ngp.computer / nixos
Configuration for my NixOS based systems and Home Manager
fork atom

Compare changes

Choose any two refs to compare.

+3721 -418
unified split
+31
common.nix
··· 1 + { ... }: 2 + { 3 + # Set your time zone. 4 + time.timeZone = "America/Chicago"; 5 + 6 + # Select internationalisation properties. 7 + i18n.defaultLocale = "en_US.UTF-8"; 8 + # console = { 9 + # font = "Lat2-Terminus16"; 10 + # keyMap = "us"; 11 + # useXkbConfig = true; # use xkb.options in tty. 12 + # }; 13 + 14 + # Automatic doc cache generation 15 + documentation.man.generateCaches = true; 16 + 17 + # Automatic system upgrades 18 + system.autoUpgrade = { 19 + enable = true; 20 + dates = "09:00"; 21 + randomizedDelaySec = "45min"; 22 + }; 23 + 24 + # Automatic Garbage Collection 25 + nix.gc.automatic = true; 26 + nix.gc.options = "--delete-older-than 8d"; 27 + nix.settings.trusted-users = [ "@wheel" ]; 28 + 29 + # I don't care that much about free vs unfree 30 + nixpkgs.config.allowUnfree = true; 31 + }
-60
configuration.nix
··· 1 - # Edit this configuration file to define what should be installed on 2 - # your system. Help is available in the configuration.nix(5) man page, on 3 - # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 - 5 - # NixOS-WSL specific options are documented on the NixOS-WSL repository: 6 - # https://github.com/nix-community/NixOS-WSL 7 - 8 - { ... }: { 9 - imports = [ 10 - # WSL has no hardware configuration 11 - #./hardware-configuration.nix 12 - #./boot.nix 13 - ./networking.nix 14 - #./gui.nix 15 - ./users.nix 16 - ./packages.nix 17 - ./services.nix 18 - # include NixOS-WSL modules 19 - <nixos-wsl/modules> 20 - ]; 21 - wsl = { 22 - enable = true; 23 - defaultUser = "noah"; 24 - wslConf.network.hostname = "touma-wsl-nixos"; 25 - }; 26 - 27 - # Set your time zone. 28 - time.timeZone = "America/Chicago"; 29 - 30 - # Select internationalisation properties. 31 - i18n.defaultLocale = "en_US.UTF-8"; 32 - # console = { 33 - # font = "Lat2-Terminus16"; 34 - # keyMap = "us"; 35 - # useXkbConfig = true; # use xkb.options in tty. 36 - # }; 37 - 38 - # Copy the NixOS configuration file and link it from the resulting system 39 - # (/run/current-system/configuration.nix). This is useful in case you 40 - # accidentally delete configuration.nix. 41 - system.copySystemConfiguration = true; 42 - 43 - # Automatic doc cache generation 44 - documentation.man.generateCaches = true; 45 - 46 - # Automatic system upgrades 47 - system.autoUpgrade = { 48 - enable = true; 49 - dates = "09:00"; 50 - randomizedDelaySec = "45min"; 51 - }; 52 - 53 - # This value determines the NixOS release from which the default 54 - # settings for stateful data, like file locations and database versions 55 - # on your system were taken. It's perfectly fine and recommended to leave 56 - # this value at the release version of the first install of this system. 57 - # Before changing this value read the documentation for this option 58 - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). 59 - system.stateVersion = "23.11"; # Did you read the comment? 60 - }
+254
default-home.nix
··· 1 + { 2 + pkgs, 3 + unstable, 4 + inputs, 5 + config, 6 + ... 7 + }: 8 + { 9 + imports = [ 10 + inputs.agenix.homeManagerModules.default 11 + ]; 12 + home.username = "noah"; 13 + home.homeDirectory = "/home/noah"; 14 + 15 + age.identityPaths = [ 16 + "${config.home.homeDirectory}/.ssh/id_rsa" 17 + "${config.home.homeDirectory}/.ssh/id_ed25519" 18 + "${config.home.homeDirectory}/.ssh/id_ed25519_age" 19 + ]; 20 + 21 + home.packages = with pkgs; [ 22 + inputs.agenix.packages."${system}".agenix 23 + # main tool 24 + direnv 25 + tree 26 + btop 27 + htop 28 + rsync 29 + unzip 30 + fd 31 + ripgrep 32 + catgirl 33 + netcat 34 + stunnel 35 + fzf 36 + iperf3 37 + entr 38 + lf 39 + #devenv # broken 40 + plan9port 41 + pwgen 42 + metastore 43 + isync 44 + pass 45 + tmux 46 + age 47 + 48 + # Dev tools 49 + gcc 50 + go 51 + unstable.gopls 52 + gnumake 53 + babashka 54 + # Babashka common aliases 55 + neil 56 + ccls 57 + clojure 58 + unstable.clj-kondo 59 + unstable.clojure-lsp 60 + unstable.janet 61 + unstable.jpm 62 + graalvmPackages.graalvm-ce 63 + cmake 64 + universal-ctags 65 + kotlin 66 + nodejs 67 + node2nix 68 + opam 69 + rustup 70 + zig 71 + scala_3 72 + scalafmt 73 + # scala LSP 74 + unstable.metals 75 + # Scala / Java build tool 76 + sbt 77 + luarocks 78 + luajit 79 + lua-language-server 80 + leiningen 81 + libressl 82 + erlang 83 + elixir 84 + ghc 85 + nil 86 + python3 87 + typescript 88 + #vscode-langservers-extracted 89 + scdoc 90 + #dockerfile-language-server-nodejs 91 + #yaml-language-server 92 + mkcert 93 + natscli 94 + poetry 95 + sqlite 96 + pandoc 97 + unstable.harec 98 + unstable.hare 99 + unstable.haredo 100 + unstable.haredoc 101 + unstable.gleam 102 + unstable.rebar3 103 + unstable.bun 104 + unstable.gh 105 + unstable.kraft 106 + #unstable.claude-code 107 + 108 + # Python dev tools 109 + pyright 110 + python313Packages.python-lsp-server 111 + python313Packages.python-lsp-ruff 112 + 113 + # Certificate Management 114 + minica 115 + mkcert 116 + step-cli 117 + 118 + ]; 119 + 120 + nix = { 121 + #package = pkgs.nix; 122 + settings = { 123 + experimental-features = [ 124 + "nix-command" 125 + "flakes" 126 + ]; 127 + extra-trusted-users = [ 128 + "noah" 129 + ]; 130 + extra-substituters = [ 131 + "https://cache.ngp.computer" 132 + ]; 133 + extra-trusted-public-keys = [ 134 + "misaki.packetlost.dev:y5Z/utaVBozpL0UAbUQDWLjpm2sVMOoKzyG76n/167A=" 135 + ]; 136 + }; 137 + }; 138 + 139 + programs.fish = { 140 + enable = true; 141 + #package = unstable.fish; 142 + }; 143 + programs.neovim = { 144 + #package = unstable.neovim-unwrapped; 145 + enable = true; 146 + defaultEditor = true; 147 + withNodeJs = true; 148 + withPython3 = true; 149 + extraPackages = with pkgs; [ 150 + unstable.fzf 151 + unstable.ripgrep 152 + luarocks 153 + unstable.tree-sitter 154 + ]; 155 + }; 156 + programs.home-manager.enable = true; 157 + programs.helix.enable = true; 158 + programs.jujutsu = { 159 + enable = true; 160 + }; 161 + programs.git = { 162 + enable = true; 163 + lfs.enable = true; 164 + settings.user.name = "Noah Pederson"; 165 + settings.user.email = "noah@packetlost.dev"; 166 + extraConfig = { 167 + sendemail = { 168 + smtpserver = "smtp.migadu.com"; 169 + smtpuser = "noah@packetlost.dev"; 170 + smptencryption = "tls"; 171 + smtpserverport = 587; 172 + }; 173 + init = { 174 + defaultBranch = "master"; 175 + }; 176 + pull = { 177 + rebase = true; 178 + }; 179 + credential = { 180 + helper = "cache"; 181 + }; 182 + rerere.enable = true; 183 + }; 184 + ignores = [ 185 + ".direnv/" 186 + ".envrc" 187 + "flake.nix" 188 + "shell.nix" 189 + ".env/" 190 + ".clj-kondo/" 191 + ]; 192 + }; 193 + programs.aerc = { 194 + enable = true; 195 + package = unstable.aerc; 196 + }; 197 + programs.ssh = { 198 + enable = true; 199 + matchBlocks."*".addKeysToAgent = "yes"; 200 + }; 201 + 202 + services.ssh-agent.enable = true; 203 + services.mako.enable = false; 204 + 205 + programs.ssh.extraConfig = builtins.readFile ./ssh/extra; 206 + services.gpg-agent = { 207 + enable = true; 208 + defaultCacheTtl = 1800; 209 + }; 210 + 211 + programs.direnv = { 212 + enable = true; 213 + nix-direnv.enable = true; 214 + }; 215 + 216 + xdg.enable = true; 217 + 218 + # Independent config files. 219 + xdg.configFile.nvim = { 220 + source = ./nvim; 221 + recursive = true; 222 + }; 223 + 224 + xdg.configFile.vis = { 225 + source = ./vis; 226 + recursive = true; 227 + }; 228 + 229 + xdg.configFile.fish = { 230 + source = ./fish; 231 + recursive = true; 232 + force = true; 233 + }; 234 + 235 + xdg.configFile.aerc = { 236 + source = ./aerc; 237 + recursive = true; 238 + }; 239 + 240 + home.file.".local/bin" = { 241 + source = ./scripts; 242 + recursive = true; 243 + }; 244 + age.secrets.catgirl-libera = { 245 + file = ./secrets/catgirl-libera.age; 246 + path = "${config.xdg.configHome}/catgirl/libera"; 247 + symlink = true; 248 + }; 249 + 250 + manual.manpages.enable = true; 251 + 252 + home.stateVersion = "23.11"; 253 + 254 + }
+322 -25
flake.lock
··· 1 1 { 2 2 "nodes": { 3 + "agenix": { 4 + "inputs": { 5 + "darwin": "darwin", 6 + "home-manager": "home-manager", 7 + "nixpkgs": [ 8 + "nixpkgs" 9 + ], 10 + "systems": "systems" 11 + }, 12 + "locked": { 13 + "lastModified": 1762618334, 14 + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", 15 + "owner": "ryantm", 16 + "repo": "agenix", 17 + "rev": "fcdea223397448d35d9b31f798479227e80183f6", 18 + "type": "github" 19 + }, 20 + "original": { 21 + "owner": "ryantm", 22 + "repo": "agenix", 23 + "type": "github" 24 + } 25 + }, 26 + "darwin": { 27 + "inputs": { 28 + "nixpkgs": [ 29 + "agenix", 30 + "nixpkgs" 31 + ] 32 + }, 33 + "locked": { 34 + "lastModified": 1744478979, 35 + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", 36 + "owner": "lnl7", 37 + "repo": "nix-darwin", 38 + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", 39 + "type": "github" 40 + }, 41 + "original": { 42 + "owner": "lnl7", 43 + "ref": "master", 44 + "repo": "nix-darwin", 45 + "type": "github" 46 + } 47 + }, 48 + "determinate-nixd-aarch64-darwin": { 49 + "flake": false, 50 + "locked": { 51 + "narHash": "sha256-zK2dgNHh/p92rk5jN+Y1LOMn0HEdTsS+7XXwb2g52oM=", 52 + "type": "file", 53 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS" 54 + }, 55 + "original": { 56 + "type": "file", 57 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS" 58 + } 59 + }, 60 + "determinate-nixd-aarch64-linux": { 61 + "flake": false, 62 + "locked": { 63 + "narHash": "sha256-ckvZP0zFcbzLXWYOJUqYXkKBt0b2IZcQEr7YjEVtwOI=", 64 + "type": "file", 65 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux" 66 + }, 67 + "original": { 68 + "type": "file", 69 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux" 70 + } 71 + }, 72 + "determinate-nixd-x86_64-linux": { 73 + "flake": false, 74 + "locked": { 75 + "narHash": "sha256-8dLtm8FJrpyBmrNpspJj30/6I5HGEfjjXuFqURcZ8pk=", 76 + "type": "file", 77 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux" 78 + }, 79 + "original": { 80 + "type": "file", 81 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux" 82 + } 83 + }, 84 + "determinite": { 85 + "inputs": { 86 + "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", 87 + "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", 88 + "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", 89 + "nix": "nix", 90 + "nixpkgs": [ 91 + "nixpkgs" 92 + ] 93 + }, 94 + "locked": { 95 + "lastModified": 1768964099, 96 + "narHash": "sha256-sV1OJYyktJRl7I3HxeBvWTWXjqm2uCTS3gS1p+DLn7c=", 97 + "rev": "a5469e9aa3870941320cb92d899b66e141c5a3cd", 98 + "revCount": 394, 99 + "type": "tarball", 100 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.2/019bde7d-0725-73ef-9705-498c50ef6e00/source.tar.gz" 101 + }, 102 + "original": { 103 + "type": "tarball", 104 + "url": "https://flakehub.com/f/DeterminateSystems/determinate/3" 105 + } 106 + }, 3 107 "flake-compat": { 4 108 "flake": false, 5 109 "locked": { ··· 16 120 "type": "github" 17 121 } 18 122 }, 123 + "flake-compat_2": { 124 + "flake": false, 125 + "locked": { 126 + "lastModified": 1767039857, 127 + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 128 + "owner": "edolstra", 129 + "repo": "flake-compat", 130 + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 131 + "type": "github" 132 + }, 133 + "original": { 134 + "owner": "edolstra", 135 + "repo": "flake-compat", 136 + "type": "github" 137 + } 138 + }, 139 + "flake-compat_3": { 140 + "flake": false, 141 + "locked": { 142 + "lastModified": 1767039857, 143 + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 144 + "owner": "NixOS", 145 + "repo": "flake-compat", 146 + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 147 + "type": "github" 148 + }, 149 + "original": { 150 + "owner": "NixOS", 151 + "repo": "flake-compat", 152 + "type": "github" 153 + } 154 + }, 155 + "flake-parts": { 156 + "inputs": { 157 + "nixpkgs-lib": [ 158 + "determinite", 159 + "nix", 160 + "nixpkgs" 161 + ] 162 + }, 163 + "locked": { 164 + "lastModified": 1748821116, 165 + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", 166 + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", 167 + "revCount": 377, 168 + "type": "tarball", 169 + "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz" 170 + }, 171 + "original": { 172 + "type": "tarball", 173 + "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" 174 + } 175 + }, 176 + "git-hooks-nix": { 177 + "inputs": { 178 + "flake-compat": "flake-compat", 179 + "gitignore": [ 180 + "determinite", 181 + "nix" 182 + ], 183 + "nixpkgs": [ 184 + "determinite", 185 + "nix", 186 + "nixpkgs" 187 + ] 188 + }, 189 + "locked": { 190 + "lastModified": 1747372754, 191 + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", 192 + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", 193 + "revCount": 1026, 194 + "type": "tarball", 195 + "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" 196 + }, 197 + "original": { 198 + "type": "tarball", 199 + "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" 200 + } 201 + }, 19 202 "gitignore": { 20 203 "inputs": { 21 204 "nixpkgs": [ ··· 40 223 "home-manager": { 41 224 "inputs": { 42 225 "nixpkgs": [ 226 + "agenix", 43 227 "nixpkgs" 44 228 ] 45 229 }, 46 230 "locked": { 47 - "lastModified": 1764776959, 48 - "narHash": "sha256-d+5CGloq7Lo1u2SkzhF8oiOdUc6Z5emh22nTXUB9CFA=", 231 + "lastModified": 1745494811, 232 + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", 49 233 "owner": "nix-community", 50 234 "repo": "home-manager", 51 - "rev": "e1680d594a9281651cbf7d126941a8c8e2396183", 235 + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", 236 + "type": "github" 237 + }, 238 + "original": { 239 + "owner": "nix-community", 240 + "repo": "home-manager", 241 + "type": "github" 242 + } 243 + }, 244 + "home-manager_2": { 245 + "inputs": { 246 + "nixpkgs": [ 247 + "nixpkgs" 248 + ] 249 + }, 250 + "locked": { 251 + "lastModified": 1768949235, 252 + "narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=", 253 + "owner": "nix-community", 254 + "repo": "home-manager", 255 + "rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5", 52 256 "type": "github" 53 257 }, 54 258 "original": { ··· 58 262 "type": "github" 59 263 } 60 264 }, 265 + "nix": { 266 + "inputs": { 267 + "flake-parts": "flake-parts", 268 + "git-hooks-nix": "git-hooks-nix", 269 + "nixpkgs": "nixpkgs", 270 + "nixpkgs-23-11": "nixpkgs-23-11", 271 + "nixpkgs-regression": "nixpkgs-regression" 272 + }, 273 + "locked": { 274 + "lastModified": 1768960381, 275 + "narHash": "sha256-32oMe1y+kwvIJNiJsIvozTuSmDxcwST06i+0ak+L4AU=", 276 + "rev": "45ce621408cb8c9a724193d5fe858eb839662db8", 277 + "revCount": 24453, 278 + "type": "tarball", 279 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.2/019bde75-b4ee-74b2-a812-28dc2ee83d58/source.tar.gz" 280 + }, 281 + "original": { 282 + "type": "tarball", 283 + "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" 284 + } 285 + }, 286 + "nixos-wsl": { 287 + "inputs": { 288 + "flake-compat": "flake-compat_2", 289 + "nixpkgs": [ 290 + "nixpkgs" 291 + ] 292 + }, 293 + "locked": { 294 + "lastModified": 1769217863, 295 + "narHash": "sha256-RY9kJDXD6+2Td/59LkZ0PFSereCXHdBX9wIkbYjRKCY=", 296 + "owner": "nix-community", 297 + "repo": "NixOS-WSL", 298 + "rev": "38a5250e57f583662eac3b944830e4b9e169e965", 299 + "type": "github" 300 + }, 301 + "original": { 302 + "owner": "nix-community", 303 + "ref": "main", 304 + "repo": "NixOS-WSL", 305 + "type": "github" 306 + } 307 + }, 61 308 "nixpkgs": { 62 309 "locked": { 63 - "lastModified": 1764522689, 64 - "narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=", 65 - "owner": "nixos", 310 + "lastModified": 1761597516, 311 + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", 312 + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", 313 + "revCount": 811874, 314 + "type": "tarball", 315 + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" 316 + }, 317 + "original": { 318 + "type": "tarball", 319 + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" 320 + } 321 + }, 322 + "nixpkgs-23-11": { 323 + "locked": { 324 + "lastModified": 1717159533, 325 + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", 326 + "owner": "NixOS", 327 + "repo": "nixpkgs", 328 + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", 329 + "type": "github" 330 + }, 331 + "original": { 332 + "owner": "NixOS", 333 + "repo": "nixpkgs", 334 + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", 335 + "type": "github" 336 + } 337 + }, 338 + "nixpkgs-regression": { 339 + "locked": { 340 + "lastModified": 1643052045, 341 + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", 342 + "owner": "NixOS", 66 343 "repo": "nixpkgs", 67 - "rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f", 344 + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", 68 345 "type": "github" 69 346 }, 70 347 "original": { 71 - "owner": "nixos", 72 - "ref": "nixos-25.11", 348 + "owner": "NixOS", 73 349 "repo": "nixpkgs", 350 + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", 74 351 "type": "github" 75 352 } 76 353 }, 77 354 "nixpkgs-unstable": { 78 355 "locked": { 79 - "lastModified": 1744463964, 80 - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", 356 + "lastModified": 1769018530, 357 + "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=", 81 358 "owner": "nixos", 82 359 "repo": "nixpkgs", 83 - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", 360 + "rev": "88d3861acdd3d2f0e361767018218e51810df8a1", 84 361 "type": "github" 85 362 }, 86 363 "original": { ··· 92 369 }, 93 370 "nixpkgs_2": { 94 371 "locked": { 95 - "lastModified": 1730768919, 96 - "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", 97 - "owner": "NixOS", 372 + "lastModified": 1769089682, 373 + "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=", 374 + "owner": "nixos", 98 375 "repo": "nixpkgs", 99 - "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", 376 + "rev": "078d69f03934859a181e81ba987c2bb033eebfc5", 100 377 "type": "github" 101 378 }, 102 379 "original": { 103 - "owner": "NixOS", 104 - "ref": "nixpkgs-unstable", 380 + "owner": "nixos", 381 + "ref": "nixos-25.11", 105 382 "repo": "nixpkgs", 106 383 "type": "github" 107 384 } 108 385 }, 109 386 "pre-commit-hooks": { 110 387 "inputs": { 111 - "flake-compat": "flake-compat", 388 + "flake-compat": "flake-compat_3", 112 389 "gitignore": "gitignore", 113 - "nixpkgs": "nixpkgs_2" 390 + "nixpkgs": [ 391 + "nixpkgs" 392 + ] 114 393 }, 115 394 "locked": { 116 - "lastModified": 1742649964, 117 - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", 395 + "lastModified": 1769069492, 396 + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", 118 397 "owner": "cachix", 119 398 "repo": "git-hooks.nix", 120 - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", 399 + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", 121 400 "type": "github" 122 401 }, 123 402 "original": { ··· 128 407 }, 129 408 "root": { 130 409 "inputs": { 131 - "home-manager": "home-manager", 132 - "nixpkgs": "nixpkgs", 410 + "agenix": "agenix", 411 + "determinite": "determinite", 412 + "home-manager": "home-manager_2", 413 + "nixos-wsl": "nixos-wsl", 414 + "nixpkgs": "nixpkgs_2", 133 415 "nixpkgs-unstable": "nixpkgs-unstable", 134 416 "pre-commit-hooks": "pre-commit-hooks" 417 + } 418 + }, 419 + "systems": { 420 + "locked": { 421 + "lastModified": 1681028828, 422 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 423 + "owner": "nix-systems", 424 + "repo": "default", 425 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 426 + "type": "github" 427 + }, 428 + "original": { 429 + "owner": "nix-systems", 430 + "repo": "default", 431 + "type": "github" 135 432 } 136 433 } 137 434 },
+192 -15
flake.nix
··· 1 1 { 2 - description = "Home Manager configuration of noah"; 2 + description = "Home Manager configuration for noah"; 3 3 4 4 inputs = { 5 5 # Specify the source of Home Manager and Nixpkgs. 6 6 nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; 7 7 nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; 8 + nixos-wsl = { 9 + url = "github:nix-community/NixOS-WSL/main"; 10 + inputs.nixpkgs.follows = "nixpkgs"; 11 + }; 12 + determinite = { 13 + url = "https://flakehub.com/f/DeterminateSystems/determinate/3"; 14 + inputs.nixpkgs.follows = "nixpkgs"; 15 + }; 8 16 home-manager = { 9 17 url = "github:nix-community/home-manager/release-25.11"; 10 18 inputs.nixpkgs.follows = "nixpkgs"; 11 19 }; 12 - pre-commit-hooks.url = "github:cachix/git-hooks.nix"; 20 + pre-commit-hooks = { 21 + url = "github:cachix/git-hooks.nix"; 22 + inputs.nixpkgs.follows = "nixpkgs"; 23 + }; 24 + agenix = { 25 + url = "github:ryantm/agenix"; 26 + inputs.nixpkgs.follows = "nixpkgs"; 27 + }; 13 28 }; 14 29 15 - outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, pre-commit-hooks, ... }@inputs: 30 + outputs = 31 + { 32 + self, 33 + nixpkgs, 34 + nixpkgs-unstable, 35 + nixos-wsl, 36 + determinite, 37 + home-manager, 38 + pre-commit-hooks, 39 + agenix, 40 + ... 41 + }@inputs: 16 42 let 17 - system = "aarch64-darwin"; 18 - pkgs = nixpkgs.legacyPackages.${system}; 19 - unstable-pkgs = nixpkgs-unstable.legacyPackages.${system}; 20 - supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; 43 + supportedSystems = [ 44 + "x86_64-linux" 45 + "aarch64-linux" 46 + "x86_64-darwin" 47 + "aarch64-darwin" 48 + ]; 21 49 forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 50 + basicSystem = 51 + { 52 + system ? "x86_64-linux", 53 + modules ? [ ], 54 + useUnstable ? false, 55 + extraGroups ? [ ], 56 + overlays ? [ ], 57 + enableNFTables ? true, 58 + }: 59 + let 60 + unstable = import nixpkgs-unstable { 61 + inherit system overlays; 62 + config.allowUnfree = true; 63 + }; 64 + in 65 + inputs.nixpkgs.lib.nixosSystem { 66 + inherit system; 67 + specialArgs = { 68 + inherit inputs extraGroups enableNFTables; 69 + } 70 + // nixpkgs.lib.optionalAttrs useUnstable { 71 + inherit unstable; 72 + }; 73 + modules = [ 74 + determinite.nixosModules.default 75 + ./common.nix 76 + ./users.nix 77 + ./services.nix 78 + agenix.nixosModules.default 79 + home-manager.nixosModules.home-manager 80 + { 81 + home-manager.useGlobalPkgs = true; 82 + home-manager.useUserPackages = true; 83 + home-manager.users.noah = ./default-home.nix; 84 + home-manager.extraSpecialArgs = { 85 + inherit inputs; 86 + } 87 + // nixpkgs.lib.optionalAttrs useUnstable { 88 + inherit unstable; 89 + }; 90 + } 91 + ] 92 + ++ modules; 93 + }; 22 94 in 23 95 { 24 - homeConfigurations."noah" = home-manager.lib.homeManagerConfiguration { 25 - inherit pkgs; 26 - 96 + # incomplete 97 + nixosConfigurations.odin = basicSystem { 98 + extraGroups = [ 99 + "libvirtd" 100 + "qemu-libvirtd" 101 + "docker" 102 + ]; 103 + useUnstable = true; 104 + modules = [ 105 + ./host-specific/odin/configuration.nix 106 + ]; 107 + }; 108 + nixosConfigurations.shizuri = basicSystem { 109 + useUnstable = true; 110 + modules = [ 111 + ./host-specific/shizuri/configuration.nix 112 + ]; 113 + }; 114 + nixosConfigurations.misaki = basicSystem { 115 + useUnstable = true; 116 + extraGroups = [ 117 + "render" 118 + "nats" 119 + "litterbox" 120 + "httpd" 121 + ]; 122 + modules = [ 123 + ./host-specific/misaki/configuration.nix 124 + ]; 125 + overlays = [ 126 + (final: prev: { 127 + # Override the version of Plex installed to be the latest 128 + plexRaw = prev.plexRaw.overrideAttrs rec { 129 + version = "1.43.0.10389-8be686aa6"; 130 + src = final.fetchurl { 131 + url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb"; 132 + sha256 = "0HjB8Ggekwl5dKwM1Kh51Ic25t3V6veKbuzM7czrpeg="; 133 + }; 134 + }; 135 + ## Override the json object that contains verions and hashes for Immich 136 + #immich = prev.immich.override { sourcesJSON = ./overrides/immich-sources.json; }; 137 + ## Fix errors wit numpy version failing to resolve in the immich ML package 138 + #immich-machine-learning = prev.immich-machine-learning.overrideAttrs 139 + # (finalAttrs: prevAttrs: { 140 + # pythonRelaxDeps = prevAttrs.pythonRelaxDeps ++ [ "numpy" ]; 141 + # }); 142 + }) 143 + ]; 144 + }; 145 + nixosConfigurations.touma-wsl = basicSystem { 146 + useUnstable = true; 147 + modules = [ 148 + ./host-specific/touma-wsl.nix 149 + nixos-wsl.nixosModules.default 150 + ]; 151 + enableNFTables = false; 152 + }; 153 + nixosConfigurations.edge = basicSystem { 154 + useUnstable = true; 155 + modules = [ 156 + ./host-specific/edge/configuration.nix 157 + ]; 158 + }; 159 + homeConfigurations."noah-aleister" = home-manager.lib.homeManagerConfiguration { 160 + pkgs = import nixpkgs { 161 + system = "aarch64-darwin"; 162 + config.allowUnfree = true; 163 + }; 27 164 # Specify your home configuration modules here, for example, 28 165 # the path to your home.nix. 29 - modules = [ ./noah-home.nix ]; 166 + modules = [ 167 + ./host-specific/aleister-noah.nix 168 + agenix.homeManagerModules.default 169 + ]; 30 170 31 171 # Optionally use extraSpecialArgs 32 172 # to pass through arguments to home.nix 33 173 extraSpecialArgs = { 34 - unstable = unstable-pkgs; 174 + unstable = import nixpkgs-unstable { 175 + system = "aarch64-darwin"; 176 + config.allowUnfree = true; 177 + }; 35 178 }; 36 179 }; 180 + homeConfigurations."noah" = 181 + let 182 + system = "x86_64-linux"; 183 + pkgs = import nixpkgs { 184 + inherit system; 185 + config.allowUnfree = true; 186 + }; 187 + unstable = import nixpkgs-unstable { 188 + inherit system; 189 + config.allowUnfree = true; 190 + }; 191 + in 192 + home-manager.lib.homeManagerConfiguration { 193 + inherit pkgs; 194 + # Specify your home configuration modules here, for example, 195 + # the path to your home.nix. 196 + modules = [ 197 + ./default-home.nix 198 + { 199 + nix.package = pkgs.nix; 200 + } 201 + ]; 202 + 203 + # Optionally use extraSpecialArgs 204 + # to pass through arguments to home.nix 205 + extraSpecialArgs = { 206 + inherit unstable; 207 + inputs = inputs; 208 + }; 209 + }; 37 210 checks = forAllSystems (system: { 38 - pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { 211 + pre-commit-check = pre-commit-hooks.lib.${system}.run { 39 212 src = ./.; 40 213 # If your hooks are intrusive, avoid running on each commit with a default_states like this: 41 214 # default_stages = ["manual" "push"]; 42 215 hooks = { 43 - nixpkgs-fmt.enable = true; 216 + nixfmt-rfc-style.enable = true; 44 217 nil.enable = true; 45 218 luacheck.enable = true; 46 219 }; ··· 49 222 devShells = forAllSystems (system: { 50 223 default = nixpkgs.legacyPackages.${system}.mkShell { 51 224 inherit (self.checks.${system}.pre-commit-check) shellHook; 52 - buildInputs = self.checks.${system}.pre-commit-check.enabledPackages; 225 + buildInputs = [ 226 + nixpkgs.legacyPackages.${system}.nixfmt-rfc-style 227 + ] 228 + ++ self.checks.${system}.pre-commit-check.enabledPackages; 53 229 }; 54 230 }); 231 + formatter = forAllSystems (system: inputs.nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); 55 232 }; 56 233 }
+30
ghostty/config
··· 1 + #font-size = 13 2 + font-family = TX-02 Medium 3 + theme = flat-remix-light 4 + #theme = dark:catppuccin-frappe,light:catppuccin-latte 5 + shell-integration = fish 6 + link-url = true 7 + clipboard-read = allow 8 + 9 + #window-decoration = true 10 + 11 + font-feature = calt 12 + font-feature = ccmp 13 + font-feature = locl 14 + font-feature = ordn 15 + font-feature = mark 16 + font-feature = mkmk 17 + #font-feature = aalt 18 + #font-feature = ss01 19 + #font-feature = ss02 20 + #font-feature = ss03 21 + #font-feature = ss04 22 + #font-feature = ss05 23 + #font-feature = ss06 24 + #font-feature = ss07 25 + #font-feature = ss08 26 + 27 + custom-shader = ~/.config/ghostty/shaders/galaxy.glsl 28 + #custom-shader = ~/.config/ghostty/shaders/tft.glsl 29 + #custom-shader = ~/.config/ghostty/shaders/retro-terminal.glsl 30 + #custom-shader = ~/.config/ghostty/shaders/bettercrt.glsl
+42
ghostty/themes/flat-remix-light
··· 1 + # standard colors 2 + # black 3 + palette = 0=#404040 4 + # red 5 + palette = 1=#d41919 6 + # green 7 + palette = 2=#12715f 8 + # yellow 9 + palette = 3=#fea44c 10 + # blue 11 + palette = 4=#367bf0 12 + # purple 13 + palette = 5=#8c42ab 14 + # cyan 15 + palette = 6=#4aaee6 16 + # white 17 + palette = 7=#ffffff 18 + 19 + # intense colors 20 + # black (grey) 21 + palette = 8=#737680 22 + # red 23 + palette = 9=#811035 24 + # green 25 + palette = 10=#23bac2 26 + # yellow 27 + palette = 11=#fe7171 28 + # blue 29 + palette = 12=#54bd8e 30 + # purple 31 + palette = 13=#d41919 32 + # cyan 33 + palette = 14=#367bf0 34 + # white 35 + palette = 15=#aaaaaa 36 + 37 + background = #e4e4e7 38 + foreground = #404040 39 + cursor-color = #272a34 40 + cursor-text = #b8174c 41 + selection-background = #737680 42 + selection-foreground = #ffffff
+8 -8
gui.nix
··· 1 - { pkgs, ... }: 2 - let unstable = import <nixos-unstable> { }; 3 - in { 1 + { pkgs, unstable, ... }: 2 + { 4 3 # Enable the X11 windowing system. 5 4 services.xserver.enable = true; 6 5 ··· 23 22 24 23 # Graphics and parallel compute configuration 25 24 hardware.opengl.extraPackages = [ 26 - # TODO: figure out why this doesn't work 27 - # Looks like it requires unfree 28 - # rocmPackages.clr.icd 29 - pkgs.amdvlk 30 25 pkgs.libva 31 26 ]; 32 27 ··· 66 61 # i3, for when I need XOrg 67 62 services.xserver.windowManager.i3 = { 68 63 enable = true; 69 - extraPackages = with pkgs; [ dmenu i3status i3lock i3blocks ]; 64 + extraPackages = with pkgs; [ 65 + dmenu 66 + i3status 67 + i3lock 68 + i3blocks 69 + ]; 70 70 }; 71 71 72 72 xdg.portal = {
-207
home.nix
··· 1 - { pkgs, ... }: 2 - let 3 - unstable = import <nixos-unstable> { }; 4 - in 5 - { 6 - home.packages = with pkgs; [ 7 - # main tool 8 - direnv 9 - tree 10 - btop 11 - htop 12 - rsync 13 - unzip 14 - fd 15 - ripgrep 16 - catgirl 17 - netcat 18 - stunnel 19 - fzf 20 - iperf3 21 - entr 22 - lf 23 - #devenv # broken 24 - plan9port 25 - pwgen 26 - metastore 27 - isync 28 - pass 29 - tmux 30 - age 31 - 32 - # Dev tools 33 - gcc 34 - go 35 - unstable.gopls 36 - gnumake 37 - babashka 38 - # Babashka common aliases 39 - neil 40 - ccls 41 - clojure 42 - unstable.clj-kondo 43 - unstable.clojure-lsp 44 - unstable.janet 45 - unstable.jpm 46 - graalvmPackages.graalvm-ce 47 - cmake 48 - universal-ctags 49 - kotlin 50 - nodejs 51 - node2nix 52 - opam 53 - rustup 54 - zig 55 - scala_3 56 - scalafmt 57 - # scala LSP 58 - unstable.metals 59 - # Scala / Java build tool 60 - sbt 61 - luarocks 62 - luajit 63 - lua-language-server 64 - leiningen 65 - libressl 66 - erlang 67 - elixir 68 - ghc 69 - nil 70 - python3 71 - typescript 72 - #vscode-langservers-extracted 73 - scdoc 74 - #dockerfile-language-server-nodejs 75 - #yaml-language-server 76 - mkcert 77 - natscli 78 - poetry 79 - sqlite 80 - pandoc 81 - unstable.harec 82 - unstable.hare 83 - unstable.haredo 84 - unstable.haredoc 85 - unstable.gleam 86 - unstable.rebar3 87 - unstable.bun 88 - unstable.gh 89 - unstable.zed-editor 90 - unstable.kraft 91 - 92 - # Python dev tools 93 - pyright 94 - python313Packages.python-lsp-server 95 - python313Packages.python-lsp-ruff 96 - 97 - # Certificate Management 98 - minica 99 - mkcert 100 - step-cli 101 - ]; 102 - 103 - nix = { 104 - settings.experimental-features = [ "nix-command" "flakes" ]; 105 - }; 106 - 107 - programs.fish = { 108 - enable = true; 109 - #package = unstable.fish; 110 - }; 111 - programs.neovim = { 112 - #package = unstable.neovim-unwrapped; 113 - enable = true; 114 - defaultEditor = true; 115 - withNodeJs = true; 116 - withPython3 = true; 117 - extraPackages = with pkgs; [ unstable.fzf unstable.ripgrep luarocks unstable.tree-sitter ]; 118 - }; 119 - programs.helix.enable = true; 120 - programs.jujutsu = { 121 - enable = true; 122 - }; 123 - programs.git = { 124 - enable = true; 125 - userName = "Noah Pederson"; 126 - userEmail = "noah@packetlost.dev"; 127 - extraConfig = { 128 - sendemail = { 129 - smtpserver = "smtp.migadu.com"; 130 - smtpuser = "noah@packetlost.dev"; 131 - smptencryption = "tls"; 132 - smtpserverport = 587; 133 - }; 134 - init = { 135 - defaultBranch = "master"; 136 - }; 137 - pull = { 138 - rebase = true; 139 - }; 140 - credential = { 141 - helper = "cache"; 142 - }; 143 - rerere.enable = true; 144 - }; 145 - ignores = [ 146 - ".direnv/" 147 - ".envrc" 148 - "flake.nix" 149 - "shell.nix" 150 - ".env/" 151 - ".clj-kondo/" 152 - ]; 153 - }; 154 - programs.aerc = { 155 - enable = true; 156 - package = unstable.aerc; 157 - }; 158 - programs.ssh = { 159 - enable = true; 160 - addKeysToAgent = "yes"; 161 - }; 162 - 163 - services.ssh-agent.enable = true; 164 - services.mako.enable = false; 165 - 166 - programs.ssh.extraConfig = builtins.readFile ./ssh/extra; 167 - services.gpg-agent = { 168 - enable = true; 169 - defaultCacheTtl = 1800; 170 - }; 171 - 172 - programs.direnv = { 173 - enable = true; 174 - nix-direnv.enable = true; 175 - }; 176 - 177 - # Independent config files. 178 - xdg.configFile.nvim = { 179 - source = ./nvim; 180 - recursive = true; 181 - }; 182 - 183 - xdg.configFile.vis = { 184 - source = ./vis; 185 - recursive = true; 186 - }; 187 - 188 - xdg.configFile.fish = { 189 - source = ./fish; 190 - recursive = true; 191 - }; 192 - 193 - xdg.configFile.aerc = { 194 - source = ./aerc; 195 - recursive = true; 196 - }; 197 - 198 - home.file.".local/bin" = { 199 - source = ./scripts; 200 - recursive = true; 201 - }; 202 - 203 - manual.manpages.enable = true; 204 - 205 - home.stateVersion = "23.11"; 206 - 207 - }
+397
host-specific/aleister-noah.nix
··· 1 + { 2 + pkgs, 3 + unstable, 4 + lib, 5 + inputs, 6 + ... 7 + }: 8 + { 9 + # Home Manager needs a bit of information about you and the paths it should 10 + # manage. 11 + home.username = "noah"; 12 + home.homeDirectory = "/Users/noah"; 13 + imports = [ 14 + inputs.agenix.homeManagerModules.default 15 + ]; 16 + nix = { 17 + package = pkgs.nix; 18 + settings = { 19 + experimental-features = [ 20 + "nix-command" 21 + "flakes" 22 + ]; 23 + }; 24 + }; 25 + 26 + # I generally don't care about unfree stuff 27 + nixpkgs.config.allowUnfree = true; 28 + nixpkgs.config.allowUnfreePredicte = _: true; 29 + 30 + home.packages = with pkgs; [ 31 + # main tool 32 + direnv 33 + #fish 34 + tree 35 + btop 36 + # Apple Silicon top monitoring 37 + macpm 38 + htop 39 + mtr 40 + moreutils 41 + rsync 42 + bash 43 + tmux 44 + coreutils 45 + util-linux 46 + p7zip 47 + unar 48 + watch 49 + 50 + unzip 51 + fd 52 + jq 53 + ripgrep 54 + bat 55 + netcat 56 + stunnel 57 + iperf3 58 + entr 59 + ncdu 60 + # broken? 61 + #unstable.bitwarden-cli 62 + sqlite 63 + age 64 + just 65 + mdr 66 + unstable.catgirl 67 + plan9port 68 + unstable.rc 69 + unstable.glow 70 + unstable.vis 71 + # Tcl/Tk 72 + #unstable.tcl 73 + #unstable.tk 74 + #unstable.tclPackages.tclx 75 + nodejs 76 + 77 + # Dev tools 78 + git 79 + git-filter-repo 80 + unstable.ruff 81 + # Rust REPL 82 + evcxr 83 + #unstable.gcc 84 + #unstable.clang 85 + # Swift stuff 86 + #swift 87 + #swift-format 88 + # Swift LSP 89 + #sourcekit-lsp 90 + unstable.go 91 + unstable.gopls 92 + gnumake 93 + #unstable.babashka 94 + #unstable.ccls 95 + unstable.clojure 96 + unstable.cljfmt 97 + unstable.clojure-lsp 98 + unstable.janet 99 + unstable.jpm 100 + unstable.fennel-ls 101 + unstable.graalvmPackages.graalvm-ce 102 + unstable.crystal 103 + unstable.crystalline 104 + cmake 105 + ctags 106 + #kotlin 107 + #nodejs 108 + #yarn 109 + #node2nix 110 + #opam 111 + # Scala stuff 112 + #unstable.scala_3 113 + #unstable.scalafmt 114 + #unstable.metals 115 + # Scala / Java build tool 116 + #unstable.sbt 117 + # Haskell 118 + #cabal-install 119 + #ghc 120 + 121 + # Lua 122 + luarocks 123 + luajit 124 + unstable.lua-language-server 125 + luaformatter 126 + libressl 127 + # Erlang 128 + #erlang 129 + #elixir 130 + unstable.nil # nix language server 131 + unstable.nixd 132 + #typescript 133 + # This is currently broken 134 + #vscode-langservers-extracted 135 + scdoc 136 + #dockerfile-language-server-nodejs 137 + # BROKEN 138 + #yaml-language-server 139 + mkcert 140 + natscli 141 + python314 142 + unstable.uv 143 + sqlite 144 + #unstable.gleam 145 + #unstable.rebar3 146 + #unstable.flyctl 147 + unstable.bun 148 + unstable.gh 149 + unstable.kraft 150 + unstable.doctl 151 + 152 + # GUI tools 153 + zathura 154 + unstable.opencode 155 + 156 + # Python dev tools 157 + #unstable.pyright 158 + unstable.basedpyright 159 + unstable.python313Packages.python-lsp-server 160 + unstable.python313Packages.python-lsp-ruff 161 + 162 + # JavaScript tools 163 + #typescript-language-server 164 + 165 + # Certificate Management 166 + minica 167 + mkcert 168 + step-cli 169 + unstable.claude-code 170 + 171 + # Fish Plugins 172 + #fishPlugins.fzf 173 + #fishPlugins.pure 174 + 175 + # Libraries because MacOS is kinda stupid 176 + ncurses 177 + ]; 178 + 179 + #programs.fish = { 180 + # enable = true; 181 + # package = unstable.fish; 182 + #}; 183 + programs.fzf = { 184 + enable = true; 185 + enableFishIntegration = true; 186 + }; 187 + programs.pistol.enable = true; 188 + programs.home-manager.enable = true; 189 + programs.neovim = { 190 + package = unstable.neovim-unwrapped; 191 + enable = true; 192 + defaultEditor = true; 193 + withNodeJs = false; 194 + withPython3 = true; 195 + extraPackages = with pkgs; [ 196 + fzf 197 + ripgrep 198 + luarocks 199 + tree-sitter 200 + ]; 201 + }; 202 + programs.git = { 203 + enable = true; 204 + lfs.enable = true; 205 + userName = "Noah Pederson"; 206 + userEmail = "noah@packetlost.dev"; 207 + extraConfig = { 208 + sendemail = { 209 + smtpserver = "smtp.migadu.com"; 210 + smtpuser = "noah@packetlost.dev"; 211 + smtpauth = "plain"; 212 + smtpencryption = "tls"; 213 + smtpserverport = 465; 214 + }; 215 + init = { 216 + defaultBranch = "master"; 217 + }; 218 + pull = { 219 + rebase = true; 220 + }; 221 + push = { 222 + default = "simple"; 223 + autoSetupRemote = true; 224 + followTags = true; 225 + }; 226 + credential = { 227 + helper = "cache"; 228 + }; 229 + alias = { 230 + out = "log @{u}.."; 231 + }; 232 + column = { 233 + ui = "auto"; 234 + }; 235 + branch = { 236 + sort = "-committerdate"; 237 + }; 238 + tag = { 239 + sort = "version:refname"; 240 + }; 241 + diff = { 242 + algorithm = "histogram"; 243 + colorMoved = "plain"; 244 + mnemonicPrefix = true; 245 + renames = true; 246 + }; 247 + fetch = { 248 + prune = true; 249 + pruneTags = true; 250 + all = true; 251 + }; 252 + help = { 253 + autocorrect = "prompt"; 254 + }; 255 + commit = { 256 + verbose = true; 257 + }; 258 + rerere = { 259 + enabled = true; 260 + autoupdate = true; 261 + }; 262 + rebase = { 263 + autoSquash = true; 264 + autoStash = true; 265 + updateRefs = true; 266 + }; 267 + merge = { 268 + conflictStyle = "zdiff3"; 269 + }; 270 + }; 271 + ignores = [ 272 + ".direnv/" 273 + ".envrc" 274 + ".env/" 275 + ".clj-kondo/" 276 + ]; 277 + }; 278 + programs.aerc = { 279 + enable = true; 280 + }; 281 + programs.ssh = { 282 + enable = true; 283 + extraConfig = builtins.readFile ../ssh/extra; 284 + addKeysToAgent = "yes"; 285 + forwardAgent = true; 286 + }; 287 + 288 + programs.yazi = 289 + let 290 + localPkgs = pkgs; 291 + yaziPlugins = localPkgs.yaziPlugins; 292 + plugins = lib.attrsets.getAttrs [ 293 + "rsync" 294 + "piper" 295 + "nord" 296 + "mediainfo" 297 + "glow" 298 + "git" 299 + "diff" 300 + "duckdb" 301 + ] yaziPlugins; 302 + in 303 + { 304 + inherit plugins; 305 + enable = true; 306 + package = localPkgs.yazi; 307 + enableFishIntegration = true; 308 + settings = { 309 + preview = { 310 + image_quality = 90; 311 + }; 312 + tasks = { 313 + image_bound = [ 314 + 0 315 + 0 316 + ]; 317 + }; 318 + }; 319 + }; 320 + 321 + programs.direnv = { 322 + enable = true; 323 + nix-direnv.enable = true; 324 + }; 325 + 326 + programs.nix-index = { 327 + enable = true; 328 + enableFishIntegration = true; 329 + }; 330 + programs.helix = { 331 + enable = true; 332 + settings = { 333 + theme = "everforest_dark"; 334 + editor.cursor-shape = { 335 + normal = "block"; 336 + insert = "bar"; 337 + select = "underline"; 338 + }; 339 + }; 340 + languages.language = [ 341 + { 342 + name = "nix"; 343 + auto-format = true; 344 + formatter.command = "${pkgs.nixfmt}/bin/nixfmt"; 345 + } 346 + { 347 + name = "rust"; 348 + auto-format = true; 349 + formatter.command = "${pkgs.rustfmt}/bin/rustfmt"; 350 + } 351 + ]; 352 + }; 353 + 354 + # Independent config files. 355 + xdg.configFile.nvim = { 356 + source = ../nvim; 357 + recursive = true; 358 + }; 359 + 360 + xdg.configFile.vis = { 361 + source = ../vis; 362 + recursive = true; 363 + }; 364 + 365 + xdg.configFile.fish = { 366 + source = ../fish; 367 + recursive = true; 368 + }; 369 + xdg.configFile."fish/completions/nix.fish".source = 370 + "${pkgs.nix}/share/fish/vendor_completions.d/nix.fish"; 371 + 372 + xdg.configFile.aerc = { 373 + source = ../aerc; 374 + recursive = true; 375 + }; 376 + 377 + xdg.configFile.ghostty = { 378 + source = ../ghostty; 379 + recursive = true; 380 + }; 381 + 382 + home.file.".local/bin" = { 383 + source = ../scripts; 384 + recursive = true; 385 + }; 386 + home.file.".luacheckrc" = { 387 + text = '' 388 + globals = { 389 + "vim", 390 + "vis", 391 + } 392 + ''; 393 + }; 394 + 395 + home.stateVersion = "24.11"; 396 + 397 + }
+207
host-specific/edge/configuration.nix
··· 1 + # Edit this configuration file to define what should be installed on 2 + # your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + { 6 + config, 7 + lib, 8 + pkgs, 9 + inputs, 10 + ... 11 + }: 12 + let 13 + system = pkgs.stdenv.targetPlatform.system; 14 + agave = (builtins.getFlake "/home/noah/repos/agave"); 15 + in 16 + { 17 + imports = [ 18 + # Include the results of the hardware scan. 19 + ./hardware-configuration.nix 20 + agave.nixosModules.default 21 + ]; 22 + 23 + nix.settings.experimental-features = [ 24 + "nix-command" 25 + "flakes" 26 + ]; 27 + 28 + # Use the systemd-boot EFI boot loader. 29 + boot.loader.systemd-boot.enable = true; 30 + #boot.loader.grub.device = "nodev"; 31 + #boot.loader.grub.efiSupport = true; 32 + #boot.loader.grub.useOSProber = true; 33 + boot.loader.efi.canTouchEfiVariables = true; 34 + 35 + # Use latest kernel. 36 + boot.kernelPackages = pkgs.linuxPackages_latest; 37 + 38 + networking.hostName = "edge"; # Define your hostname. 39 + 40 + # Configure network connections interactively with nmcli or nmtui. 41 + networking.networkmanager.enable = true; 42 + 43 + # Set your time zone. 44 + # time.timeZone = "Europe/Amsterdam"; 45 + 46 + # Configure network proxy if necessary 47 + # networking.proxy.default = "http://user:password@proxy:port/"; 48 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 49 + 50 + # Select internationalisation properties. 51 + i18n.defaultLocale = "en_US.UTF-8"; 52 + console = { 53 + font = "Lat2-Terminus16"; 54 + keyMap = "us"; 55 + #useXkbConfig = true; # use xkb.options in tty. 56 + }; 57 + 58 + # Enable the X11 windowing system. 59 + # services.xserver.enable = true; 60 + 61 + # Configure keymap in X11 62 + # services.xserver.xkb.layout = "us"; 63 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 64 + 65 + # Enable CUPS to print documents. 66 + # services.printing.enable = true; 67 + 68 + # Enable sound. 69 + # services.pulseaudio.enable = true; 70 + # OR 71 + # services.pipewire = { 72 + # enable = true; 73 + # pulse.enable = true; 74 + # }; 75 + 76 + # Enable touchpad support (enabled default in most desktopManager). 77 + # services.libinput.enable = true; 78 + 79 + # Define a user account. Don't forget to set a password with ‘passwd’. 80 + # users.users.alice = { 81 + # isNormalUser = true; 82 + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. 83 + # packages = with pkgs; [ 84 + # tree 85 + # ]; 86 + # }; 87 + 88 + # programs.firefox.enable = true; 89 + 90 + # List packages installed in system profile. 91 + # You can use https://search.nixos.org/ to find more packages (and options). 92 + environment.systemPackages = with pkgs; [ 93 + neovim 94 + wget 95 + git 96 + htop 97 + inputs.agenix.packages."${system}".agenix 98 + agave.packages.${system}.solana 99 + agave.packages.${system}.solana-keygen 100 + ]; 101 + 102 + services.tailscale.useRoutingFeatures = "both"; 103 + 104 + # Some programs need SUID wrappers, can be configured further or are 105 + # started in user sessions. 106 + # programs.mtr.enable = true; 107 + # programs.gnupg.agent = { 108 + # enable = true; 109 + # enableSSHSupport = true; 110 + # }; 111 + 112 + # List services that you want to enable: 113 + 114 + # Enable the OpenSSH daemon. 115 + services.openssh.enable = true; 116 + services.openssh.openFirewall = true; 117 + 118 + # Open ports in the firewall. 119 + # networking.firewall.allowedTCPPorts = [ ... ]; 120 + # networking.firewall.allowedUDPPorts = [ ... ]; 121 + # Or disable the firewall altogether. 122 + networking.firewall.enable = true; 123 + networking.firewall = { 124 + allowPing = true; 125 + allowedUDPPorts = [ ]; 126 + allowedUDPPortRanges = [ 127 + # Agave 128 + { 129 + from = 8000; 130 + to = 8020; 131 + } 132 + ]; 133 + allowedTCPPorts = [ 134 + 2375 135 + 3000 136 + # Agave 137 + 8001 138 + 8899 139 + 8900 140 + 10000 141 + ]; 142 + }; 143 + security.pam.loginLimits = [ 144 + { 145 + domain = "*"; 146 + type = "soft"; 147 + item = "nofile"; 148 + value = "100000"; 149 + } 150 + { 151 + domain = "*"; 152 + type = "hard"; 153 + item = "nofile"; 154 + value = "1000000"; 155 + } 156 + ]; 157 + 158 + age.secrets.validator-identity = { 159 + file = ../../secrets/validator-identity.age; 160 + owner = "sol"; 161 + group = "sol"; 162 + }; 163 + services.ambient-validator = { 164 + enable = true; 165 + package = agave.packages.${system}.ambient-validator; 166 + # this needs to be a secret 167 + identityKeypair = config.age.secrets.validator-identity.path; 168 + rpcBindAddress = "0.0.0.0"; 169 + geyserPluginConfig = { 170 + libpath = "${agave.packages.${system}.yellowstone-geyser}/lib/libyellowstone_grpc_geyser.so"; 171 + log = { 172 + level = "info"; 173 + }; 174 + tokio = { 175 + worker_threads = 4; 176 + affinity = null; 177 + }; 178 + grpc = { 179 + address = "0.0.0.0:10000"; 180 + }; 181 + }; 182 + }; 183 + # Copy the NixOS configuration file and link it from the resulting system 184 + # (/run/current-system/configuration.nix). This is useful in case you 185 + # accidentally delete configuration.nix. 186 + # system.copySystemConfiguration = true; 187 + 188 + # This option defines the first version of NixOS you have installed on this particular machine, 189 + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 190 + # 191 + # Most users should NEVER change this value after the initial install, for any reason, 192 + # even if you've upgraded your system to a new NixOS release. 193 + # 194 + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 195 + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how 196 + # to actually do that. 197 + # 198 + # This value being lower than the current NixOS release does NOT mean your system is 199 + # out of date, out of support, or vulnerable. 200 + # 201 + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 202 + # and migrated your data accordingly. 203 + # 204 + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 205 + system.stateVersion = "25.11"; # Did you read the comment? 206 + 207 + }
+46
host-specific/edge/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { config, lib, pkgs, modulesPath, ... }: 5 + 6 + { 7 + imports = 8 + [ (modulesPath + "/installer/scan/not-detected.nix") 9 + ]; 10 + 11 + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" ]; 12 + boot.initrd.kernelModules = [ ]; 13 + boot.kernelModules = [ "kvm-amd" ]; 14 + boot.extraModulePackages = [ ]; 15 + 16 + fileSystems."/" = 17 + { device = "/dev/disk/by-uuid/8101a0a8-a8c6-4083-85b6-c136d3c80f2e"; 18 + fsType = "ext4"; 19 + }; 20 + 21 + fileSystems."/boot" = 22 + { device = "/dev/disk/by-uuid/E7AD-32DA"; 23 + fsType = "vfat"; 24 + options = [ "fmask=0077" "dmask=0077" ]; 25 + }; 26 + 27 + swapDevices = [ ]; 28 + 29 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 30 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 31 + boot.swraid = { 32 + enable = true; 33 + #mdadmConf = '' 34 + # ARRAY /dev/md126 metadata=1.2 UUID=27cd6eab:f0304d07:b859f0f2:1a8f29b7 35 + # MAILADDR noah 36 + #''; 37 + }; 38 + 39 + # stuff for Agave 40 + boot.kernel.sysctl."net.core.rmem_default" = 134217728; 41 + boot.kernel.sysctl."net.core.rmem_max" = 134217728; 42 + boot.kernel.sysctl."net.core.wmem_default" = 134217728; 43 + boot.kernel.sysctl."net.core.wmem_max" = 134217728; 44 + boot.kernel.sysctl."vm.max_map_count" = 1000000; 45 + boot.kernel.sysctl."fs.nr_open" = 1000000; 46 + }
+13
host-specific/misaki/boot.nix
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + 7 + boot.supportedFilesystems = [ "zfs" ]; 8 + boot.zfs.forceImportRoot = false; 9 + boot.zfs.extraPools = [ 10 + "shokuhou" 11 + "mentalout" 12 + ]; 13 + }
+13
host-specific/misaki/configuration.nix
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + ./boot.nix 5 + ./users.nix 6 + ./hardware-configuration.nix 7 + ./networking.nix 8 + ./packages.nix 9 + ./services.nix 10 + ]; 11 + nixpkgs.config.allowUnfree = true; 12 + system.stateVersion = "23.11"; # Did you read the comment? 13 + }
+1
host-specific/misaki/coredns/localhost.hosts
··· 1 + 127.0.0.1 *.localhost
+11
host-specific/misaki/coredns/ngp.computer.hosts
··· 1 + 192.168.1.3 img.ngp.computer 2 + 192.168.1.3 photos.ngp.computer 3 + 192.168.1.3 misaki.ngp.computer 4 + 192.168.1.3 files.ngp.computer 5 + 192.168.1.3 cache.ngp.computer 6 + 7 + fe80::9ab7:85ff:fe1e:dfe8 img.ngp.computer 8 + fe80::9ab7:85ff:fe1e:dfe8 photos.ngp.computer 9 + fe80::9ab7:85ff:fe1e:dfe8 misaki.ngp.computer 10 + fe80::9ab7:85ff:fe1e:dfe8 files.ngp.computer 11 + fe80::9ab7:85ff:fe1e:dfe8 cache.ngp.computer
+17
host-specific/misaki/coredns/packetlost.dev.hosts
··· 1 + # Services 2 + 192.168.1.3 git.packetlost.dev 3 + 192.168.1.3 plex.packetlost.dev 4 + 192.168.1.3 jellyfin.packetlost.dev 5 + 192.168.1.3 nats.packetlost.dev 6 + 7 + # LAN Hosts 8 + 192.168.1.3 misaki.packetlost.dev misaki 9 + 192.168.1.3 cache.packetlost.dev cache 10 + 192.168.1.5 komoe.packetlost.dev komoe 11 + 192.168.1.6 rainbow.packetlost.dev rainbow 12 + 192.168.1.10 ichika.packetlost.dev ichika 13 + 192.168.1.11 futaba.packetlost.dev futaba 14 + 192.168.1.12 mitsumi.packetlost.dev mitsumi 15 + 192.168.1.13 orangepi5.packetlost.dev orangepi5 16 + 192.168.1.30 touma.packetlost.dev touma 17 + 192.168.1.33 kamijou.packetlost.dev kamijou
+91
host-specific/misaki/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "ahci" 22 + "usbhid" 23 + "usb_storage" 24 + "sd_mod" 25 + "dm-raid" 26 + "raid1" 27 + ]; 28 + boot.initrd.kernelModules = [ 29 + "dm-snapshot" 30 + "dm-raid" 31 + "raid1" 32 + ]; 33 + boot.kernelModules = [ 34 + "kvm-amd" 35 + "zfs" 36 + ]; 37 + boot.kernelParams = [ "i915.enable_guc=3" ]; 38 + boot.extraModulePackages = [ ]; 39 + 40 + fileSystems."/" = { 41 + device = "/dev/disk/by-uuid/1988fa0d-ff4a-44aa-a93e-7f0bf3cea5cf"; 42 + fsType = "ext4"; 43 + }; 44 + 45 + fileSystems."/boot" = { 46 + device = "/dev/disk/by-uuid/81D4-01CD"; 47 + fsType = "vfat"; 48 + }; 49 + 50 + swapDevices = [ ]; 51 + 52 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 53 + # (the default) this is the recommended approach. When using systemd-networkd it's 54 + # still possible to use this option, but it's recommended to use it in conjunction 55 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 56 + networking.useDHCP = lib.mkDefault true; 57 + # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true; 58 + # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; 59 + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; 60 + 61 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 62 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 63 + 64 + #nixpkgs.config.packageOverrides = pkgs: { 65 + # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; 66 + #}; 67 + hardware.graphics = { 68 + enable = true; 69 + extraPackages = with pkgs; [ 70 + intel-media-driver 71 + #vaapiVdpau 72 + #libvdpau-va-gl # unmaintained, very old 73 + intel-compute-runtime 74 + vpl-gpu-rt 75 + ]; 76 + #extraPackages32 = with pkgs; [ 77 + # intel-media-driver 78 + # vaapiVdpau 79 + # #libvdpau-va-gl 80 + # intel-compute-runtime 81 + # vpl-gpu-rt 82 + #]; 83 + }; 84 + environment.variables = { 85 + VDPAU_DRIVER = "va_gl"; 86 + LIBVA_DRIVER_NAME = "iHD"; 87 + LIBVA_DRIVERS_PATH = "/run/opengl-driver/lib/dri"; 88 + GST_VAAPI_ALL_DRIVERS = "1"; 89 + }; 90 + #services.xserver.videoDrivers = [ "intel" ]; 91 + }
+115
host-specific/misaki/networking.nix
··· 1 + { config, ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "misaki"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.interfaces = { 19 + enp4s0f1 = { 20 + ipv4.addresses = [ 21 + { 22 + address = "192.168.1.3"; 23 + prefixLength = 24; 24 + } 25 + ]; 26 + }; 27 + }; 28 + networking.defaultGateway = { 29 + address = "192.168.1.1"; 30 + interface = "enp4s0f1"; 31 + }; 32 + 33 + networking.defaultGateway6 = { 34 + address = "fe80::2870:4eff:fe84:d884"; 35 + interface = "enp4s0f1"; 36 + }; 37 + 38 + networking.nameservers = [ 39 + "192.168.1.3" 40 + "45.90.28.93" 41 + "45.90.30.93" 42 + ]; 43 + 44 + # This is necessary for ZFS 45 + networking.hostId = "5beebabe"; 46 + 47 + networking.useNetworkd = true; 48 + # TODO: static IP @ 192.168.1.2 49 + 50 + # Configure network proxy if necessary 51 + # networking.proxy.default = "http://user:password@proxy:port/"; 52 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 53 + # Open ports in the firewall. 54 + # networking.firewall.allowedTCPPorts = [ ... ]; 55 + # networking.firewall.allowedUDPPorts = [ ... ]; 56 + # Or disable the firewall altogether. 57 + # TODO: allow some ports 58 + networking.firewall = { 59 + enable = true; 60 + allowPing = true; 61 + trustedInterfaces = [ 62 + "tailscale0" 63 + ]; 64 + allowedUDPPorts = [ 65 + # DNS 66 + 53 67 + config.services.tailscale.port 68 + ]; 69 + allowedTCPPorts = [ 70 + # DNS over TCP 71 + 53 72 + # NFSv4 73 + 2049 74 + # HTTP(s) 75 + 443 76 + 80 77 + # iperf3 78 + 5201 79 + 5301 80 + 5401 81 + # NATS 82 + 4222 83 + # Prometheus 84 + 9001 85 + # Minio 86 + 9003 87 + # Minio web 88 + 9004 89 + # AFP via Netatalk 90 + 548 91 + #9p 92 + 564 93 + # Misc development 94 + 3000 95 + ]; 96 + }; 97 + 98 + services.tailscale.useRoutingFeatures = "both"; 99 + 100 + services.avahi = { 101 + enable = true; 102 + nssmdns4 = true; 103 + nssmdns6 = true; 104 + ipv6 = true; 105 + openFirewall = true; 106 + publish = { 107 + enable = true; 108 + addresses = true; 109 + workstation = true; 110 + userServices = true; 111 + domain = true; 112 + }; 113 + }; 114 + 115 + }
+67
host-specific/misaki/packages.nix
··· 1 + { 2 + pkgs, 3 + lib, 4 + inputs, 5 + ... 6 + }: 7 + { 8 + 9 + # List packages installed in system profile. To search, run: 10 + # $ nix search wget 11 + environment.systemPackages = with pkgs; [ 12 + neovim 13 + appimage-run 14 + wget 15 + kitty 16 + w3m 17 + fishPlugins.fzf-fish 18 + fzf 19 + qemu 20 + OVMF 21 + metastore 22 + # 9p 23 + diod 24 + plan9port 25 + vis 26 + rc 27 + ncdu 28 + inputs.agenix.packages."${system}".agenix 29 + 30 + # ZFS / filesystem stuff 31 + zfs 32 + 33 + # GPU stuff 34 + intel-gpu-tools 35 + #(ffmpeg-full.override { 36 + # withUnfree = true; 37 + # withMfx = false; 38 + # withSmallBuild = false; 39 + # withTensorflow = false; 40 + #}) 41 + libva 42 + libva-utils 43 + nvtopPackages.intel 44 + ]; 45 + 46 + # Fix dynamically linked libraries for unpackaged binaries 47 + programs.nix-ld = { 48 + enable = true; 49 + libraries = with pkgs; [ 50 + # Add missing dynamic libraries for unpackaged programs HERE 51 + # NOT in environment.systemPackages 52 + zlib 53 + ]; 54 + }; 55 + 56 + programs.fuse.userAllowOther = true; 57 + 58 + # Whitelist some unfree packages 59 + #nixpkgs.config.allowUnfreePredicate = 60 + # pkg: 61 + # builtins.elem (lib.getName pkg) [ 62 + # "tailscale" 63 + # "plexmediaserver" 64 + # "teamspeak-server" 65 + # "ffmpeg-full" 66 + # ]; 67 + }
+3
host-specific/misaki/scripts/fix-jpeg-raw-duplicates-immich.rcsh
··· 1 + #!/usr/bin/env rc 2 + 3 + nix run 'github:nixos/nixpkgs?ref=nixos-unstable-small#immich-go' -- stack -k `{pa show immich-api} -s 'https://photos.ngp.computer' --manage-raw-jpeg StackCoverJPG
+13
host-specific/misaki/scripts/nr
··· 1 + #!/usr/bin/env rc 2 + 3 + flag x + 4 + 5 + if(~ $1 -x) { 6 + flake e + 7 + shift 8 + } 9 + 10 + pkg=$1 11 + shift 12 + 13 + exec nix run --impure 'nixpkgs#'^$pkg -- $*
+8
host-specific/misaki/scripts/oclip
··· 1 + #!/usr/bin/env rc 2 + flag e + 3 + 4 + if (~ $1 -x) { 5 + flag x + 6 + } 7 + data=`{base64 <[0=0]} 8 + printf '\033]52;c;%s\007' $"data
+14
host-specific/misaki/scripts/update-src
··· 1 + #!/usr/bin/env rc 2 + 3 + background=() 4 + for(repo in `{cat downstream}) { 5 + echo Updating $repo 6 + git -C $repo fetch --all --tags --prune --force & 7 + background=($apid $background) 8 + } 9 + 10 + for (i in $background) { 11 + wait $i 12 + } 13 + 14 + echo Done!
+578
host-specific/misaki/services.nix
··· 1 + { 2 + config, 3 + pkgs, 4 + unstable, 5 + ... 6 + }: 7 + { 8 + 9 + services.zfs = { 10 + autoScrub.enable = true; 11 + }; 12 + services.nfs.server.enable = true; 13 + # Some programs need SUID wrappers, can be configured further or are 14 + # started in user sessions. 15 + # programs.mtr.enable = true; 16 + programs.gnupg.agent = { 17 + enable = true; 18 + enableSSHSupport = false; 19 + }; 20 + 21 + # Fish shell, the best 22 + programs.fish.enable = true; 23 + 24 + # MOSH, SSH over flakey connections 25 + programs.mosh.enable = true; 26 + 27 + # List services that you want to enable: 28 + 29 + # Enable the OpenSSH daemon. 30 + services.openssh = { 31 + enable = true; 32 + openFirewall = true; 33 + settings.PasswordAuthentication = false; 34 + }; 35 + 36 + # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 37 + services.hardware.bolt.enable = true; 38 + 39 + services.ergochat.enable = true; 40 + 41 + # Containers and VMs 42 + virtualisation = { 43 + podman = { 44 + enable = true; 45 + dockerCompat = true; 46 + defaultNetwork.settings.dns_enabled = true; 47 + }; 48 + }; 49 + 50 + # Samba, for shares 51 + # TODO 52 + services.samba = { 53 + enable = true; 54 + openFirewall = true; 55 + nmbd.enable = true; 56 + winbindd.enable = true; 57 + settings = { 58 + global = { 59 + workgroup = "WORKGROUP"; 60 + "server string" = "misaki"; 61 + security = "user"; 62 + "use sendfile" = "yes"; 63 + "hosts allow" = "192.168.1. 127.0.0.1 localhost"; 64 + "hosts deny" = "0.0.0.0/0"; 65 + "guest account" = "nobody"; 66 + "map to guest" = "bad user"; 67 + deadtime = 30; 68 + }; 69 + shokuhou = { 70 + path = "/srv/shokuhou"; 71 + browseable = "yes"; 72 + "read only" = "no"; 73 + "guest ok" = "no"; 74 + "create mask" = "0644"; 75 + "directory mask" = "0755"; 76 + "force user" = "noah"; 77 + "force group" = "nas"; 78 + }; 79 + mentalout = { 80 + path = "/srv/mentalout"; 81 + browseable = "yes"; 82 + "read only" = "no"; 83 + "guest ok" = "no"; 84 + "create mask" = "0644"; 85 + "directory mask" = "0755"; 86 + "force user" = "noah"; 87 + "force group" = "nas"; 88 + }; 89 + }; 90 + }; 91 + services.samba-wsdd = { 92 + enable = true; 93 + openFirewall = true; 94 + }; 95 + 96 + services.coredns = { 97 + enable = true; 98 + config = '' 99 + packetlost.dev { 100 + hosts ${./coredns/packetlost.dev.hosts} packetlost.dev { 101 + fallthrough 102 + } 103 + bind enp4s0f1 104 + } 105 + ngp.computer { 106 + hosts ${./coredns/ngp.computer.hosts} ngp.computer { 107 + fallthrough 108 + } 109 + bind enp4s0f1 110 + } 111 + localhost { 112 + hosts ${./coredns/localhost.hosts} localhost { 113 + fallthrough 114 + } 115 + bind enp4s0f1 116 + } 117 + . { 118 + # NextDNS 119 + forward . tls://2a07:a8c0::dd:2feb:853 tls://2a07:a8c1::dd:2feb:853 tls://45.90.28.93:853 tls://45.90.30.93:853 { 120 + tls_servername dd2feb.dns.nextdns.io 121 + health_check 5s 122 + } 123 + bind enp4s0f1 124 + cache 125 + errors 126 + log 127 + } 128 + ''; 129 + }; 130 + 131 + services.nats = { 132 + enable = true; 133 + jetstream = true; 134 + user = "nats"; 135 + group = "nats"; 136 + serverName = "misaki"; 137 + dataDir = "/srv/shokuhou/applications/nats"; 138 + validateConfig = false; 139 + settings = { 140 + authorization = { 141 + users = [ 142 + { 143 + user = "seedbox@packetlost.dev"; 144 + permissions = { 145 + publish = [ 146 + "torrents" 147 + "torrents.>" 148 + "$JS.API.INFO" 149 + #"$JS.API.STREAM.INFO.>" 150 + "$KV.torrents.>" 151 + #"$JS.API.STREAM.*.*.OBJ_torrents" 152 + "$JS.API.*.*.OBJ_torrents" 153 + "$JS.API.STREAM.MSG.GET.OBJ_torrents" 154 + "$JS.API.*.*.OBJ_torrents.>" 155 + "$O.torrents.>" 156 + ]; 157 + subscribe = [ 158 + "torrents.>" 159 + "_INBOX.>" 160 + ]; 161 + allow_responses = false; 162 + }; 163 + } 164 + { user = "odin@packetlost.dev"; } 165 + { user = "misaki@packetlost.dev"; } 166 + { user = "noah@packetlost.dev"; } 167 + { user = "touma-nixos@packetlost.dev"; } 168 + ]; 169 + }; 170 + tls = { 171 + cert_file = "/srv/nats/nats.packetlost.dev/cert.pem"; 172 + key_file = "/srv/nats/nats.packetlost.dev/key.pem"; 173 + ca_file = "/srv/nats/minica.pem"; 174 + verify_and_map = true; 175 + }; 176 + jetstream = { 177 + # 50GB 178 + max_file_store = 53687091200; 179 + max_mem = 8589934592; 180 + }; 181 + }; 182 + }; 183 + 184 + # Minio's object storage has been mostly replaced with NATS. If I specifically need a 185 + # S3-like API, this will be revived. 186 + services.minio = { 187 + enable = false; 188 + listenAddress = ":9003"; 189 + consoleAddress = ":9004"; 190 + dataDir = [ 191 + /srv/shokuhou/applications/minio 192 + ]; 193 + }; 194 + 195 + services.netatalk = { 196 + enable = true; 197 + settings = { 198 + time-machine = { 199 + path = "/srv/shokuhou/backup/timemachine"; 200 + "valid users" = "noah"; 201 + "time machine" = true; 202 + }; 203 + }; 204 + }; 205 + 206 + services.webdav.enable = false; 207 + services.sftpgo = { 208 + enable = false; 209 + dataDir = /srv/shokuhou/documents/sftpgo; 210 + group = "nas"; 211 + }; 212 + services.syncthing = { 213 + enable = false; 214 + openDefaultPorts = true; 215 + # disable the sync folder creation 216 + extraFlags = [ "--no-default-folder" ]; 217 + settings = { 218 + folders = { 219 + "Sync" = { 220 + path = "/srv/shokuhou/documents/sync"; 221 + }; 222 + }; 223 + }; 224 + }; 225 + 226 + services.grafana = { 227 + enable = false; 228 + settings.server.http_port = 2342; 229 + settings.server.domain = "grafana.packetlost.dev"; 230 + settings.server.http_addr = "127.0.0.1"; 231 + }; 232 + 233 + services.prometheus = { 234 + enable = false; 235 + port = 9001; 236 + exporters = { 237 + node = { 238 + enable = true; 239 + enabledCollectors = [ "systemd" ]; 240 + port = 9002; 241 + }; 242 + }; 243 + 244 + scrapeConfigs = [ 245 + { 246 + job_name = "chrysalis"; 247 + static_configs = [ 248 + { targets = [ "127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}" ]; } 249 + ]; 250 + } 251 + ]; 252 + }; 253 + 254 + # TODO: figure out how to appropriately configure this 255 + services.step-ca = { 256 + enable = false; 257 + openFirewall = true; 258 + port = 8443; 259 + address = "0.0.0.0"; 260 + intermediatePasswordFile = /etc/nixos/step-ca-intermediate-ca-password; 261 + settings = builtins.fromJSON (builtins.readFile /home/noah/.step/config/ca.json); 262 + }; 263 + 264 + age.secrets.acme = { 265 + file = ../../secrets/porkbun-api-key.age; 266 + owner = "root"; 267 + group = "acme"; 268 + }; 269 + 270 + security.acme = { 271 + acceptTerms = true; 272 + defaults.email = "noah@packetlost.dev"; 273 + certs."plex.packetlost.dev" = { 274 + group = "httpd"; 275 + dnsProvider = "porkbun"; 276 + environmentFile = config.age.secrets.acme.path; 277 + }; 278 + certs."img.ngp.computer" = { 279 + group = "httpd"; 280 + dnsProvider = "porkbun"; 281 + environmentFile = config.age.secrets.acme.path; 282 + }; 283 + certs."files.ngp.computer" = { 284 + group = "httpd"; 285 + dnsProvider = "porkbun"; 286 + environmentFile = config.age.secrets.acme.path; 287 + }; 288 + certs."cache.ngp.computer" = { 289 + group = "httpd"; 290 + dnsProvider = "porkbun"; 291 + environmentFile = config.age.secrets.acme.path; 292 + }; 293 + certs."photos.ngp.computer" = { 294 + group = "httpd"; 295 + dnsProvider = "porkbun"; 296 + environmentFile = config.age.secrets.acme.path; 297 + }; 298 + certs."jellyfin.packetlost.dev" = { 299 + group = "httpd"; 300 + dnsProvider = "porkbun"; 301 + environmentFile = config.age.secrets.acme.path; 302 + }; 303 + }; 304 + 305 + # A test email server that only works on LAN 306 + services.maddy = { 307 + enable = true; 308 + openFirewall = true; 309 + primaryDomain = "misaki.local"; 310 + ensureAccounts = [ 311 + "noah@misaki.local" 312 + "postmaster@misaki.local" 313 + "test@misaki.local" 314 + ]; 315 + ensureCredentials = { 316 + "noah@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 317 + "postmaster@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 318 + "test@misaki.local".passwordFile = "${pkgs.writeText "test" "Password123"}"; 319 + }; 320 + }; 321 + 322 + age.secrets.nix-serve = { 323 + file = ../../secrets/nix-serve-secret-key.age; 324 + owner = "root"; 325 + group = "root"; 326 + }; 327 + services.nix-serve = { 328 + enable = true; 329 + package = unstable.nix-serve-ng; 330 + secretKeyFile = config.age.secrets.nix-serve.path; 331 + openFirewall = true; 332 + }; 333 + 334 + services.plex = { 335 + enable = true; 336 + openFirewall = false; # we proxy this with nginx 337 + group = "nas"; 338 + user = "noah"; 339 + package = unstable.plex; 340 + }; 341 + 342 + services.jellyfin = { 343 + enable = true; 344 + openFirewall = true; 345 + user = "noah"; 346 + group = "nas"; 347 + logDir = "/srv/shokuhou/applications/jellyfin/log"; 348 + cacheDir = "/srv/shokuhou/applications/jellyfin/cache"; 349 + dataDir = "/srv/shokuhou/applications/jellyfin/data"; 350 + configDir = "/srv/shokuhou/applications/jellyfin/config"; 351 + }; 352 + 353 + services.gitea = { 354 + enable = false; 355 + user = "git"; 356 + domain = "git.packetlost.dev"; 357 + }; 358 + 359 + # Litterbox, collect my IRC logs 360 + systemd = { 361 + services = { 362 + "litterbox@" = { 363 + path = [ pkgs.litterbox ]; 364 + serviceConfig = { 365 + StartLimitIntervalSec = 5; 366 + StartLimitBurst = 10; 367 + Restart = "on-failure"; 368 + RestartSec = "10s"; 369 + Type = "simple"; 370 + ExecStart = "${pkgs.litterbox}/bin/litterbox /srv/litterbox/%i.conf"; 371 + ExecReload = "kill -USR1 $MAINPID"; 372 + User = "noah"; 373 + Group = "litterbox"; 374 + }; 375 + }; 376 + 377 + #"litterbox@libera.irc.packetlost.dev" = { 378 + # overrideStrategy = "asDropin"; 379 + # wantedBy = [ "multi-user.target" ]; 380 + #}; 381 + "update-downstream-src" = { 382 + path = with pkgs; [ 383 + rc 384 + coreutils 385 + git 386 + openssh 387 + ]; 388 + script = "exec ${./scripts/update-src}"; 389 + serviceConfig = { 390 + Type = "oneshot"; 391 + User = "noah"; 392 + WorkingDirectory = "/srv/src"; 393 + }; 394 + }; 395 + }; 396 + timers = { 397 + "update-downstream-src" = { 398 + wantedBy = [ "timers.target" ]; 399 + timerConfig = { 400 + OnCalendar = "daily"; 401 + Persistent = true; 402 + }; 403 + }; 404 + }; 405 + }; 406 + 407 + services.teamspeak3 = { 408 + enable = true; 409 + openFirewall = true; 410 + }; 411 + 412 + services.immich = { 413 + enable = true; 414 + package = unstable.immich; 415 + accelerationDevices = [ "/dev/dri/renderD128" ]; 416 + mediaLocation = "/srv/shokuhou/pictures/immich"; 417 + }; 418 + users.users.immich.extraGroups = [ 419 + "video" 420 + "render" 421 + "nas" 422 + ]; 423 + 424 + # Nginx Reverse SSL Proxy 425 + services.nginx = { 426 + enable = true; 427 + group = "nas"; 428 + user = "noah"; 429 + recommendedGzipSettings = true; 430 + recommendedOptimisation = true; 431 + #recommendedProxySettings = true; 432 + recommendedTlsSettings = true; 433 + 434 + virtualHosts."photos.ngp.computer" = { 435 + enableACME = true; 436 + acmeRoot = null; 437 + forceSSL = true; 438 + locations."/" = { 439 + proxyPass = "http://[::1]:${toString config.services.immich.port}"; 440 + proxyWebsockets = true; 441 + recommendedProxySettings = true; 442 + extraConfig = '' 443 + client_max_body_size 50000M; 444 + proxy_read_timeout 600s; 445 + proxy_send_timeout 600s; 446 + send_timeout 600s; 447 + ''; 448 + }; 449 + }; 450 + virtualHosts."img.ngp.computer" = { 451 + forceSSL = true; 452 + enableACME = true; 453 + acmeRoot = null; 454 + root = "/srv/shokuhou/pictures/public"; 455 + extraConfig = '' 456 + sendfile on; 457 + autoindex_exact_size on; 458 + tcp_nopush on; 459 + ''; 460 + locations."/" = { 461 + extraConfig = '' 462 + autoindex on; 463 + autoindex_exact_size on; 464 + alias /srv/shokuhou/pictures/public/$1; 465 + ''; 466 + }; 467 + }; 468 + virtualHosts."files.ngp.computer" = { 469 + forceSSL = true; 470 + enableACME = true; 471 + acmeRoot = null; 472 + root = null; 473 + extraConfig = '' 474 + sendfile on; 475 + tcp_nopush on; 476 + ''; 477 + locations."/books/" = { 478 + extraConfig = '' 479 + autoindex on; 480 + autoindex_exact_size on; 481 + alias /srv/shokuhou/books/sync/$1; 482 + ''; 483 + }; 484 + }; 485 + virtualHosts."jellyfin.packetlost.dev" = { 486 + forceSSL = true; 487 + enableACME = true; 488 + acmeRoot = null; 489 + http2 = true; 490 + locations."/" = { 491 + proxyPass = "http://localhost:8096/"; 492 + }; 493 + }; 494 + virtualHosts."cache.ngp.computer" = { 495 + forceSSL = true; 496 + enableACME = true; 497 + acmeRoot = null; 498 + http2 = true; 499 + locations."/".proxyPass = 500 + "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; 501 + }; 502 + 503 + # give a name to the virtual host. It also becomes the server name. 504 + virtualHosts."plex.packetlost.dev" = { 505 + # Since we want a secure connection, we force SSL 506 + forceSSL = true; 507 + enableACME = true; 508 + acmeRoot = null; 509 + 510 + # http2 can more performant for streaming: https://blog.cloudflare.com/introducing-http2/ 511 + http2 = true; 512 + 513 + # Provide the ssl cert and key for the vhost 514 + # These are filled in automatically with ACME 515 + extraConfig = '' 516 + 517 + #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause 518 + send_timeout 100m; 519 + 520 + # Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/ 521 + ssl_stapling on; 522 + ssl_stapling_verify on; 523 + 524 + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 525 + ssl_prefer_server_ciphers on; 526 + #Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384. 527 + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 528 + 529 + # Forward real ip and host to Plex 530 + proxy_set_header X-Real-IP $remote_addr; 531 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 532 + proxy_set_header X-Forwarded-Proto $scheme; 533 + proxy_set_header Host $server_addr; 534 + proxy_set_header Referer $server_addr; 535 + proxy_set_header Origin $server_addr; 536 + 537 + # Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. 538 + gzip on; 539 + gzip_vary on; 540 + gzip_min_length 1000; 541 + gzip_proxied any; 542 + gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml; 543 + gzip_disable "MSIE [1-6]\."; 544 + 545 + # Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones. 546 + # Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more 547 + client_max_body_size 100M; 548 + 549 + # Plex headers 550 + proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; 551 + proxy_set_header X-Plex-Device $http_x_plex_device; 552 + proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; 553 + proxy_set_header X-Plex-Platform $http_x_plex_platform; 554 + proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; 555 + proxy_set_header X-Plex-Product $http_x_plex_product; 556 + proxy_set_header X-Plex-Token $http_x_plex_token; 557 + proxy_set_header X-Plex-Version $http_x_plex_version; 558 + proxy_set_header X-Plex-Nocache $http_x_plex_nocache; 559 + proxy_set_header X-Plex-Provides $http_x_plex_provides; 560 + proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; 561 + proxy_set_header X-Plex-Model $http_x_plex_model; 562 + 563 + # Websockets 564 + proxy_http_version 1.1; 565 + proxy_set_header Upgrade $http_upgrade; 566 + proxy_set_header Connection "upgrade"; 567 + 568 + # Buffering off send to the client as soon as the data is received from Plex. 569 + proxy_redirect off; 570 + proxy_buffering off; 571 + ''; 572 + 573 + locations."/" = { 574 + proxyPass = "http://localhost:32400/"; 575 + }; 576 + }; 577 + }; 578 + }
+6
host-specific/misaki/users.nix
··· 1 + { ... }: 2 + { 3 + users.groups.nas.gid = 1001; 4 + users.groups.httpd.gid = 1002; 5 + users.groups.litterbox.gid = 1003; 6 + }
+6
host-specific/odin/boot.nix
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + }
+62
host-specific/odin/configuration.nix
··· 1 + # Edit this configuration file to define what should be installed on 2 + ## your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + { ... }: 6 + { 7 + imports = [ 8 + # Include the results of the hardware scan. 9 + ./hardware-configuration.nix 10 + ./boot.nix 11 + ./networking.nix 12 + #./gui.nix 13 + ./packages.nix 14 + ./services.nix 15 + ]; 16 + 17 + nixpkgs.config.allowUnfree = true; 18 + 19 + # Set your time zone. 20 + time.timeZone = "America/Chicago"; 21 + 22 + # Select internationalisation properties. 23 + i18n.defaultLocale = "en_US.UTF-8"; 24 + # console = { 25 + # font = "Lat2-Terminus16"; 26 + # keyMap = "us"; 27 + # useXkbConfig = true; # use xkb.options in tty. 28 + # }; 29 + 30 + # Automatic doc cache generation 31 + documentation.man.generateCaches = true; 32 + 33 + # Automatic system upgrades 34 + system.autoUpgrade = { 35 + enable = true; 36 + dates = "09:00"; 37 + randomizedDelaySec = "45min"; 38 + }; 39 + 40 + # Automatic Garbage Collection 41 + nix.gc.automatic = true; 42 + nix.gc.options = "--delete-older-than 8d"; 43 + 44 + # This option defines the first version of NixOS you have installed on this particular machine, 45 + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 46 + # 47 + # Most users should NEVER change this value after the initial install, for any reason, 48 + # even if you've upgraded your system to a new NixOS release. 49 + # 50 + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 51 + # so changing it will NOT upgrade your system. 52 + # 53 + # This value being lower than the current NixOS release does NOT mean your system is 54 + # out of date, out of support, or vulnerable. 55 + # 56 + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 57 + # and migrated your data accordingly. 58 + # 59 + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 60 + system.stateVersion = "23.11"; # Did you read the comment? 61 + 62 + }
+9
host-specific/odin/default.nix
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + ./hardware-configuration.nix 5 + ./networking.nix 6 + ./packages.nix 7 + ./services.nix 8 + ]; 9 + }
+98
host-specific/odin/gui.nix
··· 1 + { pkgs, ... }: 2 + { 3 + # Enable the X11 windowing system. 4 + services.xserver = { 5 + enable = true; 6 + videoDrivers = [ "amdgpu" ]; 7 + }; 8 + 9 + # Fix for HIP libraries 10 + systemd.tmpfiles.rules = [ 11 + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 12 + ]; 13 + 14 + # Configure keymap in X11 15 + # services.xserver.xkb.layout = "us"; 16 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 17 + 18 + # Enable CUPS to print documents. 19 + # services.printing.enable = true; 20 + 21 + # Enable sound. 22 + security.rtkit.enable = true; 23 + services.pipewire = { 24 + enable = true; 25 + alsa.enable = true; 26 + alsa.support32Bit = true; 27 + pulse.enable = true; 28 + wireplumber.enable = true; 29 + }; 30 + 31 + # Graphics and parallel compute configuration 32 + hardware.graphics = { 33 + enable = true; 34 + extraPackages = with pkgs; [ 35 + libva 36 + mesa 37 + rocmPackages.clr.icd 38 + ]; 39 + }; 40 + 41 + # Enable touchpad support (enabled default in most desktopManager). 42 + # services.xserver.libinput.enable = true; 43 + 44 + # Fonts 45 + fonts.packages = with pkgs; [ 46 + fira-code 47 + fira-code-symbols 48 + noto-fonts 49 + noto-fonts-cjk-sans 50 + noto-fonts-color-emoji 51 + nerd-fonts.fira-code 52 + ]; 53 + 54 + # Polkit is a dependency of Sway. It's responsible for handling security policies 55 + security.polkit.enable = true; 56 + 57 + # Enable the sway window manager 58 + programs.sway = { 59 + enable = true; 60 + #package = unstable.sway; 61 + wrapperFeatures.gtk = true; 62 + }; 63 + # Use greetd as the displaymanager 64 + #services.xserver.displayManager.greetd.enable = true; 65 + #services.xserver.displayManager.lightdm.enable = false; 66 + services.displayManager.sddm.enable = true; 67 + services.displayManager.defaultSession = "sway"; 68 + services.displayManager.autoLogin = { 69 + enable = true; 70 + user = "noah"; 71 + }; 72 + 73 + # i3, for when I need XOrg 74 + services.xserver.windowManager.i3 = { 75 + enable = true; 76 + extraPackages = with pkgs; [ 77 + dmenu 78 + i3status 79 + i3lock 80 + i3blocks 81 + ]; 82 + }; 83 + 84 + xdg.portal = { 85 + enable = true; 86 + wlr.enable = true; 87 + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; 88 + }; 89 + xdg.mime = { 90 + enable = true; 91 + defaultApplications = { 92 + "x-scheme-handler/http" = "org.firefox.firefox.desktop"; 93 + "x-scheme-handler/https" = "org.firefox.firefox.desktop"; 94 + }; 95 + }; 96 + services.dbus.enable = true; 97 + services.gnome.gnome-keyring.enable = true; 98 + }
+93
host-specific/odin/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + modulesPath, 8 + pkgs, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages_latest; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "thunderbolt" 22 + "usb_storage" 23 + "usbhid" 24 + "sd_mod" 25 + "sdhci_pci" 26 + ]; 27 + boot.initrd.kernelModules = [ 28 + "kvm-amd" 29 + "amdgpu" 30 + "nvme" 31 + "xhci_pci" 32 + "thunderbolt" 33 + "usb_storage" 34 + "usbhid" 35 + "sd_mod" 36 + "sdhci_pci" 37 + ]; 38 + boot.kernelModules = [ 39 + "kvm-amd" 40 + "amdgpu" 41 + "nvme" 42 + "xhci_pci" 43 + "thunderbolt" 44 + "usb_storage" 45 + "usbhid" 46 + "sd_mod" 47 + "sdhci_pci" 48 + ]; 49 + virtualisation.libvirtd = { 50 + enable = true; 51 + qemu = { 52 + runAsRoot = false; 53 + }; 54 + }; 55 + #boot.extraModulePackages = with config.boot.kernelPackages; [ ]; 56 + boot.kernelParams = [ ]; 57 + 58 + hardware.enableRedistributableFirmware = true; 59 + 60 + fileSystems."/" = { 61 + device = "/dev/disk/by-uuid/07019c69-2597-410d-a8a0-a8ffb0f58883"; 62 + fsType = "ext4"; 63 + }; 64 + 65 + fileSystems."/boot" = { 66 + device = "/dev/disk/by-uuid/4B85-C90A"; 67 + fsType = "vfat"; 68 + }; 69 + 70 + swapDevices = [ 71 + { 72 + device = "/swapfile"; 73 + size = 32 * 1024; 74 + } 75 + ]; 76 + 77 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 78 + # (the default) this is the recommended approach. When using systemd-networkd it's 79 + # still possible to use this option, but it's recommended to use it in conjunction 80 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 81 + networking.useDHCP = lib.mkDefault true; 82 + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; 83 + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; 84 + 85 + nixpkgs.hostPlatform = { 86 + #gcc.arch = "znver2"; 87 + #gcc.tune = "znver2"; 88 + system = "x86_64-linux"; 89 + #gcc.arch = "x86-64-v3"; 90 + }; 91 + #nix.settings.system-features = ["gccarch-znver2" "big-parallel" "nixos-test" "benchmark" "kvm"]; 92 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 93 + }
+78
host-specific/odin/networking.nix
··· 1 + { ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "odin"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.useNetworkd = true; 19 + # TODO: static IP @ 192.168.1.6 20 + 21 + # Configure network proxy if necessary 22 + # networking.proxy.default = "http://user:password@proxy:port/"; 23 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 + # Open ports in the firewall. 25 + # networking.firewall.allowedTCPPorts = [ ... ]; 26 + # networking.firewall.allowedUDPPorts = [ ... ]; 27 + # Or disable the firewall altogether. 28 + networking.firewall = { 29 + enable = true; 30 + allowPing = true; 31 + allowedUDPPorts = [ ]; 32 + allowedUDPPortRanges = [ ]; 33 + allowedTCPPorts = [ 34 + 2375 35 + 3000 36 + ]; 37 + }; 38 + 39 + services.avahi = { 40 + enable = true; 41 + nssmdns4 = true; 42 + nssmdns6 = true; 43 + ipv6 = true; 44 + openFirewall = true; 45 + publish = { 46 + enable = true; 47 + addresses = true; 48 + workstation = true; 49 + userServices = true; 50 + domain = true; 51 + }; 52 + }; 53 + 54 + # NFS mounts 55 + 56 + fileSystems = { 57 + "/srv/shokuhou" = { 58 + device = "192.168.1.3:/srv/shokuhou"; 59 + fsType = "nfs"; 60 + options = [ 61 + "nfsvers=4" 62 + "user" 63 + "x-system.automount" 64 + "x-system.idle-timeout=600" 65 + ]; 66 + }; 67 + "/srv/mentalout" = { 68 + device = "192.168.1.3:/srv/mentalout"; 69 + fsType = "nfs"; 70 + options = [ 71 + "nfsvers=4" 72 + "user" 73 + "x-system.automount" 74 + "x-system.idle-timeout=600" 75 + ]; 76 + }; 77 + }; 78 + }
+129
host-specific/odin/packages.nix
··· 1 + { pkgs, lib, ... }: 2 + let # bash script to let dbus know about important env variables and 3 + # propagate them to relevent services run at the end of sway config 4 + # see 5 + # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 + # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 + # some user services to make sure they have the correct environment variables 8 + dbus-sway-environment = pkgs.writeTextFile { 9 + name = "dbus-sway-environment"; 10 + destination = "/bin/dbus-sway-environment"; 11 + executable = true; 12 + 13 + text = '' 14 + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 + ''; 18 + }; 19 + 20 + # currently, there is some friction between sway and gtk: 21 + # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 + # the suggested way to set gtk settings is with gsettings 23 + # for gsettings to work, we need to tell it where the schemas are 24 + # using the XDG_DATA_DIR environment variable 25 + # run at the end of sway config 26 + configure-gtk = pkgs.writeTextFile { 27 + name = "configure-gtk"; 28 + destination = "/bin/configure-gtk"; 29 + executable = true; 30 + text = 31 + let 32 + # TODO: figure out why these bindings exist or where they're used 33 + schema = pkgs.gsettings-desktop-schemas; 34 + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 + in 36 + '' 37 + 6 gnome_schema=org.gnome.desktop.interface 38 + gsettings set $gnome_schema gtk-theme 'Dracula' 39 + ''; 40 + }; 41 + in 42 + { 43 + 44 + # List packages installed in system profile. To search, run: 45 + # $ nix search wget 46 + environment.systemPackages = with pkgs; [ 47 + neovim 48 + appimage-run 49 + tzdata 50 + wget 51 + kitty 52 + file 53 + w3m 54 + fishPlugins.fzf-fish 55 + fzf 56 + qemu 57 + qemu-user 58 + qemu-utils 59 + qemu_full 60 + OVMF 61 + #9p stuff 62 + diod 63 + plan9port 64 + vis 65 + rc 66 + ncdu 67 + 68 + smartmontools 69 + 70 + # Sway stuff 71 + wdisplays 72 + mako 73 + bemenu 74 + wl-clipboard 75 + slurp 76 + grim 77 + swayidle 78 + swaylock 79 + adwaita-icon-theme 80 + dracula-theme 81 + glib 82 + xdg-utils 83 + wayland 84 + configure-gtk 85 + dbus-sway-environment 86 + dbus 87 + pkg-config 88 + zlib 89 + # why wouldn't I want documentation on my system 90 + man-pages 91 + man-pages-posix 92 + perf 93 + ]; 94 + documentation.dev.enable = true; 95 + 96 + # Fix dynamically linked libraries for unpackaged binaries 97 + programs.nix-ld = { 98 + enable = true; 99 + libraries = with pkgs; [ 100 + # Add missing dynamic libraries for unpackaged programs HERE 101 + # NOT in environment.systemPackages 102 + zlib 103 + openssl 104 + sqlite 105 + libunwind 106 + libglvnd 107 + libclang 108 + systemdLibs 109 + ]; 110 + }; 111 + programs.nix-index = { 112 + enable = true; 113 + enableFishIntegration = true; 114 + enableBashIntegration = false; 115 + enableZshIntegration = false; 116 + }; 117 + 118 + # Run other bins in QEMU 119 + boot.binfmt.emulatedSystems = [ 120 + "aarch64-linux" 121 + "riscv64-linux" 122 + ]; 123 + # UEFI firmware support for QEMU 124 + systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; 125 + 126 + # Logseq uses an ancient version of Electron, so we enable that 127 + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 128 + nixpkgs.config.allowUnfree = true; 129 + }
+33
host-specific/odin/services.nix
··· 1 + { ... }: 2 + { 3 + # Some programs need SUID wrappers, can be configured further or are 4 + # started in user sessions. 5 + # programs.mtr.enable = true; 6 + programs.gnupg.agent = { 7 + enable = true; 8 + enableSSHSupport = false; 9 + }; 10 + 11 + # Fish shell, the best 12 + programs.fish.enable = true; 13 + 14 + services.tailscale.useRoutingFeatures = "client"; 15 + 16 + services.redis.servers."" = { 17 + enable = true; 18 + }; 19 + 20 + # Containers and VMs 21 + virtualisation = { 22 + podman = { 23 + enable = false; 24 + dockerCompat = true; 25 + defaultNetwork.settings.dns_enabled = true; 26 + dockerSocket.enable = true; 27 + }; 28 + docker = { 29 + enable = true; 30 + storageDriver = "overlay2"; 31 + }; 32 + }; 33 + }
+6
host-specific/shizuri/boot.nix
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + }
+13
host-specific/shizuri/configuration.nix
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + # Include the results of the hardware scan. 5 + ./hardware-configuration.nix 6 + ./boot.nix 7 + ./networking.nix 8 + ./gui.nix 9 + ./packages.nix 10 + ./services.nix 11 + ]; 12 + system.stateVersion = "23.11"; # Did you read the comment? 13 + }
+27
host-specific/shizuri/gs.sh
··· 1 + #!/usr/bin/env bash 2 + set -xeuo pipefail 3 + 4 + gamescopeArgs=( 5 + --adaptive-sync # VRR support 6 + --hdr-enabled 7 + --mangoapp # performance overlay 8 + --rt 9 + --steam 10 + ) 11 + steamArgs=( 12 + -pipewire-dmabuf 13 + -tenfoot 14 + ) 15 + mangoConfig=( 16 + cpu_temp 17 + gpu_temp 18 + ram 19 + vram 20 + ) 21 + mangoVars=( 22 + MANGOHUD=1 23 + MANGOHUD_CONFIG="$(IFS=,; echo "${mangoConfig[*]}")" 24 + ) 25 + 26 + export "${mangoVars[@]}" 27 + exec gamescope "${gamescopeArgs[@]}" -- steam "${steamArgs[@]}"
+115
host-specific/shizuri/gui.nix
··· 1 + { pkgs, ... }: 2 + { 3 + # Enable the X11 windowing system. 4 + services.xserver = { 5 + enable = true; 6 + videoDrivers = [ "amdgpu" ]; 7 + }; 8 + 9 + # Fix for HIP libraries 10 + systemd.tmpfiles.rules = [ 11 + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 12 + ]; 13 + 14 + # Configure keymap in X11 15 + services.xserver.xkb = { 16 + layout = "us"; 17 + variant = ""; 18 + }; 19 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 20 + 21 + # Enable CUPS to print documents. 22 + # services.printing.enable = true; 23 + 24 + # Enable sound. 25 + security.rtkit.enable = true; 26 + services.pipewire = { 27 + enable = true; 28 + alsa.enable = true; 29 + alsa.support32Bit = true; 30 + pulse.enable = true; 31 + wireplumber.enable = true; 32 + }; 33 + 34 + # Graphics and parallel compute configuration 35 + hardware.graphics = { 36 + enable = true; 37 + extraPackages = with pkgs; [ 38 + libva 39 + mesa 40 + rocmPackages.clr.icd 41 + ]; 42 + }; 43 + 44 + # Enable touchpad support (enabled default in most desktopManager). 45 + # services.xserver.libinput.enable = true; 46 + 47 + # Fonts 48 + fonts.packages = with pkgs; [ 49 + fira-code 50 + fira-code-symbols 51 + noto-fonts 52 + noto-fonts-cjk-sans 53 + noto-fonts-color-emoji 54 + nerd-fonts.fira-code 55 + ]; 56 + 57 + # Polkit is a dependency of Sway. It's responsible for handling security policies 58 + security.polkit.enable = true; 59 + 60 + # Enable the sway window manager 61 + programs.sway = { 62 + enable = false; 63 + #package = unstable.sway; 64 + wrapperFeatures.gtk = true; 65 + }; 66 + # Use greetd as the displaymanager 67 + #services.xserver.displayManager.greetd.enable = true; 68 + 69 + services.xserver.displayManager.lightdm.enable = false; 70 + 71 + #services.displayManager.sddm.enable = true; 72 + #services.displayManager.defaultSession = "sway"; 73 + #services.displayManager.autoLogin = { 74 + # enable = true; 75 + # user = "noah"; 76 + #}; 77 + services.xserver.desktopManager.xfce.enable = false; 78 + services.xserver.desktopManager.lxqt = { 79 + enable = true; 80 + }; 81 + services.xscreensaver.enable = true; 82 + security.pam.services.xscreensaver.enable = true; 83 + 84 + # i3, for when I need XOrg 85 + services.xserver.windowManager.i3 = { 86 + enable = false; 87 + extraPackages = with pkgs; [ 88 + dmenu 89 + i3status 90 + i3lock 91 + i3blocks 92 + ]; 93 + }; 94 + 95 + xdg.portal = { 96 + enable = true; 97 + wlr.enable = true; 98 + extraPortals = [ 99 + pkgs.xdg-desktop-portal 100 + pkgs.xdg-desktop-portal-wlr 101 + pkgs.xdg-desktop-portal-gtk 102 + pkgs.xdg-desktop-portal-termfilechooser 103 + pkgs.lxqt.xdg-desktop-portal-lxqt 104 + ]; 105 + }; 106 + xdg.mime = { 107 + enable = true; 108 + defaultApplications = { 109 + "x-scheme-handler/http" = "org.firefox.firefox.desktop"; 110 + "x-scheme-handler/https" = "org.firefox.firefox.desktop"; 111 + }; 112 + }; 113 + services.dbus.enable = true; 114 + services.gnome.gnome-keyring.enable = true; 115 + }
+84
host-specific/shizuri/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages_latest; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "thunderbolt" 22 + "usb_storage" 23 + "usbhid" 24 + "uas" 25 + "sd_mod" 26 + ]; 27 + boot.initrd.kernelModules = [ ]; 28 + boot.kernelModules = [ "kvm-amd" ]; 29 + boot.extraModulePackages = [ ]; 30 + 31 + # Bluetooth / wireless configuration 32 + hardware.bluetooth = { 33 + enable = true; 34 + powerOnBoot = true; 35 + settings = { 36 + General = { 37 + # Shows battery charge of connected devices on supported 38 + # Bluetooth adapters. Defaults to 'false'. 39 + Experimental = true; 40 + # When enabled other devices can connect faster to us, however 41 + # the tradeoff is increased power consumption. Defaults to 42 + # 'false'. 43 + FastConnectable = true; 44 + }; 45 + Policy = { 46 + # Enable all controllers when they are found. This includes 47 + # adapters present on start as well as adapters that are plugged 48 + # in later on. Defaults to 'true'. 49 + AutoEnable = true; 50 + }; 51 + }; 52 + }; 53 + 54 + fileSystems."/" = { 55 + device = "/dev/disk/by-uuid/9a7cbffe-6c10-4220-bb99-4dcea8181dcc"; 56 + fsType = "ext4"; 57 + }; 58 + 59 + fileSystems."/boot" = { 60 + device = "/dev/disk/by-uuid/9AC5-62C3"; 61 + fsType = "vfat"; 62 + options = [ 63 + "fmask=0077" 64 + "dmask=0077" 65 + ]; 66 + }; 67 + 68 + swapDevices = [ { device = "/dev/disk/by-uuid/a19d8fad-d8d2-4bbe-a233-e645020419ff"; } ]; 69 + fileSystems."/srv/mugino" = { 70 + device = "/dev/disk/by-uuid/d832dd9f-1fbb-4ca7-9097-0ba329b838af"; 71 + fsType = "ext4"; 72 + }; 73 + 74 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 75 + # (the default) this is the recommended approach. When using systemd-networkd it's 76 + # still possible to use this option, but it's recommended to use it in conjunction 77 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 78 + networking.useDHCP = lib.mkDefault true; 79 + # networking.interfaces.enp191s0.useDHCP = lib.mkDefault true; 80 + # networking.interfaces.wlp192s0.useDHCP = lib.mkDefault true; 81 + 82 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 83 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 84 + }
+78
host-specific/shizuri/networking.nix
··· 1 + { ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "shizuri"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.useNetworkd = true; 19 + # TODO: static IP @ 192.168.1.2 20 + 21 + # Configure network proxy if necessary 22 + # networking.proxy.default = "http://user:password@proxy:port/"; 23 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 + # Open ports in the firewall. 25 + # networking.firewall.allowedTCPPorts = [ ... ]; 26 + # networking.firewall.allowedUDPPorts = [ ... ]; 27 + # Or disable the firewall altogether. 28 + # TODO: allow some ports 29 + networking.firewall = { 30 + enable = false; 31 + allowPing = true; 32 + allowedUDPPorts = [ ]; 33 + allowedTCPPorts = [ 34 + 1234 35 + 2375 36 + ]; 37 + }; 38 + 39 + services.avahi = { 40 + enable = true; 41 + nssmdns4 = true; 42 + nssmdns6 = true; 43 + ipv6 = true; 44 + openFirewall = true; 45 + publish = { 46 + enable = true; 47 + addresses = true; 48 + workstation = true; 49 + userServices = true; 50 + domain = true; 51 + }; 52 + }; 53 + 54 + # NFS mounts 55 + 56 + fileSystems = { 57 + "/srv/shokuhou" = { 58 + device = "192.168.1.3:/srv/shokuhou"; 59 + fsType = "nfs"; 60 + options = [ 61 + "nfsvers=4" 62 + "user" 63 + "x-system.automount" 64 + "x-system.idle-timeout=600" 65 + ]; 66 + }; 67 + "/srv/mentalout" = { 68 + device = "192.168.1.3:/srv/mentalout"; 69 + fsType = "nfs"; 70 + options = [ 71 + "nfsvers=4" 72 + "user" 73 + "x-system.automount" 74 + "x-system.idle-timeout=600" 75 + ]; 76 + }; 77 + }; 78 + }
+173
host-specific/shizuri/packages.nix
··· 1 + { pkgs, lib, ... }: 2 + let # bash script to let dbus know about important env variables and 3 + # propagate them to relevent services run at the end of sway config 4 + # see 5 + # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 + # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 + # some user services to make sure they have the correct environment variables 8 + dbus-sway-environment = pkgs.writeTextFile { 9 + name = "dbus-sway-environment"; 10 + destination = "/bin/dbus-sway-environment"; 11 + executable = true; 12 + 13 + text = '' 14 + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 + ''; 18 + }; 19 + 20 + # currently, there is some friction between sway and gtk: 21 + # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 + # the suggested way to set gtk settings is with gsettings 23 + # for gsettings to work, we need to tell it where the schemas are 24 + # using the XDG_DATA_DIR environment variable 25 + # run at the end of sway config 26 + configure-gtk = pkgs.writeTextFile { 27 + name = "configure-gtk"; 28 + destination = "/bin/configure-gtk"; 29 + executable = true; 30 + text = 31 + let 32 + # TODO: figure out why these bindings exist or where they're used 33 + schema = pkgs.gsettings-desktop-schemas; 34 + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 + in 36 + '' 37 + 6 gnome_schema=org.gnome.desktop.interface 38 + gsettings set $gnome_schema gtk-theme 'Dracula' 39 + ''; 40 + }; 41 + in 42 + { 43 + 44 + # List packages installed in system profile. To search, run: 45 + # $ nix search wget 46 + environment.systemPackages = with pkgs; [ 47 + mangohud 48 + neovim 49 + appimage-run 50 + tzdata 51 + wget 52 + kitty 53 + file 54 + w3m 55 + fishPlugins.fzf-fish 56 + fzf 57 + qemu 58 + qemu-user 59 + qemu-utils 60 + qemu_full 61 + OVMF 62 + #9p stuff 63 + diod 64 + plan9port 65 + vis 66 + rc 67 + 68 + smartmontools 69 + 70 + # Sway stuff 71 + wdisplays 72 + mako 73 + bemenu 74 + wl-clipboard 75 + slurp 76 + grim 77 + swayidle 78 + swaylock 79 + adwaita-icon-theme 80 + dracula-theme 81 + glib 82 + xdg-utils 83 + xdg-desktop-portal 84 + wayland 85 + configure-gtk 86 + lxqt.lxqt-menu-data # for lxqt 87 + dbus-sway-environment 88 + dbus 89 + pkg-config 90 + zlib 91 + # why wouldn't I want documentation on my system 92 + man-pages 93 + man-pages-posix 94 + linuxPackages_latest.perf 95 + ]; 96 + 97 + environment.loginShellInit = '' 98 + [[ "$(tty)" = "/dev/tty1" ]] && /home/noah/repos/nixos/gs.sh 99 + ''; 100 + 101 + documentation.dev.enable = true; 102 + 103 + # Fix dynamically linked libraries for unpackaged binaries 104 + programs.nix-ld = { 105 + enable = true; 106 + libraries = with pkgs; [ 107 + # Add missing dynamic libraries for unpackaged programs HERE 108 + # NOT in environment.systemPackages 109 + zlib 110 + openssl 111 + sqlite 112 + libunwind 113 + libglvnd 114 + libclang 115 + systemdLibs 116 + ]; 117 + }; 118 + programs.nix-index = { 119 + enable = true; 120 + enableFishIntegration = true; 121 + enableBashIntegration = false; 122 + enableZshIntegration = false; 123 + }; 124 + 125 + programs.steam = { 126 + enable = true; 127 + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play 128 + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server 129 + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers 130 + gamescopeSession.enable = true; 131 + }; 132 + programs.gamescope = { 133 + enable = true; 134 + capSysNice = true; 135 + }; 136 + # Boot to bigpicture 137 + services.getty.autologinUser = "noah"; 138 + 139 + programs.appimage = { 140 + enable = true; 141 + binfmt = true; 142 + }; 143 + 144 + # Run other bins in QEMU 145 + boot.binfmt.emulatedSystems = [ 146 + "aarch64-linux" 147 + "riscv64-linux" 148 + ]; 149 + # UEFI firmware support for QEMU 150 + systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; 151 + 152 + # Logseq uses an ancient version of Electron, so we enable that 153 + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 154 + 155 + # I don't care too much about unfree 156 + nixpkgs.config.allowUnfree = true; 157 + # Whitelist some unfree packages 158 + nixpkgs.config.allowUnfreePredicate = 159 + pkg: 160 + builtins.elem (lib.getName pkg) [ 161 + "discord" 162 + "spotify" 163 + "obsidian" 164 + "unstable.obsidian" 165 + "tailscale" 166 + "google-chrome" 167 + "slack" 168 + "steam" 169 + "steam-original" 170 + "steam-unwrapped" 171 + "steam-run" 172 + ]; 173 + }
+44
host-specific/shizuri/services.nix
··· 1 + { pkgs, ... }: 2 + { 3 + # Some programs need SUID wrappers, can be configured further or are 4 + # started in user sessions. 5 + # programs.mtr.enable = true; 6 + programs.gnupg.agent = { 7 + enable = true; 8 + enableSSHSupport = false; 9 + }; 10 + 11 + # Enable the OpenSSH daemon. 12 + services.openssh = { 13 + enable = true; 14 + settings.X11Forwarding = true; 15 + }; 16 + 17 + # Smart Card daemon 18 + services.pcscd.enable = true; 19 + 20 + # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 21 + services.hardware.bolt.enable = true; 22 + 23 + services.fwupd.enable = true; 24 + 25 + services.xrdp = { 26 + enable = true; 27 + openFirewall = true; 28 + defaultWindowManager = "${pkgs.lxqt.lxqt-session}/bin/lxqt-session"; 29 + }; 30 + 31 + # Containers and VMs 32 + virtualisation = { 33 + podman = { 34 + enable = false; 35 + dockerCompat = true; 36 + defaultNetwork.settings.dns_enabled = true; 37 + dockerSocket.enable = true; 38 + }; 39 + docker = { 40 + enable = true; 41 + storageDriver = "overlay2"; 42 + }; 43 + }; 44 + }
+55
host-specific/touma-wsl.nix
··· 1 + # Edit this configuration file to define what should be installed on 2 + # your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + # NixOS-WSL specific options are documented on the NixOS-WSL repository: 6 + # https://github.com/nix-community/NixOS-WSL 7 + 8 + { pkgs, inputs, ... }: 9 + { 10 + imports = [ 11 + # WSL has no hardware configuration 12 + ../users.nix 13 + ../services.nix 14 + ]; 15 + wsl = { 16 + enable = true; 17 + defaultUser = "noah"; 18 + wslConf.network.hostname = "touma-wsl-nixos"; 19 + }; 20 + # List packages installed in system profile. To search, run: 21 + # $ nix search wget 22 + environment.systemPackages = with pkgs; [ 23 + neovim 24 + appimage-run 25 + wget 26 + kitty 27 + w3m 28 + fishPlugins.fzf-fish 29 + fzf 30 + qemu 31 + OVMF 32 + gitFull 33 + # plan9 34 + diod 35 + plan9port 36 + vis 37 + rc 38 + 39 + xdg-utils 40 + inputs.agenix.packages."${system}".agenix 41 + ]; 42 + services.openssh.enable = true; 43 + 44 + # Fix dynamically linked libraries for unpackaged binaries 45 + programs.nix-ld = { 46 + enable = true; 47 + libraries = with pkgs; [ 48 + # Add missing dynamic libraries for unpackaged programs HERE 49 + # NOT in environment.systemPackages 50 + zlib 51 + fuse3 52 + ]; 53 + }; 54 + system.stateVersion = "24.11"; 55 + }
-22
networking.nix
··· 1 - { ... }: { 2 - #networking.hostName = "touma-wsl-nixos"; 3 - 4 - #systemd.network.enable = true; 5 - #networking.useNetworkd = true; 6 - #services.resolved.enable = false; 7 - 8 - services.avahi = { 9 - enable = true; 10 - nssmdns4 = true; 11 - nssmdns6 = true; 12 - ipv6 = true; 13 - openFirewall = true; 14 - publish = { 15 - enable = true; 16 - addresses = true; 17 - workstation = true; 18 - domain = true; 19 - hinfo = true; 20 - }; 21 - }; 22 - }
+11 -2
nvim/init.lua
··· 7 7 -- Config for Nord, which I usually use 8 8 -- vim.g.nord_italic = false 9 9 -- vim.g.nord_bold = false 10 - --vim.opt.background = "light" 11 - vim.opt.background = "dark" 10 + local known_hosts = { 11 + ["aleister.packetlost.dev"] = "light", 12 + ["aleister.local"] = "light", 13 + ["accelerator"] = "light" 14 + } 15 + local background = known_hosts[vim.loop.os_gethostname()] 16 + if not background then 17 + background = "dark" 18 + end 19 + vim.opt.background = background 20 + --vim.opt.background = "dark" 12 21 13 22 -- Formatting and vim config 14 23 vim.opt.expandtab = true
+7
nvim/lua/plugins.lua
··· 335 335 end 336 336 }, 337 337 { "lewis6991/gitsigns.nvim", config = true }, 338 + { 339 + "greggh/claude-code.nvim", 340 + dependencies = { 341 + "nvim-lua/plenary.nvim" 342 + }, 343 + config = true 344 + } 338 345 339 346 } 340 347 })
-43
packages.nix
··· 1 - { pkgs, lib, ... }: 2 - { 3 - # List packages installed in system profile. To search, run: 4 - # $ nix search wget 5 - environment.systemPackages = with pkgs; [ 6 - neovim 7 - appimage-run 8 - wget 9 - kitty 10 - w3m 11 - fishPlugins.fzf-fish 12 - fzf 13 - qemu 14 - OVMF 15 - gitFull 16 - # plan9 17 - diod 18 - plan9port 19 - vis 20 - rc 21 - 22 - xdg-utils 23 - ]; 24 - 25 - # Fix dynamically linked libraries for unpackaged binaries 26 - programs.nix-ld = { 27 - enable = true; 28 - libraries = with pkgs; 29 - [ 30 - # Add missing dynamic libraries for unpackaged programs HERE 31 - # NOT in environment.systemPackages 32 - zlib 33 - fuse3 34 - ]; 35 - }; 36 - 37 - # Logseq uses an ancient version of Electron, so we enable that 38 - #nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 39 - 40 - # Whitelist some unfree packages 41 - nixpkgs.config.allowUnfreePredicate = pkg: 42 - builtins.elem (lib.getName pkg) [ ]; 43 - }
+1
secrets/cache-pub-key.pem
··· 1 + misaki.packetlost.dev:y5Z/utaVBozpL0UAbUQDWLjpm2sVMOoKzyG76n/167A=
+10
secrets/catgirl-libera.age
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 QBbeMw PrgR2RT7HMRapTw8QcRtBU1vfOdrvOdFR+dxlaTMSH4 3 + 2oG68+hYV5W90Beaqpi/VonPwXzB52NTwwJGKmV8YM0 4 + -> ssh-ed25519 Wv0Urw LvqWE5p2G3QnxbqOQMSd631mCqfhJvE9P/yRuwTTkFk 5 + 3jGowP4TKe3T92NXcZjmqU+QFGcyuT2+H3EU/nqTF8s 6 + -> ssh-ed25519 WVNCXA YGX6M8E4JGpJNeZIhiN/t+tx1NQNc+Ewy9HC2dxm3yY 7 + mhxXrgnbh4ng2tIeQrYfxlnlSCk/fTEBDDOg2MEVP2g 8 + --- JpMgqNty36r0OAyDTaLY8yiFHGXzQLm8gh6XXmJQ094 9 + E~�ƿ ׭ #2%%��`Ϳ�~��~�Si<�3� 10 + 7k��b�+OMr�3GxžhG�WY9.�xU1�Re�*%���v�!����������2�wJ_B�)�"��I� �k��[u�jvV5��8n�D��2���H�|
secrets/nix-serve-secret-key.age

This is a binary file and will not be displayed.

+13
secrets/noah-hashed-password.age
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 e6zq8g Y6AKrd+CWu2+QqPEslYof/XQTTSMf/WNlW9t8FagYgQ 3 + +hiVmTdBt2w/CUusGWOmHgPB3/A3NlcVJ6a4hieWKaE 4 + -> ssh-ed25519 FcROng uBO/aCTSS5JU9ZTkyRgFeYhmkcXdifUycQk8CEGADx0 5 + LZE8JNFrlOeySFamABnZuZHdXdLPYB8/X4gic3stCuw 6 + -> ssh-ed25519 OV+2QQ m13opn5yD0oMLSR8j1jiI9CkzwDSZI37UhJdLQ/KzjE 7 + 6arhn/OFKiGrFabcFCF/yTtTSQImORJX5Ohq50I3xpU 8 + -> ssh-ed25519 h/Fm0A HfM3i56ldP9EvwYTNorzdtkwn21zvFd6cEqUINsg8hg 9 + RJo7z0Nk179ZiazofToA+0KOD3CWfpzaFcZWrSeVsuo 10 + -> ssh-ed25519 Aoo1Gg DKY2avQ+UMyIytEefP6C3LTXTT7QaDBDguxu4G3j/iY 11 + EqCq0BeV+rToFnOCbD9ru9KroXxGcYKRnryKF7N8Uoo 12 + --- L0JkNEz2vJ0m7+8PQELugzzhQAKV/6z/JrU2qeTDPWI 13 + /g�DQ�ӳ`�����< �S��U���p}E+(��2H�'��͖�������Av6p.P#,����l �����@��7���|F�;;�Dޓ,�8@���E{
+9
secrets/porkbun-api-key.age
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 e6zq8g x6PGKDva9Uj/rVaeOiWSBKTgNsi6ZT1XtHdUEAPn7Wo 3 + hziH64vy2Dx0dMEEKphhw54hzyzhgAYONxaSqDgguP0 4 + -> ssh-ed25519 QBbeMw G775f6PEJrogzi+h0cDKhCmfZ4t8uaJSsGqSuLdwq1M 5 + TR9UfYVljeb+DtttBpMlinZjbPNKL7+omEasEo0nEjE 6 + -> ssh-ed25519 Wv0Urw jXwjCKuCW6z7ZGu0hp/igks4vgCcGGng0VGXeHakJRI 7 + b6fciWjygpGMI83E3C3JBjJZ7X5tDXRPRKgn1Uy/1P0 8 + --- X67NLqQNueHXFrw9Z2SBA880xnUEPLbKRjADgdiBfIs 9 + &u&6�=�ڌ5�!,B[��e������F�[��9�� "lU����<�9�D$m̆��6`JU �dB~S�A6D;s��љ: M��p g�Y��@pBj�6���f����p�;��{�H�y�2{�?���#Pl�D@#ye��3��jD��tץ����6���=�A�������lJڊQ'���..>�(񵑅|wn��Zf<= _
+29
secrets/secrets.nix
··· 1 + let 2 + noah = [ 3 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQFlX3hhXxsqAUYLvF+IX1YWQ+k22OHlqMOjgyNBe9e noah@misaki" 4 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/cXL1cV6QUW5z2bJp1mCu0CXrcc0Dntdxaeo3fg60N noah@odin" 5 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChbA8oSqYgmjIGYjlpAPLf+Nl6IlcSb2Zmh/Hl6xm88 noah@accelerator" 6 + ]; 7 + misaki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rcf4Lr+JPWGKQol6eAml6SMgERkGJWgN7y1qYUUvX root@nixos"; 8 + edge = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCmFKYXpQf1E8E7fj5s+3R33HPRjPhXrv++FCKYBCd4 root@nixos"; 9 + odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIuvOXEK7M2i/Q8FeableBS+L20zwQpLetOuFGUhba2 root@nixos"; 10 + touma-wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeyj52bQ/nf5k4HwDckeHy8wU3weDtY6IF6VlUJ/hAH root@nixos"; 11 + shizuri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMdVtl8UlDa9kI/PO62Glu/PeJXfgXNsVg92b+BibE root@nixos"; 12 + hosts = [ 13 + misaki 14 + edge 15 + odin 16 + touma-wsl 17 + shizuri 18 + ]; 19 + in 20 + { 21 + "porkbun-api-key.age".publicKeys = [ misaki ] ++ noah; 22 + "noah-hashed-password.age".publicKeys = hosts; 23 + "nix-serve-secret-key.age".publicKeys = [ 24 + misaki 25 + noah 26 + ]; 27 + "validator-identity.age".publicKeys = [ edge ]; 28 + "catgirl-libera.age".publicKeys = noah; 29 + }
secrets/validator-identity.age

This is a binary file and will not be displayed.

+28 -9
services.nix
··· 1 - { ... }: { 1 + { enableNFTables, lib, ... }: 2 + { 3 + 2 4 # Some programs need SUID wrappers, can be configured further or are 3 5 # started in user sessions. 4 6 programs.mtr.enable = true; ··· 6 8 # Fish shell, the best 7 9 programs.fish.enable = true; 8 10 9 - # List services that you want to enable: 11 + # Tailscale 12 + services.tailscale = { 13 + enable = true; 14 + openFirewall = true; 15 + }; 16 + # Don't wait for networks on boot, should speed up boot 17 + systemd.network.wait-online.enable = false; 18 + boot.initrd.systemd.network.wait-online.enable = false; 19 + networking.firewall.trustedInterfaces = [ "tailscale0" ]; 10 20 11 - # Containers and VMs 12 - virtualisation = { 13 - podman = { 14 - enable = false; 15 - dockerCompat = true; 16 - defaultNetwork.settings.dns_enabled = true; 17 - }; 21 + # Enable the OpenSSH daemon. 22 + services.openssh = { 23 + enable = true; 24 + openFirewall = true; 25 + settings.PasswordAuthentication = false; 18 26 }; 27 + 28 + # MOSH, SSH over flakey connections 29 + programs.mosh.enable = true; 30 + } 31 + // lib.optionalAttrs enableNFTables { 32 + # Use nftables 33 + networking.nftables.enable = true; 34 + # Support native nftables in tailscale 35 + systemd.services.tailscaled.serviceConfig.Environment = [ 36 + "TS_DEBUG_FIREWALL_MODE=nftables" 37 + ]; 19 38 }
+31 -27
users.nix
··· 1 - { pkgs, lib, ... }: 2 - let 3 - home-manager = builtins.fetchTarball 4 - "https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz"; 5 - in 1 + { 2 + pkgs, 3 + lib, 4 + config, 5 + extraGroups ? [ ], 6 + ... 7 + }: 6 8 { 7 9 8 - imports = [ 9 - # Import home-manager first, it's required for other modules 10 - (import "${home-manager}/nixos") 11 - ]; 12 - 13 10 # Declarative only optoins. 14 11 # I don't want to allow ad-hoc modifying users on the system. 15 12 # Users must be declared either as part of a package or in this file. 16 13 users.mutableUsers = false; 17 14 15 + age.secrets.noah-password = { 16 + file = ./secrets/noah-hashed-password.age; 17 + owner = "root"; 18 + group = "root"; 19 + }; 20 + 18 21 # Define a user account. Don't forget to set a password with ‘passwd’. 19 22 users.users.noah = { 20 23 isNormalUser = true; 21 24 shell = pkgs.fish; 22 - extraGroups = [ "wheel" "video" "nas" ]; # Enable ‘sudo’ for the user. 23 - hashedPasswordFile = "/etc/nixos/noah-password"; 24 - openssh.authorizedKeys.keys = 25 - lib.strings.splitString "\n" (builtins.readFile (builtins.fetchurl { 26 - url = "https://meta.sr.ht/~chiefnoah.keys"; 27 - name = "chiefnoah.keys"; 28 - # Update this with: 29 - # `curl https://meta.sr.ht/~chiefnoah.keys | sha256sum` 30 - sha256 = "b07f29019f0fcf2d7e217637fce6c7f9476468cc47cb8eaf36a0cd646aa4a8a7"; 31 - })); 25 + extraGroups = [ 26 + "wheel" 27 + "video" 28 + "nas" 29 + ] 30 + ++ extraGroups; # Enable ‘sudo’ for the user. 31 + hashedPasswordFile = config.age.secrets.noah-password.path; 32 + openssh.authorizedKeys.keys = lib.strings.splitString "\n" ( 33 + builtins.readFile ( 34 + builtins.fetchurl { 35 + url = "https://meta.sr.ht/~chiefnoah.keys"; 36 + name = "chiefnoah.keys"; 37 + # Update this with: 38 + # `curl https://meta.sr.ht/~chiefnoah.keys | sha256sum` 39 + sha256 = "0wdnx25blqihbgaa0hzd39mjqwki92ambar097hjfmlrxg1s4lk7"; 40 + } 41 + ) 42 + ); 32 43 }; 33 44 users.groups.nas.gid = 1001; 34 - # I manage my home with home-manager 35 - # Don't store packages in ~/.nix-profile, use /etc/profiles so we can build-vm 36 - home-manager.useUserPackages = true; 37 - # No more NIX_PATH, use system pkgs 38 - home-manager.useGlobalPkgs = true; 39 - 40 - home-manager.users.noah = import ./home.nix; 41 45 }