diff --git a/.gitignore b/.gitignore index 0aa347c..44cc532 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ .mozilla **/*.tmp.sops.yaml -result \ No newline at end of file +result diff --git a/flake.nix b/flake.nix index d2b216e..ab0caed 100644 --- a/flake.nix +++ b/flake.nix @@ -17,12 +17,14 @@ url = "github:nix-community/nix-vscode-extensions"; inputs.nixpkgs.follows = "nixpkgs"; }; - }; - outputs = { self, nixpkgs, sops-nix, ... }@inputs: - with inputs; - { - + outputs = { + self, + nixpkgs, + sops-nix, + ... + } @ inputs: + with inputs; { # Use nixpkgs-fmt for 'nix fmt' formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; @@ -33,12 +35,11 @@ (x: { name = x; value = nixpkgs.lib.nixosSystem { - # Make inputs and the flake itself accessible as module parameters. # Technically, adding the inputs is redundant as they can be also # accessed with flake-self.inputs.X, but adding them individually # allows to only pass what is needed to each module. - specialArgs = { flake-self = self; } // inputs; + specialArgs = {flake-self = self;} // inputs; system = "x86_64-linux"; diff --git a/iso/iso.nix b/iso/iso.nix index fbe3680..96c4752 100644 --- a/iso/iso.nix +++ b/iso/iso.nix @@ -1,5 +1,8 @@ -{ config, pkgs, ... }: { + config, + pkgs, + ... +}: { imports = [ @@ -15,12 +18,10 @@ pkgs.vim pkgs.git pkgs.dnsutils - ]; - systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ]; + systemd.services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"]; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home" ]; - } diff --git a/nixos/home-manager/.gitkeep b/nixos/home-manager/.gitkeep index 81d3fab..931d5d3 100644 --- a/nixos/home-manager/.gitkeep +++ b/nixos/home-manager/.gitkeep @@ -1,4 +1,4 @@ -My home infrastructure, +My home infrastructure, ![](https://imgur.com/ISNnzgN.png) @@ -23,7 +23,7 @@ My home infrastructure, - [work_laptop](hosts/work_laptop/README.md) (nix-darwin running on a MacBook Pro) - [modules](modules) (Custom NixOS and home-manager modules) - [overlays](overlays) (Custom overlays, primarily used for packages currently) - - [pkgs](pkgs) (Custom Packages, mainly items not yet in official nixpkgs) + - [pkgs](pkgs) (Custom Packages, mainly items not yet in official nixpkgs) - [shell.nix](shell.nix) (Shell for bootstrapping flake-enabled nix and home-manager) - [nixpkgs.nix](nixpkgs.nix) (Used by shell.nix - useful to avoid using channels when using legacy nix commands) diff --git a/nixos/hosts/bootstrap/configuration.nix b/nixos/hosts/bootstrap/configuration.nix index b69a308..7d66a13 100644 --- a/nixos/hosts/bootstrap/configuration.nix +++ b/nixos/hosts/bootstrap/configuration.nix @@ -1,16 +1,16 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ config, lib, pkgs, ... }: - { - imports = - [ - # Host-specific - ./hardware-configuration.nix - - ]; + config, + lib, + pkgs, + ... +}: { + imports = [ + # Host-specific + ./hardware-configuration.nix + ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -63,7 +63,6 @@ ]; }; - # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ @@ -88,7 +87,6 @@ }; }; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; @@ -104,7 +102,7 @@ services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home" ]; # may fix issues with network service failing during a nixos-rebuild @@ -139,6 +137,4 @@ # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; # Did you read the comment? - } - diff --git a/nixos/hosts/common/nixos/default.nix b/nixos/hosts/common/nixos/default.nix index 55bc781..fbbca2a 100644 --- a/nixos/hosts/common/nixos/default.nix +++ b/nixos/hosts/common/nixos/default.nix @@ -1,12 +1,20 @@ -{ inputs, outputs, config, sops-nix, ... }: { - imports = [ - # inputs.home-manager.nixosModules.home-manager - #inputs.sops-nix.nixosModules.sops - ./locale.nix - ./nix.nix - ./openssh.nix - ./packages.nix - ] ++ (builtins.attrValues {}); +{ + inputs, + outputs, + config, + sops-nix, + ... +}: { + imports = + [ + # inputs.home-manager.nixosModules.home-manager + #inputs.sops-nix.nixosModules.sops + ./locale.nix + ./nix.nix + ./openssh.nix + ./packages.nix + ] + ++ (builtins.attrValues {}); # home-manager.extraSpecialArgs = { inherit inputs outputs; }; TODO Home-manager diff --git a/nixos/hosts/common/nixos/locale.nix b/nixos/hosts/common/nixos/locale.nix index a96135a..05ecce3 100644 --- a/nixos/hosts/common/nixos/locale.nix +++ b/nixos/hosts/common/nixos/locale.nix @@ -1,4 +1,4 @@ -{ lib, ... }: { +{lib, ...}: { i18n = { defaultLocale = lib.mkDefault "en_US.UTF-8"; }; diff --git a/nixos/hosts/common/nixos/nix.nix b/nixos/hosts/common/nixos/nix.nix index a0bece8..d881d07 100644 --- a/nixos/hosts/common/nixos/nix.nix +++ b/nixos/hosts/common/nixos/nix.nix @@ -1,8 +1,11 @@ -{ inputs, lib, ... }: { + inputs, + lib, + ... +}: { nix = { settings = { - experimental-features = [ "nix-command" "flakes" ]; + experimental-features = ["nix-command" "flakes"]; }; gc = { automatic = true; diff --git a/nixos/hosts/common/nixos/openssh.nix b/nixos/hosts/common/nixos/openssh.nix index 41380ae..7247225 100644 --- a/nixos/hosts/common/nixos/openssh.nix +++ b/nixos/hosts/common/nixos/openssh.nix @@ -1,11 +1,12 @@ -{ outputs, lib, config, ... }: - -let +{ + outputs, + lib, + config, + ... +}: let inherit (config.networking) hostName; hosts = outputs.nixosConfigurations; - -in -{ +in { services.openssh = { enable = true; settings = { diff --git a/nixos/hosts/common/nixos/packages.nix b/nixos/hosts/common/nixos/packages.nix index bc75e3c..91a0133 100644 --- a/nixos/hosts/common/nixos/packages.nix +++ b/nixos/hosts/common/nixos/packages.nix @@ -1,5 +1,9 @@ -{ config, pkgs, lib, ... }: { + config, + pkgs, + lib, + ... +}: { environment.systemPackages = with pkgs; [ bat jq @@ -10,13 +14,14 @@ git dnsutils nvd + gh # TODO Move - nixpkgs-fmt - nil - gh - sops ]; - + programs.direnv = { + # TODO move to home-manager + enable = true; + nix-direnv.enable = true; + }; programs.mtr.enable = true; } diff --git a/nixos/hosts/common/nixos/users/truxnell/default.nix b/nixos/hosts/common/nixos/users/truxnell/default.nix index 8af66c1..cbada4f 100644 --- a/nixos/hosts/common/nixos/users/truxnell/default.nix +++ b/nixos/hosts/common/nixos/users/truxnell/default.nix @@ -1,24 +1,29 @@ -{ pkgs, config, ... }: -let ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; -in { + pkgs, + config, + ... +}: let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; +in { users.users.truxnell = { isNormalUser = true; shell = pkgs.fish; # passwordFile = config.sops.secrets.taylor-password.path; # initialHashedPassword = ""; # TODO add key - extraGroups = [ - "wheel" - ] ++ ifTheyExist [ - "network" - "samba-users" - ]; + extraGroups = + [ + "wheel" + ] + ++ ifTheyExist [ + "network" + "samba-users" + ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home" ]; - packages = [ pkgs.home-manager ]; + packages = [pkgs.home-manager]; }; # home-manager.users.taylor = import ../../../../../home-manager/taylor_${config.networking.hostName}.nix; TODO home-manager? diff --git a/nixos/hosts/common/optional/chrony.nix b/nixos/hosts/common/optional/chrony.nix index a6f961d..261f0ab 100644 --- a/nixos/hosts/common/optional/chrony.nix +++ b/nixos/hosts/common/optional/chrony.nix @@ -1,6 +1,11 @@ -{ inputs, outputs, config, ... }: { +{ + inputs, + outputs, + config, + ... +}: { # Time - networking.timeServers = [ "10.8.10.1" ]; + networking.timeServers = ["10.8.10.1"]; services.chrony = { enable = true; }; diff --git a/nixos/hosts/common/optional/cloudflare-dyndns.nix b/nixos/hosts/common/optional/cloudflare-dyndns.nix index 4cba325..03142ed 100644 --- a/nixos/hosts/common/optional/cloudflare-dyndns.nix +++ b/nixos/hosts/common/optional/cloudflare-dyndns.nix @@ -1,5 +1,8 @@ -{ config, lib, ... }: { - +{ + config, + lib, + ... +}: { # Current nixpkgs cf-ddns only supports using a env file for the apitoken # but not for domains, which makes them hard to find. # To circumvent this, I put both in the 'apiTokenFile' var @@ -13,8 +16,7 @@ config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".sopsFile = ./cloudflare-dyndns.sops.yaml; # Restart when secret changes - config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ]; - + config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = ["cloudflare-dyndns"]; # Cloudflare dynamic dns to keep my DNS records pointed at home config.services.cloudflare-dyndns = { @@ -22,11 +24,6 @@ ipv6 = false; proxied = true; apiTokenFile = config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".path; - domains = [ ]; + domains = []; }; - } - - - - diff --git a/nixos/hosts/common/optional/dnscrypt-proxy2.nix b/nixos/hosts/common/optional/dnscrypt-proxy2.nix index 5204121..30359a1 100644 --- a/nixos/hosts/common/optional/dnscrypt-proxy2.nix +++ b/nixos/hosts/common/optional/dnscrypt-proxy2.nix @@ -1,14 +1,18 @@ # Ref: https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2 - -{ inputs, outputs, pkgs, config, ... }: { - +{ + inputs, + outputs, + pkgs, + config, + ... +}: { # Disable resolvd to ensure it doesnt re-write /etc/resolv.conf config.services.resolved.enable = false; # Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt # causing a risk of no dns if service fails. config.networking = { - nameservers = [ "10.8.10.1" ]; # TODO make varible IP + nameservers = ["10.8.10.1"]; # TODO make varible IP dhcpcd.extraConfig = "nohook resolv.conf"; }; @@ -18,7 +22,7 @@ config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444"; # This is world-readable but theres nothing security related in the file # Restart dnscrypt when secret changes - config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = [ "dnscrypt-proxy2" ]; + config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = ["dnscrypt-proxy2"]; config.services.dnscrypt-proxy2 = { enable = true; @@ -26,7 +30,7 @@ require_dnssec = true; forwarding_rules = config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path; - server_names = [ "NextDNS-f6fe35" ]; + server_names = ["NextDNS-f6fe35"]; static = { "NextDNS-f6fe35" = { diff --git a/nixos/hosts/common/optional/editors/vscode/default.nix b/nixos/hosts/common/optional/editors/vscode/default.nix index 84840d9..fcbe88d 100644 --- a/nixos/hosts/common/optional/editors/vscode/default.nix +++ b/nixos/hosts/common/optional/editors/vscode/default.nix @@ -1,138 +1,137 @@ -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { # Enable vscode & addons environment.systemPackages = with pkgs; [ (vscode-with-extensions.override { vscode = vscodium; - vscodeExtensions = with vscode-extensions; [ - bbenoist.nix + vscodeExtensions = with vscode-extensions; + [ + bbenoist.nix + ] + ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ + { + name = "prettier-vscode"; + publisher = "esbenp"; + version = "10.1.0"; + sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9"; + } - ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ + { + name = "vscode-docker"; + publisher = "ms-azuretools"; + version = "1.28.0"; + sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0"; + } - { - name = "prettier-vscode"; - publisher = "esbenp"; - version = "10.1.0"; - sha256 = "01s0vi2h917mqfpdrhqhp2ijwkibw95yk2js0l587wvajbbry2s9"; - } + { + name = "gitlens"; + publisher = "eamodio"; + version = "14.7.0"; + sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy"; + } - { - name = "vscode-docker"; - publisher = "ms-azuretools"; - version = "1.28.0"; - sha256 = "0nmc3pdgxpmr6k2ksdczkv9bbwszncfczik0xjympqnd2k0ra9h0"; - } + { + name = "remote-containers"; + publisher = "ms-vscode-remote"; + version = "0.327.0"; + sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz"; + } - { - name = "gitlens"; - publisher = "eamodio"; - version = "14.7.0"; - sha256 = "07f9fryaci8lsrdahgll5yhlzf5rhscpy1zd258hi211ymvkxlmy"; - } + { + name = "remote-ssh"; + publisher = "ms-vscode-remote"; + version = "0.107.1"; + sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf"; + } - { - name = "remote-containers"; - publisher = "ms-vscode-remote"; - version = "0.327.0"; - sha256 = "0asswm55bx5gpz08cgpmgfvnb0494irj0gsvzx5nwknqfzpj07lz"; - } + { + name = "vscode-yaml"; + publisher = "redhat"; + version = "1.14.0"; + sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944"; + } - { - name = "remote-ssh"; - publisher = "ms-vscode-remote"; - version = "0.107.1"; - sha256 = "1q9xp8id9afhjx67zc7a61zb572f296apvdz305xd5v4brqd9xrf"; - } + { + name = "todo-tree"; + publisher = "gruntfuggly"; + version = "0.0.226"; + sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn"; + } - { - name = "vscode-yaml"; - publisher = "redhat"; - version = "1.14.0"; - sha256 = "0pww9qndd2vsizsibjsvscz9fbfx8srrj67x4vhmwr581q674944"; - } + { + name = "path-autocomplete"; + publisher = "ionutvmi"; + version = "1.25.0"; + sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb"; + } + { + name = "even-better-toml"; + publisher = "tamasfe"; + version = "0.19.2"; + sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14"; + } + { + name = "linter"; + publisher = "fnando"; + version = "0.0.19"; + sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g"; + } - { - name = "todo-tree"; - publisher = "gruntfuggly"; - version = "0.0.226"; - sha256 = "0yrc9qbdk7zznd823bqs1g6n2i5xrda0f9a7349kknj9wp1mqgqn"; - } + { + name = "catppuccin-vsc"; + publisher = "catppuccin"; + version = "3.11.0"; + sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d"; + } - { - name = "path-autocomplete"; - publisher = "ionutvmi"; - version = "1.25.0"; - sha256 = "0jjqh3p456p1aafw1gl6xgxw4cqqzs3hssr74mdsmh77bjizcgcb"; - } + { + name = "catppuccin-vsc-icons"; + publisher = "catppuccin"; + version = "1.8.0"; + sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z"; + } - { - name = "even-better-toml"; - publisher = "tamasfe"; - version = "0.19.2"; - sha256 = "0q9z98i446cc8bw1h1mvrddn3dnpnm2gwmzwv2s3fxdni2ggma14"; - } + { + name = "nix-ide"; + publisher = "jnoortheen"; + version = "0.2.2"; + sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg"; + } - { - name = "linter"; - publisher = "fnando"; - version = "0.0.19"; - sha256 = "13bllbxd7sy4qlclh37qvvnjp1v13al11nskcf2a8pmnmj455v4g"; - } + { + name = "vscode-swissknife"; + publisher = "luisfontes19"; + version = "1.8.1"; + sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c"; + } - { - name = "catppuccin-vsc"; - publisher = "catppuccin"; - version = "3.11.0"; - sha256 = "12bzx1pv9pxbm08dhvl8pskpz1vg2whxmasl0qk2x54swa2rhi4d"; - } + { + name = "pre-commit-helper"; + publisher = "elagil"; + version = "0.5.0"; + sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj"; + } - { - name = "catppuccin-vsc-icons"; - publisher = "catppuccin"; - version = "1.8.0"; - sha256 = "12sw9f00vnmppmvhwbamyjcap3acjs1f67mdmyv6ka52mav58z8z"; - } + { + name = "sops-edit"; + publisher = "shipitsmarter"; + version = "1.0.0"; + sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4"; + } - { - name = "nix-ide"; - publisher = "jnoortheen"; - version = "0.2.2"; - sha256 = "1264027sjh9a112si0y0p3pk3y36shj5b4qkpsj207z7lbxqq0wg"; - } - - { - name = "vscode-swissknife"; - publisher = "luisfontes19"; - version = "1.8.1"; - sha256 = "1rpk8zayzkn2kg4jjdd2fy6xl50kib71dqg73v46326cr4dwxa7c"; - } - - { - name = "pre-commit-helper"; - publisher = "elagil"; - version = "0.5.0"; - sha256 = "05cs1ndnha9dgv1ys23z81ajk300wpixqmks0lfmrj1zwyjg2wlj"; - } - - { - name = "sops-edit"; - publisher = "shipitsmarter"; - version = "1.0.0"; - sha256 = "0b2z9khiwrpf6gxdb9y315ayqkibvgixmvx82in5rlp8pndb6sq4"; - } - - { - name = "json5-for-vscode"; - publisher = "tudoudou"; - version = "0.0.3"; - sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w"; - } - - ]; + { + name = "json5-for-vscode"; + publisher = "tudoudou"; + version = "0.0.3"; + sha256 = "1d1c18mr91ll5fsp0l0aszyi7nx0ad352ssm0fm40z81m4dmzm0w"; + } + ]; }) ]; } diff --git a/nixos/hosts/common/optional/editors/vscode/extensions.nix b/nixos/hosts/common/optional/editors/vscode/extensions.nix index e2c78a9..0327f7f 100644 --- a/nixos/hosts/common/optional/editors/vscode/extensions.nix +++ b/nixos/hosts/common/optional/editors/vscode/extensions.nix @@ -1,12 +1,7 @@ # Warning, this file is autogenerated by nix4vscode. Don't modify this manually. - -{ pkgs }: - -let +{pkgs}: let vscode-utils = pkgs.vscode-utils; -in -{ - +in { "ms-python"."python" = vscode-utils.extensionFromVscodeMarketplace { name = "python"; publisher = "ms-python"; diff --git a/nixos/hosts/common/optional/firefox.nix b/nixos/hosts/common/optional/firefox.nix index 69dac8a..4bf4797 100644 --- a/nixos/hosts/common/optional/firefox.nix +++ b/nixos/hosts/common/optional/firefox.nix @@ -1,8 +1,10 @@ -{ config, pkgs, lib, ... }: { - + config, + pkgs, + lib, + ... +}: { programs.firefox = { enable = true; }; - -} \ No newline at end of file +} diff --git a/nixos/hosts/common/optional/gnome.nix b/nixos/hosts/common/optional/gnome.nix index 2484ca3..7b804d9 100644 --- a/nixos/hosts/common/optional/gnome.nix +++ b/nixos/hosts/common/optional/gnome.nix @@ -1,6 +1,9 @@ -{ config, pkgs, lib, ... }: - { + config, + pkgs, + lib, + ... +}: { # Ref: https://nixos.wiki/wiki/GNOME # GNOME plz @@ -12,32 +15,32 @@ defaultSession = "gnome"; # TODO move to config overlay autoLogin.user = "truxnell"; # TODO move to config overlay }; - layout = "us"; # `localctl` will give you + layout = "us"; # `localctl` will give you }; - # And dconf programs.dconf.enable = true; # dconf write /org/gnome/mutter/experimental-features "['scale-monitor-framebuffer']" # Exclude default GNOME packages that dont interest me. - environment.gnome.excludePackages = (with pkgs; [ - gnome-photos - gnome-tour - ]) ++ (with pkgs.gnome; [ - cheese # webcam tool - gnome-music - gnome-terminal - gedit # text editor - epiphany # web browser - geary # email reader - evince # document viewer - gnome-characters - totem # video player - tali # poker game - iagno # go game - hitori # sudoku game - atomix # puzzle game - ]); - + environment.gnome.excludePackages = + (with pkgs; [ + gnome-photos + gnome-tour + ]) + ++ (with pkgs.gnome; [ + cheese # webcam tool + gnome-music + gnome-terminal + gedit # text editor + epiphany # web browser + geary # email reader + evince # document viewer + gnome-characters + totem # video player + tali # poker game + iagno # go game + hitori # sudoku game + atomix # puzzle game + ]); } diff --git a/nixos/hosts/common/optional/maddy.conf b/nixos/hosts/common/optional/maddy.conf index 944f47a..1fdc16d 100644 --- a/nixos/hosts/common/optional/maddy.conf +++ b/nixos/hosts/common/optional/maddy.conf @@ -27,4 +27,4 @@ target.smtp remote_smtp { require_tls yes auth plain {env:SMTP_USERNAME} {env:SMTP_PASSWORD} targets tls://{env:SMTP_SERVER}:{env:SMTP_PORT} -} \ No newline at end of file +} diff --git a/nixos/hosts/common/optional/maddy.nix b/nixos/hosts/common/optional/maddy.nix index 55d3647..f233584 100644 --- a/nixos/hosts/common/optional/maddy.nix +++ b/nixos/hosts/common/optional/maddy.nix @@ -1,5 +1,9 @@ -{ inputs, outputs, config, ... }: { - +{ + inputs, + outputs, + config, + ... +}: { # init secret config.sops.secrets."system/mail/maddy/envFile" = { sopsFile = ./maddy.sops.yaml; @@ -8,15 +12,12 @@ }; # Restart dnscrypt when secret changes - config.sops.secrets."system/mail/maddy/envFile".restartUnits = [ "maddy" ]; + config.sops.secrets."system/mail/maddy/envFile".restartUnits = ["maddy"]; - - # + # config.services.maddy = { enable = true; - secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ]; + secrets = [config.sops.secrets."system/mail/maddy/envFile".path]; config = builtins.readFile ./maddy.conf; - }; - } diff --git a/nixos/hosts/common/optional/monitoring.nix b/nixos/hosts/common/optional/monitoring.nix index f504edd..2852b8d 100644 --- a/nixos/hosts/common/optional/monitoring.nix +++ b/nixos/hosts/common/optional/monitoring.nix @@ -1,6 +1,9 @@ -{ config, pkgs, lib, ... }: - { + config, + pkgs, + lib, + ... +}: { services.prometheus.exporters = { node = { enable = true; @@ -20,10 +23,9 @@ enable = true; }; }; - + networking.firewall.allowedTCPPorts = [ config.services.prometheus.exporters.node.port config.services.prometheus.exporters.smartctl.port ]; - -} \ No newline at end of file +} diff --git a/nixos/hosts/common/optional/sops-nix.nix b/nixos/hosts/common/optional/sops-nix.nix index 278907d..234b4be 100644 --- a/nixos/hosts/common/optional/sops-nix.nix +++ b/nixos/hosts/common/optional/sops-nix.nix @@ -1,7 +1,11 @@ -{ inputs, outputs, config, ... }: { - # SOPS settings +{ + inputs, + outputs, + config, + ... +}: { + # SOPS settings # https://github.com/Mic92/sops-nix - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; } diff --git a/nixos/hosts/nixosvm/default.nix b/nixos/hosts/nixosvm/default.nix index 88f68ff..8a63638 100644 --- a/nixos/hosts/nixosvm/default.nix +++ b/nixos/hosts/nixosvm/default.nix @@ -1,31 +1,30 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ config, lib, pkgs, ... }: - { - imports = - [ - # Host-specific - ./hardware-configuration.nix + config, + lib, + pkgs, + ... +}: { + imports = [ + # Host-specific + ./hardware-configuration.nix - # Common imports - ../common/nixos - ../common/nixos/users/truxnell - ../common/optional/fish.nix - ../common/optional/monitoring.nix - ../common/optional/reboot-required.nix - ../common/optional/dnscrypt-proxy2.nix - ../common/optional/gnome.nix - ../common/optional/editors/vscode - ../common/optional/firefox.nix - ../common/optional/sops-nix.nix - ../common/optional/cloudflare-dyndns.nix - ../common/optional/maddy.nix - - - ]; + # Common imports + ../common/nixos + ../common/nixos/users/truxnell + ../common/optional/fish.nix + ../common/optional/monitoring.nix + ../common/optional/reboot-required.nix + ../common/optional/dnscrypt-proxy2.nix + ../common/optional/gnome.nix + ../common/optional/editors/vscode + ../common/optional/firefox.nix + ../common/optional/sops-nix.nix + ../common/optional/cloudflare-dyndns.nix + ../common/optional/maddy.nix + ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -51,9 +50,6 @@ # Enable the X11 windowing system. # services.xserver.enable = true; - - - # Configure keymap in X11 # services.xserver.xkb.layout = "us"; # services.xserver.xkb.options = "eurosign:e,caps:escape"; @@ -68,7 +64,6 @@ # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; @@ -107,6 +102,4 @@ # # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; # Did you read the comment? - } - diff --git a/nixos/hosts/nixosvm/hardware-configuration.nix b/nixos/hosts/nixosvm/hardware-configuration.nix index b810a76..78909f9 100644 --- a/nixos/hosts/nixosvm/hardware-configuration.nix +++ b/nixos/hosts/nixosvm/hardware-configuration.nix @@ -1,30 +1,31 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - { - imports = [ ]; + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = []; - boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ata_piix" "mptspi" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-amd"]; + boot.extraModulePackages = []; - fileSystems."/" = - { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-label/boot"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "vfat"; + }; - swapDevices = - [{ device = "/dev/sda2"; }]; + swapDevices = [{device = "/dev/sda2";}]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -37,6 +38,4 @@ virtualisation.vmware.guest.enable = true; virtualisation.virtualbox.guest.enable = true; virtualisation.virtualbox.guest.x11 = true; - - } diff --git a/nixos/hosts/playground/default.nix b/nixos/hosts/playground/default.nix index 1de1b7d..3b27774 100644 --- a/nixos/hosts/playground/default.nix +++ b/nixos/hosts/playground/default.nix @@ -1,7 +1,9 @@ -{ config, lib, ... }: - { - imports = [ ./playground.nix ]; + config, + lib, + ... +}: { + imports = [./playground.nix]; boot.isContainer = true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; networking = { diff --git a/nixos/hosts/playground/playground.nix b/nixos/hosts/playground/playground.nix index 4ff0c98..ebeafe6 100644 --- a/nixos/hosts/playground/playground.nix +++ b/nixos/hosts/playground/playground.nix @@ -1,3 +1,8 @@ -{ config, pkgs, lib, inputs, outputs, ... }: - -{ } +{ + config, + pkgs, + lib, + inputs, + outputs, + ... +}: {} diff --git a/nixos/overlays/default.nix b/nixos/overlays/default.nix index 9240c95..a9ff0b7 100644 --- a/nixos/overlays/default.nix +++ b/nixos/overlays/default.nix @@ -1,5 +1,4 @@ -{ inputs, ... }: -{ +{inputs, ...}: { unstable-packages = final: _prev: { unstable = import inputs.nixpkgs-unstable { system = final.system; diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..459fe9c --- /dev/null +++ b/shell.nix @@ -0,0 +1,26 @@ +# Shell for bootstrapping flake-enabled nix and other tooling +{ + pkgs ? + # If pkgs is not defined, instanciate nixpkgs from locked commit + let + lock = + (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked; + nixpkgs = fetchTarball { + url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz"; + sha256 = lock.narHash; + }; + in + import nixpkgs {overlays = [];}, + ... +}: +pkgs.mkShell { + NIX_CONFIG = "extra-experimental-features = nix-command flakes repl-flake"; + nativeBuildInputs = with pkgs; [ + nixpkgs-fmt + nil + sops + pre-commit + go-task + alejandra + ]; +}