ngp.computer / nixos
Configuration for my NixOS based systems and Home Manager
fork atom

Compare changes

Choose any two refs to compare.

+4060 -884
unified split
+1 -1
.envrc
··· 1 - use_nix 1 + use flake
+5
boot.nix
··· 1 + { ... }: { 2 + # Use the systemd-boot EFI boot loader. 3 + boot.loader.systemd-boot.enable = true; 4 + boot.loader.efi.canTouchEfiVariables = true; 5 + }
+31
common.nix
··· 1 + { ... }: 2 + { 3 + # Set your time zone. 4 + time.timeZone = "America/Chicago"; 5 + 6 + # Select internationalisation properties. 7 + i18n.defaultLocale = "en_US.UTF-8"; 8 + # console = { 9 + # font = "Lat2-Terminus16"; 10 + # keyMap = "us"; 11 + # useXkbConfig = true; # use xkb.options in tty. 12 + # }; 13 + 14 + # Automatic doc cache generation 15 + documentation.man.generateCaches = true; 16 + 17 + # Automatic system upgrades 18 + system.autoUpgrade = { 19 + enable = true; 20 + dates = "09:00"; 21 + randomizedDelaySec = "45min"; 22 + }; 23 + 24 + # Automatic Garbage Collection 25 + nix.gc.automatic = true; 26 + nix.gc.options = "--delete-older-than 8d"; 27 + nix.settings.trusted-users = [ "@wheel" ]; 28 + 29 + # I don't care that much about free vs unfree 30 + nixpkgs.config.allowUnfree = true; 31 + }
+254
default-home.nix
··· 1 + { 2 + pkgs, 3 + unstable, 4 + inputs, 5 + config, 6 + ... 7 + }: 8 + { 9 + imports = [ 10 + inputs.agenix.homeManagerModules.default 11 + ]; 12 + home.username = "noah"; 13 + home.homeDirectory = "/home/noah"; 14 + 15 + age.identityPaths = [ 16 + "${config.home.homeDirectory}/.ssh/id_rsa" 17 + "${config.home.homeDirectory}/.ssh/id_ed25519" 18 + "${config.home.homeDirectory}/.ssh/id_ed25519_age" 19 + ]; 20 + 21 + home.packages = with pkgs; [ 22 + inputs.agenix.packages."${system}".agenix 23 + # main tool 24 + direnv 25 + tree 26 + btop 27 + htop 28 + rsync 29 + unzip 30 + fd 31 + ripgrep 32 + catgirl 33 + netcat 34 + stunnel 35 + fzf 36 + iperf3 37 + entr 38 + lf 39 + #devenv # broken 40 + plan9port 41 + pwgen 42 + metastore 43 + isync 44 + pass 45 + tmux 46 + age 47 + 48 + # Dev tools 49 + gcc 50 + go 51 + unstable.gopls 52 + gnumake 53 + babashka 54 + # Babashka common aliases 55 + neil 56 + ccls 57 + clojure 58 + unstable.clj-kondo 59 + unstable.clojure-lsp 60 + unstable.janet 61 + unstable.jpm 62 + graalvmPackages.graalvm-ce 63 + cmake 64 + universal-ctags 65 + kotlin 66 + nodejs 67 + node2nix 68 + opam 69 + rustup 70 + zig 71 + scala_3 72 + scalafmt 73 + # scala LSP 74 + unstable.metals 75 + # Scala / Java build tool 76 + sbt 77 + luarocks 78 + luajit 79 + lua-language-server 80 + leiningen 81 + libressl 82 + erlang 83 + elixir 84 + ghc 85 + nil 86 + python3 87 + typescript 88 + #vscode-langservers-extracted 89 + scdoc 90 + #dockerfile-language-server-nodejs 91 + #yaml-language-server 92 + mkcert 93 + natscli 94 + poetry 95 + sqlite 96 + pandoc 97 + unstable.harec 98 + unstable.hare 99 + unstable.haredo 100 + unstable.haredoc 101 + unstable.gleam 102 + unstable.rebar3 103 + unstable.bun 104 + unstable.gh 105 + unstable.kraft 106 + #unstable.claude-code 107 + 108 + # Python dev tools 109 + pyright 110 + python313Packages.python-lsp-server 111 + python313Packages.python-lsp-ruff 112 + 113 + # Certificate Management 114 + minica 115 + mkcert 116 + step-cli 117 + 118 + ]; 119 + 120 + nix = { 121 + #package = pkgs.nix; 122 + settings = { 123 + experimental-features = [ 124 + "nix-command" 125 + "flakes" 126 + ]; 127 + extra-trusted-users = [ 128 + "noah" 129 + ]; 130 + extra-substituters = [ 131 + "https://cache.ngp.computer" 132 + ]; 133 + extra-trusted-public-keys = [ 134 + "misaki.packetlost.dev:y5Z/utaVBozpL0UAbUQDWLjpm2sVMOoKzyG76n/167A=" 135 + ]; 136 + }; 137 + }; 138 + 139 + programs.fish = { 140 + enable = true; 141 + #package = unstable.fish; 142 + }; 143 + programs.neovim = { 144 + #package = unstable.neovim-unwrapped; 145 + enable = true; 146 + defaultEditor = true; 147 + withNodeJs = true; 148 + withPython3 = true; 149 + extraPackages = with pkgs; [ 150 + unstable.fzf 151 + unstable.ripgrep 152 + luarocks 153 + unstable.tree-sitter 154 + ]; 155 + }; 156 + programs.home-manager.enable = true; 157 + programs.helix.enable = true; 158 + programs.jujutsu = { 159 + enable = true; 160 + }; 161 + programs.git = { 162 + enable = true; 163 + lfs.enable = true; 164 + settings.user.name = "Noah Pederson"; 165 + settings.user.email = "noah@packetlost.dev"; 166 + extraConfig = { 167 + sendemail = { 168 + smtpserver = "smtp.migadu.com"; 169 + smtpuser = "noah@packetlost.dev"; 170 + smptencryption = "tls"; 171 + smtpserverport = 587; 172 + }; 173 + init = { 174 + defaultBranch = "master"; 175 + }; 176 + pull = { 177 + rebase = true; 178 + }; 179 + credential = { 180 + helper = "cache"; 181 + }; 182 + rerere.enable = true; 183 + }; 184 + ignores = [ 185 + ".direnv/" 186 + ".envrc" 187 + "flake.nix" 188 + "shell.nix" 189 + ".env/" 190 + ".clj-kondo/" 191 + ]; 192 + }; 193 + programs.aerc = { 194 + enable = true; 195 + package = unstable.aerc; 196 + }; 197 + programs.ssh = { 198 + enable = true; 199 + matchBlocks."*".addKeysToAgent = "yes"; 200 + }; 201 + 202 + services.ssh-agent.enable = true; 203 + services.mako.enable = false; 204 + 205 + programs.ssh.extraConfig = builtins.readFile ./ssh/extra; 206 + services.gpg-agent = { 207 + enable = true; 208 + defaultCacheTtl = 1800; 209 + }; 210 + 211 + programs.direnv = { 212 + enable = true; 213 + nix-direnv.enable = true; 214 + }; 215 + 216 + xdg.enable = true; 217 + 218 + # Independent config files. 219 + xdg.configFile.nvim = { 220 + source = ./nvim; 221 + recursive = true; 222 + }; 223 + 224 + xdg.configFile.vis = { 225 + source = ./vis; 226 + recursive = true; 227 + }; 228 + 229 + xdg.configFile.fish = { 230 + source = ./fish; 231 + recursive = true; 232 + force = true; 233 + }; 234 + 235 + xdg.configFile.aerc = { 236 + source = ./aerc; 237 + recursive = true; 238 + }; 239 + 240 + home.file.".local/bin" = { 241 + source = ./scripts; 242 + recursive = true; 243 + }; 244 + age.secrets.catgirl-libera = { 245 + file = ./secrets/catgirl-libera.age; 246 + path = "${config.xdg.configHome}/catgirl/libera"; 247 + symlink = true; 248 + }; 249 + 250 + manual.manpages.enable = true; 251 + 252 + home.stateVersion = "23.11"; 253 + 254 + }
-16
default.nix
··· 1 - 2 - let 3 - nix-pre-commit-hooks = import (builtins.fetchTarball "https://github.com/cachix/pre-commit-hooks.nix/tarball/master"); 4 - in 5 - { 6 - # Configured with the module options defined in `modules/pre-commit.nix`: 7 - pre-commit-check = nix-pre-commit-hooks.run { 8 - src = ./.; 9 - # If your hooks are intrusive, avoid running on each commit with a default_states like this: 10 - # default_stages = ["manual" "push"]; 11 - hooks = { 12 - nixpkgs-fmt.enable = true; 13 - nil.enable = true; 14 - }; 15 - }; 16 - }
+16 -29
fish/config.fish
··· 17 17 abbr gd "git diff" 18 18 abbr ga "git add" 19 19 abbr glog "git log –graph –decorate –oneline –all" 20 + if type -q "emanote" 21 + abbr n "cd ~/repos/notes" 22 + abbr ne "cd ~/repos/notes; nvim" 23 + end 20 24 21 25 abbr srhtclone "git clone git@git.sr.ht:~chiefnoah/" 22 26 abbr ghclone "git clone git@github.com:chiefnoah/" 23 27 24 - alias tailscale /Applications/Tailscale.app/Contents/MacOS/Tailscale 25 - 26 - if test -d "$HOME/repos" 28 + if test -d "~/repos" 27 29 alias r "cd ~/repos" 28 30 end 29 31 30 - if test -d "$HOME/repos/ambient" 31 - alias amb "cd ~/repos/ambient" 32 + set -Ux SSH_AUTH_SOCK /var/run/user/(id -u)/ssh-agent 33 + # PATH stuff 34 + 35 + if test -z "(pgrep ssh-agent)" 36 + eval (ssh-agent -c) > /dev/null # no output 37 + set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 38 + set -Ux SSH_AGENT_PID $SSH_AGENT_PID 39 + set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 32 40 end 33 41 34 - # PATH stuff 35 - 36 42 # Run ssh-agent 37 - #if test -z "(pgrep ssh-agent)" 38 - # eval (ssh-agent -c) > /dev/null # no output 39 - # set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 40 - # set -Ux SSH_AGENT_PID $SSH_AGENT_PID 41 - # set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 42 - #end 43 - 44 43 if type -q "direnv" 45 44 direnv hook fish | source 46 45 set -g direnv_fish_mode eval_on_arrow ··· 52 51 end 53 52 54 53 # NATS config 55 - set -Ux NATS_URL tls://nats.packetlost.dev 54 + set -Ux NATS_URL tls://misaki.local 56 55 set -Ux NATS_CA /srv/nats/minica.pem 57 - set -Ux NATS_CERT /srv/nats/odin.packetlost.dev/cert.pem 58 - set -Ux NATS_KEY /srv/nats/odin.packetlost.dev/key.pem 59 - 60 - if test -d "$HOME/.cargo" 61 - fish_add_path "$HOME/.cargo/bin" 62 - end 63 - 64 - if test -d "$HOME/.local" 65 - fish_add_path "$HOME/.local/bin" 66 - end 67 - 68 - if test -d "$HOME/.local/share/solana/install/active_release/bin" 69 - fish_add_path "$HOME/.local/share/solana/install/active_release/bin" 70 - end 56 + set -Ux NATS_CERT /srv/nats/touma-nixos@packetlost.dev/cert.pem 57 + set -Ux NATS_KEY /srv/nats/touma-nixos@packetlost.dev/key.pem 71 58 72 59 # Keybindings 73 60 fish_default_key_bindings
+3
fish/functions/fish_user_key_bindings.fish
··· 1 1 function fish_user_key_bindings 2 + if command -s fzf-share >/dev/null 3 + source (fzf-share)/key-bindings.fish 4 + end 2 5 fzf_key_bindings 3 6 bind \co 'lfcd; commandline -f repaint' 4 7 end
-200
fish/functions/fzf_key_bindings.fish
··· 1 - ### key-bindings.fish ### 2 - # ____ ____ 3 - # / __/___ / __/ 4 - # / /_/_ / / /_ 5 - # / __/ / /_/ __/ 6 - # /_/ /___/_/ key-bindings.fish 7 - # 8 - # - $FZF_TMUX_OPTS 9 - # - $FZF_CTRL_T_COMMAND 10 - # - $FZF_CTRL_T_OPTS 11 - # - $FZF_CTRL_R_OPTS 12 - # - $FZF_ALT_C_COMMAND 13 - # - $FZF_ALT_C_OPTS 14 - 15 - status is-interactive; or exit 0 16 - 17 - 18 - # Key bindings 19 - # ------------ 20 - function fzf_key_bindings 21 - 22 - function __fzf_defaults 23 - # $1: Prepend to FZF_DEFAULT_OPTS_FILE and FZF_DEFAULT_OPTS 24 - # $2: Append to FZF_DEFAULT_OPTS_FILE and FZF_DEFAULT_OPTS 25 - test -n "$FZF_TMUX_HEIGHT"; or set FZF_TMUX_HEIGHT 40% 26 - echo "--height $FZF_TMUX_HEIGHT --bind=ctrl-z:ignore" $argv[1] 27 - command cat "$FZF_DEFAULT_OPTS_FILE" 2> /dev/null 28 - echo $FZF_DEFAULT_OPTS $argv[2] 29 - end 30 - 31 - # Store current token in $dir as root for the 'find' command 32 - function fzf-file-widget -d "List files and folders" 33 - set -l commandline (__fzf_parse_commandline) 34 - set -lx dir $commandline[1] 35 - set -l fzf_query $commandline[2] 36 - set -l prefix $commandline[3] 37 - 38 - test -n "$FZF_TMUX_HEIGHT"; or set FZF_TMUX_HEIGHT 40% 39 - begin 40 - set -lx FZF_DEFAULT_OPTS (__fzf_defaults "--reverse --walker=file,dir,follow,hidden --scheme=path --walker-root='$dir'" "$FZF_CTRL_T_OPTS") 41 - set -lx FZF_DEFAULT_COMMAND "$FZF_CTRL_T_COMMAND" 42 - set -lx FZF_DEFAULT_OPTS_FILE '' 43 - eval (__fzfcmd)' -m --query "'$fzf_query'"' | while read -l r; set result $result $r; end 44 - end 45 - if [ -z "$result" ] 46 - commandline -f repaint 47 - return 48 - else 49 - # Remove last token from commandline. 50 - commandline -t "" 51 - end 52 - for i in $result 53 - commandline -it -- $prefix 54 - commandline -it -- (string escape $i) 55 - commandline -it -- ' ' 56 - end 57 - commandline -f repaint 58 - end 59 - 60 - function fzf-history-widget -d "Show command history" 61 - test -n "$FZF_TMUX_HEIGHT"; or set FZF_TMUX_HEIGHT 40% 62 - begin 63 - set -l FISH_MAJOR (echo $version | cut -f1 -d.) 64 - set -l FISH_MINOR (echo $version | cut -f2 -d.) 65 - 66 - # merge history from other sessions before searching 67 - if test -z "$fish_private_mode" 68 - builtin history merge 69 - end 70 - 71 - # history's -z flag is needed for multi-line support. 72 - # history's -z flag was added in fish 2.4.0, so don't use it for versions 73 - # before 2.4.0. 74 - if [ "$FISH_MAJOR" -gt 2 -o \( "$FISH_MAJOR" -eq 2 -a "$FISH_MINOR" -ge 4 \) ]; 75 - if type -P perl > /dev/null 2>&1 76 - set -lx FZF_DEFAULT_OPTS (__fzf_defaults "" "-n2..,.. --scheme=history --bind=ctrl-r:toggle-sort --wrap-sign '"\t"↳ ' --highlight-line $FZF_CTRL_R_OPTS +m") 77 - set -lx FZF_DEFAULT_OPTS_FILE '' 78 - builtin history -z --reverse | command perl -0 -pe 's/^/$.\t/g; s/\n/\n\t/gm' | eval (__fzfcmd) --tac --read0 --print0 -q '(commandline)' | command perl -pe 's/^\d*\t//' | read -lz result 79 - and commandline -- $result 80 - else 81 - set -lx FZF_DEFAULT_OPTS (__fzf_defaults "" "--scheme=history --bind=ctrl-r:toggle-sort --wrap-sign '"\t"↳ ' --highlight-line $FZF_CTRL_R_OPTS +m") 82 - set -lx FZF_DEFAULT_OPTS_FILE '' 83 - builtin history -z | eval (__fzfcmd) --read0 --print0 -q '(commandline)' | read -lz result 84 - and commandline -- $result 85 - end 86 - else 87 - builtin history | eval (__fzfcmd) -q '(commandline)' | read -l result 88 - and commandline -- $result 89 - end 90 - end 91 - commandline -f repaint 92 - end 93 - 94 - function fzf-cd-widget -d "Change directory" 95 - set -l commandline (__fzf_parse_commandline) 96 - set -lx dir $commandline[1] 97 - set -l fzf_query $commandline[2] 98 - set -l prefix $commandline[3] 99 - 100 - test -n "$FZF_TMUX_HEIGHT"; or set FZF_TMUX_HEIGHT 40% 101 - begin 102 - set -lx FZF_DEFAULT_OPTS (__fzf_defaults "--reverse --walker=dir,follow,hidden --scheme=path --walker-root='$dir'" "$FZF_ALT_C_OPTS") 103 - set -lx FZF_DEFAULT_OPTS_FILE '' 104 - set -lx FZF_DEFAULT_COMMAND "$FZF_ALT_C_COMMAND" 105 - eval (__fzfcmd)' +m --query "'$fzf_query'"' | read -l result 106 - 107 - if [ -n "$result" ] 108 - cd -- $result 109 - 110 - # Remove last token from commandline. 111 - commandline -t "" 112 - commandline -it -- $prefix 113 - end 114 - end 115 - 116 - commandline -f repaint 117 - end 118 - 119 - function __fzfcmd 120 - test -n "$FZF_TMUX"; or set FZF_TMUX 0 121 - test -n "$FZF_TMUX_HEIGHT"; or set FZF_TMUX_HEIGHT 40% 122 - if [ -n "$FZF_TMUX_OPTS" ] 123 - echo "fzf-tmux $FZF_TMUX_OPTS -- " 124 - else if [ $FZF_TMUX -eq 1 ] 125 - echo "fzf-tmux -d$FZF_TMUX_HEIGHT -- " 126 - else 127 - echo "fzf" 128 - end 129 - end 130 - 131 - bind \cr fzf-history-widget 132 - if not set -q FZF_CTRL_T_COMMAND; or test -n "$FZF_CTRL_T_COMMAND" 133 - bind \ct fzf-file-widget 134 - end 135 - if not set -q FZF_ALT_C_COMMAND; or test -n "$FZF_ALT_C_COMMAND" 136 - bind \ec fzf-cd-widget 137 - end 138 - 139 - if bind -M insert > /dev/null 2>&1 140 - bind -M insert \cr fzf-history-widget 141 - if not set -q FZF_CTRL_T_COMMAND; or test -n "$FZF_CTRL_T_COMMAND" 142 - bind -M insert \ct fzf-file-widget 143 - end 144 - if not set -q FZF_ALT_C_COMMAND; or test -n "$FZF_ALT_C_COMMAND" 145 - bind -M insert \ec fzf-cd-widget 146 - end 147 - end 148 - 149 - function __fzf_parse_commandline -d 'Parse the current command line token and return split of existing filepath, fzf query, and optional -option= prefix' 150 - set -l commandline (commandline -t) 151 - 152 - # strip -option= from token if present 153 - set -l prefix (string match -r -- '^-[^\s=]+=' $commandline) 154 - set commandline (string replace -- "$prefix" '' $commandline) 155 - 156 - # eval is used to do shell expansion on paths 157 - eval set commandline $commandline 158 - 159 - if [ -z $commandline ] 160 - # Default to current directory with no --query 161 - set dir '.' 162 - set fzf_query '' 163 - else 164 - set dir (__fzf_get_dir $commandline) 165 - 166 - if [ "$dir" = "." -a (string sub -l 1 -- $commandline) != '.' ] 167 - # if $dir is "." but commandline is not a relative path, this means no file path found 168 - set fzf_query $commandline 169 - else 170 - # Also remove trailing slash after dir, to "split" input properly 171 - set fzf_query (string replace -r "^$dir/?" -- '' "$commandline") 172 - end 173 - end 174 - 175 - echo $dir 176 - echo $fzf_query 177 - echo $prefix 178 - end 179 - 180 - function __fzf_get_dir -d 'Find the longest existing filepath from input string' 181 - set dir $argv 182 - 183 - # Strip all trailing slashes. Ignore if $dir is root dir (/) 184 - if [ (string length -- $dir) -gt 1 ] 185 - set dir (string replace -r '/*$' -- '' $dir) 186 - end 187 - 188 - # Iteratively check if dir exists and strip tail end of path 189 - while [ ! -d "$dir" ] 190 - # If path is absolute, this can keep going until ends up at / 191 - # If path is relative, this can keep going until entire input is consumed, dirname returns "." 192 - set dir (dirname -- "$dir") 193 - end 194 - 195 - echo $dir 196 - end 197 - 198 - end 199 - ### end: key-bindings.fish ### 200 - fzf_key_bindings
-20
fish/functions/rfv.fish
··· 1 - # ripgrep->fzf->nvim [QUERY] 2 - # Ripped from: https://junegunn.github.io/fzf/tips/ripgrep-integration/ 3 - function rfv 4 - set -lx RELOAD 'reload:rg --column --color=always --smart-case {q} || :' 5 - set -lx OPENER 'if [[ $FZF_SELECT_COUNT -eq 0 ]]; then 6 - nvim {1} +{2} # No selection. Open the current line in Vim. 7 - else 8 - nvim +cw -q {+f} # Build quickfix list for the selected items. 9 - fi' 10 - fzf < /dev/null \ 11 - --disabled --ansi --multi \ 12 - --bind "start:$RELOAD" --bind "change:$RELOAD" \ 13 - --bind "enter:become:$OPENER" \ 14 - --bind "ctrl-o:execute:$OPENER" \ 15 - --bind 'alt-a:select-all,alt-d:deselect-all,ctrl-/:toggle-preview' \ 16 - --delimiter : \ 17 - --preview 'bat --style=full --color=always --highlight-line {2} {1}' \ 18 - --preview-window '~4,+{2}+4/3,<80(up)' \ 19 - --query "$argv" 20 - end
+387 -16
flake.lock
··· 1 1 { 2 2 "nodes": { 3 + "agenix": { 4 + "inputs": { 5 + "darwin": "darwin", 6 + "home-manager": "home-manager", 7 + "nixpkgs": [ 8 + "nixpkgs" 9 + ], 10 + "systems": "systems" 11 + }, 12 + "locked": { 13 + "lastModified": 1762618334, 14 + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", 15 + "owner": "ryantm", 16 + "repo": "agenix", 17 + "rev": "fcdea223397448d35d9b31f798479227e80183f6", 18 + "type": "github" 19 + }, 20 + "original": { 21 + "owner": "ryantm", 22 + "repo": "agenix", 23 + "type": "github" 24 + } 25 + }, 26 + "darwin": { 27 + "inputs": { 28 + "nixpkgs": [ 29 + "agenix", 30 + "nixpkgs" 31 + ] 32 + }, 33 + "locked": { 34 + "lastModified": 1744478979, 35 + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", 36 + "owner": "lnl7", 37 + "repo": "nix-darwin", 38 + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", 39 + "type": "github" 40 + }, 41 + "original": { 42 + "owner": "lnl7", 43 + "ref": "master", 44 + "repo": "nix-darwin", 45 + "type": "github" 46 + } 47 + }, 48 + "determinate-nixd-aarch64-darwin": { 49 + "flake": false, 50 + "locked": { 51 + "narHash": "sha256-zK2dgNHh/p92rk5jN+Y1LOMn0HEdTsS+7XXwb2g52oM=", 52 + "type": "file", 53 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS" 54 + }, 55 + "original": { 56 + "type": "file", 57 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS" 58 + } 59 + }, 60 + "determinate-nixd-aarch64-linux": { 61 + "flake": false, 62 + "locked": { 63 + "narHash": "sha256-ckvZP0zFcbzLXWYOJUqYXkKBt0b2IZcQEr7YjEVtwOI=", 64 + "type": "file", 65 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux" 66 + }, 67 + "original": { 68 + "type": "file", 69 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux" 70 + } 71 + }, 72 + "determinate-nixd-x86_64-linux": { 73 + "flake": false, 74 + "locked": { 75 + "narHash": "sha256-8dLtm8FJrpyBmrNpspJj30/6I5HGEfjjXuFqURcZ8pk=", 76 + "type": "file", 77 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux" 78 + }, 79 + "original": { 80 + "type": "file", 81 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux" 82 + } 83 + }, 84 + "determinite": { 85 + "inputs": { 86 + "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", 87 + "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", 88 + "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", 89 + "nix": "nix", 90 + "nixpkgs": [ 91 + "nixpkgs" 92 + ] 93 + }, 94 + "locked": { 95 + "lastModified": 1768964099, 96 + "narHash": "sha256-sV1OJYyktJRl7I3HxeBvWTWXjqm2uCTS3gS1p+DLn7c=", 97 + "rev": "a5469e9aa3870941320cb92d899b66e141c5a3cd", 98 + "revCount": 394, 99 + "type": "tarball", 100 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.2/019bde7d-0725-73ef-9705-498c50ef6e00/source.tar.gz" 101 + }, 102 + "original": { 103 + "type": "tarball", 104 + "url": "https://flakehub.com/f/DeterminateSystems/determinate/3" 105 + } 106 + }, 107 + "flake-compat": { 108 + "flake": false, 109 + "locked": { 110 + "lastModified": 1696426674, 111 + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 112 + "owner": "edolstra", 113 + "repo": "flake-compat", 114 + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 115 + "type": "github" 116 + }, 117 + "original": { 118 + "owner": "edolstra", 119 + "repo": "flake-compat", 120 + "type": "github" 121 + } 122 + }, 123 + "flake-compat_2": { 124 + "flake": false, 125 + "locked": { 126 + "lastModified": 1767039857, 127 + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 128 + "owner": "edolstra", 129 + "repo": "flake-compat", 130 + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 131 + "type": "github" 132 + }, 133 + "original": { 134 + "owner": "edolstra", 135 + "repo": "flake-compat", 136 + "type": "github" 137 + } 138 + }, 139 + "flake-compat_3": { 140 + "flake": false, 141 + "locked": { 142 + "lastModified": 1767039857, 143 + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 144 + "owner": "NixOS", 145 + "repo": "flake-compat", 146 + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 147 + "type": "github" 148 + }, 149 + "original": { 150 + "owner": "NixOS", 151 + "repo": "flake-compat", 152 + "type": "github" 153 + } 154 + }, 155 + "flake-parts": { 156 + "inputs": { 157 + "nixpkgs-lib": [ 158 + "determinite", 159 + "nix", 160 + "nixpkgs" 161 + ] 162 + }, 163 + "locked": { 164 + "lastModified": 1748821116, 165 + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", 166 + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", 167 + "revCount": 377, 168 + "type": "tarball", 169 + "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz" 170 + }, 171 + "original": { 172 + "type": "tarball", 173 + "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" 174 + } 175 + }, 176 + "git-hooks-nix": { 177 + "inputs": { 178 + "flake-compat": "flake-compat", 179 + "gitignore": [ 180 + "determinite", 181 + "nix" 182 + ], 183 + "nixpkgs": [ 184 + "determinite", 185 + "nix", 186 + "nixpkgs" 187 + ] 188 + }, 189 + "locked": { 190 + "lastModified": 1747372754, 191 + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", 192 + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", 193 + "revCount": 1026, 194 + "type": "tarball", 195 + "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" 196 + }, 197 + "original": { 198 + "type": "tarball", 199 + "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" 200 + } 201 + }, 202 + "gitignore": { 203 + "inputs": { 204 + "nixpkgs": [ 205 + "pre-commit-hooks", 206 + "nixpkgs" 207 + ] 208 + }, 209 + "locked": { 210 + "lastModified": 1709087332, 211 + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", 212 + "owner": "hercules-ci", 213 + "repo": "gitignore.nix", 214 + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", 215 + "type": "github" 216 + }, 217 + "original": { 218 + "owner": "hercules-ci", 219 + "repo": "gitignore.nix", 220 + "type": "github" 221 + } 222 + }, 3 223 "home-manager": { 4 224 "inputs": { 5 225 "nixpkgs": [ 226 + "agenix", 6 227 "nixpkgs" 7 228 ] 8 229 }, 9 230 "locked": { 10 - "lastModified": 1763992789, 11 - "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=", 231 + "lastModified": 1745494811, 232 + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", 233 + "owner": "nix-community", 234 + "repo": "home-manager", 235 + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", 236 + "type": "github" 237 + }, 238 + "original": { 239 + "owner": "nix-community", 240 + "repo": "home-manager", 241 + "type": "github" 242 + } 243 + }, 244 + "home-manager_2": { 245 + "inputs": { 246 + "nixpkgs": [ 247 + "nixpkgs" 248 + ] 249 + }, 250 + "locked": { 251 + "lastModified": 1768949235, 252 + "narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=", 12 253 "owner": "nix-community", 13 254 "repo": "home-manager", 14 - "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3", 255 + "rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5", 15 256 "type": "github" 16 257 }, 17 258 "original": { 18 259 "owner": "nix-community", 19 - "ref": "release-25.05", 260 + "ref": "release-25.11", 20 261 "repo": "home-manager", 21 262 "type": "github" 22 263 } 23 264 }, 265 + "nix": { 266 + "inputs": { 267 + "flake-parts": "flake-parts", 268 + "git-hooks-nix": "git-hooks-nix", 269 + "nixpkgs": "nixpkgs", 270 + "nixpkgs-23-11": "nixpkgs-23-11", 271 + "nixpkgs-regression": "nixpkgs-regression" 272 + }, 273 + "locked": { 274 + "lastModified": 1768960381, 275 + "narHash": "sha256-32oMe1y+kwvIJNiJsIvozTuSmDxcwST06i+0ak+L4AU=", 276 + "rev": "45ce621408cb8c9a724193d5fe858eb839662db8", 277 + "revCount": 24453, 278 + "type": "tarball", 279 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.2/019bde75-b4ee-74b2-a812-28dc2ee83d58/source.tar.gz" 280 + }, 281 + "original": { 282 + "type": "tarball", 283 + "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" 284 + } 285 + }, 286 + "nixos-wsl": { 287 + "inputs": { 288 + "flake-compat": "flake-compat_2", 289 + "nixpkgs": [ 290 + "nixpkgs" 291 + ] 292 + }, 293 + "locked": { 294 + "lastModified": 1769217863, 295 + "narHash": "sha256-RY9kJDXD6+2Td/59LkZ0PFSereCXHdBX9wIkbYjRKCY=", 296 + "owner": "nix-community", 297 + "repo": "NixOS-WSL", 298 + "rev": "38a5250e57f583662eac3b944830e4b9e169e965", 299 + "type": "github" 300 + }, 301 + "original": { 302 + "owner": "nix-community", 303 + "ref": "main", 304 + "repo": "NixOS-WSL", 305 + "type": "github" 306 + } 307 + }, 24 308 "nixpkgs": { 25 309 "locked": { 26 - "lastModified": 1764316264, 27 - "narHash": "sha256-82L+EJU+40+FIdeG4gmUlOF1jeSwlf2AwMarrpdHF6o=", 28 - "owner": "nixos", 310 + "lastModified": 1761597516, 311 + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", 312 + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", 313 + "revCount": 811874, 314 + "type": "tarball", 315 + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" 316 + }, 317 + "original": { 318 + "type": "tarball", 319 + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" 320 + } 321 + }, 322 + "nixpkgs-23-11": { 323 + "locked": { 324 + "lastModified": 1717159533, 325 + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", 326 + "owner": "NixOS", 29 327 "repo": "nixpkgs", 30 - "rev": "9a7b80b6f82a71ea04270d7ba11b48855681c4b0", 328 + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", 31 329 "type": "github" 32 330 }, 33 331 "original": { 34 - "owner": "nixos", 35 - "ref": "nixos-25.05", 332 + "owner": "NixOS", 36 333 "repo": "nixpkgs", 334 + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", 335 + "type": "github" 336 + } 337 + }, 338 + "nixpkgs-regression": { 339 + "locked": { 340 + "lastModified": 1643052045, 341 + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", 342 + "owner": "NixOS", 343 + "repo": "nixpkgs", 344 + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", 345 + "type": "github" 346 + }, 347 + "original": { 348 + "owner": "NixOS", 349 + "repo": "nixpkgs", 350 + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", 37 351 "type": "github" 38 352 } 39 353 }, 40 354 "nixpkgs-unstable": { 41 355 "locked": { 42 - "lastModified": 1764242076, 43 - "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=", 356 + "lastModified": 1769018530, 357 + "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=", 44 358 "owner": "nixos", 45 359 "repo": "nixpkgs", 46 - "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4", 360 + "rev": "88d3861acdd3d2f0e361767018218e51810df8a1", 47 361 "type": "github" 48 362 }, 49 363 "original": { ··· 53 367 "type": "github" 54 368 } 55 369 }, 370 + "nixpkgs_2": { 371 + "locked": { 372 + "lastModified": 1769089682, 373 + "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=", 374 + "owner": "nixos", 375 + "repo": "nixpkgs", 376 + "rev": "078d69f03934859a181e81ba987c2bb033eebfc5", 377 + "type": "github" 378 + }, 379 + "original": { 380 + "owner": "nixos", 381 + "ref": "nixos-25.11", 382 + "repo": "nixpkgs", 383 + "type": "github" 384 + } 385 + }, 386 + "pre-commit-hooks": { 387 + "inputs": { 388 + "flake-compat": "flake-compat_3", 389 + "gitignore": "gitignore", 390 + "nixpkgs": [ 391 + "nixpkgs" 392 + ] 393 + }, 394 + "locked": { 395 + "lastModified": 1769069492, 396 + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", 397 + "owner": "cachix", 398 + "repo": "git-hooks.nix", 399 + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", 400 + "type": "github" 401 + }, 402 + "original": { 403 + "owner": "cachix", 404 + "repo": "git-hooks.nix", 405 + "type": "github" 406 + } 407 + }, 56 408 "root": { 57 409 "inputs": { 58 - "home-manager": "home-manager", 59 - "nixpkgs": "nixpkgs", 60 - "nixpkgs-unstable": "nixpkgs-unstable" 410 + "agenix": "agenix", 411 + "determinite": "determinite", 412 + "home-manager": "home-manager_2", 413 + "nixos-wsl": "nixos-wsl", 414 + "nixpkgs": "nixpkgs_2", 415 + "nixpkgs-unstable": "nixpkgs-unstable", 416 + "pre-commit-hooks": "pre-commit-hooks" 417 + } 418 + }, 419 + "systems": { 420 + "locked": { 421 + "lastModified": 1681028828, 422 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 423 + "owner": "nix-systems", 424 + "repo": "default", 425 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 426 + "type": "github" 427 + }, 428 + "original": { 429 + "owner": "nix-systems", 430 + "repo": "default", 431 + "type": "github" 61 432 } 62 433 } 63 434 },
+212 -13
flake.nix
··· 1 1 { 2 - description = "Home Manager configuration of noah"; 2 + description = "Home Manager configuration for noah"; 3 3 4 4 inputs = { 5 5 # Specify the source of Home Manager and Nixpkgs. 6 - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; 6 + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; 7 7 nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; 8 + nixos-wsl = { 9 + url = "github:nix-community/NixOS-WSL/main"; 10 + inputs.nixpkgs.follows = "nixpkgs"; 11 + }; 12 + determinite = { 13 + url = "https://flakehub.com/f/DeterminateSystems/determinate/3"; 14 + inputs.nixpkgs.follows = "nixpkgs"; 15 + }; 8 16 home-manager = { 9 - url = "github:nix-community/home-manager/release-25.05"; 17 + url = "github:nix-community/home-manager/release-25.11"; 18 + inputs.nixpkgs.follows = "nixpkgs"; 19 + }; 20 + pre-commit-hooks = { 21 + url = "github:cachix/git-hooks.nix"; 22 + inputs.nixpkgs.follows = "nixpkgs"; 23 + }; 24 + agenix = { 25 + url = "github:ryantm/agenix"; 10 26 inputs.nixpkgs.follows = "nixpkgs"; 11 27 }; 12 28 }; 13 29 14 - outputs = { nixpkgs, nixpkgs-unstable, home-manager, ... }: 30 + outputs = 31 + { 32 + self, 33 + nixpkgs, 34 + nixpkgs-unstable, 35 + nixos-wsl, 36 + determinite, 37 + home-manager, 38 + pre-commit-hooks, 39 + agenix, 40 + ... 41 + }@inputs: 15 42 let 16 - system = "aarch64-darwin"; 17 - pkgs = nixpkgs.legacyPackages.${system}; 18 - unstable-pkgs = nixpkgs-unstable.legacyPackages.${system}; 19 - in { 20 - homeConfigurations."noah" = home-manager.lib.homeManagerConfiguration { 21 - inherit pkgs; 22 - 43 + supportedSystems = [ 44 + "x86_64-linux" 45 + "aarch64-linux" 46 + "x86_64-darwin" 47 + "aarch64-darwin" 48 + ]; 49 + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 50 + basicSystem = 51 + { 52 + system ? "x86_64-linux", 53 + modules ? [ ], 54 + useUnstable ? false, 55 + extraGroups ? [ ], 56 + overlays ? [ ], 57 + enableNFTables ? true, 58 + }: 59 + let 60 + unstable = import nixpkgs-unstable { 61 + inherit system overlays; 62 + config.allowUnfree = true; 63 + }; 64 + in 65 + inputs.nixpkgs.lib.nixosSystem { 66 + inherit system; 67 + specialArgs = { 68 + inherit inputs extraGroups enableNFTables; 69 + } 70 + // nixpkgs.lib.optionalAttrs useUnstable { 71 + inherit unstable; 72 + }; 73 + modules = [ 74 + determinite.nixosModules.default 75 + ./common.nix 76 + ./users.nix 77 + ./services.nix 78 + agenix.nixosModules.default 79 + home-manager.nixosModules.home-manager 80 + { 81 + home-manager.useGlobalPkgs = true; 82 + home-manager.useUserPackages = true; 83 + home-manager.users.noah = ./default-home.nix; 84 + home-manager.extraSpecialArgs = { 85 + inherit inputs; 86 + } 87 + // nixpkgs.lib.optionalAttrs useUnstable { 88 + inherit unstable; 89 + }; 90 + } 91 + ] 92 + ++ modules; 93 + }; 94 + in 95 + { 96 + # incomplete 97 + nixosConfigurations.odin = basicSystem { 98 + extraGroups = [ 99 + "libvirtd" 100 + "qemu-libvirtd" 101 + "docker" 102 + ]; 103 + useUnstable = true; 104 + modules = [ 105 + ./host-specific/odin/configuration.nix 106 + ]; 107 + }; 108 + nixosConfigurations.shizuri = basicSystem { 109 + useUnstable = true; 110 + modules = [ 111 + ./host-specific/shizuri/configuration.nix 112 + ]; 113 + }; 114 + nixosConfigurations.misaki = basicSystem { 115 + useUnstable = true; 116 + extraGroups = [ 117 + "render" 118 + "nats" 119 + "litterbox" 120 + "httpd" 121 + ]; 122 + modules = [ 123 + ./host-specific/misaki/configuration.nix 124 + ]; 125 + overlays = [ 126 + (final: prev: { 127 + # Override the version of Plex installed to be the latest 128 + plexRaw = prev.plexRaw.overrideAttrs rec { 129 + version = "1.43.0.10389-8be686aa6"; 130 + src = final.fetchurl { 131 + url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb"; 132 + sha256 = "0HjB8Ggekwl5dKwM1Kh51Ic25t3V6veKbuzM7czrpeg="; 133 + }; 134 + }; 135 + ## Override the json object that contains verions and hashes for Immich 136 + #immich = prev.immich.override { sourcesJSON = ./overrides/immich-sources.json; }; 137 + ## Fix errors wit numpy version failing to resolve in the immich ML package 138 + #immich-machine-learning = prev.immich-machine-learning.overrideAttrs 139 + # (finalAttrs: prevAttrs: { 140 + # pythonRelaxDeps = prevAttrs.pythonRelaxDeps ++ [ "numpy" ]; 141 + # }); 142 + }) 143 + ]; 144 + }; 145 + nixosConfigurations.touma-wsl = basicSystem { 146 + useUnstable = true; 147 + modules = [ 148 + ./host-specific/touma-wsl.nix 149 + nixos-wsl.nixosModules.default 150 + ]; 151 + enableNFTables = false; 152 + }; 153 + nixosConfigurations.edge = basicSystem { 154 + useUnstable = true; 155 + modules = [ 156 + ./host-specific/edge/configuration.nix 157 + ]; 158 + }; 159 + homeConfigurations."noah-aleister" = home-manager.lib.homeManagerConfiguration { 160 + pkgs = import nixpkgs { 161 + system = "aarch64-darwin"; 162 + config.allowUnfree = true; 163 + }; 23 164 # Specify your home configuration modules here, for example, 24 165 # the path to your home.nix. 25 - modules = [ ./home.nix ]; 166 + modules = [ 167 + ./host-specific/aleister-noah.nix 168 + agenix.homeManagerModules.default 169 + ]; 26 170 27 171 # Optionally use extraSpecialArgs 28 172 # to pass through arguments to home.nix 29 173 extraSpecialArgs = { 30 - unstable = unstable-pkgs; 174 + unstable = import nixpkgs-unstable { 175 + system = "aarch64-darwin"; 176 + config.allowUnfree = true; 177 + }; 31 178 }; 32 179 }; 180 + homeConfigurations."noah" = 181 + let 182 + system = "x86_64-linux"; 183 + pkgs = import nixpkgs { 184 + inherit system; 185 + config.allowUnfree = true; 186 + }; 187 + unstable = import nixpkgs-unstable { 188 + inherit system; 189 + config.allowUnfree = true; 190 + }; 191 + in 192 + home-manager.lib.homeManagerConfiguration { 193 + inherit pkgs; 194 + # Specify your home configuration modules here, for example, 195 + # the path to your home.nix. 196 + modules = [ 197 + ./default-home.nix 198 + { 199 + nix.package = pkgs.nix; 200 + } 201 + ]; 202 + 203 + # Optionally use extraSpecialArgs 204 + # to pass through arguments to home.nix 205 + extraSpecialArgs = { 206 + inherit unstable; 207 + inputs = inputs; 208 + }; 209 + }; 210 + checks = forAllSystems (system: { 211 + pre-commit-check = pre-commit-hooks.lib.${system}.run { 212 + src = ./.; 213 + # If your hooks are intrusive, avoid running on each commit with a default_states like this: 214 + # default_stages = ["manual" "push"]; 215 + hooks = { 216 + nixfmt-rfc-style.enable = true; 217 + nil.enable = true; 218 + luacheck.enable = true; 219 + }; 220 + }; 221 + }); 222 + devShells = forAllSystems (system: { 223 + default = nixpkgs.legacyPackages.${system}.mkShell { 224 + inherit (self.checks.${system}.pre-commit-check) shellHook; 225 + buildInputs = [ 226 + nixpkgs.legacyPackages.${system}.nixfmt-rfc-style 227 + ] 228 + ++ self.checks.${system}.pre-commit-check.enabledPackages; 229 + }; 230 + }); 231 + formatter = forAllSystems (system: inputs.nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); 33 232 }; 34 233 }
+8 -1
ghostty/config
··· 1 1 #font-size = 13 2 2 font-family = TX-02 Medium 3 - theme = catppuccin-macchiato 3 + theme = flat-remix-light 4 + #theme = dark:catppuccin-frappe,light:catppuccin-latte 4 5 shell-integration = fish 5 6 link-url = true 7 + clipboard-read = allow 6 8 7 9 #window-decoration = true 8 10 ··· 21 23 #font-feature = ss06 22 24 #font-feature = ss07 23 25 #font-feature = ss08 26 + 27 + custom-shader = ~/.config/ghostty/shaders/galaxy.glsl 28 + #custom-shader = ~/.config/ghostty/shaders/tft.glsl 29 + #custom-shader = ~/.config/ghostty/shaders/retro-terminal.glsl 30 + #custom-shader = ~/.config/ghostty/shaders/bettercrt.glsl
-23
ghostty/themes/catppuccin-frappe.conf
··· 1 - palette = 0=#51576d 2 - palette = 1=#e78284 3 - palette = 2=#a6d189 4 - palette = 3=#e5c890 5 - palette = 4=#8caaee 6 - palette = 5=#f4b8e4 7 - palette = 6=#81c8be 8 - palette = 7=#a5adce 9 - palette = 8=#626880 10 - palette = 9=#e78284 11 - palette = 10=#a6d189 12 - palette = 11=#e5c890 13 - palette = 12=#8caaee 14 - palette = 13=#f4b8e4 15 - palette = 14=#81c8be 16 - palette = 15=#b5bfe2 17 - background = 303446 18 - foreground = c6d0f5 19 - cursor-color = f2d5cf 20 - cursor-text = 232634 21 - selection-background = 44495d 22 - selection-foreground = c6d0f5 23 - split-divider-color = 414559
-23
ghostty/themes/catppuccin-latte.conf
··· 1 - palette = 0=#5c5f77 2 - palette = 1=#d20f39 3 - palette = 2=#40a02b 4 - palette = 3=#df8e1d 5 - palette = 4=#1e66f5 6 - palette = 5=#ea76cb 7 - palette = 6=#179299 8 - palette = 7=#acb0be 9 - palette = 8=#6c6f85 10 - palette = 9=#d20f39 11 - palette = 10=#40a02b 12 - palette = 11=#df8e1d 13 - palette = 12=#1e66f5 14 - palette = 13=#ea76cb 15 - palette = 14=#179299 16 - palette = 15=#bcc0cc 17 - background = eff1f5 18 - foreground = 4c4f69 19 - cursor-color = dc8a78 20 - cursor-text = eff1f5 21 - selection-background = d8dae1 22 - selection-foreground = 4c4f69 23 - split-divider-color = ccd0da
-23
ghostty/themes/catppuccin-macchiato.conf
··· 1 - palette = 0=#494d64 2 - palette = 1=#ed8796 3 - palette = 2=#a6da95 4 - palette = 3=#eed49f 5 - palette = 4=#8aadf4 6 - palette = 5=#f5bde6 7 - palette = 6=#8bd5ca 8 - palette = 7=#a5adcb 9 - palette = 8=#5b6078 10 - palette = 9=#ed8796 11 - palette = 10=#a6da95 12 - palette = 11=#eed49f 13 - palette = 12=#8aadf4 14 - palette = 13=#f5bde6 15 - palette = 14=#8bd5ca 16 - palette = 15=#b8c0e0 17 - background = 24273a 18 - foreground = cad3f5 19 - cursor-color = f4dbd6 20 - cursor-text = 181926 21 - selection-background = 3a3e53 22 - selection-foreground = cad3f5 23 - split-divider-color = 363a4f
-23
ghostty/themes/catppuccin-mocha.conf
··· 1 - palette = 0=#45475a 2 - palette = 1=#f38ba8 3 - palette = 2=#a6e3a1 4 - palette = 3=#f9e2af 5 - palette = 4=#89b4fa 6 - palette = 5=#f5c2e7 7 - palette = 6=#94e2d5 8 - palette = 7=#a6adc8 9 - palette = 8=#585b70 10 - palette = 9=#f38ba8 11 - palette = 10=#a6e3a1 12 - palette = 11=#f9e2af 13 - palette = 12=#89b4fa 14 - palette = 13=#f5c2e7 15 - palette = 14=#94e2d5 16 - palette = 15=#bac2de 17 - background = 1e1e2e 18 - foreground = cdd6f4 19 - cursor-color = f5e0dc 20 - cursor-text = 11111b 21 - selection-background = 353749 22 - selection-foreground = cdd6f4 23 - split-divider-color = 313244
+42
ghostty/themes/flat-remix-light
··· 1 + # standard colors 2 + # black 3 + palette = 0=#404040 4 + # red 5 + palette = 1=#d41919 6 + # green 7 + palette = 2=#12715f 8 + # yellow 9 + palette = 3=#fea44c 10 + # blue 11 + palette = 4=#367bf0 12 + # purple 13 + palette = 5=#8c42ab 14 + # cyan 15 + palette = 6=#4aaee6 16 + # white 17 + palette = 7=#ffffff 18 + 19 + # intense colors 20 + # black (grey) 21 + palette = 8=#737680 22 + # red 23 + palette = 9=#811035 24 + # green 25 + palette = 10=#23bac2 26 + # yellow 27 + palette = 11=#fe7171 28 + # blue 29 + palette = 12=#54bd8e 30 + # purple 31 + palette = 13=#d41919 32 + # cyan 33 + palette = 14=#367bf0 34 + # white 35 + palette = 15=#aaaaaa 36 + 37 + background = #e4e4e7 38 + foreground = #404040 39 + cursor-color = #272a34 40 + cursor-text = #b8174c 41 + selection-background = #737680 42 + selection-foreground = #ffffff
+79
gui.nix
··· 1 + { pkgs, unstable, ... }: 2 + { 3 + # Enable the X11 windowing system. 4 + services.xserver.enable = true; 5 + 6 + # Configure keymap in X11 7 + # services.xserver.xkb.layout = "us"; 8 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 9 + 10 + # Enable CUPS to print documents. 11 + # services.printing.enable = true; 12 + 13 + # Enable sound. 14 + security.rtkit.enable = true; 15 + services.pipewire = { 16 + enable = true; 17 + alsa.enable = true; 18 + alsa.support32Bit = true; 19 + pulse.enable = true; 20 + wireplumber.enable = true; 21 + }; 22 + 23 + # Graphics and parallel compute configuration 24 + hardware.opengl.extraPackages = [ 25 + pkgs.libva 26 + ]; 27 + 28 + # Enable touchpad support (enabled default in most desktopManager). 29 + # services.xserver.libinput.enable = true; 30 + 31 + # Fonts 32 + fonts.packages = with pkgs; [ 33 + fira-code 34 + fira-code-symbols 35 + noto-fonts 36 + noto-fonts-cjk 37 + noto-fonts-emoji 38 + noto-fonts-extra 39 + (nerdfonts.override { fonts = [ "FiraCode" ]; }) 40 + ]; 41 + 42 + # Polkit is a dependency of Sway. It's responsible for handling security policies 43 + security.polkit.enable = true; 44 + 45 + # Enable the sway window manager 46 + programs.sway = { 47 + enable = true; 48 + package = unstable.sway; 49 + wrapperFeatures.gtk = true; 50 + }; 51 + # Use greetd as the displaymanager 52 + #services.xserver.displayManager.greetd.enable = true; 53 + #services.xserver.displayManager.lightdm.enable = false; 54 + services.xserver.displayManager.sddm.enable = true; 55 + services.xserver.displayManager.defaultSession = "none+i3"; 56 + services.xserver.displayManager.autoLogin = { 57 + enable = true; 58 + user = "noah"; 59 + }; 60 + 61 + # i3, for when I need XOrg 62 + services.xserver.windowManager.i3 = { 63 + enable = true; 64 + extraPackages = with pkgs; [ 65 + dmenu 66 + i3status 67 + i3lock 68 + i3blocks 69 + ]; 70 + }; 71 + 72 + xdg.portal = { 73 + enable = true; 74 + wlr.enable = true; 75 + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; 76 + }; 77 + services.dbus.enable = true; 78 + services.gnome.gnome-keyring.enable = true; 79 + }
-57
hardware-configuration.nix
··· 1 - # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 - # and may be overwritten by future invocations. Please make changes 3 - # to /etc/nixos/configuration.nix instead. 4 - { config, lib, modulesPath, pkgs, ... }: 5 - 6 - { 7 - imports = 8 - [ 9 - (modulesPath + "/installer/scan/not-detected.nix") 10 - ]; 11 - 12 - boot.kernelPackages = pkgs.linuxPackages_latest; 13 - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; 14 - boot.initrd.kernelModules = [ "kvm-amd" "amdgpu" "nvme" "xhci_pci" "thunderbolt" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; 15 - boot.kernelModules = [ "kvm-amd" "amdgpu" "nvme" "xhci_pci" "thunderbolt" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; 16 - virtualisation.libvirtd = { 17 - enable = true; 18 - qemu = { 19 - runAsRoot = false; 20 - ovmf = { 21 - enable = true; 22 - }; 23 - }; 24 - }; 25 - #boot.extraModulePackages = with config.boot.kernelPackages; [ ]; 26 - boot.kernelParams = [ ]; 27 - 28 - hardware.enableRedistributableFirmware = true; 29 - 30 - fileSystems."/" = 31 - { 32 - device = "/dev/disk/by-uuid/07019c69-2597-410d-a8a0-a8ffb0f58883"; 33 - fsType = "ext4"; 34 - }; 35 - 36 - fileSystems."/boot" = 37 - { 38 - device = "/dev/disk/by-uuid/4B85-C90A"; 39 - fsType = "vfat"; 40 - }; 41 - 42 - swapDevices = [{ 43 - device = "/swapfile"; 44 - size = 32 * 1024; 45 - }]; 46 - 47 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 48 - # (the default) this is the recommended approach. When using systemd-networkd it's 49 - # still possible to use this option, but it's recommended to use it in conjunction 50 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 51 - networking.useDHCP = lib.mkDefault true; 52 - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; 53 - # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; 54 - 55 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 56 - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 57 - }
-258
home.nix
··· 1 - { pkgs, unstable, ... }: 2 - { 3 - # Home Manager needs a bit of information about you and the paths it should 4 - # manage. 5 - home.username = "noah"; 6 - home.homeDirectory = "/Users/noah"; 7 - nix = { 8 - package = pkgs.nix; 9 - }; 10 - nixpkgs.overlays = [ 11 - ]; 12 - home.packages = with pkgs; [ 13 - # main tool 14 - direnv 15 - #fish 16 - tree 17 - btop 18 - # Apple Silicon top monitoring 19 - asitop 20 - htop 21 - mtr 22 - moreutils 23 - rsync 24 - tmux 25 - sshfs 26 - 27 - rsync 28 - unzip 29 - fd 30 - jq 31 - ripgrep 32 - bat 33 - netcat 34 - stunnel 35 - iperf3 36 - entr 37 - ncdu 38 - # broken? 39 - #unstable.bitwarden-cli 40 - lf 41 - # Previewer for LF 42 - pistol 43 - sqlite 44 - age 45 - just 46 - unstable.catgirl 47 - devenv 48 - plan9port 49 - unstable.glow 50 - unstable.vis 51 - # Tcl/Tk 52 - unstable.tcl 53 - unstable.tk 54 - unstable.tclPackages.tclx 55 - unstable.uiua 56 - 57 - 58 - # Dev tools 59 - git 60 - #unstable.rustup 61 - #unstable.rustc 62 - # BROKEN 63 - #unstable.rust-analyzer 64 - #unstable.cargo 65 - #unstable.rustPlatform.rustcSrc 66 - unstable.gcc 67 - unstable.swift 68 - unstable.swift-format 69 - unstable.sourcekit-lsp 70 - #unstable.clang 71 - unstable.go 72 - unstable.gopls 73 - gnumake 74 - unstable.babashka 75 - ccls 76 - unstable.clojure 77 - unstable.cljfmt 78 - unstable.clojure-lsp 79 - unstable.janet 80 - unstable.jpm 81 - unstable.fennel-ls 82 - graalvm-ce 83 - cmake 84 - ctags 85 - kotlin 86 - opam 87 - gnupatch 88 - coreutils 89 - 90 - # Scala stuff 91 - scala_3 92 - scalafmt 93 - metals 94 - # Scala / Java build tool 95 - sbt 96 - # Haskell 97 - cabal-install 98 - ghc 99 - 100 - # Lua 101 - luarocks 102 - luajit 103 - lua-language-server 104 - luaformatter 105 - libressl 106 - # Erlang 107 - erlang 108 - elixir 109 - nil # nix language server 110 - # This is currently broken 111 - #vscode-langservers-extracted 112 - scdoc 113 - mkcert 114 - natscli 115 - python312Full 116 - python312Packages.psycopg 117 - unstable.uv 118 - ruby 119 - ruby-lsp 120 - sqlite 121 - unstable.gleam 122 - unstable.rebar3 123 - unstable.flyctl 124 - unstable.bun 125 - unstable.gh 126 - unstable.kraft 127 - unstable.doctl 128 - 129 - # GUI tools 130 - zathura 131 - 132 - # Python dev tools 133 - #pyright 134 - python311Packages.python-lsp-server 135 - python311Packages.python-lsp-ruff 136 - 137 - # Certificate Management 138 - minica 139 - mkcert 140 - step-cli 141 - 142 - # Fish Plugins 143 - #fishPlugins.fzf 144 - #fishPlugins.pure 145 - 146 - # Libraries because MacOS is kinda stupid 147 - ncurses 148 - # Unfree 149 - #unstable.discord 150 - #unstable.spotify 151 - # Work related stuff 152 - solana-cli 153 - ]; 154 - 155 - nix = { 156 - settings.experimental-features = [ "nix-command" "flakes" ]; 157 - }; 158 - 159 - #programs.fish = { 160 - # enable = true; 161 - # package = unstable.fish; 162 - #}; 163 - programs.fzf = { 164 - enable = true; 165 - enableFishIntegration = true; 166 - }; 167 - programs.home-manager.enable = true; 168 - programs.neovim = { 169 - #package = neovim-unwrapped; 170 - enable = true; 171 - defaultEditor = true; 172 - withNodeJs = false; 173 - withPython3 = true; 174 - extraPackages = with pkgs; [ fzf ripgrep luarocks tree-sitter ]; 175 - }; 176 - programs.git = { 177 - enable = true; 178 - lfs.enable = true; 179 - userName = "Noah Pederson"; 180 - userEmail = "noah@packetlost.dev"; 181 - extraConfig = { 182 - sendemail = { 183 - smtpserver = "smtp.migadu.com"; 184 - smtpuser = "noah@packetlost.dev"; 185 - smtpencryption = "ssl"; 186 - smtpserverport = 465; 187 - }; 188 - init = { 189 - defaultBranch = "master"; 190 - }; 191 - pull = { 192 - rebase = true; 193 - }; 194 - push = { 195 - autoSetupRemote = true; 196 - }; 197 - credential = { 198 - helper = "cache"; 199 - }; 200 - }; 201 - ignores = [ 202 - ".direnv/" 203 - ".envrc" 204 - "flake.nix" 205 - "shell.nix" 206 - ".env/" 207 - ".clj-kondo/" 208 - ]; 209 - }; 210 - programs.aerc = { 211 - enable = true; 212 - }; 213 - programs.ssh = { 214 - enable = true; 215 - extraConfig = builtins.readFile ./ssh/extra; 216 - addKeysToAgent = "yes"; 217 - }; 218 - 219 - programs.direnv = { 220 - enable = true; 221 - nix-direnv.enable = true; 222 - }; 223 - 224 - # Independent config files. 225 - xdg.configFile.nvim = { 226 - source = ./nvim; 227 - recursive = true; 228 - }; 229 - 230 - xdg.configFile.vis = { 231 - source = ./vis; 232 - recursive = true; 233 - }; 234 - 235 - xdg.configFile.fish = { 236 - source = ./fish; 237 - recursive = true; 238 - }; 239 - xdg.configFile."fish/completions/nix.fish".source = "${pkgs.nix}/share/fish/vendor_completions.d/nix.fish"; 240 - 241 - xdg.configFile.aerc = { 242 - source = ./aerc; 243 - recursive = true; 244 - }; 245 - 246 - xdg.configFile.ghostty = { 247 - source = ./ghostty; 248 - recursive = true; 249 - }; 250 - 251 - home.file.".local/bin" = { 252 - source = ./scripts; 253 - recursive = true; 254 - }; 255 - 256 - home.stateVersion = "24.11"; 257 - 258 - }
+397
host-specific/aleister-noah.nix
··· 1 + { 2 + pkgs, 3 + unstable, 4 + lib, 5 + inputs, 6 + ... 7 + }: 8 + { 9 + # Home Manager needs a bit of information about you and the paths it should 10 + # manage. 11 + home.username = "noah"; 12 + home.homeDirectory = "/Users/noah"; 13 + imports = [ 14 + inputs.agenix.homeManagerModules.default 15 + ]; 16 + nix = { 17 + package = pkgs.nix; 18 + settings = { 19 + experimental-features = [ 20 + "nix-command" 21 + "flakes" 22 + ]; 23 + }; 24 + }; 25 + 26 + # I generally don't care about unfree stuff 27 + nixpkgs.config.allowUnfree = true; 28 + nixpkgs.config.allowUnfreePredicte = _: true; 29 + 30 + home.packages = with pkgs; [ 31 + # main tool 32 + direnv 33 + #fish 34 + tree 35 + btop 36 + # Apple Silicon top monitoring 37 + macpm 38 + htop 39 + mtr 40 + moreutils 41 + rsync 42 + bash 43 + tmux 44 + coreutils 45 + util-linux 46 + p7zip 47 + unar 48 + watch 49 + 50 + unzip 51 + fd 52 + jq 53 + ripgrep 54 + bat 55 + netcat 56 + stunnel 57 + iperf3 58 + entr 59 + ncdu 60 + # broken? 61 + #unstable.bitwarden-cli 62 + sqlite 63 + age 64 + just 65 + mdr 66 + unstable.catgirl 67 + plan9port 68 + unstable.rc 69 + unstable.glow 70 + unstable.vis 71 + # Tcl/Tk 72 + #unstable.tcl 73 + #unstable.tk 74 + #unstable.tclPackages.tclx 75 + nodejs 76 + 77 + # Dev tools 78 + git 79 + git-filter-repo 80 + unstable.ruff 81 + # Rust REPL 82 + evcxr 83 + #unstable.gcc 84 + #unstable.clang 85 + # Swift stuff 86 + #swift 87 + #swift-format 88 + # Swift LSP 89 + #sourcekit-lsp 90 + unstable.go 91 + unstable.gopls 92 + gnumake 93 + #unstable.babashka 94 + #unstable.ccls 95 + unstable.clojure 96 + unstable.cljfmt 97 + unstable.clojure-lsp 98 + unstable.janet 99 + unstable.jpm 100 + unstable.fennel-ls 101 + unstable.graalvmPackages.graalvm-ce 102 + unstable.crystal 103 + unstable.crystalline 104 + cmake 105 + ctags 106 + #kotlin 107 + #nodejs 108 + #yarn 109 + #node2nix 110 + #opam 111 + # Scala stuff 112 + #unstable.scala_3 113 + #unstable.scalafmt 114 + #unstable.metals 115 + # Scala / Java build tool 116 + #unstable.sbt 117 + # Haskell 118 + #cabal-install 119 + #ghc 120 + 121 + # Lua 122 + luarocks 123 + luajit 124 + unstable.lua-language-server 125 + luaformatter 126 + libressl 127 + # Erlang 128 + #erlang 129 + #elixir 130 + unstable.nil # nix language server 131 + unstable.nixd 132 + #typescript 133 + # This is currently broken 134 + #vscode-langservers-extracted 135 + scdoc 136 + #dockerfile-language-server-nodejs 137 + # BROKEN 138 + #yaml-language-server 139 + mkcert 140 + natscli 141 + python314 142 + unstable.uv 143 + sqlite 144 + #unstable.gleam 145 + #unstable.rebar3 146 + #unstable.flyctl 147 + unstable.bun 148 + unstable.gh 149 + unstable.kraft 150 + unstable.doctl 151 + 152 + # GUI tools 153 + zathura 154 + unstable.opencode 155 + 156 + # Python dev tools 157 + #unstable.pyright 158 + unstable.basedpyright 159 + unstable.python313Packages.python-lsp-server 160 + unstable.python313Packages.python-lsp-ruff 161 + 162 + # JavaScript tools 163 + #typescript-language-server 164 + 165 + # Certificate Management 166 + minica 167 + mkcert 168 + step-cli 169 + unstable.claude-code 170 + 171 + # Fish Plugins 172 + #fishPlugins.fzf 173 + #fishPlugins.pure 174 + 175 + # Libraries because MacOS is kinda stupid 176 + ncurses 177 + ]; 178 + 179 + #programs.fish = { 180 + # enable = true; 181 + # package = unstable.fish; 182 + #}; 183 + programs.fzf = { 184 + enable = true; 185 + enableFishIntegration = true; 186 + }; 187 + programs.pistol.enable = true; 188 + programs.home-manager.enable = true; 189 + programs.neovim = { 190 + package = unstable.neovim-unwrapped; 191 + enable = true; 192 + defaultEditor = true; 193 + withNodeJs = false; 194 + withPython3 = true; 195 + extraPackages = with pkgs; [ 196 + fzf 197 + ripgrep 198 + luarocks 199 + tree-sitter 200 + ]; 201 + }; 202 + programs.git = { 203 + enable = true; 204 + lfs.enable = true; 205 + userName = "Noah Pederson"; 206 + userEmail = "noah@packetlost.dev"; 207 + extraConfig = { 208 + sendemail = { 209 + smtpserver = "smtp.migadu.com"; 210 + smtpuser = "noah@packetlost.dev"; 211 + smtpauth = "plain"; 212 + smtpencryption = "tls"; 213 + smtpserverport = 465; 214 + }; 215 + init = { 216 + defaultBranch = "master"; 217 + }; 218 + pull = { 219 + rebase = true; 220 + }; 221 + push = { 222 + default = "simple"; 223 + autoSetupRemote = true; 224 + followTags = true; 225 + }; 226 + credential = { 227 + helper = "cache"; 228 + }; 229 + alias = { 230 + out = "log @{u}.."; 231 + }; 232 + column = { 233 + ui = "auto"; 234 + }; 235 + branch = { 236 + sort = "-committerdate"; 237 + }; 238 + tag = { 239 + sort = "version:refname"; 240 + }; 241 + diff = { 242 + algorithm = "histogram"; 243 + colorMoved = "plain"; 244 + mnemonicPrefix = true; 245 + renames = true; 246 + }; 247 + fetch = { 248 + prune = true; 249 + pruneTags = true; 250 + all = true; 251 + }; 252 + help = { 253 + autocorrect = "prompt"; 254 + }; 255 + commit = { 256 + verbose = true; 257 + }; 258 + rerere = { 259 + enabled = true; 260 + autoupdate = true; 261 + }; 262 + rebase = { 263 + autoSquash = true; 264 + autoStash = true; 265 + updateRefs = true; 266 + }; 267 + merge = { 268 + conflictStyle = "zdiff3"; 269 + }; 270 + }; 271 + ignores = [ 272 + ".direnv/" 273 + ".envrc" 274 + ".env/" 275 + ".clj-kondo/" 276 + ]; 277 + }; 278 + programs.aerc = { 279 + enable = true; 280 + }; 281 + programs.ssh = { 282 + enable = true; 283 + extraConfig = builtins.readFile ../ssh/extra; 284 + addKeysToAgent = "yes"; 285 + forwardAgent = true; 286 + }; 287 + 288 + programs.yazi = 289 + let 290 + localPkgs = pkgs; 291 + yaziPlugins = localPkgs.yaziPlugins; 292 + plugins = lib.attrsets.getAttrs [ 293 + "rsync" 294 + "piper" 295 + "nord" 296 + "mediainfo" 297 + "glow" 298 + "git" 299 + "diff" 300 + "duckdb" 301 + ] yaziPlugins; 302 + in 303 + { 304 + inherit plugins; 305 + enable = true; 306 + package = localPkgs.yazi; 307 + enableFishIntegration = true; 308 + settings = { 309 + preview = { 310 + image_quality = 90; 311 + }; 312 + tasks = { 313 + image_bound = [ 314 + 0 315 + 0 316 + ]; 317 + }; 318 + }; 319 + }; 320 + 321 + programs.direnv = { 322 + enable = true; 323 + nix-direnv.enable = true; 324 + }; 325 + 326 + programs.nix-index = { 327 + enable = true; 328 + enableFishIntegration = true; 329 + }; 330 + programs.helix = { 331 + enable = true; 332 + settings = { 333 + theme = "everforest_dark"; 334 + editor.cursor-shape = { 335 + normal = "block"; 336 + insert = "bar"; 337 + select = "underline"; 338 + }; 339 + }; 340 + languages.language = [ 341 + { 342 + name = "nix"; 343 + auto-format = true; 344 + formatter.command = "${pkgs.nixfmt}/bin/nixfmt"; 345 + } 346 + { 347 + name = "rust"; 348 + auto-format = true; 349 + formatter.command = "${pkgs.rustfmt}/bin/rustfmt"; 350 + } 351 + ]; 352 + }; 353 + 354 + # Independent config files. 355 + xdg.configFile.nvim = { 356 + source = ../nvim; 357 + recursive = true; 358 + }; 359 + 360 + xdg.configFile.vis = { 361 + source = ../vis; 362 + recursive = true; 363 + }; 364 + 365 + xdg.configFile.fish = { 366 + source = ../fish; 367 + recursive = true; 368 + }; 369 + xdg.configFile."fish/completions/nix.fish".source = 370 + "${pkgs.nix}/share/fish/vendor_completions.d/nix.fish"; 371 + 372 + xdg.configFile.aerc = { 373 + source = ../aerc; 374 + recursive = true; 375 + }; 376 + 377 + xdg.configFile.ghostty = { 378 + source = ../ghostty; 379 + recursive = true; 380 + }; 381 + 382 + home.file.".local/bin" = { 383 + source = ../scripts; 384 + recursive = true; 385 + }; 386 + home.file.".luacheckrc" = { 387 + text = '' 388 + globals = { 389 + "vim", 390 + "vis", 391 + } 392 + ''; 393 + }; 394 + 395 + home.stateVersion = "24.11"; 396 + 397 + }
+207
host-specific/edge/configuration.nix
··· 1 + # Edit this configuration file to define what should be installed on 2 + # your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + { 6 + config, 7 + lib, 8 + pkgs, 9 + inputs, 10 + ... 11 + }: 12 + let 13 + system = pkgs.stdenv.targetPlatform.system; 14 + agave = (builtins.getFlake "/home/noah/repos/agave"); 15 + in 16 + { 17 + imports = [ 18 + # Include the results of the hardware scan. 19 + ./hardware-configuration.nix 20 + agave.nixosModules.default 21 + ]; 22 + 23 + nix.settings.experimental-features = [ 24 + "nix-command" 25 + "flakes" 26 + ]; 27 + 28 + # Use the systemd-boot EFI boot loader. 29 + boot.loader.systemd-boot.enable = true; 30 + #boot.loader.grub.device = "nodev"; 31 + #boot.loader.grub.efiSupport = true; 32 + #boot.loader.grub.useOSProber = true; 33 + boot.loader.efi.canTouchEfiVariables = true; 34 + 35 + # Use latest kernel. 36 + boot.kernelPackages = pkgs.linuxPackages_latest; 37 + 38 + networking.hostName = "edge"; # Define your hostname. 39 + 40 + # Configure network connections interactively with nmcli or nmtui. 41 + networking.networkmanager.enable = true; 42 + 43 + # Set your time zone. 44 + # time.timeZone = "Europe/Amsterdam"; 45 + 46 + # Configure network proxy if necessary 47 + # networking.proxy.default = "http://user:password@proxy:port/"; 48 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 49 + 50 + # Select internationalisation properties. 51 + i18n.defaultLocale = "en_US.UTF-8"; 52 + console = { 53 + font = "Lat2-Terminus16"; 54 + keyMap = "us"; 55 + #useXkbConfig = true; # use xkb.options in tty. 56 + }; 57 + 58 + # Enable the X11 windowing system. 59 + # services.xserver.enable = true; 60 + 61 + # Configure keymap in X11 62 + # services.xserver.xkb.layout = "us"; 63 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 64 + 65 + # Enable CUPS to print documents. 66 + # services.printing.enable = true; 67 + 68 + # Enable sound. 69 + # services.pulseaudio.enable = true; 70 + # OR 71 + # services.pipewire = { 72 + # enable = true; 73 + # pulse.enable = true; 74 + # }; 75 + 76 + # Enable touchpad support (enabled default in most desktopManager). 77 + # services.libinput.enable = true; 78 + 79 + # Define a user account. Don't forget to set a password with ‘passwd’. 80 + # users.users.alice = { 81 + # isNormalUser = true; 82 + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. 83 + # packages = with pkgs; [ 84 + # tree 85 + # ]; 86 + # }; 87 + 88 + # programs.firefox.enable = true; 89 + 90 + # List packages installed in system profile. 91 + # You can use https://search.nixos.org/ to find more packages (and options). 92 + environment.systemPackages = with pkgs; [ 93 + neovim 94 + wget 95 + git 96 + htop 97 + inputs.agenix.packages."${system}".agenix 98 + agave.packages.${system}.solana 99 + agave.packages.${system}.solana-keygen 100 + ]; 101 + 102 + services.tailscale.useRoutingFeatures = "both"; 103 + 104 + # Some programs need SUID wrappers, can be configured further or are 105 + # started in user sessions. 106 + # programs.mtr.enable = true; 107 + # programs.gnupg.agent = { 108 + # enable = true; 109 + # enableSSHSupport = true; 110 + # }; 111 + 112 + # List services that you want to enable: 113 + 114 + # Enable the OpenSSH daemon. 115 + services.openssh.enable = true; 116 + services.openssh.openFirewall = true; 117 + 118 + # Open ports in the firewall. 119 + # networking.firewall.allowedTCPPorts = [ ... ]; 120 + # networking.firewall.allowedUDPPorts = [ ... ]; 121 + # Or disable the firewall altogether. 122 + networking.firewall.enable = true; 123 + networking.firewall = { 124 + allowPing = true; 125 + allowedUDPPorts = [ ]; 126 + allowedUDPPortRanges = [ 127 + # Agave 128 + { 129 + from = 8000; 130 + to = 8020; 131 + } 132 + ]; 133 + allowedTCPPorts = [ 134 + 2375 135 + 3000 136 + # Agave 137 + 8001 138 + 8899 139 + 8900 140 + 10000 141 + ]; 142 + }; 143 + security.pam.loginLimits = [ 144 + { 145 + domain = "*"; 146 + type = "soft"; 147 + item = "nofile"; 148 + value = "100000"; 149 + } 150 + { 151 + domain = "*"; 152 + type = "hard"; 153 + item = "nofile"; 154 + value = "1000000"; 155 + } 156 + ]; 157 + 158 + age.secrets.validator-identity = { 159 + file = ../../secrets/validator-identity.age; 160 + owner = "sol"; 161 + group = "sol"; 162 + }; 163 + services.ambient-validator = { 164 + enable = true; 165 + package = agave.packages.${system}.ambient-validator; 166 + # this needs to be a secret 167 + identityKeypair = config.age.secrets.validator-identity.path; 168 + rpcBindAddress = "0.0.0.0"; 169 + geyserPluginConfig = { 170 + libpath = "${agave.packages.${system}.yellowstone-geyser}/lib/libyellowstone_grpc_geyser.so"; 171 + log = { 172 + level = "info"; 173 + }; 174 + tokio = { 175 + worker_threads = 4; 176 + affinity = null; 177 + }; 178 + grpc = { 179 + address = "0.0.0.0:10000"; 180 + }; 181 + }; 182 + }; 183 + # Copy the NixOS configuration file and link it from the resulting system 184 + # (/run/current-system/configuration.nix). This is useful in case you 185 + # accidentally delete configuration.nix. 186 + # system.copySystemConfiguration = true; 187 + 188 + # This option defines the first version of NixOS you have installed on this particular machine, 189 + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 190 + # 191 + # Most users should NEVER change this value after the initial install, for any reason, 192 + # even if you've upgraded your system to a new NixOS release. 193 + # 194 + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 195 + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how 196 + # to actually do that. 197 + # 198 + # This value being lower than the current NixOS release does NOT mean your system is 199 + # out of date, out of support, or vulnerable. 200 + # 201 + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 202 + # and migrated your data accordingly. 203 + # 204 + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 205 + system.stateVersion = "25.11"; # Did you read the comment? 206 + 207 + }
+46
host-specific/edge/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { config, lib, pkgs, modulesPath, ... }: 5 + 6 + { 7 + imports = 8 + [ (modulesPath + "/installer/scan/not-detected.nix") 9 + ]; 10 + 11 + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" ]; 12 + boot.initrd.kernelModules = [ ]; 13 + boot.kernelModules = [ "kvm-amd" ]; 14 + boot.extraModulePackages = [ ]; 15 + 16 + fileSystems."/" = 17 + { device = "/dev/disk/by-uuid/8101a0a8-a8c6-4083-85b6-c136d3c80f2e"; 18 + fsType = "ext4"; 19 + }; 20 + 21 + fileSystems."/boot" = 22 + { device = "/dev/disk/by-uuid/E7AD-32DA"; 23 + fsType = "vfat"; 24 + options = [ "fmask=0077" "dmask=0077" ]; 25 + }; 26 + 27 + swapDevices = [ ]; 28 + 29 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 30 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 31 + boot.swraid = { 32 + enable = true; 33 + #mdadmConf = '' 34 + # ARRAY /dev/md126 metadata=1.2 UUID=27cd6eab:f0304d07:b859f0f2:1a8f29b7 35 + # MAILADDR noah 36 + #''; 37 + }; 38 + 39 + # stuff for Agave 40 + boot.kernel.sysctl."net.core.rmem_default" = 134217728; 41 + boot.kernel.sysctl."net.core.rmem_max" = 134217728; 42 + boot.kernel.sysctl."net.core.wmem_default" = 134217728; 43 + boot.kernel.sysctl."net.core.wmem_max" = 134217728; 44 + boot.kernel.sysctl."vm.max_map_count" = 1000000; 45 + boot.kernel.sysctl."fs.nr_open" = 1000000; 46 + }
+13
host-specific/misaki/boot.nix
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + 7 + boot.supportedFilesystems = [ "zfs" ]; 8 + boot.zfs.forceImportRoot = false; 9 + boot.zfs.extraPools = [ 10 + "shokuhou" 11 + "mentalout" 12 + ]; 13 + }
+13
host-specific/misaki/configuration.nix
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + ./boot.nix 5 + ./users.nix 6 + ./hardware-configuration.nix 7 + ./networking.nix 8 + ./packages.nix 9 + ./services.nix 10 + ]; 11 + nixpkgs.config.allowUnfree = true; 12 + system.stateVersion = "23.11"; # Did you read the comment? 13 + }
+1
host-specific/misaki/coredns/localhost.hosts
··· 1 + 127.0.0.1 *.localhost
+11
host-specific/misaki/coredns/ngp.computer.hosts
··· 1 + 192.168.1.3 img.ngp.computer 2 + 192.168.1.3 photos.ngp.computer 3 + 192.168.1.3 misaki.ngp.computer 4 + 192.168.1.3 files.ngp.computer 5 + 192.168.1.3 cache.ngp.computer 6 + 7 + fe80::9ab7:85ff:fe1e:dfe8 img.ngp.computer 8 + fe80::9ab7:85ff:fe1e:dfe8 photos.ngp.computer 9 + fe80::9ab7:85ff:fe1e:dfe8 misaki.ngp.computer 10 + fe80::9ab7:85ff:fe1e:dfe8 files.ngp.computer 11 + fe80::9ab7:85ff:fe1e:dfe8 cache.ngp.computer
+17
host-specific/misaki/coredns/packetlost.dev.hosts
··· 1 + # Services 2 + 192.168.1.3 git.packetlost.dev 3 + 192.168.1.3 plex.packetlost.dev 4 + 192.168.1.3 jellyfin.packetlost.dev 5 + 192.168.1.3 nats.packetlost.dev 6 + 7 + # LAN Hosts 8 + 192.168.1.3 misaki.packetlost.dev misaki 9 + 192.168.1.3 cache.packetlost.dev cache 10 + 192.168.1.5 komoe.packetlost.dev komoe 11 + 192.168.1.6 rainbow.packetlost.dev rainbow 12 + 192.168.1.10 ichika.packetlost.dev ichika 13 + 192.168.1.11 futaba.packetlost.dev futaba 14 + 192.168.1.12 mitsumi.packetlost.dev mitsumi 15 + 192.168.1.13 orangepi5.packetlost.dev orangepi5 16 + 192.168.1.30 touma.packetlost.dev touma 17 + 192.168.1.33 kamijou.packetlost.dev kamijou
+91
host-specific/misaki/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "ahci" 22 + "usbhid" 23 + "usb_storage" 24 + "sd_mod" 25 + "dm-raid" 26 + "raid1" 27 + ]; 28 + boot.initrd.kernelModules = [ 29 + "dm-snapshot" 30 + "dm-raid" 31 + "raid1" 32 + ]; 33 + boot.kernelModules = [ 34 + "kvm-amd" 35 + "zfs" 36 + ]; 37 + boot.kernelParams = [ "i915.enable_guc=3" ]; 38 + boot.extraModulePackages = [ ]; 39 + 40 + fileSystems."/" = { 41 + device = "/dev/disk/by-uuid/1988fa0d-ff4a-44aa-a93e-7f0bf3cea5cf"; 42 + fsType = "ext4"; 43 + }; 44 + 45 + fileSystems."/boot" = { 46 + device = "/dev/disk/by-uuid/81D4-01CD"; 47 + fsType = "vfat"; 48 + }; 49 + 50 + swapDevices = [ ]; 51 + 52 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 53 + # (the default) this is the recommended approach. When using systemd-networkd it's 54 + # still possible to use this option, but it's recommended to use it in conjunction 55 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 56 + networking.useDHCP = lib.mkDefault true; 57 + # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true; 58 + # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; 59 + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; 60 + 61 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 62 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 63 + 64 + #nixpkgs.config.packageOverrides = pkgs: { 65 + # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; 66 + #}; 67 + hardware.graphics = { 68 + enable = true; 69 + extraPackages = with pkgs; [ 70 + intel-media-driver 71 + #vaapiVdpau 72 + #libvdpau-va-gl # unmaintained, very old 73 + intel-compute-runtime 74 + vpl-gpu-rt 75 + ]; 76 + #extraPackages32 = with pkgs; [ 77 + # intel-media-driver 78 + # vaapiVdpau 79 + # #libvdpau-va-gl 80 + # intel-compute-runtime 81 + # vpl-gpu-rt 82 + #]; 83 + }; 84 + environment.variables = { 85 + VDPAU_DRIVER = "va_gl"; 86 + LIBVA_DRIVER_NAME = "iHD"; 87 + LIBVA_DRIVERS_PATH = "/run/opengl-driver/lib/dri"; 88 + GST_VAAPI_ALL_DRIVERS = "1"; 89 + }; 90 + #services.xserver.videoDrivers = [ "intel" ]; 91 + }
+115
host-specific/misaki/networking.nix
··· 1 + { config, ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "misaki"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.interfaces = { 19 + enp4s0f1 = { 20 + ipv4.addresses = [ 21 + { 22 + address = "192.168.1.3"; 23 + prefixLength = 24; 24 + } 25 + ]; 26 + }; 27 + }; 28 + networking.defaultGateway = { 29 + address = "192.168.1.1"; 30 + interface = "enp4s0f1"; 31 + }; 32 + 33 + networking.defaultGateway6 = { 34 + address = "fe80::2870:4eff:fe84:d884"; 35 + interface = "enp4s0f1"; 36 + }; 37 + 38 + networking.nameservers = [ 39 + "192.168.1.3" 40 + "45.90.28.93" 41 + "45.90.30.93" 42 + ]; 43 + 44 + # This is necessary for ZFS 45 + networking.hostId = "5beebabe"; 46 + 47 + networking.useNetworkd = true; 48 + # TODO: static IP @ 192.168.1.2 49 + 50 + # Configure network proxy if necessary 51 + # networking.proxy.default = "http://user:password@proxy:port/"; 52 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 53 + # Open ports in the firewall. 54 + # networking.firewall.allowedTCPPorts = [ ... ]; 55 + # networking.firewall.allowedUDPPorts = [ ... ]; 56 + # Or disable the firewall altogether. 57 + # TODO: allow some ports 58 + networking.firewall = { 59 + enable = true; 60 + allowPing = true; 61 + trustedInterfaces = [ 62 + "tailscale0" 63 + ]; 64 + allowedUDPPorts = [ 65 + # DNS 66 + 53 67 + config.services.tailscale.port 68 + ]; 69 + allowedTCPPorts = [ 70 + # DNS over TCP 71 + 53 72 + # NFSv4 73 + 2049 74 + # HTTP(s) 75 + 443 76 + 80 77 + # iperf3 78 + 5201 79 + 5301 80 + 5401 81 + # NATS 82 + 4222 83 + # Prometheus 84 + 9001 85 + # Minio 86 + 9003 87 + # Minio web 88 + 9004 89 + # AFP via Netatalk 90 + 548 91 + #9p 92 + 564 93 + # Misc development 94 + 3000 95 + ]; 96 + }; 97 + 98 + services.tailscale.useRoutingFeatures = "both"; 99 + 100 + services.avahi = { 101 + enable = true; 102 + nssmdns4 = true; 103 + nssmdns6 = true; 104 + ipv6 = true; 105 + openFirewall = true; 106 + publish = { 107 + enable = true; 108 + addresses = true; 109 + workstation = true; 110 + userServices = true; 111 + domain = true; 112 + }; 113 + }; 114 + 115 + }
+67
host-specific/misaki/packages.nix
··· 1 + { 2 + pkgs, 3 + lib, 4 + inputs, 5 + ... 6 + }: 7 + { 8 + 9 + # List packages installed in system profile. To search, run: 10 + # $ nix search wget 11 + environment.systemPackages = with pkgs; [ 12 + neovim 13 + appimage-run 14 + wget 15 + kitty 16 + w3m 17 + fishPlugins.fzf-fish 18 + fzf 19 + qemu 20 + OVMF 21 + metastore 22 + # 9p 23 + diod 24 + plan9port 25 + vis 26 + rc 27 + ncdu 28 + inputs.agenix.packages."${system}".agenix 29 + 30 + # ZFS / filesystem stuff 31 + zfs 32 + 33 + # GPU stuff 34 + intel-gpu-tools 35 + #(ffmpeg-full.override { 36 + # withUnfree = true; 37 + # withMfx = false; 38 + # withSmallBuild = false; 39 + # withTensorflow = false; 40 + #}) 41 + libva 42 + libva-utils 43 + nvtopPackages.intel 44 + ]; 45 + 46 + # Fix dynamically linked libraries for unpackaged binaries 47 + programs.nix-ld = { 48 + enable = true; 49 + libraries = with pkgs; [ 50 + # Add missing dynamic libraries for unpackaged programs HERE 51 + # NOT in environment.systemPackages 52 + zlib 53 + ]; 54 + }; 55 + 56 + programs.fuse.userAllowOther = true; 57 + 58 + # Whitelist some unfree packages 59 + #nixpkgs.config.allowUnfreePredicate = 60 + # pkg: 61 + # builtins.elem (lib.getName pkg) [ 62 + # "tailscale" 63 + # "plexmediaserver" 64 + # "teamspeak-server" 65 + # "ffmpeg-full" 66 + # ]; 67 + }
+3
host-specific/misaki/scripts/fix-jpeg-raw-duplicates-immich.rcsh
··· 1 + #!/usr/bin/env rc 2 + 3 + nix run 'github:nixos/nixpkgs?ref=nixos-unstable-small#immich-go' -- stack -k `{pa show immich-api} -s 'https://photos.ngp.computer' --manage-raw-jpeg StackCoverJPG
+13
host-specific/misaki/scripts/nr
··· 1 + #!/usr/bin/env rc 2 + 3 + flag x + 4 + 5 + if(~ $1 -x) { 6 + flake e + 7 + shift 8 + } 9 + 10 + pkg=$1 11 + shift 12 + 13 + exec nix run --impure 'nixpkgs#'^$pkg -- $*
+8
host-specific/misaki/scripts/oclip
··· 1 + #!/usr/bin/env rc 2 + flag e + 3 + 4 + if (~ $1 -x) { 5 + flag x + 6 + } 7 + data=`{base64 <[0=0]} 8 + printf '\033]52;c;%s\007' $"data
+14
host-specific/misaki/scripts/update-src
··· 1 + #!/usr/bin/env rc 2 + 3 + background=() 4 + for(repo in `{cat downstream}) { 5 + echo Updating $repo 6 + git -C $repo fetch --all --tags --prune --force & 7 + background=($apid $background) 8 + } 9 + 10 + for (i in $background) { 11 + wait $i 12 + } 13 + 14 + echo Done!
+578
host-specific/misaki/services.nix
··· 1 + { 2 + config, 3 + pkgs, 4 + unstable, 5 + ... 6 + }: 7 + { 8 + 9 + services.zfs = { 10 + autoScrub.enable = true; 11 + }; 12 + services.nfs.server.enable = true; 13 + # Some programs need SUID wrappers, can be configured further or are 14 + # started in user sessions. 15 + # programs.mtr.enable = true; 16 + programs.gnupg.agent = { 17 + enable = true; 18 + enableSSHSupport = false; 19 + }; 20 + 21 + # Fish shell, the best 22 + programs.fish.enable = true; 23 + 24 + # MOSH, SSH over flakey connections 25 + programs.mosh.enable = true; 26 + 27 + # List services that you want to enable: 28 + 29 + # Enable the OpenSSH daemon. 30 + services.openssh = { 31 + enable = true; 32 + openFirewall = true; 33 + settings.PasswordAuthentication = false; 34 + }; 35 + 36 + # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 37 + services.hardware.bolt.enable = true; 38 + 39 + services.ergochat.enable = true; 40 + 41 + # Containers and VMs 42 + virtualisation = { 43 + podman = { 44 + enable = true; 45 + dockerCompat = true; 46 + defaultNetwork.settings.dns_enabled = true; 47 + }; 48 + }; 49 + 50 + # Samba, for shares 51 + # TODO 52 + services.samba = { 53 + enable = true; 54 + openFirewall = true; 55 + nmbd.enable = true; 56 + winbindd.enable = true; 57 + settings = { 58 + global = { 59 + workgroup = "WORKGROUP"; 60 + "server string" = "misaki"; 61 + security = "user"; 62 + "use sendfile" = "yes"; 63 + "hosts allow" = "192.168.1. 127.0.0.1 localhost"; 64 + "hosts deny" = "0.0.0.0/0"; 65 + "guest account" = "nobody"; 66 + "map to guest" = "bad user"; 67 + deadtime = 30; 68 + }; 69 + shokuhou = { 70 + path = "/srv/shokuhou"; 71 + browseable = "yes"; 72 + "read only" = "no"; 73 + "guest ok" = "no"; 74 + "create mask" = "0644"; 75 + "directory mask" = "0755"; 76 + "force user" = "noah"; 77 + "force group" = "nas"; 78 + }; 79 + mentalout = { 80 + path = "/srv/mentalout"; 81 + browseable = "yes"; 82 + "read only" = "no"; 83 + "guest ok" = "no"; 84 + "create mask" = "0644"; 85 + "directory mask" = "0755"; 86 + "force user" = "noah"; 87 + "force group" = "nas"; 88 + }; 89 + }; 90 + }; 91 + services.samba-wsdd = { 92 + enable = true; 93 + openFirewall = true; 94 + }; 95 + 96 + services.coredns = { 97 + enable = true; 98 + config = '' 99 + packetlost.dev { 100 + hosts ${./coredns/packetlost.dev.hosts} packetlost.dev { 101 + fallthrough 102 + } 103 + bind enp4s0f1 104 + } 105 + ngp.computer { 106 + hosts ${./coredns/ngp.computer.hosts} ngp.computer { 107 + fallthrough 108 + } 109 + bind enp4s0f1 110 + } 111 + localhost { 112 + hosts ${./coredns/localhost.hosts} localhost { 113 + fallthrough 114 + } 115 + bind enp4s0f1 116 + } 117 + . { 118 + # NextDNS 119 + forward . tls://2a07:a8c0::dd:2feb:853 tls://2a07:a8c1::dd:2feb:853 tls://45.90.28.93:853 tls://45.90.30.93:853 { 120 + tls_servername dd2feb.dns.nextdns.io 121 + health_check 5s 122 + } 123 + bind enp4s0f1 124 + cache 125 + errors 126 + log 127 + } 128 + ''; 129 + }; 130 + 131 + services.nats = { 132 + enable = true; 133 + jetstream = true; 134 + user = "nats"; 135 + group = "nats"; 136 + serverName = "misaki"; 137 + dataDir = "/srv/shokuhou/applications/nats"; 138 + validateConfig = false; 139 + settings = { 140 + authorization = { 141 + users = [ 142 + { 143 + user = "seedbox@packetlost.dev"; 144 + permissions = { 145 + publish = [ 146 + "torrents" 147 + "torrents.>" 148 + "$JS.API.INFO" 149 + #"$JS.API.STREAM.INFO.>" 150 + "$KV.torrents.>" 151 + #"$JS.API.STREAM.*.*.OBJ_torrents" 152 + "$JS.API.*.*.OBJ_torrents" 153 + "$JS.API.STREAM.MSG.GET.OBJ_torrents" 154 + "$JS.API.*.*.OBJ_torrents.>" 155 + "$O.torrents.>" 156 + ]; 157 + subscribe = [ 158 + "torrents.>" 159 + "_INBOX.>" 160 + ]; 161 + allow_responses = false; 162 + }; 163 + } 164 + { user = "odin@packetlost.dev"; } 165 + { user = "misaki@packetlost.dev"; } 166 + { user = "noah@packetlost.dev"; } 167 + { user = "touma-nixos@packetlost.dev"; } 168 + ]; 169 + }; 170 + tls = { 171 + cert_file = "/srv/nats/nats.packetlost.dev/cert.pem"; 172 + key_file = "/srv/nats/nats.packetlost.dev/key.pem"; 173 + ca_file = "/srv/nats/minica.pem"; 174 + verify_and_map = true; 175 + }; 176 + jetstream = { 177 + # 50GB 178 + max_file_store = 53687091200; 179 + max_mem = 8589934592; 180 + }; 181 + }; 182 + }; 183 + 184 + # Minio's object storage has been mostly replaced with NATS. If I specifically need a 185 + # S3-like API, this will be revived. 186 + services.minio = { 187 + enable = false; 188 + listenAddress = ":9003"; 189 + consoleAddress = ":9004"; 190 + dataDir = [ 191 + /srv/shokuhou/applications/minio 192 + ]; 193 + }; 194 + 195 + services.netatalk = { 196 + enable = true; 197 + settings = { 198 + time-machine = { 199 + path = "/srv/shokuhou/backup/timemachine"; 200 + "valid users" = "noah"; 201 + "time machine" = true; 202 + }; 203 + }; 204 + }; 205 + 206 + services.webdav.enable = false; 207 + services.sftpgo = { 208 + enable = false; 209 + dataDir = /srv/shokuhou/documents/sftpgo; 210 + group = "nas"; 211 + }; 212 + services.syncthing = { 213 + enable = false; 214 + openDefaultPorts = true; 215 + # disable the sync folder creation 216 + extraFlags = [ "--no-default-folder" ]; 217 + settings = { 218 + folders = { 219 + "Sync" = { 220 + path = "/srv/shokuhou/documents/sync"; 221 + }; 222 + }; 223 + }; 224 + }; 225 + 226 + services.grafana = { 227 + enable = false; 228 + settings.server.http_port = 2342; 229 + settings.server.domain = "grafana.packetlost.dev"; 230 + settings.server.http_addr = "127.0.0.1"; 231 + }; 232 + 233 + services.prometheus = { 234 + enable = false; 235 + port = 9001; 236 + exporters = { 237 + node = { 238 + enable = true; 239 + enabledCollectors = [ "systemd" ]; 240 + port = 9002; 241 + }; 242 + }; 243 + 244 + scrapeConfigs = [ 245 + { 246 + job_name = "chrysalis"; 247 + static_configs = [ 248 + { targets = [ "127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}" ]; } 249 + ]; 250 + } 251 + ]; 252 + }; 253 + 254 + # TODO: figure out how to appropriately configure this 255 + services.step-ca = { 256 + enable = false; 257 + openFirewall = true; 258 + port = 8443; 259 + address = "0.0.0.0"; 260 + intermediatePasswordFile = /etc/nixos/step-ca-intermediate-ca-password; 261 + settings = builtins.fromJSON (builtins.readFile /home/noah/.step/config/ca.json); 262 + }; 263 + 264 + age.secrets.acme = { 265 + file = ../../secrets/porkbun-api-key.age; 266 + owner = "root"; 267 + group = "acme"; 268 + }; 269 + 270 + security.acme = { 271 + acceptTerms = true; 272 + defaults.email = "noah@packetlost.dev"; 273 + certs."plex.packetlost.dev" = { 274 + group = "httpd"; 275 + dnsProvider = "porkbun"; 276 + environmentFile = config.age.secrets.acme.path; 277 + }; 278 + certs."img.ngp.computer" = { 279 + group = "httpd"; 280 + dnsProvider = "porkbun"; 281 + environmentFile = config.age.secrets.acme.path; 282 + }; 283 + certs."files.ngp.computer" = { 284 + group = "httpd"; 285 + dnsProvider = "porkbun"; 286 + environmentFile = config.age.secrets.acme.path; 287 + }; 288 + certs."cache.ngp.computer" = { 289 + group = "httpd"; 290 + dnsProvider = "porkbun"; 291 + environmentFile = config.age.secrets.acme.path; 292 + }; 293 + certs."photos.ngp.computer" = { 294 + group = "httpd"; 295 + dnsProvider = "porkbun"; 296 + environmentFile = config.age.secrets.acme.path; 297 + }; 298 + certs."jellyfin.packetlost.dev" = { 299 + group = "httpd"; 300 + dnsProvider = "porkbun"; 301 + environmentFile = config.age.secrets.acme.path; 302 + }; 303 + }; 304 + 305 + # A test email server that only works on LAN 306 + services.maddy = { 307 + enable = true; 308 + openFirewall = true; 309 + primaryDomain = "misaki.local"; 310 + ensureAccounts = [ 311 + "noah@misaki.local" 312 + "postmaster@misaki.local" 313 + "test@misaki.local" 314 + ]; 315 + ensureCredentials = { 316 + "noah@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 317 + "postmaster@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 318 + "test@misaki.local".passwordFile = "${pkgs.writeText "test" "Password123"}"; 319 + }; 320 + }; 321 + 322 + age.secrets.nix-serve = { 323 + file = ../../secrets/nix-serve-secret-key.age; 324 + owner = "root"; 325 + group = "root"; 326 + }; 327 + services.nix-serve = { 328 + enable = true; 329 + package = unstable.nix-serve-ng; 330 + secretKeyFile = config.age.secrets.nix-serve.path; 331 + openFirewall = true; 332 + }; 333 + 334 + services.plex = { 335 + enable = true; 336 + openFirewall = false; # we proxy this with nginx 337 + group = "nas"; 338 + user = "noah"; 339 + package = unstable.plex; 340 + }; 341 + 342 + services.jellyfin = { 343 + enable = true; 344 + openFirewall = true; 345 + user = "noah"; 346 + group = "nas"; 347 + logDir = "/srv/shokuhou/applications/jellyfin/log"; 348 + cacheDir = "/srv/shokuhou/applications/jellyfin/cache"; 349 + dataDir = "/srv/shokuhou/applications/jellyfin/data"; 350 + configDir = "/srv/shokuhou/applications/jellyfin/config"; 351 + }; 352 + 353 + services.gitea = { 354 + enable = false; 355 + user = "git"; 356 + domain = "git.packetlost.dev"; 357 + }; 358 + 359 + # Litterbox, collect my IRC logs 360 + systemd = { 361 + services = { 362 + "litterbox@" = { 363 + path = [ pkgs.litterbox ]; 364 + serviceConfig = { 365 + StartLimitIntervalSec = 5; 366 + StartLimitBurst = 10; 367 + Restart = "on-failure"; 368 + RestartSec = "10s"; 369 + Type = "simple"; 370 + ExecStart = "${pkgs.litterbox}/bin/litterbox /srv/litterbox/%i.conf"; 371 + ExecReload = "kill -USR1 $MAINPID"; 372 + User = "noah"; 373 + Group = "litterbox"; 374 + }; 375 + }; 376 + 377 + #"litterbox@libera.irc.packetlost.dev" = { 378 + # overrideStrategy = "asDropin"; 379 + # wantedBy = [ "multi-user.target" ]; 380 + #}; 381 + "update-downstream-src" = { 382 + path = with pkgs; [ 383 + rc 384 + coreutils 385 + git 386 + openssh 387 + ]; 388 + script = "exec ${./scripts/update-src}"; 389 + serviceConfig = { 390 + Type = "oneshot"; 391 + User = "noah"; 392 + WorkingDirectory = "/srv/src"; 393 + }; 394 + }; 395 + }; 396 + timers = { 397 + "update-downstream-src" = { 398 + wantedBy = [ "timers.target" ]; 399 + timerConfig = { 400 + OnCalendar = "daily"; 401 + Persistent = true; 402 + }; 403 + }; 404 + }; 405 + }; 406 + 407 + services.teamspeak3 = { 408 + enable = true; 409 + openFirewall = true; 410 + }; 411 + 412 + services.immich = { 413 + enable = true; 414 + package = unstable.immich; 415 + accelerationDevices = [ "/dev/dri/renderD128" ]; 416 + mediaLocation = "/srv/shokuhou/pictures/immich"; 417 + }; 418 + users.users.immich.extraGroups = [ 419 + "video" 420 + "render" 421 + "nas" 422 + ]; 423 + 424 + # Nginx Reverse SSL Proxy 425 + services.nginx = { 426 + enable = true; 427 + group = "nas"; 428 + user = "noah"; 429 + recommendedGzipSettings = true; 430 + recommendedOptimisation = true; 431 + #recommendedProxySettings = true; 432 + recommendedTlsSettings = true; 433 + 434 + virtualHosts."photos.ngp.computer" = { 435 + enableACME = true; 436 + acmeRoot = null; 437 + forceSSL = true; 438 + locations."/" = { 439 + proxyPass = "http://[::1]:${toString config.services.immich.port}"; 440 + proxyWebsockets = true; 441 + recommendedProxySettings = true; 442 + extraConfig = '' 443 + client_max_body_size 50000M; 444 + proxy_read_timeout 600s; 445 + proxy_send_timeout 600s; 446 + send_timeout 600s; 447 + ''; 448 + }; 449 + }; 450 + virtualHosts."img.ngp.computer" = { 451 + forceSSL = true; 452 + enableACME = true; 453 + acmeRoot = null; 454 + root = "/srv/shokuhou/pictures/public"; 455 + extraConfig = '' 456 + sendfile on; 457 + autoindex_exact_size on; 458 + tcp_nopush on; 459 + ''; 460 + locations."/" = { 461 + extraConfig = '' 462 + autoindex on; 463 + autoindex_exact_size on; 464 + alias /srv/shokuhou/pictures/public/$1; 465 + ''; 466 + }; 467 + }; 468 + virtualHosts."files.ngp.computer" = { 469 + forceSSL = true; 470 + enableACME = true; 471 + acmeRoot = null; 472 + root = null; 473 + extraConfig = '' 474 + sendfile on; 475 + tcp_nopush on; 476 + ''; 477 + locations."/books/" = { 478 + extraConfig = '' 479 + autoindex on; 480 + autoindex_exact_size on; 481 + alias /srv/shokuhou/books/sync/$1; 482 + ''; 483 + }; 484 + }; 485 + virtualHosts."jellyfin.packetlost.dev" = { 486 + forceSSL = true; 487 + enableACME = true; 488 + acmeRoot = null; 489 + http2 = true; 490 + locations."/" = { 491 + proxyPass = "http://localhost:8096/"; 492 + }; 493 + }; 494 + virtualHosts."cache.ngp.computer" = { 495 + forceSSL = true; 496 + enableACME = true; 497 + acmeRoot = null; 498 + http2 = true; 499 + locations."/".proxyPass = 500 + "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; 501 + }; 502 + 503 + # give a name to the virtual host. It also becomes the server name. 504 + virtualHosts."plex.packetlost.dev" = { 505 + # Since we want a secure connection, we force SSL 506 + forceSSL = true; 507 + enableACME = true; 508 + acmeRoot = null; 509 + 510 + # http2 can more performant for streaming: https://blog.cloudflare.com/introducing-http2/ 511 + http2 = true; 512 + 513 + # Provide the ssl cert and key for the vhost 514 + # These are filled in automatically with ACME 515 + extraConfig = '' 516 + 517 + #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause 518 + send_timeout 100m; 519 + 520 + # Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/ 521 + ssl_stapling on; 522 + ssl_stapling_verify on; 523 + 524 + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 525 + ssl_prefer_server_ciphers on; 526 + #Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384. 527 + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 528 + 529 + # Forward real ip and host to Plex 530 + proxy_set_header X-Real-IP $remote_addr; 531 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 532 + proxy_set_header X-Forwarded-Proto $scheme; 533 + proxy_set_header Host $server_addr; 534 + proxy_set_header Referer $server_addr; 535 + proxy_set_header Origin $server_addr; 536 + 537 + # Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. 538 + gzip on; 539 + gzip_vary on; 540 + gzip_min_length 1000; 541 + gzip_proxied any; 542 + gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml; 543 + gzip_disable "MSIE [1-6]\."; 544 + 545 + # Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones. 546 + # Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more 547 + client_max_body_size 100M; 548 + 549 + # Plex headers 550 + proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; 551 + proxy_set_header X-Plex-Device $http_x_plex_device; 552 + proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; 553 + proxy_set_header X-Plex-Platform $http_x_plex_platform; 554 + proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; 555 + proxy_set_header X-Plex-Product $http_x_plex_product; 556 + proxy_set_header X-Plex-Token $http_x_plex_token; 557 + proxy_set_header X-Plex-Version $http_x_plex_version; 558 + proxy_set_header X-Plex-Nocache $http_x_plex_nocache; 559 + proxy_set_header X-Plex-Provides $http_x_plex_provides; 560 + proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; 561 + proxy_set_header X-Plex-Model $http_x_plex_model; 562 + 563 + # Websockets 564 + proxy_http_version 1.1; 565 + proxy_set_header Upgrade $http_upgrade; 566 + proxy_set_header Connection "upgrade"; 567 + 568 + # Buffering off send to the client as soon as the data is received from Plex. 569 + proxy_redirect off; 570 + proxy_buffering off; 571 + ''; 572 + 573 + locations."/" = { 574 + proxyPass = "http://localhost:32400/"; 575 + }; 576 + }; 577 + }; 578 + }
+6
host-specific/misaki/users.nix
··· 1 + { ... }: 2 + { 3 + users.groups.nas.gid = 1001; 4 + users.groups.httpd.gid = 1002; 5 + users.groups.litterbox.gid = 1003; 6 + }
+6
host-specific/odin/boot.nix
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + }
+62
host-specific/odin/configuration.nix
··· 1 + # Edit this configuration file to define what should be installed on 2 + ## your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + { ... }: 6 + { 7 + imports = [ 8 + # Include the results of the hardware scan. 9 + ./hardware-configuration.nix 10 + ./boot.nix 11 + ./networking.nix 12 + #./gui.nix 13 + ./packages.nix 14 + ./services.nix 15 + ]; 16 + 17 + nixpkgs.config.allowUnfree = true; 18 + 19 + # Set your time zone. 20 + time.timeZone = "America/Chicago"; 21 + 22 + # Select internationalisation properties. 23 + i18n.defaultLocale = "en_US.UTF-8"; 24 + # console = { 25 + # font = "Lat2-Terminus16"; 26 + # keyMap = "us"; 27 + # useXkbConfig = true; # use xkb.options in tty. 28 + # }; 29 + 30 + # Automatic doc cache generation 31 + documentation.man.generateCaches = true; 32 + 33 + # Automatic system upgrades 34 + system.autoUpgrade = { 35 + enable = true; 36 + dates = "09:00"; 37 + randomizedDelaySec = "45min"; 38 + }; 39 + 40 + # Automatic Garbage Collection 41 + nix.gc.automatic = true; 42 + nix.gc.options = "--delete-older-than 8d"; 43 + 44 + # This option defines the first version of NixOS you have installed on this particular machine, 45 + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 46 + # 47 + # Most users should NEVER change this value after the initial install, for any reason, 48 + # even if you've upgraded your system to a new NixOS release. 49 + # 50 + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 51 + # so changing it will NOT upgrade your system. 52 + # 53 + # This value being lower than the current NixOS release does NOT mean your system is 54 + # out of date, out of support, or vulnerable. 55 + # 56 + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 57 + # and migrated your data accordingly. 58 + # 59 + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 60 + system.stateVersion = "23.11"; # Did you read the comment? 61 + 62 + }
+9
host-specific/odin/default.nix
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + ./hardware-configuration.nix 5 + ./networking.nix 6 + ./packages.nix 7 + ./services.nix 8 + ]; 9 + }
+98
host-specific/odin/gui.nix
··· 1 + { pkgs, ... }: 2 + { 3 + # Enable the X11 windowing system. 4 + services.xserver = { 5 + enable = true; 6 + videoDrivers = [ "amdgpu" ]; 7 + }; 8 + 9 + # Fix for HIP libraries 10 + systemd.tmpfiles.rules = [ 11 + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 12 + ]; 13 + 14 + # Configure keymap in X11 15 + # services.xserver.xkb.layout = "us"; 16 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 17 + 18 + # Enable CUPS to print documents. 19 + # services.printing.enable = true; 20 + 21 + # Enable sound. 22 + security.rtkit.enable = true; 23 + services.pipewire = { 24 + enable = true; 25 + alsa.enable = true; 26 + alsa.support32Bit = true; 27 + pulse.enable = true; 28 + wireplumber.enable = true; 29 + }; 30 + 31 + # Graphics and parallel compute configuration 32 + hardware.graphics = { 33 + enable = true; 34 + extraPackages = with pkgs; [ 35 + libva 36 + mesa 37 + rocmPackages.clr.icd 38 + ]; 39 + }; 40 + 41 + # Enable touchpad support (enabled default in most desktopManager). 42 + # services.xserver.libinput.enable = true; 43 + 44 + # Fonts 45 + fonts.packages = with pkgs; [ 46 + fira-code 47 + fira-code-symbols 48 + noto-fonts 49 + noto-fonts-cjk-sans 50 + noto-fonts-color-emoji 51 + nerd-fonts.fira-code 52 + ]; 53 + 54 + # Polkit is a dependency of Sway. It's responsible for handling security policies 55 + security.polkit.enable = true; 56 + 57 + # Enable the sway window manager 58 + programs.sway = { 59 + enable = true; 60 + #package = unstable.sway; 61 + wrapperFeatures.gtk = true; 62 + }; 63 + # Use greetd as the displaymanager 64 + #services.xserver.displayManager.greetd.enable = true; 65 + #services.xserver.displayManager.lightdm.enable = false; 66 + services.displayManager.sddm.enable = true; 67 + services.displayManager.defaultSession = "sway"; 68 + services.displayManager.autoLogin = { 69 + enable = true; 70 + user = "noah"; 71 + }; 72 + 73 + # i3, for when I need XOrg 74 + services.xserver.windowManager.i3 = { 75 + enable = true; 76 + extraPackages = with pkgs; [ 77 + dmenu 78 + i3status 79 + i3lock 80 + i3blocks 81 + ]; 82 + }; 83 + 84 + xdg.portal = { 85 + enable = true; 86 + wlr.enable = true; 87 + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; 88 + }; 89 + xdg.mime = { 90 + enable = true; 91 + defaultApplications = { 92 + "x-scheme-handler/http" = "org.firefox.firefox.desktop"; 93 + "x-scheme-handler/https" = "org.firefox.firefox.desktop"; 94 + }; 95 + }; 96 + services.dbus.enable = true; 97 + services.gnome.gnome-keyring.enable = true; 98 + }
+93
host-specific/odin/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + modulesPath, 8 + pkgs, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages_latest; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "thunderbolt" 22 + "usb_storage" 23 + "usbhid" 24 + "sd_mod" 25 + "sdhci_pci" 26 + ]; 27 + boot.initrd.kernelModules = [ 28 + "kvm-amd" 29 + "amdgpu" 30 + "nvme" 31 + "xhci_pci" 32 + "thunderbolt" 33 + "usb_storage" 34 + "usbhid" 35 + "sd_mod" 36 + "sdhci_pci" 37 + ]; 38 + boot.kernelModules = [ 39 + "kvm-amd" 40 + "amdgpu" 41 + "nvme" 42 + "xhci_pci" 43 + "thunderbolt" 44 + "usb_storage" 45 + "usbhid" 46 + "sd_mod" 47 + "sdhci_pci" 48 + ]; 49 + virtualisation.libvirtd = { 50 + enable = true; 51 + qemu = { 52 + runAsRoot = false; 53 + }; 54 + }; 55 + #boot.extraModulePackages = with config.boot.kernelPackages; [ ]; 56 + boot.kernelParams = [ ]; 57 + 58 + hardware.enableRedistributableFirmware = true; 59 + 60 + fileSystems."/" = { 61 + device = "/dev/disk/by-uuid/07019c69-2597-410d-a8a0-a8ffb0f58883"; 62 + fsType = "ext4"; 63 + }; 64 + 65 + fileSystems."/boot" = { 66 + device = "/dev/disk/by-uuid/4B85-C90A"; 67 + fsType = "vfat"; 68 + }; 69 + 70 + swapDevices = [ 71 + { 72 + device = "/swapfile"; 73 + size = 32 * 1024; 74 + } 75 + ]; 76 + 77 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 78 + # (the default) this is the recommended approach. When using systemd-networkd it's 79 + # still possible to use this option, but it's recommended to use it in conjunction 80 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 81 + networking.useDHCP = lib.mkDefault true; 82 + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; 83 + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; 84 + 85 + nixpkgs.hostPlatform = { 86 + #gcc.arch = "znver2"; 87 + #gcc.tune = "znver2"; 88 + system = "x86_64-linux"; 89 + #gcc.arch = "x86-64-v3"; 90 + }; 91 + #nix.settings.system-features = ["gccarch-znver2" "big-parallel" "nixos-test" "benchmark" "kvm"]; 92 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 93 + }
+78
host-specific/odin/networking.nix
··· 1 + { ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "odin"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.useNetworkd = true; 19 + # TODO: static IP @ 192.168.1.6 20 + 21 + # Configure network proxy if necessary 22 + # networking.proxy.default = "http://user:password@proxy:port/"; 23 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 + # Open ports in the firewall. 25 + # networking.firewall.allowedTCPPorts = [ ... ]; 26 + # networking.firewall.allowedUDPPorts = [ ... ]; 27 + # Or disable the firewall altogether. 28 + networking.firewall = { 29 + enable = true; 30 + allowPing = true; 31 + allowedUDPPorts = [ ]; 32 + allowedUDPPortRanges = [ ]; 33 + allowedTCPPorts = [ 34 + 2375 35 + 3000 36 + ]; 37 + }; 38 + 39 + services.avahi = { 40 + enable = true; 41 + nssmdns4 = true; 42 + nssmdns6 = true; 43 + ipv6 = true; 44 + openFirewall = true; 45 + publish = { 46 + enable = true; 47 + addresses = true; 48 + workstation = true; 49 + userServices = true; 50 + domain = true; 51 + }; 52 + }; 53 + 54 + # NFS mounts 55 + 56 + fileSystems = { 57 + "/srv/shokuhou" = { 58 + device = "192.168.1.3:/srv/shokuhou"; 59 + fsType = "nfs"; 60 + options = [ 61 + "nfsvers=4" 62 + "user" 63 + "x-system.automount" 64 + "x-system.idle-timeout=600" 65 + ]; 66 + }; 67 + "/srv/mentalout" = { 68 + device = "192.168.1.3:/srv/mentalout"; 69 + fsType = "nfs"; 70 + options = [ 71 + "nfsvers=4" 72 + "user" 73 + "x-system.automount" 74 + "x-system.idle-timeout=600" 75 + ]; 76 + }; 77 + }; 78 + }
+129
host-specific/odin/packages.nix
··· 1 + { pkgs, lib, ... }: 2 + let # bash script to let dbus know about important env variables and 3 + # propagate them to relevent services run at the end of sway config 4 + # see 5 + # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 + # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 + # some user services to make sure they have the correct environment variables 8 + dbus-sway-environment = pkgs.writeTextFile { 9 + name = "dbus-sway-environment"; 10 + destination = "/bin/dbus-sway-environment"; 11 + executable = true; 12 + 13 + text = '' 14 + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 + ''; 18 + }; 19 + 20 + # currently, there is some friction between sway and gtk: 21 + # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 + # the suggested way to set gtk settings is with gsettings 23 + # for gsettings to work, we need to tell it where the schemas are 24 + # using the XDG_DATA_DIR environment variable 25 + # run at the end of sway config 26 + configure-gtk = pkgs.writeTextFile { 27 + name = "configure-gtk"; 28 + destination = "/bin/configure-gtk"; 29 + executable = true; 30 + text = 31 + let 32 + # TODO: figure out why these bindings exist or where they're used 33 + schema = pkgs.gsettings-desktop-schemas; 34 + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 + in 36 + '' 37 + 6 gnome_schema=org.gnome.desktop.interface 38 + gsettings set $gnome_schema gtk-theme 'Dracula' 39 + ''; 40 + }; 41 + in 42 + { 43 + 44 + # List packages installed in system profile. To search, run: 45 + # $ nix search wget 46 + environment.systemPackages = with pkgs; [ 47 + neovim 48 + appimage-run 49 + tzdata 50 + wget 51 + kitty 52 + file 53 + w3m 54 + fishPlugins.fzf-fish 55 + fzf 56 + qemu 57 + qemu-user 58 + qemu-utils 59 + qemu_full 60 + OVMF 61 + #9p stuff 62 + diod 63 + plan9port 64 + vis 65 + rc 66 + ncdu 67 + 68 + smartmontools 69 + 70 + # Sway stuff 71 + wdisplays 72 + mako 73 + bemenu 74 + wl-clipboard 75 + slurp 76 + grim 77 + swayidle 78 + swaylock 79 + adwaita-icon-theme 80 + dracula-theme 81 + glib 82 + xdg-utils 83 + wayland 84 + configure-gtk 85 + dbus-sway-environment 86 + dbus 87 + pkg-config 88 + zlib 89 + # why wouldn't I want documentation on my system 90 + man-pages 91 + man-pages-posix 92 + perf 93 + ]; 94 + documentation.dev.enable = true; 95 + 96 + # Fix dynamically linked libraries for unpackaged binaries 97 + programs.nix-ld = { 98 + enable = true; 99 + libraries = with pkgs; [ 100 + # Add missing dynamic libraries for unpackaged programs HERE 101 + # NOT in environment.systemPackages 102 + zlib 103 + openssl 104 + sqlite 105 + libunwind 106 + libglvnd 107 + libclang 108 + systemdLibs 109 + ]; 110 + }; 111 + programs.nix-index = { 112 + enable = true; 113 + enableFishIntegration = true; 114 + enableBashIntegration = false; 115 + enableZshIntegration = false; 116 + }; 117 + 118 + # Run other bins in QEMU 119 + boot.binfmt.emulatedSystems = [ 120 + "aarch64-linux" 121 + "riscv64-linux" 122 + ]; 123 + # UEFI firmware support for QEMU 124 + systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; 125 + 126 + # Logseq uses an ancient version of Electron, so we enable that 127 + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 128 + nixpkgs.config.allowUnfree = true; 129 + }
+33
host-specific/odin/services.nix
··· 1 + { ... }: 2 + { 3 + # Some programs need SUID wrappers, can be configured further or are 4 + # started in user sessions. 5 + # programs.mtr.enable = true; 6 + programs.gnupg.agent = { 7 + enable = true; 8 + enableSSHSupport = false; 9 + }; 10 + 11 + # Fish shell, the best 12 + programs.fish.enable = true; 13 + 14 + services.tailscale.useRoutingFeatures = "client"; 15 + 16 + services.redis.servers."" = { 17 + enable = true; 18 + }; 19 + 20 + # Containers and VMs 21 + virtualisation = { 22 + podman = { 23 + enable = false; 24 + dockerCompat = true; 25 + defaultNetwork.settings.dns_enabled = true; 26 + dockerSocket.enable = true; 27 + }; 28 + docker = { 29 + enable = true; 30 + storageDriver = "overlay2"; 31 + }; 32 + }; 33 + }
+6
host-specific/shizuri/boot.nix
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + }
+13
host-specific/shizuri/configuration.nix
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + # Include the results of the hardware scan. 5 + ./hardware-configuration.nix 6 + ./boot.nix 7 + ./networking.nix 8 + ./gui.nix 9 + ./packages.nix 10 + ./services.nix 11 + ]; 12 + system.stateVersion = "23.11"; # Did you read the comment? 13 + }
+27
host-specific/shizuri/gs.sh
··· 1 + #!/usr/bin/env bash 2 + set -xeuo pipefail 3 + 4 + gamescopeArgs=( 5 + --adaptive-sync # VRR support 6 + --hdr-enabled 7 + --mangoapp # performance overlay 8 + --rt 9 + --steam 10 + ) 11 + steamArgs=( 12 + -pipewire-dmabuf 13 + -tenfoot 14 + ) 15 + mangoConfig=( 16 + cpu_temp 17 + gpu_temp 18 + ram 19 + vram 20 + ) 21 + mangoVars=( 22 + MANGOHUD=1 23 + MANGOHUD_CONFIG="$(IFS=,; echo "${mangoConfig[*]}")" 24 + ) 25 + 26 + export "${mangoVars[@]}" 27 + exec gamescope "${gamescopeArgs[@]}" -- steam "${steamArgs[@]}"
+115
host-specific/shizuri/gui.nix
··· 1 + { pkgs, ... }: 2 + { 3 + # Enable the X11 windowing system. 4 + services.xserver = { 5 + enable = true; 6 + videoDrivers = [ "amdgpu" ]; 7 + }; 8 + 9 + # Fix for HIP libraries 10 + systemd.tmpfiles.rules = [ 11 + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 12 + ]; 13 + 14 + # Configure keymap in X11 15 + services.xserver.xkb = { 16 + layout = "us"; 17 + variant = ""; 18 + }; 19 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 20 + 21 + # Enable CUPS to print documents. 22 + # services.printing.enable = true; 23 + 24 + # Enable sound. 25 + security.rtkit.enable = true; 26 + services.pipewire = { 27 + enable = true; 28 + alsa.enable = true; 29 + alsa.support32Bit = true; 30 + pulse.enable = true; 31 + wireplumber.enable = true; 32 + }; 33 + 34 + # Graphics and parallel compute configuration 35 + hardware.graphics = { 36 + enable = true; 37 + extraPackages = with pkgs; [ 38 + libva 39 + mesa 40 + rocmPackages.clr.icd 41 + ]; 42 + }; 43 + 44 + # Enable touchpad support (enabled default in most desktopManager). 45 + # services.xserver.libinput.enable = true; 46 + 47 + # Fonts 48 + fonts.packages = with pkgs; [ 49 + fira-code 50 + fira-code-symbols 51 + noto-fonts 52 + noto-fonts-cjk-sans 53 + noto-fonts-color-emoji 54 + nerd-fonts.fira-code 55 + ]; 56 + 57 + # Polkit is a dependency of Sway. It's responsible for handling security policies 58 + security.polkit.enable = true; 59 + 60 + # Enable the sway window manager 61 + programs.sway = { 62 + enable = false; 63 + #package = unstable.sway; 64 + wrapperFeatures.gtk = true; 65 + }; 66 + # Use greetd as the displaymanager 67 + #services.xserver.displayManager.greetd.enable = true; 68 + 69 + services.xserver.displayManager.lightdm.enable = false; 70 + 71 + #services.displayManager.sddm.enable = true; 72 + #services.displayManager.defaultSession = "sway"; 73 + #services.displayManager.autoLogin = { 74 + # enable = true; 75 + # user = "noah"; 76 + #}; 77 + services.xserver.desktopManager.xfce.enable = false; 78 + services.xserver.desktopManager.lxqt = { 79 + enable = true; 80 + }; 81 + services.xscreensaver.enable = true; 82 + security.pam.services.xscreensaver.enable = true; 83 + 84 + # i3, for when I need XOrg 85 + services.xserver.windowManager.i3 = { 86 + enable = false; 87 + extraPackages = with pkgs; [ 88 + dmenu 89 + i3status 90 + i3lock 91 + i3blocks 92 + ]; 93 + }; 94 + 95 + xdg.portal = { 96 + enable = true; 97 + wlr.enable = true; 98 + extraPortals = [ 99 + pkgs.xdg-desktop-portal 100 + pkgs.xdg-desktop-portal-wlr 101 + pkgs.xdg-desktop-portal-gtk 102 + pkgs.xdg-desktop-portal-termfilechooser 103 + pkgs.lxqt.xdg-desktop-portal-lxqt 104 + ]; 105 + }; 106 + xdg.mime = { 107 + enable = true; 108 + defaultApplications = { 109 + "x-scheme-handler/http" = "org.firefox.firefox.desktop"; 110 + "x-scheme-handler/https" = "org.firefox.firefox.desktop"; 111 + }; 112 + }; 113 + services.dbus.enable = true; 114 + services.gnome.gnome-keyring.enable = true; 115 + }
+84
host-specific/shizuri/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages_latest; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "thunderbolt" 22 + "usb_storage" 23 + "usbhid" 24 + "uas" 25 + "sd_mod" 26 + ]; 27 + boot.initrd.kernelModules = [ ]; 28 + boot.kernelModules = [ "kvm-amd" ]; 29 + boot.extraModulePackages = [ ]; 30 + 31 + # Bluetooth / wireless configuration 32 + hardware.bluetooth = { 33 + enable = true; 34 + powerOnBoot = true; 35 + settings = { 36 + General = { 37 + # Shows battery charge of connected devices on supported 38 + # Bluetooth adapters. Defaults to 'false'. 39 + Experimental = true; 40 + # When enabled other devices can connect faster to us, however 41 + # the tradeoff is increased power consumption. Defaults to 42 + # 'false'. 43 + FastConnectable = true; 44 + }; 45 + Policy = { 46 + # Enable all controllers when they are found. This includes 47 + # adapters present on start as well as adapters that are plugged 48 + # in later on. Defaults to 'true'. 49 + AutoEnable = true; 50 + }; 51 + }; 52 + }; 53 + 54 + fileSystems."/" = { 55 + device = "/dev/disk/by-uuid/9a7cbffe-6c10-4220-bb99-4dcea8181dcc"; 56 + fsType = "ext4"; 57 + }; 58 + 59 + fileSystems."/boot" = { 60 + device = "/dev/disk/by-uuid/9AC5-62C3"; 61 + fsType = "vfat"; 62 + options = [ 63 + "fmask=0077" 64 + "dmask=0077" 65 + ]; 66 + }; 67 + 68 + swapDevices = [ { device = "/dev/disk/by-uuid/a19d8fad-d8d2-4bbe-a233-e645020419ff"; } ]; 69 + fileSystems."/srv/mugino" = { 70 + device = "/dev/disk/by-uuid/d832dd9f-1fbb-4ca7-9097-0ba329b838af"; 71 + fsType = "ext4"; 72 + }; 73 + 74 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 75 + # (the default) this is the recommended approach. When using systemd-networkd it's 76 + # still possible to use this option, but it's recommended to use it in conjunction 77 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 78 + networking.useDHCP = lib.mkDefault true; 79 + # networking.interfaces.enp191s0.useDHCP = lib.mkDefault true; 80 + # networking.interfaces.wlp192s0.useDHCP = lib.mkDefault true; 81 + 82 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 83 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 84 + }
+78
host-specific/shizuri/networking.nix
··· 1 + { ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "shizuri"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.useNetworkd = true; 19 + # TODO: static IP @ 192.168.1.2 20 + 21 + # Configure network proxy if necessary 22 + # networking.proxy.default = "http://user:password@proxy:port/"; 23 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 + # Open ports in the firewall. 25 + # networking.firewall.allowedTCPPorts = [ ... ]; 26 + # networking.firewall.allowedUDPPorts = [ ... ]; 27 + # Or disable the firewall altogether. 28 + # TODO: allow some ports 29 + networking.firewall = { 30 + enable = false; 31 + allowPing = true; 32 + allowedUDPPorts = [ ]; 33 + allowedTCPPorts = [ 34 + 1234 35 + 2375 36 + ]; 37 + }; 38 + 39 + services.avahi = { 40 + enable = true; 41 + nssmdns4 = true; 42 + nssmdns6 = true; 43 + ipv6 = true; 44 + openFirewall = true; 45 + publish = { 46 + enable = true; 47 + addresses = true; 48 + workstation = true; 49 + userServices = true; 50 + domain = true; 51 + }; 52 + }; 53 + 54 + # NFS mounts 55 + 56 + fileSystems = { 57 + "/srv/shokuhou" = { 58 + device = "192.168.1.3:/srv/shokuhou"; 59 + fsType = "nfs"; 60 + options = [ 61 + "nfsvers=4" 62 + "user" 63 + "x-system.automount" 64 + "x-system.idle-timeout=600" 65 + ]; 66 + }; 67 + "/srv/mentalout" = { 68 + device = "192.168.1.3:/srv/mentalout"; 69 + fsType = "nfs"; 70 + options = [ 71 + "nfsvers=4" 72 + "user" 73 + "x-system.automount" 74 + "x-system.idle-timeout=600" 75 + ]; 76 + }; 77 + }; 78 + }
+173
host-specific/shizuri/packages.nix
··· 1 + { pkgs, lib, ... }: 2 + let # bash script to let dbus know about important env variables and 3 + # propagate them to relevent services run at the end of sway config 4 + # see 5 + # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 + # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 + # some user services to make sure they have the correct environment variables 8 + dbus-sway-environment = pkgs.writeTextFile { 9 + name = "dbus-sway-environment"; 10 + destination = "/bin/dbus-sway-environment"; 11 + executable = true; 12 + 13 + text = '' 14 + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 + ''; 18 + }; 19 + 20 + # currently, there is some friction between sway and gtk: 21 + # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 + # the suggested way to set gtk settings is with gsettings 23 + # for gsettings to work, we need to tell it where the schemas are 24 + # using the XDG_DATA_DIR environment variable 25 + # run at the end of sway config 26 + configure-gtk = pkgs.writeTextFile { 27 + name = "configure-gtk"; 28 + destination = "/bin/configure-gtk"; 29 + executable = true; 30 + text = 31 + let 32 + # TODO: figure out why these bindings exist or where they're used 33 + schema = pkgs.gsettings-desktop-schemas; 34 + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 + in 36 + '' 37 + 6 gnome_schema=org.gnome.desktop.interface 38 + gsettings set $gnome_schema gtk-theme 'Dracula' 39 + ''; 40 + }; 41 + in 42 + { 43 + 44 + # List packages installed in system profile. To search, run: 45 + # $ nix search wget 46 + environment.systemPackages = with pkgs; [ 47 + mangohud 48 + neovim 49 + appimage-run 50 + tzdata 51 + wget 52 + kitty 53 + file 54 + w3m 55 + fishPlugins.fzf-fish 56 + fzf 57 + qemu 58 + qemu-user 59 + qemu-utils 60 + qemu_full 61 + OVMF 62 + #9p stuff 63 + diod 64 + plan9port 65 + vis 66 + rc 67 + 68 + smartmontools 69 + 70 + # Sway stuff 71 + wdisplays 72 + mako 73 + bemenu 74 + wl-clipboard 75 + slurp 76 + grim 77 + swayidle 78 + swaylock 79 + adwaita-icon-theme 80 + dracula-theme 81 + glib 82 + xdg-utils 83 + xdg-desktop-portal 84 + wayland 85 + configure-gtk 86 + lxqt.lxqt-menu-data # for lxqt 87 + dbus-sway-environment 88 + dbus 89 + pkg-config 90 + zlib 91 + # why wouldn't I want documentation on my system 92 + man-pages 93 + man-pages-posix 94 + linuxPackages_latest.perf 95 + ]; 96 + 97 + environment.loginShellInit = '' 98 + [[ "$(tty)" = "/dev/tty1" ]] && /home/noah/repos/nixos/gs.sh 99 + ''; 100 + 101 + documentation.dev.enable = true; 102 + 103 + # Fix dynamically linked libraries for unpackaged binaries 104 + programs.nix-ld = { 105 + enable = true; 106 + libraries = with pkgs; [ 107 + # Add missing dynamic libraries for unpackaged programs HERE 108 + # NOT in environment.systemPackages 109 + zlib 110 + openssl 111 + sqlite 112 + libunwind 113 + libglvnd 114 + libclang 115 + systemdLibs 116 + ]; 117 + }; 118 + programs.nix-index = { 119 + enable = true; 120 + enableFishIntegration = true; 121 + enableBashIntegration = false; 122 + enableZshIntegration = false; 123 + }; 124 + 125 + programs.steam = { 126 + enable = true; 127 + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play 128 + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server 129 + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers 130 + gamescopeSession.enable = true; 131 + }; 132 + programs.gamescope = { 133 + enable = true; 134 + capSysNice = true; 135 + }; 136 + # Boot to bigpicture 137 + services.getty.autologinUser = "noah"; 138 + 139 + programs.appimage = { 140 + enable = true; 141 + binfmt = true; 142 + }; 143 + 144 + # Run other bins in QEMU 145 + boot.binfmt.emulatedSystems = [ 146 + "aarch64-linux" 147 + "riscv64-linux" 148 + ]; 149 + # UEFI firmware support for QEMU 150 + systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; 151 + 152 + # Logseq uses an ancient version of Electron, so we enable that 153 + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 154 + 155 + # I don't care too much about unfree 156 + nixpkgs.config.allowUnfree = true; 157 + # Whitelist some unfree packages 158 + nixpkgs.config.allowUnfreePredicate = 159 + pkg: 160 + builtins.elem (lib.getName pkg) [ 161 + "discord" 162 + "spotify" 163 + "obsidian" 164 + "unstable.obsidian" 165 + "tailscale" 166 + "google-chrome" 167 + "slack" 168 + "steam" 169 + "steam-original" 170 + "steam-unwrapped" 171 + "steam-run" 172 + ]; 173 + }
+44
host-specific/shizuri/services.nix
··· 1 + { pkgs, ... }: 2 + { 3 + # Some programs need SUID wrappers, can be configured further or are 4 + # started in user sessions. 5 + # programs.mtr.enable = true; 6 + programs.gnupg.agent = { 7 + enable = true; 8 + enableSSHSupport = false; 9 + }; 10 + 11 + # Enable the OpenSSH daemon. 12 + services.openssh = { 13 + enable = true; 14 + settings.X11Forwarding = true; 15 + }; 16 + 17 + # Smart Card daemon 18 + services.pcscd.enable = true; 19 + 20 + # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 21 + services.hardware.bolt.enable = true; 22 + 23 + services.fwupd.enable = true; 24 + 25 + services.xrdp = { 26 + enable = true; 27 + openFirewall = true; 28 + defaultWindowManager = "${pkgs.lxqt.lxqt-session}/bin/lxqt-session"; 29 + }; 30 + 31 + # Containers and VMs 32 + virtualisation = { 33 + podman = { 34 + enable = false; 35 + dockerCompat = true; 36 + defaultNetwork.settings.dns_enabled = true; 37 + dockerSocket.enable = true; 38 + }; 39 + docker = { 40 + enable = true; 41 + storageDriver = "overlay2"; 42 + }; 43 + }; 44 + }
+55
host-specific/touma-wsl.nix
··· 1 + # Edit this configuration file to define what should be installed on 2 + # your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + # NixOS-WSL specific options are documented on the NixOS-WSL repository: 6 + # https://github.com/nix-community/NixOS-WSL 7 + 8 + { pkgs, inputs, ... }: 9 + { 10 + imports = [ 11 + # WSL has no hardware configuration 12 + ../users.nix 13 + ../services.nix 14 + ]; 15 + wsl = { 16 + enable = true; 17 + defaultUser = "noah"; 18 + wslConf.network.hostname = "touma-wsl-nixos"; 19 + }; 20 + # List packages installed in system profile. To search, run: 21 + # $ nix search wget 22 + environment.systemPackages = with pkgs; [ 23 + neovim 24 + appimage-run 25 + wget 26 + kitty 27 + w3m 28 + fishPlugins.fzf-fish 29 + fzf 30 + qemu 31 + OVMF 32 + gitFull 33 + # plan9 34 + diod 35 + plan9port 36 + vis 37 + rc 38 + 39 + xdg-utils 40 + inputs.agenix.packages."${system}".agenix 41 + ]; 42 + services.openssh.enable = true; 43 + 44 + # Fix dynamically linked libraries for unpackaged binaries 45 + programs.nix-ld = { 46 + enable = true; 47 + libraries = with pkgs; [ 48 + # Add missing dynamic libraries for unpackaged programs HERE 49 + # NOT in environment.systemPackages 50 + zlib 51 + fuse3 52 + ]; 53 + }; 54 + system.stateVersion = "24.11"; 55 + }
+4 -4
kitty/kitty.conf
··· 1 - font_family Berkeley Mono Regular 1 + font_family Berkeley Mono Variable Regular 2 2 #font_family CommitMono Variable Regular 3 3 #symbol_map U+E0A0-U+E0A3,U+E0C0-U+E0C7 JetBrains Mono Bold 4 4 #symbol_map U+E0A0-U+E0A3,U+E0C0-U+E0C7 Fira Code Bold 5 5 symbol_map U+E0A0-U+E0A3,U+E0C0-U+E0C7 FiraCode Nerd Font Bold 6 - bold_font Berkeley Mono Bold 7 - italic_font Berkeley Mono Italic 8 - bold_italic_font Berkeley Mono BoldItalic 6 + bold_font auto 7 + italic_font auto 8 + bold_italic_font auto 9 9 font_size 13.0 10 10 #font_size 12.0 11 11
-65
networking.nix
··· 1 - { ... }: 2 - { 3 - # networking.hostName = "nixos"; # Define your hostname. 4 - # Pick only one of the below networking options. 5 - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 - networking.hostName = "odin"; 8 - # I like systemd-networkd 9 - systemd.network.enable = true; 10 - systemd.network.networks."50-wlp2s0" = { 11 - matchConfig.name = "wlp2s0"; 12 - networkConfig.DHCP = "yes"; 13 - linkConfig.RequiredForOnline = "no"; 14 - }; 15 - 16 - networking.tempAddresses = "disabled"; 17 - 18 - networking.useNetworkd = true; 19 - # TODO: static IP @ 192.168.1.2 20 - 21 - # Configure network proxy if necessary 22 - # networking.proxy.default = "http://user:password@proxy:port/"; 23 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 - # Open ports in the firewall. 25 - # networking.firewall.allowedTCPPorts = [ ... ]; 26 - # networking.firewall.allowedUDPPorts = [ ... ]; 27 - # Or disable the firewall altogether. 28 - # TODO: allow some ports 29 - networking.firewall = { 30 - enable = true; 31 - allowPing = true; 32 - allowedUDPPorts = [ ]; 33 - allowedTCPPorts = [ ]; 34 - }; 35 - 36 - services.avahi = { 37 - enable = true; 38 - nssmdns4 = true; 39 - nssmdns6 = true; 40 - ipv6 = true; 41 - openFirewall = true; 42 - publish = { 43 - enable = true; 44 - addresses = true; 45 - workstation = true; 46 - userServices = true; 47 - domain = true; 48 - }; 49 - }; 50 - 51 - # NFS mounts 52 - 53 - fileSystems = { 54 - "/srv/shokuhou" = { 55 - device = "192.168.1.3:/srv/shokuhou"; 56 - fsType = "nfs"; 57 - options = [ "nfsvers=4" "user" "x-system.automount" "x-system.idle-timeout=600" ]; 58 - }; 59 - "/srv/mentalout" = { 60 - device = "192.168.1.3:/srv/mentalout"; 61 - fsType = "nfs"; 62 - options = [ "nfsvers=4" "user" "x-system.automount" "x-system.idle-timeout=600" ]; 63 - }; 64 - }; 65 - }
+2
nvim/after/ftplugin/janet.lua
··· 1 + vim.o.tabstop = 2 2 + vim.o.shiftwidth = 2
+14 -3
nvim/init.lua
··· 7 7 -- Config for Nord, which I usually use 8 8 -- vim.g.nord_italic = false 9 9 -- vim.g.nord_bold = false 10 - -- vim.opt.background = "light" 11 - vim.opt.background = "dark" 12 - vim.cmd[[colorscheme nord]] 10 + local known_hosts = { 11 + ["aleister.packetlost.dev"] = "light", 12 + ["aleister.local"] = "light", 13 + ["accelerator"] = "light" 14 + } 15 + local background = known_hosts[vim.loop.os_gethostname()] 16 + if not background then 17 + background = "dark" 18 + end 19 + vim.opt.background = background 20 + --vim.opt.background = "dark" 13 21 14 22 -- Formatting and vim config 15 23 vim.opt.expandtab = true ··· 29 37 vim.opt.lcs = vim.opt.lcs + "space:·" 30 38 vim.opt.list = true 31 39 vim.opt.textwidth = 88 40 + vim.cmd [[ colorscheme alabaster ]] 32 41 33 42 -- Force OSC-52 34 43 vim.g.clipboard = { ··· 77 86 local keymap = vim.keymap.set 78 87 local noremap = { noremap = true } 79 88 local silentnoremap = { noremap = true, silent = true } 89 + --Toggle background 90 + keymap("n", "<leader>bg", function() if vim.o.background == "light" then vim.o.background = "dark" else vim.o.background = "light" end end, noremap) 80 91 -- Easier breaking from edit modes 81 92 keymap("n", ";;", "<Esc>", noremap) 82 93 keymap("v", ";;", "<Esc>", noremap)
+1 -1
nvim/lua/lsp/janet_lsp.lua
··· 2 2 cmd = { 3 3 "janet", 4 4 "-i", 5 - "/home/noah/repos/janet-lsp/jpm_tree/lib/janet-lsp.jimage", 5 + "/Users/noah/repos/janet-lsp/build/janet-lsp.jimage", 6 6 "--stdio", 7 7 } 8 8 }
+1
nvim/lua/lsp/pylsp.lua
··· 1 1 return { 2 2 -- cmd = {"/home/noah/.envs/nvim/bin/pylsp"}, 3 + cmd = "basedpyright", 3 4 root_markers = { "pants.toml", "pyproject.toml", "setup.py", "setup.cfg", "Pipfile" }, 4 5 }
+3 -4
nvim/lua/lsp.lua
··· 2 2 -- ######################## 3 3 -- #### Set up LSPs #### 4 4 -- ######################## 5 - require('lspconfig') 6 5 7 6 vim.lsp.config("*", { 8 7 capabilities = capabilities ··· 45 44 end, opts) 46 45 vim.keymap.set("n", "<space>D", vim.lsp.buf.type_definition, opts) 47 46 vim.keymap.set("n", "<space>rn", vim.lsp.buf.rename, opts) 48 - vim.keymap.set("n", "<space>ca", vim.lsp.buf.code_action, opts) 47 + vim.keymap.set("n", "<leader>ca", vim.lsp.buf.code_action, opts) 49 48 vim.keymap.set("n", "gr", vim.lsp.buf.references, opts) 50 49 vim.keymap.set("n", "<space>e", vim.diagnostic.open_float, opts) 51 - vim.keymap.set("n", "[d", vim.diagnostic.goto_prev, opts) 52 - vim.keymap.set("n", "]d", vim.diagnostic.goto_next, opts) 50 + vim.keymap.set("n", "[d", function () vim.diagnostic.jump {count = -1, float = true} end, opts) 51 + vim.keymap.set("n", "]d", function () vim.diagnostic.jump {count = 1, float = true} end, opts) 53 52 vim.keymap.set("n", "<space>q", vim.diagnostic.setloclist, opts) 54 53 vim.keymap.set("n", "<space>f", 55 54 function() vim.lsp.buf.format { async = true } end, opts)
+39 -24
nvim/lua/plugins.lua
··· 15 15 if lazy_bootstrap then print("Bootstrapped lazy.nvim") end 16 16 17 17 require("lazy").setup({ 18 - install = { colorscheme = { "nord" } }, 18 + install = { colorscheme = { "alabaster" } }, 19 19 checker = { enabled = false }, 20 20 spec = { 21 21 -- Color themes ··· 27 27 { "sontungexpt/witch", priority = 1000, lazy = true, config = true }, 28 28 { "rose-pine/neovim", priority = 1000, lazy = true }, 29 29 { "catppuccin/nvim", name = "catppuccin", priority = 1000, lazy = true }, 30 + { "p00f/alabaster.nvim", priority = 1000, lazy = true }, 30 31 { 31 32 "neanias/everforest-nvim", 32 33 version = false, ··· 85 86 }, -- nvim lsp plugins 86 87 { 87 88 "neovim/nvim-lspconfig", 89 + config = false 88 90 }, 89 91 -- LSP Goodness 90 92 { ··· 119 121 }, 120 122 }, -- Git stuff 121 123 -- GitGutter, shows inline difs 122 - "airblade/vim-gitgutter", 124 + --"airblade/vim-gitgutter", 123 125 { 124 126 "NeogitOrg/neogit", 125 127 dependencies = { ··· 275 277 { "rktjmp/hotpot.nvim", lazy = true, ft = "fennel", config = true }, 276 278 { "Olical/nfnl", lazy = true, ft = "fennel", config = true }, -- Rust stuff 277 279 { 278 - "simrat39/rust-tools.nvim", 279 - lazy = true, 280 - ft = { "rust" }, 281 - config = function() 282 - local rt = require("rust-tools") 283 - rt.setup({ 284 - server = { 285 - on_attach = function(_, bufnr) 286 - -- Hover actions 287 - vim.keymap.set("n", "<C-space>", 288 - rt.hover_actions.hover_actions, 289 - { buffer = bufnr }) 290 - -- Code action groups 291 - vim.keymap.set("n", "<Leader>a", 292 - rt.code_action_group.code_action_group, 293 - { buffer = bufnr }) 294 - end 295 - } 296 - }) 297 - end, 298 - dependencies = { "nvim-lua/plenary.nvim" } 280 + "mrcjkb/rustaceanvim", 281 + lazy = false, 282 + version = "^6" 299 283 }, 300 284 { "mfussenegger/nvim-dap", lazy = true, ft = { "c", "rust" } }, 301 285 { ··· 327 311 }, 328 312 { "imsnif/kdl.vim", lazy = true, ft = "kdl" }, 329 313 { "catgoose/nvim-colorizer.lua", lazy = true, ft = { "css", "html", "toml", "conf" } }, 330 - { "github/copilot.vim", lazy = true, cmd = { "Copilot" } } 314 + { "github/copilot.vim", lazy = true, cmd = { "Copilot" } }, 315 + { 316 + "cshuaimin/ssr.nvim", 317 + config = function() 318 + local ssr = require("ssr") 319 + ssr.setup { 320 + border = "rounded", 321 + min_width = 50, 322 + min_height = 5, 323 + max_width = 120, 324 + max_height = 25, 325 + adjust_window = true, 326 + keymaps = { 327 + close = "q", 328 + next_match = "n", 329 + prev_match = "N", 330 + replace_confirm = "<cr>", 331 + replace_all = "<leader><cr>", 332 + }, 333 + } 334 + vim.keymap.set({ "n", "x" }, "<leader>sr", function() ssr.open() end) 335 + end 336 + }, 337 + { "lewis6991/gitsigns.nvim", config = true }, 338 + { 339 + "greggh/claude-code.nvim", 340 + dependencies = { 341 + "nvim-lua/plenary.nvim" 342 + }, 343 + config = true 344 + } 345 + 331 346 } 332 347 })
-13
scripts/nd
··· 1 - #!/usr/bin/env rc 2 - 3 - flag e + 4 - flag x + 5 - 6 - flake=. 7 - 8 - if(~ $1 --flake) { 9 - flake=$2 10 - shift 2 11 - } 12 - 13 - exec nix develop -c $SHELL -- $*
+9 -2
scripts/nr
··· 1 1 #!/usr/bin/env rc 2 2 3 3 flag e + 4 - flag x + 4 + 5 + if(~ $1 -x) { 6 + flag x + 7 + shift 8 + } 9 + 10 + pkg=$1 11 + shift 5 12 6 - exec nix run 'nixpkgs#'^$* 13 + exec nix run 'nixpkgs#'^$pkg -- $*
+3
scripts/ocopy
··· 1 + #!/usr/bin/env sh 2 + 3 + printf "\033]52;c;%s\007" "$(base64 <&0)"
+1
secrets/cache-pub-key.pem
··· 1 + misaki.packetlost.dev:y5Z/utaVBozpL0UAbUQDWLjpm2sVMOoKzyG76n/167A=
+10
secrets/catgirl-libera.age
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 QBbeMw PrgR2RT7HMRapTw8QcRtBU1vfOdrvOdFR+dxlaTMSH4 3 + 2oG68+hYV5W90Beaqpi/VonPwXzB52NTwwJGKmV8YM0 4 + -> ssh-ed25519 Wv0Urw LvqWE5p2G3QnxbqOQMSd631mCqfhJvE9P/yRuwTTkFk 5 + 3jGowP4TKe3T92NXcZjmqU+QFGcyuT2+H3EU/nqTF8s 6 + -> ssh-ed25519 WVNCXA YGX6M8E4JGpJNeZIhiN/t+tx1NQNc+Ewy9HC2dxm3yY 7 + mhxXrgnbh4ng2tIeQrYfxlnlSCk/fTEBDDOg2MEVP2g 8 + --- JpMgqNty36r0OAyDTaLY8yiFHGXzQLm8gh6XXmJQ094 9 + E~�ƿ ׭ #2%%��`Ϳ�~��~�Si<�3� 10 + 7k��b�+OMr�3GxžhG�WY9.�xU1�Re�*%���v�!����������2�wJ_B�)�"��I� �k��[u�jvV5��8n�D��2���H�|
secrets/nix-serve-secret-key.age

This is a binary file and will not be displayed.

+13
secrets/noah-hashed-password.age
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 e6zq8g Y6AKrd+CWu2+QqPEslYof/XQTTSMf/WNlW9t8FagYgQ 3 + +hiVmTdBt2w/CUusGWOmHgPB3/A3NlcVJ6a4hieWKaE 4 + -> ssh-ed25519 FcROng uBO/aCTSS5JU9ZTkyRgFeYhmkcXdifUycQk8CEGADx0 5 + LZE8JNFrlOeySFamABnZuZHdXdLPYB8/X4gic3stCuw 6 + -> ssh-ed25519 OV+2QQ m13opn5yD0oMLSR8j1jiI9CkzwDSZI37UhJdLQ/KzjE 7 + 6arhn/OFKiGrFabcFCF/yTtTSQImORJX5Ohq50I3xpU 8 + -> ssh-ed25519 h/Fm0A HfM3i56ldP9EvwYTNorzdtkwn21zvFd6cEqUINsg8hg 9 + RJo7z0Nk179ZiazofToA+0KOD3CWfpzaFcZWrSeVsuo 10 + -> ssh-ed25519 Aoo1Gg DKY2avQ+UMyIytEefP6C3LTXTT7QaDBDguxu4G3j/iY 11 + EqCq0BeV+rToFnOCbD9ru9KroXxGcYKRnryKF7N8Uoo 12 + --- L0JkNEz2vJ0m7+8PQELugzzhQAKV/6z/JrU2qeTDPWI 13 + /g�DQ�ӳ`�����< �S��U���p}E+(��2H�'��͖�������Av6p.P#,����l �����@��7���|F�;;�Dޓ,�8@���E{
+9
secrets/porkbun-api-key.age
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 e6zq8g x6PGKDva9Uj/rVaeOiWSBKTgNsi6ZT1XtHdUEAPn7Wo 3 + hziH64vy2Dx0dMEEKphhw54hzyzhgAYONxaSqDgguP0 4 + -> ssh-ed25519 QBbeMw G775f6PEJrogzi+h0cDKhCmfZ4t8uaJSsGqSuLdwq1M 5 + TR9UfYVljeb+DtttBpMlinZjbPNKL7+omEasEo0nEjE 6 + -> ssh-ed25519 Wv0Urw jXwjCKuCW6z7ZGu0hp/igks4vgCcGGng0VGXeHakJRI 7 + b6fciWjygpGMI83E3C3JBjJZ7X5tDXRPRKgn1Uy/1P0 8 + --- X67NLqQNueHXFrw9Z2SBA880xnUEPLbKRjADgdiBfIs 9 + &u&6�=�ڌ5�!,B[��e������F�[��9�� "lU����<�9�D$m̆��6`JU �dB~S�A6D;s��љ: M��p g�Y��@pBj�6���f����p�;��{�H�y�2{�?���#Pl�D@#ye��3��jD��tץ����6���=�A�������lJڊQ'���..>�(񵑅|wn��Zf<= _
+29
secrets/secrets.nix
··· 1 + let 2 + noah = [ 3 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQFlX3hhXxsqAUYLvF+IX1YWQ+k22OHlqMOjgyNBe9e noah@misaki" 4 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/cXL1cV6QUW5z2bJp1mCu0CXrcc0Dntdxaeo3fg60N noah@odin" 5 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChbA8oSqYgmjIGYjlpAPLf+Nl6IlcSb2Zmh/Hl6xm88 noah@accelerator" 6 + ]; 7 + misaki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rcf4Lr+JPWGKQol6eAml6SMgERkGJWgN7y1qYUUvX root@nixos"; 8 + edge = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCmFKYXpQf1E8E7fj5s+3R33HPRjPhXrv++FCKYBCd4 root@nixos"; 9 + odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIuvOXEK7M2i/Q8FeableBS+L20zwQpLetOuFGUhba2 root@nixos"; 10 + touma-wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeyj52bQ/nf5k4HwDckeHy8wU3weDtY6IF6VlUJ/hAH root@nixos"; 11 + shizuri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMdVtl8UlDa9kI/PO62Glu/PeJXfgXNsVg92b+BibE root@nixos"; 12 + hosts = [ 13 + misaki 14 + edge 15 + odin 16 + touma-wsl 17 + shizuri 18 + ]; 19 + in 20 + { 21 + "porkbun-api-key.age".publicKeys = [ misaki ] ++ noah; 22 + "noah-hashed-password.age".publicKeys = hosts; 23 + "nix-serve-secret-key.age".publicKeys = [ 24 + misaki 25 + noah 26 + ]; 27 + "validator-identity.age".publicKeys = [ edge ]; 28 + "catgirl-libera.age".publicKeys = noah; 29 + }
secrets/validator-identity.age

This is a binary file and will not be displayed.

+38
services.nix
··· 1 + { enableNFTables, lib, ... }: 2 + { 3 + 4 + # Some programs need SUID wrappers, can be configured further or are 5 + # started in user sessions. 6 + programs.mtr.enable = true; 7 + 8 + # Fish shell, the best 9 + programs.fish.enable = true; 10 + 11 + # Tailscale 12 + services.tailscale = { 13 + enable = true; 14 + openFirewall = true; 15 + }; 16 + # Don't wait for networks on boot, should speed up boot 17 + systemd.network.wait-online.enable = false; 18 + boot.initrd.systemd.network.wait-online.enable = false; 19 + networking.firewall.trustedInterfaces = [ "tailscale0" ]; 20 + 21 + # Enable the OpenSSH daemon. 22 + services.openssh = { 23 + enable = true; 24 + openFirewall = true; 25 + settings.PasswordAuthentication = false; 26 + }; 27 + 28 + # MOSH, SSH over flakey connections 29 + programs.mosh.enable = true; 30 + } 31 + // lib.optionalAttrs enableNFTables { 32 + # Use nftables 33 + networking.nftables.enable = true; 34 + # Support native nftables in tailscale 35 + systemd.services.tailscaled.serviceConfig.Environment = [ 36 + "TS_DEBUG_FIREWALL_MODE=nftables" 37 + ]; 38 + }
+2
shell.nix
··· 1 + { pkgs ? import <nixos-unstable> { } }: 2 + pkgs.mkShell { packages = with pkgs; [ nil lua-language-server ]; }
+48 -29
ssh/extra
··· 1 + AddKeysToAgent yes 1 2 ServerAliveInterval 60 3 + ForwardAgent yes 2 4 ControlMaster auto 3 5 ControlPath ~/.ssh/master-%r@%h:%p 4 - UseKeychain yes 5 - 6 - Host 192.168.1.* 7 - ForwardAgent yes 8 - 9 - Host *.local 10 - ForwardAgent yes 11 6 12 7 Host home 13 - Hostname nats.packetlost.dev 8 + Hostname packetlostandfound.us 14 9 User noah 15 10 IdentityFile ~/.ssh/id_ed25519 16 11 IdentitiesOnly yes 17 - ForwardAgent yes 18 12 19 13 Host git.sr.ht 20 14 HostName git.sr.ht ··· 32 26 IdentityFile ~/.ssh/id_ed25519 33 27 ForwardAgent yes 34 28 29 + Host aleister 30 + HostName 192.168.1.16 31 + User noah 32 + IdentityFile ~/.ssh/id_ed25519 33 + ForwardAgent yes 34 + 35 35 Host komoe 36 36 HostName 192.168.1.5 37 37 User noah 38 38 IdentityFile ~/.ssh/id_ed25519 39 39 ForwardAgent yes 40 40 41 + Host othinus 42 + HostName 192.168.1.4 43 + User noah 44 + IdentityFile ~/.ssh/id_ed25519 45 + ForwardAgent yes 46 + 47 + Host odin 48 + HostName 192.168.1.6 49 + User noah 50 + IdentityFile ~/.ssh/id_ed25519 51 + ForwardAgent yes 52 + 53 + Host accelerator 54 + HostName 192.168.1.7 55 + User noah 56 + IdentityFile ~/.ssh/id_ed25519 57 + ForwardAgent yes 58 + 59 + Host shizuri 60 + HostName 192.168.1.15 61 + User noah 62 + IdentityFile ~/.ssh/id_ed25519 63 + ForwardAgent yes 64 + ForwardX11 yes 65 + 41 66 Host sdf 42 67 HostName tty.sdf.org 43 68 User ngp 44 69 IdentityFile ~/.ssh/id_ed25519 45 - ForwardAgent yes 46 70 47 71 Host tildeclub 48 72 HostName tilde.club 49 73 User ngp 50 74 IdentityFile ~/.ssh/id_ed25519 51 - ForwardAgent yes 52 75 53 76 Host envs 54 77 HostName envs.net 55 78 User ngp 56 79 IdentityFile ~/.ssh/id_ed25519 57 - ForwardAgent yes 58 80 59 81 Host tildeteam 60 82 HostName tilde.team 61 83 User ngp 62 84 IdentityFile ~/.ssh/id_ed25519 63 - ForwardAgent yes 64 85 65 86 Host ctrl-c 66 87 HostName ctrl-c.club 67 88 User ngp 68 89 IdentityFile ~/.ssh/id_ed25519 69 - ForwardAgent yes 70 90 71 91 Host tildetown 72 92 HostName tilde.town 73 93 User ngp 74 94 IdentityFile ~/.ssh/id_ed25519 75 - ForwardAgent yes 76 95 77 96 Host yourtilde 78 97 HostName yourtilde.com 79 98 User ngp 80 99 IdentityFile ~/.ssh/id_ed25519 81 - ForwardAgent yes 82 100 83 101 Host hashbang 84 - HostName to1.hashbang.sh 85 - IdentitiesOnly yes 86 - User ngp 87 - IdentityFile ~/.ssh/id_ed25519 88 - ForwardAgent yes 102 + HostName to1.hashbang.sh 103 + IdentitiesOnly yes 104 + User ngp 105 + IdentityFile ~/.ssh/id_ed25519 89 106 90 107 Host tiny 91 108 HostName tiny.packetlost.dev 92 109 User noah 93 110 IdentityFile ~/.ssh/id_ed25519 94 - ForwardAgent yes 111 + 112 + Host tinybsd 113 + HostName tinybsd.packetlost.dev 114 + User noah 115 + IdentityFile ~/.ssh/id_ed25519 95 116 96 117 Host seedbox 97 118 HostName canopus.usbx.me 98 119 User ngp 99 120 IdentityFile ~/.ssh/id_ed25519 100 - ForwardAgent no 121 + 122 + Host saten 123 + HostName saten.packetlost.dev 124 + User noah 125 + IdentityFile ~/.ssh/id_ed25519 101 126 102 127 Host launchpad 103 128 HostName git.launchpad.net 104 129 User pedersonnoah 105 130 IdentityFile ~/.ssh/id_ed25519 106 - 107 - Host aleister-tailnet 108 - HostName 100.114.244.110 109 - User noah 110 - IdentityFile ~/.ssh/id_ed25519 111 - ForwardAgent yes
+4 -6
sway/config
··· 14 14 set $right l 15 15 16 16 # Your preferred terminal emulator 17 - set $term ghostty 17 + set $term kitty 18 18 # Your preferred application launcher 19 19 # Note: it's recommended that you pass the final command to sway 20 20 #set $menu dmenu_path | dmenu | xargs swaymsg exec -- 21 21 22 - #set $menu exec kitty --class 'launcher' sh -c 'compgen -c | sort -u | fzf | xargs -r swaymsg -t command exec' 23 - #for_window [app_id="^launcher$"] floating enable, border none, resize set width 25 ppt height 100 ppt, move position 0 px 0 px 24 - 25 - set $menu exec fuzzel 22 + set $menu exec kitty --class 'launcher' sh -c 'compgen -c | sort -u | fzf | xargs -r swaymsg -t command exec' 23 + for_window [app_id="^launcher$"] floating enable, border none, resize set width 25 ppt height 100 ppt, move position 0 px 0 px 26 24 27 25 # Lockscreen 28 26 set $lock swaylock -c 892243 -e ··· 45 43 ### Idle configuration 46 44 set $idle swayidle -w \ 47 45 timeout 300 '$lock' \ 48 - timeout 360 'swaymsg "output * dpms off"' \ 46 + timeout 600 'swaymsg "output * dpms off"' \ 49 47 timeout 15 'if pgrep -x swaylock; then swaymsg "output * dpms off"; fi' \ 50 48 resume 'swaymsg "output * dpms on"' \ 51 49 before-sleep '$lock'
+2 -2
sway/odin
··· 2 2 #workspace $ws1 output DP-6 3 3 #workspace $ws2 output HDMI-A-1 4 4 5 - output "Acer Technologies XV272U 0x8520810C" { 5 + output "Acer Technologies XV272U 0x0000A50C" { 6 6 mode 2560x1440@143.999Hz 7 7 pos 440 0 8 8 transform normal ··· 17 17 transform normal 18 18 scale 1.0 19 19 scale_filter nearest 20 - adaptive_sync off 20 + adaptive_sync on 21 21 dpms on 22 22 }
+45
users.nix
··· 1 + { 2 + pkgs, 3 + lib, 4 + config, 5 + extraGroups ? [ ], 6 + ... 7 + }: 8 + { 9 + 10 + # Declarative only optoins. 11 + # I don't want to allow ad-hoc modifying users on the system. 12 + # Users must be declared either as part of a package or in this file. 13 + users.mutableUsers = false; 14 + 15 + age.secrets.noah-password = { 16 + file = ./secrets/noah-hashed-password.age; 17 + owner = "root"; 18 + group = "root"; 19 + }; 20 + 21 + # Define a user account. Don't forget to set a password with ‘passwd’. 22 + users.users.noah = { 23 + isNormalUser = true; 24 + shell = pkgs.fish; 25 + extraGroups = [ 26 + "wheel" 27 + "video" 28 + "nas" 29 + ] 30 + ++ extraGroups; # Enable ‘sudo’ for the user. 31 + hashedPasswordFile = config.age.secrets.noah-password.path; 32 + openssh.authorizedKeys.keys = lib.strings.splitString "\n" ( 33 + builtins.readFile ( 34 + builtins.fetchurl { 35 + url = "https://meta.sr.ht/~chiefnoah.keys"; 36 + name = "chiefnoah.keys"; 37 + # Update this with: 38 + # `curl https://meta.sr.ht/~chiefnoah.keys | sha256sum` 39 + sha256 = "0wdnx25blqihbgaa0hzd39mjqwki92ambar097hjfmlrxg1s4lk7"; 40 + } 41 + ) 42 + ); 43 + }; 44 + users.groups.nas.gid = 1001; 45 + }
+42 -28
vis/visrc.lua
··· 1 1 require('vis') 2 - 3 - local plug = require('plugins/vis-plug') 4 - 2 + local plugin_manager = 'plugins/vis-plug' 5 3 local plugins = { 6 - { 'timoha/vis-acme', theme = true, file = 'acme' }, 4 + --{ 'timoha/vis-acme', theme = true, file = 'acme' }, 7 5 { 'milhnl/vis-format' }, 8 6 { url = 'https://git.cepl.eu/cgit/vis/vis-fzf-open' }, 9 7 { url = 'https://gitlab.com/muhq/vis-lspc.git' }, 10 8 { url = 'https://repo.or.cz/vis-parkour.git', alias = 'vis-parkour' } 11 9 } 12 10 11 + function setup_plug() 12 + if not pcall(require, 'plugins/vis-plug') then 13 + os.execute('git clone --quiet https://github.com/erf/vis-plug ' .. 14 + (os.getenv('XDG_CONFIG_HOME') or os.getenv('HOME') .. '/.config') 15 + .. '/vis/plugins/vis-plug') 16 + end 17 + return require('plugins/vis-plug') 18 + end 19 + local plug = setup_plug() 20 + 13 21 plug.init(plugins, true) 14 22 15 - 16 - 17 - 18 - 23 + function configure_plugin(name, config) 24 + if vis:module_exist(name) then 25 + local module = require(name) 26 + config(module) 27 + end 28 + end 19 29 20 30 vis.events.subscribe(vis.events.INIT, function() 21 - local format = require('plugins/vis-format') 22 - vis:map(vis.modes.NORMAL, '<C-p>', ':fzf<Enter>') 23 - vis:map(vis.modes.NORMAL, '=', format.apply) 24 - local lspc = require('plugins/vis-lspc') 25 - if next(lspc) then 26 - lspc.logging = true 27 - lspc.log_file = "/tmp/lspc.log" 31 + configure_plugin('plugins/vis-format', function(format) 32 + vis:map(vis.modes.NORMAL, '<C-p>', ':fzf<Enter>') 33 + vis:map(vis.modes.NORMAL, '=', format.apply) 34 + end) 35 + configure_plugin('plugins/vis-lspc', function(lspc) 36 + if next(lspc) then 37 + lspc.logging = true 38 + lspc.log_file = "/tmp/lspc.log" 28 39 29 - lspc.ls_map.rust = { 30 - name = "rust", 31 - cmd = "rust-analyzer", 32 - formatting_options = {tabSize = 4, insertSpaces = true} 33 - } 34 - end 40 + lspc.ls_map.rust = { 41 + name = "rust", 42 + cmd = "rust-analyzer", 43 + formatting_options = {tabSize = 4, insertSpaces = true} 44 + } 45 + lspc.ls_map.lua = { 46 + name = "lua", 47 + cmd = "lua-language-server", 48 + formatting_options = { insertSpaces = false } 49 + } 50 + end 51 + end) 35 52 end) 36 53 37 54 38 - vis.events.subscribe(vis.events.WIN_OPEN, function(win) 55 + vis.events.subscribe(vis.events.WIN_OPEN, function() 39 56 --per-window configuration-- 40 57 --vis:command('set number') 41 - vis:command('set showtab on') 42 - vis:command('set showspace on') 58 + --vis:command('set showtab on') 59 + --vis:command('set showspace off') 43 60 vis:command('set autoindent on') 44 61 vis:command('set cursorline on') 45 62 vis:command('set tabwidth 4') 46 63 end) 47 - 48 - 49 - 50 - 64 + return nil