This commit is contained in:
SeanOMik 2024-05-05 14:53:09 -04:00
parent 9555f1115c
commit 57807f31e5
Signed by: SeanOMik
GPG Key ID: FEC9E2FC15235964
72 changed files with 845 additions and 1899 deletions

3
.gitignore vendored
View File

@ -1,3 +1,2 @@
sensitives/*
configuration.nix
hardware-configuration.nix
!sensitives/.gitkeep

0
LICENSE Executable file → Normal file
View File

17
common.nix Executable file → Normal file
View File

@ -1,6 +1,6 @@
{ pkgs, home-manager, unstable, ... }:
{
system.stateVersion = "22.11";
system.stateVersion = "23.11";
system.autoUpgrade.enable = true;
home-manager.useGlobalPkgs = true;
@ -9,9 +9,11 @@
time = {
timeZone = "America/New_York";
hardwareClockInLocalTime = true;
hardwareClockInLocalTime = false;
};
systemd.services.NetworkManager-wait-online.enable = pkgs.lib.mkForce false;
i18n.defaultLocale = "en_US.UTF-8";
nix.extraOptions = ''
@ -24,11 +26,16 @@
];
age.secrets.serverwg-priv.file = ./secrets/serverwg-priv.age;
age.secrets.vpnboxwg-priv.file = ./secrets/vpnboxwg-priv.age;
# age.secrets.lab-ip.file = ./secrets/lab-ip.age;
nixpkgs.overlays = [
(import "${builtins.fetchTarball { url="https://github.com/vlaci/openconnect-sso/archive/master.tar.gz"; sha256="sha256:04kwar7cxz7399bwlka6raqwq5jd27khkjdxk11k08846bkjckx5"; } }/overlay.nix")
];
# nixpkgs.overlays = [
# (import "${builtins.fetchTarball { url="https://github.com/vlaci/openconnect-sso/archive/master.tar.gz"; sha256="sha256:04kwar7cxz7399bwlka6raqwq5jd27khkjdxk11k08846bkjckx5"; } }/overlay.nix")
# ];
boot.supportedFilesystems = [ "ntfs" ];
imports = [
./options.nix
];
}

File diff suppressed because it is too large Load Diff

283
flake.lock Executable file → Normal file
View File

@ -2,14 +2,17 @@
"nodes": {
"agenix": {
"inputs": {
"nixpkgs": "nixpkgs"
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"locked": {
"lastModified": 1673301561,
"narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=",
"lastModified": 1712079060,
"narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=",
"owner": "ryantm",
"repo": "agenix",
"rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68",
"rev": "1381a759b205dff7a6818733118d02253340fd5e",
"type": "github"
},
"original": {
@ -18,35 +21,113 @@
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1622445595,
"narHash": "sha256-m+JRe6Wc5OZ/mKw2bB3+Tl0ZbtyxxxfnAWln8Q5qs+Y=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "7d706970d94bc5559077eb1a6600afddcd25a7c8",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
],
"utils": "utils"
]
},
"locked": {
"lastModified": 1672244468,
"narHash": "sha256-xaZb8AZqoXRCSqPusCk4ouf+fUNP8UJdafmMTF1Ltlw=",
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "89a8ba0b5b43b3350ff2e3ef37b66736b2ef8706",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-22.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1712386041,
"narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"openconnect-sso",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703863825,
"narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "5163432afc817cf8bd1f031418d1869e4c9d5547",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1665732960,
"narHash": "sha256-WBZ+uSHKFyjvd0w4inbm0cNExYTn8lpYFcHEes8tmec=",
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4428e23312933a196724da2df7ab78eb5e67a88e",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
@ -58,35 +139,180 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1673704454,
"narHash": "sha256-5Wdj1MgdOgn3+dMFIBtg+IAYZApjF8JzwLWDPieg0C4=",
"lastModified": 1713725259,
"narHash": "sha256-9ZR/Rbx5/Z/JZf5ehVNMoz/s5xjpP0a22tL6qNvLt5E=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a83ed85c14fcf242653df6f4b0974b7e1c73c6c6",
"rev": "a5e4bbcb4780c63c79c87d29ea409abf097de3f7",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"locked": {
"lastModified": 1713903158,
"narHash": "sha256-dWOrSgYhyuwLcJHa+/VU05i0Qg64TaGXdFJDgXtGELs=",
"owner": "nix-community",
"repo": "NUR",
"rev": "01e811e23bec13e9ecaed7d64ebbee56c8df9d93",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"openconnect-sso": {
"inputs": {
"flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs"
],
"poetry2nix": "poetry2nix",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1701455376,
"narHash": "sha256-FMLrMdi6JY7ZfqV5XnNj64jnDcGKznKZLn7O6OMO3u0=",
"owner": "ThinkChaos",
"repo": "openconnect-sso",
"rev": "20c0015c4264c72cc19ac272de0dc534309bd21b",
"type": "github"
},
"original": {
"owner": "ThinkChaos",
"ref": "fix/nix-flake",
"repo": "openconnect-sso",
"type": "github"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": [
"openconnect-sso",
"flake-utils"
],
"nix-github-actions": [
"openconnect-sso",
"nix-github-actions"
],
"nixpkgs": [
"openconnect-sso",
"nixpkgs"
],
"systems": [
"openconnect-sso",
"systems"
],
"treefmt-nix": [
"openconnect-sso",
"treefmt-nix"
]
},
"locked": {
"lastModified": 1714113962,
"narHash": "sha256-7nVz2XUgVtnTQIYcuuqdLjZL8ifb7W8jciT+Szsx920=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "9245811b58905453033f1ef551f516cbee71c42c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_2",
"nur": "nur",
"openconnect-sso": "openconnect-sso",
"sensitives": "sensitives",
"unstable": "unstable"
}
},
"sensitives": {
"flake": false,
"locked": {
"lastModified": 1713547745,
"narHash": "sha256-/5Mi03yx16RBz6cxkUak7a4/zdgChvHCRPdBommGKwI=",
"path": "/etc/nixos/sensitives",
"type": "path"
},
"original": {
"path": "/etc/nixos/sensitives",
"type": "path"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"openconnect-sso",
"nixpkgs"
]
},
"locked": {
"lastModified": 1714058656,
"narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"unstable": {
"locked": {
"lastModified": 1673631141,
"narHash": "sha256-AprpYQ5JvLS4wQG/ghm2UriZ9QZXvAwh1HlgA/6ZEVQ=",
"lastModified": 1713714899,
"narHash": "sha256-+z/XjO3QJs5rLE5UOf015gdVauVRQd2vZtsFkaXBq2Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "befc83905c965adfd33e5cae49acb0351f6e0404",
"rev": "6143fc5eeb9c4f00163267708e26191d1e918932",
"type": "github"
},
"original": {
@ -95,21 +321,6 @@
"repo": "nixpkgs",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",

67
flake.nix Executable file → Normal file
View File

@ -2,17 +2,34 @@
description = "NixOS configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
unstable.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager/release-22.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix.url = "github:ryantm/agenix";
sensitives = {
url = "path:/etc/nixos/sensitives";
flake = false;
};
nur = {
url = "github:nix-community/NUR";
inputs.nixpkgs.follows = "nixpkgs";
};
openconnect-sso = {
url = "github:ThinkChaos/openconnect-sso/fix/nix-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs@{ nixpkgs, unstable, home-manager, agenix, ... }:
outputs = inputs@{ nixpkgs, unstable, home-manager, agenix, sensitives, nur, openconnect-sso, ... }:
let
system = "x86_64-linux";
in
@ -21,26 +38,48 @@
let
# Inject unstable for inputs for modules
defaults = { pkgs, ... }: {
_module.args.unstable = import inputs.unstable {
inherit (pkgs.stdenv.targetPlatform) system;
config.allowUnfree = true;
_module.args = {
inherit sensitives;
unstable = import inputs.unstable {
inherit (pkgs.stdenv.targetPlatform) system;
config.allowUnfree = true;
};
};
};
in {
smallinux = nixpkgs.lib.nixosSystem {
artemis = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
defaults
home-manager.nixosModules.home-manager
agenix.nixosModule
({ config, lib, sensitives, ... }:
{
config.wireguard.lab.remote = lib.fileContents "${sensitives}/homeip";
})
{
networking.hostName = "smallinux";
environment.systemPackages = [
inputs.openconnect-sso.packages.x86_64-linux.default
];
nixpkgs.overlays = [
# add nur overlay for Firefox addons
nur.overlay
# (import "${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix")
];
}
defaults
home-manager.nixosModules.home-manager
agenix.nixosModules.default
{
networking.hostName = "artemis";
networking.networkmanager.enable = true;
environment.systemPackages = [ agenix.packages.x86_64-linux.default ];
}
./common.nix
./hosts/smallinux.nix
./hosts/artemis
];
};
xps15 = nixpkgs.lib.nixosSystem {
@ -49,7 +88,7 @@
modules = [
defaults
home-manager.nixosModules.home-manager
agenix.nixosModule
agenix.nixosModules.default
{
networking.hostName = "xps15";

View File

@ -0,0 +1,32 @@
{ pkgs, ... }:
{
home = let
pluginRepoPlugin = pkgs.fetchurl {
url = "https://betterdiscord.app/Download?id=200";
hash = "sha256-gOo7q/N8B2SEXrVfAgQ4EUewv69bZ4guc8BR1X0xOZY=";
};
fetchPlugin = { id, hash }:
pkgs.fetchurl {
url = "https://betterdiscord.app/Download?id=" + id;
inherit hash;
};
in {
# file.".local/share/nemo/actions/vscode.nemo_action".source = ../vscode.nemo_action;
file.".config/BetterDiscord/plugins/PluginRepo.plugin.js".source = fetchPlugin {
id = "200";
hash = "sha256-gOo7q/N8B2SEXrVfAgQ4EUewv69bZ4guc8BR1X0xOZY=";
};
# activation = {
# downloadBetterDiscordPlugins = {
# after = [ "writeBoundary" ];
# before = [ ];
# data = ''
# ${pkgs.curl}/bin/curl "https://betterdiscord.app/Download?id=200" -o
# '';
# };
# };
};
}

1
home/emulators.nix Executable file → Normal file
View File

@ -3,5 +3,6 @@
home.packages = with pkgs; [
rpcs3
citra
yuzu-mainline
];
}

94
home/firefox.nix Normal file
View File

@ -0,0 +1,94 @@
{ pkgs, ... }:
{
programs.firefox = {
enable = true;
# Install extensions from NUR
extensions = with pkgs.nur.repos.rycee.firefox-addons; [
ublock-origin
facebook-container
clearurls
bitwarden
sponsorblock
enhancer-for-youtube
return-youtube-dislikes
tab-session-manager
darkreader
tampermonkey
to-google-translate
h264ify
betterttv
];
# Privacy about:config settings
profiles.seanomik = {
search = {
force = true;
default = "DuckDuckGo";
order = [ "DuckDuckGo" "Google" ];
engines = {
"Amazon.com".metaData.alias = "@a";
"Bing".metaData.hidden = true;
"eBay".metaData.hidden = true;
"Google".metaData.alias = "@g";
"Wikipedia (en)".metaData.alias = "@w";
"GitHub" = {
urls = [{
template = "https://github.com/search";
params = [
{ name = "q"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.fetchurl {
url = "https://github.githubassets.com/favicons/favicon.svg";
sha256 = "sha256-apV3zU9/prdb3hAlr4W5ROndE4g3O1XMum6fgKwurmA=";
}}";
definedAliases = [ "@gh" ];
};
"Nix Packages" = {
urls = [{
template = "https://search.nixos.org/packages";
params = [
{ name = "channel"; value = "unstable"; }
{ name = "query"; value = "{searchTerms}"; }
];
}];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = [ "@np" ];
};
};
};
settings = {
"browser.toolbars.bookmarks.visibility" = "always";
# Disable telemetry
"browser.newtabpage.activity-stream.feeds.telemetry" = false;
"browser.ping-centre.telemetry" = false;
"browser.tabs.crashReporting.sendReport" = false;
"devtools.onboarding.telemetry.logged" = false;
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.server" = "";
# Disable Pocket
"browser.newtabpage.activity-stream.feeds.discoverystreamfeed" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"extensions.pocket.enabled" = false;
"media.autoplay.enabled" = false;
"privacy.firstparty.isolate" = true;
"network.http.sendRefererHeader" = 0;
};
};
};
}

37
home/fish.nix Normal file
View File

@ -0,0 +1,37 @@
{ pkgs, ... }:
{
home = {
packages = with pkgs; [
meslo-lgs-nf
];
};
programs.fish = {
enable = true;
shellInit = ''
set -x GPG_TTY (tty)
set -x SSH_AUTH_SOCK (gpgconf --list-dirs agent-ssh-socket)
gpgconf --launch gpg-agent
# ctrl-del for deleting word
bind [3\;5~ kill-word
'';
shellAliases = {
cd = "z";
};
};
programs.starship = {
enable = true;
};
programs.fzf = {
enable = true;
};
programs.zoxide = {
enable = true;
};
}

0
home/omz-zsh.nix Executable file → Normal file
View File

2
home/programs/alacritty.nix Executable file → Normal file
View File

@ -8,7 +8,7 @@
columns = 88;
};
font.normal.family = "MesloLGS NF";
#shell.program = "/bin/zsh";
# shell.program = "/b";
};
};

0
home/programs/default.nix Executable file → Normal file
View File

13
home/root/default.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, home-manager, unstable, config, ... }:
{
home-manager.users.root = { pkgs, ... }: {
home.stateVersion = "23.11";
programs.vim = {
enable = true;
settings = {
mouse = "v";
};
};
};
}

144
home/seanomik/default.nix Executable file → Normal file
View File

@ -1,4 +1,4 @@
{ pkgs, home-manager, unstable, ... }:
{ pkgs, home-manager, unstable, config, SystemConfiguration, ... }:
{
imports = [
./wireguard.nix
@ -7,7 +7,8 @@
users.users.seanomik = {
isNormalUser = true;
extraGroups = [ "wheel" "openrazer" "plugdev" "docker" ];
shell = pkgs.fish;
extraGroups = [ "wheel" "openrazer" "plugdev" "docker" "networkmanager" "libvirtd" ];
initialPassword = "pw123";
};
@ -15,61 +16,89 @@
gcc clang
];
networking.wireguard.enable = true;
services.mullvad-vpn.enable = true;
# networking.wireguard.enable = true;
# services.mullvad-vpn.enable = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
#dedicatedServer.openFirewall = true;
};
system.activationScripts.installBetterDiscord =
''
nix run nixpkgs#betterdiscordctl install || true
'';
home-manager.users.seanomik = { pkgs, ... }: {
home.stateVersion = "22.11";
home.stateVersion = "23.11";
imports = [
./gnome-dconf.nix
../omz-zsh.nix # oh-my-zsh zsh config
../programs
../fish.nix
# ../firefox.nix
../emulators.nix
../vscode.nix
# ../vscode-fhs.nix
../vscode-fhs.nix
../betterdiscord-plugins.nix
];
# Add open-in-vscode button to nemo
home = {
file.".local/share/nemo/actions/vscode.nemo_action".source = ../vscode.nemo_action;
# activation = {
# afterWriteBoundary = {
# after = [ "writeBoundary" ];
# before = [ ];
# data = ''
# find ~/.vscode/extensions/ | while read -r path
# do
# $DRY_RUN_CMD chmod --recursive +w \
# "$(readlink --canonicalize "$path")"
# done
# '';
# };
# };
activation = {
installBetterDiscord = {
after = [ "writeBoundary" ];
before = [ ];
data = ''
${pkgs.betterdiscordctl}/bin/betterdiscordctl install > /tmp/betterdiscord-install.txt || true
'';
};
defaultApplications = {
after = [ "writeBoundary" ];
before = [ ];
data = ''
${pkgs.xdg-utils}/bin/xdg-mime default nemo.desktop inode/directory
${pkgs.glib}/bin/gsettings set org.gnome.desktop.default-applications.terminal exec alacritty
'';
};
};
};
# home.programs.git = {
# enable = true;
# userName = "SeanOMik";
# userEmail = "seanomik@gmail.com";
# };
programs.vim = {
enable = true;
settings = {
mouse = "v";
};
};
# pkgs.overlays = [
# (import "${builtins.fetchTarball { url="https://github.com/vlaci/openconnect-sso/archive/master.tar.gz"; sha256="sha256:04kwar7cxz7399bwlka6raqwq5jd27khkjdxk11k08846bkjckx5"; } }/overlay.nix")
# ];
programs.git = {
enable = true;
userName = "SeanOMik";
userEmail = "seanomik@gmail.com";
signing = {
signByDefault = true;
key = "BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD";
};
aliases = {
lg1 = "log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold green)(%ar)%C(reset) %C(white)%s%C(reset) %C(dim white)- %an%C(reset)%C(auto)%d%C(reset)' --all";
lg2 = "log --graph --abbrev-commit --decorate --format=format:'%C(bold blue)%h%C(reset) - %C(bold cyan)%aD%C(reset) %C(bold green)(%ar)%C(reset)%C(auto)%d%C(reset)%n'' %C(white)%s%C(reset) %C(dim white)- %an%C(reset)'";
lg = "lg1";
s = "status";
};
extraConfig = {
core.editor = "${pkgs.vim}/bin/vim";
init.defaultBranch = "main";
};
};
programs.direnv = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
# readOnly but defaults to true
# enableFishIntegration = true;
};
home.packages = let
# pkgs.overlays = [
@ -78,48 +107,67 @@
# openconnectOverlay = import "${builtins.fetchTarball https://github.com/vlaci/openconnect-sso/archive/master.tar.gz}/overlay.nix";
# pkgss = import <nixpkgs> { overlays = [ openconnectOverlay ]; };
in with pkgs; [
# with pkgss; [
(callPackage ../../modules/applications/discord.nix { })
zip
unzip
rar
minio-client
retroarch
openconnect-sso
# openconnect-sso
vlc
lutris
valgrind
protontricks
# unstable.polymc
# (callPackage ../../modules/pkgs/polymc.nix { })
# polymc
prismlauncher
minecraft
zoom-us
mullvad-vpn
flameshot
obs-studio
#vscode
qbittorrent
okular
libreoffice-fresh-unwrapped
libreoffice
betterdiscordctl
gimp
blender
slack
google-chrome
(callPackage ../../modules/pkgs/upwork.nix { inherit runCommandLocal; })
(libsForQt5.callPackage ../../modules/pkgs/jellyfin-media-player.nix { })
(callPackage ../../modules/pkgs/ytmdesktop.nix { })
jetbrains.idea-community
# (callPackage ../../modules/pkgs/upwork.nix { inherit runCommandLocal; })
# (libsForQt5.callPackage ../../modules/pkgs/jellyfin-media-player.nix { })
# (callPackage ../../modules/pkgs/ytmdesktop.nix { })
# jetbrains.idea-community
renderdoc
virt-manager
hexchat
kdenlive
aria2
github-desktop
direnv
cargo-flamegraph
protonup-qt
unstable.trilium-desktop
ouch
zoxide
fzf
plex-media-player
plexamp
chiaki
tracy
helvum
audacity
gittyup
lapce
yubikey-manager
yubikey-manager-qt
yubikey-touch-detector
yubikey-personalization-gui
unstable.protonvpn-gui
unstable.networkmanagerapplet
unstable.gnome.networkmanager-openvpn
# zed.dev whenever its linux support is better
openconnect
go-task
];
};
}

0
home/seanomik/gnome-dconf.nix Executable file → Normal file
View File

15
home/seanomik/k8s-tools.nix Executable file → Normal file
View File

@ -3,4 +3,19 @@
home-manager.users.seanomik.home.packages = with pkgs; [
kubectl kubernetes-helm kustomize fluxcd kustomize-sops sops
];
home-manager.users.seanomik.home = {
sessionVariables = {
KUBE_EDITOR = "vim";
EDITOR = "vim";
};
shellAliases = {
k = "kubectl";
kg = "kubectl get";
kgpo = "kubectl get pod";
krm = "kubectl delete";
kgwf = "kubectl get --watch -f";
kn = "kubectl config set-context --current --namespace";
};
};
}

42
home/seanomik/wireguard.nix Executable file → Normal file
View File

@ -1,30 +1,32 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
{
networking.wireguard.interfaces =
let
homeip = builtins.readFile ../../sensitives/homeip;
# homeip = lib.fileContents config.age.secrets.lab-ip.path;
# homeip = lib.fileContents ../../sensitives/homeip;
homeip = config.wireguard.lab.remote;
in {
server = {
ips = [ "10.0.0.2/32" ];
listenPort = 2751;
# server = {
# ips = [ "10.0.0.2/32" ];
# listenPort = 2751;
#
# privateKeyFile = config.age.secrets.serverwg-priv.path;
#
# peers = [
# {
# publicKey = "Lk+EHt6+6HPUeXigdBTbv/j4yAcs2MyGumbgrOD5WTA=";
# allowedIPs = [ "10.0.0.1/32" ];
# endpoint = homeip + ":2751";
# persistentKeepalive = 25;
# }
# ];
# };
privateKeyFile = config.age.secrets.serverwg-priv.path;
peers = [
{
publicKey = "Lk+EHt6+6HPUeXigdBTbv/j4yAcs2MyGumbgrOD5WTA=";
allowedIPs = [ "10.0.0.1/32" ];
endpoint = homeip + ":2751";
persistentKeepalive = 25;
}
];
};
vpnbox = {
ips = [ "10.0.1.4/32" ];
lab = {
ips = [ config.wireguard.lab.ip ];
listenPort = 2752;
privateKeyFile = config.age.secrets.vpnboxwg-priv.path;
privateKeyFile = config.wireguard.lab.privateKeyFile; #config.age.secrets.vpnboxwg-priv.path;
peers = [
{

0
home/vscode-fhs.nix Executable file → Normal file
View File

0
home/vscode.nix Executable file → Normal file
View File

10
home/yubikey-ssh.nix Executable file → Normal file
View File

@ -4,11 +4,11 @@
# Depending on the details of your configuration, this section might be necessary or not;
# feel free to experiment
environment.shellInit = ''
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
'';
# environment.shellInit = ''
# export GPG_TTY="$(tty)"
# gpg-connect-agent /bye
# export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# '';
programs.gnupg.agent = {
enable = true;

66
hosts/artemis/default.nix Normal file
View File

@ -0,0 +1,66 @@
{ pkgs, nixpkgs-unstable, home-manager, ... }:
{
# Mount the data drive
fileSystems."/media/data_drive" = {
device = "/dev/disk/by-uuid/93861f2f-b63c-4201-8ae2-a533edd1c064";
fsType = "btrfs";
};
fileSystems."/media/windows_disk" = {
device = "/dev/disk/by-uuid/F4AAF639AAF5F846";
fsType = "ntfs3";
options = [ "rw" "uid=1000"];
};
services.openssh.enable = true;
# Other modules
imports = [
({ config, ...}: {
config.wireguard = {
lab = {
ip = "10.0.1.4/32";
privateKeyFile = config.age.secrets.vpnboxwg-priv.path;
};
};
})
./hardware-configuration.nix
../../modules/boot/plymouth.nix
../../modules/boot/efi-grub.nix
# ../../modules/kernel/lqx.nix
../../modules/kernel/linux.nix
# Hardware stuff
../../modules/hardware/nvidia.nix
../../modules/hardware/xone.nix
../../modules/hardware/razer.nix
../../modules/audio/pipewire.nix
# Desktop stuff
../../modules/fonts
../../modules/desktop/gnome.nix
../../modules/desktop_manager/gdm.nix
../../modules/virtualisation
../../modules/flatpak
# Applications
../../modules/cli-tools.nix
../../modules/applications
# Development
../../modules/development
../../modules/switch-udev.nix
# ssh
../../modules/ssh/yubikey.nix
# Per-user stuff
../../home/seanomik
../../home/root
];
}

View File

@ -0,0 +1,40 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "uas" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f4daaf6a-d296-4c4d-9964-df1322e8be0c";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/00B9-9EF5";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/4a48d6cb-b87d-4bb0-b342-cc3fccdddc9e"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

0
hosts/default.nix Executable file → Normal file
View File

View File

@ -1,55 +0,0 @@
{ pkgs, nixpkgs-unstable, home-manager, ... }:
{
# Mount the data drive
fileSystems."/mnt/data_drive" = {
device = "/dev/disk/by-uuid/93861f2f-b63c-4201-8ae2-a533edd1c064";
fsType = "btrfs";
};
fileSystems."/mnt/windows_disk" = {
device = "/dev/disk/by-uuid/3402E4B102E4796E";
fsType = "ntfs3";
options = [ "rw" "uid=1000"];
};
services.openssh.enable = true;
# Other modules
imports = [
../hardware-configuration.nix
../modules/boot/plymouth.nix
../modules/boot/efi-grub.nix
../modules/kernel/lqx.nix
# Hardware stuff
../modules/hardware/nvidia.nix
../modules/hardware/xone.nix
../modules/hardware/razer.nix
../modules/audio/pipewire.nix
# Desktop stuff
../modules/fonts
../modules/desktop/gnome.nix
../modules/desktop_manager/gdm.nix
../modules/virtualisation
../modules/flatpak
# Applications
../modules/cli-tools.nix
../modules/applications
# Development
../modules/development
../modules/switch-udev.nix
# ssh
../modules/ssh/yubikey.nix
# Per-user stuff
../home/seanomik
];
}

0
hosts/xps15.nix Executable file → Normal file
View File

3
modules/applications/default.nix Executable file → Normal file
View File

@ -2,7 +2,8 @@
{
imports = [
./firefox.nix
./zsh.nix
# ./zsh.nix
./fish.nix
./git.nix
./yubikey.nix
./java.nix

0
modules/applications/discord.nix Executable file → Normal file
View File

0
modules/applications/docker.nix Executable file → Normal file
View File

0
modules/applications/firefox.nix Executable file → Normal file
View File

View File

@ -0,0 +1,4 @@
{ pkgs, ... }:
{
programs.fish.enable = true;
}

0
modules/applications/git.nix Executable file → Normal file
View File

0
modules/applications/hashicorp.nix Executable file → Normal file
View File

0
modules/applications/java.nix Executable file → Normal file
View File

0
modules/applications/wine.nix Executable file → Normal file
View File

2
modules/applications/yubikey.nix Executable file → Normal file
View File

@ -3,6 +3,6 @@
services.pcscd.enable = true;
environment.systemPackages = with pkgs; [
yubioath-desktop
yubioath-flutter
];
}

0
modules/applications/zsh.nix Executable file → Normal file
View File

0
modules/audio/pipewire.nix Executable file → Normal file
View File

0
modules/audio/pulseaudio.nix Executable file → Normal file
View File

1
modules/boot/efi-grub.nix Executable file → Normal file
View File

@ -1,7 +1,6 @@
{pkgs, ... }:
{
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
boot.loader.grub.useOSProber = true;

0
modules/boot/plymouth.nix Executable file → Normal file
View File

0
modules/cli-tools.nix Executable file → Normal file
View File

0
modules/default.nix Executable file → Normal file
View File

4
modules/desktop/gnome.nix Executable file → Normal file
View File

@ -35,10 +35,12 @@
# Gnome extensions
gnomeExtensions.appindicator
gnomeExtensions.dash-to-dock
# gnomeExtensions.dash-to-dock-for-cosmic
gnomeExtensions.tray-icons-reloaded
gnome.gnome-tweaks
gnome.gnome-settings-daemon
gnome.gnome-keyring
gnome.gnome-settings-daemon
dconf
# qtstyleplugin-kvantum-qt4
libsForQt5.qtstyleplugin-kvantum

3
modules/desktop_manager/gdm.nix Executable file → Normal file
View File

@ -1,6 +1,9 @@
{ pkgs, ... }:
{
services.xserver.enable = true;
services.xserver.excludePackages = [
pkgs.xterm
];
services.xserver.displayManager.gdm = {
enable = true;
wayland = false; # ew, its something new (gaming performance, screensharing, alacritty).

0
modules/development/c-cpp.nix Executable file → Normal file
View File

3
modules/development/default.nix Executable file → Normal file
View File

@ -5,8 +5,7 @@
lldb
clang-tools
(callPackage ./lldb-mi/default.nix { })
# (callPackage ../pkgs/lldb-mi.nix { })
# (callPackage ./lldb-mi/default.nix { })
];
imports = [

0
modules/development/javascript.nix Executable file → Normal file
View File

View File

@ -39,7 +39,7 @@ in stdenv.mkDerivation rec {
meta = with lib; {
description = "LLDB's machine interface driver.";
homepage = "https://github.com/lldb-tools/lldb-mi";
license = licenses.llvm-exception;
license = licenses.asl20-llvm;
platforms = platforms.unix;
maintainers = with maintainers; [ seanomik ];
};

0
modules/development/rust.nix Executable file → Normal file
View File

0
modules/flatpak/default.nix Executable file → Normal file
View File

2
modules/fonts/default.nix Executable file → Normal file
View File

@ -1,6 +1,6 @@
{pkgs, ... }:
{
fonts.fonts = with pkgs; [
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk
noto-fonts-emoji

Binary file not shown.

View File

@ -1,17 +0,0 @@
diff b/src/vulkan/device-select-layer/device_select_layer.c a/src/vulkan/device-select-layer/device_select_layer.c
--- b/src/vulkan/device-select-layer/device_select_layer.c
+++ a/src/vulkan/device-select-layer/device_select_layer.c
@@ -454,12 +454,8 @@
exit(0);
} else {
unsigned selected_index = get_default_device(info, selection, physical_device_count, physical_devices);
- selected_physical_device_count = physical_device_count;
+ selected_physical_device_count = 1;
selected_physical_devices[0] = physical_devices[selected_index];
- for (unsigned i = 0; i < physical_device_count - 1; ++i) {
- unsigned this_idx = i < selected_index ? i : i + 1;
- selected_physical_devices[i + 1] = physical_devices[this_idx];
- }
}
if (selected_physical_device_count == 0) {

2
modules/hardware/nvidia-prime.nix Executable file → Normal file
View File

@ -1,4 +1,4 @@
{ pkgs, ... }:
{ pkgs, lib, ... }:
let
nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" ''

31
modules/hardware/nvidia.nix Executable file → Normal file
View File

@ -6,37 +6,6 @@
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
# This enables vulkan layers
# hardware = {
# opengl =
# let
# fn = oa: {
# nativeBuildInputs = oa.nativeBuildInputs ++ [ pkgs.glslang ];
# mesonFlags = oa.mesonFlags ++ [ "-Dvulkan-layers=device-select,overlay" ];
# patches = oa.patches ++ [ ./mesa-vulkan-layer-nvidia.patch ];
# postInstall = oa.postInstall + ''
# mv $out/lib/libVkLayer* $drivers/lib
#Device Select layer
# layer=VkLayer_MESA_device_select
# substituteInPlace $drivers/share/vulkan/implicit_layer.d/''${layer}.json \
# --replace "lib''${layer}" "$drivers/lib/lib''${layer}"
#Overlay layer
# layer=VkLayer_MESA_overlay
# substituteInPlace $drivers/share/vulkan/explicit_layer.d/''${layer}.json \
# --replace "lib''${layer}" "$drivers/lib/lib''${layer}"
# '';
# };
# in
# with pkgs; {
# enable = true;
# driSupport32Bit = true;
# package = (mesa.overrideAttrs fn).drivers;
# package32 = (pkgsi686Linux.mesa.overrideAttrs fn).drivers;
# };
# };
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
}

0
modules/hardware/razer.nix Executable file → Normal file
View File

10
modules/hardware/xone.nix Executable file → Normal file
View File

@ -1,4 +1,10 @@
{ pkgs, ... }:
{ pkgs, unstable, config, ... }:
{
hardware.xone.enable = true;
boot = {
blacklistedKernelModules = [ "xpad" "mt76x2u" ];
# extraModulePackages = with unstable.linuxPackages_latest; [ xone ];
extraModulePackages = with config.boot.kernelPackages; [ xone ];
};
#hardware.firmware = [ unstable.xow_dongle-firmware ];
hardware.firmware = with unstable; [ xow_dongle-firmware ];
}

4
modules/kernel/linux.nix Normal file
View File

@ -0,0 +1,4 @@
{ pkgs, unstable, ... }:
{
boot.kernelPackages = unstable.linuxPackages_latest;
}

0
modules/kernel/lqx.nix Executable file → Normal file
View File

0
modules/pkgs/clangd.nix Executable file → Normal file
View File

0
modules/pkgs/ftb-app.nix Executable file → Normal file
View File

0
modules/pkgs/lldb-mi.nix Executable file → Normal file
View File

33
modules/pkgs/ouch.nix Normal file
View File

@ -0,0 +1,33 @@
{ lib
, rustPlatform
, fetchCrate
, stdenv
, darwin
}:
rustPlatform.buildRustPackage rec {
pname = "ouch";
version = "0.5.1";
src = fetchCrate {
inherit pname version;
hash = "sha256-5peaWpXf1I6uKNlZkt/Y81DAKPOcvnQHXJZJ7+OTXhU=";
};
cargoHash = "sha256-OdAu7fStTJCF1JGJG9TRE1Qosy6yjKsWq01MYpbXZcg=";
buildInputs = lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.Security
];
# some examples fail to compile
#cargoTestFlags = [ "--tests" ];
meta = with lib; {
description = "Painless compression and decompression in the terminal";
homepage = "https://github.com/ouch-org/ouch";
changelog = "https://github.com/ouch-org/ouch/releases/tag/${version}";
license = licenses.mit;
maintainers = with maintainers; [ seanomik ];
};
}

0
modules/pkgs/upwork.nix Executable file → Normal file
View File

10
modules/ssh/yubikey.nix Executable file → Normal file
View File

@ -6,11 +6,11 @@
# Depending on the details of your configuration, this section might be necessary or not;
# feel free to experiment
environment.shellInit = ''
export GPG_TTY="$(tty)"
gpg-connect-agent /bye
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
'';
# environment.shellInit = ''
# export GPG_TTY="$(tty)"
# gpg-connect-agent /bye
# export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# '';
programs.gnupg.agent = {
enable = true;

0
modules/switch-udev.nix Executable file → Normal file
View File

20
modules/virtualisation/default.nix Executable file → Normal file
View File

@ -1,7 +1,23 @@
{pkgs, ... }:
{ pkgs, ... }:
{
virtualisation.libvirtd.enable = true;
virtualisation.libvirtd = {
enable = true;
qemu = {
package = pkgs.qemu_kvm;
runAsRoot = true;
swtpm.enable = true;
ovmf = {
enable = true;
packages = [(pkgs.OVMF.override {
secureBoot = true;
tpmSupport = true;
}).fd];
};
};
};
virtualisation.spiceUSBRedirection.enable = true;
boot.kernelModules = [ "kvm-amd" ];
environment.systemPackages = with pkgs; [
spice-gtk

25
options.nix Normal file
View File

@ -0,0 +1,25 @@
{ lib, ... }:
{
options = {
wireguard = {
# remote = lib.mkOption {
# type = lib.types.str;
# };
lab = {
remote = lib.mkOption {
type = lib.types.str;
};
ip = lib.mkOption {
type = lib.types.str;
# default = { };
};
privateKeyFile = lib.mkOption {
type = lib.types.path;
};
};
};
};
}

0
secrets/secrets.nix Executable file → Normal file
View File

BIN
secrets/vpnboxwg-priv.age Executable file → Normal file

Binary file not shown.

0
sensitives/.gitkeep Normal file
View File