noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-06 19:00:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:nixd
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
..
compare: noah:unfree-predicate-by-pkgs
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

1 Commits
nixd ... unfree-pre

Author SHA1 Message Date
Noah Masur
8ab86428ec attempt to use pkgs for unfree predicate 
still not working
 2023-03-10 21:22:07 -05:00
298 changed files with 5018 additions and 12411 deletions
Expand all files Collapse all files

166
.github/workflows/arrow-aws.yml vendored
View File

@ -1,166 +0,0 @@
name: Arrow (AWS)
run-name: Arrow (AWS) - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
env:
TERRAFORM_DIRECTORY: hosts/arrow/aws
DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
ZONE_NAME: masu.rs
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
on:
workflow_dispatch:
inputs:
rebuild:
type: boolean
default: false
action:
type: choice
required: true
default: create
options:
- create
- destroy
- nothing
size:
type: choice
required: false
options:
- t3a.small # 2 GB RAM / $10
permissions:
id-token: write
contents: write
jobs:
build-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout Repo Code
uses: actions/checkout@v4
- name: Free Disk Space (Ubuntu)
if: inputs.rebuild && inputs.action != 'destroy'
uses: jlumbroso/free-disk-space@main
with:
tool-cache: true
# Enable access to KVM, required to build an image
- name: Enable KVM group perms
if: inputs.rebuild && inputs.action != 'destroy'
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
# Login to AWS
- name: AWS Assume Role
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::286370965832:role/github_actions_admin
aws-region: us-east-1
# Install Nix
- name: Install Nix
if: inputs.rebuild && inputs.action != 'destroy'
uses: cachix/install-nix-action@v20
# Build the image
- name: Build Image
if: inputs.rebuild && inputs.action != 'destroy'
run: nix build .#arrow-aws
- name: Upload Image to S3
if: inputs.rebuild && inputs.action != 'destroy'
run: |
aws s3 cp \
result/nixos-amazon-image-*.vhd \
s3://${{ secrets.IMAGES_BUCKET }}/arrow.vhd \
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform fmt -no-color -check -diff -recursive
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform init \
-backend-config="bucket=${{ secrets.TERRAFORM_STATE_BUCKET }}" \
-backend-config="key=arrow.tfstate"
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: inputs.action == 'create'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
env:
TF_VAR_ec2_size: ${{ inputs.size }}
TF_VAR_images_bucket: ${{ secrets.IMAGES_BUCKET }}
run: |
terraform apply \
-auto-approve \
-input=false
# Removes infrastructure.
- name: Terraform Destroy
if: inputs.action == 'destroy'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
env:
TF_VAR_ec2_size: ${{ inputs.size }}
TF_VAR_images_bucket: ${{ secrets.IMAGES_BUCKET }}
run: |
terraform destroy \
-auto-approve \
-input=false
- name: Get Host IP
if: inputs.action == 'create'
id: host
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform output -raw host_ip
- name: Wait on SSH
if: inputs.action == 'create'
run: |
for i in $(seq 1 15); do
if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
exit 0
fi
sleep 10
done
- name: Write Identity Keys to Files
if: inputs.action == 'create'
run: |
echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
chmod 0600 deploy_ed25519
echo "${{ env.ARROW_IDENTITY_BASE64 }}" | base64 -d > arrow_ed25519
chmod 0600 arrow_ed25519
- name: Copy Identity File to Host
if: inputs.action == 'create'
run: |
ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
scp -i deploy_ed25519 arrow_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519
- name: Wipe Records
if: ${{ inputs.action == 'destroy' }}
run: |
RECORD_ID=$(curl --request GET \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}" | jq -r '.result[] | select(.name == "n8n2.${{ env.ZONE_NAME }}") | .id')
curl --request DELETE \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records/${RECORD_ID} \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}"

154
.github/workflows/arrow.yml vendored
View File

@ -1,154 +0,0 @@
name: Arrow
run-name: Arrow - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
env:
TERRAFORM_DIRECTORY: hosts/arrow/vultr
DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
ARROW_IDENTITY_BASE64: ${{ secrets.ARROW_IDENTITY_BASE64 }}
CLOUDFLARE_R2_ENDPOINT: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
AWS_ACCESS_KEY_ID: ${{ secrets.CLOUDFLARE_R2_ACCESS_KEY }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CLOUDFLARE_R2_SECRET_KEY }}
AWS_DEFAULT_REGION: auto
AWS_ENDPOINT_URL_S3: "https://${{ secrets.CLOUDFLARE_ACCOUNT_ID }}.r2.cloudflarestorage.com"
TF_VAR_vultr_api_key: ${{ secrets.VULTR_API_KEY }}
ZONE_NAME: masu.rs
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
CLOUDFLARE_ZONE_ID: ${{ secrets.CLOUDFLARE_ZONE_ID }}
on:
workflow_dispatch:
inputs:
rebuild:
type: boolean
default: false
action:
type: choice
required: true
default: create
options:
- create
- destroy
- nothing
plan:
type: choice
required: false
options:
- vc2-1c-1gb # 25 GB / $5
- vc2-1c-2gb # 55 GB / $10 (default)
- vc2-2c-2gb # 65 GB / $15
- vc2-2c-4gb # 80 GB / $20
- vc2-4c-8gb # 160 GB / $40
- vc2-6c-16gb # 320 GB / $80
jobs:
build-deploy:
name: Build and Deploy
runs-on: ubuntu-latest
steps:
- name: Checkout Repo Code
uses: actions/checkout@v4
# Enable access to KVM, required to build an image
- name: Enable KVM group perms
if: inputs.rebuild && inputs.action != 'destroy'
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
# Install Nix
- name: Install Nix
if: inputs.rebuild && inputs.action != 'destroy'
uses: cachix/install-nix-action@v17
# Build the image
- name: Build Image
if: inputs.rebuild && inputs.action != 'destroy'
run: nix build .#arrow
- name: Upload Image to S3
if: inputs.rebuild && inputs.action != 'destroy'
run: |
aws s3 cp \
result/iso/nixos.iso \
s3://noahmasur-arrow-images/arrow.iso \
--endpoint-url "https://${{ env.CLOUDFLARE_R2_ENDPOINT }}"
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform fmt -no-color -check -diff -recursive
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform init
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: inputs.action == 'create'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
env:
TF_VAR_vultr_plan: ${{ inputs.plan }}
run: |
terraform apply \
-auto-approve \
-input=false
# Removes infrastructure.
- name: Terraform Destroy
if: inputs.action == 'destroy'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform destroy \
-auto-approve \
-input=false
- name: Get Host IP
if: inputs.action == 'create'
id: host
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform output -raw host_ip
- name: Wait on SSH
if: inputs.action == 'create'
run: |
for i in $(seq 1 15); do
if $(nc -z -w 3 ${{ steps.host.outputs.stdout }} 22); then
exit 0
fi
sleep 10
done
- name: Write Identity Keys to Files
if: inputs.action == 'create'
run: |
echo "${{ env.DEPLOY_IDENTITY_BASE64 }}" | base64 -d > deploy_ed25519
chmod 0600 deploy_ed25519
echo "${{ env.ARROW_IDENTITY_BASE64 }}" | base64 -d > arrow_ed25519
chmod 0600 arrow_ed25519
- name: Copy Identity File to Host
if: inputs.action == 'create'
run: |
ssh -i deploy_ed25519 -o StrictHostKeyChecking=accept-new noah@${{ steps.host.outputs.stdout }} 'mkdir -pv .ssh'
scp -i deploy_ed25519 arrow_ed25519 noah@${{ steps.host.outputs.stdout }}:~/.ssh/id_ed25519
- name: Wipe Records
if: ${{ inputs.action == 'destroy' }}
run: |
RECORD_ID=$(curl --request GET \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}" | jq -r '.result[] | select(.name == "n8n2.${{ env.ZONE_NAME }}") | .id')
curl --request DELETE \
--url https://api.cloudflare.com/client/v4/zones/${{ env.CLOUDFLARE_ZONE_ID }}/dns_records/${RECORD_ID} \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer ${{ env.CLOUDFLARE_API_TOKEN }}"

20
.github/workflows/check.yml vendored
View File

@ -1,20 +0,0 @@
name: Check Build
on:
workflow_dispatch: # allows manual triggering
jobs:
check:
name: Check
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v11
- name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v7
- name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v6
- name: Check the Flake
run: nix flake check

71
.github/workflows/update.yml vendored
View File

@ -1,71 +0,0 @@
name: Update Flake
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '33 3 * * 6' # runs weekly on Saturday at 03:33
permissions:
contents: write
pull-requests: write
checks: write
jobs:
lockfile:
name: Lockfile
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v11
with:
nix-package-url: https://releases.nixos.org/nix/nix-2.18.4/nix-2.18.4-x86_64-linux.tar.xz
- name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v7
- name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v6
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v23
id: update
with:
pr-title: "Update flake.lock" # Title of PR to be created
pr-labels: | # Labels to be set on the PR
dependencies
automated
pr-body: |
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
{{ env.GIT_COMMIT_MESSAGE }}
```
- name: Check the Flake
id: check
run: nix flake check
- name: Update Check Status
uses: LouisBrunner/checks-action@v1.6.1
if: always()
with:
token: ${{ secrets.GITHUB_TOKEN }}
name: Update Flake
conclusion: ${{ job.status }}
output: |
{"summary":"${{ steps.check.outputs.stdout }}"}
- name: Enable Pull Request Automerge
if: success()
run: |
gh pr merge \
--rebase \
--auto \
${{ steps.update.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ github.token }}
- name: Close Pull Request If Failed
if: failure()
run: |
gh pr close \
--comment "Auto-closing pull request" \
--delete-branch \
${{ steps.update.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ github.token }}

4
.gitignore vendored
View File

@ -1,9 +1,9 @@
.DS_Store .DS_Store
*.bak *.bak
*.db *.db
*.qcow2
**/.direnv/** **/.direnv/**
result result
.luarc.json
private/** private/**
templates/**/flake.lock
!private/**.age !private/**.age
!private/**.sha512

138
README.md
View File

@ -6,76 +6,21 @@ hosts.
They are organized and managed by [Nix](https://nixos.org), so some of the They are organized and managed by [Nix](https://nixos.org), so some of the
configuration may be difficult to translate to a non-Nix system. configuration may be difficult to translate to a non-Nix system.
## System Features However, some of the configurations are easier to lift directly:
| Feature | Program | Configuration | - [Neovim](https://github.com/nmasur/dotfiles/tree/master/modules/common/neovim/config)
|----------------|-----------------------------------------------------|-----------------------------------------------| - [Fish functions](https://github.com/nmasur/dotfiles/tree/master/modules/common/shell/fish/functions)
| OS | [NixOS](https://nixos.org) | [Link](./modules/nixos) | - [More fish aliases](https://github.com/nmasur/dotfiles/blob/master/modules/common/shell/fish/default.nix)
| Display Server | [X11](https://www.x.org/wiki/) | [Link](./modules/nixos/graphical/xorg.nix) | - [Git aliases](https://github.com/nmasur/dotfiles/blob/master/modules/common/shell/git.nix)
| Compositor | [Picom](https://github.com/yshui/picom) | [Link](./modules/nixos/graphical/picom.nix) | - [Hammerspoon](https://github.com/nmasur/dotfiles/tree/master/modules/darwin/hammerspoon)
| Window Manager | [i3](https://i3wm.org/) | [Link](./modules/nixos/graphical/i3.nix) |
| Panel | [Polybar](https://polybar.github.io/) | [Link](./modules/nixos/graphical/polybar.nix) |
| Font | [Victor Mono](https://rubjo.github.io/victor-mono/) | [Link](./modules/nixos/graphical/fonts.nix) |
| Launcher | [Rofi](https://github.com/davatorium/rofi) | [Link](./modules/nixos/graphical/rofi.nix) |
## User Features Try out my Neovim config (requires [nix](https://nixos.org/download.html)):
| Feature | Program | Configuration |
|--------------|----------------------------------------------------------------------------------|----------------------------------------------------|
| Dotfiles | [Home-Manager](https://github.com/nix-community/home-manager) | [Link](./modules/common) |
| Terminal | [Kitty](https://sw.kovidgoyal.net/kitty/) | [Link](./modules/common/applications/kitty.nix) |
| Shell | [Fish](https://fishshell.com/) | [Link](./modules/common/shell/fish) |
| Shell Prompt | [Starship](https://starship.rs/) | [Link](./modules/common/shell/starship.nix) |
| Colorscheme | [Gruvbox](https://github.com/morhetz/gruvbox) | [Link](./colorscheme/gruvbox/default.nix) |
| Wallpaper | [Road](https://gitlab.com/exorcist365/wallpapers/-/blob/master/gruvbox/road.jpg) | [Link](./hosts/tempest/default.nix) |
| Text Editor | [Neovim](https://neovim.io/) | [Link](./modules/common/neovim/config) |
| Browser | [Firefox](https://www.mozilla.org/en-US/firefox/new/) | [Link](./modules/common/applications/firefox.nix) |
| E-Mail | [Aerc](https://aerc-mail.org/) | [Link](./modules/common/mail/aerc.nix) |
| File Manager | [Nautilus](https://wiki.gnome.org/action/show/Apps/Files) | [Link](./modules/common/applications/nautilus.nix) |
| PDF Reader | [Zathura](https://pwmt.org/projects/zathura/) | [Link](./modules/common/applications/media.nix) |
| Video Player | [mpv](https://mpv.io/) | [Link](./modules/common/applications/media.nix) |
## macOS Features
| Feature | Program | Configuration |
|----------|---------------------------------------------|--------------------------------------|
| Keybinds | [Hammerspoon](https://www.hammerspoon.org/) | [Link](./modules/darwin/hammerspoon) |
# Diagram
![Diagram](https://github.com/nmasur/dotfiles/assets/7386960/4cc22285-cea1-4831-b387-a82241184381)
---
# Unique Configurations
This repo contains a few more elaborate elements of configuration.
- [Neovim config](./modules/common/neovim/default.nix) generated with Nix2Vim
and source-controlled plugins, differing based on installed LSPs, for example.
- [Caddy JSON](./modules/nixos/services/caddy.nix) file (routes, etc.) based
dynamically on enabled services rendered with Nix.
- [Grafana config](./modules/nixos/services/grafana.nix) rendered with Nix.
- Custom [secrets deployment](./modules/nixos/services/secrets.nix) similar to
agenix.
- Base16 [colorschemes](./colorscheme/) applied to multiple applications,
including Firefox userChrome.
---
# Installation
Click [here](./docs/installation.md) for detailed installation instructions.
# Neovim
Try out my Neovim config with nix:
```bash ```bash
nix run github:nmasur/dotfiles#neovim nix run github:nmasur/dotfiles#neovim
``` ```
Or build it as a package: Or build it as a package (requires [nix](https://nixos.org/download.html)):
```bash ```bash
nix build github:nmasur/dotfiles#neovim nix build github:nmasur/dotfiles#neovim
@ -85,6 +30,73 @@ If you already have a Neovim configuration, you may need to move it out of
`~/.config/nvim` or set `XDG_CONFIG_HOME` to another value; otherwise both `~/.config/nvim` or set `XDG_CONFIG_HOME` to another value; otherwise both
configs might conflict with each other. configs might conflict with each other.
---
# Full Installation
## NixOS - From Live Disk
Format drives and build system from any NixOS host, including the live
installer disk:
**This will erase your drives; use at your own risk!**
```bash
lsblk # Choose the disk you want to wipe
nix-shell -p nixVersions.stable
nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest
```
## NixOS - From Existing System
If you're already running NixOS, you can switch to this configuration with the
following command:
```bash
nix-shell -p nixVersions.stable
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#tempest
```
## Windows - From NixOS WSL
After [installing NixOS on
WSL](https://xeiaso.net/blog/nix-flakes-4-wsl-2022-05-01), you can switch to
the WSL configuration:
```
nix-shell -p nixVersions.stable
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#hydra
```
You should also download the
[FiraCode](https://github.com/ryanoasis/nerd-fonts/releases/download/v2.2.2/FiraCode.zip)
font and install it on Windows. Install [Alacritty](https://alacritty.org/) and
move the `windows/alacritty.yml` file to
`C:\Users\<user>\AppData\Roaming\alacritty`.
## macOS
To get started on a bare macOS installation, first install Nix:
```bash
sh -c "$(curl -L https://nixos.org/nix/install)"
```
Then use Nix to build nix-darwin:
```bash
nix-build https://github.com/LnL7/nix-darwin/archive/master.tar.gz -A installer
./result/bin/darwin-installer
```
Then switch to the macOS configuration:
```bash
darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
```
---
# Flake Templates # Flake Templates
You can also use the [templates](./templates/) as flakes for starting new You can also use the [templates](./templates/) as flakes for starting new

9
apps/README.md
View File

@ -1,9 +0,0 @@
# Apps
These are all my miscellaneous utilies and scripts to accompany this project.
They can be run with:
```
nix run github:nmasur/dotfiles#appname
```

4
apps/default.nix
View File

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: rec {
rec {
# Show quick helper # Show quick helper
default = import ./help.nix { inherit pkgs; }; default = import ./help.nix { inherit pkgs; };
@ -31,4 +30,5 @@ rec {
# Run neovim as an app # Run neovim as an app
neovim = import ./neovim.nix { inherit pkgs; }; neovim = import ./neovim.nix { inherit pkgs; };
nvim = neovim; nvim = neovim;
} }

26
apps/encrypt-secret.nix
View File

@ -1,19 +1,19 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# nix run github:nmasur/dotfiles#encrypt-secret > private/mysecret.age # nix run github:nmasur/dotfiles#encrypt-secret > private/mysecret.age
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "encrypt-secret" ''
pkgs.writeShellScript "encrypt-secret" '' printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2
printf "\nEnter the secret data to encrypt for all hosts...\n\n" 1>&2 read -p "Secret: " secret
read -p "Secret: " secret printf "\nEncrypting...\n\n" 1>&2
printf "\nEncrypting...\n\n" 1>&2 tmpfile=$(mktemp)
tmpfile=$(mktemp) echo "''${secret}" > ''${tmpfile}
echo "''${secret}" > ''${tmpfile} ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile builtins.toString ../public-keys
rm $tmpfile } $tmpfile
'' rm $tmpfile
); '');
} }

56
apps/format-root.nix
View File

@ -1,41 +1,39 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# This script will partition and format drives; use at your own risk! # This script will partition and format drives; use at your own risk!
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "format-root" ''
pkgs.writeShellScript "format-root" '' set -e
set -e
DISK=$1 DISK=$1
if [ -z "''${DISK}" ]; then if [ -z "''${DISK}" ]; then
${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \ ${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
--foreground "#fb4934" \ --foreground "#fb4934" \
"Missing required parameter." \ "Missing required parameter." \
"Usage: format-root -- <disk>" \ "Usage: format-root -- <disk>" \
"Flake example: nix run github:nmasur/dotfiles#format-root -- nvme0n1" "Flake example: nix run github:nmasur/dotfiles#format-root -- nvme0n1"
echo "(exiting)" echo "(exiting)"
exit 1 exit 1
fi fi
${pkgs.disko-packaged}/bin/disko \ ${pkgs.disko-packaged}/bin/disko \
--mode create \ --mode create \
--dry-run \ --dry-run \
--flake "path:$(pwd)#root" \ --flake "path:$(pwd)#root" \
--arg disk \""/dev/''${DISK}"\" --arg disk \""/dev/''${DISK}"\"
${pkgs.gum}/bin/gum confirm \ ${pkgs.gum}/bin/gum confirm \
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \ "This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
--default=false --default=false
${pkgs.disko-packaged}/bin/disko \ ${pkgs.disko-packaged}/bin/disko \
--mode create \ --mode create \
--flake "path:$(pwd)#root" \ --flake "path:$(pwd)#root" \
--arg disk "/dev/''${DISK}" --arg disk "/dev/''${DISK}"
'');
''
);
} }

40
apps/help.nix
View File

@ -1,25 +1,23 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "default" ''
pkgs.writeShellScript "default" '' ${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options" ${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.' echo ""
echo "" echo ""
echo "" ${pkgs.gum}/bin/gum format --type=template -- \
${pkgs.gum}/bin/gum format --type=template -- \ ' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \ ' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \ ' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \ ' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \ ' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \ ' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \ ' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \
' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \ ' {{ Color "15" "57" " netdata " }} {{ Italic "Connect a machine to Netdata cloud." }}'
' {{ Color "15" "57" " netdata " }} {{ Italic "Connect a machine to Netdata cloud." }}' echo ""
echo "" echo ""
echo "" '');
''
);
} }

70
apps/installer.nix
View File

@ -1,50 +1,48 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# Inspired by https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix # Inspired by https://github.com/cleverca22/nix-tests/blob/master/kexec/justdoit.nix
# This script will partition and format drives; use at your own risk! # This script will partition and format drives; use at your own risk!
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "installer" ''
pkgs.writeShellScript "installer" '' set -e
set -e
DISK=$1 DISK=$1
FLAKE=$2 FLAKE=$2
PARTITION_PREFIX="" PARTITION_PREFIX=""
if [ -z "$DISK" ] || [ -z "$FLAKE" ]; then if [ -z "$DISK" ] || [ -z "$FLAKE" ]; then
${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \ ${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
--foreground "#fb4934" \ --foreground "#fb4934" \
"Missing required parameter." \ "Missing required parameter." \
"Usage: installer -- <disk> <host>" \ "Usage: installer -- <disk> <host>" \
"Example: installer -- nvme0n1 tempest" \ "Example: installer -- nvme0n1 desktop" \
"Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest" "Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 desktop"
echo "(exiting)" echo "(exiting)"
exit 1 exit 1
fi fi
case "$DISK" in nvme*) case "$DISK" in nvme*)
PARTITION_PREFIX="p" PARTITION_PREFIX="p"
esac esac
${pkgs.gum}/bin/gum confirm \ ${pkgs.gum}/bin/gum confirm \
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \ "This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
--default=false --default=false
${pkgs.parted}/bin/parted /dev/''${DISK} -- mklabel gpt ${pkgs.parted}/bin/parted /dev/''${DISK} -- mklabel gpt
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart primary 512MiB 100% ${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart primary 512MiB 100%
${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart ESP fat32 1MiB 512MiB ${pkgs.parted}/bin/parted /dev/''${DISK} -- mkpart ESP fat32 1MiB 512MiB
${pkgs.parted}/bin/parted /dev/''${DISK} -- set 3 esp on ${pkgs.parted}/bin/parted /dev/''${DISK} -- set 3 esp on
mkfs.ext4 -L nixos /dev/''${DISK}''${PARTITION_PREFIX}1 mkfs.ext4 -L nixos /dev/''${DISK}''${PARTITION_PREFIX}1
mkfs.fat -F 32 -n boot /dev/''${DISK}''${PARTITION_PREFIX}2 mkfs.fat -F 32 -n boot /dev/''${DISK}''${PARTITION_PREFIX}2
mount /dev/disk/by-label/nixos /mnt mount /dev/disk/by-label/nixos /mnt
mkdir --parents /mnt/boot mkdir --parents /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot mount /dev/disk/by-label/boot /mnt/boot
${pkgs.nixos-install-tools}/bin/nixos-install --flake github:nmasur/dotfiles#''${FLAKE}
'');
${pkgs.nixos-install-tools}/bin/nixos-install --flake github:nmasur/dotfiles#''${FLAKE}
''
);
} }

19
apps/loadkey.nix
View File

@ -1,15 +1,12 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "loadkey" ''
pkgs.writeShellScript "loadkey" '' printf "\nEnter the seed phrase for your SSH key...\n"
printf "\nEnter the seed phrase for your SSH key...\n" printf "\nThen press ^D when complete.\n\n"
printf "\nThen press ^D when complete.\n\n" ${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519
mkdir -p ~/.ssh/ printf "\n\nContinuing activation.\n\n"
${pkgs.melt}/bin/melt restore ~/.ssh/id_ed25519 '');
printf "\n\nContinuing activation.\n\n"
''
);
} }

15
apps/neovim.nix
View File

@ -1,12 +1,13 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = "${ program = "${
(import ../modules/common/neovim/package { (import ../modules/common/neovim/package {
inherit pkgs; inherit pkgs;
colors = (import ../colorscheme/nord).dark; colors =
}) import ../colorscheme/gruvbox/neovim-gruvbox.nix { inherit pkgs; };
}/bin/nvim"; })
}/bin/nvim";
} }

32
apps/netdata-cloud.nix
View File

@ -1,21 +1,19 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "netdata-cloud" ''
pkgs.writeShellScript "netdata-cloud" '' if [ "$EUID" -ne 0 ]; then
if [ "$EUID" -ne 0 ]; then echo "Please run as root"
echo "Please run as root" exit 1
exit 1 fi
fi mkdir --parents --mode 0750 /var/lib/netdata/cloud.d
mkdir --parents --mode 0750 /var/lib/netdata/cloud.d printf "\nEnter the claim token for netdata cloud...\n\n"
printf "\nEnter the claim token for netdata cloud...\n\n" read -p "Token: " token
read -p "Token: " token echo "''${token}" > /var/lib/netdata/cloud.d/token
echo "''${token}" > /var/lib/netdata/cloud.d/token chown -R netdata:netdata /var/lib/netdata
chown -R netdata:netdata /var/lib/netdata ${pkgs.netdata}/bin/netdata-claim.sh -id=$(uuidgen)
${pkgs.netdata}/bin/netdata-claim.sh -id=$(uuidgen) printf "\n\nNow restart netdata service.\n\n"
printf "\n\nNow restart netdata service.\n\n" '');
''
);
} }

12
apps/readme.nix
View File

@ -1,11 +1,9 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "readme" ''
pkgs.writeShellScript "readme" '' ${pkgs.glow}/bin/glow --pager ${builtins.toString ../README.md}
${pkgs.glow}/bin/glow --pager ${builtins.toString ../README.md} '');
''
);
} }

24
apps/rebuild.nix
View File

@ -1,17 +1,15 @@
{ pkgs, ... }: { pkgs, ... }: {
{
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "rebuild" ''
pkgs.writeShellScript "rebuild" '' echo ${pkgs.system}
echo ${pkgs.system} SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"} if [ "$SYSTEM" == "darwin" ]; then
if [ "$SYSTEM" == "darwin" ]; then darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
sudo darwin-rebuild switch --flake ${builtins.toString ../.} else
else nixos-rebuild switch --flake github:nmasur/dotfiles
doas nixos-rebuild switch --flake ${builtins.toString ../.} fi
fi '');
''
);
} }

42
apps/reencrypt-secrets.nix
View File

@ -1,27 +1,27 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# nix run github:nmasur/dotfiles#reencrypt-secrets ./private # nix run github:nmasur/dotfiles#reencrypt-secrets ./private
type = "app"; type = "app";
program = builtins.toString ( program = builtins.toString (pkgs.writeShellScript "reencrypt-secrets" ''
pkgs.writeShellScript "reencrypt-secrets" '' if [ $# -eq 0 ]; then
if [ $# -eq 0 ]; then echo "Must provide directory to reencrypt."
echo "Must provide directory to reencrypt." exit 1
exit 1 fi
fi encrypted=$1
encrypted=$1 for encryptedfile in ''${1}/*; do
for encryptedfile in ''${1}/*; do tmpfile=$(mktemp)
tmpfile=$(mktemp) echo "Decrypting ''${encryptedfile}..."
echo "Decrypting ''${encryptedfile}..." ${pkgs.age}/bin/age --decrypt \
${pkgs.age}/bin/age --decrypt \ --identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile echo "Encrypting ''${encryptedfile}..."
echo "Encrypting ''${encryptedfile}..." ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${builtins.toString ../misc/public-keys} $tmpfile > $encryptedfile builtins.toString ../public-keys
rm $tmpfile } $tmpfile > $encryptedfile
done rm $tmpfile
echo "Finished." done
'' echo "Finished."
); '');
} }

5
colorscheme/README.md
View File

@ -1,5 +0,0 @@
# Colorschemes
Color information for different themes is found here. The colors are sourced
and used with [base16](https://github.com/chriskempson/base16) format
consistently across the system.

34
colorscheme/everforest/default.nix
View File

@ -1,22 +1,20 @@
{ {
name = "everforest"; # dark, hard name = "everforest"; # dark, hard
author = "Sainnhe Park"; author = "Sainnhe Park";
dark = { base00 = "#2b3339"; # Default Background
base00 = "#2b3339"; # Default Background base01 = "#323c41"; # Lighter Background
base01 = "#323c41"; # Lighter Background base02 = "#503946"; # Selection Background
base02 = "#503946"; # Selection Background base03 = "#868d80"; # Comments, Invisibles, Line Highlighting
base03 = "#868d80"; # Comments, Invisibles, Line Highlighting base04 = "#d3c6aa"; # Dark Foreground (Used for status bars)
base04 = "#d3c6aa"; # Dark Foreground (Used for status bars) base05 = "#d3c6aa"; # Default Foreground, Caret, Delimiters, Operators
base05 = "#d3c6aa"; # Default Foreground, Caret, Delimiters, Operators base06 = "#e9e8d2"; # Light Foreground (Not often used)
base06 = "#e9e8d2"; # Light Foreground (Not often used) base07 = "#fff9e8"; # Light Background (Not often used)
base07 = "#fff9e8"; # Light Background (Not often used) base08 = "#7fbbb3"; # Variables, XML Tags, Markup Link Text, ...
base08 = "#7fbbb3"; # Variables, XML Tags, Markup Link Text, ... base09 = "#d699b6"; # Integers, Boolean, Constants, ...
base09 = "#d699b6"; # Integers, Boolean, Constants, ... base0A = "#83c092"; # Classes, Markup Bold, Search Text Background
base0A = "#83c092"; # Classes, Markup Bold, Search Text Background base0B = "#dbbc7f"; # Strings, Inherited Class, Markup Code, Diff Inserted
base0B = "#dbbc7f"; # Strings, Inherited Class, Markup Code, Diff Inserted base0C = "#e69875"; # Support, Regular Expressions, Escape Characters, ...
base0C = "#e69875"; # Support, Regular Expressions, Escape Characters, ... base0D = "#a7c080"; # Functions, Methods, Attribute IDs, Headings
base0D = "#a7c080"; # Functions, Methods, Attribute IDs, Headings base0E = "#e67e80"; # Keywords, Storage, Selector, Markup Italic, Diff Changed
base0E = "#e67e80"; # Keywords, Storage, Selector, Markup Italic, Diff Changed base0F = "#d699b6"; # Deprecated, Opening/Closing Embedded Language Tags, ...
base0F = "#d699b6"; # Deprecated, Opening/Closing Embedded Language Tags, ...
};
} }

44
colorscheme/gruvbox-dark/default.nix
View File

@ -1,44 +0,0 @@
# Gruvbox with a darker background for greater contrast
{
name = "gruvbox-dark"; # Dark, Medium
author = "Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox), ElRastaOk (https://www.reddit.com/user/ElRastaOk)";
dark = {
base00 = "#1D2122"; # ---- This is the change from normal gruvbox
base01 = "#3c3836"; # ---
base02 = "#504945"; # --
base03 = "#665c54"; # -
base04 = "#bdae93"; # +
base05 = "#d5c4a1"; # ++
base06 = "#ebdbb2"; # +++
base07 = "#fbf1c7"; # ++++
base08 = "#fb4934"; # red
base09 = "#fe8019"; # orange
base0A = "#fabd2f"; # yellow
base0B = "#b8bb26"; # green
base0C = "#8ec07c"; # aqua/cyan
base0D = "#83a598"; # blue
base0E = "#d3869b"; # purple
base0F = "#d65d0e"; # brown
batTheme = "gruvbox-dark";
};
light = {
base00 = "#fbf1c7"; # ----
base01 = "#ebdbb2"; # ---
base02 = "#d5c4a1"; # --
base03 = "#bdae93"; # -
base04 = "#665c54"; # +
base05 = "#504945"; # ++
base06 = "#3c3836"; # +++
base07 = "#1D2122"; # ++++ Adjusted darker here
base08 = "#9d0006"; # red
base09 = "#af3a03"; # orange
base0A = "#b57614"; # yellow
base0B = "#79740e"; # green
base0C = "#427b58"; # aqua/cyan
base0D = "#076678"; # blue
base0E = "#8f3f71"; # purple
base0F = "#d65d0e"; # brown
batTheme = "gruvbox-light";
};
}

5
colorscheme/gruvbox/default.nix
View File

@ -1,6 +1,7 @@
{ {
name = "gruvbox"; # Dark, Medium name = "gruvbox"; # Dark, Medium
author = "Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox)"; author =
"Dawid Kurek (dawikur@gmail.com), morhetz (https://github.com/morhetz/gruvbox)";
dark = { dark = {
base00 = "#282828"; # ---- base00 = "#282828"; # ----
base01 = "#3c3836"; # --- base01 = "#3c3836"; # ---
@ -18,6 +19,7 @@
base0D = "#83a598"; # blue base0D = "#83a598"; # blue
base0E = "#d3869b"; # purple base0E = "#d3869b"; # purple
base0F = "#d65d0e"; # brown base0F = "#d65d0e"; # brown
neovimConfig = ./neovim-gruvbox.nix;
batTheme = "gruvbox-dark"; batTheme = "gruvbox-dark";
}; };
light = { light = {
@ -37,6 +39,7 @@
base0D = "#076678"; # blue base0D = "#076678"; # blue
base0E = "#8f3f71"; # purple base0E = "#8f3f71"; # purple
base0F = "#d65d0e"; # brown base0F = "#d65d0e"; # brown
neovimConfig = ./neovim-gruvbox.nix;
batTheme = "gruvbox-light"; batTheme = "gruvbox-light";
}; };
} }

12
colorscheme/gruvbox/neovim-gruvbox.nix Normal file
View File

@ -0,0 +1,12 @@
{ pkgs, ... }: {
plugins = [ pkgs.vimPlugins.vim-gruvbox8 ];
vim.g.gruvbox_italicize_strings = 0;
vim.o.background = "dark";
vimscript = ''
let g:gruvbox_italicize_strings = 0
colorscheme gruvbox8
'';
}

36
colorscheme/nord/default.nix
View File

@ -1,23 +1,21 @@
{ {
name = "nord"; name = "nord";
author = "arcticicestudio"; author = "arcticicestudio";
dark = { base00 = "#2E3440";
base00 = "#2E3440"; base01 = "#3B4252";
base01 = "#3B4252"; base02 = "#434C5E";
base02 = "#434C5E"; base03 = "#4C566A";
base03 = "#4C566A"; base04 = "#D8DEE9";
base04 = "#D8DEE9"; base05 = "#E5E9F0";
base05 = "#E5E9F0"; base06 = "#ECEFF4";
base06 = "#ECEFF4"; base07 = "#8FBCBB";
base07 = "#8FBCBB"; base08 = "#88C0D0";
base08 = "#88C0D0"; base09 = "#81A1C1";
base09 = "#81A1C1"; base0A = "#5E81AC";
base0A = "#5E81AC"; base0B = "#BF616A";
base0B = "#BF616A"; base0C = "#D08770";
base0C = "#D08770"; base0D = "#EBCB8B";
base0D = "#EBCB8B"; base0E = "#A3BE8C";
base0E = "#A3BE8C"; base0F = "#B48EAD";
base0F = "#B48EAD"; neovimConfig = ./neovim.lua;
batTheme = "nord";
};
} }

13
colorscheme/nord/neovim.lua Normal file
View File

@ -0,0 +1,13 @@
local M = {}
M.packer = function(use)
use({
"shaunsingh/nord.nvim",
config = function()
vim.g.nord_italic = true
vim.cmd("colorscheme nord")
end,
})
end
return M

5
disks/README.md
View File

@ -1,5 +0,0 @@
# Disks
These are my [disko](https://github.com/nix-community/disko) configurations,
which allow me to save desired disk formatting layouts as a declarative file so
I don't have to remember how to format my disks later on.

41
disks/root.nix
View File

@ -1,38 +1,43 @@
{ disk, ... }: { disk, ... }: {
{
disk = { disk = {
boot = { boot = {
type = "disk"; type = "disk";
device = disk; device = disk;
content = { content = {
type = "gpt"; type = "table";
partitions = { format = "gpt";
partitions = [
# Boot partition # Boot partition
ESP = rec { {
size = "512MiB"; type = "partition";
type = "EF00"; name = "ESP";
label = "boot"; start = "0";
device = "/dev/disk/by-label/${label}"; end = "512MiB";
fs-type = "fat32";
bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
extraArgs = [ "-n ${label}" ]; extraArgs = [ "-n boot" ];
}; };
}; }
# Root partition ext4 # Root partition ext4
root = rec { {
size = "100%"; type = "partition";
label = "nixos"; name = "root";
device = "/dev/disk/by-label/${label}"; start = "512MiB";
end = "100%";
part-type = "primary";
bootable = true;
content = { content = {
type = "filesystem"; type = "filesystem";
format = "ext4"; format = "ext4";
mountpoint = "/"; mountpoint = "/";
extraArgs = [ "-L ${label}" ]; extraArgs = [ "-L nixos" ];
}; };
}; }
}; ];
}; };
}; };
}; };

25
disks/zfs.nix
View File

@ -1,5 +1,4 @@
{ pool, disks, ... }: { pool, disks, ... }: {
{
disk = lib.genAttrs disks (disk: { disk = lib.genAttrs disks (disk: {
"${disk}" = { "${disk}" = {
type = "disk"; type = "disk";
@ -7,18 +6,16 @@
content = { content = {
type = "table"; type = "table";
format = "gpt"; format = "gpt";
partitions = [ partitions = [{
{ type = "partition";
type = "partition"; name = "zfs";
name = "zfs"; start = "128MiB";
start = "128MiB"; end = "100%";
end = "100%"; content = {
content = { type = "zfs";
type = "zfs"; pool = pool;
pool = pool; };
}; }];
}
];
}; };
}; };
}); });

4
docs/README.md
View File

@ -1,4 +0,0 @@
# Documentation
Reference documents for some of the more complicated services and maintenance
tasks.

73
docs/installation.md
View File

@ -1,73 +0,0 @@
[Back to README](../README.md)
---
# Installation
## NixOS - From Live Disk
Format drives and build system from any NixOS host, including the live
installer disk:
**This will erase your drives; use at your own risk!**
```bash
lsblk # Choose the disk you want to wipe
nix-shell -p nixVersions.stable
nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest
```
## NixOS - From Existing System
If you're already running NixOS, you can switch to this configuration with the
following command:
```bash
nix-shell -p nixVersions.stable
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#tempest
```
## Windows - From NixOS WSL
After [installing NixOS on
WSL](https://xeiaso.net/blog/nix-flakes-4-wsl-2022-05-01), you can switch to
the WSL configuration:
```
nix-shell -p nixVersions.stable
sudo nixos-rebuild switch --flake github:nmasur/dotfiles#hydra
```
You should also download the
[FiraCode](https://github.com/ryanoasis/nerd-fonts/releases/download/v2.2.2/FiraCode.zip)
font and install it on Windows. Install [Alacritty](https://alacritty.org/) and
move the `windows/alacritty.yml` file to
`C:\Users\<user>\AppData\Roaming\alacritty`.
## macOS
To get started on a bare macOS installation, first install Nix:
```bash
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
```
Launch a new shell. Then use Nix to switch to the macOS configuration:
```bash
sudo rm /etc/bashrc
sudo rm /etc/nix/nix.conf
export NIX_SSL_CERT_FILE="$HOME/Documents/t2-ca-bundle.pem"
nix \
--extra-experimental-features flakes \
--extra-experimental-features nix-command \
run nix-darwin -- switch \
--flake github:nmasur/dotfiles#lookingglass
```
Once installed, you can continue to update the macOS configuration:
```bash
darwin-rebuild switch --flake ~/dev/personal/dotfiles
```

82
docs/repair-nextcloud.md
View File

@ -1,82 +0,0 @@
# Repairing Nextcloud
You can run the maintenance commands like this:
```
sudo -u nextcloud nextcloud-occ maintenance:mode --on
sudo -u nextcloud nextcloud-occ maintenance:repair
sudo -u nextcloud nextcloud-occ maintenance:mode --off
```
## Rescan Files
```
sudo -u nextcloud nextcloud-occ files:scan --all
```
## Converting from SQLite to MySQL (mariadb)
First: keep Nextcloud set to SQLite as its dbtype, and separately launch MySQL
as a service by copying the configuration found
[here](https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/nextcloud.nix).
No password is necessary, since the user-based auth works with UNIX sockets.
You can connect to the MySQL instance like this:
```
sudo -u nextcloud mysql -S /run/mysqld/mysqld.sock
```
Create a blank database for Nextcloud:
```sql
create database nextcloud;
```
Now setup the [conversion](https://docs.nextcloud.com/server/17/admin_manual/configuration_database/db_conversion.html):
```
sudo -u nextcloud nextcloud-occ db:convert-type mysql nextcloud localhost nextcloud
```
Ignore the password prompt. Proceed with the conversion.
Now `config.php` will be updated but the override config from NixOS will not
be. Now update your NixOS configuration:
- Remove the `mysql` service you created.
- Set `dbtype` to `mysql`.
- Set `database.createLocally` to `true`.
Rebuild your configuration.
Now, make sure to enable [4-byte
support](https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/mysql_4byte_support.html)
in the database.
## Backing Up MySQL Database
Use this mysqldump command:
```
sudo -u nextcloud mysqldump -S /run/mysqld/mysqld.sock --default-character-set=utf8mb4 nextcloud > backup.sql
```
## Converting to Postgres
Same as MySQL, but run this command instead:
```
sudo -u nextcloud nextcloud-occ db:convert-type pgsql nextcloud /run/postgresql/ nextcloud
```
Then set the `dbtype` to `pgsql`.
## Backing Up Postgres Database
Use this pg_dump command:
```
sudo -u nextcloud pg_dump nextcloud > backup.sql
```

43
docs/restore-nextcloud.md Normal file
View File

@ -0,0 +1,43 @@
# Restoring Nextcloud From Backup
Install the `litestream` package.
```
nix-shell --run fish -p litestream
```
Set the S3 credentials:
```
set -x AWS_ACCESS_KEY_ID (read)
set -x AWS_SECRET_ACCESS_KEY (read)
```
Restore from S3:
```
litestream restore -o nextcloud.db s3://noahmasur-backup.s3.us-west-002.backblazeb2.com/nextcloud
```
Install Nextcloud. Then copy DB:
```
sudo rm /data/nextcloud/data/nextcloud.db*
sudo mv nextcloud.db /data/nextcloud/data/
sudo chown nextcloud:nextcloud /data/nextcloud/data/nextcloud.db
sudo chmod 770 /data/nextcloud/data/nextcloud.db
```
Restart Nextcloud:
```
sudo systemctl restart phpfpm-nextcloud.service
```
Adjust Permissions and Directories:
```
sudo mkdir /data/nextcloud/data/noah/files
sudo chown nextcloud:nextcloud /data/nextcloud/data/noah/files
```

45
docs/zfs.md
View File

@ -1,45 +0,0 @@
# ZFS
Swan runs its root on ext4. The ZFS drives are managed imperatively (this
[disko configuration](../disks/zfs.nix) is an unused work-in-progress).
The basic ZFS settings are managed [here](../modules/nixos/hardware/zfs.nix).
## Creating a New Dataset
```
sudo zfs create tank/mydataset
sudo zfs set compression=zstd tank/myzstddataset
sudo zfs set mountpoint=/data/mydataset tank/mydataset
```
## Maintenance
### Get Status
```
sudo zpool status
```
### Replace Disk
```
sudo zdb
sudo zpool status -g # Show by GUID
sudo zpool offline tank <GUID>
sudo zpool status
# Remove old disk, insert new disk
sudo zdb
sudo zpool replace tank <OLD GUID> /dev/disk/by-id/<NEW PATH>
sudo zpool status
```
## Initial Setup
```
sudo zpool create tank raidz1 sda sdb sdc
sudo zpool set ashift=12 tank
sudo zpool set autoexpand=on tank
sudo zpool set compression=on tank
```

716
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

405
flake.nix
View File

@ -7,44 +7,27 @@
# Used for system packages # Used for system packages
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Used for specific stable packages
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05";
# Used for caddy plugins
nixpkgs-caddy.url = "github:jpds/nixpkgs/caddy-external-plugins";
# Used for MacOS system config # Used for MacOS system config
darwin = { darwin = {
url = "github:lnl7/nix-darwin/master"; url = "github:/lnl7/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Used for Windows Subsystem for Linux compatibility # Used for Windows Subsystem for Linux compatibility
wsl = { wsl.url = "github:nix-community/NixOS-WSL";
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
# Used for user packages and dotfiles # Used for user packages
home-manager = { home-manager = {
url = "github:nix-community/home-manager/master"; url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list for their inputs inputs.nixpkgs.follows =
"nixpkgs"; # Use system packages list where available
}; };
# Community packages; used for Firefox extensions # Community packages; used for Firefox extensions
nur.url = "github:nix-community/nur"; nur.url = "github:nix-community/nur";
# Use official Firefox binary for macOS # Use official Firefox binary for macOS
firefox-darwin = { firefox-darwin.url = "github:bandithedoge/nixpkgs-firefox-darwin";
url = "github:bandithedoge/nixpkgs-firefox-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
# Better App install management in macOS
mac-app-util = {
url = "github:hraban/mac-app-util";
inputs.nixpkgs.follows = "nixpkgs"; # Use system packages list for their inputs
};
# Manage disk format and partitioning # Manage disk format and partitioning
disko = { disko = {
@ -70,33 +53,32 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# Nix language server
nil.url = "github:oxalica/nil";
# Neovim plugins # Neovim plugins
base16-nvim-src = {
url = "github:RRethy/base16-nvim";
flake = false;
};
nvim-lspconfig-src = { nvim-lspconfig-src = {
# https://github.com/neovim/nvim-lspconfig/tags url = "github:neovim/nvim-lspconfig";
url = "github:neovim/nvim-lspconfig/v0.1.8";
flake = false; flake = false;
}; };
cmp-nvim-lsp-src = { cmp-nvim-lsp-src = {
url = "github:hrsh7th/cmp-nvim-lsp"; url = "github:hrsh7th/cmp-nvim-lsp";
flake = false; flake = false;
}; };
baleia-nvim-src = { null-ls-nvim-src = {
# https://github.com/m00qek/baleia.nvim/tags url = "github:jose-elias-alvarez/null-ls.nvim";
url = "github:m00qek/baleia.nvim"; flake = false;
};
Comment-nvim-src = {
url = "github:numToStr/Comment.nvim";
flake = false; flake = false;
}; };
nvim-treesitter-src = { nvim-treesitter-src = {
# https://github.com/nvim-treesitter/nvim-treesitter/tags url = "github:nvim-treesitter/nvim-treesitter";
url = "github:nvim-treesitter/nvim-treesitter/v0.9.2";
flake = false; flake = false;
}; };
telescope-nvim-src = { telescope-nvim-src = {
# https://github.com/nvim-telescope/telescope.nvim/releases url = "github:nvim-telescope/telescope.nvim";
url = "github:nvim-telescope/telescope.nvim/0.1.8";
flake = false; flake = false;
}; };
telescope-project-nvim-src = { telescope-project-nvim-src = {
@ -104,335 +86,137 @@
flake = false; flake = false;
}; };
toggleterm-nvim-src = { toggleterm-nvim-src = {
# https://github.com/akinsho/toggleterm.nvim/tags url = "github:akinsho/toggleterm.nvim";
url = "github:akinsho/toggleterm.nvim/v2.12.0";
flake = false; flake = false;
}; };
bufferline-nvim-src = { bufferline-nvim-src = {
# https://github.com/akinsho/bufferline.nvim/releases url = "github:akinsho/bufferline.nvim";
url = "github:akinsho/bufferline.nvim/v4.6.1";
flake = false; flake = false;
}; };
nvim-tree-lua-src = { nvim-tree-lua-src = {
url = "github:kyazdani42/nvim-tree.lua"; url = "github:kyazdani42/nvim-tree.lua";
flake = false; flake = false;
}; };
hmts-nvim-src = {
url = "github:calops/hmts.nvim";
flake = false;
};
fidget-nvim-src = {
# https://github.com/j-hui/fidget.nvim/tags
url = "github:j-hui/fidget.nvim/v1.4.5";
flake = false;
};
nvim-lint-src = {
url = "github:mfussenegger/nvim-lint";
flake = false;
};
tiny-inline-diagnostic-nvim-src = {
url = "github:rachartier/tiny-inline-diagnostic.nvim";
flake = false;
};
snipe-nvim-src = {
url = "github:leath-dub/snipe.nvim";
flake = false;
};
# Tree-Sitter Grammars
tree-sitter-bash = {
url = "github:tree-sitter/tree-sitter-bash/master";
flake = false;
};
tree-sitter-python = {
url = "github:tree-sitter/tree-sitter-python/master";
flake = false;
};
tree-sitter-lua = {
url = "github:MunifTanjim/tree-sitter-lua/main";
flake = false;
};
tree-sitter-ini = {
url = "github:justinmk/tree-sitter-ini";
flake = false;
};
tree-sitter-puppet = {
url = "github:amaanq/tree-sitter-puppet";
flake = false;
};
tree-sitter-rasi = {
url = "github:Fymyte/tree-sitter-rasi";
flake = false;
};
tree-sitter-vimdoc = {
url = "github:neovim/tree-sitter-vimdoc";
flake = false;
};
# MPV Scripts
zenyd-mpv-scripts = {
url = "github:zenyd/mpv-scripts";
flake = false;
};
# Ren and rep - CLI find and replace
rep = {
url = "github:robenkleene/rep-grep";
flake = false;
};
ren = {
url = "github:robenkleene/ren-find";
flake = false;
};
gh-collaborators = {
url = "github:katiem0/gh-collaborators";
flake = false;
};
# Nextcloud Apps
nextcloud-news = {
# https://github.com/nextcloud/news/releases
url = "https://github.com/nextcloud/news/releases/download/25.0.0-alpha7/news.tar.gz";
flake = false;
};
nextcloud-external = {
# https://github.com/nextcloud-releases/external/releases
url = "https://github.com/nextcloud-releases/external/releases/download/v5.4.0/external-v5.4.0.tar.gz";
flake = false;
};
nextcloud-cookbook = {
# https://github.com/christianlupus-nextcloud/cookbook-releases/releases/
url = "https://github.com/christianlupus-nextcloud/cookbook-releases/releases/download/v0.11.1/cookbook-0.11.1.tar.gz";
flake = false;
};
nextcloud-snappymail = {
# https://github.com/the-djmaze/snappymail/releases
# https://snappymail.eu/repository/nextcloud
url = "https://snappymail.eu/repository/nextcloud/snappymail-2.37.2-nextcloud.tar.gz";
# url = "https://github.com/nmasur/snappymail-nextcloud/releases/download/v2.36.3/snappymail-2.36.3-nextcloud.tar.gz";
flake = false;
};
}; };
outputs = outputs = { nixpkgs, ... }@inputs:
{ nixpkgs, ... }@inputs:
let let
# Global configuration for my systems # Global configuration for my systems
globals = globals = rec {
let user = "noah";
baseName = "masu.rs"; fullName = "Noah Masur";
in gitName = fullName;
rec { gitEmail = "7386960+nmasur@users.noreply.github.com";
user = "noah"; mail.server = "noahmasur.com";
fullName = "Noah Masur"; dotfilesRepo = "git@github.com:nmasur/dotfiles";
gitName = fullName; };
gitEmail = "7386960+nmasur@users.noreply.github.com";
mail.server = "noahmasur.com";
mail.imapHost = "imap.purelymail.com";
mail.smtpHost = "smtp.purelymail.com";
dotfilesRepo = "https://github.com/nmasur/dotfiles";
hostnames = {
audiobooks = "read.${baseName}";
files = "files.${baseName}";
git = "git.${baseName}";
influxdb = "influxdb.${baseName}";
irc = "irc.${baseName}";
metrics = "metrics.${baseName}";
minecraft = "minecraft.${baseName}";
n8n = "n8n.${baseName}";
notifications = "ntfy.${baseName}";
prometheus = "prom.${baseName}";
paperless = "paper.${baseName}";
secrets = "vault.${baseName}";
stream = "stream.${baseName}";
content = "cloud.${baseName}";
books = "books.${baseName}";
download = "download.${baseName}";
status = "status.${baseName}";
transmission = "transmission.${baseName}";
};
};
# Common overlays to always use # Common overlays to always use
overlays = [ overlays = [
inputs.nur.overlay inputs.nur.overlay
inputs.nix2vim.overlay inputs.nix2vim.overlay
(import ./overlays/neovim-plugins.nix inputs) (import ./overlays/neovim-plugins.nix inputs)
(import ./overlays/disko.nix inputs) (import ./overlays/calibre-web.nix)
(import ./overlays/tree-sitter.nix inputs)
(import ./overlays/mpv-scripts.nix inputs)
(import ./overlays/nextcloud-apps.nix inputs)
(import ./overlays/betterlockscreen.nix)
(import ./overlays/gh-collaborators.nix inputs)
(import ./overlays/ren-rep.nix inputs)
]; ];
# System types to support. # System types to support.
supportedSystems = [ supportedSystems =
"x86_64-linux" [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
"x86_64-darwin"
"aarch64-linux"
"aarch64-darwin"
];
# Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'. # Helper function to generate an attrset '{ x86_64-linux = f "x86_64-linux"; ... }'.
forAllSystems = nixpkgs.lib.genAttrs supportedSystems; forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
in
rec {
# Contains my full system builds, including home-manager in rec {
# nixos-rebuild switch --flake .#tempest
nixosConfigurations = { nixosConfigurations = {
arrow = import ./hosts/arrow { inherit inputs globals overlays; };
tempest = import ./hosts/tempest { inherit inputs globals overlays; }; tempest = import ./hosts/tempest { inherit inputs globals overlays; };
hydra = import ./hosts/hydra { inherit inputs globals overlays; }; hydra = import ./hosts/hydra { inherit inputs globals overlays; };
flame = import ./hosts/flame { inherit inputs globals overlays; }; flame = import ./hosts/flame { inherit inputs globals overlays; };
swan = import ./hosts/swan { inherit inputs globals overlays; }; swan = import ./hosts/swan { inherit inputs globals overlays; };
}; };
# Contains my full Mac system builds, including home-manager
# darwin-rebuild switch --flake .#lookingglass
darwinConfigurations = { darwinConfigurations = {
lookingglass = import ./hosts/lookingglass { inherit inputs globals overlays; }; lookingglass =
import ./hosts/lookingglass { inherit inputs globals overlays; };
}; };
# For quickly applying home-manager settings with: # For quickly applying local settings with:
# home-manager switch --flake .#tempest # home-manager switch --flake .#tempest
homeConfigurations = { homeConfigurations = {
tempest = nixosConfigurations.tempest.config.home-manager.users.${globals.user}.home; tempest =
lookingglass = darwinConfigurations.lookingglass.config.home-manager.users."Noah.Masur".home; nixosConfigurations.tempest.config.home-manager.users.${globals.user}.home;
lookingglass =
darwinConfigurations.lookingglass.config.home-manager.users."Noah.Masur".home;
}; };
# Disk formatting, only used once # Disk formatting
diskoConfigurations = { diskoConfigurations = { root = import ./disks/root.nix; };
root = import ./disks/root.nix;
};
packages = # Package servers into images with a generator
let packages = forAllSystems (system: {
staff =
system:
import ./hosts/staff {
inherit
inputs
globals
overlays
system
;
};
neovim =
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
import ./modules/common/neovim/package {
inherit pkgs;
colors = (import ./colorscheme/gruvbox-dark).dark;
};
in
{
x86_64-linux.staff = staff "x86_64-linux";
x86_64-linux.arrow = inputs.nixos-generators.nixosGenerate rec {
system = "x86_64-linux";
format = "iso";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; };
};
x86_64-linux.arrow-aws = inputs.nixos-generators.nixosGenerate rec {
system = "x86_64-linux";
format = "amazon";
specialArgs = {
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = import ./hosts/arrow/modules.nix { inherit inputs globals overlays; } ++ [
(
{ ... }:
{
boot.kernelPackages = inputs.nixpkgs.legacyPackages.x86_64-linux.linuxKernel.packages.linux_6_6;
amazonImage.sizeMB = 16 * 1024;
permitRootLogin = "prohibit-password";
boot.loader.systemd-boot.enable = inputs.nixpkgs.lib.mkForce false;
boot.loader.efi.canTouchEfiVariables = inputs.nixpkgs.lib.mkForce false;
services.amazon-ssm-agent.enable = true;
users.users.ssm-user.extraGroups = [ "wheel" ];
}
)
];
};
# Package Neovim config into standalone package aws = {
x86_64-linux.neovim = neovim "x86_64-linux"; "${system}" =
x86_64-darwin.neovim = neovim "x86_64-darwin"; import ./generators/aws { inherit inputs globals system overlays; };
aarch64-linux.neovim = neovim "aarch64-linux";
aarch64-darwin.neovim = neovim "aarch64-darwin";
}; };
# Programs that can be run by calling this flake staff = {
apps = forAllSystems ( "${system}" = import ./generators/staff {
system: inherit inputs globals system overlays;
let };
pkgs = import nixpkgs { inherit system overlays; }; };
in
import ./apps { inherit pkgs; }
);
# Development environments neovim = let pkgs = import nixpkgs { inherit system overlays; };
devShells = forAllSystems ( in import ./modules/common/neovim/package {
system: inherit pkgs;
colors =
import ./colorscheme/gruvbox/neovim-gruvbox.nix { inherit pkgs; };
};
});
apps = forAllSystems (system:
let let
pkgs = import nixpkgs { inherit system overlays; }; pkgs = import nixpkgs {
in inherit system;
{ overlays = overlays ++ [
(final: prev: {
disko-packaged = inputs.disko.packages.${system}.disko;
})
];
};
in import ./apps { inherit pkgs; });
devShells = forAllSystems (system:
let pkgs = import nixpkgs { inherit system overlays; };
in {
# Used to run commands and edit files in this repo # Used to run commands and edit files in this repo
default = pkgs.mkShell { default = pkgs.mkShell {
buildInputs = with pkgs; [ git stylua nixfmt shfmt shellcheck ];
};
# Used for cloud and systems development and administration
devops = pkgs.mkShell {
buildInputs = with pkgs; [ buildInputs = with pkgs; [
git git
stylua terraform
nixfmt-rfc-style consul
shfmt vault
shellcheck awscli2
google-cloud-sdk
ansible
kubectl
kubernetes-helm
kustomize
fluxcd
]; ];
}; };
}
);
checks = forAllSystems ( });
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
{
neovim =
pkgs.runCommand "neovim-check-health" { buildInputs = [ inputs.self.packages.${system}.neovim ]; }
''
mkdir -p $out
export HOME=$TMPDIR
nvim -c "checkhealth" -c "write $out/health.log" -c "quitall"
# Check for errors inside the health log
if $(grep "ERROR" $out/health.log); then
cat $out/health.log
exit 1
fi
'';
}
);
formatter = forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system overlays; };
in
pkgs.nixfmt-rfc-style
);
# Templates for starting other projects quickly # Templates for starting other projects quickly
templates = rec { templates = rec {
@ -453,10 +237,7 @@
path = ./templates/haskell; path = ./templates/haskell;
description = "Haskell template"; description = "Haskell template";
}; };
rust = {
path = ./templates/rust;
description = "Rust template";
};
}; };
}; };
} }

32
generators/aws/default.nix Normal file
View File

@ -0,0 +1,32 @@
{ inputs, globals, ... }:
with inputs;
nixos-generators.nixosGenerate {
inherit system;
format = "amazon";
modules = [
home-manager.nixosModules.home-manager
{
user = globals.user;
fullName = globals.fullName;
dotfilesRepo = globals.dotfilesRepo;
gitName = globals.gitName;
gitEmail = globals.gitEmail;
networking.hostName = "sheep";
gui.enable = false;
colorscheme = (import ../colorscheme/gruvbox);
passwordHash = null;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# AWS settings require this
permitRootLogin = "prohibit-password";
}
../../modules/common
../../modules/nixos
../../modules/common/services/sshd.nix
] ++ [
# Required to fix diskSize errors during build
({ ... }: { amazonImage.sizeMB = 16 * 1024; })
];
}

43
hosts/arrow/aws/image.tf → generators/aws/main.tf
View File

@ -1,23 +1,13 @@
# locals { locals {
# image_file = one(fileset(path.root, "../../../result/nixos-amazon-image-*.vhd")) image_file = one(fileset(path.root, "result/nixos-amazon-image-*.vhd"))
# }
#
# # Upload image to S3
# resource "aws_s3_object" "image" {
# bucket = var.images_bucket
# key = basename(local.image_file)
# source = local.image_file
# etag = filemd5(local.image_file)
# }
# Use existing image in S3
data "aws_s3_object" "image" {
bucket = var.images_bucket
key = "arrow.vhd"
} }
resource "terraform_data" "image_replacement" { # Upload to S3
input = data.aws_s3_object.image.etag resource "aws_s3_object" "image" {
bucket = "your_bucket_name"
key = basename(local.image_file)
source = local.image_file
etag = filemd5(local.image_file)
} }
# Setup IAM access for the VM Importer # Setup IAM access for the VM Importer
@ -39,8 +29,8 @@ data "aws_iam_policy_document" "vmimport" {
"s3:ListBucket", "s3:ListBucket",
] ]
resources = [ resources = [
"arn:aws:s3:::${data.aws_s3_object.image.bucket}", "arn:aws:s3:::${aws_s3_object.image.bucket}",
"arn:aws:s3:::${data.aws_s3_object.image.bucket}/*", "arn:aws:s3:::${aws_s3_object.image.bucket}/*",
] ]
} }
statement { statement {
@ -68,28 +58,23 @@ resource "aws_ebs_snapshot_import" "image" {
disk_container { disk_container {
format = "VHD" format = "VHD"
user_bucket { user_bucket {
s3_bucket = data.aws_s3_object.image.bucket s3_bucket = aws_s3_object.image.bucket
s3_key = data.aws_s3_object.image.key s3_key = aws_s3_object.image.key
} }
} }
role_name = aws_iam_role.vmimport.name role_name = aws_iam_role.vmimport.name
lifecycle {
replace_triggered_by = [terraform_data.image_replacement]
}
} }
# Convert to AMI # Convert to AMI
resource "aws_ami" "image" { resource "aws_ami" "image" {
description = "Created with NixOS." description = "Created with NixOS."
name = replace(basename(data.aws_s3_object.image.key), "/\\.vhd$/", "") name = replace(basename(local.image_file), "/\\.vhd$/", "")
virtualization_type = "hvm" virtualization_type = "hvm"
root_device_name = "/dev/xvda"
ena_support = true
ebs_block_device { ebs_block_device {
device_name = "/dev/xvda" device_name = "/dev/xvda"
snapshot_id = aws_ebs_snapshot_import.image.id snapshot_id = aws_ebs_snapshot_import.image.id
volume_size = 17 volume_size = 8
} }
} }

260
generators/aws/workflow.yml Normal file
View File

@ -0,0 +1,260 @@
name: 'Terraform'
env:
AWS_ACCOUNT_NUMBER: ''
AWS_PLAN_ROLE_NAME: github_actions_plan
AWS_APPLY_ROLE_NAME: github_actions_admin
# Always required. Used for authenticating to AWS, but can also act as your
# default region if you don't want to specify in the provider configuration.
AWS_REGION: us-east-1
# You must change these to fit your project.
TF_VAR_project: change-me
TF_VAR_label: change-me
TF_VAR_owner: Your Name Here
# If storing Terraform in a subdirectory, specify it here.
TERRAFORM_DIRECTORY: .
# Pinned versions of tools to use.
# Check for new releases:
# - https://github.com/hashicorp/terraform/releases
# - https://github.com/fugue/regula/releases
# - https://github.com/terraform-linters/tflint/releases
TERRAFORM_VERSION: 1.2.6
REGULA_VERSION: 2.9.0
TFLINT_VERSION: 0.39.1
# Terraform configuration options
TERRAFORM_PARALLELISM: 10
# These variables are passed to Terraform based on GitHub information.
TF_VAR_repo: ${{ github.repository }}
# This workflow is triggered in the following ways.
on:
# Any push or merge to these branches.
push:
branches:
- dev
- prod
# Any pull request targeting these branches (plan only).
pull_request:
branches:
- dev
- prod
# Any manual trigger on these branches.
workflow_dispatch:
branches:
- dev
- prod
# -------------------------------------------------------------------
# The rest of this workflow can operate without adjustments. Edit the
# below content at your own risk!
# -------------------------------------------------------------------
# Used to connect to AWS IAM
permissions:
id-token: write
contents: read
pull-requests: write
# Only run one workflow at a time for each Terraform state. This prevents
# lockfile conflicts, especially during PR vs push.
concurrency: terraform-${{ github.base_ref || github.ref }}
jobs:
terraform:
name: 'Terraform'
# Change this if you need to run your deployment on-prem.
runs-on: ubuntu-latest
steps:
# Downloads the current repo code to the runner.
- name: Checkout Repo Code
uses: actions/checkout@v2
# Install Nix
- name: Install Nix
uses: cachix/install-nix-action@v17
# Build the image
- name: Build Image
run: nix build .#aws
# Login to AWS
- name: AWS Assume Role
uses: aws-actions/configure-aws-credentials@v1.6.1
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: ${{ env.AWS_REGION }}
# Exports all GitHub Secrets as environment variables prefixed by
# "TF_VAR_", which exposes them to Terraform. The name of each GitHub
# Secret must match its Terraform variable name exactly.
- name: Export Secrets to Terraform Variables
env:
ALL_SECRETS: ${{ toJson(secrets) }}
run: |
echo "$ALL_SECRETS" \
| jq "to_entries | .[] | \"TF_VAR_\" + ( .key | ascii_downcase ) + \"=\" + .value" \
| tr -d \" >> $GITHUB_ENV
# Installs the Terraform binary and some other accessory functions.
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
# Checks whether Terraform is formatted properly. If this fails, you
# should install the pre-commit hook.
- name: Check Formatting
run: |
terraform fmt -no-color -check -diff -recursive
# Downloads a Terraform code lint test.
- uses: terraform-linters/setup-tflint@v1
name: Setup TFLint
with:
tflint_version: v${{ env.TFLINT_VERSION }}
# Sets up linting with this codebase.
- name: Init TFLint
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: tflint --init
# Lints the current code.
- name: Run TFLint
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
tflint -f compact
find ./modules/* -type d -maxdepth 0 | xargs -I __ tflint -f compact --disable-rule=terraform_required_providers --disable-rule=terraform_required_version __
# Connects to remote state backend and download providers.
- name: Terraform Init
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform init \
-backend-config="role_arn=${{ env.AWS_STATE_ROLE_ARN }}" \
-backend-config="region=us-east-1" \
-backend-config="workspace_key_prefix=accounts/${{ env.AWS_ACCOUNT_NUMBER }}/${{ github.repository }}" \
-backend-config="key=state.tfstate" \
-backend-config="dynamodb_table=global-tf-state-lock"
# Set the Terraform Workspace to the current branch name.
- name: Set Terraform Workspace
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
shell: bash
run: |
export WORKSPACE=${{ github.base_ref || github.ref_name }}
terraform workspace select ${WORKSPACE} || terraform workspace new $WORKSPACE
echo "TF_WORKSPACE=$(echo ${WORKSPACE} | sed 's/\//_/g')" >> $GITHUB_ENV
# Checks differences between current code and infrastructure state.
- name: Terraform Plan
id: plan
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform plan \
-input=false \
-no-color \
-out=tfplan \
-parallelism=${TERRAFORM_PARALLELISM} \
-var-file=variables-${TF_WORKSPACE}.tfvars
# Gets the results of the plan for pull requests.
- name: Terraform Show Plan
id: show
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: terraform show -no-color tfplan
# Adds the results of the plan to the pull request.
- name: Comment Plan
uses: actions/github-script@v6
if: github.event_name == 'pull_request'
env:
STDOUT: "```terraform\n${{ steps.show.outputs.stdout }}```"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
})
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Format and Style')
})
// 2. Prepare format of the comment
const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
#### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
#### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
<details><summary>Validation Output</summary>
\`\`\`\n
${{ steps.validate.outputs.stdout }}
\`\`\`
</details>
#### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
<details><summary>Show Plan</summary>
\`\`\`\n
${process.env.PLAN}
\`\`\`
</details>
*Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`${{ env.tf_actions_working_dir }}\`, Workflow: \`${{ github.workflow }}\`*`;
// 3. If we have a comment, update it, otherwise create a new one
if (botComment) {
github.rest.issues.updateComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
body: output
})
} else {
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
})
}
# Downloads Regula and checks whether the plan meets compliance requirements.
- name: Regula Compliance Check
shell: bash
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
REGULA_URL="https://github.com/fugue/regula/releases/download/v${REGULA_VERSION}/regula_${REGULA_VERSION}_Linux_x86_64.tar.gz"
curl -sL "$REGULA_URL" -o regula.tar.gz
tar xzf regula.tar.gz
terraform show -json tfplan | ./regula run
# Deploys infrastructure or changes to infrastructure.
- name: Terraform Apply
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
working-directory: ${{ env.TERRAFORM_DIRECTORY }}
run: |
terraform apply \
-auto-approve \
-input=false \
-parallelism=${TERRAFORM_PARALLELISM} \
tfplan

47
generators/staff/default.nix Normal file
View File

@ -0,0 +1,47 @@
# The Staff
# ISO configuration for my USB drive
{ inputs, system, overlays, ... }:
with inputs;
nixos-generators.nixosGenerate {
inherit system;
format = "install-iso";
modules = [{
nixpkgs.overlays = overlays;
networking.hostName = "staff";
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
];
services.openssh = {
enable = true;
ports = [ 22 ];
allowSFTP = true;
settings = {
GatewayPorts = "no";
X11Forwarding = false;
PasswordAuthentication = false;
PermitRootLogin = "yes";
};
};
environment.systemPackages =
let pkgs = import inputs.nixpkgs { inherit system overlays; };
in with pkgs; [
git
vim
wget
curl
(import ../../modules/common/neovim/package {
inherit pkgs;
# colors = import ../../colorscheme/gruvbox.dark.neovimConfig {
# inherit pkgs;
# };
})
];
nix.extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
}];
}

26
hosts/README.md
View File

@ -1,26 +0,0 @@
# Hosts
These are the individual machines managed by this flake.
| Host | Purpose |
| --- | --- |
| [aws](./aws/default.nix) | AWS AMI |
| [staff](./staff/default.nix) | Live USB stick |
| [flame](./flame/default.nix) | Oracle cloud server |
| [hydra](./hydra/default.nix) | WSL config |
| [lookingglass](./lookingglass/default.nix) | Work MacBook |
| [swan](./swan/default.nix) | Home server |
| [tempest](./tempest/default.nix) | Linux desktop |
## NixOS Workflow
Each hosts file is imported into [nixosConfigurations](../flake.nix) and passed
the arguments from the flake (inputs, globals, overlays). The `nixosSystem`
function in that hosts file will be called by the NixOS module system during a
nixos-rebuild.
Each module in the each host's `modules` list is either a function or an
attrset. The attrsets will simply apply values to options that have been
declared in the config by other modules. Meanwhile, the functions will be
passed various arguments, several of which you will see listed at the top of
each of their files.

98
hosts/arrow/aws/ec2.tf
View File

@ -1,98 +0,0 @@
resource "aws_instance" "instance" {
ami = aws_ami.image.id
iam_instance_profile = aws_iam_instance_profile.instance.name
instance_type = var.ec2_size
vpc_security_group_ids = [aws_security_group.instance.id]
tags = {
Name = "aws-nixos"
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_ec2_instance_state" "instance" {
instance_id = aws_instance.instance.id
state = "running"
}
data "aws_vpc" "vpc" {
default = true
}
resource "aws_security_group" "instance" {
name = "aws-nixos"
description = "Allow SSH and HTTPS"
vpc_id = data.aws_vpc.vpc.id
ingress {
description = "Ping"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
}
# Setup IAM for the instance to use SSM
data "aws_iam_policy_document" "ec2_assume_role" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"]
}
}
}
data "aws_iam_policy_document" "instance_profile" {
statement {
actions = [
"s3:ListAllMyBuckets",
]
resources = ["*"]
}
}
resource "aws_iam_role" "instance_profile" {
name = "nixos"
assume_role_policy = data.aws_iam_policy_document.ec2_assume_role.json
inline_policy {
name = "instance-profile"
policy = data.aws_iam_policy_document.instance_profile.json
}
}
resource "aws_iam_role_policy_attachment" "instance_ssm" {
role = aws_iam_role.instance_profile.name
policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}
resource "aws_iam_instance_profile" "instance" {
name = "nixos"
role = aws_iam_role.instance_profile.name
}

13
hosts/arrow/aws/main.tf
View File

@ -1,13 +0,0 @@
terraform {
backend "s3" {
region = "us-east-1"
dynamodb_table = "terraform-state-lock"
}
required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.42.0"
}
}
}

3
hosts/arrow/aws/outputs.tf
View File

@ -1,3 +0,0 @@
output "host_ip" {
value = aws_instance.instance.public_ip
}

10
hosts/arrow/aws/variables.tf
View File

@ -1,10 +0,0 @@
variable "ec2_size" {
type = string
description = "Size of instance to launch"
default = "t3a.small" # 2 GB RAM ($14/mo)
}
variable "images_bucket" {
description = "Name of the bucket in which to store the NixOS VM images."
type = string
}

41
hosts/arrow/default.nix
View File

@ -1,41 +0,0 @@
# The Arrow
# System configuration for temporary VM
{
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = import ./modules.nix { inherit inputs globals overlays; } ++ [
{
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
virtualisation.vmVariant = {
virtualisation.forwardPorts = [
{
from = "host";
host.port = 2222;
guest.port = 22;
}
];
};
}
];
}

32
hosts/arrow/modules.nix
View File

@ -1,32 +0,0 @@
{
inputs,
globals,
overlays,
}:
[
globals
inputs.home-manager.nixosModules.home-manager
{
nixpkgs.overlays = overlays;
networking.hostName = "arrow";
physical = false;
server = true;
gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark;
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpPU2G9rSF8Q6waH62IJexDCQ6lY+8ZyVufGE3xMDGw deploy"
];
identityFile = "/home/${globals.user}/.ssh/id_ed25519";
cloudflare.enable = true;
services.openssh.enable = true;
services.caddy.enable = true;
services.n8n.enable = true;
# nix-index seems to eat up too much memory for Vultr
home-manager.users.${globals.user}.programs.nix-index.enable = inputs.nixpkgs.lib.mkForce false;
}
../../modules/common
../../modules/nixos
]

78
hosts/arrow/vultr/main.tf
View File

@ -1,78 +0,0 @@
terraform {
backend "s3" {
bucket = "noahmasur-terraform"
key = "arrow.tfstate"
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
skip_s3_checksum = true
use_path_style = true
/*
ENVIRONMENT VARIABLES
---------------------
AWS_ACCESS_KEY_ID - R2 token
AWS_SECRET_ACCESS_KEY - R2 secret
AWS_ENDPOINT_URL_S3 - R2 location: https://ACCOUNT_ID.r2.cloudflarestorage.com
*/
}
required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.42.0"
}
vultr = {
source = "vultr/vultr"
version = "2.19.0"
}
}
}
variable "vultr_api_key" {
type = string
description = "API key for Vultr management"
sensitive = true
}
# https://api.vultr.com/v2/plans
variable "vultr_plan" {
type = string
description = "Size of instance to launch"
default = "vc2-1c-2gb" # 55 GB SSD ($10/mo)
}
provider "aws" {
region = "auto"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
skip_requesting_account_id = true
}
provider "vultr" {
api_key = var.vultr_api_key
}
resource "vultr_iso_private" "image" {
# url = "https://${var.cloudflare_account_id}.r2.cloudflarestorage.com/${data.aws_s3_bucket.images.id}/${aws_s3_object.image.key}"
url = "https://arrow-images.masu.rs/arrow.iso"
}
resource "vultr_instance" "arrow" {
plan = var.vultr_plan
region = "ewr"
iso_id = vultr_iso_private.image.id
label = "arrow"
tags = ["arrow"]
enable_ipv6 = false
disable_public_ipv4 = false
backups = "disabled"
ddos_protection = false
activation_email = false
}
output "host_ip" {
value = vultr_instance.arrow.main_ip
}

178
hosts/flame/default.nix
View File

@ -1,97 +1,44 @@
# The Flame # The Flame
# System configuration for an Oracle free server # System configuration for an Oracle free server
# See [readme](../README.md) to explain how this file works.
# How to install: # How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/ # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
# These days, probably use nixos-anywhere instead.
{ { inputs, globals, overlays, ... }:
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem rec { with inputs;
nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
specialArgs = { specialArgs = { };
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = [ modules = [
globals ./hardware-configuration.nix
inputs.home-manager.nixosModules.home-manager
../../modules/common ../../modules/common
../../modules/nixos ../../modules/nixos
(removeAttrs globals [ "mail.server" ])
wsl.nixosModules.wsl
home-manager.nixosModules.home-manager
{ {
nixpkgs.overlays = overlays;
# Hardware
server = true; server = true;
networking.hostName = "flame";
# Not sure what's necessary but too afraid to remove anything
imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"virtio_pci"
"usbhid"
];
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
# I forgot to set a clean label for it
fileSystems."/" = {
device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
fsType = "ext4";
};
# This is the boot filesystem for systemd-boot
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D5CA-237A";
fsType = "vfat";
};
# Theming
# Server doesn't require GUI
gui.enable = false; gui.enable = false;
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
nixpkgs.overlays = overlays;
wsl.enable = false;
caddy.enable = true;
# Still require colors for programs like Neovim, K9S # FQDNs for various services
theme = { networking.hostName = "flame";
colors = (import ../../colorscheme/gruvbox).dark; bookServer = "books.masu.rs";
}; # streamServer = "stream.masu.rs";
nextcloudServer = "cloud.masu.rs";
transmissionServer = "download.masu.rs";
metricsServer = "metrics.masu.rs";
vaultwardenServer = "vault.masu.rs";
giteaServer = "git.masu.rs";
# Programs and services # Disable passwords, only use SSH key
atuin.enable = true; publicKey =
cloudflare.enable = true; # Proxy traffic with Cloudflare "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
dotfiles.enable = true; # Clone dotfiles
neovim.enable = true;
giteaRunner.enable = true;
services.caddy.enable = true;
services.grafana.enable = true;
services.thelounge.enable = true;
services.openssh.enable = true;
services.victoriametrics.enable = true;
services.influxdb2.enable = true;
services.gitea.enable = true;
services.vaultwarden.enable = true;
services.minecraft-server.enable = true; # Setup Minecraft server
services.n8n.enable = true;
services.ntfy-sh.enable = true;
services.uptime-kuma.enable = true;
system.autoUpgrade.enable = true;
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
credentialsFile = ../../private/cloudflared-flame.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
};
# Nextcloud backup config # Nextcloud backup config
backup.s3 = { backup.s3 = {
@ -100,39 +47,52 @@ inputs.nixpkgs.lib.nixosSystem rec {
accessKeyId = "0026b0e73b2e2c80000000005"; accessKeyId = "0026b0e73b2e2c80000000005";
}; };
# Disable passwords, only use SSH key # Grant access to Jellyfin directories from Nextcloud
publicKeys = [ users.users.nextcloud.extraGroups = [ "jellyfin" ];
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal"
];
# # Wireguard config for Transmission # Wireguard config for Transmission
# wireguard.enable = true; wireguard.enable = true;
# networking.wireguard.interfaces.wg0 = { networking.wireguard.interfaces.wg0 = {
#
# # The local IPs for this machine within the Wireguard network # The local IPs for this machine within the Wireguard network
# # Any inbound traffic bound for these IPs should be kept on localhost # Any inbound traffic bound for these IPs should be kept on localhost
# ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ]; ips = [ "10.66.13.200/32" "fc00:bbbb:bbbb:bb01::3:dc7/128" ];
#
# peers = [{ peers = [{
#
# # Identity of Wireguard target peer (VPN) # Identity of Wireguard target peer (VPN)
# publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY="; publicKey = "bOOP5lIjqCdDx5t+mP/kEcSbHS4cZqE0rMlBI178lyY=";
#
# # The public internet address of the target peer # The public internet address of the target peer
# endpoint = "86.106.143.132:51820"; endpoint = "86.106.143.132:51820";
#
# # Which outgoing IP ranges should be sent through Wireguard # Which outgoing IP ranges should be sent through Wireguard
# allowedIPs = [ "0.0.0.0/0" "::0/0" ]; allowedIPs = [ "0.0.0.0/0" "::0/0" ];
#
# # Send heartbeat signal within the network # Send heartbeat signal within the network
# persistentKeepalive = 25; persistentKeepalive = 25;
#
# }]; }];
#
# }; };
# VPN port forwarding
services.transmission.settings.peer-port = 57599;
# Grant access to Transmission directories from Jellyfin
users.users.jellyfin.extraGroups = [ "transmission" ];
# Proxy traffic with Cloudflare
cloudflare.enable = true;
# Setup Minecraft server
gaming.minecraft-server.enable = true;
# Clone dotfiles
dotfiles.enable = true;
neovim.enable = true;
# # VPN port forwarding
# services.transmission.settings.peer-port = 57599;
} }
]; ];
} }

34
hosts/flame/hardware-configuration.nix Normal file
View File

@ -0,0 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D5CA-237A";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

24
hosts/hydra/default.nix
View File

@ -1,35 +1,31 @@
# The Hydra # The Hydra
# System configuration for WSL # System configuration for WSL
# See [readme](../README.md) to explain how this file works. { inputs, globals, overlays, ... }:
{ with inputs;
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { }; specialArgs = { };
modules = [ modules = [
../../modules/common ../../modules/common
../../modules/nixos ../../modules/nixos
../../modules/wsl
globals globals
inputs.wsl.nixosModules.wsl wsl.nixosModules.wsl
inputs.home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
networking.hostName = "hydra"; networking.hostName = "hydra";
nixpkgs.overlays = overlays; nixpkgs.overlays = overlays;
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
identityFile = "/home/${globals.user}/.ssh/id_ed25519"; identityFile = "/home/${globals.user}/.ssh/id_ed25519";
gui.enable = false; gui.enable = false;
theme = { theme = {
colors = (import ../../colorscheme/gruvbox).dark; colors = (import ../../colorscheme/gruvbox).dark;
dark = true; dark = true;
}; };
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512; passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
wsl = { wsl = {
enable = true; enable = true;
wslConf.automount.root = "/mnt"; wslConf.automount.root = "/mnt";
@ -37,7 +33,8 @@ inputs.nixpkgs.lib.nixosSystem {
startMenuLaunchers = true; startMenuLaunchers = true;
nativeSystemd = true; nativeSystemd = true;
wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN wslConf.network.generateResolvConf = true; # Turn off if it breaks VPN
interop.includePath = false; # Including Windows PATH will slow down Neovim command mode interop.includePath =
false; # Including Windows PATH will slow down Neovim command mode
}; };
neovim.enable = true; neovim.enable = true;
@ -45,6 +42,7 @@ inputs.nixpkgs.lib.nixosSystem {
mail.aerc.enable = true; mail.aerc.enable = true;
mail.himalaya.enable = true; mail.himalaya.enable = true;
dotfiles.enable = true; dotfiles.enable = true;
nixlang.enable = true;
lua.enable = true; lua.enable = true;
} }
]; ];

45
hosts/lookingglass/default.nix
View File

@ -1,59 +1,50 @@
# The Looking Glass # The Looking Glass
# System configuration for my work Macbook # System configuration for my work Macbook
{ { inputs, globals, overlays, ... }:
inputs,
globals,
overlays,
...
}:
inputs.darwin.lib.darwinSystem { with inputs;
system = "aarch64-darwin";
darwin.lib.darwinSystem {
system = "x86_64-darwin";
specialArgs = { }; specialArgs = { };
modules = [ modules = [
../../modules/common ../../modules/common
../../modules/darwin ../../modules/darwin
( (globals // {
globals user = "Noah.Masur";
// rec { gitName = "Noah-Masur_1701";
user = "Noah.Masur"; gitEmail = "Noah.Masur@take2games.com";
gitName = "Noah-Masur_1701"; })
gitEmail = "${user}@take2games.com"; home-manager.darwinModules.home-manager
}
)
inputs.home-manager.darwinModules.home-manager
inputs.mac-app-util.darwinModules.default
{ {
nixpkgs.overlays = [ inputs.firefox-darwin.overlay ] ++ overlays; networking.hostName = "noah-masur-mac";
networking.hostName = "lookingglass";
identityFile = "/Users/Noah.Masur/.ssh/id_ed25519"; identityFile = "/Users/Noah.Masur/.ssh/id_ed25519";
gui.enable = true; gui.enable = true;
theme = { theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark; colors = (import ../../colorscheme/gruvbox).dark;
dark = true; dark = true;
}; };
mail.user = globals.user; mail.user = globals.user;
atuin.enable = true; nixpkgs.overlays = [ firefox-darwin.overlay ] ++ overlays;
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
charm.enable = true; charm.enable = true;
neovim.enable = true; neovim.enable = true;
mail.enable = true; mail.enable = true;
mail.aerc.enable = true; mail.aerc.enable = true;
mail.himalaya.enable = false; mail.himalaya.enable = true;
kitty.enable = true; kitty.enable = true;
discord.enable = true; discord.enable = true;
firefox.enable = true; firefox.enable = true;
dotfiles.enable = true; dotfiles.enable = true;
nixlang.enable = true;
terraform.enable = true; terraform.enable = true;
python.enable = true; python.enable = true;
rust.enable = true;
lua.enable = true; lua.enable = true;
obsidian.enable = true;
kubernetes.enable = true; kubernetes.enable = true;
_1password.enable = true; _1password.enable = true;
slack.enable = true; slack.enable = true;
wezterm.enable = true;
yt-dlp.enable = true;
} }
]; ];
} }

53
hosts/staff/default.nix
View File

@ -1,53 +0,0 @@
# The Staff
# ISO configuration for my USB drive
{
inputs,
system,
overlays,
...
}:
inputs.nixos-generators.nixosGenerate {
inherit system;
format = "install-iso";
modules = [
{
nixpkgs.overlays = overlays;
networking.hostName = "staff";
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
];
services.openssh = {
enable = true;
ports = [ 22 ];
allowSFTP = true;
settings = {
GatewayPorts = "no";
X11Forwarding = false;
PasswordAuthentication = false;
PermitRootLogin = "yes";
};
};
environment.systemPackages =
let
pkgs = import inputs.nixpkgs { inherit system overlays; };
in
with pkgs;
[
git
vim
wget
curl
(import ../../modules/common/neovim/package {
inherit pkgs;
colors = (import ../../colorscheme/gruvbox).dark;
})
];
nix.extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
}
];
}

144
hosts/swan/default.nix
View File

@ -1,134 +1,49 @@
# The Swan # The Swan
# System configuration for my home NAS server # System configuration for my home NAS server
{ { inputs, globals, overlays, ... }:
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem rec { with inputs;
nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = { };
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = [ modules = [
globals ./hardware-configuration.nix
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
../../modules/common ../../modules/common
../../modules/nixos ../../modules/nixos
(removeAttrs globals [ "mail.server" ])
wsl.nixosModules.wsl
home-manager.nixosModules.home-manager
disko.nixosModules.disko
{ {
nixpkgs.overlays = overlays;
# Hardware
server = true; server = true;
physical = true;
networking.hostName = "swan"; networking.hostName = "swan";
# Not sure what's necessary but too afraid to remove anything # head -c 8 /etc/machine-id
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
];
# Required for transcoding
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelParams = [
"radeon.si_support=0"
"amdgpu.si_support=1"
"radeon.cik_support=0"
"amdgpu.cik_support=1"
"amdgpu.dc=1"
];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize efficiency over performance
powerManagement.cpuFreqGovernor = "powersave";
# Allow firmware updates
hardware.cpu.intel.updateMicrocode = true;
# ZFS
zfs.enable = true;
# Generated with: head -c 8 /etc/machine-id
networking.hostId = "600279f4"; # Random ID required for ZFS networking.hostId = "600279f4"; # Random ID required for ZFS
# Sets root ext4 filesystem instead of declaring it manually zfs.enable = true;
disko = { disko = {
enableConfig = true; enableConfig = true;
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; }); devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
# // (import ../../disks/zfs.nix {
# pool = "tank";
# disks = [ "/dev/sda" "/dev/sdb" "/dev/sdc" ];
# });
}; };
boot.zfs.extraPools = [ "tank" ];
zramSwap.enable = true;
swapDevices = [
{
device = "/swapfile";
size = 4 * 1024; # 4 GB
}
];
boot.zfs = {
# Automatically load the ZFS pool on boot
extraPools = [ "tank" ];
# Only try to decrypt datasets with keyfiles
requestEncryptionCredentials = [
"tank/archive"
"tank/generic"
"tank/nextcloud"
"tank/generic/git"
];
# If password is requested and fails, continue to boot eventually
passwordTimeout = 300;
};
# Theming
# Server doesn't require GUI
gui.enable = false; gui.enable = false;
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Still require colors for programs like Neovim, K9S nixpkgs.overlays = overlays;
theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark;
};
# Programs and services
atuin.enable = true;
neovim.enable = true; neovim.enable = true;
cloudflare.enable = true; caddy.enable = true;
dotfiles.enable = true; streamServer = "stream.masu.rs";
arrs.enable = true; nextcloudServer = "cloud.masu.rs";
filebrowser.enable = true; bookServer = "books.masu.rs";
services.audiobookshelf.enable = true; samba.enable = true;
services.bind.enable = true;
services.caddy.enable = true;
services.jellyfin.enable = true;
services.nextcloud.enable = true;
services.calibre-web.enable = true;
services.openssh.enable = true;
services.prometheus.enable = false;
services.vmagent.enable = true;
services.samba.enable = true;
services.paperless.enable = true;
services.postgresql.enable = true;
system.autoUpgrade.enable = false;
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
credentialsFile = ../../private/cloudflared-swan.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
};
# Send regular backups and litestream for DBs to an S3-like bucket
backup.s3 = { backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com"; endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup"; bucket = "noahmasur-backup";
@ -136,9 +51,14 @@ inputs.nixpkgs.lib.nixosSystem rec {
}; };
# Disable passwords, only use SSH key # Disable passwords, only use SSH key
publicKeys = [ publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
];
# Clone dotfiles
dotfiles.enable = true;
# services.nfs.server.enable = true;
} }
]; ];
} }

39
hosts/swan/hardware-configuration.nix Normal file
View File

@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# fileSystems."/" = {
# device = "/dev/disk/by-label/nixos";
# fsType = "ext4";
# };
#
# fileSystems."/boot" = {
# device = "/dev/disk/by-label/boot";
# fsType = "vfat";
# };
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

131
hosts/tempest/default.nix
View File

@ -1,108 +1,41 @@
# The Tempest # The Tempest
# System configuration for my desktop # System configuration for my desktop
{ { inputs, globals, overlays, ... }:
inputs,
globals,
overlays,
...
}:
inputs.nixpkgs.lib.nixosSystem rec { with inputs;
nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = { };
pkgs-stable = import inputs.nixpkgs-stable { inherit system; };
pkgs-caddy = import inputs.nixpkgs-caddy { inherit system; };
};
modules = [ modules = [
globals ./hardware-configuration.nix
inputs.home-manager.nixosModules.home-manager
../../modules/common ../../modules/common
../../modules/nixos ../../modules/nixos
globals
wsl.nixosModules.wsl
home-manager.nixosModules.home-manager
{ {
nixpkgs.overlays = overlays;
# Hardware
physical = true; physical = true;
networking.hostName = "tempest"; networking.hostName = "tempest";
nixpkgs.overlays = [ nur.overlay ] ++ overlays;
# Not sure what's necessary but too afraid to remove anything # Set registry to flake packages, used for nix X commands
boot.initrd.availableKernelModules = [ nix.registry.nixpkgs.flake = nixpkgs;
"nvme" identityFile = "/home/${globals.user}/.ssh/id_ed25519";
"xhci_pci"
"ahci"
"usb_storage"
"usbhid"
"sd_mod"
];
# Graphics and VMs
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
services.xserver.videoDrivers = [ "amdgpu" ];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true;
# Prioritize performance over efficiency
powerManagement.cpuFreqGovernor = "performance";
# Allow firmware updates
hardware.cpu.amd.updateMicrocode = true;
# Helps reduce GPU fan noise under idle loads
hardware.fancontrol.enable = true;
hardware.fancontrol.config = ''
# Configuration file generated by pwmconfig, changes will be lost
INTERVAL=10
DEVPATH=hwmon0=devices/pci0000:00/0000:00:03.1/0000:06:00.0/0000:07:00.0/0000:08:00.0
DEVNAME=hwmon0=amdgpu
FCTEMPS=hwmon0/pwm1=hwmon0/temp1_input
FCFANS= hwmon0/pwm1=hwmon0/fan1_input
MINTEMP=hwmon0/pwm1=50
MAXTEMP=hwmon0/pwm1=70
MINSTART=hwmon0/pwm1=100
MINSTOP=hwmon0/pwm1=10
MINPWM=hwmon0/pwm1=10
MAXPWM=hwmon0/pwm1=240
'';
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
# This is the boot filesystem for Grub
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# Secrets must be prepared ahead before deploying
passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
# Theming
# Turn on all features related to desktop and graphical applications
gui.enable = true; gui.enable = true;
# Set the system-wide theme, also used for non-graphical programs
theme = { theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark; colors = (import ../../colorscheme/gruvbox).dark;
dark = true; dark = true;
}; };
wallpaper = "${inputs.wallpapers}/gruvbox/road.jpg"; wallpaper = "${wallpapers}/gruvbox/road.jpg";
gtk.theme.name = inputs.nixpkgs.lib.mkDefault "Adwaita-dark"; gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
wsl.enable = false;
publicKey = null;
# Programs and services
atuin.enable = true;
charm.enable = true; charm.enable = true;
neovim.enable = true; neovim.enable = true;
media.enable = true; media.enable = true;
dotfiles.enable = true;
firefox.enable = true; firefox.enable = true;
kitty.enable = true; kitty.enable = true;
_1password.enable = true; _1password.enable = true;
@ -113,35 +46,19 @@ inputs.nixpkgs.lib.nixosSystem rec {
mail.aerc.enable = true; mail.aerc.enable = true;
mail.himalaya.enable = true; mail.himalaya.enable = true;
keybase.enable = true; keybase.enable = true;
mullvad.enable = false; # mullvad.enable = true;
rust.enable = true; nixlang.enable = true;
terraform.enable = true; dotfiles.enable = true;
wezterm.enable = true;
yt-dlp.enable = true; yt-dlp.enable = true;
gaming = { gaming = {
dwarf-fortress.enable = true;
enable = true; enable = true;
steam.enable = true; steam.enable = true;
moonlight.enable = true;
legendary.enable = true; legendary.enable = true;
lutris.enable = true; lutris.enable = true;
ryujinx.enable = true; leagueoflegends.enable = true;
};
services.vmagent.enable = true; # Enables Prometheus metrics
services.openssh.enable = true; # Required for Cloudflare tunnel and identity file
# Allows private remote access over the internet
cloudflareTunnel = {
enable = true;
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
credentialsFile = ../../private/cloudflared-tempest.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
}; };
# Allows requests to force machine to wake up
# This network interface might change, needs to be set specifically for each machine.
# Or set usePredictableInterfaceNames = false
networking.interfaces.enp5s0.wakeOnLan.enable = true;
} }
]; ];
} }

40
hosts/tempest/hardware-configuration.nix Normal file
View File

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
services.xserver.videoDrivers = [ "amdgpu" ];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

21
misc/README.md
View File

@ -1,21 +0,0 @@
# Miscellaneous
These files contain important data sourced by the configuration, or simply
information to store for safekeeping later.
---
Creating hashed password for [password.sha512](./password.sha512):
```
mkpasswd -m sha-512
```
---
Getting key for [public-keys](./public-keys):
```
ssh-keyscan -t ed25519 <hostname>
```

23
misc/libratbag-profile
View File

@ -1,23 +0,0 @@
Profile 1: (active)
Name: n/a
Report Rate: 1000Hz
Resolutions:
0: 400dpi (active) (default)
1: 800dpi
2: 1600dpi
3: 2400dpi
4: 0dpi
Button: 0 is mapped to 'button 1'
Button: 1 is mapped to 'button 2'
Button: 2 is mapped to 'button 3'
Button: 3 is mapped to 'button 4'
Button: 4 is mapped to 'button 5'
Button: 5 is mapped to macro '↕F11'
Button: 6 is mapped to macro '↕VOLUMEDOWN'
Button: 7 is mapped to macro '↕VOLUMEUP'
Button: 8 is mapped to 'unknown'
Button: 9 is mapped to 'wheel-right'
Button: 10 is mapped to 'wheel-left'
LED: 0, depth: monochrome, mode: on, color: 000000
LED: 1, depth: monochrome, mode: on, color: 000000
LED: 2, depth: monochrome, mode: on, color: 000000

9
modules/README.md
View File

@ -1,9 +0,0 @@
# Modules
| Module | Purpose |
| --- | --- |
| [common](./common/default.nix) | User programs and OS-agnostic configuration |
| [darwin](./darwin/default.nix) | macOS-specific configuration |
| [nixos](./nixos/default.nix) | NixOS-specific configuration |
| [wsl](./wsl/default.nix) | WSL-specific configuration |

9
modules/aws/default.nix
View File

@ -1,9 +0,0 @@
{ ... }:
{
# AWS settings require this
permitRootLogin = "prohibit-password";
# Make sure disk size is large enough
# https://github.com/nix-community/nixos-generators/issues/150
amazonImage.sizeMB = 16 * 1024;
}

35
modules/common/applications/1password.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
_1password = { _1password = {
@ -15,27 +9,12 @@
}; };
}; };
config = lib.mkIf (config.gui.enable && config._1password.enable) { config = lib.mkIf
unfreePackages = [ (config.gui.enable && config._1password.enable && pkgs.stdenv.isLinux) {
"1password" unfreePackages = with pkgs; [ _1password _1password-gui ];
"_1password-gui" home-manager.users.${config.user} = {
"1password-cli" home.packages = with pkgs; [ _1password-gui ];
]; };
home-manager.users.${config.user} = {
home.packages = [
pkgs._1password
] ++ (if pkgs.stdenv.isLinux then [ pkgs._1password-gui ] else [ ]);
}; };
# https://1password.community/discussion/135462/firefox-extension-does-not-connect-to-linux-app
# On Mac, does not apply: https://1password.community/discussion/142794/app-and-browser-integration
# However, the button doesn't work either:
# https://1password.community/discussion/140735/extending-support-for-trusted-web-browsers
environment.etc."1password/custom_allowed_browsers".text = ''
${
config.home-manager.users.${config.user}.programs.firefox.package
}/Applications/Firefox.app/Contents/MacOS/firefox
firefox
'';
};
} }

12
modules/common/applications/alacritty.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
alacritty = { alacritty = {
@ -34,9 +28,7 @@
opacity = 1.0; opacity = 1.0;
}; };
scrolling.history = 10000; scrolling.history = 10000;
font = { font = { size = 14.0; };
size = 14.0;
};
key_bindings = [ key_bindings = [
# Used for word completion in fish_user_key_bindings # Used for word completion in fish_user_key_bindings
{ {

6
modules/common/applications/default.nix
View File

@ -1,5 +1,4 @@
{ ... }: { ... }: {
{
imports = [ imports = [
./1password.nix ./1password.nix
@ -8,10 +7,11 @@
./firefox.nix ./firefox.nix
./kitty.nix ./kitty.nix
./media.nix ./media.nix
./nautilus.nix
./obsidian.nix ./obsidian.nix
./qbittorrent.nix ./qbittorrent.nix
./slack.nix ./slack.nix
./wezterm.nix
./yt-dlp.nix ./yt-dlp.nix
]; ];
} }

12
modules/common/applications/discord.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
discord = { discord = {
@ -16,9 +10,9 @@
}; };
config = lib.mkIf (config.gui.enable && config.discord.enable) { config = lib.mkIf (config.gui.enable && config.discord.enable) {
unfreePackages = [ "discord" ]; unfreePackages = [ pkgs.discord ];
environment.systemPackages = [ pkgs.discord ];
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
home.packages = with pkgs; [ discord ];
xdg.configFile."discord/settings.json".text = '' xdg.configFile."discord/settings.json".text = ''
{ {
"BACKGROUND_COLOR": "#202225", "BACKGROUND_COLOR": "#202225",

105
modules/common/applications/firefox.nix
View File

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
{ {
@ -18,61 +13,64 @@
config = lib.mkIf (config.gui.enable && config.firefox.enable) { config = lib.mkIf (config.gui.enable && config.firefox.enable) {
unfreePackages = [ unfreePackages = with pkgs.nur.repos.rycee.firefox-addons; [
(lib.mkIf config._1password.enable "onepassword-password-manager") (lib.mkIf config._1password.enable onepassword-password-manager)
"okta-browser-plugin" okta-browser-plugin
]; ];
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = if pkgs.stdenv.isDarwin then pkgs.firefox-bin else pkgs.firefox; package =
if pkgs.stdenv.isDarwin then pkgs.firefox-bin else pkgs.firefox;
profiles.default = { profiles.default = {
id = 0; id = 0;
name = "default"; name = "default";
isDefault = true; isDefault = true;
# https://nur.nix-community.org/repos/rycee/
extensions = with pkgs.nur.repos.rycee.firefox-addons; [ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
(lib.mkIf config._1password.enable onepassword-password-manager) ublock-origin
darkreader vimium
don-t-fuck-with-paste
facebook-container
markdownload
multi-account-containers multi-account-containers
facebook-container
temporary-containers
(lib.mkIf config._1password.enable onepassword-password-manager)
okta-browser-plugin okta-browser-plugin
sponsorblock
reddit-enhancement-suite reddit-enhancement-suite
return-youtube-dislikes return-youtube-dislikes
sponsorblock markdownload
ublock-origin darkreader
ublacklist snowflake
vimium don-t-fuck-with-paste
i-dont-care-about-cookies
wappalyzer
]; ];
settings = { settings = {
"app.update.auto" = false; "app.update.auto" = false;
"browser.aboutConfig.showWarning" = false; "browser.aboutConfig.showWarning" = false;
"browser.warnOnQuit" = false; "browser.warnOnQuit" = false;
"browser.quitShortcut.disabled" = if pkgs.stdenv.isLinux then true else false; "browser.quitShortcut.disabled" =
if pkgs.stdenv.isLinux then true else false;
"browser.theme.dark-private-windows" = true; "browser.theme.dark-private-windows" = true;
"browser.toolbars.bookmarks.visibility" = false; "browser.toolbars.bookmarks.visibility" = false;
"browser.startup.page" = 3; # Restore previous session "browser.startup.page" = 3; # Restore previous session
"browser.newtabpage.enabled" = false; # Make new tabs blank "browser.newtabpage.enabled" = false; # Make new tabs blank
"trailhead.firstrun.didSeeAboutWelcome" = true; # Disable welcome splash "trailhead.firstrun.didSeeAboutWelcome" =
true; # Disable welcome splash
"dom.forms.autocomplete.formautofill" = false; # Disable autofill "dom.forms.autocomplete.formautofill" = false; # Disable autofill
"extensions.formautofill.creditCards.enabled" = false; # Disable credit cards "extensions.formautofill.creditCards.enabled" =
false; # Disable credit cards
"dom.payments.defaults.saveAddress" = false; # Disable address save "dom.payments.defaults.saveAddress" = false; # Disable address save
"general.autoScroll" = true; # Drag middle-mouse to scroll "general.autoScroll" = true; # Drag middle-mouse to scroll
"services.sync.prefs.sync.general.autoScroll" = false; # Prevent disabling autoscroll "services.sync.prefs.sync.general.autoScroll" =
false; # Prevent disabling autoscroll
"extensions.pocket.enabled" = false; "extensions.pocket.enabled" = false;
"toolkit.legacyUserProfileCustomizations.stylesheets" = true; # Allow userChrome.css "toolkit.legacyUserProfileCustomizations.stylesheets" =
true; # Allow userChrome.css
"layout.css.color-mix.enabled" = true; "layout.css.color-mix.enabled" = true;
"ui.systemUsesDarkTheme" = if config.theme.dark == true then 1 else 0; "ui.systemUsesDarkTheme" =
"media.ffmpeg.vaapi.enabled" = true; # Enable hardware video acceleration if config.theme.dark == true then 1 else 0;
"cookiebanners.ui.desktop.enabled" = true; # Reject cookie popups
"devtools.command-button-screenshot.enabled" = true; # Scrolling screenshot of entire page
"svg.context-properties.content.enabled" = true; # Sidebery styling
"browser.tabs.hoverPreview.enabled" = false; # Disable tab previews
"browser.tabs.hoverPreview.showThumbnails" = false; # Disable tab previews
}; };
userChrome = '' userChrome = ''
:root { :root {
@ -113,7 +111,7 @@
background-color: ${config.theme.colors.base00}; background-color: ${config.theme.colors.base00};
color: ${config.theme.colors.base06} !important; color: ${config.theme.colors.base06} !important;
} }
.tab-content[selected] { .tab-content[selected=true] {
border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent); border-bottom: 2px solid color-mix(in srgb, var(--identity-tab-color) 25%, transparent);
background-color: ${config.theme.colors.base01} !important; background-color: ${config.theme.colors.base01} !important;
color: ${config.theme.colors.base07} !important; color: ${config.theme.colors.base07} !important;
@ -157,47 +155,10 @@
extraConfig = ""; extraConfig = "";
}; };
};
# Mimic nixpkgs package environment for read-only profiles.ini management
# From: https://github.com/booxter/home-manager/commit/dd1602e306fec366280f5953c5e1b553e3d9672a
home.sessionVariables = {
MOZ_LEGACY_PROFILES = 1;
MOZ_ALLOW_DOWNGRADE = 1;
};
# launchd.user.envVariables = config.home-manager.users.${config.user}.home.sessionVariables;
xdg.mimeApps = {
associations.added = {
"text/html" = [ "firefox.desktop" ];
};
defaultApplications = {
"text/html" = [ "firefox.desktop" ];
};
associations.removed = {
"text/html" = [ "wine-extension-htm.desktop" ];
};
};
xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux {
"${
config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier
}+Shift+b" = "exec ${
# Don't name the script `firefox` or it will affect grep
builtins.toString (
pkgs.writeShellScript "focus-ff.sh" ''
count=$(ps aux | grep -c firefox)
if [ "$count" -eq 1 ]; then
i3-msg "exec --no-startup-id firefox"
sleep 0.5
fi
i3-msg "[class=firefox] focus"
''
)
}";
}; };
}; };
}; };
} }

46
modules/common/applications/kitty.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
kitty = { kitty = {
@ -16,42 +10,16 @@
}; };
config = lib.mkIf (config.gui.enable && config.kitty.enable) { config = lib.mkIf (config.gui.enable && config.kitty.enable) {
# Set the Rofi-Systemd terminal for viewing logs
# Using optionalAttrs because only available in NixOS
environment =
{ }
// lib.attrsets.optionalAttrs (builtins.hasAttr "sessionVariables" config.environment) {
sessionVariables.ROFI_SYSTEMD_TERM = lib.mkDefault "${pkgs.kitty}/bin/kitty";
};
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
# xsession.windowManager.i3.config.terminal = "kitty";
# Set the i3 terminal # programs.rofi.terminal = "${pkgs.kitty}/bin/kitty";
xsession.windowManager.i3.config.terminal = lib.mkIf pkgs.stdenv.isLinux "kitty";
# Set the Rofi terminal for running programs
programs.rofi.terminal = lib.mkIf pkgs.stdenv.isLinux (lib.mkDefault "${pkgs.kitty}/bin/kitty");
# Display images in the terminal
programs.fish.interactiveShellInit = # fish
''
if test "$TERM" = "xterm-kitty"
alias icat="kitty +kitten icat"
alias ssh="kitty +kitten ssh"
end
'';
programs.kitty = { programs.kitty = {
enable = true; enable = true;
environment = { }; environment = { };
extraConfig = ""; extraConfig = "";
font.size = 14; font.size = 14;
keybindings = { keybindings = {
# Use shift+enter to complete text suggestions in fish
"shift+enter" = "send_text all \\x1F"; "shift+enter" = "send_text all \\x1F";
# Easy fullscreen toggle (for macOS)
"super+f" = "toggle_fullscreen"; "super+f" = "toggle_fullscreen";
}; };
settings = { settings = {
@ -100,8 +68,10 @@
color21 = config.theme.colors.base06; color21 = config.theme.colors.base06;
# Scrollback # Scrollback
scrollback_lines = 10000; scrolling_lines = 10000;
scrollback_pager_history_size = 300; # MB scrollback_pager_history_size = 10; # MB
scrollback_pager = ''
${pkgs.neovim}/bin/nvim -c 'setlocal nonumber nolist showtabline=0 foldcolumn=0|Man!' -c "autocmd VimEnter * normal G" -'';
# Window # Window
window_padding_width = 6; window_padding_width = 6;
@ -109,7 +79,7 @@
tab_bar_edge = "top"; tab_bar_edge = "top";
tab_bar_style = "slant"; tab_bar_style = "slant";
# Disable audio # Audio
enable_audio_bell = false; enable_audio_bell = false;
}; };
}; };

49
modules/common/applications/media.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
media = { media = {
@ -18,50 +12,27 @@
config = lib.mkIf (config.gui.enable && config.media.enable) { config = lib.mkIf (config.gui.enable && config.media.enable) {
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
home.packages = with pkgs; [ home.packages = with pkgs; [
nsxiv # Image viewer mpv # Video viewer
sxiv # Image viewer
mupdf # PDF viewer mupdf # PDF viewer
zathura # PDF viewer zathura # PDF viewer
]; ];
# Video player # Set default for opening PDFs
programs.mpv = {
enable = true;
bindings = { };
config = {
image-display-duration = 2; # For cycling through images
hwdec = "auto-safe"; # Attempt to use GPU decoding for video
};
scripts = [
# Automatically load playlist entries before and after current file
pkgs.mpvScripts.autoload
# Delete current file after quitting
pkgs.mpvScripts.mpv-delete-file
];
};
# Set default programs for opening PDFs and other media
xdg.mimeApps = { xdg.mimeApps = {
associations.added = { associations.added = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ]; "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/jpeg" = [ "nsxiv.desktop" ]; "image/*" = [ "sxiv.desktop" ];
"image/png" = [ "nsxiv.desktop" ];
"image/*" = [ "nsxiv.desktop" ];
};
associations.removed = {
"application/pdf" = [
"mupdf.desktop"
"wine-extension-pdf.desktop"
];
}; };
associations.removed = { "application/pdf" = [ "mupdf.desktop" ]; };
defaultApplications = { defaultApplications = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ]; "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/jpeg" = [ "nsxiv.desktop" ]; "image/*" = [ "sxiv.desktop" ];
"image/png" = [ "nsxiv.desktop" ];
"image/*" = [ "nsxiv.desktop" ];
}; };
}; };
}; };
}; };
} }

34
modules/common/applications/nautilus.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, pkgs, lib, ... }: {
options = {
nautilus = {
enable = lib.mkEnableOption {
description = "Enable Nautilus file manager.";
default = false;
};
};
};
# Install Nautilus file manager
config = lib.mkIf (config.gui.enable && config.nautilus.enable) {
home-manager.users.${config.user} = {
home.packages = with pkgs; [
gnome.nautilus
gnome.sushi # Quick preview with spacebar
];
# Set default for opening directories
xdg.mimeApps.defaultApplications."inode/directory" =
[ "nautilus.desktop" ];
programs.fish.functions = {
qr = {
body =
"${pkgs.qrencode}/bin/qrencode $argv[1] -o /tmp/qr.png | ${pkgs.gnome.sushi}/bin/sushi /tmp/qr.png";
};
};
};
};
}

15
modules/common/applications/obsidian.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
obsidian = { obsidian = {
@ -16,13 +10,10 @@
}; };
config = lib.mkIf (config.gui.enable && config.obsidian.enable) { config = lib.mkIf (config.gui.enable && config.obsidian.enable) {
unfreePackages = [ "obsidian" ]; unfreePackages = [ pkgs.obsidian ];
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
home.packages = with pkgs; [ obsidian ]; home.packages = with pkgs; [ obsidian ];
}; };
# Broken on 2023-12-11
# https://forum.obsidian.md/t/electron-25-is-now-eol-please-upgrade-to-a-newer-version/72878/8
nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ];
}; };
} }

10
modules/common/applications/qbittorrent.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
qbittorrent = { qbittorrent = {
@ -20,6 +14,8 @@
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
home.packages = with pkgs; [ qbittorrent ]; home.packages = with pkgs; [ qbittorrent ];
}; };
}; };
} }

11
modules/common/applications/slack.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
slack = { slack = {
@ -16,9 +10,10 @@
}; };
config = lib.mkIf (config.gui.enable && config.slack.enable) { config = lib.mkIf (config.gui.enable && config.slack.enable) {
unfreePackages = [ "slack" ]; unfreePackages = [ pkgs.slack ];
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
home.packages = with pkgs; [ slack ]; home.packages = with pkgs; [ slack ];
}; };
}; };
} }

238
modules/common/applications/wezterm.nix
View File

@ -1,238 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
options = {
wezterm = {
enable = lib.mkEnableOption {
description = "Enable WezTerm terminal.";
default = false;
};
};
};
config =
let
font = config.home-manager.users.${config.user}.programs.kitty.font.name;
in
lib.mkIf (config.gui.enable && config.wezterm.enable) {
# Set the Rofi-Systemd terminal for viewing logs
# Using optionalAttrs because only available in NixOS
environment =
{ }
// lib.attrsets.optionalAttrs (builtins.hasAttr "sessionVariables" config.environment) {
sessionVariables.ROFI_SYSTEMD_TERM = "${pkgs.wezterm}/bin/wezterm";
};
home-manager.users.${config.user} = {
# Set the i3 terminal
xsession.windowManager.i3.config.terminal = lib.mkIf pkgs.stdenv.isLinux "wezterm";
# Set the Rofi terminal for running programs
programs.rofi.terminal = lib.mkIf pkgs.stdenv.isLinux "${pkgs.wezterm}/bin/wezterm";
# Display images in the terminal
programs.fish.shellAliases = {
icat = lib.mkForce "wezterm imgcat";
};
programs.wezterm = {
enable = true;
colorSchemes = {
myTheme = {
background = config.theme.colors.base00;
foreground = config.theme.colors.base05;
cursor_bg = config.theme.colors.base05;
cursor_fg = config.theme.colors.base00;
cursor_border = config.theme.colors.base05;
selection_bg = config.theme.colors.base05;
selection_fg = config.theme.colors.base00;
scrollbar_thumb = config.theme.colors.base03;
ansi = [
config.theme.colors.base01 # black
config.theme.colors.base0F # maroon
config.theme.colors.base0B # green
config.theme.colors.base0A # olive
config.theme.colors.base0D # navy
config.theme.colors.base0E # purple
config.theme.colors.base0C # teal
config.theme.colors.base06 # silver
];
brights = [
config.theme.colors.base03 # grey
config.theme.colors.base08 # red
config.theme.colors.base0B # lime
config.theme.colors.base0A # yellow
config.theme.colors.base0D # blue
config.theme.colors.base0E # fuchsia
config.theme.colors.base0C # aqua
config.theme.colors.base07 # white
];
compose_cursor = config.theme.colors.base09; # orange
copy_mode_active_highlight_bg = {
Color = config.theme.colors.base03;
};
copy_mode_active_highlight_fg = {
Color = config.theme.colors.base07;
};
copy_mode_inactive_highlight_bg = {
Color = config.theme.colors.base02;
};
copy_mode_inactive_highlight_fg = {
Color = config.theme.colors.base06;
};
quick_select_label_bg = {
Color = config.theme.colors.base02;
};
quick_select_label_fg = {
Color = config.theme.colors.base06;
};
quick_select_match_bg = {
Color = config.theme.colors.base03;
};
quick_select_match_fg = {
Color = config.theme.colors.base07;
};
};
};
extraConfig = ''
return {
color_scheme = "myTheme",
-- Scrollback
scrollback_lines = 10000,
-- Window
window_padding = {
left = 10,
right = 10,
top = 10,
bottom = 10,
},
font = wezterm.font('${font}', { weight = 'Bold'}),
font_size = ${if pkgs.stdenv.isLinux then "14.0" else "18.0"},
-- Fix color blocks instead of text
front_end = "WebGpu",
-- Tab Bar
hide_tab_bar_if_only_one_tab = true,
window_frame = {
font = wezterm.font('${font}', { weight = 'Bold'}),
font_size = ${if pkgs.stdenv.isLinux then "12.0" else "16.0"},
},
colors = {
tab_bar = {
active_tab = {
bg_color = '${config.theme.colors.base00}',
fg_color = '${config.theme.colors.base04}',
},
},
},
-- Disable audio
audible_bell = "Disabled",
initial_rows = 80,
initial_cols = 200,
keys = {
-- sends completion string for fish autosuggestions
{
key = 'Enter',
mods = 'SHIFT',
action = wezterm.action.SendString '\x1F'
},
-- ctrl-shift-h was "hide"
{
key = 'H',
mods = 'SHIFT|CTRL',
action = wezterm.action.DisableDefaultAssignment
},
-- alt-enter was "fullscreen"
{
key = 'Enter',
mods = 'ALT',
action = wezterm.action.DisableDefaultAssignment
},
-- make super-f "fullscreen"
{
key = 'f',
mods = 'SUPER',
action = wezterm.action.ToggleFullScreen
},
-- super-t open new tab in new dir
{
key = 't',
mods = ${if pkgs.stdenv.isDarwin then "'SUPER'" else "'ALT'"},
action = wezterm.action.SpawnCommandInNewTab {
cwd = wezterm.home_dir,
},
},
-- shift-super-t open new tab in same dir
{
key = 't',
mods = 'SUPER|SHIFT',
action = wezterm.action.SpawnTab 'CurrentPaneDomain'
},
-- project switcher
{
key = 'P',
mods = 'SUPER',
action = wezterm.action_callback(function(window, pane)
local choices = {}
wezterm.log_info "working?"
function scandir(directory)
local i, t, popen = 0, {}, io.popen
local pfile = popen('${pkgs.fd}/bin/fd --search-path "'..directory..'" --type directory --exact-depth 2 | ${pkgs.proximity-sort}/bin/proximity-sort "'..os.getenv("HOME").."/dev/work"..'"')
for filename in pfile:lines() do
i = i + 1
t[i] = filename
end
pfile:close()
return t
end
for _, v in pairs(scandir(os.getenv("HOME").."/dev")) do
table.insert(choices, { label = v })
end
window:perform_action(
wezterm.action.InputSelector {
action = wezterm.action_callback(function(window, pane, id, label)
if not id and not label then
wezterm.log_info "cancelled"
else
window:perform_action(
wezterm.action.SpawnCommandInNewTab {
cwd = label,
},
pane
)
end
end),
fuzzy = true,
title = "Select Project",
choices = choices,
},
pane
)
end),
},
},
}
'';
};
};
};
}

11
modules/common/applications/yt-dlp.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options = { options = {
yt-dlp = { yt-dlp = {
@ -33,6 +27,9 @@
}; };
programs.fish.shellAbbrs.yt = "yt-dlp"; programs.fish.shellAbbrs.yt = "yt-dlp";
}; };
}; };
} }

175
modules/common/default.nix
View File

@ -1,19 +1,7 @@
{ { config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{
imports = [ imports =
./applications [ ./applications ./mail ./neovim ./programming ./repositories ./shell ];
./mail
./neovim
./programming
./repositories
./shell
];
options = { options = {
user = lib.mkOption { user = lib.mkOption {
@ -29,7 +17,8 @@
download = lib.mkOption { download = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "XDG directory for downloads"; description = "XDG directory for downloads";
default = if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads"; default =
if pkgs.stdenv.isDarwin then "$HOME/Downloads" else "$HOME/downloads";
}; };
}; };
identityFile = lib.mkOption { identityFile = lib.mkOption {
@ -55,13 +44,20 @@
default = true; default = true;
}; };
}; };
# colorscheme = lib.mkOption {
# type = types.attrs;
# description = "Base16 color scheme";
# };
homePath = lib.mkOption { homePath = lib.mkOption {
type = lib.types.path; type = lib.types.path;
description = "Path of user's home directory."; description = "Path of user's home directory.";
default = builtins.toPath ( default = builtins.toPath (if pkgs.stdenv.isDarwin then
if pkgs.stdenv.isDarwin then "/Users/${config.user}" else "/home/${config.user}" "/Users/${config.user}"
); else
"/home/${config.user}");
}; };
dotfilesPath = lib.mkOption { dotfilesPath = lib.mkOption {
type = lib.types.path; type = lib.types.path;
description = "Path of dotfiles repository."; description = "Path of dotfiles repository.";
@ -69,112 +65,63 @@
}; };
dotfilesRepo = lib.mkOption { dotfilesRepo = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Link to dotfiles repository HTTPS URL."; description = "Link to dotfiles repository.";
}; };
unfreePackages = lib.mkOption { unfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.package;
description = "List of unfree packages to allow."; description = "List of unfree packages to allow.";
default = [ ]; default = [ ];
}; };
hostnames = {
files = lib.mkOption {
type = lib.types.str;
description = "Hostname for files server (Filebrowser).";
};
git = lib.mkOption {
type = lib.types.str;
description = "Hostname for git server (Gitea).";
};
metrics = lib.mkOption {
type = lib.types.str;
description = "Hostname for metrics server.";
};
minecraft = lib.mkOption {
type = lib.types.str;
description = "Hostname for Minecraft server.";
};
paperless = lib.mkOption {
type = lib.types.str;
description = "Hostname for document server (paperless-ngx).";
};
prometheus = lib.mkOption {
type = lib.types.str;
description = "Hostname for Prometheus server.";
};
influxdb = lib.mkOption {
type = lib.types.str;
description = "Hostname for InfluxDB2 server.";
};
secrets = lib.mkOption {
type = lib.types.str;
description = "Hostname for passwords and secrets (Vaultwarden).";
};
stream = lib.mkOption {
type = lib.types.str;
description = "Hostname for video/media library (Jellyfin).";
};
content = lib.mkOption {
type = lib.types.str;
description = "Hostname for personal content system (Nextcloud).";
};
books = lib.mkOption {
type = lib.types.str;
description = "Hostname for books library (Calibre-Web).";
};
download = lib.mkOption {
type = lib.types.str;
description = "Hostname for download services.";
};
irc = lib.mkOption {
type = lib.types.str;
description = "Hostname for IRC services.";
};
n8n = lib.mkOption {
type = lib.types.str;
description = "Hostname for n8n automation.";
};
notifications = lib.mkOption {
type = lib.types.str;
description = "Hostname for push notification services (ntfy).";
};
status = lib.mkOption {
type = lib.types.str;
description = "Hostname for status page (Uptime-Kuma).";
};
transmission = lib.mkOption {
type = lib.types.str;
description = "Hostname for peer2peer downloads (Transmission).";
};
};
}; };
config = config = let stateVersion = "23.05";
let in {
stateVersion = "23.05";
in
{
# Basic common system packages for all devices nix = {
environment.systemPackages = with pkgs; [
git
vim
wget
curl
];
# Use the system-level nixpkgs instead of Home Manager's # Enable features in Nix commands
home-manager.useGlobalPkgs = true; extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
# Install packages to /etc/profiles instead of ~/.nix-profile, useful when settings = {
# using multiple profiles for one user
home-manager.useUserPackages = true;
# Allow specified unfree packages (identified elsewhere) # Add community Cachix to binary cache
# Retrieves package object based on string name substituters = lib.mkIf (!pkgs.stdenv.isDarwin)
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.unfreePackages; [ "https://nix-community.cachix.org" ];
trusted-public-keys = lib.mkIf (!pkgs.stdenv.isDarwin) [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
# Scans and hard links identical files in the store
auto-optimise-store = true;
};
# Pin a state version to prevent warnings
home-manager.users.${config.user}.home.stateVersion = stateVersion;
home-manager.users.root.home.stateVersion = stateVersion;
}; };
# Basic common system packages for all devices
environment.systemPackages = with pkgs; [ git vim wget curl ];
# Use the system-level nixpkgs instead of Home Manager's
home-manager.useGlobalPkgs = true;
# Install packages to /etc/profiles instead of ~/.nix-profile, useful when
# using multiple profiles for one user
home-manager.useUserPackages = true;
# Allow specified unfree packages (identified elsewhere)
# Retrieves package object based on string name
# Idea: https://discourse.nixos.org/t/how-to-use-packages-directly-in-allowunfreepredicate/22455/6
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (pkg.name or (builtins.parseDrvName pkg.pname).name)
(map lib.getName config.unfreePackages);
# Pin a state version to prevent warnings
home-manager.users.${config.user}.home.stateVersion = stateVersion;
home-manager.users.root.home.stateVersion = stateVersion;
};
} }

71
modules/common/mail/aerc.nix
View File

@ -1,10 +1,4 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
options.mail.aerc.enable = lib.mkEnableOption "Aerc email."; options.mail.aerc.enable = lib.mkEnableOption "Aerc email.";
@ -74,16 +68,14 @@
"!" = ":term<space>"; "!" = ":term<space>";
"|" = ":pipe<space>"; "|" = ":pipe<space>";
"/" = ":search<space>-a<space>"; "/" = ":search<space>";
"\\" = ":filter <space>"; "\\" = ":filter <space>";
n = ":next-result<Enter>"; n = ":next-result<Enter>";
N = ":prev-result<Enter>"; N = ":prev-result<Enter>";
"<Esc>" = ":clear<Enter>"; "<Esc>" = ":clear<Enter>";
}; };
"messages:folder=Drafts" = { "messages:folder=Drafts" = { "<Enter>" = ":recall<Enter>"; };
"<Enter>" = ":recall<Enter>";
};
view = { view = {
"/" = ":toggle-key-passthrough <Enter> /"; "/" = ":toggle-key-passthrough <Enter> /";
@ -156,28 +148,28 @@
"<C-p>" = ":prev-tab<Enter>"; "<C-p>" = ":prev-tab<Enter>";
"<C-n>" = ":next-tab<Enter>"; "<C-n>" = ":next-tab<Enter>";
}; };
}; };
extraConfig = { extraConfig = {
general = { general.unsafe-accounts-conf = true;
unsafe-accounts-conf = true; viewer = { pager = "${pkgs.less}/bin/less -R"; };
# log-file = "~/.cache/aerc.log";
# log-level = "debug";
};
viewer = {
pager = "${pkgs.less}/bin/less -R";
};
filters = { filters = {
"text/plain" = "${pkgs.aerc}/libexec/aerc/filters/colorize"; "text/plain" =
"text/calendar" = "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/libexec/aerc/filters/calendar"; "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
"text/html" = "${pkgs.aerc}/libexec/aerc/filters/html | ${pkgs.aerc}/libexec/aerc/filters/colorize"; # Requires w3m, dante "text/calendar" =
"${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/calendar";
"text/html" =
"${pkgs.aerc}/share/aerc/filters/html"; # Requires w3m, dante
# "text/html" =
# "${pkgs.aerc}/share/aerc/filters/html | ${pkgs.aerc}/share/aerc/filters/colorize";
# "text/*" = # "text/*" =
# ''${pkgs.bat}/bin/bat -fP --file-name="$AERC_FILENAME "''; # ''${pkgs.bat}/bin/bat -fP --file-name="$AERC_FILENAME "'';
"message/delivery-status" = "${pkgs.aerc}/libexec/aerc/filters/colorize"; "message/delivery-status" =
"message/rfc822" = "${pkgs.aerc}/libexec/aerc/filters/colorize"; "${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
"message/rfc822" =
"${pkgs.gawk}/bin/awk -f ${pkgs.aerc}/share/aerc/filters/colorize";
"application/x-sh" = "${pkgs.bat}/bin/bat -fP -l sh"; "application/x-sh" = "${pkgs.bat}/bin/bat -fP -l sh";
"application/pdf" = "${pkgs.zathura}/bin/zathura -"; "application/pdf" = "${pkgs.zathura}/bin/zathura -";
"audio/*" = "${pkgs.mpv}/bin/mpv -";
"image/*" = "${pkgs.feh}/bin/feh -";
}; };
}; };
}; };
@ -186,35 +178,12 @@
extraAccounts = { extraAccounts = {
check-mail = "5m"; check-mail = "5m";
check-mail-cmd = "${pkgs.isync}/bin/mbsync -a"; check-mail-cmd = "${pkgs.isync}/bin/mbsync -a";
check-mail-timeout = "15s";
}; };
}; };
xdg.desktopEntries.aerc = lib.mkIf pkgs.stdenv.isLinux { programs.fish.shellAbbrs = { ae = "aerc"; };
name = "aerc";
exec = "kitty aerc %u";
};
xsession.windowManager.i3.config.keybindings = lib.mkIf pkgs.stdenv.isLinux {
"${
config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier
}+Shift+e" = "exec ${
# Don't name the script `aerc` or it will affect grep
builtins.toString (
pkgs.writeShellScript "focus-mail.sh" ''
count=$(ps aux | grep -c aerc)
if [ "$count" -eq 1 ]; then
i3-msg "exec --no-startup-id kitty --class aerc aerc"
sleep 0.25
fi
i3-msg "[class=aerc] focus"
''
)
}";
};
programs.fish.shellAbbrs = {
ae = "aerc";
};
}; };
}; };
} }

161
modules/common/mail/default.nix
View File

@ -1,16 +1,6 @@
{ { config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{
imports = [ imports = [ ./himalaya.nix ./aerc.nix ];
./himalaya.nix
./aerc.nix
./system.nix
];
options = { options = {
mail.enable = lib.mkEnableOption "Mail service."; mail.enable = lib.mkEnableOption "Mail service.";
@ -20,120 +10,75 @@
default = config.user; default = config.user;
}; };
mail.server = lib.mkOption { mail.server = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.str;
description = "Server name for the email address."; description = "Server name for the email address.";
}; };
mail.imapHost = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Server host for IMAP (reading mail).";
};
mail.smtpHost = lib.mkOption {
type = lib.types.nullOr lib.types.str;
description = "Server host for SMTP (sending mail).";
};
}; };
config = lib.mkIf config.mail.enable { config = lib.mkIf config.mail.enable {
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.mbsync = { programs.mbsync = { enable = true; };
enable = true;
};
# Automatically check for mail and keep files synced locally
services.mbsync = lib.mkIf pkgs.stdenv.isLinux { services.mbsync = lib.mkIf pkgs.stdenv.isLinux {
enable = true; enable = true;
frequency = "*:0/5"; frequency = "*:0/5";
postExec = "${pkgs.notmuch}/bin/notmuch new";
}; };
# Used to watch for new mail and trigger sync
services.imapnotify.enable = pkgs.stdenv.isLinux;
# Allows sending email from CLI/sendmail
programs.msmtp.enable = true;
# Better local mail search
programs.notmuch = {
enable = true;
new.ignore = [
".mbsyncstate.lock"
".mbsyncstate.journal"
".mbsyncstate.new"
];
};
accounts.email = { accounts.email = {
# Where email files are stored
maildirBasePath = "${config.homePath}/mail"; maildirBasePath = "${config.homePath}/mail";
accounts = { accounts = {
home = home = let address = "${config.mail.user}@${config.mail.server}";
let in {
address = "${config.mail.user}@${config.mail.server}"; userName = address;
in realName = config.fullName;
{ primary = true;
userName = address; inherit address;
realName = config.fullName; aliases = map (user: "${user}@${config.mail.server}") [
primary = true; "me"
inherit address; "hey"
aliases = map (user: "${user}@${config.mail.server}") [ "admin"
"me" ];
"hey" alot = { };
"admin" flavor = "plain";
]; folders = { };
getmail = { };
# Options for contact completion imap = {
alot = { }; host = "imap.purelymail.com";
port = 993;
imap = { tls.enable = true;
host = config.mail.imapHost; };
port = 993; imapnotify = {
tls.enable = true; enable = false;
}; boxes = [ ];
onNotify = "";
# Watch for mail and run notifications or sync onNotifyPost = "";
imapnotify = { };
enable = true; maildir = { path = "main"; };
boxes = [ "Inbox" ]; mbsync = {
onNotify = "${pkgs.isync}/bin/mbsync -a"; enable = true;
onNotifyPost = create = "maildir";
lib.mkIf config.home-manager.users.${config.user}.services.dunst.enable expunge = "none";
"${pkgs.libnotify}/bin/notify-send 'New mail arrived'"; remove = "none";
}; patterns = [ "*" ];
extraConfig.channel = {
# Name of the directory in maildir for this account CopyArrivalDate = "yes"; # Sync time of original message
maildir = {
path = "main";
};
# Bi-directional syncing options for local files
mbsync = {
enable = true;
create = "both";
expunge = "both";
remove = "both";
patterns = [ "*" ];
extraConfig.channel = {
CopyArrivalDate = "yes"; # Sync time of original message
};
};
# Enable indexing
notmuch.enable = true;
# Used to login and send and receive emails
passwordCommand = "${pkgs.age}/bin/age --decrypt --identity ~/.ssh/id_ed25519 ${pkgs.writeText "mailpass.age" (builtins.readFile ../../../private/mailpass.age)}";
smtp = {
host = config.mail.smtpHost;
port = 465;
tls.enable = true;
}; };
}; };
mu.enable = false;
notmuch.enable = false;
passwordCommand =
"${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
builtins.toString ../../../private/mailpass.age
}";
smtp = {
host = "smtp.purelymail.com";
port = 465;
tls.enable = true;
};
};
}; };
}; };
}; };
}; };
} }

15
modules/common/mail/himalaya.nix
View File

@ -1,5 +1,4 @@
{ config, lib, ... }: { config, lib, ... }: {
{
options.mail.himalaya.enable = lib.mkEnableOption "Himalaya email."; options.mail.himalaya.enable = lib.mkEnableOption "Himalaya email.";
@ -7,20 +6,20 @@
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.himalaya = { programs.himalaya = { enable = true; };
enable = true;
};
accounts.email.accounts.home.himalaya = { accounts.email.accounts.home.himalaya = {
enable = true; enable = true;
backend = "imap";
sender = "smtp";
settings = { settings = {
downloads-dir = config.userDirs.download; downloads-dir = config.userDirs.download;
smtp-insecure = true; smtp-insecure = true;
}; };
}; };
programs.fish.shellAbbrs = { programs.fish.shellAbbrs = { hi = "himalaya"; };
hi = "himalaya";
};
}; };
}; };
} }

35
modules/common/mail/system.nix
View File

@ -1,35 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
config = lib.mkIf (config.mail.enable || config.server) {
home-manager.users.${config.user} = {
programs.msmtp.enable = true;
# The system user for sending automatic notifications
accounts.email.accounts.system =
let
address = "system@${config.mail.server}";
in
{
userName = address;
realName = "NixOS System";
primary = !config.mail.enable; # Only primary if mail not enabled
inherit address;
passwordCommand = "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${pkgs.writeText "mailpass-system.age" (builtins.readFile ../../../private/mailpass-system.age)}";
msmtp.enable = true;
smtp = {
host = config.mail.smtpHost;
port = 465;
tls.enable = true;
};
};
};
};
}

6
modules/common/neovim/config/align.nix
View File

@ -1,8 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# Plugin for aligning text programmatically
plugins = [ pkgs.vimPlugins.tabular ]; plugins = [ pkgs.vimPlugins.tabular ];
lua = '' lua = ''
-- Align -- Align

14
modules/common/neovim/config/bufferline.nix
View File

@ -1,22 +1,16 @@
{ pkgs, ... }: { pkgs, ... }: {
{
# Shows buffers in a VSCode-style tab layout
plugins = [ plugins = [
pkgs.vimPlugins.bufferline-nvim pkgs.vimPlugins.bufferline-nvim
pkgs.vimPlugins.vim-bbye # Better closing of buffers pkgs.vimPlugins.vim-bbye # Better closing of buffers
pkgs.vimPlugins.snipe-nvim # Jump between open buffers
]; ];
setup.bufferline = { setup.bufferline = {
options = { options = {
diagnostics = "nvim_lsp"; diagnostics = "nvim_lsp";
always_show_bufferline = false; always_show_bufferline = false;
separator_style = "slant"; separator_style = "slant";
offsets = [ { filetype = "NvimTree"; } ]; offsets = [{ filetype = "NvimTree"; }];
}; };
}; };
setup.snipe = { };
lua = '' lua = ''
-- Move buffers -- Move buffers
vim.keymap.set("n", "L", ":BufferLineCycleNext<CR>", { silent = true }) vim.keymap.set("n", "L", ":BufferLineCycleNext<CR>", { silent = true })
@ -24,7 +18,5 @@
-- Kill buffer -- Kill buffer
vim.keymap.set("n", "<Leader>x", " :Bdelete<CR>", { silent = true }) vim.keymap.set("n", "<Leader>x", " :Bdelete<CR>", { silent = true })
'';
-- Jump to buffer
vim.keymap.set("n", "gb", require("snipe").open_buffer_menu, { silent = true }) '';
} }

27
modules/common/neovim/config/colors.nix
View File

@ -1,27 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
# Sets Neovim colors based on Nix colorscheme
options.colors = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Attrset of base16 colorscheme key value pairs.";
};
config = {
plugins = [ pkgs.vimPlugins.base16-nvim ];
setup.base16-colorscheme = config.colors;
# Telescope isn't working, shut off for now
lua = ''
require('base16-colorscheme').with_config {
telescope = false,
}
'';
};
}

89
modules/common/neovim/config/completion.nix
View File

@ -1,5 +1,4 @@
{ pkgs, dsl, ... }: { pkgs, dsl, ... }: {
{
plugins = [ plugins = [
pkgs.vimPlugins.cmp-nvim-lsp pkgs.vimPlugins.cmp-nvim-lsp
@ -10,6 +9,7 @@
pkgs.vimPlugins.luasnip pkgs.vimPlugins.luasnip
pkgs.vimPlugins.cmp_luasnip pkgs.vimPlugins.cmp_luasnip
pkgs.vimPlugins.cmp-rg pkgs.vimPlugins.cmp-rg
pkgs.vimPlugins.friendly-snippets
]; ];
use.cmp.setup = dsl.callWith { use.cmp.setup = dsl.callWith {
@ -24,17 +24,28 @@
end end
''; '';
# Basic completion keybinds snippet.expand = dsl.rawLua ''
function(args)
require("luasnip").lsp_expand(args.body)
end
'';
mapping = { mapping = {
"['<C-n>']" = dsl.rawLua "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })"; "['<C-n>']" = dsl.rawLua
"['<C-p>']" = dsl.rawLua "require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })"; "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert })";
"['<Down>']" = dsl.rawLua "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Select }, { 'i', 'c' })"; "['<C-p>']" = dsl.rawLua
"['<Up>']" = dsl.rawLua "require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Select }, { 'i', 'c' })"; "require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Insert })";
"['<Down>']" = dsl.rawLua
"require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Select })";
"['<Up>']" = dsl.rawLua
"require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Select })";
"['<C-d>']" = dsl.rawLua "require('cmp').mapping.scroll_docs(-4)"; "['<C-d>']" = dsl.rawLua "require('cmp').mapping.scroll_docs(-4)";
"['<C-f>']" = dsl.rawLua "require('cmp').mapping.scroll_docs(4)"; "['<C-f>']" = dsl.rawLua "require('cmp').mapping.scroll_docs(4)";
"['<C-e>']" = dsl.rawLua "require('cmp').mapping.abort()"; "['<C-e>']" = dsl.rawLua "require('cmp').mapping.abort()";
"['<C-y>']" = dsl.rawLua "require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Insert, select = true, }, { 'i', 'c' })"; "['<CR>']" = dsl.rawLua
"['<C-r>']" = dsl.rawLua "require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, }, { 'i', 'c' })"; "require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, })";
"['<C-r>']" = dsl.rawLua
"require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, })";
"['<Esc>']" = dsl.rawLua '' "['<Esc>']" = dsl.rawLua ''
function(_) function(_)
cmp.mapping({ cmp.mapping({
@ -44,7 +55,7 @@
vim.cmd("stopinsert") --- Abort and leave insert mode vim.cmd("stopinsert") --- Abort and leave insert mode
end end
''; '';
"['<C-k>']" = dsl.rawLua '' "['<C-l>']" = dsl.rawLua ''
cmp.mapping(function(_) cmp.mapping(function(_)
if require("luasnip").expand_or_jumpable() then if require("luasnip").expand_or_jumpable() then
require("luasnip").expand_or_jump() require("luasnip").expand_or_jump()
@ -53,33 +64,26 @@
''; '';
}; };
# These are where the completion engine gets its suggestions
sources = [ sources = [
{ name = "nvim_lua"; } # Fills in common Neovim lua functions { name = "nvim_lua"; }
{ name = "nvim_lsp"; } # LSP results { name = "nvim_lsp"; }
{ name = "path"; } # Shell completion from current PATH { name = "luasnip"; }
{ name = "path"; }
{ {
name = "buffer"; # Grep for text from the current text buffer name = "buffer";
keyword_length = 3; keyword_length = 3;
max_item_count = 10; max_item_count = 10;
} }
{ {
name = "rg"; # Grep for text from the current directory name = "rg";
keyword_length = 6; keyword_length = 6;
max_item_count = 10; max_item_count = 10;
option = { option = { additional_arguments = "--ignore-case"; };
additional_arguments = "--ignore-case";
};
} }
]; ];
# Styling of the completion menu
formatting = { formatting = {
fields = [ fields = [ "kind" "abbr" "menu" ];
"kind"
"abbr"
"menu"
];
format = dsl.rawLua '' format = dsl.rawLua ''
function(entry, vim_item) function(entry, vim_item)
local kind_icons = { local kind_icons = {
@ -111,6 +115,7 @@
} }
vim_item.kind = string.format("%s", kind_icons[vim_item.kind]) vim_item.kind = string.format("%s", kind_icons[vim_item.kind])
vim_item.menu = ({ vim_item.menu = ({
luasnip = "[Snippet]",
buffer = "[Buffer]", buffer = "[Buffer]",
path = "[Path]", path = "[Path]",
rg = "[Grep]", rg = "[Grep]",
@ -126,46 +131,19 @@
native_menu = false; # Use cmp menu instead of Vim menu native_menu = false; # Use cmp menu instead of Vim menu
ghost_text = true; # Show preview auto-completion ghost_text = true; # Show preview auto-completion
}; };
}; };
lua = '' lua = ''
-- Use buffer source for `/` -- Use buffer source for `/`
require('cmp').setup.cmdline("/", { require('cmp').setup.cmdline("/", {
mapping = { sources = {
['<C-n>'] = {
c = require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })
},
['<C-p>'] = {
c = require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })
},
['<C-y>'] = {
c = require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Insert, select = true, }, { 'i', 'c' })
},
['<C-r>'] = {
c = require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, }, { 'i', 'c' })
},
},
sources = require('cmp').config.sources({
{ name = "buffer", keyword_length = 5 }, { name = "buffer", keyword_length = 5 },
}), },
}) })
-- Use cmdline & path source for ':' -- Use cmdline & path source for ':'
require('cmp').setup.cmdline(":", { require('cmp').setup.cmdline(":", {
mapping = {
['<C-n>'] = {
c = require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })
},
['<C-p>'] = {
c = require('cmp').mapping.select_prev_item({ behavior = require('cmp').SelectBehavior.Insert }, { 'i', 'c' })
},
['<C-y>'] = {
c = require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Insert, select = true, }, { 'i', 'c' })
},
['<C-r>'] = {
c = require('cmp').mapping.confirm({ behavior = require('cmp').ConfirmBehavior.Replace, select = true, }, { 'i', 'c' })
},
},
sources = require('cmp').config.sources({ sources = require('cmp').config.sources({
{ name = "path" }, { name = "path" },
}, { }, {
@ -173,4 +151,5 @@
}), }),
}) })
''; '';
} }

17
modules/common/neovim/config/github.lua
View File

@ -1,17 +0,0 @@
-- Keymap to open file in GitHub web
vim.keymap.set("n", "<Leader>gr", ":!gh browse %<CR><CR>", { silent = true })
-- Pop a terminal to watch the current run
local gitwatch = require("toggleterm.terminal").Terminal:new({
cmd = "fish --interactive --init-command 'gh run watch'",
hidden = true,
direction = "float",
})
-- Set a toggle for this terminal
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
-- Keymap to toggle the run
vim.keymap.set("n", "<Leader>W", GITWATCH_TOGGLE)

3
modules/common/neovim/config/gitsigns.nix
View File

@ -1,5 +1,4 @@
{ pkgs, ... }: { pkgs, ... }: {
{
plugins = [ pkgs.vimPlugins.gitsigns-nvim ]; plugins = [ pkgs.vimPlugins.gitsigns-nvim ];
setup.gitsigns = { }; setup.gitsigns = { };
lua = builtins.readFile ./gitsigns.lua; lua = builtins.readFile ./gitsigns.lua;

6
modules/common/neovim/config/kubernetes.lua
View File

@ -1,6 +0,0 @@
local k9s = require("toggleterm.terminal").Terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

222
modules/common/neovim/config/lsp.nix
View File

@ -1,166 +1,66 @@
{ { pkgs, dsl, ... }: {
pkgs,
lib,
config,
dsl,
...
}:
{
# Terraform optional because non-free plugins = [
options.terraform = lib.mkEnableOption "Whether to enable Terraform LSP"; pkgs.vimPlugins.nvim-lspconfig
options.github = lib.mkEnableOption "Whether to enable GitHub features"; pkgs.vimPlugins.lsp-colors-nvim
options.kubernetes = lib.mkEnableOption "Whether to enable Kubernetes features"; pkgs.vimPlugins.null-ls-nvim
options.nixosConfiguration = lib.mkOption { ];
type = lib.types.str;
description = "Configuration to use for nixd options checking"; use.lspconfig.lua_ls.setup = dsl.callWith {
default = "default"; settings = { Lua = { diagnostics = { globals = [ "vim" "hs" ]; }; }; };
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
cmd = [ "${pkgs.lua-language-server}/bin/lua-language-server" ];
}; };
config = { use.lspconfig.nil_ls.setup = dsl.callWith {
plugins = [ cmd = [ "${pkgs.nil}/bin/nil" ];
pkgs.vimPlugins.nvim-lspconfig capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
pkgs.vimPlugins.conform-nvim
pkgs.vimPlugins.fidget-nvim
pkgs.vimPlugins.nvim-lint
pkgs.vimPlugins.vim-table-mode
pkgs.vimPlugins.tiny-inline-diagnostic-nvim
];
setup.fidget = { };
setup.tiny-inline-diagnostic = { };
use.lspconfig.lua_ls.setup = dsl.callWith {
settings = {
Lua = {
diagnostics = {
globals = [
"vim"
"hs"
];
};
};
};
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
cmd = [ "${pkgs.lua-language-server}/bin/lua-language-server" ];
};
use.lspconfig.nixd.setup = dsl.callWith {
cmd = [ "${pkgs.nixd}/bin/nixd" ];
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
# settings = {
# nixd = {
# options = {
# nixos = {
# expr = "(builtins.getFlake (\"git+file://\" + toString ./.)).nixosConfigurations.${config.nixosConfiguration}.options";
# };
# home-manager = {
# expr = "(builtins.getFlake (\"git+file://\" + toString ./.)).homeConfigurations.${config.nixosConfiguration}.options";
# };
# darwin = {
# expr = "(builtins.getFlake (\"git+file://\" + toString ./.)).darwinConfigurations.${config.nixosConfiguration}.options";
# };
# };
# };
# };
};
use.lspconfig.pyright.setup = dsl.callWith {
cmd = [
"${pkgs.pyright}/bin/pyright-langserver"
"--stdio"
];
};
use.lspconfig.terraformls.setup = dsl.callWith {
cmd =
if config.terraform then
[
"${pkgs.terraform-ls}/bin/terraform-ls"
"serve"
]
else
[ "echo" ];
};
use.lspconfig.rust_analyzer.setup = dsl.callWith {
cmd = [ "${pkgs.rust-analyzer}/bin/rust-analyzer" ];
settings = {
"['rust-analyzer']" = {
check = {
command = "clippy";
};
files = {
excludeDirs = [ ".direnv" ];
};
cargo = {
features = "all";
};
};
};
};
setup.conform = {
format_on_save = {
# These options will be passed to conform.format()
timeout_ms = 1500;
lsp_fallback = true;
};
formatters_by_ft = {
lua = [ "stylua" ];
python = [ "black" ];
fish = [ "fish_indent" ];
nix = [ "nixfmt" ];
rust = [ "rustfmt" ];
sh = [ "shfmt" ];
terraform = if config.terraform then [ "terraform_fmt" ] else [ ];
hcl = [ "hcl" ];
};
formatters = {
lua.command = "${pkgs.stylua}/bin/stylua";
black.command = "${pkgs.black}/bin/black";
fish_indent.command = "${pkgs.fish}/bin/fish_indent";
nixfmt.command = "${pkgs.nixfmt-rfc-style}/bin/nixfmt";
rustfmt.command = "${pkgs.rustfmt}/bin/rustfmt";
shfmt = {
command = "${pkgs.shfmt}/bin/shfmt";
prepend_args = [
"-i"
"4"
"-ci"
];
};
terraform_fmt.command = if config.terraform then "${pkgs.terraform}/bin/terraform" else "";
hcl.command = "${pkgs.hclfmt}/bin/hclfmt";
};
};
use.lint = {
linters_by_ft = dsl.toTable {
python = [ "ruff" ];
sh = [ "shellcheck" ];
};
};
vim.api.nvim_create_autocmd = dsl.callWith [
(dsl.toTable [
"BufEnter"
"BufWritePost"
])
(dsl.rawLua "{ callback = function() require('lint').try_lint() end }")
];
lua = ''
${builtins.readFile ./lsp.lua}
local ruff = require('lint').linters.ruff; ruff.cmd = "${pkgs.ruff}/bin/ruff"
local shellcheck = require('lint').linters.shellcheck; shellcheck.cmd = "${pkgs.shellcheck}/bin/shellcheck"
-- Prevent infinite log size (change this when debugging)
vim.lsp.set_log_level("off")
-- Hide buffer diagnostics (use tiny-inline-diagnostic.nvim instead)
vim.diagnostic.config({ virtual_text = false })
'';
}; };
use.lspconfig.pyright.setup = dsl.callWith {
cmd = [ "${pkgs.pyright}/bin/pyright-langserver" "--stdio" ];
};
use.lspconfig.terraformls.setup =
dsl.callWith { cmd = [ "${pkgs.terraform-ls}/bin/terraform-ls" "serve" ]; };
vim.api.nvim_create_augroup = dsl.callWith [ "LspFormatting" { } ];
lua = ''
${builtins.readFile ./lsp.lua}
require("null-ls").setup({
sources = {
require("null-ls").builtins.formatting.stylua.with({ command = "${pkgs.stylua}/bin/stylua" }),
require("null-ls").builtins.formatting.black.with({ command = "${pkgs.black}/bin/black" }),
require("null-ls").builtins.diagnostics.flake8.with({ command = "${pkgs.python310Packages.flake8}/bin/flake8" }),
require("null-ls").builtins.formatting.fish_indent.with({ command = "${pkgs.fish}/bin/fish_indent" }),
require("null-ls").builtins.formatting.nixfmt.with({ command = "${pkgs.nixfmt}/bin/nixfmt" }),
require("null-ls").builtins.formatting.rustfmt.with({ command = "${pkgs.rustfmt}/bin/rustfmt" }),
require("null-ls").builtins.diagnostics.shellcheck.with({ command = "${pkgs.shellcheck}/bin/shellcheck" }),
require("null-ls").builtins.formatting.shfmt.with({
command = "${pkgs.shfmt}/bin/shfmt",
extra_args = { "-i", "4", "-ci" },
}),
require("null-ls").builtins.formatting.terraform_fmt.with({
command = "${pkgs.terraform}/bin/terraform",
extra_filetypes = { "hcl" },
}),
},
on_attach = function(client, bufnr)
if client.supports_method("textDocument/formatting") then
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = function()
vim.lsp.buf.format({ bufnr = bufnr })
end,
})
end
end,
})
'';
} }

48
modules/common/neovim/config/misc.nix
View File

@ -1,29 +1,17 @@
{ { pkgs, dsl, lib, ... }: {
pkgs,
dsl,
lib,
...
}:
{
plugins = [ plugins = [
pkgs.vimPlugins.vim-surround # Keybinds for surround characters pkgs.vimPlugins.vim-surround # Keybinds for surround characters
pkgs.vimPlugins.vim-eunuch # File manipulation commands pkgs.vimPlugins.vim-eunuch # File manipulation commands
pkgs.vimPlugins.vim-fugitive # Git commands pkgs.vimPlugins.vim-fugitive # Git commands
pkgs.vimPlugins.vim-repeat # Better repeat using . pkgs.vimPlugins.vim-repeat # Better repeat using .
pkgs.vimPlugins.vim-abolish # Keep capitalization in substitute (Subvert) pkgs.vimPlugins.comment-nvim # Smart comment commands
pkgs.vimPlugins.markview-nvim # Markdown preview pkgs.vimPlugins.impatient-nvim # Faster load times
pkgs.vimPlugins.glow-nvim # Markdown preview popup
pkgs.vimPlugins.nvim-colorizer-lua # Hex color previews pkgs.vimPlugins.nvim-colorizer-lua # Hex color previews
pkgs.vimPlugins.which-key-nvim # Keybind helper
]; ];
# Initialize some plugins setup.Comment = { };
setup.colorizer = { setup.colorizer = { };
user_default_options = {
names = false;
};
};
setup.markview = { };
setup.which-key = { };
vim.o = { vim.o = {
termguicolors = true; # Set to truecolor termguicolors = true; # Set to truecolor
@ -41,6 +29,7 @@
scrolloff = 3; # Margin of lines to see while scrolling scrolloff = 3; # Margin of lines to see while scrolling
splitright = true; # Vertical splits on the right side splitright = true; # Vertical splits on the right side
splitbelow = true; # Horizontal splits on the bottom side splitbelow = true; # Horizontal splits on the bottom side
pastetoggle = "<F3>"; # Use F3 to enter raw paste mode
clipboard = "unnamedplus"; # Uses system clipboard for yanking clipboard = "unnamedplus"; # Uses system clipboard for yanking
updatetime = 300; # Faster diagnostics updatetime = 300; # Faster diagnostics
mouse = "nv"; # Mouse interaction / scrolling mouse = "nv"; # Mouse interaction / scrolling
@ -52,26 +41,17 @@
relativenumber = true; # Relative numbers instead of absolute relativenumber = true; # Relative numbers instead of absolute
}; };
# For which-key-nvim
vim.o.timeout = true;
vim.o.timeoutlen = 300;
# Better backup, swap and undo storage # Better backup, swap and undo storage
vim.o.backup = true; # Easier to recover and more secure vim.o.backup = true; # Easier to recover and more secure
vim.opt.undofile = true; # Keeps undos after quit vim.bo.swapfile = false; # Instead of swaps, create backups
vim.opt.swapfile = false; # Instead of swaps, create backups vim.bo.undofile = true; # Keeps undos after quit
vim.o.backupdir = dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/backup//")''; vim.o.backupdir = dsl.rawLua ''vim.fn.stdpath("cache") .. "/backup"'';
vim.o.undodir = dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/undo//")'';
# Required for nvim-cmp completion # Required for nvim-cmp completion
vim.opt.completeopt = [ vim.opt.completeopt = [ "menu" "menuone" "noselect" ];
"menu"
"menuone"
"noselect"
];
lua = lib.mkBefore '' lua = lib.mkBefore ''
vim.loader.enable() require("impatient")
${builtins.readFile ../lua/keybinds.lua}; ${builtins.readFile ../lua/keybinds.lua};
${builtins.readFile ../lua/settings.lua}; ${builtins.readFile ../lua/settings.lua};
''; '';
@ -80,6 +60,10 @@
" Remember last position when reopening file " Remember last position when reopening file
au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
" LaTeX options
au FileType tex inoremap ;bf \textbf{}<Esc>i
au BufWritePost *.tex silent! execute "!pdflatex -output-directory=%:p:h % >/dev/null 2>&1" | redraw!
" Flash highlight when yanking " Flash highlight when yanking
au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 } au TextYankPost * silent! lua vim.highlight.on_yank { timeout = 250 }
''; '';

5
modules/common/neovim/config/statusline.nix
View File

@ -1,9 +1,8 @@
{ pkgs, ... }: { pkgs, ... }: {
{
plugins = [ pkgs.vimPlugins.lualine-nvim ]; plugins = [ pkgs.vimPlugins.lualine-nvim ];
setup.lualine = { setup.lualine = {
options = { options = {
theme = "base16"; theme = "gruvbox";
icons_enabled = true; icons_enabled = true;
}; };
}; };

50
modules/common/neovim/config/syntax.nix
View File

@ -1,49 +1,26 @@
{ pkgs, lib, ... }: { pkgs, ... }: {
{
plugins = [ plugins = [
(pkgs.vimPlugins.nvim-treesitter.withPlugins ( (pkgs.vimPlugins.nvim-treesitter.withPlugins (_plugins:
_plugins: with pkgs.tree-sitter-grammars; [ with pkgs.tree-sitter-grammars; [
tree-sitter-bash
tree-sitter-c
tree-sitter-fish
tree-sitter-hcl tree-sitter-hcl
tree-sitter-ini
tree-sitter-json
tree-sitter-lua
tree-sitter-markdown
tree-sitter-markdown-inline
tree-sitter-nix
tree-sitter-puppet
tree-sitter-python tree-sitter-python
tree-sitter-rasi tree-sitter-lua
tree-sitter-nix
tree-sitter-fish
tree-sitter-toml tree-sitter-toml
tree-sitter-vimdoc
tree-sitter-yaml tree-sitter-yaml
] tree-sitter-json
)) ]))
pkgs.vimPlugins.vim-matchup # Better % jumping in languages pkgs.vimPlugins.vim-matchup # Better % jumping in languages
pkgs.vimPlugins.playground # Tree-sitter experimenting
pkgs.vimPlugins.nginx-vim pkgs.vimPlugins.nginx-vim
pkgs.vimPlugins.vim-helm pkgs.vimPlugins.vim-helm
# pkgs.vimPlugins.hmts-nvim # Tree-sitter injections for home-manager pkgs.vimPlugins.vim-puppet
(pkgs.vimUtils.buildVimPlugin {
pname = "nmasur";
version = "0.1";
src = ../plugin;
})
]; ];
setup."nvim-treesitter.configs" = { setup."nvim-treesitter.configs" = {
highlight = { highlight = { enable = true; };
enable = true; indent = { enable = true; };
};
indent = {
enable = true;
};
matchup = {
enable = true;
}; # Uses vim-matchup
textobjects = { textobjects = {
select = { select = {
@ -72,9 +49,4 @@
}; };
}; };
# Use mkAfter to ensure tree-sitter is already loaded
lua = lib.mkAfter ''
-- Use HCL parser with .tf files
vim.treesitter.language.register('hcl', 'terraform')
'';
} }

5
modules/common/neovim/config/telescope.lua
View File

@ -13,7 +13,6 @@ vim.keymap.set("n", "<Leader>gf", telescope.git_bcommits)
vim.keymap.set("n", "<Leader>gb", telescope.git_branches) vim.keymap.set("n", "<Leader>gb", telescope.git_branches)
vim.keymap.set("n", "<Leader>gs", telescope.git_status) vim.keymap.set("n", "<Leader>gs", telescope.git_status)
vim.keymap.set("n", "<Leader>s", telescope.current_buffer_fuzzy_find) vim.keymap.set("n", "<Leader>s", telescope.current_buffer_fuzzy_find)
vim.keymap.set("n", "<Leader>rr", telescope.resume)
vim.keymap.set("n", "<Leader>N", function() vim.keymap.set("n", "<Leader>N", function()
local opts = { local opts = {
@ -46,7 +45,7 @@ end)
vim.keymap.set("n", "<Leader>fz", require("telescope").extensions.zoxide.list) vim.keymap.set("n", "<Leader>fz", require("telescope").extensions.zoxide.list)
-- Project -- Project
require("telescope").load_extension("projects") require("telescope").load_extension("project")
vim.keymap.set("n", "<C-p>", function() vim.keymap.set("n", "<C-p>", function()
local opts = require("telescope.themes").get_ivy({ local opts = require("telescope.themes").get_ivy({
layout_config = { layout_config = {
@ -55,7 +54,7 @@ vim.keymap.set("n", "<C-p>", function()
}, },
}, },
}) })
require("telescope").extensions.projects.projects(opts) require("telescope").extensions.project.project(opts)
end) end)
-- File browser -- File browser

23
modules/common/neovim/config/telescope.nix
View File

@ -1,11 +1,8 @@
{ pkgs, dsl, ... }: { pkgs, dsl, ... }: {
{
# Telescope is a fuzzy finder that can work with different sub-plugins
plugins = [ plugins = [
pkgs.vimPlugins.telescope-nvim pkgs.vimPlugins.telescope-nvim
pkgs.vimPlugins.project-nvim pkgs.vimPlugins.telescope-project-nvim
pkgs.vimPlugins.telescope-fzy-native-nvim pkgs.vimPlugins.telescope-fzy-native-nvim
pkgs.vimPlugins.telescope-file-browser-nvim pkgs.vimPlugins.telescope-file-browser-nvim
pkgs.vimPlugins.telescope-zoxide pkgs.vimPlugins.telescope-zoxide
@ -21,23 +18,17 @@
}; };
}; };
pickers = { pickers = {
find_files = { find_files = { theme = "ivy"; };
theme = "ivy"; oldfiles = { theme = "ivy"; };
}; buffers = { theme = "dropdown"; };
oldfiles = {
theme = "ivy";
};
buffers = {
theme = "dropdown";
};
}; };
extensions = { extensions = {
fzy_native = { }; fzy_native = { };
zoxide = { }; zoxide = { };
project = { base_dirs = [ "~/dev" ]; };
}; };
}; };
setup.project_nvim = { };
lua = builtins.readFile ./telescope.lua; lua = builtins.readFile ./telescope.lua;
} }

14
modules/common/neovim/config/toggleterm.lua
View File

@ -12,8 +12,6 @@ vim.api.nvim_create_autocmd("TermOpen", {
end, end,
}) })
-- These are all the different types of terminals we can trigger
local terminal = require("toggleterm.terminal").Terminal local terminal = require("toggleterm.terminal").Terminal
local basicterminal = terminal:new() local basicterminal = terminal:new()
@ -26,5 +24,17 @@ function NIXPKGS_TOGGLE()
nixpkgs:toggle() nixpkgs:toggle()
end end
local gitwatch = terminal:new({ cmd = "fish --interactive --init-command 'gh run watch'" })
function GITWATCH_TOGGLE()
gitwatch:toggle()
end
local k9s = terminal:new({ cmd = "k9s" })
function K9S_TOGGLE()
k9s:toggle()
end
vim.keymap.set("n", "<Leader>t", TERM_TOGGLE) vim.keymap.set("n", "<Leader>t", TERM_TOGGLE)
vim.keymap.set("n", "<Leader>P", NIXPKGS_TOGGLE) vim.keymap.set("n", "<Leader>P", NIXPKGS_TOGGLE)
vim.keymap.set("n", "<Leader>gw", GITWATCH_TOGGLE)
vim.keymap.set("n", "<Leader>9", K9S_TOGGLE)

17
modules/common/neovim/config/toggleterm.nix
View File

@ -1,12 +1,4 @@
{ { pkgs, dsl, ... }: {
pkgs,
dsl,
config,
...
}:
{
# Toggleterm provides a floating terminal inside the editor for quick access
plugins = [ pkgs.vimPlugins.toggleterm-nvim ]; plugins = [ pkgs.vimPlugins.toggleterm-nvim ];
@ -16,9 +8,6 @@
direction = "float"; direction = "float";
}; };
lua = '' lua = builtins.readFile ./toggleterm.lua;
${builtins.readFile ./toggleterm.lua}
${if config.github then (builtins.readFile ./github.lua) else ""}
${if config.kubernetes then (builtins.readFile ./kubernetes.lua) else ""}
'';
} }

61
modules/common/neovim/config/tree.nix
View File

@ -1,12 +1,6 @@
{ pkgs, dsl, ... }: { pkgs, dsl, ... }: {
{
# This plugin creates a side drawer for navigating the current project plugins = [ pkgs.vimPlugins.nvim-tree-lua pkgs.vimPlugins.nvim-web-devicons ];
plugins = [
pkgs.vimPlugins.nvim-tree-lua
pkgs.vimPlugins.nvim-web-devicons
];
# Disable netrw eagerly # Disable netrw eagerly
# https://github.com/kyazdani42/nvim-tree.lua/commit/fb8735e96cecf004fbefb086ce85371d003c5129 # https://github.com/kyazdani42/nvim-tree.lua/commit/fb8735e96cecf004fbefb086ce85371d003c5129
@ -16,18 +10,14 @@
}; };
setup.nvim-tree = { setup.nvim-tree = {
disable_netrw = true; # Disable the built-in file manager disable_netrw = true;
hijack_netrw = true; # Works as the file manager hijack_netrw = true;
sync_root_with_cwd = true; # Change project whenever currend dir changes
respect_buf_cwd = true; # Change to exact location of focused buffer
update_focused_file = { update_focused_file = {
# Change project based on the focused buffer
enable = true; enable = true;
update_root = true; update_cwd = true;
ignore_list = { }; ignore_list = { };
}; };
diagnostics = { diagnostics = {
# Enable LSP and linter integration
enable = true; enable = true;
icons = { icons = {
hint = ""; hint = "";
@ -37,7 +27,6 @@
}; };
}; };
renderer = { renderer = {
# Show files with changes vs. current commit
icons = { icons = {
glyphs = { glyphs = {
git = { git = {
@ -52,33 +41,37 @@
}; };
}; };
}; };
# Set keybinds and initialize program
on_attach = dsl.rawLua ''
function (bufnr)
local api = require('nvim-tree.api')
local function opts(desc)
return { desc = 'nvim-tree: ' .. desc, buffer = bufnr, noremap = true, silent = true, nowait = true }
end
api.config.mappings.default_on_attach(bufnr)
vim.keymap.set('n', 'l', api.node.open.edit, opts('Open'))
vim.keymap.set('n', '<CR>', api.node.open.edit, opts('Open'))
vim.keymap.set('n', 'o', api.node.open.edit, opts('Open'))
vim.keymap.set('n', 'h', api.node.navigate.parent_close, opts('Close Directory'))
vim.keymap.set('n', 'v', api.node.open.vertical, opts('Open: Vertical Split'))
end
'';
view = { view = {
# Set look and feel
width = 30; width = 30;
hide_root_folder = false;
side = "left"; side = "left";
mappings = {
custom_only = false;
list = [
{
key = [ "l" "<CR>" "o" ];
cb = dsl.rawLua
"require('nvim-tree.config').nvim_tree_callback('edit')";
}
{
key = "h";
cb = dsl.rawLua
"require('nvim-tree.config').nvim_tree_callback('close_node')";
}
{
key = "v";
cb = dsl.rawLua
"require('nvim-tree.config').nvim_tree_callback('vsplit')";
}
];
};
number = false; number = false;
relativenumber = false; relativenumber = false;
}; };
}; };
# Toggle the sidebar
lua = '' lua = ''
vim.keymap.set("n", "<Leader>e", ":NvimTreeFindFileToggle<CR>", { silent = true }) vim.keymap.set("n", "<Leader>e", ":NvimTreeFindFileToggle<CR>", { silent = true })
''; '';
} }

50
modules/common/neovim/default.nix
View File

@ -1,22 +1,13 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
let let
neovim = import ./package { neovim = import ./package {
inherit pkgs; inherit pkgs;
colors = config.theme.colors; colors = import config.theme.colors.neovimConfig { inherit pkgs; };
terraform = config.terraform.enable;
github = true;
kubernetes = config.kubernetes.enable;
nixosConfiguration = config.networking.hostName; # Used for Nixd
}; };
in
{ in {
options.neovim.enable = lib.mkEnableOption "Neovim."; options.neovim.enable = lib.mkEnableOption "Neovim.";
@ -27,42 +18,35 @@ in
home.packages = [ neovim ]; home.packages = [ neovim ];
# Use Neovim as the editor for git commit messages
programs.git.extraConfig.core.editor = "nvim"; programs.git.extraConfig.core.editor = "nvim";
programs.jujutsu.settings.ui.editor = "nvim";
# Set Neovim as the default app for text editing and manual pages
home.sessionVariables = { home.sessionVariables = {
EDITOR = "nvim"; EDITOR = "nvim";
MANPAGER = "nvim +Man!"; MANPAGER = "nvim +Man!";
}; };
# Create quick aliases for launching Neovim
programs.fish = { programs.fish = {
shellAliases = { shellAliases = { vim = "nvim"; };
vim = "nvim";
};
shellAbbrs = { shellAbbrs = {
v = lib.mkForce "nvim"; v = lib.mkForce "nvim";
vl = lib.mkForce "nvim -c 'normal! `0' -c 'bdelete 1'"; vl = lib.mkForce "nvim -c 'normal! `0' -c 'bdelete 1'";
vll = "nvim -c 'Telescope oldfiles'"; vll = "nvim -c 'Telescope oldfiles'";
}; };
}; };
programs.kitty.settings.scrollback_pager = lib.mkForce ''
${neovim}/bin/nvim -c 'setlocal nonumber nolist showtabline=0 foldcolumn=0|Man!' -c "autocmd VimEnter * normal G" -'';
# Create a desktop option for launching Neovim from a file manager xdg.desktopEntries.nvim = lib.mkIf pkgs.stdenv.isLinux {
# (Requires launching the terminal and then executing Neovim)
xdg.desktopEntries.nvim = lib.mkIf (pkgs.stdenv.isLinux && config.gui.enable) {
name = "Neovim wrapper"; name = "Neovim wrapper";
exec = "${config.home-manager.users.${config.user}.programs.rofi.terminal} nvim %F"; exec = "kitty nvim %F";
mimeType = [
"text/plain"
"text/markdown"
];
}; };
xdg.mimeApps.defaultApplications = lib.mkIf pkgs.stdenv.isLinux { xdg.mimeApps = lib.mkIf pkgs.stdenv.isLinux {
"text/plain" = [ "nvim.desktop" ]; defaultApplications."text/markdown" = [ "nvim.desktop" ];
"text/markdown" = [ "nvim.desktop" ];
}; };
}; };
# # Used for icons in Vim
# fonts.fonts = with pkgs; [ nerdfonts ];
}; };
} }

4
modules/common/neovim/init.lua Normal file
View File

@ -0,0 +1,4 @@
require("packer_init")
require("settings")
require("keybinds")
require("background")

12
modules/common/neovim/lua/keybinds.lua
View File

@ -39,6 +39,7 @@ key("n", "<Leader>fs", ":write<CR>")
key("n", "<Leader>fd", ":lcd %:p:h<CR>", { silent = true }) key("n", "<Leader>fd", ":lcd %:p:h<CR>", { silent = true })
key("n", "<Leader>fu", ":lcd ..<CR>", { silent = true }) key("n", "<Leader>fu", ":lcd ..<CR>", { silent = true })
key("n", "<Leader><Tab>", ":b#<CR>", { silent = true }) key("n", "<Leader><Tab>", ":b#<CR>", { silent = true })
key("n", "<Leader>gr", ":!gh repo view -w<CR><CR>", { silent = true })
key("n", "<Leader>tt", [[<Cmd>exe 'edit $NOTES_PATH/journal/'.strftime("%Y-%m-%d_%a").'.md'<CR>]]) key("n", "<Leader>tt", [[<Cmd>exe 'edit $NOTES_PATH/journal/'.strftime("%Y-%m-%d_%a").'.md'<CR>]])
key("n", "<Leader>jj", ":!journal<CR>:e<CR>") key("n", "<Leader>jj", ":!journal<CR>:e<CR>")
@ -47,6 +48,11 @@ key("n", "<Leader>wv", ":vsplit<CR>")
key("n", "<Leader>wh", ":split<CR>") key("n", "<Leader>wh", ":split<CR>")
key("n", "<Leader>wm", ":only<CR>") key("n", "<Leader>wm", ":only<CR>")
-- Vimrc editing
key("n", "<Leader>rr", ":luafile $HOME/.config/nvim/init.lua<CR>")
key("n", "<Leader>rp", ":luafile $HOME/.config/nvim/init.lua<CR>:PackerInstall<CR>:")
key("n", "<Leader>rc", ":luafile $HOME/.config/nvim/init.lua<CR>:PackerCompile<CR>")
-- Keep cursor in place -- Keep cursor in place
key("n", "n", "nzz") key("n", "n", "nzz")
key("n", "N", "Nzz") key("n", "N", "Nzz")
@ -64,12 +70,6 @@ key("n", "<C-Down>", ":resize -2<CR>", { silent = true })
key("n", "<C-Left>", ":vertical resize -2<CR>", { silent = true }) key("n", "<C-Left>", ":vertical resize -2<CR>", { silent = true })
key("n", "<C-Right>", ":vertical resize +2<CR>", { silent = true }) key("n", "<C-Right>", ":vertical resize +2<CR>", { silent = true })
-- Quickfix
key("n", "]q", ":cnext<CR>")
key("n", "[q", ":cprevious<CR>")
key("n", "co", ":copen<CR>")
key("n", "cq", ":cclose<CR>")
-- Other -- Other
key("n", "<A-CR>", ":noh<CR>", { silent = true }) --- Clear search in VimWiki key("n", "<A-CR>", ":noh<CR>", { silent = true }) --- Clear search in VimWiki
key("n", "Y", "y$") --- Copy to end of line key("n", "Y", "y$") --- Copy to end of line

164
modules/common/neovim/lua/packer/completion.lua Normal file
View File

@ -0,0 +1,164 @@
-- =======================================================================
-- Completion System
-- =======================================================================
local M = {}
M.packer = function(use)
-- Completion sources
use("hrsh7th/cmp-nvim-lsp") --- Language server completion plugin
use("hrsh7th/cmp-buffer") --- Generic text completion
use("hrsh7th/cmp-path") --- Local file completion
use("hrsh7th/cmp-cmdline") --- Command line completion
use("hrsh7th/cmp-nvim-lua") --- Nvim lua api completion
use("saadparwaiz1/cmp_luasnip") --- Luasnip completion
use("lukas-reineke/cmp-rg") --- Ripgrep completion
use("rafamadriz/friendly-snippets") -- Lots of pre-generated snippets
-- Completion engine
use({
"hrsh7th/nvim-cmp",
requires = { "L3MON4D3/LuaSnip" },
config = function()
local cmp = require("cmp")
local kind_icons = {
Text = "",
Method = "m",
Function = "",
Constructor = "",
Field = "",
Variable = "",
Class = "",
Interface = "",
Module = "",
Property = "",
Unit = "",
Value = "",
Enum = "",
Keyword = "",
Snippet = "",
Color = "",
File = "",
Reference = "",
Folder = "",
EnumMember = "",
Constant = "",
Struct = "",
Event = "",
Operator = "",
TypeParameter = "",
}
cmp.setup({
-- Only enable on non-prompt buffers
-- So don't use in telescope
enabled = function()
if vim.bo.buftype == "prompt" then
return false
end
return true
end,
-- Setup snippet completion
snippet = {
expand = function(args)
require("luasnip").lsp_expand(args.body)
end,
},
-- Setup completion keybinds
mapping = {
["<C-n>"] = cmp.mapping(cmp.mapping.select_next_item(), { "i", "c" }),
["<C-p>"] = cmp.mapping(cmp.mapping.select_prev_item(), { "i", "c" }),
["<C-d>"] = cmp.mapping(cmp.mapping.scroll_docs(-4), { "i", "c" }),
["<C-f>"] = cmp.mapping(cmp.mapping.scroll_docs(4), { "i", "c" }),
["<C-e>"] = cmp.mapping(cmp.mapping.abort(), { "i", "c" }),
["<Esc>"] = function(_)
cmp.mapping({
i = cmp.mapping.abort(),
c = cmp.mapping.close(),
})
vim.cmd("stopinsert") --- Abort and leave insert mode
end,
["<CR>"] = cmp.mapping.confirm({
behavior = cmp.ConfirmBehavior.Insert,
select = true,
}),
["<C-r>"] = cmp.mapping.confirm({
behavior = cmp.ConfirmBehavior.Replace,
select = true,
}),
["<C-l>"] = cmp.mapping(function(_)
if require("luasnip").expand_or_jumpable() then
require("luasnip").expand_or_jump()
end
end, { "i", "s" }),
},
-- Setup completion engines
sources = {
{ name = "nvim_lua" },
{ name = "nvim_lsp" },
{ name = "luasnip" },
{ name = "path" },
{ name = "buffer", keyword_length = 3, max_item_count = 10 },
{
name = "rg",
keyword_length = 6,
max_item_count = 10,
option = { additional_arguments = "--ignore-case" },
},
},
-- Visual presentation
formatting = {
fields = { "kind", "abbr", "menu" },
format = function(entry, vim_item)
vim_item.kind = string.format("%s", kind_icons[vim_item.kind])
vim_item.menu = ({
luasnip = "[Snippet]",
buffer = "[Buffer]",
path = "[Path]",
rg = "[Grep]",
nvim_lsp = "[LSP]",
nvim_lua = "[Lua]",
})[entry.source.name]
return vim_item
end,
},
-- Docs
-- window = {
-- completion = cmp.config.window.bordered(),
-- documentation = cmp.config.window.bordered(),
-- },
-- Extra features
experimental = {
native_menu = false, --- Use cmp menu instead of Vim menu
ghost_text = true, --- Show preview auto-completion
},
})
-- Use buffer source for `/`
cmp.setup.cmdline("/", {
sources = {
{ name = "buffer", keyword_length = 5 },
},
})
-- Use cmdline & path source for ':'
cmp.setup.cmdline(":", {
sources = cmp.config.sources({
{ name = "path" },
}, {
{ name = "cmdline" },
}),
})
end,
})
end
return M

153
modules/common/neovim/lua/packer/lsp.lua Normal file
View File

@ -0,0 +1,153 @@
-- =======================================================================
-- Language Server
-- =======================================================================
local M = {}
M.packer = function(use)
-- Language server engine
use({
"neovim/nvim-lspconfig",
requires = { "hrsh7th/cmp-nvim-lsp" },
config = function()
local function on_path(program)
return vim.fn.executable(program) == 1
end
local capabilities = require("cmp_nvim_lsp").default_capabilities()
if on_path("lua-language-server") then
require("lspconfig").sumneko_lua.setup({
capabilities = capabilities,
-- Turn off errors for vim global variable
settings = {
Lua = {
diagnostics = {
globals = { "vim", "hs" },
},
},
},
})
end
if on_path("rust-analyzer") then
require("lspconfig").rust_analyzer.setup({ capabilities = capabilities })
end
if on_path("tflint") then
require("lspconfig").tflint.setup({ capabilities = capabilities })
end
if on_path("terraform-ls") then
require("lspconfig").terraformls.setup({ capabilities = capabilities })
end
if on_path("pyright") then
require("lspconfig").pyright.setup({
on_attach = function()
-- set keymaps (requires 0.7.0)
-- vim.keymap.set("n", "", "", {buffer=0})
end,
capabilities = capabilities,
})
end
if on_path("nil") then
require("lspconfig").nil_ls.setup({ capabilities = capabilities })
end
vim.keymap.set("n", "gd", vim.lsp.buf.definition)
vim.keymap.set("n", "gT", vim.lsp.buf.type_definition)
vim.keymap.set("n", "gi", vim.lsp.buf.implementation)
vim.keymap.set("n", "gh", vim.lsp.buf.hover)
-- vim.keymap.set("n", "gr", telescope.lsp_references)
vim.keymap.set("n", "<Leader>R", vim.lsp.buf.rename)
vim.keymap.set("n", "]e", vim.diagnostic.goto_next)
vim.keymap.set("n", "[e", vim.diagnostic.goto_prev)
vim.keymap.set("n", "<Leader>de", vim.diagnostic.open_float)
vim.keymap.set("n", "<Leader>E", vim.lsp.buf.code_action)
end,
})
-- Pretty highlights
use("folke/lsp-colors.nvim")
-- Linting
use({
"jose-elias-alvarez/null-ls.nvim",
branch = "main",
requires = {
"nvim-lua/plenary.nvim",
"neovim/nvim-lspconfig",
},
config = function()
local function on_path(program)
return vim.fn.executable(program) == 1
end
local augroup = vim.api.nvim_create_augroup("LspFormatting", {})
require("null-ls").setup({
sources = {
require("null-ls").builtins.formatting.stylua.with({
condition = function()
return on_path("stylua")
end,
}),
require("null-ls").builtins.formatting.black.with({
condition = function()
return on_path("black")
end,
}),
require("null-ls").builtins.diagnostics.flake8.with({
condition = function()
return on_path("flake8")
end,
}),
require("null-ls").builtins.formatting.fish_indent.with({
condition = function()
return on_path("fish_indent")
end,
}),
require("null-ls").builtins.formatting.nixfmt.with({
condition = function()
return on_path("nixfmt")
end,
}),
require("null-ls").builtins.formatting.rustfmt.with({
condition = function()
return on_path("rustfmt")
end,
}),
require("null-ls").builtins.diagnostics.shellcheck.with({
condition = function()
return on_path("shellcheck")
end,
}),
require("null-ls").builtins.formatting.shfmt.with({
extra_args = { "-i", "4", "-ci" },
condition = function()
return on_path("shfmt")
end,
}),
require("null-ls").builtins.formatting.terraform_fmt.with({
condition = function()
return on_path("terraform")
end,
}),
-- require("null-ls").builtins.diagnostics.luacheck,
-- require("null-ls").builtins.diagnostics.markdownlint,
-- require("null-ls").builtins.diagnostics.pylint,
},
-- Format on save
on_attach = function(client, bufnr)
if client.supports_method("textDocument/formatting") then
vim.api.nvim_clear_autocmds({ group = augroup, buffer = bufnr })
vim.api.nvim_create_autocmd("BufWritePre", {
group = augroup,
buffer = bufnr,
callback = function()
vim.lsp.buf.format({ bufnr = bufnr })
end,
})
end
end,
})
end,
})
end
return M

67
modules/common/neovim/lua/packer/misc.lua Normal file
View File

@ -0,0 +1,67 @@
local M = {}
M.packer = function(use)
-- Important tweaks
use("tpope/vim-surround") --- Manipulate parentheses
-- Convenience tweaks
use("tpope/vim-eunuch") --- File manipulation in Vim
use("tpope/vim-vinegar") --- Fixes netrw file explorer
use("tpope/vim-fugitive") --- Git commands and syntax
use("tpope/vim-repeat") --- Actually repeat using .
-- Use gc or gcc to add comments
use({
"numToStr/Comment.nvim",
config = function()
require("Comment").setup()
end,
})
-- Alignment tool
use({
"godlygeek/tabular",
config = function()
vim.keymap.set("", "<Leader>ta", ":Tabularize /")
vim.keymap.set("", "<Leader>t#", ":Tabularize /#<CR>")
vim.keymap.set("", "<Leader>tl", ":Tabularize /---<CR>")
end,
})
-- Markdown renderer / wiki notes
-- use("vimwiki/vimwiki")
use({
"jakewvincent/mkdnflow.nvim",
config = function()
require("mkdnflow").setup({
modules = {
bib = false,
conceal = true,
folds = false,
},
perspective = {
priority = "current",
fallback = "first",
nvim_wd_heel = false, -- Don't change working dir
},
links = {
style = "markdown",
conceal = true,
},
wrap = true,
to_do = {
symbols = { " ", "-", "x" },
},
})
vim.api.nvim_create_autocmd("FileType", {
pattern = "markdown",
callback = function()
vim.o.autowriteall = true -- Save in new buffer
vim.o.wrapmargin = 79 -- Wrap text automatically
end,
})
end,
})
end
return M

Some files were not shown because too many files have changed in this diff Show More