |
| Shell | [Fish](https://fishshell.com/) | [Link](./modules/common/shell/fish) | | Shell | [Fish](https://fishshell.com/) | [Link](./modules/common/shell/fish) |
| Shell Prompt | [Starship](https://starship.rs/) | [Link](./modules/common/shell/starship.nix) | | Shell Prompt | [Starship](https://starship.rs/) | [Link](./modules/common/shell/starhip.nix) |
| Colorscheme | [Gruvbox](https://github.com/morhetz/gruvbox) | [Link](./colorscheme/gruvbox/default.nix) | | Colorscheme | [Gruvbox](https://github.com/morhetz/gruvbox) | [Link](./colorscheme/gruvbox/default.nix) |
| Wallpaper | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix) | | Wallpaper | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix) |
| Text Editor | [Neovim](https://neovim.io/) | [Link](./modules/common/neovim/config) | | Text Editor | [Neovim](https://neovim.io/) | [Link](./modules/common/neovim/config) |
@ -38,29 +38,9 @@ configuration may be difficult to translate to a non-Nix system.
## macOS Features ## macOS Features
| Feature | Program | Configuration | | Feature | Program | Configuration |
|----------|---------------------------------------------|--------------------------------------| | --- | --- | --- |
| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) | | Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
# Diagram
![Diagram](https://github.com/nmasur/dotfiles/assets/7386960/4cc22285-cea1-4831-b387-a82241184381)
---
# Unique Configurations
This repo contains a few more elaborate elements of configuration.
- [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
and source-controlled plugins, differing based on installed LSPs, for example.
- [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based
dynamically on enabled services rendered with Nix.
- [Grafana config](./modules/nixos/services/grafana.nix) rendered with Nix.
- Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
agenix.
- Base16 [colorschemes](./colorscheme/) applied to multiple applications,
including Firefox userChrome.
--- ---
# Installation # Installation

4
apps/default.nix
View File

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: rec {
rec {
# Show quick helper # Show quick helper
default = import ./help.nix { inherit pkgs; }; default = import ./help.nix { inherit pkgs; };
@ -31,4 +30,5 @@ rec {
# Run neovim as an app # Run neovim as an app
neovim = import ./neovim.nix { inherit pkgs; }; neovim = import ./neovim.nix { inherit pkgs; };
nvim = neovim; nvim = neovim;
} }

14
apps/encrypt-secret.nix
View File

@ -1,19 +1,19 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# nix run github:nmasur/dotfiles#encrypt-secret > private/mysecret.age # nix run github:nmasur/dotfiles#encrypt-secret > private/mysecret.age
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "encrypt-secret" ''
pkgs.writeShellScript "encrypt-secret" ''
printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2 printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2
read -p "Secret: " secret read -p "Secret: " secret
printf "\nEncrypting...\n\n" 1>&2 printf "\nEncrypting...\n\n" 1>&2
tmpfile=$(mktemp) tmpfile=$(mktemp)
echo "''${secret}" > ''${tmpfile} echo "''${secret}" > ''${tmpfile}
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
builtins.toString ../misc/public-keys
} $tmpfile
rm $tmpfile rm $tmpfile
'' '');
);
} }

14
apps/format-root.nix
View File

@ -1,12 +1,10 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# This script will partition and format drives; use at your own risk! # This script will partition and format drives; use at your own risk!
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "format-root" ''
pkgs.writeShellScript "format-root" ''
set -e set -e
DISK=$1 DISK=$1
@ -21,7 +19,7 @@
exit 1 exit 1
fi fi
${pkgs.disko}/bin/disko \ ${pkgs.disko-packaged}/bin/disko \
--mode create \ --mode create \
--dry-run \ --dry-run \
--flake "path:$(pwd)#root" \ --flake "path:$(pwd)#root" \
@ -31,11 +29,11 @@
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \ "This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
--default=false --default=false
${pkgs.disko}/bin/disko \ ${pkgs.disko-packaged}/bin/disko \
--mode create \ --mode create \
--flake "path:$(pwd)#root" \ --flake "path:$(pwd)#root" \
--arg disk "/dev/''${DISK}" --arg disk "/dev/''${DISK}"
'' '');
);
} }

10
apps/help.nix
View File

@ -1,10 +1,8 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "default" ''
pkgs.writeShellScript "default" ''
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options" ${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.' ${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
echo "" echo ""
@ -20,6 +18,6 @@
' {{ Color "15" "57" " netdata " }} {{ Italic "Connect a machine to Netdata cloud." }}' ' {{ Color "15" "57" " netdata " }} {{ Italic "Connect a machine to Netdata cloud." }}'
echo "" echo ""
echo "" echo ""
'' '');
);
} }

10
apps/installer.nix
View File

@ -1,13 +1,11 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# Inspired by https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix # Inspired by https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix
# This script will partition and format drives; use at your own risk! # This script will partition and format drives; use at your own risk!
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "installer" ''
pkgs.writeShellScript "installer" ''
set -e set -e
DISK=$1 DISK=$1
@ -45,6 +43,6 @@
mount /dev/disk/by-label/boot /mnt/boot mount /dev/disk/by-label/boot /mnt/boot
${pkgs.nixos-install-tools}/bin/nixos-install --flake github:nmasur/dotfiles#''${FLAKE} ${pkgs.nixos-install-tools}/bin/nixos-install --flake github:nmasur/dotfiles#''${FLAKE}
'' '');
);
} }

11
apps/loadkey.nix
View File

@ -1,15 +1,12 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "loadkey" ''
pkgs.writeShellScript "loadkey" ''
printf "\nEnter the seed phrase for your SSH key...\n" printf "\nEnter the seed phrase for your SSH key...\n"
printf "\nThen press ^D when complete.\n\n" printf "\nThen press ^D when complete.\n\n"
mkdir -p ~/.ssh/
${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519 ${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519
printf "\n\nContinuing activation.\n\n" printf "\n\nContinuing activation.\n\n"
'' '');
);
} }

4
apps/neovim.nix
View File

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
@ -9,4 +8,5 @@
colors = (import ../colorscheme/nord).dark; colors = (import ../colorscheme/nord).dark;
}) })
}/bin/nvim"; }/bin/nvim";
} }

10
apps/netdata-cloud.nix
View File

@ -1,10 +1,8 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "netdata-cloud" ''
pkgs.writeShellScript "netdata-cloud" ''
if [ "$EUID" -ne 0 ]; then if [ "$EUID" -ne 0 ]; then
echo "Please run as root" echo "Please run as root"
exit 1 exit 1
@ -16,6 +14,6 @@
chown -R netdata:netdata /var/lib/netdata chown -R netdata:netdata /var/lib/netdata
${pkgs.netdata}/bin/netdata-claim.sh -id=$(uuidgen) ${pkgs.netdata}/bin/netdata-claim.sh -id=$(uuidgen)
printf "\n\nNow restart netdata service.\n\n" printf "\n\nNow restart netdata service.\n\n"
'' '');
);
} }

10
apps/readme.nix
View File

@ -1,11 +1,9 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "readme" ''
pkgs.writeShellScript "readme" ''
${pkgs.glow}/bin/glow --pager ${builtins.toString ../README.md} ${pkgs.glow}/bin/glow --pager ${builtins.toString ../README.md}
'' '');
);
} }

10
apps/rebuild.nix
View File

@ -1,10 +1,8 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "rebuild" ''
pkgs.writeShellScript "rebuild" ''
echo ${pkgs.system} echo ${pkgs.system}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"} SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
if [ "$SYSTEM" == "darwin" ]; then if [ "$SYSTEM" == "darwin" ]; then
@ -12,6 +10,6 @@
else else
doas nixos-rebuild switch --flake ${builtins.toString ../.} doas nixos-rebuild switch --flake ${builtins.toString ../.}
fi fi
'' '');
);
} }

14
apps/reencrypt-secrets.nix
View File

@ -1,12 +1,10 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# nix run github:nmasur/dotfiles#reencrypt-secrets ./private # nix run github:nmasur/dotfiles#reencrypt-secrets ./private
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "reencrypt-secrets" ''
pkgs.writeShellScript "reencrypt-secrets" ''
if [ $# -eq 0 ]; then if [ $# -eq 0 ]; then
echo "Must provide directory to reencrypt." echo "Must provide directory to reencrypt."
exit 1 exit 1
@ -18,10 +16,12 @@
${pkgs.age}/bin/age --decrypt \ ${pkgs.age}/bin/age --decrypt \
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile --identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
echo "Encrypting ''${encryptedfile}..." echo "Encrypting ''${encryptedfile}..."
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile > $encryptedfile ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
builtins.toString ../misc/public-keys
} $tmpfile > $encryptedfile
rm $tmpfile rm $tmpfile
done done
echo "Finished." echo "Finished."
'' '');
);
} }

6
colorscheme/everforest/default.nix
View File

@ -16,7 +16,9 @@
base0B = "#dbbc7f"; # Strings, Inherited Class, Markup Code, Diff Inserted base0B = "#dbbc7f"; # Strings, Inherited Class, Markup Code, Diff Inserted
base0C = "#e69875"; # Support, Regular Expressions, Escape Characters, ... base0C = "#e69875"; # Support, Regular Expressions, Escape Characters, ...
base0D = "#a7c080"; # Functions, Methods, Attribute IDs, Headings base0D = "#a7c080"; # Functions, Methods, Attribute IDs, Headings
base0E = "#e67e80"; # Keywords, Storage, Selector, Markup Italic, Diff Changed base0E =
base0F = "#d699b6"; # Deprecated, Opening/Closing Embedded Language Tags, ... "#e67e80"; # Keywords, Storage, Selector, Markup Italic, Diff Changed
base0F =
"#d699b6"; # Deprecated, Opening/Closing Embedded Language Tags, ...
}; };
} }

3
colorscheme/gruvbox-dark/default.nix
View File

@ -2,7 +2,8 @@
{ {
name = "gruvbox-dark"; # Dark, Medium name = "gruvbox-dark"; # Dark, Medium
author = "Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox), ElRastaOk (https://www.reddit.com/user/ElRastaOk)"; author =
"Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox), ElRastaOk (https://www.reddit.com/user/ElRastaOk)";
dark = { dark = {
base00 = "#1D2122"; # ---- This is the change from normal gruvbox base00 = "#1D2122"; # ---- This is the change from normal gruvbox
base01 = "#3c3836"; # --- base01 = "#3c3836"; # ---

3
colorscheme/gruvbox/default.nix
View File

@ -1,6 +1,7 @@
{ {
name = "gruvbox"; # Dark, Medium name = "gruvbox"; # Dark, Medium
author = "Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox)"; author =
"Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox)";
dark = { dark = {
base00 = "#282828"; # ---- base00 = "#282828"; # ----
base01 = "#3c3836"; # --- base01 = "#3c3836"; # ---

39
disks/root.nix
View File

@ -1,38 +1,41 @@
{ disk, ... }: { disk, ... }: {
{
disk = { disk = {
boot = { boot = {
type = "disk"; type = "disk";
device = disk; device = disk;
content = { content = {
type = "gpt"; type = "table";
partitions = { format = "gpt";
partitions = [
# Boot partition # Boot partition
ESP = rec { {
size = "512MiB"; name = "ESP";
type = "EF00"; start = "0";
label = "boot"; end = "512MiB";
device = "/dev/disk/by-label/${label}"; fs-type = "fat32";
bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
extraArgs = [ "-n ${label}" ]; extraArgs = [ "-n boot" ];
};
}; };
}
# Root partition ext4 # Root partition ext4
root = rec { {
size = "100%"; name = "root";
label = "nixos"; start = "512MiB";
device = "/dev/disk/by-label/${label}"; end = "100%";
part-type = "primary";
bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "ext4";
mountpoint = "/"; mountpoint = "/";
extraArgs = [ "-L ${label}" ]; extraArgs = [ "-L nixos" ];
};
};
}; };
}
];
}; };
}; };
}; };

9
disks/zfs.nix
View File

@ -1,5 +1,4 @@
{ pool, disks, ... }: { pool, disks, ... }: {
{
disk = lib.genAttrs disks (disk: { disk = lib.genAttrs disks (disk: {
"${disk}" = { "${disk}" = {
type = "disk"; type = "disk";
@ -7,8 +6,7 @@
content = { content = {
type = "table"; type = "table";
format = "gpt"; format = "gpt";
partitions = [ partitions = [{
{
type = "partition"; type = "partition";
name = "zfs"; name = "zfs";
start = "128MiB"; start = "128MiB";
@ -17,8 +15,7 @@
type = "zfs"; type = "zfs";
pool = pool; pool = pool;
}; };
} }];
];
}; };
}; };
}); });

18
docs/installation.md
View File

@ -49,25 +49,19 @@ move the `windows/alacritty.yml` file to
To get started on a bare macOS installation, first install Nix: To get started on a bare macOS installation, first install Nix:
```bash ```bash
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install sh -c "$(curl -L https://nixos.org/nix/install)"
``` ```
Launch a new shell. Then use Nix to switch to the macOS configuration: Then use Nix to build nix-darwin:
```bash ```bash
sudo rm /etc/bashrc nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
sudo rm /etc/nix/nix.conf ./result/bin/darwin-installer
export NIX_SSL_CERT_FILE="$HOME/Documents/t2-ca-bundle.pem"
nix \
--extra-experimental-features flakes \
--extra-experimental-features nix-command \
run nix-darwin -- switch \
--flake github:nmasur/dotfiles#lookingglass
``` ```
Once installed, you can continue to update the macOS configuration: Then switch to the macOS configuration:
```bash ```bash
darwin-rebuild switch --flake ~/dev/personal/dotfiles darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
``` ```

17
docs/repair-nextcloud.md
View File

@ -63,20 +63,3 @@ Use this mysqldump command:
sudo -u nextcloud mysqldump -S /run/mysqld/mysqld.sock --default-character-set=utf8mb4 nextcloud > backup.sql sudo -u nextcloud mysqldump -S /run/mysqld/mysqld.sock --default-character-set=utf8mb4 nextcloud > backup.sql
``` ```
## Converting to Postgres
Same as MySQL, but run this command instead:
```
sudo -u nextcloud nextcloud-occ db:convert-type pgsql nextcloud /run/postgresql/ nextcloud
```
Then set the `dbtype` to `pgsql`.
## Backing Up Postgres Database
Use this pg_dump command:
```
sudo -u nextcloud pg_dump nextcloud > backup.sql
```

715
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

317
flake.nix
View File

@ -7,28 +7,24 @@
# Used for system packages # Used for system packages
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Used for specific stable packages # Update to keyd 2.4.3 not yet in nixpkgs-unstable
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; # https://github.com/NixOS/nixpkgs/pull/245327
nixpkgs-keyd.url = "github:JohnAZoidberg/nixpkgs/keyd-2.4.3";
# Used for caddy plugins
nixpkgs-caddy.url = "github:jpds/nixpkgs/caddy-external-plugins";
# Used for MacOS system config # Used for MacOS system config
darwin = { darwin = {
url = "github:lnl7/nix-darwin/master"; url = "github:/lnl7/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Used for Windows Subsystem for Linux compatibility # Used for Windows Subsystem for Linux compatibility
wsl = { wsl.url = "github:nix-community/NixOS-WSL";
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
# Used for user packages and dotfiles # Used for user packages and dotfiles
home-manager = { home-manager = {
url = "github:nix-community/home-manager/master"; url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list for their inputs inputs.nixpkgs.follows =
"nixpkgs"; # Use system packages list for their inputs
}; };
# Community packages; used for Firefox extensions # Community packages; used for Firefox extensions
@ -40,12 +36,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Better App install management in macOS
mac-app-util = {
url = "github:hraban/mac-app-util";
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list for their inputs
};
# Manage disk format and partitioning # Manage disk format and partitioning
disko = { disko = {
url = "github:nix-community/disko"; url = "github:nix-community/disko";
@ -70,33 +60,41 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Neovim plugins # Nix language server
base16-nvim-src = { nil = {
url = "github:RRethy/base16-nvim"; url = "github:oxalica/nil/2023-08-09";
flake = false; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Neovim plugins
nvim-lspconfig-src = { nvim-lspconfig-src = {
# https://github.com/neovim/nvim-lspconfig/tags # https://github.com/neovim/nvim-lspconfig/tags
url = "github:neovim/nvim-lspconfig/v0.1.8"; url = "github:neovim/nvim-lspconfig/v0.1.6";
flake = false; flake = false;
}; };
cmp-nvim-lsp-src = { cmp-nvim-lsp-src = {
url = "github:hrsh7th/cmp-nvim-lsp"; url = "github:hrsh7th/cmp-nvim-lsp";
flake = false; flake = false;
}; };
null-ls-nvim-src = {
url = "github:jose-elias-alvarez/null-ls.nvim";
flake = false;
};
baleia-nvim-src = { baleia-nvim-src = {
# https://github.com/m00qek/baleia.nvim/tags
url = "github:m00qek/baleia.nvim"; url = "github:m00qek/baleia.nvim";
flake = false; flake = false;
}; };
Comment-nvim-src = {
url = "github:numToStr/Comment.nvim/v0.8.0";
flake = false;
};
nvim-treesitter-src = { nvim-treesitter-src = {
# https://github.com/nvim-treesitter/nvim-treesitter/tags # https://github.com/nvim-treesitter/nvim-treesitter/tags
url = "github:nvim-treesitter/nvim-treesitter/v0.9.2"; url = "github:nvim-treesitter/nvim-treesitter/master";
flake = false; flake = false;
}; };
telescope-nvim-src = { telescope-nvim-src = {
# https://github.com/nvim-telescope/telescope.nvim/releases url = "github:nvim-telescope/telescope.nvim/0.1.2";
url = "github:nvim-telescope/telescope.nvim/0.1.8";
flake = false; flake = false;
}; };
telescope-project-nvim-src = { telescope-project-nvim-src = {
@ -104,40 +102,25 @@
flake = false; flake = false;
}; };
toggleterm-nvim-src = { toggleterm-nvim-src = {
# https://github.com/akinsho/toggleterm.nvim/tags url = "github:akinsho/toggleterm.nvim/v2.7.0";
url = "github:akinsho/toggleterm.nvim/v2.12.0";
flake = false; flake = false;
}; };
bufferline-nvim-src = { bufferline-nvim-src = {
# https://github.com/akinsho/bufferline.nvim/releases url = "github:akinsho/bufferline.nvim/v4.2.0";
url = "github:akinsho/bufferline.nvim/v4.6.1";
flake = false; flake = false;
}; };
nvim-tree-lua-src = { nvim-tree-lua-src = {
url = "github:kyazdani42/nvim-tree.lua"; url = "github:kyazdani42/nvim-tree.lua";
flake = false; flake = false;
}; };
vscode-terraform-snippets = {
url = "github:run-at-scale/vscode-terraform-doc-snippets";
flake = false;
};
hmts-nvim-src = { hmts-nvim-src = {
url = "github:calops/hmts.nvim"; url = "github:calops/hmts.nvim";
flake = false; flake = false;
}; };
fidget-nvim-src = {
# https://github.com/j-hui/fidget.nvim/tags
url = "github:j-hui/fidget.nvim/v1.4.5";
flake = false;
};
nvim-lint-src = {
url = "github:mfussenegger/nvim-lint";
flake = false;
};
tiny-inline-diagnostic-nvim-src = {
url = "github:rachartier/tiny-inline-diagnostic.nvim";
flake = false;
};
snipe-nvim-src = {
url = "github:leath-dub/snipe.nvim";
flake = false;
};
# Tree-Sitter Grammars # Tree-Sitter Grammars
tree-sitter-bash = { tree-sitter-bash = {
@ -164,10 +147,6 @@
url = "github:Fymyte/tree-sitter-rasi"; url = "github:Fymyte/tree-sitter-rasi";
flake = false; flake = false;
}; };
tree-sitter-vimdoc = {
url = "github:neovim/tree-sitter-vimdoc";
flake = false;
};
# MPV Scripts # MPV Scripts
zenyd-mpv-scripts = { zenyd-mpv-scripts = {
@ -175,70 +154,50 @@
flake = false; flake = false;
}; };
# Git alternative # Age encryption (pin because of failed builds)
# Fixes: https://github.com/martinvonz/jj/issues/4784 age = {
jujutsu = { url = "github:FiloSottile/age/v1.1.1";
url = "github:martinvonz/jj";
inputs.nixpkgs.follows = "nixpkgs";
};
# Ren and rep - CLI find and replace
rep = {
url = "github:robenkleene/rep-grep";
flake = false;
};
ren = {
url = "github:robenkleene/ren-find";
flake = false; flake = false;
}; };
gh-collaborators = { # GE version of Proton for game compatibility
url = "github:katiem0/gh-collaborators"; # Alternatively, could consider using https://github.com/fufexan/nix-gaming
flake = false; proton-ge = {
}; # https://github.com/GloriousEggroll/proton-ge-custom/releases
url =
# Clipboard over SSH "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz";
osc = {
url = "github:theimpostor/osc/v0.4.6";
flake = false; flake = false;
}; };
# Nextcloud Apps # Nextcloud Apps
nextcloud-news = { nextcloud-news = {
# https://github.com/nextcloud/news/releases # https://github.com/nextcloud/news/releases
url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha12/news.tar.gz"; url =
"https://github.com/nextcloud/news/releases/download/24.0.0/news.tar.gz";
flake = false; flake = false;
}; };
nextcloud-external = { nextcloud-external = {
# https://github.com/nextcloud-releases/external/releases # https://github.com/nextcloud-releases/external/releases
url = "https://github.com/nextcloud-releases/external/releases/download/v5.5.2/external-v5.5.2.tar.gz"; url =
"https://github.com/nextcloud-releases/external/releases/download/v5.2.1/external-v5.2.1.tar.gz";
flake = false; flake = false;
}; };
nextcloud-cookbook = { nextcloud-cookbook = {
# https://github.com/christianlupus-nextcloud/cookbook-releases/releases/ # https://github.com/nextcloud/cookbook/releases
url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.2/cookbook-0.11.2.tar.gz"; url =
"https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
flake = false; flake = false;
}; };
nextcloud-snappymail = {
# https://github.com/the-djmaze/snappymail/releases
# https://snappymail.eu/repository/nextcloud
url = "https://snappymail.eu/repository/nextcloud/snappymail-2.38.2-nextcloud.tar.gz";
# url = "https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.3/snappymail-2.36.3-nextcloud.tar.gz";
flake = false;
};
};
outputs = };
{ nixpkgs, ... }@inputs:
outputs = { nixpkgs, ... }@inputs:
let let
# Global configuration for my systems # Global configuration for my systems
globals = globals = let baseName = "masu.rs";
let in rec {
baseName = "masu.rs";
in
rec {
user = "noah"; user = "noah";
fullName = "Noah Masur"; fullName = "Noah Masur";
gitName = fullName; gitName = fullName;
@ -248,62 +207,46 @@
mail.smtpHost = "smtp.purelymail.com"; mail.smtpHost = "smtp.purelymail.com";
dotfilesRepo = "https://github.com/nmasur/dotfiles"; dotfilesRepo = "https://github.com/nmasur/dotfiles";
hostnames = { hostnames = {
audiobooks = "read.${baseName}";
budget = "money.${baseName}";
files = "files.${baseName}";
git = "git.${baseName}"; git = "git.${baseName}";
influxdb = "influxdb.${baseName}";
irc = "irc.${baseName}";
metrics = "metrics.${baseName}"; metrics = "metrics.${baseName}";
minecraft = "minecraft.${baseName}";
n8n = "n8n.${baseName}";
notifications = "ntfy.${baseName}";
prometheus = "prom.${baseName}"; prometheus = "prom.${baseName}";
paperless = "paper.${baseName}";
photos = "photos.${baseName}";
secrets = "vault.${baseName}"; secrets = "vault.${baseName}";
stream = "stream.${baseName}"; stream = "stream.${baseName}";
content = "cloud.${baseName}"; content = "cloud.${baseName}";
books = "books.${baseName}"; books = "books.${baseName}";
download = "download.${baseName}"; download = "download.${baseName}";
status = "status.${baseName}";
transmission = "transmission.${baseName}";
}; };
}; };
# Common overlays to always use # Common overlays to always use
overlays = [ overlays = [
inputs.nur.overlays.default inputs.nur.overlay
inputs.nix2vim.overlay inputs.nix2vim.overlay
inputs.jujutsu.overlays.default # Fix: https://github.com/martinvonz/jj/issues/4784
(import ./overlays/neovim-plugins.nix inputs) (import ./overlays/neovim-plugins.nix inputs)
(import ./overlays/calibre-web.nix)
(import ./overlays/disko.nix inputs)
(import ./overlays/tree-sitter.nix inputs) (import ./overlays/tree-sitter.nix inputs)
(import ./overlays/caddy.nix inputs)
(import ./overlays/mpv-scripts.nix inputs) (import ./overlays/mpv-scripts.nix inputs)
(import ./overlays/nextcloud-apps.nix inputs) (import ./overlays/nextcloud-apps.nix inputs)
(import ./overlays/betterlockscreen.nix) (import ./overlays/betterlockscreen.nix)
(import ./overlays/gh-collaborators.nix inputs) (import ./overlays/age.nix inputs)
(import ./overlays/osc.nix inputs) (import ./overlays/proton-ge.nix inputs)
(import ./overlays/ren-rep.nix inputs) (import ./overlays/keyd.nix inputs)
(import ./overlays/volnoti.nix)
]; ];
# System types to support. # System types to support.
supportedSystems = [ supportedSystems =
"x86_64-linux" [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
"x86_64-darwin"
"aarch64-linux"
"aarch64-darwin"
];
# Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'. # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
forAllSystems = nixpkgs.lib.genAttrs supportedSystems; forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in
rec { in rec {
# Contains my full system builds, including home-manager # Contains my full system builds, including home-manager
# nixos-rebuild switch --flake .#tempest # nixos-rebuild switch --flake .#tempest
nixosConfigurations = { nixosConfigurations = {
arrow = import ./hosts/arrow { inherit inputs globals overlays; };
tempest = import ./hosts/tempest { inherit inputs globals overlays; }; tempest = import ./hosts/tempest { inherit inputs globals overlays; };
hydra = import ./hosts/hydra { inherit inputs globals overlays; }; hydra = import ./hosts/hydra { inherit inputs globals overlays; };
flame = import ./hosts/flame { inherit inputs globals overlays; }; flame = import ./hosts/flame { inherit inputs globals overlays; };
@ -313,76 +256,36 @@
# Contains my full Mac system builds, including home-manager # Contains my full Mac system builds, including home-manager
# darwin-rebuild switch --flake .#lookingglass # darwin-rebuild switch --flake .#lookingglass
darwinConfigurations = { darwinConfigurations = {
lookingglass = import ./hosts/lookingglass { inherit inputs globals overlays; }; lookingglass =
import ./hosts/lookingglass { inherit inputs globals overlays; };
}; };
# For quickly applying home-manager settings with: # For quickly applying home-manager settings with:
# home-manager switch --flake .#tempest # home-manager switch --flake .#tempest
homeConfigurations = { homeConfigurations = {
tempest = nixosConfigurations.tempest.config.home-manager.users.${globals.user}.home; tempest =
lookingglass = darwinConfigurations.lookingglass.config.home-manager.users."Noah.Masur".home; nixosConfigurations.tempest.config.home-manager.users.${globals.user}.home;
lookingglass =
darwinConfigurations.lookingglass.config.home-manager.users."Noah.Masur".home;
}; };
# Disk formatting, only used once # Disk formatting, only used once
diskoConfigurations = { diskoConfigurations = { root = import ./disks/root.nix; };
root = import ./disks/root.nix;
};
packages = packages = let
let aws = system:
staff = import ./hosts/aws { inherit inputs globals overlays system; };
system: staff = system:
import ./hosts/staff { import ./hosts/staff { inherit inputs globals overlays system; };
inherit neovim = system:
inputs let pkgs = import nixpkgs { inherit system overlays; };
globals in import ./modules/common/neovim/package {
overlays
system
;
};
neovim =
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
import ./modules/common/neovim/package {
inherit pkgs; inherit pkgs;
colors = (import ./colorscheme/gruvbox-dark).dark; colors = (import ./colorscheme/gruvbox-dark).dark;
}; };
in in {
{ x86_64-linux.aws = aws "x86_64-linux";
x86_64-linux.staff = staff "x86_64-linux"; x86_64-linux.staff = staff "x86_64-linux";
x86_64-linux.arrow = inputs.nixos-generators.nixosGenerate rec {
system = "x86_64-linux";
format = "iso";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; };
};
x86_64-linux.arrow-aws = inputs.nixos-generators.nixosGenerate rec {
system = "x86_64-linux";
format = "amazon";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; } ++ [
(
{ ... }:
{
boot.kernelPackages = inputs.nixpkgs.legacyPackages.x86_64-linux.linuxKernel.packages.linux_6_6;
amazonImage.sizeMB = 16 * 1024;
permitRootLogin = "prohibit-password";
boot.loader.systemd-boot.enable = inputs.nixpkgs.lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = inputs.nixpkgs.lib.mkForce false;
services.amazon-ssm-agent.enable = true;
users.users.ssm-user.extraGroups = [ "wheel" ];
}
)
];
};
# Package Neovim config into standalone package # Package Neovim config into standalone package
x86_64-linux.neovim = neovim "x86_64-linux"; x86_64-linux.neovim = neovim "x86_64-linux";
@ -392,44 +295,28 @@
}; };
# Programs that can be run by calling this flake # Programs that can be run by calling this flake
apps = forAllSystems ( apps = forAllSystems (system:
system: let pkgs = import nixpkgs { inherit system overlays; };
let in import ./apps { inherit pkgs; });
pkgs = import nixpkgs { inherit system overlays; };
in
import ./apps { inherit pkgs; }
);
# Development environments # Development environments
devShells = forAllSystems ( devShells = forAllSystems (system:
system: let pkgs = import nixpkgs { inherit system overlays; };
let in {
pkgs = import nixpkgs { inherit system overlays; };
in
{
# Used to run commands and edit files in this repo # Used to run commands and edit files in this repo
default = pkgs.mkShell { default = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [ git stylua nixfmt shfmt shellcheck ];
git
stylua
nixfmt-rfc-style
shfmt
shellcheck
];
}; };
}
);
checks = forAllSystems ( });
system:
let checks = forAllSystems (system:
pkgs = import nixpkgs { inherit system overlays; }; let pkgs = import nixpkgs { inherit system overlays; };
in in {
{ neovim = pkgs.runCommand "neovim-check-health" {
neovim = buildInputs = [ inputs.self.packages.${system}.neovim ];
pkgs.runCommand "neovim-check-health" { buildInputs = [ inputs.self.packages.${system}.neovim ]; } } ''
''
mkdir -p $out mkdir -p $out
export HOME=$TMPDIR export HOME=$TMPDIR
nvim -c "checkhealth" -c "write $out/health.log" -c "quitall" nvim -c "checkhealth" -c "write $out/health.log" -c "quitall"
@ -440,16 +327,7 @@
exit 1 exit 1
fi fi
''; '';
} });
);
formatter = forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
pkgs.nixfmt-rfc-style
);
# Templates for starting other projects quickly # Templates for starting other projects quickly
templates = rec { templates = rec {
@ -470,10 +348,7 @@
path = ./templates/haskell; path = ./templates/haskell;
description = "Haskell template"; description = "Haskell template";
}; };
rust = {
path = ./templates/rust;
description = "Rust template";
};
}; };
}; };
} }

12
hosts/README.md
View File

@ -12,15 +12,3 @@ These are the individual machines managed by this flake.
| [swan](./swan/default.nix) | Home server | | [swan](./swan/default.nix) | Home server |
| [tempest](./tempest/default.nix) | Linux desktop | | [tempest](./tempest/default.nix) | Linux desktop |
## NixOS Workflow
Each hosts file is imported into [nixosConfigurations](../flake.nix) and passed
the arguments from the flake (inputs, globals, overlays). The `nixosSystem`
function in that hosts file will be called by the NixOS module system during a
nixos-rebuild.
Each module in the each host's `modules` list is either a function or an
attrset. The attrsets will simply apply values to options that have been
declared in the config by other modules. Meanwhile, the functions will be
passed various arguments, several of which you will see listed at the top of
each of their files.

98
hosts/arrow/aws/ec2.tf
View File

@ -1,98 +0,0 @@
resource "aws_instance" "instance" {
ami = aws_ami.image.id
iam_instance_profile = aws_iam_instance_profile.instance.name
instance_type = var.ec2_size
vpc_security_group_ids = [aws_security_group.instance.id]
tags = {
Name = "aws-nixos"
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_ec2_instance_state" "instance" {
instance_id = aws_instance.instance.id
state = "running"
}
data "aws_vpc" "vpc" {
default = true
}
resource "aws_security_group" "instance" {
name = "aws-nixos"
description = "Allow SSH and HTTPS"
vpc_id = data.aws_vpc.vpc.id
ingress {
description = "Ping"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
}
# Setup IAM for the instance to use SSM
data "aws_iam_policy_document" "ec2_assume_role" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "instance_profile" {
statement {
actions = [
"s3:ListAllMyBuckets",
]
resources = ["*"]
}
}
resource "aws_iam_role" "instance_profile" {
name = "nixos"
assume_role_policy = data.aws_iam_policy_document.ec2_assume_role.json
inline_policy {
name = "instance-profile"
policy = data.aws_iam_policy_document.instance_profile.json
}
}
resource "aws_iam_role_policy_attachment" "instance_ssm" {
role = aws_iam_role.instance_profile.name
policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}
resource "aws_iam_instance_profile" "instance" {
name = "nixos"
role = aws_iam_role.instance_profile.name
}

13
hosts/arrow/aws/main.tf
View File

@ -1,13 +0,0 @@
terraform {
backend "s3" {
region = "us-east-1"
dynamodb_table = "terraform-state-lock"
}
required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.42.0"
}
}
}

3
hosts/arrow/aws/outputs.tf
View File

@ -1,3 +0,0 @@
output "host_ip" {
value = aws_instance.instance.public_ip
}

10
hosts/arrow/aws/variables.tf
View File

@ -1,10 +0,0 @@
variable "ec2_size" {
type = string
description = "Size of instance to launch"
default = "t3a.small" # 2 GB RAM ($14/mo)
}
variable "images_bucket" {
description = "Name of the bucket in which to store the NixOS VM images."
type = string
}

41
hosts/arrow/default.nix
View File

@ -1,41 +0,0 @@
# The Arrow
# System configuration for temporary VM
{
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = import ./modules.nix { inherit inputs globals overlays; } ++ [
{
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
virtualisation.vmVariant = {
virtualisation.forwardPorts = [
{
from = "host";
host.port = 2222;
guest.port = 22;
}
];
};
}
];
}

32
hosts/arrow/modules.nix
View File

@ -1,32 +0,0 @@
{
inputs,
globals,
overlays,
}:
[
globals
inputs.home-manager.nixosModules.home-manager
{
nixpkgs.overlays = overlays;
networking.hostName = "arrow";
physical = false;
server = true;
gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark;
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw deploy"
];
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
cloudflare.enable = true;
services.openssh.enable = true;
services.caddy.enable = true;
services.n8n.enable = true;
# nix-index seems to eat up too much memory for Vultr
home-manager.users.${globals.user}.programs.nix-index.enable = inputs.nixpkgs.lib.mkForce false;
}
../../modules/common
../../modules/nixos
]

78
hosts/arrow/vultr/main.tf
View File

@ -1,78 +0,0 @@
terraform {
backend "s3" {
bucket = "noahmasur-terraform"
key = "arrow.tfstate"
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
skip_s3_checksum = true
use_path_style = true
/*
ENVIRONMENT VARIABLES
---------------------
AWS_ACCESS_KEY_ID - R2 token
AWS_SECRET_ACCESS_KEY - R2 secret
AWS_ENDPOINT_URL_S3 - R2 location: https://ACCOUNT_ID.r2.cloudflarestorage.com
*/
}
required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.42.0"
}
vultr = {
source = "vultr/vultr"
version = "2.19.0"
}
}
}
variable "vultr_api_key" {
type = string
description = "API key for Vultr management"
sensitive = true
}
# https://api.vultr.com/v2/plans
variable "vultr_plan" {
type = string
description = "Size of instance to launch"
default = "vc2-1c-2gb" # 55 GB SSD ($10/mo)
}
provider "aws" {
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
}
provider "vultr" {
api_key = var.vultr_api_key
}
resource "vultr_iso_private" "image" {
# url = "https://${var.cloudflare_account_id}.r2.cloudflarestorage.com/${data.aws_s3_bucket.images.id}/${aws_s3_object.image.key}"
url = "https://arrow-images.masu.rs/arrow.iso"
}
resource "vultr_instance" "arrow" {
plan = var.vultr_plan
region = "ewr"
iso_id = vultr_iso_private.image.id
label = "arrow"
tags = ["arrow"]
enable_ipv6 = false
disable_public_ipv4 = false
backups = "disabled"
ddos_protection = false
activation_email = false
}
output "host_ip" {
value = vultr_instance.arrow.main_ip
}

27
hosts/aws/default.nix Normal file
View File

@ -0,0 +1,27 @@
{ inputs, system, globals, overlays, ... }:
inputs.nixos-generators.nixosGenerate {
inherit system;
format = "amazon";
modules = [
globals
inputs.home-manager.nixosModules.home-manager
{
nixpkgs.overlays = overlays;
networking.hostName = "sheep";
gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark;
passwordHash = null;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# AWS settings require this
permitRootLogin = "prohibit-password";
}
../../modules/common
../../modules/nixos
../../modules/nixos/services/sshd.nix
] ++ [
# Required to fix diskSize errors during build
({ ... }: { amazonImage.sizeMB = 16 * 1024; })
];
}

43
hosts/arrow/aws/image.tf → hosts/aws/main.tf
View File

@ -1,23 +1,13 @@
# locals { locals {
# image_file = one(fileset(path.root, "../../../result/nixos-amazon-image-*.vhd")) image_file = one(fileset(path.root, "result/nixos-amazon-image-*.vhd"))
# }
#
# # Upload image to S3
# resource "aws_s3_object" "image" {
# bucket = var.images_bucket
# key = basename(local.image_file)
# source = local.image_file
# etag = filemd5(local.image_file)
# }
# Use existing image in S3
data "aws_s3_object" "image" {
bucket = var.images_bucket
key = "arrow.vhd"
} }
resource "terraform_data" "image_replacement" { # Upload to S3
input = data.aws_s3_object.image.etag resource "aws_s3_object" "image" {
bucket = "your_bucket_name"
key = basename(local.image_file)
source = local.image_file
etag = filemd5(local.image_file)
} }
# Setup IAM access for the VM Importer # Setup IAM access for the VM Importer
@ -39,8 +29,8 @@ data "aws_iam_policy_document" "vmimport" {
"s3:ListBucket", "s3:ListBucket",
] ]
resources = [ resources = [
"arn:aws:s3:::${data.aws_s3_object.image.bucket}", "arn:aws:s3:::${aws_s3_object.image.bucket}",
"arn:aws:s3:::${data.aws_s3_object.image.bucket}/*", "arn:aws:s3:::${aws_s3_object.image.bucket}/*",
] ]
} }
statement { statement {
@ -68,28 +58,23 @@ resource "aws_ebs_snapshot_import" "image" {
disk_container { disk_container {
format = "VHD" format = "VHD"
user_bucket { user_bucket {
s3_bucket = data.aws_s3_object.image.bucket s3_bucket = aws_s3_object.image.bucket
s3_key = data.aws_s3_object.image.key s3_key = aws_s3_object.image.key
} }
} }
role_name = aws_iam_role.vmimport.name role_name = aws_iam_role.vmimport.name
lifecycle {
replace_triggered_by = [terraform_data.image_replacement]
}
} }
# Convert to AMI # Convert to AMI
resource "aws_ami" "image" { resource "aws_ami" "image" {
description = "Created with NixOS." description = "Created with NixOS."
name = replace(basename(data.aws_s3_object.image.key), "/\\.vhd$/", "") name = replace(basename(local.image_file), "/\\.vhd$/", "")
virtualization_type = "hvm" virtualization_type = "hvm"
root_device_name = "/dev/xvda"
ena_support = true
ebs_block_device { ebs_block_device {
device_name = "/dev/xvda" device_name = "/dev/xvda"
snapshot_id = aws_ebs_snapshot_import.image.id snapshot_id = aws_ebs_snapshot_import.image.id
volume_size = 17 volume_size = 8
} }
} }

280
hosts/aws/workflow.yml Normal file
View File

@ -0,0 +1,280 @@
name: 'Terraform'
env:
AWS_ACCOUNT_NUMBER: ''
AWS_PLAN_ROLE_NAME: github_actions_plan
AWS_APPLY_ROLE_NAME: github_actions_admin
# Always required. Used for authenticating to AWS, but can also act as your
# default region if you don't want to specify in the provider configuration.
AWS_REGION: us-east-1
# You must change these to fit your project.
TF_VAR_project: change-me
TF_VAR_label: change-me
TF_VAR_owner: Your Name Here
# If storing Terraform in a subdirectory, specify it here.
TERRAFORM_DIRECTORY: .
# Pinned versions of tools to use.
# Check for new releases:
# - https://github.com/hashicorp/terraform/releases
# - https://github.com/fugue/regula/releases
# - https://github.com/terraform-linters/tflint/releases
TERRAFORM_VERSION: 1.2.6
REGULA_VERSION: 2.9.0
TFLINT_VERSION: 0.39.1
# Terraform configuration options
TERRAFORM_PARALLELISM: 10
# These variables are passed to Terraform based on GitHub information.
TF_VAR_repo: ${{ github.repository }}
# This workflow is triggered in the following ways.
on:
# Any push or merge to these branches.
push:
branches:
- dev
- prod
# Any pull request targeting these branches (plan only).
pull_request:
branches:
- dev
- prod
# Any manual trigger on these branches.
workflow_dispatch:
branches:
- dev
- prod
# -------------------------------------------------------------------
# The rest of this workflow can operate without adjustments. Edit the
# below content at your own risk!
# -------------------------------------------------------------------
# Used to connect to AWS IAM
permissions:
id-token: write
contents: read
pull-requests: write
# Only run one workflow at a time for each Terraform state. This prevents
# lockfile conflicts, especially during PR vs push.
concurrency: terraform-${{ github.base_ref || github.ref }}
jobs:
terraform:
name: 'Terraform'
# Change this if you need to run your deployment on-prem.
runs-on: ubuntu-latest
steps:
# Downloads the current repo code to the runner.
- name: Checkout Repo Code
uses: actions/checkout@v3
# Enable access to KVM, required to build an image
- name: Enable KVM group perms
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
# Login to AWS
- name: AWS Assume Role
uses: aws-actions/configure-aws-credentials@v1.6.1
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
# Install Nix
- name: Install Nix
uses: cachix/install-nix-action@v17
with:
extra_nix_config: |
substituters = s3://insert-cache-bucket https://cache.nixos.org/
trusted-public-keys = insert-cache-bucket:M6PsZjHXcLvbQyPUBLICKEYGVoNwI84g1FBQzouRU= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
# Build the image
- name: Build Image
run: nix build .#aws
# Copy the image to S3
- name: Upload Image to Cache
env:
NIX_CACHE_PRIVATE_KEY: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
run: |
echo "$NIX_CACHE_PRIVATE_KEY" > cache.key
nix store sign --key-file cache.key $(readlink result)
nix copy --to s3://t2-aws-nixos-test $(readlink result)
rm cache.key
# Exports all GitHub Secrets as environment variables prefixed by
# "TF_VAR_", which exposes them to Terraform. The name of each GitHub
# Secret must match its Terraform variable name exactly.
- name: Export Secrets to Terraform Variables
env:
ALL_SECRETS: ${{ toJson(secrets) }}
run: |
echo "$ALL_SECRETS" \
| jq "to_entries | .[] | \"TF_VAR_\" + ( .key | ascii_downcase ) + \"=\" + .value" \
| tr -d \" >> $GITHUB_ENV
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
run: |
terraform fmt -no-color -check -diff -recursive
# Downloads a Terraform code lint test.
- uses: terraform-linters/setup-tflint@v1
name: Setup TFLint
with:
tflint_version: v${{ env.TFLINT_VERSION }}
# Sets up linting with this codebase.
- name: Init TFLint
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: tflint --init
# Lints the current code.
- name: Run TFLint
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
tflint -f compact
find ./modules/* -type d -maxdepth 0 | xargs -I __ tflint -f compact --disable-rule=terraform_required_providers --disable-rule=terraform_required_version __
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform init \
-backend-config="role_arn=${{ env.AWS_STATE_ROLE_ARN }}" \
-backend-config="region=us-east-1" \
-backend-config="workspace_key_prefix=accounts/${{ env.AWS_ACCOUNT_NUMBER }}/${{ github.repository }}" \
-backend-config="key=state.tfstate" \
-backend-config="dynamodb_table=global-tf-state-lock"
# Set the Terraform Workspace to the current branch name.
- name: Set Terraform Workspace
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
shell: bash
run: |
export WORKSPACE=${{ github.base_ref || github.ref_name }}
terraform workspace select ${WORKSPACE} || terraform workspace new $WORKSPACE
echo "TF_WORKSPACE=$(echo ${WORKSPACE} | sed 's/\//_/g')" >> $GITHUB_ENV
# Checks differences between current code and infrastructure state.
- name: Terraform Plan
id: plan
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform plan \
-input=false \
-no-color \
-out=tfplan \
-parallelism=${TERRAFORM_PARALLELISM} \
-var-file=variables-${TF_WORKSPACE}.tfvars
# Gets the results of the plan for pull requests.
- name: Terraform Show Plan
id: show
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform show -no-color tfplan
# Adds the results of the plan to the pull request.
- name: Comment Plan
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
STDOUT: "```terraform\n${{ steps.show.outputs.stdout }}```"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
})
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
})
// 2. Prepare format of the comment
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
<details><summary>Validation Output</summary>
\`\`\`\n
${{ steps.validate.outputs.stdout }}
\`\`\`
</details>
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
// 3. If we have a comment, update it, otherwise create a new one
if (botComment) {
github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body: output
})
} else {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
}
# Downloads Regula and checks whether the plan meets compliance requirements.
- name: Regula Compliance Check
shell: bash
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
REGULA_URL="https://github.com/fugue/regula/releases/download/v${REGULA_VERSION}/regula_${REGULA_VERSION}_Linux_x86_64.tar.gz"
curl -sL "$REGULA_URL" -o regula.tar.gz
tar xzf regula.tar.gz
terraform show -json tfplan | ./regula run
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform apply \
-auto-approve \
-input=false \
-parallelism=${TERRAFORM_PARALLELISM} \
tfplan

45
hosts/flame/default.nix
View File

@ -1,25 +1,15 @@
# The Flame # The Flame
# System configuration for an Oracle free server # System configuration for an Oracle free server
# See [readme](../README.md) to explain how this file works.
# How to install: # How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/ # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
# These days, probably use nixos-anywhere instead. # These days, probably use nixos-anywhere instead.
{ { inputs, globals, overlays, ... }:
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem rec { inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
specialArgs = { specialArgs = { };
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = [ modules = [
globals globals
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
@ -34,11 +24,7 @@ inputs.nixpkgs.lib.nixosSystem rec {
# Not sure what's necessary but too afraid to remove anything # Not sure what's necessary but too afraid to remove anything
imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ]; imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
"xhci_pci"
"virtio_pci"
"usbhid"
];
# File systems must be declared in order to boot # File systems must be declared in order to boot
@ -61,38 +47,28 @@ inputs.nixpkgs.lib.nixosSystem rec {
gui.enable = false; gui.enable = false;
# Still require colors for programs like Neovim, K9S # Still require colors for programs like Neovim, K9S
theme = { theme = { colors = (import ../../colorscheme/gruvbox).dark; };
colors = (import ../../colorscheme/gruvbox-dark).dark;
};
# Programs and services # Programs and services
atuin.enable = true;
cloudflare.enable = true; # Proxy traffic with Cloudflare cloudflare.enable = true; # Proxy traffic with Cloudflare
dotfiles.enable = true; # Clone dotfiles dotfiles.enable = true; # Clone dotfiles
neovim.enable = true; neovim.enable = true;
giteaRunner.enable = true; giteaRunner.enable = true;
services.actualbudget.enable = true;
services.caddy.enable = true; services.caddy.enable = true;
services.grafana.enable = true; services.grafana.enable = true;
services.thelounge.enable = true;
services.openssh.enable = true; services.openssh.enable = true;
services.victoriametrics.enable = true; services.victoriametrics.enable = true;
services.influxdb2.enable = true;
services.gitea.enable = true; services.gitea.enable = true;
services.vaultwarden.enable = true; services.vaultwarden.enable = true;
services.minecraft-server.enable = true; # Setup Minecraft server services.minecraft-server.enable = true; # Setup Minecraft server
services.n8n.enable = true;
services.ntfy-sh.enable = true;
services.postgresql.enable = true;
services.uptime-kuma.enable = true;
system.autoUpgrade.enable = true;
# Allows private remote access over the internet # Allows private remote access over the internet
cloudflareTunnel = { cloudflareTunnel = {
enable = true; enable = true;
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2"; id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
credentialsFile = ../../private/cloudflared-flame.age; credentialsFile = ../../private/cloudflared-flame.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org"; ca =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
}; };
# Nextcloud backup config # Nextcloud backup config
@ -100,13 +76,11 @@ inputs.nixpkgs.lib.nixosSystem rec {
endpoint = "s3.us-west-002.backblazeb2.com"; endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup"; bucket = "noahmasur-backup";
accessKeyId = "0026b0e73b2e2c80000000005"; accessKeyId = "0026b0e73b2e2c80000000005";
resticBucket = "noahmasur-restic";
}; };
# Disable passwords, only use SSH key # Disable passwords, only use SSH key
publicKeys = [ publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
];
# # Wireguard config for Transmission # # Wireguard config for Transmission
# wireguard.enable = true; # wireguard.enable = true;
@ -136,6 +110,7 @@ inputs.nixpkgs.lib.nixosSystem rec {
# # VPN port forwarding # # VPN port forwarding
# services.transmission.settings.peer-port = 57599; # services.transmission.settings.peer-port = 57599;
} }
]; ];
} }

13
hosts/hydra/default.nix
View File

@ -1,14 +1,7 @@
# The Hydra # The Hydra
# System configuration for WSL # System configuration for WSL
# See [readme](../README.md) to explain how this file works. { inputs, globals, overlays, ... }:
{
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem { inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
@ -37,7 +30,8 @@ inputs.nixpkgs.lib.nixosSystem {
startMenuLaunchers = true; startMenuLaunchers = true;
nativeSystemd = true; nativeSystemd = true;
wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN
interop.includePath = false; # Including Windows PATH will slow down Neovim command mode interop.includePath =
false; # Including Windows PATH will slow down Neovim command mode
}; };
neovim.enable = true; neovim.enable = true;
@ -45,6 +39,7 @@ inputs.nixpkgs.lib.nixosSystem {
mail.aerc.enable = true; mail.aerc.enable = true;
mail.himalaya.enable = true; mail.himalaya.enable = true;
dotfiles.enable = true; dotfiles.enable = true;
nixlang.enable = true;
lua.enable = true; lua.enable = true;
} }
]; ];

26
hosts/lookingglass/default.nix
View File

@ -1,33 +1,23 @@
# The Looking Glass # The Looking Glass
# System configuration for my work Macbook # System configuration for my work Macbook
{ { inputs, globals, overlays, ... }:
inputs,
globals,
overlays,
...
}:
inputs.darwin.lib.darwinSystem { inputs.darwin.lib.darwinSystem {
system = "aarch64-darwin"; system = "x86_64-darwin";
specialArgs = { }; specialArgs = { };
modules = [ modules = [
../../modules/common ../../modules/common
../../modules/darwin ../../modules/darwin
( (globals // rec {
globals
// rec {
user = "Noah.Masur"; user = "Noah.Masur";
gitName = "Noah-Masur_1701"; gitName = "Noah-Masur_1701";
gitEmail = "${user}@take2games.com"; gitEmail = "${user}@take2games.com";
} })
)
inputs.home-manager.darwinModules.home-manager inputs.home-manager.darwinModules.home-manager
inputs.mac-app-util.darwinModules.default
{ {
nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays; nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays;
networking.hostName = "NYCM-NMASUR2"; networking.hostName = "lookingglass";
networking.computerName = "NYCM-NMASUR2";
identityFile = "/Users/Noah.Masur/.ssh/id_ed25519"; identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
gui.enable = true; gui.enable = true;
theme = { theme = {
@ -35,7 +25,6 @@ inputs.darwin.lib.darwinSystem {
dark = true; dark = true;
}; };
mail.user = globals.user; mail.user = globals.user;
atuin.enable = true;
charm.enable = true; charm.enable = true;
neovim.enable = true; neovim.enable = true;
mail.enable = true; mail.enable = true;
@ -45,16 +34,13 @@ inputs.darwin.lib.darwinSystem {
discord.enable = true; discord.enable = true;
firefox.enable = true; firefox.enable = true;
dotfiles.enable = true; dotfiles.enable = true;
nixlang.enable = true;
terraform.enable = true; terraform.enable = true;
python.enable = true; python.enable = true;
rust.enable = true;
lua.enable = true; lua.enable = true;
obsidian.enable = true;
kubernetes.enable = true; kubernetes.enable = true;
_1password.enable = true; _1password.enable = true;
slack.enable = true; slack.enable = true;
wezterm.enable = true;
yt-dlp.enable = true;
} }
]; ];
} }

20
hosts/staff/default.nix
View File

@ -1,18 +1,12 @@
# The Staff # The Staff
# ISO configuration for my USB drive # ISO configuration for my USB drive
{ { inputs, system, overlays, ... }:
inputs,
system,
overlays,
...
}:
inputs.nixos-generators.nixosGenerate { inputs.nixos-generators.nixosGenerate {
inherit system; inherit system;
format = "install-iso"; format = "install-iso";
modules = [ modules = [{
{
nixpkgs.overlays = overlays; nixpkgs.overlays = overlays;
networking.hostName = "staff"; networking.hostName = "staff";
users.extraUsers.root.openssh.authorizedKeys.keys = [ users.extraUsers.root.openssh.authorizedKeys.keys = [
@ -30,11 +24,8 @@ inputs.nixos-generators.nixosGenerate {
}; };
}; };
environment.systemPackages = environment.systemPackages =
let let pkgs = import inputs.nixpkgs { inherit system overlays; };
pkgs = import inputs.nixpkgs { inherit system overlays; }; in with pkgs; [
in
with pkgs;
[
git git
vim vim
wget wget
@ -48,6 +39,5 @@ inputs.nixos-generators.nixosGenerate {
experimental-features = nix-command flakes experimental-features = nix-command flakes
warn-dirty = false warn-dirty = false
''; '';
} }];
];
} }

64
hosts/swan/default.nix
View File

@ -1,19 +1,11 @@
# The Swan # The Swan
# System configuration for my home NAS server # System configuration for my home NAS server
{ { inputs, globals, overlays, ... }:
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem rec { inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = { };
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = [ modules = [
globals globals
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
@ -29,13 +21,8 @@ inputs.nixpkgs.lib.nixosSystem rec {
networking.hostName = "swan"; networking.hostName = "swan";
# Not sure what's necessary but too afraid to remove anything # Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules =
"xhci_pci" [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
"ahci"
"nvme"
"usb_storage"
"sd_mod"
];
# Required for transcoding # Required for transcoding
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
@ -67,27 +54,8 @@ inputs.nixpkgs.lib.nixosSystem rec {
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; }); devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
}; };
zramSwap.enable = true;
swapDevices = [
{
device = "/swapfile";
size = 4 * 1024; # 4 GB
}
];
boot.zfs = {
# Automatically load the ZFS pool on boot # Automatically load the ZFS pool on boot
extraPools = [ "tank" ]; boot.zfs.extraPools = [ "tank" ];
# Only try to decrypt datasets with keyfiles
requestEncryptionCredentials = [
"tank/archive"
"tank/generic"
"tank/nextcloud"
"tank/generic/git"
];
# If password is requested and fails, continue to boot eventually
passwordTimeout = 300;
};
# Theming # Theming
@ -95,21 +63,15 @@ inputs.nixpkgs.lib.nixosSystem rec {
gui.enable = false; gui.enable = false;
# Still require colors for programs like Neovim, K9S # Still require colors for programs like Neovim, K9S
theme = { theme = { colors = (import ../../colorscheme/gruvbox).dark; };
colors = (import ../../colorscheme/gruvbox-dark).dark;
};
# Programs and services # Programs and services
atuin.enable = true;
neovim.enable = true; neovim.enable = true;
cloudflare.enable = true; cloudflare.enable = true;
dotfiles.enable = true; dotfiles.enable = true;
arrs.enable = true; arrs.enable = true;
filebrowser.enable = true;
services.audiobookshelf.enable = true;
services.bind.enable = true; services.bind.enable = true;
services.caddy.enable = true; services.caddy.enable = true;
services.immich.enable = true;
services.jellyfin.enable = true; services.jellyfin.enable = true;
services.nextcloud.enable = true; services.nextcloud.enable = true;
services.calibre-web.enable = true; services.calibre-web.enable = true;
@ -117,16 +79,14 @@ inputs.nixpkgs.lib.nixosSystem rec {
services.prometheus.enable = false; services.prometheus.enable = false;
services.vmagent.enable = true; services.vmagent.enable = true;
services.samba.enable = true; services.samba.enable = true;
services.paperless.enable = true;
services.postgresql.enable = true;
system.autoUpgrade.enable = false;
# Allows private remote access over the internet # Allows private remote access over the internet
cloudflareTunnel = { cloudflareTunnel = {
enable = true; enable = true;
id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2"; id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
credentialsFile = ../../private/cloudflared-swan.age; credentialsFile = ../../private/cloudflared-swan.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org"; ca =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
}; };
# Send regular backups and litestream for DBs to an S3-like bucket # Send regular backups and litestream for DBs to an S3-like bucket
@ -134,13 +94,11 @@ inputs.nixpkgs.lib.nixosSystem rec {
endpoint = "s3.us-west-002.backblazeb2.com"; endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup"; bucket = "noahmasur-backup";
accessKeyId = "0026b0e73b2e2c80000000005"; accessKeyId = "0026b0e73b2e2c80000000005";
resticBucket = "noahmasur-restic";
}; };
# Disable passwords, only use SSH key # Disable passwords, only use SSH key
publicKeys = [ publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
];
} }
]; ];
} }

43
hosts/tempest/default.nix
View File

@ -1,19 +1,10 @@
# The Tempest # The Tempest
# System configuration for my desktop # System configuration for my desktop
{ { inputs, globals, overlays, ... }:
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem rec { inputs.nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = [ modules = [
globals globals
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
@ -27,26 +18,14 @@ inputs.nixpkgs.lib.nixosSystem rec {
networking.hostName = "tempest"; networking.hostName = "tempest";
# Not sure what's necessary but too afraid to remove anything # Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules =
"nvme" [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
# Graphics and VMs # Graphics and VMs
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
services.xserver.videoDrivers = [ "amdgpu" ]; services.xserver.videoDrivers = [ "amdgpu" ];
# I don't think I need this?
# boot.kernelParams = [
# "video=DP-0:2560x1440@165"
# "video=DP-1:1920x1080@60"
# ];
# Required binary blobs to boot on this machine # Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
@ -104,7 +83,6 @@ inputs.nixpkgs.lib.nixosSystem rec {
gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark"; gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark";
# Programs and services # Programs and services
atuin.enable = true;
charm.enable = true; charm.enable = true;
neovim.enable = true; neovim.enable = true;
media.enable = true; media.enable = true;
@ -120,34 +98,35 @@ inputs.nixpkgs.lib.nixosSystem rec {
mail.himalaya.enable = true; mail.himalaya.enable = true;
keybase.enable = true; keybase.enable = true;
mullvad.enable = false; mullvad.enable = false;
rust.enable = true; nixlang.enable = true;
terraform.enable = true;
wezterm.enable = true;
yt-dlp.enable = true; yt-dlp.enable = true;
gaming = { gaming = {
dwarf-fortress.enable = true; dwarf-fortress.enable = true;
enable = true; enable = true;
steam.enable = true; steam.enable = true;
moonlight.enable = true;
legendary.enable = true; legendary.enable = true;
lutris.enable = true; lutris.enable = true;
leagueoflegends.enable = true;
ryujinx.enable = true; ryujinx.enable = true;
}; };
services.vmagent.enable = true; # Enables Prometheus metrics services.vmagent.enable = true; # Enables Prometheus metrics
services.openssh.enable = true; # Required for Cloudflare tunnel and identity file services.openssh.enable =
true; # Required for Cloudflare tunnel and identity file
# Allows private remote access over the internet # Allows private remote access over the internet
cloudflareTunnel = { cloudflareTunnel = {
enable = true; enable = true;
id = "ac133a82-31fb-480c-942a-cdbcd4c58173"; id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
credentialsFile = ../../private/cloudflared-tempest.age; credentialsFile = ../../private/cloudflared-tempest.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org"; ca =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
}; };
# Allows requests to force machine to wake up # Allows requests to force machine to wake up
# This network interface might change, needs to be set specifically for each machine. # This network interface might change, needs to be set specifically for each machine.
# Or set usePredictableInterfaceNames = false # Or set usePredictableInterfaceNames = false
networking.interfaces.enp5s0.wakeOnLan.enable = true; networking.interfaces.enp5s0.wakeOnLan.enable = true;
} }
]; ];
} }

1
misc/public-keys
View File

@ -4,4 +4,3 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI flame ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI flame
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9mwXlZnIALt9SnH3FOZvdgHLM5ZqwYUERXBbM7Rwh6 swan ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9mwXlZnIALt9SnH3FOZvdgHLM5ZqwYUERXBbM7Rwh6 swan
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3yHivgEXr2ecwe58h9bkhwTYivf3GwL8xenQKMeiUb tempest ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3yHivgEXr2ecwe58h9bkhwTYivf3GwL8xenQKMeiUb tempest
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmGHIWBZzRx35/yFgnPJSHN2+35WJ30G9c5tDhPsCrl arrow

9
modules/aws/default.nix
View File

@ -1,9 +0,0 @@
{ ... }:
{
# AWS settings require this
permitRootLogin = "prohibit-password";
# Make sure disk size is large enough
# https://github.com/nix-community/nixos-generators/issues/150
amazonImage.sizeMB = 16 * 1024;
}

33
modules/common/applications/1password.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
_1password = { _1password = {
@ -15,27 +9,12 @@
}; };
}; };
config = lib.mkIf (config.gui.enable && config._1password.enable) { config = lib.mkIf
unfreePackages = [ (config.gui.enable && config._1password.enable && pkgs.stdenv.isLinux) {
"1password" unfreePackages = [ "1password" "_1password-gui" ];
"_1password-gui"
"1password-cli"
];
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
home.packages = [ home.packages = with pkgs; [ _1password-gui ];
pkgs._1password-cli };
] ++ (if pkgs.stdenv.isLinux then [ pkgs._1password-gui ] else [ ]);
}; };
# https://1password.community/discussion/135462/firefox-extension-does-not-connect-to-linux-app
# On Mac, does not apply: https://1password.community/discussion/142794/app-and-browser-integration
# However, the button doesn't work either:
# https://1password.community/discussion/140735/extending-support-for-trusted-web-browsers
environment.etc."1password/custom_allowed_browsers".text = ''
${
config.home-manager.users.${config.user}.programs.firefox.package
}/Applications/Firefox.app/Contents/MacOS/firefox
firefox
'';
};
} }

12
modules/common/applications/alacritty.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
alacritty = { alacritty = {
@ -34,9 +28,7 @@
opacity = 1.0; opacity = 1.0;
}; };
scrolling.history = 10000; scrolling.history = 10000;
font = { font = { size = 14.0; };
size = 14.0;
};
key_bindings = [ key_bindings = [
# Used for word completion in fish_user_key_bindings # Used for word completion in fish_user_key_bindings
{ {

5
modules/common/applications/default.nix
View File

@ -1,5 +1,4 @@
{ ... }: { ... }: {
{
imports = [ imports = [
./1password.nix ./1password.nix
@ -11,7 +10,7 @@
./obsidian.nix ./obsidian.nix
./qbittorrent.nix ./qbittorrent.nix
./slack.nix ./slack.nix
./wezterm.nix
./yt-dlp.nix ./yt-dlp.nix
]; ];
} }

10
modules/common/applications/discord.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
discord = { discord = {
@ -17,8 +11,8 @@
config = lib.mkIf (config.gui.enable && config.discord.enable) { config = lib.mkIf (config.gui.enable && config.discord.enable) {
unfreePackages = [ "discord" ]; unfreePackages = [ "discord" ];
environment.systemPackages = [ pkgs.discord ];
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
home.packages = with pkgs; [ discord ];
xdg.configFile."discord/settings.json".text = '' xdg.configFile."discord/settings.json".text = ''
{ {
"BACKGROUND_COLOR": "#202225", "BACKGROUND_COLOR": "#202225",

91
modules/common/applications/firefox.nix
View File

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
{ {
@ -21,58 +16,65 @@
unfreePackages = [ unfreePackages = [
(lib.mkIf config._1password.enable "onepassword-password-manager") (lib.mkIf config._1password.enable "onepassword-password-manager")
"okta-browser-plugin" "okta-browser-plugin"
"wappalyzer"
]; ];
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = if pkgs.stdenv.isDarwin then pkgs.firefox-bin else pkgs.firefox; package =
if pkgs.stdenv.isDarwin then pkgs.firefox-bin else pkgs.firefox;
profiles.default = { profiles.default = {
id = 0; id = 0;
name = "default"; name = "default";
isDefault = true; isDefault = true;
# https://nur.nix-community.org/repos/rycee/
extensions = with pkgs.nur.repos.rycee.firefox-addons; [ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
(lib.mkIf config._1password.enable onepassword-password-manager) ublock-origin
darkreader vimium
don-t-fuck-with-paste
facebook-container
markdownload
multi-account-containers multi-account-containers
facebook-container
(lib.mkIf config._1password.enable onepassword-password-manager)
okta-browser-plugin okta-browser-plugin
sponsorblock
reddit-enhancement-suite reddit-enhancement-suite
return-youtube-dislikes return-youtube-dislikes
sponsorblock markdownload
ublock-origin darkreader
ublacklist snowflake
vimium don-t-fuck-with-paste
i-dont-care-about-cookies
wappalyzer
]; ];
settings = { settings = {
"app.update.auto" = false; "app.update.auto" = false;
"browser.aboutConfig.showWarning" = false; "browser.aboutConfig.showWarning" = false;
"browser.warnOnQuit" = false; "browser.warnOnQuit" = false;
"browser.quitShortcut.disabled" = if pkgs.stdenv.isLinux then true else false; "browser.quitShortcut.disabled" =
if pkgs.stdenv.isLinux then true else false;
"browser.theme.dark-private-windows" = true; "browser.theme.dark-private-windows" = true;
"browser.toolbars.bookmarks.visibility" = false; "browser.toolbars.bookmarks.visibility" = false;
"browser.startup.page" = 3; # Restore previous session "browser.startup.page" = 3; # Restore previous session
"browser.newtabpage.enabled" = false; # Make new tabs blank "browser.newtabpage.enabled" = false; # Make new tabs blank
"trailhead.firstrun.didSeeAboutWelcome" = true; # Disable welcome splash "trailhead.firstrun.didSeeAboutWelcome" =
true; # Disable welcome splash
"dom.forms.autocomplete.formautofill" = false; # Disable autofill "dom.forms.autocomplete.formautofill" = false; # Disable autofill
"extensions.formautofill.creditCards.enabled" = false; # Disable credit cards "extensions.formautofill.creditCards.enabled" =
false; # Disable credit cards
"dom.payments.defaults.saveAddress" = false; # Disable address save "dom.payments.defaults.saveAddress" = false; # Disable address save
"general.autoScroll" = true; # Drag middle-mouse to scroll "general.autoScroll" = true; # Drag middle-mouse to scroll
"services.sync.prefs.sync.general.autoScroll" = false; # Prevent disabling autoscroll "services.sync.prefs.sync.general.autoScroll" =
false; # Prevent disabling autoscroll
"extensions.pocket.enabled" = false; "extensions.pocket.enabled" = false;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Allow userChrome.css "toolkit.legacyUserProfileCustomizations.stylesheets" =
true; # Allow userChrome.css
"layout.css.color-mix.enabled" = true; "layout.css.color-mix.enabled" = true;
"ui.systemUsesDarkTheme" = if config.theme.dark == true then 1 else 0; "ui.systemUsesDarkTheme" =
"media.ffmpeg.vaapi.enabled" = true; # Enable hardware video acceleration if config.theme.dark == true then 1 else 0;
"media.ffmpeg.vaapi.enabled" =
true; # Enable hardware video acceleration
"cookiebanners.ui.desktop.enabled" = true; # Reject cookie popups "cookiebanners.ui.desktop.enabled" = true; # Reject cookie popups
"devtools.command-button-screenshot.enabled" = true; # Scrolling screenshot of entire page
"svg.context-properties.content.enabled" = true; # Sidebery styling "svg.context-properties.content.enabled" = true; # Sidebery styling
"browser.tabs.hoverPreview.enabled" = false; # Disable tab previews
"browser.tabs.hoverPreview.showThumbnails" = false; # Disable tab previews
}; };
userChrome = '' userChrome = ''
:root { :root {
@ -113,7 +115,7 @@
background-color: ${config.theme.colors.base00}; background-color: ${config.theme.colors.base00};
color: ${config.theme.colors.base06} !important; color: ${config.theme.colors.base06} !important;
} }
.tab-content[selected] { .tab-content[selected=true] {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent); border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent);
background-color: ${config.theme.colors.base01} !important; background-color: ${config.theme.colors.base01} !important;
color: ${config.theme.colors.base07} !important; color: ${config.theme.colors.base07} !important;
@ -157,47 +159,28 @@
extraConfig = ""; extraConfig = "";
}; };
};
# Mimic nixpkgs package environment for read-only profiles.ini management
# From: https://github.com/booxter/home-manager/commit/dd1602e306fec366280f5953c5e1b553e3d9672a
home.sessionVariables = {
MOZ_LEGACY_PROFILES = 1;
MOZ_ALLOW_DOWNGRADE = 1;
};
# launchd.user.envVariables = config.home-manager.users.${config.user}.home.sessionVariables;
xdg.mimeApps = {
associations.added = {
"text/html" = [ "firefox.desktop" ];
};
defaultApplications = {
"text/html" = [ "firefox.desktop" ];
};
associations.removed = {
"text/html" = [ "wine-extension-htm.desktop" ];
};
}; };
xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux { xsession.windowManager.i3.config.keybindings =
lib.mkIf pkgs.stdenv.isLinux {
"${ "${
config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier
}+Shift+b" = "exec ${ }+Shift+b" = "exec ${
# Don't name the script `firefox` or it will affect grep # Don't name the script `firefox` or it will affect grep
builtins.toString ( builtins.toString (pkgs.writeShellScript "focus-ff.sh" ''
pkgs.writeShellScript "focus-ff.sh" ''
count=$(ps aux | grep -c firefox) count=$(ps aux | grep -c firefox)
if [ "$count" -eq 1 ]; then if [ "$count" -eq 1 ]; then
i3-msg "exec --no-startup-id firefox" i3-msg "exec --no-startup-id firefox"
sleep 0.5 sleep 0.5
fi fi
i3-msg "[class=firefox] focus" i3-msg "[class=firefox] focus"
'' '')
)
}"; }";
}; };
}; };
}; };
} }

36
modules/common/applications/kitty.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
kitty = { kitty = {
@ -19,28 +13,26 @@
# Set the Rofi-Systemd terminal for viewing logs # Set the Rofi-Systemd terminal for viewing logs
# Using optionalAttrs because only available in NixOS # Using optionalAttrs because only available in NixOS
environment = environment = { } // lib.attrsets.optionalAttrs
{ } (builtins.hasAttr "sessionVariables" config.environment) {
// lib.attrsets.optionalAttrs (builtins.hasAttr "sessionVariables" config.environment) { sessionVariables.ROFI_SYSTEMD_TERM = "${pkgs.kitty}/bin/kitty";
sessionVariables.ROFI_SYSTEMD_TERM = lib.mkDefault "${pkgs.kitty}/bin/kitty";
}; };
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
# Set the i3 terminal # Set the i3 terminal
xsession.windowManager.i3.config.terminal = lib.mkIf pkgs.stdenv.isLinux "kitty"; xsession.windowManager.i3.config.terminal =
lib.mkIf pkgs.stdenv.isLinux "kitty";
# Set the Rofi terminal for running programs # Set the Rofi terminal for running programs
programs.rofi.terminal = lib.mkIf pkgs.stdenv.isLinux (lib.mkDefault "${pkgs.kitty}/bin/kitty"); programs.rofi.terminal =
lib.mkIf pkgs.stdenv.isLinux "${pkgs.kitty}/bin/kitty";
# Display images in the terminal # Display images in the terminal
programs.fish.interactiveShellInit = # fish programs.fish.shellAliases = {
'' icat = "kitty +kitten icat";
if test "$TERM" = "xterm-kitty" ssh = "kitty +kitten ssh";
alias icat="kitty +kitten icat" };
alias ssh="kitty +kitten ssh"
end
'';
programs.kitty = { programs.kitty = {
enable = true; enable = true;
@ -100,8 +92,8 @@
color21 = config.theme.colors.base06; color21 = config.theme.colors.base06;
# Scrollback # Scrollback
scrollback_lines = 10000; scrolling_lines = 10000;
scrollback_pager_history_size = 300; # MB scrollback_pager_history_size = 10; # MB
# Window # Window
window_padding_width = 6; window_padding_width = 6;

18
modules/common/applications/media.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
media = { media = {
@ -46,22 +40,20 @@
associations.added = { associations.added = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ]; "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/jpeg" = [ "nsxiv.desktop" ]; "image/jpeg" = [ "nsxiv.desktop" ];
"image/png" = [ "nsxiv.desktop" ];
"image/*" = [ "nsxiv.desktop" ]; "image/*" = [ "nsxiv.desktop" ];
}; };
associations.removed = { associations.removed = {
"application/pdf" = [ "application/pdf" = [ "mupdf.desktop" "wine-extension-pdf.desktop" ];
"mupdf.desktop"
"wine-extension-pdf.desktop"
];
}; };
defaultApplications = { defaultApplications = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ]; "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/jpeg" = [ "nsxiv.desktop" ]; "image/jpeg" = [ "nsxiv.desktop" ];
"image/png" = [ "nsxiv.desktop" ];
"image/*" = [ "nsxiv.desktop" ]; "image/*" = [ "nsxiv.desktop" ];
}; };
}; };
}; };
}; };
} }

15
modules/common/applications/obsidian.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
obsidian = { obsidian = {
@ -21,8 +15,9 @@
home.packages = with pkgs; [ obsidian ]; home.packages = with pkgs; [ obsidian ];
}; };
# Broken on 2023-12-11 # Broken on 2023-04-16
# https://forum.obsidian.md/t/electron-25-is-now-eol-please-upgrade-to-a-newer-version/72878/8 nixpkgs.config.permittedInsecurePackages = [ "electron-21.4.0" ];
insecurePackages = [ "electron-25.9.0" ];
}; };
} }

10
modules/common/applications/qbittorrent.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
qbittorrent = { qbittorrent = {
@ -20,6 +14,8 @@
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
home.packages = with pkgs; [ qbittorrent ]; home.packages = with pkgs; [ qbittorrent ];
}; };
}; };
} }

9
modules/common/applications/slack.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
slack = { slack = {
@ -22,5 +16,4 @@
}; };
}; };
# Theme string: #1D2122,#665C54,#8EC07C,#BDAE93
} }

286
modules/common/applications/wezterm.nix
View File

@ -1,286 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
options = {
wezterm = {
enable = lib.mkEnableOption {
description = "Enable WezTerm terminal.";
default = false;
};
};
};
config =
let
font = config.home-manager.users.${config.user}.programs.kitty.font.name;
in
lib.mkIf (config.gui.enable && config.wezterm.enable) {
# Set the Rofi-Systemd terminal for viewing logs
# Using optionalAttrs because only available in NixOS
environment =
{ }
// lib.attrsets.optionalAttrs (builtins.hasAttr "sessionVariables" config.environment) {
sessionVariables.ROFI_SYSTEMD_TERM = "${pkgs.wezterm}/bin/wezterm";
};
terminal = "${pkgs.wezterm}/bin/wezterm";
terminalLaunchCommand = "${config.terminal} start --";
home-manager.users.${config.user} = {
# Set the i3 terminal
xsession.windowManager.i3.config.terminal = lib.mkIf pkgs.stdenv.isLinux "wezterm";
# Display images in the terminal
programs.fish.shellAliases = {
icat = lib.mkForce "wezterm imgcat";
};
programs.wezterm = {
enable = true;
colorSchemes = {
myTheme = {
background = config.theme.colors.base00;
foreground = config.theme.colors.base05;
cursor_bg = config.theme.colors.base05;
cursor_fg = config.theme.colors.base00;
cursor_border = config.theme.colors.base05;
selection_bg = config.theme.colors.base05;
selection_fg = config.theme.colors.base00;
scrollbar_thumb = config.theme.colors.base03;
ansi = [
config.theme.colors.base01 # black
config.theme.colors.base0F # maroon
config.theme.colors.base0B # green
config.theme.colors.base0A # olive
config.theme.colors.base0D # navy
config.theme.colors.base0E # purple
config.theme.colors.base0C # teal
config.theme.colors.base06 # silver
];
brights = [
config.theme.colors.base03 # grey
config.theme.colors.base08 # red
config.theme.colors.base0B # lime
config.theme.colors.base0A # yellow
config.theme.colors.base0D # blue
config.theme.colors.base0E # fuchsia
config.theme.colors.base0C # aqua
config.theme.colors.base07 # white
];
compose_cursor = config.theme.colors.base09; # orange
copy_mode_active_highlight_bg = {
Color = config.theme.colors.base03;
};
copy_mode_active_highlight_fg = {
Color = config.theme.colors.base07;
};
copy_mode_inactive_highlight_bg = {
Color = config.theme.colors.base02;
};
copy_mode_inactive_highlight_fg = {
Color = config.theme.colors.base06;
};
quick_select_label_bg = {
Color = config.theme.colors.base02;
};
quick_select_label_fg = {
Color = config.theme.colors.base06;
};
quick_select_match_bg = {
Color = config.theme.colors.base03;
};
quick_select_match_fg = {
Color = config.theme.colors.base07;
};
};
};
extraConfig = ''
local wezterm = require("wezterm")
local config = wezterm.config_builder()
config.check_for_updates = false
config.color_scheme = "myTheme"
-- Scrollback
config.scrollback_lines = 10000
-- Window
config.window_padding = {
left = 10,
right = 10,
top = 10,
bottom = 12,
}
config.font = wezterm.font('${font}', { weight = 'Bold'})
config.font_size = ${if pkgs.stdenv.isLinux then "14.0" else "18.0"}
-- Fix color blocks instead of text
config.front_end = "WebGpu"
-- Tab Bar
config.hide_tab_bar_if_only_one_tab = true
config.window_frame = {
font = wezterm.font('${font}', { weight = 'Bold'}),
font_size = ${if pkgs.stdenv.isLinux then "12.0" else "16.0"},
}
config.colors = {
tab_bar = {
active_tab = {
bg_color = '${config.theme.colors.base00}',
fg_color = '${config.theme.colors.base04}',
},
},
}
-- Disable audio
config.audible_bell = "Disabled"
config.initial_rows = 80
config.initial_cols = 200
config.unix_domains = {
{
name = 'unix',
},
}
-- This causes `wezterm` to act as though it was started as
-- `wezterm connect unix` by default, connecting to the unix
-- domain on startup.
-- If you prefer to connect manually, leave out this line.
config.default_gui_startup_args = { 'connect', 'unix' }
config.leader = {
key = 'a',
mods = 'CTRL',
timeout_milliseconds = 2000,
}
config.keys = {
-- Attach to muxer
{
key = 'a',
mods = 'LEADER',
action = wezterm.action.AttachDomain 'unix',
},
-- Detach from muxer
{
key = 'd',
mods = 'LEADER',
action = wezterm.action.DetachDomain { DomainName = 'unix' },
},
-- sends completion string for fish autosuggestions
{
key = 'Enter',
mods = 'SHIFT',
action = wezterm.action.SendString '\x1F'
},
-- ctrl-shift-h was "hide"
{
key = 'H',
mods = 'SHIFT|CTRL',
action = wezterm.action.DisableDefaultAssignment
},
-- alt-enter was "fullscreen"
{
key = 'Enter',
mods = 'ALT',
action = wezterm.action.DisableDefaultAssignment
},
-- make super-f "fullscreen"
{
key = 'f',
mods = 'SUPER',
action = wezterm.action.ToggleFullScreen
},
-- super-t open new tab in new dir
{
key = 't',
mods = ${if pkgs.stdenv.isDarwin then "'SUPER'" else "'ALT'"},
action = wezterm.action.SpawnCommandInNewTab {
cwd = wezterm.home_dir,
},
},
-- shift-super-t open new tab in same dir
{
key = 't',
mods = 'SUPER|SHIFT',
action = wezterm.action.SpawnTab 'CurrentPaneDomain'
},
-- project switcher
{
key = 'P',
mods = 'SUPER',
action = wezterm.action_callback(function(window, pane)
local choices = {}
wezterm.log_info "working?"
function scandir(directory)
local i, t, popen = 0, {}, io.popen
local pfile = popen('${pkgs.fd}/bin/fd --search-path "'..directory..'" --type directory --exact-depth 2 | ${pkgs.proximity-sort}/bin/proximity-sort "'..os.getenv("HOME").."/dev/work"..'"')
for filename in pfile:lines() do
i = i + 1
t[i] = filename
end
pfile:close()
return t
end
for _, v in pairs(scandir(os.getenv("HOME").."/dev")) do
table.insert(choices, { label = v })
end
window:perform_action(
wezterm.action.InputSelector {
action = wezterm.action_callback(function(window, pane, id, label)
if not id and not label then
wezterm.log_info "cancelled"
else
window:perform_action(
wezterm.action.SpawnCommandInNewTab {
cwd = label,
},
pane
)
end
end),
fuzzy = true,
title = "Select Project",
choices = choices,
},
pane
)
end),
},
}
-- print the workspace name at the upper right
wezterm.on("update-right-status", function(window, pane)
window:set_right_status(window:active_workspace())
end)
-- load plugin
local workspace_switcher = wezterm.plugin.require("https://github.com/MLFlexer/smart_workspace_switcher.wezterm")
-- set path to zoxide
workspace_switcher.zoxide_path = "${pkgs.zoxide}/bin/zoxide"
-- keymaps
table.insert(config.keys, { key = "s", mods = "CTRL|SHIFT", action = workspace_switcher.switch_workspace() })
-- table.insert(config.keys, { key = "t", mods = "CTRL|SHIFT", action = wezterm.action.ShowLauncherArgs({ flags = "FUZZY|WORKSPACES" }) })
table.insert(config.keys, { key = "[", mods = "CTRL|SHIFT", action = wezterm.action.SwitchWorkspaceRelative(1) })
table.insert(config.keys, { key = "]", mods = "CTRL|SHIFT", action = wezterm.action.SwitchWorkspaceRelative(-1) })
return config
'';
};
};
};
}

11
modules/common/applications/yt-dlp.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
yt-dlp = { yt-dlp = {
@ -33,6 +27,9 @@
}; };
programs.fish.shellAbbrs.yt = "yt-dlp"; programs.fish.shellAbbrs.yt = "yt-dlp";
}; };
}; };
} }

144
modules/common/default.nix
View File

@ -1,19 +1,7 @@
{ { config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{
imports = [ imports =
./applications [ ./applications ./mail ./neovim ./programming ./repositories ./shell ];
./mail
./neovim
./programming
./repositories
./shell
];
options = { options = {
user = lib.mkOption { user = lib.mkOption {
@ -29,7 +17,8 @@
download = lib.mkOption { download = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "XDG directory for downloads"; description = "XDG directory for downloads";
default = if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads"; default =
if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads";
}; };
}; };
identityFile = lib.mkOption { identityFile = lib.mkOption {
@ -58,9 +47,10 @@
homePath = lib.mkOption { homePath = lib.mkOption {
type = lib.types.path; type = lib.types.path;
description = "Path of user's home directory."; description = "Path of user's home directory.";
default = builtins.toPath ( default = builtins.toPath (if pkgs.stdenv.isDarwin then
if pkgs.stdenv.isDarwin then "/Users/${config.user}" else "/home/${config.user}" "/Users/${config.user}"
); else
"/home/${config.user}");
}; };
dotfilesPath = lib.mkOption { dotfilesPath = lib.mkOption {
type = lib.types.path; type = lib.types.path;
@ -76,24 +66,7 @@
description = "List of unfree packages to allow."; description = "List of unfree packages to allow.";
default = [ ]; default = [ ];
}; };
insecurePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "List of insecure packages to allow.";
default = [ ];
};
hostnames = { hostnames = {
audiobooks = lib.mkOption {
type = lib.types.str;
description = "Hostname for audiobook server (Audiobookshelf).";
};
budget = lib.mkOption {
type = lib.types.str;
description = "Hostname for budgeting server (ActualBudget).";
};
files = lib.mkOption {
type = lib.types.str;
description = "Hostname for files server (Filebrowser).";
};
git = lib.mkOption { git = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Hostname for git server (Gitea)."; description = "Hostname for git server (Gitea).";
@ -102,26 +75,10 @@
type = lib.types.str; type = lib.types.str;
description = "Hostname for metrics server."; description = "Hostname for metrics server.";
}; };
minecraft = lib.mkOption {
type = lib.types.str;
description = "Hostname for Minecraft server.";
};
paperless = lib.mkOption {
type = lib.types.str;
description = "Hostname for document server (paperless-ngx).";
};
photos = lib.mkOption {
type = lib.types.str;
description = "Hostname for photo management (Immich).";
};
prometheus = lib.mkOption { prometheus = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Hostname for Prometheus server."; description = "Hostname for Prometheus server.";
}; };
influxdb = lib.mkOption {
type = lib.types.str;
description = "Hostname for InfluxDB2 server.";
};
secrets = lib.mkOption { secrets = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Hostname for passwords and secrets (Vaultwarden)."; description = "Hostname for passwords and secrets (Vaultwarden).";
@ -142,42 +99,46 @@
type = lib.types.str; type = lib.types.str;
description = "Hostname for download services."; description = "Hostname for download services.";
}; };
irc = lib.mkOption {
type = lib.types.str;
description = "Hostname for IRC services.";
};
n8n = lib.mkOption {
type = lib.types.str;
description = "Hostname for n8n automation.";
};
notifications = lib.mkOption {
type = lib.types.str;
description = "Hostname for push notification services (ntfy).";
};
status = lib.mkOption {
type = lib.types.str;
description = "Hostname for status page (Uptime-Kuma).";
};
transmission = lib.mkOption {
type = lib.types.str;
description = "Hostname for peer2peer downloads (Transmission).";
};
}; };
}; };
config = config = let stateVersion = "23.05";
let in {
stateVersion = "23.05";
in nix = {
{
# Enable features in Nix commands
extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
gc = {
automatic = true;
options = "--delete-older-than 7d";
};
settings = {
# Add community Cachix to binary cache
# Don't use with macOS because blocked by corporate firewall
builders-use-substitutes = true;
substituters = lib.mkIf (!pkgs.stdenv.isDarwin)
[ "https://nix-community.cachix.org" ];
trusted-public-keys = lib.mkIf (!pkgs.stdenv.isDarwin) [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
# Scans and hard links identical files in the store
# Not working with macOS: https://github.com/NixOS/nix/issues/7273
auto-optimise-store = lib.mkIf (!pkgs.stdenv.isDarwin) true;
};
};
# Basic common system packages for all devices # Basic common system packages for all devices
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ git vim wget curl ];
git
vim
wget
curl
];
# Use the system-level nixpkgs instead of Home Manager's # Use the system-level nixpkgs instead of Home Manager's
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
@ -188,24 +149,13 @@
# Allow specified unfree packages (identified elsewhere) # Allow specified unfree packages (identified elsewhere)
# Retrieves package object based on string name # Retrieves package object based on string name
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.unfreePackages; nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) config.unfreePackages;
# Allow specified insecure packages (identified elsewhere)
nixpkgs.config.permittedInsecurePackages = config.insecurePackages;
# Pin a state version to prevent warnings # Pin a state version to prevent warnings
home-manager.users.${config.user}.home.stateVersion = stateVersion;
home-manager.users.root.home.stateVersion = stateVersion; home-manager.users.root.home.stateVersion = stateVersion;
# Fix for running home-manager against the repo directly
# See: https://github.com/nix-community/home-manager/issues/2033
home-manager.users.${config.user} = {
home.stateVersion = stateVersion;
news = {
display = "silent";
entries = lib.mkForce [ ];
json = lib.mkForce { "output" = { }; };
};
}; };
};
} }

58
modules/common/mail/aerc.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options.mail.aerc.enable = lib.mkEnableOption "Aerc email."; options.mail.aerc.enable = lib.mkEnableOption "Aerc email.";
@ -74,16 +68,14 @@
"!" = ":term<space>"; "!" = ":term<space>";
"|" = ":pipe<space>"; "|" = ":pipe<space>";
"/" = ":search<space>-a<space>"; "/" = ":search<space>";
"\\" = ":filter <space>"; "\\" = ":filter <space>";
n = ":next-result<Enter>"; n = ":next-result<Enter>";
N = ":prev-result<Enter>"; N = ":prev-result<Enter>";
"<Esc>" = ":clear<Enter>"; "<Esc>" = ":clear<Enter>";
}; };
"messages:folder=Drafts" = { "messages:folder=Drafts" = { "<Enter>" = ":recall<Enter>"; };
"<Enter>" = ":recall<Enter>";
};
view = { view = {
"/" = ":toggle-key-passthrough <Enter> /"; "/" = ":toggle-key-passthrough <Enter> /";
@ -156,24 +148,21 @@
"<C-p>" = ":prev-tab<Enter>"; "<C-p>" = ":prev-tab<Enter>";
"<C-n>" = ":next-tab<Enter>"; "<C-n>" = ":next-tab<Enter>";
}; };
}; };
extraConfig = { extraConfig = {
general = { general.unsafe-accounts-conf = true;
unsafe-accounts-conf = true; viewer = { pager = "${pkgs.less}/bin/less -R"; };
# log-file = "~/.cache/aerc.log";
# log-level = "debug";
};
viewer = {
pager = "${pkgs.less}/bin/less -R";
};
filters = { filters = {
"text/plain" = "${pkgs.aerc}/libexec/aerc/filters/colorize"; "text/plain" = "${pkgs.aerc}/libexec/aerc/filters/colorize";
"text/calendar" = "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/libexec/aerc/filters/calendar"; "text/calendar" =
"${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/libexec/aerc/filters/calendar";
"text/html" = "text/html" =
"${pkgs.aerc}/libexec/aerc/filters/html | ${pkgs.aerc}/libexec/aerc/filters/colorize"; # Requires w3m, dante "${pkgs.aerc}/libexec/aerc/filters/html | ${pkgs.aerc}/libexec/aerc/filters/colorize"; # Requires w3m, dante
# "text/*" = # "text/*" =
# ''${pkgs.bat}/bin/bat -fP --file-name="$AERC_FILENAME "''; # ''${pkgs.bat}/bin/bat -fP --file-name="$AERC_FILENAME "'';
"message/delivery-status" = "${pkgs.aerc}/libexec/aerc/filters/colorize"; "message/delivery-status" =
"${pkgs.aerc}/libexec/aerc/filters/colorize";
"message/rfc822" = "${pkgs.aerc}/libexec/aerc/filters/colorize"; "message/rfc822" = "${pkgs.aerc}/libexec/aerc/filters/colorize";
"application/x-sh" = "${pkgs.bat}/bin/bat -fP -l sh"; "application/x-sh" = "${pkgs.bat}/bin/bat -fP -l sh";
"application/pdf" = "${pkgs.zathura}/bin/zathura -"; "application/pdf" = "${pkgs.zathura}/bin/zathura -";
@ -187,34 +176,33 @@
extraAccounts = { extraAccounts = {
check-mail = "5m"; check-mail = "5m";
check-mail-cmd = "${pkgs.isync}/bin/mbsync -a"; check-mail-cmd = "${pkgs.isync}/bin/mbsync -a";
check-mail-timeout = "15s";
}; };
}; };
xdg.desktopEntries.aerc = lib.mkIf (pkgs.stdenv.isLinux && config.gui.enable) { xdg.desktopEntries.aerc = lib.mkIf pkgs.stdenv.isLinux {
name = "aerc"; name = "aerc";
exec = "${config.terminalLaunchCommand} aerc %u"; exec = "kitty aerc %u";
}; };
xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux { xsession.windowManager.i3.config.keybindings =
"${config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier}+Shift+e" = lib.mkIf pkgs.stdenv.isLinux {
"exec ${ "${
config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier
}+Shift+e" = "exec ${
# Don't name the script `aerc` or it will affect grep # Don't name the script `aerc` or it will affect grep
builtins.toString ( builtins.toString (pkgs.writeShellScript "focus-mail.sh" ''
pkgs.writeShellScript "focus-mail.sh" ''
count=$(ps aux | grep -c aerc) count=$(ps aux | grep -c aerc)
if [ "$count" -eq 1 ]; then if [ "$count" -eq 1 ]; then
i3-msg "exec --no-startup-id ${config.terminal} start --class aerc -- aerc" i3-msg "exec --no-startup-id kitty --class aerc aerc"
sleep 0.25 sleep 0.25
fi fi
i3-msg "[class=aerc] focus" i3-msg "[class=aerc] focus"
'' '')
)
}"; }";
}; };
programs.fish.shellAbbrs = { programs.fish.shellAbbrs = { ae = "aerc"; };
ae = "aerc";
};
}; };
}; };
} }

48
modules/common/mail/default.nix
View File

@ -1,16 +1,6 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
imports = [ imports = [ ./himalaya.nix ./aerc.nix ./system.nix ];
./himalaya.nix
./aerc.nix
./system.nix
];
options = { options = {
mail.enable = lib.mkEnableOption "Mail service."; mail.enable = lib.mkEnableOption "Mail service.";
@ -36,9 +26,7 @@
config = lib.mkIf config.mail.enable { config = lib.mkIf config.mail.enable {
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.mbsync = { programs.mbsync = { enable = true; };
enable = true;
};
# Automatically check for mail and keep files synced locally # Automatically check for mail and keep files synced locally
services.mbsync = lib.mkIf pkgs.stdenv.isLinux { services.mbsync = lib.mkIf pkgs.stdenv.isLinux {
@ -56,11 +44,8 @@
# Better local mail search # Better local mail search
programs.notmuch = { programs.notmuch = {
enable = true; enable = true;
new.ignore = [ new.ignore =
".mbsyncstate.lock" [ ".mbsyncstate.lock" ".mbsyncstate.journal" ".mbsyncstate.new" ];
".mbsyncstate.journal"
".mbsyncstate.new"
];
}; };
accounts.email = { accounts.email = {
@ -69,11 +54,8 @@
maildirBasePath = "${config.homePath}/mail"; maildirBasePath = "${config.homePath}/mail";
accounts = { accounts = {
home = home = let address = "${config.mail.user}@${config.mail.server}";
let in {
address = "${config.mail.user}@${config.mail.server}";
in
{
userName = address; userName = address;
realName = config.fullName; realName = config.fullName;
primary = true; primary = true;
@ -98,15 +80,13 @@
enable = true; enable = true;
boxes = [ "Inbox" ]; boxes = [ "Inbox" ];
onNotify = "${pkgs.isync}/bin/mbsync -a"; onNotify = "${pkgs.isync}/bin/mbsync -a";
onNotifyPost = onNotifyPost = lib.mkIf
lib.mkIf config.home-manager.users.${config.user}.services.dunst.enable config.home-manager.users.${config.user}.services.dunst.enable
"${pkgs.libnotify}/bin/notify-send 'New mail arrived'"; "${pkgs.libnotify}/bin/notify-send 'New mail arrived'";
}; };
# Name of the directory in maildir for this account # Name of the directory in maildir for this account
maildir = { maildir = { path = "main"; };
path = "main";
};
# Bi-directional syncing options for local files # Bi-directional syncing options for local files
mbsync = { mbsync = {
@ -124,7 +104,11 @@
notmuch.enable = true; notmuch.enable = true;
# Used to login and send and receive emails # Used to login and send and receive emails
passwordCommand = "${pkgs.age}/bin/age --decrypt --identity ~/.ssh/id_ed25519 ${pkgs.writeText "mailpass.age" (builtins.readFile ../../../private/mailpass.age)}"; passwordCommand =
"${pkgs.age}/bin/age --decrypt --identity ~/.ssh/id_ed25519 ${
pkgs.writeText "mailpass.age"
(builtins.readFile ../../../private/mailpass.age)
}";
smtp = { smtp = {
host = config.mail.smtpHost; host = config.mail.smtpHost;
@ -134,6 +118,8 @@
}; };
}; };
}; };
}; };
}; };
} }

15
modules/common/mail/himalaya.nix
View File

@ -1,5 +1,4 @@
{ config, lib, ... }: { config, lib, ... }: {
{
options.mail.himalaya.enable = lib.mkEnableOption "Himalaya email."; options.mail.himalaya.enable = lib.mkEnableOption "Himalaya email.";
@ -7,20 +6,20 @@
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.himalaya = { programs.himalaya = { enable = true; };
enable = true;
};
accounts.email.accounts.home.himalaya = { accounts.email.accounts.home.himalaya = {
enable = true; enable = true;
backend = "imap";
sender = "smtp";
settings = { settings = {
downloads-dir = config.userDirs.download; downloads-dir = config.userDirs.download;
smtp-insecure = true; smtp-insecure = true;
}; };
}; };
programs.fish.shellAbbrs = { programs.fish.shellAbbrs = { hi = "himalaya"; };
hi = "himalaya";
};
}; };
}; };
} }

23
modules/common/mail/system.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
config = lib.mkIf (config.mail.enable || config.server) { config = lib.mkIf (config.mail.enable || config.server) {
@ -14,15 +8,17 @@
# The system user for sending automatic notifications # The system user for sending automatic notifications
accounts.email.accounts.system = accounts.email.accounts.system =
let let address = "system@${config.mail.server}";
address = "system@${config.mail.server}"; in {
in
{
userName = address; userName = address;
realName = "NixOS System"; realName = "NixOS System";
primary = !config.mail.enable; # Only primary if mail not enabled primary = !config.mail.enable; # Only primary if mail not enabled
inherit address; inherit address;
passwordCommand = "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${pkgs.writeText "mailpass-system.age" (builtins.readFile ../../../private/mailpass-system.age)}"; passwordCommand =
"${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
pkgs.writeText "mailpass-system.age"
(builtins.readFile ../../../private/mailpass-system.age)
}";
msmtp.enable = true; msmtp.enable = true;
smtp = { smtp = {
host = config.mail.smtpHost; host = config.mail.smtpHost;
@ -30,6 +26,9 @@
tls.enable = true; tls.enable = true;
}; };
}; };
}; };
}; };
} }

3
modules/common/neovim/config/align.nix
View File

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# Plugin for aligning text programmatically # Plugin for aligning text programmatically

11
modules/common/neovim/config/bufferline.nix
View File

@ -1,22 +1,19 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# Shows buffers in a VSCode-style tab layout # Shows buffers in a VSCode-style tab layout
plugins = [ plugins = [
pkgs.vimPlugins.bufferline-nvim pkgs.vimPlugins.bufferline-nvim
pkgs.vimPlugins.vim-bbye # Better closing of buffers pkgs.vimPlugins.vim-bbye # Better closing of buffers
pkgs.vimPlugins.snipe-nvim # Jump between open buffers
]; ];
setup.bufferline = { setup.bufferline = {
options = { options = {
diagnostics = "nvim_lsp"; diagnostics = "nvim_lsp";
always_show_bufferline = false; always_show_bufferline = false;
separator_style = "slant"; separator_style = "slant";
offsets = [ { filetype = "NvimTree"; } ]; offsets = [{ filetype = "NvimTree"; }];
}; };
}; };
setup.snipe = { };
lua = '' lua = ''
-- Move buffers -- Move buffers
vim.keymap.set("n", "L", ":BufferLineCycleNext<CR>", { silent = true }) vim.keymap.set("n", "L", ":BufferLineCycleNext<CR>", { silent = true })
@ -24,7 +21,5 @@
-- Kill buffer -- Kill buffer
vim.keymap.set("n", "<Leader>x", " :Bdelete<CR>", { silent = true }) vim.keymap.set("n", "<Leader>x", " :Bdelete<CR>", { silent = true })
'';
-- Jump to buffer
vim.keymap.set("n", "gb", require("snipe").open_buffer_menu, { silent = true }) '';
} }

11
modules/common/neovim/config/colors.nix
View File

@ -1,10 +1,4 @@
{ { pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{
# Sets Neovim colors based on Nix colorscheme # Sets Neovim colors based on Nix colorscheme
@ -14,7 +8,7 @@
}; };
config = { config = {
plugins = [ pkgs.vimPlugins.base16-nvim ]; plugins = [ pkgs.vimPlugins.nvim-base16 ];
setup.base16-colorscheme = config.colors; setup.base16-colorscheme = config.colors;
# Telescope isn't working, shut off for now # Telescope isn't working, shut off for now
@ -24,4 +18,5 @@
} }
''; '';
}; };
} }

93
modules/common/neovim/config/completion.nix
View File

@ -1,8 +1,6 @@
{ pkgs, dsl, ... }: { pkgs, dsl, ... }: {
{
plugins = [ plugins = [
pkgs.vimPlugins.nvim-cmp
pkgs.vimPlugins.cmp-nvim-lsp pkgs.vimPlugins.cmp-nvim-lsp
pkgs.vimPlugins.cmp-buffer pkgs.vimPlugins.cmp-buffer
pkgs.vimPlugins.cmp-path pkgs.vimPlugins.cmp-path
@ -11,6 +9,7 @@
pkgs.vimPlugins.luasnip pkgs.vimPlugins.luasnip
pkgs.vimPlugins.cmp_luasnip pkgs.vimPlugins.cmp_luasnip
pkgs.vimPlugins.cmp-rg pkgs.vimPlugins.cmp-rg
pkgs.vimPlugins.friendly-snippets
]; ];
use.cmp.setup = dsl.callWith { use.cmp.setup = dsl.callWith {
@ -25,23 +24,30 @@
end end
''; '';
# Enable Luasnip snippet completion
snippet.expand = dsl.rawLua ''
function(args)
require("luasnip").lsp_expand(args.body)
end
'';
# Basic completion keybinds # Basic completion keybinds
mapping = { mapping = {
"['<C-n>']" = "['<C-n>']" = dsl.rawLua
dsl.rawLua "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })"; "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert })";
"['<C-p>']" = "['<C-p>']" = dsl.rawLua
dsl.rawLua "require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })"; "require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Insert })";
"['<Down>']" = "['<Down>']" = dsl.rawLua
dsl.rawLua "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Select }, { 'i', 'c' })"; "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Select })";
"['<Up>']" = "['<Up>']" = dsl.rawLua
dsl.rawLua "require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Select }, { 'i', 'c' })"; "require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Select })";
"['<C-d>']" = dsl.rawLua "require('cmp').mapping.scroll_docs(-4)"; "['<C-d>']" = dsl.rawLua "require('cmp').mapping.scroll_docs(-4)";
"['<C-f>']" = dsl.rawLua "require('cmp').mapping.scroll_docs(4)"; "['<C-f>']" = dsl.rawLua "require('cmp').mapping.scroll_docs(4)";
"['<C-e>']" = dsl.rawLua "require('cmp').mapping.abort()"; "['<C-e>']" = dsl.rawLua "require('cmp').mapping.abort()";
"['<C-y>']" = "['<CR>']" = dsl.rawLua
dsl.rawLua "require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Insert, select = true, }, { 'i', 'c' })"; "require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, })";
"['<C-r>']" = "['<C-r>']" = dsl.rawLua
dsl.rawLua "require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, }, { 'i', 'c' })"; "require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, })";
"['<Esc>']" = dsl.rawLua '' "['<Esc>']" = dsl.rawLua ''
function(_) function(_)
cmp.mapping({ cmp.mapping({
@ -51,7 +57,7 @@
vim.cmd("stopinsert") --- Abort and leave insert mode vim.cmd("stopinsert") --- Abort and leave insert mode
end end
''; '';
"['<C-k>']" = dsl.rawLua '' "['<C-l>']" = dsl.rawLua ''
cmp.mapping(function(_) cmp.mapping(function(_)
if require("luasnip").expand_or_jumpable() then if require("luasnip").expand_or_jumpable() then
require("luasnip").expand_or_jump() require("luasnip").expand_or_jump()
@ -64,6 +70,7 @@
sources = [ sources = [
{ name = "nvim_lua"; } # Fills in common Neovim lua functions { name = "nvim_lua"; } # Fills in common Neovim lua functions
{ name = "nvim_lsp"; } # LSP results { name = "nvim_lsp"; } # LSP results
{ name = "luasnip"; } # Snippets
{ name = "path"; } # Shell completion from current PATH { name = "path"; } # Shell completion from current PATH
{ {
name = "buffer"; # Grep for text from the current text buffer name = "buffer"; # Grep for text from the current text buffer
@ -74,19 +81,13 @@
name = "rg"; # Grep for text from the current directory name = "rg"; # Grep for text from the current directory
keyword_length = 6; keyword_length = 6;
max_item_count = 10; max_item_count = 10;
option = { option = { additional_arguments = "--ignore-case"; };
additional_arguments = "--ignore-case";
};
} }
]; ];
# Styling of the completion menu # Styling of the completion menu
formatting = { formatting = {
fields = [ fields = [ "kind" "abbr" "menu" ];
"kind"
"abbr"
"menu"
];
format = dsl.rawLua '' format = dsl.rawLua ''
function(entry, vim_item) function(entry, vim_item)
local kind_icons = { local kind_icons = {
@ -118,6 +119,7 @@
} }
vim_item.kind = string.format("%s", kind_icons[vim_item.kind]) vim_item.kind = string.format("%s", kind_icons[vim_item.kind])
vim_item.menu = ({ vim_item.menu = ({
luasnip = "[Snippet]",
buffer = "[Buffer]", buffer = "[Buffer]",
path = "[Path]", path = "[Path]",
rg = "[Grep]", rg = "[Grep]",
@ -133,46 +135,26 @@
native_menu = false; # Use cmp menu instead of Vim menu native_menu = false; # Use cmp menu instead of Vim menu
ghost_text = true; # Show preview auto-completion ghost_text = true; # Show preview auto-completion
}; };
}; };
lua' = '' lua = ''
-- Load snippets
-- Check status: :lua require("luasnip").log.open()
require("luasnip.loaders.from_vscode").lazy_load()
require("luasnip.loaders.from_vscode").lazy_load({ paths = { "${
builtins.toString pkgs.vscode-terraform-snippets
}" } })
-- Use buffer source for `/` -- Use buffer source for `/`
require('cmp').setup.cmdline("/", { require('cmp').setup.cmdline("/", {
mapping = { sources = {
['<C-n>'] = {
c = require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })
},
['<C-p>'] = {
c = require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })
},
['<C-y>'] = {
c = require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Insert, select = true, }, { 'i', 'c' })
},
['<C-r>'] = {
c = require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, }, { 'i', 'c' })
},
},
sources = require('cmp').config.sources({
{ name = "buffer", keyword_length = 5 }, { name = "buffer", keyword_length = 5 },
}), },
}) })
-- Use cmdline & path source for ':' -- Use cmdline & path source for ':'
require('cmp').setup.cmdline(":", { require('cmp').setup.cmdline(":", {
mapping = {
['<C-n>'] = {
c = require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })
},
['<C-p>'] = {
c = require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })
},
['<C-y>'] = {
c = require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Insert, select = true, }, { 'i', 'c' })
},
['<C-r>'] = {
c = require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, }, { 'i', 'c' })
},
},
sources = require('cmp').config.sources({ sources = require('cmp').config.sources({
{ name = "path" }, { name = "path" },
}, { }, {
@ -180,4 +162,5 @@
}), }),
}) })
''; '';
} }

17
modules/common/neovim/config/github.lua
View File

@ -1,17 +0,0 @@
-- Keymap to open file in GitHub web
vim.keymap.set("n", "<Leader>gr", ":!gh browse %<CR><CR>", { silent = true })
-- Pop a terminal to watch the current run
local gitwatch = require("toggleterm.terminal").Terminal:new({
cmd = "fish --interactive --init-command 'gh run watch'",
hidden = true,
direction = "float",
})
-- Set a toggle for this terminal
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
-- Keymap to toggle the run
vim.keymap.set("n", "<Leader>W", GITWATCH_TOGGLE)

3
modules/common/neovim/config/gitsigns.nix
View File

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
plugins = [ pkgs.vimPlugins.gitsigns-nvim ]; plugins = [ pkgs.vimPlugins.gitsigns-nvim ];
setup.gitsigns = { }; setup.gitsigns = { };
lua = builtins.readFile ./gitsigns.lua; lua = builtins.readFile ./gitsigns.lua;

6
modules/common/neovim/config/kubernetes.lua
View File

@ -1,6 +0,0 @@
local k9s = require("toggleterm.terminal").Terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

170
modules/common/neovim/config/lsp.nix
View File

@ -1,146 +1,76 @@
{ { pkgs, dsl, ... }: {
pkgs,
lib,
config,
dsl,
...
}:
{
# Terraform optional because non-free
options.terraform = lib.mkEnableOption "Whether to enable Terraform LSP";
options.github = lib.mkEnableOption "Whether to enable GitHub features";
options.kubernetes = lib.mkEnableOption "Whether to enable Kubernetes features";
config = {
plugins = [ plugins = [
pkgs.vimPlugins.nvim-lspconfig pkgs.vimPlugins.nvim-lspconfig
pkgs.vimPlugins.conform-nvim pkgs.vimPlugins.lsp-colors-nvim
pkgs.vimPlugins.fidget-nvim pkgs.vimPlugins.null-ls-nvim
pkgs.vimPlugins.nvim-lint
pkgs.vimPlugins.vim-table-mode
pkgs.vimPlugins.tiny-inline-diagnostic-nvim
]; ];
setup.fidget = { };
setup.tiny-inline-diagnostic = { };
use.lspconfig.lua_ls.setup = dsl.callWith { use.lspconfig.lua_ls.setup = dsl.callWith {
settings = { settings = { Lua = { diagnostics = { globals = [ "vim" "hs" ]; }; }; };
Lua = {
diagnostics = {
globals = [
"vim"
"hs"
];
};
};
};
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()"; capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
cmd = [ "${pkgs.lua-language-server}/bin/lua-language-server" ]; cmd = [ "${pkgs.lua-language-server}/bin/lua-language-server" ];
}; };
use.lspconfig.nixd.setup = dsl.callWith { use.lspconfig.nil_ls.setup = dsl.callWith {
cmd = [ "${pkgs.nixd}/bin/nixd" ]; cmd = [ "${pkgs.nil}/bin/nil" ];
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()"; capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
}; };
use.lspconfig.pyright.setup = dsl.callWith { use.lspconfig.pyright.setup = dsl.callWith {
cmd = [ cmd = [ "${pkgs.pyright}/bin/pyright-langserver" "--stdio" ];
"${pkgs.pyright}/bin/pyright-langserver"
"--stdio"
];
}; };
use.lspconfig.terraformls.setup = dsl.callWith { use.lspconfig.terraformls.setup =
cmd = dsl.callWith { cmd = [ "${pkgs.terraform-ls}/bin/terraform-ls" "serve" ]; };
if config.terraform then
[
"${pkgs.terraform-ls}/bin/terraform-ls"
"serve"
]
else
[ "echo" ];
};
use.lspconfig.rust_analyzer.setup = dsl.callWith { vim.api.nvim_create_augroup = dsl.callWith [ "LspFormatting" { } ];
cmd = [ "${pkgs.rust-analyzer}/bin/rust-analyzer" ];
settings = {
"['rust-analyzer']" = {
check = {
command = "clippy";
};
files = {
excludeDirs = [ ".direnv" ];
};
cargo = {
features = "all";
};
};
};
};
setup.conform = {
format_on_save = {
# These options will be passed to conform.format()
timeout_ms = 1500;
lsp_fallback = true;
};
formatters_by_ft = {
lua = [ "stylua" ];
python = [ "black" ];
fish = [ "fish_indent" ];
nix = [ "nixfmt" ];
rust = [ "rustfmt" ];
sh = [ "shfmt" ];
terraform = if config.terraform then [ "terraform_fmt" ] else [ ];
hcl = [ "hcl" ];
};
formatters = {
lua.command = "${pkgs.stylua}/bin/stylua";
black.command = "${pkgs.black}/bin/black";
fish_indent.command = "${pkgs.fish}/bin/fish_indent";
nixfmt.command = "${pkgs.nixfmt-rfc-style}/bin/nixfmt";
rustfmt.command = "${pkgs.rustfmt}/bin/rustfmt";
shfmt = {
command = "${pkgs.shfmt}/bin/shfmt";
prepend_args = [
"-i"
"4"
"-ci"
];
};
terraform_fmt.command = if config.terraform then "${pkgs.terraform}/bin/terraform" else "";
hcl.command = "${pkgs.hclfmt}/bin/hclfmt";
};
};
use.lint = {
linters_by_ft = dsl.toTable {
python = [ "ruff" ];
sh = [ "shellcheck" ];
};
};
vim.api.nvim_create_autocmd = dsl.callWith [
(dsl.toTable [
"BufEnter"
"BufWritePost"
])
(dsl.rawLua "{ callback = function() require('lint').try_lint() end }")
];
lua = '' lua = ''
${builtins.readFile ./lsp.lua} ${builtins.readFile ./lsp.lua}
local ruff = require('lint').linters.ruff; ruff.cmd = "${pkgs.ruff}/bin/ruff"
local shellcheck = require('lint').linters.shellcheck; shellcheck.cmd = "${pkgs.shellcheck}/bin/shellcheck"
-- Prevent infinite log size (change this when debugging) -- Prevent infinite log size (change this when debugging)
vim.lsp.set_log_level("off") vim.lsp.set_log_level("off")
-- Hide buffer diagnostics (use tiny-inline-diagnostic.nvim instead) require("null-ls").setup({
vim.diagnostic.config({ virtual_text = false }) sources = {
require("null-ls").builtins.formatting.stylua.with({ command = "${pkgs.stylua}/bin/stylua" }),
require("null-ls").builtins.formatting.black.with({ command = "${pkgs.black}/bin/black" }),
require("null-ls").builtins.diagnostics.ruff.with({ command = "${pkgs.ruff}/bin/ruff" }),
require("null-ls").builtins.formatting.fish_indent.with({ command = "${pkgs.fish}/bin/fish_indent" }),
require("null-ls").builtins.formatting.nixfmt.with({ command = "${pkgs.nixfmt}/bin/nixfmt" }),
require("null-ls").builtins.formatting.rustfmt.with({ command = "${pkgs.rustfmt}/bin/rustfmt" }),
require("null-ls").builtins.diagnostics.shellcheck.with({ command = "${pkgs.shellcheck}/bin/shellcheck" }),
require("null-ls").builtins.formatting.shfmt.with({
command = "${pkgs.shfmt}/bin/shfmt",
extra_args = { "-i", "4", "-ci" },
}),
require("null-ls").builtins.formatting.terraform_fmt.with({
command = "${pkgs.terraform}/bin/terraform",
extra_filetypes = { "hcl" },
}),
},
on_attach = function(client, bufnr)
if client.supports_method("textDocument/formatting") then
-- Auto-format on save
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = function()
vim.lsp.buf.format({ bufnr = bufnr })
end,
})
-- Use internal formatting for bindings like gq.
vim.api.nvim_create_autocmd("LspAttach", {
callback = function(args)
vim.bo[args.buf].formatexpr = nil
end,
})
end
end,
})
''; '';
};
} }

39
modules/common/neovim/config/misc.nix
View File

@ -1,28 +1,19 @@
{ { pkgs, dsl, lib, ... }: {
pkgs,
dsl,
lib,
...
}:
{
plugins = [ plugins = [
pkgs.vimPlugins.vim-surround # Keybinds for surround characters pkgs.vimPlugins.vim-surround # Keybinds for surround characters
pkgs.vimPlugins.vim-eunuch # File manipulation commands pkgs.vimPlugins.vim-eunuch # File manipulation commands
pkgs.vimPlugins.vim-fugitive # Git commands pkgs.vimPlugins.vim-fugitive # Git commands
pkgs.vimPlugins.vim-repeat # Better repeat using . pkgs.vimPlugins.vim-repeat # Better repeat using .
pkgs.vimPlugins.vim-abolish # Keep capitalization in substitute (Subvert) pkgs.vimPlugins.comment-nvim # Smart comment commands
pkgs.vimPlugins.markview-nvim # Markdown preview pkgs.vimPlugins.glow-nvim # Markdown preview popup
pkgs.vimPlugins.nvim-colorizer-lua # Hex color previews pkgs.vimPlugins.nvim-colorizer-lua # Hex color previews
pkgs.vimPlugins.which-key-nvim # Keybind helper pkgs.vimPlugins.which-key-nvim # Keybind helper
]; ];
# Initialize some plugins # Initialize some plugins
setup.colorizer = { setup.Comment = { };
user_default_options = { setup.colorizer = { };
names = false; setup.glow = { };
};
};
setup.markview = { };
setup.which-key = { }; setup.which-key = { };
vim.o = { vim.o = {
@ -41,6 +32,7 @@
scrolloff = 3; # Margin of lines to see while scrolling scrolloff = 3; # Margin of lines to see while scrolling
splitright = true; # Vertical splits on the right side splitright = true; # Vertical splits on the right side
splitbelow = true; # Horizontal splits on the bottom side splitbelow = true; # Horizontal splits on the bottom side
pastetoggle = "<F3>"; # Use F3 to enter raw paste mode
clipboard = "unnamedplus"; # Uses system clipboard for yanking clipboard = "unnamedplus"; # Uses system clipboard for yanking
updatetime = 300; # Faster diagnostics updatetime = 300; # Faster diagnostics
mouse = "nv"; # Mouse interaction / scrolling mouse = "nv"; # Mouse interaction / scrolling
@ -58,17 +50,14 @@
# Better backup, swap and undo storage # Better backup, swap and undo storage
vim.o.backup = true; # Easier to recover and more secure vim.o.backup = true; # Easier to recover and more secure
vim.opt.undofile = true; # Keeps undos after quit vim.bo.swapfile = false; # Instead of swaps, create backups
vim.opt.swapfile = false; # Instead of swaps, create backups vim.bo.undofile = true; # Keeps undos after quit
vim.o.backupdir = dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/backup//")''; vim.o.backupdir =
dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/backup//")'';
vim.o.undodir = dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/undo//")''; vim.o.undodir = dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/undo//")'';
# Required for nvim-cmp completion # Required for nvim-cmp completion
vim.opt.completeopt = [ vim.opt.completeopt = [ "menu" "menuone" "noselect" ];
"menu"
"menuone"
"noselect"
];
lua = lib.mkBefore '' lua = lib.mkBefore ''
vim.loader.enable() vim.loader.enable()
@ -80,6 +69,10 @@
" Remember last position when reopening file " Remember last position when reopening file
au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
" LaTeX options
au FileType tex inoremap ;bf \textbf{}<Esc>i
au BufWritePost *.tex silent! execute "!pdflatex -output-directory=%:p:h % >/dev/null 2>&1" | redraw!
" Flash highlight when yanking " Flash highlight when yanking
au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 } au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 }
''; '';

3
modules/common/neovim/config/statusline.nix
View File

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
plugins = [ pkgs.vimPlugins.lualine-nvim ]; plugins = [ pkgs.vimPlugins.lualine-nvim ];
setup.lualine = { setup.lualine = {
options = { options = {

30
modules/common/neovim/config/syntax.nix
View File

@ -1,11 +1,9 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }: {
{
plugins = [ plugins = [
(pkgs.vimPlugins.nvim-treesitter.withPlugins ( (pkgs.vimPlugins.nvim-treesitter.withPlugins (_plugins:
_plugins: with pkgs.tree-sitter-grammars; [ with pkgs.tree-sitter-grammars; [
tree-sitter-bash tree-sitter-bash
tree-sitter-c
tree-sitter-fish tree-sitter-fish
tree-sitter-hcl tree-sitter-hcl
tree-sitter-ini tree-sitter-ini
@ -18,16 +16,15 @@
tree-sitter-python tree-sitter-python
tree-sitter-rasi tree-sitter-rasi
tree-sitter-toml tree-sitter-toml
tree-sitter-vimdoc
tree-sitter-yaml tree-sitter-yaml
] ]))
))
pkgs.vimPlugins.vim-matchup # Better % jumping in languages pkgs.vimPlugins.vim-matchup # Better % jumping in languages
pkgs.vimPlugins.playground # Tree-sitter experimenting pkgs.vimPlugins.playground # Tree-sitter experimenting
pkgs.vimPlugins.nginx-vim pkgs.vimPlugins.nginx-vim
pkgs.vimPlugins.vim-helm pkgs.vimPlugins.vim-helm
# pkgs.vimPlugins.hmts-nvim # Tree-sitter injections for home-manager pkgs.baleia-nvim # Clean ANSI from kitty scrollback
(pkgs.vimUtils.buildVimPlugin { # pkgs.hmts-nvim # Tree-sitter injections for home-manager
(pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "nmasur"; pname = "nmasur";
version = "0.1"; version = "0.1";
src = ../plugin; src = ../plugin;
@ -35,15 +32,9 @@
]; ];
setup."nvim-treesitter.configs" = { setup."nvim-treesitter.configs" = {
highlight = { highlight = { enable = true; };
enable = true; indent = { enable = true; };
}; matchup = { enable = true; }; # Uses vim-matchup
indent = {
enable = true;
};
matchup = {
enable = true;
}; # Uses vim-matchup
textobjects = { textobjects = {
select = { select = {
@ -77,4 +68,5 @@
-- Use HCL parser with .tf files -- Use HCL parser with .tf files
vim.treesitter.language.register('hcl', 'terraform') vim.treesitter.language.register('hcl', 'terraform')
''; '';
} }

16
modules/common/neovim/config/telescope.nix
View File

@ -1,5 +1,4 @@
{ pkgs, dsl, ... }: { pkgs, dsl, ... }: {
{
# Telescope is a fuzzy finder that can work with different sub-plugins # Telescope is a fuzzy finder that can work with different sub-plugins
@ -21,15 +20,9 @@
}; };
}; };
pickers = { pickers = {
find_files = { find_files = { theme = "ivy"; };
theme = "ivy"; oldfiles = { theme = "ivy"; };
}; buffers = { theme = "dropdown"; };
oldfiles = {
theme = "ivy";
};
buffers = {
theme = "dropdown";
};
}; };
extensions = { extensions = {
fzy_native = { }; fzy_native = { };
@ -40,4 +33,5 @@
setup.project_nvim = { }; setup.project_nvim = { };
lua = builtins.readFile ./telescope.lua; lua = builtins.readFile ./telescope.lua;
} }

14
modules/common/neovim/config/toggleterm.lua
View File

@ -21,10 +21,22 @@ function TERM_TOGGLE()
basicterminal:toggle() basicterminal:toggle()
end end
local nixpkgs = terminal:new({ cmd = "nix repl --expr 'import <nixpkgs>{}'" }) local nixpkgs = terminal:new({ cmd = "nix repl '<nixpkgs>'" })
function NIXPKGS_TOGGLE() function NIXPKGS_TOGGLE()
nixpkgs:toggle() nixpkgs:toggle()
end end
local gitwatch = terminal:new({ cmd = "fish --interactive --init-command 'gh run watch'" })
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
local k9s = terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>t", TERM_TOGGLE) vim.keymap.set("n", "<Leader>t", TERM_TOGGLE)
vim.keymap.set("n", "<Leader>P", NIXPKGS_TOGGLE) vim.keymap.set("n", "<Leader>P", NIXPKGS_TOGGLE)
vim.keymap.set("n", "<Leader>gw", GITWATCH_TOGGLE)
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

15
modules/common/neovim/config/toggleterm.nix
View File

@ -1,10 +1,4 @@
{ { pkgs, dsl, ... }: {
pkgs,
dsl,
config,
...
}:
{
# Toggleterm provides a floating terminal inside the editor for quick access # Toggleterm provides a floating terminal inside the editor for quick access
@ -16,9 +10,6 @@
direction = "float"; direction = "float";
}; };
lua = '' lua = builtins.readFile ./toggleterm.lua;
${builtins.readFile ./toggleterm.lua}
${if config.github then (builtins.readFile ./github.lua) else ""}
${if config.kubernetes then (builtins.readFile ./kubernetes.lua) else ""}
'';
} }

22
modules/common/neovim/config/tree.nix
View File

@ -1,12 +1,8 @@
{ pkgs, dsl, ... }: { pkgs, dsl, ... }: {
{
# This plugin creates a side drawer for navigating the current project # This plugin creates a side drawer for navigating the current project
plugins = [ plugins = [ pkgs.vimPlugins.nvim-tree-lua pkgs.vimPlugins.nvim-web-devicons ];
pkgs.vimPlugins.nvim-tree-lua
pkgs.vimPlugins.nvim-web-devicons
];
# Disable netrw eagerly # Disable netrw eagerly
# https://github.com/kyazdani42/nvim-tree.lua/commit/fb8735e96cecf004fbefb086ce85371d003c5129 # https://github.com/kyazdani42/nvim-tree.lua/commit/fb8735e96cecf004fbefb086ce85371d003c5129
@ -20,14 +16,12 @@
hijack_netrw = true; # Works as the file manager hijack_netrw = true; # Works as the file manager
sync_root_with_cwd = true; # Change project whenever currend dir changes sync_root_with_cwd = true; # Change project whenever currend dir changes
respect_buf_cwd = true; # Change to exact location of focused buffer respect_buf_cwd = true; # Change to exact location of focused buffer
update_focused_file = { update_focused_file = { # Change project based on the focused buffer
# Change project based on the focused buffer
enable = true; enable = true;
update_root = true; update_root = true;
ignore_list = { }; ignore_list = { };
}; };
diagnostics = { diagnostics = { # Enable LSP and linter integration
# Enable LSP and linter integration
enable = true; enable = true;
icons = { icons = {
hint = ""; hint = "";
@ -36,8 +30,7 @@
error = ""; error = "";
}; };
}; };
renderer = { renderer = { # Show files with changes vs. current commit
# Show files with changes vs. current commit
icons = { icons = {
glyphs = { glyphs = {
git = { git = {
@ -68,9 +61,9 @@
vim.keymap.set('n', 'v', api.node.open.vertical, opts('Open: Vertical Split')) vim.keymap.set('n', 'v', api.node.open.vertical, opts('Open: Vertical Split'))
end end
''; '';
view = { view = { # Set look and feel
# Set look and feel
width = 30; width = 30;
hide_root_folder = false;
side = "left"; side = "left";
number = false; number = false;
relativenumber = false; relativenumber = false;
@ -81,4 +74,5 @@
lua = '' lua = ''
vim.keymap.set("n", "<Leader>e", ":NvimTreeFindFileToggle<CR>", { silent = true }) vim.keymap.set("n", "<Leader>e", ":NvimTreeFindFileToggle<CR>", { silent = true })
''; '';
} }

37
modules/common/neovim/default.nix
View File

@ -1,21 +1,13 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
let let
neovim = import ./package { neovim = import ./package {
inherit pkgs; inherit pkgs;
colors = config.theme.colors; colors = config.theme.colors;
terraform = config.terraform.enable;
github = true;
kubernetes = config.kubernetes.enable;
}; };
in
{ in {
options.neovim.enable = lib.mkEnableOption "Neovim."; options.neovim.enable = lib.mkEnableOption "Neovim.";
@ -38,9 +30,7 @@ in
# Create quick aliases for launching Neovim # Create quick aliases for launching Neovim
programs.fish = { programs.fish = {
shellAliases = { shellAliases = { vim = "nvim"; };
vim = "nvim";
};
shellAbbrs = { shellAbbrs = {
v = lib.mkForce "nvim"; v = lib.mkForce "nvim";
vl = lib.mkForce "nvim -c 'normal! `0' -c 'bdelete 1'"; vl = lib.mkForce "nvim -c 'normal! `0' -c 'bdelete 1'";
@ -48,20 +38,27 @@ in
}; };
}; };
# Set Neovim as the kitty terminal "scrollback" (vi mode) option.
# Requires removing some of the ANSI escape codes that are sent to the
# scrollback using sed and baleia, as well as removing several
# unnecessary features.
programs.kitty.settings.scrollback_pager = ''
$SHELL -c 'sed -r "s/[[:cntrl:]]\]133;[AC]..//g" | ${neovim}/bin/nvim -c "setlocal nonumber norelativenumber nolist laststatus=0" -c "lua baleia = require(\"baleia\").setup({}); baleia.once(0)" -c "map <silent> q :qa!<CR>" -c "autocmd VimEnter * normal G"' '';
# Create a desktop option for launching Neovim from a file manager # Create a desktop option for launching Neovim from a file manager
# (Requires launching the terminal and then executing Neovim) # (Requires launching the terminal and then executing Neovim)
xdg.desktopEntries.nvim = lib.mkIf (pkgs.stdenv.isLinux && config.gui.enable) { xdg.desktopEntries.nvim = lib.mkIf pkgs.stdenv.isLinux {
name = "Neovim wrapper"; name = "Neovim wrapper";
exec = "${config.home-manager.users.${config.user}.programs.rofi.terminal} nvim %F"; exec = "kitty nvim %F";
mimeType = [ mimeType = [ "text/plain" "text/markdown" ];
"text/plain"
"text/markdown"
];
}; };
xdg.mimeApps.defaultApplications = lib.mkIf pkgs.stdenv.isLinux { xdg.mimeApps.defaultApplications = lib.mkIf pkgs.stdenv.isLinux {
"text/plain" = [ "nvim.desktop" ]; "text/plain" = [ "nvim.desktop" ];
"text/markdown" = [ "nvim.desktop" ]; "text/markdown" = [ "nvim.desktop" ];
}; };
}; };
}; };
} }

1
modules/common/neovim/lua/keybinds.lua
View File

@ -39,6 +39,7 @@ key("n", "<Leader>fs", ":write<CR>")
key("n", "<Leader>fd", ":lcd %:p:h<CR>", { silent = true }) key("n", "<Leader>fd", ":lcd %:p:h<CR>", { silent = true })
key("n", "<Leader>fu", ":lcd ..<CR>", { silent = true }) key("n", "<Leader>fu", ":lcd ..<CR>", { silent = true })
key("n", "<Leader><Tab>", ":b#<CR>", { silent = true }) key("n", "<Leader><Tab>", ":b#<CR>", { silent = true })
key("n", "<Leader>gr", ":!gh browse %<CR><CR>", { silent = true })
key("n", "<Leader>tt", [[<Cmd>exe 'edit $NOTES_PATH/journal/'.strftime("%Y-%m-%d_%a").'.md'<CR>]]) key("n", "<Leader>tt", [[<Cmd>exe 'edit $NOTES_PATH/journal/'.strftime("%Y-%m-%d_%a").'.md'<CR>]])
key("n", "<Leader>jj", ":!journal<CR>:e<CR>") key("n", "<Leader>jj", ":!journal<CR>:e<CR>")

14
modules/common/neovim/lua/settings.lua
View File

@ -11,20 +11,8 @@ vim.filetype.add({
}) })
vim.api.nvim_create_autocmd("FileType", { vim.api.nvim_create_autocmd("FileType", {
pattern = "mail", pattern = "*.eml",
callback = function() callback = function()
vim.o.wrapmargin = 79 -- Wrap text automatically vim.o.wrapmargin = 79 -- Wrap text automatically
end, end,
}) })
vim.api.nvim_create_autocmd("FileType", {
pattern = "markdown",
command = "TableModeEnable",
})
vim.api.nvim_create_autocmd("FileType", {
pattern = "terraform",
callback = function()
vim.bo.commentstring = "# %s"
end,
})

16
modules/common/neovim/package/default.nix
View File

@ -26,25 +26,13 @@
# ] ++ extraConfig; # ] ++ extraConfig;
# } # }
{ { pkgs, colors, ... }:
pkgs,
colors,
terraform ? false,
github ? false,
kubernetes ? false,
...
}:
# Comes from nix2vim overlay: # Comes from nix2vim overlay:
# https://github.com/gytis-ivaskevicius/nix2vim/blob/master/lib/neovim-builder.nix # https://github.com/gytis-ivaskevicius/nix2vim/blob/master/lib/neovim-builder.nix
pkgs.neovimBuilder { pkgs.neovimBuilder {
package = pkgs.neovim-unwrapped; package = pkgs.neovim-unwrapped;
inherit inherit colors;
colors
terraform
github
kubernetes
;
imports = [ imports = [
../config/align.nix ../config/align.nix
../config/bufferline.nix ../config/bufferline.nix

6
modules/common/programming/default.nix
View File

@ -1,12 +1,12 @@
{ ... }: { ... }: {
{
imports = [ imports = [
./haskell.nix ./haskell.nix
./kubernetes.nix ./kubernetes.nix
./lua.nix ./lua.nix
./nix.nix
./python.nix ./python.nix
./rust.nix
./terraform.nix ./terraform.nix
]; ];
} }

8
modules/common/programming/haskell.nix
View File

@ -1,12 +1,14 @@
{ config, lib, ... }: { config, lib, ... }: {
{
options.haskell.enable = lib.mkEnableOption "Haskell programming language."; options.haskell.enable = lib.mkEnableOption "Haskell programming language.";
config = lib.mkIf config.haskell.enable { config = lib.mkIf config.haskell.enable {
# Binary Cache for Haskell.nix # Binary Cache for Haskell.nix
nix.settings.trusted-public-keys = [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ]; nix.settings.trusted-public-keys =
[ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ];
nix.settings.substituters = [ "https://cache.iog.io" ]; nix.settings.substituters = [ "https://cache.iog.io" ];
}; };
} }

59
modules/common/programming/kubernetes.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options.kubernetes.enable = lib.mkEnableOption "Kubernetes tools."; options.kubernetes.enable = lib.mkEnableOption "Kubernetes tools.";
@ -30,29 +24,18 @@
# Terminal Kubernetes UI # Terminal Kubernetes UI
programs.k9s = { programs.k9s = {
enable = true; enable = true;
settings = { # settings = { k9s = { headless = true; }; };
k9s = { skin = {
ui = {
enableMouse = true;
headless = true;
logoless = true;
crumbsless = false;
skin = "main";
};
};
};
skins = {
main = {
k9s = { k9s = {
body = { body = {
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; bgColor = config.theme.colors.base00;
logoColor = config.theme.colors.base02; # *blue ? logoColor = config.theme.colors.base02; # *blue ?
}; };
# Search bar # Search bar
prompt = { prompt = {
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; bgColor = config.theme.colors.base00;
suggestColor = config.theme.colors.base03; suggestColor = config.theme.colors.base03;
}; };
# Header left side # Header left side
@ -62,7 +45,7 @@
}; };
dialog = { dialog = {
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; bgColor = config.theme.colors.base00;
buttonFgColor = config.theme.colors.base06; buttonFgColor = config.theme.colors.base06;
buttonBgColor = config.theme.colors.base0E; buttonBgColor = config.theme.colors.base0E;
buttonFocusFgColor = config.theme.colors.base07; buttonFocusFgColor = config.theme.colors.base07;
@ -96,7 +79,7 @@
}; };
title = { title = {
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; bgColor = config.theme.colors.base00;
highlightColor = config.theme.colors.base09; # *orange highlightColor = config.theme.colors.base09; # *orange
counterColor = config.theme.colors.base0D; # *blue counterColor = config.theme.colors.base0D; # *blue
filterColor = config.theme.colors.base0E; # *magenta filterColor = config.theme.colors.base0E; # *magenta
@ -104,24 +87,20 @@
}; };
views = { views = {
charts = { charts = {
bgColor = "default"; bgColor = config.theme.colors.base00;
defaultDialColors = [ defaultDialColors =
config.theme.colors.base0D [ config.theme.colors.base0D config.theme.colors.base08 ];
config.theme.colors.base08
];
# - *blue # - *blue
# - *red # - *red
defaultChartColors = [ defaultChartColors =
config.theme.colors.base0D [ config.theme.colors.base0D config.theme.colors.base08 ];
config.theme.colors.base08
];
# - *blue # - *blue
# - *red # - *red
}; };
table = { table = {
# List of resources # List of resources
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; bgColor = config.theme.colors.base00;
# Row selection # Row selection
cursorFgColor = config.theme.colors.base07; cursorFgColor = config.theme.colors.base07;
@ -130,13 +109,13 @@
# Header row # Header row
header = { header = {
fgColor = config.theme.colors.base0D; fgColor = config.theme.colors.base0D;
bgColor = "default"; bgColor = config.theme.colors.base00;
sorterColor = config.theme.colors.base0A; # *selection sorterColor = config.theme.colors.base0A; # *selection
}; };
}; };
xray = { xray = {
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; bgColor = config.theme.colors.base00;
cursorColor = config.theme.colors.base06; cursorColor = config.theme.colors.base06;
graphicColor = config.theme.colors.base0D; graphicColor = config.theme.colors.base0D;
showIcons = false; showIcons = false;
@ -148,17 +127,19 @@
}; };
logs = { logs = {
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; bgColor = config.theme.colors.base00;
indicator = { indicator = {
fgColor = config.theme.colors.base06; fgColor = config.theme.colors.base06;
bgColor = "default"; bgColor = config.theme.colors.base00;
};
}; };
}; };
}; };
}; };
}; };
}; };
}; };
}; };
} }

9
modules/common/programming/lua.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options.lua.enable = lib.mkEnableOption "Lua programming language."; options.lua.enable = lib.mkEnableOption "Lua programming language.";
@ -14,4 +8,5 @@
sumneko-lua-language-server # Lua LSP sumneko-lua-language-server # Lua LSP
]; ];
}; };
} }

18
modules/common/programming/nix.nix Normal file
View File

@ -0,0 +1,18 @@
{ config, pkgs, lib, ... }: {
options.nixlang.enable = lib.mkEnableOption "Nix programming language.";
config = lib.mkIf config.nixlang.enable {
home-manager.users.${config.user} = {
home.packages = with pkgs; [
nixfmt # Nix file formatter
nil # Nix language server
];
};
};
}

17
modules/common/programming/python.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options.python.enable = lib.mkEnableOption "Python programming language."; options.python.enable = lib.mkEnableOption "Python programming language.";
@ -14,14 +8,15 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
# python310 # Standard Python interpreter # python310 # Standard Python interpreter
pyright # Python language server nodePackages.pyright # Python language server
black # Python formatter black # Python formatter
python310Packages.flake8 # Python linter python310Packages.flake8 # Python linter
]; ];
programs.fish.shellAbbrs = { programs.fish.shellAbbrs = { py = "python3"; };
py = "python3";
};
}; };
}; };
} }

27
modules/common/programming/rust.nix
View File

@ -1,27 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
options.rust.enable = lib.mkEnableOption "Rust programming language.";
config = lib.mkIf config.rust.enable {
home-manager.users.${config.user} = {
programs.fish.shellAbbrs = {
ca = "cargo";
};
home.packages = with pkgs; [
cargo
rustc
clippy
gcc
];
};
};
}

12
modules/common/programming/terraform.nix
View File

@ -1,15 +1,8 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options.terraform.enable = lib.mkEnableOption "Terraform tools."; options.terraform.enable = lib.mkEnableOption "Terraform tools.";
config = lib.mkIf config.terraform.enable { config = lib.mkIf config.terraform.enable {
unfreePackages = [ "terraform" ];
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.fish.shellAbbrs = { programs.fish.shellAbbrs = {
@ -21,6 +14,9 @@
terraform-ls # Language server terraform-ls # Language server
tflint # Linter tflint # Linter
]; ];
}; };
}; };
} }

9
modules/common/repositories/default.nix
View File

@ -1,8 +1,5 @@
{ ... }: { ... }: {
{
imports = [ ./dotfiles.nix ./notes.nix ];
imports = [
./dotfiles.nix
./notes.nix
];
} }

16
modules/common/repositories/dotfiles.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
# Allows me to make sure I can work on my dotfiles locally # Allows me to make sure I can work on my dotfiles locally
@ -17,17 +11,23 @@
home.activation = { home.activation = {
# Always clone dotfiles repository if it doesn't exist # Always clone dotfiles repository if it doesn't exist
cloneDotfiles = config.home-manager.users.${config.user}.lib.dag.entryAfter [ "writeBoundary" ] '' cloneDotfiles =
config.home-manager.users.${config.user}.lib.dag.entryAfter
[ "writeBoundary" ] ''
if [ ! -d "${config.dotfilesPath}" ]; then if [ ! -d "${config.dotfilesPath}" ]; then
$DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname "${config.dotfilesPath}") $DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname "${config.dotfilesPath}")
$DRY_RUN_CMD ${pkgs.git}/bin/git \ $DRY_RUN_CMD ${pkgs.git}/bin/git \
clone ${config.dotfilesRepo} "${config.dotfilesPath}" clone ${config.dotfilesRepo} "${config.dotfilesPath}"
fi fi
''; '';
}; };
# Set a variable for dotfiles repo, not necessary but convenient # Set a variable for dotfiles repo, not necessary but convenient
home.sessionVariables.DOTS = config.dotfilesPath; home.sessionVariables.DOTS = config.dotfilesPath;
}; };
}; };
} }

26
modules/common/repositories/notes.nix
View File

@ -1,10 +1,4 @@
{ { config, ... }: {
config,
pkgs,
lib,
...
}:
{
# This is just a placeholder as I expect to interact with my notes in a # This is just a placeholder as I expect to interact with my notes in a
# certain location # certain location
@ -15,22 +9,6 @@
NOTES_PATH = "${config.homePath}/dev/personal/notes/content"; NOTES_PATH = "${config.homePath}/dev/personal/notes/content";
}; };
# Sync notes for Nextcloud automatically
systemd.user.timers.refresh-notes = lib.mkIf config.services.nextcloud.enable {
Timer = {
OnCalendar = "*-*-* *:0/10:50"; # Every 10 minutes
Unit = "refresh-notes.service";
};
};
systemd.user.services.refresh-notes = {
Unit.Description = "Get latest notes.";
Service = {
Type = "oneshot";
ExecStartPre = "${pkgs.git}/bin/git -C /data/git/notes reset --hard master";
ExecStart = "${pkgs.git}/bin/git -C /data/git/notes pull";
WorkingDirectory = config.homePath;
Environment = "PATH=${pkgs.openssh}/bin";
};
};
}; };
} }

39
modules/common/shell/atuin.nix
View File

@ -1,39 +0,0 @@
{ config, lib, ... }:
{
# Shell history sync
options.atuin.enable = lib.mkEnableOption "Atuin";
config = {
home-manager.users.${config.user} = lib.mkIf config.atuin.enable {
programs.atuin = {
enable = true;
flags = [
"--disable-up-arrow"
"--disable-ctrl-r"
];
settings = {
auto_sync = true;
update_check = false;
sync_address = "https://api.atuin.sh";
search_mode = "fuzzy";
filter_mode = "host"; # global, host, session, directory
search_mode_shell_up_key_binding = "fuzzy";
filter_mode_shell_up_key_binding = "session";
style = "compact"; # or auto,full
show_help = true;
history_filter = [ ];
secrets_filter = true;
enter_accept = false;
keymap_mode = "vim-normal";
};
};
};
# Give root user the same setup
home-manager.users.root.programs.atuin = config.home-manager.users.${config.user}.programs.atuin;
};
}

12
modules/common/shell/bash/default.nix
View File

@ -1,17 +1,12 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
config = { config = {
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.bash = { programs.bash = {
enable = true; enable = true;
shellAliases = config.home-manager.users.${config.user}.programs.fish.shellAliases; shellAliases =
config.home-manager.users.${config.user}.programs.fish.shellAliases;
initExtra = ""; initExtra = "";
profileExtra = ""; profileExtra = "";
}; };
@ -19,6 +14,7 @@
programs.starship.enableBashIntegration = false; programs.starship.enableBashIntegration = false;
programs.zoxide.enableBashIntegration = true; programs.zoxide.enableBashIntegration = true;
programs.fzf.enableBashIntegration = true; programs.fzf.enableBashIntegration = true;
}; };
}; };
} }

22
modules/common/shell/bash/scripts/aws-ec2.sh
View File

@ -1,22 +0,0 @@
#!/usr/bin/env bash
# Retrieve list of AWS instances
# Use enter to jump into their sessions with SSM
# Specify AWS_PROFILE and AWS_REGION before running this script
aws ec2 describe-instances \
--filters "Name=instance-state-name,Values=running" |
jq -r \
'.Reservations[]
| .Instances[]
| .InstanceId + " - " +
(.PrivateIpAddress // "n/a") + " - " +
(.PublicIpAddress // "n/a") + " - " +
(.Tags // [] | from_entries | .Name // "n/a")' |
fzf \
--height 100% \
--layout reverse \
--header $'Press Enter to start SSM session\nInstance ID - Private IP - Public IP - Name' \
--preview "aws ec2 describe-instances --instance-ids \"\$(echo {} | cut -d' ' -f1)\" | jq -r '.Reservations[].Instances[0]'" \
--bind "enter:become(aws ssm start-session --target \$(echo {} | cut -d' ' -f1))"

23
modules/common/shell/bash/scripts/jqr.sh
View File

@ -1,23 +0,0 @@
#!/usr/bin/env bash
# Adapted from: https://gist.github.com/reegnz/b9e40993d410b75c2d866441add2cb55
if [[ -z $1 ]] || [[ $1 == "-" ]]; then
input=$(mktemp)
trap 'rm -f $input' EXIT
cat /dev/stdin >"$input"
else
input=$1
fi
echo '' |
fzf --phony \
--height 100% \
--preview-window='up:80%' \
--query '.' \
--print-query \
--header $'CTRL-O: jq output\nCTRL-Y: copy output\nALT-Y: copy query' \
--preview "jq --color-output -r {q} $input" \
--bind "ctrl-o:execute(jq -r {q} $input)+clear-query+accept" \
--bind "alt-y:execute(echo {q} | pbcopy)" \
--bind "ctrl-y:execute(jq -r {q} $input | pbcopy)"

4
modules/common/shell/bash/scripts/ocr.sh
View File

@ -31,10 +31,6 @@ STATUS=$?
# because tesseract adds .txt to the given file path anyways. So if we were to # because tesseract adds .txt to the given file path anyways. So if we were to
# specify /tmp/ocr.txt as the file path, tesseract would out the text to # specify /tmp/ocr.txt as the file path, tesseract would out the text to
# /tmp/ocr.txt.txt # /tmp/ocr.txt.txt
cd /tmp || {
echo "Failed to jump to directory."
exit 1
}
tesseract "$IMAGE_FILE" "${TEXT_FILE//\.txt/}" tesseract "$IMAGE_FILE" "${TEXT_FILE//\.txt/}"
# Check if the text was detected by checking number # Check if the text was detected by checking number

55
modules/common/shell/bash/scripts/terraform-init.sh
View File

@ -1,55 +0,0 @@
#!/usr/bin/env bash
export AWS_PROFILE="gs"
BUCKET_NAME_PART_1="t2"
BUCKET_NAME_PART_2="global"
BUCKET_NAME_PART_3="terraformstate"
PROJECT_ROOT=$(git rev-parse --show-toplevel)
WORKFLOW_FILE="${PROJECT_ROOT}/.github/workflows/terraform.yml"
if [ ! -f "$WORKFLOW_FILE" ]; then
WORKFLOW_FILE="${PROJECT_ROOT}/.github/workflows/apply.yml"
fi
AWS_ACCOUNT_NUMBER=$(
awk '/aws_account_number: .*/ {print $2}' "$WORKFLOW_FILE" | # Grab account number
echo "$(
read -r s
s=${s//\'/}
echo "$s"
)" # Remove single quote if it exists
)
if [ -z "${AWS_ACCOUNT_NUMBER}" ]; then
AWS_ACCOUNT_NUMBER=$(
awk '/AWS_ACCOUNT_NUMBER: .*/ {print $2}' "$WORKFLOW_FILE" | # Grab account number
echo "$(
read -r s
s=${s//\'/}
echo "$s"
)" # Remove single quote if it exists
)
fi
REPOSITORY=$(
git remote get-url origin |
awk -F'/' -v OFS='/' '{print $(NF-1),$NF }' |
echo "$(
read -r s
s=${s%.git}
echo "$s"
)" # Remove .git suffix if it exists
)
BRANCH=$(git branch --show-current)
terraform init \
-backend-config="region=us-east-1" \
-backend-config="bucket=${BUCKET_NAME_PART_1}${BUCKET_NAME_PART_2}${BUCKET_NAME_PART_3}" \
-backend-config="workspace_key_prefix=accounts/${AWS_ACCOUNT_NUMBER}/${REPOSITORY}" \
-backend-config="key=state.tfstate" \
-backend-config="dynamodb_table=global-tf-state-lock" \
-upgrade
terraform workspace select "$BRANCH"

10
modules/common/shell/charm.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
# Convenience utilities from charm.sh # Convenience utilities from charm.sh
@ -18,5 +12,7 @@
charm # Manage account and filesystem charm # Manage account and filesystem
pop # Send emails from a TUI pop # Send emails from a TUI
]; ];
}; };
} }

5
modules/common/shell/default.nix
View File

@ -1,7 +1,5 @@
{ ... }: { ... }: {
{
imports = [ imports = [
./atuin.nix
./bash ./bash
./charm.nix ./charm.nix
./direnv.nix ./direnv.nix
@ -13,6 +11,5 @@
./nixpkgs.nix ./nixpkgs.nix
./starship.nix ./starship.nix
./utilities.nix ./utilities.nix
./work.nix
]; ];
} }

Some files were not shown because too many files have changed in this diff Show More